Transcription of H nd Edition Hacking - ZenK-Security
1 Livecd provides a complete linux programming and debugging environmentjon ericksonHacking2nd Editionthe art of exploitationT H E F I N E S T I N G E E K E N T E R T A I N M E N T w w I LAY FLAT. Th i s b o o k u s e s Re p Kove r a d u ra b l e b i n d i n g t h a t w o n t s n a p s h u t. Printed on recycled paperHacking is the art of creative problem solving, whether that means finding an unconventional solution to a difficult problem or exploiting holes in sloppy programming. Many people call themselves hackers, but few have the strong technical founda-tion needed to really push the than merely showing how to run existing exploits, author Jon Erickson explains how arcane Hacking techniques actually work. To share the art and science of Hacking in a way that is accessible to everyone, Hacking : The Art of Exploitation, 2nd Edition introduces the fundamentals of C program-ming from a hacker s included LiveCD provides a complete Linux programming and debugging environment all without modifying your current operating system.
2 Use it to follow along with the book s examples as you fill gaps in your knowledge and explore hack-ing techniques on your own. Get your hands dirty debugging code, overflowing buffers, hijacking network communications, bypassing protections, exploiting cryptographic weaknesses, and perhaps even inventing new exploits. This book will teach you how to:j Program computers using C, assembly language, and shell scriptsj Corrupt system memory to run arbitrary code using buffer overflows and format stringsj Inspect processor registers and system memory with a debugger to gain a real understanding of what is happeningj Outsmart common security measures like non-executable stacks and intrusion detection systemsj Gain access to a remote server using port-binding or connect-back shellcode, and alter a server s log-ging behavior to hide your presencej Redirect network traffic, conceal open ports, and hijack TCP connectionsj Crack encrypted wireless traffic using the FMS attack, and speed up brute-force attacks using a password probability matrixHackers are always pushing the boundaries, inves-tigating the unknown.
3 And evolving their art. Even if you don t already know how to program, Hacking : The Art of Exploitation, 2nd Edition will give you a complete picture of programming, machine archi-tecture, network communications, and existing Hacking techniques. Combine this knowledge with the included Linux environment, and all you need is your own the authorJon Erickson has a formal education in computer science and has been Hacking and programming since he was five years old. He speaks at com-puter security conferences and trains security teams around the world. Currently, he works as a vulnerability researcher and security specialist in Northern California.$ ($ cdn)shelve in : computer security/network securitytHe fundamental tecHniques of serious HackingInternatIonal Best-seller!ericksonHackingthe art of exploitation2nd EditioncD in si DecD in si DePRAISE FOR THE FIRST Edition OF Hacking : THE ART OF EXPLOITATION Most complete tutorial on Hacking techniques.
4 Finally a book that does not just show how to use the exploits but how to develop them. PHRACK From all the books I ve read so far, I would consider this the seminal hackers handbook. SECURITY FORUMS I recommend this book for the programming section alone. UNIX REVIEW I highly recommend this book. It is written by someone who knows of what he speaks, with usable code, tools and examples. IEEE CIPHER Erickson s book, a compact and no-nonsense guide for novice hackers, is filled with real code and Hacking techniques and explanations of how they work. COMPUTER POWER USER (CPU) MAGAZINE This is an excellent book. Those who are ready to move on to [the next level] should pick this book up and read it thoroughly. INTERNET/NETWORK SECURITYSan Francisco Hacking : THE ART OF EXPLOITATION, 2ND Edition .
5 Copyright 2008 by Jon rights reserved. No part of this work may be reproduced or transmitted in any form or by any means, electronic or mechanical, including photocopying, recording, or by any information storage or retrieval system, without the prior written permission of the copyright owner and the 10 09 08 071 2 3 4 5 6 7 8 9 ISBN-10: 1-59327-144-1 ISBN-13: 978-1-59327-144-2 Publisher: William PollockProduction Editors: Christina Samuell and Megan DunchakCover Design: Octopod StudiosDevelopmental Editor: Tyler OrtmanTechnical Reviewer: Aaron AdamsCopyeditors: Dmitry Kirsanov and Megan DunchakCompositors: Christina Samuell and Kathleen MishProofreader: Jim BrookIndexer: Nancy GuentherFor information on book distributors or translations, please contact No Starch Press, Inc.
