Customize your Hack The Box Pwnbox

Customize your Hack The Box Pwnbox

Setting up the environment persistence on Hack The Box Parrot Pwnbox


2 min read



Pwnbox is a customized, online Parrot Security Linux distribution - you can launch it from Hack The Box site and play with it in a browser (similar to the Kasm Workspaces streaming). It has immediate access to the HTB Challenges network, without additional VPN configuration.

More details: What is Pwnbox? How does it work?


I strongly recommend forking the repository then modify scripts to your liking. Disclaimer.

Collect and run script from my GitHub.

curl | sh


Hack The Box is running user_init script each time Pwnbox is started. In the head of this file you can read.

#This script is executed every time your instance is spawned.

So, I've put some effort creating the script that automates setting up the persistence on the Pwnbox by wgetting some resources and modifying the initial user_init script.


  1. Change current working directory to $HOME/my_data.
  2. Get preconfigured user_init file from the repository. Backups the original file.
  3. Get Powerline font for tmux theme (yes, I forced it a bit and I'm loving tmux now).
  4. Prepare home directory to preload in user_init. Things like .*.conf files.
  5. Create RSA keypair for persistence over SSH. It makes easier to come back to the server during the hacking challenges.
  6. Get terminal settings export script. This just saves the state of the default terminal (mate-terminal).
  7. Clones tools repositories. Right now, only ffuf, that is not available out-of-the box (pun intended).
  8. Returns to the previous working directory.

Details: user_init

  1. Copy files from ~/my_data/home to ~.
  2. Add Powerline font for tmux. Refresh font cache.
  3. Load mate-terminal profiles. May require manual switching profiles.

Known Improvement Points

  1. Manual refresh of tmux config (Ctrl+A, Shift+I) when tmux launched for the first time.
  2. Manual import of mate-terminal profiles. For some these are not imported on initial user_init - use the to import these on the first launch of terminal.

Did you find this article valuable?

Support Kamil Gierach-Pacanek by becoming a sponsor. Any amount is appreciated!