Metasploit mailing list archives
Payload Question
From: hdm at metasploit.com (HD Moore)
Date: Sat, 11 Jul 2009 09:33:09 -0500
On Sat, 11 Jul 2009 09:09:24 -0500, xyberpix <xyberpix at xyberpix.com> wrote:
This may be a daft question, but could someone please let me know the difference between these two please, windows/dllinject/reverse_ord_tcp windows/dllinject/reverse_tcp
The "reverse_ord_tcp" stager is really small (<100 bytes), it uses the existing ws2_32.dll in memory in connect and load the next stage of the payload. This payload doesn't always work with all exploits, since it requires winsock to be already loaded in the target process. Additionally, this payload doesn't have support for NX or Windows 7. The "reverse_tcp" stager is the primary workhorse stager for metasploit, it supports NX, Windows 7, and has better error handling than the ordinal based payload. This payload is substantially bigger (~300 bytes now) and doesn't work in cases where less than 300 bytes are available. Unlike other exploit tools, Metasploit provides many different ways to accomplish the same task, however picking the right one is up to the user. -HD
Current thread:
- Payload Question xyberpix (Jul 11)
- Payload Question HD Moore (Jul 11)