We are greeted with page talking about modules.
The recon part was clicking the two provided links and checking what changes. Then I noticed this.
My first though was can I get somewhere else in the dir? Yes I can. I used the Repeater in Burp again to explore this. Can we view the password file in /etc ? Yes we can!
That means I can traverse directories from the url and that is awesome! After some trail and error I find the correct file to be checking (.htaccess).
Oh look what do we have here in the response!
Lets put that directory in the URL and see what happens. Don’t take the full path because you don’t need it. Check the picture bellow to see which part you need.
Here you go. We have the flag! The flag is: LLS{htaccess_can_control_what_you_access}