I´m trying to brute force attack a WPA2 Network with Hashcat and a wpa2.hccpax file, but when I do it says that it can take 45years to brute force it. So I had the idea that probably the network I´m trying to brute force has 2 probable words that the password may include, but I don't know where or the order of them. I´ve searched and I found a Hybrid attack mode for Hashcat, but it has a problem, I can only put on the final or on the beginning, and I don´t think this network would start with these words or ends with these words, it would be too obvious.
So, is there any way I can specify these words to hashcat so when is bruteforcing it will try to bruteforce with those words in any order and some alphanumeric characters (both uppercase and lowercase) to complete it? Also, can I add something that says the password lenght may range between 8 to 18 characters?
Note:These 2 words would also include variations like, first letter uppercase and the others lowercase, or all uppercase and so on.