Shulou(Shulou.com)05/31 Report--

This article mainly introduces what Karkinos is, which has certain reference value. Interested friends can refer to it. I hope you will gain a lot after reading this article. Let Xiaobian take you to understand it together.

Karkinos

Karkinos is a Swiss military dao for CTF and penetration testing that supports reverse Shell processing, data encoding/decoding, data encryption/decryption, and hash cracking. This tool can help researchers make penetration testing or CTF more efficient, and should only be used for applications that you have access to. Any misuse or damage is the responsibility of the user.

Karkinos is a lightweight cybersecurity "Swiss Army Dao" designed for penetration testing and CTF, the current version of Karkinos supports the following features:

encode/decode character

Encrypt/decrypt text or files

Reverse Shell Processing

Crack and generate hashes

dependent components

Any server that supports hosting PHP websites has been tested on Apache servers;

The test environment is PHP v7.4.9;

Python 3 (make sure the path is python under Windows and python3 under Linux);

pip3

Support for Raspberry Pi;

The latest features introduce the concept of modules

All functional modules are now stored in one place for better organization and access:

new module

Directory and File Attack Demo:

Video address: https://www.tube.com/embed/cS9j9FXs6bE? modestbranding=1

Tools Installation Linux/BSD Installation

First, run the following command to download, install, and configure Karkinos and install dependent components:

git clone https://github.com/helich0pper/Karkinos.git cd Karkinos pip3 install -r requirements.txt cd wordlists && tar -xf passlist.zip

If tar is not installed, we can also manually extract the file using Explorer, just make sure that the passlist.txt file exists in the wordlists directory.

Next, add the following to the php.ini file:

extension=php_sqlite3.dll

Then store the project source code in the directory of the website server for site hosting, or run the following command in the Karkinos directory:

php -S 127.0.0.1:8888

Note that port 5555 should never be used because it conflicts with reverse Shell processing servers.

Note that port 5556 should never be used because it conflicts with directory and file attack servers.

Windows installation

First, run the following command to download, install, and configure Karkinos and install dependent components:

git clone https://github.com/helich0pper/Karkinos.git cd Karkinos pip3 install -r requirements.txt cd wordlists && tar -xf passlist.zip

If tar is not installed, we can also manually extract the file using Explorer, just make sure that the passlist.txt file exists in the wordlists directory.

Next, add the following to the php.ini file:

extension=php_sqlite3.dll

Then store the project source code in the directory of the website server for site hosting, or run the following command in the Karkinos directory:

php -S 127.0.0.1:8888

Note that port 5555 should never be used because it conflicts with reverse Shell processing servers.

Tools Demo Main Menu

Tools Landing Page and Quick Access Menu:

User statistics are shown here. Currently, the statistics recorded are only the total number of hashes and hash types successfully cracked:

encoding/decoding

This page allows us to encode/decode common data formats:

encryption/decryption

With the help of this tool, encryption and decryption of text and files are very simple, and the operation is all done locally:

functional modules

We can add our own functional modules:

Reverse Shell Processing

We can capture and interact with reverse shells in a single page.

Create a listener instance:

Configure Listeners:

Turn on the listener and capture the reverse Shell:

Complete Reverse Shell Processing Demo:

Video address: https://www.tube.com/embed/zriDUmHimXE? modestbranding=1

Directory and file attacks

Create an instance:

Configuration Example:

Start scanning:

Complete Directory and File Attack Demo:

Video address: https://www.tube.com/embed/cS9j9FXs6bE? modestbranding=1

generate a hash

Karkinos can generate common hashes, such as:

MD5

SHA1

SHA256

SHA512

hash cracking

Karkinos offers an option to crack hashes simultaneously using a built-in word list of more than 15 million common passwords and cracked passwords. This list can be easily modified and/or completely replaced.

Thank you for reading this article carefully. I hope that the article "What is Karkinos" shared by Xiaobian will be helpful to everyone. At the same time, I hope that everyone will support you a lot and pay attention to the industry information channel. More relevant knowledge is waiting for you to learn!

Welcome to subscribe "Shulou Technology Information " to get latest news, interesting things and hot topics in the IT industry, and controls the hottest and latest Internet news, technology news and IT industry trends.