Jon Erickson1593271441, 9781593271442, 159327338X, 9781593273385
Rather than merely showing how to run existing exploits, author Jon Erickson explains how arcane hacking techniques actually work. To share the art and science of hacking in a way that is accessible to everyone, Hacking: The Art of Exploitation, 2nd Edition introduces the fundamentals of C programming from a hacker’s perspective.
The included LiveCD provides a complete Linux programming and debugging environment—all without modifying your current operating system. Use it to follow along with the book’s examples as you fill gaps in your knowledge and explore hacking techniques on your own. Get your hands dirty debugging code, overflowing buffers, hijacking network communications, bypassing protections, exploiting cryptographic weaknesses, and perhaps even inventing new exploits. This book will teach you how to:
• Program computers using C, assembly language, and shell scripts
• Corrupt system memory to run arbitrary code using buffer overflows and format strings
• Inspect processor registers and system memory with a debugger to gain a real understanding of what is happening
• Outsmart common security measures like nonexecutable stacks and intrusion detection systems
• Gain access to a remote server using port-binding or connect-back shellcode, and alter a server’s logging behavior to hide your presence
• Redirect network traffic, conceal open ports, and hijack TCP connections
• Crack encrypted wireless traffic using the FMS attack, and speed up brute-force attacks using a password probability matrix
Hackers are always pushing the boundaries, investigating the unknown, and evolving their art. Even if you don’t already know how to program, Hacking: The Art of Exploitation, 2nd Edition will give you a complete picture of programming, machine architecture, network communications, and existing hacking techniques. Combine this knowledge with the included Linux environment, and all you need is your own creativity.
Table of contents :
Copyright……Page 6
Preface……Page 13
Acknowledgments……Page 14
0x100: Introduction……Page 15
0x200: Programming……Page 19
0x210 What Is Programming?……Page 20
0x220 Pseudo-code……Page 21
0x231 If-Then-Else……Page 22
0x232 While/Until Loops……Page 23
0x233 For Loops……Page 24
0x241 Variables……Page 25
0x242 Arithmetic Operators……Page 26
0x243 Comparison Operators……Page 28
0x244 Functions……Page 30
0x250 Getting Your Hands Dirty……Page 33
0x251 The Bigger Picture……Page 34
0x252 The x86 Processor……Page 37
0x253 Assembly Language……Page 39
0x260 Back to Basics……Page 51
0x261 Strings……Page 52
0x262 Signed, Unsigned, Long, and Short……Page 55
0x263 Pointers……Page 57
0x264 Format Strings……Page 62
0x265 Typecasting……Page 65
0x266 Command-Line Arguments……Page 72
0x267 Variable Scoping……Page 76
0x270 Memory Segmentation……Page 83
0x271 Memory Segments in C……Page 89
0x272 Using the Heap……Page 91
0x273 Error-Checked malloc()……Page 94
0x281 File Access……Page 95
0x282 File Permissions……Page 101
0x283 User IDs……Page 102
0x284 Structs……Page 110
0x285 Function Pointers……Page 114
0x286 Pseudo-random Numbers……Page 115
0x287 A Game of Chance……Page 116
0x300: Exploitation……Page 129
0x310 Generalized Exploit Techniques……Page 132
0x320 Buffer Overflows……Page 133
0x321 Stack-Based Buffer Overflow Vulnerabilities……Page 136
0x330 Experimenting with BASH……Page 147
0x331 Using the Environment……Page 156
0x341 A Basic Heap-Based Overflow……Page 164
0x342 Overflowing Function Pointers……Page 170
0x351 Format Parameters……Page 181
0x352 The Format String Vulnerability……Page 184
0x353 Reading from Arbitrary Memory Addresses……Page 186
0x354 Writing to Arbitrary Memory Addresses……Page 187
0x355 Direct Parameter Access……Page 194
0x356 Using Short Writes……Page 196
0x357 Detours with .dtors……Page 198
0x358 Another notesearch Vulnerability……Page 203
