Your Favorite Challenge sites (Other than HT)

Ermahgerd xD

1) Wechall.net - This site is just amazing.
2) Root-me.org - They have sooooo many challs and live Capture The Flag boxes ready for playing.
3) Overthewire.org - It taught me sooooo much about linux. :)

I haven’t tried root-me.org. I am a member of we-chall. It has quite a few challenges that are geared towards coders. Not bad.

1) Evilzone.org - its being developoped right now, it will be back soon
2) www.root-me.org
3) Overthewire.org

Yesssss. I like your judgement @Chronon :)

@HackingGuy i will place root-me in the number 11 if i can understand all the challenges language XD

ohhhh… I’ve never even heard of Evilzone.org. I have a few thigns to check out.

You guys ever check out ma’s reversing?

Ma’s is amazing.

@x2600 its forum is the best i think, but for the challange i think root-me is better

but suddenly the server is down, i ask the admin on the IRC, they said it will take a month to fix the server XD

wow ma’s is new to me gotta checl it out

checked it already, the web-page is not pretty good but seems interesting for a site like that

It’s really nice to see active forums. The challenges and site layout make the site IMO, but the forum and social side help keep it alive. It has been that way forever. That’s why hackthis is so awesome. Very active forum.

And yes @Chronon , root-me does need to fix some of its language needs, but other than that its awesome.

True, this forum is awesome :)

Only because @dloser is on it tho

Dloser… that guy. ;)

dloser help me a lot XD

I bet he’s going to get on and say, “This threads gotten way off topic.” Lulz

gotta get on the right track again

Well he’d better post his favorites or he’ll be contributing to the off-topic-ness. Dloser, we summon you to the forum! :D

I play my trap card. He can’t move until you send your @Mugiwara27 to the graveyard. xD

I’m on root-me.org too and I just start to go on zenk-security.com (which is only french)

You won’t send anyone to graveyard ! :p
I didn’t take a look at a lot of website but at least, the ones I’ve been testing were the best :p

0) Wechall
1) canyouhack.it
2) root-me.org
3) revolution elite

Mod-X, Disavowed.net, trytohack.nl, dareyourmind.net, hackthissite, and so many others…

I have yet to try out revolution elite. I heard a lot of good things about it though!

trytohack.nl was down for me, Dimooz. It sounds familiar though.

Yea trytohack.nl was also down for me

Sorry, it’s not trytohack but try2hack.nl.. Now I’m home, and have access to the entire list of the challenges I’ve done, here it is :

Arenhack, dareyourmind.net, disavowed.net, ennixo, hackquest, hackthis ;) , hackthissite, IceFortress, Mod-X, ThisIsLegal.com, and (drums) the famous : http://www.try2hack.nl/

I didn’t check if they ’re still online…

Very cool. there are lots on your list that I haven’t heard of. Wechall has a nice list, but I don’t think it’s all-inclusive.

what can i say ?

Gotta try ‘em all

XD

Yeah, really. Right now I’m working on this one, canyouhack.nl, and wechall.net. After that I’ll probably hit up a few that sync with wechall.

well, i’ll try one of them after i can finish the mighty crypt level 9

I’m working on crypt 9 too… I’m on what I believe to be layer 3. It gets harder lol.

Hopefully we can crack this encryption soon xD

Its too bad dloser doesn’t want in on the fun :p

I’m glad that the site is back up

[quote=HackingGuy]Its too bad dloser doesn’t want in on the fun[/quote]

Basically the only sentence structure where you’ll see the words ‘fun’ and ‘dloser’ together. :p

Hack This Site, although not too realistic or appropriate to a lot of “Real world scenarios” which I tend to find these challenges helping with. But hey, it’s where I started pulling pieces and knowledge together, always stick with your 127.0.0.1 you could say :P

Yeah I understand that. Sadly the places where I started aren’t around anymore. They were some of the first. I rarely meet anyone who has heard of them because they are so old. Cyberarmy.com and lameindustries.org. cyberarmy got a reboot a few years ago like in 2009, but it is gone again. Was around in 2001ish.

[quote=x2600]3) thebrightshadows - a TON of challenges[/quote]

Sadly no new users have been able to register for this site for nearly a year now. (Though users registered before this time can still log in I believe).

Rankk.org is a good site that also has ‘a TON of challenges’.

Hmm never heard of that one. Is that on Wechall?

Yes. http://www.wechall.net/site/details/4/Rankk

(think it may have been one of the original sites to connect to WeChall)

There used to be a site called securityoverride, doesn’t seem to exist anymore.

There is no place like HT!!

@Starman11 yeah I think securityoverride.org is down for good.

Try

http://pwnable.kr/

http://overthewire.org/wargames/

Another vote for http://revolutionelite.co.uk

Over the wire

I stumbled across https://www.hackthebox.eu/ a while back. I haven’t had time to check any of their challenges yet though, but they seem to add new CTF boxes fairly frequently.

