Friday, January 26, 2024

Exploiting Golang Unsafe Pointers


There are situations when c interacts with golang for example in a library, and its possible to exploit a golang function writing raw memory using an unsafe.Pointer() parameter.

When golang receive a null terminated string on a *C.Char parameter, can be converted to golang s tring with  s2 := C.GoString(s1) we can do string operations with s2 safelly if the null byte is there.

When golang receives a pointer to a buffer on an unsafe.Pointer() and the length of the buffer on a C.int, if the length is not cheated can be converted to a []byte safelly with b := C.GoBytes(buf,sz)

Buuut what happens if golang receives a pointer to a buffer on an unsafe.Pointer() and is an OUT variable? the golang routine has to write on this pointer unsafelly for example we can create a golangs memcpy in the following way:



We convert to uintptr for indexing the pointer and then convert again to pointer casted to a byte pointer dereferenced and every byte is writed in this way.

If b is controlled, the memory can be written and the return pointer of main.main or whatever function can be modified.

https://play.golang.org/p/HppcVpLfuMf


The return addres can be pinpointed, for example 0x41 buffer 0x42 address:



We can reproduce it simulating the buffer from golang in this way:


we can dump the address of a function and redirect the execution to it:


https://play.golang.org/p/7htJHJp8gUJ

In this way it's possible to build a rop chain using golang runtime to unprotect a shellcode.

Related posts

  1. Hacking Tools For Kali Linux
  2. Black Hat Hacker Tools
  3. Hacking Tools Online
  4. Hack Tools
  5. Hacker Tools List
  6. Pentest Tools Online
  7. Pentest Tools For Windows
  8. Hacker Tools Apk
  9. Kik Hack Tools
  10. Hacking Tools For Windows
  11. Hacker Tools Online
  12. Hacking Tools Free Download
  13. Hacking Tools For Kali Linux
  14. Hacking Tools For Pc
  15. Pentest Tools Bluekeep
  16. Hacking Apps
  17. Free Pentest Tools For Windows
  18. Hacking Tools Online
  19. Pentest Tools Url Fuzzer
  20. Hacking Tools For Pc
  21. Usb Pentest Tools
  22. Hacker Tools 2019
  23. Hack Tools Github
  24. Hacker Search Tools
  25. Hacker Tools Software
  26. Pentest Reporting Tools
  27. Pentest Tools Free
  28. Nsa Hack Tools Download
  29. Tools 4 Hack
  30. Hacker Tools For Ios
  31. How To Make Hacking Tools
  32. Hacking Tools For Kali Linux
  33. Pentest Recon Tools
  34. Install Pentest Tools Ubuntu
  35. Hack Tools For Ubuntu
  36. New Hacker Tools
  37. Best Pentesting Tools 2018
  38. Hacker Tools Linux
  39. Hacking Tools For Games
  40. Pentest Tools Bluekeep
  41. Hacker Tools For Pc
  42. Hacking Tools Windows 10
  43. Hacking Tools For Games
  44. Hacker Tools Hardware
  45. How To Make Hacking Tools
  46. Hacker Tool Kit
  47. Pentest Tools Download
  48. Underground Hacker Sites
  49. Hacking App
  50. Hacker Tools List
  51. Hacking Tools For Windows
  52. Hacker Tools For Ios
  53. Hack Tools
  54. Hacking Tools For Pc
  55. Hacker Tools Mac
  56. Hack Tools For Ubuntu
  57. Hack Tools For Pc
  58. Top Pentest Tools
  59. Hacker Tools Free Download
  60. Hack Rom Tools
  61. Hacking Tools Free Download
  62. Pentest Tools Review
  63. Pentest Tools For Mac
  64. Hacking Tools 2019
  65. Beginner Hacker Tools
  66. Hacker Hardware Tools
  67. Pentest Tools Nmap
  68. Pentest Tools Open Source
  69. Hacking Tools Hardware
  70. Hack And Tools
  71. Hack Tool Apk
  72. Hack Tools For Windows
  73. Computer Hacker
  74. Hacker Tools Software
  75. Hack Tools Download
  76. Hack Tools For Pc
  77. Free Pentest Tools For Windows
  78. Hack Apps
  79. Top Pentest Tools
  80. Pentest Tools Kali Linux
  81. Pentest Tools Android
  82. Growth Hacker Tools
  83. Pentest Tools Tcp Port Scanner
  84. Hackers Toolbox
  85. Hacker Tools Free
  86. Hacking Tools Windows
  87. Best Pentesting Tools 2018
  88. Easy Hack Tools
  89. Hacking Tools 2019
  90. Hacker Tools Apk Download
  91. Ethical Hacker Tools
  92. Growth Hacker Tools
  93. Computer Hacker
  94. Tools Used For Hacking
  95. Android Hack Tools Github
  96. Hacker Tools 2020
  97. Pentest Tools Nmap
  98. How To Hack
  99. Pentest Tools For Android
  100. Pentest Tools Free
  101. Hack Tools Mac
  102. Hacking Tools Usb
  103. Hacking Tools Software
  104. Hack Tools 2019
  105. Hacker Tools For Mac
  106. Hacking Tools 2019
  107. Hacking Tools
  108. Pentest Box Tools Download
  109. Pentest Tools Port Scanner
  110. How To Make Hacking Tools
  111. Hacker Tools 2020
  112. Hacker Tools Hardware
  113. Hacker Search Tools
  114. How To Hack
  115. Hacker Tools Apk
  116. Hacking Tools Windows 10
  117. Pentest Tools Framework
  118. Hack Website Online Tool
  119. Pentest Automation Tools
  120. Pentest Tools Download
  121. Hacker Tools For Windows
  122. Pentest Tools Android
  123. Hacking Tools For Windows Free Download
  124. Hacker Tools Linux
  125. Bluetooth Hacking Tools Kali
  126. Pentest Tools For Windows
  127. Growth Hacker Tools
  128. Hacker Tools
  129. Hack Tools Github
  130. Hacking Tools 2019
  131. Pentest Tools Nmap
  132. Hacking Tools 2019
  133. Hack Tools 2019
  134. Hack Tools
  135. Pentest Tools Linux
  136. Tools For Hacker
  137. Hack Tools
  138. Hacking Tools For Beginners
  139. Hacking Tools For Games
  140. Hacking Tools Usb
  141. Hacking Tools For Mac
  142. Hacker Tools
  143. Pentest Tools Subdomain
  144. Usb Pentest Tools
  145. Pentest Reporting Tools
  146. Hacker Hardware Tools
Posted by at

No comments:

Post a Comment

Subscribe to: Post Comments (Atom)