So starting with the absolute basics - an exploit is the means used to gain acce

Question

So starting with the absolute basics - an exploit is the means used to gain access to a vulnerable system and a payload is the actual program/shellcode used to fulfill attacker's intentions

A staged payload creates a connection to a victim's machine using a stager - which is a small initial payload that creates a connection to the victim (creating a stager socket) and then passes execution to the next stage which will be the main payload - in this case meterpreter.

In this context, meterpreter is a payload that will be loaded through the stager socket and will allow dlls to be injected to victim machines (meterpreter server) memory...

I've done some research and for me to understand things I attempt to put them in my own words and terms as much as possible.. This is my basic understanding of how staged payloads and meterpreter works, so can you please clarify that my understanding is actually correct?

Explanation / Answer

The basic idea is correct. Just want to explain what is the purpose of staged payloads. Every exploit has a limited space through which it can carry user code. Meterpreter DLL is around 900KB which won't fit in any common buffer overflow exploits. That is the size of only the bare bone meterpreter DLL. When it is loaded with extensions (stdlib, sniffer etc), the size is in multi megabytes. That's why the stager is used as the initial shell code that contacts the handler, allocate the appropriate RWX memory in the target process and load the DLL through reflective DLL injection.

Related Questions

Navigate

• Browse (All)
• Browse S
• Subjects

Integrity-first tutoring: explanations and feedback only — we do not complete graded work. Learn more.