Sunday, January 21, 2024

Vsftpd Backdoor - Ekoparty Prectf - Amn3S1A Team

It's a 32bits elf binary of some version of vsftpd, where it have been added a backdoor, they don't specify is an authentication backdoor, a special command or other stuff.

I started looking for something weird on the authentication routines, but I didn't found anything significant in a brief period of time, so I decided to do a bindiff, that was the key for locating the backdoor quickly. I do a quick diff of the strings with the command "strings bin | sort -u" and "vimdiff" and noticed that the backdoored binary has the symbol "execl" which is weird because is a call for executing elfs, don't needed for a ftp service, and weird that the compiled binary doesn't has that symbol.





Looking the xrefs of "execl" on IDA I found that code that is a clear backdoor, it create a socket, bind a port and duplicate the stdin, stdout and stderr to the socket and use the execl:



There are one xrefs to this function, the function that decides when trigger that is that kind of systems equations decision:


The backdoor was not on the authentication, it was a special command to trigger the backdoor, which is obfuscated on that systems equation, it was no needed to use a z3 equation solver because is a simple one and I did it by hand.



The equation:
cmd[0] = 69
cmd[1] = 78
cmd[1] + cmd[2] = 154
cmd[2] + cmd[3] = 202
cmd[3] + cmd[4] = 241
cmd[4] + cmd[5] = 233
cmd[5] + cmd[6] = 217
cmd[6] + cmd[7] = 218
cmd[7] + cmd[8] = 228
cmd[8] + cmd[9] = 212
cmd[9] + cmd[10] = 195
cmd[10] + cmd[11] = 195
cmd[11] + cmd[12] = 201
cmd[12] + cmd[13] = 207
cmd[13] + cmd[14] = 203
cmd[14] + cmd[15] = 215
cmd[15] + cmd[16] = 235
cmd[16] + cmd[17] = 242

The solution:
cmd[0] = 69
cmd[1] = 75
cmd[2] = 79
cmd[3] = 123
cmd[4] = 118
cmd[5] = 115
cmd[6] = 102
cmd[7] = 116
cmd[8] = 112
cmd[9] = 100
cmd[10] = 95
cmd[11] = 100
cmd[12] = 101
cmd[13] = 106
cmd[14] = 97                    
cmd[15] = 118
cmd[16] = 117
cmd[17] = 125


The flag:
EKO{vsftpd_dejavu}

The binary:
https://ctf.ekoparty.org/static/pre-ekoparty/backdoor


Continue reading


  1. Tools Used For Hacking
  2. New Hacker Tools
  3. Hacking Tools And Software
  4. Hacking App
  5. Pentest Tools Website Vulnerability
  6. Nsa Hack Tools Download
  7. Hacking Tools For Games
  8. What Are Hacking Tools
  9. Hacker Tools For Pc
  10. Tools For Hacker
  11. Hacking Tools Windows
  12. Pentest Tools For Android
  13. Pentest Tools Android
  14. Best Hacking Tools 2020
  15. Hack Rom Tools
  16. Pentest Tools Website
  17. Pentest Tools Website Vulnerability
  18. Hacker Tools Apk Download
  19. Tools 4 Hack
  20. Pentest Tools Windows
  21. Hacking Tools For Beginners
  22. Hacker Security Tools
  23. Hacking Tools Software
  24. Hacker Tools Free Download
  25. Hacker Tools 2020
  26. Usb Pentest Tools
  27. Pentest Tools
  28. Pentest Tools For Android
  29. Hacker Tools Linux
  30. Wifi Hacker Tools For Windows
  31. Hack Website Online Tool
  32. Pentest Tools Framework
  33. Hacking Tools Pc
  34. Hack And Tools
  35. Hack Apps
  36. Hacker Tools For Mac
  37. Pentest Reporting Tools
  38. Hacking Apps
  39. Hacking Tools
  40. Free Pentest Tools For Windows
  41. Hack Website Online Tool
  42. Hacker Tools Free Download
  43. Hack Tools For Pc
  44. Pentest Tools Website
  45. Hacking Apps
  46. Best Pentesting Tools 2018
  47. Hack Tools For Mac
  48. Kik Hack Tools
  49. Hacker Tools 2019
  50. Hack Tools Online
  51. Hacking Tools For Windows 7
  52. Hack Tools Github
  53. Termux Hacking Tools 2019
  54. Pentest Tools Review
  55. Black Hat Hacker Tools
  56. Hacker Tools For Ios
  57. Usb Pentest Tools
  58. Hacker Tools For Pc
  59. Best Pentesting Tools 2018
  60. Github Hacking Tools
  61. Kik Hack Tools
  62. Hacker Tools For Pc
  63. Hacking Tools For Windows Free Download
  64. Hack Tool Apk
  65. Hack Tool Apk No Root
  66. Hacking Apps
  67. Hack Tools
  68. Hacker Tools Apk
  69. Hack Tools 2019
  70. Hacking Tools Hardware
  71. Hacking Tools For Games
  72. Pentest Tools Android
  73. Hack Tool Apk No Root
  74. Hacking Tools Kit
  75. Underground Hacker Sites
  76. Free Pentest Tools For Windows
  77. Pentest Tools Framework
  78. Beginner Hacker Tools
  79. Pentest Tools Framework
  80. Hack Tools Github
  81. Tools Used For Hacking
  82. Hacker Tools Free Download
  83. Hacker Tools Free Download
  84. Termux Hacking Tools 2019
  85. Black Hat Hacker Tools
  86. Hack Tools
  87. Game Hacking
  88. Hacking Tools For Kali Linux
  89. Kik Hack Tools
  90. Hacking Tools For Windows Free Download
  91. Hackers Toolbox
  92. Pentest Tools Kali Linux
  93. Hack Apps
  94. Hacking Tools Hardware
  95. Pentest Tools Port Scanner
  96. Free Pentest Tools For Windows
  97. Pentest Tools For Windows
  98. Hacking Tools Software
  99. Hackrf Tools
  100. Hack Tool Apk No Root
  101. Kik Hack Tools
  102. Physical Pentest Tools
  103. Hack Tools
  104. Pentest Tools Subdomain
  105. Hacker Tools 2019
Posted by at

No comments:

Post a Comment

Subscribe to: Post Comments (Atom)