Contents • • • • • • • • • • • • • • • • Author and background information [ ] Jon Erickson is a computer security expert, with a background in computer science. As of 2011, he worked as a researcher and specialist in California. ![]() The seminal book known as the 'bible' of the reverse engineering and general hacking practices, everything from cracking to reverse engineering and patching as well as code monitoring and general software exploit strategies. This is the revised and extended edition, in PDF format. Also included is the rare companion CD. More Hacking The Art Of Exploitation 2nd Edition Ebook videos. Authors, Jon Erickson. Publisher, No Starch Press. Language, en. File Size, 3.67 MB. File Format, PDF. Download Counter, 19,822. Google Book, Link. A bootable CD is included with the book which provides a -based and environment for the users. Content of 1st edition [ ] The content of Hacking moves between,, and. The book does not use any notable measure of real-world examples; discussions rarely bring up specific worms and. Programming [ ] The portion of Hacking takes up over half of the book. This section goes into the development, design, construction, and testing of exploit code, and thus involves some basic. The demonstrated attacks range from simple on the to complex techniques involving overwriting the. While Erickson discusses some countermeasures such as a and how to evade them with, he does not dive into deeper matters without known guaranteed exploits such as. The book also does not cover the,, and projects, or exploits. Networking [ ] The segment of Hacking explains the basics of the and basic networking concepts, including,, and. Cryptology [ ] The section of Hacking covers basic information theory, in addition to and. It winds out in cracking utilizing the. Besides the basics, including,, and the use of; Hacking discusses,, and for breaking encryption using a very large. Other Details [ ] • The front cover of Hacking is the complete cycle, from reverse engineering to carrying out the attack, of developing an exploit for a program that dies of a buffer overflow over long command line arguments. • The Persian translation of this book (released under GNU GPLv3 by Saeed Beiki) is available through Content 2nd edition [ ] Hacking: The Art of Exploitation Second Edition Author Jon Erickson Country United States (Original) Language English (Second Edition) Series Second Edition Genre Publisher No Starch Press. ![]() Publication date February 2008 Media type Print Pages 488 Introduction [ ] The introduction of the book states that hacking should only be done within the confines of the law, and only for productive reasons. 0x200 Programming [ ] In the programming chapter of this book, different types of programs are described and shown via examples. The chapter covers and other basic aspects of programming. The live CD provides an environment so that the reader can not only follow along with the examples in the book but do some programming themselves. 0x300 Exploitation [ ] is taking the computer's code or set of rules and changing them so the computer does what you want it to do. Finding ways or holes in the system to change is an important part of exploitation. This chapter covers exploit techniques such as memory corruption, Overflows and, especially using and Bash shellcode. 0x400 Networking [ ]. The OSI Model. OSI Model In communication among computers through networking the is used. The OSI Model is a model that provides the standards that computers use to communicate. There are seven layers in the OSI Model and they are Physical layer, Data-Link layer, Network layer, Transport layer, Session layer, Presentation layer, and Application layer. Each packet that a computer sends out to another computer must go through each layer of the OSI Model. Sockets The standard way to communicate on a network with the use of computer operating systems is a. A socket is used by a programmer to create a way to send and receive data using the layers of the OSI. There are two types of sockets: a Stream Socket and a Datagram Socket. Stream Sockets use (TCP). A Datagram Socket uses User Datagram Protocol (UDP). Peeling Back the Layers 'Peeling back the layers' describes how the OSI layers actually work. The OSI Model is described in great detail with some images in the book that make it easy to understand. Network Sniffing Switched and unswitched networks exist in networking. A switched network uses devices called switches that analyze and tell the packets travelling on the network where their endpoint is. An unswitched network is a free flow of packets without them being stopped and analyzed. Sniffing refers to using a program that allows you to see packets on the network and where they are going. Denial of Service A is an attempt to make a computer resource unavailable to its intended users. This means that the denial of service attack sends a large quantity of communication requests to an intended resource in order to overflow the resource so that it becomes unusable for a certain period of time. These types of attacks are usually directed at routers or firewalls in order to shut them down to gain access to other computers on the network. A router is very susceptible to these types of attacks but a firewall can usually handle the attack and is unaffected. A distributed denial of service attack is when communication requests come from multiple computers, greatly increasing the number of requests over a regular denial of service attack. Some other types of DOS attacks include, Teardrop,, and Amplification attacks. TCP/IP Hijacking TCP/IP Hijacking is another way that uses to take over a connection between the victim and a host machine. This technique is mainly used to collect passwords when a host machine uses a password to be connected to. When this type of attack takes place the victim and the attacker must be on the same network. Another form of TCP/IP hijacking is RST hijacking, which involves injecting a fake reset packet. Port Scanning is simply a way to figure out which ports are accepting and listening to