Skip to content

Commit

Permalink
Merge pull request #5 from noraj/patch-2
Browse files Browse the repository at this point in the history 
add install steps
  • Loading branch information
@TarlogicSecurity
TarlogicSecurity authored May 20, 2019
2 parents 9c76b63 + 49b79b7 commit 2076e9f
Showing 1 changed file with 21 additions and 1 deletion.
22 changes: 21 additions & 1 deletion README.md
View file
Original file line number Diff line number Diff line change
@@ -1,14 +1,34 @@
# Chankro

Your favourite tool to bypass __disable_functions__ and __open_basedir__ in your pentests.

## How it works

PHP in Linux calls a binary (sendmail) when the mail() function is executed. If we have putenv() allowed, we can set the enviroment variable "LD_PRELOAD", so we can preload an arbitrary shared object. Our shared object will execute our custom payload (a binary or a bash script) without the PHP restrictions, so we can have a reverse shell, for example.

## Example:

The syntax is pretty straightforward:

`python chankro.py --arch 64 --input rev.sh --output chan.php --path /var/www/html`
```
$ python2 chankro.py --arch 64 --input rev.sh --output chan.php --path /var/www/html
```

Note: path is the absolute path where our .so will be dropped.

## Install

### Git

```
$ git clone https://github.com/TarlogicSecurity/Chankro.git
$ cd Chankro
$ python2 chankro.py --help
```

### [BlackArch](https://blackarch.org/)

```
# pacman -S chankro
$ chankro --help
```

0 comments on commit 2076e9f

Please sign in to comment.