A New Internet Library: Add Your Website/Blog or Suggest A Website/Blog to our Free Web Directory http://anil.myfunda.net.

Its very simple, free and SEO Friendly. Submit Now....

Monday, May 29, 2023

Vsftpd Backdoor - Ekoparty Prectf - Amn3S1A Team

It's a 32bits elf binary of some version of vsftpd, where it have been added a backdoor, they don't specify is an authentication backdoor, a special command or other stuff.

I started looking for something weird on the authentication routines, but I didn't found anything significant in a brief period of time, so I decided to do a bindiff, that was the key for locating the backdoor quickly. I do a quick diff of the strings with the command "strings bin | sort -u" and "vimdiff" and noticed that the backdoored binary has the symbol "execl" which is weird because is a call for executing elfs, don't needed for a ftp service, and weird that the compiled binary doesn't has that symbol.





Looking the xrefs of "execl" on IDA I found that code that is a clear backdoor, it create a socket, bind a port and duplicate the stdin, stdout and stderr to the socket and use the execl:



There are one xrefs to this function, the function that decides when trigger that is that kind of systems equations decision:


The backdoor was not on the authentication, it was a special command to trigger the backdoor, which is obfuscated on that systems equation, it was no needed to use a z3 equation solver because is a simple one and I did it by hand.



The equation:
cmd[0] = 69
cmd[1] = 78
cmd[1] + cmd[2] = 154
cmd[2] + cmd[3] = 202
cmd[3] + cmd[4] = 241
cmd[4] + cmd[5] = 233
cmd[5] + cmd[6] = 217
cmd[6] + cmd[7] = 218
cmd[7] + cmd[8] = 228
cmd[8] + cmd[9] = 212
cmd[9] + cmd[10] = 195
cmd[10] + cmd[11] = 195
cmd[11] + cmd[12] = 201
cmd[12] + cmd[13] = 207
cmd[13] + cmd[14] = 203
cmd[14] + cmd[15] = 215
cmd[15] + cmd[16] = 235
cmd[16] + cmd[17] = 242

The solution:
cmd[0] = 69
cmd[1] = 75
cmd[2] = 79
cmd[3] = 123
cmd[4] = 118
cmd[5] = 115
cmd[6] = 102
cmd[7] = 116
cmd[8] = 112
cmd[9] = 100
cmd[10] = 95
cmd[11] = 100
cmd[12] = 101
cmd[13] = 106
cmd[14] = 97                    
cmd[15] = 118
cmd[16] = 117
cmd[17] = 125


