Using Windows PowerShell to Compute File Hash (Bonus: automatically compare it to a given value)

Learn to use Windows PowerShell to calculate hash checksum values, and automatically compare the output to a given value!

Windows PowerShell

Being interested in security, you can’t help but hear about “hashing” and “file integrity”. I was aware that you can download third party software to calculate file hashes using different algorithms such as SHA256 and MD5, but I wasn’t aware you can do it in Windows PowerShell.

The coolest thing is how simple it is. Keep reading to learn how we do it!

Get-FileHash    [-Path] <String[]>    [[-Algorithm] <String>]    [<CommonParameters>] 

That is the syntax provided by Microsoft which you can read here.

I recently downloaded CentOS for a home lab project which I will post about soon. I wanted to check the hash on what I downloaded against the SHA256 checksum listed here.

This is the listed checksum for the .iso I downloaded:

6d44331cc4f6c506c7bbe9feb8468fad6c51a88ca1393ca6b8b486ea04bec3c1  

CentOS-7-x86_64-DVD-1810.iso

In order to calculate the SHA256 hash of the file I downloaded, this is the code I entered:

Get-FileHash C:\Users\AG\Documents\CCENT\N+\CentOS-7-x86_64-DVD-1810.iso

Here is my output:

Using Windows PowerShell to calculate SHA256 Hash against CentOS .iso download

As we can see by visually comparing, the hashes match so the integrity of my download has been verified!

That is, unless someone has hacked the CentOS site and modified the listed value! For now, let’s hope that the CentOs wiki has not been compromised.

Alas. . . comparing the hash values visually is a little daunting. I thought, there must be a way to automate the comparison! After a little bit of Google-Fu, I found a script written by GitHub user ‘ChrisBrownie’.

(Foolishly?) I trusted that there was nothing malicious in the script based on the resource I found it on, Chris Brown’s website (No, not the rapper/singer 😛 ). I also didn’t see much of anything that looked funky, but I’m a total newb to PowerShell.

Anyway, Chris is a Systems Engineer from Melbourne, Australia. As a side note, he says he enjoys flying small planes in his spare time, which is something I wouldn’t mind getting into my self! Thanks for the script Chris!

After saving the script and importing it using the ‘Import-Module’ command, this was my output:

Match: True–It works!

Cool! My very first experiences with PowerShell and scripting. I hope to be able to write scripts like this my self in the near future.

Worth noting is that I had to issue the ‘Set-ExecutionPolicy RemoteSigned’ command in order to import the .ps1 file that Chris wrote. From my understanding, this is part of the security strategy used by PowerShell. For more reading from Microsoft on this, click here.

All in all, this was an awesome exercise for me and my first foray into PowerShell. Maybe an order of ‘Learn PowerShell in a Month of Lunches’ by Don Jones and Jeffery Hicks is in order?

What do you think? Leave a comment below and tell me how you verify file integrity!

Additionally, let me know your thoughts on the PowerShell book listed above, is it any good?

Alex Gray

Author: Alex Gray

Aspiring IT professional focusing on networking, network security, advanced troubleshooting, web development, consulting, and more.

Leave a Reply

Your email address will not be published. Required fields are marked *