/
ECSA
/
LPT
EC
Council
M d l XXXVI
EC
-
Council
M
o
d
u
l
e
XXXVI
File Integrity Checking
Penetration Testing Roadmap
Start Here
Information
Vulnerability External
Gathering
Analysis Penetration Testing
Router and
Internal
Firewall
Penetration Testing
Router

and

Switches
Penetration Testing
Internal

Network
Penetration Testing
IDS
Penetration Testing
Wireless
Network
Penetration Testing
Denial of
Service
Penetration Testing
Password
Cracking
Stolen Laptop, PDAs
and Cell Phones
Social
Engineering
Application
Cont’d
EC-Council
Copyright © by EC-Council
All Rights Reserved. Reproduction is Strictly Prohibited
Penetration Testing
Penetration Testin
g
Penetration Testing

Penetration Testing
Penetration Testing Roadmap
(cont
’
d)
(cont d)
Cont’d
Physical
Database VoIP
Security
Penetration Testing
Penetration testing Penetration Testing
Virus and
Trojan
Detection
War Dialing
VPN
Penetration Testing
Log
Management
Penetration Testing
File Integrity
Checking
Blue Tooth and
Hand held
Device
Penetration Testin
g
g
Telecommunication

And Broadband
Email Security
Penetration Testing
Security
Patches
Data Leakage
PiTi
End Here
EC-Council
Copyright © by EC-Council
All Rights Reserved. Reproduction is Strictly Prohibited
Communication
Penetration Testing
Penetration

Testing
Patches

Penetration Testing
P
enetrat
i
on
T
est
i
n
g
File Integrity
• Whether the file is same as the original

fil
File integrity checks:
fil
e.
• For any modification in the file.
File integrity can be
• Faulty storage media.
File integrity can be
compromised due to:
• Transmission errors.
• Committing errors during copying or
moving.
•
Software bugs viruses etc
EC-Council
Copyright © by EC-Council
All Rights Reserved. Reproduction is Strictly Prohibited
•
Software bugs
,
viruses
,
etc
.
Integrity Checking Techniques
Comparing two files bit-by-bit:
• It requires two copies of the same file (not used
normally).
CRC
bd i i hki

• The Cyclic Redundancy Check (CRC) function takes
input data stream of any length and produces an output
value of a certain fixed size
CRC
-
b
ase
d i
ntegr
i
ty

c
h
ec
ki
ng:
value of a certain fixed size
.
• It is used for detecting common errors caused by noise
in transmission channels by comparing the file's CRC
value to a previously calculated value.
• Hash-based verification ensures that a file has not been
d i l d b i h fil ' h h
Hash-based integrity checking:
EC-Council
Copyright © by EC-Council
All Rights Reserved. Reproduction is Strictly Prohibited
corrupte
d

or

man
i
pu
l
ate
d b
y

compar
i
ng

t
h
e
fil
e
'
s
h
as
h
value to a previously calculated value.
Steps for Checking File Integrity
1
• Check while you unzip the file
2
• Check for CRC value integrity checking

• Check for hash value inte
g
rit
y
checkin
g
3
gy g
EC-Council
Copyright © by EC-Council
All Rights Reserved. Reproduction is Strictly Prohibited
Step 1: Check While you Unzip
the File
the File
If
y
ou have the zi
p
file
,
unzi
p
it.
yp,p
If it is not getting unzipped, then file may be corrupted.
EC-Council
Copyright © by EC-Council
All Rights Reserved. Reproduction is Strictly Prohibited
Step 2: Check for CRC Value
Integrity Checking

Integrity Checking
Compute the CRC value of the file.
Compare the CRC value of the downloaded file with the given CRC value.
In Linux:
• Change the directory into the folder where the target files to be
checked are placed.
• Type command crc32 ‘your_filename’ and press enter, which
displays:
displays:
•Crc32.
• Filename with crc value.
• Compare the computed CRC value and the one displayed with the
fil
EC-Council
Copyright © by EC-Council
All Rights Reserved. Reproduction is Strictly Prohibited
fil
ename.
CRC Checking in Windows
Cyclic Redundancy Check (CRC) of files is available with the Windows
Cyclic Redundancy Check (CRC) of files is available with the Windows
installer.
After the Windows installer finishes copying a file, it gets a CRC value from
both the source and the destination files.
The installer checks the original CRC stamped into the file and compares
this to the CRC calculated from the copy.
If b th th l f CRC diff t th fil b t d
EC-Council
Copyright © by EC-Council
All Rights Reserved. Reproduction is Strictly Prohibited

If b
o
th th
e

va
l
ues

o
f CRC
are
diff
eren
t
,
th
en
fil
e

may
b
e

corrup
t
e
d
.

