It’s official: The 2017 Metasploitable3 community CTF has come to a close. Congrats to our winners! Each of the top three teams submitted all 14 flags in under 24 hours. Who needs sleep when you can live on shells?

Standing Team
First place rot26
Second place mubix
Third place snadoteam

Bravo, all. We'll be in touch with the winners shortly to arrange prize delivery. If you were a fan of the visualization during play, give a shout-out to CTFd for making a great open-source scoreboard application.

CTF stats

Top 10

  • Hundreds of teams connected as soon as we opened play.
  • 103 teams made it onto the scoreboard. We salute those who found their first flag this week.
  • 21 teams successfully solved for all 14 flags.
  • 791 correct MD5 hashes were submitted (incorrect submissions topped 2,300—internet points for effort!).
  • The 8 of Clubs was our most-solved challenge, while the Joker eluded all but 24 wily players.

Solves by challenge

Community rocks

We hit our capacity of 500 teams within 36 hours of announcing the CTF. Immediately we saw players reaching out on Twitter and Slack offering to team up and help out. Our Slack channel was full of congrats and camaraderie, as well as hints and encouragement. Several folks have already communicated their intent to publish or share individual write-ups on their experiences. Second-place finisher mubix already has a comprehensive walk-through available here, and tenth-place finisher Intrinsic has a run-down here. This is why we love you guys—thanks for always helping each other learn.

Thanks to everybody who lent a hand, not least of all our awesome group of Metasploit mods: Brent Cook, Brendan Watters, Sam Huckins, and of course, Wei Chen and James Barnett, who created this whole fiesta for your hacking pleasure. We'll be releasing the Linux Metasploitable3 code in the next few weeks, so stay tuned. Until next time, friends!