There's a buffer overflow while appending .txt to filename. Overwrite the e and try Common Modulus Attack to crack the plaintext of flag.txt.

Original writeup (https://gist.github.com/cubarco/dc725bcaf737017c501188f2fce1680f#file-secret_fs-py).