Never heard about Hack The Box before, he seems pretty smooth and high-quality website thanks for sharing @Psyberion

PS : Do you have an invite code for the team HackThis if you have at least a Hacker Level ?

No worries man, happy to share @DIDIx13! And no, I’ve just created an account and had a look around, so I haven’t really done anything on there. Having a proper look and doing their challenges is on my todo list though.

Come to think of it, I think this awesome list (awesome as in the topic on Github, but I mean the list looks solid..) is where I found HackTheBox, and there are quite a few other names there that I haven’t seen mentioned here.

Thanks ! There are a lot of Awesome List actually :)

[youtube][youtube][youtube][youtube][youtube][youtube][youtube][youtube][youtube][youtube][youtube][youtube][youtube][/youtube][/youtube][/youtube][/youtube][/youtube][/youtube][/youtube][/youtube][/yout

ube][/youtube][/youtube][/youtube][/youtube]

Hack This Site is good fun, and also Hellbound Hackers.

Wechall, Hackthebox! But here, there is a great community!

+1 For HackTheBox

You need to pass a test to register btw and it’s not the easiest one ;)

Its a great place.. some of the challenges are very tough! but you have always to read and read… and read!

Thank you for all of the great suggestions. I just ran through this list , here’s a current list ( Updated as of 10/12/2018)

UP:

A

• Ae27ff - http://ae27ff.meme.tips/about.php - Challenges, CTF and stego

B

• Back2Hack - https://back2hack.cc
• Backdoor - https://backdoor.sdslabs.co - challenges and competitions, no forums or IRC though
• Bright Shadows https://www.bright-shadows.net - website IS up, but it’s not active per sysop
• BWAPP - http://www.itsecgames.com - Intentionally buggy wepapp with an open inviatation to hack it!

C

• canyouhack.nl -> https://www.canyouhack.us - Challenges ARE here, but finding them is part of the challenge. No IRC or Forums. It’s you vs the cpu

• Captf - http://captf.com/practice-ctf - Capture the flag , Practice session here

• Cfreds - https://www.cfreds.nist.gov/data_leakage_case/data-leakage-case.html - Belive it or not, a goverement level forensic test - no forums, no boards either

• Challengeland - http://challengeland.co - Signing up is your first challenge. NO forums, but plenty of challenges

• Challenges.re - https://challenges.re - Reverse engineering challeneges by levle, type, architecture and OS!

• Challengerocket - https://challengerocket.com - Challenge rocket , where solving challenges MIGHT actually get you a job

• Coderbyte - https://www.coderbyte.com - Slightly different, these are all coding challenges (you can learn code quickly this way! )

• Contained.af - https://contained.af - The challenge starts immediately as you are greeted by a linux terminal.

• CTF365 - https://ctf365.com - Active site, BUT you need to sign up to see ANYTHING

• CTF demo - https://demo.ctfd.io - CTF demo WITh an acessible admin panel.

• CTF Forgottensec - https://www.ctf.forgottensec.com/wiki/ - a wiki dedicated to CTF, hacking, cracking …etc…

• CTF Hackerfire - https://cft.hackerfire.com - Challenges, but you need to login to see them

• CTFinfysec - https://ctf.infysec.com - Infysec - Capture the flag hacking lab
• CTFLearn - https://ctflearn.com - Mini forums are available for each challenge
• Crackmes one - http://crackmes.one - Strictly reverse engineering - forums in each challenge only
• Cryptopals - https://cryptopals.com - Crypto challenges only - no forums and no IRC
• Cyberorensics - https://cyberforensicschallenge.com - Runs annual challenges
• Cybersecurity - https://pod.cybersecuritychallenge.org.uk - Cybersecurity challange
• Cyphernix - https://github.com/cyphernix/challenges - the site itself states it’s not for beginners. It’s challenges that you download and solve

D

• Damn Vunerable IOS App - http://damvulnerableiosapp.com - Vulnerable IOS app - download on your IOS and hack away
• Darkscience - http://darkscience.net - Code contests and war games (SSH Only) Also accessible by TOR

E

• Exploit me - http://securitycompass.github.io/AndroidLabs/setup.html - Exploit Me Android labs - download on your android and hack!

• Evilzone.org - https://www.evilzone.org - active site

• Exploit Exercises - https://exploit-exercises.com - DOWNLOAD vunerable VM’s and try to break in. NO Blog, forums, chat or IRC available. You may find hints via google. Recommended for intermediate to advanced!

