This challenge is a very interesting one. Now first of all what is .htaccess ?
Well, .htaccess is a configuration file for use on web servers running the Apache Web Server software.
Let’s go to the area.
Okay, we need a username and a password.
For continuing this article I would recommend you to read the following article
If you are too lazy to read that article just go through the following para.
The password protection and authentication systems offered by the Apache Web Server are probably the most important use of .htaccess files. Very easily, we can password protect a directory (or multiple) of a web site which requires a username and password to access. The login details are encrypted and then located in the other file the location of which is in the .htaccess file. So let’s find the .htaccess.
First let’s see the source code
Hmm….So there is a folder named secure.
Let’s try something like this
Naah…Let’s look for the file in secure folder
Yeahhhh…….So now we know that the AuthUserFile is located in secure/.htpasswd . Let’s open it .
Well , this looks like it is encrypted. Let’s decrypt it !!
The easiest and the most famous tool for the above purpose is John-The Ripper. You can download it in Windows or Linux. The commands are same so there is no need to worry about that. Now , the first thing you need to do is to create a Notepad file with any name (I have named it hashes.txt) and then put the encrypted text in the file and then save it in the same folder as of john and then open the command window in that folder (Shift + Right Click > Open Command Window here)
Okay so it looks like username is vampire and password is blood . Here you go now you can get the flag.