Hi,
tl;dr Can I use RPi 4B as practice/target machine?
I have a university issued laptop, but after rent and all I have too little left to buy a PC.
Has anyone used RPi as practice machine? Would it be a waste of time to setup again and again as I progress through the challenges?
Cheers
I’ve used an RPi 4B for practice, and it worked out surprisingly well.
I have not used the 4B but I did put Kali on a 3+ awhile back. I think if you can find a stable way to run a virtual machine on it (not sure if this is possible, have not done it and internet is saying both yes and no at a brief glance) you could run metasploitable (virtual machine with vulnerabilities to practice on) on it, and you would have an easier time setting up and adjusting.
Why not?
For using it as an attack machine:
Install a Kali RPi image on it and have fun. Some things will run slower (hashcat, John the Ripper, fuzzing), but it should be perfectly fine so long as you have your peripherals for it. I’d also recommend a cooling solution, I used to use a cheap $5 USB fan that I picked up at a general store.
For using it as a practice machine:
You don’t really have the resources on a Pi for creating virtual machines and having an assortment of labs available, but you can flash it with various images, install JuiceShop on it (I’ve done this), install ■■■■ Vulnerable Web Application, and really any vulnerable web project you want to. If you want to install old binaries on there, you can do that as well.
Also, you can use your RPi for blue team practice. Stand up a free tier Oracle instance with Wazuh or similar SIEM like technology and install the agent on your RPi. Make sure your RPi is doing fun things - maybe as a PiHole or syslog server or something or other, keep an eye on your Wazuh instance, tune it for alerting, and learn how to use SIEMs. Run regular vulnerability scans against it. Practice patching things - both in automated ways and semi-automated ways. Lots of opportunity here. I use my Pi for a lot of stuff like this 
Yes, for sure! But there are a couple issues.
I have Kali on both a Raspberry Pi 2B and 3. It can be quite sluggish to use it with a full graphical system. So, if you’re comfortable (or simply want the extra practice), I’d recommend running it in headless mode. You’ll find it’s plenty fast for that. However, in this mode it will be very difficult to do any kind of web challenge, or most Machines.
Also, the other big issue is the architecture. You might find it hard to obtain some of the tools you’ll need for HTB in an ARM architecture. So, be prepared to have to compile some of your tools from source code.
In my opinion, it’s probably better to find an older/used laptop and just start with that instead. Myself, I do all my HTB stuff on a laptop over ten years old!
Best of luck in your HTB adventure.