Hacking: The Art of Exploitation: The Art of Exploitation and over one million other books are available for Amazon Kindle. Learn more
  • List Price: CDN$ 54.95
  • You Save: CDN$ 15.76 (29%)
Only 10 left in stock (more on the way).
Ships from and sold by Amazon.ca.
Gift-wrap available.
Hacking : The Art of Expl... has been added to your Cart
+ CDN$ 6.49 shipping
Used: Acceptable | Details
Sold by BooksfromUSA
Condition: Used: Acceptable
Comment: NO CD In Stock. Ships from USA;Please allow 9-15 business days for your book to arrive in the Canada. Excellent customer service.
Have one to sell?
Flip to back Flip to front
Listen Playing... Paused   You're listening to a sample of the Audible audio edition.
Learn more
See all 2 images

Hacking : The Art of Exploitation, 2nd Edition Paperback – Feb 4 2008

See all 2 formats and editions Hide other formats and editions
Amazon Price New from Used from
Kindle Edition
"Please retry"
"Please retry"
CDN$ 39.19
CDN$ 22.14 CDN$ 17.28

Frequently Bought Together

Hacking : The Art of Exploitation, 2nd Edition + Metasploit: The Penetration Tester's Guide + The Basics of Hacking and Penetration Testing: Ethical Hacking and Penetration Testing Made Easy
Price For All Three: CDN$ 101.09

Buy the selected items together

Product Details

  • Paperback: 480 pages
  • Publisher: No Starch Press; Second Edition edition (Feb. 4 2008)
  • Language: English
  • ISBN-10: 1593271441
  • ISBN-13: 978-1593271442
  • Product Dimensions: 17.8 x 3 x 23.5 cm
  • Shipping Weight: 862 g
  • Average Customer Review: 4.5 out of 5 stars  See all reviews (4 customer reviews)
  • Amazon Bestsellers Rank: #54,604 in Books (See Top 100 in Books)
  • See Complete Table of Contents

Product Description

About the Author

Jon Erickson has a formal education in computer science and has been hacking and programming since he was five years old. He speaks at computer security conferences and trains security teams around the world. Currently, he works as a vulnerability researcher and security specialist in Northern California.

Inside This Book (Learn More)
Browse Sample Pages
Front Cover | Copyright | Table of Contents | Excerpt | Index | Back Cover
Search inside this book:

What Other Items Do Customers Buy After Viewing This Item?

Customer Reviews

4.5 out of 5 stars
5 star
4 star
3 star
2 star
1 star
See all 4 customer reviews
Share your thoughts with other customers

Most helpful customer reviews

3 of 3 people found the following review helpful By T Wright on July 2 2014
Format: Paperback Verified Purchase
Definitely not for beginners. While the first 19 pages do a decent job of teaching the fundamentals of programming, the book then takes off at break neck speed, leaving the novice in the dust. The amount of information in this book is overwhelming.

If you know at least one high level programming language, are an expert in assembly language, and have a comprehensive knowledge about the inner workings of microprocessors, this may be the book for you. Also, if you are going to tackle the cryptography section, you are going to need to know advanced math.

The advertising for this book should read: for advanced users only.
Was this review helpful to you? Yes No Sending feedback...
Thank you for your feedback. If this review is inappropriate, please let us know.
Sorry, we failed to record your vote. Please try again.
1 of 1 people found the following review helpful By Maxime Santerre on Sept. 3 2012
Format: Paperback Verified Purchase
This is a great book for someone who wants to have an introduction to how software is exploited. For something a bit more practical I would recommend the web hacking book instead since exploits like these are rare amongst current software.
Was this review helpful to you? Yes No Sending feedback...
Thank you for your feedback. If this review is inappropriate, please let us know.
Sorry, we failed to record your vote. Please try again.
By Martin on Jan. 4 2015
Format: Paperback Verified Purchase
Interesting read; even after taking assembly coding course.
Was this review helpful to you? Yes No Sending feedback...
Thank you for your feedback. If this review is inappropriate, please let us know.
Sorry, we failed to record your vote. Please try again.
Format: Paperback Verified Purchase
Was this review helpful to you? Yes No Sending feedback...
Thank you for your feedback. If this review is inappropriate, please let us know.
Sorry, we failed to record your vote. Please try again.

