manuelver/infosec
manuelver/infosec
1
0
Fork 0
Code Issues Pull Requests Projects Releases Wiki Activity

Restructuring folders

Browse Source
This commit is contained in:
Manuel Vergara 2024-02-17 22:52:38 +01:00
parent 3c9aff823f
commit 32d537cefb
8 changed files with 914 additions and 16 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

5
Introduccion-hacking-hack4u/tema_6_owasp/README.md
View File

@ -6,7 +6,7 @@ Al ser este tema muy extenso, se ha divido en 9 READMEs. A continuación, se ref
- [TEMA 6 - OWASP TOP 10 y vulnerabilidades web](#tema-6---owasp-top-10-y-vulnerabilidades-web)
- [README1.md](./README1.md)
- [6.1 SQL Injection (SQLi)](./README1.md#61-sql-injection-sqli)
- [Ejercicios](./README1.md#ejercicios)
- [6.1.1 Ejercicio](./README1.md#611-ejercicio)
- [6.2 CrossSite Scripting (XSS)](./README1.md#62-crosssite-scripting-xss)
- [6.3 XML External Entity Injection (XXE)](./README1.md#63-xml-external-entity-injection-xxe)
- [6.4 Local File Inclusion (LFI)](./README1.md#64-local-file-inclusion-lfi)
@ -23,11 +23,12 @@ Al ser este tema muy extenso, se ha divido en 9 READMEs. A continuación, se ref
- [README4.md](./README4.md)
- [6.13 Inyecciones NoSQL](./README4.md#613-inyecciones-nosql)
- [6.14 Inyecciones LDAP](./README4.md#614-inyecciones-ldap)
- [Ejercicio](./README4.md#ejercicio)
- [6.14.1 Ejercicio](./README4.md#6141-ejercicio)
- [6.15 Ataques de Deserialización](./README4.md#615-ataques-de-deserialización)
- [6.16 Inyecciones LaTex](./README4.md#616-inyecciones-latex)
- [README5.md](./README5.md)
- [6.17 Abuso de APIs](./README5.md#617-abuso-de-apis)
- [6.17.1 Ejercicio](./README5.md#6171-ejercicio)
- [6.18 Abuso de subidas de archivos](./README5.md#618-abuso-de-subidas-de-archivos)
- [6.19 Prototype Pollution](./README5.md#619-prototype-pollution)
- [6.20 Ataques de transferencia de zona (AXFR - Full Zone Transfer)](./README5.md#620-ataques-de-transferencia-de-zona-axfr---full-zone-transfer)

853
Introduccion-hacking-hack4u/tema_6_owasp/README.pdf Normal file
View File

@ -0,0 +1,853 @@
%PDF-1.4
%Óëéá
1 0 obj
<</Creator (Chromium)
/Producer (Skia/PDF m80)
/CreationDate (D:20240217195203+00'00')
/ModDate (D:20240217195203+00'00')>>
endobj
3 0 obj
<</ca 1
/BM /Normal>>
endobj
6 0 obj
<</CA 1
/ca 1
/LC 0
/LJ 0
/LW 1
/ML 4
/SA true
/BM /Normal>>
endobj
7 0 obj
<</Type /Annot
/Subtype /Link
/F 4
/Border [0 0 0]
/Rect [102.999992 638.66998 169 650.66998]
/A <</Type /Action
/S /URI
/URI (file:///home/v/Documents/projectes/git/personal/infosec/Introduccion-hacking-hack4u/tema_6_owasp/README1.md)>>>>
endobj
8 0 obj
<</Type /Annot
/Subtype /Link
/F 4
/Border [0 0 0]
/Rect [133 622.16998 244 634.16998]
/A <</Type /Action
/S /URI
/URI (file:///home/v/Documents/projectes/git/personal/infosec/Introduccion-hacking-hack4u/tema_6_owasp/README1.md#61-sql-injection-sqli)>>>>
endobj
9 0 obj
<</Type /Annot
/Subtype /Link
/F 4
/Border [0 0 0]
/Rect [163 605.66998 228.25 617.66998]
/A <</Type /Action
/S /URI
/URI (file:///home/v/Documents/projectes/git/personal/infosec/Introduccion-hacking-hack4u/tema_6_owasp/README1.md#611-ejercicio)>>>>
endobj
10 0 obj
<</Type /Annot
/Subtype /Link
/F 4
/Border [0 0 0]
/Rect [133 589.16998 265.74997 601.16998]
/A <</Type /Action
/S /URI
/URI (file:///home/v/Documents/projectes/git/personal/infosec/Introduccion-hacking-hack4u/tema_6_owasp/README1.md#62-crosssite-scripting-xss)>>>>
endobj
11 0 obj
<</Type /Annot
/Subtype /Link
/F 4
/Border [0 0 0]
/Rect [133 572.66998 316.74997 584.66998]
/A <</Type /Action
/S /URI
/URI (file:///home/v/Documents/projectes/git/personal/infosec/Introduccion-hacking-hack4u/tema_6_owasp/README1.md#63-xml-external-entity-injection-xxe)>>>>
endobj
12 0 obj
<</Type /Annot
/Subtype /Link
/F 4
/Border [0 0 0]
/Rect [133 556.16998 261.99997 568.16998]
/A <</Type /Action
/S /URI
/URI (file:///home/v/Documents/projectes/git/personal/infosec/Introduccion-hacking-hack4u/tema_6_owasp/README1.md#64-local-file-inclusion-lfi)>>>>
endobj
13 0 obj
<</Type /Annot
/Subtype /Link
/F 4
/Border [0 0 0]
/Rect [102.999992 539.66998 169 551.66998]
/A <</Type /Action
/S /URI
/URI (file:///home/v/Documents/projectes/git/personal/infosec/Introduccion-hacking-hack4u/tema_6_owasp/README2.md)>>>>
endobj
14 0 obj
<</Type /Annot
/Subtype /Link
/F 4
/Border [0 0 0]
/Rect [133 523.16998 276.24997 535.16998]
/A <</Type /Action
/S /URI
/URI (file:///home/v/Documents/projectes/git/personal/infosec/Introduccion-hacking-hack4u/tema_6_owasp/README2.md#65-remote-file-inclusion-rfi)>>>>
endobj
15 0 obj
<</Type /Annot
/Subtype /Link
/F 4
/Border [0 0 0]
/Rect [133 506.66998 275.49997 518.66998]
/A <</Type /Action
/S /URI
/URI (file:///home/v/Documents/projectes/git/personal/infosec/Introduccion-hacking-hack4u/tema_6_owasp/README2.md#66-log-poisoning-lfi----rce)>>>>
endobj
16 0 obj
<</Type /Annot
/Subtype /Link
/F 4
/Border [0 0 0]
/Rect [133 490.16998 312.24997 502.16998]
/A <</Type /Action
/S /URI
/URI (file:///home/v/Documents/projectes/git/personal/infosec/Introduccion-hacking-hack4u/tema_6_owasp/README2.md#67-cross-site-request-forgery-csrf)>>>>
endobj
17 0 obj
<</Type /Annot
/Subtype /Link
/F 4
/Border [0 0 0]
/Rect [133 473.66998 317.49997 485.66998]
/A <</Type /Action
/S /URI
/URI (file:///home/v/Documents/projectes/git/personal/infosec/Introduccion-hacking-hack4u/tema_6_owasp/README2.md#68-server-side-request-forgery-ssrf)>>>>
endobj
18 0 obj
<</Type /Annot
/Subtype /Link
/F 4
/Border [0 0 0]
/Rect [102.999992 457.16998 169 469.16998]
/A <</Type /Action
/S /URI
/URI (file:///home/v/Documents/projectes/git/personal/infosec/Introduccion-hacking-hack4u/tema_6_owasp/README3.md)>>>>
endobj
19 0 obj
<</Type /Annot
/Subtype /Link
/F 4
/Border [0 0 0]
/Rect [133 440.66998 323.49997 452.66998]
/A <</Type /Action
/S /URI
/URI (file:///home/v/Documents/projectes/git/personal/infosec/Introduccion-hacking-hack4u/tema_6_owasp/README3.md#69-server-side-template-injection-ssti)>>>>
endobj
20 0 obj
<</Type /Annot
/Subtype /Link
/F 4
/Border [0 0 0]
/Rect [133 424.16998 327.99997 436.16998]
/A <</Type /Action
/S /URI
/URI (file:///home/v/Documents/projectes/git/personal/infosec/Introduccion-hacking-hack4u/tema_6_owasp/README3.md#610-client-side-template-injection-csti)>>>>
endobj
21 0 obj
<</Type /Annot
/Subtype /Link
/F 4
/Border [0 0 0]
/Rect [133 407.66998 452.49997 419.66998]
/A <</Type /Action
/S /URI
/URI (file:///home/v/Documents/projectes/git/personal/infosec/Introduccion-hacking-hack4u/tema_6_owasp/README3.md#611-ataque-de-or%C3%A1culo-de-relleno-de-datos-padding-oracle-attack)>>>>
endobj
22 0 obj
<</Type /Annot
/Subtype /Link
/F 4
/Border [0 0 0]
/Rect [133 391.16998 259.74997 403.16998]
/A <</Type /Action
/S /URI
/URI (file:///home/v/Documents/projectes/git/personal/infosec/Introduccion-hacking-hack4u/tema_6_owasp/README3.md#612-ataque-type-juggling)>>>>
endobj
23 0 obj
<</Type /Annot
/Subtype /Link
/F 4
/Border [0 0 0]
/Rect [102.999992 374.66998 169 386.66998]
/A <</Type /Action
/S /URI
/URI (file:///home/v/Documents/projectes/git/personal/infosec/Introduccion-hacking-hack4u/tema_6_owasp/README4.md)>>>>
endobj
24 0 obj
<</Type /Annot
/Subtype /Link
/F 4
/Border [0 0 0]
/Rect [133 358.16998 246.24998 370.16998]
/A <</Type /Action
/S /URI
/URI (file:///home/v/Documents/projectes/git/personal/infosec/Introduccion-hacking-hack4u/tema_6_owasp/README4.md#613-inyecciones-nosql)>>>>
endobj
25 0 obj
<</Type /Annot
/Subtype /Link
/F 4
/Border [0 0 0]
/Rect [133 341.66998 239.5 353.66998]
/A <</Type /Action
/S /URI
/URI (file:///home/v/Documents/projectes/git/personal/infosec/Introduccion-hacking-hack4u/tema_6_owasp/README4.md#614-inyecciones-ldap)>>>>
endobj
26 0 obj
<</Type /Annot
/Subtype /Link
/F 4
/Border [0 0 0]
/Rect [163 325.16998 234.25 337.16998]
/A <</Type /Action
/S /URI
/URI (file:///home/v/Documents/projectes/git/personal/infosec/Introduccion-hacking-hack4u/tema_6_owasp/README4.md#6141-ejercicio)>>>>
endobj
27 0 obj
<</Type /Annot
/Subtype /Link
/F 4
/Border [0 0 0]
/Rect [133 308.66998 283.74997 320.66998]
/A <</Type /Action
/S /URI
/URI (file:///home/v/Documents/projectes/git/personal/infosec/Introduccion-hacking-hack4u/tema_6_owasp/README4.md#615-ataques-de-deserializaci%C3%B3n)>>>>
endobj
28 0 obj
<</Type /Annot
/Subtype /Link
/F 4
/Border [0 0 0]
/Rect [133 292.16998 241 304.16998]
/A <</Type /Action
/S /URI
/URI (file:///home/v/Documents/projectes/git/personal/infosec/Introduccion-hacking-hack4u/tema_6_owasp/README4.md#616-inyecciones-latex)>>>>
endobj
29 0 obj
<</Type /Annot
/Subtype /Link
/F 4
/Border [0 0 0]
/Rect [102.999992 275.66998 169 287.66998]
/A <</Type /Action
/S /URI
/URI (file:///home/v/Documents/projectes/git/personal/infosec/Introduccion-hacking-hack4u/tema_6_owasp/README5.md)>>>>
endobj
30 0 obj
<</Type /Annot
/Subtype /Link
/F 4
/Border [0 0 0]
/Rect [133 259.16998 223.75 271.16998]
/A <</Type /Action
/S /URI
/URI (file:///home/v/Documents/projectes/git/personal/infosec/Introduccion-hacking-hack4u/tema_6_owasp/README5.md#617-abuso-de-apis)>>>>
endobj
31 0 obj
<</Type /Annot
/Subtype /Link
/F 4
/Border [0 0 0]
/Rect [163 242.66998 234.25 254.66998]
/A <</Type /Action
/S /URI
/URI (file:///home/v/Documents/projectes/git/personal/infosec/Introduccion-hacking-hack4u/tema_6_owasp/README5.md#6171-ejercicio)>>>>
endobj
32 0 obj
<</Type /Annot
/Subtype /Link
/F 4
/Border [0 0 0]
/Rect [133 226.16998 294.24997 238.16998]
/A <</Type /Action
/S /URI
/URI (file:///home/v/Documents/projectes/git/personal/infosec/Introduccion-hacking-hack4u/tema_6_owasp/README5.md#618-abuso-de-subidas-de-archivos)>>>>
endobj
33 0 obj
<</Type /Annot
/Subtype /Link
/F 4
/Border [0 0 0]
/Rect [133 209.66998 249.99998 221.66998]
/A <</Type /Action
/S /URI
/URI (file:///home/v/Documents/projectes/git/personal/infosec/Introduccion-hacking-hack4u/tema_6_owasp/README5.md#619-prototype-pollution)>>>>
endobj
34 0 obj
<</Type /Annot
/Subtype /Link
/F 4
/Border [0 0 0]
/Rect [133 193.16998 443.49997 205.16998]
/A <</Type /Action
/S /URI
/URI (file:///home/v/Documents/projectes/git/personal/infosec/Introduccion-hacking-hack4u/tema_6_owasp/README5.md#620-ataques-de-transferencia-de-zona-axfr---full-zone-transfer)>>>>
endobj
35 0 obj
<</Type /Annot
/Subtype /Link
/F 4
/Border [0 0 0]
/Rect [102.999992 176.66998 169 188.66998]
/A <</Type /Action
/S /URI
/URI (file:///home/v/Documents/projectes/git/personal/infosec/Introduccion-hacking-hack4u/tema_6_owasp/README6.md)>>>>
endobj
36 0 obj
<</Type /Annot
/Subtype /Link
/F 4
/Border [0 0 0]
/Rect [133 160.169983 516.25 172.16998]
/A <</Type /Action
/S /URI
/URI (file:///home/v/Documents/projectes/git/personal/infosec/Introduccion-hacking-hack4u/tema_6_owasp/README6.md#621-ataques-de-asignaci%C3%B3n-masiva-mass-assignment-attackparameter-binding)>>>>
endobj
37 0 obj
<</Type /Annot
/Subtype /Link
/F 4
/Border [0 0 0]
/Rect [133 143.669983 224.5 155.669983]
/A <</Type /Action
/S /URI
/URI (file:///home/v/Documents/projectes/git/personal/infosec/Introduccion-hacking-hack4u/tema_6_owasp/README6.md#622-open-redirect)>>>>
endobj
38 0 obj
<</Type /Annot
/Subtype /Link
/F 4
/Border [0 0 0]
/Rect [133 127.169983 342.99997 139.169983]
/A <</Type /Action
/S /URI
/URI (file:///home/v/Documents/projectes/git/personal/infosec/Introduccion-hacking-hack4u/tema_6_owasp/README6.md#623-enumeraci%C3%B3n-y-explotaci%C3%B3n-de-webdav)>>>>
endobj
39 0 obj
<</Type /Annot
/Subtype /Link
/F 4
/Border [0 0 0]
/Rect [133 110.669983 369.99997 122.669983]
/A <</Type /Action
/S /URI
/URI (file:///home/v/Documents/projectes/git/personal/infosec/Introduccion-hacking-hack4u/tema_6_owasp/README6.md#624-enumeraci%C3%B3n-y-explotaci%C3%B3n-de-squid-proxies)>>>>
endobj
40 0 obj
<</Type /Annot
/Subtype /Link
/F 4
/Border [0 0 0]
/Rect [102.999992 94.169983 169 106.169983]
/A <</Type /Action
/S /URI
/URI (file:///home/v/Documents/projectes/git/personal/infosec/Introduccion-hacking-hack4u/tema_6_owasp/README7.md)>>>>
endobj
41 0 obj
<</Type /Annot
/Subtype /Link
/F 4
/Border [0 0 0]
/Rect [133 77.669983 244 89.669983]
/A <</Type /Action
/S /URI
/URI (file:///home/v/Documents/projectes/git/personal/infosec/Introduccion-hacking-hack4u/tema_6_owasp/README7.md#625-ataque-shellshock)>>>>
endobj
42 0 obj
<</Type /Annot
/Subtype /Link
/F 4
/Border [0 0 0]
/Rect [133 61.169983 241.75 73.169983]
/A <</Type /Action
/S /URI
/URI (file:///home/v/Documents/projectes/git/personal/infosec/Introduccion-hacking-hack4u/tema_6_owasp/README7.md#626-inyecciones-xpath)>>>>
endobj
43 0 obj
<</Type /Annot
/Subtype /Link
/F 4
/Border [0 0 0]
/Rect [133 44.669983 352.74997 56.669983]
/A <</Type /Action
/S /URI
/URI (file:///home/v/Documents/projectes/git/personal/infosec/Introduccion-hacking-hack4u/tema_6_owasp/README7.md#627-insecure-direct-object-reference-idors)>>>>
endobj
44 0 obj
<</Type /Annot
/Subtype /Link
/F 4
/Border [0 0 0]
/Rect [72.999992 655.16998 301.74997 667.16998]
/Dest /tema-6---owasp-top-10-y-vulnerabilidades-web>>
endobj
45 0 obj
<</Filter /FlateDecode
/Length 5178>> stream
xœí]ÛŽ$· }Ÿ¯èç)ë~»kÇÏIÈ$qŒ`çÿ<C3A7><C3BF>J¢TÍéRUÍÅÎìp7«%Q$ERG—Z”ŽéßMÀßïò5¹Dc¸ýý§§ŸŸð¹2AÜ´ñöË?Ÿþö»Û€néà§>×Ѓ‚ò†ùþ–?üò¯§o¾×·ý7Õ磾I©V÷C¢üiþ?ýüõé›?™[¼}ý*JÊ›ö‹Ò·¯?=ýAmÿxûúï'Ï¿þãF >|%h<08>¯CÊDЕ`sX &WúÝ×ûŒ[¡%ƒ'œËs©GÂæ~$ˆ<>¯ulŠŒòŸžíŠ
þ@¥æùƒÛ<E28093>ÛV¡ü«N EÛ¶ë<C2B6>ÿ ??Ié‡ÿÌM¢¤•UÒ.Š4«Õ ZÖ˜? Å®å FÌ?I=vB/0n5â¬Wà4(!`<10>ObÂù¦¥b´Ê,:)š5{—a±Î¯FÙºÅsZ5s—qmÄGÍÛ<45>Y4ˆCÇð¸„ΪVrÑÚ ßÚÐÙÜ”]¬€Ž¨MGâvB:¨]¦›%D'¬—íIn\ú
¿‡«*yÂ<02>Ýá×#B˜lÄ„ÆV#E¾V·.ázçIW™$z·_r äèüŽ"qôP8ÑX¶Å¼Ü†"lkÞü)ûÈÅ# ñ{ª©ÑTKuŒ(¶îÛ<L¥XÁ˜&ccVÆôņ֎±k;2_
gÔbè†e¾€gÛàùêÊh™þÇHÄ_ìU-Æ°&öÊkìS5>ë¤0;Z1Õ#ÍèoâêoÊÈŠ
2:¿Q»?ÑÃ(Ä0 I¶cßÜ¢ŒŽž ¬Â¨‡šlô´DæÓ.ü†'Žmƒ¯ŠkÜúµ<C3BA>à#µw¶*¾ƒÓU•ÔÔ :Z+G³òPWØ#^¶®2rÃPt¤Ä—"“h}ô~YgÄû¹<<3C>×Ô™H†[Vƒª€Š"5Õ@ ت+ Ô* öUM뵸èž<C3A8>ÆeóáÅYéÅ€ª<E282AC>ÌâÃ1è@·%º6÷e *¼Ç®4äu²
äA§WwT%Wo"Z»/+O\nÉðD(I~°¥Á‹™&öνYÙz^2ÿÉT_B×q&A·zÛHVºõŒaÑë\!™¨Û#“Žß îºÄA!kã¬Á“<12>n=é«©:˜TÅSd«
̃n€m¶ý€yeÇ.Ûø—ïf;عŒ]ú`UËŽ¾*í"è\U&Θoƒ•U§êx/évÞ5tɇŒQS®XE±mìs&Ñlàƒíàìœ ÌigB-nÞ™ð†Õâ|wf!óVý\æ(e(©£ÕLäbó:.”ó5q¸æ½Û“§ˆð\z1<7A>b {ü°;“\ðœOØÆç«b$Å*<2A>Kõæ“C.»6³Ùט&è áøå:8á® |šÀŠ<C380><C5A0> lLdí“ d\UŸ¿p%¸Ð'¿}ìi­)žöÓ:ÎÉ·÷À¨‰7Üí§'´:àðû¢œU7$™¨òO«„H Æ{k X¹ü {ã”S@…)Œ.<2E>æ„r¢)å +@3Ò() ?æÂøæ²HÄ2ˆµ€Æ†uCaŸÚ³!ÑXÚ'ÎTLTäWã/UÂO2-âB‡Áª¶µÁcÑÕ:’À~<7E>µµÄ+µà LÄ!­ üÛÅëƒí:j˜Ô*+©D,ضFÇA$gaJ®”UÆ6—§âS?ª6,ÑVúœ~lꤿÑR6uÒtõÛÜË\åÄ`/m¼QŽMê¥êºfòÇ\º
Á¤B©<EFBFBD>*,“*ïÅj2Y'«üMâ×Þ¨šLÖžÉꮪErS~-HÌ„´@ ªòB ¯òL,”ôŽØr•±ù*/2:ˆdÉ8ª: íê* þXÈ;õºø<C2BA>¿¬+gßâÀ·DÑ/8€-ãÀ×dêL3Tbú¤ÖšævX0<30>JrÅ2žÅº¹uPW€Xw€†¾—bF[e½zâ!ðjwgnqràHWºv±æ°VBßUÜÁ×*y«{i5†C”Ѫ3<C2AA>¸¬7LH~Od*6çàò<.ÎMCËlFÅ&|Èd˜Ýñ GÇÜñóùùéã§jmV&忳$9ÁvÍóï.<2E>)L€d!ï¥ð{rÈòŠ—Ë´ä†þЄD[³…<C2B3>='xSðã%æ…P"'rh Ù'J‰ !{lÈ¡<C388>˜ „ìÙ]H´œ*„ 9@7J°ÈÔœ)„N
-%#”X ‡ é鬢•ä˜¦|ßœÍAÁP¾J”´”ÿOiGsà5žÊ£hIÅC¹ö½€KÐ×TæŽÊlÒ' }‰F´mΧNçÖ*_®BÊ¿+“vÔ¥<C394>>—®"q©Púe<15>K•ËNÈ.q¡²Šª:\æ÷FÕæ6…ËꯪFr3†Z°Y i<>˜Wå…˜aå¹Z+é[3ê*bûUXd”4©áTÅî¨)þøô×g†²Áá~î …“Wý£€< z;ù.Ýà2>èQ@>ìš<C3AC>{ÞÕ¥ÝGÐ,¤hmÈL"& S¯³<6â¸f»É§löb¸”C­ké0"¢ßцZÃßîÉê·\¼d<C2BC>3n²Ú­``n}9üÇv[|.y©
2Fù2g{!¾<c¥À=n:n¥¬ÔºË­ô:³fÁ¼i]ˆ,Æ¢ygƒ3ÑSÎƇÃj´ÓZqeÁ¬ &+걌§á\ö;èxÙ_·Q„oœõ[¬Õ±ì²K&ó.<2E>óËŸVzĈ|wÙŽñ<C5BD><C3B1>Å@fúóš'h\Ûã¹Ϻ:#Ñœ#ZˆÃcÄÍŽ^0|Ö3<1D>×\LJUdkÙ…»zØ!=»Œ6½(Æ:v§ÑüáJÌC"ÿïÙã` ¦ðx`°ê~ä´t'ƒR‡ƒg
ðv²Žr*tòqŒä³<C3A4>ëFÚÚm+Á~è†×iˆl:¦Î<C2A6>VÆÈm£d· ¾Ý¨áb«!V|Ï<>šåi0
åÁ÷¼’Ô $YŒi“¨ÉÓF&œÄ6$I=’‡ø Cå!K(å! kV ”AÒº ×Ф滆ï$üóþh£:(<28><¬Ø©¤¢L]s<15>"|UÜŠð_®®§ #©˜\×:WŽ(Ãluf“>)”v—:m”‡4ì´¤­ :mc‡åiÁò<C381><06>†áBz
4üh;,©#‡4¨ÜE*e m±<¤æÅ<¢7<C2A2><37>Åò2¹ZC+X͆¶Ðì«ñÒì°ñ¼Ú+í[5ë&„fýMXmœP±¶Õî(*ó´Ìã&ž×ƒyÚ<79><C39A>I0EpÇaÀà眾l4bCÖu³â<C2B3>ìá½dü@¿4}H#*œD¬t8ŽXMï-˜Oº§!’º‚¯@Ä–
×k'³fX[C`èÂDvzÃû@ÉîØYÜ—Ñp=<<3C>5â$¾e¤8<¢>M<>¨7Ä€Yý¾-8<µOíÜ<C3AD>;%9"C<>£¹~î„Æ®-ûœ7y 6ºØëoŽ«ŽIJÜ綆4•{P§£êá®N"VFG¬>3¬zÌë1=˜pØý5Á|Ö·dã…>àÂã >à]ú€ý+÷¯ãþfl<66>¿Á÷ˆ¿!m¿a¤Ðð7$!´<>üÐo¥C*–°CÚ°•I[ü ©#þh+þfl<66>¿ï!•Td¨k®bH„¯Š5þ+*Õõ´âWD"ç"«ˆX'âŠ<C3A2>e˜­ÎlÒ'Åߌ‰­tHñ7¤mñ7c¶øÒFü i[ü ©q‚¿! 1/G¥l:&c‡¿!VZR§éñ·L®ÖÐ
V³¡-4ûj¼4;l<¯öjîàoDÍúÍëÄÚF”ÙâoDQ±hñ$þfì{Ç߸Eíëñ7ãOâoÆÇßvÝFððKxÖõO t˜}ì;¡Jnç ²‡(/7ÿÏ—õ/H<>ØsHG±GOb<4F>&ǯ;vÃB(óçO¦ïäY-K@ñ¶ûð2^æ ¼Ì Íå^ÆÊ“x,äÃ×{™ù-Ô\*Éë<C389>5øË°Š×¸Zb«èÎúwû©Ø¡3{Ú»ñì5ÄÁB4³·˜L¯Þ²Qè Å1d³¹{œ¬IF«<46>yLÙäWviÔ2Äñ÷i°œ¿—Ž½JŠ¢{;.ÿèÏ?;r£—Çüµb{Ìs×]%ìµPì}jüEkóÝøŽ”°jÿâÕ'¬9¾¸ÀÆ­ùC&¿ª¸B³Ôp¨5Ÿ‡Îg<C38E>ß®màeÑ>î‹Ê³f§$<€Å­ëaqø>ÂâHB$–Â}HÛÂâÖm`q$!âضù!e»-©#,Ž4¬94|IÈBè`q¤"³<>Àâ›ôé
½’‚¤íš¨p.á¥Â¾„ç
w½«P2B…œ‰°*8݉µÂØDf«'tH¡pk·[Q6BáHC̶?VnmFw Ž$<04>»ŽÚ{H8RG$i#Ž4Ä©]‡„#uDÂ<44>ôh{$<“«Ø ÞµÐLÊnpÂój¢öN„Ð ¾Êª<C38A> *Ô6†ì'jŠE‡'<27>p¼qý}áÜ!Žë<C5BD>pNá6¼ÀyÝéÓm<C393>ð
|…†ÞBÏÅÁyÀ⮂œ^c繦¼Ï‚árL?VÎZÞýrÊêݺÜêæ<C3AA>N}XÝN«cw_®^ÓK "anÀí®¬ÒϘ0ïÔ ¼¡ÓâõLëãfÙ ðXñ9×a_`69}¤â]Î&çÇõ…@ͳ{À²w]5¾çL+oØë¤Øâ¥kFlç.ªßzx~P¹“w 9ýÝBNU|Äã“ñ˜µÅ+žŸ÷+8é¢À
|<1F>$<24>À
Ò@ÉÊuÀŠ:Í`eV<>ؼ +ÍZÐC¿ß©PÂÑó¾Hƒš%Ùoˆ$`Á¹XA*0+V þá n7¼Â+äa<C3A4>Õ“Jêü¿k®"„¯Š(þ+öÐõ´¢D"Ì «°G'â
<EFBFBD>e˜­ÎlÒ'Y\”<1B>iÐik»ÖdÂ:ŒÅE1b,H1¤m1¤Ž ÒFŒi[Œ©#Æ´¬LÑa,™ÜlAŒK×±.±ÁXÏÕZÅc!B ¶/FŒ…Ê”Œ¦*üpGI±hð$Äâêk¿Þ+ÄÂel×C,^žœìzù“ÝùVìûÛØògOª¾åúë£ çö&d>ÛpÏOQa¨<61>¢zóSTÎ >¦¨³SToONQ½{<7B>)êô1«ßø€¿î=,^Ãý¦3pž«ùÑƾ¶ðÁ»7ÓœÒå¡?9¥õᦴó[ÿ¹è3¬y×v¡{vßEwá‚ùÛ &7‡±¾êêݧ¬…qré-ˆãKoìU7ó»Æ?<3F>Lîõ½<C2BD>3ý®ˆéwØvorܵ«r~æüU6ÓèꫨidµÔ0nO\k2Ý þu09pÒF÷ÏÓ[*y<>9{Þ—<C39E>x³/½íÎZxs·Æĵqé°çLÕíÐœtÓüÖÍoKÓ~84ÿ6Úù<C39A>˜ ÕÚ kèÓÛFù۲︻îe­û΄ãNSŠÑÂwľ¤! -Ò@ì Z` 0E®dDR¿÷ )Û½oH!Z¤ -’¶-RGˆ6ÑVˆ6(×A´äaI%>ìš«@#á«’„ÿ
]v=­ 'HÅBà:ˆv•pÑ6U˜;³I<C2B3>¢ Jo Z¤<5A>ûà<C3BB>¶Ý1Z$AŸ3òZ;ªð£‹FTÄ;õ<>ŠN%\´“±ºs!#RGˆ6]”˜
tm&7[P#D[Z ÚÆ
1ÂÊq5VÒ³fÓUÄôÕˆÐv"%cIovÁ%Å¢Á“mPá<50>C´³Iíqˆê¹TÜŠëSñßÆѪw
iLßÈnEŸ¿xþêuýý¯|ð#(gû2¾ eÞŸÌwd<77>…2qŒƒÆ¹—Ãïzañ.sc^5Ð¥¼fÙ´<C399>­;5ôë<™´µ©JãÚãö‡æZç<5A>µÈøhŠžìönO 6ågUh
1†Yr`ùÀ1¼ËOôñÛ<E28098>\k þøZ ¹§—ñ/b<>ÇT§ƒÂü%q<Ú÷Áý¼I„“È?^3q¹IÌi˜ ‡hïó7'_jû†9Íô=|<7C>ö¬ÝyOÑì%Ó‹*ïQ²WÞ˜R_€<5F>7RéU±Ë­<C38B>Π༴'Ÿ÷Qž\‰AHèr<C3A8>1åÃc|xŒßŽÇ˜?v¦Cñ ¸zbIjËíÔêà*î¾å~@þw­ÇÓ„»êU€¾=YÒéL'îÚOòà]ìpü¨{¾op|¤ 8>’¶{­AUã^k$õ{­²Ýk<C39D>ÔÈGÚä#i ä#uòmò£î<C2A3>|ò°BǤ
2wÍU4šðUQkÂÅ·»žV$œH¤æDpZïD\Aø¦ sGe6é“ù§°Óù&ÙZGÂMìZKvmLäG<C3A4>àé|оòŸalÝõô<>ÔÉGÚ€ä#i»Ù©#µÊÚìüLnÆ°Aò×: ¿qBŒpò»Ž5® ¦Ÿ$eL7Hôv¯5~¸£¤X4xÈG•½o vkéq ?Ú“@~tâúLî·q:ðÀõ´ì.À«®øšozþ­ß=09<12>W{½É}œ<>Ø7)Ó”ßîÚÞÅçgÏ%£‹'1./*™½gtþÌïôe‰óPå<50>3ͯ‡“N¼fƒG¡ù½ï¯pïë•Àõ»Ü9mWüþÁé™."+]þɺ<C389>ìÏð÷?iDÆ­
endstream
endobj
47 0 obj
<</Type /Annot
/Subtype /Link
/F 4
/Border [0 0 0]
/Rect [133 785.66992 393.99997 797.66992]
/A <</Type /Action
/S /URI
/URI (file:///home/v/Documents/projectes/git/personal/infosec/Introduccion-hacking-hack4u/tema_6_owasp/README7.md#628-intercambio-de-recursos-de-origen-cruzado-cors)>>>>
endobj
48 0 obj
<</Type /Annot
/Subtype /Link
/F 4
/Border [0 0 0]
/Rect [102.999992 769.16992 169 781.16992]
/A <</Type /Action
/S /URI
/URI (file:///home/v/Documents/projectes/git/personal/infosec/Introduccion-hacking-hack4u/tema_6_owasp/README8.md)>>>>
endobj
49 0 obj
<</Type /Annot
/Subtype /Link
/F 4
/Border [0 0 0]
/Rect [133 752.66992 388.74997 764.66992]
/A <</Type /Action
/S /URI
/URI (file:///home/v/Documents/projectes/git/personal/infosec/Introduccion-hacking-hack4u/tema_6_owasp/README8.md#629-ataque-de-truncado-sql-sql-truncation-attack)>>>>
endobj
50 0 obj
<</Type /Annot
/Subtype /Link
/F 4
/Border [0 0 0]
/Rect [133 736.16992 466.74997 748.16992]
/A <</Type /Action
/S /URI
/URI (file:///home/v/Documents/projectes/git/personal/infosec/Introduccion-hacking-hack4u/tema_6_owasp/README8.md#630-session-puzzling--session-fixation--session-variable-overloading)>>>>
endobj
51 0 obj
<</Type /Annot
/Subtype /Link
/F 4
/Border [0 0 0]
/Rect [133 719.66992 413.49997 731.66992]
/A <</Type /Action
/S /URI
/URI (file:///home/v/Documents/projectes/git/personal/infosec/Introduccion-hacking-hack4u/tema_6_owasp/README8.md#631-enumeraci%C3%B3n-y-explotaci%C3%B3n-de-json-web-tokens-jwt)>>>>
endobj
52 0 obj
<</Type /Annot
/Subtype /Link
/F 4
/Border [0 0 0]
/Rect [133 703.16992 348.24997 715.16992]
/A <</Type /Action
/S /URI
/URI (file:///home/v/Documents/projectes/git/personal/infosec/Introduccion-hacking-hack4u/tema_6_owasp/README8.md#632-condiciones-de-carrera-race-conditions)>>>>
endobj
53 0 obj
<</Type /Annot
/Subtype /Link
/F 4
/Border [0 0 0]
/Rect [102.999992 686.66992 169 698.66992]
/A <</Type /Action
/S /URI
/URI (file:///home/v/Documents/projectes/git/personal/infosec/Introduccion-hacking-hack4u/tema_6_owasp/README9.md)>>>>
endobj
54 0 obj
<</Type /Annot
/Subtype /Link
/F 4
/Border [0 0 0]
/Rect [133 670.16992 260.49997 682.16992]
/A <</Type /Action
/S /URI
/URI (file:///home/v/Documents/projectes/git/personal/infosec/Introduccion-hacking-hack4u/tema_6_owasp/README9.md#633-inyecciones-css-cssi)>>>>
endobj
55 0 obj
<</Type /Annot
/Subtype /Link
/F 4
/Border [0 0 0]
/Rect [133 653.66992 401.49997 665.66992]
/A <</Type /Action
/S /URI
/URI (file:///home/v/Documents/projectes/git/personal/infosec/Introduccion-hacking-hack4u/tema_6_owasp/README9.md#634-python---ataque-de-deserializaci%C3%B3n-yaml-des-yaml)>>>>
endobj
56 0 obj
<</Type /Annot
/Subtype /Link
/F 4
/Border [0 0 0]
/Rect [133 637.16992 411.24997 649.16992]
/A <</Type /Action
/S /URI
/URI (file:///home/v/Documents/projectes/git/personal/infosec/Introduccion-hacking-hack4u/tema_6_owasp/README9.md#635-python---ataque-de-deserializaci%C3%B3n-pickle-des-pickle)>>>>
endobj
57 0 obj
<</Type /Annot
/Subtype /Link
/F 4
/Border [0 0 0]
/Rect [133 620.66992 358.74997 632.66992]
/A <</Type /Action
/S /URI
/URI (file:///home/v/Documents/projectes/git/personal/infosec/Introduccion-hacking-hack4u/tema_6_owasp/README9.md#636-graphql-introspection-mutations-e-idors)>>>>
endobj
58 0 obj
<</Filter /FlateDecode
/Length 2126>> stream
xœí[ÍŽÜ6 ¾ÏSø\ Ž(ŠúŠm6ç¶ ôÒ&E<>Húþ@)Û²(ÛÌØ3³Éîe†²Ä_”>Oo1 <>áÿ½øô RŠÝÛ§<>§<n]4Iݧ?O¿ÿÐýÃt׃çGø<42>'B—ÿ<>>½?½|ƒÝû‡õBÂÀڼܻ<C39C>bò£ã~ôÕãéåƒëR÷øŽ$„C"Xê,v<>N?ƒôS÷ø÷Éóøãl\Ü’B˜ h×8f}ý¸-8ì-Ä $‡¥ä€KÂꉰ$˜…\;ÖXMYÚî>«Š<C2AB>¡ìF õaör}Øà’·]¦'´åÐØMÞ¿ðÿÇ€ï}þsêMö}g-qÜZ ÞóÄ»Øç8Ê뎟ÄähœáÇ]<ÅÖt`#iQ<¬l0uŽÿçgú„ˆå¹ñK‰x~Ü5*ƒcÆÍ:§1xû˜(yZ‡hï¦HËؘðJ(^â„ÀëRö~žR[wÃÈ;ö¼y©Jã•zCò¦n0 oK)De-°/æ~ŒÒž3P
©òvnZ
óˆ°Ü¢`{C˜ˆêˆ£I\ë˜;ÔDàŠä8ùY¡ -3Xq!•jª)l°Ð4W—ÒM¢-¥ÚŠ¢â'<27>••,U°ñ¬AÔ Ïb)M(Õ‚š¿Ý]1WAïv¥m]oé¤äg$a<>Æ{.‰<>ŸËR‰g8ØÞÝy£7&ä]»¥‡3&
ÇŽi„?°â^Q?-•Û
/˜ãÈ g¶n¨S°lÌhx-¸è'EœãM„yïK XçÞ—o|NÓ1qþôØ}8ÅØ Ž½õĹ6]²n"eÁ31º¸ DÎwL|ŽëÏd×s-åôÎDÏ•Gšµ9•2ÍÁ¸¤ËŸ Ž³yÔ“É<i|—AG"/ÏV ™%ÒHcIüÀ=déÐNdò“ÌКBã-21£<Å÷YÔ û>[‘¬\ÇgÇz,©O¹<¸F:êC@ ž"…H <0B>‰Ý­ <0B>uˆÃ BcFê<46>¬Å°09×q2Áaã·åHýÌsä°,<2C>‡ÅB6[À¥–©Í& g• t<>"<22> ©UògŸÆùÕ@<40>ç™Ð5¦„Ì€¡1;dY`ôZud±Ù<19>+aò1ŒaQC`ˆˆ%ódP•<50> ½Y"¤³ì5œ…"îgƒÈ R,'÷Rµ±Üv³;âãRñë_§ß>Ó>M]™ÒE™ÜEùО։Ɩk1'þšJ§SDêmÌ9KÌÓ@Ší œûà´L"ÃÛRD¸ 4ERmÉ´æî3=NÐãØ”F¼¶)eÏܼ)½?Ü”jŽ™OÞ^)<29>¨¼jÇè´ª¨ôMÇ[”v;ŠŽë«gSµÓÚ?¥w9Þsïë+ö4ÐjÅG'»²"¦)œYïó<æÖÅFäÖž•ù3»Ov˜j[Øl™dŽŒd¿Ø%l62WÚóRéâª}¯ѯŠ²õ^çs æxmÀ…÷º<ÊçQ¯MÀ£yT<79>yýÈ£µ<>Ãçëç*ÄiWáGuóȳSˆéü€{˜xGËJÀå´ý©2Uí¦ë2nECN2ߌWmÙ\Ê]ÚÁºtR@#¿ZüÕváÉÕkÜêauºÎ•ûÜJ·½GAñ·xŽœ<C5BD>©ôálöÔ¶d>VoGô»µ¨×€Ú׌«ë§^uPšÌù ŒÝfÅZºæŠ¸<C5A0>ŸÔöm׵оÜ&]îf|è½²n"Þ¾n:e@ÏMÚaN½×*~;~[®6èj¤yøþõ<C3BE>²ÝO¬9ˤ6wÏâ°¤ê­ewB-€÷ì¯ôœ»<0E>_в7<TÚÒõäkŸö´7kÝîJü{¶*ZÈ´«&p=—C0oB¿­…¬iÓÁ€ Âzû¤HÕäi-%ª•öüÝ:ñRQ ÕMň¼V€ä,,Ug±G´8^<5E>¸káK ËáK5SkWHzl@Âyv>¹mçïáãeòxr8,Óá~þ9Òɨ­zûq=^Ïß-7¢z|A<>¸ÜºhÛ-ýôý7Ez¾Üúel¢ý˜°ý2qúeâèa úeÚôˤ Ð/“y<79>ôËÄ%è—i, a úeòôh3èaú‰áŠ)Õu*úÔ°¬H•<48>®bZB<5A>Š5:W¬LX§jÂŒkL^±:á·åHýÜ€~6@¿LÌ€–©MТ~Ö¨_¦­P¿LÜ@ý23Ô5¶Ê«vßBý2u…ú1qròõD˜¬Q?ÉFÆÞ,ŒÒYöÏ[¨Ÿ0ˆÜ!kÔ¯1²Üx³CâëRñìµ°„¯öÓ@¯'€ýX¨k¹t9ì§6sÚÀÅï¢åEÙ4â<34>3õüyü=ªÿU;7·½¨¼Ûö@lêÛ6gû#õ% ë™«?{€±p-Dcí@4áhÌÏà—¾ä­¸ÜÕB[¿Æ(7(«[«›]j[æ´òýf|µ–φvÝ7'˜Ã˜
¥}…—iXŠ1‡[Ðo Û æz5V,Õ0HP/|´
Ú“GË3‰Sã³h~6Wãµ°o‰Ûçê¨ |ÏÕßsõ÷\ýÅrµö¶Ç±Ú ƒŸ1¹ç<C2B9>쳶_¹©ÎVºz°þ  m%=kÜMvÙdÊÛ û^SQN­JÜð<C39C>Å˶¬ú5ÿÑé9þó¨§èa;Ôô §Þ&©¯/ÀO®ö”†®ê¯<C3AA>j±©ßÔ5/ç hÅÔ{ÂIé§ÿ;BÉ°
endstream
endobj
2 0 obj
<</Type /Page
/Resources <</ProcSet [/PDF /Text /ImageB /ImageC /ImageI]
/ExtGState <</G3 3 0 R
/G6 6 0 R>>
/Font <</F4 4 0 R
/F5 5 0 R>>>>
/MediaBox [0 0 594.95996 841.91998]
/Annots [7 0 R 8 0 R 9 0 R 10 0 R 11 0 R 12 0 R 13 0 R 14 0 R 15 0 R 16 0 R 17 0 R 18 0 R 19 0 R 20 0 R 21 0 R 22 0 R 23 0 R 24 0 R 25 0 R 26 0 R 27 0 R 28 0 R 29 0 R 30 0 R 31 0 R 32 0 R 33 0 R 34 0 R 35 0 R 36 0 R 37 0 R 38 0 R 39 0 R 40 0 R 41 0 R 42 0 R 43 0 R 44 0 R]
/Contents 45 0 R
/StructParents 0
/Parent 59 0 R>>
endobj
46 0 obj
<</Type /Page
/Resources <</ProcSet [/PDF /Text /ImageB /ImageC /ImageI]
/ExtGState <</G3 3 0 R
/G6 6 0 R>>
/Font <</F4 4 0 R
/F5 5 0 R>>>>
/MediaBox [0 0 594.95996 841.91998]
/Annots [47 0 R 48 0 R 49 0 R 50 0 R 51 0 R 52 0 R 53 0 R 54 0 R 55 0 R 56 0 R 57 0 R]
/Contents 58 0 R
/StructParents 1
/Parent 59 0 R>>
endobj
59 0 obj
<</Type /Pages
/Count 2
/Kids [2 0 R 46 0 R]>>
endobj
60 0 obj
<</tema-6---owasp-top-10-y-vulnerabilidades-web [2 0 R /XYZ 42.999996 786.41998 0]>>
endobj
61 0 obj
<</Type /Catalog
/Pages 59 0 R
/Dests 60 0 R>>
endobj
62 0 obj
<</Length1 7884
/Filter /FlateDecode
/Length 5028>> stream
xœÕX{|TŽÿÍüÎìÙwö$<>7Â<06> ˜Ò%ò c" Ù„<04>Âû]ä¡DYS¤Hc-„‡ˆ±4æÞ^!¶^©<16>«µÑÚ^ŠÉý<C389>“%µµ÷¯û¹gvÎùÎü^óûÍoæœY`࢛0zt΄'ß?=€Ù©7~ˆœ1Ïû†® voÓðû¦ ô=üÛ-j)ÑsæV€FSû4µûU/ð@YBµ[HFTÌš;Põl µá…Y…U RëNjÛgÍYR2¹ªÜ`[M<9¥Å…<C385>ÄH¹Úcˆ>¸”:Ϫ§Üç©Ý³tîÅ“¿´8©}<7D>ô<EFBFBD>œS^T8sW <57>ôí'úþ¹…‹+”S¦ùQ™ÔöÌ+œ[üÄ[øµàW*Ê«t|SbFêôŠÊ⊻ԿŒ Ý'=×Ãk<C383>3ºž:Å
€O! þ^§pâS
ŒKÇ·^7Û¬4„ï‡ï½ùÇ«¿ŸO÷CçÕŸ]ø·õO½¥]ùẇÜØJ8³K´·Ò*†A*ÍëZx<36>a;aì…}pŽÃx>„ÏàãÌÉbY
ó±álËe3Y Íæ±J¶mfA¶<41>bÇÙö.û<>}Æ®qÎ<71><§pÎÇñ\>“—ðÙ|¯ä+ùfäûø!~œŸáÙ4®
ªÛ¨ÖQý Rvb,Չƹ}—:>z¬5ÛÀ» <09> á=„Ç[³ÑOøˆúFô½ÖëFÿQÂB¸žðÄ>Fø¾>N8;„OžÂ' OáW O áS„s:±c<Ù½¿s Ž{ ç†ð„ðDÂyÖlþ+j|Hõ*ùcíôG+W<1F>η¾là
ÂSCx>ái!\Iöì´§UžÂ ? Ïájˆpa/&<3„—.
