cogitoergo Posted January 10, 2015 Share Posted January 10, 2015 One thing that frustrates me is when someone has disabled booting from USB via the BIOS menu. Would it be possible to bypass this in a method similar to what Rubber Ducky uses? I'm not entirely sure how to develop such an exploit since I'm still in the process of learning, but I figured you guys would know what I'm talking about. If this idea has been done before, please point me in the right direction. I tried searching around for it on the net but haven't found anything as of yet. Quote Link to comment Share on other sites More sharing options...
Mr-Protocol Posted January 10, 2015 Share Posted January 10, 2015 If booting from USB is disabled in the BIOS, you simply will not boot from USB. The Rubber Ducky acts as a Keyboard/Mouse so there really is not a "method" or secret that it is exploiting. Other than the inherent trust of local keyboard/mouse access. Quote Link to comment Share on other sites More sharing options...
cogitoergo Posted January 10, 2015 Author Share Posted January 10, 2015 So there isn't any way to use that trust to turn USB boot on? Quote Link to comment Share on other sites More sharing options...
Mr-Protocol Posted January 10, 2015 Share Posted January 10, 2015 I guess you could have it hit the BIOS key and navigate and turn it on. Problem being if you want that to work on multiple systems, the steps for BIOS keys and menus will dramatically differ. To boot from USB, it needs to be enabled in the BIOS. That is basically the lowest level for hardware detection. Quote Link to comment Share on other sites More sharing options...
cooper Posted January 10, 2015 Share Posted January 10, 2015 It seems Windows 8 has something that might be usable here... Quote Link to comment Share on other sites More sharing options...
digip Posted January 11, 2015 Share Posted January 11, 2015 Question, is the computer you are using yours? If not, then they probably have good reason for blocking this for security reasons, but if it's yours, log into your bios and change the default boot device order yourself. Some older devices don't even have USB booting abilities or settings though, so you could try this as well - plop : http://www.howtogeek.com/howto/16822/boot-from-a-usb-drive-even-if-your-bios-wont-let-you/?PageSpeed=noscript Quote Link to comment Share on other sites More sharing options...
Catch22 Posted January 11, 2015 Share Posted January 11, 2015 I'm going out on a limb and going to say this is a computer you bought used and need to do this for ethical reasons... But anyway if you need to gain access to the bios the Rubber Ducky can help in one way, that is if the bios is locked with a passcode. If when you try to access the bios it asks you to enter a keycode or passcode you could write a payload that will attempt to brute force the bios passcode. This could be accomplished by writing a program to generate a long payload for the rubber ducky (assuming you dont want to type out lines of code for each number 0-9999 and assuming the bios is only protected by a 4 digit code). Here's an example of the code (This assumes you plug the rubber ducky in after you get to the passcode lock screen and that pressing enter once will allow you to try again): STRING 0001 ENTER STRING 0002 ENTER STRING 0003 ENTER STRING 0004 ENTER ... STRING 9998 ENTER STRING 9999 ENTER Quote Link to comment Share on other sites More sharing options...
cogitoergo Posted January 11, 2015 Author Share Posted January 11, 2015 I guess I should have specified that I understand a few different programming languages at an intermediate level, but don't understand assembly/machine code/etc. This isn't something that I am currently trying to do, just an idea that occurred to me because I love learning more and have locked others out of booting from USB on previous devices that I owned before. When it comes down to it, every programming language is vulnerable because it follows machine code and the basic principles of electricity. Machines have certain orders of operations that they have to follow in order to work, and a lot of people just don't understand that. Which is why the weakest system is the human system and I want to exploit the systems that humans(i.e. I) use. Hopefully that made sense and I don't sound like an idiot. Quote Link to comment Share on other sites More sharing options...
cogitoergo Posted January 11, 2015 Author Share Posted January 11, 2015 I'm going out on a limb and going to say this is a computer you bought used and need to do this for ethical reasons... But anyway if you need to gain access to the bios the Rubber Ducky can help in one way, that is if the bios is locked with a passcode. If when you try to access the bios it asks you to enter a keycode or passcode you could write a payload that will attempt to brute force the bios passcode. This could be accomplished by writing a program to generate a long payload for the rubber ducky (assuming you dont want to type out lines of code for each number 0-9999 and assuming the bios is only protected by a 4 digit code). Here's an example of the code (This assumes you plug the rubber ducky in after you get to the passcode lock screen and that pressing enter once will allow you to try again): STRING 0001 ENTER STRING 0002 ENTER STRING 0003 ENTER STRING 0004 ENTER ... STRING 9998 ENTER STRING 9999 ENTER Couldn't you combine that with a script loaded on the USB to bruteforce the password, turn USB booting on, then boot from USB? Quote Link to comment Share on other sites More sharing options...
cooper Posted January 11, 2015 Share Posted January 11, 2015 Most BIOS passwords are actual passwords rather than PIN codes and, like most password prompts, they will begin to bother you when you repeatedly try incorrect passwords. For instance by turning off the machine again with might result in the ducky losing power and on the next boot simply starting from 0001 again. Quote Link to comment Share on other sites More sharing options...
Catch22 Posted January 11, 2015 Share Posted January 11, 2015 (edited) Yes you could cogitoero I was just posting that as an example of the ducky could be used to help gain access not a full system to automate the entire process but with some more effort and thought you sure could expand on that to do more. Most BIOS passwords are actual passwords rather than PIN codes and, like most password prompts, they will begin to bother you when you repeatedly try incorrect passwords. For instance by turning off the machine again with might result in the ducky losing power and on the next boot simply starting from 0001 again. Most BIOs I have run into besides machines running Win8 have had PIN codes and they have been run by very simple code that allowed for brute-force attacks. I was just giving him an example of how the ducky could possibly be used to do what he asked. And I did say that when making the code I assumed it used a PIN/passcode, not a passphrase or word. Edited January 11, 2015 by Catch22 Quote Link to comment Share on other sites More sharing options...
cogitoergo Posted January 11, 2015 Author Share Posted January 11, 2015 Yes you could cogitoero I was just posting that as an example of the ducky could be used to help gain access not a full system to automate the entire process but with some more effort and thought you sure could expand on that to do more. Most BIOs I have run into besides machines running Win8 have had PIN codes and they have been run by very simple code that allowed for brute-force attacks. I was just giving him an example of how the ducky could possibly be used to do what he asked. And I did say that when making the code I assumed it used a PIN/passcode, not a passphrase or word. So windows 8 streamlines the process? http://www.zdnet.com/article/windows-8-start-up-speed-forces-usb-boot-workaround/ Quote Link to comment Share on other sites More sharing options...
Catch22 Posted January 12, 2015 Share Posted January 12, 2015 I haven't looked into playing with Windows 8 and getting it to boot from a USB but I assume there are guides out there like the link you posted that would explain the process. The reason I haven't bothered with Windows 8 is because any server/large network isn't likely to use Windows 8 as it is not created to be used in a professional enviroment so knowing more about Windows 7 has been my priority Quote Link to comment Share on other sites More sharing options...
Recommended Posts
Join the conversation
You can post now and register later. If you have an account, sign in now to post with your account.