From 4beb92b9a1a27bf845fe6a232c2772a842c5eb70 Mon Sep 17 00:00:00 2001 From: Aleff Date: Tue, 31 Oct 2023 17:04:34 +0100 Subject: [PATCH 1/5] Auto-Check Cisco IOS XE Backdoor based on CVE-2023-20198 and CVE-2023-20273 --- .../payload.txt | 124 ++++++++++++++++++ 1 file changed, 124 insertions(+) create mode 100644 payloads/library/Incident_Response/Auto-Check_Cisco_IOS_XE_Backdoor_based_on_CVE-2023-20198_and_CVE/payload.txt diff --git a/payloads/library/Incident_Response/Auto-Check_Cisco_IOS_XE_Backdoor_based_on_CVE-2023-20198_and_CVE/payload.txt b/payloads/library/Incident_Response/Auto-Check_Cisco_IOS_XE_Backdoor_based_on_CVE-2023-20198_and_CVE/payload.txt new file mode 100644 index 000000000..41bfc599d --- /dev/null +++ b/payloads/library/Incident_Response/Auto-Check_Cisco_IOS_XE_Backdoor_based_on_CVE-2023-20198_and_CVE/payload.txt @@ -0,0 +1,124 @@ +* REM ############################################################################################# +* REM # # +* REM # Title : Auto-Check Cisco IOS XE Backdoor based on CVE-2023-20198 and CVE-2023-20273 # +* REM # Author : Aleff # +* REM # Version : 1.0 # +* REM # Category : incident-response # +* REM # Target : Cisco IOS XE # +* REM # # +* REM ############################################################################################# + + +QUACK DELAY 3000 +QUACK CTRL-ALT t +QUACK DELAY 1000 + + +QUACK STRING echo 'while true; do +QUACK ENTER +QUACK DELAY 500 + +QUACK STRING response=$(curl -k -H "Authorization: 0ff4fbf0ecffa77ce8d3852a29263e263838e9bb" -X POST https://systemip/webui/logoutconfirm.html?logon_hash=1) +QUACK ENTER +QUACK DELAY 500 + +QUACK STRING if [[ $response =~ ^[0-9a-zA-Z]+$ ]]; then +QUACK ENTER +QUACK DELAY 500 + +QUACK STRING if [ $? -eq 0]; then +QUACK ENTER +QUACK DELAY 500 + +QUACK STRING # Attack detected, here you decide what to do in this moment +QUACK ENTER +QUACK DELAY 500 + +QUACK STRING # 1. Send an email to sec-team +QUACK ENTER +QUACK DELAY 500 + +QUACK STRING # 2. Do some other ops +QUACK ENTER +QUACK DELAY 500 + +QUACK STRING # ... +QUACK ENTER +QUACK DELAY 500 + +QUACK STRING # 3. What do you want to do? +QUACK ENTER +QUACK DELAY 500 + +QUACK STRING # Can you reboot the system or you need to do something else before? +QUACK ENTER +QUACK DELAY 500 + +QUACK STRING # Do you want to close it? +QUACK ENTER +QUACK DELAY 500 + +QUACK STRING # ... +QUACK ENTER +QUACK DELAY 500 + +QUACK STRING # The only one way to close the backdoor is reboot the system, so don t change it (?)... +QUACK ENTER +QUACK DELAY 500 + +QUACK STRING # |-> See the Conseguence section in README +QUACK ENTER +QUACK DELAY 500 + +QUACK STRING reboot +QUACK ENTER +QUACK DELAY 500 + +QUACK STRING else +QUACK ENTER +QUACK DELAY 500 + +QUACK STRING # You are safe :-) +QUACK ENTER +QUACK DELAY 500 + +QUACK STRING fi +QUACK ENTER +QUACK DELAY 500 + +QUACK STRING fi +QUACK ENTER +QUACK DELAY 500 + +QUACK STRING sleep 300 # wait time +QUACK ENTER +QUACK DELAY 500 + + +* REM Set the script name replacing #SCRIPT-NAME, the default name is auto-check.sh but you can change it here since is used the DuckyScript variable #SCRIPT-NAME. +* REM Here you chould define the script path replacing #PATH-TO-SCRIPT, if you don't change it is selected the default path, so the home path. If, for istance, you have a specific path where you put some stuff like this you can edit thi DuckyScript variable with the correct path +QUACK STRING done' > #PATH-TO-SCRIPT#SCRIPT-NAME +QUACK ENTER +QUACK DELAY 500 + +* REM To avoid some bad DELAY I decided to use only one command row + +* REM Old script +* REM STRINGLN sudo chmod +x #SCRIPT-NAME +* REM DELAY 500 +* REM STRINGLN #SUDO-PSWD +* REM DELAY 3000 +* REM STRINGLN sh #PATH-TO-SCRIPT#SCRIPT-NAME $ +* REM STRINGLN exit + +* REM Optimized script + +* REM Set the script name replacing #SCRIPT-NAME, the default name is auto-check.sh but you can change it here since is used the DuckyScript variable #SCRIPT-NAME. +* REM Here you chould define the script path replacing #PATH-TO-SCRIPT, if you don't change it is selected the default path, so the home path. If, for istance, you have a specific path where you put some stuff like this you can edit thi DuckyScript variable with the correct path +QUACK STRING sudo chmod +x #SCRIPT-NAME; sh #PATH-TO-SCRIPT#SCRIPT-NAME $; exit +QUACK ENTER +QUACK DELAY 500 + +* REM Here you must set your sudo password that permit to give the executable permissions to the file +QUACK STRING #SUDO-PSWD +QUACK ENTER From e9149f08d6eafc5dbd1f31160c1033b0e9af0198 Mon Sep 17 00:00:00 2001 From: aleff-github Date: Tue, 31 Oct 2023 17:05:15 +0100 Subject: [PATCH 2/5] README --- .../README.md | 142 ++++++++++++++++++ .../assets/1.png | Bin 0 -> 32942 bytes .../script.sh | 26 ++++ 3 files changed, 168 insertions(+) create mode 100644 payloads/library/incident_response/Auto-Check_Cisco_IOS_XE_Backdoor_based_on_CVE-2023-20198_and_CVE/README.md create mode 100644 payloads/library/incident_response/Auto-Check_Cisco_IOS_XE_Backdoor_based_on_CVE-2023-20198_and_CVE/assets/1.png create mode 100644 payloads/library/incident_response/Auto-Check_Cisco_IOS_XE_Backdoor_based_on_CVE-2023-20198_and_CVE/script.sh diff --git a/payloads/library/incident_response/Auto-Check_Cisco_IOS_XE_Backdoor_based_on_CVE-2023-20198_and_CVE/README.md b/payloads/library/incident_response/Auto-Check_Cisco_IOS_XE_Backdoor_based_on_CVE-2023-20198_and_CVE/README.md new file mode 100644 index 000000000..d7349d501 --- /dev/null +++ b/payloads/library/incident_response/Auto-Check_Cisco_IOS_XE_Backdoor_based_on_CVE-2023-20198_and_CVE/README.md @@ -0,0 +1,142 @@ +# Auto-Check Cisco IOS XE Backdoor based on CVE-2023-20198 and CVE-2023-20273 + +Use this script to set up an automated integrity verification system for your Cisco IOS XE machine in relation to the attack that could create a backdoor on Cisco IOS XE systems vulnerable to CVE-2023-20198 and CVE-2023-20273. + +**Category**: incident-response + +![](/assets/1.png) + +## Index + +- [Auto-Check Cisco IOS XE Backdoor based on CVE-2023-20198 and CVE-2023-20273](#auto-check-cisco-ios-xe-backdoor-based-on-cve-2023-20198-and-cve-2023-20273) + - [Payload Description](#payload-description) + - [Settings](#settings) + - [Regex](#regex) + - [Conseguence](#conseguence) + - [Administrator Permissions](#administrator-permissions) + - [Sources](#sources) + - [Credits](#credits) + +## Payload Description + +This script can be used to set up a Shell script that allows users of Cisco IOS XE-based systems to periodically check for potential attacks using the recent 0-day vulnerabilities CVE-2023-20198 and CVE-2023-20273. + +As of now, patches for these vulnerabilities have not been developed or made available to users. According to analyses conducted by the Fox-IT[[4](#sources)] and VulnCheck[[5](#sources)] teams, it appears that several tens of thousands of devices have already been attacked using these two vulnerabilities. + +*Note: Patches for these issues were released over the weekend and are now available to customers via the Cisco software download. [[3](#sources)]* + +The severity of these attacks has increased significantly in recent times as cybercriminals have improved their malware's ability to camouflage within the system. Consequently, detecting intrusions has become more challenging. + +In response to this, Cisco has released a basic method for users to assess their system's integrity. This involves running a curl command with specific parameters from a Shell on which the Cisco IOS XE system is installed. If the response includes a hexadecimal string (e.g., 0123456789abcdef01), it implies that the machine may have been compromised through the mentioned vulnerabilities. + +An immediate solution to the problem is to reboot the system, which would close the backdoor. However, this doesn't mitigate the vulnerabilities in the long term, as the machine remains just as susceptible after the reboot and also why the attacker's super user is not removed. This means that rebooting the system is an immediate measure to block the threat but doesn't provide a lasting mitigation of the threat. + +The payload.txt file contains DuckyScript code that enables you to create a Shell script that periodically performs the Cisco-suggested verification to determine if the machine has been attacked. The script defines three variables: the script name, the superuser (sudo) password, and the file path. The only variable that must be modified is the sudo password because it varies from user to user. The other two variables can be changed but aren't strictly necessary for the payload's functionality. They represent the desired script name and the default path (the current folder). + +To minimize downtime, the Hak5 Detect Ready extension has been used. When the Shell is opened, the payload executes a series of commands that involve writing the contents of a file, allowing the creation of a script on the machine that will be automatically executed by the operating system. + +Once the file is created, it's automatically saved at the end of the execution, and the payload proceeds to enable execution permissions using the permissions granted by the sudo+chmod command. + +--- + +To maintain code readability, I chose to keep a less efficient but more straightforward version as follows: + +``` +* REM Old script +* REM STRINGLN sudo chmod +x #SCRIPT-NAME +* REM DELAY 500 +* REM STRINGLN #SUDO-PSWD +* REM DELAY 3000 +* REM STRINGLN sh #PATH-TO-SCRIPT#SCRIPT-NAME $ +* REM STRINGLN exit +``` + +This coding style is not optimized since the `DELAY 3000` can vary significantly from one machine to another, making it inherently imprecise. + +In order to optimize this code, I prefer the following version, which eliminates the previous waiting and includes only a short delay before entering the sudo password: + +``` +* REM Optimized script + +* REM Set the script name replacing #SCRIPT-NAME, the default name is auto-check.sh but you can change it here since is used the DuckyScript variable #SCRIPT-NAME. +* REM Here you chould define the script path replacing #PATH-TO-SCRIPT, if you don't change it is selected the default path, so the home path. If, for istance, you have a specific path