Kon-Boot

Kon-Boot
Developer(s)Piotr Bania
Initial releaseJuly 15, 2008; 16 years ago (2008-07-15)
Stable release
4.8 / February 4, 2025; 1 day ago (2025-02-04)
Operating systemWindows and macOS systems
Websitewww.piotrbania.com/all/kon-boot/

Kon-Boot (aka konboot, kon boot) is a software utility that allows users to bypass Microsoft Windows passwords and Apple macOS passwords (Linux support has been deprecated) without lasting or persistent changes to system on which it is executed. It is also the first reported tool capable of bypassing Windows 10 online (live) passwords and supporting both Windows and macOS systems.[1] It is also a widely used tool in computer security, especially in penetration testing.[2][3][4] Since version 3.5 Kon-Boot is also able to bypass SecureBoot feature.[5]

Kon-Boot booting from USB

History

Kon-Boot was originally designed as a proof of concept, freeware security tool, mostly for people who tend to forget their passwords. The main idea was to allow users to login to the target computer without knowing the correct password and without making any persistent changes to system on which it is executed.

First Kon-Boot release was announced in 2008 on DailyDave mailing list.[6] Version 1.0 (freeware) allowed users to login into Linux based operating systems and to bypass the authentication process (allowing access to the system without knowing the password).

In 2009 author of this software announced Kon-Boot for Linux and 32-bit Microsoft Windows systems.[7] This release provided additional support for bypassing Windows systems passwords on any Windows operating system starting from Windows Server 2008 to Windows 7. This version is still available as freeware[8]

Newest Kon-Boot releases are available only as commercial products[1][9] and are still maintained.

Current version is able to bypass passwords on the following operating systems:

Supported Microsoft Windows operating systems[10]
Microsoft Windows XP
Microsoft Windows Vista Home Basic 32Bit/64Bit
Microsoft Windows Vista Home Premium 32Bit/64Bit    
Microsoft Windows Vista Business 32Bit/64Bit    
Microsoft Windows Vista Enterprise 32Bit/64Bit    
Microsoft Windows Server 2003 Standard 32Bit/64Bit    
Microsoft Windows Server 2003 Datacenter 32Bit/64Bit    
Microsoft Windows Server 2003 Enterprise 32Bit/64Bit    
Microsoft Windows Server 2003 Web Edition 32Bit/64Bit    
Microsoft Windows Server 2008 Standard 32Bit/64Bit    
Microsoft Windows Server 2008 Datacenter 32Bit/64Bit    
Microsoft Windows Server 2008 Enterprise 32Bit/64Bit    
Microsoft Windows 7 Home Premium 32Bit/64Bit    
Microsoft Windows 7 Professional 32Bit/64Bit    
Microsoft Windows 7 Ultimate 32Bit/64Bit    
Microsoft Windows 8 and 8.1 all versions (32Bit/64Bit—includes live/online password bypass)
Microsoft Windows 10 all versions (32Bit/64Bit—includes live/online password bypass)
Microsoft Windows 11 all versions (64Bit, UEFI - Windows 11 installation requirements)
Supported Apple macOS / OS X operating systems[11]
Apple OS X 10.6
Apple OS X 10.7
Apple OS X 10.8
Apple OS X 10.9
Apple OS X 10.10
Apple OS X 10.11
Apple macOS Sierra (10.12)
Apple macOS High Sierra (10.13)
Apple macOS Mojave (10.14)
Apple macOS Catalina (10.15)
Apple macOS Big Sur (11)
Apple macOS Monterey (12)[12]
Apple macOS Ventura (13)
Apple macOS Sonoma (14)
Apple macOS Sequoia (15)

Technology

Kon-Boot works like a bootkit[13][14] (thus it also often creates false positive[15][16][17] alerts in antivirus software). It injects (hides) itself into BIOS memory. Kon-Boot modifies the kernel code on the fly (runtime), temporarily changing the code responsible for verification user's authorization data while the operating system loads.

In contrast to password reset tools like CHNTPW (The Offline NT Password Editor), Kon-Boot does not modify system files and SAM hive,[18] all changes are temporary and they disappear after system reboots.

