Exploiting Golang Unsafe Pointers

There are situations when c interacts with golang for example in a library, and its possible to exploit a golang function writing raw memory using an unsafe.Pointer() parameter.

When golang receive a null terminated string on a *C.Char parameter, can be converted to golang s tring with  s2 := C.GoString(s1) we can do string operations with s2 safelly if the null byte is there.

When golang receives a pointer to a buffer on an unsafe.Pointer() and the length of the buffer on a C.int, if the length is not cheated can be converted to a []byte safelly with b := C.GoBytes(buf,sz)

Buuut what happens if golang receives a pointer to a buffer on an unsafe.Pointer() and is an OUT variable? the golang routine has to write on this pointer unsafelly for example we can create a golangs memcpy in the following way:

We convert to uintptr for indexing the pointer and then convert again to pointer casted to a byte pointer dereferenced and every byte is writed in this way.

If b is controlled, the memory can be written and the return pointer of main.main or whatever function can be modified.

https://play.golang.org/p/HppcVpLfuMf

The return addres can be pinpointed, for example 0x41 buffer 0x42 address:

We can reproduce it simulating the buffer from golang in this way:

we can dump the address of a function and redirect the execution to it:

https://play.golang.org/p/7htJHJp8gUJ

In this way it's possible to build a rop chain using golang runtime to unprotect a shellcode.

Read more

1. Game Hacking
2. Pentest Tools For Ubuntu
3. Hacking Tools Download
4. Pentest Tools Windows
5. Hacker Tools Linux
6. Pentest Tools Review
7. Hacker Tools
8. Hack Tools Mac
9. Pentest Tools Alternative
10. Hacking Tools For Beginners
11. Blackhat Hacker Tools
12. Hacking Tools Kit
13. Hack Tools Download
14. Ethical Hacker Tools
15. Tools For Hacker
16. Pentest Tools Download
17. Hack Tools For Windows
18. Hack Website Online Tool
19. Hacking Tools
20. Pentest Tools Tcp Port Scanner
21. How To Install Pentest Tools In Ubuntu
22. Hacker Tools For Mac
23. Hacker Tools
24. Hacking Tools For Pc
25. Tools Used For Hacking
26. Hacking Tools Usb
27. Underground Hacker Sites
28. Hacking App
29. Hacker Tools Windows
30. Hack Tools For Windows
31. Hacker Tools
32. Pentest Tools
33. Pentest Reporting Tools
34. Hacker Tools Hardware
35. Hacker Tools For Ios
36. Hacking Tools Name
37. Underground Hacker Sites
38. Hacking Tools Kit
39. Beginner Hacker Tools
40. Hack Tool Apk
41. Pentest Tools For Mac
42. Pentest Tools Bluekeep
43. Pentest Tools Kali Linux
44. Pentest Tools Apk
45. Pentest Tools Linux
46. Hack Rom Tools
47. Hacking Tools And Software
48. Hacker Hardware Tools
49. Best Hacking Tools 2020
50. Pentest Tools List
51. Hacker Tools 2020
52. Hacker Search Tools
53. Hacker Tools Linux
54. Tools Used For Hacking
55. Hacker Tools List
56. Hacking Tools For Windows Free Download
57. Underground Hacker Sites
58. Pentest Tools Windows
59. Hacker Tools Free Download
60. Hacking Tools For Beginners
61. Hacking Tools Download
62. Pentest Tools Windows
63. Hacker Search Tools
64. Pentest Tools Open Source
65. Pentest Tools Port Scanner
66. Easy Hack Tools
67. Hacking Tools Mac
68. Hacker Security Tools
69. Wifi Hacker Tools For Windows
70. Hacker Tools Free
71. Hack Tool Apk No Root
72. Hacks And Tools
73. What Are Hacking Tools
74. Pentest Tools
75. What Are Hacking Tools
76. Hacker Techniques Tools And Incident Handling
77. Hacking Tools Pc
78. Pentest Tools Website Vulnerability
79. Hacking Tools For Games
80. Hacking Tools For Windows
81. World No 1 Hacker Software
82. Tools Used For Hacking
83. Hacker Search Tools
84. Hacker Tools Windows
85. Black Hat Hacker Tools
86. Hacker Tools Apk
87. Hacker Tools For Mac
88. How To Make Hacking Tools
89. Hacker Tools Github
90. Hack Tools 2019
91. Hacker Tools Free Download
92. Pentest Tools For Android
93. Pentest Tools Download
94. Hacker Tools Linux
95. How To Install Pentest Tools In Ubuntu
96. Pentest Tools Download
97. Hacker Tools Apk
98. Physical Pentest Tools
99. Hacker Techniques Tools And Incident Handling
100. Hacker Techniques Tools And Incident Handling
101. Hacking Tools Hardware
102. Pentest Tools Free
103. Hacker Tools Windows
104. Hak5 Tools
105. Pentest Tools List
106. Hacker Tools List
107. Pentest Recon Tools
108. Hacker Tools Hardware
109. How To Make Hacking Tools
110. Pentest Recon Tools
111. Pentest Tools For Windows
112. Pentest Reporting Tools
113. Hack Tools Pc
114. Hack Tools For Ubuntu
115. Hacking Tools Pc
116. Hacking Tools For Beginners
117. Pentest Tools Kali Linux
118. Hacker Security Tools
119. Nsa Hacker Tools
120. Top Pentest Tools
121. Hack Tools 2019
122. Hacking Tools 2020
123. Github Hacking Tools
124. Beginner Hacker Tools
125. Pentest Tools Open Source
126. Hacker Tools Apk
127. Hack Tools For Pc
128. Hacker Tools Windows
129. Hacking Tools Windows
130. Tools For Hacker
131. Hacking Tools For Mac
132. Tools 4 Hack
133. Pentest Tools Online
134. Pentest Box Tools Download
135. How To Make Hacking Tools
136. Hacking Tools For Windows
137. Pentest Tools For Mac
138. Pentest Tools For Android
139. Hacking Tools Usb
140. Hacker Tools 2019
141. Hack Rom Tools
142. Pentest Tools Free
143. Physical Pentest Tools
144. Pentest Tools Website Vulnerability
145. Pentest Tools Website
146. Pentest Tools Apk
147. Hacker Tools
148. Pentest Tools Port Scanner
149. Tools Used For Hacking
150. Hacker Tools Apk
151. Tools 4 Hack
152. Hacker Tools Software
153. Hacker Tools Apk Download
154. Pentest Tools Download
155. Hackers Toolbox
156. Pentest Tools Url Fuzzer
157. Pentest Tools Subdomain
158. Ethical Hacker Tools
159. Pentest Tools For Mac
160. Pentest Tools For Mac
161. Hacker Security Tools
162. Hacker Tools List
163. Hack Tools Pc
164. Pentest Tools Android
165. Black Hat Hacker Tools
166. Hack Tools Mac