• Table of Contents • Index Exploiting Software How to Break Code ByG reg Hoglund, Gary McGraw Publisher: Addison Wesley Pub Date: February 17, 2004 ISBN: 0-201-78695-8 Pages: 512 How does software break? How do attackers make software break on purpose? Why are firewalls, intrusion detection systems, and antivirus software not keeping out the bad guys? What tools can be used to break software? This book provides the answers. Exploiting Software is loaded with examples of real attacks, attack patterns, tools, and techniques used by bad guys to break software. If you want to protect your software from attack, you must first learn how real attacks are really carried out. This must-have book may shock you—and it will certainly educate you.Getting beyond the script kiddie treatment found in many hacking books, you will learn about Why software exploit will continue to be a serious problem When network security mechanisms do not work Attack patterns Reverse engineering Classic attacks against server software Surprising attacks against client software Techniques for crafting malicious input The technical details of buffer overflows Rootkits Exploiting Software is filled with the tools, concepts, and knowledge necessary to break software. •• TTaabbllee ooff CCoonntteennttss •• IInnddeexx EExxppllooiittiinngg SSooffttwwaarree HHooww ttoo BBrreeaakk CCooddee BByyGG rreegg HHoogglluunndd,, GGaarryy MMccGGrraaww PPuubblliisshheerr:: AAddddiissoonn WWeesslleeyy PPuubb DDaattee:: FFeebbrruuaarryy 1177,, 22000044 IISSBBNN:: 00--220011--7788669955--88 PPaaggeess:: 551122 Copyright How does software break? How do attackers make software break on purpose? Why are Praise for Exploiting Software firewalls, intrusion detection systems, and antivirus software not keeping out the bad guys? Attack Patterns What tools can be used to break software? This book provides the answers. Foreword E xploPirteifnacge Software is loaded with examples of real attacks, attack patterns, tools, and t e ch niquWehsa t uTsheisd B oboyk Ibsa Adb oguutys to break software. If you want to protect your software from a tta ck, Hyoowu tom Uusse tT hfiirs sBto loekarn how real attacks are really carried out. But Isn't This Too Dangerous? This must-have book may shock you—and it will certainly educate you.Getting beyond the Acknowledgments script kiddie treatment found in many hacking books, you will learn about Greg's Acknowledgments Gary's Acknowledgments W Chhayp tesro 1ft. w Saorftew aerxe—plTohiet Rwooiltl ocf othnet iPnroubele mto be a serious problem A Brief History of Software When network security mechanisms do not work Bad Software Is Ubiquitous AtTtahec kT rpinaitytt oefr Tnrsouble The Future of Software ReWvhearts Ies Seonftgwianree eSreicnugrity? Conclusion Classic attacks against server software Chapter 2. Attack Patterns SuAr pTarxisoinnogm yattacks against client software An Open-Systems View TeTcohunr ioqf uane sE xfpolori tcrafting malicious input Attack Patterns: Blueprints for Disaster The technical details of buffer overflows An Example Exploit: Microsoft's Broken C++ Compiler RoAoptpklyiitnsg Attack Patterns Attack Pattern Boxes E xp loitCinongc luSsoiofntware is filled with the tools, concepts, and knowledge necessary to break s o ftwa Crhea.pter 3. Reverse Engineering and Program Understanding Into the House of Logic Should Reverse Engineering Be Illegal? Reverse Engineering Tools and Concepts Approaches to Reverse Engineering Methods of the Reverser Writing Interactive Disassembler (IDA) Plugins Decompiling and Disassembling Software Decompilation in Practice: Reversing helpctr.exe Automatic, Bulk Auditing for Vulnerabilities Writing Your Own Cracking Tools Building a Basic Code Coverage Tool Conclusion Chapter 4. Exploiting Server Software The Trusted Input Problem • Table of Contents The Privilege Escalation Problem • Index Finding Injection Points Exploiting Software How to Break Code Input Path Tracing ByG reg Hoglund, Gary McGraw Exploiting Trust through Configuration Specific Techniques and Attacks for Server Software Publisher: Addison Wesley Conclusion Pub Date: February 17, 2004 Chapter 5. Exploiting Client Software ISBN: 0-201-78695-8 Client-side Programs as Attack Targets Pages: 512 In-band Signals Cross-site Scripting (XSS) Client Scripts and Malicious Code Content-Based Attacks H ow doBeasc kswoafsthw Aatrtaec kbsr: eLaevke?ra Hgiongw C ldieon ta-stidtae cBkuefferrs Omvearfkloew ssoftware break on purpose? Why