hxp
2022
Join us on IRC! Libera Chat | #hxpctf - Stalk us on Twitter @hxpctf
true_web_assembly
by sisu and johnfound
Difficulty estimate: 
- hard
Points: round(1000 ยท min(1, 10 / (9 + [8 solves]))) = 588 points
Description:
https://board.asm32.info/asmbb-v2-9-has-been-released.328/
From the post:
- “AsmBB is very secure web application, because of the internal design and the reduced dependencies. But it also supports encrypted databases, for even higher security.”
- “Download, install and hack”
Yes
Goal is to get the admin to visit a page on the forum,
HACK-HACK-HACK,
/readflag will print out the flag.
Please don’t submit too many requests or try to abuse anything with the setup.
Focus on the forum’s implementation.
Two dockerfiles are provided:
- ./Dockerfile for hosting the challenge
- standalone-build/Dockerfile for building asmbb engine for a specific commit
Disclaimer
This challenge offers an individual instance for you and therefore runs behind a proxy requesting login credentials. Locally use hxp:hxp.
Download:
true_web_assembly-dc8d14e5d792fb66.tar.xz (6.8 MiB)
Connection (mirrors):
- Instancer
nc 162.55.216.146 9032
Adminnc 162.55.216.146 9762
Solved by:
| # | Team | Time |
|---|---|---|
| true_web_assembly released | 2023-03-10 19:23:58 +0000 UTC | |
| ๐ฅ | justCatTheFish | 2023-03-11 00:42:24 +0000 UTC |
| ๐ฅ | idek | 2023-03-11 11:34:08 +0000 UTC |
| ๐ฅ | Never Stop Exploiting | 2023-03-11 14:50:33 +0000 UTC |
| 4 | Katzebin | 2023-03-11 15:06:54 +0000 UTC |
| 5 | Straw Hat | 2023-03-11 21:55:07 +0000 UTC |
| 6 | copy | 2023-03-12 02:38:32 +0000 UTC |
| 7 | Blue Water | 2023-03-12 11:38:14 +0000 UTC |
| 8 | 796f75 | 2023-03-12 11:53:27 +0000 UTC |