09-16-2019, 07:50 PM
the main problem with your command:
is that you didn't specify a mask at all. mask attacks are really most useful if you have some clue about the pattern/length/charset etc... if you do not specify any mask the default one is used (see https://hashcat.net/wiki/doku.php?id=mask_attack and https://hashcat.net/wiki/doku.php?id=has...ult_values)
in your case it was already at length 5 of the default mask ?1?2?2?2?2?2?2?3?3?3?3?d?d?d?d with --custom-charset1 ?l?d?u --custom-charset2 ?l?d --custom-charset3 ?l?d*!$@_ (look the values up yourself, they might have changed depending on when you are reading this. it's mentioned here: https://hashcat.net/wiki/doku.php?id=has...ult_values)
so in your case the mask was
--custom-charset1 ?l?d?u --custom-charset2 ?l?d ?1?2?2?2?2
(-3 and ?3 do not matter because the mask didn't increment yet to that length).
so in theory you could just use
the -s (or long --skip) value is the most important one here, it will tell hashcat to start from that specific restore point
after length 5 is done, you would actually need to continue with 6,7,8
but honestly, it's very very bad to use hashcat like this... just think and use about the information you have about the password length, pattern, characters used etc.
Furthermore, it's very bad to start with mask attack for very slow hashing algorithms like itunes. Why don't you use a wordlist attack with rules etc ?
Code:
hashcat64 -d 1 -m 14800 -a 3 -w 3 --session itunes backuphash.txtis that you didn't specify a mask at all. mask attacks are really most useful if you have some clue about the pattern/length/charset etc... if you do not specify any mask the default one is used (see https://hashcat.net/wiki/doku.php?id=mask_attack and https://hashcat.net/wiki/doku.php?id=has...ult_values)
in your case it was already at length 5 of the default mask ?1?2?2?2?2?2?2?3?3?3?3?d?d?d?d with --custom-charset1 ?l?d?u --custom-charset2 ?l?d --custom-charset3 ?l?d*!$@_ (look the values up yourself, they might have changed depending on when you are reading this. it's mentioned here: https://hashcat.net/wiki/doku.php?id=has...ult_values)
so in your case the mask was
--custom-charset1 ?l?d?u --custom-charset2 ?l?d ?1?2?2?2?2
(-3 and ?3 do not matter because the mask didn't increment yet to that length).
so in theory you could just use
Code:
hashcat64 -d 1 -m 14800 -a 3 -w 3 -s 55296 --session itunes --custom-charset1 ?l?d?u --custom-charset2 ?l?d backuphash.txt ?1?2?2?2?2the -s (or long --skip) value is the most important one here, it will tell hashcat to start from that specific restore point
after length 5 is done, you would actually need to continue with 6,7,8
but honestly, it's very very bad to use hashcat like this... just think and use about the information you have about the password length, pattern, characters used etc.
Furthermore, it's very bad to start with mask attack for very slow hashing algorithms like itunes. Why don't you use a wordlist attack with rules etc ?