are f i re wallsC,o nincltursuiosnion detection systems, and antivirus software not keeping out the bad guys? W hat tCohoaplste rc a6.n Cbraef tuinsge (dM atloic ioburse) aInkp ustoftware? This book provides the answers. The Defender's Dilemma E xp loitIinntrgu sSioon fDtewteactrioen i (sN loot)aded with examples of real attacks, attack patterns, tools, and techniques used by bad guys to break software. If you want to protect your software from Partition Analysis attack, you must first learn how real attacks are really carried out. Tracing Code T his muRsetv-ehrsainvge P baroseork C modeay shock you—and it will certainly educate you.Getting beyond the s c ri pt kiEdxdamiep lter:e Raetvmerseinngt If-oPluannedt Siner vmera 6n.0y thhraocukghin tghe bForoonkt sD,o oyrou will learn about Misclassification Building "Equivalent" Requests Why software exploit will continue to be a serious problem Audit Poisoning WhCoennc lunseiotnwork security mechanisms do not work Chapter 7. Buffer Overflow AtBtaucffker pOavetrtfelorwn s101 Injection Vectors: Input Rides Again Reverse engineering Buffer Overflows and Embedded Systems ClaDsatsaibca saet tBaucffkesr Oavgeraflionwsst server software Buffer Overflows and Java?! SuCropnrtiesnitn-Bga saetdt aBucfkfesr aOgvearfilnoswt client software Audit Truncation and Filters with Buffer Overflow Techniques for crafting malicious input Causing Overflow with Environment Variables ThTeh et eMcuhltnipilce aOlp dereattiaoinl sP roobf lebmuffer overflows Finding Potential Buffer Overflows RoSotatkcki tOsverflow Arithmetic Errors in Memory Management Exploiting Software is filled with the tools, concepts, and knowledge necessary to break Format String Vulnerabilities software. Heap Overflows Buffer Overflows and C++ Payloads Payloads on RISC Architectures Multiplatform Payloads Prolog/Epilog Code to Protect Functions Conclusion Chapter 8. Rootkits Subversive Programs A Simple Windows XP Kernel Rootkit Call Hooking Trojan Executable Redirection Hiding Files and Directories Patching Binary Code The Hardware Virus • Table of Contents Low-Level Disk Access • Index Adding Network Support to a Driver Exploiting Software How to Break Code Interrupts ByG reg Hoglund, Gary McGraw Key Logging Advanced Rootkit Topics Publisher: Addison Wesley Conclusion Pub Date: February 17, 2004 References ISBN: 0-201-78695-8 Index Pages: 512 How does software break? How do attackers make software break on purpose? Why are firewalls, intrusion detection systems, and antivirus software not keeping out the bad guys? What tools can be used to break software? This book provides the answers. Exploiting Software is loaded with examples of real attacks, attack patterns, tools, and techniques used by bad guys to break software. If you want to protect your software from attack, you must first learn how real attacks are really carried out. This must-have book may shock you—and it will certainly educate you.Getting beyond the script kiddie treatment found in many hacking books, you will learn about Why software exploit will continue to be a serious problem When network security mechanisms do not work Attack patterns Reverse engineering Classic attacks against server software Surprising attacks against client software Techniques for crafting malicious input The technical details of buffer overflows Rootkits Exploiting Software is filled with the tools, concepts, and knowledge necessary to break software. Copyright Many of the designations used by manufacturers and sellers to distinguish their products are claimed as trademarks. Where those designations appear in this book, and Addison-Wesley was aware of a trademark claim, the designations have been printed in initial capital letters • Table of Contents or in all capitals. • Index Exploiting Software How to Break Code The authors and publisher have taken care in the preparation of this book, but make no BeyxG prreegs Hsoegdl uonrd ,i Gmapryli eMdcG wraawrranty of any kind and assume no responsibility for errors or omissions. No liability is assumed for incidental or consequential damages in connection with or aPruibsliinshge ro: uAdt doisfo nt hWee sulesye of the information or programs contained herein. Pub Date: February 17, 2004 The publisher offers discounts on this book when ordered in quantity for bulk purchases and ISBN: 0-201-78695-8 special sales. For more information, please contact: Pages: 512 U.S. Corporate and Government Sales (800) 382-3419 [email