We are now on step 3 of 5 and your 1st screenshots will take place in this LL component.
1. Install or setup your VM on your host system/OS.
2. Download Ubuntu
3. Verify the the Ubuntu download’s MD5 or SHA Hash
4. Install the guest Ubuntu OS in your VM
5. Explore your new VM
Cryptographic Hashes (MD5/SHA) in Forensics and Data Validation
As information… since I never miss a chance to add an important skill … :), cryptographic hashes are used in both security (Linux Password File Encryption) and to verify data integrity. This is one of the tools used in computer forensics as investigators will take a hash of the hard drive to serve as a fingerprint that verifies integrity serving as a basis for the chain of custody. So if you are ever a manager and you suspect foul play, the first step of proper law enforcement is to get a hash of the hard drive/USB drive/etc. Do not just begin poking around as you will corrupt the chain of evidence and invalidate any case you have. We have seen this as every file/directory has a modify bit (go back to files and review if necessary). If you touch a file (just by viewing it) you have corrupted the evidence and it is no longer admissible in court unless you can prove it is in its original state (hence the MD5 fingerprint).
Now MD5 & SHA Hash Functions/Cryptographic hashes also allow you to confirm the integrity of the files you download. This is important since the most common cause of malfunctioning installations and errant behavior is a result of incomplete/incorrect downloads and we will do this from this point forward. In a nutshell, a hash is computed on the server’s file by the server and the hash will be listed on the server’s site. When you download a file, you compute the hash on your client machine and then visually compare the hash yo computed locally on your client with the hash that is shown on the server. If they match your download was 100% correct (i.e. no errors). If they do not match you should re-download the file and try again.
The MD5 and SHA hash algorithms take a file as input and produce as output a message digest of the input, which is a highly unique fingerprint. This enables you to verify that your downloaded files are unaltered from the original. If your calculated hash (calculated on your client machine from the downloaded file) matches the message digest the server provides (calculated on the server from the file on the server), you are assured that the file was downloaded intact.
The SHA hash functions are a set of cryptographic hash functions designed by the National Security Agency (NSA) and published by the NIST as a U.S. Federal Information Processing Standard. SHA stands for Secure Hash Algorithm. sha-1 and MD5 utilities are available for Windows and Linux and Mac. Most Linux installations provide a sha1sum command for sha-1 hashes and a md5sum command for calculating MD5 message digests.
*Note, on the server you may see any one of MD5, SHA-1, SHA-256, SHA-512 so when you identify which hash is on the server you compute and compare the equivalent hash on your client machine.
MD5/SHA Ubuntu Download Verification
Note I will describe my application of MD5 but you will find SHA hashes and their use is nearly identical. You will retrieve the MD5 or SHA hash computed by the server at the download site noting they may offer one of the two or both and compare the the server’s reported hash with the hash you compute from the file you downloaded. A quick description of their similarity and use is here.
3.1.a => Mac OS:
**The Ubuntu site also has instructions for this step and you may use either their instructions or the generic instructions below**
MD5 generation: In Finder, browse to /Applications/Utilities. Double-click on the Terminal icon. A Terminal window will appear. In the Terminal window, type: “openssl md5 ” (md5 followed by a space). Drag the downloaded file .iso from the Finder (desktop) into the Terminal window. Click in the Terminal window, press the Return key, and compare the checksum displayed to the screen to the one on the download page. Instructions on checking an sha-1 checksum on a Mac:
SHA generation: In Finder, browse to /Applications/Utilities. Double-click on the Terminal icon. A Terminal window will appear. In the Terminal window, type: “openssl sha1 ” (sha1 followed by a space). Drag the downloaded file from the Finder into the Terminal window. Click in the Terminal window, press the Return key, and compare the checksum displayed to the screen to the one on VMware’s download page.
Now I tend to do everything from the command line without dragging and dropping so I did the following.
I opened the terminal, changed directories to my Desktop and issued the following command in the Mac OSX terminal after downloading .iso to my desktop and navigating to the desktop directory in Terminal (perform a ls to see where you are and then probably cd desktop). Note you will need to change the md5 command’s argument filename.
$md5 ubuntu-12.04.2-desktop-i386.iso
This returns: MD5 (/Users/jameslooby/Desktop/ubuntu-12.04.2-desktop-i386.iso) = 90a4c7bd3901cd980cd4b48198e84eb1
I then check this against the Ubuntu MD5 Hashes located and provided on the download site. I’ll repeat this, we visually verify the hash we computed locally on the downloaded file with the hash the server has computed as this verifies the download occurred correctly.
My MD5: 90a4c7bd3901cd980cd4b48198e84eb1
Ubuntu MD5:90a4c7bd3901cd980cd4b48198e84eb1
3.1.b => Windows OS
Windows does not provide a built-in utility for generating MD5 Hash values. The options are a command line verifier or a graphical verifier or a Web verifier. Of course the graphical verifier is easier but you may choose which one you would like to use.
Command Line (cmd.exe) Verification: The File Checksum Integrity Verifier (FCIV) can be used on Windows-based products. Webpages change but one description is located here but should this page be removed please search/research the Windows FCIV tool noting YouTube has tutorials as well – https://www.lifewire.com/how-to-download-and-install-file-checksum-integrity-verifier-fciv-2625185
Graphical Verification: Graphical verifiers come. WinMD5 can be used to verify MD5 checksums but not SHA. You can perform a search for a “free Windows MD5 SHA verifier” and I found this one quickly: MD5 & SHA Checksum Utility. Again, I prefer to download from cnet.com and previous awareness applies (i.e. don’t download extra “crapware” as instructed in LM5). To use, simply download the file, extract the executable and run the .exe. It is intuitive as you simply browse to your downloaded .iso on your desktop.
Web Verification: Again, you may search for a web-based MD5 SHA verifier and this one works well: https://emn178.github.io/online-tools/sha256_checksum.html
Once you compute your MD5 you will need to verify it against the Ubuntu MD5 Hashes located on the server’s site but this may help as well: https://help.ubuntu.com/community/UbuntuHashes
Here are some other Hash resources and verifiers should the
https://technastic.com/check-md5-checksum-hash/
Here is a real nice tutorial: www.maketecheasier.com/verify-md5-sha-1-sha-256-checksum-windows10/
Exercise 9.3 – MD5/SHA Verification
Compute the MD5/SHA Hash of your Ubuntu Download and compare this with the appropriate MD5/SHA Hash retrieved from the Ubuntu Download site making sure your download version and the downloaded hash version are the same.
Take a screenshot and paste both the screenshot and the correct hash in your LL9 pdf labeling this item “MD5 Verification” or “SHA Verification” with the exercise 9.3 heading. Note you will add more screenshots to this submission pdf file in the next section so you will be submitting a single pdf document as in the past.
Again, please note you will likely see “Verify Your Download” on the Ubuntu site that accomplishes this necessary task.