CTFtime.org / Hackover CTF 2018 / who knows john dows? / Writeup

CTF Gandalf here, with another problem to your solution. This time for the Hackover CTF 2018's `who knows john dows?` challenge.

This time, we're presented with both a piece of source code [on github](https://github.com/h18johndoe/user_repository), and a login form.

```ruby
class UserRepo

def initialize(database)
@database = database
@users = database[:users]
end

def login(identification, password)
hashed_input_password = hash(password)
query = "select id, phone, email from users where email = '#{identification}' and password_digest = '#{hashed_input_password}' limit 1"
puts "SQL executing: '#{query}'"
@database[query].first if user_exists?(identification)
end

def user_exists?(identification)
!get_user_by_identification(identification).nil?
end

private

def get_user_by_identification(identification)
@users.where(phone: identification).or(email: identification).first
end

def hash(password)
password.reverse
end

end
```

![Login Form](data:image/png;base64,iVBORw0KGgoAAAANSUhEUgAAAdsAAADGCAIAAAAVJ72SAAAAA3NCSVQICAjb4U/gAAAAGXRFWHRTb2Z0d2FyZQBnbm9tZS1zY3JlZW5zaG907wO/PgAACldJREFUeNrt3D9okwkDx/FsGTNmDO+UzU7S5SBjwSXcFLdsZjqyCBncbglO2VoOTjK8ckE8iHhgUJAUbshyGgp3BA6xyB1UFAzlbJ60aZv3edI2f2pTa/VVuX4+/IarbdM8qXz79Em82BCAr0PMQwCgyADML/JvAHx2c4vsZxTA56TIAIoMgCIDKDIAigygyAAoMoAiA6DIAIoMgCIDKDIAigygyAAoMoAiKzKAIgMosiIDKDIAigygyAAoMoAiA6DIAIoMgCIDKDIAisxHWa8sxmK5+uwftkvpWLLQ/PcffVDPJZL5xknv2ogemHcsVbuf7qs3cvHJw9zIx2OZla6/kYqsyIp8QYsc1LLxecc5KvJioTaruf4Jv3ynXiqVG+uKjCKjyMNudSmeKraH84t8/IH5P1JkFJkzFDlYr5eyC6lkPJ5IphezxWo7OPrcRjm3mEqE70gtLBWqnWDqt/GllU6znFsIPyueWdkI2xeLZSuNysHHJ9OZYn18thk0SpmFdDL88+grZHKV5sbRu1rFVGyhWKsWl9LRLSUXcpV2d/xlo5tpbEyf87arhdFHRvc0V25unB7klUwsXZoT5FOLfHQ4R4c/OpxuO7yb0QGHj0ZuZfwgnXJ07ejoyp0Tizz6vsTzTX9DFVmRFXmqyM0wG8mlUrXRbDZqlUImlamMWtpt5FOJhXylFr6jWavk0vFkrt4dFzkRWsgWy+VyaaXZHSUsFk9lS7Vmu9Ws5hfCUFcP09StF7OF8kq1Xq/XquVsOmr4+qTIsVhisVBttNutenEhHovClimGN9Nu1fLpeCJbO6pYp7yYSGWK1Xp4hxrVYiY5yd2JyV1ZjKXnf8CoyNnqxqxuMC5yLJ7OluutdrtZySZjUXDDnxfR243yUmKS+lOOTpFRZD6syJ3wP1PF1vSJaHD45/FJDKNyF5KxpWpwVOR0fvrsdZSwpVowe5JZO/nX99wkTVGRp05jg+jTFivrk6hmYonDanVr2Xh6+hJEdAo8e8/fOfCpmzq5yHOe2Tu8+8H0yW4i3wgmj0UivO2N9x3daUUONjqtVmvdVQxFVmRFnipyFLpYeFK6Um91NoJjvYpPC99OlzrjqxYzL0oYJSw39ZqGqD+TZm20qsXc0mI6lUomEtENHaWyNd2sd7M1rOfGoW/kE8fuUHRDc6ofnVAvhLd0ymWN0RFmSs1Z7Y2TDid6EBNT191HP8bGP0jmHt1pRUaRFfkiik4zY9njRQ5TMT693Di4Hjw6RUwsZMvN7qjZqVgyX+vMWu8GZyxyM584ClO3kUvFYsnFQqVabzRb7WouObfI0adNd3SqyLVsGNBy+9g9mvoh8s7PnPFlk/lFPu068tThRBdAZooc5v7w8Tvt6BQZReaYKGrHf8Ou5+LHf6MPup1WY6WwmDhIz3plYeb39nd+Mz9zkbsHVyImd6BVOFeRo6LNf57umPB24+95afGnKfKpR6fIKDInnSQvlNqTuHZr2cT4FLm7vh4c6/coZVFNYoszT4wF4Unyhxc5+vrx2Xedq8jRS9li4ycXD79seJJ8YpALyfi8HyeftsinHp3ryCgyxwXNYjp6PUO+VKlWV8rFbDoeSyzVNsYFSWby5egFDI36Sn4xnshURz3ZqIe/fx/+Ol6vV8uFTHjaWTvHVYsoX4lMqdHudNrN0Vl47DxFDgNXjl6Kkc6WVmr1em2llFtInPzMXrOQTOTqwfD9RZ7zL0Q+4KrFaUfntRYoMifVp1nJZ6LX8cbiidRitlTvTF4V0VopZBfTh686zhRWWpPSbjTKB582ev3vUqHSOMc5clSfWpjzgy+QLVYr57uOPPrh0q4Wswup0Wt/wzubK9XaJ5xkNvKJxMn/cvqdIp/2WouzFfm0o1NkFJmL/itB9L+yuAj/zw4UGb76INey8VSh5YFAkeGLW29UypN/wA2KDIAiA1yIIv8GwJQvXGQ/4gA+SUUVGUCRARRZkQEUGUCRFRlAkQEUWZEBFBlAkRUZQJEVGUCRARRZkQEUGUCRFRlAkQEUWZEBFBlAkRUZQJEBFFmRARQZQJEVGUCRARRZkQEUGUCRFRlAkQEUWZEBFFmRARQZQJEVGUCRARRZkQEUGUCRFRlAkQEUWZEB/hVFBmDsSxYZgE91Wq3IAIoMgCIDKDIAigygyAAoMoAiA6DIAIoMgCIDKDIAigygyAAoMoAiA6DIAIqsyACKDKDIigygyAAoMoAiA6DIAIoMgCIDKDIAigygyAAoMoAiA6DIAIoMgCIDKDIAigygyIoMoMgAiqzIAIoMgCIDKDIAigxwkYr8n+V/zMxsPEU2M1NkRTYzU2QzM0VWZDMzRTYzU2RFNjNTZDMzRVZkMzNFNjNTZEU2M1NkMzNFVmQzM0U2myz9U2/5+e5fW/v94f7m1t6zl4PbreDKj+//xOsvhsOX/csfeweC1eFw88/ewZtXHm3f+rV3yffFFNku4n7qPx0M+1u7d9f636/2b67trL7e6w/3bt/7bEXeuv77zq1Hbw/e/O75/vD19je+L6bIdgGX7+wPB7s3qjN/+M0vwbWfPluRZ6bIpsh2cRdVdWvn6rwPuLfzarh36+fxn7y9+XI4fBFMFXk7v7rzdHN/ONx/9Xpw4+gjL/+6OxzuLj/aXn0TnnGPzsEfv718r3//5d5meEre31t9Mr400bu7NfxrbSv876udvem/2P3ngW+QKbJdoF15EkZw/+mT3skXjt9b5FFt769tL6/t/NGfxH1U5PDN3VuPe1fv9Zb/jpLdH4QhDvL3et+t7U5dGJkU+dKd0Udu7lx/0Lv2oJe/89Y3yBTZLtJ+7C2/3B/9Pdrf3Nx9+mJnebX3zQ9nLvKbnW+PPjj9S/jB+w8fTc6Rb/w4fTuH7zqo8MPB8I8nb48V2VULU2Szf648CG51Bq3Xe68Go9PezZ1r1TNetZi+jhyEnX026uyoyIPrk+cPt58N9+8/mDybd3tz+KrTU2RTZLNT9vZqa3dzGIZ168OLHLX1oLPvLfItRTZFNjvDevf7w/7z3rjIt898jrw6POs58rwiX1NkU2S7sGfE19e2j73QLX0nrOfRRd7/9v+Yuf77dvn13CJfejzoH+X73EWOXm6xufOtb40psl3AIkeFHe4/e7Fzq9W/8Wt/+ffBs370fN3VHybp7L/e+e7e1tUHwd2D5wCnizzYW/19+/vV4Oba4K/BcPNFcHn5o4o8yvr+07Xg+uP+zUdbvkemyHaBdvlOcPP3wdM3e6/60QvUNrfCws78E+pLP/cfvt7rD/Zfbe4+fBLcPnaO/GZw9+/R84GDvad/Bld+mH498nmKHJ22/7k7usH9Z2s93yBTZDMzRVZkMzNFNjNTZEU2M1NkMzNFVmQzM0U2M1NkRTYzU2QzM0VWZDMzRTYzM0U2M1NkRTYz+5qKDMDHUGQARQZAkQEUGQBFBlBkABQZQJEBUGQARQZAkQEUGQBFBlBkABQZQJEVGUCRARRZkQEUGQBFBlBkAD6syAB8ZicXGYAvSJEBFBkARQb4Ov0PuuyVmD8qzpYAAAAASUVORK5CYII=)