᥄!¼Œpq/'\Â+Ï
á•„KCxá²^Mxv¯1ÿ"úaûH¯%<Ç>Š§Rƒö ®¯ÉÊÐ|Ɖ ®IÖ'žÂÝÅç®)Ö— <<3C>úõßI8/„§Î áé„ïá$kÈR ¿ÔsÛ²Àñ
ô&´˜ãeB` †2õ]<G»xŽ|ƒçDÏñ.žcÏü.žSO ñ¼jð¬$ž“·ñÇëùïxÃàÙI<§ ´ù¶¾× ¹u!9úŽÔÛ¬ãÚ³Hã[ß¡±á;4¾y»Fë×75ºU#:öËIúŒ!½‰Ðs†ôœÒøÎ(pò¾Ówþ<77>.¢Ü9Ð¥C~{tŠàt÷èB7)Y:E¡>Bt't“¢[ìÍsé>_§úgNû» ô7ßp*üTP¬_SlTû.û<30>ØO<C398>Í1Þ1ÜŽ'AˆÖʵµOì4¶,˜oK²ÇÙìÝííwÚ§Ù§Ûõ9cŠ“mA#OOS3±ó‰¿…N#°™Í
ç
|ãÊ.]&·t³]ê\v©XÇG]9Aj¨ºéÎŒ§ÑF¿N<C2BF>Ž£…¥C=4Ryja;@­#<02>ÃzXH=o²F¶‰÷§¾ð%œ#ΠЈµ
°q<EFBFBD>ïS쯲x…td07ËPM
(•W”ÉJ½ò‰ÒC”*¥I)PªXî¹âÕ |‹ü< Ý¡ž}UpÿˆixR©8á#lÂZ¸BVtïa+ì‡e47+‡U|ŸL=o&z ír¢7±½ì<1C>î8[Í°>ö²fò«®Á:Ìá«($i¼„Æÿ6éj"ù]P¥Ð{šYAò¾ÔG£'[3<>{öÍFùVåØoª7¹Õd²¢Gì{“µ˜ž€8‡â|ü€­W•ƒÊØÚ,€­¤{—.c*aKÈw½,ÓµóEJ«…?*êLÒýîÙ|…O&<26>Jà$ÕE&ùt[<5B>h¤:5šÔqÊ@' ê
ò Óa6¡eô> ý1[I“á¯iˆ¸F{”äóV¶…_ƒ& } bM)Aïp8ªš„œA?<3F>«Ž{Çêü“ò<¿ÊOêßïM<>KõÔAv<41>c‰§¾£#;O‰ùu"¾½æ:Å›|ñ/öï7>;ÏS×>jdHë¨Ô7%<25> Þ¢nê éFë„—~c ê<E¥žÍ®ÍÉÃ6»Š‡õïÌk3pÊ\=·{|O
÷R¿ Ÿ±2*gôÂmßQ6åm~íöU]¥ýû2ö[¥ÖXyü¡ú<>ý—a™ƒîÆ}Û7äWïµÝëÌ·\}“å]«·D±ŸüT!ÖoWn€é3U´ l8ßr'¸Î·œoI<6F>Ð4oT¢@[Ƶ]AÕyý¯•¦>d;À>â«ø:Ò¡<1D>=\a ¸.¼cˆ¦F$E&x\û¾n¿¾·@·C uÞ£°Ž³ˆV\mdg`Kê<4B>´ÈäÎ<>“R÷§#¦/[„þ~7ÄÒ÷<1E>EÀ,þ,¬QhûÅ<C3BB> dâjK*M°êŸë5¿KcÉÜ\Û~½V4=W÷pCÇ%e+­-tƒd„©&<6A>‡?m‰KÄøȸU÷ôòÕש¬×\ái¾pÍÅ{ù@sArýÎÝóÌ3ô{æ™Ì"¿ºqC~Å,"[6Éw¨6á46ˆ¥ÕÈ*ùˆÜ «Ø¶„-e[t¯/Òa*yc¿?2 k^#Ö¨Pc1w7Å#tg6×ùñua9yLjÙ?4¿¥¡3$¾«zðÉArì•0 Søô!IšH÷¦iWÉÆɧYñ¯Ù¸¶ýµJÕ˜ú1­Íz.ÐjSÆÇñ°×ß+&6£ã5¡€&„åú‰ö¤£Æý¸B».¸¬œY㻹Дàj_™3¾.*gÚø:wÎ4šO9pú´žÍ-៳ºx—Ö-ƒÆæ÷ݯäŠ\u©²TTÇmˆQiOŽQbiqÆ/€jÓÂت¸ñôI³6vmÜÚøƒp0NÓ½äDú`2œ¥JIîaRÓ‡³4Ÿé6©& Áëm÷RÓ
'<ÿÈŒs—žÏû”¹GMWkkk±Ç‡Í}jì¢`ÖÝïÜéûô<C3BB>Z ÿDóM§)e?ÅšƒÖø˜€èÈ´©5á ³[!ÞdVìN×…ñu6òÚa8l×>ŸÙÐâÓt/ŸÏlñ…gt:¬œ%§Ïê®Þaƒ;` äC,¢#ŠÅúB
ëƒÙDvŸý>G.<2E>D²¥¸ž9ÈE KÂ4<C382>[KÖÒÑ$9“é²¹ùlûCÂÛv ›ÚÒÊVð&ÍÛAy)<29>ÜEþh¡qä¨)4g¢Ö @F ˤºÚÞiÐôÔø­Ô×g/ïUZÈ~RFG]rG24ߞǙ cE†#faÔ™T­LÌâéö<C3A9>Ï1Ùž&šs[׈¾úšqé'R#†VxÃ?4ZÒBáz1ÍJ<07>SL­*¥•Iï´hh5늲ºC<C2BA>±°˜éͬï÷a¥ìnè¦9óòù5R¨ëaþü¦#:ÎïqØcglº?+Œ…ñ05ÌyP ðXTfæ&´(Q,†ç²<žmŸÅJùbVÍ—c¥²H]lÞÀ6òÕö<C395>üi *Ý:'Aß0 “ùIù÷ÊeWxÆ»ÛgllÎö<ÔÚ—­kÈß³äyyn ø#a‡e Ûá2s—DŒÃñ%ÜØ/hŒYЗÄá,ÓÒ<úFäM2ž}{â*KgÝåEÙ(³Ø³ì0 ÊR™- ÅÀX4Àú±näSrµ\)ƒ4id]y”¬ÛtÛ¦
ßkÌ;”_X³¨Š<>lûÎ74è†[ŒíêpwÙÖ·Y-TÏb]{,»=ƒ_o.škåèÚöKµ<4B>ÚMÝI»BM5«\cܬ?<3F>šZ«%˪r4#¼h¶ÑÒ
«)^n%ã2ÞÖ¢uΤ¾Jºý}*<2A> 4‡2ñp…SŸ¼\Ô'έܭFXSxŠêQS¬ë 5ÝZÆ—óeêëj¾V]kÝÆ£‡É¬ö2÷¶ b™˜kηg[ªÍKh¶àÝFîÒ”ÒŠ¢Öϲþl[Åú¿%W5ÊU ¢¹ÍŒ×[ûŠîmô1Úz14«9äyí‰/ùÓ)7ÑjÒPA¡)
fÑ'd$*;,îŽ56E˜P³@|”SXcbí‡nk¼]IÐ#ßÖ »¯uÎ|¦¾9‡gèåÖ…h숇ý‰Fú.<2E>`”°ª ‘ÌÍ£°›â/óòìeJQSÌ)Oâ`6˜<36>f£y©X¨,"6š6ª;M;Õîä-KdÝ"qëËô]ÄE$%o°¾kâˆ7½ÿÚ¸G_ø5ûƒ¶uíäö;¶ó“QÛVÊR¶*8³}“h~ïw[ŽóûÚ¿Ø°nÝzãBïÅ©&7­õxê<>‰=N÷1a~ÌYÏž¢!™ß£…ÛF%ÙîóéwùjC«áÔ#‰«kÑÈy-9ÝÉõ—&¤ù¢˜;*4°&ÜW_?ì¥å<C2A5>ÐѸü¥ö·Ÿß¾ýàÁíÛŸÇ#ü¡¯[
ÙHf¦2²PF6~òI#UÊR:Ó© ôõÚ¦úSLáè00%¨‘ö ¬<>;ãRA 3MÙš9,;>Ú;:Ù˜š6JMã=•™yùªžá”ŸþˆÔžÙ=+znëYC嵞õìèi¡që/š¨H
§1ÒÛ@Z¤ATúŒ:½öÅSÇ*n=p¬rÑÇŽý°nÉÒpÓòê¿}Üþ ßû“=§ö·oà{÷í~í¹ö JÁ¡Y3—çWu®LpʯÞk<C39E>äÌ<0F>ûþ~MRšŒ³Oç'Ø£ß<s}ÿÅ/A€ä> sˆ<6E>êEªÆÿô Üä#|ð_Ñ'–è;~çE_tg…S_1ÿø2}òmºØúÏeþÕK¸aþ÷ñ¨<C3B1>”%zT'aô…RÚÑôwÖÓúßJ$<24>¢§~sÒYåfìw²gC˜<43><CB9C>=ÙuWè\úÇá–~å,ÀÎ~Â&°²¥úIW±<57>¢T ¢`Pë'‡~!Œ·ô+·`Agdw›ôŒ„b:_B.<2E>ƒ§Ðs<1E>œr©¯žetîšG§{  :å—Syø6O—ÔÝD«€%$Y³(6 Œÿ,Šè<¦kH¥Fh&qèÿ½Šj%é*„¹4rŒ%=EdË#`LîÒUe´Šé©<C3A9>­šîâ´þ VwYÍ!KÕdk¶á×,c…$ó¿³x»÷EÄ[hh+6$
<0A><¤E<C2A4>\ñÌ$½eÄç!ùr²^hЬ#gæ.œR8¯*·¸²ª¬|žÇ7 mHVyùÃ<C3B9><14>Nº»¼bIeÙ¬ÒžÞE}<¾ÔÔ4ÏÌ%ž¬²U * çöóŒ<C3B3>W4À3bÎÏd<C38F>«Ê3¹¸ª¸²º80Àú-ÑÁºhNaõÜÙåófy²
Kÿ<EFBFBD>`È|Qiá¼YÅUžÂÊbOÙ<OÅ™sÊŠ<<3C>ò¹…eó¬<C3B3>yk\¿3þWÿÖUÏWû;nHluã×^¼îïx͉“xUâ{ñ¯NüK¿ôâŸ7<C5B8>øE?bK+þ©?“øÇaøi~"ñ¿|xåòq%ˆ—‰ñò¼ôñ@q©?ˆ%þAâG>üÐ<C3BC>¿â„ã®À÷Oàï$¾Gìï­Àæó÷ˆæ<÷nœ8'ñÝ8ü‰¿‘øïÿMbSßiLïHlLÄ_ûð¬Ä3ë5q&ߊ‰oJ|CâëOK|Mâ)‰¯J<)ñ„Äã{Ä+ŽI¬?zBÔK<zdº8z<02>®VŽüÒ+ŽL÷wà¿òK/¾"ñå –ø’Ä:‰/J<À_8ñç/xÅÏøBm¸µáø3ôÏZñ Äç%<1E>øÓpÜ/ñ¹}Nñœ÷9ñ'¬!–š >+qï3v±Wâ3vܳ;Fì àî].±;w¹ði+î”øTÐ!ž’ÚÄ'ŸpŠ'{ãNÜÞŠ<C39E>o;!¸mët±ín[­lý±Wl<57>Ž[ýÊ<C3BD>½¸Eâc<C3A2><10>I|tn&77<37>ÀMmb“7Úpulà#©G¼¸I\·Vë$®Õp<C395>ÄÕWIôw¬\±B¬”¸b.ಜH±ÌK%.¸Ø‰ìXmÅ…´bU+V¶âüV¬<56>X.qžÄ9Iø°ÄÙZ˜=Ë$®ÀYÔ(X,1 ±HâL‰…ð ²ãt‰Ó$N•˜Ÿgù­˜¢bÄ>Ì•x?Y¾? s"q
s‰)Ñ8Ù<38>“ÆEˆI³mxŸÄ‰\b¢Ä .¼Wâx¢Œ—8n¬KŒÀ± 1Ö…cx<>ÄÑAÄ‘ïæýÅÝ­˜uGŒG¿ÄJþƒp1Ü<31> ?ÇÌ»"Ó߆w9p˜Ä ‰C‡¸ÅÐV2Ø%†¸qpºM vaº %bš}wÚ„Oâ<4F>6Lh©ý-b€ û[°ŸûÞá}xGŸpq‡û„cï^^Ñ{öòbŠ×&RÂÐkÞ“%öÃ$ò3)=ìÞŠ‰äBbOŒ—׊±YC<>‰ÑìFê&1Š„¢b0R¢[b„Äpb—¨¯ZºV`X<00>ö(á<>h'n{Ú$Z]hh&6³DÕ<44>¦*DT("zQÒ½KðþÈ\Y= ¬ßÂúþ¸àÿzÿôJø(çx
endstream
endobj
63 0 obj
<</Type /FontDescriptor
/FontName /DejaVuSans
/Flags 4
/Ascent 928.22266
/Descent -235.83984
/StemV 45.898438
/CapHeight 358.39844
/ItalicAngle 0
/FontBBox [-1020.50781 -462.89063 1793.457 1232.42188]
/FontFile2 62 0 R>>
endobj
64 0 obj
<</Type /Font
/FontDescriptor 63 0 R
/BaseFont /DejaVuSans
/Subtype /CIDFontType2
/CIDToGIDMap /Identity
/CIDSystemInfo <</Registry (Adobe)
/Ordering (Identity)
/Supplement 0>>
/W [0 [600.09766 0 0 317.87109] 16 [360.83984 317.87109 336.91406] 19 26 636.23047 36 [684.08203 0 0 770.01953 631.83594] 48 [862.79297] 53 [694.82422] 71 [634.76563] 80 [974.12109]]
/DW 0>>
endobj
65 0 obj
<</Filter /FlateDecode
/Length 289>> stream
xœ]Ënƒ0E÷þŠY¦0ä±@HQ¢J,úPi?ì!±TŒeÌ¿¯™IS©@:š{¯Ç3ɹ¾ÔÖHÞý¨ Ы=NãìB‡WcE&AîD5´N$ÑÜ,SÀ¡¶ý(Ê ùˆÕ)ø6'=vø$7¯Ñ{…Í×¹‰ÜÌÎ}ã€6@*ª
4ö1é¥u¯í€<EFBFBD><EFBFBD>m[ëX7aÙFÏŸâsq8ãnÔ¨qr­BßÚ+Š2<C5A0>§ò9žJ ÕÿêGvu½ºµžÔyT§©L«•²Q^0<>˜D² *2¢<eº0íˆv¨à”=§ìX¹¿P?÷åo<1F>¶3eœ$9Wr<òeÅ=MëëÖ-<F§fïãÔhU4®uPÆâcnt«ký~'“š
endstream
endobj
4 0 obj
<</Type /Font
/Subtype /Type0
/BaseFont /DejaVuSans
/Encoding /Identity-H
/DescendantFonts [64 0 R]
/ToUnicode 65 0 R>>
endobj
66 0 obj
<</Length1 36236
/Filter /FlateDecode
/Length 18368>> stream
