Module: Rex::Post::Meterpreter

Defined in:
lib/rex/post/meterpreter/pivot.rb,
lib/rex/post/meterpreter/client.rb,
lib/rex/post/meterpreter/packet.rb,
lib/rex/post/meterpreter/channel.rb,
lib/rex/post/meterpreter/core_ids.rb,
lib/rex/post/meterpreter/extension.rb,
lib/rex/post/meterpreter/ui/console.rb,
lib/rex/post/meterpreter/client_core.rb,
lib/rex/post/meterpreter/channels/pool.rb,
lib/rex/post/meterpreter/packet_parser.rb,
lib/rex/post/meterpreter/object_aliases.rb,
lib/rex/post/meterpreter/channels/stream.rb,
lib/rex/post/meterpreter/pivot_container.rb,
lib/rex/post/meterpreter/extension_mapper.rb,
lib/rex/post/meterpreter/channel_container.rb,
lib/rex/post/meterpreter/channels/datagram.rb,
lib/rex/post/meterpreter/packet_dispatcher.rb,
lib/rex/post/meterpreter/extensions/priv/fs.rb,
lib/rex/post/meterpreter/channels/pools/file.rb,
lib/rex/post/meterpreter/extensions/kiwi/tlv.rb,
lib/rex/post/meterpreter/extensions/priv/tlv.rb,
lib/rex/post/meterpreter/extensions/espia/tlv.rb,
lib/rex/post/meterpreter/extensions/kiwi/kiwi.rb,
lib/rex/post/meterpreter/extensions/priv/priv.rb,
lib/rex/post/meterpreter/extensions/stdapi/ui.rb,
lib/rex/post/meterpreter/extensions/appapi/tlv.rb,
lib/rex/post/meterpreter/extensions/extapi/tlv.rb,
lib/rex/post/meterpreter/extensions/python/tlv.rb,
lib/rex/post/meterpreter/extensions/stdapi/tlv.rb,
lib/rex/post/meterpreter/extensions/unhook/tlv.rb,
lib/rex/post/meterpreter/extensions/android/tlv.rb,
lib/rex/post/meterpreter/extensions/espia/espia.rb,
lib/rex/post/meterpreter/extensions/priv/passwd.rb,
lib/rex/post/meterpreter/extensions/sniffer/tlv.rb,
lib/rex/post/meterpreter/extensions/winpmem/tlv.rb,
lib/rex/post/meterpreter/inbound_packet_handler.rb,
lib/rex/post/meterpreter/packet_response_waiter.rb,
lib/rex/post/meterpreter/extensions/stdapi/fs/io.rb,
lib/rex/post/meterpreter/extensions/appapi/appapi.rb,
lib/rex/post/meterpreter/extensions/extapi/extapi.rb,
lib/rex/post/meterpreter/extensions/incognito/tlv.rb,
lib/rex/post/meterpreter/extensions/python/python.rb,
lib/rex/post/meterpreter/extensions/stdapi/fs/dir.rb,
lib/rex/post/meterpreter/extensions/stdapi/stdapi.rb,
lib/rex/post/meterpreter/extensions/unhook/unhook.rb,
lib/rex/post/meterpreter/extensions/extapi/wmi/wmi.rb,
lib/rex/post/meterpreter/extensions/lanattacks/tlv.rb,
lib/rex/post/meterpreter/extensions/peinjector/tlv.rb,
lib/rex/post/meterpreter/extensions/powershell/tlv.rb,
lib/rex/post/meterpreter/extensions/stdapi/fs/file.rb,
lib/rex/post/meterpreter/extensions/stdapi/mic/mic.rb,
lib/rex/post/meterpreter/extensions/stdapi/net/arp.rb,
lib/rex/post/meterpreter/channels/pools/stream_pool.rb,
lib/rex/post/meterpreter/extensions/android/android.rb,
lib/rex/post/meterpreter/extensions/sniffer/sniffer.rb,
lib/rex/post/meterpreter/extensions/stdapi/fs/mount.rb,
lib/rex/post/meterpreter/extensions/winpmem/winpmem.rb,
lib/rex/post/meterpreter/channels/socket_abstraction.rb,
lib/rex/post/meterpreter/extensions/extapi/adsi/adsi.rb,
lib/rex/post/meterpreter/extensions/extapi/ntds/ntds.rb,
lib/rex/post/meterpreter/extensions/kiwi/command_ids.rb,
lib/rex/post/meterpreter/extensions/priv/command_ids.rb,
lib/rex/post/meterpreter/extensions/stdapi/net/route.rb,
lib/rex/post/meterpreter/extensions/stdapi/sys/power.rb,
lib/rex/post/meterpreter/extensions/espia/command_ids.rb,
lib/rex/post/meterpreter/extensions/stdapi/net/config.rb,
lib/rex/post/meterpreter/extensions/stdapi/net/socket.rb,
lib/rex/post/meterpreter/extensions/stdapi/sys/config.rb,
lib/rex/post/meterpreter/extensions/stdapi/sys/thread.rb,
lib/rex/post/meterpreter/extensions/appapi/command_ids.rb,
lib/rex/post/meterpreter/extensions/extapi/command_ids.rb,
lib/rex/post/meterpreter/extensions/python/command_ids.rb,
lib/rex/post/meterpreter/extensions/stdapi/command_ids.rb,
lib/rex/post/meterpreter/extensions/stdapi/net/netstat.rb,
lib/rex/post/meterpreter/extensions/stdapi/net/resolve.rb,
lib/rex/post/meterpreter/extensions/stdapi/railgun/tlv.rb,
lib/rex/post/meterpreter/extensions/stdapi/sys/process.rb,
lib/rex/post/meterpreter/extensions/unhook/command_ids.rb,
lib/rex/post/meterpreter/ui/console/command_dispatcher.rb,
lib/rex/post/meterpreter/extensions/android/command_ids.rb,
lib/rex/post/meterpreter/extensions/incognito/incognito.rb,
lib/rex/post/meterpreter/extensions/sniffer/command_ids.rb,
lib/rex/post/meterpreter/extensions/stdapi/fs/file_stat.rb,
lib/rex/post/meterpreter/extensions/stdapi/railgun/util.rb,
lib/rex/post/meterpreter/extensions/stdapi/sys/registry.rb,
lib/rex/post/meterpreter/extensions/winpmem/command_ids.rb,
lib/rex/post/meterpreter/ui/console/interactive_channel.rb,
lib/rex/post/meterpreter/extensions/extapi/window/window.rb,
lib/rex/post/meterpreter/extensions/lanattacks/dhcp/dhcp.rb,
lib/rex/post/meterpreter/extensions/lanattacks/tftp/tftp.rb,
lib/rex/post/meterpreter/extensions/mimikatz/command_ids.rb,
lib/rex/post/meterpreter/extensions/stdapi/net/interface.rb,
lib/rex/post/meterpreter/extensions/stdapi/sys/event_log.rb,
lib/rex/post/meterpreter/extensions/stdapi/webcam/webcam.rb,
lib/rex/post/meterpreter/extensions/incognito/command_ids.rb,
lib/rex/post/meterpreter/extensions/lanattacks/lanattacks.rb,
lib/rex/post/meterpreter/extensions/peinjector/peinjector.rb,
lib/rex/post/meterpreter/extensions/powershell/powershell.rb,
lib/rex/post/meterpreter/extensions/extapi/pageant/pageant.rb,
lib/rex/post/meterpreter/extensions/extapi/service/service.rb,
lib/rex/post/meterpreter/extensions/lanattacks/command_ids.rb,
lib/rex/post/meterpreter/extensions/peinjector/command_ids.rb,
lib/rex/post/meterpreter/extensions/powershell/command_ids.rb,
