cronjob
I have observed the execution of a root cronjob process via PSPY, which appears to be executing a Bash script located at /home/hack/id.sh
tomcat@ubuntu:/home/jack$ cat id.sh
#!/bin/bash
id > test.txtChecking the Bash script itself, it executes the id command and stores the output to the test.txt file
tomcat@ubuntu:/home/jack$ ls -lasht ./id.sh
4.0K -rwxrwxrwx 1 jack jack 26 Aug 14 2019 ./id.shPermission bits are set to READ/WRITE/EXEC for anyone
This would mean that I can modify the Bash script to escalate privileges as it runs as the root account