Need help with a mask (Brute force, but, I know a lot about the hash)
Basically, I have 4 variables from a program dump, after googling I've seen some old workings of this hash and along with modifying the different variables and submitting to the server I notice that only these three variables matter, along with the hash variable.

Variable A is the hash, MD5, 32 characters. Not much more to say.
Variable B is one of the variables, it's "1290"
Variable C is another variable that the program hashs, it's "348"
And finally variable D, the last variable that if I change the hash refuses to match, it's "264"

Now, for the point of this I'm assuming that the variables aren't modified in anyway before hashing (Based on old versions of the program which people have broken, it's not), now, how would I brute force this hash? It MUST contain each of these variables in each of the bruteforce attempts, and, must only contain them once, along with upper (?u), lower (?l) and special (?s).

So, it'd start off with:-
1290348264 (A-B-C together with nothing else)
1920264348 (A-C-B together with nothing else)
Blah blah blah down to C-B-A together
1920348264a (A-B-C with a "a" after it)

Etc... how would I do that? I also want to brute force between and before the variables, so like:-

A1920-348=264C ("A"-Variable A-"-"-Variable B-"="-Variable C-"C")
This is not supported by default. Best what you can do is to write a program that permutates the variables and handle the seperation. If you want to use oclHashcat-plus as an accelertor, you can using its stdin interface but notice for fast hashes like MD5 you have to generate enough work for it to run efficiently. that could be, for example, brute force the C part using rules and insert it at an appropritate position. However, this is advanced stuff, it will not work without a bit of writing code by yourself.