lib/rex/post/meterpreter/extensions/stdapi/railgun/library.rb,
lib/rex/post/meterpreter/extensions/stdapi/railgun/railgun.rb,
lib/rex/post/meterpreter/ui/console/command_dispatcher/core.rb,
lib/rex/post/meterpreter/ui/console/command_dispatcher/kiwi.rb,
lib/rex/post/meterpreter/ui/console/command_dispatcher/priv.rb,
lib/rex/post/meterpreter/extensions/stdapi/railgun/multicall.rb,
lib/rex/post/meterpreter/ui/console/command_dispatcher/espia.rb,
lib/rex/post/meterpreter/ui/console/command_dispatcher/appapi.rb,
lib/rex/post/meterpreter/ui/console/command_dispatcher/extapi.rb,
lib/rex/post/meterpreter/ui/console/command_dispatcher/python.rb,
lib/rex/post/meterpreter/ui/console/command_dispatcher/stdapi.rb,
lib/rex/post/meterpreter/ui/console/command_dispatcher/unhook.rb,
lib/rex/post/meterpreter/extensions/extapi/clipboard/clipboard.rb,
lib/rex/post/meterpreter/extensions/stdapi/railgun/buffer_item.rb,
lib/rex/post/meterpreter/ui/console/command_dispatcher/android.rb,
lib/rex/post/meterpreter/ui/console/command_dispatcher/sniffer.rb,
lib/rex/post/meterpreter/ui/console/command_dispatcher/winpmem.rb,
lib/rex/post/meterpreter/extensions/stdapi/railgun/const_manager.rb,
lib/rex/post/meterpreter/extensions/stdapi/railgun/platform_util.rb,
lib/rex/post/meterpreter/ui/console/command_dispatcher/incognito.rb,
lib/rex/post/meterpreter/ui/console/command_dispatcher/stdapi/fs.rb,
lib/rex/post/meterpreter/ui/console/command_dispatcher/stdapi/ui.rb,
lib/rex/post/meterpreter/extensions/stdapi/railgun/library_helper.rb,
lib/rex/post/meterpreter/ui/console/command_dispatcher/extapi/wmi.rb,
lib/rex/post/meterpreter/ui/console/command_dispatcher/lanattacks.rb,
lib/rex/post/meterpreter/ui/console/command_dispatcher/peinjector.rb,
lib/rex/post/meterpreter/ui/console/command_dispatcher/powershell.rb,
lib/rex/post/meterpreter/ui/console/command_dispatcher/stdapi/mic.rb,
lib/rex/post/meterpreter/ui/console/command_dispatcher/stdapi/net.rb,
lib/rex/post/meterpreter/ui/console/command_dispatcher/stdapi/sys.rb,
lib/rex/post/meterpreter/extensions/stdapi/railgun/library_wrapper.rb,
lib/rex/post/meterpreter/ui/console/command_dispatcher/extapi/adsi.rb,
lib/rex/post/meterpreter/ui/console/command_dispatcher/priv/passwd.rb,
lib/rex/post/meterpreter/extensions/stdapi/railgun/def/osx/def_libc.rb,
lib/rex/post/meterpreter/extensions/stdapi/railgun/library_function.rb,
lib/rex/post/meterpreter/extensions/stdapi/sys/process_subsystem/io.rb,
lib/rex/post/meterpreter/ui/console/command_dispatcher/priv/elevate.rb,
lib/rex/post/meterpreter/extensions/stdapi/audio_output/audio_output.rb,
lib/rex/post/meterpreter/extensions/stdapi/railgun/type/pointer_util.rb,
lib/rex/post/meterpreter/ui/console/command_dispatcher/extapi/window.rb,
lib/rex/post/meterpreter/ui/console/command_dispatcher/stdapi/stream.rb,
lib/rex/post/meterpreter/ui/console/command_dispatcher/stdapi/webcam.rb,
lib/rex/post/meterpreter/extensions/stdapi/railgun/def/linux/def_libc.rb,
lib/rex/post/meterpreter/ui/console/command_dispatcher/extapi/service.rb,
lib/rex/post/meterpreter/ui/console/command_dispatcher/priv/timestomp.rb,
lib/rex/post/meterpreter/extensions/stdapi/railgun/def/osx/def_libobjc.rb,
lib/rex/post/meterpreter/extensions/stdapi/sys/process_subsystem/image.rb,
lib/rex/post/meterpreter/ui/console/command_dispatcher/lanattacks/dhcp.rb,
lib/rex/post/meterpreter/ui/console/command_dispatcher/lanattacks/tftp.rb,
lib/rex/post/meterpreter/extensions/stdapi/sys/process_subsystem/memory.rb,
lib/rex/post/meterpreter/extensions/stdapi/sys/process_subsystem/thread.rb,
lib/rex/post/meterpreter/ui/console/command_dispatcher/extapi/clipboard.rb,
lib/rex/post/meterpreter/extensions/stdapi/railgun/def/osx/api_constants.rb,
lib/rex/post/meterpreter/extensions/stdapi/railgun/def/windows/def_ntdll.rb,
lib/rex/post/meterpreter/extensions/stdapi/railgun/def/windows/def_psapi.rb,
lib/rex/post/meterpreter/extensions/stdapi/railgun/def/windows/def_user32.rb,
lib/rex/post/meterpreter/extensions/stdapi/railgun/def/windows/def_ws2_32.rb,
lib/rex/post/meterpreter/extensions/stdapi/railgun/def/linux/api_constants.rb,
lib/rex/post/meterpreter/extensions/stdapi/railgun/def/windows/def_crypt32.rb,
lib/rex/post/meterpreter/extensions/stdapi/railgun/def/windows/def_shell32.rb,
lib/rex/post/meterpreter/extensions/stdapi/railgun/def/windows/def_version.rb,
lib/rex/post/meterpreter/extensions/stdapi/railgun/def/windows/def_wlanapi.rb,
lib/rex/post/meterpreter/extensions/stdapi/railgun/def/windows/def_wldap32.rb,
lib/rex/post/meterpreter/ui/console/command_dispatcher/stdapi/audio_output.rb,
lib/rex/post/meterpreter/extensions/stdapi/net/socket_subsystem/udp_channel.rb,
lib/rex/post/meterpreter/extensions/stdapi/railgun/def/windows/def_advapi32.rb,
lib/rex/post/meterpreter/extensions/stdapi/railgun/def/windows/def_iphlpapi.rb,
lib/rex/post/meterpreter/extensions/stdapi/railgun/def/windows/def_kernel32.rb,
lib/rex/post/meterpreter/extensions/stdapi/railgun/def/windows/def_netapi32.rb,
lib/rex/post/meterpreter/extensions/stdapi/railgun/def/windows/api_constants.rb,
lib/rex/post/meterpreter/extensions/stdapi/sys/registry_subsystem/registry_key.rb,
lib/rex/post/meterpreter/extensions/stdapi/sys/event_log_subsystem/event_record.rb,
lib/rex/post/meterpreter/extensions/stdapi/sys/registry_subsystem/registry_value.rb,
lib/rex/post/meterpreter/extensions/stdapi/net/socket_subsystem/tcp_client_channel.rb,
lib/rex/post/meterpreter/extensions/stdapi/net/socket_subsystem/tcp_server_channel.rb,
lib/rex/post/meterpreter/extensions/stdapi/sys/registry_subsystem/remote_registry_key.rb

