22 Best Hacking Sites To Legally Practice Hacking 2016
However, almost every day I come across a forum post where someone is asking where they should begin to learn hacking or how to practice hacking. I’ve compiled this list of some of the best hacking sites to hopefully be a valuable resource for those wondering how they can build and practice their hacking skill set. I hope you find this list helpful, and if you know of any other quality hacking sites, please let me know in the comments, so I can add them to the list.
1. CTF365
On CTF365 users build and defend their own servers while launching attacks on other users’ servers. The CTF365 training
environment is designed for security professionals who are interested
in training their offensive skills or sysadmins interested in improving
their defensive skills. If you are a beginner to infosec, you can sign
up for a free beginner account and get your feet wet with
some pre-configured vulnerable servers.
2. OverTheWire
OverTheWire is designed
for people of all experience levels to learn and practice security
concepts. Absolute beginners are going to want to start on the
Bandit challenges because they are the building blocks you’ll use to
complete the other challenges.
3. Hacking-Lab
Hacking-Lab provides the
CTF challenges for the European Cyber Security Challenge, but they also
host ongoing challenges on their platform that anyone can participate
in. Just register a free account, setup vpn and start exploring the
challenges they offer.
4. pwnable.kr
pwnable.kr focuses
on ‘pwn’ challenges, similar to CTF, which require you find, read and
submit ‘flag’ files corresponding to each challenge. You must use some
sort of programming, reverse-engineering or exploitation skill to access
the content of the files before you are able to submit the solution.
They divide up the challenge into 4 skill
levels: Toddler’s Bottle, Rookiss, Grotesque and Hacker’s Secret.
Toddler’s Bottle are very easy challenges for beginners, Rookiss is
rookie level exploitation challenges, Grotesque challenges become much
more difficult and painful to solve and, finally, Hacker’s Secret
challenges require special techniques to solve.
5. IO
IO is a wargame from the
createors of netgarage.org, a community project where like-minded
people share knowledge about security, AI, VR and more. They’ve created 3
versions, IO, IO64 and IOarm, with IO being the most mature. Connect to
IO via SSH and you can begin hacking on their challenges.
6. SmashTheStack
SmashTheStack is
comprised of 7 different wargames – Amateria, Apfel (currently offline),
Blackbox, Blowfish, CTF (currently offline), Logic and Tux. Every
wargame has a variety of challenges ranging from standard
vulnerabilities to reverse engineering challenges.
7. Microcorruption
Microcorruption is an
embedded security CTF where you have to reverse engineer fictional
Lockitall electronic lock devices. The Lockitall devices secure the
bearer bounds housed in warehouses owned by the also fictional Cy
Yombinator company. Along the way you’ll learn some assembly, how to use
a debugger, how to single step the lock code, set breakpoints, and
examine memory all in an attempt to steal the bearer bonds from the
warehouses.
8. reversing.kr
reversing.kr has 26
challenges to test your cracking and reverse engineering abilities. The
site hasn’t been updated since the end of 2012, but the challenges
available are still valuable learning resources.
9. Hack This Site
Hack This Site is a free
wargames site to test and expand your hacking skills. It features
numerous hacking missions across multiple categories including Basic,
Realistic, Application, Programming, Phonephreaking, JavaScript,
Forensic, Extbasic, Stego and IRC missions. It also boasts a large
community with a large catalog of hacking articles and a forum for to
have discussions on security related topics. Finally, they’ve recently
announced they are going to be overhauling the dated site and codebase,
so expect some big improvements in the coming months.
10. W3Challs
W3Challs is a pentesting
training platform with numerous challenges across different categories
including Hacking, Cracking, Wargames, Forensic, Cryptography,
Steganography and Programming. The aim of the platform is to provide
realistic challenges, not simulations and points are awarded based on
the difficulty of the challenge (easy, medium, hard). There’s a forum
where you can discuss and walkthrough the challenges with other members.
11. pwn0
pwn0 is the VPN where (almost) anything goes. Go up against pwn0bots or other users and score points by gaining root on other systems.
12. Exploit Exercises
Exploit Exercises provides
a variety of virtual machines, documentation and challenges that can be
used to learn about a variety of computer security issues such as
privilege escalation, vulnerability analysis, exploit development,
debugging, reverse engineering, and general cyber security issues.
13. RingZer0 Team Online CTF
RingZer0 Team Online CTF offers
a ton of challenges, 234 as of this post, that will test your hacking
skills across multiple categories including Cryptography, Jail Escaping,
Malware Analysis, SQL Injection, Shellcoding and more. After you
successfully complete a challenge, you can write up your solution and
submit it to the RingZer0 Team. If your write up is accepted, you’ll
earn RingZer0Gold which can be exchanged for hints during future
challenges.
14. Hellbound Hackers
Hellbound Hackers offers
traditional exploit challenges, but they also offer some challenges
that others don’t such as web and app patching and timed challenges. The
web and app patching challenges have you evaluating a small snippet of
code, identifying the exploitable line of code and suggesting a the code
to patch it. The timed challenges have the extra constraint of solving
the challenge in a set amount of time. I thought these two categories
were a cool differentiator from most other CTF sites.
15. Try2Hack
Try2Hack provides
several security oriented challenges for your entertainment and is one
of the oldest challenge sites still around. The challenges are diverse
and get progressively harder.
16. Hack.me
Hack.me is a large
collection of vulnerable web apps for practicing your offensive hacking
skills. All vulnerable web apps are contributed by the community and
each one can be run on the fly in a safe, isolated sandbox.
17. HackThis!!
HackThis!! is comprised
of 50+ hacking levels with each worth a set number of points depending
on its difficulty level. Similar to Hack This Site, HackThis!! also
features a lively community, numerous hacking related articles and news,
and a forum where you can discuss the levels and a security related
topics that might be of interest to you.
18. Enigma Group
Enigma Group has over
300 challenges with a focus on the OWASP Top 10 exploits. They boast
nearly 48,000 active members and host weekly CTF challenges as well as
weekly and monthly contests.
19. Google Gruyere
Google Gruyere shows how
web application vulnerabilities can be exploited and how to defend
against these attacks. You’ll get a chance to do some real penetration
testing and actually exploit a real application with attacks like XSS
and XSRF.
20. Game of Hacks
Game of Hacks presents
you with a series of code snippets, multiple choice quiz style, and you
must identify the correct vulnerability in the code. While it’s not
nearly as in depth as the others on this list, it’s a nice game for
identifying vulnerabilities within source code.
21. Root Me
Root Me hosts over 200
hacking challenges and 50 virtual environments allowing you to practice
your hacking skills across a variety of scenarios. It’s definitely one
of the best sites on this list.
22. CTFtime
While CTFtime is not a
hacking site like the others on this list, it is great resource to stay
up to date on CTF events happening around the globe. So if you’re
interested in joining a CTF team or participating in an event, then this
is the resource for you.
No comments: