The Challenge For this challenge, we have a binary named spellbook and a libc.so.6. After fuzzing the binary, we realize that it is a storage space that seems to contain 10 available indexes (0-9) to store information about a spell. Since no overflow seems obvious and that the access to the array seems to be safe, I couldn’t find any obvious flaws in the program so I opened it in Ghidra to check what was actually going on.

The Challenge In this challenge, we have a binary named sacred_scrolls with a libc.so in a folder named glibc. The binary has the following protections : Great ! We have some good news here. The binary is not a PIE (Position Independent Execution) which means that it will always be mapped at the same address. The other good news is that there is no stack canary on this binary so if we manage to find a buffer overflow somewhere, it shouldn’t be hard to exploit.