10-08-2013, 09:39 AM
(10-08-2013, 09:22 AM)JayPee Wrote: Based on this, how would I possibly know or guess intelligently whether to use 110, 120, etc.?
there is no way to know that based on the information you provided. so you either need to examine the source code, or just guess. it won't take long to try each algorithm if the password contains only digits.
(10-08-2013, 09:22 AM)JayPee Wrote: it somehow does not take -1=?d into account and still attempts to brute force using upper, lower, digits, and special chars.
that's because all you've done is define a custom charset... you haven't actually told hashcat how to use that charset. also, you don't need to define a custom charset that points to a built-in charset, that doesn't make any sense.
have a look at http://hashcat.net/wiki/doku.php?id=mask_attack