CRYPTOHACK BLOCK CIPHERS
创始人
2024-02-24 09:02:28
0次
一、ECB CBC WTF
题目:
from Crypto.Cipher import AESKEY = ?
FLAG = ?@chal.route('/ecbcbcwtf/decrypt//')
def decrypt(ciphertext):ciphertext = bytes.fromhex(ciphertext)cipher = AES.new(KEY, AES.MODE_ECB)try:decrypted = cipher.decrypt(ciphertext)except ValueError as e:return {"error": str(e)}return {"plaintext": decrypted.hex()}@chal.route('/ecbcbcwtf/encrypt_flag/')
def encrypt_flag():iv = os.urandom(16)cipher = AES.new(KEY, AES.MODE_CBC, iv)encrypted = cipher.encrypt(FLAG.encode())ciphertext = iv.hex() + encrypted.hex()return {"ciphertext": ciphertext}
hint:
Here you can encrypt in CBC but only decrypt in ECB. That shouldn't be a weakness because they're different modes... right?
译文:
在这里,您可以在CBC中加密,但只能在ECB中解密。这不应该是一个弱点,因为它们是不同的模式……对吧?
思路:
本题告诉了我们用CBC模式进行加密,但使用ECB进行解密,其中,我们已经知道了CBC模式中加密的IV值的大小,我们又已经知道了将密文用ECB解密的值,通过CBC模式的解密结构,我们知道将第一段密文解密后于IV进行异或运算既是原明文,而第一段密文则是第二段密文加密的IV值,所以解密时将其反过来用,作为IV解密即可:
wp:
import requests
from Crypto.Util.number import *
result=requests.get('http://aes.cryptohack.org/ecbcbcwtf/encrypt_flag')
ciphertext=result.json()["ciphertext"]
# print(result.text)# print(len(bytes.fromhex(ciphertext)))
ciphertext=bytes.fromhex(ciphertext)
c1=hex(bytes_to_long(ciphertext[0:16]))[2:]
c2=hex(bytes_to_long(ciphertext[16:32]))[2:]
c3=hex(bytes_to_long(ciphertext[32:48]))[2:]
print(c1)
print(c2)
print(c3)# C=hex(bytes_to_long(ciphertext))
# print(c1)
# print(c2)
# print(c3)
# c1=0x9d2691928a24ed9215416815e80164d1
# c2=0xf77ea0b2c315db6b56a48c8250b0c9b8
# c3=0x6a61b98b2e5d26af3976d7c36a76a847
# k1=int(c1) ^ int(c2)
# k3=int(c2) ^ int(c3)
a1=requests.get(f'http://aes.cryptohack.org/ecbcbcwtf/decrypt/{c2}')
a2=requests.get(f'http://aes.cryptohack.org/ecbcbcwtf/decrypt/{c3}')
m1=a1.json()["plaintext"]
m2=a2.json()["plaintext"]
M1=int(m1,16)^int(c1,16)
M2=int(m2,16)^int(c2,16)
print(long_to_bytes(M1)+long_to_bytes(M2))
二、ECB Oracle
题目:
from Crypto.Cipher import AES
from Crypto.Util.Padding import pad, unpadKEY = ?
