Sockets, shellcode, porting & coding : reverse engineering exploits and tool coding for security professionals / James C. Foster with Mike Price ; foreword by Stuart McClure.

By:

Foster, James C

Contributor(s):

Material type: Text

TextPublication details: Rockland, MA : Syngress Pub. Inc., ; [Sebastopol, CA] : Distributed by O'Reilly Media in the United States and Canada, 2005.Description: xxviii, 665 p. : ill. ; 24 cmISBN:

9781597490054 (pbk.)
1597490059 (pbk.)

Subject(s):

DDC classification:

005.8

Summary: Covers in detail the five most important disciplines for security professionals and software developers: coding, sockets, shellocode, porting applications, and coding security tools.

Holdings
Item type	Current library	Call number	Status	Date due	Barcode
Standard Loan	Thurles Library Main Collection	005.8 FOS (Browse shelf(Opens below))	Available		30026000010529

Browsing Thurles Library shelves, Shelving location: Main Collection Close shelf browser (Hides shelf browser)

Previous								Next
Previous	005.7585 VAS MySQL database usage & administration /	005.785 SAD NoSQL distilled : a brief guide to the emerging world of polyglot persistence /	005.8 CHI Access control, security, and trust : a logical approach /	005.8 FOS Sockets, shellcode, porting & coding : reverse engineering exploits and tool coding for security professionals /	005.8 KAD Endpoint security /	005.8 KAU Network security : private communication in a public world /	005.8 LIT The Oracle hacker's handbook : hacking and defending Oracle /	Next

Enhanced descriptions from Syndetics:

The book is logically divided into 5 main categories with each category representing a major skill set required by most security professionals:

1. Coding - The ability to program and script is quickly becoming a mainstream requirement for just about everyone in the security industry. This section covers the basics in coding complemented with a slue of programming tips and tricks in C/C++, Java, Perl and NASL.

2. Sockets - The technology that allows programs and scripts to communicate over a network is sockets. Even though the theory remains the same - communication over TCP and UDP, sockets are implemented differently in nearly ever language.

3. Shellcode - Shellcode, commonly defined as bytecode converted from Assembly, is utilized to execute commands on remote systems via direct memory access.

4. Porting - Due to the differences between operating platforms and language implementations on those platforms, it is a common practice to modify an original body of code to work on a different platforms. This technique is known as porting and is incredible useful in the real world environments since it allows you to not "recreate the wheel."

5. Coding Tools - The culmination of the previous four sections, coding tools brings all of the techniques that you have learned to the forefront. With the background technologies and techniques you will now be able to code quick utilities that will not only make you more productive, they will arm you with an extremely valuable skill that will remain with you as long as you make the proper time and effort dedications.

Includes appendices and index.

Covers in detail the five most important disciplines for security professionals and software developers: coding, sockets, shellocode, porting applications, and coding security tools.

