📦Exploit Box

What is Exploit Box

Exploit Box is a kali linux instance hosted on the cloud which lets you use tools and resources present on it for pentesting engagements.

It is directly linked to the Pentest Copilot session that creates it and can be used to execute commands, run tools and conduct scans by Pentest Copilot or yourself.

Starting Exploit Box

After successfully "Creating a Workspace" and using the dashboard to navigate to it, you will be able to start Exploit Box using the purple button at the very top of the workspace.

By Default an Exploit Box session lasts for an hour but can be extended to 2 hours.

As Soon as the Connection is ready, you will be able to see a terminal session at the bottom of the screen which is a ssh connection to the exploit box

This Terminal session lets you monitor Pentest Copilot's action and run tools on your own as well.

Connecting to the VPN

You might want to put the Pentest Copilot of an Internal Subnet which has your targets on which you want the Pentest to be done. You can connect to such a subnet through the "Connect VPN" button present at the very top of the workspace.

The left pane can also be used for the same purpose

You will be required to upload the OpenVPN file meant to connect a device to the Internal Subnet.

Once you upload the file and choose to connect the Exploit Box to the VPN, you would see a similar screen which lets you ensure that the VPN connection has been successfully made

You can switch between the Main Session, subsessions and the VPN Terminal tab at anytime to ensure that the VPN connection is actively being maintained.

Now the Exploit box is connected to the Subnet and you can confirm that by pinging the devices present on that subnet.

Accessing the GUI

Again, the Workspace Button and the Left Pane can be used to Access the GUI interface of the Exploit Box

If you would like to isolate this GUI session to a different Tab, you can use the Workspace button to open this in a new tab.

This GUI Session lets you use the Exploit box in a desktop Environment. This would be your go-to to use tools like BurpSuite. Since its a Desktop Environment, you can use it just like a virtual machine.

Copy Paste in the GUI

Since CTRL+C and CTRL+V does not integrate clipboards of your local machine and the exploit box, you can use this pull-out menu to access the Clipboard from the VNC session.