Skip to content

Commit

Permalink
Update README.md
Browse files Browse the repository at this point in the history
  • Loading branch information
@TarlogicSecurity
TarlogicSecurity authored May 2, 2018
1 parent dfd1f0d commit b560921
Showing 1 changed file with 11 additions and 3 deletions.
14 changes: 11 additions & 3 deletions README.md
View file
Original file line number Diff line number Diff line change
@@ -1,6 +1,14 @@
# Chankro
Herramienta para evadir disable_functions y open_basedir. Permite generar un PHP que ejecutará un binario o script que se le pase como input.
Your favourite tool to bypass __disable_functions__ and __open_basedir__ in your pentests.

Ejemplo:
## How it works
PHP in Linux calls a binary (sendmail) when the mail() function is executed. If we have putenv() allowed, we can set the enviroment variable "LD_PRELOAD", so we can preload an arbitrary shared object. Our shared object will execute our custom payload (a binary or a bash script) without the PHP restrictions, so we can have a reverse shell, for example.

## Example:

The syntax is pretty straightforward:

`python chankro.py --arch 64 --input rev.sh --output chan.php --path /var/www/html`

Note: path is the absolute path where our .so will be dropped.

python chankro.py --arch 64 --input rev.sh --output chan.php --path /var/www/html

0 comments on commit b560921

Please sign in to comment.