Thursday, August 15, 2013

hackthissite.org Basic Challenge 11 | Shivang Desai

Hi friends,

Here's the last challenge under "Basic" section of  HTS.

The challenge says "Sam decided to make a music site. Unfortunately he does not understand Apache. This mission is a bit harder than the other basics."

I would like to share something here.

You must have heard that "Experience never goes waste". In college, I was trying to develop my website independently. I was not much aware about website development. Finally I chose to go with php and then came across Apache setup.
I was totally new to Apache and in those days I came across a lot about ".htaccess" file. I thought that here in this challenge also it would be playing an important role and ideally it came to be true.

Ok so let's get back to our challenge.

When you enter the challenge "Basic 11", you get a song name.
As I was not aware about how to solve this challenge, I had to visit this particular page of "Basic 11" time and again. I noticed that song name were changing everytime I visited.

After googling the names, I found one thing common in all and that was the name "Elton John"

Keep this name in mind "ELTON" as this is going to be needed further.

Another thing I noticed, in every challenges' url, there was some kind of ".php" file attached to it and it was mostly "index.php"

So I gave a try to append "index.php" with url of this challenge too. The url looked like this:
"https://www.hackthissite.org/missions/basic/11/index.php" and yeah...I got the password box to be filled with password.

Now, as it was told that Sam was new to Apache and one common mistake newbies' make is the denial of directory traversal.

I started with some random things and tried these :
https://www.hackthissite.org/missions/basic/11/password
https://www.hackthissite.org/missions/basic/11/pwd
https://www.hackthissite.org/missions/basic/11/help
https://www.hackthissite.org/missions/basic/11/abc
https://www.hackthissite.org/missions/basic/11/hack
https://www.hackthissite.org/missions/basic/11/elton
https://www.hackthissite.org/missions/basic/11/john
https://www.hackthissite.org/missions/basic/11/a
https://www.hackthissite.org/missions/basic/11/b
.
.
.
etc etc etc

Finally at "https://www.hackthissite.org/missions/basic/11/e" , I got into the directory and found another directory named "l" , inside it was "t" and so on. Basically the hidden secret was inside this url : "https://www.hackthissite.org/missions/basic/11/e/l/t/o/n"

After this /j/o/h/n was not there.
So inside this (https://www.hackthissite.org/missions/basic/11/e/l/t/o/n/) I tried to find ".htaccess" and cool...I found it. (https://www.hackthissite.org/missions/basic/11/e/l/t/o/n/.htaccess)


The usage of .htaccess can be found here.

After accessing .htaccess file, I found another file named "DaAnswer" and inside it was the password.

When I accessed "DaAnswer", it said  "The password is somewhere close! Just look a little harder"

I was like...."What The F***".
I just can't explain what all things I tried with DaAnswer.

I also tried every possible passwords ( on "https://www.hackthissite.org/missions/basic/11/index.php") related to hackthissite and this challenge.

But if I would have used simple logic, the password was there in front of me. The "DaAnswer" file said "The password is somewhere close" . I tried "somewhere close" as password and tadaaaaaa I was ready to "go on".

This is how smartly (idiotically too :-D ) I solved hackthissite basic challenges.
I know I made mistakes at many places but "learning through mistakes is the best way to learn"

HOPE YOU ENJOYED THE COMPLETE SERIES OF "BASIC" CHALLENGES and I would specially like to thank my friend cum Mentor, Aditya Gupta. Thanks bro..

Thank you..

1 comment:

  1. Check The latest version of ex file explorer for pc android and ios devices
    www.es-fileexplorer.co/

    ReplyDelete