Geek Answers Handbook

Running a byte array in Go

I am trying to execute shellcode in a Go program, similar to how you can do this with other languages.

Example 1 - Shellcode in program C

Example 2 - http://www.debasish.in/2012/04/execute-shellcode-using-python.html

All methods have similar methods: assign the shell code of the executable memory through the allocated OS (mmap, virtualalloc, etc.), and then execute the code by creating a function pointer pointing to this place before execution.

Here is my terrible hacker example when doing the same thing in Go. The hexadecimal code has manipulations performed on it before passing the function, so it is formatted as byte []. Saying that mmap expects a file descriptor to be sent in which there is a terrible write to the tmp file.

func osxExec(shellcode []byte) {
    f, err := os.Create("data/shellcode.tmp")
    if err != nil {
        fmt.Println(err)
    }
    defer f.Close()
    _,_ = f.Write(shellcode)
    f.Sync()

    b, err := syscall.Mmap(int(f.Fd()), 0, len(shellcode), syscall.PROT_READ|syscall.PROT_WRITE|syscall.PROT_EXEC, syscall.MAP_SHARED)
    if err != nil {
        fmt.Println(err)
    }

    fmt.Printf("%p", b)
}

(slice?) , , , , , . IRC, , .

.

.

+4
2

-, ( ) mmap , go memory is executable. mmap, :

b, e := syscall.Mmap(0, 0, len(shellcode), syscall.PROT_READ|syscall.PROT_WRITE|syscall.PROT_EXEC, syscall.MAP_ANON)
copy(b, shellcode)

shellcode , .

shellcode , C :

f := *(*func() int)(unsafe.Pointer(&d[0]))

f, .

Go, C, C .

/*
call(char *code) {
    int (*ret)() = (int(*)())code;
    ret();
}
*/
import "C"

func main() {
    ...
    // at your call site, you can send the shellcode directly to the C 
    // function by converting it to a pointer of the correct type.
    C.call((*C.char)(unsafe.Pointer(&shellcode[0])))
+5

More articles:


All Articles