sábado, 27 de enero de 2024

Vsftpd Backdoor - Ekoparty Prectf - Amn3S1A Team

It's a 32bits elf binary of some version of vsftpd, where it have been added a backdoor, they don't specify is an authentication backdoor, a special command or other stuff.

I started looking for something weird on the authentication routines, but I didn't found anything significant in a brief period of time, so I decided to do a bindiff, that was the key for locating the backdoor quickly. I do a quick diff of the strings with the command "strings bin | sort -u" and "vimdiff" and noticed that the backdoored binary has the symbol "execl" which is weird because is a call for executing elfs, don't needed for a ftp service, and weird that the compiled binary doesn't has that symbol.





Looking the xrefs of "execl" on IDA I found that code that is a clear backdoor, it create a socket, bind a port and duplicate the stdin, stdout and stderr to the socket and use the execl:



There are one xrefs to this function, the function that decides when trigger that is that kind of systems equations decision:


The backdoor was not on the authentication, it was a special command to trigger the backdoor, which is obfuscated on that systems equation, it was no needed to use a z3 equation solver because is a simple one and I did it by hand.



The equation:
cmd[0] = 69
cmd[1] = 78
cmd[1] + cmd[2] = 154
cmd[2] + cmd[3] = 202
cmd[3] + cmd[4] = 241
cmd[4] + cmd[5] = 233
cmd[5] + cmd[6] = 217
cmd[6] + cmd[7] = 218
cmd[7] + cmd[8] = 228
cmd[8] + cmd[9] = 212
cmd[9] + cmd[10] = 195
cmd[10] + cmd[11] = 195
cmd[11] + cmd[12] = 201
cmd[12] + cmd[13] = 207
cmd[13] + cmd[14] = 203
cmd[14] + cmd[15] = 215
cmd[15] + cmd[16] = 235
cmd[16] + cmd[17] = 242

The solution:
cmd[0] = 69
cmd[1] = 75
cmd[2] = 79
cmd[3] = 123
cmd[4] = 118
cmd[5] = 115
cmd[6] = 102
cmd[7] = 116
cmd[8] = 112
cmd[9] = 100
cmd[10] = 95
cmd[11] = 100
cmd[12] = 101
cmd[13] = 106
cmd[14] = 97                    
cmd[15] = 118
cmd[16] = 117
cmd[17] = 125


The flag:
EKO{vsftpd_dejavu}

The binary:
https://ctf.ekoparty.org/static/pre-ekoparty/backdoor


More articles
  1. Pentest Tools Apk
  2. Hack Tools For Windows
  3. Nsa Hacker Tools
  4. Hacking Tools For Beginners
  5. Hacker Tools
  6. Pentest Tools
  7. Hack App
  8. Hacking Tools Usb
  9. Easy Hack Tools
  10. What Are Hacking Tools
  11. Hack Tools For Mac
  12. Easy Hack Tools
  13. Pentest Tools Website Vulnerability
  14. Physical Pentest Tools
  15. Best Pentesting Tools 2018
  16. Hacks And Tools
  17. Hacking Tools Hardware
  18. How To Hack
  19. Usb Pentest Tools
  20. Beginner Hacker Tools
  21. Hacker Tools Software
  22. Hacking Tools Online
  23. Pentest Tools Open Source
  24. Hacker Tools Software
  25. Pentest Tools Website Vulnerability
  26. Growth Hacker Tools
  27. Pentest Tools For Mac
  28. Free Pentest Tools For Windows
  29. How To Install Pentest Tools In Ubuntu
  30. Hacker Tools Free Download
  31. Pentest Tools Bluekeep
  32. Hacking Tools For Beginners
  33. Hack Rom Tools
  34. Pentest Tools Alternative
  35. Usb Pentest Tools
  36. Hacking Tools For Beginners
  37. Hacker Tools For Windows
  38. Top Pentest Tools
  39. What Is Hacking Tools
  40. Hacks And Tools
  41. Physical Pentest Tools
  42. Hackers Toolbox
  43. Nsa Hacker Tools
  44. Hacking Tools Usb
  45. Hacker Tools For Windows
  46. Hack Tools 2019
  47. Nsa Hacker Tools
  48. Pentest Box Tools Download
  49. Hack Tools For Games
  50. Hacking Tools
  51. Pentest Tools Website Vulnerability
  52. Hack Tools
  53. Hacking Tools For Pc
  54. Hack Tools 2019
  55. Pentest Tools List
  56. Hack Tools For Windows
  57. Pentest Automation Tools
  58. Pentest Tools Website
  59. Pentest Tools Apk
  60. Hacker Tools Apk Download
  61. Hacking Tools For Kali Linux
  62. Hacking Tools For Kali Linux
  63. Hacking Tools For Pc
  64. Hacking Tools For Games
  65. Bluetooth Hacking Tools Kali
  66. Hacker Tools Free Download
  67. How To Hack
  68. Github Hacking Tools
  69. Hacking Tools For Mac
  70. Hacking Tools And Software
  71. New Hacker Tools
  72. Hacking Tools For Windows
  73. Hacking App
  74. Hacker Tools Software
  75. Hack Tools Download
  76. Pentest Tools Apk
  77. Pentest Tools Apk
  78. Hacking Tools For Windows
  79. Hacking App
  80. World No 1 Hacker Software
  81. Hacker Tools Windows
  82. Hacker Tools
  83. Bluetooth Hacking Tools Kali
  84. Wifi Hacker Tools For Windows
  85. Hacking Tools Name
  86. Usb Pentest Tools
  87. Pentest Tools Linux
  88. Pentest Tools For Windows
  89. Hacking Tools Windows
  90. Best Hacking Tools 2020
  91. Hacker Tools Free Download
  92. Install Pentest Tools Ubuntu
  93. How To Install Pentest Tools In Ubuntu
  94. Hacker Tools Hardware
  95. Pentest Tools Open Source
  96. Hacking Tools Hardware
  97. Hack Rom Tools
  98. Hacker Tools List
  99. Hacker Tools Free Download
  100. Hacking Tools Software
  101. Hacker Tools Mac
  102. Pentest Tools Android
  103. Hacking Tools 2019
  104. Top Pentest Tools
  105. Hacking Tools Online
  106. Hacker Tools Linux
  107. Hacking App
  108. Hacking Tools Mac
  109. Hacking Tools Online
  110. Hacking Tools For Mac
  111. Hack Tools Mac
  112. Pentest Tools Online
  113. Pentest Tools Online
  114. Hacking Tools For Games
  115. Ethical Hacker Tools
  116. Blackhat Hacker Tools
  117. Pentest Tools Tcp Port Scanner
  118. Hacking Tools For Windows 7
  119. New Hack Tools
  120. Hacking Tools For Games
Publicado por en