CRYPTOHACK BLOCK CIPHERS
创始人
2024-02-24 09:02:28
0次
一、ECB CBC WTF
题目:
from Crypto.Cipher import AESKEY = ?
FLAG = ?@chal.route('/ecbcbcwtf/decrypt//')
def decrypt(ciphertext):ciphertext = bytes.fromhex(ciphertext)cipher = AES.new(KEY, AES.MODE_ECB)try:decrypted = cipher.decrypt(ciphertext)except ValueError as e:return {"error": str(e)}return {"plaintext": decrypted.hex()}@chal.route('/ecbcbcwtf/encrypt_flag/')
def encrypt_flag():iv = os.urandom(16)cipher = AES.new(KEY, AES.MODE_CBC, iv)encrypted = cipher.encrypt(FLAG.encode())ciphertext = iv.hex() + encrypted.hex()return {"ciphertext": ciphertext}
hint:
Here you can encrypt in CBC but only decrypt in ECB. That shouldn't be a weakness because they're different modes... right?
译文:
在这里,您可以在CBC中加密,但只能在ECB中解密。这不应该是一个弱点,因为它们是不同的模式……对吧?
思路:
本题告诉了我们用CBC模式进行加密,但使用ECB进行解密,其中,我们已经知道了CBC模式中加密的IV值的大小,我们又已经知道了将密文用ECB解密的值,通过CBC模式的解密结构,我们知道将第一段密文解密后于IV进行异或运算既是原明文,而第一段密文则是第二段密文加密的IV值,所以解密时将其反过来用,作为IV解密即可:
wp:
import requests
from Crypto.Util.number import *
result=requests.get('http://aes.cryptohack.org/ecbcbcwtf/encrypt_flag')
ciphertext=result.json()["ciphertext"]
# print(result.text)# print(len(bytes.fromhex(ciphertext)))
ciphertext=bytes.fromhex(ciphertext)
c1=hex(bytes_to_long(ciphertext[0:16]))[2:]
c2=hex(bytes_to_long(ciphertext[16:32]))[2:]
c3=hex(bytes_to_long(ciphertext[32:48]))[2:]
print(c1)
print(c2)
print(c3)# C=hex(bytes_to_long(ciphertext))
# print(c1)
# print(c2)
# print(c3)
# c1=0x9d2691928a24ed9215416815e80164d1
# c2=0xf77ea0b2c315db6b56a48c8250b0c9b8
# c3=0x6a61b98b2e5d26af3976d7c36a76a847
# k1=int(c1) ^ int(c2)
# k3=int(c2) ^ int(c3)
a1=requests.get(f'http://aes.cryptohack.org/ecbcbcwtf/decrypt/{c2}')
a2=requests.get(f'http://aes.cryptohack.org/ecbcbcwtf/decrypt/{c3}')
m1=a1.json()["plaintext"]
m2=a2.json()["plaintext"]
M1=int(m1,16)^int(c1,16)
M2=int(m2,16)^int(c2,16)
print(long_to_bytes(M1)+long_to_bytes(M2))
二、ECB Oracle
题目:
from Crypto.Cipher import AES
from Crypto.Util.Padding import pad, unpadKEY = ?
FLAG = ?@chal.route('/ecb_oracle/encrypt//')
def encrypt(plaintext):plaintext = bytes.fromhex(plaintext)padded = pad(plaintext + FLAG.encode(), 16)cipher = AES.new(KEY, AES.MODE_ECB)try:encrypted = cipher.encrypt(padded)except ValueError as e:return {"error": str(e)}return {"ciphertext": encrypted.hex()}</code></pre>
<h3>hint:</h3>
<blockquote> <p>ECB is the most simple mode, with each plaintext block encrypted entirely independently. In this case, your input is prepended to the secret flag and encrypted and that's it. We don't even provide a decrypt function. Perhaps you don't need a padding oracle when you have an "ECB oracle"?</p> <p><em>译文:</em></p> <p>ECB是最简单的模式,每个明文块完全独立加密。在本例中,您的输入被预先添加到秘密标志并加密,仅此而已。我们甚至不提供解密函数。或许当你有了“欧洲央行的预言者”,你就不需要填充预言了?</p>
</blockquote>
<h3>思路:</h3>
<p> 本题为一道典型的ECB加密解密问题,首先,我们即不知道明文也不知道密文。我们可以发现题目中给与了我们加密算法,所以我们可以自己设置明文代入进行尝试:</p>
<pre><code class="language-python">import requests
from tqdm import tqdm
from Crypto.Util.number import *
