This mission is known as one of the very unsolvable missions throughout the hackthissite’s forum. Many have tried to solve it by searching hints and using them, but this mission still is a mystery for most of them. The very beginning intro of this mission can be blamed for this, as it points us in unknown direction.
Sam decided to make a music site. Unfortunately he does not understand Apache. This mission is a bit harder than the other basics.
Now, when we open the mission all we receive are some similar messages like these, every time we refresh the page a new line shows up.
I love my music! “Dark Diamond” is the best!
I love my music! “Honky Cat” is the best!
I love my music! “Something About the Way You Look Tonight” is the best!
If you pay attention to these lines, sooner or later you will find that all of these are written by Elton John. That’s our clue number one.
But we have to find a page like every other mission, so that we can enter the password or do some trick and complete the level. Index.html, index.php or home.html, these are some of the main documents that do not need redirection, they just appear as soon as we open a directory.
Lets do some directory traversal and try index.html, you will soon find that its the same page which generated those messages. Next we can try index.php and yes, it works. We do get a place to enter a password but still, where is the password?
I got the next help from the forums, that we need to do some directory traversal and one should do his abc’s. The abc’s is a hint difficult to understand, but is easy if once figured out.
Well, the hints tells us to follow the directory structure as if we were Sam, how would you arrange the music directories? Well yes, you had make a directory say John or Elton, or one letter at a time. That’s what Sam did.
I also got my next clue from the forums only. It was mentioned some where in the forums that knowledge of .htaccess will help. So I checked out if there was a .htaccess file in there? Yes, here is it.
IndexIgnore DaAnswer.* .htaccess
allow from all
From this file, we are able to figure out that the ‘DaAnswer‘ directory is hidden from directory structure. So, lets transverse this directory. And we will find we will something like this.
The answer is easy! Just look a little harder.
In this case the answer is ‘easy’, they are just playing tricks on us.
What did we learn?
Using .htaccess file we can do a lot many things, hide directory. do any redirection as we want or block complete folders. .htaccess file is not readable by everyone as shown here, that is the reason it was said in the intro, ‘Sam does not understand apache well’.