Sunday, 21 January 2024

Exploiting Golang Unsafe Pointers

Posted on 07:19 by Mordiadi


There are situations when c interacts with golang for example in a library, and its possible to exploit a golang function writing raw memory using an unsafe.Pointer() parameter.

When golang receive a null terminated string on a *C.Char parameter, can be converted to golang s tring with  s2 := C.GoString(s1) we can do string operations with s2 safelly if the null byte is there.

When golang receives a pointer to a buffer on an unsafe.Pointer() and the length of the buffer on a C.int, if the length is not cheated can be converted to a []byte safelly with b := C.GoBytes(buf,sz)

Buuut what happens if golang receives a pointer to a buffer on an unsafe.Pointer() and is an OUT variable? the golang routine has to write on this pointer unsafelly for example we can create a golangs memcpy in the following way:



We convert to uintptr for indexing the pointer and then convert again to pointer casted to a byte pointer dereferenced and every byte is writed in this way.

If b is controlled, the memory can be written and the return pointer of main.main or whatever function can be modified.

https://play.golang.org/p/HppcVpLfuMf


The return addres can be pinpointed, for example 0x41 buffer 0x42 address:



We can reproduce it simulating the buffer from golang in this way:


we can dump the address of a function and redirect the execution to it:


https://play.golang.org/p/7htJHJp8gUJ

In this way it's possible to build a rop chain using golang runtime to unprotect a shellcode.

Related links


  1. Hacker Tools
  2. Pentest Tools Open Source
  3. Pentest Tools Alternative
  4. Pentest Tools Url Fuzzer
  5. Pentest Tools For Android
  6. Hacking Tools Hardware
  7. Android Hack Tools Github
  8. Hack Tools Mac
  9. Pentest Tools Subdomain
  10. Hacking Tools Kit
  11. Hacking Tools Mac
  12. Hacking Tools
  13. Hacking Tools Online
  14. Pentest Tools Download
  15. Hacker Tools Hardware
  16. Hacking Tools Download
  17. Pentest Box Tools Download
  18. Hacker Tools Linux
  19. Usb Pentest Tools
  20. Hacker Tools Free
  21. Game Hacking
  22. Hacker Tools Software
  23. Hacking Tools Usb
  24. Pentest Tools Framework
  25. Hack Tools For Pc
  26. How To Hack
  27. Pentest Reporting Tools
  28. Hackrf Tools
  29. Hacker Tools Online
  30. Pentest Tools Review
  31. Underground Hacker Sites
  32. Tools For Hacker
  33. Hacker Tools For Windows
  34. Hacker Tools Hardware
  35. Hack Tool Apk
  36. Hacker Tools Apk
  37. Pentest Tools Nmap
  38. Hacks And Tools
  39. Hacker Security Tools
  40. Android Hack Tools Github
  41. Pentest Tools
  42. Hacking Tools Free Download
  43. Hacking Tools Free Download
  44. Computer Hacker
  45. How To Hack
  46. Pentest Tools For Ubuntu
  47. Pentest Tools Linux
  48. Hacking Tools For Pc
  49. Hack Rom Tools
  50. Blackhat Hacker Tools
  51. Computer Hacker
  52. Pentest Tools Framework
  53. Pentest Tools Url Fuzzer
  54. Hack Tools Github
  55. Hack Tools Github
  56. Hacker Tools Free Download
  57. Pentest Reporting Tools
  58. Hacker Tools Github
  59. Pentest Tools Nmap
  60. Wifi Hacker Tools For Windows
  61. Pentest Tools Nmap
  62. Hacker Tools 2020
  63. Pentest Tools Kali Linux
  64. Pentest Tools Website Vulnerability
  65. Nsa Hacker Tools
  66. What Is Hacking Tools
  67. Kik Hack Tools
  68. Hack Rom Tools
  69. Pentest Tools Website Vulnerability
  70. Hacker
  71. Hacking Tools Hardware
  72. Hacking Tools Name
  73. Hacking Tools Windows 10
  74. Pentest Tools
  75. Nsa Hacker Tools
  76. Hacking Tools Pc
  77. Hacking Tools Windows 10
  78. Pentest Tools Download
  79. Hacker Tools Mac
  80. Easy Hack Tools
  81. Hacking Tools Kit
  82. Hacker Security Tools
  83. Android Hack Tools Github
  84. Hacking Tools Software
  85. Hacker Tools For Windows
  86. Pentest Tools Bluekeep
  87. Easy Hack Tools
  88. Hack Tools
  89. Hacker Hardware Tools
  90. Pentest Tools Android
  91. Pentest Tools Url Fuzzer
  92. World No 1 Hacker Software
  93. How To Make Hacking Tools
  94. Easy Hack Tools
  95. Computer Hacker
  96. Hacking Tools For Windows
  97. Tools For Hacker
  98. Hack Tools 2019
  99. Hack Apps
  100. Hack Tools
  101. New Hack Tools
  102. Hack Tool Apk No Root
  103. Pentest Tools Windows
  104. Hacking Tools For Windows
  105. Hack Tools For Ubuntu
  106. Hack Tools
  107. Ethical Hacker Tools
  108. Pentest Tools Website Vulnerability
  109. Hackers Toolbox
  110. New Hacker Tools
  111. Hack Tools For Windows
  112. Hacking Tools For Beginners
  113. Hacking Tools For Windows 7
  114. Hacking Tools For Games
  115. Pentest Recon Tools
  116. Hack Tools For Mac
  117. Pentest Automation Tools
  118. Wifi Hacker Tools For Windows
  119. Hacker Security Tools
  120. Hack Tools Github
  121. Hacker Tools Linux
  122. Hacking Tools Free Download
  123. Hacking Tools For Kali Linux
  124. Pentest Tools Free
  125. New Hack Tools
  126. Hacking Tools Software
  127. What Is Hacking Tools
  128. Pentest Tools For Ubuntu
  129. Pentest Tools Kali Linux
  130. Hacking Tools For Windows Free Download
  131. Growth Hacker Tools
  132. Hacking Tools
  133. Hacker Hardware Tools
  134. Hacking Tools 2019
  135. Growth Hacker Tools
  136. Underground Hacker Sites
  137. Hacker Tools For Mac
  138. Pentest Tools Find Subdomains
  139. Hacker Tool Kit
  140. Hack Tools
  141. Hacker Tools Github
  142. Pentest Tools Review
  143. Hack Tools For Ubuntu
  144. Hacker Tools Free
  145. Hacker Tools List
  146. Hacker Tools Github
  147. Hacking Tools And Software
  148. Top Pentest Tools

No Response to "Exploiting Golang Unsafe Pointers"

Leave A Reply

BTC

Doge

LTC

BCH

DASH

Tokens

SAMPAI JUMPA LAGI

SEMOGA ANDA MEMPEROLEH SESUATU YANG BERGUNA