You have a low-privilege shell as 'hacker'. The root flag is at /root/flag.txt. Find and exploit the misconfiguration that lets you escalate.
