Vsftpd Backdoor - Ekoparty Prectf - Amn3S1A Team

It's a 32bits elf binary of some version of vsftpd, where it have been added a backdoor, they don't specify is an authentication backdoor, a special command or other stuff.

I started looking for something weird on the authentication routines, but I didn't found anything significant in a brief period of time, so I decided to do a bindiff, that was the key for locating the backdoor quickly. I do a quick diff of the strings with the command "strings bin | sort -u" and "vimdiff" and noticed that the backdoored binary has the symbol "execl" which is weird because is a call for executing elfs, don't needed for a ftp service, and weird that the compiled binary doesn't has that symbol.

Looking the xrefs of "execl" on IDA I found that code that is a clear backdoor, it create a socket, bind a port and duplicate the stdin, stdout and stderr to the socket and use the execl:

There are one xrefs to this function, the function that decides when trigger that is that kind of systems equations decision:

The backdoor was not on the authentication, it was a special command to trigger the backdoor, which is obfuscated on that systems equation, it was no needed to use a z3 equation solver because is a simple one and I did it by hand.

The equation:

cmd[0] = 69

cmd[1] = 78

cmd[1] + cmd[2] = 154

cmd[2] + cmd[3] = 202

cmd[3] + cmd[4] = 241

cmd[4] + cmd[5] = 233

cmd[5] + cmd[6] = 217

cmd[6] + cmd[7] = 218

cmd[7] + cmd[8] = 228

cmd[8] + cmd[9] = 212

cmd[9] + cmd[10] = 195

cmd[10] + cmd[11] = 195

cmd[11] + cmd[12] = 201

cmd[12] + cmd[13] = 207

cmd[13] + cmd[14] = 203

cmd[14] + cmd[15] = 215

cmd[15] + cmd[16] = 235

cmd[16] + cmd[17] = 242

The solution:

cmd[0] = 69

cmd[1] = 75

cmd[2] = 79

cmd[3] = 123

cmd[4] = 118

cmd[5] = 115

cmd[6] = 102

cmd[7] = 116

cmd[8] = 112

cmd[9] = 100

cmd[10] = 95

cmd[11] = 100

cmd[12] = 101

cmd[13] = 106

cmd[14] = 97                    

cmd[15] = 118

cmd[16] = 117

cmd[17] = 125

The flag:

EKO{vsftpd_dejavu}

The binary:
https://ctf.ekoparty.org/static/pre-ekoparty/backdoor

Related news

1. Pentest Tools Port Scanner
2. Hacking Tools Windows
3. Game Hacking
4. Pentest Tools Website Vulnerability
5. Pentest Tools For Mac
6. Hacking Tools And Software
7. Tools For Hacker
8. Hacking Tools For Pc
9. Pentest Tools Github
10. Hackrf Tools
11. Pentest Box Tools Download
12. Hack Tools For Games
13. Pentest Tools Review
14. How To Hack
15. Pentest Tools Alternative
16. Hack App
17. Hacker Tools Apk
18. Hack Apps
19. Hack Tools Online
20. Free Pentest Tools For Windows
21. What Is Hacking Tools
22. Pentest Recon Tools
23. Pentest Reporting Tools
24. Pentest Tools Android
25. Hacker Techniques Tools And Incident Handling
26. Hacker Tools Apk Download
27. Nsa Hacker Tools
28. Github Hacking Tools
29. Hacking Tools Software
30. Hack Tools For Mac
31. Pentest Tools Website Vulnerability
32. Hacking Tools For Windows
33. Growth Hacker Tools
34. Hacking Tools
35. Hacking Tools For Beginners
36. Termux Hacking Tools 2019
37. Hacker Tools Free Download
38. Nsa Hack Tools Download
39. Pentest Tools Port Scanner
40. Pentest Tools Windows
41. Hacker Tools Software
42. Hacker Tools For Ios
43. Pentest Tools Free
44. Best Hacking Tools 2020
45. Hacker Tools 2020
46. Pentest Tools
47. Pentest Tools Online
48. Hacking Tools For Windows Free Download
49. Hacking Tools Usb
50. Hacking Tools 2019
51. Hacking Tools Software
52. Hacker Tools For Windows
53. Hack Tool Apk No Root
54. Underground Hacker Sites
55. Pentest Tools For Ubuntu
56. Hacking Tools Windows 10
57. Top Pentest Tools
58. Hacker Tools For Ios
59. Hackrf Tools
60. Hacking Tools For Kali Linux
61. How To Install Pentest Tools In Ubuntu
62. Pentest Tools Url Fuzzer
63. Hacker Tools For Pc
64. Hacker Tools Github
65. Hacker Tools Linux
66. Pentest Tools Free
67. Hacking Tools For Beginners
68. Pentest Tools Apk
69. Pentest Tools Download
70. Hacking Tools For Mac
71. Hack Tools Download
72. Game Hacking
73. New Hacker Tools
74. Pentest Tools Review
75. Hacker Tool Kit
76. Hack Tool Apk
77. Hacking Tools For Windows
78. Nsa Hack Tools
79. Growth Hacker Tools
80. Hack Tools Github
81. Blackhat Hacker Tools
82. Pentest Reporting Tools
83. Pentest Tools Website
84. Pentest Box Tools Download
85. Hacking Tools
86. Hack Tools For Pc
87. Nsa Hacker Tools