Version 1.4 Released – Note Pages, Note History, Keyword Search

Notes, Notes & More Notes


Create Note Pages for Engagements, Hosts & Ports

Keep your notes organized by creating additional note pages for categories such as Discovered URLs, Possible Vulnerabilities, or Interesting Directories

* Note Pages are available on the Hobby Tier

Also New In Version 1.4

  • Note History
    Never lose a note again with a detailed change history for every note

  • Keyword Search
    Quickly scan your entire account for keywords

  • Code Snippets
    Add source code to notes & reporting data with syntax highlighting

  • And Much More…
    ◦ Export your data to JSON
    ◦ Revamped Dashboard & Engagement Console
    ◦ URL HashIDs & Clientside Error Logging

What’s coming in version 1.5?

Periscope – gain better situational awareness by viewing your engagements and hosts from 10,000 feet

Scratchpad – edit files in a hierarchical folder structure with syntax highlighting and Vim style keyboard bindings


HackTheBox – Dropzone – Custom MOF Dropper (Stuxnet)

Hacking the Dropzone machine from

Resources from the video

Playing with MOF files on Windows, for fun & profit

Managed Object Format (MOF)–mof-

WMI Architecture

Windows Sysinternals

HackTheBox – DevOops – XXE Injection & Git Repo Enumeration

PenTest.WS demonstration hacking the DevOops machine from This video demonstrates using an XXE Injection vulnerability to pull sensitive files off a remote server. The privilege escalation is to search through a git repository to find root’s private ssh key.

2:26 – Web page extension enumeration
5:21 – XML fuzzing
7:49 – XXE Injection
10:53 – Stealing an SSH key
14:19 – Searching a Git repo
17:53 – Extracting root’s SSH key

HackTheBox – Sunday – Brute Forcing

PenTest.WS demonstration hacking the Sunday machine from This video includes brute forcing the finger and ssh services. John the Ripper is used to brute force a password. Privilege escalation is to use sudo and the wget command to read & write protected files.

2:14 – Downloading the corncob word list
4:18 – Brute forcing the finger service with a custom bash script
8:12 – Brute forcing ssh using hydra
12:02 – John the Ripper brute forcing a shadow.bak file
15:05 – sudo & the wget command for privilege escalation