tarlogicsecurity / chankro Goto Github PK
View Code? Open in Web Editor NEWHerramienta para evadir disable_functions y open_basedir
License: GNU General Public License v3.0
Herramienta para evadir disable_functions y open_basedir
License: GNU General Public License v3.0
Getting acpid.socket: Permission denied error upon launching the php file.
Good job and nice technique, but in a very restricted environment where mail() and putenv() are also in disabled_functions it may not work.
I am doing some further research if there is any function inside get_defined_functions() that also executes an execve() behind the scenes... or another method like transform chankro.so into ftp.so to trojanize ftp php functions if putenv(LD_PRELOAD) is available and is called before ftp_connect()...
We packaged Chankro into BlackArch but Chankro has an issue in the way it handle relative path either for the output dir or for loading the hook.
Your tool/software has been inventoried on Rawsec's CyberSecurity Inventory.
https://inventory.rawsec.ml/tools.html#Chankro
An inventory of tools and resources about CyberSecurity. This inventory aims to help people to find everything related to CyberSecurity.
More details about features here.
Note: the inventory is a FLOSS (Free, Libre and Open-Source Software) project.
Mainly because this is giving visibility to your tool, more and more people are using the Rawsec's CyberSecurity Inventory, this helps them find what they need.
The badge shows to your community that your are inventoried. This also shows you care about your project and want it growing, that your tool is not an abandonware.
Feel free to claim your badge here: http://inventory.rawsec.ml/features.html#badges, it looks like that , but there are several styles available.
If you want to thank us, you can help make the project better known by tweeting about it! For example:
That's all, this message is just to notify you if you care.
Since the preloadme(void) constructor function will execute the nested functions when the library is loaded, why is there the need to call mb_send_mail()?
Is it to seem more authentic or is there some thing I missed.
If it does execute the functions when it is loaded, what is the relevance of the mail function in PHP and sendmail binary?
Also is it possible to override the mb_send_mail() in the hook. So that when LD_PRELOAD is set, we can call it and get the arbitrary execution.
A declarative, efficient, and flexible JavaScript library for building user interfaces.
๐ Vue.js is a progressive, incrementally-adoptable JavaScript framework for building UI on the web.
TypeScript is a superset of JavaScript that compiles to clean JavaScript output.
An Open Source Machine Learning Framework for Everyone
The Web framework for perfectionists with deadlines.
A PHP framework for web artisans
Bring data to life with SVG, Canvas and HTML. ๐๐๐
JavaScript (JS) is a lightweight interpreted programming language with first-class functions.
Some thing interesting about web. New door for the world.
A server is a program made to process requests and deliver data to clients.
Machine learning is a way of modeling and interpreting data that allows a piece of software to respond intelligently.
Some thing interesting about visualization, use data art
Some thing interesting about game, make everyone happy.
We are working to build community through open source technology. NB: members must have two-factor auth.
Open source projects and samples from Microsoft.
Google โค๏ธ Open Source for everyone.
Alibaba Open Source for everyone
Data-Driven Documents codes.
China tencent open source team.