Hacking Ético, Unidad 2 - Tarea 1: Capturando tráfico con Wireshark

En la primera tarea de la unidad 2, se trata de capturar y analizar tráfico mediante WireShark.

Primera parte: Analizando un protocolo inseguro - telnet (23)

Para la tarea se utilizará un ejemplo del repositorio de Wireshark telnet-raw.pcap.

Una vez cargado, para mejorar la visualización filtraremos por telnet

Trafico filtrado por telnet.

Para analizar los datos, se puede ir bajando fila a fila y observar el contenido de Data: login o bien utilizar la opción TCP Stream en el menú Analyze.

Contenido Data

28 1.308007 192.168.0.1 192.168.0.2 TELNET 73 Telnet Data ...
Data: login: 
36 8.711767 192.168.0.2 192.168.0.1 TELNET 67 Telnet Data ...
Data: f
38 8.714880 192.168.0.1 192.168.0.2 TELNET 67 Telnet Data ...
Data: f
40 8.934088 192.168.0.2 192.168.0.1 TELNET 67 Telnet Data ...
Data: a

........... ..!.."..'.....#..%..%........... ..!..".."........P. ....".....b........b.....B.
........................"......'.....#..&..&..$..&..&..$.. .....#.....'........... .9600,9600....#.bam.zing.org:0.0....'..DISPLAY.bam.zing.org:0.0......xterm-color.............!.............."............
OpenBSD/i386 (oof) (ttyp1)

login: .."........"ffaakkee
.
Password:user
.
Last login: Thu Dec  2 21:32:59 on ttyp1 from bam.zing.org
Warning: no Kerberos tickets issued.
OpenBSD 2.6-beta (OOF) #4: Tue Oct 12 20:42:32 CDT 1999

Welcome to OpenBSD: The proactively secure Unix-like operating system.

Please use the sendbug(1) utility to report bugs in the system.
Before reporting a bug, please try to reproduce it with the latest
version of the code.  With bug reports, please try to ensure that
enough information to reproduce the problem is enclosed, and if a
known fix for it exists, include that as well.

$ llss
.
$ llss  --aa
.
.         ..        .cshrc    .login    .mailrc   .profile  .rhosts
$ //ssbbiinn//ppiinngg  wwwwww..yyaahhoooo..ccoomm
.
PING www.yahoo.com (204.71.200.74): 56 data bytes
64 bytes from 204.71.200.74: icmp_seq=0 ttl=239 time=73.569 ms
64 bytes from 204.71.200.74: icmp_seq=1 ttl=239 time=71.099 ms
64 bytes from 204.71.200.74: icmp_seq=2 ttl=239 time=68.728 ms
64 bytes from 204.71.200.74: icmp_seq=3 ttl=239 time=73.122 ms
64 bytes from 204.71.200.74: icmp_seq=4 ttl=239 time=71.276 ms
64 bytes from 204.71.200.74: icmp_seq=5 ttl=239 time=75.831 ms
64 bytes from 204.71.200.74: icmp_seq=6 ttl=239 time=70.101 ms
64 bytes from 204.71.200.74: icmp_seq=7 ttl=239 time=74.528 ms
64 bytes from 204.71.200.74: icmp_seq=9 ttl=239 time=74.514 ms
64 bytes from 204.71.200.74: icmp_seq=10 ttl=239 time=75.188 ms
64 bytes from 204.71.200.74: icmp_seq=11 ttl=239 time=72.925 ms
...^C
.--- www.yahoo.com ping statistics ---
13 packets transmitted, 11 packets received, 15% packet loss
round-trip min/avg/max = 68.728/72.807/75.831 ms
$ eexxiitt
.

Del análisis efectuado, se puede observar diferentes problemas de seguridad. Nombre de usuario, contraseña, sistema operativo y algunos comandos.

¿Qué usuario y contraseña se ha utilizado para acceder al servidor de Telnet?

login: .."........"ffaakkee
Password:user

¿Qué sistema operativo corre en la máquina?

OpenBSD 2.6-beta (OOF)

¿Qué comandos se ejecutan en esta sesión?

$ llss
.
$ llss  --aa
.
.         ..        .cshrc    .login    .mailrc   .profile  .rhosts
$ //ssbbiinn//ppiinngg  wwwwww..yyaahhoooo..ccoomm 

Segunda parte: analizando SSL

Para la segunda parte analizaremos el tráfico de una conexión ssl.

