Hacking: The Art of Exploitation - AbsoluteAstronomy.com

Hacking: The Art of Exploitation (ISBN 1-59327-007-0) is a book written by Jon "Smibbs" Erickson and published by No Starch Press

No Starch Press

No Starch Press is a publishing company specializing in computer books for the technically savvy, or "geek entertainment" as they term it. They have published such titles as Hacking: The Art of Exploitation, Silence on the Wire, Steal This Computer Book 4.0, Steal This File Sharing Book, Write...

in 2003. It is a computer security

Computer security

Computer security is a branch of computer technology known as information security as applied to computers and networks. The objective of computer security includes protection of information and property from theft, corruption, or natural disaster, while allowing the information and property to...

and network security

Network security

In the field of networking, the area of network security consists of the provisions and policies adopted by the network administrator to prevent and monitor unauthorized access, misuse, modification, or denial of the computer network and network-accessible resources...

book. All of the examples in the book were developed, compiled, and tested on Gentoo Linux

Gentoo Linux

Gentoo Linux is a computer operating system built on top of the Linux kernel and based on the Portage package management system. It is distributed as free and open source software. Unlike a conventional software distribution, the user compiles the source code locally according to their chosen...

Content

The content of Hacking moves between programming

Computer programming

Computer programming is the process of designing, writing, testing, debugging, and maintaining the source code of computer programs. This source code is written in one or more programming languages. The purpose of programming is to create a program that performs specific operations or exhibits a...

, networking

Computer network

A computer network, often simply referred to as a network, is a collection of hardware components and computers interconnected by communication channels that allow sharing of resources and information....

, and cryptography

Cryptography

Cryptography is the practice and study of techniques for secure communication in the presence of third parties...

. While well explained, it is a technical piece; some C programming

C (programming language)

C is a general-purpose computer programming language developed between 1969 and 1973 by Dennis Ritchie at the Bell Telephone Laboratories for use with the Unix operating system....

experience is essential, although a basic understanding of networking and cryptography helps as well.

While Hacking is packed with technically accurate, detailed information, it is still a basic introduction to the subject of computer security. Hacking also does not use any notable measure of real-world examples; discussions rarely bring up specific worms and exploits that had previously existed, such as the PNG library overflows or the Blaster worm and related RPC

Remote procedure call

In computer science, a remote procedure call is an inter-process communication that allows a computer program to cause a subroutine or procedure to execute in another address space without the programmer explicitly coding the details for this remote interaction...

service overflow. Thus, an inexperienced reader may not immediately make the connection between the theory and the reality of attack.

Programming

The programming

Computer programming

portion of Hacking makes up over half of the book's total content. This section goes into the development, design, construction, and testing of exploit code, and thus involves some basic assembly programming. The demonstrated attacks range from simple buffer overflow

Buffer overflow

In computer security and programming, a buffer overflow, or buffer overrun, is an anomaly where a program, while writing data to a buffer, overruns the buffer's boundary and overwrites adjacent memory. This is a special case of violation of memory safety....

s on the stack

Call stack

In computer science, a call stack is a stack data structure that stores information about the active subroutines of a computer program. This kind of stack is also known as an execution stack, control stack, run-time stack, or machine stack, and is often shortened to just "the stack"...

to complex techniques involving overwriting the global offset table.

While Erickson discusses some countermeasures such as a non-executable stack and how to evade them with return-to-libc attack

Return-to-libc attack

A return-to-libc attack is a computer security attack usually starting with a buffer overflow in which the return address on the stack is replaced by the address of another instruction and an additional portion of the stack is overwritten to provide arguments to this function...

s, he does not dive into deeper matters without known guaranteed exploits such as address space layout randomization

Address space layout randomization

Address space layout randomization is a computer security method which involves randomly arranging the positions of key data areas, usually including the base of the executable and position of libraries, heap, and stack, in a process's address space.- Benefits :Address space randomization hinders...

. Most protections afforded by the Openwall

Openwall Project

The Openwall Project is a source for various software, including Openwall GNU/*/Linux , a security-enhanced operating system designed for servers...

, GrSecurity

Grsecurity

grsecurity is a set of patches for the Linux kernel with an emphasis on enhancing security. Its typical application is in computer systems that accept remote connections from untrusted locations, such as web servers and systems offering shell access to its users.Released under the GNU General...

, and PaX

PaX

PaX is a patch for the Linux kernel that implements least privilege protections for memory pages. The least-privilege approach allows computer programs to do only what they have to do in order to be able to execute properly, and nothing more. PaX was first released in 2000.PaX flags data memory as...

projects appear to be out of scope for Hacking; as do kernel exploits.

