Payloads come in two variants: staged and unstaged.
A payload is the actual exploit that we are going to run against the target system. There are multiple types of exploits, but when they are used against a target to attack a specific service they are called payloads.
Payload is sent in incremental stages.
Can often be less stable than a non-staged payload.
Example: windows/meterpreter/reverse_tcp
Full payload is sent at once.
Larger in size.
Doesn't always work.
Example: windows/meterpreter_reverse_tcp
<aside> 💡 Recognising Staged and Non-Staged Payloads
Non-staged payloads are easily identifiable by the _ characters after the target operating system portion, such as windows/this_stuff_here , whereas in a staged payload, the name is identifiable by being broken down into OperatingSystem/type/name .
</aside>
<aside> 💡 If one version of your exploit isn't working, use the opposite - a non staged exploit might not always work!
</aside>