Land in /var/www/darkrunes . Find config.py with PostgreSQL creds: db_user: rune_walker , db_pass: s3cr3t_run3s . Access DB:
psql -U rune_walker -h localhost darkrunes -W Dump tables → users table has a row for admin with a (bcrypt). Crack with John or hashcat → admin:darkrun3s2023! htb dark runes
rune_decoder is a SUID binary that decodes "rune files" (binary format). Analyze with strings and ltrace : Land in /var/www/darkrunes