Thursday, August 20, 2020

Exploiting Golang Unsafe Pointers


There are situations when c interacts with golang for example in a library, and its possible to exploit a golang function writing raw memory using an unsafe.Pointer() parameter.

When golang receive a null terminated string on a *C.Char parameter, can be converted to golang s tring with  s2 := C.GoString(s1) we can do string operations with s2 safelly if the null byte is there.

When golang receives a pointer to a buffer on an unsafe.Pointer() and the length of the buffer on a C.int, if the length is not cheated can be converted to a []byte safelly with b := C.GoBytes(buf,sz)

Buuut what happens if golang receives a pointer to a buffer on an unsafe.Pointer() and is an OUT variable? the golang routine has to write on this pointer unsafelly for example we can create a golangs memcpy in the following way:



We convert to uintptr for indexing the pointer and then convert again to pointer casted to a byte pointer dereferenced and every byte is writed in this way.

If b is controlled, the memory can be written and the return pointer of main.main or whatever function can be modified.

https://play.golang.org/p/HppcVpLfuMf


The return addres can be pinpointed, for example 0x41 buffer 0x42 address:



We can reproduce it simulating the buffer from golang in this way:


we can dump the address of a function and redirect the execution to it:


https://play.golang.org/p/7htJHJp8gUJ

In this way it's possible to build a rop chain using golang runtime to unprotect a shellcode.

More information


  1. Hak5 Tools
  2. Hacking Tools For Windows 7
  3. Beginner Hacker Tools
  4. Pentest Tools Website Vulnerability
  5. Hacker Tools Mac
  6. Pentest Tools Open Source
  7. New Hacker Tools
  8. Hack Rom Tools
  9. Pentest Automation Tools
  10. Hacking Tools Windows
  11. Hacker Tools For Pc
  12. Pentest Tools Open Source
  13. Best Pentesting Tools 2018
  14. Easy Hack Tools
  15. Hacker Tools Online
  16. Termux Hacking Tools 2019
  17. Hacking Tools Software
  18. Hack Tools For Ubuntu
  19. Hacker Tools Software
  20. Hacking Tools For Windows 7
  21. Hacking Tools Windows
  22. Easy Hack Tools
  23. Growth Hacker Tools
  24. Top Pentest Tools
  25. Hack Apps
  26. Hack App
  27. Hack Tools Pc
  28. Hacker Tools Free
  29. Hack Tools For Games
  30. How To Install Pentest Tools In Ubuntu
  31. Pentest Tools Alternative
  32. How To Install Pentest Tools In Ubuntu
  33. Hacker Tools For Windows
  34. Pentest Tools Subdomain
  35. Hacking Apps
  36. Hacker Search Tools
  37. Underground Hacker Sites
  38. Hacker Tools Linux
  39. Hacker Tools 2020
  40. Hacking Tools 2020
  41. World No 1 Hacker Software
  42. Hacks And Tools
  43. Hacker Techniques Tools And Incident Handling
  44. Hacker Tools Hardware
  45. Nsa Hack Tools
  46. Hacking Tools And Software
  47. Hacking Tools Windows 10
  48. Hack Tools Github
  49. Hacking Tools 2019
  50. Pentest Tools For Windows
  51. Android Hack Tools Github
  52. Hacking Tools Usb
  53. Hacking Tools Kit
  54. Pentest Tools Tcp Port Scanner
  55. Pentest Tools Apk
  56. Pentest Reporting Tools
  57. Hacking Tools Kit
  58. Hacker Search Tools
  59. Hacker Techniques Tools And Incident Handling
  60. Pentest Tools Website Vulnerability
  61. Hacker Security Tools
  62. Hacker
  63. Hacker Tools
  64. Hacker Tools Software
  65. Hacking Tools Hardware
  66. Hacking Tools For Games
  67. Hacker Security Tools
  68. Pentest Tools Github
  69. Pentest Tools Review
  70. Pentest Tools For Android
  71. Wifi Hacker Tools For Windows
  72. Hackrf Tools
  73. Hacker Tool Kit
  74. Hacking Tools For Mac
  75. Hacker Tools For Pc
Posted by at

No comments:

Post a Comment

Subscribe to: Post Comments (Atom)