Hacking: The Art of Exploitation

Discussion about particular books go here.
Forum rules
Please make title book name & author.
Books about computers or hacking get stickied

Re: Hacking: The Art of Exploitation

Post by count_duckula on Sat Apr 14, 2012 7:57 am
([msg=65668]see Re: Hacking: The Art of Exploitation[/msg])

As this book would most likely be very challenging as I am a complete beginner :( What would you recomend I should read before this book that explains more basic concepts and would give me the ability to come back this book and have the knowledge to be able to read it?
count_duckula
New User
New User
 
Posts: 2
Joined: Sat Apr 14, 2012 7:22 am
Blog: View Blog (0)


Re: Hacking: The Art of Exploitation

Post by ghost107 on Sat Apr 14, 2012 11:00 am
([msg=65672]see Re: Hacking: The Art of Exploitation[/msg])

A similar book is this:
Sockets, Shellcode, Porting, & Coding, Reverse Engineering Exploits and Tool Coding for Security Professionals by James C Foster

But same as Hacking: The Art of Exploitation, requires an intermediate knowledge in programming (C/C++/C#/Java/Python, at least 1 of them). I would recommend learning an programming language first(at least as beginner). And understanding basic networking.

And for shellcoding chapter I think you need to know some assembly too.
ghost107
Poster
Poster
 
Posts: 132
Joined: Wed Jul 02, 2008 7:57 am
Blog: View Blog (0)


Re: Hacking: The Art of Exploitation

Post by Haabb on Mon Jul 16, 2012 6:04 am
([msg=68081]see Re: Hacking: The Art of Exploitation[/msg])

nerdLife wrote:I love this book. ... Here's what the pointer.c (from page 44) looks like in vim...


Even though this is quite an old post, I don't see any replies.

1. When you try to run your code with ./pointer.c, since it it not a compiled program, your terminal will interpret it as a shellscript and fail because it's not a correct script.
2. When you compile with gcc, the warnings you get are because what you are trying to do is dangerous. When you do a printf without formatting, printf(pointer); in your case, a format string can be exploited. The correct way is to use a format like printf("%s", string) or printf("%i %i %i %i", integer1, integer2,...). Warnings at compilation does not affect the compilation and you should still get a working output (a.out if no output is specified)

What you should do:
gcc pointer.c -o pointer
./pointer

Format strings are covered in the book, as far as i remember.
Haabb
New User
New User
 
Posts: 1
Joined: Mon Jul 16, 2012 5:49 am
Blog: View Blog (0)


Re: Hacking: The Art of Exploitation

Post by rbrummett on Sat Sep 01, 2012 2:46 pm
([msg=69085]see Re: Hacking: The Art of Exploitation[/msg])

I've skimmed through a lot of this book and very confused for the most part. I've done a lot of programming in C and some programming in assembly and familiar with unix, but not to the extent that the author covers. He really takes advantage of system tools that I wasn't aware of and running programs, shellcode from extra memory in variables.

I need to go back into this book with a highlighter, pencil, post-it notes and bug the hell out of my professor who is a security expert.
rbrummett
New User
New User
 
Posts: 2
Joined: Sat Sep 01, 2012 2:42 pm
Blog: View Blog (0)


Re: Hacking: The Art of Exploitation

Post by cluele55 on Sun May 26, 2013 7:25 pm
([msg=75792]see Re: Hacking: The Art of Exploitation[/msg])

rbrummett wrote:I've skimmed through a lot of this book and very confused for the most part. I've done a lot of programming in C and some programming in assembly and familiar with unix, but not to the extent that the author covers. He really takes advantage of system tools that I wasn't aware of and running programs, shellcode from extra memory in variables.

I need to go back into this book with a highlighter, pencil, post-it notes and bug the hell out of my professor who is a security expert.


I have a similar coding background -- No Assembly but mostly C, some Python, and a little Java. I wasn't crazy about the structure of this book. I didn't think the content was confusing as much as it was annoying. Do we have to have THAT MANY screenshots? It's nice to be able to see a few on-screen results just to know that you are on the right track, but most of the screenshots were fluff. (I'm a technical writer, so I'm very anti-fluff when it comes to technical content.)

