审计日志,更新53热点Poc

SleepingBag945 · Jan 2, 2024 · 1339bab · 1339bab
1 parent b5273db
commit 1339bab
Show file tree

Hide file tree

Showing 108 changed files with 22,248 additions and 19,703 deletions.
diff --git a/README.md b/README.md
@@ -10,10 +10,12 @@
 * 便于拓展的主动/被动指纹识别
 * Nuclei v3支持
 * 便于拓展的指纹漏洞映射数据库，尽量避免发送无效发包
+* 高效的子域名枚举/爆破，精准的泛解析过滤
 * Hunter、Fofa、Quake支持
 * Hunter 低感知模式
 * 低依赖，多系统开箱即用
 * 高效的HTML报表
+* 审计日志
 
 
 
@@ -56,6 +58,8 @@ Release中下载config.zip与您操作系统对应的二进制文件。将config
 
 日志保存在  `log.txt`
 
+**-a** 参数开启审计日志功能，记录详细扫描行为。
+
 **扫描可以随时终止**，当有指纹识别、漏扫结果输出时，会实时保存在文件内。 
 
 
@@ -68,6 +72,10 @@ Release中下载config.zip与您操作系统对应的二进制文件。将config
 
 
 
+# 更新历史
+
+[更新历史](Update.md)
+
 
 
 # 免责声明
@@ -82,12 +90,6 @@ Release中下载config.zip与您操作系统对应的二进制文件。将config
 
 
 
-# 更新历史
-
-[更新历史](Update.md)
-
-
-
 # 参考链接
 
 https://github.com/shadow1ng/fscan

diff --git a/Update.md b/Update.md
@@ -1,5 +1,83 @@
 # 更新日志
 
+## 2023.1.2
+
+更新到1.6版本
+
+1. 优化Tomcat爆破的探测逻辑。优化碰撞路径(XXL-JOB/phpMyAdmin)
+
+2. 更新了 **-ni** 参数，用于禁用反连平台。不出网的内网就没必要用反连平台了，容易拖慢扫描速度，且在敏感环境建议开启避免外连至国外地址造成不必要的麻烦。（敏感肌也能用！）
+3. 新增审计日志输出。默认关闭，使用 **-a** 参数(audit)开启。时间、请求地址、响应包、请求包等写至audit.log (可以通过 **-alf** 参数自定义名称)，~~便于甩锅~~ 。避免日志过大，**Golang Poc中爆破不会显示详细数据包，只显示时间、目标、账号与密码。**在敏感环境建议开启，尽管会占用一些磁盘，但能让自己安全一点总归是好事。
+4. 审计功能可以当做debug使用。会在日志中写入详细的运行过程/数据包。便于调试poc/workflow。
+5. 启动时可通过 **-pt** 参数开启代理验证，验证失败程序退出。**-ptu** 参数指定访问的代理测试url，默认为https://www.baidu.com。（https://github.com/SleepingBag945/dddd/issues/24）
+6. 修复了fofa请求的base64编码问题。 （https://github.com/SleepingBag945/dddd/issues/23）
+
+7. 更新53个热点Poc。
+
+
+
+由于基本是我自己个人在维护这个项目，实在没有那么多精力同时维护代码和持续跟踪热点漏洞、找漏洞、复现、写poc。
+
+这些热点poc可能不是特别全，见谅兄弟们。
+
+```
+apache-ofbiz-programexport-rce (Apache-OFBiz ProgramExport 远程命令执行)
+亿赛通 /CDGServer3/DBAjax JDBC反序列化
+金和OA C6 GetHomeInfo SQL注入
+IP网络对讲广播系统 /php/ping.php 远程命令执行
+yonyou-u8-crm-solr-log-infoleak
+hikvision-isecure-center-files-fileread
+tosei-washing-machine-network-test-rce 日本tosei自助洗衣机rce
+kingdee-eas-uploadlogo-fileupload (金蝶EAS uploadlogo 任意文件上传)
+jeespringcloud-uploadfile-fileupload (JeeSpringCloud uploadFile.jsp 文件上传漏洞)
+erpnext-default-login (ERPNEXT 默认密码)
+esafenet-getvalidateloginuserservice-xstream-deserialzation-rce
+esafenet-checkclientservelt-xstream-deserialzation-rce
+jeecg-druid-unauth
+edusoho-education-open-fileread
+advantech-webaccess-default-login
+jinher-oa-sap-b1config-unauth
+bifrost-user-update-authbypass (bifrost 用户添加)
+Kuaipu-M6 整合管理平台系统SQL注入漏洞
+philip-m6-salaryaccounting-sqli (快普整合管理平台系统 SalaryAccounting.asmx SQL注入)
+freerdp-webconnect-fileread (FreeRDP WebConnect Url 任意文件读取)
+yonyou-turbo-crm-help2-fileread （用友 TurboCRM /pub/help2.php 接口任意文件读取）
+yonyou-turbo-crm-help-fileread（用友 TurboCRM /pub/help.php 接口任意文件读取）
+yonyou-turbo-crm-downloadfile-fileread （用友 TurboCRM /pub/downloadfile.php 接口任意文件读取）
+tongda-oa-action-crawler-fileupload (通达OA action_crawler.php 任意文件上传)
+realor-rapagent-sqli （瑞友天翼虚拟化 rapagent SQL注入）
+cdg-decryptapplicationservice2-arbitrary-file-upload （亿赛通 decryptapplicationservice2 任意文件上传）
+esafenet-cdg-user-fastjson-rce （亿赛通 user fastjson RCE）
+esafenet-emailauditservice-xstream-deserialzation-rce (亿赛通 emailauditservice xstream 反序列化)
+dahua-dss-s2-045-rce (大华DSS s2-045远程命令执行漏洞)
+kingdee-eas-extweb-fileread (金蝶EAS extweb 任意文件读取)
+idocview-url-fileread (I Doc View /view/url 接口任意文件读取)
+idocview-cmd-rce (I Doc View CMD 远程命令执行)
+宏景hcm loadhistroyorgtree SQL注入
+logbase-test-qrcide-b-rce (LogBase堡垒机 RCE)
+weaver-ebridge-addtaste-sqli 泛微云桥SQL注入
+dahua-smart-park-download-fileread (大华智慧园区综合管理平台 download 任意文件读取)
+hikvision-ivms8700-getpic-fileupload (海康威视 ivms8700 getPic 任意文件上传)
+CNVD-2023-59457 (亿赛通电子文档安全管理系统 LinkFilterService 远程代码执行漏洞)
+CVD-2023-1718 (Panabit Panalog sprog_deletevent.php SQL 注入漏洞)
+tongweb-selectapp-fileupload (东方通 TongWeb selectApp.jsp 任意文件上传)
+iclock-weaklogin (时间精细化管理平台弱口令)
+yonyou-u8-cloud-appletinvoke-cacheinvokeservlet-rce (用友U8 Cloud com.ufsoft.iufo.web.appletinvoke.CacheInvokeServlet 反序列化)
+CVE-2023-49070 (Apache OFBiz < 18.12.10 - Arbitrary Code Execution 带DNSLog利用链确认)
+webui-js-oem-sslvpn-client-fileupload （某OEM厂商的rce2文件上传)
+CVD-2023-2868 (广联达 linkworks GB/LK/ArchiveManagement/Js/GWGDWebService.asmx 文件上传漏洞)
+jinher-oa-saveasotherformatservlet-fileupload (金和OA saveAsOtherFormatServlet 任意文件上传)
+webui-js-oem-file-read (OEM厂商的洞任意文件读取)
+seeyon-wpsassistservlet-filetype-fileread (致远OA wpsAssistServlet fileType参数任意文件读取)
+yonyou-nc-icustomerexporttocrmservice-sqli (用友NC ICustomerExportToCrmService SQL注入)
+hjhost-hcm-get-org-tree-sqli (宏景人力资源管理系统 get_org_tree.jsp SQL注入漏洞)
+CVD-2022-1170 (泛微 E-Office login.wsdl.php 文件 SQL 注入漏洞)
+yonyou-nc-monitorservlet-rce (用友NC nc.bs.framework.mx.monitor.MonitorServlet 反序列化漏洞)
+CVD-2022-5298 (泛微 E-Office sample 权限绕过 file-upload 后台文件上传漏洞)
+```
+
+
+
 ## 2023.12.14
 
 更新到1.5.1版本。

diff --git a/common/callnuclei/callnuclei.go b/common/callnuclei/callnuclei.go
@@ -30,15 +30,16 @@ var (
 func CallNuclei(TargetAndPocsName map[string][]string,
 	proxy string,
 	callBack func(result output.ResultEvent),
-	nameForSearch string) []output.ResultEvent {
+	nameForSearch string,
+	NoInteractsh bool) []output.ResultEvent {
 
 	// 设置结果回调
 	output.AddResultCallback = callBack
 	if err := exportrunner.ExportRunnerConfigureOptions(); err != nil {
 		gologger.Fatal().Msgf("Could not initialize options: %s\n", err)
 	}
 
-	readConfig(TargetAndPocsName, proxy, nameForSearch)
+	readConfig(TargetAndPocsName, proxy, nameForSearch, NoInteractsh)
 	// configPath, _ := flagSet.GetConfigFilePath()
 
 	if options.ListDslSignatures {
@@ -108,7 +109,7 @@ func CallNuclei(TargetAndPocsName map[string][]string,
 	return output.Results
 }
 
-func readConfig(TargetAndPocsName map[string][]string, proxy string, nameForSearch string) {
+func readConfig(TargetAndPocsName map[string][]string, proxy string, nameForSearch string, NoInteractsh bool) {
 
 	pwd, _ := os.Getwd()
 
@@ -393,7 +394,7 @@ func readConfig(TargetAndPocsName map[string][]string, proxy string, nameForSear
 	options.InteractionsCoolDownPeriod = 5
 
 	// 禁用反连检测平台，同时排除基于反连检测的模板
-	options.NoInteractsh = false
+	options.NoInteractsh = NoInteractsh
 
 	// overrides fuzzing type set in template (replace, prefix, postfix, infix)
 	// 覆盖模板中设置的模糊类型(替换、前缀、后缀、中缀)

diff --git a/common/flag.go b/common/flag.go
@@ -8,7 +8,10 @@ import (
 	"fmt"
 	"github.com/projectdiscovery/gologger"
 	"github.com/projectdiscovery/hmap/store/hybrid"
+	"github.com/projectdiscovery/retryablehttp-go"
 	"gopkg.in/yaml.v3"
+	"net/http"
+	"net/url"
 	"os"
 	"path"
 	"runtime"
@@ -31,16 +34,18 @@ func GC() {
 	debug.FreeOSMemory()
 }
 
+var version = "1.6"
+
 func showBanner() {
-	banner := `
+	banner := fmt.Sprintf(`
      _       _       _       _   
   __| |   __| |   __| |   __| |  
- / _` + "`" + ` |  / _ ` + "`" + `|  / _` + "`" + ` |  / _` + "`" + ` |  
+ / _`+"`"+` |  / _ `+"`"+`|  / _`+"`"+` |  / _`+"`"+` |  
  \__,_|  \__,_|  \__,_|  \__,_|  
 _|"""""|_|"""""|_|"""""|_|"""""| 
-"` + "`" + `-0-0-'"` + "`" + `-0-0-'"` + "`" + `-0-0-` + "`" + `"` + "`" + `-0-0-'
-dddd.version: 1.5.1
-`
+"`+"`"+`-0-0-'"`+"`"+`-0-0-'"`+"`"+`-0-0-`+"`"+`"`+"`"+`-0-0-'
+dddd.version: %s
+`, version)
 	fmt.Println(banner)
 }
 
