0xABCD01/CVE-2026-41089 — reverse-engineered prompt

Build me a small Python 3 command line tool for authorized security testing around CVE 2026 41089.

I want to point it at a Windows domain controller IP and domain name, have it send a normal CLDAP ping on UDP 389, then clearly tell me if the server responded. Add an optional lab only test that sends the longer username payload described for this Netlogon issue, waits a few seconds, then checks if the server is still alive. Make the risky test require an obvious confirmation flag so nobody runs it by accident.

Keep it simple with no third party packages. Include command line options for username length, timeout, and delay. Print friendly status messages like reachable, no response, possible LSASS crash, or patched or not vulnerable. Also add a README with usage examples, affected Windows Server versions, detection tips, mitigation advice, and a clear legal warning that this is only for systems I own or have written permission to test.