[Boards: 3 / a / aco / adv / an / asp / b / bant / biz / c / can / cgl / ck / cm / co / cock / d / diy / e / fa / fap / fit / fitlit / g / gd / gif / h / hc / his / hm / hr / i / ic / int / jp / k / lgbt / lit / m / mlp / mlpol / mo / mtv / mu / n / news / o / out / outsoc / p / po / pol / qa / qst / r / r9k / s / s4s / sci / soc / sp / spa / t / tg / toy / trash / trv / tv / u / v / vg / vint / vip / vp / vr / w / wg / wsg / wsr / x / y ] [Search | Extra juicy! | Home]

Is the book "Hacking: The Art Of Exploitation" still

This is a blue board which means that it's for everybody (Safe For Work content only). If you see any adult content, please report it.

Thread replies: 76
Thread images: 2

File: hacking_2E_big.png (110KB, 474x625px) Image search: [iqdb] [SauceNao] [Google]
hacking_2E_big.png
110KB, 474x625px
I haven't read this book yet and I've heard nothing but good things about it, but I downloaded it and it's kinda big so I was wondering if what’s in the book can be applicable now days since it was released in 2008 and things have changed since then. Also give me any other recommendations for books on the same subject.

Thanks in advance
>>
anyone?
>>
>>47795201
Yes.I couldn't get the cd to run though,made following along a pain in the ass.
>>
Yes I believe so, I bought and last read it years ago though, so I could be wrong. I might read it again now.
>>
>Buffer overflows the book
>>
>>47795428
Did you try installing it via Virtualbox? My CD shit the bed when I tried using it as a proper liveCD, but I was able to install it on a VM.
>>
>>47795201

Hacking won't change as long as people continue to hire garbage programmers who write insecure code because they don't care.
>>
>>47796244
hacking won't change as long as people keep packaging JREs with their products
>>
>>47795201
I liked reading it. I never used the CD.
I'm reading Code: The Hidden Language of Computer Hardware and Software and it's pretty good.

>>47796244
Hacking won't change while people still use shitty languages like C and C++ that make trivial mistakes easy.
>>
>>47796222
No,I'll try that someday,thanks.
>>
>>47795201
yes
>>
>>47795201
>and it's kinda big
>any other recommendations for books

It is all about Google and reading, since you seem lazy to read the one single book that has been recommended to you, you should just give up already.
>>
This is a great book, read it. Then go to the exploit-exercises and do some of the CTFs there. If you're too lazy for that then you're too lazy for the computer security field.
>>
It's ok for a background in the kind of things vulnerability analysts would have done 8 years ago. To write an exploit for a similar flaw on a program running on a modern OS is much trickier, and there aren't any good books to help.

I don't have any better suggestions, honestly.
>>
>>47800324
>exploit-exercises
Do the images available come with solutions?
>>
>>47795201
I wouldn't have recommended it to you if it wasn't relevant stupid.
>>
I'd go with this:
http://www.amazon.com/Ethical-Hacking-Penetration-Testing-Guide/dp/1482231611

And don't mind the name--it's only as ethical as you are.
>>
>>47801537
They talk about completely different subjects, read both
>>
>>47803080
From the perspective of software, a lot of the content is the same.
There's not generally networking in penetration testing, but it's very much hacking proper.
>>
Bump for books.

Also, that book is only about 500 pages or so. It's not long at all.
>>
The book is still by todays standards very good!
The only problem with it, is it's advance topics, even with the seconded edition programming tutorials it you will need a strong foundational C skills and basic assembly minimal

Also does anyone elses captcha move around?
>>
I found the PDF of the book and started looking at the table of contents, and what kind of dick uses hexadecimal to label his chapters?
>>
>>47795201
It's pretty good for an intro. You'll need to supplement your knowledge with other stuff, of course, but I found it quite helpful. Pick up a good book or two on languages you're good with or interested in, and depending on what sort of "hacking" you want to do, a book on that as well (reverse engineering, web pen testing, etc.).
>>
>open up the book
>read preface
>get to intro
>spend an hour on the "get to 24" question
>still not done
>>
>>47795201
I haven't read the book, but for exploiting old programs in Linux, you have to disable ASLR:
sudo echo 0 > /proc/sys/kernel/randomize_va_space

