The Metasploitable3 Capture The Flag Competition has been underway for about a week now and the submissions have been pouring in!  We're very excited to see so many great submissions. We're reviewing as fast as we can so if you don't hear back from us right away, don't worry, you will.  For all valid submissions we will update this blog post and subsequent ones with the leaderboard. For any questions submitted we will get back with you as fast as we can, and for any invalid solutions submitted we will write back and let you know the reason. Got a question? Send it to capturetheflag [at] rapid7 [dot] com.

Some of the flags are a little bit tricky and have been causing the most questions, so we wanted to add a little clarity.

Firstly, all flags will be in the same design. If you see a flag that looks different than others, it's probably not a flag.  Additionally, all the real flags are .PNGs.

There is also one flag where we lost some of the data, if you find one half flag, it counts. And don't forget, flags found in C:\Vagrant or the virtual box console don't count.

Now that some housekeeping is out of the way, let's get on with the current results!! 😊

So far we have had 155 submissions from 31 individuals!  One rock-star submitter went BONKERS over the weekend and found 11 flags in 2 days.There's definitely still time to get submissions in and take over the leaderboard though!

The Joker is the most common flag found and the Ace of Hearts has been the most tricky flag to find with 10 invalid submissions

Top Submitters

Card Counts

Great stuff everyone! Keep those submissions coming in!