Sign in to follow this  
Followers 0
iamtheky

Crypt_Hashfile using the target systems resources?

6 posts in this topic

Have a small script that hashes all the files returned from an array in standard fashion.

$fHash = _Crypt_HashFile($aFiles[$aFound[$j]] , $CALG_MD5)

I believe (based off the amount of time it takes) that if you specify a file on another system, it is copying that file, then performing the hash (if that is wrong please advise).

 

I would like the script to always use the target systems resources to perform the hashing, is my only option to copy the script to that system first, then psexec or rdp and run that script on their system?  


,-. .--. ________ .-. .-. ,---. ,-. .-. .-. .-.
|(| / /\ \ |\ /| |__ __||| | | || .-' | |/ / \ \_/ )/
(_) / /__\ \ |(\ / | )| | | `-' | | `-. | | / __ \ (_)
| | | __ | (_)\/ | (_) | | .-. | | .-' | | \ |__| ) (
| | | | |)| | \ / | | | | | |)| | `--. | |) \ | |
`-' |_| (_) | |\/| | `-' /( (_)/( __.' |((_)-' /(_|
'-' '-' (__) (__) (_) (__)

Share this post


Link to post
Share on other sites



Accessing a shared network folder on the target system will not allow you to execute anything on it (I'm assuming you're under Windows).

If you want to use the target systems resources, you have to call your script from the remote systems shell, for example using Windows PowerShell.

When hashing with MD5, the time your script takes also depends on the size of the file.

Share this post


Link to post
Share on other sites

#3 ·  Posted (edited)

"Using the target resources" was a poor description on my part.  I dont want to execute anything on it, per se.  I want to use the targets crypto dll to do the hashing.

In my head it is similar to a test I did a long time ago:

Use your windows media player to play a video that is located on another machine, then time how long it takes for the video to start.  Then use the full path to their windows media player and play that file, and time that.

In my experience the latter wins the race every time.

Edited by boththose

,-. .--. ________ .-. .-. ,---. ,-. .-. .-. .-.
|(| / /\ \ |\ /| |__ __||| | | || .-' | |/ / \ \_/ )/
(_) / /__\ \ |(\ / | )| | | `-' | | `-. | | / __ \ (_)
| | | __ | (_)\/ | (_) | | .-. | | .-' | | \ |__| ) (
| | | | |)| | \ / | | | | | |)| | `--. | |) \ | |
`-' |_| (_) | |\/| | `-' /( (_)/( __.' |((_)-' /(_|
'-' '-' (__) (__) (_) (__)

Share this post


Link to post
Share on other sites

Yes but the stream quality is crap if you are viewing it remotely. You can either create a secure ssh tunnel to their computer and execute code directly on their computer or you can pull the file from their computer and use it locally on yours.


Get Scite to add a popup when you use a 3rd party UDF -> http://www.autoitscript.com/autoit3/scite/docs/SciTE4AutoIt3/user-calltip-manager.html

Share this post


Link to post
Share on other sites

#5 ·  Posted (edited)

i ended up writing it CLI so we can drop it and call it via psexec, and it is hella-faster than hashing remote files from your local machine.

#include <WinAPIShPath.au3>
#include <Array.au3>
#include <File.au3>
#include <Crypt.au3>
#include <Security.au3>


Global $aFound[0]

Local $aCmdLine = _WinAPI_CommandLineToArgv($CmdLineRaw)
_FilePlusMD5($aCmdLine[1] , $aCmdLine[2])
exit


Func _FilePlusMD5($strComputer, $MD5target)

tooltip("Building the File List" , 0 , 0)

$Path="\c$\"

$aFiles = _FileListToArrayRec("\\" & $strComputer & $Path , "*.*x;*.zip;*.exe;*.bin;*.rar" , 1, 1, 0, 2)

for $j = 1 to ubound($aFiles) - 1

    tooltip("" , 0 , 0)
    tooltip("Working on file " & $j & " of " & ubound($aFiles) - 1 & " --  There are currently " & ubound($aFound) & " matches for " & $aCmdLine[2] , 0 , 0)

If $MD5target <> "" Then
If stringleft($MD5target , 2) <> "0x" Then $MD5target = "0x" & $MD5target
    $fHash = _Crypt_HashFile($aFiles[$j] , $CALG_MD5)
        If $fHash = $MD5target  Then
            _ArrayAdd($aFound , $aFiles[$j] & @LF & @LF & "-------MD5 MATCH ------"  & @LF & "MD5: " & $fHash & @LF & "Target: " & $MD5target)
        Endif
EndIf
next

$fLOG = fileopen("\\LOGS\MatchedHashes.log" , 1)
_FileWriteFromArray($fLOG , $aFound)
fileclose($fLOG)

EndFunc

However,  the OP is not solved.  If anyone has a way to use the target crypto dll to hash files on that target machine,  I would still like to speed test the solution.  Or if that's retarded and completely unrelated to the speed increase I saw with WMP, an explanation of why.

Edited by boththose
1 person likes this

,-. .--. ________ .-. .-. ,---. ,-. .-. .-. .-.
|(| / /\ \ |\ /| |__ __||| | | || .-' | |/ / \ \_/ )/
(_) / /__\ \ |(\ / | )| | | `-' | | `-. | | / __ \ (_)
| | | __ | (_)\/ | (_) | | .-. | | .-' | | \ |__| ) (
| | | | |)| | \ / | | | | | |)| | `--. | |) \ | |
`-' |_| (_) | |\/| | `-' /( (_)/( __.' |((_)-' /(_|
'-' '-' (__) (__) (_) (__)

Share this post


Link to post
Share on other sites

#6 ·  Posted (edited)

If you have 3 networked computers and psexec, can you try this?    I cant tell if Im experiencing permissions issues writing back to the network share eventhough we are running this as DA, or if I am doing something incorrectly in the script.

on computer 1:  create a share that both computers can access

on computer 2:  compile a script that does a simple fileopen(comp1filename.log)-filewrite-fileclose

on computer 3: run psexec computer1 C:filename.exe

 

**Currently it is modded to write to @ScriptDir, and then I copy the file to me.

Edited by boththose

,-. .--. ________ .-. .-. ,---. ,-. .-. .-. .-.
|(| / /\ \ |\ /| |__ __||| | | || .-' | |/ / \ \_/ )/
(_) / /__\ \ |(\ / | )| | | `-' | | `-. | | / __ \ (_)
| | | __ | (_)\/ | (_) | | .-. | | .-' | | \ |__| ) (
| | | | |)| | \ / | | | | | |)| | `--. | |) \ | |
`-' |_| (_) | |\/| | `-' /( (_)/( __.' |((_)-' /(_|
'-' '-' (__) (__) (_) (__)

Share this post


Link to post
Share on other sites

Create an account or sign in to comment

You need to be a member in order to leave a comment

Create an account

Sign up for a new account in our community. It's easy!


Register a new account

Sign in

Already have an account? Sign in here.


Sign In Now
Sign in to follow this  
Followers 0