john --show hash.txt
The application may improperly sanitize user input when generating documents, allowing for script execution on the server. htb dark runes
SSH as admin with same password.
If everything goes correctly, you should now have a root shell and be able to retrieve the root flag. john --show hash
Move to /var/runes/evil.rune and run:
After confirming the vulnerability, sqlmap can help you create a new user and password. For simplicity, let's assume you create a new user and retrieve their hashed credentials. htb dark runes