The Challenge For this challenge, we have a binary named spellbook and a libc.so.6. After fuzzing the binary, we realize that it is a storage space that seems to contain 10 available indexes (0-9) to store information about a spell. Since no overflow seems obvious and that the access to the array seems to be safe, I couldn’t find any obvious flaws in the program so I opened it in Ghidra to check what was actually going on.

This challenge was about escaping a parser using the AST module.