[hacktmctf] trip_to_trick

1. stdin._IO_buf_base -> stdin

2. stdin._IO_buf_base = stdout, stdin._IO_buf_end = stdout +0x2000

3. stdout.vtable = _IO_helper_table

4. _IO_helper_table.sysclose = setcontext + 53

5. rop + orw