Solution

• In computer security, payload refers to the part of malware which performs a malicious action.

• In the analysis of malicious software such as worms, viruses and Trojans, it refers to the software’s harmful results.

• Examples of payloads include data destruction, messages with insulting text or spam e-mail messages sent to a large number of people.

• An exploit (meaning "using something to one’s own advantage") is a piece of software, a chunk of data, or a sequence of commands that takes advantage of a bug or vulnerability in order to cause unexpected behavior to occur on computer software, hardware, or something electronic. Such behavior includes things like gaining control of a computer system or a denial-of-service attack.

• The exploit is what delivers the payload.

• Take a missile as an analogy. You have the rocket and fuel and everything else in the rocket, and then you have the warhead that does the actual damage.

• Without the warhead, the missile doesn't do very much when it hits.

• Additionally, a warhead isn't much use if it goes off in your bunker without a rocket delivering it.

• The delivery system (missile) is the exploit and the payload (warhead) is the code that actually does something.

• Exploits give you the ability to 'pop a shell/run your payload code'.

• Example payloads are things like Trojans/RATs, keyloggers, reverse shells etc.

• Payloads are only referred to when code execution is possible and not when using things like denial of service exploits.