Jump to content

Bypass BIOS disabled USB booting


Recommended Posts

One thing that frustrates me is when someone has disabled booting from USB via the BIOS menu. Would it be possible to bypass this in a method similar to what Rubber Ducky uses? I'm not entirely sure how to develop such an exploit since I'm still in the process of learning, but I figured you guys would know what I'm talking about. If this idea has been done before, please point me in the right direction. I tried searching around for it on the net but haven't found anything as of yet.

Link to post
Share on other sites

I guess you could have it hit the BIOS key and navigate and turn it on. Problem being if you want that to work on multiple systems, the steps for BIOS keys and menus will dramatically differ. To boot from USB, it needs to be enabled in the BIOS. That is basically the lowest level for hardware detection.

Link to post
Share on other sites

Question, is the computer you are using yours? If not, then they probably have good reason for blocking this for security reasons, but if it's yours, log into your bios and change the default boot device order yourself. Some older devices don't even have USB booting abilities or settings though, so you could try this as well - plop : http://www.howtogeek.com/howto/16822/boot-from-a-usb-drive-even-if-your-bios-wont-let-you/?PageSpeed=noscript

Link to post
Share on other sites

I'm going out on a limb and going to say this is a computer you bought used and need to do this for ethical reasons... But anyway if you need to gain access to the bios the Rubber Ducky can help in one way, that is if the bios is locked with a passcode. If when you try to access the bios it asks you to enter a keycode or passcode you could write a payload that will attempt to brute force the bios passcode. This could be accomplished by writing a program to generate a long payload for the rubber ducky (assuming you dont want to type out lines of code for each number 0-9999 and assuming the bios is only protected by a 4 digit code).

Here's an example of the code (This assumes you plug the rubber ducky in after you get to the passcode lock screen and that pressing enter once will allow you to try again):

STRING 0001
ENTER
STRING 0002
ENTER
STRING 0003
ENTER
STRING 0004
ENTER
...
STRING 9998
ENTER
STRING 9999
ENTER
Link to post
Share on other sites

I guess I should have specified that I understand a few different programming languages at an intermediate level, but don't understand assembly/machine code/etc. This isn't something that I am currently trying to do, just an idea that occurred to me because I love learning more and have locked others out of booting from USB on previous devices that I owned before. When it comes down to it, every programming language is vulnerable because it follows machine code and the basic principles of electricity. Machines have certain orders of operations that they have to follow in order to work, and a lot of people just don't understand that. Which is why the weakest system is the human system and I want to exploit the systems that humans(i.e. I) use. Hopefully that made sense and I don't sound like an idiot.

Link to post
Share on other sites

I'm going out on a limb and going to say this is a computer you bought used and need to do this for ethical reasons... But anyway if you need to gain access to the bios the Rubber Ducky can help in one way, that is if the bios is locked with a passcode. If when you try to access the bios it asks you to enter a keycode or passcode you could write a payload that will attempt to brute force the bios passcode. This could be accomplished by writing a program to generate a long payload for the rubber ducky (assuming you dont want to type out lines of code for each number 0-9999 and assuming the bios is only protected by a 4 digit code).

Here's an example of the code (This assumes you plug the rubber ducky in after you get to the passcode lock screen and that pressing enter once will allow you to try again):

STRING 0001
ENTER
STRING 0002
ENTER
STRING 0003
ENTER
STRING 0004
ENTER
...
STRING 9998
ENTER
STRING 9999
ENTER

Couldn't you combine that with a script loaded on the USB to bruteforce the password, turn USB booting on, then boot from USB?

Link to post
Share on other sites

Most BIOS passwords are actual passwords rather than PIN codes and, like most password prompts, they will begin to bother you when you repeatedly try incorrect passwords.

For instance by turning off the machine again with might result in the ducky losing power and on the next boot simply starting from 0001 again.

Link to post
Share on other sites

Yes you could cogitoero I was just posting that as an example of the ducky could be used to help gain access not a full system to automate the entire process but with some more effort and thought you sure could expand on that to do more.

Most BIOS passwords are actual passwords rather than PIN codes and, like most password prompts, they will begin to bother you when you repeatedly try incorrect passwords.

For instance by turning off the machine again with might result in the ducky losing power and on the next boot simply starting from 0001 again.

Most BIOs I have run into besides machines running Win8 have had PIN codes and they have been run by very simple code that allowed for brute-force attacks. I was just giving him an example of how the ducky could possibly be used to do what he asked. And I did say that when making the code I assumed it used a PIN/passcode, not a passphrase or word.

Edited by Catch22
Link to post
Share on other sites

Yes you could cogitoero I was just posting that as an example of the ducky could be used to help gain access not a full system to automate the entire process but with some more effort and thought you sure could expand on that to do more.

Most BIOs I have run into besides machines running Win8 have had PIN codes and they have been run by very simple code that allowed for brute-force attacks. I was just giving him an example of how the ducky could possibly be used to do what he asked. And I did say that when making the code I assumed it used a PIN/passcode, not a passphrase or word.

So windows 8 streamlines the process?

http://www.zdnet.com/article/windows-8-start-up-speed-forces-usb-boot-workaround/

Link to post
Share on other sites

I haven't looked into playing with Windows 8 and getting it to boot from a USB but I assume there are guides out there like the link you posted that would explain the process. The reason I haven't bothered with Windows 8 is because any server/large network isn't likely to use Windows 8 as it is not created to be used in a professional enviroment so knowing more about Windows 7 has been my priority :grin:

Link to post
Share on other sites

Join the conversation

You can post now and register later. If you have an account, sign in now to post with your account.

Guest
Reply to this topic...

×   Pasted as rich text.   Paste as plain text instead

  Only 75 emoji are allowed.

×   Your link has been automatically embedded.   Display as a link instead

×   Your previous content has been restored.   Clear editor

×   You cannot paste images directly. Upload or insert images from URL.

  • Recently Browsing   0 members

    No registered users viewing this page.

×
×
  • Create New...