Most Helpful Customer Reviews on Amazon.com (beta)

Amazon.com: 107 reviews
118 of 123 people found the following review helpful
clever tricks and easy to follow exercises March 27 2008
By Henrik Lund Kramshøj - Published on Amazon.com
Format: Paperback
This is the second edition of a well known book about hacking and contains a lot about hacking. Jon Erickson has expanded the book from the first edition doubling the number of pages to 450 pages and a Linux based Live-CD is also included.

I don't own the first edition, since I had to choose between Hacking by Jon Erickson and The Shellcoders Handbook (first edition, it is also in 2nd ed. now). I choose the Shellcoders handbook, which I have considered my bible for buffer overflows and hacking.

Now that I have read Jon Ericksons book about hacking I have two bibles, both excellent and well written, both covering some of the same stuff - but in very different ways.

This book details the steps done to perform buffer overflows on Linux on the x86 architecture. So detailed that any computer science student can do it, and they should. Every computer science student or aspiring programmer should be forced to read this book along with another book called 19 deadly sins of software programming.

That alone would improve internet security and program reliability in the future. Why you may ask, because this book teaches hacking, and how you can get started hacking.

Not hacking as doing criminal computer break ins, but thinking like an old-school hacker - doing clever stuff, seeing the things others don't. This book contains the missing link back to the old days, where hackers were not necessarily bad guys. Unfortunately today the term hacker IS dead in the public eye, it HAS been maimed, mutilated and the war about changing it back to the old meaning is over. (Actually this war was fought in the 1990's but some youngsters new to hacking still think it can be won, don't waste your time.) The word hacking can still be used in both ways, just make sure the receiver knows what you are talking about :-)

This book teaches hacking in the old sense of the word and contains the explanation that most others books don't - and at the same time it introduces all the basic skills for performing various types of overflow attacks. Then the book also digress into some wireless security and even WEP cracking, but this part is pretty slim, not bad, just only a few pages. This is OK, since I think of this more as an example of extending the hacking into new areas and hopefully inspires more people to look into wireless security.

The best part about this book is that it is not just a book with a random Live-CD. It is an inspiration and your fingers will itch to get started trying the examples explained and experiment with the programs. This alone is the single feature that makes this book worth it, you will do the exercises and learn from them. Learn a lot.

To sum it up this books contains clever tricks and easy to follow exercises, so you can learn to apply them.

Target audience
This book is for anyone interested in hacking and developing exploits. While the primary target audience is newcomers to this field I benefitted from the thorough walkthrough of the basics once again. This book kept reminding me about things I have forgotten and also some new things and tricks I hadn't thought of myself.

If you are a beginning hacker and want to get started, but was confused
by various text files found on the internet, this is the book to buy.

If you want to learn how to do basic stuff and get started thinking like a hacker, this is the book to buy.

If you are a software programmer that has started to think about software security, this is the book to buy.

This book goes from beginning hacker to inspired intermediate hacker and explains everything in depth and is well planned and you will be able to extract an awful lot of information about the way programs really work after reading this book.

If you read this book from cover to cover you will be able to follow most other references about hacking, books, papers, zines etc. from the internet.

So this book is recommended for anyone interested in hacking and could be a nice start to having your own library about hacking. Reading this book first will also help you understand other books about hacking better and get more information from them by thinking in the right way.

Then later you could expand this library with books like, Steven Levy Hackers, Steven Levy Crypto, Shellcoders Handbook, Clifford Stoll Cuckoos Egg and other references.

I am not missing much from this book, but a short explanation how you could run this CD along with your usual operating system, using something like VMware Player would have been nice.

