From 60e855555db7dcbdc224ba309ef7f0e896d22eee Mon Sep 17 00:00:00 2001 From: "Z. Cliffe Schreuders" Date: Fri, 10 Dec 2021 16:39:35 +0000 Subject: [PATCH] nostromo module Co-Authored-By: Anaas Naveed --- .../nostromo_code_exec/files/nhttpd.service | 16 +++++ .../files/nostromo_1_9_6.tar.gz | Bin 0 -> 50937 bytes .../nostromo_code_exec/manifests/config.pp | 41 +++++++++++++ .../nostromo_code_exec/manifests/install.pp | 47 ++++++++++++++ .../nostromo_code_exec/manifests/service.pp | 33 ++++++++++ .../nostromo_code_exec/nostromo_code_exec.pp | 3 + .../nostromo_code_exec/secgen_metadata.xml | 58 ++++++++++++++++++ .../templates/nhttpd.conf.erb | 57 +++++++++++++++++ .../templates/pre_leak.html.erb | 9 +++ .../nostromo_vulnerability.xml | 16 +++++ 10 files changed, 280 insertions(+) create mode 100644 modules/vulnerabilities/unix/http/nostromo_code_exec/files/nhttpd.service create mode 100644 modules/vulnerabilities/unix/http/nostromo_code_exec/files/nostromo_1_9_6.tar.gz create mode 100644 modules/vulnerabilities/unix/http/nostromo_code_exec/manifests/config.pp create mode 100644 modules/vulnerabilities/unix/http/nostromo_code_exec/manifests/install.pp create mode 100644 modules/vulnerabilities/unix/http/nostromo_code_exec/manifests/service.pp create mode 100644 modules/vulnerabilities/unix/http/nostromo_code_exec/nostromo_code_exec.pp create mode 100644 modules/vulnerabilities/unix/http/nostromo_code_exec/secgen_metadata.xml create mode 100644 modules/vulnerabilities/unix/http/nostromo_code_exec/templates/nhttpd.conf.erb create mode 100644 modules/vulnerabilities/unix/http/nostromo_code_exec/templates/pre_leak.html.erb create mode 100644 scenarios/examples/vulnerability_examples/nostromo_vulnerability.xml diff --git a/modules/vulnerabilities/unix/http/nostromo_code_exec/files/nhttpd.service b/modules/vulnerabilities/unix/http/nostromo_code_exec/files/nhttpd.service new file mode 100644 index 000000000..46a5c11af --- /dev/null +++ b/modules/vulnerabilities/unix/http/nostromo_code_exec/files/nhttpd.service @@ -0,0 +1,16 @@ +[Unit] +Description=Nostromo 1.9.6 Web Server +After=network.target +StartLimitIntervalSec=0 + +[Service] +Type=forking +PIDFile=/var/nostromo/logs/nhttpd.pid +Restart=on-abort +RestartSec=1 +User=root +ExecStart=/home/nostromousr/nostromo-1.9.6/src/nhttpd/nhttpd +WorkingDirectory=/home/nostromousr/nostromo-1.9.6/src/nhttpd + +[Install] +WantedBy=multi-user.target diff --git a/modules/vulnerabilities/unix/http/nostromo_code_exec/files/nostromo_1_9_6.tar.gz b/modules/vulnerabilities/unix/http/nostromo_code_exec/files/nostromo_1_9_6.tar.gz new file mode 100644 index 0000000000000000000000000000000000000000..17eb5c86921d72da2c2c6a394551e3d8597fd5ae GIT binary patch literal 50937 zcmV)lK%c)KiwFpTUJX|O18#3~baHQPZ!Iw{IW9IXbYXG;?7azmBv*MLKH~%2ZH^%U zbC}>avhheWYW3Zk8I5dfq@EdJT~BYrKP|^qY^buPsH?^%=^$C9vJ(y3*~bixe^Rx~i{Huf82@ahknWHF z4m@4PKiM!Ex^ofhNTpM$LN3>9{PX#OH~zUyI*ak?T(&T}D|Hdu(DV5zAOCA(*Lf&# zn9;xwud(zM)~H7U7NqLGYJ<+J;)g7YMW64H4#6=(EBxVZ+ND z+X&>|ST{_~TGv|G?TvLUt~8rsneorW_p{URiv!-w4QnA|I z8y%6V)o3cJ+qA8i+H@n)Zmm)0W5(aZ(aySMYcNEX8Va{mS9cRI1$CtngSwg4a9F*j zu=+hUrf=v>tt*bh9GIW=aEX?tK)>N{IJAm*2Y*AMO$`wT{)R(g>U)T<7))IUxshtD7y+X8iu^l5zNb~+8YtzAfh&KYQdk*2q&R$sCqrNQFppU zHm!BtZd!)v0t&euDfk4yis^6n_(omDsjv2moG%T3- z_!EgzwYp)h#$s!#7LBRt4s@&vQxX0|BLN3(9jWFEqcK!fx0;+9lGs`#STk&0buAzP znrbunV%mlsO|xb|^qLU~uC&}1Gy*6+6b(O-=&Fl^9{)xo?lE9aR_}=f*APEz5ggk{ z+@-830zvO`B5|vh0^o60o6K3&;GYZs8j&=0U=XX&h_KYvb!AOYR5&=+JIZrgm5Kqg%rV?()LM=Yn|SFGZL2)iRwI!FWcb6}4uHBU zOf>it4MuQu0s}$}vtm&czA*farm-#LJ}z@@hOgbC6Ac^__|rWSB#4IIJqob75glO? z>tZqbiA1d{hLdotmaXbBCkhu7MmVLRR|bE>37ons;^8eEMI3hnGdcBWOhR*!fV<(@ zN(dc;zj39d8CJ5aIEISCPm4LGCITCV2Ga=0o5t{!tzwUO43{7p&8os0%?$j@ikOXr z!udV?Fnq;7s*J>pEgPHL$hKr?(@X#-snaKN_6D;XT_Y3CdaDXjn%(r{LpfzAU^Y|& zf8#)w8qn=J7NwPmp_GGx8|`}#dhL7S4NKGONu#QxY-dzK+=EvU3i4?UTkX^szB0$C zTOw-BCit)0b%w9;HAB+_AOax^-~|745p#FTP*+_85i52#NUqkJh#=PB0jROj62Sm9 zhu#pXK-0WXr)nf1vw;YTKXIh8W<|GkQzdE1vg)oe)Q?4|Cu${ZE7R< z4rJbOFSL#=^uJ7cG#l0bAbF~<|LwpN(*L3ZPpV)hvkhI4%}z|uvD32?b5j#b^NXkM zh{qk>Uej$;!3nm$zCL0q_f%W;5w#Y-wrAAggQ$W{PN}%GJUzuuFBT`~XJ?CZQ^hGLtmUBc6s2)3y<%V!l!SFH+CKuph!-17ccAQOO3STv3xn(q^}ke_30Dr`sJ6vo zxm=dMR2{#PAWJ3TE6L$MqS~&EUDexx1Wnsm17XZd2$5LNK^^Z#5LIKRjLbGcD&|4sMpzdP~-*}oio!S@e^ z82_Qe>HOhTF3k7|YvSYh#1m{$2kHi-)v^sx50p9sPHS3>4601204IjrCR#44tTcUm z^2E&42xId=eeHF_(c=sVvEcwEZq+qb*A2(4fg#9YR=fbS!>C(->!`5CqJyXY-*6x`v-h zoeFiDIyAi1go2y84Y@#XS9KW7B`kj3!2T&~I>3ZgjJoc$K@4j!E^=UgPjH}NQ#8%M zN|ZVlhvAm3F;Jhd+f;e8#niS6xzrR1hP*RXAj3(l!LtX%hrpQ^KQ%-W^03kXx+A49WcuM6e_>8h zKfLuN$Ecc!f`$qGQc!k-DG$g4vjLJ3`q(%Xy!<>pr#c`r3jC}X8#cWt%!>AMbb7G_*gpoiUZB+qGf>t1v+R*FlxMkj>)b)Er zMLAi~HoB0O;O;;ljvP>l0QeY#fp1talM^RVZL)D5IJPSE7ib-#A$6JHa;;&i^_Hfy zBQWKYxT4k=sog->Au}bBe2=IeVgr4L4z45V<{`^IlE`qD*f4b1Jwht1VhZ_! z)eN#+V0;Z_V}!s21I%ZtW%H2()V0=epvuT7_+;`~Z1;S1qhYvg@YvJ}XsM;?7Z!)u znxRnpCPDWE95PJo9Dh^Npg^$q5Po&lO?8BZx0P)w}I+l`m$98u2`Hn zjusO>r{oCXBShwwE$Z zDJCE#n{NSo&?RTEnw;fBpCURU^e@aKh>YkcJpy_{%Us(~T`>coeaNiEbj6aGw=!h_ z83ysLRjm>e#36`|H#P*|2Nct?+t8Arp=tAG@af{w5NHK*MZ1DRMA;w{LO`wnVb&-& z+FY!_1tp*;P!FO9j{)s#RE%FbAWd_j#Hv(QT%H#yftd(jSX&ia(ryAV1fq+K*(%p{ zVDL2*yvn+6N@^s4B&a-*0+X}9LJs5!&g2;v(i~!vLXKwZNCJueBY2O`Ez?vcUSW$N zWcw0RE61j1iYxQSjsYE5IXb;m8ZYGbK|#}|fg&SE5EvERSVI{ZumZ}txdnp3q6Gpj z2^hyj48`%;O1V|3ASY>o ztWHoc?!m5=bydNp1K2t5swqv7z@VXui{SQT4DrG>#Wv85!lTIbHYy4_GzVmT&66PqP5?s&dBx*} zH2^k@J{Mmk@O76{Ly*y27%5(sCvS@p)IDtjO~2deRwoHVsdJzNHME>SlTf@w;zmC? zMiACem;~Xf)pVgHlI-!;Z>Ms!9ESSp0RkwePc*RV6H7}A$@EAXq;G?4hP+u0NeC5$ zi6_eF8-RI&?m|;j>?pu)QS>4}g)1;OpvN9l0mzbaECrJ7w0{cNKZtqieCak%4#&A| zq3U3^ft`X@?Qp_?s1EHGi3MpQWlPR?LD9ArFH?u4%F-qQ1=uDu&n9X{f>+z&p;Yyn z{B$_7@VSpdon0jpEC@n?$6PRm4xFr^7((bkgo$S7%>40{sp8S)%${=yZE!sUe(*Uj@Q1OJOR@t$D=jy&?gy>yOLB1(i1OidexWM{PlylB1 zE^t}JNleykKw$%VJny=m9x=cdHwLKm0lAaD>Mu;&Pj0PTjW*KnM`7hJy0UJWQfa4^9vQK5kMa4d7o*m3+oITakxR#2{b3H+H*6o zzn1G`br|V;^2fu(n7KG1#8^N~!40t^11JfRgopk*ZH|y)sTbR05M7z(4Oy6;;>ZLN z9potMoJf&r*Rez^7*yZl@>r!M>_jLBas3#BxiSbeZiIPo>6|!(5rwE-X<@#!bsLQuufwrVaOnRl6wQPvZD!v%b zo6*o4{L2%36_?wf$?Fo8B?V{^2o(y68ff`1BTUw;`Wo^31x%-FWd8?PbhgrK*yQ}& zQgLo+W$DyHkp>o~!f+SWqiYejvm2sf_^kx9+&X#c7%?;!9^O|cC*Ot((V5b4A+_)-LNS?vEww7j9fY?{yloDU#$IUvwl$c~Op ztxV1=!XOd{Me79V7KGi-Cyi z%lnS@bZj;7ZJTOzC@oL1ZrQ7fO;$Iohf4CqIRtA~fHxaq!d%fM$(Lg%*R9dos*(28 zU6mE1*s1$EBj-7C1XoWt5)hZ5Q`Rg)L#w4$=Ryy+Iq4%n7|24(fk5<^TCmh^THf^b z1osYS9)hN{8WG4&;yTT&VgSZ)c!iBeoWXl=HCv6cZhJf_9ZU%rQdQM#5U^6UB;}i% z0?Di?