Introduction

I had the opportunity to compete in the CSAW CTF Finals 2018 for a second year in a row, with the UMBC Cyber Dawgs. It was a lot of fun, despite our somewhat lackluster finish in 10th place. I learned a lot. For instance, in this challenge, I learned how to exploit a Use-After-Free vulnerability (in WebAssembly no doubt!).

Challenge

WASM is the future of the web! JS devs will be writting c++, what could go wrong?.

This debugger might help kinda shrug emoji

Written by itszn, Ret2 Systems

http://pwn.chal.csaw.io:1000

HINT: You can get source via /test.wasm.map and /test.cpp

Continue reading “CSAW CTF Finals 2018 – Wic Wac Woe 1 writeup” →