Kon-Boot

From Wikipedia, the free encyclopedia
Jump to navigation Jump to search
Kon-Boot
DeveloperPiotr Bania
Initial releaseJuly 15, 2008; 17 years ago (2008-07-15)
Stable release
5.0 / October 21, 2025; 6 months ago (2025-10-21)
Repository
  • {{URL|example.com|optional display text}}Lua error in Module:EditAtWikidata at line 29: attempt to index field 'wikibase' (a nil value).
Engine
    Lua error in Module:EditAtWikidata at line 29: attempt to index field 'wikibase' (a nil value).
    Operating systemWindows and macOS systems
    Websitewww.piotrbania.com/all/kon-boot/

    Kon-Boot (aka konboot, kon boot) is a software utility that allows users to bypass Microsoft Windows passwords and Apple macOS passwords (Linux support has been deprecated) without lasting or persistent changes to system on which it is executed. It is also the first reported tool and so far the only one capable of bypassing Windows 11 and Windows 10 online (live) passwords and supporting both Windows and macOS systems.[1] It is also a widely used tool in computer security, especially in penetration testing.[2][3][4] Since version 3.5 Kon-Boot is also able to bypass SecureBoot feature.[5]

    File:Kon-Boot booting from USB (bypass windows password software).webm
    Kon-Boot booting from USB

    History

    [edit | edit source]

    Kon-Boot was originally designed as a proof of concept, freeware security tool, mostly for people who tend to forget their passwords. The main idea was to allow users to login to the target computer without knowing the correct password and without making any persistent changes to system on which it is executed.

    First Kon-Boot release was announced in 2008 on DailyDave mailing list.[6] Version 1.0 (freeware) allowed users to login into Linux based operating systems and to bypass the authentication process (allowing access to the system without knowing the password).

    In 2009 author of this software announced Kon-Boot for Linux and 32-bit Microsoft Windows systems.[7] This release provided additional support for bypassing Windows systems passwords on any Windows operating system starting from Windows Server 2008 to Windows 7. This version is still available as freeware[8]

    Newest Kon-Boot releases are available only as commercial products[1][9] and are still maintained.

    Current version is able to bypass passwords on the following operating systems:

    Supported Microsoft Windows operating systems[10]
    Microsoft Windows XP
    Microsoft Windows Vista Home Basic 32Bit/64Bit
    Microsoft Windows Vista Home Premium 32Bit/64Bit    
    Microsoft Windows Vista Business 32Bit/64Bit    
    Microsoft Windows Vista Enterprise 32Bit/64Bit    
    Microsoft Windows Server 2003 Standard 32Bit/64Bit    
    Microsoft Windows Server 2003 Datacenter 32Bit/64Bit    
    Microsoft Windows Server 2003 Enterprise 32Bit/64Bit    
    Microsoft Windows Server 2003 Web Edition 32Bit/64Bit    
    Microsoft Windows Server 2008 Standard 32Bit/64Bit    
    Microsoft Windows Server 2008 Datacenter 32Bit/64Bit    
    Microsoft Windows Server 2008 Enterprise 32Bit/64Bit    
    Microsoft Windows 7 Home Premium 32Bit/64Bit    
    Microsoft Windows 7 Professional 32Bit/64Bit    
    Microsoft Windows 7 Ultimate 32Bit/64Bit    
    Microsoft Windows 8 and 8.1 all versions (32Bit/64Bit—includes live/online password bypass)
    Microsoft Windows 10 all versions (32Bit/64Bit—includes live/online password bypass)
    Microsoft Windows 11 all versions (64Bit, UEFI - Windows 11 installation requirements)
    Supported Apple macOS / OS X operating systems[11]
    Apple OS X 10.6
    Apple OS X 10.7
    Apple OS X 10.8
    Apple OS X 10.9
    Apple OS X 10.10
    Apple OS X 10.11
    Apple macOS Sierra (10.12)
    Apple macOS High Sierra (10.13)
    Apple macOS Mojave (10.14)
    Apple macOS Catalina (10.15)
    Apple macOS Big Sur (11)
    Apple macOS Monterey (12)[12]
    Apple macOS Ventura (13)
    Apple macOS Sonoma (14)
    Apple macOS Sequoia (15)
    Apple macOS Tahoe (26)

    Technology

    [edit | edit source]

    Kon-Boot works like a bootkit[13][14] (thus it also often creates false positive[15][16][17] alerts in antivirus software). It injects (hides) itself into BIOS memory. Kon-Boot modifies the kernel code on the fly (runtime), temporarily changing the code responsible for verification user's authorization data while the operating system loads.

    In contrast to password reset tools like CHNTPW (The Offline NT Password Editor), Kon-Boot does not modify system files and SAM hive,[18] all changes are temporary and they disappear after system reboots.

