Thursday, August 15, 2013

hackthissite.org Basic Challenge 11 | Shivang Desai

Hi friends,

Here's the last challenge under "Basic" section of  HTS.

The challenge says "Sam decided to make a music site. Unfortunately he does not understand Apache. This mission is a bit harder than the other basics."

I would like to share something here.

You must have heard that "Experience never goes waste". In college, I was trying to develop my website independently. I was not much aware about website development. Finally I chose to go with php and then came across Apache setup.
I was totally new to Apache and in those days I came across a lot about ".htaccess" file. I thought that here in this challenge also it would be playing an important role and ideally it came to be true.

Ok so let's get back to our challenge.

When you enter the challenge "Basic 11", you get a song name.
As I was not aware about how to solve this challenge, I had to visit this particular page of "Basic 11" time and again. I noticed that song name were changing everytime I visited.

After googling the names, I found one thing common in all and that was the name "Elton John"

Keep this name in mind "ELTON" as this is going to be needed further.

Another thing I noticed, in every challenges' url, there was some kind of ".php" file attached to it and it was mostly "index.php"

So I gave a try to append "index.php" with url of this challenge too. The url looked like this:
"https://www.hackthissite.org/missions/basic/11/index.php" and yeah...I got the password box to be filled with password.

Now, as it was told that Sam was new to Apache and one common mistake newbies' make is the denial of directory traversal.

I started with some random things and tried these :
https://www.hackthissite.org/missions/basic/11/password
https://www.hackthissite.org/missions/basic/11/pwd
https://www.hackthissite.org/missions/basic/11/help
https://www.hackthissite.org/missions/basic/11/abc
https://www.hackthissite.org/missions/basic/11/hack
https://www.hackthissite.org/missions/basic/11/elton
https://www.hackthissite.org/missions/basic/11/john
https://www.hackthissite.org/missions/basic/11/a
https://www.hackthissite.org/missions/basic/11/b
.
.
.
etc etc etc

Finally at "https://www.hackthissite.org/missions/basic/11/e" , I got into the directory and found another directory named "l" , inside it was "t" and so on. Basically the hidden secret was inside this url : "https://www.hackthissite.org/missions/basic/11/e/l/t/o/n"

After this /j/o/h/n was not there.
So inside this (https://www.hackthissite.org/missions/basic/11/e/l/t/o/n/) I tried to find ".htaccess" and cool...I found it. (https://www.hackthissite.org/missions/basic/11/e/l/t/o/n/.htaccess)


The usage of .htaccess can be found here.

After accessing .htaccess file, I found another file named "DaAnswer" and inside it was the password.

When I accessed "DaAnswer", it said  "The password is somewhere close! Just look a little harder"

I was like...."What The F***".
I just can't explain what all things I tried with DaAnswer.

I also tried every possible passwords ( on "https://www.hackthissite.org/missions/basic/11/index.php") related to hackthissite and this challenge.

But if I would have used simple logic, the password was there in front of me. The "DaAnswer" file said "The password is somewhere close" . I tried "somewhere close" as password and tadaaaaaa I was ready to "go on".

This is how smartly (idiotically too :-D ) I solved hackthissite basic challenges.
I know I made mistakes at many places but "learning through mistakes is the best way to learn"

HOPE YOU ENJOYED THE COMPLETE SERIES OF "BASIC" CHALLENGES and I would specially like to thank my friend cum Mentor, Aditya Gupta. Thanks bro..

Thank you..

6 comments:

  1. Check The latest version of ex file explorer for pc android and ios devices
    www.es-fileexplorer.co/

    ReplyDelete

  2. i have been a victim of scam to different hackers who almost ruined me till i read about,

    cyberfiles.hacker@gmail.com .


    on the internet, i decided to give him a try and just lastnight i checked my credit score and saw the positive changes he had made!! i have since then connected him to friends and family who all were flabbergasted by his results, i feel its only right i share him with the public as am sure there are so many in my situation.

    ReplyDelete
  3. Darknet genuine money related sellers and trick commercial center audits | FULLZ, CC can be purchased from Deepweb
    Darknet Financial Vendors.

    ReplyDelete
  4. Do you need to increase your credit score?
    Do you intend to upgrade your school grade?
    Do you want to hack your cheating spouse Email, whatsapp, Facebook, instagram or any social network?
    Do you need any information concerning any database.
    Do you need to retrieve deleted files?
    Do you need to clear your criminal records or DMV?
    Do you want to remove any site or link from any blog?
    you should contact this hacker, he is reliable and good at the hack jobs..
    contact : onlinehacker4hire at gmail dot com


    ReplyDelete
  5. Each time I open my spouse messages starting from his WhatsApp messages, text messages and iMessages I always discover that my spouse always clear all the chats on those applications it was so so suspicious that I had to hire {wizardcyprushacker@gmail.com) for a quick phone hack so as for me to get all my spouse deleted text messages, WhatsApp messages and imessages read. In less than 1 hour this hacker got me all I needed and I was Able to read all that my spouse has been hiding from me, am so so so thankful to you (wizardcyprushacker@gmail.com) or whatsapp him:+1 (424) 209-7204

    ReplyDelete