Friday, August 28, 2020

Exploiting Golang Unsafe Pointers


There are situations when c interacts with golang for example in a library, and its possible to exploit a golang function writing raw memory using an unsafe.Pointer() parameter.

When golang receive a null terminated string on a *C.Char parameter, can be converted to golang s tring with  s2 := C.GoString(s1) we can do string operations with s2 safelly if the null byte is there.

When golang receives a pointer to a buffer on an unsafe.Pointer() and the length of the buffer on a C.int, if the length is not cheated can be converted to a []byte safelly with b := C.GoBytes(buf,sz)

Buuut what happens if golang receives a pointer to a buffer on an unsafe.Pointer() and is an OUT variable? the golang routine has to write on this pointer unsafelly for example we can create a golangs memcpy in the following way:



We convert to uintptr for indexing the pointer and then convert again to pointer casted to a byte pointer dereferenced and every byte is writed in this way.

If b is controlled, the memory can be written and the return pointer of main.main or whatever function can be modified.

https://play.golang.org/p/HppcVpLfuMf


The return addres can be pinpointed, for example 0x41 buffer 0x42 address:



We can reproduce it simulating the buffer from golang in this way:


we can dump the address of a function and redirect the execution to it:


https://play.golang.org/p/7htJHJp8gUJ

In this way it's possible to build a rop chain using golang runtime to unprotect a shellcode.

Related news


  1. Pentest Tools Kali Linux
  2. Hacking Tools Pc
  3. Hacking Tools For Mac
  4. Bluetooth Hacking Tools Kali
  5. Hacking Tools Pc
  6. Hacker Tools For Ios
  7. Hack Website Online Tool
  8. Hacking Tools Kit
  9. Pentest Tools Website Vulnerability
  10. Pentest Tools Download
  11. Best Hacking Tools 2019
  12. Pentest Reporting Tools
  13. Pentest Tools Linux
  14. Easy Hack Tools
  15. Pentest Tools Free
  16. Hacker Tools List
  17. Hacking Tools 2020
  18. Hacker Tools For Windows
  19. Ethical Hacker Tools
  20. Hack Rom Tools
  21. Pentest Automation Tools
  22. Ethical Hacker Tools
  23. Pentest Tools Kali Linux
  24. Hack Tools Github
  25. Hack Tools For Games
  26. Pentest Tools Linux
  27. Hack Tools
  28. Hacking Tools And Software
  29. Pentest Tools Free
  30. Pentest Tools For Windows
  31. Pentest Box Tools Download
  32. Hack Tools
  33. Hacker Tools For Windows
  34. Hacker Tools Free
  35. Hack Tools Mac
  36. Hacker Tools Github
  37. Hack Tools For Pc
  38. Pentest Tools Android
  39. Top Pentest Tools
  40. Hack Tools Pc
  41. Hacking Tools For Windows
  42. Black Hat Hacker Tools
  43. Blackhat Hacker Tools
  44. Hack Tools 2019
  45. Pentest Recon Tools
  46. Pentest Tools Android
  47. Pentest Tools Website Vulnerability
  48. Hacker Tools Mac
  49. Hack Apps
  50. Hacking Tools For Windows Free Download
  51. Hacking Tools Name
  52. Best Hacking Tools 2019
  53. Hacking Tools Github
  54. Tools 4 Hack
  55. Pentest Tools Github
  56. Pentest Tools Subdomain
  57. Hacker Tools Mac
  58. Hacks And Tools
  59. Pentest Tools For Android
  60. Hacker Tools For Ios
  61. Hacking Tools Mac
  62. Hacking Tools For Kali Linux
  63. Pentest Tools Github
  64. Pentest Box Tools Download
  65. Tools Used For Hacking
  66. Pentest Tools
  67. Hacker Tools List
  68. Hack Tools 2019
  69. Hacker Tools Mac
  70. Pentest Automation Tools
  71. Hack Rom Tools
  72. Best Hacking Tools 2020
  73. Hack Tools For Pc
  74. Hacker Tools Linux
  75. Pentest Tools Android
  76. Hack Tool Apk
  77. Hacking Tools Github
  78. Pentest Tools Nmap
  79. Pentest Tools Online
  80. What Are Hacking Tools
  81. Pentest Tools Port Scanner
  82. Nsa Hack Tools
  83. Pentest Tools Subdomain
  84. Wifi Hacker Tools For Windows
  85. Pentest Automation Tools
  86. Physical Pentest Tools
  87. Hacking Tools Windows 10
  88. Hacker Tools Apk
  89. Hacker Tools Apk Download
  90. Hacker Tools Free
  91. Nsa Hack Tools Download
  92. Hack Tools Github
  93. Pentest Tools Apk
  94. Install Pentest Tools Ubuntu
  95. Hacking Tools Name
  96. Hack Tools Pc
  97. Pentest Tools Website
  98. How To Hack
  99. Pentest Tools For Windows
  100. Ethical Hacker Tools
  101. What Is Hacking Tools
  102. Hacking Tools Free Download
  103. Pentest Tools Github
  104. Black Hat Hacker Tools
  105. Hack And Tools
  106. Hack Tools Pc
  107. Kik Hack Tools
  108. Hacker Tools For Ios
  109. Nsa Hacker Tools
  110. Pentest Tools Github
  111. What Are Hacking Tools
  112. Hack Tool Apk
  113. Hacker Security Tools
  114. Pentest Tools For Mac
  115. World No 1 Hacker Software
  116. Hacking Tools For Pc
  117. Top Pentest Tools
  118. Hacking Tools Pc
  119. Hacker Tools For Windows
  120. Hackers Toolbox
  121. Nsa Hack Tools Download
  122. Android Hack Tools Github
  123. Hacker Tool Kit
  124. Hacker Tools For Mac
  125. Hacking Tools
  126. Hacking Tools For Beginners
  127. Hack Tools For Ubuntu
  128. Pentest Tools For Windows
  129. Tools Used For Hacking
  130. Hack Tools
Posted by at

No comments:

Post a Comment

Subscribe to: Post Comments (Atom)