Bypass Windows & Linux Passwords via hak.5

I love hak.5, its the perfect example of niche content. Every episode has something new and interesting in it for someone like myself. The ESXi virtualisation stuff has been pretty good, and the WPA hacking (i mean) self-evaluating almost got me writing. But what killed me was Kon-boot. I looked it up on darknet.org.uk and found this.

Kon-Boot is an prototype piece of software which allows to change contents of a Linux kernel (and now Windows kernel also!!!) on the fly (while booting).

In the current compilation state it allows to log into a Linux system as ’root’ user without typing the correct password or to elevate privileges from current user to root. For Windows systems it allows to enter any password protected profile without any knowledge of the password.

It was mainly created for Ubuntu, later the author has made a few add-ons to cover some other Linux distributions.

Entire Kon-Boot was written in pure x86 assembly, using old grandpa-geezer TASM 4.0.

How do you stop this happening? Add a BIOS password and Encrypt your hard drive. But look out, the cold boot hack is becoming actually possible for the seasoned IT professional. Shocking stuff, well done to the hak.5 guys for covering this stuff well.

Comments [Comments]
Trackbacks [0]

Author: Ianforrester

Senior firestarter at BBC R&D, emergent technology expert and serial social geek event organiser. Can be found at cubicgarden@mas.to, cubicgarden@twit.social and cubicgarden@blacktwitter.io