Wednesday, January 24, 2024

Vsftpd Backdoor - Ekoparty Prectf - Amn3S1A Team

It's a 32bits elf binary of some version of vsftpd, where it have been added a backdoor, they don't specify is an authentication backdoor, a special command or other stuff.

I started looking for something weird on the authentication routines, but I didn't found anything significant in a brief period of time, so I decided to do a bindiff, that was the key for locating the backdoor quickly. I do a quick diff of the strings with the command "strings bin | sort -u" and "vimdiff" and noticed that the backdoored binary has the symbol "execl" which is weird because is a call for executing elfs, don't needed for a ftp service, and weird that the compiled binary doesn't has that symbol.





Looking the xrefs of "execl" on IDA I found that code that is a clear backdoor, it create a socket, bind a port and duplicate the stdin, stdout and stderr to the socket and use the execl:



There are one xrefs to this function, the function that decides when trigger that is that kind of systems equations decision:


The backdoor was not on the authentication, it was a special command to trigger the backdoor, which is obfuscated on that systems equation, it was no needed to use a z3 equation solver because is a simple one and I did it by hand.



The equation:
cmd[0] = 69
cmd[1] = 78
cmd[1] + cmd[2] = 154
cmd[2] + cmd[3] = 202
cmd[3] + cmd[4] = 241
cmd[4] + cmd[5] = 233
cmd[5] + cmd[6] = 217
cmd[6] + cmd[7] = 218
cmd[7] + cmd[8] = 228
cmd[8] + cmd[9] = 212
cmd[9] + cmd[10] = 195
cmd[10] + cmd[11] = 195
cmd[11] + cmd[12] = 201
cmd[12] + cmd[13] = 207
cmd[13] + cmd[14] = 203
cmd[14] + cmd[15] = 215
cmd[15] + cmd[16] = 235
cmd[16] + cmd[17] = 242

The solution:
cmd[0] = 69
cmd[1] = 75
cmd[2] = 79
cmd[3] = 123
cmd[4] = 118
cmd[5] = 115
cmd[6] = 102
cmd[7] = 116
cmd[8] = 112
cmd[9] = 100
cmd[10] = 95
cmd[11] = 100
cmd[12] = 101
cmd[13] = 106
cmd[14] = 97                    
cmd[15] = 118
cmd[16] = 117
cmd[17] = 125


