[MJS](https://github.com/cesanta/mjs) is a Javascript Engine "designed for microcontrollers with limited resources".

Of note, it integrates pointers to C structure and functions, into the engine as normal JS value.
Furthermore, it allows pointer arthimatic on those values. Thus, we can take a pointer to an exposed function, and point it at an arbitrary other function instead.

Our approach to RCE is to create a pointer to MJS's Foreign Function Interface (FFI), and then call arbitrary libc functions.

[Full writeup](https://github.com/WilliamParks/ctf_writeups/tree/master/kalmar_ctf_2023/mjs)

Original writeup (https://github.com/WilliamParks/ctf_writeups/tree/master/kalmar_ctf_2023/mjs).