Official Phonebook Discussion

Help, please give some hint.

Type your comment> @LaxusSlayer said:

Hi can anyone help me? All day in this challenge and nothing y dont have anything except x** in main page. I made multiple common attacks but nothing.

Pd. I speak english and spanis

i don’t know if it can help you but have you find the second page ?

done
nice one!

Looking for hints im stuck step bro

Finally pwend. Take me a lot of time due a didn’t know the main topics about this challenge. I think they have much what is commonly called dissociative controls in information security. Each control (for mean it a way ) took me two or four hours. I think that overthink, but Its worthy because learn a lot of topics a new concepts and upgrade my arsenal.

Type your comment> @bander said:

@scr1pti3 said:

I managed to bypass the login… But I don’t get why. why does that special characters work, can you dm me an explanation.

Read about l**p

Hola mate, could you give me a hint what that short stands for, having trouble to understand the reason behind that special marks.

Hi,

Completely stuck with this one.

I have a loginpage and a seccond page. And the same pages in a different directory.

at the end point of the X request I keep getting a forbidden. Already played with the headers etc. But unfortunately nothing at all. Is a successful login a must or is the bypass sufficient?

I would like to receive a tip in the right direction. The tips already given are confusing rather than enlightening

the whole challenge is related only with first page, just try to bypass login page by injection and try to guess the password

I need help. I am stuck at the login page

Can someone DM me instructions? I am new at this

Error EOF in pag s*****
help

Got past the log in page. No idea what to do next…any help?

Type your comment> @rancilio said:

Got past the log in page. No idea what to do next…any help?

check how did you pass the login then try to guess username and password

Spoiler Removed

Will brutefore or xss will help in this

i have found another page with a search field but it shows nothing

Spoiler Removed

@annomy said:

try this out

This challenge is still active. It is a breach of HTB’s Terms of Use to publish walkthroughs of active challenges/boxes.

I was able to query the phonebook, but I’m a little stumped on what the next step is here?

Type your comment> @davissp14 said:

I was able to query the phonebook, but I’m a little stumped on what the next step is here?

As am i. It’d be a lot easier to have an end goal of where i might find the flag… Is the page after login relevant at all?

Type your comment> @Mattigins said:

Type your comment> @davissp14 said:

I was able to query the phonebook, but I’m a little stumped on what the next step is here?

As am i. It’d be a lot easier to have an end goal of where i might find the flag… Is the page after login relevant at all?

Nope,

Can be useful for verifying a user, but not really.

See what you have and what you can do with it. Maybe a little scripting can help you further