Kon Boot disc
Results 1 to 7 of 7

Thread: Kon Boot disc

  1. #1
    StOrM™
    Join Date
    Aug 2004
    Posts
    1,003

    Kon Boot disc

    http://www.piotrbania.com/all/kon-boot/


    I found couple of employee's talking about it in the afternoon. Since it lets you override login on almost any Microsoft OS and Linux distro out there. I was wondering "how". I'm going through links on the site and will research on my own. But i wanted to know if anyone here was aware of this.


    I've created this thread in malware since i suspect the disk to do something malicious and it works on most OS out there. Feel free to move it around if required. Also if administrator feels this link is not appropriate please remove it.
    Parth Maniar,
    CISSP, CISM, CISA, SSCP

    *Thank you GOD*

    Greater the Difficulty, SWEETER the Victory.

    Believe in yourself.

  2. #2
    Senior Member SnugglesTheBear's Avatar
    Join Date
    Jun 2010
    Posts
    133
    From what I read, it appears pretty straight forward. You insert kon-boot and have the machine boot into it. It mounts the OS on the drive and since you are already running as root on the disk, they can edit the machine however they see fit since it is now the ultimate authority on the computer. An easy way to stop this would be to lock down the boot order so that only admins can edit it.

  3. #3
    Gonzo District BOFH westin's Avatar
    Join Date
    Jan 2006
    Location
    SW MO
    Posts
    1,188
    I have been using this for quite some time. I heard about it on PaulDotCom. I have used it on several systems, and have had pretty good luck with it. It is nice when working on client machines, because you don't have to reset the password. You just bypass it, which saves you from having to explain their new password, and how to change it.

    I haven't noticed any suspicious activity after using the disk. If nothing else, create a VM, run the iso as the boot device, and see if you notice anything.
    \"Those of us that had been up all night were in no mood for coffee and donuts, we wanted strong drink.\"

    -HST

  4. #4
    StOrM™
    Join Date
    Aug 2004
    Posts
    1,003
    I was planning to do that but for some odd reason i can't extract the file. I don't know if anyone else has tried it. I've talked with few guys and they said previous scans at virustotal have found the disk malicious.

    Let me see. I'll put it up on the VM tonight.

    @snuggles - Thanks for the suggestion mate. I have the BIOS locked down but I wanted to know how the disk works and if it is malicious. The reason i find it suspicious is that ISO file is few hundred kb's only.
    Parth Maniar,
    CISSP, CISM, CISA, SSCP

    *Thank you GOD*

    Greater the Difficulty, SWEETER the Victory.

    Believe in yourself.

  5. #5
    Gonzo District BOFH westin's Avatar
    Join Date
    Jan 2006
    Location
    SW MO
    Posts
    1,188
    @ByTe - I have seen this disk recommended by some pretty big names in the security industry. It is written in assembly, so it is not going to be a huge program. It is probably flagged as malicious because it
    allows to change contents of a linux kernel (and now Windows kernel also!!!) on the fly (while booting).
    It could definitely be used maliciously, but I don't think that was the author's intent.

    edit:

    Just ran it through virus total. 4/42 flagged it as suspicious.

    Emsisoft 5.0.0.37 2010.08.23 Riskware.Hacktool.KonBoot!
    IKIkarus T3.1.1.88.0 2010.08.23 not-a-virus:Hacktool.KonBoot
    Kaspersky 7.0.0.125 2010.08.23 not-a-virus:PSWTool.Boot.KonBoot.a
    Microsoft 1.6103 2010.08.23 VirTool:DOS/Konboot
    Last edited by westin; August 26th, 2010 at 07:32 PM.
    \"Those of us that had been up all night were in no mood for coffee and donuts, we wanted strong drink.\"

    -HST

  6. #6
    HYBR|D
    Guest
    Not going to go into details, (Cell phone + interweb + no data plan = huuuge bill )

    Anyhow i can vouch that the tool is legit.

    Wouldn't worry about those little warnings, like most "Cracking" tools you'll find most antivirrii apps will flag it if it's sole purpose is to mess with system processes.

    even that magic jelly bean app get's flagged and that just scans for system keys..

  7. #7
    StOrM™
    Join Date
    Aug 2004
    Posts
    1,003
    Thanks guys. I appreciate it. I still haven't got time to test it on my own. I really want to try and find out if there is any trace it leaves on the system to use of this CD can be traced or be discovered.

    Again, I appreciate the inputs. Thank you.
    Parth Maniar,
    CISSP, CISM, CISA, SSCP

    *Thank you GOD*

    Greater the Difficulty, SWEETER the Victory.

    Believe in yourself.

Similar Threads

  1. Cisco help needed!!!
    By phishphreek in forum Network Security Discussions
    Replies: 20
    Last Post: August 13th, 2005, 11:34 PM
  2. Slack BSD
    By gore in forum Operating Systems
    Replies: 2
    Last Post: February 25th, 2005, 08:12 AM
  3. How to create a dual boot operating system for a new PC.
    By Computernerd22 in forum Other Tutorials Forum
    Replies: 3
    Last Post: June 27th, 2004, 12:38 AM
  4. Win Emergency boot disks
    By xmaddness in forum Other Tutorials Forum
    Replies: 9
    Last Post: May 29th, 2002, 03:31 PM
  5. Why Grub?
    By E5C4P3 in forum *nix Security Discussions
    Replies: 3
    Last Post: February 28th, 2002, 10:30 AM

Posting Permissions

  • You may not post new threads
  • You may not post replies
  • You may not post attachments
  • You may not edit your posts
  •