Hacking: The Art of Exploitation: The Art of Exploitation and over one million other books are available for Amazon Kindle. Learn more


or
Sign in to turn on 1-Click ordering.
or
Amazon Prime Free Trial required. Sign up when you check out. Learn More
Kindle Edition
Read the Kindle edition on Kindle, iPhone, iPad, Android, BlackBerry, PC and Mac.
 
   
Sell Back Your Copy
For a $13.32 Gift Card
Trade in
More Buying Choices
Have one to sell? Sell yours here
Hacking: The Art of Exploitation, 2nd Edition
 
 
Share your own customer images
Search inside this book
Start reading Hacking: The Art of Exploitation: The Art of Exploitation on your Kindle in under a minute.

Don't have a Kindle? Get your Kindle here, or download a FREE Kindle Reading App.

Hacking: The Art of Exploitation, 2nd Edition [Paperback]

Jon Erickson (Author)
4.5 out of 5 stars  See all reviews (41 customer reviews) |
List Price: $49.95
Price: $28.33 & this item ships for FREE with Super Saver Shipping. Details
You Save: $21.62 (43%)
  Special Offers Available
o o o o o o o o o o o o o o o o o o o o o o o o o o o o o o o o o o o o o o o o o o o o o o o o o o o o o o o o o o o o o o o o
In Stock.
Ships from and sold by Amazon.com. Gift-wrap available.
Want it delivered Wednesday, June 6? Choose One-Day Shipping at checkout. Details
Textbook Student FREE Two-Day Shipping for students on millions of items. Learn more

Formats

 Amazon Price New from Used from
Kindle Edition $26.91   -- --
Paperback $28.33   -- --
Unknown Binding --   -- --
Sell Back Your Copy for $13.32
Whether you bought it on Amazon or somewhere else, you can sell it back through our Book Trade-In Program at the current price of $13.32.
Used Price$20.73
Trade-in Price$13.32
Price after
Trade-in$7.41

Book Description

Publication Date: January 11, 2008 | ISBN-10: 1593271441 | ISBN-13: 978-1593271442 | Edition: 2nd

Hacking is the art of creative problem solving, whether that means finding an unconventional solution to a difficult problem or exploiting holes in sloppy programming. Many people call themselves hackers, but few have the strong technical foundation needed to really push the envelope.

Rather than merely showing how to run existing exploits, author Jon Erickson explains how arcane hacking techniques actually work. To share the art and science of hacking in a way that is accessible to everyone, Hacking: The Art of Exploitation, 2nd Edition introduces the fundamentals of C programming from a hacker's perspective.

The included LiveCD provides a complete Linux programming and debugging environment-all without modifying your current operating system. Use it to follow along with the book's examples as you fill gaps in your knowledge and explore hacking techniques on your own. Get your hands dirty debugging code, overflowing buffers, hijacking network communications, bypassing protections, exploiting cryptographic weaknesses, and perhaps even inventing new exploits. This book will teach you how to:

  • Program computers using C, assembly language, and shell scripts


  • Corrupt system memory to run arbitrary code using buffer overflows and format strings


  • Inspect processor registers and system memory with a debugger to gain a real understanding of what is happening


  • Outsmart common security measures like nonexecutable stacks and intrusion detection systems


  • Gain access to a remote server using port-binding or connect-back shellcode, and alter a server's logging behavior to hide your presence


  • Redirect network traffic, conceal open ports, and hijack TCP connections


  • Crack encrypted wireless traffic using the FMS attack, and speed up brute-force attacks using a password probability matrix

Hackers are always pushing the boundaries, investigating the unknown, and evolving their art. Even if you don't already know how to program, Hacking: The Art of Exploitation, 2nd Edition will give you a complete picture of programming, machine architecture, network communications, and existing hacking techniques. Combine this knowledge with the included Linux environment, and all you need is your own creativity.

Special Offers and Product Promotions

  • Buy $50 in qualifying physical textbooks, get $2 in Amazon MP3 Credit. Here's how (restrictions apply)

Frequently Bought Together

Hacking: The Art of Exploitation, 2nd Edition + The Basics of Hacking and Penetration Testing: Ethical Hacking and Penetration Testing Made Easy (Syngress Basics Series) + Metasploit: The Penetration Tester's Guide
Price For All Three: $76.15

Show availability and shipping details

Buy the selected items together

Editorial Reviews

About the Author

Jon Erickson has a formal education in computer science and has been hacking and programming since he was five years old. He speaks at computer security conferences and trains security teams around the world. Currently, he works as a vulnerability researcher and security specialist in Northern California.