@@ -129,6 +134,31 @@ func prepare() {
 		structs.GlobalConfig.SkipHostDiscovery = true
 	}
 
+	if structs.GlobalConfig.HTTPProxyTest && structs.GlobalConfig.HTTPProxy != "" {
+		proxyURL, parseErr := url.Parse(structs.GlobalConfig.HTTPProxy)
+		if parseErr != nil {
+			gologger.Fatal().Msgf("代理格式不正确: %v", structs.GlobalConfig.HTTPProxy)
+		}
+		transport := retryablehttp.DefaultHostSprayingTransport()
+		transport.Proxy = http.ProxyURL(proxyURL)
+
+		gologger.Info().Msgf("测试代理中: %s", structs.GlobalConfig.HTTPProxy)
+		req, err := retryablehttp.NewRequest("GET", structs.GlobalConfig.HTTPProxyTestURL, nil)
+		if err != nil {
+			gologger.Fatal().Msg("代理测试失败！")
+		}
+		opts := retryablehttp.DefaultOptionsSpraying
+		client := retryablehttp.NewClient(opts)
+		client.HTTPClient.Transport = transport
+
+		req.Header.Set("User-Agent", "Mozilla/5.0 (Windows NT 10.0; WOW64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/71.0.3578.98 Safari/537.36")
+		resp, err := client.Do(req)
+		if err != nil {
+			gologger.Fatal().Msg("代理测试失败！")
+		}
+		gologger.Info().Msgf("代理有效！测试URL返回码: %v", resp.StatusCode)
+	}
+
 	// 兼容文件输入
 	if utils.IsFileNameValid(TargetString) {
 		fileBytes, err := os.ReadFile(TargetString)
@@ -282,7 +312,9 @@ func Flag() {
 	flag.IntVar(&structs.GlobalConfig.WebTimeout, "wto", 12, "Web探针超时时间,根据网络环境调整")
 
 	// 代理设置 只支持HTTP代理 方便用云函数
-	flag.StringVar(&structs.GlobalConfig.HTTPProxy, "proxy", "", "HTTP代理，在外网可利用云函数/代理池的多出口特性恶心防守 例: http://127.0.0.1:8080")
+	flag.StringVar(&structs.GlobalConfig.HTTPProxy, "proxy", "", "HTTP代理，在外网可利用云函数/代理池的多出口特性恶心防守。socks代理建议配合proxychains等工具 例: http://127.0.0.1:8080")
+	flag.BoolVar(&structs.GlobalConfig.HTTPProxyTest, "pt", true, "测试HTTP代理")
+	flag.StringVar(&structs.GlobalConfig.HTTPProxyTestURL, "ptu", "https://www.baidu.com", "测试HTTP代理的url，需要url返回200")
 
 	// 关闭主动指纹探测
 	flag.BoolVar(&structs.GlobalConfig.NoDirSearch, "nd", false, "关闭主动指纹探测")
@@ -316,8 +348,61 @@ func Flag() {
 	// 仅信息收集
 	flag.BoolVar(&structs.GlobalConfig.NoPoc, "npoc", false, "关闭漏洞探测")
 
