I love sites like HackThisSite.org and root-me.org, where you can practice your hacking skills legally and safely.
There are also some cool pre-vulnerable-ized web applications/sites that you can download, unzip and use on your hacking lab, like DVWA and Mutillidae.
Then there are the dedicated virtual machines like Metasploitable, that give you a whole OS environment to wreck to your heart’s content. Here’s an example a friend recently pointed out to me, the Command-Injection-ISO from PenTester Academy.
“We’ve packaged 10 real world applications into an Ubuntu Desktop based ISO. These applications are vulnerable to command injection attacks which you will need to find and exploit. Please note that not all applications are on port 80 :)” – https://sourceforge.net/projects/commandinjectioniso/ .
Give it a try and tell us what you think! Thanks –