Introduction
Hashcat is a powerful and popular password recovery tool. When running a cracking session, especially one that might take a long time, it's crucial to monitor its progress and performance. Hashcat provides a detailed real-time status screen that gives you insight into the speed of the attack, the estimated time to completion, hardware performance, and more.
In this lab, you will learn how to start a basic Hashcat session and interpret its real-time statistics. By the end, you will be able to effectively monitor your password cracking tasks to ensure they are running optimally.
Start a Hashcat Session
In this step, you will begin a password cracking session using Hashcat. We will use a pre-configured hash file and a wordlist located in your ~/project directory.
First, let's examine the files we will be using. The file hashes.txt contains a single MD5 hash, and wordlist.txt contains a small list of potential passwords.
The basic command to start a dictionary attack with Hashcat is hashcat -m <hash_type> -a <attack_mode> <hash_file> <wordlist_file>.
-m 0specifies the hash type is MD5.-a 0specifies the attack mode is a "Straight" or dictionary attack.
Now, open a terminal and run the following command to start the session. Hashcat will initialize and begin attempting to crack the hash.
hashcat -m 0 -a 0 hashes.txt wordlist.txt
You will see output similar to the following as Hashcat starts up. Don't worry about all the details for now; just let it run.
hashcat (v6.2.x) starting...
...
OpenCL Platform #1: The pocl project
====================================
* Device #1: pthread-skylake-avx512, 2047/4095 MB (1023 MB allocatable), 2MCU
...
Session..........: hashcat
Status...........: Running
Hash.Name........: MD5
Hash.Target......: hashes.txt
Time.Started.....: ...
Time.Estimated...: ...
Guess.Base.......: File (wordlist.txt)
Guess.Queue......: 1/1 (100.00%)
Speed.#1.........: XX.X kH/s (X.XXms) @ Accel:X Loops:X Thr:X Vec:X
Recovered........: 0/1 (0.00%) Digests
Progress.........: 0/5 (0.00%)
Rejected.........: 0/0 (0.00%)
Restore.Point....: 0/1 (0.00%)
Restore.Sub.#1...: Salt:0 Amplifier:0-1 Iteration:0-1
Candidates.#1....: password -> hashcat
Hardware.Mon.#1..: Temp: N/A Util: N/A Core: N/A Mem: N/A Bus: N/A
[s]tatus [p]ause [b]ypass [c]heckpoint [q]uit =>
Leave the session running and proceed to the next step.
Press 's' to View the Status Screen
In this step, you will learn how to manually request a status update from your running Hashcat session.
While Hashcat is running, it listens for keyboard input to control the session. At the bottom of the output, you'll see a prompt like [s]tatus [p]ause [b]ypass [c]heckpoint [q]uit =>. This indicates the available commands.
To get the latest statistics, simply press the s key on your keyboard and then press Enter. Hashcat will immediately print an updated status screen to the terminal.
Go ahead and press s now.
s
You will see a new block of text that looks very similar to the initial status report. This is the real-time statistics screen, which we will dissect in the following steps.
Session..........: hashcat
Status...........: Running
Hash.Name........: MD5
Hash.Target......: hashes.txt
Time.Started.....: ...
Time.Estimated...: ...
Guess.Base.......: File (wordlist.txt)
Guess.Queue......: 1/1 (100.00%)
Speed.#1.........: XX.X kH/s (X.XXms) @ Accel:X Loops:X Thr:X Vec:X
Recovered........: 1/1 (100.00%) Digests, 1/1 (100.00%) Salts
Progress.........: 4/5 (80.00%)
Rejected.........: 0/4 (0.00%)
Restore.Point....: 4/5 (80.00%)
Restore.Sub.#1...: Salt:0 Amplifier:0-1 Iteration:0-1
Candidates.#1....: labex -> labex
Hardware.Mon.#1..: Temp: N/A Util: N/A Core: N/A Mem: N/A Bus: N/A
Notice that some values, like Recovered and Progress, have changed.
