Hacking: The Art of Exploitation, 2nd Edition

Larger Cover

By Jon Erickson

Publisher: No Starch Press

Released: January 2008

Pages: 480

Hacking is the art of creative problem solving, whether that means finding an unconventional solution to a difficult problem or exploiting holes in sloppy programming. Many people call themselves hackers, but few have the strong technical foundation needed to really push the envelope.

Rather than merely showing how to run existing exploits, author Jon Erickson explains how arcane hacking techniques actually work. To share the art and science of hacking in a way that is accessible to everyone, Hacking: The Art of Exploitation, 2nd Edition introduces the fundamentals of C programming from a hacker's perspective.

The included LiveCD provides a complete Linux programming and debugging environment-all without modifying your current operating system. Use it to follow along with the book's examples as you fill gaps in your knowledge and explore hacking techniques on your own. Get your hands dirty debugging code, overflowing buffers, hijacking network communications, bypassing protections, exploiting cryptographic weaknesses, and perhaps even inventing new exploits. This book will teach you how to:

Program computers using C, assembly language, and shell scripts

Corrupt system memory to run arbitrary code using buffer overflows and format strings

Inspect processor registers and system memory with a debugger to gain a real understanding of what is happening

Outsmart common security measures like nonexecutable stacks and intrusion detection systems

Gain access to a remote server using port-binding or connect-back shellcode, and alter a server's logging behavior to hide your presence

Redirect network traffic, conceal open ports, and hijack TCP connections

Crack encrypted wireless traffic using the FMS attack, and speed up brute-force attacks using a password probability matrix

Hackers are always pushing the boundaries, investigating the unknown, and evolving their art. Even if you don't already know how to program, Hacking: The Art of Exploitation, 2nd Edition will give you a complete picture of programming, machine architecture, network communications, and existing hacking techniques. Combine this knowledge with the included Linux environment, and all you need is your own creativity.

Chapter 0x100 INTRODUCTION
Chapter 0x200 PROGRAMMING
1. What Is Programming?
2. Pseudo-code
3. Control Structures
4. More Fundamental Programming Concepts
5. Getting Your Hands Dirty
6. Back to Basics
7. Memory Segmentation
8. Building on Basics
Chapter 0x300 EXPLOITATION
1. Generalized Exploit Techniques
2. Buffer Overflows
3. Experimenting with BASH
4. Overflows in Other Segments
5. Format Strings
Chapter 0x400 NETWORKING
1. OSI Model
2. Sockets
3. Peeling Back the Lower Layers
4. Network Sniffing
5. Denial of Service
6. TCP/IP Hijacking
7. Port Scanning
8. Reach Out and Hack Someone
Chapter 0x500 SHELLCODE
1. Assembly vs. C
2. The Path to Shellcode
3. Shell-Spawning Shellcode
4. Port-Binding Shellcode
5. Connect-Back Shellcode
Chapter 0x600 COUNTERMEASURES
1. Countermeasures That Detect
2. System Daemons
3. Tools of the Trade
4. Log Files
5. Overlooking the Obvious
6. Advanced Camouflage
7. The Whole Infrastructure
8. Payload Smuggling
9. Buffer Restrictions
10. Hardening Countermeasures
11. Nonexecutable Stack
12. Randomized Stack Space
Chapter 0x700 CRYPTOLOGY
1. Information Theory
2. Algorithmic Run Time
3. Symmetric Encryption
4. Asymmetric Encryption
5. Hybrid Ciphers
6. Password Cracking
7. Wireless 802.11b Encryption
8. WEP Attacks
Chapter 0x800 CONCLUSION
1. References
2. Sources

COLOPHON

Title:

Hacking: The Art of Exploitation, 2nd Edition

By:

Jon Erickson

Publisher:

No Starch Press

Formats:

Print
Ebook
Safari Books Online

Print:

January 2008

Ebook:

August 2010

Pages:

480

Print ISBN:

978-1-59327-144-2

| ISBN 10:

1-59327-144-1

Ebook ISBN:

978-1-59327-338-5

| ISBN 10:

1-59327-338-X

Description

Table of Contents

Product Details

Recommended for You

Recently Viewed

Designing BSD Rootkits

An Introduction to Kernel Hacking

By Joseph Kong

April 2007

Ebook: $23.95

Print & Ebook: $32.95

Print: $29.95

Linux Firewalls

Attack Detection and Response

By Michael Rash

September 2007

Ebook: $39.95

Print & Ebook: $54.95

Print: $49.95

Forbidden LEGO

Build the Models Your Parents Warned You Against!

