HackThisSite Basic Mission 11
The final mission of the basic series! This one is probably the most obscure one out of the rest. The other pages teach simple lessons that build up to beat the realistic missions later on, but this one kind of veers off the path.
Problem
Alright Sam built out a sick Apache page that displays some lyrics to Elton John songs. Sam once again is using obfuscation as the primary security practice for the page, so let’s hunt.
Hint I’ll give is you need to read about how Apache gives permissions to user for accessing directories and what happens if you don’t do that.
Solution
Alright so we go to Inspect Element and we get a one comment that will guide this expedition through the page. The only other interesting thing to note is refreshing the page gives us a new song each time. Anyways we need to go directory hunting.
So several tools exists to do this type of work, I ended up finding dirsearch which after doing the mission did a good job. I followed this guide for using it to, but with a couple arguments you can simplify it a lot.
python3 dirsearch.py -u \ https://www.hackthissite.org/missions/basic/11/
# this takes a hot minuteSo now that we have the PHP files we need to see what ends up being the correct path. The…