+	// 反连平台、DNSLog
+	flag.BoolVar(&structs.GlobalConfig.NoInteractsh, "ni", false, "禁用Interactsh服务器，排除反连模版")
+
+	// 审计日志
+	flag.BoolVar(&gologger.Audit, "a", false, "开启审计日志")
+	flag.StringVar(&gologger.AuditLogFileName, "alf", "audit.log", "审计日志文件名称")
+
 	flag.Parse()
 	prepare()
+	flagAudit()
+}
+
+// 记录启动信息
+func flagAudit() {
+	gologger.AuditTimeLogger("dddd启动")
+	gologger.AuditLogger("本次启动参数如下:")
+	gologger.AuditLogger("Target: %s", strings.Join(structs.GlobalConfig.Targets, ","))
+	gologger.AuditLogger("Subdomain: %v", structs.GlobalConfig.Subdomain)
+	gologger.AuditLogger("NoSubdomainBruteForce: %v", structs.GlobalConfig.NoSubdomainBruteForce)
+	gologger.AuditLogger("NoSubFinder: %v", structs.GlobalConfig.NoSubFinder)
+	gologger.AuditLogger("SubdomainBruteForceThreads: %v", structs.GlobalConfig.SubdomainBruteForceThreads)
+	gologger.AuditLogger("AllowLocalAreaDomain: %v", structs.GlobalConfig.AllowLocalAreaDomain)
+	gologger.AuditLogger("Ports: %v", structs.GlobalConfig.Ports)
+	gologger.AuditLogger("SkipHostDiscovery: %v", structs.GlobalConfig.SkipHostDiscovery)
+	gologger.AuditLogger("NoICMPPing: %v", structs.GlobalConfig.NoICMPPing)
+	gologger.AuditLogger("TCPPing: %v", structs.GlobalConfig.TCPPing)
+	gologger.AuditLogger("GetBannerThreads: %v", structs.GlobalConfig.GetBannerThreads)
+	gologger.AuditLogger("PortScanType: %v", structs.GlobalConfig.PortScanType)
+	gologger.AuditLogger("TCPPortScanThreads: %v", structs.GlobalConfig.TCPPortScanThreads)
+	gologger.AuditLogger("SYNPortScanThreads: %v", structs.GlobalConfig.SYNPortScanThreads)
+	gologger.AuditLogger("PortsThreshold: %v", structs.GlobalConfig.PortsThreshold)
+	gologger.AuditLogger("TCPPortScanTimeout: %v", structs.GlobalConfig.TCPPortScanTimeout)
+	gologger.AuditLogger("MasscanPath: %v", structs.GlobalConfig.MasscanPath)
+	gologger.AuditLogger("WebThreads: %v", structs.GlobalConfig.WebThreads)
+	gologger.AuditLogger("WebTimeout: %v", structs.GlobalConfig.WebTimeout)
+	gologger.AuditLogger("HTTPProxy: %v", structs.GlobalConfig.HTTPProxy)
+	gologger.AuditLogger("HTTPProxyTestURL: %v", structs.GlobalConfig.HTTPProxyTestURL)
+	gologger.AuditLogger("HTTPProxyTest: %v", structs.GlobalConfig.HTTPProxyTest)
+	gologger.AuditLogger("NoDirSearch: %v", structs.GlobalConfig.NoDirSearch)
+	gologger.AuditLogger("Hunter: %v", structs.GlobalConfig.Hunter)
+	gologger.AuditLogger("HunterPageSize: %v", structs.GlobalConfig.HunterPageSize)
+	gologger.AuditLogger("HunterMaxPageCount: %v", structs.GlobalConfig.HunterMaxPageCount)
+	gologger.AuditLogger("Fofa: %v", structs.GlobalConfig.Fofa)
+	gologger.AuditLogger("FofaMaxCount: %v", structs.GlobalConfig.FofaMaxCount)
+	gologger.AuditLogger("Quake: %v", structs.GlobalConfig.Quake)
+	gologger.AuditLogger("QuakeSize: %v", structs.GlobalConfig.QuakeSize)
+	gologger.AuditLogger("LowPerceptionMode: %v", structs.GlobalConfig.LowPerceptionMode)
+	gologger.AuditLogger("ReportName: %v", structs.GlobalConfig.ReportName)
+	gologger.AuditLogger("GoPocThreads: %v", structs.GlobalConfig.GoPocThreads)
+	gologger.AuditLogger("NoGolangPoc: %v", structs.GlobalConfig.NoGolangPoc)
+	gologger.AuditLogger("PocNameForSearch: %v", structs.GlobalConfig.PocNameForSearch)
+	gologger.AuditLogger("NoPoc: %v", structs.GlobalConfig.NoPoc)
+	gologger.AuditLogger("NoInteractsh: %v", structs.GlobalConfig.NoInteractsh)
+	gologger.AuditLogger("Audit: %v", gologger.Audit)
+	gologger.AuditLogger("AuditLogFileName: %v", gologger.AuditLogFileName)
 }
 
