first time user of THM so sorry if this is a dumb question. Do i need to download a vm and then run openVPN on it or can i just download openVPN and use my mac’s terminal to do the labs?
Thanks for all the suggestions. I decided to go with kali Linux in a vm using a vpn.
You should use a Linux VM. Not only for environment separation purposes, but also because there are definitely people who act in bad faith on THM and you should try to mitigate any potential issues.
You can do it on your mac’s terminal. But you need to know that operating systems like kali Linux or Parrot OS are best suited for this kind of labs. BTW I do it on archlinux, it doesn’t matter which one you pick.
No. As long as you have the VPN on your main machine you can use the inbrowser VM to solve the challenges.
You can use on your Mac terminal, but it is highly recommended to dedicate an environment for hacking, so if your Mac is your main computer you definitely should install a vm
Adding to the _you should use a VM_, this is highly recommended for separation of environments and the fact that if you run some exploit, you are far less likely to mess up something on your system. Unless you are validating every single piece of code that you execute when doing an exercise, you cannot guarantee that it doesn’t contain malicious code…there are known cases, though rare, of exploits being created with the sole purpose of damaging the system that is being executed and not intended to exploit the vulnerability.
Additionally, you may often find the need to install different tools and these may have a tendency to install multiple dependencies that may either just add more stuff to your system or cause issues with other libraries or programs…the VM helps to mitigate this by either having snapshots that you can restore or making it far easier to spin up a system without having to reinstall everything manually.
If you lack the resources on your system to run even a single VM, my suggestion here would be to start looking at the possibility of upgrading and to use the in-browser attach box that THM has. It is limited in time for the free tiers, however, it is still a much better option than running anything on the OS that’s installed on your machine.
There are some Ippsec videos where he runs into issues with the VM and has to either restore or spin up a new version, imagine doing a lab and having to reinstall everything on your system because something messed it up to that point.
TL;DR: use a VM that is solely for labs and that you can simply throwaway if something goes wrong.
Just wanted to hop in and let you know that you can get a VMware Fusion Player - Personal Use License for free.
You should definitely use whatever you are most comfortable with and it’s totally a personal preference but I like using VMware way more then VirtualBox. It’s a couple years old but there’s a good video by David Bombal that goes through setting up the free license and Kali VMware on a Mac.
I did use my Mac with openVPN for a few months because the Attack Box and the virtual web based Kali machine were horrendously slow and I had no issues. Everyone here is correct though, it is strongly recommended that you use a VM. Sounds like you already made your decision but if you stick with your Mac, and you may already be aware, but you can install nearly all of the tools you’ll need through Homebrew. Here’s a good repo that has a list of tools already available on Homebrew as well as a list of those that are not with scripts to install them.
Here’s another just in case:
Also general resources:
PentestTools
Good luck! If you ever have any questions, feel free to reach out. I’ve completed just shy of 200 rooms and have notes on nearly all of them. Happy to offer help.
Would you recommend the subscription or use kali Linux in a vm?
You don’t need the VPN if you’re using the attack box…that’s the idea behind it being available.
For now just use a vm until you become more conformable with, then you can subscribe.
More conformable means you know how to operate a Linux system, you know at least basic linux commands.
I know a bit. cd, rm, ls. Just basic navigation stuff. Thanks for the info.