# m = ''
for i in range(30):m = i*'61'result = requests.get(f'http://aes.cryptohack.org/ecb_oracle/encrypt/{m}')try:a = result.json()["ciphertext"]print(i,len(a)//2)except:pass</code></pre>
<p>从输出的值中,我们可以发现代码在第6和第22时发生改变。于是,我们可以推断明文为26bits长(32 - 6、48 - 22),而加密算法中是以16bits为块进行加密和解密(22 - 6)。</p>
<p>所以,我们可以代入15*a进行加密,这样前16为就为15 * a加上明文第一位,接着,我们对十六位进行暴力破解即可得到我们所需的明文第一位,第一到第十五位都为这个思路:</p>
<pre><code class="language-python">k=''
for i in range(15):m = '61'*(15-i)print(bytes.fromhex(m))result = requests.get(f'http://aes.cryptohack.org/ecb_oracle/encrypt/{m}')m = result.json()["ciphertext"]m1 = m[:32]# print(m1)for j in range(32,127):m = '61' * (15-i) + km += str(hex(j)[2:])result1 = requests.get(f'http://aes.cryptohack.org/ecb_oracle/encrypt/{m}')n = result1.json()["ciphertext"]n1 = n[:32]# print(n1)try:if n1 == m1:k += str(hex(j)[2:])print(bytes.fromhex(k))breakexcept:pass# b'crypto{p3n6u1n5'</code></pre>
<p>后11位思路类似,仅需要我们将代码扩张到前32位进行暴力破解运算:</p>
<pre><code class="language-python">k='63727970746f7b70336e3675316e35'
for i in range(11):m = '61'*(16-i)print(bytes.fromhex(m))result = requests.get(f'http://aes.cryptohack.org/ecb_oracle/encrypt/{m}')m = result.json()["ciphertext"]m1 = m[32:64]# print(m1)for j in range(32,127):m = '61' * (16-i) + km += str(hex(j)[2:])result1 = requests.get(f'http://aes.cryptohack.org/ecb_oracle/encrypt/{m}')n = result1.json()["ciphertext"]n1 = n[32:64]# print(n1)try:if n1 == m1:k += str(hex(j)[2:])print(bytes.fromhex(k))breakexcept:pass</code></pre>
<h3>wp:</h3>
<pre><code class="language-python">import requests
from tqdm import tqdm
from Crypto.Util.number import *
# m = ''
# for i in range(30):
# m = i*'61'
# result = requests.get(f'http://aes.cryptohack.org/ecb_oracle/encrypt/{m}')
# try:
# a = result.json()["ciphertext"]
# print(i,len(a)//2)
# except:
# passk=''
for i in range(15):m = '61'*(15-i)print(bytes.fromhex(m))result = requests.get(f'http://aes.cryptohack.org/ecb_oracle/encrypt/{m}')m = result.json()["ciphertext"]m1 = m[:32]# print(m1)for j in range(32,127):m = '61' * (15-i) + km += str(hex(j)[2:])result1 = requests.get(f'http://aes.cryptohack.org/ecb_oracle/encrypt/{m}')n = result1.json()["ciphertext"]n1 = n[:32]# print(n1)try:if n1 == m1:k += str(hex(j)[2:])print(bytes.fromhex(k))breakexcept:pass# b'crypto{p3n6u1n5'k='63727970746f7b70336e3675316e35'
for i in range(11):m = '61'*(16-i)print(bytes.fromhex(m))result = requests.get(f'http://aes.cryptohack.org/ecb_oracle/encrypt/{m}')m = result.json()["ciphertext"]m1 = m[32:64]# print(m1)for j in range(32,127):m = '61' * (16-i) + km += str(hex(j)[2:])result1 = requests.get(f'http://aes.cryptohack.org/ecb_oracle/encrypt/{m}')n = result1.json()["ciphertext"]n1 = n[32:64]# print(n1)try:if n1 == m1:k += str(hex(j)[2:])print(bytes.fromhex(k))breakexcept:pass</code></pre>
<h1>三、FLIPPING COOKIE</h1>
<h3>题目:</h3>
<pre><code class="language-python">from Crypto.Cipher import AES
import os
from Crypto.Util.Padding import pad, unpad
from datetime import datetime, timedeltaKEY = ?
