Kon-Boot Free Download & Usage Guide on Windows
One of the most obvious and easiest ways to add another layer of protection to your computer is protecting your account with a password. It’s easy enough to do and you can either supply a new password during install, on first run of your new computer or later on through User Accounts in Control Panel. Although not quite as important on a single user machine, passwords are essential when multiple users have access to the same computer or when trying to lock down your child’s user account with parental controls etc.
One of the most common and also frustrating problems you’ll encounter when attempting to troubleshoot or repair a computer, is either the user has forgotten or doesn’t know the logon password or they’re not available to give you that important piece of information. Knowledgeable users will know this actually isn’t as big a problem as it seems and there are various ways to get around a Windows logon password without knowing what it is.
For example, if no-one knows or remembers it, the password can be removed from the user account and reset by using a utility from a boot CD. If you want to find out what the password is without resetting it first, you can try to crack it with a tool such as Ophcrack. A few years back we also wrote about a program called DreamPack PL where you can hack into a Windows XP computer without changing the password. Each method has its plus and minus points, but there’s also another way to login to a computer where you don’t actually make any permanent changes to the computer or need to reset/remove the password at all.
Kon-Boot is one of the best tools around which can log you into Windows without knowing the password. It works by hooking into the system BIOS and temporarily changing the contents of the Windows kernel while booting. It then allows you to enter anything as the password during login. The next time you start the computer without Kon-Boot, the original password will be back, the temporary changes will be discarded and the system will behave as if nothing has happened.
Kon-Boot has been around a while and updates have brought new features such as privilege escalation and the sticky keys workaround while adding compatibility for more recent operating systems such as Windows 8, 64-bit architecture and UEFI support. The program is split into 2 distinct versions; Kon-Boot free version 1.1 and the paid version (currently 2.2) which has newer features.Kon-Boot Free Version
Because the last free version of Kon-Boot is 1.1, it lacks some features found in subsequent versions and is a bit limited regarding which Windows operating systems it can work with. For instance, it does not work with any type of 64-bit Windows and is also not compatible with any versions of Windows 8. There is some good news however, the website lists Windows 7 as not compatible either, but we’ve tested extensively and used Kon-Boot on several occasions without issue in any 32-bit version of Windows 7. XP, Vista and Server 2003/2008 are officially supported.
Using Kon-Boot free is easy and you just burn the downloaded ISO file to CD. There is also the possibility to write the image onto a USB flash drive although you don’t use the ISO file to do it. We have covered this procedure in our “Create a Kon-Boot USB Flash Drive” article. Alternatively, if you want a bit more value out of your CD/USB, Kon-Boot is available on the main menu in more recent versions of our favorite bootable repair disc Hiren’s Boot CD.
After you Download Kon-Boot Free and write it onto CD or USB, simply boot your computer to that device (you will need to set the boot device in the BIOS) and a white screen will popup. Press any key and a black screen will popup showing the process of hooking BIOS functions (the version number 1.0 appears to be an oversight by the developer). After a few more seconds the computer will start to boot normally.
Now when the Logon to Windows screen appears, simply type anything in the password box or leave the password field blank and you’re in! It really is that easy and you simply remove the USB drive or disc so on next reboot Kon-Boot won’t bypass the password again. It is known that not every computer’s BIOS will allow Kon-Boot to work but the majority will be fine if the operating system is compatible.
Kon-Boot Commercial Version
As the free version of Kon-Boot slowly becomes less useful over time because users are moving to 64-bit operating systems or Windows 8, looking at the commercial version is something that begins to make more sense. Currently a personal license for your own use is $15 and for businesses or budding technicians, a commercial license is required at $75. Kon-Boot is now also available for Mac OS X (same price as the Windows version) which allows you to bypass the password or create a new root account to change other user’s passwords.
Besides the 64-bit support and compatibility with Windows 8 (when tested, Windows 8.1 did not work with Kon-Boot 2.2), the commercial version also has better support for systems with a UEFI BIOS when you run Kon-Boot from USB flash drive. If you have a UEFI BIOS, make sure the “Secure Boot” option inside the BIOS is turned off. Kon-Boot is known to not work on domain controllers and it also can’t get past hard drive encryption. In the full Kon-Boot package is a simple installer frontend which gives the options of writing the program to CD or USB (with UEFI support). The ImgBurn burning software is required to burn the ISO file to disc.
