Hacking: The Art of Exploitation
Encyclopedia
Hacking: The Art of Exploitation (ISBN 1-59327-007-0) is a book written by Jon "Smibbs" Erickson and published by No Starch Press
in 2003. It is a computer security
and network security
book. All of the examples in the book were developed, compiled, and tested on Gentoo Linux
.
, networking
, and cryptography
. While well explained, it is a technical piece; some C programming
experience is essential, although a basic understanding of networking and cryptography helps as well.
While Hacking is packed with technically accurate, detailed information, it is still a basic introduction to the subject of computer security. Hacking also does not use any notable measure of real-world examples; discussions rarely bring up specific worms and exploits that had previously existed, such as the PNG library overflows or the Blaster worm and related RPC
service overflow. Thus, an inexperienced reader may not immediately make the connection between the theory and the reality of attack.
portion of Hacking makes up over half of the book's total content. This section goes into the development, design, construction, and testing of exploit code, and thus involves some basic assembly programming. The demonstrated attacks range from simple buffer overflow
s on the stack
to complex techniques involving overwriting the global offset table.
While Erickson discusses some countermeasures such as a non-executable stack and how to evade them with return-to-libc attack
s, he does not dive into deeper matters without known guaranteed exploits such as address space layout randomization
. Most protections afforded by the Openwall
, GrSecurity
, and PaX
projects appear to be out of scope for Hacking; as do kernel exploits.
It has been suggested that Hacking be used to teach "basic computer programming fundamentals" in one review included in the opening pages of the book. Although these reviews are placed in the text for marketing
purposes, the programming section of the book is technically accurate and does convey a lot of information not taught in typical introductory computer programming classes. Whether its use as a fundamental teaching tool would lead to more security-conscious and security-competent programmers overall is, however, neither studied nor proven.
segment of Hacking has control of less than half of the remaining text. It explains the basics of the OSI model
and basic networking concepts; packet sniffing
; connection hijacking; denial of service; and port scanning.
Although technically accurate, the networking section of Hacking only serves as a basic introduction to network security. Countermeasures such as complex firewalls; Stateful Packet Inspection; network address translation
, the threat of firewalking, and countermeasures thereof; intrusion detection and prevention; and virtual private network
s are not discussed.
. It winds out in cracking WEP
utilizing the Fluhrer, Mantin, and Shamir Attack.
This section appears to be miscellaneous information for the aspiring cryptology scholar. Besides the basics, including man-in-the-middle attack
s, dictionary attack
s, and the use of John the Ripper
; Hacking discusses quantum key distribution, Lov Grover's Quantum Search Algorithm
, and Peter Shor's Quantum Factoring Algorithm
for breaking RSA encryption using a very large quantum computer
.
No Starch Press
No Starch Press is a publishing company specializing in computer books for the technically savvy, or "geek entertainment" as they term it. They have published such titles as Hacking: The Art of Exploitation, Silence on the Wire, Steal This Computer Book 4.0, Steal This File Sharing Book, Write...
in 2003. It is a computer security
Computer security
Computer security is a branch of computer technology known as information security as applied to computers and networks. The objective of computer security includes protection of information and property from theft, corruption, or natural disaster, while allowing the information and property to...
and network security
Network security
In the field of networking, the area of network security consists of the provisions and policies adopted by the network administrator to prevent and monitor unauthorized access, misuse, modification, or denial of the computer network and network-accessible resources...
book. All of the examples in the book were developed, compiled, and tested on Gentoo Linux
Gentoo Linux
Gentoo Linux is a computer operating system built on top of the Linux kernel and based on the Portage package management system. It is distributed as free and open source software. Unlike a conventional software distribution, the user compiles the source code locally according to their chosen...
.
Content
The content of Hacking moves between programmingComputer programming
Computer programming is the process of designing, writing, testing, debugging, and maintaining the source code of computer programs. This source code is written in one or more programming languages. The purpose of programming is to create a program that performs specific operations or exhibits a...
, networking
Computer network
A computer network, often simply referred to as a network, is a collection of hardware components and computers interconnected by communication channels that allow sharing of resources and information....
, and cryptography
Cryptography
Cryptography is the practice and study of techniques for secure communication in the presence of third parties...
