Hacking: The Art of Exploitation
by Erickson, JonFormat: Trade Paper
Pub. Date: 2003-11-01
Publisher(s): No Starch Press
Other versions by this Author
-
This Item Qualifies for Free Shipping!*
*Excludes marketplace orders.
List Price: $41.95
Rent Book
Select for Price
New Book
We're Sorry
Sold Out
Used Book
We're Sorry
Sold Out
eBook
We're Sorry
Not Available
How Marketplace Works:
- This item is offered by an independent seller and not shipped from our warehouse
- Item details like edition and cover design may differ from our description; see seller's comments before ordering.
- Sellers much confirm and ship within two business days; otherwise, the order will be cancelled and refunded.
- Marketplace purchases cannot be returned to eCampus.com. Contact the seller directly for inquiries; if no response within two days, contact customer service.
- Additional shipping costs apply to Marketplace purchases. Review shipping costs at checkout.
Summary
Emphasizing a true understanding of the techniques as opposed to just breaking the rules, the author helps readers determine which areas are prone to attack and why. Unlike other so-called hacking guides, this book does not gloss over technical details, and includes detailed sections on stack-based overflows, heap based overflows, format string exploits, return-into-libc, shellcode, and cryptographic attacks on 802.11b.
Author Biography
Jon Erickson has a formal education in computer science and speaks frequently at computer security conferences around the world. He currently works as a cryptologist and security specialist in Northern California
Table of Contents
| Introduction | p. 1 |
| Programming | |
| What Is Programming? | p. 8 |
| Program Exploitation | p. 11 |
| Generalized Exploit Techniques | p. 14 |
| Multi-User File Permissions | p. 15 |
| Memory | p. 16 |
| Memory Declaration | p. 17 |
| Null Byte Termination | p. 18 |
| Program Memory Segmentation | p. 18 |
| Buffer Overflows | p. 22 |
| Stack-Based Overflows | p. 23 |
| Exploiting Without Exploit Code | p. 27 |
| Using the Environment | p. 31 |
| Heap- and bss-Based Overflows | p. 41 |
| A Basic Heap-Based Overflow | p. 41 |
| Overflowing Function Pointers | p. 46 |
| Format Strings | p. 54 |
| Format Strings and printf() | p. 54 |
| The Format-String Vulnerability | p. 59 |
| Reading from Arbitrary Memory Addresses | p. 61 |
| Writing to Arbitrary Memory Addresses | p. 62 |
| Direct Parameter Access | p. 71 |
| Detours with dtors | p. 74 |
| Overwriting the Global Offset Table | p. 80 |
| Writing Shellcode | p. 84 |
| Common Assembly Instructions | p. 84 |
| Linux System Calls | p. 85 |
| Hello, World! | p. 87 |
| Shell-Spawning Code | p. 90 |
| Avoiding Using Other Segments | p. 92 |
| Removing Null Bytes | p. 94 |
| Even Smaller Shellcode Using the Stack | p. 98 |
| Printable ASCII Instructions | p. 101 |
| Polymorphic Shellcode | p. 102 |
| ASCII Printable Polymorphic Shellcode | p. 103 |
| Dissembler | p. 118 |
| Returning into libc | p. 129 |
| Returning into system() | p. 130 |
| Chaining Return into libc Calls | p. 132 |
| Using a Wrapper | p. 133 |
| Writing Nulls with Return into libc | p. 134 |
| Writing Multiple Words with a Single Call | p. 136 |
| Networking | |
| What Is Networking? | p. 139 |
| OSI Model | p. 140 |
| Interesting Layers in Detail | p. 142 |
| Network Layer | p. 142 |
| Transport Layer | p. 143 |
| Data-Link Layer | p. 145 |
| Network Sniffing | p. 146 |
| Active Sniffing | p. 149 |
| TCP/IP Hijacking | p. 156 |
| RST Hijacking | p. 157 |
| Denial of Service | p. 160 |
| The Ping of Death | p. 160 |
| Teardrop | p. 161 |
| Ping Flooding | p. 161 |
| Amplification Attacks | p. 161 |
| Distributed DoS Flooding | p. 162 |
| SYN Flooding | p. 162 |
| Port Scanning | p. 162 |
| Stealth SYN Scan | p. 163 |
| FIN, X-mas, and Null Scans | p. 163 |
| Spoofing Decoys | p. 163 |
| Idle Scanning | p. 163 |
| Proactive Defense (Shroud) | p. 165 |
| Cryptology | |
| Information Theory | p. 174 |
| Unconditional Security | p. 174 |
| One-Time Pads | p. 175 |
| Quantum Key Distribution | p. 175 |
| Computational Security | p. 176 |
| Algorithmic Runtime | p. 177 |
| Asymptotic Notation | p. 178 |
| Symmetric Encryption | p. 178 |
| Lov Grover's Quantum Search Algorithm | p. 179 |
| Asymmetric Encryption | p. 180 |
| RSA | p. 180 |
| Peter Shor's Quantum Factoring Algorithm | p. 184 |
| Hybrid Ciphers | p. 185 |
| Man-in-the-Middle Attacks | p. 186 |
| Differing SSH Protocol Host Fingerprints | p. 189 |
| Fuzzy Fingerprints | p. 192 |
| Password Cracking | p. 196 |
| Dictionary Attacks | p. 197 |
| Exhaustive Brute-Force Attacks | p. 199 |
| Hash Lookup Table | p. 200 |
| Password Probability Matrix | p. 201 |
| Wireless 802.11 b Encryption | p. 211 |
| Wired Equivalent Privacy (WEP) | p. 212 |
| RC4 Stream Cipher | p. 213 |
| WEP Attacks | p. 214 |
| Offline Brute-Force Attacks | p. 214 |
| Keystream Reuse | p. 215 |
| IV-Based Decryption Dictionary Tables | p. 216 |
| IP Redirection | p. 216 |
| Fluhrer, Mantin, and Shamir (FMS) Attack | p. 217 |
| Conclusion | |
| References | p. 230 |
| Index | p. 233 |
| Table of Contents provided by Ingram. All Rights Reserved. |
An electronic version of this book is available through VitalSource.
This book is viewable on PC, Mac, iPhone, iPad, iPod Touch, and most smartphones.
By purchasing, you will be able to view this book online, as well as download it, for the chosen number of days.
Digital License
You are licensing a digital product for a set duration. Durations are set forth in the product description, with "Lifetime" typically meaning five (5) years of online access and permanent download to a supported device. All licenses are non-transferable.
More details can be found here.
A downloadable version of this book is available through the eCampus Reader or compatible Adobe readers.
Applications are available on iOS, Android, PC, Mac, and Windows Mobile platforms.
Please view the compatibility matrix prior to purchase.