Hi everyone, this semester my students of Security in Information Systems had to do a security auditing on a specific network, with penetrating testing phase. In order to bring more challenges to them, I’ve search for online challenges and ready to hack virtual machines.
Most of this list was based on the contributions of the members of Redteam: Association of Penetration Testers.
- http://old.roothack.org/games/sirens/info – SSH access to their servers, hack through levels
- http://heorot.net/forums/ – simulated company via – 3 Level livecds, other challenge + 1 livecd
- http://www.hackthissite.org/ – Web app pentesting
- http://livesquare.com/wargames.asp – War games challenges. The targets are real-world and involve both windows and linux based systems. They have rules and a pre-registration contract is required.
- http://www.happyhacker.org/wargame/index.shtml – More challenges related to wargames
- http://www.astalavista.com/ – More wargames and hacking challenges
- http://www.overthewire.org/wargames/ – More wargames and hacking challenges
- http://sourceforge.net/projects/dvwa/ – Damn Vulnerable Web App – Download – Install on a VM
- http://www.owasp.org/index.php/Category:OWASP_WebGoat_Project – This is an OWASP project and another mess of an App, this one in J2EE, Install instruction on site
- http://punter-infosec.com/vulnerable-web-applications-to-learn-web-application-testing-skills – Testing Web Applications – More links on site
- http://punter-infosec.com/learning-penetration-testing-skills-in-today%E2%80%99s-chaotic-world – Wargames, hacking and vulnerable Vulnerable Labs/Live CD’s
- http://google-gruyere.appspot.com/ – Web Application Exploits and Defenses
- http://www.badstore.net/ – Badstore.net is dedicated to helping you understand how hackers prey on Web application vulnerabilities, and to showing you how to reduce your exposure. – Live CD
- http://www.mcafee.com/us/downloads/free-tools/index.aspx – Foundstone SASS Tools – Hackme *** – Hacme are designed to teach application developers, programmers, architects and security professionals how to create secure software.
- http://intruded.net/wargames.html – More wargames
- http://io.smashthestack.org/ – More wargames
- http://www.net-force.nl/challenges/ – Challenges
- http://www.seguridadinformatica.org/torneo/ – Spanish challenge
- http://www.mavensecurity.com/web_security_dojo/ – A free open-source self-contained training environment for Web Application Security penetration testing. Tools + Targets = Dojo
- http://stackoverflow.com/questions/365309/where-can-i-find-a-deliberately-insecure-open-source-web-application – “deliberately insecure web apps”
- http://www.hellboundhackers.org/ – More challenges
- http://smashthestack.org/wargames.php – several different wargames (not just, IO) with multiple levels. From programming exploits, encryption, ctf, etc.
- http://www.securitydistro.com/security-distros/Damn-Vulnerable-Linux-DVL/downloads – Damn Vulnerable Linux (DVL) is everything a good Linux distribution isn’t. Its developers have spent hours stuffing it with broken, ill-configured, outdated, and exploitable software that makes it vulnerable to attacks.
That’s it, learn by doing it.