Is it possible to have and use a dynamic dictionary for brute-forcing?

For some reason – totally useless for the question – I have this PDF file with a password I forgot and I have no way to remember. I know for a fact (the person who created and gave me this PDF told me so) that the password starts with "AAbcDef", has some other characters but I don’t know how many. It also has a ‘2’ after AAbcDef, don’t know where precisely, AND also has a special character. In short: it’s a 9+ character password that may contain all the possible ASCII characters.

To crack this password I’m using John the Ripper, to create the dictionaries I’m using Crunch, so I can easily create all the dictionaries I need and then mix them in a single file. The problem is that I had to give up after testing all the possible 12-characters-long passwords, because the size of the file was HUGE. It weighted 100 GBs, which meant I couldn’t go any further because I don’t have enough memory on my SSDs or HDDs.

But even having enough memory, it simply wouldn’t be suitable. What if I had to search for all the characters? What if this password were just a 12 long character password, but I had to build the dictionaries with all the permutations and dispositions for all the ASCII characters?

So, how do hackers hack those kind of passwords? I’m certainly missing something, but I lack further knowledge and Google only tells me stuff I already know. Do they use some sort of dynamic dictionary where the program creates a new password by itself and then tests it, until it find the right one?