Defined Under Namespace

Modules: ChannelContainer, Channels, Extensions, HttpPacketDispatcher, InboundPacketHandler, ObjectAliasesContainer, PacketDispatcher, PivotContainer, SocketAbstraction, Ui Classes: Channel, Client, ClientCore, Datagram, Extension, ExtensionMapper, GroupTlv, ObjectAliases, Packet, PacketParser, PacketResponseWaiter, Pivot, PivotListener, RequestError, Stream, Tlv

Constant Summary collapse

PACKET_TYPE_REQUEST =

Constants

0
PACKET_TYPE_RESPONSE =
1
PACKET_TYPE_PLAIN_REQUEST =
10
PACKET_TYPE_PLAIN_RESPONSE =
11
TLV_META_TYPE_NONE =

TLV Meta Types

0
TLV_META_TYPE_STRING =
(1 << 16)
TLV_META_TYPE_UINT =
(1 << 17)
TLV_META_TYPE_RAW =
(1 << 18)
TLV_META_TYPE_BOOL =
(1 << 19)
TLV_META_TYPE_QWORD =
(1 << 20)
TLV_META_TYPE_COMPRESSED =
(1 << 29)
TLV_META_TYPE_GROUP =
(1 << 30)
TLV_META_TYPE_COMPLEX =
(1 << 31)
TLV_META_MASK =

Exclude compressed from the mask since other meta types (e.g. RAW) can also be compressed

(
  TLV_META_TYPE_STRING |
  TLV_META_TYPE_UINT |
  TLV_META_TYPE_RAW |
  TLV_META_TYPE_BOOL |
  TLV_META_TYPE_QWORD |
  TLV_META_TYPE_GROUP |
  TLV_META_TYPE_COMPLEX
)
TLV_RESERVED =

TLV base starting points

0
TLV_EXTENSIONS =
20000
TLV_USER =
40000
TLV_TEMP =
60000
TLV_TYPE_ANY =

TLV Specific Types

TLV_META_TYPE_NONE   |   0
TLV_TYPE_COMMAND_ID =
TLV_META_TYPE_UINT   |   1
TLV_TYPE_REQUEST_ID =
TLV_META_TYPE_STRING |   2
TLV_TYPE_EXCEPTION =
TLV_META_TYPE_GROUP  |   3
TLV_TYPE_RESULT =
TLV_META_TYPE_UINT   |   4
TLV_TYPE_STRING =
TLV_META_TYPE_STRING |  10
TLV_TYPE_UINT =
TLV_META_TYPE_UINT   |  11
TLV_TYPE_BOOL =
TLV_META_TYPE_BOOL   |  12
TLV_TYPE_LENGTH =
TLV_META_TYPE_UINT   |  25
TLV_TYPE_DATA =
TLV_META_TYPE_RAW    |  26
TLV_TYPE_FLAGS =
TLV_META_TYPE_UINT   |  27
TLV_TYPE_CHANNEL_ID =
TLV_META_TYPE_UINT   |  50
TLV_TYPE_CHANNEL_TYPE =
TLV_META_TYPE_STRING |  51
TLV_TYPE_CHANNEL_DATA =
TLV_META_TYPE_RAW    |  52
TLV_TYPE_CHANNEL_DATA_GROUP =
TLV_META_TYPE_GROUP  |  53
TLV_TYPE_CHANNEL_CLASS =
TLV_META_TYPE_UINT   |  54
TLV_TYPE_CHANNEL_PARENTID =
TLV_META_TYPE_UINT   |  55
TLV_TYPE_SEEK_WHENCE =
TLV_META_TYPE_UINT   |  70
TLV_TYPE_SEEK_OFFSET =
TLV_META_TYPE_UINT   |  71
TLV_TYPE_SEEK_POS =
TLV_META_TYPE_UINT   |  72
TLV_TYPE_EXCEPTION_CODE =
TLV_META_TYPE_UINT   | 300
TLV_TYPE_EXCEPTION_STRING =
TLV_META_TYPE_STRING | 301
TLV_TYPE_LIBRARY_PATH =
TLV_META_TYPE_STRING | 400
TLV_TYPE_TARGET_PATH =
TLV_META_TYPE_STRING | 401
TLV_TYPE_MIGRATE_PID =
TLV_META_TYPE_UINT   | 402
TLV_TYPE_MIGRATE_PAYLOAD =
TLV_META_TYPE_RAW    | 404
TLV_TYPE_MIGRATE_ARCH =
TLV_META_TYPE_UINT   | 405
TLV_TYPE_MIGRATE_BASE_ADDR =
TLV_META_TYPE_UINT   | 407
TLV_TYPE_MIGRATE_ENTRY_POINT =
TLV_META_TYPE_UINT   | 408
TLV_TYPE_MIGRATE_SOCKET_PATH =
TLV_META_TYPE_STRING | 409
TLV_TYPE_MIGRATE_STUB =
TLV_META_TYPE_RAW    | 411
TLV_TYPE_LIB_LOADER_NAME =
TLV_META_TYPE_STRING | 412
TLV_TYPE_LIB_LOADER_ORDINAL =
TLV_META_TYPE_UINT   | 413
TLV_TYPE_TRANS_TYPE =
TLV_META_TYPE_UINT   | 430
TLV_TYPE_TRANS_URL =
TLV_META_TYPE_STRING | 431
TLV_TYPE_TRANS_UA =
TLV_META_TYPE_STRING | 432
TLV_TYPE_TRANS_COMM_TIMEOUT =
TLV_META_TYPE_UINT   | 433
TLV_TYPE_TRANS_SESSION_EXP =
TLV_META_TYPE_UINT   | 434
TLV_TYPE_TRANS_CERT_HASH =
TLV_META_TYPE_RAW    | 435
TLV_TYPE_TRANS_PROXY_HOST =
TLV_META_TYPE_STRING | 436
TLV_TYPE_TRANS_PROXY_USER =
TLV_META_TYPE_STRING | 437
TLV_TYPE_TRANS_PROXY_PASS =
TLV_META_TYPE_STRING | 438
TLV_TYPE_TRANS_RETRY_TOTAL =
TLV_META_TYPE_UINT   | 439
TLV_TYPE_TRANS_RETRY_WAIT =
TLV_META_TYPE_UINT   | 440
TLV_TYPE_TRANS_HEADERS =
TLV_META_TYPE_STRING | 441
TLV_TYPE_TRANS_GROUP =
TLV_META_TYPE_GROUP  | 442
TLV_TYPE_MACHINE_ID =
TLV_META_TYPE_STRING | 460
TLV_TYPE_UUID =
TLV_META_TYPE_RAW    | 461
TLV_TYPE_SESSION_GUID =
TLV_META_TYPE_RAW    | 462
TLV_TYPE_RSA_PUB_KEY =
TLV_META_TYPE_RAW    | 550
TLV_TYPE_SYM_KEY_TYPE =
TLV_META_TYPE_UINT   | 551
TLV_TYPE_SYM_KEY =
TLV_META_TYPE_RAW    | 552
TLV_TYPE_ENC_SYM_KEY =
TLV_META_TYPE_RAW    | 553
TLV_TYPE_PIVOT_ID =

Pivots

TLV_META_TYPE_RAW    |  650
TLV_TYPE_PIVOT_STAGE_DATA =
TLV_META_TYPE_RAW    |  651
TLV_TYPE_PIVOT_NAMED_PIPE_NAME =
TLV_META_TYPE_STRING |  653
LOAD_LIBRARY_FLAG_ON_DISK =

