tl;dr: Leak libc offset to bypass ASLR and use buffer overflow to jump to reverse shell gadget.

Original writeup (https://dunsp4rce.github.io/redpwn-2020/pwn/2020/06/26/the-library.html).