tarlogicsecurity / chankro Goto Github PK

Since the preloadme(void) constructor function will execute the nested functions when the library is loaded, why is there the need to call mb_send_mail()?
Is it to seem more authentic or is there some thing I missed.
If it does execute the functions when it is loaded, what is the relevance of the mail function in PHP and sendmail binary?

Also is it possible to override the mb_send_mail() in the hook. So that when LD_PRELOAD is set, we can call it and get the arbitrary execution.

We packaged Chankro into BlackArch but Chankro has an issue in the way it handle relative path either for the output dir or for loading the hook.

see BlackArch/blackarch#2342

Your tool/software has been inventoried on Rawsec's CyberSecurity Inventory.

https://inventory.rawsec.ml/tools.html#Chankro

What is Rawsec's CyberSecurity Inventory?

An inventory of tools and resources about CyberSecurity. This inventory aims to help people to find everything related to CyberSecurity.

• Open source: Every information is available and up to date. If an information is missing or deprecated, you are invited to (help us).
• Practical: Content is categorized and table formatted, allowing to search, browse, sort and filter.
• Fast: Using static and client side technologies resulting in fast browsing.
• Rich tables: search, sort, browse, filter, clear
• Fancy informational popups
• Badges / Shields
• Static API
• Twitter bot

More details about features here.

Note: the inventory is a FLOSS (Free, Libre and Open-Source Software) project.

Why?

• Specialized websites: Some websites are referencing tools but additional information is not available or browsable. Make additional searches take time.
• Curated lists: Curated lists are not very exhaustive, up to date or browsable and are very topic related.
• Search engines: Search engines sometimes does find nothing, some tools or resources are too unknown or non-referenced. These is where crowdsourcing is better than robots.

Why should you care about being inventoried?

Mainly because this is giving visibility to your tool, more and more people are using the Rawsec's CyberSecurity Inventory, this helps them find what they need.

Badges

The badge shows to your community that your are inventoried. This also shows you care about your project and want it growing, that your tool is not an abandonware.

Feel free to claim your badge here: http://inventory.rawsec.ml/features.html#badges, it looks like that , but there are several styles available.

Want to thank us?

If you want to thank us, you can help make the project better known by tweeting about it! For example:

So what?

That's all, this message is just to notify you if you care.

Getting acpid.socket: Permission denied error upon launching the php file.

Good job and nice technique, but in a very restricted environment where mail() and putenv() are also in disabled_functions it may not work.

I am doing some further research if there is any function inside get_defined_functions() that also executes an execve() behind the scenes... or another method like transform chankro.so into ftp.so to trojanize ftp php functions if putenv(LD_PRELOAD) is available and is called before ftp_connect()...