viernes, 19 de enero de 2024

Vsftpd Backdoor - Ekoparty Prectf - Amn3S1A Team

It's a 32bits elf binary of some version of vsftpd, where it have been added a backdoor, they don't specify is an authentication backdoor, a special command or other stuff.

I started looking for something weird on the authentication routines, but I didn't found anything significant in a brief period of time, so I decided to do a bindiff, that was the key for locating the backdoor quickly. I do a quick diff of the strings with the command "strings bin | sort -u" and "vimdiff" and noticed that the backdoored binary has the symbol "execl" which is weird because is a call for executing elfs, don't needed for a ftp service, and weird that the compiled binary doesn't has that symbol.





Looking the xrefs of "execl" on IDA I found that code that is a clear backdoor, it create a socket, bind a port and duplicate the stdin, stdout and stderr to the socket and use the execl:



There are one xrefs to this function, the function that decides when trigger that is that kind of systems equations decision:


The backdoor was not on the authentication, it was a special command to trigger the backdoor, which is obfuscated on that systems equation, it was no needed to use a z3 equation solver because is a simple one and I did it by hand.



The equation:
cmd[0] = 69
cmd[1] = 78
cmd[1] + cmd[2] = 154
cmd[2] + cmd[3] = 202
cmd[3] + cmd[4] = 241
cmd[4] + cmd[5] = 233
cmd[5] + cmd[6] = 217
cmd[6] + cmd[7] = 218
cmd[7] + cmd[8] = 228
cmd[8] + cmd[9] = 212
cmd[9] + cmd[10] = 195
cmd[10] + cmd[11] = 195
cmd[11] + cmd[12] = 201
cmd[12] + cmd[13] = 207
cmd[13] + cmd[14] = 203
cmd[14] + cmd[15] = 215
cmd[15] + cmd[16] = 235
cmd[16] + cmd[17] = 242

The solution:
cmd[0] = 69
cmd[1] = 75
cmd[2] = 79
cmd[3] = 123
cmd[4] = 118
cmd[5] = 115
cmd[6] = 102
cmd[7] = 116
cmd[8] = 112
cmd[9] = 100
cmd[10] = 95
cmd[11] = 100
cmd[12] = 101
cmd[13] = 106
cmd[14] = 97                    
cmd[15] = 118
cmd[16] = 117
cmd[17] = 125


The flag:
EKO{vsftpd_dejavu}

The binary:
https://ctf.ekoparty.org/static/pre-ekoparty/backdoor


Related word


  1. Wifi Hacker Tools For Windows
  2. Hacking Apps
  3. Hacker Security Tools
  4. Best Pentesting Tools 2018
  5. Game Hacking
  6. Hack Website Online Tool
  7. Pentest Tools Url Fuzzer
  8. Hacker Techniques Tools And Incident Handling
  9. Hack App
  10. How To Install Pentest Tools In Ubuntu
  11. Hack Rom Tools
  12. Pentest Tools Online
  13. Hacking Tools Windows
  14. Hacks And Tools
  15. Pentest Tools Kali Linux
  16. Usb Pentest Tools
  17. Hacker Security Tools
  18. Hacker Tools Apk
  19. Pentest Tools Windows
  20. Pentest Box Tools Download
  21. Hacking App
  22. Hacker
  23. How To Hack
  24. Hacker Tools 2020
  25. Blackhat Hacker Tools
  26. Pentest Tools For Ubuntu
  27. Hacking Tools For Kali Linux
  28. Pentest Tools Kali Linux
  29. Hacking Tools For Windows
  30. Hacking App
  31. Hacking Tools For Kali Linux
  32. Pentest Tools Apk
  33. Hacker Techniques Tools And Incident Handling
  34. Pentest Tools Alternative
  35. How To Hack
  36. Hack Tools Github
  37. Growth Hacker Tools
  38. Hacker Tools Apk Download
  39. Pentest Tools Free
  40. Hacking Tools 2019
  41. Hacking Tools Windows 10
  42. Hacking Tools For Games
  43. Nsa Hacker Tools
  44. Hack Rom Tools
  45. Hacking Tools Hardware
  46. Pentest Automation Tools
  47. Pentest Tools Website
  48. Hacker Security Tools
  49. Beginner Hacker Tools
  50. Pentest Tools Review
  51. Hacking Tools Name
  52. Hacker Tools For Mac
  53. Hack Tools Github
  54. Hacker Search Tools
  55. Hacking Tools Free Download
  56. Nsa Hack Tools Download
  57. Hack Tools
  58. Hacking Tools For Mac
  59. Hacking Tools For Pc
  60. Pentest Tools Port Scanner
  61. Hacks And Tools
  62. Hacking Tools Name
  63. Hacker Tools 2020
  64. Beginner Hacker Tools
  65. Top Pentest Tools
  66. World No 1 Hacker Software
  67. Bluetooth Hacking Tools Kali
  68. Pentest Tools Website Vulnerability
  69. Hacking Tools Mac
  70. Hacking App
  71. Pentest Tools Review
  72. How To Install Pentest Tools In Ubuntu
  73. Pentest Tools Port Scanner
  74. Pentest Tools For Ubuntu
  75. Hacker Tools List
  76. Android Hack Tools Github
  77. Pentest Tools Kali Linux
  78. Hacker Techniques Tools And Incident Handling
  79. Hack And Tools
  80. Hacker
  81. Pentest Tools Port Scanner
  82. Beginner Hacker Tools
  83. Hacking Tools Github
  84. Pentest Tools For Android
  85. Hacking Tools For Windows 7

No hay comentarios:

Publicar un comentario