    Additional Features

    [edit | edit source]

    While by default Kon-Boot bypasses Windows passwords it also includes some additional features that are worth noting:

    • Kon-Boot can change Windows passwords due to embedded Sticky-Keys[19] feature. For example after successful Windows boot with Kon-Boot user can tap SHIFT key 5 times and Kon-Boot will open a Windows console window running with local system privileges. Fully working console can be used for a variety of purposes. For example in case of changing Windows password following command can be used:[20] net user [username] [newpassword](selected user can be later added as new Windows administrator by typing: net localgroup administrators [username] /add). Similarly following command:[21] net user [username] * will erase current Windows password for selected user. Obviously many other actions are available since the Windows console is running with system privileges.
    • Kon-Boot automatically executing Powershell script with system privileges
      Kon-Boot automatically executing PowerShell script with system privileges
      In the commercial Kon-Boot editions it is possible to use Automatic PowerShell Script Execution feature [22] which automatically executes (after Windows boot) given PowerShell script with full system privileges. This feature can be used to automatize various tasks for example performing forensics data gathering task etc. To use this feature Windows needs to be installed in UEFI mode.

    Limitations (prevention)

    [edit | edit source]

    Users concerned about tools like Kon-Boot should use disk encryption[23] (FileVault, Bitlocker, Veracrypt etc.) software as Kon-Boot is not able to bypass disk encryption.[24] BIOS password and enabled SecureBoot[25][26] feature is also a good prevention measure. However Kon-Boot since version 3.5 is able to bypass SecureBoot feature.[27] Kon-Boot does not support virtualization and instructs users to turn it off in the bios.[28] Kon-Boot does not support ARM devices such as Apple's M1 chip (newest Apple ARM devices does not support booting from 3rd party media).

    References

    [edit | edit source]
    1. ^ a b Lua error in Module:Citation/CS1/Configuration at line 2172: attempt to index field '?' (a nil value).
    2. ^ Lua error in Module:Citation/CS1/Configuration at line 2172: attempt to index field '?' (a nil value).
    3. ^ Lua error in Module:Citation/CS1/Configuration at line 2172: attempt to index field '?' (a nil value).
    4. ^ Lua error in Module:Citation/CS1/Configuration at line 2172: attempt to index field '?' (a nil value).
    5. ^ Lua error in Module:Citation/CS1/Configuration at line 2172: attempt to index field '?' (a nil value).
    6. ^ Lua error in Module:Citation/CS1/Configuration at line 2172: attempt to index field '?' (a nil value).
    7. ^ Lua error in Module:Citation/CS1/Configuration at line 2172: attempt to index field '?' (a nil value).
    8. ^ Lua error in Module:Citation/CS1/Configuration at line 2172: attempt to index field '?' (a nil value).
    9. ^ Lua error in Module:Citation/CS1/Configuration at line 2172: attempt to index field '?' (a nil value).
    10. ^ Lua error in Module:Citation/CS1/Configuration at line 2172: attempt to index field '?' (a nil value).
    11. ^ Lua error in Module:Citation/CS1/Configuration at line 2172: attempt to index field '?' (a nil value).
    12. ^ Lua error in Module:Citation/CS1/Configuration at line 2172: attempt to index field '?' (a nil value).
    13. ^ Lua error in Module:Citation/CS1/Configuration at line 2172: attempt to index field '?' (a nil value).
    14. ^ Lua error in Module:Citation/CS1/Configuration at line 2172: attempt to index field '?' (a nil value).
    15. ^ Lua error in Module:Citation/CS1/Configuration at line 2172: attempt to index field '?' (a nil value).
    16. ^ Lua error in Module:Citation/CS1/Configuration at line 2172: attempt to index field '?' (a nil value).
    17. ^ Lua error in Module:Citation/CS1/Configuration at line 2172: attempt to index field '?' (a nil value).
    18. ^ Lua error in Module:Citation/CS1/Configuration at line 2172: attempt to index field '?' (a nil value).
    19. ^ Lua error in Module:Citation/CS1/Configuration at line 2172: attempt to index field '?' (a nil value).
    20. ^ Lua error in Module:Citation/CS1/Configuration at line 2172: attempt to index field '?' (a nil value).
    21. ^ Lua error in Module:Citation/CS1/Configuration at line 2172: attempt to index field '?' (a nil value).
    22. ^ Lua error in Module:Citation/CS1/Configuration at line 2172: attempt to index field '?' (a nil value).
    23. ^ Lua error in Module:Citation/CS1/Configuration at line 2172: attempt to index field '?' (a nil value).
    24. ^ Lua error in Module:Citation/CS1/Configuration at line 2172: attempt to index field '?' (a nil value).
    25. ^ Lua error in Module:Citation/CS1/Configuration at line 2172: attempt to index field '?' (a nil value).
    26. ^ Lua error in Module:Citation/CS1/Configuration at line 2172: attempt to index field '?' (a nil value).
    27. ^ Lua error in Module:Citation/CS1/Configuration at line 2172: attempt to index field '?' (a nil value).
    28. ^ Lua error in Module:Citation/CS1/Configuration at line 2172: attempt to index field '?' (a nil value).
    [edit | edit source]
    Retrieved from "http://70.231.62.181/index.php?title=Kon-Boot&oldid=22092779"