1
00:00:00,770 --> 00:00:07,910
‫A payload is a piece of code that executes on the target system, and it helps us carry out some of

2
00:00:07,910 --> 00:00:14,060
‫the operations, such as connect to the command line of the target after a successful exploitation.

3
00:00:15,080 --> 00:00:19,750
‫To basically understand what a payload does, let's consider a real world example.

4
00:00:20,650 --> 00:00:25,860
‫So I want to show you an example that I heard a before, which helps me understand it as well.

5
00:00:26,800 --> 00:00:32,170
‫Payloads are kind of an explosive material that's in the head of a missile.

6
00:00:33,620 --> 00:00:39,720
‫When the missile hits the target, the explosive material causes the damage desired by the owner.

7
00:00:40,790 --> 00:00:46,250
‫Now the owner of the missile can change the explosive material as well as the payload.

8
00:00:47,290 --> 00:00:52,360
‫So that's the way that the Métis Boyte framework works with payloads.

9
00:00:52,660 --> 00:00:56,340
‫It allows you to perform some operations on the target system.

10
00:00:57,610 --> 00:01:05,110
‫For example, reverse shell is a payload that creates a connection from the target machine back to you

11
00:01:05,350 --> 00:01:13,990
‫as a Windows command prompt, whereas a bind shell is a payload that binds a command prompt to a listening

12
00:01:13,990 --> 00:01:18,520
‫port on the target machine, which you can then connect to.

13
00:01:20,080 --> 00:01:26,200
‫This screenshot shows various categories of payload modules present in the metabolite framework.

14
00:01:27,520 --> 00:01:31,900
‫So I'm going to go to the Meadows Point to rectory to view payloads.

15
00:01:34,700 --> 00:01:36,800
‫I'm using Goule to be clear.

16
00:01:38,290 --> 00:01:41,020
‫And here under the payload folder.

17
00:01:42,050 --> 00:01:48,920
‫You're going to see three different kinds of folders named singles stagers and stages.

18
00:01:50,470 --> 00:01:52,360
‫These are the main payload types.

19
00:01:54,030 --> 00:02:01,950
‫Singles are the payloads that consist of the exploit and require shall code, which means they have

20
00:02:01,950 --> 00:02:06,000
‫everything that is required to exploit the vulnerability on the target.

21
00:02:07,920 --> 00:02:11,040
‫Naturally, the size of these payloads is pretty big.

22
00:02:12,260 --> 00:02:15,890
‫Yes, it's not going to be good for if you want to be stealthy.

23
00:02:18,350 --> 00:02:23,270
‫So, for example, this one Metro operator, reverse TCP.

24
00:02:26,910 --> 00:02:32,480
‫And stagers, just so you know, sometimes size really matters.

25
00:02:33,710 --> 00:02:38,240
‫OK, the stagers payload comes in handy in such a situation.

26
00:02:39,240 --> 00:02:41,490
‫So they don't have the exploit code.

27
00:02:42,720 --> 00:02:47,340
‫That means they're going to be smaller in size and it's going to help in many other test.

28
00:02:49,000 --> 00:02:54,660
‫Like this one binde TCP and reverse TCP.

29
00:02:56,690 --> 00:03:05,330
‫And then finally stages after the stagers communicate with a target system, stages are then uploaded

30
00:03:05,330 --> 00:03:11,800
‫to the target system to do the actual actions desired by the penetration tester or attacker.

31
00:03:12,560 --> 00:03:17,570
‫And here you see the interpreter payload, which is the most used stages, payload.

32
00:03:19,390 --> 00:03:25,000
‫And you'll use it in many exploits, but we're going to get to that in some of the later sections.

33
00:03:25,870 --> 00:03:26,290
‫All right.

34
00:03:26,290 --> 00:03:29,350
‫So that's enough theory, don't you think?

35
00:03:31,210 --> 00:03:32,910
‫So open up your terminal again.

36
00:03:34,470 --> 00:03:39,030
‫And just like before, you can use an auxiliary module, usage is the same.

37
00:03:40,310 --> 00:03:42,740
‫Use and then the payload name.

38
00:03:43,650 --> 00:03:47,970
‫Use payload windows, Metropia.

39
00:03:50,190 --> 00:03:52,020
‫Binde Tsipi.

40
00:03:53,670 --> 00:04:01,980
‫Now, let me tell you an important point here, binde TCP payloads make the attacking machine directly

41
00:04:01,980 --> 00:04:03,300
‫connect to the target.

42
00:04:05,000 --> 00:04:07,790
‫So when you show the options of this module.

43
00:04:08,950 --> 00:04:12,680
‫There will be our host and airport variables.

44
00:04:13,920 --> 00:04:17,690
‫Our host defines the address of the target machine.

45
00:04:18,510 --> 00:04:22,310
‫Now, in this case, it is the IP address of Madison Voidable to.

46
00:04:23,560 --> 00:04:30,130
‫And El Port is the port number on the attacking machine that the attacking machine will listen on.

47
00:04:30,980 --> 00:04:38,120
‫And then on the other hand, there is reverse TCP connections shall show you both ways.

48
00:04:39,880 --> 00:04:41,470
‫Use payload.

49
00:04:42,490 --> 00:04:44,470
‫Windows met Herpetic.

50
00:04:47,130 --> 00:04:49,200
‫Reverse TCP.

51
00:04:50,540 --> 00:04:58,580
‫When you show the options, you will see the L host and import variables, so in this case, our host

52
00:04:58,580 --> 00:05:03,800
‫is the IP address of the COLLY that the target will connect back to.

53
00:05:04,820 --> 00:05:11,690
‫And Al Port is the port number on the Calli that will listen for incoming connections from the target.

54
00:05:12,870 --> 00:05:15,720
‫So I'm going to set our host as my IP address.

55
00:05:16,260 --> 00:05:19,100
‫Let me check my address on a new tab.

56
00:05:19,110 --> 00:05:20,010
‫Just want to be sure.

57
00:05:21,870 --> 00:05:26,370
‫OK, tend tend to not one, one is my ipe.

58
00:05:30,700 --> 00:05:36,880
‫And I'll set airport to four for four or five, then you can use run.

59
00:05:38,030 --> 00:05:42,920
‫Or generate as a command to generate the shall code of this payload.

60
00:05:44,480 --> 00:05:50,030
‫So this is the payload, and by scrolling down, you can view just how long it is.

61
00:05:51,190 --> 00:05:54,940
‫But see, now you can use it as an exploit code.

62
00:05:56,060 --> 00:06:00,260
‫But you're not going to work that way in this cause I'll tell you why coming up.