Home arrow Security Guides Library
Thursday, 29 March 2007
Pen Testing of Windows
Self-testing security
Pen Testing your VPN
Domain Controller PenTest
Tools: Metasploit

We provide:

Security risk assessment, risk management assessment, security risk management, security audit, security compliance, security management, vulnerability assessment, security policy, policy assessment, vulnerability assessments, security analysis, management assessment, security consulting, security policies, security consultants, risk security, security plan, security systems, assessment evaluation, assessment standards, security monitoring, security testing, network security, risks security, information security, application security, assessment development, ethical hacking, sample assessment, it security, threat security, security report, security scan, security protection, security test, assessment report, security auditing, security solutions, network audit, security services, vulnerability, management threat assessment, network assessment, security vulnerability, risk management, data security, security risk, business security, intrusion detection, computer security, internet security, risk assessments, web security.

Advice on Penetration Testing
Essential Tips to Ensure Your Penetration Testing....

Self-testing security

Guess BIOS passwords yourself

Unlike many password-cracking programs that allow you to simply boot from CD or floppy to crack Windows-based passwords, if there's a power-on password setup in the BIOS, your options can be limited. The best way to get rolling is to simply try and guess the password yourself. For starters, on desktop and server systems, there are a lot of default backdoor passwords you can try. A previously published article, How to Bypass BIOS Passwords, and Computer Hopes' all-in-one reference guide to hacking BIOS passwords contain comprehensive lists.

If you know who is/was the user or previous owner of the computer, you should try some common passwords such as their user's name, company name and so on to see if you can get it. Unless you're really into computer hardware hacking and can create a keyboard simulator to send your passwords brute-force style at wire speed, you'll have to enter each password manually. It's slow, but it can work, especially given the fact that most passwords are trivial.

There are a couple of other published tricks for getting around BIOS passwords on Toshiba and IBM Aptiva computers. If you have a Toshiba system, hold down the left shift key during boot. If you have an IBM Aptiva, the trick is to press both mouse buttons in quick succession during boot. You can also hold down one ore more keys on your keyboard during boot to try and overload your keyboard buffer. Odds are you'll just end up getting a lot of angry beeps back from your computer, but it's worth a try. You can also take a crack at repeatedly hitting the F1, F2, F10, F11, F12 or ESC key as well.

Fiddle with the hardware

For starters, the tried and true method of resetting BIOS passwords on desktops and servers (i.e., not laptops) is to unplug the battery from the real-time clock. Refer to your owner's manual or vendor Web site for specific information on how to do this. A previous tip, How to Bypass BIOS Passwords, and an article about contacting third-party companies, have links to various manufacturers that may help. Otherwise, contact your computer vendor directly.

Some computers have a password reset jumper or dip switch that you can use to reset BIOS passwords. You must locate this reset point on the motherboard and then, usually, you'll have to power up the computer once or twice with the jumper or dip switch set in the proper position for the reset to occur.

Another trick you can try in order to get into your BIOS without a password is to make a hardware change, such as removing a memory chip or disconnecting a hard drive. Also, you may want to try disconnecting the keyboard before powering on to see how the computer responds. If it boots into the BIOS setup, you can then plug the keyboard back in and you should be able to start typing (and resetting the password).

With laptops, BIOS passwords are stored in a non-volatile security chip, which means you won't be able to simply unplug the battery to reset it. And, if none of the previous methods works, your best bet with laptops is to call on a company such as Password Crackers Inc., which offers replacement chips that allow you to bypass your BIOS password altogether on boot. This requires soldering and other technical work that may be best left up to your local computer repair shop.

If you are able to replace your security chip but then reach a point where you cannot continue booting and accessing your hard drive, your drive is likely password protected with (hopefully) the same BIOS password. In this case, you can send in your laptop security chip to Password Crackers and they can recover the password for you. You could also set up your own memory chip reader/programmer and do this yourself. I don't recommend it, but if you're adamant about tinkering with and programming your own memory chips, the program notes file (cmospwd.txt) for the CmosPwd program outlines where these passwords are stored on the memory chips of various late-model laptops.

I've seen situations where people assume they need a BIOS password to boot a computer. In fact, you may see a flashing cursor or hear a few beeps right after you turn the power on that makes you think the computer is prompting you for a power-on password. In fact, quite the opposite may be taking place.

Your computer may be experiencing a hardware failure. It could be bad memory installed, the wrong memory installed, motherboard problems, video card failure -- you name it. Usually, you can find out what the beeps mean at your BIOS or motherboard manufacturer's Web site, the owner's manual that came with your computer or at computer hardware sites such as BIOS Central. If you're not comfortable going down this path and opening up your computer to remove/swap/replace hardware, then, again, hire an expert to take a look-see and find the problem.

Crack them with software

If your computer won't boot because of a power-on password, and you've tried the previous recommendations, there's not a whole lot else you can do other than call a local computer shop technician to get his take on it.

However, if you have a BIOS setup password that needs to be reset, you can try using one of the free BIOS hacking programs; it may be able to get you in. It is very risky, though, so go into it with your eyes wide open and know that BIOS corruption and/or damage may very likely occur. You can run a tool such as WipeCMOS,
, CmosPwd and this tool for IBM ThinkPads. Those programs can read and write your BIOS information, including passwords and hardware configuration information, and potentially allow you to get in. The problem with this method is that some tools will reset everything, and you may not be able to configure your BIOS back to the point it needs to be for your motherboard and other chipsets to work. Again, read all the documentation with any tool you use and proceed with caution!

For Toshiba laptops, there's a parallel port or USB-based "key" you can purchase from Password Crackers that allows you to reset the existing BIOS password. You can also create your own makeshift key disk with a simple floppy and hex editor as outlined on Elf Qrin's Web site, How to Bypass BIOS Passwords.

If all else fails, you may be able to use DOS debug program running from a bootable floppy or CD to manipulate your BIOS directly as outlined here. Again, this is dangerous stuff, so go forward knowing that your computer might end up worse off than it was before you started tinkering with it.

If you're into learning more about the computer BIOS, check out and the book that helped me through many computer engineering courses in college way back when: Hans-Peter Messmer's The Indispensable PC Hardware Book.

Managing the BIOS password

Once you've guessed, cracked or somehow reset your BIOS password, it's time to think about handling things differently in the future. For starters, consider adding your own BIOS passwords yourself. I've always recommended at least protecting the BIOS configuration with a password. Sure, if it's easy to guess or accessible via a backdoor default, that can defeat the purpose. But, if anything, it can keep your non-technical users from going in and making configuration changes to their systems, locking you out and preventing administrative headaches down the road.

You could also consider adding power-on passwords to critical systems such as servers and laptops. It could be argued that every system is critical if it provides network access or contains sensitive information. (I haven't come across a computer that doesn't meet at least one of these criteria.) This could certainly add some administrative overhead, especially for remote users and servers stored in unmanaged offices or data centers that have to be rebooted occasionally. As I've shown here, adding BIOS passwords is not a foolproof measure, and they may just cause more trouble than they're worth, so proceed with caution. BIOS passwords do offer another layer of security that can buy you time or force an amateur hacker to give up.

Top! Top!