A couple of previous articles talked about how Microsoft Windows platforms store user passwords and how one can access and crack them to control a PC (links provided at the bottom). Well it is a time consuming process and there is always a chance you may not be able to crack the passwords due to their complexity . It is a bit cumbersome requiring elevated privileges to extract hashes and time to crack them.
Today I present a very simple,elegant and far more powerful tool- Kon-Boot. It is one of the most destructive tools I have ever seen. It is very easy to execute and avoids the hassle of cracking hashes.
According to the creator's homepage - "Kon-boot is piece of software which allows to change contents of a linux and Windows kernel while booting. It allows to log into a linux system as 'root' user without typing the correct password or to elevate privileges from current user to root. For Windows systems it allows to enter any password protected profile without knowledge of the password". Sounds awesome doesn't it? All you have to do is run this software, resident on a live CD or Usb, it will promptly make some changes in the kernel and voila you have hacked the PC! How cool is that! You do not need to know anything about hashes and all the complicated business associated with it. Currently Kon-Boots can exploit Windows XP,Vista,7 and flavours of Linux including Debian, Gentoo, Fedora and Ubuntu.
According to the creator's homepage - "Kon-boot is piece of software which allows to change contents of a linux and Windows kernel while booting. It allows to log into a linux system as 'root' user without typing the correct password or to elevate privileges from current user to root. For Windows systems it allows to enter any password protected profile without knowledge of the password". Sounds awesome doesn't it? All you have to do is run this software, resident on a live CD or Usb, it will promptly make some changes in the kernel and voila you have hacked the PC! How cool is that! You do not need to know anything about hashes and all the complicated business associated with it. Currently Kon-Boots can exploit Windows XP,Vista,7 and flavours of Linux including Debian, Gentoo, Fedora and Ubuntu.
Steps to load Kon-Boot
I booted Kon-Boot from the iso (links to download given at the end) in VMWare. A banner displaying Kryptos will be displayed. Press a button and you will note that the screen will change. Once finished load Windows and try to access any account. If you are prompted for a password just type anything and hit enter. In my case I was not even asked for a password! ( I am using Windows XP).
If there is a problem there a few few links you might want to look up which provide information on how to burn a live CD and USB. There are some issued if you have multiple OS. I remember when I used the tool for the first time on my machine having Ubuntu and Vista, and it simply froze with a black screen. For all such problems refer to the websites given on the author homepage.
Note: Please note that the iso that you will download is not empty. Because the size of the tool is very small the size is displayed as 0kB.
Disadvantages and mitigation:
Obviously you must be able to boot Kon-Boot using a live CD/USB. A simple solution to strengthen the security is to implement BIOS password. Secondly physical access to the PC is required to carry out this attack. Needless to say, this privilege should not be granted to an unauthorized personnel.
Conclusion
Although I have shown this tool in a very negative way it has great (and noble) uses. A system administrator can always use it to create new accounts quickly without needing to remember admin passwords. In another scenario if a user forgets his password he can quickly use Kon-Boot to reset their password. Windows has introduced password-reset disk facility but this can be an alternative.
There are many such tools like Kon-Boot but this is probably the most stable and flexible of the lot.
Important Links:
Kon-Boot Homepage
More on Kon Boot and similar tools
Basics of password security and cracking
Cracking passwords using Rainbow Tables