The password for the next level is stored in a file called - located in the home directory
Since the file is named
-, if you do a simple cat, the terminal will think it should wait for an argument:
bandit1@melinda:~$ cat −
A workaround is to use an absolute path when giving the file name
bandit1@melinda:~$ cat ./− CV1DtqXWVFXTvM2F0k09SHz0YwRINYA9
We can see how this can be a real vulnerability. Just imagine if you had a file named -rf. You could do a rm * which would lead to a rm -rf.