|
Free ebooks
 Operating System Linux The Shellcoder’s Handbook Second Edition: Discovering and Exploiting Security Holes
|
 You have in your hands The Shellcoder’s Handbook Second Edition: Discovering and Exploiting Security Holes. The first edition of this volume attempted to show the reader how security vulnerabilities are discovered and exploited, and this edition holds fast to that same objective. If you’re a skilled network auditor, software developer, or sysadmin and you want to understand how bugs are found and how exploits work at the lowest level, you’ve come to the right place.So what’s this ebook about? Well, the preceding quotation more or less sums it up. This book is mostly concerned with arbitrary code execution vulnerabilities, by which we mean bugs, that allow attackers to run code of their choice on the target machine. This generally happens when a program interprets a piece of data as a part of the program—part of an http “Host” header becomes a return address, part of an email address becomes a function pointer, and so on. The program ends up executing the data the attacker supplied with disastrous effects. The architecture of modern processors, operating systems, and compilers lends itself toward this kind of problem—as the good Countess wrote, “the symbols of operation are frequently also the symbols of the results of operations.” Of course, she was writing about the difficulty of discussing mathematics when the number “5” might also mean “raised to the power of 5” or “the fifth element of a series,” but the basic idea is the same. If you confuse code and data, you’re in a world of trouble. This subject area has become much more complicated since the first edition of this volume was published; the world has moved on since 2004. It’s now commonplace for compilers and operating systems to have built-in measures that protect against the types of vulnerabilities this book is mostly concerned with, though it’s also true to say that these measures are far from perfect. Nor does the supply of arbitrary-code execution bugs look to be drying up any time soon, despite advances in methods for finding them—if you check out the U.S. National Vulnerability Database Web site (nvd.nist.gov), click “statistics” and select “buffer overflow,” you’ll see that buffer overflows continue to increase in number, running at around 600 per year in 2005 and 2006, with 2007 on course to match or exceed that. So it’s clear that we still need to know about these bugs and how they’re exploited—in fact, there’s a strong argument that it’s more important to know about the precise mechanisms now that we have so many partial defenses to choose from when considering how to protect ourselves. If you’re auditing a network, a working exploit will give you 100 percent confidence in your assessment, and if you’re a software developer, creating proof-of-concept exploits can help understand which bugs need to be fixed first. If you’re purchasing a security product, knowing how to get around a non-executable stack, exploit a tricky heap overflow, or write your own exploit encoder will help you to make a better judgment of the quality of the various vendors. In general, knowledge is preferable to ignorance. The bad guys already know this stuff; the network-auditing, software-writing, network-managing public should know it, too. So why is this book different? Well, first, the authors find and exploit bugs as part of their day jobs. We’re not just writing about this stuff; we’re doing it on a daily basis. Second, you’ll not see us writing too much about tools. Mostof the content of this book is concerned with the raw meat of security bugs — assembler, source code, the stack, the heap, and so on. These ideas allow you to write tools rather than just use tools written by others. Download free ebooks on linux: The Shellcoders Handbook
|
