Total Pageviews

Thursday, 25 January 2024

Exploiting Golang Unsafe Pointers


There are situations when c interacts with golang for example in a library, and its possible to exploit a golang function writing raw memory using an unsafe.Pointer() parameter.

When golang receive a null terminated string on a *C.Char parameter, can be converted to golang s tring with  s2 := C.GoString(s1) we can do string operations with s2 safelly if the null byte is there.

When golang receives a pointer to a buffer on an unsafe.Pointer() and the length of the buffer on a C.int, if the length is not cheated can be converted to a []byte safelly with b := C.GoBytes(buf,sz)

Buuut what happens if golang receives a pointer to a buffer on an unsafe.Pointer() and is an OUT variable? the golang routine has to write on this pointer unsafelly for example we can create a golangs memcpy in the following way:



We convert to uintptr for indexing the pointer and then convert again to pointer casted to a byte pointer dereferenced and every byte is writed in this way.

If b is controlled, the memory can be written and the return pointer of main.main or whatever function can be modified.

https://play.golang.org/p/HppcVpLfuMf


The return addres can be pinpointed, for example 0x41 buffer 0x42 address:



We can reproduce it simulating the buffer from golang in this way:


we can dump the address of a function and redirect the execution to it:


https://play.golang.org/p/7htJHJp8gUJ

In this way it's possible to build a rop chain using golang runtime to unprotect a shellcode.

More information

  1. Pentest Tools
  2. Hacking Tools Free Download
  3. Hack Tool Apk No Root
  4. Pentest Tools Download
  5. Nsa Hacker Tools
  6. Hacking Tools Online
  7. Hacker Tools Free Download
  8. Nsa Hacker Tools
  9. Hacker Hardware Tools
  10. Hack Tools Pc
  11. What Are Hacking Tools
  12. Hacking Tools
  13. Pentest Tools Alternative
  14. Growth Hacker Tools
  15. Nsa Hack Tools Download
  16. Hacking Tools For Windows 7
  17. Hacker Techniques Tools And Incident Handling
  18. Hacking Tools Hardware
  19. Hacking Tools For Pc
  20. Hacking Tools Free Download
  21. Pentest Tools Subdomain
  22. Pentest Tools Find Subdomains
  23. Pentest Tools Tcp Port Scanner
  24. Hacker Tools For Pc
  25. Hacker Tools Linux
  26. Hack App
  27. Nsa Hack Tools Download
  28. Android Hack Tools Github
  29. Hackers Toolbox
  30. Hacking Tools For Windows 7
  31. Underground Hacker Sites
  32. Hack Apps
  33. Hack Tools For Mac
  34. Pentest Tools Linux
  35. Hacker Hardware Tools
  36. Hacker Hardware Tools
  37. Hacker Tools Online
  38. Hack Tools
  39. Kik Hack Tools
  40. Hacker Tools Free Download
  41. Hackrf Tools
  42. Pentest Tools Website
  43. World No 1 Hacker Software
  44. Hackrf Tools
  45. Hacker Tools 2019
  46. Hack Tools
  47. Black Hat Hacker Tools
  48. Hack Tools For Mac
  49. Hacking Tools Windows 10
  50. Hacking Tools For Mac
  51. Pentest Tools Website Vulnerability
  52. Hacker Techniques Tools And Incident Handling
  53. Hack Tools Online
  54. Hack Tools For Games
  55. Hacking Tools Name
  56. Hacker Tools Online
  57. Nsa Hacker Tools
  58. Pentest Tools For Windows
  59. Hacking Tools For Games
  60. Pentest Tools Android
  61. Pentest Tools Online
  62. Hacker Tools 2019
  63. Best Hacking Tools 2019
  64. Hacker Tools Windows
  65. Hacking Tools
  66. Pentest Tools Subdomain
  67. Pentest Reporting Tools
  68. Hack Tool Apk No Root
  69. Hacking App
  70. Pentest Tools Subdomain
  71. Pentest Tools Windows
  72. Hacking Tools Windows
  73. Hacking Tools For Pc
  74. Hacker Tools For Ios
  75. Pentest Tools Bluekeep
  76. Hack Tools Pc
  77. Pentest Tools For Ubuntu
  78. Hacker Tools
  79. Pentest Tools Apk
  80. Hacker Tools Linux
  81. Hacker Search Tools
  82. Hack Tools For Games
  83. Hacking Tools
  84. Pentest Tools Windows
  85. Pentest Tools Subdomain
  86. Pentest Tools Apk
  87. Pentest Tools Open Source
  88. Hack Tools
  89. Pentest Tools Alternative
  90. Pentest Tools List
  91. Hack Tools For Pc
  92. Hack And Tools

No comments:

Post a Comment