Jump to content

Failure of checksum when downloading C2


qsmxpilot

Recommended Posts

OK   I am a long time out of a daily job as a sysadmin.  I bought a pineapple and tried to download the c2-3.0.1.zip file.  My sha256 checksum doesn't match.  I feel pretty certain that it isn't a hack.  But I'm getting back in to things again and I want to be careful.  Please understand that I love all Unixen but I haven't been deep like this for some time.  

Ubuntu 20.04.1 

I used "shasum -a 256 -b c2-3.0.1.zip " and got  a totally different checksum. 

Can anyone point me in the right direction?

Thank YOU!

                            Terry

Link to comment
Share on other sites

Thank You Chrizree!  I offer this:

tlm@sariah:~/Hak5$ shasum -a 256 -b c2-3.0.1.zip
a7b0046ad87ac34f3ff0427ad9bd856785a25651fd99d8b69fbdfb598786df67 *c2-3.0.1.zip
tlm@sariah:~/Hak5$ cat Hak5_sha256_cksum
cb3fbd5eaaa29cf1615f57850a5aea132ed6926a72e9ff0f6c1176ae67f1db62 *c2-3.0.1.zip
tlm@sariah:~/Hak5$ 
 

 Any ideas?

Link to comment
Share on other sites

No, you are using shasum, I was asking about the result of running sha256sum, a totally different command. However, there is no real reason that the result should differ from running shasum as you have, but I'm not usually using shasum. Instead, I'm always using the command/utility for each kind of checksum type (i.e. md5sum, sha1sum, sha256sum, sha512sum, etc.), I just wanted to do it "my way" when trying to give you advise. How many times have you downloaded the zip file? If just once, then I would suggest to download it several times and compare the checksums. Something might have gone wrong during download.

Link to comment
Share on other sites

Thank you for your patience, @chrizree    I did not see the difference.   When I was learning, I only remembered cksum. My apologies. 

When I first downloaded and the checksum was incorrect, I downloaded it again.  I then downloaded it a third time this morning.  All checksums were consistent on each file, but still they disagreed with expected checksum.  Here are my detailed results:

Quote

tlm@sariah:~/Hak5$ ls -alrt
total 134612
-rw-rw-r--   1 tlm tlm 45932660 Nov 10 14:15 test1_c2-3.0.1.zip
-rw-rw-r--   1 tlm tlm       79 Nov 10 14:37 Expected_Hak5_chksum
-rw-rw-r--   1 tlm tlm 45932660 Nov 10 14:40 test2_c2-3.0.1.zip
drwxrwx--- 235 tlm tlm    24576 Nov 10 21:32 ..
-rw-rw-r--   1 tlm tlm 45932660 Nov 11 07:12 c2-3.0.1.zip
drwxrwxr-x   2 tlm tlm     4096 Nov 11 07:17 .

Quote

tlm@sariah:~/Hak5$ cat Expected_Hak5_chksum
cb3fbd5eaaa29cf1615f57850a5aea132ed6926a72e9ff0f6c1176ae67f1db62 *c2-3.0.1.zip
tlm@sariah:~/Hak5$ sha256sum -b test1_c2-3.0.1.zip
a7b0046ad87ac34f3ff0427ad9bd856785a25651fd99d8b69fbdfb598786df67 *test1_c2-3.0.1.zip
tlm@sariah:~/Hak5$ sha256sum -b test2_c2-3.0.1.zip
a7b0046ad87ac34f3ff0427ad9bd856785a25651fd99d8b69fbdfb598786df67 *test2_c2-3.0.1.zip
tlm@sariah:~/Hak5$ sha256sum -b c2-3.0.1.zip
a7b0046ad87ac34f3ff0427ad9bd856785a25651fd99d8b69fbdfb598786df67 *c2-3.0.1.zip
tlm@sariah:~/Hak5$ cat Expected_Hak5_chksum
cb3fbd5eaaa29cf1615f57850a5aea132ed6926a72e9ff0f6c1176ae67f1db62 *c2-3.0.1.zip

I do note that the "Expected" checksum is shorter.  So I'm wondering if I am making some other mistake.

Your assistance is very much appreciated, @chrizree!      Thank YOU!    

Link to comment
Share on other sites

OK, no problem! The expected checksum just visually appears as being shorter, but it's just plain "true type font magic" that fools the eye. If pasting the checksums into a fixed width text editor, the length of the checksums are all the same.

Sadly I have no access to the checksums (or zip files) myself since I have made in-place upgrades of an existing instance of Cloud C2 from 2.x to 3.0.0 and further on to 3.0.1. To me, only two major options remains as possible explanations. Either that your downloads are actively tampered with along the way (something I would see as highly non likely although possible) or that Hak5 has released a checksum that is not valid for the actual file downloaded and that you are the first one noticing it (could be that the checksum for 3.0.0 has "stuck" and is displayed for 3.0.1, or such).

Link to comment
Share on other sites

Not sure what version of Cloud C2 you are running. If being licensed for something other than the community edition, I would ask Hak5 support. But, if running the community edition (that only has community support), I would hope that someone with the correct answers appears in this thread. Preferably someone from Hak5.

Link to comment
Share on other sites

Hi,

This issue has been fixed and has been updated in the Download Portal. When we released 3.0.1 the ZIP file did not initially have the binaries marked as executable, so we quickly updated it so they would be, but in the process forgot to update the SHA256 sum that is displayed on the Download Portal.

@qsmxpilot The SHA256 sum you are seeing on your downloaded .zip (A7B0046AD87AC34F3FF0427AD9BD856785A25651FD99D8B69FBDFB598786DF67) is correct.

I apologize for any confusion caused by this.

Link to comment
Share on other sites

Archived

This topic is now archived and is closed to further replies.

  • Recently Browsing   0 members

    • No registered users viewing this page.
×
×
  • Create New...