Skip to main content
HashnodeCyberEthical.Me: Hacking for the Security Awareness

Command Palette

Search for a command to run...

Customize your Hack The Box Pwnbox

Setting up the environment persistence on Hack The Box Parrot Pwnbox

Published
β€’2 min read
Customize your Hack The Box Pwnbox
K
Kamil Gierach-Pacanek

Currently working as a Senior Consultant at Netcompany spending my full-time job solving the SharePoint riddles. In the free time I'm expanding my understanding of cybersecurity through hacking activities. Git fanboy.

Introduction

image.png

Pwnbox is a customized, online Parrot Security Linux distribution - you can launch it from Hack The Box site and play with it in a browser (similar to the Kasm Workspaces streaming). It has immediate access to the HTB Challenges network, without additional VPN configuration.

More details: What is Pwnbox? How does it work?

Setup

I strongly recommend forking the repository then modify scripts to your liking. Disclaimer.

Collect and run init-pwnbox.sh script from my GitHub.

curl https://raw.githubusercontent.com/CyberEthicalMe/configs/master/htb-pwnbox/init-pwnbox.sh | sh

Explanation

Hack The Box is running user_init script each time Pwnbox is started. In the head of this file you can read.

#!/bin/bash
#This script is executed every time your instance is spawned.

So, I've put some effort creating the script that automates setting up the persistence on the Pwnbox by wgetting some resources and modifying the initial user_init script.

Details: init-pwnbox.sh

  1. Change current working directory to $HOME/my_data.
  2. Get preconfigured user_init file from the repository. Backups the original file.
  3. Get Powerline font for tmux theme (yes, I forced it a bit and I'm loving tmux now).
  4. Prepare home directory to preload in user_init. Things like .*.conf files.
  5. Create RSA keypair for persistence over SSH. It makes easier to come back to the server during the hacking challenges.
  6. Get terminal settings export script. This just saves the state of the default terminal (mate-terminal).
  7. Clones tools repositories. Right now, only ffuf, that is not available out-of-the box (pun intended).
  8. Returns to the previous working directory.

Details: user_init

  1. Copy files from ~/my_data/home to ~.
  2. Add Powerline font for tmux. Refresh font cache.
  3. Load mate-terminal profiles. May require manual switching profiles.

Known Improvement Points

  1. Manual refresh of tmux config (Ctrl+A, Shift+I) when tmux launched for the first time.
  2. Manual import of mate-terminal profiles. For some these are not imported on initial user_init - use the import-mate-terminal.sh to import these on the first launch of terminal.
#hacking#automation#linux
2.8K views

Comments (1)

Join the discussion
M
MacBobby Chibuzor4y ago

Hi, thanks for this...

I'm wondering... I'm just getting started on HTB and I have a Kali Linux machine installed. Do you have a guide for connecting to OpenVPN?

Thanks!

1
K
Kamil Gierach-Pacanek4y ago

Hi MacBobby Chibuzor!

I don't have a guide for that, but HTB have the Introduction to Lab Access help page.

Quick summary - you are downloading the ovpn file from the HTB site, then on your Kali you are connecting to the VPN using sudo openvpn {PATH _TO_OVPN}. You can reach me out on the Discord, and we can go more step-by-step approach if above information are not sufficient.

More from this blog

C

CyberEthical.Me: Hacking for the Security Awareness

72 posts

🎯 On May 2021, I have set myself a goal to make an accepted submission in a Bug Bounty program. This is my testimony of the path I take to achieve my goal.

πŸ‘† Access Patron Benefits πŸ‘†