Hacking: The Art of Exploitation, 2nd Edition
By Jon Erickson
Publisher: No Starch Press
Final Release Date: January 2008
Pages: 480

Hacking is the art of creative problem solving, whether that means finding an unconventional solution to a difficult problem or exploiting holes in sloppy programming. Many people call themselves hackers, but few have the strong technical foundation needed to really push the envelope.

Rather than merely showing how to run existing exploits, author Jon Erickson explains how arcane hacking techniques actually work. To share the art and science of hacking in a way that is accessible to everyone, Hacking: The Art of Exploitation, 2nd Edition introduces the fundamentals of C programming from a hacker's perspective.

The included LiveCD provides a complete Linux programming and debugging environment-all without modifying your current operating system. Use it to follow along with the book's examples as you fill gaps in your knowledge and explore hacking techniques on your own. Get your hands dirty debugging code, overflowing buffers, hijacking network communications, bypassing protections, exploiting cryptographic weaknesses, and perhaps even inventing new exploits. This book will teach you how to:

  • Program computers using C, assembly language, and shell scripts
  • Corrupt system memory to run arbitrary code using buffer overflows and format strings
  • Inspect processor registers and system memory with a debugger to gain a real understanding of what is happening
  • Outsmart common security measures like nonexecutable stacks and intrusion detection systems
  • Gain access to a remote server using port-binding or connect-back shellcode, and alter a server's logging behavior to hide your presence
  • Redirect network traffic, conceal open ports, and hijack TCP connections
  • Crack encrypted wireless traffic using the FMS attack, and speed up brute-force attacks using a password probability matrix

Hackers are always pushing the boundaries, investigating the unknown, and evolving their art. Even if you don't already know how to program, Hacking: The Art of Exploitation, 2nd Edition will give you a complete picture of programming, machine architecture, network communications, and existing hacking techniques. Combine this knowledge with the included Linux environment, and all you need is your own creativity.

Table of Contents
Product Details
Recommended for You
Customer Reviews

REVIEW SNAPSHOT®

by PowerReviews
oreillyHacking: The Art of Exploitation, 2nd Edition
 
4.8

(based on 5 reviews)

Ratings Distribution

  • 5 Stars

     

    (4)

  • 4 Stars

     

    (1)

  • 3 Stars

     

    (0)

  • 2 Stars

     

    (0)

  • 1 Stars

     

    (0)

Reviewed by 5 customers

Sort by

Displaying reviews 1-5

Back to top

 
5.0

All hacking books the same? Not this one

By Anonymous

from the internet

About Me Developer

Pros

  • Accurate
  • Concise
  • Well-written

Cons

    Best Uses

    • Intermediate

    Comments about oreilly Hacking: The Art of Exploitation, 2nd Edition:

    I had an interest in computer security since the late 90's all the way up to today. In that time I've read a pile of books about hacking thats probably taller than I am. I find it hard nowadays to find a book that can tell me anything I haven't already read about in some other book already. Then along comes this. The best and most unique hacking book I've read to date. I'm only about half way through it so far. The learning curve is pretty intense. I'd say a bit of prior knowledge would help you out with this one but even without it the book gives you everything you need. Goes into the real low level detail of how attacks work with a LOT of code examples. The book almost doubles up as a C/ASM programming course. The best part is, everything it teaches you works.
    Even experienced programmers can learn some new tricks from this book. I highly recommend it.

     
    5.0

    Excellent surprise

    By cedric

    from CZ

    Verified Reviewer

    Pros

    • Accurate
    • Concise
    • Easy to understand
    • Helpful examples
    • Well-written

    Cons

      Best Uses

      • Intermediate
      • Student

      Comments about oreilly Hacking: The Art of Exploitation, 2nd Edition:

      I was not sure what to expect about a book on exploits & hacking. And the fact that it starts with some "C for dummy" and "ASM for dummy" did not give me good first impression (I was rather expecting a book that goes directly into the subject)

      However, since it's very pleasant to read, I kept on going. And I could not let the book down : it's like reading a series of detective stories! you try and guess who's the culprit before explanation! really fun!

      The more it goes, the more the exploits are smart and well designed.

      Just quick note : again, this is not a "how to become a hacker", but rather a book that gives the first ideas behind hacking. It teaches you how a machine works, and that the main limitation of your hacking skill is your practice & imagination... And go learn ASM.

      On the disappointment side :
      * more emphasize could have been done on counter measures (e.g. : nothing about Mandatory Access Control).
      * 64 bits has been forgotten all together (stack usage is different)
      * Nothing about the compilation optimization that may radically and unexpectedly change how a function uses the stack & registers

      (1 of 5 customers found this review helpful)

       
      4.0

      Obvious error undermines confidence

      By hughdbrown

      from New York

      Verified Reviewer

      Comments about oreilly Hacking: The Art of Exploitation, 2nd Edition:

      I downloaded the book four minutes ago. I am looking in the cryptography section and found this:

      "In the table below, the GCD of 7253 and 120, written as gcd(7253, 120), will be calculated."

      and one paragraph later:

      "So, the greatest common divisor of 7243 and 120 is 1. That means that 7250 and 120 are relatively prime to each other."

      We are not finding the GCD of 7243 and 120. We are not finding the GCD of 7250 and 120. It's the GCD of 7253 and 120. So two typos in two sentences referring to the author's own example a paragraph earlier.

      I hope it gets better. This is a second edition and these errors should be worked out.

      (13 of 13 customers found this review helpful)

       
      5.0

      Hacking

      By Colorado Springs Technology Users Group

      from Colorado Springs

      Comments about oreilly Hacking: The Art of Exploitation, 2nd Edition:

      This is an excellent book! At a high level, it covers topics on offensive programming, networking, and cryptology. Particularly nice to see is a chapter on countermeasures, discussing how these sorts of attacks can be mitigated. While not a book for beginners, the concepts are presented in an approachable manner. Definitely a must-have for security folks and sysadmins.

      (19 of 19 customers found this review helpful)

       
      5.0

      Outstanding. Must have.

      By jdruin

      from Undisclosed

      Comments about oreilly Hacking: The Art of Exploitation, 2nd Edition:

      Hacking: The Art of Exploitation

      Author: Jon Erickson

      This is the second edition of this book, which expands considerably on the first. The book is divided into a few main topics; programming, networking, and encryption. The first book did an excellent job of describing the fundamental foundations of hacking techniques.

      What made the book stand out was how the information was presented. The author does not talk down to the reader but makes all effort to explain each topic clearly. For each topic, the source code used is printed and explained step-by-step. In the second edition, the examples are improved. The examples are more detailed and include information such as common implementation mistakes such as not setting programs suid or not using required complier options. The author even goes so far as to show the error messages that occur if the user were to forget common items.

      The program section is expanded somewhat but the biggest difference was in the network section. These chapters were updated with information on web servers et al. and further explanations of basic IP and TCP packet exploits, from which higher level exploits are built.

      The author is obviously an accomplished expert on computer systems but does not let ego enter the text. This makes the book easy to read and learn from. The book includes a CD with a Linux OS and the source code used in the examples.

      This book is a must have for security admins, sys admins, and computer science students.

      Displaying reviews 1-5

      Back to top

       
      Buy 2 Get 1 Free Free Shipping Guarantee
      Buying Options
      Immediate Access - Go Digital what's this?
      Ebook: $39.95
      Formats:  CD Content, ePub, Mobi, PDF
      Print & Ebook: $54.95
      Print: $49.95