Kon-Boot boot Disc Bypass Password.

<<

hackly66

User avatar

Jr. Member
Jr. Member

Posts: 62

Joined: Wed Jan 24, 2007 10:44 am

Location: Florida

Post Tue May 12, 2009 7:07 pm

Kon-Boot boot Disc Bypass Password.

Hi everyone-

Last night while learning Snort I headed towards Ask Raymond site, and came across this cool tool called Kon-Boot it’s a live linux boot disc. What this can do is bypass the domain or local administrators account. I tested this on one of my end users with special permission through my co-partner, this boot CD got me through the  account with no interruption no password required. I realized while on line, it locked out the account, but when offline I did not have any issues. Now just to make sure my account being the Local Domain Admin I went ahead and tested myself a few times, and thank God can’t access my account,only as a local administrator it’s possible. This is very scary because it forces you to set a bios password, and encrypt your hard drive. So far I have not tested on Vista or Windows 7, but I’m sure someone out there can give us some feedback, try it on a 64bit OS maybe it might work. Once you reboot back to your system without the Cd everything should be back to normal.

Link to Kon-Boot---- http://www.piotrbania.com/all/kon-boot/


Ask Raymond Site-http://www.raymond.cc/blog/archives/2009/04/29/login-to-windows-administrator-and-linux-root-account-without-knowing-or-changing-current-password/

PS -Please do things ethical this teaches us to warn others about exploits like this one. ;)
A+,Net+,Sec+
<<

Ignatius

Jr. Member
Jr. Member

Posts: 91

Joined: Sun Mar 22, 2009 9:51 am

Post Wed May 13, 2009 8:43 am

Re: Kon-Boot boot Disc Bypass Password.

I've seen threads about this software elsewhere and the posters didn't manage to get anywhere with it.  They were suspicious that it was some kind of hoax (hence the "Kon" in the title) and someone even suspected that it installed a rootkit.

I've not played around with it myself, nor will I until I've seen reputable folks on the fora where it's been discussed have tested it thoroughly and given it the thumbs up.
<<

don

User avatar

Administrator
Administrator

Posts: 4262

Joined: Sun Aug 28, 2005 10:47 pm

Location: Chicago

Post Wed May 13, 2009 2:43 pm

Re: Kon-Boot boot Disc Bypass Password.

I haven't played with this one, but there are many other bootable CDs out there that can get you into a machine without knowing the password. I've used this one in the past and like it:

Offline NT Password & Registry Editor
http://home.eunet.no/pnordahl/ntpasswd/

There is also ERD Commander that was made by Winternals. It has since been bought by Microsoft and is only released to those with Software Assurance contracts. But it has been kept up to date with bootable CDs for both XP and Vista.

There are plenty of others like the Ophcrack CDs, etc. etc. So I don't think this fits into the category of being an exploitable vuln, but it is always something to remember.

This is why sec pros always recommed the extra measures you mention below like power on passwords, full volume encryption, etc. Physical access is always the worst case scenario. OK... maybe not always, but you get what I'm saying.

Don
CISSP, MCSE, CSTA, Security+ SME
<<

Ketchup

User avatar

Hero Member
Hero Member

Posts: 1021

Joined: Fri Jul 04, 2008 7:44 pm

Location: Philadelphia, PA

Post Wed May 13, 2009 7:58 pm

Re: Kon-Boot boot Disc Bypass Password.

I have been using Peter Nordahl's disk for the past 8 years or so with about 95% success rate. 

http://home.eunet.no/pnordahl/ntpasswd/

Also firewire DMA hack works pretty well to bypass authentication without having to reboot the machine.  The tool is winlockpwn and is included on the Helix cd.
~~~~~~~~~~~~~~
Ketchup
<<

hackly66

User avatar

Jr. Member
Jr. Member

Posts: 62

Joined: Wed Jan 24, 2007 10:44 am

Location: Florida

Post Wed May 13, 2009 8:55 pm

Re: Kon-Boot boot Disc Bypass Password.

Yes correct guys I'm in with you with the other Boot Disk, but what makes this one a bit differnet is that it keeps the orignal password intact it does not modify your password I ran Sophos free Anti-Rootkit scanner,and did not find any rootkits installed.I would try it on a non productive computer just for you to see how easy this exploit can be. 8)
A+,Net+,Sec+
<<

dalepearson

Sr. Member
Sr. Member

Posts: 357

Joined: Thu Nov 09, 2006 10:03 am

Post Fri Jun 19, 2009 7:00 am

Re: Kon-Boot boot Disc Bypass Password.

I heard about this the other month on Risky.biz, and finally got around to testing it, doing a small blog, and posting a vid of it working on a Vista box.

Feel free to have a look. http://blog.securityactive.co.uk/2009/0 ... ront-door/

Return to Tools

Who is online

Users browsing this forum: No registered users and 1 guest

Powered by phpBB® Forum Software © phpBB Group.
Designed by ST Software