This challenge contains a heap overflow vulnerability. Lesson learned is that if the chunk being allocated is MMAPED, the content will not be zero out when using calloc. So, by using the overflow vulnerability, we can set IS_MMAPED bit of the target chunk in order to leak a libc address, and then launch the fastbin attack in order to overwrite __malloc_hook with one gadget address. This is a good challenge to understand how to exploit x86_64 binaries with Full RELRO, Canary, NX, PIE, and ASLR protections.

Original writeup (https://github.com/sajjadium/ctf-writeups/tree/master/0CTFQuals/2017/babyheap).