# Payloads Tags: #payloads Links: --- ## **Definition:** In the context of exploitation and post-exploitation, a **payload** is the piece of code delivered to a target system after a vulnerability is exploited. It performs actions like creating a backdoor, opening a reverse shell, or executing commands. --- ## **Types of Payloads:** #### **1. Staged Payload** A staged payload is split into two parts: - **Stage 1** (the stager) – a small initial payload that sets up communication with the attacker's system. - **Stage 2** – the full payload is delivered over that connection and executed later. **Advantages:** ✅ Smaller in size (good for limited buffer space) ✅ Harder to detect during delivery **Drawbacks:** ❌ Requires a stable connection to fetch Stage 2 ❌ Can fail if Stage 2 is blocked or interrupted **Example:** `windows/meterpreter/reverse_tcp` (in Metasploit) --- #### **2. Stageless Payload** **Definition:** A stageless payload contains the full functionality in a single package. It does **not** need to fetch anything from the attacker’s server after being executed. **Advantages:** ✅ More reliable (no second connection needed) ✅ Faster execution once on target **Drawbacks:** ❌ Larger in size ❌ Easier to detect by antivirus and firewalls **Example:** `windows/meterpreter_reverse_tcp` (notice no slash between "meterpreter" and "reverse_tcp") --- ### Use Cases: - **Staged**: Great for stealth, limited space, or evasive techniques - **Stageless**: Better for speed, reliability, or when internet access is restricted ## **Also Known As:** - Staged = two-part payload - Stageless = full payload - Exploit payloads, shellcode ---