0
  • Home
  • Blog
  • Karkinos - Penetration Testing and Hacking CTF's Swiss Army Knife

Karkinos - Penetration Testing and Hacking CTF's Swiss Army Knife

(2,340 views)

What is Karkinos?

Karkinos is a light-weight 'Swiss Army Knife' for penetration testing and/or hacking CTF's. Currently, Karkinos offers the following:

  • Encoding/Decoding characters
  • Encrypting/Decrypting text or files
  • 3 Modules
  • Cracking and generating hashes

Disclaimer

This tool should be used on applications/networks that you have permission to attack only. Any misuse or damage caused will be solely the users’ responsibility.

More: https://github.com/helich0pper/Karkinos

Dependencies

  • Any server capable of hosting PHP; tested with Apache Server
  • Tested with PHP 7.4.9
  • Tested with Python 3.8
    Make sure it is in your path as:
    Windows: python
    Linux: python3
    If it is not, please change the commands in includes/pid.php
  • pip3
  • Raspberry Pi Zero friendly :) (crack hashes at your own risk)

Installing

This installation guide assumes you have all the dependencies. A Wiki page with troubleshooting steps can be found here.

Linux/BSD

  1. git clone https://github.com/helich0pper/Karkinos.git
  2. cd Karkinos
  3. pip3 install -r requirements.txt
  4. cd wordlists && unzip passlist.zip You can also unzip it manually using file explorer. Just make sure passlist.txt is in wordlists directory.
  5. Make sure you have write privileges for db/main.db
  6. Enable extension=mysqli in your php.ini file.
    If you don't know where to find this, refer to the PHP docs. Note: MySQLi is only used to store statistics.
  7. Thats it! Now just host it using your preferred web server or run: php -S 127.0.0.1:8888 in the Karkinos directory.Important: using port 5555, 5556, or 5557 will conflict with the Modules
    If you insist on using these ports, change the PORT value in:
    • /bin/Server/app.py Line 87
    • /bin/Busting/app.py Line 155
    • /bin/PortScan/app.py Line 128

Windows

  1. git clone https://github.com/helich0pper/Karkinos.git
  2. cd Karkinos
  3. pip3 install -r requirements.txt
  4. cd wordlists && unzip passlist.zip
    You can also unzip it manually using file explorer. Just make sure passlist.txt is in wordlists directory.
  5. Make sure you have write privileges for db/main.db
  6. Enable extension=mysqli.dll in your php.ini file.
    If you don't know where to find this, refer to the PHP docs. Note: MySQLi is only used to store statistics
  7. Thats it! Now just host it using your preferred web server or run: php -S 127.0.0.1:8888 in the Karkinos directory.Important: using port 5555, 5556, or 5557 will conflict with the Modules
    If you insist on using these ports, change the PORT value in:
  • /bin/Server/app.py Line 87
  • /bin/Busting/app.py Line 155
  • /bin/PortScan/app.py Line 128

Home Menu

Landing page and quick access menu.

User stats are displayed here. Currently, the stats recorded are only the total hashes and hash types cracked successfully.

Encoding/Decoding

This page allows you to encode/decode in common formats (more may be added soon)

Encrypt/Decrypt

Encrypting and decrypting text or files is made easy and is fully trusted since it is done locally.

Reverse Shell Handling

Reverse shells can be captured and interacted with on this page.

Create a listener instance

Configure the listener

Start the listener and capture a shell

Full reverse shell handling demo:

Directory and File Busting

Create an instance

Configure it

Start scanning

Full Directory and File Busting demo:

Port Scanning

Launch the scanner

Configure it

Start scanning

Full Port Scanning Demo:

Generating Hashes

Karkinos can generate commonly used hashes such as:

  • MD5
  • SHA1
  • SHA256
  • SHA512

Cracking Hashes

Karkinos offers the option to simultaneously crack hashes using a built-in wordlist consisting of over 15 million common and breached passwords. This list can easily be modified and/or completely replaced.

Future Work

Pull requests and bug reports are always appreciated.
Below are features to be added/fixed:

  • Creating a Wiki page to help customize Karkinos or troubleshoot common issues

Find me on

Twitter

March 16, 2022
Subscribe
Notify of
guest
3 Comments
Newest
Oldest Most Voted
Inline Feedbacks
View all comments
Charles Charles
6 months ago

A very big thanks to kelvinethicalhacker at gmail com for the great the work you done for me, i got the email address on the net web when i needed to hack my husband cell phone he helped me within few hours with whatsApp hacking and GPS location tracking direct from my person phone i know how my husband walks, thanks for the helped you do for me for every grateful for your helped, you can contact him through gmail via kelvinethicalhacker at gmail.com or Telegram, calls, text, number +1(341)465-4599, if you are in needed of hacking services, contact him..

0
Reply
Charles Charles
7 months ago

It was a few days ago when I discovered my spouse was hiding a lot of things from me and I needed to gain access to the device, I went on Google and saw (kelvinethicalhacker at gmail.com). and it was a great experience, I got access and saw everything my partner was hiding. This life is just amazing.

0
Reply
Lizzy Agnes
Lizzy Agnes
8 months ago

A great hacker is really worthy of good recommendation , Henry
really help to get all the evidence i needed against my husband and
and i was able to confront him with this details from this great hacker
to get an amazing service done with the help ,he is good with what he does and the charges are affordable, I think all I owe him is publicity for a great work done via, Henryclarkethicalhacker at gmail com, and you can text, call him on whatsapp him on +12014305865, or +17736092741, 

0
Reply
Get unlimited access

Become an Instructor

Become a Reviewer

Writing on Hakin9

LOOKING for a JOB in IT security?



© HAKIN9 MEDIA SP. Z O.O. SP. K. 2023
What certifications or qualifications do you hold?
Max. file size: 150 MB.
Please review your information and consent to the processing of your personal data.(Required)
What level of experience should the ideal candidate have?
What certifications or qualifications are preferred?
Please review your information and consent to the processing of your personal data.(Required)

Download Free eBook

Step 1 of 4

Name(Required)

We’re committed to your privacy. Hakin9 uses the information you provide to us to contact you about our relevant content, products, and services. You may unsubscribe from these communications at any time. For more information, check out our Privacy Policy.