Closed JacksonJoseG closed 7 years ago
Ok, this is Hex, but why "010100"
Yes as the H in the bin.pack says its a Hex string for the last section. I'd have to look at the packets again but those are likely the commands that lead it to being the query for the information thats presented by that Nmap NSE. As an example the results of this type of query are put into Shodan https://www.shodan.io/host/88.209.36.179
I'll boot up minecraft later and try to see what those commands may lead to.
Also here is a example running this on a local server running.
25565/tcp open minecraft | minecraft-info: | Description: | text: A Minecraft Server | Max Players: 20 | Players Online: 0 | Version: 1.12.1 |_ Protocol: 338
Best way to learn the protocol is to open up wireshark and see what bytes are changing and what the responses are back
ok, i will learn
Let me know if you have any other questions!
in this line: local ip_packet = bin.pack("HCA>SH", "002f" ,string.len(host["ip"]) , tostring(host["ip"]) , port["number"], "010100") what is the "010100"? i'm trying login to the server to check if it's on offline mode, but i don't understand this. i guess what this is one handshake packet http://wiki.vg/Protocol#Serverbound.