Check file hash with PowerShell version 4 & 5

Note: Tested using PowerShell Version 4

A quick way to check the hash of a file is to use PowerShell’s Get-FileHash Cmdlet along with the Compare-Object Cmdlet.

You may want to check the file you’ve downloaded from the Internet hasn’t been changed and websites sometimes have the file hashes to verify this.

In the code below, copy the file hash from the website and paste it in after the ReferenceObject parameter, input the algorithm that was used to produce the hash after the Algorithm parameter and then input the Path to the downloaded file.

Example

After downloading WinDirStat to my C:\Downloads directory, I can check the SHA1 hash by running the following command.

WinDirStat download page
WinDirStat file hashes

Output of Get-FileHash in PowerShell
Output of Get-FileHash

-IncludeEqual

The IncludeEqual parameter is optional. If you don’t use it and the objects match,  PowerShell will return to the command prompt with no output displayed from running the command. The IncludeEqual parameter will display the InputObject, in this case the hash value and two equals signs to show that the objects (hashes in this case) match.

 

Hashes don’t match

If the hashes don’t match, the hash from the file will be displayed along with the hash that was pasted in. The <= shows the first compared object, in this case the pasted hash and the => shows the second compared object, the hash from the file.

For the screenshot below, I changed the end character of the pasted hash value to show what is displayed when the values don’t match.

Output of Get-FileHash in PowerShell, hashes don't match
Output of Get-FileHash, hashes don’t match

 

 

 

Installing Dig on Windows 8.1

This post will show you how to install Dig (Domain Information Groper) on Windows 8.1. Dig is a DNS (Domain Name System) command that gives you lots more information than NSlookup, but is not installed on Windows by default.

Download from https://www.isc.org/downloads/

Under the BIND heading, click the download button of the “Current-stable” release.

Select current stable version
Select current stable version

 

Select your version (32-bit, 64-bit)

Download options of Dig for Windows
Download options of Dig for Windows

Right click on the download, select “Extract All…” and extract the package to your chosen location

Extract All menu
Extract menu

 

I’ve put it in C:\Program Files

extract files location
extract files location

Depending on where you extract the files, you may have to provide administrator permission (check the “Do this for all current items” check box and click Continue).

Give administrator permission to copy files
Confirm administrator permission to copy files

You can now use Dig via the command line by opening a command prompt, changing directory to where you copied the Dig.exe file and running the Dig command.

 

Running Dig straight from the extracted directory
Running Dig straight from the extracted directory

 

Advanced: adding Dig to your Path

If you would like to run the Dig command from anywhere in the command prompt (and you probably don’t want to always have to go to the the directory to just run the command) you have to add it to your Path.

Be careful when doing this.. you’ve been warned!

Right click on the windows button (usually bottom right of screen) and select “System”

Right click on Windows button (usually bottom right).
Right click on Windows button

 

Or search for “System” and select the result that just says “System”

Search for system and select system
Use the search function to find system

 

Select “Advanced system settings”

System screen, select Advanced System Settings
System

 

Select “Environment Variables…”

System Properties screen, select environment variables
System Properties screen

 

Under “System variables” select Path then “Edit…”

Select "Path" under System Variables

 

Go to the end of the “Variable value” input box, enter a semi colon directly after the last variable value (no space) followed by the path where you extracted your files. In my example, I have entered ;C:\Program Files\BIND9.10.0-P2.x64

Edit system variable, enter a semi colon then the path to the dig.exe

The end of my variable value text box contains:

C:\ProgramFiles(x86)\ATITechnologies\ATI.ACE\CoreStatic;%systemroot%\idmu\common;C:\ProgramFiles\BIND9.10.0-P2.x64

Click “OK” to close all the dialogue boxes.

You have to close your Command Prompt and open a new one for the
Path to be updated.
Tip: to check what’s in your path, type “path” at your command prompt.

You should now be able to run the “dig” command from any location in the command prompt.

Type dig -h at the prompt and you should see the help file.

Dig installed and added to the path variable

Type dig followed by a domain name to view the information.

