Like they say; “practice makes perfect”. After completing a bunch of hacking and pentesting tutorials, the next step should be to practice your skills. As a wannabe ethical hacker, it is downright unethical to experiment with the websites/products of others. At least, without their permission. This is why there are some platforms to aid the practical approach without breaking the law. Here are some sites to visit in order to practice and sharpen your hacking skills:
Hackthissite: A free platform and wargames site for web hacking. It’s training ground is a legal and safe spot for anyone willing to test how much of a hacker they are. It features many challenges across multiple categories including Basic, Realistic, Application, Programming, Phonephreaking, JavaScript, Forensics among many others. In addition to this, the site comes packed with hacking articles and a forum where users discuss everything security-related.
Hackthis!: Discover how hacks, dumps and defacements are performed while learning everything you need to know about hacking and network security. There are 50+ hacking challenges and each is rewarded with points. The scoreboard features who has the highest points so far. Apart from this, the site features educational security articles and a thriving community, which can be seen from the forums.
HellBound Hackers: Here, a hands-on approach to computer security is implemented. You quickly learn the methods used by hackers to break in, as well as become more adept at keeping them out. There are web and app patching challenges, where the trainee has to evaluate a piece of code and identify any vulnerabilities/exploits, and then make suggestions on how said vulnerability can be patched. Activities are timed, giving a rush and a sense of urgency during the process.
Overthewire: A series of wargames tailored for the full practical hacking/security experience. Beginners may choose to start at the ‘bandit’ challenges, then gradually progress to more advanced concepts. Zero to hero in a step-by-step way.
Google Gruyere: Here, you’ll practice how hackers find security vulnerabilities, how they exploit web applications and most importantly, you’ll learn how to stop malicious hackers. Activities cover vulnerabilities such as cross-site scripting, cross-site request forgery and remote code execution.
Root me: Available in 3 languages; French, German and of course English, this site provides a fast, easy, and affordable way to train your hacking skills. At the moment of writing this, Challenges are available to train yourself in different and not simulated environments, offering you a way to learn a lot of hacking techniques. virtual environments are available, accessible with a few clicks, to give you a realistic learning environment, without any limitation. Simply sign up and begin!
Try2hack: This site may be old, but that doesn’t make it any less helpful. It features several security-oriented challenges which are different, cover a wide range of security domains and get progressively harder. The IRC channel community is available for anyone needing help with the challenges.
Hack.me: This is a free, community based project powered by eLearnSecurity. The community can build, host and share vulnerable web application code for educational and research purposes. It has a large collection of vulnerable web applications, code samples and CMS’s online, which can be run safely in a sandbox.
Enigma project: A legal and safe security resource where members can develop their pen-testing skills on various given challenges . These challenges cover the exploits listed in the OWASP Top 10 Project and teach members the many other types of exploits that are found in today’s applications; thus, helping them to become better programmers in the mean time. They go by the slogan: “by knowing your enemy, you can defeat your enemy.” The site has some impressive statistics; 50000+ members, over 300 challenges, 200+ articles, 500000+ forum posts and 28000+ exploits database. To get users in the competitive spirit, there are monthly and weekly contests.
Let us know if there are any practice sites that you think should be added to the list