Since you used the offset 31744 from the start, I assume that you are trying to crack a TrueCrypt boot volume (see https://hashcat.net/wiki/doku.php?id=fre...pt_volumes )
This means that you need to run something like this:
The hash mode (e.g. -m 6243) must be choosen depending on the encryption + hashing combination that you selected while creating the volume (see the output of --help to find the correct combination of 62XY hash modes, just run hashcat --help)
The file dict.txt should contain the password candidates that you want to try.
I always recommend to create a new test volume (on a disk/partition that is new or at least does not contain any important data etc) with similar/identical settings, same type of volume (boot volume), same hashing and encryption algorithm combination, a known password that is similar to the one that was actually used etc.
Then you try to extract the "hash" from this test volume and try to crack it... if everything is working correctly, it should also work with your original "hash".
This means that you need to run something like this:
Code:
hashcat -a 0 -m 6243 -w 3 output.binary dict.txtThe hash mode (e.g. -m 6243) must be choosen depending on the encryption + hashing combination that you selected while creating the volume (see the output of --help to find the correct combination of 62XY hash modes, just run hashcat --help)
The file dict.txt should contain the password candidates that you want to try.
I always recommend to create a new test volume (on a disk/partition that is new or at least does not contain any important data etc) with similar/identical settings, same type of volume (boot volume), same hashing and encryption algorithm combination, a known password that is similar to the one that was actually used etc.
Then you try to extract the "hash" from this test volume and try to crack it... if everything is working correctly, it should also work with your original "hash".