How to use File Hashing and Integrity Monitoring Algorithms for File Validation using Certutil MD5 and WinMD5Free

Home > Blogs > CompTIA > How to use File Hashing and Integrity Monitoring Algorithms for File Validation using Certutil MD5 and WinMD5Free

How to use File Hashing and Integrity Monitoring Algorithms for File Validation using Certutil MD5 and WinMD5Free

Like This Blog 0Mark Jacob
Added by October 2, 2019

This content is from our CompTIA Network + Video Certification Training Course. Start training today!


Let’s look into the concept of File Hashing and File Integrity Monitoring. How do we know if the file that we’re expecting is correct?

File hashing is a hashing algorithm that takes some amount of input. You can imagine it like a food processor. You throw in items and push the on button. It spits out a fixed length hash or it’s supposed to look like a nonsense string. We have a demo latter in the lesson to see one.

The mindset is, let’s say, we’re a code writer that writes some code and wants to have other people use it. We can take our code and run it through a “food processor”, the hashing algorithm and spit out what appears to be nonsense string of hexadecimal bits. Then we can post it online or downloadable.

It gives the hash of what the file looks like so that anybody who downloads it can then compare the hash that they get with the one that was posted. If they’re not the same, you do not want to execute that file.

Some examples of hashing algorithms, MD5, SHA1, SHA256, SHA512. Let’s take a look at what MD Message Digest is.

File Hashing:

You’ll notice MD stands for Message Digest which is a hashing algorithm, while SHA stands for Secure Hashing Algorithm.

What we want to do is create a hash value of some sample file. By the way, certutil is actually built right into Windows.

We want to create a hash value of a simple file and create the file with the value.

On this computer, in File Explorer, we have a nice GUI view of it. Then we have a command prompt.

What we want to do first is create a temporary directory because we’ll delete it later. We won’t need this for any other reason other than this demo.

We will type “md temp” to make directory temp and hit enter.

You’ll notice temp shows up.

Then we want to go into the temp directory and right‑click to create a new text document.

We’ll name it “fakedoc.txt”.

Now, we will put some contents in the txt file.

Let’s open it up and type something. Let’s say “Lefty owes me $100”. We making sure that it’s written down because we don’t want any problems later. Now it’s notated that Lefty owes us $100.

Now we can save this and then close it down.

Now, we can go back to our command prompt and run the certutil. If you’ve never used this before, it’s built into Windows, you can expose yourself to it with the forward slash question mark “/?” to display the options.

You can hit the up arrow and place “more” at the end in order to see one page at a time.

You can read all the options inside certutil.

Now we can clear the screen by tropic “cls” and hit enter.

Now let’s take a look at what the MD5 hash of this document that I’ve just created would be. We’ll type “certutil” and then “-hashfile”

We need the path and we can an actually select it in the Windows Explorer by copping it and pasting inside the command pormpt c/temp/temp/fake doc. By the way for you non‑windows people, Windows is not case sensitive. Then we can add md5 algorithm to the end and hit enter.

This string here, this is the computed hash, the MD5, food processor.

It appears to be nonsense, which is what we want.

By the way, a hashing algorithm is considered a one‑way algorithm. You do not put something into a hash so that you can decrypt the hash later to find out what was put in. It’s a one‑way path.

That’s the example of how to take any file and using a built‑in command line utility that comes with Windows, figuring out what its hash value is.

The path and the name of the file, we saw that and then whatever algorithm, and MD5 or SHA1.

 

File Integrity Monitoring:

File integrity monitoring is the other aspect of the lesson. This allows us to verify that the file is legit. That was the example mentioned earlier. If you’re a code writer and want to release your code for the masses, we compute the hash and then include a little text file online that says, here’s the hash value. When you download this file, run it, this is what you should get.

Now, what we saw in the demo was a command line. There are people that are comfortable with command line but that’s not the only way.

Tools – Again certutil is built into Windows. Other tools available is WinMD5Free. There’s other ones out there as well.

In this case, this is a GUI, graphical user interface. You can tie it into a context menu and explorer if you want to. If you’re on a Linux box, you have other commands, not dependent of operating system. Command line or GUI .

This time instead of using certutil, we’ll use WinMD5 downloader. We’ll open a new file explorer window so the previous window is visible.

We’ll navigate to the downloads folder and click WinMD5.exe

Double click it to open it.

We want to compare the file with the initial windows explorer.

We can click Browse.

Navigate to “This PC (C:) drive > and the temp folder.

There’s our Document.

Double click “Fakedoc.txt”. You notice it will compare.

This is the computed value using WinMD5.

Let’s say somebody downloaded our file. We told them that the string is supposed to be this.

They ran a computation and saw it starting in 630 but now you’re looking…is that to say that I miss something?

Well, let’s come back into the command promote and type “cls” and hit enter.

Now we can go into the WinMD5Free utility and paste the value in and verify.

And it notifies us that here’s the original and now the current and they match.

We were able to use a GUI I was able to use a command line utility but here in is one of the really cool things about a hash value of a file.

How much did Lefty owe us?

You might be thinking, “Well, maybe Lefty can’t tell. His memory’s not what it used to be. He’s not going to remember how much he owes us.” Let’s get in here and say, “You know what? He owes me $1,000 not $100.” It’s just one more zero. It’s not going to make that much difference, right?

Let’s save the file. Remember, here is our WinMD5 computation before we made the change.

Let’s hit the up arrow inside the command prompt.

Maybe it only changes that MD5 hash by a little bit. Let’s take a look. Notice that it is nowhere near the original.

It’s like almost nothing is the same. A tiny modification in the file results in a consequential difference in the hashed output.

What we just did allows us to determine these tiny changes matter. We made a miniscule change but we have the ability to now compare.

You can see that even if one tiny bit is changed, it’s a very consequential difference. Meaning, it’s a very important concept in network in general. As you saw from the example of the demo, perhaps in financial transactions as well.

 

 

Until next time….

Mark Jacob
Cisco and CompTIA Network + Instructor – Interface Technical Training
Phoenix, AZ

Video Certification Training: CompTIA Network +

 

Videos You May Like

Agile Methodology in Project Management

0 113 0

In this video, you will gain an understanding of Agile and Scrum Master Certification terminologies and concepts to help you make better decisions in your Project Management capabilities. Whether you’re a developer looking to obtain an Agile or Scrum Master Certification, or you’re a Project Manager/Product Owner who is attempting to get your product or … Continue reading Agile Methodology in Project Management

Creating Users and Managing Passwords in Microsoft Office 365

0 476 3

In this Office 365 training video, instructor Spike Xavier demonstrates how to create users and manage passwords in Office 365.

Detailed Forensic Investigation of Malware Infections – April 21, 2015

4 466 3

In this IT Security training video, Security expert Mike Danseglio (CISSP / CEH) will perform several malware investigations including rootkits, botnets, viruses, and browser toolbars.

Write a Comment

Share your thoughts...

Please fill out the comment form below to post a reply.