The home page for this book is: [...]
60 of 64 people found the following review helpful
Excellent book for the right kind of reader July 27 2011
By Richard Bejtlich - Published on Amazon.com
Format: Paperback
This is the last in a recent collection of reviews on "hacking" books. Jon Erickson's Hacking, 2nd Ed (H2E) is one of the most remarkable books in the group I just read. H2E is in some senses amazing because the author takes the reader on a journey through programming, exploitation, shellcode, and so forth, yet helps the reader climb each mountain. While the material is sufficiently technical to scare some readers away, those that remain will definitely learn more about the craft.

H2E accomplishes a very difficult task. The book strives to take readers with little to no real "hacking" knowledge to a level where they can at least understand, if not perform, fairly complicated digital security tasks. Other books aren't as successful, e.g., "Gray Hat Hacking," which features material on C, assembly, Python, etc. into one short chapter. In contrast, H2E, in my opinion, does a credible job leading the reader from pseudo-code to C and assembly. Now, I would not recommend this book as a reader's sole introduction to programming, let alone C or assembly. Please see my older reviews for recommendations on books devoted to those topics. Still, H2E credibly integrates programming into the hacker narrative in a compelling and educational manner.

The author also has a great eye for consistency and style. I welcomed reading his examples using gdb, where he presented code, explained it, stepped through execution, showed memory, transitioned from displaying source, then assembly, and so on. This was a compelling teaching method that technical authors should try to emulate.

Overall I really liked H2E, hence the 5 star review. My only main gripe was the author seems to believe that it's in society's benefit for black hats to test and exploit defenses. His claims on p4 and p 319 that hackers improve security reminds me of the broken window fallacy, meaning it's economically beneficial to break windows so a repairman has a job. In reality, the security world is more a redirection of resources away from more beneficial innovation, not a way to build "good security jobs." Furthermore, all of the supposed advances spurred by reacting to intruder activity do not result in increased security in the enterprise. At this point so much legacy software and equipment is deployed that intruders can always find a way to accomplish their mission, thanks often to the discoveries of so-called hackers. At the end of the day one has to accept the reality that intruders will always try to breach defenses, so it behooves defenders to understand attackers for the benefit of defense.
36 of 42 people found the following review helpful
Find out how deep the rabbit hole really goes Jan. 20 2009
By Lance C. Hibbeler - Published on Amazon.com
Format: Paperback Verified Purchase
The easiest way to sum up this book is simply "wow." Erickson discusses the fundamentals of exploits (hacks) on local machines and remote machines, and also hits on a bit of cryptology. The meat of book is sandwiched by something of an inner dialogue and history of hacking, which alone are worth the cost of the book. This book is not for the layman or the faint of heart- you have to know how to write code, and you have to at least know how to read Intel x86 assembly, if not write it. It also doesn't hurt to know how programs are actually executed- beyond just double-clicking an icon- I'm talking about stacks and heaps and everything else. The second chapter is possibly the most elegant summary of programming and the C language I have ever seen, ever, but nothing beats a few years "in the trenches."

So once you've refreshed your basics of programming, Erickson gets right into it, discussing buffer overflows. He builds up from the most simple concepts into more and more complicated tools- which seems to be exactly how we have arrived at modern exploits; the hackers and the anti-hackers have been co-evolving over the years. Next comes hacking remote machines, including how to cover your tracks- which I found to be some of the most devious ideas presented. If you take your time, and run some of the exploits yourself on the included CD, you will come away with an incredible knowledge of how many exploits work from their most fundamental level. If you're anything like me, you will enjoy the "hunt" of trying to counter the exploit before Erickson explains the solution. Also, if you're anything like me, you will walk away from the book shaking your head at the rut called ASCII that we've worked ourselves into.

