Kon-Boot is an awesome tool that I’ve used extensively with tech jobs that I’ve had in the past (it’s been around since 2009), for clients that couldn’t remember their password :/ or a employee that was fired etc… Most recently Red-Team pentest engagements when I’ve had physical access to a box and needed quick and stealth access. It allows accessing a target computer (Windows/Mac OSX) without knowing the user’s password.
Kon-Boot does not need to remove or modify the user’s password and all changes are reverted back to previous state after system restart unlike other tools that just remove/modify the password and is currently the only solution that I know of that can bypass Windows 10 online passwords.
Their latest versions (since 2.7), lets me run PowerShell scripts on Win8/10 machines, which allows me to automate data exfiltration or add persistent access quickly onto the box. The Sticky Keys escalation feature (spawns a system prompt before logging in by pressing shift key 5 times) allows for quick access to system-level resources without worrying about user’s level access or group policy.
Supported operating systems:
Microsoft Windows systems (both x86 and x64) :
XP, Vista, 7, 8/8.1, 10, Server 2003/2008
Apple OSX / macOS systems:
Apple OSX 10.7-10. 11
Apple macOS Sierra (10.12)
Apple macOS High Sierra (10.13)
Apple macoS Mojave (10.14)
Links:
https://kon-boot.com
http://thelead82.com
https://www.piotrbania.com/all/kon-boot/
Tutorials: https://kon-boot.com/docs/
Twitter: https://twitter.com/thelead82