exploit vs payload
Post on 17-Feb-2018
215 Views
Preview:
TRANSCRIPT
-
7/23/2019 Exploit vs Payload
1/4
sign up log in tour help
Take the 2-minute tour Information Security Stack Exchange is a question and answer site for Information security professionals. It's 100%free, no registration required.
What is the difference between Exploit and Payload?
In computer security, we know that weak points in software are called (if related to security). And once the vulnerability is
found, theoretically it requires a piece of code as proof of concept (this is called an ). In this context, the term is alsomentioned.
vulnerabilities
exploit payload
Then, what is the difference between 'payload' and 'exploit'?
appsec exploit terminology
edited Apr 16 '13 at 17:38
AviD 36.1k 14 85 155
asked Apr 16 '13 at 8:25
Akam
550 6 17
1 I feel like the difference could be explained with a very inappropriate (for StackExchange) sexual analogy.IQAndreas Oct 5 '14 at 4:31
3 Answers
The exploit is what delivers the payload. Take a missile as an analogy. You have the rocket andfuel and everything else in the rocket, and then you have the warhead that does the actualdamage. Without the warhead, the missile doesn't do very much when it hits. Additionally, awarhead isn't much use if it goes off in your bunker wi thout a rocket delivering it.
The delivery system(missile) is the exploit and the payload (warhead) is the code that actuallydoes something.
Exploits give you the ability to 'pop a shell/run your payload code'.
Example payloads are things like Trojans/RATs, keyloggers, reverse shells etc.
Payloads are only referred to when code execution is possible and not when using things likedenial of service exploits.
appsec - What is the difference between Exploit a... http://security.stackexchange.com/questions/34
de 4 23/06/15 15
-
7/23/2019 Exploit vs Payload
2/4
edited Apr 19 '13 at 4:41 answered Apr 16 '13 at 8:27
NULLZ
7,294 8 47 83
appsec - What is the difference between Exploit a... http://security.stackexchange.com/questions/34
2 de 4 23/06/15 15
-
7/23/2019 Exploit vs Payload
3/4
1 best description ;-) Dr. Apr 16 '13 at 8:28
@Dr. updated it slightly just in case ;) NULLZ Apr 16 '13 at 8:32
@D3C4FF: thanks, I can imagine them now exactly :) Akam Apr 16 '13 at 8:33
@Akam please remember to mark it as answered if its answered your question :) NULLZ Apr 16 '13 at 8:50
1
@D3C4FF don't forget that the vulnerability in your analogy/metaphor would be the inability of the target to detect
and shoot down the incoming missile. acolyte Apr 16 '13 at 13:21
You already know what a vulnerability is.
An exploit is a piece of code written to take advantage of a particular vulnerability. A payload is apiece of code to be executed through said exploit.
Have a look at the Metasploit Framework. It is simply a collection of exploits and payloads. Eachexploit can be attached with various payloads like reverse or bind shells, the meterpreter shelletc.
The beauty of the Metasploit Framework is that it is modular. You can mix and match differentpayloads and exploits to achieve the needed results.
answered Apr 16 '13 at 8:28
Terry Chia
27.7k 9 69 136
I prepared an easier to read version of the diagram (I believe). It's following same basicprinciples the does. I was tempted to go with his analogy first, but Ithought it wouldn't be appropriate due to recent events and for the current global political climate.
@D3C4FF's excelent answer
The ( ) is just cute, and the banana just what Ithought a convenient analogy for the occasion. Neither are meant to be offensive.
target self-portrait of a crested black macaque
Obviously, a single exploit can deliver multiple payloads to a single or multiple targets. In lattercase, a crate of bananas with a single ape, or a crate of bananas in a zoo for multiple targetscould be used to describe individual entities involved in the process of exploitation (where thecrate would then be an exploit, and bananas in it payloads). ;)
appsec - What is the difference between Exploit a... http://security.stackexchange.com/questions/34
3 de 4 23/06/15 15
-
7/23/2019 Exploit vs Payload
4/4
separate entities are colour coded ;)
While this example diagram might seem a bit odd, I actually believe it's suitable beyond justbeing (as current votes on this post show). Bananas, among other obvious uses,
, where normal
vaccinations wouldn't be as effective.
controversial
have actually been suggested as a delivery mechanism for medicine before
The banana peel also denotes an perfectly, since it's later discarded just as thewould be, whi le the is consumed and digested by the through a (or inour case, the cute macaque's mouth).
exploit exploit
payload target vulnerab ility
edited Apr 19 '13 at 7:52 answered Apr 16 '13 at 17:33
TildalWave
8,400 6 27 61
4 this cleared up several points that have been confusing me for years, thanks. lynks Apr 16 '13 at 17:36
1
@lynks - Well, discarding of an exploit after the payload was consumed be a slippery business (tho it can becan
recycled) :) TildalWave Apr 17 '13 at 1:53
appsec - What is the difference between Exploit a... http://security.stackexchange.com/questions/34
4 de 4 23/06/15 15
top related