protected] HFoorw s adloeess o suotfstiwdea roef btrheea Uk?.S H.,o wpl edaos ea tctoancktaecrts: make software break on purpose? Why are firewalls, intrusion detection systems, and antivirus software not keeping out the bad guys? WInhteartn taotoiolsn acla nS ablees used to break software? This book provides the answers. (317) 581-3793 Einxteprlonaittiinonga Sl@ofptewaarsroen iste lcohagdreodu pw.ictohm examples of real attacks, attack patterns, tools, and techniques used by bad guys to break software. If you want to protect your software from aVtistaitc Ak,d dyoisuo nm-uWset sfliersyt olena trhne h Woweb r:e awlw awtt.aacwkps raorfee srseiaolnlya lc.caorrmied out. TLihbirsa mryu osft -Choanvger ebsoso kC amtaalyo gsihnogc-kin y-Pouub—liacnadti oitn wDiallt acertainly educate you.Getting beyond the script kiddie treatment found in many hacking books, you will learn about Hoglund, Greg. Exploiting software : how to break code / Greg Hoglund, Gary McGraw. Wp.h cym s.o ftware exploit will continue to be a serious problem ISBN 0-201-78695-8 (pbk. : alk. paper) 1. WCohmenp unteetrw soercku srietcyu. r2it.y C momecphuatneirs msosf tdwoa rneo—t Tweosrtking. 3. Computer hackers. I. McGraw, Gary, 1966– II. Title. Attack patterns QA76.9.A25H635 2004 005.8R—edvce2rs2e e n g i n e e r i n g 2003025556 CopyrCiglahsts ©ic a2t0t0ac4k bs ya gPeaainrssto nse Ervdeurc astoifotnw,a Irnec. All rigShutsrp rreissienrgv eadtt. aNcok sp aagrta ionfs tth cisli epnutb sliocfattwioanre may be reproduced, stored in a retrieval system, or transmitted, in any form or by any means, electronic, mechanical, photocopying, Techniques for crafting malicious input recording, or otherwise, without the prior consent of the publisher. Printed in the United States of America. Published simultaneously in Canada. The technical details of buffer overflows Dr. McGraw's work is partially supported by DARPA contract no. F30602-99-C-0172 (An Rootkits Investigation of Extensible System Security for Highly Resource-Constrained Wireless Devices ) and AFRL Wright-Patterson grant no. F33615-02-C-1295 (Protection Against Reverse Exploiting Software is filled with the tools, concepts, and knowledge necessary to break Engineering: State of the Art in Disassembly and Decompilation). The views and conclusions software. contained in this book are those of the authors and should not be interpreted as representing the official policies, either expressed or implied, of DARPA, the US Air Force, or the US government. For information on obtaining permission for use of material from this work, please submit a written request to: Pearson Education, Inc. Rights and Contracts Department 75 Arlington Street, Suite 300 Boston, MA 02116 Fax: (617) 848-7047 Text printed on recycled paper 1 2 3 4 5 6 7 8 9 10—CRS—0807060504 •F irst printingT,a bFleeb orfu Caornyt e2n0ts04 • Index Exploiting Software How to Break Code BDyG eredg Hiocglauntdi, Goarny McGraw Publisher: Addison Wesley In memory of Nancy Simone McGraw (1939–2003). Pub Date: February 17, 2004 Bye, MIoSmBN.: 0-201-78695-8 Pages: 512 How does software break? How do attackers make software break on purpose? Why are firewalls, intrusion detection systems, and antivirus software not keeping out the bad guys? What tools can be used to break software? This book provides the answers. Exploiting Software is loaded with examples of real attacks, attack patterns, tools, and techniques used by bad guys to break software. If you want to protect your software from attack, you must first learn how real attacks are really carried out. This must-have book may shock you—and it will certainly educate you.Getting beyond the script kiddie treatment found in many hacking books, you will learn about Why software exploit will continue to be a serious problem When network security mechanisms do not work Attack patterns Reverse engineering Classic attacks against server software Surprising attacks against client software Techniques for crafting malicious input The technical details of buffer overflows Rootkits Exploiting Software is filled with the tools, concepts, and knowledge necessary to break software. Praise for Exploiting Software "Exploiting Software highlights the most critical part of the software quality problem. As it turns out, software quality problems are a major contributing factor to computer security problems. Increasingly, companies large and small depend on software to run • Table of Contents their businesses every day. The