Monday, August 31, 2020

Exploiting Golang Unsafe Pointers


There are situations when c interacts with golang for example in a library, and its possible to exploit a golang function writing raw memory using an unsafe.Pointer() parameter.

When golang receive a null terminated string on a *C.Char parameter, can be converted to golang s tring with  s2 := C.GoString(s1) we can do string operations with s2 safelly if the null byte is there.

When golang receives a pointer to a buffer on an unsafe.Pointer() and the length of the buffer on a C.int, if the length is not cheated can be converted to a []byte safelly with b := C.GoBytes(buf,sz)

Buuut what happens if golang receives a pointer to a buffer on an unsafe.Pointer() and is an OUT variable? the golang routine has to write on this pointer unsafelly for example we can create a golangs memcpy in the following way:



We convert to uintptr for indexing the pointer and then convert again to pointer casted to a byte pointer dereferenced and every byte is writed in this way.

If b is controlled, the memory can be written and the return pointer of main.main or whatever function can be modified.

https://play.golang.org/p/HppcVpLfuMf


The return addres can be pinpointed, for example 0x41 buffer 0x42 address:



We can reproduce it simulating the buffer from golang in this way:


we can dump the address of a function and redirect the execution to it:


https://play.golang.org/p/7htJHJp8gUJ

In this way it's possible to build a rop chain using golang runtime to unprotect a shellcode.

Related articles


  1. Hacker Tools Windows
  2. Hacker Search Tools
  3. Hacker Tools Software
  4. Hack Tools For Ubuntu
  5. Hacker Tools For Pc
  6. Hacker Tools Free Download
  7. Pentest Tools Download
  8. Hacking Tools For Windows 7
  9. Pentest Tools Port Scanner
  10. Pentest Reporting Tools
  11. Pentest Tools For Android
  12. Hacker Tools Linux
  13. Easy Hack Tools
  14. Blackhat Hacker Tools
  15. Hacker Tools Hardware
  16. Hack Tools For Games
  17. Hacker Tools
  18. Tools 4 Hack
  19. Hacking Tools Windows
  20. Ethical Hacker Tools
  21. Hacker Tools For Mac
  22. Free Pentest Tools For Windows
  23. Hacking Tools Usb
  24. Hak5 Tools
  25. Hacking Tools Download
  26. Pentest Reporting Tools
  27. Hackrf Tools
  28. Hacker Tools Apk Download
  29. Hacking Tools Usb
  30. Hacker
  31. Android Hack Tools Github
  32. Pentest Tools Free
  33. Hacker Tools 2020
  34. Hacker Tools 2020
  35. Hacking Tools For Pc
  36. Tools Used For Hacking
  37. Pentest Tools Bluekeep
  38. Beginner Hacker Tools
  39. Hacking Tools And Software
  40. Hacking Tools For Windows 7
  41. Hacking Tools Name
  42. Hack Website Online Tool
  43. Hacking Tools Windows
  44. Pentest Reporting Tools
  45. Pentest Tools For Android
  46. Tools For Hacker
  47. Github Hacking Tools
  48. Tools For Hacker
  49. Hacker Search Tools
  50. Top Pentest Tools
  51. Hack Tools Pc
  52. Hack Tools Download
  53. Pentest Reporting Tools
  54. Pentest Tools Review
  55. Hacking Tools And Software
  56. Pentest Tools List
  57. Pentest Tools Tcp Port Scanner
  58. Pentest Tools Url Fuzzer
  59. Pentest Tools Framework
  60. Tools 4 Hack
  61. Underground Hacker Sites
  62. Pentest Tools For Ubuntu
  63. Pentest Tools Website
  64. Best Hacking Tools 2020
  65. Hacker Hardware Tools
Posted by at

No comments:

Post a Comment

Subscribe to: Post Comments (Atom)