Hacking: The Art of Exploitation

Front Cover
No Starch Press, 2003 - Computers - 241 pages
61 Reviews
A comprehensive introduction to the techniques of exploitation and creative problem-solving methods commonly referred to as "hacking," Hacking: The Art of Exploitation is for both technical and non-technical people who are interested in computer security. It shows how hackers exploit programs and write exploits, instead of just how to run other people's exploits. Unlike many so-called hacking books, this book explains the technical aspects of hacking, including stack based overflows, heap based overflows, string exploits, return-into-libc, shellcode, and cryptographic attacks on 802.11b.
  

What people are saying - Write a review

User ratings

5 stars
28
4 stars
19
3 stars
8
2 stars
2
1 star
4

Review: Hacking: The Art of Exploitation

User Review  - Rich Tijerina - Goodreads

he gave an ok overview of different approaches. Read full review

Review: Hacking: The Art of Exploitation

User Review  - Acc13 - Goodreads

Great book. Good overviews of topics before diving into guts. Section intros are breezy reads with lots of information, but the deep dives following get quite technical and slow. Book starts with ... Read full review

All 10 reviews »

Selected pages

Contents

INTRODUCTION
1
PROGRAMMING
7
0x210 What Is Programming?
8
0x220 Program Exploitation
11
0x230 Generalized Exploit Techniques
14
0x250 Memory
16
0x251 Memory Declaration
17
0x252 Null Byte Termination
18
0x322 Transport Layer
143
0x323 DataLink Layer
145
0x330 Network Sniffing
146
0x331 Active Sniffing
149
0x340 TCPIP Hijacking
156
0x341 RST Hijacking
157
0x350 Denial of Service
160
0x352 Teardrop
161

0x260 Buffer Overflows
22
0x270 StackBased Overflows
23
0x271 Exploiting Without Exploit Code
27
0x272 Using the Environment
31
0x280 Heap and bssBased Overflows
41
0x282 Overflowing Function Pointers
46
0x290 Format Strings
54
0x292 The FormatString Vulnerability
59
0x293 Reading from Arbitrary Memory Addresses
61
0x294 Writing to Arbitrary Memory Addresses
62
0x295 Direct Parameter Access
71
0x296 Detours with dtors
74
0x297 Overwriting the Global Offset Table
80
0x2a0 Writing Shellcode
84
0x2a2 Linux System Calls
85
0x2a3 Hello World
87
0x2a4 ShellSpawning Code
90
0x2a5 Avoiding Using Other Segments
92
0x2a6 Removing Null Bytes
94
0x2a7 Even Smaller Shellcode Using the Stack
98
0x2a8 Printable ASCII Instructions
101
0x2a9 Polymorphic Shellcode
102
0x2aa ASCII Printable Polymorphic Shellcode
103
0x2ab Dissembler
118
0x2b0 Returning into libc
129
0x2b1 Returning into system
130
0x2b2 Chaining Return into libc Calls
132
0x2b3 Using a Wrapper
133
0x2b4 Writing Nulls with Return into libc
134
0x2b5 Writing Multiple Words with a Single Call
136
NETWORKING
139
0x311 OSI Model
140
0x320 Interesting Layers in Detail
142
0x355 Distributed DoS Flooding
162
0x361 Stealth SYN Scan
163
0x365 Proactive Defense Shroud
165
CRYPTOLOGY
173
0x410 Information Theory
174
0x412 OneTime Pads
175
0x414 Computational Security
176
0x420 Algorithmic Runtime
177
0x421 Asymptotic Notation
178
0x431 Lov Grovers Quantum Search Algorithm
179
0x440 Asymmetric Encryption
180
0x442 Peter Shors Quantum Factoring Algorithm
184
0x450 Hybrid Ciphers
185
0x451 ManintheMiddle Attacks
186
0x452 Differing SSH Protocol Host Fingerprints
189
0x453 Fuzzy Fingerprints
192
0x460 Password Cracking
196
0x461 Dictionary Attacks
197
0x462 Exhaustive BruteForce Attacks
199
0x463 Hash Lookup Table
200
0x464 Password Probability Matrix
201
0x470 Wireless 8021 1 b Encryption
211
0x471 Wired Equivalent Privacy WEP
212
0x472 RC4 Stream Cipher
213
0x480 WEP Attacks
214
0x482 Keystream Reuse
215
0x483 IVBased Decryption Dictionary Tables
216
0x485 Fluhrer Mantin and Shamir FMS Attack
217
CONCLUSION
229
References
230
INDEX
233
Copyright

Common terms and phrases

References to this book

Computer Viruses and Malware
John Aycock
No preview available - 2006
Software-Qualität
Dirk W. Hoffmann
No preview available - 2008
All Book Search results »

About the author (2003)

Erickson has a formal education in computer science and speaks frequently at computer security conferences around the world. He currently works as a cryptologist and security specialist in Northern California.

Bibliographic information