Command error
#1
Hi Guys,

I'm new to the forum here and I'm trying to get the password for my itunes backup, I was able to extract the needed data from the manifest.plist file and tried the below command, but it gave me an error as follows:

D:\Hashcat>hashcat64.exe -m 14800 manifest.txt -a 3 -1 '?d!@$&' -2 ?u?1 ?2?1?1?1?1?1
If you specify a custom charset, you must also specify a mask.


can anybody please help to get the command that should work in my case, as I'm trying to use the Mask-Attack method using this mask (-1 '?d!@$&' -2 ?u?1 ?2?1?1?1?1?1) that was provided to me by the support team.

This mask should cover the below:
- The password length could be from 6-9 characters
- Only the 1st character could be an uppercase
- The password does contain numbers
- The password also contains symbols but limited to !@$&
Reply
#2
I think this is a problem of quotation marks "" vs ''

I think windows only accepts "" as quotation for parameters

The normal hashcat command is like this:

Code:
hashcat64.exe -m 14800 -a 3 -1 "?d!@$&" -2 ?u?1 manifest.txt ?2?1?1?1?1?1


i.e. the options before the hash file and the mask after the hash file (but that's NOT the main problem over here).

The problem is how linux and windows differ when it comes to escaping and quoting of parameters.

I would try with two " instead of two ' or even try (for testing purposes) with a smaller custom charset with e.g. just ?d

for testing:
Code:
hashcat64.exe -m 14800 -a 3 -1 ?d -2 ?u?1 manifest.txt ?2?1?1?1?1?1

if this works with just ?d as first custom charset, you will easily figure out how to add further character (or character sets) to -1, just by testing it.

That said, yeah the command looks quite good, but escaping/quoting rules are sometimes not the same across different operating systems.
Reply
#3
Thank you Phil I'll try that and let you know

(03-21-2019, 01:49 PM)philsmd Wrote: I think this is a problem of quotation marks "" vs ''

I think windows only accepts "" as quotation for parameters

The normal hashcat command is like this:

Code:
hashcat64.exe -m 14800 -a 3 -1 "?d!@$&" -2 ?u?1 manifest.txt ?2?1?1?1?1?1


i.e. the options before the hash file and the mask after the hash file (but that's NOT the main problem over here).

The problem is how linux and windows differ when it comes to escaping and quoting of parameters.

I would try with two " instead of two ' or even try (for testing purposes) with a smaller custom charset with e.g. just ?d

for testing:
Code:
hashcat64.exe -m 14800 -a 3 -1 ?d -2 ?u?1 manifest.txt ?2?1?1?1?1?1

if this works with just ?d as first custom charset, you will easily figure out how to add further character (or character sets) to -1, just by testing it.

That said, yeah the command looks quite good, but escaping/quoting rules are sometimes not the same across different operating systems.
Reply
#4
Thanks again Phil, your solution worked for me.
but I have another question about the speed if I can increase , as I'm using 2nd generation CPU (i7) with an express VGA card (Nvidia Gforce GTX 1050 Ti 4GB RAM) but the speed I'm getting is 32H/s
is that normal??

(03-21-2019, 01:49 PM)philsmd Wrote: I think this is a problem of quotation marks "" vs ''

I think windows only accepts "" as quotation for parameters

The normal hashcat command is like this:

Code:
hashcat64.exe -m 14800 -a 3 -1 "?d!@$&" -2 ?u?1 manifest.txt ?2?1?1?1?1?1


i.e. the options before the hash file and the mask after the hash file (but that's NOT the main problem over here).

The problem is how linux and windows differ when it comes to escaping and quoting of parameters.

I would try with two " instead of two ' or even try (for testing purposes) with a smaller custom charset with e.g. just ?d

for testing:
Code:
hashcat64.exe -m 14800 -a 3 -1 ?d -2 ?u?1 manifest.txt ?2?1?1?1?1?1

if this works with just ?d as first custom charset, you will easily figure out how to add further character (or character sets) to -1, just by testing it.

That said, yeah the command looks quite good, but escaping/quoting rules are sometimes not the same across different operating systems.
Reply
#5
yes, itunes backups use a very slow kdf.
Reply