Javascript 16. Solved but...

hello, good morning,

I have several passwords that checksums correctly, 12 chars… I bruteforced that with a multithreaded Python program in 2-3 hours. 69 threads. When trying to submit the results, checksums ok with the javascript code, but php code rejects the passwords.

I missed something? What to do now? Thanks.

Excellent website, by the way, Im learning a lot here.

Well, the original password of this challenge is kinda funny… I mean, you can find it in the forums reading carefully, I remember a discussion with Rex_Mundi that made me rofl because I solved the challenge like you are doing and he guessed it in 3 goes! That was awesome…

Now, back on topic, you are on the right track but maybe you are missing something on your code or you are getting a false positive (don't know how though). I've coded it in c++ and in 58 seconds and 88 tenths with 1574392 iterations I got the answer… actually there are loads of correct answers.

If you want feel free to pm me and I'll help you on that thumbs up

hi, mr cyph3r,

My password has the following chars that maybe are causing some trouble. & and space, 12 chars, the rest are a mix of digit-alpha chars. Do you think are causing trouble? I have a checker in python with similar code as the javascript and my code & password passes the js check. I tried urlencoding the url and encoding it as base64. No way. Being a & and GET petition, maybe its getting half the string as another parm, I think, but dont know for sure. Thanks

Well, the two chars you have are part of the charset and if you parse them you get a checksum… so, in my opinion that's not the problem.

What you say about '&' in the url is right but maybe you are over complicating things… do you really need to change the url? You simply need to get a valid string and submit it using the form, you can do it manually since it is not a timed challenge. Thus you don't need url params and encodings.

If the problem persist it is possible that you are doing a mistake converting javascript to python code… I often run into problems like this, usually the error is so small that you struggle a lot to find it.

Let me know.

Yes, it was the & char and the GET. I submitted another response withouth the & and it worked. My programs are working OK. You must evade the & char to submit correctly the response.

Thanks, anyway for your responses, MrCyph3r.

Haha yeah, you are perfectly right man… When I posted my thoughts yesterday I was relying on my memory cause I was at work without access to the challenge. Now I've checked the source code and I see that you are damn right. I'm sorry for that, but anyway I'm glad that you've managed to complete the challenge… congrats!