What is the difference between Exploit, Payload and Shellcode?

  • 192
  • 1

An exploit is the means by which an attacker, or penetration tester for that matter, takes advantage of a vulnerability within a system, an application, or a service. An attacker uses an exploit to attack a system in a way that results in a particular desired outcome that the developer never expected. Common exploits include buffer overflows, web application vulnerabilities (such as SQL injection), and configuration errors.

A payload is a custom code that attacker want the system to execute and that is to be selected and delivered by the Framework. For example, a reverse shell is a payload that creates a connection from the target machine back to the attacker as a Windows command prompt, whereas a bind shell is a payload that “binds” a command prompt to a listening port on the target machine, which the attacker can then connect. A payload could also be something as simple as a few commands to be executed on the target operating system.

Shellcode is basically a list of carefully crafted commands that can be executed once the code is injected into a running application. It’s a series of instructions used as a payload when exploiting a vulnerability. Shellcode is typically written in assembly language. In most cases, a command shell or a Meterpreter shell will be provided after the set of instructions have been performed by the target machine, hence the name.


Unallocated Author

Please note that the article you are reading has an unallocated author as the original author is no longer employed at latesthackingnews.com, this has been put in place to adhere with general data protection regulations (GDPR). If you have any further queries, please contact: [email protected]

Do NOT follow this link or you will be banned from the site!