2nd Edition, Hacking: The Art of Exploitation
ByJon Erickson★ ★ ★ ★ ★ | |
★ ★ ★ ★ ☆ | |
★ ★ ★ ☆ ☆ | |
★ ★ ☆ ☆ ☆ | |
★ ☆ ☆ ☆ ☆ |
Looking for2nd Edition, Hacking: The Art of Exploitation in PDF?
Check out Scribid.com
Audiobook
Check out Audiobooks.com
Check out Audiobooks.com
Readers` Reviews
★ ★ ★ ★ ★
raffaela
This is indeed an excellent book. I would surely recommend this book to anybody needing insights into different hacking methods. I am a graduate student in computer science and I don't think there are too many books on this subject out there that are better than this one.
★ ★ ★ ★ ☆
antoinette
This book is a great source of information in regards to software security and exploitation specially for newbies in the security field. The book walks you through code and explains each part of the code. It comes with a CD so most code won't work if you use another system.
Great book.
Great book.
★ ★ ★ ★ ★
micki
On page 7 alone we encounter the words 'esoteric', 'arcane', 'intuitive', 'mitigated', and 'nebulous'.
A computer science book that treats English with all the observance and precision a programmer would exercise in the coding of 'elegant' syntax.
Whether you are an IT professional or just a curious onlooker -- if you are a reader able to appreciate an author's skillful demystification of dense and challenging subject matter, you are sure to find pleasure in these pages.
Jon Erickson has bid the world a book to be proud of. Five stars and a (black) hat off!
A computer science book that treats English with all the observance and precision a programmer would exercise in the coding of 'elegant' syntax.
Whether you are an IT professional or just a curious onlooker -- if you are a reader able to appreciate an author's skillful demystification of dense and challenging subject matter, you are sure to find pleasure in these pages.
Jon Erickson has bid the world a book to be proud of. Five stars and a (black) hat off!
A Tour of Statistical Software Design - The Art of R Programming :: About That Night (FBI/US Attorney Book 3) :: My Kind of You (A Trillium Bay Novel Book 1) :: Underneath It All (The Walsh Series Book 1) :: Project-Based Introduction to Programming - A Hands-On
★ ★ ★ ☆ ☆
aravinda
You need to have a background in C programming to grasp the information in this book. Information is skimmed over and them you are fed something complex and expected to get it from what you already read - not so. It is like teaching somebody that 2 squared is 4 and then expecting them to be able to do Calculus Differentiation and Integration - no joke. I do believe the book will eventually be useful to me but I have a lot to learn first like how to code in C.
★ ★ ★ ☆ ☆
katherine podrasky
Book is pretty interesting and does help with knowledge. Have not got to far in the book but running into a lot of issues with the CD. since computers/Laptops nowadays don't come with a CD-ROM you have to download a torrent file and run it on a Player which is causing a bunch of issues and will not start up. emailed to get help and they were not to much help so will be troubleshooting my self.
★ ★ ★ ☆ ☆
angela norris
This book gives some good breakdown to coding and processor instructions. The included CD is an antiquated version of Ubuntu which is very out dated and has security issues in itself. I am an IT pro, I have been using Linux since RedHat version 1 and I am a user of it daily in my professional and personal life.
The CD is so outdated that it will not load on any of my newer machines outside of a VM... inside the VM it has issues as well with the network and monitor resolutions... very much a P.I.A.
I have not made it past the first couple chapters... difficult to follow exactly what is being said / demonstrated and what I should really be looking for. Some of the demonstrations commands are for different versions of the OS so it is difficult to apply them to a new version of Linux (Ubuntu).
Furthermore: I wish that the book or the website would list what programs I need to load in a new distro so I can use my existing desktops. Instead I am going one by one and will install what is needed when it is needed. But it would be nice to have them listed so I am sure to be fluid in my learning.
The CD is so outdated that it will not load on any of my newer machines outside of a VM... inside the VM it has issues as well with the network and monitor resolutions... very much a P.I.A.
I have not made it past the first couple chapters... difficult to follow exactly what is being said / demonstrated and what I should really be looking for. Some of the demonstrations commands are for different versions of the OS so it is difficult to apply them to a new version of Linux (Ubuntu).
Furthermore: I wish that the book or the website would list what programs I need to load in a new distro so I can use my existing desktops. Instead I am going one by one and will install what is needed when it is needed. But it would be nice to have them listed so I am sure to be fluid in my learning.
★ ★ ★ ☆ ☆
ryan macphee
Book just describes some basic "hacking" techniques. So basic it hurts.
Every developer should know this basic tech.
SQL injection in web pages? Jou must be joking. Buffer overrun? Ever tried that on an unknown app?
Easy reading, but better spend time leaning assembler. I will find out more about hacking.
It is not that easy anymore in 2010.
Every developer should know this basic tech.
SQL injection in web pages? Jou must be joking. Buffer overrun? Ever tried that on an unknown app?
Easy reading, but better spend time leaning assembler. I will find out more about hacking.
It is not that easy anymore in 2010.
★ ★ ★ ☆ ☆
colleen besselievre
This book should be entitled, "How to exploit buffer overflows on Linux systems to get a root shell". That is the full extent of the topics covered (unless you want to count the rather weak and out of date single chapter on cryptography that discusses 802.11b and WEP). If you're looking for information on Windows systems or modern programming languages then this is not the right book.
★ ★ ★ ☆ ☆
erick cabeza figueroa
The company has little support of its software. The software doesn't appear to be compatible with my Mac OS and I would love to work hands-on with the material, which is one of the compelling reasons I bought the software. Otherwise, the reading material is very helpful and I applaud Erickson for giving us some of his knowledge.
★ ★ ★ ★ ★
marwa hamed
This book stretches the middle ground between being a highly technical and then a how to. It assumes you know nothing about programming and thus gives you a intro to program in about 1 chapter. After establish a foundation it immediate starts to teach you how what you learned can be exploited if not implemented properly. The next few chapter each take of field that can be exploited and informs you of how it is those attacks can occur and how one might detect those attacks. Those fields include; networking, shellcode and privilege, countermeasures, and cryptology. If you are remotely interested in hacking and willing to learn to code, then this is a great book to read. The following is a short chapter summery to give you a better idea of the breadth of this book.
