Understanding hack me and other online resources
There are several other resources that can be accessed either online or installed in VirtualBox that you can use to hone your penetration testing skills. The following list contains few resources you may want to explore as a supplement to the exercises in this book:
hack.me | Easy to advanced challenges | |
Hack this site | Easy to advanced challenges | |
Vulnerable by design | Easy to advanced challenges | |
Bee-Box | Vulnerable web sites | |
Moth | Vulnerable web applications | |
RasPwn | Vulnerable Raspberry Pi image | |
OWASP-BWA | OWASP broken web application | https://www.owasp.org/index.php/OWASP_Broken_Web_Applications_Project |
Hackfest 2016 Sedna | Medium difficulty - root access | |
Hackfest 2016 Quaoar | Easy machine to own | |
Pentester Lab: XSS and MySQL File | Easy SQL injection example | https://www.vulnhub.com/entry/pentester-lab-xss-and-mysql-file,66/ |
SQLInjection to Shell | Intermediate - SQL injection to shell | https://www.vulnhub.com/entry/pentester-lab-from-sql-injection-to-shell-ii,69/ |
Damn vulnerable web application | Vulnerable - PHP/MySQL application | |
Hackxor | Webapp hacking game | |
WebGoat | Medium level challenge | https://www.owasp.org/index.php/Category:OWASP_WebGoat_Project |
There's more...
The preceding resources will be installed on a variety of different methods that are beyond the scope of this book. But I will quickly mention some of the deployment options:
- Virtual machines that, can be installed in VirtualBox
- Scripts that can be run on standard Linux machines to build applications and make them specifically vulnerable to attacks
- Resources that you may attack over the internet
- Complete self contained hacking environments
Note
Please ensure that as you are working with these sites, you read carefully the terms of service and understand all requirements and limitations of the environment or tools you are working with. Also be careful if you are remotely hacking sites across the internet. Although there are some of these options available for testing and it may be perfectly legal to do so, your Internet Service Provider (ISP) may flag the activity as malicious and take action against you.