FLAG = ?@chal.route('/ecb_oracle/encrypt//')
def encrypt(plaintext):plaintext = bytes.fromhex(plaintext)padded = pad(plaintext + FLAG.encode(), 16)cipher = AES.new(KEY, AES.MODE_ECB)try:encrypted = cipher.encrypt(padded)except ValueError as e:return {"error": str(e)}return {"ciphertext": encrypted.hex()}</code></pre>
<h3>hint:</h3>
<blockquote> <p>ECB is the most simple mode, with each plaintext block encrypted entirely independently. In this case, your input is prepended to the secret flag and encrypted and that's it. We don't even provide a decrypt function. Perhaps you don't need a padding oracle when you have an "ECB oracle"?</p> <p><em>译文:</em></p> <p>ECB是最简单的模式,每个明文块完全独立加密。在本例中,您的输入被预先添加到秘密标志并加密,仅此而已。我们甚至不提供解密函数。或许当你有了“欧洲央行的预言者”,你就不需要填充预言了?</p>
</blockquote>
<h3>思路:</h3>
<p> 本题为一道典型的ECB加密解密问题,首先,我们即不知道明文也不知道密文。我们可以发现题目中给与了我们加密算法,所以我们可以自己设置明文代入进行尝试:</p>
<pre><code class="language-python">import requests
from tqdm import tqdm
from Crypto.Util.number import *
# m = ''
for i in range(30):m = i*'61'result = requests.get(f'http://aes.cryptohack.org/ecb_oracle/encrypt/{m}')try:a = result.json()["ciphertext"]print(i,len(a)//2)except:pass</code></pre>
<p>从输出的值中,我们可以发现代码在第6和第22时发生改变。于是,我们可以推断明文为26bits长(32 - 6、48 - 22),而加密算法中是以16bits为块进行加密和解密(22 - 6)。</p>
<p>所以,我们可以代入15*a进行加密,这样前16为就为15 * a加上明文第一位,接着,我们对十六位进行暴力破解即可得到我们所需的明文第一位,第一到第十五位都为这个思路:</p>
<pre><code class="language-python">k=''
for i in range(15):m = '61'*(15-i)print(bytes.fromhex(m))result = requests.get(f'http://aes.cryptohack.org/ecb_oracle/encrypt/{m}')m = result.json()["ciphertext"]m1 = m[:32]# print(m1)for j in range(32,127):m = '61' * (15-i) + km += str(hex(j)[2:])result1 = requests.get(f'http://aes.cryptohack.org/ecb_oracle/encrypt/{m}')n = result1.json()["ciphertext"]n1 = n[:32]# print(n1)try:if n1 == m1:k += str(hex(j)[2:])print(bytes.fromhex(k))breakexcept:pass# b'crypto{p3n6u1n5'</code></pre>
<p>后11位思路类似,仅需要我们将代码扩张到前32位进行暴力破解运算:</p>
<pre><code class="language-python">k='63727970746f7b70336e3675316e35'
for i in range(11):m = '61'*(16-i)print(bytes.fromhex(m))result = requests.get(f'http://aes.cryptohack.org/ecb_oracle/encrypt/{m}')m = result.json()["ciphertext"]m1 = m[32:64]# print(m1)for j in range(32,127):m = '61' * (16-i) + km += str(hex(j)[2:])result1 = requests.get(f'http://aes.cryptohack.org/ecb_oracle/encrypt/{m}')n = result1.json()["ciphertext"]n1 = n[32:64]# print(n1)try:if n1 == m1:k += str(hex(j)[2:])print(bytes.fromhex(k))breakexcept:pass</code></pre>
<h3>wp:</h3>
<pre><code class="language-python">import requests
from tqdm import tqdm
from Crypto.Util.number import *
# m = ''
# for i in range(30):
# m = i*'61'
# result = requests.get(f'http://aes.cryptohack.org/ecb_oracle/encrypt/{m}')
# try:
# a = result.json()["ciphertext"]
# print(i,len(a)//2)
# except:
# passk=''
for i in range(15):m = '61'*(15-i)print(bytes.fromhex(m))result = requests.get(f'http://aes.cryptohack.org/ecb_oracle/encrypt/{m}')m = result.json()["ciphertext"]m1 = m[:32]# print(m1)for j in range(32,127):m = '61' * (15-i) + km += str(hex(j)[2:])result1 = requests.get(f'http://aes.cryptohack.org/ecb_oracle/encrypt/{m}')n = result1.json()["ciphertext"]n1 = n[:32]# print(n1)try:if n1 == m1:k += str(hex(j)[2:])print(bytes.fromhex(k))breakexcept:pass# b'crypto{p3n6u1n5'k='63727970746f7b70336e3675316e35'
for i in range(11):m = '61'*(16-i)print(bytes.fromhex(m))result = requests.get(f'http://aes.cryptohack.org/ecb_oracle/encrypt/{m}')m = result.json()["ciphertext"]m1 = m[32:64]# print(m1)for j in range(32,127):m = '61' * (16-i) + km += str(hex(j)[2:])result1 = requests.get(f'http://aes.cryptohack.org/ecb_oracle/encrypt/{m}')n = result1.json()["ciphertext"]n1 = n[32:64]# print(n1)try:if n1 == m1:k += str(hex(j)[2:])print(bytes.fromhex(k))breakexcept:pass</code></pre>
<h1>三、FLIPPING COOKIE</h1>
<h3>题目:</h3>
<pre><code class="language-python">from Crypto.Cipher import AES
import os
from Crypto.Util.Padding import pad, unpad
from datetime import datetime, timedeltaKEY = ?
