Payload Question

[hdm at metasploit.com (HD Moore)]

On Sat, 11 Jul 2009 09:09:24 -0500, xyberpix <xyberpix at xyberpix.com> wrote:
> This may be a daft question, but could someone please let me know the  
> difference between these two please,
>
> windows/dllinject/reverse_ord_tcp
> windows/dllinject/reverse_tcp

The "reverse_ord_tcp" stager is really small (<100 bytes), it uses the  
existing ws2_32.dll in memory in connect and load the next stage of the  
payload. This payload doesn't always work with all exploits, since it  
requires winsock to be already loaded in the target process. Additionally,  
this payload doesn't have support for NX or Windows 7.

The "reverse_tcp" stager is the primary workhorse stager for metasploit,  
it supports NX, Windows 7, and has better error handling than the ordinal  
based payload. This payload is substantially bigger (~300 bytes now) and  
doesn't work in cases where less than 300 bytes are available.


Unlike other exploit tools, Metasploit provides many different ways to  
accomplish the same task, however picking the right one is up to the user.

-HD