Additional Features

While by default Kon-Boot bypasses Windows passwords it also includes some additional features that are worth noting:

  • Kon-Boot can change Windows passwords due to embedded Sticky-Keys[19] feature. For example after successful Windows boot with Kon-Boot user can tap SHIFT key 5 times and Kon-Boot will open a Windows console window running with local system privileges. Fully working console can be used for a variety of purposes. For example in case of changing Windows password following command can be used:[20] net user [username] [newpassword](selected user can be later added as new Windows administrator by typing: net localgroup administrators [username] /add). Similarly following command:[21] net user [username] * will erase current Windows password for selected user. Obviously many other actions are available since the Windows console is running with system privileges.
  • Kon-Boot automatically executing Powershell script with system privileges
    Kon-Boot automatically executing PowerShell script with system privileges
    In the commercial Kon-Boot editions it is possible to use Automatic PowerShell Script Execution feature [22] which automatically executes (after Windows boot) given PowerShell script with full system privileges. This feature can be used to automatize various tasks for example performing forensics data gathering task etc. To use this feature Windows needs to be installed in UEFI mode.

Limitations (prevention)

Users concerned about tools like Kon-Boot should use disk encryption[23] (FileVault, Bitlocker, Veracrypt etc.) software as Kon-Boot is not able to bypass disk encryption.[24] BIOS password and enabled SecureBoot[25][26] feature is also a good prevention measure. However Kon-Boot since version 3.5 is able to bypass SecureBoot feature.[27] Kon-Boot does not support virtualization and instructs users to turn it off in the bios.[28] Kon-Boot does not support ARM devices such as Apple's M1 chip.

References

  1. ^ a b "Official Kon-Boot tool website (windows password and macos password bypass)". www.piotrbania.com. Retrieved 2019-07-26.
  2. ^ "Penetration Testing Stories: How I Stole an Energy Company". Rapid7 Blog. 2018-09-18. Retrieved 2019-11-22.
  3. ^ Varsalone, Jesse; McFadden, Matthew (2011-09-07). Defense against the Black Arts: How Hackers Do What They Do and How to Protect against It. CRC Press. ISBN 978-1-4398-2119-0.
  4. ^ Velu, Vijay Kumar; Beggs, Robert (2019-01-30). Mastering Kali Linux for Advanced Penetration Testing: Secure your network with Kali Linux 2019.1 – the ultimate white hat hackers' toolkit, 3rd Edition. Packt Publishing Ltd. ISBN 978-1-78934-061-7.
  5. ^ "Windows Guide - KON-BOOT GUIDE - Remedy for forgotten passwords (Windows and Mac)". kon-boot.com. Retrieved 2020-11-03.
  6. ^ "Dailydave: TOOL: Kon-Boot v.1.0 - booting-time ultimate linux hacking utility ; )". seclists.org. Retrieved 2019-07-26.
  7. ^ "Full Disclosure: KON-BOOT for Windows and Linux (Password Bypassing Utility for Forgetting Heads)". seclists.org. Retrieved 2019-07-26.
  8. ^ "[www.kon-boot.com] KON-BOOT - ULTIMATE WINDOWS/LINUX HACKING UTILITY :-)". www.piotrbania.com. Retrieved 2019-07-26.
  9. ^ "Kon-Boot - Best password tool for windows password, mac password, forgotten passwords, windows 10 password". kon-boot.com. Retrieved 2019-07-26.
  10. ^ "KON-BOOT GUIDE". kon-boot.com. Retrieved 2021-11-12.
  11. ^ "KON-BOOT GUIDE". kon-boot.com. Retrieved 2019-07-26.
  12. ^ "Developer Website". www.piotrbania.com. Retrieved 2021-11-12.
  13. ^ Moabi.com (2012-07-29). "[Defcon] Hardware backdooring is practical". {{cite journal}}: Cite journal requires |journal= (help)
  14. ^ "Computer Emergency Response Team - Industrie Services et Tertiaire". www.cert-ist.com. Retrieved 2019-08-22.
  15. ^ VirusTotal tackles the tricky false positives problem plaguing antivirus software
  16. ^ Rubenking, By Neil J. (April 15, 2015). "False Positives Sink Antivirus Ratings". PCMag. Retrieved 2019-08-26.
  17. ^ "False positives - What are they?". Panda Security Mediacenter. 2010-09-08. Retrieved 2019-11-22.
  18. ^ "Security Accounts Manager - TechNet Articles - United States (English) - TechNet Wiki". social.technet.microsoft.com. Retrieved 2019-10-01.
  19. ^ "In Windows, what are Sticky Keys, and how do I enable them?". kb.iu.edu. Retrieved 2021-06-24.
  20. ^ "Windows Guide - KON-BOOT GUIDE - Remedy for forgotten passwords (Windows and Mac)". kon-boot.com. Retrieved 2021-06-24.
  21. ^ M, John (2021-03-26). "How to Reset Your Forgotten Windows 10 Password". Solution to Windows and Mac password problems. Retrieved 2021-06-24.
  22. ^ "Windows Guide - KON-BOOT GUIDE - Remedy for forgotten passwords (Windows and Mac)". kon-boot.com. Retrieved 2021-06-24.
  23. ^ "What is Full-Disk Encryption? - Definition from Techopedia". Techopedia.com. Retrieved 2019-08-23.
  24. ^ "KON-BOOT GUIDE". kon-boot.com. Retrieved 2019-07-26.
  25. ^ What is UEFI Secure Boot, archived from the original on 2022-04-12, retrieved 2019-11-22
  26. ^ "Frequently Asked Questions about Secure Boot". Intel. Retrieved 2019-08-26.
  27. ^ "KON-BOOT OFFICIAL GUIDE - Remedy for forgotten passwords for Windows and Mac! Can't login? Use kon boot password software". kon-boot.com. Retrieved 2020-06-15.
  28. ^ "Bypass Windows password with Kon-Boot (GUIDE) - KON-BOOT GUIDE - Remedy for forgotten passwords (Windows and Mac)". kon-boot.com. Retrieved 2021-08-27.

