Hackthissite Basic 11

Hello there, a new mission has been added, Basic 11. First of all take a quick peek at what the overview of the mission is:

“Sam decided to make a music site. Unfortunately he does not understand Apache.”

This basically tells us at first glance that Sam has messed up again, probably opening up a vulnerability or exploit somewhere which can help us with the mission.

Next, taking a brief look at the page, you will find something interesting in the source. Guess he is hiding that pirated music somewhere. Now, think of this:

How would a noob web designer stash his music when he has not much of an ability to write a PHP script to search for it?

Here’s a tip if you haven’t got it so far: Think who about the song title.

Then it’s time to get to basics and find out how he stashed the music. Found it so far? Hint: Take it one step until you’re fully up the ladder.

Then you will find that you cannot go any further. Now it’s time to do a little research. How does an Apache server keep files hidden? This will lead you to another file where the vulnerability search begins.

In the file you’ll see some code. Now, look at the first sentence. If you’ve done your research fully you will find that the settings will take place only if he restarts the server. This is where he made his mistake. The first sentence dictates that the file you are viewing cannot be viewed/is hidden. So the other file there is accessible. Now comes the part where if you’ve been to a grammar school will be easy.

Analyse the sentence which supposedly should contain the password. If you haven’t found it yet, there’s no need to take an English refresher course. Just think literally.

Found it? Now where do we input it? Since Sam doesn’t understand Apache, think where the default page should be. Then enter the password.

Congratulations, you have completed Basic 11!

Cheers,
IncandescentLight