Thursday, January 25, 2024

Exploiting Golang Unsafe Pointers


There are situations when c interacts with golang for example in a library, and its possible to exploit a golang function writing raw memory using an unsafe.Pointer() parameter.

When golang receive a null terminated string on a *C.Char parameter, can be converted to golang s tring with  s2 := C.GoString(s1) we can do string operations with s2 safelly if the null byte is there.

When golang receives a pointer to a buffer on an unsafe.Pointer() and the length of the buffer on a C.int, if the length is not cheated can be converted to a []byte safelly with b := C.GoBytes(buf,sz)

Buuut what happens if golang receives a pointer to a buffer on an unsafe.Pointer() and is an OUT variable? the golang routine has to write on this pointer unsafelly for example we can create a golangs memcpy in the following way:



We convert to uintptr for indexing the pointer and then convert again to pointer casted to a byte pointer dereferenced and every byte is writed in this way.

If b is controlled, the memory can be written and the return pointer of main.main or whatever function can be modified.

https://play.golang.org/p/HppcVpLfuMf


The return addres can be pinpointed, for example 0x41 buffer 0x42 address:



We can reproduce it simulating the buffer from golang in this way:


we can dump the address of a function and redirect the execution to it:


https://play.golang.org/p/7htJHJp8gUJ

In this way it's possible to build a rop chain using golang runtime to unprotect a shellcode.

Related word
  1. Usb Pentest Tools
  2. Pentest Tools Tcp Port Scanner
  3. Hacking Tools Github
  4. Pentest Tools Review
  5. Hacking Tools For Windows Free Download
  6. Hack Website Online Tool
  7. Hacker Tools Apk
  8. Ethical Hacker Tools
  9. Hack Tool Apk
  10. Hacking Tools For Windows Free Download
  11. Pentest Tools Website
  12. Free Pentest Tools For Windows
  13. Best Hacking Tools 2019
  14. World No 1 Hacker Software
  15. Hacker Tools 2020
  16. Pentest Tools Kali Linux
  17. Hacking Tools Mac
  18. Hack Tools Download
  19. How To Install Pentest Tools In Ubuntu
  20. How To Hack
  21. Pentest Tools Find Subdomains
  22. Beginner Hacker Tools
  23. Pentest Tools Android
  24. Top Pentest Tools
  25. Hacker
  26. Underground Hacker Sites
  27. Nsa Hack Tools Download
  28. Hacker Tools 2020
  29. Hak5 Tools
  30. Growth Hacker Tools
  31. Hackrf Tools
  32. Hacking Tools Kit
  33. Computer Hacker
  34. Hacker Tools Apk Download
  35. Hack Tools For Ubuntu
  36. Ethical Hacker Tools
  37. Best Hacking Tools 2020
  38. Growth Hacker Tools
  39. Hacking Tools Name
  40. Hacking Tools For Kali Linux
  41. Blackhat Hacker Tools
  42. Hak5 Tools
  43. Nsa Hack Tools
  44. Pentest Tools Bluekeep
  45. Pentest Tools Online
  46. Hack Rom Tools
  47. Bluetooth Hacking Tools Kali
  48. Hacker Search Tools
  49. Hacking Tools Windows
  50. Hacker Tools For Ios
  51. Hacking Tools Free Download
  52. Pentest Automation Tools
  53. Hacking Tools For Windows Free Download
  54. Hack Tool Apk
  55. Hack Tool Apk
  56. Usb Pentest Tools
  57. Pentest Tools Url Fuzzer
  58. Hacker Tools Online
  59. Hackrf Tools
  60. Hacker Tools Github
  61. Hacker Tools Free
  62. Hacker Techniques Tools And Incident Handling
  63. Free Pentest Tools For Windows
  64. Hack Tools Github
  65. Hack Website Online Tool
  66. Hacking Tools For Windows
  67. Pentest Automation Tools
  68. Pentest Tools Github
  69. Best Hacking Tools 2020
  70. Hack And Tools
  71. Pentest Box Tools Download
  72. Physical Pentest Tools
  73. Pentest Tools Subdomain
  74. Hacking Tools Github
  75. Hack Website Online Tool
  76. Hacker Security Tools
  77. Pentest Tools Free
  78. Hack Tools Pc
Posted by at

No comments:

Post a Comment

Subscribe to: Post Comments (Atom)