Kon-Boot – Bypass Windows and Linux Logon Passwords

Kon-boot - Bypass Windows Passwords

Kon-Boot is software which allows you to bypass a Windows or Linux password by temporarily modifying the kernel. This is great for those times when you are working on a client’s pc but forgot to ask for the password. Kon-Boot is one of the simplest programs I have ever used, and it works very well. Simply burn the iso and boot into Kon-Boot. It will automatically load and then start the Windows boot process. When you get to the login screen click on any user and hit enter and you will log into the desktop, no matter how strong of a password was used.

The process does not change, modify, or delete the user password, it simply bypasses it by temporarily modifying the kernel. When you are done take out the cd and reboot or shutdown. The user login will again require a password and won’t log in unless it’s provided. It’s that simple.

Kon-Boot is free for personal use on the original developer’s website, but the version is no longer being maintained. Maintained personal use licenses and commercial use licenses can be purchased from Kryptoslogic.

Personal Use: $15.99 -Perpetual License
Commercial Use: $75.99 -Perpetual License

License Information:

Personal Licenses receive 6 months support and free updates. Commercial Licenses receive 12 months support and free updates. Each purchase entitles the end user or entity to one user license. This license is not subscription based and does not require renewal.

A perpetual personal license can be used solely by the named person who purchased it. License transfer and concurrent usage are prohibited. Personal licenses purchased by a company are invalid. If you are the only person planning to use the license, then the Personal License is for you.

Perpetual Commercial Licenses are available to a developer within a company or organization, requiring the software for general commercial use. Commercial Licenses registered to a legal entity allow for use of the software on any computer, operating system, and by the registered user within the legal entity. The provided total number of concurrent users cannot exceed the number of purchased licenses.

Tested Operating Systems

Microsoft Windows:
Windows Server 2008 Standard SP2 (v.275)
Windows Vista Business SP0
Windows Vista Ultimate SP1
Windows Vista Ultimate SP0
Windows Server 2003 Enterprise
Windows XP
Windows XP SP1
Windows XP SP2
Windows XP SP3
Windows 7

Linux:
Kernel Grub
Gentoo 2.6.24-gentoo-r5 GRUB 0.97
Ubuntu 2.6.24.3-debug GRUB 0.97
Debian 2.6.18-6-6861 GRUB 0.97
Fedora 2.6.25.9-76.fc9.i6862 GRUB 0.97

konboot1

Initial Splash Screen

konboot2

Kon-Boot Loading

konboot3

Just hit enter without a password and you will log in!

Download from Developer’s Website
Commercial Downloads from Kryptoslogic



Chuck Romano

About the Author

Chuck Romano
More articles by me...
Chuck Romano is a business and technology professional with over 9 years experience in document imaging and 11 years in computer repair. Chuck provides results driven expertise in fields such as Healthcare IT, document imaging/workflow systems, marketing, and management.

Comments (23)

  • Arturo Cureno says:

    This program works great!! I been using it for over a year and works everytime. There is also another one that I use depending on the situation and it is called PC Login and this one works 99% of the times. H1 T3CH G33K5 http://www.htgtech.net

  • Chuck Romano says:

    I was pretty amazed with this program. The screenshots above is literally all you see, and within a minute it brings you to the login screen and bypasses the user password. Totally came in handy recently for a laptop I was working on in which I of course forgot to get the user password. This is even better because no passwords were exchanged and it reverts back to normal after a reboot.

  • Curtiss says:

    Great, another password cracker. Just what we need. Isn’t it hard enough to secure a clients system from malware, viruses and hackers without handing them the keys. Now you don’t even need the keys any more. Its a great technicians tool but I recommend asking your client to write down the passwords you will need while working on the PC and then turning them back over to the client when the repairs are completed. Just sayin’.

    • Yawhann Chong says:

      Actually, a “password cracker” would imply that the program is retrieving the password or changing it, in which case this utility is not doing; it’s merely bypassing. Also, writing down the users’ passwords can be compromising if you ever lose or misplace them, and while some users aren’t concerned about their own security, I know that some people with malicious intent are (some of these people are even friends or family members of the user). I’ve found that over the years, if you take care of your users, they will take care of you in turn. With their money. :P

      Thanks for the great share, Chuck! I’ve been looking for a utility that does this without compromising the security of my clients. Some users are reluctant to give away their credentials and some are so lax about it that I wonder why they even bother (you know the types; the ones who write their passwords on a post-it and stick it on their monitors). I just advise them to change their passwords immediately when my work is complete, but I suspect that most of them probably don’t, sadly; so I will definitely be making use of this.

    • MichaelB says:

      You are just fooling yourself if you ever thought a password was protecting your computer. It’s child’s play to boot into a computer with a Linux live CD or USB drive and and access all of your files.

  • Mike says:

    I’m with Curtiss. Isn’t this just exposing a giant security flaw. It’s nice that it’s so convenient, but the purpose of passwords isn’t convenience, it’s security. It’s not secure if you can bypass it this easily.

    I hope whatever allows this work work gets patched quickly.

  • Jim Ross says:

    I’ve used PC Login like Arturo but will give this a try. While I hear what you are saying, Curtiss, I’ve had clients tell me there is no password on such and such account which ends up being a limited user account. I also get folks giving me their email password for a login from time to time. Some folks forget their passwords and I often have folks who can’t tell me there password until they sit at the keyboard and type it in. I also get given mis-spelled passwords.

