Review: Hacking: The Art of Exploitation, Second Edition

    Date08 Jun 2010
    Posted ByBenjamin D. Thomas
    If you've ever wondered what a "buffer overflow" was, or how a "denial of service" attack works beyond just a basic understanding, then there is no better book that will help you to delve into the nitty-gritty than Hacking: The Art of Exploitation, Second Edition, by Jon Erickson.

    Title:Review: Hacking: The Art of Exploitation
    Author:Jon Erickson
    ISBN:ISBN-10: 1-59327-144-1
    ISBN-13: 978-1-59327-144-2
    Reviewer:Dave Wreski <This email address is being protected from spambots. You need JavaScript enabled to view it.>
    Review Score:4.8 of 5 Penguins
    Publisher:No Starch Press
    Sample Chapter: (Exploitation)

    Hacking provides the understanding necessary to avoid programming mistakes that may lead to serious security compromise of your online applications. It describes the common methods, design, testing, and experience that should be used to start out developing your applications securely.

    Erickson has done an incredible job in this book, providing all the information necessary to get started, including a full CD-ROM with a bootable Linux distribution that can be used to get hacking immediately.

    Not only does this book show the security-conscious developer how to prevent his own applications from being compromised in real business situations, but it also will make organizations accountable for compromises that are avoidable as a result of information provided by Erickson.

    Erickson has compiled a timeless reference that uses all of today's latest tools, including common GNU programming applications like nm, gdb and gcc, as well as leading open source applications like nmap, iptables, and dsniff.

    There is always someone more knowledgeable than you, and utilizing the tools and techniques described by Erickson is critical to verifying the integrity of your network as best as possible, using the same tools and techniques the blackhats use against you.

    It's not a beginner's book, but at the same time, Erickson provides a great deal of background information to enable the fast-learner and experienced sysadmin to get started immediately. If you remember your C and assembly programming from college, or have a foundation in common application and network programming, then this book should appeal to you.

    The earliest recollection I have with security exploits is from the online article entitled, Smashing the Stack for Fun and Profit by Aleph1, a noted hacker that outlined methods for disrupting the functions of a program and gaining unprivileged access in Phrack Magazine in 1999 by writing past the end of an array.

    Hacking: The Art of Exploitation describes real exploits from a programming perspective, not just a cursory description. It starts with more than a hundred pages describing the fundamental characteristics necessary to understand the exploits, such as format strings, pointers, and file streams.

    It then moves on to real exploits, showing exactly how to overflow function pointers to gain root access, using simple techniques to gain escalated privileges by simply having a shell account on a server, and a full web server implementation provided in source that is used as an example for security exploit testing.

    The networking chapter contains nearly a hundred pages of sample attacks, described in a format that's easy to understand and follow, and provides background on some of the historical vulnerabilities such as the SYN flood and Ping of Death, long ago addressed with TCP/IP networking updates by all vendors, but still a great way to learn about how it all works.

    A solid understanding of port scanning, "spoofing", and TCP/IP hijacking is outlined in very low-level detail by the end of Chapter 0x400, and also includes stepping through an attack using gdb, the GNU debugger. Assembly language detail, and using gdb to determine exactly where the best point on a stack would be to overwrite the return address, is shown through every step and is very easy to follow. Understanding this information is not only critical for a programmer and administrator, but also absolutely necessary for anyone that has a network in a production environment.

    It's clear from the chapter on cryptography that Erickson is an experienced cryptologist. Chapter Seven outlines the common encryption methods, such as one-time pads, quantum key, and of course symmetric and asymmetric encryption, including the DES, blowfish, and AES block ciphers.

    A great discussion of RSA public key encryption is outlined, and a description of the "man-in-the-middle" attack is explained, and how it can be used to exploit a secure shell (SSH) channel using the mitm-ssh package available on the CD-ROM included with the book. Erickson unwraps the attack for the reader in meticulous detail -- starting with the simple SSH connections between the two hosts, all the way through understanding the individual fingerprints that each host creates, and how to use the ffp program to generate spoof fingerprints.

    Password cracking is also a necessary process in maintaining the security of a network. Hacking provides a great basis for using john, the password cracking program developed by Solar Designer more than ten years ago, and used worldwide to stress-test the passwords of users on Windows and Unix machines. Erickson describes a brute-force password attack, a password vulnerability matrix, and sample code that uses a password probability matrix to generate the cracked passwords for every possible four-character password!

    If you have a desire to improve the security of your network, have heard of Schneier's "Applied Cryptography" but are too intimidated by it all to get involved, or you are an avid Linux network programmer and need a reference on learning how to program securely, then there is currently no better source to get started. I would really like to see more information on different architecture, such as specific x86_64 info and how that affects these vulnerabilities, as well as some of the stack and network mechanisms that are designed to specifically thwart such attacks such as buffer overflows and using iptables to block distributed denial of service attacks as best as possible. New technologies, such as SELinux and ExecShield, should also be included, as security is always measured in layers, and preventing access to memory that is both executable and writable at the same time is a good way to do that.

    Kudos to Jon Erickson for detailing just how involved and complex of a topic network security is in a method that greatly lowers the barrier to getting started.

    You are not authorised to post comments.

    Comments powered by CComment

    LinuxSecurity Poll

    What do you think of the LinuxSecurity Privacy news articles?

    No answer selected. Please try again.
    Please select either existing option or enter your own, however not both.
    Please select minimum 0 answer(s) and maximum 3 answer(s).
    [{"id":"90","title":"Love them!","votes":"34","type":"x","order":"1","pct":91.89,"resources":[]},{"id":"91","title":"I'm indifferent","votes":"2","type":"x","order":"2","pct":5.41,"resources":[]},{"id":"92","title":"Not interested in this topic","votes":"1","type":"x","order":"3","pct":2.7,"resources":[]}]["#ff5b00","#4ac0f2","#b80028","#eef66c","#60bb22","#b96a9a","#62c2cc"]["rgba(255,91,0,0.7)","rgba(74,192,242,0.7)","rgba(184,0,40,0.7)","rgba(238,246,108,0.7)","rgba(96,187,34,0.7)","rgba(185,106,154,0.7)","rgba(98,194,204,0.7)"]350

    We use cookies to provide and improve our services. By using our site, you consent to our Cookie Policy.