06-24-2020, 08:36 AM
Code:
hashcat.exe -m 12500 -a 3 -w 3 -O --increment --increment-min 4 --increment-max 20 --custom-charset2 abcKLM13579,-: "InputHashHere" ?2?2?2?2?2?2?2?2?2?2?2?2?2?2?2?2?2?2?2?2for all the details about masks and custom charsets (like --custom-charset2), see https://hashcat.net/wiki/doku.php?id=mask_attack
you won't be mathematically/practical and theoretical be able to just "brute-force" a 20 character password with a lot of unknown characters. If you really think that the password is that long and you have no further information about a fixed substring or part of the password, I would recommend using rule based attacks instead:
https://hashcat.net/wiki/doku.php?id=rule_based_attack
i.e. create a dictionary file with a lot of possible/candidate password and mangle them (apply rules to the password and "hope" for a hit). Just brute-forcing a "random" 20 byte password won't be feasible