strip vestigial realms

in the cases where we don't want a realm we should be
stripping it from the credential so we can build accurate results

Author: David Maloney

lib/metasploit/framework/login_scanner/base.rb

@@ -101,10 +101,15 @@ def each_cred_adjusted_for_realm(credential)
               yield credential
             elsif credential.realm.present? && self.class::REALM_KEY.blank?
               second_cred = credential.dup
+              # Strip the realm off here, as we don't want it
+              credential.realm = nil
+              credential.realm_key = nil
               yield credential
               # Some services can take a domain in the username like this even though
               # they do not explicitly take a domain as part of the protocol.
               second_cred.public = "#{second_cred.realm}\\#{second_cred.public}"
+              second_cred.realm = nil
+              second_cred.realm_key = nil
               yield second_cred
             else
               yield credential

spec/support/shared/examples/metasploit/framework/login_scanner/login_scanner_base.rb

@@ -325,7 +325,10 @@
       context 'when login_scanner has no REALM_KEY' do
         context 'when the credential has a realm' do
           it 'yields the original credential as well as one with the realm in the public' do
-            second_cred = ad_cred.dup
+            first_cred  = ad_cred.dup
+            first_cred.realm = nil
+            first_cred.realm_key = nil
+            second_cred = first_cred.dup
             second_cred.public = "#{realm}\\#{public}"
             expect{ |b| login_scanner.each_cred_adjusted_for_realm(ad_cred, &b)}.to yield_successive_args(ad_cred,second_cred)
           end