FLAG = ?@chal.route('/flipping_cookie/check_admin/<cookie>/<iv>/')
def check_admin(cookie, iv):cookie = bytes.fromhex(cookie)iv = bytes.fromhex(iv)try:cipher = AES.new(KEY, AES.MODE_CBC, iv)decrypted = cipher.decrypt(cookie)unpadded = unpad(decrypted, 16)except ValueError as e:return {"error": str(e)}if b"admin=True" in unpadded.split(b";"):return {"flag": FLAG}else:return {"error": "Only admin can read the flag"}@chal.route('/flipping_cookie/get_cookie/')
def get_cookie():expires_at = (datetime.today() + timedelta(days=1)).strftime("%s")cookie = f"admin=False;expiry={expires_at}".encode()iv = os.urandom(16)padded = pad(cookie, 16)cipher = AES.new(KEY, AES.MODE_CBC, iv)encrypted = cipher.encrypt(padded)ciphertext = iv.hex() + encrypted.hex()return {"cookie": ciphertext}</code></pre>
<h3>hint:</h3>
<blockquote> <p>You can get a cookie for my website, but it won't help you read the flag... I think.</p> <p><em>译文:</em></p> <p>你可以为我的网站获得一块cookie,但它不会帮助你读flag…我认为。</p>
</blockquote>
<h3>思路: </h3>
<p>这是一到典型的CBC字节翻转问题,我们已知CBC的加密模式,其中,第一段密文为第一段明文于IV进行异或运算再进行AES加密,最终得到我们所需的第一段密文,第二段相比第一段既是将输入的IV改为我们求得的第一段密文。</p>
<p>我们已知第一段明文为:</p>
<pre>a1 = b'admin=False;expi'</pre>
<p>我们需要将admin改为True,从而让网站以为我们拥有网站的控制权,因为我们通过代码可知,当admin=True;时网站会返回我们flag值。所以我们需要构建一个新的IV使密文被加密后为True,从而骗过网站。</p>
<p>Dec (m1) = c1 ^ IV</p>
<p>c1_new = Dec (m1) ^ IV_new</p>
<p>其中,各个条件我们都已知,除了IV_new,于是,我们可以构建出IV_new,并将新的IV返回到网站中输入,最终求得flag。</p>
<h3>wp:</h3>
<pre><code class="language-python">import requests
from Crypto.Util.number import *result = requests.get('http://aes.cryptohack.org/flipping_cookie/get_cookie')
m = result.json()["cookie"]
M = bytes.fromhex(m)
# print(m)
IV = m[:32]
k = m[32:]a1 = b'admin=False;expi'
a2 = b'admin=True;00000'
m1=hex(bytes_to_long(a1))
m2=hex(bytes_to_long(a2))
# print(m1)
IV_new = int(m1,16)^int(m2,16)^int(IV,16)
# print(IV_new)
IV_new = hex(IV_new)[2:]
print(IV_new)
result2 = requests.get(f'http://aes.cryptohack.org/flipping_cookie/check_admin/{k}/{IV_new}')
l = result2.json()
print(l)
</code></pre>
<h1>四、LAZY CBC</h1>
<h3>题目:</h3>
<pre><code class="language-python">from Crypto.Cipher import AESKEY = ?
FLAG = ?@chal.route('/lazy_cbc/encrypt/<plaintext>/')
def encrypt(plaintext):plaintext = bytes.fromhex(plaintext)if len(plaintext) % 16 != 0:return {"error": "Data length must be multiple of 16"}cipher = AES.new(KEY, AES.MODE_CBC, KEY)encrypted = cipher.encrypt(plaintext)return {"ciphertext": encrypted.hex()}@chal.route('/lazy_cbc/get_flag/<key>/')
def get_flag(key):key = bytes.fromhex(key)if key == KEY:return {"plaintext": FLAG.encode().hex()}else:return {"error": "invalid key"}@chal.route('/lazy_cbc/receive/<ciphertext>/')
def receive(ciphertext):ciphertext = bytes.fromhex(ciphertext)if len(ciphertext) % 16 != 0:return {"error": "Data length must be multiple of 16"}cipher = AES.new(KEY, AES.MODE_CBC, KEY)decrypted = cipher.decrypt(ciphertext)try:decrypted.decode() # ensure plaintext is valid asciiexcept UnicodeDecodeError:return {"error": "Invalid plaintext: " + decrypted.hex()}return {"success": "Your message has been received"}</code></pre>
<h3>hint:</h3>
<blockquote> <p>I'm just a lazy dev and want my CBC encryption to work. What's all this talk about initialisations vectors? Doesn't sound important.</p> <p><em>译文:</em></p> <p>我只是一个懒惰的开发人员,希望我的CBC加密工作。这些关于初始化向量的讨论是怎么回事?听起来不重要。</p>
