Originally Posted by lezinterracial

Correct me if I am wrong on any of the below.

I don't know much about this stuff. But I think instead of brute force, most probably use a dictionary attack (maybe that is a type of brute force, i don't know). Where the program uses a list of common passwords, usually a file of cracked passwords from something like rockyou. RockYou had a huge list of 32 million passwords that is now used to crack other sites.

I have played with OclHashcat plus. But you would need to have gotten the password hash offline somehow. Something like "x6NgPtRW4ua2" would take a long time. Depend on how many graphics cards you got running.

Many people try to use masks in OclHashCat Plus. Like before trying to brute force all possible passwords. They try all lower case five place ?l?l?l?l?l. Then all lower case 6 places. Then maybe an Upper Case followed by 4 lower case. And so on.