Welcome back, my dear white hat hackers!
As you well know, Metasploit is an operating platform that should be known by every hacker. It is one of my favorite software. Metasploit allows us to use exploits against known vulnerabilities in operating systems, browsers, other applications and to “place” a payload in the target system. These payloads allow us to connect to the victim’s system and use it as if it were our own, after exploiting the vulnerability in its system. In this tutorial, we will look at these payloads, designed for Metasploit.
Metasploit has a lot of payloads that we can leave in the targeted system. In this tutorial, we will see how payloads work, how it categorizes them, and what are the types of payloads. Only by understanding these things will we know what is the right payload for a hack.
Let’s take a closer look at these payloads.
Step 1: We start Kali and open Metasploit
When we open the Metasploit console, we see that Metasploit immediately lists the number of exploits, auxiliary modules, payloads s.a.m.d. In the print screen below, we can see that there are 335 payloads in the current version of Metasploit (yours may differ slightly, depending on the version you have). This is a huge number of payloads, which can be used in different situations.
When we type:
Metasploit will list our 355 payloads.
Step 2: Types of payloads
There are 8 types of payloads in Metasploit:
These payloads represent a single exploit and payload package. They are inherently more stable, but due to their size, they cannot always be used in small vulnerable memory areas.
These payloads can fit in very small spaces and create a fulcrum in the system, and then pull the rest of the payload.
It is the most powerful payload we want in the victim’s system. It works with .dll injection and is in memory, leaving no trace of its existence. He has several specific commands and scripts, made for him, allowing us to work largely on the victim’s system.
We use it when firewall rules restrict certain traffic. In other words, it uses Active X through Internet Explorer to hide traffic and bypass the firewall, using HTTP requests, just like any other browser.
On some processors, there is a feature called DEP (Data Execution Prevention). In Windows, we meet it as No eXecute or NX. The idea behind this security feature is to keep the data to the processor and run it. NoNX payloads are designed to avoid these security features of modern processors.
These types of payloads work best on Windows operating systems. They are extremely small and quite unstable. They depend on the loading of a .dll (dynamic link library) in the exploited process.
As the name suggests, these payloads are created to work with IPv6 networks.
Reflective DLL Injection
These payload modules are injected into the target process, while running in its memory, without writing or installing anything on the hard drive, leaving behind proof of its existence.
Step 3: Payload Modules
If we look in the Metasploit directory in the terminal, we can see that Metasploit categorizes payloads into three different types. Of course, the 8 types above are included in these three directories in Metasploit.
Staged payloads are small payloads that aim to exploit the system in small areas of memory, allowing a small code to be executed so that it can later “pull” the entire payload into the system. Larger payloads include Meterpreter and VNC Injection, both with large and complex code.
Stagers, similar to Staged (you’ll see the difference between them later) are also small payloads, whose task is to fit in small areas of memory and “pull” a payload after them.
Often referred to as “in-line payloads”, they are independent units that do not require a stager. They are much more used because they are more stable, but often the code is too large for the vulnerable area of the target system.
Let’s look in the singles directory.
If we want to see the ones available for Windows, we simply type:
In this directory, we can see all the single payloads, available for Windows. I highlighted one of the payloads that I use in many hacks.
Payloads are a key feature of the Metasploit infrastructure and give us access after the exploit has been performed. The better we understand them, the sharper our hacking skills will be.
That’s all for now. Make sure you read the other tutorials in the Metasploit series and come back for more.