Creeper Creative. Powered by Blogger.

Blog Archive

Tags

Subscribe Here

Label

Categories

Recent

Popular

Video

Thursday, August 20, 2020

Vsftpd Backdoor - Ekoparty Prectf - Amn3S1A Team

Posted by F1 Shirt +60103425700 | at | 0 comments
It's a 32bits elf binary of some version of vsftpd, where it have been added a backdoor, they don't specify is an authentication backdoor, a special command or other stuff.

I started looking for something weird on the authentication routines, but I didn't found anything significant in a brief period of time, so I decided to do a bindiff, that was the key for locating the backdoor quickly. I do a quick diff of the strings with the command "strings bin | sort -u" and "vimdiff" and noticed that the backdoored binary has the symbol "execl" which is weird because is a call for executing elfs, don't needed for a ftp service, and weird that the compiled binary doesn't has that symbol.





Looking the xrefs of "execl" on IDA I found that code that is a clear backdoor, it create a socket, bind a port and duplicate the stdin, stdout and stderr to the socket and use the execl:



There are one xrefs to this function, the function that decides when trigger that is that kind of systems equations decision:


The backdoor was not on the authentication, it was a special command to trigger the backdoor, which is obfuscated on that systems equation, it was no needed to use a z3 equation solver because is a simple one and I did it by hand.



The equation:
cmd[0] = 69
cmd[1] = 78
cmd[1] + cmd[2] = 154
cmd[2] + cmd[3] = 202
cmd[3] + cmd[4] = 241
cmd[4] + cmd[5] = 233
cmd[5] + cmd[6] = 217
cmd[6] + cmd[7] = 218
cmd[7] + cmd[8] = 228
cmd[8] + cmd[9] = 212
cmd[9] + cmd[10] = 195
cmd[10] + cmd[11] = 195
cmd[11] + cmd[12] = 201
cmd[12] + cmd[13] = 207
cmd[13] + cmd[14] = 203
cmd[14] + cmd[15] = 215
cmd[15] + cmd[16] = 235
cmd[16] + cmd[17] = 242

The solution:
cmd[0] = 69
cmd[1] = 75
cmd[2] = 79
cmd[3] = 123
cmd[4] = 118
cmd[5] = 115
cmd[6] = 102
cmd[7] = 116
cmd[8] = 112
cmd[9] = 100
cmd[10] = 95
cmd[11] = 100
cmd[12] = 101
cmd[13] = 106
cmd[14] = 97                    
cmd[15] = 118
cmd[16] = 117
cmd[17] = 125


The flag:
EKO{vsftpd_dejavu}

The binary:
https://ctf.ekoparty.org/static/pre-ekoparty/backdoor


Related links

  1. Pentest Tools Online
  2. Hack Tools Github
  3. Black Hat Hacker Tools
  4. Hack App
  5. Hackers Toolbox
  6. Hacking Tools 2019
  7. Hacker Tools For Pc
  8. Beginner Hacker Tools
  9. Hacking Tools Hardware
  10. Wifi Hacker Tools For Windows
  11. Pentest Tools Alternative
  12. Hacking Tools 2019
  13. Hacker Search Tools
  14. Blackhat Hacker Tools
  15. How To Hack
  16. Hack Tools Github
  17. Hack And Tools
  18. Hack Tools Online
  19. Pentest Tools Website Vulnerability
  20. Hack Tools For Ubuntu
  21. Github Hacking Tools
  22. Pentest Tools Android
  23. Hacker Tool Kit
  24. Pentest Tools Tcp Port Scanner
  25. Hacking Tools 2020
  26. Hacker Tools Free
  27. Pentest Reporting Tools
  28. Pentest Tools Nmap
  29. Hacker Tools For Mac
  30. Pentest Reporting Tools
  31. Hack Tools Online
  32. Pentest Box Tools Download
  33. What Is Hacking Tools
  34. Hacker Tools For Pc
  35. Pentest Tools Subdomain
  36. Hack Tool Apk No Root
  37. Hacking Tools 2019
  38. New Hack Tools
  39. Pentest Reporting Tools
  40. Hack Tools Pc
  41. New Hack Tools
  42. Pentest Tools Github
  43. Hack Tools Github
  44. Black Hat Hacker Tools
  45. Hacker
  46. Github Hacking Tools
  47. Hack Tools Download
  48. Hacking Tools Kit
  49. How To Install Pentest Tools In Ubuntu
  50. Hacking Tools For Kali Linux
  51. Hack Tools Online
  52. New Hacker Tools
  53. Best Pentesting Tools 2018
  54. Hack Tools For Games
  55. Pentest Tools Alternative
  56. Pentest Tools Framework
  57. Hack Tools
  58. Pentest Tools Bluekeep
  59. Hacking Tools Software
  60. Hacking Tools Kit
  61. Hacking Apps
  62. Pentest Tools Linux
  63. Best Hacking Tools 2020
  64. Hacker Tools 2019
  65. Hackrf Tools
  66. Easy Hack Tools
  67. Hack Tools For Ubuntu
  68. Pentest Tools Apk
  69. Pentest Tools Open Source
  70. Hacking Tools Kit
  71. Hack Rom Tools
  72. Pentest Tools Review
  73. Hackrf Tools
  74. Hacking Tools Windows 10
  75. Hacker Tools
  76. Tools 4 Hack
  77. Hack Tools For Games
  78. Pentest Tools Find Subdomains
  79. World No 1 Hacker Software
  80. Hacker Tools For Ios
  81. Hacker Tools 2019
  82. Best Hacking Tools 2019
  83. Hacker Search Tools
  84. Hacks And Tools
  85. Pentest Tools For Ubuntu
  86. Install Pentest Tools Ubuntu
  87. Hack App
  88. Hacker Security Tools
  89. Easy Hack Tools
  90. Hacking Tools Github
  91. Github Hacking Tools
  92. Hack Website Online Tool
  93. Hacker Tools Apk Download
  94. Pentest Tools Free

0 comments:

Post a Comment

Subscribe to: Post Comments (Atom)
 
Twitter Facebook Dribbble Tumblr Last FM Flickr Behance