Practice Hacking: the Command Injection ISO

Pentester Academy
This entry is part 11 of 11 in the series [ Hacker Night School ]
I love sites like and, where you can practice your hacking skills legally and safely.
There are also some cool pre-vulnerable-ized web applications/sites that you can download, unzip and use on your hacking lab, like DVWA and Mutillidae.
Then there are the dedicated virtual machines like Metasploitable, that give you a whole OS environment to wreck to your heart’s content. Here’s an example a friend recently pointed out to me, the Command-Injection-ISO from PenTester Academy.
“We’ve packaged 10 real world applications into an Ubuntu Desktop based ISO. These applications are vulnerable to command injection attacks which you will need to find and exploit. Please note that not all applications are on port 80 :)” – .
Give it a try and tell us what you think! Thanks –

Sites To Practice Hacking:

Glenn Norman
This entry is part 2 of 2 in the series [ Sites Where You Can Hack ]

Where is about … hacking that site, is a whole platform. That means you can work your way through entire categories of Challenges: apps, crypto, forensics, stego, web clients and servers, and so forth.

This is a blast. Don’t take my word for it. Go see.

There’s an active and helpful community with forums sorted by Challenge. But it’s not immediately clear where you’re supposed to start. Let me suggest going to Challenges > Web – Client, and start at the top of the list you get. The initial Challenges really are easy, but things get tricky fast.

I use this site in my security and hacking classes largely because they can get a foothold almost immediately, then learn the process of researching (and asking) their way to solutions to other Challenges.

As always, School for Hackers members, you can let us know how it goes by commenting below. Thanks –

* * *

Sites To Practice Hacking:

Glenn Norman
This entry is part 1 of 2 in the series [ Sites Where You Can Hack ]

HackThisSite is the perfect place to start this list of online hacking platforms. It’s been around a long time, and has a really active community. Of course, the specific flavor of hacking you’ll pursue here is web application testing. The domain name doesn’t lie: you’re welcome to try most kinds of mapping, testing and cracking against it. It’s not fair game to DoS the site, because hey, we’re all trying to get something done here, and DoS is for skids.

You will need to create an account. Now is when you’ll want one of those multiple email identities we keep bitching about: Security is a Function of Segregation!

Check it out at the link below. If you’ve got an account on this site, let us know what you think, especially if you crack one of the really hard challenges.

* * *