This mission is about the settings on Apache server by .htaccess file that defines the files and the directories are available and visible to the external visitors. You might see more info about .htaccess.
Now when you open the mission you will se some song names going around for each refresh. Search the musics on google and you notice that all the songs are related to Elton John. Is this a coincidence. I don't thin so :). In addition if you look the forum on hackthissite about the mission they give some clues. By depending on these tips try to go /e/l/t/o/n url added to main address of the page. You see that there is no file there after /n. So it is time to see the htaccess file. By the assumption of we have the file here, type .../.htaccess to the url. You will see that two of file is prevented to be shown on file three but we can actually see them. One of the file is DaAnswer. Delete /.htaccess and type /DaAnswer. It says something tricky. "... answer is ---- ...". The answer is lying there ---- part. Copy the word lying instead of ---- and go back to /mission/11/index.php and type this word as a password then you pass the mission.
This exercise of hacthissite is about cookie manipulation. When you open the exercise page it'll insert into your system a cookie that says "User is not authorized".So if you're working on firefox you might use the add-on "Cookies Manager +" to edit the content of any cookie.
Now open the Cookies Manager from tools menu. Search for the "hackthissite" domain. You'll see a cookie that includes "10" inside its domain name. (I plainly too lazy to open it and see the exact name 🙂 ). Find it and open edit on it. You'll see that it says "no" for authorized. Make it "yes" then refresh the page and push to submit.
I am working on the little tricks on hackthissite.com and I am learning more and more about the facts of security of a web app. Here now time to discover about the basic 8. It is all about the SSI. You need to know it for to deal with that problem.
SSI is a way of server side scripting and very effective on large scale web pages with tons of content and different contents. It gives you the powers of changing all your pages by just changing a .txt file. For example you might have a quote that is updates on daily basis so you don not need to change the quote on a html editor (that is long run compared to Continue reading What is SSI (server Side Includes)? -HackThisSite Basic 8 Solution.-→
Start with the comparison (that assumes you know normal threaded execution).
Two main difference between normal threaded system and asynchronous system are:
For threaded execution each thread has its own controller, however for asynchronous system there is only one thread controller.
Threaded execution does not give the control of ending, starting, changing to user. It is mainly controlled by the operating system internals. On the other side asynchronous execution need some explicit command to interleave one execution to other. It is more in control in the programmer's perspective.