Tráfico conexión ssl

¿Puedes identificar en qué paquete de la trama el servidor envía el certificado?
Sí.

2 0.200000 65.54.179.198 10.1.1.2 SSLv3 1179 Server Hello, Certificate, Server Hello Done
signedCertificate
version: v3 (2)
serialNumber : 0x7c1e94347b1c04295b009392f5dc1f86

¿El certificado va en claro o está cifrado?
El paquete está cifrado.

¿Puedes ver, por ejemplo, qué autoridad ha emitido el certificado?

La autoridad que ha emitido el certificado es verisign

Certificate (id-at-commonName=login.passport.com,id-at-organizationalUnitName=Terms of use at www.verisign.com/r,id-at-organizationalUnitName=MSN Passport,id-at-organizationName=Microsoft,id-at-localityName=Redmond,id-at-stateOrProvinceNam

¿Qué asegura el certificado, la identidad del servidor o del cliente?

La identidad del servidor.

Análisis tráfico ssl mediante TCP Stream

.y....`...............
.................f........e..d..c..b..a..`..............@.............................|.K.'.:....)......T...F..A.....`...`]..3......v.N.%...... .......b.[..k`...0.Vx..........?.............0...0..e.......|..4{..)[.......0
..*.H..
.....0_1.0...U....US1 0...U.
..RSA Data Security, Inc.1.0,..U...%Secure Server Certification Authority0..
040901000000Z.
050901235959Z0..1.0...U....US1.0...U...
Washington1.0...U....Redmond1.0...U.
..Microsoft1.0...U....MSN Passport1301..U...*Terms of use at www.verisign.com/rpa (c)001.0...U....login.passport.com0..0
..*.H..
.........0......... .i.6.F.../...p.A.Q.6B..E+)d.!.<.....,3]..fMo.z...b
...+7..\...x'.....A.......0..z.n.T..N....8...2B.1..\..].m.E.4. .B.]....R.........d0..`0...U....0.0...U........0<..U...50301./.-.+http://crl.verisign.com/RSASecureServer.crl0D..U. .=0;09..`.H...E....0*0(..+.........https://www.verisign.com/rpa0...U.%..0...+.........+.......04..+........(0&0$..+.....0...http://ocsp.verisign.com0m..+........a0_.].[0Y0W0U..image/gif0!0.0...+..............k...j.H.,{..0%.#http://logo.verisign.com/vslogo.gif0
..*.H..
......~.]........J0..O?E-,..S..J.......r:.....H..9..S......T2.\.I...u...8.U...3...G..FG....I.0wt....
..a0p(n.p.....}2..2.o.0....3.P.b..............rv...).......F. |JI.KIX5..k..@.}. ..aq...O......KJ...i.........-,...y......y...Fg\.....#...w..1..G Ye...oZcI.<.7.`vN..h.s.-.-............8.B.fH$.......R...@n..t90.Q.'*. ..ex
..K... .W8.S...1.;.F..........8.J...W ....Qm\./.O...6...mS...,I....OAR7...6....
....].H......
.|...
..^H.[.....z..."..........U;._......Dg..=......16\Tv,.....X...[ 0......IBU^.K..F$..h..j./.-.....}x"gt............;2.B.I....9K..o...9v.-.....ef.......L..b%..z..h.@...FH&.t)5..k......"...;...:..q&.7zt.P..m....O......bt`Q33=M..nz..._D.1g.h.T.?.$..>.c....^<..y.|.....
.....Y.r....op.....s?Z..n.l../5..C....M..4.....P."..&.>......79....GD.
..cQ_X.....!.+.-zu....If...MBvH...G.!.........z....kD..M.&.Q;"JG\...`ij...C.........u..o...o.\;b.R....+L....vv.........vV.......x...uIn.'..
.|a..w.....C.3J.N..+................J..l\1.;.W.
$a"..u.@....LFT.. ....wwH.r..e.....5.. ....>MY.E..AH0/.j.P.|.?T..gM."M.p.u....(....)''E.o. .....Y.A..g.j..=....O..@h. ..zy....&.....ia....n.....\...'..d..j8R;.....H.....XTl..X.L..2.H.<.j0.PG]..tL......q.....0.G...H...,........}...u.TuA{...E.........O............)...W .......C...f$.:...HG:........EU...C.......'l.~.*-.c.8....P...H`......R...H...{z-O.YK......!~...v;l.........$z.#e.v'6...d...n..u...J..S..I....'..;l..eV...b..+0.....7..`...#.8N$..../4.q%..F..G0.T.09zl...7^o..}7....-R#....UO..|..........P.....f,....~4.;.+..9.H..''.p..":t.fTp...x&h7Y....@H....XF4.k{.........E..RqjY:..O....S..=..W..O2)..}z..F..d..z..L....z.......Z.........v(:).kl7t.....N.P.=[.......G...I.....3p~.....+...\.d.G.sFh|.9D+C..J.a@..:.....#..Y..............am..!Y.In.-.+..}..
. .p..L.c......}1.....a.We....u.T.if...i...,.U...A56...D1...jB.......l"mxw.....wY...t..t.L,.-~.=...i..
..].e...a.}...T...........r....L......D5.hx..(J....4h..:`......H...m.....6...`.\;.......PVF...e...Xe%...`.....P.4..o.p...E.=|..p....4./6.d.u...x....b0.j.*2.B,

