> The challenge provides a FastAPI-based service, allowing users to interact with a chatbot via text and audio. Audio uploads are passed through a patched version (it was patched to simplify the exploit, more details in the full writeup) of OpenAI's Whisper ASR (tiny.en v20231117), before getting passed to the Chatbot. Our goal was to find and exploit vulnerabilities within the provided system to read the flag placed at `/chal/flag`.

### tl;dr:
#### Adversarial audio attack against Whisper tiny.en to inject shell commands.