swisskyrepo
/
InternalAllTheThings
mirror of https://github.com/swisskyrepo/InternalAllTheThings.git
1
0
Fork 0
Code Issues Packages Projects Releases Wiki Activity
InternalAllTheThings/docs/active-directory/pwd-precreated-computer.md

26 lines
1.1 KiB
Markdown
Raw Normal View History

AD - Pages v0.2
2023-12-03 11:50:48 +00:00
# Password - Pre-Created Computer Account
AD - Pages v0.1
2023-12-03 11:17:02 +00:00
When `Assign this computer account as a pre-Windows 2000 computer` checkmark is checked, the password for the computer account becomes the same as the computer account in lowercase. For instance, the computer account **SERVERDEMO$** would have the password **serverdemo**.
```ps1
# Create a machine with default password
# must be run from a domain joined device connected to the domain
djoin /PROVISION /DOMAIN <fqdn> /MACHINE evilpc /SAVEFILE C:\temp\evilpc.txt /DEFPWD /PRINTBLOB /NETBIOS evilpc
```
* When you attempt to login using the credential you should have the following error code : `STATUS_NOLOGON_WORKSTATION_TRUST_ACCOUNT`.
* Then you need to change the password with [rpcchangepwd.py](https://github.com/SecureAuthCorp/impacket/pull/1304)
AD - Pages v0.7
2023-12-03 21:54:23 +00:00
C2 pages + ESC12 + Flutter
2024-09-06 19:32:45 +00:00
## Enumerate Pre-Created Computer Account
Identify pre-created computer accounts, save the results to a file, and obtain TGTs for each
```ps1
nxc -u username -p password -M pre2K
```
AD - Pages v0.7
2023-12-03 21:54:23 +00:00
## References
* [DIVING INTO PRE-CREATED COMPUTER ACCOUNTS - May 10, 2022 - By Oddvar Moe](https://www.trustedsec.com/blog/diving-into-pre-created-computer-accounts/)