# hxp CTF

Won this CTF together with friends from [Blue Water](https://ctftime.org/team/205897) (Perfect Blue + Water Paddler).

<figure><img src="https://3167364547-files.gitbook.io/~/files/v0/b/gitbook-x-prod.appspot.com/o/spaces%2F-MX1bWRlBzHpEPe1TYDD%2Fuploads%2FEIjUt2BvD6uiFDeB0tFU%2Fimage.png?alt=media&#x26;token=f308c8ea-2a02-44fe-8cb8-3a9db5f4412c" alt=""><figcaption></figcaption></figure>

We solved all the Web challenges in this CTF. All of them, except for *valentine*, were clone-to-pwn challenges requiring us to find a 0day in an open-source web application.

| Challenge                                                                      | Category | Target                                                              |
| ------------------------------------------------------------------------------ | -------- | ------------------------------------------------------------------- |
| valentine                                                                      | Web      | [ejs](https://github.com/mde/ejs)                                   |
| archived                                                                       | Web      | [Apache Archiva](https://github.com/apache/archiva)                 |
| sqlite\_web                                                                    | Web      | [sqlite-web](https://github.com/coleifer/sqlite-web)                |
| [true\_web\_assembly](https://ctf.zeyu2001.com/2023/hxp-ctf/true_web_assembly) | Web      | [AsmBB](https://board.asm32.info/asmbb-v2-9-has-been-released.328/) |