martes, 23 de enero de 2024

Exploiting Golang Unsafe Pointers


There are situations when c interacts with golang for example in a library, and its possible to exploit a golang function writing raw memory using an unsafe.Pointer() parameter.

When golang receive a null terminated string on a *C.Char parameter, can be converted to golang s tring with  s2 := C.GoString(s1) we can do string operations with s2 safelly if the null byte is there.

When golang receives a pointer to a buffer on an unsafe.Pointer() and the length of the buffer on a C.int, if the length is not cheated can be converted to a []byte safelly with b := C.GoBytes(buf,sz)

Buuut what happens if golang receives a pointer to a buffer on an unsafe.Pointer() and is an OUT variable? the golang routine has to write on this pointer unsafelly for example we can create a golangs memcpy in the following way:



We convert to uintptr for indexing the pointer and then convert again to pointer casted to a byte pointer dereferenced and every byte is writed in this way.

If b is controlled, the memory can be written and the return pointer of main.main or whatever function can be modified.

https://play.golang.org/p/HppcVpLfuMf


The return addres can be pinpointed, for example 0x41 buffer 0x42 address:



We can reproduce it simulating the buffer from golang in this way:


we can dump the address of a function and redirect the execution to it:


https://play.golang.org/p/7htJHJp8gUJ

In this way it's possible to build a rop chain using golang runtime to unprotect a shellcode.

Related word


  1. Bluetooth Hacking Tools Kali
  2. Pentest Tools Windows
  3. Hack App
  4. Hacking Tools For Windows 7
  5. Pentest Tools Nmap
  6. New Hacker Tools
  7. New Hack Tools
  8. Hack Tools 2019
  9. Hacker Tools Online
  10. Hacking Tools
  11. Hacking Tools
  12. Pentest Tools Windows
  13. Hacker Search Tools
  14. Hack Tools Pc
  15. Hacker Tools For Pc
  16. Hack Tools Github
  17. Pentest Tools Open Source
  18. Hack Tools For Games
  19. Hacker Tools Apk
  20. Pentest Tools Framework
  21. Hack Tool Apk No Root
  22. Hacker Tools Windows
  23. Hacker Tools Hardware
  24. Hack Rom Tools
  25. Hacker Tools Linux
  26. Hackers Toolbox
  27. Pentest Tools Linux
  28. Pentest Box Tools Download
  29. Beginner Hacker Tools
  30. Hack App
  31. Hacker Tools Software
  32. Hacking Tools Hardware
  33. Hacking Tools And Software
  34. Hacking Tools 2019
  35. Hacking Tools 2020
  36. Hacker Tools Free
  37. World No 1 Hacker Software
  38. World No 1 Hacker Software
  39. Pentest Automation Tools
  40. Hacker Security Tools
  41. Pentest Tools Website Vulnerability
  42. Free Pentest Tools For Windows
  43. Hacker Tools 2019
  44. Hacker Tools Free
  45. Hacking Tools Software
  46. Pentest Tools Online
  47. Pentest Recon Tools
  48. Hacker Security Tools
  49. Hackers Toolbox
  50. Wifi Hacker Tools For Windows
  51. Hacking App
  52. Nsa Hack Tools
  53. Install Pentest Tools Ubuntu
  54. Termux Hacking Tools 2019
  55. Pentest Automation Tools
  56. Hacker Search Tools
  57. Easy Hack Tools
  58. Hacking Tools Windows 10
  59. Pentest Tools Apk
  60. Pentest Tools Apk
  61. Pentest Tools List
  62. Hack Tools For Pc
  63. Blackhat Hacker Tools
  64. Pentest Tools Linux
  65. Blackhat Hacker Tools
  66. Best Hacking Tools 2020
  67. Underground Hacker Sites
  68. Pentest Tools For Ubuntu
  69. Hacker Techniques Tools And Incident Handling
  70. Hack Tool Apk No Root
  71. Hacking Tools
  72. Easy Hack Tools
  73. Pentest Tools Framework
  74. How To Hack
  75. Pentest Tools Open Source
  76. Termux Hacking Tools 2019
  77. Pentest Tools Alternative
  78. Hack Tools Online
  79. Hacking Tools Usb
  80. Pentest Tools Android
  81. Github Hacking Tools
  82. Pentest Tools Url Fuzzer
  83. Hacker Tools
  84. How To Hack
  85. Hack Tools For Pc
  86. Hack Tools Pc
  87. Pentest Tools Apk
  88. Hacker Tools Github
  89. Hacking Tools 2020
  90. Hacking Tools Usb
  91. Hacking Tools Free Download
  92. Pentest Tools For Android
  93. Pentest Tools Url Fuzzer
  94. Hacking Tools For Mac
  95. Pentest Tools For Android
  96. Hacking Tools Pc
  97. Underground Hacker Sites
  98. Hacking App
  99. Hacking Tools And Software
  100. Hack Rom Tools
  101. Easy Hack Tools
  102. Pentest Tools Tcp Port Scanner
  103. Physical Pentest Tools
  104. Pentest Tools Kali Linux
  105. Hacker Search Tools
  106. Game Hacking
  107. Pentest Tools Github
  108. Hacking Tools For Mac
  109. Hacking Tools Mac
  110. Hacking Tools Usb
  111. Hacking Tools For Windows 7
  112. New Hacker Tools
  113. Hack Apps
  114. Pentest Tools Website Vulnerability
  115. Hacking Tools
  116. Blackhat Hacker Tools
  117. Hacking Tools Online
  118. Hacking Tools For Mac
  119. Pentest Tools Bluekeep

No hay comentarios:

Publicar un comentario

Suscribirse a: Enviar comentarios (Atom)