Difference between Exploit and Payload

May 01, 2023

Within the offensive security procedures mainly, as in a pentesting or Red Team exercise, the concepts of exploit and payload will surely appear since, in the vulnerability exploitation phase, they are elements that will be used. However, in many universities, schools, institutes, courses and professionals, these concepts are usually taught in a wrong way, thus causing future professionals to misunderstand the basic and essential difference between these two concepts, and this is exactly what you will learn in this publication, but first, let’s define each concept individually.

What is an exploit

First, an exploit corresponds (at the software level) to a piece of code written in any programming language (or not) that will execute a series of instructions that will exploit a security flaw (a vulnerability).

For example, if we have an asset that is a refrigerator that is locked with a padlock, during recognition of the same, determined that the refrigerator model is a model that has a security flaw that would allow a user with bad intentions to be able to open the lock without using the key, since this security flaw would allow with only diagonal movements with a paper clip could unlock the lock.

In this example, the asset to be audited is the refrigerator, the security flaw is the obsolete version of the padlock that has this factory flaw, and the exploit is the paper clip that allows a malicious user to use it to exploit this vulnerability.

What is a payload

On the other hand, the payload is the ACTION that will be performed once the exploit is executed and exploits the security flaw, as such a payload does not exploit a vulnerability, but is injected through the exploit and, similarly, an exploit does nothing more than exploit the vulnerability, it does not do more than that because, as we said, that is the task of the payload.

Returning to the previous example, let’s imagine that the malicious user wants to drink a glass of water that is inside the refrigerator, then making use of the clip (the exploit) exploits the security flaw of the lock (vulnerability) and once the security flaw is exploited and the refrigerator is opened, he executes the action after the exploit (payload) which is basically to drink the glass of water and stay hydrated because water is life.

Differences between exploit and payload

So, the most basic difference between an exploit and a payload (apart from cooking examples) is the fact that an exploit ONLY exploits a vulnerability and the payload is the ACTION to be done once the vulnerability has been exploited, usually in the same exploit code the payload is already included and you do not have to manually launch it separately, which can cause the confusion that the exploit exploits the vulnerability and then does the action.

In a pentesting, the type of payload can vary, it can be from running a command on the system, execute a call to get a reverse shell or other action, but all after the exploit has done its job, so you know this difference so basic but it seems that almost nobody understands well.

Exodia OS

Exodia OS – The new pentesting system

There are many operating systems focused on cybersecurity, both systems focused on...
Empezar en HackTheBox

Machines to Start at HackTheBox

If you are thinking about starting in HackTheBox, specifically to start making their...

How to connect to TryHackMe VPN

If you are interested in learning cybersecurity you may have heard of TryHackMe, you...

TryHackMe Vs HackTheBox comparison 2023

HackTheBox and TryHackMe are platforms oriented to training focused mainly on offensive...

What is Pentesting, phases and types

Within computer security, there are several processes that mainly differ in the way they...

Alternatives to HackTheBox

When users passionate about cybersecurity are looking for a platform to reinforce and...

What is HackTheBox and how to start

When learning Ethical Hacking it is important that, above all, you practice, that is why...