current approach to software quality and security taken • Index by software companies, system integrators, and internal development organizations is Exploiting Software How to Break Code like driving a car on a rainy day with worn-out tires and no air bags. In both cases, the ByG rego Hdodgsl uanrde, Gtahrayt M scoGmraewthing bad is going to happen, and there is no protection for the occupant/owner. Publisher: Addison Wesley This book will help the reader understand how to make software quality part of the Pub Date: February 17, 2004 design—a key change from where we are today!" ISBN: 0-201-78695-8 Pages: 512 —Tony Scott Chief Technology Officer, IS&S General Motors Corporation "It's about time someone wrote a book to teach the good guys what the bad guys already know. As the computer security industry matures, books like Exploiting Software have a critical role to play." How does software break? How do attackers make software break on purpose? Why are firewa—llsB,r uincter uSscihonne dieert eCchtiieofn Tseycshtenmolso,g ay nOdf faicnetriv Cirouusn steorftpwaanree A nuotth koer eopfi nBge yoount dt hFee abra da ngduys? What Stoeocrlse tcsa ann bde L uiessed to break software? This book provides the answers. Explo"iEtxinpglo iStionfgt wSoafrtew iasr leo acduetsd two itthhe e hxeaamrpt loefs tohfe r ceoaml aptutatecrk ss,e acuttraitcyk ppraotbtelermns,, sthooowlsi,n agn wdhy technbiqruoekse nu sseodft wbya rbea pdr egsueynst tso a b crleeaakr saonfdtw parrees.e nIft ydoaun gwearn. tG teot tpinrogt epcats yt othuer s'wofotrwma roef ftrhoem day' attackp,h yeonuo mmeunsot nfi rrsetq lueiarerns thhoawt sroeaml eaotntaec kosth aerre t hreaanl ltyh cea brraide dg ouuyst. understands how software is attacked. This must-have book may shock you—and it will certainly educate you.Getting beyond the scriptT khiidsd bieo otrke iast ma ewnatk feo-uunpd c ianl lm foarn cyo hmapcuktinegr sbeocoukrsit,y y."ou will learn about —Elinor Mills Abreu Reuters' correspondent Why software exploit will continue to be a serious problem "Police investigators study how criminals think and act. Military strategists learn about Wthhe eenn nemetyw'so rtka csteiccsu,r iatys wmeelcl haasn tihsmeirs wdoe anpootn ws oarnkd personnel capabilities. Similarly, information security professionals need to study their criminals and enemies, so we can Atetltla tchke pdaitffteerrennsce between popguns and weapons of mass destruction. This book is a significant advance in helping the 'white hats' understand how the 'black hats' operate. Reverse engineering Through extensive examples and 'attack patterns,' this book helps the reader Cunladsesrics taatntda chkosw a gaattiancskt esresr vaenra slyozfetw saorfetware and use the results of the analysis to attack systems. Hoglund and McGraw explain not only how hackers attack servers, but also Surprising attacks against client software how malicious server operators can attack clients (and how each can protect themselves from the other). An excellent book for practicing security engineers, and an ideal book Techniques for crafting malicious input for an undergraduate class in software security." The technical details of buffer overflows —Jeremy Epstein Director, Product Security & Performance webMethods, Inc. Rootkits "A provocative and revealing book from two leading security experts and world class software exploiters, Exploiting Software enters the mind of the cleverest and wickedest Exploiting Software is filled with the tools, concepts, and knowledge necessary to break crackers and shows you how they think. It illustrates general principles for breaking software. software, and provides you a whirlwind tour of techniques for finding and exploiting software vulnerabilities, along with detailed examples from real software exploits. Exploiting Software is essential reading for anyone responsible for placing software in a hostile environment—that is, everyone who writes or installs programs that run on the Internet." —Dave Evans, Ph.D. Associate Professor of Computer Science University of Virginia "The root cause for most of today's Internet hacker exploits and malicious software outbreaks are buggy software and faulty security software deployment. In Exploiting Software, Greg Hoglund and Gary McGraw help us in an interesting and provocative way to better defend ourselves against malicious hacker attacks on those software loopholes. The information in this book is an essential reference that needs to be