Hacking. The Art of Exploitation
by Jon Erikson
No Starch Press 2003.
ISBN 0-59327-007-0, 241 pages. $39.99 Index, references, tools
Reviewed by Robert Bruen March 12, 2004
You may not be as familiar with No Starch Press as with the larger publishing houses, but they are responsible for the popular "Steal This Computer Book" and "Hacking the XBox." Jon Erikson has produced a hacking book that stands out from the pack by showing how hacks are developed. This is not about using other hacker's works, but instead shows the details of the code line by line with an explanation of what the line does. These are not just comments, but real explanations. The goal seems to be to teach how to write exploits.
The book is is about programming and understanding how to develop programs that take advantage of mistakes in other people's designs and code. The lessons are done in shell code, C, Perl and assembler. The exploits run the gamut from format problems, buffer and stack overflows to reading from and writing to arbitrary memory locations. Like any good book on software security, there is an entry requirement of knowing how to write code at some level. The higher the skill level, the more you will get out of the book.
The techniques and targets are not really innovative, but the explanations are clear, coherent and detailed. And yes, you can use the code. The author introduces some new concepts, however. One is his Password Probability Matrix (PPM) and the dissembler from www.phiral.com. The disassembler is a tool that can be used to modify existing shellcode into something a little more interesting. This is a nice lesson in how assembly code can be expressed in printable ASCII characters, as well as how to use registers. This tool has the capability of polymorphism to create output that looks different, but acts the same. It is the kind of thing that signature seeking programs do not like to see.
The other idea, the PPM, is an interesting approach to password cracking. The author explains it as a tradeoff between the storage space and computational capacity of a computer. This is an old tradeoff problem which never seems to go away no matter how much storage space or cpu power is available. Two programs are provided, one to generate the matrices and one to use them to crack a password. The passwords are limited to four characters and a two character salt, but the example is just a proof of concept. Many of the standard attacks are defined with example code, such as TCP/IP Hijacking and the FMS attack on WEP.
I highly recommend this book. It is written by someone who knows of what he speaks, with usable code, tools and examples.