Would you like to inspect the original subtitles? These are the user uploaded subtitles that are being translated: 1 00:00:00,150 --> 00:00:04,260 Now let's talk about stage versus non stage payloads. 2 00:00:04,260 --> 00:00:12,690 And before we do that we must talk about a payload so a payload is what we're going to run as an exploit. 3 00:00:12,690 --> 00:00:16,860 And when we run that exploit it's called a payload. 4 00:00:16,860 --> 00:00:19,650 We use different types of payloads depending on what it is. 5 00:00:19,680 --> 00:00:27,750 So you might see a Windows type payload or a Linux type payload or easy see on the screen maternal critter 6 00:00:27,750 --> 00:00:28,620 type payload. 7 00:00:28,620 --> 00:00:33,740 There's Python there's all different types there's like five hundred and something that we saw in meadows 8 00:00:33,750 --> 00:00:35,080 boy alone. 9 00:00:35,310 --> 00:00:43,110 And these payloads are what we use to send to a victim and attempt to get a shell on the machine. 10 00:00:43,140 --> 00:00:45,410 Now it's going to make more sense as we go. 11 00:00:45,410 --> 00:00:48,730 It's OK if you're still a little bit confused on all of this. 12 00:00:48,750 --> 00:00:52,500 There are two main types of payloads that we need to pay attention to. 13 00:00:52,530 --> 00:00:59,890 There is what we call non stage and what we call stage now a non stage payload sends that explained 14 00:00:59,960 --> 00:01:08,370 shell code all at once where a stage payload sends it in stages the non stage payload is larger in size 15 00:01:08,490 --> 00:01:13,960 and it doesn't always work where the stage payload can actually be less stable. 16 00:01:13,980 --> 00:01:23,140 So each has its con and we have an example of it and this is really what I want to point out is we have 17 00:01:23,140 --> 00:01:28,800 this non stage payload and we have a stage payload and you see the one difference between the two. 18 00:01:28,930 --> 00:01:30,600 All it is is a forward slash. 19 00:01:30,910 --> 00:01:36,690 So when we see these in we're using something like Meadows spoilt and we have to pick out a payload 20 00:01:37,150 --> 00:01:42,500 if we see something like maternal fritter underscore reverse underscore TCB. 21 00:01:42,640 --> 00:01:45,900 This identifies that this is a non stage payload. 22 00:01:46,000 --> 00:01:53,420 We can ignore the windows here but here we receive return critter forward slash reverse underscore TCB. 23 00:01:53,440 --> 00:01:55,990 This means we have a stage payload. 24 00:01:56,110 --> 00:02:01,280 What's happening it's saying hey Stage 1 Stage 2 what's happening here. 25 00:02:01,300 --> 00:02:04,260 It's saying hey let's end this all at once. 26 00:02:04,390 --> 00:02:12,070 So this is going to become very important very quick as we will attempt to exploit here very soon. 27 00:02:12,070 --> 00:02:14,410 And it's not going to work. 28 00:02:14,560 --> 00:02:17,700 And then we're going to change the payload and it's going to work beautifully. 29 00:02:17,710 --> 00:02:26,230 So understand that with the really the takeaway is if you have a payload that does not work maybe try 30 00:02:26,230 --> 00:02:32,140 the other other type of that payload if you see something like reverse TTP which is a reverse shell 31 00:02:32,140 --> 00:02:34,870 by the way over a TTP connection. 32 00:02:34,870 --> 00:02:39,730 If you say hey I'm going to send this stage reverse TTP it's not working. 33 00:02:39,730 --> 00:02:44,270 All right let me try to send a non staged reverse TCB OK. 34 00:02:44,290 --> 00:02:46,630 That's not working but I'm sure my exploits. 35 00:02:46,630 --> 00:02:46,920 Right. 36 00:02:46,930 --> 00:02:53,650 So maybe I send a bind shall instead of reverse shell here and I'll send a binds shell stage in the 37 00:02:53,650 --> 00:02:59,380 non stage and we just keep trying until we find a payload that works not every payload is the right 38 00:02:59,380 --> 00:03:02,140 payload and we have to find the one that works for us. 39 00:03:02,200 --> 00:03:09,970 So the takeaways remember the forward slash remember the slight differences between non stage and stage. 40 00:03:10,030 --> 00:03:14,650 And remember if your payload fails but you think it's the right exploit maybe change your payload. 41 00:03:15,040 --> 00:03:20,350 So we'll see that here very shortly as we start to get into exploitation in the next few videos. 4514