Core flags

(1 << 0)
LOAD_LIBRARY_FLAG_EXTENSION =
(1 << 1)
LOAD_LIBRARY_FLAG_LOCAL =
(1 << 2)
GUID_SIZE =

Sane defaults

16
NULL_GUID =
"\x00" * GUID_SIZE
COMMAND_ID_START_CORE =

Mapping of command strings to identifiers

0
COMMAND_ID_START_STDAPI =
1000
COMMAND_ID_START_PRIV =
2000
COMMAND_ID_START_EXTAPI =
3000
COMMAND_ID_START_SNIFFER =
4000
COMMAND_ID_START_ANDROID =
5000
COMMAND_ID_START_NETWORKPUG =
6000
COMMAND_ID_START_WINPMEM =
7000
COMMAND_ID_START_KIWI =
8000
COMMAND_ID_START_APPAPI =
9000
COMMAND_ID_START_UNHOOK =
10000
COMMAND_ID_START_ESPIA =
11000
COMMAND_ID_START_INCOGNITO =
12000
COMMAND_ID_START_PYTHON =
13000
COMMAND_ID_START_POWERSHELL =
14000
COMMAND_ID_START_LANATTACKS =
15000
COMMAND_ID_START_PEINJECTOR =
16000
COMMAND_ID_START_MIMIKATZ =
17000
COMMAND_ID_MAP_CORE =
{
  'core_channel_close'            => COMMAND_ID_START_CORE + 1,
  'core_channel_eof'              => COMMAND_ID_START_CORE + 2,
  'core_channel_interact'         => COMMAND_ID_START_CORE + 3,
  'core_channel_open'             => COMMAND_ID_START_CORE + 4,
  'core_channel_read'             => COMMAND_ID_START_CORE + 5,
  'core_channel_seek'             => COMMAND_ID_START_CORE + 6,
  'core_channel_tell'             => COMMAND_ID_START_CORE + 7,
  'core_channel_write'            => COMMAND_ID_START_CORE + 8,
  'core_console_write'            => COMMAND_ID_START_CORE + 9,
  'core_enumextcmd'               => COMMAND_ID_START_CORE + 10,
  'core_get_session_guid'         => COMMAND_ID_START_CORE + 11,
  'core_loadlib'                  => COMMAND_ID_START_CORE + 12,
  'core_machine_id'               => COMMAND_ID_START_CORE + 13,
  'core_migrate'                  => COMMAND_ID_START_CORE + 14,
  'core_native_arch'              => COMMAND_ID_START_CORE + 15,
  'core_negotiate_tlv_encryption' => COMMAND_ID_START_CORE + 16,
  'core_patch_url'                => COMMAND_ID_START_CORE + 17,
  'core_pivot_add'                => COMMAND_ID_START_CORE + 18,
  'core_pivot_remove'             => COMMAND_ID_START_CORE + 19,
  'core_pivot_session_died'       => COMMAND_ID_START_CORE + 20,
  'core_set_session_guid'         => COMMAND_ID_START_CORE + 21,
  'core_set_uuid'                 => COMMAND_ID_START_CORE + 22,
  'core_shutdown'                 => COMMAND_ID_START_CORE + 23,
  'core_transport_add'            => COMMAND_ID_START_CORE + 24,
  'core_transport_change'         => COMMAND_ID_START_CORE + 25,
  'core_transport_getcerthash'    => COMMAND_ID_START_CORE + 26,
  'core_transport_list'           => COMMAND_ID_START_CORE + 27,
  'core_transport_next'           => COMMAND_ID_START_CORE + 28,
  'core_transport_prev'           => COMMAND_ID_START_CORE + 29,
  'core_transport_remove'         => COMMAND_ID_START_CORE + 30,
  'core_transport_setcerthash'    => COMMAND_ID_START_CORE + 31,
  'core_transport_set_timeouts'   => COMMAND_ID_START_CORE + 32,
  'core_transport_sleep'          => COMMAND_ID_START_CORE + 33,
}
COMMAND_ID_MAP_STDAPI =
{
  'stdapi_fs_chdir'                           => COMMAND_ID_START_STDAPI + 1,
  'stdapi_fs_chmod'                           => COMMAND_ID_START_STDAPI + 2,
  'stdapi_fs_delete_dir'                      => COMMAND_ID_START_STDAPI + 3,
  'stdapi_fs_delete_file'                     => COMMAND_ID_START_STDAPI + 4,
  'stdapi_fs_file_copy'                       => COMMAND_ID_START_STDAPI + 5,
  'stdapi_fs_file_expand_path'                => COMMAND_ID_START_STDAPI + 6,
  'stdapi_fs_file_move'                       => COMMAND_ID_START_STDAPI + 7,
  'stdapi_fs_getwd'                           => COMMAND_ID_START_STDAPI + 8,
  'stdapi_fs_ls'                              => COMMAND_ID_START_STDAPI + 9,
  'stdapi_fs_md5'                             => COMMAND_ID_START_STDAPI + 10,
  'stdapi_fs_mkdir'                           => COMMAND_ID_START_STDAPI + 11,
  'stdapi_fs_mount_show'                      => COMMAND_ID_START_STDAPI + 12,
  'stdapi_fs_search'                          => COMMAND_ID_START_STDAPI + 13,
  'stdapi_fs_separator'                       => COMMAND_ID_START_STDAPI + 14,
  'stdapi_fs_sha1'                            => COMMAND_ID_START_STDAPI + 15,
  'stdapi_fs_stat'                            => COMMAND_ID_START_STDAPI + 16,
  'stdapi_net_config_add_route'               => COMMAND_ID_START_STDAPI + 17,
  'stdapi_net_config_get_arp_table'           => COMMAND_ID_START_STDAPI + 18,
  'stdapi_net_config_get_interfaces'          => COMMAND_ID_START_STDAPI + 19,
  'stdapi_net_config_get_netstat'             => COMMAND_ID_START_STDAPI + 20,
  'stdapi_net_config_get_proxy'               => COMMAND_ID_START_STDAPI + 21,
  'stdapi_net_config_get_routes'              => COMMAND_ID_START_STDAPI + 22,
  'stdapi_net_config_remove_route'            => COMMAND_ID_START_STDAPI + 23,
  'stdapi_net_resolve_host'                   => COMMAND_ID_START_STDAPI + 24,
  'stdapi_net_resolve_hosts'                  => COMMAND_ID_START_STDAPI + 25,
  'stdapi_net_socket_tcp_shutdown'            => COMMAND_ID_START_STDAPI + 26,
  'stdapi_net_tcp_channel_open'               => COMMAND_ID_START_STDAPI + 27,
  'stdapi_railgun_api'                        => COMMAND_ID_START_STDAPI + 28,
  'stdapi_railgun_api_multi'                  => COMMAND_ID_START_STDAPI + 29,
  'stdapi_railgun_memread'                    => COMMAND_ID_START_STDAPI + 30,
  'stdapi_railgun_memwrite'                   => COMMAND_ID_START_STDAPI + 31,
  'stdapi_registry_check_key_exists'          => COMMAND_ID_START_STDAPI + 32,
  'stdapi_registry_close_key'                 => COMMAND_ID_START_STDAPI + 33,
  'stdapi_registry_create_key'                => COMMAND_ID_START_STDAPI + 34,
  'stdapi_registry_delete_key'                => COMMAND_ID_START_STDAPI + 35,
  'stdapi_registry_delete_value'              => COMMAND_ID_START_STDAPI + 36,
  'stdapi_registry_enum_key'                  => COMMAND_ID_START_STDAPI + 37,
  'stdapi_registry_enum_key_direct'           => COMMAND_ID_START_STDAPI + 38,
