A hash is always a useful when you need to verify the integrity of any file. To check the integrity of your system, you can create a baseline of file hashes, and periodically check for changes against the baseline.
Powershell makes checking the integrity of multiple files very easy by combining Get-ChildItem (or dir/ls)with Get-Filehash.
Windows powershell is one of the essential management and automation tool that brings the simplicity of the command line to next generation operating systems.
Suggested Read: Dump All Wi-Fi Passwords with Windows PowerShell
In addition to using Windows console applications and built-in commands, you can also use the cmdlets (pronounced commandlets) that are built into Windows PowerShell. Cmdlets can be created by anyone. The Windows PowerShell team creates the core cmdlets, but many other teams at Microsoft were involved in creating the hundreds of cmdlets shipping with Windows 8. They are like executable programs, but they take advantage of the facilities built into Windows PowerShell, and therefore are easy to write. They are not scripts, which are uncompiled code, because they are built using the services of a special .NET Framework namespace.
The latest version of Windows PowerShell comes with about 1,000 cmdlets on Windows 10, and as additional features and roles are added, so are additional cmdlets. These cmdlets are designed to assist the network administrator or consultant to leverage the power of Windows PowerShell without having to learn a scripting language.
One of the strengths of Windows PowerShell is that cmdlets use a standard naming convention that follows a verb-noun pattern, such as Get-Help, Get-EventLog, or Get-Process.
To Generate a Hash (SHA256) with Windows Powershell Cmdlets of a single file, the command is:
Command: Get-FileHash ./filename
The default hashing algorithm is SHA256 but you can use also use MD5, SHA1, SHA384, SHA512, RIPEMD160 and MACTripleDES.
In case if you want to generate hash with MD5, the command is:
Command: Get-FileHash C:\filename -Algorithm MD5
And if you want to generate a Hash of multiple files, then you can use the following command:
Command: Get-ChildItem | Get-FileHash
And in case, if you want to export all the output in a .csv file then you can use the following command to export the results with -Recurse parameter which will recurse the file system and take the hashes of any files within sub-folders.
Command: Get-ChildItem -Recurse | Get-FileHash | Export-Csv -Path C:\output.csv
For XML, you can use Export-Clixml parameter.
If we make a change to readme.txt inside nc directory, when we run the command again the output of the hash will be different.
Ideally, we would want to compare the hashes when the script is run against the baseline, and report any changes. Powershell can compare output using the Compare-Object cmdlet as shown below:
Command: Compare-Object (Get-Content C:\old.csv) (Get-Content C:\new.csv) Format-Table -Wrap | Out-File C:\final.txt
Generate Hash with certutil –
Certutil is another native windows program that you may use to compute Hashes of files and can easily run via either Powershell or Command Prompt.
Command: certutil -hashfile C:\filename
By default, it will generate the Hash in SHA1 algorithm, but you can also specify the particular algorithm with the following syntax:
Command: certutil -hashfile C:\filename SHA512