1. exit GOT -> main
2. printf GOT -> ppppr
3. printf(format) -> system('/bin/sh')

[read more](http://note.taqini.space/#/ctf/HackZoneVIIICTF-2020/?id=pwn1)

Original writeup (http://taqini.space/2020/04/12/HackZone-VIII-CTF-pwn-writeup/#pwn1).