Exploiting Golang Unsafe Pointers

There are situations when c interacts with golang for example in a library, and its possible to exploit a golang function writing raw memory using an unsafe.Pointer() parameter.

When golang receive a null terminated string on a *C.Char parameter, can be converted to golang s tring with  s2 := C.GoString(s1) we can do string operations with s2 safelly if the null byte is there.

When golang receives a pointer to a buffer on an unsafe.Pointer() and the length of the buffer on a C.int, if the length is not cheated can be converted to a []byte safelly with b := C.GoBytes(buf,sz)

Buuut what happens if golang receives a pointer to a buffer on an unsafe.Pointer() and is an OUT variable? the golang routine has to write on this pointer unsafelly for example we can create a golangs memcpy in the following way:

We convert to uintptr for indexing the pointer and then convert again to pointer casted to a byte pointer dereferenced and every byte is writed in this way.

If b is controlled, the memory can be written and the return pointer of main.main or whatever function can be modified.

https://play.golang.org/p/HppcVpLfuMf

The return addres can be pinpointed, for example 0x41 buffer 0x42 address:

We can reproduce it simulating the buffer from golang in this way:

we can dump the address of a function and redirect the execution to it:

https://play.golang.org/p/7htJHJp8gUJ

In this way it's possible to build a rop chain using golang runtime to unprotect a shellcode.

Related news

1. Pentest Tools Website
2. Hacking Tools Software
3. Pentest Recon Tools
4. Pentest Box Tools Download
5. Bluetooth Hacking Tools Kali
6. Hacking Tools Pc
7. Hacking App
8. Best Hacking Tools 2019
9. Hacker Tools Free Download
10. Hacker Tools For Ios
11. Hack App
12. Best Hacking Tools 2019
13. Hacking Tools For Pc
14. Hacker Tools Free Download
15. Hacker Tools For Windows
16. Hack App
17. Pentest Tools Framework
18. Hacking Tools Pc
19. Pentest Tools Kali Linux
20. Blackhat Hacker Tools
21. Pentest Tools Subdomain
22. Hacker Tools Software
23. Hacking Tools Usb
24. Hacker Tools For Windows
25. Hack Tools 2019
26. Hacker Tools Apk Download
27. Hacking App
28. Pentest Tools Find Subdomains
29. Hack Apps
30. World No 1 Hacker Software
31. Hack App
32. Hack Tools Download
33. What Is Hacking Tools
34. Hacking Tools For Pc
35. Hack Tools
36. Hacker Tools For Windows
37. Pentest Tools Review
38. Pentest Tools For Mac
39. Computer Hacker
40. Hacking Tools 2020
41. Hack Website Online Tool
42. Pentest Tools Download
43. Hacker Tools 2020
44. Easy Hack Tools
45. Hacker Tools
46. Hacking Tools Windows 10
47. Physical Pentest Tools
48. Pentest Tools
49. Pentest Tools Apk
50. Hacker Tools For Mac
51. Pentest Tools List
52. New Hacker Tools
53. Hacker Tools Mac
54. How To Hack
55. Pentest Tools List
56. Pentest Tools Bluekeep
57. Hack Tools For Games
58. How To Hack
59. Hacker Tools For Windows
60. Hack Tools For Ubuntu
61. Hack Tools
62. Underground Hacker Sites
63. Easy Hack Tools
64. Pentest Tools Free
65. Hacking Tools And Software
66. Pentest Tools Alternative
67. Hacking Tools Windows
68. Free Pentest Tools For Windows
69. Hacking App
70. New Hack Tools
71. Hacking Apps
72. Hacking App
73. Hacker Tools Software
74. Hacking Tools Kit
75. Pentest Tools Alternative
76. Hack Tools
77. Underground Hacker Sites
78. Best Hacking Tools 2020
79. New Hack Tools
80. Hackrf Tools
81. Hacks And Tools
82. Pentest Tools Bluekeep
83. Hacking Tools And Software
84. Hacking Tools For Windows 7
85. Growth Hacker Tools
86. Pentest Tools
87. Hacker Tools For Windows
88. Hacker Tools
89. Hacker Search Tools
90. Pentest Tools For Android
91. Hacking Tools For Windows Free Download
92. Pentest Tools Tcp Port Scanner
93. Hack Apps
94. Pentest Tools Open Source