and add a flag to gcc when compiling:
-fno-stack-protector

there is another way to disable ASLR in bash:
ulimit -s unlimited


http://askubuntu.com/questions/318315/how-can-i-temporarily-disable-aslr-address-space-layout-randomization
>>
>>47805828
What's the question again?
>>
>>47805848
Using arithmetic operators to turn 1, 3, 4, and 6 into 24. Use each number once.
>>
>>47805871
Can you use any order?
>>
>>47805890
Yeah.
>>
>>47805871
((6<<3)/4)<<1
not sure if this counts as "arithmetic operators", though
>>
>>47806073
I forget what << and >> mean. Are you shifting the numbers? In what base?
>>
>>47795201
I found the actual hacking sections very good, but I would learn C from a different source as the lessons in the book I didn't find very helpful.
>>
>>47806094
They mean bitwise shift. Binary. But I don't think that's the solution, that would feel cheap.
>>
>>47806122
Nah, it said you have to use the operators +, -, /, and * only.
>mfw it's been two hours and I haven't gotten past the intro yet because autism
>>
>>47806136
I don't even do most of the exercises when reading a book.
Learn what the book teaches and then use that knowledge to do your own shit.
>>
File: BHP_cover_final.png (1MB, 757x1000px) Image search: [iqdb] [SauceNao] [Google]
BHP_cover_final.png
1MB, 757x1000px
http://www.nostarch.com/blackhatpython
>>
>>47806147
It wasn't even an exercise. It was using it as an example of what hacking is (finding solutions), and it said that most people can't figure the answer out and the solution was at the end of the book. Just my autism made me think, "Am I 'most people' or am I the amazing autismo I think I am?"
>>
>>47806150
lel
That reminds me of a thread from about a year ago when some retard wanted to make his 'own version of python' which was just going to be normal python with some libraries and tools bundled and a change of the prompt.

>>47806162
If I weren't so lazy, I would have written some loops that try every combination possible.

But yeah, I remember seeing the solution on the last page now.

Just remember, hacking is finding solutions to problems, but that doesn't mean you'll never be one if you can't find every solution.
>>
>>47805871
(1 / 3) + (4 * 6)
>>
>>47806150
http://libgen.org/search.php?req=black+hat+python&lg_topic=libgen&open=0&view=simple&phrase=1&column=def
>>
>>47805871
I got it! 6 / (1 - 3 / 4)
>>
>>47806229
How would that be the answer? that equals 24.333, not 24.
>>
>>47806268
In any decent language, that will yield 6.

Correct answer is >>47806229
>>
>>47806268
>>47806274
integer math in computers != math of real numbers
>>
>>47806277
Oh... it's integer math with computers? I thought it implied regular human math with decimals and shit.
>>
>>47806277
But this wasn't a programming problem, it was supposed to demonstrate the hacker mindset and what hacking is.
>>
>>47806293
It's regular math.

>>47806268
>>47806277
Any decent programming language will have 1 divided by 3 represented as a ratio.
>>
>>47806305
>It's regular math.
in this context, I would have thought that we were talking about asm/C/C++

>Any decent programming language will have 1 divided by 3 represented as a ratio.
idem.
>>
>>47806293
>>47806297
>>47806305
Yeah, reading the intro, it seems to be asking about standard mathematical operations.

>>47806305
>Any decent programming language will have 1 divided by 3 represented as a ratio.
>C isn't a decent programming language

I mean, I like Lisp as much as the next guy, but nah.
>>
>>47806387
>I mean, I like Lisp as much as the next guy, but nah.
It is the only accurate way to show the result in decimal.
>>
>>47806387
Also, C is not a decent programming language.
Lisp and ASM is a much better combination.
>>
>>47806442
Only if you take / with integer arguments to mean floating-point division. In C and similar languages, / with integer arguments is defined to be integer division, so 4/3 = 1 is perfectly accurate.

>>47806456
Now you're just being silly.
>>
>>47806535
>Only if you take / with integer arguments to mean floating-point division. In C and similar languages, / with integer arguments is defined to be integer division, so 4/3 = 1 is perfectly accurate.
Look at the numerical tower.
https://en.wikipedia.org/wiki/Numerical_tower

>Now you're just being silly.
I disagree. Just look at the book in the very OP. C is the reason so many insecure programs exist.
Sure, insecure programs will always exist because of idiots, but C makes basic mistakes thrive into devastating issues.
>>
>>47806578
>https://en.wikipedia.org/wiki/Numerical_tower
And?

>the rest
C doesn't create insecure programs, people create insecure programs.
>>
>>47806268
Can confirm this is correct.
>>
>>47806668
>C doesn't create insecure programs, people create insecure programs.
That is true, I said that.
C makes creating secure programs extremely difficult in comparison to other languages.
You can't even be sure that the semantics of your program will remain consistent across architectures.
Then you have shit like malloc calls not being checked automatically. Name one instance in which you wouldn't want to check a malloc call. If it's something like embedded development and you could be sure it wouldn't fail, you could use your own special malloc.

Much of the insecurities of C are not doing things automatically that you're already going to want to do. All that does is let you forget to do things when they should be done and create security issues. Even experienced C programmers commit these same basic mistakes repeatedly.
>>
>>47806694
Are you not the one who just advocated using assembly?
>>
>>47806754
I don't see how that contradicts what I said.