Bypassing a password is done the same way as the free version, boot with Kon-Boot and type anything for the password. Kon-Boot paid is also capable of performing privilege escalation which allows you to perform administrative tasks as a non administrative user or Guest. For example, you can boot up the computer with Kon-Boot, log in as a Guest and add a new user or even reset the administrator password! Here’s how it works:
1. Boot the computer with Kon-Boot and select to login as a Guest user or with your standard user account.
2. Open a Command Prompt (Win key+R -> cmd) and type these commands in turn:
copy c:\windows\system32\cmd.exe cmk.exe
cmk
whoami
If the whoami command result is “nt authority\system”, then you have elevated privileges and can run commands such as “net user”:
net user {admin} newpassword – resets the named admins password
net user /add {user} {password} – creates a new user with optional password
Another paid version feature is “Sticky keys” which is a type of escalation somewhat similar to the privilege escalation above, but this one allows you to open a Command Prompt with System administrator privileges before any users have logged on. The console window will show on the user selection or password entry screen and will allow you to execute similar commands to the desktop privilege escalation function.
To bring up the Command Prompt, all you have to do is boot your computer using Kon-Boot and when you reach user selection or password entry, simply tap the Shift key 5 times in quick succession. The new console window has “Administrator” in the title bar and a path of “C:\Windows\System32” which tells you this is an elevated command prompt. Do note that the Sticky Keys function needs to be enabled in Windows, and it should be on by default unless you have turned it off manually. Sticky Keys escalation also works in Windows XP but privilege escalation does not.
Although the free version of Kon-Boot is losing it’s effectiveness as time progresses and users move away from 32-bit Windows, it’s still a useful tool to have around while XP, and Vista/7 32-bit is still frequently used. It’s a shame Kon-Boot free will probably not receive any more major updates to make it more compatible with newer operating systems, but all good things come to an end eventually.
For pretty much the ultimate in Windows password bypassing that works on 32-bit, 64-bit and UEFI equipped computers, and does so quickly and easily without changing files, cracking or removing current passwords, the paid version of Kon-Boot is well worth looking at.
Why is it showing on the lower left-hand corner konboot icon but login icon along with the login of the owner of the laptop how do I remove that
So basically, if my BIOS is set to only boot on my SSD and not on any removable devices, and I protect the bios with a password so that that setting cannot be changed without the password (or removing the cmos battery, but then you have to open the computer and well… that’s not very stealthy…), wouldn’t that be an “efficient” protection against boot kits ?
What has Kon-Boot or the Windows password got to do with boot kits?
Hey raymond, My friends are trying to mess around with my laptop and installed kon-boot on my laptop, is there any way to remove it ?, and can one use to remotely access my laptop without my knowledge?… Also how to stop it from booting on my Windows 10 laptop in the future?.
Kon-Boot doesn’t install itself into Windows but it is a boot disc you run from CD/USB while the system is starting. The executable is simply a frontend to allow you to create the media.
I don’t think anyone will be able to remote access your computer with Kon-Boot as it doesn’t remove the password, just bypass it. People will still need to know your password for remote access.
The only way you can stop people using Kon-Boot on your computer is to stop them from accessing it. Hide your battery and charger if you have to!
what if in the computer is a security programm which are blocking the konboot?
That’s doubtful as Kon Boot is loaded and working before Windows even starts.
hi raymon . when iam log on windows it cannot be loaded. i know the password i type the password and press enter but it cannot be loaded at the time on the screen showing that ”the used profile service failed to log on user cannot be loaded” why does it happens
Sounds like your user profile is corrupt, there are plenty of possible solutions if you Google the error.
PCUnlocker is another nice tool that can also bypass Windows authentication process, just like Kon-Boot. It’s worth a try!
I bought the personal version have tried for an hour and a half still won’t work
What is the problem, do you see the Kon Boot screen at all, it won’t bypass the password?
Try speaking to their support, after all, that’s part of what you are paying for…
Hi Raymond. I cannot find a good link to download a free version of kon-boot. Would you mind giving me the link for download? Thanks.
The link is on the Kon-Boot main page but isn’t easy to spot, go directly to it here:
piotrbania.com/all/kon-boot/index2.html#free
Sadly for me i paid for it this morning and followed the install instructions which was pretty straightforward, but when i try and boot from usb all i get is NTLDR is missing. Waiting to hear back from support…..
