kode adsense disini
Hot Best Seller

Hacking: The Art of Exploitation

Availability: Ready to download

A comprehensive introduction to the techniques of exploitation and creative problem-solving methods commonly referred to as "hacking." It shows how hackers exploit programs and write exploits, instead of just how to run other people's exploits. This book explains the technical aspects of hacking, including stack based overflows, heap based overflows, string exploits, retur A comprehensive introduction to the techniques of exploitation and creative problem-solving methods commonly referred to as "hacking." It shows how hackers exploit programs and write exploits, instead of just how to run other people's exploits. This book explains the technical aspects of hacking, including stack based overflows, heap based overflows, string exploits, return-into-libc, shellcode, and cryptographic attacks on 802.11b.


Compare
kode adsense disini

A comprehensive introduction to the techniques of exploitation and creative problem-solving methods commonly referred to as "hacking." It shows how hackers exploit programs and write exploits, instead of just how to run other people's exploits. This book explains the technical aspects of hacking, including stack based overflows, heap based overflows, string exploits, retur A comprehensive introduction to the techniques of exploitation and creative problem-solving methods commonly referred to as "hacking." It shows how hackers exploit programs and write exploits, instead of just how to run other people's exploits. This book explains the technical aspects of hacking, including stack based overflows, heap based overflows, string exploits, return-into-libc, shellcode, and cryptographic attacks on 802.11b.

30 review for Hacking: The Art of Exploitation

  1. 5 out of 5

    Todd N

    My son swells with pride whenever I call him my little hacker. His main goal is to find a way to play Minecraft or watch Minecraft videos on YouTube. He has guessed the iPad and AppleTV passwords to achieve these goals. Once he took my phone and texted this to my wife: "This is Todd. What is the iPad password?" (I was laughing too hard to scold him for that, though we did have a talk about social engineering afterwards.) Anyway, this book describes much more sophisticated techniques starting with My son swells with pride whenever I call him my little hacker. His main goal is to find a way to play Minecraft or watch Minecraft videos on YouTube. He has guessed the iPad and AppleTV passwords to achieve these goals. Once he took my phone and texted this to my wife: "This is Todd. What is the iPad password?" (I was laughing too hard to scold him for that, though we did have a talk about social engineering afterwards.) Anyway, this book describes much more sophisticated techniques starting with program exploitation techniques -- like stack and heap overflows and returning into system() -- then moves on to network-based techniques -- like port scanning, injecting code, and hijacking connections. Then it covers related topics like avoiding detection, cracking passwords, and breaking into wireless networks. The networking stuff was already pretty familiar to me because I worked for a vulnerability detection company for about a year, and I've screwed around with stuff like nmap and packet sniffing. But the chapter that covers programming was very eye opening. Just like I didn't feel like I understood networking until I was working with "malformed" packets, I don't think I really understood C until Mr. Erickson walked me through the resulting machine code and how to use it to control the execution of a program. That chapter alone is worth the price of the book and should be read by anyone with a passing interest in writing code. The quick walk through the math behind RSA encryption was eye-opening as well, though I had to read it a few times despite the fact that it was clearly written. It was interesting to get an update on password cracking, since I haven't run a password cracker since 1997, when I ran it on an /etc/passwd file and inadvertently discovered that one of the engineers was dating the office manager because they were using the same password. Highly recommended. By the way, if you are on a Mac then I recommend running the included CD -- which can easily be downloaded from torrent sites -- via VMware Fusion. Just create a basic Linux machine or take an existing one and configure it to boot from the .iso image instead. You will be able to run all of the exercises that way. OS X doesn't come with objdump. It has something called otool that I've never used. (Plus OS X is 64-bit and it probably has modern security features, like randomizing the stack space, that will break some of the examples.)

