Payload Stages - Only Stage 1 sufficient ?
Hello
I build the shellcode for windows/meterpreter/reverse_tcp via msfpayload > ./test.c,
compiled the file test.c afterwards on a win_xp machine, whereas i seperated the stage1 and stage2 shellcode into 2 own executable files.
As far as i m aware and read, it is supposed to work the way that stage1 opens the connections leading to stage2 loading the actualy meterpreter DLL file to inject.
However, starting a local multi/handler on a linux box, and then only exectuing the stage1.exe gives me a perfect meterpreter shell.
No need to execute stage2.
The same occured when trying windows/shell/bind_tcp,
stage1 is sufficient in order to get a reliable shell.
I would appreciate very much if someone could explain to me why stage1 already works, and whether stage2 of the payload shellcode is needed at all.
Re: Payload Stages - Only Stage 1 sufficient ?
The stage1 shellcode creates the connection back to the handler, and the handler will then send the stage2 shellcode back to the victim system after the connection is established. The stage2 shellcode contains meterpreter, which is run once downloaded by the victim. Packet trace the connection, you will see the stage2 shellcode being sent down.
Capitalisation is important. It's the difference between "Helping your brother Jack off a horse" and "Helping your brother jack off a horse".
The Forum Rules, Forum FAQ and the BackTrack Wiki... learn them, love them, live them.
Re: Payload Stages - Only Stage 1 sufficient ?
Thank you very much Lupin,
next time i shall seek the honorful wireshark for answers beforehand!
Posting Permissions
