metasploit-aggregator 0.1.1 → 0.1.2

checksums.yaml

@@ -1,7 +1,7 @@
 ---
 SHA1:
-  metadata.gz: aac104842b24e3ca148b53fec7496fdd91f05cbe
-  data.tar.gz: fe6729af2bc28c2a0a3d2d27e41b55501cff5bb6
+  metadata.gz: df43d9c519841eb237a29d07f02423decce8ae9c
+  data.tar.gz: 3a9f144ffceefc2caf76a0b99aaacfd8d933cab5
 SHA512:
-  metadata.gz: 7bdd018ad0bdae6925db322e986eced83c1a904f9ba09671b715496271b7d6642a671b9abdcc59626249751579dd94bc966cefac6490a803424f40e21684c822
-  data.tar.gz: 321958012678ee3f900c9f2675bcbe721571d3def92906b136a1cdfea68ec96552a1d7953b2e1f0d7c7985f3f3f45a6cc36c72f7efc7ee2a21471ada2615f8bc
+  metadata.gz: 77a8d3d7de9523f6680346211b722b901eaac594ab51124c3f84053dfbf4dda8391524651d0bbbaeb1ab6b7592be3a4cd7b2a1aff227196b04c80932093e7f53
+  data.tar.gz: da9034ab7c33353c9eb890ff67885f025957f754be923264dbb0a5ad14545a818003c41131ea0a7bc77f81242ca9e0ae12ab279b68664a2a3cf1947c0cec9567

data/bin/{msfaggregator → metasploit-aggregator}

@@ -33,5 +33,16 @@ loop do
     server.stop
   elsif command.chomp == 'park'
     client.release_session($stdin.gets.chomp)
+  elsif command.chomp == 'details'
+    client = Metasploit::Aggregator::ServerProxy.new(admin_host, admin_port)
+    client.sessions.each_pair do |payload, console|
+      details = client.session_details(payload)
+      $stdout.puts payload
+      details.each_pair do |key, attr|
+        $stdout.print "\t"
+        $stdout.print "#{key}:"
+        $stdout.puts "#{attr}"
+      end
+    end
   end
 end

data/lib/metasploit/aggregator.rb

@@ -42,6 +42,11 @@ module Metasploit
         # index for impl
       end
 
+      # return any extended details for the payload requested
+      def session_details(payload)
+
+      end
+
       # start a listening port maintained on the service
       # connections are forwarded to any registered default
       # TODO: may want to require a type here for future proof of api
@@ -116,6 +121,12 @@ module Metasploit
         Logger.log(e.to_s)
       end
 
+      def session_details(payload)
+        @client.call(:session_details, payload)
+      rescue MessagePack::RPC::TimeoutError => e
+        Logger.log(e.to_s)
+      end
+
       def add_cable(type, host, port, certificate = nil)
         @client.call(:add_cable, type, host, port, certificate)
       rescue MessagePack::RPC::TimeoutError => e
@@ -222,6 +233,10 @@ module Metasploit
         true # return always return success for now
       end
 
+      def session_details(payload)
+        @manager.connection_details(payload)
+      end
+
       def add_cable(type, host, port, certificate = nil)
         unless @manager.nil?
           case type
@@ -272,10 +287,6 @@ module Metasploit
         true
       end
 
-      def release_session(host)
-        @manager.park(host)
-      end
-
       def request(uuid)
         # return requests here
         result = nil

data/lib/metasploit/aggregator/connection_manager.rb

@@ -15,6 +15,7 @@ module Metasploit
         @cables = []
         @manager_mutex = Mutex.new
         @router = Router.instance
+        @details_cache = SessionDetailService.instance
       end
 
       def self.ssl_generate_certificate
@@ -106,6 +107,23 @@ module Metasploit
         connections
       end
 