To get past the login form, we need a valid email address.

We thought the odds were pretty good that [the developer](https://github.com/h18johndoe) has an account on their own page, so to gather potential email addresses we dug around in their git history.

As the history of `user_repository` shows, we're met with four potential targets:
```
commit b26aed283d56c65845b02957a11d90bc091ac35a (HEAD -> master, origin/master, origin/HEAD)
Author: John Doe <[email protected]>
Date: Tue Oct 2 23:55:57 2018 +0200

Add login method

commit 5383fb4179f1aec972c5f2cc956a0fee07af353a
Author: John Doe <[email protected]>
Date: Tue Oct 2 23:04:13 2018 +0200

Add methods

commit 2d3e1dc0c5712efd9a0c7a13d2f0a8faaf51153c
Author: John Doe <[email protected]>
Date: Tue Oct 2 23:02:26 2018 +0200

Add dependency injection for database

commit 3ec70acbf846037458c93e8d0cb79a6daac98515
Author: John Doe <[email protected]>
Date: Tue Oct 2 23:01:30 2018 +0200

Add user repo class and file
```

Trying through all of them, we found `[email protected]` to be a working one.

This redirects us to a password form:

![password form](data:image/png;base64,iVBORw0KGgoAAAANSUhEUgAAAdoAAACuCAIAAAAeQlubAAAAA3NCSVQICAjb4U/gAAAAGXRFWHRTb2Z0d2FyZQBnbm9tZS1zY3JlZW5zaG907wO/PgAACL5JREFUeNrt2zFoW3cCx3FtGjVqFDdpi6agpaBRkMV0UjZt8VS0BDxk6yIyabMo1GhoqAkpOKQQkUCQoYOWxsaQIighJrTgEEOMOFuSLVvv3nuyLNm1m7TNJU38+fAbzpJs5U7lm9e/3yUCAP4FEv4nAJBjAE7n+GcAPrjzc+yvJoAPSY4B5BgAOQaQYwDkGECOAZBjADkGQI4B5BgAOQaQYwDkGECOAZBjADkGQI4B5BgAOQaQYwDkGECOAZBjADkGQI4B5BgAOQaQYznm/ekvzyUmkqlMbq7SaO98ev812pVMIlft+DyRYz7tHOfKjZXQcn2hlEslkrmFdTkGOeYj5LhQ35p8vbM8l0qkyk05Bjnmo+Y42KzlE4liox9srcwXcpl0KplMpjLZwnx95hBjq1Ut5bPhc6l0JlecPnXe451qNpGeb0++M/zxqdLKJP71QiI13zr+o3Qa88VsOn6/fHnm7ZqlZKJY74Q/Oxc9e/yn3WnXyvlMKn51qZRPzea43ygmEom55b4PGDnmU81xv1lOj+u52SiXKtX6cnyKUSmmE6m55XEhO9VcMpWfb6y0Ws3wqblsrrL+J4+35sNU1jbH/W0Uwk6myscFbpZTieI4mluNYiqRLlTq4fs1FuYyiWR+ktcox6lQbq5SrVYX6q048vnwwXy5Wm806tX5QiYpx8gxn0GOa5s7Oztbm+sr1WImkcif82/9ceDGV7Vb9Xwieeo4o9/v/8nj8VuM07izPJfMFwupdKV93O9Efhzq6LQhXW6e9HN9IRtdRfcnOc6Wm1szP3glfChTafcvOqzY6bTb7c6Ozxc55tPK8VQyvD5dmXRvs1mrlAq5bCYdHVkkxmcY0eVueE2bypVry631rdnrz4sejw4oMlGAo4rma52wyeMvw/fOjMO8WcudSfn6Qtjn8ZPxYUVjtq3RBXd29heOzo6RYz6LHOcqK63wanK9M1PR+PAgmSlWasvN8Mn1WvEkx8FOu17OZ5JxwFPZYqW5Gfzp41Es87Wt6GwiV92MrpHDmHbCh9PJ42PkmfjONDwxDvQfczw+YdmRY+SYz+2wYuZXeZMr4+hydXJYHFkpTXM8ORHYXG82Fgrp0y887/FmORmGtzWfjio8PkHOVVv1/ElT47cr/aWr46jvcowc89nnOL4fYuZyNX7dOMc7m5un05ge/6buoseP+5spFDLHRxPBVr2QyBcKyXGdJz09e3acnDk7Pp3j6PuTcyvTvxza0Zs5O0aO+QxzPO7jXK3V6XTWm7VSdnp2HJYylStVGyvNVmulUSmkk+MQXvT4uO658PunfY9vpzt1f3N8OJLKz9eWozsriunozorjw+E/5jjoN0upRGau1myvr7ei9wp/mjsrkGM+yxwH/fXG9L7eheXqydlx+ESllM/GT6WzhVKttTX5hnMfP7lWPrm/7fjq+0xjw++fL5zcd1w7c99x48yl7k67Ft+GnIpvcK6V0nKMHAPIMQByDCDHcgwgxwBy/Pdz/DMAMz5mjv3lBvC+KirHAHIMIMdyDCDHAHIsxwByDCDHcgwgxwByLMcAcgwgx3IMIMcAcizHAHIMIMdyDCDHAHIsxwBy7AMAkGMAOZZjADkGkGM5BpBjADmWYwA5BpBjOQaQYwA5lmMAOQaQYzkGkGMAOZZjADkGkGM5BpBjADmWYwA5BpDj951jAE58tBwD8B4vqOUYQI4B5FiOAeQYADkGkGMA5BhAjgGQYwA5BkCOAeQYADkGkGMA5BhAjgGQYwA5BkCOAeQYADkGkONT/rP4XzMzO5kcm5nJsZmZybGZmRzLsZmZHJuZybEcm5nJsZmZHMuxmZkcm5nJsRybmcmxmZkcy7GZmRzbpVj2+97ii8Pf9kaDYNTdO3r+anin3b/27du/8ebLIHg1uPpP/wD91SDo/tobf3nt8f7ST70rPheTY7t0+36wNgwGe4f3NgZfrw5ubxysbh8NgqM79z9YjvduPjtYerw7/vKrF6Nge/8Ln4vJsV22lTujYHh4q3HqwS9+7N/4/oPl+NTk2OTYLumipO4dXL/oBfcPXgdHSz+cPLJ7+1UQvOzP5Hi/vHqw1h0Fwej19vDW5JVXfzoMgsPFx/urb8Jr7fjq+8nu1fuDB6+OuuHF+OBo9enJiUTv3l7w28Ze+J+vd45m/8EevOj7gEyO7bLs2tOwgKO1p73zD4vfmuM4tQ829hc3Dn4ZTMse5zj88nDpSe/6/d7i71GvB8Owwv3y/d5XG4cz5yHTHF+5G7+ye3DzYe/Gw1757q4PyOTYLs2+7S2+GsX/HI263cO1lweLq70vvnnnHL85+HLy4uyP4YtHjx5Pr45vfTv7c46fGif40TD45enumRw7rDA5tkt/jfywv9QZtrePXg/jC97uwY3GOx5WzJ4d98PIPo8jG+d4eHP6C8P958HowcPpr+/udIPXnZ4cmxybXbTd6+3DbhBWde+v5zgK6ziyb83xkhybHJu9bb0Hg2DwoneS4zvvfHW8Grzr1fFFOb4hxybHdjmvhW9u7J+5py17N0zn5GD3u8Evp858dxe3L8zxlSfDwaTdfzvH0c0V3YMvfTQmx3bZchzlNRg9f3mw1B7c+mmw+Gz4fBD9gu76N9NuDrYPvrq/d/1h/974l36zOR4erT7b/3q1f3tj+Nsw6L7sX138RzmOmz5a2+jffDK4/XjPZ2RybJdlV+/2bz8brr05ej2I7kXr7oV5PfX/kL7yw+DR9tFgOHrdPXz0tH/nzNXxm+G93+NfAA6P1n7tX/tm9r7jv5Pj6IL918P4B46eb/R8QCbHZmZyLMdmZnJsZibHcmxmJsdmZnIsx2ZmcmxmJsdybGYmx2ZmcizHZmZybGYmx3JsZibHZmZy/P/PMQD/hBwDyDEAcgwgxwDIMYAcAyDHAHIMgBwDyDEAcgwgxwDIMYAcAyDHAHIMgBwDyDEAcgwgxwDIMcDlyjEAH9g5OQbg45JjgH+F/wFVdovJcQpQ7AAAAABJRU5ErkJggg==)

Looking back at the code we have, we can see that the password check is as follows:
```ruby
def hash(password)
password.reverse
end

hashed_input_password = hash(password)
query = "select id, phone, email from users where email = '#{identification}' and password_digest = '#{hashed_input_password}' limit 1"
```

There are several blatant issues with that code that allow us to authenticate:
- The SQL query is constructed using string interpolation instead of proper escaping and parameterization
- The hash function is merely reversing the password input

To make use of the first issue, we simply construct a very generic SQL injection payload:

`' or 1=1 limit 1;--`

Now we need to work with the second issue in mind, which means we have to reverse our payload so that the 'hash' will end up as our original payload:

`--;1 timil 1=1 ro '`

The query that will be constructed now looks somewhat like this:
```sql
select id, phone, email from users where email = '...' and password_digest = '' or 1=1 limit 1;--' limit 1
```

This successfully logs us in.

