Vsftpd Backdoor - Ekoparty Prectf - Amn3S1A Team

Posted in 7:52 PM
It's a 32bits elf binary of some version of vsftpd, where it have been added a backdoor, they don't specify is an authentication backdoor, a special command or other stuff.

I started looking for something weird on the authentication routines, but I didn't found anything significant in a brief period of time, so I decided to do a bindiff, that was the key for locating the backdoor quickly. I do a quick diff of the strings with the command "strings bin | sort -u" and "vimdiff" and noticed that the backdoored binary has the symbol "execl" which is weird because is a call for executing elfs, don't needed for a ftp service, and weird that the compiled binary doesn't has that symbol.





Looking the xrefs of "execl" on IDA I found that code that is a clear backdoor, it create a socket, bind a port and duplicate the stdin, stdout and stderr to the socket and use the execl:



There are one xrefs to this function, the function that decides when trigger that is that kind of systems equations decision:


The backdoor was not on the authentication, it was a special command to trigger the backdoor, which is obfuscated on that systems equation, it was no needed to use a z3 equation solver because is a simple one and I did it by hand.



The equation:
cmd[0] = 69
cmd[1] = 78
cmd[1] + cmd[2] = 154
cmd[2] + cmd[3] = 202
cmd[3] + cmd[4] = 241
cmd[4] + cmd[5] = 233
cmd[5] + cmd[6] = 217
cmd[6] + cmd[7] = 218
cmd[7] + cmd[8] = 228
cmd[8] + cmd[9] = 212
cmd[9] + cmd[10] = 195
cmd[10] + cmd[11] = 195
cmd[11] + cmd[12] = 201
cmd[12] + cmd[13] = 207
cmd[13] + cmd[14] = 203
cmd[14] + cmd[15] = 215
cmd[15] + cmd[16] = 235
cmd[16] + cmd[17] = 242

The solution:
cmd[0] = 69
cmd[1] = 75
cmd[2] = 79
cmd[3] = 123
cmd[4] = 118
cmd[5] = 115
cmd[6] = 102
cmd[7] = 116
cmd[8] = 112
cmd[9] = 100
cmd[10] = 95
cmd[11] = 100
cmd[12] = 101
cmd[13] = 106
cmd[14] = 97                    
cmd[15] = 118
cmd[16] = 117
cmd[17] = 125


The flag:
EKO{vsftpd_dejavu}

The binary:
https://ctf.ekoparty.org/static/pre-ekoparty/backdoor


Read more
  1. Pentest Box Tools Download
  2. Pentest Tools Android
  3. Pentest Tools Open Source
  4. Hacker Tools Apk Download
  5. Nsa Hack Tools Download
  6. Hacking Tools For Games
  7. Pentest Tools Subdomain
  8. Pentest Tools Download
  9. Hacker Tools Online
  10. Pentest Tools Website
  11. Pentest Tools Kali Linux
  12. Pentest Tools Download
  13. Pentest Tools Online
  14. Hacking Tools For Windows Free Download
  15. Hacker Tool Kit
  16. Pentest Tools Url Fuzzer
  17. Hack Tools 2019
  18. Hacker Tool Kit
  19. Beginner Hacker Tools
  20. Usb Pentest Tools
  21. Hack And Tools
  22. What Is Hacking Tools
  23. Pentest Tools Url Fuzzer
  24. Termux Hacking Tools 2019
  25. Pentest Tools Website Vulnerability
  26. Hacker Tools Windows
  27. New Hacker Tools
  28. Hack Apps
  29. Hacking Tools Free Download
  30. Best Pentesting Tools 2018
  31. Termux Hacking Tools 2019
  32. Pentest Tools Port Scanner
  33. Hack Tools Download
  34. Hacker Tools 2019
  35. Pentest Tools Nmap
  36. Nsa Hack Tools
  37. Pentest Tools For Windows
  38. Hacker Tools Online
  39. Hacking Tools 2020
  40. Pentest Tools For Mac
  41. Pentest Tools Review
  42. Hacker Tools Github
  43. Github Hacking Tools
  44. Hacker Tools Github
  45. Hak5 Tools
  46. Hack App
  47. World No 1 Hacker Software
  48. Hack Apps
  49. Hacker Tools Software
  50. Pentest Tools Online
  51. Hacking Tools 2020
  52. Hak5 Tools
  53. Hacking Tools Pc
  54. Pentest Tools Free
  55. What Is Hacking Tools
  56. Hacker Tools Software
  57. Hacking Tools 2020
  58. Beginner Hacker Tools
  59. Hacker
  60. Android Hack Tools Github
  61. Easy Hack Tools
  62. Tools For Hacker
  63. Hacking Tools For Beginners
  64. Pentest Recon Tools
  65. Best Hacking Tools 2020
  66. Beginner Hacker Tools
  67. Hacker Hardware Tools
  68. Pentest Tools Open Source
  69. Wifi Hacker Tools For Windows
  70. Hacker Security Tools
  71. Beginner Hacker Tools
  72. Hacker Tools For Pc
  73. Pentest Tools
  74. Nsa Hack Tools Download
  75. Hack Tools For Ubuntu
  76. Hack Tools Pc
  77. Hacking Tools 2019
  78. Hacker Tools Free
  79. Hacking Apps
  80. Tools 4 Hack
  81. Kik Hack Tools
  82. Hacker Techniques Tools And Incident Handling
  83. Hacking Tools Online
  84. Hacker Tools Online
  85. Hacker Tools Linux
  86. Hack Tools Github
  87. Hack Tools For Mac
  88. Pentest Tools Port Scanner
  89. Hacking Tools Mac
  90. Pentest Tools Review
  91. Computer Hacker
  92. Hack Tools Pc
  93. Hack Tools 2019
  94. Best Hacking Tools 2019
  95. Hacking Tools For Pc
  96. Hacker Tools Apk Download
  97. Nsa Hacker Tools
  98. Black Hat Hacker Tools
  99. Pentest Tools Review
  100. Hack Website Online Tool
  101. Pentest Tools
  102. Pentest Tools Url Fuzzer
  103. Pentest Tools Github
  104. Hack Tools Online
  105. Hack Tools
  106. Hacker Tools Linux
  107. Hacking Tools Usb
  108. Hacking Tools Windows 10
  109. Underground Hacker Sites
  110. Hacking Tools Pc
  111. Tools 4 Hack
  112. Ethical Hacker Tools
  113. Hack App
  114. Hacker Security Tools
  115. Hackers Toolbox
  116. Hacker Tools For Pc
  117. Hacking Tools For Windows
  118. Hak5 Tools
  119. Pentest Tools Windows
  120. Pentest Tools Nmap
  121. Hacker Tools For Ios
  122. Pentest Tools Bluekeep
  123. Hack Apps
  124. Hack Tools For Mac
  125. Hacking Tools Kit
  126. Pentest Tools Bluekeep
  127. Pentest Tools For Ubuntu
  128. Hacker Tools
  129. Nsa Hack Tools
  130. Hacker Tools For Mac
  131. Bluetooth Hacking Tools Kali
  • Digg
  • Del.icio.us
  • StumbleUpon
  • Reddit
  • Twitter
  • RSS
Read Users' Comments (0)

0 Response to "Vsftpd Backdoor - Ekoparty Prectf - Amn3S1A Team"

Post a Comment

Subscribe to: Post Comments (Atom)
Copyright 2009 http://www.letstreamyx.net