Python is fast becoming the programming language of choice for hackers, reverse engineers, and software testers because it’s easy to write quickly, and it has the low-level support and libraries that make hackers happy. But until now, there has been no real manual on how to use Python for a variety of hacking tasks. You had to dig through forum posts and man pages, endlessly tweaking your own code to get everything working. Not anymore.
Gray Hat Python explains the concepts behind hacking tools and techniques like debuggers, trojans, fuzzers, and emulators. But author Justin Seitz goes beyond theory, showing you how to harness existing Python-based security tools – and how to build your own when the pre-built ones won’t cut it.
You’ll learn how to:
Automate tedious reversing and security tasks
Design and program your own debugger
Learn how to fuzz Windows drivers and create powerful fuzzers from scratch
Have fun with code and library injection, soft and hard hooking techniques, and other software trickery
Sniff secure traffic out of an encrypted web browser session
Use PyDBG, Immunity Debugger, Sulley, IDAPython, PyEMU, and more
The world’s best hackers are using Python to do their handiwork. Shouldn’t you?
The number of security countermeasures against user-land exploitation is on the rise. Because of this, kernel exploitation is becoming much more popular among exploit writers and attackers. Playing with the heart of the operating system can be a dangerous game: This book covers the theoretical techniques and approaches needed to develop reliable and effective kernel-level exploits and applies them to different operating systems (Linux, Solaris, Mac OS X, and Windows). Kernel exploits require both art and science to achieve. Every OS has its quirks and so every exploit must be molded to fully exploit its target. This book discusses the most popular OS families-UNIX derivatives, Mac OS X, and Windows-and how to gain complete control over them. Concepts and tactics are presented categorically so that even when a specifically detailed exploit has been patched, the foundational information that you have read will help you to write a newer, better attack or a more concrete design and defensive structure.
Covers a range of operating system families – UNIX derivatives, Mac OS X, Windows
Details common scenarios such as generic memory corruption (stack overflow, heap overflow, etc.) issues, logical bugs and race conditions
Delivers the reader from user-land exploitation to the world of kernel-land (OS) exploits/attacks, with a particular focus on the steps that lead to the creation of successful techniques, in order to give to the reader something more than just a set of tricks
Hacking is the art of creative problem solving, whether that means finding an unconventional solution to a difficult problem or exploiting holes in sloppy programming. Many people call themselves hackers, but few have the strong technical foundation needed to really push the envelope.
Rather than merely showing how to run existing exploits, author Jon Erickson explains how arcane hacking techniques actually work. To share the art and science of hacking in a way that is accessible to everyone, Hacking: The Art of Exploitation, 2nd Edition introduces the fundamentals of C programming from a hacker’s perspective.
The included LiveCD provides a complete Linux programming and debugging environment–all without modifying your current operating system. Use it to follow along with the book’s examples as you fill gaps in your knowledge and explore hacking techniques on your own. Get your hands dirty debugging code, overflowing buffers, hijacking network communications, bypassing protections, exploiting cryptographic weaknesses, and perhaps even inventing new exploits. This book will teach you how to:
Program computers using C, assembly language, and shell scripts
Corrupt system memory to run arbitrary code using buffer overflows and format strings
Inspect processor registers and system memory with a debugger to gain a real understanding of what is happening
Outsmart common security measures like nonexecutable stacks and intrusion detection systems
Gain access to a remote server using port-binding or connect-back shellcode, and alter a server’s logging behavior to hide your presence
Redirect network traffic, conceal open ports, and hijack TCP connections
Crack encrypted wireless traffic using the FMS attack, and speed up brute-force attacks using a password probability matrix
Hackers are always pushing the boundaries, investigating the unknown, and evolving their art. Even if you don’t already know how to program, Hacking: The Art of Exploitation, 2nd Edition will give you a complete picture of programming, machine architecture, network communications, and existing hacking techniques. Combine this knowledge with the included Linux environment, and all you need is your own creativity.
Master One of Today’s Most Powerful Techniques for Revealing Security Flaws!
Fuzzing has evolved into one of today’s most effective approaches to test software security. To “fuzz,” you attach a program’s inputs to a source of random data, and then systematically identify the failures that arise. Hackers have relied on fuzzing for years: Now, it’s your turn. In this book, renowned fuzzing experts show you how to use fuzzing to reveal weaknesses in your software before someone else does.
Fuzzing is the first and only book to cover fuzzing from start to finish, bringing disciplined best practices to a technique that has traditionally been implemented informally. The authors begin by reviewing how fuzzing works and outlining its crucial advantages over other security testing methods. Next, they introduce state-of-the-art fuzzing techniques for finding vulnerabilities in network protocols, file formats, and web applications; demonstrate the use of automated fuzzing tools; and present several insightful case histories showing fuzzing at work. Coverage includes:
• Why fuzzing simplifies test design and catches flaws other methods miss
• The fuzzing process: from identifying inputs to assessing “exploitability”
• Understanding the requirements for effective fuzzing
• Comparing mutation-based and generation-based fuzzers
• Using and automating environment variable and argument fuzzing
• Mastering in-memory fuzzing techniques
• Constructing custom fuzzing frameworks and tools
• Implementing intelligent fault detection
Attackers are already using fuzzing. You should, too. Whether you’re a developer, security engineer, tester, or QA specialist, this book teaches you how to build secure software.
About the Author xxvii
PARTI BACKGROUND 1
Chapter 1 Vulnerability Discovery Methodologies 3
Chapter 2 What Is Fuzzing? 21
Chapter 3 Fuzzing Methods and Fuzzer Types 33
Chapter 4 Data Representation and Analysis 45
Chapter 5 Requirements for Effective Fuzzing 61
PART II TARGETS AND AUTOMATION 71
Chapter 6 Automation and Data Generation 73
Chapter 7 Environment Variable and Argument Fuzzing 89
Chapter 8 Environment Variable and Argument Fuzzing: Automation 103
Chapter 9 Web Application and Server Fuzzing 113
Chapter 10 Web Application and Server Fuzzing: Automation 137
Chapter 11 File Format Fuzzing 169
Chapter 12 File Format Fuzzing: Automation on UNIX 181
Chapter 13 File Format Fuzzing: Automation on Windows 197
Chapter 14 Network Protocol Fuzzing 223
Chapter 15 Network Protocol Fuzzing: Automation on UNIX 235
Chapter 16 Network Protocol Fuzzing: Automation on Windows 249
Writing Security Tools and Exploits will be the foremost authority on vulnerability and security code and will serve as the premier educational reference for security professionals and software developers. The book will have over 600 pages of dedicated exploit, vulnerability, and tool code with corresponding instruction. Unlike other security and programming books that dedicate hundreds of pages to architecture and theory based flaws and exploits, this book will dive right into deep code analysis. Previously undisclosed security research in combination with superior programming techniques will be included in both the Local and Remote Code sections of the book.
The book will be accompanied with a companion Web site containing both commented and uncommented versions of the source code examples presented throughout the book. In addition to the book source code, the CD will also contain a copy of the author-developed Hacker Code Library v1.0. The Hacker Code Library will include multiple attack classes and functions that can be utilized to quickly create security programs and scripts. These classes and functions will simplify exploit and vulnerability tool development to an extent never before possible with publicly available software.
* Provides readers with working code to develop and modify the most common security tools including Nmap and Nessus
* Learn to reverse engineer and write exploits for various operating systems, databases, and applications
* Automate reporting and analysis of security log files