qsmxpilot Posted November 10, 2020 Share Posted November 10, 2020 OK I am a long time out of a daily job as a sysadmin. I bought a pineapple and tried to download the c2-3.0.1.zip file. My sha256 checksum doesn't match. I feel pretty certain that it isn't a hack. But I'm getting back in to things again and I want to be careful. Please understand that I love all Unixen but I haven't been deep like this for some time. Ubuntu 20.04.1 I used "shasum -a 256 -b c2-3.0.1.zip " and got a totally different checksum. Can anyone point me in the right direction? Thank YOU! Terry Link to comment Share on other sites More sharing options...
chrizree Posted November 10, 2020 Share Posted November 10, 2020 Try sha256sum c2-3.0.1.zip instead Link to comment Share on other sites More sharing options...
qsmxpilot Posted November 10, 2020 Author Share Posted November 10, 2020 Thank You Chrizree! I offer this: tlm@sariah:~/Hak5$ shasum -a 256 -b c2-3.0.1.zip a7b0046ad87ac34f3ff0427ad9bd856785a25651fd99d8b69fbdfb598786df67 *c2-3.0.1.zip tlm@sariah:~/Hak5$ cat Hak5_sha256_cksum cb3fbd5eaaa29cf1615f57850a5aea132ed6926a72e9ff0f6c1176ae67f1db62 *c2-3.0.1.zip tlm@sariah:~/Hak5$ Any ideas? Link to comment Share on other sites More sharing options...
chrizree Posted November 10, 2020 Share Posted November 10, 2020 And what is the output of sha256sum? Link to comment Share on other sites More sharing options...
qsmxpilot Posted November 11, 2020 Author Share Posted November 11, 2020 tlm@sariah:~/Hak5$ shasum -a 256 -b c2-3.0.1.zip a7b0046ad87ac34f3ff0427ad9bd856785a25651fd99d8b69fbdfb598786df67 *c2-3.0.1.zip Which is different than the sha256 listed above for the software. Is that what you needed? Link to comment Share on other sites More sharing options...
chrizree Posted November 11, 2020 Share Posted November 11, 2020 No, you are using shasum, I was asking about the result of running sha256sum, a totally different command. However, there is no real reason that the result should differ from running shasum as you have, but I'm not usually using shasum. Instead, I'm always using the command/utility for each kind of checksum type (i.e. md5sum, sha1sum, sha256sum, sha512sum, etc.), I just wanted to do it "my way" when trying to give you advise. How many times have you downloaded the zip file? If just once, then I would suggest to download it several times and compare the checksums. Something might have gone wrong during download. Link to comment Share on other sites More sharing options...
qsmxpilot Posted November 11, 2020 Author Share Posted November 11, 2020 Thank you for your patience, @chrizree I did not see the difference. When I was learning, I only remembered cksum. My apologies. When I first downloaded and the checksum was incorrect, I downloaded it again. I then downloaded it a third time this morning. All checksums were consistent on each file, but still they disagreed with expected checksum. Here are my detailed results: Quote tlm@sariah:~/Hak5$ ls -alrt total 134612 -rw-rw-r-- 1 tlm tlm 45932660 Nov 10 14:15 test1_c2-3.0.1.zip -rw-rw-r-- 1 tlm tlm 79 Nov 10 14:37 Expected_Hak5_chksum -rw-rw-r-- 1 tlm tlm 45932660 Nov 10 14:40 test2_c2-3.0.1.zip drwxrwx--- 235 tlm tlm 24576 Nov 10 21:32 .. -rw-rw-r-- 1 tlm tlm 45932660 Nov 11 07:12 c2-3.0.1.zip drwxrwxr-x 2 tlm tlm 4096 Nov 11 07:17 . Quote tlm@sariah:~/Hak5$ cat Expected_Hak5_chksum cb3fbd5eaaa29cf1615f57850a5aea132ed6926a72e9ff0f6c1176ae67f1db62 *c2-3.0.1.zip tlm@sariah:~/Hak5$ sha256sum -b test1_c2-3.0.1.zip a7b0046ad87ac34f3ff0427ad9bd856785a25651fd99d8b69fbdfb598786df67 *test1_c2-3.0.1.zip tlm@sariah:~/Hak5$ sha256sum -b test2_c2-3.0.1.zip a7b0046ad87ac34f3ff0427ad9bd856785a25651fd99d8b69fbdfb598786df67 *test2_c2-3.0.1.zip tlm@sariah:~/Hak5$ sha256sum -b c2-3.0.1.zip a7b0046ad87ac34f3ff0427ad9bd856785a25651fd99d8b69fbdfb598786df67 *c2-3.0.1.zip tlm@sariah:~/Hak5$ cat Expected_Hak5_chksum cb3fbd5eaaa29cf1615f57850a5aea132ed6926a72e9ff0f6c1176ae67f1db62 *c2-3.0.1.zip I do note that the "Expected" checksum is shorter. So I'm wondering if I am making some other mistake. Your assistance is very much appreciated, @chrizree! Thank YOU! Link to comment Share on other sites More sharing options...
chrizree Posted November 11, 2020 Share Posted November 11, 2020 OK, no problem! The expected checksum just visually appears as being shorter, but it's just plain "true type font magic" that fools the eye. If pasting the checksums into a fixed width text editor, the length of the checksums are all the same. Sadly I have no access to the checksums (or zip files) myself since I have made in-place upgrades of an existing instance of Cloud C2 from 2.x to 3.0.0 and further on to 3.0.1. To me, only two major options remains as possible explanations. Either that your downloads are actively tampered with along the way (something I would see as highly non likely although possible) or that Hak5 has released a checksum that is not valid for the actual file downloaded and that you are the first one noticing it (could be that the checksum for 3.0.0 has "stuck" and is displayed for 3.0.1, or such). Link to comment Share on other sites More sharing options...
qsmxpilot Posted November 11, 2020 Author Share Posted November 11, 2020 Is there someone I need to alert? Link to comment Share on other sites More sharing options...
chrizree Posted November 11, 2020 Share Posted November 11, 2020 Not sure what version of Cloud C2 you are running. If being licensed for something other than the community edition, I would ask Hak5 support. But, if running the community edition (that only has community support), I would hope that someone with the correct answers appears in this thread. Preferably someone from Hak5. Link to comment Share on other sites More sharing options...
Irukandji Posted November 11, 2020 Share Posted November 11, 2020 It's combined with all of them. Only the license Key. witch determines what you have access too. Link to comment Share on other sites More sharing options...
chrizree Posted November 11, 2020 Share Posted November 11, 2020 I wasn't referring to functionality between the different versions, but the right to contact support when experiencing problems. Link to comment Share on other sites More sharing options...
Foxtrot Posted November 11, 2020 Share Posted November 11, 2020 Hi, This issue has been fixed and has been updated in the Download Portal. When we released 3.0.1 the ZIP file did not initially have the binaries marked as executable, so we quickly updated it so they would be, but in the process forgot to update the SHA256 sum that is displayed on the Download Portal. @qsmxpilot The SHA256 sum you are seeing on your downloaded .zip (A7B0046AD87AC34F3FF0427AD9BD856785A25651FD99D8B69FBDFB598786DF67) is correct. I apologize for any confusion caused by this. Link to comment Share on other sites More sharing options...
Recommended Posts
Archived
This topic is now archived and is closed to further replies.