FLAG = ?@chal.route('/flipping_cookie/check_admin/<cookie>/<iv>/')
def check_admin(cookie, iv):cookie = bytes.fromhex(cookie)iv = bytes.fromhex(iv)try:cipher = AES.new(KEY, AES.MODE_CBC, iv)decrypted = cipher.decrypt(cookie)unpadded = unpad(decrypted, 16)except ValueError as e:return {"error": str(e)}if b"admin=True" in unpadded.split(b";"):return {"flag": FLAG}else:return {"error": "Only admin can read the flag"}@chal.route('/flipping_cookie/get_cookie/')
def get_cookie():expires_at = (datetime.today() + timedelta(days=1)).strftime("%s")cookie = f"admin=False;expiry={expires_at}".encode()iv = os.urandom(16)padded = pad(cookie, 16)cipher = AES.new(KEY, AES.MODE_CBC, iv)encrypted = cipher.encrypt(padded)ciphertext = iv.hex() + encrypted.hex()return {"cookie": ciphertext}</code></pre>
<h3>hint:</h3>
<blockquote> <p>You can get a cookie for my website, but it won't help you read the flag... I think.</p> <p><em>译文:</em></p> <p>你可以为我的网站获得一块cookie,但它不会帮助你读flag…我认为。</p>
</blockquote>
<h3>思路: </h3>
<p>这是一到典型的CBC字节翻转问题,我们已知CBC的加密模式,其中,第一段密文为第一段明文于IV进行异或运算再进行AES加密,最终得到我们所需的第一段密文,第二段相比第一段既是将输入的IV改为我们求得的第一段密文。</p>
<p>我们已知第一段明文为:</p>
<pre>a1 = b'admin=False;expi'</pre>
<p>我们需要将admin改为True,从而让网站以为我们拥有网站的控制权,因为我们通过代码可知,当admin=True;时网站会返回我们flag值。所以我们需要构建一个新的IV使密文被加密后为True,从而骗过网站。</p>
<p>Dec (m1) = c1 ^ IV</p>
<p>c1_new = Dec (m1) ^ IV_new</p>
<p>其中,各个条件我们都已知,除了IV_new,于是,我们可以构建出IV_new,并将新的IV返回到网站中输入,最终求得flag。</p>
<h3>wp:</h3>
<pre><code class="language-python">import requests
from Crypto.Util.number import *result = requests.get('http://aes.cryptohack.org/flipping_cookie/get_cookie')
m = result.json()["cookie"]
M = bytes.fromhex(m)
# print(m)
IV = m[:32]
k = m[32:]a1 = b'admin=False;expi'
a2 = b'admin=True;00000'
m1=hex(bytes_to_long(a1))
m2=hex(bytes_to_long(a2))
# print(m1)
IV_new = int(m1,16)^int(m2,16)^int(IV,16)
# print(IV_new)
IV_new = hex(IV_new)[2:]
print(IV_new)
result2 = requests.get(f'http://aes.cryptohack.org/flipping_cookie/check_admin/{k}/{IV_new}')
l = result2.json()
print(l)
</code></pre>
<h1>四、LAZY CBC</h1>
<h3>题目:</h3>
<pre><code class="language-python">from Crypto.Cipher import AESKEY = ?
