Thursday, August 27, 2020

Exploiting Golang Unsafe Pointers


There are situations when c interacts with golang for example in a library, and its possible to exploit a golang function writing raw memory using an unsafe.Pointer() parameter.

When golang receive a null terminated string on a *C.Char parameter, can be converted to golang s tring with  s2 := C.GoString(s1) we can do string operations with s2 safelly if the null byte is there.

When golang receives a pointer to a buffer on an unsafe.Pointer() and the length of the buffer on a C.int, if the length is not cheated can be converted to a []byte safelly with b := C.GoBytes(buf,sz)

Buuut what happens if golang receives a pointer to a buffer on an unsafe.Pointer() and is an OUT variable? the golang routine has to write on this pointer unsafelly for example we can create a golangs memcpy in the following way:



We convert to uintptr for indexing the pointer and then convert again to pointer casted to a byte pointer dereferenced and every byte is writed in this way.

If b is controlled, the memory can be written and the return pointer of main.main or whatever function can be modified.

https://play.golang.org/p/HppcVpLfuMf


The return addres can be pinpointed, for example 0x41 buffer 0x42 address:



We can reproduce it simulating the buffer from golang in this way:


we can dump the address of a function and redirect the execution to it:


https://play.golang.org/p/7htJHJp8gUJ

In this way it's possible to build a rop chain using golang runtime to unprotect a shellcode.

More information


  1. Hack Tools Online
  2. Hacker Tools Software
  3. Hacking Tools For Pc
  4. Tools For Hacker
  5. Pentest Tools Website
  6. Hacking Tools For Mac
  7. Pentest Tools Bluekeep
  8. Pentest Tools Linux
  9. Tools Used For Hacking
  10. Bluetooth Hacking Tools Kali
  11. Bluetooth Hacking Tools Kali
  12. Hacking Tools For Windows
  13. Nsa Hack Tools Download
  14. Pentest Tools Review
  15. Pentest Tools Review
  16. Hack Tools Pc
  17. Black Hat Hacker Tools
  18. Hacker
  19. Hak5 Tools
  20. Nsa Hacker Tools
  21. How To Hack
  22. Nsa Hacker Tools
  23. Hacking Tools Download
  24. Hack And Tools
  25. Nsa Hack Tools
  26. Pentest Tools Open Source
  27. Pentest Tools For Mac
  28. Wifi Hacker Tools For Windows
  29. Hack Tools For Games
  30. Computer Hacker
  31. Pentest Tools Website Vulnerability
  32. Hacking Tools For Kali Linux
  33. Hacker Search Tools
  34. Kik Hack Tools
  35. Hackrf Tools
  36. Hacker
  37. World No 1 Hacker Software
  38. Pentest Box Tools Download
  39. Hack Tools
  40. Hacker Search Tools
  41. Pentest Tools Alternative
  42. Underground Hacker Sites
  43. Beginner Hacker Tools
  44. Nsa Hack Tools
  45. Pentest Automation Tools
  46. Pentest Recon Tools
  47. Top Pentest Tools
  48. World No 1 Hacker Software
  49. Hack Tools For Games
  50. Hacker Tools Github
  51. Hack Tools Pc
  52. Hacking Tools Hardware
  53. Hacker Tools For Pc
  54. Pentest Tools
  55. Pentest Tools Nmap
  56. Hacking Tools Github
  57. World No 1 Hacker Software
  58. Hacking Tools Windows 10
  59. Pentest Tools
  60. Pentest Tools Framework
  61. Hacker Tools Windows
  62. Top Pentest Tools
  63. Hack Tools Github
  64. Hacker Tools 2020
  65. Pentest Tools Url Fuzzer
  66. Best Pentesting Tools 2018
  67. Tools Used For Hacking
  68. Pentest Tools Download
  69. Bluetooth Hacking Tools Kali
  70. Pentest Tools For Windows
  71. Pentest Tools Subdomain
  72. Pentest Tools Open Source
  73. Hacking Tools Windows 10
  74. Hacking Tools Usb
  75. Hacker Tools Free Download
  76. Hack Tools Github
  77. Ethical Hacker Tools
  78. Pentest Tools For Mac
  79. Pentest Tools
  80. Nsa Hack Tools Download
  81. Best Hacking Tools 2019
  82. Pentest Tools For Android
  83. Pentest Tools List
  84. Underground Hacker Sites
  85. Computer Hacker
  86. Pentest Tools For Windows
  87. Hacking Tools For Windows
  88. Pentest Box Tools Download
  89. Nsa Hacker Tools
  90. Hacking Tools Software
  91. Pentest Tools Nmap
  92. Hacking Tools Pc
  93. Hack Tools Pc
  94. Hacker Tools Github
  95. Hacker Tools Mac
  96. Hacker Tools Software
  97. Kik Hack Tools
  98. Easy Hack Tools
  99. Hacker Tools 2020
  100. Pentest Box Tools Download
  101. Pentest Tools Port Scanner
  102. Hacker Tools Free Download
  103. Hak5 Tools
  104. How To Hack
  105. Nsa Hacker Tools
  106. Hacking Tools Pc
  107. Hack Rom Tools
  108. Pentest Tools Port Scanner
  109. Pentest Tools Github
  110. Kik Hack Tools
  111. Tools For Hacker
  112. Game Hacking
  113. Pentest Tools List
  114. Pentest Automation Tools
  115. Hack Tools For Windows
  116. Hacks And Tools
  117. Pentest Tools Website Vulnerability
  118. Hacking Tools Usb
  119. Hacking Tools Pc
  120. What Are Hacking Tools
  121. Nsa Hacker Tools
  122. Android Hack Tools Github
  123. Hacker Tools Windows
  124. Best Pentesting Tools 2018
  125. Android Hack Tools Github
  126. Hack Tools Pc
  127. Hacking Tools Free Download
  128. Pentest Tools Find Subdomains
  129. Hack Tools Github
  130. Hacker Tools Free Download
  131. Hak5 Tools
Posted by at

No comments:

Post a Comment

Subscribe to: Post Comments (Atom)