Hacking: The Art of Exploitation, 2nd Edition
Related Products
Hacking is the art of creative problem solving, whether that means finding an unconventional solution to a difficult problem or exploiting holes in sloppy programming. Many people call themselves hackers, but few have the strong technical foundation needed to really push the envelope.
Rather than merely showing how to run existing exploits, author Jon Erickson explains how arcane hacking techniques actually work. To share the art and science of hacking in a way that is accessible to everyone, Hacking: The Art of Exploitation, 2nd Edition introduces the fundamentals of C programming from a hacker’s perspective.
The included LiveCD provides a complete Linux programming and debugging environment—all without modifying your current operating system. Use it to follow along with the book’s examples as you fill gaps in your knowledge and explore hacking techniques on your own. Get your hands dirty debugging code, overflowing buffers, hijacking network communications, bypassing protections, exploiting cryptographic weaknesses, and perhaps even inventing new exploits. This book will teach you how to:
– Program computers using C, assembly language, and shell scripts
– Corrupt system memory to run arbitrary code using buffer overflows and format strings
– Inspect processor registers and system memory with a debugger to gain a real understanding of what is happening
– Outsmart common security measures like nonexecutable stacks and intrusion detection systems
– Gain access to a remote server using port-binding or connect-back shellcode, and alter a server’s logging behavior to hide your presence
– Redirect network traffic, conceal open ports, and hijack TCP connections
– Crack encrypted wireless traffic using the FMS attack, and speed up brute-force attacks using a password probability matrix
Hackers are always pushing the boundaries, investigating the unknown, and evolving their art. Even if you don’t already know how to program, Hacking: The Art of Exploitation, 2nd Edition will give you a complete picture of programming, machine architecture, network communications, and existing hacking techniques. Combine this knowledge with the included Linux environment, and all you need is your own creativity.
From the Publisher
About the Author
Jon Erickson has a formal education in computer science and has been hacking and programming since he was five years old. He speaks at computer security conferences and trains security teams around the world. Currently, he works as a vulnerability researcher and security specialist in Northern California.
About the Publisher
No Starch Press has published the finest in geek entertainment since 1994, creating both timely and timeless titles like Python Crash Course, Python for Kids, How Linux Works, and Hacking: The Art of Exploitation. An independent, San Francisco-based publishing company, No Starch Press focuses on a curated list of well-crafted books that make a difference. They publish on many topics, including computer programming, cybersecurity, operating systems, and LEGO. The titles have personality, the authors are passionate experts, and all the content goes through extensive editorial and technical reviews. Long known for its fun, fearless approach to technology, No Starch Press has earned wide support from STEM enthusiasts worldwide.
Publisher : No Starch Press
Publication date : February 1, 2008
Edition : 2nd ed.
Language : English
Print length : 488 pages
ISBN-10 : 1593271441
ISBN-13 : 978-1593271442
Item Weight : 1.77 pounds
Dimensions : 7.13 x 1 x 9.25 inches
Best Sellers Rank: #58,214 in Books (See Top 100 in Books) #10 in Computer Hacking #31 in Computer Network Security #58 in Internet & Telecommunications
Customer Reviews: 4.6 4.6 out of 5 stars (1,563) var dpAcrHasRegisteredArcLinkClickAction; P.when(‘A’, ‘ready’).execute(function(A) { if (dpAcrHasRegisteredArcLinkClickAction !== true) { dpAcrHasRegisteredArcLinkClickAction = true; A.declarative( ‘acrLink-click-metrics’, ‘click’, { “allowLinkDefault”: true }, function (event) { if (window.ue) { ue.count(“acrLinkClickCount”, (ue.count(“acrLinkClickCount”) || 0) + 1); } } ); } }); P.when(‘A’, ‘cf’).execute(function(A) { A.declarative(‘acrStarsLink-click-metrics’, ‘click’, { “allowLinkDefault” : true }, function(event){ if(window.ue) { ue.count(“acrStarsLinkWithPopoverClickCount”, (ue.count(“acrStarsLinkWithPopoverClickCount”) || 0) + 1); } }); });
Roshan Patel –
A hacking book that teaches you mindset
I’ve read quite a few books on hacking, many of which focus on specific technologies—such as using tools to perform reconnaissance on websites and identify potential attack targets. This book, however, takes a different approach. It starts by teaching the fundamentals of assembly and C programming, then moves on to help you identify programs vulnerable to buffer overflows. You’ll learn how to write shellcode to exploit these vulnerabilities.What sets this book apart is its minimal reliance on abstractions. For instance, it teaches you how to build your own simple web server, which you can then exploit. Need to perform a SYN flood against a target? No problem—you’ll write your own in C to fully understand the process. This hands-on approach will give you a solid understanding of networking. There’s even a chapter dedicated to cryptography, which will deepen your knowledge in this critical area.To top it off, the book culminates in a project where you’ll learn to crack WEP encryption—not with third-party tools, but by exploiting weak initialization vectors (IVs) and doing it all yourself.While some of the examples, such as the buffer overflow scenarios, may not work in real-world environments, this book is still an invaluable resource. It covers essential foundational knowledge that will serve you well on your hacking journey. There are books that quickly get outdated because they teach you how to use tools. This book is a classic. It teaches you understanding. After reading this, you’ll have a better understanding of how third-party tools work, or you can write your own!
