Friday, January 19, 2024

Exploiting Golang Unsafe Pointers


There are situations when c interacts with golang for example in a library, and its possible to exploit a golang function writing raw memory using an unsafe.Pointer() parameter.

When golang receive a null terminated string on a *C.Char parameter, can be converted to golang s tring with  s2 := C.GoString(s1) we can do string operations with s2 safelly if the null byte is there.

When golang receives a pointer to a buffer on an unsafe.Pointer() and the length of the buffer on a C.int, if the length is not cheated can be converted to a []byte safelly with b := C.GoBytes(buf,sz)

Buuut what happens if golang receives a pointer to a buffer on an unsafe.Pointer() and is an OUT variable? the golang routine has to write on this pointer unsafelly for example we can create a golangs memcpy in the following way:



We convert to uintptr for indexing the pointer and then convert again to pointer casted to a byte pointer dereferenced and every byte is writed in this way.

If b is controlled, the memory can be written and the return pointer of main.main or whatever function can be modified.

https://play.golang.org/p/HppcVpLfuMf


The return addres can be pinpointed, for example 0x41 buffer 0x42 address:



We can reproduce it simulating the buffer from golang in this way:


we can dump the address of a function and redirect the execution to it:


https://play.golang.org/p/7htJHJp8gUJ

In this way it's possible to build a rop chain using golang runtime to unprotect a shellcode.

More articles
  1. Blackhat Hacker Tools
  2. Pentest Tools For Ubuntu
  3. Hacker Tools For Windows
  4. Hack Tools
  5. Hacker Tools Apk
  6. Nsa Hack Tools
  7. Tools 4 Hack
  8. Android Hack Tools Github
  9. Kik Hack Tools
  10. Top Pentest Tools
  11. How To Install Pentest Tools In Ubuntu
  12. Hacking Tools Download
  13. Hack Apps
  14. Pentest Recon Tools
  15. Pentest Tools For Windows
  16. Hack Tools For Windows
  17. Black Hat Hacker Tools
  18. Top Pentest Tools
  19. Hacking Tools Github
  20. Hacker Tools
  21. Pentest Tools Online
  22. Bluetooth Hacking Tools Kali
  23. Hack Tool Apk No Root
  24. Pentest Tools Download
  25. Hacking Tools Mac
  26. Hack Tools Download
  27. Blackhat Hacker Tools
  28. Nsa Hacker Tools
  29. Hacker Tools Free
  30. World No 1 Hacker Software
  31. Hacking Tools For Windows
  32. Hacker Hardware Tools
  33. Nsa Hack Tools
  34. Hacker Tools Windows
  35. Hacking Tools Pc
  36. Hacking Tools For Mac
  37. Ethical Hacker Tools
  38. World No 1 Hacker Software
  39. Pentest Tools Alternative
  40. Hack Tools
  41. Hack And Tools
  42. Pentest Tools Linux
  43. Hacking Tools For Windows 7
  44. Hack Tools
  45. Hacker Tools Apk
  46. Pentest Tools Download
  47. Pentest Tools Framework
  48. Pentest Tools For Android
  49. Beginner Hacker Tools
  50. Best Hacking Tools 2019
  51. Pentest Tools Website Vulnerability
  52. Hacker Tools Free Download
  53. Hacker Tools For Windows
  54. Pentest Automation Tools
  55. Hacking App
  56. Pentest Tools Bluekeep
  57. Hak5 Tools
  58. Pentest Tools List
  59. Hacking Tools For Kali Linux
  60. Hacking Tools For Kali Linux
  61. How To Hack
  62. Black Hat Hacker Tools
  63. Hak5 Tools
  64. Hack Tools 2019
  65. Pentest Tools Tcp Port Scanner
  66. Pentest Tools Apk
  67. New Hacker Tools
  68. Tools Used For Hacking
  69. Pentest Tools Framework
  70. Pentest Tools Website
  71. Pentest Tools Kali Linux
  72. Pentest Tools Github
  73. Hack Tools Mac
  74. Hacker Tools List
  75. Hacking Tools 2020
  76. Hacker Tools Free
  77. Hacks And Tools
  78. Pentest Tools Nmap
  79. Pentest Tools Github
  80. Hacking Tools Software
  81. Github Hacking Tools
  82. Hacking Tools Pc
  83. Free Pentest Tools For Windows
  84. World No 1 Hacker Software
  85. How To Hack
  86. Hacker Tools Software
  87. Pentest Tools Url Fuzzer
  88. Hacking Tools For Beginners
  89. Hacker Tool Kit
  90. Hacker Techniques Tools And Incident Handling
  91. Hacking Tools
  92. Hacking App
  93. Best Hacking Tools 2019
  94. Physical Pentest Tools
  95. Tools 4 Hack
  96. Hacker Tools Online
  97. Pentest Tools Review
  98. Hack Rom Tools
  99. Hack Tools For Games
  100. Hack Tools For Games
  101. Install Pentest Tools Ubuntu
  102. Pentest Tools Port Scanner
  103. Best Hacking Tools 2019
  104. Hacker Tools List
  105. Hack Tools Mac
  106. Underground Hacker Sites
  107. Hacking Tools And Software
  108. Hacking Tools Software
  109. Wifi Hacker Tools For Windows
  110. Nsa Hack Tools Download
  111. Hack And Tools
  112. Pentest Tools Github
  113. New Hacker Tools
  114. Hack And Tools
  115. Android Hack Tools Github
  116. Termux Hacking Tools 2019
  117. Hacking Tools Pc
  118. Hack Tools For Mac
  119. Pentest Tools Framework
  120. Hacking App
  121. Pentest Tools Alternative
Posted by at

No comments:

Post a Comment

Subscribe to: Post Comments (Atom)