skerkour / black-hat-rust Goto Github PK

hi! i like to read physical copies of programming books so that i can mark them up and keep them on my shelf. will https://academy.kerkour.com/black-hat-rust?coupon=BLOG be available in print form once it's completed? i didn't see an obvious answer on the marketing website or on this github repo, please let me know if i missed something. thanks very much, best of luck with the book, looks really cool!

Hello, please consider adding an open-source license to this repository. A comparison of common licenses can be found at https://choosealicense.com/. A potential candidate might be the MIT license, or if you want pretty much no restrictions on it, the Unlicense would work well. If you would prefer something with a few more rules, the GNU GPLv3 could be good too.

rust is my first programming language I am still trying to figure out my way in programing I did read few books and each one tackled subject I had no prior experience in and I did not get the most of the books but I tried to get as much as I can from them I was wandering if the "rust black hat" is required to have prior knowledge in some topics and if there are some what are thy

PS: forgive me for my bad English its not my first language

Chapter 5 is about web crawling, right? Well one library I've found to be really helpful for that is thirtyfour, a Selenium/WebDriver library for rust. WebDriver is a great technique to use for scraping websites that are SPAs or other apps that load content with JavaScript. Just thought I'd share.

Section 4.4 :

In the context of cyberwar, It is important to remember

It -> it

Section 4.9.1 :

How should our program behaves when encountering an error?

behaves -> behave

For our simple program, we will simply Box errors

Seems like smth is missing, maybe we will simply utilize Box errors

Section 4.10.x :

but it prevent you from getting things done

prevent -> prevents

it may means that your are doing something wrong.

means -> mean

I ever needed to track bugs my programs.

Maybe in my programs

you have to handle every errors

errors -> error

Section 4.11.x :

For that, the community has built a few tools which will save you a lot of time et let you keep your projects up to date

et -> to

clippy is a linter this will detect

Seems like this sentence is not completed.

FWIW, an unclosed comment in chapter 3 produces this message

But waht is the format of a phone number?

waht -> what

What are the verifications to preceed to when creating a job for an agent? This is the role of the service layer.

preceed -> proceed

The service layer is wher ethe business logic lives. All our application’s rules and invariants lives in the service layer.

wher ethe -> where the

In our case, the entities will Agent , Job (a job is a command created by the client, stored and dispatched by the server, and exectued by the agent),

exectued -> executed

The repository layer is a thin abtraction over the database. It encapsulates all the database calls.

abtraction -> abstraction

In v2021.41, section 5.11.5.2 on page 39 states that:

rustfmtp is a code formatter that allows codebases to have a consistent coding style and
avoid nitpicking during code reviews.

I believe this should be rustfmt, not rustfmtp.

In the version v2021.41, the alignment of ToC headings with their section numbers is missing spaces in the chapters from 10 onward.

I was not familiar with yew and wasm, so I'm learning from your post, thank you for your great post.
But, the problem is, it seems like there are huge changes between yew-0.18 and yew-0.19, it's almost impossible to follow your instructions. So, I don't know if you have to plan to use the new yew and update the post or something like that...
Or maybe, I will follow the docs to get familiar with yew (the slow way).
Anyway, a big thanks.

Hello,
On page 7 under the subheading "Attacks without a clear goal"

The phrase "conflate their ego" should be reworded to "inflate their ego".

Regards,
Aeonik

Hi!

Thanks for creating this book. I have just started reading the pdf version and i noticed the letter 'e' is undistinguishable from 'c' letter which makes it a bit hard to read. Would it be possible to change that?

I am facing no difficulties with reading any other text on internet so this must be something with the formatting of this book.

Thanks!

haw can i get the actual code

Basically that. I'm looking into maybe suggest this book for a few students. Before doing so, I'd like to read a little of it if possible.
Unfortunately, our budget is very limited right now, but I believe this could be a great asset for my class.

Thanks!

info: The currently active `rustc` version is `rustc 1.63.0-nightly (cd282d7f7 2022-05-18)`

[dependencies]
anyhow = "1.0.57"
rayon = "1.5.3"
serde = "1.0.137"
thiserror = "1.0.31"

My model.rs file is the same as https://github.com/skerkour/black-hat-rust/blob/main/ch_02/tricoder/src/model.rs
yet the compiler complains

error: cannot find derive macro `Deserialize` in this scope
  --> src/model.rs:15:17
   |
15 | #[derive(Debug, Deserialize, Clone)]
   |                 ^^^^^^^^^^^
   |
note: `Deserialize` is imported here, but it is only a trait, without a derive macro
  --> src/model.rs:1:5
   |
1  | use serde::Deserialize;
   |     ^^^^^^^^^^^^^^^^^^

Your repo shows this import as a feature inclusion;

serde = { version = "1", features = ["derive"] }

but this is never mentioned in the book afaict.

Will an audio version of the book become available?

While the pdf and mobi formats show the code blocks in fixed-width font, it seems that the epub version does not (at least in calibre 3.21).

hello, can i buy this book with bitcoin ?
if yes how can i contact you ?

I cloned the repo per today's date and got a compilation error whjen running make dump_shell

But I get a compilation error

➜  ch_08 git:(main) make dump_shell
cd shell && cargo +nightly build --release
   Compiling shell v0.1.0 (/home/user/black-hat-rust/ch_08/shell)
error: cannot find macro `asm` in this scope
  --> src/main.rs:17:5
   |
17 |     asm!(
   |     ^^^
   |
   = note: consider importing this macro:
           core::arch::asm

warning: the feature `asm` has been stable since 1.59.0 and no longer requires an attribute to enable
 --> src/main.rs:3:12
  |
3 | #![feature(asm)]
  |            ^^^
  |
  = note: `#[warn(stable_features)]` on by default

warning: `shell` (bin "shell") generated 1 warning
error: could not compile `shell` due to previous error; 1 warning emitted
make: *** [Makefile:35: shell] Error 101

Removing the attribute #[feature(asm)] and replacing it with use core::arch::asm; appears to resolve this :)

Try to scan ports of twitch.tv(or ya.ru/google.com)

Error:

cargo run --release -- twitch.tv
    Finished release [optimized] target(s) in 0.20s
     Running `target/release/tricoder twitch.tv`
thread 'main' panicked at 'port scanner: Creating socket address: Os { code: 16, kind: ResourceBusy, message: "Device or resource busy" }', src/ports.rs:49:10

Maybe this is related to rust-lang/rust#47955
because I have same error(EMFILE). Increase open file limit is not help me.

Any thoughts?

I have the exact function in https://github.com/skerkour/black-hat-rust/blob/main/ch_02/tricoder/src/subdomains.rs#L45
After cloning the repo, it will build with cargo build. But when I followed along in your book, I get

error[E0639]: cannot create non-exhaustive struct using struct expression
  --> src/subdomains.rs:56:9
   |
56 | /         ResolverOpts {
57 | |             timeout: Duration::from_secs(4),
58 | |             ..Default::default()
59 | |         },
   | |_________^

Why does it work in your example but not for me? Have I missed some information from the book, require a specific crate version, or was there something omitted from the book I need to know?

Will TOC bookmarks be added to the final ebook? Would be cool if there is, its kinda cumbersome to manually scroll to the page I want.

Disclaimer: I'm new to Rust, but making my way through both your book and Rust Programming 2nd edition.

While looking at this line in SHA1 cracker, I was curious why to_string was required. Specifically, I wanted to know if the rest of the code could use a &str instead, so a heap allocation could be avoided.

After removing the to_string, I discovered that the code would not compile due to the error "temporary value dropped while borrowed". After reasoning about this error, it made sense. Although Result contains the owned string, when it is extracted with ?, the value is not assigned anywhere, so the &str reference returned from trim points to a value that is dropped.

So, I changed the line above to the following two lines, where I save the String value to a variable, so the &str returned from trim had a valid place to point:

        let line = line?;
        let common_password = line.trim();

Although this compiled, I was still unsure if this would make a difference as I have no experience with Rust or how smart the compiler is or isn't, so I ran some tests, which showed the version without the to_string is faster and avoids extra heap allocations. Perhaps the code in the book could be tweaked to eliminate this, seemingly, unnecessary call?

I quickly realized that studying law was not for me: reality was travested

travested -> travestied

The goal of this book this is to save

maybe double this

It’s important to understand that Black Hat Rust is not meant to be an
big encyclopaedia

encyclopaedia -> encyclopedia

Tt took me

maybe Tt -> That

but It’s only when

It's -> it's

Hey author and fellow contributors,

I hope this message finds you well. I wanted to share my intentions regarding the project and discuss potential contributions. I am currently engaged in expanding the research conducted here and plan to maintain a separate fork of this repository in the future by updating the outdated code.

