Top-Secret: Difference between revisions
Created page with "===Description=== Management found out that the highly sensitive and top secret documents are accessible to all! They must be hidden ASAP! 150pts ===Task=== You must protect this apache web server with authentication! Configure basic authentication to protect the page Use these credentials for auth: Username: mulder Password: Scully-th3-b3st! SSH Access: Hostname: target.... Username: user Password: Cool2Pass ===Solution=== The first thing I did was to make a..." |
(No difference)
|
Revision as of 11:19, 30 September 2022
Description
Management found out that the highly sensitive and top secret documents are accessible to all!
They must be hidden ASAP!
150pts
Task
You must protect this apache web server with authentication!
Configure basic authentication to protect the page
Use these credentials for auth:
Username: mulder
Password: Scully-th3-b3st!
SSH Access:
Hostname: target....
Username: user
Password: Cool2Pass
Solution
The first thing I did was to make a .htpasswd file for the web page.
With the command htpasswd -c /root/.htpasswd mulder
The program in question next asks for a password, which I set as instructed. Next I browsed to the foldercd /etc/apache2/sites-enable/ and opened the file with the editor 000-default.conf.
I then added the following text to the file
<Directory "/var/www/html">
AuthType Basic
AuthName "asd"
AuthUserFile /root/.htpasswd
Require valid-user
</Directory>.
I then restarted the apache2 service service apache2 restart
I then headed to the website again to see if my configuration was successful. Unfortunately, I had broken the whole web page and decided to move on to another task...
Tools
- htpasswd
- nano
- cd
- service