+      def connection_details(payload)
+        detail_map = {}
+        details = @details_cache.session_details(payload)
+        unless details.nil?
+          details.each_pair do |key, value|
+            detail_map[key] = value.to_s
+            end
+        end
+        @cables.each do |cable|
+          next unless cable.forwarder.connections.include?(payload)
+          # TODO: improve how time is exposed for live connections
+          time = cable.forwarder.connection_info(payload)['TIME']
+          detail_map['LAST_SEEN'] = Time.now - time unless time.nil?
+        end
+        detail_map
+      end
+
       def cables
         local_cables = []
         @cables.each do |cable|

data/lib/metasploit/aggregator/forwarder.rb

@@ -33,16 +33,22 @@ module Metasploit
         connections
       end
 
+      def connection_info(connection)
+        info = {}
+        info['TIME'] = @response_queues[connection].time unless @response_queues[connection].nil?
+        info
+      end
+
       def flush_stale_sessions
         @forwarder_mutex.synchronize do
           stale_sessions = []
-          @response_queues.each_pair do |uri, queue|
+          @response_queues.each_pair do |payload, queue|
             unless (queue.time + CONNECTION_TIMEOUT) > Time.now
-              stale_sessions << uri
+              stale_sessions << payload
             end
           end
-          stale_sessions.each do |uri|
-            stale_queue = @response_queues.delete(uri)
+          stale_sessions.each do |payload|
+            stale_queue = @response_queues.delete(payload)
             stale_queue.stop_processing unless stale_queue.nil?
           end
         end

data/lib/metasploit/aggregator/http/responder.rb

@@ -1,3 +1,4 @@
+require "metasploit/aggregator/session_detail_service"
 require "metasploit/aggregator/http/request"
 
 module Metasploit
@@ -19,6 +20,7 @@ module Metasploit
           @thread = Thread.new { process_requests }
           @time = Time.now
           @router = Router.instance
+          @session_service = SessionDetailService.instance
           @pending_requests = nil
         end
 
@@ -39,6 +41,7 @@ module Metasploit
               end
 
               # response from get_forward will be a queue to push messages onto and a response queue to retrieve result from
+              @session_service.add_request(request_task, @uri)
               send << request_task
               @pending_request = connection
 
@@ -47,6 +50,7 @@ module Metasploit
               # now get the response once available and send back using this connection
               begin
                 request_obj = recv.pop
+                @session_service.add_request(request_task, @uri)
                 @pending_request = nil
                 request_obj.headers.each do |line|
                   connection.write line

data/lib/metasploit/aggregator/http_forwarder.rb

@@ -10,9 +10,6 @@ module Metasploit
     class HttpForwarder < Forwarder
       CONNECTION_TIMEOUT = 60 # one minute
 
-      attr_accessor :log_messages
-      attr_reader :response_queues
-
       def initialize
         super
       end

data/lib/metasploit/aggregator/router.rb

@@ -31,9 +31,9 @@ module Metasploit
         end
       end
 
-      def get_forward(uri)
-        unless @forward_routes[uri].nil?
-          @forward_routes[uri]
+      def get_forward(payload)
+        unless @forward_routes[payload].nil?
+          @forward_routes[payload]
         else
           @forward_routes['default']
         end

data/lib/metasploit/aggregator/session_detail_service.rb

@@ -0,0 +1,71 @@
+require 'digest/md5'
+require 'singleton'
+require 'metasploit/aggregator/tlv/packet'
+require 'metasploit/aggregator/tlv/packet_parser'
+require 'metasploit/aggregator/tlv/uuid'
+
+module Metasploit
+  module Aggregator
+    class SessionDetailService
+      include Singleton
+
+      def initialize
+        @mutex = Mutex.new
+        @tlv_queue = Queue.new
+        @thread = Thread.new { process_tlv }
+        # for now since all data is http no cipher is required on the parser
+        @parser = Metasploit::Aggregator::Tlv::PacketParser.new
+        @r, @w = IO.pipe
+        @payloads_count = 0;
+        @detail_cache = {}
+      end
+
+      def add_request(request, payload)
+        @tlv_queue << [ request, payload ]
+        if @detail_cache[payload] && @detail_cache[payload]['REMOTE_SOCKET'].nil?
+          @detail_cache[payload]['REMOTE_SOCKET'] = "#{request.socket.peeraddr[3]}:#{request.socket.peeraddr[1]}"
+          @detail_cache[payload]['LOCAL_SOCKET'] = "#{request.socket.addr[3]}:#{request.socket.addr[1]}"
+        end
+      end
+
+      def session_details(payload)
+        @detail_cache[payload]
+      end
+
+      def process_tlv
+        while true
+          begin
+            request, payload = @tlv_queue.pop
+            if request.body && request.body.length > 0
+              # process body as tlv
+              @w.write(request.body)
+              packet = @parser.recv(@r)
+              next unless packet
+              unless @detail_cache[payload]
+                @detail_cache[payload] = { 'ID' => (@payloads_count += 1) }
+              end
+              if packet.has_tlv?(Metasploit::Aggregator::Tlv::TLV_TYPE_UUID)
+                args = { :raw => packet.get_tlv_value(Metasploit::Aggregator::Tlv::TLV_TYPE_UUID) }
+                @detail_cache[payload]['UUID'] = Metasploit::Aggregator::Tlv::UUID.new(args)
+              end
+              if packet.has_tlv?(Metasploit::Aggregator::Tlv::TLV_TYPE_MACHINE_ID)
+                @detail_cache[payload]['MachineID'] = Digest::MD5.hexdigest(packet.get_tlv_value(Metasploit::Aggregator::Tlv::TLV_TYPE_MACHINE_ID).downcase.strip)
+              end
+              if packet.has_tlv?(Metasploit::Aggregator::Tlv::TLV_TYPE_USER_NAME)
+                @detail_cache[payload]['USER'] = packet.get_tlv_value(Metasploit::Aggregator::Tlv::TLV_TYPE_USER_NAME)
+              end
+              if packet.has_tlv?(Metasploit::Aggregator::Tlv::TLV_TYPE_COMPUTER_NAME)
+                @detail_cache[payload]['HOSTNAME'] = packet.get_tlv_value(Metasploit::Aggregator::Tlv::TLV_TYPE_COMPUTER_NAME)
+              end
+              if packet.has_tlv?(Metasploit::Aggregator::Tlv::TLV_TYPE_OS_NAME)
+                @detail_cache[payload]['OS'] = packet.get_tlv_value(Metasploit::Aggregator::Tlv::TLV_TYPE_OS_NAME)
+              end
+            end
+          rescue
+            Logger.log $!
+          end
+        end
+      end
+    end
+  end
+end

