Phyisical and hardware

If you have physical access to the device, check this out.

BIOS Bypass

Try these to bypass BIOS password:

- Remove battery of motherboard and wait 1-60m (depends on model)
- Find motherboard model, find CMOS reset pins, shortcircuit
- LIVE USB BOOT? CmosPWD (chance to recover password which is always a + )

RAM Dump

Long story short. Depending on the motherboard, software, blablabla. Data might still be recoverable from RAM for a brief amount of time, usually anywhere between 1 to 2 minutes. The colder it is, the longer the data will stay in memory. Usually, you'd grab those pressurized air can (the one to clean your electronics) and just blow it ALL on the RAM, it will get cold but not as cold as my ex. HA. You can then try to run a LIVE USB OS and dump the whole RAM. Pick the lightest OS to save RAM of course

Windows Login Bypass

You can use kon-boot (only on local environments), but it's not free. It really is situational, because if you have more time you can think of something better that will probably cost nothing or less. https://kon-boot.com/ 

Boot live USB
Mount Windows partition
backup oks.exe oks.bak
copy cmd.exe onto oks.exe
Exit
Boot into windows
Open on-screen keyboard
Enjoy your SYSTEM

So yeah, just reset the password, create an account, download pornhub, do your thing chicken wing.

Sticky Keys

Replace any of these binaries with cmd or any binaries and it will get executed as SYSTEM.

  • SETHC: sethc.exe is invoked when SHIFT is pressed 5 times

  • UTILMAN: Utilman.exe is invoked by pressing WINDOWS+U

  • OSK: osk.exe is invoked by pressing WINDOWS+U, then launching the on-screen keyboard

  • DISP: DisplaySwitch.exe is invoked by pressing WINDOWS+P

Full Screen Escape

If you are stuck on a GUI (school, library, police station, etc)

PreviousKill ChainNextFull Screen Escape

Last updated