Official Phonebook Discussion

Type your comment> @davissp14 said:

I was able to query the phonebook, but I’m a little stumped on what the next step is here?

As am i. It’d be a lot easier to have an end goal of where i might find the flag… Is the page after login relevant at all?

Type your comment> @Mattigins said:

Type your comment> @davissp14 said:

I was able to query the phonebook, but I’m a little stumped on what the next step is here?

As am i. It’d be a lot easier to have an end goal of where i might find the flag… Is the page after login relevant at all?

Nope,

Can be useful for verifying a user, but not really.

See what you have and what you can do with it. Maybe a little scripting can help you further

someone dm some hint first page give me nothing second return 4xx

Type your comment> @scr1pti3 said:

Type your comment> @bander said:

Type your comment> @scr1pti3 said:

Type your comment> @bander said:

Hey, I just passed login page and got the whole phonebook, but i can’t retrieve the flag from it, any hints?

can you dm me how you passed the login page?

Hint: Just Focus Special Characters

I managed to bypass the login… But I don’t get why. why does that special characters work, can you dm me an explanation.

I managed to get past the login as a complete fluke. Would love a DM that explains how/why that works…

Finally, done. Had a good chuckle when it finally clicked. Overthinking really was the enemy.

Finally done and it’s so painfully obvious once you know the answer. I felt I broke down the door and rushed to rake the house for the treasure, when all this time, the treasure was in the shape of the key that unlocks the door.

Focus on how you broke through the login page and what information you can obtain using that same method.

I ended up writing a small program, to help me.

Lost so much time overthinking it hahha. Good challenge !

I need help. I am stuck at the login page. Can someone DM me a hint?

I need help. I am stuck at the login page. Can someone DM me a hint?

Hi,
If someone could DM me, I’ve got few questions
Thanks

This one has had me stumped for a week…

Sadly I am stuck at this one as well. Up to now I have:

  • found the s***** page, stuck with the 4** response, tried some bypassing stuff but no luck.
  • found certain chars that trip up the l**** page, but wasn’t able to get something out of it.
  • tried some x** at the l**** page, seems not so useful

I have only recently start CTF and really could use a nudge in the right direction, can someone with more experience DM me?

“oh my i am still stuck at the login page can someone give me hint? i figured it out we should do something with special characters but idk what should i use”
update : i get the user but now stuck at the privesc i know what should i do but idk what should i search :frowning:

If you have already got to another page, think about what data you were there with. Try to find out the full password from the user. To do this, you need to write a script.

The first part of this challenge is so simple yet so unconventional. I have no idea what type of attack vector it was even attempting to replicate.

That being said, the second part of the challenge is very beautiful in that it builds on itself in another (less) unconventional way.

hi can someone DM me for hint? still figuring out how to bypass login.

it’s very hard for me. please give more hint

AMAGAD AM r00t!! No wait…it’s lol.txt …

Hi, I stuck in the bypass login step. Could anybody give me a hint, really appreciate it.

the hints here seem to hinge on the assumption that the user bypassed the login in one specific way. but i’m getting the sense that the way i got past it isn’t the way some others in this thread have in mind, so now i’m just lost and don’t really know what to make of the hints. fwiw i bypassed the login without interacting with its fields at all

EDIT: problem solved, what a feeling, can at least get behind the simplest advice here: don’t overthink it, the answers really are staring you in the face