. While well explained, it is a technical piece; some C programming
C (programming language)
C is a general-purpose computer programming language developed between 1969 and 1973 by Dennis Ritchie at the Bell Telephone Laboratories for use with the Unix operating system....
experience is essential, although a basic understanding of networking and cryptography helps as well.
While Hacking is packed with technically accurate, detailed information, it is still a basic introduction to the subject of computer security. Hacking also does not use any notable measure of real-world examples; discussions rarely bring up specific worms and exploits that had previously existed, such as the PNG library overflows or the Blaster worm and related RPC
Remote procedure call
In computer science, a remote procedure call is an inter-process communication that allows a computer program to cause a subroutine or procedure to execute in another address space without the programmer explicitly coding the details for this remote interaction...
service overflow. Thus, an inexperienced reader may not immediately make the connection between the theory and the reality of attack.
Programming
The programmingComputer programming
Computer programming is the process of designing, writing, testing, debugging, and maintaining the source code of computer programs. This source code is written in one or more programming languages. The purpose of programming is to create a program that performs specific operations or exhibits a...
portion of Hacking makes up over half of the book's total content. This section goes into the development, design, construction, and testing of exploit code, and thus involves some basic assembly programming. The demonstrated attacks range from simple buffer overflow
Buffer overflow
In computer security and programming, a buffer overflow, or buffer overrun, is an anomaly where a program, while writing data to a buffer, overruns the buffer's boundary and overwrites adjacent memory. This is a special case of violation of memory safety....
s on the stack
Call stack
In computer science, a call stack is a stack data structure that stores information about the active subroutines of a computer program. This kind of stack is also known as an execution stack, control stack, run-time stack, or machine stack, and is often shortened to just "the stack"...
to complex techniques involving overwriting the global offset table.
While Erickson discusses some countermeasures such as a non-executable stack and how to evade them with return-to-libc attack
Return-to-libc attack
A return-to-libc attack is a computer security attack usually starting with a buffer overflow in which the return address on the stack is replaced by the address of another instruction and an additional portion of the stack is overwritten to provide arguments to this function...
s, he does not dive into deeper matters without known guaranteed exploits such as address space layout randomization
Address space layout randomization
Address space layout randomization is a computer security method which involves randomly arranging the positions of key data areas, usually including the base of the executable and position of libraries, heap, and stack, in a process's address space.- Benefits :Address space randomization hinders...
. Most protections afforded by the Openwall
Openwall Project
The Openwall Project is a source for various software, including Openwall GNU/*/Linux , a security-enhanced operating system designed for servers...
, GrSecurity
Grsecurity
grsecurity is a set of patches for the Linux kernel with an emphasis on enhancing security. Its typical application is in computer systems that accept remote connections from untrusted locations, such as web servers and systems offering shell access to its users.Released under the GNU General...
, and PaX
PaX
PaX is a patch for the Linux kernel that implements least privilege protections for memory pages. The least-privilege approach allows computer programs to do only what they have to do in order to be able to execute properly, and nothing more. PaX was first released in 2000.PaX flags data memory as...
projects appear to be out of scope for Hacking; as do kernel exploits.
It has been suggested that Hacking be used to teach "basic computer programming fundamentals" in one review included in the opening pages of the book. Although these reviews are placed in the text for marketing
Marketing
Marketing is the process used to determine what products or services may be of interest to customers, and the strategy to use in sales, communications and business development. It generates the strategy that underlies sales techniques, business communication, and business developments...
purposes, the programming section of the book is technically accurate and does convey a lot of information not taught in typical introductory computer programming classes. Whether its use as a fundamental teaching tool would lead to more security-conscious and security-competent programmers overall is, however, neither studied nor proven.
Networking
The networkingComputer network
A computer network, often simply referred to as a network, is a collection of hardware components and computers interconnected by communication channels that allow sharing of resources and information....
segment of Hacking has control of less than half of the remaining text. It explains the basics of the OSI model
OSI model
The Open Systems Interconnection model is a product of the Open Systems Interconnection effort at the International Organization for Standardization. It is a prescription of characterizing and standardizing the functions of a communications system in terms of abstraction layers. Similar...
and basic networking concepts; packet sniffing
Packet sniffer
A packet analyzer is a computer program or a piece of computer hardware that can intercept and log traffic passing over a digital network or part of a network...
