The binary has a buffer overwrite and memory leak.
Since we can't write 64-bit data and there's no `pop rdx` gadget, I used ret2csu to call the `write` function.

[writeup](https://ptr-yudai.hatenablog.com/entry/2019/06/03/113943#pwnable-494pts-rank)

Original writeup (https://ptr-yudai.hatenablog.com/entry/2019/06/03/113943#pwnable-494pts-rank).