Introduction to Pwnbox (for HTB Classic)

Last updated by 0ne - nine9 (admin)

Updated at October 29th, 2020

Pwnbox is a customized, online, parrot security linux distribution with many hacking tools pre-installed. You can use it to play in our labs without the need to install a local VM serving the same purpose.

VIP users have a limit of 24 hours per month to use their Pwnbox. This limit gets renewed with each month that you renew your VIP subscription.

Pwnboxes also have a lifetime of their own, once you spawn one, you can see its' remaining time in the panel.

If you're wondering about having the right tool, don't worry! Our custom-made parrot security distro comes equipped with a plethora of tools of the trade. Take a look below at the list:

BurpSuite, FoxyProxy, Wappalyzer, gobuster, dirb, dirbuster, SecLists, PayloadAllTheThings, LinuxPrivChecker, LinPeas, Sublime, PowerShell, Terminal, BloodHound, and the list goes on. 

Accessing Pwnbox

In order to get to the Pwnbox controls page, you’ll need to press on the Pwnbox button at the top of the platform’s ribbon.

On this page you’ll find the stats related to your own account, the server picker and a small description of what Pwnbox is. 

The stats represent your account history with Pwnbox and, more importantly, the amount of hours of usage you’ve got left on it.


This is the total amount of sessions you’ve had on Pwnbox. A session is the time between an instance boot-up until expiry or manual closure. 

Hours Allowed

The amount of hours you get assigned every month on your VIP account. Note that in the screenshot above, the hours are not representative for a normal VIP user, but for an administrative account.

Hours Used

The amount of hours you’ve spent in Pwnbox instances from your VIP account for the current month.

Remaining Hours

The remaining available hours to your VIP account to use Pwnbox services.

Initializing Pwnbox

In order to start an instance of Pwnbox, you’ll need to first select the closest available server to you, the one with the least latency.

The list of servers and their related latency levels are depicted in the screenshot below:

You can check the latency for each of these by pressing the button next to the server location name.

After selecting a server, you can click on the Start button and you will see the boot-up sequence initializing on the left.

Once the initialization sequence is complete, you will have a working instance of Pwnbox. You can quickly cycle between available VPN packs on the same menu. As noted, please make sure you disconnect your VPN from any other locations before you attempt to initialize a VPN connection to HTB labs from Pwnbox.

At the top, you can see the VPN Server Key controls. This submenu will allow you to change your VPN connection settings within Pwnbox without the need to download the .ovpn file on your own. The VM instance will take care of this and you will only need to simply select the desired VPN server from the list.

Below the VPN access controls, you have the Instance Details which display your randomly generated Hostname and Password along with your HTB-correlated Username.

The Instance Lifetime is noted below that, but please note that if you don’t plan to use it for that long, shut it down before quitting the hacking session for the day. This way you will save hours for next time and avoid running out of them due to wasted instances.

The Spectator Link section allows your students, your friends or colleagues to watch you live, in action.

Below the instance screen, you have the following options:

  • Open Desktop

Which will open a VNC connection through HTTPS to the box, similar to TeamViewer or other GUI-based remote connections.

  • Terminate

Which will terminate the current Pwnbox instance. You should always use this after you've finished using your VM as it will save you some usage time for the future.

  • Open SSH Terminal 

Which will initialize a SSH connection from your local machine's terminal, where you will be prompted to accept the remote host's fingerprint and then enter your generated password.

Using Pwnbox

Once you have everything set up and ready to go, let's assume you want to use the VNC connection to access the desktop environment of the Pwnbox instance.

Upon clicking the Open Desktop button, you will receive a popup page with a loading screen as the VNC connection initializes.

Your main tools, the PowerShell terminal and the Parrot terminal can be found at the top of the screen.

Next to these you can notice several other shortcuts and places such as your Applications, Places and System folders. On the right you have a network monitor display and your workspace controls, which you can use to switch between different desktop workspaces.

On the bottom taskbar, you have a few shortcuts. You can edit this menu with whatever else you prefer to use, but the defaults are Firefox, PyCharm, Postman, BurpSuite, Metasploit Framework and VSCodium.

Note that you have a useful clipboard utility at the bottom right. If you want to copy and paste output from the instance to your main OS, you can do so by selecting the text inside the instance that you want to copy, copying it and then clicking the clipboard icon at the bottom right. You will be able to find the text you copied inside and are now able to copy it again outside of the instance and paste it wherever, externally.

From here, you just have to follow the same steps as you would when attacking a Machine the usual way! Make sure an instance of the Machine you want to attack is spawned by visiting its page on this link and proceed to attack it relentlessly until it is conquered.

Tips and Tricks

You can access your personal data on the ~/Desktop/my_data folder and you have a dedicated user_init script for auto-backup.

The internet access has some limitations but we've allowed users to download new needed tools that the Pwnbox might not come equipped with.

Remember, all useful and popular wordlists are saved in the Useful Repos folder on the ~/Desktop/. (we also unzipped rockyou for you <3)

If you want to copy or download anything from the Pwnbox instance, you can use the scp command.

Remember, the 24 hour time allowance for all users is reset at the start of the month and leftover hours do not port over.

Terminating Pwnbox

As mentioned before, don't forget to terminate your current Pwnbox instance after you're done interacting with it. In order to issue a termination, click on the Terminate button on the Pwnbox menu. 

Was this article helpful?

Can't find what you're looking for? Please contact our

Customer Support team