Pwn0 is the VPN where (almost) anything goes. There’s a forum where you can discuss and walkthrough the challenges with other members. The aim of the platform is to provide realistic challenges, not simulations and points are awarded based on the difficulty of the challenge (easy, medium, hard).
W3Challs is a pentesting training platform with numerous challenges across different categories including Hacking, Cracking, Wargames, Forensic, Cryptography, Steganography and Programming. Finally, they’ve recently announced they are going to be overhauling the dated site and codebase, so expect some big improvements in the coming months. It also boasts a large community with a large catalog of hacking articles and a forum for to have discussions on security related topics. It features numerous hacking missions across multiple categories including Basic, Realistic, Application, Programming, Phonephreaking, JavaScript, Forensic, Extbasic, Stego and IRC missions.
Hack This Site is a free wargames site to test and expand your hacking skills. The site hasn’t been updated since the end of 2012, but the challenges available are still valuable learning resources. Reversing.kr has 26 challenges to test your cracking and reverse engineering abilities.
Along the way you’ll learn some assembly, how to use a debugger, how to single step the lock code, set breakpoints, and examine memory all in an attempt to steal the bearer bonds from the warehouses. The Lockitall devices secure the bearer bounds housed in warehouses owned by the also fictional Cy Yombinator company. Microcorruption is an embedded security CTF where you have to reverse engineer fictional Lockitall electronic lock devices.
Every wargame has a variety of challenges ranging from standard vulnerabilities to reverse engineering challenges.
SmashTheStack is comprised of 7 different wargames – Amateria, Apfel (currently offline), Blackbox, Blowfish, CTF (currently offline), Logic and Tux. Connect to IO via SSH and you can begin hacking on their challenges. They’ve created 3 versions, IO, IO64 and IOarm, with IO being the most mature. IO is a wargame from the createors of, a community project where like-minded people share knowledge about security, AI, VR and more. Toddler’s Bottle are very easy challenges for beginners, Rookiss is rookie level exploitation challenges, Grotesque challenges become much more difficult and painful to solve and, finally, Hacker’s Secret challenges require special techniques to solve. They divide up the challenge into 4 skill levels: Toddler’s Bottle, Rookiss, Grotesque and Hacker’s Secret. You must use some sort of programming, reverse-engineering or exploitation skill to access the content of the files before you are able to submit the solution. Pwnable.kr focuses on ‘pwn’ challenges, similar to CTF, which require you find, read and submit ‘flag’ files corresponding to each challenge. Hacking-Lab provides the CTF challenges for the European Cyber Security Challenge, but they also host ongoing challenges on their platform that anyone can participate in. Just register a free account, setup vpn and start exploring the challenges they offer. Absolute beginners are going to want to start on the Bandit challenges because they are the building blocks you’ll use to complete the other challenges. OverTheWire is designed for people of all experience levels to learn and practice security concepts. The CTF365 training environment is designed for security professionals who are interested in training their offensive skills or sysadmins interested in improving their defensive skills. If you are a beginner to infosec, you can sign up for a free beginner account and get your feet wet with some pre-configured vulnerable servers. On CTF365 users build and defend their own servers while launching attacks on other users’ servers. However, almost every day I come across a forum post where someone is asking where they should begin to learn hacking or how to practice hacking. I’ve compiled this list of some of the best hacking sites to hopefully be a valuable resource for those wondering how they can build and practice their hacking skill set. I hope you find this list helpful, and if you know of any other quality hacking sites, please let me know in the comments, so I can add them to the list. As the world continues to turn everything into an app and connect even the most basic devices to the internet, the demand is only going to grow, so it’s no surprise everyone wants to learn hacking these days. InfoSec skills are in such high demand right now.