/ECSA/LPT
EC Council M d l XXXVIEC-Council Module XXXVI
File Integrity Checking
Penetration Testing Roadmap
Start HereInformation Vulnerability External
Gathering Analysis Penetration Testing
Router and InternalFirewall
Penetration Testing
Router and Switches
Penetration Testing
Internal Network
Penetration Testing
IDS
Penetration Testing
Wireless Network
Penetration Testing
Denial of Service
Penetration Testing
Password Cracking
Stolen Laptop, PDAs and Cell Phones
Social EngineeringApplication
Cont’d
EC-CouncilCopyright © by EC-Council
All Rights Reserved. Reproduction is Strictly Prohibited
Penetration TestingPenetration Testing Penetration TestingPenetration Testing
Penetration Testing Roadmap (cont’d)(cont d)
Cont’dPhysical Database VoIP Security
Penetration Testing
Penetration testing Penetration Testing
Virus and Trojan
Detection
War Dialing VPN Penetration Testing
Log Management
Penetration Testing
File Integrity Checking
Blue Tooth and Hand held
Device Penetration Testingg
Telecommunication And Broadband
Email Security Penetration Testing
Security Patches
Data Leakage P i T i
End Here
EC-CouncilCopyright © by EC-Council
All Rights Reserved. Reproduction is Strictly Prohibited
Communication Penetration Testing
Penetration TestingPatches Penetration Testing
Penetration Testing
File Integrity
• Whether the file is same as the original fil
File integrity checks:
file.• For any modification in the file.
File integrity can be
• Faulty storage media.
File integrity can be compromised due to:
• Transmission errors.• Committing errors during copying or
moving.• Software bugs viruses etc
EC-CouncilCopyright © by EC-Council
All Rights Reserved. Reproduction is Strictly Prohibited
• Software bugs, viruses, etc.
Integrity Checking Techniques
Comparing two files bit-by-bit:
• It requires two copies of the same file (not used normally).
CRC b d i i h ki
• The Cyclic Redundancy Check (CRC) function takes input data stream of any length and produces an output value of a certain fixed size
CRC-based integrity checking:
value of a certain fixed size.• It is used for detecting common errors caused by noise
in transmission channels by comparing the file's CRC value to a previously calculated value.
• Hash-based verification ensures that a file has not been d i l d b i h fil ' h h
Hash-based integrity checking:
EC-CouncilCopyright © by EC-Council
All Rights Reserved. Reproduction is Strictly Prohibited
corrupted or manipulated by comparing the file's hash value to a previously calculated value.
Steps for Checking File Integrity
1• Check while you unzip the file
2• Check for CRC value integrity checking
• Check for hash value integrity checking3
g y g
EC-CouncilCopyright © by EC-Council
All Rights Reserved. Reproduction is Strictly Prohibited
Step 1: Check While you Unzip the Filethe File
If you have the zip file, unzip it.y p , p
If it is not getting unzipped, then file may be corrupted.
EC-CouncilCopyright © by EC-Council
All Rights Reserved. Reproduction is Strictly Prohibited
Step 2: Check for CRC Value Integrity Checking Integrity Checking
Compute the CRC value of the file.
Compare the CRC value of the downloaded file with the given CRC value.
In Linux:
• Change the directory into the folder where the target files to be checked are placed.
• Type command crc32 ‘your_filename’ and press enter, whichdisplays:displays:• Crc32.• Filename with crc value.
• Compare the computed CRC value and the one displayed with the fil
EC-CouncilCopyright © by EC-Council
All Rights Reserved. Reproduction is Strictly Prohibited
filename.
CRC Checking in Windows
Cyclic Redundancy Check (CRC) of files is available with the Windows Cyclic Redundancy Check (CRC) of files is available with the Windows installer.
After the Windows installer finishes copying a file, it gets a CRC value from both the source and the destination files.
The installer checks the original CRC stamped into the file and compares this to the CRC calculated from the copy.
If b th th l f CRC diff t th fil b t d
EC-CouncilCopyright © by EC-Council
All Rights Reserved. Reproduction is Strictly Prohibited
If both the values of CRC are different, then file may be corrupted.
Step 3: Check for Hash Value Integrity Checking Integrity Checking
Step 1: Get the file and previously calculated hash p p yvalue for the file
Step 2: Generate a new hash value for the file
Step 3: Match the old and new hash values
EC-CouncilCopyright © by EC-Council
All Rights Reserved. Reproduction is Strictly Prohibited
Step 3.1: Get the File and Previously Calculated Hash Value for the File
Compute the hash value of the file Compute the hash value of the file before sending to anyone
Use different hash value creating tools such as md5sum and PasswordZilla
EC-CouncilCopyright © by EC-Council
All Rights Reserved. Reproduction is Strictly Prohibited
Step 3.2: Generate a New Hash Value for the FileValue for the File
Use the different hash value creating tools such as Use the different hash value creating tools such as CommuniCrypt QuickHasher to create the hash value for the downloaded file
EC-CouncilCopyright © by EC-Council
All Rights Reserved. Reproduction is Strictly Prohibited
Step 3.3: Match the Old and New Hash ValuesHash Values
Match the old and new hash values in order to check whether the file is atc t e o d a d e as a ues o de to c ec et e t e e s corrupted or safe.
If these values are not matching it means the file is corruptedIf these values are not matching, it means the file is corrupted.
EC-CouncilCopyright © by EC-Council
All Rights Reserved. Reproduction is Strictly Prohibited
File Integrity Checking Tools
• http://cfv.sourceforge.net/Cfv:
• http://www.mkssoftware.com/docs/man1/cksum.1.aspCksum:
• www.tteknik.nu/starzinger/DySFV/DySFV:
f /F S • www.fastsum.com/FastSum:
• http://trvx.com/flashsfv/FlashSFV:
• http://www.slavasoft.com/fsum/FSUM:
EC-CouncilCopyright © by EC-Council
All Rights Reserved. Reproduction is Strictly Prohibited
• http://www.slavasoft.com/hashcalc/HashCalc:
File Integrity Checking Tools (cont’d)(cont d)
• http://jpassgen.sourceforge.net/jhashcalc.jnlpjHashCalc:
• http://sourceforge.net/projects/jacksum/Jacksum:
• http://www linuxmanpages com/man1/md5sum 1 php• http://www.linuxmanpages.com/man1/md5sum.1.php• www.pc-tools.net/win32/md5sums/
Md5sum:
• http://www.linuxmanpages.com/man1/sha1sum.1.phpSha1sum:
• www.codesector.com/teracopy.aspTeraCopy:
http // checks ms so rceforge net/wxChecksums: • http://wxchecksums.sourceforge.net/wxChecksums:
• www.macupdate.com/info.php/id/23168SuperSFV:
EC-CouncilCopyright © by EC-Council
All Rights Reserved. Reproduction is Strictly Prohibited
• www.traction-software.co.uk/SFVChecker/SFV Checker:
Summary
File integrity checks if the file is same as the original file and if there are any modifications in the file.
Cyclic Redundancy Check (CRC) function takes input data stream of any l h d d l f i fi d ilength and produces an output value of a certain fixed size.
H h b d ifi ti th t fil h t b t d Hash-based verification ensures that a file has not been corrupted or manipulated by comparing the file's hash value to a previously calculated value.
EC-CouncilCopyright © by EC-Council
All Rights Reserved. Reproduction is Strictly Prohibited
EC-CouncilCopyright © by EC-Council
All Rights Reserved. Reproduction is Strictly Prohibited
EC-CouncilCopyright © by EC-Council
All Rights Reserved. Reproduction is Strictly Prohibited