Secret Vault — Heap Address Leak + Shellcode via Stack Overflow
Trigger a heap allocation that the binary prints, compute the shellcode landing address at heap+96, then overflow the stack with that return address followed by shellcode to get a shell.