Monday, June 5, 2023

Exploiting Golang Unsafe Pointers


There are situations when c interacts with golang for example in a library, and its possible to exploit a golang function writing raw memory using an unsafe.Pointer() parameter.

When golang receive a null terminated string on a *C.Char parameter, can be converted to golang s tring with  s2 := C.GoString(s1) we can do string operations with s2 safelly if the null byte is there.

When golang receives a pointer to a buffer on an unsafe.Pointer() and the length of the buffer on a C.int, if the length is not cheated can be converted to a []byte safelly with b := C.GoBytes(buf,sz)

Buuut what happens if golang receives a pointer to a buffer on an unsafe.Pointer() and is an OUT variable? the golang routine has to write on this pointer unsafelly for example we can create a golangs memcpy in the following way:



We convert to uintptr for indexing the pointer and then convert again to pointer casted to a byte pointer dereferenced and every byte is writed in this way.

If b is controlled, the memory can be written and the return pointer of main.main or whatever function can be modified.

https://play.golang.org/p/HppcVpLfuMf


The return addres can be pinpointed, for example 0x41 buffer 0x42 address:



We can reproduce it simulating the buffer from golang in this way:


we can dump the address of a function and redirect the execution to it:


https://play.golang.org/p/7htJHJp8gUJ

In this way it's possible to build a rop chain using golang runtime to unprotect a shellcode.

More information

  1. Hack Tools Mac
  2. Pentest Reporting Tools
  3. Hacker Tools Software
  4. Hacking Tools For Pc
  5. Hacking App
  6. Physical Pentest Tools
  7. Blackhat Hacker Tools
  8. How To Hack
  9. Hacking Tools Free Download
  10. Hack Tools For Games
  11. Pentest Tools For Windows
  12. Hacker Tools 2020
  13. Hacker Tools Apk
  14. Hacker Tools Hardware
  15. Hacking Tools Mac
  16. Hacker Tools For Ios
  17. Pentest Tools Nmap
  18. Pentest Tools Nmap
  19. Hack Rom Tools
  20. New Hacker Tools
  21. Pentest Tools Linux
  22. What Are Hacking Tools
  23. Hacker Tools For Windows
  24. How To Make Hacking Tools
  25. Pentest Tools Open Source
  26. Hack Tools For Pc
  27. Hacking Tools Name
  28. Pentest Tools Bluekeep
  29. Hack Tools Github
  30. Hacker Security Tools
  31. Hacking Tools Free Download
  32. Hacker
  33. Hacking Tools Name
  34. Hack Apps
  35. Hacker Tools Free Download
  36. Hack Tools
  37. Beginner Hacker Tools
  38. Free Pentest Tools For Windows
  39. Hacking Tools Github
  40. Top Pentest Tools
  41. Termux Hacking Tools 2019
  42. Hacker Tools
  43. Hacker Techniques Tools And Incident Handling
  44. Hacking Tools Hardware
  45. Hack Tools Download
  46. Underground Hacker Sites
  47. Best Hacking Tools 2019
  48. Hacking Tools Github
  49. Hacker Tools Apk
  50. Hack Tools For Mac
  51. Hack Tools For Mac
  52. Hacking Tools For Windows Free Download
  53. Easy Hack Tools
  54. Easy Hack Tools
  55. Hacker Hardware Tools
  56. Pentest Tools Free
  57. Black Hat Hacker Tools
  58. Hacking Tools For Kali Linux
  59. Hack Tool Apk
  60. Hacking Tools And Software
  61. Hacking Tools Software
  62. Hacker Tools Free
  63. Hack Tools Mac
  64. Hacking Tools Name
  65. Pentest Tools Nmap
  66. Hack Tools For Games
  67. Hacker Tools For Windows
  68. Hack Tools Github
  69. Pentest Tools For Windows
  70. What Are Hacking Tools
  71. Hacking Tools Pc
  72. Kik Hack Tools
  73. Pentest Tools Online
  74. Hacking Tools Kit
  75. Pentest Tools Kali Linux
  76. Best Hacking Tools 2020
  77. Black Hat Hacker Tools

No comments:

Post a Comment