6 Directly:No Starch Press, De Haro Street, Suite 250, San Francisco, CA 94107phone: ; fax: ; of Congress Cataloging-in-Publication DataErickson, Jon, 1977- Hacking : the art of exploitation / Jon Erickson. -- 2nd ed. p. cm. ISBN-13: 978-1-59327-144-2 ISBN-10: 1-59327-144-1 1. Computer security. 2. Computer hackers. 3. Computer networks--Security measures. I. Title. 2007042910No Starch Press and the No Starch Press logo are registered trademarks of No Starch Press, Inc. Other product and company names mentioned herein may be the trademarks of their respective owners. Rather than use a trademark symbol with every occurrence of a trademarked name, we are using the names only in an editorial fashion and to the benefit of the trademark owner, with no intention of infringement of the information in this book is distributed on an As Is basis, without warranty.
7 While every precaution has been taken in the preparation of this work, neither the author nor No Starch Press, Inc. shall have any liability to any person or entity with respect to any loss or damage caused or alleged to be caused directly or indirectly by the information contained in on recycled paper in the United States of AmericaBRIEF CONTENTSP reface ..xiAcknowledgments .. xii0x100 Introduction ..10x200 Programming ..50x300 Exploitation ..1150x400 Networking ..1950x500 Shellcode ..2810x600 Cryptology ..3930x800 Conclusion ..451 Index ..455 CONTENTS IN DETAILPREFACExiACKNOWLEDGMENTSxii0x100 INTRODUCTION10x200 PROGRAMMING50x210 What Is Programming? .. 60x220 Pseudo-code .. 70x230 Control Structures .. 80x231 80x232 While/Until Loops.
8 90x233 For Loops .. 100x240 More Fundamental Programming Concepts .. 110x241 Variables .. 110x242 Arithmetic Operators .. 120x243 Comparison Operators .. 140x244 160x250 Getting Your Hands Dirty .. 190x251 The Bigger Picture .. 200x252 The x86 Processor .. 230x253 Assembly 250x260 Back to 370x261 Strings .. 380x262 Signed, Unsigned, Long, and Short .. 410x263 Pointers .. 430x264 Format 480x265 Typecasting .. 510x266 Command-Line Arguments .. 580x267 Variable Scoping .. 620x270 Memory Segmentation .. 690x271 Memory Segments in C .. 750x272 Using the Heap .. 770x273 Error-Checked malloc() .. 800x280 Building on Basics .. 810x281 File Access .. 810x282 File Permissions .. 870x283 User IDs .. 880x284 960x285 Function Pointers.
9 1000x286 Pseudo-random Numbers .. 1010x287 A Game of Chance .. 102viiiContents in Detail0x300 EXPLOITATION1150x310 Generalized Exploit Techniques .. 1180x320 Buffer Overflows .. 1190x321 Stack-Based Buffer Overflow Vulnerabilities .. 1220x330 Experimenting with 1330x331 Using the 1420x340 Overflows in Other Segments .. 1500x341 A Basic Heap-Based Overflow .. 1500x342 Overflowing Function Pointers .. 1560x350 Format 1670x351 Format 1670x352 The Format String 1700x353 Reading from Arbitrary Memory Addresses .. 1720x354 Writing to Arbitrary Memory Addresses .. 1730x355 Direct Parameter Access .. 1800x356 Using Short Writes .. 1820x357 Detours with . 1840x358 Another notesearch Vulnerability .. 1890x359 Overwriting the Global Offset Table.
10 1900x400 NETWORKING1950x410 OSI Model .. 1960x420 Sockets .. 1980x421 Socket 1990x422 Socket Addresses .. 2000x423 Network Byte Order .. 2020x424 Internet Address Conversion .. 2030x425 A Simple Server Example .. 2030x426 A Web Client Example .. 2070x427 A Tinyweb Server .. 2130x430 Peeling Back the Lower 2170x431 Data-Link 2180x432 Network Layer .. 2200x433 Transport Layer .. 2210x440 Network Sniffing .. 2240x441 Raw Socket 2260x442 libpcap Sniffer .. 2280x443 Decoding the Layers .. 2300x444 Active 2390x450 Denial of 2510x451 SYN Flooding .. 2520x452 The Ping of 2560x453 Teardrop .. 2560x454 Ping Flooding .. 2570x455 Amplification Attacks .. 2570x456 Distributed DoS 2580x460 TCP/IP 2580x461 RST Hijacking.