Saturday 22 August 2020

Vsftpd Backdoor - Ekoparty Prectf - Amn3S1A Team

It's a 32bits elf binary of some version of vsftpd, where it have been added a backdoor, they don't specify is an authentication backdoor, a special command or other stuff.

I started looking for something weird on the authentication routines, but I didn't found anything significant in a brief period of time, so I decided to do a bindiff, that was the key for locating the backdoor quickly. I do a quick diff of the strings with the command "strings bin | sort -u" and "vimdiff" and noticed that the backdoored binary has the symbol "execl" which is weird because is a call for executing elfs, don't needed for a ftp service, and weird that the compiled binary doesn't has that symbol.





Looking the xrefs of "execl" on IDA I found that code that is a clear backdoor, it create a socket, bind a port and duplicate the stdin, stdout and stderr to the socket and use the execl:



There are one xrefs to this function, the function that decides when trigger that is that kind of systems equations decision:


The backdoor was not on the authentication, it was a special command to trigger the backdoor, which is obfuscated on that systems equation, it was no needed to use a z3 equation solver because is a simple one and I did it by hand.



The equation:
cmd[0] = 69
cmd[1] = 78
cmd[1] + cmd[2] = 154
cmd[2] + cmd[3] = 202
cmd[3] + cmd[4] = 241
cmd[4] + cmd[5] = 233
cmd[5] + cmd[6] = 217
cmd[6] + cmd[7] = 218
cmd[7] + cmd[8] = 228
cmd[8] + cmd[9] = 212
cmd[9] + cmd[10] = 195
cmd[10] + cmd[11] = 195
cmd[11] + cmd[12] = 201
cmd[12] + cmd[13] = 207
cmd[13] + cmd[14] = 203
cmd[14] + cmd[15] = 215
cmd[15] + cmd[16] = 235
cmd[16] + cmd[17] = 242

The solution:
cmd[0] = 69
cmd[1] = 75
cmd[2] = 79
cmd[3] = 123
cmd[4] = 118
cmd[5] = 115
cmd[6] = 102
cmd[7] = 116
cmd[8] = 112
cmd[9] = 100
cmd[10] = 95
cmd[11] = 100
cmd[12] = 101
cmd[13] = 106
cmd[14] = 97                    
cmd[15] = 118
cmd[16] = 117
cmd[17] = 125