The flag:
EKO{vsftpd_dejavu}

The binary:
https://ctf.ekoparty.org/static/pre-ekoparty/backdoor


More information
  1. Pentest Tools List
  2. How To Install Pentest Tools In Ubuntu
  3. Hacking Tools Hardware
  4. Tools 4 Hack
  5. Pentest Recon Tools
  6. Hack Tools For Windows
  7. Kik Hack Tools
  8. Hacking Tools 2020
  9. Hacker Tools Free Download
  10. Hacker Tools For Mac
  11. Hackers Toolbox
  12. Hacker Tools For Windows
  13. Hack Tools For Pc
  14. Hacker Tools Hardware
  15. Hacking Tools For Kali Linux
  16. Computer Hacker
  17. Hacker Tools 2020
  18. Hacker Tools List
  19. Tools For Hacker
  20. Physical Pentest Tools
  21. Hacker Techniques Tools And Incident Handling
  22. Hacker Tools For Ios
  23. How To Make Hacking Tools
  24. Hack Apps
  25. Pentest Reporting Tools
  26. Easy Hack Tools
  27. Best Hacking Tools 2020
  28. Hacker Tools Github
  29. Hacking Tools For Windows Free Download
  30. Pentest Automation Tools
  31. Hacker Tools 2020
  32. Pentest Tools Framework
  33. Pentest Tools
  34. Pentest Tools Subdomain
  35. Tools 4 Hack
  36. Tools For Hacker
  37. Hacking Tools
  38. Pentest Recon Tools
  39. Hacker
  40. Hacking Tools
  41. Pentest Reporting Tools
  42. Tools 4 Hack
  43. Pentest Tools Open Source
  44. Pentest Tools
  45. Github Hacking Tools
  46. Pentest Tools Nmap
  47. Pentest Tools Free
  48. Hack Rom Tools
  49. Hacker Tools Hardware
  50. Ethical Hacker Tools
  51. Pentest Tools Website
  52. Bluetooth Hacking Tools Kali
  53. Tools 4 Hack
  54. Pentest Tools Android
  55. Hack Apps
  56. Top Pentest Tools
  57. Free Pentest Tools For Windows
  58. Hacking Tools For Games
  59. Pentest Tools Tcp Port Scanner
  60. Hacking Tools For Windows Free Download
  61. Hacking Tools For Windows Free Download
  62. Hacking App
  63. Hacking Tools Online
  64. Hack And Tools
  65. Hacking App
  66. Hack Website Online Tool
  67. Hacker Tools For Pc
  68. Pentest Tools Framework
  69. Hacker Tools Linux
  70. Hacker Tools Online
  71. Hack Tool Apk
  72. Pentest Tools For Mac
  73. Hacking Tools
  74. Hacker Tools
  75. Hack Tools For Mac
  76. Pentest Tools For Ubuntu
  77. Hacking Tools Online
  78. Hacker Tools Hardware
  79. Pentest Tools Linux
  80. Hacker Tools Mac
  81. Pentest Tools Github
  82. Easy Hack Tools
  83. Hacking Tools Pc
  84. Pentest Tools Subdomain
  85. Hacker
  86. Hacker Tools For Pc
  87. Hacker Tools Apk
  88. Hacker Tools For Mac
  89. Hacker Tools
  90. Underground Hacker Sites
  91. Pentest Tools Subdomain
  92. Hack Tools
  93. Hacker Search Tools
  94. Hacking Tools For Windows
  95. How To Make Hacking Tools
  96. Pentest Recon Tools
  97. Hacker Tool Kit
  98. Hack Rom Tools
  99. Physical Pentest Tools
  100. Pentest Tools Bluekeep
  101. Hack Tools Github
  102. Pentest Recon Tools
  103. Hacking Tools Pc
  104. Hack Rom Tools
  105. Tools 4 Hack
  106. Best Hacking Tools 2019
  107. Hacker Tools For Ios
  108. Hacker Tools Online
  109. Computer Hacker
  110. Hackers Toolbox
  111. Blackhat Hacker Tools
  112. Pentest Tools Alternative
  113. Hacker Tools For Windows
  114. Hacking Tools For Windows Free Download
  115. Pentest Tools List
  116. Hacking Tools 2019
  117. Pentest Tools Online
  118. Hacking Tools Usb
  119. Underground Hacker Sites
  120. Hacker Tools Free
  121. Computer Hacker
  122. Tools Used For Hacking
  123. Pentest Tools Find Subdomains
  124. Hacking Tools Windows 10
  125. Best Hacking Tools 2020
  126. Install Pentest Tools Ubuntu
  127. Pentest Automation Tools
  128. Tools Used For Hacking
  129. Hacker Tool Kit
  130. World No 1 Hacker Software
  131. New Hacker Tools
  132. Hack Website Online Tool
  133. Nsa Hack Tools Download
  134. Easy Hack Tools
  135. Hacking Tools 2020
  136. Hacker Tools Free
  137. Hacker Tools Mac
  138. Hacking Tools Mac
  139. Tools Used For Hacking
  140. How To Hack
  141. Pentest Tools Framework
  142. Tools For Hacker
  143. Hack Tools For Windows
  144. Pentest Tools Windows
  145. Bluetooth Hacking Tools Kali
  146. Hack Tools
  147. Hack Tools Github
  148. Hacker Tools Windows
  149. Hack Tools
  150. Hacking Tools For Windows
  151. Pentest Tools Find Subdomains
  152. Hacking Tools For Pc
  153. Pentest Tools Linux
  154. Pentest Tools Framework
  155. Hacker Tools Apk Download
  156. Hacker Tools Software
  157. Hak5 Tools
  158. Pentest Box Tools Download
  159. Pentest Tools Find Subdomains
  160. Pentest Automation Tools
  161. Game Hacking
  162. Game Hacking
  163. Hacking Tools For Games
  164. Pentest Tools Open Source
  165. World No 1 Hacker Software
  166. Hacker Tools Linux
  167. Hacker Tools Linux
  168. World No 1 Hacker Software
  169. How To Install Pentest Tools In Ubuntu
  170. Hacker Tool Kit
  171. Pentest Automation Tools
  172. Pentest Tools Download
  173. Hack Tools For Ubuntu
  174. Hack Tools For Windows
  175. Hacking Tools For Windows
  176. Hacker Techniques Tools And Incident Handling
  177. Hacking Tools Download
Posted by at

No comments:

Post a Comment

Subscribe to: Post Comments (Atom)