Exploiting Golang Unsafe Pointers

Posted in 2:44 PM

There are situations when c interacts with golang for example in a library, and its possible to exploit a golang function writing raw memory using an unsafe.Pointer() parameter.

When golang receive a null terminated string on a *C.Char parameter, can be converted to golang s tring with  s2 := C.GoString(s1) we can do string operations with s2 safelly if the null byte is there.

When golang receives a pointer to a buffer on an unsafe.Pointer() and the length of the buffer on a C.int, if the length is not cheated can be converted to a []byte safelly with b := C.GoBytes(buf,sz)

Buuut what happens if golang receives a pointer to a buffer on an unsafe.Pointer() and is an OUT variable? the golang routine has to write on this pointer unsafelly for example we can create a golangs memcpy in the following way:



We convert to uintptr for indexing the pointer and then convert again to pointer casted to a byte pointer dereferenced and every byte is writed in this way.

If b is controlled, the memory can be written and the return pointer of main.main or whatever function can be modified.

https://play.golang.org/p/HppcVpLfuMf


The return addres can be pinpointed, for example 0x41 buffer 0x42 address:



We can reproduce it simulating the buffer from golang in this way:


we can dump the address of a function and redirect the execution to it:


https://play.golang.org/p/7htJHJp8gUJ

In this way it's possible to build a rop chain using golang runtime to unprotect a shellcode.

More articles
  1. Hacker Tools 2019
  2. Pentest Tools Subdomain
  3. Pentest Tools Framework
  4. Pentest Tools Apk
  5. Hacking Tools Free Download
  6. How To Hack
  7. Hacker Security Tools
  8. Best Hacking Tools 2019
  9. Hacks And Tools
  10. Hacker
  11. Pentest Reporting Tools
  12. Termux Hacking Tools 2019
  13. Hack Tools For Pc
  14. Pentest Tools Website
  15. Hacker Tools Github
  16. Pentest Tools Alternative
  17. Hack Tools
  18. Best Pentesting Tools 2018
  19. Top Pentest Tools
  20. Hacker Tools Software
  21. Hacker Techniques Tools And Incident Handling
  22. Hacker Search Tools
  23. Hack Tools For Ubuntu
  24. Hacking Tools Windows
  25. Pentest Tools Apk
  26. Top Pentest Tools
  27. Pentest Tools Framework
  28. Hack Tool Apk
  29. Free Pentest Tools For Windows
  30. Hacker Tools
  31. How To Install Pentest Tools In Ubuntu
  32. Install Pentest Tools Ubuntu
  33. Hack Tools Online
  34. Blackhat Hacker Tools
  35. Hacker Security Tools
  36. Hacking Tools Online
  37. How To Make Hacking Tools
  38. Nsa Hack Tools Download
  39. Hack Tools For Games
  40. Best Hacking Tools 2019
  41. Pentest Tools Alternative
  42. Hack Apps
  43. Pentest Tools Online
  44. Bluetooth Hacking Tools Kali
  45. Pentest Tools
  46. Pentest Tools Nmap
  47. What Is Hacking Tools
  48. World No 1 Hacker Software
  49. Hacking Tools Hardware
  50. Hacking Tools Name
  51. Pentest Tools Download
  52. Hacking Tools For Windows 7
  53. Hacker Tools 2019
  54. Hacking Tools For Windows 7
  55. Ethical Hacker Tools
  56. Usb Pentest Tools
  57. Best Hacking Tools 2019
  58. Bluetooth Hacking Tools Kali
  59. Hacking Tools Mac
  60. Hack Tools Download
  61. Pentest Tools Website
  62. Pentest Tools Review
  63. Free Pentest Tools For Windows
  64. Hack Tools Pc
  65. Beginner Hacker Tools
  66. Pentest Tools Website
  67. How To Install Pentest Tools In Ubuntu
  68. Hacker Search Tools
  69. Hack Tools Pc
  70. Pentest Tools Android
  71. Pentest Tools Windows
  72. Free Pentest Tools For Windows
  73. Hacking Tools Online
  74. New Hack Tools
  75. Hacking Tools Hardware
  76. Usb Pentest Tools
  77. World No 1 Hacker Software
  78. Hacker Hardware Tools
  79. Hacker Search Tools
  80. Pentest Tools Find Subdomains
  81. Hacking Tools Github
  82. Hack Tools Download
  83. Hacks And Tools
  84. Hacker Search Tools
  85. Hack Tools For Pc
  86. Hak5 Tools
  87. Nsa Hack Tools Download
  88. Physical Pentest Tools
  89. Hacker Tools For Ios
  90. Best Hacking Tools 2019
  91. Pentest Tools Tcp Port Scanner
  92. How To Make Hacking Tools
  93. Hacker Hardware Tools
  94. Free Pentest Tools For Windows
  95. Pentest Box Tools Download
  96. Hacking Tools For Windows Free Download
  97. What Are Hacking Tools
  98. Hacking Tools Github
  99. Hacker Tools Free
  100. Hacking Tools Name
  101. Hack Rom Tools
  102. Hacker Tools
  103. Hacking Tools For Kali Linux
  104. How To Install Pentest Tools In Ubuntu
  105. Hack Tools 2019
  106. New Hacker Tools
  107. Hacking Tools Online
  108. Pentest Tools
  109. Hacker Tools Software
  110. Bluetooth Hacking Tools Kali
  111. What Is Hacking Tools
  112. Hack Website Online Tool
  113. Nsa Hack Tools
  114. Underground Hacker Sites
  115. Pentest Reporting Tools
  116. How To Hack
  117. Pentest Tools Subdomain
  118. Beginner Hacker Tools
  119. Best Pentesting Tools 2018
  120. Termux Hacking Tools 2019
  121. Pentest Tools For Ubuntu
  122. Hacking Tools Name
  123. Hacker Tools List
  124. Pentest Tools
  125. Android Hack Tools Github
  126. Hack Tools Mac
  127. Hack Tools Pc
  128. Best Hacking Tools 2020
  129. Easy Hack Tools
  130. Hacking Tools For Games
  131. Hacking Tools For Beginners
  132. Physical Pentest Tools
  133. Nsa Hack Tools Download
  134. Best Hacking Tools 2020
  135. Hack Tools Mac
  136. Hack Tools
  137. Pentest Tools Website
  138. Pentest Tools Android
  139. Hacking Tools Download
  140. Hacking Tools And Software
  141. Pentest Tools
  142. Hacking Tools Mac
  143. Hack Tools Download
  144. Best Hacking Tools 2020
  145. How To Install Pentest Tools In Ubuntu
  146. Hack Tools Download
  147. Hack Tool Apk
  148. Hacking Tools Software
  149. Hacking Tools Windows 10
  150. Pentest Tools Windows
  151. Hacker Tools Apk Download
  152. Pentest Tools For Mac
  153. Hacking Tools Windows
  154. Hacker Tools For Pc
  155. Hacking Tools For Windows Free Download
  156. Pentest Tools Subdomain
  157. Pentest Tools Website Vulnerability
  • Digg
  • Del.icio.us
  • StumbleUpon
  • Reddit
  • Twitter
  • RSS
Read Users' Comments (0)

0 Response to "Exploiting Golang Unsafe Pointers"

Post a Comment

Subscribe to: Post Comments (Atom)
Copyright 2009 http://www.letstreamyx.net