Have you ever wondered where to start hacking, acquire more hacking knowledge and even train, test and improve your hacking skills? Here is a compilation, collection, list, directory of the best sites that will help you. The sites listed below will help you understand and practice every aspect of the secure (or rather insecure) side of software, networks (networking), servers and every single element that may be exposed in the(our) binary world.
Please note that this is a mere compilation, all credits go to their respective authors. Creating such challenges requires and involves a lot of time, knowledge and creativity. Respect their work.
The list is ordered in no particular way.
- Pwnable http://pwnable.kr/ Pwnable is a classic, one of all-time favorites. pwnable.kr is a non-commercial wargame site which provides various pwn challenges regarding system exploitation. The main purpose of pwnable.kr is ‘fun’. While playing pwnable.kr, you could learn/improve system hacking skills but that shouldn’t be your only purpose. The only thing you must do is click “play” on the upper left zone, choose a game and Pwn it. They provide a scoring system, the harder the challenge is, the more score you win.
- 24/7 CTF https://247ctf.com/ Join now to continuously test your skills across web, crypto, networking, reversing and exploitation vulnerabilities and challenges.
- CTFTIME https://ctftime.org/ One of the biggest Capture The Flag (CTF) archives. They classify the challenges by year and profide useful information and statistics. For example, each competition participating teams, the winning team, their members, their write-ups, etc…
- Over The Wire http://overthewire.org/wargames/ Again one of all-time favorites. The wargames offered by the OverTheWire community can help you to learn and practice security concepts in the form of fun-filled games. To find out more about a certain wargame, just visit its page linked from the menu on the left. They have a suggested order to play the games in in their “About”.
- W3 Challenges https://w3challs.com/ W3Challs is a penetration testing training platform, which offers various computer challenges, in categories related to security: Hacking, Cracking, Wargame, Forensic, Cryptography and Programming. The purpose of this site is to offer realistic challenges, without simulation, and without guessing!
- Pwnable.tw https://pwnable.tw/ Pwnable.tw is a wargame site for hackers to test and expand their binary exploiting skills. Just as the .kr version (I actually don’t know if they’re related) the only thing you must do is click “challenges” con the upper left webpage tabs. They provide a scoring system, the harder the challenge is, the more score you earn. They also provide write-ups.
- Challenges.re https://challenges.re/ Website created by Dennis Yurichev, the writer of the awesome book “Reverse Engineering for Beginners” https://beginners.re/
- Reversing Hero https://www.reversinghero.com/ ReversingHero is a 15-challenges computer program, designed to teach you Reverse Engineering. It begins from the real basics, and continues into more advanced topics.
- ROP Emporium https://ropemporium.com/ Learn return-oriented programming through a series of challenges designed to teach ROP techniques in isolation, with minimal reverse-engineering and bug-hunting.
- picoCTF https://picoctf.com/ picoCTF is a computer security game targeted at middle and high school students. The game consists of a series of challenges centered around a unique storyline where participants must reverse engineer, break, hack, decrypt, or do whatever it takes to solve the challenge. The challenges are all set up with the intent of being hacked, making it an excellent, legal way to get hands-on experience. Their code is accessible via picoCTF Git repo
- CTF365 https://ctf365.com/ CTF365 is a real life cyber range where users build their own servers and defend them while attacking other servers. It’s what would happen in real life when your server or computer networks are under attack by hackers.
- Hack The Box https://www.hackthebox.eu/ Hack The Box is an online platform allowing you to test your penetration testing skills and exchange ideas and methodologies with other members of similar interests. It contains several challenges that are constantly updated. Some of them simulating real world scenarios and some of them leaning more towards a CTF style of challenge.
- Root Me https://www.root-me.org/en/Challenges/ The fast, easy, and affordable way to train your hacking skills. Root-me has a wide variety of challenges. CTFs, scripts, system, cracking, cryptanalysis, forensic, network, programming, realist, steganography, web-client, web-server.
- Exploit Education https://exploit.education/ (Formerly Exploit-exercises) Exploit education provides a variety of virtual machines, documentation and challenges that can be used to learn about a variety of computer security issues such as privilege escalation, vulnerability analysis, exploit development, debugging, reverse engineering, and general cyber security issues.
- Hack This https://www.hackthis.co.uk/ Want to learn about hacking and network security? Discover how hacks, dumps and defacements are performed and secure your website against hackers with HackThis.
- Hack This Site https://www.hackthissite.org/ Hack This Site is a free, safe and legal training ground for hackers to test and expand their hacking skills. More than just another hacker wargames site, we are a living, breathing community with many active projects in development, with a vast selection of hacking articles and a huge forum where users can discuss hacking, network security, and just about everything. Tune in to the hacker underground and get involved with the project.
- Try2Hack http://www.try2hack.nl/ (You will probably get a browser warning about the page not being secure not https) This site provides several security-oriented challenges for your entertainment. It is actually one of the oldest challenge sites still around. The challenges are diverse and get progressively harder.
