Kon-Boot looks like a very interesting tool since it can get you into a system without having to logon first.

According to the description at the tool's site, Kon-Boot alters a Linux or Windows kernel on the fly during boot up. The result is that you can login to a system as 'root' or 'administrator' without having to know the associated account password.

The tool reportedly works with Windows Vista, XP, Server 2008, Server 2003, Windows 7, Gentoo, Ubuntu, Debian, and Fedora.

All of you admins out there might want to give this tool a whirl to see how it works against your systems - before one of your users does!

Reader Comments

Can,t wait to see the havoc when these features are added to a rootkit.

Hmmm - booting up using the .iso left me with a blinking cursor the first time, and a blinking "ERR" the second time, all while I received an alert my AD account was now locked out. Are we sure this thing does what it says it does?

Maybe it already has been added to a rootkit!!!!

From my testing on a Windows XP computer which is part of a domain, you can only use a local user account, not an AD account. This is why you locked your AD account out. Try it against a local account and it should work fine. Another caveat is that you need to know the name of at least one local user account to access the system; however, there are ways to find this out before hand if you don't already know. (Ex. Offline NT Password & Registry Editor, ERD Commander)

As a systems administrator with a background in software engineering, my response to this article is - quite frankly - "oh please." It is a fact that you do not need to alter the kernel to bypass a logon - just the boot sequence, which is as easy as pie if you are a programmer. If I'm booting an ISO CD from the console, I can bypass the security anyway. I can gain root access regardless of the operating system being used by booting from a CD, as long as I know how to read the underlying filesystem. No special programming is even required for such a feat. That is why encrypted filesystems were created in the first place.

Wasn't that what Windows PE was developed for? Have they tried UBCD recently. That does exactly this, and has been doing so for many years.