>_kG&5xNCQ4|4J#@~LXZU$ZzzK|ash7!Oh{&&DJ*AsN$kxeLvhoiZZX%}HFA z-6I1Gf}0o=$Z!q^Ez&mR`h;Kb0;HbgSu)AuK--GxkbMA{8FT<<2k1Mxw|W5Do0QYg z97V=7Ze>TI!CNLqBXvClut{1Q1@Bvk*v`kJjj7GDrqv*liYWyiV3PKF)T-YTO2~F_|3L=KE zN~wmewi=F$Yl@C!9Kw_%SeDSt9prgv{#sY~1S45YEW{c>!5V;fjaGx?Yc96{_B0d} zgLKE6aXPd^McGNCRZT8n8x2GmKrtX)ay`{wM~1@Y6bIxmpzO#(36fll;VLQ`b8MgA zNg!c35>6zANCyD{kZ0;9S+2a^QYw%lv^F>B5v?G3OIlz^Wx!=t0yYl1PfU;(xOPiL zPx~=Qgm6XzP$7r7Er#CLU4V@`f@1(3GSTFy=^O}wRVr@!f{u&TXBq<>j&&4@6@m`x z>VDRkuA_+JSDA>ljD^an_$b1PR2FlGNqO2#rdTZAMJi-!m72@s$ zaVYzxr2K}QYvAXI{)1Zpc^rRIYHGOPl7N+g7>EhH%X?kvQbM;89 z*PT#ox1k$BX3;V|{)eI)I%?p0O2wri5$+4bpa2Z3AY1BMClN53fVrmL4KMw~G*{GG z%Um5C3Sb5eW{@HXp@(PEtQHrsVD!Xtw@}(hU-k4j^aw$&*pbmQEMi7!(F!d9AQeF_ z;b-L{vP>;3ADAu+(w6UVOb|ksXtXYRW*|=v6%@}maZ2e@5C~5z=BB~mdQt~`qpr?? zS|}NlY#E8;0_8CG6B6PmO#uf@6)0hHIg~81INmTEUhl+;M@p=CIN_8EGAf+}%{708 z1Sg+ssh-D`WdmTNt9!%|rNI`-Z41!^wP_f0keHf=h7+BTO;aG1Y1|WCYz;g8IOuq^ zR9u|p7G7cDS+hWSK+Xt>R}=t?p@N`}f=CZ)9^fqwEqW)}&2z^DUGr@uC7=qW`IXY# z)Y0W*oF*VoC0!dq!xxA+`4}dFRjjh{MQ5ZVJT4##Vk(_<1Xpb)jixVV3#{WRjpKPk zkt?2P3oniA5c4Z@^K(aM<|l6sIt`-n4KXZe$T@TH z=A$FwL`cz)9F}$BS(IGo27O!^_sh~xn08+o%pF-S`g{R94v+@vS0cNGPN z7YTAZI>>edi3#c|CTTFNPj)PNM6yTbX)S1k|=gDLo`{Ol6ynN$c0 zc2p3kglem5n%9aKv;$25~Y7c7Pd0LBMysHPJA%I@^Hd2iO>)!oJ(> z+s%C(YY@0VOxGPG9Z)AZ)+#Pv%|?wfVptuNxikw~hbvkjTqtA%+{;a7R6AA-lnLY| zt#bsVEt#`*!rqplan~+SweNk zg{vkc(%}ACoR?_yBJl+ojMQVJOLVr%jzXt(`zArwG7)>W0Aenc9!4Jmu7d`Bpnyf% zL2Epfc@mg#mCHuF7_(X9WWu*EO_Gt%^9c=k&hf$E2m@G-s# z=P)kz5p`8ayB0*WW1?(H0ZEVb1TjueP?iyzrf*L1IvlYRiDfsZh9V-jGk2?#V>=3P zf&$icWmO=QZwj3bn7>XGC#HmNw*VBjrkkyiFOmU{dUJ=YPu>PSv9RRPJ`xKA@Ccr? zTY&2uC`BkZl}N!bf+b6K?V4p*#)l90u7J&Yu zqt_&-jgae@WvhI?OzCx3@h6JDp&*zTY5`({LR11|HSUTkbhx0r%nqiwfF>9Tu#CbA zP+}TI>8uU|!5Iju!&1dWDnhZOph%&|z)wu~av^ynW3?uxiXuQ|LQJ+*4;$H|q>OIa>Mok z{+3t-mzulbNg;$M1l$huJ9>C<6!-i(gyb3#hzV#QSuYlsOE9&j7JXwp8j?-5#to_H zd)8Ibq5_1Y8`=+?;ehP~_W{8;B9y6_phDV~)>6F&A&KLi-G&e+S2~?l&#zfH6+5`Y zg{+-k)*eC&;G8Me&;xGo!(sOTVZk&w9VA1eloGB+u2`85VI>ZG2U4OhArP>#0biyN=o&Cz9nP=(m6+ga1M=dakrSFi z7H~mv!!VpiQwnOSC2pc9av2V{risz=TeCDjH7_;eNxsY{)F{2HqFV8WmE=@fqCyPy zC_5LpftU#UU^o?ws_XA+L;OM9#nld^lQiiY^++~cM=T43XzISB3t)<fdO1Qc5CsqZ7xc2M@}yO0Tq+hC2BV=OPZYjdJPLMBS5RU#KYZF9HF%FEi=N! zD&R%ttxf_A(Dy~CD1kLQT-LDl3i(X7Nmc_Czq@61m9zjHnRvh<0_kp$Z*j5N(4;Tz zurKzAG+q{NxaZzsffYm{)f4CUh_Hw5H4818l12trsE}L^bK@9R?FmkR&m-h$6e5`C zpyg!QAU94MB(W%HSrPtSxTkM95{=v3qFRPfgAk{ zq+UR_9~w!tt%+0yH^F;ix9)xihZRqy^v06bIefw?{D(Xf87;BmxQI=vFmp*E3MQmkmzy?;+}aVawi!`VH-rghe#=!YF3iZzomnf;K6fr9%#S zelo8FZ&eIB;fa7^R*Lz>B}k%$qV;|Vrxl`=V)++fB6l_h)mO(~v9ZalT<(~#p47qn zi%ikm;uqLKON&XkeHKR@?Y8PLGm%{53(|Z%ymACLpYi=i=t%79-nQ_Da`kHu2pJZtq}STAJ+&Dq(@eFp}$Rs~+4vJBaok{6`pzYXS}z>d@@r zwmt6)!VKPuUbq1*@B{+S80ZO?z7K`eX1bhU6x`E5ng)n2Nuh6$+{#56p#B<4McnR& z!{&*cfohxdb8ZVj&|9Z2k*H?Vnexm>QZxRHZ? zfp`F`o&;e6{~eSGw%JNN^215e2_RkDNHKx3v|w3$u^NjTh2lC1)%oNTN6?*jPU%~A z9wqRz$j&1p?oitXz{4#}%40_e@SF5Srre?qAV|#L`qQP@z!8AkEUClex<{eWblWIj z^wB?Jus0k6#}ID2TzMW+71WTPB?nV&qin*EB(T>WrH10ST^`AHn-%CKh{wsq-btOf z>Aipa96b^KKYP)c|E?|hKk)oq2menMGJXEP15b$m&z>XmFD)OPnqE9Gj?)W70Ti9P zF#bLp?6bi>8+`oO;E1#+lpSrvX_c|A#_A2k0VDK(u{bd`TfE3LW-I!iP8Xu|Kbslt zpZ~oRPmuic!6)LM?l|*D&_Q#Fw|>RVPyARyW`T4@?uO)5h9*nC zn1z;XTHb;eTGl$ursz}}v15e%F{NN@gU3!@pL|Aqei-;w9Y zUQiT*^WGnNKJ#;tOCVAQ59cz$sn4K*8{+XJd#C0n>F6aoZDe8j=*;va8%QLRC$p2u zi zsAW1D06`ejq`$2jrstN5i^nD=ivXtVD5=n=*s=LVHa&OC^7P`VBgs}M{mBy(OZ!S} z=|qv0@S-d>I}h)R?8b0Hg?uK*2YTsS^5Q2NsR7DkG^%Kb9Ull9s0P@&p}Dp3fpji4 z0D2{!**QLt%MY+JZNMELfMBKW`nd*fIFeKlEFK)-m4oI;l8@2jjkEpd;yvBze-MK% zypApCe>Rr``7Z_Yr;y3#M@jyNx4!*vC!XWe#||D+Ub8E)>#uh0N+y#}ed<$>pZPD> zTyxDQ{_*A8R(7ciwsD!otG)-uJ#QeBlcZJ@n9bzVn^?@4tV~o;{4Q8*jWZ ze#<+dWsg1f*tvFQ?+-7d-(mcNecJVe#~yxT^ThCTUi<0y*q^CCe&Ogl?=IXn^2Q@)ulV|RcVB7#{L5c48Q-{6 zx%bwWop^Hlp2`CoBh_F2g*U%t>iJjPHF;Gme(3}4SH0@;CnqnxJT`gtPOyu)fLxW{odpgMlQen!@sm^_xnGfT=83XUGdWQ{BHYC-teX0`ou@S+*p57 z?8)zc_paef?cXhb?gLj(#zuZ=c=zuA_`AEl_}B5j`O3eZdgq6~_pK*C>(dWkKECvx z7hJxuhu!zg@})!Hc=P?KFYY??`Qx0vddNT-wyrCYZiYkbLFmw-uv`BKaprZ zuN~sQrGNa!XKsAbn-lTU!+&%_ruq{;?gI4eAh=WeeJQgJo>kf zJmIOY%r2()eZc&S-~M9!wl{qCl?Q>-|*Sg&%EQzJ4X`_KJ#y$^T>mj?wS7C zKmGl`d_n!yr&rgMUF+uLOaAr$-ZJ#sZ-3z3ul}XucfIgeTiOTiyZ^e|l$(ye@|oA3 zIPn|T{_Q8PeCE&1+`nNxeD+n!&-}@|AAIm#FZsE@f5LlinreUl4{o||ck)eV@4V^< z_wHM$|59%GE&0Eyz4DLiulvlkUwrwcXDg3=ayI$psgGZA^iAtWFWL8-Z~VkdFJ1i3 z%dU9(b5Fed%ICj*-^+K8Jg51{70-FroiDrU{@3VlJ@ky$t=jXxH+=F>*02BEb#JQt z_Pr+_iT~W$XAN9F_@(uu_k45rZBM-KXP)(?cf9tWVh@~s_2}PMcg2$rK6v!?FZ^G} zzI6Ee_y5|f*8l!Q;o%p}yg&8COZPw7eb1He_`OTN`KtWK?!V?GN563JvR_W#f9K0y zGkNf?N8UYh{hiNv&-`tB{_7=IPksER*wr%&rIQoiANthIzx$0_Zo2#V4?JUO_**}? z86S{KAQMUGXn}Uj1t7&2NAB9WVXf?y);x^2ULWy!`TazT~dP z)35%*sn6;Ewbs1#?&<6Q<+I1%a{0bDzHa2se}3%t>!0@_fn{r(^AS^nA|%)DXXR}#Btf8n8rZ~Kb<+Towy z|Dn{Wg7#!!cH&bn`)_}I^Zrv;o*de@@X)7EHokNBEgSl$m*4SwpL+UV zzis!!uUQ^^=UZO!^~I}i{OH_go>6@Iv#*@e&Q4sJxZ?i%o_5*GcTHTm=jAt@eHuG> z_WM^}^76#mm#+EfcRv25OYVIr|Fow)_dD*D&wB2jiKi`3{_lr(KjZc%Ph9@gXWf0@ zuC@R7%v9{%-&?-pMK74X{*9l1U~g*b@`dA%9KC$%Ue^Bl>z}H$zn;APdH-eCoiBdm z6T2sykAD9fdzz_FUjD9|-~NC0JZ;xM{_yhYo9=t;FD`le^{J0vmVM`EpLO7>`yTk? zJH3&ME#>nrtW{^XL9=R?mfr;|H1j29{9yOulvN+UpYRu_ctE<&Wr!;kKTIaW2432IP-w> zg;)QN=dJ(X*xuLt`IDcW{q$u=9)8){)4%o~?)+cnpId2u>a%Zq+Dq2nGw{5d2Oqwo z{?z-XnqR&2ZwEj1*f0L`-4Fcg*Pmlwb>uZ4efW~k-*??NKmVp1FM00Smpt=LS6>lt zAK!c1183RBegEHk-f-Wy+pm573!bYz^&{Upd*z-7U!7Y}k&b~D_@rJ~`yLXSj za<_i;KeVs;-rrq+`oWnme)|g>Gf%qiTTl7nuK&}1%3B+^J^ZJ?{pQcQ_QP*`;Kgsd z>iyS$?nRmJ-oLAU$KT&SbmHvWziU71O;_Lk(Dd9jFH7Dv_m=~gee#)e$zT59TPJtj zH@0`r%*rJnc>P%JJ(s-k*B5?IdtldlU%dN?b1%H?DQ6$ubrU=BpY{xV=Zm*r^|jsm z65oEo2S5GsUwOf={QR>IKD;}#u=pQ8@RzSRwRFd2_r75CoiBRy*Kc_BdzXIw1%LJ4 z7k>Y}w|(xtw|@97zsPp&8oQ|c_TSqRk^gAz_+r;_KKB1yZnSUz-GQgu_7psmf z)h{^z`qtt1-uIN7_T2Wq+YY36|Adp(ADgG^{P%o^ zE>ay^&VRK3hUY)6|MlnpkNyeGe^9v(9XhnSy84>eyas5&=Rg1XZ+`QeyS({-S#bUz zI`R8o{@C9=0OdKzVnPa;Djt`~{9;u|r>g9_7mK!@VSbD(OC*Qa9?2=j+YuJC8!S=r8@C@C^LUTM zW*TLs8-_!C;-b?kf*1KOF4$=rqN-3p?8~~%_=?r^{D4M_oBywnk~DDhp+NW zo@{x?VMXWniRiXoZnG+o9~aNj#G@Py%{z{iPD?IZYdV(X-*jqPt|5*=<`x5JU-@+EuEZLEVAhmTUeaGb$Y5e#Reuy@IAmL=B6mo#PZUK z`9(H0U7DPkn4T@MiJ2J&xfUnpmZpm(EbHX-(h0U$JU+1qS>_=Zl;@W{H#xIRcXVLJ z>Dh&uX{g07fXyGnGG>d5lP4f#;^_3u^wKG+{@C==T(MLdfil?KJS*N>oLge06If25 zWk-u_W_sf2OcDKDu&9Z-Q>?U5oSdGR8HRQ*7AKd6p$P8{vP{m;m5R44LvfIXO-;;B z9LI(%QdaRv9Xm0xRGNo+7omHl<(Vby#<9iuSvE6Y!j`k;QW5HySen4x07GbUX&CYq z$%_WsJuyd3np~QmpTi7zE8OA)wqve%d}jK15wAahyxi?(X?_tBE|)}xVK%WiUBXJ| zmzM;f$d?C;nJe-_3Hk^RXbZKXxCnrlouGn`g+~KNA7;q4M#VeWd2nX>=;TUiapfGVWo6c<%cuUF&N?%ZDk@ zaQMk^`}sj@{FwX-=H+MN(?N4|wFKTZIe{lbI&|iIA{{tp2J?Fdtk7h`v*>H z-13Zn3b8}2pp%)P@+0HkeM?Z^&=3w0TcpDo9WMg9G{g?D+3C4K$T92%8{T#1G9N!1 za}C077-y8!wOgh**jHSTsc|I0POi9~#4^Z-n0kyhH&=`~)J!0Pr1&!we{no!