Yeah, but they are still hashed, right? So I assume admins will use sanity-checked passwords not ones that can not be found in brute-force dictionaries.
Yeah, no. 99% of admins do not use strong passwords. That's the reason we have brute-force dictionaries: they usually work. Besides, almost all systems still use the weak old encryption routines that can be brute-forced in a trivial amount of time with modern hardware. There's a small handful of systems which use a modern password hashing method for their secret files.