From 19e3f29441002ada6f39a8fd4823f29c320aad29 Mon Sep 17 00:00:00 2001
From: Christophe De La Fuente <christophe_delafuente@rapid7.com>
Date: Fri, 23 Aug 2024 15:01:18 +0200
Subject: [PATCH 1/2] Add missing constants for the Kerberos login scanner &
 set default `server_name` value in the client

---
 lib/metasploit/framework/login_scanner/kerberos.rb | 5 +++++
 lib/msf/core/exploit/remote/kerberos/client.rb     | 2 +-
 2 files changed, 6 insertions(+), 1 deletion(-)

diff --git a/lib/metasploit/framework/login_scanner/kerberos.rb b/lib/metasploit/framework/login_scanner/kerberos.rb
index 20f6f8acb07c..ac58bc166b8a 100644
--- a/lib/metasploit/framework/login_scanner/kerberos.rb
+++ b/lib/metasploit/framework/login_scanner/kerberos.rb
@@ -12,6 +12,10 @@ class Kerberos
         DEFAULT_PORT = 88
         REALM_KEY = Metasploit::Model::Realm::Key::ACTIVE_DIRECTORY_DOMAIN
         DEFAULT_REALM = nil
+        LIKELY_PORTS = [ DEFAULT_PORT ].freeze
+        LIKELY_SERVICE_NAMES = [ 'kerberos', 'kerberos5', 'krb5', 'kerberos-sec' ].freeze
+        PRIVATE_TYPES = %i[ password ].freeze
+        CAN_GET_SESSION = true
 
         def attempt_login(credential)
           result_options = {
@@ -117,6 +121,7 @@ def self.login_status_for_kerberos_error(krb_err)
         private
 
         def set_sane_defaults
+          self.connection_timeout = 10 if self.connection_timeout.nil?
           self.port = DEFAULT_PORT unless self.port
         end
 
diff --git a/lib/msf/core/exploit/remote/kerberos/client.rb b/lib/msf/core/exploit/remote/kerberos/client.rb
index 7e99317d7d7a..9e2fa9289182 100644
--- a/lib/msf/core/exploit/remote/kerberos/client.rb
+++ b/lib/msf/core/exploit/remote/kerberos/client.rb
@@ -245,7 +245,7 @@ def send_request_tgt_pkinit(options = {})
           # @raise [Rex::Proto::Kerberos::Model::Error::KerberosError] if the provided credentials are invalid
           def send_request_tgt(options = {})
             realm = options[:realm]
-            server_name = options[:server_name]
+            server_name = options[:server_name] || "krbtgt/#{realm}"
             client_name = options[:client_name]
             client_name = client_name.dup.force_encoding('utf-8') if client_name
             password = options[:password]

From 1b4362b6d52983d5a813046cccb2473e77780494 Mon Sep 17 00:00:00 2001
From: Christophe De La Fuente <christophe_delafuente@rapid7.com>
Date: Mon, 9 Sep 2024 18:03:15 +0200
Subject: [PATCH 2/2] Set default `server_name` in `#send_request_tgt_pkinit`

---
 lib/msf/core/exploit/remote/kerberos/client.rb | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/lib/msf/core/exploit/remote/kerberos/client.rb b/lib/msf/core/exploit/remote/kerberos/client.rb
index 9e2fa9289182..bd54e5709504 100644
--- a/lib/msf/core/exploit/remote/kerberos/client.rb
+++ b/lib/msf/core/exploit/remote/kerberos/client.rb
@@ -179,7 +179,7 @@ def send_request_tgt_pkinit(options = {})
             pfx = options[:pfx]
             request_pac = options.fetch(:request_pac, true)
             realm = options[:realm]
-            server_name = options.fetch(:server_name, "krbtgt/#{realm}")
+            server_name = options[:server_name] || "krbtgt/#{realm}"
             client_name = options[:client_name]
             client_name = client_name.dup.force_encoding('utf-8') if client_name
             ticket_options = options.fetch(:options) { 0x50800000 } # Forwardable, Proxiable, Renewable