Programming: After having just learned to program as a freshman in college a few years ago, this chapter covers about 70% of a intro class. It starts out by assuming you know nothing and thus teaches you all the foundation needed to program. They style is a mix of easy to read and understand “English code” and then the actual code for which you just read. The code style for those you care is a pseudo c style. It covers everything from conditions, variable, work horse statements, strings, to memory and file access.
Exploitation: After having just learned all these cool new ideas and the basic of how to code, you then learn about the dangers of the tools you’ve been given. At this point in the book the author assumes you can read is pseudo code and thus does not go to great lengths to explains the ins and outs of each code snippet. But general gives you a basic outline of the main point of the code. In these sections, it is usually pertaining to how a program crashed. Topics in this section include; basic exploit vectors, buffer overflows, Bash experiments, and Format strings.
Networking: As with the style of this book it assumes you know nothing and thus explains in again a very clear manor networking. From OSI model (physical layer, data link layer, networking layer, transport layer, session layer, presentation layer, application layer) to sockets and internet addresses in this case using IPV4. As in previous chapter the author explains these topics which would otherwise be very dry and boring in a clear and succinct manor. Topics in this chapter include; OSI Model, Sockets, Examination of lower OSI layers, Network sniffing, DOS attacks, TCP/IP hacking, Port scanning, and then pseudo code for some of these.
Shellcode: This chapter goes more into depth of how shellcode might be exploited.
Programming: After having just learned to program as a freshman in college a few years ago, this chapter covers about 70% of a intro class. It starts out by assuming you know nothing and thus teaches you all the foundation needed to program. They style is a mix of easy to read and understand “English code” and then the actual code for which you just read. The code style for those you care is a pseudo c style. It covers everything from conditions, variable, work horse statements, strings, to memory and file access.
Exploitation: After having just learned all these cool new ideas and the basic of how to code, you then learn about the dangers of the tools you’ve been given. At this point in the book the author assumes you can read is pseudo code and thus does not go to great lengths to explains the ins and outs of each code snippet. But general gives you a basic outline of the main point of the code. In these sections, it is usually pertaining to how a program crashed. Topics in this section include; basic exploit vectors, buffer overflows, Bash experiments, and Format strings.
Networking: As with the style of this book it assumes you know nothing and thus explains in again a very clear manor networking. From OSI model (physical layer, data link layer, networking layer, transport layer, session layer, presentation layer, application layer) to sockets and internet addresses in this case using IPV4. As in previous chapter the author explains these topics which would otherwise be very dry and boring in a clear and succinct manor. Topics in this chapter include; OSI Model, Sockets, Examination of lower OSI layers, Network sniffing, DOS attacks, TCP/IP hacking, Port scanning, and then pseudo code for some of these.
Shellcode: This chapter goes more into depth of how shellcode might be exploited.
★ ★ ★ ★ ★
dongwon
This is the last in a recent collection of reviews on "hacking" books. Jon Erickson's Hacking, 2nd Ed (H2E) is one of the most remarkable books in the group I just read. H2E is in some senses amazing because the author takes the reader on a journey through programming, exploitation, shellcode, and so forth, yet helps the reader climb each mountain. While the material is sufficiently technical to scare some readers away, those that remain will definitely learn more about the craft.
H2E accomplishes a very difficult task. The book strives to take readers with little to no real "hacking" knowledge to a level where they can at least understand, if not perform, fairly complicated digital security tasks. Other books aren't as successful, e.g., "Gray Hat Hacking," which features material on C, assembly, Python, etc. into one short chapter. In contrast, H2E, in my opinion, does a credible job leading the reader from pseudo-code to C and assembly. Now, I would not recommend this book as a reader's sole introduction to programming, let alone C or assembly. Please see my older reviews for recommendations on books devoted to those topics. Still, H2E credibly integrates programming into the hacker narrative in a compelling and educational manner.
The author also has a great eye for consistency and style. I welcomed reading his examples using gdb, where he presented code, explained it, stepped through execution, showed memory, transitioned from displaying source, then assembly, and so on. This was a compelling teaching method that technical authors should try to emulate.
Overall I really liked H2E, hence the 5 star review. My only main gripe was the author seems to believe that it's in society's benefit for black hats to test and exploit defenses. His claims on p4 and p 319 that hackers improve security reminds me of the broken window fallacy, meaning it's economically beneficial to break windows so a repairman has a job. In reality, the security world is more a redirection of resources away from more beneficial innovation, not a way to build "good security jobs." Furthermore, all of the supposed advances spurred by reacting to intruder activity do not result in increased security in the enterprise. At this point so much legacy software and equipment is deployed that intruders can always find a way to accomplish their mission, thanks often to the discoveries of so-called hackers. At the end of the day one has to accept the reality that intruders will always try to breach defenses, so it behooves defenders to understand attackers for the benefit of defense.
H2E accomplishes a very difficult task. The book strives to take readers with little to no real "hacking" knowledge to a level where they can at least understand, if not perform, fairly complicated digital security tasks. Other books aren't as successful, e.g., "Gray Hat Hacking," which features material on C, assembly, Python, etc. into one short chapter. In contrast, H2E, in my opinion, does a credible job leading the reader from pseudo-code to C and assembly. Now, I would not recommend this book as a reader's sole introduction to programming, let alone C or assembly. Please see my older reviews for recommendations on books devoted to those topics. Still, H2E credibly integrates programming into the hacker narrative in a compelling and educational manner.
The author also has a great eye for consistency and style. I welcomed reading his examples using gdb, where he presented code, explained it, stepped through execution, showed memory, transitioned from displaying source, then assembly, and so on. This was a compelling teaching method that technical authors should try to emulate.
Overall I really liked H2E, hence the 5 star review. My only main gripe was the author seems to believe that it's in society's benefit for black hats to test and exploit defenses. His claims on p4 and p 319 that hackers improve security reminds me of the broken window fallacy, meaning it's economically beneficial to break windows so a repairman has a job. In reality, the security world is more a redirection of resources away from more beneficial innovation, not a way to build "good security jobs." Furthermore, all of the supposed advances spurred by reacting to intruder activity do not result in increased security in the enterprise. At this point so much legacy software and equipment is deployed that intruders can always find a way to accomplish their mission, thanks often to the discoveries of so-called hackers. At the end of the day one has to accept the reality that intruders will always try to breach defenses, so it behooves defenders to understand attackers for the benefit of defense.
