So, I'm testing out a web app and found a CSPP vulnerability, as detailed here (http://www.blackhat.com/presentations/b ... ion-wp.pdf). Chema illustrates setting up a rogue SQL server and forcing the victim to connect to your server, while you sniff their windows credentials.
Whenever I set up a rogue server and force a connection, I don't get the goods from the victim. I set up Cain to sniff, as in the white paper, but nothing. I loaded up wireshark and see some NTLMSSP messages back and forth, but then my rogue server responds with "Login failed. The login is from an untrusted domain and cannot be used with Windows authentication."
The victim and rogue server are not on the same network or domain.
Does anyone know of a way to configure my rogue server to accept the victim domain and therefore capture the credentials? Thanks in advance!