Fix default session GUID when not specified

This resolves an issue with stategless HTTP sessions

Author: OJ

lib/rex/post/meterpreter/packet.rb

@@ -676,6 +676,8 @@ class Packet < GroupTlv
   PACKET_TYPE_SIZE = 4
   PACKET_HEADER_SIZE = XOR_KEY_SIZE + SESSION_GUID_SIZE + ENCRYPTED_FLAGS_SIZE + PACKET_LENGTH_SIZE + PACKET_TYPE_SIZE
 
+  SESSION_NULL_GUID = "\x00" * SESSION_GUID_SIZE
+
   AES_IV_SIZE = 16
 
   ENC_FLAG_NONE   = 0x0
@@ -802,7 +804,7 @@ def aes_decrypt(key, iv, data)
   def to_r(session_guid = nil, key = nil)
     xor_key = (rand(254) + 1).chr + (rand(254) + 1).chr + (rand(254) + 1).chr + (rand(254) + 1).chr
 
-    raw = session_guid.dup
+    raw = (session_guid || SESSION_NULL_GUID).dup
     tlv_data = GroupTlv.instance_method(:to_r).bind(self).call
 
     if key && key[:key] && key[:type] == ENC_FLAG_AES256

lib/rex/post/meterpreter/packet_dispatcher.rb

@@ -464,7 +464,7 @@ def receive_packet
     packet = parser.recv(self.sock)
     if packet
       packet.parse_header!
-      if self.session_guid == "\x00" * 16
+      if self.session_guid == NULL_GUID
         self.session_guid = packet.session_guid.dup
       end
     end