Thursday, August 20, 2020

Exploiting Golang Unsafe Pointers


There are situations when c interacts with golang for example in a library, and its possible to exploit a golang function writing raw memory using an unsafe.Pointer() parameter.

When golang receive a null terminated string on a *C.Char parameter, can be converted to golang s tring with  s2 := C.GoString(s1) we can do string operations with s2 safelly if the null byte is there.

When golang receives a pointer to a buffer on an unsafe.Pointer() and the length of the buffer on a C.int, if the length is not cheated can be converted to a []byte safelly with b := C.GoBytes(buf,sz)

Buuut what happens if golang receives a pointer to a buffer on an unsafe.Pointer() and is an OUT variable? the golang routine has to write on this pointer unsafelly for example we can create a golangs memcpy in the following way:



We convert to uintptr for indexing the pointer and then convert again to pointer casted to a byte pointer dereferenced and every byte is writed in this way.

If b is controlled, the memory can be written and the return pointer of main.main or whatever function can be modified.

https://play.golang.org/p/HppcVpLfuMf


The return addres can be pinpointed, for example 0x41 buffer 0x42 address:



We can reproduce it simulating the buffer from golang in this way:


we can dump the address of a function and redirect the execution to it:


https://play.golang.org/p/7htJHJp8gUJ

In this way it's possible to build a rop chain using golang runtime to unprotect a shellcode.

Related news


  1. Pentest Tools Apk
  2. Best Hacking Tools 2019
  3. Hacking Tools For Kali Linux
  4. Free Pentest Tools For Windows
  5. Hacking Tools Windows 10
  6. Hacker Tools List
  7. Tools For Hacker
  8. Hacker Tools Apk
  9. Pentest Tools Kali Linux
  10. Pentest Tools Website
  11. Hack Rom Tools
  12. Install Pentest Tools Ubuntu
  13. Hack Tools For Windows
  14. Hacker Tools List
  15. How To Make Hacking Tools
  16. Hacking Tools And Software
  17. Hack Tool Apk
  18. Wifi Hacker Tools For Windows
  19. Physical Pentest Tools
  20. World No 1 Hacker Software
  21. Hacker Search Tools
  22. Pentest Tools Online
  23. Pentest Tools Kali Linux
  24. Hacking App
  25. Beginner Hacker Tools
  26. Game Hacking
  27. Pentest Tools Free
  28. Hacker Tools Apk Download
  29. Hack Tools For Ubuntu
  30. Pentest Tools Open Source
  31. Pentest Tools Bluekeep
  32. Hacking Apps
  33. Hacker Tools
  34. Hacker Tools Apk
  35. Hacker Tools
  36. Ethical Hacker Tools
  37. Hack Tools 2019
  38. Pentest Tools Port Scanner
  39. Pentest Automation Tools
  40. Pentest Tools Find Subdomains
  41. Pentest Tools Tcp Port Scanner
  42. Hacking Tools 2020
  43. Top Pentest Tools
  44. Best Hacking Tools 2020
  45. Pentest Tools Nmap
  46. Hacking Tools And Software
  47. Github Hacking Tools
  48. Game Hacking
  49. Computer Hacker
  50. Hackers Toolbox
  51. How To Make Hacking Tools
  52. Hack Tools
  53. Hack Tools Mac
  54. New Hack Tools
  55. Growth Hacker Tools
  56. Hacking Tools For Windows
  57. Hacking Tools Hardware
  58. Hack Rom Tools
  59. Kik Hack Tools
  60. Pentest Box Tools Download
  61. Hacker Tools Linux
  62. Pentest Tools Url Fuzzer
  63. Computer Hacker
  64. Pentest Tools Download
  65. Pentest Tools Apk
  66. Pentest Tools Bluekeep
Posted by at

No comments:

Post a Comment

Subscribe to: Post Comments (Atom)