HKCERT CTF 2022 Writeups

CTFtime event link: https://ctftime.org/event/1722/

Writeups

Web:
1. Insecurely Storing Files (Back to the Past)
2. Local File Inclusion (LFI) (Spyce)
3. Nginx Off-By-Slash Vulnerability (Secured Web Service)
4. Exploiting Server-Side Include Vulnerability (CVE 1999)
5. ??? (protoTYPE:v2 - sanityXSS) (Unsolved)
Forensics:
1. Disk Forensics & Recovering Corrupted Image (SD Card)
Misc:
1. Leaking Sensitive Information via Bad Operation Security (Physical Security) (Zoonn Recording)
Crypto:
1. Cut-and-Paste Attack in AES ECB Mode (Catch-22)