1. Google Gruyere
The Google Gruyere is the effort of the company Google to enter the world of hacking. The website Google Gruyere is full of holes and that's why he uses it the word "Gruyer" (gruyere), which is a Swiss cheese. Even the site has a cheese wallpaper background!
Once you start, the Google Gruyere will give you some challenges to perform. It has a deliberately weak and vulnerable code to take advantage of. Problems highlight these weaknesses and give you a goal to execute.
If you are stuck on how to complete a challenge, do not worry. Each mission comes with some tips to help you walk in the right direction. If you still can not go ahead, you can see the solution and apply it yourself to get a sense of how this works hack.
The site HackThis, is trying to give you a "real" mission.
It has a wide variety of challenges in different categories. There are fundamental challenges and difficult challenges to try, depending on your skill level. If you want to try disabling plain CAPTCHA codes, there is an entire section for that.
There is even a "real" category that includes fun fictional scenarios where you have to do hack a website for one of your customers.
The best part about HackThis is the hints it offers. Each puzzle has a special tips page where you can talk to forum members and discuss where you are wrong. Members will never give you the solution so you can understand for yourself what you need to do.
While hacking sites are useful, there are some bugs and some exploits that they can't cover. For example, these sites may not ask you for challenges that would result in you downloading the site itself. If they did, no one else would be there later!
Therefore, it is best to attempt a destructive attack on your own server that you have created, so as not to damage other people's websites. If you are interested in this aspect of piracy, try it buggy web application (bWAPP).
The main feature of the bWAPP application is the huge number of errors. It has over 100 errors, ranging from DDoS vulnerabilities to Heartbleed vulnerabilities Bugs in HTML5 ClickJacking. If you want to know about a particular vulnerability, there is a good chance you can find it at bWAPP.
When you want to try it, download it for free and run it on the target system. Once it runs, you can launch attacks without worrying about an annoying webmaster trying to stop you.
The OverTheWire features wargames and warzones with the most advanced hacking attacks. Wargames are unique hacking scenarios, usually with little history, to be more plausible. Wargames can be a competitive event between hackers, either as a race or as an attacker on each other's servers.
Although this may sound complicated and scary, don't worry. The site still has lessons ranging from the basics to the most advanced tricks. It requires a Secure Shell (SSH) connection, so be sure to find out SSH if you want to try OverTheWire. Fortunately, there are easy ways to configure SSH in Windows, so it shouldn't be too big of an obstacle.
OverTheWire has three main uses. First, you can play through small games with increasing difficulty, to learn how to do hack. Once you gain some skill, you can download wargames with unique backstories for a more exciting experience.
There's also Warzone, which is a dedicated network, designed to work just like an Internet IPV4. Users can place sensitive devices on this network and others can use them to practice their piracy skills.
At the time of writing this article, there is an exercise that reproduces the hack of Kevin Mitnick at Tsutomu Shimomura, 1995. Now you can put yourself in Mitnik's position and see if you can break the safety yourself!
Some of the missions have a short story to keep you interested in the lessons. For example, users in the basic lesson will join Network Security Sam. Sam is a man who stubbornly refuses to save the code on his website, so he has to remember it. But every time you break his security and discover his code, he adds more security to his website.
"Realistic" exercises are also enjoyable. These are fake websites created to teach you how to do it hack with a specific goal. They range from hitting a voting system to putting someone first on the to-do list or deleting the work of some spiritual people, such as poets, etc.
Each puzzle comes with a special thread in the forums where you can get help. Problems and discussions have been around for a long time, and users have posted a lot of useful information. Again, no one will tell you clearly the solution to every challenge. But if you are willing to do some research, you will find their tips useful enough to solve the puzzle.
Do these sites promote illegal piracy?
As you browse through these websites, you may realize that various malicious people can use exactly the same, malicious skills. For example, some of the "realistic" missions are intended to break a library system or voting website for the best music band. It is easy to assume that these websites train the scammers to become better at their jobs.
The truth is, if these sites did not exist, the scammers hacker could get similar lessons and help from Dark web. Meanwhile, website developers, the people who need to learn hacking techniques to protect themselves, have a chance to learn and try these hacking techniques.
It's like a knife. In the hands of a surgeon he performs miracles, while in the hands of a robber he becomes a deadly tool. Therefore, by publishing this information, it gives developers the practice they need to secure their websites.