Here’s a list of some CTF practice sites and tools or CTFs that are long-running. Thanks, RSnake for starting the original that this is based on. If you have any corrections or suggestions, feel free to email ctf at the domain psifertex with a dot com tld.
LIVE ONLINE GAMES
Whether they’re being updated, contain high quality challenges, or just have a lot of depth, these are probably where you want to spend the most time.
http://securityoverride.org/ Some good concepts, but “canned” vulnerabilities (string matching on input) will frustrate knowledgable hackers and teach newbies the wrong lessons
http://www.wechall.net/sites.php (excellent list of challenge sites)
http://ctf.forgottensec.com/wiki/ (good CTF wiki, though focused on CCDC)
http://repo.shell-storm.org/CTF/ (great archive of recent CTFs)
DOWNLOADABLE OFFLINE GAMES
Damn Vulnerable Web App
Stanford SecureBench Micro
Damn Vulnerable Linux (not currently live? local mirror)
Inactive or Gone
Just around for historical sake, or on the off-chance they come back.
WebMaven (Buggy Bank)