Official Phonebook Discussion

I finally made it (with a few hints and DMs).

@Icyb3r said:
Hint:
First page has everything you need.

and

@vajkdry said:
Think more about how you bypassed the first step.

You really need to focus on the first page and try stuff, don’t waste time on other things.

Really nice challenge, I learned a lot !

(Also if you need some help, feel free to DM)

still i’m stuck at search page. tried every possible ways from hint. Can anyone please give hint, what to approach?

Hi, I’m very new to this and I try to learn as much as I can. So I’m still stuck at the login page. I managed to find the X** but I don’t know how to proceed after. Any hint in DM would be highly appreciated.

As stated in the comments, everything that is needed to solve this challenge is on the first page. And so did I succesfully.

However may I ask if someone was able to successfully exploit the s****** api as well. If so I would be interested in a dm to shortly discuss this. Thanks

I am stuck. DM please with hint…=(((

I found the X** but nothing else. Please help.
Great Challenge learned something new.
Tip: Don’t overthink it.
PM if You need help.

Based on some of the hints here, which are actually pretty clever, i’m assuming the solution to get the first foothold is to ***** o**e with something like h***

Figured out where my bad assumptions were, and learned something new.

Can someone dm me a hint please? I’m still stuck getting past the login page.

Solved this with final hint from oscrx. Thank you. Getting the content of the phonebook is not the end of challenge. I was so confused on what to do after it.

Found the x** in the first page, not sure what to use it for, tried to redirect to the s***** page I am stuck with 4** code error, also tried to bruteforce the credentials with the obvious username, but haven’t found anything yet, If anyone can give me a hint in DM I’d appreciate that

Stuck on the login page. Any hints would be very appreciated, thanks :slight_smile:

I found the second page, found the possible x** in first page, I know the “New” was a hint, but I’m still stuck.
If anyone can give me a hint in DM, I’ll be grateful :slight_smile:

found the xss and the second page and tried to brut force the cridentials by using a burp simple list made of all the words that exists in the page but nothing works

Can someone dm me for help pls

i found the phonebook page (the one with the search bar and the submit button) but since i’m super new to ctf i have no idea of what to do next. can someone pm me?

Type your comment> @mahmoudEttou said:

found the xss and the second page and tried to brut force the cridentials by using a burp simple list made of all the words that exists in the page but nothing works

can anyone DM me with a hint please i cant send DMs yet

Hi all, I am stuck now. I’ve found two pages l**** and s*****, the X**. No luck with S**i and now I am trying to get some booze behind the borders. Any hints appreciated.

This was really fun! :slight_smile: Give me a DM if you need some help

I am super stuck on this one. Can someone DM me with some hints about the injection?

Been stuck with it for a while. I cant get to bypass the auth on the search page and also the login page seems pretty useless except the username but not sure how to use it. Can someone drop me a hint?