2012 NEWS: PLEASE TAKE A
MOMENT AND ANSWER THIS POOL:
:: About Kon-Boot
Kon-Boot is an prototype piece of software which allows to
change contents of a linux kernel (and now Windows kernel also!!!) on the fly (while booting). In the
current compilation state it allows to log into a linux system as 'root'
user without typing the correct password or to elevate
privileges from current user to root. For Windows
systems it allows to enter any password protected profile without
any knowledge of the password. It was acctually
started as silly project of mine, which was born from my
never-ending memory problems :) Secondly it was mainly created for
Ubuntu, later i have made few add-ons to cover some other linux
distributions. Finally, please consider this is my first linux
project so far :) Entire Kon-Boot was written in pure x86
assembly, using old grandpa-geezer TASM 4.0.
Additional notes:
Kon-Boot was
designed to work on X86-32 architectures only.
As one of my past
projects for
KryptosLogic Kon-Boot was moved to Windows platforms. So now
it provides support for Microsoft Windows systems and also the Linux
systems listed in the next sections. Kon-Boot for Windows enables
logging in to any password protected machine profile without without
any knowledge of the password. This tool changes the contents of Windows kernel while
booting, everything is done virtually - without any interferences
with physical system changes. So far following systems were tested
to work correctly with Kon-Boot (however its quite possible other
versions of listed Windows systems may be suitable as well):
Tested
Windows versions
Windows Server 2008 Standard
SP2 (v.275)
Windows Vista Business SP0
Windows Vista Ultimate SP1
Windows Vista Ultimate SP0
Windows Server 2003
Enterprise
Windows XP
Windows XP SP1
Windows XP SP2
Windows XP SP3
Windows 7
You can download this Kon-Boot
version below in the download section.
No special usage instructions
are required for Windows users, just boot from Kon-Boot CD/Floppy,
select your profile and put any password you want. You lost your
password? Now it doesnt matter at all :-)
::
Tested Linux'es
Current Kon-Boot release was tested with following Linux
distributions:
Kernel
Grub
Gentoo
2.6.24-gentoo-r5
GRUB 0.97
Ubuntu
2.6.24.3-debug
GRUB 0.97
Debian
2.6.18-6-6861
GRUB 0.97
Fedora
2.6.25.9-76.fc9.i6862
GRUB 0.97
Notes: 1
- setreuid method example not working 2 - logging
without a password not working (maybe because this SELinux issues?)
::
Using Kon-Boot - Method type 1
- Logging In Without A Pass (LIWaP)
Typical usage scenario:
LIWaP usage scenario:
1. Boot
with Kon-boot CD or Floppy
2. When
Linux is fully booted go to the console mode
3. Type 'kon-usr'
as login, if it works you should be now in the system
4. !Remember!
to restore the system when you are leaving, you can do this by
typing 'kon-fix' as login again.
System Address
Map fixing for buggy BIOSES ('SMAP' entries)
Yes - basic
Multiple
kernel signatures + no hardcoded kernel address
Yes
Deprotecting
memory regions
Yes - basic through fixing cr0
Syscalls
filtering
Yes
Finding
kmalloc()
No - currenty omitted
::
Little video sample
Little video showing
Kon-Boot subverting on the fly the debian kernel while booting (recorded
under VMware):
::
Download
DISCLAIMER
Author takes no
responsibility for any actions with provided informations or
codes. The copyright for any material created by the author is
reserved. Any duplication of codes or texts provided here in
electronic or printed publications is not permitted without
the author's agreement.
THIS WORK IS
FREEWARE ONLY FOR LEGAL AND PERSONAL USE. YOU ARE NOT ALLOWED
TO USE THIS TOOL FOR COMMERCIAL OR ILLEGAL PURPOSES.
!!! NOTE2:
FOLLOWING FILES ARE FREE OF VIRUSES WHATSOEVER SO IF YOUR ANTIVIRUS
SCREAMS ABOUT IT, EITHER YOU ARE ALREADY INFECTED WITH SOMETHING
ELSE OR YOUR ANTIVIRUS SUCKS. IN BOTH CASES DON'T BOTHER WITH
REPORTING IT TO ME. !!!
Note: All
CD-ISO's are working in so called Floppy Emulation mode, which
should be handled correctly by 100% of Bioses which support the El-Torito
bootable CD format. The ISO images were created by some really
basic utilitty created by me, however you can convert the floopy
images to iso's by using programs like mkisofs etc. etc.
::
Last words, greets
Actually i was planning to describe
here all the hacking-voodoo i used, but again after doing this stuff
i found it little boring - so i will simply leave it as it is. In
the end i would like to greet some old DOS-time-gangstas i know (you
may not realize it but they did a hella stuffs years before you have
seen it at blackhat), also thanks to Artur Byszko (who spent his
entire 2 cleans CDs to test Kon-Boot, later we will try this on
vinyls man), >> yash ks, thorkill, ducer, mcb, << (who listens to my linux
and not-linux babbling from time-to-time), Marek Białogłowy
(wszystkiego najlepszego sic!) and all the guys im working with and
used to work with, hits from the dongs :)
p - 17:05:11>gentoo zrobilem
thorkill - 17:07:47> fajnie, masz ciasteczko
