overthewire.bandit.lvl[32-33]
Level Goal
After all this git stuff its time for another escape. Good luck!
Solution
after logging into the remote server as user bandit32 i was presented with a shell that converts everything i type to uppercase then try to execute it by sh(1).
now the fun thing is that i found that i can do shell variable expansion. so i used the special $0 variable that expands to the name of the current shell or shell script.

i was able to get a shell, dump the next level’s password and we are done!.