The Latest

Karkinos- Light Weight ‘Swiss Army Knife’ For Penetration Testing

byPriyanshu Sahay
December 10, 2020
2 minute read
Karkinos
Karkinos
Total
0
Shares
0
0
0
0
0

Karkinos is a light-weight ‘Swiss Army Knife’ for penetration testing and/or hacking CTF’s.

Currently Karkinos offers the following:

  • Encoding/Decoding characters
  • Encrypting/Decrypting text or files
  • Reverse shell handling
  • Cracking and generating hashes

Dependencies

  • Any server capable of hosting PHP; tested with Apache Server
  • Tested with PHP 7.4.9
  • Python3
    Make sure it is in your path as:
    Windows: python
    Linux: python3
    If it is not, please change the commands in includes/pid.php
  • pip3
  • Raspberry Pi Zero friendly (crack hashes at your own risk).

Installing

This installation guide assumes you have all the dependencies.

Linux/BSD

  1. git clone https://github.com/helich0pper/Karkinos.git
  2. cd Karkinos
  3. pip3 install -r requirements.txt
  4. cd wordlists && tar -xf passlist.zip You can also unzip it manually using file explorer if tar is not installed. Just make sure passlist.txt is in wordlists directory.
  5. Add extension=php_sqlite3.dll to your php.ini file.
    If you don’t know where to find this, refer to the PHP docs.
  6. Thats it! Now just host it using your preferred web server or run: php -S 127.0.0.1:8888 in the Karkinos directory.
    Important: using port 5555 will conflict with the reverse shell handler server
    If you insist on using port 5555, change the reverse shell handler server PORT value in /bin/Server/app.py Line 87

Windows

  1. git clone https://github.com/helich0pper/Karkinos.git
  2. cd Karkinos
  3. pip3 install -r requirements.txt
  4. cd wordlists && tar -xf passlist.zip
    You can also unzip it manually using file explorer if tar is not installed. Just make sure passlist.txt is in wordlists directory.
  5. Add extension=php_sqlite3.dll to your php.ini file.
    If you don’t know where to find this, refer to the PHP docs.
  6. Thats it! Now just host it using your preferred web server or run: php -S 127.0.0.1:8888 in the Karkinos directory.
    Important: using port 5555 will conflict with the reverse shell handler server
    If you insist on using port 5555, change the reverse shell handler server PORT value in /bin/Server/app.py Line 87

Encoding/Decoding

This page allows you to encode/decode in common formats (more may be added soon)

Karkinos encode
Karkinos encode

Encrypt/Decrypt

Encrypting and decrypting text or files is made easy and is fully trusted since it is done locally.

Karkinos encrypt
Karkinos encrypt

Reverse Shell Handling

Reverse shells can be captured and interacted with on this page.

Create a listener instance

Karkinos Reverse
Karkinos Reverse

Configure the listener

Karkinos Reverse Output
Karkinos Reverse Output

Start the listener and capture a shell

Karkinose Reverse Output Result
Karkinose Reverse Output Result

Full reverse shell handling demo:

Generating Hashes

Karkinos can generate commonly used hashes such as:

  • MD5
  • SHA1
  • SHA256
  • SHA512

Cracking Hashes

Karkinos offers the option to simultaneously crack hashes using a built-in wordlist consisting of over 15 million common and breached passwords. This list can easily be modified and/or completely replaced.

Disclaimer

By using Karkinos suite to make penetration tests or any hacking CTF’s more efficient. It should be used on applications that you have permission to attack only. Any misuse or damage caused will be solely the users’ responsibility.

Download Karkinos

Join Our Club

Enter your Email address to receive notifications | Join over Million Followers

Previous Article
Security Coding

What To Do if Your Identity Has Been Stolen

byChandrakant Patil
December 9, 2020
3 minute read
Next Article
Google Services Down

Google Services Including Gmail And YouTube Were Down

byPriyanshu Sahay
December 14, 2020
1 minute read
Related Posts
Total
0
Share
0
0
0
0
0
0