Have you ever wondered where to start hacking, acquire more hacking knowledge and even train, test and improve your hacking skills? Here is a compilation, collection, list, directory of the best sites that will help you. The sites listed below will help you understand and practice every aspect of the secure (or rather insecure) side of software, networks (networking), servers and every single element that may be exposed in the(our) binary world.
Please note that this is a mere compilation, all credits go to their respective authors. Creating such challenges requires and involves a lot of time, knowledge and creativity. Respect their work.
Website list:
Pwnable: Pwnable is a classic, one of all-time favorites. pwnable.kr is a non-commercial wargame site which provides various pwn challenges regarding system exploitation. The main purpose of pwnable.kr is ‘fun’. While playing pwnable.kr, you could learn/improve system hacking skills but that shouldn’t be your only purpose. The only thing you must do is click “play” on the upper left zone, choose a game and Pwn it. They provide a scoring system, the harder the challenge is, the more score you win.
24/7 CTF: Join now to continuously test your skills across web, crypto, networking, reversing and exploitation vulnerabilities and challenges.
CTFTIME: One of the biggest Capture The Flag (CTF) archives. They classify the challenges by year and profide useful information and statistics. For example, each competition participating teams, the winning team, their members, their write-ups, etc…
Over The Wire: Again one of all-time favorites. The wargames offered by the OverTheWire community can help you to learn and practice security concepts in the form of fun-filled games. To find out more about a certain wargame, just visit its page linked from the menu on the left. They have a suggested order to play the games in in their “About”.
W3 Challenges: W3Challs is a penetration testing training platform, which offers various computer challenges, in categories related to security: Hacking, Cracking, Wargame, Forensic, Cryptography and Programming. The purpose of this site is to offer realistic challenges, without simulation, and without guessing!
Pwnable.tw: Pwnable.tw is a wargame site for hackers to test and expand their binary exploiting skills. Just as the .kr version (I actually don’t know if they’re related) the only thing you must do is click “challenges” con the upper left webpage tabs. They provide a scoring system, the harder the challenge is, the more score you earn. They also provide write-ups.
Challenges.re: Website created by Dennis Yurichev, the writer of the awesome book “Reverse Engineering for Beginners” (https://beginners.re/).
Reversing Hero: ReversingHero is a 15-challenges computer program, designed to teach you Reverse Engineering. It begins from the real basics, and continues into more advanced topics.
ROP Emporium: Learn return-oriented programming through a series of challenges designed to teach ROP techniques in isolation, with minimal reverse-engineering and bug-hunting.
picoCTF: picoCTF is a computer security game targeted at middle and high school students. The game consists of a series of challenges centered around a unique storyline where participants must reverse engineer, break, hack, decrypt, or do whatever it takes to solve the challenge. The challenges are all set up with the intent of being hacked, making it an excellent, legal way to get hands-on experience.
CTF365: CTF365 is a real life cyber range where users build their own servers and defend them while attacking other servers. It’s what would happen in real life when your server or computer networks are under attack by hackers.
Hack The Box: Hack The Box is an online platform allowing you to test your penetration testing skills and exchange ideas and methodologies with other members of similar interests. It contains several challenges that are constantly updated. Some of them simulating real world scenarios and some of them leaning more towards a CTF style of challenge.
Vulnhub: Their goal is simple: “To provide materials that allows anyone to gain practical ‘hands-on’ experience in digital security, computer software & network administration”
Root Me: The fast, easy, and affordable way to train your hacking skills. Root-me has a wide variety of challenges. CTFs, scripts, system, cracking, cryptanalysis, forensic, network, programming, realist, steganography, web-client, web-server.
Exploit Education: (Formerly Exploit-exercises) Exploit education provides a variety of virtual machines, documentation and challenges that can be used to learn about a variety of computer security issues such as privilege escalation, vulnerability analysis, exploit development, debugging, reverse engineering, and general cyber security issues.
Hack This: Want to learn about hacking and network security? Discover how hacks, dumps and defacements are performed and secure your website against hackers with HackThis.
[]Hack This Site(https://www.hackthissite.org/): Hack This Site is a free, safe and legal training ground for hackers to test and expand their hacking skills. More than just another hacker wargames site, we are a living, breathing community with many active projects in development, with a vast selection of hacking articles and a huge forum where users can discuss hacking, network security, and just about everything. Tune in to the hacker underground and get involved with the project.
Try2Hack: (You will probably get a browser warning about the page not being secure not https) This site provides several security-oriented challenges for your entertainment. It is actually one of the oldest challenge sites still around. The challenges are diverse and get progressively harder.
Hacking Lab: Hacking-Lab is an online ethical hacking, computer network and security challenge platform, dedicated to finding and educating cyber security talents. Hacking-Labs’ goal is to raise awareness towards increased education and ethics in information security through a series of cyber competitions that encompass forensics, cryptography, reverse-engineering, ethical hacking and defense. One key initiative for Hacking-Lab is to foster an environment that creates cyber protection through education.
Smash The Stack - Wargaming Networking: The Smash the Stack Wargaming Network hosts several Wargames.
CTF Katsudon: Incredibly complete CTF collection and validation site. Baby, easy, medium easy, mediuam mediuam, mediuam hard and hard challenges awaits!
Linux privilege escalation: A Linux virtual machine that is based, at the time of writing, on an up-to-date Ubuntu distro (18.04 LTS), but suffers from a number of vulnerabilities that allow a user to escalate to root on the box. This has been designed to help understand how certain built-in applications and services if misconfigured, may be abused by an attacker.
MicroCTFs: Small CTF challenges running on Docker
Reversing.kr: This site tests your ability to Cracking & Reverse Code Engineering. Now Challenge a problem for each environment. (Windows, Linux, .Net, Flash, Java, Python, Mobile..)
Microcorruption: Web-based CTF focused in teaching assembly language and low-level debugging.
Tuoni labs: Cyber security write-ups, exploits and intro about verious topics like ROP (Return Oriented Programming), web exploitation, binary exploitation, reverse engineering, OSCP…
Other compilations:
Captf: List of CTF sites classified as recommended, others, meta, webapp, forensics, recruiting and paid. They also provide donloadable offline games and virtual machines you can download to train with. You can visit their main directory - http://captf.com to explore annual collections since 2004.
CTFS repo: Compilation of challenges and write-ups classified by year.
Amanhardikar’s mindmap: Penetration testing practice lab - vulnerable apps / systems. This one is huge as you will notice.
Compilation of hacking sites covering a wide variety of topics: