Level: https://exploit-exercises.com/nebula/level03/

Check the home directory of flag03 and take note of the files there.

There is a crontab that is called every couple of minutes.

To do this level, log in as the level03 account with the password level03. Files for this level can be found in /home/flag03.

writeable.sh executes bash -x for every file in writeable.d
writeable.d is world writeable so place our own file.

Wait for a bit than run cat /home/flag03/flag to make sure getflag ran.

You have successfully executed getflag on a target account.