One thing that you may have noticed is that whenever you refresh the page you get a new song name, this may seem random but it's not and with a little bit of googling you'll notice that these songs were performed by elton john. Now that we know that, we have to find how the music collection is organized on the server, after many tries I found that the songs are organized in letter by letter directories, trying all the different possibilities is a waste of time because we already know where to look for our password, it's in http://www.hackthissite.org/missions/basic/11/e/l/t/o/n/ but when you get there, this directory may seem empty, but actually it's not, there is a hidden file in it and it's named ".htaccess", this file allows a directory level configuration of the web server (In this case Apache). When you open the .htaccess file you'll see this interesting instruction:
IndexIgnore DaAnswer.* .htaccessthis tells to the web server to exclude these two files from the directory listing. Now we know that our password in the "DaAnswer" file, when you open the file you'll get something like
The answer is easy! Just look a little harder.You have to take it literally, cause in this case the answer is "easy" (without the quotes), now go to the index.php, submit your anwser and the "go on" link will appear, you have completed the 11th basic mission.
Don't understand what are you talking about here can you tell me, and dont take me for a crazy or anything in this way!!!!!
ReplyDeleteGot it!, thanks. /e/l/t/o/n doesn't even passed my mind.. *sighs*
ReplyDeleteu r a fat spoiler dood, at least give people some space to use their brains!
ReplyDeletewell ... I can't access the .htaccess file, I do write http://www.hackthissite.org/missions/basic/11/e/l/t/o/n/.htaccess in the address bar but I get an empty page >.<
ReplyDeleteYes, and this what you should normally get:
ReplyDeleteIndexIgnore DaAnswer.* .htaccess
order allow,deny
allow from all
how do you go about finding the .htaccess in the first place? im trying to learn from this not just take and answer and run. so even once your in the http://www.hackthissite.org/missions/basic/11/e/l/t/o/n/ directory how do you find a hidden file? there is no where for commands and the source code doesn't have it either
ReplyDeleteyou need to update ur file the new answer for this site is "right here" (no quotes space included)
ReplyDeleteIt is currently "somewhere close"
ReplyDeleteI dont understand how you're supposed to open the DaAnswer.* file...Is it in the e/l/t/o/n/ directory or in the basic/11/ directory? and what extension do I use? I've tried .php, .html, .htm, .pl and a few others but I always get a "page not found" error.
ReplyDeletemiles cribbs, the file name doesn't include ".*"
ReplyDeleteYou just go to e/l/t/o/n/DaAnswer
Google is your friend :)
ReplyDeletesite:http://www.hackthissite.org/missions/basic/11/
Search and click
If you like, you can repeat the search with the omitted results included.
Michal> That's an interesting method you propose. At least it quickly helps.
ReplyDeleteI was wondering if there was a way to detect in which folder is the .htaccess or we if we could just guess ?