F

• Forensic challenge - https://www.dfrws.org/dfrws-forensic-challenge - download the info and solve the case
• Forensic practical - http://www.foresickb.com/2008/01/forensic-pracgical.html - Forensic practical based on real life
• Forensic security treasure hunt - http://digitalforensics.securitytreasurehunt.com - 4 rounds with a question engine
• Freehackquest - https://freehackquest.com/?quests= - No forums, no IRC, hints ARE available , however

G

• GoogleCTF - https://capturetheflag.withgoogle.com - Yep, even google is getting to CTF (The CTF is finished, but the site’s VERY NICE! )

• Google Gruyere - https://google-gruyere-appspot.com - Google Gruyere - named for the cheese, ‘cause it’s full of holes for you!

• GoogleXss Game - https://xss-game.appsot.com - A few games, no forum but a very nice website all about XSS hacking

• Grehack - http://grehack.org/ - Capture the flag - not yet active

H

• Hack.me - https://hack.me hack web apps in a safe sandbox. No chats, IRC or forums
• Hackbbs.org - Capture the Flag in French and English

• Hackchallenge - http://www.hackchallenge.net/ - Very fancy page, featuring challenges, tournaments, and forums. HOWEVER some of the images get VERY closed to NSFW!

• Hackerforever - https://www.hackerforever.com/guest.php - HUGE community, lots of challenges , both online and VMWare

• Hackergateway - https://www.hackergateway.com - Hacker Gateway - challenges and leaderboards

• Hackertest - http://www.hackertest.net - Active site
• Hackinglab - https://www.hacking-lab.com - CTF’s and challenges, in English and German
• Hack the Arch - https://github.com/mcpa-stlouis/hack-the-arch - Software to create your OWN CTF contests
• Hacking allowed - http://www.hacking.allowed.org - CTF & challenges
• Hackthebox - http://www.hackthebox.eu - interesting - you have to HACK the invite first!
• Hackthissite - http://hackthissite.org - Active site
• Hackxor - https://hackxor.net - Challenges on this site. NO forum however.

• Halls of Valhalla - https://halls-of-valhalla.org/beta - Challenges from beginners or up, including stego, timed, sql injections. Includes forums and IRC.

• Hax.tor - https://hax.tor.hu - Active site

• Hellboundhackers - http:// www.hellboundhackers.org - forums and challenges available

I

• IceFortress - http://esoacademy.com/sklills/ice-fortress - Site is active
• Intruded.net - http://intruded.net/wargames - active site
• IO-Netgarage - http://io.netgarage.org - Wargames, challenges, plus additional domains fror x86, and ARM as well

J

• Janosgyerik - http://www.janosgyerik.com/hacking-contest-on-a-live-cd - Just like the name says, hack a live linux CD (based on tiny core )

K

• Knox.xss - https://knock.xss.moe - XSS challenges. You MUST register to access any challenges

L

Leetmore - http://leetmore.ctf.su
* Lord of SQLI - https://los.eagle-jump.org - Mostly Sql and php hacking

M

• Major League Hacking - https://mlh.io - Major League hacking , Challenges both online and live , as well as adveretised challenges (also live ) are shown on the top of the page.

• Microcontest - http://www.microcontest.com - Forums, Tutorials, Arenas (not active yet), challenges and shoutboxes.
  * Minmenu Dynamic Taint Analysis - https://www.minemu.org/ - It’s active

• Mod-x - https://www.mod-x.co.uk/ - Active page
• Mutillidae - https://sourceforge.net/projects/mutillidae - Deliberately vunerable web app - download and hack it

N

• Newbiecontest - http://newbiecontest.org - active site
• New wargame - http://new.wargame.kr - New Wargame , in Korean
• Noe Systems - https://noe.systems - Challenge site, in Korean . No forums, you CAN translate Korean to English in Chrome easily!

O

* Open Web Application Security Project - https://www.owasp.org A wiki dedicated to security and exploits - open sourced!
* Overthewire - http://www.overthewire.org - SSH style hacking, no message boards, but IRC IS available
* OWASP Security Shepherd - https://security-shepherd.ctf365.com - active site

P

• Pentestpractice - https://www.pentestpractice.com - Good pracitce - no forums however, but you do need to sign up to play

• Pentesterlab - https://pentesterlab.com - Exercises can be downloaded or taken online (java based). NO forums , chat or IRC.

• Pentestit - https://lab.pentestit.ru - No message boards, challenges appear in different parts of the world, irregularly

• Pinterest - https://venturebeat.com/2016/10/14/pinterests-easter-egg-lets-developers-test-their-hacking-skills. Believe it or not, Pinterest will let you test their site. Details are available on this page.

• Potatopla - https://potatopla.net/crypto - Crypto puzzle challenges

• Praetorian - https://www.praetorian.com/challenges/pwnalbe - this company DARES you to PWN them. Intermediate to advanced level. No forums, IRC.

