piCube and Injust noticed referer-manipulation and are ONLY who reach lvl6. Injust provided complete decrypted code first. biCube posted md5-hash in IRC first. But like old hackathons it only count who post the FULL solution. We (me and injust) gave advice to piCube so to not post hashs from the hackathon public before its not solved fully.

Explaining Level 5:
Level 5 check your HTTP-Header. the lvl5 look for your "HTTP-REFERER". this is php object from SERVER-Data array what your client send in the http-packet. So now my lvl5-site look for your referer information. In example when you look many otherside check your referer data for marketing, log, statistics, .... Also advertisin-company (web advertisement banners, links,...) check the referer.. Now you must "fake" the referer and write data into this element. Here its the URL of NSA-website. you can in example make this with "curl". This is a commandline tool you can write
now curl loads the data from http://www.thesiteyouwantTHEDATAFRom.com/ and when this site check the referer in your client information then it gets http://www.thesiteyouCOMEFROM.com. So the site think you COME FROM http://www.thesiteyouCOMEFROM.com. And in level5 the site let you then enter level 6 automatical.

other option: you can also use browser-plugins for header-manipulation and modification. this exist for many web-browser. i.e. mozilla firefox, google chrome you can google and you find lot of web-debug addons. So you can change the http-referer also here.