Hack The Box Pwnbox
Jul 31, 2020
Back in May 27th 2020, we released Pwnbox. Pwnbox is a completely browser accessible virtual hacking distro including everything a hacker’s operating system should have. Based on Parrot OS and with a Hack The Box look and feel, Pwnbox has (pre-installed) all the tools and lists needed to hack any HTB Lab, from Machines to Challenges and from Endgames to Pro Labs.
Pwnbox was created by ch4p as part of his vision to help the community practise their hacking skills and play HTB from any place of the world. If you do not have the best computer to host your own hacking VM, or you are not experienced yet with OS customization, or you do not have access to a computer with your tools, Pwnbox is the answer.
After a lot of thought and OS design in mid April 2020, the first version of Pwnbox was almost ready but not released yet. First, we did a competition on Discord to find from our community the best ASCII Art of our logo so we can add it in our customized terminal. Once we had the winning design, Pwnbox access became available in closed beta (end of April). At this stage, only Discord Admins and Moderators were able to beta test it, propose tools and find any security issues or bugs Pwnbox might have. After two weeks of closed beta, we fixed all issues found, installed all tools suggested and were ready for the first public beta release (mid May).
We created a channel on Discord and announced Pwnbox. Everybody was welcome to try Pwnbox, test it as much as possible, submit bugs and suggest new tools to add. And the community did! That was two fun weeks! More than 5K HTB users tried Pwnbox, submitted issues and proposed features and tools to make this OS as awesome as possible. We gathered all the feedback, we patched and Pwnbox was ready for the public eye on May 27th. Thank you all for the effort and being in the Pwnbox creation journey with us!
What Is Pwnbox
Pwnbox is a customized hacking cloud box that helps you hack all Hack The Box content directly from your browser, anytime, anywhere. The only thing you need is to have an account on Hack The Box. After that, the possibilities are endless.
- All VIP users have 24h Pwnbox monthly access
- Parrot OS with HTB customization
- Easier than ever to switch VPN server*
- SSH access
- All must-have hacking tools pre-installed. Here are some of them: Burp, FoxyProxy, Wappalyzer, gobuster, dirb, dirbuster, SecLists, PayloadAllTheThings, LinuxPrivChecker, LinPeas, Sublime, Powershell Terminal, BloodHound, and the list goes on.
- Data storage and auto-back up via my_data folder on user’s Desktop
- Personalize Pwnbox by customising user_init script
- Internet access to install/download anything additional to your Pwnbox
- Spectator Link to share with your peers or students so they can watch you as you pwn
*As of now, the VPN switch between the rest HTB Labs (Starting Point/Pro Labs/Endgames/Fortresses) is only available in the old HTB platform. This feature will be released soon in the new HTB platform once those Labs roll-out in the new interface.
Why Players Love Pwnbox
- Play Hack The Box from any place, any time
- No more VM troubleshooting
- No more VPN troubleshooting
- A hacking OS browser-accessible 24/7
- Hacking tools/lists pre-installed (especially for beginners)
- Easier than ever to play all HTB Labs
Users Spreading The Word About Pwnbox
Now I’ve gotta say it’s pretty cool, I’ve tested it couple times now, works like a charm! Would recommend trying it, also you hack from you phone now ! pic.twitter.com/mnce1xgU0k— Kr0ff (@CptXrat) May 27, 2020
Love it. Just used it to own traceback in just over an hour. Very responsive. Good work. pic.twitter.com/XvDzV39gLN— KPAX (@whipped) May 27, 2020
Who & When (Use Cases)
- Beginners in Cyber Security: If you don’t know which tools you need yet or how to set up a hacking VM/OS, this is the answer on how to start your hacking journey.
- Holidays or AFK: Are you on holidays or away from your Hacking VM of choice but you still want to climb the scoreboard? We’ve got you covered!
- Slow device/laptop or with low capabilities: Your PC doesn’t have the capabilities to run a hacking VM or is broken? Pwnbox to the rescue!
- Work device/laptop: Your current work laptop has policy restrictions and virtualization is disabled? Hack HTB labs from your browser!
How To Get Started
- Go to Connection Settings
- Click on “Pwnbox”
- Pick your Pwnbox location (where to spawn your instance in)
- Select VPN access region
- Select VPN server
- Click on “START PWNBOX”
- All useful wordlists are installed in the folder on the user's Desktop “Useful Repos”.
- Wordlist “rockyou” is already unzipped in the SecLists folder.
- If you want to copy/download anything from Pwnbox to your local system you can use scp command.
- If you want others to watch you pwn, use/share the Spectator Link.
- The 24 hour reset is performed at the start of the month and the hours left from the previous month are not transferred to the next month.
- Apply any customization you prefer on boot using the user_init script located in my_data folder on user’s desktop.
- Save all files you want to be recovered in my_data folder.
PS 1: If you have any pro tips of your own or any feedback/idea/suggestion to make Pwnbox better, please share your thoughts in the Pwnbox Discord Channel.
PS 2: For more details make sure you check out our Knowledge Base article about Pwnbox.
That’s all from us! Hope you love it as much as we do, try it out and help you in your everyday hacking routine. More news and features to be added soon.
Hack The Box Team