help.hackthebox.com
Open in
urlscan Pro
2606:4700::6812:147e
Public Scan
URL:
https://help.hackthebox.com/en/articles/5185608-introduction-to-pwnbox
Submission: On August 02 via api from US — Scanned from US
Submission: On August 02 via api from US — Scanned from US
Form analysis 1 forms found in the DOM
/en/
<form action="/en/" autocomplete="off">
<div class="flex w-full flex-col items-start">
<div class="relative flex w-full sm:w-search-bar"><input type="text" autocomplete="off"
class="peer w-full rounded-search-bar border border-black-alpha-8 bg-white-alpha-20 p-4 ps-12 font-secondary text-lg text-header-color shadow-search-bar outline-none transition ease-linear placeholder:text-header-color hover:bg-white-alpha-27 hover:shadow-search-bar-hover focus:border-transparent focus:bg-white focus:text-black-10 focus:shadow-search-bar-focused placeholder:focus:text-black-45"
placeholder="Search for articles..." name="q" value="">
<div class="pointer-events-none absolute inset-y-0 start-0 flex items-center fill-header-color ps-5 peer-focus-visible:fill-black-45"><svg width="22" height="21" viewBox="0 0 22 21" xmlns="http://www.w3.org/2000/svg" class="fill-inherit"
aria-hidden="true">
<path fill-rule="evenodd" clip-rule="evenodd"
d="M3.27485 8.7001C3.27485 5.42781 5.92757 2.7751 9.19985 2.7751C12.4721 2.7751 15.1249 5.42781 15.1249 8.7001C15.1249 11.9724 12.4721 14.6251 9.19985 14.6251C5.92757 14.6251 3.27485 11.9724 3.27485 8.7001ZM9.19985 0.225098C4.51924 0.225098 0.724854 4.01948 0.724854 8.7001C0.724854 13.3807 4.51924 17.1751 9.19985 17.1751C11.0802 17.1751 12.8176 16.5627 14.2234 15.5265L19.0981 20.4013C19.5961 20.8992 20.4033 20.8992 20.9013 20.4013C21.3992 19.9033 21.3992 19.0961 20.9013 18.5981L16.0264 13.7233C17.0625 12.3176 17.6749 10.5804 17.6749 8.7001C17.6749 4.01948 13.8805 0.225098 9.19985 0.225098Z">
</path>
</svg></div>
</div>
</div>
</form>Text Content
Skip to main content Hack The Box Platform العربيةPortuguês do BrasilEnglishFrançaisΕλληνικάहिंदी日本語한국어Español繁體中文; English Hack The Box Platform العربيةPortuguês do BrasilEnglishFrançaisΕλληνικάहिंदी日本語한국어Español繁體中文; English Table of contents Accessing Pwnbox Initializing Pwnbox Terminating Active Instances Passwords and Spectators Using Pwnbox Tips and Tricks Terminating Pwnbox Pwnbox Limitations All Collections HTB Labs - Community Platform Getting Started Introduction to Pwnbox Introduction to Pwnbox What is Pwnbox? How does it work? Read about it here. Written by Ryan Gordon Updated over a week ago Table of contents Accessing Pwnbox Initializing Pwnbox Terminating Active Instances Passwords and Spectators Using Pwnbox Tips and Tricks Terminating Pwnbox Pwnbox Limitations Pwnbox is a customized, online Parrot Security Linux distribution with many hacking tools pre-installed. You can use it to play in our labs without installing a local VM serving the same purpose. If you're wondering about having the right tool, don't worry! Our custom-made parrot security distro comes equipped with a plethora of tools of the trade. Every month we issue an update to make sure it's fully up-to-date with everything you'll need. -------------------------------------------------------------------------------- ACCESSING PWNBOX You can access the Pwnbox controls by clicking on the Connection Settings button to the right of your profile picture, at the top right of the page you're on. This menu is accessible from any page to make navigation easier and provide you with faster access to the tools you need to further your development. After you land on the Pwnbox menu, you will see the Hours Left counter at the top, followed by the connection settings below. The counter at the top refers to how many available hours of Pwnbox you have left. After you've finished using any Pwnbox instance, it is vital that you terminate it to save this time for later use. -------------------------------------------------------------------------------- INITIALIZING PWNBOX You can proceed with selecting a Pwnbox Location based on the lowest latency reported for each of them. Afterward, you can proceed with selecting the VPN Access and the VPN Server fields that would benefit you the most in terms of latency. It's now easier than ever to switch VPN servers mid-action on the same menu, so if you ever run into any connection problems further down the line, you can use the same page to switch to a different server. If you want to learn more about these categories, we have an article explaining Lab Access in greater depth. -------------------------------------------------------------------------------- Click the button below to learn more about Lab Access: Introduction to Lab Access -------------------------------------------------------------------------------- After selecting your preferred servers, you can click the Start Pwnbox button to start the initialization process. After this is complete, you will be presented with a small preview of what is happening on the desktop of the Pwnbox you've spawned, together with the three available interactions: * Open Desktop Which will open a VNC connection through HTTPS to the