where you put some stuff like this you can edit thi DuckyScript variable with the correct path +QUACK STRING sudo chmod +x #SCRIPT-NAME; sh #PATH-TO-SCRIPT#SCRIPT-NAME $; exit +QUACK ENTER +QUACK DELAY 500 + +* REM Here you must set your sudo password that permit to give the executable permissions to the file +QUACK STRING #SUDO-PSWD +QUACK ENTER +``` + +This command concatenates the assignment of execution permissions to the script and proceeds to set up the script for automatic execution every 5 minutes. The Shell is then closed after this operation. + +As for the payload of the `curl` command, it has been copied and pasted from the official Cisco source [1]. + +## Settings + +This payload is designed to operate without requiring the installation of third-party software and focuses on performing operations as quickly as possible, as time is a critical factor, as described in the [Consequences](#conseguence) section. The script operates in cycles, with one iteration every 300 seconds, but it is easily adaptable: simply modify the value `sleep 300 # wait time` in the `payload.txt` file to suit your preferences. However, it's important to note that completely removing this entry could generate a high volume of cURL requests, potentially causing issues. + +It's crucial to keep in mind that system reboot doesn't fully resolve the problem. Even if the malware is removed, the high-privilege account created by attackers persists even after system reboot. + +### Regex + +The verification through the execution of the `curl` command involves examining the response of a POST request. If a hexadecimal string is detected within this response, it suggests that the machine may have been compromised using the vulnerabilities in question. + +To ensure that the response indeed contains a hexadecimal string, you can use the regular expression (regex) `^[0-9a-zA-Z]+$`. This regex checks for the following criteria: + +- `^` The string must start with... +- `[0-9A-Z-a-z]` ... a character that can be a digit from 0 to 9, an uppercase letter from A to Z, or a lowercase letter from a to z; +- `+` There must be at least one of the characters specified within the square brackets... +- `$` ... and the string must end with one of these characters. + +Only if the response from the "curl" command contains characters other than hexadecimal ones or no characters at all, the regex will not find any matches, indicating that the machine under scrutiny has not been attacked up to that point. + +### Conseguence + +When an attack is detected, various actions can be taken. However, it's crucial to keep in mind that the more complex the programmed actions are, the longer the backdoor remains open. + +It's important to note that the script, by default, has an approximately 5-minute check interval (300 seconds by default) during which no checks occur. Consequently, the accumulation of time required for various operations following the detection of an attack can increase the exposure time. Therefore, it's essential to carefully consider the actions to implement because adding complexity could negatively impact overall security. + +In this scenario, sending a notification at the time of attack detection is suggested. You can customize the code to send an email or create a historical log file containing relevant information. However, it's essential to understand that the only way to definitively close the backdoor is by restarting the system. It's worth noting that a forced restart can carry risks, such as data loss or, in this specific case, the interruption of active connections. The decision to terminate a connection to close the backdoor or keep it open depends on the trade-off between security and operational continuity. + +In conclusion, two key factors to consider are response times and the potential risk of data loss. As in any security analysis, the optimal solution depends on what you want to protect and the risks you are willing to accept. + +### Administrator Permissions + +Administrator privileges are not required to execute the script itself, but they are necessary to ensure that the file containing the script has the required permissions for execution. This type of permission granting is done using the command-line tool `chmod`, which is used to assign specific permissions to the script. + +In this specific case, we are using the `-x` parameter, which signifies the execution permission for the script. + +## Sources + +- [1] Cisco comunication: https://blog.talosintelligence.com/active-exploitation-of-cisco-ios-xe-software/ +- [2] Red Hot Cyber post: https://www.redhotcyber.com/post/37-000-dispositivi-cisco-contengono-backdoor-attenzione-in-quanto-il-malware-ora-risulta-piu-difficile-da-rilevare/ +- [3] Patch: https://sec.cloudapps.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-iosxe-webui-privesc-j22SaA4z +- [4] Fox-IT comunication: https://twitter.com/foxit/status/1716472673876730149 +- [5] VulnCheck comunication: https://twitter.com/VulnCheckAI/status/1716541908489543725 + + +--- + +## Credits + +

Aleff

+
+ + + + + +
+ + + +
Github +
+ + + +
Linkedin +
+
\ No newline at end of file diff --git a/payloads/library/incident_response/Auto-Check_Cisco_IOS_XE_Backdoor_based_on_CVE-2023-20198_and_CVE/assets/1.png b/payloads/library/incident_response/Auto-Check_Cisco_IOS_XE_Backdoor_based_on_CVE-2023-20198_and_CVE/assets/1.png new file mode 100644 index 0000000000000000000000000000000000000000..14ff8feee30fe284907de21b2346a0840c7a8ff9 GIT binary patch literal 32942 zcmeFYWlUvF^XSVA?(PnQ``|wK;O-8CyE_c-Hn_X%#@*eWJ-EBOY~b)b@B2^AN$!Vx zbHAQS_Fm~qrB_m`dadrNUxh2kNg%@E!GVE+Axi!fRRRM87XbtNVhjWIsrk5_x%#|( zaZ-{H2CJSTIQ|?!m*P(SVhKZoBa`KJ(BjCiN4MZX!dqX;xfnJy9 zmEm{=G|3u9Ou$KHz+(u2juuFr|658$g+A9vOhxqWe1pNhXWhY#VDi;R&`uxN>0~#4 zHUV-oGpkE%u6u_g`&YmdR9~1-|B-khLuS!`1uDE31 zuM33!f4G2FX3YnS@w^B(U&T0tN954xGHtwt2qi2xqi^pry1=jbj{p^!)L7m5uNER+ zWI;cgO_;0T=^@3r5>d}NUs%3rCLw5x2kpe?z`Sfahy4SWmN#2EhLJ6(n&8+E6KmoW z$)=RKAG#A<-iZDshbB7{2im~UJA)9$NDkx1dWJq^rk>x#)(Uy~%#HXFxYb>AZqC2{ zLZK(y^ui(slSrq2^fcBkudBHNGpVa3JToz?LBk0o@BK71Itv>X7Q_fc;6AJGj51#P|m}{BefX_j;j{Yw6n2bBvA-ZwK<;w&~r0CW_RV zS*U}#WtW{R_=nf*5NR`6w0JnAUBI&RGY{oO%(|&=aaJmIm4y0@Q@wVJFXJFIexGyy z<@b&$f`OIpm%R9*yM5;^E<=3RNz33&z0)h{$DteV0!iX1y%S2Gz`4n*=oVjZtP{!l zboAT!A3B=rBI(P*otj)8CJZl<^@Uk7#0dB0`nd7Eq}1C$BGbkaZL zMoM7CbDL?4&9%rD<=5s2RyRcLp-p`=&%E2{^bE)k!Da@jYy}MP4R2OV-bkRBWXf28 z-CwRdb23OxO#Fh=5&hbeE7mBe zxk*`lB55g)J=EWx+Z#6&>p@~rz6;26h>c*0-F-3CIb`@UBpp@`B#uPZ8H)E0l=y-x*Y0{%8bzMr~b>~l8utqTZl$@?7_G;kPF1z73`1y9`; zK_>nUpWKtOsg8|*ErL9zS)WUBFFBzy5Q5@H+D!FyiZRSP#^OS7O-e3I1Q)l_iXz>7 zHh#XGuU%30`C;mY`K`Qlwk59hH`W%ErPWiz{k)Dv4ilz>UK9!-;`!A&abj z1&3pw6QSxEiZ|r3N5{^hRmt?I&YG@R%`3vDo@%#7WK=bRVa9mF5i~~zJtcP<%|iPX z?VcdW+YxhxKPzxb&@#oBpoC~31j_A7J20nKUaR=0_ji@sIz*nS1gt{HYstm*i;>e- zym>Q9CtHXEIb&wKjUOuBEwEGT2mR7o*(U>3$W?)}6_ae=)c22T&*+DYNi)R>Id04)f2g`V>jrE#PCqY1D_#ldTJb9I?{mz-I)mjKaxN8w8I5}$;i>i6V}RJMu-~hrIk~r?_YoFNyk4Z&{z@wJ0v8k%F`eIP z&v+b&%O6UG4-+1M{O0f4@3yU5pL3CjDm2G2pL)boI93pMp=^Ywh# z2;-6}Zs7bxH&>W_GNb*kOMpl?$y3W${ORX{-!|lv`fuj?s931Y_L93)l8G7zh#_ZC z1=;%yI$=Hy-7cI{c}Q&!iPLDPxPM4}(tD2<;3nqk7^&b~G-G!s1eH@1Oz$i1F|-e> z=kmCXa5xzMMoK&ovWQwBmLZL$zzwNlGmw*}flcrqfhUYbySQ&_Gdk}xX4iJ)SapjnsyBX=ov2sgA2OiOO^CP z^|->qzO&X7&z8=SXF4q2tG&{=Z-j*;k+1c(zRrsg?eN<-+!`fMvaHTPmF)W=eOs9Eco#ccg}V{hgV zO=H8cjPiAn-S*HlZ$8BF<2yE%vmq>EkrC)uANZ~Kp+V_%O zp>*gTu+^rrniYwsq@QsGp`Gy;%pjI=9ryzwj}tj)y;dDEYtelVbsLVNe|j4}exG7E z&HR-!h;92Q7iU^{F6k~;(>uLO-879Kz_UVZnY7b3ta{eBw26-$V>8?FYP8Me&ZtcP z(?wPvFriTL=v;}}z7);-*!Rskr9&I2S03vR)D&5>n-Er3R%Xj0p5{&C241|f^rl2eq(&P>&AbP3h`n& zXL9X+7QHTDi1#gf$^ZHmpzO`Fq)<;w{kT^S43D3BfE4t%khHR3B$XXn`|fs5x6rYuAyZI)2@gNK8JnrK9-GvTNeESJ&r}#{`lXowGB&! z-ER-2ir1*1n4yhz+5RU%}qQ=&~a1W&6pQjxXXLNd7Gtf0iee%$1ubbOLP@3gn{(=S3u>Vn|p&F zu5Z+NO}7#29Zo&MFgb0X$MYA8bu*%#k+$n~8?`5W5|kE!&rq~j=`7(?%R&?{G7W5; z2-_FhF6tjo;Alr-ym7#vGW;Npj_Y5>oDXeCX(}Uxl5q;w@4`xT+9J@ACN5(o^$=Zs8OYxLIeX7tkZc z%Pv}}ZN0Si`qyoocA85JsY}A`2qdt8l9EL#2lG)970_Oc>MnFa zwDSeNGjVj$D{+6r`6aMy-mZwmXS6MZ|2O6oCaR0#^%}f#dtPeo7@;C&Xqf=iZ5u6U z=vO8T@^HAm@!@_#H9vZIX9^)#17<>z6S`mL=={Ez%1{`^tApwN4=$+>O73L-gPjpl zY_1fKuqvmWcIxD;Ky+e5K~oCX%6V^}lT=>B_(SZ#VB^y+JV9hjDw}SgNh8n%K;!#l zOt<#%2D@M4Ex;qSN+tIZR-!8T*t_zOt2*6=A;1qK^A~ncVKTlvfU;pD4EhN*qH@S7hh`i+jt7& zwv~w)J+D2Q6;#n+2E$9cTCj~K0;L+PP0-a)(l`?$+kbF z^tWNx`SHgY)ACmfufwZ3kA2EYR<8~_5O83_<)Fw~oV8_$%8X4e7NF?=7VJPiVEnrR zB&qsQeH|VDT>&ZoSplW$wb24X%w=;w3m&z_7Z^ihFX`F6EEQ{@D&aPIRZaLYiyJbP z`Z{ifGr5`3&t>h5b{l}kYY6;@A9OzCdfu(qe7#rTH;%gu)*+QatJ|79uJ}xcmu|?Y znB^3L5AvIqwNlQkba&a<> z1fr)E*6g_F18&HiK>ci!98;8jtFobWEHi{2Fx;b{t;gcZlFtEziJ!<9J(DscYv$0Y zqInZ+Eu23T-h=?6ySbXklp%^ETq zRh|iDqPYz6$CVI1Hn9B~D?(!mu#8?c^#|Tn%(oz|^|?{kPn-LuL;X2!n~JUNg=N$3 z2Um*v72b!)8fxYt$lP4k_O~ z6H3OrLmC5je^a#R+9E7n$m!%sNi|L7SfjSoqGx)7{O@hUr+Pu#=6`KCY*lgmVQC1D zfI>gD$Bk~`w}Dfeu#YXqbkj^~GDpE}43vF{Rka4~FB{!=qkU|G+59(g2Xo20K}D%5 ztQd6A%Oa1k6=*upH&(WoLyvYL9O&<2GWC+>HBO!T!$#Qi9|m#-FxIZNq2h0Y&JJH3 zD*o(C*E2WRFx=^T!7oQv$_13+r=wo5O1mO=YwZ*aItcVM0uj2JvGa z#$D~psLRjgUI1Ty0HcVMwDQ%BPEJ26!BW<-ihsL(Q!+aJs(0^1Z>h0dx2LFRlD zL{UASRBC1v+ONvKLK*Vy%;nQ)jq8C>b{S#5ku~|Ev5Gi(g|8gtBbS&7!cDNO% z3I8s3_WDDi)^sqItuT2eh`PE!naxa)wSqcTy2=#L)4H%ea8HTKp9GL-7(JbtsD{sv?$dZl@1ax27%*FmJ^52CQ^)dgn?f(}Bz zix$X=WPTT4Ass!%OK|0B?or~^TH~ks{#YQ+MG%ejQ1Ph2%phFq*7zaDa)ZkZT&H%* z@9A_>jg$$*kC}pbX3+^d9zY|J8>5_+rN8DTjWO-Q@%j zO~9gQE7v3t%iq|oV$1mctk@EDSCU_=dc^MxS$${|QwGi0XLB!qRH%rr>%$wYPx%4A z3k2zuKE1PV5H(|c1YjP=i#FOjDhYy)AMh}tYx)57+CiXB!|(DW2?-A45fFVbeM~@t zCgH1mwavCt0-`VxTYq2*Ar*A+qQaVY z6;5e;N=>P@M|P3!Zr{1maIvPi0z8g>nEq;9 z-r)1&-++~+IKq%Tzd-Yr$(as#V@;=?9>*hr@9ex!=D{bJMq5q`s`YFPT*nv41sHc^ zMY!7_Znq$lEgr=Ah#zOwu0w|2mfykrN=q?Pxf*{D7E$1o^%}(IF%q@tH3UpuMsV{y ziuKEfvgpd*P6TzZxb5*kB%VenZaO2|EKzHopGWx!EC4%KXr?UnW>Hjxr+s7em8 zdG0JRJYmc|T{upq-}6xufWOYLf{G3L7365Bgx`SMgfQG6S#a)--SV8(yS?bdlCNzu zx$&WrXgD4*@U?dOQGniByR?%V=Mh5WVWAJHF;tqEy2$b@V}ZJ43`Xdb6miU#H40}Q z@>yz%9_F52|Fiz(!?@mLh)z1z}^9@uw^^q~AV&nd_8$z7#5Z#FN>^doNf;nhQi<_ESan~kw1|tXs z>FR?8w>N-bmA~#Uv=Iwxe%LLNk>w*!&$YsK&ZE2@+%P!|XG%3YEgvL|;!8j95jQ;Q z@aHg+0{Ck=X8n&A8^1)Y={B~2V~3awJ0GhxLbq{@M6lvF98szvsC3FI6qVid4#>%+ z2Qb7>UPaG;?y9d`JkGC*^J^W0el{aHpf0;nOL_17Bp zTZk^1XGIt*J{e8!v7|O@r!Nj{Q^8CpK?fK8RWV$`KerU$DdeyabGD>G(qRe?p}l~? z+l6YHUbtH?`oZUG8nMIUlCp^OhL_TFA1K{;>dI-2$&nc$I=NKN%QXth-c}Wr+neQz zxcWUlpbxnD!