★ ★ ★ ★ ★
christab
As the book mentioned, hacking is the creative art of problem solving. By that spirit, anybody who tries to solve a problem beyond the original intent of the object could be consider hackers. Hacking with computers is a craft that sometimes misunderstood by many, especially after some of the portraits in media. The book takes this dense subject and breaks it down into small pieces that assumes no prior knowledge of the subject. The seven main topics includes programming, exploitation, networking, shellcode, countermeasures, and cryptology.
The text is pretty dense because the subject is dense. As someone who is interested in the topic but do not code for food, I read the introduction to get an overview of the concept and try out a few codes, knowing where to go back to if I need it in a future date. To that extend, this books serves my purpose well. I was especially interested in chapter 4 on the topics of Networking. There are many high level tools that achieves the programs in the chapters do (Hping, Scapy) for Syn Flood, port scanning, etc. But it is very useful to see the low level code.
Overall, I think this is a great book on the topic as many have pointed out on the various book review forums.
The text is pretty dense because the subject is dense. As someone who is interested in the topic but do not code for food, I read the introduction to get an overview of the concept and try out a few codes, knowing where to go back to if I need it in a future date. To that extend, this books serves my purpose well. I was especially interested in chapter 4 on the topics of Networking. There are many high level tools that achieves the programs in the chapters do (Hping, Scapy) for Syn Flood, port scanning, etc. But it is very useful to see the low level code.
Overall, I think this is a great book on the topic as many have pointed out on the various book review forums.
★ ★ ★ ★ ☆
ali alshalali
This book primarily focuses on teaching buffer overflow exploits under Linux. Accompanying the book is a tailored Linux CD that will allow you to practice the concepts taught in the book. This is important because the techniques shown in the book will not work on most modern Linux distributions without crippling the security features that are baked into them (ASLR, stack canaries, DEP, etc). As such, the book focuses on teaching you the concepts without having you worry about turning off security features on Linux. While most of these techniques are outdated, they are necessary for understanding more modern exploitation techniques.
To really benefit from this book, it's recommended that you know some C and x86 assembly, as well as a good understanding of how function calls happen, how the stack works, and how memory is organized. The book does cover additional hacking techniques such as format string exploits and some Wi-Fi. crypto, but most of them are just lightly touched on. The book does not cover Windows exploitation at all, although if you can become comfortable with Linux exploitation, learning Windows exploitation is a little bit easier.
Overall I give this book 4/5. Great for people just getting into Linux exploitation. Granted there are other documents out there on the Internet that provide the same information, but the good thing about this book is really the accompanying Linux CD that allows you to quickly test out the concepts without worrying about things like ASLR, DEP, etc...
To really benefit from this book, it's recommended that you know some C and x86 assembly, as well as a good understanding of how function calls happen, how the stack works, and how memory is organized. The book does cover additional hacking techniques such as format string exploits and some Wi-Fi. crypto, but most of them are just lightly touched on. The book does not cover Windows exploitation at all, although if you can become comfortable with Linux exploitation, learning Windows exploitation is a little bit easier.
Overall I give this book 4/5. Great for people just getting into Linux exploitation. Granted there are other documents out there on the Internet that provide the same information, but the good thing about this book is really the accompanying Linux CD that allows you to quickly test out the concepts without worrying about things like ASLR, DEP, etc...
★ ★ ★ ☆ ☆
virna
This book is a good intro into hacking techniques but what I really want people to know is how bad the publisher, No Startch, is.
First, putting a CD with the book is a great idea. But instead of making it an .iso image where you can use a virtual machine to load teh image and run the OS and software easily, the CD wants to be booted form a PC. I checked the publishers web site at [...] and they tell you to go to this torrent site to download a copy of the .iso image. Well that site recommends the Vuze bit torrent client and that where all my trouble began. Installing Vize also installed a toolbar in firefox which it never asked permission for. It also install something called the "conduit engine" which I could not uninstall using Windows 7 add/remove. The only way I got my PC back was to use system restore.
When I finally did get the .iso image, VMPlayer had trouble getting installed as the image assume your booting from your CD drive. The VMware script provided didn't work either: I can't find where in VMplayer to open this file.
Note to the publisher: find a better way to get folks the .iso image that doesn't require hours of frustration and work!
First, putting a CD with the book is a great idea. But instead of making it an .iso image where you can use a virtual machine to load teh image and run the OS and software easily, the CD wants to be booted form a PC. I checked the publishers web site at [...] and they tell you to go to this torrent site to download a copy of the .iso image. Well that site recommends the Vuze bit torrent client and that where all my trouble began. Installing Vize also installed a toolbar in firefox which it never asked permission for. It also install something called the "conduit engine" which I could not uninstall using Windows 7 add/remove. The only way I got my PC back was to use system restore.
When I finally did get the .iso image, VMPlayer had trouble getting installed as the image assume your booting from your CD drive. The VMware script provided didn't work either: I can't find where in VMplayer to open this file.
Note to the publisher: find a better way to get folks the .iso image that doesn't require hours of frustration and work!
★ ★ ★ ★ ★
aparamita
Contents
This is the second edition of a well known book about hacking and contains a lot about hacking. Jon Erickson has expanded the book from the first edition doubling the number of pages to 450 pages and a Linux based Live-CD is also included.
I don't own the first edition, since I had to choose between Hacking by Jon Erickson and The Shellcoders Handbook (first edition, it is also in 2nd ed. now). I choose the Shellcoders handbook, which I have considered my bible for buffer overflows and hacking.
Now that I have read Jon Ericksons book about hacking I have two bibles, both excellent and well written, both covering some of the same stuff - but in very different ways.
This book details the steps done to perform buffer overflows on Linux on the x86 architecture. So detailed that any computer science student can do it, and they should. Every computer science student or aspiring programmer should be forced to read this book along with another book called 19 deadly sins of software programming.
That alone would improve internet security and program reliability in the future. Why you may ask, because this book teaches hacking, and how you can get started hacking.
