Be less strict on hostname matching for ccache credentials

dwelch-r7 · dwelch-r7 · commit 6a04f5ed3de9 · 2023-09-18T14:54:20.000+01:00
diff --git a/lib/msf/core/exploit/remote/kerberos/service_authenticator/base.rb b/lib/msf/core/exploit/remote/kerberos/service_authenticator/base.rb
@@ -1030,7 +1030,9 @@ def load_credential_from_file(file_path, options = {})
         next
       end
 
-      unless !sname_hostname || sname_hostname.to_s.casecmp?(credential.server.components[1])
+      unless !sname_hostname ||
+        sname_hostname.to_s.downcase == credential.server.components[1] ||
+        sname_hostname.to_s.downcase.ends_with?('.' + credential.server.components[1])
         wlog("Filtered credential #{file_path} ##{index} reason: SPN (#{sname_hostname}) hostname does not match (spn: #{credential.server.components.snapshot.join('/')})")
         next
       end
