Cronjob
A root cronjob has been identified manually and automatically although PSPY was unable to capture the execution flow
It conducts an archiving operation of the /home/andre/backup directory using tar
The tar operation itself uses the wildcard bit (*), which is inherently vulnerable
andre@cmess:~$ ll /home/andre/backup
total 12
drwxr-x--- 2 andre andre 4096 Feb 9 2020 ./
drwxr-x--- 4 andre andre 4096 Feb 9 2020 ../
-rwxr-x--- 1 andre andre 51 Feb 9 2020 note*The directory is only accessible to the andre user.
I am able to access it now that I have compromised the andre account