Default payloads
The default payload plugin retains the core functionalities of the payload generation process as it existed prior to version 0.2, while introducing a range of additional features. This enhancement ensures continuity in the payload generation capabilities, yet expands upon the utility and flexibility of the process to accommodate more sophisticated requirements.
Plugin ID: shelldot.payload.default
Template ID "shelldot.payload.windows-x64" & "shelldot.payload.windows-x86"
This template is designed for the generation of 64 & 32 bit payloads compatible with Windows systems, emphasizing a critical configuration parameter, "type," which determines the nature of the generated payload. Available options for the "type" parameter include:
- EXECUTABLE: A straightforward executable file (.exe) that operates without producing visible effects.
- DLL: A Dynamic Link Library file containing the payload, which is activated upon the loading of the DLL.
- SERVICE: A service-type executable that runs as a background process.
- SHELLCODE: A sequence of instructions utilized as a payload in the form of shellcode.
- DEBUG_EXECUTABLE: A debug version of the executable, distinct for its creation of a console window for output visibility.
Configuration values:
Use the table below to customize how the Commercial Payload behaves. Some attributes apply universally; others come into play only when certain methods or payload types are selected.
| Attribute | Explanation |
|---|---|
| type | The payload type. Options are "DEBUG_EXECUTABLE", "EXECUTABLE", "SERVICE", "DLL" and "SHELLCODE". |
| paddingSize | Number of bytes of NULL-padding appended to the payload. |
| initialWait | Number of seconds to wait after startup before launching the main payload code. |
| dllMethodName | The exported method name used by DLL-type payloads. |
| mutex | A string-based mutex prevents the payload from launching multiple concurrent instances with the same mutex on the same machine. |
| guardrails[ ] | Guardrails to limit where and when payload starts |
| ↳ type | Type of the guardrail - options are DomainExists, DomainNotExists, TimeBefore, TimeAfter |
| ↳ value | Value related to guardrail type - host/domain name (if type is DomainExists or DomainNotExists) or timestamp/ISO-8601 (if type is TimeBefore or TimeAfter) |