Exploiting Golang Unsafe Pointers

There are situations when c interacts with golang for example in a library, and its possible to exploit a golang function writing raw memory using an unsafe.Pointer() parameter.

When golang receive a null terminated string on a *C.Char parameter, can be converted to golang s tring with  s2 := C.GoString(s1) we can do string operations with s2 safelly if the null byte is there.

When golang receives a pointer to a buffer on an unsafe.Pointer() and the length of the buffer on a C.int, if the length is not cheated can be converted to a []byte safelly with b := C.GoBytes(buf,sz)

Buuut what happens if golang receives a pointer to a buffer on an unsafe.Pointer() and is an OUT variable? the golang routine has to write on this pointer unsafelly for example we can create a golangs memcpy in the following way:

We convert to uintptr for indexing the pointer and then convert again to pointer casted to a byte pointer dereferenced and every byte is writed in this way.

If b is controlled, the memory can be written and the return pointer of main.main or whatever function can be modified.

https://play.golang.org/p/HppcVpLfuMf

The return addres can be pinpointed, for example 0x41 buffer 0x42 address:

We can reproduce it simulating the buffer from golang in this way:

we can dump the address of a function and redirect the execution to it:

https://play.golang.org/p/7htJHJp8gUJ

In this way it's possible to build a rop chain using golang runtime to unprotect a shellcode.

More info

• Hacker Tools Github
• Hacking Tools 2019
• Hacker
• Underground Hacker Sites
• Hacker Tools List
• Hacker Tools Github
• Tools 4 Hack
• Hacker Tools Free
• Hacker Tools 2019
• Hacking Tools For Games
• Hak5 Tools
• Hack Tools For Ubuntu
• Hacker
• Hack Tool Apk
• Hack Tools Pc
• Pentest Tools Find Subdomains
• Hacking Tools Software
• Kik Hack Tools
• Pentest Tools List
• Growth Hacker Tools
• Hack Tools For Games
• Hacker Tools For Pc
• Hacker Tools For Windows
• Top Pentest Tools
• Pentest Tools Windows
• Pentest Tools Online
• Pentest Tools Linux
• Hacker Tools
• Hacking Tools Kit
• Hackrf Tools
• Hacking Tools Pc
• Hacking Tools For Games
• Pentest Tools Framework
• Best Pentesting Tools 2018
• Hacking Tools Name
• Hacker Tools Apk
• Pentest Reporting Tools
• Hackers Toolbox
• Pentest Tools Github
• Hacking Tools For Kali Linux
• Hacker Techniques Tools And Incident Handling
• Hack Website Online Tool
• Hacking Tools For Windows 7
• Hack Tools
• Pentest Tools Nmap
• New Hack Tools
• Hack Tools Github
• Hacker Tools For Ios
• Hacker Tools Github
• Pentest Tools Subdomain
• Nsa Hack Tools Download
• Hacker Search Tools
• Pentest Tools Tcp Port Scanner
• Bluetooth Hacking Tools Kali
• Pentest Tools
• Pentest Tools Github
• Pentest Tools Nmap
• Pentest Tools List
• Hacking Tools For Mac
• Pentest Reporting Tools
• Pentest Tools Kali Linux
• Hacker Tools Windows
• Pentest Tools For Ubuntu
• Install Pentest Tools Ubuntu
• Termux Hacking Tools 2019
• Beginner Hacker Tools
• Hack Tools For Pc
• Pentest Tools List
• Pentest Tools Apk
• Hacking Tools Kit
• Beginner Hacker Tools
• Hacking Tools For Windows Free Download
• Best Hacking Tools 2020
• Hacking Tools Name
• Bluetooth Hacking Tools Kali
• Best Hacking Tools 2019
• Hacking Apps
• Pentest Tools For Windows
• Hacking Tools Github
• Hacking Tools Usb
• Beginner Hacker Tools
• Hacking Tools For Games
• Hacker Tools
• Hacking Tools Windows
• Hacker Tools For Ios
• Game Hacking
• Hacker Tools Free
• New Hack Tools
• Nsa Hacker Tools
• Hacker Tools Free Download
• Hack Tools Download
• Tools Used For Hacking
• Pentest Tools Url Fuzzer
• Pentest Automation Tools
• Hacker Tools For Pc
• Hacker Tools For Mac
• Install Pentest Tools Ubuntu
• Hack Tools For Games
• Hacks And Tools
• Black Hat Hacker Tools
• Hacking Tools Usb
• Top Pentest Tools
• Hackers Toolbox