http://www.irongeek.com/i.php?page=security/wargames
Webgoat. WebGoat is a set of intentionally unsafe Java page server
http://www.hackthissite.org/
http://www.smashthestack.org/wargames.php
from your FAQ
The Smash the Stack Wargaming Network hosts several Wargames. A
Wargame in our context can be described as an ethical hacking environment that supports real-world software modeling of theories or concepts of vulnerabilities and allows legitimate execution methods. The software may be an operating system, a protocol network, or any user application. Blockquote
http://www.astalavista.com/page/wargames.html
http://www.governmentsecurity.org/forum/index.php?showtopic=15442
http://www.overthewire.org/wargames/
the list is long ... some of them, some not ...
Update February 26, 2011, I found a nice post from http://r00tsec.blogspot.com/2011/02/pentest-lab-vulnerable-servers.html , Some links may be broken. I copy from there:
Holynix Like de-iced Cds and pWnOS, holynix is a ubuntu vmware image server that was intentionally used to provide security for penetration testing purposes. More obstacles than a real world example. http://pynstrom.net/index.php?page=holynix.php
WackoPicko WackoPicko is a website that contains known vulnerabilities. It was first used for the article Why Johnny Kent Pentest: An Analysis of Black-box Web Browser Vulnerability Scanners Found: http://cs.ucsb.edu/~adoupe/static/black-box-scanners-dimva2010.pdf https: // github.com/adamdoupe/WackoPicko
De-ICE PenTest LiveCDs PenTest LiveCD is the creation of Thomas Wilhelm, who was transferred to the company’s penetration verification team. As much as you need to learn about penetration testing as quickly as possible, Thomas started looking for both tools and targets. He found a number of tools, but did not use targets to fight against. In the end, in an attempt to narrow the educational gap, Thomas created PenTest Scripts using LiveCD. http://de-ice.net/hackerpedia/index.php/De-ICE.net_PenTest_Disks
Metasploitable Metasploitable is Installing Ubuntu 8.04 Server on VMWare 6.5. Several vulnerable packages are included, including installing tomcat 5.5 (with weak credentials), distcc, tikiwiki, twiki, and older mysql. http://blog.metasploit.com/2010/05/introducing-metasploitable.html
Owaspbwa Open Web Application Security Project (OWASP) Broken Web Application Project, a collection of vulnerable web applications. http://code.google.com/p/owaspbwa/
Dojo Web Security A free open-source, standalone learning environment for web application security penetration testing. Tools + Goals = Dojo http://www.mavensecurity.com/web_security_dojo/
Lampecurity Training LAMPSecurity is a series of vunlerable virtual machine images along with developed additional documentation to teach linux, apache, php, mysql security. http://sourceforge.net/projects/lampsecurity/files/
Damn Vulnerable Web App (DVWA) Damn Vulnerable Web App is a PHP / MySQL web application that is damn vulnerable. Its main goals are to help security professionals for skills and tools in the environment, to help web developers better understand the processes of protecting web applications and to help teachers / students to teach / study web pages in application safety in the classroom environment. www.dvwa.co.uk/
Hacking-Lab This is a hacker lab Project LiveCD. He is currently in beta stadium. Live-cd is a standardized client environment for solving our Wackame Hacking-Lab remote problem. http://www.hacking-lab.com/hl_livecd/
Moth Moth is a VMware image with a set of vulnerable web applications and scripts that you can use for: http://www.bonsai-sec.com/en/research/moth.php
Damned Linux (DVL) Damn Linux Vulnerability - It's All Good Linux distribution is not. it is the developers who spent hours stuffing it with broken, poorly configured, outdated and exploited software which makes it vulnerable to attacks. DVL is not designed to work on your desktop - its an educational tool for students' safety. http://www.damnvulnerablelinux.org
pWnOS pWnOS is located on the "VM image", which creates a goal for penetration testing practice; with "end" goal "- get roots. practice using exploits, from multiple entry points http://www.backtrack-linux.org/forums/backtrack-videos/2748-%5Bvideo%5D-attacking-pwnos.html http : //www.krash.in/bond00/pWnOS%20v1.0.zip
Virtual Hacker Lab Mirror intentionally insecure applications and old software with known vulnerabilities. Used for proof of concept / safety training / learning. Available in virtual images or in real time or offline formats. http://sourceforge.net/projects/virtualhacking/files/
Badstore Badstore.net is dedicated to helping you understand how hackers are victimized in web application vulnerabilities and show you how to reduce your exposure. http://www.badstore.net/
Katana Katana is a portable multi-boot security package that integrates many of today's best distribution security and portable applications for launching a single drive drive. It includes distributions that focus on verification, verification, Forensics, system recovery, Network Analysis and malware removal. Katana also comes with over 100 portable Windows applications; such as Wireshark, Metasploit, NMAP, Cain & Um and much more. www.hackfromacave.com/katana.html