</blockquote>
<h3>思路:</h3>
<p>在这道题中,我们有密文的生成代码,和密文的解密代码,以及flag的获得代码</p>
<p>CBC的生成思路:</p>
<p>c1 = Dec(m1) ^ IV ——(1)</p>
<p>c2 = Dec(m2) ^ m1 ——(2)</p>
<p>c3 = Dec(m3) ^ m2 ——(3)</p>
<p>由于密文明文我们都可以自己设置,于是我们不妨让m2==0;m1=m3,于是让(1)和(3)进行异或运算,可以求得我们所需的IV值,将其返回网站即可:</p>
<h3>wp:</h3>
<pre><code class="language-python">import requests
from Crypto.Util.number import *
# a = b'0'*16
# A = hex(bytes_to_long(a))
# print(A)b = '61616161616161616161616161616161'*3
result = requests.get(f'http://aes.cryptohack.org/lazy_cbc/encrypt/{b}')
m = result.json()["ciphertext"]
print(m)
k1 = m[:32] + '0'*32 + m[:32]
k = requests.get(f'http://aes.cryptohack.org/lazy_cbc/receive/{k1}')
k=k.json()
print(k)b1 = '6161616161616161616161616161616116874d46ae7c02bcd5fe3d27fcba5b60966f8a5cc032ff235c45da24d505e288'
# result1 = requests.get(f'http://aes.cryptohack.org/lazy_cbc/encrypt/{b1}')
# result1 = result1.json()
# print(result1)key = hex(int(b1[:32],16)^int(b1[64:96],16))[2:]
print(key)
m = requests.get(f'http://aes.cryptohack.org/lazy_cbc/get_flag/{key}')
m = m.json()
print(m)M = 0x63727970746f7b35306d335f703330706c335f64306e375f3768316e6b5f49565f31355f316d70307237346e375f3f7d
print(long_to_bytes(int(M)))</code></pre>
<p></p> <!--end::Text-->
</div>
<!--end::Description-->
<div class="mt-5">
<!--关键词搜索-->
</div>
<div class="mt-5">
<p class="fc-show-prev-next">
<strong>上一篇:</strong><a href="/news/show-1552400.html">创业怎么解决资金问题(创业的问题和解决方案) 创业资金都怎么解决 解决创业资金有哪些方法</a><br>
</p>
<p class="fc-show-prev-next">
<strong>下一篇:</strong><a href="/news/show-1552402.html">创业补贴,创业社保补贴 再创业可以申请一次性创业补贴吗 江阴市自主创业一次性创业补贴</a> </p>
</div>
<!--begin::Block-->
<div class="d-flex flex-stack mb-2 mt-10">
<!--begin::Title-->
<h3 class="text-dark fs-5 fw-bold text-gray-800">相关内容</h3>
<!--end::Title-->
</div>
<div class="separator separator-dashed mb-9"></div>
<!--end::Block-->
<div class="row g-10">
</div>
</div>
<!--end::Table widget 14-->
</div>
<!--end::Col-->
<!--begin::Col-->
<div class="col-xl-4 mt-0">
<!--begin::Chart Widget 35-->
<div class="card card-flush h-md-100">
<!--begin::Header-->
<div class="card-header pt-5 ">
<!--begin::Title-->
<h3 class="card-title align-items-start flex-column">
<!--begin::Statistics-->
<div class="d-flex align-items-center mb-2">
<!--begin::Currency-->
<span class="fs-5 fw-bold text-gray-800 ">热门资讯</span>
<!--end::Currency-->
</div>
<!--end::Statistics-->
</h3>
<!--end::Title-->
</div>
<!--end::Header-->
<!--begin::Body-->
<div class="card-body pt-3">
<!--begin::Item-->
<div class="d-flex flex-stack mb-7">
<!--begin::Symbol-->
<div class="symbol symbol-60px symbol-2by3 me-4">
<div class="symbol-label" style="background-image: url('/static/assets/images/nopic.gif')"></div>
</div>
<!--end::Symbol-->
<!--begin::Title-->
<div class="m-0">
<a href="/news/show-1639187.html" class="text-dark fw-bold text-hover-primary fs-6">农历十月十八生日那么新历怎么算</a>
<span class="text-gray-600 fw-semibold d-block pt-1 fs-7">农历十月十八生日那么新历怎么算农历十月十八生日,那么2015年的农历十月十八日是新历的2015年11...</span>
</div>
<!--end::Title-->
</div>
<!--begin::Item-->
<div class="d-flex flex-stack mb-7">
<!--begin::Symbol-->
<div class="symbol symbol-60px symbol-2by3 me-4">
