Kon-Boot is an prototype piece of software which allows to change contents of a Linux kernel (and now Windows kernel also!!!) on the fly (while booting).
In the current compilation state it allows to log into a Linux system as ’root’ user without typing the correct password or to elevate privileges from current user to root. For Windows systems it allows to enter any password protected profile without any knowledge of the password.
It was mainly created for Ubuntu, later the author has made a few add-ons to cover some other Linux distributions.
Entire Kon-Boot was written in pure x86 assembly, using old grandpa-geezer TASM 4.0.
Latest Updates – Kon-Boot for Windows
Kon-Boot was moved to Windows platforms. So now it provides support for Microsoft Windows systems and also the Linux systems listed below. Kon-Boot for Windows enables logging in to any password protected machine profile without without any knowledge of the password. This tool changes the contents of Windows kernel while booting, everything is done virtually – without any interferences with physical system changes. So far following systems were tested to work correctly with Kon-Boot:
- Windows Server 2008 Standard SP2 (v.275)
- Windows Vista Business SP0
- Windows Vista Ultimate SP1
- Windows Vista Ultimate SP0
- Windows Server 2003 Enterprise
- Windows XP
- Windows XP SP1
- Windows XP SP2
- Windows XP SP3
- Windows 7
No special usage instructions are required for Windows users, just boot from Kon-Boot CD/Floppy, select your profile and put any password you want. You lost your password? Now it doesnt matter at all.
It has been tested with the following Linux distributions:
- Gentoo 2.6.24-gentoo-r5 GRUB 0.97
- Ubuntu 2.6.24.3-debug GRUB 0.97
- Debian 2.6.18-6-6861 GRUB 0.97
- Fedora 2.6.25.9-76.fc9.i6862 GRUB 0.97
You can download Kon-Boot here:
Floppy Image – FD0-konboot-v1.1-2in1.zip
CD ISO Image – CD-konboot-v1.1-2in1.zip
Or read more here.
Subscribe to Darknet RSS Feed Stored in: Linux Hacking, Password Cracking, Windows Hacking
Related Posts:
- Trinity Rescue Kit – Free Recovery and Repair for Windows
- Katana v1 (Kyuzo) – Portable Multi-Boot Security Suite
- Stoned Bootkit – Windows XP, 2003, Vista, 7 MBR Rootkit
- VBootkit Bypasses Vista’s Digital Code Signing
- Appledoz
- ObiWaN – Web Server Brute Forcing from Phenoelit
| 20,390 views |
So could this work for disk encryption software too?
You’d need to know where in memory to patch the password hash or bypass the password checking routine – does disk encryption protect against this?
No, this would not work against encryption software. Decryption requires the user’s key, so patching code won’t help if you don’t have that key.
This also doesn’t work if there is another network auth structure in place, like Novell.
This also doesn’t work on newer laptops with scsi drives or set up in a raid array… no disk will be detected, so no go on ALL computers, but most
I’ve attempted to boot the 2 in 1 cd against a simple Windows XP virtual machine (Fusion on current OS X). It boots and does some sloppy old fashion screen art, but fails to deliver as advertised.
I assume I have now compromised my virtual machine. – but that was the whole point of using a VM, right?
Anybody have success with the tool?
Same results with Ubuntu 8.10. Real live machine, not a virtual.
The idea is uber cool, but Santa Clause is a pretty sweet concept too.
Perhaps the elevation technique works. Somebody please correct me and tell me what I’m missing here. Extremely suspect in my book.
I have used this tool to compromise several live machines.
Windows machines Vista SP2 and XP SP3. Won’t break accounts in the domain, but it will break into local accounts.
I.e. Local admin and user accounts.
Guide:
Ensure boot priority is set to boot from cdrom, then hard disk.
Reboot machine and insert disk.
Screen art will roll on screen, press anykey to skip.
The computer will then continue booting of any device with a boot record.
Once O.S. has finished loading, type username of account you want to enter and click on the OK button with out typing a password.
You will log straight in.
I have only tried this on Laptops and Desktop machines, I haven’t tried it against VM Machines.
chk out this video demo showing Windows XP pwning using konboot – http://www.youtube.com/watch?v=cT-mX-Szmk4
I use Hiren’s all-in-one boot cd for Xp password. This one is awesome I have to give it a try since it cracks both xp and linux passwords
i had a computer that i lost the password for about 1 year ago
found this program and 20 mins later i have 1 more computer
thanks alot,
mongolish
Tried using VMWare Server, running WinXP on SCSI virtual hdd… i worked perfectly….
good tool.. well done
This does in fact work with the Novell client installed. Obviously you would have to check workstation only, and under windows tab select the local machine… but it has been tested by me multiple times without fail
im having the same proble i get a quick flash of some kind of image i can barely make out befor it goes away then just a blank screen does this work on a computer with both linux and windows side by side and i could only get the iso to burn with ubuntus disk burner but not in windows my laptop is fairly new though so that may be the problem any input would be great
Hello
I downloaded the CD-konboot-v1.1-2in1.zip but iso image is not opening in magiciso even i burned a iso in dvd but not showing anything in dvd as well.. please help me
Junaid i had the same problem with power iso try using brasero disc burner if your using linux or nero if your using windows.
Burned CD.
It worked one laptop, but wouldn’t work on any Multiboot machine that had the GRUB menu.
This happen to anyone else?
-Xriva
@Xriva: Have a look at the podcast “hak5″, they are currently working on that.
Here a first workarround they found:
title Kon-Boot-test
map –mem /FD0-konboot-v1.1-2in1.img (fd0)
map –hook
chainloader (fd0)+1
map (hd1) (hd0)
map –hook
rootnoverify (fd0)