I Easybcd'd the iso to a pen drive, then booted from it. It launches, then hangs after copyright 2012 Peter Kleissner with a blinking cursor at the end of the line. This happens on multiple machines. I also downloaded Peter's Infector.exe and ran it, says "written successfully". When I reboot and try to login with a random incorrect password, I cant. What all am I doing wrong?
Guys come one, I have pasted the download link in the first post, you have to copy the entire line up to the "Stoned Lite.iso". I have less than 20 posts, so I can't post links directly. I never said anything to go to my website and download some infector or w/e. Just the iso. @DJ Overdose: So who cares, I was working for an AV company myself. @venu: You cannot put the iso on a USB stick. This is because it was technically programmed to expect to be loaded 5 KB at 7E00h from CD sector 30. If you try to put the iso on a USB drive everything will go wrong, because sectors there are 512 bytes of size (and on CD 2048). Additionally, the BIOS only loads 512 bytes from the USB drive - therefore not the full program (5 KB). This is why you will see a hang (because the rest of the program is missing). For a USB drive version I'd have to recompile it.
You should care... If you want people to try your programs, maybe upload them somewhere people can download them safely. Not everyone on here is that tech savvy to sandbox it or download into a test enviroment with no A/V. Messages popping up on people screens saying virus will put people of trying your work. Just saying, no skin of my nose so to speak. Might be a nice idea to do that, CD's are so 90's ;-) DJ OD
@DJ Overdose: My website/dl location are SAFE. There are no virus hosted, there were never. If any AV or says anything different then they are simple crap. Some AVs have bad heuristics. The iso itself is also 100% safe. It does everything ONLY in memory (does NOT touch the hard disk), so in the worst case you remove the CD from the drive and reboot. > popping up on people screens saying virus Well, some AVs detect the Stoned Bootkit. This is more a proactive thing. I myself submitted the files to AV companies. That does not mean that my files are evil themselves, just to prevent malware authors from abusing the bootkit for malware. Welcome to the research world, DJ Overdose. > If you want people to try your programs My audience [here] are technical people (programmers, admins...) who know how to value AV messages. Who do you think I am, a criminal?!
FWIW, I trust no one. I was merely pointing out the fact that two, widely respected anti-virus and internet security programs, did not like your website. IIRC, some icon triggered it. That and the fact that it would stop ppl trusting you and your files. I understand completely what you are saying, but others (your audience) will not. I don't think you are a criminal. Maybe you should have pointed out with your download links, both for this and the patcher, that some may find the A/V software will block the files and not to worry too much. Just trying to help you get more useful feedback and help others that maybe freaking out about the A/V going off. DJ OD
Peter, can you please please recompile it for usb sticks? It would be great cos then it could get onto my handy usb toolkit. Of course, if its like a tonne of work, then forget it.
This is a program that bypasses passwords. It IS malware in every sense of the term. How can someone intentionally download malware and then complain about their malware protection program telling them about it?
sorry, articuno, but i disagree.. this could be promising.. but it is one hell of a lot of work to get the scanners to let it pass, look at josh cell`s posts about that.. regards, nodnar
forgive me if I'm a (a lot) little slow. I installed Windows 8 pre-beta 64 bit on the 2nd HDD in my laptop back in October? November? (beta fish load screen, build 8102?) used it for a week or so, then stopped using it, and forgot my password. I'd like to get back into the drive and pull all the information off before I reformat it and reinstall this latest version. Am I correct in understanding that running your program will get me past my password or am I out of luck bc I loaded 64 bit? I also have a secondary question: Would I be able to use the System Rescue CD method from How-to-Geeks/ recently showcased on Lifehacker to eliminate the password? I've done it for Win7, but I presume the pathways would be different and I don't know enough about Win8 to figure out how to modify the commands. Any thoughts?
@preacherzson: If you can wait a couple of days, I'll release a version working with 64-bit. At the second I am writing, I am testing my 64-bit code in bochs with the builds 8102 and 8250
@peter kleissner, i appreciate your efforts, and i think you are far to smart to try and start a [r] ootkit here.. which got me wondering what all these 2009 discussions taught you.. do you really think your software can bypass passwords without people panicking because of their scanners screaming `rootkit`i wonder? because when that happens, you will not anywhere.. just my 2 cents..[pfennigs, groschen] regards, nodnar.
Why does Konboot not set off A/V when it's essentially the same thing just more refined? Besides I don't think its neccessarily the programs setting of the A/V more the website url and it's components. Unless as Peter explained, some of the code used has been submitted as malware already by himself. /nods DJ OD
I was 2009 working at an AV company and I've developed the RESEARCH bootkit and shown it at Black Hat. And now anyone is seriously asking, why AVs detect it? I think you people didn't know: Not every file that is detected by AVs is itself evil, newsflash. They also detect poc codes. @nodnar: I sincerely agree with you.. @All: This should be more like if something doesn't work etc, not about AVs detecting something or not.
Don't derail this thread just because your Anti-virus reports this program, which it should.... after all it can be used for malicious intent Good work Peter, will you compile a USB Version? It's a lot easier to test it this way.
You've missed the point... I know about false positives with A/V software. Keygens and all sorts being blocked etc. I was merely saying that because of what A/V software does it will stop some people from testing this program. I know it's not malicious in itself, and that it's just setting of A/V software. The thread is not being de-railed. Mods can decide or delete posts is that's what they feel has happened. Like I said, a simple comment explaining things in the OP would have sufficed. There may well have been more feedback on the program had this of been the case. There wasn't such a comment, so I posted what I did expecting then to have a "don't worry, here's the reason, blah, blah" not to be trolled by everyone and making out that it bothers me that A/V detects malware in the program. And yes, a USB version would be much better to test, I can add it to my Yumi USB of goodies then. DJ OD