ctftime doesn't seem to display all the emojis correctly, so the full writeup is [here](https://github.com/mephi42/ctf/tree/master/2020.09.26-0CTF_TCTF_2020_Finals/Emoji%20Revenge).

## TL;DR

* [Exploit](https://github.com/mephi42/ctf/tree/master/2020.09.26-0CTF_TCTF_2020_Finals/Emoji%20Revenge/pwnit.py)
* Inspired by: PlaidCTF 2020 [EmojiDB](https://ctftime.org/task/11311) ([my
solution](https://github.com/mephi42/ctf/tree/master/2020.04.17-PlaidCTF_2020/EmojiDB/pwnit.py))
* [Glibc bug](https://sourceware.org/bugzilla/show_bug.cgi?id=20568)
* [mmap_min_addr](https://www.kernel.org/doc/Documentation/sysctl/vm.txt)
* [UTF-32 to UTF-8](https://stackoverflow.com/a/42013433/3832536)
* Send {beer} in a loop until `mmap()` returns `NULL`.
* Send {horse} with shellcode at offset 0, infinite loop at offset 0x200, and
70 {cow}s at the end.
* Wait until `SIGALRM` happens.
* The shell appears:
```
$ cat flag
flag{thanks_again_Plaid_CTF_i_found_th1s}
```

Original writeup (https://github.com/mephi42/ctf/tree/master/2020.09.26-0CTF_TCTF_2020_Finals/Emoji%20Revenge).