Official Phonebook Discussion

Official discussion thread for Phonebook. Please do not post any spoilers or big hints.

Just think about what might be behind what you see, and think about how it works. This should be enough for this challenge!

i found two things that seem to point behind things so far, but haven’t been able to turn them into anything useful yet. I have the whole addressbook though! Haha.

I must be missing something obvious…

I found a X** on the login page, also found another web page, however I can’t find anything valuable yet.

Type your comment> @Gorka said:

I found a X** on the login page, also found another web page, however I can’t find anything valuable yet.

Yeah me too , but i also found the s***** page but stuck at the 4** response code.

Read the first hints you already saw. Then re-read them. You need to figure out one name of technology that is in play.

Got it. Once I realized the name of what I needed to do I wrote a small python script (31 lines including blank lines and imports) and got the flag.

Great challenge, I would say that the second page provides a valuable hint.

Okay, I’ve been paying close attention to this forum while throwing my limited knowledge at this challenge. I just can’t seem to be able to figure out what is behind. So I’ve found certain characters effect the first page but cannot develop a good payload, and any requests on the second are blocked no matter what I throw.

Any further hints would be greatly appreciated…

Any further hints would be greatly appreciated…

I’ll send you dm.

I managed to circumvent the login page.
But when I try to perform a search in the phonebook, then I (of course) get an Access Denied.
I wonder how the authentication is supposed to work… I’ll let it sit and linger a bit.

Well, I found the search page, but I got stuck in it.
I’m looking for tutorials on the internet on how to bypass forbidden … but I feel that this is not the correct way …
Can you help me with a link to know a new technique?
not spoiler just link for me to learn a technique that I don’t know.

it’s possible?

Glueing something together clearly doesn’t work for me. So it’s not h*** s********.
Using different h******* doesn’t want me to show anything new…
Is this message about credentials a rabbit hole?
I need a break.

The message isn’t a rabbit hole :). Think about how this could be implemented…

I’m stuck at the phonebook page. Can anyone dm me some hint?

I’ll send some dms because there are so many hints already in the service and it’s hard not to spoil…

I’ve found the s°°°° page and i am also stuck at the 4°° message
I am really clueless about what’s next, someone got a smoll hint?

stuck in second page and s**** function, always got 4** error code…
did i miss something?

stuck in second page and s**** function, always got 4** error code…
did i miss something?

Think more about how you bypassed the first step. For me it was useful to actually write the thing down and try to play more with it.

should a cookie or token be set to access the s***** page?

got the whole phonebook…
is there anything else there?

it seems i cant find any valuable things there, just some name, email, and phone number