Hacking: The Art of Exploitation

David Martinjak writes "Hacking: The Art of Exploitation is authored by Jon Erickson and published by No Starch Press. It is the anticipated second edition of Erickson's earlier publication of the same title. I can't think of a way to summarize it without being over-dramatic, so it will just be said: I really liked it. The book, which will be referred to as simply Hacking, starts by introducing the author's description of hacking. Erickson takes a great approach by admitting that the common perception of hacking is rather negative, and unfortunately accurate in some cases. However, he smoothly counters this antagonistic misunderstanding by presenting a simple arithmetic problem. A bit of creativity is needed to arrive at the correct solution, but creativity and problem-solving are two integral aspects of hacking, at least to Erickson. The introduction chapter sets an acceptable tone and proper frame of mind for proceeding with the technical material." Below you'll find the rest of David's review.

Hacking: The Art of Exploitation, 2nd Edition
author	Jon Erickson
pages	472
publisher	No Starch Press
rating	9
reviewer	David Martinjak
ISBN	1-59327-144-1
summary	An informative, and authoritative source on hacking and exploit techniques.

Chapter 2 enters the subject of programming. The first few sections in the chapter may feel a bit slow to readers who have been coding for any legitimate length of time. Erickson explains some fundamental, yet essential, concepts of programming before finally moving into some actual code. Some readers may choose to skip these few pages, but they are necessary for brave new adventurers in the dark realm of development. The remainder of the chapter certainly compensates for any perceived slow-start. Each of the remaining sections presents a sufficient quantity of technical information, accompanied by descriptive, yet straightforward explanations.

I don't mean to disrupt the chronological progression of the book review, but it is important to highlight the excellence of the explanations provided in Hacking. Throughout the book, the writing provides adequate details and the content is to the point. Many sources on exploit techniques supply sparse information, or are too wordy and often miss the relevant and important concepts. Erickson does a phenomenal job in Hacking of explaining each subject in just the right manner.

The third chapter is the staple of the book. This chapter covers buffer overflows in both the stack and the heap, demonstrates a few different ways that bash can aid in successfully exploiting a process, and provides an essentially all-encompassing elaboration of format string vulnerabilities and exploits. As I said, this is the main portion of the book so I don't want to give away too much material here. Undoubtedly, though, this chapter has the best explanation of format string attacks that I have ever read. The explanations in Chapter 3, like the rest of the book, are of substantial value.

Chapter 4 focuses on a range of network-related subjects. At first I wondered why the chapter starts with rather basic concepts like the OSI model, sockets, etc. Then I realized it was consistent with the earlier chapters. Hacking presents some core concepts, then moves on to utilizing them in exploits. In this case, these specific concepts and techniques just hadn't been covered yet. The exploit toward the end of this chapter includes some of the concepts in the previous chapter, which also helps to cement the reader's understanding.

I will mention two main shortcomings. First, the material in the "Denial of Service" section of the Networking chapter was unnecessary for this book. Attacks like the Ping of Death, and smurfing were interesting developments when they were first discovered, and effective on a large scale. Now in 2008, almost all of the items in the "Denial of Service" section are either outdated or have been covered to an excessive extent. Rather than denial of service, I would have preferred to see a section on integer attacks. This would have fit perfectly with the book's theme as there are several issues surrounding numeric types in C of which many programmers are unaware. Considering the fact that the book is about hacking and much of the code is in C; integer attacks seem like a natural component to include. The second pitfall in this review is through a fault of my own. I cannot compare this second edition of Hacking with its original, first edition release as I unfortunately do not own the first edition. Hacking finishes out the second half of the book with chapters on shellcode, countermeasures, and cryptology. The chapter on cryptology is especially interesting as it contains a good mix of information without being too hardcore on the mathematics involved. There are plenty of gems in the shellcode and countermeasures chapters, as well. Specifically, Erickson does a stellar job of explaining return-(in)to-libc attacks, and dealing with the address space layout randomization in Linux. He covers the exploit technique for linux-gate.so in a randomized memory space before it was fixed in 2.6.18, then proceeds to demonstrate a different technique for successful exploitation on kernels at 2.6.18 and later.

Undeniably, Hacking: The Art of Exploitation is one of the quintessential books for its subject. A book this good is a rare find, and certainly worth the read for any individual interested in security.