 

PowerShell Remoting WinRM

When trying to enter a PowerShell session on a remote PC

you receive the following error:

Enter-PSSession : Connecting to remote server win7-pc01 failed with the following error message : The client cannot connect to the destination specified in the request. Verify that the service on the destination is running and is accepting requests. Consult the logs and documentation for the WS-Management service running on the destination, most commonly IIS or WinRM. If the destination is the WinRM service, run the following command on the destination to analyze and configure the WinRM service: "winrm quickconfig". For more information, see the about_Remote_Troubleshooting Help topic. At line:1 char:1 + Enter-PSSession win7-pc01 + ~~~~~~~~~~~~~~~~~~~~~~~~~ + CategoryInfo : InvalidArgument: (win7-pc01:String) [Enter-PSSession], PSRemotingTransportException + FullyQualifiedErrorId : CreateRemoteRunspaceFailed

Go to the client computer and check to see if the WinRM service is running.

Status Name DisplayName ------ ---- ----------- Running WinDefend Windows Defender Running WinHttpAutoProx... WinHTTP Web Proxy Auto-Discovery Se... Running Winmgmt Windows Management Instrumentation Stopped WinRM Windows Remote Management (WS-Manag...

We need to start the WinRM service, run:

After that has completed, check the service is running by:

PS C:\> Start-Service -Name WinRM -Verbose VERBOSE: Performing operation "Start-Service" on Target "Windows Remote Management (WS-Management) (WinRM)". PS C:\> Get-Service -Name WinRM  Status   Name               DisplayName ------   ----               ----------- Running  WinRM              Windows Remote Management (WS-Manag...

Now we have to configure WinRM to recieve remote requested. Run:

Answer Y to the questions. You’ll set the service to start when the PC is booted up, create a listener to “listen” for WinRM requests and configure the Windows firewall to allow the WinRM traffic.

WinRM quickconfig

If you check your inbound connections on your firewall you’ll see the new rules added.
WinRM firewall settings after running winrm quickconfig

We should now be able to remotely connect to the client PC via PowerShell and run all the PowerShell commands on it:

PS C:\> Enter-PSSession -ComputerName win7-pc01 [win7-pc01]: PS C:\Users\administrator\Documents>

Hope this has helped.

Please note
This was done on my test network. Make sure you know the implications of opening up firewall ports and running WinRM on you PC(s).

For this post my test lab consists of a Windows Server 2012 R2 GC DC and a Windows 7 Enterprise client.

Installing Backtrack Linux in Virtual Box on Linux Mint 15

I’ve been studying an on-line  course which requires reverse engineering of some Malware. A virtual environment is ideal for this situation. A new operating system can be created separate from the main operating system, messed around with and then put back exactly as a fresh install relatively easily.

Here is a small guide on  installing Backtrack Linux on VirtualBox.

Install VirtualBox

Go to Software Manager, search for VirtualBox and install.

VirtualBox package

Now VirtualBox is installed, it’s time to get the backtrack operating system. Head over to http://www.backtrack-linux.org/downloads/ and select BackTrack 5 R3, Choose a Window manager, Architecture, Image Type (I went withVM Ware which works in VirtualBox and is what I’ll show below, though mounting an ISO file in VirtualBox and installing from it is straight forward). Finally select your download method.

Backtrack download selection screen

Open up a terminal (Ctrl + Alt + T) and move into the folder where the file was downloaded. Check the md5sum by entering:

$ md5sum BT5R3-GNOME-VM-32.7z

If the md5sum matches that on the website move the file to a directory where you want to keep your virtual hard drives, otherwise re-download the image.

Move to the directory where you moved the zip file and extract it.

$ p7zip -d BT5R3-GNOME-VM-32.7z

After the file has extracted, open up Virtual Box and click on the “New” button.

Enter a name for your virtual machine and select the type (Linux) and version (Ubuntu or other Linux)

New virtual machine, virtual box

Set the amount of RAM you want to allocate to the machine.

Select Use an existing hard drive file

Select hard drive, virtual box

Navigate to the directory where you extracted the hard drive files and select BT5R3-GNOME-VM-32.vmdk (or similar file without the -s###.vmdk)

Virtual box file browser, select top vmdk file

OK the selection and create the virtual machine.

Start the virtual machine, enter the username and password (can be found on the back track website).

To start the windows manager type:

$ startx

back track 5 r3 running in virtual box