 var PortTOP1000 = "21,22,23,25,53,69,80,81,88,89,110,135,161,445,139,137,143,389,443,512,513,514,548,873,1433,1521,2181,3306,3389,3690,4848,5000,5001,5432,5632,5900,5901,5902,6379,7000,7001,7002,8000,8001,8007,8008,8009,8069,8080,8081,8088,8089,8090,8091,9060,9090,9091,9200,9300,10000,11211,27017,27018,50000,1080,888,1158,2100,2424,2601,2604,3128,5984,7080,8010,8082,8083,8084,8085,8086,8087,8222,8443,8686,8888,9000,9001,9002,9003,9004,9005,9006,9007,9008,9009,9010,9043,9080,9081,9418,9999,50030,50060,50070,82,83,84,85,86,87,7003,7004,7005,7006,7007,7008,7009,7010,7070,7071,7072,7073,7074,7075,7076,7077,7078,7079,8002,8003,8004,8005,8006,8200,90,801,8011,8100,8012,8070,99,7777,8028,808,38888,8181,800,18080,8099,8899,8360,8300,8800,8180,3505,8053,1000,8989,28017,49166,3000,41516,880,8484,6677,8016,7200,9085,5555,8280,1980,8161,7890,8060,6080,8880,8020,889,8881,38501,1010,93,6666,100,6789,7060,8018,8022,3050,8787,2000,10001,8013,6888,8040,10021,2011,6006,4000,8055,4430,1723,6060,7788,8066,9898,6001,8801,10040,9998,803,6688,10080,8050,7011,40310,18090,802,10003,8014,2080,7288,8044,9992,8889,5644,8886,9500,58031,9020,8015,8887,8021,8700,91,9900,9191,3312,8186,8735,8380,1234,38080,9088,9988,2110,21245,3333,2046,9061,2375,9011,8061,8093,9876,8030,8282,60465,2222,98,1100,18081,70,8383,5155,92,8188,2517,8062,11324,2008,9231,999,28214,16080,8092,8987,8038,809,2010,8983,7700,3535,7921,9093,11080,6778,805,9083,8073,10002,114,2012,701,8810,8400,9099,8098,8808,20000,8065,8822,15000,9901,11158,1107,28099,12345,2006,9527,51106,688,25006,8045,8023,8029,9997,7048,8580,8585,2001,8035,10088,20022,4001,2013,20808,8095,106,3580,7742,8119,6868,32766,50075,7272,3380,3220,7801,5256,5255,10086,1300,5200,8096,6198,6889,3503,6088,9991,806,5050,8183,8688,1001,58080,1182,9025,8112,7776,7321,235,8077,8500,11347,7081,8877,8480,9182,58000,8026,11001,10089,5888,8196,8078,9995,2014,5656,8019,5003,8481,6002,9889,9015,8866,8182,8057,8399,10010,8308,511,12881,4016,8042,1039,28080,5678,7500,8051,18801,15018,15888,38443,8123,8144,94,9070,1800,9112,8990,3456,2051,9098,444,9131,97,7100,7711,7180,11000,8037,6988,122,8885,14007,8184,7012,8079,9888,9301,59999,49705,1979,8900,5080,5013,1550,8844,4850,206,5156,8813,3030,1790,8802,9012,5544,3721,8980,10009,8043,8390,7943,8381,8056,7111,1500,7088,5881,9437,5655,8102,6000,65486,4443,10025,8024,8333,8666,103,8,9666,8999,9111,8071,9092,522,11381,20806,8041,1085,8864,7900,1700,8036,8032,8033,8111,60022,955,3080,8788,7443,8192,6969,9909,5002,9990,188,8910,9022,10004,866,8582,4300,9101,6879,8891,4567,4440,