Hacking: The Art of Exploitation (Paperback)

~ (Author)
Key Phrases: packet injection, project version, hash algorithm, Play the No Match Dealer, Play the Find the Ace, Game of Chance Menu (more...)

Editorial Reviews

Review

"Erickson presents the material in a manner that is both easy to follow and a joy to read." -- IEEE Security & Privacy, March 2004

"I highly recommend this book." -- IEEE Cipher, March 15, 2004

"This is an excellent book." -- About.com, November 2003

"This would make a great addition to any computer enthusiast's book shelf." -- Geekshelter.com, January 2004

"every Linux/Unix administrator and applications programmer can learn something from the programming section" -- UnixReview.com, June 2004

"the seminal hackers handbook" -- Security Forums, January 2004

5 stars, "One of a kind… Superb, Thrilling , Excellent Book." -- Database-Book-Reviews.com http://www.database-book-reviews.com/book_reviews/by_publisher/No_Starch/

Product Description

Emphasizing a true understanding of the techniques as opposed to just breaking the rules, the author helps readers determine which areas are prone to attack and why. Unlike other so-called hacking guides, this book does not gloss over technical details, and includes detailed sections on stack-based overflows, heap based overflows, format string exploits, return-into-libc, shellcode, and cryptographic attacks on 802.11b.

See all Editorial Reviews

Product Details

• Paperback: 264 pages
• Publisher: No Starch Press; 1 edition (October 2003)
• Language: English
• ISBN-10: 1593270070
• ISBN-13: 978-1593270070
• Product Dimensions: 9.2 x 7.3 x 0.9 inches
• Shipping Weight: 1.2 pounds
• Average Customer Review: 4.3 out of 5 stars  See all reviews (62 customer reviews)
• Amazon.com Sales Rank: #522,212 in Books (See Bestsellers in Books)

Customer Reviews

Most Helpful Customer Reviews

128 of 134 people found the following review helpful:

5.0 out of 5 stars One of a Kind, January 10, 2004

By	Jeff Pike (Mechanicsville, VA United States) - See all my reviews

This book is for the security pro or would be hacker who want's to begin to see how deep the rabbit hole really does go. There is no other book like it on the market, and I've read most of them. Jon Erickson's code included in the book all works well as designed on Linux. The author also suggests some good free Linux tools for use with the code examples including most notably a hex editor, basic dissassembler, and packet injector.

The techniques in the book are best described by a caption on its back cover, "The fundamental techniques of serious hacking." It includes major sections on programming, networking, and cryptography. All material is covered with an eye towards exploitation. Languages used in the book material consist of C, PERL, and Assembly for X86.

The techniques described in this book are fundamental to any hacker or security professional who takes their work seriously. The book is well worth the discounted amazon.com price. The material in this book is all original and cannot be found elsewhere. Each example in the programming section is truly an eye opener if you are new to code hacking. The examples in the networking and cryptography sections are relevant and fresh as well.

93 of 102 people found the following review helpful:

4.0 out of 5 stars Need to know Assembly, March 5, 2004

By	W Boudville (Terra, Sol 3) - See all my reviews (TOP 10 REVIEWER)    (REAL NAME)

You have probably heard of such hacking techniques as buffer overflows. Typically, a book might give only cursory explanation, especially if it is not devoted to hacking. But suppose you write in C. Chances are you've inadvertantly created buffer overflows and then spent hours chasing this down, after your program crashed. So how on earth can a deliberate overflow lead to a breakin?

It is for such matters that Erickson expounds here. Written for you, whether you want to create such exploits or prevent them. In either case, the knowledge is the same.

What the book requires is some knowledge of C and assembly. For the latter, it is the language of the Intel x86 family. But even if you don't know it, so long as you are familiar with any assembly language and the theory of a Neumann machine, then you can follow the text.

This book is not for every programmer. It turns out that a fair number of programmers get into the field by learning a high level language like C, Fortran, Java or Pascal. But they never learn any assembly. To them, anything compiled from source is a black box. Instead, you need some background in assembly.

The book also gives neat coverage of how to sniff network traffic and manipulate it. There is a section on cryptography. But for this, it is so specialised and vital that you should consult texts dedicated to it.

42 of 45 people found the following review helpful:

4.0 out of 5 stars A lot better than the rest!, February 10, 2006

By	A. Chopra - See all my reviews (REAL NAME)

After reading more than 12 different books on this subject, finally I came across this, the best book ever on security. This is the kind of book that gives you what it promises on the cover. I was quiet impressed with the contents and style of writing.

I must add that I have learned a lot from this book, enough to help me in protecting my network and any unauthorized attempt to access my information. This is not for entertainment, like the others which I found in this genre (read Ankit Fadia and you will know what I mean here), this is some serious work by done by an author who knows what he his telling to the readers, and what they will understand. However, somewhere in between it get too technical, and one actually has to sit in front a computer to try and see what the author is trying to tell, but I liked it for being so real and accurate about computer security.

The author has done his homework well before writing it. I found almost all the information correct and original. Wonder why some people have given negative reviews for this book? Because, one has to be a technical qualified in computer security to fully understand what author is telling you. It's like me writing a review for a cooking recipe book. Also, I will like to add that buy it for securing your network, but don't expect it to teach you some serious hacking. For that you have to put lots of real efforts than just buying a book and reading it, though this book can always be a firm stepping stone!