Vsftpd Backdoor - Ekoparty Prectf - Amn3S1A Team

It's a 32bits elf binary of some version of vsftpd, where it have been added a backdoor, they don't specify is an authentication backdoor, a special command or other stuff.

I started looking for something weird on the authentication routines, but I didn't found anything significant in a brief period of time, so I decided to do a bindiff, that was the key for locating the backdoor quickly. I do a quick diff of the strings with the command "strings bin | sort -u" and "vimdiff" and noticed that the backdoored binary has the symbol "execl" which is weird because is a call for executing elfs, don't needed for a ftp service, and weird that the compiled binary doesn't has that symbol.

Looking the xrefs of "execl" on IDA I found that code that is a clear backdoor, it create a socket, bind a port and duplicate the stdin, stdout and stderr to the socket and use the execl:

There are one xrefs to this function, the function that decides when trigger that is that kind of systems equations decision:

The backdoor was not on the authentication, it was a special command to trigger the backdoor, which is obfuscated on that systems equation, it was no needed to use a z3 equation solver because is a simple one and I did it by hand.

The equation:

cmd[0] = 69

cmd[1] = 78

cmd[1] + cmd[2] = 154

cmd[2] + cmd[3] = 202

cmd[3] + cmd[4] = 241

cmd[4] + cmd[5] = 233

cmd[5] + cmd[6] = 217

cmd[6] + cmd[7] = 218

cmd[7] + cmd[8] = 228

cmd[8] + cmd[9] = 212

cmd[9] + cmd[10] = 195

cmd[10] + cmd[11] = 195

cmd[11] + cmd[12] = 201

cmd[12] + cmd[13] = 207

cmd[13] + cmd[14] = 203

cmd[14] + cmd[15] = 215

cmd[15] + cmd[16] = 235

cmd[16] + cmd[17] = 242

The solution:

cmd[0] = 69

cmd[1] = 75

cmd[2] = 79

cmd[3] = 123

cmd[4] = 118

cmd[5] = 115

cmd[6] = 102

cmd[7] = 116

cmd[8] = 112

cmd[9] = 100

cmd[10] = 95

cmd[11] = 100

cmd[12] = 101

cmd[13] = 106

cmd[14] = 97                    

cmd[15] = 118

cmd[16] = 117

cmd[17] = 125

The flag:

EKO{vsftpd_dejavu}

The binary:
https://ctf.ekoparty.org/static/pre-ekoparty/backdoor

Related word

1. Wifi Hacker Tools For Windows
2. Hacking Apps
3. Hacker Security Tools
4. Best Pentesting Tools 2018
5. Game Hacking
6. Hack Website Online Tool
7. Pentest Tools Url Fuzzer
8. Hacker Techniques Tools And Incident Handling
9. Hack App
10. How To Install Pentest Tools In Ubuntu
11. Hack Rom Tools
12. Pentest Tools Online
13. Hacking Tools Windows
14. Hacks And Tools
15. Pentest Tools Kali Linux
16. Usb Pentest Tools
17. Hacker Security Tools
18. Hacker Tools Apk
19. Pentest Tools Windows
20. Pentest Box Tools Download
21. Hacking App
22. Hacker
23. How To Hack
24. Hacker Tools 2020
25. Blackhat Hacker Tools
26. Pentest Tools For Ubuntu
27. Hacking Tools For Kali Linux
28. Pentest Tools Kali Linux
29. Hacking Tools For Windows
30. Hacking App
31. Hacking Tools For Kali Linux
32. Pentest Tools Apk
33. Hacker Techniques Tools And Incident Handling
34. Pentest Tools Alternative
35. How To Hack
36. Hack Tools Github
37. Growth Hacker Tools
38. Hacker Tools Apk Download
39. Pentest Tools Free
40. Hacking Tools 2019
41. Hacking Tools Windows 10
42. Hacking Tools For Games
43. Nsa Hacker Tools
44. Hack Rom Tools
45. Hacking Tools Hardware
46. Pentest Automation Tools
47. Pentest Tools Website
48. Hacker Security Tools
49. Beginner Hacker Tools
50. Pentest Tools Review
51. Hacking Tools Name
52. Hacker Tools For Mac
53. Hack Tools Github
54. Hacker Search Tools
55. Hacking Tools Free Download
56. Nsa Hack Tools Download
57. Hack Tools
58. Hacking Tools For Mac
59. Hacking Tools For Pc
60. Pentest Tools Port Scanner
61. Hacks And Tools
62. Hacking Tools Name
63. Hacker Tools 2020
64. Beginner Hacker Tools
65. Top Pentest Tools
66. World No 1 Hacker Software
67. Bluetooth Hacking Tools Kali
68. Pentest Tools Website Vulnerability
69. Hacking Tools Mac
70. Hacking App
71. Pentest Tools Review
72. How To Install Pentest Tools In Ubuntu
73. Pentest Tools Port Scanner
74. Pentest Tools For Ubuntu
75. Hacker Tools List
76. Android Hack Tools Github
77. Pentest Tools Kali Linux
78. Hacker Techniques Tools And Incident Handling
79. Hack And Tools
80. Hacker
81. Pentest Tools Port Scanner
82. Beginner Hacker Tools
83. Hacking Tools Github
84. Pentest Tools For Android
85. Hacking Tools For Windows 7