Read here:
https://www.raymond.cc/blog/latest-hirens-bootcd-v83-the-king-of-all-boot-cds/
Fix “NTLDR is missing”
..I see now it says “for Windows Xp” though.
I downloaded KON-BOOT CD-konboot-v1.1-2in1.iso and went into BIOS selected kon-boot driver, no white screen pops up just a black screen and cannot push any buttons for it to run but can return to BIOS. Help!?
Can anyone provide me link for Bypassing Windows 8.1 Login Screen?
I don’t know of a program to do that currently, maybe Kon-Boot will be updated in the near future??
i have the commercial version and tried it on my laptop with win 7 64-bit it worked just great but on my other laptop with win 8.1 64-bit it did not.
Yeah, we mention in the article 2.2 doesn’t work on Windows 8.1, hopefully they’ll come up with a new version for it soon.
I used KON-BOOT CD-konboot-v1.1-2in1.iso and boot up my pc. It is really working, Thanks guys.
this is a great piece of program, thanks ray
wow, that’s great
You are really awesome…. all of your articles are so enlightening…
Works perfectly on XP.
The tool worked awesome! I heard about it on the “Hak.5” podcast.
Another great source for some really awesome hacks. Good find Ray.
:-)
~Geo
worked like a charm on 1 pc. on the other – failed because of some previous system problems of missing system dll.
YES! i’ve been looking for something good, i often work on computers, a lot of the times ones people forget their passwords too :-/
Hey Ray,
First of all thanks for such an informative blog! I have used this Kon-boot to login to a laptop (admin is password protected) which uses Vista, it did log me in like u mentioned.
Thanks.
First, I’d like to say that I really appreciate your site, Raymond. I have been reading if for a while now, and thought that I had registered until I tried to log in a few minutes ago, I was surprised to find that I hadn’t already.
Nice stuff,JAI Hooo Raymond..!!
thank
Hi, Raymond
As a computer technician I’m really impressed with your blog.
Greetings from Chile
Great Tools! been use PcLoginNow for logging into window without knowing the password, will try this software out later =]
Wow!! this tool works great! Thanks Raymond!
Thanks Ray for this nice piece of software which works perfectly !
Thanks! Excellent find! :)
I had been looking for something like this from ages!
raymond I love you :)
thanks a lot Ray.
Note that for domain user profiles, you must unplug the network cable for logon to work. After you logon you can plug the network cable back in.
Also note that network drives on a domain will not work because the passwords are not in synch.
thanks ray! :) nice find and great soft
This is really good, Raymond.
I hope Kon-Boot will be of help in the future.
Not one of the several workarounds you have discussed in the past worked in my PC when I needed it.
I’m gonna burn and keep this and test it when I can find the time — before the next accident or stupid mistake happens.
Best regards, I don’t know how to thank you.
Thanks ray for the great info!!
nice.you are the best.(tine-o tot asa)
Hilarious how the software name is actually based on a character named Kon from the anime “Bleach”, one of the best animes out there (in my opinion).
Also, nice find Ray ;)
Grtz
raymond, thank you very much!!! you are genius!!!!
thanks
this is much easier than dreampack pl method
Yap very useful and apparently it works on windows 7 as it is claimed. For night shifting is a great tool. Than you Raymond and many thanks to the author. Genius you are.
super tool ray..
Nice tips, recently a few of my friend is asking for solution to log in their admin acc …. I lol when I saw Kon-Boot from Bleach on the main page, guess thats another anime freak like me.
Thanks for the info. YOU ARE THE BEST!!!
Thanks again for this one.
Great tip, great tool, thanks mate!
as always.thanks again ray for this useful info….
I stumbled upon this a while ago! Awesome tool!
yep… this is going to be one of my favorite… thanks raymond
Thanks a lot raymond, you are the best in finding very useful programs and the best in sharing them :)
Knew about this tools 2, 3 days ago.. :) Great tool.. :)
Unique tip!!!!!!!!!!!!!!!!
This is why: You are the best
cool !!!
Hey it very useful for me ? Thank you very much for it.
thank you raymond so much. I really needed to know this because i forgot the password and i had to format my pc before. Thanks Again!!
thanks