Home Uncategorized What is the difference between Exploit, Payload and Shellcode?

What is the difference between Exploit, Payload and Shellcode?

by Unallocated Author

Exploit
An exploit is the means by which an attacker, or penetration tester for that matter, takes advantage of a vulnerability within a system, an application, or a service. An attacker uses an exploit to attack a system in a way that results in a particular desired outcome that the developer never expected. Common exploits include buffer overflows, web application vulnerabilities (such as SQL injection), and configuration errors.

Payload
A payload is a custom code that attacker want the system to execute and that is to be selected and delivered by the Framework. For example, a reverse shell is a payload that creates a connection from the target machine back to the attacker as a Windows command prompt, whereas a bind shell is a payload that “binds” a command prompt to a listening port on the target machine, which the attacker can then connect. A payload could also be something as simple as a few commands to be executed on the target operating system.

Shellcode
Shellcode is basically a list of carefully crafted commands that can be executed once the code is injected into a running application. It’s a series of instructions used as a payload when exploiting a vulnerability. Shellcode is typically written in assembly language. In most cases, a command shell or a Meterpreter shell will be provided after the set of instructions have been performed by the target machine, hence the name.

You may also like