Validating Checksums

Most of the time a file’s checksum is listed on the file’s download page. Validating a file’s checksum ensures the file was not corrupted during the download.

The developers provide the sha256 checksum on the download page to make it easy to validate after the operating system is downloaded.

For our example we will validate the sha256 checksum of a kali linux iso.

To validate a new Kali linux download use the following commands for each respective operating system. Also, at this point I’m assuming you already downloaded a kali linux iso.

Mac OSX/Linux
Openssl dgst -sha256 /path/to/kali.iso

As you can see in the image above the hashes for the “kali-linux-2018.2-am64.iso match.

Windows
certutil.exe -hashfile .\kali-linux-2018.2-amd64.iso sha256

As you can see in this example the hashes for the ““kali-linux-2018.2-am64.iso” match as well.

Validating different Checksum Algorithms

When validating other files or different checksums just swap the filename and/or the algorithm.

Openssl dgst -sha256 /path/to/your/file.iso

Openssl dgst -md5 /path/to/your/file.txt

As you can see from the above examples you can generate a checksum for any file you want.

Helpful References

Kali Linux
https://www.kali.org/downloads/

Openssl Documentation
https://www.openssl.org/docs/

Certutil Documentation
https://docs.microsoft.com/en-us/windows-server/administration/windows-commands/certutil

Leave a Reply