rune_decoder is a SUID binary that decodes "rune files" (binary format). Analyze with strings and ltrace :
SSH as admin with same password.
attr('application') a % endwith % uid=33(www-data) gid=33(www-data) groups=33(www-data)
Root flag acquired. 🏴☠️ | Phase | Technique | |-------|------------| | Web | Base64 rune encoding, token reuse, SSTI (Jinja2) | | Shell | Python reverse shell, PostgreSQL access | | Priv Esc | Custom binary analysis, XOR encryption bypass, sudo abuse | 🧙 Final Rune Reading Dark Runes is a love letter to CTF players who enjoy creative encoding, sneaky template injection, and low-level binary trickery. It rewards patience and curiosity—traits of a true digital rune mage.