With C, you can't even know when the compiler fucks up your program.

http://blog.llvm.org/2011/05/what-every-c-programmer-should-know.html
>>
>>47806771
Just so I'm clear, then, how much hand-holding do you want?
>>
>>47806787
Why are you calling the rules of a basic system hand-holding?

Do you also think seatbelts are bad?
>>
>>47806837
Well, it is hand-holding. Every language provides some level of it, something like Python more than something like C. I'm just not sure what level you're wanting here, since you seem to dislike C because of its lack of safety and potential portability issues, but then advocated the use of assembly (granted in conjunction with Lisp).

As for your second question, no. But I wouldn't automatically say a vehicle without them was "not a decent vehicle."
>>
>>47806837
Different guy, I would say seatbelts are good, but the "safety" of a Volvo causes wreckless driving sometimes. It teaches bad practice.
>>
>>47806915
>>47806948
Saying hand-holding obviously has an agenda behind it.
Languages define a system where things can and can't happen. That is not hand-holding.
You can't avoid assembly. You can avoid C. Did you even read what I linked?
>>
>>47806979
>agenda
Christ, back to /x/ with you.
>>
>>47807016
Meant /pol/. Either way. :P
>>
>>47805871

well so far I know that 24 - 6 = 18
18 /3 = 6
6*1 = 6
6*4 = 24

but I don't know if you're allowed to use the equation format .

Is it just the rvalue expression or can we use the variable too lvalue too?
>>
>>47807035
I think it's been settled that the book is asking for a solution using standard arithmetic operations, so >>47806268 is correct. Assuming integer division, we have >>47806229.
>>
>>47806305
>It's regular math

That is so misleading. The only reason it equals out to 24 is because ints truncate the decimal.

assign that first ints value to a double and you get the truncated value.

Assign the original expression as a floating point expression and you get the full .3333 assignment.

It's integer mathematics, not regular mathematics.
>>
>>47807100
I agree
>>47806268
is what the book is asking for.
>>47806229
is what the book will eventually lead you in to using, though.

Every book has a hook.
>>
>>47806268
This is the answer that's on the back of the book
Confirmed correct
>>
>>47795201
It's an amazing book. Not just for hacking, but for coding in general.
>>
I'm getting finished with a book that's around 1100 pages. It's fun.
I've already finished the main 29 chapters and now I'm making my way through the appendixes.
I'm also simultaneously getting done with a book that's around 300 pages. It only has 13 main chapters and about 5 appendixes though. I'm almost done with the 12th chapter right now.
I'm also about halfway done with another book with around 500 pages. It's got around 25 chapters and I'm on chapter 12 right now.
I'm also about halfway done with two of the main Emacs manuals, one on the editor itself and the other on Emacs Lisp, but I haven't made progress in those for a few months. Emacs is fun to learn as you use it. I've also been deliberating on whether I should learn a different Emacs or not, but I'll probably resume both of those books soon.

What are you reading, /g/?
>>
>>47795428
install ubuntu
turn off aslr...

done.
>>
>>47797203
>shitty languages like C
What's bad about C? I know about C++, but what's the problem with C?
>>
>>47807539
We've already had this discussion. The objection to C seems to be that it expects you not to shit yourself and to change your own diaper if you do.
>>
>>47807539
>Undefined behavior changes across architectures, leading to programs that don't behave correctly if you want 'optimizations'
>Doesn't do shit that you want to do anyway, like check malloc calls and check array lengths before writing the fuckers somewhere else
There's just a slew of problems with the language. It doesn't help that you have people going around saying shit like 'C is the ideal programming language' and other lies.

Read this too:
http://blog.llvm.org/2011/05/what-every-c-programmer-should-know.html
Thread posts: 76
Thread images: 2


[Boards: 3 / a / aco / adv / an / asp / b / bant / biz / c / can / cgl / ck / cm / co / cock / d / diy / e / fa / fap / fit / fitlit / g / gd / gif / h / hc / his / hm / hr / i / ic / int / jp / k / lgbt / lit / m / mlp / mlpol / mo / mtv / mu / n / news / o / out / outsoc / p / po / pol / qa / qst / r / r9k / s / s4s / sci / soc / sp / spa / t / tg / toy / trash / trv / tv / u / v / vg / vint / vip / vp / vr / w / wg / wsg / wsr / x / y] [Search | Top | Home]
Please support this website by donating Bitcoins to 16mKtbZiwW52BLkibtCr8jUg2KVUMTxVQ5
If a post contains copyrighted or illegal content, please click on that post's [Report] button and fill out a post removal request
All trademarks and copyrights on this page are owned by their respective parties. Images uploaded are the responsibility of the Poster. Comments are owned by the Poster.
This is a 4chan archive - all of the content originated from that site. This means that 4Archive shows an archive of their content. If you need information for a Poster - contact them.