The Shellcoder's Handbook, - Chris Anley, John Heasman, Felix Lindner

- DE
- FR

E-Book (pdf) The Shellcoder's Handbook, von Chris Anley, John Heasman, Felix Lindner

The Shellcoder's Handbook, Chris Anley, John Heasman, Felix Lindner E-Books Englisch

* This much-anticipated revision, written by the ultimate group
of top security experts in the world, features 40 percent new
content on how to find security holes in any operating system or
application

* New material addresses the many new exploitation techniques
that have been discovered since the first edition, including
attacking "unbreakable" software packages such as McAfee's
Entercept, Mac OS X, XP, Office 2003, and Vista

* Also features the first-ever published information on
exploiting Cisco's IOS, with content that has never before been
explored

* The companion Web site features downloadable code files

Autorentext
Chris Anley is a founder and director of NGSSoftware, a security software, consultancy, and research company based in London, England. He is actively involved in vulnerability research and has discovered security flaws in a wide variety of platforms including Microsoft Windows, Oracle, SQL Server, IBM DB2, Sybase ASE, MySQL, and PGP.

John Heasman is the Director of Research at NGSSoftware. He is a prolific security researcher and has published many security advisories in enterprise level software. He has a particular interest in rootkits and has authored papers on malware persistence via device firmware and the BIOS. He is also a co-author of The Database Hacker's Handbook: Defending Database Servers (Wiley 2005).

Felix FX Linder leads SABRE Labs GmbH, a Berlin-based professional consulting company specializing in security analysis, system design creation, and verification work. Felix looks back at 18 years of programming and over a decade of computer security consulting for enterprise, carrier, and software vendor clients. This experience allows him to rapidly dive into complex systems and evaluate them from a security and robustness point of view, even in atypical scenarios and on arcane platforms. In his spare time, FX works with his friends from the Phenoelit hacking group on different topics, which have included Cisco IOS, SAP, HP printers, and RIM BlackBerry in the past.

Gerardo Richarte has been doing reverse engineering and exploit development for more than 15 years non-stop. In the past 10 years he helped build the technical arm of Core Security Technologies, where he works today. His current duties include developing exploits for Core IMPACT, researching new exploitation techniques and other low-level subjects, helping other exploit writers when things get hairy, and teaching internal and external classes on assembly and exploit writing. As result of his research and as a humble thank you to the community, he has published some technical papers and open source projects, presented in a few conferences, and released part of his training material. He really enjoys solving tough problems and reverse engineering any piece of code that falls in his reach just for the fun of doing it.

Klappentext
The black hats have kept up with security enhancements. Have you?

In the technological arena, three years is a lifetime. Since the first edition of this book was published in 2004, built-in security measures on compilers and operating systems have become commonplace, but are still far from perfect. Arbitrary-code execution vulnerabilities still allow attackers to run code of their choice on your systemwith disastrous results.

In a nutshell, this book is about code and data and what happens when the two become confused. You'll work with the basic building blocks of security bugsassembler, source code, the stack, the heap, and so on. You'll experiment, explore, and understand the systems you're runningand how to better protect them.

Become familiar with security holes in Windows, Linux, Solaris, Mac OS X, and Cisco's IOS
Learn how to write customized tools to protect your systems, not just how to use ready-made ones
Use a working exploit to verify your assessment when auditing a network
Use proof-of-concept exploits to rate the significance of bugs in software you're developing
Assess the quality of purchased security products by performing penetration tests based on the information in this book
Understand how bugs are found and how exploits work at the lowest level

Zusammenfassung

This much-anticipated revision, written by the ultimate group of top security experts in the world, features 40 percent new content on how to find security holes in any operating system or application
New material addresses the many new exploitation techniques that have been discovered since the first edition, including attacking "unbreakable" software packages such as McAfee's Entercept, Mac OS X, XP, Office 2003, and Vista
Also features the first-ever published information on exploiting Cisco's IOS, with content that has never before been explored
The companion Web site features downloadable code files

Inhalt

About the Authors vii

Acknowledgments xi

Introduction to the Second Edition xxiii

Part I Introduction to Exploitation: Linux on X 86

Chapter 1 Before You Begin 3

Basic Concepts 3

Memory Management 4

Assembly 6

Recognizing C and C++ Code Constructs in Assembly 7

Conclusion 10

Chapter 2 Stack Overflows 11

Buffers 12

The Stack 13

Functions and the Stack 15

Overflowing Buffers on the Stack 18

Controlling EIP 22

An Interesting Diversion 23

Using an Exploit to Get Root Privileges 25

The Address Problem 27

The NOP Method 33

Defeating a Non-Executable Stack 35

Return to libc 35

Conclusion 39

Chapter 3 Shellcode 41

Understanding System Calls 42

Writing Shellcode for the exit() Syscall 44

Injectable Shellcode 48

Spawning a Shell 50

Conclusion 59

Chapter 4 Introduction to Format String Bugs 61

Prerequisites 61

What Is a Format String? 61

What Is a Format String Bug? 63

Format String Exploits 68

Crashing Services 69

Information Leakage 70

Controlling Execution for Exploitation 75

Why Did This Happen? 84

Format String Technique Roundup 85

Conclusion 88

Chapter 5 Introduction to Heap Overflows 89

What Is a Heap? 90

How a Heap Works 91

Finding Heap Overflows 91

Basic Heap Overflows 93

Intermediate Heap Overflows 98

Advanced Heap Overflow Exploitation 105

Conclusion 107

Part II other Platformswindows, Solaris, OS/X, and Cisco

Chapter 6 The Wild World of Windows 111

How Does Windows Differ from Linux? 111

Win32 API and PE-COFF 112

Heaps 114

Threading 115

The Genius and Idiocy of the Distributed Common Object Model and DCE-RPC 116

Recon 118

Exploitation 120

Tokens and Impersonation 120

Exception Handling under Win 32 122

Debugging Windows 124

Bugs in Win 32 124

Writing Windows Shellcode 125

A Hacker's Guide to the Win32 API 126

A Windows Family Tree from the Hacker's Perspective 126

Conclusion 127

Chapter 7 Windows Shellcode 129

Syntax and Filters 129

Setting Up 131

Parsing the PEB 132

Heapoverflow.c Analysis 132

Searching with Windows Exception Handling 148

Popping a Shell 153

Why You Should Never Pop a Shell on Windows 153

Conclusion 154

Chapter 8 Windows Overflows 155

Stack-Based Buffer Overflows 156

Frame-Based Exception Handlers 156

Abusing Frame-Based Exception Handling on Windows 2003 Server 161

Titel

The Shellcoder's Handbook,

Untertitel

Discovering and Exploiting Security Holes

Autor

Chris Anley

John Heasman

Felix Lindner

Gerardo Richarte

EAN

9780470198827

ISBN

978-0-470-19882-7

Format

E-Book (pdf)

Hersteller

Wiley

Herausgeber

Wiley

Genre

Sonstiges

Veröffentlichung

05.11.2007

Digitaler Kopierschutz

Adobe-DRM

Dateigrösse

3.47 MB

Anzahl Seiten

718

Jahr

2007

Untertitel

Englisch

Auflage

2. Aufl.