$vo&?rXhKf@mq0Jrt6pRr%B2@mffSNmZX~dM-fboCs->;CC^5dckgD zbPK4CnV=mM^_;Peazy89N~&_U=z5b!tXFSl{CG$_Gu;Qzm=4t%PJOB)`j+S|L7WbA zuM>Hlg_l2vOwKaR07JbABPgdE*-7Q&pb5vwe(X)Yn~W*>3@@~E@PD|cM_I+Kf;OTh=c#`hA^m{ zyV|mS5G&&^ZiPh`uouaM7=qF!gt``g?rYPBMasi~+z3&*=gwmvwnSq~p2JNXcDBXM zlrmI&YXE7zT&eB>)|9o>L69|n1YIk^b>LXQB$f*u){vj?YM}=rWY!Q8r(MS%)B8&d zj<(QTqpH1?oh7l$wj%p=AE*4U#e|lc5?f=WRgQYk(yfCGxvCY<5A24wOYqQ*pt5Ko zQfga8*>vd%{CZPciI#b45bCO_mUrR$A_kE(8@`OfYO(OE?V55u|JVqzv=^cBoQ0U9 z9ARIQSs6E0Fc3;(+b23oc%t^w%b+0HLToL^gy@~Rl1w4?=5Z$f#+!&~!!%ft!$J*z zN4jT7fUCS8hq3M}>EDBIX=!wF`s`xpX0ofHkrpc3Z-ls?Ull^yq`}VH>Xleb@^%&_ zjs58K2}!OcFKnY zt(6KpYbI+E3bzds^ta?SJEe)Sm%RI-rBW`cu1GUAT9DpKTBD!)of9GuyZfB+Mn0Mp zgr%}=*xq_^3T@49EqL8-`N?|Do@W|H#$Qauzut;`L(^#8R^N<6l9QxKdPK$>4lhH! zP$?Ai8rf=&tPljG{Vew~nQXh20o4f9%8(*E^Ksw5L>R-DIfA`1eQ8{&u(YxW&WFt2 zb;xC_p!w+3sB^A4kSB89>RtlxO-e8KJ1le1R+)CgwGF2;GgYHDBnZIQiWT-Imem)^;$=Fd8B_cy@w_Z+aYslW+VkV#1vUZht5 zT@xNTkFjd{=SDL4F$TE}jslxS>TPEe=G1-H;4r1c$-ey%i`5&Qc^~>|O6I5OIT-ZC zTx*=j##6q(DdWfBg|7)^LrRa5YYa=#c7_Bw)Avt;B(S3`$Na<4fdaFWB-_(ISvj zSWGvNRyb?!z};K@HO7>YA2w96>1-~u38{w;hFV>9w6)(`u$Y;NY0}g_jT)y;40^clN}8=H zj&_IeFLDfnN{62^-XL6eFMO5NjRlD{>r|-)-ZwO_`SEQR4DG^at{v$%%0?DVi`y?Q z^K5K$by+HtJH^ZnFJhx@f6`3ZWSS(Cxze8}B8yn=W*i$LHzM?@EZ%+!@rsMjJgsoD ziX-Kr`DzaX&z5f0X+~5U$zv?8SL+bDybqKDuIyd;?XrjEdR-+Au&k*itI{S92f=Jn4)w zfL`FYvhVB|bQ^X~aR!7?f??xaU1lA%8jMN%xk8=qeS()hodseWYC9v7!W4_-595tK zsG`fKiVH&ZZx45morqeLQ_|-IicLK}YYH#lR3?o&Q!9%IUXR=FR&PKtTEQ!O%XS?O2XB_07Gp0eF6#1p3DK--GNy0br zU5bB4gNsoZkEfwl&~o2Bq`$&f5eJ#-x`AkABW^ia1MGNX{x80F*q?V9Dx;$212{eP~D#5P0u`kAG*8LR%l;h>Ac`ugqHVH#2nUkHezosu>rW> zrfy+Lp07k@$qS79y-vGpBUFAP$;Jwd{s4fg7u&hP;K#9>W8h_?4&RGfaDz(;-35&D8;KlS|3_d1(7t)Lm`X`G`?IBSF zNI;4D<}<2qO^a=#%PM*G?No_3P0H6ZNqL2{Gf}=RrizNZ$(}lkE0;wi2T!eq*k0u= zx~aC{%8w*7L3Edgg7_!o4l%`RJgD%nxHwI;7&aum!9`SZo-(z7EnSu4{6~%B^EQwV zy{m)1>o&0fsg2eHWWCXfMH`a2xcwF>BYGC$5=Bl#*ctY9{iBDilXLs$7l2ZN*drCD ztB0eMUlG#nRDG?(U*<$)y--62y!?A+2ZZ2yxZUl-PA_@=;@tdf;?}4l!TE5YD4DdH z?&Zu1S(1F~L}b__wN`!%TS|5xin}*CmW;i4Ge@-IWEbMglxu&6WdY#)h`Z&)1(ZB+ zv3m@^y|Tbwwm%-NB5i4Ccf}~dqEXDY!b}H#+fj3+Qe)HD$>O%+8>F!)a)@E4Z`Km! zA`DzQhV{CIUyV*vAEO>1f>rl2m6+s!bJJ&a*UVe<)#*-Xh&=a{r6UjB zJTAnv1C$Yz=Q;$)(G@Z_E~?zH8gVC;_c4+jNouM{p|D4Ep09^Cm-~C}LKrkZ`Xp8* z)|#PQzm5C?rnLz3-_nb#()lc|pfd&f46ixVAb}ilXWDyR;JSB+2+kTpJ`0csvv_zz13VUK^V1&0*GX6zcHGz;Ww(C<0xAk-=;88D|Ljh zl~AxcVN6xMuB-aMyb%QU4N6Hnt)Oj&h6~A9W;uqh`XR?ZdSxW8|0Qll)+{-ST%37;_c)yR zCAtuIeIz|KsV?I3j6x&@vpi^fq|qR;$*v|YWkJm9HM7N2>Td$-HGjcbt%H*JlHC%l z>Z01sd`%{r-NZg!CQ(-5h}UL)!#VvV{J_RTHsn?!6eq_(_ItK!Y4MDvm>E!$PkqkD zgZ_F*!E@PR5Z_<;Z&r42GuC$r=7oC5a=)3b!|y@oy}|8j<^tcY3!dBEuZv;2q|Z|* zl(q^_HG@>jVQLICk%JIubdVF9w`p5hBPWOWzR(n*4@*AaUbtV2lthBZfqPp zh$(;ZkZS*kKdiSPqes%VsV)qTZ6{K1`U z=^X^0L=g{-Ravfcp{G!hY3EFNIa>ibfV+gn@i58M#bD!^Gs>kSvIt$pC672nw;=g5 zeZgA{O7A5?_Bjkf$~q}NGYtSvd>4A0#%-xo==b|jU2Cqy*eo2cMzy|O?-9e4EosW^ z4B?C5_jN5r!gommIn$T$U4-^^SVyz98fF3oYChr$GJVz@PSmTuk_9kYEx{%M$#oM6 zPX>#NJRhh-SFhBbWBKiwCJ^>5k6u!Bh|d)B&AEg>5=>cJWKjR59;TVB7eAjF>8-VOAy1 zEf4oUX~Xc4<^aHS)ta%#2mL~sAfB5dwZYQDj2d)0UE zmh`l60QO#cHK3W&}clKKmi|PW?FE-_a%6y?}n^ z^SL$!A!l19loX^>=BY5GC0m{tWJIWA=kp9?>|0#qvxSC0JjqZKGY7{Qj!8MPtLucj zlCM7d!+9BN_5cHPE-R1Sf!S7mf_|lEU6~ITpnEk5&pU@&C|pFGU(|6JT9;P>LIVRD zG~TpwbNj`*IOtuDRCMVhmBs?CL3Kc z45P9-NoI~GM_9{o{8pK+I3t~kvh|!vmlL1_05lChg}XZumMscyq^s`ptY* zCR%l`Zc1eSBo4zkStl?S|52*HI@msbY^eGbSx?JZrS>{gFp6&B2miKvL&F=9TXn_9 z@VnLHj?%0ePDM?|2;~8FiP#VY{?FGFi%)WfwGDw7AuYBNd{ts&XVQdl6dJNJrKRFT z86Ggc3AgUIT>G4)X%=O!_EmkoSsEVASA+QE$T%=( zZE%+#@l@_W?C@E7My%her$Y?7VbO4pzozVC>(@q%My>-o2W!JosdbzntFtBtluO^f zE`S!j?UjlCfj&gfuiVZ~uj3d-W~p=w)%W(Xx)jG<#bRHW;c^kURlUyQnpumndq!-~ z9{CvyLv!DJbh`qnFbUYI6(UyIO82ybD$e&$D98kH$kij-dg1zqRK2c8d>j5eim9OJ z4`gqmQc^7&w@oc~y}MUA4&qkLwSiN%MTs{;^8#eX!9>i2DV$o9m%F0+-RX&ykOc6t zE%`N$i*iG$Pk?G3(q|J6^S_&h@N_c{9@XikK4w(h^mv{M0^dq$hgy%W1Y$I8WU?3F zD9zlCRi2yhn}3c->|}6Q^;w-bTZh|5{&iBiVUy1JTD!DJNSSreM{z7YG+K9djSr>j z`&%U3Zmm#4Gkzp;B$jz9Nk4sFMkj%>{h`zp4`%w;4Ktuj2i1X|0MLH8_O8I&p-`Tv zoQ^h@Pr>V;pHcU7WPH_iL1LK6@CpVl$t8%ys}6myKsWdEs`ABUVju>asOQ7{J9b4J zHsi+ikBSZyB%2w@MUuWDjw9}4iAg96*C$AFe81kbtQX0C3(`Pn5!0jj9;DcyD{hM5 z#7bGKKh@=*>8?HkoyN4^(YI|Cg1!Hi!M-hc*5UfqsKkTu2VB=Wt2)&B@UMiB>;1S- z7BL~D3Tm<9sC(&hKnJj_!74Xb4{ZHn{5nqL1aKIlW@}#V0*hn!!0CqFmg_b?J@FsK z=)*c$*u)d>(tMV8LSF^~d5k%Y(tselB`*2}c2cW9T~juL-9lg? zoepA&+xJVzLb)j43wO4RD04lDjA2$rOl4VL={hEXRA@>XNUSW#lEuayNLn+{l=K7|&1@3mu!;s+ zrJGR{dr^&TBFV4nns8%)^P7*g*-D6NHJ3fofp^>8=9zpo8&re}H@mSJKkUJYk^R&JG1?Bq~9k6i-MwWhu-^kBI&t%7ml$k6|q-@M;9U z8`B$KQ6-K+Z$_OMq!fHVnk9%Y6qA>PS0RVGRL7!4zElgmByDN0bke$&$C{4E5V85 z?9w02_>mOG?cy6MCx(C6xx1#xUW@EJwgjjA8bykkbg`78q}qiwOT01qf2 z)_jXK4VHssEUir%bUOSus+|{Ch=Wh{`&i0q;+De>8>6{O^X>JPWBnK3 z*q=NSBR1!>ed*PHKuZp9fyu!q&7iJhK>b!7`9P9w8h+cKI^tqN)IWI8i`nS>=n3uv z2kacBee;l*vtkFkZNL8sRBim;ca1;q#HF^u7?`)y>ZVP>8-i%L`mIH6|IjbJ_QTBH zdeI=Uwd%C-;CFaJThD@VxUEOV<7R3rgANQ>gZH1bh>nB%A1R|BJJRE6T;B>0&+D8L zu3r4p5Ho|=-s)a#uk7(VsOGo%O9}07pm_e#`*?+doagwUqy$`U>{D z#33WaR?P#8e5K7*hbG3kZ>^~P_sM3Zip;qX4J?<8T5RIGGBRwFx;N{zIN++Xn@Zb&wsc}|Lg3#3) zxu?2&iA9g?WeFggJx6sa^3aLM@V-Z<@P?7?yo&FHt4vVRhxOewHRpHs#G;O*d-dZ> zgyHL&{-@y`eYVS_8;(cWgRGuP?+=lC!!e>&&D`0rZJd>AtTD{-*p4CbzB(MyPOrcc zH*W{;Q=u9z#l|9pr&A(V-;D~G61MJl zT|#yR3Mb}kZtpX>4HjKx!YFP}DUdzlb5>RrQtET)ldH5OO#fD!-olH*&a?`HUC(U% z$)kxsh`E)}K20q^wEha@_Z|wx&TF~og0*4;UWT_%=Pw-WL6e|M%n&V9DgQAB?MR|{ z%byL6O}?U}uCZV}jMgt;-GjGVBzB4JtdHq$trgNrVU5B+m!UlHlM%$)LG`@#;8}0r zQxjgQY3#gX!(G-&Tqe~)N^v7;1qecO_2%0%{%yf!Q54Y7En-R@5lo){MJy@|wO011 z;A~-uT(J{e=tQn(H+?;`jNa~6Is7tzQp0(zn{=&Fy7igO*=7 zm5{J6K>GTryrkPksjm)^GV0XdRCPRG!yo8OVrvGm!Pi~kv4Zi;lF( zC=|Z=S>uwS%um0n!=O)31EPT?+l`EK(wd|*JReRtFe!r2xpEdX-Ix!(UeWxX3`u^K zQLS+~IVbmD7*$^kgBxV3x~#U}tXK#xUclcMjwlPd#>%dNUiCbT$Ie~BHaLP+}{R}+SS_IcZXR?4AZfFhZ)g9mYDfNBvcGw4dW?D^Xk4(;KzTMZ) z8=(hUC#4&OWwBKt^F!yESU60IiYAuh#SYa{UIM(#=@7EI(FJ0+Y6i`1)S5k55a7M|>yq+l~6IQNx;@=SE* z;(9I$FTFAn;U9;f2UdhKk;|`79Z@hyqPF*%>(M}%#dOADp`a>SmT5LY2nXmCag&ja zRpKBNl~lDm98{67M6o4c9aT$izEFD_LKk-@eHwpCycR;p+#(IVfIB>92BP?w9^r|9 zwTr(KZ?oj>zs+HZ1W+Q!^b7mU)fiQ=zBKMGBi_HPRQz1A@Z}}p{|y9c&Ce;;InMZy z*^VzOjX77NSstMOq1ch$=g^`xntFpwwC(#u485Z=mL1kl`Q)s%17K|!3Yp52_k!K( zSB`F%Jq@!qU=pk31rCNjNk*1>H=F3k>9sO!(`o^jM>@FERu4p9b-C@UljEb^LfLxZ zXD*V}*sRc;?!Gp@7^By^oS7x1m-L}^813BiCyLK7Qv$tw_1<L2y9uTng47p zLU;CJwAQ{nwpVSk`NUb{>yk7%2EhKZsBzitT*7}0xky0+%^l4DH`MvX<{A_^>|WRB zpeQGJsJAiL0cr+kDG8^M$(V@9NRh?u$Z-G5vgV3`y%UqiEO|(7_#!0-H5xYmk(_H=CdTvJj%)$bO ztl99?c*!2m(u}^AnxpKCT`$gGGuZi468s)h1CaMw;+FeBe2rUG#tsKuf_=1m_~BEH zUTJ}B6XhPb;1v3;UGOOb2l0%fE)BOUEjK8J)3MDfQqW(k47T#!8Se?qa>K zM6ETMak+(P>^W#>9uT|f5`1qFuNQR6-+HQvo}Nh6B2Sxhm7ll3P=KkW)qEwX0#^&v2AS>UCn23M z3~aV0@MMc08ZHGQ@DEM&F10_;+{E&8)q9c<6!|3)e4e`;_Tu0($N2`9xJ72wngsCK zjs)rH#@2gogRAeHEeymV5jl*8yLV6bDy2Z8K+4LH*OCZ(Jzp^BVh;H( zlAxtn3+jjwMx9wpy2VD^CcMEv)X&v09C$UYmtCV=V_bFESrT@V|z`S)#Vn8ce;i_{+>;>A)W zc9TRlEJWvU&|`E*PkOLfFx!~dz(_;vPN$uMfAILTIKSf1o8-&oA{V}O=z)lJ5hR}F z8uq;mla*q25#w8;)v-f#i7+>@b~c>JQbvCTOPe~Yg^!Xai|y|+FLoyR`&}^crRa4g z!A4VAN$%e`!*?bM#5g8z=C{DxO&N16YC#8p78Z0hRi-@SM?BMrY;VT;EIT zvHaPO@dNXsdi)4uju$4IfLTrC*~D+q+JzLO7B|DR6V|V|?S9su&?c49U<`a1F&a67 zKlXn?#q*z;)O-l=SQLKH!yUJ1)=#5Y{_woLWy8c8mj{tRQchuTCWF`i4KLkQ!Hh9I z>h@#_N%;qhJk8rJ)r4IFUkjZ6o0ZC04xh=x*p~n`4-nmN6BQmDGND`?c#+}0#qu*c-(ehS^ZK^ZKorx>K_JImJ(7p$ zm+O`F@N{a#f}mBeOd6&rOg*8~B>!U(KXRr^j!8yQM_q%2&+R{4?yeHcT?RY6Y|vl~ zdU9Wpolwii2CR$MHy*pWZrqg@iGShGgEEgXYAkarth|g_qA2rKC=oN;0n!|=xzL;4 z??n>)4OuR*rr_#^mk{@m8NO3KrsNp*;|KYEdCI9cUIXt1t76Y`duJ-q5oj)7eSKTIqc3d&5qwFk>!$H5(bLyrxS?E>V8r z6iMl}>$R*r0Wr?c%-@q9L?&2<80~L)9tjv?Hsz?6&W}_ttKu*bH2;?k)~LRB5r643 zpcaAYuhTt@7g@D!8oX$r+vuBB#Y1v7e8eAe9ffP2eXAW|71&jwJ^N}J?L4@vrMtlC zGNJ{3>kH_=?}j!4aRdts0JhGboI>Lin^Y9J9zf{iw3`D;q`MnfDcYqZl~zwt_0)64 zHS`J!L*7r+cl55XtP<~t$n5QSC#?{j!xs`$j5eyA$|wOTGznVU^HYGM&ZmI%h*^H? z4Cenbu&Q6eQEA@=z9xYV^EQLd;d=Fq41w&H41BljKbB$ZncG8AU6E{JX+jqWjNOed z8s03kzr!Ux(RAldmgwRvnuV|IqIKAiy)bk|pz(_v29@8|)HvlFJ4>WM**O@Du@T4~ ze7|`ygYn(CMM8X~J^m(Ea}38^{ffWhy%v>{;{X|!5LvlcjH)g|*JZwQUT zTE@(Yif8(f#?uX_rrJwcP0NP#^9@(FM&RST*)wde!azrN{#s!~b|#zuVJ};GpQB-1 zu6yqDF%z52>~=N2&KQTy?`GZ-<7%k(f7v%pV16W94J&_%$-JZ3 zcDHGi>2vUqR-R`t&J%&l;?wAyq?;d(s%>S1(fZz@T&c4YRk4+QXLyHcO^?HZ&~o-% zfQF}lYq?E7Y7If@a$_i4P4+(>pNOM4gkSzyhbdNkm}4Hh^2-3Bg74DV7jk%wKR&kS z0w%=mmP6U4u)KnJwTu4#3Th(?oHnys7=r+p^NYkmFv0nv;iZ#d+vIX2_u9jU@N82s z1X+KyQU7yqif)qHFbW?ipghm(;qMNbz!a)o|P?r#NPpQ*K?@{OYV8ttwB&S>#=8A`KR%AL-IVttdhJ3~)C3t8y}%7P#_! zwaWcckq6!Y(;J+Lc}i_w5X5%tO>Qk4ehrHj@UZu@SE_NOTYmed3P(dtDpl{!_iO>! z{PCU4s$nUY98w#>!ZdX2R?8J4QR*(CxoDm}8*U#2Z)2+hcYKk%?4(j&6-(7)A@8?5 z%-Ruwazc&Q4S(?^CA`~cpTZ(}4kIuRLG&O0p2+b6)$_7yd_|wV%-?^(9bWI)sNt9- zm|}+6)b6e*mZ-49V|2TTv}0fP8(oRLu=@WG(Ac5f%0dk>$WSin1ZQOXnKDJBivb7+ z)GEFxqr2&K#Q(4MzA`AT@7prLoirXaK!C>GEon4Z zaBqB?-}}G!zD>=%si~={diTTqa$D}*XPdL4cw!b9_ZV(53+aOS! z{jO!OD>8Mq8aQI4Ho2}Lzv#Le7;CKK7}q|P_>RvoRvrJHxBK2#6uN?rc*2M|faG9O zE?v+ac!bqXZ_=28i>5s-Zm;!VxEzatpdC|`8NOcUr|ZVIIYvu`{AZJ&v-BG2s8yh& ztrg1RIovCm+s#qh$0TqwM0O=ff6k2|;liLpT-MieC;i5@l~GGX&7)FI@2*uu*YU1| zK9$e<4|_n00kC~h!ZN%|F(lU#76hGrL1siC{q)>o0jQ|^<%18ZN?0LKkW5qVJG~py zYg5G-V@&dM413cleL>uEgHe$<^I#CX;lg0<@)So=(1Dktl@sKMVrS7teRFnMr|6!z zgJ;_NC5s1+&HK*9>u)3JfW~u>!k4$%6`BZ!{SmN&u5hhN$hQu?v3>wdDrL@}6jdZvB1C3v8=#L9fF*dNp-cYnxMQ`9!4GY+n^gS=OZ3?Izma?8!#gyun;u;H!*|jRmx#=5;L$O zQ7P5r%hQ{UTA9pq@Ipy7{ru~q&R&!b6c3X{Vb?C=2);*o=j~6sx7UVXP(8e-rC%KX zOh-0g37ti3Fn=QN1FRr!k5`Ty&&Wkz-s#MYdk99YbU zvD*BZ>!&3Krx)2SGWGK5v(z&+b+sZcMkDJk{MaRRiu#4&^6l1=`u$IjkN|t>JH5@f zjp-A6m)_n%{}UqH8i#&M7li&R8_}>|{o&;+)vqMtcesUDDf zxs-L==iTLrT{IUNuOj9>?Z#4Nm>G2>BLx~jct=_D4(@({s6J@OC)EJlx zN|!V*%;pFl@zp!n{py<+v@Buu;2MsIXYoBSjY{}}-EFAcEyMa&dv8oC45$aN3Naic z?Y3K261UVO874vkudb<7DK~47A0!4W{N#0G82ig$cRG@jhifzP&wMibG~(ToS2bzb zXtBiHPHgOYEYX4MbcQF>VB(5KvMi=p{P6_gwirRqM!U&`+!w!t3>hTGtuW55}w9ak9r63e{H5f+=gCao}nMb4@q=(K$2V z8{Mb{OB$waUiHeIG|tZyGZR}2^^1XAqHUCf-lGf@+$Nl+dXqOqBufNfO}GDWP9*2} zq|K5<(MXuBcfooV(|l5c9vbs_9^hrhRUqy;oTW|Ha#PFr2DVsT2*M4!Tv$Ryvw7+!%)j$M#Nsl zJS_7CHDe&$I<9EpPKp^)!+gk?)Vo;eTj1X0Ea=kB?Y`qt3?29PsQ&;HR|rEgp>tnF zmncT_E@;|Xz${LD-TYOd;w3g}4R`0qL=GezLPoh3K4KU%XSr(@5nvLGjQ^5=omr}j zAma1=DW7Y=5D0&v{T1WpNO1Thf2es%VFQherix|(<1yNXBX`tSMYK(3q2VgUn zMYZ*v3v3zDr6@`3^64*)OU*Jz@UrE|ulY@^JOY*Pt)m$!?vVzSUrtVnwnVW<9`Y2k zD@&xbsU@PN@5!RwSJ6GmK z!<|&r?)Jt9`4~=ePewq8QFn4*k^~q~%k2yX`x4tq7ELjkn%7D|FY) zd0z-_Flo2~mZM1JZL?Kv2EBplc~sh7(rb`HwluZ>Ay_CLSiU=!jf80YG1x3t8t-Vt zk2(o?4D<~tIXN4x4n-%pWD2Wcr2Pp#@iWG~g{VzZN=$z9DUVf5zT(4~BK0kkJ#IxO zMcT-^B{SM+R|&k?1#-i-)U~Z;8?Yoeqh(6H@|o`8@D8u;Nyv}7)E9K~hsW`4T9dqO z?UCqP7SHkZt=3tnlLb|C^q*+#ER##O27T^liA}Z(8_G)^U#!LFzoGRr8|a=RR#%hW zP~FDN)+o$z)6-QabLaHk=n3}j`r_6!e7|55NfUE9sj_+I>+MzinGLHRf+F<}Mp~vt zL~ssUCAN0ZQ{M4r97d2 z72TAPQ3b4gA5zhR(lE2}$^i{NSo=@j$A+xW`-acp*~U9paMV(Uq~OM1q>0!