Crypt_Hashfile using the target systems resources?

[iamtheky]

Have a small script that hashes all the files returned from an array in standard fashion.

$fHash = _Crypt_HashFile($aFiles[$aFound[$j]] , $CALG_MD5)

I believe (based off the amount of time it takes) that if you specify a file on another system, it is copying that file, then performing the hash (if that is wrong please advise).

 

I would like the script to always use the target systems resources to perform the hashing, is my only option to copy the script to that system first, then psexec or rdp and run that script on their system?  

[Radiance]

Accessing a shared network folder on the target system will not allow you to execute anything on it (I'm assuming you're under Windows).

If you want to use the target systems resources, you have to call your script from the remote systems shell, for example using Windows PowerShell.

When hashing with MD5, the time your script takes also depends on the size of the file.

[iamtheky]

"Using the target resources" was a poor description on my part.  I dont want to execute anything on it, per se.  I want to use the targets crypto dll to do the hashing.

In my head it is similar to a test I did a long time ago:

Use your windows media player to play a video that is located on another machine, then time how long it takes for the video to start.  Then use the full path to their windows media player and play that file, and time that.

In my experience the latter wins the race every time.

Edited December 3, 2014 by boththose

[computergroove]

Yes but the stream quality is crap if you are viewing it remotely. You can either create a secure ssh tunnel to their computer and execute code directly on their computer or you can pull the file from their computer and use it locally on yours.

[iamtheky]

i ended up writing it CLI so we can drop it and call it via psexec, and it is hella-faster than hashing remote files from your local machine.

expandcollapse popup

#include <WinAPIShPath.au3>
#include <Array.au3>
#include <File.au3>
#include <Crypt.au3>
#include <Security.au3>


Global $aFound[0]

Local $aCmdLine = _WinAPI_CommandLineToArgv($CmdLineRaw)
_FilePlusMD5($aCmdLine[1] , $aCmdLine[2])
exit


Func _FilePlusMD5($strComputer, $MD5target)

tooltip("Building the File List" , 0 , 0)

$Path="\c$\"

$aFiles = _FileListToArrayRec("\\" & $strComputer & $Path , "*.*x;*.zip;*.exe;*.bin;*.rar" , 1, 1, 0, 2)

for $j = 1 to ubound($aFiles) - 1

    tooltip("" , 0 , 0)
    tooltip("Working on file " & $j & " of " & ubound($aFiles) - 1 & " --  There are currently " & ubound($aFound) & " matches for " & $aCmdLine[2] , 0 , 0)

If $MD5target <> "" Then
If stringleft($MD5target , 2) <> "0x" Then $MD5target = "0x" & $MD5target
    $fHash = _Crypt_HashFile($aFiles[$j] , $CALG_MD5)
        If $fHash = $MD5target  Then
            _ArrayAdd($aFound , $aFiles[$j] & @LF & @LF & "-------MD5 MATCH ------"  & @LF & "MD5: " & $fHash & @LF & "Target: " & $MD5target)
        Endif
EndIf
next

$fLOG = fileopen("\\LOGS\MatchedHashes.log" , 1)
_FileWriteFromArray($fLOG , $aFound)
fileclose($fLOG)

EndFunc

However,  the OP is not solved.  If anyone has a way to use the target crypto dll to hash files on that target machine,  I would still like to speed test the solution.  Or if that's retarded and completely unrelated to the speed increase I saw with WMP, an explanation of why.

Edited December 3, 2014 by boththose

[iamtheky]

If you have 3 networked computers and psexec, can you try this?    I cant tell if Im experiencing permissions issues writing back to the network share eventhough we are running this as DA, or if I am doing something incorrectly in the script.

on computer 1:  create a share that both computers can access

on computer 2:  compile a script that does a simple fileopen(comp1filename.log)-filewrite-fileclose

on computer 3: run psexec computer1 C:filename.exe

 

**Currently it is modded to write to @ScriptDir, and then I copy the file to me.

Edited December 5, 2014 by boththose