Vsftpd Backdoor - Ekoparty Prectf - Amn3S1A Team

It's a 32bits elf binary of some version of vsftpd, where it have been added a backdoor, they don't specify is an authentication backdoor, a special command or other stuff.

I started looking for something weird on the authentication routines, but I didn't found anything significant in a brief period of time, so I decided to do a bindiff, that was the key for locating the backdoor quickly. I do a quick diff of the strings with the command "strings bin | sort -u" and "vimdiff" and noticed that the backdoored binary has the symbol "execl" which is weird because is a call for executing elfs, don't needed for a ftp service, and weird that the compiled binary doesn't has that symbol.





Looking the xrefs of "execl" on IDA I found that code that is a clear backdoor, it create a socket, bind a port and duplicate the stdin, stdout and stderr to the socket and use the execl:



There are one xrefs to this function, the function that decides when trigger that is that kind of systems equations decision:


The backdoor was not on the authentication, it was a special command to trigger the backdoor, which is obfuscated on that systems equation, it was no needed to use a z3 equation solver because is a simple one and I did it by hand.



The equation:
cmd[0] = 69
cmd[1] = 78
cmd[1] + cmd[2] = 154
cmd[2] + cmd[3] = 202
cmd[3] + cmd[4] = 241
cmd[4] + cmd[5] = 233
cmd[5] + cmd[6] = 217
cmd[6] + cmd[7] = 218
cmd[7] + cmd[8] = 228
cmd[8] + cmd[9] = 212
cmd[9] + cmd[10] = 195
cmd[10] + cmd[11] = 195
cmd[11] + cmd[12] = 201
cmd[12] + cmd[13] = 207
cmd[13] + cmd[14] = 203
cmd[14] + cmd[15] = 215
cmd[15] + cmd[16] = 235
cmd[16] + cmd[17] = 242

The solution:
cmd[0] = 69
cmd[1] = 75
cmd[2] = 79
cmd[3] = 123
cmd[4] = 118
cmd[5] = 115
cmd[6] = 102
cmd[7] = 116
cmd[8] = 112
cmd[9] = 100
cmd[10] = 95
cmd[11] = 100
cmd[12] = 101
cmd[13] = 106
cmd[14] = 97                    
cmd[15] = 118
cmd[16] = 117
cmd[17] = 125


The flag:
EKO{vsftpd_dejavu}

The binary:
https://ctf.ekoparty.org/static/pre-ekoparty/backdoor


Related links


  1. Pentest Tools Subdomain
  2. Hack Tools
  3. Hacking Tools 2019
  4. Nsa Hack Tools Download
  5. Pentest Tools Alternative
  6. Beginner Hacker Tools
  7. Pentest Tools Download
  8. Pentest Tools Tcp Port Scanner
  9. Blackhat Hacker Tools
  10. How To Install Pentest Tools In Ubuntu
  11. Hacker Tools For Pc
  12. Hack Tools For Ubuntu
  13. Hack App
  14. Hack Tools For Mac
  15. Pentest Tools Tcp Port Scanner
  16. Hacking Tools Github
  17. World No 1 Hacker Software
  18. Computer Hacker
  19. Hacking Tools For Kali Linux
  20. Hack Tool Apk
  21. Pentest Automation Tools
  22. Hack Tools
  23. Pentest Tools Website
  24. Hacking Tools Free Download
  25. Pentest Tools Bluekeep
  26. Hacking Tools For Games
  27. Hacking Tools Windows
  28. Hack Tools
  29. Pentest Tools Subdomain
  30. Nsa Hacker Tools
  31. Hacking Tools For Windows
  32. Hack Tools Mac
  33. Tools Used For Hacking
  34. Pentest Tools Github
  35. Pentest Tools Kali Linux
  36. Hacking Tools
  37. Best Hacking Tools 2020
  38. Pentest Tools Open Source
  39. Hack Website Online Tool
  40. Hacker Security Tools
  41. Growth Hacker Tools
  42. Beginner Hacker Tools
  43. Usb Pentest Tools
  44. Hacking Tools For Kali Linux
  45. Hacking Tools For Pc
  46. Hack Tools Download
  47. Hacker Techniques Tools And Incident Handling
  48. How To Install Pentest Tools In Ubuntu
  49. Hacker Tools For Pc
  50. Hack Tools Download
  51. Black Hat Hacker Tools
  52. Hacking Tools For Beginners
  53. Pentest Tools Review
  54. Pentest Tools Url Fuzzer
  55. Hacker Hardware Tools
  56. Hacker Tools List
  57. Hacker Tools 2020
  58. Blackhat Hacker Tools
  59. Hacker Security Tools
  60. Usb Pentest Tools
  61. Hacking Tools Windows
  62. Best Hacking Tools 2020
  63. Best Pentesting Tools 2018
  64. Bluetooth Hacking Tools Kali
  65. Ethical Hacker Tools
  66. Hacker Tools 2019
  67. Hackers Toolbox
  68. Hacker
  69. Pentest Tools Github
  70. Pentest Recon Tools
  71. Hacking Tools Free Download
  72. Easy Hack Tools
  73. New Hacker Tools
  74. Hackrf Tools
  75. Easy Hack Tools
  76. Hacking Tools 2019
  77. Hack Tools Pc
  78. Pentest Tools Website
  79. Blackhat Hacker Tools
  80. Hacker Tools 2019
  81. Hacker Techniques Tools And Incident Handling
  82. How To Install Pentest Tools In Ubuntu
  83. Hacker Tools List
  84. Hacking Tools For Windows 7
  85. Hacker Tools Online
  86. Pentest Tools Open Source
  87. Computer Hacker
  88. Hacking Tools Download
  89. Hacking App
  90. Pentest Tools Download
  91. Hack Tools For Games
  92. Hacking Tools Usb
  93. Hacker Tools List
  94. Hack Tools For Games
  95. Pentest Tools For Windows
  96. What Is Hacking Tools
  97. Tools For Hacker
  98. Hacker Tools For Mac
  99. Hacking Tools Windows 10
  100. Hacker Tools 2019
  101. Game Hacking
  102. Best Pentesting Tools 2018
  103. Bluetooth Hacking Tools Kali
  104. Pentest Tools Website
  105. Hacker Security Tools
  106. Hacker Tools Windows
  107. How To Hack
  108. Best Pentesting Tools 2018
  109. What Is Hacking Tools
  110. Hack App
  111. Hacker Tools Windows
  112. Hacking Tools Kit
  113. New Hacker Tools

Tidak ada komentar:

Posting Komentar

Langganan: Posting Komentar (Atom)