We could write any file within 10 bytes. I choose to write `/proc/self/mem` to inject my shellcode to achieve a larger read syscall.

Then I can do ROP and get flag.

Read my exploit [here](https://github.com/bash-c/pwn_repo/blob/master/Bamboofox2019_abw/share/solve.py)

Original writeup (https://github.com/bash-c/pwn_repo/blob/master/Bamboofox2019_abw/share/solve.py).