[SmallPeePeeMan]

Realize that the attacker must first possess the user/password database for this to work. This is because the author takes the salt from that information. Without the salt, it will take much longer to brute force... even though it’s md5 hashed.

[weewee2018]

How is he getting the salt from the database?

[shoo]

this corresponds to sad scenario where the database itself is leaked and the attacker has access to it. the blog describes how the salt is stored as prefix to each hash.