It has been suggested that Hacking be used to teach "basic computer programming fundamentals" in one review included in the opening pages of the book. Although these reviews are placed in the text for marketing

Marketing

Marketing is the process used to determine what products or services may be of interest to customers, and the strategy to use in sales, communications and business development. It generates the strategy that underlies sales techniques, business communication, and business developments...

purposes, the programming section of the book is technically accurate and does convey a lot of information not taught in typical introductory computer programming classes. Whether its use as a fundamental teaching tool would lead to more security-conscious and security-competent programmers overall is, however, neither studied nor proven.

Networking

The networking

Computer network

segment of Hacking has control of less than half of the remaining text. It explains the basics of the OSI model

OSI model

The Open Systems Interconnection model is a product of the Open Systems Interconnection effort at the International Organization for Standardization. It is a prescription of characterizing and standardizing the functions of a communications system in terms of abstraction layers. Similar...

and basic networking concepts; packet sniffing

Packet sniffer

A packet analyzer is a computer program or a piece of computer hardware that can intercept and log traffic passing over a digital network or part of a network...

; connection hijacking; denial of service; and port scanning.

Although technically accurate, the networking section of Hacking only serves as a basic introduction to network security. Countermeasures such as complex firewalls; Stateful Packet Inspection; network address translation

Network address translation

In computer networking, network address translation is the process of modifying IP address information in IP packet headers while in transit across a traffic routing device....

, the threat of firewalking, and countermeasures thereof; intrusion detection and prevention; and virtual private network

Virtual private network

A virtual private network is a network that uses primarily public telecommunication infrastructure, such as the Internet, to provide remote offices or traveling users access to a central organizational network....

s are not discussed.

Cryptology

The cryptology section of Hacking consumes the rest of the book's pages. This is another bottom-up section, starting off with basic information theory and moving through symmetric and asymmetric encryption

Encryption

In cryptography, encryption is the process of transforming information using an algorithm to make it unreadable to anyone except those possessing special knowledge, usually referred to as a key. The result of the process is encrypted information...

. It winds out in cracking WEP

Wired Equivalent Privacy

Wired Equivalent Privacy is a weak security algorithm for IEEE 802.11 wireless networks. Introduced as part of the original 802.11 standard ratified in September 1999, its intention was to provide data confidentiality comparable to that of a traditional wired network...

utilizing the Fluhrer, Mantin, and Shamir Attack.

This section appears to be miscellaneous information for the aspiring cryptology scholar. Besides the basics, including man-in-the-middle attack

Man-in-the-middle attack

In cryptography, the man-in-the-middle attack , bucket-brigade attack, or sometimes Janus attack, is a form of active eavesdropping in which the attacker makes independent connections with the victims and relays messages between them, making them believe that they are talking directly to each other...

s, dictionary attack

Dictionary attack

In cryptanalysis and computer security, a dictionary attack is a technique for defeating a cipher or authentication mechanism by trying to determine its decryption key or passphrase by searching likely possibilities.-Technique:...

s, and the use of John the Ripper

John the Ripper

John the Ripper is a free password cracking software tool. Initially developed for the UNIX operating system, it currently runs on fifteen different platforms...

; Hacking discusses quantum key distribution, Lov Grover's Quantum Search Algorithm

Grover's algorithm

Grover's algorithm is a quantum algorithm for searching an unsorted database with N entries in O time and using O storage space . It was invented by Lov Grover in 1996....

, and Peter Shor's Quantum Factoring Algorithm

Shor's algorithm

Shor's algorithm, named after mathematician Peter Shor, is a quantum algorithm for integer factorization formulated in 1994...

for breaking RSA encryption using a very large quantum computer

Quantum computer

A quantum computer is a device for computation that makes direct use of quantum mechanical phenomena, such as superposition and entanglement, to perform operations on data. Quantum computers are different from traditional computers based on transistors...

Other Details

The front cover of Hacking is the complete cycle, from reverse engineering to carrying out the attack, of developing an exploit for a program that dies of a buffer overflow over long command line arguments. The example is very specific and does not necessarily reflect reverse engineering any similar exploit.
The Persian translation of this book (released under GNU GPLv3 by Saeed Beiki) is available through http://www.secumania.net/include/files/Art-of-Exploitation-Persian.pdf
There is also an updated version of this book also written by Jon Erickson called Hacking: The Art of Exploitation, Second Edition.

Content

Programming

Networking

Cryptology

Other Details

See also