I am quite a paranoid person and I want to be as safe as possible while trying to be better at pen-testing. I know that one can never be 100% safe but I’m new to all of this and I have no idea how unethical hackers can hack my VM. Please tell me everything I should do before connecting to HTB.
Limit your open ports, don’t run services you don’t need running (SSH, apache, etc) and change your root password to something complex you’ll be fine.
Beyond that make sure your VM software up to date, escapes aren’t likely but better safe than sorry.
Ok, I know that the VirtualBox team doesn’t really fix the escape exploits as they come out so I don’t want to use it. Are there any other free VMs that are more bug-free? Also, how can I close my open ports?
How to close open ports is a little bit of a complicated question and depends on where you’re making the VPN connection from. I’ll assume that you’re running a Kali VM and connecting from that, in which case if you do this command:
netstat -ltup
You’ll get a list of any open TCP or UDP ports. My Kali install out of the box isn’t listening on anything overly concerning, but if you happen to have turned on something like SSH at some point in order to connect back from a HTB box to your Kali VM, you should probably turn that back off if you’re not using it and are paranoid.
Thank you a lot. Can someone use an escape exploit to gain control of my host system without my sudo password?
Well, you’re talking about a significant amount of steps there potentially. Someone would need to be able to somehow connect to your Kali system due to some service being open, then find a way to do a hypervisor escape or find some other way to connect back to your host machine (again, could possibly be done via an open service).
Saying that, if you’re asking whether it’s technically possible, then the answer is yes. You can greatly reduce the chance by just not leaving unnecessary services running on the VM you’re connecting to the VPN from.
Ultimately, having access to your sudo password might not be important, depending on what ports might be open on your host machine, how strong your passwords are, whether the hypervisor you’re using has a bunch of unpatched privesc / escapes, etc.
Seeing that you are aware of all of the privacy issues, I am guessing that you have a pretty good VM. Can you tell me how you configured it?
So ultimately the most secure computer you can build is the one which you never plug into power. Once you turn it on and connect it to any network the concept of security becomes an exercise in risk management.
I would suspect that what most people here do is run a Kali VM and don’t leave services which are unnecessary running for any longer than they need to. If you look at the output of the netstat command I sent earlier and pare that down as much as you can, that probably provides a pretty high bang for the buck.
Beyond that, there are definitely other things you could do including enabling iptables and blocking incoming traffic from the VPN, but the level of effort and the amount of additional hassle for things like that may not really be justified in every case.
Ultimately, how everyone implements their own security hygiene both when using HTB and anywhere else is going to be a personal decision made by weighing the costs and benefits. Some people who are really paranoid may go so far as to use an old laptop which doesn’t have anything important on it outside of HTB.
I personally don’t use VirtualBox, but that’s less about being worried about them not patching and more about just being more familiar with other tools. I personally think that keeping Kali updated, not running unnecessary servers on Kali and avoiding situations where you push things from HTB systems back to your Kali system (especially if you need to enter credentials in order to achieve that) vs pulling are the things which I’d most strongly suggest.
Again, though, your security requirements are going to depend on your personal risk sensitivity. If you keep a ton of super sensitive information on the computer you’re running a VM on, your risk tolerance may well be lower than mine.
just a thought did you set up tor on your VM also its a good idea to have a VPN running on you main system too, but as mentioned above where there is a will there’s a way i guess personally I just have one computer I use for this and all my others are not related to doing these challenges, please bare in mind also that there are people with expert knowledge in these things, but from what i have found in my time online and in this trade, you can never be too careful, just make sure everything is up to date and that your ports are running smoothly, i was thinking of writing a script to check the status of my system everyday or so, just to make sure there are no red flags so to speak, hope this helps even if a little I’m fairly new here myself and always check to see new feeds and info that may help, one last note i was reading an article on how to make an Onion-Pi from a Raspberry Pi 3+ which will connect to the net via VPN & TOR and then you connect to the RPI3 for internet, seemed like a really good idea will post when i get one up and running to share with the community, Bex xx