1
00:00:00,150 --> 00:00:04,260
Now let's talk about stage versus non stage payloads.

2
00:00:04,260 --> 00:00:12,690
And before we do that we must talk about a payload so a payload is what we're going to run as an exploit.

3
00:00:12,690 --> 00:00:16,860
And when we run that exploit it's called a payload.

4
00:00:16,860 --> 00:00:19,650
We use different types of payloads depending on what it is.

5
00:00:19,680 --> 00:00:27,750
So you might see a Windows type payload or a Linux type payload or easy see on the screen maternal critter

6
00:00:27,750 --> 00:00:28,620
type payload.

7
00:00:28,620 --> 00:00:33,740
There's Python there's all different types there's like five hundred and something that we saw in meadows

8
00:00:33,750 --> 00:00:35,080
boy alone.

9
00:00:35,310 --> 00:00:43,110
And these payloads are what we use to send to a victim and attempt to get a shell on the machine.

10
00:00:43,140 --> 00:00:45,410
Now it's going to make more sense as we go.

11
00:00:45,410 --> 00:00:48,730
It's OK if you're still a little bit confused on all of this.

12
00:00:48,750 --> 00:00:52,500
There are two main types of payloads that we need to pay attention to.

13
00:00:52,530 --> 00:00:59,890
There is what we call non stage and what we call stage now a non stage payload sends that explained

14
00:00:59,960 --> 00:01:08,370
shell code all at once where a stage payload sends it in stages the non stage payload is larger in size

15
00:01:08,490 --> 00:01:13,960
and it doesn't always work where the stage payload can actually be less stable.

16
00:01:13,980 --> 00:01:23,140
So each has its con and we have an example of it and this is really what I want to point out is we have

17
00:01:23,140 --> 00:01:28,800
this non stage payload and we have a stage payload and you see the one difference between the two.

18
00:01:28,930 --> 00:01:30,600
All it is is a forward slash.

19
00:01:30,910 --> 00:01:36,690
So when we see these in we're using something like Meadows spoilt and we have to pick out a payload

20
00:01:37,150 --> 00:01:42,500
if we see something like maternal fritter underscore reverse underscore TCB.

21
00:01:42,640 --> 00:01:45,900
This identifies that this is a non stage payload.

22
00:01:46,000 --> 00:01:53,420
We can ignore the windows here but here we receive return critter forward slash reverse underscore TCB.

23
00:01:53,440 --> 00:01:55,990
This means we have a stage payload.

24
00:01:56,110 --> 00:02:01,280
What's happening it's saying hey Stage 1 Stage 2 what's happening here.

25
00:02:01,300 --> 00:02:04,260
It's saying hey let's end this all at once.

26
00:02:04,390 --> 00:02:12,070
So this is going to become very important very quick as we will attempt to exploit here very soon.

27
00:02:12,070 --> 00:02:14,410
And it's not going to work.

28
00:02:14,560 --> 00:02:17,700
And then we're going to change the payload and it's going to work beautifully.

29
00:02:17,710 --> 00:02:26,230
So understand that with the really the takeaway is if you have a payload that does not work maybe try

30
00:02:26,230 --> 00:02:32,140
the other other type of that payload if you see something like reverse TTP which is a reverse shell

31
00:02:32,140 --> 00:02:34,870
by the way over a TTP connection.

32
00:02:34,870 --> 00:02:39,730
If you say hey I'm going to send this stage reverse TTP it's not working.

33
00:02:39,730 --> 00:02:44,270
All right let me try to send a non staged reverse TCB OK.

34
00:02:44,290 --> 00:02:46,630
That's not working but I'm sure my exploits.

35
00:02:46,630 --> 00:02:46,920
Right.

36
00:02:46,930 --> 00:02:53,650
So maybe I send a bind shall instead of reverse shell here and I'll send a binds shell stage in the

37
00:02:53,650 --> 00:02:59,380
non stage and we just keep trying until we find a payload that works not every payload is the right

38
00:02:59,380 --> 00:03:02,140
payload and we have to find the one that works for us.

39
00:03:02,200 --> 00:03:09,970
So the takeaways remember the forward slash remember the slight differences between non stage and stage.

40
00:03:10,030 --> 00:03:14,650
And remember if your payload fails but you think it's the right exploit maybe change your payload.

41
00:03:15,040 --> 00:03:20,350
So we'll see that here very shortly as we start to get into exploitation in the next few videos.