Bandit - Going to Level 2

Goal

The password for the next level is stored in a file called - located in the home directory

Getting the information

Since the file is named -, if you do a simple cat, the terminal will think it should wait for an argument:

bandit1@melinda:~$ cat −

A workaround is to use an absolute path when giving the file name

bandit1@melinda:~$ cat ./−
CV1DtqXWVFXTvM2F0k09SHz0YwRINYA9

Thoughts

We can see how this can be a real vulnerability. Just imagine if you had a file named -rf. You could do a rm * which would lead to a rm -rf.