  'stdapi_registry_enum_value'                => COMMAND_ID_START_STDAPI + 39,
  'stdapi_registry_enum_value_direct'         => COMMAND_ID_START_STDAPI + 40,
  'stdapi_registry_load_key'                  => COMMAND_ID_START_STDAPI + 41,
  'stdapi_registry_open_key'                  => COMMAND_ID_START_STDAPI + 42,
  'stdapi_registry_open_remote_key'           => COMMAND_ID_START_STDAPI + 43,
  'stdapi_registry_query_class'               => COMMAND_ID_START_STDAPI + 44,
  'stdapi_registry_query_value'               => COMMAND_ID_START_STDAPI + 45,
  'stdapi_registry_query_value_direct'        => COMMAND_ID_START_STDAPI + 46,
  'stdapi_registry_set_value'                 => COMMAND_ID_START_STDAPI + 47,
  'stdapi_registry_set_value_direct'          => COMMAND_ID_START_STDAPI + 48,
  'stdapi_registry_unload_key'                => COMMAND_ID_START_STDAPI + 49,
  'stdapi_sys_config_driver_list'             => COMMAND_ID_START_STDAPI + 50,
  'stdapi_sys_config_drop_token'              => COMMAND_ID_START_STDAPI + 51,
  'stdapi_sys_config_getenv'                  => COMMAND_ID_START_STDAPI + 52,
  'stdapi_sys_config_getprivs'                => COMMAND_ID_START_STDAPI + 53,
  'stdapi_sys_config_getsid'                  => COMMAND_ID_START_STDAPI + 54,
  'stdapi_sys_config_getuid'                  => COMMAND_ID_START_STDAPI + 55,
  'stdapi_sys_config_localtime'               => COMMAND_ID_START_STDAPI + 56,
  'stdapi_sys_config_rev2self'                => COMMAND_ID_START_STDAPI + 57,
  'stdapi_sys_config_steal_token'             => COMMAND_ID_START_STDAPI + 58,
  'stdapi_sys_config_sysinfo'                 => COMMAND_ID_START_STDAPI + 59,
  'stdapi_sys_eventlog_clear'                 => COMMAND_ID_START_STDAPI + 60,
  'stdapi_sys_eventlog_close'                 => COMMAND_ID_START_STDAPI + 61,
  'stdapi_sys_eventlog_numrecords'            => COMMAND_ID_START_STDAPI + 62,
  'stdapi_sys_eventlog_oldest'                => COMMAND_ID_START_STDAPI + 63,
  'stdapi_sys_eventlog_open'                  => COMMAND_ID_START_STDAPI + 64,
  'stdapi_sys_eventlog_read'                  => COMMAND_ID_START_STDAPI + 65,
  'stdapi_sys_power_exitwindows'              => COMMAND_ID_START_STDAPI + 66,
  'stdapi_sys_process_attach'                 => COMMAND_ID_START_STDAPI + 67,
  'stdapi_sys_process_close'                  => COMMAND_ID_START_STDAPI + 68,
  'stdapi_sys_process_execute'                => COMMAND_ID_START_STDAPI + 69,
  'stdapi_sys_process_get_info'               => COMMAND_ID_START_STDAPI + 70,
  'stdapi_sys_process_get_processes'          => COMMAND_ID_START_STDAPI + 71,
  'stdapi_sys_process_getpid'                 => COMMAND_ID_START_STDAPI + 72,
  'stdapi_sys_process_image_get_images'       => COMMAND_ID_START_STDAPI + 73,
  'stdapi_sys_process_image_get_proc_address' => COMMAND_ID_START_STDAPI + 74,
  'stdapi_sys_process_image_load'             => COMMAND_ID_START_STDAPI + 75,
  'stdapi_sys_process_image_unload'           => COMMAND_ID_START_STDAPI + 76,
  'stdapi_sys_process_kill'                   => COMMAND_ID_START_STDAPI + 77,
  'stdapi_sys_process_memory_allocate'        => COMMAND_ID_START_STDAPI + 78,
  'stdapi_sys_process_memory_free'            => COMMAND_ID_START_STDAPI + 79,
  'stdapi_sys_process_memory_lock'            => COMMAND_ID_START_STDAPI + 80,
  'stdapi_sys_process_memory_protect'         => COMMAND_ID_START_STDAPI + 81,
  'stdapi_sys_process_memory_query'           => COMMAND_ID_START_STDAPI + 82,
  'stdapi_sys_process_memory_read'            => COMMAND_ID_START_STDAPI + 83,
  'stdapi_sys_process_memory_unlock'          => COMMAND_ID_START_STDAPI + 84,
  'stdapi_sys_process_memory_write'           => COMMAND_ID_START_STDAPI + 85,
  'stdapi_sys_process_thread_close'           => COMMAND_ID_START_STDAPI + 86,
  'stdapi_sys_process_thread_create'          => COMMAND_ID_START_STDAPI + 87,
  'stdapi_sys_process_thread_get_threads'     => COMMAND_ID_START_STDAPI + 88,
  'stdapi_sys_process_thread_open'            => COMMAND_ID_START_STDAPI + 89,
  'stdapi_sys_process_thread_query_regs'      => COMMAND_ID_START_STDAPI + 90,
  'stdapi_sys_process_thread_resume'          => COMMAND_ID_START_STDAPI + 91,
  'stdapi_sys_process_thread_set_regs'        => COMMAND_ID_START_STDAPI + 92,
  'stdapi_sys_process_thread_suspend'         => COMMAND_ID_START_STDAPI + 93,
  'stdapi_sys_process_thread_terminate'       => COMMAND_ID_START_STDAPI + 94,
  'stdapi_sys_process_wait'                   => COMMAND_ID_START_STDAPI + 95,
  'stdapi_ui_desktop_enum'                    => COMMAND_ID_START_STDAPI + 96,
  'stdapi_ui_desktop_get'                     => COMMAND_ID_START_STDAPI + 97,
  'stdapi_ui_desktop_screenshot'              => COMMAND_ID_START_STDAPI + 98,
  'stdapi_ui_desktop_set'                     => COMMAND_ID_START_STDAPI + 99,
  'stdapi_ui_enable_keyboard'                 => COMMAND_ID_START_STDAPI + 100,
  'stdapi_ui_enable_mouse'                    => COMMAND_ID_START_STDAPI + 101,
  'stdapi_ui_get_idle_time'                   => COMMAND_ID_START_STDAPI + 102,
  'stdapi_ui_get_keys_utf8'                   => COMMAND_ID_START_STDAPI + 103,
  'stdapi_ui_send_keyevent'                   => COMMAND_ID_START_STDAPI + 104,
  'stdapi_ui_send_keys'                       => COMMAND_ID_START_STDAPI + 105,
  'stdapi_ui_send_mouse'                      => COMMAND_ID_START_STDAPI + 106,
  'stdapi_ui_start_keyscan'                   => COMMAND_ID_START_STDAPI + 107,
  'stdapi_ui_stop_keyscan'                    => COMMAND_ID_START_STDAPI + 108,
  'stdapi_ui_unlock_desktop'                  => COMMAND_ID_START_STDAPI + 109,
  'stdapi_webcam_audio_record'                => COMMAND_ID_START_STDAPI + 110,
  'stdapi_webcam_get_frame'                   => COMMAND_ID_START_STDAPI + 111,
  'stdapi_webcam_list'                        => COMMAND_ID_START_STDAPI + 112,
  'stdapi_webcam_start'                       => COMMAND_ID_START_STDAPI + 113,
  'stdapi_webcam_stop'                        => COMMAND_ID_START_STDAPI + 114,
}