Product Details

  • Paperback: 488 pages
  • Publisher: No Starch Press; 2nd edition (January 11, 2008)
  • Language: English
  • ISBN-10: 1593271441
  • ISBN-13: 978-1593271442
  • Product Dimensions: 9.3 x 7 x 1.2 inches
  • Shipping Weight: 2.1 pounds (View shipping rates and policies)
  • Average Customer Review: 4.5 out of 5 stars  See all reviews (41 customer reviews)
  • Amazon Best Sellers Rank: #5,701 in Books (See Top 100 in Books)

    •  Would you like to update product info or give feedback on images?

More About the Author

Visit Amazon's Jon Erickson Page
Jon Erickson
Jon Erickson has a formal education in computer science and speaks frequently at computer security conferences around the world. He currently works as a cryptologist and security specialist in Northern California.

Customer Reviews

Most Helpful Customer Reviews
54 of 57 people found the following review helpful
Format:Paperback
Contents
This is the second edition of a well known book about hacking and contains a lot about hacking. Jon Erickson has expanded the book from the first edition doubling the number of pages to 450 pages and a Linux based Live-CD is also included.

I don't own the first edition, since I had to choose between Hacking by Jon Erickson and The Shellcoders Handbook (first edition, it is also in 2nd ed. now). I choose the Shellcoders handbook, which I have considered my bible for buffer overflows and hacking.

Now that I have read Jon Ericksons book about hacking I have two bibles, both excellent and well written, both covering some of the same stuff - but in very different ways.

This book details the steps done to perform buffer overflows on Linux on the x86 architecture. So detailed that any computer science student can do it, and they should. Every computer science student or aspiring programmer should be forced to read this book along with another book called 19 deadly sins of software programming.

That alone would improve internet security and program reliability in the future. Why you may ask, because this book teaches hacking, and how you can get started hacking.

Not hacking as doing criminal computer break ins, but thinking like an old-school hacker - doing clever stuff, seeing the things others don't. This book contains the missing link back to the old days, where hackers were not necessarily bad guys. Unfortunately today the term hacker IS dead in the public eye, it HAS been maimed, mutilated and the war about changing it back to the old meaning is over. (Actually this war was fought in the 1990's but some youngsters new to hacking still think it can be won, don't waste your time.) The word hacking can still be used in both ways, just make sure the receiver knows what you are talking about :-)

This book teaches hacking in the old sense of the word and contains the explanation that most others books don't - and at the same time it introduces all the basic skills for performing various types of overflow attacks. Then the book also digress into some wireless security and even WEP cracking, but this part is pretty slim, not bad, just only a few pages. This is OK, since I think of this more as an example of extending the hacking into new areas and hopefully inspires more people to look into wireless security.

The best part about this book is that it is not just a book with a random Live-CD. It is an inspiration and your fingers will itch to get started trying the examples explained and experiment with the programs. This alone is the single feature that makes this book worth it, you will do the exercises and learn from them. Learn a lot.

To sum it up this books contains clever tricks and easy to follow exercises, so you can learn to apply them.

Target audience
This book is for anyone interested in hacking and developing exploits. While the primary target audience is newcomers to this field I benefitted from the thorough walkthrough of the basics once again. This book kept reminding me about things I have forgotten and also some new things and tricks I hadn't thought of myself.

Conclusion
If you are a beginning hacker and want to get started, but was confused
by various text files found on the internet, this is the book to buy.

If you want to learn how to do basic stuff and get started thinking like a hacker, this is the book to buy.

If you are a software programmer that has started to think about software security, this is the book to buy.

This book goes from beginning hacker to inspired intermediate hacker and explains everything in depth and is well planned and you will be able to extract an awful lot of information about the way programs really work after reading this book.

If you read this book from cover to cover you will be able to follow most other references about hacking, books, papers, zines etc. from the internet.

So this book is recommended for anyone interested in hacking and could be a nice start to having your own library about hacking. Reading this book first will also help you understand other books about hacking better and get more information from them by thinking in the right way.

