"to arrive at
a correct conclusion
by conjecture, chance or intuition"
Aut inveniam viam aut faciam!
Web-Guessing lore! This old but very important page is obviously related to the importance of names on the web, and to the many searching essays and more specific searching tips and advice offered on searchlores.
Let's see... here follows a more exhaustive and updated list of the possible and common names of the infamous "bingo" page, where you would land after having "paid" your tribute to the site (or database) owner... if you hadn't guessed correctly, that is :-)
Note that here we target ebooks: hence modify ('guess' what :-) for different targets...
thankyou.htm thank-you.htm thank_you.htm download.htm downloadlink.htm downloadpage.htm members.htm private.htm priv.htm private | members | priv (without .htm will display files under the homonym folders if any) ebook.htm yourebook.htm myebook.htm target.pdf or target.chm (search on the site and replace with your target name) acronym or shortversion_of_ebook_name.pdf (possible abbreviations for the target name) promember.htm thankyou1.htm secrets.htm hidden.htm downlink.htm down-link.htm down_link.htm downloadpage.htm download-page.htm verified.htm paidmember.htm paid-member.htm verifiedmember.htm verified-member.htm verified_member.htm alert.htm resources.htm
The file extension can be different. Instead of .htm try out .html and .php (if the 'habitat' of your target shows other web pages in php)
by .sozni (October 1999... yet far from being obsolete :-)
There are many ways to get registered software. You can buy it, you can get a copy from a friend or from the internet, you can crack a demo, you can use a serial number, etc. There are so many ways that if you really want something, you can get it.
I have noticed that many ActiveX controls are updated frequently. For example, DataDynamics has been posting a new update for ActiveReports every two weeks. If you get a pirated copy or a patch, then you never really have the most recent version. That's why I prefer licensing my software. And that's what my essays are about: licensing, not cracking software.
I have already talked about a couple of ways to get licensed. There is another way that I am starting to use more and more. That is to hack the company's web site. There are may ways to find info on the company's website. Here are some methods that I use:
- Browse their FTP site looking for hidden directories
- Browse their FTP site looking for stuff out in the open that they have forgotten about
- Use a FrontPage attack (there are many)
- Exploit weaknesses in Active Server Pages
- View the source of pages (especially registering and purchasing online pages)
- And my favorite: Guessing
I can't believe how many sites I have hacked just by guessing stuff. As I mentioned before I got all of the Winternals Software just by guessing the URL's. I got a password for a protoview install by typing random keys (I heard someone else had done the same thing). I have found serial number lists, serial number generators and validators, and user registrations.
It's all there for the taking. The trick is to be really good at guessing. The principle here is that people are predictable. If someone thinks a certain way one day, most likely they are going to think the same way the next day. Also, people are usually going to name things with the first thing that comes to mind.
For example, if you wanted to created a directory for downloads, what would you call that directory? And then if you have one directory for demos, what would you call the directory for retail products?
Do see my point? The Amazing Kreskin works on this principle. He asks people to think of a vegetable and most people will think of a carrot. He asks them to think of a shape then to think of another shape inside that shape and most of the time he knows what they are thinking. Why? Because people are predictable.
How many new computer users do you think use their logon as their password? Many. And why do you think there are so many common password lists on hacking sites? Because a lot of people use these common passwords. See? They are predictable.
Now if a company has a product named ERD Commander and the information about that product is on a page called erdcmndr.htm and the demo is named
erdcmndr.exe in the demos directory then what do you think the real product is going to be called? Yep, erdcmndr.exe (in a different directory, of course).
To get the real version of ERD Commander I looked at the demo at www.sysinternals.com then went to their retail site, www.winternals.com and downloaded erdcmdr.exe. Of course, I first had to find the download directory, but that's another story.
And guess what? I just repeated that same process for all of their products. Remember what I said? If someone thinks a certain way one day, most likely they are going to think the same way the next day. People are predictable.
Here's another one: Suppose a company has a Web page that allows you to register their software online. It is called regonline.htm. And let's suppose they are using IIS on Windows NT. And let's suppose they want all these online registrations to be saved to a text file. What would that file be named and where would it be located? These would be my first guesses for www.company.com/regonline.htm:
Here's another one, Janus Systems has a page to register online in the http://www.janusys.com/Support/ directory. These registrations post to a
text file. Now if your customers were registering their software and these registrations post to a text file and your company is in Mexico,
what would you call this text file?
My guesses would be:
And you know what? It's the last one (at least it used to be before I first posted this essay on my mailing list)
The key to guessing is research. Look around at their website and see what they name things and where they put things. Look at pictures and links and downloads. Do they like cryptic abbreviations? Is there a method that uses the product version number? Do you see patterns?
Then, just guess. You would be surprised how many times this works. That is, if you have really mastered the art of guessing.
Copyright ©1998 .sozni, all rights reserved.
Granted: guessing can be boring, and should almost always be used as last resort... as ultima ratio quaerentis. This method, even using a good list (or hunch) of probable names, will in fact work successfully only in few cases... probably just one or two out of ten attempts.
But this method is sound, because it is based on the very structure of our web, a structure that was MADE for sharing (and not for selling, thanks Godzilla). Much will depend from your nose and your web-experience.
What is sure, is that this approach works better if you already have a hunch!
The following will work for software or music as well (in fact for almost any target you could be looking for), but let's make now an example of guessing regarding images.
Let's say you discover a site where photos have been stored and collected. Alas not with the aim of spreading them to anyone for free, but -as unfortunately often happens on the commercial polluted web, with the shockingly repellent (quite macabre) intent to "sell" them.
Ok, you found the image you wanted applying our well-known image searching techniques. But the image is crippled, or tagged with awful watermarks, or much too small.
Often the commercial bastards let visitors see -as bait- only the smallest versions of the photos they host, or only images impaired by watermarks, patents and tags, or only low resolution photos... preposterously pretending "money" to show you bigger versions (or uncrippled and untagged versions).
Back to our guessing lore: if your crippled target image happens to have -say- a name like BMPD_03884_0048601T.JPG, what would you do?
For instance: http://media3.adforum.com/zrIf58670C/B/BM/BMPD_03884/BMPD_03884_0048601T.JPG, an English Volkswagen advertisement.
Alas, the clowns are not a free knowledge site. Let's see what we can do.
Let's isolate the image, and now let's play the guessing game, because we don't really want to [shudder] pay advertisers in order to see their crap, do we?
Now we notice that BMPD_03884_0048601T.JPG has a "t" inside. Could it be a "t" for "tiny"?
And if so... could we have maybe a "w" for "wide" and maybe also an "a" for "art", or maybe "all" or "amazing"... who knows? Who cares? Just try the letter/guessing game in such cases :-)
(http://media3.adforum.com/zrIf58670C/B/BM/BMPD_03884/BMPD_03884_0048601W.JPG...see? http://media3.adforum.com/zrIf58670C/B/BM/BMPD_03884/BMPD_03884_0048601AJPG... haha! q.e.d. (quod erat demonstrandum :-)
Page optimised for Opera. Other browsers? Couldn't care less.