HomeCalendarCertificationsColumnsFeaturesForumResourcesVitals
 
Image
 
linkedin_logo.png rss_logo.jpg
twitter_logo.png youtube_logo.jpg
Latest Additions
 
EH-Net Login
Welcome Guest.
Lost Password?
No account yet? Register
Who's Online
We have 28 guests online
 
Advertisement

You are here: Home arrow Ethical Hacking Discussions and Related Certificationsarrow Network Pen Testingarrow Metasploit payload question
EH-Net
May 21, 2013, 11:30:29 AM *
Welcome, Guest. Please login or register.
Did you miss your activation email?

Login with username, password and session length
News: Go back to The Ethical Hacker Network Online Magazine Home Page
 
   Home   Help Calendar Login Register  
Pages: [1]   Go Down
« previous next »
  Print  
Author Topic: Metasploit payload question  (Read 1193 times)
0 Members and 1 Guest are viewing this topic.
H1t M0nk3y
Hero Member
*****
Offline Offline

Posts: 864



View Profile
« on: January 24, 2013, 07:23:35 AM »
Hi,

Can someone tell me what is the difference between these two Metasploit payloads:

1) windows/shell/bind_tcp
Listen for a connection, Spawn a piped command shell (staged)

2) windows/shell_bind_tcp
Listen for a connection and spawn a command shell

They both have the same basic options:

Name      Current Setting  Required  Description
----      ---------------  --------  -----------
EXITFUNC  process          yes         Exit technique: seh, thread, process, none
LPORT       4444              yes         The listen port
RHOST                           no          The target address


Basically, what does "spawn a piped shell (staged)" means compared to "spawn a command shell"?

Thanks in advance
Logged
OSCP, GPEN, GWAPT, GSEC, CEH, CISSP
ziggy_567
Sr. Member
****
Offline Offline

Posts: 361


View Profile
« Reply #1 on: January 24, 2013, 07:43:15 AM »
A staged payload uses a stager to instruct the exploit on how to shovel the payload to the victim over the network connection. Non-staged payloads are fully self-contained. The advantage to staged payloads is that they can fit into very small sections of memory, but they're not always as reliable.

You can read more here:

http://www.room362.com/blog/2011/6/26/metasploit-payloads-explained-part-1.html
Logged
--
Ziggy


eCPPT - GSEC - GCIH - GCUX - RHCE - SCSecA - Security+ - Network+
H1t M0nk3y
Hero Member
*****
Offline Offline

Posts: 864



View Profile
« Reply #2 on: January 24, 2013, 09:33:51 AM »
Great article, thanks!

Quote
One thing that isn't immediately obvious is another marker of staged vs. singles:

osx/ppc/shell/reverse_tcp

osx/ppc/shell_reverse_tcp


The difference between these two payloads isn't obvious other than the fact that one has an underscore '_' instead of a forward slash '/'. The one with the underscore means it's a single while the other is staged.
I already knew about staged, stagers and singles, but I didn't know about the / and the _. I also figured what "piped" meant.

Thanks again ziggy_567
Logged
OSCP, GPEN, GWAPT, GSEC, CEH, CISSP
ziggy_567
Sr. Member
****
Offline Offline

Posts: 361


View Profile
« Reply #3 on: January 24, 2013, 10:00:16 AM »
I guess I should read your posts more carefully! I didn't pick up on the "piped" part of the question!  Grin
Logged
--
Ziggy


eCPPT - GSEC - GCIH - GCUX - RHCE - SCSecA - Security+ - Network+
Pages: [1]   Go Up
  Print  
« previous next »
 
Jump to:  

Powered by MySQL Powered by PHP Powered by SMF 1.1.18 | SMF © 2013, Simple Machines
Joomla Bridge by JoomlaHacks.com 		Valid XHTML 1.0! Valid CSS!
Page created in 0.085 seconds with 23 queries.
 
Exclusive Deal

sansfire13_245x90_cw90.jpg
SANSFIRE 2013
June 15 - 22

5% Off w/ Code: EHN_5

SANS Deals 4 EH-Netters
5% OFF Any SANS Course in Any Format!
Coupon Code: EHN_5 Including SANS Rocky Mountain 2013 & SANS Boston 2013
Polls
Compared to this year, 2013 will be:
 
Recent Forum Topics
EH-Net News Feeds
Latest Additions
 
         
Advertisement

© 2013 The Ethical Hacker Network
Joomla! is Free Software released under the GNU/GPL License.