@RNGesus said:
Any guidance on knowing when it should matter? I would think it would for buffer overflows because of the storage size of various types in memory.
I dont have a good answer on this but then I suck at this bit of boxes. In general I find trial and error matters. It may depend on how self-contained the application is.
Normally you would expect quite a difference between an exploit tested on Win7 and an exploit on Win10 as the OS underwent quite significant changes.
However, I have certainly found some boxes where a Win 7 exploit is significantly more effective than a Win 10 one. It may because the exploit is targeting an application which might not have changed on different underlying OSes.
For me, solving this conundrum would probably take more time and effort than I am willing to spend all at once here, so I fall back on the trial and error approach a lot more than I probably should.
Is it pretty safe to make the assumption that I can use netcat unless the payload calls out meterpreter, vnc, etc?
I dont think it is that simple - but I am open to corrections. Certainly the unstaged, reverse_tcp shells tend to work with netcat but again, trial and error.
Anything which gets more complex, I’d probably go for a metepreter handler.