box, similar to TeamViewer or other GUI-based remote connections. * Terminate Which will terminate the current Pwnbox instance. It would be best if you always used this after you've finished using your VM as it will save you some usage time for the future. * Open SSH Terminal Which will initialize an SSH connection from your local machine's terminal, where you will be prompted to accept the remote host's fingerprint and then enter your generated password. Once the initialization sequence is complete, you will have a working instance of Pwnbox. As noted, please make sure you disconnect your VPN from any other locations before you attempt to initialize a VPN connection to HTB labs from Pwnbox. TERMINATING ACTIVE INSTANCES Please note that you will not be able to spawn Pwnbox if you already have an instance of a Box running. You must terminate any Box Instances you have and start Pwnbox before spawning a Box. If you already have a Box running when you go to spawn Pwnbox, you will be met with the following: You can see which Box you have currently running, and consequently terminate it, by checking the top-left of the website. -------------------------------------------------------------------------------- PASSWORDS AND SPECTATORS During your Pwnbox interaction, you will need to have the randomly generated user password available to perform sudo actions and connect through SSH. To access this password for your current instance, you can click on the View Instance Details drop-down menu right below the Pwnbox stats section. You can also have Spectators during your Pwnbox interaction. This can be useful for students or demos you might want to perform in front of a live audience. To see the shareable Spectator Links, click on the icon next to the Instance Lifetime section of the Pwnbox menu. You can also find your sudo credentials on the desktop in the my_credentials.txt file. -------------------------------------------------------------------------------- USING PWNBOX Once you have everything set up and ready to go, let's assume you want to use the VNC connection to access the desktop environment of the Pwnbox instance. Upon clicking the Open Desktop button, you will receive a popup page with a loading screen as the VNC connection initializes. You can find your main tools, the PowerShell terminal, and the Parrot terminal at the top of the screen. Next to these, you can notice several other shortcuts and places such as your Applications, Places, and System folders. You have a network monitor display and your workspace controls on the right, which you can use to switch between different desktop workspaces. On the bottom taskbar, you have a few shortcuts. You can edit this menu with whatever else you prefer to use, but the defaults are Firefox, PyCharm, Postman, BurpSuite, Metasploit Framework, and VSCodium. Note that you have a useful clipboard utility at the bottom right. If you want to copy and paste the output from the instance to your main OS, you can do so by selecting the text inside the instance you want to copy, copying it, and then clicking the clipboard icon at the bottom right. You will be able to find the text you copied inside and can now copy it again outside of the instance and paste it wherever, externally. From here, you have to follow the same steps you would when attacking a Box the usual way! Make sure an instance of the Box you want to attack is spawned by visiting its page on this link and proceed to attack it relentlessly until it is conquered. -------------------------------------------------------------------------------- TIPS AND TRICKS You can access your personal data on the ~/Desktop/my_data folder, and you have a dedicated user_init script for auto-backup. If you want to copy or download anything from the Pwnbox instance, you can use SCP or SFTP. Remember, the 24 hour time allowance for VIP users is reset at the start of the month, and leftover hours do not port over. -------------------------------------------------------------------------------- TERMINATING PWNBOX As mentioned before, don't forget to terminate your current Pwnbox instance after you're done interacting with it. To issue a termination, click on the Terminate button on the Pwnbox menu. -------------------------------------------------------------------------------- PWNBOX LIMITATIONS On the HTB Labs: * Free Users have a single two hour session of Pwnbox available for the life of their account, as a way to test out it's features. Free users also have limited internet access, with only our own target systems and GitHub being allowed. * VIP users have a limit of 24 hours per month to use their Pwnbox. This limit gets renewed with each month that you renew your VIP Subscription * VIP+ users have unlimited use of Pwnbox. -------------------------------------------------------------------------------- Related Articles Introduction to Lab Access Introduction to CTFs Enterprise Lab Access Introduction to Starting Point Connecting to Academy VPN Did this answer your question? 😞😐😃 * Platform * Enterprise * Academy * CTF * Swag * Blog * Forum * Newsroom * * * * *