Jump to content

Kon-Boot

From Wikipedia, the free encyclopedia
Kon-Boot
Developer(s)Piotr Bania
Initial releaseJuly 15, 2008; 16 years ago (2008-07-15)
Stable release
4.7 / August 20, 2024; 3 months ago (2024-08-20)
Operating systemWindows and macOS systems
Websitewww.piotrbania.com/all/kon-boot/

Kon-Boot (aka konboot, kon boot) is a software utility that allows users to bypass Microsoft Windows passwords and Apple macOS passwords (Linux support has been deprecated) without lasting or persistent changes to system on which it is executed. It is also the first reported tool capable of bypassing Windows 10 online (live) passwords and supporting both Windows and macOS systems.[1] It is also a widely used tool in computer security, especially in penetration testing.[2][3][4] Since version 3.5 Kon-Boot is also able to bypass SecureBoot feature.[5]

Kon-Boot booting from USB

History

[edit]

Kon-Boot was originally designed as a proof of concept, freeware security tool, mostly for people who tend to forget their passwords. The main idea was to allow users to login to the target computer without knowing the correct password and without making any persistent changes to system on which it is executed.

First Kon-Boot release was announced in 2008 on DailyDave mailing list.[6] Version 1.0 (freeware) allowed users to login into Linux based operating systems and to bypass the authentication process (allowing access to the system without knowing the password).

In 2009 author of this software announced Kon-Boot for Linux and 32-bit Microsoft Windows systems.[7] This release provided additional support for bypassing Windows systems passwords on any Windows operating system starting from Windows Server 2008 to Windows 7. This version is still available as freeware[8]

Newest Kon-Boot releases are available only as commercial products[1][9] and are still maintained.

Current version is able to bypass passwords on the following operating systems:

Supported Microsoft Windows operating systems[10]
Microsoft Windows XP
Microsoft Windows Vista Home Basic 32Bit/64Bit
Microsoft Windows Vista Home Premium 32Bit/64Bit    
Microsoft Windows Vista Business 32Bit/64Bit    
Microsoft Windows Vista Enterprise 32Bit/64Bit    
Microsoft Windows Server 2003 Standard 32Bit/64Bit    
Microsoft Windows Server 2003 Datacenter 32Bit/64Bit    
Microsoft Windows Server 2003 Enterprise 32Bit/64Bit    
Microsoft Windows Server 2003 Web Edition 32Bit/64Bit    
Microsoft Windows Server 2008 Standard 32Bit/64Bit    
Microsoft Windows Server 2008 Datacenter 32Bit/64Bit    
Microsoft Windows Server 2008 Enterprise 32Bit/64Bit    
Microsoft Windows 7 Home Premium 32Bit/64Bit    
Microsoft Windows 7 Professional 32Bit/64Bit    
Microsoft Windows 7 Ultimate 32Bit/64Bit    
Microsoft Windows 8 and 8.1 all versions (32Bit/64Bit—includes live/online password bypass)
Microsoft Windows 10 all versions (32Bit/64Bit—includes live/online password bypass)
Microsoft Windows 11 all versions (64Bit, UEFI - Windows 11 installation requirements)
Supported Apple macOS / OS X operating systems[11]
Apple OS X 10.6
Apple OS X 10.7
Apple OS X 10.8
Apple OS X 10.9
Apple OS X 10.10
Apple OS X 10.11
Apple macOS Sierra (10.12)
Apple macOS High Sierra (10.13)
Apple macOS Mojave (10.14)
Apple macOS Catalina (10.15)
Apple macOS Big Sur (11)
Apple macOS Monterey (12)[12]
Apple macOS Ventura (13)
Apple macOS Sonoma (14)

Technology

[edit]

Kon-Boot works like a bootkit[13][14] (thus it also often creates false positive[15][16][17] alerts in antivirus software). It injects (hides) itself into BIOS memory. Kon-Boot modifies the kernel code on the fly (runtime), temporarily changing the code responsible for verification user's authorization data while the operating system loads.

In contrast to password reset tools like CHNTPW (The Offline NT Password Editor), Kon-Boot does not modify system files and SAM hive,[18] all changes are temporary and they disappear after system reboots.

Additional Features

[edit]

While by default Kon-Boot bypasses Windows passwords it also includes some additional features that are worth noting:

  • Kon-Boot can change Windows passwords due to embedded Sticky-Keys[19] feature. For example after successful Windows boot with Kon-Boot user can tap SHIFT key 5 times and Kon-Boot will open a Windows console window running with local system privileges. Fully working console can be used for a variety of purposes. For example in case of changing Windows password following command can be used:[20] net user [username] [newpassword](selected user can be later added as new Windows administrator by typing: net localgroup administrators [username] /add). Similarly following command:[21] net user [username] * will erase current Windows password for selected user. Obviously many other actions are available since the Windows console is running with system privileges.
  • Kon-Boot automatically executing Powershell script with system privileges
    Kon-Boot automatically executing PowerShell script with system privileges
    In the commercial Kon-Boot editions it is possible to use Automatic PowerShell Script Execution feature [22] which automatically executes (after Windows boot) given PowerShell script with full system privileges. This feature can be used to automatize various tasks for example performing forensics data gathering task etc. To use this feature Windows needs to be installed in UEFI mode.

