Kon-Boot – Reset Windows & Linux Passwords

Cybertroopers storming your ship?


Kon-Boot is an prototype piece of software which allows to change contents of a Linux kernel (and now Windows kernel also!!!) on the fly (while booting).

In the current compilation state it allows to log into a Linux system as ’root’ user without typing the correct password or to elevate privileges from current user to root. For Windows systems it allows to enter any password protected profile without any knowledge of the password.

It was mainly created for Ubuntu, later the author has made a few add-ons to cover some other Linux distributions.

Entire Kon-Boot was written in pure x86 assembly, using old grandpa-geezer TASM 4.0.

Latest Updates – Kon-Boot for Windows

Kon-Boot was moved to Windows platforms. So now it provides support for Microsoft Windows systems and also the Linux systems listed below. Kon-Boot for Windows enables logging in to any password protected machine profile without without any knowledge of the password. This tool changes the contents of Windows kernel while booting, everything is done virtually – without any interferences with physical system changes. So far following systems were tested to work correctly with Kon-Boot:

  • Windows Server 2008 Standard SP2 (v.275)
  • Windows Vista Business SP0
  • Windows Vista Ultimate SP1
  • Windows Vista Ultimate SP0
  • Windows Server 2003 Enterprise
  • Windows XP
  • Windows XP SP1
  • Windows XP SP2
  • Windows XP SP3
  • Windows 7

No special usage instructions are required for Windows users, just boot from Kon-Boot CD/Floppy, select your profile and put any password you want. You lost your password? Now it doesnt matter at all.

It has been tested with the following Linux distributions:

  • Gentoo 2.6.24-gentoo-r5 GRUB 0.97
  • Ubuntu 2.6.24.3-debug GRUB 0.97
  • Debian 2.6.18-6-6861 GRUB 0.97
  • Fedora 2.6.25.9-76.fc9.i6862 GRUB 0.97

You can download Kon-Boot here:

Floppy Image – FD0-konboot-v1.1-2in1.zip
CD ISO Image – CD-konboot-v1.1-2in1.zip

Or read more here.


Posted in: Linux Hacking, Password Cracking, Windows Hacking

, , , , , , , , , , , ,

Recent in Linux Hacking:
- The Linux glibc Exploit – What You Need To Know
- LaZagne – Password Recovery Tool For Windows & Linux
- LSAT – Linux Security Auditing Tool

Related Posts:

Most Read in Linux Hacking:
- Kon-Boot – Reset Windows & Linux Passwords - 139,660 views
- Russix – LiveCD Linux Distro for Wireless Penetration Testing & WEP Cracking - 126,568 views
- BackTrack v2.0 – Hackers LiveCD Finally Released - 101,133 views

Malwarebytes Anti-Exploit Premium | 1 Year 1 PC for $24.95


17 Responses to Kon-Boot – Reset Windows & Linux Passwords

  1. Flight of Fancy June 30, 2009 at 12:32 pm #

    So could this work for disk encryption software too?

    You’d need to know where in memory to patch the password hash or bypass the password checking routine – does disk encryption protect against this?

  2. Andrew June 30, 2009 at 4:30 pm #

    No, this would not work against encryption software. Decryption requires the user’s key, so patching code won’t help if you don’t have that key.

  3. james June 30, 2009 at 5:05 pm #

    This also doesn’t work if there is another network auth structure in place, like Novell.

  4. JibbaJabber June 30, 2009 at 7:02 pm #

    This also doesn’t work on newer laptops with scsi drives or set up in a raid array… no disk will be detected, so no go on ALL computers, but most :P

  5. Trev June 30, 2009 at 8:58 pm #

    I’ve attempted to boot the 2 in 1 cd against a simple Windows XP virtual machine (Fusion on current OS X). It boots and does some sloppy old fashion screen art, but fails to deliver as advertised.

    I assume I have now compromised my virtual machine. – but that was the whole point of using a VM, right? :)

    Anybody have success with the tool?

  6. Trev June 30, 2009 at 9:14 pm #

    Same results with Ubuntu 8.10. Real live machine, not a virtual.

    The idea is uber cool, but Santa Clause is a pretty sweet concept too.

    Perhaps the elevation technique works. Somebody please correct me and tell me what I’m missing here. Extremely suspect in my book.

  7. d347hm4n July 1, 2009 at 12:33 pm #

    I have used this tool to compromise several live machines.

    Windows machines Vista SP2 and XP SP3. Won’t break accounts in the domain, but it will break into local accounts.

    I.e. Local admin and user accounts.

    Guide:

    Ensure boot priority is set to boot from cdrom, then hard disk.

    Reboot machine and insert disk.

    Screen art will roll on screen, press anykey to skip.

    The computer will then continue booting of any device with a boot record.

    Once O.S. has finished loading, type username of account you want to enter and click on the OK button with out typing a password.

    You will log straight in.

    I have only tried this on Laptops and Desktop machines, I haven’t tried it against VM Machines.

  8. konboot July 3, 2009 at 4:20 pm #

    chk out this video demo showing Windows XP pwning using konboot – http://www.youtube.com/watch?v=cT-mX-Szmk4

  9. Vinoth July 15, 2009 at 3:50 pm #

    I use Hiren’s all-in-one boot cd for Xp password. This one is awesome I have to give it a try since it cracks both xp and linux passwords

  10. Mongolish July 27, 2009 at 2:51 am #

    i had a computer that i lost the password for about 1 year ago
    found this program and 20 mins later i have 1 more computer

    thanks alot,
    mongolish

  11. kambing July 28, 2009 at 4:40 pm #

    Tried using VMWare Server, running WinXP on SCSI virtual hdd… i worked perfectly….

    good tool.. well done

  12. MiTePython July 29, 2009 at 2:23 pm #

    This does in fact work with the Novell client installed. Obviously you would have to check workstation only, and under windows tab select the local machine… but it has been tested by me multiple times without fail

  13. shaggy85 August 14, 2009 at 7:58 pm #

    im having the same proble i get a quick flash of some kind of image i can barely make out befor it goes away then just a blank screen does this work on a computer with both linux and windows side by side and i could only get the iso to burn with ubuntus disk burner but not in windows my laptop is fairly new though so that may be the problem any input would be great

  14. Junaid August 18, 2009 at 6:51 pm #

    Hello

    I downloaded the CD-konboot-v1.1-2in1.zip but iso image is not opening in magiciso even i burned a iso in dvd but not showing anything in dvd as well.. please help me

  15. shaggy85 August 19, 2009 at 7:49 am #

    Junaid i had the same problem with power iso try using brasero disc burner if your using linux or nero if your using windows.

  16. Xriva August 20, 2009 at 10:02 pm #

    Burned CD.
    It worked one laptop, but wouldn’t work on any Multiboot machine that had the GRUB menu.
    This happen to anyone else?
    -Xriva

  17. adlerweb August 26, 2009 at 9:35 pm #

    @Xriva: Have a look at the podcast “hak5”, they are currently working on that.

    Here a first workarround they found:

    title Kon-Boot-test
    map –mem /FD0-konboot-v1.1-2in1.img (fd0)
    map –hook
    chainloader (fd0)+1
    map (hd1) (hd0)
    map –hook
    rootnoverify (fd0)