Tercera parte: analizando SSH (22)

En la tercera parte analizaremos el protocol ssh, una manera más segura de conectarse de forma remota a servidores. Todo el tráfico va cifrado por lo que serás más difícil obtener información.

Tráfico conexión ssh.

¿Puedes ver a partir de qué paquete comienza el tráfico cifrado?

A partir de aquí comienza a establecer una conexión.

3 0.034430 192.168.0.14 193.146.78.18 TCP 66 58693 > ssh [ACK] Seq=1 Ack=1 Win=29312 Len=0 TSval=3324283 TSecr=160228394
4 0.034906 192.168.0.14 193.146.78.18 SSHv2 98 Encrypted request packet len=32

pero el intercambios de claves, no se produce hasta:

18 0.257815 192.168.0.14 193.146.78.18 SSHv2 82 Client: New Keys
19 0.330164 193.146.78.18 192.168.0.14 TCP 66 ssh > 58693 [ACK] Seq=2210 Ack=2441 Win=14272 Len=0 TSval=160228469 TSecr=3324339
20 0.330229 192.168.0.14 193.146.78.18 SSHv2 106 Encrypted request packet len=40
21 0.364593 193.146.78.18 192.168.0.14 TCP 66 ssh > 58693 [ACK] Seq=2210 Ack=2481 Win=14272 Len=0 TSval=160228477 TSecr=3324357
22 0.367151 193.146.78.18 192.168.0.14 SSHv2 106 Encrypted response packet len=40

¿Qué protocolos viajan cifrados, todos (IP, TCP...) o alguno en particular?

4 0.034906 192.168.0.14 193.146.78.18 SSHv2 98 Encrypted request packet len=32

¿Es posible ver alguna información de usuario como contraseñas de acceso?
No es posible obtener información del usuario o contraseñas por que el acceso va cifrado. Sí que se puede ver la versión de ssh de cliente y de servidor.

