Challenges SCORE 0 / 1200
// Challenge 04 / 05

Trust
No One

Medium Auth Bypass

This platform manages internal user accounts through an authenticated API. You have been granted basic access — but not all accounts are visible to you. Administrative accounts contain restricted information that is not meant to be exposed.

Objective: Find a way to retrieve all user accounts from the API, including those with elevated privileges. The flag is hidden inside one of them.