![logged in](data:image/png;base64,iVBORw0KGgoAAAANSUhEUgAAAhkAAACuCAIAAAAUKIg4AAAAA3NCSVQICAjb4U/gAAAAGXRFWHRTb2Z0d2FyZQBnbm9tZS1zY3JlZW5zaG907wO/PgAALtVJREFUeNrtfU1MG1m2PzsvWXqJZuXdsPqLzZNYPEVIk5FoFomfko7o6agbRd2RE/WHW6LVEhMpViQiK+m8tjpKZIk3eWhEIhJeNw6DCAQrMkSAeyDIZEJMI0+6gASTBGhTjtP1v7c+bt0qV5XLHySB/h39Fgl22ffz/M4595zruua2HwEAAACgGtRhCAAAAABwCQAAAAAuAQAAAMAlAAAAALgEowAAAACASwAAAABwCQAAAAAuAQAAAMAlAAAAAAAuAQAAAMAlAAAAALgEAAAAAJcAAAAAALgEAAAAeJe55OvMpuQoYmEzu72czsZHUl3BOwfcfvfQsVAqNpMVsnmRfIaYX199MUk+4fRwmX2IfTGyzdqyPjJ5oJIHC/NXx3athTVA10RBaejmyOQb//YyxsHf80Ib0uy3Rx0/9tPFZX0N5UdCjm8+PDMpqm99dGPMTbNDM+r7hdv3arYCuTbHu92N3sU17YkX33/8xqZsZrLUnhW3doTMi+TEz9+Gxttcf/LB4My1+LNHqzsiHTIyYpvz9BPGDr7pNTl84uIimbtlMnd0YdDuLC+sjQzMBT6OQa3vWS4xymY6EzpdajqP3vt+bsfmA/LzA1P+srpxdDKWZY9vx7pcLaYDXRmB7ay5ef+utnDvckm54xBMa6NaiDvSQ1tPlv+s9ZGEUzO62CLc7gv+WAMuqWx+9w2XmCT7rC80VsoIG/5iIGunCoSZVOAvb6h3B4Nz8dWCfWd2kgOTbVDu+4BLZN28PdJ9x97GHP8+rS8FcfVFckaYnHshiPoHLN9OlGXpHOzKrLOHVzOBw6UeOZyIrWrv33p2/uNdb+Ge5JJKxmFyZKukQ0B9gvNzxjWzmj5u35LjN7Q1uJX5oq1qLql4fvcrl8jcv3x7qs3Bib+9qQ/P1vb83Fp85tmjLDeM6cXjh3e9aweCi4+4aRKzm/MzQnxiLZneFnnTZOInP/T7O8wlO7e+jh04bMDBo8NtH4+d+Hoq1PPzZCbPzSbxD4YsP/DEAOOm7ZGL4we4HR6Ks/WaHwmV5asOdcZ1M1O4nXA0smKB2yy6lZ+8eOeNtHDvcUlF4xALzWj6ZSHVZh+ziouqVhK2SqraoW814hEnZlw2PtAjTM6sEcQujtVsfvcglzy6MV60Z4fInj0enOyKpGJzvAouPBq4d8DGiV9n77k9c0znjKETVwWB23e7bNwkbq3qBmv8aoJfYAdPz9xK6yroUc8Y9Ps7zCXBcrzgLaGrOGL+l7l5dfEWkpFi32W4i1FCZvF4mZGuET1qstkXtFX0B77+ma3+zZmf2t5YC/cWl1Q6Dm1Xn2m7fa3rcImYlTgzd15zIOav2h1UTMU1hZeMDL2tfu1ZLimhUv2hzLLOJ9vEXix6z/i1DLP3Z4rdtWORZ5uam3B+N/vov5p1MAFlsrl3jXmcotB1GCp+r3KJbPLrRp+FnXKMBStWfz5hTQk/aaesO7Gvywykhp7oka6MTczk8L1bGY7tioK8u9rCPcQllY+DrnCJI2vjNGh+IeGPNk1BiDM/WXuTX/+8Xjt1XNX87kcuofQf0s8OpfTiMYfx/9TyE+58v6DFBm+M71qn7nyflpjLaxvCCv7s8sQOeMe5hFoxfUxZE8vU4JrcuaathuUBuzUXY3pzvWy9aYh0PbJY1jEuvrEzEio2cne7hXuFS6oZh3ssEPGox/LYbExbIZvXTnMKWhQ6La1RlhuWSR9/m/3at1xizGnciXVZE79D0FJ3RjPpY7sV4PqJdcrRPU2wTByb5QfsGS758WA3O8UsTF7kXObDc0nNRTWtV+O6zLo5j7WJdE3pkS7xxfenTTaLrgvW41MWh6tVtTDGwvr21tnQtwvl5ba64JLYiRtZFqUQuFNH7am8Yl8f+HTy29vCfGZnUyzImdxqQueBGo/Dj51xLWxt6Wp8nHqkpg8pngHjHsvvirEgWIlcLzdn71WuwJpySeWzU3suIZMyP88Cv4Y15oZ9f2w+zUYm++1flEMpjYHS1j6E/gbpWcgyfTz0ZJO3IY4mzt/4ORYXJueenP/UoS+6KWMfNQX2CJfw1QCb8Sne/Vx3U3ygJ4CuhcqPePKRLnGBT/Yd12Op2cwXR60d5Cpa+Fa4JHa859mmFZEYtVXseOTJsmidwCPMzJszcKqbqQNMgW5lAsUTFHlmWhtfaNxjlfrFEsMKI+WELKy5pMoVuFtcUubs7AaXtA2zlWmM/umHVY5dZt+olQrpkbFn5486BqxsZjYwsuMiIdCBFMtbMMA7ySWcxpQyXPiV7SvxSaerKrbNa59WUlvHRbrykxdV2+RYDzPebXPMqmvhm+eS2PGrHJHEZ/zWT+XjtwXGr5urm4/SL4RswVjeYazxrHKm/sL2c/EMskSvQrxb9VkPMEc2UxSsP60VrIjlGRbWXFJlv3aHS8qenV3hkh+P6+Ffjmj1qdx23P73bmm+XPLqkDHWpE80Fz9gDqJdAhhzL2xP3SwZsWtiR7cXoeL3PpdwUQ5u0+rlaXbHnuZARFnLyBDpirNIV/bJF4dp9k5SLJ0xXF0L3zSXHIusrdsTCf+UVlC22PkpI9GYv2sxqWe+qaGJGs0UOxEpDm1PaX4GZ67qmsXQDEO4aWG+rAI0Sy6ptl8GLjHnx1ujNJeUPTu7xCVcUznaYFxe4ryHC4Vp38iUQHFgVrcetAN/vx2dZy1cW9s8Ur0IppC8ipzgfcElfDD0/OGiFJoSB3RsJ1TupR4M6baecHuyayLPlIhDJWN1LXyjXHLsosATSZvjU0o2Z5tjejSv9KufqcDtHYsgJx/6MITR9YiHkXv0apXlG+WpBksuqbZfhntfyhUnLilrdnaJS5q7tPMJvtdfu4sKcgubDbhOGEXM/YUav8pvblnHwVjChXn92JNZV1yvlbHbEcDe4xJ903JLUHeii80Q406Is6y+7or7NqR7u5KrupOqW/jmuMTf/YQlPi6P2JYrc9rKzrDVDyr5k9UazFToiWiVfMU+2XSQy/4uTswcsMjJ2Xa/9hy4pNp+7RaXlDc7u8UlOm1wETz96Eg3Cp0X9joLWB1m2dWmUOd436rqc1xTfRfT+mGfVnBVEXx4/PwMV6qMovf9xCVc7FVfgtxOTrU572Sxei75sfnoTHzLsJuXb9xz2+xKWviGuISrBnAiEoO2slWdMXaXyToXs67BTB3+iYWtOJOT+R9F0UumyPhbUpju3npSbuy7FJdU1K9d4pIyZ2fX/BK20wuWXBJyzCr+1qKp+k05hpQqLZGP2A0smdjQwaPa4nFVb3gnpFuNJXYEsPe4hOVgSNJaV3GhQCmrsPoYlxof7xY2+fuCShbWVtXCN8Il6SyX8JOPdw+7eUqcmLJ/j0XGbS1malijDe6lo3PzGjd0Fhe3b2m3N542Z3wZnZXKuaTafu3K2XvZs7NbXNLNImpcwnSQS8dy55cYDqisClHZtNLAHTuP4dIuWHDMtnyV37ORZ6J+B0ziINT6PuMS3ebiLMqDLgtHqj97t9pUbgLu1bXwTXCJWSwvqil6yqGmkntPormmM8WcAD2AfnHNXkfoRyPzPSpBdmptq+DqFEsuqbZfu8Ml5c7OLnEJU/E8nRcXjrg/ezfUEnHWg9YpZUAmY1tm/5Ud2ruYd70y0bpiDNjjXKLFQ+X0m4PFho/zba/V5gRXziXVtfCNcUlheUJgt6VaXpFk1kT2ERJrbVWTmWIrR6uX1nWEVRFZkQ3LTgsqqRi3zgmusl+7xCXlzs7ucMkXI3n9ugo93KTnBPeddpcTHOFPOMa0u7wYK2vksfrzccMtAyx1mNFD9nzJ7DU+NeBjKPT9xyVc8rhhJ+v5hc+cagX4SrG2N8slVbXQDZcMf18tl6gR4eM3XjheBlOdtqrNTGmnDqLQZdARNtxgOh1hJu1qJVenWHNJlf3az1zClL4pAMj8BueAMytPNl8ocFxL6VQ3hfYLN5vxSc1ZfGbwz9hP4Cyk2tz7UukUjkn2IZfw13kaFxZb4k5pOXpJQQ3uXyqTS6pqoX5Sap91o+/YyrhEnJnT9sw9/d6z7JPOozXlktrMFDt6lU1apohtuYE5ItQbYOUOlV16ZvP7JdX1ax9zyek065owcM/ak3a43sohFMZOXGRu0I6suNuV2KjKidosBdTNbVrHmEU18xO0+f7jEj2RsajOSC8jmLddKLW9ObFcLqmqhS6ybvQbKaqvVeTrDyyDxVVoq9rMFDvrTkaGmAnpMK1a2QHNI9L/XVH+hQ2XVNevfcslMb24uChceUK729HhJJy/2/G47ZHGs9DRmDYvPOUwjUH+yCbIVXzbfzGTnHtGMNmTgDbfZ1wSC9zedPg5Gj6RxrpYTL/xOz/SFXvjXFJVCznvwXrXHWDX1dXoDpWA4XrXodpxSY1migU0RiY7WVjcnhtYAs/ywJR2lvssdLiGXFJdv/Ypl7TxV9jNzbXZTKIkPrM5wNDvnDf6NKazdGIiaLceGC/LYUw2eVU7nqlBTALYw1wy/MUN7rewLCvMP57Xf4nI4pKDYf0qLedbLnaNS6ppoV6+YLnrjib0n06p1d2O/C+AFV1YWZW2qs1MaTczpoX4qgtuYCdtc2tJ10Hzsrikqn7tQy6JHev+mcsyl38FoCiVhv8trOLpOBZZ23T8gRNmIqwvZAWr7rB45ma2ovscgb3HJRa/0TvU9vH4ia6Z8zeezK9yuUbii2s2Feb8L4hMXuXywQ+PhUb0X0iNdw81vxUuqaaFzIIjA5DJhE7r1ysd65qPZwx5vbW6c56/F1kwXgJYpbaqxUxxP9nr6lotPTehyt9Wcvi998r7tSe5xPwbvQeU3+j9erLrajqe5u+GyNvdYcX/Ru9yfO643W/0jtjcdKcXwNv8SpV+g2R5xQAnIpmR+BOKkTn4MXuIS1yL+OJWl30NHf87mvRnPV8kZ4T4TFbgatSFkVqlilfCJVW0cPj8nCF5d51e+7qpX/u69ez729la/37JkH7bGL0COVYzbVWLmdIj6e5m4fiNzQp0SllcUnm/9iCXuJZ88oZDod8Qd20i/a31eTJiE88eceajmEmfsPU49QJ4m1vouR/QK+c+RzbLWq4gsH+4pCDMpbs+LXXOcTRxbW7Hbk0/uj1Vu+t0KuKSalpIHlywflBcXfs2OMRyhGrHJcSs+2mS6cHVDAst1kBbVT9ThntHXFyrxd0KZVUeXwsuqbhf+5RLxIxwratk0tRw50DWThWsLywGjjqbFFnuVmCLX8fibspwf58juGR/cYko5on1PT8nxG7MfXHafWAqdiyUujWRFbJ5kRg8YmFz9UUyng4Fa/tTaJVySVUtHDrevRibeUEfJM9t7QjptVs9U8cOGzZVLbnEcJOEfql+jbRVlTPF5fW5ulaL/fiVqys0KuSSyvq1X7hEpL/buL28sBa/vRj6esx9DODg6ZlrI2uPVndkJ6UgZrcfzWSudY+X/gRWLWQ3I9yPscZDMXDJfuQSANiDcMElAACASwDAES7qRgEAAJcAgGPNKbtqcP7qMAYEAMAlAFA2DpxefFSjny0AAABcAvzOEEwvZ7eXM9t6+qq41nUYIwMA4BIAcA1D4qnslMxfxWEJAIBLAKAcnOh5JmwVqE8i5oX0Wt/F8QMYFgAAlwAAAADgEgAAAABcAgAAAADgEgAAAABcAgAAAIBLAAAAAHAJAAAAAIBLAAAAAHAJAAAAAC4BAAAAwCUAAAAAAC4BAAAAwCUAAAAAuAQAAAAAlwAAAAAAuAQAAAAAlwAAAADgEgAAAGB/c8mf+98DAAAAgGoALgEAAADAJQAAAAC4BAAAAACXAAAAAOASjAIAAAAALgEAAADAJQAAAAC4BAAAAACXAAAAAAC4BAAAAACXAAAAAOASAAAAAFwC7H98lc5K+fEz71rD7lzPSFvD9yxf7Z6SpM3M2XeptQMrkpR68EGpd3YO56XM4qm3N3Tl4lDH/et3n2ayeVGSRDG3mvoldmmsqJs/dEZ/SSvvefzw1LlfROl5z/vYXAC4BFzybnPJqXA6dvP+J+9QawfP9qVjl+NH9hWX3Dp16ZdVMbcwPNv91Z2P3h/8qGPs7KXFiZXC1uyDL9u4d36zTJbQwuDshXPTkXD8A3AJAC4Bl+wJLtm72ENcQighu7l+/bMfzC+13bkym8/enWDE+UnfSym73MXeAC4BwCXgEiOGzt5cyWQLklTYWnk6Er5ziAtrfHk5kyYvifns45WJlFFFfjgxMLu9JUri5vbC3ZWMJE2HdU0UGX66uik/mDF+pn/syt31VRooyWdmVxY2bRVi53BOWln8UvlveEWSnsfCD8ZT21tSQcw+n7g8ZucfHDmXXsjktkSlR8+nb058xF59/15P4jlpmEgaRl/S/R4aUpNeXu+w/syP+p5LikxN6xZ9OD23Isd8si/Jt3xi4JL02XOL05mcKBaymZXrXw1qDZhdkKS5vvvXp55nlaEbnv6kzd0kOg2dbWNo4795OPE4tyXRr0snHnQxAmi7N5LNT5yjRHLkm4fT9HHS2vX0prRw+Yf33p+eFtUB+SCqdV8WOtEmLpEHNiu3bTWVuaKS060Ls5L0+IE6/m33J0Rp9eYd9ZEzmS3p+fUPLTvrsPCcegqAS4C3xSW3uoa3JWl7+ubshXDyeuKlKOWnzw1qpuhz8t/03YdXLiV7bpK9Lelb2j8xvilJK09j0dnI5YexqW1R55LhK6nCViZzPTxx9sz9yOB6VsqNf/MDe0kSt6cHH1y5/GCA8I3onkskafP5yOX7nV9NRIZJO7cHTtrY2peW5+4u9lxOkh71DD7NSoV09I767Y8L4sov18P3z56b7hlcWd38pdsdlxzqiJO+jGR0LiEWPWG1TOJhJDwdubmyKkmrw/eOMC4hQro5/PB63/IcGTdi0bfpXCJJubnB5Nmv4mcv/0IeXLg85GISnYbOoTFHvlleFXNzN2e7z0ycJWScKYipB4r+PUT4IPOQ/pvSRiFzd5Y0qSu8uKBwyZ/7u+7mM3106A59OBZJ5KTNlR7yIWcmvnzfyCVtY9czBSm7Hrs8fSH8YORxXhLXr3RoHCxqg0zJg1DLw090RyfdadVZh4Xn0FMAXAK8PS75kKq2TN8wOxKIzBZUDe4n+kXKDsYPWYVuTt3clsSnV3SzlH6OwiWHzvyyRXS0X6crapwm7mvapDAdHnQTqCniEk7Rt9G2paNuVPCt7qmCahq3JeckVUtqlv4PTA19cPJe1zdjHzm5CINXUoxL6Dm8OJv8gFN/xHPq+VAbqOzKBWZxnyFqdzv2GeeXXPrB8JmzyUMlO+I0dA6NGe55zM9v/3ufpVellwPySH45mMsOjqkaf4Wp9WHyycooHbr0lPT3EJvxTesY16HwCu3gV2x2qJ2xdfeetvDUvpMJ3UqtZ9SG3bowJYmJ+xYdd1p4TsMOgEuAt8clVCO85A38Q5efStI61RFnMroGNG/pIaKhpClOA3JcQjmgWGRt/uXgtm6lls0l61x0Ph7LUnVj3dm2oa7o8nTq5Wo2L0e6CFs+PKU9RXypAeLcnBw8VPYwclzip/010FLHw4w+AsZg4EnyUmHijHmgVH8oUWCmugOchs6hMX5Kn0WiNubs3YLCx+QfKtkbueS9bzJbWoTKgUvoTPFHKUqnVpQRoHGthcuEAscGVgoT5+KxFeW/dC7kf1iwpu3Ccxx2AFwCvDUuUZjjit+KXS49NapvXkWOEY1g4ABORZ6lemS5++SdUzw6qO6mOovRQ1VcMmbPJYPdU3lJiZCE75/9Jn6F/Fflkv4jn82OP86JskIVs8/HL905VBmXKCrsHG9N606PmUs6HqaJ+j5nzSV0uDKlucRp6BwaQ79amosa5+LknY/86ggrpxekDaIllxC1ruVAO3AJZQ5jrgHHLj+QQRMTE7SR4sqFNvml2eQROg42UUqHhec47AC4BHhn/RLD+YHZL9G1T5FfYrCgjcZ1drlzV7nkfVPUjgb9GZeoffQPd55JDswS/+m53QGJO79k0JVfUgsucRo