Exploiting Golang Unsafe Pointers

By love Posted On 12:19 PM // Leave a Comment

There are situations when c interacts with golang for example in a library, and its possible to exploit a golang function writing raw memory using an unsafe.Pointer() parameter.

When golang receive a null terminated string on a *C.Char parameter, can be converted to golang s tring with  s2 := C.GoString(s1) we can do string operations with s2 safelly if the null byte is there.

When golang receives a pointer to a buffer on an unsafe.Pointer() and the length of the buffer on a C.int, if the length is not cheated can be converted to a []byte safelly with b := C.GoBytes(buf,sz)

Buuut what happens if golang receives a pointer to a buffer on an unsafe.Pointer() and is an OUT variable? the golang routine has to write on this pointer unsafelly for example we can create a golangs memcpy in the following way:



We convert to uintptr for indexing the pointer and then convert again to pointer casted to a byte pointer dereferenced and every byte is writed in this way.

If b is controlled, the memory can be written and the return pointer of main.main or whatever function can be modified.

https://play.golang.org/p/HppcVpLfuMf


The return addres can be pinpointed, for example 0x41 buffer 0x42 address:



We can reproduce it simulating the buffer from golang in this way:


we can dump the address of a function and redirect the execution to it:


https://play.golang.org/p/7htJHJp8gUJ

In this way it's possible to build a rop chain using golang runtime to unprotect a shellcode.

Continue reading


  1. Hacking Tools Mac
  2. Hack Tools For Pc
  3. Nsa Hack Tools
  4. Growth Hacker Tools
  5. Android Hack Tools Github
  6. What Is Hacking Tools
  7. Hacking Tools Download
  8. Blackhat Hacker Tools
  9. Hack Tools
  10. Free Pentest Tools For Windows
  11. Hacker Tools Apk
  12. Bluetooth Hacking Tools Kali
  13. Hackrf Tools
  14. Hackrf Tools
  15. Hak5 Tools
  16. Termux Hacking Tools 2019
  17. Hacking Tools Name
  18. Hacking Tools Usb
  19. Pentest Tools Bluekeep
  20. Hacking Tools For Kali Linux
  21. Pentest Tools Port Scanner
  22. Top Pentest Tools
  23. Hack Tools Mac
  24. Hacking Tools
  25. Tools 4 Hack
  26. Nsa Hack Tools Download
  27. Hacking Tools Online
  28. Best Hacking Tools 2019
  29. Best Hacking Tools 2019
  30. Pentest Tools Alternative
  31. Pentest Tools Website
  32. Pentest Tools Android
  33. Tools 4 Hack
  34. Ethical Hacker Tools
  35. Hacker Search Tools
  36. Pentest Tools For Windows
  37. Hack Website Online Tool
  38. Hack Tools Pc
  39. Pentest Tools Github
  40. Hacking Tools Software
  41. Hack Tool Apk
  42. Hacking Tools Github
  43. Pentest Tools Tcp Port Scanner
  44. Beginner Hacker Tools
  45. Android Hack Tools Github
  46. Beginner Hacker Tools
  47. Pentest Tools Tcp Port Scanner
  48. Hacking Apps
  49. Pentest Tools Github
  50. Hack Tools Pc
  51. Hack Tools Mac
  52. Hacking Tools Name
  53. Hacking Tools Kit
  54. Hacker Tools Free Download
  55. Hack Rom Tools
  56. Hack Tools Pc
  57. Github Hacking Tools
  58. Pentest Tools Nmap
  59. Hacker Tools For Ios
  60. Pentest Reporting Tools
  61. Hacker Tools 2019

Labels:

0 comments:

Post a Comment