  2. 4 out of 5

    Stuart Woolf

    This book took me a long time to get through, longer than I care to admit, but I felt this journey paid mega-dividends many times over. I cannot think of a more intellectually-enriching book I have read in the past five or six years. I read this book with the aim to learn more about assembly language and (broadly speaking) the hardware / software interface. I learned more than I ever cared to know about either of these things and so much more. It should be said, prior to purchasing this book, my This book took me a long time to get through, longer than I care to admit, but I felt this journey paid mega-dividends many times over. I cannot think of a more intellectually-enriching book I have read in the past five or six years. I read this book with the aim to learn more about assembly language and (broadly speaking) the hardware / software interface. I learned more than I ever cared to know about either of these things and so much more. It should be said, prior to purchasing this book, my experience in programming was limited to a class I took in high school and some MATLAB applications in college - that is to say, I had never programmed in C, knew almost nothing about how computers actually worked, and had yet to spend a single second on Linux or the command line of any operating system. Since then I have become comfortably familiar with C, basic (and nonbasic) Linux commands, programming in VI, reading assembly and writing shellcode. (Ok, the last one is still pretty difficult.) I learned everything I know about file permissions, networks, memory allocation, and buffer overflows from this book. (These topics were explained well enough that I could probably explain the basics to just about anyone.) I get the feeling I have only scratched the surface of powerful tools like the GNU Compiler and Debugger - and intend to learn more about both in the near future. I recommend this book to everybody. It will take a long time to get through and wont always be easy (in fact, its almost never easy) but if you learn a fraction of what I learned, you'll find this book is worth its weight in gold.

  3. 4 out of 5

    Timo

    This book is a good introductory in the subject for mainly two reasons. One is the fact that the book is clearly written and builds up gradually so you're not required to have too much information about the subject before starting to read. Second being the Livecd you can download and which works as a testing platform when you're learning the basics of programming or studying different kinds of exploits. I enjoyed reading and practicing while reading and my only beef with this book is that in my o This book is a good introductory in the subject for mainly two reasons. One is the fact that the book is clearly written and builds up gradually so you're not required to have too much information about the subject before starting to read. Second being the Livecd you can download and which works as a testing platform when you're learning the basics of programming or studying different kinds of exploits. I enjoyed reading and practicing while reading and my only beef with this book is that in my opinion there were too many source code listings in the book. Since all of the sourcecodes were in the Livecd I don't really understand why the author didn't just cut out the important parts of the sourcecodes and commented them in the book but instead pasted whole sourcecodes. It's a considerably minor thing but still while progressing started to hinder the reading experience. All in all this is a very good and informative book with clear explanations and the fact that it came with a Livecd you could test and see the same results as in the book gives good hands-on experience.

  4. 4 out of 5

    Mike O'Brien

    First of all, let me say that if you have a 64-bit computer here is what you need to know: The liveCD that comes with the book ONLY works on 32-bit computers. Luckily, I have a pentesting machine that I have Kali Linux running on. The website for the book has all of the source code, so I just downloaded it and run in on Kali and it was perfect for me. I think the only extra thing I needed to download was Perl (type: "sudo apt-get install perl" without the quotes into the command line for those o First of all, let me say that if you have a 64-bit computer here is what you need to know: The liveCD that comes with the book ONLY works on 32-bit computers. Luckily, I have a pentesting machine that I have Kali Linux running on. The website for the book has all of the source code, so I just downloaded it and run in on Kali and it was perfect for me. I think the only extra thing I needed to download was Perl (type: "sudo apt-get install perl" without the quotes into the command line for those of you unfamiliar with linux). That being said, using linux and the programs along with the book is extremely important. Without it I was completely lost, but once I starting going along my comprehension went through the roof. This book is fantastic for learning how to write your own exploits, especially buffer overflows. I learned so much about assembly language and how C programs actually work on the CPU level. I also loved learning how to spoof packets. However, this is a downside to this book, and its that it is NOT a beginner's book. There is plenty in this book that I will have to read again once I get further in my IT career. I am Cisco certified, therefore the networking stuff was great for me, however Shellcode and some of the really in depth programming stuff was interesting but over my head. There are sections of this book to teach you the basics, but its not enough, I see them as more of refreshers for people who haven't programmed in a while (like me).

  5. 5 out of 5

    Thomas

    Good book. Mostly about C and overflow-based attacks, which can be kind of confusing if you were looking for a more high-level book...

  6. 4 out of 5

    Abaseen

    A very nice introduction to buffer overflows. Though I never mastered the art of finding and exploiting them, this was the only piece of text that made me actually understand them. Aleph One's tutorial was too hard to figure out as I was in school. Still have it shelved under somewhere, perhaps good for challenging myself with an old fedora iso :) Good coverage on cryptography concepts too, must read it sometime again for a refresh.

