EDIT:
while testing this, this mask is to long, hashcat runs into a bufferoverflow so you will need another apraoch to run this attack gimme some time
EDIT2:
the only thing i came up with (without generating a first part dictionary of more then 40 TB) is using maskprocessor to feed hashcat
maskprocessor can be found here https://hashcat.net/wiki/doku.php?id=maskprocessor
be aware, that this attack will be slow and you will not profit from any inbuilt things like shuffling the candidates, it will straight test the AAAA to 9999 beginning at the end (just see the output of hashcat testet candidates
for simplicity
generate a file mask.txt with content
the rest is simple
add other options like outputfile when needed
be aware that this mask will generate 16.293.529.225.644.736.512 possible passwords so you will still need some time
while testing this, this mask is to long, hashcat runs into a bufferoverflow so you will need another apraoch to run this attack gimme some time
EDIT2:
the only thing i came up with (without generating a first part dictionary of more then 40 TB) is using maskprocessor to feed hashcat
Code:
mp64 -1 ?u?d COMMDEPT#?1?1?1?1#?1?1?1?1#?1?1?1?1#?1?1?1?1 | hashcat -O -m0 --status hashbe aware, that this attack will be slow and you will not profit from any inbuilt things like shuffling the candidates, it will straight test the AAAA to 9999 beginning at the end (just see the output of hashcat testet candidates
for simplicity
generate a file mask.txt with content
Code:
?u?d,COMMDEPT#?1?1?1?1#?1?1?1?1#?1?1?1?#?1?1?1?1the rest is simple
Code:
hashcat -a3 -m0 -O -w3 --status hashfile mask.txtadd other options like outputfile when needed
be aware that this mask will generate 16.293.529.225.644.736.512 possible passwords so you will still need some time