Not hacking as doing criminal computer break ins, but thinking like an old-school hacker - doing clever stuff, seeing the things others don't. This book contains the missing link back to the old days, where hackers were not necessarily bad guys. Unfortunately today the term hacker IS dead in the public eye, it HAS been maimed, mutilated and the war about changing it back to the old meaning is over. (Actually this war was fought in the 1990's but some youngsters new to hacking still think it can be won, don't waste your time.) The word hacking can still be used in both ways, just make sure the receiver knows what you are talking about :-)
This book teaches hacking in the old sense of the word and contains the explanation that most others books don't - and at the same time it introduces all the basic skills for performing various types of overflow attacks. Then the book also digress into some wireless security and even WEP cracking, but this part is pretty slim, not bad, just only a few pages. This is OK, since I think of this more as an example of extending the hacking into new areas and hopefully inspires more people to look into wireless security.
The best part about this book is that it is not just a book with a random Live-CD. It is an inspiration and your fingers will itch to get started trying the examples explained and experiment with the programs. This alone is the single feature that makes this book worth it, you will do the exercises and learn from them. Learn a lot.
To sum it up this books contains clever tricks and easy to follow exercises, so you can learn to apply them.
Target audience
This book is for anyone interested in hacking and developing exploits. While the primary target audience is newcomers to this field I benefitted from the thorough walkthrough of the basics once again. This book kept reminding me about things I have forgotten and also some new things and tricks I hadn't thought of myself.
Conclusion
If you are a beginning hacker and want to get started, but was confused
by various text files found on the internet, this is the book to buy.
If you want to learn how to do basic stuff and get started thinking like a hacker, this is the book to buy.
If you are a software programmer that has started to think about software security, this is the book to buy.
This book goes from beginning hacker to inspired intermediate hacker and explains everything in depth and is well planned and you will be able to extract an awful lot of information about the way programs really work after reading this book.
If you read this book from cover to cover you will be able to follow most other references about hacking, books, papers, zines etc. from the internet.
So this book is recommended for anyone interested in hacking and could be a nice start to having your own library about hacking. Reading this book first will also help you understand other books about hacking better and get more information from them by thinking in the right way.
Then later you could expand this library with books like, Steven Levy Hackers, Steven Levy Crypto, Shellcoders Handbook, Clifford Stoll Cuckoos Egg and other references.
I am not missing much from this book, but a short explanation how you could run this CD along with your usual operating system, using something like VMware Player would have been nice.
Links:
The home page for this book is: [...]
This is the second edition of a well known book about hacking and contains a lot about hacking. Jon Erickson has expanded the book from the first edition doubling the number of pages to 450 pages and a Linux based Live-CD is also included.
I don't own the first edition, since I had to choose between Hacking by Jon Erickson and The Shellcoders Handbook (first edition, it is also in 2nd ed. now). I choose the Shellcoders handbook, which I have considered my bible for buffer overflows and hacking.
Now that I have read Jon Ericksons book about hacking I have two bibles, both excellent and well written, both covering some of the same stuff - but in very different ways.
This book details the steps done to perform buffer overflows on Linux on the x86 architecture. So detailed that any computer science student can do it, and they should. Every computer science student or aspiring programmer should be forced to read this book along with another book called 19 deadly sins of software programming.
That alone would improve internet security and program reliability in the future. Why you may ask, because this book teaches hacking, and how you can get started hacking.
Not hacking as doing criminal computer break ins, but thinking like an old-school hacker - doing clever stuff, seeing the things others don't. This book contains the missing link back to the old days, where hackers were not necessarily bad guys. Unfortunately today the term hacker IS dead in the public eye, it HAS been maimed, mutilated and the war about changing it back to the old meaning is over. (Actually this war was fought in the 1990's but some youngsters new to hacking still think it can be won, don't waste your time.) The word hacking can still be used in both ways, just make sure the receiver knows what you are talking about :-)
This book teaches hacking in the old sense of the word and contains the explanation that most others books don't - and at the same time it introduces all the basic skills for performing various types of overflow attacks. Then the book also digress into some wireless security and even WEP cracking, but this part is pretty slim, not bad, just only a few pages. This is OK, since I think of this more as an example of extending the hacking into new areas and hopefully inspires more people to look into wireless security.
The best part about this book is that it is not just a book with a random Live-CD. It is an inspiration and your fingers will itch to get started trying the examples explained and experiment with the programs. This alone is the single feature that makes this book worth it, you will do the exercises and learn from them. Learn a lot.
To sum it up this books contains clever tricks and easy to follow exercises, so you can learn to apply them.
Target audience
This book is for anyone interested in hacking and developing exploits. While the primary target audience is newcomers to this field I benefitted from the thorough walkthrough of the basics once again. This book kept reminding me about things I have forgotten and also some new things and tricks I hadn't thought of myself.
Conclusion
If you are a beginning hacker and want to get started, but was confused
by various text files found on the internet, this is the book to buy.
If you want to learn how to do basic stuff and get started thinking like a hacker, this is the book to buy.
If you are a software programmer that has started to think about software security, this is the book to buy.
This book goes from beginning hacker to inspired intermediate hacker and explains everything in depth and is well planned and you will be able to extract an awful lot of information about the way programs really work after reading this book.
If you read this book from cover to cover you will be able to follow most other references about hacking, books, papers, zines etc. from the internet.
So this book is recommended for anyone interested in hacking and could be a nice start to having your own library about hacking. Reading this book first will also help you understand other books about hacking better and get more information from them by thinking in the right way.
Then later you could expand this library with books like, Steven Levy Hackers, Steven Levy Crypto, Shellcoders Handbook, Clifford Stoll Cuckoos Egg and other references.
I am not missing much from this book, but a short explanation how you could run this CD along with your usual operating system, using something like VMware Player would have been nice.
Links:
The home page for this book is: [...]
★ ★ ★ ☆ ☆
jeff rensch
This book is a good intro into hacking techniques but what I really want people to know is how bad the publisher, No Startch, is.
First, putting a CD with the book is a great idea. But instead of making it an .iso image where you can use a virtual machine to load teh image and run the OS and software easily, the CD wants to be booted form a PC. I checked the publishers web site at [...] and they tell you to go to this torrent site to download a copy of the .iso image. Well that site recommends the Vuze bit torrent client and that where all my trouble began. Installing Vize also installed a toolbar in firefox which it never asked permission for. It also install something called the "conduit engine" which I could not uninstall using Windows 7 add/remove. The only way I got my PC back was to use system restore.