David Martinjak is a programmer, GNU/Linux addict, and the director of 2600 in Cincinnati, Ohio. He can be reached at david.martinjak@gmail.com.

You can purchase Hacking: The Art of Exploitation, 2nd Edition from amazon.com. Slashdot welcomes readers' book reviews -- to see your own review here, read the book review guidelines, then visit the submission page.

Good Book

[WatersOfOblivion]

I have the first edition, and it is a fantastic book. I highly recommend it.

Re:

[dynamo]

For a split second, this was funny. At least, the title.

But I'd read it incorrectly. I thought it said Frothy as the first word. Somehow that seems like ten times funnier.

Re:

[MadMidnightBomber]

Just in the middle of it now and I definitely agree. The other great book I've just read is Zalewski's Silence on the Wire (he of p0f fame).

Re:

[hal9000(jr)]

Silence on the Wire is a great book. It reminded me of the kind of analysis I used to do back in the 80's when I was automating office applications by hacking DOS programs and figuring out coordinates to do screen scrapes. This was back before we had these fancy windowed UI's. I wasn't doing security work, but I had to really know how the PC behaved and write code flexible enough to handle arbitrary screen sizes and what-not.

Man, I miss that gig.

Re:

[Anonymous Coward]

here's the first edition

http://www.isbnonline.com/Hacking-The-Art-of-Exploitation/book/9781593270070/ [isbnonline.com]

There's a lot better available

[Anonymous Coward]

I have this book, and it certainly is a passable introduction for the complete novice. However, it's simply too cursory and outdated to impart any practical knowledge of exploit development or vulnerability discovery. Fortunately, there are still a few good books out there on the subject. If you want to understand exploit development I highly recommend Koziol's "The Shellcoder's Handbook". (Although you can pick up a used first edition since the second didn't seem to add much.) If you want to understand vulnerability discovery I strongly recommend Dowd's "The Art of Software Security Assessment" (which has quickly become the bible on finding security bugs). Between those two books I rarely ever open the 20+ other books I have on hacking and security. Although, I really wish Halvar Flake would put out a book on reverse engineering. That would complete my three-volume hacker's dream library.

Re:

[bladesjester]

Okay, a new edition being out explains the book review. I saw this one and went "WTF? I've had this book for probably 4 or 5 *years* now. It's a little late to do a review isn't it?"

Agreed that it's a good book.

Re:

[ChromeAeonium]

If I may ask a dumb question, what sort of prerequisite knowledge would you recommend learning before reading this book?

Re:

[rocket22]

I already knew the book for almost two years... It looks great.

One question: is the author the same Jon Erickson who runs Dr.Dobb's?

Inappropriate Title?

[Anonymous Coward]

The title would be better if it read "Cracking: The Art of Exploitation," notwithstanding any introduction and definition that attempts to skirt the issue.

Re:

[ZiakII]

The title would be better if it read "Cracking: The Art of Exploitation," notwithstanding any introduction and definition that attempts to skirt the issue.
To my understanding cracking meant simply using a tool/program to exploit a bug in a program that someone else written (usually having no idea how and why it works), while hacking was looking for those exploits and understanding how they work and developing your own tools. If the second case is correct, then this book's title lives up to it's name by e

Re:

[Shade of Pyrrhus]

From the description you use that'd be more like being a "script kiddy" instead of a cracker. Cracking, from my understanding, is simply either performing a malicious act after having found the flaws.

There's a whole slew of terms that seem to have been lost as the term "hacker" has become mainstream (different types of crackers, specific roles, etc). Unfortunately, because of how mainstream this use has become, I doubt anything can be done to change this misnomer.

Re:

[Shade of Pyrrhus]

While I remember to post - the differences are generally just described nowadays as different "hats". Black hat (crackers), white hat (security experts and the like, paid or charity), and gray hat (curiosity).

Re:

[HouseArrest420]

While I remember to post - the differences are generally just described nowadays as different "hats". Black hat (crackers), white hat (security experts and the like, paid or charity), and gray hat (curiosity).

Anyone can give various meanings for these terms. The way I've heard it, and the way I explain it:

Black hat-tends to live on breaking into systems they have no right to be in, with no real interest in the outcome. This is the "hat" the media is often refering to when they describe hackers as cyber criminals. An example: someone that hacked into your bank account, no matter the reason for doing so, and would have no issues with posting that info on the net. if you're into D&D you'd be familiar w

Re:

[StikyPad]

To my understanding, gay means happy and Dick is just a name.

Re:

[Cairnarvon]

I'd say the topic of this book is just where hacking (in the traditional sense) and cracking overlap. Unfortunately, there doesn't seem to be a term for that that doesn't piss at least one group of people off.
I personally tend to stick to ``(white|black|gray) hat hacking'' for this overlap, and ``script kiddie cracking'' for all the cracking that falls outside it. It may not please everyone, but at least it's less ambiguous.

Re:Inappropriate Title?

[cromar]

"Cracking" would imply that the author's intent is malicious and that he wants to teach people how to use the information maliciously. The pursuit and understanding of information (especially exploits) is an essential part to hacking. If you can't secure your box, you ain't a (computer) hacker!

Re:

[cromar]

So you are saying that

someone who's especially clever re: using computers

is not going to secure their box? That's ridiculous.

Re:

[cromar]

What I am saying is that exploits should be important to anyone who wants to follow the hacker way. It's important to look beyond the design of a system - learning about exploits is a perfect way to do this. If one truly is a "computer hacker" one should be able to understand computer exploits. That being said, if you're a code hacker you wouldn't necessarily need to know a ton about security, although it would be somewhat foolish not to. A big part of coding is security, like it or not.

Re:

[ClosedSource]

I'd say being cautious and being clever are orthogonal. I "hacked" (in the classic sense) the Atari 2600 many years ago (given the primitive hardware, almost all 2600 programmers were hackers) that shouldn't lead to any conclusions about how well I protect my computer.

Re:

[cbiltcliffe]

Using defense as an excuse to learn methods of offense is a sketchy excuse used by such illuminaries as gun nuts and rabid national-security types.

No, learning offensive techniques is a critical step to ensuring that your own infrastructure is properly defended. If you assume everybody's coming in the front door, and you put dozens of locks, bars, alarms, etc, on your door, but leave your window wide open, your security is going to be bypassed in a matter of seconds.

Without knowing how the criminals are

Re:

[StikyPad]

Right, and also I'm not a Janitor, I'm a Field Service Custodial & Micro-Biological Engineer.

You can add all the esoteric bullshit you want, but it doesn't change the fact that the overwhelming majority of English speakers define someone who cleans floors and toilets as a janitor, and someone who breaks into computer systems as a hacker, regardless of any nuance of intent or comprehension. We're not Eskimos.. we don't need 42 words for ice.

Re:

[cromar]

Oh believe me, I don't worry about what people call it anymore. "True hackers" know what the word means. The general populace doesn't. I gave up after 10 years of no one listening :D

First Edition

[Zaphod The 42nd]

I actually picked up the first edition of this from a bargain bin on a whim, and I was amazed at the quality of the book. Many of the points in the review of the second apply to the first; each section seems to start a little slow for those of us who know our way around code, but then explodes into well detailed examples and explanations of techniques. I'm almost done with the first one, and after reading several other tomes on the subjects of security and hacking, I can say that this is by far my favorite for the way it is written and the content it covers. I was worried when I got it that it would be either lacking in serious knowledge or focused completely on the ideas and ethics of hacking rather than the actual process due to its small size compared to many security books which are larger than my college textbooks; but this was completely untrue. It also focuses on the why instead of the what; so you're looking at source code and discussing how it was written rather than just being handed an executable and told to run it with this or that perameters to receive certain results. I'd recommend it completely to anyone looking to get into hacking. Now I'm trying to determine if its worth getting the second to see the changes / updates.

Pet Peeves

[cromar]

Hey, good review.

I don't mean to disrupt the chronological progression of the book review

Explaining the chapters in order is rarely the best idea. As in any essay, the order of ideas presented should be geared towards explaining the main idea. In fact, you often don't need to summarize chapters (a common source of redundancy). Eh. It's one of my pet peeves :)

I definitely wanna check this book out.

Re:

[The Clockwork Troll]

If the book being reviewed did a decent job at "explaining the main idea" in chapter order, why wouldn't you expect a review to do the same?