Interpret the Speed, Progress, and ETA Fields
In this step, we will focus on three of the most important metrics on the status screen: Speed, Progress, and ETA. Understanding these fields helps you gauge the performance and duration of your cracking session.
Let's look at a sample status line for each:
Speed.Dev.#1.........: XX.X kH/s (X.XXms)- Speed: This line shows the cracking speed of each processing device (CPU, GPU, etc.), identified by
#1,#2, and so on. The speed is measured in hashes per second (H/s, kH/s, MH/s). A higher number is better. In our case, the VM is using the CPU.
- Speed: This line shows the cracking speed of each processing device (CPU, GPU, etc.), identified by
Progress.........: 4/5 (80.00%)- Progress: This shows how many candidate passwords have been tested out of the total number in the keyspace. In this example,
4/5means it has tested 4 out of the 5 words from ourwordlist.txt.
- Progress: This shows how many candidate passwords have been tested out of the total number in the keyspace. In this example,
Time.Estimated...: 0 secs- ETA (Estimated Time of Arrival): This field, labeled
Time.Estimated, provides an estimate of when the current attack will be finished. This is calculated based on the current speed and the remaining work in theProgressfield. For very short tasks like ours, it will quickly become 0 seconds.
- ETA (Estimated Time of Arrival): This field, labeled
These three metrics give you a quick, high-level overview of how your cracking session is performing.
Understand the Rejected and Restored Counts
In this step, we'll examine a few other useful fields on the status screen: Recovered, Rejected, and Restore.Point.
Let's look at the sample output again:
Recovered........: 1/1 (100.00%) Digests- Recovered: This is the most critical field for results. It tells you how many hashes have been successfully cracked. Here,
1/1means that the one hash in our target file has been found. Once this happens, Hashcat will print the cracked password to the terminal.
- Recovered: This is the most critical field for results. It tells you how many hashes have been successfully cracked. Here,
Rejected.........: 0/4 (0.00%)- Rejected: This counter tracks how many password candidates from your wordlist or ruleset were skipped. A password might be rejected if it doesn't meet the length or character requirements for a specific hash type. For a simple MD5 and dictionary attack, this is usually zero.
Restore.Point....: 4/5 (80.00%)- Restore Point: This indicates the exact position in the wordlist (or keyspace) where Hashcat is currently working. If you stop and later resume the session, Hashcat uses this restore point to continue from where it left off, saving you from starting over.
By monitoring these fields, you can track successful cracks and diagnose potential issues with your wordlists.
Monitor Hardware Temperature and Utilization
In this final step, you will learn about the hardware monitoring section of the Hashcat status screen and how to properly quit the session.
Password cracking is a very intensive task that can push your hardware to its limits. Hashcat includes built-in monitoring to help you keep an eye on your system's health.
Look at the Hardware.Mon line in the status output:
Hardware.Mon.#1..: Temp: N/A Util: N/A Core: N/A Mem: N/A Bus: N/A- Temp: Shows the temperature of the device in Celsius.
- Util: Shows the utilization percentage of the device (how busy it is).
- Core/Mem: Show the clock speeds for the device's core and memory.
Note: In our virtualized lab environment, these values appear as N/A (Not Applicable) because Hashcat cannot directly access the host's hardware sensors. On a physical machine with a dedicated GPU, these fields would show real-time data, which is critical for preventing overheating and ensuring stable performance.
Now that our short session is complete and we've analyzed the status screen, it's time to exit Hashcat. To do this, press q and then Enter.
q
Hashcat will stop the session and return you to the command prompt.
Summary
Congratulations on completing this lab!
You have learned how to effectively monitor a running Hashcat session. You now know how to:
- Start a basic dictionary attack with Hashcat.
- Use the
scommand to view the real-time status screen. - Interpret key performance metrics like Speed, Progress, and ETA.
- Understand the meaning of Recovered, Rejected, and Restore Point counts.
- Recognize the hardware monitoring fields and their importance.
These skills are fundamental for managing any password cracking task, allowing you to track progress, diagnose issues, and ensure your hardware is performing safely and efficiently.
