Using secret mode 31337 we overflow the RIP, make it point to the start of the random page
that we guessed using the local time
we write a shellcode stub in the page that pivot the execution to a ROP-chain in the heap,
which reads a bigger shellcode in the random page and then jumps to it
the last shellcode bypass the seccomp filter using openat and sendfile

Read the exploit.py

Original writeup (https://github.com/giosch/CTF-stuff/blob/master/asis18/myblog/exploiy.py).