Pwnbox is a customized, online Parrot Security Linux distribution - you can launch it from Hack The Box site and play with it in a browser (similar to the Kasm Workspaces streaming). It has immediate access to the HTB Challenges network, without additional VPN configuration.
More details: What is Pwnbox? How does it work?
I strongly recommend forking the repository then modify scripts to your liking. Disclaimer.
Collect and run
init-pwnbox.sh script from my GitHub.
curl https://raw.githubusercontent.com/CyberEthicalMe/configs/master/htb-pwnbox/init-pwnbox.sh | sh
Hack The Box is running
user_init script each time Pwnbox is started. In the head of this file you can read.
#This script is executed every time your instance is spawned.
So, I've put some effort creating the script that automates setting up the persistence on the Pwnbox by
wgetting some resources and modifying the initial
- Change current working directory to
- Get preconfigured
user_initfile from the repository. Backups the original file.
- Get Powerline font for
tmuxtheme (yes, I forced it a bit and I'm loving
homedirectory to preload in
user_init. Things like
- Create RSA keypair for persistence over SSH. It makes easier to come back to the server during the hacking challenges.
- Get terminal settings export script. This just saves the state of the default terminal (
- Clones tools repositories. Right now, only
ffuf, that is not available out-of-the box (pun intended).
- Returns to the previous working directory.
- Copy files from
- Add Powerline font for
tmux. Refresh font cache.
mate-terminalprofiles. May require manual switching profiles.
Known Improvement Points
- Manual refresh of
tmuxconfig (Ctrl+A, Shift+I) when
tmuxlaunched for the first time.
- Manual import of
mate-terminalprofiles. For some these are not imported on initial
user_init- use the
import-mate-terminal.shto import these on the first launch of terminal.