jonas wrote:If i started a MITM attack on a user that was part of a domain running a DC like Win2K3 or similar, would this affect any of the user shares, the authentication or cause any other types of trouble?
Without knowing exactly the environment it's sort of hard to answer... LDAP?
You = 00:00:be:ef:be:ef
Victim = 00:00:ba:be:ba:be
You(attacker) ---> "Hi, I'm 00:00:ba:be:ba:be" --> Router/Switches/OtherDevices
You - now pretending to be attacker would have to have the shares of Victim all in order and you'd have to have all devices in that network go through the fingerprint checks (is it LDAP?), etc. But, the approach you're taking may be the long way... "Impersonation" is your friend
And MS built it right into the system for you (SeImpersonatePrivilege):http://www.argeniss.com/research/TokenKidnapping.pdfhttp://support.microsoft.com/kb/821546
So, without knowing more information - are they using LDAP, Radius, Diameter, etc., will be a hard question to answer HOWEVER... You may not even have to go that far. Even if their machines are "uber patched" I'm sure there is a "circle of trust" amongst one another. Instead of focusing on the "whole domain" pick at it piecemeal impersonating one another...
Imagine for a moment you walk into an audience and say "Hi I'm Chuck Norris and I'm a star" the likelihood of someone pulling your card is obscenely high. However, imagine you trap someone in a corner, a janitor who is partially blind (in the network case, say a print server). You may fool the janitor (impersonating Chuck Norris) and abuse that trust relationship and use it to get to where you need to go. "Mr. Janitor, do you think you could let me into the bathroom's near finance... I left/lost my key..."
The reality of this answer though is... It all depends on the network and what's going on. LDAP, Radius, Diameter, what kind of rules are going on, etc.