Rating: 3.5

* Overwrite the pointer of program name, and trigger `SSP` -> leak information.
* Get serveral `libc`.
* Overwite `GOT read` with `onegadget` -> with probability 1/16 (correct libc).
* [exploit.py](https://github.com/ssspeedgit00/CTF/tree/master/2018/defcon)