Hacking: The Art of Exploitation (2nd Edition)

Hacking, 2nd Edition

The Art of Exploitation
by Jon Erickson
February 2008, 488 pp., w/ CD

Hacking is the art of creative problem solving, whether that means finding an unconventional solution to a difficult problem or exploiting holes in sloppy programming. Many people call themselves hackers, but few have the strong technical foundation needed to really push the envelope.

Rather than merely showing how to run existing exploits, author Jon Erickson explains how arcane hacking techniques actually work. To share the art and science of hacking in a way that is accessible to everyone, Hacking: The Art of Exploitation, 2nd Edition introduces the fundamentals of C programming from a hacker's perspective.

The included LiveCD provides a complete Linux programming and debugging environment—all without modifying your current operating system. Use it to follow along with the book's examples as you fill gaps in your knowledge and explore hacking techniques on your own. Get your hands dirty debugging code, overflowing buffers, hijacking network communications, bypassing protections, exploiting cryptographic weaknesses, and perhaps even inventing new exploits. This book will teach you how to:

  • Program computers using C, assembly language, and shell scripts
  • Corrupt system memory to run arbitrary code using buffer overflows and format strings
  • Inspect processor registers and system memory with a debugger to gain a real understanding of what is happening
  • Outsmart common security measures like nonexecutable stacks and intrusion detection systems
  • Gain access to a remote server using port-binding or connect-back shellcode, and alter a server's logging behavior to hide your presence
  • Redirect network traffic, conceal open ports, and hijack TCP connections
  • Crack encrypted wireless traffic using the FMS attack, and speed up brute-force attacks using a password probability matrix

Hackers are always pushing the boundaries, investigating the unknown, and evolving their art. Even if you don't already know how to program, Hacking: The Art of Exploitation, 2nd Edition will give you a complete picture of programming, machine architecture, network communications, and existing hacking techniques. Combine this knowledge with the included Linux environment, and all you need is your own creativity.

Author Bio 

Jon Erickson has a formal education in computer science and speaks frequently at computer security conferences around the world. He works as a cryptologist and security specialist in Northern California.

Table of contents 

Chapter 0x100: Introduction
Chapter 0x200: Programming
Chapter 0x300: Exploitation
Chapter 0x400: Networking
Chapter 0x500: Shellcode
Chapter 0x600: Countermeasures
Chapter 0x700: Cryptography
Chapter 0x800: Conclusion

View the detailed Table of Contents (PDF)
View the Index (PDF).

Need a copy of the Hacking CD right away? Bought the PDF and wondering how you'll follow along? You can download the .torrent directly here.


"A book this good is a rare find, and certainly worth the read for any individual interested in security. Rating: 9/10"
—Slashdot (Read More)

"We can surely say that this book is one of the essential hacking books of all time."

"This book does a great job of covering C programming, assembly programming, vulnerability discovery, and exploitation all in one. If you are going to read only one book, start here."
—Dino Dai Zovi

"Anyone can read this book to get a good understanding of how network hacking was started . . . if you want to know early 20’s hacking theories, this book is for you!"
—Mic Johnson, Latest Hacking News, "Five Best Hacking Books That Are Still Relevant in 2021"

"Like all good books, Hacking: The Art of Exploitation, 2nd Edition encourages you to get your hands dirty. Each chapter focuses on a series of examples with finely worded guidance from Erickson. It's not a beast of a read either; it is highly accessible with an emphasis on allowing practice of the examples rather than drowning the reader in hacking theory."
—The Register (Read More)

"With especially clear coverage of heap and stack overflows, this book not only explains what's involved in hacking, but walks readers through common tools and techniques."
—InformIT (Read More)

"A security professional's paradise, burrowing down to the code level of dozens of different loopholes and explaining the underlying logic behind the attacks."
—GeekDad on Wired.com (Read More)

"This is a good book. It does a great job of first establishing the mindset of a hacker and then walking the reader step by step through the various techniques of finding interesting ways to solve problems. This in itself is what the author claims is the defining characteristic of a hacker, and I agree."
—;login: The USENIX Magazine (Read More)

"This book will take any programmer well beyond the usual programming techniques covered in conventional programming books."
—Electronic Design (Read More)

"Those whose jobs are to protect computer systems and applications must understand these flaws and techniques in order to fix, prevent and protect against them. This does not only apply to computing, but to any other field where a 'bad guy' can take advantage of a system for their own selfish reasons. Once knowledge has been released, it becomes very difficult to put it back in its box. This book is just knowledge wrapped in a different package. We recommend you strongly consider this title if you would like to enter this field or add to your repertoire."
—Gizmos for Geeks (Read More)