The flag:
EKO{vsftpd_dejavu}

The binary:
https://ctf.ekoparty.org/static/pre-ekoparty/backdoor


Related word


  1. Hacker Tools 2020
  2. Android Hack Tools Github
  3. Physical Pentest Tools
  4. Hack App
  5. Pentest Tools For Android
  6. Pentest Tools For Android
  7. Hack Apps
  8. Hacker Tools Free Download
  9. Hack Website Online Tool
  10. Pentest Tools Kali Linux
  11. Pentest Tools Nmap
  12. Hacking Tools For Windows Free Download
  13. Hacker Tools Mac
  14. How To Hack
  15. Pentest Tools For Mac
  16. Pentest Tools Website
  17. Termux Hacking Tools 2019
  18. Pentest Recon Tools
  19. Hacking Tools Kit
  20. Hack Tools
  21. Nsa Hacker Tools
  22. Hacking Tools Software
  23. Hacker Tools Mac
  24. Hacking Tools Online
  25. Physical Pentest Tools
  26. Hacker Tools Mac
  27. Hacking Tools
  28. Hacker Tool Kit
  29. Pentest Tools Kali Linux
  30. Pentest Tools Apk
  31. Hack Tool Apk No Root
  32. Pentest Tools Download
  33. Github Hacking Tools
  34. Pentest Tools Url Fuzzer
  35. Hacker Tools For Mac
  36. Hacker Tools Online
  37. Pentest Tools Open Source
  38. Hacker Tools Free Download
  39. Pentest Automation Tools
  40. Hacking Tools Free Download
  41. Hackrf Tools
  42. Top Pentest Tools
  43. Hack Tool Apk
  44. Top Pentest Tools
  45. Free Pentest Tools For Windows
  46. Hackers Toolbox
  47. Pentest Tools For Ubuntu
  48. Pentest Tools Open Source
  49. Hack Tools Online
  50. Hacking Tools For Mac
  51. Nsa Hacker Tools
  52. Usb Pentest Tools
  53. Hacker Tools For Ios
  54. Pentest Tools Download
  55. Pentest Tools Framework
  56. Hack Tools For Games
  57. Computer Hacker
  58. Hacker Tools Software
  59. Hacking Tools For Windows 7
  60. Physical Pentest Tools
  61. Hack Tool Apk
  62. Pentest Tools For Mac
  63. How To Make Hacking Tools
  64. Tools Used For Hacking
  65. How To Hack
  66. Hacking Tools Kit
  67. Pentest Reporting Tools
  68. Pentest Tools Tcp Port Scanner
  69. Hacking Tools Usb
  70. Hacker Tools Linux
  71. Hacker Security Tools
  72. Tools 4 Hack
  73. Free Pentest Tools For Windows
  74. Pentest Tools Url Fuzzer
  75. Hacking Tools And Software
  76. Install Pentest Tools Ubuntu
  77. How To Make Hacking Tools
  78. Pentest Tools Framework
  79. Hacking Tools For Windows 7
  80. Hack Tool Apk
  81. Hack Tools Pc
  82. Pentest Tools Android
  83. Black Hat Hacker Tools
  84. Pentest Tools Nmap
  85. Hack Tools
  86. Hack Apps
  87. Hacker Tools Github
  88. Hack App
  89. Hacking Tools Mac
  90. Hacker Techniques Tools And Incident Handling
  91. New Hack Tools
  92. Pentest Tools Review
  93. Hacking Tools Software
  94. Pentest Tools Bluekeep
  95. Hacker Tools Mac
  96. Hacking Tools Free Download
  97. Hack Website Online Tool
  98. Best Hacking Tools 2019
  99. Underground Hacker Sites
  100. Hacking Tools Hardware
  101. Pentest Tools Linux
  102. Pentest Tools For Ubuntu
  103. Pentest Tools Url Fuzzer
  104. Pentest Tools Github
  105. Hacking Tools Github
  106. Hacking Tools Windows 10
  107. Usb Pentest Tools
  108. Pentest Tools Online
  109. Pentest Tools Open Source
  110. Hacker Tool Kit
  111. Hack Tools 2019
  112. Hacking Tools Usb
  113. Pentest Tools
  114. Computer Hacker
  115. Hacking Tools Online
  116. Hacking Tools Download
  117. Hack And Tools
  118. Pentest Tools List
  119. Wifi Hacker Tools For Windows
  120. Pentest Tools Kali Linux
  121. Hak5 Tools
  122. New Hack Tools
  123. Hacking Tools 2019
  124. Github Hacking Tools
  125. Nsa Hacker Tools
  126. Best Hacking Tools 2019
  127. Hackrf Tools
  128. Pentest Recon Tools
  129. Hack Apps
  130. Hack Tool Apk No Root
  131. Hacking Tools Name
  132. Pentest Tools Website Vulnerability
  133. Hacker Tools Apk
  134. How To Hack
  135. Hacking Tools Hardware
  136. Pentest Tools Subdomain
  137. Computer Hacker
  138. Pentest Tools
  139. Hack Tools Github
  140. Hacker Tools For Mac
  141. Hacker Tools For Pc
  142. Pentest Tools Alternative
  143. Hacker Tools Windows
  144. Free Pentest Tools For Windows
  145. Hacking Tools For Mac
  146. Pentest Tools List
  147. Hacking Apps
  148. Hack Tools For Mac
  149. Hack Tools 2019
  150. Wifi Hacker Tools For Windows
  151. Pentest Tools Online
  152. Hacking Tools For Windows
  153. Hacker Tools Free Download
  154. Pentest Tools For Mac
  155. Pentest Tools Nmap
  156. Hack Tools Online
  157. Hacker Security Tools
  158. Hacking Tools 2019
  159. Hacking Apps
  160. Pentest Tools Nmap
  161. Pentest Tools Download
  162. Tools 4 Hack
  163. Hacker Tools 2019
Posted by at

0 comments:

Post a Comment

Subscribe to: Post Comments (Atom)