30 June 2009 | 134,715 views

Kon-Boot – Reset Windows & Linux Passwords

Check For Vulnerabilities with Acunetix

Kon-Boot is an prototype piece of software which allows to change contents of a Linux kernel (and now Windows kernel also!!!) on the fly (while booting).

In the current compilation state it allows to log into a Linux system as ’root’ user without typing the correct password or to elevate privileges from current user to root. For Windows systems it allows to enter any password protected profile without any knowledge of the password.

It was mainly created for Ubuntu, later the author has made a few add-ons to cover some other Linux distributions.

Entire Kon-Boot was written in pure x86 assembly, using old grandpa-geezer TASM 4.0.

Latest Updates – Kon-Boot for Windows

Kon-Boot was moved to Windows platforms. So now it provides support for Microsoft Windows systems and also the Linux systems listed below. Kon-Boot for Windows enables logging in to any password protected machine profile without without any knowledge of the password. This tool changes the contents of Windows kernel while booting, everything is done virtually – without any interferences with physical system changes. So far following systems were tested to work correctly with Kon-Boot:

  • Windows Server 2008 Standard SP2 (v.275)
  • Windows Vista Business SP0
  • Windows Vista Ultimate SP1
  • Windows Vista Ultimate SP0
  • Windows Server 2003 Enterprise
  • Windows XP
  • Windows XP SP1
  • Windows XP SP2
  • Windows XP SP3
  • Windows 7

No special usage instructions are required for Windows users, just boot from Kon-Boot CD/Floppy, select your profile and put any password you want. You lost your password? Now it doesnt matter at all.

It has been tested with the following Linux distributions:

  • Gentoo 2.6.24-gentoo-r5 GRUB 0.97
  • Ubuntu 2.6.24.3-debug GRUB 0.97
  • Debian 2.6.18-6-6861 GRUB 0.97
  • Fedora 2.6.25.9-76.fc9.i6862 GRUB 0.97

You can download Kon-Boot here:

Floppy Image – FD0-konboot-v1.1-2in1.zip
CD ISO Image – CD-konboot-v1.1-2in1.zip

Or read more here.



Recent in Linux Hacking:
- Azazel – Userland Anti-debugging & Anti-detection Rootkit
- Linux.Darlloz Worm Targets x86 Linux PCs & Embedded Devices
- MySQL 1 Liner Hack Gives Root Access Without Password

Related Posts:
- Katana v2 (y0jimb0) – Portable Multi-Boot Security Suite
- Trinity Rescue Kit – Free Recovery and Repair for Windows
- Katana v1 (Kyuzo) – Portable Multi-Boot Security Suite

Most Read in Linux Hacking:
- Kon-Boot – Reset Windows & Linux Passwords - 134,715 views
- Russix – LiveCD Linux Distro for Wireless Penetration Testing & WEP Cracking - 124,594 views
- BackTrack v2.0 – Hackers LiveCD Finally Released - 100,457 views

Low-cost VPS Hosting

17 Responses to “Kon-Boot – Reset Windows & Linux Passwords”

  1. Flight of Fancy 30 June 2009 at 12:32 pm Permalink

    So could this work for disk encryption software too?

    You’d need to know where in memory to patch the password hash or bypass the password checking routine – does disk encryption protect against this?

  2. Andrew 30 June 2009 at 4:30 pm Permalink

    No, this would not work against encryption software. Decryption requires the user’s key, so patching code won’t help if you don’t have that key.

  3. james 30 June 2009 at 5:05 pm Permalink

    This also doesn’t work if there is another network auth structure in place, like Novell.

  4. JibbaJabber 30 June 2009 at 7:02 pm Permalink

    This also doesn’t work on newer laptops with scsi drives or set up in a raid array… no disk will be detected, so no go on ALL computers, but most :P

  5. Trev 30 June 2009 at 8:58 pm Permalink

    I’ve attempted to boot the 2 in 1 cd against a simple Windows XP virtual machine (Fusion on current OS X). It boots and does some sloppy old fashion screen art, but fails to deliver as advertised.

    I assume I have now compromised my virtual machine. – but that was the whole point of using a VM, right? :)

    Anybody have success with the tool?

  6. Trev 30 June 2009 at 9:14 pm Permalink

    Same results with Ubuntu 8.10. Real live machine, not a virtual.

    The idea is uber cool, but Santa Clause is a pretty sweet concept too.

    Perhaps the elevation technique works. Somebody please correct me and tell me what I’m missing here. Extremely suspect in my book.

  7. d347hm4n 1 July 2009 at 12:33 pm Permalink

    I have used this tool to compromise several live machines.

    Windows machines Vista SP2 and XP SP3. Won’t break accounts in the domain, but it will break into local accounts.

    I.e. Local admin and user accounts.

    Guide:

    Ensure boot priority is set to boot from cdrom, then hard disk.

    Reboot machine and insert disk.

    Screen art will roll on screen, press anykey to skip.

    The computer will then continue booting of any device with a boot record.

    Once O.S. has finished loading, type username of account you want to enter and click on the OK button with out typing a password.

    You will log straight in.

    I have only tried this on Laptops and Desktop machines, I haven’t tried it against VM Machines.

  8. konboot 3 July 2009 at 4:20 pm Permalink

    chk out this video demo showing Windows XP pwning using konboot – http://www.youtube.com/watch?v=cT-mX-Szmk4

  9. Vinoth 15 July 2009 at 3:50 pm Permalink

    I use Hiren’s all-in-one boot cd for Xp password. This one is awesome I have to give it a try since it cracks both xp and linux passwords

  10. Mongolish 27 July 2009 at 2:51 am Permalink

    i had a computer that i lost the password for about 1 year ago
    found this program and 20 mins later i have 1 more computer

    thanks alot,
    mongolish

  11. kambing 28 July 2009 at 4:40 pm Permalink

    Tried using VMWare Server, running WinXP on SCSI virtual hdd… i worked perfectly….

    good tool.. well done

  12. MiTePython 29 July 2009 at 2:23 pm Permalink

    This does in fact work with the Novell client installed. Obviously you would have to check workstation only, and under windows tab select the local machine… but it has been tested by me multiple times without fail

  13. shaggy85 14 August 2009 at 7:58 pm Permalink

    im having the same proble i get a quick flash of some kind of image i can barely make out befor it goes away then just a blank screen does this work on a computer with both linux and windows side by side and i could only get the iso to burn with ubuntus disk burner but not in windows my laptop is fairly new though so that may be the problem any input would be great

  14. Junaid 18 August 2009 at 6:51 pm Permalink

    Hello

    I downloaded the CD-konboot-v1.1-2in1.zip but iso image is not opening in magiciso even i burned a iso in dvd but not showing anything in dvd as well.. please help me

  15. shaggy85 19 August 2009 at 7:49 am Permalink

    Junaid i had the same problem with power iso try using brasero disc burner if your using linux or nero if your using windows.

  16. Xriva 20 August 2009 at 10:02 pm Permalink

    Burned CD.
    It worked one laptop, but wouldn’t work on any Multiboot machine that had the GRUB menu.
    This happen to anyone else?
    -Xriva

  17. adlerweb 26 August 2009 at 9:35 pm Permalink

    @Xriva: Have a look at the podcast “hak5″, they are currently working on that.

    Here a first workarround they found:

    title Kon-Boot-test
    map –mem /FD0-konboot-v1.1-2in1.img (fd0)
    map –hook
    chainloader (fd0)+1
    map (hd1) (hd0)
    map –hook
    rootnoverify (fd0)