I'm trying to retrieve my password which is in the form: pass?d?d?d
I.e. a literal word follwed by digits.
However the characters in the literal word can be of any case.
E.g. pass, PASS, PAss, etc
I've looked at mask attach and dictionary + rule attack, but cant figure it out.
Can someone please let me know the contents of the rule file or the mask file
Actually there are different ways to accomplish this and the strategy you choose depends heavily on how many hashes/salts you have and on the type of hashes (the examples are for -m 0 = MD5 below):
1. hashcat -m 0 -a 3 -1 pP -2 aA -3 sS hash_file.txt ?1?2?3?3?d?d?d
(this might be the slowest, but it depends on the # of hashes/salts)
2. the same with a .hcmask file would look like this: hashcat -m 0 -a 3 hash_file.txt mask_file.hcmask
where mask file contains "pP,aA,sS,?1?2?3?3?d?d?d" (without quotes) in the first line of the mask_file.hcmask
(equally "slow" like #1)
3. use a salted hash algorithm instead (e.g. instead of -m 0 = MD5 (raw), you could use -m 20 = md5 ($salt. $pass)
hashcat -m 0 -a 3 --stdout -1 pP -2 aA -3 sS :?1?2?3?3 -o colon_salts.txt
combinator hash_file.txt colon_salts.txt > salted_hashes.txt
hashcat -m 20 -a 3 salted_hashes.txt ?d?d?d
4. use a different attack mode: -a 6 = hybrid dict + mask:
hashcat -m 0 -a 3 --stdout -1 pP -2 aA -3 sS ?1?2?3?3 -o prefix.txt
hashcat -m 0 -a 6 hash_file.txt prefix.txt ?d?d?d
btw: combinator is a tool from hashcat-utils, you might also be able to use something like "hashcat --stdout -a 1 -o salted_hashes.txt hash_file.txt colon_salts.txt" instead, but it depends on the hash lengths etc...
There might be even more alternatives, but I think at least one of the ones mentioned above should do the job both correctly and the fastest. Choose 1 and you should be fine.