<div class="symbol-label" style="background-image: url('/static/assets/images/nopic.gif')"></div>
</div>
<!--end::Symbol-->
<!--begin::Title-->
<div class="m-0">
<a href="/news/show-1639183.html" class="text-dark fw-bold text-hover-primary fs-6">野天鹅的故事主要内容有哪些?</a>
<span class="text-gray-600 fw-semibold d-block pt-1 fs-7">野天鹅的故事主要内容有哪些? 野天鹅的故事讲述了一场善与恶的斗争。从前,有一位国王娶了一个坏心的新王...</span>
</div>
<!--end::Title-->
</div>
<!--begin::Item-->
<div class="d-flex flex-stack mb-7">
<!--begin::Symbol-->
<div class="symbol symbol-60px symbol-2by3 me-4">
<div class="symbol-label" style="background-image: url('/static/assets/images/nopic.gif')"></div>
</div>
<!--end::Symbol-->
<!--begin::Title-->
<div class="m-0">
<a href="/news/show-1639185.html" class="text-dark fw-bold text-hover-primary fs-6">9-12题的所有答案 这篇文言...</a>
<span class="text-gray-600 fw-semibold d-block pt-1 fs-7">9-12题的所有答案 这篇文言文叫得道多助,失道寡助地利,天时,人和</span>
</div>
<!--end::Title-->
</div>
<!--begin::Item-->
<div class="d-flex flex-stack mb-7">
<!--begin::Symbol-->
<div class="symbol symbol-60px symbol-2by3 me-4">
<div class="symbol-label" style="background-image: url('/static/assets/images/nopic.gif')"></div>
</div>
<!--end::Symbol-->
<!--begin::Title-->
<div class="m-0">
<a href="/news/show-1639189.html" class="text-dark fw-bold text-hover-primary fs-6">家父过世小朋友可以参加小朋友的...</a>
<span class="text-gray-600 fw-semibold d-block pt-1 fs-7">家父过世小朋友可以参加小朋友的生日吗?一般是不行的,三年内尽量减少参加这种喜庆宴请,主要是对方家长会...</span>
</div>
<!--end::Title-->
</div>
<!--begin::Item-->
<div class="d-flex flex-stack mb-7">
<!--begin::Symbol-->
<div class="symbol symbol-60px symbol-2by3 me-4">
<div class="symbol-label" style="background-image: url('/static/assets/images/nopic.gif')"></div>
</div>
<!--end::Symbol-->
<!--begin::Title-->
<div class="m-0">
<a href="/news/show-1639186.html" class="text-dark fw-bold text-hover-primary fs-6">一笑置之,再一笑了之。是什么意...</a>
<span class="text-gray-600 fw-semibold d-block pt-1 fs-7">一笑置之,再一笑了之。是什么意思一笑泯恩愁(仇)</span>
</div>
<!--end::Title-->
</div>
<!--begin::Item-->
<div class="d-flex flex-stack mb-7">
<!--begin::Symbol-->
<div class="symbol symbol-60px symbol-2by3 me-4">
<div class="symbol-label" style="background-image: url('/static/assets/images/nopic.gif')"></div>
</div>
<!--end::Symbol-->
<!--begin::Title-->
<div class="m-0">
<a href="/news/show-1639181.html" class="text-dark fw-bold text-hover-primary fs-6">童话故事作文教室里的悄悄话要求...</a>
<span class="text-gray-600 fw-semibold d-block pt-1 fs-7">童话故事作文教室里的悄悄话要求几样物品 教室里的悄悄话 在一个夜深人静的夜晚,黑板和桌子悄悄地...</span>
</div>
<!--end::Title-->
</div>
<!--begin::Item-->
<div class="d-flex flex-stack mb-7">
<!--begin::Symbol-->
<div class="symbol symbol-60px symbol-2by3 me-4">
<div class="symbol-label" style="background-image: url('/static/assets/images/nopic.gif')"></div>
</div>
<!--end::Symbol-->
<!--begin::Title-->
<div class="m-0">
<a href="/news/show-1639180.html" class="text-dark fw-bold text-hover-primary fs-6">有酒有故事下一句是什么有酒有故...</a>
<span class="text-gray-600 fw-semibold d-block pt-1 fs-7">有酒有故事下一句是什么有酒有故事下一句怎样连1、“你有故事,你有酒,我能陪你唠一宿”,这句话的下一句...</span>
</div>
<!--end::Title-->
</div>
<!--begin::Item-->
<div class="d-flex flex-stack mb-7">
<!--begin::Symbol-->
<div class="symbol symbol-60px symbol-2by3 me-4">
