hack this site basic 11

THIS BLOG HAS A NEW HOME WITH SOLUTIONS TO MORE HTS MISSIONS.

In this 11th mission we are dealing with a miss-configured music website, by appending “index.php” to the URL you get a page that asks you to enter the correct password that we don’t have … yet.

One thing that you may have noticed is that whenever you refresh the page you get a new song name, this may seem random but it’s not and with a little bit of googling you’ll notice that these songs were performed by elton john. Now that we know that, we have to find how the music collection is organized on the server, after many tries I found that the songs are organized in letter by letter directories, trying all the different possibilities is a waste of time because we already know where to look for our password, it’s in http://www.hackthissite.org/missions/basic/11/e/l/t/o/n/ but when you get there, this directory may seem empty, but actually it’s not, there is a hidden file in it and it’s named “.htaccess“, this file allows a directory level configuration of the web server (In this case Apache).  When you open the .htaccess file you’ll see this interesting instruction:
IndexIgnore DaAnswer.* .htaccess

this tells to the web server to exclude these two files from the directory listing. Now we know that our password in the “DaAnswer” file, when you open the file you’ll get something like

The answer is easy! Just look a little harder.

THE REMAINING OF THE SOLUTION IS AVAILABLE HERE.

Advertisements

About Nasreddine

Student.
This entry was posted in HackThisSite and tagged , , , , , , . Bookmark the permalink.

8 Responses to hack this site basic 11

  1. The DaMNeD says:

    Don’t understand what are you talking about here can you tell me, and dont take me for a crazy or anything in this way!!!!!

  2. isolatedsheep says:

    Got it!, thanks. /e/l/t/o/n doesn’t even passed my mind.. *sighs*

  3. u r a fat spoiler dood, at least give people some space to use their brains!

  4. Maro says:

    well … I can’t access the .htaccess file, I do write http://www.hackthissite.org/missions/basic/11/e/l/t/o/n/.htaccess in the address bar but I get an empty page >.<

  5. kiwi says:

    how do you go about finding the .htaccess in the first place? im trying to learn from this not just take and answer and run. so even once your in the http://www.hackthissite.org/missions/basic/11/e/l/t/o/n/ directory how do you find a hidden file? there is no where for commands and the source code doesn’t have it either

  6. hacker says:

    you need to update ur file the new answer for this site is “right here” (no quotes space included)

  7. New Guy says:

    It is currently “somewhere close”

Comments are closed.