data/lib/metasploit/aggregator/tlv/packet.rb

@@ -0,0 +1,740 @@
+# -*- coding: binary -*-
+
+module Metasploit
+  module Aggregator
+    module Tlv
+
+#
+# Constants
+#
+      PACKET_TYPE_REQUEST         = 0
+      PACKET_TYPE_RESPONSE        = 1
+      PACKET_TYPE_PLAIN_REQUEST   = 10
+      PACKET_TYPE_PLAIN_RESPONSE  = 11
+
+#
+# TLV Meta Types
+#
+      TLV_META_TYPE_NONE          = 0
+      TLV_META_TYPE_STRING        = (1 << 16)
+      TLV_META_TYPE_UINT          = (1 << 17)
+      TLV_META_TYPE_RAW           = (1 << 18)
+      TLV_META_TYPE_BOOL          = (1 << 19)
+      TLV_META_TYPE_QWORD         = (1 << 20)
+      TLV_META_TYPE_COMPRESSED    = (1 << 29)
+      TLV_META_TYPE_GROUP         = (1 << 30)
+      TLV_META_TYPE_COMPLEX       = (1 << 31)
+
+# Exclude compressed from the mask since other meta types (e.g. RAW) can also
+# be compressed
+      TLV_META_MASK = (
+      TLV_META_TYPE_STRING |
+          TLV_META_TYPE_UINT |
+          TLV_META_TYPE_RAW |
+          TLV_META_TYPE_BOOL |
+          TLV_META_TYPE_QWORD |
+          TLV_META_TYPE_GROUP |
+          TLV_META_TYPE_COMPLEX
+      )
+
+#
+# TLV base starting points
+#
+      TLV_RESERVED                = 0
+      TLV_EXTENSIONS              = 20000
+      TLV_USER                    = 40000
+      TLV_TEMP                    = 60000
+
+#
+# TLV Specific Types
+#
+      TLV_TYPE_ANY                 = TLV_META_TYPE_NONE   |   0
+      TLV_TYPE_METHOD              = TLV_META_TYPE_STRING |   1
+      TLV_TYPE_REQUEST_ID          = TLV_META_TYPE_STRING |   2
+      TLV_TYPE_EXCEPTION           = TLV_META_TYPE_GROUP  |   3
+      TLV_TYPE_RESULT              = TLV_META_TYPE_UINT   |   4
+
+
+      TLV_TYPE_STRING              = TLV_META_TYPE_STRING |  10
+      TLV_TYPE_UINT                = TLV_META_TYPE_UINT   |  11
+      TLV_TYPE_BOOL                = TLV_META_TYPE_BOOL   |  12
+
+      TLV_TYPE_LENGTH              = TLV_META_TYPE_UINT   |  25
+      TLV_TYPE_DATA                = TLV_META_TYPE_RAW    |  26
+      TLV_TYPE_FLAGS               = TLV_META_TYPE_UINT   |  27
+
+      TLV_TYPE_CHANNEL_ID          = TLV_META_TYPE_UINT   |  50
+      TLV_TYPE_CHANNEL_TYPE        = TLV_META_TYPE_STRING |  51
+      TLV_TYPE_CHANNEL_DATA        = TLV_META_TYPE_RAW    |  52
+      TLV_TYPE_CHANNEL_DATA_GROUP  = TLV_META_TYPE_GROUP  |  53
+      TLV_TYPE_CHANNEL_CLASS       = TLV_META_TYPE_UINT   |  54
+      TLV_TYPE_CHANNEL_PARENTID    = TLV_META_TYPE_UINT   |  55
+
+      TLV_TYPE_SEEK_WHENCE         = TLV_META_TYPE_UINT   |  70
+      TLV_TYPE_SEEK_OFFSET         = TLV_META_TYPE_UINT   |  71
+      TLV_TYPE_SEEK_POS            = TLV_META_TYPE_UINT   |  72
+
+      TLV_TYPE_EXCEPTION_CODE      = TLV_META_TYPE_UINT   | 300
+      TLV_TYPE_EXCEPTION_STRING    = TLV_META_TYPE_STRING | 301
+
+      TLV_TYPE_LIBRARY_PATH        = TLV_META_TYPE_STRING | 400
+      TLV_TYPE_TARGET_PATH         = TLV_META_TYPE_STRING | 401
+      TLV_TYPE_MIGRATE_PID         = TLV_META_TYPE_UINT   | 402
+      TLV_TYPE_MIGRATE_LEN         = TLV_META_TYPE_UINT   | 403
+      TLV_TYPE_MIGRATE_PAYLOAD     = TLV_META_TYPE_STRING | 404
+      TLV_TYPE_MIGRATE_ARCH        = TLV_META_TYPE_UINT   | 405
+      TLV_TYPE_MIGRATE_BASE_ADDR   = TLV_META_TYPE_UINT   | 407
+      TLV_TYPE_MIGRATE_ENTRY_POINT = TLV_META_TYPE_UINT   | 408
+      TLV_TYPE_MIGRATE_SOCKET_PATH = TLV_META_TYPE_STRING | 409
+      TLV_TYPE_MIGRATE_STUB_LEN    = TLV_META_TYPE_UINT   | 410
+      TLV_TYPE_MIGRATE_STUB        = TLV_META_TYPE_STRING | 411
+
+
+      TLV_TYPE_TRANS_TYPE          = TLV_META_TYPE_UINT   | 430
+      TLV_TYPE_TRANS_URL           = TLV_META_TYPE_STRING | 431
