Zach Orr's Blogosphere Thingy.

Goodbye Miner


I’ve made the decision to shut down FRC Miner ( I want to thank everyone that enjoyed Miner and supported me during development. You’re all the best.

Ghost in the Shellcode 2014 - TrustMeMore

We let your ex write a service.
Running at
Password: trust is 74u57 -- but l33t doesn't have a u.
Note: This challenge is not NAT-friendly.

Reversing “Apache Zero Day”

Script kiddies beware, those “Apache Zero Days” you find on Pastebin may not be what they seem. For this post, I decided to click around the web for some sketchy looking “Apache Zero Day” scripts. This was one of the scripts I found and decided to reverse. I’ll go over the “red flags” that show this is clearly not a zero day, and figure out what it’s actually doing. As a note, you shouldn’t run any of this code on your machine. Ready to go?

30C3 CTF 2013 Numbers 300 - Angler

We managed to sniff an encrypted message and we also have the encryption algorithm. Yet we are unable to decrypt it. Maybe you can help?
$ make
$ ./encrypt.erl "zachzor"

Battle Ready Nginx - an Optimization Guide

Most setup guides for Nginx tell you the basics – apt-get a package, modify a few lines here and there, and you’ve got a web server! And, in most cases, a vanilla nginx install will work just fine for serving your website. However, if you’re REALLY trying to squeeze performance out of nginx, you’ll have to go a few steps further. In this guide, I’ll explain which settings in nginx can be fine tuned in order to optimize performance for handling a large number of clients. As a note, this isn’t a comprehensive guide for fine-tuning. It’s a brief overview of some settings that can be tuned in order to improve performance. Your mileage may vary. CTF 2013 Misc 200 - OTP

To start, we’re given only an explanation

Some robots are on the Oktoberfest and want to take some tasty oil in a tent. But they hadn't reserved a table and all tents are full. No one gets access. They found a back entrance and managed to spy the credentials while an employee enters. They captured the username "admin" and password "supersafepw". But the employee also entered a strange number (168335). As they were sure nobody's looking, they tried the captured data to get in the tent, but it didn't work. Help the robots to get their tasty tasty oil. (Or they have to build their own tent with blackjack and hookers)
Here is your challenge: