If you’re an ethical hacker, it can be difficult to put your skills to the test without causing someone harm. Fortunately, many websites will teach you how to hack legally and give you a sandbox in which to test your skills.
Here are some websites where you can learn how to hack legally without getting into trouble.
1. Google Gruyere
Google Gruyere is a hackable website developed by the Internet giant itself. The website is full of holes and uses "cheesy" Code referred to by the name on the subject of cheese and the website design.
Once you are ready to launch, Google Gruyere presents you with some challenges. Google Gruyere provides intentionally weak and vulnerable code that you can exploit.
The problems highlight these vulnerabilities and give you a task to perform. One challenge, for example, is adding HTML warning fields to the site’s snippets feature, which is triggered when the user loads the page.
Don’t worry if you don’t know how to complete a challenge. Each mission includes some hints to help you get on the right track. If this doesn’t help, you can view the solution and implement it yourself to learn how the exploit works.
Not many websites actively invite you to hack them in their title, but HackThis is an exception. Of course you don’t hack the actual website, but it gives you challenges to try it.
HackThis has a variety of challenges in different categories, so you’re sure to find something that will test you out. Depending on your skill level, there are basic and difficult challenges. If you want to try breaking simple CAPTCHA codes, there’s a whole segment for that.
There is even a "real" category, which includes fun fictional scenarios where you hack a website for a client.
The best thing about HackThis are the hints. Each puzzle has its own hints page where you can talk to members of the forum and discuss where you went wrong. The members will never give you the solution so you can figure it out yourself without spoilers.
While hacking websites is useful, there are some bugs and exploits that they can’t cover. For example, these sites can’t host challenges that shut down a website. if they did that, no one else would get a turn after that!
Therefore, it is best to perform more devastating attacks on a self-hosted server so that you do not damage other people’s websites. If you’re interested in this area of hacking, try out the buggy web app (bWAPP).
The main strength of bWAPP is the sheer number of bugs. There are over 100 of them, ranging from DDoS (Direct Denial of Service) vulnerabilities to Heartbleed vulnerabilities to HTML5 ClickJacking . If you want to learn more about a specific vulnerability, there is a good chance that bWAPP has implemented it.
If you want to try it out, download it and run it on your target system. Once you’ve run, you can learn how to hack legally without worrying about annoying a webmaster.
Download: bWAPP (free)
OverTheWire offers wargames and warzones for more advanced hacking sessions. Wargames are unique hacking scenarios, usually with a little history to spice things up. Wargames can be a competitive event between hackers, either as a race or by attacking each other’s servers.
While this may sound complicated and scary, don’t worry about it. The site continues to offer lessons that range from the basics to more advanced tricks. An SSH (Secure Shell) connection is required to use it. Therefore, be sure to learn about SSH if you want to give OverTheWire a try. Fortunately, there are easy ways to set up SSH in Windows , so it shouldn’t be too much of a hurdle.
OverTheWire has three main applications. First, you can play through small games of increasing difficulty to learn how to hack. Once you’ve acquired some skills, you can download war games with unique backstories for a more immersive experience.
There’s also the Warzone, an exclusive network that works just like an IPV4 internet. People can put vulnerable, hackable devices on this network, and others can use them to practice their hacking skills.
At the time of writing, an exercise is repeated when Kevin Mitnick hacked computer expert Tsutomu Shimomura in 1995. Now you can put yourself in Mitnik’s shoes and see if you can crack the security yourself!
5. Hack this page
Another site that cordially invites you to hack is Hack This Site, a fantastic learning resource. It ranges from beginner-oriented lessons to hosting a dedicated phone line for phone phreak attacks.
Some of the missions have a little story that keeps you engaged with the lessons. For example, participants in the basic course will go head to head with Network Security Sam. He is a forgetful man who is adamant about saving his password on the website, so he never forgets it. Every time you crack its security and discover its password, it increases the security of its website.
The "realistic" Exercises are also fun. These are fake websites set up for you to hack with a specific goal in mind. Possibly manipulating a voting system to get a band to the top, or undoing the work of malicious people who hacked into a peace poetry site.
Each puzzle includes its own thread on the forums where you can get help. The problems and discussions have been around for a long time and users have posted many helpful resources.
Again, no one will tell you the solution to each challenge directly, so you don’t have to worry about spoilers. However, if you are willing to do research, you will find their hints and tips more than enough to solve your mystery.
Do these websites encourage illegal hacking?
If you browse these websites, you may find that malicious people can use the same skills for evil. With some of the "realistic" Missions break into a library system or a band rating website, for example. It’s easy to assume that these websites are training people to be evil agents.
The truth is, if these websites didn’t exist, nefarious hackers would still be getting their resources on the dark web . Meanwhile, website developers – the people who need to learn hacking techniques the most – would have no legal place to learn and test those hacking techniques.
Developers repeatedly made the same mistakes, while hackers exploited them to distribute resources and tutorials via the dark web.
Publishing this information gives web developers the practice they need to secure their sites. In an ideal world, all web designers learn how to protect their websites in this way to prevent malicious agents from using this knowledge for evil.
Learn to chop
If you want to learn how to hack, there’s no better way to hack yourself. Fortunately, you don’t have to target your local hairdresser’s website. Try these legit hacking websites instead.
If you want to develop your skills, try an online course on ethical hacking. They can be a great way to learn from a teacher instead of doing it on your own.