This challenge has a stack overflow vulnerability, by which you can overwrite the return address. Then, using return oriented programing (ROP), you are able to spawn /bin/sh.

Original writeup (https://github.com/sajjadium/ctf-writeups/tree/master/TAMUctf/2018/pwn5).