JacksonJoseG
commented
7 years ago Ok, this is Hex, but why "010100"
Closed JacksonJoseG closed 7 years ago
JacksonJoseG
commented
7 years ago Ok, this is Hex, but why "010100"
sjhilt
commented
7 years ago Yes as the H in the bin.pack says its a Hex string for the last section. I'd have to look at the packets again but those are likely the commands that lead it to being the query for the information thats presented by that Nmap NSE. As an example the results of this type of query are put into Shodan https://www.shodan.io/host/88.209.36.179
I'll boot up minecraft later and try to see what those commands may lead to.
sjhilt
commented
7 years ago Also here is a example running this on a local server running.
25565/tcp open minecraft | minecraft-info: | Description: | text: A Minecraft Server | Max Players: 20 | Players Online: 0 | Version: 1.12.1 |_ Protocol: 338
sjhilt
commented
7 years ago Best way to learn the protocol is to open up wireshark and see what bytes are changing and what the responses are back
JacksonJoseG
commented
7 years ago ok, i will learn
sjhilt
commented
7 years ago Let me know if you have any other questions!
in this line: local ip_packet = bin.pack("HCA>SH", "002f" ,string.len(host["ip"]) , tostring(host["ip"]) , port["number"], "010100") what is the "010100"? i'm trying login to the server to check if it's on offline mode, but i don't understand this. i guess what this is one handshake packet http://wiki.vg/Protocol#Serverbound.