Official Phonebook Discussion

Solved! Fun challenge :slight_smile:
Every hint you need is already in this thread. But you can DM.

Itā€™s really easy once you know what technique to use. I had never heard of it before so never would have got there without a nudge from alyslon. Now that I know what it is I can see how the message on the main page is a hint.

Type your comment> @Hilbert said:

Itā€™s really easy once you know what technique to use. I had never heard of it before so never would have got there without a nudge from alyslon. Now that I know what it is I can see how the message on the main page is a hint.

Can you help me out pls. I donā€™t seem to get it.

I found an other page and stuck there. I dont know how to bypass login page. Can someone give me a hint please?

Nice challenge, learned new things. Feel free to DM for hints.

I also found the other page but am stuck even after reading this thread over and over. Please hint me up :slight_smile: Thanks.

Can anyone help me out? PM?

One entire day thinking and trying to figure out how to get the flag and still donā€™t got itā€¦
Iā€™ve bypass the login page, find the s***** page, created a python script, but always get Access Denied, I still donā€™t have the phone book list or anything.
Iā€™m pretty lost here, please give me a light !

I finally made it (with a few hints and DMs).

@Icyb3r said:
Hint:
First page has everything you need.

and

@vajkdry said:
Think more about how you bypassed the first step.

You really need to focus on the first page and try stuff, donā€™t waste time on other things.

Really nice challenge, I learned a lot !

(Also if you need some help, feel free to DM)

still iā€™m stuck at search page. tried every possible ways from hint. Can anyone please give hint, what to approach?

Hi, Iā€™m very new to this and I try to learn as much as I can. So Iā€™m still stuck at the login page. I managed to find the X** but I donā€™t know how to proceed after. Any hint in DM would be highly appreciated.

As stated in the comments, everything that is needed to solve this challenge is on the first page. And so did I succesfully.

However may I ask if someone was able to successfully exploit the s****** api as well. If so I would be interested in a dm to shortly discuss this. Thanks

I am stuck. DM please with hintā€¦=(((

I found the X** but nothing else. Please help.
Great Challenge learned something new.
Tip: Donā€™t overthink it.
PM if You need help.

Based on some of the hints here, which are actually pretty clever, iā€™m assuming the solution to get the first foothold is to ***** o**e with something like h***

Figured out where my bad assumptions were, and learned something new.

Can someone dm me a hint please? Iā€™m still stuck getting past the login page.

Solved this with final hint from oscrx. Thank you. Getting the content of the phonebook is not the end of challenge. I was so confused on what to do after it.

Found the x** in the first page, not sure what to use it for, tried to redirect to the s***** page I am stuck with 4** code error, also tried to bruteforce the credentials with the obvious username, but havenā€™t found anything yet, If anyone can give me a hint in DM Iā€™d appreciate that

Stuck on the login page. Any hints would be very appreciated, thanks :slight_smile:

I found the second page, found the possible x** in first page, I know the ā€œNewā€ was a hint, but Iā€™m still stuck.
If anyone can give me a hint in DM, Iā€™ll be grateful :slight_smile: