This is a public service announcement. It's 2017 and people are still referencing to rainbow tables, usually when talking about password salts.
That's not the real reason of salt usage; rainbow tables are long dead, let's find out why.
Cracking 50% of a password list is easy.
Reaching the 60% is nice.
Achieving the 70% requires some work (or patience).
Getting beyond that needs some creative thinking.
MongoDB is a NoSQL database and it's very handful when you don't want the constrains of a fixed schema.
Sadly it comes with very unsecure default settings: if left untouched, MongoDB will allow connections without any username and password.
Accordingly to Shodan, there are more than 60k MongoDB instances freely accessible over the Internet. What if we start to crawl them all?