Stages Vs. Non-Staged Payloads

What is exploit? - The exploit is what delivers the payload. Exploits give you the ability to 'pop a shell/run your payload code'. In other words, exploit is the code that take advantage of the vulnerability, and payload can does the damage.

Non-staged

Staged

  1. Sends exploit shellcode all at code.

  2. Larger in size and won't always work

  3. Example: windows/meterpreter_reverse_tcp

  1. Sends payload in stages

  2. Can be less stable

  3. Example: windows/meterpreter/reverse_tcp