6h8b4zaNhSFK49FQkal3hCb0NOpccubwu3p14z41fsmnnl5AHX5J/n40+l+Tvor4OIRXyuF3xkMPCcxx2AFwCvPXzkjsW5yUdD9KGfXurO6GrSKoB+bCGbP+q5yVUyxQWLg8b0nI+o/89QgPrfHSbhr9rzCUf0mZzpuutswmNS9qGT314izs5WFyV8iNfVX5eIs3OfsSnzPLnJbXmEsehc2gMpRz95F/NIxg7pXii7ydpptZJpYX59GCy+1xyIEHTKGQuITOemz53qySXyOclOTaS7/nvT7DzErkwZUt6nn7M1tLEuFhIP95WqUWeo08+u9f11R31FMRp4TkNOwAuAd4MlxTSg7NXLnM4Q/T7D3IeV25uUMnj2qZ5XOoB7+AFwiviy4mbD3r6FsdT8ikIU5H0CFfKppavRx9cH17JyGEjTYPf6XlckKT8wvADmmwTXZzI5NUQCk1ClbZS6QvfxIlnEJM/s9YxrjF6PPs43f3VnVNf3e+hmWnaeQnRmOL2HGnVuYmz52YHyLdnM2fbXOVxFXFJ/wfhlS2psJpYvBKevkKzxaTs8MSRP+8WlzgPnUNjjpzJkP+KmV8GaJJV8jpNANO7earv5VYm3eW/depSZmElJ+dJT1+fym9lt1fJfzPpTm18HLhEzuOSpM31kWjywqUH42T2xfUePlGCrg6WQCxnQxi8JZnwdF/WaeE59BQAlwBvhkuKRE0fGubqS9YNtSDv37suV5BIYi59d7aHmIesVoDWS8sVAOSpzNOBS+kFqaD7Pf47FwZX1Ds5NrfTs8s936g5V0c+m53I5ES58mOi78F4zf0SYiafTCqHImL25dzw7HV2XtJGW5Veyck1MbnMVPrCSd1NccUlhsjerVPhZVboMMeVquwKl5QYOtvGyPUlcl2OXPyRzaxP3JzmCtqHuu9ub2Wfxi7d+4Qdm/kHjxT5Z05coiwVpb5E4utL1K+gEVEuv8Dsx5i5pNTCs+8pAC4B3n1Qq5xFz83qm16wse9DDWMOEbm9jB9OnXs4QYtAiXouiFRJb8e+2RsLDwCXAHsApy4vjw8+7LmcjFx+IFcjcpmabRMDieWBvgeRS8krfcsLWUmcmv5gv45DWC6aG35OKzzO7VLK0MQ4rca3AZ/msIu49cGHQx+9/8Ohd3nhAeASYM/hk0u/KHEq5SqLgTNDfPh+4PF2Vq7ekC8CSX7p37fj0DWoXhUzx1/HAryVhQeASwAAAABwCQAAAACASwAAAABwCQAAAAAuAQAAAMAlAAAAAAAuAQAAAMAlAAAAALgEAAAAAJcAAAAAQBGX/OG7TQAAAACoBuASAAAAAFwCAAAAgEsAAAAAcAkAAAAALsEoAAAAAOASAAAAAFwCAAAAgEsAAAAAcAkAAAAAgEsAAAAAcAkAAAAALgEAAADAJQAAEGx9l5Wk5dxbb4nveu7qP3NtmBEAXAIA4JLKuWSsIEmFzu8xIwC4BADAJeASAFwCAOASHv/v/3aGnr7ekaSdndcz/9ppu8Kp/r/n+lbIS7/tbL9O/KuwJv3W93/aq99vf/6gkNn5TZJ+W8u+ujq4pT2VG3olzSfYfzf/9M/X0k7+v8i///FK4mU7j2AXAC4BgP3AJb7r4uIraW0l/9eR3OeJ/PyOtLOy85/Kq/+TS7ySdghPJHKdcVEhFY1Ltk6mf5NevR6azn0+kru6/FqSXmsv2XNJdPvjB9Qv+dvgrx8T3Nz6I6YGAJcAwD7gks+Xf5NeyIpeoZbB/AvptwGZFdpThANenWRuyt/FRcYlfxcz0m+JsS39859K0tOd/3DmEsS4AHAJAOxHLvm1b1taS/3K/YUyQeaf23/4bvtvL6QX/+Je4rjkj3FKCX/lomH/OU1ck1efg0sAcAkA/P64hOr9Rcocxezy64BKKhZcojDHSe6j/jjG2AVcAoBLAOD355e8sPdLDC5LsV8StfRLfqVcMg0uAcAlAPC7Oi/Z1s9L/viPV+y8pPPfkpQV/8SOUm7mM4bzEikR3zJ8vnpeYiah/3qgc8kf/vFqRyqc+x/MCAAuAYA9yiXZ/F/jOxxybVfkPC5JerGSPzeW60zk51/peVzyObyU+Xf+XGLnaqqQoQm9eh4XJaFXr4f+ufP5yM7f/i3ncQ2qXycf2he+G/y17Wbu3L8KO+Q5xiX/uzMvSWvL4ucjub/Gf/0PTA0ALgGAPcYlZnn93f8q9SWiUl8iFdWX/Ffi1aJWQfJdnPglr/92nasvSbH6ksLVf+hBrT9Ef/1u+fWLV3JVSmqnM8X5Jd9ttsVfLW7Tp16s7PwJUwOASwDgd4U/jtDw1Oc46gDAJQAAlIFo7m/p/NXETudY7tw/84s70tq/fvVhWABwCQAAZXFJ31MaqqLRr+3XiQe5P8EpAcAlAAAAAAAuAQAAAMAlAAAAALgEAAAAAJcAAAAAALgEAAAAAJcAAAAA4BIAAAAAXAIAAAAA4BIAAADgjXKJBIFAIBBIdQIugUAgEAi4BAKBQCDgEggEAoGASyAQCAQCLnlrIoSb6ur8/cY/JgINdQ2BhPKfZNBXVyzKI7neVv1PHm9Dkz/Uv8R9kNOzJhnt8OrvaIluqH/eSEQDLU0+b72HfLyvsdkfCPenNoofT4Ua6zzNEcH4xzD5Y0tU/WNuqT/U3ix/lKe+oak1EE1ulBoZs/iCSdLUdk+dL5Syf1Tpi6e1P2f1uYlIoFVthrehsamlPRgdXcq5