SSH-2.0-OpenSSH_6.7p1 Debian-5
SSH-2.0-OpenSSH_5.5p1 Debian-6+squeeze6
..........m"..N...8rr.....curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group-exchange-sha256,diffie-hellman-group14-sha1,diffie-hellman-group-exchange-sha1,diffie-hellman-group1-sha1...gssh-rsa-cert-v01@openssh.com,ssh-rsa-cert-v00@openssh.com,ssh-rsa,ecdsa-sha2-nistp256-cert-v01@openssh.com,ecdsa-sha2-nistp384-cert-v01@openssh.com,ecdsa-sha2-nistp521-cert-v01@openssh.com,ssh-ed25519-cert-v01@openssh.com,ssh-dss-cert-v01@openssh.com,ssh-dss-cert-v00@openssh.com,ecdsa-sha2-nistp256,ecdsa-sha2-nistp384,ecdsa-sha2-nistp521,ssh-ed25519,ssh-dss....aes128-ctr,aes192-ctr,aes256-ctr,aes128-gcm@openssh.com,aes256-gcm@openssh.com,chacha20-poly1305@openssh.com,arcfour256,arcfour128,aes128-cbc,3des-cbc,blowfish-cbc,cast128-cbc,aes192-cbc,aes256-cbc,arcfour,rijndael-cbc@lysator.liu.se....aes128-ctr,aes192-ctr,aes256-ctr,aes128-gcm@openssh.com,aes256-gcm@openssh.com,chacha20-poly1305@openssh.com,arcfour256,arcfour128,aes128-cbc,3des-cbc,blowfish-cbc,cast128-cbc,aes192-cbc,aes256-cbc,arcfour,rijndael-cbc@lysator.liu.se....umac-64-etm@openssh.com,umac-128-etm@openssh.com,hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha1-etm@openssh.com,umac-64@openssh.com,umac-128@openssh.com,hmac-sha2-256,hmac-sha2-512,hmac-sha1,hmac-md5-etm@openssh.com,hmac-ripemd160-etm@openssh.com,hmac-sha1-96-etm@openssh.com,hmac-md5-96-etm@openssh.com,hmac-md5,hmac-ripemd160,hmac-ripemd160@openssh.com,hmac-sha1-96,hmac-md5-96....umac-64-etm@openssh.com,umac-128-etm@openssh.com,hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha1-etm@openssh.com,umac-64@openssh.com,umac-128@openssh.com,hmac-sha2-256,hmac-sha2-512,hmac-sha1,hmac-md5-etm@openssh.com,hmac-ripemd160-etm@openssh.com,hmac-sha1-96-etm@openssh.com,hmac-md5-96-etm@openssh.com,hmac-md5,hmac-ripemd160,hmac-ripemd160@openssh.com,hmac-sha1-96,hmac-md5-96....none,zlib@openssh.com,zlib....none,zlib@openssh.com,zlib.........................
.L...u......Wb@.....~diffie-hellman-group-exchange-sha256,diffie-hellman-group-exchange-sha1,diffie-hellman-group14-sha1,diffie-hellman-group1-sha1....ssh-rsa,ssh-dss....aes128-ctr,aes192-ctr,aes256-ctr,arcfour256,arcfour128,aes128-cbc,3des-cbc,blowfish-cbc,cast128-cbc,aes192-cbc,aes256-cbc,arcfour,rijndael-cbc@lysator.liu.se....aes128-ctr,aes192-ctr,aes256-ctr,arcfour256,arcfour128,aes128-cbc,3des-cbc,blowfish-cbc,cast128-cbc,aes192-cbc,aes256-cbc,arcfour,rijndael-cbc@lysator.liu.se...ihmac-md5,hmac-sha1,umac-64@openssh.com,hmac-ripemd160,hmac-ripemd160@openssh.com,hmac-sha1-96,hmac-md5-96...ihmac-md5,hmac-sha1,umac-64@openssh.com,hmac-ripemd160,hmac-ripemd160@openssh.com,hmac-sha1-96,hmac-md5-96....none,zlib@openssh.com....none,zlib@openssh.com............................".......... ...................#
#ur...#Xq^.....-kM...dP&;..e...9...g..H...'<~.._......|.........3...q.
...AJ..0...a....... \q*..H.....0....u.?.