Then later you could expand this library with books like, Steven Levy Hackers, Steven Levy Crypto, Shellcoders Handbook, Clifford Stoll Cuckoos Egg and other references.

I am not missing much from this book, but a short explanation how you could run this CD along with your usual operating system, using something like VMware Player would have been nice.

Links:
The home page for this book is: http://www.nostarch.com/hacking2.htm
Was this review helpful to you?
23 of 24 people found the following review helpful
Format:Paperback
This is the last in a recent collection of reviews on "hacking" books. Jon Erickson's Hacking, 2nd Ed (H2E) is one of the most remarkable books in the group I just read. H2E is in some senses amazing because the author takes the reader on a journey through programming, exploitation, shellcode, and so forth, yet helps the reader climb each mountain. While the material is sufficiently technical to scare some readers away, those that remain will definitely learn more about the craft.

H2E accomplishes a very difficult task. The book strives to take readers with little to no real "hacking" knowledge to a level where they can at least understand, if not perform, fairly complicated digital security tasks. Other books aren't as successful, e.g., "Gray Hat Hacking," which features material on C, assembly, Python, etc. into one short chapter. In contrast, H2E, in my opinion, does a credible job leading the reader from pseudo-code to C and assembly. Now, I would not recommend this book as a reader's sole introduction to programming, let alone C or assembly. Please see my older reviews for recommendations on books devoted to those topics. Still, H2E credibly integrates programming into the hacker narrative in a compelling and educational manner.

The author also has a great eye for consistency and style. I welcomed reading his examples using gdb, where he presented code, explained it, stepped through execution, showed memory, transitioned from displaying source, then assembly, and so on. This was a compelling teaching method that technical authors should try to emulate.

Overall I really liked H2E, hence the 5 star review. My only main gripe was the author seems to believe that it's in society's benefit for black hats to test and exploit defenses. His claims on p4 and p 319 that hackers improve security reminds me of the broken window fallacy, meaning it's economically beneficial to break windows so a repairman has a job. In reality, the security world is more a redirection of resources away from more beneficial innovation, not a way to build "good security jobs." Furthermore, all of the supposed advances spurred by reacting to intruder activity do not result in increased security in the enterprise. At this point so much legacy software and equipment is deployed that intruders can always find a way to accomplish their mission, thanks often to the discoveries of so-called hackers. At the end of the day one has to accept the reality that intruders will always try to breach defenses, so it behooves defenders to understand attackers for the benefit of defense.
Comment | 
Was this review helpful to you?
16 of 16 people found the following review helpful
Format:Paperback|Amazon Verified Purchase
The easiest way to sum up this book is simply "wow." Erickson discusses the fundamentals of exploits (hacks) on local machines and remote machines, and also hits on a bit of cryptology. The meat of book is sandwiched by something of an inner dialogue and history of hacking, which alone are worth the cost of the book. This book is not for the layman or the faint of heart- you have to know how to write code, and you have to at least know how to read Intel x86 assembly, if not write it. It also doesn't hurt to know how programs are actually executed- beyond just double-clicking an icon- I'm talking about stacks and heaps and everything else. The second chapter is possibly the most elegant summary of programming and the C language I have ever seen, ever, but nothing beats a few years "in the trenches."

So once you've refreshed your basics of programming, Erickson gets right into it, discussing buffer overflows. He builds up from the most simple concepts into more and more complicated tools- which seems to be exactly how we have arrived at modern exploits; the hackers and the anti-hackers have been co-evolving over the years. Next comes hacking remote machines, including how to cover your tracks- which I found to be some of the most devious ideas presented. If you take your time, and run some of the exploits yourself on the included CD, you will come away with an incredible knowledge of how many exploits work from their most fundamental level. If you're anything like me, you will enjoy the "hunt" of trying to counter the exploit before Erickson explains the solution. Also, if you're anything like me, you will walk away from the book shaking your head at the rut called ASCII that we've worked ourselves into.

