Add a secure command to renegotiate TLV encryption

[OJ]

This gives us the ability to force TLV encryption if for some reason it's not already in place, and it means
we can renegotiate a new key on the fly if we want to. This PR just puts the user in the drivers seat, but down the track my aim would be to periodically change keys automatically. The aim is just to make things harder to keep track of.

I have had cases where initial sessions kick off and TLV encryption doesn't happen, and other cases where stageless sessions don't end up with encryption enabled. So this is a means for us to drive it from the UI in those cases. Hopefully I'll get to the bottom of those edge cases soon.

This isn't hugely mind blowing :) But it's a thing that I know I'll use!

Verification

List the steps needed to make sure this thing works

• Start msfconsole
• create a new encryption-supported meterpreter session (Windows is my go to, but we should try it on a few)
• Type secure into the console.
• Verify that you receive a success message.

[acammack-r7]

Looks like this works fine for mettle, but causes PHP Meterpreter to hang:

meterpreter > secure
[*] Negotiating new encryption key ...
[-] Error running command secure: Rex::TimeoutError Operation timed out.

EDIT: it appears after poking at it a little bit that in PHP Meterpreter if the new symetric key is the same as the old key the renegotiation works as expected.
EDIT 2: ok, looks like the encryption flag needed to be cleared, PHP meterp PR incoming

[acammack-r7]

@OJ Created rapid7/metasploit-payloads#351 to make PHP meterpreter compatible. Once that lands I think this is good to go.

[wvu]

Wow, good find!

[OJ]

Landed :)

[acammack-r7]

Release Notes

The secure Meterpreter renegotiates the session symmetric key for per-TLV encryption or will attempt to set up per-TLV encryption if it is not present.