Kon-Boot Updated for macOS Sierra

September 27th, 2016 by admin in Apple, Privilege Escalation


Kon-Boot has updated to support macOS Sierra systems, allowing you to login into the system without knowing the previous passwords/user names. By virtually modifying the EFI bios and then modifying parts of the kernel. The changes are only made in virtual memory and they disappear after reboot. Kon-Boot allows you to either login into selected account without knowing the password (bypass mode) or it will create new “root” account for you (new-account mode) from which you will be able to change other users passwords as needed.

You can purchase the license here:

Or get the 2in1 version which allows you to bypass Windows XP through 10 passwords as well:

As a RepairTechnician or Penetration Tester this product is well worth the money for the time you save.

Kon-Boot 2.5 released with Windows 10 support

October 12th, 2015 by admin in Apple, Privilege Escalation, windows

Kon-Boot is an application which bypasses the authentication process of Windows and Mac based operating systems. This Kon-Boot version works with both 64-bit and 32-bit Microsoft Windows up to version 10 and Mac OSX Mavericks. Works from a Cd, floppy, or USB. Also supports UEFI based systems.

It also includes special feature which gives you a command prompt with system level privileges at the login screen. Easy to use and excellent for tech repairs, data recovery and security audits. They offer personal and professional licences and well worth the cost. Buy your copy today!

Kon-Boot v2.3 released

November 19th, 2013 by admin in Apple, Privilege Escalation, windows

The best password bypass program out there has been updated. A few bug fixes and support for Windows 8.1. A must have for any computer technician. I use the product almost daily @ my shop. Whenever a customer drops off a Windows computer and doesn’t know their wife’s/kid’s/gf’s password, or I’m doing on-site work and Mary the secretary is on her lunch break and I need to update her locked computer, this is my goto program. It’s better than a password reset because along with that you also destroy other saved passwords for internet explorer, google products, etc that all use the CryptProtectData function along with your logon password to encrypt data.

Watch the video to see how easy it is to use.

And best of all is the price: $15 for personal license & $75 for Commercial license. The time it saves is definitely worth it 10x over.
More information can be found ::HERE::

p.s they also have an Apple Mac version too.

Apple iOS 7.2 – Sim Lock Screen Display Bypass Vulnerability

October 15th, 2013 by admin in Apple, Privilege Escalation

A restricted screen bypass via design glitch is detected in the official Apple iOS v7.0.1 for Mobile Devices (iPad|iPhone).
The security vulnerability allows local attackers to bypass the display screen of the restricted sim locked mode.

The bypass vulnerability is located in the iOS v7.0.1/7.0.2 when the `sim locked` mode of an iphone mobile is activated.
Local attackers can redirect the sim locked display to the regular default mode by using a restricted calculator function in
combination with the shutdown and unlock button. As result the local attacker is able to glitch > jump into the regular locked
phone mode with calender + hyperlinks, camera and control center. The regular sim locked display is at the end usable like in
the regular mode without sim locked label in the screen.

The local sim lock screen display bypass vulnerability can be exploited by local attackers with physical device access and without
user interaction. Successful exploitation results in the bypass of the sim lock mode to the regular lock mode. In a earlier test (7.x)
we combined the earlier discovered issues to first unlock the sim display (locked sim card) and bypass the pass code to fully compromise.

Bypass IOS 7 Logon Screen

September 20th, 2013 by admin in Apple, cracking

Here’s how it works:

  • Swipe up on the locked phone to get to the control panel
  • Open the stopwatch app
  • Go over to alarm clock
  • Hold the power button until you get the “Power down” prompt
  • Hit the cancel button and immediately hit the home button twice, holding it down just a little longer on the second press. Like, buh-baah. It takes a try or two to get the hang of.

Then you’re in the target’s multitasking menu. If you go to the camera app, you’ll have unrestricted access to the Photo Stream, and can share the pictures from there with email, Twitter, and more.

someone else figured out another work-around here.

iOS 6.1 Lockscreen Bypass

February 14th, 2013 by admin in Apple, News, Privilege Escalation

The flaw is relatively easy to exploit and this lets you bypass the security code and use the full Phone app. From there you have access to the address book, and the pictures app by trying to change a contacts picture.

Apple promised to fix the iOS 6.1 iOS Exchange bug in a forthcoming software update so perhaps they’ll fix this annoying glitch as well.

Steps to follow:
First part:
-Go to emergency call, push down the power button and tap cancel.
-Dial 112 and tap green and inmediately red.
-Go to lock screen.
Ok…ready for second part:
-Go to passcode screen.
-Keep pushing down the power button …1…2…3…seconds and before showing the slider “turn off”…tap the emergency call button and …voilá!
-Then without releasing the power button press the home button and ready…

Retrieve plain-text OSX keychain passwords from root

September 8th, 2012 by admin in Apple, Privilege Escalation

In OS X, your keychain contains your saved passwords. This includes all your email accounts in Mail, passwords stored in Safari, and credentials for accessing known Wi-Fi networks. Because it contains valuable secrets, the keychain is encrypted. It can only be opened with your login password.

But there’s a twist. When you log in to OS X, the operating system automatically unlocks your keychain for your convenience. This means that you don’t have to enter your login password every time you want to use your stored passwords.

Proof of concept code here:

Kon-Boot for Mac

September 3rd, 2012 by admin in Apple, Privilege Escalation

Kon-Boot fo Apple Mac OSX systems allows the user to login into the system without knowing the previous passwords and user names. Kon-Boot will create a new “root” account (user:kon-boot pass: kon-boot)


Kon-Boot 2.1 is out

September 3rd, 2012 by admin in Apple, Privilege Escalation, windows

What’s new in version V2.1?
– Windows 8 support (only standard BIOS, no EFI support)
– Sticky keys feature (allows user to spawn a console window with system admin rights before the user is logged in)


iPhone iOS 4.3.5 vulnerability

December 12th, 2011 by admin in Apple, News, Privilege Escalation

iPhone iOS 4.3.5 vulnerability (pin/password bypass to make calls) from Sigtrap.

  1. Turn on the phone.
  2. Slide to unlock.
  3. Press Emergency Call.
  4. Enter a very long phone number.
  5. Press and hold down the Power button.
  6. Wait for one second.
  7. Press the Call button.
  8. The phone will show the “Slide to power off” screen.
  9. Release the Power button.
  10. Press Cancel.
  11. Double press the Home button.
  12. Press the Phone icon.
  13. Make calls.
Next Article »