When I finally did get the .iso image, VMPlayer had trouble getting installed as the image assume your booting from your CD drive. The VMware script provided didn't work either: I can't find where in VMplayer to open this file.
Note to the publisher: find a better way to get folks the .iso image that doesn't require hours of frustration and work!
First, putting a CD with the book is a great idea. But instead of making it an .iso image where you can use a virtual machine to load teh image and run the OS and software easily, the CD wants to be booted form a PC. I checked the publishers web site at [...] and they tell you to go to this torrent site to download a copy of the .iso image. Well that site recommends the Vuze bit torrent client and that where all my trouble began. Installing Vize also installed a toolbar in firefox which it never asked permission for. It also install something called the "conduit engine" which I could not uninstall using Windows 7 add/remove. The only way I got my PC back was to use system restore.
When I finally did get the .iso image, VMPlayer had trouble getting installed as the image assume your booting from your CD drive. The VMware script provided didn't work either: I can't find where in VMplayer to open this file.
Note to the publisher: find a better way to get folks the .iso image that doesn't require hours of frustration and work!
★ ★ ★ ★ ★
andreu
Contents
This is the second edition of a well known book about hacking and contains a lot about hacking. Jon Erickson has expanded the book from the first edition doubling the number of pages to 450 pages and a Linux based Live-CD is also included.
I don't own the first edition, since I had to choose between Hacking by Jon Erickson and The Shellcoders Handbook (first edition, it is also in 2nd ed. now). I choose the Shellcoders handbook, which I have considered my bible for buffer overflows and hacking.
Now that I have read Jon Ericksons book about hacking I have two bibles, both excellent and well written, both covering some of the same stuff - but in very different ways.
This book details the steps done to perform buffer overflows on Linux on the x86 architecture. So detailed that any computer science student can do it, and they should. Every computer science student or aspiring programmer should be forced to read this book along with another book called 19 deadly sins of software programming.
That alone would improve internet security and program reliability in the future. Why you may ask, because this book teaches hacking, and how you can get started hacking.
Not hacking as doing criminal computer break ins, but thinking like an old-school hacker - doing clever stuff, seeing the things others don't. This book contains the missing link back to the old days, where hackers were not necessarily bad guys. Unfortunately today the term hacker IS dead in the public eye, it HAS been maimed, mutilated and the war about changing it back to the old meaning is over. (Actually this war was fought in the 1990's but some youngsters new to hacking still think it can be won, don't waste your time.) The word hacking can still be used in both ways, just make sure the receiver knows what you are talking about :-)
This book teaches hacking in the old sense of the word and contains the explanation that most others books don't - and at the same time it introduces all the basic skills for performing various types of overflow attacks. Then the book also digress into some wireless security and even WEP cracking, but this part is pretty slim, not bad, just only a few pages. This is OK, since I think of this more as an example of extending the hacking into new areas and hopefully inspires more people to look into wireless security.
The best part about this book is that it is not just a book with a random Live-CD. It is an inspiration and your fingers will itch to get started trying the examples explained and experiment with the programs. This alone is the single feature that makes this book worth it, you will do the exercises and learn from them. Learn a lot.
To sum it up this books contains clever tricks and easy to follow exercises, so you can learn to apply them.
Target audience
This book is for anyone interested in hacking and developing exploits. While the primary target audience is newcomers to this field I benefitted from the thorough walkthrough of the basics once again. This book kept reminding me about things I have forgotten and also some new things and tricks I hadn't thought of myself.
Conclusion
If you are a beginning hacker and want to get started, but was confused
by various text files found on the internet, this is the book to buy.
If you want to learn how to do basic stuff and get started thinking like a hacker, this is the book to buy.
If you are a software programmer that has started to think about software security, this is the book to buy.
This book goes from beginning hacker to inspired intermediate hacker and explains everything in depth and is well planned and you will be able to extract an awful lot of information about the way programs really work after reading this book.
If you read this book from cover to cover you will be able to follow most other references about hacking, books, papers, zines etc. from the internet.
So this book is recommended for anyone interested in hacking and could be a nice start to having your own library about hacking. Reading this book first will also help you understand other books about hacking better and get more information from them by thinking in the right way.
Then later you could expand this library with books like, Steven Levy Hackers, Steven Levy Crypto, Shellcoders Handbook, Clifford Stoll Cuckoos Egg and other references.
I am not missing much from this book, but a short explanation how you could run this CD along with your usual operating system, using something like VMware Player would have been nice.
Links:
The home page for this book is: [...]
This is the second edition of a well known book about hacking and contains a lot about hacking. Jon Erickson has expanded the book from the first edition doubling the number of pages to 450 pages and a Linux based Live-CD is also included.
I don't own the first edition, since I had to choose between Hacking by Jon Erickson and The Shellcoders Handbook (first edition, it is also in 2nd ed. now). I choose the Shellcoders handbook, which I have considered my bible for buffer overflows and hacking.
Now that I have read Jon Ericksons book about hacking I have two bibles, both excellent and well written, both covering some of the same stuff - but in very different ways.
This book details the steps done to perform buffer overflows on Linux on the x86 architecture. So detailed that any computer science student can do it, and they should. Every computer science student or aspiring programmer should be forced to read this book along with another book called 19 deadly sins of software programming.
That alone would improve internet security and program reliability in the future. Why you may ask, because this book teaches hacking, and how you can get started hacking.
Not hacking as doing criminal computer break ins, but thinking like an old-school hacker - doing clever stuff, seeing the things others don't. This book contains the missing link back to the old days, where hackers were not necessarily bad guys. Unfortunately today the term hacker IS dead in the public eye, it HAS been maimed, mutilated and the war about changing it back to the old meaning is over. (Actually this war was fought in the 1990's but some youngsters new to hacking still think it can be won, don't waste your time.) The word hacking can still be used in both ways, just make sure the receiver knows what you are talking about :-)
This book teaches hacking in the old sense of the word and contains the explanation that most others books don't - and at the same time it introduces all the basic skills for performing various types of overflow attacks. Then the book also digress into some wireless security and even WEP cracking, but this part is pretty slim, not bad, just only a few pages. This is OK, since I think of this more as an example of extending the hacking into new areas and hopefully inspires more people to look into wireless security.
