quarta-feira, 24 de janeiro de 2024

Exploiting Golang Unsafe Pointers


There are situations when c interacts with golang for example in a library, and its possible to exploit a golang function writing raw memory using an unsafe.Pointer() parameter.

When golang receive a null terminated string on a *C.Char parameter, can be converted to golang s tring with  s2 := C.GoString(s1) we can do string operations with s2 safelly if the null byte is there.

When golang receives a pointer to a buffer on an unsafe.Pointer() and the length of the buffer on a C.int, if the length is not cheated can be converted to a []byte safelly with b := C.GoBytes(buf,sz)

Buuut what happens if golang receives a pointer to a buffer on an unsafe.Pointer() and is an OUT variable? the golang routine has to write on this pointer unsafelly for example we can create a golangs memcpy in the following way:



We convert to uintptr for indexing the pointer and then convert again to pointer casted to a byte pointer dereferenced and every byte is writed in this way.

If b is controlled, the memory can be written and the return pointer of main.main or whatever function can be modified.

https://play.golang.org/p/HppcVpLfuMf


The return addres can be pinpointed, for example 0x41 buffer 0x42 address:



We can reproduce it simulating the buffer from golang in this way:


we can dump the address of a function and redirect the execution to it:


https://play.golang.org/p/7htJHJp8gUJ

In this way it's possible to build a rop chain using golang runtime to unprotect a shellcode.

Read more


  1. Hacker Tools For Pc
  2. Pentest Tools For Mac
  3. Pentest Tools Online
  4. Pentest Automation Tools
  5. Kik Hack Tools
  6. Black Hat Hacker Tools
  7. Pentest Tools Url Fuzzer
  8. Hacking Tools For Kali Linux
  9. Hacking Tools Hardware
  10. Hacker Tool Kit
  11. Pentest Recon Tools
  12. New Hack Tools
  13. Hack Apps
  14. Nsa Hack Tools
  15. Hacking Tools Download
  16. Free Pentest Tools For Windows
  17. Hacking Tools For Pc
  18. Hacking Tools Download
  19. Hacking Tools For Kali Linux
  20. Hacking App
  21. Hacking Tools For Windows 7
  22. Hacking Tools 2019
  23. Nsa Hack Tools Download
  24. Hacker Tools 2019
  25. Hacker Tools Linux
  26. Wifi Hacker Tools For Windows
  27. Pentest Tools Free
  28. Pentest Tools Find Subdomains
  29. Pentest Tools Framework
  30. Best Hacking Tools 2019
  31. Hacking Tools For Games
  32. Hacking Tools For Kali Linux
  33. Hack Tools For Pc
  34. Physical Pentest Tools
  35. Hacking Tools Download
  36. Hack And Tools
  37. Nsa Hack Tools Download
  38. Hack Rom Tools
  39. Hacker Tools Free
  40. Bluetooth Hacking Tools Kali
  41. Hacker
  42. Hacking Tools For Windows Free Download
  43. Easy Hack Tools
  44. Hacking Tools For Kali Linux
  45. Hacking Tools Pc
  46. Hacking Tools Kit
  47. Hacking Tools For Mac
  48. Pentest Tools Windows
  49. Pentest Automation Tools
  50. Hacking Tools Download
  51. Pentest Tools Kali Linux
  52. Best Pentesting Tools 2018
  53. Android Hack Tools Github
  54. Physical Pentest Tools
  55. Pentest Tools Apk
  56. Hacker Techniques Tools And Incident Handling
  57. Nsa Hack Tools Download
  58. Hacking Tools For Games
  59. Hacker Hardware Tools
Postado por às

Nenhum comentário:

Postar um comentário

Assinar: Postar comentários (Atom)