diff --git a/impacket/tds.py b/impacket/tds.py
index a6547f050..1f0d54634 100644
--- a/impacket/tds.py
+++ b/impacket/tds.py
@@ -1220,6 +1220,7 @@ def kerberosLogin(
         TGT=None,
         TGS=None,
         useCache=True,
+        cbt_fake_value=None
     ):
         if hashes is not None:
             lmhash, nthash = hashes.split(":")
@@ -1437,7 +1438,10 @@ def kerberosLogin(
         chkField["Lgth"] = 16
         chkField["Flags"] = GSS_C_SEQUENCE_FLAG | GSS_C_REPLAY_FLAG
         if self.tlsSocket:
-            chkField["Bnd"] = self.generate_cbt_from_tls_unique()
+            if cbt_fake_value is not None:
+                chkField["Bnd"] = cbt_fake_value
+            else:
+                chkField["Bnd"] = self.generate_cbt_from_tls_unique()
         authenticator["cksum"]["checksum"] = chkField.getData()
         authenticator["seq-number"] = 0
         encodedAuthenticator = encoder.encode(authenticator)
@@ -1488,6 +1492,7 @@ def login(
         domain="",
         hashes=None,
         useWindowsAuth=False,
+        cbt_fake_value=None
     ):
 
         if hashes is not None:
@@ -1573,7 +1578,10 @@ def login(
             # We then compute the Channel Binding Token from the tls-unique value retrieved before
             channel_binding_value = b""
             if self.tlsSocket:
-                channel_binding_value = self.generate_cbt_from_tls_unique()
+                if cbt_fake_value is not None:
+                    channel_binding_value = cbt_fake_value
+                else:
+                    channel_binding_value = self.generate_cbt_from_tls_unique()
 
             # Generate the NTLM ChallengeResponse AUTH
             type3, exportedSessionKey = ntlm.getNTLMSSPType3(
@@ -2306,3 +2314,4 @@ def workstation_id(self):
     @property
     def application_name(self):
         return self._application_name
+