The best part about this book is that it is not just a book with a random Live-CD. It is an inspiration and your fingers will itch to get started trying the examples explained and experiment with the programs. This alone is the single feature that makes this book worth it, you will do the exercises and learn from them. Learn a lot.
To sum it up this books contains clever tricks and easy to follow exercises, so you can learn to apply them.
Target audience
This book is for anyone interested in hacking and developing exploits. While the primary target audience is newcomers to this field I benefitted from the thorough walkthrough of the basics once again. This book kept reminding me about things I have forgotten and also some new things and tricks I hadn't thought of myself.
Conclusion
If you are a beginning hacker and want to get started, but was confused
by various text files found on the internet, this is the book to buy.
If you want to learn how to do basic stuff and get started thinking like a hacker, this is the book to buy.
If you are a software programmer that has started to think about software security, this is the book to buy.
This book goes from beginning hacker to inspired intermediate hacker and explains everything in depth and is well planned and you will be able to extract an awful lot of information about the way programs really work after reading this book.
If you read this book from cover to cover you will be able to follow most other references about hacking, books, papers, zines etc. from the internet.
So this book is recommended for anyone interested in hacking and could be a nice start to having your own library about hacking. Reading this book first will also help you understand other books about hacking better and get more information from them by thinking in the right way.
Then later you could expand this library with books like, Steven Levy Hackers, Steven Levy Crypto, Shellcoders Handbook, Clifford Stoll Cuckoos Egg and other references.
I am not missing much from this book, but a short explanation how you could run this CD along with your usual operating system, using something like VMware Player would have been nice.
Links:
The home page for this book is: [...]
★ ★ ★ ★ ★
shamenaz
I bought this book quite some time back, and finally got around to finishing it. Absolutely worth every last cent. Fantastic read, great, detailed information. No, this is not a step-by-step break into your neighbors computer primer. This IS a very detailed book that teaches you how to THINK like a hacker, and solve problems in new and unusual ways. It teaches you how computers operate deep down in the dark corners that nobody really understands, and goes far above and beyond the knowledge you'll find in other hacking books I've looked at.
This book is the reason I started purchasing No-Starch Press books, and I can tell you now, I have never been disappointed. Every book that is published by No-Starch is leaps and bounds beyond the comparative works published by their competitors. If there were ten stars, it wouldn't be high enough of a rating for this book, and others by No-Starch Pres!
This book is the reason I started purchasing No-Starch Press books, and I can tell you now, I have never been disappointed. Every book that is published by No-Starch is leaps and bounds beyond the comparative works published by their competitors. If there were ten stars, it wouldn't be high enough of a rating for this book, and others by No-Starch Pres!
★ ★ ★ ★ ★
cid lacelle
This book does an excellent job of explain various techniques that hackers employ. The explainations include examples, source code, breakouts, and descriptions. The book progresses from basic examples to more complex by building upon a project a little at a time.
The book bascially covers 3 broad areas: programming, networking, and cryptogrophy.
Programming covers buffer overflows, stack exploits, heap overflows, polymorphic code, inline loaders and other information. Examples are presented in C and assembly. Networking covers many different exploits generally centered around the modification of packets and/or spoofing. Cryptography generally covers password based attacks.
The author has a careful approach that makes the book enjoyable to read and easy to follow. He does not jump from one step to the next without covering each step in detail. This makes the text both readable and enjoyable.
Most examples are realted to Unix or Linux but the exploits are universal. Several different tools are described and all were open source.
Highly recommended.
The book bascially covers 3 broad areas: programming, networking, and cryptogrophy.
Programming covers buffer overflows, stack exploits, heap overflows, polymorphic code, inline loaders and other information. Examples are presented in C and assembly. Networking covers many different exploits generally centered around the modification of packets and/or spoofing. Cryptography generally covers password based attacks.
The author has a careful approach that makes the book enjoyable to read and easy to follow. He does not jump from one step to the next without covering each step in detail. This makes the text both readable and enjoyable.
Most examples are realted to Unix or Linux but the exploits are universal. Several different tools are described and all were open source.
Highly recommended.
★ ★ ★ ★ ☆
lesley mccannell
Its important to understand what this book tries to cover. Erikson covers specific hacking techniques. He stays close to Linux and C to illustrate the techniques and he exploits a lot of open source software. The goal is to familiarize the reader with the different types of exploits.
In Chapter 6, the author explains: "The state of computer security is a constantly changing landscape...if you understand the concepts of the core hacking techniques explained in this book, you can apply them in new and inventive ways to solve the problem du jour. Like LEGO bricks, these techniques can be used in millions nof different combinations and configurations. As with art, the more you practice these techniques, the better you'll understand them." Clearly, Erickson is passionate about the subject matter he covers in his book.
Any ability to exploit vulnerabilities requires a thorough understanding of the underlying subject. Here Erikson's book offers a number of quick primers on topics such as C programming and network protocols. These introductions are valuable because they introduce the subject and give you deep dives into specifics. They give you some sense of how hacking can lead to a greater understanding of the system under exploit. For example in Chapter 4, Erikson goes from introducing us to the OSI model to socket programming in four pages. But because of a very engaging writing style, it doesn't feel like a hurried course.
After the introduction in which he covers C programming language basics, Erikson introduces us to exploitation via a buffer overflow example. He covers network hacking techniques such as denial of service, TCP/IP hijacking and port scanning. He delves into the more involved topic of spawning shell code to gain control of a system. And in a very entertaining Chapter 6, he shows you how to bypass security measures that detect and track hackers. In the final chapter, he covers hacking techniques for cryptography.
In Chapter 6, the author explains: "The state of computer security is a constantly changing landscape...if you understand the concepts of the core hacking techniques explained in this book, you can apply them in new and inventive ways to solve the problem du jour. Like LEGO bricks, these techniques can be used in millions nof different combinations and configurations. As with art, the more you practice these techniques, the better you'll understand them." Clearly, Erickson is passionate about the subject matter he covers in his book.
