Hacking The Art Of Exploitation 2nd Edition Review

0 views

Skip to first unread message

Kipa Crawn

unread,

Aug 3, 2024, 10:43:52 AM8/3/24

to mingligagar

Chapter 1, Introduction, sets the expectations for the rest of the book. It introduces the complex, low-level workings of computers in a way that most high level users are likely to find quite illuminating.

Chapter 3 might be said to be the real meat of the text. It introduces all types of hacking exploits from stack and heap buffer overflows, denial of service attack, TCP/IP hijacking, port scanning and more. If these are vague concepts to you, they certainly will no longer be once you finished this book.

I found the approach of the book, starting with basic explanations of flaws and exploits, moving through programming and then centering on specific exploitation techniques to be very effective. Some older exploits (like the ping of death) might no longer be cause for concern, but the historical implications of flaws once exploited and eventually thwarted may help the reader to understand how systems and firewalls have evolved as a result. The dissections of hacking techniques are nothing short of excellent.

You can learn such things as how to corrupt system memory and run arbitrary code via buffer overflows and format strings. You will see how to go about outsmarting common security measures used with intrusion detection systems. You will learn how to use a debugger to read processor registers and memory contents. You might even learn to crack certain encryption protocols. Whether you are a sysadmin or a programmer, you are likely to leave this book with a renewed sense of the importance of defensive coding techniques.

Sandra Henry-Stocker has been administering Unix systems for more than 30 years. She describes herself as "USL" (Unix as a second language) but remembers enough English to write books and buy groceries. She lives in the mountains in Virginia where, when not working with or writing about Unix, she's chasing the bears away from her bird feeders.

Mit einem Klick auf "Externe Inhalte von podigee.com anzeigen" erklre ich mich damit einverstanden, dass mir der Inhalt angezeigt wird. Dadurch knnen personenbezogene Daten an podigee.com und andere Drittanbieter bermittelt werden. Mehr Informationen dazu finden Sie in unserer Datenschutzerklrung und unter

Mit einem Klick auf "Externe Inhalte von reddit.com anzeigen" erklre ich mich damit einverstanden, dass mir der Inhalt angezeigt wird. Dadurch knnen personenbezogene Daten an reddit.com und andere Drittanbieter bermittelt werden. Mehr Informationen dazu finden Sie in unserer Datenschutzerklrung und unter =de.

LinkedIn and 3rd parties use essential and non-essential cookies to provide, secure, analyze and improve our Services, and to show you relevant ads (including professional and job ads) on and off LinkedIn. Learn more in our Cookie Policy.

I've been in prep mode for the Offensive Security Certified Professional certification since late 2018 and wanting to enjoy the Ethical Hacking learning journey so I took a few detours that included eLearnSecurity eJPT, GIAC GPEN certs and now VHL labs. I finished the course and rooted the 9 beginner boxes ( I had to phone a friend on 2 of them!). I'm out of time as my Masters program has resumed and that requires full time concentration. Here's my review of the course and assistance on the 9 beginner boxes should anyone feel the need.

A. Restructure the training material that starts with complete installation of all tools that are used in the course. I wasted a good 2-3 days trying to get OpenVAS/Greenbone installed using numerous suggested VM images the course mentions.

B. Develop some video content that teaches core concepts for each section. Course content delivery was a bit lazy throughout the course for entry level people and should consider people who may not learn the best by reading or those with reading disabilities.

C. Structure lab VMs around the course material more directly, cumulatively and in course order. This is somewhat accomplished with how each VM tells you to read random sections of the course to root the machine, but I'd like an approach where reading the first 3 chapters/section prepare you to root all beginner machines, then in order to root Advanced machines you need to fully understand those earlier concepts and material from chapters 4-6, etc. I'm thinking somewhat of how Elearn security did it which was great in my opinion.

Overall Experience = Very Positive. I learned a ton my other courses didn;t teach me and I grew skills with using netcat, web and reverse shells, using Metaploit and nmap more fully, Hydra usage, linux bash shell and a lot of other things.

I always try to spend a couple hours breaking in before looking for help and I fully encourage that approach, but I would have loved to have these so I didn't spend so much time bugging Melina Phillips and reading old VulnHub walkthrough blogs that had nothing to do with my box.

