You have root on a compromised host. Plant a cron-based backdoor that survives a cleanup sweep, then trigger the cleanup to unlock the flag.