Limitations (prevention)

[edit]

Users concerned about tools like Kon-Boot should use disk encryption[23] (FileVault, Bitlocker, Veracrypt etc.) software as Kon-Boot is not able to bypass disk encryption.[24] BIOS password and enabled SecureBoot[25][26] feature is also a good prevention measure. However Kon-Boot since version 3.5 is able to bypass SecureBoot feature.[27] Kon-Boot does not support virtualization and instructs users to turn it off in the bios.[28] Kon-Boot does not support ARM devices such as Apple's M1 chip.

References

[edit]
  1. ^ a b "Official Kon-Boot tool website (windows password and macos password bypass)". www.piotrbania.com. Retrieved 2019-07-26.
  2. ^ "Penetration Testing Stories: How I Stole an Energy Company". Rapid7 Blog. 2018-09-18. Retrieved 2019-11-22.
  3. ^ Varsalone, Jesse; McFadden, Matthew (2011-09-07). Defense against the Black Arts: How Hackers Do What They Do and How to Protect against It. CRC Press. ISBN 978-1-4398-2119-0.
  4. ^ Velu, Vijay Kumar; Beggs, Robert (2019-01-30). Mastering Kali Linux for Advanced Penetration Testing: Secure your network with Kali Linux 2019.1 – the ultimate white hat hackers' toolkit, 3rd Edition. Packt Publishing Ltd. ISBN 978-1-78934-061-7.
  5. ^ "Windows Guide - KON-BOOT GUIDE - Remedy for forgotten passwords (Windows and Mac)". kon-boot.com. Retrieved 2020-11-03.
  6. ^ "Dailydave: TOOL: Kon-Boot v.1.0 - booting-time ultimate linux hacking utility ; )". seclists.org. Retrieved 2019-07-26.
  7. ^ "Full Disclosure: KON-BOOT for Windows and Linux (Password Bypassing Utility for Forgetting Heads)". seclists.org. Retrieved 2019-07-26.
  8. ^ "[www.kon-boot.com] KON-BOOT - ULTIMATE WINDOWS/LINUX HACKING UTILITY :-)". www.piotrbania.com. Retrieved 2019-07-26.
  9. ^ "Kon-Boot - Best password tool for windows password, mac password, forgotten passwords, windows 10 password". kon-boot.com. Retrieved 2019-07-26.
  10. ^ "KON-BOOT GUIDE". kon-boot.com. Retrieved 2021-11-12.
  11. ^ "KON-BOOT GUIDE". kon-boot.com. Retrieved 2019-07-26.
  12. ^ "Developer Website". www.piotrbania.com. Retrieved 2021-11-12.
  13. ^ Moabi.com (2012-07-29). "[Defcon] Hardware backdooring is practical". {{cite journal}}: Cite journal requires |journal= (help)
  14. ^ "Computer Emergency Response Team - Industrie Services et Tertiaire". www.cert-ist.com. Retrieved 2019-08-22.
  15. ^ VirusTotal tackles the tricky false positives problem plaguing antivirus software
  16. ^ Rubenking, By Neil J. (April 15, 2015). "False Positives Sink Antivirus Ratings". PCMag. Retrieved 2019-08-26.
  17. ^ "False positives - What are they?". Panda Security Mediacenter. 2010-09-08. Retrieved 2019-11-22.
  18. ^ "Security Accounts Manager - TechNet Articles - United States (English) - TechNet Wiki". social.technet.microsoft.com. Retrieved 2019-10-01.
  19. ^ "In Windows, what are Sticky Keys, and how do I enable them?". kb.iu.edu. Retrieved 2021-06-24.
  20. ^ "Windows Guide - KON-BOOT GUIDE - Remedy for forgotten passwords (Windows and Mac)". kon-boot.com. Retrieved 2021-06-24.
  21. ^ M, John (2021-03-26). "How to Reset Your Forgotten Windows 10 Password". Solution to Windows and Mac password problems. Retrieved 2021-06-24.
  22. ^ "Windows Guide - KON-BOOT GUIDE - Remedy for forgotten passwords (Windows and Mac)". kon-boot.com. Retrieved 2021-06-24.
  23. ^ "What is Full-Disk Encryption? - Definition from Techopedia". Techopedia.com. Retrieved 2019-08-23.
  24. ^ "KON-BOOT GUIDE". kon-boot.com. Retrieved 2019-07-26.
  25. ^ What is UEFI Secure Boot, archived from the original on 2022-04-12, retrieved 2019-11-22
  26. ^ "Frequently Asked Questions about Secure Boot". Intel. Retrieved 2019-08-26.
  27. ^ "KON-BOOT OFFICIAL GUIDE - Remedy for forgotten passwords for Windows and Mac! Can't login? Use kon boot password software". kon-boot.com. Retrieved 2020-06-15.
  28. ^ "Bypass Windows password with Kon-Boot (GUIDE) - KON-BOOT GUIDE - Remedy for forgotten passwords (Windows and Mac)". kon-boot.com. Retrieved 2021-08-27.
[edit]