I was thinking of posting the solution, but instead I'm going to give a few more hints....

Many of you are doing everything right, except on the first line....

you must make the server think the form came from www.hulla-balloo.com/hack/level5/index.php and you must make it through a GET request instead of a POST one.

So, the first line you input on telnet would be GET .......... HTTP/1.1

and the third line: Referer: http://www.hulla-balloo.com/hack/level5/index.php

With this you already made it process the form as a GET request and make it think it has came from www.hulla-balloo.com/hack/level5/index.php

So, if the protection from the referer is gone, and if it is being passed has a get request....

Hummmm, it sounds a lot like level4 isn't it?!

I can't give anyhints without posting the full answer, any doubts PM me....