Exploiting Golang Unsafe Pointers

There are situations when c interacts with golang for example in a library, and its possible to exploit a golang function writing raw memory using an unsafe.Pointer() parameter.

When golang receive a null terminated string on a *C.Char parameter, can be converted to golang s tring with  s2 := C.GoString(s1) we can do string operations with s2 safelly if the null byte is there.

When golang receives a pointer to a buffer on an unsafe.Pointer() and the length of the buffer on a C.int, if the length is not cheated can be converted to a []byte safelly with b := C.GoBytes(buf,sz)

Buuut what happens if golang receives a pointer to a buffer on an unsafe.Pointer() and is an OUT variable? the golang routine has to write on this pointer unsafelly for example we can create a golangs memcpy in the following way:

We convert to uintptr for indexing the pointer and then convert again to pointer casted to a byte pointer dereferenced and every byte is writed in this way.

If b is controlled, the memory can be written and the return pointer of main.main or whatever function can be modified.

https://play.golang.org/p/HppcVpLfuMf

The return addres can be pinpointed, for example 0x41 buffer 0x42 address:

We can reproduce it simulating the buffer from golang in this way:

we can dump the address of a function and redirect the execution to it:

https://play.golang.org/p/7htJHJp8gUJ

In this way it's possible to build a rop chain using golang runtime to unprotect a shellcode.

Continue reading

1. Pentest Tools Github
2. Top Pentest Tools
3. Computer Hacker
4. Hack And Tools
5. Hacker Tools Apk
6. Pentest Tools Github
7. Best Hacking Tools 2019
8. Tools 4 Hack
9. Tools 4 Hack
10. Tools 4 Hack
11. Pentest Tools
12. Hack Tool Apk No Root
13. Hack Tools For Ubuntu
14. Tools For Hacker
15. Install Pentest Tools Ubuntu
16. Hack Rom Tools
17. Hack Tools Pc
18. Pentest Tools Website
19. Pentest Tools Website
20. Pentest Tools List
21. How To Install Pentest Tools In Ubuntu
22. Install Pentest Tools Ubuntu
23. Hacking Tools 2020
24. Github Hacking Tools
25. Hack Tool Apk No Root
26. Hacker Tools For Windows
27. Hacking Tools Free Download
28. Hacker Tools Free
29. Pentest Tools Linux
30. Easy Hack Tools
31. Pentest Tools Free
32. Hacker Tools Hardware
33. Wifi Hacker Tools For Windows
34. World No 1 Hacker Software
35. Best Hacking Tools 2019
36. Pentest Tools Download
37. Hacking Tools For Pc
38. Hack Tools Github
39. Hack Tools Download
40. World No 1 Hacker Software
41. Easy Hack Tools
42. New Hack Tools
43. Hacker Tools Windows
44. Pentest Tools For Windows
45. Pentest Tools Windows
46. Hacking Tools Usb
47. Pentest Tools Review
48. Hack And Tools
49. Usb Pentest Tools
50. World No 1 Hacker Software
51. Underground Hacker Sites
52. Pentest Tools Website
53. Pentest Tools Download
54. Hacking Tools Hardware
55. How To Install Pentest Tools In Ubuntu
56. Hacking Tools Usb
57. Hack Tool Apk
58. Tools For Hacker
59. Hack Tool Apk
60. Hacker Tools Hardware
61. Hack Tools For Mac
62. Hack Tools Online
63. Hacking Tools For Games
64. Pentest Tools Github
65. Pentest Tools
66. Hacking Tools For Games
67. Hacker Tools Software
68. Hacks And Tools
69. Pentest Automation Tools
70. Hacking Tools Software
71. Hacking Tools And Software
72. Pentest Tools Find Subdomains
73. Hacker Tools Linux
74. Top Pentest Tools
75. World No 1 Hacker Software
76. Pentest Tools Free
77. Hacker Tools Github
78. Computer Hacker
79. How To Install Pentest Tools In Ubuntu
80. Hacking Tools Pc
81. Hackers Toolbox
82. Easy Hack Tools
83. Hack Tools For Games
84. Pentest Tools Url Fuzzer
85. Hacking Tools For Windows Free Download
86. Hacker Tools 2019
87. Pentest Tools Kali Linux
88. Top Pentest Tools
89. Black Hat Hacker Tools
90. Hack Tools Pc
91. Pentest Recon Tools
92. Hacker Tools 2020
93. Hacking Tools For Pc
94. Game Hacking
95. Nsa Hack Tools
96. Underground Hacker Sites
97. Hacker Tools Apk
98. Pentest Tools Online
99. World No 1 Hacker Software
100. Hacking Tools Software
101. Hacking Tools Free Download
102. Hacker Tools Github
103. Pentest Tools Android
104. Hack Tools Download
105. Hacker Tools Free
106. Hack Tools Pc
107. Pentest Tools Bluekeep
108. Physical Pentest Tools
109. Hacker Tools Free Download
110. Pentest Tools Download
111. Hacker Tools Software
112. Growth Hacker Tools
113. Pentest Reporting Tools
114. Hacker Tools Mac
115. Hack Tools Download
116. Kik Hack Tools
117. Hack Tools For Games
118. Usb Pentest Tools
119. Hack Tools For Windows
120. Growth Hacker Tools
121. Hacking Tools For Beginners
122. Hacking Tools Software
123. Hacking Tools Mac
124. Hacker Techniques Tools And Incident Handling
125. How To Install Pentest Tools In Ubuntu
126. Hacker Techniques Tools And Incident Handling
127. Best Hacking Tools 2019
128. Hack And Tools
129. Pentest Tools Review
130. Free Pentest Tools For Windows
131. Hacking Tools Hardware
132. Hacker Tools 2020
133. Pentest Tools For Windows
134. Hack And Tools
135. Hacker Tools 2019
136. Hack And Tools
137. Hack Tools Online
138. Hacker Tools 2020
139. Hacking Tools Mac
140. Hacking Apps
141. Android Hack Tools Github
142. Pentest Recon Tools
143. Pentest Tools Website
144. Hacker Tools For Mac
145. Hacking Tools 2020