Skip to content
/ Chankro Public
forked from TarlogicSecurity/Chankro

Herramienta para evadir disable_functions y open_basedir

License

GPL-3.0 license
0 stars 85 forks Branches Tags Activity
Star
Notifications You must be signed in to change notification settings

riccitensor/Chankro

BranchesTags
 
 

Folders and files

NameName
Last commit message
Last commit date

Latest commit

 

History

21 Commits
LICENSE
LICENSE
 
 
README.md
README.md
 
 
chankro.py
chankro.py
 
 
hook.c
hook.c
 
 
hook32.so
hook32.so
 
 
hook64.so
hook64.so
 
 

Repository files navigation

Chankro

Your favourite tool to bypass disable_functions and open_basedir in your pentests.

How it works

PHP in Linux calls a binary (sendmail) when the mail() function is executed. If we have putenv() allowed, we can set the environment variable "LD_PRELOAD", so we can preload an arbitrary shared object. Our shared object will execute our custom payload (a binary or a bash script) without the PHP restrictions, so we can have a reverse shell, for example.

Example:

The syntax is pretty straightforward:

$ python2 chankro.py --arch 64 --input rev.sh --output chan.php --path /var/www/html

Note: path is the absolute path where our .so will be dropped.

Install

Git

$ git clone https://github.com/TarlogicSecurity/Chankro.git
$ cd Chankro
$ python2 chankro.py --help

BlackArch

# pacman -S chankro
$ chankro --help

About

Herramienta para evadir disable_functions y open_basedir

Resources

Readme

License

GPL-3.0 license
Activity

Stars

0 stars

Watchers

2 watching

Forks

0 forks
Report repository

Releases

No releases published

Packages

No packages published

Languages

  • Python 84.6%
  • C 15.4%