GRUPO 40121

Exploiting Golang Unsafe Pointers


There are situations when c interacts with golang for example in a library, and its possible to exploit a golang function writing raw memory using an unsafe.Pointer() parameter.

When golang receive a null terminated string on a *C.Char parameter, can be converted to golang s tring with  s2 := C.GoString(s1) we can do string operations with s2 safelly if the null byte is there.

When golang receives a pointer to a buffer on an unsafe.Pointer() and the length of the buffer on a C.int, if the length is not cheated can be converted to a []byte safelly with b := C.GoBytes(buf,sz)

Buuut what happens if golang receives a pointer to a buffer on an unsafe.Pointer() and is an OUT variable? the golang routine has to write on this pointer unsafelly for example we can create a golangs memcpy in the following way:



We convert to uintptr for indexing the pointer and then convert again to pointer casted to a byte pointer dereferenced and every byte is writed in this way.

If b is controlled, the memory can be written and the return pointer of main.main or whatever function can be modified.

https://play.golang.org/p/HppcVpLfuMf


The return addres can be pinpointed, for example 0x41 buffer 0x42 address:



We can reproduce it simulating the buffer from golang in this way:


we can dump the address of a function and redirect the execution to it:


https://play.golang.org/p/7htJHJp8gUJ

In this way it's possible to build a rop chain using golang runtime to unprotect a shellcode.

More articles


  1. Hacking Tools 2020
  2. Blackhat Hacker Tools
  3. Pentest Tools Apk
  4. Hacker Tools Linux
  5. New Hacker Tools
  6. New Hack Tools
  7. New Hacker Tools
  8. Hacking Tools For Mac
  9. Hack Tools Mac
  10. Hacking Tools 2020
  11. Nsa Hack Tools Download
  12. Hacking Tools Free Download
  13. What Is Hacking Tools
  14. Hacker Tools Linux
  15. Hack Apps
  16. Usb Pentest Tools
  17. Pentest Reporting Tools
  18. What Are Hacking Tools
  19. How To Hack
  20. Free Pentest Tools For Windows
  21. Pentest Tools Subdomain
  22. Hack Tools For Pc
  23. Hacker Tools Free
  24. Pentest Tools Nmap
  25. Hacker Tools Github
  26. Hacker Tools Software
  27. Hack Tools Download
  28. Pentest Tools Framework
  29. Hacker Tools Software
  30. Install Pentest Tools Ubuntu
  31. Hacker Tools Apk Download
  32. How To Install Pentest Tools In Ubuntu
  33. Hack Tools Github
  34. Termux Hacking Tools 2019
  35. Hacker Tools Free Download
  36. Hacker Tools 2020
  37. Hacking Tools For Games
  38. Hacking Apps
  39. Hack Tools
  40. How To Install Pentest Tools In Ubuntu
  41. Pentest Tools Free
  42. Hacker Tool Kit
  43. Hackers Toolbox
  44. Hacker Tool Kit
  45. Hacking Tools Hardware
  46. Hacking Tools Name
  47. Pentest Tools Kali Linux
  48. Hacking Tools Hardware
  49. Physical Pentest Tools
  50. Pentest Tools Find Subdomains
  51. Pentest Tools Bluekeep
  52. Blackhat Hacker Tools
  53. Hacker Tools Linux
  54. Easy Hack Tools
  55. Install Pentest Tools Ubuntu
  56. Hacker Tools Free
  57. Pentest Tools Free
  58. World No 1 Hacker Software
  59. Wifi Hacker Tools For Windows
  60. World No 1 Hacker Software
  61. Hacking Tools For Windows Free Download
  62. New Hacker Tools
  63. Best Pentesting Tools 2018
  64. Pentest Recon Tools
  65. Usb Pentest Tools
  66. Hacker Tools Apk
  67. Best Hacking Tools 2020
  68. Pentest Automation Tools
  69. Pentest Tools Url Fuzzer
  70. Android Hack Tools Github
  71. Hack Tool Apk
  72. Hacking Tools Windows 10
  73. Pentest Tools For Android
  74. New Hacker Tools
  75. Pentest Tools Linux
  76. Pentest Tools Android
  77. Hak5 Tools
  78. Nsa Hack Tools Download
  79. Hacking Tools For Pc
  80. Hacks And Tools
  81. Hacker Security Tools
  82. Pentest Tools Android
  83. Hacking Tools For Mac
  84. Pentest Box Tools Download
  85. Best Pentesting Tools 2018
  86. Computer Hacker
  87. Best Hacking Tools 2020
  88. Pentest Tools Apk
  89. Hack Tools For Windows
  90. Pentest Tools For Android
  91. Hack Tools For Mac
  92. New Hack Tools
  93. Hacking Tools For Kali Linux
  94. Pentest Tools Linux
  95. Pentest Tools Tcp Port Scanner
  96. Pentest Tools For Windows
  97. Hacker Hardware Tools
  98. Hack Tools For Mac
  99. Hacker Tool Kit
  100. Hacking Tools Pc
  101. Pentest Tools For Mac
  102. Pentest Tools Online
  103. Hacker Tools Apk
  104. Hacker Tools Free Download
  105. Pentest Tools For Ubuntu
  106. Ethical Hacker Tools
  107. How To Make Hacking Tools
  108. Ethical Hacker Tools
  109. Hacking Tools Github
  110. Nsa Hacker Tools
  111. Hacking Tools For Kali Linux
  112. Hacker Tools 2020
  113. Hacking Tools Free Download
  114. Hack Tools Download
  115. Ethical Hacker Tools
  116. Hack Tools
  117. Hacking Tools For Games
  118. Pentest Tools Android
  119. Pentest Tools Windows
  120. Install Pentest Tools Ubuntu
  121. Best Pentesting Tools 2018
  122. Usb Pentest Tools
  123. Pentest Tools Online
  124. Pentest Tools Bluekeep
  125. How To Hack
  126. Hacker Tools For Ios
  127. Hacker Security Tools
  128. Hacker Tools Free Download
  129. Best Hacking Tools 2020
  130. Easy Hack Tools
  131. Hack Apps
  132. Hacker Tools 2019
  133. Pentest Tools Nmap
  134. Hak5 Tools
  135. World No 1 Hacker Software
  136. Hackrf Tools
  137. Hacker Search Tools
  138. Hacker Tools 2019
  139. Hack Tools Github
  140. Hacker Tools Apk Download
  141. Hacker Tools Windows
  142. Nsa Hacker Tools
  143. Tools For Hacker
  144. Easy Hack Tools
  145. Nsa Hacker Tools
  146. Hacker Tools Apk
  147. Hacker Security Tools
Publicado por

No hay comentarios:

Publicar un comentario

Nota: solo los miembros de este blog pueden publicar comentarios.

Suscribirse a: Enviar comentarios (Atom)