Walkthrough of HackTheBox Interpreter machine — from Mirth Connect pre-auth XStream deserialization RCE to root via Flask eval() code injection