Basic Mission 11

[conscience]

To everyone who haven't solved this yet: I you feel like skiping, just do it without worries.
Just finished solving it and I dont think this is hacking, more like solving puzzles and riddles. Completly unrelated to the other basic problems presented.

Most of the tips in this thread are misleading. The workflow to solve this problem has at least 6 steps!!! which completly exagerated. This is not basic and I dont think a problem like this will ever happen in reality.

And your assumtions are quite not correct. Even IRL you'll need common sense quite a bit often as - unfortunately - many people still believe in security through obscurity.

This misson is frustrating and exaggerated indeed, yet the approach of solving this mission should quite much be in your everyday inventory.

Regards,
con

[Snipeon]

And your assumtions are quite not correct. Even IRL you'll need common sense quite a bit often as - unfortunately - many people still believe in security through obscurity.

This misson is frustrating and exaggerated indeed, yet the approach of solving this mission should quite much be in your everyday inventory.

Regards,
con

agreed. however, can someone please tell me(along with a load of other people) if there's a way to list a site's subdirectories??? we just can't always rely on guessing and common sense, right?

[elementis0]

Okay,
so I figured out what the songs have in common.
I know "who" or "what" made all of these songs and have been trying variations of one name.
What is a better way of going about trying to guess what the directory structure is?

Also, do I need to guess a directory and multiple sub-directories or do I just need to guess the name of one directory?
I'm trying to think of "How would I create a directory structure which stored a music collection?". And then I'm guessing those names based of the relationship that all the songs share. I've tried all string variations of one persons name with no luck.



*EDIT* I figured out the directory listing. The string I guessed had to be A LOT shorter. I get the whole abc thing now haha.
Just solved the mission! Guessing the directory was hands down the hardest part. Everything else took like a minute or two.
I swear, this routine of playing on this for half and hour, taking a loong break and then doing it again is really making these missions a lot easier in the long run.

[f1r3fly_s3r3n1ty]

To everyone wondering how to solve this without blindly guessing, here's a tip: guessing directory names is suitable for automation...try brute forcing directory/file names. Took me all of one minute to get 75% of this challenge done.

If you're having trouble relating this mission to the real world, this technique is essential and completely realistic!

[Snipeon]

hmm... brute forcing... now that sounds more logical.

[f1r3fly_s3r3n1ty]

hmm... brute forcing... now that sounds more logical.

I understand what you're saying, however, solving this mission requires brute force. It doesn't matter if it's manual or automated, brute force is still used. Security professionals (and hackers) don't waste time guessing directory names for hours on end. They use brute force directory scanners when casing a site. So, in terms of time and practicality, it is more logical...

[facelessman26]

this mission does not require brute force.

Use what you learned from the previous missions.
Learn about apache and how certain important files are stored on the server.
Learn your ABCs its staight forward from there.
Didn't you learn anything about directories?

[f1r3fly_s3r3n1ty]

this mission does not require brute force.

So you're telling me that you magically guessed the directory structure on your first attempt? Nice try, but this mission DOES require brute force. I'll say it again, in case you missed it:

It doesn't matter if it's manual or automated, brute force is still used.

[Yusufmalikul]

Okay, i solved this mission.
This is the step to complete this mission.
1. find the artist name
2. find the directory
3. read .h******* files
4. go to the path .h******* files tell you, the password is on that path.
5. back to home and find the login page
6. enter the password

You did it !

[conscience]

this mission does not require brute force.

So you're telling me that you magically guessed the directory structure on your first attempt? Nice try, but this mission DOES require brute force. I'll say it again, in case you missed it:

It doesn't matter if it's manual or automated, brute force is still used.

Well no. If you did not know what to look for while checking consecutive (or random) directories, that'd be brute force. What is applied to this mission - that is, common sense, figuring out how to use the information given away by the songs - involves no brute force at all.