1

I am a beginner Python programmer and I really like security in general. However, I am learning, and today I stumbled upon a Python script that easily allows to use NTP servers to perform a DoS attack using amplification provided by a NTP 'vulnerability'.

If you look at the script, line 18, you will see:

data=str("\x17\x00\x03\x2a") + str("\x00")*4

However, if I go to the Python console and try to print it, what it is returned has no sense:

>>> str("\x17\x00\x03\x2a") + str("\x00")*4
*

Obviously I am missing something here but I do not know how to find it out. Could someone explain it to me?

Martijn Pieters
  • 1,048,767
  • 296
  • 4,058
  • 3,343
Bob Dem
  • 991
  • 1
  • 11
  • 23
  • see http://stackoverflow.com/questions/2672326/what-does-leading-x-mean-in-a-python-string-xaa perhaps? – Red Alert Feb 12 '14 at 19:19

1 Answers1

5

The str() calls are entirely redundant.

The following produces the same value:

data = "\x17\x00\x03\x2a" + "\x00" * 4

That's 4 bytes, hex values 17, 00, 03 and 2a, followed by 4 00 bytes.

\xhh is a Python escape sequence used to define bytes by their hex codepoint; \x61 would the lowercase 'a', as that's the hex code for that ASCII character:

>>> '\x61'
'a'

where the Python prompt echos the string back to me as 'a' because it is printable. Non-printable characters are shown using their escape codes still.

The string doesn't contain (much) printable data, these are bytes mostly outside the ASCII printable range:

>>> data = "\x17\x00\x03\x2a" + "\x00" * 4
>>> data
'\x17\x00\x03*\x00\x00\x00\x00'

Only the \x2a byte is a printable ASCII character, the one lonely * you see.

So, when you print that value, Python tries to write the exact bytes to your console, but only one of those actually makes sense to your console, resulting in a visible character.

Martijn Pieters
  • 1,048,767
  • 296
  • 4,058
  • 3,343