Wednesday, August 26, 2020

Vsftpd Backdoor - Ekoparty Prectf - Amn3S1A Team

It's a 32bits elf binary of some version of vsftpd, where it have been added a backdoor, they don't specify is an authentication backdoor, a special command or other stuff.

I started looking for something weird on the authentication routines, but I didn't found anything significant in a brief period of time, so I decided to do a bindiff, that was the key for locating the backdoor quickly. I do a quick diff of the strings with the command "strings bin | sort -u" and "vimdiff" and noticed that the backdoored binary has the symbol "execl" which is weird because is a call for executing elfs, don't needed for a ftp service, and weird that the compiled binary doesn't has that symbol.





Looking the xrefs of "execl" on IDA I found that code that is a clear backdoor, it create a socket, bind a port and duplicate the stdin, stdout and stderr to the socket and use the execl:



There are one xrefs to this function, the function that decides when trigger that is that kind of systems equations decision:


The backdoor was not on the authentication, it was a special command to trigger the backdoor, which is obfuscated on that systems equation, it was no needed to use a z3 equation solver because is a simple one and I did it by hand.



The equation:
cmd[0] = 69
cmd[1] = 78
cmd[1] + cmd[2] = 154
cmd[2] + cmd[3] = 202
cmd[3] + cmd[4] = 241
cmd[4] + cmd[5] = 233
cmd[5] + cmd[6] = 217
cmd[6] + cmd[7] = 218
cmd[7] + cmd[8] = 228
cmd[8] + cmd[9] = 212
cmd[9] + cmd[10] = 195
cmd[10] + cmd[11] = 195
cmd[11] + cmd[12] = 201
cmd[12] + cmd[13] = 207
cmd[13] + cmd[14] = 203
cmd[14] + cmd[15] = 215
cmd[15] + cmd[16] = 235
cmd[16] + cmd[17] = 242

The solution:
cmd[0] = 69
cmd[1] = 75
cmd[2] = 79
cmd[3] = 123
cmd[4] = 118
cmd[5] = 115
cmd[6] = 102
cmd[7] = 116
cmd[8] = 112
cmd[9] = 100
cmd[10] = 95
cmd[11] = 100
cmd[12] = 101
cmd[13] = 106
cmd[14] = 97                    
cmd[15] = 118
cmd[16] = 117
cmd[17] = 125


The flag:
EKO{vsftpd_dejavu}

The binary:
https://ctf.ekoparty.org/static/pre-ekoparty/backdoor


Related word
  1. Pentest Tools Online
  2. Pentest Tools Framework
  3. Hacker Tools Free Download
  4. Pentest Tools Online
  5. Hack Tools For Games
  6. Hacker Tools For Pc
  7. Hacking Tools For Windows 7
  8. Hack Tools For Ubuntu
  9. Pentest Tools For Mac
  10. Hacking Tools Hardware
  11. Pentest Box Tools Download
  12. Pentest Tools Framework
  13. Pentest Tools Github
  14. Hacking Tools Software
  15. Hacking Tools For Windows
  16. How To Install Pentest Tools In Ubuntu
  17. Game Hacking
  18. Hacker Tools Apk Download
  19. Hacking Tools For Windows Free Download
  20. Black Hat Hacker Tools
  21. Pentest Tools Open Source
  22. Hacking Tools Github
  23. Hacking Tools Mac
  24. Hacking Tools For Windows 7
  25. Hacker Tools For Pc
  26. Pentest Tools Download
  27. Hacking Tools And Software
  28. Hacker Security Tools
  29. Tools For Hacker
  30. Game Hacking
  31. Hacks And Tools
  32. Pentest Tools Open Source
  33. Hacker Tools Linux
  34. Pentest Tools Kali Linux
  35. Pentest Tools Linux
  36. Pentest Tools Android
  37. Hacking Tools Software
  38. Hacking Tools Software
  39. Hacker Tools For Pc
  40. Hacker Tool Kit
  41. Hacking Tools For Mac
  42. Nsa Hacker Tools
  43. Best Pentesting Tools 2018
  44. Pentest Box Tools Download
  45. Hacker Tools Hardware
  46. Hacking Tools 2019
  47. Pentest Tools Free
  48. Hack Tools For Games
  49. Nsa Hacker Tools
  50. Pentest Tools Android
  51. Hack Tools
  52. Kik Hack Tools
  53. Pentest Tools For Mac
  54. Pentest Recon Tools
  55. Pentest Tools For Ubuntu
  56. Hack Tool Apk
  57. Android Hack Tools Github
  58. Hack Tool Apk No Root
  59. Hacker Tools Linux
  60. Hacker Tools Hardware
  61. Hacking Tools
  62. Hacking Tools Mac
  63. Hacker Tools 2019
  64. Pentest Tools Url Fuzzer
  65. How To Install Pentest Tools In Ubuntu
  66. Pentest Tools Online
  67. Nsa Hack Tools Download
  68. Pentest Tools For Windows
  69. Pentest Tools Android
  70. Pentest Tools Bluekeep
  71. Hack Rom Tools
  72. Hack Tools 2019
  73. Pentest Tools For Android
  74. Hack Tools 2019
  75. Android Hack Tools Github
  76. Pentest Tools Apk
  77. Pentest Tools Linux
  78. Hacking Tools Usb
  79. Wifi Hacker Tools For Windows
  80. Hack Tool Apk
  81. Tools For Hacker
  82. Hacking Apps
  83. Physical Pentest Tools
  84. World No 1 Hacker Software
  85. Hacking App
  86. Hacking Tools Online
  87. Pentest Tools Kali Linux
  88. Pentest Tools For Android
  89. Hacker Tools Github
  90. Pentest Box Tools Download
  91. Hack Tools 2019
  92. Tools Used For Hacking
  93. Hak5 Tools
  94. Nsa Hack Tools Download
  95. Wifi Hacker Tools For Windows
  96. Hackers Toolbox
  97. Pentest Tools Download
  98. Hacking Tools Online
  99. Hack Website Online Tool
  100. Hacking Tools Github
  101. Hack Tools Mac
  102. Hacking Tools For Games
  103. Hacker Security Tools
Posted by at

No comments:

Post a Comment

Subscribe to: Post Comments (Atom)