Categories
hexionCTF 2020 Web Exploitation

“Well Known”

Problem Description :

Well… it’s known (:

https://wk.hexionteam.com

As you can see, we are given a 404 page. The first thing that I did when solving this problem was checking the web page for any additional hidden elements.

I did this by entering the URL : https://wk.hexionteam.com/robots.txt

This is the result of adding “/robots.txt” to the original URL

I saw that there was a xml file, so I added “/sitemp.xml” after the original “wk.hexionteam.com” url. Here is .xml file document tree:

As you can see, there is a hidden url that we haven’t seen before, so it must be our flag.

The hidden url is : “https://wk.hexionteam.com/.well-known/security.txt

Flag :

hexCTF{th4nk_y0u_liv3_0v3rfl0w}

Leave a Reply

Your email address will not be published. Required fields are marked *