10051,10068,50080,8341,30001,6890,8168,8955,16788,8190,18060,7041,42424,8848,15693,2521,19010,18103,6010,8898,9910,9190,9082,8260,8445,1680,8890,8649,30082,3013,30000,2480,7202,9704,5233,8991,11366,7888,8780,7129,6600,9443,47088,7791,18888,50045,15672,9089,2585,60,9494,31945,2060,8610,8860,58060,6118,2348,8097,38000,18880,13382,6611,8064,7101,5081,7380,7942,10016,8027,2093,403,9014,8133,6886,95,8058,9201,6443,5966,27000,7017,6680,8401,9036,8988,8806,6180,421,423,57880,7778,18881,812,15004,9110,8213,8868,1213,8193,8956,1108,778,65000,7020,1122,9031,17000,8039,8600,50090,1863,8191,65,6587,8136,9507,132,200,2070,308,5811,3465,8680,7999,7084,18082,3938,18001,9595,442,4433,7171,9084,7567,811,1128,6003,2125,6090,10007,7022,1949,6565,65001,1301,19244,10087,8025,5098,21080,1200,15801,1005,22343,7086,8601,6259,7102,10333,211,10082,18085,180,40000,7021,7702,66,38086,666,6603,1212,65493,96,9053,7031,23454,30088,6226,8660,6170,8972,9981,48080,9086,10118,40069,28780,20153,20021,20151,58898,10066,1818,9914,55351,8343,18000,6546,3880,8902,22222,19045,5561,7979,5203,8879,50240,49960,2007,1722,8913,8912,9504,8103,8567,1666,8720,8197,3012,8220,9039,5898,925,38517,8382,6842,8895,2808,447,3600,3606,9095,45177,19101,171,133,8189,7108,10154,47078,6800,8122,381,1443,15580,23352,3443,1180,268,2382,43651,10099,65533,7018,60010,60101,6699,2005,18002,2009,59777,591,1933,9013,8477,9696,9030,2015,7925,6510,18803,280,5601,2901,2301,5201,302,610,8031,5552,8809,6869,9212,17095,20001,8781,25024,5280,7909,17003,1088,7117,20052,1900,10038,30551,9980,9180,59009,28280,7028,61999,7915,8384,9918,9919,55858,7215,77,9845,20140,8288,7856,1982,1123,17777,8839,208,2886,877,6101,5100,804,983,5600,8402,5887,8322,770,13333,7330,3216,31188,47583,8710,22580,1042,2020,34440,20,7703,65055,8997,6543,6388,8283,7201,4040,61081,12001,3588,7123,2490,4389,1313,19080,9050,6920,299,20046,8892,9302,7899,30058,7094,6801,321,1356,12333,11362,11372,6602,7709,45149,3668,517,9912,9096,8130,7050,7713,40080,8104,13988,18264,8799,55070,23458,8176,9517,9541,9542,9512,8905,11660,1025,44445,44401,17173,436,560,733,968,602,3133,3398,16580,8488,8901,8512,10443,9113,9119,6606,22080,5560,7,5757,1600,8250,10024,10200,333,73,7547,8054,6372,223,3737,9800,9019,8067,45692,15400,15698,9038,37006,2086,1002,9188,8094,8201,8202,30030,2663,9105,10017,4503,1104,8893,40001,27779,3010,7083,5010,5501,309,1389,10070,10069,10056,3094,10057,10078,10050,10060,10098,4180,10777,270,6365,9801,1046,7140,1004,9198,8465,8548,108,30015,8153,1020,50100,8391,34899,7090,6100,8777,8298,8281,7023,3377,9100"