eLearnSecurity Blog

TOP 10 Hackme Challenges in 2014

Did you know? Some of the top companies in the world use Hack.me to check the skills of their IT employees before hiring them.

Hack.me is a free community where you can build, host and share vulnerable web application code for educational and research purposes. This is a platform for students, penetration testers, web developers or anybody interested in web application security to test their skills on penetration testing and ethical hacking.

hackme challenges

TOP 10 Hackmes Started in 2014

Since its launch, web app security enthusiasts have uploaded various challenges in this platform. Giuseppe Trotta, IT Security Researcher and main developer of the Hackme project, has compiled the top 10 hackme challenges started in 2014.

#1 U-Hack-It Basic Exploits Tutorial

Description: U-Hack-It is a set of beginner tutorials to demonstrate how poor web programming practices expose serious security vulnerabilities to would-be hackers, including SQL injection, XSS, and session hijacking. Read more here: U-Hack-it Basic Exploits Tutorial.

#2 easy to get started

Description: this is for the script kiddies and wannabe’s. Read more here: easy to get started

#3 Simple XSS game

Description: Well, it is too simple. Read more here: Simple XSS game

#4 SQL injections – Bypassing authentication – Easy

Description: Environment: Web application PHP/MySQL. Your goal: Finding SQL injections and exploit them to bypass the authentication system and enumerate all the user accounts. Read more here: SQL injections – Bypassing authentication – Easy

#5 SQL Injection – Data Verification Fail

Description: A special friend wants you to locate the private members of a gaming clan his team is supposed to compete with next month in hopes to do some spying and see what the other team is all about…but first he needs to find out who they are. Read more here: SQL Injection – Data Verification Fail

#6 An easy and realistic challenge.

Description: Here is a simple challenge with many different attack methods. Password guessing (common passwords), cookie attacks and decryptions are taking place. You will pass it as soon as you login and the system identifies you as admin! It’s not just password though!  Read more here: An easy and realistic challenge.

#7 SQL Injection – medium

Description: This is an example of mid-level sql injection. Read more here: SQL Injection – medium

#8 Web App Hack tutorial

Description: Tutorial of web app hacking using SQLi and XSS. Read more here: Web App Hack tutorial

#9 DVWA 1.0.7

Description: Damn Vulnerable Web App (DVWA) is a PHP/MySQL web application that is damn vulnerable. Its main goals are to be an aid for security professionals to test their skills and tools in a legal environment, help web developers better understand the processes of securing web applications and aid teachers/students to teach/learn web application security in a class room environment. Read more here: DVWA 1.0.7

#10 Admin Only

Description: Find the key. Read more here: Admin Only


There are other challenges posted on the website and you can also upload your vulnerable web application. Join the Hackme community now!

giuseppe trotta

Giuseppe Trotta is a security researcher and instructor in eLearnSecurity. He is the main developer of the Hack.me project and he is also involved in the management of Hera lab virtualization infrastructures.

Twitter: https://twitter.com/Giutro
LinkedIn: http://it.linkedin.com/in/trottagiuseppe

Tags: , , ,


Leave a Reply

Your email address will not be published.

This site uses Akismet to reduce spam. Learn how your comment data is processed.

Go to top of page