; connection hijacking; denial of service; and port scanning.
Although technically accurate, the networking section of Hacking only serves as a basic introduction to network security. Countermeasures such as complex firewalls; Stateful Packet Inspection; network address translation
Network address translation
In computer networking, network address translation is the process of modifying IP address information in IP packet headers while in transit across a traffic routing device....
, the threat of firewalking, and countermeasures thereof; intrusion detection and prevention; and virtual private network
Virtual private network
A virtual private network is a network that uses primarily public telecommunication infrastructure, such as the Internet, to provide remote offices or traveling users access to a central organizational network....
s are not discussed.
Cryptology
The cryptology section of Hacking consumes the rest of the book's pages. This is another bottom-up section, starting off with basic information theory and moving through symmetric and asymmetric encryptionEncryption
In cryptography, encryption is the process of transforming information using an algorithm to make it unreadable to anyone except those possessing special knowledge, usually referred to as a key. The result of the process is encrypted information...
. It winds out in cracking WEP
Wired Equivalent Privacy
Wired Equivalent Privacy is a weak security algorithm for IEEE 802.11 wireless networks. Introduced as part of the original 802.11 standard ratified in September 1999, its intention was to provide data confidentiality comparable to that of a traditional wired network...
utilizing the Fluhrer, Mantin, and Shamir Attack.
This section appears to be miscellaneous information for the aspiring cryptology scholar. Besides the basics, including man-in-the-middle attack
Man-in-the-middle attack
In cryptography, the man-in-the-middle attack , bucket-brigade attack, or sometimes Janus attack, is a form of active eavesdropping in which the attacker makes independent connections with the victims and relays messages between them, making them believe that they are talking directly to each other...
s, dictionary attack
Dictionary attack
In cryptanalysis and computer security, a dictionary attack is a technique for defeating a cipher or authentication mechanism by trying to determine its decryption key or passphrase by searching likely possibilities.-Technique:...
s, and the use of John the Ripper
John the Ripper
John the Ripper is a free password cracking software tool. Initially developed for the UNIX operating system, it currently runs on fifteen different platforms...
; Hacking discusses quantum key distribution, Lov Grover's Quantum Search Algorithm
Grover's algorithm
Grover's algorithm is a quantum algorithm for searching an unsorted database with N entries in O time and using O storage space . It was invented by Lov Grover in 1996....
, and Peter Shor's Quantum Factoring Algorithm
Shor's algorithm
Shor's algorithm, named after mathematician Peter Shor, is a quantum algorithm for integer factorization formulated in 1994...
for breaking RSA encryption using a very large quantum computer
Quantum computer
A quantum computer is a device for computation that makes direct use of quantum mechanical phenomena, such as superposition and entanglement, to perform operations on data. Quantum computers are different from traditional computers based on transistors...
.
Other Details
- The front cover of Hacking is the complete cycle, from reverse engineering to carrying out the attack, of developing an exploit for a program that dies of a buffer overflow over long command line arguments. The example is very specific and does not necessarily reflect reverse engineering any similar exploit.
- The Persian translation of this book (released under GNU GPLv3 by Saeed Beiki) is available through http://www.secumania.net/include/files/Art-of-Exploitation-Persian.pdf
- There is also an updated version of this book also written by Jon Erickson called Hacking: The Art of Exploitation, Second Edition.
See also
- Hacking: The Art of Exploitation Second EditionHacking: The Art of Exploitation Second Edition-Author and background information:This book is written by Jon Erickson and was published in 2008. Jon Erickson is a computer security expert, with a background in computer science. He currently works as a vulnerability researcher and computer security specialist in California. He also wrote...
- Computer insecurityComputer insecurityComputer insecurity refers to the concept that a computer system is always vulnerable to attack, and that this fact creates a constant battle between those looking to improve security, and those looking to circumvent security.-Security and systems design:...
- Computer securityComputer securityComputer security is a branch of computer technology known as information security as applied to computers and networks. The objective of computer security includes protection of information and property from theft, corruption, or natural disaster, while allowing the information and property to...
- Network securityNetwork securityIn the field of networking, the area of network security consists of the provisions and policies adopted by the network administrator to prevent and monitor unauthorized access, misuse, modification, or denial of the computer network and network-accessible resources...