understood, digested, and aggressively addressed by IT and information security professionals • Table of Contents everywhere." • Index Exploit—inKg eSno fCtwuatrlee rH, oCwI StoS BPr,e CakI SCAod Veice President, Curriculum Development & Professional ByG regS Heorvgliucneds,, G MarIyS M TcrGarainwing Institute "This book describes the threats to software in concrete, understandable, and Publisher: Addison Wesley frightening detail. It also discusses how to find these problems before the bad folks do. Pub Date: February 17, 2004 A valuable addition to every programmer's and security person's library!" ISBN: 0-201-78695-8 —PaMgeast:t 5 B12ishop, Ph.D. Professor of Computer Science University of California at Davis Author of Computer Security: Art and Science "Whether we slept through software engineering classes or paid attention, those of us who build things remain responsible for achieving meaningful and measurable vulnerability reductions. If you can't afford to stop all software manufacturing to teach How does software break? How do attackers make software break on purpose? Why are your engineers how to build secure software from the ground up, you should at least firewalls, intrusion detection systems, and antivirus software not keeping out the bad guys? increase awareness in your organization by demanding that they read Exploiting What tools can be used to break software? This book provides the answers. Software. This book clearly demonstrates what happens to broken software in the wild." Exploiting Software is loaded with examples of real attacks, attack patterns, tools, and —Ron Moritz, CISSP Senior Vice President, Chief Security Strategist Computer techniques used by bad guys to break software. If you want to protect your software from Associates attack, you must first learn how real attacks are really carried out. "Exploiting Software is the most up-to-date technical treatment of software security I This must-have book may shock you—and it will certainly educate you.Getting beyond the have seen. If you worry about software and application vulnerability, Exploiting script kiddie treatment found in many hacking books, you will learn about Software is a must-read. This book gets at all the timely and important issues surrounding software security in a technical, but still highly readable and engaging, Wwahyy. software exploit will continue to be a serious problem WHohgelnu nnde tawnodr kM csGecruarwit yh amveec dhoanneis amns edxoc enloletn wt ojorkb of picking out the major ideas in software exploit and nicely organizing them to make sense of the software security Ajutntagclek. "patterns R—eGveeorsrge ee Cngyibneenekroin, gPh.D. Dorothy and Walter Gramm Professor of Engineering, Dartmouth Founding Editor-in-Chief, IEEE Security and Privacy Classic attacks against server software "This is a seductive book. It starts with a simple story, telling about hacks and cracks. It Sdruarwprsi syinogu aint twacitkhs aangeacindsott ecsli,e bnut ts obfutiwldasr efrom there. In a few chapters you find yourself deep in the intimate details of software security. It is the rare technical book that is a Treeacdhanbiqleu easn dfo er ncjroayftaibngle mprailmiceioru bsu itn hpaust the substance to remain on your shelf as a reference. Wonderful stuff." The technical details of buffer overflows —Craig Miller, Ph.D. Chief Technology Officer for North America Dimension Data Rootkits "It's hard to protect yourself if you don't know what you're up against. This book has the Exploiting Software is filled with the tools, concepts, and knowledge necessary to break details you need to know about how attackers find software holes and exploit software. them—details that will help you secure your own systems." —Ed Felten, Ph.D. Professor of Computer Science Princeton University Attack Patterns Attack Pattern: Make the Client Invisible 150 Attack Pattern: Target Programs That Write to Privileged OS Resources 152 • Table of Contents • Index Attack Pattern: Use a User-Supplied Configuration File to Run Commands That Elevate Exploiting Software How to Break Code Privilege 153 ByG reg Hoglund, Gary McGraw Attack Pattern: Make Use of Configuration File Search Paths 156 Publisher: Addison Wesley Attack Pattern: Direct Access to Executable Files 162 Pub Date: February 17, 2004 AItStaBNc:k 0 P-2a0t1t-e7r8n6:9 5E-8mbedding Scripts within Scripts 164 Pages: 512 Attack Pattern: Leverage Executable Code in Nonexecutable Files 165 Attack Pattern: Argument Injection 169 Attack Pattern: Command Delimiters 172 How does software break? How do attackers make software break on purpose? Why are firewaAlltsta, cinkt Pruasttioenrn d: eMteuclttiipolne sPyasrtseemrss ,a nandd D aonutbivleir Eussc saopfetws 1a7re3 not keeping out the bad guys? What tools can be used to break software? This book provides the answers. Attack Pattern: User-Supplied Variable Passed to File System Calls 185 Exploiting Software is loaded with examples of real attacks, attack patterns, tools, and technAiqtutaecsk u Psaetdte bryn :b Paods gtfuixy sN tUoL bL rTeearkm sionfattwoarr 1e8.6 If you want to protect your software from attack, you must first learn how real attacks are really carried out. Attack Pattern: Postfix, Null Terminate, and Backslash 186 This must-have book may shock you—and it will certainly educate you.Getting beyond the scriptA ktitdadckie P tarettaetrmn:e nRte flaotuinved Pina tmh aTnrya vhearcskailn 1g8 7books, you will learn about Attack Pattern: Client-Controlled Environment Variables 189 Why software exploit will continue to be a serious problem Attack Pattern: User-Supplied Global Variables (DEBUG=1, PHP Globals, and So Forth) W19h0en network security mechanisms do not work AAttttaacckk Ppaatttteerrnn:s Session ID, Resource ID, and Blind Trust 192 RAtetvaecrks eP aetntegrinne: eArninaglog In-Band Switching Signals (aka "Blue Boxing") 205 CAtlatascskic Paattttaecrkns Fargaagimnsetn ste: rMvearn ispoufltawtainrge Terminal Devices 210 SAtutrapcrkis Pinagtt eartnta:c Sksim apglae inSsctr icplti eInntj escotfitowna 2r1e4 TAettcahcnki qPuaettse fronr: cErmafbtiendgd minagl iSccioruipst iinnp Nuotnscript Elements 215 TAhttea ctkec Phantitcearln d: eXtaSiSls ino fH bTuTfPfe rH eoavderefrlsow 21s6 RAtotoatckki tPsattern: HTTP Query Strings 216 ExploAitttiancgk SPoaftttewran:r eU isse fril-lCedo nwtritohll etdh eF itloeonlasm, ceo 2n1c7epts, and knowledge necessary to break software. Attack Pattern: Passing Local Filenames to Functions That Expect a URL 225 Attack Pattern: Meta-characters in E-mail Header 226 Attack Pattern: File System Function Injection, Content Based 229 Attack Pattern: Client-side Injection, Buffer Overflow 231 Attack Pattern: Cause Web Server Misclassification 263 Attack Pattern: Alternate Encoding the Leading Ghost Characters 267 Attack Pattern: Using Slashes in Alternate Encoding 268 Attack Pattern: Using Escaped Slashes in Alternate Encoding 270 Attack P attern: Unicode Encoding 271 • Table of Contents Attack Pattern: UTF-8 Encoding 273 • Index Exploiting Software How to Break Code Attack Pattern: URL Encoding 273 ByG reg Hoglund, Gary McGraw Attack Pattern: Alternative IP Addresses 274 Publisher: Addison Wesley Attack Pattern: Slashes and URL Encoding Combined 274 Pub Date: February 17, 2004 ISBN: 0-201-78695-8 Attack Pattern: Web Logs 275 Pages: 512 Attack Pattern: Overflow Binary Resource File 293 Attack Pattern: Overflow Variables and Tags 294 Attack Pattern: Overflow Symbolic Links 294 How does software break? How do attackers make software break on purpose? Why are firewalls, intrusion detection systems, and antivirus software not keeping out the bad guys? Attack Pattern: MIME Conversion 295 What tools can be used to break software? This book provides the answers. Attack Pattern: HTTP Cookies 295 Exploiting Software is loaded with examples of real attacks, attack patterns, tools, and techniques used by bad guys to break software. If you want to protect your software from Attack Pattern: Filter Failure through Buffer Overflow 296 attack, you must first learn how real attacks are really carried out. Attack Pattern: Buffer Overflow with Environment Variables 297 This must-have book may shock you—and it will certainly educate you.Getting beyond the scriptA ktitdadckie P tarettaetrmn:e nBtu ffofeurn Od viner mfloawn yin h aanc kAinPgI Cbaololk 2s9,7 you will learn about Attack Pattern: Buffer Overflow in Local Command-Line Utilities 297 Why software exploit will continue to be a serious problem Attack Pattern: Parameter Expansion 298 When network security mechanisms do not work Attack Pattern: String Format Overflow in syslog() 324 Attack patterns Reverse engineering Classic attacks against server software Surprising attacks against client software Techniques for crafting malicious input The technical details of buffer overflows Rootkits Exploiting Software is filled with the tools, concepts, and knowledge necessary to break software.