Hacking: The Art of Exploitation, 2nd Edition

Hacking is the art of creative problem solving, whether that means finding an unconventional solution to a difficult problem or exploiting holes in sloppy programming. Many people call themselves hackers, but few have the strong technical foundation needed to really push the envelope.

Rather than merely showing how to run existing exploits, author Jon Erickson explains how arcane hacking techniques actually work. To share the art and science of hacking in a way that is accessible to everyone, Hacking: The Art of Exploitation, 2nd Edition introduces the fundamentals of C programming from a hacker's perspective.

The included LiveCD provides a complete Linux programming and debugging environment--all without modifying your current operating system. Use it to follow along with the book's examples as you fill gaps in your knowledge and explore hacking techniques on your own. Get your hands dirty debugging code, overflowing buffers, hijacking network communications, bypassing protections, exploiting cryptographic weaknesses, and perhaps even inventing new exploits. This book will teach you how to:

• Program computers using C, assembly language, and shell scripts
• Corrupt system memory to run arbitrary code using buffer overflows and format strings
• Inspect processor registers and system memory with a debugger to gain a real understanding of what is happening
• Outsmart common security measures like nonexecutable stacks and intrusion detection systems
• Gain access to a remote server using port-binding or connect-back shellcode, and alter a server's logging behavior to hide your presence
• Redirect network traffic, conceal open ports, and hijack TCP connections
• Crack encrypted wireless traffic using the FMS attack, and speed up brute-force attacks using a password probability matrix

Hackers are always pushing the boundaries, investigating the unknown, and evolving their art. Even if you don't already know how to program, Hacking: The Art of Exploitation, 2nd Edition will give you a complete picture of programming, machine architecture, network communications, and existing hacking techniques. Combine this knowledge with the included Linux environment, and all you need is your own creativity.

The techniques in the book are best described by a caption on its back cover, "The fundamental techniques of serious hacking." It includes major sections on programming, networking, and cryptography. All material is covered with an eye towards exploitation. Languages used in the book material consist of C, PERL, and Assembly for X86.

The techniques described in this book are fundamental to any hacker or security professional who takes their work seriously. The book is well worth the discounted amazon.com price. The material in this book is all original and cannot be found elsewhere. Each example in the programming section is truly an eye opener if you are new to code hacking. The examples in the networking and cryptography sections are relevant and fresh as well.


Best hacking book in the market   April 16, 2004
26 out of 28 found this review helpful

This book is 10 times greater than any other hacking book. It gives useful code and examples rather than 250 pages of theory. Stack and heap overflows are explained in detail as well as many other modern types of exploits. The best part of the book is that it teaches the reader how to write his/her own shellcode and teaches some basic Assembly language along the way. Everything you need to know to be a hacker or stop hackers.

Includes detailed explanations and code for:
buffer / stack / heap based overflows
format string vulnerabilities
writing shellcode
sniffing switched and unswitched networks
tcp / ip hijacking
denial of service
port scanning and tricking port scans of your own computer
password cracking
Man in the middle attacks
Wireless internet security / hacking
and more


The First Hacking Book I've Respected   February 21, 2004
22 out of 24 found this review helpful

Don't expect the conceptual fluff. Be prepared for school. This book does not use the time and motivation wasting filler that so many "hacking" books fill pages with. This describes in significant depth the root techniques used in exploitation. It can make some technical assumptions about the reader, and it is helpful to have programming experience, but I prefer this approach. I would rather have the author "teach to the highest common denominator" and not the lowest... What you don't know when you read this book, you will be motivated to learn.

The writing style can be a little empty, and could use a bit more of a layered approach, but this is a minor criticism.

I work in IT security, and this is the first hacking book I have ever recommended. Go for it.


clever tricks and easy to follow exercises   March 27, 2008
Henrik Lund Kramshøj (Copenhagen)
14 out of 14 found this review helpful


Contents
This is the second edition of a well known book about hacking and contains a lot about hacking. Jon Erickson has expanded the book from the first edition doubling the number of pages to 450 pages and a Linux based Live-CD is also included.

I don't own the first edition, since I had to choose between Hacking by Jon Erickson and The Shellcoders Handbook (first edition, it is also in 2nd ed. now). I choose the Shellcoders handbook, which I have considered my bible for buffer overflows and hacking.

