Last updated at Tue, 25 Apr 2023 21:11:47 GMT
Two targets, three days, and a thousand teams: Put your skills to the test for a chance to win prizes and bragging rights in Metasploit’s 2018 community CTF. Read on for full competition details, or join the #ctf-support-2018 channel on Slack to start building your team.
TL;DR overview
- Registration: On Monday, Nov. 12 at noon EST (U.S.), you can register here: https://metasploit.com/communityctf2018. There are 1,000 registration spots; both individuals and teams are allowed. Please note: Teams only need to register ONE account. Team members can and should share credentials. Help us make the competition accessible to as many players as possible by registering only the account(s) you need.
- Play: Noon EST Friday, Nov. 30 to 11:59 a.m. EST Monday, Dec. 3 (U.S. time).
- Communication and support: Join the #ctf-support-2018 channel on Metasploit Slack to form teams and chat with other players. You can report technical issues to the Metasploit team on Slack during game play; however, we won’t respond to DMs with requests for hints or help with flags.
This year's CTF is made possible in part by Ixia and CTFd, for which we're grateful! You can see results and statistics from last year’s Metasploit CTF here.
2018 Metasploit Community Capture the Flag: Official rules
No purchase is necessary to participate. Only the first 1,000 registrants (teams or individuals) will be able to participate.
To enter
- Starting Monday, Nov. 12 at noon EST (U.S.), you can create an account here. Please note: Only ONE account is needed per team. Teammates can and should share credentials.
- Play starts Friday, Nov. 30 at noon EST (U.S.). When play starts, players should use the instructions on the
Control Panelto connect to the Kali Linux jump box. From there, players can attack the vulnerable target environments to find flags. All flags are PNG images. - When a flag is found, players should submit the MD5 hash to the
Challengessection of the scoreboard. If the MD5 hash is correct, points will be awarded.
The leaderboard competition will open on Friday, Nov. 30, 2018 at 12:00 p.m. (noon) EST and close on Monday, Dec. 3, 2018 at 11:59 a.m. EST. The three (3) participants with the highest point total at the end of the competition will receive the prizes listed below. In the event of a tie, the participant who reached that score first will be the winner.
You may participate as an individual or as a team. However, only ONE prize can be awarded for each winning account; therefore, if you are participating as a team, please be aware that we cannot offer prizes to each team member. (Any further method used to determine who among your teammates takes home the CTF spoils is up to you. We hear thumb wars and structured rock/paper/scissors competitions are effective.)
Questions?
To report technical issues during the competition or to discuss play with your teammates and community members, join us in the #ctf-support-2018 channel on Slack. The Metasploit team will be available on Slack in case of technical issues, but please be advised that Rapid7 staff members will not respond to DMs with requests for hints or help with MD5 hash submission.
Prizes
Only the prizes listed below will be awarded as part of the competition. Prizes are not transferable or redeemable for cash. Rapid7 reserves the right to make equivalent substitutions as necessary, due to circumstances not under its control. Please allow several weeks for delivery of any prize.
| Place | Prize | ARV |
|---|---|---|
| 1st | Hak5 Essentials Field Kit (1), Hack The Box 3-Month RastaLabs Ticket (1), Hack The Box 3-Month Offshore Ticket (1) | 850 USD |
| 2nd | Hak5 Network Implant Bundle (1), Hack The Box 2-Month RastaLabs Ticket (1), Hack The Box 2-Month Offshore Ticket (1) | 580 USD |
| 3rd | Hak5 WiFi Pineapple (NANO Tactical) (1), Hack The Box 1-Month RastaLabs Ticket (1), Hack The Box 1-Month Offshore Ticket (1) | 360 USD |
Acceptable use
The Metasploit Community CTF infrastructure should be used for the purposes of this competition and nothing else. Use of competition infrastructure for behavior outside of these guidelines may result in disqualification from the contest and/or revoked access.
The scoreboard server is not a competition target. Any malicious activity detected on or aimed at the scoreboard server may result in disqualification from the contest.
Fair behavior is expected of all participants. Please do not harass other participants. This includes verbal, physical, or emotional harassment as well as intentional disruption of service for others.
Competition host is Rapid7 LLC, 100 Summer St, Boston, MA 02110.
By entering the competition, you agree to these terms and conditions. Employees of Rapid7 and their respective affiliates, subsidiaries, related companies, advertising and promotional agencies, and the household members of any of the above are not eligible to participate in the competition. See full Terms here.