The Art of Exploitation???

[Bob Hearn]

Erickson takes a great approach by admitting that the common perception of hacking is rather negative, and unfortunately accurate in some cases. However, he smoothly counters this antagonistic misunderstanding ...

Not having seen the book, I think I can still say he would do a much better job countering this misunderstanding by picking a more appropriate title.

Re:

[garett_spencley]

"Not having seen the book, I think I can still say he would do a much better job countering this misunderstanding by picking a more appropriate title."

I'll say. At first glance I thought it was about porn.

Re:

[bladesjester]

Honestly speaking, hacking *is* an exercise in exploiting code in ways that it wasn't originally meant to be used...

While sort of sensationalist in the opinion of some people, it's an accurate title.

Re:

[teknopurge]

Everyone needs to move past the title. I've met Jon on several occasions and the first edition was very good. The guy is _brilliant_ with Math and does decent with the ladies.

Regards,

Bootable Linux CD included

[makellan]

I'm half way through right now and I'm finding it extremely interesting and well written.
Some of the coding bits were easily skipped. Some of the format string exploits are still obscure after two readings, but the author mentions that this class of exploit is exceptionally rare. I look forward to finishing it, but I wish it covered more than just Linux specific hacks. There are no Windows or MacOS examples, though that may stem from something the reviewer didn't mention.
The book has a bootable Linux CD with all the code, compilers, shells and everything you might need to test and perform every one of the exploits mentioned.

Re:

[Zaphod The 42nd]

See, thats something I kinda wish the first edition had. I ended up retyping out all the source files by hand. It did ensure that I'd seen every line of code and understood it all intimately, however.

Windows exploitation?

[Anonymous Coward]

I dont know about this edition but the first didnt have much useful information about Windows exploitation. I've been looking for a book that covers Windows exploitations(stack-based overflows, techniques to exploit heap overflows,etc) in detail and I havent found anything interesting so far.

Re:

[bloo9298]

Shellcoder's Handbook?

I too have the First Edition...

[JohnnyCannuk]

...and yes, it is a great book. it should be requird reading for anyone getting nto programming and IT security.

That being said, what are the differences between the first and second editions? Why should I get this?

So far I've seen nothing but a review of a 6 year old book.

Hackers

[justinlee37]

Are they called as much because they spend their time making the competition look like a bunch of hacks?

A great book for young people

[kintarowins]

Despite its name and nature this book was very good for me when I was about 17. It made me understand programming and memory concepts better, so if you have mostly learned programming from books and examples, this book isn't just great but essential - almost a necessity.

Authored?

[CodyRazor]

Nitpicking: Just like that list of banished words said, can we stop using this rediculous bastardization? We dont say someone "paintered" a picture. We already have the word "written" for just this purpose.

Re:

[demallien2]

Sure, just as soon as you stop using "rediculous". It, unlike 'authored' is not actually a word...

Re:

[CodyRazor]

I made a spelling mistake. Your incorrect.

http://www.askoxford.com/results/?view=dict&freesearch=authored&branch=13842570&textsearchtype=exact [askoxford.com]
http://dictionary.cambridge.org/define.asp?key=4939&dict=CALD [cambridge.org]
http://www.yourdictionary.com/search?ydQ=authored&x=0&y=0&area=entries [yourdictionary.com]
http://dictionary.reference.com/browse/authored [reference.com] (especially the bottom part)

Re:

[CrispBH]

His incorrect what? Oh, you meant "you're", I see. Now you've made a grammatical error too. I'm afraid I'm going to have to revoke your grammar and spelling Nazi badges, the exit's on the left :)

Re:

[demallien2]

Heh heh. Yup, Cody's response was comedy gold :-) BTW, not all of us on Slashdot are male...

Re:

[HouseArrest420]

You say authored isn't a word, rather a basterdization (sp?), but then chose to link to dictionary.com where it proves your argument false. Taken directly from your link-

Usage Problem To assume responsibility for the content of (a published text). To write or construct (an electronic document or system): authored the company's website.

Can someone please explain to me why people try to prove thier argument is factual.....with links that prove otherwise?

Re:

[CodyRazor]

The section at the bottom of that article i was directing to states that the majority of the panel on all occasions rejected that usage of the word in all situations except when referring to computer software.