Knowing nothing about the password will render your bruteforce a waste of time and resources.
At least for now, try %1,8in, or a reasonable range of characters.
Then if there's no result, you can be certain that it's not a 1~8 alpha numeric characters.

But for it to be feasible, you should at least provide any possible characters/words to minimize the search for random alpha-numeric characters.