Acunetix - Free XSS Security Scanner!
[Advertise With HackThisSite.org]

Hack This Site - Forums Index

Hacking: The Art of Exploitation

Discussion about particular books go here.
Forum rules
Please make title book name & author.
Books about computers or hacking get stickied
Post a reply

Re: Hacking: The Art of Exploitation

Post by count_duckula on Sat Apr 14, 2012 7:57 am
([msg=65668]see Re: Hacking: The Art of Exploitation[/msg])

As this book would most likely be very challenging as I am a complete beginner :( What would you recomend I should read before this book that explains more basic concepts and would give me the ability to come back this book and have the knowledge to be able to read it?
count_duckula
New User
New User
 
Posts: 2
Joined: Sat Apr 14, 2012 7:22 am
Blog: View Blog (0)

Re: Hacking: The Art of Exploitation

Post by ghost107 on Sat Apr 14, 2012 11:00 am
([msg=65672]see Re: Hacking: The Art of Exploitation[/msg])

A similar book is this:
Sockets, Shellcode, Porting, & Coding, Reverse Engineering Exploits and Tool Coding for Security Professionals by James C Foster

But same as Hacking: The Art of Exploitation, requires an intermediate knowledge in programming (C/C++/C#/Java/Python, at least 1 of them). I would recommend learning an programming language first(at least as beginner). And understanding basic networking.

And for shellcoding chapter I think you need to know some assembly too.
ghost107
Poster
Poster
 
Posts: 110
Joined: Wed Jul 02, 2008 7:57 am
Blog: View Blog (0)

Re: Hacking: The Art of Exploitation

Post by Haabb on Mon Jul 16, 2012 6:04 am
([msg=68081]see Re: Hacking: The Art of Exploitation[/msg])

nerdLife wrote:I love this book. ... Here's what the pointer.c (from page 44) looks like in vim...


Even though this is quite an old post, I don't see any replies.

1. When you try to run your code with ./pointer.c, since it it not a compiled program, your terminal will interpret it as a shellscript and fail because it's not a correct script.
2. When you compile with gcc, the warnings you get are because what you are trying to do is dangerous. When you do a printf without formatting, printf(pointer); in your case, a format string can be exploited. The correct way is to use a format like printf("%s", string) or printf("%i %i %i %i", integer1, integer2,...). Warnings at compilation does not affect the compilation and you should still get a working output (a.out if no output is specified)

What you should do:
gcc pointer.c -o pointer
./pointer

Format strings are covered in the book, as far as i remember.
Haabb
New User
New User
 
Posts: 1
Joined: Mon Jul 16, 2012 5:49 am
Blog: View Blog (0)

Re: Hacking: The Art of Exploitation

Post by rbrummett on Sat Sep 01, 2012 2:46 pm
([msg=69085]see Re: Hacking: The Art of Exploitation[/msg])

I've skimmed through a lot of this book and very confused for the most part. I've done a lot of programming in C and some programming in assembly and familiar with unix, but not to the extent that the author covers. He really takes advantage of system tools that I wasn't aware of and running programs, shellcode from extra memory in variables.

I need to go back into this book with a highlighter, pencil, post-it notes and bug the hell out of my professor who is a security expert.
rbrummett
New User
New User
 
Posts: 2
Joined: Sat Sep 01, 2012 2:42 pm
Blog: View Blog (0)
Previous
Post a reply

Return to Books

Who is online

Users browsing this forum: No registered users and 0 guests

Disclaimer :
HackThisSite does not support illegal activities.
The management of this board is not responsible for the content of any external internet sites.
Powered by phpBB © 2000-2009 phpBB Group
Carbon Style By Echo -=Designs By Echo=- © 2007 Echo
Administration Control Panel