###### tags: `資安 ethical hacker ZTM` # exploitation and Gaining access ## payload i think it mean reverse shell or bind shell it can type shell then see response if target is totally security social engineer work like sending email hide shell or useing usb something(like Rubber Ducky) ## Metasploit Framework ### cd/usr/share/metasploit-framework ### msf generate payload like shell ### cd/usr/share/metasploit-framework/modules #### modules have different type script ex:encode exploit payload post #### /exploit something about system exploit like overflow,code injection,web exploit #### /payloads create shell connect and something shell about pc interactive ##### stagers create shell connect like bind or reverse shell have http,TCP,UDP most common is TCP_Reverse ##### stages Meterpreter shell can do like upload,download document record,camera controll #### encoder & evasion let shell avoid firewall & antivirus #### nops front of payload,prepare memory as it can