Skip to content
/ chankro-py3 Public
forked from TarlogicSecurity/Chankro

(Python 3) Tool to bypass disable_functions and open_basedir

License

GPL-3.0 license
3 stars 85 forks Branches Tags Activity
Star
Notifications You must be signed in to change notification settings

kriss-u/chankro-py3

BranchesTags
 
 

Folders and files

NameName
Last commit message
Last commit date

Latest commit

 

History

25 Commits
.vscode
.vscode
 
 
LICENSE
LICENSE
 
 
README.md
README.md
 
 
chankro.py
chankro.py
 
 
hook.c
hook.c
 
 
hook32.so
hook32.so
 
 
hook64.so
hook64.so
 
 
rev.sh
rev.sh
 
 
shell.phtml
shell.phtml
 
 

Repository files navigation

What's in this fork?

This fork intends to upgrade the Python2 version of Chankro to Python3

Chankro

Your favourite tool to bypass disable_functions and open_basedir in your pentests.

How it works

PHP in Linux calls a binary (sendmail) when the mail() function is executed. If we have putenv() allowed, we can set the environment variable "LD_PRELOAD", so we can preload an arbitrary shared object. Our shared object will execute our custom payload (a binary or a bash script) without the PHP restrictions, so we can have a reverse shell, for example.

Example:

The syntax is pretty straightforward:

$ python3 chankro.py --arch 64 --input rev.sh --output shell.phtml --path /var/www/html

Note: path is the absolute path where our .so will be dropped.

Install

git clone https://github.com/kriss-u/chankro-py3.git
cd chankro-py3
python3 chankro.py --help

About

(Python 3) Tool to bypass disable_functions and open_basedir

Resources

Readme

License

GPL-3.0 license
Activity

Stars

3 stars

Watchers

0 watching

Forks

0 forks
Report repository

Releases

3 tags

Packages

No packages published

Languages

  • HTML 79.6%
  • Python 17.2%
  • C 2.9%
  • Shell 0.3%