Now that I have read Jon Ericksons book about hacking I have two bibles, both excellent and well written, both covering some of the same stuff - but in very different ways.

This book details the steps done to perform buffer overflows on Linux on the x86 architecture. So detailed that any computer science student can do it, and they should. Every computer science student or aspiring programmer should be forced to read this book along with another book called 19 deadly sins of software programming.

That alone would improve internet security and program reliability in the future. Why you may ask, because this book teaches hacking, and how you can get started hacking.

Not hacking as doing criminal computer break ins, but thinking like an old-school hacker - doing clever stuff, seeing the things others don't. This book contains the missing link back to the old days, where hackers were not necessarily bad guys. Unfortunately today the term hacker IS dead in the public eye, it HAS been maimed, mutilated and the war about changing it back to the old meaning is over. (Actually this war was fought in the 1990's but some youngsters new to hacking still think it can be won, don't waste your time.) The word hacking can still be used in both ways, just make sure the receiver knows what you are talking about :-)

This book teaches hacking in the old sense of the word and contains the explanation that most others books don't - and at the same time it introduces all the basic skills for performing various types of overflow attacks. Then the book also digress into some wireless security and even WEP cracking, but this part is pretty slim, not bad, just only a few pages. This is OK, since I think of this more as an example of extending the hacking into new areas and hopefully inspires more people to look into wireless security.

The best part about this book is that it is not just a book with a random Live-CD. It is an inspiration and your fingers will itch to get started trying the examples explained and experiment with the programs. This alone is the single feature that makes this book worth it, you will do the exercises and learn from them. Learn a lot.

To sum it up this books contains clever tricks and easy to follow exercises, so you can learn to apply them.

Target audience
This book is for anyone interested in hacking and developing exploits. While the primary target audience is newcomers to this field I benefitted from the thorough walkthrough of the basics once again. This book kept reminding me about things I have forgotten and also some new things and tricks I hadn't thought of myself.


Conclusion
If you are a beginning hacker and want to get started, but was confused
by various text files found on the internet, this is the book to buy.

If you want to learn how to do basic stuff and get started thinking like a hacker, this is the book to buy.

If you are a software programmer that has started to think about software security, this is the book to buy.

This book goes from beginning hacker to inspired intermediate hacker and explains everything in depth and is well planned and you will be able to extract an awful lot of information about the way programs really work after reading this book.

If you read this book from cover to cover you will be able to follow most other references about hacking, books, papers, zines etc. from the internet.

So this book is recommended for anyone interested in hacking and could be a nice start to having your own library about hacking. Reading this book first will also help you understand other books about hacking better and get more information from them by thinking in the right way.

Then later you could expand this library with books like, Steven Levy Hackers, Steven Levy Crypto, Shellcoders Handbook, Clifford Stoll Cuckoos Egg and other references.

I am not missing much from this book, but a short explanation how you could run this CD along with your usual operating system, using something like VMware Player would have been nice.

Links:
The home page for this book is: http://www.nostarch.com/hacking2.htm



Superbe, thrilling , excellent book   November 14, 2003
Radu State (Villers-les-Nancy, Lorraine France)
32 out of 38 found this review helpful

This is one of the best books I've ever read. I have read most of the current books in network security, and this is the first one, teaching you how to "think". While most other books on the market will show how to run exploits written by others, this is the first one addressing how to make yourself working exploit code. I am familiar with most papers on this issue (Murat's text, Aleph0' etc), but never before have I seen such clarity and pedagogical approach as in "hacking : the art of exploitation". Besides, I learned new techniques on exploiting an elf binary from this book.
Ever since I started reading it, I could not leave the book apart. The writing style is very clear, precise, making diffcult topics (like shellcode writing, printable shellcodes, heap/stack overflows) accesible and easily understandable for everyone.

The author presents three major topics. The first one addresses in excellent detail how software exploits can be crafted. Here you can learn a methodology on how buffer/heap/format string vulnerabilities are done. A second part of the book discusses network level vulnerabilities, while the last part adddresses cryptography. Even on this last topic, which traditionally looks either to mathematical or to general in other books, "hacking : the art of exploitation" is great and keeps one breathless.
To summarize : If you're interested in network security, or enjoying learning/reading neurons-stimulating stuff, this is the book to read.