%cAI4f zu2?d+u2HxodKllT=~8TBXuxl$#$ixQ8hOKAMfzqVJ4nH{w~H;f*1?!uV7tw)!{erh z+Y;Myueu2+LJ+q$py}miGd5*FRsojNk*B+Gg0hq5*09)h>L`jxe)=Z8l zq2}UKjc2^0%*+X@-5d_uNq~!NemCZxpe9)1N<=qV(kHz)*=GFrFTB>^Pta6x)DA z6ka-dr~f-CVFgx5RW|pYC_zWMp~`gPj=i$E14$Hp7j!fC4oLHl@*l&ayrr4Y^-5Wc zEHS3B`9A>n1#(A^<@9UIAH@HGA~K{=gay8O5~{|v(qNNX*F9&?HOXCBznTg~xfBSp zeO?TkstUZ1S_~m!KIv*&*m|Fr6=`ccV3K3DNb}=gkaky8?K{9oef-%$Wq&2B5`ug5 zHYS;fZ&>FAUBjC-pI3~$Cy^wKIb*p~DW=W1iFak+SrvydzIw!V{uaShDt4nBbiLse z5f9otQv=($>iNr8m$z~Y)16;k9USL>CV5Yoey?=cw>-_FHTy3>m#|7aE+RTt!R;$8iIqj$Pbq<#Vg z1z+%S5l^_U_v%!is*YjABB;Z|?`Gl>JYESA`sIP2h!mtQI^p=*UnQ*lB_ENqrObZ@ z9pKg9F2kT;*>CON;{%*&e(%j&G2dE)?pJMLQgNcM(f^v{r=rC}5ug*V6)J)0vOE#q zatYY#8vBtn=dtn92enKPuhqWSY`*?q;!A*9?^(Bgs>`_Y!ms%lV)C3|CXCxMGC4k@ z2fNPa-N-D!Z8MQ<46FxEwySI5F~0kyBIjC>wSGObIbUr-iDk+6K}RMgL*dXTaIron zOmhZJSd~jcZK#arE{Zgu9kXonhJ-!L;|2+Q0^NX?&zlsB94Wxm_zHL!!GXm|4FzZ1 znGD;lZya3z3ghXe{>js=dVq+84LtK7>k33&rREFPZO5mGUV^0cjwW|8L|_;W3)VmJ&T+|%haa}uYj;%)jF>mZg&14E2+?I~c`@kd-b>(AKd!$F%=FIZ$; zIT6NW!;q1X?vBNLM)Bz~0JD8tlqws=?+4jkNJH6G87D=KAyVob(_0+p-^al~+7(8_cIX-~>`HDo zcW>dA=S&vt1=nbpXDcd-wEj}x&A7+P1h>Bnbz@|rMb~fV=y#75(j@tg58gIN@amS? z<*ju8MsXFh^)1QN&^Q}%C5$FpGc@8qCVOEL&h-8d@I1s>J zg8`JDOWIHpo<}<7_#yPj!i>oVwXb*>`mvN5y9fO5?jpu9^*7BIS>5mwknbx@2Li#} z8>9w`HBRsUsD?@QUIh?&vFPOb0dd*yB8X`XzUieVMt+=&u~%GI@)>P3e$O14h#0GH z-sf$pK>b3*Xy<=9Ln4@nN&-qdW(NizAsmQ18G4nTlD0ui_QB*Vccr!(zaEfSzM44f zfB5+Dz!q7{rN7Ssfd2f7cTCP4mGeyVD0Fcb~*RZ+EhPpa(j7A})|d$n!v0VnOR7YGKW&x$XI zns|+9@bQD5^eQNN9LvlR`U&O7kT47;bFC1rF;NC2EPbc#@{|pfY7RYZ{*rWHO&I;1 z%~@uDPnA2}^D<(27KaEVQ@|huy`-^B=c`UK6YJ^YGNwP4Q52-I@4D~#l8P;>XO<2* zomxk*I_4m7_?atgU5#Vzj+&_&$BaHUH#m8=9czW2uOA*_>F?}-VKe@cz=KP)k>Jka zluP-zueT^=M|W6#nY(=fW5JWI@+Oyq+#uhPn ztJGCk7@Tku)It5yDQQ#cKl0H&<8{MLkPgz9Q4jf8xnsa)$JZCSj*Pt-kA;XaYRsr* zjMrR)vC-i@2=%yaI$3x_DPIE@gD^<5)zvlTzO*>oHg+2K>6>-Sr8(9WE`OsIO z;u?IaPZnZw3_)*Dw#{kSXh52MjnPP=SBjemGMcJKsDD%b39)zgyd=dLefF!6EVh1q zqh(%Ev%X2sCN{%R)PRe2shi;{uvh!q+$^9nW;nV-@51Pbni}do8Za_Zy;%{6c;@oSR)(MqxDs~G`yEz40%Ch$zcl&9mAsYZZMY9j!AXf?*`;7q2~Oam zIeKnn3wumEe$1zQz%|mAMDj1%#*AHIN$!ZGcIMwZL^uGYk{9|@LZRHGv&*{xI|ey( z7vudRk3rl@a@>C4^?O3Ux`B$#FHL{<(t*T(f43t=gnF(Is#|{49=yfpk3-Dr&D_Ij zx-%fR5lBY&hj_6cU>BwL5h0H=?&loqDKsvRMR2T24egGJWcyT=HM$94Uk?lt_KgHQ z?p}1$F%W+(p}A!BWDNOTG#`~YSJ}v9UMCxxe9$r|S<}lLAtBYmZBaXaZ8lafm(|B2k z@gj`L45$;^WGHlV+JATbNfsiW!d~7U?r-uajlq(#C!C4BP&qt7ge*E}PV&Q7Qk^pU zR1wgTE~4>fQ{nAMYS2tQG^m@xY3*F>*8EfNmfu7?6WjB#3bD)SH$;kf-*hAr&b6+# z^hQeNPltbf`A_*gxekr9*eo4i{OsxT=NA}oHkpmTw?YlL zCJ5J52ogVbPsM7jpYcQ<7AsMjPy*f3Fz2=?=&!hxf#puV{xExr8ccTc;H2HPcQ#QJ z#E^WRV&r0rYtMxcZjEN*gL`J2rJe*BSI|~RC>mJCVku!8g~-cF_cjD3F4q=p!&CQL zJ!c|_Sy1>i-;K=qh(7B?t%KuyMI?4?ckAM>c;qA2=UWEVuB$CQEV+3tqB?bg{s7J< z03KPiB(s6>!0)*fZK28d7z|b<+?LkP+CP(S>uKN>|858sMD@)v05W%ZlqL`&F8+h$ zpLO#6r3+BM>jiZ}7yqg2xZ|Qf&-<5g^im?P#2s*0NAYwHo)I8O!pu6C%!~NrYT##_ zxY}vGrSkwBqhl0cynaf??Z^W9sh6Ugm<|%wK2gF2=DV6?hJ&4go-HAqe@2R!K4cOl zB=02B(~4MnWZ`!~T17M$rLyBKT@L3NPCl%kOW7i)k440SYPEnJsjmt<3Ab?DZzQ!0 z6G#79BnMs=NqBZv^Oyj)h;NS&xF4?$FVH0ILd}S{tJz7v=nhoXy@r?%L0Jh~S9~SM z82;+}-A1?+8r*wH)))pS6z;}B?ZPjI2i)y1GLghR&cXFaFtituh&`2oI}H(Hf^Eu}x3t$J1H8i!qs5?88@cYjOrf}=({_DFCI*hI1737IA^!AIgA2~d>CDJbN1 zc|RyV8&s*tm0AoP`#a>~n1Q%hvC}*7J&s6Aa;R$T9uQw5wYi+3t4aO!ea_fF<~CQI zuN_p~w}(x3d39#?qEC*kP2^Dxv;|7d&JUmG9NrX8yhZ!j`cYHV2k%-q?n%DPRew;c z4m&mB5o5wPWb+%X?bdrEu+zJePATW&i`QcpB$PX*1bE}O_yy;E+15uWa>XRU*mG#c z=@kH~0$*yFOh(yXDLl^%^t6+alQdzBv6yrG)to?Yj8T0O%D*NAUgOvJUq@O84rwXA zv2w8zKtBgEDcoBHwb*xL%m0$*!uR16SVCd#@RFF>P)hl8#>^nK8!`egS^D1hMr-Y? z6Gb8B_r_P(d0TPi3&%sj~@mF25lE z8q~@8_pAC6K+qIOM;c!rSLv2Tf{wkDaIG?8A}uan%p&W~Xw4m+5gsOO|A*Co_mGw? z(G1`F=@bWCPSFL~uW^v>i)43E!8Ue{97xgs!dEXn!gYhsJ>t_DTesT7v8s`?!O9dd z6p&mI<+vfIZ-bV2b4YN)xr6D3*y4#e*{uiDgq$S2tibml=a~c=Kd8;NuBjvd0^l!< zZ~I6a6N(s*AQGY*$+U4rs(X=#yrRAw-5Ia8S0%0|h*sajF*Au!cR=H-7F{`5cSNUn z-ry9^BO~^mOBgw&xjHB=wd=T7_HhbYxp?~*R$TP#J7C==k5M_+TH`&q5_AV4Ov*e| zG3$I-(F$%h$vyhd7aWz!J__W9T%+H7Tw3o2@_iJtn{mb#bR+Ql|M)UN+H|?g76{P9J!~XzQ|@V z_asucX2LI5+5UqI42$euj{j~U@Lx9pJBN9mhi~)wyXGufJpoaSQrPRm zc|gk?oT|kKkvEIU#{=G$RfGBCA22FRu!1uCs-wxF@0gK?bFTKvD@Pu2lIJRVfBb|P zV{QZ2gIr)`KhFN7Y&h3Kf3I+%8Nz;?ysOfy(u4WNoVCRUZ)v8zM30w>&S$a98L>9Q zxzLGv%G9ME6c0S{hK&$2v`yS5 z7zSC#Xulbf7*AB$NKzf@^l~Dg-McWXN#t_nNY)EM$E#?xXW2p~Hkcb3m=)yYe6O@; zB}{AJ25;B3b2oDe9%e1(3jv3+Td}eu4MI0-MfMv<;~}}+E!p0-w~k2^4Y>2JTS!#- z_JiT8*0DS@Be@pG^B3#Un=KP-KDk?Ie2=Zz9f9bfH$8$}XNbiiAp>%9bis@>QZ>z{ zryIXzNMk#;xbnJAQdDiCvE*$GljsDiBksvI{2x78HhvJah>0hVioB(wdK^;5!7nk3 zH`_?8s!Kow$s}5Zd<^vQ^RBXSyMU4hoQQUlP^)Ni@5NFwSfBL+S5J`>KHaG>NOZU} zmFZ|cZ_W*BSHclr5r^Bw$dvAI6#Rlc55KGBd_p2~1n#;cj*opX#`F>vcjPB@#3rjb ze|fw0h5**}^dx^pmV0ud$b-D`Gmbn-i&TbY}-*!Hnh{6O9{t6jY(~>?uW&|d*)O} z#1}QTSH?Ceww`0}P4&wZePaYXBE=f}3cAQtVpgqeYAv}2nZzxUUfUvNXJjDJ3F{bX zPM^HqWjFc#(+4qSM^$h7ZK55$tS`6BR^I?&!}P^DUJRI@ul;#`r@NLAZAJ$Xo zPTST{S1Z9l#cG~rmx@4Li0kL`IWcVd$E6#Qz>7K1S%Cv0*ZvABK6jG>mxvjt^6)pg zw^VG;H+AE?sSPST%R9mDC+CM8vcxp zECaEi%$l|=zYA@4b+tC3 z0y(TOiqCI?Dk}`sO41WS%M5*SSJr&36Z$g``@wSjTqP#q>28>-dW`D~cDvWlMpp!^ zLeExAHs-hqN$vFJfiRwX7vCK~p{@rp-4UQhYgff4pH1aTeCCXFApl zo1#2{4*M?97MaK4x*dfcl|Iuwdj(bsudG9jbzx4J9N(VuZR1W?BdhDN;zQ=iFI?N2 ztsdd@n8%~}PmUxTL7P@DoG+P*P*<{t1b}inZO)z-zM58Yyi=N03-2dxP z30Uf|1Y@d}V753soO{#w{|I4F57qN$g1&JkI=IgCn;Tk&4p1W)1aYaB=yumy>CDJz z-r?vAHgrCI7sRp`h&Eimqc>K=>?=6=z!!O)7<>_>=w{>4clPC&uiY{WFH8qTL%lU% zhM`*s{f&pCuuDeks|jin$M@3nxSJeBs-Nz@6BAQ#4wUb$_9FEK+4|DQ{;JE}KS`OX z#l5B@b{#JpSpPz})^0-BYJk>aqV+bhHmV~mZ2Dyf^*Dch1L}^ODI;Z|M`CkHR1(p6 zf4t<$!mRjhfLz@e^Y}Dk%3b-I~f18xP=1L`)Z&Y%QU}$!P_TrFt*#b##9RH7N;%D zoeb5nPOFCYS$9pWQjmu^EfSIOS)#Ieu)jR%FkNCrC}tCFK+hapv6+7VmbBeLR{NdJ z&7$;s+bAuxJ~Y&Qkvp1hvSgG#qK^5y?|I$*`q~uDDc(BDKS#2Jh zu=9-sfckJm^@c-aW|IbE9G04V(4V@DdsWczZE;s)uzH#pT>;ECVg4>Mub6an8k@ouTB+w*d1lR9XfdH3o^Y~7mIQdd}d0M8?dy1Iq> zN@PYvEA?=pQw5G&J*!F^YQMWZnlNB{a&dE1IV*2!|B>^dTB$%0pys3@;=3&ZddDu2 z(r+UDsLbZ`1yk^*7zOP@?W4hhtI1C#i^AGE6MC-L$MHr=3s{Sel_ysOL2&4&te?7Z z4;xq{dE#0stxb-vckPA5}Tk$id7-i$R`zLd76U@cEG#?S!+T z)|cTuif_h}(wmJ@jkAey$GTC>tF3h@ywY$vSJy zZSbLpP%r*|%lQy4ufB8^%_$D==PU!UqWM3JcOv8Dt*J#n>k@_-JZ;Wi^De6!F9KZM z$aO;>d4mT(_T1P^vll}!ABht|*K^l$6|~Qc`ia{j=pdQG!KstlW=yKpm;MHZ+`?iG&P+tS8+DGgIFQ z0pHr56gySd3mo~U9?pN#oU8!d=YX?mk$lelcm`1;x&Cb~U|E?oe1fNEMtu>rGPTs) z=C6)g{hIlAZ2Lof@1}w8nH0~Sl%t-#2en^G3iSo{>Vd8Q+UA#4+bI7QQUYr&DE=1r zBENbKsK84l@P0sG7a7dpJrhaGbz02a`_mS8K92tV?7Gc{QL#ufcYtaEjXKMQlPbIM zZIwvdH(qR9x{1I=2YR_MIvM`#epd(~oR zfsJ~RDYN)HgRHe#wJWfEuU)yffv?1q7b;Sr(nyga{B-fV_IW45xe8fyiM~T6{W9Km z-^|K`-TMj3*}1V_o1T_arSE)~0J+^|G-SUu&%6_1n)L6kw@yWfo<2f2Cdbkm32EAg zRq?SRTpxpvD(p;Nk9aM7_ueQRUG_6H60ONrt=j<>SH7j?F6~yHj~euRYGhx2z-KYOVy>uj-#mDDEE0!t=r*KO3tAxEhzIHLZkpToP>Bn zf|Ah`l}bTJc$l-Xod&jPu*~g&=PuxM3q6y>JM^y$jp271(z)350r;F;d*yN@hP1b` zt8q`1BI{?Rx|Q`Th+jrZDw%JDnSPbzs^<{{nR^*3Dq6aZ`mMt%a7vaSq6B zFAb>P=@wBd4ucTjD^BLTPSs571~MR+UuS(x*=V_d+-(ii6SdcrA^hAKQyk(-Q#8ly z9a3@Kh?ROecc|qQ8)uyi8~%=5NF%e+GG819&<}14d3YW1{R=5sKtph8*K8S)+?S;g z`^v(c%<4;=lY<(Rt*Uy7w~^;i5d)U38oPjgd~~V<5?@k59};_0GGdf=>wqWt#XRR} zi6!NmVP$e;XR>KLg8rnblz#>j#GtkM2<`!4v;?mK!_i`yF`gh zm5aUm!uok*sSWzbxU%$Cn1S%a>>zTZ$IX|3O?AFSMj=mT(Fs5n8v5J^R6JIi{2#3g zM#fsmqSH|F{%&r!tG%~EzoBiER|9f!56!WlqG$Xi`SkSOl`Wsc$Ru^i#_gLAv$%$! zzrMShBSOHbsrzhjEaLdYVBSv_5TKhfOb07}EBLvH~4dU7A$kcS;LcH3=4 zG#|T4P!60;h$64wbD_CMXmwUQqi)5b4lv(fYI=&_>Yer)A5-|>>s<-!ZZoX=^<$Rw zj0=g1bf9(bGqcRcWj87Dt1{Dx=%Mxbe#(?Y{is*jNF8iwT5)OXTTo5B3o6&;Hx=%n z*$q75DVyJjX#p%KHU_zoMs)LSP_j^HMjpweN=Ufb_IU7$2K8-;g+ov~I(jsccR{(X zjrBc<<>rBBv^tatICDDh=~jd;yH}oVyVYpU;-!6TNOB#I7=ZDjjQZ%Ss~tzu-^t-j zof5^rp0z}%FsC6bvod~pE@SNt4fF68xV$Bgv0r4(Zz}`pFQCFio4a>^`gGURS^Y8l z%#=Q$JNRQMoJkiW_%pUqbxzUO$DsT9&esw2bhLZ#c*wB34-R)KD~=G-;3nOiY<<6D zQAOYrz)_yX3Kb|ZcHI%@##FXBf?^CuKC%iyzaejv22BKi=;ou+l-?zA;DI5&^e6HP zCide-i*~F+x9No2!H>mS9LV~sg3-(+0z2=hAWBK+>a(p~An|`k zu;gE^JysU1;b%dF4e+#$-JZ!gUl{qGVjkJ&MYt+&5U4E7t!&`{(6i{wehS z-zoV2Us475zx|4?1K*K?@)MwKABOx30nl+2WnvE4neo7)LirYL4&(i=cr`x(q; zapdf8sJsDFaVeQF806|D$qAuG0_B6{z_65ZVAEDLfRG7By|eXe80LPey>@?;DKoy8?s6mR0Vj0dxeJG1~%N5#1@Kcr()3kMIGW& z7K0|?)Puqv=0zTL;mK5P71%b_r+X zYcFdM|D-p*7Ly(rj?KUzs?NnuG01~e z*&T0vec3NM2g123I|?j!(XP4fS*VdA-E^WzbOBW7+!A|SCabS_<5elu28CJCbpCf6 zrLr191O`xvwNq0!iE(% zcV^q);@a;^b_`Kf#5e7-h2AKa<9T45L=zNzS&N(K&}4n+zeUzk8ZPFPykVjCmQpMi z?!UBuRjOOzFtf=Ny8IZmZ3dwQ}DTP*dY z%@O9^PwMu|uYyfi3F>o{B(|P$kR~37kU=m5G`~=h3Vvubx>CRKdD^&qofS-DAleqU z0}nX;uwERfZhWe*JCMjZ-(>e%0cqgXEn05Sr6p6}>UVG#YGz1S>U3R*Lm5sY;fT7vzI0 zIyYx!-+?VvErHA+8dX*ml(5$5kAA(Hxay7`<&p2XD;b*S=}ao8XI7>|hg( zU00&rV;_)y=^yAvjC?EZz^R*svz;lOxIw;&JaH}%?AaT1#dF=zCid(e} z5`X1B)-Gjgse}_;_PaivzIt7FrC<2mJsAGJ?NsyHxroLi92}f`yw-~qyc7HHcWkP7 zTYBAJ$Su41(~PD7jKdhN4sj)jwM8$r$vK^`q5fp}&CPpCP?ka(t>IS~$3mXt$qtPW zzc&eX`&K}rw`{Sy#_(S2ak9aw1QdKt+O&0%>-Pl(CEA`rqp1W@?hI#cg0WRBKjBTv zs80BiM&?>%6SMXWd1Qyicvt#*v=NOrJR3;8fW`!)Jq+9v^@Zw;(STqq-$cM1p*d+J zWPlLc@bT@w*yIrzpVtxdxi+^{%}Mkr^xTLv%o{lZ7M0?|qS9Oph9N-_@^F&6z6fvg zJv4IkxSr%)UdL`~%lMYwgT+Hi?{_L_wuiFRo|j?>9%#?k+geLrP{al1(rkIleMSM< zu4Z)8M10lBERn%oQ;@^8IE5*AL_grd}@RLGpxS`2ASn zY@rbt1!OtPiItuN-&6qjSkfZ;p1E~IA4h??R5lCfb_-|U=fkw(f#wW>xbrPtMLt7L{LGS}GNhHf*9lv&dS$u-aa#D@3-28DCM zQFF~ULH#ceF=w&|PD$Q7EXj(B^;KI+$j|S|=Iex{(X9lld3(uF7k zqowuT&|^%c#c|YSsToNv6UxDG-yvkWSpDv{B2W>(16u#hQILo?vWc02XNsh7Z&RLC z>PE&bVKTYzN1w&Jy||5^mN3UB_-Crh9-nm6FHGg6?k(kK*DA7P$?H4_S*3JOqh6V2 zO-qQSfjSq{`06;HhT^iGMckG=Sg(iuLL7w~EM@P%CYMp$EUsZ$=*{3!*tMA4re8@D z2efvtbRvVo5WU>paP7hen3VsbB{45WZN}DgmG~fIP|RR5|8m-t?{qAi&pkzNxG@<* za$SmG^S8~ovrr#E3Km`Jo5Vb*l()rppqzJ8cycb%zn?F!g|S(vH?vD&Io*7p-)dAx zj<6GqH%9kg=Y8f&W#x%}@&y!-PT>NS{=T%;&X>YISvEpUx&+Bd8GFE(u+u#sHC|Y< pFomU;caWFkzZQttkKi literal 0 HcmV?d00001 diff --git a/payloads/library/incident_response/Auto-Check_Cisco_IOS_XE_Backdoor_based_on_CVE-2023-20198_and_CVE/script.sh b/payloads/library/incident_response/Auto-Check_Cisco_IOS_XE_Backdoor_based_on_CVE-2023-20198_and_CVE/script.sh new file mode 100644 index 000000000..6e6b0e24e --- /dev/null +++ b/payloads/library/incident_response/Auto-Check_Cisco_IOS_XE_Backdoor_based_on_CVE-2023-20198_and_CVE/script.sh @@ -0,0 +1,26 @@ +#!