>s34p z)fPz*B_Q8eFd|q2qy4zSXi=WYsErUK0yOB04m2?u?s9A zx*^(y-=aZ)t%DE>gXlP7U37z(;VE{0ZAA-{SJGLLHhFbPJWB3Iv z#NRXU&!Hy48-W!|!1}{A4uZgoAcYzcRQybMywRI*)texQaR7xgKVE|5*79HNg6r5y z|4Zcyo$_CQ|No9WoD#&sR4Gi7JbDE4?eT7H|GC)D7V{sK>sbFSWK;e5 zzY|ZV{)aolZTB@+Cd>o=Ok)f`MSD0Q6!2Zp2$6^oT^ zU0EfyhY77omO&a2wPOyinlr6dwT4GiH0Y>zgo*-`90!J|pRM5G5p7PJ#Y{#Fi<-f;A|I4QO z{(n311ob~j2>bfqPtDV1{$KPnptoHAPo?Gg4|%cwJCp0L|L?@J>G{tchkzYAoGSD< z|Cw_Q{|IOi)@X-=_@PzdFgjN`aCmg!+}22`;^@}SvI7y38Uiuldiuw};?rgRU-UCz zx0?T%R6aWYbA@bw{_n)o`~25!On!O(D@{iKQ=CjEziHxaaS&zyd0d|E@_(a!G3z)V z|IbXezyE6|o?hdhs-iLstyC2Yvb@%FH3$ zh3Qm@xN*v=Yjn%6zZ}7@%XIh>2VT(zFbv)%DYN2Q#F|5gvsL7cfol~R5aIgMkPTQU8^WJ#=`arV+-lo;&wnpNjX5OU&* zJ;R|JnMUy2(Oqo1e=nwHII3dPl8xmmcpDSrt1{dy>@^TX7=B9_z#kg z&jQ{Xyf@Lmj?lZ}ldj(a$OP{LG{W~V{g?_dJ?Z~Nv;u5J|8pr^|IOr6S&#yR|^ z_v!ymJQ4r@?Rx$<+QRW4Xnvjh^uyb_d~@WRA>S(SM%UQ!9}RzLo{BvIbekQ$mJ2y8 zyoUhmV?Xlh{M`sxA8kh975ZK6y1PKc$X0pD*Lx;km&qMJxzjVbBa<6`a-(N*Lng2I z$tyjRSHwmN4iUbSLR>A_Z7YR{l7OQO^x8GOh>7#DI2?=ds|-7mieNEThhzMudpZpF z1`|^9w=PM&h%OsH2%~;__kDOzPx^lmtw3Aae{-Xx|E2TU{3zc00B@s(T%Z2$z%w&_ zbey5>W^uAK?$a`#O!*YZCoVqS5VO{slyb%e2t|+v@QHa~d}~G%pPiT+kI&67Oizxp zG`^s-$4n7F;&|!iINz)mkI$F(jB z?8pO3AaUBk@QQEvYh+|(Xe{m})wY|KD`DM}b^AgWsQw!B&OW{8KN0qeQpc9}|E5Nx z_P=~C)nEVFiKmqCvkEYJhaIPjx@~r(LEksYv#9%?yM52ypKQ-v-vL%L ztf)_{rr6bvFq9d4`_7W6JU9f!$JT9w96de5IPgCUzEJYQXehgdH)sIDT7a!(3KgEO zhcQ74T}b&IYr`y&hOdf(SFCZwO`?43#yglhx5S2=RH=H-y3xfIJ1}O@wvzod&$O{}$28PJpbZ&WO#^1FE?ZRwO2wC(8mFBSME_$6xGql4C z@miuZhj`6skEV}!tfJO|Fz}Q^{w6(^8tXfGp8vBc|JN>#0I(JRFBH-p{6C-X>;F6P z^!b0E|M&U-cKCm+R%@oq|=-K3rp@rsACKM zpUb7w!u~g!%Xs$xY_`w;ci`#s|33fk^ZyIr{}7D3cEh196Hr|XhgDS5t#2&>be9x_ zkbygiHNC=CfNPqqjg=KY(ZI+^$IiV0vH6#a6T&A7IX%6iJmIe6?dJ7X!%TqGAS8-G zh*lap`b){T#F|oX>6F>1nwAZ@RjWZ4d=6eq!E|Pmbgy!B5C}9;cA!L24#R1Wo?sCX z-G)Xl174S4Bhwd_7YXl8&JcYZ6u=Lf<>%?A_={rIFK4<2LG|)C(XCP z!P~*~p^TJbl+&3zPGiU&!_4(w_LuSB3Q{0nj6p1kIZ}?PU=;xwW`1RHYJP6!6c=O? z>4+G^H`789BKh^sP-Lg=U>OQ*0R6JmL1)BqSE#uMSUM~kg$j+8Ps^kM2`9$e4gqD{ ze9QDYP~;a!8gz!YiQM@rK#HNyvaB9`;Brlc3ra}z2gd+T-qB5Ctc*LBz5YN16teGH zaio*n7A(@6`^2_pI=~6);lF46+?Wjh!&9h49yj!5dL?6e1H%Yn33+H#%sp)&RQ8vt zhL|C$IuoeJ@ON0_jgv4dQNj&&0RFr8UM4=U34yOr6EqAFuG1^Gk zN@`+o@MKbNlw)$+r*c|D{N*TaRp^_}*TV8}4vfi0XaTf~c}IFhEAmD|}{CDpETSyi7`rl~2@BgZ*DKn5VgG6jIIIs+qkbx31P(lVu$U+HOC?N|aWTAvCl#qpVSxA?K zbXiE3g><8bC5CzDRYoA2Pt!qG6yMhkTM4;^H5?weG$f@U&2p(31`NqG+Xd!Z33kcHbF0uUH-y6-@v2ie^9Hl4WMM3`aj^ z>=@46r3%|!lW(42@{7tJT3iw36QW$uozF4Y_|&OL|}5*exzxetqlB=(ci zDaG|D+045IQ%W1)h5NY)M^0gp%m{H^ibY&p>T}CK2qUljt|b2`t;$g#?Vq!-!KR^I zO6J+XUK9EG`6z!3z+xiASW_i}=D9=3Wq12zc!9*CrkCKFB>zz`uwny_T1-xf^b6dM zsSL;Wat-z7ryd3V4&C%$tj_1$=`1yR*{`0|MHPQsz6N6%M zU{52%CvKb0(hlqYRoi&N=o6)e)JdVKE3LCs_IsIHVbQ`hn37VG95JJg{aHI_+`u%I z*Kx3PEY@jbRwPWVRHOwF60P}*)3@Y?6t2xPMn*GEWh(=n>Vfg2aU_7VLFoeub1c{X z?K#@xru|4)*AN{?bS94~Hou@_n4HVNZUm@gb|Oa_&EV?B9_zq%MTB%g)T$S%yjUea zzy5Pcz3cBM-EQA2W-(|-C@_!fW6fKHcvpbNj6WBQxVIDC`)`tQxCZ{1vEY3OK%Z&< ze9vUNzkl}3{Cs@=WL@=auTw*Tx2ay-Oc8nr*4q?Ef6&7Ewh?5TLb8Z(6ynEjtUDv= zj&F@Ci!_6S<}J(T6A`n7Wn#Q-MfF*!?9aa-cG!cKh#;_cJpg=fIrWPX*XzHCsi_qA zncVq=&jvt%?tlEtDdfAdGG)AJVql^5R$gCO76=B+V7~QsfWLF)%wPaN46{EUFFjX- z3nxE5-#aHiS{FZ0jFooh6#ypXEi1lA>=HZ zD;LO*d>b+_{r2t^yZ($$&65dEhnj)?8h~#l`ZR>4{;ltcvl>m`6}iP6YG5b)rwLX~ zVx`L-^7W3$a&erKEIm8$?V!WViw@;g#?Z2huPGxkgjP>yF%Ks*t2xIw&BW;g1QZPQUXd|g2h%dQgPVPu(0vCQv8MEfKb_oD)WBgf zA~FaL6-J|!?cFmRX^*VU))rt;tAgGdvehpk^#q}2FmE$!@lUyP^cMn!K0iPI2IgK* z@B3oH@5JKA!E?i}h&Rj;mL;g@etkJRYe^*<7aK zwn~!xX|WSpn0^@G)JtT=^A#T-VtWTh#f8&33u>)E7^Lu#qMyA;G7t$QDh}%FDqP$h ziDuQ>AXYe*t%m09X98c+;Www3C!2N8I<(AHPk#d!qg4xovfj<^ zZUOaPX(8*(j?EA&iAl~acQ*tPh>gE^2L-p=-;VJ=|F(l6aQJ_5v*i;%GoDw!7QgS6 znE(GHa9?^u13lAERd(&^*}=a&pXk7m+Vd=c8<)=tq@^Jx>C)5%b$fqjag#yNqmJ@) z32U7UAtfnc-m+g@hR#1%e%EIN3={_E%&@rT5R$D@_!=6lcGbBvkz?Z50p>tDF+}G zsXG*o)kKbvyoBy2Ti-jj#>i})J}buPh8n>QF-p+>(Q}70+vua=R7oZ?eU(ayZt#q`ux!nw&;D!9Dz@xC*;FkZLYDGMKLED43{*d>Bo-JS zbO~{zqOuuu$5|`eq#7+jpN5+6u$?l%^nN8tCVa5CIKcFICOH6l#FzY;Aw9Pz7)1Xb zo!ou$Gt>#>IPn&HA|P?>$Gy?>V?mKK`~bu}8B>6p-vv6KjWmod2n`0dOzWx^iQ_m)O=L_;W$SMv z(wD5-y$w-QB9u1aplm0|MPV~h1+gFk16hlfraL)z#g-OVQO(Kri$Yps4zb>VIzX}N zJpY*^39c|dkE8D3oZQ&Sp1TvixLp;r9{8Q@w`PP1%N(tsa#yCs?$V;lCNkPIBw|c) z0GVhbw3&KZBlI)emxqncQZyUhmqng7pYmil6=ew`U9j2lFEfOcjhbs%F~?*>cY7~Z zJuE8pnUb?6*Ce%;^3IDCIJrgeHCAkH#EyXi4+&(BFe3cJ(mM&wj$pwV84zFZ z4jCa8qYEW+Bk(oSIa7qzj1)Yf_>iIE)js9hM%0O;1|O2`gU82|pGP=Ctm9bSZ_qP4 z=ceD^7yn9)NEFn+ABMBE{8|=)KK}1&<{VOo)lLODGxqy@-#=hhTsUDDsk zQI(qib3r^CyH3OL(}IiUmShI0s-OrWVKT!IN4mY{;nO>zk*yMbUmTAVr?8`-O?5y~ zZ4*;~OMx^$@!K#%*H(qZ04@#@x8vMovM15}Z+WJK%x@Z+y(YBk|Iw4kp5A0S-jXC$ zx^)6I`Y7+Jmo(q1$S4KSc8NTPsj{Q3AH-M%<->!k@!_OEJr&pY)7NLr^Yg9qL3`{( zG=hLxKb-cP&aEkXKAcV-&$Uk#IAwCswR&u|E4x0NPF={`W$^TPEZqO=?9o`DK8A+e z$sFc+UN5!wMy*!@0mJtU__POF1Nrg#m@%jQ$x#QJyV}!$S!aj5n+6>tei*_ zeaw*6sWe^(5OWsNjGH;jiqmvH9UP+AFI*ekrbOgUNKOaHJHS#}z2BE*{na|_JVqkN zacHKTzwu7&fmUtcY#P!c#7M)AT8KXtAj1#MJ$MuJc4*;A zSZ73f05jY~0|5aq8c>p7t$Z$>JYd~7iwV|Xgt(6}o#=7oih8L*21}=2C;V3>pn-xi z&+CrYp*DraS3X^;agi|2QwS#$n#VFB-KbK7V+kaQ=iv?waU&>3mzn1*&YTT&u$xAq5o3_xqK$hVQm)zm z+FLy-^q1svngPAK@kZC;)OKnfK`1vcU0y4zby7WYS zr?KWDPD*9t5n}o=mgMJo6*xE{I}|kIZO|Zc-Q2)jRNmO*B&UwlWI^B5Y_sSX6;%uEsF~Bnj9|MZ#V&3aSkgN2JJfg&MPwKm` zi*!4vA8(vSl68i+xXm*aH+q}PHmW3M-;UCS0qnRUuK0PH%cvZ0_F!Drs@tt5kwSqS z@l~-j-}Nzi!O^$JiSq?Y{wU;eR*_v*yCTNgh}UExKS`2a9SY-z8~LC35(<3^@{CB` zwe%R+MqlLBGKdB<2Z*6%S611PXhJF_W16FpSamhDLzpPhp;=;cO8YsIXgcDlEo**W zTfVW|#+5m<{J2OtZgU}{P^8G%>@~8~a**U0t$9SaF%*D29npq4J{aJ52s*~hXAb}{jaViL8*qg7M(Tpw!4%-@1T5V7o65LvhTS{X|w_A$HOggHFdMEp_=a-QsrIENep z5Ri1S_4^-{DUPwLh~EIDf_1r5okldvJ;g<9g}d?fXaUOX@C|Y7BrWsUscs?Pn`z~I zK9TIYjSz*6MzhtpjNK8s@=Tky$(kZCit=gCJjI@XFq5Pq#0jt1 z^*4qwnqYdT+FZ2kLtoInmDVBDEpdFQ?S-4$46Bh!F(=}*;uXoM{;w!eS zUTa170s#uPZy4JXW)xy+KitbYOig zZoh^Xm#R~l`y4&{S3^cJhLy2b^pWs_l7YUyfG!uZ_R1ujVG# zw;_9+G#qTBPpe&#(#LAL!5<W&!Rb*U)UL19xa=Ii6Q3mXsSQxzsHE|I!j5G{pFqj|XfNf}041G%QVQe$i!}KI)+7Qlr~2!;PZ z&Hn#wLm-X?To@G$5bvcVAxc1E9GB!Bhr~4T#xwzoVn+UdK!c=z;49;QAZZjch&UEh zVU#~Wyq}UpKk4p&K*|4Yb1*Y1Po8{Ck6R(GkRw3#vKm zpWzD(vi^ihm#7DDVOKCfx0jN^APIwU{DW~E2J?t4>K;Vg1FEpgAE4V$$)KO~a!1KP zn2?G%1`~EjCJJ332EJAhXb$MJ0|+&h5neEay~7~K!WardH#7v6RoRa+NcQ#+*0&J$ z>c#caL+WFY3ZsJ=!|)5oK+ncV&&EW=M2*Kp{ntwIP`@*sE35;6*8xzYbKVkRKv!j# zmu07yWeAr5;7h>T4`A*G0CfqN`vRgBqL&>Az~$;a!}9ODfgQz_nM;` zh*pvlF$I6HVpTv85BDM!0)|95N9+hBu`zSO9Gr_Rm2C-tR7OMeVY_{H{{+-u7b|z9 z3NvrDL|UBEqk;B7Thv2+U8mGTtSQ$E{z>3SVnZ~$bgNJ5yM;KVH0R~w#*;>kDFf?a#YB&ka+nVAj<5)%#$uFPbYVmwkb(H zl_Gd^m)a_f%Sa_& zglp`$)M52rPA7*ke!IIY(+6NfRG1Uir09qw=#3+5#btI)%OnlmAx1)v;my^(zJ=b+xyyZH$^@Fc$Usos_{J z{zM~<0i5}$HT9pMo?