Download Karkinos.
Disclaimer
Use this tool to make penetration tests or any hacking CTF's more beginner-friendly. This tool should be used on applications/networks that you have permission to attack only. Any misuse or damage caused will be solely the users’ responsibility.
Dependencies
- Any server capable of hosting PHP
- Tested with PHP 7.4.9
- Tested with Python 3.8
Make sure it is in your path as:
Windows: python
Linux: python3
If it is not, please change the commands in includes/pid.php.
- Pip3
- Raspberry Pi Zero friendly :) (crack hashes at your own risk)
Installing
This installation guide assumes you have all the dependencies. A Wiki page with troubleshooting steps can be found here.
Linux/BSD
A video going through these steps can be found here
git clone https://github.com/helich0pper/Karkinos.gitcd Karkinospip3 install -r requirements.txtcd wordlists && unzip passlist.zip
You can also unzip it manually using file explorer. Just make sure passlist.txt is in wordlists directory.Make sure you have write privileges for db/main.db- Enable
extension=sqlite3 in your php.ini file. You will also need to install it using sudo apt-get install php7.0-sqlite3. Replace “7.0” with your PHP version! php --version
Note: MySQLi is used to store statistics such as the total number of cracked hashes.
- Thats it! Now just host it using your preferred web server that supports multithreading eg. Apache Server or Nginx.
Warning: Using the built in web server php -S 127.0.0.1:8888 in the Karkinos directory uses a single thread. You will only be able to use 1 module at a time! (it may stall until the task is complete)
Important: using port 5555, 5556, or 5557 will conflict with the Modules
If you insist on using these ports, change the PORT value in:
/bin/Server/app.py Line 87/bin/Busting/app.py Line 155/bin/PortScan/app.py Line 128
Windows
git clone https://github.com/helich0pper/Karkinos.gitcd Karkinospip3 install -r requirements.txtcd wordlists && unzip passlist.zip
You can also unzip it manually using file explorer. Just make sure passlist.txt is in wordlists directory.Make sure you have write privileges for db/main.db- Enable
extension=php_sqlite3.dll in your php.ini file. Refer to the installation page here.
Note: MySQLi is used to store statistics such as the total number of cracked hashes.
- Thats it! Now just host it using your preferred web server that supports multithreading eg. Apache Server or Nginx.
Warning: Using the built in web server php -S 127.0.0.1:8888 in the Karkinos directory uses a single thread. You will not be able to multitask modules! (it may stall until the task is complete)
Important: using port 5555, 5556, or 5557 will conflict with the Modules
If you insist on using these ports, change the PORT value in:
/bin/Server/app.py Line 87/bin/Busting/app.py Line 155/bin/PortScan/app.py Line 128
Linux Troubleshooting
Contact me if you are still facing issues. I will frequently update this post if any new bugs/issues are reported.
Statistics not displaying or returning an SQLite error
- Make sure the database exists as
Karkinos/db/main.db
- Add
extension=mysqli to the end of your php.ini file. Learn more.
- Check your PHP version using
php --version.
Then install SQLite with apt-get install php7.4-sqlite (replace “7.4” with your version). Learn more.
- Restart your web server after any change.
Hash cracking not completing
It may take a bit longer for lower-end systems to crack a hash. If you believe it is indeed stuck, try the following:
- Make sure the wordlist is unpacked. Navigate to
Karkinos/wordlists/ and unzip passlist.zip.
- Make sure you have write privileges for
Karkinos/db/main.db
Valid hash is “unknown”
- Make sure the password list you are cracking with has read permissions enabled for the web server.
Default wordlist location: Karkinos/wordlists/passlist.txt.
Modules not starting
- Verify you have Python 3 installed. Run
apt-get install python3 in your terminal to install it.
- Verify the commands in
Karkinos/includes/pid.php are in your systems PATH.
- Install the requirements in the
Karkinos/requirements.txt file.
Use: pip3 install -r requirements.txt.
Windows Troubleshooting
Contact me if you are still facing issues. I will frequently update this post if any new bugs/issues are reported.
Statistics not displaying or returning an SQLite error
- Make sure the database exists as
Karkinos/db/main.db
- Add
extension=php_sqlite3.dll to the end of your php.ini file. Learn more.
- Restart your web server after any change.
Modules not starting
- Verify you have Python 3 installed. Download it here.
- Add Python to your path as
python (select the option when installing). Learn more.
Hash cracking not completing
It may take a bit longer for lower-end systems to crack a hash. If you believe it is indeed stuck, try the following:
- Make sure the wordlist is unpacked. Navigate to
Karkinos/wordlists/ and unzip passlist.zip.
- Make sure you have write privileges for
Karkinos/db/main.db
Valid hash is “unknown”
- Make sure the password list you are cracking with has read permissions enabled for the web server.
Default wordlist location: Karkinos/wordlists/passlist.txt.
Usage
A full description of the available features and demo is available here.
If you are having trouble, see troubleshooting for Linux / Windows above.