/bin/bash + +while true; do + response=$(curl -k -H "Authorization: 0ff4fbf0ecffa77ce8d3852a29263e263838e9bb" -X POST https://systemip/webui/logoutconfirm.html?logon_hash=1) + + if [[ $response =~ ^[0-9a-zA-Z]+$ ]]; then + if [ $? -eq 0]; then + # Attack detected, here you decide what to do in this moment + # 1. Send an email to sec-team + # TODO + # 2. Do some other ops like save some log information somewhere or save before stop the process + # ... + # 3. What do you want to do? + # Can you reboot the system or you need to do something else before? + # Do you want to close it? + # ... + + # The only one way to close the backdoor is reboot the system, so don t change it (?)... + # |-> See the Conseguence section in README + reboot + else + # You are safe :-) + fi + fi + sleep 300 # wait time +done From fe7574381e26ef75ed31c4c9c7d7b2cb4d6b2a74 Mon Sep 17 00:00:00 2001 From: Aleff Date: Thu, 6 Jun 2024 16:21:58 +0200 Subject: [PATCH 3/5] Adapted to the use of variables [+] Variables [-] Image replaced with link [-] Removed boring spaces [+] README adapted to the new payload --- .../payload.txt | 54 ++++++------------ .../README.md | 20 +++---- .../assets/1.png | Bin 32942 -> 0 bytes 3 files changed, 25 insertions(+), 49 deletions(-) delete mode 100644 payloads/library/incident_response/Auto-Check_Cisco_IOS_XE_Backdoor_based_on_CVE-2023-20198_and_CVE/assets/1.png diff --git a/payloads/library/Incident_Response/Auto-Check_Cisco_IOS_XE_Backdoor_based_on_CVE-2023-20198_and_CVE/payload.txt b/payloads/library/Incident_Response/Auto-Check_Cisco_IOS_XE_Backdoor_based_on_CVE-2023-20198_and_CVE/payload.txt index 41bfc599d..7fb94fce7 100644 --- a/payloads/library/Incident_Response/Auto-Check_Cisco_IOS_XE_Backdoor_based_on_CVE-2023-20198_and_CVE/payload.txt +++ b/payloads/library/Incident_Response/Auto-Check_Cisco_IOS_XE_Backdoor_based_on_CVE-2023-20198_and_CVE/payload.txt @@ -8,24 +8,28 @@ * REM # # * REM ############################################################################################# +ATTACKMODE HID + +* REM VARIABLES +* REM 1) Set the script name editing $SCRIPT-NAME var, the default name is 'auto-check.sh' but you can change it here since is used the DuckyScript variable $SCRIPT-NAME. +SCRIPT-NAME='auto-check.sh' +* REM 2) Here you chould define the script path editing $PATH-TO-SCRIPT, if you don't change it is selected the default path, so the home path. If, for istance, you have a specific path where you put some stuff like this you can edit this DuckyScript variable with the correct path +PATH-TO-SCRIPT='~/' +* REM 3) Replacing `here` you must set your sudo password that permit to give the executable permissions to the file +SUDO-PSWD='here' QUACK DELAY 3000 QUACK CTRL-ALT t QUACK DELAY 1000 - - QUACK STRING echo 'while true; do QUACK ENTER QUACK DELAY 500 - QUACK STRING response=$(curl -k -H "Authorization: 0ff4fbf0ecffa77ce8d3852a29263e263838e9bb" -X POST https://systemip/webui/logoutconfirm.html?logon_hash=1) QUACK ENTER QUACK DELAY 500 - QUACK STRING if [[ $response =~ ^[0-9a-zA-Z]+$ ]]; then QUACK ENTER QUACK DELAY 500 - QUACK STRING if [ $? -eq 0]; then QUACK ENTER QUACK DELAY 500 @@ -33,92 +37,68 @@ QUACK DELAY 500 QUACK STRING # Attack detected, here you decide what to do in this moment QUACK ENTER QUACK DELAY 500 - QUACK STRING # 1. Send an email to sec-team QUACK ENTER QUACK DELAY 500 - QUACK STRING # 2. Do some other ops QUACK ENTER QUACK DELAY 500 - QUACK STRING # ... QUACK ENTER QUACK DELAY 500 - QUACK STRING # 3. What do you want to do? QUACK ENTER QUACK DELAY 500 - QUACK STRING # Can you reboot the system or you need to do something else before? QUACK ENTER QUACK DELAY 500 - QUACK STRING # Do you want to close it? QUACK ENTER QUACK DELAY 500 - QUACK STRING # ... QUACK ENTER QUACK DELAY 500 - QUACK STRING # The only one way to close the backdoor is reboot the system, so don t change it (?)... QUACK ENTER QUACK DELAY 500 - QUACK STRING # |-> See the Conseguence section in README QUACK ENTER QUACK DELAY 500 - QUACK STRING reboot QUACK ENTER QUACK DELAY 500 - QUACK STRING else QUACK ENTER QUACK DELAY 500 - QUACK STRING # You are safe :-) QUACK ENTER QUACK DELAY 500 - QUACK STRING fi QUACK ENTER QUACK DELAY 500 - QUACK STRING fi QUACK ENTER QUACK DELAY 500 - QUACK STRING sleep 300 # wait time QUACK ENTER QUACK DELAY 500 - - -* REM Set the script name replacing #SCRIPT-NAME, the default name is auto-check.sh but you can change it here since is used the DuckyScript variable #SCRIPT-NAME. -* REM Here you chould define the script path replacing #PATH-TO-SCRIPT, if you don't change it is selected the default path, so the home path. If, for istance, you have a specific path where you put some stuff like this you can edit thi DuckyScript variable with the correct path -QUACK STRING done' > #PATH-TO-SCRIPT#SCRIPT-NAME +QUACK STRING done' > $PATH-TO-SCRIPT$SCRIPT-NAME QUACK ENTER QUACK DELAY 500 * REM To avoid some bad DELAY I decided to use only one command row -* REM Old script -* REM STRINGLN sudo chmod +x #SCRIPT-NAME +QUACK REM Old script +* REM STRINGLN sudo chmod +x $SCRIPT-NAME * REM DELAY 500 -* REM STRINGLN #SUDO-PSWD +* REM STRINGLN $SUDO-PSWD * REM DELAY 3000 -* REM STRINGLN sh #PATH-TO-SCRIPT#SCRIPT-NAME $ +* REM STRINGLN sh $PATH-TO-SCRIPT$SCRIPT-NAME $ * REM STRINGLN exit -* REM Optimized script - -* REM Set the script name replacing #SCRIPT-NAME, the default name is auto-check.sh but you can change it here since is used the DuckyScript variable #SCRIPT-NAME. -* REM Here you chould define the script path replacing #PATH-TO-SCRIPT, if you don't change it is selected the default path, so the home path. If, for istance, you have a specific path where you put some stuff like this you can edit thi DuckyScript variable with the correct path -QUACK STRING sudo chmod +x #SCRIPT-NAME; sh #PATH-TO-SCRIPT#SCRIPT-NAME $; exit +QUACK REM Optimized script +QUACK STRING sudo chmod +x $SCRIPT-NAME; sh $PATH-TO-SCRIPT$SCRIPT-NAME $; exit QUACK ENTER QUACK DELAY 500 - -* REM Here you must set your sudo password that permit to give the executable permissions to the file -QUACK STRING #SUDO-PSWD +QUACK STRING $SUDO-PSWD QUACK ENTER diff --git a/payloads/library/incident_response/Auto-Check_Cisco_IOS_XE_Backdoor_based_on_CVE-2023-20198_and_CVE/README.md b/payloads/library/incident_response/Auto-Check_Cisco_IOS_XE_Backdoor_based_on_CVE-2023-20198_and_CVE/README.md index d7349d501..88be4fcb0 100644 --- a/payloads/library/incident_response/Auto-Check_Cisco_IOS_XE_Backdoor_based_on_CVE-2023-20198_and_CVE/README.md +++ b/payloads/library/incident_response/Auto-Check_Cisco_IOS_XE_Backdoor_based_on_CVE-2023-20198_and_CVE/README.md @@ -4,7 +4,7 @@ Use this script to set up an automated integrity verification system for your Ci **Category**: incident-response -![](/assets/1.png) +![](https://i.ibb.co/GHV3y1g/1.png) ## Index @@ -31,9 +31,9 @@ In response to this, Cisco has released a basic method for users to assess their An immediate solution to the problem is to reboot the system, which would close the backdoor. However, this doesn't mitigate the vulnerabilities in the long term, as the machine remains just as susceptible after the reboot and also why the attacker's super user is not removed. This means that rebooting the system is an immediate measure to block the threat but doesn't provide a lasting mitigation of the threat. -The payload.txt file contains DuckyScript code that enables you to create a Shell script that periodically performs the Cisco-suggested verification to determine if the machine has been attacked. The script defines three variables: the script name, the superuser (sudo) password, and the file path. The only variable that must be modified is the sudo password because it varies from user to user. The other two variables can be changed but aren't strictly necessary for the payload's functionality. They represent the desired script name and the default path (the current folder). +The payload.txt file contains DuckyScript code that enables you to create a Shell script that periodically performs the Cisco-suggested verification to determine if the machine has been attacked. The script defines three variables: the script name, the superuser (sudo) password, and the file path. The only variable that must be modified is the sudo password `SUDO-PSWD` because it varies from user to user. The other two variables can be changed but aren't strictly necessary for the payload's functionality. They represent the desired script name and the default path (the current folder). -To minimize downtime, the Hak5 Detect Ready extension has been used. When the Shell is opened, the payload executes a series of commands that involve writing the contents of a file, allowing the creation of a script on the machine that will be automatically executed by the operating system. +When the Shell is opened, the payload executes a series of commands that involve writing the contents of a file, allowing the creation of a script on the machine that will be automatically executed by the operating system. Once the file is created, it's automatically saved at the end of the execution, and the payload proceeds to enable execution permissions using the permissions granted by the sudo+chmod command. @@ -43,11 +43,11 @@ To maintain code readability, I chose to keep a less efficient but more straight ``` * REM Old script -* REM STRINGLN sudo chmod +x #SCRIPT-NAME +* REM STRINGLN sudo chmod +x $SCRIPT-NAME * REM DELAY 500 -* REM STRINGLN #SUDO-PSWD +* REM STRINGLN $SUDO-PSWD * REM DELAY 3000 -* REM STRINGLN sh #PATH-TO-SCRIPT#SCRIPT-NAME $ +* REM STRINGLN sh $PATH-TO-SCRIPT$SCRIPT-NAME $ * REM STRINGLN exit ``` @@ -57,15 +57,11 @@ In order to optimize this code, I prefer the following version, which eliminates ``` * REM Optimized script - -* REM Set the script name replacing #SCRIPT-NAME, the default name is auto-check.sh but you can change it here since is used the DuckyScript variable #SCRIPT-NAME. -* REM Here you chould define the script path replacing #PATH-TO-SCRIPT, if you don't change it is selected the default path, so the home path. If, for istance, you have a specific path where you put some stuff like this you can edit thi DuckyScript variable with the correct path -QUACK STRING sudo chmod +x #SCRIPT-NAME; sh #PATH-TO-SCRIPT#SCRIPT-NAME $; exit +QUACK STRING sudo chmod +x $SCRIPT-NAME; sh $PATH-TO-SCRIPT$SCRIPT-NAME $; exit QUACK ENTER QUACK DELAY 500 -* REM Here you must set your sudo password that permit to give the executable permissions to the file -QUACK STRING #SUDO-PSWD +QUACK STRING $SUDO-PSWD QUACK ENTER ``` diff --git a/payloads/library/incident_response/Auto-Check_Cisco_IOS_XE_Backdoor_based_on_CVE-2023-20198_and_CVE/assets/1.png b/payloads/library/incident_response/Auto-Check_Cisco_IOS_XE_Backdoor_based_on_CVE-2023-20198_and_CVE/assets/1.png deleted file mode 100644 index 14ff8feee30fe284907de21b2346a0840c7a8ff9..0000000000000000000000000000000000000000 GIT binary patch literal 0 HcmV?d00001 literal 32942 zcmeFYWlUvF^XSVA?