There is a buffer overflow with the name input (Can I have your name please?) (16 character), but I have problems to exploit the ret2plt.
Did you find where the buffer overflow vulnerability is?
I thought I had the correct syscall_ret (libc = libc.so.6), but it didn’t work.
I can’t find the input location, so I can’t even trigger a segmentation fault.
someone says no spoilers !! 
i think it’s a big spoiler @TxW