Chances are that you will usually get only one shot at launching and successfully executing your exploit, so the selection of a payload is very important.Your objective should be to get maximum mileage, while at the same time avoiding detection as much as possible.

In this regard, the Meterpreter might be your best bet. It executes within the context of the vulnerable process, and encrypts communication between client and SERVER.

Moreover, if you have a programming background, you could code your chosen task and compile it as a DLL.You could then upload and execute this DLL or any binary through Meterpreter.The VNC DLL will open up a GUI, which increases the speed at which you can pivot onto other systems. It also increases the chances of being detected, since any mouse or keyboard action you execute on the remote system will also SHOW up on the console of the remote system.

If you are very sure that no one would be monitoring the system console, or would be connected to VNC at the same time, you could go ahead and use this payload. If your objective is only proof of concept, you may be best suited by using a payload that will simply run a command (windows/exec, /bsd/x86/exec, cmd/unix/generic or /linux/x86/exec).To leave your mark on the system, you could create a LOCAL file in a specific location.

Chances are that you will usually get only one shot at launching and successfully executing your exploit, so the selection of a payload is very important.Your objective should be to get maximum mileage, while at the same time avoiding detection as much as possible.

In this regard, the Meterpreter might be your best bet. It executes within the context of the vulnerable process, and encrypts communication between client and server.

Moreover, if you have a programming background, you could code your chosen task and compile it as a DLL.You could then upload and execute this DLL or any binary through Meterpreter.The VNC DLL will open up a GUI, which increases the speed at which you can pivot onto other systems. It also increases the chances of being detected, since any mouse or keyboard action you execute on the remote system will also show up on the console of the remote system.

If you are very sure that no one would be monitoring the system console, or would be connected to VNC at the same time, you could go ahead and use this payload. If your objective is only proof of concept, you may be best suited by using a payload that will simply run a command (windows/exec, /bsd/x86/exec, cmd/unix/generic or /linux/x86/exec).To leave your mark on the system, you could create a local file in a specific location.