Any ability to exploit vulnerabilities requires a thorough understanding of the underlying subject. Here Erikson's book offers a number of quick primers on topics such as C programming and network protocols. These introductions are valuable because they introduce the subject and give you deep dives into specifics. They give you some sense of how hacking can lead to a greater understanding of the system under exploit. For example in Chapter 4, Erikson goes from introducing us to the OSI model to socket programming in four pages. But because of a very engaging writing style, it doesn't feel like a hurried course.
After the introduction in which he covers C programming language basics, Erikson introduces us to exploitation via a buffer overflow example. He covers network hacking techniques such as denial of service, TCP/IP hijacking and port scanning. He delves into the more involved topic of spawning shell code to gain control of a system. And in a very entertaining Chapter 6, he shows you how to bypass security measures that detect and track hackers. In the final chapter, he covers hacking techniques for cryptography.
★ ★ ★ ★ ☆
mary thigpen
After reading more than 12 different books on this subject, finally I came across this, the best book ever on security. This is the kind of book that gives you what it promises on the cover. I was quiet impressed with the contents and style of writing.
I must add that I have learned a lot from this book, enough to help me in protecting my network and any unauthorized attempt to access my information. This is not for entertainment, like the others which I found in this genre (read Ankit Fadia and you will know what I mean here), this is some serious work by done by an author who knows what he his telling to the readers, and what they will understand. However, somewhere in between it get too technical, and one actually has to sit in front a computer to try and see what the author is trying to tell, but I liked it for being so real and accurate about computer security.
The author has done his homework well before writing it. I found almost all the information correct and original. Wonder why some people have given negative reviews for this book? Because, one has to be a technical qualified in computer security to fully understand what author is telling you. It's like me writing a review for a cooking recipe book. Also, I will like to add that buy it for securing your network, but don't expect it to teach you some serious hacking. For that you have to put lots of real efforts than just buying a book and reading it, though this book can always be a firm stepping stone!
I must add that I have learned a lot from this book, enough to help me in protecting my network and any unauthorized attempt to access my information. This is not for entertainment, like the others which I found in this genre (read Ankit Fadia and you will know what I mean here), this is some serious work by done by an author who knows what he his telling to the readers, and what they will understand. However, somewhere in between it get too technical, and one actually has to sit in front a computer to try and see what the author is trying to tell, but I liked it for being so real and accurate about computer security.
The author has done his homework well before writing it. I found almost all the information correct and original. Wonder why some people have given negative reviews for this book? Because, one has to be a technical qualified in computer security to fully understand what author is telling you. It's like me writing a review for a cooking recipe book. Also, I will like to add that buy it for securing your network, but don't expect it to teach you some serious hacking. For that you have to put lots of real efforts than just buying a book and reading it, though this book can always be a firm stepping stone!
★ ★ ★ ★ ☆
jiyoung
People often talk about whether the hacker technique genre of books such as Hacking Exposed, Hack Attacks Revealed or Counter Hack actually do more to teach the next generation of hackers and crackers than they do to help educate people about security. Those books don't go to nearly the depth that Hacking: The Art of Exploitation does.
Jon Erickson picks up more or less where those other books leave off. He provides a look at techniques and tools used by hackers as well, but he also gives a more comprehensive look at stack overflows, heap overflows, string vulnerabilities and other commonly exploited weaknesses.
Rather than simply describing the vulnerabilities and their exploits theoretically or showing you how to use pre-existing tools to exploit the vulnerabilities, Jon Erickson provides the nuts & bolts you need to learn how to program your own exploit code.
Arguably, this information could very well be used by a hacker wannabe to learn how to break into machines illegally. However, like the other hacker technique genre books, the purpose is to educate so that we can better protect ourselves from such hackers.
Armed with the information in this book you can actively develop your own exploit code to conduct vulnerability and penetration testing- the results of which could be very valuable in helping to secure your networks and computers.
This is an excellent book. Those who are ready to move on to Level 2 should pick this book up and read it thoroughly.
(...)
Jon Erickson picks up more or less where those other books leave off. He provides a look at techniques and tools used by hackers as well, but he also gives a more comprehensive look at stack overflows, heap overflows, string vulnerabilities and other commonly exploited weaknesses.
Rather than simply describing the vulnerabilities and their exploits theoretically or showing you how to use pre-existing tools to exploit the vulnerabilities, Jon Erickson provides the nuts & bolts you need to learn how to program your own exploit code.
Arguably, this information could very well be used by a hacker wannabe to learn how to break into machines illegally. However, like the other hacker technique genre books, the purpose is to educate so that we can better protect ourselves from such hackers.
Armed with the information in this book you can actively develop your own exploit code to conduct vulnerability and penetration testing- the results of which could be very valuable in helping to secure your networks and computers.
This is an excellent book. Those who are ready to move on to Level 2 should pick this book up and read it thoroughly.
(...)
★ ★ ★ ★ ☆
jaculin
I had read, and very much enjoyed, the first edition of "Hacking - The Art of Exploitation" a few years ago. I was pleased to read and review this second edition. I was surprised, when I received the book, that it was much expanded from the first edition.
The author starts by describing the subject and then there is a rather lengthy introduction to C and assembly language. The author then discusses how vulnerabilities in software can be exploited. Various methods of exploiting network vulnerabilities are explored and the underlying protocols examined. I found this analysis very thorough. Shell code - the creation and use - is described well by the author. Various countermeasures used by both a defender and a persistent attacker are described and the author sets the context of the continuity of the battle well. Finally there is an analysis of the role of cryptography in defending computer systems and some thoughts as to mitigation of some of this by an attacker.
Overall, I was very impressed by the depth of the author's knowledge and enjoyed his writing style. It is a very good book which I can recommend to any one who wishes to know how to improve the security of their machines. Know thine enemy!
I have given the book 4 stars, because personally, I found the introductory programming chapter too long, though this extended treatment would benefit a lot of readers. As a disclaimer, I did receive the book for review from the publishers (for which I am most grateful).