+      TLV_TYPE_TRANS_UA            = TLV_META_TYPE_STRING | 432
+      TLV_TYPE_TRANS_COMM_TIMEOUT  = TLV_META_TYPE_UINT   | 433
+      TLV_TYPE_TRANS_SESSION_EXP   = TLV_META_TYPE_UINT   | 434
+      TLV_TYPE_TRANS_CERT_HASH     = TLV_META_TYPE_RAW    | 435
+      TLV_TYPE_TRANS_PROXY_HOST    = TLV_META_TYPE_STRING | 436
+      TLV_TYPE_TRANS_PROXY_USER    = TLV_META_TYPE_STRING | 437
+      TLV_TYPE_TRANS_PROXY_PASS    = TLV_META_TYPE_STRING | 438
+      TLV_TYPE_TRANS_RETRY_TOTAL   = TLV_META_TYPE_UINT   | 439
+      TLV_TYPE_TRANS_RETRY_WAIT    = TLV_META_TYPE_UINT   | 440
+      TLV_TYPE_TRANS_GROUP         = TLV_META_TYPE_GROUP  | 441
+
+      TLV_TYPE_MACHINE_ID          = TLV_META_TYPE_STRING | 460
+      TLV_TYPE_UUID                = TLV_META_TYPE_RAW    | 461
+
+      TLV_TYPE_CIPHER_NAME         = TLV_META_TYPE_STRING | 500
+      TLV_TYPE_CIPHER_PARAMETERS   = TLV_META_TYPE_GROUP  | 501
+
+#
+# Core flags
+#
+      LOAD_LIBRARY_FLAG_ON_DISK   = (1 << 0)
+      LOAD_LIBRARY_FLAG_EXTENSION = (1 << 1)
+      LOAD_LIBRARY_FLAG_LOCAL     = (1 << 2)
+
+#
+# Stdapi TLVs - Config
+#
+      TLV_TYPE_COMPUTER_NAME          = TLV_META_TYPE_STRING  | 1040
+      TLV_TYPE_OS_NAME                = TLV_META_TYPE_STRING  | 1041
+      TLV_TYPE_USER_NAME              = TLV_META_TYPE_STRING  | 1042
+      TLV_TYPE_ARCHITECTURE           = TLV_META_TYPE_STRING  | 1043
+      TLV_TYPE_LANG_SYSTEM            = TLV_META_TYPE_STRING  | 1044
+      TLV_TYPE_SID                    = TLV_META_TYPE_STRING  | 1045
+      TLV_TYPE_DOMAIN                 = TLV_META_TYPE_STRING  | 1046
+      TLV_TYPE_LOGGED_ON_USER_COUNT   = TLV_META_TYPE_UINT    | 1047
+      TLV_TYPE_LOCAL_DATETIME         = TLV_META_TYPE_STRING  | 1048
+
+###
+#
+# Base TLV (Type-Length-Value) class
+#
+###
+      class Tlv
+        attr_accessor :type, :value, :compress
+
+        ##
+        #
+        # Constructor
+        #
+        ##
+
+        #
+        # Returns an instance of a TLV.
+        #
+        def initialize(type, value = nil, compress=false)
+          @type     = type
+          @compress = compress
+
+          if (value != nil)
+            if (type & TLV_META_TYPE_STRING == TLV_META_TYPE_STRING)
+              if (value.kind_of?(Integer))
+                @value = value.to_s
+              else
+                @value = value.dup
+              end
+            else
+              @value = value
+            end
+          end
+        end
+
+        def inspect
+          utype = type ^ TLV_META_TYPE_COMPRESSED
+          group = false
+          meta = case (utype & TLV_META_MASK)
+                   when TLV_META_TYPE_STRING; "STRING"
+                   when TLV_META_TYPE_UINT; "INT"
+                   when TLV_META_TYPE_RAW; "RAW"
+                   when TLV_META_TYPE_BOOL; "BOOL"
+                   when TLV_META_TYPE_QWORD; "QWORD"
+                   when TLV_META_TYPE_GROUP; group=true; "GROUP"
+                   when TLV_META_TYPE_COMPLEX; "COMPLEX"
+                   else; 'unknown-meta-type'
+                 end
+          stype = "unknown-#{type}"
+          Metasploit::Aggregator::Tlv.constants.each do |value|
+            next unless Metasploit::Aggregator::Tlv.const_get(value) == type
+            stype = value.to_s
+            break
+          end
+          val = value.inspect
+          if val.length > 50
+            val = val[0,50] + ' ..."'
+          end
+          group ||= (self.class.to_s =~ /Packet/)
+          if group
+            tlvs_inspect = "tlvs=[\n"
+            @tlvs.each { |t|
+              tlvs_inspect << "  #{t.inspect}\n"
+            }
+            tlvs_inspect << "]"
