Menu
 
» »Unlabelled » Vsftpd Backdoor - Ekoparty Prectf - Amn3S1A Team

A+ A-
It's a 32bits elf binary of some version of vsftpd, where it have been added a backdoor, they don't specify is an authentication backdoor, a special command or other stuff.

I started looking for something weird on the authentication routines, but I didn't found anything significant in a brief period of time, so I decided to do a bindiff, that was the key for locating the backdoor quickly. I do a quick diff of the strings with the command "strings bin | sort -u" and "vimdiff" and noticed that the backdoored binary has the symbol "execl" which is weird because is a call for executing elfs, don't needed for a ftp service, and weird that the compiled binary doesn't has that symbol.





Looking the xrefs of "execl" on IDA I found that code that is a clear backdoor, it create a socket, bind a port and duplicate the stdin, stdout and stderr to the socket and use the execl:



There are one xrefs to this function, the function that decides when trigger that is that kind of systems equations decision:


The backdoor was not on the authentication, it was a special command to trigger the backdoor, which is obfuscated on that systems equation, it was no needed to use a z3 equation solver because is a simple one and I did it by hand.



The equation:
cmd[0] = 69
cmd[1] = 78
cmd[1] + cmd[2] = 154
cmd[2] + cmd[3] = 202
cmd[3] + cmd[4] = 241
cmd[4] + cmd[5] = 233
cmd[5] + cmd[6] = 217
cmd[6] + cmd[7] = 218
cmd[7] + cmd[8] = 228
cmd[8] + cmd[9] = 212
cmd[9] + cmd[10] = 195
cmd[10] + cmd[11] = 195
cmd[11] + cmd[12] = 201
cmd[12] + cmd[13] = 207
cmd[13] + cmd[14] = 203
cmd[14] + cmd[15] = 215
cmd[15] + cmd[16] = 235
cmd[16] + cmd[17] = 242

The solution:
cmd[0] = 69
cmd[1] = 75
cmd[2] = 79
cmd[3] = 123
cmd[4] = 118
cmd[5] = 115
cmd[6] = 102
cmd[7] = 116
cmd[8] = 112
cmd[9] = 100
cmd[10] = 95
cmd[11] = 100
cmd[12] = 101
cmd[13] = 106
cmd[14] = 97                    
cmd[15] = 118
cmd[16] = 117
cmd[17] = 125


The flag:
EKO{vsftpd_dejavu}

The binary:
https://ctf.ekoparty.org/static/pre-ekoparty/backdoor


Related word

  1. Hack Tool Apk
  2. Hack Apps
  3. Hacking Tools Mac
  4. Pentest Recon Tools
  5. Hacking Tools For Pc
  6. Hacker Tools Online
  7. Hacking Apps
  8. Hacker Tools For Mac
  9. Hack Tools
  10. World No 1 Hacker Software
  11. Hack Tools
  12. Hack And Tools
  13. Hacking Tools 2019
  14. Kik Hack Tools
  15. Pentest Tools Review
  16. Nsa Hack Tools
  17. Hack Website Online Tool
  18. Hacks And Tools
  19. Hacking App
  20. Bluetooth Hacking Tools Kali
  21. Physical Pentest Tools
  22. Hacker
  23. Pentest Tools For Mac
  24. Hack Tools Mac
  25. Hacker Tools For Pc
  26. Hacker Tools For Ios
  27. Hacking Tools And Software
  28. Hacking Tools Windows
  29. Hacker Tools Online
  30. Hacker Tools Github
  31. Hack Tools Github
  32. Tools 4 Hack
  33. Pentest Tools Website
  34. Pentest Tools Apk
  35. Hacking Tools 2019
  36. Ethical Hacker Tools
  37. Hacking Apps
  38. Hacker Security Tools
  39. Hak5 Tools
  40. Hacking Tools Kit
  41. Pentest Tools Nmap
  42. Hack App
  43. Free Pentest Tools For Windows
  44. Pentest Tools Website
  45. Hacking Tools Free Download
  46. Pentest Tools Website Vulnerability
  47. Black Hat Hacker Tools
  48. Nsa Hack Tools
  49. Pentest Automation Tools
  50. Pentest Tools Alternative
  51. Hacking Tools Name
  52. Hacker Tools 2020
  53. Hacker Tools 2019
  54. Best Hacking Tools 2019
  55. Hacking Tools Windows
  56. Pentest Reporting Tools
  57. Hacker Tools Linux
  58. Hackers Toolbox
  59. Github Hacking Tools
  60. Pentest Recon Tools
  61. Hacker Search Tools
  62. Pentest Tools Apk
  63. Tools 4 Hack
  64. Hacking Tools Usb
  65. Hack Tools
  66. Hacker Tools Mac
  67. Pentest Box Tools Download
  68. Physical Pentest Tools
  69. Hacks And Tools
  70. Hacking Tools Windows
  71. Hacker Tools Apk
  72. Hacker Tools For Windows
  73. Termux Hacking Tools 2019
  74. Pentest Tools Download
  75. Hacker Tools Apk Download
  76. Pentest Tools Bluekeep
  77. Pentest Tools Open Source
  78. Hack Tools For Windows
  79. Hacker Tools Linux
  80. Hack Tools Mac
  81. Ethical Hacker Tools
  82. Hack Tools 2019
  83. Hack Tools For Mac
  84. Hack Tools Download
  85. Hacking Tools
  86. Pentest Recon Tools
  87. How To Hack
  88. Hacker Tool Kit
  89. Hacking Tools Hardware
  90. Hacker Tools Free Download
  91. Hacking Tools For Windows 7
  92. Pentest Tools Alternative
  93. Hacking Tools For Games
  94. Computer Hacker
  95. Pentest Tools Github
  96. Wifi Hacker Tools For Windows
  97. Hack Tools
  98. Hack Tools Github
  99. Kik Hack Tools
  100. What Is Hacking Tools
  101. Hacker Tools Software
  102. Pentest Tools Apk
  103. Hacking Tools
  104. Nsa Hacker Tools
  105. Hacker Tools For Pc
  106. Pentest Tools Apk
  107. Hack Tools
  108. Pentest Tools Review
  109. Pentest Tools Github
  110. Hacking Tools
  111. Hacker Tools For Windows
  112. Pentest Automation Tools
  113. Hack Tools Github
  114. Android Hack Tools Github
  115. Hacker Tools Online
  116. Pentest Tools
  117. Hack Tools For Windows
  118. Pentest Tools Review
  119. Hack App
  120. Hack Tools Download
  121. Pentest Tools Android
  122. Best Hacking Tools 2019
  123. Pentest Tools Free
  124. Black Hat Hacker Tools
  125. Pentest Tools Bluekeep
  126. Pentest Tools Review
  127. Pentest Tools Website Vulnerability
  128. Hacker Tools Apk Download
  129. Hacking Tools Usb
  130. Termux Hacking Tools 2019
  131. Hacking Tools 2019
  132. Hacking Tools For Windows Free Download
  133. Pentest Tools Framework
  134. Pentest Tools For Ubuntu
  135. Pentest Recon Tools
  136. Hacking Tools Windows
  137. Ethical Hacker Tools
  138. Ethical Hacker Tools
  139. Nsa Hack Tools Download
  140. Nsa Hack Tools
  141. Hacker Tools 2020
  142. Android Hack Tools Github
di 05.54

Posting Komentar

Langganan: Posting Komentar (Atom)
 
Top