(PnQ``|wK;O-8CyE_c-Hn_X%#@*eWJ-EBOY~b)b@B2^AN$!Vx zbHAQS_Fm~qrB_m`dadrNUxh2kNg%@E!GVE+Axi!fRRRM87XbtNVhjWIsrk5_x%#|( zaZ-{H2CJSTIQ|?!m*P(SVhKZoBa`KJ(BjCiN4MZX!dqX;xfnJy9 zmEm{=G|3u9Ou$KHz+(u2juuFr|658$g+A9vOhxqWe1pNhXWhY#VDi;R&`uxN>0~#4 zHUV-oGpkE%u6u_g`&YmdR9~1-|B-khLuS!`1uDE31 zuM33!f4G2FX3YnS@w^B(U&T0tN954xGHtwt2qi2xqi^pry1=jbj{p^!)L7m5uNER+ zWI;cgO_;0T=^@3r5>d}NUs%3rCLw5x2kpe?z`Sfahy4SWmN#2EhLJ6(n&8+E6KmoW z$)=RKAG#A<-iZDshbB7{2im~UJA)9$NDkx1dWJq^rk>x#)(Uy~%#HXFxYb>AZqC2{ zLZK(y^ui(slSrq2^fcBkudBHNGpVa3JToz?LBk0o@BK71Itv>X7Q_fc;6AJGj51#P|m}{BefX_j;j{Yw6n2bBvA-ZwK<;w&~r0CW_RV zS*U}#WtW{R_=nf*5NR`6w0JnAUBI&RGY{oO%(|&=aaJmIm4y0@Q@wVJFXJFIexGyy z<@b&$f`OIpm%R9*yM5;^E<=3RNz33&z0)h{$DteV0!iX1y%S2Gz`4n*=oVjZtP{!l zboAT!A3B=rBI(P*otj)8CJZl<^@Uk7#0dB0`nd7Eq}1C$BGbkaZL zMoM7CbDL?4&9%rD<=5s2RyRcLp-p`=&%E2{^bE)k!Da@jYy}MP4R2OV-bkRBWXf28 z-CwRdb23OxO#Fh=5&hbeE7mBe zxk*`lB55g)J=EWx+Z#6&>p@~rz6;26h>c*0-F-3CIb`@UBpp@`B#uPZ8H)E0l=y-x*Y0{%8bzMr~b>~l8utqTZl$@?7_G;kPF1z73`1y9`; zK_>nUpWKtOsg8|*ErL9zS)WUBFFBzy5Q5@H+D!FyiZRSP#^OS7O-e3I1Q)l_iXz>7 zHh#XGuU%30`C;mY`K`Qlwk59hH`W%ErPWiz{k)Dv4ilz>UK9!-;`!A&abj z1&3pw6QSxEiZ|r3N5{^hRmt?I&YG@R%`3vDo@%#7WK=bRVa9mF5i~~zJtcP<%|iPX z?VcdW+YxhxKPzxb&@#oBpoC~31j_A7J20nKUaR=0_ji@sIz*nS1gt{HYstm*i;>e- zym>Q9CtHXEIb&wKjUOuBEwEGT2mR7o*(U>3$W?)}6_ae=)c22T&*+DYNi)R>Id04)f2g`V>jrE#PCqY1D_#ldTJb9I?{mz-I)mjKaxN8w8I5}$;i>i6V}RJMu-~hrIk~r?_YoFNyk4Z&{z@wJ0v8k%F`eIP z&v+b&%O6UG4-+1M{O0f4@3yU5pL3CjDm2G2pL)boI93pMp=^Ywh# z2;-6}Zs7bxH&>W_GNb*kOMpl?$y3W${ORX{-!|lv`fuj?s931Y_L93)l8G7zh#_ZC z1=;%yI$=Hy-7cI{c}Q&!iPLDPxPM4}(tD2<;3nqk7^&b~G-G!s1eH@1Oz$i1F|-e> z=kmCXa5xzMMoK&ovWQwBmLZL$zzwNlGmw*}flcrqfhUYbySQ&_Gdk}xX4iJ)SapjnsyBX=ov2sgA2OiOO^CP z^|->qzO&X7&z8=SXF4q2tG&{=Z-j*;k+1c(zRrsg?eN<-+!`fMvaHTPmF)W=eOs9Eco#ccg}V{hgV zO=H8cjPiAn-S*HlZ$8BF<2yE%vmq>EkrC)uANZ~Kp+V_%O zp>*gTu+^rrniYwsq@QsGp`Gy;%pjI=9ryzwj}tj)y;dDEYtelVbsLVNe|j4}exG7E z&HR-!h;92Q7iU^{F6k~;(>uLO-879Kz_UVZnY7b3ta{eBw26-$V>8?FYP8Me&ZtcP z(?wPvFriTL=v;}}z7);-*!Rskr9&I2S03vR)D&5>n-Er3R%Xj0p5{&C241|f^rl2eq(&P>&AbP3h`n& zXL9X+7QHTDi1#gf$^ZHmpzO`Fq)<;w{kT^S43D3BfE4t%khHR3B$XXn`|fs5x6rYuAyZI)2@gNK8JnrK9-GvTNeESJ&r}#{`lXowGB&! z-ER-2ir1*1n4yhz+5RU%}qQ=&~a1W&6pQjxXXLNd7Gtf0iee%$1ubbOLP@3gn{(=S3u>Vn|p&F zu5Z+NO}7#29Zo&MFgb0X$MYA8bu*%#k+$n~8?`5W5|kE!&rq~j=`7(?%R&?{G7W5; z2-_FhF6tjo;Alr-ym7#vGW;Npj_Y5>oDXeCX(}Uxl5q;w@4`xT+9J@ACN5(o^$=Zs8OYxLIeX7tkZc z%Pv}}ZN0Si`qyoocA85JsY}A`2qdt8l9EL#2lG)970_Oc>MnFa zwDSeNGjVj$D{+6r`6aMy-mZwmXS6MZ|2O6oCaR0#^%}f#dtPeo7@;C&Xqf=iZ5u6U z=vO8T@^HAm@!@_#H9vZIX9^)#17<>z6S`mL=={Ez%1{`^tApwN4=$+>O73L-gPjpl zY_1fKuqvmWcIxD;Ky+e5K~oCX%6V^}lT=>B_(SZ#VB^y+JV9hjDw}SgNh8n%K;!#l zOt<#%2D@M4Ex;qSN+tIZR-!8T*t_zOt2*6=A;1qK^A~ncVKTlvfU;pD4EhN*qH@S7hh`i+jt7& zwv~w)J+D2Q6;#n+2E$9cTCj~K0;L+PP0-a)(l`?$+kbF z^tWNx`SHgY)ACmfufwZ3kA2EYR<8~_5O83_<)Fw~oV8_$%8X4e7NF?=7VJPiVEnrR zB&qsQeH|VDT>&ZoSplW$wb24X%w=;w3m&z_7Z^ihFX`F6EEQ{@D&aPIRZaLYiyJbP z`Z{ifGr5`3&t>h5b{l}kYY6;@A9OzCdfu(qe7#rTH;%gu)*+QatJ|79uJ}xcmu|?Y znB^3L5AvIqwNlQkba&a<> z1fr)E*6g_F18&HiK>ci!98;8jtFobWEHi{2Fx;b{t;gcZlFtEziJ!<9J(DscYv$0Y zqInZ+Eu23T-h=?6ySbXklp%^ETq zRh|iDqPYz6$CVI1Hn9B~D?(!mu#8?c^#|Tn%(oz|^|?{kPn-LuL;X2!n~JUNg=N$3 z2Um*v72b!)8fxYt$lP4k_O~ z6H3OrLmC5je^a#R+9E7n$m!%sNi|L7SfjSoqGx)7{O@hUr+Pu#=6`KCY*lgmVQC1D zfI>gD$Bk~`w}Dfeu#YXqbkj^~GDpE}43vF{Rka4~FB{!=qkU|G+59(g2Xo20K}D%5 ztQd6A%Oa1k6=*upH&(WoLyvYL9O&<2GWC+>HBO!T!$#Qi9|m#-FxIZNq2h0Y&JJH3 zD*o(C*E2WRFx=^T!7oQv$_13+r=wo5O1mO=YwZ*aItcVM0uj2JvGa z#$D~psLRjgUI1Ty0HcVMwDQ%BPEJ26!BW<-ihsL(Q!+aJs(0^1Z>h0dx2LFRlD zL{UASRBC1v+ONvKLK*Vy%;nQ)jq8C>b{S#5ku~|Ev5Gi(g|8gtBbS&7!cDNO% z3I8s3_WDDi)^sqItuT2eh`PE!naxa)wSqcTy2=#L)4H%ea8HTKp9GL-7(JbtsD{sv?$dZl@1ax27%*FmJ^52CQ^)dgn?f(}Bz zix$X=WPTT4Ass!%OK|0B?or~^TH~ks{#YQ+MG%ejQ1Ph2%phFq*7zaDa)ZkZT&H%* z@9A_>jg$$*kC}pbX3+^d9zY|J8>5_+rN8DTjWO-Q@%j zO~9gQE7v3t%iq|oV$1mctk@EDSCU_=dc^MxS$${|QwGi0XLB!qRH%rr>%$wYPx%4A z3k2zuKE1PV5H(|c1YjP=i#FOjDhYy)AMh}tYx)57+CiXB!|(DW2?-A45fFVbeM~@t zCgH1mwavCt0-`VxTYq2*Ar*A+qQaVY z6;5e;N=>P@M|P3!Zr{1maIvPi0z8g>nEq;9 z-r)1&-++~+IKq%Tzd-Yr$(as#V@;=?9>*hr@9ex!=D{bJMq5q`s`YFPT*nv41sHc^ zMY!7_Znq$lEgr=Ah#zOwu0w|2mfykrN=q?Pxf*{D7E$1o^%}(IF%q@tH3UpuMsV{y ziuKEfvgpd*P6TzZxb5*kB%VenZaO2|EKzHopGWx!EC4%KXr?UnW>Hjxr+s7em8 zdG0JRJYmc|T{upq-}6xufWOYLf{G3L7365Bgx`SMgfQG6S#a)--SV8(yS?bdlCNzu zx$&WrXgD4*@U?dOQGniByR?%V=Mh5WVWAJHF;tqEy2$b@V}ZJ43`Xdb6miU#H40}Q z@>yz%9_F52|Fiz(!?@mLh)z1z}^9@uw^^q~AV&nd_8$z7#5Z#FN>^doNf;nhQi<_ESan~kw1|tXs z>FR?8w>N-bmA~#Uv=Iwxe%LLNk>w*!&$YsK&ZE2@+%P!|XG%3YEgvL|;!8j95jQ;Q z@aHg+0{Ck=X8n&A8^1)Y={B~2V~3awJ0GhxLbq{@M6lvF98szvsC3FI6qVid4#>%+ z2Qb7>UPaG;?y9d`JkGC*^J^W0el{aHpf0;nOL_17Bp zTZk^1XGIt*J{e8!v7|O@r!Nj{Q^8CpK?fK8RWV$`KerU$DdeyabGD>G(qRe?p}l~? z+l6YHUbtH?`oZUG8nMIUlCp^OhL_TFA1K{;>dI-2$&nc$I=NKN%QXth-c}Wr+neQz zxcWUlpbxnD!$vo&?rXhKf@mq0Jrt6pRr%B2@mffSNmZX~dM-fboCs->;CC^5dckgD zbPK4CnV=mM^_;Peazy89N~&_U=z5b!tXFSl{CG$_Gu;Qzm=4t%PJOB)`j+S|L7WbA zuM>Hlg_l2vOwKaR07JbABPgdE*-7Q&pb5vwe(X)Yn~W*>3@@~E@PD|cM_I+Kf;OTh=c#`hA^m{ zyV|mS5G&&^ZiPh`uouaM7=qF!gt``g?rYPBMasi~+z3&*=gwmvwnSq~p2JNXcDBXM zlrmI&YXE7zT&eB>)|9o>L69|n1YIk^b>LXQB$f*u){vj?YM}=rWY!Q8r(MS%)B8&d zj<(QTqpH1?oh7l$wj%p=AE*4U#e|lc5?f=WRgQYk(yfCGxvCY<5A24wOYqQ*pt5Ko zQfga8*>vd%{CZPciI#b45bCO_mUrR$A_kE(8@`OfYO(OE?V55u|JVqzv=^cBoQ0U9 z9ARIQSs6E0Fc3;(+b23oc%t^w%b+0HLToL^gy@~Rl1w4?=5Z$f#+!&~!!%ft!$J*z zN4jT7fUCS8hq3M}>EDBIX=!wF`s`xpX0ofHkrpc3Z-ls?Ull^yq`}VH>Xleb@^%&_ zjs58K2}!OcFKnY zt(6KpYbI+E3bzds^ta?SJEe)Sm%RI-rBW`cu1GUAT9DpKTBD!)of9GuyZfB+Mn0Mp zgr%}=*xq_^3T@49EqL8-`N?|Do@W|H#$Qauzut;`L(^#8R^N<6l9QxKdPK$>4lhH! zP$?Ai8rf=&tPljG{Vew~nQXh20o4f9%8(*E^Ksw5L>R-DIfA`1eQ8{&u(YxW&WFt2 zb;xC_p!w+3sB^A4kSB89>RtlxO-e8KJ1le1R+)CgwGF2;GgYHDBnZIQiWT-Imem)^;$=Fd8B_cy@w_Z+aYslW+VkV#1vUZht5 zT@xNTkFjd{=SDL4F$TE}jslxS>TPEe=G1-H;4r1c$-ey%i`5&Qc^~>|O6I5OIT-ZC zTx*=j##6q(DdWfBg|7)^LrRa5YYa=#c7_Bw)Avt;B(S3`$Na<4fdaFWB-_(ISvj zSWGvNRyb?!z};K@HO7>YA2w96>1-~u38{w;hFV>9w6)(`u$Y;NY0}g_jT)y;40^clN}8=H zj&_IeFLDfnN{62^-XL6eFMO5NjRlD{>r|-)-ZwO_`SEQR4DG^at{v$%%0?DVi`y?Q z^K5K$by+HtJH^ZnFJhx@f6`3ZWSS(Cxze8}B8yn=W*i$LHzM?@EZ%+!@rsMjJgsoD ziX-Kr`DzaX&z5f0X+~5U$zv?8SL+bDybqKDuIyd;?XrjEdR-+Au&k*itI{S92f=Jn4)w zfL`FYvhVB|bQ^X~aR!7?f??xaU1lA%8jMN%xk8=qeS()hodseWYC9v7!W4_-595tK zsG`fKiVH&ZZx45morqeLQ_|-IicLK}YYH#lR3?o&Q!9%IUXR=FR&PKtTEQ!O%XS?O2XB_07Gp0eF6#1p3DK--GNy0br zU5bB4gNsoZkEfwl&~o2Bq`$&f5eJ#-x`AkABW^ia1MGNX{x80F*q?V9Dx;$212{eP~D#5P0u`kAG*8LR%l;h>Ac`ugqHVH#2nUkHezosu>rW> zrfy+Lp07k@$qS79y-vGpBUFAP$;Jwd{s4fg7u&hP;K#9>W8h_?4&RGfaDz(;-35&D8;KlS|3_d1(7t)Lm`X`G`?IBSF zNI;4D<}<2qO^a=#%PM*G?No_3P0H6ZNqL2{Gf}=RrizNZ$(}lkE0;wi2T!eq*k0u= zx~aC{%8w*7L3Edgg7_!o4l%`RJgD%nxHwI;7&aum!9`SZo-(z7EnSu4{6~%B^EQwV zy{m)1>o&0fsg2eHWWCXfMH`a2xcwF>BYGC$5=Bl#*ctY9{iBDilXLs$7l2ZN*drCD ztB0eMUlG#nRDG?(U*<$)y--62y!?A+2ZZ2yxZUl-PA_@=;@tdf;?}4l!TE5YD4DdH z?&Zu1S(1F~L}b__wN`!%TS|5xin}*CmW;i4Ge@-IWEbMglxu&6WdY#)h`Z&)1(ZB+ zv3m@^y|Tbwwm%-NB5i4Ccf}~dqEXDY!b}H#+fj3+Qe)HD$>O%+8>F!)a)@E4Z`Km! zA`DzQhV{CIUyV*vAEO>1f>rl2m6+s!bJJ&a*UVe<)#*-Xh&=a{r6UjB zJTAnv1C$Yz=Q;$)(G@Z_E~?zH8gVC;_c4+jNouM{p|D4Ep09^Cm-~C}LKrkZ`Xp8* z)|#PQzm5C?rnLz3-_nb#()lc|pfd&f46ixVAb}ilXWDyR;JSB+2+kTpJ`0csvv_zz13VUK^V1&0*GX6zcHGz;Ww(C<0xAk-=;88D|Ljh zl~AxcVN6xMuB-aMyb%QU4N6Hnt)Oj&h6~A9W;uqh`XR?ZdSxW8|0Qll)+{-ST%37;_c)yR zCAtuIeIz|KsV?I3j6x&@vpi^fq|qR;$*v|YWkJm9HM7N2>Td$-HGjcbt%H*JlHC%l z>Z01sd`%{r-NZg!CQ(-5h}UL)!#VvV{J_RTHsn?!6eq_(_ItK!Y4MDvm>E!$PkqkD zgZ_F*!E@PR5Z_<;Z&r42GuC$r=7oC5a=)3b!|y@oy}|8j<^tcY3!dBEuZv;2q|Z|* zl(q^_HG@>jVQLICk%JIubdVF9w`p5hBPWOWzR(n*4@*AaUbtV2lthBZfqPp zh$(;ZkZS*kKdiSPqes%VsV)qTZ6{K1`U z=^X^0L=g{-Ravfcp{G!hY3EFNIa>ibfV+gn@i58M#bD!^Gs>kSvIt$pC672nw;=g5 zeZgA{O7A5?_Bjkf$~q}NGYtSvd>4A0#%-xo==b|jU2Cqy*eo2cMzy|O?-9e4EosW^ z4B?C5_jN5r!gommIn$T$U4-^^SVyz98fF3oYChr$GJVz@PSmTuk_9kYEx{%M$#oM6 zPX>#NJRhh-SFhBbWBKiwCJ^>5k6u!Bh|d)B&AEg>5=>cJWKjR59;TVB7eAjF>8-VOAy1 zEf4oUX~Xc4<^aHS)ta%#2mL~sAfB5dwZYQDj2d)0UE zmh`l60QO#cHK3W&}clKKmi|PW?FE-_a%6y?}n^ z^SL$!A!l19loX^>=BY5GC0m{tWJIWA=kp9?>|0#qvxSC0JjqZKGY7{Qj!8MPtLucj zlCM7d!+9BN_5cHPE-R1Sf!S7mf_|lEU6~ITpnEk5&pU@&C|pFGU(|6JT9;P>LIVRD zG~TpwbNj`*IOtuDRCMVhmBs?CL3Kc z45P9-NoI~GM_9{o{8pK+I3t~kvh|!vmlL1_05lChg}XZumMscyq^s`ptY* zCR%l`Zc1eSBo4zkStl?S|52*HI@msbY^eGbSx?JZrS>{gFp6&B2miKvL&F=9TXn_9 z@VnLHj?%0ePDM?|2;~8FiP#VY{?FGFi%)WfwGDw7AuYBNd{ts&XVQdl6dJNJrKRFT z86Ggc3AgUIT>G4)X%=O!_EmkoSsEVASA+QE$T%=( zZE%+#@l@_W?C@E7My%her$Y?7VbO4pzozVC>(@q%My>-o2W!JosdbzntFtBtluO^f zE`S!j?UjlCfj&gfuiVZ~uj3d-W~p=w)%W(Xx)jG<#bRHW;c^kURlUyQnpumndq!-~ z9{CvyLv!DJbh`qnFbUYI6(UyIO82ybD$e&$D98kH$kij-dg1zqRK2c8d>j5eim9OJ z4`gqmQc^7&w@oc~y}MUA4&qkLwSiN%MTs{;^8#eX!9>i2DV$o9m%F0+-RX&ykOc6t zE%`N$i*iG$Pk?G3(q|J6^S_&h@N_c{9@XikK4w(h^mv{M0^dq$hgy%W1Y$I8WU?3F zD9zlCRi2yhn}3c->|}6Q^;w-bTZh|5{&iBiVUy1JTD!DJNSSreM{z7YG+K9djSr>j z`&%U3Zmm#4Gkzp;B$jz9Nk4sFMkj%>{h`zp4`%w;4Ktuj2i1X|0MLH8_O8I&p-`Tv zoQ^h@Pr>V;pHcU7WPH_iL1LK6@CpVl$t8%ys}6myKsWdEs`ABUVju>asOQ7{J9b4J zHsi+ikBSZyB%2w@MUuWDjw9}4iAg96*C$AFe81kbtQX0C3(`Pn5!0jj9;DcyD{hM5 z#7bGKKh@=*>8?HkoyN4^(YI|Cg1!Hi!M-hc*5UfqsKkTu2VB=Wt2)&B@UMiB>;1S- z7BL~D3Tm<9sC(&hKnJj_!74Xb4{ZHn{5nqL1aKIlW@}#V0*hn!!0CqFmg_b?J@FsK z=)*c$*u)d>(tMV8LSF^~d5k%Y(tselB`*2}c2cW9T~juL-9lg? zoepA&+xJVzLb)j43wO4RD04lDjA2$rOl4VL={hEXRA@>XNUSW#lEuayNLn+{l=K7|&1@3mu!;s+ zrJGR{dr^&TBFV4nns8%)^P7*g*-D6NHJ3fofp^>8=9zpo8&re}H@mSJKkUJYk^R&JG1?Bq~9k6i-MwWhu-^kBI&t%7ml$k6|q-@M;9U z8`B$KQ6-K+Z$_OMq!fHVnk9%Y6qA>PS0RVGRL7!4zElgmByDN0bke$&$C{4E5V85 z?9w02_>mOG?cy6MCx(C6xx1#xUW@EJwgjjA8bykkbg`78q}qiwOT01qf2 z)_jXK4VHssEUir%bUOSus+|{Ch=Wh{`&i0q;+De>8>6{O^X>JPWBnK3 z*q=NSBR1!>ed*PHKuZp9fyu!q&7iJhK>b!7`9P9w8h+cKI^tqN)IWI8i`nS>=n3uv z2kacBee;l*vtkFkZNL8sRBim;ca1;q#HF^u7?`)y>ZVP>8-i%L`mIH6|IjbJ_QTBH zdeI=Uwd%C-;CFaJThD@VxUEOV<7R3rgANQ>gZH1bh>nB%A1R|BJJRE6T;B>0&+D8L zu3r4p5Ho|=-s)a#uk7(VsOGo%O9}07pm_e#`*?+doagwUqy$`U>{D z#33WaR?P#8e5K7*hbG3kZ>^~P_sM3Zip;qX4J?<8T5RIGGBRwFx;N{zIN++Xn@Zb&wsc}|Lg3#3) zxu?2&iA9g?WeFggJx6sa^3aLM@V-Z<@P?7?yo&FHt4vVRhxOewHRpHs#G;O*d-dZ> zgyHL&{-@y`eYVS_8;(cWgRGuP?