Land rapid7#18379, Improve ccache hostname matching

jheysel-r7 · jheysel-r7 · commit c243125612d1 · 2023-11-07T22:08:15.000-05:00
The service authenticator was filtering out valid credentials
when the hostname wasnt an exact match when credentials for
a domain should work on a subdomaini. This PR fixes that issue.
diff --git a/lib/msf/core/exploit/remote/kerberos/service_authenticator/base.rb b/lib/msf/core/exploit/remote/kerberos/service_authenticator/base.rb
@@ -1047,7 +1047,9 @@ def load_credential_from_file(file_path, options = {})
         next
       end
 
-      unless !sname_hostname || sname_hostname.to_s.casecmp?(credential.server.components[1])
+      unless !sname_hostname ||
+        sname_hostname.to_s.downcase == credential.server.components[1] ||
+        sname_hostname.to_s.downcase.ends_with?('.' + credential.server.components[1])
         wlog("Filtered credential #{file_path} ##{index} reason: SPN (#{sname_hostname}) hostname does not match (spn: #{credential.server.components.snapshot.join('/')})")
         next
       end
