Basic Mission 11 Solution

This is the eleventh basic mission that can be found at Hack This Site . Please use this as a reference or to help you when you get stuck. This is not intended for people to just breeze on by the missions. Besides, what's the fun in that???

Scenario - Sam decided to make a music site. Unfortunately he does not understand Apache. This mission is a bit harder than the other basics.

Ahh Apache, what a wonderfully open source and powerful web server. So at a glance Sam's music site when refreshed gives you different song names. Well when we go into the developer view we find a wonderful little comment that tells us they have a music collection if we can only find it. Wait a sec.... back up... What about a password box??? Yea lets get back on track and pass this level. In order to have a password form we would use PHP correct? So lets find that password field. If we navigate to the default and most obvious of document names 'index.php', we will find what we are looking for. We have a clue and the authentication form so lets get to it. If you had a music collection how would you organize it? Alphabetically maybe? Start searching the directory for sub directories then. nothing for a, b, c, or d. OK well how about we Google the songs that we get each time we refresh the page. All Elton John songs! OK so play around with that and you may eventually get to the right place. I leave no stone un-turned so I actually went through the entire alphabet. Well I stopped at 'e' because that where I found a directory. enough chatter. You can find the password in e/l/t/o/n. Well after trying 100 different nomenclatures to try and uncover this password file we suspect to be in this n folder; we need to think about how server security for Apache works. This folder looks to be a dead end but what if someone wanted to hide a file? They would use a .htaccess file right? OK, so type in .htaccess and low and behold we see IndexIgnore DaAnswer and .htaccess. I am not going to waste time by explaining why what he did was wrong and what he could have done better because it's not the point of this. But once you travel to DaAnswer.txt in the e/l/t/o/n directory you will get "The answer is not here! Just look a little harder." Well you need to stop and think about this little conundrum your in because you found a definite security breach that lead to a file called DaAnswer. The statement in the file needs to be taken literal, OK? See you at the realistic missions!