Jump to content











Photo
- - - - -

Konboot on multiboot GRUB doesnt work?

konboot grub

  • Please log in to reply
8 replies to this topic

#1 setiari

setiari
  • Members
  • 3 posts
  •  
    Ireland

Posted 18 February 2016 - 02:40 PM

Dear Friends,

so i have been tasked by my company to hack into this employee computer who might possibly store sensitive data.

then i learned about KonBoot. i did the USB installation as instructed. put it into the usb port and turn on the laptop. 

on booting option, i selected the USB, and there seems to be very quick process that the konboot is working. and it bring me another multiboot option (by GRUB GNU). There is an option of ubuntu and windows 7, so i selected the windows 7 and it goes to windows logo screen and finally the login screen with the username on it. But then i still can't login by either leaving the password blank or typing random in it.

 

did i miss anything? :

 

please help.

 

thanks!

 

 



#2 steve6375

steve6375

    Platinum Member

  • Developer
  • 6629 posts
  • Location:UK
  • Interests:computers, programming (masm,vb6,C,vbs), photography,TV,films,guitars
  •  
    United Kingdom

Posted 18 February 2016 - 03:52 PM

Assuming you are using KonBoot 2.x, I would guess that the problem is caused by booting to grub first.

Is the Windows 7 MBR booting or UEFI booting?

I would suggest contacting the company that supports it because they offer full support.

The alternative would be to remove the grub bootloader and re-install a standard bootmgr bootloader using the bootsect utility.



#3 setiari

setiari
  • Members
  • 3 posts
  •  
    Ireland

Posted 18 February 2016 - 11:20 PM

Hi Steve,

 

thank you for your reply!

i thought so that the kon-boot process is interrupted because the PC load multiboot grub option.

it didn't somehow get through into the windows 7.

so now the question is, how do i add kon-boot to one of boot option in that grub, or should i maybe edit the windows 7 boot commands? and add konboot into the commands?

 

sorry i'm really clueless about this, and i think the PC owner whose PC i tried to get in is a lot smarter than me on this haha

 

thanks!



#4 steve6375

steve6375

    Platinum Member

  • Developer
  • 6629 posts
  • Location:UK
  • Interests:computers, programming (masm,vb6,C,vbs), photography,TV,films,guitars
  •  
    United Kingdom

Posted 18 February 2016 - 11:54 PM

I think if you add KonBoot to the grub2 menu, then KonBoot will reboot from the hard disk again and load the grub2 menu again.

As I said, either re-install a bootmgr boot sector or ask KonBoot.

 

You can boot from a WinPE USB drive to run bootsect - you will probably need the /nt60 /MBR /ALL switches.

You will lose the Ubuntu boot and it may give you an unbootable system though!

 

Maybe an alternative solution would be easier - e.g. passpass?



#5 Wonko the Sane

Wonko the Sane

    The Finder

  • Advanced user
  • 13749 posts
  • Location:The Outside of the Asylum (gate is closed)
  •  
    Italy

Posted 19 February 2016 - 08:35 AM

Yep, in this case passpass might be more suited, it is here, just in case:

http://reboot.pro/to...18598-passpass/

and if you already use one of Steve's tools:

http://www.easy2boot...ted-for-win8-1/

 

AFAICR Konboot patches the files in memory while loading Windows (i.e. the patch is "volatile"), and possibly the installed GRUB interferes with the procedure, whilst PassPass patches the actual file (and then can revert the patch) so that it "unlocks" the install "permanently". 

 

:duff:

Wonko



#6 Rootman

Rootman

    Frequent Member

  • Advanced user
  • 243 posts
  • Location:USA

Posted 19 February 2016 - 02:48 PM

I didn't realize there was an update to KonBoot so I just picked it up. 

 

I created a UEFI compatible USB drive with KonBoot install program.  Then I used Steve's MPIToolPack's MakePartImage link and pointed to this USB drive.  I answered the prompts taking the defaults and had an .imPTN ready to throw on my Easy2Boot USB stick. I tried it out on a CSM bootabler system and it works like a charm.  I don't happen to have a EFI bootable system handy just now but I am sure it would work for it too.

 

The only "issue" I had using it on my home laptop is that the bootable SATA drive is an MSATA stick and KonBoot would not find it as the bootable media since it is not the first SATA drive. I had to go into the computers BIOS and shut off the other SATA disk from being available to force the MSATA drive to appear as the lone drive.  It worked after that.  It's an unusual situation but bound to turn up once in a while.



#7 setiari

setiari
  • Members
  • 3 posts
  •  
    Ireland

Posted 19 February 2016 - 02:59 PM

so my email to Konboot support had them replied this

 

"you are tying to use kon-boot on a computer that has multiple

operating systems installed and changed default boot loader (GRUB)
this configuration is not supported"

 

:|

 

i need to get into this PC without leaving a trace, as we are currently accusing him to store inappropriate data that might endanger someone's... internet live. so if in case its proven otherwise, we don't want him to know that we once accuse him of something.

 

for that reason i can't modify the booth loader or install new boot manager..

 

any suggestion?

 

i'll also try passpass!



#8 steve6375

steve6375

    Platinum Member

  • Developer
  • 6629 posts
  • Location:UK
  • Interests:computers, programming (masm,vb6,C,vbs), photography,TV,films,guitars
  •  
    United Kingdom

Posted 19 February 2016 - 03:10 PM

PassPass will leave traces. Because it modifies the DLL. But also, you are not logging in properly. What I found was that when you log in to a normal user account, when you use a browser on that account, it prompts you for site passwords, etc.. So he will know that something is 'odd' with his system.

 

P.S. I think what you have been asked to do is illegal!



#9 Wonko the Sane

Wonko the Sane

    The Finder

  • Advanced user
  • 13749 posts
  • Location:The Outside of the Asylum (gate is closed)
  •  
    Italy

Posted 19 February 2016 - 04:10 PM

Allow me - as often happens - to be picky.

 

Strictly speaking PassPass will NOT "leave traces".

A single file is hex edited and after use it can (and PassPass has a provision for this) be restored "as it was before".

The mere act of accessing a system, no matter if "normally" (i.e. providing the user credentials) or "working around it" through the use of Konboot, PassPass or *any* other technique WILL "leave traces".

 

Whether these traces will be noticeable by a "common user", only by an "advanced user" or only by a "very advanced user" is - among other things - more a matter of linguistics and classification than anything else.

 

It goes without saying that accessing someone else's system without authorization is a CRIME in most countries, so - if you are really going to do that - you will better have the "right" paperwork authorizing you to do that.

 

I would venture to say that the mere fact that you (or "your company") even THOUGHT of accessing a PC "without leaving traces" and that you thought about using Konboot to do that shows that besides lack of experience on the specific tool there is a TOTAL lack of experience on any kind of forensic procedure, which is preoccupying. :ph34r:

 

Given the possibility that the whole stuff is illegal I won't provide more technicalities on the matter, but consider (and please let "your company" know) the following:

1) traces of the access will be left that CAN be found at a later examination

2) IF the suspect is actually "guilty" of something, he/she will EASILY be able to claim  that whatever evidence is found has been "planted" on the PC at the time of the unauthorized access and in *any* following legal proceeding VERY LIKELY he/she will succeed

 

:duff:

Wonko 







Also tagged with one or more of these keywords: konboot, grub

0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users