There vulnerability is in the get_flag, there is a strncmp. Basically, if you provide empty string as one of the parameters, it will return 0 because the n parameter is extracted from the provided token.

In order to fix it, you just need to replace strncmp with strcmp. The following line is from objdump. You need to replace 8048c95 with 8113480:

80497ae: e8 e2 f4 ff ff call 8048c95 <strncmp>

Original writeup (https://github.com/sajjadium/ctf-writeups/tree/master/iCTF/2018/fantasticiot).