Latest posts by Michael Pietroforte (see all)
- Result of the 4sysops 2016 topic poll - Tue, Apr 5 2016
- New free eBooks for SysAdmins and DevOps – VMware NSX, Windows 10, SQL Server 2016 - Mon, Mar 14 2016
- Introducing the 4sysops IT pro network - Tue, Mar 1 2016
It appears that removing Windows passwords on a machine where you lost the administrator password has become my passion. Kon-Boot is probably the fastest and easiest way to remove a Windows password. All you have to do is insert the Kon-Boot boot CD, and the tool does the rest for you.
Shortly after the CD drive starts spinning, you will see the Kon-Boot welcome screen. At this point, you have to press a key for Kon-Boot to continue. Somehow this destroys the beauty of this tool because it would certainly be even cooler to hack Windows without touching a key.
After you press a key, a second “I-am-so-proud-to-be-hacker-screen” appears. You have to wait here until the ego screen finishes its display, and then Kon-Boot will finally do what it is supposed to do. The last part is very quick and only takes a fraction of the time that the tool needs to display its hello-world screens.
You don’t receive a message that informs you whether the mission has been accomplished.
Kon-Boot just reboots Windows and sets an empty password for all accounts it finds, enabling you to log on to any of the local accounts without a password. Update (see comment below): Kon-Boot changes the contents of the Windows kernel on the fly while booting allowing you to log on without password. Thus the tool doesn’t change the SAM database. If you reboot again without using Kon-Boot you need the old passwords.
I think, this would be the perfect password remove tool for all those desperate computer laymen who want to access their computer as quickly as possible without bothering their heads with terms such as system drive or SAM database.
However, I can’t really recommend this tool. I have tried the tool on a couple of Windows 7 machines and it failed several times. On Windows 7 Ultimate, it simply wasn’t able to remove the password, and crashed a freshly installed Windows 7 Home Premium computer. It worked consistently fine, however, on Vista and Windows XP.
The publisher claims that the recently updated version also supports Windows 7, and reports on the web appear to confirm this. So perhaps all my Windows 7 installations just had something in common that Kon-Boot didn’t like. If you have tried the tool on Windows 7, please let me know in a comment below.
Before you try the tool, you should know that some antivirus vendors identify Kon-Boot as malware. This is probably because its publisher markets Kon-Boot as a hacking tool. It is no wonder that Microsoft’s Security Essentials also classifies the tool as dangerous. It is kind of disrespectful to crack Windows on the fly.
On the other hand, I don’t understand why Microsoft doesn’t put a stop to such tools. It is true that a computer is much easier to crack if you have physical access. However, removing a administrator password appears to me to be too easy. Microsoft certainly could add one or two security levels that would prevent such easy hacks.
I mostly reviewed Kon-Boot to demonstrate how important it is to ensure that computers in your network can’t be hacked within a few seconds by a cleaning lady. Even though tools such as Kon-Boot won’t give an attacker access to domain accounts, it is no big deal to install a Trojan with a keylocker on all your desktops and just wait until users or domain administrators enter more interesting passwords.
In one of my next posts, I will show you what you can do to prevent cleaning lady hacks.
PS: Also check out the options you have to reset a Windows password.