known mask structure

[philsmd]

Read here: http://hashcat.net/wiki/doku.php?id=mask_attack
You could easily do this w/ a combination of custom charsets ( http://hashcat.net/wiki/doku.php?id=mask...m_charsets ), some masks and the .hcmask file feature http://hashcat.net/wiki/doku.php?id=mask...mask_files

For instance your .hcmask file could look something like this (not tested but you may get the idea):

Code:

$ cat my.hcmask
?dABCDEF,?1?1?1?1?1?1?1?1?1?1?1?1|?d:?d:?d
?dABCDEF,12345,?1?1?1?1?1?1?1?1?1?1?1?1|?d:?d:?2?d
?dABCDEF,12345,?1?1?1?1?1?1?1?1?1?1?1?1|?d:?2?d:?d
?dABCDEF,12345,?1?1?1?1?1?1?1?1?1?1?1?1|?d:?2?d:?2?d
?dABCDEF,?1?1?1?1?1?1?1?1?1?1?1?1|1?d:?d:?d
?dABCDEF,12345,?1?1?1?1?1?1?1?1?1?1?1?1|1?d:?d:?2?d
?dABCDEF,12345,?1?1?1?1?1?1?1?1?1?1?1?1|1?d:?2?d:?d
?dABCDEF,12345,?1?1?1?1?1?1?1?1?1?1?1?1|1?d:?2?d:?2?d
?dABCDEF,0123,?1?1?1?1?1?1?1?1?1?1?1?1|2?2:?d:?d
?dABCDEF,0123,12345,?1?1?1?1?1?1?1?1?1?1?1?1|2?2:?d:?3?d
?dABCDEF,0123,12345,?1?1?1?1?1?1?1?1?1?1?1?1|2?2:?3?d:?d
?dABCDEF,0123,12345,?1?1?1?1?1?1?1?1?1?1?1?1|2?2:?3?d:?3?d

You need several lines because you have several limitations...=> several different masks

Everything "character" that should be literally in your mask you just include directly in the mask, as shown above.

Note: you said that the mask is upper-case hex 0-9A-F but than used ?dabcdef...
If it is lowercase hex then you need to change the first custom charset to ?dabcdef

You can use this mask file as you would use any other mask w/ -a 3 my.hcmask

Furthermore, note that the keyspace is quite huge, having 12 random hex chars isn't (depending on the hash algo) that easy/fast to bruteforce