<div class="symbol-label" style="background-image: url('/static/assets/images/nopic.gif')"></div>
</div>
<!--end::Symbol-->
<!--begin::Title-->
<div class="m-0">
<a href="/news/show-1639184.html" class="text-dark fw-bold text-hover-primary fs-6">作文“校车里的故事”不少于80...</a>
<span class="text-gray-600 fw-semibold d-block pt-1 fs-7">作文“校车里的故事”不少于800作文“校车里的故事”不少于800... 作文“校车里的故事”不少于...</span>
</div>
<!--end::Title-->
</div>
<!--begin::Item-->
<div class="d-flex flex-stack mb-7">
<!--begin::Symbol-->
<div class="symbol symbol-60px symbol-2by3 me-4">
<div class="symbol-label" style="background-image: url('/static/assets/images/nopic.gif')"></div>
</div>
<!--end::Symbol-->
<!--begin::Title-->
<div class="m-0">
<a href="/news/show-1639168.html" class="text-dark fw-bold text-hover-primary fs-6">女人记住你们从前的点点滴滴说明...</a>
<span class="text-gray-600 fw-semibold d-block pt-1 fs-7">女人记住你们从前的点点滴滴说明什么?说明她的记性非常好,但是关注的地方都太狭窄了</span>
</div>
<!--end::Title-->
</div>
<!--begin::Item-->
<div class="d-flex flex-stack mb-7">
<!--begin::Symbol-->
<div class="symbol symbol-60px symbol-2by3 me-4">
<div class="symbol-label" style="background-image: url('/static/assets/images/nopic.gif')"></div>
</div>
<!--end::Symbol-->
<!--begin::Title-->
<div class="m-0">
<a href="/news/show-1639165.html" class="text-dark fw-bold text-hover-primary fs-6">我喜欢上了一个高三的男生,但他...</a>
<span class="text-gray-600 fw-semibold d-block pt-1 fs-7">我喜欢上了一个高三的男生,但他就要考试了,我该怎么办?1.你现在要做的就是认真复习2.结束之后再来联...</span>
</div>
<!--end::Title-->
</div>
<!--begin::Item-->
<div class="d-flex flex-stack mb-7">
<!--begin::Symbol-->
<div class="symbol symbol-60px symbol-2by3 me-4">
<div class="symbol-label" style="background-image: url('/static/assets/images/nopic.gif')"></div>
</div>
<!--end::Symbol-->
<!--begin::Title-->
<div class="m-0">
<a href="/news/show-1639163.html" class="text-dark fw-bold text-hover-primary fs-6">形容安定的生活的成语?</a>
<span class="text-gray-600 fw-semibold d-block pt-1 fs-7">形容安定的生活的成语?安邦治国、安居乐业、国泰民安、太平盛世、安生乐业一、安邦治国白话释义:使国家安...</span>
</div>
<!--end::Title-->
</div>
<!--begin::Item-->
<div class="d-flex flex-stack mb-7">
<!--begin::Symbol-->
<div class="symbol symbol-60px symbol-2by3 me-4">
<div class="symbol-label" style="background-image: url('/static/assets/images/nopic.gif')"></div>
</div>
<!--end::Symbol-->
<!--begin::Title-->
<div class="m-0">
<a href="/news/show-1639166.html" class="text-dark fw-bold text-hover-primary fs-6">小学四年级数学故事</a>
<span class="text-gray-600 fw-semibold d-block pt-1 fs-7">小学四年级数学故事nmkjllllllllllllllllllllllllllllllllllll</span>
</div>
<!--end::Title-->
</div>
<!--begin::Item-->
<div class="d-flex flex-stack mb-7">
<!--begin::Symbol-->
<div class="symbol symbol-60px symbol-2by3 me-4">
<div class="symbol-label" style="background-image: url('/static/assets/images/nopic.gif')"></div>
</div>
<!--end::Symbol-->
<!--begin::Title-->
<div class="m-0">
<a href="/news/show-1639167.html" class="text-dark fw-bold text-hover-primary fs-6">怎样练好毛笔字的方法</a>
<span class="text-gray-600 fw-semibold d-block pt-1 fs-7">怎样练好毛笔字的方法毛笔字一开始练习的时候要从描摹开始,然后是临写和背临,最后是创作。描摹一般会用薄...</span>
</div>
<!--end::Title-->
</div>
<!--begin::Item-->
<div class="d-flex flex-stack mb-7">
<!--begin::Symbol-->
<div class="symbol symbol-60px symbol-2by3 me-4">
<div class="symbol-label" style="background-image: url('/static/assets/images/nopic.gif')"></div>
</div>
<!--end::Symbol-->
<!--begin::Title-->
<div class="m-0">
<a href="/news/show-1639164.html" class="text-dark fw-bold text-hover-primary fs-6">你为我付出了这么多,后悔吗,觉...</a>
<span class="text-gray-600 fw-semibold d-block pt-1 fs-7">你为我付出了这么多,后悔吗,觉得值吗? 这是我女朋友问我的,我真的不知道怎么回答真正的喜欢是不讲值不...</span>
</div>
<!--end::Title-->
</div>
<!--begin::Item-->
<div class="d-flex flex-stack mb-7">
<!--begin::Symbol-->
<div class="symbol symbol-60px symbol-2by3 me-4">
<div class="symbol-label" style="background-image: url('/static/assets/images/nopic.gif')"></div>
</div>
<!--end::Symbol-->
<!--begin::Title-->
<div class="m-0">
<a href="/news/show-1639162.html" class="text-dark fw-bold text-hover-primary fs-6">泰山挑山工</a>
<span class="text-gray-600 fw-semibold d-block pt-1 fs-7">泰山挑山工到泰山玩遇见挑山工的频率是多少?晚上去是不是不能遇到?如果白天去,一路上能遇到多少挑山工?...</span>
</div>
<!--end::Title-->
</div>
<!--begin::Item-->
<div class="d-flex flex-stack mb-7">
<!--begin::Symbol-->
<div class="symbol symbol-60px symbol-2by3 me-4">
<div class="symbol-label" style="background-image: url('/static/assets/images/nopic.gif')"></div>
</div>
<!--end::Symbol-->
<!--begin::Title-->
<div class="m-0">
<a href="/news/show-1639161.html" class="text-dark fw-bold text-hover-primary fs-6">在历史或现代中有哪些例子体现了...</a>
<span class="text-gray-600 fw-semibold d-block pt-1 fs-7">在历史或现代中有哪些例子体现了“出奇制胜”的;“保守正道”的;完全逐利的;讲究义气的出奇:著名的官渡...</span>
</div>
<!--end::Title-->
</div>
<!--begin::Item-->
<div class="d-flex flex-stack mb-7">
<!--begin::Symbol-->
<div class="symbol symbol-60px symbol-2by3 me-4">
<div class="symbol-label" style="background-image: url('/static/assets/images/nopic.gif')"></div>
</div>
<!--end::Symbol-->
<!--begin::Title-->
<div class="m-0">
<a href="/news/show-1639145.html" class="text-dark fw-bold text-hover-primary fs-6">如何指导幼儿进行故事创编?</a>
<span class="text-gray-600 fw-semibold d-block pt-1 fs-7">如何指导幼儿进行故事创编?创编故事是幼儿园语言网络活动结构中的一个层次活动。在创编故事活动中,教师的...</span>
</div>
<!--end::Title-->
</div>
<!--begin::Item-->
<div class="d-flex flex-stack mb-7">
<!--begin::Symbol-->
<div class="symbol symbol-60px symbol-2by3 me-4">
<div class="symbol-label" style="background-image: url('/static/assets/images/nopic.gif')"></div>
</div>
<!--end::Symbol-->
<!--begin::Title-->
<div class="m-0">
<a href="/news/show-1639143.html" class="text-dark fw-bold text-hover-primary fs-6">《知否》中大娘子糊涂短视,为何...</a>
<span class="text-gray-600 fw-semibold d-block pt-1 fs-7">《知否》中大娘子糊涂短视,为何养出来三个孩子却都正直善良有出息?华兰是祖母教导的,然后长柏是非常有学...</span>
</div>
<!--end::Title-->
</div>
<!--begin::Item-->
<div class="d-flex flex-stack mb-7">
<!--begin::Symbol-->
<div class="symbol symbol-60px symbol-2by3 me-4">
<div class="symbol-label" style="background-image: url('/static/assets/images/nopic.gif')"></div>
</div>
<!--end::Symbol-->
<!--begin::Title-->
<div class="m-0">
<a href="/news/show-1639140.html" class="text-dark fw-bold text-hover-primary fs-6">神探狄仁杰3中黑衣社故事中疑问</a>
<span class="text-gray-600 fw-semibold d-block pt-1 fs-7">神探狄仁杰3中黑衣社故事中疑问狄仁杰他们第一次进入荒山古堡时,黑衣社就可以把他们全部杀死,这样以后就...</span>
</div>
<!--end::Title-->
</div>
<!--begin::Item-->
<div class="d-flex flex-stack mb-7">
<!--begin::Symbol-->