(Sq2}>6bdkDpkRB;y3LW~JJ;`S{e-5}e9n35&h|=+;Ca}o! zU~C2kRLBTjaPDgq#r>Y+R}gZ2wHoSjE7~zu>*Al~pL%nwB4GZx4+K!SO+N?hU*IIldmFBZL^X9((^l^j&ScLP3-y%VBtK1L4hGMQ9rn7M1m?FC1uVCTOhLw*K3aVy*C88Yg9AXFGph?8)4fOWbgd)QUNh#4QV z5qkpDD9D>iUa(ukoAbWQ1c{X*Tr7fW=NV$Embebgu7IA^V-iel3c0G_ozZ9E7(AF_ z8aCizOpis8D&Cw}ryB9B03fbQO(lz=5`u#H{_{5NPe{ENZwc2($!LY_cLzDIn%J?+ zA(Wt;iwvc_$A;h%M@Ff6lms~wY@D1jmYw1sqmP=f6{fTyma1~mmQ)GBTQtAzAw@`2 z9a88Cz_XMx=ctmfJ%w4*40{ZQ1Yo^mE?Ea0AObQnbiw47=V5UT=AD*GfOm^oST)3) z=1W=JW@Y|N^Y2<99swKdG0ZY_B~1nBi5gXf-yt2!cuuD|V@BFkrOD;F^kUF?q4_P9 zC@uN;cnVxwHPmq`SBBHt);V}c^N=Z7l`hQU7Xoux&|EQ=EyyW+4gVhOa=YfDAETW4 z7cP(|pcA51xgy)DRfQX>QBt_m;aHK!02xfRy7c`mO1X?ELcxjE|AD(<=j8s!6(D3z zr$}tC6_;#ujcr)+PaqA5@U_v<>klw0Ru;J&{i{e_p&l51w;~2eN)UO5FY!tATT?%L zxJ<_kT%E#zd%k=+0zRR*+Pn}72jR8H61ZD;2sl<}N?X83RwT(gli>TK5#E|IcIE0R zd5#I+n)>1WI*oL7wdc4{s*;m#c_3p*#A!N1DsqC!%JX5%9KHc4Vq{g5784l*A|eKw zmr7zMNBJ2)RS{8gmjB`2Wkwif$-$H=uoIOgN-5N>Vq=0E$r8SU z3$g6oNn7aY%l06a&V}8{@6q0LJ~#Vgc5t)n&A#*v3;SbV>IlN(+Ya7}V5l+e6gQR}Y>(BB1#m~)2 zszq0k7X5-V=(hkDR4!WiXw*>RKchYvb>PBT`VwA!PBi|{!R88a5VlfeCFTb4n>7VYBijZJ1`05v4Pjs=A) z$^xkAX=M;@tr+oo8|S3-(Eb!n@jfy|q81UnCm^DuoFg+1p)|6%6b2+4^!rgbmu^y~ z$zVi++Rx5}5bCOV&tgzcn$QqIOi8&#GN99fT_NDZtfMIG7nX35*ud!|fg(&e6L+ z>R;o$m(bfneo3wbY?o@mgnFYc=b*0fiW-4;!Fv|<`Q4_&t?C2D!6JUEB0{9+WEm`(3)f^{GRb1H) zQm6+TBhe?g0X$fQJT;qR-pZ*gt7aV}KCtkI;d`gvD|$KT<^Ybq6Ch)&zGX{vLPXC1 zMnV(#fL;_`q;zwz0AR?wd6;pakzMybnOciKcu9>Jd%Ct;a@2h{W;ZbqUeZDMpyO$K zQ?kG$RCIE3Gu616IaJeA52Cu>e4MN^Q^(oE0MqNc~sOr!l10i9LX=D`GmB16ILv_BS@d7?!-J*nD6y&=XRSWIg-@!)WN&6T}1lZbaXMi^ErlMTQYayfsmpfQqIwb+TC7R+Tc z1lOkY{5-Q2<;8+1T##a17j8(n;Ana4Dj5dSi&Yt`70!ij+rvk}JNRZek)Ef!qU@Z1hAVB$7mArnmubT#LG#Kbz^{|U7Kl-W6AVip*Q+b2}H8Yn@|*&b%6P3II zfcBVzeV7B{U7q>@K1iw{C_zU57e+#YHqtL~zC9)s%cEnM@jz@%7d;#%lXMtc%o96H zuyf2e2t6+kL{y)PQT|Po%~|4OHBELFw1;ok(L`g8(R4Nv3bF=~H|m51?$^N}Gb)(Z zyKI@)UcxVn9YI2l6m%-$S>;i$;9?V!3B|z*wO=e&7X(}7*wnlYDT5MgeWlE=jNLF9pE4y&ULm6SFpCNxa3`b40AE=x8F*vcP4oQs}!O3}Vhl-95*DE{myhuBhI z-e2i0hx*6QYiD~!+>tiJZ>|)RW{u4qT+)9{r!Jc&$oc{-2%-OO?czznEDnOzs+*Z4 zKx*InS*!NCCMOiJ#f{@c`y-V$Bi&b7?Z0cqXa{K(TI&bviH2$PCW?s=1Wdu(Wz^_> zw}v2&#)Nj|KJlyrqZ?8U-XD|cof%nKCAA)7ns4Ly>vk-j6XsyJB zoV{@~YzpyUdGb9dRyb=5!Kwk4hU@uAL~oYA-p*XP^@y9&BI!Gm6SrMvZSx&1#|_C4 zRU+dCsL-nYC^BpO+_gF=V1X|Kr~a}fp&PdI!)8^w98^Sye408mD#SY-M`Ss{mn>+< zDRRfD`h=it=cJfhY3O^wJdB7+ZgDu-EOhHll zzflV}U#<_SHJWpqISYBd%>AkNWha=(gN0a#L-q+-N|@=Dw?V3@kr5Zl#di5jm#=N@ z2)R*);`!Gv$T(YIMVN^os>%+eg-GN--;|xpvIMqmfU&eY?IiJDR+$8!;n@a{W}n48 zmBPkHOP#wKWmUhR|GG%w zG76GhLdfVHk1xH{`lf5K@yISU!zq%qUB5@_u>RdX_kGja%1RgBD{u8?dT-Di(j)mh z1Y)qN8T(2@M{=LMG-IDlnaf77l73c?y_$fojyT`ea z2$MG>k@*RIx>(s}VVS20>Q^8AM-M6I&ZgjkKf^$LJP!jdbfGTx?H9h?+;46;uh+*} zhHPFB)(Zg-=Wnos0)cg2KaktUDW1gefxl{K<-JIbwkXW}S~w&poo<;dfeZSj0%sa` zvG)OsvvXU1CZ+zg&$t4@GOgRj@JaG1yqF7YDTvFH3bQVv)~}8$6FCF{DVL{@bnwL9 z5PEWLcuAync-F2{+*&uCFn1SWXdbYOgx4>?y4*YFQc#w)0%vYi-%{VV&59KCA z0RePA{MgU7z`d>eN&E7V=(jgMpBvIq(M-iRoZSm6`B##`Q?5EBfGw>Uw z`!Iwfe)l~f&M)uizMdwqI#mIFEuUfr9^jZzWvGlxq6Nb!iGryPs_g#zi6UX!qO=Pg zWBb1B8Jdc_FBwDiCW}pakfCrvLdZJ2rg~=Y$ovk(@pPpX-VZVYBT?l|dHr(5KbhH4 zLvHJf8f--GE5@S*H_1o?s_wvn!16D-8p>f@lr7nc>!l89g!<)QEb1%J4bA;5YH#5( zYDbMKcVp)(b1%HA1)ms;uSx7$W7$~HNJr&?wmf1Ri5#vsfslrSBP^D_z-3w{Wa#k80pg}!z(|2~*Dr3zZ(8Mzk@ zlFvPH2||^t;i7HLFL<^T@;E09jG{{(&=1H4w1)o)1tIgAvL%ugP+MUtfOaK}ynDtb zhm1TiZD`R0A}F4KW3XY)?fQ{2ebj;|vMezI-K~~1y{%{lktvmx&|tMo&P#{f>}Oae z^(8mP9R{avTD1wWlaUl7`#pXI6Ty3hgs-4<2{4_?|uEjM9x}=Ow63kCL0Fz+IlVP$+EJG(&#%|-;kXWWQBE-UL3j9vID<{tEkWlTdkWV>|`M z`{G0wVb1JIeaA$BN4H=M`DwTFJ_^#aHFG-L!jCttQUuocAJ-!__?%lel;1C;qJXd@9>%_T3J#+;WJc;siL=k(IV8CWBgTf0R7Cd1A-A>sqoILgJY59N z2}^&CB7#bvqk%vqNMwu+8U;7ruqTdbRNwg)%iFFkXf5xi7oL$6cJT+C9ee=NnN%ek ze=YKEpZg}J&??iUHyEQywx6MNE#xNzYlNZ8-)WEEBW^7&H-%!*892bQWu%Wm8eDl> zIm>E1>8~zZREAZ%{E*Ue`B?nMj9G%d-He4%@>ae@C3Ohz%;gX=;N7WzgY=i}@6b6~ zd6z3*)vsbx!#`L`dqUd?*O_Goo@iPd&|VZ~B(m@A4lb0U8qZV?%fo5_W|l|?UV>~9tva*5MbT8vU}ZP&KkAq-%u#C=DbB;8z99u>LvPOw%={an#zlG|CLS> z8|h+vO|PnX7%ZsoBLV}1j>`iG|DcIi(iURAa1b~lzpyisz{J|I-tFxzIYVzyz?t(A zqS$wL3N!V*M36m+E$&?^Sa3`vLcCEkl)w z*41xl3>L!o%Hz zQ-uhVk|gAv0}r+78%K7azGNn*f#&5yRSc>QMHRAvj;uqx>ue}``r);%y@MMHe<}*yV*d2c6?3PbKO2?EMIxt-L5l0D9iOt(hu98Cx&_d(seXQ z5(E&!SUg>1!|Um$JH<(q{i9CVTd;Z5ff9E;k`>QLsJolo@xe8=If`u&9A6NL({#$i z4sTc_uS8#?+)HPCJdj=4wV)c0DpXVgFTTDiM%348P_N4HEE`W(DMi?r0mv1SNkb!) zCPCJnT+K*A0h`FyXQdynC8P+LwCr#Ba)x|UhHN!vRVQz`r2xYaciCm|L4j1(DE18a z^T1@poNxE}PR@xS+)?B^bz1-FsvVVT9f!tGiKy$;r;L79I1WXKL$I+EJ3yE%&ez3F z7uByb7}#z2C6!b#hJm)SuUV6wHF_*K9!fPt1w93b?}C_myJ<vZXW%bzxL6B9 zvuboQYcP@5@L-_-{VPC^26b$_H0nmvyrAD#&lY2!iGYMO%X+k>)%Z0zz4#1F0ThbG zRUYMf{5+9=&HL0R;Z6r2cv_zS{`V4$;nRMpaf}vM6Do6Eu*%Q-W(3v*Ja=q_P{^ASD??s6wh^UETwG-jcwYZG}*ydXnpu?&%)Gw#>nI zMM;UB&uBa^U^ylyimcz;Y2LJ#hvE{SX}^X~HdyO6z!u)m8iT}*tTNek)xl9Kbcq*J zQF^GGSeH;JYaV`0ddM=9ih`x=s`o&n;d1X_BKLvXNjL9izN_YH)4xAD&3seX8&rJk zO>L~bC$5!w!3hB5i$alj^~racAQSIRnOpSi7$2_PgbqeLbu#u|g2s63=?0A+ScZPX z{d|6qqUhxAPECiyApRw+`v%#R(YBY3RSNV{COhZ+P$uCZf`^}qn0=X2gX)(iUE8_O z;g?81vCeO!m^|y%YV9h>rAFZ+0$8V3J)%Fr#@ClecBrUtjDJWMzxJ(=_>Pu=>}@bu z6GAi(aYhL@?9qemOsWPW%0MN3_SDa*kpYpxClRmM=YL(ciXYg|AkK!!xbPnI=#CTgYX_P$8OpYA`Q>7>FvCeloaULG` z9AVk&zZ97%#cnTOuX1lZV~pjbZ7J9K&tSj zk1%hYmzG1|Ic`1?GTnNI<{Zj)Q;mWriZq#O=MTpIK*CM+X_WhZsjTD; zir*#QijBKvGDyiy9O#$+bKxUXWeGZmaJxwun~SR8cTT zW?QS;ObE~Kfw+f*p)Rr*4aT;YL_PI`2WX72>=>hJt+CwOP|{3YsU%1;o*CGBux5ub z@g@7l>H|~2fZt1tqA&mr+x=g-?0bBrw#2@UokX(0vW=(n5=&@*J9u0bdHC8#byCXC zRnE9p0=ih~A4lEep0r5zk62N~RONFEni<lg{|;>8V|7! zz)Z-wj!KwiGzTz^;h}GUrJvU___FVHdNCWR$WxKFjT^C~)w4*%t~%H|UK>8>`wCls z-{0K1tpYsHdKl#uBVBa{%ai$-Hitp~dhGrtJG<~R|7?4j*2c{PluD3zGZ{p2?HS0K z>&I6nJS$Q=$W}4$MY4fg*#&|HQsULn@UNI@Q@}TkDc}GX`@P$plG`0D2?A8RolIx`RjVoLk7K4X*RFeH^*^Y>AwRNj6k1x_1b1(Vx$*#)%T%w{cq%r;rDy&? z4(v=#mXNsxGzhwt^8@jAkFFM(u7-U>(E7}66-o6Od-JH$2Vcak&a^_;H^gY z;)j$|1+f33CrF?p>63m6QC-=xZ!huezUIn8cXN}K@;<2P>H3#n=k8txFI`DDJP$KO zX1OC0i($2g_VItKt`<=}J0r_Gka-@a%e1n{g`#zq1>Q_LcS8UU5%4mtcl-jWzyrfghm%DN(D3h}u1puja;h#|?e5t%iuzT^qkM zXL8vW6?1%DFVOB7JN_4E>hBU1y^(3-zoRk=3i{~;E*e?