Exploiting Golang Unsafe Pointers

There are situations when c interacts with golang for example in a library, and its possible to exploit a golang function writing raw memory using an unsafe.Pointer() parameter.

When golang receive a null terminated string on a *C.Char parameter, can be converted to golang s tring with  s2 := C.GoString(s1) we can do string operations with s2 safelly if the null byte is there.

When golang receives a pointer to a buffer on an unsafe.Pointer() and the length of the buffer on a C.int, if the length is not cheated can be converted to a []byte safelly with b := C.GoBytes(buf,sz)

Buuut what happens if golang receives a pointer to a buffer on an unsafe.Pointer() and is an OUT variable? the golang routine has to write on this pointer unsafelly for example we can create a golangs memcpy in the following way:

We convert to uintptr for indexing the pointer and then convert again to pointer casted to a byte pointer dereferenced and every byte is writed in this way.

If b is controlled, the memory can be written and the return pointer of main.main or whatever function can be modified.

https://play.golang.org/p/HppcVpLfuMf

The return addres can be pinpointed, for example 0x41 buffer 0x42 address:

We can reproduce it simulating the buffer from golang in this way:

we can dump the address of a function and redirect the execution to it:

https://play.golang.org/p/7htJHJp8gUJ

In this way it's possible to build a rop chain using golang runtime to unprotect a shellcode.

Read more

• Hack Tools
• Hack Tools Pc
• Hacking Tools Windows 10
• Hacker
• Hacker Tools Software
• Pentest Tools Kali Linux
• Pentest Tools Linux
• Hacker Security Tools
• Pentest Tools
• New Hacker Tools
• Pentest Tools For Android
• Pentest Automation Tools
• Best Pentesting Tools 2018
• Hacking Tools 2020
• Kik Hack Tools
• Pentest Tools Review
• Termux Hacking Tools 2019
• Pentest Tools Linux
• Pentest Tools Github
• Hacker Tools For Windows
• Easy Hack Tools
• Hacking Tools For Windows
• Hackrf Tools
• Pentest Tools For Windows
• Hacker Tools For Mac
• How To Make Hacking Tools
• Hacking Tools For Beginners
• Hack And Tools
• Hacker
• Pentest Tools Github
• Hak5 Tools
• Pentest Box Tools Download
• Hacking Tools For Windows
• Hacker Tools Software
• Physical Pentest Tools
• Hacking Tools 2020
• Bluetooth Hacking Tools Kali
• Pentest Tools For Ubuntu
• Tools 4 Hack
• Hack Website Online Tool
• Computer Hacker
• Hacker Tools For Mac
• Hacker Tools For Pc
• Hacker Tools For Ios
• Pentest Tools For Windows
• Hacker Tools Mac
• Pentest Tools Windows
• Hacking Apps
• Game Hacking
• Hack App
• Hacker
• Pentest Tools Review
• Pentest Tools For Mac
• Hacker Tools Apk
• Hack Tools Pc
• Pentest Tools For Windows
• Hacker Tools
• Pentest Tools Nmap
• Game Hacking
• Pentest Tools Windows
• Hacking Tools For Windows 7
• Hacking Tools Software
• Hack Tools Download
• Hacks And Tools
• Hack Tools For Ubuntu
• Pentest Tools Windows
• Hack Tools For Ubuntu
• Pentest Tools Review
• Hack Tools Mac
• Android Hack Tools Github
• Hack Tool Apk No Root
• Hacker Techniques Tools And Incident Handling
• Hacker Hardware Tools
• Hacker Tools Apk
• Hacking Tools For Windows
• Hacker Tools Online
• Hack Tools Mac
• Hacking Tools Name
• Best Pentesting Tools 2018
• Termux Hacking Tools 2019
• Hackers Toolbox
• Hacker Security Tools
• Hacking Tools Usb
• Hacking Apps
• Pentest Automation Tools
• Hacker Tools List
• Hack Tools For Ubuntu
• Pentest Tools For Ubuntu
• Hack Tools Github
• Hacker Tools Apk
• Hacking Tools Usb
• Hack Tools
• Free Pentest Tools For Windows
• Pentest Tools Github
• Pentest Tools For Android
• Hacker Hardware Tools
• Hacker Tools List
• Hacker Tools Free
• Pentest Automation Tools
• Hack Tools
• Hacking Tools 2019
• Hacker
• Hacker Tools Free
• Hacker Tools Linux
• Bluetooth Hacking Tools Kali
• Pentest Tools Website
• Top Pentest Tools
• Pentest Tools For Ubuntu
• Hacker Tools Software
• Hacking Apps
• Hacking Tools Download
• World No 1 Hacker Software