Rating:

entry point looks like:

undefined8 entry(void)

{
    char correct_flag_char;
    size_t sVar1;
    long n;
    undefined4 *puVar2;
    char input_flag [256];
    
    puts("Welcome to CTFd+!");
    puts("So far, we only have one challenge, which is one more than the number of databases we have.\n");
    puts("Very Doable Pwn - 500 points, 0 solves");
    puts("Can you help me pwn this program?");
    puts("#include <stdio.h>\nint main(void) {\n    puts(\"Bye!\");\n    return 0;\n}\n");
    puts("Enter the flag:");
    fgets(input_flag,0x100,stdin);
    sVar1 = strcspn(input_flag,"\n");
    n = 0;
    puVar2 = &DAT_00104060;
    input_flag[sVar1] = '\0';
    do {
        correct_flag_char = whatever(puVar2[n]);
        if (correct_flag_char != input_flag[n]) {
            puts("Incorrect flag.");
            return 0;
        }
        n = n + 1;
    } while (n != 0x2f);
    puts("You got the flag! Unfortunately we don\'t exactly have a database to store the solve in...");
    return 0;
}

we can patch the binary so this is never taken:

        if (correct_flag_char != input_flag[n]) {
            puts("Incorrect flag.");
            return 0;
        }

by changing JZ to JMP:

      00101106 e8 25 01 00 00           CALL                 whatever                                                                                 undefined whatever()
      0010110b 3a 04 33                 CMP                  correct_flag_char,byte ptr [RBX + n*0x1]=>input_flag
HERE  0010110e 74 e8                    JZ                   LAB_001010f8 
      00101110 48 8d 3d 11 0f 00 00     LEA                  RDI,[s_Incorrect_flag._00102028]                                                         = "Incorrect flag."
      00101117 e8 14 ff ff ff           CALL                 <EXTERNAL>::puts                                                                         int puts(char * __s)
data = bytearray(open("ctfd_plus", "rb").read())
data[0x110e] = 0xeb # jz -> jmp
open("ctfd_patched", "wb").write(data)

prepare gbd script to dump AL register after the whatever function call (AL will contains the correct flag chr):

import gdb

def read_reg(reg):
    return gdb.parse_and_eval("${}".format(reg))

def gdb_continue():
    gdb.execute('continue')

gdb.execute('break *0x000055555555510b')   # fix addr
flag = ''
while 1:
    gdb.execute("continue")
    bla = int(read_reg('al'))
    flag += chr(bla)
    print(flag)

then run it on patched binary:

% gdb ./ctfd_patched 
pwndbg> starti
pwndbg> source gggdb.py
Breakpoint 1 at 0x55555555510b
[Thread debugging using libthread_db enabled]
Using host libthread_db library "/lib/x86_64-linux-gnu/libthread_db.so.1".
Welcome to CTFd+!
So far, we only have one challenge, which is one more than the number of databases we have.

Very Doable Pwn - 500 points, 0 solves
Can you help me pwn this program?
#include <stdio.h>
int main(void) {
    puts("Bye!");
    return 0;
}

Enter the flag:
AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA
Breakpoint 1, 0x000055555555510b in ?? ()
l

Breakpoint 1, 0x000055555555510b in ?? ()
la

Breakpoint 1, 0x000055555555510b in ?? ()
lac
///
Breakpoint 1, 0x000055555555510b in ?? ()
lactf{m4yb3_th3r3_1s_s0m3_m3r1t_t0_us1ng_4_d

Breakpoint 1, 0x000055555555510b in ?? ()
lactf{m4yb3_th3r3_1s_s0m3_m3r1t_t0_us1ng_4_db

Breakpoint 1, 0x000055555555510b in ?? ()
lactf{m4yb3_th3r3_1s_s0m3_m3r1t_t0_us1ng_4_db}