Click here: LEVEL 11
I remember that here I write SPOILERS!
"Sam decided to make a music site. Unfortunately he does not understand
Apache. This mission is a bit harder than the other basics."
We note that in this level we have
and every time we update the page, the string changes, for example:
Who remind you of???
Now that we know that, we have to find how the music collection is organized on the server, after many tries I found that the songs are organized in letter by letter directories, trying all the different possibilities is a waste of time because we already know where to look for our password, it's in
"http://www.hackthissite.org/missions/basic/11/e/l/t/o/n/"
In this Directory, there is no protection on .htaccess. When you get there, this directory may seem empty, but actually it's not, there is a hidden file in it and it's named ".htaccess". This file allows a directory level configuration of the web server (In this case Apache). When you open the .htaccess file, going on "http://www.hackthissite.org/missions/basic/11/e/l/t/o/n/.htaccess", you'll see this interesting instruction:
The first row, IndexIgnore DaAnswer.* .htaccess, tells to the web server to exclude these two files from the directory listing. Now we know that our password in the "DaAnswer" file, when you open the file you'll get something like
The answer is easy! Just look a little harder.
You have to take it literally, cause in this case the answer is "easy" (without the quotes).
Now go to the index.php and submit your answer/password.
Source: http://naceredd1ne.blogspot.it
Useful links about .htaccess:
PHP/Apache .htaccess Authentication Bypass Vulnerability
Understanding .htaccess attacks
Useful links about .htaccess:
PHP/Apache .htaccess Authentication Bypass Vulnerability
Understanding .htaccess attacks
Nessun commento:
Posta un commento