This type of attack makes no sense to me. You are basically just trying some combinations of the characters "0", "5", "7", "!" and "@" (together with --increment right?).
hashcat will generate password candidates without the constant string PASSWORD first (this depends on how large the --increment-min parameter is), after that it will include P, PA, PAS, PASS, PASSW, PASSWO, PASSWOR and finally PASSWORD *exactly* at position 11 and afterwards (if all those masks were already done, this could take very long), it will also append a varying couple of appended chars from the charset.
it basically does this:
1. test all combinations of the characters "0", "5", "7", "!" and "@" of length specified with --increment-min (PASSWORD is not yet involved, depending on the --increment-min value)
2. test all combinations of the characters "0", "5", "7", "!" and "@" of length specified with increment-min + 1 (again, PASSWORD might not be involved at all)
3. test all combinations of the characters "0", "5", "7", "!" and "@" of length specified with --increment-min + 2 (again, PASSWORD might not be involved at all)
...
x. test all combinations of the characters "0", "5", "7", "!" and "@" of length 10 and append the first character of "PASSWORD", i.e. append "P" (10 characters from charset + "P")
x+1. test all combinations of the characters "0", "5", "7", "!" and "@" of length 10 and append the first two character of "PASSWORD", i.e. append "PA" (10 characters from charset + "PA")
...
y. test all combinations of the characters "0", "5", "7", "!" and "@" of length 10, append "PASSWORD" and append 1 character from the charset (either "0", "5", "7", "!" or "@")
y+1. test all combinations of the characters "0", "5", "7", "!" and "@" of length 10, append "PASSWORD" and append 2 character from the charset (either "0", "5", "7", "!" or "@")
...
as you can see, this type of attack only would make sense if you know that:
1. "PASSWORD" might not be involved at all (depending on the --increment-min value)
2. the length of the prefix before "PASSWORD" is constant (always 10 characters before "PASSWORD"), only the length after "PASSWORD" varies
It's very unusual to generate password candidates like this. Normally you would want to always involve the fixed string (if there is any) and the expansion should normally be done (if you have a set of custom charset around - before and after - a constant string) on either site, i.e. normally you would do something like this with hashcat mask files:
with a strategy like this, we would always involve PASSWORD and expand the constant string on one or the other (or both) sides. In my opinion, this would make much more sense.
Of course, I'm not saying that mask attack should be used here... because it might be better to use a different attack types (dict + rules?).... but I'm just saying I'm still not convinced that your password generation looks correct (it seems weird to me that PASSWORD is not always involved and that the prefix is of fixed length... or you must be very sure about the length of the prefix if you run such an attack).
hashcat will generate password candidates without the constant string PASSWORD first (this depends on how large the --increment-min parameter is), after that it will include P, PA, PAS, PASS, PASSW, PASSWO, PASSWOR and finally PASSWORD *exactly* at position 11 and afterwards (if all those masks were already done, this could take very long), it will also append a varying couple of appended chars from the charset.
it basically does this:
1. test all combinations of the characters "0", "5", "7", "!" and "@" of length specified with --increment-min (PASSWORD is not yet involved, depending on the --increment-min value)
2. test all combinations of the characters "0", "5", "7", "!" and "@" of length specified with increment-min + 1 (again, PASSWORD might not be involved at all)
3. test all combinations of the characters "0", "5", "7", "!" and "@" of length specified with --increment-min + 2 (again, PASSWORD might not be involved at all)
...
x. test all combinations of the characters "0", "5", "7", "!" and "@" of length 10 and append the first character of "PASSWORD", i.e. append "P" (10 characters from charset + "P")
x+1. test all combinations of the characters "0", "5", "7", "!" and "@" of length 10 and append the first two character of "PASSWORD", i.e. append "PA" (10 characters from charset + "PA")
...
y. test all combinations of the characters "0", "5", "7", "!" and "@" of length 10, append "PASSWORD" and append 1 character from the charset (either "0", "5", "7", "!" or "@")
y+1. test all combinations of the characters "0", "5", "7", "!" and "@" of length 10, append "PASSWORD" and append 2 character from the charset (either "0", "5", "7", "!" or "@")
...
as you can see, this type of attack only would make sense if you know that:
1. "PASSWORD" might not be involved at all (depending on the --increment-min value)
2. the length of the prefix before "PASSWORD" is constant (always 10 characters before "PASSWORD"), only the length after "PASSWORD" varies
It's very unusual to generate password candidates like this. Normally you would want to always involve the fixed string (if there is any) and the expansion should normally be done (if you have a set of custom charset around - before and after - a constant string) on either site, i.e. normally you would do something like this with hashcat mask files:
Code:
PASSWORD?1
?1PASSWORD
?1PASSWORD?1
PASSWORD?1?1
?1?1PASSWORD
?1?1PASSWORD?1?1
?1PASSWORD?1?1
?1?1PASSWORD?1
...
with a strategy like this, we would always involve PASSWORD and expand the constant string on one or the other (or both) sides. In my opinion, this would make much more sense.
Of course, I'm not saying that mask attack should be used here... because it might be better to use a different attack types (dict + rules?).... but I'm just saying I'm still not convinced that your password generation looks correct (it seems weird to me that PASSWORD is not always involved and that the prefix is of fixed length... or you must be very sure about the length of the prefix if you run such an attack).