# Phyisical and hardware

## BIOS Bypass

Try these to bypass BIOS password:

```
- Remove battery of motherboard and wait 1-60m (depends on model)
- Find motherboard model, find CMOS reset pins, shortcircuit
- LIVE USB BOOT? CmosPWD (chance to recover password which is always a + )
```

## RAM **Dump**

Long story short. Depending on the motherboard, software, blablabla. **Data might still** **be** **recoverable** from RAM for a brief amount of time, usually anywhere between **1 to 2 minutes**. The colder it is, the longer the data will stay in memory. Usually, you'd grab those pressurized air can (the one to clean your electronics) and just blow it ALL on the RAM, it will get cold but not as cold as my ex. HA. You can then try to run a LIVE USB OS and dump the whole RAM. **Pick the lightest OS to save RAM of course**

## Windows Login Bypass

You can use kon-boot (only on local environments), but it's not free. It **really** is situational, because if you have more time you can think of something better that will probably cost nothing or less. <https://kon-boot.com/><br>

```
Boot live USB
Mount Windows partition
backup oks.exe oks.bak
copy cmd.exe onto oks.exe
Exit
Boot into windows
Open on-screen keyboard
Enjoy your SYSTEM
```

&#x20;So yeah, just reset the password, create an account, download pornhub, do your thing chicken wing.

## Sticky Keys

Replace any of these binaries with cmd or any binaries and it will get executed as SYSTEM.

* **SETHC:** *sethc.exe* is invoked when SHIFT is pressed 5 times
* **UTILMAN:** *Utilman.exe* is invoked by pressing WINDOWS+U
* **OSK:** *osk.exe* is invoked by pressing WINDOWS+U, then launching the on-screen keyboard
* **DISP:** *DisplaySwitch.exe* is invoked by pressing WINDOWS+P

## [Full Screen Escape](https://book.turbosec.net/hacking-methodologies/layer-0-phyisical-and-hardware/full-screen-escape)

If you are stuck on a GUI (school, library, police station, etc)\ <br>