  7. 5 out of 5

    Hugh Smalley

    While other books merely show how to run existing exploits, Hacking: The Art of Exploitation broke ground as the first book to explain how hacking and software exploits work and how readers could develop and implement their own. In the extensively updated and expanded second edition, author Jon Erickson again uses practical examples to illustrate the most common computer security issues in three related fields: programming, networking and cryptography. Includes a live CD, which provides a Linux While other books merely show how to run existing exploits, Hacking: The Art of Exploitation broke ground as the first book to explain how hacking and software exploits work and how readers could develop and implement their own. In the extensively updated and expanded second edition, author Jon Erickson again uses practical examples to illustrate the most common computer security issues in three related fields: programming, networking and cryptography. Includes a live CD, which provides a Linux programming environment and all of its benefits without the hassle of installing a new operating system. Hacking is the art of creative problem solving, whether that means finding an unconventional solution to a difficult problem or exploiting holes in sloppy programming. Many people call themselves hackers, but few have the strong technical foundation needed to really push the envelope. Rather than merely showing how to run existing exploits, author Jon Erickson explains how arcane hacking techniques actually work. To share the art and science of hacking in a way that is accessible to everyone, Hacking: The Art of Exploitation, 2nd Edition introduces the fundamentals of C programming from a hacker's perspective. Use it to follow along with the book's examples as you fill gaps in your knowledge and explore hacking techniques on your own. Get your hands dirty debugging code, overflowing buffers, hijacking network communications, bypassing protections, exploiting cryptographic weaknesses, and perhaps even inventing new exploits. This book will teach you how to: Program computers using C, assembly language, and shell scripts Corrupt system memory to run arbitrary code using buffer overflows and format strings Inspect processor registers and system memory with a debugger to gain a real understanding of what is happening Outsmart common security measures like nonexecutable stacks and intrusion detection systems Gain access to a remote server using port-binding or connect-back shellcode, and alter a server's logging behavior to hide your presence Redirect network traffic, conceal open ports, and hijack TCP connections Crack encrypted wireless traffic using the FMS attack, and speed up brute-force attacks using a password probability matrix Hackers are always pushing the boundaries, investigating the unknown, and evolving their art. Even if you don't already know how to program, Hacking: The Art of Exploitation, 2nd Edition will give you a complete picture of programming, machine architecture, network communications, and existing hacking techniques. Combine this knowledge with the accompanying Linux environment, and all you need is your own creativity.

  8. 4 out of 5

    Simón

    I had read part of this book at university, years ago. While it is no longer up to date and maybe most of the exploits and techniques described have been patched for years, the concepts and general strategies still apply. If you're looking for a general overview of security (buffer overflows, encryption, passwords, wireless networks, network-enabled apps...), I think this is still a great resource.

  9. 5 out of 5

    javier

    this is a very good book on the subject of hacking. it covers all of the fundamentals in great detail with plenty of diagrams and code examples that make the text easy to follow. Topics covered include buffer overflows, writing shellcode, and even some wireless hacking.

  10. 5 out of 5

    Joey

    I really enjoyed the sections on buffer overflows (NOP sled, overwriting the stack return pointer) and network scans/DoS attacks. This book afforded me some cool techniques I didn't learn in my Computational Science degree. The author thoroughly conveys the hacker mentality.

  11. 5 out of 5

    عَبدُالكَرِيمْ

    Hands down this is one of the best technical books I've read so far. The only missing part I think is: - no integer overflow exploitation - no details about recent techniques to bypass ASLR - some chapters are not about exploits or memory corruptions

  12. 5 out of 5

    Nick

    Really great introduction to the subject.

  13. 5 out of 5

    dersteppenwolf

    Libro apto para quienes estén interesados en el tema de la computación forense (para el resto de los mortales nos puede resultar demasiado detallado)

  14. 5 out of 5

    Eugene

    This is a fundamentals approach to hacking, diving deep into C and assembly code to give you a thorough understanding of how hacks work on the most basic level. I really liked how it selves into the source code of common tools like nmap so you understand how they work, rather than using them blindly. At the same time, I expect to revisit this book at a later stage; it ramps up quickly and the reader would benefit from a familiarity with shellcode and so on.

