Hashcat mask help with hybrid mode

Hashcat mask help with hybrid mode - Printable Version

+- hashcat Forum (https://hashcat.net/forum)
+-- Forum: Support (https://hashcat.net/forum/forum-3.html)
+--- Forum: hashcat (https://hashcat.net/forum/forum-45.html)
+--- Thread: Hashcat mask help with hybrid mode (/thread-13320.html)

Hashcat mask help with hybrid mode - odinnwisdom - 07-21-2025

Hi everyone, I'm trying to crack multiple PMKID hashes using hashcat. All passwords are 10-digit mobile numbers that start with specific 3-digit prefixes, and follow a consistent pattern:

The first 3 digits are one of: 050, 051, 055, 070, 077, 010, 099
The fourth digit is between 2 and 9 (never 0 or 1)
The remaining digits are between 0–9

I created a prefixes.txt file with the following content:
050
051
055
070
077
010
099
Then I used this command:

Code:
hashcat -a 6 -m 22000 pmkid_hash.22000 prefixes.txt --custom-charset1=23456789 ?1?d?d?d?d?d?d

This works, but it's extremely slow — only around 1,000 H/s, while I usually get ~85–95K H/s with my older GPU.
After digging the forum, I found out I should use it like this:

Code:
hashcat -a 6 prefixes.txt --custom-charset1=23456789 ?1?d?d?d?d?d?d --stdout | hashcat -m 22000 pmkid_hash.22000

This method is much faster, but:

I can't see the status menu (pause, resume, checkpoint, etc.)
No ETA or total hashes are shown — only how many have hashes been tried is shown
I know I can calculate ETA manually (56 million per hash), but having checkpoint support is important

Thanks!

RE: Hashcat mask help with hybrid mode - DanielG - 07-21-2025

creating a file with all the passwords would only be around 616 megabytes large. Something easily handled by hashcat in normal '-a 0' mode. This is also I think the fastest way performance wise. Perfaps first create that file and try it then?

RE: Hashcat mask help with hybrid mode - odinnwisdom - 07-22-2025

(07-21-2025, 03:13 PM)DanielG Wrote: creating a file with all the passwords would only be around 616 megabytes large. Something easily handled by hashcat in normal '-a 0' mode. This is also I think the fastest way performance wise. Perfaps first create that file and try it then?

Oh, that's actually making sense, thanks! I don't know why I didn't think about it, maybe because I was asleep Smile

RE: Hashcat mask help with hybrid mode - ahmadleo - 07-24-2025

To crack PMKID hashes using Hashcat with your custom mobile number pattern, you're on the right track by identifying valid prefixes and structuring your logic. Since your passwords are 10-digit numbers starting with a known 3-digit prefix and a specific range for the 4th digit, brute-forcing with masks is the most efficient way.