We get a shell, and get the output in large ascii text. There's a PNG of the flag. Here's my script (stupid probably). I got 1/3 of the image and guessed the rest lol
from pwn import*host = ("jh2i.com",50015)import stringmapc ={}r =remote(*host)defrunCmd(cmd): r.clean() r.sendline(cmd)return r.clean(timeout=0.3).split(b"\r\n")[2:8]for c in string.printable: mapc[c]=runCmd(f"echo '{c}'")deflookup(val):for k, v in mapc.items():if v == val:return kdefreadOutput(cmd): template ="expr substr $({}) {} 1" output ="" pos =1for c inrange(1, 9293): out =runCmd(template.format(cmd, c)) char =lookup(out)print(char, end='') output += charreturn outputprint(readOutput("base64 flag.png -w0"))