A common use of MD5 hashes is performing validation checks on .zip, .tar, etc. They are commonly provided with the program or a file archive you download from trusted sites. This will show how to use MD5 hashes to verify and validate a file or program that was downloaded.
It is good practice to validate any program or file archive downloaded from the internet has not been modified or tampered with in any way. Time to get started and validate that MD5 hash in Linux and Windows!
Kali Linux Checksum
The following examples will show the checksum process and how it works and why it is important to use.
Creating a Test File for Checksums
This example shows the test file being created that will be used.
┌──(kali㉿kali)-[~]
└─$ cd Desktop
┌──(kali㉿kali)-[~/Desktop]
└─$ touch MD5test.txt
┌──(kali㉿kali)-[~/Desktop]
└─$ echo "Adding this to the test document. This is to add something in here" > MD5test.txt
┌──(kali㉿kali)-[~/Desktop]
└─$ cat MD5test.txt
Adding this to the test document. This is to add something in hereThe example above can be broken down into the follow steps:
cd Desktop Navigation to the Desktop folder.
touch MD5test.txt Using Touch to create a file called MD5test.txt.
echo "Adding this to the test document. This is to add something in here" > MD5test.txt Using echo to redirect the text inside the quotes to the empty file and save it.
cat MD5test.txt Using Cat to display the contents of the file and verify the redirection worked.
Using Checksum to Verify, Modify and Reverify in Kali Linux
The next example will verify the MD5 Checksum, modify it and reverify it again. After the checksum is first verified, notice that the Checksum changes after the file is modified or tampered with. This showcases why you should always compare the MD5 Checksum when downloading a program from the web. It only takes 20 seconds to do!
┌──(kali㉿kali)-[~/Desktop]
└─$ md5sum /home/kali/Desktop/MD5test.txt
8830b2c9b9d3cfda3ba6b4f08f026dc1 /home/kali/Desktop/MD5test.txt
┌──(kali㉿kali)-[~/Desktop]
└─$ echo "Adding to the end of the MD5 test document" >> MD5test.txt
┌──(kali㉿kali)-[~/Desktop]
└─$ cat MD5test.txt
Adding this to the test document. This is to add something in here
Adding to the end of the MD5 test document
┌──(kali㉿kali)-[~/Desktop]
└─$ md5sum /home/kali/Desktop/MD5test.txt
5ba3f5a4a52e3f1f1252bbba394a624e /home/kali/Desktop/MD5test.txt The example above is broken down into the following steps:
md5sum /home/kali/Desktop/MD5test.txt Shows the MD5 Checksum of the file MD5test.txt.
echo "Adding to the end of the MD5 test document" >> MD5test.txt Using echo with the double greater than signs will append an extra line of text to the MD5test.txt file to show that the checksum will be different when altered. Using >> adds the line of text instead of first erasing the previous text inside the file.
cat MD5test.txt Using cat to display the alteration of the file.
md5sum /home/kali/Desktop/MD5test.txt Used MD5sum again on the file to show a different MD5 Checksum after alteration to the file.
Windows Checksum
The following examples will show the checksum process in Windows and how it works.
Creating a Test File for Checksums
C:\Users\User>cd Desktop
C:\Users\User\Desktop>echo "Adding this to the test document. This is to add something here" > MD5test.txt
C:\Users\User\Desktop>type MD5test.txt
"Adding this to the test document. This is to add something here"The above Windows example shows:
cd Desktop Navigation to the Desktop folder.
echo "Adding this to the test document. This is to add something here" > MD5test.txt Using echo to create and redirect the text to a file called MD5test.
type MD5test.txt View the contents in the file that was created.
Using Checksum to Verify, Modify and Reverify in Windows
C:\Users\User\Desktop>certutil -hashfile MD5test.txt MD5
MD5 hash of MD5test.txt:
d9bc0618c0a238de8aef7bdf988d2ca8
CertUtil: -hashfile command completed successfully.
C:\Users\User\Desktop>echo "Adding this new line to the MD5 test document" >> MD5test.txt
C:\Users\User\Desktop>type MD5test.txt
"Adding this to the test document. This is to add something in here"
"Adding this new line to the end of the MD5 test document"
C:\Users\User\Desktop>certutil -hashfile MD5test.txt MD5
MD5 hash of MD5test.txt:
c972005edcff86a4dad53647769748b
CertUtil: -hashfile command completed successfully.The example above shows:
certutil -hashfile MD5test.txt MD5 Show the MD5 Checksum of the file MD5test.txt.
echo "Adding this new line to the MD5 test document" >> MD5test.txt Using echo with double greater than signs to append an extra line of text to the MD5test.txt file to show that the checksum will be different if the file is altered. Using >> adds the line of text inside of the file and erasing the previous text inside the file.
type MD5test.txt Using type to display the alteration to the file.
certutil -hashfile MD5test.txt MD5 Used certutil -hashfile again on the file to show a different MD5 Checksum after an alteration to the file is made.
Why this is Useful
With a basic understanding of MD5 Checksum validation, you can download programs or file archives from trusted sites with a bit more confidence.
Stay tuned for more articles of the basics commands before we move onto some of the bigger topics on the OSCP Syllabus!
TL;DR Commands to Verify the MD5 Checksum
In Kali Linux, open the bash terminal and type the following: md5sum FILE_NAME_HERE
In Windows, open command prompt and type the following: certutil -hashfile FILE_NAME_HERE MD5
Important: In Windows, do not forget to add MD5 at the end or it will show SHA1 hash instead of MD5.