Variable masks

[lava_planeet]

I have a question.
Minimum password length is 12 characters.
However I do know some constaints such as maximum 3 digits, maximum 3 special characters.
However, they can be in any place.

How can I create a mask to reduce crack times. Because When I add the specials and digits it increases exponentially but they cant have 4 digits for example so it doesnt make sense to expand the list this big.

Thanks in advance.

Kind regards

[Snoopy]

tl;dr
see last lines, this is not a real task for bruteforcing 

i wanna read all:
there is no such "built in logic" by hashcat

there are some older threads pointing this out, the problem would be, that the logic to refuse candidates would be slowing down the whole cracking process, also there is no way to achieve this with "one mask"

so in your case the only way to achieve this is to generate all possbile masks by hand (automated) and cleaning them afterwards to remove the not matching masks

as this sounds fun to think about "what would jesus do" this is what i (Snoopy) came up with ^^

first using princeprocessor from https://github.com/hashcat/princeprocessor/releases with file
1.txt

Code:

?u
?l
?d
?s

as princeprocessor is maxed at elem-cnt-max=8, i choose 4 because this way it is easy to combine the lists easy to 12 

Code:

pp64.exe --elem-cnt-min=4 --elem-cnt-max=4 < 1.txt -o 4.txt

resulting in 256 possible combinations where 2 are invalid, ?d?d?d?d and ?s?s?s?s, remove them by hand leaving 254

now we use combinator from https://hashcat.net/wiki/doku.php?id=hashcat_utils

Code:

combinator.exe 4.txt 4.txt > 8.txt

resulting in 254^2 = 64516, to clean this list i used an texteditor (sublime text) because of its capability to use regex for search, you said max 3 numbers and/or max 3 special chars so we can remove all masks where are 4 numbers or 4 special cahrs, the two search regex for digits or special would be these two 

Code:

(.*\?d.*){4,}
(.*\?s.*){4,}

to remove the blank lines use this regex 

Code:

^\n

we end up with 50688 lines now we combine this again (please be aware of the new inputs)

Code:

combinator.exe 8.txt 4.txt > 12.txt

jfyi the resulting unfiltered list is 12.874.752 lines just for fun i cleaned this list with the regexes from above (be patient, this will take quite some time, or my sublime has crashed while writing this lines) anyways even when cleaning up the list you will result in many many many many possible masks

i choose a random mask from the beginning, mostly uppercase, 1 special, 2 digits

Code:

?u?u?u?u?u?u?u?u?s?l?d?d

the keyspace would be 17.917.362.140.620.800 just for this one mask, now take into consideration, that you will have also millions of such masks

i hope you get the point, even when attacking a real fast hash with lets say 8 gpus this would be a "no good task"

i will leave my sublime running, if it will finish, i would edit the resulting numbers

[Snoopy]

Sublime to the rescue, after waiting some time i ended up with 6.209.024 masks