<rant> I think this is another one of those books that needs to be on a mandatory reading list for all CS bachelors degree. It seems to me that most of the exploits wouldn't be a problem if programmers were a bit more diligent in their coding. strcpy() is your enemy, strncpy() is your friend. Always always ALWAYS be 100% suspicious of any input supplied from a user- check for illegal characters. Instead of if(functionThatReturnsTrue), try if(functionThatReturnsTrue == True). The list goes on and on. Computers do only what they are told, and if you leave a hole in your program that allows someone else to tell the computer what to do to save yourself the second or two it takes to hit a few more keys, well then you deserve to be hacked and summarily lose your job. Due diligence: do it- maybe then the real engineering disciplines won't be so mad when code monkeys call themselves engineers. </rant>

From what I can gather, the first edition was too terse. I think the second edition was a bit long-winded at times. And there's no discussion of hacking a Windows machine. However, this is still by far the best general hacking book out there.
67 of 85 people found the following review helpful
Hacking: Not for Script Kiddies... Jan. 11 2008
By W. B. MCCORKLE Jr. - Published on Amazon.com
Format: Paperback
Jon Erickson's _Hacking_ is undoubtedly an interesting book, and one that perhaps appeals only to a small subsection of the hacker culture, those who want to learn techniques for exploitation at the conceptual level, aided by plenty of dense examples of code to illustrate those concepts. Erickson's background is in computer science, and he is a corporate lecturer on the subjects of cryptology and network security. With these bona fides, you might expect Erickson to treat the topic professionally and scientifically--and you would be right. Erickson's book is full of interesting and highly useful bits of information on cryptology, ciphers, information theory, and so on, but readers should prepare themselves for a somewhat pedantic, textbook-like style of writing. Having made such preparations, the book does open up for the reader who is looking to learn or brush up on some programming fundamentals.

The majority of _Hacking_ is very technical and deals with programming techniques. The author warns us as much in his Preface, saying that general programming knowledge is necessary in order to make your way through the book. Additionally, those looking for examples of different code flavors will find that Erickson works exclusively with the Gentoo Linux distro, the idea being that the examples are illustrative of techniques and strategies, especially if you are used to a different programming language. Otherwise, you might consider this book a useful primer on Linux, offering practical examples of various exploits, encryption/decryption, and so on.

The bulk of the book is divided into three sections: "Programming" (writing shellcode, dissemblers, and generalized exploiting techniques), "Networking" (Network sniffing and hijacking, DOS attacks, and port scanning), and "Cryptology" (developing algorithms, password cracking techniques, and WEP attacks). Each of these sections is replete with many detailed examples of code (sometimes pages long) for your referencing pleasures. Personally, I'm more drawn to the socio-political content found in the entirely-too-short Introduction, Conclusion, and Reference sections, which despite their underdeveloped feel, offer readers Erickson's thoughtful perspective on hacking (discovering and exploring system vulnerabilities is a valuable practice when done for noble ends, or in his own words, "Information itself isn't a crime"), a brief look into the history and ethics of early hacker culture (a learn-but-do-no-harm ethic borne of the 1950s MIT model railroad crowd, the distinction between hackers and crackers, and his thoughts on the importance of pursuing creative problem-solving strategies within closed logical structures), and a number of links to potentially useful web tools (hexadecimal editors and fuzzy fingerprint generators, for instance). On the whole, I found myself wishing that these sections had been developed further, as they might help broaden the potential readership for this book.

As a bookshelf resource, I can see this book being an invaluable contribution to the library of the hacker whose interests in the subject are shaped by theoretical or academic ways of thinking. Otherwise, it's not exactly a page-turner, and I don't expect social engineers, tinkerers, and certainly not skript kiddies to be the audience for this book. Nevertheless, it is important in that it marks a serious contribution to the art, science, and philosophy undergirding hacker culture. For good or for ill, it marks an attempt to formalize or legitimize a body of knowledge that has historically relied upon and even relished its underground status.
9 of 9 people found the following review helpful
Excellent security book May 24 2008
By krishd - Published on Amazon.com
Format: Paperback
I found the book a pleasure to read. The book explains the fundamental concepts of hacking very well. The treatment of exploits like buffer overflow, format string vulnurabilty is very good. The chapters on networking, shellcode are also very good. All throughout the book every concept is explained by extensive source codes (with clear accompanying commentary). All in all this is a great book to start learning the concepts of hacking and security.