If you look at Metasploit’s payload list, you will also notice that some payloads actually have the exact same name, but in different formats. For example: windows/shell/reverse_tcp and windows/shell_reverse_tcp. The one with the forward slash indicates that is a “staged” payload, the one with the underscore means it’s “single”. So what’s the difference?
Staged payload -> The payload consists of two main components: a small stub loader and the final stage payload. When you deliver windows/shell/reverse_tcp to the target machine, for example, you are actually sending the loader first. And then when that loader gets executed, it will ask the handler (on the attacker’s end) to send over the final stage (the larger payload), and finally you get a shell.
Single payload -> It is meant to be a fire-and-forget kind of payload. This can be used when the target has no network access.
Please refer the below link for more information:
https://docs.rapid7.com/metasploit/working-with-payloads/
Happy Learning !!
No comments:
Post a Comment