domingo, mayo 28, 2023

Vsftpd Backdoor - Ekoparty Prectf - Amn3S1A Team

It's a 32bits elf binary of some version of vsftpd, where it have been added a backdoor, they don't specify is an authentication backdoor, a special command or other stuff.

I started looking for something weird on the authentication routines, but I didn't found anything significant in a brief period of time, so I decided to do a bindiff, that was the key for locating the backdoor quickly. I do a quick diff of the strings with the command "strings bin | sort -u" and "vimdiff" and noticed that the backdoored binary has the symbol "execl" which is weird because is a call for executing elfs, don't needed for a ftp service, and weird that the compiled binary doesn't has that symbol.





Looking the xrefs of "execl" on IDA I found that code that is a clear backdoor, it create a socket, bind a port and duplicate the stdin, stdout and stderr to the socket and use the execl:



There are one xrefs to this function, the function that decides when trigger that is that kind of systems equations decision:


The backdoor was not on the authentication, it was a special command to trigger the backdoor, which is obfuscated on that systems equation, it was no needed to use a z3 equation solver because is a simple one and I did it by hand.



The equation:
cmd[0] = 69
cmd[1] = 78
cmd[1] + cmd[2] = 154
cmd[2] + cmd[3] = 202
cmd[3] + cmd[4] = 241
cmd[4] + cmd[5] = 233
cmd[5] + cmd[6] = 217
cmd[6] + cmd[7] = 218
cmd[7] + cmd[8] = 228
cmd[8] + cmd[9] = 212
cmd[9] + cmd[10] = 195
cmd[10] + cmd[11] = 195
cmd[11] + cmd[12] = 201
cmd[12] + cmd[13] = 207
cmd[13] + cmd[14] = 203
cmd[14] + cmd[15] = 215
cmd[15] + cmd[16] = 235
cmd[16] + cmd[17] = 242

The solution:
cmd[0] = 69
cmd[1] = 75
cmd[2] = 79
cmd[3] = 123
cmd[4] = 118
cmd[5] = 115
cmd[6] = 102
cmd[7] = 116
cmd[8] = 112
cmd[9] = 100
cmd[10] = 95
cmd[11] = 100
cmd[12] = 101
cmd[13] = 106
cmd[14] = 97                    
cmd[15] = 118
cmd[16] = 117
cmd[17] = 125