FLAG = ?@chal.route('/lazy_cbc/encrypt/<plaintext>/')
def encrypt(plaintext):plaintext = bytes.fromhex(plaintext)if len(plaintext) % 16 != 0:return {"error": "Data length must be multiple of 16"}cipher = AES.new(KEY, AES.MODE_CBC, KEY)encrypted = cipher.encrypt(plaintext)return {"ciphertext": encrypted.hex()}@chal.route('/lazy_cbc/get_flag/<key>/')
def get_flag(key):key = bytes.fromhex(key)if key == KEY:return {"plaintext": FLAG.encode().hex()}else:return {"error": "invalid key"}@chal.route('/lazy_cbc/receive/<ciphertext>/')
def receive(ciphertext):ciphertext = bytes.fromhex(ciphertext)if len(ciphertext) % 16 != 0:return {"error": "Data length must be multiple of 16"}cipher = AES.new(KEY, AES.MODE_CBC, KEY)decrypted = cipher.decrypt(ciphertext)try:decrypted.decode() # ensure plaintext is valid asciiexcept UnicodeDecodeError:return {"error": "Invalid plaintext: " + decrypted.hex()}return {"success": "Your message has been received"}</code></pre>
<h3>hint:</h3>
<blockquote> <p>I'm just a lazy dev and want my CBC encryption to work. What's all this talk about initialisations vectors? Doesn't sound important.</p> <p><em>译文:</em></p> <p>我只是一个懒惰的开发人员,希望我的CBC加密工作。这些关于初始化向量的讨论是怎么回事?听起来不重要。</p>
</blockquote>
<h3>思路:</h3>
<p>在这道题中,我们有密文的生成代码,和密文的解密代码,以及flag的获得代码</p>
<p>CBC的生成思路:</p>
<p>c1 = Dec(m1) ^ IV ——(1)</p>
<p>c2 = Dec(m2) ^ m1 ——(2)</p>
<p>c3 = Dec(m3) ^ m2 ——(3)</p>
<p>由于密文明文我们都可以自己设置,于是我们不妨让m2==0;m1=m3,于是让(1)和(3)进行异或运算,可以求得我们所需的IV值,将其返回网站即可:</p>
<h3>wp:</h3>
<pre><code class="language-python">import requests
from Crypto.Util.number import *
# a = b'0'*16
# A = hex(bytes_to_long(a))
# print(A)b = '61616161616161616161616161616161'*3
result = requests.get(f'http://aes.cryptohack.org/lazy_cbc/encrypt/{b}')
m = result.json()["ciphertext"]
print(m)
k1 = m[:32] + '0'*32 + m[:32]
k = requests.get(f'http://aes.cryptohack.org/lazy_cbc/receive/{k1}')
k=k.json()
print(k)b1 = '6161616161616161616161616161616116874d46ae7c02bcd5fe3d27fcba5b60966f8a5cc032ff235c45da24d505e288'
# result1 = requests.get(f'http://aes.cryptohack.org/lazy_cbc/encrypt/{b1}')
# result1 = result1.json()
# print(result1)key = hex(int(b1[:32],16)^int(b1[64:96],16))[2:]
print(key)
m = requests.get(f'http://aes.cryptohack.org/lazy_cbc/get_flag/{key}')
m = m.json()
print(m)M = 0x63727970746f7b35306d335f703330706c335f64306e375f3768316e6b5f49565f31355f316d70307237346e375f3f7d
print(long_to_bytes(int(M)))</code></pre>
<p></p> <!--end::Text-->
</div>
<!--end::Description-->
<div class="mt-5">
<!--关键词搜索-->
</div>
<div class="mt-5">
<p class="fc-show-prev-next">
<strong>上一篇:</strong><a href="/news/show-1552400.html">创业怎么解决资金问题(创业的问题和解决方案) 创业资金都怎么解决 解决创业资金有哪些方法</a><br>
</p>
<p class="fc-show-prev-next">
<strong>下一篇:</strong><a href="/news/show-1552402.html">创业补贴,创业社保补贴 再创业可以申请一次性创业补贴吗 江阴市自主创业一次性创业补贴</a> </p>
</div>
<!--begin::Block-->
<div class="d-flex flex-stack mb-2 mt-10">
<!--begin::Title-->
<h3 class="text-dark fs-5 fw-bold text-gray-800">相关内容</h3>
<!--end::Title-->
</div>
<div class="separator separator-dashed mb-9"></div>
<!--end::Block-->
<div class="row g-10">
</div>
</div>
<!--end::Table widget 14-->
</div>
<!--end::Col-->
<!--begin::Col-->
<div class="col-xl-4 mt-0">
<!--begin::Chart Widget 35-->
<div class="card card-flush h-md-100">
<!--begin::Header-->
<div class="card-header pt-5 ">
<!--begin::Title-->
<h3 class="card-title align-items-start flex-column">
<!--begin::Statistics-->
<div class="d-flex align-items-center mb-2">
<!--begin::Currency-->
<span class="fs-5 fw-bold text-gray-800 ">热门资讯</span>
<!--end::Currency-->
</div>
<!--end::Statistics-->
</h3>
<!--end::Title-->
</div>
<!--end::Header-->
<!--begin::Body-->
<div class="card-body pt-3">
<!--begin::Item-->
<div class="d-flex flex-stack mb-7">
<!--begin::Symbol-->
<div class="symbol symbol-60px symbol-2by3 me-4">
<div class="symbol-label" style="background-image: url('/uploadfile/[db:缩略图]')"></div>
</div>
<!--end::Symbol-->
<!--begin::Title-->
<div class="m-0">
<a href="/news/show-2355448.html" class="text-dark fw-bold text-hover-primary fs-6">学习时报:发挥舆论监督对作风建...</a>
<span class="text-gray-600 fw-semibold d-block pt-1 fs-7">舆论监督对加强党的作风建设具有重要作用。习近平总书记在中央政治局第二十一次集体学习时强调,要把党内监...</span>
</div>
<!--end::Title-->
</div>
<!--begin::Item-->
<div class="d-flex flex-stack mb-7">
<!--begin::Symbol-->
<div class="symbol symbol-60px symbol-2by3 me-4">
<div class="symbol-label" style="background-image: url('/uploadfile/[db:缩略图]')"></div>
</div>
<!--end::Symbol-->
<!--begin::Title-->
<div class="m-0">
<a href="/news/show-2355447.html" class="text-dark fw-bold text-hover-primary fs-6">当湖街道东升社区将出院老人送至...</a>
<span class="text-gray-600 fw-semibold d-block pt-1 fs-7">转自:南湖晚报 N通讯员 丁晓雨 夏晓蕾 近日,一位回族居民捧着写有“阶梯承载社区情,双手抬护长...</span>
</div>
<!--end::Title-->
</div>
<!--begin::Item-->
<div class="d-flex flex-stack mb-7">
<!--begin::Symbol-->
<div class="symbol symbol-60px symbol-2by3 me-4">
<div class="symbol-label" style="background-image: url('/static/assets/images/nopic.gif')"></div>
</div>
<!--end::Symbol-->
<!--begin::Title-->
<div class="m-0">
<a href="/news/show-2355446.html" class="text-dark fw-bold text-hover-primary fs-6">买沙发的注意事项,买沙发的注意...</a>
<span class="text-gray-600 fw-semibold d-block pt-1 fs-7">买沙发的注意事项,买沙发的注意什么1、沙发内部。沙发的内在质量也是不容忽视的一环,一般的选购者在选购...</span>
</div>
<!--end::Title-->
</div>
<!--begin::Item-->
<div class="d-flex flex-stack mb-7">
<!--begin::Symbol-->
<div class="symbol symbol-60px symbol-2by3 me-4">
<div class="symbol-label" style="background-image: url('/uploadfile/[db:缩略图]')"></div>
</div>
<!--end::Symbol-->
<!--begin::Title-->
<div class="m-0">
<a href="/news/show-2355445.html" class="text-dark fw-bold text-hover-primary fs-6">秀洲区政协
开展主席会议专题协...</a>
<span class="text-gray-600 fw-semibold d-block pt-1 fs-7">转自:嘉兴日报 ■记者 沈 洁 通讯员 计益婷本报讯 昨天上午,秀洲区政协召开主席会议专题协商会,以...</span>
</div>
<!--end::Title-->
</div>
<!--begin::Item-->
<div class="d-flex flex-stack mb-7">
<!--begin::Symbol-->
<div class="symbol symbol-60px symbol-2by3 me-4">