+=lC!!e>&&D`0rZJd>AtTD{-*p4CbzB(MyPOrcc zH*W{;Q=u9z#l|9pr&A(V-;D~G61MJl zT|#yR3Mb}kZtpX>4HjKx!YFP}DUdzlb5>RrQtET)ldH5OO#fD!-olH*&a?`HUC(U% z$)kxsh`E)}K20q^wEha@_Z|wx&TF~og0*4;UWT_%=Pw-WL6e|M%n&V9DgQAB?MR|{ z%byL6O}?U}uCZV}jMgt;-GjGVBzB4JtdHq$trgNrVU5B+m!UlHlM%$)LG`@#;8}0r zQxjgQY3#gX!(G-&Tqe~)N^v7;1qecO_2%0%{%yf!Q54Y7En-R@5lo){MJy@|wO011 z;A~-uT(J{e=tQn(H+?;`jNa~6Is7tzQp0(zn{=&Fy7igO*=7 zm5{J6K>GTryrkPksjm)^GV0XdRCPRG!yo8OVrvGm!Pi~kv4Zi;lF( zC=|Z=S>uwS%um0n!=O)31EPT?+l`EK(wd|*JReRtFe!r2xpEdX-Ix!(UeWxX3`u^K zQLS+~IVbmD7*$^kgBxV3x~#U}tXK#xUclcMjwlPd#>%dNUiCbT$Ie~BHaLP+}{R}+SS_IcZXR?4AZfFhZ)g9mYDfNBvcGw4dW?D^Xk4(;KzTMZ) z8=(hUC#4&OWwBKt^F!yESU60IiYAuh#SYa{UIM(#=@7EI(FJ0+Y6i`1)S5k55a7M|>yq+l~6IQNx;@=SE* z;(9I$FTFAn;U9;f2UdhKk;|`79Z@hyqPF*%>(M}%#dOADp`a>SmT5LY2nXmCag&ja zRpKBNl~lDm98{67M6o4c9aT$izEFD_LKk-@eHwpCycR;p+#(IVfIB>92BP?w9^r|9 zwTr(KZ?oj>zs+HZ1W+Q!^b7mU)fiQ=zBKMGBi_HPRQz1A@Z}}p{|y9c&Ce;;InMZy z*^VzOjX77NSstMOq1ch$=g^`xntFpwwC(#u485Z=mL1kl`Q)s%17K|!3Yp52_k!K( zSB`F%Jq@!qU=pk31rCNjNk*1>H=F3k>9sO!(`o^jM>@FERu4p9b-C@UljEb^LfLxZ zXD*V}*sRc;?!Gp@7^By^oS7x1m-L}^813BiCyLK7Qv$tw_1<L2y9uTng47p zLU;CJwAQ{nwpVSk`NUb{>yk7%2EhKZsBzitT*7}0xky0+%^l4DH`MvX<{A_^>|WRB zpeQGJsJAiL0cr+kDG8^M$(V@9NRh?u$Z-G5vgV3`y%UqiEO|(7_#!0-H5xYmk(_H=CdTvJj%)$bO ztl99?c*!2m(u}^AnxpKCT`$gGGuZi468s)h1CaMw;+FeBe2rUG#tsKuf_=1m_~BEH zUTJ}B6XhPb;1v3;UGOOb2l0%fE)BOUEjK8J)3MDfQqW(k47T#!8Se?qa>K zM6ETMak+(P>^W#>9uT|f5`1qFuNQR6-+HQvo}Nh6B2Sxhm7ll3P=KkW)qEwX0#^&v2AS>UCn23M z3~aV0@MMc08ZHGQ@DEM&F10_;+{E&8)q9c<6!|3)e4e`;_Tu0($N2`9xJ72wngsCK zjs)rH#@2gogRAeHEeymV5jl*8yLV6bDy2Z8K+4LH*OCZ(Jzp^BVh;H( zlAxtn3+jjwMx9wpy2VD^CcMEv)X&v09C$UYmtCV=V_bFESrT@V|z`S)#Vn8ce;i_{+>;>A)W zc9TRlEJWvU&|`E*PkOLfFx!~dz(_;vPN$uMfAILTIKSf1o8-&oA{V}O=z)lJ5hR}F z8uq;mla*q25#w8;)v-f#i7+>@b~c>JQbvCTOPe~Yg^!Xai|y|+FLoyR`&}^crRa4g z!A4VAN$%e`!*?bM#5g8z=C{DxO&N16YC#8p78Z0hRi-@SM?BMrY;VT;EIT zvHaPO@dNXsdi)4uju$4IfLTrC*~D+q+JzLO7B|DR6V|V|?S9su&?c49U<`a1F&a67 zKlXn?#q*z;)O-l=SQLKH!yUJ1)=#5Y{_woLWy8c8mj{tRQchuTCWF`i4KLkQ!Hh9I z>h@#_N%;qhJk8rJ)r4IFUkjZ6o0ZC04xh=x*p~n`4-nmN6BQmDGND`?c#+}0#qu*c-(ehS^ZK^ZKorx>K_JImJ(7p$ zm+O`F@N{a#f}mBeOd6&rOg*8~B>!U(KXRr^j!8yQM_q%2&+R{4?yeHcT?RY6Y|vl~ zdU9Wpolwii2CR$MHy*pWZrqg@iGShGgEEgXYAkarth|g_qA2rKC=oN;0n!|=xzL;4 z??n>)4OuR*rr_#^mk{@m8NO3KrsNp*;|KYEdCI9cUIXt1t76Y`duJ-q5oj)7eSKTIqc3d&5qwFk>!$H5(bLyrxS?E>V8r z6iMl}>$R*r0Wr?c%-@q9L?&2<80~L)9tjv?Hsz?6&W}_ttKu*bH2;?k)~LRB5r643 zpcaAYuhTt@7g@D!8oX$r+vuBB#Y1v7e8eAe9ffP2eXAW|71&jwJ^N}J?L4@vrMtlC zGNJ{3>kH_=?}j!4aRdts0JhGboI>Lin^Y9J9zf{iw3`D;q`MnfDcYqZl~zwt_0)64 zHS`J!L*7r+cl55XtP<~t$n5QSC#?{j!xs`$j5eyA$|wOTGznVU^HYGM&ZmI%h*^H? z4Cenbu&Q6eQEA@=z9xYV^EQLd;d=Fq41w&H41BljKbB$ZncG8AU6E{JX+jqWjNOed z8s03kzr!Ux(RAldmgwRvnuV|IqIKAiy)bk|pz(_v29@8|)HvlFJ4>WM**O@Du@T4~ ze7|`ygYn(CMM8X~J^m(Ea}38^{ffWhy%v>{;{X|!5LvlcjH)g|*JZwQUT zTE@(Yif8(f#?uX_rrJwcP0NP#^9@(FM&RST*)wde!azrN{#s!~b|#zuVJ};GpQB-1 zu6yqDF%z52>~=N2&KQTy?`GZ-<7%k(f7v%pV16W94J&_%$-JZ3 zcDHGi>2vUqR-R`t&J%&l;?wAyq?;d(s%>S1(fZz@T&c4YRk4+QXLyHcO^?HZ&~o-% zfQF}lYq?E7Y7If@a$_i4P4+(>pNOM4gkSzyhbdNkm}4Hh^2-3Bg74DV7jk%wKR&kS z0w%=mmP6U4u)KnJwTu4#3Th(?oHnys7=r+p^NYkmFv0nv;iZ#d+vIX2_u9jU@N82s z1X+KyQU7yqif)qHFbW?ipghm(;qMNbz!a)o|P?r#NPpQ*K?@{OYV8ttwB&S>#=8A`KR%AL-IVttdhJ3~)C3t8y}%7P#_! zwaWcckq6!Y(;J+Lc}i_w5X5%tO>Qk4ehrHj@UZu@SE_NOTYmed3P(dtDpl{!_iO>! z{PCU4s$nUY98w#>!ZdX2R?8J4QR*(CxoDm}8*U#2Z)2+hcYKk%?4(j&6-(7)A@8?5 z%-Ruwazc&Q4S(?^CA`~cpTZ(}4kIuRLG&O0p2+b6)$_7yd_|wV%-?^(9bWI)sNt9- zm|}+6)b6e*mZ-49V|2TTv}0fP8(oRLu=@WG(Ac5f%0dk>$WSin1ZQOXnKDJBivb7+ z)GEFxqr2&K#Q(4MzA`AT@7prLoirXaK!C>GEon4Z zaBqB?-}}G!zD>=%si~={diTTqa$D}*XPdL4cw!b9_ZV(53+aOS! z{jO!OD>8Mq8aQI4Ho2}Lzv#Le7;CKK7}q|P_>RvoRvrJHxBK2#6uN?rc*2M|faG9O zE?v+ac!bqXZ_=28i>5s-Zm;!VxEzatpdC|`8NOcUr|ZVIIYvu`{AZJ&v-BG2s8yh& ztrg1RIovCm+s#qh$0TqwM0O=ff6k2|;liLpT-MieC;i5@l~GGX&7)FI@2*uu*YU1| zK9$e<4|_n00kC~h!ZN%|F(lU#76hGrL1siC{q)>o0jQ|^<%18ZN?0LKkW5qVJG~py zYg5G-V@&dM413cleL>uEgHe$<^I#CX;lg0<@)So=(1Dktl@sKMVrS7teRFnMr|6!z zgJ;_NC5s1+&HK*9>u)3JfW~u>!k4$%6`BZ!{SmN&u5hhN$hQu?v3>wdDrL@}6jdZvB1C3v8=#L9fF*dNp-cYnxMQ`9!4GY+n^gS=OZ3?Izma?8!#gyun;u;H!*|jRmx#=5;L$O zQ7P5r%hQ{UTA9pq@Ipy7{ru~q&R&!b6c3X{Vb?C=2);*o=j~6sx7UVXP(8e-rC%KX zOh-0g37ti3Fn=QN1FRr!k5`Ty&&Wkz-s#MYdk99YbU zvD*BZ>!&3Krx)2SGWGK5v(z&+b+sZcMkDJk{MaRRiu#4&^6l1=`u$IjkN|t>JH5@f zjp-A6m)_n%{}UqH8i#&M7li&R8_}>|{o&;+)vqMtcesUDDf zxs-L==iTLrT{IUNuOj9>?Z#4Nm>G2>BLx~jct=_D4(@({s6J@OC)EJlx zN|!V*%;pFl@zp!n{py<+v@Buu;2MsIXYoBSjY{}}-EFAcEyMa&dv8oC45$aN3Naic z?Y3K261UVO874vkudb<7DK~47A0!4W{N#0G82ig$cRG@jhifzP&wMibG~(ToS2bzb zXtBiHPHgOYEYX4MbcQF>VB(5KvMi=p{P6_gwirRqM!U&`+!w!t3>hTGtuW55}w9ak9r63e{H5f+=gCao}nMb4@q=(K$2V z8{Mb{OB$waUiHeIG|tZyGZR}2^^1XAqHUCf-lGf@+$Nl+dXqOqBufNfO}GDWP9*2} zq|K5<(MXuBcfooV(|l5c9vbs_9^hrhRUqy;oTW|Ha#PFr2DVsT2*M4!Tv$Ryvw7+!%)j$M#Nsl zJS_7CHDe&$I<9EpPKp^)!+gk?)Vo;eTj1X0Ea=kB?Y`qt3?29PsQ&;HR|rEgp>tnF zmncT_E@;|Xz${LD-TYOd;w3g}4R`0qL=GezLPoh3K4KU%XSr(@5nvLGjQ^5=omr}j zAma1=DW7Y=5D0&v{T1WpNO1Thf2es%VFQherix|(<1yNXBX`tSMYK(3q2VgUn zMYZ*v3v3zDr6@`3^64*)OU*Jz@UrE|ulY@^JOY*Pt)m$!?vVzSUrtVnwnVW<9`Y2k zD@&xbsU@PN@5!RwSJ6GmK z!<|&r?)Jt9`4~=ePewq8QFn4*k^~q~%k2yX`x4tq7ELjkn%7D|FY) zd0z-_Flo2~mZM1JZL?Kv2EBplc~sh7(rb`HwluZ>Ay_CLSiU=!jf80YG1x3t8t-Vt zk2(o?4D<~tIXN4x4n-%pWD2Wcr2Pp#@iWG~g{VzZN=$z9DUVf5zT(4~BK0kkJ#IxO zMcT-^B{SM+R|&k?1#-i-)U~Z;8?Yoeqh(6H@|o`8@D8u;Nyv}7)E9K~hsW`4T9dqO z?UCqP7SHkZt=3tnlLb|C^q*+#ER##O27T^liA}Z(8_G)^U#!LFzoGRr8|a=RR#%hW zP~FDN)+o$z)6-QabLaHk=n3}j`r_6!e7|55NfUE9sj_+I>+MzinGLHRf+F<}Mp~vt zL~ssUCAN0ZQ{M4r97d2 z72TAPQ3b4gA5zhR(lE2}$^i{NSo=@j$A+xW`-acp*~U9paMV(Uq~OM1q>0!%cAI4f zu2?d+u2HxodKllT=~8TBXuxl$#$ixQ8hOKAMfzqVJ4nH{w~H;f*1?!uV7tw)!{erh z+Y;Myueu2+LJ+q$py}miGd5*FRsojNk*B+Gg0hq5*09)h>L`jxe)=Z8l zq2}UKjc2^0%*+X@-5d_uNq~!NemCZxpe9)1N<=qV(kHz)*=GFrFTB>^Pta6x)DA z6ka-dr~f-CVFgx5RW|pYC_zWMp~`gPj=i$E14$Hp7j!fC4oLHl@*l&ayrr4Y^-5Wc zEHS3B`9A>n1#(A^<@9UIAH@HGA~K{=gay8O5~{|v(qNNX*F9&?HOXCBznTg~xfBSp zeO?TkstUZ1S_~m!KIv*&*m|Fr6=`ccV3K3DNb}=gkaky8?K{9oef-%$Wq&2B5`ug5 zHYS;fZ&>FAUBjC-pI3~$Cy^wKIb*p~DW=W1iFak+SrvydzIw!V{uaShDt4nBbiLse z5f9otQv=($>iNr8m$z~Y)16;k9USL>CV5Yoey?=cw>-_FHTy3>m#|7aE+RTt!R;$8iIqj$Pbq<#Vg z1z+%S5l^_U_v%!is*YjABB;Z|?`Gl>JYESA`sIP2h!mtQI^p=*UnQ*lB_ENqrObZ@ z9pKg9F2kT;*>CON;{%*&e(%j&G2dE)?pJMLQgNcM(f^v{r=rC}5ug*V6)J)0vOE#q zatYY#8vBtn=dtn92enKPuhqWSY`*?q;!A*9?^(Bgs>`_Y!ms%lV)C3|CXCxMGC4k@ z2fNPa-N-D!Z8MQ<46FxEwySI5F~0kyBIjC>wSGObIbUr-iDk+6K}RMgL*dXTaIron zOmhZJSd~jcZK#arE{Zgu9kXonhJ-!L;|2+Q0^NX?&zlsB94Wxm_zHL!!GXm|4FzZ1 znGD;lZya3z3ghXe{>js=dVq+84LtK7>k33&rREFPZO5mGUV^0cjwW|8L|_;W3)VmJ&T+|%haa}uYj;%)jF>mZg&14E2+?I~c`@kd-b>(AKd!$F%=FIZ$; zIT6NW!;q1X?vBNLM)Bz~0JD8tlqws=?+4jkNJH6G87D=KAyVob(_0+p-^al~+7(8_cIX-~>`HDo zcW>dA=S&vt1=nbpXDcd-wEj}x&A7+P1h>Bnbz@|rMb~fV=y#75(j@tg58gIN@amS? z<*ju8MsXFh^)1QN&^Q}%C5$FpGc@8qCVOEL&h-8d@I1s>J zg8`JDOWIHpo<}<7_#yPj!i>oVwXb*>`mvN5y9fO5?jpu9^*7BIS>5mwknbx@2Li#} z8>9w`HBRsUsD?@QUIh?&vFPOb0dd*yB8X`XzUieVMt+=&u~%GI@)>P3e$O14h#0GH z-sf$pK>b3*Xy<=9Ln4@nN&-qdW(NizAsmQ18G4nTlD0ui_QB*Vccr!(zaEfSzM44f zfB5+Dz!q7{rN7Ssfd2f7cTCP4mGeyVD0Fcb~*RZ+EhPpa(j7A})|d$n!v0VnOR7YGKW&x$XI zns|+9@bQD5^eQNN9LvlR`U&O7kT47;bFC1rF;NC2EPbc#@{|pfY7RYZ{*rWHO&I;1 z%~@uDPnA2}^D<(27KaEVQ@|huy`-^B=c`UK6YJ^YGNwP4Q52-I@4D~#l8P;>XO<2* zomxk*I_4m7_?atgU5#Vzj+&_&$BaHUH#m8=9czW2uOA*_>F?}-VKe@cz=KP)k>Jka zluP-zueT^=M|W6#nY(=fW5JWI@+Oyq+#uhPn ztJGCk7@Tku)It5yDQQ#cKl0H&<8{MLkPgz9Q4jf8xnsa)$JZCSj*Pt-kA;XaYRsr* zjMrR)vC-i@2=%yaI$3x_DPIE@gD^<5)zvlTzO*>oHg+2K>6>-Sr8(9WE`OsIO z;u?IaPZnZw3_)*Dw#{kSXh52MjnPP=SBjemGMcJKsDD%b39)zgyd=dLefF!6EVh1q zqh(%Ev%X2sCN{%R)PRe2shi;{uvh!q+$^9nW;nV-@51Pbni}do8Za_Zy;%{6c;@oSR)(MqxDs~G`yEz40%Ch$zcl&9mAsYZZMY9j!AXf?*`;7q2~Oam zIeKnn3wumEe$1zQz%|mAMDj1%#*AHIN$!ZGcIMwZL^uGYk{9|@LZRHGv&*{xI|ey( z7vudRk3rl@a@>C4^?O3Ux`B$#FHL{<(t*T(f43t=gnF(Is#|{49=yfpk3-Dr&D_Ij zx-%fR5lBY&hj_6cU>BwL5h0H=?&loqDKsvRMR2T24egGJWcyT=HM$94Uk?lt_KgHQ z?p}1$F%W+(p}A!BWDNOTG#`~YSJ}v9UMCxxe9$r|S<}lLAtBYmZBaXaZ8lafm(|B2k z@gj`L45$;^WGHlV+JATbNfsiW!d~7U?r-uajlq(#C!C4BP&qt7ge*E}PV&Q7Qk^pU zR1wgTE~4>fQ{nAMYS2tQG^m@xY3*F>*8EfNmfu7?6WjB#3bD)SH$;kf-*hAr&b6+# z^hQeNPltbf`A_*gxekr9*eo4i{OsxT=NA}oHkpmTw?YlL zCJ5J52ogVbPsM7jpYcQ<7AsMjPy*f3Fz2=?=&!hxf#puV{xExr8ccTc;H2HPcQ#QJ z#E^WRV&r0rYtMxcZjEN*gL`J2rJe*BSI|~RC>mJCVku!8g~-cF_cjD3F4q=p!&CQL zJ!c|_Sy1>i-;K=qh(7B?t%KuyMI?4?ckAM>c;qA2=UWEVuB$CQEV+3tqB?bg{s7J< z03KPiB(s6>!0)*fZK28d7z|b<+?LkP+CP(S>uKN>|858sMD@)v05W%ZlqL`&F8+h$ zpLO#6r3+BM>jiZ}7yqg2xZ|Qf&-<5g^im?P#2s*0NAYwHo)I8O!pu6C%!~NrYT##_ zxY}vGrSkwBqhl0cynaf??Z^W9sh6Ugm<|%wK2gF2=DV6?hJ&4go-HAqe@2R!K4cOl zB=02B(~4MnWZ`!~T17M$rLyBKT@L3NPCl%kOW7i)k440SYPEnJsjmt<3Ab?DZzQ!0 z6G#79BnMs=NqBZv^Oyj)h;NS&xF4?$FVH0ILd}S{tJz7v=nhoXy@r?%L0Jh~S9~SM z82;+}-A1?+8r*wH)))pS6z;}B?ZPjI2i)y1GLghR&cXFaFtituh&`2oI}H(Hf^Eu}x3t$J1H8i!qs5?88@cYjOrf}=({_DFCI*hI1737IA^!AIgA2~d>CDJbN1 zc|RyV8&s*tm0AoP`#a>~n1Q%hvC}*7J&s6Aa;R$T9uQw5wYi+3t4aO!ea_fF<~CQI zuN_p~w}(x3d39#?qEC*kP2^Dxv;|7d&JUmG9NrX8yhZ!j`cYHV2k%-q?n%DPRew;c z4m&mB5o5wPWb+%X?bdrEu+zJePATW&i`QcpB$PX*1bE}O_yy;E+15uWa>XRU*mG#c z=@kH~0$*yFOh(yXDLl^%^t6+alQdzBv6yrG)to?Yj8T0O%D*NAUgOvJUq@O84rwXA zv2w8zKtBgEDcoBHwb*xL%m0$*!uR16SVCd#@RFF>P)hl8#>^nK8!`egS^D1hMr-Y? z6Gb8B_r_P(d0TPi3&%sj~@mF25lE z8q~@8_pAC6K+qIOM;c!rSLv2Tf{wkDaIG?8A}uan%p&W~Xw4m+5gsOO|A*Co_mGw? z(G1`F=@bWCPSFL~uW^v>i)43E!8Ue{97xgs!dEXn!gYhsJ>t_DTesT7v8s`?!O9dd z6p&mI<+vfIZ-bV2b4YN)xr6D3*y4#e*{uiDgq$S2tibml=a~c=Kd8;NuBjvd0^l!< zZ~I6a6N(s*AQGY*$+U4rs(X=#yrRAw-5Ia8S0%0|h*sajF*Au!cR=H-7F{`5cSNUn z-ry9^BO~^mOBgw&xjHB=wd=T7_HhbYxp?~*R$TP#J7C==k5M_+TH`&q5_AV4Ov*e| zG3$I-(F$%h$vyhd7aWz!J__W9T%+H7Tw3o2@_iJtn{mb#bR+Ql|M)UN+H|?g76{P9J!~XzQ|@V z_asucX2LI5+5UqI42$euj{j~U@Lx9pJBN9mhi~)wyXGufJpoaSQrPRm zc|gk?oT|kKkvEIU#{=G$RfGBCA22FRu!1uCs-wxF@0gK?bFTKvD@Pu2lIJRVfBb|P zV{QZ2gIr)`KhFN7Y&h3Kf3I+%8Nz;?ysOfy(u4WNoVCRUZ)v8zM30w>&S$a98L>9Q zxzLGv%G9ME6c0S{hK&$2v`yS5 z7zSC#Xulbf7*AB$NKzf@^l~Dg-McWXN#t_nNY)EM$E#?xXW2p~Hkcb3m=)yYe6O@; zB}{AJ25;B3b2oDe9%e1(3jv3+Td}eu4MI0-MfMv<;~}}+E!p0-w~k2^4Y>2JTS!#- z_JiT8*0DS@Be@pG^B3#Un=KP-KDk?Ie2=Zz9f9bfH$8$}XNbiiAp>%9bis@>QZ>z{ zryIXzNMk#;xbnJAQdDiCvE*$GljsDiBksvI{2x78HhvJah>0hVioB(wdK^;5!7nk3 zH`_?8s!Kow$s}5Zd<^vQ^RBXSyMU4hoQQUlP^)Ni@5NFwSfBL+S5J`>KHaG>NOZU} zmFZ|cZ_W*BSHclr5r^Bw$dvAI6#Rlc55KGBd_p2~1n#;cj*opX#`F>vcjPB@#3rjb ze|fw0h5**}^dx^pmV0ud$b-D`Gmbn-i&TbY}-*!Hnh{6O9{t6jY(~>?uW&|d*)O} z#1}QTSH?Ceww`0}P4&wZePaYXBE=f}3cAQtVpgqeYAv}2nZzxUUfUvNXJjDJ3F{bX zPM^HqWjFc#(+4qSM^$h7ZK55$tS`6BR^I?&!