REVIEW - The Shellcoder's Handbook - Discovering and Exploiting Security Holes


Title:

The Shellcoder's Handbook

Discovering and Exploiting Security Holes

Author:

Jack Koziol

ISBN:

Publisher:

John Wiley & Sons Incorporated (2004)

Pages:

620pp

Reviewer:

Richard Putman

Reviewed:

December 2004

Rating:

★★★★★


looks at how to discover vulnerabilities with some useful tools

It is forgivable, looking at the main title, to think that this book is a reference for writing bash or korn shell scripts, but in fact 'shellcode' is the name given to the piece of code that is run after gaining control of a vulnerable program. Shellcode is so named because often the injected codes are instructions that will launch a root shell under unix.

If you have ever wondered about the story behind the security holes announced seemingly daily this book will show you why they occur, how the exploits work and the methods that led them to be discovered in the first place.

The book has four parts: the first hundred pages covers an introduction to exploitation on Linux x86 systems, the second hundred looks at Windows and another hundred covering Solaris and HP Tru64 systems. The third part looks at how to discover vulnerabilities with some useful tools and a final more advanced section looks at alternative shellcodes, database and kernel hacking.

There are a number of typos in the text and no errata page has yet appeared on the publisher's website, indeed the links to resources mentioned throughout the book have yet to appear either, although the example code is there for download. The text is well written and structured with a conclusion at the end of each chapter.

Much of the book is assembler, often embedded in C code, or occasionally python scripts and although there is a brief review, you should already be comfortable reading assembler, or be prepared to learn quickly, to enjoy this book.

Many of the ideas are simple - overfilling buffers that are processing user input, but the low-level nature, restricted memory spaces and unknown elements, such as where the code will be executing in memory, often create layers of dependent problems magnifying the complexity. It can take considerable skill and ingenuity to turn a vulnerability into an exploit, not to mention a certain amount of luck, unsurprisingly it is often thought of as a black art.

This book then is essentially a compendium of the techniques and resources used by several clearly experienced hackers; the aim being to teach a creative approach rather than list known exploits. What comes across in the tone of the book is the authors' desire for the reader to succeed and enjoy the challenge as much as they obviously do.

There is quite a bit of hand holding and encouragement early on to get past the point where most people give up but it is also a rich source of information with index and deserves the title 'handbook'.

For programmers who have no interest in creating their own exploits, is there anything in this book? Well yes, the section on vulnerability discovery contains interesting information about the authors' favourite tools; there is a chapter on fuzzing (generating automated test input to discover bugs in your program) and source code auditing showing many common faults in C code. However, the direction of the book is very clear - to subvert a target system.

Writing shellscripts is surprisingly good fun and the book will appeal to those who enjoy tricky programming puzzles and those who want an advanced but accessible low level security perspective on the programs they write and the operating systems they use. Highly recommended. It seems to me you should read this book even if you never intend to crack anyone else's system. You need to understand what you must protect your programs from. Francis


Book cover image courtesy of Open Library.





Your Privacy

By clicking "Accept Non-Essential Cookies" you agree ACCU can store non-essential cookies on your device and disclose information in accordance with our Privacy Policy and Cookie Policy.

Current Setting: Non-Essential Cookies REJECTED


By clicking "Include Third Party Content" you agree ACCU can forward your IP address to third-party sites (such as YouTube) to enhance the information presented on this site, and that third-party sites may store cookies on your device.

Current Setting: Third Party Content EXCLUDED



Settings can be changed at any time from the Cookie Policy page.