0x359 Overwriting the Global Offset Table……Page 204
0x400: Networking……Page 209
0x410 OSI Model……Page 210
0x420 Sockets……Page 212
0x421 Socket Functions……Page 213
0x422 Socket Addresses……Page 214
0x423 Network Byte Order……Page 216
0x425 A Simple Server Example……Page 217
0x426 A Web Client Example……Page 221
0x427 A Tinyweb Server……Page 227
0x430 Peeling Back the Lower Layers……Page 231
0x431 Data-Link Layer……Page 232
0x432 Network Layer……Page 234
0x433 Transport Layer……Page 235
0x440 Network Sniffing……Page 238
0x441 Raw Socket Sniffer……Page 240
0x442 libpcap Sniffer……Page 242
0x443 Decoding the Layers……Page 244
0x444 Active Sniffing……Page 253
0x450 Denial of Service……Page 265
0x451 SYN Flooding……Page 266
0x453 Teardrop……Page 270
0x455 Amplification Attacks……Page 271
0x460 TCP/IP Hijacking……Page 272
0x461 RST Hijacking……Page 273
0x462 Continued Hijacking……Page 277
0x472 FIN, X-mas, and Null Scans……Page 278
0x474 Idle Scanning……Page 279
0x475 Proactive Defense (shroud)……Page 281
0x480 Reach Out and Hack Someone……Page 286
0x481 Analysis with GDB……Page 287
0x482 Almost Only Counts with Hand Grenades……Page 289
0x483 Port-Binding Shellcode……Page 292
0x500: Shellcode……Page 295
0x510 Assembly vs. C……Page 296
0x511 Linux System Calls in Assembly……Page 298
0x520 The Path to Shellcode……Page 300
0x521 Assembly Instructions Using the Stack……Page 301
0x522 Investigating with GDB……Page 303
0x523 Removing Null Bytes……Page 304
0x530 Shell-Spawning Shellcode……Page 309
0x531 A Matter of Privilege……Page 313
0x532 And Smaller Still……Page 316
0x540 Port-Binding Shellcode……Page 317
0x541 Duplicating Standard File Descriptors……Page 321
0x542 Branching Control Structures……Page 323
0x550 Connect-Back Shellcode……Page 328
0x600: Countermeasures……Page 333
0x610 Countermeasures That Detect……Page 334
0x620 System Daemons……Page 335
0x621 Crash Course in Signals……Page 336
0x622 Tinyweb Daemon……Page 338
0x630 Tools of the Trade……Page 342
0x631 tinywebd Exploit Tool……Page 343
0x641 Blend In with the Crowd……Page 348
0x651 One Step at a Time……Page 350
0x652 Putting Things Back Together Again……Page 354
0x653 Child Laborers……Page 360
0x661 Spoofing the Logged IP Address……Page 362
0x662 Logless Exploitation……Page 366
0x670 The Whole Infrastructure……Page 368
0x671 Socket Reuse……Page 369
0x681 String Encoding……Page 373
0x682 How to Hide a Sled……Page 376
0x690 Buffer Restrictions……Page 377
0x691 Polymorphic Printable ASCII Shellcode……Page 380
0x6b1 ret2libc……Page 390
0x6b2 Returning into system()……Page 391
0x6c0 Randomized Stack Space……Page 393
0x6c1 Investigations with BASH and GDB……Page 394
0x6c2 Bouncing Off linux-gate……Page 398
0x6c4 A First Attempt……Page 402
0x6c5 Playing the Odds……Page 404
0x700: Cryptology……Page 407
0x711 Unconditional Security……Page 408
0x713 Quantum Key Distribution……Page 409
0x714 Computational Security……Page 410
0x720 Algorithmic Run Time……Page 411
0x730 Symmetric Encryption……Page 412
0x731 Lov Grover’s Quantum Search Algorithm……Page 413
0x741 RSA……Page 414
0x742 Peter Shor’s Quantum Factoring Algorithm……Page 418
0x751 Man-in-the-Middle Attacks……Page 420
0x752 Differing SSH Protocol Host Fingerprints……Page 424
0x753 Fuzzy Fingerprints……Page 427
0x760 Password Cracking……Page 432
0x761 Dictionary Attacks……Page 433
0x762 Exhaustive Brute-Force Attacks……Page 436
0x763 Hash Lookup Table……Page 437
0x764 Password Probability Matrix……Page 438
0x770 Wireless 802.11b Encryption……Page 447
0x771 Wired Equivalent Privacy……Page 448
0x772 RC4 Stream Cipher……Page 449
0x781 Offline Brute-Force Attacks……Page 450
0x782 Keystream Reuse……Page 451
0x784 IP Redirection……Page 452
0x785 Fluhrer, Mantin, and Shamir Attack……Page 453
0x800: Conclusion……Page 465
0x810 References……Page 466
0x820 Sources……Page 468
Index……Page 469
Updates; About the CD……Page 490
Reviews
There are no reviews yet.