How to Program in
C,continued...
Why C Exploit Programs Might not Work
Now comes the big question. You download a bunch of exploit
programs and try to compile them and tget a bunch of error messages
from the compiler. Aha, you have just discovered why hacker gangs
are so popular. There are many groups of criminal hackers out
there who help each other out by figuring out how to compile
exploits. That is how Kevin Mitnick got as far as he did -- he
had his buddies compile programs for him.
However, I presume you are reading this not to become a criminal,
but because you are willing to do a little work, and learn enough
to not only break into computers -- but learn how to defend them,
too. For this you
must become good at C programming. Here's how to get good.
1) Buy the book The
C Programming Language by Brian W. Kernighan and Dennis M.
Ritchie (Prentice Hall, second edition, 1988). This is the Bible
of C
programming. Real hackers simply call it "K&R."
You can get eliteness points by responding to guys who talk reverently
about "K&R" by saying, "Oh, yes, Kernighan
and Ritchie. Brilliant book." The reason this book is so
good is that one of the authors, Dennis Ritchie, is the creator
of the C language. Valerie Henson adds, "K&R is almost
magical in the way it explains C. I have strong feelings about
this book. :)" You can buy it from anywhere in the world
at
http://www.amazon.com.
2) You will quickly discover that no one book on C will tell
you all the possible commands. If you want to learn as much as
possible about C, you need to study the source code of C programs
you admire. With each line, use the "man 2" command
while in your shell account to learn about it, for example, "man
2 write". (This presumes your sysadmin has installed the
man pages for C.) Then try writing some small programs to test
each command to make sure you understand what it does. For examples
of elegant C program source code complete with explanations,
get Internetworking with TCP/IP Volumes 1,2 and 3, by Douglas
Comer and David L. Stevens (Prentice Hall, 1995). Volumes 2 and
3 are almost all C source code.
3) You will absolutely hate this. Just as there are many kinds
of Unix and many different Unix shells, there is more than one
version of C out there. But help is on the way. There is a version
of C called ANSI C (for the ANSI standards board) which is coming
to be widely accepted. All we have to do now is persuade the
people who write programs to break into computers to adopt the
ANSI C standard!
4) You might need to find some new friends who will help you
figure out what to do to successfully compile and run some obstreperous
C program. Try enrolling in a course on C at a GOOD college or
university. However, talk to the other students or the professors
before you spend money signing up for a course. I swear this
is true, one college teaches C using C for Dummies as a textbook.
While that book may be helpful for home study -- surely a college
professor can show his or her students enough respect to teach
from K&R! However, if you can get a good college course,
don't expect to learn how to compile exploits from it! What you
can do is hang out with students and teaching assistants and
professors and meet people who can give you help on how to modify
programs so they will compile on your computer.
If you can't find a good college nearby, another possibility
is to join a Linux Users Group (LUG). To find one in your neighborhood,
see (http://sunsite.unc.edu/LDP/).
Cramer suggests, "try to post question to newsgroups
and mailing lists (that discuss C programming). But ... Posting
a question like "My hello.c prints 'Hello, good bye' instead
of 'hello hackers -- what should I do?' to a mailing list --
say -- the Linux kernel developers list, will give you -- hrmmm
-- some interesting results..."
Or get a job doing tech support at a local Internet Service
Provider. Usually there will be some talented C programmers working
there.
Whatever you do, don't join a gang of computer criminals!
They usually know much less about C programming than do computer
science students, Linux User Group members, and employees of
ISPs.
5) Read Meino Christian Cramer's Guide
to C programming at the Wargames page on http://www.happyhacker.org.
Try emailing questions to him at the address on that Web page.
He gives a great overview of the most important concepts in C
programming, with some example programs for you to write.
More on C -- a computer break-in
program explained --->>
