Kon-Boot
Kon-Boot is an prototype piece of software which allows to change contents of a linux kernel (and now Windows kernel also!!!) on the fly (while booting). In the current compilation state it allows to log into a linux system as ‘root’ user without typing the correct password or to elevate privileges from current user to root. For Windows systems it allows to enter any password protected profile without any knowledge of the password. It was acctually started as silly project of mine, which was born from my never-ending memory problems
Secondly it was mainly created for Ubuntu, later i have made few add-ons to cover some other linux distributions. Finally, please consider this is my first linux project so far
So basically, Kon-Boot enables you to log into any Windows or Linux password protected computer without knowing the password or anything about it.
The tech behind it? Kon-Boot basically latches onto parts of the memory and starts patching parts of the kernel (the Brain!), mainly the parts that have to do with the log-on auth and security. These patches let you logon without a password. Then, the bootkit does it so quickly that it leaves no footprints behind after you leave.
DUDE!
To do this:
Go to the website above and download Kon-Boot, open the zip file, and burn the .iso to a disc. I use ImgBurner because it is fast, easy, and FREE.
Shut down the computer you intend to get on to. When booting up, if it isn’t already set to boot from CD (or flashdrive, or whatever Kon-Boot is on), go into the BIOS and set it. You should see the Kon-Boot splash screen for a few seconds, then the username/password screen will appear with the main username already set if they have it saved. If not you need to know the username ahead of time. Press enter or type in some random characters (it doesn’t really matter) and press enter. You’re in!
Now party, snoop around, and get that file you wanted. Get your flashdrive or CD out, then shut the computer back off like usual.
Protecting yourself:
Password protect your BIOS!
True Crypt your entire harddrive!
June 15 2009 04:44 pm | Podcasts and e-life and technology
June 15th, 2009 at 4:48 pm
That’s pretty cool.
June 15th, 2009 at 5:30 pm
This should be a fun trick for the next LAN.
June 16th, 2009 at 11:47 am
Great find! This totally works! However, following the guide @ http://tinyurl.com/nq63ae to make Kon Boot load from a usb thumb drive via UNetbootin didn’t work so well. It successfully boots Kon, but then dumps you right back into the UNetbootin boot loader
.. but at least the CD ISO works great! 
June 16th, 2009 at 12:33 pm
Well, if i have an oppotunity to insert an CD/Flashdrive into a system (aka direct physical access) it should not be a problem to reset the BIOS and bypass this password… Maybe you should just immure your pc
June 17th, 2009 at 1:13 am
Tim Ashley uRn00b
get the floppy version of kon-boot and use unetbootin to smack in on a usb stick.. boot up and wait 10 sec (or press enter right away) then when you get to the screen of kon-boot hit enter once more, and tata youre at the login screen. hit enter and youre in
June 17th, 2009 at 11:03 am
This is a great tool but will it also work to circumvent a domain user password?
June 23rd, 2009 at 11:56 pm
So the way you would do a domain user is through cached credentials. If that user had logged in (I believe the last 10 users are remembered). You disconnect the box, reboot with Kon-Boot, and attempt to login. It should (haven’t tested it my self) attempt to talk to the domain, fail, use cached credentials, triggering the kernel alteration Kon-Boot made, and pass you into the login process. Let us know how it goes.
July 14th, 2009 at 7:18 pm
Has anyone vetted the code to make sure this isn’t installing a trojan or rootkit on the system? One always has to be leary of “free” goodies that do way cool things…
November 18th, 2009 at 6:30 am
I tried the domain trick you mentioned and I could not get it to work.
I pulled the patch cable, rebooted with Kon-Boot and used a user name that had had its local files stored on the machine.
it tries, but it says i cannot connect to the domain, even trying to get into local does not work from there :/
another thing, Kon-Boot does not work on Updated Windows 7 as of this post, but vista > and it works like a charm.
January 29th, 2010 at 7:06 am
Good blog. I got a lot of great info. I’ve been following this technology for awhile. It’s interesting how it keeps changing, yet some of the core factors stay the same. Have you seen much change since Google made their most recent acquisition in the domain?