My primary focus at the moment is on creating new chapters that will serve as valuable additions to the existing content. These chapters are 100% free as code and content and aim to extend the scope of the book, providing further insights and depth to the topics already covered.

I am open to feedback and suggestions from the author and contributors. Your insights are invaluable in shaping the direction of the project, and I would like to ensure that any modifications align with the vision and goals of the original work.

Looking forward to your thoughts and guidance.

Love,
Mahmoud

It seems that some mistakes were made during the md -> pdf conversion :

• listings are overflowing on the right side for every console command
• chapter referencing is off by several chapters, e.g. talking about chapter 5 is actually talking about chapter 7 and so on

I'll update the list while I'm going through the book

Sylvain, google do it very well. I mean finding files and data.
What do you think of ports scanning and/or device detecting tool, like shodan?

Originally posted by @svirmi in #3 (comment)

The code to retrieve the CSRF token is not quite correct. It does not properly decode the percent encoding, thus the requests will fail. It can easily be fixed by adjusting the import in the Cargo.toml:

cookie = {version = "0.15", features = ["percent-encode"]}

and by adjusting line 216 in main.rs:

.filter_map(|cookie| Cookie::parse_encoded(cookie).ok())

Hi, I finished the first chapter. It was my first Rust program.
I had a lot of fun. I am looking forward to the rest of the book.
As a newbie to Rust, I was pleasantly surprised when vscode recognized my .rs file right off the bat and showed syntax highlighting. However, it showed compiler errors without - help: text. This threw me off for like 20 minutes. I didn't realize I had en extra semi-colon at the end of the final Ok(()); and this meant something was wrong. It showed the compiler error in the return value in the main signature. Slightly disappointed with vscode right now. (Apparently, you can either close with return Ok(()); or Ok(()) but not Ok(());.)

from https://www.reddit.com/r/rust/comments/lcow5j/black_hat_rust_im_writing_a_book_about_offensive/gmxjwmj

Make it more clear what Ok(()) means

I am currently using

rustc 1.66.0 (69f9c33d7 2022-12-12)

I noticed that the code for the sha1 cracker requires the use of

use hex;

in the import(?)/use section of the code in order for the compiler to recognize &hex... in this line

Hi @skerkour , enjoying the book!

Ran across some minor typos in ch3 and thought I'd list them here.

• 3.7.1, "Instead, by calling spaw_blocking" -> "Instead, by calling spawn_blocking"
• 3.9.1.2, "Cosuming iterators" -> "Consuming iterators"
• 3.9.1.2, "for_each is the functionnal" -> "for_each is the functional"
• 3.9.5.1 "when an initial Future finisehd:" -> "when an initial Future finished:"
  • This might actually be better as "when an initial Future finishes:"

I think the book would benefit from a smaller font size for code blocks. In both the PDF and epub versions (didn’t look at mobi), the code block font looks larger than the body text font. To minimize wrapping of code blocks, I think a smaller monospace font size would look better. It would also look more harmonious with the body font size.

(Same comment applies to your blog posts IMO).

For example, here is a screenshot from the Rust Book, which I think has the right proportion of body font size to code block size:

Hi there, I'm reading through the book and loving it so far! In chapter 2 right now and noticed a typo and another potential typo:

In 2.14:

Also, the parallel iterator has the same method available as traditional iterators

I believe "method" should be "methods"

And in 2.15:

Indeed, by using threadpool of std::thread::spawm

• spawm should be spawn,
• and also, should it say "by using threadpool instead of std::thread::spawn?

Apologies if this is not the best place to send suggestions, let me know if you'd prefer them another way!

Hey Sylvain,

I've just started the book and the introduction has been really excited! Looking forward to an awesome read.

I found a typo in the black hat book (section 5.3.2), where do I file the edit?

Little typo in chapter 6, page 161:

6.23: "If we try to subtract 4,294,967,295 (abount) to (balance)" -> "abount" should be "amount"

Hello, I am citing this repository in a project that I have done, but there is not CITATION.cff file to show the correct citation for this repository. Please consider adding such a file in order to enable others in the future to have what they need to properly cite your work.

