Welcome back, fellow hackers! If you have used the well-known exploitation framework Metasploit before, you probably came across the phrase “Payload” at some point. But what are Payloads in Hacking Lingo? That’s what we are going to learn today.
Generally, we can say that there are 3 main groups of Payloads.
The three main Payload groups
Now let’s have a brief look at each of them to get a better understanding of how they work.
Singles are self-contained and completely standalone. Those Payloads are used to perform simple commands for information gathering or they can be used to make significant changes to the system you are attacking. An example would be creating a new admin user and enabling Remote Desktop Connections.
Stagers are used to establish network connections between the attacker and the victim. Those connections are designed to be small and reliable. You basically can get Shell-Access over the Network. You can control a compromised system with it. When using this kind of exploit, shellcode will be executed on the target system that will execute, for example, a windows cmd.exe or a bash shell on a local network port. This shell access now awaits connections on the port. You can, for example, use Netcat to get a connection to the exploited system.
You could use Netcat to connect to the open port like in the example below
nc 192.168.1.54 5718
The problem with this attack is, that if the targeted system is behind a firewall, you will be able to still run the exploit, but once you try to connect to the opened port, the firewall would prevent you from connecting. That’s why you mostly use Stages to create a Reverse-Shell.
Alright, let’s talk about the last and most used type of Payload: Stages.
Those Payloads provide advanced features like Meterpreter, VNC Injection and so on. Stages have the same goal as Stagers: Creating Shell-Access to the target system over the network. Reverse-Payloads execute Shellcode on the target system. This Shellcode creates a connection from the Target Computer to an open port on the Attacker’s computer. So it is the opposite than in a Stagers Payload. Because this connection is established from the Target Computer and not to the Target Computer, it is often possible to surpass Firewalls, except on very tightening systems.
So those are the three main Payload types. There are more, which you can read up on here. But this should give you a good idea and a basic understanding of how certain types of Payloads work.
Until next time, keep hacking!