- •Exploiting Software How to Break Code
- •Table of Contents
- •Copyright
- •Praise for Exploiting Software
- •Attack Patterns
- •Foreword
- •Preface
- •What This Book Is About
- •How to Use This Book
- •But Isn't This Too Dangerous?
- •Acknowledgments
- •Greg's Acknowledgments
- •Gary's Acknowledgments
- •Bad Software Is Ubiquitous
- •The Trinity of Trouble
- •The Future of Software
- •What Is Software Security?
- •Conclusion
- •Chapter 2. Attack Patterns
- •A Taxonomy
- •An Open-Systems View
- •Tour of an Exploit
- •Attack Patterns: Blueprints for Disaster
- •An Example Exploit: Microsoft's Broken C++ Compiler
- •Applying Attack Patterns
- •Attack Pattern Boxes
- •Conclusion
- •Into the House of Logic
- •Should Reverse Engineering Be Illegal?
- •Reverse Engineering Tools and Concepts
- •Approaches to Reverse Engineering
- •Methods of the Reverser
- •Writing Interactive Disassembler (IDA) Plugins
- •Decompiling and Disassembling Software
- •Decompilation in Practice: Reversing helpctr.exe
- •Automatic, Bulk Auditing for Vulnerabilities
- •Writing Your Own Cracking Tools
- •Building a Basic Code Coverage Tool
- •Conclusion
- •Chapter 4. Exploiting Server Software
- •The Trusted Input Problem
- •The Privilege Escalation Problem
- •Finding Injection Points
- •Input Path Tracing
- •Exploiting Trust through Configuration
- •Specific Techniques and Attacks for Server Software
- •Conclusion
- •Chapter 5. Exploiting Client Software
- •Client-side Programs as Attack Targets
- •In-band Signals
- •Cross-site Scripting (XSS)
- •Client Scripts and Malicious Code
- •Content-Based Attacks
- •Conclusion
- •Chapter 6. Crafting (Malicious) Input
- •The Defender's Dilemma
- •Intrusion Detection (Not)
- •Partition Analysis
- •Tracing Code
- •Reversing Parser Code
- •Misclassification
- •Audit Poisoning
- •Conclusion
- •Chapter 7. Buffer Overflow
- •Buffer Overflow 101
- •Injection Vectors: Input Rides Again
- •Buffer Overflows and Embedded Systems
- •Database Buffer Overflows
- •Buffer Overflows and Java?!
- •Content-Based Buffer Overflow
- •Audit Truncation and Filters with Buffer Overflow
- •Causing Overflow with Environment Variables
- •The Multiple Operation Problem
- •Finding Potential Buffer Overflows
- •Stack Overflow
- •Arithmetic Errors in Memory Management
- •Format String Vulnerabilities
- •Heap Overflows
- •Buffer Overflows and C++
- •Payloads
- •Payloads on RISC Architectures
- •Multiplatform Payloads
- •Prolog/Epilog Code to Protect Functions
- •Conclusion
- •Chapter 8. Rootkits
- •Subversive Programs
- •A Simple Windows XP Kernel Rootkit
- •Call Hooking
- •Trojan Executable Redirection
- •Hiding Files and Directories
- •Patching Binary Code
- •The Hardware Virus
- •Low-Level Disk Access
- •Adding Network Support to a Driver
- •Interrupts
- •Key Logging
- •Advanced Rootkit Topics
- •Conclusion
- •References
- •Index
Preface
Software security is gaining momentum as security professionals realize that computer
security is really all about making software behave. The publication of Building Secure
Software in 2001 (Viega and McGraw) unleashed a number of related books that have |
|
• |
Table of Contents |
crystallized software security as a critical field. Already, security professionals, software
• Index
developers, and business leaders are resonating with the message and asking for more.
Exploiting Software How to Break Code
ByGreg Hoglund,Gary McGraw
Building Secure Software (co-authored by McGraw) is intended for software professionals ranging from developers to managers, and is aimed at helping people develop more secure codePublisher:.ExploitingAddisonSoftwareWesley is useful to the same target audience, but is really intended for
security professionals interested in how to find new flaws in software. This book should be of
Pub Date: February 17, 2004
particular interest to security practitioners working to beef up their software security skills,
ISBN: 0-201-78695-8
including red teams and ethical hackers.
Pages: 512
Exploiting Software is about how to break code. Our intention is to provide a realistic view of the technical issues faced by security professionals. This book is aimed directly toward software security as opposed to network security. As security professionals come to grips with the software security problem, they need to understand how software systems break.
