Tuesday, May 30, 2023

Exploiting Golang Unsafe Pointers


There are situations when c interacts with golang for example in a library, and its possible to exploit a golang function writing raw memory using an unsafe.Pointer() parameter.

When golang receive a null terminated string on a *C.Char parameter, can be converted to golang s tring with  s2 := C.GoString(s1) we can do string operations with s2 safelly if the null byte is there.

When golang receives a pointer to a buffer on an unsafe.Pointer() and the length of the buffer on a C.int, if the length is not cheated can be converted to a []byte safelly with b := C.GoBytes(buf,sz)

Buuut what happens if golang receives a pointer to a buffer on an unsafe.Pointer() and is an OUT variable? the golang routine has to write on this pointer unsafelly for example we can create a golangs memcpy in the following way:



We convert to uintptr for indexing the pointer and then convert again to pointer casted to a byte pointer dereferenced and every byte is writed in this way.

If b is controlled, the memory can be written and the return pointer of main.main or whatever function can be modified.

https://play.golang.org/p/HppcVpLfuMf


The return addres can be pinpointed, for example 0x41 buffer 0x42 address:



We can reproduce it simulating the buffer from golang in this way:


we can dump the address of a function and redirect the execution to it:


https://play.golang.org/p/7htJHJp8gUJ

In this way it's possible to build a rop chain using golang runtime to unprotect a shellcode.

Related posts


  1. Hacking Tools For Pc
  2. World No 1 Hacker Software
  3. Hacker Tools Linux
  4. Android Hack Tools Github
  5. Hacker Tools Apk
  6. Hackrf Tools
  7. Hack Apps
  8. How To Hack
  9. Pentest Tools Port Scanner
  10. Hacker Tools Online
  11. New Hacker Tools
  12. Bluetooth Hacking Tools Kali
  13. Pentest Tools Tcp Port Scanner
  14. Hack Website Online Tool
  15. Hack Tool Apk
  16. Hack Tools Mac
  17. Hacker Tools Apk Download
  18. Nsa Hacker Tools
  19. Hack Tools Github
  20. Nsa Hack Tools
  21. Physical Pentest Tools
  22. Hacking Tools Usb
  23. Hacking Tools For Windows Free Download
  24. Pentest Tools Alternative
  25. Hacking Tools For Windows
  26. Hacker Tools Mac
  27. Hacking Tools Name
  28. Pentest Automation Tools
  29. Hack Tools Download
  30. Pentest Tools Online
  31. Pentest Recon Tools
  32. Hacking Tools For Games
  33. Pentest Tools
  34. Hacking Tools Name
  35. Pentest Tools For Ubuntu
  36. Hacking Tools Windows 10
  37. Hack Tools
  38. Hacking Tools Kit
  39. Kik Hack Tools
  40. Install Pentest Tools Ubuntu
  41. Hacking Tools For Pc
  42. Pentest Tools Url Fuzzer
  43. Hacker Tools Hardware
  44. Blackhat Hacker Tools
  45. Hacker Tools Windows
  46. Pentest Tools Github
  47. World No 1 Hacker Software
  48. Pentest Tools Bluekeep
  49. Pentest Tools Bluekeep
  50. Hacking Tools For Windows 7
  51. Hack Rom Tools
  52. Hack Tools For Ubuntu
  53. Hacking Apps
  54. Termux Hacking Tools 2019
  55. Hacking Tools For Kali Linux
  56. Physical Pentest Tools
  57. Bluetooth Hacking Tools Kali
  58. Hackrf Tools
  59. Hacking Tools 2020
  60. Beginner Hacker Tools
  61. Hacker Tools 2020
  62. Best Pentesting Tools 2018
  63. What Is Hacking Tools
  64. Github Hacking Tools
  65. Pentest Tools Linux
  66. Kik Hack Tools
  67. Hacking Tools And Software
  68. What Is Hacking Tools
  69. Install Pentest Tools Ubuntu
  70. Hacking Tools Software
  71. Pentest Tools Url Fuzzer
  72. Hacker
  73. Pentest Tools Github
  74. What Are Hacking Tools
  75. Hack Tools
  76. Pentest Reporting Tools
  77. Hack Tools For Mac
  78. Hacker Tools Apk
  79. Best Pentesting Tools 2018
  80. Hack Tools Pc
  81. New Hacker Tools
  82. Pentest Tools Framework
  83. Hack Tools
  84. Growth Hacker Tools
  85. Beginner Hacker Tools
  86. Hacking Tools Mac
  87. Hacking Tools Hardware
  88. Hack Tools Mac
  89. Hack Tools For Pc
  90. Hacking Tools 2019
  91. Pentest Tools Nmap
  92. Hacking Tools Mac
  93. Hack Tools For Pc
  94. Hack Tools For Games
  95. Hack Tools For Ubuntu
  96. Pentest Tools Port Scanner
  97. Best Hacking Tools 2020
  98. Pentest Tools For Mac
  99. Pentest Tools Apk
  100. Underground Hacker Sites
  101. Ethical Hacker Tools
  102. Pentest Tools Framework
  103. Pentest Tools Find Subdomains
  104. Best Hacking Tools 2020
  105. Pentest Tools For Android
  106. Hack Tools
  107. Hacker Tools Apk
  108. Kik Hack Tools
  109. Hacker Tools 2020
  110. What Is Hacking Tools
  111. Pentest Tools For Windows
  112. Pentest Tools Website Vulnerability
  113. Github Hacking Tools
  114. Pentest Tools Alternative
  115. Pentest Box Tools Download
  116. Pentest Tools Apk
  117. Hak5 Tools
  118. Tools For Hacker
  119. Hacking Tools Usb
  120. Hacker Security Tools
  121. Termux Hacking Tools 2019
  122. Hacks And Tools
  123. Hacking Tools Online
  124. Hack Tools Download
  125. Hacker Techniques Tools And Incident Handling
  126. Pentest Tools List
  127. Pentest Tools Subdomain
  128. Hack Tools Online
  129. Hack Tools Pc
  130. Top Pentest Tools
Posted by at

No comments:

Post a Comment

Subscribe to: Post Comments (Atom)