  15. 4 out of 5

    Ben Oliver

    Spends too much time on one topic then runs out of time to get truly creative. However it’s still worth a read if you are interested in creating exploits, particularly for Linux. Erickson also takes you through the ‘history’ of an exploit, with step by step guides that build on each other. It’s fascinating to see how ‘small’ ideas turn into really powerful tools. Not a life changing masterpiece but a good insight into the ‘hacker’ mindset, without skimping on the technical information. http://benol Spends too much time on one topic then runs out of time to get truly creative. However it’s still worth a read if you are interested in creating exploits, particularly for Linux. Erickson also takes you through the ‘history’ of an exploit, with step by step guides that build on each other. It’s fascinating to see how ‘small’ ideas turn into really powerful tools. Not a life changing masterpiece but a good insight into the ‘hacker’ mindset, without skimping on the technical information. http://benoliver999.com/book/2017/03/...

  16. 5 out of 5

    Brian Powell

    Far from comprehensive, and not a "how to" book for burgeoning hackers. Excellent coverage of buffer overflows, including sample code in C to bring it to life. Some interesting discussion of SSH man-in-the-middle and WEP attacks. The remainder of the book is standard (but good) coverage of programming, networking, and crypto.

  17. 4 out of 5

    Noah Nadeau

    Probably one of the most difficult books I've ever read, but only because it's packed full of deep level information. Definitely a must for anyone interested in learning Assembly or C coding, if only to avoid common pitfalls. Supplement this book with "A Bug Hunter's Diary" by Tobias Klein.

  18. 4 out of 5

    Joel

    The best book to start learning hacking!!!!

  19. 4 out of 5

    Danial

    Better utilized as a reference book to cherry pick topics than a deep dive from cover to cover.

  20. 4 out of 5

    Hamza Siddique

    This review has been hidden because it contains spoilers. To view it, click here. hahahahaha

  21. 5 out of 5

    Dora solano

    Good

  22. 4 out of 5

    Dave Jones

    I got this book during a one-day Amazon deal for $6.99. This is the first Kindle book that I read entirely using the desktop app. This is pretty much necessary in order to derive the full value of its content. The book contains a DVD (or an equivalent .ISO image file if you have an ebook). [Speaking of the .ISO file, it was quite a little trick for me to be able to access the content. If you have a physical book, you would just pop the DVD into your computer. (Although fewer computers have built- I got this book during a one-day Amazon deal for $6.99. This is the first Kindle book that I read entirely using the desktop app. This is pretty much necessary in order to derive the full value of its content. The book contains a DVD (or an equivalent .ISO image file if you have an ebook). [Speaking of the .ISO file, it was quite a little trick for me to be able to access the content. If you have a physical book, you would just pop the DVD into your computer. (Although fewer computers have built-in DVD slots as part of their standard configuration nowadays). I did not have a blank DVD and did not want to buy one and, of course, the ISO file is just a little too big to fit on a CD. After some searching, I found this page by the publisher. (This page was much harder to find than it should be. I’m including this link as a public service. You’re welcome.) This, along with a couple of Lifehacker articles turned me on to Virtualbox! This little wonder enabled me to create a virtual machine on my computer. This introduction is a lasting benefit that will endure way beyond this book. In other words, I hacked my way into unlocking this content. You real hackers out there may laugh at my noobiness but this is a big deal.] Anyway, getting back to the book; Erickson starts the book with a basic introduction to programming in C. The complexity level escalates very quickly into more advanced topics. I thought that this book was more mainstream than this. For a couple of chapters, I followed along very closely with the Linux content included with the book. After a point, I realized that if I wanted to finish this book this year, I needed to move a little faster. I would’ve appreciated some more content on C Programming and Linux navigation. Some links in the bibliography would’ve really helped! Potential readers need to be aware that basic Linux navigation coupled with the rudimentary knowledge of the C compiler/debugger is needed in order to fully absorb this info. The book is a survey of the techniques associated with various aspects of Hacking. The chapter introductions are interesting and informative before very quickly leading to advanced demonstrations of these types of hacks. It was difficult for me to keep my head above the informational water but I’m glad that I did as I have a greater awareness of how these work. For the more advanced, this is a good cookbook of the wide range of hacks. Even if you are fully comfortable with this material, it may take you a while to read while following the code. It’s probably not fair for me to review this book as I didn’t understand much of the very detailed hacking recipes. However, the publishers/Erickson could’ve provided more information on the prerequisites with some references on how to fully utilize the Linux and C tools needed to fully exploit this material. While I may forget a lot of the detail, I will understand the basic principles behind the various categories of hacking. I’m also grateful that I’ve been introduced to Linux and Virtualbox. (I may finally install that Windows 8 DVD I’ve had forever!)