The author starts by describing the subject and then there is a rather lengthy introduction to C and assembly language. The author then discusses how vulnerabilities in software can be exploited. Various methods of exploiting network vulnerabilities are explored and the underlying protocols examined. I found this analysis very thorough. Shell code - the creation and use - is described well by the author. Various countermeasures used by both a defender and a persistent attacker are described and the author sets the context of the continuity of the battle well. Finally there is an analysis of the role of cryptography in defending computer systems and some thoughts as to mitigation of some of this by an attacker.
Overall, I was very impressed by the depth of the author's knowledge and enjoyed his writing style. It is a very good book which I can recommend to any one who wishes to know how to improve the security of their machines. Know thine enemy!
I have given the book 4 stars, because personally, I found the introductory programming chapter too long, though this extended treatment would benefit a lot of readers. As a disclaimer, I did receive the book for review from the publishers (for which I am most grateful).
★ ★ ★ ★ ☆
blair wisenbaker
This is the best general introduction to the mystery of exploits available to the technically-informed reader who does not frequent hacker channels or chats.
The bulk of the writing concentrates on the vulnerabilities of C, particularly overflows of the buffer, stack and heap. A thorough introduction to shellcoding is provided with numerous examples. Readers should have a good working knowledge of Intel assembler but, although most examples are from Linux, no detailed knowledge of the operating system is required.
There is a section on network exploits involving sniffing, TCP/IP hijacking, port scanning and DoS which is brief but a good introduction to the actual techniques used. The cryptology section has some nuggets of information, but is too brief to cover this extensive topic on its own.
Well worth reading if you've ever been puzzled by references to "smashing the stack" or "man in the middle attacks". Programmers should become very thoughtful about their code when they read this. An excellent introduction to the topic.
The bulk of the writing concentrates on the vulnerabilities of C, particularly overflows of the buffer, stack and heap. A thorough introduction to shellcoding is provided with numerous examples. Readers should have a good working knowledge of Intel assembler but, although most examples are from Linux, no detailed knowledge of the operating system is required.
There is a section on network exploits involving sniffing, TCP/IP hijacking, port scanning and DoS which is brief but a good introduction to the actual techniques used. The cryptology section has some nuggets of information, but is too brief to cover this extensive topic on its own.
Well worth reading if you've ever been puzzled by references to "smashing the stack" or "man in the middle attacks". Programmers should become very thoughtful about their code when they read this. An excellent introduction to the topic.
★ ★ ★ ★ ★
geordie halma
The book it’s a very good introduction to different technical topics of IT security. Even if the author tried to make the text easy for non-technical peoples (the chapter about programming starts with an explanation about pseudo-codes) some programming experience is required (ideally C/C++) in order to get the best of this book.
a complete review can be found here: [...]
a complete review can be found here: [...]
★ ★ ★ ★ ★
marcella demars
Excellent book. Starts a bit slow and I was worried, but before
I knew it I was writing shellcode and overflowing buffers.
Very excellent approach. No high level mumbo jumbo. If you
work the examples you will understand and be able to do basic buffer
overflows, as well as network overflows/dial outs.
cool stuff.
The linux approach was fine. Windows would be nice, but whatever. Just port
the methods to Windows, a good learning task anyway!
I knew it I was writing shellcode and overflowing buffers.
Very excellent approach. No high level mumbo jumbo. If you
work the examples you will understand and be able to do basic buffer
overflows, as well as network overflows/dial outs.
cool stuff.
The linux approach was fine. Windows would be nice, but whatever. Just port
the methods to Windows, a good learning task anyway!
★ ★ ★ ★ ★
noemi
I just finished the book along with all the excercises and I must say that it has been a great journey and an amazing learning experience. It required me to do a bit of Googling to cement some stuff that he don't cover as good as I would have like it but it forced me to work on researching. After having experienced the process I can honestly say that all people who give this book bad reviews are too inexperienced to dive in. Some don't even know how to boot with a VM - I had 100% sucess the 1st time around and the VM never failed on any other attempt. So if you can't make something as simple as a VM please do your research and then try again. I have been an IT admin for over 12 years and I got interested in security 2 years ago, having no background on programming it was a hard book to dig but it was possible. Thanks to the author for a wonderful piece!!!
★ ★ ★ ★ ★
hadley
This was overall an amazing book! It moves through elementary material, such as programming, very quickly, and assumes the reader already knows some concepts (such as using Linux), so there is a bit of a learning curve. However, this book really opened up my mind to understanding how computers work and how people who know what they're doing can use unorthodox techniques to make them do things they were never intended to. "Hacking: The Art of Exploitation" was a great read. I highly recommend it.
★ ★ ★ ★ ☆
micky78
You have probably heard of such hacking techniques as buffer overflows. Typically, a book might give only cursory explanation, especially if it is not devoted to hacking. But suppose you write in C. Chances are you've inadvertantly created buffer overflows and then spent hours chasing this down, after your program crashed. So how on earth can a deliberate overflow lead to a breakin?
It is for such matters that Erickson expounds here. Written for you, whether you want to create such exploits or prevent them. In either case, the knowledge is the same.
What the book requires is some knowledge of C and assembly. For the latter, it is the language of the Intel x86 family. But even if you don't know it, so long as you are familiar with any assembly language and the theory of a Neumann machine, then you can follow the text.
This book is not for every programmer. It turns out that a fair number of programmers get into the field by learning a high level language like C, Fortran, Java or Pascal. But they never learn any assembly. To them, anything compiled from source is a black box. Instead, you need some background in assembly.
The book also gives neat coverage of how to sniff network traffic and manipulate it. There is a section on cryptography. But for this, it is so specialised and vital that you should consult texts dedicated to it.
It is for such matters that Erickson expounds here. Written for you, whether you want to create such exploits or prevent them. In either case, the knowledge is the same.
What the book requires is some knowledge of C and assembly. For the latter, it is the language of the Intel x86 family. But even if you don't know it, so long as you are familiar with any assembly language and the theory of a Neumann machine, then you can follow the text.
This book is not for every programmer. It turns out that a fair number of programmers get into the field by learning a high level language like C, Fortran, Java or Pascal. But they never learn any assembly. To them, anything compiled from source is a black box. Instead, you need some background in assembly.
The book also gives neat coverage of how to sniff network traffic and manipulate it. There is a section on cryptography. But for this, it is so specialised and vital that you should consult texts dedicated to it.
Please Rate2nd Edition, Hacking: The Art of Exploitation