-
- POC: The full name is "Proof of Concept", Chinese "proof of concept", often refers to a piece of code for proof of vulnerability. (Prove the vulnerability)
- EXP: The full name is "Exploit", Chinese "use", refers to the use of system vulnerabilities to attack. (Exploit the vulnerability)
- Payload: Chinese 'payload' refers to the code or instruction that is actually executed on the target system after a successful exploit.
- Shellcode: A simple translation of 'shell code', which is a type of Payload. It gets its name because it creates a forward / reverse shell.
There are many types of Payload, it can be Shellcode, or it can be directly a system command. The same Payload can be used for multiple vulnerabilities, but each vulnerability has its own EXP, which means that there is no universal EXP.
There are also many types of shellcode, including forward, reverse, and even meterpreter.
Shellcode and Shellshcok are not the same, Shellshock specifically refers to the Shellshock vulnerability discovered in 14 years
There is a Payload module in the 6 major modules of Metasploit Framework. There are three types of single, tager and stages under this module. Single is an all-in-one payload and does not depend on other files, so its volume will be compared. Large, Stager is mainly used when the target computer's memory is limited, you can first transmit a smaller Stager to establish a connection, Stages refers to the use of Stager connection to download the subsequent Payload. There are many types of Stager and Stages, suitable for different scenes.