For more information on this, here are a couple of GitHub links on how to make such a file:
https://citation-file-format.github.io/
https://github.com/citation-file-format/citation-file-format

See here for the Changelog.

• Fri 29/10: ch01 - v2021.24
  • review illustrations
  • fill "coming soon"
  • edit
  • typos
• Tue 02/11: ch02 - v2021.25
  • review illustrations
  • fill "coming soon"
  • edit
  • typos
• Sat 06/11: ch03 - v2021.26
  • review illustrations
  • fill "coming soon"
  • edit
  • typos
• Sun 07/11: ch11 - v2021.27
  • review illustrations
  • fill "coming soon"
  • edit
  • typos
• Mon 08/11: ch13 - v2021.28
  • review illustrations
  • fill "coming soon"
  • edit
  • typos
• Mon 08/11: ch14 - v2021.29
  • review illustrations
  • fill "coming soon"
  • edit
  • typos
• Tue 09/11: ch08 - v2021.30
  • review illustrations
  • fill "coming soon"
  • edit
  • typos
• Wed 10/11: ch10 - v2021.31
  • review illustrations
  • fill "coming soon"
  • edit
  • typos
• Thu 11/11: ch04 - v2021.32
  • review illustrations
  • fill "coming soon"
  • edit
  • typos
• Fri 12/11: ch12 - v2021.33
  • review illustrations
  • fill "coming soon"
  • edit
  • typos
• Sat 13/11: ch06 - v2021.34
  • review illustrations
  • fill "coming soon"
  • edit
  • typos
• Mon 15/11: ch05 - v2021.35
  • review illustrations
  • fill "coming soon"
  • edit
  • typos
• Tue 16/11: ch07 - v2021.36
  • review illustrations
  • fill "coming soon"
  • edit
  • typos
• Thu 18/11: ch09 - v2021.37
  • review illustrations
  • fill "coming soon"
  • edit
  • typos

Chapter 2 skips over the models file, and several external libraries. It might be important to

• explain adding these external libraries and include the import lines demonstrating how to import / add external libraries.
• local crate references in imports, how to import files in a project.
• project hierarchy and structures. (at this point ch2. i wouldnt expect a real tree structure, but maybe address the models file and its common practices)
• adding deps with cargo
• explain the rayon crate
• explain the serde crate
• explain the reqwest crate

Very beginner things, but it is chapter 2. I would expect these things to be explained in a book which advertises learning rust along the way.

We should be writing help text using BNF,

• where square brackets [] are used to denote optional args, and
• angled brackets <> are used to denote required args.

So instead of:

sha1_cracker: [wordlist.txt] [sha1_hash]

we should write:

sha1_cracker: <wordlist.txt> <sha1_hash>

The current server/Cargo.toml file causes a compile error due to sqlx.

wasm-pack build --target web --out-name wasm --out-dir ./dist --dev --no-typescript webapp
Error: Error during execution of `cargo metadata`: error: failed to select a version for `sqlx-core`.
    ... required by package `sqlx v0.6.0`
    ... which satisfies dependency `sqlx = "^0.6"` (locked to 0.6.0) of package `server v0.1.0 (/Users/tarang/Developer/rust/black-hat-rust/ch_09/phishing/server)`
versions that meet the requirements `^0.6.0` are: 0.6.0

the package `sqlx` depends on `sqlx-core`, with features: `sqlx` but `sqlx-core` does not have these features.


failed to select a version for `sqlx-core` which could resolve this conflict

make: *** [webapp_debug] Error 1

The fix for now is to downgrade to sqlx v0.5.0

I've received many request to create some kind of community about Rust x Hacking.

To be clear I don't have the bandwidth today to do that.

But as this is a really interesting thing that I could set up in the future, I want to gather some feedback before.

The biggest advantage of a community is peer-to-peer learning, where everyone can share their discoveries.

The biggest disadvantages of a community around security are identities and potential scams.

To be honest, I'm not a fan of chat communities (Discord, Matrix...): The knowledge is quickly lost, and it's very easy to mix a lot of conversations.

I would prefer a forum, which provide a searchable archive.

What do you think about it? What would you prefer, and why?

should be 100 not 10

I read your article "Backdooring Rust crates for fun and profit" today which said:

While it’s possible to audit the code of a crate on https://docs.rs on clicking on a [src] button, it turns that I couldn’t find a way to inspect build.rs files. Thus, combined with a malicious update, it’s the almost perfect backdoor.

