Impressions: The Shellcoder's Handbook, 2nd Ed

The third book for which I'd like to share my impressions is The Shellcoder's Handbook, 2nd Ed (TSH2E) by Chris Ainley, John Heasman, FX, and Gerardo Richarte. I liked TSH2E, but I could tell that the collaboration among four authors caused some issues that could have been addressed by better editing. For example, early parts of the book use both Intel and AT&T assembly syntax, but the reader doesn't get an explanation of either until chapter 7.

For me, the best aspect of TSH2E was the integration of real-world obstacles to exploiting victims. The book (although published in 2008) expertly addressed various defenses introduced in operating systems over the past decade. The authors usually start with simple concepts, promising to address tougher challenges later -- and they deliver.

One item early in the text caught my attention though. The book includes the following code to demonstrate spawning a shell:

int main(){
char *name[2];

name[0] = "/bin/sh";
name[1] = 0x0;
execve(name[0], name, 0x0);
exit(0);
}

Then they show the following:

[jack@0day local]$ gcc shell.c -o shell
[jack@0day local]$ ./shell
sh-2.05b#

This looks like a section left over from the first edition by Jack Koziol. Why does the prompt change to a root shell? Should it not be a user shell, since user "jack" appears to have been running with user privileges? Maybe not?

Regardless, TSH2E is a very strong book with practical lessons and examples for anyone writing offensive code.

Comments

Anonymous said…
probably because his shell is tcsh and does have anything specified in .shrc?
Anonymous said…
I suppose the # appears after the execution onf ./shell, which gives a normal user UID=0, so I think it's a privilege scalation example.
Cheers!
Thanks for your comment!
Anonymous said…
this is not a root shell its simply a shell which has been executed directly (not through login) and so not read in the /etc/profile. as a result the PS1 variable is not set and the user shell prompt is not displayed.

Popular posts from this blog

Zeek in Action Videos

New Book! The Best of TaoSecurity Blog, Volume 4

MITRE ATT&CK Tactics Are Not Tactics