Skip to content

Default payloads

The default payload plugin retains the core functionalities of the payload generation process as it existed prior to version 0.2, while introducing a range of additional features. This enhancement ensures continuity in the payload generation capabilities, yet expands upon the utility and flexibility of the process to accommodate more sophisticated requirements.

Plugin ID: shelldot.payload.default

Template ID "shelldot.payload.windows-x64"

This template is designed for the generation of payloads compatible with Windows 64 bit systems, emphasizing a critical configuration parameter, "type," which determines the nature of the generated payload. Available options for the "type" parameter include:

  • executable: A straightforward executable file (.exe) that operates without producing visible effects.
  • dLL: A Dynamic Link Library file containing the payload, which is activated upon the loading of the DLL.
  • service: A service-type executable that runs as a background process.
  • shellcode: A sequence of instructions utilized as a payload in the form of shellcode.
  • debug_executable: A debug version of the executable, distinct for its creation of a console window for output visibility.

Configuration values:

  • type: As previously described, this parameter specifies the nature of the payload. The options encompass executable, DLL, service, shellcode, and debug executable types, each tailored to different deployment scenarios and operational objectives.
  • PaddingSize: This parameter determines the number of bytes appended to the end of the payload, a technique employed to artificially inflate the size of the payload. Such padding can be useful for evading detection mechanisms that rely on payload size as an indicator of malicious activity.
  • InitialWait: Specifies the duration, in seconds, that the payload will delay before initiating its primary functionality. This waiting period can be strategically used to avoid immediate detection by security systems that monitor for suspicious activity immediately after payload delivery.

Template ID "shelldot.payload.windows-x86"

This template is designed for the generation of payloads compatible with Windows 32 bit systems, emphasizing a critical configuration parameter, "type," which determines the nature of the generated payload. Available options for the "type" parameter include:

  • executable: A straightforward executable file (.exe) that operates without producing visible effects.
  • dLL: A Dynamic Link Library file containing the payload, which is activated upon the loading of the DLL.
  • service: A service-type executable that runs as a background process.
  • shellcode: A sequence of instructions utilized as a payload in the form of shellcode.
  • debug_executable: A debug version of the executable, distinct for its creation of a console window for output visibility.

Configuration values:

  • type: As previously described, this parameter specifies the nature of the payload. The options encompass executable, DLL, service, shellcode, and debug executable types, each tailored to different deployment scenarios and operational objectives.
  • PaddingSize: This parameter determines the number of bytes appended to the end of the payload, a technique employed to artificially inflate the size of the payload. Such padding can be useful for evading detection mechanisms that rely on payload size as an indicator of malicious activity.
  • InitialWait: Specifies the duration, in seconds, that the payload will delay before initiating its primary functionality. This waiting period can be strategically used to avoid immediate detection by security systems that monitor for suspicious activity immediately after payload delivery.