304 North Cardinal St.
Dorchester Center, MA 02124

Work Hours
Monday to Friday: 7AM - 7PM
Weekend: 10AM - 5PM

VulnHub InfoSec Prep OSCP - WordPress home page

Practice Hacking – Free Sites and Vulnerable Machines

If you are a member of the “learn by doing” crowd, then these resources can help you practice hacking with a hands-on approach.

If you want to practice hacking, then you want to make sure you do it legally. The best way to do this is one of the many ethical hacking websites. From VulnHub to Hack the Box, and everything in between! You can learn penetration testing from the comfort of your own home.

Table of Contents

  1. Practice Hacking – Introduction
  2. Hacker101 – Training From HackerOne?!
  3. Try Hack Me – A FUN Way to Learn Cyber Security from Scratch
  4. VulnHub – the BEST Ethical Hacking Practice?
  5. Hack the Box – Free and Competitive Pentest Practice
  6. Exploit Exercises – Defunct Hacking Websites
  7. DIY – Learn Hacking on Your Own Terms
  8. Practice Hacking – Conclusion

Practice Hacking – Introduction

Hacking to learn and learning to hack is fun, but you want to make sure that you do it legally!

Other than capture the flag events, vulnerable machines or labs are a great way to learn some ethical hacking tools and techniques.

If you want to get started, just download VirtualBox, grab an “easier” VM from VulnHub, and get started!

Practice Hacking - VulnHub OSCP - Secret.txt

That said, there are a few more directed approaches, so hopefully, I can cover them here.

Hacker101 – Training From HackerOne?!

I honestly had never heard of Hacker101 until strupo mentioned it.

This looks to be a free web security class that includes video lessons, guides, and resources.

I’m guessing that it is HEAVILY geared towards web application testing and bug bounty programs, but that is still awesome.

It also includes a 24/7 CTF competition, so I had to include it here!

If you’ve used this platform before, or think I should try it out, then let me know.

TryHackMe – A FUN Way to Learn Cyber Security from Scratch

While I haven’t played on TryHackMe a ton, it’s a really great platform.

The nice thing about Try Hack Me is that it has smaller lessons and challenges.

I want to play on their platform a bit more, but let me know if you have any suggested challenges/competition!

There is a subscription-based model, but you can still play the challenges for free.

I don’t know how many more learning rooms their are with TryHackMe Premium. That said, contact me if you know more about the differences.

For now, I’ll provide you with some write-ups until I have my own.

Try Hack Me Write-Ups

VulnHub – the BEST Ethical Hacking Practice?

Practice Hacking – What is VulnHub?

If you are not familiar, VulnHub is a large repository of vulnerable machines and targets available for download.

Its goal is to provide materials so that anyone can gain hands-on experience with security and administration.

Practice Hacking - VulnHub Logo

For more information, check out their about page.

Free Vulnerable Machines to Learn Ethical Hacking

While VulnHub isn’t the simplest way to learn ethical hacking, it is still one of my favorites.

You pick a random virtual machine that sounds interesting, download it, and get to work.

I’m hoping to work on some guides to make this process easier, but most of my walkthroughs cover it.

That said, if you aren’t familiar with networking and virtualization, this might not be the best first step for you.

VulnHub CTF Write-Ups

Honestly, I’ve spent so much time on VulnHub, these posts will be the majority of my content.

If you see any issues with these write-ups, or want to see more, then let me know.

Hack the Box – Free and Competitive Pentest Practice

If you want something more inclusive or easier, then maybe HTB is for you.

The de-facto standard for vulnerable machine platforms is Hack the Box, and for good reason. You can attack multiple different machines, view write-ups, and compare your score to others around the world.

I’ve only finished two boxes on this site myself, but they were a ton of fun.

The nice thing about HTB is that you can also see solutions for retired boxes, so you can learn by following along.

As far as the paid services go, they have a few options.

HackTheBox provides a VIP subscription as well as various Pro Labs.

The VIP subscription provides access to VIP retired machines, retired challenges, Pwnbox, official write-ups, VIP servers, CPE credits, and more advanced search functionality.

The various HTB Pro Labs are subscription-based access to more advanced courses, effectively an internal certification course.

While I don’t have a paid HTB subscription yet, I may go for one to try and climb that leaderboard soon!

Practice Hacking – HackTheBox Write-Ups

Like I said before, I only have two write-ups for HTB, but they were still really enjoyable.

Exploit Exercises – Defunct Hacking Websites

I wanted to include more about Exploit Exercises, but it appears that the domain was bought out by some link spammers.

This was a fun site that focused a bit more heavily on binary exploitation.

I was only able to finish one write-up, but I’ll include it as an almost post-mortem.

DIY – Learn Hacking on Your Own Terms

If I had to guess, this is the category that I will be spending the most time on going forward.

Not only do you have more control in setting up your own practice environments, but it also helps with my CTF development.

For now, I only have one real post in this category, but I’m hoping for more soon.

While I have nothing major to announce yet, stay tuned for a tool release in 2022 to this easier!

Practice Hacking – Conclusion

I know that there aren’t as many resources on this page as my CTF post, but it will get there.

There are so many more hacking practice websites, but I haven’t had the opportunity to try most of them.

If there’s anything important that I’ve left out, then let me know!

In the meantime, please feel free to write up some challenges and post them here, so that I can get some free content.


Leave a Reply

Your email address will not be published. Required fields are marked *

This site uses Akismet to reduce spam. Learn how your comment data is processed.