There is a way to view build.rs files, you just have to use docs.rs' source view on /crate instead of rustdoc's. e.g. for boring-sys you can see the build.rs on https://docs.rs/crate/boring-sys/1.1.1/source/build.rs.

wechat or alipay?

In this book we will shake the preconceived ideas (Rust is too complex for the real-world, Rust is not productive...) and see how to architecture and create real-world Rust projects applied to offensive security.

architecture -> architect

Here are some example of files whose content may be of interest:
/etc/passwd
/etc/shadow
134
/proc/self/environ
/etc/hosts
/etc/resolv.conf
/proc/cpuinfo
/proc/filesystems
/proc/interrupts
/proc/ioports
/proc/meminfo
/proc/modules
/proc/mounts
/proc/stat
/proc/swaps
/proc/version
~/.bash_history
~/.bashrc
~/.ssh/authorized_keys
~/.ssh/id_dsa

It's worth noting one other file ~/.viminfo can sometimes be a last line of defense of disaster recovery when the bad actor executes commands through the :! interface on Vi, and completely bypass entries being appended to ~/.bash_history and ~/.full_history on some systems. Likewise, ~/.full_history is also missing.

Great preview so far btw :)

make docker

docker build -t localhost/skerkour/ebook:latest .
Sending build context to Docker daemon 16.38kB
Step 1/12 : FROM ubuntu:latest
---> c6b84b685f35
Step 2/12 : RUN apt update
---> Using cache
---> 1a0f34424277
Step 3/12 : RUN apt upgrade -y
---> Using cache
---> 65a81a47a76e
Step 4/12 : ENV USER=ebook
---> Using cache
---> 09ddd6d66ad2
Step 5/12 : ENV UID=10001
---> Using cache
---> 9e5079c9fc13
Step 6/12 : RUN adduser --disabled-password --gecos "" --home "/nonexistent" --shell "/sbin/nologin" --no-create-home --uid "${UID}" "${USER}"
---> Using cache
---> ef1b6e6fe127
Step 7/12 : ENV DEBIAN_FRONTEND noninteractive
---> Using cache
---> 2b16332fa839
Step 8/12 : RUN apt install -y vim calibre pdftk epubcheck binutils make wget imagemagick
---> Using cache
---> e67f0f0bc35b
Step 9/12 : RUN apt install -y pandoc libpar-packer-perl perl-doc zlib1g zlib1g-dev expat texlive-latex-base texlive-latex-extra texlive-xetex texlive librsvg2-bin texlive-fonts-recommended texlive-fonts-extra texlive-xetex texlive-latex-recommended
---> Using cache
---> a6b7d94386b0
Step 10/12 : USER ebook:ebook
---> Using cache
---> 268852e0ee26
Step 11/12 : WORKDIR /ebook
---> Using cache
---> c9f53dbab38d
Step 12/12 : CMD ["make", "all"]
---> Using cache
---> f29c71616ef1
Successfully built f29c71616ef1
Successfully tagged localhost/skerkour/ebook:latest

docker run -ti --rm -v pwd:/ebook localhost/skerkour/ebook

pandoc settings.txt src/ch_01.md src/ch_02.md src/ch_03.md src/ch_04.md src/ch_05.md src/ch_06.md src/ch_07.md src/ch_08.md src/ch_09.md src/ch_10.md src/ch_11.md src/ch_12.md src/ch_13.md src/ch_14.md
--resource-path=src
--output=ebooks/black_hat_rust_content.pdf
--pdf-engine=xelatex
--table-of-contents --toc-depth=2
--number-sections
--top-level-division=chapter
--include-in-header inline_code.tex
-V fontsize=12pt
-V documentclass=report
-V linkcolor:blue
--highlight-style tango_theme.json
-M date="v2021.41"
Unknown highlight-style tango_theme.json
make: *** [Makefile:33: pdf] Error 6

I have recently purchased the book, but am unable to see any of the content. It looks like the version is an older version.

I'm following along your book to learn more about cybersecurity and coding my own tools (and I chose Rust for this), and I couldn't help but notice that .json() isn't a valid method, nor can I identify where you're getting that method from, in chapter 2 and 3. Can you help me with that?

Thank you.