pwnable.kr: rootkit (400)

We are given a Linux Kernel Module named rootkit and a remote QEMU guest over ssh. Inside the remote QEMU guest, there's a file named flag which we can't open. There's also rootkit.ko which has the same hash digest as rootkit. Inspecting the syslog, there's a line which says …