0Pricing
Cyber Security Academy · Lesson

Payloads: Staged vs Stageless, Meterpreter

Choose the right payload for a scenario and use Meterpreter for post-exploitation.

What is a Payload?

A payload is the code that runs on the target after a successful exploit. It defines what the attacker gains: a shell, command execution, file access, or a full-featured agent like Meterpreter.

Staged vs Stageless Payloads

Stageless payloads (/) contain everything in one binary — larger but simpler, no network callback needed after initial delivery. Staged payloads (//) send a tiny stager first that downloads the second stage from the handler.

# Stageless (single slash naming):
windows/x64/shell_reverse_tcp

# Staged (double slash naming):
windows/x64/shell/reverse_tcp
#                 ^
#                 stage 2 downloaded after stager connects

All lessons in this course

  1. Metasploit Architecture and msfconsole
  2. Exploiting a Known Vulnerability
  3. Payloads: Staged vs Stageless, Meterpreter
  4. Post-Exploitation: Pivot and Persist
← Back to Cyber Security Academy