Clarification on --now Behavior in systemctl SUID Exploit

[danilo-dellorco]

After the malicious service has been linked, it is started using --now during enabling (./systemctl enable --now $TF). However, in some cases, --now does not immediately start the service, requiring a manual start with:

./systemctl start $TF

While this is a trivial issue, explicitly mentioning it in the GTFOBins entry would make the exploit steps clearer and avoid confusion.