Vsftpd Backdoor - Ekoparty Prectf - Amn3S1A Team

It's a 32bits elf binary of some version of vsftpd, where it have been added a backdoor, they don't specify is an authentication backdoor, a special command or other stuff.

I started looking for something weird on the authentication routines, but I didn't found anything significant in a brief period of time, so I decided to do a bindiff, that was the key for locating the backdoor quickly. I do a quick diff of the strings with the command "strings bin | sort -u" and "vimdiff" and noticed that the backdoored binary has the symbol "execl" which is weird because is a call for executing elfs, don't needed for a ftp service, and weird that the compiled binary doesn't has that symbol.

Looking the xrefs of "execl" on IDA I found that code that is a clear backdoor, it create a socket, bind a port and duplicate the stdin, stdout and stderr to the socket and use the execl:

There are one xrefs to this function, the function that decides when trigger that is that kind of systems equations decision:

The backdoor was not on the authentication, it was a special command to trigger the backdoor, which is obfuscated on that systems equation, it was no needed to use a z3 equation solver because is a simple one and I did it by hand.

The equation:

cmd[0] = 69

cmd[1] = 78

cmd[1] + cmd[2] = 154

cmd[2] + cmd[3] = 202

cmd[3] + cmd[4] = 241

cmd[4] + cmd[5] = 233

cmd[5] + cmd[6] = 217

cmd[6] + cmd[7] = 218

cmd[7] + cmd[8] = 228

cmd[8] + cmd[9] = 212

cmd[9] + cmd[10] = 195

cmd[10] + cmd[11] = 195

cmd[11] + cmd[12] = 201

cmd[12] + cmd[13] = 207

cmd[13] + cmd[14] = 203

cmd[14] + cmd[15] = 215

cmd[15] + cmd[16] = 235

cmd[16] + cmd[17] = 242

The solution:

cmd[0] = 69

cmd[1] = 75

cmd[2] = 79

cmd[3] = 123

cmd[4] = 118

cmd[5] = 115

cmd[6] = 102

cmd[7] = 116

cmd[8] = 112

cmd[9] = 100

cmd[10] = 95

cmd[11] = 100

cmd[12] = 101

cmd[13] = 106

cmd[14] = 97                    

cmd[15] = 118

cmd[16] = 117

cmd[17] = 125

The flag:

EKO{vsftpd_dejavu}

The binary:
https://ctf.ekoparty.org/static/pre-ekoparty/backdoor

Related news

1. Hacking Tools Kit
2. Hacker Tools Online
3. Hack Tools Online
4. Hack Tools Pc
5. Hacking Tools Pc
6. Pentest Tools Linux
7. Best Hacking Tools 2020
8. Free Pentest Tools For Windows
9. Hacking Tools For Windows Free Download
10. Install Pentest Tools Ubuntu
11. Hacker Tools
12. Pentest Tools Github
13. Nsa Hacker Tools
14. Pentest Tools For Android
15. Pentest Tools Framework
16. Hak5 Tools
17. Pentest Tools Open Source
18. Hacker Tools
19. Pentest Tools For Mac
20. Hacker Tools For Ios
21. Computer Hacker
22. Hacking Tools For Pc
23. How To Hack
24. Hacking Tools For Kali Linux
25. Hacker Tools For Ios
26. Black Hat Hacker Tools
27. Hacker Search Tools
28. Hacking Tools For Windows Free Download
29. Pentest Tools Bluekeep
30. Pentest Tools Github
31. Pentest Tools
32. Hacking Tools
33. Kik Hack Tools
34. Hacking Tools Software
35. Pentest Tools Subdomain
36. What Is Hacking Tools
37. Hacker Security Tools
38. Pentest Reporting Tools
39. Hacking Tools Usb
40. Hack Tools
41. Hacking Tools Windows
42. Hacker Tools Software
43. Pentest Tools Alternative
44. Nsa Hacker Tools
45. Pentest Tools Url Fuzzer
46. Hack Website Online Tool
47. Pentest Reporting Tools
48. Pentest Tools Website
49. World No 1 Hacker Software
50. Hacker Tools Apk
51. Hacking Tools Hardware
52. Hack Tools For Games
53. Hacker Search Tools
54. Pentest Tools Tcp Port Scanner
55. Hacker Tools Hardware
56. Hacker Tools For Windows
57. Pentest Automation Tools
58. Game Hacking
59. Hacking Tools And Software
60. Pentest Tools Apk
61. Hack Tools Online
62. Free Pentest Tools For Windows
63. Hacking Tools For Pc
64. Hack Tools For Ubuntu
65. Hack Tools 2019
66. Hacking Tools Kit
67. Hacker Tool Kit
68. Hacking Tools 2019
69. Hacker Tools Free
70. Hackrf Tools
71. Hacking Tools For Kali Linux
72. What Is Hacking Tools
73. Hacking Tools Hardware
74. Hack Tools Pc
75. Hak5 Tools
76. Pentest Tools For Mac
77. Computer Hacker
78. Hack Tools Github
79. Hacker Tool Kit
80. Top Pentest Tools
81. Pentest Tools Linux
82. Hacker Tools For Pc
83. Hacking Tools Software
84. Hacking Tools For Games
85. Pentest Tools Windows
86. Android Hack Tools Github
87. Pentest Tools Windows
88. Best Pentesting Tools 2018
89. Pentest Tools Kali Linux
90. Hackrf Tools
91. Hacking Tools For Kali Linux
92. Hack Apps
93. Pentest Tools Apk
94. Tools For Hacker
95. Hacking Tools
96. Pentest Recon Tools