<rant> I think this is another one of those books that needs to be on a mandatory reading list for all CS bachelors degree. It seems to me that most of the exploits wouldn't be a problem if programmers were a bit more diligent in their coding. strcpy() is your enemy, strncpy() is your friend. Always always ALWAYS be 100% suspicious of any input supplied from a user- check for illegal characters. Instead of if(functionThatReturnsTrue), try if(functionThatReturnsTrue == True). The list goes on and on. Computers do only what they are told, and if you leave a hole in your program that allows someone else to tell the computer what to do to save yourself the second or two it takes to hit a few more keys, well then you deserve to be hacked and summarily lose your job. Due diligence: do it- maybe then the real engineering disciplines won't be so mad when code monkeys call themselves engineers. </rant>

From what I can gather, the first edition was too terse. I think the second edition was a bit long-winded at times. And there's no discussion of hacking a Windows machine. However, this is still by far the best general hacking book out there.
Was this review helpful to you?
Most Recent Customer Reviews
So far I love this book
I have been looking for a book like this for a while now. Maybe I have been looking in all the wrong places but this is exactly what I wanted. Read more
Published 1 month ago by B. Clark
Great book!!!
Excellent information concerning furthering your knowledge on security consciousness and strengthening potential flaws in programming/weaknesses on your personal network/pc. Read more
Published 2 months ago by Aaron M Pezet
A good introduction to vulnerable software
I had read, and very much enjoyed, the first edition of "Hacking - The Art of Exploitation" a few years ago. I was pleased to read and review this second edition. Read more
Published 3 months ago by bobblestiltskin
Seriously brilliant
Fantastic book for those who want to go beyond using tools, and actually getting there hands dirty.
It will take you step by step, to end up being pretty good in the subject... Read more
Published 3 months ago by khanon
A Book every programmer must read
This book is very informative and elaborate. The author uses simple tools like gdb and explains every step involved in hacking a program. Read more
Published 4 months ago by Vish
Excellent Intro To Program Exploitation
This book starts with a well-written introduction to C programming concepts as the rest of the book focuses on the exploitation of such programs. Read more
Published 5 months ago by RyanTheGreat
Ask Felgall - Book Review
When I first read the contents to see what this book was about, my first concern was that the book would make it too easy for script kiddies to expand their knowledge of hacking to... Read more
Published 5 months ago by Stephen Chapman
*** WARNING: Do Not Use Publishers Website ***
This book is a good intro into hacking techniques but what I really want people to know is how bad the publisher, No Startch, is. Read more
Published 7 months ago by Robert M
Consider it (fun) required reading.
This should be required reading before picking up metasploit or BackTrack 4 & 5 books. I thought he made the explanation of architecture a little harder than it needed to... Read more
Published 8 months ago by SecUp
Excellent!
If you have a minor knowledge of programming and really want to know some basics about how someone might go about tricking their way into a computer, this book is excellent. Read more
Published 8 months ago by Phillip C. Adkins
Search Customer Reviews
Only search this product's reviews

Book Extras from Other Websites

This content may contain spoilers

Introduction (From Wikipedia)

Hacking: The Art of Exploitation (ISBN 1-59327-007-0) is a book written by Jon "Smibbs" Erickson and published by No Starch Press in 2003. It is a computer security and network security book. All of the examples in the book were developed, compiled, and tested on Gentoo Linux.

Attribution: The information appearing above in this tab is from Wikipedia: Hacking: The Art of Exploitation. Amazon is not affiliated with, and neither endorses, nor is endorsed by Wikipedia or any of the authors who contributed to this article. The Wikipedia content may be available under the Creative Commons Attribution-ShareAlike License, version 3.0 or any later version, available at: CC BY-SA. Additional or other terms may apply. See Wikipedia Terms of Use for details.

Content (From Wikipedia)

The content of Hacking moves between programming, networking, and cryptography. While well explained, it is a technical piece; some C programming experience is essential, although a basic understanding of networking and cryptography helps as well.

While Hacking is packed with technically accurate, detailed information, it is still a basic introduction to the subject of computer security. Hacking also does not use any notable measure of real-world examples; discussions rarely bring up specific worms and exploits that had previously existed, such as the PNG library overflows or the Blaster worm and related RPC service overflow. Thus, an inexperienced reader may not immediately make the connection between the theory and the reality of attack.

Programming

The programming portion of Hacking makes up over half of the book's total content. This section goes into the development, design, construction, and testing of exploit code, and thus involves some basic assembly programming. The demonstrated attacks range from simple buffer overflows on the stack to complex techniques involving overwriting the global offset table.