I'm still new to the many exploits out there and there's a lot of fascinating info in this book. But there were a hundred pages dedicated to programming. Really, if you are reading a book like this, you should know what variables are and pointers, arrays, and functions. With that and all the fluffy screenshots, the book was ridiculously over padded.

Still, the book is worth having. Though it's also worth it to read books on specific attacks. "Violent Python" is a good one, for example, and there are whole books dedicated to SQL Injection.
cluele55
New User
New User
 
Posts: 30
Joined: Sat Apr 13, 2013 2:55 pm
Blog: View Blog (0)


Re: Hacking: The Art of Exploitation

Post by Delaney12 on Thu May 15, 2014 4:10 pm
([msg=80724]see Re: Hacking: The Art of Exploitation[/msg])

I have been wanting to read this book was not yet really sure. I am new to all of this and want a book that is going to be simple enough for me to read. And learn from.
Delaney12
New User
New User
 
Posts: 21
Joined: Thu May 15, 2014 4:09 pm
Blog: View Blog (0)


Re: Hacking: The Art of Exploitation

Post by cyberdrain on Fri May 16, 2014 4:59 pm
([msg=80755]see Re: Hacking: The Art of Exploitation[/msg])

Start with basic programming, that's always useful. The rest: just do what you like, being interested in something is the best motivation for learning.
Free your mind / Think clearly
User avatar
cyberdrain
Contributor
Contributor
 
Posts: 983
Joined: Sun Nov 27, 2011 1:58 pm
Blog: View Blog (0)


Re: Hacking: The Art of Exploitation

Post by ant100 on Wed May 21, 2014 2:16 pm
([msg=80868]see Re: Hacking: The Art of Exploitation[/msg])

Is reading this book still a good idea? Even the second edition is kind of old.. so I was wondering if it is updated, or maybe it has some important concepts that are still relevant? I'm asking because I found a security book from 2008 and a few concepts were apparently outdated. I'm new to programming so I can't tell the difference D:
ant100
New User
New User
 
Posts: 8
Joined: Wed May 21, 2014 2:05 pm
Blog: View Blog (0)


Re: Hacking: The Art of Exploitation

Post by Tentra on Wed May 21, 2014 6:35 pm
([msg=80873]see Re: Hacking: The Art of Exploitation[/msg])

ant100 wrote:Is reading this book still a good idea? Even the second edition is kind of old.. so I was wondering if it is updated, or maybe it has some important concepts that are still relevant? I'm asking because I found a security book from 2008 and a few concepts were apparently outdated. I'm new to programming so I can't tell the difference D:


Any introductory text into binary exploitation will be old. Newer techniques are much more advanced and usually require a foundation on the older ideas and topics before you can comprehend the newer. If you don't have a background in programming, you will probably be lost with HTAoE, let alone newer exploitation techniques.

However, HTAoE is an amazing book that I recommend highly. I flipped through and it looks like he coveres up to the basics of ROP before going on to networking and crypto.

I'd also like to mention the Protostar by Exploit-Excercises.com. It is a pre-configured x86 vm with binaries ready to exploit; it's of tremendous use to anyone wanting to learn more about buffer overflows/memory corruption.
User avatar
Tentra
Poster
Poster
 
Posts: 161
Joined: Wed Apr 30, 2008 4:52 pm
Blog: View Blog (0)


Re: Hacking: The Art of Exploitation

Post by cyberdrain on Thu May 22, 2014 9:11 am
([msg=80882]see Re: Hacking: The Art of Exploitation[/msg])

ant100 wrote:Is reading this book still a good idea? Even the second edition is kind of old.. so I was wondering if it is updated, or maybe it has some important concepts that are still relevant?

If everything old isn't worth reading, how did you ever learn physics or English? You will need English (or another language) to understand the books, same with the ideas that hacking requires. The basic idea will be the same, no matter the concepts used to explain them. In the end it's not about the specific techniques used, but knowledge and ideas gained to find new techniques.
Free your mind / Think clearly
User avatar
cyberdrain
Contributor
Contributor
 
Posts: 983
Joined: Sun Nov 27, 2011 1:58 pm
Blog: View Blog (0)


PreviousNext

Return to Books

Who is online

Users browsing this forum: No registered users and 0 guests