So, I've Been Reading and Watching Vids on the Net, but There Is One Thing That Bugs Me - Cracking a Security Question. And I'm Not Only Talking About Facebook and Gmail, I'm Talking About Security Questions in General. So if Somebody Is Able to Throw Some Light on the Tapic I'd Be Really Grateful.
Forum Thread: How to crack a security question?
- Hot
- Active
-
Forum Thread:
How to Track Who Is Sms Bombing Me .
4
Replies
1 mo ago -
Forum Thread:
Removing Pay-as-You-Go Meter on Loan Phones.
1
Replies
1 mo ago -
Forum Thread:
Hydra Syntax Issue Stops After 16 Attempts
3
Replies
2 mo ago -
Forum Thread:
moab5.Sh Error While Running Metasploit
17
Replies
3 mo ago -
Forum Thread:
Execute Reverse PHP Shell with Metasploit
1
Replies
4 mo ago -
Forum Thread:
Install Metasploit Framework in Termux No Root Needed M-Wiz Tool
1
Replies
5 mo ago -
Forum Thread:
Hack and Track People's Device Constantly Using TRAPE
35
Replies
5 mo ago -
Forum Thread:
When My Kali Linux Finishes Installing (It Is Ready to Boot), and When I Try to Boot It All I Get Is a Black Screen.
8
Replies
6 mo ago -
Forum Thread:
HACK ANDROID with KALI USING PORT FORWARDING(portmap.io)
12
Replies
6 mo ago -
Forum Thread:
Hack Instagram Account Using BruteForce
208
Replies
7 mo ago -
Forum Thread:
Metasploit reverse_tcp Handler Problem
47
Replies
9 mo ago -
Forum Thread:
How to Train to Be an IT Security Professional (Ethical Hacker)
22
Replies
9 mo ago -
Metasploit Error:
Handler Failed to Bind
41
Replies
9 mo ago -
Forum Thread:
How to Hack Android Phone Using Same Wifi
21
Replies
9 mo ago -
How to:
HACK Android Device with TermuX on Android | Part #1 - Over the Internet [Ultimate Guide]
177
Replies
9 mo ago -
How to:
Crack Instagram Passwords Using Instainsane
36
Replies
9 mo ago -
Forum Thread:
How to Hack an Android Device Remotely, to Gain Acces to Gmail, Facebook, Twitter and More
5
Replies
10 mo ago -
Forum Thread:
How Many Hackers Have Played Watch_Dogs Game Before?
13
Replies
10 mo ago -
Forum Thread:
How to Hack an Android Device with Only a Ip Adress
55
Replies
11 mo ago -
How to:
Sign the APK File with Embedded Payload (The Ultimate Guide)
10
Replies
11 mo ago
-
How To:
Use Burp & FoxyProxy to Easily Switch Between Proxy Settings
-
How To:
Enumerate SMB with Enum4linux & Smbclient
-
How To:
Spy on Traffic from a Smartphone with Wireshark
-
How To:
Brute-Force Nearly Any Website Login with Hatch
-
How To:
Detect Script-Kiddie Wi-Fi Jamming with Wireshark
-
How To:
Pop a Reverse Shell with a Video File by Exploiting Popular Linux File Managers
-
How To:
Scan for Vulnerabilities on Any Website Using Nikto
-
How To:
Hack 5 GHz Wi-Fi Networks with an Alfa Wi-Fi Adapter
-
How To:
Use MDK3 for Advanced Wi-Fi Jamming
-
How To:
Gain SSH Access to Servers by Brute-Forcing Credentials
-
The Hacks of Mr. Robot:
How to Send a Spoofed SMS Text Message
-
How To:
Map Wardriving Data with Jupyter Notebook
-
How To:
Use Commix to Automate Exploiting Command Injection Flaws in Web Applications
-
How To:
Stealthfully Sniff Wi-Fi Activity Without Connecting to a Target Router
-
Video:
How to Crack Weak Wi-Fi Passwords in Seconds with Airgeddon on Parrot OS
-
How To:
Use an ESP8266 Beacon Spammer to Track Smartphone Users
-
News:
8 Wireshark Filters Every Wiretapper Uses to Spy on Web Conversations and Surfing Habits
-
How To:
Create & Obfuscate a Virus Inside of a Microsoft Word Document
-
Hack Like a Pro:
How to Crack Passwords, Part 4 (Creating a Custom Wordlist with Crunch)
-
How To:
Enable Offline Chat Communications Over Wi-Fi with an ESP32
3 Responses
Assuming that your target has answered the Security Question honestly (and I'm a big fan of giving my city of birth as Ulan Bator or somesuch) then social engineering is the key to cracking the answer. SQs tend to follow a similar pattern, despite the fact that many are now moving away from the old "mother's maiden name" format.
When you talk about SQs in general you are throwing the net too wide. I would suggest targeting a specific platform as you can then set up your own bogus account in order to take note of the SQs they ask for.
After that is a question of carrying out recon on your target; befriend them on Facebook, review their Linkedin profile and gather as much publicly available info as possible. If you befriend them on FB and you share similar interests you can strike up chats about innocuous subjects and try and steer them around to areas of interest such as birthdays, places of birth, pets etc.
This is a long term approach that requires significant effort and is unlikely to work on a subject that has any degree of internet security awareness.
its hard to provide you a guide to this, because it also depends a lot on what you are trying to 'crack'. I wouldnt call it cracking, more like bypassing or social engineering at least.
You have to study the companies or website questions, think of flaws, experiment and eventually you might stumble upon a solution to bypass their questions. it is very hard if you ask me, and personally I dont take this method to use because I find it very difficult and time consuming.
Are we talking about CAPTCHA? or " 6 + 7 = "?
You should teach your computer to understand the possible question and then it can answer the question with ease.
Let me know, you might some ML to " crack" this one
/Bytewiz
Share Your Thoughts