<div class="symbol symbol-60px symbol-2by3 me-4">
<div class="symbol-label" style="background-image: url('/static/assets/images/nopic.gif')"></div>
</div>
<!--end::Symbol-->
<!--begin::Title-->
<div class="m-0">
<a href="/news/show-1639146.html" class="text-dark fw-bold text-hover-primary fs-6">列宁诚实与信任的故事</a>
<span class="text-gray-600 fw-semibold d-block pt-1 fs-7">列宁诚实与信任的故事 列宁八岁的时候,有一天,跟着爸爸到姑妈家去做客。表兄弟表姐妹见到列宁都很高...</span>
</div>
<!--end::Title-->
</div>
</div>
<!--end::Body-->
</div>
<!--end::Chart Widget 35-->
</div>
<!--end::Col-->
</div>
</div>
<!--end::Content container-->
</div>
<!--end::Content-->
</div>
<!--end::Content wrapper-->
<!--begin::Footer-->
<div id="kt_app_footer" class="app-footer">
<!--begin::Footer container-->
<div class="app-container container-xxl d-flex flex-column flex-md-row flex-center flex-md-stack py-3">
<!--begin::Copyright-->
<div class="text-dark order-2 order-md-1">
<span class="text-muted fw-semibold me-1">2024 ©</span>
奥飞商务网<a href="http://yule.kcwzh.com/">卡擦娱乐网</a><a href="http://www.bitekongjian.com/">比特空间</a><a href="http://www.xingshan.vip/">星闪网</a><a href="http://cn.fadeduo.com/">发的多信息网</a><a href="http://share.office369.com/">办公分享网</a><a href="http://www.hcygmm.com/">汇川网</a><a href="http://wap.kcwzh.com/">瓦普生活网</a><a href="http://www.80hlw.com/">八零商务网</a><a href="http://www.zzdfzj.cn/">东方游戏网</a><a href="http://www.kthtea.cn/">太和茶叶网</a><a href="http://cn.yexian114.com/">野仙生活网</a>
<a href="http://cn.gangyiku.com/">港易生活网</a> </div>
<!--end::Copyright-->
<!--begin::Menu-->
<ul class="menu menu-gray-600 menu-hover-primary fw-semibold order-1">
<li class="menu-item">
<a href="/news/" target="_blank" class="menu-link px-2">资讯</a>
</li>
<li class="menu-item">
<a href="/minsheng/" target="_blank" class="menu-link px-2">民生</a>
</li>
<li class="menu-item">
<a href="/shenghuo/" target="_blank" class="menu-link px-2">生活</a>
</li>
</ul>
<!--end::Menu-->
</div>
<!--end::Footer container-->
</div>
<!--end::Footer-->
</div>
<!--end:::Main-->
</div>
<!--end::Wrapper-->
</div>
<!--end::Page-->
</div>
<!--end::App-->
<div id="kt_scrolltop" class="scrolltop" data-kt-scrolltop="true">
<!--begin::Svg Icon | path: icons/duotune/arrows/arr066.svg-->
<span class="svg-icon">
<svg width="24" height="24" viewBox="0 0 24 24" fill="none" xmlns="http://www.w3.org/2000/svg">
<rect opacity="0.5" x="13" y="6" width="13" height="2" rx="1" transform="rotate(90 13 6)" fill="currentColor"></rect>
<path d="M12.5657 8.56569L16.75 12.75C17.1642 13.1642 17.8358 13.1642 18.25 12.75C18.6642 12.3358 18.6642 11.6642 18.25 11.25L12.7071 5.70711C12.3166 5.31658 11.6834 5.31658 11.2929 5.70711L5.75 11.25C5.33579 11.6642 5.33579 12.3358 5.75 12.75C6.16421 13.1642 6.83579 13.1642 7.25 12.75L11.4343 8.56569C11.7467 8.25327 12.2533 8.25327 12.5657 8.56569Z" fill="currentColor"></path>
</svg>
</span>
<!--end::Svg Icon-->
</div>
<!--begin::Javascript-->
<script>var hostUrl = "/static/default/pc/";</script>
<!--begin::Global Javascript Bundle(mandatory for all pages)-->
<script src="/static/default/pc/plugins/global/plugins.bundle.js"></script>
<script src="/static/default/pc/js/scripts.bundle.js"></script>
<!--end::Global Javascript Bundle-->
<!--end::Javascript-->
</body>
<!--end::Body-->
</html>