To start with Main 7, nothing about the source code gives off any hints. So I asked for one and was presented with the following information:
If you are not familiar with a robots.txt file, they define which pages on the site should not be scanned. Therefore, HackThis is most likely excluding some text file or page containing it via their robots.txt specifications. Let’s navigate to it.
This is the file, found here. The two disallowed file paths that look the most interesting are userpass.txt and the ctf/8/php. Since we know the username and password is stored in a txt file, let’s navigate to the /levels/extras/userpass.txt file.
48w3756
u3qh458
This is all we see when we visit this file path. Assuming it’s the username and password guarantees us advancement to the next level.
| Previous: Main 6 |