<div class="symbol-label" style="background-image: url('/uploadfile/[db:缩略图]')"></div>
</div>
<!--end::Symbol-->
<!--begin::Title-->
<div class="m-0">
<a href="/news/show-2355444.html" class="text-dark fw-bold text-hover-primary fs-6">平湖消防建设 “智能+救援”新...</a>
<span class="text-gray-600 fw-semibold d-block pt-1 fs-7">转自:南湖晚报 N通讯员 沈君君 为进一步加强机器人应急救援领域运用,近日,平湖市消防救援局与浙...</span>
</div>
<!--end::Title-->
</div>
<!--begin::Item-->
<div class="d-flex flex-stack mb-7">
<!--begin::Symbol-->
<div class="symbol symbol-60px symbol-2by3 me-4">
<div class="symbol-label" style="background-image: url('/uploadfile/[db:缩略图]')"></div>
</div>
<!--end::Symbol-->
<!--begin::Title-->
<div class="m-0">
<a href="/news/show-2355443.html" class="text-dark fw-bold text-hover-primary fs-6">亲生母亲8万多元卖掉自己的两个...</a>
<span class="text-gray-600 fw-semibold d-block pt-1 fs-7">【#亲生母亲8万多元卖掉自己的两个孩子#】#被生母卖掉的孩子生父情况不明#谷雨是一名被拐卖儿童,卖掉...</span>
</div>
<!--end::Title-->
</div>
<!--begin::Item-->
<div class="d-flex flex-stack mb-7">
<!--begin::Symbol-->
<div class="symbol symbol-60px symbol-2by3 me-4">
<div class="symbol-label" style="background-image: url('/uploadfile/[db:缩略图]')"></div>
</div>
<!--end::Symbol-->
<!--begin::Title-->
<div class="m-0">
<a href="/news/show-2355442.html" class="text-dark fw-bold text-hover-primary fs-6">俄美元首通话约1小时</a>
<span class="text-gray-600 fw-semibold d-block pt-1 fs-7">转自:长安街知事据新华社消息,俄罗斯总统普京与美国总统特朗普3日通电话,双方就双边关系、乌克兰问题、...</span>
</div>
<!--end::Title-->
</div>
<!--begin::Item-->
<div class="d-flex flex-stack mb-7">
<!--begin::Symbol-->
<div class="symbol symbol-60px symbol-2by3 me-4">
<div class="symbol-label" style="background-image: url('/static/assets/images/nopic.gif')"></div>
</div>
<!--end::Symbol-->
<!--begin::Title-->
<div class="m-0">
<a href="/news/show-2355441.html" class="text-dark fw-bold text-hover-primary fs-6">求有斗气的玄幻异界小说 有等级...</a>
<span class="text-gray-600 fw-semibold d-block pt-1 fs-7">求有斗气的玄幻异界小说 有等级分层那就看斗破苍穹喽《琴帝》,唐三写的,力荐!!</span>
</div>
<!--end::Title-->
</div>
<!--begin::Item-->
<div class="d-flex flex-stack mb-7">
<!--begin::Symbol-->
<div class="symbol symbol-60px symbol-2by3 me-4">
<div class="symbol-label" style="background-image: url('/uploadfile/[db:缩略图]')"></div>
</div>
<!--end::Symbol-->
<!--begin::Title-->
<div class="m-0">
<a href="/news/show-2355440.html" class="text-dark fw-bold text-hover-primary fs-6">掌握了“科技黄牛”抢票配方,为...</a>
<span class="text-gray-600 fw-semibold d-block pt-1 fs-7">转自:视点抢演唱会门票、预约景区、排专家号……为啥不少普通人点得飞快,却总是“一无所获”?日前,央视...</span>
</div>
<!--end::Title-->
</div>
<!--begin::Item-->
<div class="d-flex flex-stack mb-7">
<!--begin::Symbol-->
<div class="symbol symbol-60px symbol-2by3 me-4">
<div class="symbol-label" style="background-image: url('/uploadfile/[db:缩略图]')"></div>
</div>
<!--end::Symbol-->
<!--begin::Title-->
<div class="m-0">
<a href="/news/show-2355439.html" class="text-dark fw-bold text-hover-primary fs-6">妈妈代女儿相亲,结果“翻车”了</a>
<span class="text-gray-600 fw-semibold d-block pt-1 fs-7">转自:南湖晚报 N通讯员 沈秋萍 本报讯 女儿专心事业无心恋爱,“婚事”成了母亲的“...</span>
