Do a MITM attack on NetServerAuthenticate2 and LogonGetCapabilities. Let the client set the AES flag and remove the flag in the packet with MITM.
Check how Windows detects this attack and implmentend it corrently for netlogon schannel with AES.
The MITM could maybe be done with https://www.samba.org/ftp/unpacked/junkcode/sockspy-rpc.c
Done. I've uploaded the code I used for the MITM attack to:
http://xor.cryptomilk.org/junkcode/
Metadata Update from @asn: - Issue assigned to asn - Issue set to the milestone: FreeIPA 3.0 Trust Effort - 2012/06
Log in to comment on this ticket.