Want to get started hacking things but don’t want to do anything illegal? Here are some challenges others have made to help you practice some hacking skills. By participating in the challenges you could learn the following skills:

HTML/JS/CSS manipulation and decoding

SQL – injections, bugs, limitations

Linux hacking such as: escalating your privileges, gaining access to things you shouldn’t, stealing data

Linux CLI such as: tr, nc, tcpdump, strings, base64, xxd, etc.

Programming in languages such as: python, c, ruby, bash, perl, etc.

Windows hacking such as: accessing a system you shouldn’t be able to access, dumping memory, stealing user data

Memory forensics. Looking at crash dumps or memory data and deciphering it

Disassembling. Running programs through a hexeditor or disassembler to reverse engineer them.

Steganography – the practice of hiding or extracting messages in files that serve a different purpose

Encrypting/Decrypting – decrypting and deciphering messages

Password cracking – using John the ripper

Wireshark analysis

Pen testing – trying to exploit vulnerabilities in systems with known problems

Hacking tools – learn to use metasploit, beef, ida, burpsuite etc.

Are you looking for only ‘programming hacker’ type challenges? Try the Games to Test Your Programming Skills post.

PicoCTF

https://picoctf.com

PicoCTF is a great place for anyone to start. It’s a game that has many increasingly difficult challenges with a story behind it. Try to get all the way through it!

OverTheWire Wargames

http://overthewire.org/wargames/

This is a great set of challenges that has a wide range of problems to solve. The beginning challenge “Bandit” will challenge your linux CLI skills and shows you ways you can do things you probably shouldn’t be able to in linux as that user. The “Krypton” challenge will show you some basic crypto and have you decode it. The “Natas” challenge is a series of websites that challenges you to hack them and manipulate them to gain access in ways you shouldn’t be able to. Try all 4 of these to see where you niche is in solving challenges.

SmashTheStack

http://smashthestack.org/

Similar to some of the OverTheWire challenges, SmashTheStack lets you ssh to their system and solve the puzzles. The problem I had with this is the lack of cleanup done by admins and many files were left by previous participants which can get hairy real fast.

HackThisSite

http://www.hackthissite.org/

Another hacking challenge site.

FRA Challenges

http://challenge.fra.se/

This is a Swedish company’s recruitment page. In it, are over a dozen challenges they’ve had throughout the years. Their goal is to find people who can solve these challenges so they can hire them. These challenges are super fun to try.

To help you along or give you an idea of how in depth their challenges are, here’s a walkthrough for Informationssäkerhetsspecialist. https://www.youtube.com/watch?v=tvdETwpTaC8

p0wnlabs

http://www.p0wnlabs.com/free/vms

A great resource listing numerous vulnerable VMs. Such as:

Metasploitable – a vulnerable VM from Rapid 7 (os hacking)

Webgoat – a lab from OWASP (website hacking)

Vuln Hub

https://www.vulnhub.com/

Another big list of vulnerable VMs and past CTFs that can be attempted anytime.

Damn Vulnerable Web Application

http://www.dvwa.co.uk/

A web application that you download and get running then try to hack.

Crack Me if You Can

http://contest.korelogic.com/

A contest that was previously held at DefCon which has various password hash dumps for you you to try cracking. A great way to learn how to use tools like John the Ripper and other brute forcers.

Malware Hunter Lab

https://www.alienvault.com/blogs/security-essentials/building-a-home-lab-to-become-a-malware-hunter-a-beginners-guide?utm_medium=Social

Alien Vault has a nice writeup on how to build a home lab to practice hunting for malware.

Ring Zero

https://ringzer0team.com/ An online, Jeopardy style, CTF where you compete with others working on the same puzzles. This CTF doesn’t appear to be timed and is always running.

Embedded Security CTF

https://microcorruption.com

Another CTF to try that is not time based.

CTF Field Guide

https:///trailofbits.github.io/ctf

A helpful website that gives tips on solving CTFs and gets you started with all of this.

Another huge list

http://www.amanhardikar.com/mindmaps/Practice.html

Tons of links here to even more challenges, vms, ctfs, etc.

Next steps: CTF

Now that you’re all skilled up on the various hacking skills, it’s time to compete in an CTF. These are live challenges, often a team event, where you are given a specific challenge and time limit. Each team competes to solve the puzzles to score points.

CTFs usually break down into two categories: jeopardy and attack-defense. Jeopardy ones are more geared towards solving pre-defined challenges, while attack-defense puts your team up against another team where you try to get into their system while they try to get into yours.

This website tracks all the upcoming CTFs. Find one and compete. I’m sure you’ll learn a ton of new stuff!

https://ctftime.org/

Hacker Experience

https://legacy.hackerexperience.com/

Not quite a challenge that will teach you how to hack, but a funny little game anyways regarding hacking.