  23. 4 out of 5

    Z3phyre

    Very Good read, no prior knowledge required to understand the book. This book take you by the hand from A to Z. Author is very thorough in explaining things he tries to teach you. I got my first steps in the Computer Security field thanks to this book.

  24. 4 out of 5

    Naessens

    Jon Erickson introduces advanced concept of exploitations from buffer overflows to shellcode injection and network sniffing. I write "introduces" because although these "hacks" are complex they are well-known nowadays and countermeasures have been developed. In the end, Erickson gives readers the basis to think by themselves and develop their own hacks. But script kiddies will be disappointed if they hope to find new weapons as most exploit described in the book have been patched by software edi Jon Erickson introduces advanced concept of exploitations from buffer overflows to shellcode injection and network sniffing. I write "introduces" because although these "hacks" are complex they are well-known nowadays and countermeasures have been developed. In the end, Erickson gives readers the basis to think by themselves and develop their own hacks. But script kiddies will be disappointed if they hope to find new weapons as most exploit described in the book have been patched by software editors. The book has a steep learning curve. Fortunately I already know C programming and the basics of the stack mechanism and memory segments, so the first chapters were not too difficult. But this is not the kind of books where you can simply read and understand or learn the new concepts explained. You need to have a pencil and a paper, or more frequently a debugger, to get your hands dirty and see for yourself how things work. There is a reason the book comes with a LiveCD to experiment with. However, Erickson's explanations are clear, precise and the examples given are well-described, sometimes to the level of the CPU instruction. Eventually, this is a very good book, well-written, even if it can be difficult from time to time. But everybody looking to understand how hackers exploit software vulnerabilities will find it interesting.

  25. 5 out of 5

    Andrew

    Finally, years later, I've finished working through this. Do not recommend. The experience is probably better if you run Linux as packaged on the Live CD. I no longer own any devices with a CD drive, so tried this on Ubuntu. Unfortunately, this worked out poorly: despite being published in 2004, the book doesn't mention "modern" protections like ASLR and non-executable stack space (until well after trying to have the reader perform a stack-based exploit). Even once they are mentioned, there's lit Finally, years later, I've finished working through this. Do not recommend. The experience is probably better if you run Linux as packaged on the Live CD. I no longer own any devices with a CD drive, so tried this on Ubuntu. Unfortunately, this worked out poorly: despite being published in 2004, the book doesn't mention "modern" protections like ASLR and non-executable stack space (until well after trying to have the reader perform a stack-based exploit). Even once they are mentioned, there's little to no discussion of more modern attack vectors, such as ROP. Example code is all-around low quality (sure, it's demonstrating exploitable code, but aside from that it's quite poor C), explanations aren't nearly as clear as other guides to the same topics (see below). The book isn't written for a very clear audience: it starts from assuming the reader has never written any code to explaining pointers and assembly a few dozen pages later (oof!), and many examples spend pages navigating application logic of the author's own example code rather than focusing on showing and explaining exploit examples. Instead of this book, read: * Smashing the Stack for Fun and Profit * Smashing the Stack in 2011 * A good book on TCP/IP

  26. 4 out of 5

    Acc13

    Great book. Good overviews of topics before diving into guts. Section intros are breezy reads with lots of information, but the deep dives following get quite technical and slow. Book starts with intro to programming and assembly before getting to the main event. Developers can skim or skip this part. Provides great information on overflow and printf vulnerabilities, network hacking, and producing compact, polymorphic shellcode in the printable ascii range. Touches on hiding tracks, but only barely - Great book. Good overviews of topics before diving into guts. Section intros are breezy reads with lots of information, but the deep dives following get quite technical and slow. Book starts with intro to programming and assembly before getting to the main event. Developers can skim or skip this part. Provides great information on overflow and printf vulnerabilities, network hacking, and producing compact, polymorphic shellcode in the printable ascii range. Touches on hiding tracks, but only barely - no kernel hacking/rootkit section. The only other shortcoming is the crypto section is light (although the WEP vulnerabilities section was cool); but I would have been happy foregoing the crypto and getting more on evasion and exfiltration. Most all the vulnerabilities discussed have existing countermeasures - if one is up to date on patches; but he builds on the vulnerability/countermeasure/counter-countermeasure, etc. Highly recommended for software professionals; and required reading for developers.