+          else
+            tlvs_inspect = "meta=#{meta.ljust 10} value=#{val}"
+          end
+          "#<#{self.class} type=#{stype.ljust 15} #{tlvs_inspect}>"
+        end
+
+        ##
+        #
+        # Conditionals
+        #
+        ##
+
+        #
+        # Checks to see if a TLVs meta type is equivalent to the meta type passed.
+        #
+        def meta_type?(meta)
+          return (self.type & meta == meta)
+        end
+
+        #
+        # Checks to see if the TLVs type is equivalent to the type passed.
+        #
+        def type?(type)
+          return self.type == type
+        end
+
+        #
+        # Checks to see if the TLVs value is equivalent to the value passed.
+        #
+        def value?(value)
+          return self.value == value
+        end
+
+        ##
+        #
+        # Serializers
+        #
+        ##
+
+        #
+        # Converts the TLV to raw.
+        #
+        def to_r
+          # Forcibly convert to ASCII-8BIT encoding
+          raw = value.to_s.unpack("C*").pack("C*")
+
+          if (self.type & TLV_META_TYPE_STRING == TLV_META_TYPE_STRING)
+            raw += "\x00"
+          elsif (self.type & TLV_META_TYPE_UINT == TLV_META_TYPE_UINT)
+            raw = [value].pack("N")
+          elsif (self.type & TLV_META_TYPE_QWORD == TLV_META_TYPE_QWORD)
+            raw = [ self.htonq( value.to_i ) ].pack("Q<")
+          elsif (self.type & TLV_META_TYPE_BOOL == TLV_META_TYPE_BOOL)
+            if (value == true)
+              raw = [1].pack("c")
+            else
+              raw = [0].pack("c")
+            end
+          end
+
+          # check if the tlv is to be compressed...
+          if( @compress )
+            raw_uncompressed = raw
+            # compress the raw data
+            raw_compressed = Rex::Text.zlib_deflate( raw_uncompressed )
+            # check we have actually made the raw data smaller...
+            # (small blobs often compress slightly larger then the origional)
+            # if the compressed data is not smaller, we dont use the compressed data
+            if( raw_compressed.length < raw_uncompressed.length )
+              # if so, set the TLV's type to indicate compression is used
+              self.type = self.type | TLV_META_TYPE_COMPRESSED
+              # update the raw data with the uncompressed data length + compressed data
+              # (we include the uncompressed data length as the C side will need to know this for decompression)
+              raw = [ raw_uncompressed.length ].pack("N") + raw_compressed
+            end
+          end
+
+          return [raw.length + 8, self.type].pack("NN") + raw
+        end
+
+        #
+        # Translates the raw format of the TLV into a sanitize version.
+        #
+        def from_r(raw)
+          self.value  = nil
+
+          length, self.type = raw.unpack("NN");
+
+          # check if the tlv value has been compressed...
+          if( self.type & TLV_META_TYPE_COMPRESSED == TLV_META_TYPE_COMPRESSED )
+            # set this TLV as using compression
+            @compress = true
+            # remove the TLV_META_TYPE_COMPRESSED flag from the tlv type to restore the
+            # tlv type to its origional, allowing for transparent data compression.
+            self.type = self.type ^ TLV_META_TYPE_COMPRESSED
+            # decompress the compressed data (skipping the length and type DWORD's)
+            raw_decompressed = Rex::Text.zlib_inflate( raw[8..length-1] )
+            # update the length to reflect the decompressed data length (+8 for the length and type DWORD's)
+            length = raw_decompressed.length + 8
