Reddit reviews Hacking: The Art of Exploitation w/CD
We found 3 Reddit comments about Hacking: The Art of Exploitation w/CD. Here are the top ones, ranked by their Reddit score.
Used Book in Good Condition
Your getting nasty mean replies instead of helpful... I'll try to be helpful (hopefully not too incorrect).
On your server there's a process that's executing that is your sever. That process runs as a user, whatever that user can do that process can do. If you do something like a buffer overflow, say on the input to that "which file you want" program you mentioned earlier, then append to that the correct number of bytes to take you out of the code page, you'll be able to call functions as the user that is running that server.
My knowledge is limited in this area, but i highly recommend this book: Hacking: the art of explotiation, I'm sure there are good tutorials on the internet as well.
In a way your correct, the server is not arbitrarily executing code, but the user that spawn that process, can execute arbitrary code.
I agree with Centurion89, but as an addition — if you want a good old fashioned book — check out Hacking: The art of exploitation by Jon Erickson. The title put me off at first, as it sounded a bit script kiddy-ish, but after having read a bit I find it very good.
Its focus is not reverse engineering per se, but it walks you through writing your first C program, disassembling it, explaining what happens where in memory. Very well explained. It has a lot of networking stuff that might not be that interesting from a reversing perspective, though.
I've skipped ahead while reading in the bathroom, legs falling asleep, and I found a part where you write a small web server and exploit it. What I found a bit impressive (Well, I might be easily impressed) is how the author walks you through improving the exploit.
At first, it gives you a shell, but leaves obvious lines in the server log and hijacks the main loop, refusing more connections. It is shown how to fix that, integrating manipulation of the log writing code and making the exploit code jump back to the main loop after doing it's dirty deal so the web server can start accepting connections again.
Disclaimer: I'm obviously very new to this too, and there probably are better books for reversing, but I think basic principles shared in this book also might be useful from a reversing perspective.
hacking: the art of exploitation , it teaches you about hardware, assembler language and of course scripting using perl and shell code.