EH-Net

Hi,

Can someone tell me what is the difference between these two Metasploit payloads:

1) windows/shell/bind_tcp
Listen for a connection, Spawn a piped command shell (staged)

2) windows/shell_bind_tcp
Listen for a connection and spawn a command shell

They both have the same basic options:

Name      Current Setting  Required  Description
----      ---------------  --------  -----------
EXITFUNC  process          yes         Exit technique: seh, thread, process, none
LPORT       4444              yes         The listen port
RHOST                           no          The target address


Basically, what does "spawn a piped shell (staged)" means compared to "spawn a command shell"?

Thanks in advance

A staged payload uses a stager to instruct the exploit on how to shovel the payload to the victim over the network connection. Non-staged payloads are fully self-contained. The advantage to staged payloads is that they can fit into very small sections of memory, but they're not always as reliable.

You can read more here:

http://www.room362.com/blog/2011/6/26/metasploit-payloads-explained-part-1.html (http://www.room362.com/blog/2011/6/26/metasploit-payloads-explained-part-1.html)

Great article, thanks!

I already knew about staged, stagers and singles, but I didn't know about the / and the _. I also figured what "piped" meant.

Thanks again ziggy_567

I guess I should read your posts more carefully! I didn't pick up on the "piped" part of the question!  ;D