LabEx
Log InJoin Free

Manage Cracking Sessions in Hashcat

Kali LinuxBeginner
Practice Now

Introduction

Hashcat is a powerful and popular password recovery tool. Cracking passwords can be a very time-consuming process, sometimes taking hours, days, or even weeks. Because of this, it's crucial to know how to manage these long-running tasks. You might need to pause a task to free up system resources, or you might face an unexpected system shutdown. Without proper session management, you would have to start the entire process from the beginning, wasting valuable time.

In this lab, you will learn the fundamentals of session management in Hashcat. You will practice starting a named session, pausing and resuming it interactively, and stopping and restoring it using Hashcat's built-in session management features. These skills are essential for any practical use of Hashcat.

Start a Long-Running Cracking Session

In this step, you will start a password cracking task and give it a specific session name. Naming a session is the first and most important step for management, as it tells Hashcat to track and save the progress of this specific task.

We will use a basic dictionary attack. The command structure uses several flags:

  • -m 0: Specifies the hash type. 0 corresponds to MD5.
  • -a 0: Specifies the attack mode. 0 corresponds to a Straight (dictionary) attack.
  • --session <name>: Assigns a name to the current session. This is crucial for pausing and restoring.

First, ensure you are in the ~/project directory, where the setup script has created the necessary files (hashes.txt and wordlist.txt).

Now, run the following command to start a cracking session named my_session:

hashcat -m 0 -a 0 hashes.txt wordlist.txt --session my_session

After you run the command, Hashcat will initialize and display a status screen in your terminal. This screen provides real-time information about the cracking progress.

hashcat (v6.2.x) starting...

...

Session..........: my_session
Status...........: Running
Hash.Name........: MD5
Hash.Target......: 5f4dcc3b5aa765d61d8327deb882cf99
Time.Started.....: ...
Time.Estimated...: ...
Guess.Base.......: File (wordlist.txt)
Guess.Queue......: 1/1 (100.00%)
Speed.#*.........: ...
...
Progress.........: 123456/1000001 (12.34%)
...

[s]tatus [p]ause [r]esume [b]ypass [q]uit =>

Notice the Session..........: my_session line, which confirms our session name. The Status is Running, and the Progress bar is advancing. Let the process run for a few moments before proceeding to the next step.

Pause the Session by Pressing 'p'

In this step, you will learn how to pause an active Hashcat session. This is useful if you need to temporarily allocate your computer's resources to another task without losing your cracking progress.

Hashcat provides an interactive menu at the bottom of its status screen. You can see the available options: [s]tatus [p]ause [r]esume [b]ypass [q]uit.

To pause the session, simply press the p key on your keyboard while the Hashcat terminal window is active. You do not need to press Enter.

Press p now.

You will see the Status field on the screen immediately change from Running to Paused.

...
Session..........: my_session
Status...........: Paused
...

[s]tatus [p]ause [r]esume [b]ypass [q]uit =>

While the session is paused, Hashcat stops all processing and GPU/CPU usage for the task drops to zero. However, the application remains active in your terminal, waiting for further instructions.

Resume the Session by Pressing 'r'

In this step, you will resume the session that you just paused.

Just as you used the p key to pause, you can use the r key to resume. This will tell Hashcat to continue the cracking process from the exact point where it was paused.

With the Hashcat terminal still active, press the r key.

The Status field will change back from Paused to Running, and you will see the Progress and Speed indicators become active again.

...
Session..........: my_session
Status...........: Running
...

[s]tatus [p]ause [r]esume [b]ypass [q]uit =>

The session is now running again, and no progress has been lost. This pause/resume cycle can be repeated as many times as needed.

Stop the Session and Understand the .restore File

In this step, you will learn how to stop a session completely and inspect the file that Hashcat uses to save its state. This is different from pausing; stopping quits the application entirely. This is what you would do if you need to shut down your computer.

To stop the session gracefully, press the q key (for quit).

Press q now.

Hashcat will stop the cracking process and exit, returning you to the command prompt.

When you use a named session, Hashcat automatically saves its progress to a restore file. This file has the same name as your session with a .restore extension.

Let's verify that this file was created. List the files in your current directory:

ls -l

You should see my_session.restore in the file list.

-rw-r--r-- 1 labex labex    28 Jul 10 10:30 hashes.txt
-rw-r--r-- 1 labex labex    48 Jul 10 10:32 my_session.restore
-rw-r--r-- 1 labex labex 8888898 Jul 10 10:30 wordlist.txt

This file contains all the information Hashcat needs to resume the session later, including the original command-line arguments and the last password candidate that was tested. You can view its contents with the cat command:

cat my_session.restore

The output will be a series of lines containing the session's configuration and progress. This file is the key to Hashcat's powerful session management capabilities.

Restore a Previous Session with the --session and --restore Flags

In this final step, you will learn how to restore a session that has been completely stopped. This is extremely useful for continuing work after a reboot or after intentionally stopping a long-running task.

To restore a session, you use the --restore flag along with the --session flag to specify which session to resume. A major convenience of this method is that you don't need to provide the original hash type, attack mode, or file paths again. Hashcat reads all of that information from the .restore file.

Run the following command to restore my_session:

hashcat --session my_session --restore

Hashcat will start up again and automatically load the state from the my_session.restore file. You will see the status screen appear, and importantly, the Progress will start from where it left off, not from the beginning.

...
Session..........: my_session
Status...........: Running
...
Progress.........: 123456/1000001 (12.34%) -> (Resuming from where it was stopped)
...

[s]tatus [p]ause [r]esume [b]ypass [q]uit =>

You have successfully restored a stopped session. You can now let it run to completion or press q to quit again.

Summary

In this lab, you have learned the essential skills for managing cracking sessions in Hashcat. You now know how to handle long-running tasks without fear of losing progress due to interruptions.

You have learned to:

  • Start a named session using the --session flag, which is the foundation of session management.
  • Interactively control a running session by pressing p to pause and r to resume.
  • Gracefully stop a session with q and understand that Hashcat automatically creates a .restore file to save the state.
  • Restore a completely stopped session using the --session and --restore flags, allowing you to continue work efficiently.

Mastering these features is critical for using Hashcat effectively on any non-trivial password cracking task.

Related Kali Linux Courses
Kali Linux for Beginners

Kali Linux for Beginners

cybersecuritykalilinux
Kali Server Exploitation in Action

Kali Server Exploitation in Action

cybersecuritykalilinux