Bypass user passwords on Windows 8

Discussion in 'Windows 8' started by Peter Kleissner, Feb 14, 2012.

  1. Peter Kleissner

    Peter Kleissner MDL Novice

    Feb 3, 2012
    43
    267
    0
    #1 Peter Kleissner, Feb 14, 2012
    Last edited: Jan 23, 2013

    Attached Files:

  2. buendia

    buendia MDL Novice

    Jul 28, 2009
    34
    2
    0
    Please, try to make it work on Windows x64 if possible.
     
  3. elhassan

    elhassan MDL Member

    Dec 9, 2011
    117
    39
    10
    great but i hpe u can make one for windows X68 as 32 bit...
     
  4. DJ Overdose

    DJ Overdose MDL Novice

    Aug 17, 2011
    6
    1
    0
    Antivirus doesn't like that site one bit mate...

    Trendmicro or ESET.


    DJ OD
     
  5. venu

    venu MDL Addicted

    Oct 16, 2009
    894
    99
    30
    I Easybcd'd the iso to a pen drive, then booted from it. It launches, then hangs after copyright 2012 Peter Kleissner with a blinking cursor at the end of the line. This happens on multiple machines.

    I also downloaded Peter's Infector.exe and ran it, says "written successfully". When I reboot and try to login with a random incorrect password, I cant.

    What all am I doing wrong?
     
  6. Peter Kleissner

    Peter Kleissner MDL Novice

    Feb 3, 2012
    43
    267
    0
    Guys come one, I have pasted the download link in the first post, you have to copy the entire line up to the "Stoned Lite.iso". I have less than 20 posts, so I can't post links directly. I never said anything to go to my website and download some infector or w/e. Just the iso.

    @DJ Overdose: So who cares, I was working for an AV company myself.

    @venu: You cannot put the iso on a USB stick. This is because it was technically programmed to expect to be loaded 5 KB at 7E00h from CD sector 30. If you try to put the iso on a USB drive everything will go wrong, because sectors there are 512 bytes of size (and on CD 2048). Additionally, the BIOS only loads 512 bytes from the USB drive - therefore not the full program (5 KB). This is why you will see a hang (because the rest of the program is missing).

    For a USB drive version I'd have to recompile it.
     
  7. Tito

    Tito Super Mod / Adviser
    Staff Member

    Nov 30, 2009
    17,636
    15,551
    340
    Stop hovering to collapse... Click to collapse... Hover to expand... Click to expand...
  8. DJ Overdose

    DJ Overdose MDL Novice

    Aug 17, 2011
    6
    1
    0
    You should care... If you want people to try your programs, maybe upload them somewhere people can download them safely. Not everyone on here is that tech savvy to sandbox it or download into a test enviroment with no A/V. Messages popping up on people screens saying virus will put people of trying your work. Just saying, no skin of my nose so to speak.

    Might be a nice idea to do that, CD's are so 90's ;-)


    DJ OD
     
  9. Peter Kleissner

    Peter Kleissner MDL Novice

    Feb 3, 2012
    43
    267
    0
    @DJ Overdose: My website/dl location are SAFE. There are no virus hosted, there were never. If any AV or says anything different then they are simple crap. Some AVs have bad heuristics. The iso itself is also 100% safe. It does everything ONLY in memory (does NOT touch the hard disk), so in the worst case you remove the CD from the drive and reboot.

    > popping up on people screens saying virus

    Well, some AVs detect the Stoned Bootkit. This is more a proactive thing. I myself submitted the files to AV companies. That does not mean that my files are evil themselves, just to prevent malware authors from abusing the bootkit for malware. Welcome to the research world, DJ Overdose.

    > If you want people to try your programs

    My audience [here] are technical people (programmers, admins...) who know how to value AV messages.

    Who do you think I am, a criminal?! ;)
     
  10. DJ Overdose

    DJ Overdose MDL Novice

    Aug 17, 2011
    6
    1
    0
    FWIW, I trust no one.

    I was merely pointing out the fact that two, widely respected anti-virus and internet security programs, did not like your website. IIRC, some icon triggered it.

    That and the fact that it would stop ppl trusting you and your files.

    I understand completely what you are saying, but others (your audience) will not.

    I don't think you are a criminal.

    Maybe you should have pointed out with your download links, both for this and the patcher, that some may find the A/V software will block the files and not to worry too much.

    Just trying to help you get more useful feedback and help others that maybe freaking out about the A/V going off.


    DJ OD
     
  11. venu

    venu MDL Addicted

    Oct 16, 2009
    894
    99
    30
    Peter, can you please please recompile it for usb sticks? It would be great cos then it could get onto my handy usb toolkit. Of course, if its like a tonne of work, then forget it.
     
