We don’t want to be criminals, but we do want to pwn shit. That’s why all these people and organizations put together these wargames of intentionally vulnerable websites and services so you can practice and have fun.
My personal favorite because they did a great job not only making the challenges fell real, but they also are very consistent with releasing new challenges that are fun, exciting, and of varying difficulties. Plus, you have to hack the invite system just to get in.
This one is cool too becuase you are actually popping live boxes just like you would in the wild. They have a ton of machines with multiple levels each that you have to hack your way through. They give you the SSH information for the first level and then you hack your way to the next levels information. Not as realistic as HTB but certainly entertaining.
A sillier site that has fun challenges ranging from web app exploitation to reverse engineering.
Not organized as well as the others but still has some fun boxes to pwn,
Smash the stack (named after the famous Phrack article: http://phrack.org/issues/49/14.html) is another really fun wargame site. They have 7 different challenges with ranging difficulties and are well maintained.
Hack this site is probably the oldest wargame site still online. They have a shitload of challenges organized in different ways, different types of campaigns, and varying difficulties. This was the first wargame site I ever found and I was a teenager then.
Try2Hack is another incredibly old hacking challenge site. I haven’t personally gone through their challenges but I have heard great things about them.
Over 50 challenges in different categories with ranging difficulties. Another one that I haven’t gone through very many challenges but the ones I did do were super fun.
Let me know if you know of any different sites where you can practice your security skills!