Part 6/12:

The attacker leverages a timing-based approach by:

1. Creating a malicious filesystem image with setuid binaries, such as a root-privileged shell.

2. Mounting this filesystem on the target system with the standard mount command, which, depending on options, can ignore no setuid flags temporarily.

3. Using a loop, that effectively keeps the filesystem mounted and busy, preventing it from being unmounted.

4. Replacing or injecting malicious setuid binaries into this mounted filesystem while it remains active.

5. Executing the binary during the window where the filesystem is mounted with elevated privileges.