RubySMB + Kerberos - Track default_name, default_domain, dns_host_name

[adfoster-r7]

Steps to reproduce

use gather/windows_secrets_dump

run rhost=192.168.123.13 username=Administrator password=p4$$w0rd smb::auth=kerberos domaincontrollerrhost=192.168.123.13 smb::rhostname=dc3.adf3.local domain=adf3.local verbose=true

With verbose=true and kerberos auth the secrets dump module outputs:

[-] 192.168.123.13:445 - Unable to get the salt
[*] 192.168.123.13:445 - Could not calculate machine account Kerberos keys

The logic for the salt calculation is here:

    405: def get_machine_kerberos_salt
    406:   host = simple.client.default_name
    407:   return ''.b if host.nil? || host.empty?
 => 408: 
    409:   domain = simple.client.dns_domain_name
    410:   "#{domain.upcase}host#{host.downcase}.#{domain.downcase}".b
    411: end

As 'default_name' and 'domain' are nil

It looks like this information is only set via ntlm auth:

https://github.com/rapid7/ruby_smb/blob/70973b06e726aba753d598b66b39263cb9020037/lib/ruby_smb/peer_info.rb#L6-L22

We'll want to update lib/msf/core/exploit/remote/smb/client/kerberos_authentication.rb to set these values if possible

[github-actions]

Hi!

This issue has been left open with no activity for a while now.

We get a lot of issues, so we currently close issues after 60 days of inactivity. It’s been at least 30 days since the last update here.
If we missed this issue or if you want to keep it open, please reply here. You can also add the label "not stale" to keep this issue open!

As a friendly reminder: the best way to see this issue, or any other, fixed is to open a Pull Request.