As I mentioned in the previous article, I started web400 immediately after I finished web300. At that point I was in a winning streak, so, naturally, I thought I could beat this one, too.
I had no idea how wrong I was…
I will not include the code sample here, because it’s simply too big to paste it in this article, but you can easily reproduce the challenge by downloading HTML Password Lock from MTop Software and „locking“ a plain text (or HTML) file with it (just use the default options).
Now, to the fun part: you first had to take a good look at the source. At some point, you would notice a comment at the end of the file, reading „Protected by HTML Password Lock, MTop Software Inc.“. This should lead you to download said software and give it a try (I did, too). That software had the ability to „lock“ a file into an HTML Document. Also, by default, when locking a file it would save a copy of the original file, with the original filename + ‚.PreLock‘ extension.
With this knowledge (from studying the actual app), you could blindly try to find that file (not knowing for sure it exists). Now, there was no filename in the URL, so you didn’t really know the name of the „locked“ file. With some educated guessing you would find that the locked file was index.htm and the „pre-lock“ file was index.htm.PreLock. That was it ! I would have given up to this challenge long before I would have found this solution. I would have never considered this type of human-error.
In the next part I’ll talk about Miscellaneous challenges.