nrEl0imvNjk1ENrYpvDSW94CG5Fmi1bkUr2B1sYGL52wxpaOSMJqwoRYkLynvq7O25HQPopJg5uRokPQQGdWb85oh6/O0xRK5vRFbmjeRrSlztM+yrU02kEmlS4tX3NHNKnNZ6y9Xlk0/EI1tmqJLLT69lgNtio/cqMBX53+zTnS3DrD9kjQNWroUpJ8lKGpNsvPYlsY2rXUT+bDq2wyfzix4XYJ5JZiIX8zmUnypNdHN0YomhBMmsHma3P9rZ46ugJGTTNrt1XlRdLay2+7VKSlvq7B3y+U3IGxUEdLk9JQuizNekQYDfmb1FdbgzGh+tVOp6au3ks/bWmvc0l9c7DXKAmBcUlje7SfSG801NFMZt3bHsvxXGL3rHkghVQyRjdwaySZXFJGcaO/nYxhQ3NHKBLt7Y2Gg+0tvnrDFuaej7V767x+/buljd7W+rpGdSHlkqEm8mhDS0dI+Sh/I9E+TitHHpmmDmPT++myKcUldPH7fKQrfjOZ5BKhZtqK5vZQhHxaNEK61OyjDQkkf8dcspGM+hvqiloh9JLN7WsNxxIpsjbCfqrdw6li3eapbw6NpoSNDXW0N5aSyQjRnY2BWDIl5MrnklSEzFJDe0xZhfIib2hoICt7NGfNJRv9fm9dfVNHpD/WHw2QXVDf2rvBK/EN/jmZl9i6kz++JZqrJZcsRVu9zPRhFODhFT5ZRXUGbSpEyDtKU1ouFTNt50h7I6fUR0mDPI3t4V4yEqGWBmrguVpbKbo/633EVqT7MxIK+Ju8HnlJCMl+7auiHeSrfO0R9t2jgkolfo/H52soIhPXXCIbD/XN4ZQLzuttITvYHyBKKRoJtvo85LnoEm8skLa0hnr7Y71kzXo8jSZ+rmS15zY2hNRoqMXrKbVV33kuKeJ7fh9w5o6s0Ot0e9zpWSs1SZ0LfTnT/xYNeS7ZG7OecCHa4uEssdEO0okOdfcnqZXWGEjkDBuOTB7b9O5GxnmB6pqpOZIki9VEJjn6iqcpmDDpjQ3iqURTv1MuSQYbNCPT1Aqz+iPjrtsGbEyJbq63WGExf537Xhm4ZCPWTrVKJGVY5P5IpNnDOb4GLqFLxaMvJKLZaEOX9DXtZ2ua+Cm+JqIl9X7RL9feXBMuySWCjR5fINxhcDMSAS+3bGifGpuaPNxCIuqYiwe4F9mt0hY61bP8uCc6Gly5hpQMDFao6nH2G90as77hnibjnwj5NN+0TC6RjQdfx6i73gtLfBhBoJ+kd9nkiMrxEj+nEKta7XQSm53naN9wifJxem+r4xLqhrtx/k2BLjmmRf+p8wSdYN6q5P314qVZHZcoVCLIa8xAJvKiawyWIo0Y2VW83WrNJf2JMPVoPNTxDel7QOjvaCZeshLG8zWbokJLsWCr5nwT10jxl41cIvQSm8nb2rvExSuUJ5r8IdUKlKjFYIyGGDqbS0Y7Wmi8p97r456STXJ/71J/oEUOgfh7lT+Trbm01EvUr2l3ydGg5qggGbVuqmg0rOaiUi5JhZvriSLmtYrCJTHZTmK7gucSokDrDGpY2RbqH+j+Z0SVCvk87b3kZfZBdM272yLuuETobfXWtxA7OWEKWVFtzUaE9Lgh0M9HWujbG0OpcvWHPCr6czGyNQyfYqURrTzTaLPjonfkEhrgkhdfipKJgbnccAkxHsiSb4lWak6NdtTz2rLByGcmFVj9ai9hd7xtLmmNCgaJdXhNMa72fuM7NnLWcysHmvShdHq2NJdsUEejviloeUBivdZG6fe3x4jL4eG8QdoMjxUt0MVn+YL1yKgtd+QShUo21P3BkYkc0nWxrdxwSR0Ny7cSL5vG6jy6WUh8rXbqfPfSmGMk0MIFWyhLEK+o0R+iEcloyN9Yr6g/jktyo4FGD3H01Wi/vMnqabyCfFqIuOt1PtWzk5UvF5bjQ/40WNHQHIj2j46OxuSAj9ppmUvq6+u9TaSJoVAwatz0RbuLdIYGBH3+cCyV05Rkr2lcUmRqrXZXRVwiyFqFEamRS1TTUeUMnkvkVWSweWT+0MaHKnF1j9CnyOKgS0udYcpDxbHQCrcqYfFgY71qX5u5hGpPj2qJk41Gv5QqPvUv9MPLsPoME697ZLK5ZIjXpYxb2tk99fkjCceYpCWXyF6JMoRFxFyaS1IhYjyYIhZlD4FuSdAGGg/WioakitVOZ6nB+UjrbXOJlbg/e28OL+VyORrPi/jl6MCSgZRdnr1bcAlZidHWBo9yru9ravF3hEqeUsuBLq+3nqo9juE81icSG0VHko4jo64YJy6hvpRmXcj6hukJRRVwp31kzHThjnmWEolESnCMcdW36lYU1ab11lpADtaro02P74wBPWFJMPgl1NGnu2qD+yIuckMVhUcL/ScN5rDsKilN2OhtJWZ90riXlHfKg819fsndpYZr5PlvIM6WchRunkBPvT+WqwGXBKKhJos4C8clSvBK0c88l1DmMM4A1YzsLxuKz6ZFuOjjRM+rf6FGbVNEqMlWFfr9Dfr2M3OJrNYVO48SmPylZGMo8yYbOsajaLemG/8dclS6tb+IAHtdnJmNBpvq5e5Qp7m1PRCxMCGtuIRSCTOm9D664pJwr9XJRVlHfWTMqS23IVkejzF2EWqx2pUAi3Mg8m1zSXNw1CCRVrNf0hI2vmNUmWdDHledbFgYchqcnnXDJfQrhER/ONjhb2ny1dOB9vjanTMtZGex3mDqyVwSrIRLjCOTFEr5JXJAM5xSCSIV5jwTQbFfcgZ7pqx0I+vzEnn56rt1KRYO+JsbfQ1eGumq075S9mZsE+iawgmyJzwN7VzSify5BoOKD+nyrjsdca0DdLETr4mXOrV5SozLxkS12l2ybmwKJgQh0Uv9KGq16T5DbiM1Gm5p8LZYHjWVzSU0Kuj1Eh+vKNihcwkXOjVziTG0YuASZazo64T2Ve+N6D95xJShS9Ziq1IWp7kkOVVULsnlDMEY2Ycj/1C+lLrOjXSUaBdKh5jMK5GSZAsXllH2nr8iLpG3YyoWDQX8rc1yWl5dne4i23OJclYSFdQtlwgawlzOXCJPuZeorcBoZW6JnPrl5RJ4FIUSrYRLnFe77r20er1Eo6bsojt7+7ykMRAjlrS8qj2mRIjqzkuKv26pv91XUvGOyqdfKVMzPFZarGSMq8zzEjpwZtHIhJh+fGINIcmkqg783mq4RF6sWqSCphN4GloC4d7YaCKRDDM6oC2zPrGnitTbQN0/byvP0gpzxMyzrbGLrFXlqaWOEeuXvNlDyZRR5MBFuVwSa683hK8EOVlKHU3KFU55eGVzCVUoGzSyUGeOePBcwpIDzTEuo19iiHGpzkd4iWpuVc8I8lGFIGcOuD0RLLFVBT4Vmhc2hqQj9Hg9l5IjXMypJWuHznUZqYSqU9JRtG4FJXIklR/jKlb2iTCN+RiN8GIukQ/tbWMqJbiE2g2KM1AU2HSzEalTY6a7IuZwG+NyXO0m0mlvsA/v7I+z9xxNqzNyfI25RN23JeycYi5Rzt6L21Hrs3eatdIUjHFmYyyoJ7nIG81XvGOTgYYacYk5KkXMX+aXhJz8Eo+vo7eXrFAP51irfsmGtV+in5FQG9x4+GpTpFAmlxTbuPLJgzqzG0uJ0f6w3+cllsxGLbhE9VuVugyvn4tUG7hEOwPsjZjO3vllZLZOc8oU9asRLs1z8feWDlmUsVWFVIKXKDVR2nv5eKkgT1m/fGjD0ijqvR2xXvnwujzFYcxr46ef3xp0yio40mer17iRi7iERh09LSHeU+vt0L1kd3lcckKnp9EqpmTffTm21Vz0TNIccZaNuOKyl/JWOx8KDDR6ff5w72hiaWP/coly7ipzvFATLhkNB/pNxyPGvF/XXCLnBHt2OydYCRQsFX2KFtCXc15IK0yphyYucXNeYsMl5jwW3pGQk+JYXFf+IsF4XiLnMBFTX5u9JaXSc8OOeSk31vuDlD/1Tsv5El7D90gbKbk7ZXKJ/HZjUV+oycRucpu8VvVGlecE09BNvcyq1lyidFGuHzLkBOsNM+QEszd4m5p8nA9ClXhzs8+56LXMrVr0inmnyOWITU31ug9CR7mxudlrCvK7GLIGq8xIc06w/DYXdlKqN2guRM0l6J41nuEU1SDQkTbvYErT2pC4zAmWq0vI0o+5GwN6jFvnbQlbkQ81D7gJUSMfuZqsdmUXOy/rvV2raDBOhN4WWkOhTl91tYo0KFTnbWxVSxUjoY7mBg9NA3e2H6y4RK9VVGuhXNYq2nKJtzVk7pS8eYvWrRwL0k6Hc8oBo7fJH6TN0GqyDKvIXU6wdYxLNoJaw6MptdxJPy9h1peWx9Xe5C3K41Iyt1gFjFyBR+vOovSBVjmPix97te7O5NklQ40e4ui0Bmk2Wa880NzZexGX0HknEqWho0CM/lOzt+QKobqGliCxwZKJWKSd1oCZE25kr8i0uaquVZSHoa6hI7ZhxSUslGmuVWwOROjQqrWKgkXwk/NV1MGrd29p1YBLZL+hzhDWlQ3iujIoTXNKrHWaXqsorxm6mtzUKspJOnIFYJjs9Wg0HKD7s95c52jSNzKVFJNgQg++2WxVi7p32ZByVaxII5ZkWYZosqQuo0v6gMq1imTTyLWKhkmocrXTetISsci9fYeKydHdkAdF0fjV3aGSWxrtDbW3NPm0gonG1kBvsqTpYMklknJHg36HCvmsSGKj3JFhXGKW+vb/ttnVcgIVX3E8GulobVKb4fU1tXaE+/lOVcMltLSjvUmrBwn2hgzH5/SOhpZG5/oSZU8x13KpP6Ddh9HYGjJfByEH4D1FQRrSiIBSlSJ/EWlHcsOWS4qPmLgI5kYi0qG02NvQ2GJ16Y1FfUkt7lBRPGzlHL6YSxRdan+HSnukyGKVlbgprcpXV1dO7lQtuERhMMOOlTdefftoGUqDxnLrbROZWQGRfIeKy/q/jVQ/vVqo0ScvG4+XDGJ4VCgRB+n311symu4bWG/VUcs7VJRbNkqaqnLorVi4XaDfoeI136FSg9VeImKIux0hkIqEnmdXUBcBgexBoVT07ta9QyB7Wth9XEt2RbA06GYrZddU7F6EgB5m28mbu+Rml5pBM3ftxBdMvEsr6l1sam5DWKIp8F5PqUQGcAkEUjGbxGhMRb8nGALZZ6LdE9wS6C9F5uASCAQCgVQr4BIIBAKBgEsgEAgEAi6BQCAQCLgEAoFAIOASCAQCgUDAJRAIBAIBl0AgEAgEXAKBQCAQcAkEAoFAIOASCAQCgYBLIBAIBLKX5f8DAS/FP1x4klUAAAAASUVORK5CYII=)

Trusting the website, our flag is `hackover18{I_KN0W_H4W_70_STALK_2018}`

That's all, folks!

__CTF Gandalf__

who knows john dows?

Comments

Sign in with