Overflow the buffer and setup a puts call to print the content of the global password. Then use it to get the flag.

Original writeup (https://0xf4b1.github.io/ctftime/tuctf.com/pwn/pancakes/).