RedpwnCTF 2020 Rust Pwn Writeups (Tetanus, Tetanus Shot)

- This report analyzes two Rust pwnables from redpwnCTF 2020: “Tetanus” (contains a use-after-free due to unsafe drop_in_place leaving stale VecDeque references) and “Tetanus Shot” (abuses an unpatched VecDeque::reserve() OOB write, CVE-2018-1000657). Both writeups include full exploitation chains using heap metadata manipulation and tcache poisoning to overwrite __free_hook with system and spawn a shell; exploit scripts and mitigation context (libc versions, CVE) are provided.