xœí} xÕ•î¹UÝUÕ]Ý]U½/êM-µÖæn-^¥ÖjɶlɶlÙ¦mÉ7À«Œ±Á Ç,ÆØ„$€<>°M2f±BÀ!™Bf&“Io†dF dÂd¬~çÞî–åØν™yùÞ÷Q¢þºu÷:çÜsϹ÷¶*`Ñ’Êøú¿~ãabÂؾe-<2D>½¿ùÉǯâûÕηÖméß&hp·`zٺݻBå¾oàì¶oܲû…W¼7<>ýƒÛÁ€Ð1ÚÊÆ«÷nøàï`8õ7æ<C383>-{>qt À|÷¿¶i}ÿ€xÕß|<00>ÿ#Ì_» #Ô§Ìën¢ï¶ìÚsÿ ÊI|ÿ;\}õ¶uý<75>Ïývë?<3F>íçméß³]xJú!ÀHæmíß²þ‡ß3ÌÀ÷˜^º}Ûà®ô,8¸‡¦oß¹~{cÛËÿï÷búÀs+É<> ÇðóÜAÌq(ó$?Ç2ÀXY¯ãŽç<C5BD>V^-<2D><><EFBFBD><EFBFBD>LãÅKé¹0<C2B9>^<¸ ËIÜÓ´<35>`ÝzB/½ =ϳ0­ @÷ ÃtóËÖðmé5<C3A9>@NŸCºQ4 Q3¢‰¡,ˆPP5°"ZÚÀžþ°ƒÑND'C¸Ó7C/Cøóú!1CJÿÂFÌg<18>(@,„BÄ(Ã"ˆ¦?<3F>b(B,<2C>ÄR(M 1†eC,‡2Ä
(G¬„
Ä*¨DœUˆq˜þ «!ŽX ÄZ¨NuP8êgÀtÄ™0qÌLÿfÃ,Ä90±žaÔ#&¡rèwÐGá£Ø͈­Ð‚Ø­éßÂ\†í0±ƒá<hGœé`ÌCì„ùˆ ßG¹èDìbØ Câ†K¡±§Ë` ârèAì…eˆ+®„别 7ýk¸V ¦`%âjX…¸®H<C2AE>A¬Fìg¸Ö ®ƒ>ÄèOÿ¬g¸Ö"n„uˆ`âf†WÂÆô¿ÂU° ñjØŒ¸®Lÿ
¶ÂUˆÛn‡«Ä<>°5ýK„mˆ»`;â5°q7ìD¼÷À.Ľp âupmú=¸ö ˆ7 þ Ü×!ÁõˆûaâgàÄ oo†ýéwᆷÂÄa¸ qnF¼<46>áA¸ñv¸ñ §ÿî€Û#þ#<1C>ƒˆwÂ툟exÜ<>ø98Œøy8ø¸ñnø,â=pâ½ð9Ä£ðyÄûà ˆ÷Ã݈À=é€/½ˆ_bø Mÿ/xîGü2<<3C>~¾Âð«ðEćáKˆ<1F>…¯ ƒ¯"gxF| ¾–þ|A|C|Ž§£pñ$<†ø$|ñ<Žø|ñixñE|N"ž†'ÏÀSˆßdø<<3C>þ<Ï ¾Àð[ð,âpñ%8“þ{ø6|ñexñ;ð|ú§ð
¼€ø*¼ˆxáwá%Ä×àeÄŒ&ÒãŸj¢O5ѧšèSMôÖDŸÚDŸj¢O5ѧšè/¯‰èh7°±mdcXfãÖÄƧ™<C2A7>I <1B>
i*WEV6flllØÙxp0‰w2)w1iv3Ùõ0Iõ2éô1)Ìc2çgdrf2Ï$ Âø]À¸[Èxeœ+b*fü(aÔ/e´Ž1Ê1:3JU0êT2ZT±/Ÿ¯¦ÿ5Ñ÷Ò?AMôzúoQý±~œ~ 5Ñߥ„šèçˆÓá¥ÿ5Ñ»ˆ3áWé¢&ú5âlø ý&j¢ëá“ôP<13>K¿IÂ!6=b1¤ÿ
š‰±…héïC+q"¶oú»0—øÛI8}:H!â<R8ŸT¤_<C2A4>db'©M™éoÃ"2±4"v“¶ôK°˜ÌK <>NÄ¥dqúè!Ë—‘éça9I¥Ÿƒ^ÒŸþ&¬ ëW+Ó§aÙ’~® ;Sd7âj²7ý¬!7 ö‘ˆýäĵä¶ô)XG§O¹ q=ùBz6<>£éoÀFòEÄMäËéÇa3yñJr"ý\EG¼š<™>[È3ˆ[É™ôqØF¾•~¶“—w<>³ˆ;É÷Ò_ƒAòâ.òÃôÃp ù[ÄÝä§é¯ÀµämÄ=äÓ_†½äŸ¯#¿L?ד_§¿ûÈoo "ÞHþ<48>¾†È8â~Ž ~†Ò÷ÁΘ¾nâ,ˆ7sÖô=p çD¼•ó"s<>ô`„ËOnãŠr¥é»àv®"ýY8ÄÅïàjs3ÓGàW<>x'׈øYnnú0ÜÅu¤ï€Ïq Ó‡àóÜâôíðnâÝÜÊôÜíF¼—[x”Û<E2809D>†û¸«Ò·ÀýÜVĸAÄ/r»Ó7׸ëänL€‡¸›¿ÌÝšþ |…;˜¯r‡æîBüwOúFx„»?½åD<Æ}%}=çA<ÁO_<07>qO¤÷À×¹Sˆ<53>sÏ ~ƒûfz7<Á}+} Œr/#žä¾‹ø$÷ýôN8Ž<C385>ø÷׈Oso¥wÀ3ÜOŸåÞNoƒÓÜ?¤·Âî]Äor¿J_ Ïq¿A|žû-â ÜGé«à[ÜÓáE.<2E>øÏ¥7Á·yñeÞ˜Þßá-é ð
oK¯‡WyâYÞ^ßåéµðŸ<>ø©Mô©Mô©Mô©Mô—·‰èÅáÍãmg«Üô©CíAãi
¤ÓìfKÝ8ŽZÿtýüÿåEWãÓs¹@<40>øAzœŸËIô=½<>ûž€ˆšóÃôxzœ;NsâøUÓsy…­à¯…H;ù<>[ˆùÿï<>à©¢mæZ¸MÜÛ¼Dfq/€„Ú¬ÇÚBäÙ"bBí³uÉV³¯ 6éC 1ŠTxc»pÌÍÁ݇ºlê†kp¼Ç1­ó><3E>å¾ KÞŠ€QîDÝñ
ÆnÅr¥¨#fã{ ÊÛ»ØZ|‡ÜŒeëÿþ3×Züª>úÕHu¤4£8$z{.YÜݵhaçùó:Ú綵¶475&êçÌž5sÆôºÚšÊŠò²âhaA$?è¶kªb<62>Iô:ž#PÖ <0B>FûFuÑH{{9}<7D>ôcDÿ¤ˆ¾ÑFµ]˜g4ÔDz….̙Ĝþ$g2“39“¨¡Ù0»¼,Ô <09>¾Þ <09>&+»{1|GKdEhtŒ…;YXe/f| ‡±D¨Õ½©%4JúB­£m»7líkÁúNÊÆæHózc9ZâFƒ2†F#ÛOâzÂ\qëÌ“HfÚì(_ØÚ?0ÚÕÝÛÚâ ‡W°8hfu<66>
Í£"«+´™ön<0F>,{éà¡Ó*¬í‹™"ýWôŽòýXè ßzðàð¨-‰´Œ–\÷Onüäõ£eÖÑX+¿x¢2ª/T#¡ƒv>2öoÆôgc„BõC Aú‰dÂô\°oØCü¾p˜öåöÓIX/£û»{3ï!Xë{’•±£\My)—âè¡)ûs)Åû"aʪ־ì»7¹G÷¯ •—!õÙ…ø¦‡FùhßÚuè³ýÁHKK†nK{G“-Hög¿µõdU%æïïÃ<C3AF>ØLÉÐÝ;ZÙ>j<>4e2`Dˆò`ó’^V$[lÔÞ<
}ë²¥F+[[h¿B­ûZ2¤uEº{Ï ½òÎÉê<C389>ïT-˜´£ÎfdJ´õ`ïÀ†Ñ`ŸoåsC¨×M®@ò­ˆô®_A¹QGKÞÁæ¬EV
¿íOrç2Ó/ ¥P/çãWPnaD¨ !Ò4Tdê%>ÈeÃV²9hèzð…/ln§I<-ÚÜî ¯g®?Ó%_¶OúÂQiR]*FLô)ÓÎe»ÉM;Tj]ß2©ƒTªÏv0[Û¥ûÉQZdÆeg{.‰/ÄqVâ(Ý¡Qè
õFÖGVDP†]½ôÛ(­ç/‰Ìï^Ù˸<C38B>¥¼eÒ§O¤eC£\3
`[Ì—ã){ŸËÞ'^Ûÿ$¹#—:(Eæ/9HkŽd+„ÐÁŽQ@Mâàœn­ÎŽß6To¶þHH µì?<3F>Þ¿öàÉdòàöÖ¾M3i=Ž<E28098>ƒ%½³}¬{{oð]G³¢<C2B3>=iSy*Ÿ¦“2Ò}2IF¬ì=£„FöžäHÓ
*ýîMø<4D>¨ìZC”8ûVl:Ø·Š68<38>ø%ztª"õ' '˜F<CB9C>õM£r¤‰Æ7Ðø†L¼@ãEd qr:wðèïpè·´$¨­¾äß´wè߯ˆ™T“ò;®†{<7B>¿‡ÿ@w£Þ¬Ÿ)oÿ”ùKØßËR¯Ao¸ÖpÌð¦qÿî2¾o|_6Ë¿5­6ûÌ;-IËKÊ”WT§ú€ökžõ3Ö¿šüg»Ùööƒ‡ã;NÁù¢+èZê:æ^ìñ¬òœöxï÷•ùÖäÕç}.ïþ5Áƒýòþ/lò_ÉòoÎeþº'ý­ÿ þíÏØ™?ºþ¶<C3BE> ÷­Qfþ=ó½ƒÏôÒç¿£O¤W¤Í÷ò/ã«!c£µVãäeî×(_"x“Fg‰$ò•¯W¾NÔ·_Çÿ¦U%´°V„wœÜÿ÷ësÖ8wðÜn, ÓsÉ^Aï»?Ù¤óK<>œÁHŽiü½¿ÝHŒ"2y_&OÉä!™‰_Þ"ß óŠLäåXÁU-²q€×­…†DC¨o¥Î¥Î¦Øµ#®¾Š¸#>­ÊfwºÄ
RS][ç²<C3A7>Çæµ7-\³faSû<ÛÿÓTùš<C3B9>þxMy꧴_bz.|”ë—Ñ¡+ÔqŽÜ­{W÷Ž¿YGt¢¬ð$Í“çxòOöóÄʯåwò<ð„ï¥ýRÄ öK<4B>kyÝÀŸïWu´¨.@vA,ª'Gÿl¿¢é~ôbvb¿*΀<C38E>~'é<>ävøfÑh´( æEfÎ,
P™¨LÍ:£ò<C2A3>ÄX<VUç´g¨Áæž$…¡v<C2A1>JÈNI®ŸîJl®0»eÚÑÈräiyÒzUÏIú$·tO ÛóŒN†
ÚádñX,…,öþÜûÆ´ªÕ)[Âñ~ü1Y¾œÖ2mþo¡/+Cþ©¾ŸN¿”4™í ˜B×AÃë;¨€Äv`ßìB$?Š|IÄ<49>ß* è]ë+.öá<C3B6>µ¥ßC)¹¹ÁCQÒÁáㄳŽèx~€ kÑPnÀTªo džoxeZ•+Bs×<73>%©3ükLRÓp÷*ö'?Ú¯*Ðé9<C3A9>~ÿ>møL0 ÐXãi$ªRAG<41>Ã(šÑŸ}zhRZ¦*L‡„¤Ÿt"@§ jVX ¨& bØyˆ~û)LÌ<<3C>Šf¡<66>gh.ù0ø´:}G ´76 k*>´#<} L5ÄÆbôFªÅðSßb<C39F>iU@Ÿ$½lŒŒFÒÂê
.öˆ×sñë·l¹žÞd«9X<1D>V͹'Yõ<59>çŸÿ½glXP^¾`ÃŒì“r3…°½:t%kxÝíb#!(p XÌwˆ_¹5â6qHäE8¬šB¦*S—©Ï´Ý$˜L¼¾‡_†üAaL<61>%R±\<5C>z#•<>Â_OêZD³ðbjÆÕåM)S¤¤ÜÁE<C381>­ÕçæsÕ²Ûi©<a~…ü+ƒNVò¢ÍÅ»l·¼]äm¢Kt©ÞC&HªHܤd@V^e¼ÞÈ©å”ÏVè, ìÓØóµ¤ó%| ªŠ
r}<7D>ëtú=Æx9+ºL…Xð)ã0ðÉSè,,ͱï<>ªJYŠÌ"P˜$Œé56õ@ÃXeJ"³Î˜‹Å)·Ô·Çvœ<76>S¾2†)••ðía}L¥xƒŠòKìTj¼#ìG«kªë¹ºz¾&ËMÄ<²˜ü<CB9C>¿jv@+/ö‘†ñ+H0^ð”G¶PÌí¯ŠzÅ
CA¼¾`ËNWÐÜØÐ*âÚ"Á¤¯ìnOÜ••ñ¼@ižYu¸„&£ßk]<5D>T®K@~‰TžßI “»Ãd8L,ÒAïF¨¥#¤ZÊŒ‰÷“k1°Bݬrê¡##ODxvØõQŠn‰rƨ1Zs%O:øŽ‘`ŒXbDŠÍt{jkfD£Æè…#5´Þš*‰¹j¹ÛqÄ<13>Ì80TêQ<C3AA>!ÄÆâ(6c3æT·úvœÒn5ªÑ±TŠ/•RDß2£¦ÕÅk)Éb¤†Ê~†zB†xŽ*Ãï@2Gò+8ªÿaEg¨ºµÀöÔ”åÙÃ1wU³«ÀTXQã¯ëªöÖ—ùâ…®`ãÚfo]U<>µ´Í¢g<>Ñ[žŸWì•ó”¹M•}Óšj;íR bvayçô<C3A7>d2éº%/ê TeœGpU²¡˜#F,Ž˜žë§ë9ƒž(z½ùvÑhp)v2k<32>}}ÈÎÛo°8Á~Øl z¹G9¬ÓéqD%Ô1:¨Æ•cq¢¾WÇv®N©oý<>Çñ•¢S ¬NŠ1TÏŽH r“Ŷ¦%kªV,^¼rüû¤60gfÂþ³÷ˮٷ§j¼}ÁÉ“äîТe+ctä7¢Dü+ö¹ªê7;•<>Y°Pöå_é$ÎC
ä9‰/<2F>Häö<C3A4>ÏòùBsq$ÿpû˜bôI8^|T§ù¨ ˜é› Á'…Y´#fZµYb² -‡ ëéwÆ2Z<32>~ëÛñ·f Çp  , Œ¥^™à»<C3A0>N¤ç™:Áy¤Aرðß½çŽ`C_“·¶2±szùœ¨æmÚºTGž#:<3A>Žœöl¬X8Á;{~¹':«Ø1mÙâîòEJ¢®¹Ù€3
áNƒÊáÞ§Ëé (ÈÎ(^Ôô‰ºü“ä T=<<Ëy¢¯ˆ"A€Ø×C¢íZ Ü*ß-srøÐ\XŽ#ŸO¥ä•©RŠq/Žè©ÒA²éÙTÐ0†¥2Á¨§p< ¨ŽM%<25>)<> Ps¸<73>åõ$#ô”2Ñ:Ðh˜¾ñsWˆ³úT½<E280BA>Y«]ÞšÅÓw^ûNdv€S°º8\07çúû¯¬# ‰»zÉ“Z0«³4ÚÕTúÀf³ìËΊä•%Ü-í(7³Qx>d²^˜´ZP„Eýí**ƒþ°ˆÂ‹<E™UߣŒ&"åOMØ<4D>]ýªPÞ´(:þ9îš›ºN>z¤¼»3zËמKQ¯†ê¨s¨£Â<C2A3>€Vb9ƒSû{”Øq¦y>TÍYVðT1SßJ#05IgZªÅù(wÂL$¡¹1Ô8­R©¤E+•ÆPe¨ñv¥Ò®T6*THë0ºK!!*škB§ü<C2A7>±ìÐn
~êÜúCšD«ÑòUnc¢„BúGœt§ó³·(Ûleã'ÈVä£J“ôTÄ33»u†Í6ªÞbc?¢ó;*´Œr¥bßÖÅTˆR±aË+*Þ˜÷GY Ãï¬è³#J1ÇvÑ©Ÿà7 ±M² \õ„œóÏX6½qyµÓ,q­ Ô-¬šÞ•piþBûîñûÌ¡x4?RÝå ÅåÓþ`Î+ …ÊqòȯƟ*<2A>[ã/œÞð×TZ¦o‰¶Vók¢,ß<}ÈZvڃŎPU<50>Çà™Gª” Ã,´:Ë¢ƒ§E>Giy•<79>¥7rÁ„ŠÉ™^\{Y8»,{ <09>-ìùI²§æ€!ÌfŽð!ÐÝÏ?Æs×òdšä¼¶‰r+œ•±lé-¥añr§UÐ3Q[ÕmD£ÎÄG%L<>qöêŽð4È/??öb™ÁG§tõ,ê[<5B>Ž½*åX5oÎ#ÔèFª×YHŽ1”%b¼¶®¶ºfNòáëßçÖ/H˜¼M#pÆòY<C3B2>w"õþICð¡7þ†,t×,<2C>cR"8þ
/ØrŽ@‡[„#0†#p.úüÌç$.
