From 3a017862cb288a5847eef354bc546569a31b803f Mon Sep 17 00:00:00 2001
From: hulto <7121375+hulto@users.noreply.github.com>
Date: Tue, 23 Jan 2024 01:17:18 +0000
Subject: [PATCH 1/2] Remove file.hash for crypto.hash

---
 docs/_docs/user-guide/eldritch.md           | 27 ++++++---------
 implants/lib/eldritch/src/file/hash_impl.rs | 37 ---------------------
 implants/lib/eldritch/src/lib.rs            |  2 +-
 3 files changed, 11 insertions(+), 55 deletions(-)
 delete mode 100644 implants/lib/eldritch/src/file/hash_impl.rs

diff --git a/docs/_docs/user-guide/eldritch.md b/docs/_docs/user-guide/eldritch.md
index acc8e0aab..cf7471203 100644
--- a/docs/_docs/user-guide/eldritch.md
+++ b/docs/_docs/user-guide/eldritch.md
@@ -263,12 +263,6 @@ The <b>file.download</b> method downloads a file at the URI specified in `uri` t
 
 The <b>file.exists</b> method checks if a file or directory exists at the path specified.
 
-### file.hash
-
-`file.hash(path: str) -> str`
-
-The <b>file.hash</b> method returns a sha256 hash of the file specified in `path`.
-
 ### file.is_dir
 
 `file.is_dir(path: str) -> bool`
@@ -833,7 +827,7 @@ sys.shell("ls /nofile")
 
 `sys.write_reg_hex(reghive: str, regpath: str, regname: str, regtype: str, regvalue: str) -> Bool`
 
-The <b>sys.write_reg_hex</b> method returns `True` if registry values are written to the requested registry path and accepts a hexstring as the value argument. 
+The <b>sys.write_reg_hex</b> method returns `True` if registry values are written to the requested registry path and accepts a hexstring as the value argument.
 An example is below:
 
 ```python
@@ -851,7 +845,7 @@ $> sys.write_reg_hex("HKEY_CURRENT_USER","SOFTWARE\\TEST1","FOO1","REG_DWORD_BIG
 True
 $> sys.write_reg_hex("HKEY_CURRENT_USER","SOFTWARE\\TEST1","FOO1","REG_LINK","deadbeef")
 True
-$> sys.write_reg_hex("HKEY_CURRENT_USER","SOFTWARE\\TEST1","FOO1","REG_MULTI_SZ","dead,beef") 
+$> sys.write_reg_hex("HKEY_CURRENT_USER","SOFTWARE\\TEST1","FOO1","REG_MULTI_SZ","dead,beef")
 True
 $> sys.write_reg_hex("HKEY_CURRENT_USER","SOFTWARE\\TEST1","FOO1","REG_RESOURCE_LIST","deadbeef")
 True
@@ -859,7 +853,7 @@ $> sys.write_reg_hex("HKEY_CURRENT_USER","SOFTWARE\\TEST1","FOO1","REG_FULL_RESO
 True
 $> sys.write_reg_hex("HKEY_CURRENT_USER","SOFTWARE\\TEST1","FOO1","REG_RESOURCE_REQUIREMENTS_LIST","deadbeef")
 True
-$> sys.write_reg_hex("HKEY_CURRENT_USER","SOFTWARE\\TEST1","FOO1","REG_QWORD","deadbeefdeadbeef") 
+$> sys.write_reg_hex("HKEY_CURRENT_USER","SOFTWARE\\TEST1","FOO1","REG_QWORD","deadbeefdeadbeef")
 True
 ```
 