connections. The hacker would just use a program that lets him know which ports are open by scanning all the ports on a network and trying to open them. There are many other type of scans, such as SYN, Idle, FIN, X-Mas, and Null scans. Reach Out and Hack Someone This part is about finding vulnerabilities in the typecasting of the network. Using a debugger to go through lines of code which are used for network protocols is the most efficient way to accomplish this. 0x500 Shellcode [ ] Shellcode is used in the exploitation of code. It is like the hacker's own code that he wants to run when he gains control over a program. Usually a hacker will find an exploit in a programs code and be able to insert some of his own code (shellcode) where he found the exploit. C differs from C because assembly is a and when processed can communicate directly with the processor. When using C, which is a high-level programming language, the code must be compiled and sent to the kernel by making a system call and then making a call to the processor. In other words, it is almost like taking the system calling to the kernel out of the picture when using assembly. [ ] The Path to shellcode This part of shellcode is about how to inject a program with shellcode so it can be taken over. There are many examples of code in the book and ways to accomplish this task. Self-spawning shellcode Spawning shellcode is code that will be enabled when an exploit is found. It is shellcode that will be able to be run when a vulnerability is found in the program. The best way to accomplish this is shown in the book and by making sure the code is very small. Port-binding shellcode This type of shellcode attaches itself to a network port. Once bound to a port it will listen for a TCP connection. After it finds the TCP connection there is a lot more programming involved and is shown vividly in the book. Connect-back shellcode This type of shellcode is mainly used when getting around firewalls. Most firewalls are going to block port-binding shellcode from working because they are set up to only allow known services through the active ports. Connect-back shellcode initiates the connection back to the hacker's IP address so it will be coming out from the firewall instead of going into it. Once again the code in the book depicts connect-back with the use of shellcode and ways to accomplish this. 0x600 Countermeasures [ ] This part of the book is about having defenses and to stop known hacking exploits. Countermeasures That Detect An of the network has to be aware of when an exploit may be occurring. Using certain tools like reading logs or on the network are a few ways to catch exploits when they occur. System Daemons A is a server program on a system which receives and accepts incoming connections. A daemon is a program which runs in the background and detaches from controlling the terminal in a certain way. At this point in the book there is some code shown on how to run a daemon program. Signals are also used in a Unix-based environment to make operating system calls. When a signal is type in the terminal it will immediately send an interrupt message to complete the task of whatever the signal was which was typed. The uses of signals are displayed in some coding examples in the book. Tools of the Trade A hacker has a certain set of tools that he needs to help him when exploiting. An exploit script is a tool in which uses already written exploit code to find holes in the system or program. Using exploit scripts is easy for even a non-hacker to use because the code is already written in it. A couple exams of some exploit tools are shown in the book and how to use them. Log Files As stated earlier log files are a way to check events that have been happening on a computer or network. For a hacker, having the ability to change what the log file says can help him not to be noticed. There is code and directions on how to change some log files in the book. Overlooking the Obvious Another sign of a program being hacked is that it will no longer work correctly. Most of the time programs do not work correctly because the hacker has modified them do accomplish another task. A skilled hacker however can modify the program so it still works correctly and does what he wants it do. If a program is exploited there are ways to tell how it happened. Finding out how a program was exploited can be a very tedious process since it usually starts with taking parts of the program and looking at them individually. Putting an exploited program back together again to see how it was exploited is shown in the book. Advanced Camouflage When a hacker is exploiting a program his IP address can be written to a log file. Camouflaging the log files so that his IP address can not be detected is shown in the book. When an is hidden, it is called spoofing the IP address. The Whole Infrastructure The use of intrusion detection systems and intrusion prevention systems greatly helps avoid the risk of being exploited. Even firewalls and routers have log files that can show evidence of hacking. Making sure that outbound TCP connections cannot be processed is one way to limit being found. A few ways are shown in the book on how to use TCP connections so that it is easier to go undetected. Payload Smuggling When using shellcode to exploit programs, it can be caught by intrusion detection systems. Usually the intrusion detection system will catch the programs that are already written and have noticeable shell code in them. Most exploit programs will be caught because real hackers are not using them. There are ways to hide shellcode so it can be harder to detect. A couple of examples on how to hide shellcode are found in the book. Buffer Restrictions Sometimes there are restrictions put on buffers so that vulnerabilities cannot be exploited. There are a few ways that the book depicts on how to get around buffer restrictions. Hardening Countermeasures The exploits that are found in this book have been around for a long time. It took hackers a while before they figured out how to take advantage of the vulnerabilities described in this book. Memory corruption, a change of control, and the use of shellcode are the three easiest steps to exploitation. This an example of a stack and the components of it. Nonexecutable Stack Most applications do not use the stack for any type of executing. One defense is to make the stack non-executable so that buffer overflows cannot be used in the exploitation of the program. This defense is very effective for stopping the use of shellcode in an application. However, there is a way to get around the use of a non-executable stack which is shown and described in the book. Randomized Stack Space A randomized stack is a type of countermeasure used so that the hacker is unable to tell where the shellcode he implemented is. It randomizes the memory layout within the stack. Once again, there is also a way to get around this countermeasure with some examples in the book. 0x700 Cryptology [ ] Cryptology is the use of communicating secretly through the use of ciphers, and cryptanalysis is the process of cracking or deciphering such secret communications. This chapter offers information on the theory of cryptology, including the work of, and concepts including unconditional security,, quantum key distribution, and computational security. Using the same key to encrypt and to decrypt messages is symmetric encryption. Asymmetric encryption involves using different keys (public and private). This chapter gives some examples of both kinds of encryption, and how to use them. This an example of how a public and private key is used in the encryption process. A cipher is an encryption algorithm. Combining the use of a symmetric cipher and asymmetric cipher is called a hybrid cipher. Ways to attack ciphers and to get around some encryption methods are shown and described in the book. The chapter also shows methods to figure out encrypted passwords, including brute-force attacks and hash look-ups. It also offers methods to get around wireless 802.11b () and wired equivalent privacy (WEP) encryption. See also [ ] • • • References [ ] • Erickson, Jon. Hacking: The Art of Exploitation., 2003. • Beiki, Saeed., GNU GPLv3. • John Baichtal (March 3, 2008).. Retrieved March 27, 2009. • Kahsari Alhadi, Milad., GNU GPLv3. Donor challenge: A generous supporter will match your donation 3-to-1 right now. Your $5 becomes $20! Dear Internet Archive Supporter: Time is Running Out! I ask only once a year: please help the Internet Archive today. We’re an independent, non-profit website that the entire world depends on. Our work is powered by donations averaging about $41. If everyone chips in $5, we can keep this going for free. For the cost of a used paperback, we can share a book online forever. When I started this, people called me crazy. Collect web pages? Who’d want to read a book on a screen? For 21 years, we’ve backed up the Web, so if government data or entire newspapers disappear, we can say: We Got This. The key is to keep improving—and to keep it free. We have only 150 staff but run one of the world’s top websites. We’re dedicated to reader privacy. We never accept ads. But we still need to pay for servers and staff. The Internet Archive is a bargain, but we need your help. If you find our site useful, please chip in. —Brewster Kahle, Founder, Internet Archive. Donor challenge: A generous supporter will match your donation 3-to-1 right now. Your $5 becomes $20! Dear Internet Archive Supporter: Time is Running Out! I ask only once a year: please help the Internet Archive today. We’re an independent, non-profit website that the entire world depends on. Our work is powered by donations averaging about $41. If everyone chips in $5, we can keep this going for free. For the cost of a used paperback, we can share a book online forever. When I started this, people called me crazy. Collect web pages? Who’d want to read a book on a screen? For 21 years, we’ve backed up the Web, so if government data or entire newspapers disappear, we can say: We Got This. We’re dedicated to reader privacy. We never accept ads. But we still need to pay for servers and staff. If you find our site useful, please chip in. —Brewster Kahle, Founder, Internet Archive. Donor challenge: A generous supporter will match your donation 3-to-1 right now. Your $5 becomes $20! Dear Internet Archive Supporter: Time is Running Out! I ask only once a year: please help the Internet Archive today. We’re an independent, non-profit website that the entire world depends on. Our work is powered by donations averaging about $41. If everyone chips in $5, we can keep this going for free. For the cost of a used paperback, we can share a book online forever. When I started this, people called me crazy. Collect web pages? Who’d want to read a book on a screen? For 21 years, we’ve backed up the Web, so if government data or entire newspapers disappear, we can say: We Got This. We’re dedicated to reader privacy. We never accept ads. But we still need to pay for servers and staff. If you find our site useful, please chip in. —Brewster Kahle, Founder, Internet Archive. Donor challenge: A generous supporter will match your donation 3-to-1 right now. Your $5 becomes $20! Dear Internet Archive Supporter: Time is Running Out! I ask only once a year: please help the Internet Archive today. We’re an independent, non-profit website that the entire world depends on. Our work is powered by donations averaging about $41. If everyone chips in $5, we can keep this going for free. For the cost of a used paperback, we can share a book online forever. When I started this, people called me crazy. Collect web pages? Who’d want to read a book on a screen? For 21 years, we’ve backed up the Web, so if government data or entire newspapers disappear, we can say: We Got This. We’re dedicated to reader privacy. We never accept ads. But we still need to pay for servers and staff. If you find our site useful, please chip in. —Brewster Kahle, Founder, Internet Archive.
0 Comments
Leave a Reply. |
AuthorWrite something about yourself. No need to be fancy, just an overview. Archives
March 2018
Categories |