1<2 ......av....="" ...m.x.="" ...xc....="" .q..="" 0...w..="" b..v..y.w....p="....a[r*" d..=".g.$.g...\....z.....AG.)...`Bp........#.9ZeD,..;.0%...." gr="" i.u..="" k..x..="" n-.="" s4="" t="" v....3u....="" v....t..3k..m..="" yr....q...5.="">.....$.]..........e.................... .......(J.a0q".........l...h.f.....<~b....H..^..&..6...}...r...48..Z.{............8...M..'3.?.....!..C..%)j.9....|q...........:..........@..?...z..nN..c....b....YF.....,...U.f.|n..+.y.=.^....l...gV....@....xsk..@.g#..t.I+VI...c../.?....w.!..=7.....M.x-.......j.c... H...j.w(..7.u..!>...r..(|}..=...i.m_S.uT.q..../.Ep....J'......z........[....`....E...k...$...S]....._../2v.'*.b...k.E.....`..........!........ssh-rsa.............*.Q.k...;d..~X..3X....B....#..\...m.5,.nI......E..Q.pK.4..........).
X.7..#....4a...........+7..........J5,.Q.|q.' ......Z.=..;-.f...=.a.,.^.D.......k...Bb.N.S.....^.L.....t.fWk..E..g\...<..M.K.E]..!.....:.l...qT......l...Gr..."..5jl...F..y..ml0.....MX#"?....q...H.$..kNv.......Gc...`..WM('..j.G.."eJ.G`.n7.......s...z%v.......rw...h..(.I...zq_..._..~.Cp..MqBv.
..hk.k>..1.U4v.`.6..T...=...........G..4.h{uO.....,.EI.Q....\.a].
w...g..V=..cPw..`.......K.n.....G.........(.=.Y...x._MA&a.9!.......J..LH9D^.<.Q.../..]BQa.k.+....>......1.Q..A..i._.~...vJ..K ...._...d
g..0.....'.$..B......`e.d...^....zf...ix~#.........?x].....N1..'N...w.e./:...h ........ssh-rsa....X..1Xs.ho.....t.O]...D..............h.BW(..s;..k.?..8.`.V^...<}..:.q...)......_w...\......3\5..'.q..(.W.?L"v,...A.9X....).n..IR...........5..p?..m..+G
.Sr..c..I.e..+`
.\.n\.............V.t}.......32.r.......t...b'..1.l-k..._.s.....H.|
....W..^X......W....F............
...............
............C.O..r#.P.\... .@M....]V&.u..h..~J......>E.5..2;...y".t.3H3u%.m.-"C........%..C.......;.=zP.....n.e.V..9w.v4...c.........3.*.....$c]t.].o..;.K..<..3.N.-A.6..XQK......5.:..........O...,g.....
,.......N...`..P...X.M.Fj.1bf...g..T.iM...#./....{}..[..5@?......'..11.....!.....9[...E8..gE..6.f......|.&..L.C. y..iM..Z.....%....4&!X...<..i....Kr.@..):....p..e..n.+Sp...E....i...m.f.P.g.9..aZ...Z.7....$..1.A.
.Kb&'.R....).......U..#....MSp..!.mm........m^_;.u.....nq.sT..S.SK..8...{.41.]iQ..g.C...+...2...M.....f.Jzw`I.
..........@o-s..HL.]6..V...R....H/.D_..$.).0Zc..r..p..J...,=....'e....~.)Vm...xG.f....&..P....s......%...w].C.0......
..}/I^..$.C]..#..QF.............. .....,R.....f.Oa
.....i.....?w..y.......m.......h.....!.
`..`ZXj*....aW1... Y.Rd..N..jJ..{.....B......]HO..7./...*.|.4{c..........u..v.R].2@l.KA.}......*...[......O......M.U..$.a
x..".`.....O... WA.&.........k.K.....EVz..(h.!...~...........P....-.5.W.c
.^....
.
~.
.........%........FTD0.....)..t>...]..jj....!..m.O.b...}...Q.=........Z.@ @M.0..
e...q.,;s.t........o......e"./.gh.x.@.Y..k.k9..tKn3.....%.D.....7.....:...H.tz'.nV.. t..F..........D..a.........G...e.J7.~..J.p.*..6.....K..l.....R....."[J@.O..+.../....X.;....A..|..B......,.....c....P..\Q.$#X.....~....d.K....y.s.D..G.....2$.....ZKdL..Jc...
...5e...?63.l........E+X..HK..R..-w...A5N....E4..

