Exploiting Golang Unsafe Pointers

By love Posted On 7:17 PM // Leave a Comment

There are situations when c interacts with golang for example in a library, and its possible to exploit a golang function writing raw memory using an unsafe.Pointer() parameter.

When golang receive a null terminated string on a *C.Char parameter, can be converted to golang s tring with  s2 := C.GoString(s1) we can do string operations with s2 safelly if the null byte is there.

When golang receives a pointer to a buffer on an unsafe.Pointer() and the length of the buffer on a C.int, if the length is not cheated can be converted to a []byte safelly with b := C.GoBytes(buf,sz)

Buuut what happens if golang receives a pointer to a buffer on an unsafe.Pointer() and is an OUT variable? the golang routine has to write on this pointer unsafelly for example we can create a golangs memcpy in the following way:



We convert to uintptr for indexing the pointer and then convert again to pointer casted to a byte pointer dereferenced and every byte is writed in this way.

If b is controlled, the memory can be written and the return pointer of main.main or whatever function can be modified.

https://play.golang.org/p/HppcVpLfuMf


The return addres can be pinpointed, for example 0x41 buffer 0x42 address:



We can reproduce it simulating the buffer from golang in this way:


we can dump the address of a function and redirect the execution to it:


https://play.golang.org/p/7htJHJp8gUJ

In this way it's possible to build a rop chain using golang runtime to unprotect a shellcode.

Related links


  1. Hacking Tools Kit
  2. New Hacker Tools
  3. Hack Tool Apk No Root
  4. Hacker Tools Apk Download
  5. Pentest Tools Github
  6. Growth Hacker Tools
  7. Kik Hack Tools
  8. Hack Tools For Mac
  9. Hack Tools Mac
  10. Hacking Tools For Kali Linux
  11. Best Hacking Tools 2020
  12. Hack App
  13. Hack Tools For Mac
  14. Pentest Tools Apk
  15. Pentest Tools Free
  16. Hack Tools Pc
  17. Hacker Security Tools
  18. Hacker Techniques Tools And Incident Handling
  19. Black Hat Hacker Tools
  20. Pentest Tools Github
  21. Hack Rom Tools
  22. Hacking Tools 2020
  23. Hacking Tools For Kali Linux
  24. Hacker Tools Windows
  25. Hack Tools
  26. Hacker Security Tools
  27. Pentest Tools For Mac
  28. Hacking Tools Software
  29. Pentest Tools Apk
  30. Hacking Tools For Windows
  31. Pentest Tools Free
  32. Hacking Tools For Mac
  33. Hacking Tools 2019
  34. Pentest Tools Free
  35. Hacking Tools Usb
  36. Game Hacking
  37. Pentest Tools Open Source
  38. Hack Tools For Pc
  39. Android Hack Tools Github
  40. Hacking Apps
  41. Hack Tool Apk
  42. Pentest Tools Review
  43. Pentest Tools Framework
  44. Hacking Tools Download
  45. Pentest Tools Port Scanner
  46. Kik Hack Tools
  47. Pentest Tools Open Source
  48. Pentest Tools List
  49. Hack Tools For Windows
  50. World No 1 Hacker Software
  51. Computer Hacker
  52. Pentest Tools Download
  53. Pentest Tools Apk
  54. Pentest Tools Subdomain
  55. Hacker Tools Linux
  56. Hacking Tools For Windows Free Download
  57. Pentest Tools Online
  58. Hacking App
  59. Hacker Tools Free
  60. Nsa Hack Tools
  61. Hacking Tools For Pc
  62. Pentest Tools List
  63. Hack Tools For Pc
  64. Hack Rom Tools
  65. New Hack Tools
  66. Hack Tools 2019
  67. Pentest Tools Find Subdomains
  68. Hacking Tools Free Download
  69. Best Pentesting Tools 2018
  70. Pentest Tools List
  71. Hacking Tools For Windows
  72. Hacker Tools Apk
  73. Pentest Tools Port Scanner
  74. Hacker Tools Online
  75. Pentest Tools Free
  76. Pentest Tools Find Subdomains
  77. Hacker Tools
  78. Hacking Tools Windows
  79. Pentest Tools Free
  80. Pentest Tools Alternative
  81. Hacker Tools Apk
  82. Hack Website Online Tool
  83. Best Pentesting Tools 2018
  84. Top Pentest Tools
  85. Computer Hacker
  86. Hacker Tools 2019
  87. Hack Tools For Mac
  88. Wifi Hacker Tools For Windows
  89. Pentest Tools List
  90. Hacker Tools 2019
  91. Pentest Tools Android
  92. Pentest Tools Windows
  93. How To Install Pentest Tools In Ubuntu
  94. Hack Tools
  95. Pentest Tools Windows
  96. Hack Tool Apk No Root
  97. Hack And Tools
  98. How To Hack
  99. Hacker Tools For Mac
  100. Hack Tools Github
  101. Hacking Tools Download
  102. Hack Website Online Tool
  103. Hack Rom Tools
  104. Pentest Tools Alternative
  105. Hack Tools Download
  106. How To Install Pentest Tools In Ubuntu
  107. Hacker Tools Linux
  108. Hack Tool Apk
  109. Hack And Tools
  110. How To Install Pentest Tools In Ubuntu
  111. Hack App
  112. Hack Tools For Ubuntu
  113. Pentest Tools For Mac
  114. Wifi Hacker Tools For Windows
  115. Pentest Tools
  116. Hacking Tools 2020
  117. How To Install Pentest Tools In Ubuntu
  118. Free Pentest Tools For Windows
  119. Pentest Recon Tools
  120. Pentest Tools Windows
  121. Hacker Tools For Ios
  122. Hackrf Tools
  123. Blackhat Hacker Tools
  124. Pentest Tools Bluekeep
  125. Hacking Tools For Windows 7
  126. Hacker Techniques Tools And Incident Handling
  127. Hacker Security Tools
  128. Hacking Tools And Software
  129. Hacking Tools Name
  130. Hacking Apps
  131. Hacker Tools List
  132. Pentest Tools Github
  133. Pentest Tools Kali Linux
  134. Tools 4 Hack
  135. Pentest Tools Apk
  136. Beginner Hacker Tools
  137. Hacking Tools Github
  138. Hacking Tools Mac
  139. Pentest Box Tools Download
  140. Hacking Tools For Pc
  141. Game Hacking
  142. Pentest Tools For Mac
  143. Hacking Tools For Games
  144. Termux Hacking Tools 2019
  145. Pentest Tools Github
  146. Pentest Tools Port Scanner
  147. Hack Tools For Windows
  148. World No 1 Hacker Software
  149. Kik Hack Tools
  150. Pentest Reporting Tools
  151. Pentest Tools Github
  152. Hacker Tool Kit
  153. Pentest Tools Website
  154. Hack Tools Mac
  155. Ethical Hacker Tools
  156. Hacker Tools Linux
  157. Pentest Tools For Ubuntu
  158. Pentest Automation Tools
  159. What Is Hacking Tools

Labels:

0 comments:

Post a Comment