While Erickson discusses some countermeasures such as a non-executable stack and how to evade them with return-to-libc attacks, he does not dive into deeper matters without known guaranteed exploits such as address space layout randomization. Most protections afforded by the Openwall, GrSecurity, and PaX projects appear to be out of scope for Hacking; as do kernel exploits.

It has been suggested that Hacking be used to teach "basic computer programming fundamentals" in one review included in the opening pages of the book. Although these reviews are placed in the text for marketing purposes, the programming section of the book is technically accurate and does convey a lot of information not taught in typical introductory computer programming classes. Whether its use as a fundamental teaching tool would lead to more security-conscious and security-competent programmers overall is, however, neither studied nor proven.

Networking

The networking segment of Hacking has control of less than half of the remaining text. It explains the basics of the OSI model and basic networking concepts; packet sniffing; connection hijacking; denial of service; and port scanning.

Although technically accurate, the networking section of Hacking only serves as a basic introduction to network security. Countermeasures such as complex firewalls; Stateful Packet Inspection; network address translation, the threat of firewalking, and countermeasures thereof; intrusion detection and prevention; and virtual private networks are not discussed.

Cryptology

The cryptology section of Hacking consumes the rest of the book's pages. This is another bottom-up section, starting off with basic information theory and moving through symmetric and asymmetric encryption. It winds out in cracking WEP utilizing the Fluhrer, Mantin, and Shamir Attack.

This section appears to be miscellaneous information for the aspiring cryptology scholar. Besides the basics, including man-in-the-middle attacks, dictionary attacks, and the use of John the Ripper; Hacking discusses quantum key distribution, Lov Grover's Quantum Search Algorithm, and Peter Shor's Quantum Factoring Algorithm for breaking RSA encryption using a very large quantum computer.

Attribution: The information appearing above in this tab is from Wikipedia: Hacking: The Art of Exploitation. Amazon is not affiliated with, and neither endorses, nor is endorsed by Wikipedia or any of the authors who contributed to this article. The Wikipedia content may be available under the Creative Commons Attribution-ShareAlike License, version 3.0 or any later version, available at: CC BY-SA. Additional or other terms may apply. See Wikipedia Terms of Use for details.
See a problem with this content? Let us know
Please select the problem below and submit.
This article does not match the product
Other
500 characters left
Your feedback is valuable and will be considered.
Inside This Book (learn more)
Key Phrases - Statistically Improbable Phrases (SIPs): (learn more)
packet injection, project version, hash algorithm, dest port, digest size, key scheduling algorithm, actual key, header format, push eax sub, argument array int, first keystream byte, associating bytes, access struct elements, jmp short one, shellcode bytes, new sockfd, push byte, ecx starts, notetaker program, field width option, current high score, following shellcode, direct parameter access, host fingerprints, dtors section
Key Phrases - Capitalized Phrases (CAPs): (learn more)
Play the No Match Dealer, Play the Find the Ace, Game of Chance Menu, Play the Pick, Jon Erickson, Main Street, Fatal Error, Access Granted, Linux Programmer's Manual, Destination Road, Instruction Description, Pine Street, Src Port, Message Digest, Current State, Dug Song, Best Fuzzy Fingerprint, Fuzzy Quality, Packet Injected, Target Digest, Jose Ronnick, Starting Nmap, Denial of Service, Transmission Control Protocol, Internet Protocol
Browse Sample Pages:
Front Cover | Table of Contents | First Pages | Index | Back Cover | Surprise Me!
Search Inside This Book:

Tags Customers Associate with This Product

 (What's this?)
Click on a tag to find related items, discussions, and people.
 
(38)
(23)
(21)
(20)
(15)
(13)
(7)
(6)
(3)
(2)
Agree with these tags?
See all 46 tags...

Your tags: Add your first tag
 
See most popular tags

Customer Discussions

This product's forum
Discussion Replies Latest Post
No discussions yet

Ask questions, Share opinions, Gain insight
Start a new discussion
Topic:
First post:
Prompts for sign-in
 


Active discussions in related forums
Search Customer Discussions
Search all Amazon discussions
   
Related forums

So You'd Like to...


Create a guide

Look for Similar Items by Category

Look for Similar Items by Subject

Search Books by subject:


















i.e., each book must be in subject 1 AND subject 2 AND ...