Exploiting Golang Unsafe Pointers


There are situations when c interacts with golang for example in a library, and its possible to exploit a golang function writing raw memory using an unsafe.Pointer() parameter.

When golang receive a null terminated string on a *C.Char parameter, can be converted to golang s tring with  s2 := C.GoString(s1) we can do string operations with s2 safelly if the null byte is there.

When golang receives a pointer to a buffer on an unsafe.Pointer() and the length of the buffer on a C.int, if the length is not cheated can be converted to a []byte safelly with b := C.GoBytes(buf,sz)

Buuut what happens if golang receives a pointer to a buffer on an unsafe.Pointer() and is an OUT variable? the golang routine has to write on this pointer unsafelly for example we can create a golangs memcpy in the following way:



We convert to uintptr for indexing the pointer and then convert again to pointer casted to a byte pointer dereferenced and every byte is writed in this way.

If b is controlled, the memory can be written and the return pointer of main.main or whatever function can be modified.

https://play.golang.org/p/HppcVpLfuMf


The return addres can be pinpointed, for example 0x41 buffer 0x42 address:



We can reproduce it simulating the buffer from golang in this way:


we can dump the address of a function and redirect the execution to it:


https://play.golang.org/p/7htJHJp8gUJ

In this way it's possible to build a rop chain using golang runtime to unprotect a shellcode.

Related word
  1. Hacking Tools Online
  2. Hack Tool Apk No Root
  3. Hacker Tools Free Download
  4. Hack Tool Apk
  5. Hack Tool Apk
  6. Underground Hacker Sites
  7. Hacker Tools For Pc
  8. Hak5 Tools
  9. Hacking Tools For Kali Linux
  10. Pentest Tools
  11. Pentest Tools Website Vulnerability
  12. Free Pentest Tools For Windows
  13. Black Hat Hacker Tools
  14. Hacking Tools Windows 10
  15. Pentest Tools Framework
  16. Hack Tools For Mac
  17. Hacking Tools Windows
  18. Hacking Tools Usb
  19. Tools Used For Hacking
  20. Pentest Tools Tcp Port Scanner
  21. Hack Apps
  22. Hack Tool Apk
  23. Pentest Box Tools Download
  24. Hacker Hardware Tools
  25. Pentest Automation Tools
  26. Hackers Toolbox
  27. Pentest Tools Port Scanner
  28. Hak5 Tools
  29. Hacker Tools Mac
  30. What Are Hacking Tools
  31. Hacking Tools Hardware
  32. Pentest Tools Bluekeep
  33. Hacker Tools Software
  34. Nsa Hacker Tools
  35. Free Pentest Tools For Windows
  36. Hack Tools Pc
  37. Hacker Techniques Tools And Incident Handling
  38. Github Hacking Tools
  39. Hacking Tools For Windows Free Download
  40. Hacking Tools 2020
  41. Pentest Tools Subdomain
  42. Hackrf Tools
  43. Hack Tool Apk
  44. Hack Tool Apk No Root
  45. Hacker Tools 2020
  46. Hacking Tools
  47. Hack Tools 2019
  48. Hacking Tools For Kali Linux
  49. Pentest Automation Tools
  50. Blackhat Hacker Tools
  51. Hacker Tools Windows
  52. Pentest Tools Bluekeep
  53. Hacking Tools 2019
  54. Hack Tools For Pc
  55. Pentest Tools Download
  56. Hack Tools Online
  57. Hacking App
  58. Hacking Tools Download
  59. Hack Tools Github
  60. Hack Tools 2019
  61. Hacks And Tools
  62. Hacker Tools For Pc
  63. Termux Hacking Tools 2019
  64. Hacking Tools Github
  65. Hacker Tools Free
  66. Nsa Hacker Tools
  67. Hacking Apps
  68. Hacking Tools For Windows
  69. Hack Tools For Mac
  70. Hacker Tools 2020
  71. Hacking Tools Hardware
  72. Hacking Tools Usb
  73. Hacking Tools For Windows 7
  74. Hacker Tools For Mac
  75. Pentest Tools Website Vulnerability
  76. Hack Tools Online
  77. Hacker Tools Windows
  78. Ethical Hacker Tools
  79. Nsa Hack Tools Download
  80. Pentest Tools Url Fuzzer
  81. Hack Tools
  82. Hacker Tools For Ios
  83. Pentest Tools Url Fuzzer
  84. Pentest Tools For Mac
  85. Hack Apps
  86. Hack Tools Download
  87. Hack Tools For Mac
  88. What Are Hacking Tools
  89. Pentest Tools For Mac
  90. Hacker Tools Free
  91. Pentest Tools Online
  92. Hacker Tools Hardware
  93. Hacker Tool Kit
  94. Hacker Tools Github
  95. Hacking Apps
  96. Pentest Recon Tools
  97. Pentest Tools Find Subdomains
  98. Hacking Tools Name
  99. Hack Tools Pc
  100. Hack Tools Mac
  101. Hacking Tools 2019
  102. Hacking Tools Windows
  103. Hack Tool Apk No Root
  104. Hacking Tools For Windows
  105. Hacking Tools Software
  106. Tools For Hacker
  107. Hacker Tools
  108. Hacking Tools Software
  109. Pentest Tools Download
  110. Game Hacking
  111. Hacker
  112. Hacker Techniques Tools And Incident Handling
  113. Pentest Tools Free
  114. Best Hacking Tools 2019
  115. Hacker Tools Github
  116. Pentest Tools Find Subdomains
  117. Hacking Tools And Software
  118. Hacking Tools For Pc
  119. Hack Apps
  120. Hacking Tools Mac
  121. Hack App
  122. Hacking Tools For Kali Linux
  123. Hacker Tools List
  124. Computer Hacker
  125. Best Pentesting Tools 2018
  126. Hack Tools
  127. Hack Website Online Tool
  128. Pentest Tools Open Source
  129. Hack App
  130. Pentest Tools For Mac
  131. Hack Tools 2019
  132. Hacking Tools 2019
  133. Pentest Recon Tools
  134. Hacker Security Tools
  135. Hacker Tools Online
  136. Hack App
  137. New Hack Tools
Posted by dashmo FREESTUFF at 11:48 pm  

0 comments:

Post a Comment

Request Item or Service

Subscribe to: Post Comments (Atom)
Powered by Blogger.