Another file-write to code execution escalation strategy to be aware of. Similar to others we’ve covered it requires control over the file being written (duh) and partial control over the contents; the start of atleast one line is sufficient.

With control over the start of one line you can target Python’s site-specific configuration hooks. Effectively what you want to do is inject a .pth file into ` ~/.local/lib/pythonX.Y/site-packages/ where pythonX.Y is the particular python version in use. Any line that starts with import ` or import\twill be executed as python.