Penetration Testing mailing list archives
Re: difference between Stager and Inline payloads
From: Joshua Gimer <jgimer () gmail com>
Date: Mon, 5 May 2008 16:03:03 -0600
There is only so much room available for payloads within the exploit you use in Metasploit, you can find out how much is available by typing "info" once you have selected an exploit. You will see a heading called Payload Information, this information is used to determine which payloads are available for selection when you do "show payloads" for a specific exploit. In some cases the payloads that you want to use are too large for this allocated area and you will receive an error similar to the following when you attempt to exploit:
[-] Exploit failed: No encoders encoded the buffer successfully.Staged payloads will allow you to run larger payloads, but in stages that are retrieved from the exploited system. As taken from: http://en.wikibooks.org/wiki/Metasploit/Frequently_Asked_Questions
A staged payload will perform the following functions on a remote system, when created a reverse shell:
1. Create the staging platform. 2. Allocate enough memory to hold your desired payload. 3. Obtain the rest of the payload from you. 4. Execute the payload as a whole.An inline payload is just the opposite. The entire payload is included in the exploit.
Joshua Gimer On May 3, 2008, at 3:40 AM, Simon Templar wrote:
Hello guys, I would like to know what is the difference between Stager and Inline payloads in the metasploit framework. Your help is so much appreciated. Best regards. ------------------------------------------------------------------------ This list is sponsored by: Cenzic Need to secure your web apps NOW? Cenzic finds more, "real" vulnerabilities fast. Click to try it, buy it or download a solution FREE today! http://www.cenzic.com/downloads ------------------------------------------------------------------------
------------------------------------------------------------------------ This list is sponsored by: Cenzic Need to secure your web apps NOW? Cenzic finds more, "real" vulnerabilities fast. Click to try it, buy it or download a solution FREE today! http://www.cenzic.com/downloads ------------------------------------------------------------------------
Current thread:
- difference between Stager and Inline payloads Simon Templar (May 05)
- Re: difference between Stager and Inline payloads Joshua Gimer (May 06)