https://webspace.utexas.edu/lel65/documents/Test.html I expect it shouldnt be that hard for the more experienced. If you can get through, please tell me how you did it Oh and I also noticed that if you get rid of the /Test.html part, people can see the list of files on my FTP. How do I stop them from being able to do that? I want them to have to log in to see the files and am testing this encryption program called HTML password pro right now. What I want is to not even let you see sceduelepic.jpg, test.html or squirrels-superlowres.gif. I want it to go directly to Test.html if you go to /lel65/documents or /lel65 Is there a way to do it?

to about 95% of people your safe, but to the other 5% your screwed and there is nothing you can do about it... i will try to hack your ftp later, since you gave us permission.. thanks

If your webserver is Apache, there is a setting to not allow people to see the list of files. I don't remember what the setting is called. If you don't have the option of changing that setting, just put an index.html file in every directory. I would suggest changing Test.html to index.html. That would take care of the /documents directory. Then in the /lel65 directory, put an index.html that does an automatic redirect to the documents directory.

Ok, Test.html has been changed to index.html for those looking for the page to hack.

Security through obscurity. I used a debugger. I set one breakpoint, then reloaded the page. Everything is in the original source file. The page returns to itself when the correct username (USER123) and password (U1TEXAS0) are entered. You just get: " This is a test. testing... [a bar] ...123 " You can view the readable code here and read a short explanation of the password (and other) encoding here. I didn't look, but a cookie is probably used to bypass the normal run and give you your prize. The original file in all its convoluted glory is here. Go ahead, login.

Somebody else try. Not a lot has changed in index.html. You do get a new message though: " Congratulations, you got through ;) Now please tell me how you did it and how I can prevent it. Thanks! " You can't. Nothing is hidden. Your host is running Jakarta - do they support Tomcat (JSP)?

hahaha,,... I love it, yeah I took a look at the code and it is funny, like I said (even before looking at your source) 95% will be like WTF!!! and the other 5% will be like WTF LOL!!!! see the difference?