</div>
<!--end::Title-->
</div>
</div>
<!--end::Body-->
</div>
<!--end::Chart Widget 35-->
</div>
<!--end::Col-->
</div>
</div>
<!--end::Content container-->
</div>
<!--end::Content-->
</div>
<!--end::Content wrapper-->
<!--begin::Footer-->
<div id="kt_app_footer" class="app-footer">
<!--begin::Footer container-->
<div class="app-container container-xxl d-flex flex-column flex-md-row flex-center flex-md-stack py-3">
<!--begin::Copyright-->
<div class="text-dark order-2 order-md-1">
<span class="text-muted fw-semibold me-1">2025 ©</span>
奥飞商务网<a href="http://travel.office369.com/">办公旅行网</a><a href="http://www.cnpinshuo.cn/">品说网</a><a href="http://yule.kcwzh.com/">卡擦娱乐网</a><a href="http://www.bitekongjian.com/">比特空间</a><a href="http://www.xingshan.vip/">星闪网</a><a href="http://cn.fadeduo.com/">发的多信息网</a><a href="http://share.office369.com/">办公分享网</a><a href="http://www.hcygmm.com/">汇川网</a><a href="http://wap.kcwzh.com/">瓦普生活网</a><a href="http://www.80hlw.com/">八零商务网</a><a href="http://www.zzdfzj.cn/">东方游戏网</a><a href="http://www.kthtea.cn/">太和茶叶网</a><a href="http://cn.yexian114.com/">野仙生活网</a><a href="http://www.hgjy100.com/">汉高教育网</a>
<a href="http://cn.gangyiku.com/">港易生活网</a> </div>
<!--end::Copyright-->
<!--begin::Menu-->
<ul class="menu menu-gray-600 menu-hover-primary fw-semibold order-1">
<li class="menu-item">
<a href="/news/" target="_blank" class="menu-link px-2">资讯</a>
</li>
<li class="menu-item">
<a href="/minsheng/" target="_blank" class="menu-link px-2">民生</a>
</li>
<li class="menu-item">
<a href="/shenghuo/" target="_blank" class="menu-link px-2">生活</a>
</li>
</ul>
<!--end::Menu-->
</div>
<!--end::Footer container-->
</div>
<!--end::Footer-->
</div>
<!--end:::Main-->
</div>
<!--end::Wrapper-->
</div>
<!--end::Page-->
</div>
<!--end::App-->
<div id="kt_scrolltop" class="scrolltop" data-kt-scrolltop="true">
<!--begin::Svg Icon | path: icons/duotune/arrows/arr066.svg-->
<span class="svg-icon">
<svg width="24" height="24" viewBox="0 0 24 24" fill="none" xmlns="http://www.w3.org/2000/svg">
<rect opacity="0.5" x="13" y="6" width="13" height="2" rx="1" transform="rotate(90 13 6)" fill="currentColor"></rect>
<path d="M12.5657 8.56569L16.75 12.75C17.1642 13.1642 17.8358 13.1642 18.25 12.75C18.6642 12.3358 18.6642 11.6642 18.25 11.25L12.7071 5.70711C12.3166 5.31658 11.6834 5.31658 11.2929 5.70711L5.75 11.25C5.33579 11.6642 5.33579 12.3358 5.75 12.75C6.16421 13.1642 6.83579 13.1642 7.25 12.75L11.4343 8.56569C11.7467 8.25327 12.2533 8.25327 12.5657 8.56569Z" fill="currentColor"></path>
</svg>
</span>
<!--end::Svg Icon-->
</div>
<!--begin::Javascript-->
<script>var hostUrl = "/static/default/pc/";</script>
<!--begin::Global Javascript Bundle(mandatory for all pages)-->
<script src="/static/default/pc/plugins/global/plugins.bundle.js"></script>
<script src="/static/default/pc/js/scripts.bundle.js"></script>
<!--end::Global Javascript Bundle-->
<!--end::Javascript-->
</body>
<!--end::Body-->
</html>