As far as I've understood your hash type is
md5 ($salt1 . $pass . $salt2)
I also assume here that you are attacking a single hash only.
There are many other attacks that may or may not work faster.
For instance you could use:
-a 6
-a 7
or even
Please try yourself which one is the fastest, I have a favorite... but I wanted to only show here that there are many options that an (advanced) *hashcat user should come up with.
Also, mask attacks of length 9 should not be the cleverest way to attack those hashes. It should be really the last thing you should try (in your list of attacks against this hash). Mask attack may only be an option (especially with that 9 random characters) if also the password is really random (the user didn't input the $pass)... or if (as already said) you really did already exhaust every other attack (wordlists, wordlists with rules etc).
Said that, there are many ways you can use to attack this hash without masks. For instance use multiple rules -r general.rules -r append_salt2.rule etc...
This and other possibilities were also mentioned a lot of times in the forum, so please use the forum search and wiki to find answers for wordlist-based attacks with rules that work with md5 ($salt1 . $pass . $salt2) etc
md5 ($salt1 . $pass . $salt2)
I also assume here that you are attacking a single hash only.
There are many other attacks that may or may not work faster.
For instance you could use:
-a 6
Code:
-a 6 -m 10 hash_with_salt2.txt file_containing_salt1.txt '?a?a?a?a?a?a?a?a?a'
-a 7
Code:
-a 7 -m 20 hash_with_salt1.txt '?a?a?a?a?a?a?a?a?a' file_containing_salt2.txt
or even
Code:
-a 3 -m 20 hash_with_salt1.txt '?a?a?a?a?a?a?a?a?asalt2'
Please try yourself which one is the fastest, I have a favorite... but I wanted to only show here that there are many options that an (advanced) *hashcat user should come up with.
Also, mask attacks of length 9 should not be the cleverest way to attack those hashes. It should be really the last thing you should try (in your list of attacks against this hash). Mask attack may only be an option (especially with that 9 random characters) if also the password is really random (the user didn't input the $pass)... or if (as already said) you really did already exhaust every other attack (wordlists, wordlists with rules etc).
Said that, there are many ways you can use to attack this hash without masks. For instance use multiple rules -r general.rules -r append_salt2.rule etc...
This and other possibilities were also mentioned a lot of times in the forum, so please use the forum search and wiki to find answers for wordlist-based attacks with rules that work with md5 ($salt1 . $pass . $salt2) etc