I found precisely 0 walkthrough details for these machines and regretfully spent more time online researching then actually applying the needed rooting concepts. After frankensteining the education together, it takes about 5-10 mins to actually root a beginner machine successfully. So here my hints for rooting the 9 beginner machines.

Anthony - Nmap gets you most of the way on this one. After using it to identify app services and ports of interest, try running some of the common service vulnerability scans using nmap such as --script=ftp-vuln*. This isnt the vulnerable service but just giving you ideas. The results of doing this pave the way for successful exploitation via Metasploit.

AS45 - AS stands for apache struts. After revealing interesting ports and services via nmap, run a web application vulnerability scan. The results provide you some areas of the target to visit in your browser. You'll need some information here to set up an exploit later. Searching metasploit for the specific struts version in use gets you what you need. You will need to iterative cycle through the correct combination of target, payload and TARGERURI to get this one right. Focus on exploits with excellent reputation. For this one use the 'check' command prior to execution, when its says the target appears to be or is vulnerable, you're on the right path.

Breeze - Start with Nmap as usual to locate a relevant application/port target. Using searcsploit or Exploit-DB provides you the sole exploit needed to get on this box. Not spoiling too much but you'll need to generate a payload with MSFvenom and use the payload output from that command to replace inside the exploit before execution. Serve the payload to the target, capture the reverse shell via netcat or metasploit and you're good.

CMS01 - Start with Nmap and a web vulnerability scan to locate interesting ports/services. Explore the application using your browser. Use the single exploit found for the app version number and again use correct RHOST, TARGETURI and other settings to get the exploit to work. Use base privileges once inside to escalate privileges via review of all settings/ sections of the app. Use escalated privileges to leave the application and execute a reverse shell to gain machine access through php file modification back to your machine. Use new user privileges on the target machine to locate root creds and root the box.

James - The most frustrating machine for me. Use Nmap to find the app service to target. An exploit from Exploit-DB is available for this particular version that gets you a limited shell after minor modifications and experimenting. Once on you will need to stabalize your shell using 'bash' . Find world writable files and use echo commands to overwrite the lone world writable file you can modify with commands for reverse shell. Explore the sudo commands you can issue and use that to trigger the reverse shell back to your attacking machine.

Mantis - Similar to CMS01. Do your nmap and web vulnerability scans to specify the target. Searching exploit -DB reveals an exploit you can execute directly from your attack machine web browser that gets you in the app. Search the application exhaustively for system creds. Once logged in see what your current profile has available to easily escalate to root.

Steven - Nmap reveals interesting port and service results for this machine. Visting the host address on one of the interesting ports reveals a login page with a more specific service to target exploits against. Metasploit is your friend from here.

In 2004, I reviewed the book's first edition. In my reviews, I typically like to compare the differences between editions. Erickson beat me to it. At the publisher's web site, you can compare the first and second editions of the book; view excerpts from the Exploitation, Networking, and Countermeasures chapters; and download the book's source. Erickson also bundles the source in a CD included with the book, but more on that later.

In my first review, I recommended this book for the programming chapter alone. I can no longer do that because the programming chapter is now an "Expanded introduction to fundamental programming concepts for beginners." But it's like no introduction I've ever seen. In one chapter, Erickson takes us from basic Control Structures to Function Pointers. Think of it as Kernighan and Ritchie in 100 pages.

Erickson covers other introductory topics in a hurry, such as his network sockets description in the Networking section (Chapter 4), and his "Crash Course in Signals" in the Countermeasures section (Chapter 6).

For readers with no access to a Linux box, Erickson bundles his source with a bootable Ubuntu Linux Live CD. The Live CD requires "an x86-based PC with at least 64MB of system memory and a BIOS that is configured to boot from a CD-ROM." I successfully booted the Live CD with both an IBM T43 laptop and a HP dv9000t laptop.

While other books merely show how to run existing exploits, Hacking: The Art of Exploitation broke ground as the first book to explain how hacking and software exploits work and how readers could develop and implement their own. In the extensively updated and expanded second edition, author Jon Erickson again uses practical examples to illustrate the most common computer security issues in three related fields: programming, networking and cryptography. Includes a live CD, which provides a Linux programming environment and all of its benefits without the hassle of installing a new operating system.