Thursday, August 20, 2020

Vsftpd Backdoor - Ekoparty Prectf - Amn3S1A Team

It's a 32bits elf binary of some version of vsftpd, where it have been added a backdoor, they don't specify is an authentication backdoor, a special command or other stuff.

I started looking for something weird on the authentication routines, but I didn't found anything significant in a brief period of time, so I decided to do a bindiff, that was the key for locating the backdoor quickly. I do a quick diff of the strings with the command "strings bin | sort -u" and "vimdiff" and noticed that the backdoored binary has the symbol "execl" which is weird because is a call for executing elfs, don't needed for a ftp service, and weird that the compiled binary doesn't has that symbol.





Looking the xrefs of "execl" on IDA I found that code that is a clear backdoor, it create a socket, bind a port and duplicate the stdin, stdout and stderr to the socket and use the execl:



There are one xrefs to this function, the function that decides when trigger that is that kind of systems equations decision:


The backdoor was not on the authentication, it was a special command to trigger the backdoor, which is obfuscated on that systems equation, it was no needed to use a z3 equation solver because is a simple one and I did it by hand.



The equation:
cmd[0] = 69
cmd[1] = 78
cmd[1] + cmd[2] = 154
cmd[2] + cmd[3] = 202
cmd[3] + cmd[4] = 241
cmd[4] + cmd[5] = 233
cmd[5] + cmd[6] = 217
cmd[6] + cmd[7] = 218
cmd[7] + cmd[8] = 228
cmd[8] + cmd[9] = 212
cmd[9] + cmd[10] = 195
cmd[10] + cmd[11] = 195
cmd[11] + cmd[12] = 201
cmd[12] + cmd[13] = 207
cmd[13] + cmd[14] = 203
cmd[14] + cmd[15] = 215
cmd[15] + cmd[16] = 235
cmd[16] + cmd[17] = 242

The solution:
cmd[0] = 69
cmd[1] = 75
cmd[2] = 79
cmd[3] = 123
cmd[4] = 118
cmd[5] = 115
cmd[6] = 102
cmd[7] = 116
cmd[8] = 112
cmd[9] = 100
cmd[10] = 95
cmd[11] = 100
cmd[12] = 101
cmd[13] = 106
cmd[14] = 97                    
cmd[15] = 118
cmd[16] = 117
cmd[17] = 125


The flag:
EKO{vsftpd_dejavu}

The binary:
https://ctf.ekoparty.org/static/pre-ekoparty/backdoor


Related articles


  1. Hacker Tools Github
  2. Termux Hacking Tools 2019
  3. Pentest Tools Github
  4. Hack Tools
  5. Hacker Tools Software
  6. Pentest Tools Review
  7. Hacker Tools Linux
  8. Hak5 Tools
  9. Hack Tools
  10. Install Pentest Tools Ubuntu
  11. Hacking Tools
  12. Best Hacking Tools 2019
  13. Pentest Tools Find Subdomains
  14. Hacker Tools For Mac
  15. Hacking Tools For Pc
  16. Tools 4 Hack
  17. Pentest Tools For Mac
  18. Hacking Tools For Games
  19. Pentest Tools Port Scanner
  20. Nsa Hack Tools Download
  21. Hacker Tools For Ios
  22. Pentest Tools Windows
  23. Hacking Tools Online
  24. Hacker Tools For Mac
  25. Pentest Automation Tools
  26. Hacker Tools 2019
  27. Wifi Hacker Tools For Windows
  28. Pentest Tools Framework
  29. Pentest Tools Website Vulnerability
  30. Pentest Tools Windows
  31. Hacking Tools Windows 10
  32. Pentest Tools List
  33. Hacker Tools Apk Download
  34. Hacking Tools Windows
  35. Pentest Tools Apk
  36. Hack Rom Tools
  37. Pentest Tools For Ubuntu
  38. Pentest Tools Online
  39. Hackers Toolbox
  40. Pentest Tools Kali Linux
  41. Hacking Tools Hardware
  42. Nsa Hack Tools
  43. Pentest Tools Open Source
  44. Pentest Reporting Tools
  45. Hacking Tools Name
  46. Hack Website Online Tool
  47. Pentest Tools Online
  48. Growth Hacker Tools
  49. Hack Apps
  50. Ethical Hacker Tools
  51. Tools 4 Hack
  52. Hacking Tools For Kali Linux
  53. Hacking Tools Hardware
  54. Hacker Tools For Pc
  55. Hacking Tools Free Download
  56. Hacking Tools For Pc
  57. Hacking Tools And Software
  58. Hacking App
  59. Pentest Tools Online
  60. Github Hacking Tools
  61. Pentest Tools Port Scanner
  62. Hack Apps
  63. Hack Rom Tools
  64. Hacker Tools Linux
  65. Pentest Tools Port Scanner
  66. World No 1 Hacker Software
  67. Pentest Tools Android
  68. Hacker Tools Online
  69. Nsa Hacker Tools
  70. Top Pentest Tools
  71. Hacker Tools For Pc
  72. Hack Rom Tools
  73. Pentest Reporting Tools
  74. Hacker Tools 2019
  75. Hacking Tools And Software
  76. Top Pentest Tools
  77. Hacking Tools 2019
  78. Beginner Hacker Tools
  79. Hacker Tools Free
  80. Hacking Tools For Windows Free Download
  81. Hacker Tools Apk
  82. Hacks And Tools
  83. Best Hacking Tools 2020
  84. What Is Hacking Tools
  85. New Hacker Tools
  86. Hacking Tools Github
  87. Pentest Tools Open Source
  88. Hacking Tools For Windows
  89. Pentest Tools Online
  90. Hacker Tools Free Download
  91. Hacking Tools And Software
  92. Hacker Tools For Pc
  93. Hacking Tools Pc
  94. Ethical Hacker Tools
  95. Hack App
  96. Pentest Tools Review
  97. Growth Hacker Tools
  98. Pentest Tools Alternative
  99. Hack Tools For Ubuntu
  100. Free Pentest Tools For Windows
  101. Android Hack Tools Github
  102. Hacker
  103. Hacker Tool Kit
  104. Wifi Hacker Tools For Windows
  105. Hak5 Tools
  106. Pentest Tools Android
  107. Best Pentesting Tools 2018
  108. Hack Tools For Ubuntu
  109. Best Hacking Tools 2020
  110. Game Hacking
  111. Best Hacking Tools 2019
  112. Nsa Hacker Tools
  113. Computer Hacker
  114. Pentest Automation Tools
  115. How To Make Hacking Tools
  116. Hacking Tools Kit
  117. Hacking App
  118. Pentest Tools Website
  119. Hacker Tools Apk Download
  120. Pentest Tools Free
  121. Termux Hacking Tools 2019
  122. Hacker Tools List
  123. Hack App
  124. Best Pentesting Tools 2018
  125. Black Hat Hacker Tools
  126. Hack Tools Mac
  127. Hack Tools For Mac
  128. Hacker Tools
  129. Hack Tools Mac
  130. Hacking Tools For Pc
  131. How To Hack
  132. Pentest Tools Bluekeep
  133. Pentest Tools Website Vulnerability
  134. Hacking Tools Hardware
  135. Hacking Tools
  136. Hacking Tools Pc
  137. Pentest Tools Github
  138. Pentest Tools Download
  139. Pentest Tools Free
  140. Wifi Hacker Tools For Windows
  141. Pentest Tools Find Subdomains
  142. Pentest Tools Find Subdomains
  143. Install Pentest Tools Ubuntu
  144. Hacker Tools For Windows
  145. Termux Hacking Tools 2019
  146. Hacker Tools Online
  147. Pentest Recon Tools
  148. Bluetooth Hacking Tools Kali
  149. Tools For Hacker
  150. Hak5 Tools
  151. Usb Pentest Tools
  152. Hacker Tools Mac
  153. Hacker Tools 2019
  154. Hacker Tools 2019
  155. Hack Website Online Tool
  156. Hack Tools Github
  157. Hacker Tools For Windows
  158. Nsa Hacker Tools
  159. Hacker Hardware Tools
  160. Hack Tool Apk
  161. Hack Tools For Mac
  162. Hacking Tools Pc
  163. Best Pentesting Tools 2018
  164. Hacking Tools Online
  165. Hack Tool Apk No Root
  166. World No 1 Hacker Software
  167. Hacking Tools Kit
  168. How To Install Pentest Tools In Ubuntu
  169. Pentest Tools Github
  170. Hacker Search Tools
  171. Hacking Tools For Kali Linux
  172. Game Hacking
  173. Hacker Tools Hardware
  174. Hacker Tools Free Download
  175. Hacker
  176. Pentest Tools Framework
Posted by at

No comments:

Post a Comment

Subscribe to: Post Comments (Atom)