COMMAND_ID_MAP_ANDROID =
{
  'android_activity_start'   => COMMAND_ID_START_ANDROID + 1,
  'android_check_root'       => COMMAND_ID_START_ANDROID + 2,
  'android_device_shutdown'  => COMMAND_ID_START_ANDROID + 3,
  'android_dump_calllog'     => COMMAND_ID_START_ANDROID + 4,
  'android_dump_contacts'    => COMMAND_ID_START_ANDROID + 5,
  'android_dump_sms'         => COMMAND_ID_START_ANDROID + 6,
  'android_geolocate'        => COMMAND_ID_START_ANDROID + 7,
  'android_hide_app_icon'    => COMMAND_ID_START_ANDROID + 8,
  'android_interval_collect' => COMMAND_ID_START_ANDROID + 9,
  'android_send_sms'         => COMMAND_ID_START_ANDROID + 10,
  'android_set_audio_mode'   => COMMAND_ID_START_ANDROID + 11,
  'android_set_wallpaper'    => COMMAND_ID_START_ANDROID + 12,
  'android_sqlite_query'     => COMMAND_ID_START_ANDROID + 13,
  'android_wakelock'         => COMMAND_ID_START_ANDROID + 14,
  'android_wlan_geolocate'   => COMMAND_ID_START_ANDROID + 15,
}
COMMAND_ID_MAP_APPAPI =
{
  'appapi_app_install'   => COMMAND_ID_START_APPAPI + 1,
  'appapi_app_list'      => COMMAND_ID_START_APPAPI + 2,
  'appapi_app_run'       => COMMAND_ID_START_APPAPI + 3,
  'appapi_app_uninstall' => COMMAND_ID_START_APPAPI + 4,
}
COMMAND_ID_MAP_WINPMEM =
{
  'winpmem_dump_ram' => COMMAND_ID_START_WINPMEM + 1,
}
COMMAND_ID_MAP_ESPIA =
{
  'espia_image_get_dev_screen' => COMMAND_ID_START_ESPIA + 1,
}
COMMAND_ID_MAP_EXTAPI =
{
  'extapi_adsi_domain_query'        => COMMAND_ID_START_EXTAPI + 1,
  'extapi_clipboard_get_data'       => COMMAND_ID_START_EXTAPI + 2,
  'extapi_clipboard_monitor_dump'   => COMMAND_ID_START_EXTAPI + 3,
  'extapi_clipboard_monitor_pause'  => COMMAND_ID_START_EXTAPI + 4,
  'extapi_clipboard_monitor_purge'  => COMMAND_ID_START_EXTAPI + 5,
  'extapi_clipboard_monitor_resume' => COMMAND_ID_START_EXTAPI + 6,
  'extapi_clipboard_monitor_start'  => COMMAND_ID_START_EXTAPI + 7,
  'extapi_clipboard_monitor_stop'   => COMMAND_ID_START_EXTAPI + 8,
  'extapi_clipboard_set_data'       => COMMAND_ID_START_EXTAPI + 9,
  'extapi_ntds_parse'               => COMMAND_ID_START_EXTAPI + 10,
  'extapi_pageant_send_query'       => COMMAND_ID_START_EXTAPI + 11,
  'extapi_service_control'          => COMMAND_ID_START_EXTAPI + 12,
  'extapi_service_enum'             => COMMAND_ID_START_EXTAPI + 13,
  'extapi_service_query'            => COMMAND_ID_START_EXTAPI + 14,
  'extapi_window_enum'              => COMMAND_ID_START_EXTAPI + 15,
  'extapi_wmi_query'                => COMMAND_ID_START_EXTAPI + 16,
}
COMMAND_ID_MAP_INCOGNITO =
{
  'incognito_add_group_user'      => COMMAND_ID_START_INCOGNITO + 1,
  'incognito_add_localgroup_user' => COMMAND_ID_START_INCOGNITO + 2,
  'incognito_add_user'            => COMMAND_ID_START_INCOGNITO + 3,
  'incognito_impersonate_token'   => COMMAND_ID_START_INCOGNITO + 4,
  'incognito_list_tokens'         => COMMAND_ID_START_INCOGNITO + 5,
  'incognito_snarf_hashes'        => COMMAND_ID_START_INCOGNITO + 6,
}
COMMAND_ID_MAP_KIWI =
{
  'kiwi_exec_cmd' => COMMAND_ID_START_KIWI + 1,
}
COMMAND_ID_MAP_LANATTACKS =
{
  'lanattacks_add_tftp_file'   => COMMAND_ID_START_LANATTACKS + 1,
  'lanattacks_dhcp_log'        => COMMAND_ID_START_LANATTACKS + 2,
  'lanattacks_reset_dhcp'      => COMMAND_ID_START_LANATTACKS + 3,
  'lanattacks_reset_tftp'      => COMMAND_ID_START_LANATTACKS + 4,
  'lanattacks_set_dhcp_option' => COMMAND_ID_START_LANATTACKS + 5,
  'lanattacks_start_dhcp'      => COMMAND_ID_START_LANATTACKS + 6,
  'lanattacks_start_tftp'      => COMMAND_ID_START_LANATTACKS + 7,
  'lanattacks_stop_dhcp'       => COMMAND_ID_START_LANATTACKS + 8,
  'lanattacks_stop_tftp'       => COMMAND_ID_START_LANATTACKS + 9,
}
COMMAND_ID_MAP_MIMIKATZ =
{
  'mimikatz_custom_command' => COMMAND_ID_START_MIMIKATZ + 1,
}
COMMAND_ID_MAP_NETWORKPUG =
{
  'networkpug_start' => COMMAND_ID_START_NETWORKPUG + 1,
  'networkpug_stop'  => COMMAND_ID_START_NETWORKPUG + 2,
}
COMMAND_ID_MAP_PEINJECTOR =
{
  'peinjector_inject_shellcode' => COMMAND_ID_START_PEINJECTOR + 1,
}
COMMAND_ID_MAP_POWERSHELL =
{
  'powershell_assembly_load'  => COMMAND_ID_START_POWERSHELL + 1,
  'powershell_execute'        => COMMAND_ID_START_POWERSHELL + 2,
  'powershell_session_remove' => COMMAND_ID_START_POWERSHELL + 3,
  'powershell_shell'          => COMMAND_ID_START_POWERSHELL + 4,
}
COMMAND_ID_MAP_PRIV =
{
  'priv_elevate_getsystem'          => COMMAND_ID_START_PRIV + 1,
  'priv_fs_blank_directory_mace'    => COMMAND_ID_START_PRIV + 2,
  'priv_fs_blank_file_mace'         => COMMAND_ID_START_PRIV + 3,
  'priv_fs_get_file_mace'           => COMMAND_ID_START_PRIV + 4,
  'priv_fs_set_file_mace'           => COMMAND_ID_START_PRIV + 5,
  'priv_fs_set_file_mace_from_file' => COMMAND_ID_START_PRIV + 6,
  'priv_passwd_get_sam_hashes'      => COMMAND_ID_START_PRIV + 7,
}
COMMAND_ID_MAP_PYTHON =
{
  'python_execute' => COMMAND_ID_START_PYTHON + 1,
  'python_reset'   => COMMAND_ID_START_PYTHON + 2,
}
COMMAND_ID_MAP_SNIFFER =
{
'sniffer_capture_dump'      => COMMAND_ID_START_SNIFFER + 1,
'sniffer_capture_dump_read' => COMMAND_ID_START_SNIFFER + 2,
'sniffer_capture_release'   => COMMAND_ID_START_SNIFFER + 3,
'sniffer_capture_start'     => COMMAND_ID_START_SNIFFER + 4,
'sniffer_capture_stats'     => COMMAND_ID_START_SNIFFER + 5,
'sniffer_capture_stop'      => COMMAND_ID_START_SNIFFER + 6,
'sniffer_interfaces'        => COMMAND_ID_START_SNIFFER + 7,
}
COMMAND_ID_MAP_UNHOOK =
{
  'unhook_pe' => COMMAND_ID_START_UNHOOK + 1,
}
COMMAND_ID_MAP =
[
  COMMAND_ID_MAP_CORE,
  COMMAND_ID_MAP_STDAPI,
  COMMAND_ID_MAP_PRIV,
  COMMAND_ID_MAP_EXTAPI,
  COMMAND_ID_MAP_SNIFFER,
  COMMAND_ID_MAP_ANDROID,
  COMMAND_ID_MAP_NETWORKPUG,
  COMMAND_ID_MAP_WINPMEM,
  COMMAND_ID_MAP_KIWI,
  COMMAND_ID_MAP_APPAPI,
  COMMAND_ID_MAP_UNHOOK,
  COMMAND_ID_MAP_ESPIA,
  COMMAND_ID_MAP_INCOGNITO,
  COMMAND_ID_MAP_PYTHON,
  COMMAND_ID_MAP_POWERSHELL,
  COMMAND_ID_MAP_LANATTACKS,
  COMMAND_ID_MAP_PEINJECTOR,
  COMMAND_ID_MAP_MIMIKATZ,
].inject({}) {|m1, m2| m1.merge(m2)}
CHANNEL_CLASS_STREAM =

