Exploiting Golang Unsafe Pointers

Posted in 10:46 PM

There are situations when c interacts with golang for example in a library, and its possible to exploit a golang function writing raw memory using an unsafe.Pointer() parameter.

When golang receive a null terminated string on a *C.Char parameter, can be converted to golang s tring with  s2 := C.GoString(s1) we can do string operations with s2 safelly if the null byte is there.

When golang receives a pointer to a buffer on an unsafe.Pointer() and the length of the buffer on a C.int, if the length is not cheated can be converted to a []byte safelly with b := C.GoBytes(buf,sz)

Buuut what happens if golang receives a pointer to a buffer on an unsafe.Pointer() and is an OUT variable? the golang routine has to write on this pointer unsafelly for example we can create a golangs memcpy in the following way:



We convert to uintptr for indexing the pointer and then convert again to pointer casted to a byte pointer dereferenced and every byte is writed in this way.

If b is controlled, the memory can be written and the return pointer of main.main or whatever function can be modified.

https://play.golang.org/p/HppcVpLfuMf


The return addres can be pinpointed, for example 0x41 buffer 0x42 address:



We can reproduce it simulating the buffer from golang in this way:


we can dump the address of a function and redirect the execution to it:


https://play.golang.org/p/7htJHJp8gUJ

In this way it's possible to build a rop chain using golang runtime to unprotect a shellcode.

Related links


  1. Hacker Tools For Mac
  2. Hacker Tools Online
  3. Best Pentesting Tools 2018
  4. Hacking Tools 2019
  5. Pentest Tools List
  6. Hacker Tools
  7. Pentest Tools Download
  8. Hacking Tools Online
  9. Pentest Tools For Windows
  10. Pentest Tools Alternative
  11. How To Hack
  12. Pentest Tools Find Subdomains
  13. Black Hat Hacker Tools
  14. Pentest Tools Kali Linux
  15. Pentest Tools
  16. Tools 4 Hack
  17. Pentest Tools Windows
  18. Pentest Tools Subdomain
  19. Pentest Tools Subdomain
  20. Pentest Tools Linux
  21. Hacking Tools Pc
  22. Hack Tools For Pc
  23. Hack Tools
  24. Nsa Hack Tools Download
  25. Hack Tools For Ubuntu
  26. Pentest Tools For Android
  27. Pentest Tools Nmap
  28. Pentest Tools Tcp Port Scanner
  29. Hak5 Tools
  30. Hacker Tools Free Download
  31. Hacker Tools Software
  32. Hack Tools Github
  33. Hacking Tools Github
  34. Hacking Tools Software
  35. Hacking Tools And Software
  36. Pentest Tools Subdomain
  37. Hacking Tools For Games
  38. Usb Pentest Tools
  39. Hacking Tools For Windows
  40. Hacking Tools Windows 10
  41. Hack Rom Tools
  42. Pentest Tools Subdomain
  43. Pentest Tools Nmap
  44. Hack Website Online Tool
  45. Pentest Tools Subdomain
  46. Hacker Tools
  47. Pentest Tools Port Scanner
  48. Hack Tools Online
  49. Pentest Tools Find Subdomains
  50. Termux Hacking Tools 2019
  51. Game Hacking
  52. Hackrf Tools
  53. Hack Tools For Ubuntu
  54. Hacker Hardware Tools
  55. Pentest Tools Linux
  56. Pentest Automation Tools
  57. Hacking App
  58. Usb Pentest Tools
  59. Hacker
  60. Pentest Tools Subdomain
  61. Hacker Tool Kit
  62. Nsa Hack Tools
  63. Termux Hacking Tools 2019
  64. Hacking Tools Download
  65. Hack App
  66. Hacker Tools Free
  67. Hacker Tools Free Download
  68. Hacker
  69. How To Hack
  70. Hacking Tools For Mac
  71. Hacking Tools Windows
  72. Hackrf Tools
  73. Hacker Tools Free
  74. Hacker Security Tools
  75. Pentest Tools Url Fuzzer
  76. Hacking Tools Usb
  77. Pentest Tools Download
  78. Hacker Tools Hardware
  79. Growth Hacker Tools
  80. Physical Pentest Tools
  81. Pentest Tools List
  82. Pentest Tools Port Scanner
  83. Hacking Tools Software
  84. Hacker Tools For Ios
  85. Tools For Hacker
  86. Hacking Tools And Software
  87. Hacker Tools Linux
  88. Hacking Tools Mac
  89. Hacker Hardware Tools
  90. Pentest Tools
  91. Tools Used For Hacking
  92. Hacker Tools 2019
  93. Hacker Tools Linux
  94. Hack Tool Apk
  95. Hack Tools Github
  96. Hacker Tools Apk
  97. Hacker Security Tools
  98. How To Make Hacking Tools
  99. Hacker
  100. Hacker Tools Hardware
  101. Hack Apps
  102. Android Hack Tools Github
  103. Usb Pentest Tools
  104. Black Hat Hacker Tools
  105. Pentest Tools Free
  106. Hack Tools For Windows
  107. Hacker Tools For Windows
  108. Hack Tools For Pc
  109. Pentest Tools Tcp Port Scanner
  110. Hacking Tools For Kali Linux
  111. Hacking Tools For Windows
  112. Pentest Tools Bluekeep
  113. Hak5 Tools
  114. Tools Used For Hacking
  115. Hacking Tools For Mac
  116. New Hacker Tools
  117. Kik Hack Tools
  118. Hacking Tools Windows
  119. Nsa Hack Tools Download
  120. Hack And Tools
  121. Hacking Tools 2020
  122. Physical Pentest Tools
  123. Hacker Tools For Mac
  124. Hacker Tools For Pc
  125. Wifi Hacker Tools For Windows
  126. Hacker Tools Online
  127. Install Pentest Tools Ubuntu
  128. Hacking Tools Github
  129. Hacker Tools
  130. Top Pentest Tools
  131. Pentest Tools Download
  132. How To Hack
  133. Hack Tools Download
  134. Hacking Tools Windows
  135. Hak5 Tools
  136. Pentest Tools Website
  137. Hacker Tools For Windows
  138. Best Hacking Tools 2020
  139. Hacking Tools For Beginners
  140. Best Pentesting Tools 2018
  141. Hacking Tools Usb
  142. Nsa Hack Tools Download
  143. Hacker Tools Mac
  144. Pentest Tools Android
  145. Hack Apps
  146. Pentest Tools Find Subdomains
  147. Best Hacking Tools 2020
  148. What Is Hacking Tools
  149. Github Hacking Tools
  150. Hacks And Tools
  151. Pentest Tools Review
  152. Hacker Techniques Tools And Incident Handling
  153. Pentest Tools Subdomain
  154. Hacker Tools Online
  • Digg
  • Del.icio.us
  • StumbleUpon
  • Reddit
  • Twitter
  • RSS
Read Users' Comments (0)

0 Response to "Exploiting Golang Unsafe Pointers"

Post a Comment

Subscribe to: Post Comments (Atom)
Copyright 2009 http://www.letstreamyx.net