Friday, June 2, 2023

Exploiting Golang Unsafe Pointers


There are situations when c interacts with golang for example in a library, and its possible to exploit a golang function writing raw memory using an unsafe.Pointer() parameter.

When golang receive a null terminated string on a *C.Char parameter, can be converted to golang s tring with  s2 := C.GoString(s1) we can do string operations with s2 safelly if the null byte is there.

When golang receives a pointer to a buffer on an unsafe.Pointer() and the length of the buffer on a C.int, if the length is not cheated can be converted to a []byte safelly with b := C.GoBytes(buf,sz)

Buuut what happens if golang receives a pointer to a buffer on an unsafe.Pointer() and is an OUT variable? the golang routine has to write on this pointer unsafelly for example we can create a golangs memcpy in the following way:



We convert to uintptr for indexing the pointer and then convert again to pointer casted to a byte pointer dereferenced and every byte is writed in this way.

If b is controlled, the memory can be written and the return pointer of main.main or whatever function can be modified.

https://play.golang.org/p/HppcVpLfuMf


The return addres can be pinpointed, for example 0x41 buffer 0x42 address:



We can reproduce it simulating the buffer from golang in this way:


we can dump the address of a function and redirect the execution to it:


https://play.golang.org/p/7htJHJp8gUJ

In this way it's possible to build a rop chain using golang runtime to unprotect a shellcode.

More articles
  1. Black Hat Hacker Tools
  2. Hack Tools For Games
  3. Computer Hacker
  4. Pentest Tools Tcp Port Scanner
  5. Hack Rom Tools
  6. Bluetooth Hacking Tools Kali
  7. Pentest Tools Nmap
  8. Hacking Tools For Mac
  9. Hack Website Online Tool
  10. Hacking Tools Mac
  11. Hack Tool Apk No Root
  12. Hacker Tools 2020
  13. Hacker Tools Windows
  14. Hacker Security Tools
  15. Hacker Tools Windows
  16. Hack Tool Apk
  17. Hacker Techniques Tools And Incident Handling
  18. Hack Tools For Mac
  19. Pentest Tools For Mac
  20. Hacker Tools Github
  21. Hacking Tools
  22. Pentest Tools Review
  23. Hacker Tools Apk Download
  24. Best Pentesting Tools 2018
  25. Hacking Tools For Games
  26. Hacker Tools Free
  27. Pentest Tools Subdomain
  28. Tools Used For Hacking
  29. Tools For Hacker
  30. Pentest Tools Online
  31. New Hacker Tools
  32. Hacking Tools Usb
  33. Pentest Reporting Tools
  34. Hack Tools For Games
  35. Hack And Tools
  36. Hack Tools Github
  37. Easy Hack Tools
  38. Pentest Tools Port Scanner
  39. Hacking Apps
  40. Top Pentest Tools
  41. Hacker Tools Free Download
  42. Pentest Tools Linux
  43. Hack Tools For Pc
  44. Hak5 Tools
  45. Hack Tool Apk
  46. Hacker Tools Online
  47. Tools For Hacker
  48. Hacking Tools Windows 10
  49. Hacker Search Tools
  50. Pentest Tools Apk
  51. How To Make Hacking Tools
  52. Hacker Tools 2020
  53. Pentest Tools Review
  54. Hack Tools Github
  55. Hack Tools For Windows
  56. Hacker Tools For Pc
  57. Github Hacking Tools
  58. Pentest Tools
  59. Nsa Hack Tools Download
  60. Termux Hacking Tools 2019
  61. Wifi Hacker Tools For Windows
  62. Pentest Tools
  63. Underground Hacker Sites
  64. Hacker Tools Software
  65. Pentest Tools Nmap
  66. Pentest Tools For Windows
  67. Pentest Tools Website
  68. Hacker Tools Online
  69. Hacker Tools List
  70. Android Hack Tools Github
  71. Hacker Security Tools
  72. Hacker Search Tools
  73. Hack Tools For Mac
  74. Hacking Tools Software
  75. Hacking Tools
  76. Hack Tools For Windows
  77. Hacks And Tools
  78. Hacker Hardware Tools
  79. Pentest Tools For Android
  80. Hacking Tools For Games
  81. How To Hack
  82. Hack And Tools
  83. Pentest Tools
  84. Easy Hack Tools
  85. Hack Tools For Pc
  86. Hacking App
  87. Pentest Tools Port Scanner
  88. Hack Tools Online
  89. Pentest Tools Website Vulnerability
  90. Hack Tools Download
  91. Hacking Tools For Beginners
  92. Hacker Tools For Pc
  93. Hacking Tools For Kali Linux
  94. Nsa Hack Tools Download
  95. Hacker Tool Kit
  96. Kik Hack Tools
  97. Hacking Tools Github
  98. Hack Tools Pc
  99. Pentest Tools Subdomain
  100. Pentest Tools Port Scanner
  101. Hack Tools Pc
  102. Hackrf Tools
  103. Hacker Tools Free
  104. Hack Tools Pc
  105. Hacker Tools 2020
  106. Hacker Tools Linux
  107. Hacking Tools For Mac
  108. Pentest Tools Windows
  109. Hacking Tools Download
  110. Wifi Hacker Tools For Windows
  111. Hack Rom Tools
  112. Black Hat Hacker Tools
  113. Hacker Search Tools
  114. Pentest Tools Apk
  115. Hacking Tools Windows
  116. Hacker Tools Free
  117. Tools 4 Hack
  118. Hacker Tools Free
  119. Nsa Hack Tools
  120. Pentest Tools Windows
  121. Hacking Tools For Windows
Posted by at

No comments:

Post a Comment

Subscribe to: Post Comments (Atom)