We have decided to finally retire our decade+ BIOS password recovery service and allow you retrieve your code for free! That’s right, as long as your computer model/code is supported, you can instantly recover your BIOS Master Password. Click the link on the top of the blog or here: BIOS Password Recovery Service. Feel to donate with the Paypal button on the ride side of the blog if we helped saved the day and you wanna buy us a beer.

Thursday, May 6 is World Password Day, a day dedicated to promoting safer password practices. 

What’s up everyone , back with a post for the new year after some time quarantining. The awesome team behind Kon-Boot have released a new version , we actually missed the 3.6 release, but have no fear this new version updates are:

• Official support for macOS Big Sur 10.16
• Updates for Windows 10
• Loader updates

And if you hadnt seen our last post, this new version coming off the heels of 3.5, which had some awesome updates, one of which gave the ability to bypass secureboot on Windows machines (commercial version) without the need for accessing the BIOS/UEFI which would be a pain if the settings were locked with a password etc.

It has been a useful tool for me since I was a tech/sysadmin being able to bypass the login when client gave wrong login passwords, all the way up to my uses on Penetration/Red Team engagements that came in super handy when needing to gain access after physical security was bypassed. It’s worth its weight in gold in the time and effort it saves.

Snag a copy from: https://kon-boot.com

• Kon-Boot bypasses passwords without actual permanent modifications (unless you want them)*
• Kon-Boot works with both Windows and macOS systems*
• Kon-Boot is the first and only world known solution to bypass Windows 10 online passwords*
• Kon-Boot is on the market since 2008 and is tried and true

* depending on license

Video tutorial for Windows:
        https://www.youtube.com/watch?v=TkW93PcvSj8

Video tutorial for Mac OS X:
        https://www.youtube.com/watch?v=3suNXtDarCo

You can find full documentation, tutorials, FAQ, contact information here:
        https://kon-boot.com/docs/faq/#tutorial-101-basic-howto
        https://kon-boot.com/docs/

Kon-Boot version 3.5 was recently released in early June, with it comes some upgrades for the Windows version, including a new Secure Boot bypass!

• Secure Boot bypass added (commercial licenses only, PCs (excluding Apple computers))
• Multiple installer updates and fixes
• Added support for large USB pendrives (no longer need to meet the 16GB pendrive capacity requirement)
• Various optimizations

Kon-Boot (aka kon boot, konboot) is a tool that allows accessing target computer without knowing the user’s password. Unlike other solutions Kon-Boot modifies the kernel on the fly and does not reset or modify user’s password and all changes are reverted back to previous state after system restarts. Works on Mac and all current Windows versions, including Window 10 online passwords. We’ve used successfully it in IT and penetration testing engagements for over 10 years now.

Snag a copy from: https://kon-boot.com

According to SplashData’s The Top 50 Worst Passwords of 2019, tons of people still use “123456” as a password. It ranked second place in 2011 and 2012 and has been number one every year right through 2019. Below is a side by side comparison of the top 25 passwords from 2018 and 2019.

Unix ninja has a great thorough article about password strengths and standards and why your password probably sucks. Check it out at: https://www.unix-ninja.com/p/your_xkcd_passwords_are_pwned

Kon-Boot is a tool that allows accessing target computer without knowing the user’s password. Unlike other solutions Kon-Boot does not reset or modify user’s password and all changes are reverted back to previous state after system restart. It has been on the market since 2009 and the free version was downloaded more than 5,000,000 times.

Kon-Boot is currently the only solution worldwide we are aware of that can bypass Windows 10 online passwords! and works with both Microsoft Windows and Apple OSX macOS operating systems. Kon-Boot has been successfully used by military personnel, law enforcement, IT corporations and professionals, forensics experts, private customers.

The latest versions allow you to run PowerShell scripts on Win8/10 machines with UEFI, allowing to automate information gathering quickly for forensic teams. Along with the Sticky Keys escalation feature, which allows user to spawn a console window with system rights before the user is logged in by pressing shift key 5 times, allows for quick access to system resources without worrying about user level access.

Supported operating systems:

Microsoft Windows systems:
   Microsoft Windows XP (from SP2)
   Microsoft Windows Vista Home Basic 32Bit/64Bit
   Microsoft Windows Vista Home Premium 32Bit/64Bit
   Microsoft Windows Vista Business 32Bit/64Bit
   Microsoft Windows Vista Enterprise 32Bit/64Bi
   Microsoft Windows Server 2003 Standard 32Bit/64Bit
   Microsoft Windows Server 2003 Datacenter 32Bit/64Bit
   Microsoft Windows Server 2003 Enterprise 32Bit/64Bit
   Microsoft Windows Server 2003 Web Edition 32Bit/64Bit
   Microsoft Windows Server 2008 Standard 32Bit/64Bit
   Microsoft Windows Server 2008 Datacenter 32Bit/64Bit
   Microsoft Windows Server 2008 Enterprise 32Bit/64Bit
   Microsoft Windows 7 Home Premium 32Bit/64Bit
   Microsoft Windows 7 Professional 32Bit/64Bit
   Microsoft Windows 7 Ultimate 32Bit/64Bit
   Microsoft Windows 8 and 8.1 all versions (32Bit/64Bit)
   Microsoft Windows 10 all versions (32Bit/64Bit)

Apple OSX / macOS systems:
   Apple OSX 10.7
   Apple OSX 10.8
   Apple OSX 10.9
   Apple OSX 10.10
   Apple OSX 10. 11
   Apple macOS Sierra (10.12)
   Apple macOS High Sierra (10.13)
   Apple macoS Mojave (10.14)

Links:
– https://kon-boot.com
– http://thelead82.com
– https://www.piotrbania.com/all/kon-boot/

Tutorials: https://kon-boot.com/docs/
Twitter: https://twitter.com/thelead82

Sorry your old password isn’t strong enough to change.

source:@PWTooStrong

DPAPIck is a forensic tool to deal, in an offline way, with Microsoft Windows® protected data, using the DPAPI (Data Protection API). The tool was updated to support Windows versions all the way to 8.1.

list of recoverable secrets are :

• EFS certificates
• MSN Messenger credentials
• Internet Explorer form passwords
• Outlook passwords
• Google Talk credentials
• Google Chrome form passwords
• Wireless network keys (WEP key and WPA-PMK)
• Skype credentials

Src: dpapick.com

Chainbreaker can extract encrypted user credentials in OS X Keychain and decrypt it using one of the Master Key, user password and SystemKey. More detailed information on this ::here::

src: http://forensic.n0fate.com/?page_id=1180