An example of bruteforcing a password hash.

Create a file with the password hash with the following:
 $1$GTN.gpri$DlSyKvZKMR9A9Uj9e9wR3/

$ hashcat --force -a 3 -1 ?l -m 500 hash.txt ?1?1?1?1admin

I had to use --force to get it to work on my VM. 
Attack type, bruteforce=3 : -a 3 
Set the variable for the mask attack, we using just lower case letters: -1 ?l 
md5 crypt $1$ : -m 500 
hash file: hash.txt 
mask to use (know the password uses admin): ?1?1?1?1admin

$1$GTN.gpri$DlSyKvZKMR9A9Uj9e9wR3/:sohoadmin     
                                                 
Session..........: hashcat
Status...........: Cracked
Hash.Type........: md5crypt, MD5 (Unix), Cisco-IOS $1$ (MD5)
Hash.Target......: $1$GTN.gpri$DlSyKvZKMR9A9Uj9e9wR3/
Time.Started.....: Fri Mar 27 14:29:09 2020 (16 secs)
Time.Estimated...: Fri Mar 27 14:29:25 2020 (0 secs)
Guess.Mask.......: ?1?1?1?1admin [9]
Guess.Charset....: -1 ?l, -2 Undefined, -3 Undefined, -4 Undefined 
Guess.Queue......: 1/1 (100.00%)
Speed.Dev.#1.....:     3752 H/s (8.30ms) @ Accel:256 Loops:125 Thr:1 Vec:8
Recovered........: 1/1 (100.00%) Digests, 1/1 (100.00%) Salts
Progress.........: 60160/456976 (13.16%)
Rejected.........: 0/60160 (0.00%)
Restore.Point....: 2304/17576 (13.11%)
Candidates.#1....: sdseadmin -> syzmadmin
HWMon.Dev.#1.....: N/A

$ hashcat --show -m 500 hash.txt 

$1$GTN.gpri$DlSyKvZKMR9A9Uj9e9wR3/:sohoadmin