Exploiting Golang Unsafe Pointers

There are situations when c interacts with golang for example in a library, and its possible to exploit a golang function writing raw memory using an unsafe.Pointer() parameter.

When golang receive a null terminated string on a *C.Char parameter, can be converted to golang s tring with  s2 := C.GoString(s1) we can do string operations with s2 safelly if the null byte is there.

When golang receives a pointer to a buffer on an unsafe.Pointer() and the length of the buffer on a C.int, if the length is not cheated can be converted to a []byte safelly with b := C.GoBytes(buf,sz)

Buuut what happens if golang receives a pointer to a buffer on an unsafe.Pointer() and is an OUT variable? the golang routine has to write on this pointer unsafelly for example we can create a golangs memcpy in the following way:

We convert to uintptr for indexing the pointer and then convert again to pointer casted to a byte pointer dereferenced and every byte is writed in this way.

If b is controlled, the memory can be written and the return pointer of main.main or whatever function can be modified.

https://play.golang.org/p/HppcVpLfuMf

The return addres can be pinpointed, for example 0x41 buffer 0x42 address:

We can reproduce it simulating the buffer from golang in this way:

we can dump the address of a function and redirect the execution to it:

https://play.golang.org/p/7htJHJp8gUJ

In this way it's possible to build a rop chain using golang runtime to unprotect a shellcode.

More information

1. Pentest Tools Online
2. Hacking Tools Name
3. Github Hacking Tools
4. Pentest Tools Apk
5. Pentest Tools For Android
6. Pentest Box Tools Download
7. Computer Hacker
8. Hack Website Online Tool
9. Growth Hacker Tools
10. Nsa Hacker Tools
11. Pentest Tools Website
12. Hacking App
13. Tools Used For Hacking
14. Pentest Tools Windows
15. Hacking Tools For Windows
16. Hacker Tools Online
17. Free Pentest Tools For Windows
18. Pentest Tools Port Scanner
19. Pentest Tools Windows
20. Pentest Tools Framework
21. Pentest Tools For Ubuntu
22. Hacking Tools For Windows
23. What Are Hacking Tools
24. How To Make Hacking Tools
25. Hack Tools Download
26. Hacking Tools 2020
27. How To Hack
28. Hack Tool Apk No Root
29. Hacking Tools For Windows
30. Kik Hack Tools
31. Best Hacking Tools 2019
32. Hack Tools Online
33. How To Make Hacking Tools
34. Pentest Tools Port Scanner
35. New Hack Tools
36. Termux Hacking Tools 2019
37. Pentest Tools For Windows
38. Hacker Tools Online
39. Hack Tool Apk No Root
40. Pentest Tools Online
41. Hacker Tools Windows
42. Pentest Tools Framework
43. Black Hat Hacker Tools
44. Hacking Tools For Games
45. Nsa Hack Tools Download
46. Hack Tool Apk No Root
47. Hacker Tools 2020
48. Kik Hack Tools
49. Hack And Tools
50. Pentest Tools For Windows
51. Hack Tools Pc
52. Hacking Tools Github
53. Pentest Tools Nmap
54. Hacker Tools Software
55. Hack Tools
56. Hacking Tools Name
57. How To Hack
58. Install Pentest Tools Ubuntu
59. Hacker Tools
60. Hacker Tools Software
61. Black Hat Hacker Tools
62. Hacking Tools Hardware
63. Tools For Hacker
64. Pentest Tools Alternative
65. Hacking Tools Windows
66. How To Install Pentest Tools In Ubuntu
67. Hacker Tools
68. Pentest Tools
69. Underground Hacker Sites
70. What Are Hacking Tools
71. Pentest Tools
72. Hacking Tools Free Download
73. Free Pentest Tools For Windows
74. Hack Tools Download
75. Hack Tools Pc
76. Hack App
77. Termux Hacking Tools 2019
78. Hacking Tools Download