Information related to Kon-Boot

Kon-Boot
Index: pl ar de en es fr it arz nl ja pt ceb sv uk vi war zh ru af ast az bg zh-min-nan bn be ca cs cy da et el eo eu fa gl ko hi hr id he ka la lv lt hu mk ms min no nn ce uz kk ro simple sk sl sr sh fi ta tt th tg azb tr ur zh-yue hy my ace als am an hyw ban bjn map-bms ba be-tarask bcl bpy bar bs br cv nv eml hif fo fy ga gd gu hak ha hsb io ig ilo ia ie os is jv kn ht ku ckb ky mrj lb lij li lmo mai mg ml zh-classical mr xmf mzn cdo mn nap new ne frr oc mhr or as pa pnb ps pms nds crh qu sa sah sco sq scn si sd szl su sw tl shn te bug vec vo wa wuu yi yo diq bat-smg zu lad kbd ang smn ab roa-rup frp arc gn av ay bh bi bo bxr cbk-zam co za dag ary se pdc dv dsb myv ext fur gv gag inh ki glk gan guw xal haw rw kbp pam csb kw km kv koi kg gom ks gcr lo lbe ltg lez nia ln jbo lg mt mi tw mwl mdf mnw nqo fj nah na nds-nl nrm nov om pi pag pap pfl pcd krc kaa ksh rm rue sm sat sc trv stq nso sn cu so srn kab roa-tara tet tpi to chr tum tk tyv udm ug vep fiu-vro vls wo xh zea ty ak bm ch ny ee ff got iu ik kl mad cr pih ami pwn pnt dz rmy rn sg st tn ss ti din chy ts kcg ve
Prefix: a b c d e f g h i j k l m n o p q r s t u v w x y z 0 1 2 3 4 5 6 7 8 9

Portal di Ensiklopedia Dunia

Portal : Agama
Agama
Portal : Bahasa
Bahasa
Portal : Biografi
Biografi
Portal : Budaya
Budaya
Portal : Ekonomi
Ekonomi
Portal : Elektronika
Elektronika
Portal : Film
Film
Portal : Filsafat
Filsafat
Portal : Geografi
Geografi
Portal : Indonesia
Indonesia
Portal : Ilmu
Ilmu
Portal : Lingkungan
Lingkungan
Portal : Masyarakat
Masyarakat
Portal : Matematika
Matematika
Portal : Militer
Militer
Portal : Mitologi
Mitologi
Portal : Musik
Musik
Portal : Olahraga
Olahraga
Portal : Pendidikan
Pendidikan
Portal : Politik
Politik
Portal : Sastra
Sastra
Portal : Sejarah
Sejarah
Portal : Seni
Seni
Portal : Teknologi
Teknologi
Kembali kehalaman sebelumnya