Table of contents provided by Syndetics

Foreword (p. xxvii)
Chapter 1 Security Coding (p. 1)
Introduction (p. 2)
C/C++ (p. 3)
Language Characteristics (p. 3)
Hello, World! Example (p. 5)
Data Types (p. 5)
Flow Control (p. 8)
Functions (p. 9)
Classes (C++ Only) (p. 10)
Case Study: Fourier Estimation (p. 12)
Java (p. 14)
Language Characteristics (p. 15)
Hello, World! (p. 17)
Data Types (p. 17)
Flow Control (p. 18)
Methods (p. 20)
Classes (p. 20)
GET HTTP Headers (p. 22)
C# (p. 23)
Business Case for Migrating to C# (p. 24)
Language Characteristics (p. 24)
C#'s Hello, World! (p. 26)
Data Types (p. 26)
Flow Control (p. 27)
Methods (p. 29)
Classes (p. 30)
C# Threading (p. 31)
Case Study: Command Line IP Address Parsing (p. 32)
Perl (p. 40)
Data Types (p. 41)
Operators (p. 42)
A Sample Perl Script (p. 45)
Special Variables (p. 46)
Pattern Matching and Substitution (p. 47)
Regular Expression Modifiers (p. 48)
Canonical Perl Tools (p. 49)
I Am a Perl Coder! (p. 49)
A Log Modification Utility (p. 50)
Python (p. 55)
InlineEgg (p. 56)
Summary (p. 60)
Solutions Fast Track (p. 61)
Links to Sites (p. 62)
Frequently Asked Questions (p. 63)
Chapter 2 NASL Scripting (p. 65)
Introduction (p. 66)
History (p. 66)
Goals of NASL (p. 66)
NASL Script Syntax (p. 68)
Writing NASL Scripts (p. 77)
Writing Personal-use Tools in NASL (p. 78)
Programming in the Nessus Framework (p. 80)
Case Study: The Canonical NASL Script (p. 82)
Porting to and from NASL (p. 86)
Logic Analysis (p. 86)
Summary (p. 95)
Solutions FastTrack (p. 95)
Links to Sites (p. 97)
Frequently Asked Questions (p. 97)
Chapter 3 BSD Sockets (p. 99)
Introduction (p. 100)
Introduction to BSD Sockets Programming (p. 100)
TCP Clients and Servers (p. 101)
Compilation (p. 102)
Example Execution (p. 102)
Analysis (p. 102)
Compilation (p. 105)
Analysis (p. 105)
Analysis (p. 106)
UDP Clients and Server (p. 107)
Compilation (p. 109)
Example Execution (p. 109)
Analysis (p. 109)
Compilation (p. 111)
Example Execution (p. 111)
Analysis (p. 111)
Compilation (p. 113)
Example Execution (p. 113)
Analysis (p. 113)
Compilation (p. 115)
Example Execution (p. 115)
Analysis (p. 115)
Socket Options (p. 116)
Analysis (p. 118)
Network Scanning with UDP Sockets (p. 118)
Compilation (p. 125)
Example Execution (p. 125)
Analysis (p. 125)
Network Scanning with TCP Sockets (p. 127)
Compilation (p. 136)
Analysis (p. 136)
Threading and Parallelism (p. 139)
Summary (p. 141)
Solutions Fast Track (p. 141)
Links to Sites (p. 143)
Frequently Asked Questions (p. 143)
Chapter 4 Windows Sockets (Winsock) (p. 145)
Introduction (p. 146)
Winsock Overview (p. 146)
Winsock 2.0 (p. 148)
Linking through Visual Studio 6.0 (p. 148)
Linking through Source Code (p. 148)
Case Study: Using WinSock to Grab a Web Page (p. 153)
Writing Client Applications (p. 154)
Writing Server Applications (p. 158)
Writing Exploit and Vulnerability Checking Programs (p. 161)
Summary (p. 169)
Solutions Fast Track (p. 170)
Frequently Asked Questions (p. 170)
Case Study: Using WinSock to Execute a Web Attack (p. 172)
Case Study: Using Winsock to Execute a Remote Buffer Overflow (p. 174)
Chapter 5 Java Sockets (p. 177)
Introduction (p. 178)
An Overview of TCP/IP (p. 178)
TCP Clients (p. 179)
IP Addresses and Hostname Resolution (p. 183)
Text-Based Input/Output: The LineNumberReader Class (p. 186)
TCP Servers (p. 189)
Using a Web Browser to Connect to TCPServer1 (p. 193)
Handling Multiple Connections (p. 194)
WormCatcher (p. 204)
UDP Clients and Servers (p. 209)
Summary (p. 217)
Solutions Fast Track (p. 217)
Frequently Asked Questions (p. 218)
Chapter 6 Writing Portable Code (p. 221)
Introduction (p. 222)
UNIX and Microsoft Windows Porting Guide (p. 222)
Pre-compiler Directives (p. 222)
Using ifdefs (p. 223)
Determining the Operating System (p. 225)
Byte Ordering (p. 226)
Process Creation and Termination (p. 229)
exec (p. 229)
fork (p. 234)
exit (p. 234)
Multithreading (p. 234)
Thread Creation (p. 234)
Thread Coordination (p. 237)
Signals (p. 242)
File Handling (p. 244)
Directory Handling (p. 247)
Libraries (p. 250)
Dynamic Loading of Libraries (p. 252)
