Results 1 to 3 of 3

Thread: Payload Stages - Only Stage 1 sufficient ?

  1. #1
    Just burned his ISO
    Join Date
    Sep 2010
    Posts
    2

    Default Payload Stages - Only Stage 1 sufficient ?

    Hello

    I build the shellcode for windows/meterpreter/reverse_tcp via msfpayload > ./test.c,
    compiled the file test.c afterwards on a win_xp machine, whereas i seperated the stage1 and stage2 shellcode into 2 own executable files.

    As far as i m aware and read, it is supposed to work the way that stage1 opens the connections leading to stage2 loading the actualy meterpreter DLL file to inject.

    However, starting a local multi/handler on a linux box, and then only exectuing the stage1.exe gives me a perfect meterpreter shell.
    No need to execute stage2.

    The same occured when trying windows/shell/bind_tcp,
    stage1 is sufficient in order to get a reliable shell.

    I would appreciate very much if someone could explain to me why stage1 already works, and whether stage2 of the payload shellcode is needed at all.

  2. #2
    Super Moderator lupin's Avatar
    Join Date
    Jan 2010
    Posts
    2,943

    Default Re: Payload Stages - Only Stage 1 sufficient ?

    The stage1 shellcode creates the connection back to the handler, and the handler will then send the stage2 shellcode back to the victim system after the connection is established. The stage2 shellcode contains meterpreter, which is run once downloaded by the victim. Packet trace the connection, you will see the stage2 shellcode being sent down.
    Capitalisation is important. It's the difference between "Helping your brother Jack off a horse" and "Helping your brother jack off a horse".

    The Forum Rules, Forum FAQ and the BackTrack Wiki... learn them, love them, live them.

  3. #3
    Just burned his ISO
    Join Date
    Sep 2010
    Posts
    2

    Default Re: Payload Stages - Only Stage 1 sufficient ?

    Thank you very much Lupin,

    next time i shall seek the honorful wireshark for answers beforehand!

Similar Threads

  1. What is Payload and how to use it.?
    By moorejohn90 in forum Beginners Forum
    Replies: 1
    Last Post: 08-20-2010, 10:09 AM
  2. own payload SET
    By pentest09 in forum Beginners Forum
    Replies: 2
    Last Post: 06-02-2010, 12:29 PM
  3. How to import a payload????
    By sab3awi in forum Beginners Forum
    Replies: 3
    Last Post: 02-11-2010, 03:20 PM
  4. Final stage of WPA hack - can't open a dictionary!
    By Zer0file in forum OLD Newbie Area
    Replies: 4
    Last Post: 11-14-2009, 11:10 PM

Posting Permissions

  • You may not post new threads
  • You may not post replies
  • You may not post attachments
  • You may not edit your posts
  •