Skip to content

NXNJZ

Linux and Security

  • BLOG
  • Cowsay Fortune
  • Contact
  • Gitlab
  • Company Homepage

Tag: labs

List of security labs/challenges/CTFs

Posted on June 25, 2018 - May 4, 2020 by nxnjz

Listed below are some of the best websites and platforms where you can play hacking games, solve challenges, hack realistic systems and web applications, etc.

 

Metasploitable 2 (offline, free)

Metasploitable is a Linux virtual machine that you can download and set up on your system. It is vulnerable and exploitable in almost every way possible. Recommended for beginners. You can find the exploitability guide here.

 

Damn Vulnerable Web Application a.k.a DVWA (offline, free)

DVWA is a web app using PHP and MySQL that is extremely vulnerable. It is available both as a package that you can setup on your own webserver, or as a full iso file.

  • Download zip package (1.3MB, v1.9)
  • Download Live CD (480MB, v1.0.7)

 

HackTheBox.eu (online, free, optional VIP subscription)

Registration on HackTheBox requires you to ‘hack’ your way in. It is a simple task. If you find yourself unable to get the invite code by yourself, you will have a very hard time solving their challenges and hacking their boxes.  Learn some more then try again.

  • Independent challenges : Reverse Engineering, Cryptography, Steganography, Web applications, and more.
  • Servers: From easily hackable in 2 hours to dozens of hours of nightmares.

 

OverTheWire.org (online, free)

You don’t need to register. Just choose a game (each game requires different skills) and try to progress through the levels. Most games are SSH based. Various levels of difficulty from very easy to extremely hard.

 

HackThisSite.org (online, free)

Different missions requiring different skillsets, each with multiple levels and varying difficulties. Registration is required and is straightforward.

 

VulnHub.com (offline, free)

VulnHub hosts a large number of virtual machines which you can download and run on your own system and try to hack them. The goal is to get root privileges on that virtual machine. Varying difficulty levels and required skillsets.

 

HackThis.co.uk (online, free)

This websites offers challenges, similar to hackthissite.org and hackthebox.eu challenges. Registration is required.

 

Game Of Hacks (online, free)

You have to find the vulnerability in a piece of code, as quickly as possible.

 

Others

 

  • WebGoat (OWASP project), instructions and downloads here.
  • Damn Vulnerable iOS application.
  • Google Gruyere, a very vulnerable web application based online, no need to download anything.
  • PentesterLab.
  • W3Challs, online challenges.
  • bWAPP, another extremely vulnerable web app available for download, just the app or pre-installed on a VM.
  • Hell Bound Hackers.
  • ThisIsLegal, online challenges.
  • Hackme
  • HackerTest.net, 20 online challenges.

 

This post is constantly updated, more resources will be added.

 

Posted in CTF/LabsTagged capture the flag, ctf, labs, practice1 Comment

Recent Posts

  • CVE-2021-42052 full disclosure
  • How to Set Up an Interactive SSH Honeypot on CentOS 8.
  • HackTheBox.eu Jarvis Writeup
  • How to setup a simple proxy server with tinyproxy (Debian 10 Buster)
  • How to Install qdPM 9.1 on Debian 10 LEMP

Tags

802.11 ampache apache aspx bash cd centos cms crm cve debian exploits fedora fulldisclosure hackthebox honeypot http httpd ifconfig iw iwconfig labs lfi linux mariadb memory monit music nginx pastebin php privatebin privesc project management proxy reconnoitre selinux shopt ssh systemd txpower ubuntu wallabag wireless xxe

Categories

  • BASH (1)
  • CTF/Labs (2)
  • CVE / full disclosure (1)
  • Information Gathering (1)
  • Linux (25)
  • Password Cracking (1)
  • Privilege Escalation (2)
  • SQL Injection (1)
  • Web-Shells (1)
  • Wifi (2)
  • XXE (1)

Recent Comments

  • Bernard Martiny on How to Install PrivateBin on Ubuntu 18.04 LTS
  • VuCSA on List of security labs/challenges/CTFs
  • Brian on How to Install PrivateBin on Fedora 29.
  • Tyreeb on Installing Ampache on CentOS 7.
  • Christian Mora on Installing Ampache on CentOS 7.