The Art of Guessing
No_commercial!
Smut sites busting


by .sozni
courtesy of fravia's pages of reverse engineering

(published at fravia's in October 1999, taken from sozni's page)

The Art of Guessing

There are many ways to get registered software.  You can buy it, you can get a copy from a friend or from the internet, you can crack a demo, you can use a serial number, etc.  There are so many ways that if you really want something, you can get it.


I have noticed that many ActiveX controls are updated frequently.  For example, DataDynamics has been posting a new update for ActiveReports every two weeks.  If you get a pirated copy or a patch, then you never really have the most recent version.   That's why I prefer licensing my software.  And that's what my essays are about: licensing, not cracking software.

I have already talked about a couple of ways to get licensed.  There is another way that I am starting to use more and more.  That is to hack the company's web site. There are may ways to find info on the company's website.  Here are some methods that I use:

-  Browse their FTP site looking for hidden directories
-  Browse their FTP site looking for stuff out in the open that they have forgotten about
-  Use a FrontPage attack (there are many)
-  Exploit weaknesses in Active Server Pages
-  View the source of pages (especially registering and purchasing online pages)
-  And my favorite:  Guessing

I can't believe how many sites I have hacked just by guessing stuff.  As I mentioned before I got all of the Winternals Software just by guessing the URL's.  I got a password for a protoview install by typing random keys (I heard someone else had done the same thing).  I have found serial number lists, serial number generators and validators, and user registrations.

It's all there for the taking.  The trick is to be really good at guessing.  The principle here is that people are predictable.  If someone thinks a certain way one day, most likely they are going to think the same way the next day.  Also, people are usually going to name things with the first thing that comes to mind.

For example, if you wanted to created a directory for downloads, what would you call that directory?  And then if you have one directory for demos, what would you call the directory for retail products?

Do see my point?  The Amazing Kreskin works on this principle.  He asks people to think of a vegetable and most people will think of a carrot.  He asks them to think of a shape then to think of another shape inside that shape and most of the time he knows what they are thinking.  Why?  Because people are predictable.

How many new computer users do you think use their logon as their password?  Many.   And why do you think there are so many common password lists on hacking sites?   Because a lot of people use these common passwords.  See? They are predictable.

Now if a company has a product named ERD Commander and the information about that product is on a page called erdcmndr.htm and the demo is named
erdcmndr.exe in the demos directory then what do you think the real product is going to be called?  Yep, erdcmndr.exe (in a different directory, of course). 

To get the real version of ERD Commander I looked at the demo at www.sysinternals.com then went to their retail site, www.winternals.com and downloaded erdcmdr.exe.  Of course, I first had to find the download directory, but that's another story.

And guess what? I just repeated that same process for all of their products.   Remember what I said?  If someone thinks a certain way one day, most likely they are going to think the same way the next day. People are predictable.

Here's another one:  Suppose a company has a wep page that allows you to register their software online.  It is called regonline.htm.  And let's suppose they are using IIS on Windows NT.  And let's suppose they want all these online registrations to be saved to a text file.  What would that file be named and where would it be located?  These would be my first guesses for www.company.com/regonline.htm:

www.company.com/regonline.txt
www.company.com/_private/regonline.txt
www.company.com/_vti_pvt/regonline.txt

Here's another one, Janus Systems has a page to register online in the http://www.janusys.com/Support/ directory.  These registrations post to a
text file.  Now if your customers were registering their software and these registrations post to a text file and your company is in Mexico,
what would you call this text file?

My guesses would be:
www.janusys.com/support/registration.txt
www.janusys.com/support/register.txt
www.janusys.com/support/registracion.txt
www.janusys.com/support/registra.txt

And you know what? It's the last one (at least it used to be before I first posted this essay on my mailing list)

The key to guessing is research.  Look around at their website and see what they name things and where they put things.  Look at pictures and links and downloads.  Do they like cryptic abbreviations? Is there a method that uses the product version number?   Do you see patterns?

Then, just guess.  You would be surprised how many times this works.  That is, if you have really mastered the art of guessing.

 

Copyright ©1998 .sozni, all rights reserved.  This information must not be duplicated or reproduced without express written permission by the operator of this web site.

Disclaimer:  This information must only be used for academic purposes to study different licensing techniques and must not be used to infring the copyrights of these companies.  It must not be used to pirate software or encourage software piracy or to engage in any illegal activity.  All instructions are provided as-is and are not supported by either the software producers or the owners or operators of this web site or anyone else for that matter.  Before using any of these licensing techniques you must first get approval from the softare producer and/or have already purchased this software. 

red
You'r deep inside fravia's pages of reverse engineering, choose your way out:

 


red

redhomepage red links red anonymity red+ORC redstudents' essays redacademy database redbots wars
redantismut redtools redcocktails redjavascript wars redsearch_forms redmail_fravia
redIs reverse engineering illegal?