Official Phonebook Discussion

245

Comments

  • I've been stuck on the login screen for a while, probably overthinking it.
    If anyone could dm me a clearer hint that would be nice.

  • I'm also stuck, found the second page but I'm not able to do something useful with it. Could anyone provide a small hint via dm?

  • Got the phonebook, but now im stuck... Can someone give me a hint?

  • am stack at the login in page.....have tried like almost everything but nothing seems diff...please anyone who won't mind helping? dm please

  • I'm stack too. get 2 page, but i don't understand which one to focus on. please give me a hint for next step.

  • edited November 2020

    I was able to log in but am unsure what to focus on now. I would also appreciate that hint

    EDIT: finally got it! spend way to much time in rabbitholes that were not the first page.
    I have been combining some wild shit. PM me for some hints if this message was not enough for you.

  • Finally after 2 days stuck !!.. thank you, everything you need is on the first page.. just dont overthinking it.. !!!

  • Feels good to finally get that one. I spent too much time against one place until I rethought my approach. Fun python script to get it in the end.

  • Finally got it too! Send me a pm with your current findings if you need a pointer.

  • I'm stuck on the login page, can someone please help me?

  • Attempt # 6, still lost. Tried concentrating on the login page, but I'm apparently not seeing what other people are. a DM with a pointed hint would be appreciated.

  • I am still stuck on the login page. I have tried bypassing the login form but figure out what the backend is. Can someone please provide a hint?

  • Can someone please give me a hint?

  • Hello there ! Still stuck for this one ! Is it possible to provide any hint in DM ? Got the s**** page, but stuck with 4** response...

  • Of course many thanks in advance !

  • i feel like i'm overthinking this. Got past login, thinking similar method would apply to getting secret data or the flag, as well as tried some other stuff like cdinj****ion with no love. Anyone willing to DM me a nudge in the right direction? I know what was vuln for the login, looks like it should apply again to the search page, but IDK.

  • edited November 2020

    @initinfosec said:
    i feel like i'm overthinking this. Got past login, thinking similar method would apply to getting secret data or the flag, as well as tried some other stuff like cdinj****ion with no love. Anyone willing to DM me a nudge in the right direction? I know what was vuln for the login, looks like it should apply again to the search page, but IDK.

    Same here, bypassed the login page but now I'm struggling with the 4** error... I don't understand how I could apply the same logic to this page...

  • If anyone needs a hint feel free to DM me

  • Solved! Fun challenge :)
    Every hint you need is already in this thread. But you can DM.

  • It's really easy once you know what technique to use. I had never heard of it before so never would have got there without a nudge from alyslon. Now that I know what it is I can see how the message on the main page is a hint.

    Hilbert

  • Type your comment> @Hilbert said:

    It's really easy once you know what technique to use. I had never heard of it before so never would have got there without a nudge from alyslon. Now that I know what it is I can see how the message on the main page is a hint.

    Can you help me out pls. I don't seem to get it.

  • I found an other page and stuck there. I dont know how to bypass login page. Can someone give me a hint please?

  • Nice challenge, learned new things. Feel free to DM for hints.

  • I also found the other page but am stuck even after reading this thread over and over. Please hint me up :) Thanks.

  • Can anyone help me out? PM?

  • One entire day thinking and trying to figure out how to get the flag and still don't got it...
    I've bypass the login page, find the s***** page, created a python script, but always get Access Denied, I still don't have the phone book list or anything.
    I'm pretty lost here, please give me a light !

  • edited November 2020

    I finally made it (with a few hints and DMs).

    @Icyb3r said:
    Hint:
    First page has everything you need.

    and

    @vajkdry said:
    Think more about how you bypassed the first step.

    You really need to focus on the first page and try stuff, don't waste time on other things.

    Really nice challenge, I learned a lot !

    (Also if you need some help, feel free to DM)

  • still i'm stuck at search page. tried every possible ways from hint. Can anyone please give hint, what to approach?

  • Hi, I'm very new to this and I try to learn as much as I can. So I'm still stuck at the login page. I managed to find the X** but I don't know how to proceed after. Any hint in DM would be highly appreciated.

  • As stated in the comments, everything that is needed to solve this challenge is on the first page. And so did I succesfully.

    However may I ask if someone was able to successfully exploit the s****** api as well. If so I would be interested in a dm to shortly discuss this. Thanks

Sign In to comment.