Vsftpd Backdoor - Ekoparty Prectf - Amn3S1A Team

It's a 32bits elf binary of some version of vsftpd, where it have been added a backdoor, they don't specify is an authentication backdoor, a special command or other stuff.

I started looking for something weird on the authentication routines, but I didn't found anything significant in a brief period of time, so I decided to do a bindiff, that was the key for locating the backdoor quickly. I do a quick diff of the strings with the command "strings bin | sort -u" and "vimdiff" and noticed that the backdoored binary has the symbol "execl" which is weird because is a call for executing elfs, don't needed for a ftp service, and weird that the compiled binary doesn't has that symbol.

Looking the xrefs of "execl" on IDA I found that code that is a clear backdoor, it create a socket, bind a port and duplicate the stdin, stdout and stderr to the socket and use the execl:

There are one xrefs to this function, the function that decides when trigger that is that kind of systems equations decision:

The backdoor was not on the authentication, it was a special command to trigger the backdoor, which is obfuscated on that systems equation, it was no needed to use a z3 equation solver because is a simple one and I did it by hand.

The equation:

cmd[0] = 69

cmd[1] = 78

cmd[1] + cmd[2] = 154

cmd[2] + cmd[3] = 202

cmd[3] + cmd[4] = 241

cmd[4] + cmd[5] = 233

cmd[5] + cmd[6] = 217

cmd[6] + cmd[7] = 218

cmd[7] + cmd[8] = 228

cmd[8] + cmd[9] = 212

cmd[9] + cmd[10] = 195

cmd[10] + cmd[11] = 195

cmd[11] + cmd[12] = 201

cmd[12] + cmd[13] = 207

cmd[13] + cmd[14] = 203

cmd[14] + cmd[15] = 215

cmd[15] + cmd[16] = 235

cmd[16] + cmd[17] = 242

The solution:

cmd[0] = 69

cmd[1] = 75

cmd[2] = 79

cmd[3] = 123

cmd[4] = 118

cmd[5] = 115

cmd[6] = 102

cmd[7] = 116

cmd[8] = 112

cmd[9] = 100

cmd[10] = 95

cmd[11] = 100

cmd[12] = 101

cmd[13] = 106

cmd[14] = 97                    

cmd[15] = 118

cmd[16] = 117

cmd[17] = 125

The flag:

EKO{vsftpd_dejavu}

The binary:
https://ctf.ekoparty.org/static/pre-ekoparty/backdoor

Related news

1. Hack Rom Tools
2. Easy Hack Tools
3. Hacker Tools Windows
4. Hacking Tools Online
5. Hacks And Tools
6. Pentest Automation Tools
7. Pentest Tools Framework
8. Hacker Tools For Ios
9. Hacker Tools Windows
10. Nsa Hacker Tools
11. Hack Tools Pc
12. Hacking Apps
13. Hacking App
14. Install Pentest Tools Ubuntu
15. Pentest Recon Tools
16. Pentest Tools Open Source
17. Pentest Tools Alternative
18. Best Pentesting Tools 2018
19. Best Pentesting Tools 2018
20. Hackrf Tools
21. Hack And Tools
22. Pentest Tools List
23. Hack Tools Download
24. Hacker Tools
25. Hacker Tools 2020
26. Hacking Tools Hardware
27. Growth Hacker Tools
28. Hacking Tools For Windows 7
29. Pentest Tools Windows
30. Pentest Tools Subdomain
31. Hacker Tools List
32. Hack Tools For Games
33. Hack Tools For Games
34. Growth Hacker Tools
35. Pentest Tools Subdomain
36. Hacks And Tools
37. Hackrf Tools
38. Hak5 Tools
39. Hacker Tools List
40. Pentest Tools List
41. Hacking Tools Hardware
42. Pentest Tools Windows
43. Hacking Tools Online
44. Hack Tools Github
45. Hacking Tools For Pc
46. Hacker Tools For Mac
47. Hack Tools For Ubuntu
48. Hack Tools
49. Usb Pentest Tools
50. Hack App
51. Hacking Tools For Windows Free Download
52. Pentest Tools Review
53. Hak5 Tools
54. Hacking Tools For Windows Free Download
55. Tools 4 Hack
56. Hacker Tools
57. Hacker Tools 2020
58. Best Hacking Tools 2020
59. Hack Rom Tools
60. Hacking Tools For Games
61. Hack Apps
62. Hacking Tools Free Download
63. Tools For Hacker
64. Pentest Tools Find Subdomains
65. Free Pentest Tools For Windows
66. Hack Tool Apk
67. Hack Tools For Games
68. Kik Hack Tools
69. Pentest Tools Open Source
70. Hack Tools 2019
71. How To Make Hacking Tools
72. Hack Tools Online
73. Hacking Tools Software
74. Free Pentest Tools For Windows
75. Hacking Tools Kit
76. Hacking Tools Software
77. How To Install Pentest Tools In Ubuntu
78. Pentest Tools Website
79. Hacker Tools For Mac
80. Pentest Tools For Ubuntu
81. Install Pentest Tools Ubuntu
82. Hacker Tools List
83. Pentest Tools Download
84. Hacker Tools 2020
85. Hacks And Tools
86. Hacker Tools 2020
87. Hack And Tools
88. Pentest Tools Android
89. Pentest Box Tools Download
90. Hacker Tools Hardware
91. Pentest Tools Download
92. Hack Tools Mac
93. Kik Hack Tools
94. Hacker Tools Hardware
95. Tools For Hacker
96. Hacker Tool Kit
97. Hacking Apps
98. Hack Website Online Tool
99. Hack Tools
100. Best Hacking Tools 2020
101. How To Install Pentest Tools In Ubuntu
102. Pentest Tools For Windows
103. Hack App