Sam decided to make a music site. Unfortunately he does not understand Apache. This mission is a bit harder than the other basics.
Level 11
I love my music! "Crazy Water" is the best!
I love my music! "Border Song" is the best!
I love my music! "Restless " is the best!
...
Solution:
- Each time when you visit the URL: hxxp://www.hackthissite.org/missions/basic/11/ , you get different songs displayed on the page.
- After guessing, you will find out the page is "index.html", and if you appends "index.php" to the URL you will get a password input FORM.
- From the hint, you know there must be something misconfigured in Apache. And HTS also leave a HTML comment for you like below.
< !--We even have our own collection - if you could find it!-- >
- Google these songs, you'll discover that these songs were performed by Elton John.
- I admit that I am lucky to find out that the directory listing/indexing functionality was enabled in Apache by appending directory e/ to the URL occasionally.
- So, just follow the link and you will fetch a final directory that may seem empty.
hxxp://www.hackthissite.org/missions/basic/11/e/l/t/o/n/
- With a little bit of googling, I believe you maybe notice that there's a approach to disable directory indexing, i.e., using ".htaccess" file. (http://en.wikipedia.org/wiki/Htaccess)
- Access the file directly
Visit:
hxxp://www.hackthissite.org/missions/basic/11/e/l/t/o/n/.htaccess - There's the text on the page.
IndexIgnore DaAnswer.* .htaccess
< files .htaccess=".htaccess">
order allow,deny
allow from all
</ files> - Now you know the password is stored in DaAnswer.* file.
Visit:
hxxp://www.hackthissite.org/missions/basic/11/e/l/t/o/n/DaAnswer - There's the text on the page.
The answer is available! Just look a little harder.
- Yes, the password is "available". o.0
- Back to the level page and submit the password
- You have already done this. Go on.