Today Great Book at Amazon.com
Visit Amazon.com to see more

Sunday, January 28, 2024

Exploiting Golang Unsafe Pointers


There are situations when c interacts with golang for example in a library, and its possible to exploit a golang function writing raw memory using an unsafe.Pointer() parameter.

When golang receive a null terminated string on a *C.Char parameter, can be converted to golang s tring with  s2 := C.GoString(s1) we can do string operations with s2 safelly if the null byte is there.

When golang receives a pointer to a buffer on an unsafe.Pointer() and the length of the buffer on a C.int, if the length is not cheated can be converted to a []byte safelly with b := C.GoBytes(buf,sz)

Buuut what happens if golang receives a pointer to a buffer on an unsafe.Pointer() and is an OUT variable? the golang routine has to write on this pointer unsafelly for example we can create a golangs memcpy in the following way:



We convert to uintptr for indexing the pointer and then convert again to pointer casted to a byte pointer dereferenced and every byte is writed in this way.

If b is controlled, the memory can be written and the return pointer of main.main or whatever function can be modified.

https://play.golang.org/p/HppcVpLfuMf


The return addres can be pinpointed, for example 0x41 buffer 0x42 address:



We can reproduce it simulating the buffer from golang in this way:


we can dump the address of a function and redirect the execution to it:


https://play.golang.org/p/7htJHJp8gUJ

In this way it's possible to build a rop chain using golang runtime to unprotect a shellcode.

Continue reading
  1. Black Hat Hacker Tools
  2. Easy Hack Tools
  3. Install Pentest Tools Ubuntu
  4. Pentest Reporting Tools
  5. Hacker Tools Linux
  6. New Hacker Tools
  7. Hacking App
  8. Hacker Tools Online
  9. Tools For Hacker
  10. How To Make Hacking Tools
  11. Hack Tools For Pc
  12. Pentest Tools Windows
  13. Hacking Tools Github
  14. Pentest Tools List
  15. Hacking Tools For Pc
  16. Tools Used For Hacking
  17. Hacking Tools Name
  18. Hacking Tools Software
  19. Hacker Tool Kit
  20. Pentest Tools Linux
  21. Hacker Tools Windows
  22. Hacking Tools Windows
  23. Hacker Tool Kit
  24. Pentest Tools Kali Linux
  25. Hack Tools For Ubuntu
  26. Pentest Tools Open Source
  27. How To Make Hacking Tools
  28. Pentest Tools Website Vulnerability
  29. Pentest Tools Github
  30. Hacker Tools
  31. Hacking Tools Kit
  32. Hacker Tools Github
  33. Hacking Tools Pc
  34. Pentest Tools Subdomain
  35. Hack App
  36. Hacker
  37. Tools For Hacker
  38. Hacker Tools Online
  39. Pentest Tools For Windows
  40. Pentest Automation Tools
  41. Pentest Tools Download
  42. Pentest Box Tools Download
  43. Hacking Tools Windows 10
  44. Hacker Tools Hardware
  45. Pentest Tools List
  46. Pentest Tools Website Vulnerability
  47. Android Hack Tools Github
  48. Pentest Tools Bluekeep
  49. Hacker
  50. Nsa Hack Tools
  51. Hacker Tools Windows
  52. Hacker Tool Kit
  53. Hacker Hardware Tools
  54. Hacking App
  55. Pentest Tools List
  56. Pentest Tools
  57. Hacking Apps
  58. Android Hack Tools Github
Posted by at

No comments:

Post a Comment

Subscribe to: Post Comments (Atom)
Wee Knowledge is an information of business management blog. All comments should be respect to other. If there are any unrespect comment, it will be deleted. Hope you will get somthing form this blog.
Wee Knowledge.Blogspot.com