Just after finishing level01 i started level02
In this level the program will read the content from the Environmental Variable and will pass as an argument to /bin/echo.
So here we have an issue by giving /bin/bash or /bin/sh it will only get displayed and we cannot make a symlink with /bin/echo as it is already existing. So we will assign env USER with /bin/bash;exec\ echo . In the previous level, we had set a echo symlink with a /bin/bash. So all we need to set is to add /tmp to the $PATH and then execute the flag02 file.
level02$ USER=ls\;exec\ echo
about to call system ("/bin/echo /bin/bash;exec echo is cool")
You have successfully executed getflag on targeted account