Herramienta para evadir disable_functions y open_basedir
Switch branches/tags
Nothing to show
Clone or download
Permalink
Failed to load latest commit information.
LICENSE Initial commit Mar 1, 2017
README.md Update README.md May 2, 2018
chankro.py Update chankro.py May 2, 2018
hook.c Add files via upload May 2, 2018
hook32.so Add files via upload May 2, 2018
hook64.so Add files via upload May 2, 2018

README.md

Chankro

Your favourite tool to bypass disable_functions and open_basedir in your pentests.

How it works

PHP in Linux calls a binary (sendmail) when the mail() function is executed. If we have putenv() allowed, we can set the enviroment variable "LD_PRELOAD", so we can preload an arbitrary shared object. Our shared object will execute our custom payload (a binary or a bash script) without the PHP restrictions, so we can have a reverse shell, for example.

Example:

The syntax is pretty straightforward:

python chankro.py --arch 64 --input rev.sh --output chan.php --path /var/www/html

Note: path is the absolute path where our .so will be dropped.