+            # update the raw buffer with the new length, decompressed data and updated type.
+            raw = [length, self.type].pack("NN") + raw_decompressed
+          end
+
+          if (self.type & TLV_META_TYPE_STRING == TLV_META_TYPE_STRING)
+            if (raw.length > 0)
+              self.value = raw[8..length-2]
+            else
+              self.value = nil
+            end
+          elsif (self.type & TLV_META_TYPE_UINT == TLV_META_TYPE_UINT)
+            self.value = raw.unpack("NNN")[2]
+          elsif (self.type & TLV_META_TYPE_QWORD == TLV_META_TYPE_QWORD)
+            self.value = raw.unpack("NNQ<")[2]
+            self.value = self.ntohq( self.value )
+          elsif (self.type & TLV_META_TYPE_BOOL == TLV_META_TYPE_BOOL)
+            self.value = raw.unpack("NNc")[2]
+
+            if (self.value == 1)
+              self.value = true
+            else
+              self.value = false
+            end
+          else
+            self.value = raw[8..length-1]
+          end
+
+          return length;
+        end
+
+        protected
+
+        def htonq( value )
+          if( [1].pack( 's' ) == [1].pack( 'n' ) )
+            return value
+          end
+          return [ value ].pack( 'Q<' ).reverse.unpack( 'Q<' ).first
+        end
+
+        def ntohq( value )
+          return htonq( value )
+        end
+
+      end
+
+###
+#
+# Group TLVs contain zero or more TLVs
+#
+###
+      class GroupTlv < Tlv
+        attr_accessor :tlvs
+
+        ##
+        #
+        # Constructor
+        #
+        ##
+
+        #
+        # Initializes the group TLV container to the supplied type
+        # and creates an empty TLV array.
+        #
+        def initialize(type)
+          super(type)
+
+          self.tlvs = [ ]
+        end
+
+        ##
+        #
+        # Group-based TLV accessors
+        #
+        ##
+
+        #
+        # Enumerates TLVs of the supplied type.
+        #
+        def each(type = TLV_TYPE_ANY, &block)
+          get_tlvs(type).each(&block)
+        end
+
+        #
+        # Synonym for each.
+        #
+        def each_tlv(type = TLV_TYPE_ANY, &block)
+          each(type, &block)
+        end
+
+        #
+        # Enumerates TLVs of a supplied type with indexes.
+        #
+        def each_with_index(type = TLV_TYPE_ANY, &block)
+          get_tlvs(type).each_with_index(&block)
+        end
+
+        #
+        # Synonym for each_with_index.
+        #
+        def each_tlv_with_index(type = TLV_TYPE_ANY, &block)
+          each_with_index(type, block)
+        end
+
+        #
+        # Returns an array of TLVs for the given type.
+        #
+        def get_tlvs(type)
+          if (type == TLV_TYPE_ANY)
+            return self.tlvs
+          else
+            type_tlvs = []
+
+            self.tlvs.each() { |tlv|
+              if (tlv.type?(type))
+                type_tlvs << tlv
+              end
+            }
+
+            return type_tlvs
+          end
+        end
+
+        ##
+        #
+        # TLV management
+        #
+        ##
+
+        #
+        # Adds a TLV of a given type and value.
+        #
+        def add_tlv(type, value = nil, replace = false, compress=false)
+
+          # If we should replace any TLVs with the same type...remove them first
+          if (replace)
+            each(type) { |tlv|
+              if (tlv.type == type)
+                self.tlvs.delete(tlv)
+              end
+            }
+          end
+
+          if (type & TLV_META_TYPE_GROUP == TLV_META_TYPE_GROUP)
+            tlv = GroupTlv.new(type)
+          else