Daemon/Win32 Service Programming (p. 256)
Memory Management (p. 262)
Command-line Argument Processing (p. 263)
Integer Data Types (p. 267)
Summary (p. 269)
Solutions Fast Track (p. 269)
Frequently Asked Questions (p. 269)
Chapter 7 Portable Network Programming (p. 273)
Introduction (p. 274)
BSD Sockets and Winsock (p. 274)
Winsock Requirements (p. 274)
Portable Components (p. 276)
Return Values (p. 276)
Extended Error Information (p. 278)
The API (p. 280)
Winsock 2.0 Extensions (p. 280)
read(), write() (p. 280)
socket() (p. 280)
connect() (p. 282)
bind() (p. 285)
listen() (p. 287)
accept() (p. 290)
select() (p. 293)
send(), sendto() (p. 298)
recv(), recvfrom() (p. 301)
Close(), Closesocket() (p. 305)
setsockopt() (p. 307)
Ioctl(), Ioctlsocket() (p. 309)
Raw Sockets (p. 312)
API Overview (p. 312)
Header Files (p. 312)
Local IP Address Determination (p. 317)
User Supplied (p. 317)
Listing Interfaces (p. 318)
Pcap and WinPcap (p. 323)
Summary (p. 329)
Solutions Fast Track (p. 329)
Frequently Asked Questions (p. 330)
Chapter 8 Writing Shellcode I (p. 333)
Introduction (p. 334)
Overview of Shellcode (p. 334)
The Addressing Problem (p. 339)
The NULL Byte Problem (p. 341)
Implementing System Calls (p. 342)
System Call Numbers (p. 342)
Remote Shellcode (p. 345)
Port Binding Shellcode (p. 345)
Socket Descriptor Reuse Shellcode (p. 346)
Local Shellcode (p. 348)
execve Shellcode (p. 348)
setuid Shellcode (p. 349)
chroot Shellcode (p. 350)
Windows Shellcode (p. 354)
Summary (p. 359)
Solutions Fast Track (p. 360)
Links to Sites (p. 362)
Mailing Lists (p. 362)
Frequently Asked Questions (p. 363)
Chapter 9 Writing Shellcode II (p. 365)
Introduction (p. 366)
Shellcode Examples (p. 366)
The Write System Call (p. 368)
execve Shellcode (p. 372)
Port Binding Shellcode (p. 380)
The socket System Call (p. 383)
The bind System Call (p. 383)
The listen System Call (p. 384)
The accept System Call (p. 385)
The dup2 System Calls (p. 385)
The execve System Call (p. 386)
Reverse Connection Shellcode (p. 391)
Socket Reusing Shellcode (p. 394)
Reusing File Descriptors (p. 396)
Encoding Shellcode (p. 402)
Reusing Program Variables (p. 407)
OS-Spanning Shellcode (p. 411)
Understanding Existing Shellcode (p. 412)
Summary (p. 416)
Solutions Fast Track (p. 416)
Links to Sites (p. 418)
Mailing Lists (p. 418)
Frequently Asked Questions (p. 419)
Chapter 10 Writing Exploits I (p. 421)
Introduction (p. 422)
Targeting Vulnerabilities (p. 422)
Remote and Local Exploits (p. 423)
Format String Attacks (p. 424)
Format Strings (p. 424)
Fixing Format String Bugs (p. 426)
Case Study: xlockmore User-Supplied Format String Vulnerability CVE-2000-0763 (p. 427)
TCP/IP Vulnerabilities (p. 429)
Race Conditions (p. 430)
File Race Conditions (p. 430)
Signal Race Conditions (p. 431)
Case Study: man Input Validation Error (p. 432)
Summary (p. 435)
Solutions Fast Track (p. 435)
Links to Sites (p. 436)
Frequently Asked Questions (p. 437)
Chapter 11 Writing Exploits II (p. 439)
Introduction (p. 440)
Coding Sockets and Binding for Exploits (p. 440)
Client-Side Socket Programming (p. 441)
Server-Side Socket Programming (p. 442)
Stack Overflow Exploits (p. 444)
Memory Organization (p. 444)
Stack Overflows (p. 446)
Finding Exploitable Stack Overflows in Open-Source Software (p. 449)
Case Study: X11R6 4.2 XLOCALEDIR Overflow (p. 450)
Finding Exploitable Stack Overflows in Closed-Source Software (p. 454)
Heap Corruption Exploits (p. 455)
Case Study: OpenSSL SSLv2 Malformed Client Key Remote Buffer Overflow Vulnerability CAN-2002-0656 (p. 459)
Integer Bug Exploits (p. 472)
Integer Wrapping (p. 472)
Bypassing Size Checks (p. 475)
Other Integer Bugs (p. 476)
Case Study: OpenSSH Challenge Response Integer Overflow Vulnerability CVE-2002-0639 (p. 477)
Vulnerability Details (p. 477)
Case Study: UW POP2 Buffer Overflow Vulnerability CVE-1999-0920 (p. 480)
Vulnerability Details (p. 480)
Summary (p. 488)
Solutions Fast Track (p. 488)
Links to Sites (p. 489)
Frequently Asked Questions (p. 490)
Chapter 12 Writing Exploits III (p. 491)
Introduction (p. 492)
Using the Metasploit Framework (p. 492)