@@ -885,7 +879,7 @@ $> sys.write_reg_int("HKEY_CURRENT_USER","SOFTWARE\\TEST1","FOO1","REG_DWORD_BIG
 True
 $> sys.write_reg_int("HKEY_CURRENT_USER","SOFTWARE\\TEST1","FOO1","REG_LINK",12345678)
 True
-$> sys.write_reg_int("HKEY_CURRENT_USER","SOFTWARE\\TEST1","FOO1","REG_MULTI_SZ",12345678) 
+$> sys.write_reg_int("HKEY_CURRENT_USER","SOFTWARE\\TEST1","FOO1","REG_MULTI_SZ",12345678)
 True
 $> sys.write_reg_int("HKEY_CURRENT_USER","SOFTWARE\\TEST1","FOO1","REG_RESOURCE_LIST",12345678)
 True
@@ -893,7 +887,7 @@ $> sys.write_reg_int("HKEY_CURRENT_USER","SOFTWARE\\TEST1","FOO1","REG_FULL_RESO
 True
 $> sys.write_reg_int("HKEY_CURRENT_USER","SOFTWARE\\TEST1","FOO1","REG_RESOURCE_REQUIREMENTS_LIST",12345678)
 True
-$> sys.write_reg_int("HKEY_CURRENT_USER","SOFTWARE\\TEST1","FOO1","REG_QWORD",12345678) 
+$> sys.write_reg_int("HKEY_CURRENT_USER","SOFTWARE\\TEST1","FOO1","REG_QWORD",12345678)
 True
 ```
 
@@ -901,7 +895,7 @@ True
 
 `sys.write_reg_str(reghive: str, regpath: str, regname: str, regtype: str, regvalue: str) -> Bool`
 
-The <b>sys.write_reg_str</b> method returns `True` if registry values are written to the requested registry path and accepts a string as the value argument. 
+The <b>sys.write_reg_str</b> method returns `True` if registry values are written to the requested registry path and accepts a string as the value argument.
 An example is below:
 
