HTB PwnBox

FYI Great tool but sometimes I have this message: Could not start VNC web proxy

Several tests are necessary to gain access.

I often use pwnbox because of economical conditions and my computer is too bad. However, pwnbox has a lifetime, so I can only study 24 hours a month.
I paid for 1 year, is there any way to extend the pwnbox time? Studying only 24 hours per month is too harsh.

Spoiler Removed

Type your comment> @choupit0 said:

Spoiler Removed

?

How do you copy/paste into PwnBox from outside ?

d

Hey there,
I finally managed to connect to my pwnbox instance with Remmina instead of the HTB Viewer. However, that’s great for me and everything but I just noticed how out of date every pwnbox instance after the spawn is. I would like to suggest that the base image gets updated frequently so I don’t have to waste a part of my 24hours for upgrades on startup.

However, I am currently working on some stuff that will make using the pwnbox on mobile devices easier. (ref. to @sparkla s post above)

@sparkla will do so, but please dont expect something soon. Lots of other work and this project will be prioritized low. Maybe there are other people who would like to cooperate with me regarding a HTB Mobile Viewer. Contact me via admin@codefuzzler.xyz if interested. :smile:

Does one have to be on the VPN in order to connect to pwnbox via VNC?

Has anyone been able to install dropbox on their pwnbox instance ?

I keep getting this error even though $DISPLAY is set to :1

...
No protocol specified
b'!! (Qt:Fatal) QXcbConnection: Could not connect to display :1'
─[eu-dante-2]─[10.10.x.x]─[root@htb-x]─[~/.dropbox-dist]
└──╼ [★]$ echo $DISPLAY
:1

Type your comment> @silverphish said:

Has anyone been able to install dropbox on their pwnbox instance ?

I keep getting this error even though $DISPLAY is set to :1

...
No protocol specified
b'!! (Qt:Fatal) QXcbConnection: Could not connect to display :1'
─[eu-dante-2]─[10.10.x.x]─[root@htb-x]─[~/.dropbox-dist]
└──╼ [★]$ echo $DISPLAY
:1

Wha… Why… Don’t do that my friend.

Im trying to download mysql in pwnbox instance. Its giving me this error: E: Failed to fetch http://htb.deb.parrot.sh/parrot/pool/main/g/galera-3/galera-3_25.3.28-2_amd64.deb 404 Not Found [IP: 134.209.23.240 80] when typing sudo apt-get install mariadb-server-10.3 or sudo apt-get install default-mysql-server . I am assuming it has to do with the instance. Its says 1296 packages can be upgraded. Looks like they should be updating the pwn image?

Type your comment> @x0timur said:

Im trying to download mysql in pwnbox instance. Its giving me this error: E: Failed to fetch http://htb.deb.parrot.sh/parrot/pool/main/g/galera-3/galera-3_25.3.28-2_amd64.deb 404 Not Found [IP: 134.209.23.240 80] when typing sudo apt-get install mariadb-server-10.3 or sudo apt-get install default-mysql-server. I am assuming it has to do with the instance. Its says 1296 packages can be upgraded. Looks like they should be updating the pwn image?

Try running “sudo apt update” before running any install commands

Hello,
i am facing an issue to access all the machine like an active and retired will you please help me out , what should to do ,
10.10.10.209
10.10.10.217
only 2 to 3 machine i can access reset
some machine error gives (Hmm. We’re having trouble finding that site.
We can’t connect to the server at academy.htb.)
and some (The server at 10.10.10.221 is taking too long to respond.)

and if i command ping its work for all machine but can access

will you please let me know where i am wrong

@immi said:

Hello,
i am facing an issue to access all the machine like an active and retired will you please help me out , what should to do ,
10.10.10.209
10.10.10.217
only 2 to 3 machine i can access reset
some machine error gives (Hmm. We’re having trouble finding that site.
We can’t connect to the server at academy.htb.)
and some (The server at 10.10.10.221 is taking too long to respond.)

and if i command ping its work for all machine but can access

will you please let me know where i am wrong

This probably isn’t the right place to ask the question.

If you have an issue with a machine, you should ask it in the thread for that machine. If you have a general issue “off-topic” is a good place to start.

In your specific case, it looks like you haven’t updated your hosts file.

Not sure where to report this, was using pwnbox and out of nowhere i got kicked off from the session with an error message “something went wrong, connection is closed :(” the instance is still running but cant reconnect. will lose all my progress i mean notes for now

@TazWake
Thanks i will mention it there

@bleubyte said:

Not sure where to report this, was using pwnbox and out of nowhere i got kicked off from the session with an error message “something went wrong, connection is closed :(” the instance is still running but cant reconnect. will lose all my progress i mean notes for now

This is probably the best option: HTB Support on JIRA - News - Hack The Box :: Forums

When using enum tools like gobuster or dirb against the target machines, it fails right away with connection failures. Ping and curl is normal.
I don’t know why. Any clue?

@bsang said:

When using enum tools like gobuster or dirb against the target machines, it fails right away with connection failures. Ping and curl is normal.
I don’t know why. Any clue?

  • This is probably best asked in the thread relevant to the box.
  • It depends how you are trying to use the tools, its probably down to using a domain name you haven’t put in the hosts file but it could be that there is no webservice running.
  • If you provide more detail in the relevant thread, you can get a more specific answer.

Type your comment> @TazWake said:

@bsang said:

When using enum tools like gobuster or dirb against the target machines, it fails right away with connection failures. Ping and curl is normal.
I don’t know why. Any clue?

  • This is probably best asked in the thread relevant to the box.
  • It depends how you are trying to use the tools, its probably down to using a domain name you haven’t put in the hosts file but it could be that there is no webservice running.
  • If you provide more detail in the relevant thread, you can get a more specific answer.

You’re right. I’ve just checked the following iptable rule in the target machine.
It seems I need to decrease the hit count from the tools.
I’ve never encountered this kind of error because my vpn is quite slower than Pwnbox vpn.
Thanks for your comment.

-A INPUT -i eth0 -p tcp -m tcp --dport 80 -m tcp -m state --state NEW -m recent --update --seconds 1 --hitcount 40 --name HTTP --mask 255.255.255.255 --rsource -j REJECT --reject-with icmp-port-unreachable