in a scenario where a shadowed password file has only executable permission for a user, where this user does not have root previledges how can a escalation of preveledge attack be launched in this kind of a situation??