ŽEáP“2ͤ‡."YÅbÕ@µ| , iÎ $óy<C3B3>ý:Þ®ãõ¨xYÜ@Ð ÒÑ‘¦¢ÞÖŠ¤KØOsx*S¯Ç^<5E>4-*ÕÉâÊžî‰W´ùêô}Qa<51>—ŒŽwyÉ:òBç³]ÏvÞ… áyõ†nøÙP<>AÕ؆ªXÌ&Í$J£,È:·ËéÀ*B&+Y c`P<>í¬Ç[mvί´‹Í&ÒiÂð f²k&ÐAó¢“ôn÷>ä}Ó«S¼$kÄzxÝ^÷Ç6Ç<36>ƒ·:¬“Ödj”…&æWd!c7etj‡zVñʬ57õ7HŒŽÆWô¯¼x©höœx y W<>¢°H§¥D€wñøf!"W¨Ôñ³ ë‹Ûš›
V45·¿<6A>4Ë——ŸÜúܱ£óç=öÜVBuþü¯R/mYú\÷<Ò«í¶á§—;HÕn[v®°©,€Ê‰f!jÁn'Éd<C389>3#ý¨<1B>IŒwVá¸rÎœI¥?Ï@:=ÓõÇfL¯Ù'ÛJ÷”€ ·zƒûôÐ h`4$˜5Æfã<66>ÆⱬOò#jÞ¢BJééü«M2µ¨{KNפ)¹h²YF4Ç´iUv{Õ´*ÇìÍ<C3AC>eµåsÚ<73>Ž§eÅqÅ:gF¼ÓZJoØP<C398>¬ôåMk*,,ÕN'蹇ô8m[cm‰Vë¹6“ŽßÑ_‰Èy¨°*óL <0B>ÞÒP ÄcâPva&ÎÙKPÏÁ»ÉHIÒdmßÄ“€„3ô°ïÇÑGgrUQò#%^ª'Œ™ù<©"<22>¼»õ4žÄù UãǶï%ífœ©U‡D'lÊ)â>…Î>tjPhÍ¡©Óa¤ÊÄØšï¦QùAš<41>£<E28093>¤<EFBFBD> î‹°´,>ÛèdÏx Ì­`A¢Žg| õl<^™`B*FR1ý$•ã+øóÎ ]áÉþŽ=Ë*kVîi‰µ&BBž!?ðÖõÖ‡ý3—ÏlîuzÄÚv¥êŠáåˇ¯¨2©ª®K°X Ñö<C391>Éú Åyr—^±©M¥ð
~8<>ôÛUú9v‰gÇY®Ó®¢pÙwCÒÀüàO¨?Æƨ<C386>æ*p<蔎¼. K¹öQ=Ìljõi”.fŒÖöIzJ:}s RT?ŠeheÜ'4tP™ÝC¨'¥b¦wdú†Ã=¥ëKJÖ—öÞ0}|øàÈÈÁrƒ¡œ¬ZyËò˜2Š±å·ŒßwÇÐÐ9÷kªù`u“ 5I¿È+Æ “Œf<C592>4ÇLú½¢H {å&~/i¤n3l<33>1cqõíÕ©³o°e0Gîoytü$üm²†{zÉÝï/<2F>L äÅItmeVµ1SõDÅçë}kr¥Ú2ò•ñ‰ü±Â.ÿ6“÷ßr«™¼ÿðifšP<C5A1>LQÓ”Z¤.gÑ IJ¤ÓÈÂc%%I$pIRF*t 2<><32>î6Ñ&:(‡’&Ê"ZÞt¼ØÅra„ËKóz÷i„ˆN*û*ÌN<C38C>òNk-*ÈÖJ æg1cÁ>NDŽ&¨0Sƒ?N£(×9¦¦P¶?B;Ïš;$¡YøÈ…òM&Ë79×o*ŸÕV<C395>ñ½­•Õa!èï‹×,Ÿ“|Vé,3é^g4ŠUWÜ:!âÝ6ONÀ º,WàYä
g@<40>êQC€žè<C5BE>˜Žkä <1F>{7…²gKheýýÜÓçæÓÒÚ«_ÅÒ6Ø{<78>…}£J´A Š<>ØŽ9ÌæÀWÙH#<23>t@(F"íÖFÙBÉì§~Ö>#[U2ê©RÐScU/IÙÑ@µlŽ¢J<C2A2>Òk,ã
ÕÖh òUGÍŠæüùƨ£9ÞÞÔÿø²ÆBY³:•pÇ
òzN?ƾëÁ—4ƒ¨äŽ |£~/i¢ÈFÝÙiU…(| <09>|<¾¦éRüì±d3šê…X²„Ì;…¨Fµ¬{„Ï0ý«ÃÓ¾!üH˜û8Dõ“ ~â¡+.˜¼ÜCÜTŽf`Øà #O,Üf ùØ@$É-q¿—ÈO¤÷$î¨t\âF$²Y"èY‰wk<77>hÜ°†dUѬ{éi¤bìx<C3AC>­°¡ P
Íí<C38D>ü£>â|$<24>Ü÷…<nQÉ+Ù½»|zT=®ò*ÍÅŒ*™HòñRgÒhwî+)É 6å5úµÆ|º0„ÖI¾ˆežuxÈQˆ³>Œá}j£ÚcÔ„G•ÍŒ‰Jº†÷º­±ÇR?J<>û[LjÿÙ÷nLK¥PijÄ°${ u_¡/¸ £<>>¬¶H­y½Hî0†£±hØ([ôktF³bèñÕ×Ït»gÖ×ûzòµ5zœÍÑçž·lUwRÛ=>vhå³'<27>Í/ÛsÓMµµ7Ý´§lüäø}‡ˆì^µlž;+Ü&¿w'CÃâɵ2áeaP•íª¬Z™=aÍŠq3¸ÙÁIâ á˜ÝÖt»x¿È]'«D²R$"¹Yý¼Ê­Uwª—T»TήV«œ¨Jš\ÆF© 2fµ»R©5˜¸¡d£J8ǺړJ…*ZD£A1ä¦9g4ÍmkÊ[ÓYyÕæThMáë6¬Y:‡j1~Ë#5¨ÎçÓ‹Úo¢n´AŸ¶†T¦ÏÞ¡«yõùüàh¬F§|Mb«bšOÌÎabÖÓç³ïô™t`D€jºU<55>Ý™!<21>ÍAŸI….4Ó1n<^ò~ ±gÕ![Pñ33%Õ1´= íU°p¼Ø“ÍÉžÆÌyö)mÚf„Ξj¬Döé[q˜¢Ü0˜¤K'BÙµã‰õcÛ$‡êºI.#U­3kVími¾veMÍÊk[ö®ªÙšÕSS³tV(4kiMMϬYµbdUEŪ¹gÃÆö¢¢ö<C2A2> Ù'µ<15>üsÐV°@õýSÔ™ ®œ9ãê=<3D>O÷nFL5ø€A<>ù­{QÝ4eŸ Z3vhf6üˆÎ†TÛÑ/¡«ß.FP(ê‰+_ÔrŸ@,w}1Ö½«£³¿d}¼>Üïª ¸ç·m<C2B7>ÝSãOs<4F>Å~ü}s°¶´¸:hÊÈÉ\&'ˆù ˜3 ¾LD´œˆìÉ#æÿ£XP ®ìöz¡„Î<E2809E>%T6JvŽÅÃt^<ªƒYÏ7˜<CB9C>àed#Á&Sj;ìS¨Åú,ò¶Ù÷9rÕºðmÃÌŽ
•æ«Ø—±¥ZÙÖB%J³¦Î Šú. Äé\Ë,ÓdÄ…-.MÇZ—Eüe%¦xîšZR4{^¡«zMgµ¡aûâª?#< ¯[QgtEܪn<C2AA>èŠÎ*Ó%Vè¹´$­CIòB1ÜŸFir¯DnÃ)<29>#rÁnpgáÎ-¹©Çê¦jªÌ(÷^ܨÖq:<3A>¾´¯”(þAíX‰ß·ÏØ+ƒÅ¢Z­j“žé#êñ$c9—'…¶ve*» ƒÈtvŒ %"H !?+™½W§U'¬WÚ+«*mfŸe9Jcé]G;~ZH´|{ã¢eÅÑ…së]dü*[·´®%åüø<1F>y‰Ò¢ê€‰êæ0ÚtݤŠ“3ôEèÒÉLŒQrO>ÑÑ°°£V2b%ÖBS²„>¬—a{ ,z·»<C2B7>ÊGv{㥧d ¼ŸìGùÛ^H
ã¾Ý&•ê=7ÎÇ&jDš¨v1U”'%K{ù´{õd¯žÌÑwê9YO¤]Ò ú€> Ì­ ±—ûØâho9)/n»Öv<C396><76>[†6<E280A0>sŸ•¶¢aÊ­Ö»­ÜµV² û© 0&(!‘À) ÅpbÌ­ðS×;E<>àñ·²`tRÓf̸§âV_I±yhÀ–½*øÌ.ãd[ÑE·„œyôñ½¾ŠYáhKÜ¿oKÃFwб¤.¯ªÀá,® •Ï¯ ܲ·¤µ¶Hö»V·n
•‡Ý&s¸¼¾lÕŸºÈì1¹ =yQ¿Ûd-ˆ·N[µVV4¡Ë¢œRQR©=$ÂÌd<C38C>aˆšÚ€n*?8¤;¢ã@GtÙ•‰o"Â^jQž{ §¼·V§ÞJ¥Îá<C38E>qDP¦"5\áOûÊ=½ô܃\ÿRZ{7ÎeèG€ V$+œŠ¸ƒO<>£ *Ö ýÛcž=DDÏÞ­5
<EFBFBD>ò>挙²rÎÃcæìXŠY)ÙQÏ\Iœ`íN&È4dáHoË@2ØżÂ9eîþ`ã:¥´c`&95Þ»iµ«j~596Þ9s £ûHÝÄ[±<>Vøn²tD#{T²ÑBêÌsÍÃfþZ9m$òÇ@¦“vÂýXùg…;«&$UÔS¬ŠÉ:z;€ÞÄ,3Å$ Š`»Œ÷è?²ùÈ=5mÎvý @Õt<1E>û<EFBFBD>@EÊœ$Û¬<C39B>™Å}Ærg[Ç”Ò?NÅÎÅb?N<>V'¶âHlØ­Æ$BaB&¤rÝJ¡c=á´ºj­­ÑÖ¦ÆüUù<55>Ím…WÕnª«ÛTÃ=}~ÍæKã?Û?D
¿„ÝÌCëø¤Eˆ¬NL÷B$Hu×ô Ùã&uVò/Vr­<72> sd˜<64>û<EFBFBD>ø)Œ8þvùÉSÌR~?ÙCIà÷Ø=ƒ^¿Ýë(Ÿä{í(ÀrÀàj5r hvmv„ìäM;±Ãõ:òœŽÕQ'™¥AQgEÝÝ<a«D}Ýé#÷©¤DíPW¨¼]%¼jV<07>§–·›É;fb~H$숃$†Mþ&o£Ý !,yÈ €Üc&}fÒb^jæÀ¬S5O£Ô(6êšø¬u÷ÖKµï˜m«%r<Hy~œÚáþqÆ£&p,EÀVÓðÍ­¾šÚKDóØ£þØ}65œMßcþNÆtÆ;ˆ…ˆÔ@fæ2A«™0«™Ñ„ü°tY¬¿¦;²Á´â•EK®(VCÁ€e]AwuÙRòÖ­ÿtõQ²ôµ…|îÖÿxë­Ü<ýÖÏ}qákã_?zõ?!']l¢#ïO=ä¡œÁ™Å¤¶´ž.ôÜŠ\°]ªf•]ªÅ*ƒb°õ6#(Yï"·BÄÝ΢¬²uÐfÄb6…-“´Ó6嫬¨.Ò`GC2éêrõ¹ö»ré]ž;=DñTz8%+ênW“­ÑÚ¨6*<2A>r“q°Îûl
g±Ôp¼±XfKá­áÜ»Š¢dœHtCÂ(íTè”|ÂG<Ò“|¤”Æk=žÚi1åªòkßÞþØñm?mÙSèX´(Y´¨#ÐûL™;>N¸ñúO¯@ª Hµ.¤š
·Ÿ¿o1ý(Iôò Eµn3=hzÂÄPìôì%=Ê,Ñêˆ]GÈ6xž@iTtA'é4BŤ²U[}£®qâKé¤]™ýØøð¤aíVQ«žÕÃÙÁM—R*Hí<>­×ÕŽO[]tuíu-ÄyÕ<>/\x|ñÀ®<>ÍÀø%nüt&KMÈe+ÑŽÚ^'I.ì´m¯½Q¥½ìܹø« ç^Mõí³t}(Cóì¶] F—.ì×Ôëé¶gqÍiio­÷<C2AD>[Ç Ž<19>m­<6D>¾ñÈßs¼+Ö­(_ÒXÜ7°aõâà´ŠbéÉKœíëøIRS<> Œ
#õWéjE—D—!1/¡rU2dg^œ<>­
Sd:Ýž²Ÿ¨ ÖxʵÅh Ó<> ˤöº5k˜zéAŠ.¶pI­Ñ`mIÁˆNLZI's‡<73>h°ŠI*æìÕŠYDQáaÄáíŽWŽ$”.ºø§wv£—-¶¿•Ùò}%ϸ,çb/Mœv)Œ×ÖÕä&q§<71>¢ºt~ÇŸ £š±<ä¨,ò&+§wVÚM±Ú†`Ù¼Ú@dvW™%à³ëŒÞòŠVM¶.mæu÷ëEÁöÅÈ_ûk:ÊÆŸãDAo-JÇê£V%Ñë*<2A>8Ìb'š6Çyy ç¶0Œ<í elÌw1 <78>í9@÷³;% ¤Ç"˜{H=o]hsŽ¨æœ"0g<30>™»ÃXų4*Z<><EFBFBD>ÊlDuewÆÙ20ÛLE4ÎÈ4ñëlìùiuZfñ'K•ÇµÖòéËg [úf7„RDtþJµ`Fq4©dwqûÀì†õmQ«<51>û¥z®C'®[UÜð{-(õ‰ôïÈ (aaxö ¸U`ô)fŸ<›³˜6£ÙO¯šœíþHCdQ„$g;6æ±Ð3¡¢{ÜÉuJØ9ýcù<16>Ú/=! <>˜3ëæ]yÌÿ5güßg0É3âŸX#ïFÊij+‰ôA²DA¿÷­ØÙìÎÜù…ñ¬-(L^<16>7¬i E©<E28098>ÃQ\¸ÄV¬(œ­™¥@4f*n_7{ö@G‰É¼ÈhZ»º´-î³H õQÏö2GΡ,X<>:<3A>OPõüO²ÏOžqé)C<>cA!`ß®²OVOD$Jº¬*ð°O΃c¿™ÊËëy,r2ü•—¤!#0]™Ñ…NÑìÝêBÔ‡lÁœ Í„<C38D>GŸç^Ê…L 'J”—É[NyHKFg¨+çGTh qv_Kapöòéå­¹Ïâõ'ÚŠW­uÜ£ê9Ñ`<60>­o˜=Ð^ì³Tù=JŒ"ðogÐqy?ǾSÙÁBŸ,•ÄÜ)*·šñª_b{øBnuźƶÍÆÙ|¤Ç
n+ä"˜BMäÀù5éÀˆÙ%6<>ZL+°*¬lOqF†e*¡ȲÞÆvÇè9<gwv-óFô]lIE*ª1u,'_HË1º²2öJ*>qeÂMv:òÚI$#`Œ¬…µQv˜+QÜ´¬|óv2þ€°xù´fͬõÔ¶¬KÉzÒ8#4-ßƾucKþM·
6©{©&-4ØKÚ×mmèöWûèÔ…p;Jœ Za<E28099><61>H¢•˜x‡ÑÚÅ®Ì3Ë8z%J@q„gõ5,Ê “xv!7®¾uÎó«SdbHøIyÕµÄW2ˤ™ÊB<C38A>Õ¯½ZËK&}— Ï<>]¾p¼<70>«ØÂ8ÜB~ËÙ åð«3PœáhQÃ,g™PÙó=:ɧ'ÆÇûI Pþ'ã¡Òí*Ìò<C38C>:¦Ô[)dLFw¥ð€ÄòJ¹"ÑÍ;týDjÇ&¤Ç*ܾ[\ ³m©ÅÁ|T¸]å!Z¢¼tXžH<T®NeôjæÜÙXŽ¿lké¦aϽr~ƒ¿ðÂA¢±s—¹uvþÍBî6µVT.©/Èo\=«±?¼ïÆiËCZ^wÙb©,žßí*Jø
ë­Õ’'аºqÆšÖ"4^µçjUvr¯N\Û]ž,µãfùþ;件ž=j<02>óUbÈyØfU¾C2£Ì(*Ÿð ù~ããù^ôqœ{Nx=óLóܶ:¾è™G¡£êž»ÊÈFjýìŒ'ˆ`uCvr¡Ò=•¨u¥¼³üõ§ÙSæ@¼P ù]zîuü#£­ÿQ«ZJm:½À<C2BD>wÑ•µ&ø&÷TAS5NÒN˜ù!œPut8Ê&k»î6ã®æQƒŽ­NÅÏÅß]<5D>žX"¢%Šrç†Ñ…<•ªôD"¼9iu8//Lol)ý|º•µ¤€<16>Kú½§¨­BÕMÒNWÏüªŸ“ü'<¦!o<‘ÇöÐÝlWos.¡£ÇÍâÌzc¦ ¯$²}ˆÅÄóì¦>±`›Ô#½)j6½rUIjUY¶kÏ ú¼nÖ çúùðù~f8úÈQ/¤“‡ä ûtÈ?ArãH¡ª<C2A1>)u·‰¾ÉÔ|C0¨njXäÉx0;Ý–°»É@ÓKpPýê#<23>¶åjw<6A>ªÓ „qrº©CAc™•áêà„!ÕaW :U¬Â©§H'-jóQ;™oVÛõyªiÈrÂçìPU:«©ªàèPšQž„yúyçmðÛ{‰™tg3VxÎÉ`ëg“×¢idn õʺl8+Í<>3í[u³ëóR)÷ÌéqëWíÌY$àjYÔ‰t4O·ý<C2B7>J\Ô=sv<73>Ã3{Îö ƒ<>à÷HSæ$m$D'UBw<E2809A>z ÌLë«©]Þ¯âO˜ô åjB0­xÎû6µ€vÉUAj°/tÁèßµ§$kÀiäÚæqÛÕsG\«<>Ïð<C38F>Çy ÊI8©E¨èeg¡ÌäÑQì6>ß<•=«3ýØâ²™*ËL³×MÌ7T)¯‘øj´K*]±²Ë›”/¬}¶j]ö½N¡TÐ@²Ucå +êÙ<zê<7A>¨BhÈ·(@”±¡òó´y±hÔGü|îx^ ýÄî2<>3Vh¢2¡¢ÆŒWf¼ø<C2BC>Æ~¶:µ#~nÆÏR±±w/Øe˜t1óÔéÊÉévRd²R‰t…6·Æ[\b ¬68{ALI<±üÊ9²$¥ŒžXØò»u)ò{Éêóê­š9ì­¦ª¦¢©Ìá1zëós/¯#ãz¹ä¢zS V~”…š™fÊ'!;EM"î{É =×7”õæNx^ôÇ<>ë„Û9Ï0Ï¡Ž@æ˜aÎ,ÏéÍ ÖÏP†l—Pšø}W¶^¨4Ù×LV™Ù®Ó9öß9ZQ6ÂgÎ@03§ú¨óQsª˜®üQ°Ó-ûx,<&ÞœQí=`dó€ÍÆÇB.êù¹¨*p<>(]þì„?{ðÂ?¢ïÎX;cÙí£Œ…“c(™tØ<74><C398>icG,2æ#ç+h¤ÛD<C39B>¹gÿ¢Eô&ºúº€?P?g=}®ŸÓ»qc/ÞÀ<©¹œyC­çë½fju™(W87=SE-•š/nª¿<C2AA>!6*Á˜¤Ð¯P˜R®!ω|<7C>ñú»ÜóE6¿Æ ¸ìøY™9¾!]ÍŸ´%Æ>mâ´]ì¬ËºPŽHî<É™•óK+-Y{¸?k§Âë˜ILøUkÝøij·Ïb&ðÜIɆ10.Î%ç²ßxæ h Èœý™9k 3ÿÉE¹ê†\Œo.Æ7×äŒ\8 °%ëŒ3ÖN)Á²*<2A>åKì“%æXE±6ýˆ—ÅxýÝîù¥¥‰ÎļRÚI]™ƒh: cñÊ ‰lY«Fc6Ž˜³"5ƒèóYWÒRY:e?s2×…SYŸ“ðÅ­Ô•$í:aí*êeÚ¤sÞdNgn„îA
iôô° ·Ñ9ÆŠ“Š`˜ÚÇ©8ž=€€¶™8þ<38><£L"ª)ðªœ(ö&¤Tx-gãõz®['ËÜø|ò[“[)FŸäMåd&=£ð“SfYföÈLU†ì¹•<zd4© °EÝt¤<>,?;^ò³?,¡ïì‡DaÉÎN90~†³‡È¨rgžŸ™ýÂÈHµ9Uäô¤)slšlt¦·R Ö[æ<>hIH<>ð<EFBFBD>^²ë¥°> ÷òCÚˆ­à±Ê†JâK+ÔXÐ<>ÀÂŽ¸:²G\íØ<C3AD>Œ”uÛ]#6 3œ¢Â;ûÛ¢¾ýUY¯¤.ÚR¹¤ÏÌÝìGÑÜÆÊ&o¬0ûè{3êjëuÅî ½Î²¨_Ò”dyÑL³¯8¯pf‰óªu­ -šÚÖç{LžüªHk·^”ø.I †5¯Ãj´ø
