Tuesday, January 23, 2024

Exploiting Golang Unsafe Pointers


There are situations when c interacts with golang for example in a library, and its possible to exploit a golang function writing raw memory using an unsafe.Pointer() parameter.

When golang receive a null terminated string on a *C.Char parameter, can be converted to golang s tring with  s2 := C.GoString(s1) we can do string operations with s2 safelly if the null byte is there.

When golang receives a pointer to a buffer on an unsafe.Pointer() and the length of the buffer on a C.int, if the length is not cheated can be converted to a []byte safelly with b := C.GoBytes(buf,sz)

Buuut what happens if golang receives a pointer to a buffer on an unsafe.Pointer() and is an OUT variable? the golang routine has to write on this pointer unsafelly for example we can create a golangs memcpy in the following way:



We convert to uintptr for indexing the pointer and then convert again to pointer casted to a byte pointer dereferenced and every byte is writed in this way.

If b is controlled, the memory can be written and the return pointer of main.main or whatever function can be modified.

https://play.golang.org/p/HppcVpLfuMf


The return addres can be pinpointed, for example 0x41 buffer 0x42 address:



We can reproduce it simulating the buffer from golang in this way:


we can dump the address of a function and redirect the execution to it:


https://play.golang.org/p/7htJHJp8gUJ

In this way it's possible to build a rop chain using golang runtime to unprotect a shellcode.

More info


  1. Hacker Search Tools
  2. Hack Tools 2019
  3. How To Install Pentest Tools In Ubuntu
  4. Hacker Tools Github
  5. Hacker Tools Mac
  6. Hack Tools For Pc
  7. Hack Rom Tools
  8. Hacker Tools Software
  9. Hacker Tools Mac
  10. Pentest Reporting Tools
  11. Hacking Tools Mac
  12. Hacking Tools For Mac
  13. Pentest Tools Free
  14. Pentest Tools
  15. Hacker Tools List
  16. Pentest Tools Framework
  17. New Hack Tools
  18. Hacking Apps
  19. Computer Hacker
  20. Free Pentest Tools For Windows
  21. Bluetooth Hacking Tools Kali
  22. Hack Tools For Games
  23. Hacking Tools 2019
  24. Pentest Tools Kali Linux
  25. Hacking Tools Windows 10
  26. Pentest Tools Windows
  27. How To Make Hacking Tools
  28. Physical Pentest Tools
  29. Hack And Tools
  30. Hacker Techniques Tools And Incident Handling
  31. Computer Hacker
  32. Hacker Tools For Windows
  33. Hack Tools
  34. Pentest Tools Bluekeep
  35. Pentest Tools Linux
  36. Pentest Tools Apk
  37. Growth Hacker Tools
  38. Best Hacking Tools 2019
  39. Hack Tools Github
  40. Growth Hacker Tools
  41. Hacks And Tools
  42. Pentest Tools Online
  43. Hacking Tools For Games
  44. Hacker Tools Linux
  45. Computer Hacker
  46. Wifi Hacker Tools For Windows
  47. Hacker
  48. Hacks And Tools
  49. Pentest Tools For Android
  50. Hacker Tools List
  51. Hacker Tools
  52. Hackers Toolbox
  53. Hack Tools Online
  54. Hacker Tools Mac
  55. Hack Tools 2019
  56. Physical Pentest Tools
Posted by RBD at 4:26 PM

No comments:

Post a Comment

Subscribe to: Post Comments (Atom)