Railgun – converting Ruby into a weapon

In the previous recipe, we saw the use of the meterpreter API to run Ruby scripts. Let us take that a step ahead. Suppose we want to make remote API calls on the victim machine then what can be the simplest method? Railgun is the obvious answer. It is a meterpreter extension that allows an attacker to call DLL functions directly. Most often, it is used to make calls to the Windows API, but we can call any DLL on the victim's machine.

Getting ready

To start using Railgun, we will require an active meterpreter session on our target machine. To start the Ruby interpreter, we will use the irb command as discussed in the previous recipe.

meterpreter>irb
>>

How to do it...

Before we move into calling DLLs, let ...

Get Metasploit Penetration Testing Cookbook now with the O’Reilly learning platform.

O’Reilly members experience books, live events, courses curated by job role, and more from O’Reilly and nearly 200 top publishers.

Start your free trial

Metasploit Penetration Testing Cookbook by Abhinav Singh

Railgun – converting Ruby into a weapon

Getting ready

How to do it...

Don’t leave empty-handed

It’s yours, free.

Check it out now on O’Reilly