 ```python
@@ -919,7 +913,7 @@ $> sys.write_reg_str("HKEY_CURRENT_USER","SOFTWARE\\TEST1","FOO1","REG_DWORD_BIG
 True
 $> sys.write_reg_str("HKEY_CURRENT_USER","SOFTWARE\\TEST1","FOO1","REG_LINK","A PLAIN STRING")
 True
-$> sys.write_reg_str("HKEY_CURRENT_USER","SOFTWARE\\TEST1","FOO1","REG_MULTI_SZ","BAR1,BAR2,BAR3") 
+$> sys.write_reg_str("HKEY_CURRENT_USER","SOFTWARE\\TEST1","FOO1","REG_MULTI_SZ","BAR1,BAR2,BAR3")
 True
 $> sys.write_reg_str("HKEY_CURRENT_USER","SOFTWARE\\TEST1","FOO1","REG_RESOURCE_LIST","DEADBEEF")
 True
@@ -927,7 +921,7 @@ $> sys.write_reg_str("HKEY_CURRENT_USER","SOFTWARE\\TEST1","FOO1","REG_FULL_RESO
 True
 $> sys.write_reg_str("HKEY_CURRENT_USER","SOFTWARE\\TEST1","FOO1","REG_RESOURCE_REQUIREMENTS_LIST","DEADBEEF")
 True
-$> sys.write_reg_str("HKEY_CURRENT_USER","SOFTWARE\\TEST1","FOO1","REG_QWORD","1234567812345678") 
+$> sys.write_reg_str("HKEY_CURRENT_USER","SOFTWARE\\TEST1","FOO1","REG_QWORD","1234567812345678")
 True
 ```
 
@@ -944,7 +938,7 @@ Some common formating methods are:
 - "%Y-%m-%d %H:%M:%S" (24 Hour Time)
 - "%Y-%m-%d %I:%M:%S %P" (AM/PM)
 
-For reference on all available format specifiers, see https://docs.rs/chrono/latest/chrono/format/strftime/index.html
+For reference on all available format specifiers, see <https://docs.rs/chrono/latest/chrono/format/strftime/index.html>
 
 ### time.format_to_readable
 
@@ -957,7 +951,7 @@ Some common formating methods are:
 - "%Y-%m-%d %H:%M:%S" (24 Hour Time)
 - "%Y-%m-%d %I:%M:%S %P" (AM/PM)
 
-For reference on all available format specifiers, see https://docs.rs/chrono/latest/chrono/format/strftime/index.html
+For reference on all available format specifiers, see <https://docs.rs/chrono/latest/chrono/format/strftime/index.html>
 
 ### time.now
 
@@ -970,4 +964,3 @@ The <b>time.now</b> method returns the time since UNIX EPOCH (Jan 01 1970). This
 `time.sleep(secs: float)`
 
 The <b>time.sleep</b> method sleeps the task for the given number of seconds.
-
diff --git a/implants/lib/eldritch/src/file/hash_impl.rs b/implants/lib/eldritch/src/file/hash_impl.rs
deleted file mode 100644
index 090072f03..000000000
--- a/implants/lib/eldritch/src/file/hash_impl.rs
+++ /dev/null
@@ -1,37 +0,0 @@
-use std::path::Path;
-
-use anyhow::Result;
-use sha256::try_digest;
-
-pub fn hash(path: String) -> Result<String> {
-    let file_path = Path::new(&path);
-    let val = try_digest(file_path)?;
-    Ok(val)
-}
-
-#[cfg(test)]
-mod tests {
-    use super::*;
-    use std::io::prelude::*;
-    use tempfile::NamedTempFile;
-
-    #[test]
-    fn test_hash() -> anyhow::Result<()> {
-        // Create file
-        let mut tmp_file = NamedTempFile::new()?;
-        let path = String::from(tmp_file.path().to_str().unwrap());
-
-        // Write to file
-        tmp_file.write_all(b"aoeu")?;
-
-        // Run our code
-        let res = hash(path)?;
-
-        assert_eq!(
-            res,
-            "bc4c24181ed3ce6666444deeb95e1f61940bffee70dd13972beb331f5d111e9b"
-        );
-
-        Ok(())
-    }
-}
diff --git a/implants/lib/eldritch/src/lib.rs b/implants/lib/eldritch/src/lib.rs
index 59dd924c7..4781ccaa8 100644
--- a/implants/lib/eldritch/src/lib.rs
+++ b/implants/lib/eldritch/src/lib.rs
@@ -222,7 +222,7 @@ mod tests {
         a.globals(globals);
         a.all_true(
             r#"
-dir(file) == ["append", "compress", "copy", "download", "exists", "find", "hash", "is_dir", "is_file", "list", "mkdir", "moveto", "read", "remove", "replace", "replace_all", "template", "timestomp", "write"]
+dir(file) == ["append", "compress", "copy", "download", "exists", "find", "is_dir", "is_file", "list", "mkdir", "moveto", "read", "remove", "replace", "replace_all", "template", "timestomp", "write"]
 dir(process) == ["info", "kill", "list", "name", "netstat"]
 dir(sys) == ["dll_inject", "dll_reflect", "exec", "get_env", "get_ip", "get_os", "get_pid", "get_reg", "get_user", "hostname", "is_linux", "is_macos", "is_windows", "shell", "write_reg_hex", "write_reg_int", "write_reg_str"]
 dir(pivot) == ["arp_scan", "bind_proxy", "ncat", "port_forward", "port_scan", "smb_exec", "ssh_copy", "ssh_exec", "ssh_password_spray"]

From fff87510ae4f4f651d5a23d6fd591e626ecf4808 Mon Sep 17 00:00:00 2001
From: hulto <7121375+hulto@users.noreply.github.com>
Date: Tue, 23 Jan 2024 01:27:16 +0000
Subject: [PATCH 2/2] Remove hash impl

---
 implants/lib/eldritch/src/file.rs | 7 +------
 1 file changed, 1 insertion(+), 6 deletions(-)

diff --git a/implants/lib/eldritch/src/file.rs b/implants/lib/eldritch/src/file.rs
index 92c87deac..ef0b3746c 100644
--- a/implants/lib/eldritch/src/file.rs
+++ b/implants/lib/eldritch/src/file.rs
@@ -3,7 +3,7 @@ mod compress_impl;
 mod copy_impl;
 mod download_impl;
 mod exists_impl;
-mod hash_impl;
+mod find_impl;
 mod is_dir_impl;
 mod is_file_impl;
 mod list_impl;
@@ -16,7 +16,6 @@ mod replace_impl;
 mod template_impl;
 mod timestomp_impl;
 mod write_impl;
-mod find_impl;
 
 use allocative::Allocative;
 use derive_more::Display;
@@ -121,10 +120,6 @@ fn methods(builder: &mut MethodsBuilder) {
         if false { println!("Ignore unused this var. _this isn't allowed by starlark. {:?}", this); }
         exists_impl::exists(path)
     }
-    fn hash(this: FileLibrary, path: String) -> anyhow::Result<String> {
-        if false { println!("Ignore unused this var. _this isn't allowed by starlark. {:?}", this); }
-        hash_impl::hash(path)
-    }
     fn is_dir(this: FileLibrary, path: String) -> anyhow::Result<bool> {
         if false { println!("Ignore unused this var. _this isn't allowed by starlark. {:?}", this); }
         is_dir_impl::is_dir(path)