In the previous recipe, we saw the use of the Meterpreter API to run Ruby scripts. Let us take that a step ahead. Suppose we want to make remote API calls on the victim machine; what can be the simplest method? Railgun is the obvious answer. It is a Meterpreter extension that allows an attacker to call DLL functions directly. Most often, it is used to make calls to the Windows API, but we can call any DLL on the victim's machine.
To start using Railgun, we will require an active Meterpreter session on our target machine. To start the Ruby interpreter, we will use the
irb command, as discussed in the previous recipe:
Before we move into calling DLLs, let us first ...