The various types of channels

1
CHANNEL_CLASS_DATAGRAM =
2
CHANNEL_CLASS_POOL =
3
CHANNEL_FLAG_SYNCHRONOUS =

The various flags that can affect how the channel operates

CHANNEL_FLAG_SYNCHRONOUS
   Specifies that I/O requests on the channel are blocking.

CHANNEL_FLAG_COMPRESS
   Specifies that I/O requests on the channel have their data zlib compressed.
(1 << 0)
CHANNEL_FLAG_COMPRESS =
(1 << 1)
CHANNEL_DIO_READ =

The core types of direct I/O requests

'read'
CHANNEL_DIO_WRITE =
'write'
CHANNEL_DIO_CLOSE =
'close'
COMMAND_ID_RANGE =

Effectively maps to the number of commands an extension can have. Each extension ID starts at a range boundary and is used to identify extensions.

1000
EXTENSION_ID_CORE =

ID for the extension (needs to be a multiple of 1000)

0
COMMAND_ID_CORE_CHANNEL_CLOSE =
EXTENSION_ID_CORE + 1
COMMAND_ID_CORE_CHANNEL_EOF =
EXTENSION_ID_CORE + 2
COMMAND_ID_CORE_CHANNEL_INTERACT =
EXTENSION_ID_CORE + 3
COMMAND_ID_CORE_CHANNEL_OPEN =
EXTENSION_ID_CORE + 4
COMMAND_ID_CORE_CHANNEL_READ =
EXTENSION_ID_CORE + 5
COMMAND_ID_CORE_CHANNEL_SEEK =
EXTENSION_ID_CORE + 6
COMMAND_ID_CORE_CHANNEL_TELL =
EXTENSION_ID_CORE + 7
COMMAND_ID_CORE_CHANNEL_WRITE =
EXTENSION_ID_CORE + 8
COMMAND_ID_CORE_CONSOLE_WRITE =
EXTENSION_ID_CORE + 9
COMMAND_ID_CORE_ENUMEXTCMD =
EXTENSION_ID_CORE + 10
COMMAND_ID_CORE_GET_SESSION_GUID =
EXTENSION_ID_CORE + 11
COMMAND_ID_CORE_LOADLIB =
EXTENSION_ID_CORE + 12
COMMAND_ID_CORE_MACHINE_ID =
EXTENSION_ID_CORE + 13
COMMAND_ID_CORE_MIGRATE =
EXTENSION_ID_CORE + 14
COMMAND_ID_CORE_NATIVE_ARCH =
EXTENSION_ID_CORE + 15
COMMAND_ID_CORE_NEGOTIATE_TLV_ENCRYPTION =
EXTENSION_ID_CORE + 16
COMMAND_ID_CORE_PATCH_URL =
EXTENSION_ID_CORE + 17
COMMAND_ID_CORE_PIVOT_ADD =
EXTENSION_ID_CORE + 18
COMMAND_ID_CORE_PIVOT_REMOVE =
EXTENSION_ID_CORE + 19
COMMAND_ID_CORE_PIVOT_SESSION_DIED =
EXTENSION_ID_CORE + 20
COMMAND_ID_CORE_SET_SESSION_GUID =
EXTENSION_ID_CORE + 21
COMMAND_ID_CORE_SET_UUID =
EXTENSION_ID_CORE + 22
COMMAND_ID_CORE_SHUTDOWN =
EXTENSION_ID_CORE + 23
COMMAND_ID_CORE_TRANSPORT_ADD =
EXTENSION_ID_CORE + 24
COMMAND_ID_CORE_TRANSPORT_CHANGE =
EXTENSION_ID_CORE + 25
COMMAND_ID_CORE_TRANSPORT_GETCERTHASH =
EXTENSION_ID_CORE + 26
COMMAND_ID_CORE_TRANSPORT_LIST =
EXTENSION_ID_CORE + 27
COMMAND_ID_CORE_TRANSPORT_NEXT =
EXTENSION_ID_CORE + 28
COMMAND_ID_CORE_TRANSPORT_PREV =
EXTENSION_ID_CORE + 29
COMMAND_ID_CORE_TRANSPORT_REMOVE =
EXTENSION_ID_CORE + 30
COMMAND_ID_CORE_TRANSPORT_SETCERTHASH =
EXTENSION_ID_CORE + 31
COMMAND_ID_CORE_TRANSPORT_SET_TIMEOUTS =
EXTENSION_ID_CORE + 32
COMMAND_ID_CORE_TRANSPORT_SLEEP =
EXTENSION_ID_CORE + 33