  12. Articuno

    Articuno MDL Novice

    Jul 7, 2011
    1
    0
    0
    This is a program that bypasses passwords. It IS malware in every sense of the term. How can someone intentionally download malware and then complain about their malware protection program telling them about it?
     
  13. nodnar

    nodnar MDL Addicted

    Oct 15, 2011
    969
    659
    30
    sorry, articuno, but i disagree..
    this could be promising..
    but it is one hell of a lot of work to
    get the scanners to let it pass,
    look at josh cell`s posts about that..
    regards, nodnar

     
    Stop hovering to collapse... Click to collapse... Hover to expand... Click to expand...
  14. preacherzson

    preacherzson MDL Novice

    May 16, 2010
    16
    0
    0
    #14 preacherzson, Feb 29, 2012
    Last edited: Feb 29, 2012
    forgive me if I'm a (a lot) little slow. I installed Windows 8 pre-beta 64 bit on the 2nd HDD in my laptop back in October? November? (beta fish load screen, build 8102?) used it for a week or so, then stopped using it, and forgot my password. I'd like to get back into the drive and pull all the information off before I reformat it and reinstall this latest version. Am I correct in understanding that running your program will get me past my password or am I out of luck bc I loaded 64 bit?

    I also have a secondary question: Would I be able to use the System Rescue CD method from How-to-Geeks/ recently showcased on Lifehacker to eliminate the password? I've done it for Win7, but I presume the pathways would be different and I don't know enough about Win8 to figure out how to modify the commands. Any thoughts?
     
  15. Peter Kleissner

    Peter Kleissner MDL Novice

    Feb 3, 2012
    43
    267
    0
    @preacherzson: If you can wait a couple of days, I'll release a version working with 64-bit. At the second I am writing, I am testing my 64-bit code in bochs with the builds 8102 and 8250 :)
     
  16. nodnar

    nodnar MDL Addicted

    Oct 15, 2011
    969
    659
    30
    @peter kleissner,

    i appreciate your efforts, and i think
    you are far to smart to try and start
    a [r] ootkit here..

    which got me wondering what all these
    2009 discussions taught you..

    do you really think your software
    can bypass passwords without people
    panicking because of their scanners
    screaming `rootkit`i wonder?

    because when that happens, you will
    not anywhere..

    just my 2 cents..[pfennigs, groschen]

    regards, nodnar.
     
    Stop hovering to collapse... Click to collapse... Hover to expand... Click to expand...
  17. DJ Overdose

    DJ Overdose MDL Novice

    Aug 17, 2011
    6
    1
    0
    #17 DJ Overdose, Mar 1, 2012
    Last edited: Mar 1, 2012
    Why does Konboot not set off A/V when it's essentially the same thing just more refined? Besides I don't think its neccessarily the programs setting of the A/V more the website url and it's components. Unless as Peter explained, some of the code used has been submitted as malware already by himself.



    /nods


    DJ OD
     
  18. Peter Kleissner

    Peter Kleissner MDL Novice

    Feb 3, 2012
    43
    267
    0
    I was 2009 working at an AV company and I've developed the RESEARCH bootkit and shown it at Black Hat.

    And now anyone is seriously asking, why AVs detect it? I think you people didn't know: Not every file that is detected by AVs is itself evil, newsflash. They also detect poc codes.

    @nodnar: I sincerely agree with you..
    @All: This should be more like if something doesn't work etc, not about AVs detecting something or not.
     
  19. Shenj

    Shenj MDL Expert

    Aug 12, 2010
    1,557
    652
    60
    Don't derail this thread just because your Anti-virus reports this program, which it should.... after all it can be used for malicious intent :rolleyes:
    Good work Peter, will you compile a USB Version? It's a lot easier to test it this way.
     
    Stop hovering to collapse... Click to collapse... Hover to expand... Click to expand...
  20. DJ Overdose

    DJ Overdose MDL Novice

    Aug 17, 2011
    6
    1
    0
    You've missed the point...

    I know about false positives with A/V software. Keygens and all sorts being blocked etc.

    I was merely saying that because of what A/V software does it will stop some people from testing this program. I know it's not malicious in itself, and that it's just setting of A/V software.

    The thread is not being de-railed. Mods can decide or delete posts is that's what they feel has happened.

    Like I said, a simple comment explaining things in the OP would have sufficed. There may well have been more feedback on the program had this of been the case.

    There wasn't such a comment, so I posted what I did expecting then to have a "don't worry, here's the reason, blah, blah" not to be trolled by everyone and making out that it bothers me that A/V detects malware in the program.

    And yes, a USB version would be much better to test, I can add it to my Yumi USB of goodies then.


    DJ OD