1/24/24

Exploiting Golang Unsafe Pointers


There are situations when c interacts with golang for example in a library, and its possible to exploit a golang function writing raw memory using an unsafe.Pointer() parameter.

When golang receive a null terminated string on a *C.Char parameter, can be converted to golang s tring with  s2 := C.GoString(s1) we can do string operations with s2 safelly if the null byte is there.

When golang receives a pointer to a buffer on an unsafe.Pointer() and the length of the buffer on a C.int, if the length is not cheated can be converted to a []byte safelly with b := C.GoBytes(buf,sz)

Buuut what happens if golang receives a pointer to a buffer on an unsafe.Pointer() and is an OUT variable? the golang routine has to write on this pointer unsafelly for example we can create a golangs memcpy in the following way:



We convert to uintptr for indexing the pointer and then convert again to pointer casted to a byte pointer dereferenced and every byte is writed in this way.

If b is controlled, the memory can be written and the return pointer of main.main or whatever function can be modified.

https://play.golang.org/p/HppcVpLfuMf


The return addres can be pinpointed, for example 0x41 buffer 0x42 address:



We can reproduce it simulating the buffer from golang in this way:


we can dump the address of a function and redirect the execution to it:


https://play.golang.org/p/7htJHJp8gUJ

In this way it's possible to build a rop chain using golang runtime to unprotect a shellcode.

More information


  1. Hacks And Tools
  2. Physical Pentest Tools
  3. Bluetooth Hacking Tools Kali
  4. Hack And Tools
  5. Hack Tools For Windows
  6. Pentest Tools Port Scanner
  7. Pentest Tools Bluekeep
  8. Free Pentest Tools For Windows
  9. Underground Hacker Sites
  10. How To Make Hacking Tools
  11. Hacking Tools For Pc
  12. Termux Hacking Tools 2019
  13. Pentest Tools Android
  14. Pentest Tools Port Scanner
  15. Pentest Tools For Ubuntu
  16. Underground Hacker Sites
  17. Pentest Tools Find Subdomains
  18. Pentest Tools Nmap
  19. Hacker Tools Mac
  20. Hack Tools For Games
  21. Pentest Tools Alternative
  22. Pentest Tools Tcp Port Scanner
  23. Termux Hacking Tools 2019
  24. Top Pentest Tools
  25. Pentest Tools
  26. Android Hack Tools Github
  27. Pentest Tools For Ubuntu
  28. Hacker Tools Mac
  29. Pentest Tools Apk
  30. Hacker Tools Online
  31. Pentest Tools Open Source
  32. Hacker Tools Software
  33. Hacking Tools For Windows
  34. Hacker Hardware Tools
  35. Hack Tools For Mac
  36. Best Pentesting Tools 2018
  37. Github Hacking Tools
  38. Pentest Automation Tools
  39. Growth Hacker Tools
  40. Pentest Tools For Windows
  41. Bluetooth Hacking Tools Kali
  42. Hacking Tools For Games
  43. Hacker Tools Apk Download
  44. Best Hacking Tools 2020
  45. Hacking Tools Windows 10
  46. Kik Hack Tools
  47. Hack App
  48. Pentest Tools Find Subdomains
  49. Hacker Tools Apk
  50. Hack Tools For Pc
  51. Hack Tools For Games
  52. Github Hacking Tools
  53. Hacker Tools Free Download
  54. Pentest Reporting Tools
  55. Termux Hacking Tools 2019
  56. Hacking Tools For Windows Free Download
  57. Android Hack Tools Github
  58. Pentest Tools
  59. Pentest Tools Apk
  60. Kik Hack Tools
  61. Best Pentesting Tools 2018
  62. Hack Tools Pc
  63. Underground Hacker Sites
  64. Pentest Tools Bluekeep
  65. Hacking Tools Free Download
  66. Hacker Tool Kit
  67. Hacking Tools Windows 10
  68. Pentest Box Tools Download
  69. Pentest Tools For Windows
  70. Hacker Tools Mac
  71. Hacker Tools Github
  72. Game Hacking
  73. How To Hack
  74. Hacker Search Tools
  75. Bluetooth Hacking Tools Kali
  76. Hacker Tools Apk Download
  77. Install Pentest Tools Ubuntu
  78. Hacking Tools
  79. Pentest Tools Free
  80. Pentest Tools
  81. Hacker Tools 2019
  82. Hack Tools Online
  83. Pentest Tools Online
  84. Pentest Tools Find Subdomains
  85. Computer Hacker
  86. Hacker Tools Hardware
  87. Hacking Tools Name
  88. Hacking Tools Usb
  89. World No 1 Hacker Software
  90. Hackers Toolbox
  91. Hack Tools Mac
  92. Pentest Tools Kali Linux
  93. Blackhat Hacker Tools
  94. How To Hack
  95. Hacker Tool Kit
  96. Black Hat Hacker Tools
  97. Hacking Tools For Beginners
  98. Hack Tools For Ubuntu
  99. Pentest Tools Bluekeep
  100. Hacker Tools Apk Download
  101. Hack Tools Github
  102. Hack Tools For Mac
  103. Hacking Tools For Mac
  104. Hack Tool Apk
  105. Hacking Tools Usb
  106. Hacker Tools For Pc
  107. Hacker Tools For Mac
  108. Pentest Tools
  109. Pentest Tools Kali Linux
  110. How To Hack
  111. Hacker Hardware Tools
  112. Ethical Hacker Tools
  113. Hacker Tools Windows
  114. Hack Tools For Games
  115. Nsa Hack Tools Download
  116. Hack Apps
  117. Hacker Tools Apk
  118. Hacker Techniques Tools And Incident Handling
  119. Pentest Tools For Android
  120. Hack Tools For Games
  121. Hack Tools For Mac
  122. Install Pentest Tools Ubuntu
Posted by

No comments:

Post a Comment

Subscribe to: Post Comments (Atom)