✅ RCE achieved. Get a reverse shell:
May your shell never drop, and your hashes always crack. 🔥 htb dark runes
Dark Runes isn't just a box—it’s a story. You stumble upon an ancient, arcane web server that speaks in cryptic symbols. Your mission? Decode the runes, bypass forbidden gates, and summon the root flag. Every quest begins with a whisper. You scan the target: ✅ RCE achieved
Land in /var/www/darkrunes . Find config.py with PostgreSQL creds: db_user: rune_walker , db_pass: s3cr3t_run3s . Access DB: You stumble upon an ancient, arcane web server
SSH as admin with same password.
rune_decoder is a SUID binary that decodes "rune files" (binary format). Analyze with strings and ltrace :
Try re-creating the rune_decoder binary and see if you can find a different way to escalate without touching the root flag.