Exploit Development with Metasploit (p. 498)
Determining the Attack Vector (p. 499)
Finding the Offset (p. 499)
Selecting a Control Vector (p. 504)
Finding a Return Address (p. 509)
Using the Return Address (p. 513)
Determining Bad Characters (p. 514)
Determining Space Limitations (p. 515)
Nop Sleds (p. 517)
Choosing a Payload and Encoder (p. 518)
Integrating Exploits into the Framework (p. 527)
Understanding the Framework (p. 527)
Analyzing an Existing Exploit Module (p. 528)
Overwriting Methods (p. 533)
Summary (p. 534)
Solutions Fast Track (p. 534)
Links to Sites (p. 535)
Frequently Asked Questions (p. 536)
Chapter 13 Writing Security Components (p. 539)
Introduction (p. 540)
COM (p. 540)
COM Objects (p. 540)
COM Interfaces (p. 541)
The COM Runtime (p. 541)
COM Object Implementation (p. 542)
COM IN-PROCESS Server Implementation (p. 544)
ATL (p. 546)
C++ Templates (p. 546)
ATL Client Technologies (p. 547)
ATL Server Technologies (p. 550)
ATL Attributes (p. 563)
Adding COM Extensions to the RPCDump Tool (p. 567)
COM EXE Server Implementation (p. 568)
Control Flow (p. 571)
Application Integration Routines (p. 573)
Tool Interface Definition (p. 575)
Component Classes (p. 578)
Application Integration: COMSupport.h (p. 584)
Application Integration: RPCDump.C (p. 585)
Summary (p. 587)
Solutions Fast Track (p. 588)
Links to Sites (p. 588)
Frequently Asked Questions (p. 589)
Chapter 14 Creating a Web Security Tool (p. 593)
Introduction (p. 594)
Design (p. 594)
Attack Signature Format (p. 594)
Signatures (p. 595)
In-Depth Analysis (p. 595)
Header Files (p. 616)
Compilation (p. 619)
Execution (p. 619)
Tool Output (p. 620)
Summary (p. 621)
Solutions Fast Track (p. 621)
Links to Sites (p. 622)
Frequently Asked Questions (p. 622)
Appendix A Glossary (p. 625)
Appendix B Security Tool Compendium (p. 633)
Source Code Auditing (p. 633)
Shellcode Tools (p. 634)
Debuggers (p. 634)
Compilers (p. 634)
Hardware Simulators (p. 635)
Security Libraries (p. 636)
Vulnerability Analysis (p. 636)
Network Traffic Analysis (p. 637)
Packet Generation (p. 638)
Scanners (p. 638)
Appendix C Exploit Archives (p. 639)
Online Exploit Archives (p. 640)
Appendix D Syscall Reference (p. 641)
exit (int) (p. 642)
open (file, flags, mode) (p. 642)
close (filedescriptor) (p. 642)
read (filedescriptor, pointer to buffer, amount of bytes) (p. 642)
write (filedescriptor, pointer to buffer, amount of bytes) (p. 642)
execve (file, file + arguments, environment data) (p. 642)
socketcall (callnumber, arguments) (p. 642)
socket (domain, type, protocol) (p. 643)
bind (file descriptor, sockaddr struct, size of arg 2) (p. 643)
listen (file descriptor, number of connections allowed in queue) (p. 643)
accept (file descriptor, sockaddr struct, size of arg 2) (p. 643)
Appendix E Data Conversion Reference (p. 645)
Index (p. 653)

Author notes provided by Syndetics

James C. Foster, Fellow, is the Deputy Director of Global Security Solution Development for Computer Sciences Corporation where he is responsible for the vision and development of physical, personnel, and data security solutions. Preceding CSC, Foster was the Director of Research and Development for Foundstone Inc. and was responsible for all aspects of product, consulting, and corporate R&D initiatives. Prior to joining Foundstone, Foster was an Executive Advisor and Research Scientist with Guardent Inc. and an adjunct author at Information Security Magazine, subsequent to working as Security Research Specialist for the Department of Defense. Foster is also a well published author with multiple commercial and educational papers; and has authored, contributed, or edited for major publications to include Snort 2.1 Intrusion Detection (Syngress, ISBN: 1-931836-04-3), Hacking Exposed, Fourth Edition, Anti-Hacker Toolkit, Second Edition, Advanced Intrusion Detection, Hacking the Code: ASP.NET Web Application Security (Syngress, ISBN: 1-932266-65-8), Anti-Spam Toolkit, Google Hacking for Penetration Techniques (Syngress, ISBN: 1-931836-36-1), and Sockets, Shellcode, Porting and Coding (Syngress ISBN: 1-597490-05-9).