Practice Material - Template Injection Playground.

Several times I've seen courses talk about downloading a copy of vulnerable software and analyzing it. The best example of this for me has been the Template Injection Playground. I created a new Ubuntu VM, loaded this, and have spent quite a while deep-diving into SSTIs. It's not just great practice for SSTI though, with a working knowledge of the subdomains you can really fine tune your whatweb, ferox and dirbuster, curl, BurpSuite, and all the other tools we like to use. I initially set the box up to figure out why tinja wasn't working for me, however this last 1-2 weeks I've found it very educational for myriad other reasons.

I'd love to hear about other zoo machines people use to practice and hone their skills.