ExploitedStream

Hello!
I have very simple question: Do i need a dictionary to finish this challenge?
Or i need carefully read a challenge description?
Regards for all :slight_smile:

I’m just wondering your thought process on needing a dictionary @Kucharskov ? I haven’t solved it, so I dont know, but I’m curious why you were thinking that.

Actually, I tried several things with a very specific dictionary so far and did not receive anything printable yet. I still think that this should be how it’s solved.

@ysf why a dictionary?

Type your comment> @bipolarmorgan said:

@ysf why a dictionary?

Because a clue makes me think so :slight_smile:

ok, sorry to bother you, was just trying to understand your thinking.

I can update, solved it: You definitly need a special dictionary!

1 Like

I solved this via a dictionary/list as well. Was this the intended method?

I liked this challenge, finally forced me to learn some javascript.

This challenge is based on a real world case of a recently compromised npm package. And the technique used to solve this challenge is fairly similar to the first phase of the real one.
There is a very good youtube video about it that helped me find the correct approach.

Good one. Had to learn a few things about js and node. Used brute force for final step but that only took a few minutes.

Happy to help via PM if anyone is stuck.

As for me it was a little dumb task. Several strings for bruteforce and that’s it.

Did someone get it without brute?

I could use some help with the challenge. I can debug the script, I think I know where the different “outputs” are stored, but I can’t extract the text. Would anyone PM me so I could explain what I have done so far and what I am struggling against?
Thank you in advance.

EDIT: solved the challenge. Thanks to anyone who helped!

this challenge really great , force you to do some researches

Deobfuscate the script and lost my mind…any clues?

It looks like you need to have strong JS level to fix the bruteforce script as it is outdated.
Any other possibility to brute force ? (I mean without a JS script) I have all the data needed (dictionary + cipher).

I just used a shell script and openssl, not [node]js, to bruteforce.

Solved it. I have to admit that I was trying to brute-force the key by means of using some well-known dates. Finally, I understood that it should be easier and just solved it without brute-forcing really.

As someone has already said, node.js is not necessary AT all to solve this challenge.

Hi guys! I need your help. What sw can I use to brute force? THX!

socialkas you solved the challenge without brute-forcing. Do you say me something about? please

@anguzmar said:

I liked this challenge, finally forced me to learn some javascript.

This challenge is based on a real world case of a recently compromised npm package. And the technique used to solve this challenge is fairly similar to the first phase of the real one.
There is a very good youtube video about it that helped me find the correct approach.

Exactly!! That is exactly where i based the challenge from! Glad you found the origin :slight_smile:

This was a pretty cool challenge.
Hint: think outside the box and consider that sometimes we may leave notes to self :slight_smile: