Buscar

Vsftpd Backdoor - Ekoparty Prectf - Amn3S1A Team

quinta-feira, 18 de janeiro de 2024

It's a 32bits elf binary of some version of vsftpd, where it have been added a backdoor, they don't specify is an authentication backdoor, a special command or other stuff.

I started looking for something weird on the authentication routines, but I didn't found anything significant in a brief period of time, so I decided to do a bindiff, that was the key for locating the backdoor quickly. I do a quick diff of the strings with the command "strings bin | sort -u" and "vimdiff" and noticed that the backdoored binary has the symbol "execl" which is weird because is a call for executing elfs, don't needed for a ftp service, and weird that the compiled binary doesn't has that symbol.





Looking the xrefs of "execl" on IDA I found that code that is a clear backdoor, it create a socket, bind a port and duplicate the stdin, stdout and stderr to the socket and use the execl:



There are one xrefs to this function, the function that decides when trigger that is that kind of systems equations decision:


The backdoor was not on the authentication, it was a special command to trigger the backdoor, which is obfuscated on that systems equation, it was no needed to use a z3 equation solver because is a simple one and I did it by hand.



The equation:
cmd[0] = 69
cmd[1] = 78
cmd[1] + cmd[2] = 154
cmd[2] + cmd[3] = 202
cmd[3] + cmd[4] = 241
cmd[4] + cmd[5] = 233
cmd[5] + cmd[6] = 217
cmd[6] + cmd[7] = 218
cmd[7] + cmd[8] = 228
cmd[8] + cmd[9] = 212
cmd[9] + cmd[10] = 195
cmd[10] + cmd[11] = 195
cmd[11] + cmd[12] = 201
cmd[12] + cmd[13] = 207
cmd[13] + cmd[14] = 203
cmd[14] + cmd[15] = 215
cmd[15] + cmd[16] = 235
cmd[16] + cmd[17] = 242

The solution:
cmd[0] = 69
cmd[1] = 75
cmd[2] = 79
cmd[3] = 123
cmd[4] = 118
cmd[5] = 115
cmd[6] = 102
cmd[7] = 116
cmd[8] = 112
cmd[9] = 100
cmd[10] = 95
cmd[11] = 100
cmd[12] = 101
cmd[13] = 106
cmd[14] = 97                    
cmd[15] = 118
cmd[16] = 117
cmd[17] = 125


The flag:
EKO{vsftpd_dejavu}

The binary:
https://ctf.ekoparty.org/static/pre-ekoparty/backdoor


More information
  1. Hacking Tools For Windows
  2. Hacking Tools Download
  3. Hak5 Tools
  4. Game Hacking
  5. Hacking Tools For Kali Linux
  6. Hack Tools For Windows
  7. Hack Tool Apk
  8. Hacker Tools Github
  9. How To Make Hacking Tools
  10. Hak5 Tools
  11. Hacking Tools For Pc
  12. Hacking Tools Mac
  13. Pentest Tools Download
  14. Hacker Security Tools
  15. Hacker Tools Hardware
  16. Hacking App
  17. Hacker Tools Github
  18. Hack Tools For Mac
  19. Hacking Tools Download
  20. World No 1 Hacker Software
  21. Pentest Tools Nmap
  22. Hack Tools For Windows
  23. Wifi Hacker Tools For Windows
  24. Kik Hack Tools
  25. Hacker Search Tools
  26. Hacker Tools Apk
  27. What Are Hacking Tools
  28. Install Pentest Tools Ubuntu
  29. Beginner Hacker Tools
  30. Pentest Tools
  31. Best Pentesting Tools 2018
  32. Hack Tools Github
  33. Pentest Tools For Mac
  34. Tools 4 Hack
  35. Hack Tools Download
  36. Hacking Tools And Software
  37. Underground Hacker Sites
  38. Hack Tools Pc
  39. Best Pentesting Tools 2018
  40. Pentest Tools Website
  41. Hacker Tools Apk Download
  42. Best Hacking Tools 2020
  43. Hack Tools Pc
  44. Best Pentesting Tools 2018
  45. Hacker Hardware Tools
  46. Pentest Recon Tools
  47. Hacking Tools 2020
  48. Hacking Tools Hardware
  49. Pentest Tools Android
  50. Hak5 Tools
  51. Best Hacking Tools 2020
  52. Hacker Security Tools
  53. Hack Website Online Tool
  54. Pentest Tools Review
  55. Hacker Hardware Tools
  56. Top Pentest Tools
  57. Hacking Tools For Windows
  58. Wifi Hacker Tools For Windows
  59. What Are Hacking Tools
  60. Pentest Tools Open Source
  61. Hack Tools Pc
  62. Hacking Tools For Games
  63. Hacking Tools And Software
  64. How To Install Pentest Tools In Ubuntu
  65. Android Hack Tools Github
  66. Hacking Tools Windows 10
  67. Pentest Tools Bluekeep
  68. Hacking Tools Usb
  69. Hacker Hardware Tools
  70. Hacker Tools Windows
  71. Usb Pentest Tools
  72. Hacking Tools And Software
  73. Hacking Tools Windows
  74. Hacker Tools List
  75. Pentest Tools Kali Linux
  76. Hacking Tools Software
  77. Hack Tools Pc
  78. Hacking Tools Usb
  79. Hacking Tools For Beginners
  80. Tools Used For Hacking
  81. Hacking Tools For Kali Linux
  82. Pentest Tools Website Vulnerability
  83. Hacker Tools
  84. How To Hack
  85. Hacking Tools Pc
  86. Pentest Tools List
  87. Pentest Tools Website Vulnerability
  88. Hacking Tools 2020
  89. Hacker Tools For Windows
  90. Pentest Tools Port Scanner
  91. Hack Tools For Mac
  92. Hack Tool Apk No Root
  93. How To Install Pentest Tools In Ubuntu
  94. Hacker Security Tools
  95. Ethical Hacker Tools
  96. Hacking Tools For Games
  97. Hack Tools Download
  98. Hacking Tools For Mac
  99. Pentest Tools Android
  100. Best Pentesting Tools 2018
  101. Pentest Reporting Tools
  102. Hacking Tools For Pc

Postado as 21:48  

0 comentários:

Postar um comentário

Assinar: Postar comentários (Atom)