diff --git a/format_string_1/flag.txt b/format_string_1/flag.txt
new file mode 100644
index 0000000..e0e55e4
--- /dev/null
+++ b/format_string_1/flag.txt
@@ -0,0 +1 @@
+flagFLAG
diff --git a/format_string_1/format-string-1 b/format_string_1/format-string-1
new file mode 100755
index 0000000..25e6624
Binary files /dev/null and b/format_string_1/format-string-1 differ
diff --git a/format_string_1/format-string-1.c b/format_string_1/format-string-1.c
new file mode 100755
index 0000000..4890517
--- /dev/null
+++ b/format_string_1/format-string-1.c
@@ -0,0 +1,44 @@
+#include <stdio.h>
+
+
+int main() {
+  char buf[1024];
+  char secret1[64];
+  char flag[64];
+  char secret2[64];
+
+  // Read in first secret menu item
+  FILE *fd = fopen("secret-menu-item-1.txt", "r");
+  if (fd == NULL){
+    printf("'secret-menu-item-1.txt' file not found, aborting.\n");
+    return 1;
+  }
+  fgets(secret1, 64, fd);
+  // Read in the flag
+  fd = fopen("flag.txt", "r");
+  if (fd == NULL){
+    printf("'flag.txt' file not found, aborting.\n");
+    return 1;
+  }
+  fgets(flag, 64, fd);
+  // Read in second secret menu item
+  fd = fopen("secret-menu-item-2.txt", "r");
+  if (fd == NULL){
+    printf("'secret-menu-item-2.txt' file not found, aborting.\n");
+    return 1;
+  }
+  fgets(secret2, 64, fd);
+
+  printf("Give me your order and I'll read it back to you:\n");
+  fflush(stdout);
+  scanf("%1024s", buf);
+  printf("Here's your order: ");
+  printf(buf);
+  printf("\n");
+  fflush(stdout);
+
+  printf("Bye!\n");
+  fflush(stdout);
+
+  return 0;
+}
diff --git a/format_string_1/format-string-1_patched b/format_string_1/format-string-1_patched
new file mode 100755
index 0000000..25e6624
Binary files /dev/null and b/format_string_1/format-string-1_patched differ
diff --git a/format_string_1/secret-menu-item-1.txt b/format_string_1/secret-menu-item-1.txt
new file mode 100644
index 0000000..b4483bc
--- /dev/null
+++ b/format_string_1/secret-menu-item-1.txt
@@ -0,0 +1 @@
+secret1
diff --git a/format_string_1/secret-menu-item-2.txt b/format_string_1/secret-menu-item-2.txt
new file mode 100644
index 0000000..1e88ca5
--- /dev/null
+++ b/format_string_1/secret-menu-item-2.txt
@@ -0,0 +1 @@
+secret2
diff --git a/format_string_1/sol.py b/format_string_1/sol.py
new file mode 100755
index 0000000..7bebc3a
--- /dev/null
+++ b/format_string_1/sol.py
@@ -0,0 +1,30 @@
+#!/usr/bin/env python3
+
+from pwn import *
+
+exe = ELF("./format-string-1_patched")
+
+context.binary = exe
+
+
+def conn():
+    if args.LOCAL:
+        r = process([exe.path])
+        if args.DEBUG:
+            gdb.attach(r)
+    else:
+        r = remote("addr", 1337)
+
+    return r
+
+
+def main():
+    r = conn()
+
+    # good luck pwning :)
+
+    r.interactive()
+
+
+if __name__ == "__main__":
+    main()