Level Goal

After all this git stuff its time for another escape. Good luck!

Solution

after logging into the remote server as user bandit32 i was presented with a shell that converts everything i type to uppercase then try to execute it by sh(1).

now the fun thing is that i found that i can do shell variable expansion. so i used the special $0 variable that expands to the name of the current shell or shell script.

i was able to get a shell, dump the next level’s password and we are done!.