It reads a file, XOR-decrypts it with a hardcoded key, then executes the output as a shell command if it starts with RUNECMD: . Create a malicious rune file:
Try re-creating the rune_decoder binary and see if you can find a different way to escalate without touching the root flag. htb dark runes
sudo /usr/local/bin/rune_decoder /var/runes/evil.rune Now read /root/root.txt directly. It reads a file, XOR-decrypts it with a
Dark Runes isn't just a box—it’s a story. You stumble upon an ancient, arcane web server that speaks in cryptic symbols. Your mission? Decode the runes, bypass forbidden gates, and summon the root flag. Every quest begins with a whisper. You scan the target: Dark Runes isn't just a box—it’s a story
Land in /var/www/darkrunes . Find config.py with PostgreSQL creds: db_user: rune_walker , db_pass: s3cr3t_run3s . Access DB:
Machine Difficulty: Medium Category: Web, Cryptography, Binary Exploitation, Linux