Step 3: Check for Hash Value
Integrity Checking
Integrity Checking
Ste
p
1: Get the file and
p
reviousl
y
calculated hash
ppy
value for the file
Step 2: Generate a new hash value for the file
Step 3: Match the old and new hash values
EC-Council
Copyright © by EC-Council
All Rights Reserved. Reproduction is Strictly Prohibited
Step 3.1: Get the File and Previously
Calculated Hash Value for the File
Compute the hash value of the file
Compute the hash value of the file
before sending to anyone
Use different hash value creating
tools such as md5sum and
PasswordZilla
EC-Council
Copyright © by EC-Council
All Rights Reserved. Reproduction is Strictly Prohibited
Step 3.2: Generate a New Hash
Value for the File

Value for the File
Use the different hash value creating tools such as
Use the different hash value creating tools such as
CommuniCrypt QuickHasher to create the hash value for
the downloaded file
EC-Council
Copyright © by EC-Council
All Rights Reserved. Reproduction is Strictly Prohibited
Step 3.3: Match the Old and New
Hash Values
Hash Values
M
atc
h
t
h
e o
l
d a
n
d
n
e
w

h
as
h

v

a
l
ues
in
o
r
de
r
to c
h
ec
k

wh
et
h
e
r
t
h
e
fil
e
i
s
atc t e o d a d e as a ues o de to c ec et e t e e s
corrupted or safe.
If these values are not matching it means the file is corrupted
If these values are not matching
,

it means the file is corrupted
.
EC-Council
Copyright © by EC-Council
All Rights Reserved. Reproduction is Strictly Prohibited
File Integrity Checking Tools
• />Cfv:
• />Cksum:
• www.tteknik.nu/starzinger/DySFV/
DySFV:
f/
FS
•
w
ww.
f
astsum.com
/
F
ast
S
um:
• />FlashSFV:
• />FSUM:
EC-Council
Copyright © by EC-Council
All Rights Reserved. Reproduction is Strictly Prohibited
• />HashCalc:
File Integrity Checking Tools
(cont

’
d)
(cont d)
• />jHashCalc:
• />Jacksum:
•
http://www linuxmanpages com/man1/md5sum 1 php
•
http://www
.
linuxmanpages
.
com/man1/md5sum
.
1
.
php
• www.pc-tools.net/win32/md5sums/
Md5sum:
• />Sha1sum:
• www.codesector.com/teracopy.asp
TeraCopy:
http // checks ms so rceforge net/
wxChecksums
:
•
http
:
//
wx

checks
u
ms
.
so
u
rceforge
.
net/
wxChecksums
:
• www.macupdate.com/info.php/id/23168
SuperSFV:
EC-Council
Copyright © by EC-Council
All Rights Reserved. Reproduction is Strictly Prohibited
• www.traction-software.co.uk/SFVChecker/
SFV Checker:
Summary
File integrity checks if the file is same as the original file and if there are
any modifications in the file.
Cyclic Redundancy Check (CRC) function takes input data stream of any
l h d d l f i fi d i
l
engt
h
an
d
pro
d

uces

an

output

va
l
ue

o
f
a

certa
i
n
fi
xe
d
s
i
ze.
Hh
b d ifi ti th t fil h t b t d
H
as
h
-
b

ase
d
ver
ifi
ca
ti
on

ensures
th
a
t
a
fil
e
h
as

no
t b
een

corrup
t
e
d
or

manipulated by comparing the file's hash value to a previously
calculated value.

EC-Council
Copyright © by EC-Council
All Rights Reserved. Reproduction is Strictly Prohibited
EC-Council
Copyright © by EC-Council
All Rights Reserved. Reproduction is Strictly Prohibited
EC-Council
Copyright © by EC-Council
All Rights Reserved. Reproduction is Strictly Prohibited