Irongeek's Infosec Wargame ServersOn April 1st 2008 I posted the following announcement to my site:
I'd like to announce the launch of my own wargame servers for testing out your computer security skills. The host names are:
Try out Nmap, Nessus, Metasploit and other tools on these boxes. Please let me know your findings. Thanks to my hosting provider Dreamhost. If you want to know more about Dreamhost check out my review (and coupon codes), they have been pretty good to me.
In case you could not tell from the date, this was an April Fools Day prank. The host names resolve as follows:
hackme1.irongeek.com = 127.13.43.22
hackme2.irongeek.com = 127.13.43.23
dosme1.irongeek.com = 127.13.43.24
127.*.*.* is the local loopback address, so anyone scanning those IPs would be scanning themselves. Had I been really mean I would have mapped those host names to IPs belonging to the FBI/NSA/CIA. The lesson to be learned from this: Always do a DNS lookup first before scanning/pen-testing a target. Now, if you want to test your security skill against some real targets I'd recommend the following:
WebGoat is a set of deliberately insecure Java server pages. I have a video that can start you out on using WebGoat.
De-Ice is a set of bootable CDs you can test your pen-testing skills against.
While I find their political slant annoying, this site may be of use to some of you.
If anyone has some other suggestions I'd be glad to hear them and add them to this page.