Beyond
This is the beyond page that an additional post enumeration and assessment are conducted as the root account after compromising the target system.
Cron
root@permx:~# crontab -l | grep -v '^#'
*/3 * * * * /root/reset.sh/root/reset.sh
/root/reset.sh
root@permx:~# cat reset.sh
#!/bin/bash
/usr/bin/cp /root/backup/passwd /etc/passwd
/usr/bin/cp /root/backup/shadow /etc/shadow
/usr/bin/cp /root/backup/sudoers /etc/sudoers
/usr/bin/cp /root/backup/crontab /etc/crontab
/usr/bin/setfacl -b /root/root.txt /etc/passwd /etc/shadow /etc/crontab /etc/sudoers
/usr/bin/find /home/mtz -type l ! -name "user.txt" -mmin -3 -exec rm {} \;