IT Systems, Networks, Security and Education
There are quite a few places online where you can hack anything from one website to a whole network of virtual machines. We use several of these in the classes we teach.
Also, there are sample vulnerable websites you can download and practice on, as well as virtual machines designed to be highly hackable.
These are the tools you should use to sharpen your skills. Don’t “practice” on actual sites or networks; that’ll just get you busted, which isn’t very useful unless the lesson you need to learn is that *what you do is not invisible*.
Here’s another Google Appspot pen-testing practice site, this one focused on XSS (Cross-Site Scripting). Oh, it’s so fun to have sites where you can rampage like Hannibal’s elephants without getting condemned to death by gladiator! “In this training program, you will learn to find and exploit XSS bugs. You’ll use this knowledge to confuse and …
Continue reading “XSS Game :: Learn Cross-Site Scripting, Bug-Test Google Apps, Step 3: Profit”
I’ll let them say it: “This codelab is built around Gruyere /ɡruːˈjɛər/ – a small, cheesy web application that allows its users to publish snippets of text and store assorted files. ‘Unfortunately,’ Gruyere has multiple security bugs ranging from cross-site scripting and cross-site request forgery, to information disclosure, denial of service, and remote code execution. …
Continue reading “Gruyere :: A Cheesy Web App For Your Hacking Delectation”
OWASP Juice Shop: Hmm, let’s see what we can hack here. This isn’t for beginners, but this realistic e-commerce site lets you root around and find things to break without the local gendarmerie knocking at your door. It’s pretty, it’s well-designed and well-coded, and it keys to the OWASP Top 10 Web Vulnerabilities (which you’d …
Continue reading “OWASP Juice Shop :: Get Your Web Hacking Jollies Here [ Hacker Night School ]”
OWASP supports two hackable-website packages, WebGoat and Mutillidae. “WebGoat is a deliberately insecure web application maintained by OWASP designed to teach web application security lessons. This program is a demonstration of common server-side application flaws. The exercises are intended to be used by people to learn about application security and penetration testing techniques.” – https://github.com/WebGoat/WebGoat …
Continue reading “[ Hacker Night School ] :: WebGoat, An OWASP Hacking Practice Website”
I love sites like HackThisSite.org and root-me.org, where you can practice your hacking skills legally and safely. There are also some cool pre-vulnerable-ized web applications/sites that you can download, unzip and use on your hacking lab, like DVWA and Mutillidae. Then there are the dedicated virtual machines like Metasploitable, that give you a whole OS …
Continue reading “[ Hacker Night School ] :: Hacking Practice: the Command Injection ISO”
Where HackThisSite.org is about … hacking that site, root-me.org is a whole platform. That means you can work your way through entire categories of Challenges: apps, crypto, forensics, stego, web clients and servers, and so forth. This is a blast. Don’t take my word for it. Go see. There’s an active and helpful community with …
Continue reading “[ Hacker Night School ] :: Get your hack on crackin this site: root-me.org”
HackThisSite is the perfect place to start this list of online hacking platforms. It’s been around a long time, and has a really active community. Of course, the specific flavor of hacking you’ll pursue here is web application testing. The domain name doesn’t lie: you’re welcome to try most kinds of mapping, testing and cracking …
Continue reading “[ Hacker Night School ] :: Sites To Practice Hacking: HackThisSite.org”