Tags: analysis binary 

Rating:

1. hijack memset@got to \_start to make a loop
2. hijack printf@got to system
3. send "/bin/sh", get shell!

exploit [here](https://gist.github.com/0x01f/e742c7a2faaee4019ade6a4d5d3b6e2f#file-tjctf-super-secure-py)

Original writeup (https://gist.github.com/0x01f/e742c7a2faaee4019ade6a4d5d3b6e2f#file-tjctf-super-secure-py).