  27. 4 out of 5

    Sergey

    Довольно интересная книга для полных новичков, однако не дает фундаментальной информации, большая часть книги посвящена теоретическим аспектам, как повторение ключевых моментов языка программирования С , описание TCP/IP стека. Эксплойты по большей части описываются базируясь на проблемах связанных с С, огромное количество языков с автоматическим управлением памяти привело к тому, что довольно много разработчиков не знают, что такое stackoverflow или segmentation fault. Хотя бы ради этой цели и п Довольно интересная книга для полных новичков, однако не дает фундаментальной информации, большая часть книги посвящена теоретическим аспектам, как повторение ключевых моментов языка программирования С , описание TCP/IP стека. Эксплойты по большей части описываются базируясь на проблемах связанных с С, огромное количество языков с автоматическим управлением памяти привело к тому, что довольно много разработчиков не знают, что такое stackoverflow или segmentation fault. Хотя бы ради этой цели и понимания как ломались системы в середине 90х книгу стоит прочитать. Методы сетевых эксплойтов тоже крайне примитивные и в основном базируются на атаках типа – “отказ от обслуживания”, другие рассматривает вкратце. Как общий обзор или путеводитель к выбору дальнейшего направления изучения данной области вполне подойдет. Возможно из-за того, что тема довольно скользская книга не получилась фундаментальной. Для практических навыков можно найти намного больше информации почитав подшивку журнала “Хакер” за последние пару лет.

  28. 5 out of 5

    Nathan

    This book was hard to read but more than worth it. This book argues that Hackers are misunderstood and that they should be respected as problem solvers, and the Author did a great job of persuading you of that. It is certainly a challenging book because it is basically a text book. But it was written in a way that made sense, It showed you some code, and gave you an example of it in a real life situation. It used a C-like Pseudo-Code Syntax which I think is a good thing to start off, and I would This book was hard to read but more than worth it. This book argues that Hackers are misunderstood and that they should be respected as problem solvers, and the Author did a great job of persuading you of that. It is certainly a challenging book because it is basically a text book. But it was written in a way that made sense, It showed you some code, and gave you an example of it in a real life situation. It used a C-like Pseudo-Code Syntax which I think is a good thing to start off, and I would really like to move on to harder and more difficult coding books. This is definitely a good starting book, and I'm glad that I read it even though it took me forever because of how much information it had.

  29. 5 out of 5

    Dan Watts

    I chose this book because I wanted more technical information on hacking/cracking than what you find in general interest books on the topic. Be careful what you wish for! Although I'm a software developer, I found this book to be tough sledding. About 1/3 of the book is code (C and assembler) and terminal I/O listings, and another 1/3 are walkthroughs of the code. Many of the higher-level passages were also tough to grasp, such as explanations of how decryption algorithms work. By browsing throu I chose this book because I wanted more technical information on hacking/cracking than what you find in general interest books on the topic. Be careful what you wish for! Although I'm a software developer, I found this book to be tough sledding. About 1/3 of the book is code (C and assembler) and terminal I/O listings, and another 1/3 are walkthroughs of the code. Many of the higher-level passages were also tough to grasp, such as explanations of how decryption algorithms work. By browsing through the book I did get a better understanding of various techniques used by hackers/crackers, but this book will be of far more use to those who actually intend to put these techniques to use. For them, this seems to be a first-rate tutorial - an Anarchists Cookbook for modern revolutionaries.

  30. 5 out of 5

    Adrià Sant'anna

    I m gonna reread it again for sure... too many new concepts and techniques to learn. Very interesting if you like computers.

Add a review

Your email address will not be published. Required fields are marked *

Loading...
We use cookies to give you the best online experience. By using our website you agree to our use of cookies in accordance with our cookie policy.