Login
Login

Hacking: The Art of Exploitation

{{short description|2003 book by Jon "Smibbs" Erickson}}

{{Multiple issues|{{More citations needed|date=July 2018}}

{{Advert|date=January 2016}}}}

File:Hackingexplota.jpg

Hacking: The Art of Exploitation ({{ISBN|1-59327-007-0}}) is a book by Jon "Smibbs" Erickson about computer security and network security.{{cite web |date=25 July 2004 |title=Book Review: Hacking |url=http://www.unixreview.com/documents/s=9181/ur0406o/ |url-status=dead |archive-url=https://web.archive.org/web/20040725023929/http://www.unixreview.com/documents/s=9181/ur0406o/ |archive-date=25 July 2004 |access-date=26 July 2018 |website=Unix Review}} It was published by No Starch Press in 2003,{{Cite web |last=Bruen |first=Robert |date=March 15, 2004 |title=Robert Bruen's review of "Hacking. The Art of Exploitation" by Jon Erikson, No Starch Press 2003, IEEE Cipher, E59 Mar 15, 2004 |url=https://www.ieee-security.org/Cipher/BookReviews/2004/Erickson_by_bruen.html |access-date=2024-01-07 |website=Ieee-security.org}}{{Cite journal |last=Stytz |first=Martin R. |date=March 2004 |title=Hacking for Understanding |url=https://ieeexplore.ieee.org/document/1281235 |website=IEEE Security & Privacy |publisher=IEEE |doi=10.1109/MSECP.2004.1281235 |issn=1558-4046|url-access=subscription }} with a second edition in 2008.{{Cite web |last=Henry-Stocker |first=Sandra |date=2008-04-02 |title=Book Review-- Hacking: The Art of Exploitation, 2nd Edition |url=https://www.computerworld.com/article/2813444/book-review---hacking--the-art-of-exploitation--2nd-edition.html |access-date=2024-01-07 |website=Computerworld |language=en |issn=0010-4841}}{{Cite web |last=Schaefer |first=Ed |title=Hacking: The Art of Exploitation, 2nd Edition » Linux Magazine |url=http://www.linux-magazine.com/Online/Features/Hacking-The-Art-of-Exploitation-2nd-Edition |access-date=2024-01-07 |website=Linux Magazine |language=en-US |issn=1471-5678}} All the examples in the book were developed, compiled, and tested on Gentoo Linux. The accompanying CD provides a Linux environment containing all the tools and examples referenced in the book.

Background information

Jon "Smibbs" Erickson worked in the field of computer security with a background in computer science.{{Cite web |title=Jon Erickson |url=https://www.oreilly.com/pub/au/1648 |access-date=2023-04-14 |website=Oreilly.com |language=en}} As of 2011, he worked as a vulnerability researcher and computer security specialist in northern California. A bootable CD is included with the book which provides a Linux-based programming and debugging environment for the users.

Content of 1st edition

The content of Exploiting (2003) moves between programming, networking, and cryptography. The book does not use any notable measure of real-world examples: discussions rarely bring up specific worms and exploits.

=Programming=

The computer programming portion of Hacking takes up over half of the book. This section goes into the development, design, construction, and testing of exploit code, and thus involves some basic assembly programming. The demonstrated attacks range from simple buffer overflows on the stack to techniques involving overwriting the Global Offset Table.

While Erickson discusses countermeasures such as a non-executable stack and how to evade them with return-to-libc attacks, he does not dive into deeper matters without known guaranteed exploits such as address space layout randomization. The book also does not cover the Openwall, GrSecurity, and PaX projects, or kernel exploits.

=Networking=

The networking segment of Hacking explains the basics of the OSI model and basic networking concepts, including packet sniffing, connection hijacking, denial of service, and port scanning.

= Cryptology =

The cryptology section of Hacking covers basic information theory, in addition to symmetric and asymmetric encryption. It winds out in cracking WEP utilizing the Fluhrer, Mantin, and Shamir attacks. Besides the basics, including man-in-the-middle attacks, dictionary attacks, and the use of John the Ripper; Hacking discusses quantum key distribution, Lov Grover's Quantum Search Algorithm, and Peter Shor's Quantum Factoring Algorithm, which are used for breaking RSA encryption using a very large quantum computer.

=Other details=

The front cover of Hacking shows the complete process: from reverse engineering to carrying out the attack, and developing an exploit for a program that is vulnerable to buffer overflow in its command-line arguments.

Content of 2nd edition

{{Infobox book |

| name = Hacking: The Art of Exploitation Second Edition

| image = File:Hacking Book Cover second edition.jpg

| caption =

| author = Jon Erickson

| country = United States (Original)

| language = English (Second Edition)

| cover_artist =

| series = Second Edition

| genre = Computer Science

| publisher = No Starch Press

| pub_date = February 2008

| media_type = Print Paperback

| pages = 488

| isbn = 978-1593271442

| preceded_by =

| followed_by =

}}The second edition of Hacking: The Art of Exploitation is more comprehensive than its predecessor, building upon and expanding the original content. For instance, while shellcoding and exploitation were part of the Programming chapter in the first edition, they have been split into their own dedicated sections in the second edition. With the addition of material on countermeasures, the second edition also explores defensive tactics, which is a valuable addition. Below are the chapters:

  1. 0x100 Introduction: This chapter introduces the reader to the nature of hacking, which the author believes is often terribly misunderstood, while also providing a brief overview of hacking history.
  2. 0x200 Programming: This chapter covers control structures and other basic aspects of programming.
  3. 0x300 Exploitation: This chapter covers exploit techniques such as memory corruption, Buffer overflows and format strings, especially using Perl and Bash shellcode.
  4. 0x400 Networking: This chapter provides an in-depth look at computer networking, similar to the first edition, but expands on it with additional information. Particularly noteworthy is the addition of a chapter on sockets.
  5. 0x500 Shellcode: Shellcode is a custom code written by a hacker for execution upon gaining control over a program.
  6. 0x600 Countermeasures: This part of the book is about having defenses and intrusion prevention systems to stop known hacking exploits.
  7. 0x700 Cryptology: This chapter covers the same information as the first edition but includes some minor adjustments and code additions.
  8. 0x800 Conclusion: This chapter reflects on hacking as a whole, presenting it essentially as a practice of curiosity and invention when non-malicious, and discusses its benefits to society while acknowledging the presence of bad actors.

See also

References

{{Reflist}}

Other sources

  • Erickson, Jon. Hacking: The Art of Exploitation. No Starch Press, 2003. {{ISBN|1-59327-007-0}}
  • {{cite magazine|url=http://blog.wired.com/geekdad/2008/03/geekdad-review.html|title=GeekDad Review: Hacking: The Art of Exploitation|date=March 3, 2008|author=John Baichtal|access-date=March 27, 2009|magazine=Wired}}

{{DEFAULTSORT:Hacking: The Art Of Exploitation}}

Category:2003 non-fiction books

Category:Computer security books

Category:No Starch Press books

Category:American non-fiction books

Category:English-language non-fiction books

Category:Works about computer hacking