alertpay

Sunday, June 4, 2023

Vsftpd Backdoor - Ekoparty Prectf - Amn3S1A Team

It's a 32bits elf binary of some version of vsftpd, where it have been added a backdoor, they don't specify is an authentication backdoor, a special command or other stuff.

I started looking for something weird on the authentication routines, but I didn't found anything significant in a brief period of time, so I decided to do a bindiff, that was the key for locating the backdoor quickly. I do a quick diff of the strings with the command "strings bin | sort -u" and "vimdiff" and noticed that the backdoored binary has the symbol "execl" which is weird because is a call for executing elfs, don't needed for a ftp service, and weird that the compiled binary doesn't has that symbol.





Looking the xrefs of "execl" on IDA I found that code that is a clear backdoor, it create a socket, bind a port and duplicate the stdin, stdout and stderr to the socket and use the execl:



There are one xrefs to this function, the function that decides when trigger that is that kind of systems equations decision:


The backdoor was not on the authentication, it was a special command to trigger the backdoor, which is obfuscated on that systems equation, it was no needed to use a z3 equation solver because is a simple one and I did it by hand.



The equation:
cmd[0] = 69
cmd[1] = 78
cmd[1] + cmd[2] = 154
cmd[2] + cmd[3] = 202
cmd[3] + cmd[4] = 241
cmd[4] + cmd[5] = 233
cmd[5] + cmd[6] = 217
cmd[6] + cmd[7] = 218
cmd[7] + cmd[8] = 228
cmd[8] + cmd[9] = 212
cmd[9] + cmd[10] = 195
cmd[10] + cmd[11] = 195
cmd[11] + cmd[12] = 201
cmd[12] + cmd[13] = 207
cmd[13] + cmd[14] = 203
cmd[14] + cmd[15] = 215
cmd[15] + cmd[16] = 235
cmd[16] + cmd[17] = 242

The solution:
cmd[0] = 69
cmd[1] = 75
cmd[2] = 79
cmd[3] = 123
cmd[4] = 118
cmd[5] = 115
cmd[6] = 102
cmd[7] = 116
cmd[8] = 112
cmd[9] = 100
cmd[10] = 95
cmd[11] = 100
cmd[12] = 101
cmd[13] = 106
cmd[14] = 97                    
cmd[15] = 118
cmd[16] = 117
cmd[17] = 125


The flag:
EKO{vsftpd_dejavu}

The binary:
https://ctf.ekoparty.org/static/pre-ekoparty/backdoor


Read more


  1. Hacking Tools For Beginners
  2. Hack Website Online Tool
  3. Hacker Hardware Tools
  4. New Hack Tools
  5. Hacker Security Tools
  6. Hacking Tools For Beginners
  7. Usb Pentest Tools
  8. Hack Tools For Games
  9. Hacking Tools Kit
  10. What Is Hacking Tools
  11. Hack Tools For Windows
  12. Hacker Tool Kit
  13. Hacking Tools 2019
  14. Pentest Tools Alternative
  15. Hacking App
  16. Pentest Tools Open Source
  17. Hacking Tools Hardware
  18. Hacking Tools Windows 10
  19. Wifi Hacker Tools For Windows
  20. Usb Pentest Tools
  21. Pentest Tools Website Vulnerability
  22. Wifi Hacker Tools For Windows
  23. How To Make Hacking Tools
  24. Android Hack Tools Github
  25. How To Make Hacking Tools
  26. Computer Hacker
  27. Pentest Recon Tools
  28. Hacker Tools 2019
  29. Pentest Automation Tools
  30. Pentest Tools Apk
  31. Pentest Tools Windows
  32. Underground Hacker Sites
  33. Pentest Tools Download
  34. Hack Tools Github
  35. Pentest Box Tools Download
  36. Github Hacking Tools
  37. Hacking Tools And Software
  38. Hacking Tools For Mac
  39. Hackrf Tools
  40. Hacker Tools Linux
  41. Hacker Tools Free Download
  42. Pentest Tools Website
  43. Hack Tools For Pc
  44. Pentest Tools Kali Linux
  45. Hacking Apps
  46. Hak5 Tools
  47. Hack Tool Apk No Root
  48. Hack Tools For Pc
  49. What Is Hacking Tools
  50. Pentest Box Tools Download
  51. Easy Hack Tools
  52. Hacker Tools Free Download
  53. Hacking Tools Github
  54. Hacking App
  55. Hacking Tools For Mac
  56. Hack Tools 2019
  57. Hack App
  58. Hacker Tools Apk
  59. Hack Apps
  60. Hacker Techniques Tools And Incident Handling
  61. Hacker Tools For Pc
  62. Hacking Tools For Pc
  63. Hacker Tools Windows
  64. Pentest Tools Linux
  65. Hack Tools Pc
  66. Hacker
  67. What Are Hacking Tools
  68. Hacker Tools Github
  69. Tools Used For Hacking
  70. Hackers Toolbox
  71. Hack App
  72. Pentest Tools Nmap
  73. Hacking Tools Usb
  74. How To Hack
  75. What Are Hacking Tools
  76. Hack Rom Tools
  77. Hacking Tools Free Download
  78. Hacking Tools For Kali Linux
  79. Pentest Tools Open Source
  80. Hacker Security Tools
  81. Pentest Tools Website
  82. Pentest Automation Tools
  83. Pentest Tools Linux
  84. Hacking Tools Pc
  85. Hackrf Tools
  86. Hack Tools
  87. Hacker Tools Free Download
  88. Blackhat Hacker Tools
  89. Best Hacking Tools 2019
  90. Hacking Tools Kit
  91. Hacking Tools For Windows
  92. How To Make Hacking Tools
  93. Hacking Tools Windows 10
  94. Pentest Tools Apk
  95. Pentest Automation Tools
  96. Hack Tools For Games
  97. Physical Pentest Tools
  98. Github Hacking Tools
  99. Free Pentest Tools For Windows
  100. Pentest Tools For Ubuntu
  101. Hacking Tools Usb
  102. Hackers Toolbox
  103. Hack Tools For Games
  104. Hacking Tools For Windows
  105. Hacking Tools Download
  106. Hacking Tools Kit
  107. Hack And Tools
  108. Best Pentesting Tools 2018
  109. Hacker
  110. Hacking Tools Windows
  111. Bluetooth Hacking Tools Kali
  112. Termux Hacking Tools 2019
  113. Hack Tools Online
  114. Pentest Tools Review
  115. How To Make Hacking Tools
  116. Hacker Tools Linux
  117. Hacking Tools Usb

No comments: