5 Websites That Teach How To Hack Legally

 If we are ethical hackers, it can be difficult to test our skills without harming anyone. Fortunately, there are resources that give us a sense of hacking, giving us a place to learn while keeping it legal. Here are 5 Websites That Teach Us How To Hack Legally and without getting in trouble.

1. Google Gruyere

Google Gruyere

Google Gruyere is a website that teaches us how to hack legally, because it is the web giant's entry into the world of hacking. This website is full of holes and uses the “cheesy” code, hence the cheese-related name. Even the website is cheese themed!

Once we're ready to get started, Google Gruyere will give us a few challenges to tackle. Google Gruyere intentionally displays code that is weak and vulnerable to exploitation. We will be given the task of highlighting these weak areas. For example, one challenge is that we inject an HTML flag box into a website snippet feature, which fires when the user loads the page.

If we get stuck on how to complete the challenge, don't worry. Each mission comes with a few clues to help push us in the right direction. If this doesn't help, we can take a look at the solution and implement it ourselves to get a feel for how the exploit works.

2. Defend the Web

Defend the Web

There aren't many websites that actively invite us to hack them, but Defend the Web is one exception. Of course, we didn't hack the actual website, but it gave us a challenge to try.

Defend the Web has a variety of challenges in different categories, so we're sure to find something to test. There are fundamental challenges and difficult challenges to try depending on our skill level. If we want to try simple CAPTCHA deletion, there is an entire segment for that. There is even a “Real” category which includes fun fictional scenarios where we hack websites for clients.

The best part about Defend the Web is the prompts. Each puzzle has a dedicated hint page where you can talk to forum members and discuss any problems. The members will never give us a solution so we can figure it out on our own without spoilers.

3. bWAPP

bWAPP

While hacking sites are useful, there are some bugs and exploits that they are unable to cover. For example, this website can't host challenges that involve destroying websites, if they do, no one else will have a turn afterward!

As such, we should perform more destructive attacks on self-hosted servers, so that we don't damage other people's websites. If you are interested in this field of hacking, try buggy web app (bWAPP).

bWAPP's main strength is its large number of bugs. It has more than 100 of them, ranging from Direct Denial of Service (DDoS) flaws to the Heartbleed vulnerability to HTML5 ClickJacking. If we want to learn about a particular vulnerability, there is a good opportunity for bWAPP to apply it. When we want to try it, download and run it on our target system. Once running, we can launch attacks without worrying about upsetting the webmaster.

4. OverWire

OverWire

OverTheWire features wargames and war zones for more sophisticated hacking sessions. Wargames are unique hacking scenarios, usually with a bit of a story to fix them. Wargames can become an arena for competition between hackers, either as a race or by attacking each other's servers.

While this may sound complicated and intimidating, don't worry. This website still features lessons ranging from the basics to more advanced tricks. It does require a Secure Shell (SSH) connection to use, so be sure to learn SSH if you want to try OverTheWire.

OverTheWire has three main uses. First, we can play through small games with increasing difficulty to learn how to hack. Once we have acquired some skills, we can download wargames with unique backstories for a more immersive experience.

There is also a war zone, which is a proprietary network designed to work like an IPV4 internet. People can place vulnerable and hackable devices into this network, and others can use it to practice their hacking skills. At the time of writing, there is an exercise that replicates when Kevin Mitnick hacked computer geek Tsutomu Shimomura in 1995. Now we can put ourselves in Mitnik's shoes and see if we can crack the security ourselves!

5. Hack This Site

Hack This Site

Another website that kindly invites us to hack it, Hack This Site is a fantastic learning resource. This ranges from beginner-oriented lessons to hosting dedicated phone lines for cell phone phreak attacks. Some missions have a little story to keep us engaged with the lesson. For example, people in the Basic course will come face to face with Network Security Sam. Sam is a forgetful man who insists on saving passwords on websites, so he never forgets them. Every time we crack the security and find the password, it adds more security to the website.

“Realistic” exercises are also fun. This is a fake website set up for us to hack with a specific purpose. We might rig the voting system to get the band to the top spot, or undo the work of a malevolent person hacking into a peace poetry site.

Each puzzle comes with a specific set of commands on the forum where we can get help. The issues and discussions have been around for a long time, and users have posted many helpful resources. Again, no one is going to tell us the solution to every challenge right away, so we don't have to worry about spoilers. However, if we're willing to do some research, we'll find their hints and tips more than enough to solve our puzzle.

Does This Website Promote Illegal Hacking?

While browsing this website, we may realize that bad people can use the same skills for evil. Some "realistic" missions make us break into library systems or well-known websites, for example. It's easy to think of these websites training people to become bad agents. The truth is, even if these websites didn't exist, bad hackers would still get their hands on their resources on the dark web. Meanwhile, website developers, the people who most need to learn hacking techniques, will have no legal place to learn and test these hacking techniques.

Developers will make the same mistakes over and over again, while hackers will take advantage of using the dark web to spread resources and tutorials. Thus, by publishing this information, it gives web developers the practices they need to secure their websites. In an ideal world, all web designers would learn how to protect their websites in this way, thereby preventing malicious agents from using this knowledge for evil.