the "exploitable" binary will be executed under exploitable_pwn privilege if you connect to port 9018.
execute the binary by connecting to daemon(nc 0 9018) then pwn it, then get flag.