Class Method Summary collapse

Class Method Details

.command_id_to_method_string(method_int) ⇒ Object


620
621
622
623
624
625
626
627
628
# File 'lib/rex/post/meterpreter/packet.rb', line 620

def self.command_id_to_method_string(method_int)
  value = COMMAND_ID_MAP.key(method_int)

  if value.nil?
    raise ArgumentError, "Unknown Packet command method integer: #{}, please report this to the Metasploit team."
  end

  value
end

.generate_command_id_map_cObject


460
461
462
463
464
465
466
467
468
469
470
471
472
473
474
475
476
477
478
479
480
481
482
483
484
485
486
487
488
489
490
491
492
493
# File 'lib/rex/post/meterpreter/packet.rb', line 460

def self.generate_command_id_map_c
  id_map = [
    COMMAND_ID_MAP_CORE,
    COMMAND_ID_MAP_STDAPI,
    COMMAND_ID_MAP_PRIV,
    COMMAND_ID_MAP_EXTAPI,
    COMMAND_ID_MAP_SNIFFER,
    COMMAND_ID_MAP_WINPMEM,
    COMMAND_ID_MAP_KIWI,
    COMMAND_ID_MAP_UNHOOK,
    COMMAND_ID_MAP_ESPIA,
    COMMAND_ID_MAP_INCOGNITO,
    COMMAND_ID_MAP_PYTHON,
    COMMAND_ID_MAP_POWERSHELL,
    COMMAND_ID_MAP_LANATTACKS,
    COMMAND_ID_MAP_PEINJECTOR,
    COMMAND_ID_MAP_MIMIKATZ,
  ].inject({}) {|m1, m2| m1.merge(m2)}

  command_ids = id_map.map {|k, v| "#define COMMAND_ID_#{k.upcase} #{v}"}
  %Q^
/*!
 * @file common_command_ids.h
 * @brief Declarations of command ID values
 * @description This file was generated #{Time.now.utc}. Do not modify directly.
 */
#ifndef _METERPRETER_SOURCE_COMMON_COMMAND_IDS_H
#define _METERPRETER_SOURCE_COMMON_COMMAND_IDS_H

#{command_ids.join("\n")}

#endif
  ^
end

.generate_command_id_map_csharpObject


579
580
581
582
583
584
585
586
587
588
589
590
591
592
593
594
595
596
597
598
599
600
601
602
603
604
605
606
607
608
609
610
# File 'lib/rex/post/meterpreter/packet.rb', line 579

def self.generate_command_id_map_csharp
  id_map = [
    COMMAND_ID_MAP_CORE,
    COMMAND_ID_MAP_STDAPI,
    COMMAND_ID_MAP_PRIV,
    COMMAND_ID_MAP_EXTAPI,
    COMMAND_ID_MAP_SNIFFER,
    COMMAND_ID_MAP_WINPMEM,
    COMMAND_ID_MAP_KIWI,
    COMMAND_ID_MAP_UNHOOK,
    COMMAND_ID_MAP_ESPIA,
    COMMAND_ID_MAP_INCOGNITO,
    COMMAND_ID_MAP_PYTHON,
    COMMAND_ID_MAP_POWERSHELL,
    COMMAND_ID_MAP_LANATTACKS,
    COMMAND_ID_MAP_PEINJECTOR,
    COMMAND_ID_MAP_MIMIKATZ,
  ].inject({}) {|m1, m2| m1.merge(m2)}
  command_ids = id_map.map {|k, v| "#{k.split('_').map(&:capitalize).join} = #{v},"}
  %Q^
/// <summary>
// This content was generated by a tool @ #{Time.now.utc}
/// </summary>
namespace MSF.Powershell.Meterpreter
{
    public enum CommandId
    {
        #{command_ids.join("\n        ")}
    }
}
  ^
end

.generate_command_id_map_javaObject


495
496
497
498
499
500
501
502
503
504
505
506
507
508
509
510
511
512
513
# File 'lib/rex/post/meterpreter/packet.rb', line 495

def self.generate_command_id_map_java
  id_map = [
    COMMAND_ID_MAP_CORE,
    COMMAND_ID_MAP_STDAPI,
  ].inject({}) {|m1, m2| m1.merge(m2)}
  command_ids = id_map.map {|k, v| "    public static final int #{k.upcase} = #{v};"}
  %Q^
package com.metasploit.meterpreter.command;

/**
 * All supported Command Identifiers
 *
 * @author Genereated by a tool @ #{Time.now.utc}
 */
public interface CommandId {
#{command_ids.join("\n")}
}
  ^
end

.generate_command_id_map_phpObject


526
527
528
529
530
531
532
# File 'lib/rex/post/meterpreter/packet.rb', line 526

def self.generate_command_id_map_php
  %Q^
#{self.generate_command_id_map_php_lib('metsrv', COMMAND_ID_MAP_CORE)}

#{self.generate_command_id_map_php_lib('stdapi', COMMAND_ID_MAP_STDAPI)}
  ^
end

.generate_command_id_map_php_lib(lib, id_map) ⇒ Object


515
516
517
518
519
520
521
522
523
524
# File 'lib/rex/post/meterpreter/packet.rb', line 515

def self.generate_command_id_map_php_lib(lib, id_map)
  command_ids = id_map.map {|k, v| "define('COMMAND_ID_#{k.upcase}', #{v});"}
  %Q^
# ---------------------------------------------------------------
# --- THIS CONTENT WAS GENERATED BY A TOOL @ #{Time.now.utc}
# IDs for #{lib}
#{command_ids.join("\n")}
# ---------------------------------------------------------------
  ^
end

.generate_command_id_map_pythonObject


534
535
536
537
538
539
540
541
542
543
544
545
546
547
548
# File 'lib/rex/post/meterpreter/packet.rb', line 534

def self.generate_command_id_map_python
  id_map = [
    COMMAND_ID_MAP_CORE,
    COMMAND_ID_MAP_STDAPI,
  ].inject({}) {|m1, m2| m1.merge(m2)}
  command_ids = id_map.map {|k, v| "    (#{v}, '#{k.downcase}'),"}
  %Q^
# ---------------------------------------------------------------
# --- THIS CONTENT WAS GENERATED BY A TOOL @ #{Time.now.utc}
COMMAND_IDS = (
#{command_ids.join("\n")}
)
# ---------------------------------------------------------------
  ^
end

.generate_command_id_map_python_extensionObject


550
551
552
553
554
555
556
557
558
559
560
561
562
563
564
565
566
567
568
569
570
571
572
573
574
575
576
577
# File 'lib/rex/post/meterpreter/packet.rb', line 550

def self.generate_command_id_map_python_extension
  id_map = [
    COMMAND_ID_MAP_CORE,
    COMMAND_ID_MAP_STDAPI,
    COMMAND_ID_MAP_PRIV,
    COMMAND_ID_MAP_EXTAPI,
    COMMAND_ID_MAP_SNIFFER,
    COMMAND_ID_MAP_WINPMEM,
    COMMAND_ID_MAP_KIWI,
    COMMAND_ID_MAP_UNHOOK,
    COMMAND_ID_MAP_ESPIA,
    COMMAND_ID_MAP_INCOGNITO,
    COMMAND_ID_MAP_PYTHON,
    COMMAND_ID_MAP_POWERSHELL,
    COMMAND_ID_MAP_LANATTACKS,
    COMMAND_ID_MAP_PEINJECTOR,
    COMMAND_ID_MAP_MIMIKATZ,
  ].inject({}) {|m1, m2| m1.merge(m2)}
  command_ids = id_map.map {|k, v| "COMMAND_ID_#{k.upcase} = #{v}"}
  %Q^
# ---------------------------------------------------------------
# --- THIS CONTENT WAS GENERATED BY A TOOL @ #{Time.now.utc}

#{command_ids.join("\n")}

# ---------------------------------------------------------------
  ^
end

.method_string_to_command_id(method_string) ⇒ Object


612
613
614
615
616
617
618
# File 'lib/rex/post/meterpreter/packet.rb', line 612

def self.method_string_to_command_id(method_string)
  unless COMMAND_ID_MAP.include?(method_string)
    raise ArgumentError, "Unknown Packet command method string: #{method_string}, please report this to the Metasploit team."
  end

  COMMAND_ID_MAP[method_string]
end