Playing around with Pentest Box

PentestBox is an Opensource PreConfigured Portable Penetration Testing Environment for the Windows Operating System

When you speak with an Chief Executive Officer about the tools he/she uses you would never guess that a tool like PentestBox would come into the field. Well, that’s not the case when you are still an IT geek and besides all the management tools, the budgeting analysis, the risk assessments, the ROI analysis, you find joy when you get a tool like this on your Windows machine.

You see, there are some moments in the office and especially within an IT department, where some things happen where the inexperienced eye can’t focus on. In cases where the loss of a packet might mean a lot of things but it also might be nothing. But even in the busiest moments I can’t deny my rush of adrenaline to just check what’s going on, while doing all the regular stuff, meetings etc.

In cases like these, the norm is that someone will run a Wireshark scan on the network in case they find something. I laugh so hard when people run Wireshark thinking that checking some thousands of packets will give them the answer. Everything looks cool till you get to know Thanassis Diogos presenting plenty of topics on security and information analysis and always using Wireshark in full mode. Then you realize that this is how that tool works!

In business environments the most common operating system is Windows OS and from an IT pro’s view that system limits the tools that can be used in order to deal with whatever has to do with a pen-test. But there were some tools all around that could help you do some stuff but you had to find them yourself and update them . This is were PenTest Box came to change everything you know about having a bunch of security tools on our Windows machine.

PenTest Box

There are two variants of the installer that you can download. One with all the tools and another one that also contains Metasploit. The reason that there are two installers is that Metasploit is full of exploits/payloads and most antiviruses block and delete many of them. If you have full control on a system you can just exclude the download and the installation folder and you are ready to do. If you don’t have access to do that, then you can download the simple version of the installer and avoid all the fuzz.

You can also check the list of the tools that are included in the package in order to get a clue of what is going on. The update is simple and you can update everything by typing “update all” and you can also modify the whole thing by adding more tools to it, either from github or from whatever source. The tool is setup in a way that can run python and that means that most exploits\payloads that are written in python can be added on the list of tools!

Using PenTest Box on the CLOUD

Personally I have used the tool mainly for information gathering and some web pen-test and everything work like a charm. Wellknown tools like nmap, volatility, wireshark, ipscan, The Harvester, dnsrecon, ettercap, burpsuite, wpscan, sqlmap, are some of the tools you can find there and that I frequently use! 

But let’s take it a step further! What if you can have these tools always available from everywhere like having that on the cloud?

Well when you want to install a security distro on a cloud platform things get more complicated. On Microsoft Azure you can install VMs like Kali but in order to use it you need to read an comply with the rules of engagment.  Pretty cool huh? Generally that shows that from the moment that you use a pen-test distro on a cloud platform you are being monitored on how you use it and how you perform your pen-test.

I know first hand, when I was checking and attacking websites for pen-test purposes 24/7 for more than a week and bruteforcing my way in, when one day I just couldn’t connect to my Kali VM. No ssh, nothing. The VM was up and running, but I couldn’t in any way get back to it! Then I found out that Microsoft has got rules that you need to follow! Yeah right…

My Azure W10 machine witch PenTest with Metasploit installed and using WPScan on my website

So, no need to say that I am not a security specialist but rather than an it security fan who knows his way around. So I needed to have tools available 24/7 just because I just f@#*&%g CAN have it and I want to have that ability on any moment needed.

But as many you might know, I could also install Kali Linux inside Windows 10 with the use of Windows Subsystem for Linux that is available on all Windows 10 versions and through the Microsoft Store you can install Kali and bash and other version of linux that you might like. That is another option if you want to use something that PenTest Box doesn’t have. You see when you install Kali Linux on WSL, there are NO tools installed with it.

That means that you need to install everything from scratch and that is not so cool. But either way it is a way to install applications that PenTest Box doesn’t have in its list! Either way Microsoft isn’t that restrictive to their own OS (not that they can’t know what you are doing if they want to check), but it is not like having a Linux VM like Kali that it is designed for the specific rule.

What do you think?
Let me know in the comments

Playing around with Pentest Box Comment

Leave a Reply

Your email address will not be published. Required fields are marked *