SkillAgentSearch skills...

Chankro

Herramienta para evadir disable_functions y open_basedir

GenerateConvertImprove

Install / Use

/learn @TarlogicSecurity/Chankro
About this skill

Quality Score

0/100

Supported Platforms

Universal

README

Chankro

Your favourite tool to bypass disable_functions and open_basedir in your pentests.

How it works

PHP in Linux calls a binary (sendmail) when the mail() function is executed. If we have putenv() allowed, we can set the environment variable "LD_PRELOAD", so we can preload an arbitrary shared object. Our shared object will execute our custom payload (a binary or a bash script) without the PHP restrictions, so we can have a reverse shell, for example.

Example:

The syntax is pretty straightforward:

$ python2 chankro.py --arch 64 --input rev.sh --output chan.php --path /var/www/html

Note: path is the absolute path where our .so will be dropped.

Install

Git

$ git clone https://github.com/TarlogicSecurity/Chankro.git
$ cd Chankro
$ python2 chankro.py --help

BlackArch

# pacman -S chankro
$ chankro --help

TarlogicSecurity

View profile

View on GitHub
GitHub Stars487
CategoryDevelopment
Updated1mo ago
Forks101
TarlogicSecurity/Chankro

Languages

Python

Security Score

95/100

Audited on Mar 11, 2026

No findings