Same as Trick or Treat from HITCON CTF 2019. You can read my writeup for that [here](https://syedfarazabrar.com/2019-10-14-hitconctf-2019-trick-or-treat/).

Overwrite `__realloc_hook` with a one gadget and overwrite `__malloc_hook` with `realloc+14` to meet the one gadget's constraints.