-02;w4bZk^d*wwN^hKVB{ z`i317#pp(0`=zh$ZSv(;AjS#1UUXoSeRj2Mwl=yDLxK#ypDp=(WM_YN`()P_WVg~> zp%12RN2i5?Ow!r#L?X9XNc2%{hyyLP_=8A_lspL$#Ezbia-ed6Qi z)u+DWxSNccrRI;QBL>CUu`KXc=^P_0B^~(hr0`|!z2cAxYa0eqZL<_Y14C7{VD#gO z^|acH4S^SImr@sUkB;idtj?0Nc}zI;z|qX6v@qDsRe}?ifwtgqXo6OM(Td@-I(bR| zx!7b@TTQ8eRQ02}^*Br>f~PX_n*)sO+X0H@CgAu-o4W9nQQ=hqhGT_bl&@{P zii-^(6X7Y#_RAEhp*Ce0ohSCvF-WP6Q^U=AO;8EU+W||8AHx1NTrDc{;1C zCq`O1aSnH$Wnuz;bi|1|^ete1OOKv{>Pi476O-p*lrV)v@#uY2RiqQ_`lP>ZEW1!p z3Z@1^$`kIwc~gCI)~+CTrqN=aRK;gMZoUkJ7gIxW=5&6%b#U0&_qHkhc#>QsbS15r zv3IC2q(5^m6s3FMG4Lb`J6ZjMr%-_`yxcc(Qr`lgQHk+4yd5=t;^fkyC#}=MQ2SUw z%AJj=wbf<{Z$V0)r9gxs>xWO8yd%i_Y*TL9y??FNq`8#5 zGI{e2OVn73BQn@WrQA3;q%LgOmAPM##iLN$BX=T-8YXAMmqvB{rz4jQa>|&TZ3->u zhw8Srj%M845e@ujzMj~be`D1a^J$4>G-uCa6~Y8G*`t)sYl6=LG8Joi@&30HQMgK`u1j=d8)RT0*EqMC zCGUI9J-mH6b4a~qAJ}TdDOH)= z*Xt03ZeIjLpsgp^;%Es|CU|Ps$lVq|PcI!cUjnyNs)V#->kId34}*+i2R;VdSdGB1 z1b{Cgez{K)by+Mbi+2J=>hHJHKU+DnLTQ0R`bEcoC|*o5)=;v}cuxe#c${kQ?6Sd! ziZ{C3IPZ166zp~YlA~E_H)Crs<2h*$FJuIJY`LS%EWI^EfA!iFyu=5zqp%)S+UZOS z)p2swSdctk+;E!tPV%o^xD=tpvW`0yOPEj(x+l5Ru@OA31ZxYnE&O;Xpg}BfbVmX> zgVunC!}r;AEbcu0IabDuy`cs(WJ|(ep!UD|+QUqS6CHxlr`_`#G$ZXEL9GW4fs#*! z#i23FE|s_0f4do!M5rgcOcO$DsMI?%oYgKXYoo=4QKKKm;F%A341|n1$dGn{#Z#ed z_YQJsbvbKS0NW8eO&Rwye8@HfsgRL0>u3m+c(dMkf6#|Zt-yelo+;n`)*$AGVY#@2 z&#JTr6s?KntEc8ja0I}6u{->V{k=s%DIWWbNuGzV^AzWvv*mWGXo;=(lIqXC?i#5c zy;UtG^U?Q)35Y(2;3o9(|2fKvWnTq#6tm6YH&35mxz!J+^-bar9lXkH;_07&@|v5? zd~>O?P@wA#EKi5=M3ix?y&}#f>2Wb(RBpmA)u>L4mmvp?e|w=4B7Ct!x1_UCG#Dw{ z$$Hp3!FyYayAr52G0Dh0dohf(Zapw{r7&@6J%#=Du5_ktxHHDKAm5|UJ$;b(p&)rP zy-v>)?BiQV6*7G8hk0jidy3)WAkQ*&1@o3eHc~?DN1L@yLqe4q@KlFQr(+d>p_MEg zT5|2K$COjd!<3V!jpPsRPJg&)nm2F&GSo9R5&>=E9wSE4t>J>|j@T{o%FLu3G~h+h zli71637i^A`8@oaawXk{zdz?uO#^XE^5SF;?djN z8n1KPh23a%_;a-r$721V{lcv*>qh$G`IkGM{+#(-^d?7MA#R&MI@O(tVsdVE+P5!X zC8<{Oacoc{5RF?8=OZra)WF&3era>hlj&lBOW%a|fOLtN!f^G=JY`K%al=+B08a{} zMXBDG);zL-18(8bGvV>+sj<_`rG?J&D{)z%l*~a4FFot#`cW-=4F;zx?OB=cyNY-d z8z}~~E*_FX-|{s{-Y18Av*S!knat}b!(|d+PGq7(k$zyjzBZxT=tT9aih~Sjo8TbQ z*BQyVlVZXAv&m`o%Jfm-#Dd_$eGhUB9;S$x2#sn#cE-^ZGyr}ue54GqY*^o%%xa`y zb)SG~^jXZ}M6d0{(A(Qt(OX+`-CdE8&U4@8AXqQ|ao<)woSUE&fMBx?RJ(}aw76C! z$w$%F+I5r@DOWyS72|W}oh}g$BGjcQH9!-pBzcwF(g+s8VjOCE; zZ75yT$-u$1E?s3_fjvQoy5`n$-kFopM0gh7Nij7jBHg`^ubsN>7iDeREm%)`kgly= zl+GwcTjU=cn&gbXCF`#c`5}C5Y?Rqc$teGPhdUTOm)9(;430*6AOBPHtKu$j3mdUm zp@NH~bF07ugETR~atCX#qU`Q6_2g2m+Ob@*_qIwu@|1QX%N=DYIzliu402TRIo&Ru z{rTU5bmA1XVj)3-50S(d`ey^_b(Et@bsx9onv87@)ed*4>gpTBu6_e=i27NH#i-&{ z%RSm7=&{S?Q8N1NwO8}~)a#Vt{HvK)kl=xlYwym@8Mbo)5=dFVSqCX|KqSw=X;3rU z+fQPJju%Ev)jM#Y@b(0bP}Xdj5Gmz%{1-BgI!4`%-#5!>&$iA)^h$;#C(@yC=DNA3V%M?l!aRD~@z(ht1^)-;Jv@vfysi}hOplUo81_ROon@{rUJ$t)X~wn!u76=F~G&+rp{VEh*IId!t3U zp3`C#!#9Ov1jgp|MZx)!_VMx)b+8^abkytNc*^rPo+tWVP5ok#0Ng^`h;Rd`J{74= zLOEajTVojEO~d)DExP3%svSnpwu6%zH7Xitrc3nHKxKbof^T>VD^TpVswI#T%fUrS z=IYcQQuF)ZopzULVK3nBorSC!GdMUD(ci*DXrs?X6)qKVS@t(z zJPwx5Z7jMm><*iSbvwV#n0!F~?E|wOFKDKj1+W75WFi)7v=w7RE4lG0fqVpQ5vhhb z58|I|+6Vmus2!(5WDkFWl|0j*x{NS31-!pncX!-DjG3|ImT_xWC?d zQNECI_gwAZrYL~u!1r%|xC?Pnx;orx0X=SfZ+O?;Q;2}3S>c^@xuUVMw_po^WLjL> zF1xYgX#I;3biXg-*Wva5o_%M8`xZSBb+zJ4leJ5Db!3E5^|Bi6aAlOIQAW`H(;G6s z%LTCyqWW$wI`ddW?$cF`Udj#M` zZq3XA6mo__4VAvi>=#>3uP<#qVx6AbhoOL6DP{%1NjR9JrO5Ga!%{N*8CEJ^5qr0^S!#PGu#xjH&n2-5AUb2 zp?8;$hbH#U^FpIRE7|CebG%lDHoZjto8>~?=s@lf_8hTLML~_vV@#_4H8b*=kRuKk zZ-5Vvi`Tpm7lpF^wJ|DG@2z;~<~)z}YyDD++8Hna#Ud@M)8@W7)JGVCe@LErHVCmU zd-u?WBv&9f8MJh~$oPyr&!f zAh4kjz&YI$f|rTRx{L8-fjedR`eT|^j!eE_kJ4j2E+Ms#QDi*)UHN|ig+O}0i{5xP z^j}>jQ~w3D+&}kUVKz{Z0XE_P{)g#xKQkUmRh)S@>xao@?p-{|y&A^n*>`vsmP6Ta zl6jY(g!velR^LZabz@@_x)|NSR06K5MPE>1%AZ6BJdDTl58ZCA?0MSX6#ZgRQ}#2` zOx384T`6M%tZS0ns{bnbFpH8gzN=8|D@-7Z+^*k`Q7eNnbNgv9jNh}l9%e_4#=!8I zhDk^IM~-%a3#$9F`Clt5@B@vlcg-$xIh>qBLln1w0?SCq0g5V8p&JV5I4YBGclFamIV*$rotQQYg!R{l1R<^GC5 zS?NdT^Gp50St1o`?zzxKUv87$VgMAG4ff+-c|a}fn@9BYFp&Vn#r{0(_QKvEg0c_J z!yXL8i`GH`5*rvf9Zvz({|NEuQ+*bl;~&_G@lSJ_@Y4CI4luO3gX@bNI}RVyDeU1Gq-?@fOlZtUfR{+!Jt{PQO2)6-y1up}|{5YF;#IY0N6 z6_`Xk0G<2=CabW_u9VpgUSZT`m_<>a6j#`;H>d(C7hX;<&^`(r;TS3mZ_27{NtLbO z8QLY572AA12d8YoS5~+og&V=^aVWlf1}{FIj7Xb zWkq+SD8sy9csmVgwXto04O-(_Ji7_bCX?U@7;02p^PvnC!=<$`*a$KSzC#FF7*M3F zT0^Qe2(~t+GQfByW#fJ*o+H5??7$ExOw%DFbI!DkB#kC8dU= zK9%zIyCsEtL+&=C{4FURk5Vd~_hc`rkVF?$!8n$e6bmmI3gzcr2Jd8S;5An%Wo-@_ zS%1MRg(hApl(+d_+9apvl2Wtil1k+jie=5tA`i8sMlGAONss5uCb}suH<<7QkTY-D zz~_ui-?z53@HG|AY5K}0G-UjQ0QG;QVu&1imdR^ zvuk*z_f~{3Ct4VZ4djluN1Zbi%-&f+X`Y6c68@OeyweLx=>mTy;xEJt^t*g$40@=cE z*ZYIyYG?Od@OHfyI5F`ZX7Jf}F?Fd^cTJFM=jX9FKkP}xe32kn@BcjedA1iEl4yuc zZY(N2;L>LU(n}1dWrdBt6{;j$MG|gaW9IALfc(8Nk{9h$__VOwD{iARm|Uj;R6sq( z!U{WFp*1E=cKg-U4yi)m$L_**^r#mmER;I-d0g!74r@t&xjU zr~Ulk#nIs&-*aFPMbhf;o2T$9>e4Zqqp^)A8D0!W6e2n`QPYML`a!OY zT>g{+B{>P!%~i*B$_dy^N;MlbfSZISGIfDPXQ~!E7No(V+}hka4Ps3j68W`4&WD{X zOs*Cx^|gYBGGME9Nm!7JzchGc2Is~!Szq6GFRsy1nh+TH&5FH~t2ZWG_^;`Dx9~m8 ztA0HniJ>t`_(fl`;S~!AN+%InOi`G61Bkwit|)LQPL5As8gDt8VoS@u z8>gC&%5hX7cX2Vg_H(t zHq}?l3aR87TmY6qaV;QRuB_+za`z3&e8p=Ky2$4}v}7dWEb|`6HMNiqKCsbIkIr5r34EsPfRU z(XYDbVb5|3`Ptz?gLxdMzx*uj_4&-Jj7j+)Ob*7vFBc_WT-LMV(N*7O0JCJtYqnM)GUFF&FkF2eE*rji?& zedsLSbq|PRZrGw+Qa;mOrL*|bqGuIZINS^F+ZA~qmd^2#g#zQx|o0zag8ZP(QlBf*rFMR^uShdXDgsL**Kj08yZNmKZ3gX#BJ&TOm-FO_&R@pE;r#1HXI+P*KqsWXX>hm3gO~ayi^a#Y55Mwj|N%EZu z-XGmBSt+gr^ywa!pgLFBC%D|L#7i_L9bX2IT#Y9#K5d|{Imonsz2VcO_-=FUG(cqOc8>09E!z6vxsC_j$BN%T*i_u zKQ2wUT>NgN%XO9@-m+nZ{ZV|&sHlh?6g@3HCMtcmAyJjj7!lsbE*=m^-K@HYrH3OS zjqflTtnnFxAq&ODqv7amW;pb;^mwTB-3CNeK50Y}@3d?*HXLeIel0Ny7iD^>5lHb* zg`Q%@EdXBv%~s9N=pkuZz)!ulLro&qr-O36Hxe|3NCz}8(KJvx;u$29Yb0YFS{<#d_ zlS+kTi@uL#M(`{>3&3=ekz8cJs**JZ(mn#)1%CxF!YJM^$)#ho>%ypGO!Co9m@&2WDk zlMRa~?Ks+P!~aIUZZ1h9s`02JRM>^dB?|gvxd^|n-oA6`(O1&`D8x|Y{c&_neH8QVZVKf`o3WF!f~uOD`eCehsrmNX8Ib1J&&a3?*9Z_V`c2e|GrKZZQ+# z`sCwbR-pJo#N)Rw4vzsrFAh6on#hUU&C|XuXmh(Czbp9q;Jg-K2KWc&4un$E1~zY^ zwoF`k@IbO@?%NEB%y{6_^tx|r6^%s7UnZ0J6pCL`wo@rCBTH2hMtE?YUR8whJG3@$0Vp3~#&m84_=gcVQC9@g;;ICrBjb zC(z*o_(-qtFQ&0HSuIUk%TDL0dvNw&*Z{21Zg2L%&E&K8Q42rdA|)+7d`jd#HKCh9 zBz^h|jhRbU35?X6po3hWQyRjenWO(f%8`*)h>V5x5-r1TB6Rs{G~{BOx7x$41&-(N zZIu@zE<+T{$S}3HSM`&U82iAU!~-M~yZin7XgX(|j@Z`2Tw_R?0heKmTQ2> zfwQogE8WaiVKY0fnccExc3qhr8|G|bjULyqH_M8lBW3|@wG2z=sF=3pUcO~zcPJyO z+c=HKCugUv=D~~BA)n)|ij1{f$;1Tk%v`B#s2EwWLyad!*^n=aMg*7fRWuG}p}58w zC5a8#O_1v(Io`mXrEA&X{fs#UFi?nUNyXSFDn;Wh-N{M!^zh{P=qD4w>Z0!iL15*p z4KkheH(4wz_so2&deJw)a4JYzLB*F+&LlzIHr18%X$^Aibf6|M4u@!%p|V|{lRh!@ z^@-#nC#%&&vhW2I2`2+3On6srhMtRB56UwS)p>^+mx)#oW~>?l&F};1bB{Ey*3QZ)L*(ytKwm=y0zHnWEsS;5n7+E9elEJk&v`S#mPuooFkr*Jsw9mjKP zXZJp#vn5B(JxFXqGn+l@ltV(4$wB7#&Avo_?-ElF0FZi*zX2KqndUKR#m`QT<-7^M zGJTpIsF#h$?y@kbaHiQ_bq)q^rBnyA(a`6NbmxOcC7HbR6cZ`s80&c9^s0IG!txA> zuWCG-C_p>ZU#()P>Y5Lb%^qch^}yvWSFFaGS1c@Uwq^>YvzI>!_T-Ztx6`kqJc9Rl0D_UWMORTiab8h2%6} zUCZyqv~8%0Rof{`RZ%kIoCT88CW)``_xtFEo>?LU*=6J)GOfWb-c|M4Tvede42v{F zG6z@}_r0^9UbVWfS}#?|?<}xI%~!3hp)U1`f&NQ$vk(SU_k0={nGW($5SqGzye@QP zU|7&_u1+;Wh`n&wn-6g|fFZ}D5JLiud-Ehg{^wY}IZ~3w1*k-vGRgXDINiVlbQfyT zDV23H_O&^@%4_@`&G^Kk7>M#f+T;^Hd%bd0LwLrxV#9tfL{(_|K31vd%zecmS;hRE8~5$dQQCYk zpaa^2``i<58S!