Jumat, 19 Januari 2024

Vsftpd Backdoor - Ekoparty Prectf - Amn3S1A Team

It's a 32bits elf binary of some version of vsftpd, where it have been added a backdoor, they don't specify is an authentication backdoor, a special command or other stuff.

I started looking for something weird on the authentication routines, but I didn't found anything significant in a brief period of time, so I decided to do a bindiff, that was the key for locating the backdoor quickly. I do a quick diff of the strings with the command "strings bin | sort -u" and "vimdiff" and noticed that the backdoored binary has the symbol "execl" which is weird because is a call for executing elfs, don't needed for a ftp service, and weird that the compiled binary doesn't has that symbol.





Looking the xrefs of "execl" on IDA I found that code that is a clear backdoor, it create a socket, bind a port and duplicate the stdin, stdout and stderr to the socket and use the execl:



There are one xrefs to this function, the function that decides when trigger that is that kind of systems equations decision:


The backdoor was not on the authentication, it was a special command to trigger the backdoor, which is obfuscated on that systems equation, it was no needed to use a z3 equation solver because is a simple one and I did it by hand.



The equation:
cmd[0] = 69
cmd[1] = 78
cmd[1] + cmd[2] = 154
cmd[2] + cmd[3] = 202
cmd[3] + cmd[4] = 241
cmd[4] + cmd[5] = 233
cmd[5] + cmd[6] = 217
cmd[6] + cmd[7] = 218
cmd[7] + cmd[8] = 228
cmd[8] + cmd[9] = 212
cmd[9] + cmd[10] = 195
cmd[10] + cmd[11] = 195
cmd[11] + cmd[12] = 201
cmd[12] + cmd[13] = 207
cmd[13] + cmd[14] = 203
cmd[14] + cmd[15] = 215
cmd[15] + cmd[16] = 235
cmd[16] + cmd[17] = 242

The solution:
cmd[0] = 69
cmd[1] = 75
cmd[2] = 79
cmd[3] = 123
cmd[4] = 118
cmd[5] = 115
cmd[6] = 102
cmd[7] = 116
cmd[8] = 112
cmd[9] = 100
cmd[10] = 95
cmd[11] = 100
cmd[12] = 101
cmd[13] = 106
cmd[14] = 97                    
cmd[15] = 118
cmd[16] = 117
cmd[17] = 125


The flag:
EKO{vsftpd_dejavu}

The binary:
https://ctf.ekoparty.org/static/pre-ekoparty/backdoor


More information

  1. Hacking Apps
  2. Hack Tools For Ubuntu
  3. Nsa Hack Tools
  4. Pentest Tools Apk
  5. Blackhat Hacker Tools
  6. Hacking Tools Download
  7. Hacker Tools Apk Download
  8. Hacking Tools Kit
  9. Pentest Tools Subdomain
  10. Beginner Hacker Tools
  11. How To Hack
  12. What Are Hacking Tools
  13. What Are Hacking Tools
  14. Hacker Tools Github
  15. How To Hack
  16. Pentest Tools Download
  17. Hacking Tools For Games
  18. Pentest Tools Free
  19. Easy Hack Tools
  20. Best Pentesting Tools 2018
  21. Hacking Tools For Windows
  22. Hacking Tools For Windows 7
  23. Pentest Recon Tools
  24. How To Make Hacking Tools
  25. Hacking Tools Hardware
  26. Hacking Tools And Software
  27. Pentest Tools Apk
  28. Hack Tools For Ubuntu
  29. Hack Tools
  30. Pentest Tools List
  31. Pentest Tools Port Scanner
  32. Hacking Tools For Pc
  33. Hacker Tools Software
  34. Hacking Tools
  35. Pentest Tools Download
  36. Pentest Tools Alternative
  37. Hacking Tools For Mac
  38. Hack Tools
  39. Bluetooth Hacking Tools Kali
  40. Hacking Tools 2019
  41. Pentest Tools Bluekeep
  42. Hacker Tools Hardware
  43. Hacker Tools For Ios
  44. Easy Hack Tools
  45. Hacker Tools Hardware
  46. Hacker Tools Mac
  47. Tools For Hacker
  48. Hackrf Tools
  49. Hack Tools For Windows
  50. Hacker Tools Apk
  51. How To Install Pentest Tools In Ubuntu
  52. Pentest Tools Website Vulnerability
  53. Pentest Tools For Android
  54. Hacker Tools Online
  55. Blackhat Hacker Tools
  56. Hacker Search Tools
  57. Tools Used For Hacking
  58. Hacking Tools For Windows 7
  59. Pentest Tools Subdomain
  60. Hacking Tools Hardware
  61. Pentest Tools For Android
  62. Hacking Apps
  63. Nsa Hacker Tools
  64. New Hack Tools
  65. Hack Tools Pc
  66. Hacker Hardware Tools
  67. Pentest Tools For Ubuntu
  68. Pentest Tools Free
  69. Hacker Tools Hardware
  70. Pentest Automation Tools
  71. Hack App
  72. Pentest Tools Website Vulnerability
  73. Hacking Tools Pc
  74. Bluetooth Hacking Tools Kali
  75. Hacker Tool Kit
  76. Easy Hack Tools
  77. Hacker Tools For Windows
  78. Hacking Tools For Windows 7
  79. Pentest Tools For Ubuntu
  80. Pentest Tools Framework
  81. Hacker Tool Kit
  82. Pentest Tools Download
  83. Nsa Hack Tools Download
  84. Hacking Tools For Windows Free Download
  85. Hacker Tools Apk
  86. Pentest Tools For Mac
  87. Pentest Tools Kali Linux
  88. Pentest Tools Open Source
  89. Hacking Tools And Software
  90. Pentest Tools Android
  91. Hackers Toolbox
  92. Pentest Tools Subdomain
  93. Hacking App
  94. Blackhat Hacker Tools
  95. Hacker Tools Software
  96. Hacker Tools List
  97. Top Pentest Tools
  98. Hacker Tools
  99. Pentest Tools For Windows
  100. Hacking Tools For Mac
  101. Kik Hack Tools
  102. Growth Hacker Tools
  103. Pentest Tools Review
Diposting oleh Beranda di 19.20

Tidak ada komentar:

Posting Komentar

Langganan: Posting Komentar (Atom)