Skip to main content

Vsftpd Backdoor - Ekoparty Prectf - Amn3S1A Team

By admin
It's a 32bits elf binary of some version of vsftpd, where it have been added a backdoor, they don't specify is an authentication backdoor, a special command or other stuff.

I started looking for something weird on the authentication routines, but I didn't found anything significant in a brief period of time, so I decided to do a bindiff, that was the key for locating the backdoor quickly. I do a quick diff of the strings with the command "strings bin | sort -u" and "vimdiff" and noticed that the backdoored binary has the symbol "execl" which is weird because is a call for executing elfs, don't needed for a ftp service, and weird that the compiled binary doesn't has that symbol.





Looking the xrefs of "execl" on IDA I found that code that is a clear backdoor, it create a socket, bind a port and duplicate the stdin, stdout and stderr to the socket and use the execl:



There are one xrefs to this function, the function that decides when trigger that is that kind of systems equations decision:


The backdoor was not on the authentication, it was a special command to trigger the backdoor, which is obfuscated on that systems equation, it was no needed to use a z3 equation solver because is a simple one and I did it by hand.



The equation:
cmd[0] = 69
cmd[1] = 78
cmd[1] + cmd[2] = 154
cmd[2] + cmd[3] = 202
cmd[3] + cmd[4] = 241
cmd[4] + cmd[5] = 233
cmd[5] + cmd[6] = 217
cmd[6] + cmd[7] = 218
cmd[7] + cmd[8] = 228
cmd[8] + cmd[9] = 212
cmd[9] + cmd[10] = 195
cmd[10] + cmd[11] = 195
cmd[11] + cmd[12] = 201
cmd[12] + cmd[13] = 207
cmd[13] + cmd[14] = 203
cmd[14] + cmd[15] = 215
cmd[15] + cmd[16] = 235
cmd[16] + cmd[17] = 242

The solution:
cmd[0] = 69
cmd[1] = 75
cmd[2] = 79
cmd[3] = 123
cmd[4] = 118
cmd[5] = 115
cmd[6] = 102
cmd[7] = 116
cmd[8] = 112
cmd[9] = 100
cmd[10] = 95
cmd[11] = 100
cmd[12] = 101
cmd[13] = 106
cmd[14] = 97                    
cmd[15] = 118
cmd[16] = 117
cmd[17] = 125


The flag:
EKO{vsftpd_dejavu}

The binary:
https://ctf.ekoparty.org/static/pre-ekoparty/backdoor


Related word
  1. Pentest Tools Subdomain
  2. Pentest Tools Free
  3. How To Install Pentest Tools In Ubuntu
  4. Hacks And Tools
  5. Hacker Tools For Mac
  6. Pentest Tools Port Scanner
  7. Hack Tools For Windows
  8. Hacking Tools Free Download
  9. Hacking Tools Online
  10. Hacker Tools For Windows
  11. Beginner Hacker Tools
  12. Pentest Tools Download
  13. Hacker Tools Hardware
  14. Hacker Tools Software
  15. Hack Tools Mac
  16. Hack Tool Apk No Root
  17. Hacking Tools 2020

Comments

Post a Comment

Popular posts from this blog

When Berachain Meets AI: 9 Projects Riding the Next Big Wave

By admin
Artificial Intelligence (AI) and blockchain are arguably two of the hottest narratives in tech today. With Berachain's mainnet launch just around the corner, combining AI with this innovative blockchain opens up exciting possibilities. In this article, we'll dive into nine AI-driven projects on Berachain, each offering unique use cases and solutions. Baosdotfun 1. Baosdotfun: The Launchpad for AI DAOs Baosdotfun acts as an incubator for AI-driven DAOs, focusing on areas like yield farming and trading strategies. Their "DAO seasons" introduce new AI agents every few months, providing fresh opportunities for users. Key features: Supports multiple AI agents. Focus on decentralized autonomous organizations (DAOs). Official Links: Baosdotfun Website Baosdotfun on Twitter Beradigm 2. Beradigm: Maximizing BGT Farming Beradigm specializes in yield farming to accumulate BGT, a governance token central to Berachain's ecosystem. Using AI, Beradigm optimizes farming strategie...
Post a Comment
Read more

The Dawn of a Global Bitcoin Gold Rush: Why Governments May Soon Join the Race

By admin
Picture a world where governments, not just early adopters and tech enthusiasts, scramble to hold Bitcoin before their geopolitical rivals do. This scenario, once considered science fiction, is becoming increasingly plausible. As major asset managers hint at portfolio exposure, U.S. political leaders signal a shift toward pro-crypto regulation, and states within the U.S. prepare strategic Bitcoin reserves, the stage is set for a massive influx of institutional and governmental participation. Far from the fleeting hype cycles of the past, this is a moment backed by data, historical patterns, and powerful players with trillions of dollars at their disposal. In 2020, Bitcoin's meteoric rise coincided with a similar point in its four-year halving cycle. Fast forward to 2024: conditions now are even more favorable, with unprecedented scarcity in the market and global interests aligning to accelerate adoption. The impatience seen in some corners of the crypto community, worried that Bitc...
Post a Comment
Read more

New Movies & Latest Showtimes | ShowBiz Cinemas

By admin
https://www.showbizcinemas.com/promotions#DiscountTuesdays https://www.showbizcinemas.com/promotions#BowlingWednesdays http://recruiting.talentreef.com/showbiz-cinemas https://www.showbizcinemas.com/newsletter https://www.mpaa.org/film-ratings/ https://www.youtube.com https://www.facebook.com/showbizcinemas https://twitter.com/showbizcinemas
Post a Comment
Read more