Vsftpd Backdoor - Ekoparty Prectf - Amn3S1A Team

It's a 32bits elf binary of some version of vsftpd, where it have been added a backdoor, they don't specify is an authentication backdoor, a special command or other stuff.

I started looking for something weird on the authentication routines, but I didn't found anything significant in a brief period of time, so I decided to do a bindiff, that was the key for locating the backdoor quickly. I do a quick diff of the strings with the command "strings bin | sort -u" and "vimdiff" and noticed that the backdoored binary has the symbol "execl" which is weird because is a call for executing elfs, don't needed for a ftp service, and weird that the compiled binary doesn't has that symbol.

Looking the xrefs of "execl" on IDA I found that code that is a clear backdoor, it create a socket, bind a port and duplicate the stdin, stdout and stderr to the socket and use the execl:

There are one xrefs to this function, the function that decides when trigger that is that kind of systems equations decision:

The backdoor was not on the authentication, it was a special command to trigger the backdoor, which is obfuscated on that systems equation, it was no needed to use a z3 equation solver because is a simple one and I did it by hand.

The equation:

cmd[0] = 69

cmd[1] = 78

cmd[1] + cmd[2] = 154

cmd[2] + cmd[3] = 202

cmd[3] + cmd[4] = 241

cmd[4] + cmd[5] = 233

cmd[5] + cmd[6] = 217

cmd[6] + cmd[7] = 218

cmd[7] + cmd[8] = 228

cmd[8] + cmd[9] = 212

cmd[9] + cmd[10] = 195

cmd[10] + cmd[11] = 195

cmd[11] + cmd[12] = 201

cmd[12] + cmd[13] = 207

cmd[13] + cmd[14] = 203

cmd[14] + cmd[15] = 215

cmd[15] + cmd[16] = 235

cmd[16] + cmd[17] = 242

The solution:

cmd[0] = 69

cmd[1] = 75

cmd[2] = 79

cmd[3] = 123

cmd[4] = 118

cmd[5] = 115

cmd[6] = 102

cmd[7] = 116

cmd[8] = 112

cmd[9] = 100

cmd[10] = 95

cmd[11] = 100

cmd[12] = 101

cmd[13] = 106

cmd[14] = 97                    

cmd[15] = 118

cmd[16] = 117

cmd[17] = 125

The flag:

EKO{vsftpd_dejavu}

The binary:
https://ctf.ekoparty.org/static/pre-ekoparty/backdoor

Related posts

• Hacking Tools For Pc
• Hack Tools
• Pentest Tools Tcp Port Scanner
• Pentest Tools Nmap
• Hacker Tools For Windows
• Pentest Tools Review
• Ethical Hacker Tools
• Tools 4 Hack
• Hack And Tools
• World No 1 Hacker Software
• New Hack Tools
• Hacker Tools Free
• Pentest Tools Subdomain
• How To Hack
• Pentest Tools Tcp Port Scanner
• Hacker Tools Online
• Pentest Tools For Mac
• Pentest Recon Tools
• How To Install Pentest Tools In Ubuntu
• Hacking Tools Kit
• Hacker Tools For Mac
• Hacker Hardware Tools
• Pentest Tools Nmap
• Hacker Tools Free
• Hacking Tools Usb
• Tools For Hacker
• How To Make Hacking Tools
• Hacker Tools Free Download
• Pentest Tools Alternative
• Hack Tool Apk
• Hacking Tools Windows 10
• Physical Pentest Tools
• Pentest Tools Android
• How To Install Pentest Tools In Ubuntu
• Hacker Tools List
• Hack App
• Tools 4 Hack
• Easy Hack Tools
• Hacker Tools Apk
• Kik Hack Tools
• Hacker Tools Windows
• Pentest Reporting Tools
• Hacker Search Tools
• Best Hacking Tools 2020
• Pentest Tools Windows
• Free Pentest Tools For Windows
• Best Hacking Tools 2019
• Hacker
• Hackers Toolbox
• Pentest Tools Nmap
• What Are Hacking Tools
• Hacking Tools For Windows
• Hack Apps
• Hack App
• Kik Hack Tools
• Pentest Box Tools Download
• Nsa Hack Tools Download
• Hacker Tools For Pc
• Hacking Tools Pc
• Hack Tools Pc
• Pentest Tools Kali Linux
• Hacker Tools For Mac
• Pentest Tools Alternative
• Hacker Tools Apk
• Kik Hack Tools
• Pentest Tools Website
• Hacker Tools Linux
• Hacking Tools Windows 10
• Hack Tools For Pc
• Hack App
• Hacking Tools For Games
• Hacker Security Tools
• How To Hack
• Ethical Hacker Tools
• Hak5 Tools
• Hacker Tools Software
• Hacking Tools Windows 10
• Best Pentesting Tools 2018
• Free Pentest Tools For Windows
• Hacking Tools Mac
• Hack Tools Mac
• Hack Tools For Windows
• Github Hacking Tools
• What Are Hacking Tools
• Hacker Tools 2020
• Hackrf Tools
• World No 1 Hacker Software
• Hacking Tools Download
• Top Pentest Tools
• Top Pentest Tools
• Hacker Tools For Mac
• What Are Hacking Tools
• Hacking Tools For Windows
• Hak5 Tools
• Nsa Hacker Tools
• Pentest Tools Port Scanner
• Hacking Tools For Pc
• Install Pentest Tools Ubuntu
• Hacker Tool Kit
• New Hacker Tools
• Github Hacking Tools
• World No 1 Hacker Software
• New Hack Tools
• Best Hacking Tools 2019
• Hacking Tools For Beginners
• How To Install Pentest Tools In Ubuntu
• Hacker Tools Mac
• Hacking Tools Software
• Beginner Hacker Tools
• Pentest Tools Windows
• Hacker Tools Hardware
• Top Pentest Tools
• How To Install Pentest Tools In Ubuntu
• Hack Tools For Pc
• Nsa Hack Tools
• Hacker Tools Apk Download
• Hacks And Tools
• Kik Hack Tools
• Game Hacking
• Hack Tools For Games
• How To Make Hacking Tools
• Pentest Tools Bluekeep
• Termux Hacking Tools 2019
• Blackhat Hacker Tools
• Hacking Tools Hardware
• Growth Hacker Tools
• Pentest Tools Download
• Hacker Tools For Pc
• Hacking Tools And Software
• Pentest Automation Tools
• Pentest Tools Subdomain
• Hack Tools 2019
• Pentest Tools Website Vulnerability
• How To Make Hacking Tools
• Physical Pentest Tools
• Hacking Tools For Pc
• Pentest Tools For Android
• Pentest Box Tools Download
• Pentest Tools
• Blackhat Hacker Tools
• Pentest Reporting Tools
• Hacker Tools Apk
• Hacking Tools Windows 10
• Game Hacking
• Hack Tools 2019
• Hacking Tools Mac
• Hack Tools Online
• New Hacker Tools
• Hack Tools Download
• Hacking Tools For Windows Free Download
• Pentest Tools Subdomain
• Pentest Tools Url Fuzzer
• Hacking Tools Name
• Hacking Tools For Pc
• Hack Tools Pc
• Nsa Hacker Tools
• Hacker Tools 2019
• How To Hack
• Hackrf Tools
• Hack Tools For Games
• Hacker Tools Free
• Underground Hacker Sites
• Hacker Tools For Windows
• Hacking Tools Pc
• Hacking Tools Pc
• Hacker Tools Online
• Nsa Hack Tools Download
• Pentest Tools Port Scanner
• World No 1 Hacker Software
• Pentest Tools For Android
• Hacker Tools For Pc
• Pentest Tools
• Hack Tools For Windows
• Hacking Tools For Pc
• Nsa Hack Tools
• Hacker Tools Free Download
• Physical Pentest Tools