The aim of this, and typically all of the user land pwn challenges on HTB, is to make the remote process instance execute a shell (i.e. execve(“/bin/sh”, 0, 0);), which you will typically use to read the flag file from the filesystem. The filename of the flag is not always predictable, so don’t waste your time writing shellcode to just read the contents of a specific file. There is a separate thread specifically about pwn challenges at Pwn Challenges - Challenges - Hack The Box :: Forums.
I’m happy to help anyone with a specific question about this challenge. But please tell me what you’ve done so far, where you’re stuck and what your current thoughts are.