What is it? @.@

Here is the place where I record some tactics about wargame, systems, and other security issues.


Hack This Site! - Basic 11


Sam decided to make a music site. Unfortunately he does not understand Apache. This mission is a bit harder than the other basics.

Level 11

I love my music! "Crazy Water" is the best!
I love my music! "Border Song" is the best!
I love my music! "Restless " is the best!

  1. Each time when you visit the URL: hxxp://www.hackthissite.org/missions/basic/11/ , you get different songs displayed on the page.
  2. After guessing, you will find out the page is "index.html", and if you appends "index.php" to the URL you will get a password input FORM.
  3. From the hint, you know there must be something misconfigured in Apache. And HTS also leave a HTML comment for you like below.
    < !--We even have our own collection - if you could find it!-- >
  4. Google these songs, you'll discover that these songs were performed by Elton John.
  5. I admit that I am lucky to find out that the directory listing/indexing functionality was enabled in Apache by appending directory e/ to the URL occasionally.
  6. So, just follow the link and you will fetch a final directory that may seem empty.
  7. With a little bit of googling, I believe you maybe notice that there's a approach to disable directory indexing, i.e., using ".htaccess" file. (http://en.wikipedia.org/wiki/Htaccess)
  8. Access the file directly
  9. There's the text on the page.
    IndexIgnore DaAnswer.* .htaccess
    < files .htaccess=".htaccess">
    order allow,deny
    allow from all
    </ files>
  10. Now you know the password is stored in DaAnswer.* file.
  11. There's the text on the page.
    The answer is available! Just look a little harder.
  12. Yes, the password is "available".    o.0
  13. Back to the level page and submit the password
  14. You have already done this. Go on.