Practice your hacking skills with these CTFs

List of practice sites

• CloudFoxable: Open-source AWS penetration testing playground
• bWAPP
• Cryptopals - Cryptographic programming challenges
• CTF Challenge
• CTF365
• CTFlearn
• CTFTime
• Enigma Group
• Game of Hacks
• Google Gruyere - Vulnerable web app
• Google XSS Game - Cross-site scripting for beginners
• Hack This Site
• Hack.me
• Hacking-Lab
• HackThis!!
• Hellbound Hackers
• IO
• Juice shop - Vulnerable web app
• Microcorruption - ARM disassembling
• Over The Wire wargames
• OWASP WebGoat 1.2
• picoCTF
• Portswigger’s Web Security Academy
• pwn0
• pwnable.kr
• pwnable.tw
• Reversing.kr
• RingZer0 Team Online CTF
• Root Me
• SmashTheStack
• Try2Hack
• Typhoon vulnerable VM
• W3Challs
• XSS Challenge Wiki

---

• Pentest-practice
• Practice CTF List

---

Practice CTF List / Permanant CTF List

Here's a list of some CTF practice sites and tools or CTFs that are long-running. Thanks, RSnake for starting the original that this is based on. If you have any corrections or suggestions, feel free to email ctf at the domain psifertex with a dot com tld.

Live Online Games

Recommended

Whether they're being updated, contain high quality challenges, or just have a lot of depth, these are probably where you want to spend the most time.

• http://pwnable.tw/ (a newer set of high quality pwnable challenges)
• http://pwnable.kr/ (one of the more popular recent wargamming sets of challenges)
• https://picoctf.com/ (Designed for high school students while the event is usually new every year, it's left online and has a great difficulty progression)
• https://microcorruption.com/login (one of the best interfaces, a good difficulty curve and introduction to low-level reverse engineering, specifically on an MSP430)
• http://ctflearn.com/ (a new CTF based learning platform with user-contributed challenges)
• https://cherryblog.in/
• http://reversing.kr/
• http://hax.tor.hu/
• https://w3challs.com/
• https://pwn0.com/
• https://io.netgarage.org/
• http://ringzer0team.com/
• http://www.hellboundhackers.org/
• http://www.overthewire.org/wargames/
• http://counterhack.net/Counter_Hack/Challenges.html
• http://www.hackthissite.org/
• http://vulnhub.com/
• http://ctf.komodosec.com

Others

• https://backdoor.sdslabs.co/
• http://smashthestack.org/wargames.html
• http://www.mod-x.co.uk/main.php
• http://scanme.nmap.org/
• http://www.hackertest.net/
• http://net-force.nl/

Meta

• http://www.wechall.net/sites.php (excellent list of challenge sites)
• http://ctf.forgottensec.com/wiki/ (good CTF wiki, though focused on CCDC)
• http://repo.shell-storm.org/CTF/ (great archive of CTFs)

Webapp Specific

• http://demo.testfire.net/
• http://wocares.com/xsstester.php
• http://crackme.cenzic.com/
• http://test.acunetix.com/
• http://zero.webappsecurity.com/

Forensics Specific

• http://computer-forensics.sans.org/community/challenges
• http://computer-forensics.sans.org/community/challenges
• http://forensicscontest.com/

Recruiting

• https://www.praetorian.com/challenges/pwnable/
• http://rtncyberjobs.com/
• http://0x41414141.com/

Commercial/Freemium/Paid Training

• https://www.root-me.org/ (well done set of challenges free for public use with optional paid commercial versions)
• https://avatao.com (paid commercial training platform from a CTF team, though with a strong focus on secure app development)
• http://heorot.net/

Downloadable Offline Games

• http://www.badstore.net/
• http://www.owasp.org/index.php/Category:OWASP_WebGoat_Project
• http://www.owasp.org/index.php/Owasp_SiteGenerator
• Damn Vulnerable Web App
• Stanford SecureBench
• Stanford SecureBench Micro
• http://www.irongeek.com/i.php?page=security/mutillidae-deliberately-vulnerable-php-owasp-top-10

Virtual Machines

• https://pentesterlab.com/exercises/
• http://sourceforge.net/projects/metasploitable/files/Metasploitable2/
• Damn Vulnerable Linux (not currently live? local mirror)

Inactive or Gone

Just around for historical sake, or on the off-chance they come back.

• http://rootcontest.com/
• http://intruded.net/
• https://how2hack.net
• WebMaven (Buggy Bank)
• http://www.foundstone.com/us/resources/proddesc/hacmetravel.htm
• http://www.foundstone.com/us/resources/proddesc/hacmebooks.htm
• http://www.foundstone.com/us/resources/proddesc/hacmecasino.htm
• http://www.foundstone.com/us/resources/proddesc/hacmeshipping.htm
• http://hackme.ntobjectives.com/
• http://testphp.acunetix.com/
• http://testasp.acunetix.com/Default.asp
• http://prequals.nuitduhack.com
• http://www.gat3way.eu/index.php (Russian)
• http://exploit-exercises.com/ (challenges mirrored on vulnhub)
• http://damo.clanteam.com/
• http://p6drad-teel.net/~windo/wargame/
• http://roothack.org/
• http://ha.ckers.org/challenge/
• http://ha.ckers.org/challenge2/
• http://www.dc3.mil/challenge/