`?xrA@Z%+#|i#c|U&CmeK64*t^ZpbFz<<_x4TOmzgqHasPFGM4P}1j&-ugAa$S)e+i7_)(i?f#{qZbrBnk6*#TE?zB*^>5}uY{(J3P zmQ+o^bqv{Cj5gbeLfv^hw%JC)jWiy2FTzngL_Mm^$-ep~S22Sbu=)HEZOxA70p*oI ziV#OJsgG#bNa+tLYK@+jDy}%?oxahMl)~S}<4{GF*ZN$W8WxEj#jz>Cr{qo8EugZO z&BNft7MD3J1{7+`14CC~XEZ?Q>bFt>VZ_Xd7DD%W&EW;H?Php2qvxi%46{~3X;?g+ z*p`||<_3!7#nRmN2K#VfJ7PfNTEc9wS>7_61iYQN96T$}4sjK^4$NNXTB5AZvm^xe zCF|fkzP!X}JJM`F;+%;SB>c-Xqws>cf_!G7kbN*dX^M0$WP;%+g z)HkyQm26>~n{E@^&F^Bnw{K&+b|2d{&@H#2-8w$kU~YiL0Dip7cD9?}&vt)@4K1Et z?J9@Xf5)wC_gCM?3JyNIUk^TCcebxP+wZ!w>BG~%=eG8BFZ;Te-EA-XwU1@ii10d+ zoV>J_!x{Por*v4wreloeeF1xh+V*rJx}3Yvfw8Nj=Aad{KDMo-HO#q^%rL=%F{gKy z0}4F0%EPR`elSkj$q?JqkS&S-_sf*19(uqn~k=L#$S7 z0eT$2Y9GQ3;IHGu)=~2(etXz#y(Hrr+g?A6Mw2m+v9yNy3IfW)`raBI^1JLUEEcJH zMV@dd62e4X?g7)dPwjlscBL^i5R~TUcw4wy-y-8*Hdm{=pAGkO%d|{ZdezN-bhSC2 z4>6eln&-Va^&Bmf3wP`E6oA887|0i6e9jU!C85BiYdIpIUQleRFK!Zw{BA84IRcne zyG5p?S8-_bkE_=g=v{ve^Om<|@e;*P<0+aEns@v3$|DP&bWIj{x}Y7~Btd8Tb@n1s zx2{D;%o$9x&*6eF?ML(hV~Ga{5Uy@nhQi@s`BCvMmvRulZE&=r750t*`nyEiq17sT zi1GdmFM%kb#QKxVqzk{D-mk>)m6#o}3aB@|?yons}_z_uB7(fp6PLsMY%kfP@XwRtm&0k zfDFG&t?+$b{fYLM&@y zWB|0!Vx~`-fGTXpxn|H2Yce4t`w1|Qgv_)TY@N7)k>Ners{xnEPl)n=RR>l{sdJ&t zu&rzEwYaV*gTM<}IpQDyFK|fNir@4p3^(pPj4ve$=P-X^wh2bQkrp#;E;S_8AE>kWKXI=Z)H6CA}pSDjq5iYxVPJ^)=y zIZ&YPWipw{T#M(}Jq)<+;^$1JH@P#3Il8fQbqr|MnXde^trtB7WV%mL#x zz_|0M6G8EtoEAbhWGB#OR~xgdZW^Ia*4fGNzI`?4clCYCiLt#^J_%8mG8}=96dBqzKKshZ?z*$5eNBKmL zAA>M*vxGx)yMxDO<6Mk$%hD$p>Ctg5q zqP=niQ1WH7)fn7ibkN+_RqT27TXag5aQ+6-n0x`d^KAhqR$8DuJBY0 zR+WxflFMievjSOM^R;$ash927+my>07{~zrX-5Ufw;E)4tuUgr$kLb6A-l15PP(1r z!>6yGAubA4$9KVtvOQM|o^g*!)dfkk&?4bzfm($7{^tZkGCzi0j*O;PZ5)9$+-F%A(z7x)_4^hJMFSCB9grc`cJjU4%-=T|&s=M@*G?GEgv$e{>1 zgwtay8npn$Q+I%M?~HC;MWwUTHB-%GYffh-5}oQw-%J!Bgr~Dn$e&zTbqlR)*bF!X z#$_$4))qkbrN?EB)z-4JnUf6Y?BmZVG1td|h?ncI`s`E=0?Dy~0X$Y+YDa)!y;?Sl zbu+eeQyas1__eEaEmF_T0!M1@zPDWq|Teu_F1d2(q;x<9QMad zi7y~#@QkOkD{o81(BmnpYbk-Q3EAH-n*-Xml*phXugAe7*i(;HC;3<^g+0x-Lo0ztT_Ij))oz~%=YfuxkwL9>AT;mFQEFqea)Q`1p~ zSLN0>vOopsoew*C`o^)QfK5tUtf*S7j43X&vo4kp%oUjp5#1P6FYR zVAWppuhGT^{{i7q5K*|f?KEU_a}%cbw8AZo>-bxmhkvu9L6e z5~%p~LPN^g;=I#5GPV|qbSoM)L@VDt4%py**!w>}o^ur3x4V zN3?1IMZ7ejf80{Uat5Um6ca@7??~rKnE)9v^>?T?lc<1ZI{;R@zObN$hy#^yU_D-{ z7-4l7m91D_qwl>Xn!0Iljsf(RRtkoOxv&!*zpG`YHh#C})TrM2%gE%!?KOrI(*=$| zcYyeUdfbzyslHQ3+QX<3a5M5Ph8iBrX^za{44$0TasJYI#h7>unGzLDjUu8fQ?t~w ztKklOiE96E<4Yess#Q`IrWqltK{^c8NY4WE$hTiwvr>F=rpBGlC37q?-O=8I#-!^Z z=AYDeHf+%=laJK1XDOpd>?LKbNe7qJkN7fSey7iCowepfO8}lUwpR4v+I?UP5xq7F z&xy&RkJpB;WDPs4@kBb9&-#;VW9TxPk1@VqE^Jw`^+Y3~c|aVbaY(@ESuR{rpB{?DLmy|MA*#_ndC^fuY>RsL-J@cDhz8}<6`&dwj| z^?Kv`hjsj0uW#+}-}=^8WBcJB8e8Ajx3?a`zioKm*lpAsf2e;-1hYga*ILT_c+oT^*nXpnoqzo!UUxz;t7*!9Hkp}cxNwKLFeSz*_-BRD`;!2354BF4$7k(UhZ=j+K6??Iww^anq0R|Z zg9csW#|KBR58KDjsb>4-tD`n_<5~z#o>3z&Tc-yv;8pW!`>1{P69Mq7eRkaHbT*)o z;P@nH{k3&`7Ia=CELe0tOho}HXhTg~I2g3hbfLA!ZW1JF-f2WK^C!~B9e z2Pem!)_=Z+_Ml8~*nHW1j-Z@URe9vGy=b0wPN3&g7-8r2(HV~9+3Cs4;OL}-zz458 zE$F0q*2L<7M*zB0gL*9h@f0C%9y3q}XYG??tO1>$oi-7Y9K?^INP>r*b zQz-blBNb{v^R(T;UQb@18DyPM!_dxgi(92BK%4+H1V`%>knyrfEkE<8M5y4fA2g>) z(16VZ*9N?p1;;PW&R!h`KU6kO(#l3>5F9sOwkjLPBUy{^vmYGia|K}0&QHfDuR86H zSNvoeJR1i6!Bw)eYo2;RGf{!0sq$f~b8y;zg=4|`6(H#lB*xJct%5Jm+k>KWMm@Z7 zMZ!R`3OC25WLOCMuVDyHt9DF1p|&oeSo<+OfjJG z6z?uk$(6u~lT8cB=4g&4q(w&hHN0-Ak-=cig!wk=c@+PKafm-E*z;AK%;xBp0@Ia3 zpJ&h`2oju8oRDX-K#MG4{8)hBVVPI$!;Q+>K<7#(Gdqwi(a|YJ8wkt*l)xa5o*`C7 z;S7-SYFcStpj{wGqE01Qd1b?!^`J)RLmgj=J)TE65H=#M854feAxbOa!lbhOu_@^} zr9-daH&_qP+RtB~Hfc$mwvJAkhe$JsIR=bpIKjSplS_1sA?qeeDu_T`Pm*CDdIvgV zV>`4zMjE?73P28zdR82b38&7EJbk1-Xq;`&Kt#jwa5FUDXUOGYG?6p|8$udm`?E;} z{iQ;#jJWDYAA)f>5~3T%?MCXxC) zzcEX!AN6RffrjH*Dx*i;a^cv~4iQfju*cX=Dz=jvmgVq?58*r{&^u)@yc zexGt8%7v1_6kg(N5Fa=p763ft=`dKIg_ptlb=-%2^AMIEEOg{0l@=MT2F{EXfP6`~ z9WxQqB8Odbj<8-%5S79ZBA$Ii!+?E4D6#^Qx`XYCbEN{l(~F1k>;~F@8o}6L3g^Qb z=S`kmrVRdNGPw>&cL3*~-uofCk}+%*g3Z7^sJudh2OyyV9;XdsnOx9hh{csHePv2x zoM0wj{*X{{?3ut8d*rPO3zIeu(ZVCHTn^MKQ4#;KTf)#&8_&0S#K@$xb>MI5N& zaSoPrgtOpE^Ve~OJZxqI=BhAsXgtY-BGB)c$@6TV?dM(fneCeGr|hQjIz?{mzY7b~ zBM=3v@heiUQ45<_VX|qY&P{B=95?WH#SrOSOd%y+H9*!H63rH|oysfVWR_|9P{AT$ zcE_1Pu}x&eNDah`U%Yp|QbWFU|?M9po^SgIm%}S4K?)&0w553BG76uk-*`e1ujw zjRW?Ra+Gq}G~(0{3lJXwiq5cR@m6q#Lb9qsZyQbqG)ct#8MC<0CcMgH1wF_iI3M9G z8s1dmaXLd292oUwe8tdHTYTyu-bdbKGh6~d1~5@{iox%bVZT-(xcjzm=HZ>z+3WTp z%`gdU*a~baDb6MDB)Izm9Ai4>Oi+9yl+VYgbcF#&A7%-I!g5Q0!nl<1)@sxfW;n>c zXVFNA9c8kxas@mK_VV#8xzQB18O?f|oH?l?`~i07G2dQF8Em>@xP@YAKHDRZ1jsh; zkP(s$#_%Sr0Y%Zctd|s!3vZHvq}9=_1R+XIaD42ihG!K(qj{HX1muauxWkE|wyp;P z07^$QD^MXA_lSUDLrdqxN`yw;2{JWU)w@Ck`3~Z!H%V~EhixHM5*%wBbsN@Adop%A zrj-_$Ql2(D?E^Z-;X&+x7-$9NJ51k~=Tkur8YMF{$uZ5r(KfgJ7`VO7&d?7_Z(|<4 zlanx3e4k}59IBGHEazKD6#)s%eg(E;8j$}w-g6+_=(bMToZ@kBI490;IsyoXMjT*B z2+SDWT0=ZT>@DQgR6Te-jz0v4(G~Eb?u$X(v%@k;QjkZD9ZGcl&cySwpvCOo|O1INiFk_PfzM|Mh%t>TwB1g$S zg>V29m<)M5C*$C0=TO*?VRN)UC{f?EKt;>ktO+1tcr}kJne>vC_t6b;dd1c91GTK3 zsU1lh*ve0^8bpEsDPF)*phV;bPNa>b6OxQ7%#|jGW#RBT6yD)OCfh2W#3cuTGWW#M z)odbnT$f`M*M}f7vq!1fwaDs^*m@2IyUWeTmKcJ`m9V~XG$Rx`kq;o~$F$uF=N!oa z4uj%jum&;kNy`r@%pQg}f<0Iz6^?>4#%1gelf(s>yn+cPDQ`B@Yu(Ei>P~VVYeqET z!T}^Pdf+8<@Quz*a6Ew-+p83GN3vb;%bXdoga9C>3TshL>9Bg!`MGAI=MfI9aK#hZ zfKW7p!Vx*>Pw=RPXav;YdhQKlyu>wJ0m_bOdMqceWMBkoMvkR8!I<7DR6S(&3XE$- zLINH`Z~}2mDs2YsuIGX}%k*&}!cxGw?%QomXi0=ALv=`$&>l-1WW8rnY0Sqgt}wBS zvuK57jX0J2agZLb@sy9Z=7a(X2!o@~5J}CngZr4@j!vV&TnCt;E)HwIyap!QV40?U zk^3lIl{0cAk=e+d7(w#Fe99tTNctXTgJuYV6xsh|Q?Id%eI2J!#q0@aghe*9rccv! zobqilE5S%h6slaJ4upv04a1;V$)eSN9gR;Wkb~Eqvy+#orG16U-45<^p}E7ht9jCc zHd3twBZw_05|x1vjHr5`gT^#9-5m zv>(F}hZCA))S^6Va8Rja8bSKVjfrQD)ot^coZb`uOoEynwAoQEkN|34GQ}bV7t%<_ zYJ9UmBDvpw5{L6P$aYR%s(4#g#Un`;_h4Pf@wxJbmbK_{4ECHvjMn?8$kAjnoy21i z?QjpG@2o19RZzo^!-x*tDAB@}LrWMDMQmgvl4(YR2; zUM&7fcfLl4-dS{b8U&QJhz$f8otK3yWM~WxdF2YUVfJ|3pO7Ctid{iyRZrHrjN%i{ zf*ME6!>{qP+Q1J~Er8%a2b@MaUuXfk*i%%Hn;Ql(*>^J+37#aucQZaYq&IMC`hcT%qrPRKxSrO%;kozS>_{zvyf}H; zI&7aR+CXqnkL8^=Cl}1O_{f4%Gww?@38~;@D5D4y3OE;*XjnWgIn=8V>n`lc9d&AU zpQ>zPF(a#xqAC5(9pbdQx>pL`Dfgu^E)P4_l^>e&1j-Oz7Z zDmi0)DB1hTj+5zK-Ks#hD0=gDjX+(8H+0cgQN_&$GU-ufWKwc4d#5lEj1_&t5S2&F zv!j|4Wt+XcaI*@*##@~go*3Z@~-yzN==D!fheF9M>c zJ6}+h%(yBp_iS-d)PtE`rg6W5LCyFYytK6ATC~Ja>b9llX##~{`Zm+^c)ZDa2_XU2 z1mcc_$`f;RE~_e6_S6FhC9^jiFWMklpZ-*N2GcP!S5oHciVaOz=0jT>o}sfB&EvlS z4~3Qdo(KRV7~z+_|a1^QTQ|5tzb{lo9Y{%>cy z{&1J<|LWUc?f-s@f13}q`Jc==S^w?qYU{tok9+m4z51@U{v&(W%?Fj>!Dre31=PZq zvHpXGzL4=>@ZbyB{_)VhnB^a|_1T7h(8iat`-7&wkl7y&?2B0aAxK}y=ntCuOq)No zKJa9^(W5t4lemvD%EHSCqv+9@7NcqK`!v4nnn=Y3U#;)9{YDY-ii)wD`R(P%7rvwz z{C8!