background image

Meterpreter

97

Notice at   that when we exploit the system we issue the 

exploit -z

 

command, which will not interact with the session once the target has been 
exploited. If you had already executed the 

exploit

 command at this point, 

you could simply press 

CTRL

-Z and run the session in the background.

Manipulating Windows APIs with the Railgun Add-On

You can interface with the Windows native API directly through a Metasploit 
add-on called 

Railgun

, which was written by Patrick HVE. By adding Railgun 

to the Metasploit Framework, you can natively call Windows APIs through 
Meterpreter, all through the Windows API. For example, in the following 
listing, we’ll drop into an interactive Ruby shell (

irb

), available through 

Meterpreter. The 

irb

 shell allows us to interact directly with Meterpreter 

through Ruby-based syntax. We call Railgun in this example and create a 
simple pop-up box saying “hello world”.

meterpreter > 

irb

[*] Starting IRB shell
[*] The 'client' variable holds the meterpreter client
>> client.railgun.user32.MessageBoxA(0,"hello","world","MB_OK")

On our target Windows XP machine, you should see a pop-up box with 

world

 in the title bar and 

hello

 in the message box. In this example, we simply 

called the 

user32.dll

 and the 

MessageBoxA

 function, which takes the parameters 

as shown.

NOTE

For a list of all documented API calls, visit 

http://msdn.microsoft.com/

.

We won’t cover Railgun in detail (you can find a tutorial within the 

Framework directory under 

external/source/meterpreter/source/extensions/stdapi/

server/railgun/

),

 

but this gives you an idea of its power. 

The implications are huge: Railgun gives you the same capabilities as a 

native Win32 application with full access to the Windows API.

Wrapping Up

Hopefully, you’re now pretty comfortable with Meterpreter. We haven’t gone 
through every Meterpreter flag and option, because we expect your knowl-
edge of Meterpreter to grow as you experiment and use it. Meterpreter is a 
continuously evolving tool with an enormous amount of support for scripts 
and additions. Once you become comfortable with the overall interface, you 
will be able to master anything new. In Chapter 16, you will learn how to cre-
ate your own Meterpreter scripts from scratch and how the overall structure 
of a Meterpreter script is designed.