Super Sweet Kon-Boot Demo in GIFs

Jordan Drysdale, victim //

Kent Ickler, adversary //

In this post, our victim locks their computer and heads out for a coffee refill. The adversary smashes through all system and user defenses.

Out Of Coffee GIF - Find & Share on GIPHY

With the system locked and the user not defending her PC/Laptop/MacBook, the adversary has Kon-Boot 2-in-1 installed on a USB drive, plugs it in and reboots. http://www.piotrbania.com/all/kon-boot/

Animated GIF  - Find & Share on GIPHY

Kon-Boot is as simple as a BIOS boot to a thumb drive. The installer is also dead simple and takes about 30 seconds from scratch to weaponized thumb drive.

The adversary runs through BIOS options and chooses to boot to the thumb drive.

Animated GIF  - Find & Share on GIPHY

Kon-Boot does one of two things for bypassing the password screen. It can be run in bypass mode (note the following one character entry, plus a carriage return). Or, Kon-Boot can be run in ‘New User’ mode and a root or Kon-Boot user will be created and added to local administrators.

Animated GIF  - Find & Share on GIPHY

 

That’s it, the adversary is in, can fetch data, run the Bash Bunny for data exfiltration, Wi-Fi profile recovery or just dump files with standard Windows drag and drop.

Transfers GIF - Find & Share on GIPHY

Finally, the adversary can pull the USB, lock, reboot, do whatever. After the reboot, aside from the missing open programs, files or what-have-you, the user is unaware of any trespass.

Animated GIF  - Find & Share on GIPHY

Kon-Boot is a must have in every Pentester’s Go Kit.