Κυριακή 21 Ιανουαρίου 2024

Vsftpd Backdoor - Ekoparty Prectf - Amn3S1A Team

It's a 32bits elf binary of some version of vsftpd, where it have been added a backdoor, they don't specify is an authentication backdoor, a special command or other stuff.

I started looking for something weird on the authentication routines, but I didn't found anything significant in a brief period of time, so I decided to do a bindiff, that was the key for locating the backdoor quickly. I do a quick diff of the strings with the command "strings bin | sort -u" and "vimdiff" and noticed that the backdoored binary has the symbol "execl" which is weird because is a call for executing elfs, don't needed for a ftp service, and weird that the compiled binary doesn't has that symbol.





Looking the xrefs of "execl" on IDA I found that code that is a clear backdoor, it create a socket, bind a port and duplicate the stdin, stdout and stderr to the socket and use the execl:



There are one xrefs to this function, the function that decides when trigger that is that kind of systems equations decision:


The backdoor was not on the authentication, it was a special command to trigger the backdoor, which is obfuscated on that systems equation, it was no needed to use a z3 equation solver because is a simple one and I did it by hand.



The equation:
cmd[0] = 69
cmd[1] = 78
cmd[1] + cmd[2] = 154
cmd[2] + cmd[3] = 202
cmd[3] + cmd[4] = 241
cmd[4] + cmd[5] = 233
cmd[5] + cmd[6] = 217
cmd[6] + cmd[7] = 218
cmd[7] + cmd[8] = 228
cmd[8] + cmd[9] = 212
cmd[9] + cmd[10] = 195
cmd[10] + cmd[11] = 195
cmd[11] + cmd[12] = 201
cmd[12] + cmd[13] = 207
cmd[13] + cmd[14] = 203
cmd[14] + cmd[15] = 215
cmd[15] + cmd[16] = 235
cmd[16] + cmd[17] = 242

The solution:
cmd[0] = 69
cmd[1] = 75
cmd[2] = 79
cmd[3] = 123
cmd[4] = 118
cmd[5] = 115
cmd[6] = 102
cmd[7] = 116
cmd[8] = 112
cmd[9] = 100
cmd[10] = 95
cmd[11] = 100
cmd[12] = 101
cmd[13] = 106
cmd[14] = 97                    
cmd[15] = 118
cmd[16] = 117
cmd[17] = 125


The flag:
EKO{vsftpd_dejavu}

The binary:
https://ctf.ekoparty.org/static/pre-ekoparty/backdoor


Related articles
  1. Kik Hack Tools
  2. Hacker Hardware Tools
  3. Pentest Tools List
  4. Hack And Tools
  5. Hacking Tools Github
  6. Pentest Tools List
  7. Pentest Tools For Android
  8. Hacking Tools For Windows 7
  9. Tools 4 Hack
  10. Hack Tools Download
  11. Hacker Tools Hardware
  12. Hacker Tools Github
  13. Pentest Tools Subdomain
  14. Hacking Tools Free Download
  15. Tools Used For Hacking
  16. Pentest Tools Kali Linux
  17. Pentest Tools Review
  18. Hack Tools 2019
  19. Pentest Tools Framework
  20. Hacker Techniques Tools And Incident Handling
  21. Easy Hack Tools
  22. Pentest Tools Android
  23. Hacking Tools Github
  24. Hack Tools For Pc
  25. What Is Hacking Tools
  26. Hacking Tools For Games
  27. Pentest Tools Free
  28. Pentest Box Tools Download
  29. Pentest Tools Tcp Port Scanner
  30. Hack Rom Tools
  31. Top Pentest Tools
  32. Hack App
  33. Hacker Tools Apk Download
  34. Pentest Tools Website Vulnerability
  35. Hacking Tools Usb
  36. Hacker Tools Hardware
  37. Pentest Tools Apk
  38. Hacks And Tools
  39. Hacker Tools Apk
  40. Hack Tools 2019
  41. Github Hacking Tools
  42. Physical Pentest Tools
  43. Hacking Tools For Mac
  44. Tools For Hacker
  45. Hacker Tools Mac
  46. Hacker Tools Hardware
  47. New Hacker Tools
  48. How To Hack
  49. What Are Hacking Tools
  50. New Hack Tools
  51. Hacking Tools Github
  52. Wifi Hacker Tools For Windows
  53. Hack Tools
  54. Hacker Tools Windows
  55. Hacker Tools Apk
  56. Pentest Tools Url Fuzzer
  57. Hacker Search Tools
  58. Hacker Tool Kit
  59. Hacking Tools For Mac
  60. Hacking Tools For Pc
  61. Pentest Tools Bluekeep
  62. Hacking Tools Github
  63. Hack Tools
  64. Hacking Tools Free Download
  65. Hacking Tools For Kali Linux
  66. Pentest Tools For Android
  67. Hacking Tools Download
  68. Hacker Tools For Mac
  69. Hacker Tools Online
  70. Hacker Tools Free Download
  71. Hacker Tools Mac
  72. Pentest Tools Subdomain
  73. How To Hack
  74. Hack App
  75. How To Hack
  76. Hacking Tools Windows
  77. Blackhat Hacker Tools
  78. Hacker Tools For Windows
  79. Hacker Techniques Tools And Incident Handling
  80. Hacking Tools Pc
  81. Hacking Tools And Software
  82. Hacker Tools Online
  83. Top Pentest Tools
  84. New Hack Tools
  85. Best Hacking Tools 2019
  86. Hack Tool Apk No Root
  87. Pentest Automation Tools
  88. Hacker Tools
  89. Hacker Tools
  90. Hacking Tools Pc
  91. Tools For Hacker
  92. Easy Hack Tools
  93. Pentest Reporting Tools
  94. Computer Hacker
  95. Hacking Tools Github
  96. Hacker Tool Kit
  97. Pentest Tools Free
  98. Beginner Hacker Tools
  99. Usb Pentest Tools
  100. Growth Hacker Tools
  101. Hack Tools For Windows
  102. World No 1 Hacker Software
  103. Hacks And Tools
  104. Pentest Tools List
  105. Github Hacking Tools
  106. Blackhat Hacker Tools
  107. Computer Hacker
  108. Hacking Tools 2020
  109. Pentest Tools Alternative
  110. Hack Tools Mac
  111. Hack Tool Apk No Root
  112. Easy Hack Tools
  113. World No 1 Hacker Software
  114. Hacking Tools Pc
  115. Pentest Recon Tools
  116. Hack Tools For Windows
  117. Hack Tools Download
  118. Free Pentest Tools For Windows
  119. Pentest Tools Subdomain
  120. Best Hacking Tools 2019
  121. Hacking Tools Hardware
  122. Hack Rom Tools
Αναρτήθηκε από στις

Δεν υπάρχουν σχόλια:

Δημοσίευση σχολίου

Εγγραφή σε: Σχόλια ανάρτησης (Atom)