…íó\B—ÀÎ%ÌKHösÇé¿TžJOƒ‡·…(ç83ÓÍîv³g‡ð®!Ç ·‰Æ÷PÑ7Œ˜U‰îþ©t#KívqÃÐ<C383>Šîu¶”Ëmï½;@Qg?l;¿8<C2BF>±öµºG_}Õä.p—&ŒVK[yMk©â¤…ï%ü&®StøjU“7Õ\OÍIà€®dXpc—šˆmHqœä8ázÑEŒCÒ §½ÃÐa³0A£G˜-8­°ß&ñݹÃnÎ*ô`O®?¹}™:-A~<7E>3æìÅqgjö\%”‡ó‰ÓIry )ÍbŽç9òlvOŠ¼ËÑU«çžQ˜Ìəà ÔÕ¦‹†¥=ZͶ•ï4JØS³ÚÙ3ZÞÎDyžÍÙn¶š%ëÝÞ,‰:³NÊl*Øé2-Ø(µº'èn—ªãtÙ͵Cê;tóøy” “7cRç𞼓ۉ¡Â¸“¢ebHósKü|y·hó´¥Ó6 ˜Â…QM†Mœt×ø﮼˜îš¶mˆââ [¶MÃï·¢2þ¿¿€ÿ~Ò<>Œ?]¨r²ÙŸ™ÊlpSœreŽ{fMß÷“6¸úbz<0E>ÚbׄI=àÎýÄ@Øó)ÐÑO¹JI#Ò5Y@ª H£di{S
¡Âö<EFBFBD>$YÐUÐWÀ³(Åæj/ùBCá{¸ ¦Ù-„*•—èzGØì<É,oÌ3S{Þˆ ÒF<C392>¡zÐ`~n¨8Ö~È¿ù; ϹÈí@n²7<>Æýü=ðNÕJÅX¹ÓmÎF)X¹3ätÁ4î“Sö Õ’Ô+Nª,³…1¢ (ns6êVìI­“èœä#'ù''¹Çù¬“Ûí$N²ØIÚœä÷NòŒ“€ÓçâÁÎCƒo<6F>cΪ<C38E>ˆHÏȉìãDj∴nŒ„ÎE"™%1‰´CHÇD²H¤¿IäÅÒPD‡iÈ(Ú<>FQÈRŒ)]Ö'¸sN“ÃÉlê÷Ÿ²ÚYàºè@ó?ƒÍ,ÛN´ÅÚßÈÍÙ-<2D>a@àX´ [qPÒ9T¬Ü!™3îÖ)#{¾“|q¸<71>!$œC¥ MJG»_ë ²ƒüÞAžr¼âàîv<C3AE><76>²ÌA汸¿rü½ã_üªcˆì¼ÐÀ/â×ð/ò?àÑm9Âÿ†çù¤ú¦Êõ©ï«œš4ìñÔÂyáŽP‡³Ã§¨d@Ý¥r1ž<À“;xr=Ï©<ºlr‡±CD— λl32hlg.3"wd¶æÎï¿¥v°kçÎI³<02>ˆå"&vî0.ËváÞ%ªÀ+¾.<2E>úc,zvøOë¼ÖFgNÒOÒ¹ê òû¼¯·>¯»¢·hÀ˜ÌW´pÀgì4xaM ‡òŒ}E½ígδo$ÒÑÊ­[7D+7_µ±¼|ãU¶n­<:þÉÆœöCíáãÉ6;ÝæS]šUV]b±Ê
dvúÈìô]¸Á7”ÛàS&¶¸Ïïí eöö\žóyólÖµCé<43>çÏó)·§ž<C2A7>ØÅû“M<¶‡Gv(ÊŽiU“öº„H÷ï†åP´Øf+. É}þª¯oÞwúcUë#ÎÚÓ=ž3j-w$?~æ™?ÛŠßÍ¥[È/ð»Cðáðd\$vtEYç&To&Gè¨TˆHªH×- "ÑS B§ÃnsÙT«ËfÕ»ôH¾çÛØî<C398>-‰ylúè6º|g3™£"‰AEqœ†ŠJÛ£b2 WCÐÀI†ðÊ;Êû
¯
üHÈ·˜ÒʈÓi†Jt[É5c£”çÕø°û<¥2ûmÄóc&™gÏoªÙ­8JKjbÒÈô(fÌ•YÅ<59>´©,Ð_ê²ó#69¢ÕÕ{ ÈÁh™;:ÝÓWаǪK<>…6]¿Þ0­n1´ukbó[>7þÁîòÆR;¯8*U'‘º4& õƒeˆžxÐg~l-ØÀF$Å`µ€2¬vô°ˆpîÛt+ñÛt+quJ};•û <=ŸÀöÙOëÈqGë"tòãƒî¶Îßxš\K^v-Ý°=±°¾ìÊÍ©ÐBlˆk!³x x˜ž´Žglá±IžN=™³l/QuÈïçT¾îýy,æ¥ÿÔƒçÕ˜ûçžW±Y±¨ŽÌº£r?÷úm¥÷¥ÓÐB?Œ˜Bû%Ò‘ô«ðû%é" Ïü ó²½Kžþj‰àH+Ðœ\lzmÀÖÅ)u4'æ› ŸÐ|ôÿ½Bó½¹Ñ} œ><>y̬¾Å™|ë3õyòQëvq0k™yð8G¿;˜Ô²ÿêÁ ~ˆœÐe—Ùñîܪãã©ýwÐè9¢Ê!ó¯¹ÑK§Ã°ž×  ¢(J $ƒh½„(
™‚‚ ,Æóo åtz½ G)×Où_ »èÿ·»øKÄ ¥ —ÈõŸ¿x0ÉÓC/N\4EÄÿ$$B²é! ¢$ʘ!Û/šQzÈ,,"¥ÇÔ»wY
þçè!N¹Á Û0Ëâ(( àEeƒQ2Jøf8O$Ž$é%‰çE<C3A7>ŒA‰ÒcüLáš=Ä‹Ò¥)7xaŠY:ßoʽ4qé2MŒFÙ€Nê"É, &”£ÁŒTÊ”(Áƒ<>ç%<25>Ù€—€Ó„ˆ¾ÇÔÙuY
ÒEé†)7xa*¥GnÌæèa˜¸t™&d£ŒÃDÎÑÃh2â<C3A2>~y¶_ÐÃxžSg×Æ)7xašb8OA`ô<10>—.Ó„,<>2è `PLf£©c£œmI€¶¾ÑÈó<06>BËá2Rzý7ÒãRi²4ü÷ÐÃf3^H=êEyâ¢<C3A2><C2A2>Ì&“E6šA0¢½iQLŠÉˆ4±™Lr¦ 
ÓéŒz•C"£-e˜ºø^v„]ŠP“¿>óò”œ|éÀNé#}ÒÅô0#=ä =¬ŠjRͲÑb¶™'è<>CHL&A0
V^8€Lÿwô¸¬DýŸèI7M¹Á ÛpØäóô ê<C2A0>ÒÃ4qé3M˜-fÅ$[p²éaFz˜=²ÍË&²8‰²qêâ;%zÈ¥ÿWéár™.¤‡ óÄE1(ŠE5L`²jVÕb2©—b1g
¢ôXÌXLL¢Ýl±XèìcÔLÆ©ïe%êRô0]”n™rƒ¶á¦ôÈ5%IzX&.!Ó„¢(šÅ¬2zØ5«bSÌ&MEzd73z`vÁ,:i9Ž'“Í$ÿÓÃ|Qú—ù"z/¢‡¦ªVYÁ f§Õ¦ØTFu¨b-Æ=<3D>zFF<46>‰ñ4…ë¿HeÊ ^؆Ïg9ßUhU•‰KÌ4aÕ4¢XA°€Åmw¨Íb±©>MÍ6<C38D>£IUŒª"Ñ­â…êU59,&óåZ¾ìuY<75>s)zX.JW§Üà…mä]²:q‰™&lVÍ®*6Ñ÷Ø<C3B7>šÓª(6Ϫe§*VÅb¢¨HU£Ç#dÕì°X¦N<C2A6>ËŽ°KMÄÊEéÚ”¼° ¿O9ßÔåéa³:4Õ†ÆÒÃᲺ<C2B2>vJ<76>lóŠfÖTYÓ=4¼dÕð”»tYz\j ý÷Ó#0™tzDz˜´‰KÌ4a·Ù<C2B7>vJÕçDzØTÍaóÙrô@íbÕL”*ÒÃjµšþßÐcòèÈ|„uÊ N¾DÕ é<>¾«É:qI™&»Ëª9Á æwyl»fs:v[¶yÔ.6«Éf34£ßj³ÙÐ:±jU<>ºz»¬¾=´ÒmSnðÂ6ÂAí¼ D§G¤‡Ù6qI™&œ»ÛfEzhH·×îuXm.GÐaË6ÏèaÎÒƒ3+fæÓ¬SWoazDÖ éAýVûÄE±ZmN<6D>Ý惬A<C2AC>ÏásÚnWÉ”)hÅ)ÇnÁì«1hw8Õb·ù­ÿô¸¬¾¥;¦Üà…mFlç¢æÒÃ☸ ™&<n—×a÷€Á¶ Ïïò»ì<0E>+ârd·á”ãÀbƒÍv8<76>N¦8l()SWo—Õ8—¢‡í¢t甼°<C2BC>è%è¡\nŸÓî£ ìùyWÀmwzÝ·3Û¼Ýiu:§Óh´Ë!$‡Sѧ=h³O]½]—2Lì¥ÿ×èa„âBûyz˜ÍÌUU\àózü.‡<0F>upäûƒî ÇáÎó¢Ød
:Ü6·<19>9ßåv»«êríö©çËjàK)–É£#C÷”œ|¡´ÈqžôÔüFz¨î‰Ë˜i"Ïç ¸]y`r€3 {Ã^§Ûï-ò¹³Í£vñ¸°˜Ñè” Ü<1E>Gµin'ŽûåZ¾ìuY<75>s)zL†ÌGx¦ÜàäË1×ù9_AæÈfÙê<C399>¸ ð‡½ž ˜\à.äà$
Äü^o¦ ×êóšLns±×çóYV¯»À횺ø^Vã\Šî‹Ò}SnðÂ6â•žóM©*uÝM¶¼‰¦ä„CÁ¿/Ìð–ŠP©æG*C~¦ UlžÍï7½˜?à÷Ûœv¿¯È뙺ø^v„]jâñ^”˜¶Qð<E280BA>§‡ÕJ]U³#0q™3MDÂEA(>È«,* —¢),L䃙y!O(àÍæ<Ke0
9ÜΠ¯$Ï7uñ½ì»”bÉ»à[èšrƒ“/3̬õŸ'=5¯,V3<qQmˆ”„ƒE ú!/-<2D>ók óÙ<E284A2>|_~È™V”€šççç;½®°¿<àŸºø^v„]J±L ½ò§ÜàäK<C3A4>æúüó¤§Ó§êP½Ñ‰v"
P+­Š”ƒ-"³¦U—T—U”×E3#EÁ¢BoQÔj<C394>ØfGŠ¼_4¿:?<uv]V¢.5<EFBFBD>"“™©½xÊ N¾¬tsø‡ÓÍ<C393>g~6½"<22>ý?oM\ÄL~Gÿ_Ùë_þ|<7C>¤â}Þ9ÿ¢$†ý#˜Nö§ßãª!Žw
ïéx×á]Œw#Þ xÏÎÆ%hþÉõb\ÍDø<1E>¸`w5Ì侇ÏYx{ð~ffz Ë°ÏÌêæDXÆo„fî'ø4bþ¾ìóÌo‡0W*7
ÝÜ<EFBFBD>`ä¿ yܵàâ<C3A2>ÀÍ<C380>ðå¾3BŒë„.òCHà3ÁUB€.® ó  ÎAœK?<3F>ùºˆ ù¦Õý]ÍßEËÐüä[PLîy˜6<CB9C>|*o+IƒJ>Žü-= ñÿÿEöÀÐÿxfz^â¿ï¢ü<C2A2>R<EFBFBD>sìDÆÅõ ¿ÿ[:ôÿÛuÇašƒCâa4Û8Tï•°@~z¦c,ð<> ]ÓAÙ0<01>”gÈ$š ó<>OtÙ°nR=ÎöŸdÃç<E280B9>è¨qlȆ æY™ Ó-Ȇy”)ÖMÊ£gº#X|T >J`þ~¸vÁ6Ø
<EFBFBD>î‡<C3AE>XÛ.X ×`Ê.Ä,†õ˜z æï‡<C3AF>øž«ãÂøÉeš±Þí°c7cŽMBÍ[Óð/„©ý˜<C3BD>¶¼Ö±~„²mWÐÿ*†iüzLDÀ†ië»°¾õõ±<C3B5>Õ·ëÒëX¾iXkÕ²õ;7oÛªª˜žhé¿z×­<C2B6>ýýì˜êY{ÍÖ]ׄ¯ßxÍÕý;YŽl8“Ò¼mûÞ<C3BB>7nÚŠWMjîߺmëæuýW‡°tE(´`óºõ[ׄ®Ù:°~ghצõ¹Û¶mÝ•I^·>4­¢
&¶ÞÓ·À¢K‰ÛÂîÉ<C3AE> ÚH.„w¡ÿŸ”.Ä>¼¹ôK˜^;£í4>8[ð !ž|$ú&R [°ÑE$¸ˆÐC|ð©Ç§éUIèÿƒãE ÿï4Þ|ú¥Sioq=iïM«î¶_œúÍ©ô)þ‰'_|KŽÞ9úÐ(ÿÄ7M~òqÉÔ¦~ý¡¯sÉǺë{Œï;A:A}X
>‚÷×væÄàW9>ø•/ Á/I>„Ï üÑ¿HtÁŽ¾¼ÿ¨#xß½7<04>bÞ{¹¹Á{¸xðîÏzƒ_øì ÁÏî‘àç ÞE¼ÁÏOðÎÃíÁ#‡“m‡‡sO&ÉÃÓgµæ¸à·;ƒ‡n¿!x;~òÁ[ꃷ çG†tááªa¾k¸o˜£Ýþþ0kiu+vì‰[^¼å·ð·p$xó~Oð¦Ï|/x`èàgÈkÁý„††ÈVwãÞDð†ëëûö¯çʃ×askönÛËíå¬Á=»<Ák¯¹1¸{p x ¹!¸ ¿­opû §_ä±<C2B1>7nëÙqãöžM«Võl\µ¦gêTÏÀª•=ëV]ѳvÕŠžÞæe=Ë›{zÜÙÙ³øÎù=ÝwÎë麳£gÑ<67> {*;~Ñîàç®jîi[ÕÔÓºª±g[#Yºä4<C3A4>SN¢'§É<C2A7>óOóÿ²xþ¨Ôµj”ŒŒ.¡˜ì^9*ŒŒBÏÊU½' 9¼â;î€&ÿüQÿÞчü+æ<>¶c Iû1þ“NhZ‹Á`,¼èg!»®aˆíÊEdßiVHØkl<6B>¾d<C2BE>îÂä•dßÄh¬Z°*¨Sö¿|ÿ)
endstream
endobj
67 0 obj
<</Type /FontDescriptor
/FontName /Ubuntu
/Flags 4
/Ascent 932
/Descent -189
/StemV 109
/CapHeight 693
/ItalicAngle 0
/FontBBox [-167 -189 3480 962]
/FontFile2 66 0 R>>
endobj
68 0 obj
<</Type /Font
/FontDescriptor 67 0 R
/BaseFont /Ubuntu
/Subtype /CIDFontType2
/CIDToGIDMap /Identity
/CIDSystemInfo <</Registry (Adobe)
/Ordering (Identity)
/Supplement 0>>
/W [0 [500 0 0 231] 11 12 324 15 [246 299 246 384] 19 28 564 29 [246 0 0 0 564 0 0 663 643 620 713 571 537 672 0 269 500 0 519 871 728 778 608 778 629 532 565 688 656 929 631 598 573] 68 [522 589 465 589 559 386 578 571 253 253 522 273 861 574 590 589 589 386 446 402 574 502 777 511 497 471] 168 [269] 188 [522] 200 [253] 206 [590]]
/DW 0>>
endobj
69 0 obj
<</Filter /FlateDecode
/Length 310>> stream
xœ]ÛjÃ0 †ïý¾ì.JœÃJ!к)äb–íR[é c÷"o?G
<>„OúIÈIdsj¬ <ùð£j!ðÞXíao^¿ÀÕXf\V·hnç)ÀÐØ~deÉyò³Sð3ßôx<C3B4>'–¼{ ÞØ+ß|Ë6r{sî°<> VU\C+½vî­€'hÛ6:æM˜·ÑóP|Íx†œÒ4jÔ0¹N<C2B9>ïìX)â©xyŽ§b`õ¿üŽ\—^ýtÕyT ‰j¡,EÊk¤Ã<49>Ž©N$åjÊÉéœcϵú½×c´UÊöèg¤ôDAIƒDüÔ3[}¤,^(Hö| ’½ û3wé: ²le¹½ûÊÕÍû¸m¼b\ó²`cáþ¸Ñ-®åùs:ŸÂ
endstream
endobj
5 0 obj
<</Type /Font
/Subtype /Type0
/BaseFont /Ubuntu
/Encoding /Identity-H
/DescendantFonts [68 0 R]
/ToUnicode 69 0 R>>
endobj
xref
0 70
0000000000 65535 f
0000000015 00000 n
0000021546 00000 n
0000000154 00000 n
0000028713 00000 n
0000048401 00000 n
0000000191 00000 n
0000000267 00000 n
0000000522 00000 n
0000000792 00000 n
0000001057 00000 n
0000001339 00000 n
0000001631 00000 n
0000001914 00000 n
0000002170 00000 n
0000002454 00000 n
0000002737 00000 n
0000003027 00000 n
0000003318 00000 n
0000003574 00000 n
0000003868 00000 n
0000004163 00000 n
0000004487 00000 n
0000004767 00000 n
0000005023 00000 n
0000005300 00000 n
0000005572 00000 n
0000005839 00000 n
0000006130 00000 n
0000006401 00000 n
0000006657 00000 n
0000006927 00000 n
0000007194 00000 n
0000007482 00000 n
0000007761 00000 n
0000008079 00000 n
0000008335 00000 n
0000008666 00000 n
0000008937 00000 n
0000009244 00000 n
