Back to course

Understanding Payloads (Staged vs. Non-Staged)

Cyber Security Mastery: From Zero to Hero

The Code You Run on the Target

The payload is the piece of code that defines the actions the attacker wants to perform on the target machine after successful exploitation.

1. Non-Staged (Single-Stage) Payloads

  • Definition: The entire payload (shell code) is sent at once, in a single block.
  • Pros: Simpler, fewer connections, often more reliable on unstable targets.
  • Cons: The code must be small enough to fit within the buffer/exploit size limit.
  • Example: windows/shell_reverse_tcp (simple command prompt shell).

2. Staged Payloads

  • Definition: The payload is delivered in two parts: a small, initial stage (the stager) which opens a connection, and the second, larger stage (the actual payload, like Meterpreter) which is downloaded over the established connection.
  • Pros: Smaller initial footprint, allows for complex payloads like Meterpreter.
  • Cons: Requires two successful connection stages, can be less reliable if the network connection drops.
  • Example: windows/meterpreter/reverse_tcp (requires a stager).