r U l33t?

1. r U l33t? or r u just a lamma??!? all l33t h4xors know awk

2. all u n33d to grok about awk • language for h4xing text filez • c-like control structs • c-like i/o • perl-like string manipul@tion • supports egrep regexps • c-like expression syntaX • associative arrays!! wh00t

3. why use awk? • if you have to ask u r a lamma • /kick YOU!*@*.*.*.* • hahahaha LAMMA • write once h4x anywhere-- awk is on all the c00l serverz on the net • impress ppl with your mad awk skillz:: write unreadable glorious one-liners

4. examples of awk • say hello # awk 'END {print "hello world"}' • look for windoze boxes to r00t # awk '/root.exe/ {print $1}' /var/log/httpd/access_log • see who the best target is ;-P # awk 'function ping(ip) { cmd = sprintf("ping %s", ip); system(cmd) } /root.exe/ {ping($1)}' /var/log/httpd/access_log • get to know your audience # awk 'BEGIN {FS = ":"} $7 != "" {shells[$7] += 1} END {for (s in shells) printf("%d users have %s\n", shells[s], s)}' /etc/passwd

5. so.. think u r l33t? WHAT DOES THIS DO FOO?!? tcpdump -i en1 -s 1024 -X tcp port 23 | awk '{data = ""; a = $1; sub(/0x/,"00",a); if(int(a) == 30) {data = substr($0, 53, 12)} else if(int(a) > 30) {data = substr($0,49,16)} if(data != "") print data}'

6. come up with a command line statement: • that snarfs telnet traffic using the bsd flavor of tcpdump on interface en1 • parses the output so only the data fields of the packets are shown using awk • for lamma points state why this is useful ;)

7. Uhh yeah so this is a joke. or it’s not. i made it for a class back in ‘01.. Actually got credit for this! robertwrose.com