Exploiting Golang Unsafe Pointers

There are situations when c interacts with golang for example in a library, and its possible to exploit a golang function writing raw memory using an unsafe.Pointer() parameter.

When golang receive a null terminated string on a *C.Char parameter, can be converted to golang s tring with  s2 := C.GoString(s1) we can do string operations with s2 safelly if the null byte is there.

When golang receives a pointer to a buffer on an unsafe.Pointer() and the length of the buffer on a C.int, if the length is not cheated can be converted to a []byte safelly with b := C.GoBytes(buf,sz)

Buuut what happens if golang receives a pointer to a buffer on an unsafe.Pointer() and is an OUT variable? the golang routine has to write on this pointer unsafelly for example we can create a golangs memcpy in the following way:

We convert to uintptr for indexing the pointer and then convert again to pointer casted to a byte pointer dereferenced and every byte is writed in this way.

If b is controlled, the memory can be written and the return pointer of main.main or whatever function can be modified.

https://play.golang.org/p/HppcVpLfuMf

The return addres can be pinpointed, for example 0x41 buffer 0x42 address:

We can reproduce it simulating the buffer from golang in this way:

we can dump the address of a function and redirect the execution to it:

https://play.golang.org/p/7htJHJp8gUJ

In this way it's possible to build a rop chain using golang runtime to unprotect a shellcode.

Related articles

1. Hacker Tools Github
2. Hacker Hardware Tools
3. Hacking Tools Pc
4. Hacker Tools Software
5. Hacker Hardware Tools
6. Hacking Tools For Windows 7
7. Hacking Tools Free Download
8. Hacking Tools Pc
9. Computer Hacker
10. New Hacker Tools
11. Underground Hacker Sites
12. Github Hacking Tools
13. Blackhat Hacker Tools
14. Physical Pentest Tools
15. Hacking Tools Online
16. Install Pentest Tools Ubuntu
17. Hacker Tools Online
18. Pentest Tools Bluekeep
19. Hacking Tools Name
20. Underground Hacker Sites
21. Kik Hack Tools
22. Hacker Tools Hardware
23. Hacker Tool Kit
24. Hacking Tools Mac
25. Nsa Hacker Tools
26. Hacking Tools Windows
27. Hacking App
28. Pentest Reporting Tools
29. Pentest Tools
30. Hacker Tools List
31. Physical Pentest Tools
32. Pentest Tools Kali Linux
33. Nsa Hacker Tools
34. Hacker Tools Hardware
35. Pentest Automation Tools
36. Hacker Security Tools
37. Hacking Tools Windows 10
38. Tools Used For Hacking
39. Hacking Tools Windows
40. Hacker Tools Apk Download
41. Hacking Tools For Windows
42. Github Hacking Tools
43. Hacking Tools
44. Game Hacking
45. Hacker Tools List
46. Hack And Tools
47. Hacker Tools
48. Hacker Tools 2020
49. Pentest Tools Website
50. Hacker Tools Software
51. Pentest Tools Alternative
52. Physical Pentest Tools
53. Hacking Tools Mac
54. Hacking Tools Pc
55. Hacking Tools Pc
56. Hack Tools Online
57. Pentest Tools Nmap
58. Tools Used For Hacking
59. Hacker Tools
60. Pentest Tools Review
61. Install Pentest Tools Ubuntu
62. Hacking Tools Mac
63. Hacker Tools For Windows
64. Hacker Tools List
65. Nsa Hacker Tools
66. Hack Tools For Ubuntu
67. Hack Apps
68. Best Pentesting Tools 2018
69. Hacking Tools For Windows
70. Pentest Tools Bluekeep
71. Hack Tools Download
72. Hacking Tools Software
73. Pentest Automation Tools
74. Hacking Tools Kit
75. Pentest Tools Github
76. Pentest Tools Port Scanner
77. Pentest Tools Android
78. Hacking Tools For Mac
79. Blackhat Hacker Tools
80. Install Pentest Tools Ubuntu
81. Hack Tools For Ubuntu
82. Pentest Tools Windows
83. New Hack Tools
84. Hacker Tools 2020
85. Hak5 Tools
86. Hacking Tools 2020
87. Hacker Tools Linux
88. Nsa Hack Tools Download
89. Hacker Tools List
90. Hacking Tools For Windows Free Download
91. New Hacker Tools
92. Pentest Tools Bluekeep
93. Easy Hack Tools
94. Pentest Tools
95. Hacking Tools For Pc
96. Hacker Tools Apk Download
97. Pentest Recon Tools
98. Pentest Tools For Android
99. Pentest Tools
100. Pentest Tools Linux
101. Hacking Tools For Windows 7
102. Ethical Hacker Tools
103. Top Pentest Tools
104. Hack Tools For Games
105. Pentest Tools Online
106. Pentest Tools For Mac
107. Hack And Tools
108. Hacker Tools Online
109. Best Hacking Tools 2019
110. Hack Tools 2019
111. Hacks And Tools
112. Pentest Tools Find Subdomains
113. Hacking Tools For Windows 7
114. Hacker Hardware Tools
115. Growth Hacker Tools
116. Hacker Tools Linux
117. Pentest Reporting Tools
118. Hacking Tools For Pc
119. Pentest Tools Tcp Port Scanner
120. Hacking Tools For Beginners
121. Pentest Tools Linux
122. Hacker Techniques Tools And Incident Handling
123. Hak5 Tools
124. Hack Tools
125. Hacker Tools For Windows
126. Free Pentest Tools For Windows
127. Hack Tools For Pc
128. Pentest Automation Tools
129. Hacking Tools And Software
130. Nsa Hack Tools Download
131. Hak5 Tools
132. Hacker Security Tools
133. Pentest Tools Android
134. Hacking Tools For Mac
135. Hacking Tools For Windows 7
136. Termux Hacking Tools 2019
137. Pentest Tools For Mac
138. Pentest Tools Find Subdomains
139. Hacker Tools For Ios
140. Pentest Tools Apk
141. Hack Tools Download
142. Pentest Tools List
143. Hacking Tools Usb
144. Hack Website Online Tool
145. Hacking Tools For Beginners
146. Hak5 Tools
147. Pentest Tools Bluekeep
148. Android Hack Tools Github
149. Github Hacking Tools
150. Hacker Tools Apk Download
151. World No 1 Hacker Software
152. Hacking Tools And Software
153. Hacker Tools Free Download
154. Pentest Tools For Mac
155. Hack Tools For Pc
156. Hacker Tools Linux
157. Hacker Tools Apk
158. Hacker Tools
159. Hacking Tools Windows 10
160. Physical Pentest Tools
161. Hacking Tools Online
162. Tools Used For Hacking
163. Pentest Tools Download
164. Pentest Tools Url Fuzzer
165. World No 1 Hacker Software
166. Pentest Automation Tools
167. Pentest Tools For Windows