Need help working with masks

I want to crack a filevault2 hash from which I know that it starts with a word followed bye a 1-8 digit number.

So letz say the password starts with the word "test" followed bye a 4-digit number, then I use the following code:

hashcat64.exe -m 16700 hash.hash -a 3 test$d$d$d$d

But I think this is not working as I (for test purposes) used following code:

hashcat64.exe -m 16700 hash.hash -a 3 test$d$d$d$d$d$d$d$d$d$d$d$d$d$d$d$d

And Hashcat showed me "exhausted" after few seconds of work. I thought, that this command means, that all combinations of the word+16 digits after that will be tried, but I see that only 1 password is tried, so I think I have not understand how to work with masks.

Could anyone show me what I'm doing wrong?

Also can someone explain me how I start a combination-attack so that I create a small wordlist containing the possible words, followed bye the numbers? If there is a possiblity to tell hashcat, that the words in the list should also tried in uppercase letters, that would be helpful. Otherwise I will copy those in the .txt-file also.

Here are some stats of my system:

-Windows 10 (1803), 64-bit
-Hashcat 5.1.0
-NVIDIA RTX 2080, driver 417.35

Any help is highly appreciated

you are mixing up masks and rules in a really weird way. This is what masks look like:
(02-03-2019, 03:29 PM)undeath Wrote: you are mixing up masks and rules in a really weird way. This is what masks look like:

Can you please tell me whats the correct syntax for what Im trying to do? Im sry, but I read the manual and much other stuff, but still have problems Sad
Masks use ?, not $.
Big Grin 
(02-03-2019, 06:51 PM)royce Wrote: Masks use ?, not $.

OMG, what a noob-fail. I had it right in my notes, but made an error transferring. Letz never talk about that again XD

Ok, now it is working. Is there is a way to put all the different prefixes I assume in a .txt-file and use a mask after that?

I mean that it (for example) uses [NAME2]?d?d?d?d, [NAME2]?d?d?d?d, [NAME2]?d?d?d?d, ...

That would help me to crack it overnight, instead of manually writing each prefix. Also I heared about ways to test these prefixes with upper/lowercase.
We shall speak no more of it. Smile

Generally, that's a hybrid attack, word-on-the-left style - hashcat attack mode 6 (-a 6).

Shifting case would be trickier - you'd have to preprocess the wordlist to do that (because hashcat can't combine masks and rules simultaneously).