Complete Noob
In general you should prefer masks/hcmask files over *generating* wordlist (that fit those requirements)... but it really depends on what the requirements exactly are... Do you know the positions of the 2 digits and the 2 uppercase letters or can they be anywhere in the 10 alphanumeric string? Are there *exactly* 2 uppercase letters or at most 2 uppercase letters? What about digits (exactly or max)?
For instance if you know that the passwords starts w/ uppercase you already reduce the keyspace (and the possible masks that you need to try) a lot. The same holds if you for instance know that the passwords ends w/ 1 or 2 digits.

Your main problem is indeed that 10 character long mask together w/ sha512 (which ofc is much slower than e.g. MD5 or others) takes some time to bruteforce (if you really want to use this attack mode - maybe a filtered dictionary that fits the requirements may be a better approach? For instance if you *know* some more details about the possible password etc).

Anyway, you could use e.g. a mask file ( , .hcmask) in which you put all possible masks (starting for instance w/ the most likely one) and let oclHashcat run.
$ oclHashcat64 -m 1700 m1700_hash.txt -a 3 maskfile.hcmask

where the file maskfile.hcmask could contain lines like:

For details of mask based attack see:

As said, the main problem is that the length is considerable (maybe too) long for a bruteforce... if instead the password would be only of e.g. length 8 this would not be much of a problem.
So also spent some time in looking on other attack modes (filtered wordlist, rules based attack etc) ...

Messages In This Thread
Complete Noob - by sweetname - 10-27-2013, 11:16 PM
RE: Complete Noob - by philsmd - 10-28-2013, 12:02 AM