Hi hackers, this is a write-up for Pentester Lab Recon 02. The goal here is to retrieve the security.txt from the main website. We need to know what the security.txt file is used for and how it tells security researchers how to disclose vulnerabilities for a website. It is:

A proposed standard that allows websites to define security policies, and thanks to the security.txt, security researchers can easily get in touch with companies about security issues.

There are a couple of ways to find this file. The security.txt is found in the .well-known folder, which you can add to the url hackycorp.com/.well-known/security.txt,The.well-known directory is typically located in the root public_html, www, or public folder of your website. Another way is to check these folders to find the file and get the flag.