Kon-Boot "root a box" on the fly v1.1 in the wild

Kon-Boot is an prototype piece of software which allows to change contents of a Linux kernel (and now Windows kernel also!!!) on the fly (while booting). In the current compilation state it allows to log into a linux system as ’root’ user without typing the correct password or to elevate privileges from current user to root.

Our first article on kon-boot

For Windows systems it allows to enter any password protected profile without any knowledge of the password. It was acctually started as silly project of mine, which was born from my never-ending memory problems :) Secondly it was mainly created for Ubuntu, later i have made few add-ons to cover some other linux distributions. Finally, please consider this is my first linux project so far :) Entire Kon-Boot was written in pure x86 assembly, using old grandpa-geezer TASM 4.0.

Features

  • Disk access filtering (IVT)
  • System Address Map fixing for buggy BIOSES (’SMAP’ entries)
  • Multiple kernel signatures + no hardcoded kernel address
  • Deprotecting memory regions
  • Syscalls filtering
  • Finding kmalloc()

Boxes and kernel tested (with grub 0.97)

  • Gentoo 2.6.24-gentoo-r5
  • Ubuntu 2.6.24.3-debug
  • Debian 2.6.18-6-6861
  • Fedora 2.6.25.9-76.fc9.i686
  • Windows Server 2008 Standard SP2 (v.275)
  • Windows Vista Business SP0
  • Windows Vista Ultimate SP1
  • Windows Vista Ultimate SP0
  • Windows Server 2003 Enterprise
  • Windows XP
  • Windows XP SP1
  • Windows XP SP2
  • Windows XP SP3
  • Windows 7

Thanks to Johan B. (we won’t give his nick. But Johan is one of the best french reverse engineer.)

Post scriptum

Compliance Mandates


Comments

Related Articles

Kon-Boot
LiveCD
Penetration testing & Ethical Hacking