Considering the new ASLR entropy, in the same environment as the challenge, and that the third least significant byte in the bruteforce is attacked at one stage, I managed to get shell locally, but not remotely :(

[https://gist.github.com/soez/695b8ba4085bf6eb8e113c4f0f1d47b0](http://)