is a 'catchall' mask possible?

[crimso]

Thank-you kindly. That was easy enough since I had just changed my command to:

Code:

./hashcat -a 3 -m 14800 -w 3 -o cracked.txt --outfile-format=2 --increment hash.txt ?u?l?l?l?l?l?d?d?s?s ?u?l?l?l?l?l?l?d?d?s?s ?u?l?l?l?l?l?l?l?d?d?s?s ?u?l?l?l?l?l?l?l?l?d?d?s?s ?u?l?l?l?l?l?l?l?l?l?d?d?s?
s ?u?l?l?l?l?l?d?d?s ?u?l?l?l?l?l?l?d?d?s ?u?l?l?l?l?l?l?l?d?d?s ?u?l?l?l?l?l?l?l?l?d?d?s ?u?l?l?l?l?l?l?l?l?l?d?d?s ?u?l?l?l?l?l?d?d ?u?l?l?l?l?l?l?d?d ?u?l?l?l?l?l?l?l?d?d ?u?l?l?l?l?l?l?l?l?d?d ?u?l?l?l?l?
l?l?l?l?l?d?d

It suggests -w but I'm not sure at this point if it's necessary. Now it's as you suggested, including the -S.

Since there are a few other passwd combos she might have used i'll create another mask file and throw that one over on the other server. Thank-you again for the guidance.

i dont really believe that this command works like you think. the masks after the first one (?u?l?l?l?l?l?d?d?s?s) are definitly skipped and therefore not attacked, on commandline there ist only one mask allowed

second thing, --increment tells hashcat to do the following (first mask) test:
?u
?u?l
?u?l?l
...
till you reach
...
?u?l?l?l?l?l?d?d?s?s

given your infos and this slow itunes hash, i would not using bruteforce, instead try building up a dictionary with words your wife is/was using (or use a dictionary for your language) and use rules to upper the first char and append the numbers/special chars this would significantly reduce the keyspace as "dumb not really words" or passes like

Aaaaaaaaa19!"

are not tested, rules to apppend numbers and chars are easily generated with the help of hashcat --stdout or maskprocessor

Good morning,

Thanks for the update. I did ultimately kill the command and used the following:

Code:

./hashcat -m 14800 hash.txt --session checkpoint -a 3 -S -o cracked.txt masks.hcmask

The masks.hcmask file contains the following:

Code:

?u?l?l?l?l?l?d?d?s?s
?u?l?l?l?l?l?l?d?d?s?s
?u?l?l?l?l?l?l?l?d?d?s?s
?u?l?l?l?l?l?l?l?l?d?d?s?s
?u?l?l?l?l?l?l?l?l?l?d?d?s?s

?u?l?l?l?l?l?d?d?s
?u?l?l?l?l?l?l?d?d?s
?u?l?l?l?l?l?l?l?d?d?s
?u?l?l?l?l?l?l?l?l?d?d?s
?u?l?l?l?l?l?l?l?l?l?d?d?s

?u?l?l?l?l?l?d?d
?u?l?l?l?l?l?l?d?d
?u?l?l?l?l?l?l?l?d?d
?u?l?l?l?l?l?l?l?l?d?d
?u?l?l?l?l?l?l?l?l?l?d?d

Though I'm beginning to think that I should switch to a dictionary attack since she rarely uses random passwords. She's more inclined to use a phrase of varying length(6-10 chars) that begins with an upper case letter and end in two numbers and either one or two special characters. The special characters are typically $ ( or ! so I need to figure out how to build an attack environment around that.

So I stopped the above, downloaded the rockyou.txt wordlist and am now running:

Code:

./hashcat -m 14800 hash.txt --session checkpoint -a 0 -S -o cracked.txt rockyou.txt

Still looking into whether I can tell hashcat that the passwd starts with an upper case letter followed by a couple numbers and special characters as a condition or if it's even necessary.

Kind regards.