In `34C3 2017 - SimpleGC` challenge, we leak `libc` base address using a `Use After Free (UAF)` vulnerability. Using the same `Use After Free (UAF)` vulnerability, we overwrite `free@GOT` with `system` address, and eventually spawn a shell. This is a good example of `Heap Exploitation` challenge to understand how to exploit `x86_64` binaries with `Canary`, `NX`, and `ASLR` enabled in presence of `tcache` feature which is enabled in `glibc-2.26`.

Original writeup (https://github.com/sajjadium/PersianCatsCTF/tree/master/C3CTF/2017/simplegc).