Metasploit mailing list archives
Re: Presenting Meterpreter extension: RAILGUN
From: Carlos Perez <carlos_perez () darkoperator com>
Date: Sun, 13 Jun 2010 08:32:55 -0400
This looks very promising indeed, I would create mixins and abstract most of the common uses like: Account enumeration Service Management Power (shutdown, restart..etc) We could even have a look at seeing if standard api could inherit from this so as to make the paylod even smaller. I really like this concept. Cheers, Carlos On Jun 13, 2010, at 5:25 AM, Patrick HVE wrote:
Railgun is an extension for Meterpreter Ruby. It allows you to use the complete Windows API on the meterpreter-controlled system. You can call any function of any DLL you may find or upload to the target system. See it in action: #######################################irb[*] Starting IRB shell [*] The 'client' variable holds the meterpreter clientclient.core.use("railgun")=> trueclient.railgun.kernel32.CreateFileA ("test.txt", "GENERIC_READ","FILE_SHARE_READ", nil, "OPEN_EXISTING", 0, 0) => {"GetLastError"=>0, "return"=>448}client.railgun.kernel32.ReadFile(448,10,10,4,nil)=> {"GetLastError"=>0, "return"=>true, "lpBuffer"=>"blahblahbl", "lpNumberOfBytesRead"=>10}client.railgun.kernel32.CloseHandle(448)=> {"GetLastError"=>0, "return"=>true} ####################################### Railgun knows > 1000 functions and you can easily define new ones. For example: client.railgun.add_dll('user32','user32.dll') client.railgun.add_function( 'user32', 'MessageBoxA', 'DWORD',[ ["DWORD","hWnd","in"], ["PCHAR","lpText","in"], ["PCHAR","lpCaption","in"], ["DWORD","uType","in"], ])client.railgun.user32.MessageBoxA(0,"Hello","world","MB_OK")((((((and after you click OK on the target system))))) => {"GetLastError"=>0, "return"=>1} What is the purpose of railgun? ------------------------------------- - We all love writing meterpreter ruby scripts. Just look at darkoperator.com. Now we can get even more creative. It's easy. For example just add the line: ### client.railgun.kernel32.SetThreadExecutionState("ES_CONTINUOUS | ES_SYSTEM_REQUIRED") ### and the target system will not go into sleep mode during your presentation ;-) - Do really complex stuff on specific targets - Rapid prototyping of future extensions Where can you download it? -------------------------- http://rapidshare.com/files/398485119/railgun.zip.html (paid account, no waiting) _______________________________________________ https://mail.metasploit.com/mailman/listinfo/framework
_______________________________________________ https://mail.metasploit.com/mailman/listinfo/framework
Current thread:
- Presenting Meterpreter extension: RAILGUN Patrick HVE (Jun 13)
- Re: Presenting Meterpreter extension: RAILGUN Carlos Perez (Jun 13)
- Re: Presenting Meterpreter extension: RAILGUN HD Moore (Jun 13)
- Re: Presenting Meterpreter extension: RAILGUN Rob Fuller (Jun 13)
- Re: Presenting Meterpreter extension: RAILGUN Patrick HVE (Jun 13)
- Re: Presenting Meterpreter extension: RAILGUN HD Moore (Jun 13)