Testing vulnerabities in my site

Well, my friend wants me to check his site for holes, and he runs on the same server as me. I found that there is a sysadmin file on the sites but it seems to be protected by a .htaccess password username restriction. I typed in .htaccess for fun and it came back saying "No such file ()" etc and when I typed in .htpasswd it sent me to a blank page instead of an error page. I was wondering if there was any way to get a username and password out of this file some how and how if possible and if not, is there anything else I should try? (the server runs .shtml if it helps… and it is sambar)