How does software break? How do attackers make software break on purpose? Why are firewalls,Solutions intrusiontoeach ofdetthectionproblemssystemdis,cussedand antivirusin ExploitingsoftwareSoftwarenot keepingcan be outfoundtheinbadBuildingguys?
SecureWhat toolsSoftwarecan be.Theusedtwtobooksreak aresoftwamirrore?Thisimagesbookofprovideseachotherthe. answers.
WeExploitingbelieve thatSoftwaresoftwareisloadedsecuritywithandexamplesapplicatiofnrealsecurityattacks,practiattionersackpatterns,are in fortools,a realityand checktechniques.The problemusedby badisthatguyssimpleto breakand softwarepopularapproaches.If y u wantbeingto protecthawkedyourbysoftwupstartre from "applicationattack, you mustsecurity"first vendorslearnhowasrealsolutionsattacks—suchare reallyascannedcarriedblackout.box testing tools—barely scratch the surface. This book aims to cut directly through the hype to the heart of the
This must-have book may shock you—and it will certainly educate you.Getting beyond the matter. We need to get real about what we're up against. This book describes exactly that.
script kiddie treatment found in many hacking books, you will learn about
Why software exploit will continue to be a serious problem
When network security mechanisms do not work
Attack patterns
Reverse engineering
Classic attacks against server software
Surprising attacks against client software
Techniques for crafting malicious input
The technical details of buffer overflows
Rootkits
Exploiting Softwareis filled with the tools, concepts, and knowledge necessary to break
software.
What This Book Is About
This book closely examines many real-world software exploits, explaining how and why they
work, the attack patterns they are based on, and in some cases how they were discovered.
Along the way, this book also shows how to uncover new software vulnerabilities and how to
• Table of Contents use them to break machines.
•Index
ChapterExploi ing1SoftwadescribesHowwhyto BreaksoftwareCode is the root of the computer security problem. We introduce
thetrinity of trouble—complexity, extensibility, and connectivity—and describe why the
ByGreg Hoglund,Gary McGraw
software security problem is growing. We also describe the future of software and its
implications for software exploit.
Publisher: Addison Wesley
Pub Date: February 17, 2004
Chapter 2 describes the difference between implementation bugs and architectural flaws. We
discussISBN:the 0problem-201-78695of-8securing an open system, and explain why risk management is the
only sanePag s:approach512 . Two real-world exploits are introduced: one very simple and one
technically complex. At the heart of Chapter 2 is a description of attack patterns. We show
how attack patterns fit into the classic network security paradigm and describe the role that
attack patterns play in the rest of the book.
The subject of Chapter 3 is reverse engineering. Attackers disassemble, decompile, and How does software break? How do attackers make software break on purpose? Why are deconstruct programs to understand how they work and how they can be made not to. firewalls, intrusion detection systems, and antivirus software not keeping out the bad guys? Chapter 3 describes common gray box analysis techniques, including the idea of using a What tools can be used to break software? This book provides the answers.
security patch as an attack map. We discuss Interactive Disassembler (IDA), the state-of-the-
art tool used by hackers to understand programs. We also discuss in detail how real cracking Exploiting Softwareis loaded with examples of real attacks, attack patterns, tools, and
tools are built and used.
techniques used by bad guys to break software. If you want to protect your software from
attack, you must first learn how real attacks are really carried out.
InChapters 4,5,6, and 7, we discuss particular attack examples that provide instances of
attack patterns. These examples are marked with an asterisk.
This must-have book may shock you—and it will certainly educate you.Getting beyond the
script kiddie treatment found in many hacking books, you will learn about
Chapters 4 and 5 cover the two ends of the client–server model. Chapter 4 begins where the
bookHacking Exposed [McClure et al., 1999] leaves off, discussing trusted input, privilege
escalation, injection, path tracing, exploiting trust, and other attack techniques specific to Why software exploit will continue to be a serious problem
server software. Chapter 5 is about attacking client software using in-band signals, cross-site
scripting, and mobile code. The problem of backwash attacks is also introduced. Both When network security mechanis s do not work
chapters are studded with attack patterns and examples of real attacks.
Attack patterns
Chapter 6 is about crafting malicious input. It goes far beyond standard-issue "fuzzing" to
discussReveparsetitioengianeeringalysis, tracing code, and reversing parser code. Special attention is paid
to crafting equivalent requests using alternate encoding techniques. Once again, both real-
Classic attacks agaiandst server softwarepatterns
world example exploits the attack that inspire them are highlighted throughout.