By Ulrik Pilegaard, Mike Dooley

August 2007

Print: $24.95

Customer Reviews

REVIEW SNAPSHOT®

by PowerReviews

oreilly Hacking: The Art of Exploitation, 2nd Edition

5.0

(based on 2 reviews)

Reviewed by 2 customers

Sort by

Displaying reviews 1-2

11/18/2008

(6 of 6 customers found this review helpful)

5.0

Hacking

By Colorado Springs Technology Users Group

from Colorado Springs

Comments about oreilly Hacking: The Art of Exploitation, 2nd Edition:

This is an excellent book! At a high level, it covers topics on offensive programming, networking, and cryptology. Particularly nice to see is a chapter on countermeasures, discussing how these sorts of attacks can be mitigated. While not a book for beginners, the concepts are presented in an approachable manner. Definitely a must-have for security folks and sysadmins.

2/7/2008

(8 of 8 customers found this review helpful)

5.0

Outstanding. Must have.

By jdruin

from Undisclosed

Comments about oreilly Hacking: The Art of Exploitation, 2nd Edition:

Hacking: The Art of Exploitation

Author: Jon Erickson

This is the second edition of this book, which expands considerably on the first. The book is divided into a few main topics; programming, networking, and encryption. The first book did an excellent job of describing the fundamental foundations of hacking techniques.

What made the book stand out was how the information was presented. The author does not talk down to the reader but makes all effort to explain each topic clearly. For each topic, the source code used is printed and explained step-by-step. In the second edition, the examples are improved. The examples are more detailed and include information such as common implementation mistakes such as not setting programs suid or not using required complier options. The author even goes so far as to show the error messages that occur if the user were to forget common items.

The program section is expanded somewhat but the biggest difference was in the network section. These chapters were updated with information on web servers et al. and further explanations of basic IP and TCP packet exploits, from which higher level exploits are built.

The author is obviously an accomplished expert on computer systems but does not let ego enter the text. This makes the book easy to read and learn from. The book includes a CD with a Linux OS and the source code used in the examples.

This book is a must have for security admins, sys admins, and computer science students.

Displaying reviews 1-2

Save a Tree - Go Digital what is this?

Ebook: $39.95

Formats: CD Content, ePub, Mobi, PDF

Print & Ebook: $54.95

Print: $49.95

Safari Books Online - Read now >

Chapter 0x100 INTRODUCTION

Chapter 0x200 PROGRAMMING

What Is Programming?

Pseudo-code

Control Structures

More Fundamental Programming Concepts

Getting Your Hands Dirty

Back to Basics

Memory Segmentation

Building on Basics

Chapter 0x300 EXPLOITATION

Generalized Exploit Techniques

Buffer Overflows

Experimenting with BASH

Overflows in Other Segments

Format Strings

Chapter 0x400 NETWORKING

OSI Model

Sockets

Peeling Back the Lower Layers

Network Sniffing

Denial of Service

TCP/IP Hijacking

Port Scanning

Reach Out and Hack Someone

Chapter 0x500 SHELLCODE

Assembly vs. C

The Path to Shellcode

Shell-Spawning Shellcode

Port-Binding Shellcode

Connect-Back Shellcode

Chapter 0x600 COUNTERMEASURES

Countermeasures That Detect

System Daemons

Tools of the Trade

Log Files

Overlooking the Obvious

Advanced Camouflage

The Whole Infrastructure

Payload Smuggling

Buffer Restrictions

Hardening Countermeasures

Nonexecutable Stack

Randomized Stack Space

Chapter 0x700 CRYPTOLOGY

Information Theory

Algorithmic Run Time

Symmetric Encryption

Asymmetric Encryption

Hybrid Ciphers

Password Cracking

Wireless 802.11b Encryption

WEP Attacks

Chapter 0x800 CONCLUSION

References

Sources

COLOPHON

About O'Reilly

Community

More O'Reilly Sites

Partner Sites

Shop O'Reilly