+            tlv = Tlv.new(type, value, compress)
+          end
+
+          self.tlvs << tlv
+
+          return tlv
+        end
+
+        #
+        # Adds zero or more TLVs to the packet.
+        #
+        def add_tlvs(tlvs)
+          if (tlvs != nil)
+            tlvs.each { |tlv|
+              add_tlv(tlv['type'], tlv['value'])
+            }
+          end
+        end
+
+        #
+        # Gets the first TLV of a given type.
+        #
+        def get_tlv(type, index = 0)
+          type_tlvs = get_tlvs(type)
+
+          if (type_tlvs.length > index)
+            return type_tlvs[index]
+          end
+
+          return nil
+        end
+
+        #
+        # Returns the value of a TLV if it exists, otherwise nil.
+        #
+        def get_tlv_value(type, index = 0)
+          tlv = get_tlv(type, index)
+
+          return (tlv != nil) ? tlv.value : nil
+        end
+
+        #
+        # Returns an array of values for all tlvs of type type.
+        #
+        def get_tlv_values(type)
+          get_tlvs(type).collect { |a| a.value }
+        end
+
+        #
+        # Checks to see if the container has a TLV of a given type.
+        #
+        def has_tlv?(type)
+          return get_tlv(type) != nil
+        end
+
+        #
+        # Zeros out the array of TLVs.
+        #
+        def reset
+          self.tlvs = []
+        end
+
+        ##
+        #
+        # Serializers
+        #
+        ##
+
+        #
+        # Converts all of the TLVs in the TLV array to raw and prefixes them
+        # with a container TLV of this instance's TLV type.
+        #
+        def to_r
+          raw = ''
+
+          self.each() { |tlv|
+            raw << tlv.to_r
+          }
+
+          return [raw.length + 8, self.type].pack("NN") + raw
+        end
+
+        #
+        # Converts the TLV group container from raw to all of the individual
+        # TLVs.
+        #
+        def from_r(raw)
+          offset = 8
+
+          # Reset the TLVs array
+          self.tlvs = []
+          self.type = raw.unpack("NN")[1]
+
+          # Enumerate all of the TLVs
+          while (offset < raw.length-1)
+
+            tlv = nil
+
+            # Get the length and type
+            length, type = raw[offset..offset+8].unpack("NN")
+
+            if (type & TLV_META_TYPE_GROUP == TLV_META_TYPE_GROUP)
+              tlv = GroupTlv.new(type)
+            else
+              tlv = Tlv.new(type)
+            end
+
+            tlv.from_r(raw[offset..offset+length])
+
+            # Insert it into the list of TLVs
+            tlvs << tlv
+
+            # Move up
+            offset += length
+          end
+        end
+
+      end
+
+###
+#
+# The logical meterpreter packet class
+#
+###
+      class Packet < GroupTlv
+        attr_accessor :created_at
+
+        ##
+        #
+        # Factory
+        #
+        ##
+
+        #
+        # Creates a request with the supplied method.
+        #
+        def Packet.create_request(method = nil)
+          return Packet.new(PACKET_TYPE_REQUEST, method)
+        end
+
+        #
+        # Creates a response to a request if one is provided.
+        #
+        def Packet.create_response(request = nil)
+          response_type = PACKET_TYPE_RESPONSE
+          method = nil
+
+          if (request)
+            if (request.type?(PACKET_TYPE_PLAIN_REQUEST))
+              response_type = PACKET_TYPE_PLAIN_RESPONSE
+            end
+
+            method = request.method
+          end
+
+          return Packet.new(response_type, method)
+        end
+
+        ##
+        #
+        # Constructor
+        #
+        ##
+
+        #