Surprising attacks against client softwadreaded
The whipping boy of software security, the buffer overflow, is the subject of Chapter
7. This chapter is a highly technical treatment of buffer overflow attacks that leverages the
Techniques for crafting malicious input
fact that other texts supply the basics. We discuss buffer overflows in embedded systems,
database buffer overflows, buffer overflow as targeted against Java, and content-based buffer
The technical details of buffer overflows
overflows.Chapter 7 also describes how to find potential buffer overflows of all kinds,
including stack overflows, arithmetic errors, format string vulnerabilities, heap overflows,
Rootkits
C++ vtables, and multistage trampolines. Payload architecture is covered in detail for a
number of platforms, including x86, MIPS, SPARC, and PA-RISC. Advanced techniques such Exploiting Softwareis filled with the tools, concepts, and knowledge necessary to break
as active armor and the use of trampolines to defeat weak security mechanisms are also software.
covered.Chapter 7 includes a large number of attack patterns.
Chapter 8 is about rootkits—the ultimate apex of software exploit. This is what it means for a machine to be "owned." Chapter 8 centers around code for a real Windows XP rootkit. We cover call hooking, executable redirection, hiding files and processes, network support, and patching binary code. Hardware issues are also discussed in detail, including techniques used in the wild to hide rootkits in EEPROM. A number of advanced rootkit topics top off Chapter 8.
As you can see, Exploiting Software runs the gamut of software risk, from malicious input to
stealthy rootkits. Using attack patterns, real code, and example exploits, we clearly demonstrate the techniques that are used every day by real malicious hackers against software.
•Table of Contents
•Index
Exploiting Software How to Break Code
ByGreg Hoglund,Gary McGraw
Publisher: Addison Wesley
Pub Date: February 17, 2004
ISBN: 0-201-78695-8
Pages: 512
How does software break? How do attackers make software break on purpose? Why are firewalls, intrusion detection systems, and antivirus software not keeping out the bad guys? What tools can be used to break software? This book provides the answers.
Exploiting Softwareis loaded with examples of real attacks, attack patterns, tools, and techniques used by bad guys to break software. If you want to protect your software from attack, you must first learn how real attacks are really carried out.
This must-have book may shock you—and it will certainly educate you.Getting beyond the script kiddie treatment found in many hacking books, you will learn about
Why software exploit will continue to be a serious problem
When network security mechanisms do not work
Attack patterns
Reverse engineering
Classic attacks against server software
Surprising attacks against client software
Techniques for crafting malicious input
The technical details of buffer overflows
Rootkits
Exploiting Softwareis filled with the tools, concepts, and knowledge necessary to break
software.
How to Use This Book
This book is useful to many different kinds of people: network administrators, security
consultants, information warriors, developers, and security programmers.
•Table of Contents
• If you areIndexresponsible for a network full of running software, you should read this book Exploitingto learnSoftwaretheHowkindsto ofBreakweaknessesCode that exist in your system and how they are likely to
manifest.
ByGreg Hoglund,Gary McGraw
If you are a security consultant, you should read this book so you can effectively locate,
Publisher: Addison Wesley
understand, and measure security holes in customer systems.
Pub Date: February 17, 2004
If you are involved in offensive information warfare, you should use this book to learn
ISBN: 0-201-78695-8
how to penetrate enemy systems through software.
Pages: 512
If you create software for a living, you should read this book to understand how attackers will approach your creation. Today, all developers should be security minded. The knowledge here will arm you with a real understanding of the software security
problem.
How does software break? How do attackers make software break on purpose? Why are
firewalls, intrusion detection systems, and antivirus software not keeping out the bad guys? If you are a security programmer who knows your way around code, you will love this
What tools can be used to break software? This book provides the answers. book.
Exploiting Softwareaudienceis loaded with examples of real attacks, attack patterns, tools, and The primary for this book is the security programmer, but there are important
techniques used by bad guys to break software. If you want to protect your software from lessons here for all computer professionals.
attack, you must first learn how real attacks are really carried out.
This must-have book may shock you—and it will certainly educate you.Getting beyond the script kiddie treatment found in many hacking books, you will learn about
Why software exploit will continue to be a serious problem
When network security mechanisms do not work
Attack patterns
Reverse engineering
Classic attacks against server software
Surprising attacks against client software
Techniques for crafting malicious input
The technical details of buffer overflows
Rootkits
Exploiting Softwareis filled with the tools, concepts, and knowledge necessary to break
software.