}P^DUJRI@ul;#`r@NLAZAJ$Xo zPTST{S1Z9l#cG~rmx@4Li0kL`IWcVd$E6#Qz>7K1S%Cv0*ZvABK6jG>mxvjt^6)pg zw^VG;H+AE?sSPST%R9mDC+CM8vcxp zECaEi%$l|=zYA@4b+tC3 z0y(TOiqCI?Dk}`sO41WS%M5*SSJr&36Z$g``@wSjTqP#q>28>-dW`D~cDvWlMpp!^ zLeExAHs-hqN$vFJfiRwX7vCK~p{@rp-4UQhYgff4pH1aTeCCXFApl zo1#2{4*M?97MaK4x*dfcl|Iuwdj(bsudG9jbzx4J9N(VuZR1W?BdhDN;zQ=iFI?N2 ztsdd@n8%~}PmUxTL7P@DoG+P*P*<{t1b}inZO)z-zM58Yyi=N03-2dxP z30Uf|1Y@d}V753soO{#w{|I4F57qN$g1&JkI=IgCn;Tk&4p1W)1aYaB=yumy>CDJz z-r?vAHgrCI7sRp`h&Eimqc>K=>?=6=z!!O)7<>_>=w{>4clPC&uiY{WFH8qTL%lU% zhM`*s{f&pCuuDeks|jin$M@3nxSJeBs-Nz@6BAQ#4wUb$_9FEK+4|DQ{;JE}KS`OX z#l5B@b{#JpSpPz})^0-BYJk>aqV+bhHmV~mZ2Dyf^*Dch1L}^ODI;Z|M`CkHR1(p6 zf4t<$!mRjhfLz@e^Y}Dk%3b-I~f18xP=1L`)Z&Y%QU}$!P_TrFt*#b##9RH7N;%D zoeb5nPOFCYS$9pWQjmu^EfSIOS)#Ieu)jR%FkNCrC}tCFK+hapv6+7VmbBeLR{NdJ z&7$;s+bAuxJ~Y&Qkvp1hvSgG#qK^5y?|I$*`q~uDDc(BDKS#2Jh zu=9-sfckJm^@c-aW|IbE9G04V(4V@DdsWczZE;s)uzH#pT>;ECVg4>Mub6an8k@ouTB+w*d1lR9XfdH3o^Y~7mIQdd}d0M8?dy1Iq> zN@PYvEA?=pQw5G&J*!F^YQMWZnlNB{a&dE1IV*2!|B>^dTB$%0pys3@;=3&ZddDu2 z(r+UDsLbZ`1yk^*7zOP@?W4hhtI1C#i^AGE6MC-L$MHr=3s{Sel_ysOL2&4&te?7Z z4;xq{dE#0stxb-vckPA5}Tk$id7-i$R`zLd76U@cEG#?S!+T z)|cTuif_h}(wmJ@jkAey$GTC>tF3h@ywY$vSJy zZSbLpP%r*|%lQy4ufB8^%_$D==PU!UqWM3JcOv8Dt*J#n>k@_-JZ;Wi^De6!F9KZM z$aO;>d4mT(_T1P^vll}!ABht|*K^l$6|~Qc`ia{j=pdQG!KstlW=yKpm;MHZ+`?iG&P+tS8+DGgIFQ z0pHr56gySd3mo~U9?pN#oU8!d=YX?mk$lelcm`1;x&Cb~U|E?oe1fNEMtu>rGPTs) z=C6)g{hIlAZ2Lof@1}w8nH0~Sl%t-#2en^G3iSo{>Vd8Q+UA#4+bI7QQUYr&DE=1r zBENbKsK84l@P0sG7a7dpJrhaGbz02a`_mS8K92tV?7Gc{QL#ufcYtaEjXKMQlPbIM zZIwvdH(qR9x{1I=2YR_MIvM`#epd(~oR zfsJ~RDYN)HgRHe#wJWfEuU)yffv?1q7b;Sr(nyga{B-fV_IW45xe8fyiM~T6{W9Km z-^|K`-TMj3*}1V_o1T_arSE)~0J+^|G-SUu&%6_1n)L6kw@yWfo<2f2Cdbkm32EAg zRq?SRTpxpvD(p;Nk9aM7_ueQRUG_6H60ONrt=j<>SH7j?F6~yHj~euRYGhx2z-KYOVy>uj-#mDDEE0!t=r*KO3tAxEhzIHLZkpToP>Bn zf|Ah`l}bTJc$l-Xod&jPu*~g&=PuxM3q6y>JM^y$jp271(z)350r;F;d*yN@hP1b` zt8q`1BI{?Rx|Q`Th+jrZDw%JDnSPbzs^<{{nR^*3Dq6aZ`mMt%a7vaSq6B zFAb>P=@wBd4ucTjD^BLTPSs571~MR+UuS(x*=V_d+-(ii6SdcrA^hAKQyk(-Q#8ly z9a3@Kh?ROecc|qQ8)uyi8~%=5NF%e+GG819&<}14d3YW1{R=5sKtph8*K8S)+?S;g z`^v(c%<4;=lY<(Rt*Uy7w~^;i5d)U38oPjgd~~V<5?@k59};_0GGdf=>wqWt#XRR} zi6!NmVP$e;XR>KLg8rnblz#>j#GtkM2<`!4v;?mK!_i`yF`gh zm5aUm!uok*sSWzbxU%$Cn1S%a>>zTZ$IX|3O?AFSMj=mT(Fs5n8v5J^R6JIi{2#3g zM#fsmqSH|F{%&r!tG%~EzoBiER|9f!56!WlqG$Xi`SkSOl`Wsc$Ru^i#_gLAv$%$! zzrMShBSOHbsrzhjEaLdYVBSv_5TKhfOb07}EBLvH~4dU7A$kcS;LcH3=4 zG#|T4P!60;h$64wbD_CMXmwUQqi)5b4lv(fYI=&_>Yer)A5-|>>s<-!ZZoX=^<$Rw zj0=g1bf9(bGqcRcWj87Dt1{Dx=%Mxbe#(?Y{is*jNF8iwT5)OXTTo5B3o6&;Hx=%n z*$q75DVyJjX#p%KHU_zoMs)LSP_j^HMjpweN=Ufb_IU7$2K8-;g+ov~I(jsccR{(X zjrBc<<>rBBv^tatICDDh=~jd;yH}oVyVYpU;-!6TNOB#I7=ZDjjQZ%Ss~tzu-^t-j zof5^rp0z}%FsC6bvod~pE@SNt4fF68xV$Bgv0r4(Zz}`pFQCFio4a>^`gGURS^Y8l z%#=Q$JNRQMoJkiW_%pUqbxzUO$DsT9&esw2bhLZ#c*wB34-R)KD~=G-;3nOiY<<6D zQAOYrz)_yX3Kb|ZcHI%@##FXBf?^CuKC%iyzaejv22BKi=;ou+l-?zA;DI5&^e6HP zCide-i*~F+x9No2!H>mS9LV~sg3-(+0z2=hAWBK+>a(p~An|`k zu;gE^JysU1;b%dF4e+#$-JZ!gUl{qGVjkJ&MYt+&5U4E7t!&`{(6i{wehS z-zoV2Us475zx|4?1K*K?@)MwKABOx30nl+2WnvE4neo7)LirYL4&(i=cr`x(q; zapdf8sJsDFaVeQF806|D$qAuG0_B6{z_65ZVAEDLfRG7By|eXe80LPey>@?;DKoy8?s6mR0Vj0dxeJG1~%N5#1@Kcr()3kMIGW& z7K0|?)Puqv=0zTL;mK5P71%b_r+X zYcFdM|D-p*7Ly(rj?KUzs?NnuG01~e z*&T0vec3NM2g123I|?j!(XP4fS*VdA-E^WzbOBW7+!A|SCabS_<5elu28CJCbpCf6 zrLr191O`xvwNq0!iE(% zcV^q);@a;^b_`Kf#5e7-h2AKa<9T45L=zNzS&N(K&}4n+zeUzk8ZPFPykVjCmQpMi z?!UBuRjOOzFtf=Ny8IZmZ3dwQ}DTP*dY z%@O9^PwMu|uYyfi3F>o{B(|P$kR~37kU=m5G`~=h3Vvubx>CRKdD^&qofS-DAleqU z0}nX;uwERfZhWe*JCMjZ-(>e%0cqgXEn05Sr6p6}>UVG#YGz1S>U3R*Lm5sY;fT7vzI0 zIyYx!-+?VvErHA+8dX*ml(5$5kAA(Hxay7`<&p2XD;b*S=}ao8XI7>|hg( zU00&rV;_)y=^yAvjC?EZz^R*svz;lOxIw;&JaH}%?AaT1#dF=zCid(e} z5`X1B)-Gjgse}_;_PaivzIt7FrC<2mJsAGJ?NsyHxroLi92}f`yw-~qyc7HHcWkP7 zTYBAJ$Su41(~PD7jKdhN4sj)jwM8$r$vK^`q5fp}&CPpCP?ka(t>IS~$3mXt$qtPW zzc&eX`&K}rw`{Sy#_(S2ak9aw1QdKt+O&0%>-Pl(CEA`rqp1W@?hI#cg0WRBKjBTv zs80BiM&?>%6SMXWd1Qyicvt#*v=NOrJR3;8fW`!)Jq+9v^@Zw;(STqq-$cM1p*d+J zWPlLc@bT@w*yIrzpVtxdxi+^{%}Mkr^xTLv%o{lZ7M0?|qS9Oph9N-_@^F&6z6fvg zJv4IkxSr%)UdL`~%lMYwgT+Hi?{_L_wuiFRo|j?>9%#?k+geLrP{al1(rkIleMSM< zu4Z)8M10lBERn%oQ;@^8IE5*AL_grd}@RLGpxS`2ASn zY@rbt1!OtPiItuN-&6qjSkfZ;p1E~IA4h??R5lCfb_-|U=fkw(f#wW>xbrPtMLt7L{LGS}GNhHf*9lv&dS$u-aa#D@3-28DCM zQFF~ULH#ceF=w&|PD$Q7EXj(B^;KI+$j|S|=Iex{(X9lld3(uF7k zqowuT&|^%c#c|YSsToNv6UxDG-yvkWSpDv{B2W>(16u#hQILo?vWc02XNsh7Z&RLC z>PE&bVKTYzN1w&Jy||5^mN3UB_-Crh9-nm6FHGg6?k(kK*DA7P$?H4_S*3JOqh6V2 zO-qQSfjSq{`06;HhT^iGMckG=Sg(iuLL7w~EM@P%CYMp$EUsZ$=*{3!*tMA4re8@D z2efvtbRvVo5WU>paP7hen3VsbB{45WZN}DgmG~fIP|RR5|8m-t?{qAi&pkzNxG@<* za$SmG^S8~ovrr#E3Km`Jo5Vb*l()rppqzJ8cycb%zn?F!g|S(vH?vD&Io*7p-)dAx zj<6GqH%9kg=Y8f&W#x%}@&y!-PT>NS{=T%;&X>YISvEpUx&+Bd8GFE(u+u#sHC|Y< pFomU;caWFkzZQttkKi From 16c99038b20030aa9358afceacec3babe6f74361 Mon Sep 17 00:00:00 2001 From: Aleff Date: Sun, 9 Jun 2024 12:04:24 +0200 Subject: [PATCH 4/5] Update payload.txt --- .../payload.txt | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/payloads/library/Incident_Response/Auto-Check_Cisco_IOS_XE_Backdoor_based_on_CVE-2023-20198_and_CVE/payload.txt b/payloads/library/Incident_Response/Auto-Check_Cisco_IOS_XE_Backdoor_based_on_CVE-2023-20198_and_CVE/payload.txt index 7fb94fce7..a562f0bcf 100644 --- a/payloads/library/Incident_Response/Auto-Check_Cisco_IOS_XE_Backdoor_based_on_CVE-2023-20198_and_CVE/payload.txt +++ b/payloads/library/Incident_Response/Auto-Check_Cisco_IOS_XE_Backdoor_based_on_CVE-2023-20198_and_CVE/payload.txt @@ -24,7 +24,7 @@ QUACK DELAY 1000 QUACK STRING echo 'while true; do QUACK ENTER QUACK DELAY 500 -QUACK STRING response=$(curl -k -H "Authorization: 0ff4fbf0ecffa77ce8d3852a29263e263838e9bb" -X POST https://systemip/webui/logoutconfirm.html?logon_hash=1) +QUACK STRING response=$(curl -k -H \"Authorization: 0ff4fbf0ecffa77ce8d3852a29263e263838e9bb\" -X POST https://systemip/webui/logoutconfirm.html?logon_hash=1) QUACK ENTER QUACK DELAY 500 QUACK STRING if [[ $response =~ ^[0-9a-zA-Z]+$ ]]; then From 659312b2ec040d32283fe42f793cf8a524e27047 Mon Sep 17 00:00:00 2001 From: Aleff Date: Tue, 11 Jun 2024 08:10:21 +0200 Subject: [PATCH 5/5] Update payload.txt --- .../payload.txt | 50 +++++++++---------- 1 file changed, 25 insertions(+), 25 deletions(-) diff --git a/payloads/library/Incident_Response/Auto-Check_Cisco_IOS_XE_Backdoor_based_on_CVE-2023-20198_and_CVE/payload.txt b/payloads/library/Incident_Response/Auto-Check_Cisco_IOS_XE_Backdoor_based_on_CVE-2023-20198_and_CVE/payload.txt index a562f0bcf..296894bed 100644 --- a/payloads/library/Incident_Response/Auto-Check_Cisco_IOS_XE_Backdoor_based_on_CVE-2023-20198_and_CVE/payload.txt +++ b/payloads/library/Incident_Response/Auto-Check_Cisco_IOS_XE_Backdoor_based_on_CVE-2023-20198_and_CVE/payload.txt @@ -1,36 +1,36 @@ -* REM ############################################################################################# -* REM # # -* REM # Title : Auto-Check Cisco IOS XE Backdoor based on CVE-2023-20198 and CVE-2023-20273 # -* REM # Author : Aleff # -* REM # Version : 1.0 # -* REM # Category : incident-response # -* REM # Target : Cisco IOS XE # -* REM # # -* REM ############################################################################################# +############################################################################################# +# # +# Title : Auto-Check Cisco IOS XE Backdoor based on CVE-2023-20198 and CVE-2023-20273 # +# Author : Aleff # +# Version : 1.0 # +# Category : incident-response # +# Target : Cisco IOS XE # +# # +############################################################################################# ATTACKMODE HID -* REM VARIABLES -* REM 1) Set the script name editing $SCRIPT-NAME var, the default name is 'auto-check.sh' but you can change it here since is used the DuckyScript variable $SCRIPT-NAME. +# VARIABLES +# 1) Set the script name editing SCRIPT-NAME var, the default name is 'auto-check.sh' but you can change it here since is used the DuckyScript variable $SCRIPT-NAME. SCRIPT-NAME='auto-check.sh' -* REM 2) Here you chould define the script path editing $PATH-TO-SCRIPT, if you don't change it is selected the default path, so the home path. If, for istance, you have a specific path where you put some stuff like this you can edit this DuckyScript variable with the correct path +# 2) Here you chould define the script path editing PATH-TO-SCRIPT, if you don't change it is selected the default path, so the home path. If, for istance, you have a specific path where you put some stuff like this you can edit this DuckyScript variable with the correct path PATH-TO-SCRIPT='~/' -* REM 3) Replacing `here` you must set your sudo password that permit to give the executable permissions to the file +# 3) Replacing `here` you must set your sudo password that permit to give the executable permissions to the file SUDO-PSWD='here' -QUACK DELAY 3000 +QUACK DELAY 1500 QUACK CTRL-ALT t QUACK DELAY 1000 QUACK STRING echo 'while true; do QUACK ENTER QUACK DELAY 500 -QUACK STRING response=$(curl -k -H \"Authorization: 0ff4fbf0ecffa77ce8d3852a29263e263838e9bb\" -X POST https://systemip/webui/logoutconfirm.html?logon_hash=1) +QUACK STRING response=\$(curl -k -H \"Authorization: 0ff4fbf0ecffa77ce8d3852a29263e263838e9bb\" -X POST https://systemip/webui/logoutconfirm.html?logon_hash=1) QUACK ENTER QUACK DELAY 500 -QUACK STRING if [[ $response =~ ^[0-9a-zA-Z]+$ ]]; then +QUACK STRING if [[ \$response =~ ^[0-9a-zA-Z]+\$ ]]; then QUACK ENTER QUACK DELAY 500 -QUACK STRING if [ $? -eq 0]; then +QUACK STRING if [ \$? -eq 0]; then QUACK ENTER QUACK DELAY 500 @@ -86,18 +86,18 @@ QUACK STRING done' > $PATH-TO-SCRIPT$SCRIPT-NAME QUACK ENTER QUACK DELAY 500 -* REM To avoid some bad DELAY I decided to use only one command row +# To avoid some bad DELAY I decided to use only one command row QUACK REM Old script -* REM STRINGLN sudo chmod +x $SCRIPT-NAME -* REM DELAY 500 -* REM STRINGLN $SUDO-PSWD -* REM DELAY 3000 -* REM STRINGLN sh $PATH-TO-SCRIPT$SCRIPT-NAME $ -* REM STRINGLN exit +# STRINGLN sudo chmod +x $SCRIPT-NAME +# DELAY 500 +# STRINGLN $SUDO-PSWD +# DELAY 3000 +# STRINGLN sh $PATH-TO-SCRIPT$SCRIPT-NAME \$ +# STRINGLN exit QUACK REM Optimized script -QUACK STRING sudo chmod +x $SCRIPT-NAME; sh $PATH-TO-SCRIPT$SCRIPT-NAME $; exit +QUACK STRING sudo chmod +x $SCRIPT-NAME; sh $PATH-TO-SCRIPT$SCRIPT-NAME \$; exit QUACK ENTER QUACK DELAY 500 QUACK STRING $SUDO-PSWD