Star Kon-Boot: The Multi-OS Sneaker
Linked by Jordan Spencer Cunningham on Wed 8th Jul 2009 20:51 UTC
Privacy, Security, Encryption Kon-Boot seems to be a similar alternative to Ophcrack that also runs on Linux as well as Windows operating systems. It doesn't crack the password but instead bypasses it and lets the user into any account. Those who are admins may want to take a gander at Kon-Boot in case someone with ulterior motives and physical access to vital computers happens to stumble across this tool. Those who have ulterior motives, enjoy. "According to the description at the tool's site, Kon-Boot alters a Linux or Windows kernel on the fly during boot up. The result is that you can login to a system as 'root' or 'administrator' without having to know the associated account password."
E-mail Print r 3   6 Comment(s) http://osne.ws/gtj
Order by: Score:
Add Comment Post a Comment

Awesome
by DREVILl30564 on Thu 9th Jul 2009 00:05 UTC
DREVILl30564
Member since:
2008-04-18

just added this one to my "toolbox" of useful cds full of programs

Reply Bookmark Score: 1

I don't get it
by Hypnos on Thu 9th Jul 2009 00:38 UTC
Hypnos
Member since:
2008-11-19

If someone has physical access to a machine where the data sits unencrypted, you're already toast, right?

One weak workaround is to password-protect the BIOS to only boot off the hard disk, and put a locking enclosure around the computer case.

Of course, the real solution is to use network-based authentication and file-serving, like Kerberos+AFS.

PS: My word, the Kon-Boot homepage is irritating, though the Amiga Kickstart theme is a nice touch.

Reply Bookmark Score: 2

RE: I don't get it
by evert on Thu 9th Jul 2009 06:53 UTC in reply to "I don't get it"
evert Member since:
2005-07-06

I would suggest harddrive encryption, for example Truecrypt.

Reply Bookmark Score: 2

Hmm?
by strcpy on Thu 9th Jul 2009 07:27 UTC
strcpy
Member since:
2009-05-20

So you have physical access and you need to modify the Linux kernel dynamically in order to login as root?

What was the point again? Wouldn't it be more handy to boot from an alternative media or boot to a single user mode, for an instance?

Or, as usual, did I miss something?

Reply Bookmark Score: 3

RE: Hmm?
by dagw on Thu 9th Jul 2009 12:10 UTC in reply to "Hmm?"
dagw Member since:
2005-07-06

From having quickly looked at it it seems that the main feature this product offers is sneakiness. It seems to do a better job of cleaning up after itself, it making less obvious that someone has been digging around as root in your computer.

From a more sysadmin point of view it is also very quick and easy to use making it more convenient to use than futzing around with OS boot media and single user mode. If I had a job where accessing machines where people had forgotten their root password was a major part of my day this definitely looks like something I'd want to have in my arsenal.

Back when I worked help desk for a large company we had this handy little CD for Windows. It would boot up do some magic stuff and then shut down the computer. Next time you started that machine the Admin password was blank. Very handy at times.

Reply Bookmark Score: 2

crashing
by cspot on Thu 9th Jul 2009 17:56 UTC
cspot
Member since:
2008-12-08

tested this tool with Virtual Box 3.0 running Windows XP 32 SP3.

it achieved a nice blue screen.

Reply Bookmark Score: 2

Add Comment Post a Comment