hexionCTF 2020 Web Exploitation

“Well Known”

Problem Description :

Well… it’s known (:

As you can see, we are given a 404 page. The first thing that I did when solving this problem was checking the web page for any additional hidden elements.

I did this by entering the URL :

This is the result of adding “/robots.txt” to the original URL

I saw that there was a xml file, so I added “/sitemp.xml” after the original “” url. Here is .xml file document tree:

As you can see, there is a hidden url that we haven’t seen before, so it must be our flag.

The hidden url is : “

Flag :


Leave a Reply

Your email address will not be published. Required fields are marked *