0000009558 00000 n
0000009815 00000 n
0000010086 00000 n
0000010360 00000 n
0000010658 00000 n
0000010827 00000 n
0000022061 00000 n
0000016077 00000 n
0000016383 00000 n
0000016639 00000 n
0000016943 00000 n
0000017267 00000 n
0000017585 00000 n
0000017883 00000 n
0000018139 00000 n
0000018419 00000 n
0000018732 00000 n
0000019049 00000 n
0000019348 00000 n
0000022391 00000 n
0000022454 00000 n
0000022555 00000 n
0000022618 00000 n
0000027732 00000 n
0000027969 00000 n
0000028353 00000 n
0000028848 00000 n
0000047304 00000 n
0000047489 00000 n
0000048020 00000 n
trailer
<</Size 70
/Root 61 0 R
/Info 1 0 R>>
startxref
48532
%%EOF

4
Introduccion-hacking-hack4u/tema_6_owasp/README1.md
View File

@ -3,7 +3,7 @@
Índice de subtermas:
- [README1.md](#readme1md)
- [6.1 SQL Injection (SQLi)](#61-sql-injection-sqli)
- [Ejercicios](#ejercicios)
- [6.1.1 Ejercicio](#611-ejercicio)
- [6.2 CrossSite Scripting (XSS)](#62-crosssite-scripting-xss)
- [6.3 XML External Entity Injection (XXE)](#63-xml-external-entity-injection-xxe)
- [6.4 Local File Inclusion (LFI)](#64-local-file-inclusion-lfi)
@ -38,7 +38,7 @@ A continuación, se proporciona el enlace a la utilidad online de ExtendsClas
- ExtendsClass MySQL Online: https://extendsclass.com/mysql-online.html
### Ejercicios
### 6.1.1 Ejercicio
- Levantar apache y mysql
- Crear una base de datos con una tabla

BIN
Introduccion-hacking-hack4u/tema_6_owasp/README1.pdf Normal file
View File

Binary file not shown.

4
Introduccion-hacking-hack4u/tema_6_owasp/README4.md
View File

@ -4,7 +4,7 @@
- [README4.md](#README4.md)
- [6.13 Inyecciones NoSQL](#613-inyecciones-nosql)
- [6.14 Inyecciones LDAP](#614-inyecciones-ldap)
- [Ejercicio](#ejercicio)
- [6.14.1 Ejercicio](#6141-ejercicio)
- [6.15 Ataques de Deserialización](#615-ataques-de-deserialización)
- [6.16 Inyecciones LaTex](#616-inyecciones-latex)
@ -46,7 +46,7 @@ A continuación, se proporciona el enlace directo al proyecto de Github que nos
- LDAP: Qué es y para qué se utiliza este protocolo https://www.profesionalreview.com/2019/01/05/ldap/
### Ejercicio
### 6.14.1 Ejercicio
Instalamos openldap con docker:
```

BIN
Introduccion-hacking-hack4u/tema_6_owasp/README4.pdf Normal file
View File

Binary file not shown.

64
Introduccion-hacking-hack4u/tema_6_owasp/README5.md
View File

@ -3,6 +3,7 @@
Índice de subtermas:
- [README5.md](#README5.md)
- [6.17 Abuso de APIs](#617-abuso-de-apis)
- [6.17.1 Ejercicio](#6171-ejercicio)
- [6.18 Abuso de subidas de archivos](#618-abuso-de-subidas-de-archivos)
- [6.19 Prototype Pollution](#619-prototype-pollution)
- [6.20 Ataques de transferencia de zona (AXFR - Full Zone Transfer)](#620-ataques-de-transferencia-de-zona-axfr---full-zone-transfer)
@ -10,16 +11,6 @@
## 6.17 Abuso de APIs
Si a la hora de desplegar el laboratorio con Docker, os encontráis con problemas y alguno de los contenedores que se despliegan véis que causan error, probad a desplegar como alternativa el laboratorio de desarrollo.
Primeramente instalad la última versión de docker-compose y una vez hecho, ejecutad los siguientes comandos:
```
curl -o docker-compose.yml https://raw.githubusercontent.com/OWASP/crAPI/develop/deploy/docker/docker-compose.yml
VERSION=develop docker-compose pull
VERSION=develop docker-compose -f docker-compose.yml compatibility up -d
```
En caso de que veáis que tras desplegar el laboratorio, siguen habiendo errores en el despliegue de ciertos contenedores, probad a hacer un docker rm $(docker ps -a -q) force y aplicad el último comando de los 3 mencionados anteriormente para volver a desplegar los contenedores. Llegará un momento en el que todos serán desplegados sin ningún problema.
Por otro lado, si de pronto véis que el comando docker rm $(docker ps -a -q) force os da algún problema, esperad unos segundos y volved a probar el comando hasta que veáis que todos los contenedores han sido eliminados.
@ -48,6 +39,59 @@ A continuación, se proporciona el enlace al proyecto de Github que utilizamos p
- crAPI: https://github.com/OWASP/crAPI
## 6.17.1 Ejercicio
__DISCLAIMER:__
Si a la hora de desplegar el laboratorio con Docker, os encontráis con problemas y alguno de los contenedores que se despliegan véis que causan error, probad a desplegar como alternativa el laboratorio de desarrollo. Primero instalad la última versión de docker-compose y una vez hecho, ejecutad los siguientes comandos:
```
curl -o docker-compose.yml https://raw.githubusercontent.com/OWASP/crAPI/develop/deploy/docker/docker-compose.yml
VERSION=develop docker-compose pull
VERSION=develop docker-compose -f docker-compose.yml compatibility up -d
```
Empecemos:
Descargamos el repo y nos vamos a la carpeta con el docker compose. Allí descargamos las imágenes Docker.
```
git clone https://github.com/OWASP/crAPI.git
cd crAPI/deploy/docker
docker-compose pull
```
Ahora desplegamos el laboratorio.
```
docker compose -f docker-compose.yml --compatibility up -d
```
A veces no funciona a la primera. El laboratoria es inestable, por lo que si no funciona a la primera, probad a ejecutar el comando varias veces empezando desde cero, borrando contenedores e imágenes. Merece la pena. La comunidad ha documentado algunos errores en su repositorio: https://github.com/OWASP/crAPI/blob/main/docs/troubleshooting.md
Entonces, vamos a `http://localhost:8080` y vemos que hay una página para iniciar sesión. Vamos a Sing Up y creamos un usuario.
Ahora abrimos el inspector de elementos y vamos a la pestaña de Network. Vamos a la pestaña de XHR y nos logueamos. Tenemos que ver una petición a `http://localhost:8888/identity/api/auth/login`, que si la inspeccionamos veremos:
- **Headers**
- **Payload**
- view source
```
{email: "man@invent.com", password: "Man1234$"}
```
- **Preview**
- **Response**
```
{
"token": "eyJhbGciOiJSUzI1NiJ9.eyJzdWIiOiJtYW5AaW52ZW50LmNvbSIsInJvbGUiOiJ1c2VyIiwiaWF0IjoxNzA4MjAwMjk2LCJleHAiOjE3MDg4MDUwOTZ9.EKGBU4uxfpWxlZiRmtRG6m6JUrZsVsEf7xzSppIE9FlbpxTackor_KYdBLZOJYK5D3KRkbO9KCfa4GbnccjdmsSFipNJDZkATa-hC51wYvesaA15f0yTm26sb6W-W5icuv269kkWVaCw_3SCSOzoU3L50YoY0pZH7wPbf4-k6vU4nYI7gVAWIPZloJfKwpjqjWMFA2oZHBFg6NP5YjKLyhQAYdak0fK89vVFadLdLUy_mmEy3nVgfpV2_2wNPLQc2rDX9XA4WemF5o1rI484JjXaq7Qa6EMBFTc2l0xDZQJT0ok9rPs5jPvyj8Mamt01CX13tV_jd4gybsJhm2O4kA",
"type": "Bearer",
"message": null
}
```
- **Initiator**
- **Timing**
He detallado la request y el response porque es en lo que tendremos que fijarnos. Vemos que el token es un [JWT](https://es.wikipedia.org/wiki/JSON_Web_Token).
![jwt](https://miro.medium.com/v2/resize:fit:1400/1*aAH0mMomx1dLidhoNCVmNw.png)
## 6.18 Abuso de subidas de archivos

BIN
Introduccion-hacking-hack4u/tema_6_owasp/README5.pdf Normal file
View File

Binary file not shown.