The Metasploitable3 CTF competition has wrapped up and we have our winners!  We had almost 300 flag submissions from more than 50 fine folks.  There were some really great right-ups submitted with great details on how flags were found.  Thanks to everyone who took time to submit a finding!  ON TO THE RESULTS!

When we announced the competition, we didn't specify if team submissions were allowed or not.  Well, it turns out that  a team was in the top 3.  Team RUNESEC went bonkers and submitted all 15 flags over the course of 4 days.  Nice work RUNESEC.   We didn't want anyone to feel slighted so we decided to go ahead and (in the spirit of the season) be generous 🙂. Therefore, Team RUNESEC will receive a 2nd place prize as they were second to submit all the flags.  Additionally, the Top-3 individual submitters will receive prizes.

These winners showed some tremendous talent and skill.  Vaibhav completed just 7 days after the contest was announced and Jonathan completed all the flags in roughly 12 hours!  A total of 4 individuals completed the challenge, based on reviews of the write-ups, and time of completion we have the top 3 winners.

Top Individual Submitters

1st Place, Hak5 Pineapple: Vaibhav Deshmukh
2nd Place, LAN Turtle or Lock Pick Set: Igor Guarisma
3rd Place, LAN Turtle or Lock Pick Set: Jonathan Echavarria

Top Team Submitter

1st Place, LAN Turtle or Lock Pick Set: Team RUNESEC

Here is a break down of the top-10 submitters, please note that the grouping by count doesn't reflect overall standings, just the number of valid flags submitted.

Top 10 Submitters

Great work everyone!

The card most frequently found where:

The card most likely to be found first?  The Joker.


We will be contacting the winners directly over the next few weeks to arrange delivery of the prizes.  And... as an added bonus EVERYONE who submitted a valid flag will get a Metasploit t-shirt!!

Thanks again to everyone who participated, we've had a great time reviewing all the very creative and well-written submissions.  Going forward we will continue to add new and fun flags to Metasploitable3 as always, we'll keep you posted when we have some new flags to discover.  We will also be adding new options to exploit Metasploitable3 as they emerge.   If you have any ideas or things you'd like to see in future iterations of Metasploitable3 please feel free to comment on our Git page.  Metasploitable3 is an open source project so, if you're up to it, you can submit a pull request with any of your own ideas!  Check out the repo on git.

I'd like to give a special thanks to sinn3r for all of his great work judging submissions and helping out everyone with questions.