+        # Initializes the packet to the supplied packet type and method,
+        # if any.  If the packet is a request, a request identifier is
+        # created.
+        #
+        def initialize(type = nil, method = nil)
+          super(type)
+
+          if (method)
+            self.method = method
+          end
+
+          self.created_at = ::Time.now
+
+          # If it's a request, generate a random request identifier
+          if ((type == PACKET_TYPE_REQUEST) ||
+              (type == PACKET_TYPE_PLAIN_REQUEST))
+            rid = ''
+
+            32.times { |val| rid << rand(10).to_s }
+
+            add_tlv(TLV_TYPE_REQUEST_ID, rid)
+          end
+        end
+
+        #
+        # Override the function that creates the raw byte stream for
+        # sending so that it generates an XOR key, uses it to scramble
+        # the serialized TLV content, and then returns the key plus the
+        # scrambled data as the payload.
+        #
+        def to_r
+          raw = super
+          xor_key = rand(254) + 1
+          xor_key |= (rand(254) + 1) << 8
+          xor_key |= (rand(254) + 1) << 16
+          xor_key |= (rand(254) + 1) << 24
+          result = [xor_key].pack('N') + xor_bytes(xor_key, raw)
+          result
+        end
+
+        #
+        # Override the function that reads from a raw byte stream so
+        # that the XORing of data is included in the process prior to
+        # passing it on to the default functionality that can parse
+        # the TLV values.
+        #
+        def from_r(bytes)
+          xor_key = bytes[0,4].unpack('N')[0]
+          super(xor_bytes(xor_key, bytes[4, bytes.length]))
+        end
+
+        #
+        # Xor a set of bytes with a given DWORD xor key.
+        #
+        def xor_bytes(xor_key, bytes)
+          result = ''
+          bytes.bytes.zip([xor_key].pack('V').bytes.cycle).each do |b|
+            result << (b[0].ord ^ b[1].ord).chr
+          end
+          result
+        end
+
+        ##
+        #
+        # Conditionals
+        #
+        ##
+
+        #
+        # Checks to see if the packet is a response.
+        #
+        def response?
+          return ((self.type == PACKET_TYPE_RESPONSE) ||
+              (self.type == PACKET_TYPE_PLAIN_RESPONSE))
+        end
+
+        ##
+        #
+        # Accessors
+        #
+        ##
+
+        #
+        # Checks to see if the packet's method is equal to the supplied method.
+        #
+        def method?(method)
+          return (get_tlv_value(TLV_TYPE_METHOD) == method)
+        end
+
+        #
+        # Sets the packet's method TLV to the method supplied.
+        #
+        def method=(method)
+          add_tlv(TLV_TYPE_METHOD, method, true)
+        end
+
+        #
+        # Returns the value of the packet's method TLV.
+        #
+        def method
+          return get_tlv_value(TLV_TYPE_METHOD)
+        end
+
+        #
+        # Checks to see if the packet's result value is equal to the supplied
+        # result.
+        #
+        def result?(result)
+          return (get_tlv_value(TLV_TYPE_RESULT) == result)
+        end
+
+        #
+        # Sets the packet's result TLV.
+        #
+        def result=(result)
+          add_tlv(TLV_TYPE_RESULT, result, true)
+        end
+
+        #
+        # Gets the value of the packet's result TLV.
+        #
+        def result
+          return get_tlv_value(TLV_TYPE_RESULT)
+        end
+
+        #
+        # Gets the value of the packet's request identifier TLV.
+        #
+        def rid
+          return get_tlv_value(TLV_TYPE_REQUEST_ID)
+        end
+      end
+
+
+    end; end; end
+