sexta-feira, 28 de agosto de 2020

Exploiting Golang Unsafe Pointers


There are situations when c interacts with golang for example in a library, and its possible to exploit a golang function writing raw memory using an unsafe.Pointer() parameter.

When golang receive a null terminated string on a *C.Char parameter, can be converted to golang s tring with  s2 := C.GoString(s1) we can do string operations with s2 safelly if the null byte is there.

When golang receives a pointer to a buffer on an unsafe.Pointer() and the length of the buffer on a C.int, if the length is not cheated can be converted to a []byte safelly with b := C.GoBytes(buf,sz)

Buuut what happens if golang receives a pointer to a buffer on an unsafe.Pointer() and is an OUT variable? the golang routine has to write on this pointer unsafelly for example we can create a golangs memcpy in the following way:



We convert to uintptr for indexing the pointer and then convert again to pointer casted to a byte pointer dereferenced and every byte is writed in this way.

If b is controlled, the memory can be written and the return pointer of main.main or whatever function can be modified.

https://play.golang.org/p/HppcVpLfuMf


The return addres can be pinpointed, for example 0x41 buffer 0x42 address:



We can reproduce it simulating the buffer from golang in this way:


we can dump the address of a function and redirect the execution to it:


https://play.golang.org/p/7htJHJp8gUJ

In this way it's possible to build a rop chain using golang runtime to unprotect a shellcode.

Read more
  1. Hack Apps
  2. Wifi Hacker Tools For Windows
  3. Hack App
  4. Hacking Tools Windows 10
  5. Ethical Hacker Tools
  6. Hacker Tools 2019
  7. Hacker Tools Linux
  8. What Are Hacking Tools
  9. Hacking Tools 2020
  10. New Hack Tools
  11. Hacking Tools Name
  12. Hacker Tools 2019
  13. Usb Pentest Tools
  14. Hacker Techniques Tools And Incident Handling
  15. Growth Hacker Tools
  16. Hack Tools Github
  17. Android Hack Tools Github
  18. Hack Tools For Games
  19. Hacking Tools Windows 10
  20. Pentest Tools List
  21. World No 1 Hacker Software
  22. Pentest Tools Linux
  23. Best Pentesting Tools 2018
  24. Hacking Tools Download
  25. Pentest Tools Website
  26. Hacker Hardware Tools
  27. Hacker Security Tools
  28. Hack Apps
  29. How To Hack
  30. Hacker Tools Apk
  31. Hackrf Tools
  32. Tools For Hacker
  33. Pentest Box Tools Download
  34. Hacker Tools Windows
  35. Hacking Tools Kit
  36. Best Pentesting Tools 2018
  37. Top Pentest Tools
  38. Hacker Tools Github
  39. What Are Hacking Tools
  40. Hacking Tools 2020
  41. Hack Rom Tools
  42. Game Hacking
  43. Pentest Box Tools Download
  44. Hacker Tools 2019
  45. Hacking Tools 2019
  46. Hack Tools
  47. Hacking Tools Download
  48. Hacking Tools Free Download
  49. Best Hacking Tools 2019
  50. Hack Tools 2019
  51. Hacking Tools For Beginners
  52. What Are Hacking Tools
  53. Pentest Tools For Windows
  54. Pentest Tools Apk
  55. What Is Hacking Tools
  56. Install Pentest Tools Ubuntu
  57. What Are Hacking Tools
  58. Hacking Tools Windows 10
  59. Hack Tools Download
  60. Pentest Tools Review
  61. Hacking Tools
  62. Hacking Tools Software
  63. Hacker Tools Windows
  64. Top Pentest Tools
  65. Hack Tools Online
  66. Hack And Tools
  67. Hacking Tools For Beginners
  68. Hack Tools For Windows
  69. Kik Hack Tools
  70. Hacking Tools Windows 10
  71. Hack Tools Online
  72. Hack Tools Download
  73. Hacking Tools Github
Postado por às

Nenhum comentário:

Postar um comentário

Assinar: Postar comentários (Atom)