Hacking The Art of Exploitation

Name: Hacking The Art of Exploitation
Price: 6.62 USD
Availability: InStock
ISBN: 9781593270070

ISBN-10: 1593270070

ISBN-13: 9781593270070

Edition: 2003

Authors: Jon Erickson

List price: $39.95

30 day, 100% satisfaction guarantee!

Marketplace

3 new & used from $6.62

what's this?

Rush Rewards U
Members Receive:

You have reached 400 XP and carrot coins. That is the daily max!

This book is for both technical and non-technical people interested in computer security. Unlike many so-called hacking books, this explains technical aspects of hacking such as stack based overflows, heap based overflows, string exploits, return-into-libc, shellcode, and cryptographic attacks on 802.11b. If you're serious about hacking, this book is for you.

Book details

List price: $39.95
Copyright year: 2003
Publisher: No Starch Press, Incorporated
Publication date: 11/1/2003
Binding: Paperback
Pages: 264
Size: 7.25" wide x 9.00" long x 0.75" tall
Weight: 1.188
Language: English

Jon Erickson is coordinator of the Environmental Management option in the Master of Public Administration program at Kean University and former research associate at the Center for Urban Policy Research, part of the Edward J. Bloustein School of Planning and Policy Research at Rutgers University. Most recently, he helped prepare a report on "Sustainability as Partner to Economic Regeneration: The Impact Assessment of the New Jersey State Plan."




Introduction



Programming



What Is Programming?



Program Exploitation



Generalized Exploit Techniques



Multi-User File Permissions



Memory



Memory Declaration



Null Byte Termination



Program Memory Segmentation



Buffer Overflows



Stack-Based Overflows



Exploiting Without Exploit Code



Using the Environment



Heap- and bss-Based Overflows



A Basic Heap-Based Overflow



Overflowing Function Pointers



Format Strings



Format Strings and printf()



The Format-String Vulnerability



Reading from Arbitrary Memory Addresses



Writing to Arbitrary Memory Addresses



Direct Parameter Access



Detours with dtors



Overwriting the Global Offset Table



Writing Shellcode



Common Assembly Instructions



Linux System Calls



Hello, World!



Shell-Spawning Code



Avoiding Using Other Segments



Removing Null Bytes



Even Smaller Shellcode Using the Stack



Printable ASCII Instructions



Polymorphic Shellcode



ASCII Printable Polymorphic Shellcode



Dissembler



Returning into libc



Returning into system()



Chaining Return into libc Calls



Using a Wrapper



Writing Nulls with Return into libc



Writing Multiple Words with a Single Call



Networking



What Is Networking?



OSI Model



Interesting Layers in Detail



Network Layer



Transport Layer



Data-Link Layer



Network Sniffing



Active Sniffing



TCP/IP Hijacking



RST Hijacking



Denial of Service



The Ping of Death



Teardrop



Ping Flooding



Amplification Attacks



Distributed DoS Flooding



SYN Flooding



Port Scanning



Stealth SYN Scan



FIN, X-mas, and Null Scans



Spoofing Decoys



Idle Scanning



Proactive Defense (Shroud)



Cryptology



Information Theory



Unconditional Security



One-Time Pads



Quantum Key Distribution



Computational Security



Algorithmic Runtime



Asymptotic Notation



Symmetric Encryption



Lov Grover's Quantum Search Algorithm



Asymmetric Encryption



RSA



Peter Shor's Quantum Factoring Algorithm



Hybrid Ciphers



Man-in-the-Middle Attacks



Differing SSH Protocol Host Fingerprints



Fuzzy Fingerprints



Password Cracking



Dictionary Attacks



Exhaustive Brute-Force Attacks



Hash Lookup Table



Password Probability Matrix



Wireless 802.11 b Encryption



Wired Equivalent Privacy (WEP)



RC4 Stream Cipher



WEP Attacks



Offline Brute-Force Attacks



Keystream Reuse



IV-Based Decryption Dictionary Tables



IP Redirection



Fluhrer, Mantin, and Shamir (FMS) Attack



Conclusion


References


Index