Forum Thread: How to crack a security question?

Assuming that your target has answered the Security Question honestly (and I'm a big fan of giving my city of birth as Ulan Bator or somesuch) then social engineering is the key to cracking the answer. SQs tend to follow a similar pattern, despite the fact that many are now moving away from the old "mother's maiden name" format.

When you talk about SQs in general you are throwing the net too wide. I would suggest targeting a specific platform as you can then set up your own bogus account in order to take note of the SQs they ask for.

After that is a question of carrying out recon on your target; befriend them on Facebook, review their Linkedin profile and gather as much publicly available info as possible. If you befriend them on FB and you share similar interests you can strike up chats about innocuous subjects and try and steer them around to areas of interest such as birthdays, places of birth, pets etc.

This is a long term approach that requires significant effort and is unlikely to work on a subject that has any degree of internet security awareness.

its hard to provide you a guide to this, because it also depends a lot on what you are trying to 'crack'. I wouldnt call it cracking, more like bypassing or social engineering at least.

You have to study the companies or website questions, think of flaws, experiment and eventually you might stumble upon a solution to bypass their questions. it is very hard if you ask me, and personally I dont take this method to use because I find it very difficult and time consuming.

Are we talking about CAPTCHA? or " 6 + 7 = "?

You should teach your computer to understand the possible question and then it can answer the question with ease.

Let me know, you might some ML to " crack" this one

/Bytewiz