• Pwnable kr - http://pwnable.kr - Active site

• Pwnable tr - https://pwnable.tr - Wargames and challenges
• Pwnadventure - http://pwnadventure.com - It’s not just a game, it’s an adventure!

R

• Red Tiger - https://redtiger.labs.overthewire.org - No forumns - PHP SQL security specific, using hacks found in the wild.
• Reversing Kr - http://reversing.kr - Reverse engineering for Windows and Linux (and Flash too)
• Revolutionlite http://www.sabrefilms.co.uk/revolutionlite - has messageboards and IRC
• Ringezer0team - http://ringzer0team.com - 292 challenges , instead of forums, it uses slack

• Root-me http://www.root-me.org - LARGE number of challenges, forums are available. Per the site description, 303 challenges, 71 Virtual Environments, 2703 solutions. You MUST send an email this site! There’s even a section devoted to finding weaknesses in the system itself.

• ROP Emporium - http://ropemporium.com - Reverse engineering only - forums are available in each challenge

S

• ShortinfoSec - http://www.shortinfosec.net/2008/07/competition-computer-forensic.html - Computer forensic investigation
• Skull Security - https://blog.skullsecurity.org/ This is a blog with challenge writeups and a link to their Github for challenges.
• Slavehack - http://www.slavehack.com - Active site
• Smash the stack - https://smashthestack.org/wargames - active site
• Solveme - http://solveme.peng.kr - Capture the Flag
• Stereotyped Challanges - https://chall.stypr.com
• Sunintas.com - http://suninatas.com - Challenges and chat in Korean

T

• Tastless - http://chall.tasteless.eu/
• Thisislegal.com - http://www.thisislega.com - Active site

• Try2hack.nl http://www.try2hack.nl - Strict rules, BUT has a bot ownage challenge at the end. NO forums, but IRC is available

• Try to decrypt - https://www.trytodecrypt.com - Crypts only

U

V

• Vicnim - http://vicnum.ciphertechs.com - Deliberately insecure LIVE website, play the games, find the vulns!
• Vulnhub - http://www.vulnhub.com - you have to download vulnerable VM’s and break in. NO forums, but chat and reading materials are available to help you out

W

• W3chals - http://w3challs.com - Offers challenges , has forums and IRC
• Wargames - http://wargame.kr/
• Webhacking - http://webhacking.kr - getting in’s part of the challenge!!!
• Websec - https://websec.fr - no forum but interesting challenges and suggested reading material as well!
• Wechall - http://www.wechall.net - Active site

X

Y

• Yoire - http://yoire.com - Challenges in Spanish ( be sure to check out their robots.txt too! )

Down

• Canyouhack.it - http:///www.canyouhack.it - It’s official down as of 10/02/2018
• Dareyourmind - This site is no longer there
• Enigmagroup - No longer there
• hackthebox.gr - No longer there
• PCIOCFT - last active on 2017
• Pentest.training - No longer there
• Securityoverride.org - This site is no longer there
• Solveme - No longer there

Enjoy and see you around on some of these sites!!

https://cryptopals.com/
https://ringzer0team.com/challenges
https://websec.fr/
https://chall.stypr.com/

Update of new sites that I’m now working on :D
(I’m trying to learn crypto)

@necromonger :

[quote=necromonger ]Hackthissite.org - This site is no longer there[/quote]

Please correct it, the site is still available online.

@dimooz It still shows as offline on my end (for reference, I contribute at work and am behind a proxy). It literally shows that the connection is dropped on my end, so it appears to be down.

@necromonger I insist, I can access it from home with no problem. That means there’s some sort of annoying filtering on your side.

@necromonger if you are behind a proxy, it surely categorizes it as “hacking”, or other illegal stuff and this category is surely blocked by the security operations team of your company. HackThis is also categorized as hacking by several proxy solutions.

EDIT: btw, hi everyone, it’s been a while :)

@dimooz - alright - I’ve updated the list @r4v463 - the message I’m getting isn’t that it’s being filtered, I get a generic message stating that I failed to connect, that’s why I listed it as down .

No prob for me either

edit : hello @r4v463 glad to you see again :D

OverTheWire.org: if you do it in order, start using a simple shell in linux an pass to hacking web, criptografi, advance shell, buffer overflow and it’s interactive.
Exploit exorcises: if you want to continue with themes and uses shell, the give you a virtual machine (.ova) to do the challenges.
Wechall: The best thing about this website is that it has a ranking and scoring system at a global level and in each country

1) Evilzone.org
2) www.root-me.org
3) Overthewire.org

Evilzone is back up! Finally :D

hey all

Welcome @aung.mm please introduce yourself in the Introductions section ;)

Can’t wait to try them all out, thanks for the amazing thread!

Wow. This thread has certainly grown quite a bit.

Huge thread now and nice to see you back x2600 :D