On this CTF you face a "What is your name?" and an option to download the binary.
After downloading it and Ghidra, we open it up and see the name goes into a 0x20 buffer on the stack. Ok, we should be able to overrun it and overwrite the return value. After plopping in some characters it looks like I can enter 40 and on next one I get a 'segmentation fault' message.
Well, I dump the ROP gadgets, using 'ROPgadget --binary vulnerable-bin' command in Kali and take a further look. Ok.. digging further into the binary, I see a 'print flag' function. Ok, may not need the gadgets.
I just need to convert the address to the right order. Basically, take 0x004006ee and convert to a 64 bit pointer that is url encoded. %ee%06%40%00%00%00%00%00
Boom, it prints the flag.