    Tools like this have a place in our toolkits.

  • Shawn says:

    How sure are we that these type of programs are safe and are not making any permanent changes to the OS that might not be obvious at first?

    Also, does this tool allow the PW to be changed if the user forgets their password?

  • Bigr says:

    32 bit systems only?!

  • Scott Thompson says:

    “32-bit only” is for the old software that isn’t supported anymore.

    The paid version is fully supported and handles a lot more operating systems, including 64-bit. $16? That’s like almost nothing. If you thought it it was worth it enough to try to get the free version, pony up the cash and get the full version.

    I wouldn’t be worried about permanent changes, I would bet that this changes only the kernel held in memory, not a permanent file change on the hard drive.

    Mike: I don’t think that this can be “patched” in a normal way since it is most likely not a file change. And yes, this tool is needed for those people that want security, but have bad memories. It’s not like everyone on the planet is going to have this tool. Only the techs that need it by-and-large will have it. They had 1 MILLION downloads as of March 27, 2010 with the 32-bit version, who knows how many more since then??? I’ve not noticed any stories about how this program is crippling our security in the news. Hmmmmm….

    And if you need to change a password for a user that forgot it, there are other programs out there for that, and most of them are free. “NT Password Removal Tool” is the one that I use regularly and like a lot. It blanks the password and then you can log into Windows and change it to whatever they want (or not, as the case may be).

    Now I’m
    “just sayin’”

  • sys-eng says:

    I do wonder if this becomes useless with the next patch from Microsoft.

    • Jo Gold says:

      I wouldn’t worry about Microsoft fixing this. They have never ever (to my knowledge) fixed the password problems. Heck, since Win 95 I’ve been bypassing login passwords. Maybe they can’t.
      I tell all my clients that physical access to a computer means your computer is not secure. (especially if there is a teenager around)

  • Mike Wilson says:

    To those complaining about the existence of this software. A password is just a lock. Have you not seen the videos on youtube showing how easy it is to pick the lock on your front door or your car door? Locks are just to keep the honest people out. And no I am not defending MS Windows, but nothing is foolproof!

  • Michael says:

    I noticed that the free version’s password locked (the zip file). When I enter the password provided on the site, it doesn’t work. I wanted to try booting the floppy image via pxe. If it worked I was going to buy the $16 version. Now I have to buy it just to test it. Sad panda

  • David Evans says:

    I have downloaded the ZIP file from the link abov: http://www.piotrbania.com/all/kon-boot/
    and I cant seem to get it to work do you go all the way through the files and download just the ISO or image file and boot from the CD? its not working?

  • Josh says:

    Thanks for the find! I recently had a customer hand his computer over, and he forgot to write it down for me. Having ways of checking your work without calling him and asking for a password over the phone is something I will never do.

    As for this being a hacking utility and being used for the wrong reason…

    10 Immutable Laws of Security

    Law #1: If a bad guy can persuade you to run his program on your computer, it’s not your computer anymore

    Law #2: If a bad guy can alter the operating system on your computer, it’s not your computer anymore

    *******Law #3: If a bad guy has unrestricted physical access to your computer, it’s not your computer anymore ********

    Law #4: If you allow a bad guy to upload programs to your website, it’s not your website any more

    Law #5: Weak passwords trump strong security

    Law #6: A computer is only as secure as the administrator is trustworthy

    Law #7: Encrypted data is only as secure as the decryption key

    Law #8: An out of date virus scanner is only marginally better than no virus scanner at all

    Law #9: Absolute anonymity isn’t practical, in real life or on the Web

    Law #10: Technology is not a panacea

  • CitizenSmith says:

    I have used this since v0.9 as one of many password support tools for deployed pool laptops ans users who forget password they set on return. It doesn’t play so well with a few bios implementations, sometimes needing several reboots, but there are numerous other tools that get the job done and nobody condems those. eg ERD, Active boot Disk, many Linux flavors. If you follow the MS rule book for forgotten passwords your going to be reinstalling your systems a lot. Or would you rather just use konboot? Theres a whole world of stuff out there that security minded individuals are aware of that jo public hasn’t got a clue about. Remember the tool to edit system security logs in realtime that MS claimed was impossible?
    If this program makes you reconsider pc security and the steps involved in securing your systems like bios passwords and boot order settings then that is a free lesson you have all learned.
    A tool is sometimes just a tool. Guns don’t kill, people do, and ieds out here :(

  • CitizenSmith says:

    One important point to note is that any files protected by EFS are still safe as the EFS decrypt calls the curent user password from memory cache. And if you change the user password with any boottime cd your EFS files are renderd unreadable (until the original password is restored methinks) even MS warn you about this when using the control panel.
    As for password security on networlks id research the newer ‘pass the hash’ implementatoins. just another tool.

  • Html5 Conversion says:

    You have to download the program then put/burn it onto a Blank CD. Then insert the CD (After putting the program on the CD) into the computer you wish to bypass.

  • TomECole says:

    I downloaded the version mentioned in the original Technibble article. It doesn’t work for Win 7 64 bit, so I may have got the older version.

    As a side point, when I tried to use it I still had to enter my password, which I did. Then, not thinking I continued to use my laptop as normal. At the end of the day I put it into hibernation as I usually do, with a couple of documents-in-progress open. When I resumed from hibernation I was told that my memory configuration had changed since the unit went into hibernation and that the data would be lost, which it was.

  • Luis says:

    Another one is Ophcrack, which gives the actual password.