If you are an ethical hacker and want to test your skills, check out these five sites that provide you with a sandbox to log in and try to hack them legally.
1. Google Gruyere
The Google Gruyere is Google's attempt to get into the world of hacking. The Google Gruyere website is full of holes and so is using it the word "Gruyer" (gruyere), which is a Swiss cheese. Even the site has a cheese wallpaper background!
Once you get started, Google Gruyere will give you some challenges to run. It has a deliberately weak and vulnerable code to exploit. The problems underline these weak areas and give you a goal to accomplish.
If you are stuck on how to complete a challenge, don't worry. Each mission comes with some tips to help you move in the right direction. If you still can't move on, you can look at the solution and apply it yourself to get a sense of how this hack works.
The site HackThis, is trying to give you a "real" mission.
It has a wide variety of challenges in different categories. There are fundamental challenges and difficult challenges to try, depending on your skill level. If you want to try disabling plain CAPTCHA codes, there is an entire section for that.
There is even a "real" category that includes fun fictional scenarios where you have to hack a website for your customer.
The best part about HackThis is the hints it offers. Each puzzle has a special tips page where you can talk to forum members and discuss where you are wrong. Members will never give you the solution so you can understand for yourself what you need to do.
While hacking sites are useful, there are some bugs and some exploits that they can't cover. For example, these sites may not ask you for challenges that would result in you downloading the site itself. If they did, no one else would be there later!
Therefore, it is best to attempt a destructive attack on your own server that you have created, so as not to damage other people's websites. If you are interested in this aspect of piracy, try it buggy web application (bWAPP).
The main feature of the bWAPP application is the huge number of errors. It has over 100 errors, ranging from DDoS vulnerabilities to Heartbleed vulnerabilities Bugs in HTML5 ClickJacking. If you want to know about a particular vulnerability, there is a good chance you can find it at bWAPP.
When you want to try it, download it for free and run it on the target system. Once it runs, you can launch attacks without worrying about an annoying webmaster trying to stop you.
The OverTheWire features wargames and warzones with the most advanced hacking attacks. Wargames are unique hacking scenarios, usually with little history, to be more plausible. Wargames can be a competitive event between hackers, either as a race or as an attacker on each other's servers.
Although this may sound complicated and scary, don't worry. The site still has lessons ranging from the basics to the most advanced tricks. It requires a Secure Shell (SSH) connection, so be sure to find out SSH if you want to try OverTheWire. Fortunately, there are easy ways to configure SSH in Windows, so it shouldn't be too big of an obstacle.
OverTheWire has three main uses. To begin with, you can play through small games with increasing difficulty to learn how to hack. Once you have some skill, you can download wargames with unique backstories for a more exciting experience.
There's also Warzone, which is a dedicated network, designed to work just like an Internet IPV4. Users can place sensitive devices on this network and others can use them to practice their piracy skills.
At the time of writing this article, there is an exercise that replicates his hack Kevin Mitnick at Tsutomu Shimomura, 1995. Now you can put yourself in Mitnik's position and see if you can break the safety yourself!
5. Hack This Site
Another site that invites you to is Hack This Site and is a great source of learning. It extends from beginner-oriented courses to dedicated phone line hosting for phreak attacks.
Some of the missions have a short story to keep you interested in the lessons. For example, users in the basic lesson will join Network Security Sam. Sam is a man who stubbornly refuses to save the code on his website, so he has to remember it. But every time you break his security and discover his code, he adds more security to his website.
"Realistic" exercises are also enjoyable. These are fake websites designed to teach you to hack with a specific purpose. They range from hitting a voting system to putting someone first on the list of preferences or erasing the work of some spiritual people, such as poets, etc.
Each puzzle comes with a special thread in the forums where you can get help. Problems and discussions have been around for a long time, and users have posted a lot of useful information. Again, no one will tell you the solution to every challenge clearly. But if you are willing to do some research, you will find their tips useful enough to solve the puzzle.
Do these sites promote illegal piracy?
As you browse through these websites, you may realize that various malicious people can use exactly the same, malicious skills. For example, some of the "realistic" missions are intended to break a library system or voting website for the best music band. It is easy to assume that these websites train the scammers to become better at their jobs.
The truth is, if these sites did not exist, hacker scammers could get relevant lessons and help from Dark web. Meanwhile, website developers, the people who need to learn hacking techniques to protect themselves, have a chance to learn and try these hacking techniques.
It's like a knife. In the hands of a surgeon he performs miracles, while in the hands of a robber he becomes a deadly tool. Therefore, by publishing this information, it gives developers the practice they need to secure their websites.