=hGL=5>H{T9W>IaGU(0B51Ch~EL2?x7N4-fuGESrOB$in71wCpvo?IdGGykDt z<3biRM=m>=nq^Jj+F0*0#)uGTZnj$7+8v?81{pIY?G;Z=-VJvlO3`blq}&qyh)irw zIIFh|*sm)=K$jT_24AFrZ-vw4qYY`iJGt`L3K!HxvMrSr?t=_(Vtma;)S34ksFumt zYcN}iT&s$Dyd7g+JLF{bY3;}uj8mOP?-DKEz7%Akr#Goy=jbPohp|sywEh%hbLU}? z6Rso2a*Rv9kc&~_m$1KR3bH+n!dY*yWO-Qz6gqlgje=<4*+xtV>V@sNfn@?$%fKZh zwQW0bQ)Fj=VNSN-jEG5{@GOT%@0og_-5*?2Oh5G$*N zMZB=(1>2`Yb1a2*V`IZ>4pkv${b3UhHhxkJfTz2Z8xi3~q>J1=z|20R|D|kN(3*KVrp8Q+b%_j4tM_<$@RQr!JjZlDU{}lz3^=mzkeYz(SJU&z9TK3(|P%v>jQ4dC@F)d8kW2|hwiaR089 z=-hO_(T7=-jPae5vstiS!>1Lo`A7qM^MR}fZ{$WGASM_l9=+H3GalZt)+za=@4?TN zItIAKZ_1dWVcyZRk?AWLk-nemlR?nuSif2b5eIu$X2dZuvO+#Wy;k{0Wd+5fxEB0U z3*Og)i#Qtgu{Ifh?N?T?@XCV^wP5&m>)qQ1hz;*BOahgY@DEbhgacX}?T4V@&?%2h ze2gK+Dp3(eFqQ%h!$hF@BPW${9Z}Q?PJ=+NR7iTSB1Wl^U`Pta6+h|?MVS!m^i>)d zH-}-7g2rBH!x966gVLBWYQz-8gz*}}%qs!K*708bJhN>N-~RIM?fZ8^8mWz3V?yG1 zF>YL8j!{N2AOxH(8?C{CMC04~UB~wewUljpdw;pX=SQ=hAI&{~G`BUH8&LsPiNZew zHpA!eZR4HE{rLg@7nJAzv}rdbW4R}#S^UY?C zT1XH)5S&p;SzA8;LM2w$UP*JxBAMZUr+B$pQJB7`QuK1rAbM|xVdy{=Go^|KhMFoG zmxZK&c>ACA{c*JXhYw7LPa6I644i!1#&1Sh{ zfY=z@n3ST^gE67wh)lVW7IQjiP)3XvQBwFOa=E~=?O0eah8w2Lj7HPhO#qVeOy!8V z6-&3FDW9JPD)1t@4pZ^doKQv=I5eB#lMgk|HRH!-3#1&N3KW4tf{hA+thqhx_5qZP z;E^Ra7i!wkUo6{{BFS76*^Nt6vp;jVECJa0v`^tB?TC3)xrQm8l-7npt$u%Ug zkS=`q6rw-UYqsId^p)Gd^E&)xIp3#j0$-BtaPV%)wTKnmEa#>-!>3F`g(xy?0iHqJ~8Wo zn!#zglEq4qxisur-qPAP*;&B2EmYZDv^kqn>;Do!fa@V<*ovmIVj9A@I zZk{Ol6hmR*GWl?+O*8F@5qY7_OH7;2JEU27Dh^1aayXWR@daV0|eKrGzpWo%ygQpBF7`f>S2m zK!{lPCr3?0#hZx2^wT-MZj&B6)}D3tH?F-4GgE&d-e1J;i!Q~NX8Eq*Fd94L!h_-Q z>|gj6`S>WkbS(V0;?^F7tg4~>%8niEn?eM4wuoCNnU+wJ_~$8@tY^w7I0QDJ(0ziV?246u((B?a79qn=^It71W|Mg{qVH z)n92jYSC$-*p$sFj;n$L8O+D*j!&UxFp!*?2Nf$+-&OQS>d+wc_nP&X&p~oguC#xC5Nu%p$H1iyfX_aY<`hD(U+sOF_!g zAu@PQ?qRbfU05zlek!X+Nt~0X)XMK>g8#L{p77Ie_(HW zT+AeCy*2xAp&-Kz-64~34!NkJK}R{0epkhtcPe2&`7C9ZcfBuYa*vaDCndmO&H|UO zhkG{B&Q0NuIe8^RiQQ22pbLo+*x0%yNWM8=iWt58x(f+WTc0gUiZw(5(ivhxUqqIY zX7C+WAp#B7@#n8irrq$agzERveBNvyFVzW^6pG=2=}RN~CesI;`&wvhaoXy%&elvX z#VZB7!L>rAL~)W|Gu|=9(rPZz^5-lX1f-8NP4JU`=Yive2O3tV}o2urg|E{)QZlFRpw#qZd8`O<@Ct6yS$<=4dTx*k}7$_YdC zx_kpdxqbQFNG^{`7fZ%qS~eeb++DnAQZkvTtfX0M7`zhD*ID*OCS zr0)ANu@FPCszn$(4}0$^<%8k#F=ZG)BM;5~GfM&qT>{OT61*n3-ps4J-~>?UXBAvH zJ1mUilkQi{9V9;CT`C%-(?#L4?(^2!vm;C|hnhT3r7c&FluT5rejA*0k57)D9-SQg z#Z$nuYEcS34*uneiDFrI+2Jm!bXl)jKkQA2=Q&36!B;sr+Z0qysnTrf4YspDTlz6d z8U4w8Mt=dPpJ3Ej?7XJXzJityD`Hld4C7G@tY|phH}`q7U=)6cMLTz8uhfQ#cMrk#7M82>A}pb16&faJqpVc6;-L z4Kga`QZg=X8KZ64hHW_RLhR$)E z{Z)GK$(KD9nQ-Nn)LvvDqW+d*Jl4z(N`xq6>62pK@p0;VKK_jcYgruM?>rEvg9mF+ z+CBU&XX8YUk^=1bD#A1n&TW$JS}S~N_OQ9yQFjEKw#C}tuO%|sXCL0MxJ)Yf|o zj^U~ld2G(yTEl3W*39Gq8E{>WY5id!KAQa%tp0YFuT-!+npLhpnT@)aqZuZv-VC;P z>vcm2RN|4*R7v@D=?4Qz;ML*%b+j306AAV9yZhcnAa-nTFz^Ad0^fd9-|BCElWu;~ z-@~8oKfyOW{8O*L!;KYpRR(j^56NY3JR7`~HN8*;0sMS&Oj6c(x177 z6IYq(zGWIK%rvshfjNVjdXh_xG2#4Tjfxa8h|0=T3cAXrZ$pt=G?^P;fbGZixD{`Ek;1R1A ztRGpY>0o`r7M+2V2-b)Eygr1_6|%*Nr;-<@B8B#(y&kvsr+)~59|QBgg6Y1-=%@*2 zf%OaN;{ibMd(Xx1@vn6Kzx+ar{|~pX|A+bY|M2_ox4y3b-{7CO{$J|FzjOQIe|38D zT+F#EozsKPW4Fk7)qVH)c4h$0fE@Ukc}J!4vU&WtQhC}wK6!Kec!fgq!^6vy!^bQ2 zhYug(!(sdM@k%C^a;0+8x%W7jlQYaZG`ayNgFpS_1Q!0|$3gX35=BothtcSODY>|6X%ycj%JGrLunOoVgrV9xiNbGT3k3Pm2KM$78xRK+|UgSXvZJ>5Bw3D*KGV ztEw*El4OlKY&~nj>~`_C=(zc^RhUA;x*ggGNUxl{V1p=g3}r7MDX^LIa2P;~F{bI@ z!bZjJG^uGgoOSV68qHAQ9z3qBRGUu^0J!Hb+5sE|!ZBEaZsQ8anm z*hN(>xgA@t)41PF=jZY|LC3pP9tckIT{7rv9zE|Kp9VYL3&ClyRrv_)=Q4fErO;av zI{!ydJ#2NVwUv4e{#L^^zjbVh37dBnzyPwDAM#J@M@0Sr& zln=$2A_vRQW62h`2hEVqGFK!B)(1b&exB`ds_8*AoNg>C>_&lgUK?+3n^<>YWjAQ7 z{K|M$Qg**|u&}Da5Y~MG<>}JIyi`NXILx>H2}Rg! zos@@jRTSE5Vw6!ZBUR({UN}rQ^B#uiz8gr1Y0310RJMj#tL2!OaSw|=#4}?IfR~@> z!bDUaCYL>9`3%3W-o7K6$NDP|usd1sL0k*Q>=_NHahEz7KXqbYZ@0I|7o9Sk^0gti zfdRB#%mI9I?yLA@XOSNb3T)#5pskPX*659C!@aTXNawD$Y0_L~LP_!~cW}w0@(T7K zlV{V8^Qec#37Y{jZVD2I5*cNSla;rD-<`MEYHt8lFQXZJUgbGJ?8D>_F80E``QCI7 zLu1`@7E&e-TW_F(u-zZrr@&s!wHg^G7%npBA|`Z)#v!2@UO0C~^-)acGPr3JburC% z;Z1C|3opPDccJiI*hQG{!l#yOANH&2M9*SjFBkb<%uE+{Vm_)q6lG+(Fss!~Se>hF zJ^;z~?6lQ9cmYx|-F#V>cp|I6V)}Z#_g_R=$e;Yl62Ds?z1D*Sjwj;}t5wUoy+9p! zbitlN%*=IU*Y0wTG|hq|g<`PY!f+;veVFX^g z!s&Rm4hMRu$?FDNCN!)CPo4x@4{Z?o6%tuFP=_aEkKgTkYwdvZrJ4NPa&R#y7AEYl z6mv{WfEM$rQ5*#1Bz0Wn)|5dSQ^7FkncdpaP8w$e$;ePFGza3ZYp$_ubAS4#|0gkr zMiD{7S=@~gl!Gw%E;x5RZr!2BZ+d@1tDEwU^%I^b^cy}_6ac5#rRJ7-W~nBx#Q`%c zA2aioi}B%aQD!*%i^6=AaS03(g^B1eSvk2CopkP1^$4v9sThWW`3)NII?ju%-GEKv z9>(s$xHmrQsD@PoE|+pK{XmFZg=15ds!=H;VR9C6pt-$oQW6(^VZd(7SVh8lKn=}* z+H9#taau?(b#vctrH{2P=hsz&%4zXFY$KP9X t`Sst|e_#K7{rC0X*MDFCef{_K-`9U%|9$=U_1|6o{XYX&3|Ihg0{}nscisR1 literal 0 HcmV?d00001 diff --git a/modules/vulnerabilities/unix/http/nostromo_code_exec/manifests/config.pp b/modules/vulnerabilities/unix/http/nostromo_code_exec/manifests/config.pp new file mode 100644 index 000000000..e20faa85d --- /dev/null +++ b/modules/vulnerabilities/unix/http/nostromo_code_exec/manifests/config.pp @@ -0,0 +1,41 @@ +# +class nostromo_code_exec::config { + Exec { path => [ '/bin/', '/sbin/' , '/usr/bin/', '/usr/sbin/' ]} + $secgen_parameters = secgen_functions::get_parameters($::base64_inputs_file) + $port = $secgen_parameters['port'][0] + $strings_to_leak = $secgen_parameters['strings_to_leak'] + $leaked_filenames = $secgen_parameters['leaked_filenames'] + $strings_to_pre_leak = $secgen_parameters['strings_to_pre_leak'] + + $user = 'nostromousr'#$secgen_parameters['leaked_username'][0] + $user_home = "/home/${user}" + $nostromo_root_var_dir = '/var/nostromo/' + + + # Copy the config file to /var/nostromo/conf/ + file { "${nostromo_root_var_dir}/conf/nhttpd.conf": + content => template('nostromo_code_exec/nhttpd.conf.erb'), + owner => $user, + require => Exec['make-nostromo-install'], + } -> + + file { "${nostromo_root_var_dir}/htdocs/index.html": + content => template('nostromo_code_exec/pre_leak.html.erb'), + owner => $user, + } -> + + # Set /var/nostromo/logs to 777 + exec { 'set-log-dir-perms': + command => 'sudo chmod 777 /var/nostromo/logs', + } + + ::secgen_functions::leak_files { 'nostromo-file-leak': + storage_directory => $user_home, + leaked_filenames => $leaked_filenames, + strings_to_leak => $strings_to_leak, + owner => $user, + leaked_from => "nostromo", + mode => '0600' + } + # Next steps in Service file +} diff --git a/modules/vulnerabilities/unix/http/nostromo_code_exec/manifests/install.pp b/modules/vulnerabilities/unix/http/nostromo_code_exec/manifests/install.pp new file mode 100644 index 000000000..311650f6a --- /dev/null +++ b/modules/vulnerabilities/unix/http/nostromo_code_exec/manifests/install.pp @@ -0,0 +1,47 @@ +class nostromo_code_exec::install { + Exec { path => [ '/bin/', '/sbin/' , '/usr/bin/', '/usr/sbin/' ] } + #$secgen_parameters = secgen_functions::get_parameters($::base64_inputs_file) + $user = 'nostromousr'#$secgen_parameters['leaked_username'][0] + $user_home = "/home/${user}" + + + # Install dependancies - make, gcc libssl-dev + ensure_packages(['make','gcc','libssl-dev']) + + user { "${user}": + ensure => present, + uid => '666', + gid => 'root',# + home => "${user_home}/", + managehome => true, + password => 'toor', # Temp, remove in final. + require => Package['libssl-dev'], + } -> + + # TODO: install into /opt/ rather than user home + # Move tar ball to /home/nostromo/ + file { "${user_home}/nostromo_1_9_6.tar.gz": + source => 'puppet:///modules/nostromo_code_exec/nostromo_1_9_6.tar.gz', + owner => $user, + mode => '0777', + } -> + + # Extract the tar ball + exec { 'mellow-file': + cwd => "${user_home}/", + command => 'tar -xzvf nostromo_1_9_6.tar.gz', + creates => "${user_home}/nostromo-1.9.6/", + } -> + + # Make the application + exec { 'make-nostromo': + cwd => "${user_home}/nostromo-1.9.6/", + command => 'sudo make', + } -> + + # Install the application + exec { 'make-nostromo-install': + cwd => "${user_home}/nostromo-1.9.6/", + command => 'sudo make install', + } +} diff --git a/modules/vulnerabilities/unix/http/nostromo_code_exec/manifests/service.pp b/modules/vulnerabilities/unix/http/nostromo_code_exec/manifests/service.pp new file mode 100644 index 000000000..8f7293048 --- /dev/null +++ b/modules/vulnerabilities/unix/http/nostromo_code_exec/manifests/service.pp @@ -0,0 +1,33 @@ +# +class nostromo_code_exec::service { + require nostromo_code_exec::config + Exec { path => [ '/bin/', '/sbin/' , '/usr/bin/', '/usr/sbin/' ]} + $user = 'nostromousr'#$secgen_parameters['leaked_username'][0] + $user_home = "/home/${user}" + $release_dir = '/home/nostromousr/nostromo-1.9.6/src/nhttpd' + $service_file_dir = '/etc/systemd/system' + + # Move service file to /home/nostromousr/nostromo-1.9.6/src/nhttpd + file { "${release_dir}/nhttpd.service": + source => 'puppet:///modules/nostromo_code_exec/nhttpd.service', + owner => $user, + mode => '0777', + require => Exec['set-log-dir-perms'], + } -> + + # Service file in /etc/systemd/system/ + file { "${service_file_dir}/nhttpd.service": + source => 'puppet:///modules/nostromo_code_exec/nhttpd.service', + owner => $user, + mode => '0777', + } -> + + # exec { 'run-nhttpd': + # command => "sudo /home/${user}/nostromo-1.9.6/src/nhttpd/nhttpd", + # } -> + # + service { 'nhttpd': + ensure => running, + enable => true, + } +} diff --git a/modules/vulnerabilities/unix/http/nostromo_code_exec/nostromo_code_exec.pp b/modules/vulnerabilities/unix/http/nostromo_code_exec/nostromo_code_exec.pp new file mode 100644 index 000000000..a4560e829 --- /dev/null +++ b/modules/vulnerabilities/unix/http/nostromo_code_exec/nostromo_code_exec.pp @@ -0,0 +1,3 @@ +include nostromo_code_exec::install +include nostromo_code_exec::config +include nostromo_code_exec::service diff --git a/modules/vulnerabilities/unix/http/nostromo_code_exec/secgen_metadata.xml b/modules/vulnerabilities/unix/http/nostromo_code_exec/secgen_metadata.xml new file mode 100644 index 000000000..42dc2889a --- /dev/null +++ b/modules/vulnerabilities/unix/http/nostromo_code_exec/secgen_metadata.xml @@ -0,0 +1,58 @@ + + + + Nostromo Directory Traversal Remote Command Execution + Anaas Naveed + Z. Cliffe Schreuders + MIT + There is a remote command execution vulnerability in + Nostromo <= 1.9.6. This issue is caused by a directory traversal + in the function `http_verify` in nostromo nhttpd allowing an attacker + to achieve remote code execution via a crafted HTTP request. + + Note that Nostromo requires LF (not CRLF line endings), + so be careful not to edit these files from Windows. + + + http + root_rwx + remote + linux + low + + port + strings_to_leak + leaked_filenames + strings_to_pre_leak + + + + + + + + + + + + + + + + + + + 2019-16278 + 10 + AV:N/AC:L/Au:N/C:C/I:C/A:C + https://www.exploit-db.com/exploits/47573 + nostromo + GPLv2 + + + + update + + diff --git a/modules/vulnerabilities/unix/http/nostromo_code_exec/templates/nhttpd.conf.erb b/modules/vulnerabilities/unix/http/nostromo_code_exec/templates/nhttpd.conf.erb new file mode 100644 index 000000000..d14d48ab0 --- /dev/null +++ b/modules/vulnerabilities/unix/http/nostromo_code_exec/templates/nhttpd.conf.erb @@ -0,0 +1,57 @@ +# $nostromo: nhttpd.conf-dist,v 1.22 2016/04/12 18:54:16 hacki Exp $ + +# MAIN [MANDATORY] + +#servername www.test.ch +servername 127.0.0.1:<%= @port %> +serverlisten * +#serverlisten 81.221.21.250 127.0.0.1 ::1 +serveradmin webmaster@nazgul.ch +serverroot /var/nostromo +servermimes conf/mimes +docroot /var/nostromo/htdocs +docindex index.html + +# LOGS [OPTIONAL] + +logpid logs/nhttpd.pid +logaccess logs/access_log + +# SETUID [RECOMMENDED] + +user nostromousr + +# BASIC AUTHENTICATION [OPTIONAL] + +#htaccess .htaccess +#htpasswd /var/nostromo/conf/.htpasswd +#htpasswd +bsdauth +#htpasswd +bsdauthnossl + +# SSL [OPTIONAL] + +#sslport 443 +#sslcert /etc/ssl/server.crt +#sslcertkey /etc/ssl/private/server.key + +# CUSTOM RESPONSES [OPTIONAL] +# +# The custom responses are searched in the corresponding document root. + +#custom_401 custom_401.html +#custom_403 custom_403.html +#custom_404 custom_404.html + +# ALIASES [OPTIONAL] + +/icons /var/nostromo/icons + +# VIRTUAL HOSTS [OPTIONAL] + +#www.rahel.ch /var/nostromo/htdocs/www.rahel.ch +#www.rahel.ch:8080 /var/nostromo/htdocs/www.rahel.ch + +# HOMEDIRS [OPTIONAL] + +#homedirs /home +#homedirs_public public_www diff --git a/modules/vulnerabilities/unix/http/nostromo_code_exec/templates/pre_leak.html.erb b/modules/vulnerabilities/unix/http/nostromo_code_exec/templates/pre_leak.html.erb new file mode 100644 index 000000000..8d74fc89c --- /dev/null +++ b/modules/vulnerabilities/unix/http/nostromo_code_exec/templates/pre_leak.html.erb @@ -0,0 +1,9 @@ + + +
+<% @strings_to_pre_leak.each { |string_to_pre_leak| -%>
+  <%= string_to_pre_leak %>
+<% } -%>
+
+ + diff --git a/scenarios/examples/vulnerability_examples/nostromo_vulnerability.xml b/scenarios/examples/vulnerability_examples/nostromo_vulnerability.xml new file mode 100644 index 000000000..fcbbda3f7 --- /dev/null +++ b/scenarios/examples/vulnerability_examples/nostromo_vulnerability.xml @@ -0,0 +1,16 @@ + + + + + + web_server + + + + + + + +