1. Flip `exit@got` to jump back to `entry`
2. Enable debug functionality of flipping function and leak libc addres
3. Leak `environ` in libc to get stack address
4. Modify stack data to jump to `system`