2

I debugging a line in nmap script and got this:

local target_info = '\x02\x00\x1a\x00W\x00I\x00N\x00S\x00E\x00R\x00V\x00E\x00R\x002\x000\x001\x002\x00\x01\x00\x1e\x00W\x00I\x00N\x00-\x00V\x00B\x00N\x00G\x00O\x007\x00T\x00N\x008\x00N\x00S\x00\x04\x00&\x00w\x00i\x00n\x00s\x00e\x00r\x00v\x00e\x00r\x002\x000\x001\x002\x00.\x00l\x00o\x00c\x00a\x00l\x00\x03\x00F\x00W\x00I\x00N\x00-\x00V\x00B\x00N\x00G\x00O\x007\x00T\x00N\x008\x00N\x00S\x00.\x00w\x00i\x00n\x00s\x00e\x00r\x00v\x00e\x00r\x002\x000\x001\x002\x00.\x00l\x00o\x00c\x00a\x00l\x00\x05\x00&\x00w\x00i\x00n\x00s\x00e\x00r\x00v\x00e\x00r\x002\x000\x001\x002\x00.\x00l\x00o\x00c\x00a\x00l\x00\x07\x00\x08\x00\xca\xa5\xb7\xbfq\xbd\xd6\x01\x00\x00\x00\x00'

av_id, value, pos = string.unpack( "<I2s2", target_info, 0 )
print(av_id, value, pos)

Result in

2   WINSERVER2012   31

According to the docs: s[n]: a string preceded by its length coded as an unsigned integer with n bytes (default is a size_t) (https://www.lua.org/manual/5.3/manual.html#6.4.2)

But I'm not sure what does unpack format s2 means and when it stop? The target_info have more information behind and I really want to convert this to Python code.

Thong Nguyen
  • 143
  • 3
  • 10

1 Answers1

6

s2 means that the first two bytes give the length of the string. These two bytes are \x1a\x00 and so the length is 26. This is consistent with the 31 printed for pos: 2+2+26=30. The string appears to be WINSERVER2012 and have length 13 but there are NUL bytes after each letter.

lhf
  • 70,581
  • 9
  • 108
  • 149