;Zs...K>Q.N./.=...:/..`....l4...={4..,s.JQ...O...^.kq.....@O.[!...r....S[... l.R...S\...........8...Y....l.K.....7~f ....T.g.....zqhQ^.....5.N..=.@,*.c:.a.7f7.z.we`...K....o[l.'SY.K[.Y~..R...fI.>.........Gw.g.F..t.@....MP.W......HmLI..l?.{1..t?i.............K v2.(
.@.....=K#.X......
.H.......}.....2.\..u3
rv.../...j7+.sX[...%.......
.(.z@@.....3..T?.$.w7....c.|.KP..4..-..%....9*N9....W#........$^T,(.....$...u=.?...[..6.jST.9k.Om..n0....g....w.s5uX....pP..<2 _l="y.T.T....#..M.J$?...k....Q......))_.Dd...m.K" i..f.ug8="">.?........Y...v.3.TN.......1v.m....,Vcn..
...9...$u...*W1.?9./.OXa..X..$....RT.Q%.y....f.
......Z...?.e..-&....<.[..=E..U..........rVv5[<.qI^.;.?.7...../.....e..*.....K..W..dV%....>..H.:._.|..(....[g@...!<......a....g..`..=..Q.....<...[O..0..F*...[.v...{.j4...6F..c..N.c.'9f>.U>.....|....{.$......!..1........&...?Z..((.47o.z9..E.D..+.....%..."......1~.z2)
:..bf........
;..5.../.t/.0z.f&.B^.P......'........K...CHQ.......?=yY;.........}..K._.b7.K..wHV9.......%.gk...*....F.....'j.(."2...-
.q..~.+.7~$jvW.QT..=.._...f...zO..~y.n..}B\AtIF...."...Ma.P..V.+0..:J......#'C..G7.R?t...Z...G'...OP..~#N]K..b.v4..~..
e.D.6..`j..Qo ....O?.^..aG\.........mW.....u....z4..{.}....Z.....z..&..n5....FC_....F..1j..6=$...&{.....tB.wa.
.|2LVdcw..`.[..k.d.....^.....^.D...#d..+.%.9...+.?.....*.......D...h...d.d.l.[.9b..../..(zx....X'..3...G....I.6...R
d.!.$.7.u.O:......$...1.....-/Y.T...".}}}...6"..l.....4.O.m9`Yy.j........$OC".+$....+..J.($..R.d-.."4Q .....f.+;..^..M."D.A.yk.@.Z.)....L`.g.......7.6.2. .3.4q.d.wM..]f2L.8I......{m+.o....
.:..(......................2..n.8^...&J$\.m3.......U...1bu.,..m~...xiF.W.h...f.....G.....@.F2.9g}\..k........R.hM}.].y.`.C9.(#....V...UG.....wn....-..O$..."0Op8.m'0g/q.i!.%2A\xek.|t2..T.\W.}..o.7.........D..,(.w5...P#....>o.........../.....}.i...j.....e.T.@....o..O..=..O...>A....l.?..K.%.:../.<|~.....D.,Q...$..k....|"...3.v$5.......+(\....Sy5....yK@....V..T..5..?8
.F...GP.w.MT.@......27:.`..&p......9V`...3A..q... ..dP..;wD\0
.e.....J~_...FY.A............o..*$.L).........Kis........8...K..d....k@.....3
..R...C.H\/.a)..m....R...$..\...8.. .z....+3t.u)l.M..m....D.u.Y+......w..Q...M..0.A%
....D......l'i?\-.&.vl...l....0rw~.-Ls........4..D...k?<..8.$}...@>..m%...'..6..Bn.g...*.i$.......fP...w._^.P(.=.......i'.w....k"%...wEu:.4.*.o.2........,aBV... .M.X.n-.8.'b...G..eL.....Y..+.$+..=...=i..J...m,.?m..X?..c.<..9=....h.]P;z^ym...|......5.6.K.A.E....n..l.".....U.,.A.s..(d../v.H2w@x.K.....O.....f.Z.u........^........#D.;.r....t8.A..."S....@k..z...JK"@..aP...;...,w.(m.;.K32..1...W.M......}O....Y.nN.q.}..i3.......97.tq@....3./...Dy..G.BpIn.U.#....c..s..Ozq....f/.......M.U.nG..Y.............b....^...SH1...n....yYL.6......1.P.b.$......x*.......&Y...p..$..=.r..k..`..C.
..h..p5....}0............... 4........=&Q_xZ........J...>k......qf.....S.....+.G..J;.i...js.2.xUf...W.Hx(..g.,..v....t L.....8ej...x..|k:k..;/.=[....\.O..3..;.r.....p.Q.....~..9..e...6C.xg!Vs.K.m....K.6=.D..........B..g.t....me.....[v,nX..-....k.Lb.9...?.p..D......C.lW"..=.%...?......s}.....O.&Re...<.N..c..r...4..........|...3.....>*..o.{./8t}F..&...~.S.......hN.B...*2.>Qw...e..&
.g..@.....rn.1Kpc....j.s../v. ......h.Q....XHh..........."~.B...Z.....kEq.5..ygW...p.....X...S=^.AU....M..|......qu........r+...Q.V[.B.Mi...m.kf-...r=....hV..>.M3.l.t....6.m`J,,.;....U...hJ....q.8.-+.i
!.T..s....,qF.t.s@L{^..~....D.pq.+r...).g....
8...Y...@W.+S....w.8....u........./