Stages Vs. Non-Staged Payloads

What is exploit? - The exploit is what delivers the payload. Exploits give you the ability to 'pop a shell/run your payload code'. In other words, exploit is the code that take advantage of the vulnerability, and payload can does the damage.



  1. Sends exploit shellcode all at code.

  2. Larger in size and won't always work

  3. Example: windows/meterpreter_reverse_tcp

  1. Sends payload in stages

  2. Can be less stable

  3. Example: windows/meterpreter/reverse_tcp