All of the functions you're scripting in meterpreter are implemented in the meterpreter 'server' that is running on the target. Your scripts send commands to the meterpreter server, where the relevant functions are invoked.
For more info, you can browse the source here: Meterpreter dll source: http://trac.metasploit.com/browser/framework3/trunk/external/source/meterpreter Most of the meterpreter handling code is here: http://trac.metasploit.com/browser/framework3/trunk/lib/rex/post n 2009/2/23 Bryan Richardson <btri...@gmail.com>: > So, in the spirit of Natron's response below, can someone explain to me how > it's possible to run Ruby scripts within the Meterpreter console? From what > Natron's said, I assume these scripts are actually ran client side using > information passed to the client from the exploited host via the Meterpreter > control protocol... correct? > > On Mon, Feb 16, 2009 at 1:56 PM, Bryan Richardson <btri...@gmail.com> wrote: >> >> I see. :( >> >> On Mon, Feb 16, 2009 at 1:45 PM, natron <nat...@invisibledenizen.org> >> wrote: >>> >>> You have to push down whatever code you want to use, so in this case, >>> that would mean pushing down an entire ruby interpreter, >>> self-contained. That's probably not feasible. :) >>> >>> 2009/2/16 Bryan Richardson <btri...@gmail.com>: >>> > Hey HD, >>> > >>> > Thanks for the update. I'll be interested to see how they respond. :) >>> > >>> > Along these lines, I had asked a question in a previous email about the >>> > availability of Ruby's pcap libraries on compromised machines, and you >>> > responded with the following: >>> > >>> > The Pcap stuff in Metasploit only works on the attacker's machine, it >>> > doesnt extend through any of the payloads. >>> > >>> > Incidentally, what would it take to extend the Ruby pcap stuff in >>> > Metasploit >>> > through some of the payloads? Being able to script some remote packet >>> > sniffing stuff in Ruby for use on a compromised machine would be >>> > friggin' >>> > awesome if you ask me. However, I have no idea what it would take to >>> > make >>> > this happen... I'm still *learning* the in's and out's of the awesome >>> > Ruby >>> > project that is Metasploit. >>> > >>> > -- >>> > Thanks! >>> > Bryan >>> > >>> > On Sun, Feb 15, 2009 at 9:09 PM, H D Moore <h...@metasploit.com> wrote: >>> >> >>> >> On Sun, 2009-02-15 at 18:42 -0700, Bryan Richardson wrote: >>> >> > Thanks for the info. The only thing is, I'm needing access to the >>> >> > sniffed traffic in real-time. For now I just plan to go the route >>> >> > of >>> >> > piping it through netcat. :) >>> >> > >>> >> I sent them an email about getting a cheap/free license for a new >>> >> meterpreter extension ($1999 otherwise). >>> >> >>> >> -HD >>> >> >>> > >>> > >>> > _______________________________________________ >>> > Framework-Hackers mailing list >>> > Framework-Hackers@spool.metasploit.com >>> > http://spool.metasploit.com/mailman/listinfo/framework-hackers >>> > >>> > >> > > > _______________________________________________ > Framework-Hackers mailing list > Framework-Hackers@spool.metasploit.com > http://spool.metasploit.com/mailman/listinfo/framework-hackers > > _______________________________________________ Framework-Hackers mailing list Framework-Hackers@spool.metasploit.com http://spool.metasploit.com/mailman/listinfo/framework-hackers
