Problem Description :
Well… it’s known (:
As you can see, we are given a 404 page. The first thing that I did when solving this problem was checking the web page for any additional hidden elements.
I saw that there was a xml file, so I added “/sitemp.xml” after the original “wk.hexionteam.com” url. Here is .xml file document tree:
As you can see, there is a hidden url that we haven’t seen before, so it must be our flag.
The hidden url is : “https://wk.hexionteam.com/.well-known/security.txt“