Tag Archives: PowerShell

Get MD5 and SHA1 digests in Windows 7

Hi my name is Thomas and I am a Linux user. But I am not a fanboy! Hard to believe I know, but to me an OS is just a big tool that allows me to use other tools, so if it is Linux, Windows or Macs I really don’t mind as long as it is up to the job I want it for.

I recently had to use a Windows 7 machine, so as usual I started by prepping it for what I wanted to use it for, one of my first tasks was installing a hypervisor so I could spin up some VM’s, Linux VM’s cause how am I expected to get anything done on Windows 7!!!1!??

Anyway as part of this download/install ritual, being a good security analyst I wanted to verify the integrity of what I was downloading by checking the hash digests. Upon investigation I realised that Windows 7 is not fit for purpose does not support this natively.

Looking into this further I found this blog post about the Get_FileHash CmdLet in Powershell, excellent I thought, this is just what I need.

Except…it wouldn’t work, I’m not sure why, I’m guessing it was only included in newer versions of PowerShell than the one I was using…all I know is that it would not work.

So off to PowerShell hacking and bodging I went! What I came up with was this ugly and in need of improvement but ultimately up to the job, script. (I just hope not clearing those variables during an running instance does not come back to haunt me!)

###############
# nettx.co.uk #
###############

#TODO: handel Errors
#TODO: Clear $vars after run


function Show-Menu
{
     
     param (
           [string]$Title = '
 _______          __ ___________       
 \      \   _____/  |\__    ___/__  ___
 /   |   \_/ __ \   __\|    |  \  \/  /
/    |    \  ___/|  |  |    |   >    < \____|__ /\___ >__|  |____|  /__/\_ \
        \/     \/                    \/ 
       Get hash digest tool
             thomas
                    '
     )
     
     cls
     Write-Host "$Title"
     Write-Host "Press '1' to get md5"
     Write-Host "Press '2' to get SHA1"
     Write-Host "press '3' to get both"
     Write-Host "Or double tap ENTER to exit..."
}
do
{
     Show-Menu
     $input = Read-Host "Please make a selection"
     switch ($input)
     {
           '1' {

$File = Read-Host "Enter the full path of the file to be hashed" 
$md5 = New-Object -TypeName System.Security.Cryptography.MD5CryptoServiceProvider
$hash_md5 = [System.BitConverter]::ToString($md5.ComputeHash([System.IO.File]::ReadAllBytes($File)))
$hash1_md5 = $hash_md5 -replace ‘[-]’,''
write-Host 
""
$hash1_md5
""
#$hash1_md5 = "TWAT"

Read-host "press any key to contine..."

                }'2'{
$hash1_sha1 = ""               
$File = Read-Host "Enter the full path of the file to be hashed" 
$sha1 = New-Object -TypeName System.Security.Cryptography.SHA1CryptoServiceProvider
$hash_sha1 = [System.BitConverter]::ToString($sha1.ComputeHash([System.IO.File]::ReadAllBytes($File)))
$hash1_sha1 = $hash_sha1 -replace ‘[-]’,''
write-Host
""
$hash1_sha1
""
Read-host "press any key to contine..."
                               
                }'3'{
                
$File = Read-Host "Enter the full path of the file to be hashed"               
$md5 = New-Object -TypeName System.Security.Cryptography.MD5CryptoServiceProvider
$hash_md5 = [System.BitConverter]::ToString($md5.ComputeHash([System.IO.File]::ReadAllBytes($File)))
$hash1_md5 = $hash_md5 -replace ‘[-]’,''


$sha1 = New-Object -TypeName System.Security.Cryptography.SHA1CryptoServiceProvider
$hash_sha1 = [System.BitConverter]::ToString($sha1.ComputeHash([System.IO.File]::ReadAllBytes($File)))
$hash1_sha1 = $hash_sha1 -replace ‘[-]’,''

Write-Host "
MD5:" $hash1_md5
Write-Host "
SHA1:" $hash1_sha1


Read-host "press any key to contine..."
               
                }'q'{
                return
                }
          }
}
until($input -eq '')

Answering the question, no one asked…

I have to be honest I do love myself a pocket reference guide. Even with the internet’s vast resources there is something about holding an old school, analogue, physical copy of a book that is pleasing in a way that searching the internet just isn’t.

The strange thing is that despite their name, I’ve never actually carried one of these books around in my pocket, this lead me to assume that they didn’t fit in real pockets….

Well as it turns out, predictably and obviously I was wrong….

Also…

IPv4 Threat Intelligence – PowerShell Script

Following on from by previous post about gathering IPv4 threat intelligence automatically with Python scripts I thought I would follow it up with a PowerShell script I wrote that does something similar.

This script will work on Windows without the need for any extra installs, so it is perfect for users that only have access to Windows in the workplace.

It is often the case that security analysts and sys-admins need to grab bulk lists of IPv4 addresses from a data source, this data source can be logs, websites and intelligence feeds. Data sources such as these can contain lots of redundant data, such as domain names, time stamps etc. etc. In general removing this data can be done simply with a script and this is exactly what that script does.

I have seen a few scripts kicking about that do something similar to this, but they generally contain way more lines of code than is needed (although this does have some ASCII art of cats and dogs that really doesn’t need to be there) as well as requiring some kind of user input. This script is very tight with the code and the only user input required is dragging the input file over to the scripts directory.

This script allows you to take the data source in the form of a file and automatically convert it to a .csv of IPv4 addresses, fully de-deduped and with all redundant removed, ready to be used for whatever purpose you have in mind for it.

The Script is quite raw at the moment, so you will need to make a couple of edits to tailor it to your environment. See below for the bits that you may wish to edit:

  • Put the script in you documents folder as such $home\Documents\ipv4\
  • The file you want to run the script on will need to be dumped in the same folder
  • The ipv4_* wildcard is used to detect the input file
  • Follow this guide if you want to run the PowerShell script with a simple double click of a batch script

I have a script very similar to this that does the same thing, but grabs the input data from the web (similar to the python scripts, but in PowerShell), I will post this in the next few days.

Find the script here on GitHub