Seagull Stahpitnow –
Regained my lost book
I had the first edition copy of this book that I studied. This second edition has a lot more knowledge and sets the mindset to have. It’s very insightful and tackles concept in an easy to grasp way.The first edition had a CD in the back, but since then they have gone away with the physical disk and have a link in the back of the book to set up your vm or machine to practice the concepts in a safe environment.This is a great addition to anyone curious about computers and wanting to do a hands on approach. I’d recommend for beginners up to advanced. It’s a handy reference and great for getting your feet wet.
J. AMANT –
This is a ‘real’ hacking book, not another high level concepts book
This is a ‘real’ hacking book, not another high level concepts book. It examines low level exploits, mostly via assembly language and C code examples.By page 21, Jon is walking the user through an object dump of a C program, by page 25 explaining the Intel assembly language.We have all heard of buffer overflow exploits, shellcodes. Jon provides detailed coding examples, teaching the reader about registers, memory locations – all in exacting, working detail.My favorite part of the book is when Jon, wanting to reduce the footprint of a sample exploit program’s code, reverses a loop’s order, shortening a section of code from 5 to 4 instructions! Super clever.
Lance C. Hibbeler –
Find out how deep the rabbit hole really goes I think this is another one of those books that needs to be on a mandatory reading list for all CS bachelors degree. It seems to me that most of the exploits wouldn’t be a problem if programmers were a bit more diligent in their coding. strcpy() is your enemy, strncpy() is your friend. Always always ALWAYS be 100% suspicious of any input supplied from a user- check for illegal characters. Instead of if(functionThatReturnsTrue), try if(functionThatReturnsTrue == True). The list goes on and on. Computers do only what they are told, and if you leave a hole in your program that allows someone else to tell the computer what to do to save yourself the second or two it takes to hit a few more keys, well then you deserve to be hacked and summarily lose your job. Due diligence: do it- maybe then the real engineering disciplines won’t be so mad when code monkeys call themselves engineers. From what I can gather, the first edition was too terse. I think the second edition was a bit long-winded at times. And there’s no discussion of hacking a Windows machine. However, this is still by far the best general hacking book out there.
The easiest way to sum up this book is simply “wow.” Erickson discusses the fundamentals of exploits (hacks) on local machines and remote machines, and also hits on a bit of cryptology. The meat of book is sandwiched by something of an inner dialogue and history of hacking, which alone are worth the cost of the book. This book is not for the layman or the faint of heart- you have to know how to write code, and you have to at least know how to read Intel x86 assembly, if not write it. It also doesn’t hurt to know how programs are actually executed- beyond just double-clicking an icon- I’m talking about stacks and heaps and everything else. The second chapter is possibly the most elegant summary of programming and the C language I have ever seen, ever, but nothing beats a few years “in the trenches.”So once you’ve refreshed your basics of programming, Erickson gets right into it, discussing buffer overflows. He builds up from the most simple concepts into more and more complicated tools- which seems to be exactly how we have arrived at modern exploits; the hackers and the anti-hackers have been co-evolving over the years. Next comes hacking remote machines, including how to cover your tracks- which I found to be some of the most devious ideas presented. If you take your time, and run some of the exploits yourself on the included CD, you will come away with an incredible knowledge of how many exploits work from their most fundamental level. If you’re anything like me, you will enjoy the “hunt” of trying to counter the exploit before Erickson explains the solution. Also, if you’re anything like me, you will walk away from the book shaking your head at the rut called ASCII that we’ve worked ourselves into.