Skip to content

TarlogicSecurity/Chankro

master
Switch branches/tags

Name already in use

A tag already exists with the provided branch name. Many Git commands accept both tag and branch names, so creating this branch may cause unexpected behavior. Are you sure you want to create this branch?
1 branch 3 tags
Code

Latest commit

@TarlogicSecurity
TarlogicSecurity Merge pull request #6 from noraj/patch-1
7b6e844 May 31, 2019
Merge pull request #6 from noraj/patch-1 
readme: fix spell
7b6e844

Git stats

Files

Permalink
Failed to load latest commit information.
Type
Name
Latest commit message
Commit time
LICENSE
 
 
README.md
 
 
chankro.py
 
 
hook.c
 
 
hook32.so
 
 
hook64.so
 
 
Chankro How it works Example: Install Git BlackArch

README.md

Chankro

Your favourite tool to bypass disable_functions and open_basedir in your pentests.

How it works

PHP in Linux calls a binary (sendmail) when the mail() function is executed. If we have putenv() allowed, we can set the environment variable "LD_PRELOAD", so we can preload an arbitrary shared object. Our shared object will execute our custom payload (a binary or a bash script) without the PHP restrictions, so we can have a reverse shell, for example.

Example:

The syntax is pretty straightforward:

$ python2 chankro.py --arch 64 --input rev.sh --output chan.php --path /var/www/html

Note: path is the absolute path where our .so will be dropped.

Install

Git

$ git clone https://github.com/TarlogicSecurity/Chankro.git
$ cd Chankro
$ python2 chankro.py --help

BlackArch

# pacman -S chankro
$ chankro --help

About

Herramienta para evadir disable_functions y open_basedir

Resources

Readme

License

GPL-3.0 license

Stars

337 stars

Watchers

9 watching

Forks

77 forks
Report repository

Releases 3

Minor fixes Latest
May 21, 2019
+ 2 releases

Packages

No packages published

Contributors 2

  •  
  •  

Languages