}
-- Test to see if the string is UTF-16 and transcode it if possible
local function maybe_decode(str)
-- If length is not even, then return as-is
if #str < 2 or #str % 2 == 1 then
return str
end
if str:byte(1) > 0 and str:byte(2) == 0 then
-- little-endian UTF-16
return unicode.transcode(str, unicode.utf16_dec, unicode.utf8_enc, false, nil)
elseif str:byte(1) == 0 and str:byte(2) > 0 then
-- big-endian UTF-16
return unicode.transcode(str, unicode.utf16_dec, unicode.utf8_enc, true, nil)
else
return str
end
end

发现有四个参数，一些名称，在data文件夹里可以看到

bob@response:/home/scryh/scan/data/countryName$ ls
AD  AN  AW  BF  BN  BW  CG  CO  CY  DZ  ET  GA  GI  GS  HN  IM  JE  KI  KZ  LS  MD  MM  MT  NA  NO  PE  PN  RE  SC  SK  ST  TF  TN  UA  VC  WS
AE  AO  AX  BG  BO  BY  CH  CR  CZ  EC  FI  GB  GL  GT  HR  IN  JM  KM  LA  LT  ME  MN  MU  NC  NP  PF  PR  RO  SD  SL  SV  TG  TO  UG  VE  XK
AF  AQ  AZ  BH  BQ  BZ  CI  CS  DE  EE  FJ  GD  GM  GU  HT  IO  JO  KN  LB  LU  MF  MO  MV  NE  NR  PG  PS  RS  SE  SM  SX  TH  TR  UM  VG  YE
AG  AR  BA  BI  BR  CA  CK  CU  DJ  EG  FK  GE  GN  GW  HU  IQ  JP  KP  LC  LV  MG  MP  MW  NF  NU  PH  PT  RU  SG  SN  SY  TJ  TT  US  VI  YT
AI  AS  BB  BJ  BS  CC  CL  CV  DK  EH  FM  GF  GP  GY  ID  IR  KE  KR  LI  LY  MH  MQ  MX  NG  NZ  PK  PW  RW  SH  SO  SZ  TK  TV  UY  VN  ZA
AL  AT  BD  BL  BT  CD  CM  CW  DM  ER  FO  GG  GQ  HK  IE  IS  KG  KW  LK  MA  MK  MR  MY  NI  OM  PL  PY  SA  SI  SR  TC  TL  TW  UZ  VU  ZM
AM  AU  BE  BM  BV  CF  CN  CX  DO  ES  FR  GH  GR  HM  IL  IT  KH  KY  LR  MC  ML  MS  MZ  NL  PA  PM  QA  SB  SJ  SS  TD  TM  TZ  VA  WF  ZW
bob@response:/home/scryh/scan/data/countryName$ cat CN
China
bob@response:/home/scryh/scan/data/countryName$ cd ../
bob@response:/home/scryh/scan/data$ cd stateOrProvinceName/
bob@response:/home/scryh/scan/data/stateOrProvinceName$ ls
Alabama  Arizona  California  Florida  Hawaii  Indiana  Maryland  Nebraska  Some-State  Texas  Virginia  Wisconsin  Zion
bob@response:/home/scryh/scan/data/stateOrProvinceName$ cat California 
California is a state in the Western United States.
bob@response:/home/scryh/scan/data/stateOrProvinceName$

发现stateOrProvinceName的内容比较长，可以构造../../../../.ssh/id_rsa

再看一下output

bob@response:/home/scryh/scan/output$ cat log.txt 
scanning server ip 172.18.0.3
- retrieved manager uid: marie
- manager mail address: marie.w@response-test.htb
- failed to retrieve SMTP server for domain \