Kon-Boot Free Version
Because the last free version of Kon-Boot is 1.1, it lacks some features found in subsequent versions and is a bit limited regarding which Windows operating systems it can work with. For instance, it does not work with any type of 64-bit Windows and is also not compatible with any versions of Windows 8. There is some good news however, the website lists Windows 7 as not compatible either, but we’ve tested extensively and used Kon-Boot on several occasions without issue in any 32-bit version of Windows 7. XP, Vista and Server 2003/2008 are officially supported.
After you Download Kon-Boot Free and write it onto CD or USB, simply boot your computer to that device (you will need to set the boot device in the BIOS) and a white screen will popup. Press any key and a black screen will popup showing the process of hooking BIOS functions (the version number 1.0 appears to be an oversight by the developer). After a few more seconds the computer will start to boot normally.
Now when the Logon to Windows screen appears, simply type anything in the password box or leave the password field blank and you’re in! It really is that easy and you simply remove the USB drive or disc so on next reboot Kon-Boot won’t bypass the password again. It is known that not every computer’s BIOS will allow Kon-Boot to work but the majority will be fine if the operating system is compatible.
Bypassing a password is done the same way as the free version, boot with Kon-Boot and type anything for the password. Kon-Boot paid is also capable of performing privilege escalation which allows you to perform administrative tasks as a non administrative user or Guest. For example, you can boot up the computer with Kon-Boot, log in as a Guest and add a new user or even reset the administrator password! Here’s how it works:
1. Boot the computer with Kon-Boot and select to login as a Guest user or with your standard user account.
2. Open a Command Prompt (Win key+R -> cmd) and type these commands in turn:
copy c:\windows\system32\cmd.exe cmk.execmkwhoami
If the whoami command result is “nt authority\system”, then you have elevated privileges and can run commands such as “net user”:
net user {admin} newpassword – resets the named admins passwordnet user /add {user} {password} – creates a new user with optional password
Another paid version feature is “Sticky keys” which is a type of escalation somewhat similar to the privilege escalation above, but this one allows you to open a Command Prompt with System administrator privileges before any users have logged on. The console window will show on the user selection or password entry screen and will allow you to execute similar commands to the desktop privilege escalation function.
To bring up the Command Prompt, all you have to do is boot your computer using Kon-Boot and when you reach user selection or password entry, simply tap the Shift key 5 times in quick succession. The new console window has “Administrator” in the title bar and a path of “C:\Windows\System32” which tells you this is an elevated command prompt. Do note that the Sticky Keys function needs to be enabled in Windows, and it should be on by default unless you have turned it off manually. Sticky Keys escalation also works in Windows XP but privilege escalation does not.
Although the free version of Kon-Boot is losing it’s effectiveness as time progresses and users move away from 32-bit Windows, it’s still a useful tool to have around while XP, and Vista/7 32-bit is still frequently used. It’s a shame Kon-Boot free will probably not receive any more major updates to make it more compatible with newer operating systems, but all good things come to an end eventually.
For pretty much the ultimate in Windows password bypassing that works on 32-bit, 64-bit and UEFI equipped computers, and does so quickly and easily without changing files, cracking or removing current passwords, the paid version of Kon-Boot is well worth looking at.
0 Comments