It's a 32bits elf binary of some version of vsftpd, where it have been added a backdoor, they don't specify is an authentication backdoor, a special command or other stuff.
I started looking for something weird on the authentication routines, but I didn't found anything significant in a brief period of time, so I decided to do a bindiff, that was the key for locating the backdoor quickly. I do a quick diff of the strings with the command "strings bin | sort -u" and "vimdiff" and noticed that the backdoored binary has the symbol "execl" which is weird because is a call for executing elfs, don't needed for a ftp service, and weird that the compiled binary doesn't has that symbol.
Looking the xrefs of "execl" on IDA I found that code that is a clear backdoor, it create a socket, bind a port and duplicate the stdin, stdout and stderr to the socket and use the execl:
There are one xrefs to this function, the function that decides when trigger that is that kind of systems equations decision:
The backdoor was not on the authentication, it was a special command to trigger the backdoor, which is obfuscated on that systems equation, it was no needed to use a z3 equation solver because is a simple one and I did it by hand.
The equation:
cmd[0] = 69
cmd[1] = 78
cmd[1] + cmd[2] = 154
cmd[2] + cmd[3] = 202
cmd[3] + cmd[4] = 241
cmd[4] + cmd[5] = 233
cmd[5] + cmd[6] = 217
cmd[6] + cmd[7] = 218
cmd[7] + cmd[8] = 228
cmd[8] + cmd[9] = 212
cmd[9] + cmd[10] = 195
cmd[10] + cmd[11] = 195
cmd[11] + cmd[12] = 201
cmd[12] + cmd[13] = 207
cmd[13] + cmd[14] = 203
cmd[14] + cmd[15] = 215
cmd[15] + cmd[16] = 235
cmd[16] + cmd[17] = 242
The solution:
cmd[0] = 69
cmd[1] = 75
cmd[2] = 79
cmd[3] = 123
cmd[4] = 118
cmd[5] = 115
cmd[6] = 102
cmd[7] = 116
cmd[8] = 112
cmd[9] = 100
cmd[10] = 95
cmd[11] = 100
cmd[12] = 101
cmd[13] = 106
cmd[14] = 97
cmd[15] = 118
cmd[16] = 117
cmd[17] = 125
The flag:
EKO{vsftpd_dejavu}
The binary:
https://ctf.ekoparty.org/static/pre-ekoparty/backdoor
The binary:
https://ctf.ekoparty.org/static/pre-ekoparty/backdoor
Related posts
- Free Pentest Tools For Windows
- Easy Hack Tools
- Pentest Tools For Windows
- Hacker Tools Hardware
- Hacker Tools Online
- Usb Pentest Tools
- Hacking Tools
- Pentest Tools For Windows
- Pentest Tools Subdomain
- Hack Tools Mac
- How To Make Hacking Tools
- Hacker Tools Free
- Best Pentesting Tools 2018
- Pentest Tools Kali Linux
- Tools Used For Hacking
- Hacking Tools Pc
- Hacker Hardware Tools
- Hacker Tools Github
- Android Hack Tools Github
- Pentest Tools Website
- Pentest Tools Website
- Hacking Tools For Games
- Hack Tools Online
- Pentest Tools List
- New Hack Tools
- Tools 4 Hack
- Pentest Tools
- Hacker Security Tools
- How To Hack
- Pentest Tools Subdomain
- Hack App
- Usb Pentest Tools
- Hacking Tools 2020
- Hacker
- Pentest Tools Online
- How To Make Hacking Tools
- Nsa Hacker Tools
- Bluetooth Hacking Tools Kali
- Hacking Tools For Games
- Hacker Tools List
- Nsa Hack Tools
- Tools 4 Hack
- Hacking Tools Github
- Hacker Techniques Tools And Incident Handling
- Top Pentest Tools
- Pentest Tools Review
- Hacker Tools Free Download
- Hackers Toolbox
- Hack Tools Pc
- Hack Tools 2019
- Pentest Tools Kali Linux
- Hack Tools For Mac
- Hacker Tools Linux
- Hack Apps
- Hacker Tools Free Download
- Nsa Hack Tools
- Pentest Tools Nmap
- Free Pentest Tools For Windows
- Hack Tools
- Pentest Tools Apk
- Hacking Tools For Kali Linux
- Underground Hacker Sites
- Hack App
- Pentest Tools Website
- What Is Hacking Tools
- Hacking App
- Free Pentest Tools For Windows
- Hacking Tools Mac
- Hack Apps
- Hack Website Online Tool
- Pentest Tools List
- Hacking Tools For Windows
- Hack Tools 2019
- Pentest Tools Url Fuzzer
- Hack Tool Apk No Root
- Hack Tools Download
- Pentest Tools Url Fuzzer
- Hacker Tools Mac
- Pentest Tools Review
- Pentest Tools Kali Linux
- Hacking Tools For Kali Linux
- Android Hack Tools Github
- Tools 4 Hack
- Best Hacking Tools 2019
- Pentest Tools Github
- Hacker Tools For Mac
- Hacking Tools Pc
- Nsa Hacker Tools
- Hacking Tools Usb
- Hack Tools 2019
- Pentest Tools Review
- Hacking Tools Mac
- Hacking Tools For Kali Linux
- Pentest Tools Website Vulnerability
- Hacking Tools For Games
- Wifi Hacker Tools For Windows
- Hacking Tools For Windows
- Hack Tools Download
- Hack Tools For Games
- Hacker Tools Apk
- Black Hat Hacker Tools
- Pentest Reporting Tools
- Best Pentesting Tools 2018
- Hacking Tools
- World No 1 Hacker Software
- Pentest Tools For Android
- Blackhat Hacker Tools
- Hacker Tools Github
- Github Hacking Tools
- Hacking Tools For Mac
- Hack Tools For Windows
- Hak5 Tools
- Easy Hack Tools
- Pentest Tools For Ubuntu
- New Hack Tools
- Hacking Tools 2019
- How To Make Hacking Tools
- Hacker Tools Online
- Pentest Tools Alternative
- What Are Hacking Tools
- Hacking Apps
- Hacking Tools For Kali Linux
- Pentest Tools Apk
- Hacking Tools And Software
- Hacking Tools 2020
- Pentest Tools Website Vulnerability
- Hacker Techniques Tools And Incident Handling
- Hack Tools For Ubuntu
- Hacking App
- Hack Tools 2019
- Install Pentest Tools Ubuntu
- Hack Tools Github
- Blackhat Hacker Tools
- Pentest Tools Find Subdomains
- Hacking Tools 2019
- Hacker
- Nsa Hacker Tools
- Wifi Hacker Tools For Windows
- Pentest Tools Website
- Hack Tools For Pc
- What Are Hacking Tools
- Hacking Tools For Pc
- Top Pentest Tools
- Hacking Tools Windows
- Pentest Tools Framework
- Pentest Tools Open Source
- Pentest Tools Kali Linux
- Pentest Tools Review
- Hacking Tools Software
- Best Pentesting Tools 2018
- Hacking Tools For Pc
- Hacker Tools List
- Hacking Tools Usb
- Pentest Tools Subdomain
- Bluetooth Hacking Tools Kali
- Pentest Tools Website Vulnerability
- Pentest Tools For Windows
- Hacker Tools For Ios
- Hacker Tools Free Download
- Hack Tools
- Hack Tool Apk No Root
- Hack Tools
- Hacker Tools
- Hacking Tools 2020
- Hak5 Tools
- Hack Tools Github
- Hacker Tools For Ios
- Hacking Apps
- Hack Tools For Mac
- Hacking Tools For Beginners
- Hacking Tools
No comments:
Post a Comment