Always negate the flag rather than xor it

impacket/examples/ntlmrelayx/clients/ldaprelayclient.py

@@ -29,7 +29,7 @@
 
 from impacket.examples.ntlmrelayx.clients import ProtocolClient
 from impacket.nt_errors import STATUS_SUCCESS, STATUS_ACCESS_DENIED
-from impacket.ntlm import NTLMAuthChallenge, NTLMAuthNegotiate, NTLMSSP_NEGOTIATE_SIGN
+from impacket.ntlm import NTLMAuthChallenge, NTLMAuthNegotiate, NTLMSSP_NEGOTIATE_SIGN, NTLMSSP_NEGOTIATE_ALWAYS_SIGN
 from impacket.spnego import SPNEGO_NegTokenResp
 
 PROTOCOL_CLIENT_CLASSES = ["LDAPRelayClient", "LDAPSRelayClient"]
@@ -65,6 +65,9 @@ def sendNegotiate(self, negotiateMessage):
         negoMessage = NTLMAuthNegotiate()
         negoMessage.fromString(negotiateMessage)
         negoMessage['flags'] &= ~NTLMSSP_NEGOTIATE_SIGN
+        # We shouldn't need to set this, as ALWAYS_SIGN is overridden by
+        # NEGOTIATE_SIGN. However included for clarity.
+        negoMessage['flags'] &= ~NTLMSSP_NEGOTIATE_ALWAYS_SIGN
         self.negotiateMessage = str(negoMessage)
 
         with self.session.connection_lock: