Using angr's symbolic stack for solving binaries

Question

I am trying to adapt the technique mentioned in https://blog.notso.pro/2019-03-26-angr-introduction-part2/ on another binary (02_angr_find_condition). The binary can be found at https://github.com/jakespringer/angr_ctf/tree/master/dist

I am trying to figure out the offset for the padding etc and I could not find the correct offset that can print out the correct password for the binary.

My code snippet as follows

def main():

    base_address = 0x08048000
    start_address = 0x08048645

    def success(state):
        stdout_output = state.posix.dumps(sys.stdout.fileno())
        if b'Good Job.' in stdout_output:
            return True
        else: return False

    def bad(state):
        stdout_output = state.posix.dumps(sys.stdout.fileno())
   
        if b'Try again.' in  stdout_output:
            return True
        else: return False

    getproject = angr.Project('angr_ctf/dist/02_angr_find_condition', auto_load_libs=False)

    getstate = getproject.factory.entry_state(addr=start_address)

    #set up the stack
    getstate.regs.ebp = getstate.regs.esp

    #this padding is for bytes prior (higher addresses) to the memory location we want to observe.
    padding_length_bytes = 0x30
    getstate.regs.esp -= padding_length_bytes

    # Input is %8s so its eight characters
    # character array to store input is 9 char bytes long.
    input0 = claripy.BVS("input0", 64)

    getstate.stack_push(input0)

    for z in input0.chop(8):
        getstate.solver.add(z >= 0x20)
        getstate.solver.add(z <= 0x7f)

    simgr = getproject.factory.simgr(getstate)

    simgr.explore(find=success, avoid=bad)

    print(simgr)

    if len(simgr.found) > 0:
        print(simgr.found[0].posix.dumps(0))
        print(simgr.found[0].posix.dumps(1))

        print(simgr.found[0].solver.eval(input0, cast_to=bytes))