Skip to content

Instantly share code, notes, and snippets.

@ccondon-r7
Last active November 30, 2018 17:38
Show Gist options
  • Save ccondon-r7/78a2196e1ca2893bba6e48af79b97bd4 to your computer and use it in GitHub Desktop.
Save ccondon-r7/78a2196e1ca2893bba6e48af79b97bd4 to your computer and use it in GitHub Desktop.
FAQ: 2018 Metasploit Community CTF

Welcome to the 2018 Metasploit CTF! Below are answers to some common questions. General reminders:

  • Provisioning is first come, first served. It may take a few minutes. Be patient!
  • The scoreboard is not a target.
  • Please, no spoilers in Slack channels or other public places. Everyone learns at their own pace; don’t ruin the game for others. We may kick you out of Slack if you post flag spoilers. Harassment of other players and community members won’t be tolerated.
  • Login emails will be locked down prior to the start of the game. You can still change your password if you forget it.
  • Metasploit Slack messages archive automatically after a certain threshold (this is just how our implementation of Slack works). If you’re worried about continuous access to your conversations, you may want to hold them outside of Metasploit’s Slack channel.

FAQ

Where can I find the rules and the prizes? Here: https://blog.rapid7.com/2018/11/05/announcing-the-2018-metasploit-community-ctf/. Please note that there’s only one prize for each winner, so if you are playing as a team, it’s up to you to figure out who gets the loot.

How do I connect to my CTF environment? Starting at 12 PM (noon US Eastern Time) on Friday, November 30, you can log in here and follow the directions on your Control Panel to access the CTF environment.

I am not receiving points when I submit my flag. What’s wrong? You are not submitting the correct MD5 hash. This means you still have some work to do to solve the challenge correctly. Keep trying! There is no penalty for wrong answers.

Do I need to use Metasploit to solve all the challenges? No. Using Metasploit is an option for some challenges, but the CTF was not engineered to be Metasploit-specific.

Can you give me a hint about $FLAG? Nope, that would spoil the fun! However, you can work with your teammates or ask the community for help. Please don’t post spoilers in public Slack channels. Everyone is here to learn at their own pace.

I’m having technical difficulties. OR I think I’ve found a bug! Can I DM someone for help? In general, Rapid7 staff will not respond to DMs requesting help with flag discovery, exploitation, or anything else related to the workings of the game. If you think you have discovered a bug in the CTF environment, you can reach out to a designated admin on Slack. If the behavior is something we think is unexpected, we’ll respond and take a look.

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment