This challenge has a `stack overflow` vulnerability, by which you can overwrite the return address. Then, using `return oriented programing (ROP)`, you are able to spawn `/bin/sh`.

Original writeup (https://github.com/sajjadium/ctf-writeups/tree/master/TAMUctf/2018/pwn5).