"Jon Erickson has completed the second edition of his seminal work, Hacking: The Art of Exploitation, adding a significant amount of text to the original work. In doing so, he has created a work that will quickly become a "go-to" guide for anyone wanting to learn hacking, or who wants to understand the hacking mindset."
—Blogcritics.org (Read More)

"Personally, this is a book I am extremely glad to own. I see it as a powerful tool in the arsenal of both sysadmins and developers alike in guarding their applications and systems from these attacks, as well as understanding what to look for, how they can happen, and the mindset of those trying them out."
—Cory Foy, software developer (Read More)

"This fantastic little book - actually not so little anymore at 488 pages - is a real gem for the serious code geek, or those in search of their inner code geek."
—The IT Security Guy (Read More)

"I now recommend this book for the Exploitation chapter alone. This chapter covers buffer and function overflows and the format string vulnerability. Buy the book and discover why strings should be formatted like this:

printf("%s", text);

and never like this:


Linux Pro Magazine (Read More)

"Probably the most detailed, thorough, and lucid coverage of 'the fundamental techniques of serious hacking.'"
Major Keary, Linux and Open Source SIG (Read More)

"The most important book on a real hacker's library. . . . I like to think that this book resembles the Holy Grail of Hacking."
Sudo Realm

"Hacking: The Art of Exploitation will cover everything you need to know, however this book is extremely technical and seriously in depth, definitely not for script kiddies. Starts simple and ramps up very fast. I give five stars and a (black) hat off."

Selected by Cyber Defense Magazine as 1 of 100 Best CyberSecurity Books


Page 3:
In the last paragraph, "DCMA" should be "DMCA."

Page 8:
In the first structure under the header 0x231, the phrase "Set of instruction" should read "Set of instructions."

Page 19:
The code in "firstprog.c" reads:
printf("Hello, world!\n");
It should instead read:
puts("Hello, world!\n");

Page 22:
In the first paragraph, the second to last sentence should read: "The 32-bit processors have 2^32 (or 4,294,967,296) possible addresses, while current 64-bit processors have a 48-bit address space, allowing for 2^48 addresses."

Page 25:
The last sentence of the first full paragraph should note that EIP points to a memory address at 0x804837a, not 0x804838a.

Page 38:
The line in the last paragraph that read:
The character array was defined, so 20 bytes are allocated for it, but only 12 of these bytes are actually used.

Should read:
The character array was defined, so 20 bytes are allocated for it, but only 15 of these bytes are actually used.

Page 55:
In the code listing for the pointer_types3.c program, the first for loop's comment should read: "Iterate through the char array with the int_pointer." The second for loop's comment should read: "Iterate through the int array with the char_pointer."

Page 56:
In the code listing for the pointer_types4.c program, the first comment should read: "Iterate through the char array with the void_pointer." The second comment should read: "Iterate through the int array with an unsigned integer."

Page 57:
In the code listing for the pointer_types5.c program, the first comment should read: "Iterate through the char array with an unsigned integer." The second comment should read: "Iterate through the int array with an unsigned integer."

Page 71:
In the stack_example.c code, the text should read "The local variables for the function inclue a 4-byte integer called flag and a 10-character buffer called buffer."

Page 72:
In the block of code at the top of the page, the second line which reads "(gdb) disass test_function()" should instead read "(gdb) disass test_function".

Page 74:
The (2) should be placed at 0xbffff7dc in the gdb listing. This is the last hexword on the second line of the stack listing... directly above where the (4) is. The hexvalue for that position in the text is 0x080483b9.

Page 87:
In section 0x282, in the first section after output: For "simplenote*" files, the owner is reader and the group is users and reader.

Page 88:
In section 0x282, the first sentence of the page after the code should read: "The first command (chmod 731) gives read, write, and execute permissions to the user..."

Page 114:
The statistics "increase your chances of finding the ace from 33 percent to 50 percent" should read "33 percent to 66 percent."

Page 128:
In the diagram, “return_value variable” should be “auth_flag variable”

Page 148:
The third paragraph of this page makes an incorrect reference to notesearch_exploit.c. It should read exploit_notesearch.c.

Page 153:
The last sentence of the fourth paragraph should read "The same password with a different salt produces a different hash."

Page 197:
3rd line, the phrase "next later" should be "next layer".

Page 298:
The following line in the last paragraph:
The extra backslash doesn’t matter and is effectively ignored.

Should now read:
The extra slash doesn’t matter and is effectively ignored.