Working with Exploit Payloads

Metasploit helps deliver our exploit payloads against a target system. When creating an Exploit Payload, we have several things to consider, from the operating system architecture, to anti-virus, IDS, IPS, etc. In evading detection of our exploits, we will want to encode our payloads to remove any bad characters and add some randomness to the final output using NOPs.

Metasploit comes with a number of payload encoders and NOP generators to help aid us in this area.

Select a payload encoder:

  • Must not touch certain registers
  • Must be under the max size
  • Must avoid BadChars
  • Encoders are ranked

Select a nop generator:

  • Tries the most random one first
  • NOPs are also ranked

Payload Encoding Example

  • The defined Payload Space is 900 bytes
  • The Payload is 300 bytes long
  • The Encoder stub adds another 40 bytes to the payload
  • The NOPs will then fill in the remaining 560 bytes bringing the final payload.encoded size to 900 bytes
  • The NOP padding can be avoided by adding ‘DisableNops’ => true to the exploit

Payload Block Options

As is the case for most things in the Framework, payloads can be tweaked by exploits.

  • ‘StackAdjustment’ prefixes “sub esp” code
  • ‘MinNops’, ‘MaxNops’, ‘DisableNops’
  • ‘Prefix’ places data before the payload
  • ‘PrefixEncoder’ places it before the stub

These options can also go into the Targets block, allowing for different BadChars for targets and allows Targets to hit different OS architectures.

Menu
X Close

 

Certified Pentesting
Professional

OSCP
course starting at
$800 USD

Take Penetration Testing with Kali Linux to gain invaluable penetration testing skills and earn your OSCP.

  • Self-paced, online course
  • Includes certification exam fee
  • Access innovative virtual labs
  • Hands-on experience
  • Become an OSCP

Certified Pentesting
Expert

OSCE
course starting at
$1200 USD

Take Cracking the Perimeter to take your penetration testing skills to expert levels and earn your OSCE.

  • Self-paced, online course
  • Includes certification exam fee
  • Access innovative virtual labs
  • Hands-on experience
  • Become an OSCE

 

Certified Pentesting
Web Expert

OSWE
course starting at
$1400 USD

Take Advanced Web Attacks and Exploitation, to deep dive into web apps to earn your OSWE.

  • Self-paced, online course
  • Includes certification exam fee
  • Access innovative virtual labs
  • Hands-on experience
  • Become an OSWE

Certified Pentesting
Wireless Professional

OSWP
course starting at
$450 USD

Take Offensive Security Wireless Attacks to acquire knowledge about Wi-Fi attacks and earn your OSWP.

  • Self-paced, online course
  • Includes certification exam fee
  • Access innovative virtual labs
  • Hands-on experience
  • Become an OSWP

Certified Exploitation
Expert

OSEE
course starting at
See
Live Schedule

Take Advanced Windows Exploitation to develop exploits for Windows systems and earn your OSEE.

  • Live training course
  • Includes certification exam fee
  • Maximum instructor interaction
  • Highly challenging
  • Become an OSEE