The flag:
EKO{vsftpd_dejavu}

The binary:
https://ctf.ekoparty.org/static/pre-ekoparty/backdoor


Related links
  1. Hack Tools For Pc
  2. Easy Hack Tools
  3. Hacker Tools For Pc
  4. Pentest Tools Android
  5. Install Pentest Tools Ubuntu
  6. Underground Hacker Sites
  7. How To Make Hacking Tools
  8. Nsa Hack Tools
  9. Hacking Tools Pc
  10. Hacking Tools 2019
  11. Hack Tools For Ubuntu
  12. Hacking Tools Usb
  13. Pentest Tools Subdomain
  14. Pentest Tools Website
  15. Physical Pentest Tools
  16. Hacker Tools Windows
  17. Game Hacking
  18. Hacker Tools Apk
  19. Pentest Tools For Windows
  20. Hacker Tools 2019
  21. Pentest Automation Tools
  22. Hacking Tools Windows 10
  23. Nsa Hacker Tools
  24. Nsa Hack Tools Download
  25. Pentest Tools Bluekeep
  26. Pentest Tools Apk
  27. Hacking Tools Download
  28. Hack Tools 2019
  29. Nsa Hacker Tools
  30. Nsa Hack Tools Download
  31. Github Hacking Tools
  32. New Hacker Tools
  33. Hacker Security Tools
  34. Hacking Tools For Mac
  35. Pentest Tools Url Fuzzer
  36. Top Pentest Tools
  37. What Is Hacking Tools
  38. Pentest Box Tools Download
  39. Hacking Tools Kit
  40. Computer Hacker
  41. Bluetooth Hacking Tools Kali
  42. Hacking Tools Windows
  43. Hacker Tools Linux
  44. Hacker Tools Mac
  45. Wifi Hacker Tools For Windows
  46. Pentest Tools Android
  47. Pentest Tools Website Vulnerability
  48. Pentest Tools For Android
  49. Hacker Tools For Windows
  50. Hackers Toolbox
  51. Hack Tools 2019
  52. Pentest Tools Linux
  53. Hack Tools For Games
  54. Hacking Tools 2019
  55. Physical Pentest Tools
  56. Hacker Tools Software
  57. Black Hat Hacker Tools
  58. Best Pentesting Tools 2018
  59. Hacking Tools 2020
  60. Hack Tools For Ubuntu
  61. Hacking Tools
  62. Hacker Security Tools
  63. Nsa Hack Tools
  64. Black Hat Hacker Tools
  65. Hacker Tools Online
  66. Hacking Tools Mac
  67. Pentest Tools Open Source
  68. Pentest Tools Website
  69. Hacking Tools For Games
  70. Hack Tools Mac
  71. Hack Tools For Games
  72. Wifi Hacker Tools For Windows
  73. Pentest Tools For Ubuntu
  74. Tools 4 Hack
  75. Easy Hack Tools
  76. Pentest Reporting Tools
  77. Hackrf Tools
  78. Hack Tools For Games
  79. Hacking Tools Github
  80. Free Pentest Tools For Windows
  81. Hacker Tools 2019
  82. Hack Tools For Mac
  83. Hacker Tools Github
  84. Pentest Tools Linux
  85. Hack Tools For Ubuntu
  86. Hacking Tools For Beginners
  87. Wifi Hacker Tools For Windows
  88. Hack Tools Github
  89. Nsa Hacker Tools
  90. Best Pentesting Tools 2018
  91. Android Hack Tools Github
  92. Hacker Tools Software
  93. Hacking Tools For Windows Free Download
  94. Pentest Tools Url Fuzzer
  95. Pentest Tools List
  96. Best Hacking Tools 2020
  97. Hack Tools 2019
  98. Hacker Tools Github
  99. Hacker Tools Windows
  100. Hack Tools Pc
  101. Hack Rom Tools
  102. Hack And Tools
  103. Hacking App
  104. Hak5 Tools
  105. Hacking Tools For Beginners
  106. Hacker Tools Apk Download
  107. Hacker Tools Linux
  108. Pentest Box Tools Download
  109. Pentest Tools Subdomain
  110. Termux Hacking Tools 2019
  111. Pentest Tools Url Fuzzer
  112. How To Hack
  113. Hacking Tools Hardware
  114. Hacking Tools For Windows Free Download
  115. Hacker Tools Github
  116. Hacking App
  117. Hacking Tools 2019
  118. How To Install Pentest Tools In Ubuntu
  119. Pentest Tools List
  120. Pentest Tools Apk
  121. Hacker Tools Free Download
  122. Pentest Tools Bluekeep
  123. Nsa Hacker Tools
  124. Hacker Tools List
  125. Top Pentest Tools
  126. Hacking Tools Windows
  127. Hacking Tools For Windows
  128. Hak5 Tools
  129. Pentest Tools For Ubuntu
  130. Hacker Tools Online
  131. Easy Hack Tools
  132. Hacking Tools Download
  133. Top Pentest Tools
  134. Android Hack Tools Github
  135. Pentest Tools Find Subdomains
  136. Hacking Tools For Kali Linux
  137. Github Hacking Tools
  138. Hacker Tools
  139. Hacker Tools Github
  140. Hack Website Online Tool
  141. Pentest Tools Review
  142. Pentest Tools Online
  143. Hacker Search Tools
  144. Github Hacking Tools
  145. Hacking Tools For Games
  146. Hacking Tools Hardware
  147. Best Hacking Tools 2020
  148. Pentest Tools Alternative
  149. Hacker Hardware Tools
  150. Hacker Tools Linux
  151. Pentest Recon Tools
  152. How To Hack
  153. Hack Tools
  154. Easy Hack Tools
  155. New Hacker Tools
  156. Underground Hacker Sites
  157. Beginner Hacker Tools
  158. Pentest Tools Apk
  159. World No 1 Hacker Software
  160. Beginner Hacker Tools
  161. Hack Tools Online
  162. New Hacker Tools
  163. Hacking Tools For Windows Free Download
  164. Pentest Tools Website
  165. Hacking Tools Github
  166. Github Hacking Tools
  167. World No 1 Hacker Software
  168. Pentest Tools Online

at 9:43 PM

No comments:

Post a Comment

Post your comments here:

Subscribe to: Post Comments (Atom)

Dotnet-Interviews

Loading...