Hacking practice

If you want to learn more about vulnerabilities (or just want to have some fun) there are lots of options to practice.

OWASP Juice Shop is a web shop with lots of vulnerabilities. If you’re interested in hacking web applications, this is a good place to start. It covers the whole range of common security issues. The shop is easy to install on your system. It contains a scoreboard listing the vulnerabilities you can find, rated by difficulty. The scoreboard keeps track of your progress, but finding the scoreboard is one of the challenges.

Exploit education contains a couple of training sets, such as Nebula (basic linux exploitation), Phoenix (buffer overflows, format strings, heap exploitation) and Fusion (like Phoenix, but more advanced). For each set there’s a list of challenges, and a virtual machine on which you can practice. There’s also the Main Sequence set, containing a Capture The Flag event with various challenges.

OverTheWire contains a huge number of games and challenges, accessible through SSH. For example the first set, Bandit, teaches the basics of linux commands. On each progressive level, you SSH to the bandit, where you have to find the password for the next level.

W3Challs contains CTF like challenges grouped by category: Hacking, Cracking, Wargame, Forensic, Cryptography and Programming.

IO contains the IO wargame. The challenges are accessible through SSH.