Some exploitation notes:

1) All services we run are with a timer, with individual instances being killed after 15 seconds.
Our expectation is you get a local working exploit, and point it remotely to retrieve the flag

2) All services are running in a very empty chroot. Because guessing file paths is no fun:
# ls -R
/:
bin  challenge  flag.txt  lib  lib64

/bin:
cat  sh

/challenge:
[challenge binary]

/lib:
x86_64-linux-gnu

/lib/x86_64-linux-gnu:
libc.so.6

/lib64:
ld-linux-x86-64.so.2

Please plan your exploits accordingly. There are a few with a bit more, a few with a bit less.

3) We really hate it when you have an exploit that works locally, but not remotely.
If this happens, or you want relevant libc's, just ask us on IRC and we'll hook it up.
In general, the hard part should be developing the exploit, not dealing with misc bullshit.

4) libc's at https://yvrctf.ctfd.io/static/uploads/175e69e83f29f392da180ba19668919a/libc.tar.gz