- Hacking Lab https://www.hacking-lab.com/index.html Hacking-Lab is an online ethical hacking, computer network and security challenge platform, dedicated to finding and educating cyber security talents. Hacking-Labs’ goal is to raise awareness towards increased education and ethics in information security through a series of cyber competitions that encompass forensics, cryptography, reverse-engineering, ethical hacking and defense. One key initiative for Hacking-Lab is to foster an environment that creates cyber protection through education.
- IO wargame http://io.netgarage.org/
- Smash The Stack - Wargaming Networking http://smashthestack.org/wargames.html The Smash the Stack Wargaming Network hosts several Wargames.
- CTF Katsudon https://ctf.katsudon.org/ctf4u/ Incredibly complete CTF collection and validation site. Baby, easy, medium easy, mediuam mediuam, mediuam hard and hard challenges awaits!
- CCN-CERT’s ATENEA (Spanish only) https://atenea.ccn-cert.cni.es/home Collection of interdisciplinary challenges issuing criptography, steganography, exploiting, forensics, networking and reversing.
- Linux privilege escalation https://in.security/lin-security-practise-your-linux-privilege-escalation-foo/ A Linux virtual machine that is based, at the time of writing, on an up-to-date Ubuntu distro (18.04 LTS), but suffers from a number of vulnerabilities that allow a user to escalate to root on the box. This has been designed to help understand how certain built-in applications and services if misconfigured, may be abused by an attacker.
- MicroCTFs https://github.com/gabemarshall/microctfs Small CTF challenges running on Docker
- Reversing.kr http://reversing.kr/ This site tests your ability to Cracking & Reverse Code Engineering. Now Challenge a problem for each environment. (Windows, Linux, .Net, Flash, Java, Python, Mobile..)
Microcorruption https://microcorruption.com/login Web-based CTF focused in teaching assembly language and low-level debugging.
- Tuoni labs https://tuonilabs.wordpress.com/ Cyber security write-ups, exploits and intro about verious topics like ROP (Return Oriented Programming), web exploitation, binary exploitation, reverse engineering, OSCP…
Courses, guided learning
- Exploiting and reversing with free tools Link (too long) (You will probably get a browser warning about the page not being secure not https) Guided course by the one and only Ricardo Narvaja. Exploting and reversing using only free tools. Both English and Spanish.
- Begin.re https://www.begin.re/ If you have been searching for a place to get started with Reverse Engineering and get your hands dirty, Begin.re is the right place. The correct place for x86 newcomers.
- Modern Binary Exploitation course http://security.cs.rpi.edu/courses/binexp-spring2015/
- Azeria’s basics on ARM https://azeria-labs.com/writing-arm-assembly-part-1/ Tutorial series on ARM assembly basics.
There are also other websites that, just like this one, in turn gather the best in order to bring us a huge variety of hacking training platforms/frameworks.
- Captf http://captf.com/practice-ctf/ List of CTF sites classified as recommended, others, meta, webapp, forensics, recruiting and paid. They also provide donloadable offline games and virtual machines you can download to train with. You can visit their main directory - http://captf.com to explore annual collections since 2004.
- CTFS repo https://github.com/ctfs Compilation of challenges and write-ups classified by year.
- Amanhardikar’s mindmap http://www.amanhardikar.com/mindmaps/Practice.html Penetration testing practice lab - vulnerable apps / systems. This one is huge as you will notice.
- Vulnhub https://www.vulnhub.com/ Their goal is simple: “To provide materials that allows anyone to gain practical ‘hands-on’ experience in digital security, computer software & network administration”
- Compilation of hacking sites covering a wide variety of topics https://tiwim.github.io/pages/linklist.html
- Online article (in spanish) “14 webs para poner a pruebas tus habilidades como hacker”. (14 webs to test your skills as a hacker) https://www.r3cybersecurity.com/webs-para-poner-a-prueba-habilidades-hacking/
- Reverse engineering reading list: https://github.com/onethawt/reverseengineering-reading-list
- G0Blin writeups https://g0blin.co.uk/
This compilation is in constant growth and change as it’s being actively maintained. If you miss a page and consider it is worth posting, have suggestions or find errors, please contact the author (@Razvieu).
Sites that once were available for public access but not anymore.
- Builds Hack Me http://ctf.slothparadise.com/ Not available anymore (21st October 2019) (However, the github repo is still available https://github.com/allanlw/builds-hackme) As soon as you enter the site, you will see no play button. This one is a real simulation, you must inspect source code and start digging to gather info and Pwn it :D
- Hackers.gg https://hackers.gg/ Not available anymore (21st October 2019)
- Pwnctf.io http://pwnctf.io/challenges Not available anymore (21st October 2019). You must register as a team in order to see the challenges. Afterward you can see the challenges are divided into steganography, crypography, forensics, web, reverse engineering, miscellaneous, recon, trivia and encoding.