Karkinos – Penetration Testing and Hacking CTF’s Swiss Army Knife
What is Karkinos?
Karkinos is a gentle-bodyweight ‘Swiss Army Knife’ for penetration screening and/or hacking CTF’s. At present, Karkinos delivers the next:
- Encoding/Decoding figures
- Encrypting/Decrypting textual content or data files
- Reverse shell managing
- Cracking and making hashes
Disclaimer
Use this instrument to make penetration assessments or any hacking CTF’s extra successful. This tool should be made use of on applications that you have authorization to attack only. Any misuse or hurt brought on will be solely the users’ responsibility. Remember to look at the known bugs and troubles at the base ahead of installation.
A Wiki web page for troubleshooting is coming incredibly soon.
Extra: https://github.com/helich0pper/Karkinos
Dependencies
- Any server able of web hosting PHP tested with Apache Server
- Tested with PHP 7.4.9
- Python3
Make guaranteed it is in your path as:
Windows:python
Linux:python3
If it is not, be sure to adjust the instructions inconsists of/pid.php - pip3
- Raspberry Pi Zero welcoming 🙂 (crack hashes at your individual threat)
Setting up
This installation guide assumes you have all the dependencies.
Linux/BSD
git clone https://github.com/helich0pper/Karkinos.gitcd Karkinospip3 set up -r specifications.txtcd wordlists && tar -xf passlist.zipYou can also unzip it manually utilizing file explorer if tar is not installed. Just make certain passlist.txt is in wordlists directory.- Add
extension=php_sqlite3.dllto your php.ini file.
If you never know wherever to uncover this, refer to the PHP docs. - Which is it! Now just host it using your chosen website server or operate:
php -S 127...1:8888in the Karkinos directory.
Significant: applying port 5555 will conflict with the reverse shell handler server
If you insist on working with port 5555, adjust the reverse shell handler serverPORTprice in/bin/Server/app.py Line 87
Home windows
git clone https://github.com/helich0pper/Karkinos.gitcd Karkinospip3 set up -r necessities.txtcd wordlists && tar -xf passlist.zip
You can also unzip it manually using file explorer if tar is not set up. Just make absolutely sure passlist.txt is in the wordlists directory.- Add
extension=php_sqlite3.dllto your php.ini file.
If you will not know in which to come across this, refer to the PHP docs. - Which is it! Now just host it working with your desired world-wide-web server or operate:
php -S 127...1:8888in the Karkinos directory.
Crucial: making use of port 5555 will conflict with the reverse shell handler server
If you insist on working with port 5555, adjust the reverse shell handler serverPORTvalue in/bin/Server/app.py Line 87
Demo
House Menu
Landing web page and speedy accessibility menu.
Person stats are exhibited in this article. At this time, the stats recorded are only the whole hashes and hash kinds cracked productively.
Encoding/Decoding
This website page makes it possible for you to encode/decode in frequent formats (much more could be extra soon)
Encrypt/Decrypt
Encrypting and decrypting text or documents is made straightforward and is totally trustworthy since it is carried out regionally.
Reverse Shell Managing
Reverse shells can be captured and interacted with on this site.
Produce a listener instance
Configure the listener
Get started the listener and capture a shell
Creating Hashes
Karkinos can deliver frequently made use of hashes these types of as:
- MD5
- SHA1
- SHA256
- SHA512
Cracking Hashes
Karkinos provides the solution to at the same time crack hashes working with a created-in wordlist consisting of around 15 million popular and breached passwords. This listing can effortlessly be modified and/or totally replaced.
Foreseeable future Operate
Pull requests and bug reviews are often appreciated.
Beneath are recognized bugs and problems:
- Reverse shell managing server code is at present getting reworked but it works great
Locate me on
The put up Karkinos – Penetration Screening and Hacking CTF's Swiss Army Knife appeared initially on Hakin9 – IT Safety Journal.