The flag:
EKO{vsftpd_dejavu}

The binary:
https://ctf.ekoparty.org/static/pre-ekoparty/backdoor


Read more

  1. Hack Tools For Ubuntu
  2. Computer Hacker
  3. Pentest Tools Github
  4. Hacking Tools Github
  5. Hacking Tools Pc
  6. Pentest Tools Apk
  7. Hacking Tools Windows 10
  8. Hacking Tools For Pc
  9. What Are Hacking Tools
  10. Hacking Tools Download
  11. Hacking Tools For Kali Linux
  12. Android Hack Tools Github
  13. Hack Tools Github
  14. Hacking Tools For Kali Linux
  15. Pentest Tools List
  16. Hacker Tools Software
  17. What Is Hacking Tools
  18. Hacker Tools For Windows
  19. Pentest Tools Kali Linux
  20. Hacking Tools For Windows Free Download
  21. Pentest Tools Android
  22. Hack And Tools
  23. Pentest Tools Kali Linux
  24. Best Hacking Tools 2019
  25. Best Hacking Tools 2019
  26. Hacker Tool Kit
  27. Hacking Tools
  28. Pentest Tools Port Scanner
  29. Growth Hacker Tools
  30. Nsa Hacker Tools
  31. Physical Pentest Tools
  32. Hack Tools
  33. Pentest Tools For Ubuntu
  34. Pentest Tools List
  35. Tools 4 Hack
  36. Pentest Tools Bluekeep
  37. Underground Hacker Sites
  38. Beginner Hacker Tools
  39. Hacker Techniques Tools And Incident Handling
  40. Hacking Tools For Pc
  41. Pentest Tools Github
  42. Hacker
  43. Hacker Techniques Tools And Incident Handling
  44. Hacking Tools Mac
  45. Hacking Tools For Kali Linux
  46. Hacker Tools For Mac
  47. Pentest Tools Find Subdomains
  48. Hack Tools For Ubuntu
  49. Pentest Tools Website Vulnerability
  50. Hacker Tools Software
  51. Hack And Tools
  52. Pentest Box Tools Download
  53. Physical Pentest Tools
  54. Hacker Tools Hardware
  55. Hack Website Online Tool
  56. Pentest Tools For Windows
  57. Hack Tools Github
  58. Pentest Tools For Mac
  59. Growth Hacker Tools
  60. What Is Hacking Tools
  61. Pentest Tools Website Vulnerability
  62. Hack Tools For Games
  63. Free Pentest Tools For Windows
  64. Pentest Tools Windows
  65. Hack Tools Github
  66. Hacker Security Tools
  67. Hacking App
  68. Hacker Techniques Tools And Incident Handling
  69. Hack Tools
  70. Hack Rom Tools
  71. Hacker Tools 2020
  72. Best Hacking Tools 2020
  73. New Hacker Tools
  74. Pentest Automation Tools
  75. Hacking Tools Usb
  76. How To Hack
  77. Hacker Security Tools
  78. Pentest Tools For Ubuntu
  79. Tools 4 Hack
  80. Top Pentest Tools
  81. Hacker Tools 2019
  82. Hacker
  83. Hack Apps
  84. Hacking Tools For Pc
  85. Hacker Tools Free Download
  86. Hacking Tools Windows
  87. Hacking Tools
  88. Best Hacking Tools 2019
  89. Github Hacking Tools
  90. Pentest Tools For Android
  91. Hacking Tools For Windows
  92. Android Hack Tools Github
  93. Pentest Tools Apk
  94. Hack Tools For Windows
  95. Hacking Tools For Mac
  96. Pentest Tools Kali Linux
  97. Hack Tools Pc
  98. Hacker Tools For Mac
  99. Hacking Tools For Beginners
  100. Growth Hacker Tools
  101. Kik Hack Tools
  102. Hacker Tools Apk
  103. Hacking Tools For Beginners
  104. Blackhat Hacker Tools
  105. How To Hack
  106. Pentest Tools Review
  107. Wifi Hacker Tools For Windows
  108. Pentest Tools Free
  109. Hacker Tools Free Download
  110. Pentest Tools Linux
  111. Pentest Tools Alternative
  112. Beginner Hacker Tools
  113. Pentest Tools Free
  114. Hacking Tools And Software
  115. Hacking Tools Free Download
  116. Hacking Tools Github
  117. Blackhat Hacker Tools
  118. Hacking Apps
  119. Bluetooth Hacking Tools Kali
  120. Hacking App
  121. Hacking Tools 2019
  122. Hacking Tools
  123. Pentest Tools Tcp Port Scanner
  124. Best Hacking Tools 2019
  125. Underground Hacker Sites
  126. Hacker Tools Software
  127. Pentest Tools
  128. Pentest Tools Subdomain
  129. Hacker Tool Kit
  130. Pentest Tools List
  131. Hacking Tools Github
  132. Hacking Tools For Windows 7
  133. Hack Tools Github
  134. Tools For Hacker
  135. Pentest Tools Subdomain
  136. Kik Hack Tools
  137. Pentest Tools Online
  138. Hacking Tools For Windows Free Download
  139. Pentest Tools Apk
  140. Hack Tools For Windows
  141. Pentest Tools Kali Linux
  142. Pentest Automation Tools
  143. Kik Hack Tools
  144. Hack Tools Pc
  145. Usb Pentest Tools
  146. Usb Pentest Tools
  147. Hacking Tools Windows
  148. Hacking Tools 2020
  149. Hacking Tools Hardware
  150. Black Hat Hacker Tools
  151. Hack Tool Apk No Root
  152. Hack Tools
  153. Hacker Tools Mac
  154. Pentest Recon Tools
  155. Pentest Tools Linux
  156. Hacking Tools For Mac

No hay comentarios: