Hack The Box

Pwnbox offers a browser interface that is both easy and fun to use, providing users with a seamless experience. In addition to the convenience of using its pre-installed tools and scripts, we also have some customization features that let you personalize your hacking experience as if you were operating a virtual machine on your computer.

___________________________________________________________

NOTE: The version of Pwnbox on <code>academy.hackthebox.com</code> does not include the <code>my_data</code> and <code>user_init</code> features.

<code>my_data</code> is a directory created in the user's home directory when they log in to a Pwnbox. This directory is intended to be used by the user to store any data or files they might need for future sessions. You can add files, scripts, tools, binaries ... any file that you might need that Pwnbox does not offer.

The folder has a lost+found folder, a README.txt, and a user_init script file.

The lost+found directory is a special directory in Unix-based operating systems, including Linux. It is used to store recovered files and directories that were found during a file system check. When the file system check is run, it may encounter files or directories that are not associated with any particular directory or inode. These files and directories are then moved to the <code>lost+found</code> directory.

- The lost+found directory is a special directory in Unix-based operating systems, including Linux. It is used to store recovered files and directories that were found during a file system check. When the file system check is run, it may encounter files or directories that are not associated with any particular directory or inode. These files and directories are then moved to the <code>lost+found</code> directory.

The README.txt contains a very important warning that everyone must know before storing files in the folder:

- The README.txt contains a very important warning that everyone must know before storing files in the folder:

<code>Anything you save in the my_data folder will persist between instances you spawn.</code>

<code>Remember! Do not store personal or sensitive data!</code>

<code>We do not back up this folder and only provide it on a best effort basis.</code>

The user_init is an empty bash script that looks like this :

- The user_init is an empty bash script that looks like this :

This script is running automatically every time your PwnBox is spawned, and you can use this to automate some tasks or run other scripts (More on this below).

Some usage of this folder will be adding your own custom scripts, web shells, small wordlist, or notes to keep for your next session:

You get around 50MB of storage in this folder, so use it responsibly.

This script is a great tool to customize your experience when using PwnBox as this runs automatically when a user logs in and is used to set up the user's shell environment, configure any necessary tools or settings, and perform any other necessary tasks to prepare the user's environment for use.

It is important to note that any changes made to the <code>user_init</code> file will only take effect the next time the user logs in.

One simple example to showcase this is setting up a listener every time your PwnBox starts, as you might need it later. This can simply be done using :

You can also use this to create a new directory every time you spawn PwnBox, copy files, or delete files, or simply make your <code>vim</code> better looking with your own <code>vimsrc</code> file that you store it in <code>my_data</code>.

Note: You should avoid putting large or time consuming operations in the init script, such as <code>apt upgrade</code>, as the init script is executed during the spawning process, and will delay the amount of time it takes for your instance to become available.

Using the my_data Folder

User Init Script: