Access level

ssh -p 2220

Level goal

Read the password stored in a file called “-” located in the home directory.


Approaching this challenge, the common reflex would be to simply:

bandit1@bandit:~$ cat -

Wow! Why do my cat command doesn’t terminate and when I’m typing its just repeating it ?

As we will often see in Bandit wargames, answer will be found in the man page.

CAT(1)                                                                    User Commands

       cat - concatenate files and print on the standard output

       cat [OPTION]... [FILE]...

       Concatenate FILE(s) to standard output.

       With no FILE, or when FILE is -, read standard input.

This means cat will display what you’re typing on your keyboard and submitting. (more info on IO Redirection)

Knowing this, we have to find a way to provide our file “-” without it being interpreted by the shell.

The trick is to prefix it with “./”. When the shell will encounter “./-” the block will be considered as a PATH and directly passed to cat without being modified.

bandit1@bandit:~$ cat ./-